Hartmut
0e119cfe73
#19 MFA QR code: render locally via qrcode package, remove external qrserver.com request #20 Webhook SSRF: add ssrf-guard.ts with DNS-verified IP blocklist; enforce on create/update/test/dispatch #21 /api/perf: fail-closed when CRON_SECRET missing; remove query-string token auth #22 CSP: remove unsafe-eval and unsafe-inline from script-src in production builds #23 Active session registry: forward jti into session object; validate against ActiveSession on every tRPC request #24 Docker: add missing packages/application to Dockerfile.dev; fix pnpm-lock.yaml glob; run db:migrate:deploy on container start so a fresh checkout boots without manual steps Also: fix pre-existing TS error in e2e/allocations.spec.ts (args.length literal type overlap) Co-Authored-By: claude-flow <ruv@ruv.net>
25 lines
762 B
Bash
25 lines
762 B
Bash
#!/bin/sh
|
|
set -eu
|
|
|
|
# Regenerate Prisma client (needed after bind-mount overlays the image layer)
|
|
pnpm --filter @capakraken/db db:generate
|
|
|
|
# Run pending migrations so a fresh checkout boots against a current schema
|
|
pnpm --filter @capakraken/db db:migrate:deploy
|
|
|
|
pnpm check:exports
|
|
pnpm check:imports
|
|
|
|
repo_uid="$(stat -c '%u' /app)"
|
|
repo_gid="$(stat -c '%g' /app)"
|
|
repo_home="/tmp/capakraken-dev-home"
|
|
|
|
mkdir -p /app/apps/web/.next
|
|
mkdir -p "$repo_home/.config/pnpm"
|
|
chown -R "$repo_uid:$repo_gid" /app/apps/web/.next
|
|
chown -R "$repo_uid:$repo_gid" "$repo_home"
|
|
|
|
exec setpriv --reuid="$repo_uid" --regid="$repo_gid" --clear-groups \
|
|
env HOME="$repo_home" XDG_CONFIG_HOME="$repo_home/.config" \
|
|
pnpm --filter @capakraken/web exec next dev -H 0.0.0.0 -p 3100
|