This website requires JavaScript.
55b861cb43
ci: retrigger — verify actions clone from internal Gitea mirror
Hartmut
2026-05-22 17:07:29 +02:00
184efee0e1
Merge pull request 'ci: increase timeouts + pnpm store cache to reduce QNAP runner flakes' (#66 ) from ci/reduce-qnap-flakes into main
Hartmut
2026-05-22 15:13:30 +02:00
5db6e24ee0
ci: increase timeouts + pnpm store cache to reduce QNAP runner flakes
Hartmut
2026-05-22 11:50:52 +02:00
eb1875e524
Merge pull request 'feat(timeline): start at today + infinite scroll into the past' (#65 ) from feature/timeline-past-scroll into main
Hartmut
2026-05-22 11:43:07 +02:00
12044f638e
ci: retrigger — E2E webServer timeout on run #172 (QNAP runner flake)
Hartmut
2026-05-22 09:34:10 +02:00
6bc23b3407
Merge pull request 'rename(cleanup): drop last capakraken strings from UI, scripts, schema, tests' (#64 ) from rename/nexus-final-cleanup into main
Hartmut
2026-05-22 09:13:05 +02:00
2383bcbdc0
fix(timeline): trigger scroll-to-today on isInitialLoading→false not totalCanvasWidth
Hartmut
2026-05-22 08:48:23 +02:00
0e9d6ec388
fix(timeline): wait for canvas width before scrolling to today
Hartmut
2026-05-22 08:45:09 +02:00
7285668c52
fix(timeline): use empty-deps useLayoutEffect for mount scroll to today
Hartmut
2026-05-22 08:38:08 +02:00
944d36bdb2
fix(timeline): pre-load 90-day past buffer + scroll to today on mount
Hartmut
2026-05-22 08:15:37 +02:00
ad8843d956
ci: retrigger — QNAP network flake cloning actions/checkout (run #165 )
Hartmut
2026-05-22 08:07:11 +02:00
6ec512e302
test(cron): raise timeout for next/server cold-import on act runner
Hartmut
2026-05-22 08:06:56 +02:00
4a841d5acb
feat(timeline): start at today and allow infinite scroll into the past
Hartmut
2026-05-22 07:16:34 +02:00
749a39097c
ci: retrigger — runner flake on unit-tests step (run #163 )
Hartmut
2026-05-22 07:05:16 +02:00
a58b99a33a
rename(cleanup): drop last capakraken strings from UI, scripts, schema, tests
Hartmut
2026-05-21 20:57:43 +02:00
c5b58a5bdc
fix(docs): update nginx-hardening.conf to nexus domain and log paths
Hartmut
2026-05-21 20:41:58 +02:00
52ddbe7377
fix(migrate): use relname not table_name in pg_stat_user_tables query
Hartmut
2026-05-21 20:11:57 +02:00
19aeb2ba04
rename(phase 3): compose/DB/infra + stray code refs capakraken → nexus (#62 )
Hartmut
2026-05-21 20:07:18 +02:00
5d6ca3d8cc
ci: retrigger — unit-tests flake on run 159 (setup-node .gitignore issue)
Hartmut
2026-05-21 19:51:47 +02:00
db7948d279
fix(ci): add --profile full to teardown so app container on port 3100 is stopped
Hartmut
2026-05-21 19:38:03 +02:00
7cee3b3a97
fix(ci): tear down legacy capakraken compose project before Docker Deploy
Hartmut
2026-05-21 17:23:34 +02:00
01f8974314
rename(phase 3): compose/DB/infra names + stray code refs capakraken → nexus
Hartmut
2026-05-21 16:35:39 +02:00
b41c1d2501
rename(phase 1): CapaKraken → Nexus across code, UI, docs, CI (#61 )
Hartmut
2026-05-21 16:28:40 +02:00
29235e3208
rename(phase 1): cover .sh files missed by initial codemod
Hartmut
2026-05-21 16:11:16 +02:00
2c2f4417c6
fix(ci): clear PR #61 lint error + bump fast-uri/next over high-sev advisories
Hartmut
2026-05-21 15:28:52 +02:00
4a5edeef3e
rename(phase 1): CapaKraken → Nexus across code, UI, docs, CI
Hartmut
2026-05-21 15:10:44 +02:00
cfce1f2a15
test(shared): narrow PasswordCheckResult before reading reason
Hartmut
2026-04-18 14:53:30 +02:00
e01074926e
security: reject common/weak passwords on every set-password path (#31 )
Hartmut
2026-04-18 14:02:43 +02:00
d9a7ec0338
test(application): bump exceljs row/column-limit test timeouts to 60s
Hartmut
2026-04-18 14:09:10 +02:00
17471af7f8
security: bound Zod inputs, add SSE per-user cap and tRPC body limit (#51 , PR #59 )
Hartmut
2026-04-18 13:53:28 +02:00
f0251a654a
ci: retrigger marker — rerun ci.yml for fe79810
Hartmut
2026-04-17 19:15:00 +02:00
fe79810a85
security: MFA backup codes — issue on enable, redeem at login, regenerate on demand (#43 )
Hartmut
2026-04-17 18:47:18 +02:00
9dc1ffd3ad
fix(ci): unblock build + unit-tests on main (#109 )
Hartmut
2026-04-17 16:30:05 +02:00
656c9329f7
Merge branch 'security/audit-2026-04-17'
Hartmut
2026-04-17 16:11:57 +02:00
c4b01c1bfc
security: workbook path allowlist + stronger image polyglot validation (#54 )
Hartmut
2026-04-17 15:26:29 +02:00
3392297791
security: await audit writes, add per-turn AssistantPrompt audit (#55 )
Hartmut
2026-04-17 15:06:17 +02:00
01c45d0344
security: align client password policy with server, enforce AUTH_SECRET length + entropy (#56 )
Hartmut
2026-04-17 14:56:43 +02:00
805bb0464f
security(docker): remove hardcoded dev password, stop placeholder secrets leaking into migrator image (#50 )
Hartmut
2026-04-17 14:50:05 +02:00
e2dddd30df
security: RBAC cache cross-instance invalidation + force re-login on role/perm change (#57 )
Hartmut
2026-04-17 13:01:15 +02:00
23c6e0e04b
security: sanitise Prisma error leaks in AI-tool helpers (#53 )
Hartmut
2026-04-17 09:40:01 +02:00
019702c043
security: ReDoS hardening on blueprint field validator (#52 )
Hartmut
2026-04-17 09:33:42 +02:00
b9040cb328
test(security): scoped-caller forwarding preserves read-only proxy (#47 )
Hartmut
2026-04-17 09:28:02 +02:00
3d89d7d8eb
security: redact sensitive fields in audit DB entries (#46 )
Hartmut
2026-04-17 09:25:15 +02:00
4ff7bc90c3
security: SSRF guard covers IPv6 + DNS-rebind defence via pinned IP (#49 )
Hartmut
2026-04-17 09:19:07 +02:00
3222bec8a5
security: atomic compare-and-swap for TOTP replay window (#43 , part 1)
Hartmut
2026-04-17 09:11:50 +02:00
d1075af77d
security: tighten CSP — drop provider wildcards, add object/frame/worker-src (#45 )
Hartmut
2026-04-17 09:08:40 +02:00
b32160d546
security: default-deny /api middleware allowlist (#44 )
Hartmut
2026-04-17 09:03:24 +02:00
d45cc00f2f
security: cookie + session hardening (#41 )
Hartmut
2026-04-17 09:00:54 +02:00
93a7fbaa4c
security: fail-fast dev-bypass flag in production (#42 )
Hartmut
2026-04-17 08:56:27 +02:00
c2d05b4b99
security: Unicode-aware prompt-injection guard (#39 )
Hartmut
2026-04-17 08:53:38 +02:00
03030639d7
security: constant-time authorize + uniform audit summaries (#40 )
Hartmut
2026-04-17 08:50:25 +02:00
c0ea1d0cb9
security: cap assistant chat payload + injection-guard project cover prompt (#38 )
Hartmut
2026-04-17 08:46:03 +02:00
c0c5f762b8
security: bound JSONB inputs + whitelist batchUpdateCustomFields keys (#48 )
Hartmut
2026-04-17 08:44:11 +02:00
1ff5c3377c
security: block raw/tx escape hatches on read-only AI DB proxy (#47 )
Hartmut
2026-04-17 08:38:05 +02:00
3c5d1d37f7
security: rate-limit IP-keyed, fail-closed on empty key (#37 )
Hartmut
2026-04-17 08:19:33 +02:00
534945f6e3
security: bound password inputs, configure pino redact, patch deps (#36 #46 #58 )
Hartmut
2026-04-17 08:13:25 +02:00
0ef9add935
ci(docker-deploy): pin DATABASE_URL to unique container name to fix split-brain
Hartmut
2026-04-13 09:16:12 +02:00
bb117e9179
fix(docker): provide build-time auth/db env to next build
Hartmut
2026-04-13 08:54:18 +02:00
4cbfb2508d
ci(release): build images with plain docker, not buildx
Hartmut
2026-04-13 08:31:01 +02:00
69d74881dc
ci(release): use REGISTRY_TOKEN PAT for Gitea registry login
Hartmut
2026-04-13 08:09:56 +02:00
62de038497
ci(release): hardcode external Gitea registry host
Hartmut
2026-04-13 07:44:21 +02:00
a1f7abc850
ci: float setup-node to v4 to avoid act_runner cleanup race
Hartmut
2026-04-13 07:21:59 +02:00
69c52e2875
ci(release): push images to Gitea registry, drop GHCR secret requirement
Hartmut
2026-04-13 07:13:37 +02:00
0b330fd344
test(web/e2e): verify root redirect via HTTP not Chromium navigation
Hartmut
2026-04-13 06:44:39 +02:00
e2982a8bd1
ci: bump retrigger marker to force Gitea workflow run
Hartmut
2026-04-13 06:21:16 +02:00
b2d89ca4f0
ci: retrigger docker-deploy after Gitea dbfs lost task 403 log
Hartmut
2026-04-13 06:20:39 +02:00
bee5bbf25e
ci(docker-deploy): retry smoke run once after aggressive re-warm
Hartmut
2026-04-13 05:54:06 +02:00
c7d36ecbbd
test(application): extend ExcelJS read-workbook timeouts to 30s
Hartmut
2026-04-13 05:24:07 +02:00
d90a86c7d7
ci(docker-deploy): pin APP_IP via docker inspect, not shared DNS
Hartmut
2026-04-13 05:07:09 +02:00
a984635ef3
test(web): extend timeout for ExcelJS workbook export tests
Hartmut
2026-04-13 04:33:40 +02:00
0b718f8025
ci: re-warm routes immediately before smoke run
Hartmut
2026-04-13 04:21:41 +02:00
97b77c29f9
ci: pin Docker Deploy to a single app container IP
Hartmut
2026-04-13 03:54:19 +02:00
5da90af432
ci: probe every e2epg IP and pin DATABASE_URL to the one with our DB
Hartmut
2026-04-13 03:52:03 +02:00
e39cae62dc
ci: retrigger after transient setup-node clone race
Hartmut
2026-04-13 03:31:25 +02:00
5dfa1e2aab
ci: warm both root and signin paths without following redirects
Hartmut
2026-04-13 03:19:56 +02:00
2ca101100f
ci: fix audit_logs verification to query pg_tables directly
Hartmut
2026-04-13 03:17:04 +02:00
ee84f6e316
test(web): extend timeout for ExcelJS-based excel import tests
Hartmut
2026-04-13 02:52:54 +02:00
1006167e76
ci(deploy): warm up root path before smoke tests
Hartmut
2026-04-13 02:42:49 +02:00
e7d0151d6b
ci(e2e): scope CI E2E to smoke.spec.ts only
Hartmut
2026-04-13 02:17:31 +02:00
a0b407e92d
ci: bump skill matrix parser test timeout; install playwright in isolated dir
Hartmut
2026-04-13 01:11:37 +02:00
a88db567ad
ci: fix E2E postgres-test collision and smoke @playwright/test resolution
Hartmut
2026-04-13 00:53:19 +02:00
ca71be14c5
ci(e2e): provide dummy PGADMIN_PASSWORD for test-server compose
Hartmut
2026-04-13 00:31:11 +02:00
e6b11120ab
ci(docker-deploy): symlink packages/db node_modules into scripts/
Hartmut
2026-04-13 00:25:36 +02:00
d6df582e5e
chore: stop tracking .claude/worktrees agent scratch repos
Hartmut
2026-04-13 00:04:43 +02:00
b164c4ca70
ci: fix e2e hostname collision and docker-deploy admin seed
Hartmut
2026-04-13 00:04:32 +02:00
f856dd26b3
ci: diagnose e2e audit_logs mystery; fix docker-deploy admin seed
Hartmut
2026-04-12 23:43:10 +02:00
931d1f5d5f
ci: bridge docker-deploy compose to gitea_gitea; bypass turbo for e2e
Hartmut
2026-04-12 23:22:50 +02:00
0b2d263d30
ci: use prisma db execute (no psql dep); baseline migrations after push
Hartmut
2026-04-12 23:01:51 +02:00
8be01fe6aa
ci: stronger db reset for e2e, volume wipe for docker-deploy
Hartmut
2026-04-12 22:44:31 +02:00
3e2b242151
ci: fix fresh-DB bootstrap for e2e and docker-deploy
Hartmut
2026-04-12 22:22:35 +02:00
1c0f46a575
ci: retrigger after runner DNS fix (non-ignored path)
Hartmut
2026-04-12 22:00:52 +02:00
b214e876bb
ci: retrigger after runner DNS fix
Hartmut
2026-04-12 21:59:23 +02:00
da0d69c1c3
docs(gitea): complete DNS fix — act_runner host + job-container both
Hartmut
2026-04-12 21:58:26 +02:00
caa08282a1
ci: set PLAYWRIGHT_DATABASE_URL on e2e job
Hartmut
2026-04-12 21:54:16 +02:00
ec557a0b4b
ci: fix E2E db target guard and strip bind mounts in docker deploy test
Hartmut
2026-04-12 21:41:46 +02:00
9a3e19ddce
ci: continue-on-error for upload-artifact steps (Gitea GHES unsupported)
Hartmut
2026-04-12 21:21:13 +02:00
72471e89b8
test(db): clear env before each loadWorkspaceEnv test, not just after
Hartmut
2026-04-12 21:08:37 +02:00
8256673744
test(shared): exclude type-only and static-data files from coverage
Hartmut
2026-04-12 20:57:58 +02:00
fee9d1c158
test(application): exclude NDA-gated dispo-import files from coverage
Hartmut
2026-04-12 20:46:19 +02:00
ea6b79ba02
docs(gitea): expand DNS troubleshooting for act_runner clone hangs
Hartmut
2026-04-12 20:43:49 +02:00
Hartmut