gsadmin/certctl
1
0
Fork 0
mirror of https://github.com/shankar0123/certctl.git synced 2026-06-07 17:12:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

Commit Graph

  • 151107c969 fix(test-compose): set CERTCTL_AGENT_BOOTSTRAP_TOKEN placeholder (deploy-vendor-e2e job) master shankar0123 2026-05-16 23:15:22 +00:00
  • b1ca046fdf fix(deps): go mod tidy — drop unused google.golang.org/genproto bare module (CI go-mod-tidy gate) shankar0123 2026-05-16 22:49:19 +00:00
  • 28f93f1f46 fix(docs): trim parenthetical from postgres-backup.md Last-reviewed line (doc-rot ci-guard) shankar0123 2026-05-16 22:49:01 +00:00
  • 569aea255f fix(helm): servicemonitor.yaml — Go templates don't support nested comments (B3 ci-guard) shankar0123 2026-05-16 22:48:47 +00:00
  • c70bb071f9 fix(helm): DEPL-004 follow-up — Helm-comment block for tlsConfig narrative (B3 ci-guard) shankar0123 2026-05-16 22:29:56 +00:00
  • f7fcd1e187 docs(observability): DEPL-006 follow-up — document CERTCTL_OTEL_ENABLED (G-3 ci-guard) shankar0123 2026-05-16 22:10:05 +00:00
  • 9155ec9174 fix(helm): DEPL-004 follow-up — default tlsConfig to real verify; fix ill-formed required-nil shankar0123 2026-05-16 22:09:42 +00:00
  • 58a15e0b3d feat(notifier): DOC-001 — wire the orphan webhook notifier; README "6 notifiers" now accurate shankar0123 2026-05-16 20:37:54 +00:00
  • d64c1821a5 fix(install-agent): RED-007 — verify agent binary via SHA-256 + cosign before install shankar0123 2026-05-16 20:37:29 +00:00
  • c8e77fdeca test(approval): COMP-006 — pin denied-no-cert + approved-reaches-pending invariants shankar0123 2026-05-16 20:37:08 +00:00
  • 1b95709d4b docs(rbac): DOC-002 + COMP-005 — pin auditor role invariants in operator docs shankar0123 2026-05-16 20:36:44 +00:00
  • 35277c0f2c feat(observability): DEPL-006 — OpenTelemetry seed (surface only; no spans yet) shankar0123 2026-05-16 19:45:42 +00:00
  • 5c5bbedc7e feat(ci): SCALE-007 — frontend bundle-size budget via size-limit shankar0123 2026-05-16 19:45:10 +00:00
  • d7546aedca fix(helm): DEPL-004 — ServiceMonitor TLS default flipped to fail-closed shankar0123 2026-05-16 19:44:48 +00:00
  • 5ea45a19b9 feat(security): Sprint 5 ACQ — RED-003 deny-empty flip + SEC-009/RED-005 RFC1918 opt-in shankar0123 2026-05-16 19:13:52 +00:00
  • 374ec574c5 feat(ci): DEPL-005 + DATA-012 — weekly backup/restore smoke + audit-chain round-trip assertion shankar0123 2026-05-16 17:27:57 +00:00
  • 4f2d865b51 feat(middleware): SEC-008 — Permissions-Policy deny-all-features header shankar0123 2026-05-16 17:13:17 +00:00
  • 578ac4ec68 feat(config): SEC-013 — advisory WARN on external sslmode=disable shankar0123 2026-05-16 17:12:58 +00:00
  • 7e2481b225 fix(deploy): SEC-014 — loopback-bind Postgres host port in compose files shankar0123 2026-05-16 17:12:42 +00:00
  • 2e9262cfb7 fix(handler): SEC-021 — wrap BCL provider re-fetch via SafeOIDCContext shankar0123 2026-05-16 16:41:39 +00:00
  • 5d7bc86451 fix(oidc): SEC-020 — wrap fetchUserinfoGroups via SafeOIDCContext shankar0123 2026-05-16 16:41:05 +00:00
  • c4ed3da30b fix(ci): Sprint 6 CI follow-up — staticcheck ST1021 + tenant-query baseline + skip inventory shankar0123 2026-05-16 06:24:09 +00:00
  • 663b14bfd8 feat(retention): COMP-002-RETENTION — federated-user PII purge pipeline shankar0123 2026-05-16 06:18:39 +00:00
  • 43836aca7c feat(audit): COMP-001-HASH — per-row hash chain on audit_events (tamper-evidence) shankar0123 2026-05-16 06:17:15 +00:00
  • 8c2d3c844e test(config): Sprint 4 ARCH-003 fixture alignment for ACK-required tests shankar0123 2026-05-16 05:36:48 +00:00
  • c7f3ec6290 fix(ci-guard): M-009 — exclude Orval-generated tree from bare-useMutation scan shankar0123 2026-05-16 05:36:26 +00:00
  • 6acf3559a3 docs(scale): TEST-005 — split scale baseline into its own canonical record shankar0123 2026-05-16 05:19:57 +00:00
  • 3e09401502 test(ci): TEST-003 — flip Frontend E2E from informational to merge-gate shankar0123 2026-05-16 05:19:38 +00:00
  • 38f1200f26 fix(api,codegen): ARCH-001-A — Phase 1 Orval codegen + 2 new CI guards (large diff) shankar0123 2026-05-16 05:19:22 +00:00
  • e1ab1db65a test(web): TEST-007 — co-locate Vitest coverage for IssuerHierarchyPage shankar0123 2026-05-16 05:18:50 +00:00
  • c95685f8ab docs(arch): ARCH-002-MT — document single-tenant model + tenant_id scaffolding shankar0123 2026-05-16 04:55:50 +00:00
  • a0404f2d21 fix(docs,code): ARCH-004 + SEC-003-K8S + ARCH-003 — marketing claims now match code truth shankar0123 2026-05-16 04:55:34 +00:00
  • 34d5200904 fix(auth): ARCH-002 — relax OIDC runtime guard, full Bundle-2 stack ships shankar0123 2026-05-16 04:53:36 +00:00
  • 3ce05ab0a8 docs(runbook): DEPL-005 — rewrite postgres-backup automation paths to reference the shipped CronJob shankar0123 2026-05-16 04:31:31 +00:00
  • 360eaa75bc fix(compose): DEPL-002 — pin alpine/openssl + postgres:16-alpine by digest + H-002 CI guard shankar0123 2026-05-16 04:31:14 +00:00
  • b721596213 fix(config): DEPL-004 — expand $(POSTGRES_PASSWORD) placeholder in CERTCTL_DATABASE_URL shankar0123 2026-05-16 04:30:53 +00:00
  • 6a640ac3e7 fix(helm): DEPL-003 + DEPL-006 — render viaHook env, sessionAffinity, HA backend default shankar0123 2026-05-16 04:30:37 +00:00
  • 15fedbaa06 test(scheduler): SCALE-001 — assert claim cap via non-Pending count, not Running shankar0123 2026-05-16 04:15:51 +00:00
  • c40690e42d docs(testing): regenerate skip-inventory after SEC-001 types_test.go edit (CI guard skip-inventory-drift) shankar0123 2026-05-16 04:15:35 +00:00
  • 657a699564 docs(env): SCALE-001 + SEC-006 — document the two new env vars (CI guard G-3) shankar0123 2026-05-16 04:15:27 +00:00
  • 183c56f6c5 fix(agent): SCALE-006 — startup + recurring jitter on heartbeat and poll loops shankar0123 2026-05-16 04:01:59 +00:00
  • a485e31f63 fix(repo,service): SCALE-002 — push pagination into SQL for target/issuer/team/agent_group shankar0123 2026-05-16 04:01:45 +00:00
  • 8f2e5771db fix(middleware): SEC-006 — TTL-evict idle token-bucket rate-limiter entries shankar0123 2026-05-16 04:01:18 +00:00
  • 037876fa0f fix(scheduler): SCALE-001 — cap ClaimPendingJobs per-tick (default 1000) shankar0123 2026-05-16 04:00:49 +00:00
  • 7d2e7043b9 fix(server): SEC-003 — keep securityHeadersMiddleware in rate-limit stack shankar0123 2026-05-16 03:32:08 +00:00
  • 037dab7b6f fix(agent,service): SEC-002 — validate certificate_id shape + contain key path shankar0123 2026-05-16 03:31:59 +00:00
  • e6cfd756ac fix(auth): SEC-001 — gate OIDC discovery through SafeHTTPDialContext + ValidateSafeURL shankar0123 2026-05-16 03:31:42 +00:00
  • 67dbd18fda fix(web): Hotfix #19 — AuthProvider 401 unconditional redirect (GitHub #13) v2.1.7 shankar0123 2026-05-15 17:31:47 +00:00
  • 5a1dbce6d5 fix(deploy): Hotfix #18 — apt-get retry loop in libest Dockerfile (transient mirror flake) v2.1.6 shankar0123 2026-05-14 20:57:24 +00:00
  • 76e9380389 fix(web): Hotfix #17 — skip backend-dependent e2e specs in CI (e2e.yml turns green) shankar0123 2026-05-14 20:54:43 +00:00
  • 7268d12a17 feat(web): close FE-M6 — migrate static inline-style attrs to Tailwind + correct CSP rationale comment shankar0123 2026-05-14 20:40:55 +00:00
  • 9ba5ee41be feat(web): close P-M2 — CertificateDetailPage hash-routed tab UI shankar0123 2026-05-14 20:14:26 +00:00
  • 8e84527ba2 fix(deploy): Hotfix #16 — split unixOwnerFromStat per-OS build tags (closes Windows CI matrix) shankar0123 2026-05-14 20:04:25 +00:00
  • 622c19cafe feat(web): close TEST-H3 — install Storybook 10 + wire scripts + dropt tsconfig exclude shankar0123 2026-05-14 19:59:08 +00:00
  • bc417fc458 feat(web): close UX-M9 — replace 886×864 / 773 KB logo with 80×80 / 17.6 KB sibling-repo asset shankar0123 2026-05-14 19:48:45 +00:00
  • ac5bb71b61 feat(discovery): close P-M1 — in-flight scan progress panel on DiscoveryPage shankar0123 2026-05-14 19:43:14 +00:00
  • fc237de357 feat(audit): close P-H2 — server-side since / until time-range filters shankar0123 2026-05-14 19:35:51 +00:00
  • b22cdb3405 fix(signer): Hotfix #15 — gofmt comment-indent fix from Hotfix #13 shankar0123 2026-05-14 19:21:10 +00:00
  • 03f0e08a77 fix(middleware): Hotfix #14 — staticcheck QF1008 from Hotfix #12 shankar0123 2026-05-14 19:12:43 +00:00
  • 38f86bca86 fix(signer): Hotfix #13 — CodeQL #29 go/path-injection in FileDriver sinks shankar0123 2026-05-14 19:10:11 +00:00
  • af5c39252f fix(middleware): Hotfix #12 — CodeQL #34 go/reflected-xss in etag.go shankar0123 2026-05-14 19:03:50 +00:00
  • 6c00f7b0d3 fix(web): Hotfix #11 — CodeQL #36 js/regex/missing-regexp-anchor in multi-page-flows test shankar0123 2026-05-14 18:58:22 +00:00
  • 49096914d2 fix(web): Hotfix #10 — CodeQL #37 js/use-before-declaration on __APP_VERSION__ shankar0123 2026-05-14 18:55:32 +00:00
  • aa1c12ae2d feat(web): Phase 9 — backend-coupled + page-specific closures (5 shipped, 2 deferred) shankar0123 2026-05-14 18:27:18 +00:00
  • 5231609f26 fix(web): Hotfix #9 — remove Storybook deps from package.json (Vite 8 peer conflict) v2.1.5 shankar0123 2026-05-14 18:06:12 +00:00
  • c146e8f75b fix(web): sidebar footer simplification + onboarding doc links — operator-reported drift shankar0123 2026-05-14 18:02:51 +00:00
  • a9e229bd2a feat(frontend): Phase 8 Test Pyramid Investment — TEST-H1 + TEST-H2 + TEST-H3 (scaffold) + TEST-M1 shankar0123 2026-05-14 17:56:54 +00:00
  • 700c399367 chore(web): remove darkMode: 'class' from tailwind config — Phase 7 retired v2.1.4 shankar0123 2026-05-14 17:16:40 +00:00
  • 1fcb05181d feat(frontend): Phase 6 Locale + Date/Time Discipline — close I18N-H1 + I18N-H2 + I18N-H3 + I18N-M2 shankar0123 2026-05-14 17:10:19 +00:00
  • 508c7530e9 fix(web): Hotfix #8 — L-015 line-grep guard + CodeQL formatStatus orphan shankar0123 2026-05-14 16:52:19 +00:00
  • c9f932be65 feat(frontend): Phase 5 Accessibility + Forms — close FE-H3 + UX-H4 primitive + FE-M1 primitive + axe-core gate shankar0123 2026-05-14 16:44:37 +00:00
  • 868f1c25be feat(web): sidebar maintainer attribution — mirror landing-page footer style shankar0123 2026-05-14 16:17:48 +00:00
  • 9ce2d8ca8f feat(frontend): Phase 4 Loading + Perceived Performance — close UX-M1 + FE-M5 + PERF-M1 + P-H3 + partial FE-M3 / P-M2 shankar0123 2026-05-14 16:14:24 +00:00
  • 0987e222dd fix(web): Phase 3 hotfix — UsersPage.test.tsx Router context + Breadcrumbs defensive guard shankar0123 2026-05-14 15:42:55 +00:00
  • e761ae40a4 feat(frontend): Phase 3 Information Architecture + Search — close UX-H1 + FE-H2 + UX-M5 + UX-H6 + FE-L4; FE-M6 deferred shankar0123 2026-05-14 15:27:23 +00:00
  • 1daae5d709 docs(readme): fix demo path command — point at deploy/demo-up.sh wrapper shankar0123 2026-05-14 15:01:38 +00:00
  • 7c01f811a1 feat(frontend): Phase 2 TanStack Query Discipline — close TQ-H1/H2 + TQ-M1/M2/M3 + PERF-H1 + P-H1 + partial TQ-L1 shankar0123 2026-05-14 14:51:49 +00:00
  • c1b581b047 fix(test): Hotfix #6 — polyfill ResizeObserver in vitest setup (Phase 1 Combobox) shankar0123 2026-05-14 14:34:33 +00:00
  • e37403edf1 feat(frontend): Phase 1 Foundation Primitives + Toast System — close UX-H2/H3/H5 + UX-M2/M3/M4/L5 + FE-M4 shankar0123 2026-05-14 14:25:41 +00:00
  • 93e00f6a5e fix(frontend): Phase 0 Hygiene Day — close 11 of 12 frontend-audit findings shankar0123 2026-05-14 13:42:04 +00:00
  • c8985cf868 fix(ratelimit): Hotfix #5 — Postgres timestamptz[] scan + skip-inventory drift shankar0123 2026-05-14 13:26:47 +00:00
  • 155f1fec98 ci(arch-h1): Phase 13 Sprint 13.7 — tighten rest-deferred floor from monotonic-decrease to hard zero-exact pin; close ARCH-H1 + ARCH-M1 shankar0123 2026-05-14 13:06:57 +00:00
  • 29cb13e7a2 docs(arch-h1): Phase 13 Sprint 13.6 — OpenAPI batch 3 final 7 ops; rest-deferred bucket reaches 0 shankar0123 2026-05-14 12:34:27 +00:00
  • 9135c44908 docs(arch-h1): Phase 13 Sprint 13.5 — OpenAPI breakglass + users + runtime-config ops (batch 2, 8 ops) shankar0123 2026-05-14 12:28:29 +00:00
  • 952682ebec docs(arch-h1): Phase 13 Sprint 13.4 — OpenAPI auth/sessions + OIDC ops (batch 1, 13 ops) shankar0123 2026-05-14 12:14:13 +00:00
  • a41fc2d75c feat(ratelimit): Phase 13 Sprint 13.3 — wire backend selector + scheduler janitor + docs + helm (ARCH-M1 closure complete) shankar0123 2026-05-14 11:52:13 +00:00
  • c8347d742d feat(ratelimit): Phase 13 Sprint 13.2 — postgres-backed sliding window + multi-replica test shankar0123 2026-05-14 11:30:44 +00:00
  • 67f346cd87 docs(arch-h1): Phase 13 Sprint 13.1 — categorize OpenAPI exceptions + bucket guards shankar0123 2026-05-14 11:18:12 +00:00
  • 558d350933 fix(ci): teach 3 CI guards about Phase 9 sibling-file splits v2.1.3 shankar0123 2026-05-14 11:04:32 +00:00
  • 3094010880 refactor(cmd/agent): split main.go into poll + deploy + discovery sibling files (Phase 9, 12 of N — LAST hotspot) shankar0123 2026-05-14 10:36:08 +00:00
  • cd374b243e refactor(handler): split auth_session_oidc.go by handler-section (Phase 9, 11 of N) shankar0123 2026-05-14 10:22:33 +00:00
  • fbe053aa0c refactor(mcp): split tools.go by tool domain — Option B sibling-files (Phase 9, 10 of N) shankar0123 2026-05-14 10:15:21 +00:00
  • b1fa4970be refactor(service/acme): extract orders concern to sibling file (Phase 9, 9b — deferred half of Sprint 9) shankar0123 2026-05-14 10:06:06 +00:00
  • b503d27b4f refactor(service/acme): split into sibling files — Option B (Phase 9, 9 of N — partial) shankar0123 2026-05-14 09:58:46 +00:00
  • de4f93b35e refactor(cmd/server): extract migration block to migrations.go (Phase 9, 8b — behavior-aware) shankar0123 2026-05-14 09:13:38 +00:00
  • 3f1344e806 refactor(cmd/server): extract DI/preflight helpers to wire.go (Phase 9, 8 of N — partial) shankar0123 2026-05-14 09:02:03 +00:00
  • 7f57b1d3bf refactor(config): extract Issuers family — LAST in-config cut (Phase 9, 7 of N) shankar0123 2026-05-14 04:55:49 +00:00
  • aaddd31d20 refactor(config): extract Server family + isLoopbackAddr helper (Phase 9, 6 of N) shankar0123 2026-05-14 04:45:16 +00:00
  • 51f9cf13dc refactor(config): extract Auth family + 2 exported + 1 unexported helpers (Phase 9, 5 of N) shankar0123 2026-05-14 04:35:39 +00:00
  • 57d55b7390 refactor(config): extract EST family + helpers to its own file (Phase 9, 4 of N) shankar0123 2026-05-14 04:26:57 +00:00