certctl

gsadmin/certctl

Fork 0

mirror of https://github.com/shankar0123/certctl.git synced 2026-06-07 13:41:30 +00:00

Commit Graph

Select branches

Hide Pull Requests

master

#3

checkpoint/m1-migration-wip

v1.0.0

v2.0.0

v2.0.1

v2.0.10

v2.0.11

v2.0.12

v2.0.13

v2.0.14

v2.0.15

v2.0.16

v2.0.17

v2.0.18

v2.0.19

v2.0.2

v2.0.20

v2.0.21

v2.0.22

v2.0.23

v2.0.24

v2.0.25

v2.0.26

v2.0.27

v2.0.28

v2.0.29

v2.0.3

v2.0.30

v2.0.31

v2.0.32

v2.0.33

v2.0.34

v2.0.35

v2.0.36

v2.0.37

v2.0.38

v2.0.39

v2.0.4

v2.0.40

v2.0.41

v2.0.42

v2.0.43

v2.0.44

v2.0.45

v2.0.46

v2.0.47

v2.0.48

v2.0.49

v2.0.5

v2.0.50

v2.0.51

v2.0.52

v2.0.53

v2.0.54

v2.0.55

v2.0.56

v2.0.57

v2.0.59

v2.0.6

v2.0.60

v2.0.61

v2.0.62

v2.0.63

v2.0.64

v2.0.65

v2.0.66

v2.0.67

v2.0.68

v2.0.69

v2.0.7

v2.0.70

v2.0.71

v2.0.72

v2.0.8

v2.0.9

v2.1.0

v2.1.1

v2.1.2

v2.1.3

v2.1.4

v2.1.5

v2.1.6

v2.1.7

c461ef3339 refactor(config): extract SCEP family + helpers to its own file (Phase 9, 3 of N) shankar0123 2026-05-14 04:19:24 +00:00
5d5bd02f3e refactor(config): extract ACME family to its own file (Phase 9, 2 of N) shankar0123 2026-05-14 03:53:17 +00:00
45ddcb75a3 refactor(config): extract NotifierConfig to its own file (Phase 9, 1 of N) shankar0123 2026-05-14 03:44:44 +00:00
cd3205a66d fix(deps): pin lodash >= 4.18.0 to close Dependabot #18 + #19 (CVE-2026-4800) shankar0123 2026-05-14 03:36:51 +00:00
51529ea609 fix(router): invert ETag wrap so rbacGate stays outer — close CRIT-1 ratchet shankar0123 2026-05-14 03:32:14 +00:00
1279172e9b loadtest: close Phase 8 SCALE-H2 — add scale-tier scenarios shankar0123 2026-05-14 03:25:15 +00:00
0ad881c2bd fix(lint): U1000 — delete dead etagRecorder.sentinelMarker method shankar0123 2026-05-14 03:11:57 +00:00
ed60059e80 fix(lint): ST1021 — lead JitteredTicker docstring with the type name shankar0123 2026-05-14 03:00:16 +00:00
ba66748b5b connectors: close Phase 7 SEC-H2 — migrate 5 connectors to argv-form exec shankar0123 2026-05-14 01:49:02 +00:00
8191b1ee64 scheduler+db: close Phase 6 — scale hardening across pool, jitter, ETag, asyncpoll shankar0123 2026-05-14 01:23:03 +00:00
d6f4d5c5e8 deploy(helm): close Phase 4 — chart surface + DR + ops runbooks shankar0123 2026-05-14 00:58:00 +00:00
b2284ef2a4 fix(ci): enable compile-generator in SLSA L3 binary provenance v2.1.2 shankar0123 2026-05-14 00:38:48 +00:00
09c29b9f40 docs: shift to Pattern A in history-normalization.md v2.1.1 shankar0123 2026-05-13 23:14:20 +00:00
d364ace02a fix(ci): set CERTCTL_ACME_INSECURE_ACK=true in test compose shankar0123 2026-05-13 23:06:22 +00:00
921dac7e6b docs: explain the Phase 0 git history normalization shankar0123 2026-05-13 21:24:09 +00:00
21aeed4f4e legal: addlicense headers + normalize legacy variants (Phase 0 RED-4) shankar0123 2026-05-13 21:23:35 +00:00
8c0c8aa69d legal: ship NOTICE + THIRD_PARTY_NOTICES.md (Phase 0 RED-3) shankar0123 2026-05-13 21:20:27 +00:00
5411c12841 license: flip Licensor to certctl LLC shankar0123 2026-05-13 21:16:45 +00:00
9f14894868 chore: ignore cowork/ (operator scratch space) shankar0123 2026-05-13 21:12:16 +00:00
25996f86fa fix(deploy): wire CERTCTL_DEMO_MODE_ACK_TS into the demo overlay path shankar0123 2026-05-13 20:48:20 +00:00
c6602bcbe8 fix(ci): exclude Playwright e2e specs from Vitest run shankar0123 2026-05-13 20:44:07 +00:00
888e10cba0 fix(ci): close two CI regressions from Phase 3 + Phase 5 shankar0123 2026-05-13 20:31:20 +00:00
3c81531398 ci: OpenAPI parity reconciliation + codegen scaffolding (Phase 5 — ARCH-H1 / ARCH-M6) shankar0123 2026-05-13 20:24:20 +00:00
1383fe419b ci: add exponential-backoff retry to digest-validity guard shankar0123 2026-05-13 20:17:08 +00:00
02438ad9e1 ci: floor raise + doc drift (Phase 3 closure — TEST-H1/H2/M1/M2/M3/M4/L1, ARCH-H3/L1/L2/L3/L4) shankar0123 2026-05-13 20:10:08 +00:00
69a2b5c55a config: default hardening + operator docs (Phase 2 closure — SEC-H1, SEC-H3, SEC-M4, DEPL-H1, DEPL-M2 + doc-only carve-outs) shankar0123 2026-05-13 19:50:00 +00:00
95cb002905 ci: supply-chain hardening (Phase 1 closure — RED-1, RED-2, TEST-L2) shankar0123 2026-05-13 19:30:53 +00:00
de8fac24a3 docs(readme): fix quickstart $EDITOR portability bug shankar0123 2026-05-13 04:09:39 +00:00
0161bb201c docs: remove internal engineering docs; docs must be tool- or story-relevant shankar0123 2026-05-13 02:44:27 +00:00
57b539c378 docs(b12): observability reference + Postgres backup runbook shankar0123 2026-05-13 02:09:11 +00:00
072e2af198 fix(compose): pin CERTCTL_DATABASE_URL in demo overlay (cold-DB smoke fix #4) shankar0123 2026-05-13 01:59:48 +00:00
476022ca59 docs(b6): secret-custody reference + config-encryption upgrade runbook + private-key CI guard shankar0123 2026-05-13 01:48:40 +00:00
5b151e74da docs: remove audit-bundle-flavored docs from public repo shankar0123 2026-05-13 01:35:24 +00:00
4e8fb16fc2 fix(oidc): test seam for jwksProbeClient — closes the B5 R6 httptest regression shankar0123 2026-05-13 01:30:47 +00:00
264015059d ci(guards): fix G-3 (CERTCTL_MCP_READ_ONLY phantom) + S-1 (hardcoded 45) shankar0123 2026-05-13 01:24:06 +00:00
596e675ec7 fix(security): close BUNDLE 5 — auth, OIDC, MCP, API + browser security edges shankar0123 2026-05-13 01:18:45 +00:00
750478a6fe fix(scale): close BUNDLE 4 — migrations, scheduler HA, rate-limits, scale receipts shankar0123 2026-05-13 01:00:39 +00:00
7fcdc73e20 ci(helm): pass Bundle 3 required-secret values + add inverse regression checks shankar0123 2026-05-13 00:49:19 +00:00
47da13e7a1 fix(helm): close BUNDLE 3 — Helm chart hardening + enterprise deploy shankar0123 2026-05-13 00:40:42 +00:00
a849c8b8cf fix(security): close BUNDLE 2 — safe first run, demo mode, agent bootstrap shankar0123 2026-05-13 00:14:59 +00:00
d60a0ac297 fix(security): close BUNDLE 1 — server+agent connector config validation chain shankar0123 2026-05-12 23:48:08 +00:00
96d4b1e623 ci(cold-db-smoke): shrink to cold-boot + admin bootstrap only shankar0123 2026-05-12 16:48:41 +00:00
58b14412a1 fix(compose): wire CERTCTL_BOOTSTRAP_TOKEN interpolation (cold-DB smoke fix #3) shankar0123 2026-05-12 16:21:34 +00:00
910097eb30 fix(migrations): 000043 idempotency — wrap CHECK + UNIQUE adds in DO blocks shankar0123 2026-05-12 15:31:55 +00:00
6d0f7747df fix(compose): set CERTCTL_DEMO_MODE_ACK=true in demo compose (cold-DB smoke fix) shankar0123 2026-05-12 14:58:16 +00:00
b4378942fc fix(ciparity): drop unused methodPathRe regex (golangci-lint cleanup) shankar0123 2026-05-12 14:25:37 +00:00
aedf19d128 ci(cold-db-smoke): inline into workflow; remove the script (operator: not a per-commit gate) shankar0123 2026-05-12 14:22:19 +00:00
41706cc0fb Merge dev/auditable-codebase-bundle into master: Auditable Codebase Bundle (post-v2.1.0 anti-rot items 1+2+5+6) shankar0123 2026-05-12 14:16:39 +00:00
9f7b5d89a5 docs(contributor): document the Auditable Codebase Bundle guards shankar0123 2026-05-12 14:15:13 +00:00
255f61e6c5 ci(workflows): wire Auditable Codebase Bundle guards into ci.yml shankar0123 2026-05-12 14:12:39 +00:00
3ede1b726f feat(ci): item-6 cold-DB compose smoke script (CI wiring in Phase 5) shankar0123 2026-05-12 14:11:32 +00:00
3fe511189f feat(ci): item-5 doc rot detector (90d warn / 120d fail) shankar0123 2026-05-12 14:10:27 +00:00
e3a9317693 feat(ci): item-2 cross-surface contract parity (stdlib-only package) shankar0123 2026-05-12 14:09:32 +00:00
0ab6bc4a73 feat(ci): item-1 complete-path config-coverage guard (PARTIAL — sandbox could not verify Go test) shankar0123 2026-05-12 14:02:04 +00:00
a31cef34c5 chore(ci): start Auditable Codebase Bundle — record baseline counts shankar0123 2026-05-12 13:56:29 +00:00
ee2d6d3a7c chore: routine maintenance shankar0123 2026-05-12 04:57:29 +00:00
7b3a57dfdf docs(readme): revert Status block to 4-paragraph form (over-split was too choppy) shankar0123 2026-05-11 22:18:38 +00:00
a103ccfe5c docs(readme): one sentence per blockquote in Status block — full breathing room shankar0123 2026-05-11 22:17:44 +00:00
c029875196 docs(readme): Status block rewrite — design-partner CTA, paragraph cadence shankar0123 2026-05-11 22:16:32 +00:00
ed833e80f6 docs(readme): space out the Status block — three separate blockquotes shankar0123 2026-05-11 22:14:50 +00:00
0eb3d0310c docs(readme): tighten Status block; add RBAC + OIDC runbook links shankar0123 2026-05-11 22:13:34 +00:00
46769fc7fa docs(readme): audit pass — fix 7 stale/inaccurate claims v2.1.0 shankar0123 2026-05-11 17:29:18 +00:00
12705efe36 docs(readme): split Status block into two blockquotes for breathing room shankar0123 2026-05-11 17:09:20 +00:00
de53847f51 docs(readme): quiet the Status block shankar0123 2026-05-11 17:08:21 +00:00
56e2ea1ad7 docs: v2.1.0 release polish — strip internal bundle/phase tags, update status for OIDC ship shankar0123 2026-05-11 16:54:07 +00:00
1b03d0c594 fix(repo/job): split UNION ALL + FOR UPDATE into two queries (Postgres-correctness) shankar0123 2026-05-11 16:11:33 +00:00
def4be9b38 fix(migrations): two cold-DB regressions surfaced by Phase-9 docker compose smoke shankar0123 2026-05-11 16:06:20 +00:00
aa1efd0676 fix(oidc/testfixtures): set legacy KEYCLOAK_ADMIN* env vars for start-dev master-admin bootstrap shankar0123 2026-05-11 15:49:25 +00:00
360e7449ad fix(oidc/integration): pass fx.IssuerURL as callbackIss arg in 7 HandleCallback call sites shankar0123 2026-05-11 15:44:39 +00:00
1b529985be fix(oidc/testfixtures): set Enabled=true on Keycloak integration-test provider shankar0123 2026-05-11 15:39:07 +00:00
fefeccfa59 harden(oidc): relax alg-downgrade IdP-bind check to intersection-empty (Keycloak compat) shankar0123 2026-05-11 15:34:59 +00:00
1cfa9f2e2a Merge dev/auth-bundle-2 → master (v2.1.0): Auth Bundle 2 + 2026-05-11 audit fixes shankar0123 2026-05-11 15:24:24 +00:00
70ebef5d3a test(client): mock headers.get() so 401 tests survive HIGH-8 WWW-Authenticate read shankar0123 2026-05-11 14:37:36 +00:00
eee124efb6 chore(ci-guards): close 4 CI-guard regressions surfaced by v2.1.0 release-gate Phase 5 shankar0123 2026-05-11 14:19:35 +00:00
80cbd2db59 test(coverage): backfill 5 packages to clear v2.1.0 release-gate Phase 3 floors shankar0123 2026-05-11 14:12:11 +00:00
8aeeec93c0 chore(lint): close 5 golangci-lint v2 findings surfaced by v2.1.0 release-gate Phase 1.3 shankar0123 2026-05-11 13:31:13 +00:00
09bea664d5 chore(fmt): gofmt cleanup on three pre-bundle drift files surfaced by v2.1.0 release-gate Phase 1 shankar0123 2026-05-11 13:18:25 +00:00
a4b2919f59 Merge Fix 13 (HIGH-2 fourth call site): CSRF rotation on Logout shankar0123 2026-05-11 13:01:56 +00:00
9f617add29 Merge Fix 12: Vitest coverage for the 2026-05-10/11 GUI batch shankar0123 2026-05-11 13:00:25 +00:00
ecba4112b7 Merge Fix 11 (MED-11 discoverability): UsersPage sidebar nav entry shankar0123 2026-05-11 13:00:19 +00:00
54f535a007 Merge Fix 10 (MED-7 GUI half): JWKS health panel + Refresh-now button shankar0123 2026-05-11 12:59:41 +00:00
f1219f8cd3 Merge Fix 09 (MED-5 GUI half): Test Connection panel on OIDC create + edit forms shankar0123 2026-05-11 12:58:48 +00:00
d5522debfb Merge Fix 08 (HIGH A-8): demo-mode residual-grants detector + cleanup endpoint + CI guard shankar0123 2026-05-11 12:57:35 +00:00
9a8130de32 harden(auth/sessions): CSRF rotation on logout closes HIGH-2 fourth call site shankar0123 2026-05-11 12:24:41 +00:00
dfdba5b260 test(gui): Vitest coverage for the 2026-05-10/11 GUI batch (Fix 12) shankar0123 2026-05-11 12:18:08 +00:00
90c7b5813f feat(gui/nav): UsersPage sidebar nav entry under Auth section (MED-11) shankar0123 2026-05-11 12:05:08 +00:00
e92af14a22 feat(gui/oidc): JWKS health panel + Refresh-now button on OIDCProviderDetailPage (MED-7 GUI half) shankar0123 2026-05-11 11:57:38 +00:00
64ad8e525c feat(gui/oidc): Test Connection panel on create + edit forms (MED-5 GUI half) shankar0123 2026-05-11 11:52:26 +00:00
a923cf697c harden(auth): demo-mode residual-grants detector + cleanup endpoint + CI guard (A-8) shankar0123 2026-05-11 11:45:54 +00:00
b8fac59200 chore(fmt): gofmt cleanup on files touched by audit-2026-05-11 fix bundle shankar0123 2026-05-11 11:29:48 +00:00
ad69158405 Merge Fix 07 (HIGH A-7): editable Advanced form on OIDCProviderDetailPage (MED-4) shankar0123 2026-05-11 11:27:43 +00:00
11b145b641 Merge Fix 06 (HIGH A-6): strict UA/IP binding — close request-empty bypass in MED-16 shankar0123 2026-05-11 11:19:04 +00:00
4e31568d3d Merge Fix 05 (HIGH A-5): approval payload preview with profile-edit diff + cert-issuance preview shankar0123 2026-05-11 11:17:14 +00:00
68af18d081 Merge Fix 04 (HIGH A-4): scope-aware ActorRole revoke shankar0123 2026-05-11 11:16:24 +00:00
df53b80cb6 Merge Fix 03 (CRIT A-3): expose AllowedEmailDomains on create + edit forms shankar0123 2026-05-11 11:16:16 +00:00
11a1f0babd Merge Fix 02 (CRIT A-2): close MED-11 lying field — DeactivatedAt loaded + enforced on login shankar0123 2026-05-11 11:16:07 +00:00
027a5a1468 Merge Fix 01 (CRIT A-1): close HIGH-10 lying field — EffectivePermissions reads actor-role scope shankar0123 2026-05-11 11:16:00 +00:00
9af5dad2b0 feat(gui/oidc): editable Advanced form on OIDCProviderDetailPage (A-7 / MED-4) shankar0123 2026-05-11 11:14:49 +00:00
92519436a1 harden(oidc): strict UA/IP binding (A-6) — close request-empty bypass in MED-16 shankar0123 2026-05-11 11:03:31 +00:00
f502da306f feat(gui/approvals): payload preview with profile-edit diff + cert-issuance preview (A-5) shankar0123 2026-05-11 10:57:07 +00:00

1 2 3 4 5 ...