Feat/swagger examples spectacular#2
Open
datagerl wants to merge 164 commits into
Open
Conversation
…cuit breaker support
- Add comprehensive boundary validation tests for claim timing - Test exact boundary conditions for claim start and expiry times - Verify auto-expiry logic on late claim attempts - Document expected behavior for backend and frontend - Include Testnet deployment guidelines
…ewer-route feat(frontend): add reviewer demo-checklist route with feature flag
…ndary-validation Add claim window and expiry boundary validation (Pulsefy#422)
…deploy Add Soroban testnet deployment runbook
add Testnet smoke suite and Merkle allowlist validation tools
…-validation-416 Harden token validation and transfer errors
- Add comprehensive gas profiling test suite (gas_profiling.rs) - Benchmark create_package at batch sizes: 10, 25, 50, 100, 200 - Benchmark claim operations (single and Merkle proof) - Add GAS_PROFILING_REPORT.md with analysis and recommendations - Identify safe batch sizes: 10-25 (production), 50 (moderate), 100 (caution) - Propose optimizations: pagination, event batching, lazy storage, caching
- Add EXPECTED_NETWORK constant to env.ts - Add useNetworkGuard hook to detect wallet/app network mismatch - Add NetworkMismatchBanner component with remediation instructions - Update WalletConnect to show red warning badge on mismatch - Block signTransaction with NetworkMismatchError on wrong network - Add tests for mismatch states and recovery (10/10 passing)
…ork-mismatch-guard feat: wallet network mismatch guard for Freighter (Pulsefy#441)
docs: add testnet deployment runbook for aid_escrow contract
fix: Testnet contract config + network guardrails
This commit addresses issue Pulsefy#618 by implementing comprehensive artifact access hardening: Authorization Enhancements: - Enforce mandatory X-User-Role, X-Org-Id, and X-User-Id headers - Validate that all auth headers are non-empty - Reject requests with invalid roles (only admin, operator, reviewer allowed) - Validate organization ownership of artifacts before access - Improve error messages to distinguish different failure scenarios Signed URL Security: - Short-lived tokens with configurable TTL (verification_artifact_url_ttl_seconds) - HMAC-SHA256 signatures for token integrity verification - Token expiration timestamp validation - Organization ID embedded in token for additional verification - Reject expired, tampered, or invalid tokens API Improvements: - Enhanced error responses with specific error codes: * missing_user_role, missing_org_id, missing_user_id * token_expired, invalid_token_signature, invalid_token * forbidden_org (organization mismatch) - Comprehensive logging of security events and access denials - Better documentation of security model in code Service Layer Hardening: - Input validation in ArtifactAccessService - Path traversal prevention in artifact resolution - Metadata validation and error handling - Improved logging for security auditing Testing: - Added 14 comprehensive test cases covering: * Missing and empty header validation * Token expiration verification * Token tampering detection * Token signature verification * Organization mismatch detection * All authorized roles (admin, operator, reviewer) Acceptance Criteria Met: ✓ Reject unauthorized access (missing headers, invalid roles, wrong org) ✓ Signed URL expiry is configurable (verification_artifact_url_ttl_seconds) ✓ All tests pass (14/14)
…ening fix: Pulsefy#618 Artifact Access Hardening - Auth and Signed URLs
…e-uploads Add resumable evidence upload sessions to ai-service
Add async OCR job queue
Implements Redis-based response caching to reduce repeated compute for safe read endpoints. - Backend: 8 cached GET endpoints with configurable TTL (30s-30min) - AI Service: Task status caching with 30s TTL - Cache key normalization using SHA-256 hash - Testnet-safe with automatic TTL adjustments - Graceful degradation if Redis unavailable Closes Pulsefy#619
Accessibility Pass (Keyboard + Contrast + Aria)
…laim disbursement
- Fix async promise handling in cache interceptor - Remove unused CACHE_RESPONSE_KEY import - Remove async from getCacheStats (no await needed) - Fix Python test mocking to patch main.app instead of services.cache.app
- Add error handler to TypeScript test to prevent timeout - Simplify Python test mocking to avoid import issues - Mock main.app directly instead of patching module imports
…ismatch-guard fix(Pulsefy#596): Block claim submission on network mismatch
- Add error handler to prevent test timeout - Mock redisService.set to ensure promise chain completes - Use subscribe object notation for proper error handling
…eeplink-routing fix(notifications): harden notification deep link routing across app lifecycle
feat: Add response caching for safe read operations
…and queue management
feat(backend): Implement Soroban transaction lifecycle tracking for c…
…service-with-circuit-breakers-and-queue-management feat: implement AI-driven verification service with circuit breakers …
…ant?" Before: "Does this go here? What format? How angry will the 422 be?" After: "Oh, there's literally an example right there. Cool." - Added OpenAPI payload examples with anchor metadata - Covered success & failure cases (including the dramatic 422) - Swagger UI now comes with instruction manual + pictures - Reduced integration questions by ∞% (mathematically impossible but achieved it)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
closes Pulsefy#620