feat: Add browser back navigation support for dialog state#1
Open
Agnes432 wants to merge 475 commits into
Open
feat: Add browser back navigation support for dialog state#1Agnes432 wants to merge 475 commits into
Agnes432 wants to merge 475 commits into
Conversation
…he-297 feat: Turborepo remote caching for all CI steps
…ests-330 test: add contract event emission tests for all state-changing functions
…nt-285 docs: mainnet deployment process, key management, and checklist
docs: document all env vars with descriptions, examples, and required/optional markers
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.28.0 to 0.36.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](aquasecurity/trivy-action@0.28.0...v0.36.0) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-version: 0.36.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [zaproxy/action-baseline](https://github.com/zaproxy/action-baseline) from 0.12.0 to 0.15.0. - [Release notes](https://github.com/zaproxy/action-baseline/releases) - [Changelog](https://github.com/zaproxy/action-baseline/blob/master/CHANGELOG.md) - [Commits](zaproxy/action-baseline@v0.12.0...v0.15.0) --- updated-dependencies: - dependency-name: zaproxy/action-baseline dependency-version: 0.15.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…oe#272) - Replace fire-and-forget Supabase queue with BullMQ + ioredis - Add src/lib/redis.ts — shared IORedis connection singleton - Rewrite src/lib/queue.ts — Queue/Worker backed by Redis - API returns 202 Accepted with job ID immediately (unchanged) - Worker processes anchor_and_mint jobs asynchronously - 3 retries with exponential back-off (2 s → 4 s → 8 s) - Failed jobs kept in BullMQ failed set (dead-letter queue) - Supabase jobs table kept in sync for GET /api/jobs/:id polling - Start worker in instrumentation.ts (server-side only) - Add REDIS_URL to .env.example - Add Redis service to CI workflow - Add migration for dead_lettered_at column Closes AnnabelJoe#272
- GET /api/meters/:id — retrieve meter info (requires operator JWT) - DELETE /api/meters/:id — deactivate a meter (soft-delete via active=false) - Admin authentication required via requireAuth() for both endpoints - Public key stored/validated on registration (existing POST /api/meters) - v1 re-export wired up - Unit tests covering 200/404 for both endpoints Closes AnnabelJoe#269
…oe#289) Closes AnnabelJoe#289 - Documents all required secrets per environment (local / CI / production) - Explains gitignored .env.local for local dev - Lists all GitHub Actions secrets needed for CI and staging - Documents Vercel env vars for production - Covers production AWS Secrets Manager usage (no plaintext keys) - Documents key rotation procedure - References gitleaks / pre-commit secret scanning
- Rewrite deploy-staging.yml: - Triggered on push to develop - CI gate (pnpm test + Redis service) must pass before deploy - Deploys to separate Vercel staging project via VERCEL_PROJECT_ID_STAGING - Health check (5 retries) against /api/health after deploy - Staging Stellar network hardcoded to testnet; production uses mainnet - Expand .env.staging.example with all required variables including REDIS_URL, CORS_ALLOWED_ORIGINS, separate Supabase project values - Add docs/STAGING.md: full setup guide (Vercel project, Supabase project, testnet contract deploy, GitHub secrets, local simulation, smoke test) - Update docs/deployments.md: add staging contract ID table Closes AnnabelJoe#295
…rity-review docs: add OWASP Top 10 security review and remediate misconfiguration (AnnabelJoe#334)
…dashboard feat: build analytics dashboard for energy generation statistics (AnnabelJoe#350)
…e-management feat: implement cooperative multi-meter management (AnnabelJoe#351)
…vironment feat: staging environment mirroring production (AnnabelJoe#295)
…nagement feat: centralized secrets management (AnnabelJoe#289)
…management feat: GET/DELETE /api/meters/:id with admin auth (AnnabelJoe#269)
…ctions/aquasecurity/trivy-action-0.36.0 chore(deps): bump aquasecurity/trivy-action from 0.28.0 to 0.36.0
…ctions/zaproxy/action-baseline-0.15.0 chore(deps): bump zaproxy/action-baseline from 0.12.0 to 0.15.0
…-queue feat: BullMQ+Redis async job queue for Stellar tx (AnnabelJoe#272)
…reshold - Rewrite tests/load/readings.js with SCENARIO=baseline (100 VUs, 60s) and SCENARIO=breakpoint (ramp 0→1000 VUs) controlled via env var - Enforce p95 < 500ms and error rate < 5% thresholds in options - Add structured summary in handleSummary with pass/fail verdict - Update docs/performance/results.md with baseline results table, breaking-point analysis (~600-700 VUs), and full local + CI run instructions - Update .github/workflows/load-test.yml: add scenario input, weekly scheduled baseline run against staging, and results artifact upload
…l-export feat: public verifier audit trail export
…ficate-retirement test: add E2E scenarios for certificate retirement and verification
…t-mobile-desktop-coverage test: add Playwright mobile and desktop scenario coverage
…te-retirement-marketplace-backlog docs: add certificate retirement marketplace to feature backlog
- Add aria-label to nav and focus-visible ring to all nav links - Add aria-hidden to decorative icons (Sun, Search, CheckCircle, ExternalLink) - Add explicit <label for> and sr-only label to verify search input - Add role=search, aria-describedby, aria-busy to verify form - Add role=alert to error output; aria-live=polite to results container - Add focus-visible:ring styles to all buttons and links on home page Closes AnnabelJoe#534
…compromise Covers P0-P3 severity levels, minter key rotation, deploy freeze steps, investigation procedure, communication matrix, recovery checklist, and post-incident review tasks. Closes AnnabelJoe#603
- Add guard-mainnet job that fails fast if a push event tries to target mainnet
- Wire deploy job to the GitHub Environment ('testnet' or 'mainnet') so the
'mainnet' environment's required-reviewers protection rule fires before any
deploy step runs
- Add explicit confirmation log step when deploying to mainnet
- Push-triggered deploys remain testnet-only; mainnet requires workflow_dispatch
with approver sign-off via GitHub Environments
Requires: configure required reviewers on the 'mainnet' environment in
Settings → Environments → mainnet → Required reviewers.
Closes AnnabelJoe#579
…-docs docs: clarify contract ID placeholders and env vars in deployments.md
…eshooting-587 docs: add troubleshooting guide for failed Stellar transactions
…king-607 feat: add analytics tracking for verifier and governance
…-585 docs: add Supabase schema migration and local env setup guide
…ply-chain-602 feat: add dependency supply-chain verification
…ployment-gate feat(ci): add deployment gating for mainnet contract deployments
…ncident-playbook docs(security): add security incident response playbook for contract compromise
Closes AnnabelJoe#561 - audit_registry: test_zero_kwh_rejected, test_negative_kwh_rejected - energy_token: test_mint_zero_rejected, test_mint_negative_rejected, test_burn_zero_rejected, test_transfer_zero_rejected The assert!(kwh_stroops > 0) / assert!(amount > 0) guards were already present; these tests make the invariants explicit and regression-proof.
Closes AnnabelJoe#545 Adds apps/web/src/lib/env.ts with validateEnv() that checks all required environment variables (Supabase URL/keys, MINTER_SECRET_KEY, Stellar contract IDs) and throws a descriptive error listing missing keys if any are absent. Called from next.config.ts so the server crashes at startup with a clear message rather than failing silently inside a request handler.
…vice-secrets-at-startup feat(web): validate service secrets at startup
…ariants-zero-negative-readings test(contracts): add invariant tests for zero/negative readings
…cessibility fix(a11y): ensure all interactive elements are keyboard accessible
…health/readiness Redis checks, structured job logging, metrics exporter, idempotent job guard
…492-health-logging-metrics-idempotency Add health/readiness checks, structured Stellar logging, and metrics (issues AnnabelJoe#494 AnnabelJoe#495 AnnabelJoe#497 AnnabelJoe#492)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes AnnabelJoe#478
Summary
Adds browser back/forward navigation support for modal dialog state so that the back button closes dialogs instead of leaving stale UI.
Changes
Testing