Skip to content

feat: enterprise-grade production hardening#12

Merged
RahRha-v3-2 merged 1 commit into
mainfrom
claude/codebase-policy-production-krMqw
May 22, 2026
Merged

feat: enterprise-grade production hardening#12
RahRha-v3-2 merged 1 commit into
mainfrom
claude/codebase-policy-production-krMqw

Conversation

@RahRha-v3-2
Copy link
Copy Markdown
Owner

@RahRha-v3-2 RahRha-v3-2 commented May 22, 2026

Security:

  • Fix token refresh endpoint re-signing with empty email and hardcoded
    student role; now looks up current user data via findUserById so role
    changes and correct email are reflected in refreshed tokens
  • Add findUserById to userRepo (DB + memory fallback)

CI pipeline:

  • Remove || true from api-gateway lint step; failures now block CI
  • Tighten services lint step to use continue-on-error instead of || true
  • Pin Trivy to aquasecurity/trivy-action@0.30.0 (was @master)
  • Set Trivy exit-code to 1 for CRITICAL findings (was 0 / silent)
  • Add --ci flag to jest coverage run for better reporter output

Code quality:

  • Upgrade ESLint: enable no-explicit-any as error, unused-vars as error,
    add eqeqeq, no-return-await, prefer-const rules
  • Remove as any cast in courses route (Lesson.content is already typed)
  • Replace require() with proper import for package.json in health route
  • Read version from package.json instead of hardcoded string in /health

Testing:

  • Increase test count from 26 to 28: add refresh-carries-real-user-data
    test and logout test
  • Add coverage thresholds (60% lines/functions/statements, 28% branches)
  • Switch jest to --forceExit to prevent open handle hangs in CI

Infrastructure:

  • Fix Grafana port conflict in docker-compose.yml (3001→3030; auth-service
    was also on 3001)
  • Remove ngrok.zip binary from git tracking (already in .gitignore)

@claude
feat: enterprise-grade production hardening
03358e1 
Security:
- Fix token refresh endpoint re-signing with empty email and hardcoded
  student role; now looks up current user data via findUserById so role
  changes and correct email are reflected in refreshed tokens
- Add findUserById to userRepo (DB + memory fallback)

CI pipeline:
- Remove `|| true` from api-gateway lint step; failures now block CI
- Tighten services lint step to use continue-on-error instead of || true
- Pin Trivy to aquasecurity/trivy-action@0.30.0 (was @master)
- Set Trivy exit-code to 1 for CRITICAL findings (was 0 / silent)
- Add --ci flag to jest coverage run for better reporter output

Code quality:
- Upgrade ESLint: enable no-explicit-any as error, unused-vars as error,
  add eqeqeq, no-return-await, prefer-const rules
- Remove `as any` cast in courses route (Lesson.content is already typed)
- Replace require() with proper import for package.json in health route
- Read version from package.json instead of hardcoded string in /health

Testing:
- Increase test count from 26 to 28: add refresh-carries-real-user-data
  test and logout test
- Add coverage thresholds (60% lines/functions/statements, 28% branches)
- Switch jest to --forceExit to prevent open handle hangs in CI

Infrastructure:
- Fix Grafana port conflict in docker-compose.yml (3001→3030; auth-service
  was also on 3001)
- Remove ngrok.zip binary from git tracking (already in .gitignore)
@RahRha-v3-2 RahRha-v3-2 merged commit f8ddcaf into main May 22, 2026
5 of 10 checks passed
@RahRha-v3-2 RahRha-v3-2 deleted the claude/codebase-policy-production-krMqw branch May 22, 2026 18:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@RahRha-v3-2 @claude