akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 5 Packages Projects Releases Wiki Activity
2,268 Commits 11 Branches 107 Tags
05fba0b3dbe0b17dc4e9860e3efb38c241fe97ca
Commit Graph

7 Commits

Author SHA1 Message Date
GitHub Actions
60436b5481 fix(e2e): resolve E2E test failures by correcting API endpoints and response field access 
- Updated Break Glass Recovery test to use the correct endpoint `/api/v1/security/status` and adjusted field access to `body.cerberus.enabled`.
- Modified Emergency Security Reset test to remove expectation for `feature.cerberus.enabled` and added assertions for all disabled modules.
- Refactored Security Teardown to replace hardcoded authentication path with `STORAGE_STATE` constant and corrected API endpoint usage for verifying security module status.
- Added comprehensive verification steps and comments for clarity.
 2026-02-03 15:13:33 +00:00
GitHub Actions
8eb1cf0104 fix(tests): use correct endpoint in break glass recovery test 
The break glass recovery test was calling GET /api/v1/config which
doesn't exist (only PATCH is supported). Changed to use
GET /api/v1/security/config and updated the response body accessor
from body.security?.admin_whitelist to body.config?.admin_whitelist.

Also switched to Playwright's toBeOK() assertion for better error
messages on failure.
 2026-02-03 14:06:46 +00:00
GitHub Actions
0da6f7620c fix: restore PATCH endpoints used by E2E + emergency-token fallback 
register PATCH /api/v1/settings and PATCH /api/v1/security/acl (E2E expectations)
add emergency-token-aware shortcut handlers (validate X-Emergency-Token → set admin context → invoke handler)
preserve existing POST handlers and backward compatibility
rebuild & redeploy E2E image, verified backend build success
Why: unblocked failing Playwright E2E tests that returned 404s and were blocking the hotfix release
 2026-01-27 22:43:33 +00:00
GitHub Actions
f64e3feef8 chore: clean .gitignore cache 2026-01-26 19:22:05 +00:00
GitHub Actions
e5f0fec5db chore: clean .gitignore cache 2026-01-26 19:21:33 +00:00
GitHub Actions
1b1b3a70b1 fix(security): remove rate limiting from emergency break-glass endpoint 2026-01-26 19:20:12 +00:00
GitHub Actions
892b89fc9d feat: break-glass security reset 
Implement dual-registry container publishing to both GHCR and Docker Hub
for maximum distribution reach. Add emergency security reset endpoint
("break-glass" mechanism) to recover from ACL lockout situations.

Key changes:

Docker Hub + GHCR dual publishing with Cosign signing and SBOM
Emergency reset endpoint POST /api/v1/emergency/security-reset
Token-based authentication bypasses Cerberus middleware
Rate limited (5/hour) with audit logging
30 new security enforcement E2E tests covering ACL, WAF, CrowdSec,
Rate Limiting, Security Headers, and Combined scenarios
Fixed container startup permission issue (tmpfs directory ownership)
Playwright config updated with testIgnore for browser projects
Security: Token via CHARON_EMERGENCY_TOKEN env var (32+ chars recommended)
Tests: 689 passed, 86% backend coverage, 85% frontend coverage
 2026-01-25 20:14:06 +00:00