Charon

akanealw/Charon

Fork 0

Commit Graph

Author	SHA1	Message	Date
GitHub Actions	999e622113	feat: Add emergency token rotation runbook and automation script - Created a comprehensive runbook for emergency token rotation, detailing when to rotate, prerequisites, and step-by-step procedures. - Included methods for generating secure tokens, updating configurations, and verifying new tokens. - Added an automation script for token rotation to streamline the process. - Implemented compliance checklist and troubleshooting sections for better guidance. test: Implement E2E tests for emergency server and token functionality - Added tests for the emergency server to ensure it operates independently of the main application. - Verified that the emergency server can bypass security controls and reset security settings. - Implemented tests for emergency token validation, rate limiting, and audit logging. - Documented expected behaviors for emergency access and security enforcement. refactor: Introduce security test fixtures for better test management - Created a fixtures file to manage security-related test data and functions. - Included helper functions for enabling/disabling security modules and testing emergency access. - Improved test readability and maintainability by centralizing common logic. test: Enhance emergency token tests for robustness and coverage - Expanded tests to cover various scenarios including token validation, rate limiting, and idempotency. - Ensured that emergency token functionality adheres to security best practices. - Documented expected behaviors and outcomes for clarity in test results.	2026-01-26 06:27:57 +00:00
GitHub Actions	892b89fc9d	feat: break-glass security reset Implement dual-registry container publishing to both GHCR and Docker Hub for maximum distribution reach. Add emergency security reset endpoint ("break-glass" mechanism) to recover from ACL lockout situations. Key changes: Docker Hub + GHCR dual publishing with Cosign signing and SBOM Emergency reset endpoint POST /api/v1/emergency/security-reset Token-based authentication bypasses Cerberus middleware Rate limited (5/hour) with audit logging 30 new security enforcement E2E tests covering ACL, WAF, CrowdSec, Rate Limiting, Security Headers, and Combined scenarios Fixed container startup permission issue (tmpfs directory ownership) Playwright config updated with testIgnore for browser projects Security: Token via CHARON_EMERGENCY_TOKEN env var (32+ chars recommended) Tests: 689 passed, 86% backend coverage, 85% frontend coverage	2026-01-25 20:14:06 +00:00

Author

SHA1

Message

Date

GitHub Actions

999e622113

feat: Add emergency token rotation runbook and automation script

- Created a comprehensive runbook for emergency token rotation, detailing when to rotate, prerequisites, and step-by-step procedures.
- Included methods for generating secure tokens, updating configurations, and verifying new tokens.
- Added an automation script for token rotation to streamline the process.
- Implemented compliance checklist and troubleshooting sections for better guidance.

test: Implement E2E tests for emergency server and token functionality

- Added tests for the emergency server to ensure it operates independently of the main application.
- Verified that the emergency server can bypass security controls and reset security settings.
- Implemented tests for emergency token validation, rate limiting, and audit logging.
- Documented expected behaviors for emergency access and security enforcement.

refactor: Introduce security test fixtures for better test management

- Created a fixtures file to manage security-related test data and functions.
- Included helper functions for enabling/disabling security modules and testing emergency access.
- Improved test readability and maintainability by centralizing common logic.

test: Enhance emergency token tests for robustness and coverage

- Expanded tests to cover various scenarios including token validation, rate limiting, and idempotency.
- Ensured that emergency token functionality adheres to security best practices.
- Documented expected behaviors and outcomes for clarity in test results.

2026-01-26 06:27:57 +00:00

GitHub Actions

892b89fc9d

feat: break-glass security reset

Implement dual-registry container publishing to both GHCR and Docker Hub
for maximum distribution reach. Add emergency security reset endpoint
("break-glass" mechanism) to recover from ACL lockout situations.

Key changes:

Docker Hub + GHCR dual publishing with Cosign signing and SBOM
Emergency reset endpoint POST /api/v1/emergency/security-reset
Token-based authentication bypasses Cerberus middleware
Rate limited (5/hour) with audit logging
30 new security enforcement E2E tests covering ACL, WAF, CrowdSec,
Rate Limiting, Security Headers, and Combined scenarios
Fixed container startup permission issue (tmpfs directory ownership)
Playwright config updated with testIgnore for browser projects
Security: Token via CHARON_EMERGENCY_TOKEN env var (32+ chars recommended)
Tests: 689 passed, 86% backend coverage, 85% frontend coverage

2026-01-25 20:14:06 +00:00

1 2

52 Commits