- Added a reset of the models.Setting struct before querying for settings in both the Manager and Cerberus components to avoid ID leakage from previous queries.
- Introduced new functions in Cerberus for checking admin authentication and admin whitelist status.
- Enhanced middleware logic to allow admin users to bypass ACL checks if their IP is whitelisted.
- Added tests to verify the behavior of the middleware with respect to ACLs and admin whitelisting.
- Created a new utility for checking if an IP is in a CIDR list.
- Updated various services to use `Where` clause for fetching records by ID instead of directly passing the ID to `First`, ensuring consistency in query patterns.
- Added comprehensive tests for settings queries to demonstrate and verify the fix for ID leakage issues.
- Introduced a new document detailing the remediation plan for E2E security enforcement failures, including root cause analysis and proposed fixes for identified issues.
- Updated the implementation README to include the GORM Security Scanner documentation.
- Replaced the existing GitHub Actions E2E Trigger Investigation Plan with a comprehensive GORM ID Leak Security Vulnerability Fix plan, outlining the critical security bug, its impact, and a structured implementation plan for remediation.
- Revised the QA report to reflect the status of the GORM security fixes, highlighting the critical vulnerabilities found during the Docker image scan and the necessary actions to address them.
- Introduced a new script `scan-gorm-security.sh` to detect GORM security issues and common mistakes.
- Added a pre-commit hook `gorm-security-check.sh` to run the security scanner before commits.
- Enhanced `go-test-coverage.sh` to capture and display test failure summaries.
Bypassed security-tests and security-teardown to isolate whether
ACL/rate limiting enforcement is causing shard failures.
Commented out security-tests project in playwright.config.js
Commented out security-teardown project
Removed security-tests dependency from browser projects
Test flow now: setup → chromium/firefox/webkit (direct)
This is a diagnostic change. Based on results:
If tests pass → security teardown is failing
If tests fail → investigate database/environment issues
References: PR #550
Ensured that Playwright E2E shards reuse the pre-built Docker artifact
instead of triggering a full multi-stage build.
Added explicit image tag to docker-compose.playwright.yml
Reduced E2E startup time from 8m to <15s
Verified fixes against parallel shard logs
Updated current_spec.md with investigation details
Add missing emergency token environment variable to all E2E test workflows to
fix security teardown failures in CI. Without this token, the emergency reset
endpoint returns 501 "not configured", causing test teardown to fail and
leaving ACL enabled, which blocks 83 subsequent tests.
Changes:
Add CHARON_EMERGENCY_TOKEN to docker-build.yml test-image job
Add CHARON_EMERGENCY_TOKEN to e2e-tests.yml e2e-tests job
Add CHARON_EMERGENCY_TOKEN to playwright.yml playwright job
Verified:
Docker build strategy already optimal (build once, push to both GHCR + Docker Hub)
Testing strategy correct (test once by digest, validates both registries)
All workflows now have environment parity with local development setup
Requires GitHub repository secret:
Name: CHARON_EMERGENCY_TOKEN
Value: 64-char hex token (e.g., from openssl rand -hex 32)
Related:
Emergency endpoint rate limiting removal (proper fix)
Local emergency token configuration (.env, docker-compose.local.yml)
Security test suite teardown mechanism
Refs #550
