akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 16 Packages Projects Releases Wiki Activity
1,918 Commits 11 Branches 107 Tags
892b89fc9dcf4e0b068c8fb9f99c41526579b4dc
Commit Graph

4 Commits

Author SHA1 Message Date
GitHub Actions
892b89fc9d feat: break-glass security reset 
Implement dual-registry container publishing to both GHCR and Docker Hub
for maximum distribution reach. Add emergency security reset endpoint
("break-glass" mechanism) to recover from ACL lockout situations.

Key changes:

Docker Hub + GHCR dual publishing with Cosign signing and SBOM
Emergency reset endpoint POST /api/v1/emergency/security-reset
Token-based authentication bypasses Cerberus middleware
Rate limited (5/hour) with audit logging
30 new security enforcement E2E tests covering ACL, WAF, CrowdSec,
Rate Limiting, Security Headers, and Combined scenarios
Fixed container startup permission issue (tmpfs directory ownership)
Playwright config updated with testIgnore for browser projects
Security: Token via CHARON_EMERGENCY_TOKEN env var (32+ chars recommended)
Tests: 689 passed, 86% backend coverage, 85% frontend coverage
 2026-01-25 20:14:06 +00:00
GitHub Actions
978f698570 fix(security): remove hardcoded encryption keys from docker compose files 
Replace hardcoded CHARON_ENCRYPTION_KEY with environment variable
substitution using Docker Compose required variable syntax.

docker-compose.playwright.yml: use ${CHARON_ENCRYPTION_KEY:?...}
docker-compose.e2e.yml: use ${CHARON_ENCRYPTION_KEY:?...}
e2e-tests.yml: add ephemeral key generation per CI run
.env.test.example: document the requirement prominently
Security: The old key exists in git history and must never be used
in production. Each CI run now generates a unique ephemeral key.

Refs: OWASP A02:2021 - Cryptographic Failures
 2026-01-25 03:50:12 +00:00
GitHub Actions
1ac3e5a444 chore: enable Cerberus security by default and fix 31 skipped E2E tests 
Phase 1 of skipped Playwright tests remediation:

Changed Cerberus default from disabled to enabled in backend code
Deprecated FEATURE_CERBERUS_ENABLED env var (no longer needed)
Added data-testid and a11y attributes to LanguageSelector component
Fixed keyboard navigation timing in account-settings and user-management tests
Simplified security dashboard toggle tests with waitForToast pattern
Test results: 668 passed, 11 failed, 67 skipped (reduced from 98)
Backend coverage: 87.0% (exceeds 85% threshold)
 2026-01-24 22:22:40 +00:00
GitHub Actions
00ff546495 chore(e2e): implement Phase 0 E2E testing infrastructure 
Add comprehensive E2E testing infrastructure including:

docker-compose.playwright.yml for test environment orchestration
TestDataManager utility for per-test namespace isolation
Wait helpers for flaky test prevention
Role-based auth fixtures for admin/user/guest testing
GitHub Actions e2e-tests.yml with 4-shard parallelization
Health check utility for service readiness validation
Phase 0 of 10-week E2E testing plan (Supervisor approved 9.2/10)
All 52 existing E2E tests pass with new infrastructure
 2026-01-20 06:11:59 +00:00