Charon

akanealw/Charon

Fork 0

Commit Graph

Author	SHA1	Message	Date
GitHub Actions	892b89fc9d	feat: break-glass security reset Implement dual-registry container publishing to both GHCR and Docker Hub for maximum distribution reach. Add emergency security reset endpoint ("break-glass" mechanism) to recover from ACL lockout situations. Key changes: Docker Hub + GHCR dual publishing with Cosign signing and SBOM Emergency reset endpoint POST /api/v1/emergency/security-reset Token-based authentication bypasses Cerberus middleware Rate limited (5/hour) with audit logging 30 new security enforcement E2E tests covering ACL, WAF, CrowdSec, Rate Limiting, Security Headers, and Combined scenarios Fixed container startup permission issue (tmpfs directory ownership) Playwright config updated with testIgnore for browser projects Security: Token via CHARON_EMERGENCY_TOKEN env var (32+ chars recommended) Tests: 689 passed, 86% backend coverage, 85% frontend coverage	2026-01-25 20:14:06 +00:00
GitHub Actions	103f0e0ae9	fix: resolve WAF integration failure and E2E ACL deadlock Fix integration scripts using wget-style curl options after Alpine→Debian migration (PR #550). Add Playwright security test helpers to prevent ACL from blocking subsequent tests. Fix curl syntax in 5 scripts: -q -O- → -sf Create security-helpers.ts with state capture/restore Add emergency ACL reset to global-setup.ts Fix fixture reuse bug in security-dashboard.spec.ts Add security-helpers.md usage guide Resolves WAF workflow "httpbin backend failed to start" error	2026-01-25 14:09:38 +00:00
GitHub Actions	d6b68ce81a	chore(e2e): implement Phase 6 integration testing with agent skills Complete Phase 6 of Playwright E2E testing plan with comprehensive integration tests covering cross-feature workflows and system integration. Integration Tests Added: proxy-acl-integration.spec.ts - ACL with proxy host integration proxy-certificate.spec.ts - SSL certificate lifecycle tests proxy-dns-integration.spec.ts - DNS challenge provider integration security-suite-integration.spec.ts - Cerberus security suite tests backup-restore-e2e.spec.ts - Full backup/restore workflow import-to-production.spec.ts - Caddyfile/CrowdSec import flows multi-feature-workflows.spec.ts - Complex multi-step scenarios Agent Skills Created: docker-rebuild-e2e.SKILL.md - Rebuild E2E Docker environment test-e2e-playwright-debug.SKILL.md - Run/debug Playwright tests Supporting scripts for skill execution Test Infrastructure Improvements: TestDataManager for namespace-based test isolation Fixed route paths: /backups → /tasks/backups Domain uniqueness via UUID namespacing Improved selector reliability with role-based queries Results: 648 tests passing, 98 skipped, 97.5% statement coverage	2026-01-24 22:22:39 +00:00

Author

SHA1

Message

Date

GitHub Actions

892b89fc9d

feat: break-glass security reset

Implement dual-registry container publishing to both GHCR and Docker Hub
for maximum distribution reach. Add emergency security reset endpoint
("break-glass" mechanism) to recover from ACL lockout situations.

Key changes:

Docker Hub + GHCR dual publishing with Cosign signing and SBOM
Emergency reset endpoint POST /api/v1/emergency/security-reset
Token-based authentication bypasses Cerberus middleware
Rate limited (5/hour) with audit logging
30 new security enforcement E2E tests covering ACL, WAF, CrowdSec,
Rate Limiting, Security Headers, and Combined scenarios
Fixed container startup permission issue (tmpfs directory ownership)
Playwright config updated with testIgnore for browser projects
Security: Token via CHARON_EMERGENCY_TOKEN env var (32+ chars recommended)
Tests: 689 passed, 86% backend coverage, 85% frontend coverage

2026-01-25 20:14:06 +00:00

GitHub Actions

103f0e0ae9

fix: resolve WAF integration failure and E2E ACL deadlock

Fix integration scripts using wget-style curl options after Alpine→Debian
migration (PR #550). Add Playwright security test helpers to prevent ACL
from blocking subsequent tests.

Fix curl syntax in 5 scripts: -q -O- → -sf
Create security-helpers.ts with state capture/restore
Add emergency ACL reset to global-setup.ts
Fix fixture reuse bug in security-dashboard.spec.ts
Add security-helpers.md usage guide
Resolves WAF workflow "httpbin backend failed to start" error

2026-01-25 14:09:38 +00:00

GitHub Actions

d6b68ce81a

chore(e2e): implement Phase 6 integration testing with agent skills

Complete Phase 6 of Playwright E2E testing plan with comprehensive
integration tests covering cross-feature workflows and system integration.

Integration Tests Added:

proxy-acl-integration.spec.ts - ACL with proxy host integration
proxy-certificate.spec.ts - SSL certificate lifecycle tests
proxy-dns-integration.spec.ts - DNS challenge provider integration
security-suite-integration.spec.ts - Cerberus security suite tests
backup-restore-e2e.spec.ts - Full backup/restore workflow
import-to-production.spec.ts - Caddyfile/CrowdSec import flows
multi-feature-workflows.spec.ts - Complex multi-step scenarios
Agent Skills Created:

docker-rebuild-e2e.SKILL.md - Rebuild E2E Docker environment
test-e2e-playwright-debug.SKILL.md - Run/debug Playwright tests
Supporting scripts for skill execution
Test Infrastructure Improvements:

TestDataManager for namespace-based test isolation
Fixed route paths: /backups → /tasks/backups
Domain uniqueness via UUID namespacing
Improved selector reliability with role-based queries
Results: 648 tests passing, 98 skipped, 97.5% statement coverage

2026-01-24 22:22:39 +00:00

3 Commits