- Implemented `diagnose-crowdsec.sh` script for checking CrowdSec connectivity and configuration.
- Added E2E tests for CrowdSec console enrollment, including API checks for enrollment status, diagnostics connectivity, and configuration validation.
- Created E2E tests for CrowdSec diagnostics, covering configuration file validation, connectivity checks, and configuration export.
- Added a reset of the models.Setting struct before querying for settings in both the Manager and Cerberus components to avoid ID leakage from previous queries.
- Introduced new functions in Cerberus for checking admin authentication and admin whitelist status.
- Enhanced middleware logic to allow admin users to bypass ACL checks if their IP is whitelisted.
- Added tests to verify the behavior of the middleware with respect to ACLs and admin whitelisting.
- Created a new utility for checking if an IP is in a CIDR list.
- Updated various services to use `Where` clause for fetching records by ID instead of directly passing the ID to `First`, ensuring consistency in query patterns.
- Added comprehensive tests for settings queries to demonstrate and verify the fix for ID leakage issues.
- Implemented `useManualChallenge`, `useChallengePoll`, and `useManualChallengeMutations` hooks for managing manual DNS challenges.
- Created tests for the `useManualChallenge` hooks to ensure correct fetching and mutation behavior.
- Added `ManualDNSChallenge` component for displaying challenge details and actions.
- Developed end-to-end tests for the Manual DNS Provider feature, covering provider selection, challenge UI, and accessibility compliance.
- Included error handling tests for verification failures and network errors.
- Add gotestsum for real-time test progress visibility
- Parallelize 174 tests across 14 files for faster execution
- Add -short mode support skipping 21 heavy integration tests
- Create testutil/db.go helper for future transaction rollbacks
- Fix data race in notification_service_test.go
- Fix 4 CrowdSec LAPI test failures with permissive validator
Performance improvements:
- Tests now run in parallel (174 tests with t.Parallel())
- Quick feedback loop via -short mode
- Zero race conditions detected
- Coverage maintained at 87.7%
Closes test optimization initiative
- Replace Go interface{} with any (Go 1.18+ standard)
- Add database indexes to frequently queried model fields
- Add JSDoc documentation to frontend API client methods
- Remove deprecated docker-compose version keys
- Add concurrency groups to all 25 GitHub Actions workflows
- Add YAML front matter and fix H1→H2 headings in docs
Coverage: Backend 85.5%, Frontend 87.73%
Security: No vulnerabilities detected
Refs: docs/plans/instruction_compliance_spec.md
Implement complete workflow for assigning security header profiles
to proxy hosts via dropdown selector in ProxyHostForm.
Backend Changes:
- Add security_header_profile_id handling to proxy host update endpoint
- Add SecurityHeaderProfile preloading in service layer
- Add 5 comprehensive tests for profile CRUD operations
Frontend Changes:
- Add Security Headers section to ProxyHostForm with dropdown
- Group profiles: System Profiles (presets) vs Custom Profiles
- Remove confusing "Apply" button from SecurityHeaders page
- Rename section to "System Profiles (Read-Only)" for clarity
- Show security score inline when profile selected
UX Improvements:
- Clear workflow: Select profile → Assign to host → Caddy applies
- No more confusion about what "Apply" does
- Discoverable security header assignment
- Visual distinction between presets and custom profiles
Tests: Backend 85.6%, Frontend 87.21% coverage
Docs: Updated workflows in docs/features.md
- Add PRAGMA quick_check on startup with warning log if corrupted
- Add corruption sentinel helpers for structured error detection
- Add backup retention (keep last 7, auto-cleanup after daily backup)
- Add GET /api/v1/health/db endpoint for orchestrator health checks
Prevents silent data loss and enables proactive corruption detection.
- Add scripts/db-recovery.sh for database integrity check and recovery
- Enable WAL mode verification with logging on startup
- Add structured error logging to uptime handlers with monitor context
- Add comprehensive database maintenance documentation
Fixes heartbeat history showing "No History Available" due to database
corruption affecting 6 out of 14 monitors.
- Created `qa-test-output-after-fix.txt` and `qa-test-output.txt` to log results of certificate page authentication tests.
- Added `build.sh` for deterministic backend builds in CI, utilizing `go list` for efficiency.
- Introduced `codeql_scan.sh` for CodeQL database creation and analysis for Go and JavaScript/TypeScript.
- Implemented `dockerfile_check.sh` to validate Dockerfiles for base image and package manager mismatches.
- Added `sourcery_precommit_wrapper.sh` to facilitate Sourcery CLI usage in pre-commit hooks.
- Updated `coraza_integration_test.go` and `crowdsec_integration_test.go` for better logging and error handling.
- Added `ttlRemainingSeconds` to `CrowdsecHandler` to provide remaining TTL in responses.
- Improved error messages in `ApplyPreset` and `GetCachedPreset` methods for better user guidance.
- Enhanced test coverage for applying presets, including scenarios for cache misses and expired caches.
- Introduced new tests for cache refresh logic and ensured proper rollback behavior during failures.
- Updated QA report with recent testing outcomes and observations.
feat: add modular Security Dashboard implementation plan with environment-driven security service activation
fix: update go.mod and go.sum for dependency version upgrades and optimizations
feat: enable gzip compression for API responses to reduce payload size
fix: optimize SQLite connection settings for better performance and concurrency
refactor: enhance RequireAuth component with consistent loading overlay
feat: configure global query client with optimized defaults for performance in main.tsx
refactor: replace health check useEffect with React Query for improved caching and auto-refresh
build: add code splitting in vite.config.ts for better caching and parallel loading
- Implemented Settings page for changing user passwords with validation and feedback.
- Created Setup page for initial admin account setup with form handling and navigation.
- Added API service layer for handling requests related to proxy hosts, remote servers, and import functionality.
- Introduced mock data for testing purposes and set up testing framework with vitest.
- Configured Tailwind CSS for styling and Vite for development and build processes.
- Added scripts for Dockerfile validation, Python syntax checking, and Sourcery integration.
- Implemented release and coverage scripts for better CI/CD practices.
- Deleted Settings.tsx and Setup.tsx pages, which included functionality for changing passwords and setting up an admin account.
- Removed associated test files for Setup page.
- Eliminated API service definitions related to proxy hosts, remote servers, import functionality, and health checks.
- Cleaned up mock data and test setup files.
- Removed configuration files for TypeScript, Vite, and Tailwind CSS.
- Deleted scripts for testing coverage, release management, Dockerfile validation, and Python compilation checks.
- Removed Sourcery pre-commit wrapper script.
- Deleted Caddy configuration types and validation logic from the backend.
- Removed associated test files for validation.
- Cleaned up related service and model files that are no longer needed.
- Removed unnecessary environment configuration and database connection code.
- Eliminated unused models related to access control, SSL certificates, and user management.
- Cleaned up node modules by removing unnecessary binaries.
- Add ProxyHost, CaddyConfig, RemoteServer, SSL, AccessList, User, Setting, ImportSession models
- Implement ProxyHostService and RemoteServerService with domain/name uniqueness validation
- Add Caddyfile import handler with conflict detection and user review workflow
- Create ProxyHostHandler and RemoteServerHandler with full CRUD operations
- Wire up Gin/GORM/SQLite dependencies and create missing internal packages
- Add database connection layer, server routing, and version info
- Update routes to register all new handlers and auto-migrate models
- Configure import environment variables and mount points
Addresses Issue #5 (data persistence) and Issue #43 (remote servers)
Backend now compiles cleanly with go build
