- Updated quality-checks.yml to support manual dispatch with frontend checks.
- Modified rate-limit-integration.yml to remove workflow_run triggers and adjust conditions for execution.
- Removed pull request triggers from repo-health.yml, retaining only scheduled and manual dispatch.
- Adjusted security-pr.yml and supply-chain-pr.yml to eliminate workflow_run dependencies and refine execution conditions.
- Cleaned up supply-chain-verify.yml by removing workflow_run triggers and ensuring proper execution conditions.
- Updated waf-integration.yml to remove workflow_run triggers, allowing manual dispatch only.
- Revised current_spec.md to reflect the consolidation of CI workflows into a single pipeline, detailing objectives, research findings, and implementation plans.
- Updated design documentation to reflect the new Playwright-first approach for frontend testing, including orchestration flow and runbook notes.
- Revised requirements to align with the new frontend test iteration strategy, emphasizing E2E environment management and coverage thresholds.
- Expanded tasks to outline phased implementation for frontend testing, including Playwright E2E baseline, backend triage, and coverage validation.
- Enhanced QA report to capture frontend coverage failures and type errors, with detailed remediation steps for accessibility compliance.
- Created new security validation and accessibility remediation reports for CrowdSec configuration, addressing identified issues and implementing fixes.
- Adjusted package.json scripts to prioritize Firefox for Playwright tests.
- Added canonical links for requirements and tasks documentation.
- Removed unnecessary test.skip() calls in various test files, replacing them with comments for clarity.
- Enhanced retry logic in TestDataManager for API requests to handle rate limiting more gracefully.
- Updated security helper functions to include retry mechanisms for fetching security status and setting module states.
- Improved loading completion checks to handle page closure scenarios.
- Adjusted WebKit-specific tests to run in all browsers, removing the previous skip logic.
- General cleanup and refactoring across multiple test files to enhance readability and maintainability.
- Updated `crowdsec_handler.go` to log inaccessible paths during config export and handle permission errors gracefully.
- Modified `emergency_handler.go` to clear admin whitelist during security reset and ensure proper updates to security configurations.
- Enhanced user password update functionality in `user_handler.go` to reset failed login attempts and lockout status.
- Introduced rate limiting middleware in `cerberus` to manage request rates and prevent abuse, with comprehensive tests for various scenarios.
- Added validation for proxy host entries in `proxyhost_service.go` to ensure valid hostnames and IP addresses, including tests for various cases.
- Improved IP matching logic in `whitelist.go` to support both IPv4 and IPv6 loopback addresses.
- Updated configuration loading in `config.go` to include rate limiting parameters from environment variables.
- Added tests for new functionalities and validations to ensure robustness and reliability.
- Updated QA Security agent to use GPT-5.2-Codex and expanded toolset for enhanced functionality.
- Revised Supervisor agent to utilize GPT-5.2-Codex and improved toolset for code review processes.
- Modified architecture instructions to specify running Playwright tests with Firefox.
- Adjusted copilot instructions to run Playwright tests with Firefox as the default browser.
- Created documentation for coding best practices to ensure consistency and quality in project documentation.
- Established HTML/CSS style color guide to maintain accessible and professional design standards.
- Updated Playwright TypeScript instructions to reflect the change in default browser to Firefox.
- Enhanced testing instructions to clarify integration testing processes and default browser settings.
- Updated integration test scripts to align with CI workflows and improve clarity in execution.
- Created new integration test scripts for Cerberus, rate limiting, and WAF functionalities.
- Adjusted E2E testing scripts to default to Firefox and updated documentation accordingly.
- Modified GitHub Actions workflow to run the comprehensive integration test suite.
- Added IDs to input fields in CrowdSecConfig for better accessibility.
- Updated labels to use <label> elements for checkboxes and inputs.
- Improved error handling and user feedback in the CrowdSecConfig tests.
- Enhanced test coverage for console enrollment and banned IP functionalities.
fix: Update SecurityHeaders to include aria-label for delete button
- Added aria-label to the delete button for better screen reader support.
test: Add comprehensive tests for proxyHostsHelpers and validation utilities
- Implemented tests for formatting and help text functions in proxyHostsHelpers.
- Added validation tests for email and IP address formats.
chore: Update vitest configuration for dynamic coverage thresholds
- Adjusted coverage thresholds to be dynamic based on environment variables.
- Included additional coverage reporters.
chore: Update frontend-test-coverage script to reflect new coverage threshold
- Increased minimum coverage requirement from 85% to 87.5%.
fix: Ensure tests pass with consistent data in passwd file
- Updated tests/etc/passwd to ensure consistent content.
Attempt to auto-start Xvfb when `--ui` is requested locally, add a stable `npm run e2e:ui:headless-server` wrapper, and document the headed/headless workflows. Improves developer DX when running Playwright UI on headless Linux and provides actionable guidance when Xvfb is unavailable.
Replaced anchore/scan-action with manual grype v0.107.1 installation
Explicitly output scan results to avoid "file not found" errors
Updated parsing logic to read generated grype-results.json directly
Ensures latest vulnerability definitions are used for PR checks
Forced workflow failure if scan results are missing (prevents false negatives)
Fixed "Fail on critical" step to use calculated counts instead of missing action outputs
Added debug logging and file verification for Grype scans
Refactored shell scripts to prevent injection vulnerabilities
- Standardized E2E base URL to 127.0.0.1 to resolve cookie domain 401 errors
- Updated playwright config to strictly exclude security tests from main shards
- Refactored waitForModal helper to prevent strict mode violations on complex modals
- Fixed leak of crowdsec diagnostics tests into standard chromium project
GitHub Actions
Jeremy
renovate[bot]
github-actions[bot]