fix: clear all addressable technical debt (DEBT-005 through DEBT-025)
Security:
- DEBT-008: remove query-string token auth; header-only Bearer now enforced
- DEBT-013: add regex constraint ^[a-z0-9\-]{1,64}$ on decky_name path param
- DEBT-015: stop leaking raw exception detail to API clients; log server-side
- DEBT-016: validate search (max_length=512) and datetime params with regex
Reliability:
- DEBT-014: wrap SSE event_generator in try/except; yield error frame on failure
- DEBT-017: emit log.warning/error on DB init retry; silent failures now visible
Observability / Docs:
- DEBT-020: add 401/422 response declarations to all route decorators
Infrastructure:
- DEBT-018: add HEALTHCHECK to all 24 template Dockerfiles
- DEBT-019: add USER decnet + setcap cap_net_bind_service to all 24 Dockerfiles
- DEBT-024: bump Redis template version 7.0.12 → 7.2.7
Config:
- DEBT-012: validate DECNET_API_PORT and DECNET_WEB_PORT range (1-65535)
Code quality:
- DEBT-010: delete 22 duplicate decnet_logging.py copies; deployer injects canonical
- DEBT-022: closed as false positive (print only in module docstring)
- DEBT-009: closed as false positive (templates already use structured syslog_line)
Build:
- DEBT-025: generate requirements.lock via pip freeze
Testing:
- DEBT-005/006/007: comprehensive test suite added across tests/api/
- conftest: in-memory SQLite + StaticPool + monkeypatched session_factory
- fuzz mark added; default run excludes fuzz; -n logical parallelism
DEBT.md updated: 23/25 items closed; DEBT-011 (Alembic) and DEBT-023 (digest pinning) remain
This commit is contained in:
83
requirements.lock
Normal file
83
requirements.lock
Normal file
@@ -0,0 +1,83 @@
|
||||
aiosqlite==0.22.1
|
||||
annotated-doc==0.0.4
|
||||
annotated-types==0.7.0
|
||||
anyio==4.13.0
|
||||
attrs==26.1.0
|
||||
bandit==1.9.4
|
||||
bcrypt==5.0.0
|
||||
boolean.py==5.0
|
||||
CacheControl==0.14.4
|
||||
certifi==2026.2.25
|
||||
charset-normalizer==3.4.7
|
||||
click==8.3.2
|
||||
cyclonedx-python-lib==11.7.0
|
||||
defusedxml==0.7.1
|
||||
docker==7.1.0
|
||||
execnet==2.1.2
|
||||
fastapi==0.135.3
|
||||
filelock==3.25.2
|
||||
freezegun==1.5.5
|
||||
graphql-core==3.2.8
|
||||
greenlet==3.4.0
|
||||
h11==0.16.0
|
||||
harfile==0.4.0
|
||||
httpcore==1.0.9
|
||||
httpx==0.28.1
|
||||
hypothesis==6.151.12
|
||||
hypothesis-graphql==0.12.0
|
||||
hypothesis-jsonschema==0.23.1
|
||||
idna==3.11
|
||||
iniconfig==2.3.0
|
||||
Jinja2==3.1.6
|
||||
jsonschema==4.26.0
|
||||
jsonschema_rs==0.45.1
|
||||
jsonschema-specifications==2025.9.1
|
||||
junit-xml==1.9
|
||||
license-expression==30.4.4
|
||||
markdown-it-py==4.0.0
|
||||
MarkupSafe==3.0.3
|
||||
mdurl==0.1.2
|
||||
msgpack==1.1.2
|
||||
packageurl-python==0.17.6
|
||||
packaging==26.0
|
||||
pip-api==0.0.34
|
||||
pip_audit==2.10.0
|
||||
pip-requirements-parser==32.0.1
|
||||
platformdirs==4.9.4
|
||||
pluggy==1.6.0
|
||||
psutil==7.2.2
|
||||
pydantic==2.12.5
|
||||
pydantic_core==2.41.5
|
||||
Pygments==2.20.0
|
||||
PyJWT==2.12.1
|
||||
pyparsing==3.3.2
|
||||
pyrate-limiter==4.1.0
|
||||
py-serializable==2.1.0
|
||||
pytest==9.0.3
|
||||
pytest-xdist==3.8.0
|
||||
python-dateutil==2.9.0.post0
|
||||
python-dotenv==1.2.2
|
||||
PyYAML==6.0.3
|
||||
referencing==0.37.0
|
||||
requests==2.33.1
|
||||
rich==14.3.3
|
||||
rpds-py==0.30.0
|
||||
ruff==0.15.9
|
||||
schemathesis==4.15.0
|
||||
shellingham==1.5.4
|
||||
six==1.17.0
|
||||
sortedcontainers==2.4.0
|
||||
SQLAlchemy==2.0.49
|
||||
sqlmodel==0.0.38
|
||||
starlette==1.0.0
|
||||
starlette-testclient==0.4.1
|
||||
stevedore==5.7.0
|
||||
tenacity==9.1.4
|
||||
tomli==2.4.1
|
||||
tomli_w==1.2.0
|
||||
typer==0.24.1
|
||||
typing_extensions==4.15.0
|
||||
typing-inspection==0.4.2
|
||||
urllib3==2.6.3
|
||||
uvicorn==0.44.0
|
||||
Werkzeug==3.1.8
|
||||
Reference in New Issue
Block a user