Auto PR: testing → main #3
Reference in New Issue
Block a user
Delete Branch "testing"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
All CI and security checks passed on both dev and testing. Review and merge when ready.
f8a9f8fc64d344e4c8bb- decnet/env.py: DECNET_JWT_SECRET and DECNET_ADMIN_PASSWORD are now required env vars; startup raises ValueError if unset or set to a known-bad default ("admin", "password", etc.) - decnet/env.py: add DECNET_CORS_ORIGINS (comma-separated, defaults to http://localhost:8080) replacing the previous allow_origins=["*"] - decnet/web/api.py: use DECNET_CORS_ORIGINS and tighten allow_methods and allow_headers to explicit lists - tests/conftest.py: set required env vars at module level so test collection works without real credentials - tests/test_web_api.py, test_web_api_fuzz.py: use DECNET_ADMIN_PASSWORD from env instead of hardcoded "admin" Closes DEBT-001, DEBT-002, DEBT-004Security: - DEBT-008: remove query-string token auth; header-only Bearer now enforced - DEBT-013: add regex constraint ^[a-z0-9\-]{1,64}$ on decky_name path param - DEBT-015: stop leaking raw exception detail to API clients; log server-side - DEBT-016: validate search (max_length=512) and datetime params with regex Reliability: - DEBT-014: wrap SSE event_generator in try/except; yield error frame on failure - DEBT-017: emit log.warning/error on DB init retry; silent failures now visible Observability / Docs: - DEBT-020: add 401/422 response declarations to all route decorators Infrastructure: - DEBT-018: add HEALTHCHECK to all 24 template Dockerfiles - DEBT-019: add USER decnet + setcap cap_net_bind_service to all 24 Dockerfiles - DEBT-024: bump Redis template version 7.0.12 → 7.2.7 Config: - DEBT-012: validate DECNET_API_PORT and DECNET_WEB_PORT range (1-65535) Code quality: - DEBT-010: delete 22 duplicate decnet_logging.py copies; deployer injects canonical - DEBT-022: closed as false positive (print only in module docstring) - DEBT-009: closed as false positive (templates already use structured syslog_line) Build: - DEBT-025: generate requirements.lock via pip freeze Testing: - DEBT-005/006/007: comprehensive test suite added across tests/api/ - conftest: in-memory SQLite + StaticPool + monkeypatched session_factory - fuzz mark added; default run excludes fuzz; -n logical parallelism DEBT.md updated: 23/25 items closed; DEBT-011 (Alembic) and DEBT-023 (digest pinning) remain_load_service_container_names() reads decnet-state.json and builds the exact set of expected container names ({decky}-{service}). is_service_container() and is_service_event() do a direct set lookup — no regex, no label inspection, no heuristics.fixed in: Merge pull request 'fix/merge-testing-to-main' (#4) from fix/merge-testing-to-main into main
closing.
Pull request closed