Skip to content

Commit f5f6dc1

Browse files
DevOpsMadDogclaude
andcommitted
log: v66 deployed; confirmed signup->login works without email verification
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
1 parent f75d8e0 commit f5f6dc1

1 file changed

Lines changed: 2 additions & 0 deletions

File tree

docs/ralph_progress.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -552,3 +552,5 @@ tick267 (2026-06-22, ralph-c2) — SPEC-030 deeper tenancy: org_id retrofit into
552552
tick269 (2026-06-22, ralph-c2) — SPEC-034 SCOPE GAP CLOSED (suite-attack/api): my batches+gate only scanned suite-api+suite-core; suite-attack/api was a THIRD router location with org_id=Query. cspm_router+dast_router were already converted (correct edits, verified import OK); converted fail_router (6 org_id=Query incl required/optional -> Depends(get_org_id)). Extended tests/test_no_org_id_query_param.py _ROOTS to include suite-attack/api -> gate now covers all 3 locations, passes. Verified: create_app 8346, cspm/dast/fail tests 338 passed. Also untracked transient suite-ui/.omc/ plugin state (gitignored). SPEC-034 truly complete across all router locations.
553553

554554
tick270 (2026-06-23, ralph-c4) — CSPM NO-MOCKS (#9108 founder-gated) RESOLVED: cspm_connector fabricated prowler/checkov/trivy/cloudsploit sample findings into the pipeline when no real CLI present. Gated all 4 fallbacks behind FIXOPS_CSPM_DEMO (helper _cspm_demo_mode); default is now HONEST-EMPTY (prowler b"[]", checkov empty results, trivy {Results:[]}, cloudsploit []), with result.errors noting "set FIXOPS_CSPM_DEMO=1 for sample data". Updated tests: connector fixture sets the demo flag (its purpose = sample path); renamed test_..._uses_fallback -> test_..._demo_mode_serves_samples; ADDED test_scan_tenant_honest_empty_without_demo_flag (asserts 0 fabricated findings, NO-MOCKS default); test_real_checkov skips honestly when the (broken on this box) checkov CLI cannot run instead of demanding a fabricated floor. Verified: 57 passed/1 skipped + test_no_fake_cspm green, create_app 8346. The behavior-changing founder-gated CSPM fabrication is now opt-in-demo only.
555+
556+
tick271 (2026-06-23, ralph-c4) — v66 deployed (CSPM honest-empty + suite-attack tenancy live). Verified deployed-login flow: signup (POST /api/v1/auth/signup) creates user status=active + email_verified=False; auth_login (801) only 403s if status!=active (855) -> email verification does NOT block login. So signup->login works WITHOUT email (no SMTP needed). The curl "Invalid API token" = that key not in deployed DB; correct path is UI signup (mints org key, shown once) then email/password login.

0 commit comments

Comments
 (0)