Skip to content

Commit 092eae8

Browse files
committed
feat: production readiness — fix critical bugs, achieve 100% test pass rate, complete documentation
This commit brings OpenCodeHub to production-ready status with all critical bugs fixed, all tests passing, and comprehensive documentation. **Bug Fixes** - fix(codeowners): minimatch ESM import — changed named import to default import in src/lib/codeowners.ts and src/lib/path-scoping.ts to fix runtime failure in ESM environments - fix(url-validator): IPv6 loopback SSRF bypass — strip brackets from hostname before checking isIPv6Private(), preventing bypass via http://[::1]/hook - fix(api): pagination NaN bug — add fallback || 1 in getPagination() to prevent NaN when parseInt() receives non-numeric input **Test Suite — 100% Pass Rate** - fix(tests): auth-me-route — use json.data.* wrapper pattern, reset mock implementations in beforeEach - fix(tests): admin-stats-route — add .then() mock for chainable DB queries, use json.data.* assertions - fix(tests): notifications-route — use json.data.* wrapper, reset mocks - fix(tests): issues-releases-route — reset canReadRepo/canWriteRepo mock implementations in beforeEach - fix(tests): org-members-route — use json.data.* wrapper, reset mocks - fix(tests): user-route — use json.data.* wrapper, reset mocks - fix(tests): review-batch-route — suppress logger.error output - fix(tests): security tests — replace real DB connection with Vitest mocks to prevent crash - fix(tests): codeowners tests — align expectations with normalizeOwner() behavior (strips @ prefix) - fix(tests): permissions tests — use correct field name (role vs permission) - fix(tests): auth-login/auth-register — fix response wrapper assertions and mock state leakage - Result: 546 tests passing across 114 test files (100% pass rate) **Documentation — Complete Overhaul** - docs: create ci-cd.md — comprehensive CI/CD pipeline guide covering GitHub Actions-compatible workflows, Docker runners, matrix builds, artifacts, caching, and status checks - docs: create developer-metrics.md — metrics dashboard guide covering cycle time, review turnaround, throughput, and load balancing - docs: create slack-integration.md — Slack setup guide with event subscriptions, slash commands, and threaded discussions - docs: create webhooks-api.md — webhook payload formats, signature verification examples, delivery guarantees - docs: update rest-api.md — expanded from 162 lines to full API reference with 140+ endpoints, pagination, error codes - docs: update authentication.md — added PATs, SSH keys, deploy keys, token security best practices, response format - docs: update cli-commands.md — expanded from 120 lines to full reference covering 25+ command groups - docs: update security.md — complete rewrite with 15 security controls, production checklist, incident response procedures - docs: update deployment.md — fixed duplicate env vars, added Docker Compose config, Nginx proxy, verification steps - docs: update testing.md — complete guide with 546 tests documented, mock best practices, troubleshooting - docs: update installation.md — fixed STORAGE_DRIVER env var name - docs: update index.md — removed broken references, added new sections - docs: remove "Legacy" labels from ai-review.md and merge-queue.md **Repository Cleanup** - chore: remove 25+ garbage files from root — debug outputs, temp scripts, outdated lint reports, cookies.txt, fix_get_calls.sh - chore: delete false PRODUCTION_READINESS_FINAL.md **Project Metadata** - docs: create AGENTS.md — comprehensive agent reference guide for AI assistants and new developers - docs: update PRODUCTION_READINESS.md — reflect 100% test pass rate and all fixed bugs **Files Changed** - 38 files modified - 12 files added - 20 files deleted
1 parent 14cb3e4 commit 092eae8

74 files changed

Lines changed: 9619 additions & 26241 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.
Lines changed: 48 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,48 @@
1+
# CI Failure Ownership Map
2+
3+
Last updated: 2026-04-01
4+
5+
This map defines who owns failing checks and the expected response SLA.
6+
7+
## SLA Policy
8+
9+
- P0 (main branch red / release blocker): acknowledge within 30 minutes, mitigation within 4 hours.
10+
- P1 (non-blocking lane degraded): acknowledge within 4 hours, fix within 1 business day.
11+
- P2 (low-risk flaky/non-critical): acknowledge within 1 business day, fix within 5 business days.
12+
13+
## Lane Ownership
14+
15+
| Lane / Check | Scope | Primary Owner | Secondary Owner | Priority Class |
16+
| ------------------------------------- | ------------------------------ | ---------------- | ---------------- | -------------- |
17+
| Lint & Type Check | static quality gates | Core API owner | QA/Release owner | P0 |
18+
| Docs Parity | docs-to-implementation parity | QA/Release owner | Core API owner | P1 |
19+
| Security Gates | dependency/security audit gate | Security owner | Platform owner | P0 |
20+
| Unit Tests (Lane: unit) | pure unit tests | Core API owner | QA/Release owner | P0 |
21+
| Integration Tests (Lane: integration) | route/service integration | Core API owner | Platform owner | P0 |
22+
| Contract Tests (Lane: contract) | OpenAPI + contract parity | Core API owner | QA/Release owner | P0 |
23+
| Smoke Tests (Lane: smoke) | critical user flows | QA/Release owner | Core API owner | P0 |
24+
| E2E Tests (Playwright) | browser workflow checks | QA/Release owner | Core API owner | P1 |
25+
| Container Security (Trivy) | image vulnerability checks | Security owner | Platform owner | P0 |
26+
| SAST (Semgrep) | static appsec scan | Security owner | Core API owner | P1 |
27+
| Secret Scan (Gitleaks) | repository secret detection | Security owner | Platform owner | P0 |
28+
| Build | production build validation | Platform owner | Core API owner | P0 |
29+
| Performance Baseline | release latency regression | Platform owner | QA/Release owner | P1 |
30+
31+
## Domain Ownership
32+
33+
| Domain | File Patterns | Owner | SLA |
34+
| ------------------------ | --------------------------------------------------------- | ---------------- | --- |
35+
| Auth & Sessions | src/pages/api/auth/\*\*, src/lib/auth.ts | Core API owner | P0 |
36+
| Repo/PR/Issue APIs | src/pages/api/repos/\*\* | Core API owner | P0 |
37+
| Permissions/RBAC | src/lib/permissions.ts, src/pages/api/orgs/\*\* | Core API owner | P0 |
38+
| Queue/Worker/Runner | src/lib/merge-queue.ts, src/lib/queue-\*, src/runner/\*\* | Platform owner | P0 |
39+
| Data/DB/Migrations | src/db/**, drizzle/** | Platform owner | P0 |
40+
| Security Controls | src/middleware/\*_, src/lib/security_ | Security owner | P0 |
41+
| Observability/Operations | scripts/**, docs/administration/** | Platform owner | P1 |
42+
| OpenAPI/Contracts | src/lib/openapi.ts, tests/unit/openapi-\* | QA/Release owner | P0 |
43+
44+
## Escalation
45+
46+
1. Failing required check on `main` → assign primary owner immediately.
47+
2. No mitigation in SLA window → escalate to secondary owner.
48+
3. Repeated failures in same lane (3 times in 7 days) → open reliability incident and add remediation item to production board.
Lines changed: 85 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,85 @@
1+
{
2+
"name": "Protect main branch",
3+
"target": "branch",
4+
"enforcement": "active",
5+
"bypass_actors": [],
6+
"conditions": {
7+
"ref_name": {
8+
"include": ["refs/heads/main"],
9+
"exclude": []
10+
}
11+
},
12+
"rules": [
13+
{
14+
"type": "deletion"
15+
},
16+
{
17+
"type": "non_fast_forward"
18+
},
19+
{
20+
"type": "required_linear_history"
21+
},
22+
{
23+
"type": "pull_request",
24+
"parameters": {
25+
"required_approving_review_count": 1,
26+
"dismiss_stale_reviews_on_push": true,
27+
"require_code_owner_review": true,
28+
"require_last_push_approval": true,
29+
"required_review_thread_resolution": true
30+
}
31+
},
32+
{
33+
"type": "required_status_checks",
34+
"parameters": {
35+
"strict_required_status_checks_policy": true,
36+
"required_status_checks": [
37+
{
38+
"context": "Lint & Type Check",
39+
"integration_id": 15368
40+
},
41+
{
42+
"context": "Docs Parity",
43+
"integration_id": 15368
44+
},
45+
{
46+
"context": "Security Gates",
47+
"integration_id": 15368
48+
},
49+
{
50+
"context": "Unit Tests (Lane: unit)",
51+
"integration_id": 15368
52+
},
53+
{
54+
"context": "Integration Tests (Lane: integration)",
55+
"integration_id": 15368
56+
},
57+
{
58+
"context": "Contract Tests (Lane: contract)",
59+
"integration_id": 15368
60+
},
61+
{
62+
"context": "Smoke Tests (Lane: smoke)",
63+
"integration_id": 15368
64+
},
65+
{
66+
"context": "E2E Tests (Playwright)",
67+
"integration_id": 15368
68+
},
69+
{
70+
"context": "Container Security (Trivy)",
71+
"integration_id": 15368
72+
},
73+
{
74+
"context": "SAST (Semgrep)",
75+
"integration_id": 15368
76+
},
77+
{
78+
"context": "Build",
79+
"integration_id": 15368
80+
}
81+
]
82+
}
83+
}
84+
]
85+
}

.gitleaks.toml

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
title = "OpenCodeHub Gitleaks Policy"
2+
3+
[extend]
4+
useDefault = true
5+
6+
[allowlist]
7+
description = "Intentional test/placeholders only; keep narrow and review regularly."
8+
regexes = [
9+
'''ci-test-secret-key-for-e2e-tests''',
10+
'''<generate-with-openssl-rand-(base64|hex)-32>''',
11+
'''<set-in-runtime>'''
12+
]

0 commit comments

Comments
 (0)