Dev #107
Open
Dev #107
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
uwsgi (which serves user service on :4100) might not handle HTTP/2 well. Force reqwest to use HTTP/1.1 only to prevent connection resets.
…figs conflict resolved httpv1
- Config files now write to {base}/{app_code}/{file_name} instead of
{base}/{app_code}/config/{file_name}
- Aligns with docker-compose volume mounts (e.g. telegraf.conf at
/home/trydirect/telegraf/telegraf.conf, not .../config/telegraf.conf)
User Service /me returns role='root' for admin users, but stacker Casbin policies require 'group_admin'. Add grouping rule to bridge the two role systems. This fixes 403 on /api/admin/templates.
- Add StackTemplateReview model struct
- Add list_versions_by_template() and list_reviews_by_template() DB queries
- Add GET /{id} detail_handler returning template + versions + reviews
- Register detail_handler in startup.rs admin templates scope
- Add Casbin migration for admin_service and group_admin on /api/admin/templates/:id GET
- admin_list_submitted_templates: list templates awaiting review - admin_get_template_detail: get template with versions and reviews - admin_approve_template: approve a submitted template - admin_reject_template: reject template with reason - admin_list_template_versions: list all versions of a template - admin_list_template_reviews: list review history for a template - All tools enforce admin role check (admin_service, group_admin, root)
- Add security_validator module with automated checks:
- Secret detection (AWS keys, API tokens, GitHub tokens, etc.)
- Hardcoded credential detection
- Docker syntax validation
- Malicious code detection (privileged containers, host network,
Docker socket mounts, crypto miners, curl|bash patterns)
- Risk score calculation (0-100, weighted by category)
- Add MCP tool 'admin_validate_template_security' for AI agents
- Returns automated scan results + raw stack_definition
- Includes AI review instructions for deeper semantic analysis
- Optional save_report parameter for dry-run scans
- Add REST endpoint POST /admin/templates/{id}/security-scan
- Add save_security_scan() DB query (saves as review record)
- Add Casbin migration for security-scan endpoint permissions
- Include unit tests for all security check categories
When stack_definition is a JSON object, serde_json::to_string_pretty
produces quoted keys/values ("key": "value") which broke regex
patterns designed for YAML. Added normalize_json_for_matching() that
strips JSON quoting so patterns match both formats.
- Add POST /api/templates/{id}/resubmit endpoint
- Accepts: version, stack_definition, definition_format, changelog
- Validates ownership and status (rejected/needs_changes/approved)
- Creates new version, resets status to 'submitted'
- Add resubmit_with_new_version() DB function (transactional)
- Extend submit_for_review() to also allow 'needs_changes' status
- Add Casbin migration for resubmit endpoint permissions
- Update .sqlx offline cache
- Add ansible_roles.rs with 5 MCP tools: - list_available_roles(): Catalog discovery via DB + filesystem - get_role_details(): Parse role metadata from filesystem - get_role_requirements(): OS and dependency requirements - validate_role_vars(): Pre-deployment variable validation - deploy_role(): Queue role execution on remote server - Register tools in MCP registry (42+ tools total) - Hybrid discovery: PostgREST /role endpoint + tfa/roles/ fallback - Extended timeout (5 min) for long-running deployment operations Enables AI-assisted Ansible role configuration when users select SSH deployment method in Stack Builder. Ref: ANSIBLE_ROLES_MCP_IMPLEMENTATION.md
Step 0: Pricing persistence - Add price (DOUBLE PRECISION), billing_cycle, currency columns to stack_template - Accept plan_type, price, currency in CreateTemplateRequest and UpdateTemplateRequest - Store pricing in create_draft() and update_metadata() DB functions - Migration: 20260211100000_add_pricing_to_stack_template Step 1: Fix vendor_name bug - Webhook now sends template.creator_name instead of user ID string Step 2: Enrich webhook payload - Add long_description, tech_stack, creator_name, deploy_count, view_count, approved_at, required_plan_name fields to MarketplaceWebhookPayload - Send actual price/billing_cycle/currency from DB instead of hardcoded None - Both send_template_approved and send_template_updated updated Note: sqlx offline cache (.sqlx/) needs regeneration after migration. Run: cargo sqlx prepare -- --lib
feat: add pricing columns to stack_template + enrich webhook payload
All 7 test payloads now include: long_description, tech_stack, creator_name, deploy_count, view_count, approved_at, required_plan_name
…late test initializers
…e test initializers
added 2 commits
February 11, 2026 17:13
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.