1bafad5a86
CI: add go mod tidy to Go agent workflow to fix missing go.sum
CI — P2 Drift (Go + Node) / agent (push) Successful in 1m42s
CI — P2 Drift (Go + Node) / saas (push) Successful in 56s
2026-03-01 07:03:51 +00:00
d7f771e712
Remove accidental cmd/main.go (real entry is cmd/drift/main.go)
CI — P2 Drift (Go + Node) / agent (push) Failing after 19s
CI — P2 Drift (Go + Node) / saas (push) Successful in 1m1s
2026-03-01 07:01:44 +00:00
bd665ea643
Trigger CI for P1 Rust and P2 Go agent
CI — P2 Drift (Go + Node) / agent (push) Failing after 26s
CI — P2 Drift (Go + Node) / saas (push) Successful in 48s
CI — P1 Route (Rust) / test (push) Failing after 7m22s
2026-03-01 06:59:03 +00:00
27a89ee2b7
Trigger CI with tsc fix
CI — P2 Drift (Go + Node) / agent (push) Failing after 3s
CI — P2 Drift (Go + Node) / saas (push) Successful in 29s
CI — P3 Alert / test (push) Successful in 40s
CI — P4 Portal / test (push) Successful in 32s
CI — P6 Run / saas (push) Successful in 30s
CI — P5 Cost / test (push) Successful in 46s
2026-03-01 06:56:00 +00:00
3e68e8871d
Trigger CI for P2-SaaS, P4, P5, P6
CI — P2 Drift (Go + Node) / agent (push) Failing after 1s
CI — P4 Portal / test (push) Failing after 17s
CI — P5 Cost / test (push) Failing after 15s
CI — P6 Run / saas (push) Failing after 15s
CI — P2 Drift (Go + Node) / saas (push) Successful in 43s
2026-03-01 06:52:14 +00:00
6403e7a3bf
Move CI workflows to repo root .gitea/workflows/ (Gitea requires root location)
...
CI — P3 Alert / test (push) Has been cancelled
CI — P5 Cost / test (push) Has been cancelled
CI — P2 Drift (Go + Node) / agent (push) Failing after 46s
CI — P2 Drift (Go + Node) / saas (push) Failing after 1m17s
CI — P4 Portal / test (push) Failing after 16s
CI — P6 Run / saas (push) Failing after 17s
CI — P1 Route (Rust) / test (push) Failing after 11m13s
- 6 per-product CI workflows with path filters
- P1: Rust (cargo test + clippy + fmt)
- P2: Go agent (go test + vet) + Node SaaS (tsc + npm test)
- P3-P6: Node (npm ci + tsc + npm test)
- Removed old per-product .gitea dirs (Gitea ignores non-root workflows)
2026-03-01 06:19:42 +00:00
b9c480c06b
Copy shared auth migration (002_auth.sql) to P1 route and P2 drift
2026-03-01 06:12:36 +00:00
5e0065e73e
Fix P2 SaaS compilation: wire dispatchNotifications correctly, add P1/P2 Dockerfiles
...
- P2 processor: use correct dispatchNotifications signature (channels, notification, severity)
- P2 processor: pass pool to withTenant, fix implicit any types
- P1 Dockerfile: multi-stage Rust build for proxy/api/worker binaries
- P2 agent Dockerfile: multi-stage Go build
- P2 SaaS package-lock.json generated
- All 6 products now compile cleanly
2026-03-01 06:10:21 +00:00
b351f2f46b
Implement P2 Resend email + PagerDuty Events v2 + Slack retry backoff
...
- Resend: HTML email with drift summary table and CTA button
- PagerDuty: Events API v2 with dedup_key, severity mapping, custom_details
- Slack: setTimeout retry on 429 rate limit instead of dropping
2026-03-01 05:51:28 +00:00
e1b22e5309
Wire up remaining TODO stubs: P3 test notifications, P2 drift notification trigger
...
- P3: test notification endpoint now instantiates real Slack/Email/Webhook notifiers
- P2: drift processor triggers notification service when drift_score > 0 (non-fatal on failure)
2026-03-01 04:14:26 +00:00
2c112b2fb1
Add vitest configs for P2-P6
2026-03-01 03:16:58 +00:00
2ceeac1a11
Add P2 SaaS CI, P4 scheduled discovery, P6 agent bridge (Redis pub/sub), Caddyfile
...
- P2: Gitea Actions CI for SaaS backend (separate from Go agent CI)
- P4: ScheduledDiscovery with Redis distributed lock to prevent concurrent scans
- P6: AgentBridge — Redis pub/sub for SaaS↔agent communication (approvals + step results)
- Caddyfile: self-hosted reverse proxy with auto-TLS for all 6 products
2026-03-01 03:16:33 +00:00
bbbea3519e
Add unit tests for P2 SaaS, P3 notifications, P4 search, P5 ingestion, P6 API
...
- P2: nonce validation, severity levels, RLS withTenant
- P3: notification dispatcher severity gating, Slack Block Kit emoji mapping
- P4: Meilisearch fallback, service CRUD validation, staged update actions
- P5: cost ingestion validation, snooze range, optimistic locking
- P6: runbook API validation, approval decisions, execution status machine, Slack signature
2026-03-01 03:15:31 +00:00
3326d9a714
Add .gitignore files for P2-P6
2026-03-01 03:14:37 +00:00
5d67de6486
Add dd0c/drift notifications, infra, CI: Slack Block Kit, Dockerfiles, Gitea Actions
...
- Notification service: Slack Block Kit (remediate/accept buttons), webhook delivery, rate limit handling
- Dispatcher with severity-based channel filtering
- Agent Dockerfile: multi-stage Go build, static binary
- SaaS Dockerfile: multi-stage Node build
- Fly.io config: scale-to-zero, shared-cpu
- Gitea Actions: Go test+vet, Node typecheck+test, cross-compile agent (linux/darwin/windows)
2026-03-01 02:46:47 +00:00
e67cef518e
Scaffold dd0c/drift SaaS backend: Fastify, RLS, ingestion, dashboard API
...
- Fastify server with Zod validation, pino logging, CORS/helmet
- Drift report ingestion endpoint with nonce replay prevention
- Dashboard API: stacks list, drift history, report detail, summary stats
- PostgreSQL schema with RLS: tenants, users, agent_keys, drift_reports, remediation_actions
- withTenant() helper for safe connection pool tenant context management
- Config via Zod-validated env vars
2026-03-01 02:45:33 +00:00
31cb36fb77
Scaffold dd0c/drift Go agent: CLI, scanner, scrubber, reporter, models
...
- cobra CLI: check (one-shot), watch (SQS consumer), version
- models: DriftReport, DriftedResource, severity classification (critical/high/medium/low)
- scanner: Terraform v4 state parser, resource counter
- scrubber: regex + Shannon entropy secret detection (strict/permissive/off modes)
- reporter: mTLS HTTP client with nonce replay prevention
- tests: severity classification (8 cases), scrubber (AWS keys, RSA, entropy, attributes)
2026-03-01 02:42:53 +00:00
72a0f26a7b
Add BMad review epic addendums for all 6 products
...
Per-product surgical additions to existing epics (not cross-cutting):
- P1 route: 8pts (key redaction, SSE billing, token math, CI runner)
- P2 drift: 12pts (mTLS revocation, state lock recovery, pgmq visibility, RLS leak, entropy scrubber)
- P3 alert: 10pts (HMAC replay, claim-check, out-of-order correlation, free tier, tenant isolation)
- P4 portal: 9pts (partial scan recovery, ownership conflicts, Meilisearch rebuild, VCR freshness, free tier)
- P5 cost: 7pts (concurrent baselines, remediation RBAC, Clock interface, property tests, Redis fallback)
- P6 run: 15pts (shell AST parsing, canary suite, intervention TTL, streaming audit, crypto signatures)
Total: 61 story points across 30 new stories
2026-03-01 02:27:55 +00:00
d038cd9c5c
Implement BMad Must-Have Before Launch fixes for all 6 products
...
P1: API key redaction, SSE billing leak, token math edge cases, CI runner config
P2: mTLS revocation lockout, terraform state lock recovery, RLS pool leak, entropy scrubber, pgmq visibility
P3: HMAC replay prevention, cross-tenant negative tests, correlation window edge cases, SQS claim-check, free tier
P4: Discovery partial failure recovery, ownership conflict integration test, VCR freshness CI, Meilisearch rebuild, Cmd+K latency
P5: Concurrent baseline conflicts, remediation RBAC, Clock interface for governance, 10K property-based runs, Redis panic fallback
P6: Cryptographic agent update signatures, streaming audit logs with WAL, shell AST parsing (mvdan/sh), intervention deadlock TTL, canary suite CI gate
2026-03-01 02:14:04 +00:00
b24cfa7c0d
BMad code reviews complete for all 6 products
...
P1 route: Gemini — 'Ship the proxy, stop writing tests for the tests'
P2 drift: Gemini — mTLS revocation, state lock corruption, RLS pool leak
P3 alert: Gemini — replay attacks, trace propagation, SQS claim-check
P4 portal: Manual — discovery reliability is existential risk
P5 cost: Manual — concurrent baselines, remediation RBAC, pricing staleness
P6 run: Gemini — policy update loophole, AST parsing, audit streaming
2026-03-01 02:09:19 +00:00
c3bafa238a
Add dual-mode deployment addendums for all 6 products
...
P1 route: 16 pts (template, full docker-compose + install script)
P2 drift: 17 pts (pgmq, local CA for mTLS)
P3 alert: 19 pts (Lambda→Fastify, DynamoDB→PG JSONB)
P4 portal: 18 pts (Step Functions→cron, Aurora→PG+pgvector)
P5 cost: 19 pts (EventBridge→agent/polling, DynamoDB→PG JSONB)
P6 run: 15 pts (easiest — already PG-native, no AWS deps in core)
Total self-hosted effort: ~104 story points across all 6 products
2026-03-01 02:00:00 +00:00
4938674c20
Phase 3: BDD acceptance specs for P2 (drift), P3 (alert), P6 (run)
...
P2: 2,245 lines, 10 epics — Sonnet subagent (8min)
P3: 1,653 lines, 10 epics — Sonnet subagent (6min)
P6: 2,303 lines, 262 scenarios, 10 epics — Sonnet subagent (7min)
P4 (portal) still in progress
2026-03-01 01:54:35 +00:00
03bfe931fc
Implement review remediation + PLG analytics SDK
...
- All 6 test architectures patched with Section 11 addendums
- P5 (cost) fully rewritten from 232 to ~600 lines
- PLG brainstorm + party mode advisory board results
- Analytics SDK v2 (PostHog Cloud, Zod strict, Lambda-safe)
- Analytics tests v2 (safeParse, no , no timestamp, no PII)
- Addresses all Gemini review findings across P1-P6
2026-03-01 01:42:49 +00:00
2fe0ed856e
Add Gemini TDD reviews for all 6 products
...
P1, P2, P3, P4, P6 reviewed by Gemini subagents.
P5 reviewed manually (Gemini credential errors).
All reviews flag coverage gaps, anti-patterns, and Transparent Factory tenet gaps.
2026-03-01 00:29:24 +00:00
5ee95d8b13
dd0c: full product research pipeline - 6 products, 8 phases each
...
Products: route, drift, alert, portal, cost, run
Phases: brainstorm, design-thinking, innovation-strategy, party-mode,
product-brief, architecture, epics (incl. Epic 10 TF compliance),
test-architecture (TDD strategy)
Brand strategy and market research included.
2026-02-28 17:35:02 +00:00
