Skip to content

CHANGELOG.md

Latest commit

 

History

History
165 lines (116 loc) · 7.73 KB

CHANGELOG.md

File metadata and controls

165 lines (116 loc) · 7.73 KB

Changelog

All notable changes to this project will be documented in this file.

The format follows the recommendations of Keep a Changelog (https://keepachangelog.com) and the project aims to follow Semantic Versioning (https://semver.org).

[Unreleased]

Changed

Backend

  • Refactored authentication middleware configuration by moving detailed setup code from main.py to DualAuthService.configure_middleware() helper method for better separation of concerns and maintainability.
  • Updated import statements formatting for improved code readability (multi-line imports consolidated).

Dependencies

  • Updated neuroglia-python from 0.6.6 to 0.6.7.

Fixed

  • Fixed dependency injection for authentication middleware to properly resolve service provider.
  • Fixed configuration issues in CI workflow for Git LFS checkout to ensure GitHub Pages deployment includes LFS assets.
  • Fixed Bandit security scanner configuration to skip test directories and B101 (assert_used) check, eliminating 155 false positive warnings.

0.1.0 - 2025-11-11

Added

Testing Infrastructure

  • Comprehensive test suite with 60 tests achieving 98% coverage across domain, infrastructure, and application layers.
  • pytest.ini configuration with custom markers (unit, integration, asyncio, auth, repository, command, query, slow, smoke).
  • Test fixtures package with factories for Task, Token, and Session data generation.
  • Test mixins providing reusable patterns: AsyncTestMixin, AssertionMixin, MockHelperMixin, SessionTestMixin.
  • Domain layer tests (18 tests) validating Task entity behavior and domain events.
  • Infrastructure tests (11 tests) for InMemorySessionStore and RedisSessionStore.
  • Application layer tests (31 tests) for command handlers (create, update, delete) and query handlers (get tasks, get by id).
  • Testing documentation at docs/development/testing.md with examples and best practices.

Documentation

  • Security section (renamed from Authentication) with comprehensive authorization guide covering OAuth2/OIDC, BFF pattern, and RBAC.
  • Observability documentation split into 8 focused documents:
    • Overview: High-level introduction and navigation hub (234 lines).
    • Architecture: Technical components, data flow, and diagrams (300 lines).
    • Getting Started: Quick start guide with 4 complete workflows (379 lines).
    • Configuration: Environment variables, OTEL Collector, and backend setup (489 lines).
    • Best Practices: Naming conventions, cardinality control, sampling strategies (558 lines).
    • Troubleshooting: Common issues and solutions with diagnosis steps (616 lines).
    • Metrics Instrumentation: Complete guide to all metric types with real code examples (918 lines).
    • Tracing Instrumentation: Distributed tracing patterns and context propagation (997 lines).
  • GitHub Pages setup documentation for MkDocs deployment.
  • Makefile reference guide.

Frontend Components

  • Modular UI component structure in src/ui/src/scripts/components/:
    • dashboard.js: Task loading, CRUD operations, and workflow orchestration.
    • modals.js: Alert, confirm, and toast notification utilities.
    • permissions.js: Role-based access control helpers.
    • task-card.js: Card rendering with markdown support and collapsible behavior.
  • Component-specific SCSS stylesheets in src/ui/src/styles/components/.
  • Reusable Jinja2 template components in src/ui/src/templates/components/.
  • Task editing UI with role-based field permissions:
    • Regular users: Edit title, description, status, priority.
    • Managers: Additional assignee assignment capability.
    • Admins: Full access including department field.
  • Edit modal with markdown-enabled textarea and success toast notifications.
  • Task card collapsible interface with toggle behavior and markdown rendering.
  • Task card action icons (edit, info, delete) with Bootstrap tooltips.

Configuration

  • .vscode/copilot-context.md instructions to guide AI agents on backend, frontend, documentation, and git practices.

Changed

Backend

  • Task entity methods updated to use aggregate root pattern instead of direct state manipulation.
  • UpdateTaskCommand now properly emits domain events through aggregate methods.
  • Task entity removed attribute delegation for cleaner separation of concerns.
  • Department field support added to update command and API controllers.

Frontend

  • UI codebase reorganized into modular component structure.
  • Task cards now display assignee and department information.
  • Improved card layout with proper collapsed/expanded states.
  • Enhanced modal dialogs with scrollable content and better form visibility.

Documentation

  • Authentication section renamed to Security for broader scope.
  • Authorization Code Flow diagram corrected to show Backend-for-Frontend (BFF) pattern.
  • Observability documentation backend tools updated from Jaeger to Tempo and Console Exporter to Prometheus.
  • MkDocs navigation restructured with 8 organized observability entries.

Configuration

  • Disabled automatic YAML formatting in the workspace to respect yamllint comment-spacing requirements.
  • Increased the yamllint line-length limit to 250 characters to accommodate long Docker Compose entries.

Fixed

  • Task card toggle behavior now correctly uses .task-header class for header selection.
  • Edit modal properly pre-fills all task fields including assignee and department.
  • Role-based field visibility in edit modal working correctly (assignee for managers+, department for admins only).
  • Domain events now properly emitted for all task updates.

Security

  • Uvicorn now binds to 127.0.0.1 by default; override via APP_HOST when exposing the service deliberately.
  • RBAC enforcement in update command handler: users can only edit their own tasks, admins can edit any task.
  • Permission checks in UI: edit/delete buttons only shown to authorized users.

0.1.0 - 2025-11-07

Added

  • Multi sub-app FastAPI architecture (API at /api, UI root) using Neuroglia patterns.
  • OAuth2/OIDC integration with Keycloak (Authorization Code flow) and refresh endpoint /api/auth/refresh.
  • RS256 JWT verification via JWKS with issuer and audience validation.
  • Dual security schemes (OAuth2 Authorization Code + HTTP Bearer) in OpenAPI spec.
  • Auto-refresh logic for access tokens with leeway configuration.
  • Explicit expired token handling returning 401 with WWW-Authenticate header.
  • Redis session store option (configurable backend) plus in-memory fallback.
  • CQRS layer: commands (create_task, update_task), queries (get_tasks) and RBAC enforcement handlers.
  • Observability metrics scaffold (observability/metrics.py).
  • Project rename script scripts/rename_project.py supporting variant styles & dry-run.
  • Rebranding documentation (README section) and rename integrity test.
  • CONTRIBUTING guide with DCO sign-off instructions.
  • Pull request template enforcing checklist & DCO sign-off.
  • Apache 2.0 License adoption and README license section.

Changed

  • OpenAPI configuration upgraded to correctly apply security schemes to protected endpoints.
  • README expanded with detailed project structure and template usage guidance.

Fixed

  • Missing Authorization header in Swagger UI by correcting scheme definitions.
  • Legacy HS256 secret decoding replaced with proper RS256 JWKS verification.
  • Markdown formatting issues in README and CONTRIBUTING (lists & fenced block spacing).

Security

  • Migration from HS256 static secret to RS256 with remote JWKS caching.
  • Added issuer/audience claim validation toggles.
  • Improved expired token feedback via standards-compliant WWW-Authenticate header.

Removed

  • Deprecated reliance on JWT_SECRET_KEY for RS256 tokens (retained only as legacy fallback context).