portal

Author	SHA1	Message	Date
sharang	c051ae0626	fix(deps): bump next 15.0.3 → 16.2.6 to clear trivy CVEs ci / shared (pull_request) Successful in 3s Details ci / test (pull_request) Has been skipped Details ci / e2e (pull_request) Has been skipped Details ci / image (pull_request) Has been skipped Details trivy fs scan failed the M0.2 CI gate on the skeleton commit because next 15.0.3 has 9 known vulns (CRITICAL CVE-2025-29927 auth bypass in middleware, plus 7 HIGH advisories). 16.2.6 is current latest and covers every fixed-version range trivy listed. Side effects of the major bump: - next 16 dropped 'next lint' — switched the lint script to call eslint directly ('eslint . --max-warnings 0'). - eslint-config-next 16 ships flat-config exports natively, so eslint.config.mjs imports core-web-vitals + typescript directly (no FlatCompat shim, no @eslint/eslintrc dep). - Typed vi.fn<typeof fetch>() in tenant-registry.test to satisfy stricter tuple inference under the new types. All 4 gates green locally: pnpm lint / typecheck / test --coverage (100% on src/lib) / build Refs: M5.1 (skeleton)	2026-05-18 23:04:05 +02:00
sharang	ac22ccef9b	feat(app): Next.js 15 + Auth.js v5 portal skeleton ci / shared (pull_request) Failing after 4s Details ci / test (pull_request) Has been skipped Details ci / e2e (pull_request) Has been skipped Details ci / image (pull_request) Has been skipped Details Lands the minimum surface so a developer can: cd platform/orca-platform && make dev-up cd platform/tenant-registry && make dev cd platform/portal && make install && make dev open http://acme.localhost:3000 and complete a real OIDC sign-in against the breakpilot-dev realm. Layout: src/middleware.ts host→slug URL rewrite; backstage carve-out src/auth.ts Auth.js v5 Keycloak provider; passes tenant_id/slug/org_roles/products/plan/status claims through to the session src/app/api/auth/[...nextauth]/ Auth.js handlers (GET, POST) src/app/layout.tsx root html shell src/app/page.tsx apex landing src/app/[slug]/layout.tsx fetches tenant via lib/tenant-registry src/app/[slug]/page.tsx redirect to /dashboard src/app/[slug]/dashboard/page.tsx signed-out → Sign in with Keycloak signed-in → welcome + Sign out src/lib/host.ts testable host parser (apex/tenant/backstage) src/lib/tenant-registry.ts fetch client for the Go service Tooling: vitest 13 tests, 100% coverage of src/lib/ Next.js 15 build compiles all routes; output: standalone ESLint flat config next/core-web-vitals + next/typescript Real RBAC enforcement, the rest of the customer-area surfaces, and the backstage shell land per the M5.2 / M10.1 schedule. This is just enough to be the first thing a developer codes in. Refs: M5.1 (skeleton)	2026-05-18 22:54:52 +02:00
sharang	3c7409ee9e	chore(domain): yourplatform.com → breakpilot.com ci / shared (push) Successful in 5s Details ci / test (push) Has been skipped Details ci / e2e (push) Has been skipped Details ci / image (push) Has been skipped Details Apply platform-domain decision (2026-05-18). No services touched; docs/config only. Refs: M1.1	2026-05-18 20:28:44 +00:00
sharang	dd4764fbb2	ci: rework workflow for Gitea Actions (M0.2) ci / e2e (push) Has been skipped Details ci / image (push) Has been skipped Details ci / shared (push) Successful in 5s Details ci / test (push) Has been skipped Details Switches commitlint to bash regex, gitleaks to inline binary, trivy to inline binary (v0.70.0). Per-stack jobs gated on hashFiles. Refs: M0.2	2026-05-18 19:42:30 +00:00
sharang	21f6d70a32	chore: bootstrap repo scaffolding (M0.1) ci / shared (push) Failing after 6s Details ci / test (push) Failing after 3s Details ci / e2e (push) Has been skipped Details ci / image (push) Has been skipped Details Bootstraps §1.2 scaffolding (README, CONTRIBUTING, CODEOWNERS, CHANGELOG, PR + issue templates, LICENSE, CI workflow, release workflow, commitlint, cliff, .editorconfig, .gitignore, .env.example) and ships a proprietary all-rights-reserved LICENSE naming both founders. Refs: M0.1	2026-05-18 19:15:34 +00:00

5 Commits