HarborForge.Backend

zhi/HarborForge.Backend

Fork 0

Commit Graph

Select branches

Hide Pull Requests

feat/get-agent-status

feat/knowledge-base

feat/maintenance-window-and-special-slots

feat/schedule-type-apikey-auth

feat/schedule-type-minutes

feat/user-bind-agent

fix/security-audit

fix/users-require-admin-accept-apikey

main

security/critical-auth-fixes

tessera-oidc-bearer

#1

#10

#11

#12

#13

#14

#15

#16

#17

#18

#19

#2

#20

#21

#22

#23

#3

#4

#5

#6

#7

#8

#9

0bdc432215 Accept Tessera (Keycloak-compatible) OIDC tokens as API bearer main tessera-oidc-bearer hzhang 2026-06-02 15:11:31 +01:00
1a5a3ed1b1 Merge fix/security-audit: RBAC/API-key-hash/cookie hardening hzhang 2026-06-01 09:23:35 +01:00
16199c9280 Merge feat/knowledge-base: KnowledgeBase feature hzhang 2026-06-01 09:23:35 +01:00
3f5f813c65 fix(security): RBAC on legacy create endpoints, hashed API keys, hardening fix/security-audit hzhang 2026-05-31 20:16:11 +01:00
9feff8e008 feat(knowledge-base): KnowledgeBase feature — models, CRUD API, RBAC feat/knowledge-base hzhang 2026-05-31 15:03:14 +01:00
88779d2db0 Merge pull request 'fix(users): admin-gated /users routes accept api-key auth' (#23) from fix/users-require-admin-accept-apikey into main h z 2026-05-29 07:55:45 +00:00
cacb1d2652 fix(users): admin-gated /users routes accept api-key auth fix/users-require-admin-accept-apikey hzhang 2026-05-29 08:55:28 +01:00
d2b83ad58d fix(projects): perm-gate create + apikey-via-Bearer + introspect with apikey hzhang 2026-05-24 22:09:34 +01:00
01f6b562e1 fix(bootstrap): seed 3 perms used in code but missing from catalog hzhang 2026-05-24 21:18:30 +01:00
595391b41b feat(users): auto-default agent accounts to general-agent role hzhang 2026-05-24 19:38:06 +01:00
54feb9686c fix(cli): import all model modules so SA relationship resolution works hzhang 2026-05-24 19:10:26 +01:00
5ea2cdfc9e feat(backend)!: kill AbstractWizard, env-driven config + hf-cli hzhang 2026-05-24 19:01:37 +01:00
422b2fa7b7 Merge pull request 'feat: GET /agent/status + idempotent POST same-state' (#22) from feat/get-agent-status into main hzhang 2026-05-22 21:59:10 +00:00
e80ead528d fix(calendar): /agent/status idempotent + 409 on bad transition feat/get-agent-status hzhang 2026-05-22 22:46:30 +01:00
f1aafb86df feat(calendar): GET /agent/status — read-only status query for plugin gate hzhang 2026-05-22 22:34:10 +01:00
65905e4831 Merge pull request 'feat(schedule_type): minute-precision windows + variable maintenance length' (#21) from feat/schedule-type-minutes into main hzhang 2026-05-22 19:19:21 +00:00
345e0f3a04 feat(schedule_type): minute-precision windows + variable maintenance length feat/schedule-type-minutes hzhang 2026-05-22 20:18:21 +01:00
e5e81d418d Merge pull request 'feat(users): PATCH /users/{id}/bind-agent to backfill agents row' (#20) from feat/user-bind-agent into main hzhang 2026-05-22 18:58:25 +00:00
6400f7f612 feat(users): PATCH /users/{id}/bind-agent to backfill agents row feat/user-bind-agent hzhang 2026-05-22 19:58:06 +01:00
5b59806e38 Merge pull request 'fix(schedule-type): accept X-API-Key for CRUD' (#19) from feat/schedule-type-apikey-auth into main hzhang 2026-05-22 18:36:20 +00:00
23632aa073 fix(schedule-type): accept X-API-Key for CRUD feat/schedule-type-apikey-auth hzhang 2026-05-22 19:35:56 +01:00
7017d3483e Merge pull request 'feat(calendar): maintenance window + schedule_type special slots' (#18) from feat/maintenance-window-and-special-slots into main hzhang 2026-05-22 18:19:06 +00:00
dcaaa4259a feat(calendar): maintenance window + schedule_type special slots feat/maintenance-window-and-special-slots hzhang 2026-05-22 19:18:36 +01:00
c6d2ecbf95 Merge pull request 'feature/oidc-login' (#17) from feature/oidc-login into main hzhang 2026-05-17 21:27:39 +00:00
5a5e3fa2eb fix(security): block OIDC-binding privilege escalation hzhang 2026-05-17 22:07:43 +01:00
1c91cb32fc feat(auth): OIDC-only admin-role bootstrap auto-connect hzhang 2026-05-17 21:05:39 +01:00
f64e2a24f8 feat(init): bootstrap OIDC from wizard config hzhang 2026-05-17 20:50:59 +01:00
ece2b550fc docs: OIDC feature test plan / test points hzhang 2026-05-17 20:40:26 +01:00
f8126d0cbc feat(auth): admin-configurable OIDC provider (oidc_settings) hzhang 2026-05-17 20:29:15 +01:00
54b6103880 feat(auth): OIDC login + identity binding + HARBORFORGE_OIDC_ONLY hzhang 2026-05-17 20:22:04 +01:00
d2fafdfe9c Merge security/critical-auth-fixes into main hzhang 2026-05-16 17:55:59 +01:00
f03bfe9093 docs: README accuracy pass + Security section security/critical-auth-fixes hzhang 2026-05-16 17:50:25 +01:00
801a63f8bb fix(security): close critical auth/SSRF/RBAC holes hzhang 2026-05-16 16:53:14 +01:00
b7ae20e43f Merge pull request 'zhi-2026-04-18' (#16) from zhi-2026-04-18 into main hzhang 2026-05-01 07:24:35 +00:00
69c4e17d0f Merge branch 'main' into zhi-2026-04-18 hzhang 2026-05-01 07:24:28 +00:00
8ab9cae474 feat: schedule type system for work/entertainment periods zhi 2026-04-21 09:20:51 +00:00
5b7169a3cf feat: add /calendar/sync endpoint for multi-agent schedule sync zhi 2026-04-19 09:30:57 +00:00
630c215e62 fix: Essential model uses created_by_id not user_id hzhang 2026-04-16 23:17:32 +01:00
00846f92df fix: correct ActivityLog import name in user deletion hzhang 2026-04-16 23:15:45 +01:00
04fa209f22 feat: add deleted-user builtin and safe user deletion hzhang 2026-04-16 23:08:19 +01:00
76c741a7ba Merge pull request 'feat(Dockerfile): multi-stage build to reduce image size from 852MB to ~200MB' (#15) from multi-stage into main hzhang 2026-04-16 21:23:04 +00:00
d92f8c76b2 Merge branch 'main' into multi-stage hzhang 2026-04-16 21:22:54 +00:00
779854d69f Merge pull request 'dev-2026-03-29' (#14) from dev-2026-03-29 into main hzhang 2026-04-16 21:22:03 +00:00
61fcca8aff feat: grant user.reset-apikey permission to account-manager role orion 2026-04-16 21:19:13 +00:00
5696a068e6 feat: allow API key auth for reset-apikey endpoint orion 2026-04-16 21:17:13 +00:00
a3be8380c9 feat(Dockerfile): multi-stage build to reduce image size from 852MB to ~200MB orion 2026-04-15 01:27:44 +00:00
beb95f7bbe Merge pull request 'HarborForge.Backend: dev-2026-03-29 -> main' (#13) from dev-2026-03-29 into main hzhang 2026-04-05 22:08:14 +00:00
755c418391 feat: auto-trigger Discord wakeup when slot becomes ONGOING orion 2026-04-05 09:37:14 +00:00
57681c674f feat: add discord wakeup test endpoint orion 2026-04-04 21:03:48 +00:00
79c6c32a78 feat: store discord user ids on accounts orion 2026-04-04 20:16:22 +00:00
5e98d1c8f2 feat: accept post heartbeats for calendar agents orion 2026-04-04 17:58:57 +00:00
5a2b64df70 fix: use model slot types for agent status updates orion 2026-04-04 16:49:52 +00:00
578493edc1 feat: expose calendar agent heartbeat api orion 2026-04-04 16:46:04 +00:00
41bebc862b fix: enforce calendar role permissions orion 2026-04-04 14:35:42 +00:00
e9529e3cb0 feat: add calendar role permissions orion 2026-04-04 11:59:21 +00:00
848f5d7596 refactor: replace monitor heartbeat-v2 with heartbeat orion 2026-04-04 08:05:48 +00:00
0448cde765 fix: make code index migration mysql-compatible orion 2026-04-03 19:00:45 +00:00
ae353afbed feat: switch backend indexing to code-first identifiers orion 2026-04-03 16:25:11 +00:00
58d3ca6ad0 fix: allow api key auth for account creation orion 2026-04-03 13:45:36 +00:00
f5bf480c76 TEST-BE-CAL-001 add calendar backend model and API tests zhi 2026-04-01 10:35:43 +00:00
45ab4583de TEST-BE-PR-001 fix calendar schema import recursion zhi 2026-04-01 10:04:50 +00:00
2cc07b9c3e BE-AGT-004 parse exhausted recovery hints zhi 2026-04-01 04:18:44 +00:00
a94ef43974 BE-AGT-003: implement multi-slot competition handling zhi 2026-04-01 02:49:30 +00:00
70f343fbac BE-AGT-002: implement Agent status transition service zhi 2026-04-01 00:46:16 +00:00
6c0959f5bb BE-AGT-001: implement heartbeat pending-slot query service zhi 2026-03-31 23:01:47 +00:00
22a0097a5d BE-CAL-API-007: implement date-list API endpoint zhi 2026-03-31 20:46:34 +00:00
78d836c71e BE-CAL-API-006: implement plan-edit and plan-cancel API endpoints zhi 2026-03-31 16:46:18 +00:00
43cf22b654 BE-CAL-API-005: implement plan-schedule / plan-list API zhi 2026-03-31 14:47:09 +00:00
b00c928148 BE-CAL-API-004: Implement Calendar cancel API for real and virtual slots zhi 2026-03-31 12:47:38 +00:00
f7f9ba3aa7 BE-CAL-API-003: implement Calendar edit API for real and virtual slots zhi 2026-03-31 10:46:09 +00:00
c75ded02c8 BE-CAL-API-002: Implement calendar day-view query API zhi 2026-03-31 07:18:56 +00:00
751b3bc574 BE-CAL-API-001: Implement single slot creation API zhi 2026-03-31 05:45:58 +00:00
4f0e933de3 BE-CAL-007: MinimumWorkload warning rules + BE-CAL-008: past-slot immutability zhi 2026-03-31 04:16:50 +00:00
570cfee5cd BE-CAL-006: implement Calendar overlap detection service zhi 2026-03-31 01:17:54 +00:00
a5b885e8b5 BE-CAL-005: Implement plan virtual-slot identification and materialization zhi 2026-03-30 23:47:07 +00:00
eb57197020 BE-CAL-004: implement MinimumWorkload storage zhi 2026-03-30 22:27:05 +00:00
1c062ff4f1 BE-CAL-003: Add Agent model with status/heartbeat/exhausted fields zhi 2026-03-30 20:47:44 +00:00
a9b4fa14b4 BE-CAL-002: Add SchedulePlan model with period hierarchy constraints zhi 2026-03-30 19:16:16 +00:00
3dcd07bdf3 BE-CAL-001: Add TimeSlot model with SlotType/SlotStatus/EventType enums zhi 2026-03-30 17:45:18 +00:00
1ed7a85e11 BE-PR-011: Fix test infrastructure and add Proposal/Essential/Story restricted tests zhi 2026-03-30 16:17:00 +00:00
90d1f22267 BE-PR-010: deprecate feat_task_id — retain column, read-only compat zhi 2026-03-30 12:49:52 +00:00
08461dfdd3 BE-PR-009: restrict all story/* task types to Proposal Accept workflow zhi 2026-03-30 11:46:18 +00:00
c84884fe64 BE-PR-008: add Proposal Accept tracking fields (source_proposal_id, source_essential_id) zhi 2026-03-30 10:46:20 +00:00
cb0be05246 BE-PR-007: refactor Proposal Accept to generate story tasks from all Essentials zhi 2026-03-30 07:46:20 +00:00
431f4abe5a BE-PR-006: Add Essential CRUD API under Proposals zhi 2026-03-30 07:16:30 +00:00
8d2d467bd8 BE-PR-005: Add Essential schema definitions (create/update/response) and ProposalDetailResponse with nested essentials zhi 2026-03-30 06:45:21 +00:00
5aca07a7a0 BE-PR-004: implement EssentialCode encoding rules zhi 2026-03-30 06:16:01 +00:00
089d75f953 BE-PR-003: Add Essential SQLAlchemy model zhi 2026-03-29 16:33:00 +00:00
119a679e7f BE-PR-002: Proposal model naming & field adjustments zhi 2026-03-29 16:02:18 +00:00
cfacd432f5 BE-PR-001: Rename Propose -> Proposal across backend zhi 2026-03-29 15:35:23 +00:00
7fd93cf8a8 Merge pull request 'Merge dev-2026-03-22 into main' (#12) from dev-2026-03-22 into main hzhang 2026-03-22 14:12:43 +00:00
28d8dec010 Merge pull request 'Merge dev-2026-03-22-x1 into dev-2026-03-22' (#11) from dev-2026-03-22-x1 into dev-2026-03-22 hzhang 2026-03-22 14:06:30 +00:00
5ccd955a66 Fix: use role name 'admin' instead of 'superadmin' for global admin check zhi 2026-03-22 11:17:51 +00:00
15126aa0e5 Apply fix: accept project_code as identifier in project endpoints zhi 2026-03-22 10:40:13 +00:00
1905378064 Merge fix/three-bugs-2026-03-22: accept task_code/milestone_code as identifiers, add /config/status endpoint zhi 2026-03-22 10:56:34 +00:00
8b357aabc4 Fix: accept task_code/milestone_code as identifiers, add /config/status endpoint zhi 2026-03-22 10:06:27 +00:00
88931d822d Fix milestones 422 + acc-mgr user + reset-apikey endpoint zhi 2026-03-22 05:39:03 +00:00
d17072881b feat: add general /supports list endpoint with status/taken_by filters zhi 2026-03-22 00:17:44 +00:00
b351075561 chore: remove legacy Python CLI and update README zhi 2026-03-21 21:38:08 +00:00
3ff9132596 feat: enrich member/comment/propose APIs with usernames zhi 2026-03-21 20:28:28 +00:00

1 2 3