orion

sboulahtit/orion

Fork 0

Commit Graph

Author	SHA1	Message	Date
Samir Boulahtit	4b56eb7ab1	feat(loyalty): Phase 1 production launch hardening Some checks failed CI / ruff (push) Successful in 18s Details CI / pytest (push) Failing after 2h37m39s Details CI / validate (push) Successful in 30s Details CI / dependency-scanning (push) Successful in 32s Details CI / docs (push) Has been skipped Details CI / deploy (push) Has been skipped Details Phase 1 of the loyalty production launch plan: config & security hardening, dropped-data fix, DB integrity guards, rate limiting, and constant-time auth compare. 362 tests pass. - 1.4 Persist customer birth_date (new column + migration). Enrollment form was collecting it but the value was silently dropped because create_customer_for_enrollment never received it. Backfills existing customers without overwriting. - 1.1 LOYALTY_GOOGLE_SERVICE_ACCOUNT_JSON validated at startup (file must exist and be readable; ~ expanded). Adds is_google_wallet_enabled and is_apple_wallet_enabled derived flags. Prod path documented as ~/apps/orion/google-wallet-sa.json. - 1.5 CHECK constraints on loyalty_cards (points_balance, stamp_count non-negative) and loyalty_programs (min_purchase, points_per_euro, welcome_bonus non-negative; stamps_target >= 1). Mirrored as CheckConstraint in models. Pre-flight scan showed zero violations. - 1.3 @rate_limit on store mutating endpoints: stamp 60/min, redeem/points-earn 30-60/min, void/adjust 20/min, pin unlock 10/min. - 1.2 Constant-time hmac.compare_digest for Apple Wallet auth token (pulled forward from Phase 9 — code is safe whenever Apple ships). See app/modules/loyalty/docs/production-launch-plan.md for the full launch plan and remaining phases. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-09 23:36:34 +02:00
Samir Boulahtit	7d652716bb	feat(loyalty): production readiness round 2 — 12 security, integrity & correctness fixes Some checks failed CI / ruff (push) Successful in 12s Details CI / validate (push) Successful in 27s Details CI / dependency-scanning (push) Successful in 31s Details CI / pytest (push) Failing after 3h14m58s Details CI / docs (push) Has been cancelled Details CI / deploy (push) Has been cancelled Details Security: - Fix TOCTOU race conditions: move balance/limit checks after row lock in redeem_points, add_stamp, redeem_stamps - Add PIN ownership verification to update/delete/unlock store routes - Gate adjust_points endpoint to merchant_owner role only Data integrity: - Track total_points_voided in void_points - Add order_reference idempotency guard in earn_points Correctness: - Fix LoyaltyProgramAlreadyExistsException to use merchant_id parameter - Add StorefrontProgramResponse excluding wallet IDs from public API - Add bounds (±100000) to PointsAdjustRequest.points_delta Audit & config: - Add CARD_REACTIVATED transaction type with audit record - Improve admin audit logging with actor identity and old values - Use merchant-specific PIN lockout settings with global fallback - Guard MerchantLoyaltySettings creation with get_or_create pattern Tests: 27 new tests (265 total) covering all 12 items — unit and integration. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-16 23:37:23 +01:00
Samir Boulahtit	3df75e2e78	test: add loyalty module tests for today's bug fixes Some checks failed CI / ruff (push) Successful in 11s Details CI / dependency-scanning (push) Successful in 28s Details CI / docs (push) Has been skipped Details CI / pytest (push) Failing after 46m26s Details CI / validate (push) Successful in 23s Details CI / deploy (push) Has been skipped Details Covers card lookup route ordering, func.replace normalization, customer name in transactions, self-enrollment creation, and earn points endpoint. 54 tests total (was 1). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-24 23:28:22 +01:00

Author

SHA1

Message

Date

Samir Boulahtit

4b56eb7ab1

feat(loyalty): Phase 1 production launch hardening

CI / ruff (push) Successful in 18s

Details

CI / pytest (push) Failing after 2h37m39s

Details

CI / validate (push) Successful in 30s

Details

CI / dependency-scanning (push) Successful in 32s

Details

CI / docs (push) Has been skipped

Details

CI / deploy (push) Has been skipped

Details

Phase 1 of the loyalty production launch plan: config & security
hardening, dropped-data fix, DB integrity guards, rate limiting, and
constant-time auth compare. 362 tests pass.

- 1.4 Persist customer birth_date (new column + migration). Enrollment
  form was collecting it but the value was silently dropped because
  create_customer_for_enrollment never received it. Backfills existing
  customers without overwriting.
- 1.1 LOYALTY_GOOGLE_SERVICE_ACCOUNT_JSON validated at startup (file
  must exist and be readable; ~ expanded). Adds is_google_wallet_enabled
  and is_apple_wallet_enabled derived flags. Prod path documented as
  ~/apps/orion/google-wallet-sa.json.
- 1.5 CHECK constraints on loyalty_cards (points_balance, stamp_count
  non-negative) and loyalty_programs (min_purchase, points_per_euro,
  welcome_bonus non-negative; stamps_target >= 1). Mirrored as
  CheckConstraint in models. Pre-flight scan showed zero violations.
- 1.3 @rate_limit on store mutating endpoints: stamp 60/min,
  redeem/points-earn 30-60/min, void/adjust 20/min, pin unlock 10/min.
- 1.2 Constant-time hmac.compare_digest for Apple Wallet auth token
  (pulled forward from Phase 9 — code is safe whenever Apple ships).

See app/modules/loyalty/docs/production-launch-plan.md for the full
launch plan and remaining phases.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-09 23:36:34 +02:00

Samir Boulahtit

7d652716bb

feat(loyalty): production readiness round 2 — 12 security, integrity & correctness fixes

CI / ruff (push) Successful in 12s

Details

CI / validate (push) Successful in 27s

Details

CI / dependency-scanning (push) Successful in 31s

Details

CI / pytest (push) Failing after 3h14m58s

Details

CI / docs (push) Has been cancelled

Details

CI / deploy (push) Has been cancelled

Details

Security:
- Fix TOCTOU race conditions: move balance/limit checks after row lock in redeem_points, add_stamp, redeem_stamps
- Add PIN ownership verification to update/delete/unlock store routes
- Gate adjust_points endpoint to merchant_owner role only

Data integrity:
- Track total_points_voided in void_points
- Add order_reference idempotency guard in earn_points

Correctness:
- Fix LoyaltyProgramAlreadyExistsException to use merchant_id parameter
- Add StorefrontProgramResponse excluding wallet IDs from public API
- Add bounds (±100000) to PointsAdjustRequest.points_delta

Audit & config:
- Add CARD_REACTIVATED transaction type with audit record
- Improve admin audit logging with actor identity and old values
- Use merchant-specific PIN lockout settings with global fallback
- Guard MerchantLoyaltySettings creation with get_or_create pattern

Tests: 27 new tests (265 total) covering all 12 items — unit and integration.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-16 23:37:23 +01:00

Samir Boulahtit

3df75e2e78

test: add loyalty module tests for today's bug fixes

CI / ruff (push) Successful in 11s

Details

CI / dependency-scanning (push) Successful in 28s

Details

CI / docs (push) Has been skipped

Details

CI / pytest (push) Failing after 46m26s

Details

CI / validate (push) Successful in 23s

Details

CI / deploy (push) Has been skipped

Details

Covers card lookup route ordering, func.replace normalization, customer
name in transactions, self-enrollment creation, and earn points endpoint.
54 tests total (was 1).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-24 23:28:22 +01:00

3 Commits