Skip to content

feat: implementations cycle 6#614

Merged
brunobls merged 279 commits intorelease-candidatefrom
develop
Apr 9, 2026
Merged

feat: implementations cycle 6#614
brunobls merged 279 commits intorelease-candidatefrom
develop

Conversation

@brunobls
Copy link
Copy Markdown
Member

@brunobls brunobls commented Apr 7, 2026

Pull Request Checklist

Pull Request Type

  • Manager
  • Worker
  • Frontend
  • Infrastructure
  • Packages
  • Pipeline
  • Tests
  • Documentation

Checklist

Please check each item after it's completed.

  • I have tested these changes locally.
  • I have updated the documentation accordingly.
  • I have added necessary comments to the code, especially in complex areas.
  • I have ensured that my changes adhere to the project's coding standards.
  • I have checked for any potential security issues.
  • I have ensured that all tests pass.
  • I have updated the version appropriately (if applicable).
  • I have confirmed this code is ready for review.

Additional Notes

Obs: Please, always remember to target your PR to develop branch instead of main.

dependabot bot and others added 30 commits March 2, 2026 20:21
@dependabot
ci(deps): bump LerianStudio/github-actions-shared-workflows/.github/w…
499cc2d 
…orkflows/release.yml

Bumps [LerianStudio/github-actions-shared-workflows/.github/workflows/release.yml](https://github.com/lerianstudio/github-actions-shared-workflows) from 1.11.0 to 1.13.1.
- [Release notes](https://github.com/lerianstudio/github-actions-shared-workflows/releases)
- [Changelog](https://github.com/LerianStudio/github-actions-shared-workflows/blob/main/docs/release-workflow.md)
- [Commits](LerianStudio/github-actions-shared-workflows@v1.11.0...v1.13.1)

---
updated-dependencies:
- dependency-name: LerianStudio/github-actions-shared-workflows/.github/workflows/release.yml
  dependency-version: 1.13.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@brunobls
Merge pull request #550 from LerianStudio/dependabot/github_actions/d…
3284759 
…evelop/LerianStudio/github-actions-shared-workflows/dot-github/workflows/release.yml-1.13.1

ci(deps): bump LerianStudio/github-actions-shared-workflows/.github/workflows/release.yml from 1.11.0 to 1.13.1
@brunobls
Merge pull request #549 from LerianStudio/dependabot/github_actions/d…
b35a964 
…evelop/LerianStudio/github-actions-shared-workflows/dot-github/workflows/gitops-update.yml-1.13.1

ci(deps): bump LerianStudio/github-actions-shared-workflows/.github/workflows/gitops-update.yml from 1.11.0 to 1.13.1
@brunobls
Merge pull request #548 from LerianStudio/dependabot/github_actions/d…
1d1bcee 
…evelop/LerianStudio/github-actions-shared-workflows/dot-github/workflows/build.yml-1.13.1

ci(deps): bump LerianStudio/github-actions-shared-workflows/.github/workflows/build.yml from 1.11.0 to 1.13.1
@brunobls
Merge pull request #547 from LerianStudio/dependabot/github_actions/d…
a0379a1 
…evelop/LerianStudio/github-actions-shared-workflows/dot-github/workflows/pr-validation.yml-1.13.1

ci(deps): bump LerianStudio/github-actions-shared-workflows/.github/workflows/pr-validation.yml from 1.11.0 to 1.13.1
@brunobls
Merge pull request #546 from LerianStudio/dependabot/github_actions/d…
b7f0faa 
…evelop/LerianStudio/github-actions-shared-workflows/dot-github/workflows/go-pr-analysis.yml-1.13.1

ci(deps): bump LerianStudio/github-actions-shared-workflows/.github/workflows/go-pr-analysis.yml from 1.11.0 to 1.13.1
chore(cd): enable deploy to clotilde server
047ce1d
@bedatty
chore(cd): test workflow to build and deploy
c739f4f
@bedatty
chore(ci): Update version used on pr-security-scan
ddc1113
@bedatty
Merge pull request #551 from LerianStudio/chore/enable-clotilde-deploy
e2b1c30 
chore(infra): enable deploy to clotilde server
@bedatty
fix(deps): upgrade gofiber/fiber to v2.52.12
8ba826a
@bedatty
Merge pull request #553 from LerianStudio/fix/cve-2026-25882-fiber-dos
d602573 
fix(deps): upgrade gofiber/fiber to v2.52.12
@bedatty
fix(manager): trigger build to sync clotilde deploy
b272e33
@bedatty
Merge pull request #554 from LerianStudio/fix/trigger-manager-build-c…
bd11250 
…lotilde

fix(manager): trigger build to sync clotilde deploy
@brunobls
fix(manager): enforce auth-before-tenant middleware ordering
34f8cc4 
Moves tenant middleware from global registration to per-route composition via withTenant() helper, ensuring JWT signature validation runs before any Tenant Manager API calls. Prevents forged JWTs from triggering unnecessary TM API requests.

X-Lerian-Ref: 0x1
@brunobls
fix(worker): classify permanent vs transient tenant errors
25b0129 
Adds isPermanentTenantError() to distinguish non-retryable tenant errors (not found, suspended, service not configured) from transient ones (circuit breaker open, network). Permanent errors skip retries and route directly to DLQ, saving resources.

X-Lerian-Ref: 0x1
@brunobls
fix(storage): add cross-tenant S3 key-prefix validation
0d3b827 
Introduces ValidateKeyForTenant() that verifies the resolved S3 object key starts with the authenticated tenant's ID prefix before any storage operation. Prevents cross-tenant object access if context propagation fails.

X-Lerian-Ref: 0x1
@arthurkz
feat(deadline): add deadline CRUD, deliver workflow, and comprehensiv…
505efc9 
…e tests

Introduces the deadline entity with full CRUD operations (create, get all, update, delete) and a deliver workflow that marks deadlines as delivered with timestamp tracking. Includes MongoDB repository with filtering (active, type, date range), pagination with total count, soft-delete support, and proper indexes. Improves HTTP body parser to return 400 for all malformed JSON instead of 500. Adds unit, fuzz, property, integration, and chaos tests.

X-Lerian-Ref: 0x1
@arthurkz
fix: reduce idempotency TTL from 24h to 30s
e2ebe82 
X-Lerian-Ref: 0x1
@bedatty
fix(ci): bump pr-security-scan version
082f0ca
@bedatty
chore(ci): Update trivyignore
2d0bdd0
@arthurkz
Merge pull request #555 from LerianStudio/hotfix/idempotency-ttl
1742ed3 
fix: reduce idempotency TTL from 24h to 30s
@brunobls
refactor(manager): simplify route middleware with WhenEnabled helper
c1a7938 
Replace withTenant() + append() pattern with inline WhenEnabled() that conditionally applies middleware only when non-nil, reducing boilerplate across all route definitions.

X-Lerian-Ref: 0x1
@brunobls
fix(routes): remove redundant comments for template, report, and data…
39b75d1 
… source routes
@brunobls
Merge pull request #556 from LerianStudio/fix/multi-tenant-security-f…
156bdfc 
…ixes

fix: multi tenant security fixes
@brunobls
chore(deps): bump lib-commons to v3.0.0-beta.16
8219b5a 
X-Lerian-Ref: 0x1
@brunobls
Merge pull request #557 from LerianStudio/chore/update-go-mod
d5dc3af 
chore: bump lib-commons to v3.0.0-beta.16
@arthurkz
Merge branch 'develop' into feature/RPRTR-377
5d9139f 
# Conflicts:
#	components/manager/internal/adapters/http/in/routes.go
@arthurkz
Merge branch 'main' into feature/RPRTR-377
174d5bd
@brunobls
fix(makefile): adjust spacing in help command output for consistency
c653841
brunobls and others added 4 commits April 7, 2026 15:12
@brunobls @claude
fix: update tests for new buildMultiTenantRedisClientForWorker signature
f2fe2a0 
Update test call sites to handle the new (client, error) return value
from buildMultiTenantRedisClientForWorker after the fail-fast change.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@dependabot
build(deps): bump alpine from 3.22 to 3.23 in /components/worker
57ff043 
Bumps alpine from 3.22 to 3.23.

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: '3.23'
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@brunobls
Merge pull request #613 from LerianStudio/feat/add-tls-env-vars
aeb26d8 
feat: add TLS env var support for MongoDB and multi-tenant Redis
@brunobls
Merge pull request #591 from LerianStudio/dependabot/docker/component…
9625fda 
…s/worker/develop/alpine-3.23

build(deps): bump alpine from 3.22 to 3.23 in /components/worker
@brunobls brunobls requested review from a team as code owners April 7, 2026 20:47
@coderabbitai
Copy link
Copy Markdown

coderabbitai bot commented Apr 7, 2026
edited
Loading

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

🗂️ Base branches to auto review (1)
  • develop

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 7694ca80-0629-415f-8b26-93db28fa3150

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review

Comment @coderabbitai help to get the list of available commands and usage tips.

@lerian-studio
Copy link
Copy Markdown
Contributor

lerian-studio commented Apr 7, 2026
edited
Loading

🔒 Security Scan Results — manager

Trivy

Filesystem Scan

✅ No vulnerabilities or secrets found.

Docker Image Scan

✅ No vulnerabilities found.

Docker Hub Health Score Compliance

✅ Policies — 4/4 met

Policy Status
Default non-root user ✅ Passed
No fixable critical/high CVEs ✅ Passed
No high-profile vulnerabilities ✅ Passed
No AGPL v3 licenses ✅ Passed

🔍 View full scan logs

@brunobls brunobls changed the title Develop to RC feat: implementations cycle 6 Apr 7, 2026
@lerian-studio
Copy link
Copy Markdown
Contributor

lerian-studio commented Apr 7, 2026
edited
Loading

🔒 Security Scan Results — worker

Trivy

Filesystem Scan

✅ No vulnerabilities or secrets found.

Docker Image Scan

✅ No vulnerabilities found.

Docker Hub Health Score Compliance

✅ Policies — 4/4 met

Policy Status
Default non-root user ✅ Passed
No fixable critical/high CVEs ✅ Passed
No high-profile vulnerabilities ✅ Passed
No AGPL v3 licenses ✅ Passed

🔍 View full scan logs

brunobls and others added 6 commits April 8, 2026 16:58
@brunobls @claude
fix: add defensive retry guard to prevent infinite RabbitMQ redeliver…
5238d4e 
…y loops

Permanent errors (validation failures, entity not found, JSON parse errors,
canceled contexts, schema ambiguity, business errors with REP-* codes) were
being Nack'd with requeue=true by lib-commons multi-tenant consumer, causing
infinite redelivery.

This adds a retry guard that classifies handler errors as retryable or
non-retryable across both Consumer 1 (report generation) and Consumer 2
(fetcher notifications). Non-retryable errors return nil so the message is
Ack'd and dropped. Also wraps parse/validation errors in process-notification
as typed ValidationError so the guard can classify them.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@brunobls @claude
fix: upgrade aws-sdk-go-v2 eventstream to v1.7.8 to resolve CVE
020fc87 
Indirect dependency via S3 SDK. Backward compatible, no breaking changes.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@brunobls @claude
fix: wrap permanent errors with typed domain errors to prevent infini…
3b11626 
…te RabbitMQ redelivery

Replace 20 plain fmt.Errorf returns with typed pkg.ValidationError and
pkg.FailedPreconditionError so the retry guard can classify them via
errors.AsType(). Covers datasource config, crypto failures, cipher init,
decryption errors, template rendering, data pipeline, and extraction request.

Also adds isPermanentErrorByPattern heuristic as a last-resort safety net,
and adds Unwrap() to FailedPreconditionError for error chain traversal.

Reviewed by 6 ring code reviewers; all findings addressed:
- Err field populated on typed errors to preserve error chain
- Double-wrapping in decryptExtractedData simplified to propagate inner error
- Heuristic patterns tightened from generic to specific
- Negative test cases added for heuristic patterns

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@brunobls @claude
fix: remove E2E test for unimplemented dayOfMonth validation
5136d18 
The test expected dayOfMonth range validation (TPL-0053) but the field
does not exist in CreateDeadlineInput — Go silently ignores it, so the
API returns 201 instead of 400.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@gandalf-at-lerian
chore: add GHSA-xmrv-pmrh-hhx2 to .trivyignore (no upstream fix)
70887d7
@brunobls
Merge pull request #615 from LerianStudio/fix/defensive-retry-guard-r…
8632ac8 
…abbitmq

fix: add defensive retry guard to prevent infinite RabbitMQ redeliver…
@brunobls brunobls temporarily deployed to create_release April 8, 2026 22:16 — with GitHub Actions Inactive
@brunobls brunobls merged commit 07a03a2 into release-candidate Apr 9, 2026
21 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@arthurkz arthurkz arthurkz approved these changes

Assignees

@brunobls brunobls

Labels

area: build area: ci/cd area: dependencies area: documentation area: infra area: manager area: tests area: worker size/XL

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@brunobls @lerian-studio @arthurkz @bedatty @jeffersonrodrigues92 @gandalf-at-lerian @fredcamaral