Conversation
uwsgi (which serves user service on :4100) might not handle HTTP/2 well. Force reqwest to use HTTP/1.1 only to prevent connection resets.
…figs conflict resolved httpv1
- Config files now write to {base}/{app_code}/{file_name} instead of
{base}/{app_code}/config/{file_name}
- Aligns with docker-compose volume mounts (e.g. telegraf.conf at
/home/trydirect/telegraf/telegraf.conf, not .../config/telegraf.conf)
User Service /me returns role='root' for admin users, but stacker Casbin policies require 'group_admin'. Add grouping rule to bridge the two role systems. This fixes 403 on /api/admin/templates.
- Add StackTemplateReview model struct
- Add list_versions_by_template() and list_reviews_by_template() DB queries
- Add GET /{id} detail_handler returning template + versions + reviews
- Register detail_handler in startup.rs admin templates scope
- Add Casbin migration for admin_service and group_admin on /api/admin/templates/:id GET
- admin_list_submitted_templates: list templates awaiting review - admin_get_template_detail: get template with versions and reviews - admin_approve_template: approve a submitted template - admin_reject_template: reject template with reason - admin_list_template_versions: list all versions of a template - admin_list_template_reviews: list review history for a template - All tools enforce admin role check (admin_service, group_admin, root)
- Add security_validator module with automated checks:
- Secret detection (AWS keys, API tokens, GitHub tokens, etc.)
- Hardcoded credential detection
- Docker syntax validation
- Malicious code detection (privileged containers, host network,
Docker socket mounts, crypto miners, curl|bash patterns)
- Risk score calculation (0-100, weighted by category)
- Add MCP tool 'admin_validate_template_security' for AI agents
- Returns automated scan results + raw stack_definition
- Includes AI review instructions for deeper semantic analysis
- Optional save_report parameter for dry-run scans
- Add REST endpoint POST /admin/templates/{id}/security-scan
- Add save_security_scan() DB query (saves as review record)
- Add Casbin migration for security-scan endpoint permissions
- Include unit tests for all security check categories
When stack_definition is a JSON object, serde_json::to_string_pretty
produces quoted keys/values ("key": "value") which broke regex
patterns designed for YAML. Added normalize_json_for_matching() that
strips JSON quoting so patterns match both formats.
- Add POST /api/templates/{id}/resubmit endpoint
- Accepts: version, stack_definition, definition_format, changelog
- Validates ownership and status (rejected/needs_changes/approved)
- Creates new version, resets status to 'submitted'
- Add resubmit_with_new_version() DB function (transactional)
- Extend submit_for_review() to also allow 'needs_changes' status
- Add Casbin migration for resubmit endpoint permissions
- Update .sqlx offline cache
- Add ansible_roles.rs with 5 MCP tools: - list_available_roles(): Catalog discovery via DB + filesystem - get_role_details(): Parse role metadata from filesystem - get_role_requirements(): OS and dependency requirements - validate_role_vars(): Pre-deployment variable validation - deploy_role(): Queue role execution on remote server - Register tools in MCP registry (42+ tools total) - Hybrid discovery: PostgREST /role endpoint + tfa/roles/ fallback - Extended timeout (5 min) for long-running deployment operations Enables AI-assisted Ansible role configuration when users select SSH deployment method in Stack Builder. Ref: ANSIBLE_ROLES_MCP_IMPLEMENTATION.md
Step 0: Pricing persistence - Add price (DOUBLE PRECISION), billing_cycle, currency columns to stack_template - Accept plan_type, price, currency in CreateTemplateRequest and UpdateTemplateRequest - Store pricing in create_draft() and update_metadata() DB functions - Migration: 20260211100000_add_pricing_to_stack_template Step 1: Fix vendor_name bug - Webhook now sends template.creator_name instead of user ID string Step 2: Enrich webhook payload - Add long_description, tech_stack, creator_name, deploy_count, view_count, approved_at, required_plan_name fields to MarketplaceWebhookPayload - Send actual price/billing_cycle/currency from DB instead of hardcoded None - Both send_template_approved and send_template_updated updated Note: sqlx offline cache (.sqlx/) needs regeneration after migration. Run: cargo sqlx prepare -- --lib
feat: add pricing columns to stack_template + enrich webhook payload
All 7 test payloads now include: long_description, tech_stack, creator_name, deploy_count, view_count, approved_at, required_plan_name
…late test initializers
…e test initializers
added 10 commits
February 11, 2026 17:13
… roles management
- Add russh and russh-keys dependencies for async SSH client - Create ssh_client helper module with SystemCheckResult struct - Implement check_server() for full system diagnostics: - SSH connection and authentication - whoami, df, docker --version, os-release, free commands - Expand ValidateResponse with disk/docker/os/memory fields - Update validate_key endpoint to perform real SSH connection
- Add migration to restore cloud_id FK to cloud table (nullable) - Update Server model with cloud_id field - Add ServerWithProvider struct with 'cloud' provider name - Add fetch_by_user_with_provider query with LEFT JOIN - Update server list endpoint to return provider info - Update ServerForm to include cloud_id After deploying, run: 1. sqlx migrate run (or via docker-compose) 2. cargo sqlx prepare (to update offline query cache)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.