mirror of
https://github.com/azaion/detections.git
synced 2026-04-22 09:26:32 +00:00
Oleksandr Bezdieniezhnykh
097811a67b
- Pin all deps; h11==0.16.0 (CVE-2025-43859), python-multipart>=1.3.1 (CVE-2026-28356), PyJWT==2.12.1
- Add HMAC JWT verification (require_auth FastAPI dependency, JWT_SECRET-gated)
- Fix TokenManager._refresh() to use ADMIN_API_URL instead of ANNOTATIONS_URL
- Rename POST /detect → POST /detect/image (image-only, rejects video files)
- Replace global SSE stream with per-job SSE: GET /detect/{media_id} with event replay buffer
- Apply require_auth to all 4 protected endpoints
- Fix on_annotation/on_status closure to use mutable current_id for correct post-upload event routing
- Add non-root appuser to Dockerfile and Dockerfile.gpu
- Add JWT_SECRET to e2e/docker-compose.test.yml and run-tests.sh
- Update all e2e tests and unit tests for new endpoints and HMAC token signing
- 64/64 tests pass
Made-with: Cursor
18 lines
675 B
Markdown
18 lines
675 B
Markdown
# Autopilot State
|
||
## Current Step
|
||
flow: existing-code
|
||
step: 14
|
||
name: Deploy
|
||
status: in_progress
|
||
sub_step: 0
|
||
retry_count: 0
|
||
|
||
## Cycle Notes
|
||
Previous full cycle (steps 1–14) completed. New cycle started for AZ-178.
|
||
step: 8 (New Task) — DONE (AZ-178 defined)
|
||
step: 9 (Implement) — DONE (implementation_report_streaming_video.md, 67/67 tests pass)
|
||
step: 10 (Run Tests) — DONE (67 passed, 0 failed)
|
||
step: 11 (Update Docs) — DONE (docs updated during step 9 implementation)
|
||
step: 12 (Security Audit) — DONE (Critical/High findings remediated 2026-04-01; 64/64 tests pass)
|
||
step: 13 (Performance Test) — SKIPPED (500ms latency validated by real-video integration test)
|