mirror of
https://github.com/azaion/ui.git
synced 2026-06-21 06:41:10 +00:00
Oleksandr Bezdieniezhnykh
f7dd6c98d8
ci/woodpecker/push/build-arm Pipeline failed
Security audit (5 phases) → reports under _docs/05_security/. AZ-501 (F-SAST-1, HIGH): Externalize hardcoded Google Geocode key from mission-planner/src/config.ts to VITE_GOOGLE_GEOCODE_KEY via new GeocodeService.ts; fail-soft warn when unset; STC-SEC1D static deny-list gate; +5 unit tests in tests/mission_planner_geocode.test.ts. AZ-502 (F-DEP-1, HIGH): Force vite>=6.4.2 and postcss>=8.5.10 via package.json overrides in both roots; clean reinstall clears all bun audit advisories. Test-spec sync (Step 12) + Update Docs (Step 13) deltas: AC-43, AC-44, NFT-SEC-09b, FT-P-61, FT-N-17, ripple log, batch_12 report. Pending user actions: revoke Google + OWM keys (AC-6 / AZ-499 AC-7). 229 PASS / 13 SKIP / 0 FAIL on static + fast suites. Co-authored-by: Cursor <cursoragent@cursor.com>
867 B
867 B
Autodev State
Current Step
flow: existing-code step: 15 name: Performance Test status: not_started sub_step: phase: 0 name: awaiting-invocation detail: "" retry_count: 0 cycle: 2 tracker: jira
Notes
- Cycle 2 Step 14 CLOSED. Audit:
_docs/05_security/(5 reports). Verdict: FAIL (1 HIGH F-SAST-1, 1 HIGH F-DEP-1, 7 MED, 2 LOW). User chose A — fixed both HIGH inline (AZ-501 Google key, AZ-502 Vite/PostCSS). Implementation report:_docs/03_implementation/batch_12_report.md. Static + fast: 229 PASS / 13 SKIP / 0 FAIL. Both tickets transitioned to "In Progress" in Jira. PENDING USER: AZ-501 AC-6 (Google key revocation at Google Cloud Console) + AZ-499 AC-7 (OWM key revocation, carried from earlier). PENDING CROSS-WORKSPACE: AZ-498 deploy gate (Step 16). Phase B follow-ups deferred: F-INF-1..F-INF-5 in security audit report.