mirror of
https://github.com/x1xhlol/system-prompts-and-models-of-ai-tools.git
synced 2026-06-17 23:09:35 +00:00
38e9d02075
Program F — Multi-Tenancy RLS (Row-Level Security):
alembic 20260417_0002_add_rls.py: Enables RLS on 23 tenant-scoped tables.
database_rls.py: set_tenant_context() helpers for SET LOCAL app.tenant_id.
middleware/tenant_rls.py: Extracts tenant_id from JWT on every request.
Default-deny when no context. PostgreSQL only (CI safe on SQLite).
Result: OWASP A01:2025 — access control enforced at DB layer.
Program G — Idempotency Standard:
models/idempotency_key.py: IdempotencyKey table with TTL + SHA256 hash.
services/idempotency_service.py: get_existing/store with request fingerprint.
middleware/idempotency.py: HTTP middleware on POST/PUT/PATCH.
Result: Duplicate side effects prevented on retry.
Program E — Persistent Durable Execution:
models/durable_checkpoint.py: DurableCheckpoint with sequence_num + status.
services/durable_runtime.py: start_run/checkpoint/complete/resume/list_incomplete.
Result: Workflows survive crashes — resume from last persisted checkpoint.
Program K — OpenTelemetry:
observability/otel.py: init/span/inject_correlation_id with graceful
degradation when OTel packages absent.
openclaw/gateway.py: Wraps execute() in span, binds correlation_id to
trace_id. Bridge between business correlation and production observability.
Program J — Release Gate Hardening:
docs/governance/release-gates.md: Documents 3 mandatory gates.
.github/workflows/dealix-ci.yml: Adds release_readiness_matrix as CI step.
release_readiness_matrix.py: Updated to check 41/41 components.
Verification:
architecture_brief.py: 40/40 PASS
release_readiness_matrix.py: 41/41 PASS
https://claude.ai/code/session_01W1rJthWDkasijTdXCfxVHs
64 lines
1.7 KiB
YAML
64 lines
1.7 KiB
YAML
# Runs when salesflow-saas/ changes (monorepo root)
|
|
name: Dealix CI
|
|
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
paths:
|
|
- "salesflow-saas/**"
|
|
pull_request:
|
|
branches: [main]
|
|
paths:
|
|
- "salesflow-saas/**"
|
|
|
|
jobs:
|
|
backend:
|
|
runs-on: ubuntu-latest
|
|
defaults:
|
|
run:
|
|
working-directory: salesflow-saas/backend
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- uses: actions/setup-python@v5
|
|
with:
|
|
python-version: "3.12"
|
|
- name: Install dependencies
|
|
run: |
|
|
pip install -r requirements.txt -r requirements-dev.txt
|
|
- name: Architecture Brief (governance validation)
|
|
working-directory: salesflow-saas
|
|
run: python scripts/architecture_brief.py
|
|
- name: Release Readiness Matrix (Tier-1 gate)
|
|
working-directory: salesflow-saas
|
|
run: python scripts/release_readiness_matrix.py
|
|
- name: Pytest (full suite + launch scenarios)
|
|
env:
|
|
DATABASE_URL: sqlite+aiosqlite:///./ci_dealix.db
|
|
DEALIX_INTERNAL_API_TOKEN: ""
|
|
run: python -m pytest tests -q --tb=line
|
|
|
|
frontend:
|
|
runs-on: ubuntu-latest
|
|
defaults:
|
|
run:
|
|
working-directory: salesflow-saas/frontend
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- uses: actions/setup-node@v4
|
|
with:
|
|
node-version: "22"
|
|
cache: npm
|
|
cache-dependency-path: salesflow-saas/frontend/package-lock.json
|
|
- name: Install
|
|
run: npm ci
|
|
- name: Lint
|
|
run: npm run lint
|
|
- name: Build
|
|
run: npm run build
|
|
- name: Install Playwright Chromium
|
|
run: npx playwright install --with-deps chromium
|
|
- name: E2E smoke (auth shell)
|
|
env:
|
|
CI: true
|
|
run: npm run test:e2e
|