Skip to content

feat(api): add Idempotency-Key header support to readings API (#267)#2

Open
devSoniia wants to merge 69 commits into
mainfrom
issue-267-idempotency-key
Open

feat(api): add Idempotency-Key header support to readings API (#267)#2
devSoniia wants to merge 69 commits into
mainfrom
issue-267-idempotency-key

Conversation

@devSoniia
Copy link
Copy Markdown
Owner

@devSoniia devSoniia commented May 28, 2026

Summary

Closes AnnabelJoe#267

Prevents double-minting of certificates when network retries cause duplicate meter reading submissions.

Changes

src/lib/idempotency.ts (new)

  • Redis-backed idempotency store using the existing Upstash REST API pattern
  • TTL configurable via IDEMPOTENCY_TTL_SECONDS env var (default: 86400 = 24 h)
  • Graceful no-op fallback when Redis is not configured (local dev / CI)

src/app/api/readings/route.ts

  • Reads Idempotency-Key header on POST
  • Returns cached { body, status } immediately on duplicate without re-processing
  • Stores successful response in Redis after mint completes

Usage

curl -X POST /api/readings \
  -H 'Idempotency-Key: 550e8400-e29b-41d4-a716-446655440000' \
  -H 'Content-Type: application/json' \
  -d '{...}'

Duplicate requests with the same key return the original 201 response from cache.

devSoniia and others added 30 commits April 26, 2026 13:14
@devSoniia
feat(migrations): add rollback scripts and operator_sessions migration (
d0e432c 
AnnabelJoe#37)

- Add rollback .down.sql for every existing migration (001-006)
- Add migration 007: operator_sessions table for JWT refresh token rotation
- Update CI to verify rollback scripts exist for every migration file

Closes AnnabelJoe#37
@devSoniia
feat(auth): implement JWT + Supabase Auth for operator routes (Annabe…
94311fc 
…lJoe#40)

- Add src/lib/auth.ts: requireAuth() validates Bearer JWT via Supabase getUser()
- Add POST /api/auth/login: email+password → access_token + refresh_token
- Add POST /api/auth/logout: invalidates current session
- Add POST /api/auth/refresh: rotates refresh token
- Protect GET /api/meters, POST /api/meters, GET /api/readings with requireAuth()
- Add v1 re-exports for all auth routes
- Add unit tests for requireAuth() (missing header, invalid token, valid token)

Closes AnnabelJoe#40
@devSoniia
test(audit_registry): comprehensive unit tests for anchor, dedup, aut…
184a65e 
…h, queries (AnnabelJoe#57)

New tests added:
- test_anchor_records_ledger_sequence: verifies anchored_at_ledger is set
- test_duplicate_anchor_does_not_increment_total: dedup leaves count unchanged
- test_different_hashes_are_independent: two distinct hashes both anchor cleanly
- test_old_signer_rejected_after_rotation: rotated-out signer gets Unauthorized
- test_total_anchors_starts_at_zero: count is 0 before any anchor
- test_admin_query / test_api_signer_query: query functions return correct values
- test_large_number_of_anchors: 50 anchors stored and retrievable (large payload)
- test_boundary_hash_values: all-zeros and all-ones hashes are valid
- test_migrate_updates_version: migrate() stores new version string

Closes AnnabelJoe#57
@devSoniia
feat(health): comprehensive health check endpoint with DB + Stellar R…
c0ebc47 
…PC checks (AnnabelJoe#45)

- Check DB connectivity via a lightweight SELECT on cooperatives
- Check Stellar RPC reachability via getHealth JSON-RPC call
- Return degraded status if any check exceeds 300 ms threshold
- Return 503 if any check errors, 200 for ok/degraded
- Hard 450 ms timeout per check keeps total response < 500 ms
- Response shape: { status, ts, checks: { database, stellar_rpc } }
- 5 unit tests: ok, DB error, Stellar error, degraded (slow), latency_ms present

Closes AnnabelJoe#45
@AnnabelJoe
Merge pull request AnnabelJoe#233 from devSoniia/issue-45-health-check
19af767 
feat(health): comprehensive health check endpoint GET /api/health (AnnabelJoe#45)
@AnnabelJoe
Merge pull request AnnabelJoe#232 from devSoniia/issue-57-audit-regis…
4f748b2 
…try-tests

test(audit_registry): comprehensive unit tests (AnnabelJoe#57)
@AnnabelJoe
Merge pull request AnnabelJoe#231 from devSoniia/issue-40-jwt-auth
a425a43 
feat(auth): JWT + Supabase Auth for operator API routes (AnnabelJoe#40)
@AnnabelJoe
Merge pull request AnnabelJoe#230 from devSoniia/issue-37-db-migrations
50f4dc7 
feat(migrations): versioned SQL migrations with rollback scripts (AnnabelJoe#37)
@milah-247
fix: add spinner and disable buttons during form submission
7ef2928 
- Add loading spinner to all form submit buttons
- Disable cancel buttons during submission to prevent interruption
- Add cursor-not-allowed class for better UX
- Prevent duplicate form submissions

Closes AnnabelJoe#21
@milah-247
feat: add real-time dashboard updates with WebSocket support
091499c 
- Create useRealtimeReadings hook for WebSocket connection management
- Add connection status indicator (Live/Offline/Connecting)
- Implement automatic reconnection with 5s delay
- Add graceful fallback to 30s polling when WebSocket unavailable
- Animate new readings into the table with fade-in effect
- Update readings cache in real-time without manual refresh
- Add placeholder WebSocket API endpoint with implementation notes

Closes AnnabelJoe#9
@milah-247
feat: add copy-to-clipboard functionality for IDs and hashes
c35dd6a 
- Create reusable CopyButton and CopyableText components
- Add copy buttons to all certificate IDs across the app
- Add copy functionality for meter public keys
- Add copy button for wallet addresses in navbar
- Add copy buttons for transaction hashes in certificate chain
- Add copy buttons for reading hashes and signatures in verify page
- Show visual confirmation (checkmark) for 2 seconds after copy
- Works in all modern browsers using Clipboard API

Closes AnnabelJoe#23
@autostack-art
feat: rate limiting, meter name, tracer-sim, verify chain-of-custody
5b2f413 
Closes AnnabelJoe#27, AnnabelJoe#30, AnnabelJoe#32, AnnabelJoe#35

- AnnabelJoe#27: Add sliding-window rate limit (60 req/min per meter pubkey) to
  POST /api/readings using Upstash Redis pipeline. Returns 429 with
  Retry-After header on breach. Falls back to allow-all when Redis is
  unavailable.

- AnnabelJoe#30: Add required 'name' field to POST /api/meters registration.
  Duplicate pubkey now returns 409 before attempting insert.

- AnnabelJoe#32: Add tracer-sim integration for failed mint diagnosis. On mint
  failure: replays via TRACER_SIM_URL, stores diagnosis JSON on the
  reading record (mint_diagnosis column), fires mint_failed webhook,
  and returns diagnosis in the 500 error response.

- AnnabelJoe#35: Add GET /api/verify/[id] dynamic route returning full chain of
  custody (reading, Ed25519 proof, anchor tx, mint tx, retirement tx).
  No auth required. Response cached 60 s via Redis. Re-exported at
  /api/v1/verify/[id].

DB: migration 20260427000008 adds meters.name and readings.mint_diagnosis.
@zeekman
feat: resolve issues AnnabelJoe#10 AnnabelJoe#15 AnnabelJoe#16 Annabe…
b7ecc3b 
…lJoe#17 — i18n, governance form, voting UI, verify stepper
@scriptnovaa
fix: resolve issues AnnabelJoe#19, AnnabelJoe#20, AnnabelJoe#24, Anna…
78448aa 
…belJoe#25

AnnabelJoe#20 - Fix hydration mismatch: add mounted guard in Navbar so wallet UI
and theme toggle only render client-side, eliminating SSR/CSR mismatch.

AnnabelJoe#25 - Add Stellar network indicator badge to Navbar. Reads
NEXT_PUBLIC_STELLAR_NETWORK env var; yellow for testnet, green for
mainnet, links to Stellar Expert explorer.

AnnabelJoe#24 - Add WalletGate component for protected routes. Dashboard, Meters,
and Certificates pages now show a connect-wallet prompt instead of empty
state when no wallet is connected. Removed redundant inline connect
banner from Certificates page.

AnnabelJoe#19 - Add search and filter to Certificates page. Supports search by
certificate ID or meter ID (via readings join), status filter
(active/retired), and date range filter. All filters reflected in URL
params. API updated with q, status, date_from, date_to query params.

Also fix pre-existing orphaned </ErrorBoundary> tags in dashboard page.
@dependabot
build(deps): bump the minor-updates group with 7 updates
18140a2 
Bumps the minor-updates group with 7 updates:

| Package | From | To |
| --- | --- | --- |
| [@noble/ed25519](https://github.com/paulmillr/noble-ed25519) | `2.1.0` | `2.3.0` |
| [@supabase/supabase-js](https://github.com/supabase/supabase-js/tree/HEAD/packages/core/supabase-js) | `2.104.1` | `2.105.0` |
| [@t3-oss/env-nextjs](https://github.com/t3-oss/t3-env/tree/HEAD/packages/nextjs) | `0.11.1` | `0.13.11` |
| [lucide-react](https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react) | `0.468.0` | `0.577.0` |
| [next](https://github.com/vercel/next.js) | `15.1.3` | `15.5.15` |
| [eslint-config-next](https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next) | `15.1.3` | `15.5.15` |
| [prettier-plugin-tailwindcss](https://github.com/tailwindlabs/prettier-plugin-tailwindcss) | `0.6.14` | `0.8.0` |


Updates `@noble/ed25519` from 2.1.0 to 2.3.0
- [Release notes](https://github.com/paulmillr/noble-ed25519/releases)
- [Commits](paulmillr/noble-ed25519@2.1.0...2.3.0)

Updates `@supabase/supabase-js` from 2.104.1 to 2.105.0
- [Release notes](https://github.com/supabase/supabase-js/releases)
- [Changelog](https://github.com/supabase/supabase-js/blob/develop/packages/core/supabase-js/CHANGELOG.md)
- [Commits](https://github.com/supabase/supabase-js/commits/v2.105.0/packages/core/supabase-js)

Updates `@t3-oss/env-nextjs` from 0.11.1 to 0.13.11
- [Release notes](https://github.com/t3-oss/t3-env/releases)
- [Changelog](https://github.com/t3-oss/t3-env/blob/main/packages/nextjs/CHANGELOG.md)
- [Commits](https://github.com/t3-oss/t3-env/commits/@t3-oss/env-nextjs@0.13.11/packages/nextjs)

Updates `lucide-react` from 0.468.0 to 0.577.0
- [Release notes](https://github.com/lucide-icons/lucide/releases)
- [Commits](https://github.com/lucide-icons/lucide/commits/0.577.0/packages/lucide-react)

Updates `next` from 15.1.3 to 15.5.15
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v15.1.3...v15.5.15)

Updates `eslint-config-next` from 15.1.3 to 15.5.15
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](https://github.com/vercel/next.js/commits/v15.5.15/packages/eslint-config-next)

Updates `prettier-plugin-tailwindcss` from 0.6.14 to 0.8.0
- [Release notes](https://github.com/tailwindlabs/prettier-plugin-tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/prettier-plugin-tailwindcss/blob/main/CHANGELOG.md)
- [Commits](tailwindlabs/prettier-plugin-tailwindcss@v0.6.14...v0.8.0)

---
updated-dependencies:
- dependency-name: "@noble/ed25519"
  dependency-version: 2.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-updates
- dependency-name: "@supabase/supabase-js"
  dependency-version: 2.105.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-updates
- dependency-name: "@t3-oss/env-nextjs"
  dependency-version: 0.13.11
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-updates
- dependency-name: lucide-react
  dependency-version: 0.577.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-updates
- dependency-name: next
  dependency-version: 15.5.15
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-updates
- dependency-name: eslint-config-next
  dependency-version: 15.5.15
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-updates
- dependency-name: prettier-plugin-tailwindcss
  dependency-version: 0.8.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
@AnnabelJoe
Merge pull request AnnabelJoe#240 from AnnabelJoe/dependabot/npm_and_…
0c0adcf 
…yarn/minor-updates-90e75f2a75

build(deps): bump the minor-updates group with 7 updates
@AnnabelJoe
Merge pull request AnnabelJoe#239 from scriptnovaa/fix/issues-19-20-2…
60360ca 
…4-25

fix: resolve issues AnnabelJoe#19, AnnabelJoe#20, AnnabelJoe#24, AnnabelJoe#25 — search/filter, hydration, wallet gate, network badge
@AnnabelJoe
Merge branch 'main' into feat/copy-button-for-ids-issue-23
96fac28
@AnnabelJoe
Merge pull request AnnabelJoe#236 from milah-247/feat/copy-button-for…
69b12d4 
…-ids-issue-23

feat: add copy-to-clipboard functionality for IDs and hashes
@AnnabelJoe
Merge branch 'main' into feat/issues-10-15-16-17
4971bd6
@AnnabelJoe
Merge pull request AnnabelJoe#238 from zeekman/feat/issues-10-15-16-17
91220ae 
feat: verify stepper, governance form + voting, i18n (AnnabelJoe#17 AnnabelJoe#15 AnnabelJoe#16 AnnabelJoe#10)
@AnnabelJoe
Merge pull request AnnabelJoe#235 from milah-247/feat/realtime-dashbo…
ee7ea04 
…ard-websocket-issue-9

feat: add real-time dashboard updates with WebSocket support
@AnnabelJoe
Merge pull request AnnabelJoe#237 from autostack-art/feat/issues-27-3…
97e29e3 
…0-32-35

feat: rate limiting, meter name, tracer-sim, verify chain-of-custody (AnnabelJoe#27 AnnabelJoe#30 AnnabelJoe#32 AnnabelJoe#35)
@AnnabelJoe
Merge pull request AnnabelJoe#234 from milah-247/fix/form-button-stat…
3ba38f3 
…es-issue-21

fix: add spinner and disable buttons during form submission
@devnWisdom
feat(api): implement CORS policy for API routes
235e9b8 
- Add getCorsHeaders() helper in src/lib/cors.ts
- Restrict allowed origins to CORS_ALLOWED_ORIGINS env var + localhost in dev
- Handle OPTIONS preflight with 204 / 403 in middleware
- Attach CORS headers to all API responses including versioning redirects
- Enable credentials mode (Access-Control-Allow-Credentials: true)
- Add CORS_ALLOWED_ORIGINS to env.ts schema and .env.example

Closes AnnabelJoe#46
@devnWisdom
test(api): add regression tests for known bug fixes
bdf7dee 
Adds regression tests for four closed bug issues so they cannot be
silently reintroduced:

- AnnabelJoe#29 input validation: 11 tests covering missing/invalid fields on
  POST /api/readings and POST /api/meters, and that validation runs
  before any DB access
- AnnabelJoe#49 Stellar account existence check: 4 tests verifying mint failures
  (non-existent account, missing trustline, missing cooperative address)
  are surfaced as structured 500 errors
- AnnabelJoe#73 reading deduplication: 4 tests verifying that AlreadyAnchored /
  duplicate errors from the anchor step return 409 with reading_id,
  while unique readings still return 201

All 19 regression tests pass. Documents the process in CONTRIBUTING.md.

Closes AnnabelJoe#125
@PrincessnJoy
test(governance): add lifecycle integration tests (AnnabelJoe#122)
1196144 
- AC1: create → vote to pass → execute succeeds
- AC2: create → vote to reject → execution blocked
- AC3: quorum not met (50% yes < 51% threshold) → execution blocked
- AC4: expired proposal (no votes) → cannot execute

Closes AnnabelJoe#122
@PrincessnJoy
test(fixtures): add Supabase test factories and cleanup helpers (Anna…
8c3ce01 
…belJoe#123)

- Factory functions for: cooperative, meter, reading, certificate, operator
- emptyCleanupIds() + cleanup() for afterEach teardown in dependency order
- factories.test.ts verifies each factory shape and cleanup behaviour
- All factories accept overrides and auto-create parent rows

Closes AnnabelJoe#123
@PrincessnJoy
test(proptest): add property-based tests for contracts (AnnabelJoe#121)
c27341c 
- New crate: apps/contracts/proptest/ (stable Rust, no nightly needed)
- P1: mint amount always positive — non-positive amounts rejected
- P2: balance never negative after mint/burn sequences
- P3: vote count monotonically non-decreasing
- Failures produce minimal reproducible examples via proptest shrinking
- CI: new 'proptest' job in ci.yml runs cargo test

Closes AnnabelJoe#121
@PrincessnJoy
test(a11y): integrate axe-core accessibility testing in Playwright (A…
4f70898 
…nnabelJoe#124)

- Add @axe-core/playwright devDependency
- e2e/helpers/a11y.ts: checkA11y() helper — runs axe on WCAG 2.0/2.1 A/AA
- e2e/a11y.spec.ts: tests for /verify and / pages
- Critical and serious violations fail the test with selector + fix URL
- Baseline violations section documented in a11y.spec.ts

Closes AnnabelJoe#124
Vera3289 and others added 15 commits May 28, 2026 06:37
@Vera3289
Merge branch 'main' into issue/252-257-261-254-responsive-accessibility
814755c
@AnnabelJoe
Merge pull request AnnabelJoe#363 from Vera3289/issue/252-257-261-254…
ccd5c81 
…-responsive-accessibility

Responsive dashboard, certificate detail page, toast notifications, and accessibility improvements
@semantic-release-bot
chore(release): 1.1.0 [skip ci]
983b3fa 
## [1.1.0](AnnabelJoe/solarproof@v1.0.0...v1.1.0) (2026-05-28)

### Features

* responsive dashboard, certificate detail page, toast notifications, and accessibility improvements ([704c0a5](AnnabelJoe@704c0a5))
@DevKingOche
feat: add /api/health and /api/ready endpoints (AnnabelJoe#275)
4f761a4 
- GET /api/health returns 200 with uptime and version
- GET /api/ready checks DB connectivity, returns 503 if unhealthy
- Both endpoints unauthenticated (no middleware)
- docker-compose.yml with healthcheck configured

Closes AnnabelJoe#275
@DevKingOche
docs: document pnpm --frozen-lockfile requirement (AnnabelJoe#302)
4072e11 
CI already enforces pnpm install --frozen-lockfile. Update CONTRIBUTING.md
to match: use --frozen-lockfile for normal installs, and explain when to
commit an updated lockfile.

Closes AnnabelJoe#302
@DevKingOche
feat: add governance voting UI (AnnabelJoe#265)
b59d23a 
- List active/past proposals with vote counts and status badges
- Vote For / Against / Abstain buttons (wallet signature stub)
- Voted state persisted in component state and shown to user
- Voting deadline countdown from ledger difference
- Visual vote bar (green/red/gray proportional breakdown)

Closes AnnabelJoe#265
@AnnabelJoe
Merge branch 'main' into feat/governance-voting-ui-265
337aff6
@AnnabelJoe
Merge pull request AnnabelJoe#372 from DevKingOche/feat/governance-vo…
d4a877b 
…ting-ui-265

feat: implement voting UI for community governance proposals
@semantic-release-bot
chore(release): 1.2.0 [skip ci]
ef789a1 
## [1.2.0](AnnabelJoe/solarproof@v1.1.0...v1.2.0) (2026-05-28)

### Features

* add governance voting UI ([AnnabelJoe#265](AnnabelJoe#265)) ([b59d23a](AnnabelJoe@b59d23a))
@AnnabelJoe
Merge branch 'main' into feat/ci-frozen-lockfile-302
dffee7a
@AnnabelJoe
Merge pull request AnnabelJoe#371 from DevKingOche/feat/ci-frozen-loc…
02e835e 
…kfile-302

ci: enforce pnpm lockfile integrity and update developer docs
@AnnabelJoe
Merge branch 'main' into feat/health-ready-endpoints-275
c309dc4
@AnnabelJoe
Merge pull request AnnabelJoe#369 from DevKingOche/feat/health-ready-…
1919b14 
…endpoints-275

feat: add /api/health and /api/ready endpoints
@semantic-release-bot
chore(release): 1.3.0 [skip ci]
7e77815 
## [1.3.0](AnnabelJoe/solarproof@v1.2.0...v1.3.0) (2026-05-28)

### Features

* add /api/health and /api/ready endpoints ([AnnabelJoe#275](AnnabelJoe#275)) ([4f761a4](AnnabelJoe@4f761a4))

### Documentation

* document pnpm --frozen-lockfile requirement ([AnnabelJoe#302](AnnabelJoe#302)) ([4072e11](AnnabelJoe@4072e11))
@devSoniia
feat(api): add Idempotency-Key header support to readings API
e4bccbe 
Closes AnnabelJoe#267

- Add src/lib/idempotency.ts: Redis-backed store using Upstash REST API
  with configurable TTL (IDEMPOTENCY_TTL_SECONDS, default 24h)
- readings POST checks Idempotency-Key header before processing;
  returns cached response on duplicate without re-anchoring or re-minting
- Successful responses are stored in Redis keyed by idempotency key
- Falls back to no-op when UPSTASH_REDIS_REST_URL is not set (local dev)
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 28, 2026

🔍 Vercel Preview Deployment

URL: Learn More: https://err.sh/vercel/no-credentials-found

Uses Stellar testnet contract addresses.

devSoniia added 2 commits May 28, 2026 15:01
@devSoniia
feat(observability): add OpenTelemetry APM instrumentation
670c77a 
Closes AnnabelJoe#291

- Add src/instrumentation.ts: Next.js instrumentation hook that initialises
  the OpenTelemetry Node SDK with OTLP HTTP exporter
- Instruments HTTP requests and fetch calls (covers Stellar + Supabase)
- Service name/version set from env vars with sensible defaults
- Enable experimental.instrumentationHook in next.config.ts
- Add @opentelemetry/* dependencies (pinned versions)

Configure via env vars:
  OTEL_EXPORTER_OTLP_ENDPOINT — OTLP collector URL (Grafana Cloud, Honeycomb)
  OTEL_EXPORTER_OTLP_HEADERS  — auth headers
  OTEL_SERVICE_NAME            — defaults to solarproof-api
@devSoniia
docs: enhance developer onboarding guide
ff7de25 
Closes AnnabelJoe#308

- Add architecture overview diagram with data flow and key files table
- Add Docker Compose setup instructions (Option A)
- Expand env vars section with Redis and observability vars
- Add test commands for all packages (web unit, e2e, contracts, stellar)
- Add troubleshooting entries for idempotency, OpenTelemetry, Docker,
  inactive meter, and missing env vars
- Expand project structure with src/ subdirectory breakdown
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 28, 2026

✅ cargo audit

�[1m�[32m    Updating�[0m crates.io index
�[1m�[32m     Locking�[0m 188 packages to latest compatible versions
�[1m�[36m      Adding�[0m arbitrary v1.3.2 �[1m�[33m(available: v1.4.2)�[0m
�[1m�[36m      Adding�[0m crypto-common v0.1.6 �[1m�[33m(available: v0.1.7)�[0m
�[1m�[36m      Adding�[0m darling v0.23.0 �[1m�[31m(requires Rust 1.88.0)�[0m
�[1m�[36m      Adding�[0m darling_core v0.23.0 �[1m�[31m(requires Rust 1.88.0)�[0m
�[1m�[36m      Adding�[0m darling_macro v0.23.0 �[1m�[31m(requires Rust 1.88.0)�[0m
�[1m�[36m      Adding�[0m derive_arbitrary v1.3.2 �[1m�[33m(available: v1.4.2)�[0m
�[1m�[36m      Adding�[0m serde_with v3.20.0 �[1m�[31m(requires Rust 1.88)�[0m
�[1m�[36m      Adding�[0m serde_with_macros v3.20.0 �[1m�[31m(requires Rust 1.88)�[0m
�[1m�[36m      Adding�[0m soroban-builtin-sdk-macros v23.0.1 �[1m�[33m(available: v23.0.2)�[0m
�[1m�[36m      Adding�[0m soroban-env-common v23.0.1 �[1m�[33m(available: v23.0.2)�[0m
�[1m�[36m      Adding�[0m soroban-env-guest v23.0.1 �[1m�[33m(available: v23.0.2)�[0m
�[1m�[36m      Adding�[0m soroban-env-host v23.0.1 �[1m�[33m(available: v23.0.2)�[0m
�[1m�[36m      Adding�[0m soroban-env-macros v23.0.1 �[1m�[33m(available: v23.0.2)�[0m
�[1m�[36m      Adding�[0m soroban-sdk v23.5.3 �[1m�[33m(available: v25.3.0)�[0m
�[1m�[36m      Adding�[0m time v0.3.47 �[1m�[31m(requires Rust 1.88.0)�[0m
�[1m�[36m      Adding�[0m time-core v0.1.8 �[1m�[31m(requires Rust 1.88.0)�[0m
�[1m�[36m      Adding�[0m time-macros v0.2.27 �[1m�[31m(requires Rust 1.88.0)�[0m
�[0m�[0m�[1m�[32m    Fetching�[0m advisory database from `https://github.com/RustSec/advisory-db.git`
�[0m�[0m�[1m�[32m      Loaded�[0m 1098 security advisories (from /home/runner/.cargo/advisory-db)
�[0m�[0m�[1m�[32m    Updating�[0m crates.io index
�[0m�[0m�[1m�[32m    Scanning�[0m Cargo.lock for vulnerabilities (192 crate dependencies)
�[0m�[0m�[1m�[33mCrate:    �[0m derivative
�[0m�[0m�[1m�[33mVersion:  �[0m 2.2.0
�[0m�[0m�[1m�[33mWarning:  �[0m unmaintained
�[0m�[0m�[1m�[33mTitle:    �[0m `derivative` is unmaintained; consider using an alternative
�[0m�[0m�[1m�[33mDate:     �[0m 2024-06-26
�[0m�[0m�[1m�[33mID:       �[0m RUSTSEC-2024-0388
�[0m�[0m�[1m�[33mURL:      �[0m https://rustsec.org/advisories/RUSTSEC-2024-0388
�[0m�[0m�[1m�[33mDependency tree:
�[0mderivative 2.2.0
├── ark-poly 0.4.2
│   └── ark-ec 0.4.2
│       ├── soroban-env-host 23.0.1
│       │   ├── soroban-sdk 23.5.3
│       │   │   ├── multisig-admin 1.0.0
│       │   │   ├── energy-token 1.0.0
│       │   │   ├── community-governance 1.0.0
│       │   │   └── audit-registry 1.0.0
│       │   └── soroban-ledger-snapshot 23.5.3
│       │       └── soroban-sdk 23.5.3
│       └── ark-bls12-381 0.4.0
│           └── soroban-env-host 23.0.1
├── ark-ff 0.4.2
│   ├── soroban-env-host 23.0.1
│   ├── ark-poly 0.4.2
│   ├── ark-ec 0.4.2
│   └── ark-bls12-381 0.4.0
└── ark-ec 0.4.2

�[0m�[0m�[1m�[33mCrate:    �[0m paste
�[0m�[0m�[1m�[33mVersion:  �[0m 1.0.15
�[0m�[0m�[1m�[33mWarning:  �[0m unmaintained
�[0m�[0m�[1m�[33mTitle:    �[0m paste - no longer maintained
�[0m�[0m�[1m�[33mDate:     �[0m 2024-10-07
�[0m�[0m�[1m�[33mID:       �[0m RUSTSEC-2024-0436
�[0m�[0m�[1m�[33mURL:      �[0m https://rustsec.org/advisories/RUSTSEC-2024-0436
�[0m�[0m�[1m�[33mDependency tree:
�[0mpaste 1.0.15
├── wasmi_core 0.13.0
│   └── soroban-wasmi 0.31.1-soroban.20.0.1
│       ├── soroban-env-host 23.0.1
│       │   ├── soroban-sdk 23.5.3
│       │   │   ├── multisig-admin 1.0.0
│       │   │   ├── energy-token 1.0.0
│       │   │   ├── community-governance 1.0.0
│       │   │   └── audit-registry 1.0.0
│       │   └── soroban-ledger-snapshot 23.5.3
│       │       └── soroban-sdk 23.5.3
│       └── soroban-env-common 23.0.1
│           ├── soroban-sdk-macros 23.5.3
│           │   └── soroban-sdk 23.5.3
│           ├── soroban-ledger-snapshot 23.5.3
│           ├── soroban-env-host 23.0.1
│           └── soroban-env-guest 23.0.1
│               └── soroban-sdk 23.5.3
└── ark-ff 0.4.2
    ├── soroban-env-host 23.0.1
    ├── ark-poly 0.4.2
    │   └── ark-ec 0.4.2
    │       ├── soroban-env-host 23.0.1
    │       └── ark-bls12-381 0.4.0
    │           └── soroban-env-host 23.0.1
    ├── ark-ec 0.4.2
    └── ark-bls12-381 0.4.0

�[0m�[0m�[1m�[33mwarning:�[0m 2 allowed warnings found

AnnabelJoe and others added 5 commits May 28, 2026 16:12
@AnnabelJoe
Merge pull request AnnabelJoe#376 from devSoniia/issue-308-developer-…
cfb2d34 
…onboarding

docs: enhance developer onboarding guide (AnnabelJoe#308)
@AnnabelJoe
Merge branch 'main' into issue-291-opentelemetry-apm
58e1cf4
@AnnabelJoe
Merge pull request AnnabelJoe#375 from devSoniia/issue-291-openteleme…
3cab7b5 
…try-apm

feat(observability): add OpenTelemetry APM instrumentation (AnnabelJoe#291)
@semantic-release-bot
chore(release): 1.4.0 [skip ci]
8c8db4e 
## [1.4.0](AnnabelJoe/solarproof@v1.3.0...v1.4.0) (2026-05-28)

### Features

* **observability:** add OpenTelemetry APM instrumentation ([670c77a](AnnabelJoe@670c77a)), closes [AnnabelJoe#291](AnnabelJoe#291)

### Documentation

* enhance developer onboarding guide ([ff7de25](AnnabelJoe@ff7de25)), closes [AnnabelJoe#308](AnnabelJoe#308)
@AnnabelJoe
Merge branch 'main' into issue-267-idempotency-key
7022970
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 28, 2026

✅ pnpm audit

4 vulnerabilities found
Severity: 4 moderate

@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 28, 2026

✅ cargo audit

�[1m�[32m    Updating�[0m crates.io index
�[1m�[32m     Locking�[0m 188 packages to latest compatible versions
�[1m�[36m      Adding�[0m arbitrary v1.3.2 �[1m�[33m(available: v1.4.2)�[0m
�[1m�[36m      Adding�[0m crypto-common v0.1.6 �[1m�[33m(available: v0.1.7)�[0m
�[1m�[36m      Adding�[0m derive_arbitrary v1.3.2 �[1m�[33m(available: v1.4.2)�[0m
�[1m�[36m      Adding�[0m soroban-builtin-sdk-macros v23.0.1 �[1m�[33m(available: v23.0.2)�[0m
�[1m�[36m      Adding�[0m soroban-env-common v23.0.1 �[1m�[33m(available: v23.0.2)�[0m
�[1m�[36m      Adding�[0m soroban-env-guest v23.0.1 �[1m�[33m(available: v23.0.2)�[0m
�[1m�[36m      Adding�[0m soroban-env-host v23.0.1 �[1m�[33m(available: v23.0.2)�[0m
�[1m�[36m      Adding�[0m soroban-env-macros v23.0.1 �[1m�[33m(available: v23.0.2)�[0m
�[1m�[36m      Adding�[0m soroban-sdk v23.5.3 �[1m�[33m(available: v25.3.0)�[0m
�[0m�[0m�[1m�[32m    Fetching�[0m advisory database from `https://github.com/RustSec/advisory-db.git`
�[0m�[0m�[1m�[32m      Loaded�[0m 1098 security advisories (from /home/runner/.cargo/advisory-db)
�[0m�[0m�[1m�[32m    Updating�[0m crates.io index
�[0m�[0m�[1m�[32m    Scanning�[0m Cargo.lock for vulnerabilities (192 crate dependencies)
�[0m�[0m�[1m�[33mCrate:    �[0m derivative
�[0m�[0m�[1m�[33mVersion:  �[0m 2.2.0
�[0m�[0m�[1m�[33mWarning:  �[0m unmaintained
�[0m�[0m�[1m�[33mTitle:    �[0m `derivative` is unmaintained; consider using an alternative
�[0m�[0m�[1m�[33mDate:     �[0m 2024-06-26
�[0m�[0m�[1m�[33mID:       �[0m RUSTSEC-2024-0388
�[0m�[0m�[1m�[33mURL:      �[0m https://rustsec.org/advisories/RUSTSEC-2024-0388
�[0m�[0m�[1m�[33mDependency tree:
�[0mderivative 2.2.0
├── ark-poly 0.4.2
│   └── ark-ec 0.4.2
│       ├── soroban-env-host 23.0.1
│       │   ├── soroban-sdk 23.5.3
│       │   │   ├── multisig-admin 1.0.0
│       │   │   ├── energy-token 1.0.0
│       │   │   ├── community-governance 1.0.0
│       │   │   └── audit-registry 1.0.0
│       │   └── soroban-ledger-snapshot 23.5.3
│       │       └── soroban-sdk 23.5.3
│       └── ark-bls12-381 0.4.0
│           └── soroban-env-host 23.0.1
├── ark-ff 0.4.2
│   ├── soroban-env-host 23.0.1
│   ├── ark-poly 0.4.2
│   ├── ark-ec 0.4.2
│   └── ark-bls12-381 0.4.0
└── ark-ec 0.4.2

�[0m�[0m�[1m�[33mCrate:    �[0m paste
�[0m�[0m�[1m�[33mVersion:  �[0m 1.0.15
�[0m�[0m�[1m�[33mWarning:  �[0m unmaintained
�[0m�[0m�[1m�[33mTitle:    �[0m paste - no longer maintained
�[0m�[0m�[1m�[33mDate:     �[0m 2024-10-07
�[0m�[0m�[1m�[33mID:       �[0m RUSTSEC-2024-0436
�[0m�[0m�[1m�[33mURL:      �[0m https://rustsec.org/advisories/RUSTSEC-2024-0436
�[0m�[0m�[1m�[33mDependency tree:
�[0mpaste 1.0.15
├── wasmi_core 0.13.0
│   └── soroban-wasmi 0.31.1-soroban.20.0.1
│       ├── soroban-env-host 23.0.1
│       │   ├── soroban-sdk 23.5.3
│       │   │   ├── multisig-admin 1.0.0
│       │   │   ├── energy-token 1.0.0
│       │   │   ├── community-governance 1.0.0
│       │   │   └── audit-registry 1.0.0
│       │   └── soroban-ledger-snapshot 23.5.3
│       │       └── soroban-sdk 23.5.3
│       └── soroban-env-common 23.0.1
│           ├── soroban-sdk-macros 23.5.3
│           │   └── soroban-sdk 23.5.3
│           ├── soroban-ledger-snapshot 23.5.3
│           ├── soroban-env-host 23.0.1
│           └── soroban-env-guest 23.0.1
│               └── soroban-sdk 23.5.3
└── ark-ff 0.4.2
    ├── soroban-env-host 23.0.1
    ├── ark-poly 0.4.2
    │   └── ark-ec 0.4.2
    │       ├── soroban-env-host 23.0.1
    │       └── ark-bls12-381 0.4.0
    │           └── soroban-env-host 23.0.1
    ├── ark-ec 0.4.2
    └── ark-bls12-381 0.4.0

�[0m�[0m�[1m�[33mwarning:�[0m 2 allowed warnings found

@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 28, 2026

🔍 Vercel Preview Deployment

URL: Learn More: https://err.sh/vercel/no-credentials-found

Uses Stellar testnet contract addresses.

github-advanced-security[bot]
github-advanced-security AI found potential problems May 28, 2026
View reviewed changes
Comment thread apps/web/e2e/a11y.spec.ts
* violations are found. Baseline violations (if any) are documented below.
*/

import { test, expect } from '@playwright/test'
Comment thread apps/web/src/components/certificate-chain.tsx
Comment on lines +3 to +12
import {
Zap,
ShieldCheck,
Link2,
Award,
FlameKindling,
ExternalLink,
CheckCircle2,
Clock,
} from 'lucide-react'
Comment thread apps/web/src/tests/factories.test.ts
const inMock = vi.fn().mockReturnValue({ error: null })
deleteMock.mockReturnValue({ in: inMock })

function makeInsertMock(row: Record<string, unknown>) {
github-advanced-security[bot]
github-advanced-security AI found potential problems May 28, 2026
View reviewed changes
Comment thread apps/contracts/audit_registry/src/lib.rs

#[test]
fn test_api_signer_query() {
let (env, api_signer, client) = setup();
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@github-advanced-security github-advanced-security[bot] github-advanced-security[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add idempotency key support to the readings API