AcadeNice/corentin_wakdo
7
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

P1 conception: security-by-design layer (Merise 21 entities, Forgejo CI/CD, hardening) #3

Merged
Corentin merged 17 commits from feat/p1-conception into dev 2026-06-15 12:16:12 +02:00
Conversation 0 Commits 17 Files changed 35 +2016 -1026

17 commits

Author SHA1 Message Date
Imugiii
be53b7e5e0 docs(ci): add security-by-design checklist to PR template
All checks were successful
CI / secret-scan (pull_request) Successful in 10s
Details
CI / php-lint (pull_request) Successful in 17s
Details
CI / static-tests (pull_request) Successful in 4s
Details
CI / secret-scan (push) Successful in 8s
Details
CI / php-lint (push) Successful in 18s
Details
CI / static-tests (push) Successful in 5s
Details
2026-06-15 10:12:23 +00:00
Imugiii
d555988b81 Merge remote-tracking branch 'origin/dev' into feat/p1-conception 
# Conflicts:
#	.forgejo/workflows/ci.yml
 2026-06-15 10:11:37 +00:00
Imugiii
371c029e8a docs(merise): replace stale v0.1 drawio with per-subdomain Mermaid + SVG (21 entities)
All checks were successful
CI / secret-scan (push) Successful in 7s
Details
CI / php-lint (push) Successful in 16s
Details
CI / static-tests (push) Successful in 4s
Details
2026-06-15 10:11:04 +00:00
Imugiii
f65daf3a27 ci: trigger first Forgejo Actions run (actions enabled on prod)
All checks were successful
CI / secret-scan (push) Successful in 8s
Details
CI / php-lint (push) Successful in 17s
Details
CI / static-tests (push) Successful in 4s
Details
2026-06-15 09:41:02 +00:00
Imugiii
6cccaf8ad7 ci: scope push trigger to dev/main + feature branches (final)
All checks were successful
CI / secret-scan (push) Successful in 21s
Details
CI / php-lint (push) Successful in 19s
Details
CI / static-tests (push) Successful in 4s
Details
2026-06-15 08:36:24 +00:00
Imugiii
7a10e2519a ci: trigger on any push (diagnostic - will scope down once dispatch confirmed)
Some checks are pending
CI / secret-scan (push) Waiting to run
Details
CI / php-lint (push) Waiting to run
Details
CI / static-tests (push) Waiting to run
Details
2026-06-15 08:34:50 +00:00
Imugiii
a5058c02cd ci: also run CI on push to feat/fix/ci/refactor branches (pre-PR feedback)
Some checks are pending
CI / secret-scan (push) Waiting to run
Details
CI / php-lint (push) Waiting to run
Details
CI / static-tests (push) Waiting to run
Details
2026-06-15 08:33:01 +00:00
Imugiii
84ed730e8d ci(security): Forgejo Actions CI (gitleaks + php-lint + guarded phpstan/phpunit), SECURITY.md, PR auto-merge script 2026-06-15 08:32:06 +00:00
Imugiii
bf82ba25e6 ci(security): gitleaks config, branch-protection script, Forgejo runner setup doc 2026-06-15 08:27:34 +00:00
Imugiii
2d33e9d442 chore(security): SbD parameters in .env.example + hardened php.ini 2026-06-15 08:27:34 +00:00
Imugiii
fae5c23722 docs(uml): add security sequence + v0.2 drift fixes (sequence, state, use-cases) 2026-06-15 08:04:13 +00:00
Imugiii
d305a095fc docs(context): align CI/CD on Forgejo Actions, integrate security-by-design layer, rechiffer planning 2026-06-15 08:04:13 +00:00
Imugiii
5c34f6b2e3 docs(merise): add security-by-design treatment rules to MLT 
Transverse rules RG-T13-T21 (PIN, audit, escaping, allowlists, idempotency, atomic stock
decrement, computed availability); RGPD erasure and password reset flows; per-IP
login_throttle table with daily purge cron; atomic stock decrement replaces pessimistic
FOR UPDATE.
 2026-06-12 09:29:51 +00:00
Imugiii
0f57a44a75 docs(merise): add security-by-design operations to MCT 
ERASE_USER_PII (RGPD anonymisation) and RESET_PASSWORD; PIN-gated sensitive set writing
audit_log; auth throttling via login_throttle; computed product availability on catalogue
read. Cross-validation 21/21.
 2026-06-12 09:29:51 +00:00
Imugiii
14348ba340 docs(merise): add security-by-design tables to MLD 
audit_log + login_throttle tables; user auth/PIN/anonymisation columns; customer_order
acting_user_id + idempotency_key; ingredient percentage stock columns (drop CHECK
stock_quantity >= 0, add stock_capacity, low_stock_pct, critical_stock_pct). 21 tables.
 2026-06-12 09:29:51 +00:00
Imugiii
a1692b6b80 docs(merise): extend MCD with security-by-design entities and percentage stock model 
Adds audit_log + login_throttle; security columns on user/customer_order; fixes
product_ingredient drift (quantity -> quantity_normal/quantity_maxi); percentage stock
model and computed product availability. 21 entities, cross-validation 21/21.
 2026-06-12 09:29:51 +00:00
Imugiii
fadf0bd630 docs(merise): add security-by-design layer to data dictionary 
Adds audit_log (20) and login_throttle (21); user auth lifecycle (pin_hash,
failed_login_attempts, lockout_until, reset token, anonymized_at); customer_order
acting_user_id + idempotency_key; percentage stock model on ingredient (signed
stock_quantity, stock_capacity, low_stock_pct, critical_stock_pct). 21 entities.
 2026-06-12 09:29:51 +00:00