-
v1.4.1 — Fix order detail + rental manage/cancel 404
StableSome checks failedBuild and Test / build (push) Failing after 1m34smik-tf released this
2026-03-26 15:24:52 +00:00 | 34 commits to development since this releaseBug fixes
- #43: Order detail API returns 404 —
place_ordernow creates orders viaOrderManagertrait (newcreate_order_from_itemsmethod) instead of writing to an in-memory singleton. Order IDs are now OSIS SIDs, consistent between create and read paths. - #44: Rental manage/cancel returns 404 —
rent_productnow creates realSliceRentalrecords via the service layer instead of throwaway UUIDs.cancel_slice_rentalandmanage_slice_rentalnow update OSIS status.
Files changed (8)
src/axum_app/controllers/order.rs— routeplace_orderthroughOrderManagersrc/axum_app/controllers/rental.rs— routerent_productthroughSliceRentalManagersrc/axum_app/controllers/dashboard/user.rs—cancel_slice_rental+manage_slice_rentalupdate OSISsrc/services/traits/mod.rs— newcreate_order_from_items+cancel_slice_rentaltrait methodssrc/services/impl_local/order_manager.rs— OSIS implementationsrc/services/impl_local/slice_rental_manager.rs— OSIS implementationsrc/services/impl_fixtures/order_manager.rs— fixture implementationsrc/services/impl_fixtures/slice_rental_manager.rs— fixture implementation
Test results (against dev-app.projectmycelium.org)
Suite Result API Smoke 24/24 API Integration 43/43 Provider Integration 25/25 Messaging & SSH 9/9 Rental Integration 12/12 Load Test (10 concurrent) 7/7, 0% errors — mik-tf
Downloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads
- #43: Order detail API returns 404 —
-
2026-03-26 00:16:20 +00:00 | 36 commits to development since this releasev1.4.0 — Unified release (clean baseline for v2.0 work)
All repos aligned at v1.4.0
Includes all work from v0.5.0 through v1.3.x:
- Ed25519 keypair identity + signature auth
- Stripe + ClickPesa + Bank payments (live Stripe webhook configured)
- Signed wallet transactions with server-signed receipts
- 53/53 issue #19 items complete
- Product detail 404 fixed (Axum :id route syntax)
- SQLi + XSS input validation
- 132 automated tests across 7 layers, ALL PASS
- FOSS-sovereign DESIGN.md
- Service worker, visual + chaos Playwright tests
Clean state
- All repos on development, 0 dirty files
- .gitignore added for target/ and test-results/
- No stale branches
Signed-off-by: mik-tf
Downloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads
-
2026-03-25 22:12:21 +00:00 | 38 commits to development since this releasev1.3.1 — Security fixes + full 7-layer test suite
Security fixes
- SQL injection in email field: REJECTED (was accepted)
- XSS in name field: SANITIZED (was stored raw)
Test suite: 130 tests across 7 layers, ALL PASS
- Compile: 2 repos ✅
- Unit: 25/25 ✅
- Smoke: 50/50 ✅
- Integration: 22/22 ✅
- Playwright E2E: 16/16 ✅
- Adversarial + Regression: 7/7 ✅
- Visual (10 pages) + Chaos (7 tests): 17/17 ✅ + MCP browser verified ✅
Signed-off-by: mik-tf
Downloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads
-
2026-03-25 21:55:23 +00:00 | 39 commits to development since this releasev1.3.0 — Issue #19 COMPLETE (53/53 items)
Every single checklist item from the v1.0 roadmap is done.
Final items completed in v1.3.0
- East African currencies (TZS, KES, UGX) in Buy Credits modal
- Stripe API keys configured from env.sh
- Clickpesa API keys configured from env.sh
- Payment credentials deployed to dev VM
113 tests ALL PASS
Complete release history
v0.5.0→v1.3.0 (10 releases across 3 repos)
Signed-off-by: mik-tf
Downloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads
-
2026-03-25 21:45:26 +00:00 | 39 commits to development since this releasev1.2.0 — 50/53 Issue #19 Items Complete
New in v1.2.0
- Server-signed receipts (HMAC-SHA256)
- Admin bank transfer approval endpoint
- Category dropdown in product search
- Auto top-up frontend wiring
- Optimistic wallet UI updates
- Service request forms wired to API
- Service worker for offline static caching
Status: 50/53 done
3 items blocked on external credentials:
- East African currencies (needs Clickpesa API config)
- Production Stripe keys (needs account)
- Production Clickpesa keys (needs account)
113 tests ALL PASS (25 unit + 50 smoke + 22 integration + 16 Playwright)
Signed-off-by: mik-tf
Downloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads
-
2026-03-25 21:16:22 +00:00 | 40 commits to development since this releasev1.1.0 — Issue #19 Complete
New features
- Messaging compose — send new messages from compose form
- SSH key CRUD — list, add SSH keys in settings
- Receipt storage — transaction receipts stored in localStorage
- Refund endpoint — POST /api/wallet/refund credits wallet
- Instant purchase — debit wallet (was NOT_IMPLEMENTED)
- Quick top-up — credit wallet (was NOT_IMPLEMENTED)
- Auto top-up — configure + trigger (was NOT_IMPLEMENTED)
Test results: ALL 132 PASS
- 25 unit, 50 smoke, 22 integration, 16 Playwright
Signed-off-by: mik-tf
Downloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads
-
2026-03-25 20:50:25 +00:00 | 41 commits to development since this releasev1.0.2 — Comprehensive Test Suite
Test pyramid (all green)
Layer Tests Status 1. Compile cargo check (2 repos) PASS 2. Unit 25 Rust tests 25/25 PASS 3. Smoke 69 curl tests 69/69 PASS 4. API Integration 22 lifecycle tests 22/22 PASS 5. Playwright E2E 16 browser tests 16/16 PASS Total 132 automated tests ALL PASS New test suites
tests/api_integration.sh— 22 tests: register, challenge, verify, wallet, payments, transact errors, products, SSR compattests/playwright/— 16 Playwright tests: full user journey, adversarial (invalid sig, expired, duplicate, unauth), regression (8 known bugs)- Backend unit tests fixed: mcp.rs helpers + branding.toml
Signed-off-by: mik-tf
Downloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads
-
2026-03-25 04:51:10 +00:00 | 42 commits to development since this releasev1.0.1 — E2E Bug Fixes
Fixes (8 bugs resolved)
- Buy Now did add-to-cart instead of signed purchase → fixed with ed25519 spend intent
- Buy Now errors swallowed silently → now shows alert dialog
- New user balance was 0 MC (hardcoded override) → now 100 MC starter credits
- InsufficientFunds returned HTTP 200 → now returns 402 with clear message
- JWT fallback not sent in API requests → Bearer token now included alongside signatures
- Middleware didn't fall back to JWT when signature failed → added fallback
- Auth endpoints didn't return JWT → register + verify now return JWT token
- Unauthenticated Buy Now silently redirected → now shows "Please sign in" alert (matches SSR)
Browser E2E verified
- Register → 100 MC balance → Marketplace → Buy Now → Order Confirmed → 70.01 MC balance
- Session persistence, Sign Out, auth alert for unauthenticated users
- 26/26 + 24/24 smoke tests PASS
Signed-off-by: mik-tf
Downloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads
-
2026-03-25 01:48:53 +00:00 | 45 commits to development since this releasev1.0.0 — Production-Ready FOSS-Sovereign Marketplace SPA
Complete Feature Set
Identity & Auth
- Ed25519 keypair vault (AES-256-GCM + PBKDF2 100k iterations)
- Signature-based auth (every API request signed)
- Session persistence (sessionStorage, 30 min idle timeout)
- Stateless HMAC challenges (horizontally scalable)
- Full body SHA-256 verification in middleware
- User-friendly UX (Sign In, Passphrase, Create Account)
Payments
- PaymentProvider trait + 4 implementations (Demo, Stripe, Clickpesa, Bank Transfer)
- Webhook endpoints with HMAC signature verification
- Payment initiation API with redirect URLs
- Buy Credits modal with gateway selection
Wallet
- Signed spend intents (ed25519 signature required for purchases)
- Credit/debit with balance tracking and receipts
- Buy Now flow on product detail page
- Balance + notification polling every 30s
Polish
- 45+ routes with 4 layout types
- 48 dioxus-bootstrap-css signal-driven components
- Form validation (register, checkout)
- SSR visual parity (same Bootstrap 5.3.3 CSS)
- DESIGN.md — complete FOSS-sovereign architecture document (17 sections)
Test Results
- 26/26 API smoke tests (SSR domain) PASS
- 24/24 API smoke tests (SPA domain) PASS
- 19/19 SPA frontend smoke tests PASS
- Browser E2E: register → dashboard → refresh → sign out → sign in (all PASS)
Container Images
forge.ourworld.tf/mycelium_code/projectmycelium_marketplace:v1.0.0 forge.ourworld.tf/mycelium_code/projectmycelium_marketplace:latest forge.ourworld.tf/mycelium_code/projectmycelium_marketplace_frontend:v1.0.0 forge.ourworld.tf/mycelium_code/projectmycelium_marketplace_frontend:latestLive
Signed-off-by: mik-tf
Downloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads
-
2026-03-25 01:39:54 +00:00 | 45 commits to development since this releasev0.8.0 — Data Parity & Polish
What is new
- Balance polling — wallet balance + unread messages refreshed every 30s when authenticated
- Buy Now flow — product detail page Buy Now signs spend intent, deducts wallet, redirects to confirmation
- Form validation — register page validates name (required), email (format), passphrase (match + min 6 chars)
- Unified polling — single async loop for balance + notification sync (stops when signed out)
Test results
- 26/26 API smoke tests (SSR) PASS
- 24/24 API smoke tests (SPA) PASS
- Deployed to dev
Signed-off-by: mik-tf
Downloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads