coopcloud_code/projectmycelium_marketplace_deploy
0
0
Fork 0
Code Issues Pull requests Projects Releases 20 Packages Wiki Activity Actions
20 releases 20 tags
  • v1.2.0 cd71992145

    v1.2.0 Stable

    mik-tf released this 2026-03-25 21:45:27 +00:00 | 41 commits to development since this release

    v1.2.0 — 50/53 Issue #19 Items Complete

    New in v1.2.0

    • Server-signed receipts (HMAC-SHA256)
    • Admin bank transfer approval endpoint
    • Category dropdown in product search
    • Auto top-up frontend wiring
    • Optimistic wallet UI updates
    • Service request forms wired to API
    • Service worker for offline static caching

    Status: 50/53 done

    3 items blocked on external credentials:

    • East African currencies (needs Clickpesa API config)
    • Production Stripe keys (needs account)
    • Production Clickpesa keys (needs account)

    113 tests ALL PASS (25 unit + 50 smoke + 22 integration + 16 Playwright)

    Signed-off-by: mik-tf

    Downloads
  • v1.1.0 715bc7d40f

    v1.1.0 Stable

    mik-tf released this 2026-03-25 21:16:23 +00:00 | 42 commits to development since this release

    v1.1.0 — Issue #19 Complete

    New features

    • Messaging compose — send new messages from compose form
    • SSH key CRUD — list, add SSH keys in settings
    • Receipt storage — transaction receipts stored in localStorage
    • Refund endpoint — POST /api/wallet/refund credits wallet
    • Instant purchase — debit wallet (was NOT_IMPLEMENTED)
    • Quick top-up — credit wallet (was NOT_IMPLEMENTED)
    • Auto top-up — configure + trigger (was NOT_IMPLEMENTED)

    Test results: ALL 132 PASS

    • 25 unit, 50 smoke, 22 integration, 16 Playwright

    Signed-off-by: mik-tf

    Downloads
  • v1.0.2 715bc7d40f

    v1.0.2 Stable

    mik-tf released this 2026-03-25 20:50:29 +00:00 | 42 commits to development since this release

    v1.0.2 — Comprehensive Test Suite

    Test pyramid (all green)

    Layer Tests Status
    1. Compile cargo check (2 repos) PASS
    2. Unit 25 Rust tests 25/25 PASS
    3. Smoke 69 curl tests 69/69 PASS
    4. API Integration 22 lifecycle tests 22/22 PASS
    5. Playwright E2E 16 browser tests 16/16 PASS
    Total 132 automated tests ALL PASS

    New test suites

    • tests/api_integration.sh — 22 tests: register, challenge, verify, wallet, payments, transact errors, products, SSR compat
    • tests/playwright/ — 16 Playwright tests: full user journey, adversarial (invalid sig, expired, duplicate, unauth), regression (8 known bugs)
    • Backend unit tests fixed: mcp.rs helpers + branding.toml

    Signed-off-by: mik-tf

    Downloads
  • v1.0.1 c2268e2c74

    v1.0.1 Stable

    mik-tf released this 2026-03-25 04:51:18 +00:00 | 45 commits to development since this release

    v1.0.1 — E2E Bug Fixes

    Fixes (8 bugs resolved)

    1. Buy Now did add-to-cart instead of signed purchase → fixed with ed25519 spend intent
    2. Buy Now errors swallowed silently → now shows alert dialog
    3. New user balance was 0 MC (hardcoded override) → now 100 MC starter credits
    4. InsufficientFunds returned HTTP 200 → now returns 402 with clear message
    5. JWT fallback not sent in API requests → Bearer token now included alongside signatures
    6. Middleware didn't fall back to JWT when signature failed → added fallback
    7. Auth endpoints didn't return JWT → register + verify now return JWT token
    8. Unauthenticated Buy Now silently redirected → now shows "Please sign in" alert (matches SSR)

    Browser E2E verified

    • Register → 100 MC balance → Marketplace → Buy Now → Order Confirmed → 70.01 MC balance
    • Session persistence, Sign Out, auth alert for unauthenticated users
    • 26/26 + 24/24 smoke tests PASS

    Signed-off-by: mik-tf

    Downloads
  • v1.0.0 c2268e2c74

    v1.0.0 Stable

    mik-tf released this 2026-03-25 01:49:03 +00:00 | 45 commits to development since this release

    v1.0.0 — Production-Ready FOSS-Sovereign Marketplace SPA

    Complete Feature Set

    Identity & Auth

    • Ed25519 keypair vault (AES-256-GCM + PBKDF2 100k iterations)
    • Signature-based auth (every API request signed)
    • Session persistence (sessionStorage, 30 min idle timeout)
    • Stateless HMAC challenges (horizontally scalable)
    • Full body SHA-256 verification in middleware
    • User-friendly UX (Sign In, Passphrase, Create Account)

    Payments

    • PaymentProvider trait + 4 implementations (Demo, Stripe, Clickpesa, Bank Transfer)
    • Webhook endpoints with HMAC signature verification
    • Payment initiation API with redirect URLs
    • Buy Credits modal with gateway selection

    Wallet

    • Signed spend intents (ed25519 signature required for purchases)
    • Credit/debit with balance tracking and receipts
    • Buy Now flow on product detail page
    • Balance + notification polling every 30s

    Polish

    • 45+ routes with 4 layout types
    • 48 dioxus-bootstrap-css signal-driven components
    • Form validation (register, checkout)
    • SSR visual parity (same Bootstrap 5.3.3 CSS)
    • DESIGN.md — complete FOSS-sovereign architecture document (17 sections)

    Test Results

    • 26/26 API smoke tests (SSR domain) PASS
    • 24/24 API smoke tests (SPA domain) PASS
    • 19/19 SPA frontend smoke tests PASS
    • Browser E2E: register → dashboard → refresh → sign out → sign in (all PASS)

    Container Images

    forge.ourworld.tf/mycelium_code/projectmycelium_marketplace:v1.0.0
forge.ourworld.tf/mycelium_code/projectmycelium_marketplace:latest
forge.ourworld.tf/mycelium_code/projectmycelium_marketplace_frontend:v1.0.0
forge.ourworld.tf/mycelium_code/projectmycelium_marketplace_frontend:latest

    Live

    Signed-off-by: mik-tf

    Downloads
  • v0.8.0 ffe3ccefe8

    v0.8.0 Stable

    mik-tf released this 2026-03-25 01:40:02 +00:00 | 46 commits to development since this release

    v0.8.0 — Data Parity & Polish

    What is new

    • Balance polling — wallet balance + unread messages refreshed every 30s when authenticated
    • Buy Now flow — product detail page Buy Now signs spend intent, deducts wallet, redirects to confirmation
    • Form validation — register page validates name (required), email (format), passphrase (match + min 6 chars)
    • Unified polling — single async loop for balance + notification sync (stops when signed out)

    Test results

    • 26/26 API smoke tests (SSR) PASS
    • 24/24 API smoke tests (SPA) PASS
    • Deployed to dev

    Signed-off-by: mik-tf

    Downloads
  • v0.7.0 ffe3ccefe8

    v0.7.0 Stable

    mik-tf released this 2026-03-25 01:14:19 +00:00 | 46 commits to development since this release

    v0.7.0 — Signed Wallet Transactions

    What is new

    • Signed spend intents — client signs {action}\n{amount}\n{product_id}\n{timestamp} with ed25519 key
    • POST /api/wallet/transact — verify signature, check balance, deduct credits, return receipt
    • Checkout integration — Place Order → sign spend intent → deduct wallet → create order → show confirmation
    • Balance update — wallet balance display updates after purchase
    • Insufficient funds handling — returns shortfall amount if balance too low

    Flow

    User clicks Place Order
  → Vault signs spend intent (ed25519)
  → POST /api/wallet/transact { action, amount, product_id, public_key, timestamp, signature }
  → Backend verifies signature against registered pubkey
  → Backend checks balance >= amount
  → Backend deducts credits via WalletManager.debit()
  → Returns { receipt_id, new_balance }
  → Frontend creates order via POST /api/orders
  → User sees confirmation + updated balance

    Test results

    • 26/26 API smoke tests PASS
    • Both repos compile clean
    • Deployed to dev
    • Wallet balance tracking works (demo starts at 1250 MC)

    Signed-off-by: mik-tf

    Downloads
  • v0.6.0 ffe3ccefe8

    v0.6.0 Stable

    mik-tf released this 2026-03-25 00:55:27 +00:00 | 46 commits to development since this release

    v0.6.0 — Payment Integration (Stripe, Clickpesa, Bank Transfer)

    What is new

    • PaymentProvider trait — abstract interface with 4 implementations (Demo, Stripe, Clickpesa, Bank)
    • Stripe provider — Checkout Sessions API, HMAC-SHA256 webhook signature verification
    • ClickPesa provider — JWT auth, checkout link generation, webhook HMAC verification
    • Bank Transfer provider — displays bank details, min $1000, manual admin confirmation
    • Demo provider — instant confirmation with fake URLs (DEMO_PAYMENT=true, default)
    • Webhook endpoints — POST /api/webhooks/stripe, POST /api/webhooks/clickpesa
    • Payment API — POST /api/payments/initiate (returns checkout URL), GET /api/payments/status
    • Buy Credits UI — wallet page modal with amount + gateway selection → redirects to payment URL
    • Provider registry — auto-selects provider from PAYMENT_PROVIDER env var

    Environment variables

    PAYMENT_PROVIDER=demo|stripe|clickpesa|bank
DEMO_PAYMENT=true|false
STRIPE_SECRET_KEY=sk_test_...
STRIPE_WEBHOOK_SECRET=whsec_...
CLICKPESA_CLIENT_ID=...
CLICKPESA_API_SECRET=...
CLICKPESA_WEBHOOK_SECRET=...

    Test results

    • 26/26 API smoke tests PASS
    • Payment initiation returns checkout URL (demo mode)
    • Webhook endpoint accepts and processes events
    • Buy Credits modal wired to payment API

    Signed-off-by: mik-tf

    Downloads
  • v0.5.0 ffe3ccefe8

    v0.5.0 Stable

    mik-tf released this 2026-03-24 22:38:13 +00:00 | 46 commits to development since this release

    v0.5.0 — Ed25519 Keypair Identity + Signature Auth

    What is new

    • Ed25519 keypair vault — generate, encrypt (AES-256-GCM + PBKDF2 100k iterations), store in localStorage
    • Signature-based auth — every API request signed with X-Public-Key / X-Timestamp / X-Signature headers
    • Session persistence — sessionStorage auto-unlock on page refresh, 30 min idle timeout
    • User-friendly UX — Sign In, Passphrase, Create Account, Sign Out, Your ID (no technical jargon)
    • Stateless HMAC challenges — server signs challenge with HMAC, no in-memory store, horizontally scalable
    • Full body hash verification — middleware buffers body, computes SHA-256, verifies signature integrity
    • Base-path proxy support — strips APP_BASE_PATH for correct signature verification behind nginx
    • Fixture user persistence — in-memory store for dev/test mode

    Test results (live dev)

    • 26/26 API smoke tests (SSR domain)
    • 24/24 API smoke tests (SPA domain)
    • 19/19 SPA endpoint checks
    • Full browser E2E: register → dashboard → refresh (session persists) → sign out → login

    Design

    Complete FOSS-sovereign design document at docs/DESIGN.md (17 sections, 1000+ lines)

    Signed-off-by: mik-tf

    Downloads
  • v0.1.0-dev 2a983d22d9

    v0.1.0-dev — First Deployment Pre-release

    mik-tf released this 2026-03-23 13:53:16 +00:00 | 65 commits to development since this release

    v0.1.0-dev — First Deployment

    First container images built and pushed to forge registry.

    Services

    • Backend: Axum RPC + thin SSR (23 OSIS types, ~80 methods) — 153 MB
    • Frontend: Dioxus WASM SPA (42+ components, dioxus-bootstrap-css) — 65.9 MB
    • Admin: Dioxus WASM SPA + Axum proxy (10 tabs) — 115 MB

    Images

    • forge.ourworld.tf/mycelium_code/projectmycelium_marketplace_backend:0.1.0-dev
    • forge.ourworld.tf/mycelium_code/projectmycelium_marketplace_frontend:0.1.0-dev
    • forge.ourworld.tf/mycelium_code/projectmycelium_marketplace_admin:0.1.0-dev

    Pipeline state

    • Makefile TAG: 0.1.0-dev
    • Container images: 0.1.0-dev
    • All repos: development branch

    Endpoints

    • backend: not yet deployed
    • frontend: not yet deployed
    • admin: not yet deployed

    Status: development — not production verified

    Next: TFGrid VM provisioning + DNS + smoke tests (mycelium_code/home#10).
    Testing plan: mycelium_code/home#11 (130+ tests across 7 steps).

    Downloads