Skip to content

Releases: mlotocki2k/KSeF_Monitor

KSeF Monitor v0.5.3

Choose a tag to compare

@mlotocki2k mlotocki2k released this 06 May 12:09

v0.5.3 — post-0.5.2 hotfix bundle

First production-ready release of the v0.5 line. Closes the v0.5.0 → v0.5.2 audit cycle (UI auth, V5-13 user accounts, U-01..U-17 hardening) and the seven post-merge defects surfaced during pre-prod testing.

Showstoppers fixed

  • Fresh-install lockoutauth_token auto-gen + bootstrap admin used the unknowable random token as the password. /ui/setup now stays accessible on auto-gen so the operator picks their own credentials.
  • Initial load: every invoice rejected_map_export_invoice was on pre-v2.x KSeF field names (ksefReferenceNumber, grossValue, subjectBy.…). Re-mapped against the v2.4 InvoiceMetadata spec example, legacy keys kept as fallback.
  • Initial load: KSeF 21405 on every other window — 91-day window off-by-one. Fixed: 89-day exact span, instant-overlap cursor advance, end_date treated inclusive.

Logging

  • U-12 audit log silently droppedalembic.ini fileConfig() clobbered root logger to WARNING on every boot. Five of seven U-12 events (session create/revoke, password change, user create, absolute-cap eviction) were invisible in prod. Bumped root to INFO.

GUI

  • Per-window history view (phase 8 migration h3c4d5e67890) — every window logged: type, range, status, imported/skipped, error, duration. Toggle in status card.
  • Failed windows surfaced — new completed_with_errors job status + amber "Ukończony z błędami" badge + "Niepowodzenia okien" callout.
  • On-demand artifact caching/api/v1/invoices/{ksef}/{xml,pdf} now writes XML+PDF to disk and registers in invoice_artifacts so subsequent calls hit cache (saves the 64/h KSeF rate budget).
  • Tailwind subset gaps — restored .hidden, .sr-only, whitespace-pre-line, amber palette (used by /ui/push notice + initial-load history). The QR-pairing reveal block was rendering before auth click; "Pobierz PDF (0)" was always visible. All fixed.
  • Table separators — first row now matches divide-y color; logo↔menu gap widened.

Security

  • CodeQL clean — closed alerts #5/#6/#7/#8/#9/#12/#13 (URL redirect sanitization, HTML regexp, URL substring). #10/#11 dismissed as false positives (cleartext-logging on validate_password error strings; SHA-256 pre-hash for bcrypt 72B limit per U-02 control).
  • cryptography 46.0.7 → 47.0.0 — major bump audited per breaking-changes list (no SECT*, OpenSSL 3.x in Docker base, broad excepts catch new exception types).

Docs

  • iOS App Store status notice — App Store v1.0.2 predates push pairing. /ui/push shows amber callout pointing at kontakt@krzewilabs.pl for TestFlight v1.1.x build; same blockquote in README iOS Push section.

Migrations

  • h3c4d5e67890 — phase 8 initial_load_windows, idempotent against Base.metadata.create_all.

Tests

  • 744 passed, 2 skipped (was 739 in v0.5.2).
  • New: TestAuthTokenAutoGeneration (2 cases), TestInitialLoadWindowLog (2 cases). Updated: test_exceeds_range (90→89 inclusive semantic).
  • CI matrix Python 3.10 / 3.11 / 3.12 + bandit + pip-audit green.

Upgrade path

  • v0.5.0/v0.5.1/v0.5.2 → v0.5.3: alembic upgrade head brings phases 5–8 (ui_users, ui_login_attempts, ui_sessions.ua_hash, initial_load_windows).
  • Operator-supplied auth_token → bootstrap admin still runs (admin = your token).
  • Auto-generated auth_token/ui/setup wizard required on first launch.

Full diff vs v0.4.0: see CHANGELOG.md — sections [0.5.0], [0.5.1], [0.5.2], [0.5.3].

KSeF Monitor v0.4

Choose a tag to compare

@mlotocki2k mlotocki2k released this 23 Mar 15:58

What's New in v0.4

REST API (FastAPI)

  • 8 endpoints: invoices (list, detail), stats (summary, API), monitor (health, state, trigger), artifacts (pending)
  • Bearer token auth with hmac.compare_digest (timing-safe)
  • Swagger UI at /docs, pagination, filtering, sorting
  • Security headers, rate limiting (slowapi), CORS control

Rate Limiter

  • Sliding window with 3 windows (10/s, 30/min, 120/h)
  • Thread-safe, fail-closed, integrated with KSeF API client
  • Automatic 429 Retry-After handling

Database Phase 2

  • api_request_log — KSeF API call tracking (endpoint, status, timing)
  • invoice_artifacts — resumable artifact download tracking (status, retry count, SHA-256)
  • invoices.source field

Refactoring

  • Split invoice_pdf_generator.py (1792 lines) into 3 modules
  • Unified 401-retry pattern in ksef_client.py
  • Data-driven config validation
  • QR code / font deduplication

Security Audit

  • 10 security controls: SSTI sandbox, auth enforcement, rate limiting, CORS, CRLF, info disclosure
  • Re-audit with Docker hardening
  • Prometheus bind address restricted to 127.0.0.1 by default

Prometheus Metrics

  • 10 metrics total (7 new in v0.4): API requests, response time, rate limiter, artifacts, REST API

Tests

  • 423 tests, 0 failures
  • New: rate limiter, DB phase 2, API auth, invoices, stats, monitor, security controls

Documentation

  • New: docs/REST_API.md — full API reference
  • Updated: DATABASE.md, ROADMAP.md, INDEX.md, PROJECT_STRUCTURE.md, README.md
  • KSeF API version updated to v2.2/v2.3

Full Changelog: v0.3...v0.4.0

KSeF Monitor v0.3

Choose a tag to compare

@mlotocki2k mlotocki2k released this 10 Mar 15:51

KSeF Monitor v0.3 — Fundament: templating + DB

Nowe funkcjonalności

  • Powiadomienia Jinja2 — 5 szablonów per kanał (Pushover, Discord, Slack, Email, Webhook) z custom filtrami (money, date, json_escape)
  • Template PDF faktur — HTML/CSS → PDF via xhtml2pdf z fallbackiem na ReportLab; dynamiczne kolumny, QR code, polskie formatowanie
  • Konfigurowalna struktura folderów — placeholdery {year}, {month}, {day}, {type} + nazwy plików ({invoice_number}, {ksef}, {seller_nip} itd.)
  • Safecheck na overwrite — strategia skip / rename / overwrite przy zapisie XML/PDF/UPO
  • SQLite + SQLAlchemy 2.0 — tabele invoices, monitor_state, notification_log z Alembic migracjami
  • On-demand triggerdocker kill -s SIGUSR1 <container> natychmiastowe sprawdzenie faktur poza harmonogramem

Bezpieczeństwo

  • Security audit: 22 findings (C1-C2, H1-H5, M1-M8, L1-L3) — naprawione
  • Re-audit: Docker hardening, ReportLab XML escaping, auth failure callback coverage
  • SHA-256 deduplication, atomic state write, path traversal guards, input sanitization

KSeF API

  • Pełna paginacja (hasMore/isTruncated, max 250/page, safety limit 10 000)
  • Cap dateRange do 90 dni, 429 retry z backoff + Retry-After
  • Aktualizacja do KSeF API v2.2.0

Infrastruktura

  • Docker entrypoint z gosu, named volumes, OCI image labels
  • CI: Docker build & push, outdated packages check, OpenAPI/XSD spec monitoring
  • Community: CONTRIBUTING.md, CODE_OF_CONDUCT.md, issue/PR templates

291 testów przechodzących | Pełna dokumentacja w docs/

KSeF Monitor v0.2

Choose a tag to compare

@mlotocki2k mlotocki2k released this 13 Feb 11:58

KSeF Monitor v0.2

Multi-channel Notifications

  • 5 notification channels: Pushover, Discord, Slack, Email, Webhook
  • Concurrent multi-channel delivery (one failure doesn't block others)
  • Strategy Pattern with NotificationManager facade

PDF & XML Invoice Storage

  • Configurable file storage via storage config section (save_xml, save_pdf, output_dir)
  • PDF generation based on official KSeF XSD/XSL schema
  • QR Code Type I (invoice verification & download)
  • Polish diacritical marks support (cross-platform fonts)
  • Generation timestamp footer on every page

Monitoring & Scheduling

  • Prometheus metrics endpoint (/metrics)
  • Flexible scheduling: 5 modes (simple, minutes, hourly, daily, weekly)
  • Timezone support for all date operations (IANA timezones, default: Europe/Warsaw)

Security & Auth

  • KSeF API v2 authentication (RSA-OAEP encrypted token)
  • Secrets from environment variables, Docker secrets, or config file

Documentation

  • Comprehensive guides: QUICKSTART, NOTIFICATIONS, KSEF_TOKEN, SECURITY, TESTING, PDF_GENERATION
  • Detailed Discord/Slack webhook creation steps
  • KSeF token creation guide with read-only permissions

Full Changelog: v0.1...v0.2

v0.1

Choose a tag to compare

@mlotocki2k mlotocki2k released this 07 Feb 16:07
7530923