|
71 | 71 | ✅ Auto-config: `station-manifest.json` created from sample on first run |
72 | 72 | ✅ `npm start` serves full studio at `localhost:6736` |
73 | 73 |
|
74 | | -### v0.2.1 Security Hardening (In Progress) |
| 74 | +### v0.2.1 Security Hardening (PR #1 Open — CI Green) |
75 | 75 |
|
76 | 76 | **Server-Side**: |
77 | 77 | ✅ `server/lib/auth.js` — JWT room tokens (24h) + invite tokens (4h) |
|
99 | 99 | ✅ `station-manifest.sample.json` — TURN creds marked CHANGE_ME |
100 | 100 | ✅ `deploy/station-manifest.production.json` — TURN creds marked CHANGE_ME |
101 | 101 |
|
| 102 | +**CI Fixes** (resolved during PR): |
| 103 | +✅ Removed `cache: npm` from CI — lock files are gitignored |
| 104 | +✅ Switched `npm ci` → `npm install` in CI |
| 105 | +✅ Updated all 7 Playwright test URLs from port 8086 → 6736 |
| 106 | +✅ Fixed `test-program-bus.mjs` headed → headless for CI |
| 107 | +✅ Increased return-feed test timeouts (WebRTC renegotiation flaky in CI) |
| 108 | +✅ Added retry for return-feed test, `fail-fast: false` on matrix |
| 109 | + |
102 | 110 | ## What's Next |
103 | 111 |
|
104 | 112 | ### Immediate |
105 | 113 |
|
106 | | -1. **Commit & test v0.2.1** — Finalize security hardening branch, run full test suite |
107 | | -2. **Deploy to openstudio.zerologic.com** — Run `deploy/setup.sh` on production server with `JWT_SECRET` and `ALLOWED_ORIGINS` set |
108 | | -3. **End-to-end recording test** — Manual test: record, stop, download, verify tracks |
109 | | -4. **Playwright tests update** — Update test URLs from port 8086 to 6736 |
| 114 | +1. **Merge PR #1** — https://github.com/msitarzewski/openstudio/pull/1 (CI green) |
| 115 | +2. **Deploy to umacbookpro** — `git pull` + `systemctl --user restart openstudio` on umacbookpro |
| 116 | +3. **Deploy to openstudio.zerologic.com** — Run `deploy/setup.sh` on production server with `JWT_SECRET` and `ALLOWED_ORIGINS` set |
| 117 | +4. **End-to-end recording test** — Manual test: record, stop, download, verify tracks |
110 | 118 |
|
111 | 119 | ### Short Term (Next Sprint) |
112 | 120 |
|
|
143 | 151 | - Deployment config for openstudio.zerologic.com |
144 | 152 | - DX: Codespaces, CI matrix, GitHub templates |
145 | 153 |
|
146 | | -### Release 0.2.1 — Security Hardening 🔒 (In Progress 2026-03-13) |
147 | | -**Status**: Implementation in progress (branch: `release/0.2.1-security-hardening`) |
| 154 | +### Release 0.2.1 — Security Hardening 🔒 (PR Open 2026-03-13) |
| 155 | +**Status**: PR #1 open, CI green (Node 18/20/22), awaiting merge |
148 | 156 | - JWT room tokens + invite tokens (`server/lib/auth.js`) |
149 | 157 | - WebSocket rate limiting (100 signaling/10s, 500 stream/10s) + per-IP connection limit (10) |
150 | 158 | - HTTP security headers (X-Content-Type-Options, X-Frame-Options, Referrer-Policy) |
|
0 commit comments