bu5hm4nn/vault-dash
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: close turnstile roadmap items

Browse Source
This commit is contained in:
Bu5hm4nn
2026-03-25 10:29:50 +01:00
parent 40f7e74a1b
commit b1e5cbd47e
5 changed files with 56 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
docs/roadmap/ROADMAP.yaml
View File

@@ -1,5 +1,5 @@
version: 1
updated_at: 2026-03-24
updated_at: 2026-03-25
structure:
backlog_dir: docs/roadmap/backlog
in_progress_dir: docs/roadmap/in-progress
@@ -7,12 +7,10 @@ structure:
blocked_dir: docs/roadmap/blocked
cancelled_dir: docs/roadmap/cancelled
notes:
- ROADMAP.md is now a human-readable compatibility index.
- The roadmap source of truth is this index plus the per-task YAML files in the status folders.
- One task lives in one YAML file and changes state by moving between status folders.
- Priority ordering is maintained here so agents can parse one short file first.
priority_queue:
- SEC-001
- SEC-001A
- CORE-001D
- BT-003B
- PORT-003
@@ -20,17 +18,19 @@ priority_queue:
- BT-001C
- EXEC-001
- EXEC-002
- DATA-002A
- DATA-001A
- OPS-001
- BT-003
recently_completed:
- SEC-001
- SEC-001A
- CORE-001A
- CORE-001B
- CORE-001C
- PORT-004
- BT-001A
- BT-003A
states:
backlog:
- SEC-001
- SEC-001A
- DATA-002A
- DATA-001A
- OPS-001
@@ -51,6 +51,8 @@ states:
- PORT-001A
- PORT-002
- PORT-004
- SEC-001
- SEC-001A
- EXEC-001A
- BT-001
- BT-001A

8
docs/roadmap/backlog/SEC-001-turnstile-captcha.yaml → docs/roadmap/done/SEC-001-turnstile-captcha.yaml
View File

@@ -1,6 +1,6 @@
id: SEC-001
title: Turnstile CAPTCHA for Public Workspace Bootstrap
status: backlog
status: done
priority: P0
effort: M
depends_on:
@@ -24,3 +24,9 @@ technical_notes:
- Keep verification in a focused server-side seam such as app/services/turnstile.py.
- Use Cloudflare's published Turnstile test keys for deterministic local/browser coverage.
- This story exists because the app is now publicly reachable at https://lombard.uncloud.tech.
completed_notes:
- Added server-side Turnstile verification seam in app/services/turnstile.py.
- Changed workspace bootstrap to POST-only and redirected failures to /?captcha_error=1.
- Added welcome-page Turnstile widget markup and retry UX.
- Preserved a safe compatibility redirect for legacy GET /workspaces/bootstrap -> /.
- Added browser and route tests covering protected bootstrap flow and invalid fake workspace paths.

8
docs/roadmap/backlog/SEC-001A-turnstile-config.yaml → docs/roadmap/done/SEC-001A-turnstile-config.yaml
View File

@@ -1,6 +1,6 @@
id: SEC-001A
title: Turnstile Config, Test Keys, and Deployment Wiring
status: backlog
status: done
priority: P0
effort: S
depends_on:
@@ -21,3 +21,9 @@ acceptance_criteria:
technical_notes:
- Secret key must remain server-side only.
- Prefer explicit settings validation over silent fallback in production.
completed_notes:
- Environment-driven TURNSTILE_SITE_KEY and TURNSTILE_SECRET_KEY are supported.
- Development/test defaults use Cloudflare Turnstile test keys; non-dev/test missing keys fail loudly.
- Forgejo deploy workflow now passes vars.TURNSTILE_SITE_KEY and secrets.TURNSTILE_SECRET_KEY.
- docker-compose.deploy.yml and scripts/deploy-forgejo.sh pass Turnstile settings through to runtime.
- README and .env.example now document local/test keys, fail-path keys, and production wiring.