- Lazy-load DebugOverlay via defineAsyncComponent so its chunk (and the
vueuse perf hooks it pulls in) stays out of the default bundle until the
developer toggle is enabled.
- Add useDebugMode unit tests mirroring useCrtMode: default-off, persisted
restore, write-through, and singleton sharing.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Addresses review feedback: `db_name` is interpolated into CREATE DATABASE
statements via f-strings (identifiers can't be bind parameters), so validate
it up-front against a plain-identifier allowlist ([A-Za-z0-9_]+) and refuse
anything containing quoting/other characters, rather than rely on quoting.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Addresses review feedback: granting ALL PRIVILEGES on *.* is overly broad,
especially against a shared DB instance. A database-level grant on the
`romm\_test%` wildcard pattern still lets the user CREATE the per-worker
databases (romm_test_gw0, ...) needed by pytest-xdist, while confining it to
that namespace — verified that out-of-namespace CREATE DATABASE is denied.
PostgreSQL needs no equivalent change: its CI service user (POSTGRES_USER)
is the container superuser.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Add pytest-xdist and run the backend test suite across multiple workers
(`-n 4` in CI). Each worker gets its own database so the autouse
`clear_database` fixture can't wipe rows another worker is mid-test with:
- Rootdir `backend/conftest.py` sets a per-worker `DB_NAME`
(`romm_test_gw0`, ...) before any app module is imported, so each
worker's engine binds to its own database.
- `tests/conftest.py` creates the per-worker database on demand (mariadb/
mysql and postgresql paths) just before migrations run.
- The test user's grant is widened to `*.*` (setup.sql + CI) so it can
`CREATE DATABASE` for the workers.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- main.py: await the cancelled log-forwarder task (suppressing
CancelledError) so its pubsub/lock cleanup finishes before shutdown.
- forwarder: only heartbeat the Redis lock while we still own it; if a
stall let another worker take it, relinquish forwarding to avoid
duplicate lines (the outer loop re-contends).
- endpoints/logs.py: derive MAX_LOG_LIMIT from LOG_BUFFER_SIZE so the
REST backfill never drifts from the producer's ring buffer.
- Logs.vue: append the download <a> to the DOM before click() (matches
the Patcher pattern) for cross-browser reliability.
- Add tests/endpoints/test_logs.py: non-admin 403, limit clamping to
[1, MAX_LOG_LIMIT], oldest-first ordering, and malformed-entry skip.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The log-stream handler and forwarder deliberately swallow exceptions: the
handler is a best-effort mirror that must never raise into the app, and the
forwarder can't log its own failures without feeding back into the stream.
Annotate these with `# nosec` (with justification) so Trunk's bandit check
passes, keeping lines within black's width.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- Introduced a new logs view for admin users, allowing real-time monitoring of backend logs.
- Implemented a log entry streaming mechanism using Socket.IO.
- Added filtering and searching capabilities for log entries.
- Created localized log messages in Spanish, French, Hungarian, Italian, Japanese, Korean, Polish, Portuguese, Romanian, Russian, Simplified Chinese, and Traditional Chinese.
- Updated router and sidebar components to include the new logs route.
- Enhanced user interface with tooltips and buttons for copying and downloading logs.
