- Enabled `directAccessGrants` for `frontend-client` in `meldestelle-realm.json` to support ROPC login flow.
- Strengthened admin credentials in realm configuration to meet password policy requirements.
- Upgraded Keycloak to `26.5.5` with updated Docker healthcheck logic:
- Replaced `curl` with bash `/dev/tcp` for compatibility with `ubi9-micro` image.
- Switched health endpoint from `/ready` to `/live` for single-node use.
- Adjusted healthcheck timings (`start_period`, `timeout`, `interval`) for smoother startup.
- Removed deprecated v1 hostname parameter `KC_HOSTNAME_STRICT_HTTPS`.
Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
Deleted unused `.github` workflows and configurations, including obsolete CI/CD pipelines and PR templates, which were no longer executed after the migration to Gitea. Migrated the `PR Guard` workflow for hardcoded version checks to `.gitea/workflows/pr-guard.yaml`. Verified functional workflows in Gitea (e.g., Docker publish). Documented changes and rationale in session logs.
Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
Updated `MASTER_ROADMAP_2026_Q1.md` and session logs to reflect completion of the Ping Service tracer bullet. Verified the end-to-end stack, including frontend, backend, and Gateway integration. Fixed query parameter mismatch in `PingApiKoinClient.syncPings()` (`lastSyncTimestamp` → `since`) for proper Delta-Sync functionality. Marked related roadmap tasks as completed.
Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
Updated `MASTER_ROADMAP_2026_Q1.md` to reflect completed Redis-to-Valkey migration and Keycloak production configuration. Adjusted property paths in `base-application.yaml` and session logs with corrected environment variable names. Verified end-to-end Docker stability and roadmap alignment.
Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
Marked Gateway CircuitBreaker tasks as completed and verified in archived roadmaps and session logs. Confirmed fixes for `ClassNotFoundException` via Spring Cloud 2025.0.1 and proper configuration of Resilience4j with fallback and metrics integration.
Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
Completed OIDC Authorization Code Flow with PKCE (S256) for JS and JVM platforms.
- Added `launchOidcFlow`, `consumePendingOidcCallback`, and `getOidcRedirectUri` with platform-specific implementations.
- Integrated SHA-256 and Base64URL helpers for PKCE.
- Updated `LoginViewModel` with OIDC logic (key handling, token exchange, state validation).
- Enhanced `LoginScreen` with an OIDC login button and loading spinner.
- Verified implementation with system hardening roadmap tasks.
Includes browser redirects for JS, localhost HTTP callback for JVM, and built-in Keycloak URL construction.
Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
Marked Zipkin integration tasks as completed and verified in archived roadmaps. Documented fixes for gateway propagation type (`w3c` → `b3`) and Zipkin endpoint configuration. Removed redundant dependencies in `build.gradle.kts` and updated related session logs.
Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
Marked Micrometer 1.16.1 upgrade task as completed in archived roadmaps and session logs. Verified compatibility for Java 25 and updated notes to reflect no changes required in `libs.versions.toml`.
Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
Documented the completed Keycloak hardening steps, including PKCE S256 support, CORS security improvements, strengthened password policy, and logout redirect URI configurations. Verified and updated the `meldestelle-realm.json` and roadmap to reflect these changes.
Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
stefan