- Enabled `directAccessGrants` for `frontend-client` in `meldestelle-realm.json` to support ROPC login flow.
- Strengthened admin credentials in realm configuration to meet password policy requirements.
- Upgraded Keycloak to `26.5.5` with updated Docker healthcheck logic:
- Replaced `curl` with bash `/dev/tcp` for compatibility with `ubi9-micro` image.
- Switched health endpoint from `/ready` to `/live` for single-node use.
- Adjusted healthcheck timings (`start_period`, `timeout`, `interval`) for smoother startup.
- Removed deprecated v1 hostname parameter `KC_HOSTNAME_STRICT_HTTPS`.
Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
Updated `MASTER_ROADMAP_2026_Q1.md` to reflect completed Redis-to-Valkey migration and Keycloak production configuration. Adjusted property paths in `base-application.yaml` and session logs with corrected environment variable names. Verified end-to-end Docker stability and roadmap alignment.
Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
Marked Zipkin integration tasks as completed and verified in archived roadmaps. Documented fixes for gateway propagation type (`w3c` → `b3`) and Zipkin endpoint configuration. Removed redundant dependencies in `build.gradle.kts` and updated related session logs.
Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
Removed `# syntax=docker/dockerfile:1.8` from various Dockerfiles as it is no longer needed. Updated `.gitea/workflows/docker-publish.yaml` to enhance ARM64 build reliability with host driver enforcement and commented out unused caching configurations for clarity.
Aligned environment variable naming across backend and infrastructure files for improved consistency (e.g., `SPRING_CLOUD_CONSUL` and `SPRING_SECURITY_OAUTH2_RESOURCESERVER`). Introduced `PING_SERVICE_URL` to support dynamic Ping-Service routing. Updated Docker Compose health checks, profiles, and memory settings for scalability and stability.
Updated test cases in `ValkeyEventStoreTest` and cache implementation in `ValkeyDistributedCache` to fully transition from Redis to Valkey. Adjusted configurations, templates, connection handling, and exception management to reflect Valkey-specific behavior and APIs.
Switched container images in `dc-infra.yaml` to a custom Docker registry for better control and consistency across deployments. Added Keycloak with enhanced configurations and updated several container restart policies, memory allocations, and healthcheck settings for improved performance and compatibility.
Replaced Redis with Valkey as the caching backend across infrastructure and application modules. Updated configurations, templates, and health checks to reflect Valkey-specific parameters. Improved compatibility with enhanced configurability, including max memory and memory eviction policy settings.
Updated persistence layer to align with Exposed 1.0.0. Refactored table definitions to use `javaUUID` for consistency with `java.util.UUID`. Adjusted transaction handling for compatibility with the latest API changes. Enhanced error handling in database utility functions and refined pagination logic. Added documentation and migration updates for best practices with Exposed 1.0.0.
- Replaced `initKoin` with `startKoin` for DI initialization consistency across platforms.
- Introduced `StateNavigationPort` with `StateFlow` to streamline navigation state management.
- Migrated `AppScreen` to sealed class with route mapping for better navigation handling.
- Deleted unused `frontend/shared` module and removed related dependencies from build files.
- Cleaned up legacy navigation and Redux-related code, aligning with MVVM architecture.
Updated Dockerfiles to fix frontend path references after refactoring. Refactored `networkModule` to replace the `Auth` plugin with manual auth header injection for enhanced logout support. Adjusted Keycloak realm configuration to set default credentials as non-temporary. Improved error handling in `AuthApiClient` with detailed response messages.
- Entfernen/Deprecaten: `frontend/features/auth-feature/.../AuthenticatedHttpClient.kt` und alle manuellen `Authorization`‑Header‑Setzungen.
- Stattdessen: DI‑`apiClient` via Koin injizieren (`single(named("apiClient"))`) und Token‑Anreicherung über Ktor `Auth` Plugin (Bearer) verdrahten.
- Build‑Guard ergänzen: Auch Vorkommen von `HttpHeaders.Authorization` erkennen.
Simplified imports for better readability, addressed unnecessary null check for `uiState.errorMessage`, and removed an unused `CoroutineScope` variable in `MainApp`. Improved code clarity and maintainability.
- Deleted `SecurityConfiguration.kt` in favor of centralized security standardization.
- Optimized `Dockerfile` by replacing missing frontend directories with dummy paths for improved build stability.
- Updated `application.yaml` with updated default Keycloak and Postgres configurations.
- Updated `application.yaml` to include Redis and Consul configurations for rate limiting and service discovery.
- Added OAuth2 resource server settings to improve security.
- Refined Gradle dependencies, introducing Reactive Resilience4j for WebFlux.
- Optimized Dockerfile with cleaner build and runtime stages, adjusted caching, and streamlined directory structure.
- Removed `MdcCorrelationFilter` and simplified correlation ID management using Micrometer Tracing.
- Updated `SecurityConfig` in `gateway` with enhanced role-based access and standardized JWT validation.
- Added new `@Profile` annotations in `ping-service` to exclude certain components during testing.
- Refactored and removed legacy `application-keycloak.yaml` and consolidated settings into the primary `application.yaml`.
- Adjusted Gradle scripts to clean up dependency declarations and improve modularity.
- Simplified CORS and Gateway route configurations for better maintainability.
- Replaced local `SecurityConfig` in `ping-service` with the shared `infrastructure:security` module.
- Added `GlobalSecurityConfig` to standardize OAuth2, JWT validation, and CORS for all services.
- Introduced new endpoints (`/ping/public`, `/ping/secure`) with role-based access control.
- Updated database schema with Flyway migration (`V1__init_ping.sql`) and refactored persistence layer to align with the standardized approach (`createdAt` field).
- Enhanced application configuration (`application.yaml`) to use shared security and Flyway settings.
- Created `backend/infrastructure/security` module with standardized configurations for OAuth2, JWT validation, CORS, and role mapping.
- Updated ADRs to reflect resolved backend infrastructure decisions, including security standardization, persistence strategy, and Flyway schema location.
- Enabled integration of the `security` module into relevant projects (e.g., `ping-service` and `gateway`).
Enhanced `ping-service` documentation with architectural, implementation, and API details. Added a new journal entry outlining the troubleshooting steps for backend startup issues, including fixes for Dockerfile paths, Gradle build conflicts, and Keycloak pre-build configuration.
Introduced the "Docs-as-Code" approach across the project to ensure maintainable and versioned documentation. Updated agent role definitions and responsibilities in `AGENTS.md`. Reorganized and expanded the `/docs` directory for better alignment with project workflows and architecture.
Configured `sqlite.worker.js` for OPFS-backed SQLite WASM operations in the frontend build pipeline. Added new Spring Boot dependency bundles including secure service configurations. Integrated updated database utilities with enhanced error handling. Removed outdated circuit breaker tests and replaced them with modern unit and integration test setups.
Migrated CORS settings from code to `application.yaml` for better separation of concerns. Integrated `ping-api` into the new `contracts` module for improved modularity. Updated Gradle scripts and dependencies accordingly to reflect the new project structure.
Enabled Wasm target across all relevant modules and removed conditional enablement logic. Refactored `core:core-utils` to move JVM-specific code to a new `backend:infrastructure:persistence` module for strict KMP compliance. Updated dependencies, adjusted Gradle configurations, and resolved circular dependencies.
- Integrated Room plugin and runtime dependencies into `local-db` module, including schema configuration for Room.
- Added KSP processor dependencies for Kotlin Multiplatform compatibility.
- Enhanced `core-domain` module by refining and temporarily adjusting testing dependencies for resolution issues.
- Simplified test assertions by removing redundant type casting in `ResultTest`.
- Improved Redis mock behavior and verification leniency in `RedisDistributedCacheTest`.
- Updated dependency versions in `libs.versions.toml` (e.g., downgraded `ktor` and adjusted `composeMultiplatform`).
- Refined Gradle build scripts for consistent compiler args and testing configurations (e.g., disabled browser tests in frontend).
- Addressed mocking issues in `RedisDistributedCacheTest` to prevent `NoSuchMethodError`.
- Fixed package imports due to framework updates in Spring Boot and Micrometer-related components.
- Deleted `FallbackController` as it is no longer required, with alternatives already in place.
- Removed `GatewayDependencies.txt` to clean up outdated and redundant dependency tracking files.
- Updated Kotlin compiler and JVM toolchain to target JVM 25 in all subprojects.
- Enforced stable `kotlinx-serialization-json:1.7.3` version to prevent resolution issues.
- Introduced JS bundle size budget checks for frontend shells with gzip support and reporting.
- Refined and reorganized Gradle module includes in `settings.gradle.kts`.
- Removed legacy and redundant dependency configurations for improved clarity.
### Summary
- Removed `repositories` blocks from individual `build.gradle.kts` files, moving configuration to `settings.gradle.kts`.
- Replaced custom Spring Boot constraints in the platform BOM with the Spring Boot BOM for cleaner dependency management.
- Explicitly added `webflux` dependency for Gateway to handle transitivity changes in Spring Boot 4.x.
Umfangreiches Refactoring der Projektkonfiguration zur klaren Trennung von Build-, Runtime- und Applikations-Logik.
Änderungen im Detail:
- Struktur: Neuorganisation des `config/` Verzeichnisses in logische Bereiche:
- `config/docker`: Reine Infrastruktur-Configs (Postgres, Redis, Nginx, Monitoring).
- `config/quality`: Statische Code-Analyse (Detekt, Lint).
- `config/app`: Gemeinsame Spring-Boot-Konfigurationen.
- Docker Compose:
- Einführung von Profilen (`infra`, `backend`, `ops`, `gui`, `tools`) für gezieltes Starten von Teilbereichen.
- Anpassung aller Volume-Pfade auf die neue Struktur.
- Spring Boot Config:
- Zentralisierung gemeinsamer Einstellungen (Datasource, Redis, JPA) in `config/app/base-application.yml`.
- Parametrisierung der Hosts für nahtlosen Wechsel zwischen Docker und Localhost.
- Bereinigung der service-spezifischen `application.yaml` Dateien (z.B. Ping-Service).
- Cleanup: Entfernen redundanter "Ghost-Files" (`versions.toml`, `central.toml`, `config/.env`), um eine echte Single Source of Truth (SSoT) zu gewährleisten.
