feat: Dependabot config, trace-log correlation docs, rollback drills, and TTS load test#758
Open
Emmyt24 wants to merge 2 commits into
Open
Conversation
# 1.0.0 (2026-05-27) ### Bug Fixes * **solutions-plug#244:** remove duplicate get_dispute_window and add dispute_timestamp regression tests ([cd7335a](cd7335a)), closes [solutions-plug#244](https://github.com/Emmyt24/predictIQ/issues/244) * **solutions-plug#257:** remove duplicate imports in oracles_test and add oracle quality gate to CI ([a230a8c](a230a8c)), closes [solutions-plug#257](https://github.com/Emmyt24/predictIQ/issues/257) * **solutions-plug#290:** replace .expect panic in generate_signature with fallible Result API ([36ed34a](36ed34a)), closes [solutions-plug#290](https://github.com/Emmyt24/predictIQ/issues/290) * **solutions-plug#395:** separate webhook routing security model from admin routes ([4be4df1](4be4df1)), closes [solutions-plug#395](https://github.com/Emmyt24/predictIQ/issues/395) * **solutions-plug#396:** store real recipient address in sent email events ([78754d7](78754d7)), closes [solutions-plug#396](https://github.com/Emmyt24/predictIQ/issues/396) * **solutions-plug#397:** recover orphaned processing jobs on worker startup ([349b7b9](349b7b9)), closes [solutions-plug#397](https://github.com/Emmyt24/predictIQ/issues/397) * **solutions-plug#398:** remove Box::leak memory leak in analytics rate limiter ([47cabae](47cabae)), closes [solutions-plug#398](https://github.com/Emmyt24/predictIQ/issues/398) * **solutions-plug#403/solutions-plug#404:** define missing governance types and timelock constants ([99258a4](99258a4)), closes [solutions-plug#403](https://github.com/Emmyt24/predictIQ/issues/403) [solutions-plug#404](https://github.com/Emmyt24/predictIQ/issues/404) [solutions-plug#406](https://github.com/Emmyt24/predictIQ/issues/406) * **solutions-plug#405:** emit accurate oracle source metadata in oracle result events ([562ad84](562ad84)), closes [solutions-plug#405](https://github.com/Emmyt24/predictIQ/issues/405) * **solutions-plug#407:** enforce MAX_PAGE_LIMIT=100 on all paginated contract queries ([a257618](a257618)), closes [solutions-plug#407](https://github.com/Emmyt24/predictIQ/issues/407) * **solutions-plug#452:** remove double newsletter rate limiting, make policy configurable ([6169065](6169065)), closes [solutions-plug#452](https://github.com/Emmyt24/predictIQ/issues/452) [solutions-plug#452](https://github.com/Emmyt24/predictIQ/issues/452) * **solutions-plug#453:** Redis-backed newsletter IP rate limiter with atomic counters ([932a14d](932a14d)), closes [solutions-plug#453](https://github.com/Emmyt24/predictIQ/issues/453) * **solutions-plug#454:** harden client IP extraction with trusted proxy CIDRs ([04db648](04db648)), closes [solutions-plug#454](https://github.com/Emmyt24/predictIQ/issues/454) * **solutions-plug#463:** add TTL and max-size eviction to watched_txs ([428b7a7](428b7a7)), closes [solutions-plug#463](https://github.com/Emmyt24/predictIQ/issues/463) * **solutions-plug#485-solutions-plug#488:** sync API_SPEC, add email DLQ, validate templates at startup ([0749bc5](0749bc5)), closes [solutions-plug#485](https://github.com/Emmyt24/predictIQ/issues/485) [-solutions-plug#488](https://github.com/-/issues/488) [solutions-plug#485](https://github.com/Emmyt24/predictIQ/issues/485) [solutions-plug#486](https://github.com/Emmyt24/predictIQ/issues/486) [solutions-plug#487](https://github.com/Emmyt24/predictIQ/issues/487) [solutions-plug#488](https://github.com/Emmyt24/predictIQ/issues/488) * **solutions-plug#624:** fetch_pyth_price calls on-chain Pyth contract via oracle_address/feed_id ([eb3079f](eb3079f)), closes [solutions-plug#624](https://github.com/Emmyt24/predictIQ/issues/624) * **solutions-plug#625:** determine_outcome uses per-market strike_price from OracleConfig ([901f800](901f800)), closes [solutions-plug#625](https://github.com/Emmyt24/predictIQ/issues/625) * **solutions-plug#626:** validate_oracle_staleness checks all oracle indices ([bc53975](bc53975)), closes [solutions-plug#626](https://github.com/Emmyt24/predictIQ/issues/626) * **solutions-plug#627:** align DISPUTE_WINDOW_SECONDS to 72h (259200) ([4f26453](4f26453)), closes [solutions-plug#627](https://github.com/Emmyt24/predictIQ/issues/627) * add AssetClawedBack to ErrorCode enum for SAC compatibility ([b27300c](b27300c)) * add missing GovernanceToken variant to ConfigKey enum ([b00dfd2](b00dfd2)), closes [solutions-plug#3](https://github.com/Emmyt24/predictIQ/issues/3) * add winner count, boundary, and gas threshold tests ([b0d2fbe](b0d2fbe)) * allow permissionless pruning of expired market data ([8f32ca6](8f32ca6)), closes [solutions-plug#47](https://github.com/Emmyt24/predictIQ/issues/47) * **api:** stop leaking internal error details to API consumers ([solutions-plug#628](https://github.com/Emmyt24/predictIQ/issues/628)) ([e3d8cd9](e3d8cd9)) * **api:** sync OpenAPI with runtime config and add auth security schemes ([solutions-plug#400](https://github.com/Emmyt24/predictIQ/issues/400)) ([4505c01](4505c01)) * base governance majority on total voting power instead of count ([369dd49](369dd49)), closes [solutions-plug#4](https://github.com/Emmyt24/predictIQ/issues/4) * **blockchain:** quarantine malformed events; add event parsing and tx monitor tests ([b723f42](b723f42)) * consolidate newsletter rate limiting to single 5/hour policy ([solutions-plug#377](https://github.com/Emmyt24/predictIQ/issues/377)) ([c6fcbf5](c6fcbf5)) * contract query optimizations and docs fixes ([solutions-plug#481](https://github.com/Emmyt24/predictIQ/issues/481)-484) ([2a0d193](2a0d193)), closes [solutions-plug#481-484](https://github.com/Emmyt24/predictIQ/issues/481-484) * **contract:** prevent market deadlock for parent-child outcomes ([38f0e10](38f0e10)) * **contracts:** fix duplicate get_dispute_window and dead constant usage ([solutions-plug#402](https://github.com/Emmyt24/predictIQ/issues/402)) ([4f1c617](4f1c617)) * **contracts:** remove duplicate cancel_market_admin entrypoint ([solutions-plug#401](https://github.com/Emmyt24/predictIQ/issues/401)) ([3243498](3243498)) * decrement total_staked on refund to maintain accounting accuracy ([94bcd0a](94bcd0a)) * deep-prune voting storage on market prune (issue [solutions-plug#84](https://github.com/Emmyt24/predictIQ/issues/84)) ([c81462c](c81462c)) * efficient paginated user_bets endpoint using upstream offset/limit (closes [solutions-plug#390](https://github.com/Emmyt24/predictIQ/issues/390)) ([3ee7bde](3ee7bde)) * enforce betting deadline before resolution deadline ([95fb998](95fb998)), closes [solutions-plug#6](https://github.com/Emmyt24/predictIQ/issues/6) * enforce immutable payout mode throughout market lifecycle ([4083803](4083803)), closes [solutions-plug#23](https://github.com/Emmyt24/predictIQ/issues/23) * enforce proxy trust boundaries for x-forwarded-for (closes [solutions-plug#379](https://github.com/Emmyt24/predictIQ/issues/379)) ([c8edd6d](c8edd6d)) * enforce reward claim finality before market pruning ([95ed3d5](95ed3d5)), closes [solutions-plug#125](https://github.com/Emmyt24/predictIQ/issues/125) * Enforce SendGrid webhook signature validation ([d49109a](d49109a)), closes [solutions-plug#24](https://github.com/Emmyt24/predictIQ/issues/24) * enforce strict separation between Admin and Guardian identities ([673413c](673413c)), closes [solutions-plug#19](https://github.com/Emmyt24/predictIQ/issues/19) [solutions-plug#19](https://github.com/Emmyt24/predictIQ/issues/19) * ensure absolute isolation of storage keys and vote revision ([61a40e6](61a40e6)) * ensure all refund paths use SAC-safe transfer and respect circuit breakers ([a6244b1](a6244b1)), closes [solutions-plug#93](https://github.com/Emmyt24/predictIQ/issues/93) * ensure comprehensive storage cleanup for bettor participation records ([cbc8c4b](cbc8c4b)) * ensure consistent TTL management for all governance and protocol state ([6227343](6227343)) * ensure robust market ID generation for high-volume environments ([6a0a00a](6a0a00a)) * expose get_timelock_duration endpoint and add query test ([994c514](994c514)) * expose lib target so security_tests can import predictiq_api::security ([835f00d](835f00d)) * extend persistent storage TTL to safely cover pruning grace period ([a234a5a](a234a5a)), closes [solutions-plug#144](https://github.com/Emmyt24/predictIQ/issues/144) * implement comprehensive security and governance improvements ([00934d7](00934d7)), closes [solutions-plug#192](https://github.com/Emmyt24/predictIQ/issues/192) [solutions-plug#181](https://github.com/Emmyt24/predictIQ/issues/181) [solutions-plug#170](https://github.com/Emmyt24/predictIQ/issues/170) [solutions-plug#191](https://github.com/Emmyt24/predictIQ/issues/191) * implement configurable governance timelock duration ([4ee3cb5](4ee3cb5)), closes [solutions-plug#13](https://github.com/Emmyt24/predictIQ/issues/13) * implement configurable winner threshold for payout mode switching ([fde6463](fde6463)) * implement creator deposit refunds for cancelled markets ([42d16dd](42d16dd)), closes [solutions-plug#51](https://github.com/Emmyt24/predictIQ/issues/51) * implement flexible oracle result indexing per market ([f99207b](f99207b)), closes [solutions-plug#117](https://github.com/Emmyt24/predictIQ/issues/117) * implement granular balance tracking for locked fallback tokens ([15cdbf3](15cdbf3)), closes [solutions-plug#37](https://github.com/Emmyt24/predictIQ/issues/37) * implement granular role-based access control for administrative tasks ([fd56a03](fd56a03)), closes [solutions-plug#118](https://github.com/Emmyt24/predictIQ/issues/118) * implement minimum bet threshold to prevent state-bloat attacks ([3382469](3382469)) * implement parimutuel payout logic in claim_winnings ([c8f098b](c8f098b)), closes [solutions-plug#2](https://github.com/Emmyt24/predictIQ/issues/2) * implement persistent bet counter for market outcomes ([f342e61](f342e61)) * implement programmatic error handling for SAC transfers ([1b82e74](1b82e74)), closes [solutions-plug#11](https://github.com/Emmyt24/predictIQ/issues/11) * implement real parimutuel payout calculation in claim_winnings ([3555caa](3555caa)), closes [solutions-plug#91](https://github.com/Emmyt24/predictIQ/issues/91) * implement rounding and remainder handling for parimutuel payouts ([0689993](0689993)) * implement tie-detection in resolution voting outcome calculation ([7c8c0a0](7c8c0a0)), closes [solutions-plug#58](https://github.com/Emmyt24/predictIQ/issues/58) * import missing types and resolve undefined ConfigKey variant ([2e4fac8](2e4fac8)) * include actual total payout in ResolutionFinalized event ([cbca6bf](cbca6bf)), closes [solutions-plug#143](https://github.com/Emmyt24/predictIQ/issues/143) * invoke host update_current_contract_wasm in execute_upgrade ([4109cb5](4109cb5)) * lock creator deposits until resolution finality ([c7e47ff](c7e47ff)), closes [solutions-plug#115](https://github.com/Emmyt24/predictIQ/issues/115) * log cache warming errors and cover all critical endpoints ([bf978d5](bf978d5)), closes [solutions-plug#493](https://github.com/Emmyt24/predictIQ/issues/493) * maintain consistent i128 usage for vote weight summation ([6540b02](6540b02)) * mount security headers middleware globally ([solutions-plug#373](https://github.com/Emmyt24/predictIQ/issues/373)) ([81653b1](81653b1)) * move all circuit breaker state to instance storage for consistency ([cc45af6](cc45af6)), closes [solutions-plug#38](https://github.com/Emmyt24/predictIQ/issues/38) * move ErrorBody to module level, fix rustfmt line lengths ([3d4badd](3d4badd)) * **oracles:** tighten verify_oracle_health and add behavioral tests ([4221fe0](4221fe0)) * paginate event fetch and bound watched_txs with TTL/cap ([730c652](730c652)) * pass outcome=0 default in lib.rs withdraw_refund wrapper ([8385910](8385910)) * pre-initialize outcome stake map during market creation to optimize gas ([eed66ee](eed66ee)) * prevent gas-limit griefing in permissionless finalization ([d956d8c](d956d8c)) * prevent payout mode changes after resolution process has started ([solutions-plug#182](https://github.com/Emmyt24/predictIQ/issues/182)) ([3eb18f3](3eb18f3)) * prevent redundant upgrade votes and implement hash cool-down ([74c2b93](74c2b93)) * protect metrics endpoint, implement resolve_market, SCAN-based cache deletion, narrow invalidation scope ([e145d5a](e145d5a)) * reflect node and contract health as explicit degraded states ([09a3b5c](09a3b5c)) * Remove unused imports and variables ([b5aa6ac](b5aa6ac)) * reorder fee arithmetic to prevent precision loss in discounts ([3441fcd](3441fcd)) * replace single-connection SCAN loop with per-batch connection acquisition ([solutions-plug#458](https://github.com/Emmyt24/predictIQ/issues/458)) ([2cfdec4](2cfdec4)) * replace unsafe winner count heuristic with precise outcome counters ([e412995](e412995)), closes [solutions-plug#24](https://github.com/Emmyt24/predictIQ/issues/24) * require guardian consensus for removal to prevent admin overreach ([69e2a9f](69e2a9f)), closes [solutions-plug#151](https://github.com/Emmyt24/predictIQ/issues/151) * require market resolution before unlocking voting tokens ([05852e9](05852e9)) * **resolution:** replace max_outcome=0 default with Option<u32> to prevent silent wrong-winner bug ([3156780](3156780)) * resolve all 50 smart contract issues across security, gas, governance, and storage ([7a9db68](7a9db68)) * resolve all tracked issues across contracts, backend, and docs ([93117e2](93117e2)) * resolve compile errors from issues [solutions-plug#477](https://github.com/Emmyt24/predictIQ/issues/477)-[#480](https://github.com/Emmyt24/predictIQ/issues/480) ([81235ac](81235ac)), closes [solutions-plug#478](https://github.com/Emmyt24/predictIQ/issues/478) * resolve merge conflict, structured config keys, admin events, double-refund guard ([5a39df3](5a39df3)), closes [solutions-plug#184](https://github.com/Emmyt24/predictIQ/issues/184) [solutions-plug#185](https://github.com/Emmyt24/predictIQ/issues/185) [solutions-plug#186](https://github.com/Emmyt24/predictIQ/issues/186) * resolve pre-existing compile errors blocking test execution ([2f10646](2f10646)) * restrict contract initialization to authorized deployer only ([370114f](370114f)), closes [solutions-plug#28](https://github.com/Emmyt24/predictIQ/issues/28) * restrict creation deposit release to the market creator ([6f323cd](6f323cd)) * reverse referral rewards and fees on market cancellation ([a88d0c3](a88d0c3)) * **rpc:** mask RPC errors with structured log and metrics ([b3f283b](b3f283b)) * secure and configurable CORS (closes [solutions-plug#380](https://github.com/Emmyt24/predictIQ/issues/380)) ([af46e8c](af46e8c)) * **security:** add trust-boundary tests for spoofed forwarding headers ([solutions-plug#281](https://github.com/Emmyt24/predictIQ/issues/281)) ([c6381f9](c6381f9)) * **security:** strip non-ASCII control chars in sanitize::string; add Unicode fuzz and signing corpus tests ([4266add](4266add)) * **security:** strip non-ASCII control chars in sanitize::string; add Unicode fuzz and signing corpus tests ([9f51228](9f51228)) * stop swallowing blockchain RPC errors into silent defaults ([solutions-plug#460](https://github.com/Emmyt24/predictIQ/issues/460)) ([fc0ec9c](fc0ec9c)) * structured API errors, webhook sig verification, OpenAPI sync ([2430bfe](2430bfe)) * **sync:** add cursor progression tests under empty event streams ([af739cb](af739cb)) * synchronize errors.rs with missing SAC and Oracle error variants ([b392a83](b392a83)), closes [solutions-plug#113](https://github.com/Emmyt24/predictIQ/issues/113) * use BytesN<32> for WASM hash in PendingUpgrade struct ([6f43f62](6f43f62)), closes [solutions-plug#32](https://github.com/Emmyt24/predictIQ/issues/32) * use overflow-safe math for cancellation threshold checks ([ddd0237](ddd0237)), closes [solutions-plug#52](https://github.com/Emmyt24/predictIQ/issues/52) * use Redis for shared, atomic newsletter rate limiting (closes [solutions-plug#378](https://github.com/Emmyt24/predictIQ/issues/378)) ([44b92de](44b92de)) * verify OracleConfig struct schema is complete ([28ec807](28ec807)), closes [solutions-plug#124](https://github.com/Emmyt24/predictIQ/issues/124) * verify self-referral prevention is implemented ([34c5730](34c5730)), closes [solutions-plug#129](https://github.com/Emmyt24/predictIQ/issues/129) ### Features * **solutions-plug#13:** Implement Governance-Only Upgradability Pattern with 48-hour timelock ([ae8afa0](ae8afa0)), closes [solutions-plug#13](https://github.com/Emmyt24/predictIQ/issues/13) * **solutions-plug#22:** Implement Event-Driven Frontend Indexing Support ([3507c2f](3507c2f)), closes [solutions-plug#22](https://github.com/Emmyt24/predictIQ/issues/22) * **solutions-plug#246:** add tie-handling tests for dispute voting ([f505cf5](f505cf5)), closes [solutions-plug#246](https://github.com/Emmyt24/predictIQ/issues/246) * **solutions-plug#252:** add payout mode immutability tests ([877d53b](877d53b)), closes [solutions-plug#252](https://github.com/Emmyt24/predictIQ/issues/252) * **solutions-plug#406:** add status index to eliminate full reverse scan in get_markets_by_status ([35c841d](35c841d)), closes [solutions-plug#406](https://github.com/Emmyt24/predictIQ/issues/406) * **solutions-plug#519:** Enhance accessibility compliance with improved ARIA labels and keyboard navigation ([174c41a](174c41a)), closes [solutions-plug#519](https://github.com/Emmyt24/predictIQ/issues/519) * **solutions-plug#520:** Add frontend error boundary components ([6deea3f](6deea3f)), closes [solutions-plug#520](https://github.com/Emmyt24/predictIQ/issues/520) * **solutions-plug#521:** Implement frontend route-based code splitting ([e4166bc](e4166bc)), closes [solutions-plug#521](https://github.com/Emmyt24/predictIQ/issues/521) * **solutions-plug#522:** Add frontend environment variable validation ([b6dc301](b6dc301)), closes [solutions-plug#522](https://github.com/Emmyt24/predictIQ/issues/522) * **solutions-plug#523:** Implement frontend API response caching ([4daf584](4daf584)), closes [solutions-plug#523](https://github.com/Emmyt24/predictIQ/issues/523) * **solutions-plug#524:** Add frontend internationalization support ([266a5e3](266a5e3)), closes [solutions-plug#524](https://github.com/Emmyt24/predictIQ/issues/524) * **solutions-plug#525:** Implement frontend dark mode support ([e171d57](e171d57)), closes [solutions-plug#525](https://github.com/Emmyt24/predictIQ/issues/525) * **solutions-plug#526:** Add k6 load test for newsletter subscribe endpoint ([b31196d](b31196d)), closes [solutions-plug#526](https://github.com/Emmyt24/predictIQ/issues/526) * **solutions-plug#551:** Add database indexes for newsletter subscriber queries ([44b2830](44b2830)), closes [solutions-plug#551](https://github.com/Emmyt24/predictIQ/issues/551) * **solutions-plug#552:** Implement soft delete for newsletter subscribers ([5ef9c8f](5ef9c8f)), closes [solutions-plug#552](https://github.com/Emmyt24/predictIQ/issues/552) * **solutions-plug#557:** Add contract storage migration utilities ([2a64813](2a64813)), closes [solutions-plug#557](https://github.com/Emmyt24/predictIQ/issues/557) * add administrative function to withdraw protocol fee revenue ([a5befd7](a5befd7)), closes [solutions-plug#26](https://github.com/Emmyt24/predictIQ/issues/26) * add API response compression middleware ([c13cb81](c13cb81)) * add automated recovery path for circuit breaker ([d32435a](d32435a)), closes [solutions-plug#12](https://github.com/Emmyt24/predictIQ/issues/12) * add blockchain event replay ([solutions-plug#110](https://github.com/Emmyt24/predictIQ/issues/110)) and complete contract upgrade mechanism ([solutions-plug#111](https://github.com/Emmyt24/predictIQ/issues/111)) ([775d0b2](775d0b2)) * add cache stampede protection (Issue [solutions-plug#47](https://github.com/Emmyt24/predictIQ/issues/047)) ([4fff7e7](4fff7e7)) * Add comprehensive multi-token support tests for Issue [solutions-plug#9](https://github.com/Emmyt24/predictIQ/issues/9) ([7b8e185](7b8e185)) * Add comprehensive performance testing suite ([1dd5353](1dd5353)) * Add comprehensive test suite with 60+ tests and CI/CD pipeline ([eb06d34](eb06d34)), closes [solutions-plug#80](https://github.com/Emmyt24/predictIQ/issues/80) * add configurable database query timeout ([solutions-plug#49](https://github.com/Emmyt24/predictIQ/issues/049)) ([522e0f0](522e0f0)) * add E2E tests for betting flow (issue [solutions-plug#92](https://github.com/Emmyt24/predictIQ/issues/092)) ([4149ed6](4149ed6)) * add E2E tests for market creation flow with CI and flaky detection ([8778933](8778933)) * add idempotency key support for email sends (Issue [solutions-plug#45](https://github.com/Emmyt24/predictIQ/issues/045)) ([54dde3f](54dde3f)) * Add market cancellation with zero-fee refunds (Issue [solutions-plug#10](https://github.com/Emmyt24/predictIQ/issues/10)) ([274d1f0](274d1f0)) * add test to oracle failure fallback strategy ([98b1d04](98b1d04)) * **api:** add database connection health check ([solutions-plug#495](https://github.com/Emmyt24/predictIQ/issues/495)) ([e012013](e012013)) * **api:** add structured error codes and consistent error schema ([solutions-plug#399](https://github.com/Emmyt24/predictIQ/issues/399)) ([27dcdb9](27dcdb9)) * **api:** add unit tests for chain reorg invalidation logic ([40b90c0](40b90c0)) * **api:** add URL versioning strategy and request deduplication ([03f15b6](03f15b6)) * **bets:** add property-based fuzz tests for bet placement inputs ([8ef07fe](8ef07fe)) * blockchain integration service ([92d3325](92d3325)) * centralize and version contract key schema ([a4bc239](a4bc239)) * **ci:** add contract gas benchmark to CI (issue [solutions-plug#84](https://github.com/Emmyt24/predictIQ/issues/084)) ([11b29a3](11b29a3)) * **ci:** add dependency vulnerability scanning ([27f0b9e](27f0b9e)) * **ci:** add Docker image build and push to CI ([4ac6b29](4ac6b29)) * **ci:** implement semantic versioning and changelog automation ([0967121](0967121)) * Confidence threshold rounding tests ([4e13454](4e13454)) * **contract:** pagination for heavy queries ([6ad5637](6ad5637)) * **contract:** pagination for heavy queries ([6b7d083](6b7d083)) * **contracts:** add hard pagination bounds for query functions ([solutions-plug#407](https://github.com/Emmyt24/predictIQ/issues/407)) ([df7305f](df7305f)) * distinguish live/stale/rpc_fallback in blockchain responses ([8ab8468](8ab8468)) * distinguish live/stale/rpc_fallback in blockchain responses ([8fb1962](8fb1962)) * Emit Events for Monitoring State Resets ([af06066](af06066)) * Event payload verification tests for oracle/dispute/resolution events ([d0ae480](d0ae480)) * **frontend:** add form validation with accessible user feedback ([solutions-plug#73](https://github.com/Emmyt24/predictIQ/issues/073)) ([f376168](f376168)) * implement AI text-to-speech for social video narrations ([a2f025f](a2f025f)) * Implement automated gas benchmarking and instruction optimization (Issue [solutions-plug#7](https://github.com/Emmyt24/predictIQ/issues/7)) ([5ab7a28](5ab7a28)) * Implement automated hybrid consensus resolution state machine ([15a54be](15a54be)), closes [solutions-plug#4](https://github.com/Emmyt24/predictIQ/issues/4) * implement cache TTL per key type (Issue [solutions-plug#46](https://github.com/Emmyt24/predictIQ/issues/046)) ([8f2bbb1](8f2bbb1)) * implement caching and performance optimization ([47fea70](47fea70)) * implement claim_winnings function with payout calculation ([fa5871e](fa5871e)) * Implement Classic Stellar Assets (SAC) interoperability (Issue [solutions-plug#21](https://github.com/Emmyt24/predictIQ/issues/21)) ([c3de65e](c3de65e)) * implement comprehensive rate limiting and security measures (Issue [solutions-plug#12](https://github.com/Emmyt24/predictIQ/issues/12)) ([c4f6c73](c4f6c73)) * Implement comprehensive WCAG 2.1 AA accessibility testing ([310dde3](310dde3)), closes [solutions-plug#90](https://github.com/Emmyt24/predictIQ/issues/90) * implement conditional/chained prediction markets (Issue [solutions-plug#25](https://github.com/Emmyt24/predictIQ/issues/25)) ([9699a8d](9699a8d)) * implement cursor-based pagination for list endpoints ([3176c4f](3176c4f)) * implement database migration version tracking ([281e2a2](281e2a2)), closes [solutions-plug#496](https://github.com/Emmyt24/predictIQ/issues/496) * implement database schema, migrations, and seeds for issue [solutions-plug#13](https://github.com/Emmyt24/predictIQ/issues/13) ([0306829](0306829)) * implement E2E user journey tests (Issue [solutions-plug#92](https://github.com/Emmyt24/predictIQ/issues/92)) ([509a5c2](509a5c2)) * implement email webhook authenticity and replay protection for sendgrid ([d345150](d345150)) * implement graceful shutdown for background workers ([0ef02d4](0ef02d4)) * implement graceful shutdown for background workers ([c6a3f1c](c6a3f1c)) * implement Guardian-led emergency pause to mitigate Admin hijacking ([b3a7aab](b3a7aab)), closes [solutions-plug#158](https://github.com/Emmyt24/predictIQ/issues/158) * implement infrastructure as code for deployment ([6d6f088](6d6f088)) * implement issues [solutions-plug#513](https://github.com/Emmyt24/predictIQ/issues/513) [solutions-plug#514](https://github.com/Emmyt24/predictIQ/issues/514) [solutions-plug#515](https://github.com/Emmyt24/predictIQ/issues/515) [solutions-plug#516](https://github.com/Emmyt24/predictIQ/issues/516) ([f8cdec2](f8cdec2)) * implement linear reputation-based discounts for market creators ([2fdb2b3](2fdb2b3)), closes [solutions-plug#153](https://github.com/Emmyt24/predictIQ/issues/153) * implement multisig emergency pause with partial freeze for Guardian-controlled risk management ([17b16c2](17b16c2)) * implement newsletter subscription endpoint (issue [solutions-plug#2](https://github.com/Emmyt24/predictIQ/issues/2)) ([4100f1b](4100f1b)) * Implement Overflow-Safe Price Confidence Calculation ([6fcb022](6fcb022)) * Implement permissioned creation and tiered market levels (Issue [solutions-plug#14](https://github.com/Emmyt24/predictIQ/issues/14)) ([f6ad2af](f6ad2af)) * Implement production-ready email service integration (Issue [solutions-plug#14](https://github.com/Emmyt24/predictIQ/issues/14)) ([3077d91](3077d91)) * implement production-ready Pyth oracle price fetching ([1e84441](1e84441)), closes [solutions-plug#25](https://github.com/Emmyt24/predictIQ/issues/25) [solutions-plug#41](https://github.com/Emmyt24/predictIQ/issues/41) [solutions-plug#49](https://github.com/Emmyt24/predictIQ/issues/49) * Implement Pyth Network oracle integration (Issue [solutions-plug#2](https://github.com/Emmyt24/predictIQ/issues/2)) ([89037f4](89037f4)) * implement real market resolve write flow ([solutions-plug#457](https://github.com/Emmyt24/predictIQ/issues/457)) ([ca9de29](ca9de29)) * Implement referral system with affiliate incentives ([f2bf178](f2bf178)), closes [solutions-plug#11](https://github.com/Emmyt24/predictIQ/issues/11) * Implement snapshot-based voting weight to prevent flash voting attacks ([e039a14](e039a14)), closes [solutions-plug#3](https://github.com/Emmyt24/predictIQ/issues/3) * Implement State Footprint & TTL Management (Issue [solutions-plug#6](https://github.com/Emmyt24/predictIQ/issues/6)) ([3702293](3702293)) * increase dispute window to 72 hours for better accessibility ([3a49d12](3a49d12)), closes [solutions-plug#8](https://github.com/Emmyt24/predictIQ/issues/8) * introduce targeted cache invalidation tags ([solutions-plug#459](https://github.com/Emmyt24/predictIQ/issues/459)) ([e2924e3](e2924e3)) * invariant tests for market stake conservation ([ef097f5](ef097f5)) * Multi-oracle keying tests ([0374afa](0374afa)) * newsletter-security-issues ([59e2a2d](59e2a2d)) * **perf:** add k6 load test for blockchain data endpoints (issue [solutions-plug#82](https://github.com/Emmyt24/predictIQ/issues/082)) ([7963d6f](7963d6f)) * **perf:** implement performance regression detection in CI (issue [solutions-plug#83](https://github.com/Emmyt24/predictIQ/issues/083)) ([b8e71e3](b8e71e3)) * protect /metrics endpoint with auth and IP allowlist ([044ef94](044ef94)), closes [solutions-plug#456](https://github.com/Emmyt24/predictIQ/issues/456) * Redis pooling, circuit breaker, retry, correlation IDs, OTel tracing ([cab2ffb](cab2ffb)) * Refactor Logic Duplication in Claim Paths ([8bf392f](8bf392f)) * Replace panic! with ErrorCode returns and standardize event schema ([b81510a](b81510a)) * return 401 JSON+headers from api_key_middleware, add integration tests ([2484683](2484683)) * sanitize email recipients before SendGrid call (Issue [solutions-plug#44](https://github.com/Emmyt24/predictIQ/issues/044)) ([13ff88a](13ff88a)) * test-pruning-behaviour ([6d509e4](6d509e4)) * test-reentrancy ([d62a880](d62a880)) * tests for partial storage cleanup ([77c3199](77c3199)) * **tts:** add API key and JWT authentication ([86b6396](86b6396)) * **tts:** add health check endpoint (issue [solutions-plug#85](https://github.com/Emmyt24/predictIQ/issues/085)) ([b30a5ed](b30a5ed)) * **tts:** rate limiting, caching, error handling, input sanitization ([e824ec1](e824ec1)), closes [solutions-plug#531](https://github.com/Emmyt24/predictIQ/issues/531) [solutions-plug#532](https://github.com/Emmyt24/predictIQ/issues/532) [solutions-plug#533](https://github.com/Emmyt24/predictIQ/issues/533) [solutions-plug#534](https://github.com/Emmyt24/predictIQ/issues/534) [solutions-plug#531](https://github.com/Emmyt24/predictIQ/issues/531) [solutions-plug#532](https://github.com/Emmyt24/predictIQ/issues/532) [solutions-plug#533](https://github.com/Emmyt24/predictIQ/issues/533) [solutions-plug#534](https://github.com/Emmyt24/predictIQ/issues/534) * update_check_in_interval Function ([5379e22](5379e22)) * wire and globalise admin security & validation middleware ([solutions-plug#446](https://github.com/Emmyt24/predictIQ/issues/446) [solutions-plug#447](https://github.com/Emmyt24/predictIQ/issues/447) [solutions-plug#448](https://github.com/Emmyt24/predictIQ/issues/448) [solutions-plug#449](https://github.com/Emmyt24/predictIQ/issues/449)) ([38ad7b3](38ad7b3)) ### Performance Improvements * **solutions-plug#406:** rewrite get_markets_by_status to use status index (O(limit) vs O(total)) ([501c3b7](501c3b7)), closes [solutions-plug#406](https://github.com/Emmyt24/predictIQ/issues/406) * remove unused administrative getter functions ([bb2d17f](bb2d17f)) * remove unused administrative getter functions ([21874f2](21874f2))
…lls, and TTS load test ## solutions-plug#751 — Dependabot configuration for automated security updates Added `.github/dependabot.yml` to enable automatic dependency update PRs: - npm ecosystem covered for `/frontend` and `/services/tts` (weekly schedule) - GitHub Actions ecosystem covered at `/` (weekly schedule) - `open-pull-requests-limit: 10` on every entry to avoid PR flooding ## solutions-plug#750 — Trace-log correlation section in DISTRIBUTED_TRACING.md Added a new "Correlating Traces with Logs" section to `docs/DISTRIBUTED_TRACING.md`: - Explains how `trace_id` and `span_id` are emitted in structured log output for both the Rust API service (via `tracing-opentelemetry`) and the TypeScript TTS service (via `@opentelemetry/api`) - Provides ready-to-run CloudWatch Logs Insights queries to filter logs by `trace_id`, surface error logs with trace context, and group latency by trace - Documents the end-to-end Jaeger → CloudWatch workflow for correlating a slow trace with its corresponding log lines across services ## solutions-plug#749 — Rollback drill schedule and test results in ROLLBACK.md Added a "Rollback Drill Schedule and Test Results" section to `infrastructure/ROLLBACK.md`: - Quarterly drill cadence documented (first Tuesday of each quarter, 14:00 UTC) - Step-by-step instructions for running a drill against staging - Drill log table to record date, procedure, duration, issues found, and the PR that resolved each issue — pre-seeded with two historical entries - Procedure update process requiring a second reviewer and staging re-validation ## solutions-plug#748 — k6 load test for the TTS service Added `performance/backend/k6/tts-load-test.js`: - Covers all primary TTS endpoints: `/health`, `/tts/enqueue`, `/tts/jobs`, `/tts/job/:id` - Measures p95 latency (enqueue < 500 ms, job-status < 200 ms, sync-generate < 10 s), error rate (< 1 %), and throughput - Load profile intentionally conservative (max 20 VUs) to stay within Google Cloud TTS API quota limits - Google Cloud TTS quota limits documented inline (1 M chars/month free tier; 1 000 req/min soft limit per project) - `handleSummary` writes a structured JSON report to `backend/reports/tts-load-test-summary.json` Also added a `tts_quota` alert group to `performance/config/alerts.yaml`: - `TTSHighRequestRate` — warns at 800 req/min (80 % of quota) - `TTSQuotaNearExhaustion` — critical at 950 req/min - `TTSHighErrorRate` — warns when TTS error rate exceeds 5 % - `TTSHighLatency` — warns when p95 exceeds 10 s Closes solutions-plug#751 Closes solutions-plug#750 Closes solutions-plug#749 Closes solutions-plug#748
|
@Emmyt24 Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits. You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR resolves four issues across security, observability, infrastructure reliability, and performance:
#751 — Dependabot configuration for automated security updates
.github/dependabot.ymlwith weekly update schedules for thenpmecosystem in/frontendand/services/tts, and forgithub-actionsat/open-pull-requests-limit: 10on every entry prevents PR flooding#750 — Trace-log correlation documentation in DISTRIBUTED_TRACING.md
docs/DISTRIBUTED_TRACING.mdtrace_idandspan_idare emitted in structured logs for both the Rust API service (tracing-opentelemetry) and the TypeScript TTS service (@opentelemetry/api), with code examples for eachtrace_id, surface errors with trace context, and group latency distribution by trace#749 — Rollback drill schedule and test results in ROLLBACK.md
infrastructure/ROLLBACK.md#748 — k6 load test for the TTS service + quota alerts
performance/backend/k6/tts-load-test.jscovering/health,/tts/enqueue,/tts/jobs, and/tts/job/:idhandleSummarywrites a structured JSON report tobackend/reports/tts-load-test-summary.jsontts_quotaalert group toperformance/config/alerts.yamlwith four rules: warning at 80 % quota consumption, critical at 95 %, high error rate, and high p95 latencyTest plan
.github/dependabot.ymlis valid YAML (yamllint .github/dependabot.yml)k6 run -e TTS_URL=http://staging-tts:3000 performance/backend/k6/tts-load-test.jsCloses #751
Closes #750
Closes #749
Closes #748