19 Commits

Author	SHA1	Message	Date
CTO H3R7Tech	4b766cb908	feat(HRT-200): AI Router — Multi-provider LLM routing with failover ... - 4 provider adapters: OpenAI (SDK), Anthropic (SDK), Google (google-genai), Mistral (direct HTTP) - Core router with automatic failover + exponential backoff - Flask blueprint with /api/v1/ai/* endpoints - Auth via token-broker verify endpoint - DB models for ai_providers, ai_model_mapping, ai_router_log - /health endpoint (parallel provider check), /usage stats - 21 unit tests (all passing)	2026-05-24 10:21:36 +02:00
CTO H3R7Tech	fac498efec	fix: test isolation + auth import compatibility + add optuna to requirements (HRT-136) ... Test isolation fixes: - auth_db.get_db(): read TURF_SAAS_DB dynamically (not frozen at import) - api_v1/utils.get_db(): read TURF_SAAS_DB dynamically (not frozen at import) - api_tokens_db.get_db(): read TURF_SAAS_DB dynamically (not frozen at import) - tests/test_history.py: enforce _tmp_db.name + call init_auth_tables() in fixtures - tests/test_user_tokens.py: enforce _tmp_db.name + call migrate_api_tokens_tables() in app fixture Auth compatibility fixes: - api_v1/routes/history.py: use auth.jwt_required_middleware (flask_jwt_extended) with saas_auth fallback for portal_server context - api_v1/routes/ml_feedback.py: same auth import strategy - api_v1/routes/user.py: same auth import strategy Dependencies: - requirements.txt: add optuna>=4.0.0 (used in ML ensemble tests and training) Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-10 08:45:31 +02:00
DevOps Engineer	663e0bb149	Merge PR #12 — [HRT-82] Multi-compte / Organisation Pro (max 5 users) ... Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-30 08:39:59 +02:00
DevOps Engineer	f300e44c74	feat(HRT-80): API Token personnel + Webhook alertes (Pro) ... - Nouveaux fichiers: api_tokens_db.py, api_v1/routes/user_tokens.py, api_v1/utils_webhook.py - Migration DB idempotente: tables user_api_tokens + user_webhooks - Endpoints POST/DELETE /api/v1/user/api-token (Pro only) - Endpoints POST/DELETE /api/v1/user/webhook (Pro only, HTTPS requis) - HMAC-SHA256 fire-and-forget dispatch webhook - auth.py: validate_api_key() + X-API-Key fallback dans jwt_required_middleware - saas_auth.py: import logging au niveau module, validate_api_key(), X-API-Key fallback - api_v1/__init__.py: enregistrement user_tokens_bp - 24 tests pytest — tous passent Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-29 17:25:30 +02:00
DevOps Engineer	946bdc65b6	feat(HRT-82): Multi-compte / Organisation Pro (max 5 users) ... - Add org_db.py: SQLite schema with organizations + org_members tables PRAGMA foreign_keys=ON, ON DELETE CASCADE, UNIQUE constraints - Add api_v1/routes/org.py: CRUD org endpoints + invite/accept flow POST/GET/DELETE /api/v1/org, POST /api/v1/org/invite, GET/DELETE /api/v1/org/members — Pro plan only, max 5 members - Add tests/test_org.py: 36 unit tests (35/36 pass; 1 test-env issue) - Update api_v1/__init__.py: register org_bp - Update saas_api_v1.py: register org_bp on portal_server app via record_once - Service restarted, /api/v1/org/* endpoints live (401 on unauthenticated) Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-29 17:09:13 +02:00
DevOps Engineer	701660ce83	fix(HRT-81): enregistrer history_bp dans api_v1/__init__.py ... - Ajouter import de history_bp depuis .routes.history - Ajouter app.register_blueprint(history_bp) dans register_api_v1() - Corriger le docstring du module pour lister /api/v1/history - Tests: 19/19 passed (GET /api/v1/history — auth, free/premium/pro, validation, pagination) Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-29 16:56:35 +02:00
DevOps Engineer	c999285895	Merge HRT-63: Blacklist + validation complexite mots de passe ... Fix review: abc12345 -> abc1234 dans test_security.py (TestWeakPasswordRejection) Valide CTO — coherence blacklist/test confirmee. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-27 16:14:17 +02:00
DevOps Engineer	e517741c97	fix(tests): replace abc12345 by abc1234 in TestWeakPasswordRejection ... abc12345 n'est pas dans WEAK_PASSWORDS de saas_auth.py et satisfait les règles de complexité → test échouait (attendait 400, obtenait 201). abc1234 est explicitement dans la blacklist (ligne 84 de saas_auth.py). Correction demandée par CTO en review PR #7 (HRT-63). Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-27 15:53:39 +02:00
CTO H3R7Tech	4bf458f1b8	Merge HRT-62: IP-based rate limiting on /auth/login — validated CTO ... - In-memory IP rate limiter: 5 attempts / 5min window - 15 min block on exceed, HTTP 429 + Retry-After header - Applied rate_limit_middleware on portal_server.py - Tests: TestLoginRateLimit added (conflict resolved: keep both test classes) Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-27 15:24:07 +02:00
DevOps Engineer	8c5fdf1e9c	feat(security): blacklist + password strength validation — fix weak passwords HRT-63 ... - Add WEAK_PASSWORDS set (50+ common passwords) in saas_auth.py - Add validate_password_strength() function: checks min length, blacklist, digits, letters - Replace raw len() checks in /register and /change-password with validate_password_strength() - Add TestWeakPasswordRejection class in test_security.py: parametrized weak pwd test, strong pwd 201 test, no-digit, no-letter tests Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-27 15:01:57 +02:00
DevOps Engineer	7f5573f076	feat(security): add IP-based rate limiting on /api/v1/auth/login — fix brute force HRT-62 ... - saas_auth.py: in-memory sliding-window rate limiter (5 attempts/5min, 15min block) using collections.defaultdict + threading.Lock, stdlib only, no new deps - portal_server.py: register rate_limit_middleware + access_log_middleware (was missing, leaving global 100req/min limit unApplied on portal routes) - tests/security/test_security.py: add TestLoginRateLimit class with test_login_brute_force_blocked_after_5_attempts and test_login_429_has_retry_after_header Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-27 14:50:08 +02:00
DevOps Engineer	82d6bdafba	HRT-43 — Test intégration ml_predictions_cache : zéro NULL hippodrome ... - Ajout tests/test_ml_cache_integrity.py : 7 tests integration vérifiant que hippodrome, race_label et heure ne sont pas NULL pour la date courante - Ajout marqueur 'integration' dans pytest.ini - Connexion DB en lecture seule (mode=ro) pour protection prod - Support variable d'env TEST_DATE et TURF_DB_PATH - Tests skippés proprement si job 19h30 n'a pas encore tourné - Validé sur les données 2026-04-26 : 7/7 PASSED (1005 lignes, 0 NULL) Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-27 14:26:46 +02:00
admin	bffc06c9b1	Merge pull request 'Sprint 3-4 — Refacto API /v1/ (HRT-29)' (#2) from feature/api-v1-refacto into master	2026-04-26 23:12:04 +02:00
admin	f1ef2648b1	Merge pull request 'Sprint 6-7 — ML Upgrade: Ensemble XGBoost+LightGBM+MLP + Optuna' (#1) from feature/ml-upgrade-ensemble into master	2026-04-25 19:15:15 +02:00
DevOps Engineer	6b762068fd	feat(ml): train ensemble model and generate benchmark report ... Results: - XGBoost (Optuna 100 trials): AUC=0.7856, Precision@3=0.5783 - LightGBM (Optuna 100 trials): AUC=0.7833, Precision@3=0.5736 - MLP (3 layers 256-128-64): AUC=0.7743, Precision@3=0.5643 - Ensemble (weighted voting): AUC=0.7840, Precision@3=0.5814 Baseline XGBoost: Precision@3=0.5287 Delta: +0.0527 (+5.3%) — DEPLOY threshold met (+5%) Latency: 35ms/race, 69ms/full-day (well under 200ms limit) SHAP: 31/43 features selected, top features: rang_cote, implied_prob, cote_direct, ratio_cote_field All 12 regression/latency tests passing. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-25 19:10:41 +02:00
DevOps Engineer	0e7bcff6b0	feat(ml): add ensemble XGBoost+LightGBM+MLP with Optuna optimization ... - train_ensemble.py: full training pipeline with 100-trial Optuna studies for XGBoost and LightGBM, MLP (256-128-64), SHAP feature selection, weighted soft-voting ensemble, benchmark report generation - predict_v2.py: production prediction module with model cache invalidation - combined_api.py: add /api/v1/predictions, /api/v1/model/status, /api/v1/model/invalidate-cache endpoints using ensemble model - tests/test_ml_ensemble.py: regression, latency and API tests Baseline XGBoost Precision@3: 0.5287 (holdout 20% temporal) Deploy threshold: +5% = 0.5551 Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-25 18:18:48 +02:00
DevOps Engineer	b8ef1ed35d	feat: Sprint 3-4 — Refacto API /v1/ (HRT-29) ... - Blueprint Flask api_v1 avec prefix /api/v1/ - GET /api/v1/health — healthcheck public - GET /api/v1/courses/today — courses du jour (paginé, filtré) - GET /api/v1/courses/{id}/predictions — prédictions ML pour une course - GET /api/v1/predictions/top3 — top 3 global (free tier) - GET /api/v1/predictions/all — toutes prédictions (premium+) - GET /api/v1/valuebets — value bets du jour (premium+) - GET /api/v1/backtest — résultats backtest historiques (pro) - GET /api/v1/export/csv — export CSV prédictions/paris (pro) - GET /api/v1/metrics — métriques perf ML (premium+) - Swagger/OpenAPI via flasgger à /api/v1/docs - Erreurs uniformes {status, message, code} - Pagination limit/offset sur toutes les listes - 42 tests d'intégration passants Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-25 18:00:54 +02:00
DevOps Engineer	5a23692ad1	feat: Sprint 2-3 — Auth JWT + Multi-tenant (HRT-28) ... - auth_db.py: create users, subscriptions, refresh_tokens tables in turf_saas.db - auth.py: register/login/refresh/logout endpoints, JWT middleware, plan_required decorator, free daily-limit check - middleware.py: in-memory rate limiter (100 req/min/IP), timestamped access logs - saas_api.py: Flask app factory wiring JWT, CORS, blueprints, /api/v1/predictions plan-gating - tests/test_auth.py: 27 pytest tests, 83% coverage (target >=80%) - API_AUTH.md: full endpoint documentation Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-25 17:35:45 +02:00
ML Engineer	ed07c8a3d1	Initial commit: existing turf_saas codebase ... Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-25 17:18:43 +02:00