DevOps Engineer
225295030b
fix(HRT-73): refactor api_proxy — COMBINED_ROUTES tuple + align with turf_scraper fix #23
...
CD / Deploy → Staging (push) Has been cancelled
CD / Smoke Tests on Staging (push) Has been cancelled
CD / Deploy → Production (push) Has been cancelled
CD / Rollback Production (push) Has been cancelled
- Replace if/elif chain with COMBINED_ROUTES tuple for maintainability
- Add missing routes to combined_api: races, race/, scores, ask, brave-search,
execute-sql, send-email, report, ideas
- Functionally equivalent to turf_scraper commit 048b969
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-04-27 22:38:32 +02:00
DevOps Engineer
86e85aa1c6
fix(HRT-72): fix Overpass OSM scraper — bounding box + Content-Type + User-Agent
...
Bug 1: Replace area["name"="..."] query with direct bounding box (50.4,2.8,50.8,3.3)
— area resolution fails silently on public Overpass API depending on server version.
— Direct bbox is deterministic and reliable for MEL coverage.
— Also simplify website filter to use [!"website"] tag negation syntax.
Bug 2: Add explicit Content-Type: application/x-www-form-urlencoded header
— Some network configs/proxies strip the implicit header set by requests.post(data={}).
— Explicit header is best practice per Overpass API docs.
Bug 3 (discovered during test): Add User-Agent header
— overpass-api.de returns 406 Not Acceptable for User-Agent: python-requests/*.
— Fix: send H3R7Tech-LeadHunter/1.0 as custom User-Agent.
— Tested: 5 OSM leads returned from Lille center bounding box.
Backup: leadhunter_scraper.py.backup_20260427_221429
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-04-27 22:19:10 +02:00
5aa6013c52
Merge pull request '[HRT-66] LeadHunter S1 — Core scraping, scoring, CRM SQLite et API Flask' ( #8 ) from feature/HRT-66-leadhunter-core into master
CD / Deploy → Staging (push) Has been cancelled
CD / Smoke Tests on Staging (push) Has been cancelled
CD / Deploy → Production (push) Has been cancelled
CD / Rollback Production (push) Has been cancelled
2026-04-27 16:55:00 +02:00
DevOps Engineer
4b4323f707
fix(leadhunter): change port 8770→8775 — port 8770 occupé par turf_scraper/crm_api.py
...
Port audit sur VPS (27/04/2026) :
- 8769 : depenses_trello/app.py (PID 2287989)
- 8770 : turf_scraper/crm_api.py (PID 2287988) ← port précédemment choisi, aussi occupé
- 8775 : libre (vérifié via ss -tlnp | grep 8775 → vide)
Fichiers modifiés :
- leadhunter_api.py : lignes 5, 295, 303 (port 8770→8775)
- infra/turf-saas-leadhunter.service : Description Port 8770→8775
Issue: HRT-66
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-04-27 16:48:12 +02:00
DevOps Engineer
356bdf5bec
fix(leadhunter): change port 8769→8770 — conflit avec depenses_trello
...
Port 8769 était occupé par /home/h3r7/depenses_trello/app.py (pid=2287989).
Mise à jour du port dans :
- leadhunter_api.py (docstring, healthcheck, app.run)
- infra/turf-saas-leadhunter.service (description)
Ref: HRT-66
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-04-27 16:42:15 +02:00
DevOps Engineer
f9a45e6deb
feat(HRT-66): LeadHunter S1 — core scraping, scoring, CRM SQLite et API Flask
...
- leadhunter_scraper.py : Google Places Nearby Search + Place Details
avec compteur quota daily_quota.json (limite 900/jour),
sleep(0.5) entre requêtes, fallback Overpass OSM boundary MEL,
filtre website absent, déduplcation, rgpd_ok=True
- leadhunter_scorer.py : moteur de scoring 0-8 pts
critère n°1 = site web absent (+3), avis ≥50 (+2),
note ≥4.0 (+2), téléphone (+1), note <3.0 (-1)
- leadhunter_crm.py : CRM SQLite schéma validé CTO
(id, source, name, address, phone, rating, reviews_count,
website, score, rgpd_ok, scraped_at, status)
CRUD : insert_lead, get_leads, update_lead_status, get_stats, export_csv
- leadhunter_api.py : Flask service port 8769
GET /api/leads, POST /api/leads/scrape, GET /api/leads/stats,
GET /api/leads/export, PATCH /api/leads/<id>/status, GET /health
assert GOOGLE_PLACES_API_KEY au démarrage
scraping asynchrone (thread) avec status endpoint
- infra/turf-saas-leadhunter.service : service systemd
EnvironmentFile=/home/h3r7/.env pour GOOGLE_PLACES_API_KEY
Tests : py_compile OK, scorer testé, CRM SQLite testé
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-04-27 16:33:30 +02:00
DevOps Engineer
cfc0f038f9
Merge remote HRT-43 into local master (sync)
...
CD / Deploy → Staging (push) Has been cancelled
CD / Smoke Tests on Staging (push) Has been cancelled
CD / Deploy → Production (push) Has been cancelled
CD / Rollback Production (push) Has been cancelled
Merge remote commit 837a084noreply@paperclip.ing >
2026-04-27 16:16:31 +02:00
DevOps Engineer
c999285895
Merge HRT-63: Blacklist + validation complexite mots de passe
...
Fix review: abc12345 -> abc1234 dans test_security.py (TestWeakPasswordRejection)
Valide CTO — coherence blacklist/test confirmee.
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-04-27 16:14:17 +02:00
DevOps Engineer
e517741c97
fix(tests): replace abc12345 by abc1234 in TestWeakPasswordRejection
...
abc12345 n'est pas dans WEAK_PASSWORDS de saas_auth.py et satisfait
les règles de complexité → test échouait (attendait 400, obtenait 201).
abc1234 est explicitement dans la blacklist (ligne 84 de saas_auth.py).
Correction demandée par CTO en review PR #7 (HRT-63).
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-04-27 15:53:39 +02:00
837a0845ec
Merge pull request 'HRT-43 — Test intégration ml_predictions_cache : zéro NULL hippodrome' ( #5 ) from feature/HRT-43-ml-cache-null-test into master
CD / Deploy → Staging (push) Has been cancelled
CD / Smoke Tests on Staging (push) Has been cancelled
CD / Deploy → Production (push) Has been cancelled
CD / Rollback Production (push) Has been cancelled
2026-04-27 15:36:48 +02:00
CTO H3R7Tech
4bf458f1b8
Merge HRT-62: IP-based rate limiting on /auth/login — validated CTO
...
- In-memory IP rate limiter: 5 attempts / 5min window
- 15 min block on exceed, HTTP 429 + Retry-After header
- Applied rate_limit_middleware on portal_server.py
- Tests: TestLoginRateLimit added (conflict resolved: keep both test classes)
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-04-27 15:24:07 +02:00
CTO H3R7Tech
099286b078
Merge HRT-63 + HRT-54: password blacklist/complexity + billing JWT fix — validated CTO
...
- HRT-63: WEAK_PASSWORDS blacklist (50+ entries) + validate_password_strength()
- HRT-54: billing JWT token fix, table name corrections
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-04-27 15:22:03 +02:00
CTO H3R7Tech
d39c7d3319
fix(billing): JWT token incompatibility — use saas_auth require_auth + fix table names HRT-54
...
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-04-27 15:21:43 +02:00
DevOps Engineer
8c5fdf1e9c
feat(security): blacklist + password strength validation — fix weak passwords HRT-63
...
- Add WEAK_PASSWORDS set (50+ common passwords) in saas_auth.py
- Add validate_password_strength() function: checks min length, blacklist, digits, letters
- Replace raw len() checks in /register and /change-password with validate_password_strength()
- Add TestWeakPasswordRejection class in test_security.py: parametrized weak pwd test, strong pwd 201 test, no-digit, no-letter tests
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-04-27 15:01:57 +02:00
DevOps Engineer
7f5573f076
feat(security): add IP-based rate limiting on /api/v1/auth/login — fix brute force HRT-62
...
- saas_auth.py: in-memory sliding-window rate limiter (5 attempts/5min, 15min block)
using collections.defaultdict + threading.Lock, stdlib only, no new deps
- portal_server.py: register rate_limit_middleware + access_log_middleware
(was missing, leaving global 100req/min limit unApplied on portal routes)
- tests/security/test_security.py: add TestLoginRateLimit class with
test_login_brute_force_blocked_after_5_attempts and test_login_429_has_retry_after_header
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-04-27 14:50:08 +02:00
DevOps Engineer
82d6bdafba
HRT-43 — Test intégration ml_predictions_cache : zéro NULL hippodrome
...
- Ajout tests/test_ml_cache_integrity.py : 7 tests integration vérifiant
que hippodrome, race_label et heure ne sont pas NULL pour la date courante
- Ajout marqueur 'integration' dans pytest.ini
- Connexion DB en lecture seule (mode=ro) pour protection prod
- Support variable d'env TEST_DATE et TURF_DB_PATH
- Tests skippés proprement si job 19h30 n'a pas encore tourné
- Validé sur les données 2026-04-26 : 7/7 PASSED (1005 lignes, 0 NULL)
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-04-27 14:26:46 +02:00
DevOps Engineer
36d93697bc
Merge Sprint 7-8 CI/CD + Docker + Monitoring (HRT-33)
CD / Deploy → Staging (push) Has been cancelled
CD / Smoke Tests on Staging (push) Has been cancelled
CD / Deploy → Production (push) Has been cancelled
CD / Rollback Production (push) Has been cancelled
2026-04-26 23:12:59 +02:00
2f57719b21
Merge pull request 'Sprint 4-5 — Landing Page + Onboarding (HRT-30)' ( #3 ) from feature/landing-onboarding into master
2026-04-26 23:12:06 +02:00
bffc06c9b1
Merge pull request 'Sprint 3-4 — Refacto API /v1/ (HRT-29)' ( #2 ) from feature/api-v1-refacto into master
2026-04-26 23:12:04 +02:00
f1ef2648b1
Merge pull request 'Sprint 6-7 — ML Upgrade: Ensemble XGBoost+LightGBM+MLP + Optuna' ( #1 ) from feature/ml-upgrade-ensemble into master
2026-04-25 19:15:15 +02:00
DevOps Engineer
6b762068fd
feat(ml): train ensemble model and generate benchmark report
...
Results:
- XGBoost (Optuna 100 trials): AUC=0.7856, Precision@3=0.5783
- LightGBM (Optuna 100 trials): AUC=0.7833, Precision@3=0.5736
- MLP (3 layers 256-128-64): AUC=0.7743, Precision@3=0.5643
- Ensemble (weighted voting): AUC=0.7840, Precision@3=0.5814
Baseline XGBoost: Precision@3=0.5287
Delta: +0.0527 (+5.3%) — DEPLOY threshold met (+5%)
Latency: 35ms/race, 69ms/full-day (well under 200ms limit)
SHAP: 31/43 features selected, top features: rang_cote,
implied_prob, cote_direct, ratio_cote_field
All 12 regression/latency tests passing.
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-04-25 19:10:41 +02:00
DevOps Engineer
0e7bcff6b0
feat(ml): add ensemble XGBoost+LightGBM+MLP with Optuna optimization
...
- train_ensemble.py: full training pipeline with 100-trial Optuna studies
for XGBoost and LightGBM, MLP (256-128-64), SHAP feature selection,
weighted soft-voting ensemble, benchmark report generation
- predict_v2.py: production prediction module with model cache invalidation
- combined_api.py: add /api/v1/predictions, /api/v1/model/status,
/api/v1/model/invalidate-cache endpoints using ensemble model
- tests/test_ml_ensemble.py: regression, latency and API tests
Baseline XGBoost Precision@3: 0.5287 (holdout 20% temporal)
Deploy threshold: +5% = 0.5551
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-04-25 18:18:48 +02:00
DevOps Engineer
ce0ee150ec
fix(api-v1): add billing_db.py dependency for billing routes
...
The api_v1 Blueprint includes billing routes (POST/GET /api/v1/billing/*),
which import from billing_db. This module lives in feature/billing-stripe
(HRT-31) but is needed here for tests to pass. Added the file so all
42 integration tests pass without modification.
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-04-25 18:08:39 +02:00
DevOps Engineer
41a9e36166
feat(sprint4-5): Landing page + onboarding SaaS — HRT-30
...
Frontend pages:
- landing.html: marketing page — hero, pricing (Free/9.90e/24.90e), features, FAQ, footer, mobile-first responsive, LCP < 2.5s friendly
- login.html: JWT auth login with JS validation, error handling, redirect-after-login
- register.html: registration with plan selection preview sidebar, password strength meter
- dashboard_saas.html: role-based dashboard (Free/Premium/Pro) with locked sections, race prediction cards, detailed table, stats row
- onboarding.html: 3-step wizard — plan confirm + Telegram alerts config + first prediction preview
- account.html: tabbed account management — profile, security (change-password, delete), plan upgrade, notification preferences
Backend:
- saas_auth.py: Flask Blueprint /api/v1/auth/* — register, login, token auth, profile/password/plan/preferences update, logout, delete-account
- saas_api_v1.py: Flask Blueprint /api/v1/* — stats/summary, predictions/today (plan-gated), value-bets (Premium+), CSV export (Pro)
Server:
- portal_server.py: register blueprints, serve all new SaaS routes at /login /register /dashboard /onboarding /account
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-04-25 18:04:19 +02:00
DevOps Engineer
b8ef1ed35d
feat: Sprint 3-4 — Refacto API /v1/ (HRT-29)
...
- Blueprint Flask api_v1 avec prefix /api/v1/
- GET /api/v1/health — healthcheck public
- GET /api/v1/courses/today — courses du jour (paginé, filtré)
- GET /api/v1/courses/{id}/predictions — prédictions ML pour une course
- GET /api/v1/predictions/top3 — top 3 global (free tier)
- GET /api/v1/predictions/all — toutes prédictions (premium+)
- GET /api/v1/valuebets — value bets du jour (premium+)
- GET /api/v1/backtest — résultats backtest historiques (pro)
- GET /api/v1/export/csv — export CSV prédictions/paris (pro)
- GET /api/v1/metrics — métriques perf ML (premium+)
- Swagger/OpenAPI via flasgger à /api/v1/docs
- Erreurs uniformes {status, message, code}
- Pagination limit/offset sur toutes les listes
- 42 tests d'intégration passants
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-04-25 18:00:54 +02:00
DevOps Engineer
793ee82c29
fix(qa): add /health endpoints to Flask apps for Docker healthchecks
...
Docker compose healthchecks target /health on combined-api, dashboard-api
and portal, but these endpoints did not exist (returned 404). This caused
all dependent services (condition: service_healthy) to fail startup.
- combined_api.py: GET /health + /turf/health with DB connectivity check
- dashboard_api.py: GET /health + /turf/health with DB connectivity check
- portal_server.py: GET /health (lightweight, no DB)
QA Finding 1 from HRT-34 review of HRT-33 branch feature/devops-cicd.
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-04-25 17:44:21 +02:00
DevOps Engineer
c8f1bfd478
Merge feature/auth-jwt-multitenant into main — Sprint 2-3 Auth JWT + Multi-tenant (HRT-28)
...
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-04-25 17:35:48 +02:00
DevOps Engineer
5a23692ad1
feat: Sprint 2-3 — Auth JWT + Multi-tenant (HRT-28)
...
- auth_db.py: create users, subscriptions, refresh_tokens tables in turf_saas.db
- auth.py: register/login/refresh/logout endpoints, JWT middleware, plan_required decorator, free daily-limit check
- middleware.py: in-memory rate limiter (100 req/min/IP), timestamped access logs
- saas_api.py: Flask app factory wiring JWT, CORS, blueprints, /api/v1/predictions plan-gating
- tests/test_auth.py: 27 pytest tests, 83% coverage (target >=80%)
- API_AUTH.md: full endpoint documentation
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-04-25 17:35:45 +02:00
DevOps Engineer
dce1e9b744
feat(devops): CI/CD + Docker + Monitoring infrastructure
...
- Multi-stage Dockerfile (builder+runner, <500MB target)
- docker-compose.yml: app(x4) + postgres + redis + prometheus + grafana + nginx
- .env.example with all required secrets (never hardcoded)
- requirements.txt with all dependencies including prometheus-client, alembic
- GitHub Actions CI: lint (flake8+bandit+safety) + tests + Docker build/push
- GitHub Actions CD: staging deploy -> smoke tests -> production deploy + rollback
- Alembic migration setup + initial PostgreSQL schema (001_initial_schema)
- SQLite→PostgreSQL data migration script
- Prometheus metrics module (HTTP, ML, DB, business metrics)
- Prometheus alert rules (5xx >1%, latency >2s, disk >80%, ML accuracy)
- Grafana dashboard (overview: req/s, p95, ML accuracy, error rate)
- Nginx reverse proxy config (HTTPS/TLS, rate limiting, security headers)
- Structured JSON logging module
- Automated daily DB backup script (pg_dump + 30-day retention)
Branch: feature/devops-cicd
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-04-25 17:32:02 +02:00
ML Engineer
ed07c8a3d1
Initial commit: existing turf_saas codebase
...
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-04-25 17:18:43 +02:00
