turf_saas

Author	SHA1	Message	Date
DevOps Engineer	30464fb40c	Merge branch 'feature/HRT-84-dashboard-premium-pro' into master Some checks failed CD / Deploy → Staging (push) Has been cancelled Details CD / Smoke Tests on Staging (push) Has been cancelled Details CD / Deploy → Production (push) Has been cancelled Details CD / Rollback Production (push) Has been cancelled Details [HRT-84] Dashboard SaaS — UI Premium & Pro avec gating plan strict - Sections Value Bets, Historique, Export CSV raccordées aux vrais endpoints - Sections Telegram, API Token, Webhook avec mocks (TODO HRT-79, HRT-80) - Gating plan strict: Free/Premium/Pro non contournable côté client - Fix: maxDays Pro = 365j (corrige inversion 30j vs 90j) - Multi-compte Pro: gating UI uniquement (endpoint non défini) Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-29 15:49:56 +02:00
DevOps Engineer	31db3a8260	fix(HRT-84): maxDays historique Pro — 365j au lieu de 30j (inversion corrigée) Pro = 365j (historique le plus long), Premium = 90j, Free = 7j Corrigé suite au point d'attention CTO dans revue de code. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-29 15:49:25 +02:00
DevOps Engineer	278245cd7c	feat(HRT-84): dashboard SaaS — UI Premium & Pro avec gating plan strict - Ajout sections: Value Bets, Alertes Telegram, API Token, Webhook, Historique, Multi-compte - Gating plan strict: Free < Premium < Pro (jamais de données réelles derrière plan inférieur) - Value Bets: raccordé sur endpoint réel /api/v1/valuebets (premium+) - Historique: raccordé sur endpoint réel /api/v1/history (HRT-81) - Telegram / API Token / Webhook: mocks structurés avec contrats d'interface (TODO: replace mock — HRT-79 pour Telegram, HRT-80 pour API Token/Webhook) - Multi-compte: gating UI Pro uniquement, endpoint non défini - Navigation par section avec chargement lazy - Design cohérent dark theme avec badges, lock icons et CTA upgrade par plan Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-29 15:43:02 +02:00
DevOps Engineer	225295030b	fix(HRT-73): refactor api_proxy — COMBINED_ROUTES tuple + align with turf_scraper fix #23 Some checks failed CD / Deploy → Staging (push) Has been cancelled Details CD / Smoke Tests on Staging (push) Has been cancelled Details CD / Deploy → Production (push) Has been cancelled Details CD / Rollback Production (push) Has been cancelled Details - Replace if/elif chain with COMBINED_ROUTES tuple for maintainability - Add missing routes to combined_api: races, race/, scores, ask, brave-search, execute-sql, send-email, report, ideas - Functionally equivalent to turf_scraper commit 048b969 Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-27 22:38:32 +02:00
DevOps Engineer	86e85aa1c6	fix(HRT-72): fix Overpass OSM scraper — bounding box + Content-Type + User-Agent Bug 1: Replace area["name"="..."] query with direct bounding box (50.4,2.8,50.8,3.3) — area resolution fails silently on public Overpass API depending on server version. — Direct bbox is deterministic and reliable for MEL coverage. — Also simplify website filter to use [!"website"] tag negation syntax. Bug 2: Add explicit Content-Type: application/x-www-form-urlencoded header — Some network configs/proxies strip the implicit header set by requests.post(data={}). — Explicit header is best practice per Overpass API docs. Bug 3 (discovered during test): Add User-Agent header — overpass-api.de returns 406 Not Acceptable for User-Agent: python-requests/*. — Fix: send H3R7Tech-LeadHunter/1.0 as custom User-Agent. — Tested: 5 OSM leads returned from Lille center bounding box. Backup: leadhunter_scraper.py.backup_20260427_221429 Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-27 22:19:10 +02:00
admin	5aa6013c52	Merge pull request '[HRT-66] LeadHunter S1 — Core scraping, scoring, CRM SQLite et API Flask' (#8 ) from feature/HRT-66-leadhunter-core into master Some checks failed CD / Deploy → Staging (push) Has been cancelled Details CD / Smoke Tests on Staging (push) Has been cancelled Details CD / Deploy → Production (push) Has been cancelled Details CD / Rollback Production (push) Has been cancelled Details	2026-04-27 16:55:00 +02:00
DevOps Engineer	4b4323f707	fix(leadhunter): change port 8770→8775 — port 8770 occupé par turf_scraper/crm_api.py Port audit sur VPS (27/04/2026) : - 8769 : depenses_trello/app.py (PID 2287989) - 8770 : turf_scraper/crm_api.py (PID 2287988) ← port précédemment choisi, aussi occupé - 8775 : libre (vérifié via ss -tlnp \| grep 8775 → vide) Fichiers modifiés : - leadhunter_api.py : lignes 5, 295, 303 (port 8770→8775) - infra/turf-saas-leadhunter.service : Description Port 8770→8775 Issue: HRT-66 Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-27 16:48:12 +02:00
DevOps Engineer	356bdf5bec	fix(leadhunter): change port 8769→8770 — conflit avec depenses_trello Port 8769 était occupé par /home/h3r7/depenses_trello/app.py (pid=2287989). Mise à jour du port dans : - leadhunter_api.py (docstring, healthcheck, app.run) - infra/turf-saas-leadhunter.service (description) Ref: HRT-66 Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-27 16:42:15 +02:00
DevOps Engineer	f9a45e6deb	feat(HRT-66): LeadHunter S1 — core scraping, scoring, CRM SQLite et API Flask - leadhunter_scraper.py : Google Places Nearby Search + Place Details avec compteur quota daily_quota.json (limite 900/jour), sleep(0.5) entre requêtes, fallback Overpass OSM boundary MEL, filtre website absent, déduplcation, rgpd_ok=True - leadhunter_scorer.py : moteur de scoring 0-8 pts critère n°1 = site web absent (+3), avis ≥50 (+2), note ≥4.0 (+2), téléphone (+1), note <3.0 (-1) - leadhunter_crm.py : CRM SQLite schéma validé CTO (id, source, name, address, phone, rating, reviews_count, website, score, rgpd_ok, scraped_at, status) CRUD : insert_lead, get_leads, update_lead_status, get_stats, export_csv - leadhunter_api.py : Flask service port 8769 GET /api/leads, POST /api/leads/scrape, GET /api/leads/stats, GET /api/leads/export, PATCH /api/leads/<id>/status, GET /health assert GOOGLE_PLACES_API_KEY au démarrage scraping asynchrone (thread) avec status endpoint - infra/turf-saas-leadhunter.service : service systemd EnvironmentFile=/home/h3r7/.env pour GOOGLE_PLACES_API_KEY Tests : py_compile OK, scorer testé, CRM SQLite testé Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-27 16:33:30 +02:00
DevOps Engineer	cfc0f038f9	Merge remote HRT-43 into local master (sync) Some checks failed CD / Deploy → Staging (push) Has been cancelled Details CD / Smoke Tests on Staging (push) Has been cancelled Details CD / Deploy → Production (push) Has been cancelled Details CD / Rollback Production (push) Has been cancelled Details Merge remote commit `837a084` (HRT-43 ML cache null test) with local HRT-62, HRT-63, HRT-54 security commits. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-27 16:16:31 +02:00
DevOps Engineer	c999285895	Merge HRT-63: Blacklist + validation complexite mots de passe Fix review: abc12345 -> abc1234 dans test_security.py (TestWeakPasswordRejection) Valide CTO — coherence blacklist/test confirmee. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-27 16:14:17 +02:00
DevOps Engineer	e517741c97	fix(tests): replace abc12345 by abc1234 in TestWeakPasswordRejection abc12345 n'est pas dans WEAK_PASSWORDS de saas_auth.py et satisfait les règles de complexité → test échouait (attendait 400, obtenait 201). abc1234 est explicitement dans la blacklist (ligne 84 de saas_auth.py). Correction demandée par CTO en review PR #7 (HRT-63). Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-27 15:53:39 +02:00
admin	837a0845ec	Merge pull request 'HRT-43 — Test intégration ml_predictions_cache : zéro NULL hippodrome' (#5 ) from feature/HRT-43-ml-cache-null-test into master Some checks failed CD / Deploy → Staging (push) Has been cancelled Details CD / Smoke Tests on Staging (push) Has been cancelled Details CD / Deploy → Production (push) Has been cancelled Details CD / Rollback Production (push) Has been cancelled Details	2026-04-27 15:36:48 +02:00
CTO H3R7Tech	4bf458f1b8	Merge HRT-62: IP-based rate limiting on /auth/login — validated CTO - In-memory IP rate limiter: 5 attempts / 5min window - 15 min block on exceed, HTTP 429 + Retry-After header - Applied rate_limit_middleware on portal_server.py - Tests: TestLoginRateLimit added (conflict resolved: keep both test classes) Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-27 15:24:07 +02:00
CTO H3R7Tech	099286b078	Merge HRT-63 + HRT-54: password blacklist/complexity + billing JWT fix — validated CTO - HRT-63: WEAK_PASSWORDS blacklist (50+ entries) + validate_password_strength() - HRT-54: billing JWT token fix, table name corrections Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-27 15:22:03 +02:00
CTO H3R7Tech	d39c7d3319	fix(billing): JWT token incompatibility — use saas_auth require_auth + fix table names HRT-54 Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-27 15:21:43 +02:00
DevOps Engineer	8c5fdf1e9c	feat(security): blacklist + password strength validation — fix weak passwords HRT-63 - Add WEAK_PASSWORDS set (50+ common passwords) in saas_auth.py - Add validate_password_strength() function: checks min length, blacklist, digits, letters - Replace raw len() checks in /register and /change-password with validate_password_strength() - Add TestWeakPasswordRejection class in test_security.py: parametrized weak pwd test, strong pwd 201 test, no-digit, no-letter tests Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-27 15:01:57 +02:00
DevOps Engineer	7f5573f076	feat(security): add IP-based rate limiting on /api/v1/auth/login — fix brute force HRT-62 - saas_auth.py: in-memory sliding-window rate limiter (5 attempts/5min, 15min block) using collections.defaultdict + threading.Lock, stdlib only, no new deps - portal_server.py: register rate_limit_middleware + access_log_middleware (was missing, leaving global 100req/min limit unApplied on portal routes) - tests/security/test_security.py: add TestLoginRateLimit class with test_login_brute_force_blocked_after_5_attempts and test_login_429_has_retry_after_header Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-27 14:50:08 +02:00
DevOps Engineer	82d6bdafba	HRT-43 — Test intégration ml_predictions_cache : zéro NULL hippodrome - Ajout tests/test_ml_cache_integrity.py : 7 tests integration vérifiant que hippodrome, race_label et heure ne sont pas NULL pour la date courante - Ajout marqueur 'integration' dans pytest.ini - Connexion DB en lecture seule (mode=ro) pour protection prod - Support variable d'env TEST_DATE et TURF_DB_PATH - Tests skippés proprement si job 19h30 n'a pas encore tourné - Validé sur les données 2026-04-26 : 7/7 PASSED (1005 lignes, 0 NULL) Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-27 14:26:46 +02:00
DevOps Engineer	36d93697bc	Merge Sprint 7-8 CI/CD + Docker + Monitoring (HRT-33) Some checks failed CD / Deploy → Staging (push) Has been cancelled Details CD / Smoke Tests on Staging (push) Has been cancelled Details CD / Deploy → Production (push) Has been cancelled Details CD / Rollback Production (push) Has been cancelled Details	2026-04-26 23:12:59 +02:00
admin	2f57719b21	Merge pull request 'Sprint 4-5 — Landing Page + Onboarding (HRT-30)' (#3 ) from feature/landing-onboarding into master	2026-04-26 23:12:06 +02:00
admin	bffc06c9b1	Merge pull request 'Sprint 3-4 — Refacto API /v1/ (HRT-29)' (#2 ) from feature/api-v1-refacto into master	2026-04-26 23:12:04 +02:00
admin	f1ef2648b1	Merge pull request 'Sprint 6-7 — ML Upgrade: Ensemble XGBoost+LightGBM+MLP + Optuna' (#1 ) from feature/ml-upgrade-ensemble into master	2026-04-25 19:15:15 +02:00
DevOps Engineer	6b762068fd	feat(ml): train ensemble model and generate benchmark report Results: - XGBoost (Optuna 100 trials): AUC=0.7856, Precision@3=0.5783 - LightGBM (Optuna 100 trials): AUC=0.7833, Precision@3=0.5736 - MLP (3 layers 256-128-64): AUC=0.7743, Precision@3=0.5643 - Ensemble (weighted voting): AUC=0.7840, Precision@3=0.5814 Baseline XGBoost: Precision@3=0.5287 Delta: +0.0527 (+5.3%) — DEPLOY threshold met (+5%) Latency: 35ms/race, 69ms/full-day (well under 200ms limit) SHAP: 31/43 features selected, top features: rang_cote, implied_prob, cote_direct, ratio_cote_field All 12 regression/latency tests passing. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-25 19:10:41 +02:00
DevOps Engineer	0e7bcff6b0	feat(ml): add ensemble XGBoost+LightGBM+MLP with Optuna optimization - train_ensemble.py: full training pipeline with 100-trial Optuna studies for XGBoost and LightGBM, MLP (256-128-64), SHAP feature selection, weighted soft-voting ensemble, benchmark report generation - predict_v2.py: production prediction module with model cache invalidation - combined_api.py: add /api/v1/predictions, /api/v1/model/status, /api/v1/model/invalidate-cache endpoints using ensemble model - tests/test_ml_ensemble.py: regression, latency and API tests Baseline XGBoost Precision@3: 0.5287 (holdout 20% temporal) Deploy threshold: +5% = 0.5551 Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-25 18:18:48 +02:00
DevOps Engineer	ce0ee150ec	fix(api-v1): add billing_db.py dependency for billing routes The api_v1 Blueprint includes billing routes (POST/GET /api/v1/billing/*), which import from billing_db. This module lives in feature/billing-stripe (HRT-31) but is needed here for tests to pass. Added the file so all 42 integration tests pass without modification. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-25 18:08:39 +02:00
DevOps Engineer	41a9e36166	feat(sprint4-5): Landing page + onboarding SaaS — HRT-30 Frontend pages: - landing.html: marketing page — hero, pricing (Free/9.90e/24.90e), features, FAQ, footer, mobile-first responsive, LCP < 2.5s friendly - login.html: JWT auth login with JS validation, error handling, redirect-after-login - register.html: registration with plan selection preview sidebar, password strength meter - dashboard_saas.html: role-based dashboard (Free/Premium/Pro) with locked sections, race prediction cards, detailed table, stats row - onboarding.html: 3-step wizard — plan confirm + Telegram alerts config + first prediction preview - account.html: tabbed account management — profile, security (change-password, delete), plan upgrade, notification preferences Backend: - saas_auth.py: Flask Blueprint /api/v1/auth/* — register, login, token auth, profile/password/plan/preferences update, logout, delete-account - saas_api_v1.py: Flask Blueprint /api/v1/* — stats/summary, predictions/today (plan-gated), value-bets (Premium+), CSV export (Pro) Server: - portal_server.py: register blueprints, serve all new SaaS routes at /login /register /dashboard /onboarding /account Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-25 18:04:19 +02:00
DevOps Engineer	b8ef1ed35d	feat: Sprint 3-4 — Refacto API /v1/ (HRT-29) - Blueprint Flask api_v1 avec prefix /api/v1/ - GET /api/v1/health — healthcheck public - GET /api/v1/courses/today — courses du jour (paginé, filtré) - GET /api/v1/courses/{id}/predictions — prédictions ML pour une course - GET /api/v1/predictions/top3 — top 3 global (free tier) - GET /api/v1/predictions/all — toutes prédictions (premium+) - GET /api/v1/valuebets — value bets du jour (premium+) - GET /api/v1/backtest — résultats backtest historiques (pro) - GET /api/v1/export/csv — export CSV prédictions/paris (pro) - GET /api/v1/metrics — métriques perf ML (premium+) - Swagger/OpenAPI via flasgger à /api/v1/docs - Erreurs uniformes {status, message, code} - Pagination limit/offset sur toutes les listes - 42 tests d'intégration passants Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-25 18:00:54 +02:00
DevOps Engineer	793ee82c29	fix(qa): add /health endpoints to Flask apps for Docker healthchecks Docker compose healthchecks target /health on combined-api, dashboard-api and portal, but these endpoints did not exist (returned 404). This caused all dependent services (condition: service_healthy) to fail startup. - combined_api.py: GET /health + /turf/health with DB connectivity check - dashboard_api.py: GET /health + /turf/health with DB connectivity check - portal_server.py: GET /health (lightweight, no DB) QA Finding 1 from HRT-34 review of HRT-33 branch feature/devops-cicd. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-25 17:44:21 +02:00
DevOps Engineer	c8f1bfd478	Merge feature/auth-jwt-multitenant into main — Sprint 2-3 Auth JWT + Multi-tenant (HRT-28) Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-25 17:35:48 +02:00
DevOps Engineer	5a23692ad1	feat: Sprint 2-3 — Auth JWT + Multi-tenant (HRT-28) - auth_db.py: create users, subscriptions, refresh_tokens tables in turf_saas.db - auth.py: register/login/refresh/logout endpoints, JWT middleware, plan_required decorator, free daily-limit check - middleware.py: in-memory rate limiter (100 req/min/IP), timestamped access logs - saas_api.py: Flask app factory wiring JWT, CORS, blueprints, /api/v1/predictions plan-gating - tests/test_auth.py: 27 pytest tests, 83% coverage (target >=80%) - API_AUTH.md: full endpoint documentation Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-25 17:35:45 +02:00
DevOps Engineer	dce1e9b744	feat(devops): CI/CD + Docker + Monitoring infrastructure - Multi-stage Dockerfile (builder+runner, <500MB target) - docker-compose.yml: app(x4) + postgres + redis + prometheus + grafana + nginx - .env.example with all required secrets (never hardcoded) - requirements.txt with all dependencies including prometheus-client, alembic - GitHub Actions CI: lint (flake8+bandit+safety) + tests + Docker build/push - GitHub Actions CD: staging deploy -> smoke tests -> production deploy + rollback - Alembic migration setup + initial PostgreSQL schema (001_initial_schema) - SQLite→PostgreSQL data migration script - Prometheus metrics module (HTTP, ML, DB, business metrics) - Prometheus alert rules (5xx >1%, latency >2s, disk >80%, ML accuracy) - Grafana dashboard (overview: req/s, p95, ML accuracy, error rate) - Nginx reverse proxy config (HTTPS/TLS, rate limiting, security headers) - Structured JSON logging module - Automated daily DB backup script (pg_dump + 30-day retention) Branch: feature/devops-cicd Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-25 17:32:02 +02:00
ML Engineer	ed07c8a3d1	Initial commit: existing turf_saas codebase Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-25 17:18:43 +02:00

33 Commits