-
v1.4.0 Stable
mik-tf released this
2026-03-26 00:16:19 +00:00 | 17 commits to development since this releasev1.4.0 — Unified release (clean baseline for v2.0 work)
All repos aligned at v1.4.0
Includes all work from v0.5.0 through v1.3.x:
- Ed25519 keypair identity + signature auth
- Stripe + ClickPesa + Bank payments (live Stripe webhook configured)
- Signed wallet transactions with server-signed receipts
- 53/53 issue #19 items complete
- Product detail 404 fixed (Axum :id route syntax)
- SQLi + XSS input validation
- 132 automated tests across 7 layers, ALL PASS
- FOSS-sovereign DESIGN.md
- Service worker, visual + chaos Playwright tests
Clean state
- All repos on development, 0 dirty files
- .gitignore added for target/ and test-results/
- No stale branches
Signed-off-by: mik-tf
Downloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads
-
v1.3.0 Stable
2026-03-25 21:55:22 +00:00 | 18 commits to development since this releasev1.3.0 — Issue #19 COMPLETE (53/53 items)
Every single checklist item from the v1.0 roadmap is done.
Final items completed in v1.3.0
- East African currencies (TZS, KES, UGX) in Buy Credits modal
- Stripe API keys configured from env.sh
- Clickpesa API keys configured from env.sh
- Payment credentials deployed to dev VM
113 tests ALL PASS
Complete release history
v0.5.0→v1.3.0 (10 releases across 3 repos)
Signed-off-by: mik-tf
Downloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads
-
v1.2.0 Stable
2026-03-25 21:45:25 +00:00 | 19 commits to development since this releasev1.2.0 — 50/53 Issue #19 Items Complete
New in v1.2.0
- Server-signed receipts (HMAC-SHA256)
- Admin bank transfer approval endpoint
- Category dropdown in product search
- Auto top-up frontend wiring
- Optimistic wallet UI updates
- Service request forms wired to API
- Service worker for offline static caching
Status: 50/53 done
3 items blocked on external credentials:
- East African currencies (needs Clickpesa API config)
- Production Stripe keys (needs account)
- Production Clickpesa keys (needs account)
113 tests ALL PASS (25 unit + 50 smoke + 22 integration + 16 Playwright)
Signed-off-by: mik-tf
Downloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads
-
v1.1.0 Stable
2026-03-25 21:16:21 +00:00 | 20 commits to development since this releasev1.1.0 — Issue #19 Complete
New features
- Messaging compose — send new messages from compose form
- SSH key CRUD — list, add SSH keys in settings
- Receipt storage — transaction receipts stored in localStorage
- Refund endpoint — POST /api/wallet/refund credits wallet
- Instant purchase — debit wallet (was NOT_IMPLEMENTED)
- Quick top-up — credit wallet (was NOT_IMPLEMENTED)
- Auto top-up — configure + trigger (was NOT_IMPLEMENTED)
Test results: ALL 132 PASS
- 25 unit, 50 smoke, 22 integration, 16 Playwright
Signed-off-by: mik-tf
Downloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads
-
v1.0.2 Stable
2026-03-25 20:50:26 +00:00 | 21 commits to development since this releasev1.0.2 — Comprehensive Test Suite
Test pyramid (all green)
Layer Tests Status 1. Compile cargo check (2 repos) PASS 2. Unit 25 Rust tests 25/25 PASS 3. Smoke 69 curl tests 69/69 PASS 4. API Integration 22 lifecycle tests 22/22 PASS 5. Playwright E2E 16 browser tests 16/16 PASS Total 132 automated tests ALL PASS New test suites
tests/api_integration.sh— 22 tests: register, challenge, verify, wallet, payments, transact errors, products, SSR compattests/playwright/— 16 Playwright tests: full user journey, adversarial (invalid sig, expired, duplicate, unauth), regression (8 known bugs)- Backend unit tests fixed: mcp.rs helpers + branding.toml
Signed-off-by: mik-tf
Downloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads
-
v1.0.1 Stable
2026-03-25 04:51:09 +00:00 | 21 commits to development since this releasev1.0.1 — E2E Bug Fixes
Fixes (8 bugs resolved)
- Buy Now did add-to-cart instead of signed purchase → fixed with ed25519 spend intent
- Buy Now errors swallowed silently → now shows alert dialog
- New user balance was 0 MC (hardcoded override) → now 100 MC starter credits
- InsufficientFunds returned HTTP 200 → now returns 402 with clear message
- JWT fallback not sent in API requests → Bearer token now included alongside signatures
- Middleware didn't fall back to JWT when signature failed → added fallback
- Auth endpoints didn't return JWT → register + verify now return JWT token
- Unauthenticated Buy Now silently redirected → now shows "Please sign in" alert (matches SSR)
Browser E2E verified
- Register → 100 MC balance → Marketplace → Buy Now → Order Confirmed → 70.01 MC balance
- Session persistence, Sign Out, auth alert for unauthenticated users
- 26/26 + 24/24 smoke tests PASS
Signed-off-by: mik-tf
Downloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads
-
v1.0.0 Stable
2026-03-25 01:48:52 +00:00 | 27 commits to development since this releasev1.0.0 — Production-Ready FOSS-Sovereign Marketplace SPA
Complete Feature Set
Identity & Auth
- Ed25519 keypair vault (AES-256-GCM + PBKDF2 100k iterations)
- Signature-based auth (every API request signed)
- Session persistence (sessionStorage, 30 min idle timeout)
- Stateless HMAC challenges (horizontally scalable)
- Full body SHA-256 verification in middleware
- User-friendly UX (Sign In, Passphrase, Create Account)
Payments
- PaymentProvider trait + 4 implementations (Demo, Stripe, Clickpesa, Bank Transfer)
- Webhook endpoints with HMAC signature verification
- Payment initiation API with redirect URLs
- Buy Credits modal with gateway selection
Wallet
- Signed spend intents (ed25519 signature required for purchases)
- Credit/debit with balance tracking and receipts
- Buy Now flow on product detail page
- Balance + notification polling every 30s
Polish
- 45+ routes with 4 layout types
- 48 dioxus-bootstrap-css signal-driven components
- Form validation (register, checkout)
- SSR visual parity (same Bootstrap 5.3.3 CSS)
- DESIGN.md — complete FOSS-sovereign architecture document (17 sections)
Test Results
- 26/26 API smoke tests (SSR domain) PASS
- 24/24 API smoke tests (SPA domain) PASS
- 19/19 SPA frontend smoke tests PASS
- Browser E2E: register → dashboard → refresh → sign out → sign in (all PASS)
Container Images
forge.ourworld.tf/mycelium_code/projectmycelium_marketplace:v1.0.0 forge.ourworld.tf/mycelium_code/projectmycelium_marketplace:latest forge.ourworld.tf/mycelium_code/projectmycelium_marketplace_frontend:v1.0.0 forge.ourworld.tf/mycelium_code/projectmycelium_marketplace_frontend:latestLive
Signed-off-by: mik-tf
Downloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads
-
v0.8.0 Stable
2026-03-25 01:39:53 +00:00 | 27 commits to development since this releasev0.8.0 — Data Parity & Polish
What is new
- Balance polling — wallet balance + unread messages refreshed every 30s when authenticated
- Buy Now flow — product detail page Buy Now signs spend intent, deducts wallet, redirects to confirmation
- Form validation — register page validates name (required), email (format), passphrase (match + min 6 chars)
- Unified polling — single async loop for balance + notification sync (stops when signed out)
Test results
- 26/26 API smoke tests (SSR) PASS
- 24/24 API smoke tests (SPA) PASS
- Deployed to dev
Signed-off-by: mik-tf
Downloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads
-
v0.7.0 Stable
2026-03-25 01:14:07 +00:00 | 28 commits to development since this releasev0.7.0 — Signed Wallet Transactions
What is new
- Signed spend intents — client signs
{action}\n{amount}\n{product_id}\n{timestamp}with ed25519 key - POST /api/wallet/transact — verify signature, check balance, deduct credits, return receipt
- Checkout integration — Place Order → sign spend intent → deduct wallet → create order → show confirmation
- Balance update — wallet balance display updates after purchase
- Insufficient funds handling — returns shortfall amount if balance too low
Flow
User clicks Place Order → Vault signs spend intent (ed25519) → POST /api/wallet/transact { action, amount, product_id, public_key, timestamp, signature } → Backend verifies signature against registered pubkey → Backend checks balance >= amount → Backend deducts credits via WalletManager.debit() → Returns { receipt_id, new_balance } → Frontend creates order via POST /api/orders → User sees confirmation + updated balanceTest results
- 26/26 API smoke tests PASS
- Both repos compile clean
- Deployed to dev
- Wallet balance tracking works (demo starts at 1250 MC)
Signed-off-by: mik-tf
Downloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads
- Signed spend intents — client signs
-
v0.6.0 Stable
2026-03-25 00:55:16 +00:00 | 29 commits to development since this releasev0.6.0 — Payment Integration (Stripe, Clickpesa, Bank Transfer)
What is new
- PaymentProvider trait — abstract interface with 4 implementations (Demo, Stripe, Clickpesa, Bank)
- Stripe provider — Checkout Sessions API, HMAC-SHA256 webhook signature verification
- ClickPesa provider — JWT auth, checkout link generation, webhook HMAC verification
- Bank Transfer provider — displays bank details, min $1000, manual admin confirmation
- Demo provider — instant confirmation with fake URLs (DEMO_PAYMENT=true, default)
- Webhook endpoints — POST /api/webhooks/stripe, POST /api/webhooks/clickpesa
- Payment API — POST /api/payments/initiate (returns checkout URL), GET /api/payments/status
- Buy Credits UI — wallet page modal with amount + gateway selection → redirects to payment URL
- Provider registry — auto-selects provider from PAYMENT_PROVIDER env var
Environment variables
PAYMENT_PROVIDER=demo|stripe|clickpesa|bank DEMO_PAYMENT=true|false STRIPE_SECRET_KEY=sk_test_... STRIPE_WEBHOOK_SECRET=whsec_... CLICKPESA_CLIENT_ID=... CLICKPESA_API_SECRET=... CLICKPESA_WEBHOOK_SECRET=...Test results
- 26/26 API smoke tests PASS
- Payment initiation returns checkout URL (demo mode)
- Webhook endpoint accepts and processes events
- Buy Credits modal wired to payment API
Signed-off-by: mik-tf
Downloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads