feat: Production readiness improvements for WHOOSH council formation

Major security, observability, and configuration improvements: ## Security Hardening - Implemented configurable CORS (no more wildcards) - Added comprehensive auth middleware for admin endpoints - Enhanced webhook HMAC validation - Added input validation and rate limiting - Security headers and CSP policies ## Configuration Management - Made N8N webhook URL configurable (WHOOSH_N8N_BASE_URL) - Replaced all hardcoded endpoints with environment variables - Added feature flags for LLM vs heuristic composition - Gitea fetch hardening with EAGER_FILTER and FULL_RESCAN options ## API Completeness - Implemented GetCouncilComposition function - Added GET /api/v1/councils/{id} endpoint - Council artifacts API (POST/GET /api/v1/councils/{id}/artifacts) - /admin/health/details endpoint with component status - Database lookup for repository URLs (no hardcoded fallbacks) ## Observability & Performance - Added OpenTelemetry distributed tracing with goal/pulse correlation - Performance optimization database indexes - Comprehensive health monitoring - Enhanced logging and error handling ## Infrastructure - Production-ready P2P discovery (replaces mock implementation) - Removed unused Redis configuration - Enhanced Docker Swarm integration - Added migration files for performance indexes ## Code Quality - Comprehensive input validation - Graceful error handling and failsafe fallbacks - Backwards compatibility maintained - Following security best practices 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-09-12 20:34:17 +10:00
parent 56ea52b743
commit 131868bdca
1740 changed files with 575904 additions and 171 deletions
--- a/vendor/github.com/google/uuid/util.go
+++ b/vendor/github.com/google/uuid/util.go
@@ -0,0 +1,43 @@
+// Copyright 2016 Google Inc.  All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package uuid
+
+import (
+	"io"
+)
+
+// randomBits completely fills slice b with random data.
+func randomBits(b []byte) {
+	if _, err := io.ReadFull(rander, b); err != nil {
+		panic(err.Error()) // rand should never fail
+	}
+}
+
+// xvalues returns the value of a byte as a hexadecimal digit or 255.
+var xvalues = [256]byte{
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+	0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 255, 255, 255, 255, 255, 255,
+	255, 10, 11, 12, 13, 14, 15, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+	255, 10, 11, 12, 13, 14, 15, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+}
+
+// xtob converts hex characters x1 and x2 into a byte.
+func xtob(x1, x2 byte) (byte, bool) {
+	b1 := xvalues[x1]
+	b2 := xvalues[x2]
+	return (b1 << 4) | b2, b1 != 255 && b2 != 255
+}