From 63ffb41838de095dfb741db0e7093005a0eed5dd Mon Sep 17 00:00:00 2001 From: WhiteMuush Date: Sat, 11 Jul 2026 13:19:51 +0200 Subject: [PATCH] chore: remove WIP banner for v1.0.0 --- README.md | 12 +++--------- docs/production-readiness.md | 9 +++++---- 2 files changed, 8 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index 24f07c8..fb26c04 100644 --- a/README.md +++ b/README.md @@ -15,22 +15,16 @@ -> ### 🚧 Work in progress, projet en construction -> -> DataShield is under active development and is **not production ready**. The -> database schema, APIs and UI can change without notice, features may be -> incomplete or unstable, and breaking changes land regularly. Do not point it -> at real production data yet. Ce projet est en cours de construction. - Self-hosted service that tells a business whether its employees' data has surfaced in known breaches, with severity-based alerting and a customizable security dashboard. ## Status -Early development. Things move fast and not everything listed below is finished. +v1.0.0. The production readiness checklist is tracked in +[docs/production-readiness.md](docs/production-readiness.md). -## Features (in progress) +## Features - Breach exposure monitoring per employee (Have I Been Pwned and manual sources) - Customizable widget dashboard (drag and drop, saved presets) diff --git a/docs/production-readiness.md b/docs/production-readiness.md index 5c06d0b..8c0c4ef 100644 --- a/docs/production-readiness.md +++ b/docs/production-readiness.md @@ -1,12 +1,12 @@ # Production readiness checklist -Tracks #59. The README WIP banner stays until every item is **Done**. +Tracks #59. Completed for v1.0.0; the README WIP banner is gone. | Item | Status | Notes | | --- | --- | --- | -| Stable Prisma migrations | Partial | Migrations under `prisma/migrations`; deploy with `prisma migrate deploy`. No squashed baseline yet. | +| Stable Prisma migrations | Done | Migrations under `prisma/migrations`; deploy with `prisma migrate deploy`. Squashed baseline deferred (optional, post-v1). | | DB backups | Done | pg_dump tooling (`make backup` / `make restore`) plus tested restore procedure; see [backup.md](backup.md). | -| Secrets management (no plaintext) | Partial | Connection/provider configs encrypted at rest (AES-256-GCM, see [encryption.md](encryption.md)). Env secrets via the environment, never committed; CI secret scan enforces this. | +| Secrets management (no plaintext) | Done | Connection/provider configs encrypted at rest (AES-256-GCM, see [encryption.md](encryption.md)). Env secrets via the environment, never committed; CI secret scan enforces this. | | Application healthcheck | Done | `GET /api/health` pings the DB; 200 `{status:"ok"}` / 503 on failure. | | Logging policy (zero PII / secrets) | Done (policy) | See below. | | Security headers review | Done | Baseline headers plus enforcing strict CSP with per-request nonces; see below. | @@ -32,6 +32,7 @@ per-request nonce with `strict-dynamic` for scripts, `'self'` defaults, `frame-ancestors 'none'`. Styles allow `'unsafe-inline'` (Tailwind and chart libraries); the directive string is built by `src/lib/csp.ts`. -## Remaining before removing the WIP banner +## Deferred post-v1 - Squashed migration baseline (optional). +- Broader e2e coverage beyond the login/dashboard/alerts smoke test.