Merge branch 'development' into staging

Author: servilla

.gitattributes

@@ -0,0 +1,2 @@
+# SCM syntax highlighting & preventing 3-way merges
+pixi.lock merge=binary linguist-language=YAML linguist-generated=true -diff

.gitignore

@@ -132,3 +132,6 @@ dmypy.json
 .idea
 webapp/config.py
 keys/
+# pixi environments
+.pixi/*
+!.pixi/config.toml

GEMINI.md

@@ -0,0 +1,35 @@
+# Project Context: PinchMe
+**Gatekeeper** is an EDI (Environmental Data Initiative) data repository reverse proxy.
+
+## 1. Core Environment & Constraints
+- **Package Manager:** Pixi (Conda-based). Never use `pip` or `conda` directly.
+- **Python Version:** 3.14.x (Strictly enforced).
+- **Shell:** Fish Shell. All terminal commands must use Fish syntax (e.g., `set -x` instead of `export`).
+- **Linter/Formatter:** Ruff (configured for Python 3.14 compatibility).
+
+## 2. Mandatory Workflow (Pixi Tasks)
+Before considering a task "done," you must execute the following via `pixi run`:
+- `pixi run format`: To apply Ruff formatting.
+- `pixi run check`: To perform linting and automatic fixes.
+- `pixi run test`: To verify logic in the `tests/` directory.
+
+## 3. Python Development Standards
+- **Version:** Target **Python 3.14+** (specifically `3.14` as per pixi config).
+- **Typing:** Strict type hints are mandatory for all function signatures. Use modern pipe syntax for unions (e.g., `str | None`).
+- **Naming:** `snake_case` for variables/functions, `PascalCase` for classes.
+
+## 4. Testing & Validation
+- **Test Runner:** Use `pytest` via `pixi run test`.
+- **Workflow:** 1. For bug fixes, create a reproduction test in `tests/` first.
+  2. Run `pixi run check` and `pixi run test` before declaring a task "done."
+- **CLI Testing:** The main entry point is `pinchme`. Test changes using `pixi run run`.
+- 
+## 5. Git Workflow
+- **Git** Never perform a git pull, add, or commit - leave this to the developer.
+- **GitHub** Never push to GitHub directly - leave this to the developer.
+- Commit messages should use the following structure:
+    - "Summary:" - A brief description of the commit.
+    - "Context:" - The purpose or background of the commit.
+    - "Changes:" - The specific changes made to the codebase.
+- Display of Gemini generated commit message should not include line numbers.
+- Commit messages should include the following at the very bottom of the messate: "Co-authored-by: Gemini CLI <gemini-cli@google.com>"

VERSION.txt

@@ -0,0 +1 @@
+1.0.0

changelog.md

@@ -0,0 +1,198 @@
+# Gatekeeper change log
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## (1.0.0) 2026-04-27
+### Added/Changed/Fixed
+- Remove use of legacy PASTA auth-token from all code, rely only the edi-token.
+
+## (0.37.0) 2026-04-14
+### Added/Changed/Fixed
+- Remove auth-token from token refresh.
+
+## (0.36.0) 2026-04-09
+### Added/Changed/Fixed
+- Convert project to use pixi.
+- Remove auth_token as a required object in authentication flow.
+- Optimization of authentication code.
+- Edi-token refresh only when token is older than 1 hour.
+
+## (0.35.0) 2026-03-15
+### Added/Changed/Fixed
+- Fix payload key name.
+- Replace local api key with Config.TEST_API_KEY.
+
+## (0.34.0) 2025-11-27
+### Added/Changed/Fixed
+- Add CORS header when none exist from PASTA #15.
+- Remove NGINX CORS header and replace with only from Gatekeeper where testing for their presence is possible.
+
+## (0.33.0) 2025-11-12
+### Added/Changed/Fixed
+- Catch IAMResponseError when invalid key is provided.
+- Add support for API Key to token.
+
+## (0.32.0) 2025-09-23
+### Added/Changed/Fixed
+- Fix set-cookie header construction when multiple cookies exist #14.
+
+## (0.31.0) 2025-09-22
+### Added/Changed/Fixed
+- Change edi_token reference from "token" to "edi-token".
+
+## (0.30.0) 2025-09-21
+### Added/Changed/Fixed
+- Add X-New-Auth-Token header for javascript support of tokens.
+
+## (0.29.0) 2025-09-20
+### Added/Changed/Fixed
+- Add OPTIONS to allowed type of inbound request actions.
+
+## (0.28.0) 2025-09-08
+### Added/Changed/Fixed
+- Add iam-lib for interacting with EDI IAM service.
+
+## (0.27.0) 2025-09-01
+### Added/Changed/Fixed
+- Change request body to streaming request body to support large data uploads.
+- Use raw path in lieu of constructed path.
+
+## (0.26.0) 2025-08-30
+### Added/Changed/Fixed
+- Remove path cleaning of double slashes (critical for path parameters that include full URLs).
+
+## (0.25.0) 2025-08-24
+### Added/Changed/Fixed
+- Force creation of EDI IAM public access user if EDI Token does not exist.
+
+## (0.24.0) 2025-08-17
+### Added/Changed/Fixed
+- Catch httpx.HTTPError when attempting to create public edi-token.
+
+## (0.23.0) 2025-08-07
+### Added/Changed/Fixed
+- Remove Java artifact (semicolon).
+
+## (0.22.0) 2025-07-31
+### Added/Changed/Fixed
+- Add Public EDI TOKEN for all public requests (#13).
+- Add EDI key for creating a token.
+- Add pytest-asyncio to package suite.
+
+## (0.21.0) 2025-07-11
+### Added/Changed/Fixed
+- Add comment "Make internal token" from external auth-token.
+
+## (0.20.0) 2025-07-03
+### Added/Changed/Fixed
+- Fix regression on audit filter.
+
+## (0.19.0) 2025-06-30
+### Added/Changed/Fixed
+- Use EDI-Token.
+
+## (0.18.0) 2025-06-27
+### Added/Changed/Fixed
+- Set response content argument explicit.
+
+## (0.17.0) 2025-06-26
+### Added/Changed/Fixed
+- Consolidate FastAPI APIrouter decorators for both package and audit filters (#12).
+- Authentication by auth-token should remove external token from inner PASTA call (#10).
+- Fix regression on authentication by auth-token.
+- make_request_headers should only return new request headers (#11).
+- Make function arguments explicitly kwargs.
+
+## (0.16.0) 2025-06-19
+### Added/Changed/Fixed
+- Refactor test for local CA bundle.
+- Fix property name from CAFILE to CA_FILE.
+
+## (0.15.0) 2025-06-18
+### Added/Changed/Fixed
+- Reformat code for easier reading.
+- Add support for local CA file (#9).
+
+## (0.14.0) 2025-02-03
+### Added/Changed/Fixed
+- Fix 500 response when downloading zip archive of data package with many entities (#8).
+
+## (0.13.0) 2025-02-02
+### Added/Changed/Fixed
+- Add GoogleOther to robot filter list.
+
+## (0.12.0) 2024-09-05
+### Added/Changed/Fixed
+- Improve exception handling (#7).
+
+## (0.11.0) 2024-08-24
+### Added/Changed/Fixed
+- Replace absolute log path with placeholder.
+- Fix broken daiquiri log path.
+- Update gatekeeper.service file to include default user/group/workingdir/env.
+- Update logging path and level.
+
+## (0.10.0) 2023-05-19
+### Added/Changed/Fixed
+- Add None test for user-agent.
+- Test for and support non-existent User-Agent request header (#5).
+
+## (0.9.0) 2023-05-07
+### Added/Changed/Fixed
+- Support for HTTP HEAD verb in both package and audit (#4).
+
+## (0.8.0) 2023-04-18
+### Added/Changed/Fixed
+- Change query parameter from dict to str (#3).
+
+## (0.7.0) 2023-04-12
+### Added/Changed/Fixed
+- Add proxy timeout setting and exception handling for request.
+
+## (0.6.0) 2023-04-10
+### Added/Changed/Fixed
+- Add Anthill to robot pattern.
+- Reformat service section to single command per line.
+- Remove static domain names and localhost IP.
+- Add logrotate configuration.
+- Remove hostname:port for package and audit targets.
+
+## (0.5.0) 2023-04-06
+### Added/Changed/Fixed
+- Fix incorrect path to home directory.
+- Add service endpoint definitions.
+- Add STATIC constant.
+- Move resource into webapp directory.
+- Add query params for all verbs.
+
+## (0.4.0) 2023-04-05
+### Added/Changed/Fixed
+- Move web specific files to webapp directory.
+
+## (0.3.0) 2023-04-04
+### Added/Changed/Fixed
+- Edit README.
+- Fix missing config.py path.
+- Add deployment specification files.
+- Add qualifier to log messages.
+- Add logging level configuration.
+
+## (0.2.0) 2023-04-03
+### Added/Changed/Fixed
+- Rename from test_bot_matcher to test_robots.
+- Add make request/response headers.
+- Add configuration template.
+- Add file reader for robot patterns in init.
+- Fix cookie/set-cookie issue; add robot filter and test for robot filter.
+- Add robot pattern regex text file.
+- Correct request cookie header name.
+
+## (0.1.0) 2023-03-29
+### Added/Changed/Fixed
+- Add favicon.
+
+## (0.0.0) 2023-03-27
+### Added/Changed/Fixed
+- Initial commit.