scriptgini 1.3.0__tar.gz → 1.3.1__tar.gz

{scriptgini-1.3.0 → scriptgini-1.3.1}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: scriptgini
-Version: 1.3.0
+Version: 1.3.1
 Summary: Agentic AI system that converts functional test cases into automation test scripts.
 Author: ScriptGini Team
 License: Proprietary
@@ -16,7 +16,7 @@ Description-Content-Type: text/markdown
 
 > **Enterprise-grade Agentic AI system that converts functional test cases into high-quality, review-ready automation test scripts.**
 
-Current release: v1.3.0 (Sprint 3)
+Current release: v1.3.1 (Sprint 4 hardening increment)
 
 ---
 
@@ -441,8 +441,8 @@ The project follows an **enterprise-grade development roadmap** with 6 sprints c
 |--------|-------|--------|--------|
 | **Sprint 1** | IAM Core | 30-36pts | 🟡 Core delivered (auth hardening pending) |
 | **Sprint 2** | RBAC + Multi-Tenancy | 32-38pts | 🟡 Core delivered (RBAC hardening pending) |
-| **Sprint 3** | Durable Execution | 34-40pts | 🔲 Pending (Redis + Celery/Arq setup) |
-| **Sprint 4** | Security & Hardening | 30-36pts | 🔲 Pending (Container sandbox, audit logging) |
+| **Sprint 3** | Durable Execution | 34-40pts | ✅ Completed (Redis + Celery queue foundation) |
+| **Sprint 4** | Security & Hardening | 30-36pts | 🟡 In progress (isolation boundary + breakout tests pending) |
 | **Sprint 5** | Reporting & Analytics | 28-34pts | 🔲 Pending (Artifact storage, dashboards) |
 | **Sprint 6** | Advanced Features | 24-30pts | 🔲 Pending (Webhooks, defect sync, versioning) |
 

{scriptgini-1.3.0 → scriptgini-1.3.1}/README.md

@@ -2,7 +2,7 @@
 
 > **Enterprise-grade Agentic AI system that converts functional test cases into high-quality, review-ready automation test scripts.**
 
-Current release: v1.3.0 (Sprint 3)
+Current release: v1.3.1 (Sprint 4 hardening increment)
 
 ---
 
@@ -427,8 +427,8 @@ The project follows an **enterprise-grade development roadmap** with 6 sprints c
 |--------|-------|--------|--------|
 | **Sprint 1** | IAM Core | 30-36pts | 🟡 Core delivered (auth hardening pending) |
 | **Sprint 2** | RBAC + Multi-Tenancy | 32-38pts | 🟡 Core delivered (RBAC hardening pending) |
-| **Sprint 3** | Durable Execution | 34-40pts | 🔲 Pending (Redis + Celery/Arq setup) |
-| **Sprint 4** | Security & Hardening | 30-36pts | 🔲 Pending (Container sandbox, audit logging) |
+| **Sprint 3** | Durable Execution | 34-40pts | ✅ Completed (Redis + Celery queue foundation) |
+| **Sprint 4** | Security & Hardening | 30-36pts | 🟡 In progress (isolation boundary + breakout tests pending) |
 | **Sprint 5** | Reporting & Analytics | 28-34pts | 🔲 Pending (Artifact storage, dashboards) |
 | **Sprint 6** | Advanced Features | 24-30pts | 🔲 Pending (Webhooks, defect sync, versioning) |
 

scriptgini-1.3.1/app/__init__.py

@@ -0,0 +1,3 @@
+__version__ = "1.3.1"
+__api_version__ = "v1.3.1"
+

{scriptgini-1.3.0 → scriptgini-1.3.1}/app/celery_app.py

@@ -16,8 +16,8 @@ celery_app.conf.update(
     timezone="UTC",
     enable_utc=True,
     task_track_started=True,
-    task_time_limit=30 * 60,  # 30 minute hard time limit
-    task_soft_time_limit=25 * 60,  # 25 minute soft time limit
+    task_time_limit=settings.CELERY_TASK_HARD_TIMEOUT,
+    task_soft_time_limit=settings.CELERY_TASK_TIMEOUT,
     worker_prefetch_multiplier=4,
     worker_max_tasks_per_child=1000,
 )

{scriptgini-1.3.0 → scriptgini-1.3.1}/app/config.py

@@ -8,6 +8,11 @@ class Settings(BaseSettings):
     # App
     APP_NAME: str = "ScriptGini"
     DEBUG: bool = False
+    CORS_ALLOWED_ORIGINS: str = "http://localhost:3000,http://127.0.0.1:3000"
+    RATE_LIMIT_REQUESTS: int = 120
+    RATE_LIMIT_WINDOW_SECONDS: int = 60
+    RATE_LIMIT_EXEMPT_PATHS: str = "/health,/docs,/redoc,/openapi.json,/static"
+    SECURITY_AUDIT_LOG_ENABLED: bool = True
 
     # Database (PostgreSQL)
     # Format: postgresql://user:password@host:port/dbname
@@ -22,6 +27,7 @@ class Settings(BaseSettings):
     CELERY_BROKER_URL: str = "redis://localhost:6379/1"  # Different DB for task queue
     CELERY_RESULT_BACKEND: str = "redis://localhost:6379/2"  # Different DB for results
     CELERY_TASK_TIMEOUT: int = 600  # 10 minutes default task timeout
+    CELERY_TASK_HARD_TIMEOUT: int = 660
     CELERY_MAX_RETRIES: int = 3
     JWT_SECRET_KEY: str = "your-secret-key-change-in-production"
     JWT_ALGORITHM: str = "HS256"
@@ -34,6 +40,8 @@ class Settings(BaseSettings):
     SCRIPT_GENERATION_TIMEOUT_SECONDS: int = 180
     PLAYWRIGHT_RUN_HEADED: bool = True
     SCRIPT_EXECUTION_TIMEOUT_SECONDS: int = 300
+    EXECUTION_ENV_ALLOWED_KEYS: str = "PATH,SYSTEMROOT,TEMP,TMP,HOME,USERPROFILE,PYTHONPATH,PYTHONHOME,PYTHONIOENCODING"
+    EXECUTION_ENV_ALLOWED_PREFIXES: str = "PLAYWRIGHT_"
     SKIP_REVIEW_FOR_OLLAMA: bool = True
     USE_LLM_INTENT_ANALYSIS: bool = True
 
@@ -71,5 +79,25 @@ class Settings(BaseSettings):
     AWS_REGION_NAME: str = "us-east-1"
     BEDROCK_MODEL_ID: str = "anthropic.claude-3-5-sonnet-20241022-v2:0"
 
+    @staticmethod
+    def _split_csv(value: str) -> list[str]:
+        return [entry.strip() for entry in value.split(",") if entry.strip()]
+
+    @property
+    def cors_allowed_origins_list(self) -> list[str]:
+        return self._split_csv(self.CORS_ALLOWED_ORIGINS)
+
+    @property
+    def rate_limit_exempt_paths_list(self) -> list[str]:
+        return self._split_csv(self.RATE_LIMIT_EXEMPT_PATHS)
+
+    @property
+    def execution_env_allowed_keys_set(self) -> set[str]:
+        return set(self._split_csv(self.EXECUTION_ENV_ALLOWED_KEYS))
+
+    @property
+    def execution_env_allowed_prefixes_tuple(self) -> tuple[str, ...]:
+        return tuple(self._split_csv(self.EXECUTION_ENV_ALLOWED_PREFIXES))
+
 
 settings = Settings()

scriptgini-1.3.1/app/main.py

@@ -0,0 +1,178 @@
+import logging
+import threading
+import time
+from contextlib import asynccontextmanager
+from pathlib import Path
+from uuid import uuid4
+
+from fastapi import FastAPI, Request
+from fastapi.responses import JSONResponse
+from fastapi.responses import FileResponse
+from fastapi.middleware.cors import CORSMiddleware
+from fastapi.staticfiles import StaticFiles
+
+from app import __version__
+from app.config import settings
+from app.llm.provider import get_llm_diagnostics
+from app.routers import projects, test_cases, scripts, bulk_jobs, analytics, demo, auth, api_key, organizations, execution
+
+logging.basicConfig(level=logging.DEBUG if settings.DEBUG else logging.INFO)
+logger = logging.getLogger(__name__)
+
+static_dir = Path(__file__).resolve().parent / "static"
+_RATE_LIMIT_BUCKETS: dict[str, tuple[int, float]] = {}
+_RATE_LIMIT_LOCK = threading.Lock()
+
+
+def _client_ip(request: Request) -> str:
+    forwarded_for = request.headers.get("x-forwarded-for", "")
+    if forwarded_for:
+        return forwarded_for.split(",")[0].strip()
+    return request.client.host if request.client else "unknown"
+
+
+def _is_exempt_path(path: str) -> bool:
+    for exempt in settings.rate_limit_exempt_paths_list:
+        if path == exempt or path.startswith(exempt):
+            return True
+    return False
+
+
+def _check_rate_limit(key: str, now: float) -> tuple[bool, int, int]:
+    window_seconds = max(1, settings.RATE_LIMIT_WINDOW_SECONDS)
+    max_requests = max(1, settings.RATE_LIMIT_REQUESTS)
+    window_start = now - window_seconds
+    with _RATE_LIMIT_LOCK:
+        current_count, reset_at = _RATE_LIMIT_BUCKETS.get(key, (0, now + window_seconds))
+        if reset_at <= now:
+            current_count = 0
+            reset_at = now + window_seconds
+        current_count += 1
+        _RATE_LIMIT_BUCKETS[key] = (current_count, reset_at)
+
+    remaining = max(0, max_requests - current_count)
+    retry_after = max(0, int(reset_at - now))
+    return current_count <= max_requests, remaining, retry_after
+
+
+def _security_audit(event: str, request: Request, status_code: int, request_id: str) -> None:
+    if not settings.SECURITY_AUDIT_LOG_ENABLED:
+        return
+    logger.info(
+        "security_audit event=%s request_id=%s method=%s path=%s status=%s ip=%s user_agent=%s",
+        event,
+        request_id,
+        request.method,
+        request.url.path,
+        status_code,
+        _client_ip(request),
+        request.headers.get("user-agent", "unknown"),
+    )
+
+
+@asynccontextmanager
+async def lifespan(_: FastAPI):
+    diagnostics = get_llm_diagnostics()
+    logger.info(
+        "Runtime LLM default: provider=%s model=%s api_key_env=%s api_key_present=%s api_key=%s",
+        diagnostics["provider"],
+        diagnostics["model"],
+        diagnostics["api_key_env"],
+        diagnostics["api_key_present"],
+        diagnostics["api_key_masked"],
+    )
+    yield
+
+app = FastAPI(
+    title=settings.APP_NAME,
+    description=(
+        "Enterprise-grade Agentic AI system that converts functional test cases "
+        "into high-quality automation scripts."
+    ),
+    version=__version__,
+    lifespan=lifespan,
+)
+
+app.add_middleware(
+    CORSMiddleware,
+    allow_origins=settings.cors_allowed_origins_list,
+    allow_credentials=True,
+    allow_methods=["*"],
+    allow_headers=["*"],
+)
+
+
+@app.middleware("http")
+async def apply_security_controls(request: Request, call_next):
+    request_id = request.headers.get("X-Request-ID") or str(uuid4())
+    request.state.request_id = request_id
+    path = request.url.path
+    now = time.time()
+
+    if not _is_exempt_path(path):
+        key = f"{_client_ip(request)}:{path}"
+        allowed, remaining, retry_after = _check_rate_limit(key, now)
+        if not allowed:
+            _security_audit("rate_limit_block", request, 429, request_id)
+            return JSONResponse(
+                status_code=429,
+                content={"detail": "Rate limit exceeded", "request_id": request_id},
+                headers={
+                    "X-Request-ID": request_id,
+                    "X-RateLimit-Limit": str(max(1, settings.RATE_LIMIT_REQUESTS)),
+                    "X-RateLimit-Remaining": "0",
+                    "Retry-After": str(retry_after),
+                },
+            )
+
+    response = await call_next(request)
+    response.headers["X-Request-ID"] = request_id
+
+    if not _is_exempt_path(path):
+        response.headers["X-RateLimit-Limit"] = str(max(1, settings.RATE_LIMIT_REQUESTS))
+        response.headers["X-RateLimit-Remaining"] = str(response.headers.get("X-RateLimit-Remaining", ""))
+        if not response.headers["X-RateLimit-Remaining"]:
+            key = f"{_client_ip(request)}:{path}"
+            with _RATE_LIMIT_LOCK:
+                count, _ = _RATE_LIMIT_BUCKETS.get(key, (0, now))
+            response.headers["X-RateLimit-Remaining"] = str(max(0, max(1, settings.RATE_LIMIT_REQUESTS) - count))
+
+    if path.startswith("/api/v1/auth") or path.startswith("/api/v1/execution"):
+        if response.status_code >= 400 or request.method in {"POST", "PUT", "PATCH", "DELETE"}:
+            _security_audit("security_sensitive_request", request, response.status_code, request_id)
+
+    return response
+
+app.include_router(projects.router, prefix="/api/v1")
+app.include_router(test_cases.router, prefix="/api/v1")
+app.include_router(scripts.router, prefix="/api/v1")
+app.include_router(bulk_jobs.router, prefix="/api/v1")
+app.include_router(analytics.router, prefix="/api/v1")
+app.include_router(demo.router, prefix="/api/v1")
+app.include_router(auth.router, prefix="/api/v1")
+app.include_router(api_key.router, prefix="/api/v1")
+app.include_router(organizations.router, prefix="/api/v1")
+app.include_router(execution.router, prefix="/api/v1")
+app.mount("/static", StaticFiles(directory=static_dir), name="static")
+
+
+@app.get("/api/v1/runtime/llm", tags=["Runtime"])
+def runtime_llm():
+    default_diagnostics = get_llm_diagnostics()
+    return {
+        "default_provider": default_diagnostics["provider"],
+        "default_model": default_diagnostics["model"],
+        "provider_diagnostics": {
+            provider: get_llm_diagnostics(provider) for provider in ["openai", "openrouter", "gemini", "ollama", "bedrock"]
+        },
+    }
+
+
+@app.get("/", include_in_schema=False)
+def index():
+    return FileResponse(static_dir / "index.html")
+
+
+@app.get("/health", tags=["Health"])
+def health():
+    return {"status": "ok", "app": settings.APP_NAME}

{scriptgini-1.3.0 → scriptgini-1.3.1}/app/routers/bulk_jobs.py

@@ -2,7 +2,7 @@ import logging
 import subprocess
 import sys
 
-from fastapi import APIRouter, BackgroundTasks, Depends, HTTPException, status
+from fastapi import APIRouter, Depends, HTTPException, status
 from sqlalchemy.orm import Session
 
 from app.database import get_db
@@ -13,6 +13,7 @@ from app.models.project import Project
 from app.models.script_run import ScriptRunStatus
 from app.models.test_case import TestCase
 from app.schemas.bulk_job import BulkGenerateRequest, BulkJobResponse, BulkRunRequest
+from app.tasks import process_bulk_execution_job, process_bulk_generation_job
 from app.routers.scripts import (
     _create_script_run,
     _get_project_or_404,
@@ -218,7 +219,6 @@ def _run_bulk_execution(job_id: int, request: BulkRunRequest):
 def bulk_generate_scripts(
     project_id: int,
     payload: BulkGenerateRequest,
-    background_tasks: BackgroundTasks,
     db: Session = Depends(get_db),
 ):
     _get_project_or_404(project_id, db)
@@ -238,7 +238,14 @@ def bulk_generate_scripts(
     _refresh_job_counts(job, db)
     db.commit()
 
-    background_tasks.add_task(_run_bulk_generation, job.id, payload)
+    try:
+        process_bulk_generation_job.delay(job.id, payload.model_dump())
+    except Exception as exc:
+        logger.exception("Failed to enqueue bulk generation job_id=%s", job.id)
+        job.status = BulkJobStatus.failed
+        db.commit()
+        raise HTTPException(status_code=503, detail="Failed to enqueue bulk generation") from exc
+
     return _serialize_bulk_job(job, db)
 
 
@@ -246,7 +253,6 @@ def bulk_generate_scripts(
 def bulk_run_scripts(
     project_id: int,
     payload: BulkRunRequest,
-    background_tasks: BackgroundTasks,
     db: Session = Depends(get_db),
 ):
     _get_project_or_404(project_id, db)
@@ -266,7 +272,14 @@ def bulk_run_scripts(
     _refresh_job_counts(job, db)
     db.commit()
 
-    background_tasks.add_task(_run_bulk_execution, job.id, payload)
+    try:
+        process_bulk_execution_job.delay(job.id, payload.model_dump())
+    except Exception as exc:
+        logger.exception("Failed to enqueue bulk run job_id=%s", job.id)
+        job.status = BulkJobStatus.failed
+        db.commit()
+        raise HTTPException(status_code=503, detail="Failed to enqueue bulk run") from exc
+
     return _serialize_bulk_job(job, db)
 
 

{scriptgini-1.3.0 → scriptgini-1.3.1}/app/routers/scripts.py

@@ -11,7 +11,7 @@ import time
 from pathlib import Path
 from urllib.parse import urlparse
 
-from fastapi import APIRouter, Depends, HTTPException, status, BackgroundTasks
+from fastapi import APIRouter, Depends, HTTPException, status
 from sqlalchemy.orm import Session
 
 from app.database import get_db
@@ -24,6 +24,7 @@ from app.schemas.generated_script import GenerateScriptRequest, GeneratedScriptR
 from app.agents.script_gini_agent import run_agent
 from app.llm.provider import LLMProvider, get_llm_diagnostics
 from app.services.git_export import export_generated_script
+from app.tasks import process_script_generation_job
 
 logger = logging.getLogger(__name__)
 
@@ -207,13 +208,14 @@ def _uses_pytest_playwright(script_content: str) -> bool:
 
 
 def _build_restricted_env() -> dict:
-    allowed_exact = {"PATH", "SYSTEMROOT", "TEMP", "TMP", "HOME", "USERPROFILE"}
-    allowed_prefixes = ("PLAYWRIGHT_", "PYTHON")
+    allowed_exact = settings.execution_env_allowed_keys_set
+    allowed_prefixes = settings.execution_env_allowed_prefixes_tuple
     env = {}
     for key, value in os.environ.items():
         if key in allowed_exact or key.startswith(allowed_prefixes):
             env[key] = value
     env["PLAYWRIGHT_HEADLESS"] = "0" if settings.PLAYWRIGHT_RUN_HEADED else "1"
+    env["PYTHONNOUSERSITE"] = "1"
     return env
 
 
@@ -393,7 +395,6 @@ def generate_script(
     project_id: int,
     tc_id: int,
     payload: GenerateScriptRequest,
-    background_tasks: BackgroundTasks,
     db: Session = Depends(get_db),
 ):
     """Kick off async script generation. Poll GET /scripts/{id} for the result."""
@@ -413,13 +414,20 @@ def generate_script(
     db.commit()
     db.refresh(script_record)
 
-    background_tasks.add_task(
-        _run_generation,
-        script_record.id,
-        project_id,
-        tc_id,
-        payload.model_dump(),
-    )
+    try:
+        process_script_generation_job.delay(
+            script_record.id,
+            project_id,
+            tc_id,
+            payload.model_dump(),
+        )
+    except Exception as exc:
+        logger.exception("Failed to enqueue generation task for script_id=%s", script_record.id)
+        script_record.status = ScriptStatus.failed
+        script_record.error_message = f"Queue enqueue failed: {exc}"
+        db.commit()
+        raise HTTPException(status_code=503, detail="Failed to enqueue script generation") from exc
+
     return script_record
 
 

{scriptgini-1.3.0 → scriptgini-1.3.1}/app/tasks.py

@@ -16,6 +16,67 @@ from app.models.execution_job import ExecutionJob, ExecutionJobStatus, can_trans
 logger = logging.getLogger(__name__)
 
 
+def _retry_countdown(retries: int) -> int:
+    return min(300, 5 ** (retries + 1))
+
+
+def _log_dead_letter(task_name: str, entity_id: int, exc: Exception) -> None:
+    logger.error("dead_letter task=%s entity_id=%s error=%s", task_name, entity_id, exc)
+
+
+@shared_task(bind=True, max_retries=settings.CELERY_MAX_RETRIES)
+def process_script_generation_job(
+    self,
+    script_id: int,
+    project_id: int,
+    test_case_id: int,
+    request_data: dict,
+):
+    """Queue-backed script generation worker task."""
+    try:
+        from app.routers.scripts import _run_generation
+
+        _run_generation(script_id, project_id, test_case_id, request_data)
+        return {"status": "completed", "script_id": script_id}
+    except Exception as exc:
+        if self.request.retries >= self.max_retries:
+            _log_dead_letter("process_script_generation_job", script_id, exc)
+            raise
+        raise self.retry(exc=exc, countdown=_retry_countdown(self.request.retries))
+
+
+@shared_task(bind=True, max_retries=settings.CELERY_MAX_RETRIES)
+def process_bulk_generation_job(self, bulk_job_id: int, request_data: dict):
+    """Queue-backed bulk generation worker task."""
+    try:
+        from app.routers.bulk_jobs import _run_bulk_generation
+        from app.schemas.bulk_job import BulkGenerateRequest
+
+        _run_bulk_generation(bulk_job_id, BulkGenerateRequest.model_validate(request_data))
+        return {"status": "completed", "bulk_job_id": bulk_job_id}
+    except Exception as exc:
+        if self.request.retries >= self.max_retries:
+            _log_dead_letter("process_bulk_generation_job", bulk_job_id, exc)
+            raise
+        raise self.retry(exc=exc, countdown=_retry_countdown(self.request.retries))
+
+
+@shared_task(bind=True, max_retries=settings.CELERY_MAX_RETRIES)
+def process_bulk_execution_job(self, bulk_job_id: int, request_data: dict):
+    """Queue-backed bulk execution worker task."""
+    try:
+        from app.routers.bulk_jobs import _run_bulk_execution
+        from app.schemas.bulk_job import BulkRunRequest
+
+        _run_bulk_execution(bulk_job_id, BulkRunRequest.model_validate(request_data))
+        return {"status": "completed", "bulk_job_id": bulk_job_id}
+    except Exception as exc:
+        if self.request.retries >= self.max_retries:
+            _log_dead_letter("process_bulk_execution_job", bulk_job_id, exc)
+            raise
+        raise self.retry(exc=exc, countdown=_retry_countdown(self.request.retries))
+
+
 @shared_task(bind=True, max_retries=settings.CELERY_MAX_RETRIES)
 def generate_test_script(self, test_case_id: int, project_id: int):
     """
@@ -42,8 +103,10 @@ def generate_test_script(self, test_case_id: int, project_id: int):
         }
     except Exception as exc:
         logger.error(f"Error generating script: {exc}")
-        # Retry with exponential backoff (5s, 25s, 125s)
-        raise self.retry(exc=exc, countdown=5 ** self.request.retries)
+        if self.request.retries >= self.max_retries:
+            _log_dead_letter("generate_test_script", test_case_id, exc)
+            raise
+        raise self.retry(exc=exc, countdown=_retry_countdown(self.request.retries))
     finally:
         db.close()
 
@@ -127,7 +190,10 @@ def execute_script(self, script_id: int, execution_env: dict | None = None, exec
             ExecutionJobStatus.failed,
             error_message=str(exc),
         )
-        raise self.retry(exc=exc, countdown=5 ** self.request.retries)
+        if self.request.retries >= self.max_retries:
+            _log_dead_letter("execute_script", script_id, exc)
+            raise
+        raise self.retry(exc=exc, countdown=_retry_countdown(self.request.retries))
     finally:
         db.close()
 
@@ -158,7 +224,10 @@ def bulk_job_processor(self, bulk_job_id: int):
         }
     except Exception as exc:
         logger.error(f"Error processing bulk job: {exc}")
-        raise self.retry(exc=exc, countdown=10 ** self.request.retries)
+        if self.request.retries >= self.max_retries:
+            _log_dead_letter("bulk_job_processor", bulk_job_id, exc)
+            raise
+        raise self.retry(exc=exc, countdown=min(300, 10 ** (self.request.retries + 1)))
     finally:
         db.close()
 

{scriptgini-1.3.0 → scriptgini-1.3.1}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "scriptgini"
-version = "1.3.0"
+version = "1.3.1"
 description = "Agentic AI system that converts functional test cases into automation test scripts."
 readme = "README.md"
 requires-python = ">=3.11"

{scriptgini-1.3.0 → scriptgini-1.3.1}/scriptgini.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: scriptgini
-Version: 1.3.0
+Version: 1.3.1
 Summary: Agentic AI system that converts functional test cases into automation test scripts.
 Author: ScriptGini Team
 License: Proprietary
@@ -16,7 +16,7 @@ Description-Content-Type: text/markdown
 
 > **Enterprise-grade Agentic AI system that converts functional test cases into high-quality, review-ready automation test scripts.**
 
-Current release: v1.3.0 (Sprint 3)
+Current release: v1.3.1 (Sprint 4 hardening increment)
 
 ---
 
@@ -441,8 +441,8 @@ The project follows an **enterprise-grade development roadmap** with 6 sprints c
 |--------|-------|--------|--------|
 | **Sprint 1** | IAM Core | 30-36pts | 🟡 Core delivered (auth hardening pending) |
 | **Sprint 2** | RBAC + Multi-Tenancy | 32-38pts | 🟡 Core delivered (RBAC hardening pending) |
-| **Sprint 3** | Durable Execution | 34-40pts | 🔲 Pending (Redis + Celery/Arq setup) |
-| **Sprint 4** | Security & Hardening | 30-36pts | 🔲 Pending (Container sandbox, audit logging) |
+| **Sprint 3** | Durable Execution | 34-40pts | ✅ Completed (Redis + Celery queue foundation) |
+| **Sprint 4** | Security & Hardening | 30-36pts | 🟡 In progress (isolation boundary + breakout tests pending) |
 | **Sprint 5** | Reporting & Analytics | 28-34pts | 🔲 Pending (Artifact storage, dashboards) |
 | **Sprint 6** | Advanced Features | 24-30pts | 🔲 Pending (Webhooks, defect sync, versioning) |