Retex - Tag - arleo.euhttps://www.arleo.eu/en/tags/retex/Retex - Tag - arleo.euHugo -- gohugo.ioenSat, 09 May 2026 22:33:22 +0200Grav → Hugo migration: 2 years of blog flipped in one dayhttps://www.arleo.eu/en/posts/migration-grav-hugo/Sat, 09 May 2026 22:33:22 +0200Jmrhttps://www.arleo.eu/en/posts/migration-grav-hugo/

TL;DR

On May 9, 2026, I switched arleo.eu from Grav (PHP CMS) to Hugo (Go static site generator) in a single session. Atomic flip (≈ 0 second downtime), 22 legacy articles migrated under /posts/ with SEO aliases to preserve Google-indexed URLs, BetterStack /ping monitoring intact throughout the operation.

The code and migration script are open source: github.com/jmrGrav/grav-to-hugo-migration.

]]>MCP security sprint delivered: v1.9.0, 10 chantiers, hardened ecosystemhttps://www.arleo.eu/en/posts/sprint-securite-mcp-livre/Sat, 09 May 2026 18:44:12 +0200Jmrhttps://www.arleo.eu/en/posts/sprint-securite-mcp-livre/

TL;DR

On May 9, 2026, I delivered all 10 chantiers of the MCP security sprint that I had announced earlier in the day in a single marathon session. hugo-mcp is now at v1.9.0 (GitHub Release), commit 1404f83 GPG-signed.

Here’s the high-level recap + a pedagogical deep-dive on 2 chantiers with real value beyond my specific context: C2 token rotation and C6 internal TLS.

Recap of 10 chantiers

# Chantier Implementation
C1 Rate limiting slowapi, 60 req/min per IP
C2 Token rotation tokens.json + token_mgr.py CLI
C3 JSON audit logs structlog, machine-readable events
C4 Strict Pydantic v2 CreatePageArgs / UpdatePageArgs with constraints
C5 bcrypt cost-12 Tokens hashed in storage
C6 NUC ↔ VM TLS EC P-256 cert, uvicorn SSL, proxy verifies the cert
C7 requirements.lock SHA-256 hashes via pip-compile --generate-hashes
C8 Info disclosure Docs off, generic exception handler, proxy_hide_header
C9 nginx WAF POST + application/json enforcement on /mcp, OWASP CRS active
C10 Backup DR backup.sh GPG-encrypted, 30-day retention

Full details in the CHANGELOG v1.9.0 and commit 1404f83.

]]>