doot.git/internal/middleware, branch main doot — personal productivity web app https://git.terst.org/doot.git/atom?h=main 2026-02-04T01:16:35+00:00 Add comprehensive test coverage across packages 2026-02-04T01:16:35+00:00 Peter Stone thepeterstone@gmail.com 2026-02-04T01:16:35+00:00 urn:sha1:25a5b7ecf9ddd31da54e91f87988b77aea857571 New test files: - api/http_test.go: HTTP client and error handling tests - config/config_test.go: Configuration loading and validation tests - middleware/security_test.go: Security middleware tests - models/atom_test.go: Atom model and conversion tests Expanded test coverage: - api/todoist_test.go: Todoist API client tests - api/trello_test.go: Trello API client tests - auth/auth_test.go: Authentication and CSRF tests - handlers/timeline_logic_test.go: Timeline building logic tests - store/sqlite_test.go: SQLite store operations tests Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> Add Agent Context API for external agent integration 2026-01-29T08:19:28+00:00 Peter Stone thepeterstone@gmail.com 2026-01-29T08:19:28+00:00 urn:sha1:05b1930e04ac222d73ffb2f45c1b1febb69f893d Phase 1: Authentication and read-only context - POST /agent/auth/request - request access with name + agent_id - GET /agent/auth/poll - poll for approval status - POST /agent/auth/approve|deny - user approval (browser auth required) - GET /agent/context - 7-day timeline context (agent session required) Phase 1.5: Browser-only agent endpoints (HTML pages) - GET /agent/web/request - request page with token - GET /agent/web/status - status page with polling - GET /agent/web/context - context page with timeline data WebSocket notifications: - GET /ws/notifications - push agent requests to browsers - Approval modal with trust indicators and countdown timer Database: - agents table for registered agent tracking - agent_sessions table for pending/active sessions Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> Fix CSP to allow conditions page embeds and fonts 2026-01-27T20:28:26+00:00 Peter Stone thepeterstone@gmail.com 2026-01-27T20:28:26+00:00 urn:sha1:994b92f6c6ce204675b9e20ff1e9b4a3bfa39bea Allow external resources in Content-Security-Policy: - frame-src: youtube.com, embed.windy.com (for webcams/weather) - style-src: fonts.googleapis.com (for Inter font) - font-src: fonts.gstatic.com (for font files) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> Phase 1: Critical security fixes 2026-01-26T17:01:25+00:00 Peter Stone thepeterstone@gmail.com 2026-01-26T17:01:25+00:00 urn:sha1:8c2c88f90039e87b29ce32cd31b7b0361b5803d0 - Remove default password fallback - require DEFAULT_PASS in all environments - Fix XSS vulnerabilities in HTML generation (handlers.go:795,920) - Add security headers middleware (X-Frame-Options, CSP, HSTS, etc.) - Add rate limiting on login endpoint (5 req/15min per IP) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> Remove AI agent middleware and snapshot endpoint 2026-01-12T23:43:07+00:00 Peter Stone thepeterstone@gmail.com 2026-01-12T23:43:07+00:00 urn:sha1:1d47891d0097c10920ab5706b54c847024ec8f29 Simplified the dashboard by removing the AI agent access layer: - Deleted internal/middleware/ai_auth.go and tests - Removed AIAgentAPIKey from config.Config - Removed /api/claude/snapshot endpoint registration - Updated SESSION_STATE.md and CLAUDE.md documentation - All tests passing after cleanup Dashboard is now human-facing only without the AI agent endpoint. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> Initial commit: Personal Consolidation Dashboard (Phase 1 Complete) 2026-01-12T19:27:16+00:00 Peter Stone thepeterstone@gmail.com 2026-01-12T19:27:16+00:00 urn:sha1:9fe0998436488537a8a2e8ffeefb0c4424b41c60 Implemented a unified web dashboard aggregating tasks, notes, and meal planning: Core Features: - Trello integration (PRIMARY feature - boards, cards, lists) - Todoist integration (tasks and projects) - Obsidian integration (20 most recent notes) - PlanToEat integration (optional - 7-day meal planning) - Mobile-responsive web UI with auto-refresh (5 min) - SQLite caching with 5-minute TTL - AI agent endpoint with Bearer token authentication Technical Implementation: - Go 1.21+ backend with chi router - Interface-based API client design for testability - Parallel data fetching with goroutines - Graceful degradation (partial data on API failures) - .env file loading with godotenv - Comprehensive test coverage (9/9 tests passing) Bug Fixes: - Fixed .env file not being loaded at startup - Fixed nil pointer dereference with optional API clients (typed nil interface gotcha) Documentation: - START_HERE.md - Quick 5-minute setup guide - QUICKSTART.md - Fast track setup - SETUP_GUIDE.md - Detailed step-by-step instructions - PROJECT_SUMMARY.md - Complete project overview - CLAUDE.md - Guide for Claude Code instances - AI_AGENT_ACCESS.md - AI agent design document - AI_AGENT_SETUP.md - Claude.ai integration guide - TRELLO_AUTH_UPDATE.md - New Power-Up auth process Statistics: - Binary: 17MB - Code: 2,667 lines - Tests: 5 unit + 4 acceptance tests (all passing) - Dependencies: chi, sqlite3, godotenv Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>