| Age | Commit message (Collapse) | Author |
|---|
|
Created comprehensive test coverage for security fixes:
- internal/api/obsidian_test.go:
* TestGetNotes_SymlinkSecurity: Verifies symlinks are not followed
* TestGetNotes_BasicFunctionality: Tests basic limit and ordering
* Uses t.TempDir() for isolated test environments
- internal/store/sqlite_test.go:
* TestGetNotes_LimitClause: Validates LIMIT parameter handling
* TestGetNotes_EmptyDatabase: Tests empty state
* TestSaveNotes_Upsert: Verifies INSERT OR REPLACE behavior
* TestGetNotes_SQLInjectionAttempt: Confirms parameterized queries
* All tests use temporary SQLite databases for isolation
All tests passing (7 new test cases). Security fixes from commits
325811c and 4c03e9c now have full test coverage.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
|
|
Cleaned up CLAUDE.md by removing the AI Endpoint line from the
Technical Context section. Updated SESSION_STATE.md to track this
final documentation cleanup.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
|
|
Simplified the dashboard by removing the AI agent access layer:
- Deleted internal/middleware/ai_auth.go and tests
- Removed AIAgentAPIKey from config.Config
- Removed /api/claude/snapshot endpoint registration
- Updated SESSION_STATE.md and CLAUDE.md documentation
- All tests passing after cleanup
Dashboard is now human-facing only without the AI agent endpoint.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
|
|
Replaced sequential card fetching in GetBoardsWithCards with concurrent
goroutines limited by a semaphore (max 5 concurrent requests). This
significantly reduces load times for users with multiple boards.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
|
|
Skip symbolic links during vault traversal to prevent reading files outside the configured vault directory. This prevents potential path traversal attacks via malicious symlinks.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
|
|
Enable WAL mode for better concurrency, serialize writes to prevent database lock errors, and fix SQL injection vulnerability in GetNotes by using parameterized queries.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
|
|
Implemented a unified web dashboard aggregating tasks, notes, and meal planning:
Core Features:
- Trello integration (PRIMARY feature - boards, cards, lists)
- Todoist integration (tasks and projects)
- Obsidian integration (20 most recent notes)
- PlanToEat integration (optional - 7-day meal planning)
- Mobile-responsive web UI with auto-refresh (5 min)
- SQLite caching with 5-minute TTL
- AI agent endpoint with Bearer token authentication
Technical Implementation:
- Go 1.21+ backend with chi router
- Interface-based API client design for testability
- Parallel data fetching with goroutines
- Graceful degradation (partial data on API failures)
- .env file loading with godotenv
- Comprehensive test coverage (9/9 tests passing)
Bug Fixes:
- Fixed .env file not being loaded at startup
- Fixed nil pointer dereference with optional API clients (typed nil interface gotcha)
Documentation:
- START_HERE.md - Quick 5-minute setup guide
- QUICKSTART.md - Fast track setup
- SETUP_GUIDE.md - Detailed step-by-step instructions
- PROJECT_SUMMARY.md - Complete project overview
- CLAUDE.md - Guide for Claude Code instances
- AI_AGENT_ACCESS.md - AI agent design document
- AI_AGENT_SETUP.md - Claude.ai integration guide
- TRELLO_AUTH_UPDATE.md - New Power-Up auth process
Statistics:
- Binary: 17MB
- Code: 2,667 lines
- Tests: 5 unit + 4 acceptance tests (all passing)
- Dependencies: chi, sqlite3, godotenv
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
|
