| Age | Commit message (Collapse) | Author |
|---|
|
Enable passwordless login via passkeys as an alternative to password auth.
Users register passkeys from Settings; the login page offers both options.
WebAuthn is optional — only active when WEBAUTHN_RP_ID and WEBAUTHN_ORIGIN
env vars are set.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
|
New test files:
- api/http_test.go: HTTP client and error handling tests
- config/config_test.go: Configuration loading and validation tests
- middleware/security_test.go: Security middleware tests
- models/atom_test.go: Atom model and conversion tests
Expanded test coverage:
- api/todoist_test.go: Todoist API client tests
- api/trello_test.go: Trello API client tests
- auth/auth_test.go: Authentication and CSRF tests
- handlers/timeline_logic_test.go: Timeline building logic tests
- store/sqlite_test.go: SQLite store operations tests
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
|
|
Phase 1: Authentication and read-only context
- POST /agent/auth/request - request access with name + agent_id
- GET /agent/auth/poll - poll for approval status
- POST /agent/auth/approve|deny - user approval (browser auth required)
- GET /agent/context - 7-day timeline context (agent session required)
Phase 1.5: Browser-only agent endpoints (HTML pages)
- GET /agent/web/request - request page with token
- GET /agent/web/status - status page with polling
- GET /agent/web/context - context page with timeline data
WebSocket notifications:
- GET /ws/notifications - push agent requests to browsers
- Approval modal with trust indicators and countdown timer
Database:
- agents table for registered agent tracking
- agent_sessions table for pending/active sessions
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
|
|
- Handle JSON marshal errors in sqlite.go (log + fallback to empty array)
- Add 30s timeout to Google Calendar client initialization
- Fix CSRF timing attack by using subtle.ConstantTimeCompare
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
|
|
- Fix errcheck: handle all error return values in production code
- Fix errcheck: handle all error return values in test files
- Fix staticcheck: replace deprecated WithCredentialsFile with WithAuthCredentialsFile
- Remove unused code: authHeaders, planToEatPlannerItem, planToEatResponse
- Use defer func() { _ = x.Close() }() pattern for ignored close errors
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
|
|
Add CSRF token middleware for state-changing request protection,
integrate tokens into templates and HTMX headers, and add unit
tests for authentication service and handlers.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
|
|
Implement secure authentication using scs session manager with SQLite
backing store and bcrypt password hashing.
- Add users and sessions tables (migration 004)
- Create internal/auth package with Service, Middleware, and Handlers
- Protect all routes except /login, /logout, /static/*
- Add login page template and logout button to dashboard
- Default credentials: admin/changeme (configurable via env vars)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
|
