| Age | Commit message (Collapse) | Author |
|---|
|
Phase 1: Authentication and read-only context
- POST /agent/auth/request - request access with name + agent_id
- GET /agent/auth/poll - poll for approval status
- POST /agent/auth/approve|deny - user approval (browser auth required)
- GET /agent/context - 7-day timeline context (agent session required)
Phase 1.5: Browser-only agent endpoints (HTML pages)
- GET /agent/web/request - request page with token
- GET /agent/web/status - status page with polling
- GET /agent/web/context - context page with timeline data
WebSocket notifications:
- GET /ws/notifications - push agent requests to browsers
- Approval modal with trust indicators and countdown timer
Database:
- agents table for registered agent tracking
- agent_sessions table for pending/active sessions
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
|
|
Allow external resources in Content-Security-Policy:
- frame-src: youtube.com, embed.windy.com (for webcams/weather)
- style-src: fonts.googleapis.com (for Inter font)
- font-src: fonts.gstatic.com (for font files)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
|
|
- Remove default password fallback - require DEFAULT_PASS in all environments
- Fix XSS vulnerabilities in HTML generation (handlers.go:795,920)
- Add security headers middleware (X-Frame-Options, CSP, HSTS, etc.)
- Add rate limiting on login endpoint (5 req/15min per IP)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
|
|
Simplified the dashboard by removing the AI agent access layer:
- Deleted internal/middleware/ai_auth.go and tests
- Removed AIAgentAPIKey from config.Config
- Removed /api/claude/snapshot endpoint registration
- Updated SESSION_STATE.md and CLAUDE.md documentation
- All tests passing after cleanup
Dashboard is now human-facing only without the AI agent endpoint.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
|
|
Implemented a unified web dashboard aggregating tasks, notes, and meal planning:
Core Features:
- Trello integration (PRIMARY feature - boards, cards, lists)
- Todoist integration (tasks and projects)
- Obsidian integration (20 most recent notes)
- PlanToEat integration (optional - 7-day meal planning)
- Mobile-responsive web UI with auto-refresh (5 min)
- SQLite caching with 5-minute TTL
- AI agent endpoint with Bearer token authentication
Technical Implementation:
- Go 1.21+ backend with chi router
- Interface-based API client design for testability
- Parallel data fetching with goroutines
- Graceful degradation (partial data on API failures)
- .env file loading with godotenv
- Comprehensive test coverage (9/9 tests passing)
Bug Fixes:
- Fixed .env file not being loaded at startup
- Fixed nil pointer dereference with optional API clients (typed nil interface gotcha)
Documentation:
- START_HERE.md - Quick 5-minute setup guide
- QUICKSTART.md - Fast track setup
- SETUP_GUIDE.md - Detailed step-by-step instructions
- PROJECT_SUMMARY.md - Complete project overview
- CLAUDE.md - Guide for Claude Code instances
- AI_AGENT_ACCESS.md - AI agent design document
- AI_AGENT_SETUP.md - Claude.ai integration guide
- TRELLO_AUTH_UPDATE.md - New Power-Up auth process
Statistics:
- Binary: 17MB
- Code: 2,667 lines
- Tests: 5 unit + 4 acceptance tests (all passing)
- Dependencies: chi, sqlite3, godotenv
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
|
