1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
|
# Current Session State
## 🎯 Active Goal
Frontend modernization with tabs, HTMX, and Tailwind build pipeline complete.
## ✅ Completed
- Initial Phase 1 feature set (Trello, Todoist, Obsidian, PlanToEat)
- Basic testing suite (9/9 passing)
- **Database Hardening:** Enabled WAL mode for better concurrency (sqlite.go:32-35)
- **Database Hardening:** Set MaxOpenConns(1) to prevent "database is locked" errors (sqlite.go:38)
- **Security Fix:** SQL injection vulnerability in GetNotes LIMIT clause (sqlite.go:215-221)
- **Commit:** 4c03e9c "Harden database security and reliability"
- **Security Fix:** Path traversal mitigation - skip symbolic links in Obsidian scanner (obsidian.go:54-57)
- **Commit:** 325811c "Mitigate path traversal risk in Obsidian scanner"
- **Performance Optimization:** Parallelized Trello card fetching with semaphore-limited concurrency (trello.go:197-220)
- **Commit:** 80c2332 "Parallelize Trello card fetching for improved performance"
- **Cleanup:** Removed AI Agent middleware and `/api/claude/snapshot` endpoint
- Deleted: internal/middleware/ai_auth.go, ai_auth_test.go
- Removed: AIAgentAPIKey from config.go
- Removed: AI Endpoint reference from CLAUDE.md documentation
- All tests passing after removal
- **Commit:** 1d47891 "Remove AI agent middleware and snapshot endpoint"
- **Commit:** 6a89948 "Remove obsolete AI endpoint reference from documentation"
- **Test Coverage:** Added security tests for path traversal and SQL injection fixes
- internal/api/obsidian_test.go: TestGetNotes_SymlinkSecurity validates symlink protection
- internal/store/sqlite_test.go: TestGetNotes_LimitClause validates LIMIT parameterization
- 2 new test files with 7 total test cases, all passing
- **Commit:** e576710 "Add security tests for path traversal and SQL injection fixes"
- **UX Improvement:** Board sorting - non-empty boards first, then alphabetical
- internal/api/trello.go:220-228: Added sort logic to GetBoardsWithCards
- internal/store/sqlite.go:428-433: Updated SQL query to sort cached boards consistently
- Empty boards now pushed to bottom, active boards at top
- **Commit:** 9ef5b7f "Sort Trello boards with active boards first"
- **Frontend Modernization:** Complete UI overhaul with tabs, HTMX, and Tailwind build pipeline
- **Build Pipeline:** npm + PostCSS + Tailwind configuration (replaced CDN)
- package.json, tailwind.config.js, postcss.config.js, Makefile
- Custom design system with brand colors (Trello, Todoist, Obsidian, PlanToEat)
- Compiled CSS: 27KB (vs 3MB CDN), Inter font, custom components
- **Tab Interface:** Separate "Tasks" (Trello/Todoist/PlanToEat) from "Notes" (Obsidian)
- HTMX for partial page updates (no full refreshes)
- Tab switching with proper state management
- Auto-refresh maintains current tab context
- **Template Restructuring:** Modular partials architecture
- web/templates/partials/: 7 reusable template components
- tasks-tab.html, notes-tab.html, trello-boards.html, todoist-tasks.html, etc.
- Cleaner separation of concerns
- **Empty Board Collapsible:** Native `<details>` accordion for empty Trello boards
- Active boards displayed prominently in 3-column grid
- Empty boards hidden in expandable section
- Reduces visual clutter, scales well
- **Backend Tab Endpoints:** HTMX-compatible handlers
- /tabs/tasks, /tabs/notes, /tabs/refresh routes
- HandleTasksTab, HandleNotesTab, HandleRefreshTab methods
- Selective rendering for faster tab switches
- **JavaScript Enhancements:** app.js rewritten for HTMX integration
- HTMX event listeners for loading states
- Current tab tracking for refresh/auto-refresh
- Improved error handling
- **Visual Design:** Modern aesthetic with brand colors
- Section headers with color-coded accents
- Improved typography hierarchy (Inter font)
- Enhanced spacing (10-unit sections, 6-unit cards)
- Card hover effects with smooth transitions
- Custom scrollbar styling
## 🏗️ Architecture & Decisions
- **Decision:** Use SQLite for caching with a 5-minute TTL.
- **Decision:** Trello is the primary task system, requiring Key+Token auth.
- **Decision:** Limit Trello concurrent requests to 5 to prevent API rate limiting.
- **Decision:** Removed AI agent endpoint - dashboard is human-facing only.
- **Decision:** HTMX over React/Vue for simpler state management and server-side rendering.
- **Decision:** Compiled Tailwind over CDN for 99% smaller CSS and custom design tokens.
- **Decision:** Template partials for HTMX-friendly swap targets and reusability.
- **Decision:** Native `<details>` element for empty board collapsible (no JS required).
## 📋 Next Steps
1. **Future:** Consider Phase 2 features (write operations, user management).
## ⚠️ Known Blockers / Debt
- None currently.
|
