Full deployment history for this project.
Merge pull request #33 from mbarbine/copilot/merge-all-pull-requests
Merge pull request #32 # Conflicts: # app/page.tsx Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
Merge pull request #14 # Conflicts: # .Jules/palette.md Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
⚡ Bolt: Add lazy loading to below-the-fold image Adds `loading="lazy"` and `decoding="async"` to the Team section image in app/page.tsx.
🎨 Palette: [Accessibility] Improve external link accessibility Added visually hidden "(opens in a new tab)" text to all target="_blank" links in app/page.tsx. Also added aria-hidden="true" to trailing chevron icons to ensure they are ignored by screen readers, creating a cleaner audio experience.
⚡ Bolt: Lazy load below-the-fold image
🎨 Palette: Add screen reader accessibility for external links This commit improves the accessibility of all 5 external links in `app/page.tsx` by adding a visually hidden `(opens in a new tab)` text snippet. It also adds `aria-hidden="true"` to a purely decorative trailing `ChevronRight` icon associated with one of the links to ensure screen readers do not incorrectly vocalize it.
🛡️ Sentinel: [HIGH] Fix unsafe-eval in production CSP
⚡ Bolt: Add lazy loading to 1.6MB team image Adds native loading="lazy" and decoding="async" to the 1.6MB screenshot image in the Team section, preventing it from blocking the initial page load since Next.js image optimization is disabled in the configuration.
🎨 Palette: Improve screen reader accessibility for external links and decorative icons
🛡️ Sentinel: [HIGH] Fix XSS risk by removing unsafe-eval from production CSP
⚡ Bolt: [performance improvement] Lazy load team image
🎨 Palette: [UX improvement] Accessible external links and decorative icons
🛡️ Sentinel: [HIGH] Fix unsafe-eval in Content Security Policy Dynamically generate the CSP string in next.config.mjs to omit 'unsafe-eval' from the script-src directive in production. This significantly reduces the attack surface for XSS vulnerabilities, while maintaining 'unsafe-eval' in development for Hot Module Replacement (HMR).
🎨 Palette: Improve accessibility for external links - Added sr-only text " (opens in a new tab)" to all external links. - Added aria-hidden="true" to the ChevronRight icon. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
🎨 Palette: Enhance keyboard navigation and screen reader accessibility - Added screen-reader-only text `(opens in a new tab)` for all `target="_blank"` links in `app/page.tsx` - Hid decorative icons (`ChevronRight`, `Mail`) from screen readers inside buttons using `aria-hidden="true"` - Improved keyboard navigation by adding explicit `focus-visible` ring styling to footer and privacy policy links Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
🎨 Palette: [UX improvement] Add screen reader indicators for external links - Appended visually hidden text `<span className="sr-only"> (opens in a new tab)</span>` to all external links (`target="_blank"`). - Added `aria-hidden="true"` to decorative `ChevronRight` icons inside links. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
🎨 Palette: Add sr-only text to external links and improve keyboard focus Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
🛡️ Sentinel: [CRITICAL/HIGH] Fix XSS risk via unsafe-eval Removed 'unsafe-eval' from the Content-Security-Policy script-src directive in production to mitigate Cross-Site Scripting (XSS) risks. The directive is now dynamically generated to only include 'unsafe-eval' during development to support Hot Module Replacement (HMR). 🚨 Severity: HIGH 💡 Vulnerability: The CSP hardcoded 'unsafe-eval' in script-src for all environments, allowing potentially malicious scripts to execute via eval(). 🎯 Impact: If an attacker managed to inject a payload, 'unsafe-eval' would allow the script to execute, leading to XSS and potential session hijacking or data theft. 🔧 Fix: Modified next.config.mjs to check process.env.NODE_ENV and only include 'unsafe-eval' in 'development'. ✅ Verification: Ran pnpm build to verify Next.js configuration is valid and the app builds successfully. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
🎨 Palette: Add visual indicators and a11y to external links Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
🛡️ Sentinel: [HIGH] Remove 'unsafe-eval' from CSP in production & Upgrade Referrer-Policy This commit dynamically omits the 'unsafe-eval' directive from the Content Security Policy's script-src when running in production environments. This reduces the risk of XSS execution via `eval()`. It also upgrades the Referrer-Policy to `strict-origin-when-cross-origin` to prevent origin leakage during HTTPS to HTTP downgrades. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
🎨 Palette: Add focus visible styles for keyboard navigation Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
⚡ Bolt: Add lazy loading to heavy below-the-fold image Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
⚡ Bolt: [performance improvement] Add lazy loading to team image Adds `loading="lazy"`, `decoding="async"`, and explicit dimensions to the large team image below the fold. This reduces initial load bandwidth and prevents layout shifting. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
⚡ Bolt: [performance improvement] Add lazy loading to below-the-fold image Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
Merge pull request #5 from mbarbine/sentinel-security-csp-header-11766362170263722976 🛡️ Sentinel: [security improvement] Add Content-Security-Policy header
Merge pull request #4 from mbarbine/sentinel-security-headers-11183066381593868045
feat: add easter egg modal with interactive controls Introduce modal on "PH3AR" input, sticky header, and footer updates. Co-authored-by: Michael Barbine <3211492+mbarbine@users.noreply.github.com>
feat: enlarge demo frame and add fullscreen toggle Increase container width and set fixed responsive heights. Add "Open in full screen" link with hover effect. Co-authored-by: Michael Barbine <3211492+mbarbine@users.noreply.github.com>
feat: embed BioSignal Monitor demo on landing page Showcase technology with interactive demo between solution and how it works sections. Co-authored-by: Michael Barbine <3211492+mbarbine@users.noreply.github.com>
feat: finalize site for production release Add PH3AR logo favicon, optimize social sharing, update privacy policy link, and polish site for credibility. Co-authored-by: Michael Barbine <3211492+mbarbine@users.noreply.github.com>
feat: finalize site for release with PH3AR branding Add PH3AR logo favicon, social share metadata, privacy link, email CTA, domain updates, and polish for production. Co-authored-by: Michael Barbine <3211492+mbarbine@users.noreply.github.com>