platphorm-vanlife-website

🎨 Palette: Add keyboard accessibility to Academy course cards Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>

🎨 Palette: Add aria-label to icon-only Share button Added dynamic aria-label to the ShareButton component so that it provides a descriptive "Share" label for screen readers when the visible text label is hidden (showLabel is false). Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>

🎨 Palette: Add keyboard accessibility to Academy course cards Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>

Optimize HeroSection parallax scroll Replaced React state (`useState`) with a `useRef` for tracking scroll position and applying the parallax transform in `components/hero-section.tsx`. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>

⚡ Bolt: optimize scroll animations Extracted array mapping outside `QuickNav` to prevent recreating reference on every render. Updated `useActiveSection` to use a single `IntersectionObserver` instead of recreating an observer per section. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>

🛡️ Sentinel: [CRITICAL] Fix authentication bypass on MCP endpoint Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>

🎨 Palette: Improve newsletter form accessibility Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>

🛡️ Sentinel: [security improvement] Add security headers Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>

🛡️ Sentinel: Add security headers Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>

🛡️ Sentinel: [HIGH] Fix SSRF and DoS vulnerability in IndexNow API Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>

🛡️ Sentinel: [HIGH] Fix IndexNow arbitrary URL submission Added validation logic to the `/api/indexnow` endpoint to ensure all submitted URLs strictly belong to the site domain, preventing malicious actors from proxying arbitrary URLs to search engines via the IndexNow API. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>

Merge pull request #5 from mbarbine/sentinel-fix-timing-attack-15607749628477901757 🛡️ Sentinel: [CRITICAL/HIGH] Fix Timing Attack Vulnerability in API Auth

🛡️ Sentinel: [CRITICAL/HIGH] Fix Timing Attack Vulnerability in API Auth Replaced direct string comparisons (`===`) for API keys with constant-time comparisons (`crypto.timingSafeEqual`) in `app/api/sensors/route.ts` and `app/api/update/route.ts` to prevent timing attacks against secret tokens. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>

Merge pull request #4 from mbarbine/sentinel-fix-mass-assignment-15735060723836476557 🛡️ Sentinel: [HIGH] Fix mass assignment vulnerability in sensors API

🛡️ Sentinel: [HIGH] Fix mass assignment vulnerability in sensors API Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>

Merge pull request #3 from mbarbine/sentinel-fix-llm-payload-limits-3808539966725799895

Merge pull request #2 from mbarbine/perf/throttle-scroll-events-13206719715025234165 ⚡ Bolt: Throttle scroll events in ScrollProgress and BackToTop

Merge pull request #1 from mbarbine/copilot/enhance-product-feature Add scroll animations, gallery keyboard nav, parallax hero, and interactive UI polish