Full deployment history for this project.
feat: add name-specific dynamic tooltips and ARIA labels for webhooks actions (#58) Wrap the edit and delete actions on the webhooks dashboard list in Radix UI Tooltip components. Use dynamic, webhook-specific ARIA labels and tooltip content to provide a highly descriptive, accessible screen reader and sighted user experience.
feat: add name-specific dynamic tooltips and ARIA labels for webhooks actions Wrap the edit and delete actions on the webhooks dashboard list in Radix UI Tooltip components. Use dynamic, webhook-specific ARIA labels and tooltip content to provide a highly descriptive, accessible screen reader and sighted user experience.
⚡ Bolt: optimize activity dashboard re-renders and timestamps (#57) - Introduced a centralized 'now' state inside ActivityClient updating every 60s. - Refactored getTimeAgo and formatDuration to accept 'now' as parameter. - Wrapped EventCard and AgentCard in React.memo with custom equality comparators to prevent unnecessary re-renders on SWR polls when data hasn't changed. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
⚡ Bolt: optimize activity dashboard re-renders and timestamps - Introduced a centralized 'now' state inside ActivityClient updating every 60s. - Refactored getTimeAgo and formatDuration to accept 'now' as parameter. - Wrapped EventCard and AgentCard in React.memo with custom equality comparators to prevent unnecessary re-renders on SWR polls when data hasn't changed. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
⚡ Bolt: optimize getRecentAgentEvents performance Optimizes the recent agent events retrieval to use an efficient single-pass reverse iteration instead of copying and filtering the entire array multiple times. This dramatically reduces garbage collection overhead and time complexity from O(N) to O(limit). Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
Consolidate open PRs, compatible upgrades, and platform auth Validated locally and through a READY Vercel preview. Merge commit preserves every original PR head in ancestry.
chore: validate consolidated upgrades and platform auth
chore: validate consolidated upgrades and platform auth
🎨 Palette: Enhance Code Editor "Run" button with keyboard shortcut hint (#39) This change replaces the native `title` attribute on the Code Editor's "Run" button with a rich Radix UI `Tooltip`. The new tooltip includes a visual keyboard shortcut hint (`Ctrl` / `⌘` + `Enter`) using the `Kbd` component, improving discoverability and providing a more polished, accessible user experience. - Replaced native `title` with Radix `Tooltip` on "Run" button in `components/code-editor.tsx`. - Added cross-platform shortcut hints using `Kbd` and `KbdGroup`. - Ensured proper accessibility with descriptive tooltip content. - Updated Palette journal with learnings on cross-platform shortcut hints. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
feat(ux): upgrade API key actions with Radix custom Tooltips (#54) This change upgrades the "Show/Hide secret key", "Copy secret key", and "Delete key" actions in the ApiKeysClient component with polished custom Radix Tooltips, removing the browser's native title tooltips and improving keyboard focus accessibility. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
feat(ux): upgrade API key actions with Radix custom Tooltips This change upgrades the "Show/Hide secret key", "Copy secret key", and "Delete key" actions in the ApiKeysClient component with polished custom Radix Tooltips, removing the browser's native title tooltips and improving keyboard focus accessibility. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
⚡ Bolt: Optimize ActivityFeed re-renders and function recreation (#53) - Extracted static helper functions (getEventIcon, getEventColor, getTimeAgo) to module scope to prevent garbage collection thrashing and redundant recreation on every render. - Extracted individual event row rendering to ActivityEventRow subcomponent and wrapped with React.memo to avoid re-rendering of all event rows during SWR polling updates or parent state toggles. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
⚡ Bolt: Optimize ActivityFeed re-renders and function recreation - Extracted static helper functions (getEventIcon, getEventColor, getTimeAgo) to module scope to prevent garbage collection thrashing and redundant recreation on every render. - Extracted individual event row rendering to ActivityEventRow subcomponent and wrapped with React.memo to avoid re-rendering of all event rows during SWR polling updates or parent state toggles. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
⚡ Bolt: Optimize ActivityFeed rendering and timestamp accuracy - Hoisted helper functions to module scope to avoid recreation. - Extracted event items into a memoized `ActivityItem` component. - Implemented a 60-second 'now' state ticker for accurate relative times without full list re-renders. - Stabilized `onEventClick` callback using a ref to prevent `React.memo` bypass. - Documented learning in `.jules/bolt.md`. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
🎨 Palette: Polish CodeEditor toolbar with dynamic tooltips and shortcut hints - Implement dynamic "Copy code" -> "Copied!" feedback in Tooltip - Add keyboard shortcut hints (⌘/Ctrl + Enter) to "Run" button tooltip - Consolidate toolbar actions under a single TooltipProvider - Replace native title attributes with accessible Radix tooltips for consistency - Ensure cross-platform compatibility for keyboard modifiers (⌘/Ctrl) Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
Update scheduled regression action runtime
Update scheduled regression action runtime
Update scheduled regression action runtime
Add bounded production trace verification
Add bounded production trace verification
Add bounded production trace verification
Add bounded production trace verification
Retire disabled legacy persistence status
Retire disabled legacy persistence status
Retire disabled legacy persistence status
Expose verified Aurora migration receipt
Expose verified Aurora migration receipt
Preserve timestamp precision in Aurora migration
Preserve timestamp precision in Aurora migration
Return bounded migration mismatch evidence
Return bounded migration mismatch evidence
Preserve JSONB values during Aurora migration
Preserve JSONB values during Aurora migration
Report safe migration failure phases
Report safe migration failure phases
palette: add accessible tooltips to api keys actions - implement radix ui tooltips for show, copy, and delete buttons - add dynamic tooltip content for feedback (e.g., "copied!") - improve delete button clarity by including key name in tooltip - remove redundant native title attributes - ensure tooltip provider coverage in api keys client Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
Honor encrypted legacy source TLS mode
Migrate Sandbox persistence to Aurora and export traces
⚡ Bolt: optimize ActivityFeed with memoization and throttled updates - Extract and memoize ActivityEventItem to prevent O(N) re-renders - Move static helper functions to module scope - Implement a throttled 'now' timestamp (updating every minute) for accurate relative times - Stabilize callback props using useRef to maintain memoization effectiveness - Consolidate TooltipProvider usage to reduce React tree depth Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
🎨 Palette: Add Radix Tooltips to API Keys and Webhooks - Replaced native `title` attributes with Radix UI Tooltips in API Keys and Webhooks management pages. - Implemented dynamic "Copied!" feedback for secret key copy action. - Improved accessibility with descriptive ARIA labels for icon-only buttons. - Consolidated `TooltipProvider` usage for better performance and cleaner DOM. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
feat(ux): add tooltips and accessible labels to navigation - Wrap icon-only buttons in AppHeader and AppSidebar with Tooltips - Add descriptive aria-labels to mobile menu and sandbox buttons - Update theme toggle to use resolvedTheme for accurate target-state labels - Improve accessibility and discoverability for primary navigation actions Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
🎨 Palette: Enhance CodeEditor "Run" button with accessible tooltip and shortcut hints - Replaced native 'title' attribute with Radix UI Tooltip - Added keyboard shortcut hints (⌘/Ctrl + Enter) using Kbd component - Improved accessibility and discoverability for power users Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
feat(ui): add global TooltipProvider and enhance AppHeader accessibility - Wrap application in global TooltipProvider in app/layout.tsx - Add tooltips and descriptive aria-labels to icon-only buttons in AppHeader - Improve mobile UX with tooltips for menu and new sandbox actions - Ensure theme toggle tooltip and label dynamically reflect target state Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
🛡️ Sentinel: [HIGH] Fix authorization bypass in lib/sandbox/auth.ts This commit resolves a security vulnerability where non-browser clients could spoof the `Sec-Fetch-Site` header to bypass the `PLATPHORM_API_KEY` requirement. Changes: - Modified `lib/sandbox/auth.ts` to require a `User-Agent` header for the same-origin bypass. - Refactored `isPlatformAuthorized` for better readability and security. - Updated `tests/phase2-provider-model.test.ts` to include a `User-Agent` in the same-origin test case. - Documented the vulnerability and fix in `.jules/sentinel.md`. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
fix(security): fix CORS suffix bypass in isOriginTrusted Identified and fixed a security vulnerability in `isOriginTrusted` where wildcard subdomain matches were vulnerable to suffix bypass (e.g., attackerplatphormnews.com matching *.platphormnews.com). Changes: - Updated `isOriginTrusted` to use secure domain validation (`===` or `.endsWith('.' + domain)`). - Added `try-catch` around `URL` parsing to handle malformed origins. - Corrected base domain match logic. - Documented the fix in `.jules/sentinel.md`. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
🛡️ Sentinel: [HIGH] Fix CORS wildcard suffix bypass This commit fixes a high-severity security vulnerability in the CORS origin validation logic. Previously, `isOriginTrusted` used a simple `.endsWith()` check for wildcard domains, which allowed origins like `attackerplatphormnews.com` to match `*.platphormnews.com`. Changes: - Refactored `isOriginTrusted` to parse the hostname once and perform strict DNS-aware matching. - Added a `try-catch` block to gracefully handle malformed Origin headers. - Added `tests/security_cors.test.ts` to prevent regressions. - Added a security journal entry in `.jules/sentinel.md`. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
🛡️ Sentinel: [HIGH] Fix CORS suffix bypass vulnerability The `isOriginTrusted` function was vulnerable to a suffix bypass when validating wildcard subdomains (e.g., `*.platphormnews.com`). It used a naive `.endsWith()` check on the origin hostname, allowing malicious origins like `https://attackerplatphormnews.com` to be trusted. Fixes: - Implemented robust wildcard validation by ensuring the hostname is either an exact match for the base domain or a proper subdomain (prefixed with a dot). - Added defensive `try-catch` around URL parsing to handle malformed origin headers. - Fixed a bug where `slice(1)` on a wildcard pattern would trust an incorrect base domain. - Added `tests/sentinel-cors-fix.test.ts` with comprehensive security test cases. - Documented the learning in `.jules/sentinel.md`. Verification: - `node --experimental-strip-types --test tests/sentinel-cors-fix.test.ts` passed. - `pnpm test` (full suite) passed. - Code review completed and changes marked as #Correct#. Co-authored-by: google-lab