Full deployment history for this project.
Merge pull request #62 from mbarbine/copilot/consolidate-and-merge-prs consolidate: merge all 25 open PRs into main
Merge pull request #62 from mbarbine/copilot/consolidate-and-merge-prs consolidate: merge all 25 open PRs into main
Merge consolidate/all-prs: combines all 25 open PRs Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
Support local lab degraded RSS mode
Support local lab degraded RSS mode
Support local lab degraded RSS mode
Support local lab degraded RSS mode
Support local lab degraded RSS mode
Support local lab degraded RSS mode
Standardize onboard platform routes
Align onboard discovery aliases
Standardize PlatPhorm lab routes
๐งช [Testing] Add test for AccessibleThemeSwitcher
โก Bolt: Optimize search API with concurrent DB queries Replaced sequential database round-trips for fetching paginated results and the total count with a concurrent approach using `Promise.all`. This reduces the search request database latency by ~50% while preserving safe query planner execution paths (unlike window function approaches).
โก Bolt: [performance improvement] Batch SEO refresh database updates to resolve N+1 patterns
Merge pull request #35 from mbarbine/testing-improvement-markdown-url-sanitize-49091624693138783 ๐งช add error path test for catch block in sanitizeMarkdownUrl
๐งช add error path test for catch block in sanitizeMarkdownUrl This commit adds a new test suite for `sanitizeMarkdownUrl` in `__tests__/lib/markdown.test.ts` and aligns the implementation with the task's rationale to ensure robust handling of relative and anchor links via the `catch` block fallback.
๐ก๏ธ Sentinel: [MEDIUM] Fix SSRF and Resource Exhaustion in Workflow API Implemented comprehensive security measures for external URL fetching in the workflow API: - Added `isSafeUrl` to block private/internal IP ranges and non-HTTP(S) protocols. - Implemented `securedFetch` with mandatory 10s timeouts. - Enforced 1MB response size limits using stream-based reading to prevent DOS. - Added in-memory rate limiting to the `/api/workflow` endpoint.
Merge pull request #34 from mbarbine/bolt-optimize-cross-post-n1-query-11908717135132514448 โก Bolt: resolve N+1 query in executeCrossPost
โก Bolt: resolve N+1 query in executeCrossPost ๐ก What: Optimized `executeCrossPost` by replacing a loop-based integration lookup with a single batch query using `ANY`. ๐ฏ Why: The previous implementation performed a database query for every target integration in a loop, leading to an N+1 query problem and increased latency. ๐ Impact: Significant reduction in database round-trips and total request latency, especially when cross-posting to multiple targets. ๐ฌ Measurement: Simulated benchmark with 10 targets and 50ms DB latency showed an improvement of ~90% (from 508ms to 51ms).
๐ก๏ธ Sentinel: [CRITICAL] Fix SSRF vulnerability in registration endpoint Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
๐ก๏ธ Sentinel: [CRITICAL/HIGH] Fix SSRF vulnerability in fetchUrlMetadata Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
๐ก๏ธ Sentinel: [CRITICAL/HIGH] Fix SSRF vulnerability in fetchUrlMetadata Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
feat: use deferred value for search filtering Uses `useDeferredValue` in the `NetworkShowcase` component to defer the computationally expensive array filtering as the user types, preventing the main thread from blocking. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
feat: add aria-label to toast close button Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
fix: Prevent SSRF in url validation This commit updates the `validateUrl` function in `app/api/v1/applications/route.ts` to actively block localhost, private IP addresses (including internal ranges), and common SSRF bypass vectors. This ensures that the server cannot be tricked into making requests to internal network resources when fetching URL metadata. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
โก Bolt: [performance improvement] Defer search query in NetworkShowcase Use React `useDeferredValue` for `searchQuery` in `NetworkShowcase` component to prevent UI thread blocking while filtering large network lists, keeping typing responsive. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
refactor: use semantic buttons for category filter badges Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
๐จ Palette: Improve accessibility in NetworkShowcase component - Replace interactive `Badge` (span) elements with semantic `<button>` elements for category filters. - Apply `badgeVariants` directly to buttons. - Add `aria-pressed` for screen readers to announce active filter state. - Add standard focus rings for keyboard navigation. - Add `aria-label="Search sites"` to the search input. - Add `aria-hidden="true"` to the decorative search icon. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
Enhance keyboard accessibility of filter badges and clear button Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
๐จ Palette: [UX improvement] Add standard focus states to buttons Added `focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-primary` to interactive elements missing focus states. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
๐จ Palette: [UX improvement] Enhance filter button and search input accessibility Replaced raw <button> with <Button> component for "Clear filters" to add focus ring styles and improve keyboard accessibility. Added missing aria-label to the search input. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>