Full deployment history for this project.
🛡️ Sentinel: [HIGH] Secure Workflow and Automation APIs This commit addresses several security vulnerabilities in the internal automation and workflow APIs: 1. Authentication & Authorization: Added `validateApiKey` and `hasScope('admin')` checks to `/api/workflow` and `/api/automation` routes. Previously, these were publicly accessible POST endpoints capable of performing sensitive batch operations. 2. SSRF Protection: Introduced a centralized `assertSafeUrl` utility in `lib/api-helpers.ts`. This utility validates protocols, blocks internal hostnames, and performs DNS resolution to prevent access to private/internal IPv4 and IPv6 network ranges. 3. Integration: Integrated `assertSafeUrl` into the content ingestion pipelines within the workflow and automation routes. These changes significantly harden the application against unauthorized access and Server-Side Request Forgery attacks. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
⚡ Bolt: optimize network discovery pipeline - Parallelize network fetches in fetchNetworkSnapshot to reduce latency. - Improve countSitemapEntries efficiency from O(N^2) to O(N). - Fix baseline test failures and restore jest-dom assertions. - Add missing get_integration_status tool to MCP route. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
🎨 Palette: Standardize icons and inputs in NetworkShowcase - Replace bare `<input>` with the \`Input\` component. - Replace text-based placeholders (\`[?]\`, \`[x]\`, \`[->]\`, \`[^]\`) with semantic \`lucide-react\` icons. - Upgrade the clear search button and empty state clear button to \`Button\` components. - Ensure proper accessibility with \`aria-label\` for buttons and \`aria-hidden\` for decorative icons. - Improve visual hierarchy and consistency with the design system. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
🎨 Palette: Enhance NetworkShowcase accessibility and visual polish - Replace text-based placeholders ([?], [x], [->], [^]) with Lucide icons. - Migrate bare <input> and <button> elements to standard UI components (Input, Button). - Improve category filter styling with pill-shaped buttons and outline variants. - Ensure consistent focus states and accessibility attributes (aria-label, aria-pressed, aria-hidden). - Update Palette journal with learnings on icon-based UX polish. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
⚡ Bolt: parallelize network fetching and optimize sitemap deduplication - Parallelize sequential fetchText calls in fetchNetworkSnapshot using Promise.allSettled - Replace O(N^2) deduplication in countSitemapEntries with O(N) Set approach - Update performance journal with deduplication learning Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
🎨 Palette: Modernize NetworkShowcase UI and accessibility - Replaced text-based icon placeholders ([x], [?], [->], [^]) with Lucide icons. - Adopted design system components (Button, Input) for better consistency and focus states. - Improved accessibility with explicit ARIA labels and aria-pressed states. - Updated category filters to use rounded-full Button pills. - Added @vitest-environment jsdom to share-buttons.test.tsx to fix pre-existing environment error. - Documented learnings in .jules/palette.md. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
🎨 Palette: Modernize Network Showcase UI with design system icons - Refactored `NetworkShowcase` to use `Button` and `Input` components. - Replaced ASCII text placeholders ([?], [x], [->], [^]) with `lucide-react` icons. - Improved accessibility with proper ARIA labels and hidden decorative icons. - Updated `share-buttons.test.tsx` to include `jsdom` environment for window mocking. - Recorded UX patterns and mappings in `.jules/palette.md`. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
🎨 Palette: Improve NetworkShowcase UX and accessibility Refactored the NetworkShowcase component to use design system components and professional icons. 💡 What: - Replaced text-based placeholders ([?], [x], [->], [^]) with Lucide icons (Search, X, ArrowRight, ExternalLink). - Replaced native HTML elements with design system components (Input, Button). - Standardized category filter buttons with rounded-full Button components. - Improved the empty state and search clear interactions. 🎯 Why: - Enhances visual professionality and interface intuitiveness. - Improves accessibility by providing consistent focus states and ARIA labels. - Standardizes the UI with the project's design system. ♿ Accessibility: - Added aria-hidden="true" to decorative icons. - Ensured all buttons have descriptive aria-labels. - Used semantic Button components for better keyboard navigation and focus rings. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
🎨 Palette: Refactor NetworkShowcase for better accessibility and polish - Replaced text-based placeholders ([?], [x], [->], [^]) with Lucide icons (Search, X, ArrowRight, ExternalLink). - Refactored native <button> elements to use the project's standard Button component. - Improved accessibility with aria-label, aria-pressed, and proper focus states. - Normalized category labels (trimming and title casing) to prevent duplicate filter entries. - Added sorting to category filters for better discoverability. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
🎨 Palette: Standardize NetworkShowcase with UI components and icons - Replace bare `<input>` with the UI `Input` component. - Replace all native `<button>` elements with the UI `Button` component, using appropriate variants (`ghost`, `secondary`, `default`, `link`) and sizes. - Replace text-based icons (`[?]`, `[x]`, `[->]`, `[^]`) with Lucide icons (`Search`, `X`, `ArrowRight`, `ExternalLink`). - Ensure all decorative icons have `aria-hidden="true"`. - Ensure icon-only buttons have explicit `aria-label` attributes. - Update `.jules/palette.md` with learnings from this task. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
🎨 Palette: Refactor NetworkShowcase for UX and Accessibility This commit polishes the `NetworkShowcase` component by: - Replacing text-based icon placeholders ([?], [x], [->], [^]) with semantic `lucide-react` icons. - Transitioning bare `<input>` and `<button>` elements to design system `Input` and `Button` components. - Improving accessibility with `aria-hidden` for decorative icons and standardized focus states. - Ensuring visual consistency across the search bar, category filters, and footer links. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
🎨 Palette: Improve NetworkShowcase UX and accessibility Refactored the NetworkShowcase component to use standard design system components and Lucide icons instead of ASCII-style placeholders. Key improvements: - Replaced [?], [x], [->], and [^] with Search, X, ArrowRight, and ExternalLink icons. - Migrated native input and button elements to UI library counterparts. - Enhanced accessibility with proper ARIA attributes and focus states. - Applied responsive padding to search input to accommodate icons. - Improved category filters with semantic Button components and aria-pressed states. - Fixed pre-existing jsdom environment issue in share-buttons tests. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
🎨 Palette: Refactor Network Showcase for better UX and accessibility Refactored the `NetworkShowcase` component to use the project's design system (`Button`, `Input`) and replaced text-based placeholders with accessible Lucide icons (`Search`, `X`, `ArrowRight`, `ExternalLink`). - Replaced bare `<button>` and `<input>` with UI components. - Added standard icons for search, clear, and navigation. - Ensured proper ARIA labels and focus states. - Used `aria-pressed` for category filter toggle states. - Maintained design system consistency and improved overall polish. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
🎨 Palette: Enhance NetworkShowcase UI with professional iconography Refactored the NetworkShowcase component to replace crude text-based placeholders ([?], [x], [->], [^]) with professional icons from lucide-react. Standardized the UI by replacing bare HTML elements with project-specific components (Button, Input). Additionally: - Fixed test environment issues (jsdom setup, jest-dom matchers) - Provisioned missing dev dependencies for linting and testing - Ensured proper cleanup after tests to prevent DOM accumulation These changes improve visual consistency, accessibility (ARIA labels), and developer experience. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
🎨 Palette: Enhance NetworkShowcase with icons and UI components This change replaces text-based placeholders (e.g., [?], [x], [->]) with professional `lucide-react` icons and migrates bare HTML `<input>` and `<button>` elements to the project's standard `Input` and `Button` components. Key improvements: - Improved visual polish and consistency with the design system. - Standardized focus states and accessibility via UI components. - Added ARIA-hidden icons for decorative elements. - Cleaned up unused imports and addressed review feedback. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
🎨 Palette: Enhance UI with Lucide icons and consistent component usage - Replace cryptic text-based placeholders ([?], [x], [->], [^]) with standard Lucide icons (Search, X, ArrowRight, ExternalLink). - Refactor raw <button> and <input> elements in Header and NetworkShowcase to use project's Button and Input components. - Ensure all icon-only buttons have explicit aria-label attributes for accessibility. - Fix ReferenceError in share-buttons.test.tsx by adding jsdom environment directive. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
refactor: improve NetworkShowcase UX and accessibility - replace text-based placeholders with Lucide icons - use Button and Input components from design system - standardize filter button styling - ensure consistent focus states and accessibility Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
perf: parallelize independent network and database lookups - Parallelized `NETWORK_GRAPH_URL` and `BASE_SITEMAP_INDEX_URL` fetches in `fetchNetworkSnapshot` - Parallelized `fetchNetworkSnapshot()` and `getSubdomain()` calls in `checkSubdomainAvailability` - Used `Promise.allSettled` to maintain original resilience and error-handling logic - Reduces total latency from sequential T1+T2 to max(T1, T2) for these critical paths Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
🛡️ Sentinel: High - Centralized SSRF Protection and API Security - Centralized SSRF protection into `assertSafeUrl` in `lib/api-helpers.ts`. - Refactored `app/api/url-preview/route.ts` and `app/api/ingest/route.ts` to use shared SSRF protection. - Secured `/api/workflow` and `/api/automation` endpoints with authentication and authorization. - Added SSRF protection to all outgoing fetch requests in automation and workflow routes. - Added comprehensive security tests in `__tests__/lib/ssrf.test.ts`. - Documented security learnings in `.jules/sentinel.md`. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
🛡️ Sentinel: Fix broken auth and SSRF in workflow/automation routes - Consolidate SSRF protection into centralized `assertSafeUrl` helper - Secure `/api/workflow` and `/api/automation` with API key and scope validation - Implement SSRF protection in content ingestion pipelines - Refactor `/api/url-preview` to use shared security utility - Add comprehensive security test suite for SSRF and auth - Ensure Node.js runtime for routes using DNS resolution Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
Merge pull request #62 from mbarbine/copilot/consolidate-and-merge-prs consolidate: merge all 25 open PRs into main
Merge pull request #62 from mbarbine/copilot/consolidate-and-merge-prs consolidate: merge all 25 open PRs into main
Merge consolidate/all-prs: combines all 25 open PRs Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
Support local lab degraded RSS mode
Support local lab degraded RSS mode
Support local lab degraded RSS mode
Support local lab degraded RSS mode
Support local lab degraded RSS mode
Support local lab degraded RSS mode
Standardize onboard platform routes
Align onboard discovery aliases
Standardize PlatPhorm lab routes
🧪 [Testing] Add test for AccessibleThemeSwitcher
⚡ Bolt: Optimize search API with concurrent DB queries Replaced sequential database round-trips for fetching paginated results and the total count with a concurrent approach using `Promise.all`. This reduces the search request database latency by ~50% while preserving safe query planner execution paths (unlike window function approaches).
⚡ Bolt: [performance improvement] Batch SEO refresh database updates to resolve N+1 patterns
Merge pull request #35 from mbarbine/testing-improvement-markdown-url-sanitize-49091624693138783 🧪 add error path test for catch block in sanitizeMarkdownUrl
🧪 add error path test for catch block in sanitizeMarkdownUrl This commit adds a new test suite for `sanitizeMarkdownUrl` in `__tests__/lib/markdown.test.ts` and aligns the implementation with the task's rationale to ensure robust handling of relative and anchor links via the `catch` block fallback.
🛡️ Sentinel: [MEDIUM] Fix SSRF and Resource Exhaustion in Workflow API Implemented comprehensive security measures for external URL fetching in the workflow API: - Added `isSafeUrl` to block private/internal IP ranges and non-HTTP(S) protocols. - Implemented `securedFetch` with mandatory 10s timeouts. - Enforced 1MB response size limits using stream-based reading to prevent DOS. - Added in-memory rate limiting to the `/api/workflow` endpoint.
Merge pull request #34 from mbarbine/bolt-optimize-cross-post-n1-query-11908717135132514448 ⚡ Bolt: resolve N+1 query in executeCrossPost
⚡ Bolt: resolve N+1 query in executeCrossPost 💡 What: Optimized `executeCrossPost` by replacing a loop-based integration lookup with a single batch query using `ANY`. 🎯 Why: The previous implementation performed a database query for every target integration in a loop, leading to an N+1 query problem and increased latency. 📊 Impact: Significant reduction in database round-trips and total request latency, especially when cross-posting to multiple targets. 🔬 Measurement: Simulated benchmark with 10 targets and 50ms DB latency showed an improvement of ~90% (from 508ms to 51ms).