Full deployment history for this project.
Merge pull request #23 from mbarbine/palette-responsive-tabs-12257574713018985723 🎨 Palette: Improve responsive layout and accessibility of Tabs in Pro…
Merge pull request #23 from mbarbine/palette-responsive-tabs-12257574713018985723 🎨 Palette: Improve responsive layout and accessibility of Tabs in Pro…
🎨 Palette: Improve responsive layout and accessibility of Tabs in Property Evaluation 💡 What: Wrapped tab text in hidden sm:inline spans and added aria-labels to the TabsTriggers. 🎯 Why: The 4-column TabsList can overflow or look crowded on mobile. Hiding text on mobile while keeping icons cleans up the UI, and adding aria-labels ensures it stays accessible. ♿ Accessibility: Screen readers will still read the tab labels on mobile when the text is visually hidden.
Merge pull request #22 from mbarbine/fix-stored-xss-zillow-url-10918796913328341956 🛡️ Sentinel: [HIGH] Fix Stored XSS in Zillow URLs
🛡️ Sentinel: [HIGH] Fix Stored XSS in Zillow URLs 🚨 Severity: HIGH 💡 Vulnerability: Stored Cross-Site Scripting (XSS) via `javascript:` URIs in the `zillow_url` property evaluation field. 🎯 Impact: Attackers could inject a malicious URL scheme that executes arbitrary JavaScript when the link is clicked by a user or an admin. 🔧 Fix: Validated that `zillow_url` must strictly use `http:` or `https:` protocols on the backend API `/api/evaluations` before insertion, and added a defense-in-depth condition to conditionally render the anchor element in the frontend `EvaluationCard` component. ✅ Verification: Tested API directly via creating malformed URLs, and ran `pnpm build` and the test suite successfully. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
perf: cache Intl.DateTimeFormat for date rendering Replaced inline `toLocaleDateString()` calls with a globally cached `Intl.DateTimeFormat` instance in `lib/utils.ts`. Why: Using `toLocaleDateString()` inside a component mapped over an array creates a new internal formatter instance on every render. Impact: Drops date formatting execution time by over ~90% (from ~560ms to ~20ms per 10k iterations), improving render performance for long lists. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
perf: wrap EvaluationCard in React.memo Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
🎨 Palette: Add `role="alert"` to form error messages for accessibility Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
⚡ Bolt: Remove unused Next.js fonts from layout Removed unused `Geist` and `Source Serif 4` font initializations in `app/layout.tsx`. These fonts were instantiated with subsets and weights ranging from 100 to 900 but were never actually applied in the component's `className` structure. This removal prevents Next.js from generating unnecessary `@font-face` CSS declarations and preloading unneeded font files, which reduces the CSS bundle size and eliminates unnecessary network requests, thus improving initial page load time and overall frontend performance. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
Add loading state to Sign Out button Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
Merge pull request #12 from mbarbine/security-headers-316491266555248939 🛡️ Sentinel: [HIGH] Add security headers to next.config.mjs
🛡️ Sentinel: [HIGH] Add security headers to next.config.mjs Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
Merge pull request #11 from mbarbine/bolt-cache-session-getters-7849079559558770385 ⚡ Bolt: Add React.cache() to session getters
⚡ Bolt: Add React.cache() to session getters Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
Merge pull request #9 from mbarbine/sentinel/secure-admin-endpoints-4055489307020550132 🛡️ Sentinel: [CRITICAL] Add authentication to admin endpoints
Merge branch 'main' into sentinel/secure-admin-endpoints-4055489307020550132
Merge pull request #8 from mbarbine/palette-aria-label-user-menu-16280705208988779300 🎨 Palette: Added aria-label to user profile dropdown menu
Merge pull request #7 from mbarbine/sentinel-fix-auth-bypass-16687129652728204467 🛡️ Sentinel: [CRITICAL] Fix authentication bypass in middleware
Merge pull request #10 from mbarbine/palette-add-loading-spinner-1619775795235626868 🎨 Palette: Add loading spinner to async submit buttons
I will add a loading spinner to the async form buttons. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
🛡️ Sentinel: [CRITICAL] Add authentication to admin endpoints - Secure `/api/db/migrate` and `/api/db/test` by requiring user authentication or a valid `ADMIN_SECRET` in non-development environments. - Sanitize database error messages returned to the client in `/api/db/test` to prevent exposing internal table details and configurations. - Log full error objects internally. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
fix: add aria-label to user menu button for accessibility Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
🛡️ Sentinel: [CRITICAL] Fix authentication bypass in middleware - Replaced `startsWith` with exact matching for root route (`/`) in `middleware.ts` - Added learning to `.jules/sentinel.md` Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
⚡ Bolt: Optimize Stats Overview and Evaluation Form - Consolidated 3 separate O(n) `.reduce()` loops into a single pass in `StatsOverview`. - Memoized the financial metric calculations in `PropertyEvaluationForm` to prevent redundant computations on every keystroke. - Fixed a bug in the database migration script where multiple statements were passed in a single prepared statement. - Added explanatory comments per Bolt guidelines. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
⚡ Bolt: Optimize Stats Overview and Evaluation Form - Consolidated 3 separate O(n) `.reduce()` loops into a single pass in `StatsOverview`. - Memoized the financial metric calculations in `PropertyEvaluationForm` to prevent redundant computations on every keystroke. - Fixed a bug in the database migration script where multiple statements were passed in a single prepared statement. - Added explanatory comments per Bolt guidelines. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
⚡ Bolt: Optimize Stats Overview and Evaluation Form - Consolidated 3 separate O(n) `.reduce()` loops into a single pass in `StatsOverview`. - Memoized the financial metric calculations in `PropertyEvaluationForm` to prevent redundant computations on every keystroke. - Fixed a bug in the database migration script where multiple statements were passed in a single prepared statement. - Added explanatory comments per Bolt guidelines. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
Merge pull request #2 from mbarbine/platphormnews-foundation-v0-16100760540631590036
feat: initialize V0 plumbing foundation for PlatPhorm News Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
feat: restore v31 and update various components Restore v31 and update multiple components, API routes, and project files. Co-authored-by: Michael Barbine <3211492+mbarbine@users.noreply.github.com>