Full deployment history for this project.
šØ Palette: Add aria-label to hero scroll button Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
š”ļø Sentinel: [HIGH] Fix IndexNow Abuse and JSON-LD XSS šØ Severity: HIGH š” Vulnerability: The `/api/indexnow` endpoint blindly submitted arbitrary URLs to indexing engines, opening the application to abuse (submitting phishing or malicious URLs on the site's behalf). The JSON-LD script tag in `app/layout.tsx` was vulnerable to XSS if site config or jobs contain unescaped HTML characters. šÆ Impact: Attackers could ruin the domain's reputation via IndexNow spam, and potentially execute malicious scripts via JSON-LD injection. š§ Fix: Added strict host validation in the IndexNow endpoint and escaped `<` characters in the JSON-LD stringification. ā Verification: Ran `pnpm build` and verified the logic locally. Tested that `pnpm build` output remains intact. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
Merge pull request #5 from mbarbine/bolt-optimize-mousemove-15210210917522803402 ā” Bolt: [performance improvement] move high-frequency events out of react state
š”ļø Sentinel: [HIGH] Fix Unauthenticated Network Registration Endpoint Added missing authentication checks to the `/api/network/register` endpoint using the `NETWORK_REGISTER_KEY` environment variable. Also added a `500` response if the key is missing from the server environment, preventing an accidental authorization bypass. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
perf: move high-frequency events out of react state Refactored `CursorGlow` to use direct DOM manipulation (`translate3d`) and a `useRef` for tracking mouse position. Refactored `HeroSection` to use CSS variables updated via `requestAnimationFrame` for tracking mouse position. These changes prevent massive React re-renders on every `mousemove` event, drastically improving rendering performance. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
Merge pull request #4 from mbarbine/sentinel/add-security-headers-17046163680654371193 š”ļø Sentinel: [security improvement] Add security headers
š”ļø Sentinel: [security improvement] Add security headers to Next.js config Added standard security headers (X-DNS-Prefetch-Control, X-XSS-Protection, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Strict-Transport-Security) to next.config.mjs to improve application security against common attacks. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
Merge pull request #2 from mbarbine/palette-a11y-improvements-7758187951692181829 šØ Palette: Keyboard focus and mobile menu accessibility improvements
Merge pull request #3 from mbarbine/performance/navigation-scroll-optimization-14838697722391665998 ā” Bolt: Optimize navigation scroll listener
ā” Bolt: Optimize navigation scroll listener - Caches section IDs outside of the scroll event handler. - Adds `requestAnimationFrame` to throttle layout-thrashing DOM queries (`getBoundingClientRect`) and state updates. - Uses `{ passive: true }` in the scroll event listener to improve scroll performance. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
šØ Palette: Improve keyboard navigation and mobile menu accessibility - Added dynamic aria-label and aria-expanded/aria-controls to mobile menu button - Added clear focus-visible rings to logo, desktop navigation, and mobile menu links - Added learning journal entry for disclosure patterns Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>