Full deployment history for this project.
🎨 Palette: Add keyboard shortcut for search - Implemented `/` keyboard shortcut to focus the search bar in the header. - Added visual hint `[/]` to the search input placeholder. - Ensured shortcut is disabled when user is typing in other inputs. - Used Svelte 5 runes for state management and window event listener. - Improved accessibility with proper ARIA attributes and focus management. - Reverted unrelated formatting changes to maintain a clean diff. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
🎨 Palette: Add keyboard shortcut for search - Implemented `/` keyboard shortcut to focus the search bar in the header. - Added visual hint `[/]` to the search input placeholder. - Ensured shortcut is disabled when user is typing in other inputs. - Used Svelte 5 runes for state management and window event listener. - Improved accessibility with proper ARIA attributes and focus management. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
⚡ Bolt: Centralized HN item caching and streamed preloading - Implement module-level item caching in $lib/hn.ts with 5-minute TTL. - Standardize /api/hackernews to use centralized cached fetching and remove unused import. - Remove redundant local caching in /api/news handleTop. - Enable functional streamed preloading for comments on the homepage. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
🛡️ Sentinel: [HIGH] Fix timing attack in platform authorization Vulnerability: `isAuthorizedPlatformRequest` used standard string comparison (`===`) for validating the `PLATPHORM_API_KEY`. This is vulnerable to timing attacks. Fix: Replaced standard comparison with `safeCompare` from `$lib/security` (existing utility). Refined logic to evaluate all checks to avoid short-circuiting timing leaks. Verification: Added `src/lib/__tests__/security-auth.test.ts`. All tests passed. Formatted codebase to fix linting issues. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
⚡ Bolt: Centralized HN item caching and streamed preloading - Implement module-level item caching in $lib/hn.ts with 5-minute TTL. - Standardize /api/hackernews to use centralized cached fetching. - Remove redundant local caching in /api/news handleTop. - Enable functional streamed preloading for comments on the homepage. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
🛡️ Sentinel: [HIGH] Fix timing attack in platform authorization Vulnerability: `isAuthorizedPlatformRequest` used standard string comparison (`===`) for validating the `PLATPHORM_API_KEY`. This is vulnerable to timing attacks, allowing an attacker to potentially guess the API key character by character. Fix: Replaced standard comparison with `safeCompare` from `$lib/security`, which uses constant-time comparison (`crypto.timingSafeEqual`). Additionally, refined the logic to avoid short-circuiting between multiple credential checks to ensure consistent execution time. Verification: Added a new unit test suite `src/lib/__tests__/security-auth.test.ts` covering valid/invalid cases for both supported authorization headers. Ran all existing tests to ensure no regressions. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
Merge pull request #97 from mbarbine/copilot/move-url-to-web4-control-plane feat: Web4 canonical control plane — phases 1–8
fix: use URL hostname check for provenance lookup (CodeQL), remove unused import
feat: implement Web4 program - lib, API routes, pages, MCP tools, tests Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Merge pull request #96 from mbarbine/copilot/improve-responsive-design-and-contrast Improve responsive viewport behavior, theme contrast resilience, and MCP tool count accuracy (102+ baseline)
style: align homepage MCP stat label fallback color with platform page Agent-Logs-Url: https://github.com/mbarbine/platphormnews-www-prod/sessions/7c91dd76-42ba-426f-8d07-a16e38127356 Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
fix: align contrast fallback and docs container sizing with review feedback Agent-Logs-Url: https://github.com/mbarbine/platphormnews-www-prod/sessions/7c91dd76-42ba-426f-8d07-a16e38127356 Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
style: format platform and news loaders after MCP baseline updates Agent-Logs-Url: https://github.com/mbarbine/platphormnews-www-prod/sessions/7c91dd76-42ba-426f-8d07-a16e38127356 Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
fix: improve responsive viewport sizing, theme contrast, and MCP 102+ tool reporting Agent-Logs-Url: https://github.com/mbarbine/platphormnews-www-prod/sessions/7c91dd76-42ba-426f-8d07-a16e38127356 Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
Add network sites discovery route
Add network sites discovery route
Merge branch 'main' into jules/testing-improvement-sitemap-5335367506046843673
Merge pull request #84 from mbarbine/jules-testing-vercel-domains-11397272789940825587 🧪 Add tests for domainsToNodes in vercel-domains.ts
Merge pull request #74 from mbarbine/copilot/fix-initial-load-error fix: resolve 500 on initial homepage load caused by unhandled Promise rejection in comment preloading
fix: resolve initial load 500 error from unhandled preloadComments rejection - await r.json() in preloadComments so JSON parse errors are caught by try/catch - add .catch(() => ({})) to preloadedCommentsPromise to prevent unhandled rejection crash in Node.js 22 - add AbortSignal.timeout(8_000) to HN fetchWithRetries to prevent indefinite hangs - add AbortSignal.timeout(5_000) to comment preload fetches in +page.server.ts - increase maxDuration from 10s to 30s to handle slow external API responses Agent-Logs-Url: https://github.com/mbarbine/platphormnews-www-prod/sessions/1e46a2c7-e792-4c57-bd85-2280df1a450a Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>