Full deployment history for this project.
Merge pull request #46 from mbarbine/copilot/merge-all-pull-requests Merging all pull requests into a single branch
Finalize all-PR integration fixes and dependency sync Agent-Logs-Url: https://github.com/mbarbine/email-reading-service-webby/sessions/6c0a9d03-d696-4361-9b88-f9a3ef4be814 Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
โก Optimize Carousel Render Performance
โก Use unique identifier for list keys in HowItWorks component
๐ก๏ธ Sentinel: [HIGH] Fix CSS Injection/XSS in ChartStyle component
๐ก๏ธ Sentinel: [HIGH] Fix potential CSS injection in ChartStyle - Added regex validation (`isValidColor`) to `ChartStyle` in `components/ui/chart.tsx` to strictly validate color values before injecting them into the `<style>` tag via `dangerouslySetInnerHTML`. - This mitigates potential CSS injection and Cross-Site Scripting (XSS) vulnerabilities if dynamic color configurations are improperly sanitized. - Updated Sentinel journal with the learning.
Merge pull request #15 from mbarbine/bolt-perf-check-4790389143373467384 โก Bolt: Performance check complete
Merge pull request #21 from mbarbine/bolt-hash-link-optimization-4305654592700881568 โก Bolt: Replace Next.js `<Link>` components with native `<a>` tags for hash links
Merge branch 'main' into bolt-hash-link-optimization-4305654592700881568
Merge pull request #8 from mbarbine/bolt-optimize-css-bundle-119545435904659732 โก Bolt: Remove unused tw-animate-css library
Merge pull request #12 from mbarbine/bolt/native-anchor-hash-links-9282309933955178150 โก Bolt: Replace Next.js Links with native anchors for hash links
Merge branch 'main' into bolt/native-anchor-hash-links-9282309933955178150
Merge pull request #20 from mbarbine/perf/use-native-anchor-tags-11462442479483031084 โก Bolt: Use native anchor tags for same-page hash navigation
โก Bolt: Replace Next.js `<Link>` components with native `<a>` tags for hash links Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
perf: Use native anchor tags for same-page hash navigation Replaced Next.js `<Link>` components with native HTML `<a>` tags for local hash links (`#features`, `#pricing`, `#demo`, `#`). This optimization prevents unnecessary `IntersectionObserver` mounting for prefetching and avoids client-side router overhead for simple in-page scrolling. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
๐ก๏ธ Sentinel: [MEDIUM] Fix potential XSS via dangerouslySetInnerHTML in chart component The `ChartStyle` component within `components/ui/chart.tsx` previously used `dangerouslySetInnerHTML` to render a dynamic `<style>` block containing themes and color configurations. While typically benign in standard usage, this presents a latent CSS injection / XSS vulnerability if an `id` or `color` configuration were ever derived from unsanitized user input. This commit refactors the component to pass the generated CSS string directly as children to the `<style>` tag. In React, passing strings as children allows the framework to automatically escape text content during SSR, securely mitigating the injection risk while preserving identical CSS functionality. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
๐จ Palette: Enhance DemoPlayer a11y & empty states Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
feat: enhance security headers with HSTS and XSS protection - Added `Strict-Transport-Security` and `X-XSS-Protection` headers to `next.config.mjs` - Created `e2e/security-headers.spec.ts` Playwright test to verify security headers are returned - Updated Sentinel journal `.jules/sentinel.md` with critical learning about missing security headers - Addressed lint errors by installing appropriate `eslint` and `eslint-config-next` dependencies Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
feat: improve accessibility and UX of DemoPlayer component - Added `aria-label` to Textarea for screen readers. - Linked character counter to Textarea using `aria-describedby`. - Conditionally disabled Play button when Textarea is empty. - Added `aria-hidden="true"` to decorative icons. - Created e2e test for DemoPlayer component. - Updated Palette journal with learnings. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
chore: Performance check complete Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
๐จ Palette: Improve DemoPlayer accessibility and interaction states Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
โก Bolt: Optimize same-page hash navigation with native anchor tags Replaces Next.js `<Link>` components with native `<a>` tags for same-page hash navigations (e.g. `href="#features"`). Next.js `<Link>` instances inherently mount `IntersectionObserver` elements to prefetch routes when scrolled into view. By swapping these with plain anchor tags for purely intra-page links, we bypass this unnecessary observer overhead since there is no new route to fetch. Included an update to `.jules/bolt.md` reflecting this specific framework pattern. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
โก Bolt: Replace Next.js Links with native anchors for hash links Use native `<a>` tags instead of `<Link>` for purely hash-based intra-page navigation to eliminate unnecessary `IntersectionObserver` overhead and client execution time. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
feat: enhance demo player accessibility and ux Added ARIA labels to Textarea, linked the character counter to the textarea via aria-describedby, disabled the Play button when text is empty, and marked decorative Lucide icons with aria-hidden="true". Also updated .jules/palette.md. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
Add Strict-Transport-Security header for defense-in-depth Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
๐ก๏ธ Sentinel: [MEDIUM] Add HSTS security header Added the Strict-Transport-Security (HSTS) header to the Next.js configuration to enforce secure connections and prevent man-in-the-middle protocol downgrade attacks. Added an entry to the Sentinel journal documenting this enhancement. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
โก Bolt: Push "use client" down the tree to optimize JS bundles Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
Merge pull request #3 from mbarbine/sentinel-fix-insecure-cookie-17317290647441045071 ๐ก๏ธ Sentinel: [MEDIUM] Fix insecure cookie transmission
โก performance improvement: Replace index with stable key in HowItWorks Replaced the use of the array index as a React key with `step.number` in the `HowItWorks` component's steps list. Using a stable, unique identifier ensures React can correctly identify and track each element during reconciliation, following best practices for performance and stability. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
๐งช [testing improvement] Add unit tests for `cn` utility - Add `vitest` to devDependencies - Add `test` script to `package.json` - Create `lib/utils.test.ts` with comprehensive test cases for: - Basic class name joining - Conditional class names - Array and object inputs - Tailwind CSS class merging (via `tailwind-merge`) Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
๐ [security] Secure sidebar state cookie Added 'Secure' and 'SameSite=Lax' attributes to the sidebar state cookie to prevent insecure transmission and CSRF vulnerabilities. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
Refactor Pricing component to use PricingCard component Extracted the JSX for individual pricing cards from the `Pricing` component into a self-contained `PricingCard` component. Introduced a `PricingPlan` interface to improve type safety for plan data and component props. This change enhances the maintainability and readability of the `Pricing` section without altering its visual or functional behavior. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>