Full deployment history for this project.
โก Bolt: Filter markets before fetching CLOB prices in /api/markets - Filters the `markets` array by `daysBack` and `category` before making the supplementary `fetchClobPricesBatch` call in `app/api/markets/route.ts`. - This reduces the number of API calls to the CLOB endpoint significantly when category filtering or daysBack reduces the market set. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
๐ก๏ธ Sentinel: [CRITICAL] Fix SQL injection in db.ts INTERVAL clause ๐จ Severity: CRITICAL ๐ก Vulnerability: Variables interpolated inside single quotes bypass @neondatabase parameterization ๐ฏ Impact: An attacker could inject arbitrary SQL when the variables are controlled by user ๐ง Fix: Replaced string interpolations with postgres mathematical intervals: e.g., (\${hours} * INTERVAL '1 hour') โ Verification: Ran pnpm test and verified tests are passing Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
perf: Optimize XML string escaping in sitemap route Replaced chained `.replace()` calls with a single regex pass and a dictionary lookup in `app/sitemap.xml/route.ts`. This reduces intermediate string allocations and loop overhead, especially when iterating over hundreds of dynamic market URLs. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
โก Bolt: [performance improvement] Optimize sitemap XML escaping Refactored the `escapeXml` function in `app/sitemap.xml/route.ts` to replace 5 chained `.replace()` calls with a single regex pass and dictionary lookup. This avoids intermediate string allocations and multi-pass string traversals when formatting a high volume of URLs for the sitemap. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
โก Bolt: Optimize markets filtering before fetching CLOB prices Moved the `daysBack` and `category` filtering logic above the `fetchClobPricesBatch` call in `app/api/markets/route.ts`. This reduces the number of unnecessary API calls and array iterations by filtering out unwanted markets before attempting to enrich them with real-time CLOB prices. This aligns the logic with the existing optimization pattern found in the other feed routes. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
๐ก๏ธ Sentinel: [HIGH] Fix Authentication Bypass via Undefined Env Variable Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
โก Bolt: Reduce redundant CLOB API requests by bounding data before fetch * Bound `filteredMarkets` dataset to `limit` prior to fetching CLOB prices in `/api/feed/route.ts`. * Manually sort cached market data to ensure accurate top `N` results when fetching from database cache. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
๐จ Palette: Add aria-hidden="true" to decorative Rss icon in footer Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
๐ก๏ธ Sentinel: [CRITICAL] Fix XSS vulnerability in markdownToHtml ๐จ Severity: CRITICAL ๐ก Vulnerability: The `markdownToHtml` function in `app/api/docs/[doc]/route.ts` did not escape raw Markdown content globally before performing structural regex replacements, allowing arbitrary HTML injection (e.g., `<script>`). It also constructed `<a>` tags without validating the URL scheme, permitting `javascript:`, `vbscript:`, and `data:` schemes which execute JavaScript in the browser. ๐ฏ Impact: Attackers could inject malicious scripts or iframes through markdown rendering, potentially leading to Cross-Site Scripting (XSS) and executing actions in the context of the user visiting the documentation endpoint. ๐ง Fix: Escaped the entire markdown string initially using `escHtml` before replacing structural elements. Updated regex for parsing blockquotes (`>` becomes `>`). Added a link URL validation to reject execution protocols (`javascript:`, `vbscript:`, `data:`) using a trimmed, lowercase comparison. โ Verificati
๐จ Palette: Add `aria-hidden` to decorative icons Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
feat(ui): add title attribute to language switcher links Added `title={LOCALE_NAMES[loc].native}` to the locale links in the LanguageSwitcher component so that users can see the full native language name (e.g., "Espaรฑol") on hover instead of just the 2-letter abbreviation. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
perf: filter markets before fetching CLOB prices in markets API Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
perf: Optimize data fetching pipeline in JSON/Atom feed APIs Moved local array filtering logic (like filterRecentMarkets and category filters) to execute *before* fetching supplementary real-time CLOB prices. This reduces the number of IDs passed to `fetchClobPricesBatch` significantly, saving downstream API calls and CPU overhead for items that would be ultimately discarded. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
Merge pull request #119 from mbarbine/sentinel/fix-xss-escapehtml-18426216374043960444 ๐ก๏ธ Sentinel: [HIGH] Fix XSS via unescaped single quotes in RSS feeds
Merge branch 'main' into sentinel/fix-xss-escapehtml-18426216374043960444
Merge pull request #117 from mbarbine/sentinel/fix-sql-injection-interval-6161484765693062680 ๐ก๏ธ Sentinel: [CRITICAL] Fix SQL injection vulnerability in INTERVAL clauses
Merge pull request #118 from mbarbine/sentinel/add-security-headers-14801645495576832921 ๐ก๏ธ Sentinel: Add security headers
Merge pull request #116 from mbarbine/ux-focus-visible-styles-16503697459166524327 ๐จ Palette: Add keyboard focus styles to top banner link
Merge pull request #114 from mbarbine/bolt-optimize-handle-get-related-markets-8426933036867120183 โก Bolt: Optimize related markets endpoint via single-pass loop
Merge pull request #115 from mbarbine/palette-ux-enhancements-3122147101727865836 Add smooth scrolling and missing focus states
Merge pull request #113 from mbarbine/perf-optimize-top-movers-cache-6497083052491467543 โก Optimize getTopPriceMovers with analytical query and caching
Merge branch 'main' into perf-optimize-top-movers-cache-6497083052491467543
Merge pull request #112 from mbarbine/fix-mcp-ip-spoofing-432165456507214120 fix: prevent IP spoofing in MCP route rate limiting
Merge pull request #111 from mbarbine/refactor-logging-structured-logger-9650706049948783396 chore: refactor logging to use structured logger across API routes anโฆ
Merge pull request #106 from mbarbine/bolt-gettrending-sort-optimization-2661428746402949574 โก Bolt: O(N) sort optimization in GetTrending API
Merge pull request #105 from mbarbine/sentinel/fix-cron-auth-bypass-398696299193142017 ๐ก๏ธ Sentinel: [CRITICAL] Fix auth bypass in cron sync
Merge branch 'main' into sentinel/fix-cron-auth-bypass-398696299193142017
Merge pull request #103 from mbarbine/sentinel/fix-json-feed-xss-6283396741220953132 ๐ก๏ธ Sentinel: [HIGH] Fix XSS vulnerability in JSON feed
Merge pull request #104 from mbarbine/bolt-mcp-search-optimizations-3470760371402380500 โก Bolt: [performance improvement] Optimize MCP search_markets filtering
Merge pull request #102 from mbarbine/jules-2192489390115401608-f0d0409a ๐งน [code health improvement] Resolve TypeScript errors globally and remove @ts-ignore
Merge pull request #101 from mbarbine/jules-7817610313128803506-fb4e8d79 โก Bolt: Optimize single market retrieval in MCP server
Merge branch 'main' into jules-7817610313128803506-fb4e8d79
Merge branch 'main' into jules-7817610313128803506-fb4e8d79
Merge pull request #100 from mbarbine/fix/clob-api-type-safety-14657332960021702838 ๐งน [Remove 'any' from extractMidPrices in clob-api.ts]
Merge pull request #99 from mbarbine/jules-15429794825556002952-375c1774 โก Bolt: Replace map and filter with reduce in markets route
Merge branch 'main' into jules-15429794825556002952-375c1774
Merge pull request #55 from mbarbine/bolt/early-returns-in-filters-15841642010936684168 โก Bolt: Optimize array filters with lifted invariants and early returns
Add files via upload
Merge pull request #38 from mbarbine/jules-fix-duplicate-ratelimit-4312659532739387161 ๐ก๏ธ Sentinel: [HIGH] Fix duplicate rate limit check crashing MCP endpoint
๐ก๏ธ Sentinel: [HIGH] Fix duplicate rate limit check crashing MCP endpoint Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
๐ก๏ธ Sentinel: [High] Fix potential XSS via dangerouslySetInnerHTML without HTML escaping Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
Merge pull request #35 from mbarbine/jules-bolt-upsert-batching-13341397984068833097 โก Bolt: Batch Neon database inserts in upsertMarkets
Merge branch 'main' into jules-bolt-upsert-batching-13341397984068833097
Merge pull request #22 from mbarbine/bolt-performance-optimization-promise-chaining-6906029282778357614 โก Bolt: Remove async overhead in array mapping
โก Bolt: Batch Neon database inserts in upsertMarkets Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
Merge pull request #21 from mbarbine/sentinel-mcp-rate-limit-6854168838620170123 ๐ก๏ธ Sentinel: [HIGH] Add rate limiting to MCP endpoint
Merge branch 'v0/mbarbine-a85382cd' into sentinel-mcp-rate-limit-6854168838620170123
Merge pull request #27 from mbarbine/sentinel/fix-json-ld-xss-3949393400162916686 ๐ก๏ธ Sentinel: [HIGH] Fix XSS vulnerability in JSON-LD rendering
Merge branch 'main' into bolt-performance-optimization-promise-chaining-6906029282778357614