Full deployment history for this project.
🔒 fix: restrict overly permissive CORS policy - Centralized CORS origin validation in lib/platform.ts - Replaced wildcard "*" with an allowlist including BASE_URL, localhost, and ALLOWED_ORIGINS - Updated all API endpoints and .well-known routes to use dynamic origin reflection - Updated vercel.json and integration tests to match the new security policy
Merge pull request #158 from mbarbine/copilot/merge-all-pull-requests Consolidate open PRs #147–#157 into a single merge-ready integration branch
chore: drop stray PR metadata file Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
update
🧪 Add test for fetchMarketBySlug caching behavior 🎯 What: Added a missing unit test to verify that fetchMarketBySlug correctly uses the in-memory cache and avoids calling the external Gamma API if the market is already cached. 📊 Coverage: Added coverage for the caching branch of fetchMarketBySlug, ensuring caching logic acts as expected and doesn't hit MSW handlers. ✨ Result: Improved test suite coverage and confidence in API caching functionality.
⚡ Optimize Date.now() overhead in markets route
🎨 Palette: Hide decorative lucide-react icons from screen readers Added `aria-hidden="true"` to multiple purely decorative SVG components imported from `lucide-react` across the global layout pages and specific components like the footer and the FAQ section. This ensures screen readers do not awkwardly announce the raw semantic names of icons next to visible text, which creates unnecessary noise for visually impaired users.
Merge pull request #145 from mbarbine/fix-ip-spoofing-vulnerability-15947331289465584313 🔒 [security] Fix IP spoofing vulnerability in getClientIp
🔒 [security] Fix IP spoofing vulnerability in getClientIp Prioritize `X-Vercel-Forwarded-For` and take the left-most IP from the forwarded header lists to correctly identify the client IP and prevent spoofing attacks. Updated unit and verification tests accordingly.
Merge pull request #139 from mbarbine/sentinel-dos-mcp-16352267850012769827 🛡️ Sentinel: [MEDIUM] Fix DoS risk in MCP string inputs
Merge branch 'main' into palette-recent-markets-ux-463324733562882776
Merge pull request #140 from mbarbine/bolt/optimize-emoji-lookup-11693902125624668059 ⚡ Bolt: Optimize emoji lookup with single-pass iteration
Merge pull request #135 from mbarbine/palette-error-state-ux-14992905809839380938 🎨 Palette: Improve error state UX for recent markets
Merge pull request #137 from mbarbine/bolt-optimize-markets-route-8406472046907981920 perf: filter markets before CLOB price batch fetch in `/api/markets`
Merge branch 'main' into bolt-optimize-markets-route-8406472046907981920
Merge pull request #136 from mbarbine/bolt-filter-before-clob-enrichment-12488674838004338506 ⚡ Bolt: Filter markets before fetching CLOB prices
Merge pull request #119 from mbarbine/sentinel/fix-xss-escapehtml-18426216374043960444 🛡️ Sentinel: [HIGH] Fix XSS via unescaped single quotes in RSS feeds
Merge branch 'main' into sentinel/fix-xss-escapehtml-18426216374043960444
Merge pull request #117 from mbarbine/sentinel/fix-sql-injection-interval-6161484765693062680 🛡️ Sentinel: [CRITICAL] Fix SQL injection vulnerability in INTERVAL clauses
Merge pull request #118 from mbarbine/sentinel/add-security-headers-14801645495576832921 🛡️ Sentinel: Add security headers
Merge pull request #116 from mbarbine/ux-focus-visible-styles-16503697459166524327 🎨 Palette: Add keyboard focus styles to top banner link
Merge pull request #114 from mbarbine/bolt-optimize-handle-get-related-markets-8426933036867120183 ⚡ Bolt: Optimize related markets endpoint via single-pass loop
Merge pull request #115 from mbarbine/palette-ux-enhancements-3122147101727865836 Add smooth scrolling and missing focus states
Merge pull request #113 from mbarbine/perf-optimize-top-movers-cache-6497083052491467543 ⚡ Optimize getTopPriceMovers with analytical query and caching
Merge branch 'main' into perf-optimize-top-movers-cache-6497083052491467543
Merge pull request #112 from mbarbine/fix-mcp-ip-spoofing-432165456507214120 fix: prevent IP spoofing in MCP route rate limiting
Merge pull request #111 from mbarbine/refactor-logging-structured-logger-9650706049948783396 chore: refactor logging to use structured logger across API routes an…
Merge pull request #106 from mbarbine/bolt-gettrending-sort-optimization-2661428746402949574 ⚡ Bolt: O(N) sort optimization in GetTrending API
Merge pull request #105 from mbarbine/sentinel/fix-cron-auth-bypass-398696299193142017 🛡️ Sentinel: [CRITICAL] Fix auth bypass in cron sync
Merge branch 'main' into sentinel/fix-cron-auth-bypass-398696299193142017
Merge pull request #103 from mbarbine/sentinel/fix-json-feed-xss-6283396741220953132 🛡️ Sentinel: [HIGH] Fix XSS vulnerability in JSON feed
Merge pull request #104 from mbarbine/bolt-mcp-search-optimizations-3470760371402380500 ⚡ Bolt: [performance improvement] Optimize MCP search_markets filtering
Merge branch 'main' into jules-7817610313128803506-fb4e8d79
Merge branch 'main' into jules-15429794825556002952-375c1774
Merge pull request #38 from mbarbine/jules-fix-duplicate-ratelimit-4312659532739387161 🛡️ Sentinel: [HIGH] Fix duplicate rate limit check crashing MCP endpoint
🛡️ Sentinel: [HIGH] Fix duplicate rate limit check crashing MCP endpoint Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
🛡️ Sentinel: [High] Fix potential XSS via dangerouslySetInnerHTML without HTML escaping Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
Merge branch 'main' into jules-bolt-upsert-batching-13341397984068833097
⚡ Bolt: Batch Neon database inserts in upsertMarkets Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
Merge pull request #21 from mbarbine/sentinel-mcp-rate-limit-6854168838620170123 🛡️ Sentinel: [HIGH] Add rate limiting to MCP endpoint
Merge branch 'v0/mbarbine-a85382cd' into sentinel-mcp-rate-limit-6854168838620170123
Merge pull request #27 from mbarbine/sentinel/fix-json-ld-xss-3949393400162916686 🛡️ Sentinel: [HIGH] Fix XSS vulnerability in JSON-LD rendering
Merge branch 'main' into bolt-performance-optimization-promise-chaining-6906029282778357614
🛡️ Sentinel: [High] Fix XSS vulnerability in dangerouslySetInnerHTML Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
test(db): add test for getStats fallback without db connection Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>