Full deployment history for this project.
Merge pull request #15 from mbarbine/copilot/merge-all-pull-requests
Merge all open PR branches into integration branch Agent-Logs-Url: https://github.com/mbarbine/civic-engagement-platform-webby/sessions/0a0a7013-7b3d-43b8-86b9-9d1715dcf003 Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
Plan integration of all open pull requests Agent-Logs-Url: https://github.com/mbarbine/civic-engagement-platform-webby/sessions/0a0a7013-7b3d-43b8-86b9-9d1715dcf003 Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
⚡ Bolt: Optimize municipality search filtering
🎨 Palette: Enhance AI Chat Send Button Accessibility and UX 💡 What: Added an `aria-label` to the send button in the AI chat component and introduced a loading spinner when the chat status is 'submitted'. 🎯 Why: Icon-only buttons require `aria-label`s for screen reader accessibility. Additionally, providing visual feedback during asynchronous operations (like waiting for the AI to respond) improves the perceived performance and prevents users from repeatedly clicking the button. 📸 Before/After: (See PR for screenshots) ♿ Accessibility: Improved screen reader support for the send button. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
🛡️ Sentinel: [CRITICAL] Fix Privilege Escalation in Supabase RLS Policies Updated the Row Level Security (RLS) policies in the SQL init scripts for municipalities, laws, meeting minutes, expenditures, and data collection tasks. Previously, UPDATE operations were permitted for any user using `USING (auth.uid() IS NOT NULL)`, leading to a severe privilege escalation vulnerability where standard citizens could arbitrarily verify or modify municipal data. The new policies restrict UPDATE operations to users with an 'admin' or 'moderator' role using: `EXISTS (SELECT 1 FROM public.profiles WHERE id = auth.uid() AND role IN ('admin', 'moderator'))` Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
⚡ Bolt: Optimize search filtering loop in MunicipalitySearch Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
feat: accessible AI chat input Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
Merge pull request #8 from mbarbine/vercel/react-server-components-cve-vu-l1616m Fix React Server Components CVE vulnerabilities
feat: debounce municipality search input Add a 300ms debounce to the search input in `MunicipalitySearch`. This optimization prevents rapid and unnecessary re-evaluations of the `filteredMunicipalities` array while the user is actively typing, improving performance and avoiding main thread blocks, particularly if the list of municipalities grows large. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
🛡️ Sentinel: [HIGH] Fix Unauthenticated AI API Access Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>