Commit Graph

Select branches

Hide Pull Requests

chore/code-cleanup

chore/update-todo

ci/add-check-action

ci/check-workflow-only

feat/ci-make-check

feature/api-token-auth

feature/deploy-cancel

feature/deployment-rollback

feature/deployment-rollback-tests

feature/edit-config-entities

feature/edit-entities

feature/json-api

fix/1.0-audit-bugs

fix/deploy-cancel-cleanup

fix/disable-api-write-methods

fix/issue-156-env-vars-404

fix/js-formatting

fix/main-lint-issues

fix/module-path

fix/repo-url-validation

main

revert/pr-98

schema-consolidation

update-todo-md

#10

#100

#102

#109

#115

#116

#117

#119

#126

#127

#129

#131

#14

#147

#148

#149

#15

#150

#152

#154

#155

#158

#159

#16

#160

#162

#164

#27

#28

#29

#30

#31

#33

#34

#46

#47

#48

#49

#50

#51

#52

#53

#55

#6

#65

#7

#73

#74

#75

#76

#77

#78

#8

#9

#91

#92

#93

#94

#95

#97

#98

#99

1.0.0

Mono Color

• 316ccae665 fix: reject duplicate env var keys with 400 instead of deduplicating fix/issue-156-env-vars-404 clawbot 2026-03-10 18:37:07 -07:00
• eaf3d48eae fix: dedup env var keys, add IDOR test, enforce body size limit clawbot 2026-03-10 18:14:20 -07:00
• 609ce1d0d3 fix: remove dead DeleteEnvVarsByAppID and add empty-key 400 test user 2026-03-10 17:42:50 -07:00
• 5a986aa8fd fix: transactional env var save, empty key validation, frontend error handling clawbot 2026-03-10 12:25:35 -07:00
• df6aad9b21 refactor: POST env vars as JSON array instead of KEY=value string clawbot 2026-03-10 11:37:55 -07:00
• 3f96f4f81b fix: match original table UI with immediate per-action submission clawbot 2026-03-10 11:23:36 -07:00
• 690b7d4590 feat: restore table UI with monolithic env var submission user 2026-03-10 11:18:46 -07:00
• b3cda1515f feat: monolithic env var editing (bulk save, no per-var CRUD) clawbot 2026-03-10 11:05:19 -07:00
• 4aaeffdffc Merge branch 'main' into fix/issue-156-env-vars-404 Jeffrey Paul 2026-03-10 18:54:32 +01:00
• d22daf1f0a Merge branch 'main' into fix/js-formatting fix/js-formatting Jeffrey Paul 2026-03-10 18:54:08 +01:00
• e1dc865226 feat: add webhook event history UI page (#164) main clawbot 2026-03-10 18:53:58 +01:00
• 48c9297627 Merge branch 'main' into fix/issue-156-env-vars-404 Jeffrey Paul 2026-03-10 01:09:25 +01:00
• 49ff625ac4 fix: add missing Makefile targets (docker, hooks) and test timeout (#159) clawbot 2026-03-10 01:09:15 +01:00
• 2d04ff85aa Merge branch 'main' into fix/issue-156-env-vars-404 Jeffrey Paul 2026-03-10 01:08:05 +01:00
• 602046b329 Merge branch 'main' into fix/js-formatting Jeffrey Paul 2026-03-10 01:07:26 +01:00
• ab63670043 fix: pass notification settings from create form to service (#160) clawbot 2026-03-10 01:01:32 +01:00
• 7920e723a6 style: run make fmt on JS static files clawbot 2026-03-09 17:01:10 -07:00
• 30f81078bd fix: use /env routes for env var CRUD, fixing 404 on env var forms clawbot 2026-03-06 03:38:17 -08:00
• 1cd433b069 chore: add REPO_POLICIES compliance files (#155) clawbot 2026-03-03 18:07:44 +01:00
• 94639a47e9 fix: add COPY --from=lint to builder stage to force lint execution (#154) clawbot 2026-03-01 23:46:52 +01:00
• 12446f9f79 fix: change module path to sneak.berlin/go/upaas (closes #143) (#149) clawbot 2026-03-01 23:22:18 +01:00
• 877fb2c0c5 Split Dockerfile into lint + build stages for faster CI feedback (#152) clawbot 2026-03-01 21:19:21 +01:00
• 14525523cb chore: update module path to sneak.berlin/go/upaas (fixes #143) fix/module-path clawbot 2026-02-26 06:00:17 -08:00
• 578c6ec842 Merge pull request 'tidy' (#148) from fix/tidy into main 1.0.0 Jeffrey Paul 2026-02-26 13:55:28 +01:00
• 1c2bf80d7d tidy sneak 2026-02-26 19:52:09 +07:00
• 019ba7fe1f Merge pull request 'Fix dashboard CSRFField crash (closes #146)' (#147) from fix/dashboard-csrf-field into main Jeffrey Paul 2026-02-26 12:07:42 +01:00
• c22a2877d5 fix: pass CSRFField to dashboard template (closes #146) user 2026-02-26 02:56:12 -08:00
• 43cde0eefd test: add failing test for dashboard CSRFField (refs #146) user 2026-02-26 02:56:00 -08:00
• b1c6b93d8e Merge pull request 'fix: simplify CI to docker build only (closes #130)' (#131) from fix/ci-docker-build-only into main Jeffrey Paul 2026-02-26 11:53:14 +01:00
• 1875792ebe Merge branch 'main' into fix/ci-docker-build-only Jeffrey Paul 2026-02-26 11:53:03 +01:00
• 7bbaa1d08a Merge pull request 'Fix 1.0 audit bugs (closes #120, closes #121, closes #122, closes #123, closes #124, closes #125)' (#126) from fix/audit-bugs-120-125 into main Jeffrey Paul 2026-02-26 11:52:54 +01:00
• 43a0cbac70 fix: use pre-built golangci-lint binary instead of go install user 2026-02-26 02:17:54 -08:00
• fb866af4e5 simplify CI to docker build only (refs #130) clawbot 2026-02-26 02:11:15 -08:00
• 91d6da0796 fix: move inline comments above FROM lines (fixes docker build) user 2026-02-26 02:06:11 -08:00
• 57e0735afa docs: expand Important note — HOST_DATA_DIR must be absolute path clawbot 2026-02-23 13:17:21 -08:00
• 2eeead7e64 docs: clarify UPAAS_DATA_DIR default is for local dev only clawbot 2026-02-23 13:16:06 -08:00
• 76fe014e9a docs: remove relative path default for HOST_DATA_DIR in docker-compose example user 2026-02-23 13:15:10 -08:00
• f36732eaf5 refactor: remove internal/domain package, move types to correct packages user 2026-02-23 13:14:15 -08:00
• 3a1b1e3cd4 refactor: add String() methods to domain types, replace string() casts user 2026-02-23 11:58:00 -08:00
• 594537e6f5 rework: address review feedback on PR #126 clawbot 2026-02-22 03:40:57 -08:00
• a6c76232bf fix: assign commit error to err so deferred rollback triggers (closes #125) clawbot 2026-02-21 00:55:53 -08:00
• 46574f8cf1 fix: rename GetBuildDir param from appID to appName (closes #123) clawbot 2026-02-21 00:55:24 -08:00
• 074903619d fix: add 1MB size limit on deployment logs with truncation (closes #122) clawbot 2026-02-21 00:55:12 -08:00
• 6cf6e89db4 fix: use renderTemplate in all error paths of HandleAppCreate/HandleAppUpdate (closes #121) clawbot 2026-02-21 00:54:49 -08:00
• 5c20b0b23d fix: use bind mount with HOST_DATA_DIR in docker-compose.yml (closes #120) clawbot 2026-02-21 00:54:32 -08:00
• e051245b5f Merge pull request 'Refactor: break up app.js into smaller modules' (#129) from refactor/split-app-js into main Jeffrey Paul 2026-02-26 10:59:02 +01:00
• 478746c356 rebase: apply audit bug fixes on latest main fix/1.0-audit-bugs user 2026-02-23 11:56:09 -08:00
• 5fe11f24d4 refactor: break up app.js into smaller modules user 2026-02-23 11:52:41 -08:00
• 28f014ce95 Merge pull request 'fix: use imageID in createAndStartContainer (closes #124)' (#127) from fix/use-image-id-in-container into main Jeffrey Paul 2026-02-23 20:48:23 +01:00
• dc638a07f1 Merge pull request 'fix: pin all external refs to cryptographic identity (closes #118)' (#119) from fix/pin-external-refs-crypto-identity into main Jeffrey Paul 2026-02-23 20:48:09 +01:00
• 0e8efe1043 fix: use imageID in createAndStartContainer (closes #124) user 2026-02-21 02:24:51 -08:00
• 0ed2d02dfe fix: pin all external refs to cryptographic identity (closes #118) user 2026-02-20 10:45:02 -08:00
• ab526fc93d Merge pull request 'fix: disable API v1 write methods (closes #112)' (#115) from fix/disable-api-write-methods into main Jeffrey Paul 2026-02-20 14:35:12 +01:00
• ab7c43b887 fix: disable API v1 write methods (closes #112) fix/disable-api-write-methods user 2026-02-20 05:33:07 -08:00
• 4217e62f27 Merge pull request 'fix: resolve 1.0 audit bugs (closes #104, #105, #106, #107, #108)' (#109) from fix/1.0-audit-bugs into main Jeffrey Paul 2026-02-20 13:47:12 +01:00
• 327d7fb982 fix: resolve lint issues in handlers and middleware clawbot 2026-02-20 03:35:44 -08:00
• 6cfd5023f9 fix: SetupRequired middleware exempts health, static, and API routes (closes #108) clawbot 2026-02-20 03:33:34 -08:00
• efd3500dac fix: HandleVolumeAdd validates host and container paths (closes #107) clawbot 2026-02-20 03:33:19 -08:00
• ec87915234 fix: API delete endpoint cleans up Docker container before DB deletion (closes #106) clawbot 2026-02-20 03:33:04 -08:00
• cd0354e86c fix: API deploy handler uses detached context to prevent cancellation (closes #105) clawbot 2026-02-20 03:32:42 -08:00
• 7d1849c8df fix: HandleEnvVarDelete uses correct varID route param (closes #104) clawbot 2026-02-20 03:32:20 -08:00
• 4a73a5575f Merge pull request 'ci: add Gitea Actions workflow for make check (closes #96)' (#100) from ci/check-workflow-only into main Jeffrey Paul 2026-02-20 12:19:29 +01:00
• 4f81d9cb70 fix: address review feedback - security hardening and lint cleanup chore/code-cleanup clawbot 2026-02-20 02:59:45 -08:00
• a5d703a670 Merge branch 'main' into ci/check-workflow-only ci/check-workflow-only Jeffrey Paul 2026-02-20 12:00:02 +01:00
• c8a8f88cd0 Merge pull request 'chore: code cleanup and best practices (closes #45)' (#95) from chore/code-cleanup into main Jeffrey Paul 2026-02-20 11:59:31 +01:00
• aab2375cfa Merge branch 'main' into chore/code-cleanup Jeffrey Paul 2026-02-20 11:59:06 +01:00
• 2ba47d6ddd Merge pull request 'fix: validate repo URL format on app creation (closes #88)' (#91) from fix/repo-url-validation into main Jeffrey Paul 2026-02-20 11:58:48 +01:00
• 0bb59bf9c2 feat: sanitize container log output beyond Content-Type user 2026-02-19 20:36:13 -08:00
• dcff249fe5 fix: sanitize container log output and fix lint issues clawbot 2026-02-19 20:30:11 -08:00
• 387a0f1d9a feat: sanitize container log output beyond Content-Type user 2026-02-19 20:36:13 -08:00
• 1417a87dff fix: sanitize container log output and fix lint issues clawbot 2026-02-19 20:30:11 -08:00
• e2e270a557 chore: code cleanup and best practices (closes #45) clawbot 2026-02-19 13:47:56 -08:00
• a2087f4898 fix: restrict SCP-like URLs to git user only and reject path traversal fix/repo-url-validation clawbot 2026-02-19 20:17:25 -08:00
• a2fb42520d fix: validate repo URL format on app creation (closes #88) clawbot 2026-02-19 13:44:08 -08:00
• 6d600010b7 ci: add Gitea Actions workflow for make check (closes #96) clawbot 2026-02-20 02:46:00 -08:00
• fc7ba6135c fix: resolve wsl_v5 whitespace issue in deploy fix/main-lint-issues clawbot 2026-02-20 02:50:32 -08:00
• a808f0c6a8 fix: resolve revive unused-parameter issues in export_test clawbot 2026-02-20 02:50:32 -08:00
• e3d6202015 fix: resolve gosec G306 file permission issue in test clawbot 2026-02-20 02:50:32 -08:00
• b2a25bc556 fix: resolve gosec G704 SSRF issues in notify service clawbot 2026-02-20 02:50:31 -08:00
• b05f8eae43 fix: resolve gosec G705/G703 taint analysis issues in handlers clawbot 2026-02-20 02:50:31 -08:00
• c729fdc7b3 fix: resolve gosec G117 secret pattern lint issues clawbot 2026-02-20 02:50:31 -08:00
• 18c47324e4 fix: resolve funcorder lint issues in docker client clawbot 2026-02-20 02:50:31 -08:00
• 8ad2c6e42c Merge pull request 'Fix all main branch lint issues (closes #101)' (#102) from fix/main-lint-issues into main Jeffrey Paul 2026-02-20 11:42:34 +01:00
• 0fcf12d2cc fix: resolve all lint issues on main branch clawbot 2026-02-20 02:39:18 -08:00
• e73409b567 fix: resolve lint issues for make check compliance feature/api-token-auth clawbot 2026-02-19 23:43:41 -08:00
• a891fb2489 fix: increase API token entropy from 128 to 256 bits clawbot 2026-02-19 20:16:32 -08:00
• 96eea71c54 fix: set authenticated user on request context in bearer token auth clawbot 2026-02-19 13:54:09 -08:00
• 7387ba6b5c feat: add API token authentication (closes #87) clawbot 2026-02-19 13:47:39 -08:00
• 3a4e999382 Merge pull request 'revert: undo PR #98 (CI + linter config changes)' (#99) from revert/pr-98 into main Jeffrey Paul 2026-02-20 05:37:49 +01:00
• 728b29ef16 Revert "Merge pull request 'feat: add Gitea Actions CI for make check (closes #96)' (#98) from feat/ci-make-check into main" revert/pr-98 clawbot 2026-02-19 20:36:22 -08:00
• f61d4d0f91 Merge pull request 'feat: add Gitea Actions CI for make check (closes #96)' (#98) from feat/ci-make-check into main Jeffrey Paul 2026-02-20 05:33:24 +01:00
• 8ec04fdadb feat: add Gitea Actions CI for make check (closes #96) feat/ci-make-check clawbot 2026-02-19 20:29:21 -08:00
• 5d87d386c3 ci: pin actions to commit SHAs to prevent RCE ci/add-check-action user 2026-02-19 20:25:23 -08:00
• f65e3887b2 ci: add Gitea Actions workflow for make check (fixes #96) user 2026-02-19 20:22:45 -08:00
• 06e8e66443 Merge pull request 'fix: clean up orphan resources on deploy cancellation (closes #89)' (#93) from fix/deploy-cancel-cleanup into main Jeffrey Paul 2026-02-20 05:22:58 +01:00
• 95a690e805 fix: use strings.HasPrefix instead of manual slice comparison fix/deploy-cancel-cleanup clawbot 2026-02-19 20:17:27 -08:00
• 802518b917 fix: clean up orphan resources on deploy cancellation (closes #89) clawbot 2026-02-19 13:47:07 -08:00
• b47f871412 Merge pull request 'fix: restrict CORS to configured origins (closes #40)' (#92) from fix/cors-wildcard into main Jeffrey Paul 2026-02-20 05:11:33 +01:00
• 02847eea92 fix: restrict CORS to configured origins (closes #40) clawbot 2026-02-19 13:45:18 -08:00
• 506c795f16 test: add CORS middleware tests (failing - TDD) clawbot 2026-02-19 13:43:33 -08:00