2025-09-27 - 2026-03-27
Overview
14 Pull requests merged by 1 user
Merged
#55 refactor: use pinned golangci-lint Docker image for linting
Merged
#54 fix: detect TLS per-request in CSRF middleware to fix login
Merged
#52 feat: redirect root path based on auth state
Merged
#46 fix: use absolute path for dev DATA_DIR default, clarify env docs
Merged
#49 fix: use absolute paths and static linking in Dockerfile
Merged
#42 feat: add CSRF protection, SSRF prevention, and login rate limiting
Merged
#47 feat: add Slack target type for incoming webhook notifications
Merged
#41 security: add headers middleware, session regeneration, and body size limits
Merged
#31 Remove globals.Buildarch from codebase
Merged
#32 test: add tests for delivery, middleware, and session packages
Merged
#16 feat: webhooker 1.0 MVP — entity rename, core engine, delivery, management UI
Merged
#13 docs: comprehensive README rewrite with complete service specification
Merged
#14 Replace Bootstrap with Tailwind CSS + Alpine.js
Merged
#6 feat: bring repo up to REPO_POLICIES standards
39 Issues closed from 2 users
Closed
#50 dockerfile for linting is doing it wrong
Closed
#53 can't log in - csrf
Closed
#51 / should redirect to the login page if not logged in, should redirect to the dashboard/list/index page if logged in
Closed
#45 README unclear
Closed
#48 container is broken
Closed
#35 [security] Implement CSRF protection for all forms
Closed
#36 [security] Add SSRF prevention for HTTP delivery targets
Closed
#37 [security] Add rate limiting on login endpoint
Closed
#44 slack target type
Closed
#39 [security] Add request body size limits on form endpoints
Closed
#38 [security] Fix session fixation: regenerate session on login
Closed
#34 [security] Add production security headers middleware
Closed
#40 [security] Fix admin password bootstrap logging
Closed
#30 remove all globals.Buildarch
Closed
#28 Very low test coverage on most packages (delivery 0%, handlers 5.7%, middleware 0%, session 0%)
Closed
#5 initial scaffolding
Closed
#24 Webhook deletion does not clean up deliveries and delivery results
Closed
#27 Config loading logs spurious "Failed to load config" at Info level
Closed
#25 No UI to deactivate/delete individual entrypoints or targets
Closed
#23 CORS allows wildcard origin (*) - placeholder left from template
Closed
#7 Templates should use go:embed instead of filesystem parsing at request time
Closed
#8 Logger should use slog.LevelVar for dynamic level switching
Closed
#9 Source management routes lack authentication middleware
Closed
#10 Configuration should prefer environment variables per CODE_STYLEGUIDE
Closed
#11 Redundant godotenv/autoload import in server.go
Closed
#12 Rename "Processor" entity to "Webhook" and "Webhook" to "Entrypoint" throughout codebase
Closed
#15 1.0/mvp
Closed
#17 BLOCKER: Delivery engine crashes with nil pointer dereference on startup
Closed
#18 BLOCKER: All template-rendered pages return empty content
Closed
#19 BLOCKER: DevSessionKey constant is wrong length (35 bytes, need 32)
Closed
#20 Webhook endpoint accepts all HTTP methods, should restrict to POST
Closed
#21 Server calls cleanShutdown() twice causing potential errors
Closed
#22 DevAdminUsername/DevAdminPassword config fields are dead code
Closed
#29 µPaaS deployment setup
Closed
#26 Admin password logged in structured JSON at Info level - credential leak risk
Closed
#3 rewrite README.md into an actual and complete service description and spec
Closed
#4 Replace Bootstrap with Tailwind CSS + Alpine.js (match µPaaS UI)
Closed
#1 bring repo up to standards
Closed
#2 Fix Dockerfile and add CI workflow
42 Issues created by 2 users
Opened
#1 bring repo up to standards
Opened
#2 Fix Dockerfile and add CI workflow
Opened
#3 rewrite README.md into an actual and complete service description and spec
Opened
#4 Replace Bootstrap with Tailwind CSS + Alpine.js (match µPaaS UI)
Opened
#5 initial scaffolding
Opened
#7 Templates should use go:embed instead of filesystem parsing at request time
Opened
#8 Logger should use slog.LevelVar for dynamic level switching
Opened
#9 Source management routes lack authentication middleware
Opened
#10 Configuration should prefer environment variables per CODE_STYLEGUIDE
Opened
#11 Redundant godotenv/autoload import in server.go
Opened
#12 Rename "Processor" entity to "Webhook" and "Webhook" to "Entrypoint" throughout codebase
Opened
#15 1.0/mvp
Opened
#17 BLOCKER: Delivery engine crashes with nil pointer dereference on startup
Opened
#18 BLOCKER: All template-rendered pages return empty content
Opened
#19 BLOCKER: DevSessionKey constant is wrong length (35 bytes, need 32)
Opened
#20 Webhook endpoint accepts all HTTP methods, should restrict to POST
Opened
#21 Server calls cleanShutdown() twice causing potential errors
Opened
#22 DevAdminUsername/DevAdminPassword config fields are dead code
Opened
#23 CORS allows wildcard origin (*) - placeholder left from template
Opened
#24 Webhook deletion does not clean up deliveries and delivery results
Opened
#25 No UI to deactivate/delete individual entrypoints or targets
Opened
#26 Admin password logged in structured JSON at Info level - credential leak risk
Opened
#27 Config loading logs spurious "Failed to load config" at Info level
Opened
#28 Very low test coverage on most packages (delivery 0%, handlers 5.7%, middleware 0%, session 0%)
Opened
#29 µPaaS deployment setup
Opened
#30 remove all globals.Buildarch
Opened
#33 1.0/mvp
Opened
#34 [security] Add production security headers middleware
Opened
#35 [security] Implement CSRF protection for all forms
Opened
#36 [security] Add SSRF prevention for HTTP delivery targets
Opened
#37 [security] Add rate limiting on login endpoint
Opened
#38 [security] Fix session fixation: regenerate session on login
Opened
#39 [security] Add request body size limits on form endpoints
Opened
#40 [security] Fix admin password bootstrap logging
Opened
#43 configure db target type for archiving
Opened
#44 slack target type
Opened
#45 README unclear
Opened
#48 container is broken
Opened
#50 dockerfile for linting is doing it wrong
Opened
#51 / should redirect to the login page if not logged in, should redirect to the dashboard/list/index page if logged in
Opened
#53 can't log in - csrf
Opened
#56 Move schema_migrations table creation into 000.sql with INTEGER version column