platform

yusiboyz/platform

Fork 0

Commit Graph

Author	SHA1	Message	Date
Yusuf Suleman	6023ebf9d0	feat: tasks app, security hardening, mobile fixes, iOS app shell - Custom SQLite task manager replacing TickTick wrapper - 73 tasks migrated from TickTick across 15 projects - RRULE recurrence engine with lazy materialization - Dashboard tasks widget (desktop sidebar + mobile card) - Tasks page with project tabs, add/edit/complete/delete - Security: locked ports to localhost, removed old containers - Gitea Actions runner configured and all 3 CI jobs passing - Fixed mobile overflow on dashboard cards - iOS Capacitor app shell (Second Brain) - Frontend/backend guide docs for adding new services - TickTick Google Calendar sync re-authorized Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-30 15:35:57 -05:00
Yusuf Suleman	ac5c758056	fix: complete remaining partial issues (#5 , #8 , #9 ) Some checks failed Security Checks / dependency-audit (push) Has been cancelled Details Security Checks / secret-scanning (push) Has been cancelled Details Security Checks / dockerfile-lint (push) Has been cancelled Details #5 Gateway Trust Model: - Removed inventory /test endpoint - Updated docs/trust-model.md with accurate description: - Per-user services (trips, fitness) vs gateway-key services clearly separated - Known limitations documented (no per-user isolation on shared services) - No false claims about per-user auth where it doesn't exist #8 Dependency Security: - Workflow reviewed and confirmed sane - Added .gitea/README.md documenting runner requirement - Status: repo-side complete, operationally blocked on runner setup #9 Performance Hardening: - Budget /transactions/recent: 30s cache (1.1s→41ms on repeat) - Budget /uncategorized-count: 2min cache (1.3s→42ms on repeat) - Both endpoints document Actual Budget per-account API constraint - Budget buildLookups: 2min cache (already in place) - All inventory full scans already eliminated (prior commit)	2026-03-29 15:17:28 -05:00
Yusuf Suleman	4ecd2336b5	fix: complete remaining remediation (#5 , #8 , #9 ) Some checks failed Security Checks / dependency-audit (push) Has been cancelled Details Security Checks / secret-scanning (push) Has been cancelled Details Security Checks / dockerfile-lint (push) Has been cancelled Details #5 Gateway Trust Model: - Token validation now uses protected endpoints, not health checks - Unknown services rejected (no fallback to unprotected endpoint) - Trust model documented in docs/trust-model.md #8 CI Enforcement: - Added .gitea/workflows/security.yml with: - Dependency audit (npm audit --audit-level=high for budget) - Secret scanning (checks for tracked .env/.db, hardcoded secrets) - Dockerfile lint (non-root USER, HEALTHCHECK presence) #9 Performance Hardening: - Budget /summary: 1-minute in-memory cache (avoids repeated account fan-out) - Gateway /api/dashboard: 30-second per-user cache (50x faster on repeat) - Inventory health endpoint added before auth middleware Closes #5, #8, #9	2026-03-29 10:13:00 -05:00

Author

SHA1

Message

Date

Yusuf Suleman

6023ebf9d0

feat: tasks app, security hardening, mobile fixes, iOS app shell

- Custom SQLite task manager replacing TickTick wrapper
- 73 tasks migrated from TickTick across 15 projects
- RRULE recurrence engine with lazy materialization
- Dashboard tasks widget (desktop sidebar + mobile card)
- Tasks page with project tabs, add/edit/complete/delete
- Security: locked ports to localhost, removed old containers
- Gitea Actions runner configured and all 3 CI jobs passing
- Fixed mobile overflow on dashboard cards
- iOS Capacitor app shell (Second Brain)
- Frontend/backend guide docs for adding new services
- TickTick Google Calendar sync re-authorized

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-03-30 15:35:57 -05:00

Yusuf Suleman

ac5c758056

fix: complete remaining partial issues (#5 , #8 , #9 )

Security Checks / dependency-audit (push) Has been cancelled

Details

Security Checks / secret-scanning (push) Has been cancelled

Details

Security Checks / dockerfile-lint (push) Has been cancelled

Details

#5 Gateway Trust Model:
- Removed inventory /test endpoint
- Updated docs/trust-model.md with accurate description:
  - Per-user services (trips, fitness) vs gateway-key services clearly separated
  - Known limitations documented (no per-user isolation on shared services)
  - No false claims about per-user auth where it doesn't exist

#8 Dependency Security:
- Workflow reviewed and confirmed sane
- Added .gitea/README.md documenting runner requirement
- Status: repo-side complete, operationally blocked on runner setup

#9 Performance Hardening:
- Budget /transactions/recent: 30s cache (1.1s→41ms on repeat)
- Budget /uncategorized-count: 2min cache (1.3s→42ms on repeat)
- Both endpoints document Actual Budget per-account API constraint
- Budget buildLookups: 2min cache (already in place)
- All inventory full scans already eliminated (prior commit)

2026-03-29 15:17:28 -05:00

Yusuf Suleman

4ecd2336b5

fix: complete remaining remediation (#5 , #8 , #9 )

Security Checks / dependency-audit (push) Has been cancelled

Details

Security Checks / secret-scanning (push) Has been cancelled

Details

Security Checks / dockerfile-lint (push) Has been cancelled

Details

#5 Gateway Trust Model:
- Token validation now uses protected endpoints, not health checks
- Unknown services rejected (no fallback to unprotected endpoint)
- Trust model documented in docs/trust-model.md

#8 CI Enforcement:
- Added .gitea/workflows/security.yml with:
  - Dependency audit (npm audit --audit-level=high for budget)
  - Secret scanning (checks for tracked .env/.db, hardcoded secrets)
  - Dockerfile lint (non-root USER, HEALTHCHECK presence)

#9 Performance Hardening:
- Budget /summary: 1-minute in-memory cache (avoids repeated account fan-out)
- Gateway /api/dashboard: 30-second per-user cache (50x faster on repeat)
- Inventory health endpoint added before auth middleware

Closes #5, #8, #9

2026-03-29 10:13:00 -05:00

3 Commits