Gan, Jimmy
019fddc079
dashboard: externalize service URLs and network config (Sprint 03 config externalization)
...
Deploy Dashboard (Dev) / Backend Tests (push) Failing after 2m17s
Deploy Dashboard (Dev) / Frontend Tests (push) Failing after 3m34s
Deploy Dashboard (Dev) / Deploy to Dev (push) Has been skipped
Run Tests / Secret Detection (pull_request) Failing after 30s
Run Tests / Backend Tests (pull_request) Failing after 2m18s
Run Tests / Frontend Tests (pull_request) Failing after 18s
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com >
2026-05-03 18:28:05 +08:00
Gan, Jimmy
1a37f34401
auth: Sprint 02 — auth hardening (Pydantic models, challenge binding, admin gates)
...
- Add max_length validation to LoginRequest (username 128, password 1024)
- Replace raw request.json() with Pydantic models in RBAC override/update endpoints
- Replace raw request.json() with Pydantic models in passkey register/login/delete
- Bind passkey challenges to session-bound challenge_id (prevents cross-session replay)
- Gate audit log and security log endpoints behind admin role
- Fix fragile opc_db.json.dumps() → import json directly
- Add COOKIE_SECURE=False startup warning (suppress with ALLOW_INSECURE_COOKIES)
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com >
2026-05-03 13:45:42 +08:00
Gan, Jimmy
323ae474a8
stability: Sprint 01 — production stability (dev runner, test gate, Docker UI, cpu_percent)
...
- Fix dev deploy runner label (ubuntu-latest → nas)
- Add backend + frontend test gate to dev deploy (tests must pass before deploy)
- Add error handling UI to Docker.svelte (error state with retry button)
- Fix psutil.cpu_percent always returning 0 on first call (interval=0 → 0.1)
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com >
2026-05-03 13:35:57 +08:00
Gan, Jimmy
b981c06d59
feat: comprehensive test infrastructure improvements
...
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 2m26s
Run Tests / Backend Tests (push) Failing after 2m36s
Run Tests / Frontend Tests (push) Failing after 2m23s
Run Tests / Test Summary (push) Failing after 13s
- Fix unit test imports: add env setup in conftest.py before module imports
- Add 24 new auth router tests (RBAC, preferences, password validation)
- Add 16 new tests for litellm and chat_summary routers
- Apply black formatting and ruff linting across codebase
- Add pre-commit hooks configuration (black, ruff, file checks)
- Increase CI coverage threshold from 40% to 50%
Test Results:
- 206 tests passing (91 unit + 115 integration)
- Coverage: 58.79% on core modules
- auth.py: 57% → 85%, litellm.py: 23% → 87%, chat_summary.py: 41% → 100%
- auth_service: 96.51%, config: 100%, rbac: 93.48%
2026-04-08 00:21:32 +08:00
Gan, Jimmy
44f0ed5d04
fix: harden dashboard auth and terminal flows
...
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 3m29s
Tighten terminal websocket auth and proxy trust handling while making file-backed auth/RBAC writes atomic to reduce high-impact security and persistence risks.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-03-06 23:53:58 +08:00
Gan, Jimmy
50e1d779de
perf: add compression and caching for faster public access
...
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 2m20s
Optimizations to reduce latency over Tailscale tunnel:
- Add GZip middleware for 70% bandwidth reduction (480KB → ~150KB)
- Cache static assets with immutable headers (1 year)
- Remove 500ms blocking CPU interval in system stats
These changes significantly improve dashboard load time over public network.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-03-01 22:21:51 +08:00
Gan, Jimmy
a0354c335b
fix: trust docker gateway IP for reverse proxy auth
Deploy Dashboard / deploy (push) Successful in 1m35s
2026-02-27 23:48:34 +08:00
Gan, Jimmy
3888a57642
chore: secure dashboard proxy endpoint and decouple lan checks
Deploy Dashboard / deploy (push) Successful in 1m48s
2026-02-27 23:41:36 +08:00
Gan, Jimmy
394a1aa367
security: harden dashboard (SSH keys, auth, uploads, CORS, non-root)
...
Remove SSH private keys from git, add SECRET_KEY validation, move WS
auth from query string to first message, add session limits/idle timeout,
PBKDF2 Fernet key, refresh token rotation, TOTP replay protection,
file upload size limit + filename sanitization, symlink safety check,
restrict CORS methods, IP-gate OpenClaw token, run container as non-root,
rate-limit refresh/passkey endpoints, sanitize Gitea path params.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-02-26 17:22:25 +08:00
Gan, Jimmy
549af23c14
Fix storage display: deduplicate volumes by device
2026-02-22 18:37:49 +08:00
Gan, Jimmy
87fdabcd50
Fix OpenClaw: auto-include gateway token in dashboard link
2026-02-22 18:30:34 +08:00
Gan, Jimmy
8797231f53
Add container health status, multi-volume storage, auto-refresh Overview
2026-02-22 17:11:17 +08:00
Gan, Jimmy
4a666c2914
Categorize audit log by threat level with filtering UI
2026-02-22 12:38:59 +08:00
Gan, Jimmy
a32588a7cc
Add audit log viewer to Settings page
2026-02-22 12:34:21 +08:00
Gan, Jimmy
7aec5976df
fix: resolve OpenClaw iframe connection refused and Docker HTTP proxy conflict
2026-02-20 17:25:16 +08:00
Gan, Jimmy
ec2f60fb2f
fix: add proxy support to httpx to allow Telegram API requests
2026-02-20 10:36:59 +08:00
Gan, Jimmy
b063382085
feat: add container monitor & telegram alerts
...
Added asyncio monitoring task to main.py to watch Docker container state transitions and send Telegram notifications on failures.
2026-02-20 10:31:18 +08:00
Gan, Jimmy
64ecd99dc7
Add OpenClaw, backup automation, health checks, Telegram notifications
...
Phase 6: OpenClaw docker-compose (port 3100) with health check
Phase 9: Enhanced backup.sh with full DB/config coverage + Telegram alerts
Phase 10: Health checks on all compose files, /api/system/notify endpoint
2026-02-19 21:40:34 +08:00
Gan, Jimmy
f3db7d3654
Dashboard UI overhaul: modern design with system stats, SVG icons, Inter font, theme toggle, loading states, and log modal
2026-02-19 02:29:25 +08:00