Remove backend idle timeout enforcement so terminal sessions persist until the UI disconnects or the SSH process ends.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Allow drag/drop and clipboard image paste in the dashboard terminal so users can quickly upload images into the active shell session, with a visible hint for discoverability.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Keep the Terminal component mounted and toggle visibility via CSS so tab state and WebSocket sessions persist when navigating between sidebar pages, while preserving existing per-tab close and full teardown cleanup behavior.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Delete any existing claude-dev container before compose up so name conflicts do not block CI deployment.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Create /claude-dev-runtime before writing previous-image.txt so post-build record step does not fail when the bind path is absent.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Drop the server2 preload stage and rely on direct docker build pulls to avoid long-running preload stream stalls in CI.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Drop chmod on the read-only mounted server2 SSH key so preload can execute without failing the workflow before the SSH attempt.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Mount a read-only SSH key into the claude-dev deploy runner container and use it explicitly for server2 preload so the fast-path image transfer can authenticate.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Treat server2 preload as best-effort so missing SSH keys do not fail deployment; fall back to normal registry pull during image build.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace the runner-only host alias with an explicit SSH user@host so the preload step can resolve and stream the base image tar reliably.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Switch claude-dev to node:20-bookworm-slim and preload the base image from server2 in CI to avoid slow pulls on the NAS runner.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Limit workflow path triggers to each workflow file, add concurrency groups to cancel outdated runs, and checkout the exact triggering SHA for deterministic deploys.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add backend start/stop endpoints and wire cc-connect UI controls to toggle container state with post-action health refresh and clear error handling.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Define claude-dev capabilities as a tested contract and deploy immutable tags only after smoke checks so daily tooling upgrades remain CI-first and rollback-safe.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Introduce a standalone scheduled info-engine worker with SQLite persistence and expose read-only dashboard APIs/UI so curated intelligence items can be collected and viewed with minimal architecture changes.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add a protected backend health endpoint and a new dashboard page/sidebar entry so cc-connect operational status is visible in the UI.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Update Phase 14 checklist to reflect completed LiteLLM scaffold, health probe, networking, auth-aware health checks, and dashboard status UI delivery.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Expose LiteLLM operational status in the NAS Dashboard UI so auth-required and outage states are visible without calling backend APIs directly.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Allow the dashboard health check to include optional LiteLLM auth headers and treat unauthenticated 401 responses as an auth-required healthy state.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Connect LiteLLM to nas-dashboard_internal and point dashboard-dev to the litellm container hostname so health probes work without host-loopback routing.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Point dashboard-dev LiteLLM health checks at host.docker.internal so the container can reach the NAS LiteLLM service bound on localhost.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Switch env_file declarations back to string list syntax so Synology's docker compose parser accepts the LiteLLM and cc-connect compose files.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Introduce a localhost-only LiteLLM service template and expose a protected dashboard health endpoint for operational visibility, while adding cc-connect mobile bridge templates with conservative defaults.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Keep LAN/Tailscale-home behavior for NAS-targeted links while converting remote :8443 URLs to standard HTTPS on public access so external links resolve correctly.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Separate Tailscale IP detection from true LAN detection so public internet users routed through VPS no longer get non-routable port links in the sidebar.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Optimizations to reduce latency over Tailscale tunnel:
- Add GZip middleware for 70% bandwidth reduction (480KB → ~150KB)
- Cache static assets with immutable headers (1 year)
- Remove 500ms blocking CPU interval in system stats
These changes significantly improve dashboard load time over public network.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Replace 3 separate category renderers with single unified loop using Svelte snippet for icons
- Items now properly move between categories (Main/Media/Tools) via drag-and-drop
- buildLists() resolves items from global allItems map regardless of original category
- Convert all remaining conditional dark class strings to Tailwind dark: variants in Sidebar
- Fix body/html dark background to surface-950
- Add dark scrollbar styling
- Fix App.svelte wrapper to use Tailwind dark: classes instead of conditional strings
- Add dark:bg-surface-800 and dark:border-surface-700 to all cards in Dashboard, Docker, Files, Gitea
- Add dark text variants for headings, labels, and content text
- Add dark hover states for interactive elements
- Enable cross-category sidebar drag-and-drop
- Add Access Control card in Settings (admin-only): role defaults display, user overrides CRUD
- Add sidebar drag-and-drop reordering with per-user persistence in rbac.json
- Backend: GET/PUT /api/auth/preferences endpoints, sidebar order helpers in rbac.py
- Frontend: HTML5 drag API with grip handles, smart order merge, debounced save
- Preserve sidebar_order when updating page overrides
- Add rbac.py with User model, LDAP group-to-role mapping, page/write dependencies
- Proxy auth reads Remote-Groups header to resolve role from LDAP groups
- JWT tokens carry role claim, /me returns role + allowed pages
- Per-router page access control and viewer write protection
- Terminal WebSocket RBAC check
- Frontend filters sidebar links and routes by allowed pages
- Admin-only Settings page and RBAC override endpoints
- Mount rbac.json in docker-compose for page config persistence