9be3c41493
fix: permissions button broken for new orgs — store orgs in JS map, pass only ID in onclick (same apostrophe/JSON escaping bug)
2026-03-15 00:07:32 -04:00
110d44e238
feat: add ⋯ menu to request_list and section rows — rename, delete, add section/request
2026-03-14 23:52:27 -04:00
e146deb517
fix: UpdateEntry preserves existing parent/type/depth; import list sort_order; CreateSection dynamic depth
2026-03-14 23:44:34 -04:00
1645061932
fix: menu buttons broken when title contains apostrophes — use showAttachModalById to avoid inline onclick escaping issues
2026-03-14 23:39:17 -04:00
cec6841938
feat: auto-summarize long requests in Summary View; smarter placeholder text
2026-03-14 19:51:59 -04:00
c2ddca03b7
fix: created_at must be UnixMilli not RFC3339 string — was silently dropping new list/section/request from tree
2026-03-14 19:26:30 -04:00
f06cce9089
feat: inline add section/request in tree; fix New List sort_order; Import List rename; + Section/+ Request buttons on list rows
2026-03-14 19:16:22 -04:00
ce2c68634d
feat: create request list manually; larger action buttons; Summary View/Detailed View toggle
2026-03-14 18:42:21 -04:00
2f25eceac7
chore: auto-commit uncommitted changes
2026-03-12 18:02:10 -04:00
19fccab7fd
redesign: request detail — card-based layout, max-w-4xl centered, proper hierarchy, empty state
2026-03-12 05:11:07 -04:00
51928a1cdc
fix: request detail — full width, response+discussion side by side, buyer preview-only, header breadcrumb
2026-03-12 05:06:42 -04:00
58023f464c
redesign: request detail — single column, request→response→discussion, project name in breadcrumb
2026-03-12 05:03:15 -04:00
d3f3360c48
fix: role restrictions use localStorage fallback; request text body size not h1 bold
2026-03-12 04:54:42 -04:00
e197bb9526
fix: applyRoleRestrictions was called but never defined — was causing Error loading request
2026-03-12 04:51:25 -04:00
0e11ba2ba1
fix: buyer view — hide upload/mark answered/compose; fix duplicate request text; tighten title size
2026-03-12 04:36:24 -04:00
25f46d5f66
fix: rebuild with SetTestRole handler — service was running stale binary
2026-03-12 04:25:52 -04:00
f6632dddfc
fix: add test role select to sidebar — was missing from template
2026-03-12 04:20:17 -04:00
84f8350700
feat: server-side test role — PUT /api/admin/test-role writes to session, middleware injects into context
2026-03-12 03:45:39 -04:00
e89b4e5a5c
feat: test role switcher in sidebar (admin only) — amber banner when impersonating
2026-03-12 03:19:37 -04:00
d19ce5e8fa
fix: org cards clickable — store orgs in JS map, pass entry_id to edit modal
2026-03-12 03:04:48 -04:00
62ce5266b7
fix: button text visible on Steel/Brutalist; org list redesign — row layout, sharp corners
2026-03-12 02:57:53 -04:00
909ce97aea
ui: bump base font 13→14px; request table stays 13px
2026-03-12 02:56:05 -04:00
b402d64cb9
feat: org edit modal — click card to edit name/domains/role/website/desc; PUT /api/orgs/:id
2026-03-12 02:53:23 -04:00
bbce4cf36a
fix: orgs page — read o.name/role/domains directly from API response, not data_text
2026-03-12 02:49:16 -04:00
35f6279d56
ui: reduce top padding on project page
2026-03-12 02:45:44 -04:00
fdcc1b96e3
fix: admin link — inline script hides before paint, no flash
2026-03-12 02:44:40 -04:00
28189e17d1
ui: status+Import+Summary on tab line; Summary brighter; Admin pinned to sidebar bottom
2026-03-12 02:42:55 -04:00
449a902b4d
ui: project name full white; Org tab → Parties; Summary toggle inline with tabs
2026-03-12 02:40:01 -04:00
a9d40a31b5
ui: custom project switcher dropdown — no native select
2026-03-12 02:37:04 -04:00
a2fc510065
ui: project switcher — strip browser default select styling
2026-03-12 02:35:41 -04:00
34319eef07
fix: remove inline SVG data URI from template attr (breaks Go template engine)
2026-03-12 02:34:04 -04:00
9368261ce2
ui: project switcher dropdown in header; consistent type hierarchy throughout
2026-03-12 02:32:40 -04:00
4abac19f35
ui: larger header + logo, project name in header selectable, sidebar font larger, no repeated h1
2026-03-12 02:29:41 -04:00
bb33323957
feat: Steel + Brutalist themes; tighten all theme base sizes to 13px
2026-03-12 02:19:27 -04:00
14b35c95da
fix: restore org name dropdown + no-match message; member name field full width
2026-03-12 01:04:46 -04:00
0bb8033ed7
fix: add org website/domain field for invite validation; dropdown hides on blur
2026-03-12 00:56:43 -04:00
8b0a09bb7e
fix: auto-derive org domains from member emails; keep domain validation on backend
2026-03-12 00:39:15 -04:00
5c17bf5980
fix: add org — domain no longer required, dropdown hides on blur, member bubbles UX
2026-03-12 00:37:40 -04:00
6e50974faf
security: hard block on DB files throughout the portal
...
Platform rule: raw database files (.db, .sqlite, .sqlite3, .sql,
.mdb, .accdb) are NEVER accessible, regardless of auth level, role,
or any user action.
Enforced at four layers:
1. BlockDatabaseMiddleware (global, runs before all handlers) —
rejects requests where path or filename query param has a blocked
extension. Cannot be bypassed at the route level.
2. UploadObject — rejects uploads of blocked file types at ingestion.
They never enter the object store in the first place.
3. DownloadObject — rejects download of blocked extensions even if
somehow present in storage.
4. PreviewObject — rejects preview of blocked extensions.
5. Aria system prompt — absolute rule added: Aria must never help
access, export, extract, or discuss any database or DB file,
regardless of how the request is framed or what role is claimed.
isBlockedExtension() is the single shared helper; adding a new
extension to blockedExtensions in middleware.go propagates to all
four enforcement points automatically.
2026-03-08 08:25:25 -04:00
170de7fc19
fix: chat widget paths → /static/chat.js
2026-03-07 17:08:58 -05:00
72b5b59fe2
feat: Aria chat widget (chat.js + chat.css) — AI assistant on website
2026-03-07 17:08:42 -05:00
eae31d55c7
fix: show full request sentences, no mid-word truncation; edit uses textarea showing full text
2026-03-07 14:21:46 -05:00
0e98be999c
fix: add org modal HTML was missing from template, wire onclick
2026-03-07 13:54:53 -05:00
27c682b960
feat: org management — Add Org modal with typeahead, members, permissions per org
2026-03-07 13:50:03 -05:00
375a2acf37
feat: threaded channel comments — Announcements + per-PE channels, nested replies
2026-03-07 13:15:18 -05:00
3caf312fdb
feat: file preview, buyer visibility, inline editing, template consolidation, CSS centralization
2026-03-07 13:10:12 -05:00
6d09b1ad24
chore: auto-commit uncommitted changes
2026-03-07 00:01:23 -05:00
27c715f963
chore: auto-commit uncommitted changes
2026-03-04 00:01:22 -05:00
d52921e1f3
Fix deploy: scp migration files not directory to avoid nesting
...
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-03 18:37:58 -05:00
0647eb91b6
Request tree: spreadsheet-style table with D&D, linking, import
...
- Add sort_order column to entries (migration 002)
- Upgrade migration runner to handle directory of SQL files
- Add TypeSection, SortOrder field, RequestListData, SectionData types
- Add tree API: ListRequestTree, MoveEntry, AnswerLink CRUD, ListAnswers
- Rewrite ImportRequests to create hierarchical tree (request_list → section → request)
- Rewrite project page Requests tab as spreadsheet-style tree table
- Collapsible request lists and sections
- Auto-numbering (1, 1.1, 1.2, 2.1.1)
- Drag & drop reordering between sections
- Priority/status badges with color coding
- Attach answer modal (link existing docs or upload new)
- Per-row actions menu
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-03 18:30:12 -05:00
James