johan
/
dealspace
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
69 Commits 1 Branch 0 Tags 133 MiB
Commit Graph

69 Commits

Author SHA1 Message Date
James c2ddca03b7 fix: created_at must be UnixMilli not RFC3339 string — was silently dropping new list/section/request from tree 2026-03-14 19:26:30 -04:00
James f06cce9089 feat: inline add section/request in tree; fix New List sort_order; Import List rename; + Section/+ Request buttons on list rows 2026-03-14 19:16:22 -04:00
James ce2c68634d feat: create request list manually; larger action buttons; Summary View/Detailed View toggle 2026-03-14 18:42:21 -04:00
James 2f25eceac7 chore: auto-commit uncommitted changes 2026-03-12 18:02:10 -04:00
James 19fccab7fd redesign: request detail — card-based layout, max-w-4xl centered, proper hierarchy, empty state 2026-03-12 05:11:07 -04:00
James 51928a1cdc fix: request detail — full width, response+discussion side by side, buyer preview-only, header breadcrumb 2026-03-12 05:06:42 -04:00
James 58023f464c redesign: request detail — single column, request→response→discussion, project name in breadcrumb 2026-03-12 05:03:15 -04:00
James d3f3360c48 fix: role restrictions use localStorage fallback; request text body size not h1 bold 2026-03-12 04:54:42 -04:00
James e197bb9526 fix: applyRoleRestrictions was called but never defined — was causing Error loading request 2026-03-12 04:51:25 -04:00
James 0e11ba2ba1 fix: buyer view — hide upload/mark answered/compose; fix duplicate request text; tighten title size 2026-03-12 04:36:24 -04:00
James 25f46d5f66 fix: rebuild with SetTestRole handler — service was running stale binary 2026-03-12 04:25:52 -04:00
James f6632dddfc fix: add test role select to sidebar — was missing from template 2026-03-12 04:20:17 -04:00
James 84f8350700 feat: server-side test role — PUT /api/admin/test-role writes to session, middleware injects into context 2026-03-12 03:45:39 -04:00
James e89b4e5a5c feat: test role switcher in sidebar (admin only) — amber banner when impersonating 2026-03-12 03:19:37 -04:00
James d19ce5e8fa fix: org cards clickable — store orgs in JS map, pass entry_id to edit modal 2026-03-12 03:04:48 -04:00
James 62ce5266b7 fix: button text visible on Steel/Brutalist; org list redesign — row layout, sharp corners 2026-03-12 02:57:53 -04:00
James 909ce97aea ui: bump base font 13→14px; request table stays 13px 2026-03-12 02:56:05 -04:00
James b402d64cb9 feat: org edit modal — click card to edit name/domains/role/website/desc; PUT /api/orgs/:id 2026-03-12 02:53:23 -04:00
James bbce4cf36a fix: orgs page — read o.name/role/domains directly from API response, not data_text 2026-03-12 02:49:16 -04:00
James 35f6279d56 ui: reduce top padding on project page 2026-03-12 02:45:44 -04:00
James fdcc1b96e3 fix: admin link — inline script hides before paint, no flash 2026-03-12 02:44:40 -04:00
James 28189e17d1 ui: status+Import+Summary on tab line; Summary brighter; Admin pinned to sidebar bottom 2026-03-12 02:42:55 -04:00
James 449a902b4d ui: project name full white; Org tab → Parties; Summary toggle inline with tabs 2026-03-12 02:40:01 -04:00
James a9d40a31b5 ui: custom project switcher dropdown — no native select 2026-03-12 02:37:04 -04:00
James a2fc510065 ui: project switcher — strip browser default select styling 2026-03-12 02:35:41 -04:00
James 34319eef07 fix: remove inline SVG data URI from template attr (breaks Go template engine) 2026-03-12 02:34:04 -04:00
James 9368261ce2 ui: project switcher dropdown in header; consistent type hierarchy throughout 2026-03-12 02:32:40 -04:00
James 4abac19f35 ui: larger header + logo, project name in header selectable, sidebar font larger, no repeated h1 2026-03-12 02:29:41 -04:00
James bb33323957 feat: Steel + Brutalist themes; tighten all theme base sizes to 13px 2026-03-12 02:19:27 -04:00
James 14b35c95da fix: restore org name dropdown + no-match message; member name field full width 2026-03-12 01:04:46 -04:00
James 0bb8033ed7 fix: add org website/domain field for invite validation; dropdown hides on blur 2026-03-12 00:56:43 -04:00
James 8b0a09bb7e fix: auto-derive org domains from member emails; keep domain validation on backend 2026-03-12 00:39:15 -04:00
James 5c17bf5980 fix: add org — domain no longer required, dropdown hides on blur, member bubbles UX 2026-03-12 00:37:40 -04:00
James 6e50974faf security: hard block on DB files throughout the portal 
Platform rule: raw database files (.db, .sqlite, .sqlite3, .sql,
.mdb, .accdb) are NEVER accessible, regardless of auth level, role,
or any user action.

Enforced at four layers:
1. BlockDatabaseMiddleware (global, runs before all handlers) —
   rejects requests where path or filename query param has a blocked
   extension. Cannot be bypassed at the route level.

2. UploadObject — rejects uploads of blocked file types at ingestion.
   They never enter the object store in the first place.

3. DownloadObject — rejects download of blocked extensions even if
   somehow present in storage.

4. PreviewObject — rejects preview of blocked extensions.

5. Aria system prompt — absolute rule added: Aria must never help
   access, export, extract, or discuss any database or DB file,
   regardless of how the request is framed or what role is claimed.

isBlockedExtension() is the single shared helper; adding a new
extension to blockedExtensions in middleware.go propagates to all
four enforcement points automatically.
 2026-03-08 08:25:25 -04:00
James 170de7fc19 fix: chat widget paths → /static/chat.js 2026-03-07 17:08:58 -05:00
James 72b5b59fe2 feat: Aria chat widget (chat.js + chat.css) — AI assistant on website 2026-03-07 17:08:42 -05:00
James eae31d55c7 fix: show full request sentences, no mid-word truncation; edit uses textarea showing full text 2026-03-07 14:21:46 -05:00
James 0e98be999c fix: add org modal HTML was missing from template, wire onclick 2026-03-07 13:54:53 -05:00
James 27c682b960 feat: org management — Add Org modal with typeahead, members, permissions per org 2026-03-07 13:50:03 -05:00
James 375a2acf37 feat: threaded channel comments — Announcements + per-PE channels, nested replies 2026-03-07 13:15:18 -05:00
James 3caf312fdb feat: file preview, buyer visibility, inline editing, template consolidation, CSS centralization 2026-03-07 13:10:12 -05:00
James 6d09b1ad24 chore: auto-commit uncommitted changes 2026-03-07 00:01:23 -05:00
James 27c715f963 chore: auto-commit uncommitted changes 2026-03-04 00:01:22 -05:00
James d52921e1f3 Fix deploy: scp migration files not directory to avoid nesting 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-03 18:37:58 -05:00
James 0647eb91b6 Request tree: spreadsheet-style table with D&D, linking, import 
- Add sort_order column to entries (migration 002)
- Upgrade migration runner to handle directory of SQL files
- Add TypeSection, SortOrder field, RequestListData, SectionData types
- Add tree API: ListRequestTree, MoveEntry, AnswerLink CRUD, ListAnswers
- Rewrite ImportRequests to create hierarchical tree (request_list → section → request)
- Rewrite project page Requests tab as spreadsheet-style tree table
  - Collapsible request lists and sections
  - Auto-numbering (1, 1.1, 1.2, 2.1.1)
  - Drag & drop reordering between sections
  - Priority/status badges with color coding
  - Attach answer modal (link existing docs or upload new)
  - Per-row actions menu

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-03 18:30:12 -05:00
James 54a8222b51 Add 5-theme switcher + open on projects instead of tasks 
Landing page: /app now redirects to /app/projects (not tasks).
Logo links updated across all templates.

Theme system with 5 options persisted in localStorage:
- Midnight (default dark navy + gold)
- Light (white/gray + blue accent)
- Slate (gray-blue + teal accent)
- Compact (same as midnight, 85% font scale)
- Executive (warm dark browns, larger fonts, serif headings)

CSS custom properties override all hardcoded Tailwind colors via
attribute selectors. Floating theme bar on all pages.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-03 17:46:16 -05:00
James 667657c9fb Rebuild request detail page: fix API routes + two-column layout 
- Fix all API endpoints to use correct routes:
  GET /api/requests/{id} (single call for request + children)
  POST /api/projects/{pid}/objects (file upload)
  POST /api/projects/{pid}/entries (create comment/document)
  PUT /api/projects/{pid}/entries/{eid} (mark as answered)
- Two-column desktop layout: Request (read-only) | Response (docs + upload)
- Full-width Discussion section below
- Upload creates both object + document entry linked to request
- "Mark as Answered" button updates request status
- Priority badge, section/item_number badge, answered banner

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-01 07:06:02 -05:00
James 051c6afe19 Fix project page: route alias + request rendering + remove smoke test data 
- Add /api/projects/{projectID} route (was only /detail, frontend called without suffix)
- Fix project.html: unwrap response envelope (API returns {project:..., workstreams:...})
- Fix request list: use r.data || parseData(r.data_text) so r.data.title renders correctly
- DB: deleted 5 smoke test projects + their entries/access records from Shannon
 2026-03-01 06:53:05 -05:00
James b17af439a0 Fix CSP: allow Tailwind CDN and Google Fonts 2026-02-28 11:45:49 -05:00
James dafe075dc6 Restore clean project.html from e6a6882 + add import modal properly 2026-02-28 11:40:50 -05:00