johan
/
dealspace
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
82 Commits 1 Branch 0 Tags 133 MiB
Commit Graph

82 Commits

Author SHA1 Message Date
James ec0b60d44c fix: CreateSection/CreateRequest/CreateRequestList now use lib.EntryWrite — no more raw DB calls in handlers 2026-03-17 13:21:49 -04:00
James eb37f682eb chore: auto-commit uncommitted changes 2026-03-17 00:01:24 -04:00
James 912fd55bf3 feat: delete project, seller logos on cards, org reuse on scrape 
- Add DELETE /api/projects/{projectID} — super admin only, soft-deletes
  project and all child entries
- Projects page: delete button on hover, alphabetical sort, seller org
  logo on project cards
- Scrape endpoint checks for existing org by domain before scraping;
  reuses existing org + members if found
- AddOrgToDeal reuses existing org entry when domain matches
- Clearer error message when website HTML exceeds LLM context limit

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-16 19:22:39 -04:00
James fe7543a0c8 chore: auto-commit uncommitted changes 2026-03-16 18:02:01 -04:00
James 52edadab72 chore: auto-commit uncommitted changes 2026-03-16 06:02:44 -04:00
James bfade7a86f chore: auto-commit uncommitted changes 2026-03-16 00:01:27 -04:00
James 379a79bc9d chore: auto-commit uncommitted changes 2026-03-15 06:02:11 -04:00
James dce2728bdb feat: permissions modal — replace folder dropdown with per-list checkboxes; fix savePermissions body 2026-03-15 00:45:59 -04:00
James 9be3c41493 fix: permissions button broken for new orgs — store orgs in JS map, pass only ID in onclick (same apostrophe/JSON escaping bug) 2026-03-15 00:07:32 -04:00
James 110d44e238 feat: add ⋯ menu to request_list and section rows — rename, delete, add section/request 2026-03-14 23:52:27 -04:00
James e146deb517 fix: UpdateEntry preserves existing parent/type/depth; import list sort_order; CreateSection dynamic depth 2026-03-14 23:44:34 -04:00
James 1645061932 fix: menu buttons broken when title contains apostrophes — use showAttachModalById to avoid inline onclick escaping issues 2026-03-14 23:39:17 -04:00
James cec6841938 feat: auto-summarize long requests in Summary View; smarter placeholder text 2026-03-14 19:51:59 -04:00
James c2ddca03b7 fix: created_at must be UnixMilli not RFC3339 string — was silently dropping new list/section/request from tree 2026-03-14 19:26:30 -04:00
James f06cce9089 feat: inline add section/request in tree; fix New List sort_order; Import List rename; + Section/+ Request buttons on list rows 2026-03-14 19:16:22 -04:00
James ce2c68634d feat: create request list manually; larger action buttons; Summary View/Detailed View toggle 2026-03-14 18:42:21 -04:00
James 2f25eceac7 chore: auto-commit uncommitted changes 2026-03-12 18:02:10 -04:00
James 19fccab7fd redesign: request detail — card-based layout, max-w-4xl centered, proper hierarchy, empty state 2026-03-12 05:11:07 -04:00
James 51928a1cdc fix: request detail — full width, response+discussion side by side, buyer preview-only, header breadcrumb 2026-03-12 05:06:42 -04:00
James 58023f464c redesign: request detail — single column, request→response→discussion, project name in breadcrumb 2026-03-12 05:03:15 -04:00
James d3f3360c48 fix: role restrictions use localStorage fallback; request text body size not h1 bold 2026-03-12 04:54:42 -04:00
James e197bb9526 fix: applyRoleRestrictions was called but never defined — was causing Error loading request 2026-03-12 04:51:25 -04:00
James 0e11ba2ba1 fix: buyer view — hide upload/mark answered/compose; fix duplicate request text; tighten title size 2026-03-12 04:36:24 -04:00
James 25f46d5f66 fix: rebuild with SetTestRole handler — service was running stale binary 2026-03-12 04:25:52 -04:00
James f6632dddfc fix: add test role select to sidebar — was missing from template 2026-03-12 04:20:17 -04:00
James 84f8350700 feat: server-side test role — PUT /api/admin/test-role writes to session, middleware injects into context 2026-03-12 03:45:39 -04:00
James e89b4e5a5c feat: test role switcher in sidebar (admin only) — amber banner when impersonating 2026-03-12 03:19:37 -04:00
James d19ce5e8fa fix: org cards clickable — store orgs in JS map, pass entry_id to edit modal 2026-03-12 03:04:48 -04:00
James 62ce5266b7 fix: button text visible on Steel/Brutalist; org list redesign — row layout, sharp corners 2026-03-12 02:57:53 -04:00
James 909ce97aea ui: bump base font 13→14px; request table stays 13px 2026-03-12 02:56:05 -04:00
James b402d64cb9 feat: org edit modal — click card to edit name/domains/role/website/desc; PUT /api/orgs/:id 2026-03-12 02:53:23 -04:00
James bbce4cf36a fix: orgs page — read o.name/role/domains directly from API response, not data_text 2026-03-12 02:49:16 -04:00
James 35f6279d56 ui: reduce top padding on project page 2026-03-12 02:45:44 -04:00
James fdcc1b96e3 fix: admin link — inline script hides before paint, no flash 2026-03-12 02:44:40 -04:00
James 28189e17d1 ui: status+Import+Summary on tab line; Summary brighter; Admin pinned to sidebar bottom 2026-03-12 02:42:55 -04:00
James 449a902b4d ui: project name full white; Org tab → Parties; Summary toggle inline with tabs 2026-03-12 02:40:01 -04:00
James a9d40a31b5 ui: custom project switcher dropdown — no native select 2026-03-12 02:37:04 -04:00
James a2fc510065 ui: project switcher — strip browser default select styling 2026-03-12 02:35:41 -04:00
James 34319eef07 fix: remove inline SVG data URI from template attr (breaks Go template engine) 2026-03-12 02:34:04 -04:00
James 9368261ce2 ui: project switcher dropdown in header; consistent type hierarchy throughout 2026-03-12 02:32:40 -04:00
James 4abac19f35 ui: larger header + logo, project name in header selectable, sidebar font larger, no repeated h1 2026-03-12 02:29:41 -04:00
James bb33323957 feat: Steel + Brutalist themes; tighten all theme base sizes to 13px 2026-03-12 02:19:27 -04:00
James 14b35c95da fix: restore org name dropdown + no-match message; member name field full width 2026-03-12 01:04:46 -04:00
James 0bb8033ed7 fix: add org website/domain field for invite validation; dropdown hides on blur 2026-03-12 00:56:43 -04:00
James 8b0a09bb7e fix: auto-derive org domains from member emails; keep domain validation on backend 2026-03-12 00:39:15 -04:00
James 5c17bf5980 fix: add org — domain no longer required, dropdown hides on blur, member bubbles UX 2026-03-12 00:37:40 -04:00
James 6e50974faf security: hard block on DB files throughout the portal 
Platform rule: raw database files (.db, .sqlite, .sqlite3, .sql,
.mdb, .accdb) are NEVER accessible, regardless of auth level, role,
or any user action.

Enforced at four layers:
1. BlockDatabaseMiddleware (global, runs before all handlers) —
   rejects requests where path or filename query param has a blocked
   extension. Cannot be bypassed at the route level.

2. UploadObject — rejects uploads of blocked file types at ingestion.
   They never enter the object store in the first place.

3. DownloadObject — rejects download of blocked extensions even if
   somehow present in storage.

4. PreviewObject — rejects preview of blocked extensions.

5. Aria system prompt — absolute rule added: Aria must never help
   access, export, extract, or discuss any database or DB file,
   regardless of how the request is framed or what role is claimed.

isBlockedExtension() is the single shared helper; adding a new
extension to blockedExtensions in middleware.go propagates to all
four enforcement points automatically.
 2026-03-08 08:25:25 -04:00
James 170de7fc19 fix: chat widget paths → /static/chat.js 2026-03-07 17:08:58 -05:00
James 72b5b59fe2 feat: Aria chat widget (chat.js + chat.css) — AI assistant on website 2026-03-07 17:08:42 -05:00
James eae31d55c7 fix: show full request sentences, no mid-word truncation; edit uses textarea showing full text 2026-03-07 14:21:46 -05:00