johan
/
mission-control
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
115 Commits 1 Branch 0 Tags 12 MiB
Commit Graph

115 Commits

Author SHA1 Message Date
nyk 243f25a1db
Merge pull request #29 from builderz-labs/test/e2e-critical-fixes 
Add 52 Playwright E2E tests for all critical fixes
 2026-02-27 15:39:19 +07:00
Nyk 8de9e0b5c3 test: add 52 Playwright E2E tests covering all critical fixes 
8 test suites verifying:
- Auth guards on 19 GET endpoints (Issue #4)
- Timing-safe API key comparison (Issue #5)
- Legacy cookie auth removal (Issue #7)
- Login rate limiting (Issue #8)
- CSRF Origin header validation (Issue #20)
- DELETE body standardization (Issue #18)
- Query limit caps at 200 (Issue #19)
- Login flow and session lifecycle

Also fixes migration 013 crash on fresh DB when gateways table
doesn't exist (created lazily by gateways API, not in migrations).
 2026-02-27 15:38:49 +07:00
nyk 2f0335443f
Merge pull request #28 from builderz-labs/docs/update-readme-post-fixes 
docs: update README to reflect completed fixes
 2026-02-27 14:13:34 +07:00
Nyk 33fa5451d7 docs: update README to reflect completed security and quality fixes 
- Update Known Limitations to remove resolved items (#4-#20)
- Replace Roadmap open checkboxes with completed checklist
- Add Up Next section for remaining work
 2026-02-27 14:12:18 +07:00
nyk 84a7989e3a
Merge pull request #27 from builderz-labs/fix/p3-cleanup 
chore: P3 cleanup — CoC, templates, DELETE patterns, limits, CSRF
 2026-02-27 14:04:49 +07:00
Nyk 08c9f3625b chore: CODE_OF_CONDUCT, issue templates, DELETE patterns, limit caps, CSRF origin check 
- Add Contributor Covenant 2.1 Code of Conduct (Closes #16)
- Add bug report and feature request issue templates (Closes #17)
- Standardize DELETE handlers to use request body instead of query params (Closes #18)
- Cap unbounded limit params to Math.min(limit, 200) on 12 endpoints (Closes #19)
- Add CSRF Origin header validation for mutating requests in middleware (Closes #20)
 2026-02-27 14:04:09 +07:00
nyk 5e94d79e66
Merge pull request #26 from builderz-labs/fix/p2-quality 
fix: P2 quality — strict mode, tests, pagination, N+1, CSP
 2026-02-27 14:03:34 +07:00
Nyk bf0df9b6d0 fix: strict mode, test stubs, pagination counts, N+1 queries, CSP hardening 
- Enable TypeScript strict mode and fix all resulting type errors
- Add auth test stubs for requireRole and safeCompare
- Add proper COUNT(*) pagination totals to agents, tasks, notifications,
  messages, conversations, and standup history endpoints
- Fix N+1 queries by hoisting db.prepare() outside loops in agents,
  activities, notifications, conversations, standup, gateway health,
  and notification delivery routes
- Remove unsafe-eval from CSP script-src directive
- Remove deprecated X-XSS-Protection header
 2026-02-27 14:02:52 +07:00
nyk 704c661bad
Merge pull request #25 from builderz-labs/fix/p1-security-high 
fix: P1 security high — legacy auth, rate limit, SSRF, SQL injection
 2026-02-27 14:02:12 +07:00
Nyk 3b600d817e fix: remove legacy auth, add login rate limiting, block SSRF metadata, parameterize migration SQL 2026-02-27 13:58:52 +07:00
nyk 98f1990b57
Merge pull request #21 from builderz-labs/fix/p0-security-critical 
fix: P0 security critical — auth guards, timing-safe compare, XSS
 2026-02-27 13:56:50 +07:00
Nyk 1ee506b4cf fix: add auth checks on all GET endpoints, timing-safe comparisons, and XSS sanitization 2026-02-27 13:04:24 +07:00
nyk 84ba833454 docs: fix roadmap issue number references 2026-02-27 12:29:47 +07:00
nyk de69a87fdf docs: add project status, known limitations, and roadmap to README 2026-02-27 12:21:31 +07:00
Nyk 99815d20b3 feat: initial open-source release 
OpenClaw Mission Control — agent orchestration dashboard.

Built with Next.js 16, React 19, TypeScript, SQLite, and Tailwind CSS.
MIT License.
 2026-02-23 02:00:44 +07:00