johan
/
mission-control
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
20 Commits 1 Branch 0 Tags 12 MiB
Commit Graph

20 Commits

Author SHA1 Message Date
Nyk 77e989b5bf docs: fix remaining README inconsistencies 
- Fix panel count in hero section: "20+" → "26" (matches architecture tree)
- Fix security advice: remove stale reference to open security issues (all closed), replace with actionable deployment guidance
 2026-02-27 19:49:48 +07:00
nyk a49786d940
Merge pull request #31 from builderz-labs/docs/readme-accuracy-fixes 
Fix README inaccuracies and add engines field
 2026-02-27 19:24:58 +07:00
Nyk dd7d4fb481 docs: fix README inaccuracies and add engines field 
- Fix migration count: 11 → 14 (actual count in migrations.ts)
- Fix panel count: 23 → 26 (actual count in components/panels/)
- Fix API route count: 25+ → 30+ (actual count in app/api/)
- Update testing line to mention 52 E2E tests
- Collapse completed issues list into link to v1.0.0 release notes
- Add engines.node >= 20 to package.json (matches CI)
 2026-02-27 19:24:36 +07:00
nyk 5515ab5f77
Merge pull request #30 from builderz-labs/fix/ci-release-readiness 
Fix CI workflow and release readiness bugs
 2026-02-27 18:52:41 +07:00
Nyk 5647ac1932 fix: CI workflow and release readiness bugs 
- Swap pnpm/node setup order (pnpm must install before node cache)
- Move build step before E2E tests (next start needs .next/ output)
- Add `cp .env.test .env` step so E2E server has auth credentials
- Fix test:all script to build before E2E (same ordering bug)
- Remove stale package-lock.json (project uses pnpm exclusively)
- Update README: remove "No E2E test suite" (52 tests exist now)
 2026-02-27 18:52:13 +07:00
nyk 243f25a1db
Merge pull request #29 from builderz-labs/test/e2e-critical-fixes 
Add 52 Playwright E2E tests for all critical fixes
 2026-02-27 15:39:19 +07:00
Nyk 8de9e0b5c3 test: add 52 Playwright E2E tests covering all critical fixes 
8 test suites verifying:
- Auth guards on 19 GET endpoints (Issue #4)
- Timing-safe API key comparison (Issue #5)
- Legacy cookie auth removal (Issue #7)
- Login rate limiting (Issue #8)
- CSRF Origin header validation (Issue #20)
- DELETE body standardization (Issue #18)
- Query limit caps at 200 (Issue #19)
- Login flow and session lifecycle

Also fixes migration 013 crash on fresh DB when gateways table
doesn't exist (created lazily by gateways API, not in migrations).
 2026-02-27 15:38:49 +07:00
nyk 2f0335443f
Merge pull request #28 from builderz-labs/docs/update-readme-post-fixes 
docs: update README to reflect completed fixes
 2026-02-27 14:13:34 +07:00
Nyk 33fa5451d7 docs: update README to reflect completed security and quality fixes 
- Update Known Limitations to remove resolved items (#4-#20)
- Replace Roadmap open checkboxes with completed checklist
- Add Up Next section for remaining work
 2026-02-27 14:12:18 +07:00
nyk 84a7989e3a
Merge pull request #27 from builderz-labs/fix/p3-cleanup 
chore: P3 cleanup — CoC, templates, DELETE patterns, limits, CSRF
 2026-02-27 14:04:49 +07:00
Nyk 08c9f3625b chore: CODE_OF_CONDUCT, issue templates, DELETE patterns, limit caps, CSRF origin check 
- Add Contributor Covenant 2.1 Code of Conduct (Closes #16)
- Add bug report and feature request issue templates (Closes #17)
- Standardize DELETE handlers to use request body instead of query params (Closes #18)
- Cap unbounded limit params to Math.min(limit, 200) on 12 endpoints (Closes #19)
- Add CSRF Origin header validation for mutating requests in middleware (Closes #20)
 2026-02-27 14:04:09 +07:00
nyk 5e94d79e66
Merge pull request #26 from builderz-labs/fix/p2-quality 
fix: P2 quality — strict mode, tests, pagination, N+1, CSP
 2026-02-27 14:03:34 +07:00
Nyk bf0df9b6d0 fix: strict mode, test stubs, pagination counts, N+1 queries, CSP hardening 
- Enable TypeScript strict mode and fix all resulting type errors
- Add auth test stubs for requireRole and safeCompare
- Add proper COUNT(*) pagination totals to agents, tasks, notifications,
  messages, conversations, and standup history endpoints
- Fix N+1 queries by hoisting db.prepare() outside loops in agents,
  activities, notifications, conversations, standup, gateway health,
  and notification delivery routes
- Remove unsafe-eval from CSP script-src directive
- Remove deprecated X-XSS-Protection header
 2026-02-27 14:02:52 +07:00
nyk 704c661bad
Merge pull request #25 from builderz-labs/fix/p1-security-high 
fix: P1 security high — legacy auth, rate limit, SSRF, SQL injection
 2026-02-27 14:02:12 +07:00
Nyk 3b600d817e fix: remove legacy auth, add login rate limiting, block SSRF metadata, parameterize migration SQL 2026-02-27 13:58:52 +07:00
nyk 98f1990b57
Merge pull request #21 from builderz-labs/fix/p0-security-critical 
fix: P0 security critical — auth guards, timing-safe compare, XSS
 2026-02-27 13:56:50 +07:00
Nyk 1ee506b4cf fix: add auth checks on all GET endpoints, timing-safe comparisons, and XSS sanitization 2026-02-27 13:04:24 +07:00
nyk 84ba833454 docs: fix roadmap issue number references 2026-02-27 12:29:47 +07:00
nyk de69a87fdf docs: add project status, known limitations, and roadmap to README 2026-02-27 12:21:31 +07:00
Nyk 99815d20b3 feat: initial open-source release 
OpenClaw Mission Control — agent orchestration dashboard.

Built with Next.js 16, React 19, TypeScript, SQLite, and Tailwind CSS.
MIT License.
 2026-02-23 02:00:44 +07:00