johan
/
mission-control
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
48 Commits 1 Branch 0 Tags 12 MiB
Commit Graph

13 Commits

Author SHA1 Message Date
Nyk 4c7b3257d6 feat: add OpenAPI 3.1 documentation with Scalar UI 
- Add openapi.json spec covering all 59 API routes (~95 operations)
- Serve spec at GET /api/docs (no auth required, cached)
- Add interactive Scalar API reference UI at /docs
- Allow unauthenticated access to /api/docs and /docs in middleware
- Add @scalar/api-reference-react dependency
- Add 3 E2E tests for spec validation and auth bypass
 2026-03-02 11:03:16 +07:00
Nyk 98da58a8ba feat: add per-agent cost breakdown panel 
- Add `agents` field to tokens action=stats response (groups by agent
  extracted from sessionId split on ':')
- Add new action=agent-costs returning per-agent stats, model breakdown,
  session list, and daily cost/token timeline
- New AgentCostPanel with summary cards, pie chart, trend lines,
  efficiency bars, and expandable ranking table
- Add nav-rail entry in OBSERVE group after Tokens
- Add ContentRouter case for agent-costs tab
- Add 5 E2E tests for the new API endpoints
 2026-03-02 10:46:13 +07:00
Nyk df06c3a2ad feat: v1.2.0 — validation hardening, unit tests, quality improvements 
- Fix task status enum mismatch (blocked → quality_review)
- Add 12 Zod schemas for all unvalidated mutation routes
- Apply validateBody() across 11 API route handlers
- Add readLimiter (120/min) for GET-heavy endpoints
- Extend heavyLimiter to search, backup, cleanup routes
- Add security headers (X-Content-Type-Options, X-Frame-Options, Referrer-Policy)
- Fill auth test stubs with real assertions (safeCompare, requireRole)
- Add validation, rate-limit, and db-helpers unit test suites (60 tests total)
- Replace as-any casts with typed interfaces (SessionQueryRow, UserQueryRow, CountRow)
- Bump version to 1.2.0, add CHANGELOG.md, update README roadmap
 2026-03-02 00:22:59 +07:00
Nyk 8dd6e7ef17 fix: scrub deployment-specific data from public repo 
- Replace hardcoded Telegram bot integrations (Jarv/Forge/Nefes/Ops)
  with a single generic Telegram entry
- Remove 'forge' agent from hardcoded UI color themes
- Replace /home/openclaw/ paths in .env.example with /path/to/
- Fix default port in scripts: 3005 → 3000 (matches docs)
- Replace 'Jarvis' placeholder with generic 'my-agent'
- Rename 'Forge' → 'Builder' in agent identity registry
 2026-03-01 15:37:55 +07:00
Nyk c8f932344f fix: patch command injection, missing rate limit, Docker build, logger crash 
- Sanitize session ID in control route to prevent command injection
  via unsanitized URL params interpolated into shell commands
- Add mutationLimiter and structured logging to session control endpoint
- Install python3/make/g++ in Dockerfile deps stage for better-sqlite3
  native addon compilation
- Handle missing public/ directory in Docker COPY with glob pattern
- Guard pino-pretty transport against missing devDependency at runtime
 2026-02-27 21:57:50 +07:00
Nyk c104b7e071 Merge remote-tracking branch 'origin/main' into feat/medium-priority-v1.1 
# Conflicts:
#	src/app/api/agents/route.ts
#	src/app/api/alerts/route.ts
#	src/app/api/auth/login/route.ts
#	src/app/api/spawn/route.ts
#	src/app/api/tasks/[id]/route.ts
#	src/app/api/tasks/route.ts
#	src/app/api/webhooks/route.ts
#	src/lib/validation.ts
 2026-02-27 21:47:56 +07:00
Nyk 321a7c2db2 feat: error boundaries, pino logger, a11y, HSTS, zod validation, export limits 2026-02-27 21:37:06 +07:00
Nyk 299faf50e3 feat: add Docker support, session controls, model catalog, API rate limiting 2026-02-27 20:56:02 +07:00
Nyk 08c9f3625b chore: CODE_OF_CONDUCT, issue templates, DELETE patterns, limit caps, CSRF origin check 
- Add Contributor Covenant 2.1 Code of Conduct (Closes #16)
- Add bug report and feature request issue templates (Closes #17)
- Standardize DELETE handlers to use request body instead of query params (Closes #18)
- Cap unbounded limit params to Math.min(limit, 200) on 12 endpoints (Closes #19)
- Add CSRF Origin header validation for mutating requests in middleware (Closes #20)
 2026-02-27 14:04:09 +07:00
Nyk bf0df9b6d0 fix: strict mode, test stubs, pagination counts, N+1 queries, CSP hardening 
- Enable TypeScript strict mode and fix all resulting type errors
- Add auth test stubs for requireRole and safeCompare
- Add proper COUNT(*) pagination totals to agents, tasks, notifications,
  messages, conversations, and standup history endpoints
- Fix N+1 queries by hoisting db.prepare() outside loops in agents,
  activities, notifications, conversations, standup, gateway health,
  and notification delivery routes
- Remove unsafe-eval from CSP script-src directive
- Remove deprecated X-XSS-Protection header
 2026-02-27 14:02:52 +07:00
Nyk 3b600d817e fix: remove legacy auth, add login rate limiting, block SSRF metadata, parameterize migration SQL 2026-02-27 13:58:52 +07:00
Nyk 1ee506b4cf fix: add auth checks on all GET endpoints, timing-safe comparisons, and XSS sanitization 2026-02-27 13:04:24 +07:00
Nyk 99815d20b3 feat: initial open-source release 
OpenClaw Mission Control — agent orchestration dashboard.

Built with Next.js 16, React 19, TypeScript, SQLite, and Tailwind CSS.
MIT License.
 2026-02-23 02:00:44 +07:00