rohskiddo/UMBRA
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
181 Commits 29 Branches 0 Tags
Commit Graph

8 Commits

Author SHA1 Message Date
Kyle Pope
a313ce8b32 Update README for multi-user RBAC release 
- Add multi-user RBAC, admin portal, and registration to features
- Update tech stack (37 migrations, CSRF middleware, RBAC)
- Expand security section with IDOR protection, CSRF, input validation,
  timing safety, inactive user blocking, password reuse prevention
- Update project structure (18 models, 13 schema modules, admin components)
- Add admin endpoints to API overview
- Note pentest verification (51+ test cases, 0 exploitable findings)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-28 02:58:52 +08:00
Kyle Pope
92efeba2ec Fix QA review findings: update docs and comments 
- W-01: Update README.md security section to reflect removed in-memory
  rate limiter and add /setup to nginx rate-limited endpoint list
- W-02: Replace misleading ALLOW_LAN_NTFY reference with actionable
  guidance to edit _BLOCKED_NETWORKS directly
- S-04: Add comment explaining burst=3 on /api/auth/setup vs burst=5

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-26 02:42:59 +08:00
Kyle Pope
ad102c24ed Apply QA suggestions and update all documentation 
Code changes (S-01, S-02, S-05):
- DRY nginx proxy blocks via shared proxy-params.conf include
- Add ENVIRONMENT and CORS_ORIGINS to .env.example
- Remove unused X-Requested-With from CORS allow_headers

Documentation updates:
- README.md: reflect auth upgrade, security hardening, production
  deployment guide with secret generation commands, updated architecture
  diagram, current project structure and feature list
- CLAUDE.md: codify established dev workflow (branch → implement →
  test → QA → merge), update auth/infra/stack sections, add authority
  links for progress.md and ntfy.md
- progress.md: add Phase 11 (auth upgrade) and Phase 12 (pentest
  remediation), update file inventory, fix outstanding items
- ui_refresh.md: update current status line

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-25 20:36:12 +08:00
Kyle Pope
ca8b654471 Dashboard Phase 2: weather widget, starred events, quick add, thinner events 
- Add weather router with OpenWeatherMap integration and 1-hour cache
- Add is_starred column to calendar events with countdown widget
- Add weather_city setting with Settings page input
- Replace people/locations stats with open todos count + weather card
- Add quick-add dropdown (event/todo/reminder) to dashboard header
- Make CalendarWidget events single-line thin rows
- Add rain warnings to smart briefing when chance > 40%
- Invalidate dashboard/upcoming queries on form mutations
- Migration 004: is_starred + weather_city columns

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-20 13:15:43 +08:00
Kyle Pope
e6387065ad updated name from lifemanager to umbra, 2026-02-15 20:21:55 +08:00
Kyle Pope
96c225f4f7 updated README.md 2026-02-15 16:19:55 +08:00
Kyle
c0a9d6ab95 Update README.md 2026-02-15 08:17:15 +00:00
Kyle Pope
1f6519635f Initial commit 2026-02-15 16:13:41 +08:00