Commit Graph

13 Commits

Author SHA1 Message Date
null 56bdf07216 fix: close issues #12 #15 #17 #18 — CSP nonce, API retry, input debounce, caching verified (batch 0.6.1) 2026-05-17 16:10:10 -05:00
null e11aefd184 fix: audit issues #10 #14 #16 #19 — CORS errors, JSON middleware, Zoho fields, noValidate (batch 0.6.8) 2026-05-17 15:46:59 -05:00
null 25ab4c7986 fix(server): Zoho token endpoint hardening + version bump to 0.5.4 (batch 0.6.0) 2026-05-17 15:18:24 -05:00
null 5b0a509e70 fix(zoho): P0/P1 criticals — credential check, response validation, timeout, null normalization (Neo N1) 2026-05-17 15:01:04 -05:00
null 7d476f36e8 fix(security): audit fixes #4 #6 #10 + hero rewrite (batch 0.5.2)
- #4: Replace su-exec with USER nodejs in Dockerfile (P0)
- #6: Add UNIQUE constraint on leads.email with migration (P1)
- #10: Consistent NULL handling for optional fields (P1)
- Hero section rewrite: B2B value proposition, prominent 8x8 badge
- Clean up .bak file left by agent
2026-05-17 14:44:34 -05:00
null c4985e37bc feat: Phase 5 SPA fixes, mobile menu, assets, and redesign planning
- Fix BrowserRouter → RouterProvider (routes were disconnected)
- Strip TS generics from .jsx files (Card, Badge, Dialog, Input, Textarea)
- Fix useToast import from sonner (Contact, Support)
- Merge mobile Sheet into Header (DialogTrigger outside Dialog)
- Add SPA catch-all route for client-side navigation
- Add CSP style-src for Google Fonts
- Copy all image assets to public/ (were 404)
- Replace placeholder logo with real Queue North logo
- Fix SheetContent positional CSS + install tailwindcss-animate
- Add visually hidden SheetTitle for accessibility
- Update README and FUTURE.md with Phase 5 redesign batches
- Add review.md (redesign assessment, exempt from git)
2026-05-13 22:07:35 -05:00
null c2d5873f08 feat: error handling hardening, 404 catch-all, health check DB test, request timeout, global error handlers (v0.4.8) 2026-05-13 19:59:19 -05:00
null 7257633d94 feat: rate limiting, helmet security headers, CORS, trust proxy, Docker env vars (v0.4.7) 2026-05-13 18:37:32 -05:00
null 39ee1fe537 feat: structured logging with timestamps, request logging, and submission details (v0.4.6) 2026-05-13 18:31:52 -05:00
null 6bfd804313 feat: Zoho CRM forwarding layer with OAuth2 token management (v0.4.6) 2026-05-13 18:28:56 -05:00
null 4ac0fa250d feat: server-side validation + input sanitization (v0.4.5) 2026-05-13 18:18:07 -05:00
null 1f3e3864f9 feat: Docker batch 0.2.1 — production-ready containerization
- Multi-stage Dockerfile with non-root nodejs user
- Healthcheck using Node 20 built-in fetch (no wget)
- docker-entrypoint.sh: root permission fix, then exec to nodejs
- server/db.js: deferred SQLite init for Docker volume permissions
- docker-compose.yml with named volumes for persistence
- .dockerignore and .env.example added
- README updated with Docker usage section

Security reviewed by Private Hudson. All blockers resolved.
2026-05-12 01:57:55 -05:00
null b7f7765a72 feat: complete phase 1 foundation 2026-05-12 01:04:17 -05:00