Commit Graph

17 Commits

Author SHA1 Message Date
null 2923ef0d50 feat(zoho): add Cases forwarding + setup docs (closes #76, #78)
- Add forwardSupportToZoho() for Zoho Cases (fire-and-forget)
- Map support fields: issue→Subject, priority→Priority, Case_Origin=Website
- ZOHO_CASES_ENABLED env var (independent from ZOHO_ENABLED)
- Add docs/zoho-setup.md with step-by-step setup guide
- Batch 7.2 and 7.4
2026-05-17 19:27:04 -05:00
null debde23ab7 fix(zoho): fix OAuth token endpoint, improve lead field mapping, add upsert
- Fix critical bug: token refresh now uses ZOHO_ACCOUNTS_DOMAIN
  (accounts.zoho.com) instead of API domain (www.zohoapis.com).
  The OAuth token endpoint lives on a different domain.
- Remove unnecessary redirect_uri from refresh token request
- Add ZOHO_ACCOUNTS_DOMAIN env var (separate from API domain)
- Split contact name into First_Name/Last_Name for Zoho schema
- Replace Service_Interest (non-standard field) with Description
  + Lead_Source: Website (standard picklist value)
- Switch from Insert to Upsert API with duplicate_check_fields:
  [Email] so duplicate submissions update instead of error
- Add trigger: ['workflow'] for explicit workflow control
- Add token refresh retry (1 retry on transient failure)
- Add ZOHO_CASES_ENABLED env var for future Cases forwarding
- Update .env.example with full Zoho config documentation
- Update FUTURE.md with detailed Phase 7 Zoho integration plan
- Remove obsolete ZOHO_REDIRECT_URI from Dockerfile
2026-05-17 18:37:10 -05:00
null 1437b2af07 fix: 10 bug fixes from code review (batch 0.6.5)
- #63: Fix industry.href undefined → use industry.id for navigation
- #50: Fix sanitized scope error in catch block (let before try)
- #58: Footer.jsx: convert all internal <a href> to <Link to>
- #61: Textarea.jsx: fix className interpolation (quotes → backticks)
- #59: About.jsx: convert CTA <a href> to <Link to>
- #60: Support.jsx: convert Contact button <a href> to <Link to>
- #62: Badge.jsx: text-foreground → text-text
- #64: Support.jsx: hover:bg-navy-darker → hover:bg-primary-navy-dark
- #65: Server: move timeoutMiddleware before catch-all routes
- #66: Contact.jsx: convert self-referencing <a href> to <Link to>
2026-05-17 18:03:55 -05:00
null 4f3e20b7a0 fix: dead code cleanup, timeout middleware, Zoho error handling (closes #53, #54, #55, #56, #57)
- Delete broken barrel exports ui/index.jsx and ui/all.jsx (#53)
- Remove duplicate QueryClient instance and dead queryClient.js (#55)
- Remove unused queryClient import/export from api.js (#55)
- Move timeoutMiddleware before catch-all routes so it actually fires (#54)
- Fix async error handling in forwardToZoho - add .catch() (#56)
- Add ZOHO_CLIENT_ID to credential guard, normalize defaults to null (#57)
(batch 0.6.4)
2026-05-17 17:46:54 -05:00
null 56bdf07216 fix: close issues #12 #15 #17 #18 — CSP nonce, API retry, input debounce, caching verified (batch 0.6.1) 2026-05-17 16:10:10 -05:00
null e11aefd184 fix: audit issues #10 #14 #16 #19 — CORS errors, JSON middleware, Zoho fields, noValidate (batch 0.6.8) 2026-05-17 15:46:59 -05:00
null 25ab4c7986 fix(server): Zoho token endpoint hardening + version bump to 0.5.4 (batch 0.6.0) 2026-05-17 15:18:24 -05:00
null 5b0a509e70 fix(zoho): P0/P1 criticals — credential check, response validation, timeout, null normalization (Neo N1) 2026-05-17 15:01:04 -05:00
null 7d476f36e8 fix(security): audit fixes #4 #6 #10 + hero rewrite (batch 0.5.2)
- #4: Replace su-exec with USER nodejs in Dockerfile (P0)
- #6: Add UNIQUE constraint on leads.email with migration (P1)
- #10: Consistent NULL handling for optional fields (P1)
- Hero section rewrite: B2B value proposition, prominent 8x8 badge
- Clean up .bak file left by agent
2026-05-17 14:44:34 -05:00
null c4985e37bc feat: Phase 5 SPA fixes, mobile menu, assets, and redesign planning
- Fix BrowserRouter → RouterProvider (routes were disconnected)
- Strip TS generics from .jsx files (Card, Badge, Dialog, Input, Textarea)
- Fix useToast import from sonner (Contact, Support)
- Merge mobile Sheet into Header (DialogTrigger outside Dialog)
- Add SPA catch-all route for client-side navigation
- Add CSP style-src for Google Fonts
- Copy all image assets to public/ (were 404)
- Replace placeholder logo with real Queue North logo
- Fix SheetContent positional CSS + install tailwindcss-animate
- Add visually hidden SheetTitle for accessibility
- Update README and FUTURE.md with Phase 5 redesign batches
- Add review.md (redesign assessment, exempt from git)
2026-05-13 22:07:35 -05:00
null c2d5873f08 feat: error handling hardening, 404 catch-all, health check DB test, request timeout, global error handlers (v0.4.8) 2026-05-13 19:59:19 -05:00
null 7257633d94 feat: rate limiting, helmet security headers, CORS, trust proxy, Docker env vars (v0.4.7) 2026-05-13 18:37:32 -05:00
null 39ee1fe537 feat: structured logging with timestamps, request logging, and submission details (v0.4.6) 2026-05-13 18:31:52 -05:00
null 6bfd804313 feat: Zoho CRM forwarding layer with OAuth2 token management (v0.4.6) 2026-05-13 18:28:56 -05:00
null 4ac0fa250d feat: server-side validation + input sanitization (v0.4.5) 2026-05-13 18:18:07 -05:00
null 1f3e3864f9 feat: Docker batch 0.2.1 — production-ready containerization
- Multi-stage Dockerfile with non-root nodejs user
- Healthcheck using Node 20 built-in fetch (no wget)
- docker-entrypoint.sh: root permission fix, then exec to nodejs
- server/db.js: deferred SQLite init for Docker volume permissions
- docker-compose.yml with named volumes for persistence
- .dockerignore and .env.example added
- README updated with Docker usage section

Security reviewed by Private Hudson. All blockers resolved.
2026-05-12 01:57:55 -05:00
null b7f7765a72 feat: complete phase 1 foundation 2026-05-12 01:04:17 -05:00