null
56bdf07216
fix: close issues #12 #15 #17 #18 — CSP nonce, API retry, input debounce, caching verified (batch 0.6.1)
2026-05-17 16:10:10 -05:00
null
e11aefd184
fix: audit issues #10 #14 #16 #19 — CORS errors, JSON middleware, Zoho fields, noValidate (batch 0.6.8)
2026-05-17 15:46:59 -05:00
null
25ab4c7986
fix(server): Zoho token endpoint hardening + version bump to 0.5.4 (batch 0.6.0)
2026-05-17 15:18:24 -05:00
null
5b0a509e70
fix(zoho): P0/P1 criticals — credential check, response validation, timeout, null normalization (Neo N1)
2026-05-17 15:01:04 -05:00
null
7d476f36e8
fix(security): audit fixes #4 #6 #10 + hero rewrite (batch 0.5.2)
...
- #4 : Replace su-exec with USER nodejs in Dockerfile (P0)
- #6 : Add UNIQUE constraint on leads.email with migration (P1)
- #10 : Consistent NULL handling for optional fields (P1)
- Hero section rewrite: B2B value proposition, prominent 8x8 badge
- Clean up .bak file left by agent
2026-05-17 14:44:34 -05:00
null
c4985e37bc
feat: Phase 5 SPA fixes, mobile menu, assets, and redesign planning
...
- Fix BrowserRouter → RouterProvider (routes were disconnected)
- Strip TS generics from .jsx files (Card, Badge, Dialog, Input, Textarea)
- Fix useToast import from sonner (Contact, Support)
- Merge mobile Sheet into Header (DialogTrigger outside Dialog)
- Add SPA catch-all route for client-side navigation
- Add CSP style-src for Google Fonts
- Copy all image assets to public/ (were 404)
- Replace placeholder logo with real Queue North logo
- Fix SheetContent positional CSS + install tailwindcss-animate
- Add visually hidden SheetTitle for accessibility
- Update README and FUTURE.md with Phase 5 redesign batches
- Add review.md (redesign assessment, exempt from git)
2026-05-13 22:07:35 -05:00
null
c2d5873f08
feat: error handling hardening, 404 catch-all, health check DB test, request timeout, global error handlers (v0.4.8)
2026-05-13 19:59:19 -05:00
null
7257633d94
feat: rate limiting, helmet security headers, CORS, trust proxy, Docker env vars (v0.4.7)
2026-05-13 18:37:32 -05:00
null
39ee1fe537
feat: structured logging with timestamps, request logging, and submission details (v0.4.6)
2026-05-13 18:31:52 -05:00
null
6bfd804313
feat: Zoho CRM forwarding layer with OAuth2 token management (v0.4.6)
2026-05-13 18:28:56 -05:00
null
4ac0fa250d
feat: server-side validation + input sanitization (v0.4.5)
2026-05-13 18:18:07 -05:00
null
1f3e3864f9
feat: Docker batch 0.2.1 — production-ready containerization
...
- Multi-stage Dockerfile with non-root nodejs user
- Healthcheck using Node 20 built-in fetch (no wget)
- docker-entrypoint.sh: root permission fix, then exec to nodejs
- server/db.js: deferred SQLite init for Docker volume permissions
- docker-compose.yml with named volumes for persistence
- .dockerignore and .env.example added
- README updated with Docker usage section
Security reviewed by Private Hudson. All blockers resolved.
2026-05-12 01:57:55 -05:00
null
b7f7765a72
feat: complete phase 1 foundation
2026-05-12 01:04:17 -05:00