- ApiKeyCreationModal: required Alias input (reuse alias = renew, with
banner); align roles to backend allowlist (guest -> user, default
user); fix copy bug (generatedKey.key).
- MarkdownContent + PatchCards: show author / created / last modified
(+ by whom); formatDateTime helper (null -> "—").
Branched off fix/buildconfig-cachebust (carries the contenthash +
BuildConfig fix already deployed to prod).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- BuildConfig.sh: ${DEBUG:false} -> ${DEBUG:-false} and normalize to
true/false. The old syntax produced empty -> invalid config.json
("DEBUG": }) when DEBUG was unset, breaking the whole frontend.
- webpack: output [name].[contenthash].js so index.html references a
unique bundle URL each build; eliminates stale CDN/browser bundle
after deploys (no manual cache purge needed).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Redesign the frontend with a dark-tech theme: add Tailwind + PostCSS,
design tokens, and shadcn-style primitives (Button/Card/Input/Dialog/
DropdownMenu/Tabs/ScrollArea/etc.); restyle the app shell, navigation,
sidebar tree, content view, markdown rendering, editors, modals and
settings panels. Behavior/props unchanged; Font Awesome replaced with
lucide-react.
Add the patch cards feature UI: patch-queries hooks and a PatchCards
component rendered below the markdown body, with an Add Patch button
and create/edit dialog.
Fix tree expandability: folders with an index page now expand on name
click (and navigate), and the chevron+folder icon is one larger toggle.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- MarkdownView: add rehype-sanitize between rehype-raw and rehype-katex
to strip scripts/event-handlers/javascript: URLs from user-authored
markdown (was stored XSS, also affected the public /pg/* route);
keep className on code/span/div so KaTeX and syntax highlighting
still work. Add rehype-sanitize ^6.0.0 to deps and lockfile.
- MarkdownContent / StandaloneMarkdownPage: parse markdown content via
parseMarkdownContent() instead of an unguarded JSON.parse, so a single
corrupt/legacy record no longer white-screens the whole page.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
