clock/weather etc. default to 1/6 width; sizes store an integer span 1-12
(legacy s/m/l still accepted by /api/dashboard/layout).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Edit-layout mode: per-card resize (S/M/L), show/hide with a hidden-cards tray,
drag-to-reorder via a dedicated grip handle, and reset-to-default. Persists via
the existing /api/dashboard/layout (order/sizes/hidden) — no backend change.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Removes the rsync --delete / manual-migration / no-rollback footguns from the
deploy path. Validated: clean deploy passes the health gate; a forced health
failure correctly rolls back from the .prev snapshot and recovers.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
A cryptographically-verified CF Access JWT (signature vs team JWKS + audience +
email allow-list) now counts as the owner, so browser requests through the CF
tunnel don't need the owner token copied onto each device. Fails closed → owner
token remains the fallback (LAN-direct + dev/tests unaffected). Opt-in via
CF_ACCESS_TEAM_DOMAIN / CF_ACCESS_AUD / CF_ACCESS_OWNER_EMAILS.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- Q3: prod void DB role NOSUPERUSER (vector marked trusted; deploy/README documents it)
- Q4: buildChildEnv allow-list for the claude subprocess (no OWNER_TOKEN/DATABASE_URL/secrets leak)
- Q5: pending-change approve claims-before-applying + reopens on failure (no re-approvable dup)
- Q6: /capture/upload validates space_id (UUID+existence); pg pool statement_timeout 30s
- Q9: disabled failing syncoid-donatello timer on Z
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Read-only static band from public/devices.json (ARP scan), grouped Smart Home /
Entertainment / Personal / Network / Flagged. Kept distinct from Little Blue's
service health band. Live discovery deferred.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- Left sidebar collapses (topbar menu button); rail collapses (topbar button + strip).
- <=860px / portrait: sidebar + rail become off-canvas drawers over main with a
scrim, closed by default; main goes full-width single-column.
- Smooth transitions; crossing the breakpoint resets to a sane default.
- New components/chrome.js owns toggle + drawer state.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Addresses final-review findings: I1 render-generation guard prevents a double-mount
/timer leak on rapid re-navigation; I2 adds anonymous-rejection tests for the owner-only
POST /speedtest/run and /health/check; M1 CSS comment; M2 cron↔worker dedup note;
M4 full 8-byte PNG signature check; M5 card-contract unit test for all 7 cards.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Adds GET /api/health/services returning registry services grouped by
category with merged cached status and per-group healthy counts, and
POST /api/health/check (owner-only) that enqueues a health.check
pg-boss job. Registers the health_check worker in the jobs index.
