Hynes/Void-Homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8ae9bced240c8521cd3b4b5a607e62cb469e78cc
Void-Homelab/CHANGELOG.md
root 8ae9bced24 chore: version 2.0.0-alpha.2 + changelog 
Search view: read ?q from hash, call /api/search, group hits by kind
with rank + space_id; sidebar filters for kinds and space_id; updates
on Enter or filter change.

Bumps package.json + server.js VERSION to 2.0.0-alpha.2 and pins the
/health version assertion to match.

CHANGELOG: full Plan 2 entry covering API surface, capability tiering,
audit chain extension (approve/reject events), and the SPA shell.

Security: adds safeHref() to dom.js and applies it everywhere an
API-supplied URL becomes href / src (reference media block + reference
source_url anchor + resource url anchor). javascript: and other
non-http(s)/mailto schemes from agent-suggested content can no longer
execute in the owner's browser.

Plan 2 surface is feature-complete: 22/22 tasks landed, 185 tests
across 43 files, SPA renders end-to-end including the suggest -> approve
agent flow.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-06-01 02:26:56 +10:00

3.9 KiB
Raw Blame History

Changelog

All notable changes to Void 2.0 are documented here. Format: Keep a Changelog.

[2.0.0-alpha.2] — 2026-06-01

Added (Plan 2: API surface + UI shell)

  • REST routes for the full entity tree:
    • /api/spaces, /api/projects, /api/tasks (with project + space scoping)
    • /api/pages + page revisions + /api/pages/:id/backlinks
    • /api/refs + /api/refs/upsert
    • /api/resources + dependencies + change history
    • /api/resources/:id/source-docs + /api/source-docs/:id/resync (gated by ENABLE_RESYNC)
    • /api/agents (owner-only) + agent token mint/revoke
    • /api/conversations + nested /messages
    • /api/tags + entity-scoped attach/detach via /api/:entity_type/:entity_id/tags
    • /api/links (POST/GET from|to/DELETE) for polymorphic entity links
    • /api/pending-changes + approve/reject with dispatch table covering page/project/task/ref/resource/source_doc × create/update/delete
    • /api/audit/entity/:type/:id + /api/audit/actor
    • /api/search unified FTS across pages, refs, source docs, messages
  • Agent bearer auth middleware + capability tiering: owner allow, agent write+scope → allow, agent suggest → 202 + pending row, else 403.
  • Approve and reject emit explicit approve / reject entries in the audit log with the original agent id preserved in the diff.
  • Static SPA shell served from public/:
    • Three-column Cradle aesthetic (blackflame palette, Cinzel display headings, Cormorant Garamond body)
    • Hash-based router with views for home / space / project / page / reference / resource / search / inbox / sacred valley
    • dom.js safe builders — no innerHTML on API data anywhere; the explicit html: opt-in is used only by the markdown editor's preview pane, which sanitizes with DOMPurify
    • Sidebar Spaces tree with lazy project expansion, bottom Navigate section, pending-count badge shared with the topbar bell via a tiny state.js event bus
    • Topbar: brand, capture modal stub, global search (Enter → #/search?q=), pending bell, owner toggle
    • Page editor: split-pane markdown via marked + DOMPurify, save PATCHes /api/pages/:id, backlinks card
    • Reference detail: media block (image / YouTube embed / link), summary, metadata table, tag attach/detach, linked-from list
    • Resource detail: status header, dependencies + source docs + runbook pages columns, change history
    • Inbox: pending changes grouped by agent, approve → navigate to the resulting entity
  • Test coverage: 185 tests across 43 files (113 new for Plan 2 routes + search + GET / shell smoke).

Security follow-ups (deferred)

  • Polymorphic IDOR risk on entity_links / entity_tags / attachments — acceptable today since the entire API is owner-token gated and there is one tenant; see docs/security-followups.md for the tighten-now vs defer decision.
  • pending_changes.action CHECK constraint blocks 'upsert' / 'add_dependency' / 'remove_dependency' actions emitted by some routes' divertToPending paths. Latent — only fires when an agent at suggest tier hits those specific endpoints. Mitigation options documented in docs/security-followups.md.

[Unreleased]

Added

  • Initial repo scaffolding

Added (Plan 1: Foundation)

  • LXC provisioning for void2-db (Postgres 16 + pgvector) and void2-app
  • Schema migrations 001-006 covering core, knowledge, resources, agents, cross-cutting, audit
  • Repos with capability-checked actor parameter and audit trail
  • Real audit log with redaction of sensitive keys (token, password, api_key, etc.)
  • pending_changes table for agent suggestions awaiting owner approval
  • Capability check module (allow / suggest / deny) for user vs agent actors
  • Owner-token bearer auth
  • Express server with /health and smoke /api/spaces
  • Test coverage: 72 tests across migrations, repos, capability, owner middleware, server
Reference in New Issue View Git Blame Copy Permalink