Hynes/Void-Homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fa47419cbd08d0965251449ccae332d079dbe70b
Void-Homelab/CHANGELOG.md
root 8ae9bced24 chore: version 2.0.0-alpha.2 + changelog 
Search view: read ?q from hash, call /api/search, group hits by kind
with rank + space_id; sidebar filters for kinds and space_id; updates
on Enter or filter change.

Bumps package.json + server.js VERSION to 2.0.0-alpha.2 and pins the
/health version assertion to match.

CHANGELOG: full Plan 2 entry covering API surface, capability tiering,
audit chain extension (approve/reject events), and the SPA shell.

Security: adds safeHref() to dom.js and applies it everywhere an
API-supplied URL becomes href / src (reference media block + reference
source_url anchor + resource url anchor). javascript: and other
non-http(s)/mailto schemes from agent-suggested content can no longer
execute in the owner's browser.

Plan 2 surface is feature-complete: 22/22 tasks landed, 185 tests
across 43 files, SPA renders end-to-end including the suggest -> approve
agent flow.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-06-01 02:26:56 +10:00

77 lines
3.9 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Changelog
All notable changes to Void 2.0 are documented here.
Format: [Keep a Changelog](https://keepachangelog.com).
## [2.0.0-alpha.2] — 2026-06-01
### Added (Plan 2: API surface + UI shell)
- REST routes for the full entity tree:
- `/api/spaces`, `/api/projects`, `/api/tasks` (with project + space scoping)
- `/api/pages` + page revisions + `/api/pages/:id/backlinks`
- `/api/refs` + `/api/refs/upsert`
- `/api/resources` + dependencies + change history
- `/api/resources/:id/source-docs` + `/api/source-docs/:id/resync` (gated by `ENABLE_RESYNC`)
- `/api/agents` (owner-only) + agent token mint/revoke
- `/api/conversations` + nested `/messages`
- `/api/tags` + entity-scoped attach/detach via `/api/:entity_type/:entity_id/tags`
- `/api/links` (POST/GET from|to/DELETE) for polymorphic entity links
- `/api/pending-changes` + approve/reject with dispatch table covering
page/project/task/ref/resource/source_doc × create/update/delete
- `/api/audit/entity/:type/:id` + `/api/audit/actor`
- `/api/search` unified FTS across pages, refs, source docs, messages
- Agent bearer auth middleware + capability tiering: owner allow, agent
`write+scope` → allow, agent `suggest` → 202 + pending row, else 403.
- Approve and reject emit explicit `approve` / `reject` entries in the
audit log with the original agent id preserved in the diff.
- Static SPA shell served from `public/`:
- Three-column Cradle aesthetic (blackflame palette, Cinzel display
headings, Cormorant Garamond body)
- Hash-based router with views for home / space / project / page /
reference / resource / search / inbox / sacred valley
- `dom.js` safe builders — no `innerHTML` on API data anywhere; the
explicit `html:` opt-in is used only by the markdown editor's
preview pane, which sanitizes with DOMPurify
- Sidebar Spaces tree with lazy project expansion, bottom Navigate
section, pending-count badge shared with the topbar bell via a tiny
`state.js` event bus
- Topbar: brand, capture modal stub, global search (Enter →
`#/search?q=`), pending bell, owner toggle
- Page editor: split-pane markdown via marked + DOMPurify, save
PATCHes `/api/pages/:id`, backlinks card
- Reference detail: media block (image / YouTube embed / link),
summary, metadata table, tag attach/detach, linked-from list
- Resource detail: status header, dependencies + source docs +
runbook pages columns, change history
- Inbox: pending changes grouped by agent, approve → navigate to the
resulting entity
- Test coverage: 185 tests across 43 files (113 new for Plan 2 routes +
search + GET / shell smoke).
### Security follow-ups (deferred)
- Polymorphic IDOR risk on entity_links / entity_tags / attachments —
acceptable today since the entire API is owner-token gated and there
is one tenant; see `docs/security-followups.md` for the tighten-now
vs defer decision.
- `pending_changes.action` CHECK constraint blocks `'upsert'` /
`'add_dependency'` / `'remove_dependency'` actions emitted by some
routes' `divertToPending` paths. Latent — only fires when an agent at
suggest tier hits those specific endpoints. Mitigation options
documented in `docs/security-followups.md`.
## [Unreleased]
### Added
- Initial repo scaffolding
### Added (Plan 1: Foundation)
- LXC provisioning for `void2-db` (Postgres 16 + pgvector) and `void2-app`
- Schema migrations 001-006 covering core, knowledge, resources, agents, cross-cutting, audit
- Repos with capability-checked `actor` parameter and audit trail
- Real audit log with redaction of sensitive keys (token, password, api_key, etc.)
- `pending_changes` table for agent suggestions awaiting owner approval
- Capability check module (allow / suggest / deny) for user vs agent actors
- Owner-token bearer auth
- Express server with `/health` and smoke `/api/spaces`
- Test coverage: 72 tests across migrations, repos, capability, owner middleware, server
Reference in New Issue View Git Blame Copy Permalink