Antigravity
a623454347
perf: memo GridCard, fuse save fns, fix slash tab active color
CI / Lint, Unit Tests & Build (push) Failing after 1m32s
CI / Deploy production (on server) (push) Has been skipped
2026-06-14 14:06:05 +00:00
Antigravity
5703d5bd49
feat(4-5/4-6): audit logging + zero-data-retention headers
...
CI / Lint, Unit Tests & Build (push) Successful in 5m39s
CI / Deploy production (on server) (push) Failing after 18s
Audit Logging (story 4-6):
- Nouveau modèle AuditLog (userId, action, resource, metadata, ip, createdAt)
- Migration 20260529143000_add_audit_log appliquée
- lib/audit-log.ts : logAuditEvent (fire-and-forget) + logAuditEventAsync + getClientIp
- auth.ts : LOG LOGIN / LOGOUT / USER_CREATED sur chaque event NextAuth
- /api/chat : log AI_REQUEST avec tokens + byok flag dans onFinish
- /api/agents/run-for-note : log AI_REQUEST avec featureKey + noteId
Zero-data-retention (story 4-5):
- OpenAI provider : header OpenAI-No-Training: 1
- Anthropic provider : header Anthropic-No-Train: 1
- DeepSeek provider : header X-No-Train: 1
sprint-status: 4-5 et 4-6 → done
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com >
2026-05-29 14:36:06 +00:00
Antigravity
b825bdb8b2
fix: boucle infinie Maximum update depth dans useAutoTagging + toolbar
...
CI / Deploy production (on server) (push) Has been cancelled
CI / Lint, Unit Tests & Build (push) Has been cancelled
- use-auto-tagging: onQuotaExceeded via ref stable → n'invalide plus
useCallback analyzeContent à chaque render parent
- note-editor-context: filteredSuggestions et existingLabelsLower
stabilisés avec useMemo (était recalculé sans memo → nouvelle ref
à chaque render → état useMemo state se réexécutait → boucle)
- deepseek.ts: generateTags via generateText (pas generateObject)
pour éviter response_format:json_schema non supporté
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com >
2026-05-29 13:40:59 +00:00
Antigravity
4c1359ee39
Revert "fix: switch embedding dimension from 1536 to 2560 for qwen-embedding-4b"
...
Deploy to Production / Build and Deploy (push) Successful in 4s
This reverts commit e09ea3a145 .
2026-05-12 09:19:01 +00:00
Antigravity
e09ea3a145
fix: switch embedding dimension from 1536 to 2560 for qwen-embedding-4b
Deploy to Production / Build and Deploy (push) Successful in 5s
2026-05-12 09:07:55 +00:00
Antigravity
cf2786dec4
feat: integrate Google Gemini, MiniMax, and GLM providers; fix persistent agent loading toast
Deploy to Production / Build and Deploy (push) Failing after 1m23s
2026-05-10 22:33:35 +00:00
Antigravity
97b08e5d0b
feat: icon-only toolbar, versioning fixes, history modal, PanelRight repositioning
...
- Toolbar: remove text labels from all icon buttons (AI, Save, Preview, Convert)
all buttons now icon-only with title tooltip for accessibility
- Toolbar: reposition PanelRight (info panel toggle) to far right after three-dot menu
- Versioning: decouple getNoteHistory/restoreNoteVersion from global userAISettings.noteHistory
now checks note.historyEnabled directly — unblocks manual per-note history
- Versioning: add 'Sauvegarder cette version' button in Versions tab of info panel
calls commitNoteHistory with visual feedback (spinner → success state)
- note-document-info-panel: import commitNoteHistory, add isSavingVersion state
- notes.ts: fix double guard that silently blocked all history operations
2026-05-09 07:28:03 +00:00
Antigravity
08a49a04ce
fix: désactiver thinking mode DeepSeek pour fiabiliser le tool calling
...
Deploy to Production / Build and Deploy (push) Failing after 23s
Co-authored-by: Cursor <cursoragent@cursor.com >
2026-05-05 21:37:55 +00:00
Antigravity
ab914f0587
fix: reasoning_content DeepSeek — retry avec maxSteps=1 si erreur thinking mode
...
Deploy to Production / Build and Deploy (push) Failing after 23s
Co-authored-by: Cursor <cursoragent@cursor.com >
2026-05-05 21:33:16 +00:00
Antigravity
718f4c6900
perf: optimize MCP server (O(1) auth, compact JSON, trashedAt fix) + memento-note performance (lazy loading, server-side filtering, XSS fixes, dead code removal, security hardening)
...
Deploy to Production / Build and Deploy (push) Successful in 1m35s
MCP Server:
- Fix validateApiKey: O(1) direct lookup by shortId instead of loading all keys
- Add trashedAt:null filter to ALL note queries (trashed notes leaked in results)
- Compact JSON output (~40% smaller responses)
- Bounded session cache (Map with MAX_SESSIONS=500) to prevent memory leaks
- PostgreSQL connection pooling (connection_limit=10)
- Rewrite all 22 tool descriptions in clear English
- Fix /sse fallback to proper 307 redirect
memento-note Performance:
- loading=lazy on all note images
- Split notebooksRefreshKey from global refreshKey (note CRUD no longer re-fetches notebooks)
- Remove searchKey from trash count deps (no re-fetch on every keystroke)
- Server-side notebookId filter in getAllNotes() (biggest win)
- Skip collaborator fetch for non-shared notes (eliminates N+1 API calls)
- next/dynamic for MarkdownContent + 4 modals (code-split remark/rehype/KaTeX)
- Memoize DOMPurify sanitize with useMemo
Security:
- XSS: DOMPurify sanitize in note-card and note-history-modal
- Auth anti-enumeration: uniform errors in auth.ts
- CRON_SECRET mandatory on cron endpoints
- Rate limiting on login (5 attempts/min per email)
- Centralized API auth helpers (requireAuth/requireAdmin)
- randomize-labels changed GET→POST
- Removed debug endpoints (/api/debug/config, /api/debug/test-chat)
Cleanup:
- Removed dead code: .backup-keep, settings-backup, fix-*.js, debug-theme, fix-labels route
- Removed sensitive console.error in auth.ts
- Ollama fetchWithTimeout (30s/60s AbortController)
- i18n: full Arabic translation, Farsi missing keys
- Masonry drag-and-drop fix (localOrderMap, cross-section block)
- Sidebar notebook tooltip on truncation
2026-05-03 18:41:38 +00:00
fa72672aac
security: fix critical auth gaps, SSRF, IDOR, and embedding error handling
...
Deploy to Production / Build and Deploy (push) Failing after 39s
CRITICAL:
- Add auth + admin check to 10 unprotected API routes (test-*, debug/*,
config, models, fix-labels)
- Add CRON_SECRET bearer auth to /api/cron/reminders (was fully open)
- Add SSRF protection to getOllamaModels (blocks private/internal IPs)
HIGH:
- Fix getAllLabels() missing userId filter (leaked all users' labels)
- Fix /api/labels OR clause leaking other users' labels
- Fix IDOR in toggleAgent/getAgentActions (add ownership check)
- Fix getEmbeddings() returning [] on error in all 5 providers (corrupted
semantic search with NaN cosine similarity) — now throws instead
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com >
2026-04-30 21:02:13 +02:00
Sepehr Ramezani
5b7cbcbc49
docs: add complete guide, env files, fix docker-compose
...
- Add GUIDE.md: complete user documentation covering installation,
Docker deployment, AI providers, MCP server, N8N integration,
email config, admin panel, env var reference, troubleshooting
- Add mcp-server/.env.example with all MCP-specific variables
- Update .env.docker.example with all 42 environment variables
- Fix docker-compose.yml: parameterize PostgreSQL credentials,
add missing env vars (CUSTOM_OPENAI, AI_PROVIDER_CHAT,
ALLOW_REGISTRATION, RESEND_API_KEY)
- Track memento-note/.env.example
2026-04-20 22:57:09 +02:00
Sepehr Ramezani
e4d4e23dc7
chore: clean up repo for public release
...
- Remove BMAD framework, IDE configs, dev screenshots, test files,
internal docs, and backup files
- Rename keep-notes/ to memento-note/
- Update all references from keep-notes to memento-note
- Add Apache 2.0 license with Commons Clause (non-commercial restriction)
- Add clean .gitignore and .env.docker.example
2026-04-20 22:48:06 +02:00