Commit Graph

4 Commits

Author SHA1 Message Date
Antigravity
5b794d6449 feat(auth): restore Google sign-in and AI admin test routes
Some checks failed
CI / Lint, Test & Build (push) Failing after 7m46s
CI / Deploy production (on server) (push) Has been cancelled
Google OAuth was implemented locally but never deployed; the login button
only renders when AUTH_GOOGLE_ID and AUTH_GOOGLE_SECRET are set. Also
restores /api/ai/test-* endpoints removed by mistake and wires Google
credentials into deploy workflows.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-05-17 17:17:42 +00:00
Antigravity
724474cb49 chore: remove dead code — 8 components, 5 libs, 4 API routes, 4 npm packages, 30+ scripts, dead CSS, dead exports
All checks were successful
Deploy to Production / Build and Deploy (push) Successful in 5s
Removed unused components:
- brainstorm-canvas, brainstorm-create-dialog, invite-dialog, manual-idea-dialog
- note-inline-editor, profile-page-header, quota-paywall, label-management-dialog

Removed dead lib files:
- api-auth.ts, color-harmony-recommendation.ts, label-storage.ts, modern-color-options.ts
- hooks/use-card-size-mode.ts

Removed dead API routes:
- ai/test-chat, ai/test-embeddings, ai/test-tags, admin/randomize-labels

Removed unused npm packages:
- cmdk, novel, tippy.js, react-force-graph-2d

Cleaned dead CSS from globals.css:
- acrylic-*, win11-shadow-*, muuri-grid/item, ai-glass, ai-tab-indicator, ai-send-btn, sidebar-view-toggle, memento-sidebar-depth

Removed 29 orphan scripts and 3 root orphan files

Cleaned dead exports from 8 lib files:
- NOTE_TYPE_CONFIG, getPublishableKey, PROVIDER_DEFAULTS, useNotes/useNote/invalidateNote, etc.
2026-05-16 20:34:58 +00:00
fa72672aac security: fix critical auth gaps, SSRF, IDOR, and embedding error handling
Some checks failed
Deploy to Production / Build and Deploy (push) Failing after 39s
CRITICAL:
- Add auth + admin check to 10 unprotected API routes (test-*, debug/*,
  config, models, fix-labels)
- Add CRON_SECRET bearer auth to /api/cron/reminders (was fully open)
- Add SSRF protection to getOllamaModels (blocks private/internal IPs)

HIGH:
- Fix getAllLabels() missing userId filter (leaked all users' labels)
- Fix /api/labels OR clause leaking other users' labels
- Fix IDOR in toggleAgent/getAgentActions (add ownership check)
- Fix getEmbeddings() returning [] on error in all 5 providers (corrupted
  semantic search with NaN cosine similarity) — now throws instead

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-30 21:02:13 +02:00
153c921960 fix: comprehensive i18n — replace hardcoded French/English strings with t() calls
Some checks failed
Deploy to Production / Build and Deploy (push) Failing after 1m7s
Replaced ~100+ hardcoded French and English text strings across 30+ components
with proper i18n t() calls. Added 57 new translation keys to all 15 locale files
(ar, de, en, es, fa, fr, hi, it, ja, ko, nl, pl, pt, ru, zh).

Key changes:
- contextual-ai-chat.tsx: 30 French strings → t() (actions, toasts, labels, placeholders)
- ai-chat.tsx: 15 French/English strings → t() (header, tabs, welcome, insights, history)
- note-inline-editor.tsx: 20 French fallbacks removed (toolbar, save status, checklist)
- lab-skeleton.tsx: French loading text → t()
- admin-header.tsx, header.tsx, editor-connections-section.tsx: French fallbacks removed
- New AI chat component, agent cards, sidebar, settings panel i18n cleanup

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-26 21:14:45 +02:00