Commit Graph

4 Commits

Author SHA1 Message Date
Antigravity
5b794d6449 feat(auth): restore Google sign-in and AI admin test routes
Some checks failed
CI / Lint, Test & Build (push) Failing after 7m46s
CI / Deploy production (on server) (push) Has been cancelled
Google OAuth was implemented locally but never deployed; the login button
only renders when AUTH_GOOGLE_ID and AUTH_GOOGLE_SECRET are set. Also
restores /api/ai/test-* endpoints removed by mistake and wires Google
credentials into deploy workflows.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-05-17 17:17:42 +00:00
Antigravity
724474cb49 chore: remove dead code — 8 components, 5 libs, 4 API routes, 4 npm packages, 30+ scripts, dead CSS, dead exports
All checks were successful
Deploy to Production / Build and Deploy (push) Successful in 5s
Removed unused components:
- brainstorm-canvas, brainstorm-create-dialog, invite-dialog, manual-idea-dialog
- note-inline-editor, profile-page-header, quota-paywall, label-management-dialog

Removed dead lib files:
- api-auth.ts, color-harmony-recommendation.ts, label-storage.ts, modern-color-options.ts
- hooks/use-card-size-mode.ts

Removed dead API routes:
- ai/test-chat, ai/test-embeddings, ai/test-tags, admin/randomize-labels

Removed unused npm packages:
- cmdk, novel, tippy.js, react-force-graph-2d

Cleaned dead CSS from globals.css:
- acrylic-*, win11-shadow-*, muuri-grid/item, ai-glass, ai-tab-indicator, ai-send-btn, sidebar-view-toggle, memento-sidebar-depth

Removed 29 orphan scripts and 3 root orphan files

Cleaned dead exports from 8 lib files:
- NOTE_TYPE_CONFIG, getPublishableKey, PROVIDER_DEFAULTS, useNotes/useNote/invalidateNote, etc.
2026-05-16 20:34:58 +00:00
fa72672aac security: fix critical auth gaps, SSRF, IDOR, and embedding error handling
Some checks failed
Deploy to Production / Build and Deploy (push) Failing after 39s
CRITICAL:
- Add auth + admin check to 10 unprotected API routes (test-*, debug/*,
  config, models, fix-labels)
- Add CRON_SECRET bearer auth to /api/cron/reminders (was fully open)
- Add SSRF protection to getOllamaModels (blocks private/internal IPs)

HIGH:
- Fix getAllLabels() missing userId filter (leaked all users' labels)
- Fix /api/labels OR clause leaking other users' labels
- Fix IDOR in toggleAgent/getAgentActions (add ownership check)
- Fix getEmbeddings() returning [] on error in all 5 providers (corrupted
  semantic search with NaN cosine similarity) — now throws instead

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-30 21:02:13 +02:00
Sepehr Ramezani
e4d4e23dc7 chore: clean up repo for public release
- Remove BMAD framework, IDE configs, dev screenshots, test files,
  internal docs, and backup files
- Rename keep-notes/ to memento-note/
- Update all references from keep-notes to memento-note
- Add Apache 2.0 license with Commons Clause (non-commercial restriction)
- Add clean .gitignore and .env.docker.example
2026-04-20 22:48:06 +02:00