pieced/pieced-portal
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
105 Commits 1 Branch 83 Tags
a1769eeb0057b2d7267d3829224557251736f603
Commit Graph

8 Commits

Author SHA1 Message Date
admin
49b085e59e Phase2.5: Skill SetUp Process
All checks were successful
Build and Push / build (push) Successful in 1m39s
Details
2026-05-24 17:25:08 +02:00
admin
ce70fe8480 Phase1: Schema + skill event tracking
Some checks failed
Build and Push / build (push) Failing after 38s
Details
2026-05-23 23:45:04 +02:00
admin
22fd5fb2cc TenantAssignment and readside filtering
All checks were successful
Build and Push / build (push) Successful in 1m23s
Details
2026-04-26 22:58:30 +02:00
admin
7c4e20099d Role split and owner gating
All checks were successful
Build and Push / build (push) Successful in 1m24s
Details
2026-04-26 22:45:38 +02:00
admin
f0eca1959b fix(portal): security hardening for pilot readiness 
- C1: Rewrite /api/usage to resolve teamId server-side from tenant CR;
  customers can no longer pass arbitrary teamId (IDOR fix)
- C2: Remove POST /api/tenants — tenants are only created via admin
  approval flow
- H1: Validate packages against catalog, workspaceFiles against allowlist,
  and field lengths in PATCH /api/tenants/[name]
- H2: Remove full ZITADEL profile claims logging from JWT callback
- H3: Add safeError() utility; sanitize all error responses to clients,
  toggle raw errors via PORTAL_DEBUG_ERRORS=true
- H4/H5: Escape HTML entities in all email templates (contactName,
  companyName, adminNotes)
 2026-04-14 20:20:04 +02:00
admin
dbfa7560cf All the channel approval 2026-04-12 13:47:27 +02:00
admin
f20d5f09ae Working version 6.2 2026-04-10 14:44:03 +02:00
admin
d526c1ff4a Add initial Portal version 2026-04-09 22:16:22 +02:00