Skip to content

feat: Security workflows #14

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
damacus merged 2 commits into from
Feb 10, 2026
Merged

feat: Security workflows #14

damacus merged 2 commits into from
Feb 10, 2026

Conversation

@damacus
Copy link
Owner

@damacus damacus commented Feb 9, 2026
edited
Loading

Summary

  • document the beads workflow and config for the new issue tracking tooling and ignore patterns
  • enforce CSRF/security header middleware when spinning up the Echo server and pin CDN deps plus HTMX CSRF wiring in the templates
  • harden auth cookies and add auth/middleware/server template tests covering the new protections

damacus and others added 2 commits February 9, 2026 22:05
@damacus
Install beads and resolve issues
805786d
@damacus @claude
fix: resolve E2E test failures caused by inherited hx-select on body
158ad76 
The hx-select="#main-content" on <body> was inherited by all HTMX
elements, causing modal fetches (bucket/user create) to select nothing
from responses that don't contain #main-content. This resulted in
modals never being inserted into the DOM.

Changes:
- Remove global hx-target/hx-select/hx-swap from body tag
- Switch to Alpine.js CSP build with pinned version
- Rewrite buckets dropdown from Alpine to vanilla JS
- Fix browser upload progress modal visibility
- Update E2E tests to use native Playwright clicks
- Add template security tests enforcing best practices
- Add MCP server config and CLAUDE.md symlink

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@damacus damacus changed the title Add best-practices security workflows feat: Security workflows Feb 10, 2026
@damacus damacus merged commit 2ee555a into main Feb 10, 2026
4 checks passed
@damacus damacus deleted the best-practises branch February 10, 2026 10:58
@patchbotmcbotface patchbotmcbotface bot mentioned this pull request Feb 10, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@damacus