disinto

Author	SHA1	Message	Date
Claude	6d148d669b	fix: address AI review feedback - early-return guard and unused volume All checks were successful ci/woodpecker/push/ci Pipeline was successful Details ci/woodpecker/pr/ci Pipeline was successful Details ci/woodpecker/pr/smoke-init Pipeline was successful Details	2026-04-12 03:38:46 +00:00
Claude	dae15410ab	fix: vision(#623 ): disinto-chat conversation history persistence (#710 )	2026-04-12 03:38:46 +00:00
Claude	3b4238d17f	fix: vision(#623 ): disinto-chat cost caps + rate limiting (#711 ) All checks were successful ci/woodpecker/push/ci Pipeline was successful Details ci/woodpecker/pr/ci Pipeline was successful Details ci/woodpecker/pr/smoke-init Pipeline was successful Details Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-12 03:06:06 +00:00
Claude	f8ac1d2ae2	fix: vision(#623 ): Caddy Remote-User forwarding + chat-side validation (defense-in-depth) (#709 ) All checks were successful ci/woodpecker/push/ci Pipeline was successful Details ci/woodpecker/pr/ci Pipeline was successful Details ci/woodpecker/pr/smoke-init Pipeline was successful Details Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-12 02:21:02 +00:00
Claude	30e19f71e2	fix: vision(#623 ): Forgejo OAuth gate for disinto-chat (#708 ) All checks were successful ci/woodpecker/push/ci Pipeline was successful Details ci/woodpecker/pr/ci Pipeline was successful Details ci/woodpecker/pr/smoke-init Pipeline was successful Details Gate /chat/* behind Forgejo OAuth2 authorization-code flow. - Extract generic _create_forgejo_oauth_app() helper in lib/ci-setup.sh; Woodpecker OAuth becomes a thin wrapper, chat gets its own app. - bin/disinto init now creates TWO OAuth apps (woodpecker-ci + disinto-chat) and writes CHAT_OAUTH_CLIENT_ID / CHAT_OAUTH_CLIENT_SECRET to .env. - docker/chat/server.py: new routes /chat/login (→ Forgejo authorize), /chat/oauth/callback (code→token exchange, user allowlist check, session cookie). All other /chat/* routes require a valid session or redirect to /chat/login. Session store is in-memory with 24h TTL. - lib/generators.sh: pass FORGE_URL, CHAT_OAUTH_CLIENT_ID, CHAT_OAUTH_CLIENT_SECRET, EDGE_TUNNEL_FQDN, DISINTO_CHAT_ALLOWED_USERS to the chat container environment. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-12 01:52:16 +00:00
Claude	0c5bb09e16	fix: address review — move LOGFILE to tmpfs, add CapDrop check (#706 ) All checks were successful ci/woodpecker/push/ci Pipeline was successful Details ci/woodpecker/pr/ci Pipeline was successful Details ci/woodpecker/pr/smoke-init Pipeline was successful Details LOGFILE=/var/chat/chat.log is unwritable on read-only rootfs; move to /tmp/chat.log (tmpfs-backed). Add CapDrop=ALL assertion to verify script so removing cap_drop from compose is caught. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-12 01:19:42 +00:00
Claude	e74fc29b82	fix: vision(#623 ): disinto-chat sandbox hardening (#706 ) All checks were successful ci/woodpecker/push/ci Pipeline was successful Details ci/woodpecker/pr/ci Pipeline was successful Details ci/woodpecker/pr/smoke-init Pipeline was successful Details Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-12 01:08:23 +00:00
Claude	938cd319aa	fix: address AI review feedback for disinto-chat (#705 ) All checks were successful ci/woodpecker/push/ci Pipeline was successful Details ci/woodpecker/pr/ci Pipeline was successful Details ci/woodpecker/pr/smoke-init Pipeline was successful Details	2026-04-12 00:46:57 +00:00
Claude	eada673493	fix: vision(#623 ): disinto-chat container scaffold (no auth) (#705 )	2026-04-12 00:46:57 +00:00

9 commits