Enhance web UI with logging, entity management, and security features#146
Merged
Conversation
…limits - csrfGuard requires Hx-Request: true and matching Origin/Referer on mutating methods (H1) - securityHeaders sets CSP, X-Content-Type-Options, Referrer-Policy (M1) - limitBody wraps POST bodies in MaxBytesReader (M12)
Templates now render into bytes.Buffer first; on success the buffer is written to the ResponseWriter, on failure we return a sanitized 500 instead of a torn partial response. Also logs OOB swap template errors (M6, M7) via renderHTMLAppend.
Removes all onclick=/hx-on::after-request attributes from templates and implements them via delegated listeners in tree.js. Templates now expose data-entity-id, data-parent-id, and data-action attributes for the JS to act on. This lets CSP drop 'unsafe-inline' from script-src and style-src.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request introduces several enhancements and infrastructure updates to the entity management and web UI components. The most significant changes include improvements to how entity trees are managed and displayed in the web interface, the addition of new API methods for entity manipulation, and the inclusion of licensing information for third-party fonts.
Entity Tree and Web UI Improvements:
tree.jsto handle interactive behaviors for the inventory tree, add-modal, and detail pane, including keyboard navigation, selection, and modal dialog management. This provides a more accessible and dynamic UI for managing entities.add_item_form.htmltemplate for adding entities via a modal form, supporting selection of entity type and user attribution.detail.htmltemplate to improve the detail section layout, add breadcrumbs, and provide contextual action buttons for editing, adding children, and marking items as missing or found. [1] [2]Entity API and Data Model Enhancements:
HasChildrenfield to theEntityResultstruct and updated the logic inListEntitiesandGetChildrento set this field, enabling the UI to accurately display expand/collapse controls for entities with children. [1] [2]GetEntityByIDmethod in the app layer and updated theAppinterface and test fakes accordingly, allowing retrieval of entities by their stable ID. [1] [2] [3]Licensing and Dependency Management:
Configuration and Infrastructure:
.claude/settings.json..claude/settings.local.jsonto support new development workflows.serenaMCP server configuration from.mcp.json, leaving themcpServersmap empty.These changes collectively improve the flexibility, usability, and maintainability of the entity management system, especially in the web UI, while ensuring compliance with third-party licensing requirements.