Enhance user management and UI design across multiple phases#2
Open
ahnaf-tahmid-chowdhury wants to merge 286 commits into
Open
Enhance user management and UI design across multiple phases#2ahnaf-tahmid-chowdhury wants to merge 286 commits into
ahnaf-tahmid-chowdhury wants to merge 286 commits into
Conversation
With Traefik ForwardAuth authenticating every request, Grafana login tokens are unnecessary and cause continuous 401 loops from /auth-tokens/rotate, preventing lazy-load chunks from resolving.
Add a 30-second heartbeat that pings a new `/servers/:id/activity` endpoint when the server detail page or the user server gateway page is open and the browser tab is visible. This prevents the idle shutdown timer from expiring while a user is actively monitoring their server in the UI. Also update the default idle shutdown timeout from 30 minutes to 15 and include a test confirming that requesting an access token already refreshes the last_activity timestamp.
- Add GitHub Actions workflow for markdown lint and link checks - Add markdownlint-cli2 configuration - Move research docs into structured docs/ hierarchy (architecture, operations, security, development, reference) - Remove stale .research/ files - Consolidate README with simplified quick start and architecture diagram - Update AGENTS.md for docs ownership and structure - Add nukelabctl lint markdown target and update selftest
Migrate .github/workflows/ci.yml and security.yml runner Python to 3.13 and Node to 24. Switch backend base image from python:3.12-slim to 3.13-slim, frontend builder from node:22-alpine to 24-alpine, and environments/base from ubuntu:24.04 to debian:13 with Node 24. Reflect updated base images in PENETRATION-TEST-FINDINGS.md and require Node >=24.0.0 in frontend/package.json.
Switch from storing raw HTML coverage reports as CI artifacts to using CodeCoverageSummary for a Markdown comment with badges and indicators. Drop the artifact upload step entirely since the summary now serves as the primary coverage output.
|
You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool. What Enabling Code Scanning Means:
For more information about GitHub Code Scanning, check out the documentation. |
- Add path filters so security workflow only runs on relevant changes. - Add cp .env.example .env.development and chmod +x ./nukelabctl to all steps. - Make Trivy image scans non-blocking while still generating SARIF. - Merge backend/frontend Trivy SARIF into a single run for upload-sarif@v4. - Bump codeql-action/upload-sarif to v4.
Bump opentelemetry packages to latest (v1.32.1 / v0.53b1), relax setuptools constraint to >=80.0.0, and strip wheel/jaraco.context from the production image to reduce the attack surface. Allow Trivy to report findings without failing the CI workflow.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.