openclaw/oikos
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
765 Commits 3 Branches 0 Tags
734903788096816ed01a9acec25f348deee6fadb
Commit Graph

20 Commits

Author SHA1 Message Date
ulsklyc 8f87b295e9 Update FUNDING.yml 2026-05-04 18:33:28 +02:00
ulsklyc 3a8a7dd3b0 Update Buy Me a Coffee username in FUNDING.yml 2026-05-04 18:29:58 +02:00
Ulas Kalayci defb6bb0a4 fix: remove broken plugin marketplace auth from code review workflow 
The plugin_marketplaces + plugins config triggered an OIDC token exchange
that consistently fails with 401. Replace with a direct prompt, matching
the pattern used in claude.yml which works reliably.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-29 10:43:02 +02:00
Ulas Kalayci f5d4cb2066 ci: fix OIDC-Token-Fehler bei Fork-PRs im Code-Review-Workflow 
pull_request_target statt pull_request: GitHub stellt ACTIONS_ID_TOKEN_REQUEST_URL
nur im Basis-Repo-Kontext bereit. pull-requests: write ergänzt, damit die Aktion
Review-Kommentare posten kann.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-23 09:30:29 +02:00
ulsklyc 5313d96014 ci: switch back to claude_code_oauth_token 2026-04-19 18:01:21 +02:00
ulsklyc 50cedacb91 ci: switch claude-code-review to anthropic_api_key 2026-04-19 17:55:19 +02:00
Ulas Kalayci 4aca9f4189 chore: update dependencies and add Dependabot (closes #53) 
- better-sqlite3 9 → 12 (Node.js ≥22 required, already enforced)
- dotenv 16 → 17 (minor: logging now enabled by default)
- express-rate-limit 7 → 8 (IPv6 /56 subnet grouping, no deprecated options used)
- express-session 1.18 → 1.19
- helmet 8.0 → 8.1
- googleapis 144 → 171
- tsdav 2.0 → 2.1
- Add .github/dependabot.yml for automated weekly npm updates

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-18 19:30:25 +02:00
Ulas 45008a4af6 ci: add latest tag to Docker image on version releases 2026-04-15 07:15:34 +02:00
Ulas b152d0e53f feat: add arm64 Docker image support (closes #44) 
Add QEMU and multi-platform build (linux/amd64 + linux/arm64) to
GitHub Actions workflow, enabling self-hosting on Raspberry Pi and
other ARM64 devices.
 2026-04-14 18:45:31 +02:00
ulsklyc a5cb4e63f1 "Claude Code Review workflow" 2026-04-05 13:39:59 +02:00
ulsklyc 2a2726cb04 "Claude PR Assistant workflow" 2026-04-05 13:39:58 +02:00
Ulas 1122bd269b style: replace em dashes with hyphens throughout codebase 
Replace all — with - in all source files (JS, CSS, HTML, JSON,
Markdown) for consistency and readability.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-03 17:04:39 +02:00
Ulas 2e3c5a9afa docs: replace em dashes with hyphens in public-facing docs 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-03 12:25:47 +02:00
Ulas 7a520a24de ci: add GitHub Actions workflow to publish Docker image to GHCR 
Builds and pushes to ghcr.io/ulsklyc/oikos on every push to main
and on version tags. Tags: branch name, semver, short SHA.
Uses Docker layer caching via GitHub Actions cache.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-04-02 21:58:39 +02:00
Ulas 7ef1389d44 fix(ci): remove Node.js 24.x from test matrix 
Node 24 is not yet LTS and native dependencies (bcrypt, better-sqlite3,
sharp) fail to compile on it, causing CI failures.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-04-02 15:05:27 +02:00
Ulas c59338fe2c chore: repository hygiene — P2 cleanup 
- .gitignore: add coverage/ and data/ patterns
- .dockerignore: exclude screenshots, tests, scripts, .github, docs
  assets from build context for faster Docker builds
- Delete docs/social-preview.html (one-time generator, no longer needed)
- Delete public/locales/.gitkeep (directory has de.json and en.json)
- scripts/seed-demo.js: replace hardcoded absolute path with portable
  resolve(__dirname, '..', 'data', 'oikos.db') default
- Add .github/PULL_REQUEST_TEMPLATE.md with summary, changes, checklist

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-02 14:19:27 +02:00
Ulas 91c2e0ad98 fix: address CodeQL security findings (v0.5.2) 
- Rate-limit SPA fallback route (missing rate limiting on fs access)
- Add csrfMiddleware to all state-changing auth routes (logout, create
  user, change password, delete user) — previously bypassed global CSRF
  middleware due to router registration order
- Fix incomplete vCard escaping: escape backslashes before other special
  characters to prevent injection via contact fields
- Restrict CI GITHUB_TOKEN to contents: read (least privilege)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-01 18:30:03 +02:00
Ulas f39152cf7e ci: add GitHub Actions workflow for automated tests 
Runs npm test on push and pull requests to main.
Matrix covers Node.js 22.x and 24.x.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-01 11:42:56 +02:00
ulsklyc ed605eb181 Add files via upload 2026-03-28 13:41:57 +01:00
ulsklyc 9b3bd96f69 Create bug report issue template 
Add a bug report template for GitHub issues.
 2026-03-28 13:41:32 +01:00