nogoo9 / no-crd
70%

DEFAULT BRANCH: main
Repo Added
Files 37
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst

LAST BUILD ON BRANCH main
branch: main
CHANGE BRANCH
x

coverage: 70.072%. Remained the same
26634458474

push

github

web-flow 
fix(ui): remove localhost fallback and fix logout basePath (v0.5.3) (#16)

* fix(ui): remove hardcoded localhost:3000 fallback and fix logout basePath

- Remove localhost:3000 MCP endpoint from HTTP fallback — only use the
  same-origin relative path derived from BASE_URL, which works in both
  local dev and production deployments.
- Fix /logout fetch call to include basePath prefix so it works behind
  a subpath reverse proxy.

* chore: bump version to 0.5.3

* docs: add ADR-011 for UI BASE_URL contract and cookie path consistency

- ADR-011 documents why UI fetch calls must use basePath, why the
  localhost:3000 fallback was removed, and why cookie paths use raw
  paths without basePrefix (both set and clear are consistent).
- Inline comments added to proxy.ts, mcp.ts, and app.ts referencing
  the ADR for future maintainers.

* docs: add Session & Cookie Management guide and update sidebar

- New docs/session-cookies.md covering nocr_sess and nocr_token cookie
  lifecycle, token extraction priority chain, session key resolution
  cascade, logout flow, and security considerations.
- Cross-reference added to auth-hardening.md pointing to the new page.
- VitePress sidebar updated: session-cookies link + ADRs 007-011.

* fix(ui): replace window.location.reload() with login overlay on 401

The 401 handlers in initHttpFallback() and callServerToolFallback()
were calling window.location.reload() to force re-authentication.
This races with initOidc() triggerRedirect() — the page reloads
before the OIDC redirect can execute, creating an infinite refresh
loop where the login prompt flashes but never navigates to the IdP.

Fix: show the login overlay and return/throw instead of reloading.
The OIDC flow (initOidc) handles the actual redirect independently.

* docs: add 401 reload loop fix to CHANGELOG, whats-new, and session-cookies gotchas

---------

Co-authored-by: Antigravity Agent <agent@antigravity>

5226 of 7458 relevant lines covered (70.07%)

19.31 hits per line

Relevant lines Covered
7458 RELEVANT LINES 5226 COVERED LINES
19.31 HITS PER LINE
Source Files on main

Recent builds

Builds Branch Commit Type Ran Committer Via Coverage
26634458474 main fix(ui): remove localhost fallback and fix logout basePath (v0.5.3) (#16) * fix(ui): remove hardcoded localhost:3000 fallback and fix logout basePath - Remove localhost:3000 MCP endpoint from HTTP fallback — only use the same-origin relative p... push web-flow github
70.07
26628634522 main fix: graceful error handling for MCP tools (v0.5.2) (#15) * fix: graceful error handling for MCP tools and permission denial test matrix - Wrap current_namespace auth checks in try/catch returning errorResult - Wrap get_capabilities evaluatePerm... push web-flow github
70.07
26621717133 main fix: graceful ConfigMap template fallback when RBAC permissions are missing (#12) Template tools (list_templates, get_template, spawn_workspace) no longer crash when the service account lacks configmaps permissions. They now fall back to local/bu... push web-flow github
69.36
26620282275 main feat: managed-only pod access control, capabilities API, and eager startup (v0.5.0) (#11) * docs: add ADR-008 managed-only pod access control - Document the decision to gate pod tools behind nogoo9/managed-by label - No admin bypass when MANAGED... push web-flow github
69.09
26614079157 main chore: bump version to 0.4.1 (#9) * refactor: dynamically parse CLI options and resolve annotation keys from schemas * refactor: delete src/config.ts and import config directly from folder * docs: add ADR-007 for schema-driven configuration and... push web-flow github
69.52
26611175765 main ci(workflows): trigger docker build on PRs to verify compilation (#8) * ci(workflows): only build and publish docker images on tag push Update the trigger in .github/workflows/docker-publish.yml to build and publish the Docker image to GHCR on t... push web-flow github
66.3
26593083704 main fix(publishing): add mcpName to package.json to pass registry validation (#7) Co-authored-by: Antigravity Agent <agent@antigravity> push web-flow github
66.3
26592721271 main release: v0.4.0 (#6) * feat: add local templates, session cookies, built-in themes, and ADRs - Local filesystem templates (YAML/JSON) with 3-source merge (ConfigMap → custom dir → built-in) for both templates and themes - Stateless HMAC-signed... push web-flow github
66.3
26531633335 main ci: add /zizmor agent workflow and fix workflow security warnings (#5) - Add `.agents/workflows/zizmor.md` for running local zizmor security scans. - Register `/zizmor` workflow command in `GEMINI.md` and `CLAUDE.md`. - Resolve/suppress cache-poi... push web-flow github
69.2
26530689167 main feat: release v0.3.0 with OIDC, auth hardening, UI themes, and documentation (#4) * feat: release v0.3.0 with OIDC, auth hardening, UI themes, and documentation - GitHub Actions Security: Enforce job-level permissions and pin SHAs. - Keycloak In... push web-flow github
69.2
See All Builds (32)