letsbe/pn-new-crm
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
319 Commits 7 Branches 0 Tags
64f0e0a1b821965b8eca1178f4986110ab2a65a7
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Matt Ciaccio 64f0e0a1b8 fix(security): brochures.service UPDATE/DELETE WHERE includes portId 
audit-pass-#2 flagged that updateBrochure and archiveBrochure validate
portId in their preceding SELECT but omit it from the subsequent UPDATE
WHERE clause. Currently safe (the SELECT throws NotFoundError first),
but a refactor that drops the SELECT or a TOCTOU race would silently
allow a cross-tenant write.

Defense-in-depth: add and(eq(id), eq(portId)) to both UPDATE WHERE
clauses so the safety property doesn't depend on caller discipline.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-06 14:58:47 +02:00
.gitea/workflows
Remove deploy job from CI - build and push only
2026-03-26 12:19:36 +01:00
.husky
Fix Docker build and production server infrastructure
2026-04-08 15:31:33 -04:00
assets
feat(portal): replace magic-link with email/password + admin-initiated activation
2026-04-26 15:34:02 +02:00
competing-plans/blessed
Initial commit: Port Nimara CRM (Layers 0-4)
2026-03-26 11:52:51 +01:00
docker/postgres
Initial commit: Port Nimara CRM (Layers 0-4)
2026-03-26 11:52:51 +01:00
docs
fix(security): tier-0 audit blockers (next CVE, role gate, perm traps, key validation, rate limits)
2026-05-05 18:33:13 +02:00
nginx
fix(security): tier-0 audit blockers (next CVE, role gate, perm traps, key validation, rate limits)
2026-05-05 18:33:13 +02:00
public
chore(pwa): add placeholder icons (icon-192/512/512-maskable, apple-touch-icon)
2026-04-29 14:10:14 +02:00
scripts
fix(audit-final): pre-merge hardening + expense receipt UI
2026-05-05 05:11:26 +02:00
src
fix(security): brochures.service UPDATE/DELETE WHERE includes portId
2026-05-06 14:58:47 +02:00
tests
test(audit-tier-5): webhook + cross-port test coverage
2026-05-05 20:53:34 +02:00
.env.example
Initial commit: Port Nimara CRM (Layers 0-4)
2026-03-26 11:52:51 +01:00
.gitattributes
chore: add .gitattributes to normalize line endings to LF
2026-04-22 02:02:46 +02:00
.gitignore
fix(audit-final): pre-merge hardening + expense receipt UI
2026-05-05 05:11:26 +02:00
.lintstagedrc.json
Initial commit: Port Nimara CRM (Layers 0-4)
2026-03-26 11:52:51 +01:00
.prettierrc
Initial commit: Port Nimara CRM (Layers 0-4)
2026-03-26 11:52:51 +01:00
01-CONSOLIDATED-SYSTEM-SPEC.md
Initial commit: Port Nimara CRM (Layers 0-4)
2026-03-26 11:52:51 +01:00
02-FEATURE-INVENTORY.md
Initial commit: Port Nimara CRM (Layers 0-4)
2026-03-26 11:52:51 +01:00
03-ARCHITECTURE-DECISIONS.md
Initial commit: Port Nimara CRM (Layers 0-4)
2026-03-26 11:52:51 +01:00
04-ARCHITECTURE-COMPARISON.md
Initial commit: Port Nimara CRM (Layers 0-4)
2026-03-26 11:52:51 +01:00
05-FINAL-ARCHITECTURE-DECISIONS.md
Initial commit: Port Nimara CRM (Layers 0-4)
2026-03-26 11:52:51 +01:00
06-MASTER-FEATURE-SPEC.md
Initial commit: Port Nimara CRM (Layers 0-4)
2026-03-26 11:52:51 +01:00
07-DATABASE-SCHEMA.md
docs: reflect data-model refactor in CLAUDE.md + DB schema overview
2026-04-26 14:14:34 +02:00
08-API-ENDPOINT-CATALOG.md
Initial commit: Port Nimara CRM (Layers 0-4)
2026-03-26 11:52:51 +01:00
09-BUSINESS-RULES.md
Initial commit: Port Nimara CRM (Layers 0-4)
2026-03-26 11:52:51 +01:00
10-AUTH-AND-PERMISSIONS.md
Initial commit: Port Nimara CRM (Layers 0-4)
2026-03-26 11:52:51 +01:00
11-REALTIME-AND-BACKGROUND-JOBS.md
Initial commit: Port Nimara CRM (Layers 0-4)
2026-03-26 11:52:51 +01:00
12-IMPLEMENTATION-SEQUENCE.md
Initial commit: Port Nimara CRM (Layers 0-4)
2026-03-26 11:52:51 +01:00
13-UI-PAGE-MAP.md
Initial commit: Port Nimara CRM (Layers 0-4)
2026-03-26 11:52:51 +01:00
14-TECHNICAL-DECISIONS.md
Initial commit: Port Nimara CRM (Layers 0-4)
2026-03-26 11:52:51 +01:00
15-DESIGN-TOKENS.md
Initial commit: Port Nimara CRM (Layers 0-4)
2026-03-26 11:52:51 +01:00
CLAUDE.md
docs(claude): add berth-recommender + storage + send-outs conventions
2026-05-05 04:09:27 +02:00
components.json
Initial commit: Port Nimara CRM (Layers 0-4)
2026-03-26 11:52:51 +01:00
design-system-preview.html
Initial commit: Port Nimara CRM (Layers 0-4)
2026-03-26 11:52:51 +01:00
docker-compose.dev.yml
Initial commit: Port Nimara CRM (Layers 0-4)
2026-03-26 11:52:51 +01:00
docker-compose.prod.yml
fix(audit-tier-1): timeouts, lifecycle, per-port Documenso, FK constraints
2026-05-05 19:52:58 +02:00
docker-compose.yml
Initial commit: Port Nimara CRM (Layers 0-4)
2026-03-26 11:52:51 +01:00
Dockerfile
fix(audit-tier-6): validation, perms, ops/infra, per-port webhook secret
2026-05-05 21:03:31 +02:00
Dockerfile.dev
fix(audit-tier-6): validation, perms, ops/infra, per-port webhook secret
2026-05-05 21:03:31 +02:00
Dockerfile.worker
fix(audit-tier-6): validation, perms, ops/infra, per-port webhook secret
2026-05-05 21:03:31 +02:00
drizzle.config.ts
Initial commit: Port Nimara CRM (Layers 0-4)
2026-03-26 11:52:51 +01:00
eslint.config.mjs
Initial commit: Port Nimara CRM (Layers 0-4)
2026-03-26 11:52:51 +01:00
mockup-A-sidebar-dark.html
Initial commit: Port Nimara CRM (Layers 0-4)
2026-03-26 11:52:51 +01:00
mockup-B-light-theme.html
Initial commit: Port Nimara CRM (Layers 0-4)
2026-03-26 11:52:51 +01:00
mockup-C-bold-modern.html
Initial commit: Port Nimara CRM (Layers 0-4)
2026-03-26 11:52:51 +01:00
next-env.d.ts
Initial commit: Port Nimara CRM (Layers 0-4)
2026-03-26 11:52:51 +01:00
next.config.ts
feat(eoi): in-app pathway fills the same source PDF as Documenso
2026-04-26 13:38:02 +02:00
NOCODB-MIGRATION-MAPPING.md
Initial commit: Port Nimara CRM (Layers 0-4)
2026-03-26 11:52:51 +01:00
package.json
fix(audit-tier-6): validation, perms, ops/infra, per-port webhook secret
2026-05-05 21:03:31 +02:00
playwright.config.ts
fix(test): raise mobile-audit timeout to 30min for 4-viewport runs
2026-04-29 15:15:26 +02:00
pnpm-lock.yaml
fix(security): tier-0 audit blockers (next CVE, role gate, perm traps, key validation, rate limits)
2026-05-05 18:33:13 +02:00
postcss.config.mjs
Initial commit: Port Nimara CRM (Layers 0-4)
2026-03-26 11:52:51 +01:00
PROGRESS.md
docs: update PROGRESS.md with 2026-03-26 → 2026-04-22 changelog
2026-04-22 02:37:43 +02:00
SECURITY-GUIDELINES.md
Initial commit: Port Nimara CRM (Layers 0-4)
2026-03-26 11:52:51 +01:00
tailwind.config.ts
feat(mobile): add safe-area spacing utilities (pt-safe-top, pb-safe-bottom, etc.)
2026-04-29 13:56:53 +02:00
tsconfig.json
feat(platform): residential module + admin UI + reliability fixes
2026-04-27 21:54:32 +02:00
tsconfig.server.json
Fix Docker build and production server infrastructure
2026-04-08 15:31:33 -04:00
vitest.config.ts
test(infra): vitest globalSetup teardown purges test-port-* leaks
2026-04-28 13:28:15 +02:00
Description
No description provided
9.9 MiB
Languages
TypeScript 98%
HTML 1.7%
Shell 0.2%
CSS 0.1%