12 commits

Author	SHA1	Message	Date
Claude	d1afc5592a	test: add tests for admin modal components (Settings, PlatformUser, ActivityLog, ServiceManager) ... Adds Pest test suites for the four critical admin modals using test double components, following the existing LivewireModalTest.php pattern. Covers tab navigation, form validation, CRUD flows, filter combinations, and state management. Fixes #7. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-24 16:51:57 +00:00
Snider	bcb40d4ebf	fix(dx): add strict_types, composer scripts, and fix test discovery ... - Add declare(strict_types=1) to 17 PHP files missing it (13 Livewire modals, 1 route file, 1 migration, 1 test use case, TestCase) - Add composer test/lint scripts to composer.json for monorepo consistency - Fix phpunit.xml to discover tests in src/Search/Tests and src/Mod/Hub/Tests - Update CLAUDE.md commands section to document composer test/lint Co-Authored-By: Virgil <virgil@lethean.io>	2026-03-17 09:04:27 +00:00
Clotho	8922683bcf	security: validate JSON metadata fields to prevent mass assignment ... Add mutators to Service and HoneypotHit models that enforce size and structure limits on JSON fields (metadata, headers). Service.setMeta() now validates key format. TeapotController pre-filters header count before passing to the model. Fixes #14 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-21 01:25:47 +00:00
Charon	ee383bbe3f	Merge pull request 'fix(security): improve TeapotController header sanitization' (#21) from security/improve-teapot-sanitization into main	2026-02-20 12:10:58 +00:00
Clotho	163d34aacf	fix(security): improve TeapotController header sanitization (#13) ... Switch header storage from blacklist to whitelist approach, add private IP detection for auto-block bypass, and validate referer URLs. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-20 11:50:04 +00:00
Clotho	9ae0055f33	security: add rate limiting to admin action endpoints (#12) ... Add per-user rate limiting to sensitive Livewire component methods to prevent abuse from compromised admin sessions. Introduces a reusable HasRateLimiting trait and applies it to PlatformUser, Settings, and WaitlistManager components. Rate limits: - Tier changes, verification, entitlements: 10/min per admin - Profile updates, preferences: 20/min per user - Password changes: 5/min per user - Data exports: 5/min per admin - Deletions/anonymisation: 3/min per admin Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-20 11:28:26 +00:00
Snider	5a2ce4bab8	test(layout): add comprehensive tests for HLCRF layout system ... Add tests for the HLCRF (Header-Left-Content-Right-Footer) layout system covering all required functionality: - Layout variant parsing (C, HC, HCF, LC, CR, LCR, HLCRF, etc.) - Self-documenting ID system (H-0, C-R-2, data-block, data-slot) - Nested layout rendering with correct path propagation - Slot rendering with multiple content types (string, Htmlable, closures) - Alias methods (addHeader, addLeft, addContent, addRight, addFooter) - Attributes and CSS class management - Semantic HTML structure (header, aside, main, footer elements) - Real-world layout patterns (admin dashboard, docs site, email client) - Edge cases and boundary conditions 80+ tests covering the complete HLCRF layout system. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-29 19:27:30 +00:00
Snider	e5a71d2a2d	test(modal): add comprehensive tests for Livewire modal system ... Add tests for modal opening/closing, event handling, data passing, validation, nested modals, and lifecycle management. Tests use isolated test double components to verify modal behaviour patterns used throughout core-admin. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-29 19:23:17 +00:00
Snider	a27abc6b63	test(search): add comprehensive tests for search provider registry ... Tests cover: - Provider registration (single and multiple) - Provider availability filtering by user and workspace - Search execution and result aggregation - Result flattening for keyboard navigation - Fuzzy matching (substring, case-insensitive, word-start, abbreviation) - Relevance scoring hierarchy - SearchResult creation, conversion, and immutability - Integration tests with multiple providers Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-29 19:18:33 +00:00
Snider	cecf4a9f7b	test(honeypot): add comprehensive tests for teapot/honeypot anti-spam system ... Add tests for the honeypot detection system that catches bots ignoring robots.txt: - Bot detection patterns (SEO bots, AI crawlers, scripting tools, headless browsers) - Severity classification (warning vs critical paths) - TeapotController response (418 status, custom headers, hit logging) - Rate limiting to prevent log flooding - Header sanitization (removes sensitive headers before storage) - Model scopes (recent, fromIp, bots, critical, warning) - Statistics for dashboard (total, today, unique IPs, top bots) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-29 19:14:45 +00:00
Snider	0fd8185a99	test(forms): add authorization props tests for form components ... Add comprehensive Pest tests for form component authorization props (canGate/canResource/canHide). Tests cover Button, Input, Select, Checkbox, Toggle, and Textarea components. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-29 13:33:14 +00:00
Snider	8ee3a54482	Initial commit	2026-01-26 20:48:24 +00:00