Commits · f403f8c03c1186d7d4b7a6f2e03d7bca6ffcec21 · Vũ Hoàng Anh / canifa_note

02 Apr, 2026 2 commits
- refactor: simplify memo metadata components · f403f8c0
  memoclaw authored Apr 02, 2026
  
  f403f8c0
- refactor: simplify audio attachment playback component · 0e4d2d25
  memoclaw authored Apr 02, 2026
  
  0e4d2d25
01 Apr, 2026 4 commits
- i18n: complete Turkish (tr) translations to 100% coverage (#5802) · 9676e725
  Serhat authored Apr 01, 2026
```
Signed-off-by: Serhat <49079271+onwp@users.noreply.github.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
```
  9676e725
- feat(editor): add voice note recording to the memo composer (#5801) · c0d5854f
  memoclaw authored Apr 01, 2026
```
Co-authored-by: memoclaw <265580040+memoclaw@users.noreply.github.com>
```
  c0d5854f
- fix(web): refine attachment media layout · a0d83e1a
  memoclaw authored Apr 01, 2026
  
  a0d83e1a
- chore: update security.md · cdbe40a3
  memoclaw authored Apr 01, 2026
  
  cdbe40a3
31 Mar, 2026 4 commits
- refactor: split audio attachment view into reusable components · 63a17d89
  memoclaw authored Mar 31, 2026
  
  63a17d89
- fix(tags): allow blur-only tag metadata (#5800) · 1921b576
  memoclaw authored Mar 31, 2026
```
Co-authored-by: memoclaw <265580040+memoclaw@users.noreply.github.com>
```
  1921b576
- chore: add rc release handling · 201c8a8e
  boojack authored Mar 31, 2026
  
  201c8a8e
- fix(filter): enforce CEL syntax semantics · 0e89407e
  boojack authored Mar 31, 2026
```
Reject non-standard truthy numeric expressions in filters and document the parser as a supported subset of standard CEL syntax.

- remove legacy filter rewrites
- support standard equality in tag exists predicates
- add regression coverage for accepted and rejected expressions
```
  0e89407e
30 Mar, 2026 4 commits
- chore: harden MCP access control and origin validation · d3f6e8ee
  boojack authored Mar 30, 2026
  
  d3f6e8ee
- chore: add migration upgrade coverage (#5796) · 7c708ee2
  boojack authored Mar 30, 2026
  
  7c708ee2
- fix: prevent stale comment drafts from being restored · e520b637
  memoclaw authored Mar 30, 2026
  
  e520b637
- fix(webhooks): trigger memo updates for attachment and relation changes (#5795) · acbc914d
  memoclaw authored Mar 30, 2026
```
Co-authored-by: memoclaw <265580040+memoclaw@users.noreply.github.com>
```
  acbc914d
29 Mar, 2026 1 commit

fix(lint): correct goimports struct literal alignment after removing... · 9610ed8f

memoclaw authored Mar 29, 2026

fix(lint): correct goimports struct literal alignment after removing write-only credential fields (#5794)
Co-authored-by: Claude <noreply@anthropic.com>

9610ed8f

28 Mar, 2026 3 commits

fix(api): make credentials write-only and restrict sensitive settings to admins · 9d3a74bc

memoclaw authored Mar 28, 2026

Security fixes for credential leakage across three resources:

- NOTIFICATION setting: restrict GetInstanceSetting to admin-only
  (was publicly accessible, exposing SMTP credentials)
- SMTP password: never return SmtpPassword in API responses (write-only)
- S3 secret: never return AccessKeySecret in API responses (write-only)
- OAuth2 ClientSecret: never return in API responses for any role
  (was previously returned to admins); remove redactIdentityProviderResponse
  in favor of omitting the field at the conversion layer
- Preserve-on-empty: when updating settings with an empty credential
  field, preserve the existing stored value instead of overwriting
  (applies to SmtpPassword, AccessKeySecret, and ClientSecret)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

9d3a74bc

fix(api): improve SSE hub design and fix double-broadcast on comments · c53677fc

memoclaw authored Mar 28, 2026

- Fix duplicate SSE event on comment creation: CreateMemoComment now
  suppresses the redundant memo.created broadcast from the inner
  CreateMemo call, emitting only memo.comment.created
- Extract reaction event-building IIFEs into buildMemoReactionSSEEvent
  helper, removing duplicated inline DB-fetch logic
- Promote resolveSSEAudienceCreatorID from method to free function
  (resolveSSECreatorID) since it never used the receiver
- Add userID to SSE connect/disconnect log lines for traceability
- Change canReceive default from permissive (return true) to
  deny-with-warning for unknown visibility types
- Add comprehensive tests covering all new helpers, visibility edge
  cases, slow-client drop behavior, and the double-broadcast fix
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

c53677fc

chore: tweak featured sponsors · d720efb6

boojack authored Mar 28, 2026

Removed the old sponsors table and replaced it with individual sponsor links and descriptions.
Signed-off-by: boojack <stevenlgtm@gmail.com>

d720efb6

26 Mar, 2026 1 commit
- fix: prevent local attachment uploads from overwriting files · 4add9b04
  memoclaw authored Mar 26, 2026
  
  4add9b04
25 Mar, 2026 2 commits
- fix(api): restrict user email exposure to self and admins (#5784) · a24d4209
  memoclaw authored Mar 25, 2026
```
Co-authored-by: memoclaw <265580040+memoclaw@users.noreply.github.com>
```
  a24d4209
- fix(api): switch user resource names to usernames (#5779) · acddef1f
  memoclaw authored Mar 25, 2026
```
Co-authored-by: memoclaw <265580040+memoclaw@users.noreply.github.com>
```
  acddef1f
24 Mar, 2026 6 commits
- chore: revamp featured sponsors in README · 2327f4e3
  boojack authored Mar 24, 2026
```
Updated featured sponsors section with new layout and content.
Signed-off-by: boojack <stevenlgtm@gmail.com>
```
  2327f4e3
- chore: add InstaPods promotion to README · 60a7d498
  boojack authored Mar 24, 2026
```
Signed-off-by: boojack <stevenlgtm@gmail.com>
```
  60a7d498
- refactor(store): remove synthetic system bot user lookup (#5778) · 4818bf35
  memoclaw authored Mar 24, 2026
```
Co-authored-by: memoclaw <265580040+memoclaw@users.noreply.github.com>
```
  4818bf35
- chore: show compact attachment count instead of thumbnails in comment previews · 4f6730a1
  memoclaw authored Mar 24, 2026
```
When truncate mode is active (comment list), display an inline file icon
with attachment count instead of rendering full image thumbnails.
```
  4f6730a1
- chore: upgrade TypeScript to 6.0.2 · 6a03917f
  memoclaw authored Mar 24, 2026
  
  6a03917f
- refactor(web): consolidate SharedMemo into MemoDetail (#5773) · bb7f4978
  memoclaw authored Mar 24, 2026
```
Co-authored-by: memoclaw <265580040+memoclaw@users.noreply.github.com>
```
  bb7f4978
23 Mar, 2026 5 commits
- feat: add outline navigation to memo detail sidebar (#5771) · 6b305799
  memoclaw authored Mar 23, 2026
```
Co-authored-by: memoclaw <265580040+memoclaw@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
```
  6b305799
- refactor(web): improve MemoDetail and sidebar maintainability (#5769) · 2aaca27b
  memoclaw authored Mar 23, 2026
```
Co-authored-by: memoclaw <265580040+memoclaw@users.noreply.github.com>
```
  2aaca27b
- feat(memo-preview): support comment metadata in previews (#5768) · e176b28c
  memoclaw authored Mar 23, 2026
```
Co-authored-by: memoclaw <265580040+memoclaw@users.noreply.github.com>
```
  e176b28c
- fix(web): prevent MemoContent prop leaks · 22519b57
  memoclaw authored Mar 23, 2026
  
  22519b57
- feat: add blur_content attribute to tag metadata settings (#5767) · 45b21530
  memoclaw authored Mar 23, 2026
```
Co-authored-by: memoclaw <265580040+memoclaw@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
```
  45b21530
22 Mar, 2026 1 commit

feat: treat tag setting keys as anchored regex patterns (#5759) · 9e040496

memoclaw authored Mar 22, 2026

Co-authored-by: memoclaw <265580040+memoclaw@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

9e040496

21 Mar, 2026 3 commits

refactor(web): improve Settings page maintainability and consistency (#5757) · 9ded59a1

memoclaw authored Mar 21, 2026

Co-authored-by: memoclaw <265580040+memoclaw@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

9ded59a1

refactor(web): simplify main layout sidebar structure (#5756) · d5de325f
memoclaw authored Mar 21, 2026
```
Co-authored-by: memoclaw <265580040+memoclaw@users.noreply.github.com>
```
d5de325f

refactor(web): consolidate memo metadata components into MemoMetadata (#5755) · 41778980

memoclaw authored Mar 21, 2026

Co-authored-by: memoclaw <265580040+memoclaw@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

41778980

20 Mar, 2026 4 commits

refactor(web): improve MemoView and MemoEditor maintainability (#5754) · ac077ac3

memoclaw authored Mar 20, 2026

Co-authored-by: memoclaw <265580040+memoclaw@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

ac077ac3

refactor(memo): simplify MemoDetail error handling, drop memo.failed-to-load i18n key · 7b4f3a9f

memoclaw authored Mar 20, 2026

The failed-to-load key was only used for non-ConnectError exceptions, which
are unreachable in practice since the Connect RPC client always wraps errors
as ConnectError. Use (error as Error).message as a plain fallback instead.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

7b4f3a9f

i18n: add missing auth.protected-memo-notice and memo.failed-to-load fallbacks to all locales · 5f6f6246

memoclaw authored Mar 20, 2026

30 locale files were missing the two keys added in the auth redirect PR.
Added English fallback strings so all locales render properly until
community translations are contributed.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

5f6f6246

Redirect unauthenticated protected memo access to sign in (#5738) · 7601708a
xun zhao authored Mar 20, 2026

7601708a