Files

claude code agent 227 8fcce6a674 feat(html-embed): per-workspace feature toggle, default OFF

The admin-only raw HTML/JS embed is a deliberate stored-XSS surface, so gate the
whole feature behind a workspace toggle that is OFF by default; it only works
when a workspace admin explicitly enables it.

- settings.htmlEmbed (boolean, default false) + workspace-update field htmlEmbed,
  persisted via WorkspaceRepo.updateSetting with an audit diff. Flipping it is
  admin-only (same Manage Settings CASL as other workspace toggles).
- New gate htmlEmbedAllowed(featureEnabled, role) = featureEnabled && admin/owner.
  All 7 server write paths (create, duplicate, collab onStoreDocument, REST/MCP/AI
  updatePageContent, single + zip import, transclusion unsync) now read the
  workspace's settings.htmlEmbed and strip unless (toggle ON AND admin). OFF
  (default, or a failed/empty workspace lookup) strips htmlEmbed for EVERYONE
  including admins -> existing embeds are cleaned up on next save, none persist.
- Client (defense-in-depth): the /html slash item is hidden unless toggle ON +
  admin; the NodeView executes nothing and shows a 'disabled in this workspace'
  placeholder when OFF; an admin Switch in Workspace Settings -> General with a
  description of the behavior.
- docs/html-embed-admin.md documents the toggle + admin-only + fail-closed
  coedit (a non-admin save strips an admin's embed) + execution semantics.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

2026-06-20 19:28:39 +03:00

public

feat(ai-chat): show current context size instead of total tokens spent

2026-06-18 19:54:34 +03:00

src

feat(html-embed): per-workspace feature toggle, default OFF

2026-06-20 19:28:39 +03:00

.dockerignore

fixes

2024-06-07 17:29:34 +01:00

.gitignore

switch to nx monorepo

2024-01-09 18:58:26 +01:00

eslint.config.mjs

chore: fix linting (#544 )

2024-12-09 14:51:31 +00:00

index.html

feat(brand): roll out Gitmost logo, favicon and app name

2026-06-18 00:12:26 +03:00

package.json

0.91.0

2026-06-18 18:07:54 +03:00

postcss.config.js

switch to nx monorepo

2024-01-09 18:58:26 +01:00

README.md

switch to nx monorepo

2024-01-09 18:58:26 +01:00

tsconfig.json

switch to nx monorepo

2024-01-09 18:58:26 +01:00

tsconfig.node.json

switch to nx monorepo

2024-01-09 18:58:26 +01:00

vite.config.ts

feat(client): show git-describe version next to the brand logo

2026-06-18 04:51:21 +03:00

vitest.config.ts

feat(tree): replace sidebar tree (react-aborist) with custom tree implementation (#2199 )

2026-05-13 23:01:04 +01:00

README.md

React + TypeScript + Vite

This template provides a minimal setup to get React working in Vite with HMR and some ESLint rules.

Currently, two official plugins are available:

@vitejs/plugin-react uses Babel for Fast Refresh
@vitejs/plugin-react-swc uses SWC for Fast Refresh

Expanding the ESLint configuration

If you are developing a production application, we recommend updating the configuration to enable type aware lint rules:

Configure the top-level parserOptions property like this:

   parserOptions: {
    ecmaVersion: 'latest',
    sourceType: 'module',
    project: ['./tsconfig.json', './tsconfig.node.json'],
    tsconfigRootDir: __dirname,
   },

Replace plugin:@typescript-eslint/recommended to plugin:@typescript-eslint/recommended-type-checked or plugin:@typescript-eslint/strict-type-checked
Optionally add plugin:@typescript-eslint/stylistic-type-checked
Install eslint-plugin-react and add plugin:react/recommended & plugin:react/jsx-runtime to the extends list