Scott.Idem/OSIT-AE-App-Svelte
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,244 Commits 9 Branches 0 Tags
5cbdec3b5cebbee4655e2dfa2148136902f623f9
Commit Graph

7 Commits

Author SHA1 Message Date
Scott Idem
19822c4eaf docs(security): narrow x-no-account-id guidance and JWT notes 2026-05-01 13:59:07 -04:00
Scott Idem
e7b6045580 Updates to the documentation. 
Co-authored-by: Copilot <copilot@github.com>
 2026-04-30 17:13:11 -04:00
Scott Idem
2f5ad8ccc0 fix(core): preserve account context on key params and harden account detail fallback 
- api_get/post/patch_object: stop treating params.key as account-bypass trigger\n- account detail: remove forced key usage, add list/cache fallback path\n- account detail: fix fallback bug that set load_error even when fallback record existed\n- sites detail: pretty-print cfg_json before save\n- docs: clarify key != bypass and add 403 troubleshooting notes
 2026-04-30 16:37:54 -04:00
Scott Idem
90adb19f5d fix(core): modern Svelte 5 cleanup — Dexie .get() bug, typed API calls, inline confirms 
- person_view.svelte: fix liveQuery using .get() (primary key, never set by V3)
  → .where('person_id').equals().first()
- people/[person_id]: same Dexie .get() fix for lq__person_obj
- person_view.svelte: replace 4x generic api.update_ae_obj → core_func.update_ae_obj__person
  (removes unused api import)
- Replace all browser confirm()/alert() dialogs (9 occurrences, 6 files) with
  inline two-click confirm state pattern (confirm_action = $state<string|null>)
  Affected: users, accounts, contacts, addresses, people, sites
- Bootstrap doc: add Dexie .get() trap to Section 5 and Mistake #8
 2026-04-30 16:00:20 -04:00
Scott Idem
de07fa0e0e docs: capture IDAA IDB audit results and layout security model 
- TODO__Agents.md: mark IDAA IDB caching item complete (audited 2026-04-28);
  all protection layers confirmed in place, no code changes needed
- GUIDE__SvelteKit2_Svelte5_DexieJS.md: add "SvelteKit Layout Hierarchy:
  Security and Execution Order" section explaining execution order, auth-gate
  consequences, pre-gate risks in +page.ts/+layout.ts, and the reactivity-guard
  vs auth-guard distinction for IDAA $effect blocks
- BOOTSTRAP__AI_Agent_Quickstart.md: add Mistake #7 — treating $effect blocks
  as auth bypass risks vs understanding the real layout hierarchy

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-28 16:10:17 -04:00
Scott Idem
868f4b3390 Updated he directory path for general agents trash. 2026-04-19 16:55:10 -04:00
Scott Idem
aebbcf5b47 docs: add AI agent bootstrap / quickstart document 
Concise onboarding doc covering: project overview, critical rules (IDAA
privacy, no-rm, svelte-check), env/deploy cheat sheet, Svelte 5 runes
patterns, V3 API patterns, naming conventions, real past mistakes, source
layout, and reading order for deeper dives.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-19 16:52:25 -04:00