cinny

LotusGuild/cinny

Fork 0

Commit Graph

Author	SHA1	Message	Date
Lotus Bot	8666daaf9d	Security, performance, bug fixes, and TDS improvements Security: - HIGH-1: Validate hex color format before CSS interpolation in sanitize.ts - HIGH-5: Add sandbox attribute to OpenStreetMap iframe - MED-1: Fix permissive URL scheme regex in LINKIFY_OPTS - MED-3/HIGH-4: Add .js.map blocking + CSP header to nginx config - LOW-2: Validate OIDC authUrl scheme before window.open - Accessibility: Remove maximum-scale=1.0 from viewport meta (WCAG 1.4.4) Performance: - O(1) Map index in computePositions (was O(M×T) findIndex per member) - Add RoomMemberEvent.Membership subscription so positions update on join/leave - Fix uncleaned 2000ms setTimeout in RoomTimeline useLayoutEffect Bug fixes: - BUG-5: Add QUEUED/CANCELLED cases to DeliveryStatus component - BUG-6: Guard DeliveryStatus against state events via isState() check - BUG-10: Clamp PiP position on window resize - BUG-14: Separate runLotusBootSequence into dedicated useEffect([lotusTerminal]) - Fix aria-live on typing indicator (WCAG 4.1.3) - Add aria-label + aria-multiline to message editor TDS (Lotus Terminal Design System): - Add reaction chip styles (dark + light mode) - Add GIF picker CSS via globalStyle instead of runtime injection - Add URL preview styles (dark + light mode) - Add complete GIF picker light-mode TDS block (was missing)	2026-05-19 16:26:25 -04:00
root	4c4d61600d	feat: reaction TDS styling, debounce read receipts, Escape to skip boot, type fixes - lotus-terminal.css.ts: add reaction chip styles for dark + light TDS modes (cyan border/bg for unselected, orange accent for own/pressed reactions) - useRoomReadPositions: debounce receipt handler at 150ms (M-3) - lotus-boot.ts: Escape key skips boot animation (I-3) - RoomInput.tsx: replace (uploadRes as any) with typed assertion (M-7) - CallEmbedProvider: call mention detection, audio cleanup, display name (C-1, C-2, M-5) - EventReaders: timestamps in seen-by modal, filter self, TDS styling - ReadReceiptAvatars: StackedAvatar pill, TDS visual treatment - chatBackground: add waves/neon/aurora backgrounds - RoomView: auto-apply tactical bg when TDS active and bg is none - settings: extend ChatBackground union type	2026-05-16 01:34:20 -04:00
root	7d57396de8	feat: per-message read receipt avatars showing each user s last-read position	2026-05-15 18:56:17 -04:00

Author

SHA1

Message

Date

Lotus Bot

8666daaf9d

Security, performance, bug fixes, and TDS improvements

Security:
- HIGH-1: Validate hex color format before CSS interpolation in sanitize.ts
- HIGH-5: Add sandbox attribute to OpenStreetMap iframe
- MED-1: Fix permissive URL scheme regex in LINKIFY_OPTS
- MED-3/HIGH-4: Add .js.map blocking + CSP header to nginx config
- LOW-2: Validate OIDC authUrl scheme before window.open
- Accessibility: Remove maximum-scale=1.0 from viewport meta (WCAG 1.4.4)

Performance:
- O(1) Map index in computePositions (was O(M×T) findIndex per member)
- Add RoomMemberEvent.Membership subscription so positions update on join/leave
- Fix uncleaned 2000ms setTimeout in RoomTimeline useLayoutEffect

Bug fixes:
- BUG-5: Add QUEUED/CANCELLED cases to DeliveryStatus component
- BUG-6: Guard DeliveryStatus against state events via isState() check
- BUG-10: Clamp PiP position on window resize
- BUG-14: Separate runLotusBootSequence into dedicated useEffect([lotusTerminal])
- Fix aria-live on typing indicator (WCAG 4.1.3)
- Add aria-label + aria-multiline to message editor

TDS (Lotus Terminal Design System):
- Add reaction chip styles (dark + light mode)
- Add GIF picker CSS via globalStyle instead of runtime injection
- Add URL preview styles (dark + light mode)
- Add complete GIF picker light-mode TDS block (was missing)

2026-05-19 16:26:25 -04:00

root

4c4d61600d

feat: reaction TDS styling, debounce read receipts, Escape to skip boot, type fixes

- lotus-terminal.css.ts: add reaction chip styles for dark + light TDS modes
  (cyan border/bg for unselected, orange accent for own/pressed reactions)
- useRoomReadPositions: debounce receipt handler at 150ms (M-3)
- lotus-boot.ts: Escape key skips boot animation (I-3)
- RoomInput.tsx: replace (uploadRes as any) with typed assertion (M-7)
- CallEmbedProvider: call mention detection, audio cleanup, display name (C-1, C-2, M-5)
- EventReaders: timestamps in seen-by modal, filter self, TDS styling
- ReadReceiptAvatars: StackedAvatar pill, TDS visual treatment
- chatBackground: add waves/neon/aurora backgrounds
- RoomView: auto-apply tactical bg when TDS active and bg is none
- settings: extend ChatBackground union type

2026-05-16 01:34:20 -04:00

root

7d57396de8

feat: per-message read receipt avatars showing each user s last-read position

2026-05-15 18:56:17 -04:00

3 Commits