* Initial plan
* Add comprehensive user documentation with guides and tutorials
Co-authored-by: onnwee <211922112+onnwee@users.noreply.github.com>
* docs: add quick reference and screenshot documentation structure
- Add comprehensive quick reference guide with CLI commands, shortcuts, and API examples
- Add screenshot guide with capture guidelines and image specifications
- Add README for images directory with detailed instructions
- Update VitePress config to include new learning resources section
- Fix screenshot placeholder format to prevent build errors
Co-authored-by: onnwee <211922112+onnwee@users.noreply.github.com>
* docs: add comprehensive user documentation with guides and tutorials
Co-authored-by: onnwee <211922112+onnwee@users.noreply.github.com>
---------
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: onnwee <211922112+onnwee@users.noreply.github.com>
* Initial plan
* feat(docs): implement comprehensive VitePress documentation site
- Set up VitePress documentation platform with search and dark mode
- Created user guide with installation, quick start, and feature guides
- Added ghost detection comprehensive guide with examples
- Created admin guide with environment configuration
- Implemented developer guide with contributing guidelines
- Added API reference with code examples in multiple languages
- Configured navigation structure for all doc sections
- Added changelog and documentation README
Co-authored-by: onnwee <211922112+onnwee@users.noreply.github.com>
* feat(docs): add remaining guide pages and deployment workflow
- Created timeline analysis guide
- Added plugin system guide
- Implemented privacy controls guide
- Created advanced charts guide
- Added API authentication documentation
- Created GitHub Actions workflow for docs deployment
- Added logo SVG for documentation site
- Updated main README with documentation section
Co-authored-by: onnwee <211922112+onnwee@users.noreply.github.com>
---------
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: onnwee <211922112+onnwee@users.noreply.github.com>
* Initial plan
* Initial commit: Fix build errors before theme implementation
Co-authored-by: onnwee <211922112+onnwee@users.noreply.github.com>
* feat: Implement comprehensive dark/light theme system with smooth transitions
- Enhanced ThemeContext with system preference detection
- Added smooth CSS transitions for theme switching
- Updated ThemeToggle with three-state support (light/dark/system)
- Added keyboard shortcut (Ctrl+Shift+T) for theme toggle
- Implemented theme persistence across sessions
- Prevented flash on page load with inline script
- Added theme-aware Toaster component
- Created comprehensive tests for theme functionality
- Added CSS variables for light theme (Catppuccin Latte)
- All 98 tests passing
Co-authored-by: onnwee <211922112+onnwee@users.noreply.github.com>
* feat: Add light theme colors and theme toggle to Login page
- Added comprehensive light theme color overrides in CSS
- Added theme toggle button to Login page for testing
- All theme transitions working smoothly
- Theme persistence verified across page reloads
Co-authored-by: onnwee <211922112+onnwee@users.noreply.github.com>
* fix: Address code review feedback
- Use catppuccin color variables for tooltip instead of hardcoded colors
- Optimize CSS transitions by targeting specific elements instead of universal selector
- Improves performance on pages with many DOM elements
Co-authored-by: onnwee <211922112+onnwee@users.noreply.github.com>
* fix: Clean up setTimeout and fix type error in theme initialization
- Add cleanup for setTimeout in ThemeToggle to prevent memory leaks
- Fix type error in effectiveTheme initialization with proper type assertion
- Addresses PR review feedback
Co-authored-by: onnwee <211922112+onnwee@users.noreply.github.com>
---------
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: onnwee <211922112+onnwee@users.noreply.github.com>
* Initial plan
* feat: implement core accessibility improvements - WCAG 2.1 AA
- Add screen reader utility classes (sr-only, sr-only-focusable)
- Add focus-visible enhancement for keyboard navigation
- Update Button component with ARIA attributes (aria-busy, aria-disabled, aria-label)
- Update Card components with flexible heading levels and id support
- Add skip-to-main-content link in App.tsx
- Update Dashboard page with semantic HTML (header, section, main landmark)
- Add proper table accessibility (scope, caption, aria-labelledby)
- Add ARIA labels to action buttons
- Update Login page with semantic HTML and ARIA attributes
- Update ThemeToggle with descriptive aria-label
- Update StatCard with aria-live regions and improved semantics
- All existing tests passing
Co-authored-by: onnwee <211922112+onnwee@users.noreply.github.com>
* feat: add accessibility testing and enhanced chart accessibility
- Add vitest-axe for automated accessibility testing
- Create comprehensive accessibility tests for Button, Card, and StatCard components
- Add ARIA live regions and role="img" to chart components (VolumeChart, TimelineChart)
- Add accessible data tables as fallback for charts
- Update AnalyticsConsentBanner with semantic HTML and ARIA attributes
- Create comprehensive ACCESSIBILITY.md documentation
- All 81 tests passing including 16 new accessibility tests
Co-authored-by: onnwee <211922112+onnwee@users.noreply.github.com>
* fix: address code review feedback for accessibility improvements
- Make data table fallbacks visible and accessible (not sr-only)
- Improve loading button text to be more descriptive
- Better structure for filter checkbox with aria-describedby
- Add aria-label to table headers with abbreviations
- All 81 tests still passing
Co-authored-by: onnwee <211922112+onnwee@users.noreply.github.com>
* fix: apply PR review feedback from copilot-pull-request-reviewer
- Remove redundant aria-disabled attribute (native disabled is sufficient)
- Remove unnecessary span wrapper around button children
- Remove redundant aria-label from th elements with abbr
- Change chart role from img to region for interactive charts
- Remove role entirely from TimelineChart (has interactive elements)
- Update accessibility tests to check native disabled attribute
- All 81 tests passing
Co-authored-by: PatrickFanella <61631520+PatrickFanella@users.noreply.github.com>
---------
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: onnwee <211922112+onnwee@users.noreply.github.com>
Co-authored-by: PatrickFanella <61631520+PatrickFanella@users.noreply.github.com>
* Initial plan
* feat: implement backend analytics system with GDPR compliance
- Add analytics database models (UserAnalyticsEvent, FeatureUsageMetric, PerformanceMetric, AnalyticsSummary)
- Create analytics service with event tracking, feature usage, and performance metrics
- Add analytics tracking middleware for automatic API request tracking
- Implement GDPR-compliant data anonymization when consent not given
- Add analytics API endpoints for viewing metrics and insights
- Create analytics tests with proper mocking
- Add analyticsConsent field to User model
- Integrate analytics middleware into server pipeline
Co-authored-by: onnwee <211922112+onnwee@users.noreply.github.com>
* feat: complete analytics implementation with frontend integration
- Fix TypeScript type issues in analytics service
- Update frontend App.tsx to integrate analytics tracking and consent banner
- Add automatic page tracking via useAnalytics hook
- Add feature tracking to Analytics page
- Create comprehensive integration tests for metrics API
- Add DATABASE_URL to test environment
- Fix Redis connection cleanup null check
- Add MetricsDashboard route to frontend
- Integrate AnalyticsConsentBanner component globally
Co-authored-by: onnwee <211922112+onnwee@users.noreply.github.com>
* docs: add comprehensive analytics documentation and migration
- Add ANALYTICS.md with complete system documentation
- Add PRIVACY_ANALYTICS.md with privacy policy for analytics
- Create database migration SQL for analytics tables
- Document all features, usage, API endpoints, and best practices
- Include GDPR compliance details and user rights
- Add troubleshooting guide and testing instructions
Co-authored-by: onnwee <211922112+onnwee@users.noreply.github.com>
* fix: address code review feedback
- Fix division by zero in MetricsDashboard for consent rate and avg per user calculations
- Simplify JSON handling by removing inefficient JSON.parse(JSON.stringify())
- Use type assertion for Prisma JSON fields to avoid type conflicts
- All unit tests passing (8/8)
Co-authored-by: onnwee <211922112+onnwee@users.noreply.github.com>
* fix: address PR review feedback on analytics implementation
- Make hasConsent and consentStatus reactive with useState in useAnalytics hook
- Fix uniqueUsers calculation to count distinct userId instead of all records
- Remove trackFeatureUsage from dependency array in Analytics.tsx
- Use early return pattern in metricsAnalytics.ts POST /event endpoint
- Remove unused LineChart and Line imports from MetricsDashboard.tsx
- Update test mock to use _count.userId instead of _count._all
Co-authored-by: onnwee <211922112+onnwee@users.noreply.github.com>
---------
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: onnwee <211922112+onnwee@users.noreply.github.com>
* Initial plan
* feat: implement comprehensive Sentry integration for frontend and backend
- Enhanced backend Sentry configuration with error grouping and context
- Added Sentry React SDK integration for frontend
- Created ErrorBoundary component for React error handling
- Configured source map support for both frontend and backend
- Added helper functions for error capture, user context, and breadcrumbs
- Created comprehensive documentation in SENTRY.md
- Added example alert rules configuration
- Updated environment variables for Sentry configuration
- Added source map upload scripts for backend
Co-authored-by: onnwee <211922112+onnwee@users.noreply.github.com>
* test: add comprehensive tests for Sentry integration
- Added backend unit tests for Sentry monitoring functions
- Added frontend tests for Sentry configuration exports
- Added ErrorBoundary component tests
- All tests passing successfully
Co-authored-by: onnwee <211922112+onnwee@users.noreply.github.com>
* refactor: address code review feedback for Sentry integration
- Made source map upload script portable with configurable strip-prefix
- Hide error messages in production for security
- Simplified Vite plugin conditional loading for better readability
- Removed rate limiting errors from ignore list to ensure monitoring
- Fixed TypeScript errors in test files
Co-authored-by: onnwee <211922112+onnwee@users.noreply.github.com>
* test: fix ErrorBoundary test reliability
- Simplified test assertions to avoid flaky behavior
- All frontend and backend tests now passing
Co-authored-by: onnwee <211922112+onnwee@users.noreply.github.com>
* refactor: address PR review feedback
- Use npx instead of global npm install for Sentry CLI
- Add JSDoc documentation for beforeSend hook explaining hint parameter
- Remove duplicate build:prod script (source maps now enabled by default)
- Remove unused userEvent import from ErrorBoundary test
Co-authored-by: onnwee <211922112+onnwee@users.noreply.github.com>
---------
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: onnwee <211922112+onnwee@users.noreply.github.com>
* Initial plan
* Add quota management system with tier-based rate limiting
- Add SubscriptionTier enum (FREE, PRO, ENTERPRISE) to schema
- Implement quota tracking in Redis with daily limits
- Add quota enforcement middleware
- Create quota management routes for admin
- Add comprehensive tests for quota functionality
Co-authored-by: onnwee <211922112+onnwee@users.noreply.github.com>
* Update documentation for quota and rate limiting features
- Add comprehensive quota management documentation to RATE_LIMITING.md
- Update README with tier-based quota features
- Create database migration for subscription tier
- Fix linting issues in new code
Co-authored-by: onnwee <211922112+onnwee@users.noreply.github.com>
* Make quota limits endpoint async for consistency
- Address code review feedback
- Keep handler async even though operations are synchronous
- Maintains consistency with other route handlers
Co-authored-by: onnwee <211922112+onnwee@users.noreply.github.com>
* Add comprehensive quota usage guide
- Create detailed usage guide for quota management
- Include examples for developers
- Add admin instructions
- Document best practices and troubleshooting
Co-authored-by: onnwee <211922112+onnwee@users.noreply.github.com>
* Fix race condition and add caching to quota system
- Replace separate check and increment with atomic checkAndIncrementQuota
- Add Redis caching for user tier/role lookups (5 min TTL)
- Add input validation for category parameter in reset endpoint
- Remove whitespace-only lines in test files
- Update tests to match new atomic quota operations
Addresses code review feedback on race conditions, database load, and input validation.
Co-authored-by: onnwee <211922112+onnwee@users.noreply.github.com>
---------
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: onnwee <211922112+onnwee@users.noreply.github.com>
* Initial plan
* Add security logging and monitoring infrastructure
- Add SecurityLog and AlertLog models to Prisma schema
- Create comprehensive security logger utility with event logging
- Implement alert system with Discord/Slack webhook support
- Add security logging middleware for HTTP responses
- Integrate security logging into authentication flows (login, logout, refresh)
- Add logging for authorization events (permissions, role changes)
- Implement alert conditions (failed logins, privilege escalation, etc.)
- Update environment configuration for webhook URLs
Co-authored-by: onnwee <211922112+onnwee@users.noreply.github.com>
* Add comprehensive tests for security logging and alert system
- Add unit tests for security logger (11 tests, all passing)
- Add unit tests for alert system (13 tests, all passing)
- Add unit tests for IP management (11 tests, all passing)
- Test authentication, authorization, and security event logging
- Test alert triggers and webhook notifications
- Test IP blocking and whitelisting functionality
Co-authored-by: onnwee <211922112+onnwee@users.noreply.github.com>
* Security hardening - fix clear-text logging and tainted format strings
- Sanitize metadata in security events to redact sensitive fields (passwords, tokens, scopes, etc.)
- Add IP address sanitization to prevent log injection attacks
- Remove sensitive data from error logs
- Fix CodeQL security alerts (clear-text logging, tainted format strings)
- All tests still passing (35 tests)
- Zero CodeQL security alerts remaining
Co-authored-by: onnwee <211922112+onnwee@users.noreply.github.com>
* Address code review feedback - enhanced security validation
Code review improvements:
- Pass sanitized event to alert system (prevents sensitive data in alerts)
- Strict IP address validation (IPv4/IPv6 format checking)
- Remove raw IP from database reason field
- Improved IP sanitization with regex validation
- All tests still passing (35/35)
- Type checking clean
Co-authored-by: onnwee <211922112+onnwee@users.noreply.github.com>
* Update backend/src/middleware/securityLogging.ts
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Update backend/src/utils/securityLogger.ts
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Update backend/src/middleware/auth.ts
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Update backend/src/utils/alertSystem.ts
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Address PR review feedback - fix setTimeout reliability and response capture
- Replace setTimeout with database expiresAt field for IP auto-unblocking
- Add cleanupExpiredBlocks() function for periodic cleanup
- Update isIPBlocked() to automatically clean up expired blocks
- Replace res.send override with res.on('finish') to capture all response methods
- Add 4 new tests for expiration handling
- All 39 tests passing
Co-authored-by: PatrickFanella <61631520+PatrickFanella@users.noreply.github.com>
---------
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: onnwee <211922112+onnwee@users.noreply.github.com>
Co-authored-by: Patrick Fanella <61631520+PatrickFanella@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
- Merged origin/main using theirs strategy for conflicted files
- Fixed redis.test.ts structure (added missing describe block for scanKeys)
- Updated analytics.ts to remove unused caching imports
- Fixed function name from removeFromWhitelist to removeIPFromWhitelist in bans.ts
- All TypeScript type checks passing
Co-authored-by: onnwee <211922112+onnwee@users.noreply.github.com>
