12 releases 12 tags

RSS feed

• v0.6.2 8539ad5f6a

  Compare

  v0.6.2 Stable

  Gravity Bot released this 2026-02-28 16:33:38 +00:00 | 0 commits to main since this release

  What's Changed

  Features

  • Kiosk operation mode — Featured dashboard snapshot/restore, per-IP deletion tracking, daily reset, setup wizard integration (OP#1763)
  • User-facing dashboard import — Import dashboards from Dashy config with safe defaults and access control (OP#1824)
  • Theme system improvements — Live preview on appearance page, admin pages forced to server default theme (OP#1793)
  • Server default dashboard — Set dashboard as server default from admin panel, auto-create when none exists (OP#1835, OP#1836)
  • Live footer preview — Composite footer reorder and preview in admin settings (OP#1832, OP#1839)
  • OIDC session revalidation — Periodic revalidation on ~32h interval (OP#1761)
  • Immediate status checks — Trigger checks for newly created/imported items (OP#1840)

  Bug Fixes

  • Status indicators stuck gray — Duplicate element IDs from edit/view mode dual rendering caused getElementById to update hidden copy (OP#1838)
  • SSE endpoint returning 500 — statusWriter missing http.Flusher interface broke streaming (OP#1857)
  • Polling timers perpetually reset — SSE reconnect errors cleared and recreated intervals before they could fire (OP#1858)
  • Toolbar overflow — Extending page horizontally (OP#1831)
  • Settings cache — Invalidate after UpdateSettings and setup completion (OP#1833, OP#1796)
  • Toolbar visibility — Hide container when no actions available (OP#1798)
  • Status indicator rendering — Not rendering after batch OOB swap (OP#1841)
  • Status checks disabled — Enable by default and log when disabled (OP#1841)

  Security & Hardening

  • Access control — Guest mode read-only, rate limiter map caps, kiosk DELETE restricted to item paths (OP#1795)
  • Auth hardening — Password length cap, email regex, metadata logging, OIDC secret warnings (OP#1669, OP#1760)
  • Session security — DB error logging in revalidation, X-Forwarded-For for client IP (OP#1814, OP#1823)
  • SSE resource management — Channel close on unsubscribe, client limits, reconnect backoff (OP#1670)
  • Frontend lifecycle — Stale polling IDs, stuck animation flag, resize leak (OP#1671)
  • Accessibility — ARIA labels, focus traps, dialog roles (OP#1672)
  • Chart.js SRI — Subresource integrity hash for CDN script (OP#1673)
  • DeletionTracker bypass — Block unknown IPs when map is full (OP#1813)

  Test Coverage

  • Kiosk mode enforcement and daily reset (OP#1791)
  • User import access control and isolation (OP#1829)
  • Theme resolution for admin and preview (OP#1801)
  • Setup flow cache invalidation and toolbar (OP#1797)
  • ListTokensByType and InvalidateTokens (OP#1759)

  Housekeeping

  • Remove redundant migration 00028 (OP#1674)
  • Add goose annotations to migration 00035

  Stats

  • 42 commits, 53 tasks closed across 6 epics
  • 2 tasks deferred to v0.7.0 (OP#1830, OP#1837)

  Install

  docker pull git.bros.ninja/mike/gashy:v0.6.2
  

  Downloads

  • Source code (ZIP)
    0 downloads
  • Source code (TAR.GZ)
    0 downloads
• v0.6.1 4ae0e2250f

  Compare

  v0.6.1 Stable

  Gravity Bot released this 2026-02-23 06:51:59 +00:00 | 46 commits to main since this release

  What's Changed

  Security Fixes

  • OP#1712: Atomic token validate-and-consume to prevent TOCTOU race
  • OP#1714: Require authentication for preview mode endpoints
  • OP#1718: Add CSRF tokens to fetch() POST calls in edit-mode.js
  • OP#1720: Prevent email enumeration in auth responses
  • OP#1721: Encrypt OIDC client_secret at application level

  Bug Fixes

  • OP#1713: Add missing FK index on users.oidc_provider_id
  • OP#1715: Implement http.Flusher on gzip response writer
  • OP#1716: Demo handler transaction safety and division-by-zero guard
  • OP#1719: Handle SSE write errors on client disconnect
  • OP#1709: Improve error handling and API clarity in auth subsystem
  • OP#1710: Frontend code quality — innerHTML safety, ARIA, event handling

  Refactoring

  • OP#1704: Extract service layer for auth handler SQL
  • OP#1705: Extract long functions into named helpers
  • OP#1708: Extract duplicated helpers across auth handlers
  • OP#1722: Extract dashboard user groups and query helpers
  • OP#1707: Make migrations single-purpose and fully reversible
  • OP#1711: Clean up dead code and naming inconsistencies

  Testing

  • OP#1706: Add HandleLogin success path and redirect validation tests
  • OP#1717: Add tests for compress, static, and SSE hub components

  Install

  go get git.bros.ninja/mike/gashy@v0.6.1
  

  Downloads

  • Source code (ZIP)
    1 download
  • Source code (TAR.GZ)
    1 download
• v0.6.0 90cfd1c201

  Compare

  v0.6.0 Stable

  Gravity Bot released this 2026-02-23 03:04:29 +00:00 | 77 commits to main since this release

  v0.6.0 — Auth Expansion

  Traditional Username/Password Authentication

  • OP#1097: DB migration — auth_tokens, password hash, auth provider columns
  • OP#1098: Password hashing service and auth token helpers
  • OP#1101: Login flow — email/password, session creation, rate limiting
  • OP#1099: Registration flow — form, validation, account creation
  • OP#1100: Email confirmation flow
  • OP#1102: Password reset and magic sign-in link flows
  • OP#1103: Invite system — admin-generated signup links
  • OP#1104: Setup wizard — local auth option and admin bootstrap
  • OP#1201: Integration tests — Traditional Auth flows

  Multi-Provider OIDC Support

  • OP#1105: DB migration — oidc_providers table, user provider tracking
  • OP#1106: Refactor OIDCManager for multiple providers
  • OP#1108: Admin UI — OIDC provider CRUD management
  • OP#1107: Login page — multi-provider selection UI
  • OP#1109: Per-provider logout with end-session redirect
  • OP#1110: Setup wizard — multi-provider OIDC configuration
  • OP#1202: Integration tests — Multi-provider OIDC flows

  Real-Time Status Updates (SSE)

  • OP#1437: SSE hub and status broadcast
  • OP#1438: Status batch collector client JS

  Frontend Performance

  • OP#1440: Page prefetch on tab hover
  • OP#1441: Static caching and compression middleware
  • OP#1442: Page tabs, group highlight, page transitions

  Database Schema

  • OP#1444: visible_to_groups column and group-based filtering
  • OP#1445: Page transitions, toolbar config, dashboard transition migrations

  Performance Demo & Speedtest

  • OP#1447: Demo page infrastructure and test page CRUD
  • OP#1448: Speedtest runner with progressive scaling tests
  • OP#1449: Chart rendering library and speedtest template
  • OP#1450: Multi-tab browsing session test
  • OP#1451: Concurrent load test with server-side goroutines

  Security & Code Review Fixes

  • OP#1637: Gate demo write endpoints behind admin auth (CRITICAL)
  • OP#1638: Fix XSS in SSE status HTML builder and templ Raw() calls
  • OP#1639: Fix OIDC session data persistence after login
  • OP#1640: Convert magic login from GET to two-step POST flow
  • OP#1641: Make ProviderSetDefault atomic with single UPDATE
  • OP#1642: Fix seed script to match current schema
  • OP#1643: Fix open redirect via next parameter validation
  • OP#1644: Fix XSS in renderLoginError with html.EscapeString
  • OP#1645: Add per-email rate limit on magic link requests
  • OP#1646: Add cleanup goroutines for in-memory rate limit maps
  • OP#1647: Handle registration uniqueness constraint violation (TOCTOU)
  • OP#1648: Prevent OIDC provider deletion when users are linked
  • OP#1649: Sanitize setup error messages to prevent DB detail leaks
  • OP#1650: Add goose Down sections to migrations 00027 and 00028
  • OP#1651: Cache LoadSettings to avoid per-request DB query
  • OP#1652: Add EventSource cleanup on visibilitychange and beforeunload
  • OP#1653: Add TTL eviction to prefetch cache

  Install

  go get git.bros.ninja/mike/gashy@v0.6.0
  

  Downloads

  • Source code (ZIP)
    1 download
  • Source code (TAR.GZ)
    1 download
• v0.5.1 b7b60dc79b

  Compare

  v0.5.1 Stable

  Gravity Bot released this 2026-02-19 19:10:17 +00:00 | 138 commits to main since this release

  What's Changed

  Bug Fixes

  • fix(activity): add table alias to count query — the count query was missing the al table alias, causing PostgreSQL errors when filters were active (10c420b)
  • fix(activity): promote log failure from slog.Debug to slog.Warn — silent data loss when activity log INSERTs fail (4fac83e)

  Performance

  • perf(activity): optimize user query to select only needed columns — reduced from 15 columns to 3 for the filter dropdown (70bcb95)
  • perf(activity): skip user/eventTypes queries on HTMX partial requests — avoid unnecessary DB queries on pagination (625597e)

  Database

  • refactor(db): drop redundant standalone event_type index — composite index already covers these queries (87c30bd)
  • feat(db): add ON DELETE SET NULL to activity_logs foreign keys — preserves audit trail when users are deleted (7075496)

  Tasks

  • OP#1111: Fix count query missing table alias in activity service
  • OP#1112: Optimize activity log user query to select only needed columns
  • OP#1113: Skip user/eventTypes queries on HTMX partial requests
  • OP#1114: Promote activity log failure from slog.Debug to slog.Warn
  • OP#1115: Drop redundant standalone event_type index
  • OP#1116: Add ON DELETE SET NULL to activity_logs foreign keys
  • OP#1117: Fix whitespace alignment regression in models.go

  Install

  # From source
  git clone https://git.bros.ninja/mike/gashy.git
  cd gashy && git checkout v0.5.1
  

  Downloads

  • Source code (ZIP)
    1 download
  • Source code (TAR.GZ)
    1 download
• v0.5.0 f2ae5a27f8

  Compare

  v0.5.0 Stable

  Gravity Bot released this 2026-02-19 16:37:16 +00:00 | 147 commits to main since this release

  v0.5.0 — Phase 5: Auth Expansion

  Features

  • Activity Logging System — Full audit trail for all user and admin actions

    • Database-backed activity logs with event type, user, impersonation, and metadata tracking
    • Admin activity log viewer with filtering by event type, user, and date range
    • HTMX-powered pagination and partial page updates
    • Configurable log retention with automatic TTL cleanup (30d, 90d, 180d, 1y, or indefinite)
    • All CRUD operations instrumented: dashboards, sections, items, settings, SMTP, imports, impersonation

  • Impersonation Context Tracking — Activity logs capture when an admin acts on behalf of a user

  Documentation

  • Project README — Added comprehensive README.md with feature overview, quick start, and architecture summary
  • Wiki Documentation — 12 wiki pages created/updated covering configuration, deployment, dashboards, sharing, themes, status checks, imports, admin guide, and architecture
  • ADR Updates — ADR-002 amended with demo mode and user lifecycle design; ADR-006 corrected to reflect actual gitflow practice
  • Testing Standards — In-repo docs reconciled with wiki as canonical source

  Planning & Research

  • Traditional Auth Epic — Decomposed into 8 implementable child tasks with dependency graph (DB schema, password hashing, registration, email confirmation, login, password reset/magic links, invites, setup wizard)
  • Multi-provider OIDC Epic — Researched architecture and created 6 child tasks with dependency graph (DB migration, OIDCManager refactor, login page, admin UI, per-provider logout, setup wizard migration)

  Tasks

  • OP#1090: Initialize version branch from develop
  • OP#1078: Create README.md
  • OP#1079: Wiki: Configuration Reference
  • OP#1080: Wiki: Docker Deployment Guide
  • OP#1081: Wiki: Dashboard System
  • OP#1082: Wiki: Sharing & Collaboration
  • OP#1083: Wiki: Theme System
  • OP#1084: Wiki: Status Checks
  • OP#1085: Wiki: Import Guide
  • OP#1086: Wiki: Admin Guide
  • OP#1087: Wiki: Architecture Overview
  • OP#1088: Update wiki start page
  • OP#1089: Wiki housekeeping: ADRs and testing docs
  • OP#1092: DB migration: activity_logs table and indexes
  • OP#1093: Activity logging service: record and query functions
  • OP#1094: Instrument handlers to emit activity log events
  • OP#1095: Admin activity log viewer page
  • OP#1096: Activity log retention: TTL cleanup and admin settings
  • OP#240: Unit tests: User Activity Logs
  • OP#385: Update ADR-002 with expanded auth modes
  • OP#242: Break down Traditional Auth epic
  • OP#243: Research: Multi-provider OIDC architecture

  Install

  # Go module
  go get git.bros.ninja/mike/gashy@v0.5.0
  
  # Container image (after CI publishes)
  docker pull git.bros.ninja/mike/gashy:0.5.0
  

  Downloads

  • Source code (ZIP)
    1 download
  • Source code (TAR.GZ)
    1 download
• v0.4.1 a14d0a1442

  Compare

  v0.4.1 Stable

  Gravity Bot released this 2026-02-19 02:03:34 +00:00 | 159 commits to main since this release

  Release v0.4.1 — Deferred Polish

  Features

  • Mobile responsiveness: Responsive sidebars (admin/settings drawers), mobile navbar with hamburger collapse, responsive grid layouts for all form sections (OP#1059)
  • Keyboard shortcuts: Global keyboard shortcuts (? help overlay, / search focus, n new dashboard) (OP#1064)
  • Browser favicon support: Per-dashboard and server-default favicon URLs with DB migration, admin settings UI, and fallback resolution chain (OP#334)

  Security Fixes

  • Require POST for logout to prevent CSRF forced-logout (OP#1073)
  • Use constant-time comparison for CSRF and OAuth state tokens (OP#1074)
  • Add Secure flag to all cookies missing it (OP#1075)
  • Add PATCH to CSRF method check (OP#1076)

  Tests

  • Unit tests for mobile responsiveness across admin, settings, and header layouts
  • Unit tests for favicon resolution fallback chain
  • Unit tests for base.templ faviconOrDefault helper

  Downloads

  • Source code (ZIP)
    1 download
  • Source code (TAR.GZ)
    1 download
• v0.4.0 766baab4fe

  Compare

  v0.4.0: Phase 4 — Polish & Refinements Stable

  Gravity Bot released this 2026-02-18 22:56:36 +00:00 | 177 commits to main since this release

  What's Changed

  Code Quality & Architecture

  • OP#182: Establish test infrastructure & patterns
  • OP#183: Tests — auth & session layer
  • OP#184: Tests — services layer (CRUD, diff, import)
  • OP#185: Tests — HTTP handlers
  • OP#186: Tests — status check service
  • OP#234: Tests — security hardening (CSRF, rate limiting, session secret)
  • OP#236: Tests — input validation helpers
  • OP#237: Tests — transaction boundaries (rollback on partial failure)
  • OP#238: Tests — error handling helpers and status code mapping
  • OP#241: Tests — page general settings (navbar and footer)
  • OP#187: Add transaction boundaries to complex operations
  • OP#188: Refactor oversized service & handler files
  • OP#189: Structured error handling & consistent HTTP responses
  • OP#190: Add structured logging (slog)
  • OP#191: Enforce session secret & security hardening
  • OP#192: Clean up dead code, placeholders & inconsistencies
  • OP#193: CI pipeline hardening
  • OP#194: Service layer interface extraction for testability
  • OP#195: Database query layer review & Querier interface
  • OP#197: Input validation layer

  Features & Enhancements

  • OP#147: Styled error pages (404, 403, 500, 401, 400)
  • OP#148: Toast notifications & confirmation modals
  • OP#150: Additional themes (Dracula, Nord, Gruvbox, Solarized, Tokyo Night, One Dark, Rosé Pine)
  • OP#168: Page general settings — configurable navbar & footer
  • OP#386: Ordering support in dashboard change detection
  • OP#387: Redesign dismissed_source_items from array column to join table

  Documentation

  • OP#146: Mobile responsiveness audit & standards
  • OP#196: Git branch hygiene & merge strategy
  • OP#198: Project standards wiki (testing, error handling, database, services, handlers, logging, security, git conventions)

  Upgrade Notes

  • Database migration: 4 new migrations (00014–00017). Run goose up or let the app auto-migrate on startup.
  • Breaking: footer_text column replaced by footer_config JSONB column. Existing footer text is automatically migrated.
  • 9 new builtin themes are seeded on startup via ON CONFLICT DO NOTHING.

  Install

  # Build from source
  go build -o bin/gashy ./cmd/gashy
  
  # Or pull the container image (after CI publishes)
  docker pull git.bros.ninja/mike/gashy:v0.4.0
  

  Downloads

  • Source code (ZIP)
    1 download
  • Source code (TAR.GZ)
    1 download
• v0.3.2 7a7c4efadb

  Compare

  v0.3.2: CI Publish Pipeline Pre-release

  Gravity Bot released this 2026-02-17 23:07:02 +00:00 | 212 commits to main since this release

  Summary

  Adds automated release publishing to CI, removing manual tag creation and release promotion from the release workflow.

  Changes

  Publish Workflow (.forgejo/workflows/publish.yml)

  • detect-release — compares manifest.json version between HEAD and HEAD~1 on push to main
  • tag — verifies no existing tag, checks draft release exists, creates and pushes v{version} tag
  • promote-release — promotes matching draft Forgejo release to published (or creates one if missing)

  Release Validation Gates (ci.yaml)

  • validate-branch — only release/* branches can target main via PR
  • validate-release-pr — PR title must match Release v{version} from manifest.json; draft release must exist

  Version Source of Truth

  • Added manifest.json with name and version fields
  • Replaces manual git tagging in Phase 2 of the release workflow

  Work Packages

  • OP#969 Add publish workflow and manifest.json
  • OP#970 Add release validation gates to CI
  • OP#971 Release v0.3.2

  Downloads

  • Source code (ZIP)
    1 download
  • Source code (TAR.GZ)
    1 download
• v0.3.1 4214ea4546

  Compare

  v0.3.1: Phase 3.1 — UI Overhaul Stable

  Gravity Bot released this 2026-02-17 22:39:14 +00:00 | 215 commits to main since this release

  What's Changed

  Menu & Navigation Refactor

  • OP#806: Forgejo-style user dropdown menu
  • OP#807: Restructured user settings to /user/settings
  • OP#808: Forgejo-style grouped admin sidebar navigation
  • OP#809: Visual alignment pass for menu spacing, dividers, and hover states
  • OP#810: Unit tests for menu & navigation refactor

  Live Dashboard Editor

  • OP#811: User-facing CRUD routes for pages, sections, and items
  • OP#814: Pencil toggle edit mode on the dashboard page
  • OP#812: Modal overlay for section create/edit
  • OP#813: Modal overlay for item create/edit
  • OP#815: Removed content editing from admin panel
  • OP#816: Unit tests for live dashboard editor

  Public User Profiles

  • OP#818: Profile visibility toggle (public/private)
  • OP#817: Public user profile page at /user/{username}
  • OP#819: Unit tests for public user profiles

  Gravatar Support

  • OP#820: Gravatar URL generation from email hash
  • OP#821: Admin toggle to enable/disable gravatar globally
  • OP#822: Avatars in user dropdown, profiles, and user lists
  • OP#823: Unit tests for gravatar support

  Toast System & Custom Confirm Modals

  • OP#949: Custom confirm modal replacing browser confirm() and global htmx error handler
  • OP#950: Flash cookie persistence and CRUD success toasts
  • OP#951: User toast preferences (duration, position) with DB migration
  • OP#952: Unit tests for toast system

  Notifications Refactor

  • OP#211: Renamed invites to notifications throughout
  • OP#824: Extended notification system with multiple types (invite, share, system, info, update)
  • OP#825: Notification bell icon with unread badge in navbar
  • OP#166: Notification subscription preferences per type
  • OP#165: Email notification for dashboard invitations
  • OP#826: Unit tests for notifications refactor

  SMTP / Email

  • OP#164: SMTP configuration and email sending service
  • OP#239: Unit tests for SMTP config, env override, and send

  Install

  docker compose pull && docker compose up -d
  

  Full Changelog

  https://git.bros.ninja/mike/gashy/compare/v0.3.0...v0.3.1

  Downloads

  • Source code (ZIP)
    1 download
  • Source code (TAR.GZ)
    1 download
• v0.3.0 5f1ff61272

  Compare

  v0.3.0: Phase 3 — User Dashboards Stable

  Gravity Bot released this 2026-02-17 05:01:41 +00:00 | 265 commits to main since this release

  What's Changed

  Epics

  • OP#108: Phase 3: User Dashboards, Diff/Merge, Sharing
  • OP#154: Phase 3 Followup
  • OP#209: Import Overhaul: Full Dashy Config Compatibility
  • OP#210: Theme Settings: Admin/User Sync and Visibility
  • OP#254: Dashboard Soft Delete & User Settings Page

  Features

  • OP#155: Guest Mode
  • OP#156: OIDC Setup with editable Application URL
  • OP#159: User Impersonate
  • OP#161: Import UI
  • OP#167: Edit Dashboard
  • OP#169: Edit Item forms
  • OP#171: Status Check Interval
  • OP#172: New Status Display Mode — Icon
  • OP#173: Theme Selection
  • OP#203: Import: Add paste/text area option for YAML config
  • OP#207: OIDC verify: validate redirect URI configuration
  • OP#218: Handle all Dashy config structures during import
  • OP#220: Admin themes page: show current server default theme
  • OP#221: User settings: "Reset to server default" theme button
  • OP#222: User settings: server theme side-by-side comparison
  • OP#256: User Settings page with sidebar navigation
  • OP#257: Migrate user dashboard management to Settings page
  • OP#258: Redirect legacy routes to settings pages
  • OP#259: DB migration: soft delete column on dashboards
  • OP#260: Soft delete and restore service + handler logic
  • OP#261: Delete button in dashboard edit mode and admin panel
  • OP#262: Deleted Dashboards recovery section in User Settings
  • OP#336: Alpine.js toast notification component

  Bug Fixes

  • OP#162: Right Click Menu
  • OP#170: Cannot Leave Admin
  • OP#174: Selecting Dashboard Does Not Work
  • OP#200: Admin theme settings don't match user theme capabilities
  • OP#201: Admin CRUD forms render as unstyled HTML pages
  • OP#202: Dashboard edit drag-and-drop does not work
  • OP#204: Import: No upload feedback
  • OP#205: Import: Better YAML parse error handling
  • OP#212: Admin navbar: Add Impersonate link
  • OP#213: Drag-and-drop broken: Items and sections
  • OP#217: Fix multipart form file extraction in import handler
  • OP#253: Status indicators show gray circle for guest users
  • OP#255: Impersonation banner shows admin's name instead of target
  • OP#324: Nested form breaking theme settings save and reset
  • OP#331: Import preview missing skip counts
  • OP#332: NULL tags array crashes import
  • OP#333: Imported dashboards not added to user's dashboard list

  Tests

  • OP#219: Import unit tests using Dashy example configs
  • OP#228: Unit tests: Phase 3 Followup (navbar, drag-and-drop reorder)
  • OP#229: Unit tests: Theme settings
  • OP#263: Unit tests: Dashboard soft delete, restore, and User Settings
  • OP#272: Unit tests: Import parser structure mapping

  OpenProject: v0.3.0 — Phase 3: User Dashboards — 61/61 tasks closed

  Downloads

  • Source code (ZIP)
    3 downloads
  • Source code (TAR.GZ)
    1 download