Release v1.1.0 — Neptune Customizations #6

Merged

Mike Bros merged 6 commits from release/1.1.0 into main 2026-03-19 15:01:02 +00:00

Conversation 1 Commits 6 Files changed 7 +5743 -4815

Gravity Bot commented 2026-03-19 14:25:23 +00:00

Collaborator

Copy link

Release v1.1.0 — Neptune Customizations

Changes

• OP#2621: Dark mode default, theme persistence, and dark navbar
• OP#2622: Library persistence and server-side library loading
• OP#2623: OIDC + token authentication for public-facing canvas
• OP#2624: View-only mode for unauthenticated users
• OP#2625: UI polish: favicon, title, navbar cleanup
• OP#2626: Docker healthcheck fix for node:18-slim
• OP#2627: Fix MCP zod schema type coercion for string-to-number params
• OP#2606: Fix build-canvas.yml Docker socket failure on Forgejo runners
• OP#2607: Fix ci.yml upload-artifact@v4 incompatibility with Forgejo
• OP#2608: Remove stale upstream GitHub Actions workflows

Checklist

• All version tasks closed in Gravity PM
• Version file matches Gravity PM version (1.1.0)
• Draft Forgejo release created
• Tests passing
• Security audit clean

References

Version: 1.1.0 (Gravity PM)
Release task: OP#2620

## Release v1.1.0 — Neptune Customizations ### Changes - OP#2621: Dark mode default, theme persistence, and dark navbar - OP#2622: Library persistence and server-side library loading - OP#2623: OIDC + token authentication for public-facing canvas - OP#2624: View-only mode for unauthenticated users - OP#2625: UI polish: favicon, title, navbar cleanup - OP#2626: Docker healthcheck fix for node:18-slim - OP#2627: Fix MCP zod schema type coercion for string-to-number params - OP#2606: Fix build-canvas.yml Docker socket failure on Forgejo runners - OP#2607: Fix ci.yml upload-artifact@v4 incompatibility with Forgejo - OP#2608: Remove stale upstream GitHub Actions workflows ### Checklist - [x] All version tasks closed in Gravity PM - [x] Version file matches Gravity PM version (1.1.0) - [x] Draft Forgejo release created - [x] Tests passing - [x] Security audit clean ### References Version: 1.1.0 (Gravity PM) Release task: OP#2620

Gravity Bot added 4 commits 2026-03-19 14:25:23 +00:00

feat: dark mode, library persistence, and server-side library loading ... b7e6792da5

- Default to dark theme with #f5faff canvas background, persisted in localStorage
- Dark navbar styling (#2a2a2a) matching the dark mode aesthetic
- Library items saved/loaded from localStorage so they survive page reloads
- New /api/libraries endpoint serves .excalidrawlib files from mounted volume
- Frontend auto-loads server libraries on startup and merges with local ones
- Theme preference tracked via onChange and persisted across sessions

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

feat: add OIDC + token auth for public-facing canvas ... a6ef4b25d8

- Add express-openid-connect for OIDC authentication via Authentik
- MCP agents authenticate with Bearer token (MCP_AUTH_TOKEN env var)
- All write API routes (POST/PUT/DELETE) require authentication
- Read routes (GET, WebSocket) remain public for viewers
- Frontend checks /api/auth/status and enables viewModeEnabled for
  unauthenticated users (read-only canvas, no sync/clear buttons)
- Login/logout links shown in header when OIDC is configured
- Dark navbar (#2a2a2a) for dark mode theme
- MCP client (index.ts) sends auth token via apiHeaders() helper
- compose.yaml configured with env vars for both auth methods
- .env.example with Authentik setup instructions

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

refactor: replace express-openid-connect with hand-rolled OIDC using openid-client ... f09deb31a6

The express-openid-connect package had persistent cookie issues behind
the Janus reverse proxy (Secure flag, state cookie not persisting on
callback). Replaced with a clean implementation using openid-client v5:

- Manual OAuth2 code flow with PKCE (S256)
- State/nonce/code_verifier stored in simple HttpOnly cookie (no Secure flag)
- HMAC-SHA256 signed session cookies with in-memory session store
- /auth/login, /auth/callback, /auth/logout routes
- trust proxy enabled for X-Forwarded-Proto behind nginx

Also:
- Favicon added (excalidraw SVG from dashboard-icons)
- Title changed to "Excalidraw Canvas"
- Navbar cleanup: flattened controls, auth info pushed right with marginLeft auto
- Sync controls and clear button properly hidden for view-only users

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

chore(release): bump version to 1.1.0, fix zod schema coercion ... 14682d0d98

- Bump package.json version from 1.0.2 to 1.1.0
- Change z.number() to z.coerce.number() and z.boolean() to
  z.coerce.boolean() in MCP element schemas so params sent as
  strings by the MCP protocol are automatically coerced

Refs OP#2620

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Mike Bros added 1 commit 2026-03-19 14:27:40 +00:00

docs: rewrite README for fork with auth, dark mode, and deployment docs ... fd0e1fa209

Complete rewrite reflecting this as a production fork with:
- OIDC and token authentication documentation
- Three-tier access model (public/MCP agent/OIDC user)
- Docker compose quick start with all env vars
- Library management, reverse proxy notes
- Upstream attribution

Refs OP#2620

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Mike Bros added 1 commit 2026-03-19 14:28:35 +00:00

docs: add Forgejo CI badges to README ... 9ce8c2a80c

Refs OP#2620

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Mike Bros approved these changes 2026-03-19 14:33:24 +00:00

Mike Bros merged commit 1953a179b5 into main 2026-03-19 15:01:02 +00:00

Mike Bros referenced this pull request from a commit 2026-03-19 15:01:04 +00:00

Merge pull request 'Release v1.1.0 — Neptune Customizations' (#6) from release/1.1.0 into main

Sign in to join this conversation.

Reviewers

No reviewers

Mike Bros

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

2 participants

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

mike/mcp_excalidraw!6

No description provided.