* Add year headings to compare version select
* Address review feedback on heading options
Use stable keys for heading options and set explicit displayName.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
* fix: Null reference
* fix: Scope image click querySelector to editor view
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
* feat: Allow comparing any two revisions in document history
* Copilot review feedback
Move MobX store lookup out of useMemo so it stays reactive, fix i18n key spacing to match existing translations, and map synthetic latest revision ID to "latest" in the dropdown so DataLoader can fetch it.
* fix: Force editor remount when comparison target changes
* fix: Don't show wrong diff while compareTo revision is loading
* First pass
* Remove prop drilling, fix comment layout
* Revert dev:watch to use dev:backend
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
* fix: Remove user id from toggle storage key
* refactor: Namespace toggle fold storage key
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
* refactor: Convert Document scene from class to functional component
Replace the @observer class component with a functional component using
hooks (useStores, useTranslation, useHistory, useLocation) instead of
HOC wrappers (withStores, withTranslation, withRouter). All @observable
state converted to useState with companion refs for stale closure
avoidance in debounced callbacks and unmount cleanup.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor: Extract save/dirty tracking into useDocumentSave hook
Moves all save, autosave, dirty-tracking, template insertion, and
unmount cleanup logic from DocumentScene into a dedicated hook. This
reduces the component from ~790 to ~500 lines and isolates re-renders
from save state changes (isSaving, isPublishing, etc.) to a smaller
surface.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* docs: Add JSDoc to DocumentScene Props and function
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* unused
* Remove withStores
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* fix: Handle GitLab Flavored Markdown
* PR feedback
* Harden HTML comment stripping against overlapping patterns
Loop the replacement until stable to avoid CodeQL's incomplete
multi-character sanitization alert — a single pass could leave
`<!--` residue for inputs like `<!<!-- x -->-- -->`.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
* First pass
* Remove popularity changes
* Address review feedback
- Compute retention cutoff in UTC from the database rather than worker-local TZ
- Push partition predicate into rollup source CTEs to avoid full-table scans per partition
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* Anchor insight rollups to UTC and include today
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
* fix: Correctly validate uploaded file size using local storage option
* fix: Normalize attachment size from BIGINT before comparison
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
* fix: Ensure OTP is bound to teamId
* fix: Address review feedback on OTP tenant scoping
- Trim whitespace in VerificationCode Redis keys to match DB lookup
normalization.
- Redirect with invalid-code (rather than leaking a backend error)
when no user exists for the email in the resolved team.
- Correct retrieve() JSDoc to state undefined instead of null.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
* Allow passing CSP nonce to exported html
* test: Add nonce regression test, drop options from tags
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
* fix: Flaky test
* fix: Restrict /auth/redirect to JWT authentication only
Non-JWT tokens (API keys, OAuth) could reach the redirect endpoint
and produce a confusing "Unable to decode token" error. Restrict the
auth middleware to APP type so they are rejected before the handler.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* Add argument to suppressEmails wehn inviting users
* Skip InviteSent flag when suppressEmail is set
Keeps the resend-invite counter accurate so users.resendInvite can
still deliver the first email when the initial invite was silent.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
Tom Moor