* chore: resolve remaining unbound-method lint warnings
Apply targeted fixes per call pattern: arrow wrappers when passing a
method as a callback, arrow-function class fields when the method
doesn't depend on `this`, and `.bind()` when capturing for later
invocation.
Also replaces the rfc6902 hasOwnProperty re-export with a small wrapper
function so callers don't reference an unbound prototype method.
* chore: memoize history.goBack callbacks
Stable identity prevents Button re-renders and avoids re-subscribing
the global keydown handler in RegisterKeyDown when the parent renders.
* chore: enable typescript/restrict-template-expressions lint rule
Coerce values of unknown type with explicit String() and tighten typing
for template literal expressions across the codebase.
* fix: restore --line-height on Card for fadeOut ::after gradient
* fix: Handle GitLab Flavored Markdown
* PR feedback
* Harden HTML comment stripping against overlapping patterns
Loop the replacement until stable to avoid CodeQL's incomplete
multi-character sanitization alert — a single pass could leave
`<!--` residue for inputs like `<!<!-- x -->-- -->`.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
* fix: Correctly validate uploaded file size using local storage option
* fix: Normalize attachment size from BIGINT before comparison
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
* fix: Ensure OTP is bound to teamId
* fix: Address review feedback on OTP tenant scoping
- Trim whitespace in VerificationCode Redis keys to match DB lookup
normalization.
- Redirect with invalid-code (rather than leaking a backend error)
when no user exists for the email in the resolved team.
- Correct retrieve() JSDoc to state undefined instead of null.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
* fix: Validate host parameter stored in OAuth state on auth failure path
* fix: Validate OAuth state host to prevent open redirect
Sanitize the host parameter from OAuth state before using it in error
redirects. Adds userinfo stripping to parseDomain's normalizeUrl to
prevent bypasses like "subdomain.base@evil.com", validates custom
domains against registered teams, and introduces Team.findByDomain
with input normalization for consistent domain lookups.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* feat: Extract search into pluggable provider system
Refactors the monolithic SearchHelper into a pluggable search provider
architecture, enabling alternative search backends (Elasticsearch,
Turbopuffer, etc.) while preserving PostgreSQL full-text search as the
default. The SEARCH_PROVIDER env var selects the active provider.
- Add BaseSearchProvider abstract class and SearchProviderManager
- Add Hook.SearchProvider to the plugin system
- Move PostgreSQL search logic into plugins/postgres-search/
- Add SearchIndexProcessor for event-driven index sync
- Update all callers to use the provider manager directly
- Keep SearchHelper as a deprecated thin wrapper for backwards compat
Closes#11347
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor: Remove deprecated SearchHelper wrapper
All callers now use SearchProviderManager directly, so the thin
delegation wrapper is no longer needed.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor: Rename postgres-search plugin to search-postgres
Renames the plugin folder and id so that future search provider plugins
(e.g. search-elasticsearch, search-turbopuffer) will be colocated
alphabetically.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor: Remove special-case plugin import from SearchProviderManager
Make PluginManager.loadPlugins resilient to individual plugin load
failures so SearchProviderManager can use the standard getHooks path
without needing to directly import the search-postgres plugin.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* test: Add missing search provider tests for full coverage parity
Adds all tests that existed in the old SearchHelper.test.ts but were missing
from PostgresSearchProvider.test.ts, including searchTitlesForUser status
filters, collection filtering, group memberships, and sorting tests.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feedback
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Adds group sync from external authentication providers, allowing team group memberships to be automatically managed based on provider data on sign-in in the future.
* OAuth
* store logo
* unfurl support
* refresh token
* support for list
* embed list
* mention menu for all embeds in a list
* multi-level list
* logo
* account level connection
* tsc
* Update Icon.tsx
* coderabbit feedback
* RFC 6749 suggestion
---------
Co-authored-by: Tom Moor <tom@getoutline.com>
* perf: Add timeout and optimize URL unfurl performance
Fixes issue where urls.unfurl endpoint could take 15+ seconds due to external API timeouts and sequential plugin execution.
Changes:
- Add timeout support to fetch utility with AbortController (defaults to no timeout, configurable per request)
- Add 10 second timeout to Iframely plugin requests
- Add early URL pattern validation to GitHub and Linear plugins to avoid unnecessary database queries
- Add try-catch error handling to URL parsing in GitHub and Linear plugins
This reduces worst-case unfurl time from 15+ seconds to ~10 seconds maximum, and eliminates unnecessary overhead for URLs that don't match plugin patterns.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* lint
---------
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
Tom Moor