Timmy-time-dashboard

kimi/Timmy-time-dashboard

Archived

Fork 0

forked from Rockachopa/Timmy-time-dashboard

Commit Graph

Author	SHA1	Message	Date
Manus AI	f89f01140e	fix(security): eliminate XSS vulnerabilities in mobile.html and swarm_live.html Replace all innerHTML string interpolation with safe DOM methods (createElement, textContent, appendChild) to prevent script injection from user chat messages and WebSocket agent data. Fixes: XSS-01, XSS-02	2026-02-21 13:40:28 -05:00
Claude	95555b3738	feat: senior architect quality analysis + XSS fixes + HITL guide - Add QUALITY_ANALYSIS.md — 10-point architect review covering architecture coherence, completeness (~35-40% vs vision), mobile UX, security, test coverage, code quality, and DX - Fix P0 XSS: mobile.html chat input now uses DOM textContent instead of innerHTML string interpolation with raw user input - Fix P0 XSS: swarm_live.html agent/auction rendering rewritten with safe DOM methods (_t/_el helpers) — no more ${agent.name} in innerHTML - Add M7xx test category (4 new tests) covering XSS prevention assertions; total suite now 232 passing (was 228) - HITL session guide included in analysis with step-by-step phone test instructions and critical scenario priority ordering https://claude.ai/code/session_0183Nzcy7TMqjrAopnTtygds	2026-02-21 18:11:22 +00:00
Alexspayne	f9b84c1e2f	feat: Mission Control v2 — swarm, L402, voice, marketplace, React dashboard Major expansion of the Timmy Time Dashboard: Backend modules: - Swarm subsystem: registry, manager, bidder, coordinator, agent_runner, swarm_node, tasks, comms - L402/Lightning: payment_handler, l402_proxy with HMAC macaroons - Voice NLU: regex-based intent detection (chat, status, swarm, task, help, voice) - Notifications: push notifier for swarm events - Shortcuts: Siri Shortcuts iOS integration endpoints - WebSocket: live dashboard event manager - Inter-agent: agent-to-agent messaging layer Dashboard routes: - /swarm/* — swarm management and agent registry - /marketplace — agent catalog with sat pricing - /voice/* — voice command processing - /mobile — mobile status endpoint - /swarm/live — WebSocket live feed React web dashboard (dashboard-web/): - Sovereign Terminal design — dark theme with Bitcoin orange accents - Three-column layout: status sidebar, workspace tabs, context panel - Chat, Swarm, Tasks, Marketplace tab views - JetBrains Mono typography, terminal aesthetic - Framer Motion animations throughout Tests: 228 passing (expanded from 93) Includes Kimi's additional templates and QA work.	2026-02-21 12:57:38 -05:00

Author

SHA1

Message

Date

Manus AI

f89f01140e

fix(security): eliminate XSS vulnerabilities in mobile.html and swarm_live.html

Replace all innerHTML string interpolation with safe DOM methods
(createElement, textContent, appendChild) to prevent script injection
from user chat messages and WebSocket agent data.

Fixes: XSS-01, XSS-02

2026-02-21 13:40:28 -05:00

Claude

95555b3738

feat: senior architect quality analysis + XSS fixes + HITL guide

- Add QUALITY_ANALYSIS.md — 10-point architect review covering
  architecture coherence, completeness (~35-40% vs vision), mobile UX,
  security, test coverage, code quality, and DX
- Fix P0 XSS: mobile.html chat input now uses DOM textContent instead
  of innerHTML string interpolation with raw user input
- Fix P0 XSS: swarm_live.html agent/auction rendering rewritten with
  safe DOM methods (_t/_el helpers) — no more ${agent.name} in innerHTML
- Add M7xx test category (4 new tests) covering XSS prevention assertions;
  total suite now 232 passing (was 228)
- HITL session guide included in analysis with step-by-step phone test
  instructions and critical scenario priority ordering

https://claude.ai/code/session_0183Nzcy7TMqjrAopnTtygds

2026-02-21 18:11:22 +00:00

Alexspayne

f9b84c1e2f

feat: Mission Control v2 — swarm, L402, voice, marketplace, React dashboard

Major expansion of the Timmy Time Dashboard:

Backend modules:
- Swarm subsystem: registry, manager, bidder, coordinator, agent_runner, swarm_node, tasks, comms
- L402/Lightning: payment_handler, l402_proxy with HMAC macaroons
- Voice NLU: regex-based intent detection (chat, status, swarm, task, help, voice)
- Notifications: push notifier for swarm events
- Shortcuts: Siri Shortcuts iOS integration endpoints
- WebSocket: live dashboard event manager
- Inter-agent: agent-to-agent messaging layer

Dashboard routes:
- /swarm/* — swarm management and agent registry
- /marketplace — agent catalog with sat pricing
- /voice/* — voice command processing
- /mobile — mobile status endpoint
- /swarm/live — WebSocket live feed

React web dashboard (dashboard-web/):
- Sovereign Terminal design — dark theme with Bitcoin orange accents
- Three-column layout: status sidebar, workspace tabs, context panel
- Chat, Swarm, Tasks, Marketplace tab views
- JetBrains Mono typography, terminal aesthetic
- Framer Motion animations throughout

Tests: 228 passing (expanded from 93)
Includes Kimi's additional templates and QA work.

2026-02-21 12:57:38 -05:00

3 Commits