Mike Dalessio
09366fc949
style: rubocop fix
2025-11-27 12:34:31 -05:00
Mike Dalessio
198e404eb0
Avoid N+1 on account and board settings pages
2025-11-27 11:44:16 -05:00
Mike Dalessio
50fe973105
Remove N+1 on the cards board.
2025-11-27 11:30:54 -05:00
Mike Dalessio
0ab3aaca72
Preload Event to avoid N+1s on the timeline
2025-11-27 11:27:10 -05:00
Mike Dalessio
79c9ea2ce1
Remove a bunch of N+1s
...
related to notification and comment rendering
2025-11-27 11:08:45 -05:00
Mike Dalessio
b78977f563
Make db/seeds.rb rerunnable when I want to add more cards.
2025-11-27 10:46:48 -05:00
Mike Dalessio
afcd2a6132
Merge pull request #1736 from basecamp/flavorjones/improve-agents.md
...
Improve AGENTS.md with some loki suggestions
2025-11-27 08:47:42 -05:00
Jorge Manrubia
30ad851a77
Merge pull request #1743 from basecamp/refreshes
...
Prevent Fizzy menu from closing on page refreshes
2025-11-27 07:13:06 +01:00
Jorge Manrubia
5e23e6c3d3
Prevent Fizzy menu from closing on page refreshes
...
https://app.fizzy.do/5986089/cards/3190
2025-11-27 07:07:27 +01:00
Mike Dalessio
a556fe9f8c
Merge pull request #1741 from basecamp/flavorjones/fix-gitleaks-recursion
...
Rename bin/gitleaks to gitleaks-audit
2025-11-26 21:37:46 -05:00
Mike Dalessio
f0b2603ba4
Rename bin/gitleaks to gitleaks-audit
...
to prevent script recursion if bin is in user's $PATH
2025-11-26 21:36:01 -05:00
Mike Dalessio
e8671d11fa
Improve AGENTS.md with some loki suggestions
...
Suggested by Claude after I yelled at it when it was using string
matching instead of the structured fields.
2025-11-26 17:48:37 -05:00
Mike Dalessio
a83735d434
Merge pull request #1737 from basecamp/flavorjones/gitleaks
...
Introduce gitleaks to the codebase
2025-11-26 15:55:34 -05:00
Mike Dalessio
7f46063c25
Introduce gitleaks to the codebase
...
- `bin/setup` installs gitleaks
- add `gitleaks dir` command to CI
- configure gitleaks to ignore tmp, log, and encrypted files
- tag existing false positives with `gitleaks:allow`
- add historical false positives to the ignore list
2025-11-26 15:46:47 -05:00
Mike Dalessio
1534485477
Merge pull request #1735 from basecamp/flavorjones/simplify-current-with-account
...
Simplify Current.with_account and .without_account
2025-11-26 12:32:23 -05:00
Mike Dalessio
9446bc18d2
Simplify Current.with_account and .without_account
...
Co-authored-by: Jeffrey Hardy <jeff@37signals.com >
2025-11-26 12:31:49 -05:00
Jason Zimdars
a9bb534d86
Merge pull request #1734 from basecamp/reactions-polish
...
Reactions polish
2025-11-26 11:31:37 -06:00
Jason Zimdars
e26845709a
Disable focus ring
2025-11-26 11:24:13 -06:00
Jason Zimdars
9ca4cda5e4
Larger emojis in picker, fit on narrow viewports
2025-11-26 11:13:18 -06:00
Rosa Gutierrez
3e716bfa26
Fix a couple of typos
2025-11-26 13:16:44 +01:00
Donal McBreen
9c08f68884
Merge pull request #1669 from basecamp/sqlite
...
Sqlite
2025-11-26 10:32:09 +00:00
Donal McBreen
761f86d78d
Revert unnecessary fixture change
2025-11-26 10:30:02 +00:00
Donal McBreen
18fa877882
Switch to a pool size of 5
2025-11-26 10:27:06 +00:00
Donal McBreen
a5fc6eeaec
Update SQLite schema
2025-11-26 10:18:55 +00:00
Donal McBreen
c4498212dc
Merge branch 'main' into sqlite
...
* main: (116 commits)
Ensure avatar thumbnails are square
Update useragent to recognize twitterbot/facebot
Add defensive styles for non-square avatar images
Update test for copy changes
Missed commit
AI: standardize on https://agents.md
Make it clear this is just notifications, not comprehensive activity
AI: configure MCP servers for Chrome, Grafana, and Sentry (#1727 )
Allow requests from Google Image Proxy
Update to basecamp's useragent fork
Clean up a little bit the CSRF reporting code
Claude: production observability guidance (#1725 )
Prevent autoscroll to the root columns container to prevent jump on page load
Include full name string so you can type your name to filter
Prioritize current user and assigned users in assignment dropdown
Check and report on Sec-Fetch-Site header for forgery protection
bundle update
Bump bootsnap from 1.18.6 to 1.19.0
Bump rails from `077c3ad` to `17f6e00`
Fix cards getting stuck in edit mode
...
2025-11-26 10:07:41 +00:00
Donal McBreen
b839340cf2
Tidy up modules and on_load points
2025-11-26 10:02:32 +00:00
Donal McBreen
9c86205510
Enforce SQLite column limits via CHECK constraints
...
Patch the sqlite adapter to add CHECK constraints for string and text
column limits. We'll do them inline, so that any column changes
automatically update the constraints.
2025-11-26 09:50:29 +00:00
Kevin McConnell
e7d716c0f1
Merge pull request #1731 from basecamp/avatar-thumb-aspect-ratio
...
Ensure avatar thumbnails are square
2025-11-26 09:30:33 +00:00
Kevin McConnell
ca5065a378
Ensure avatar thumbnails are square
...
Previously we were fitting the image inside a 256x256 box while keeping
it's original aspect ratio. But this can lead to images that are
squished and/or pixelated when we try to show them inside a square
container in the app.
Instead we can resize them to be square.
2025-11-26 09:21:46 +00:00
Mike Dalessio
e1d356d063
Merge pull request #1730 from basecamp/flavorjones/twitterbot-facebot
...
Update useragent to recognize twitterbot/facebot
2025-11-25 18:09:56 -05:00
Mike Dalessio
60e1751cac
Update useragent to recognize twitterbot/facebot
...
This UA was pulled from our logs.
ref: https://app.fizzy.do/5986089/cards/1775
2025-11-25 18:05:21 -05:00
Jason Zimdars
abbf226c3a
Merge pull request #1729 from basecamp/avatar-bulletproofing
...
Add defensive styles for non-square avatar images
2025-11-25 16:56:02 -06:00
Jason Zimdars
d825447e6b
Add defensive styles for non-square avatar images
2025-11-25 16:51:07 -06:00
Mike Dalessio
64a39b3139
Merge pull request #1726 from basecamp/flavorjones/better-useragent-behavior
...
Allow requests from Google Image Proxy
2025-11-25 17:15:38 -05:00
Jason Zimdars
9a8905dbc1
Merge pull request #1728 from basecamp/update-bundle-mailer
...
Make it clear this is just notifications, not comprehensive activity
2025-11-25 16:12:13 -06:00
Jason Zimdars
88765f5244
Update test for copy changes
2025-11-25 16:10:34 -06:00
Jeremy Daer
426420a406
Missed commit
2025-11-25 14:10:26 -08:00
Jeremy Daer
62fb1a46af
AI: standardize on https://agents.md
2025-11-25 14:09:53 -08:00
Jason Zimdars
154cbf0cde
Make it clear this is just notifications, not comprehensive activity
2025-11-25 16:08:11 -06:00
Jeremy Daer
92199c4ae7
AI: configure MCP servers for Chrome, Grafana, and Sentry ( #1727 )
2025-11-25 13:33:07 -08:00
Jason Zimdars
14650df246
Merge pull request #1723 from basecamp/fix-scroll-jump
...
Prevent autoscroll to the columns container to remove jump on page load
2025-11-25 15:31:26 -06:00
Mike Dalessio
b767d6edcb
Allow requests from Google Image Proxy
...
which should fix email notifications' avatars rendering as broken
images in GMail.
ref: https://app.fizzy.do/5986089/cards/1740
2025-11-25 16:26:15 -05:00
Mike Dalessio
0bf62ba4cf
Update to basecamp's useragent fork
...
and assert it's working by testing for Baidu
2025-11-25 16:18:23 -05:00
Rosa Gutierrez
fac9f3c369
Clean up a little bit the CSRF reporting code
...
Small follow-up to https://github.com/basecamp/fizzy/pull/1721
2025-11-25 21:28:50 +01:00
Jeremy Daer
525efb2de8
Claude: production observability guidance ( #1725 )
2025-11-25 12:23:01 -08:00
Jorge Manrubia
ca10e4ba4e
Prevent autoscroll to the root columns container to prevent jump on page load
...
https://app.fizzy.do/5986089/cards/3160
2025-11-25 21:01:18 +01:00
Mike Dalessio
396c1ffdcf
Merge pull request #1722 from basecamp/fwt-user-list-improvement
...
Prioritize current user and assigned users in assignment dropdown
2025-11-25 14:36:14 -05:00
Jason Zimdars
3d429c1dea
Include full name string so you can type your name to filter
2025-11-25 13:19:33 -06:00
Mike Dalessio
3811088db3
Prioritize current user and assigned users in assignment dropdown
...
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude <noreply@anthropic.com >
2025-11-25 13:46:14 -05:00
Rosa Gutierrez
d88949288c
Check and report on Sec-Fetch-Site header for forgery protection
...
This is a great, solid alternative to CSRF tokens for CSRF protection
when we aren't worried about older browsers or other kind of actors
doing modifying requests in our app, and could be a good test for future
upstreaming to Rails (although there we'd need to continue using CSRF
tokens or at least letting people opt out manually).
Let's start checking the header and reporting on it when CSRF fails or
when it doesn't match the other checks Rails does, and then promote this
to be the only way to defend from CSRF.
2025-11-25 19:19:50 +01:00