* main:
Consolidate footer text into a shared partial
Tweak comment history button on mobile
Transparent lexxy toolbar when inside a golden card
Add rel noopener to external links
* main: (65 commits)
Repair scope for card styles within the columns view
Add missing list to cards page
Account for simpler public views
Fix public layout
Pull board-tools outside of the list for mobile
saas: move log_level setting into an environment variable
Restore log level configurability in production environment
Remove engagements
Use notch class so Save button is positioned correctly
Go back to board after clearing filters
Revert "Use existing no_filtering_url to direct back to the board when clearing filters"
Use existing no_filtering_url to direct back to the board when clearing filters
Ensure filters sit on top of cards
Fix public boards
Fix card grid layout
Fix Chinese/Japanese characters missing from printed PDFs on macOS
Add SQLite FTS5 support for CJK search
Add CJK (Chinese, Japanese, Korean) search support
Fix scrolling on mobile
Remember expanded state on navigation
...
* main: (63 commits)
Ignore hotkeys with modifiers
Fix 1Password account ID (was user UUID) (#2278)
Switch 1Password account to 37signals.1password.com (#2276)
Remove CSS testing comments
Max card count equals geared pagination size
Block IPv4-compatible IPv6 addresses in SSRF protection (#2273)
Only enable transitions on user interaction
Don't update counter if value hasn't changed
Add padding to upgrade message on larger screens
Add test coverage for autolinking multiple URLs
Add "noopener" to autolinks' rel attribute
Avoid string manipulation when autolinking.
Only bump z-index when nav is open
Move nav and related elements above footer
Delete Dockerfile.dev
fix: use the right gh-cli arch package (#2232)
Bump actions/attest-build-provenance from 3.0.0 to 3.1.0 (#2257)
Bump docker/setup-buildx-action from 3.11.1 to 3.12.0 (#2256)
Consider user avatars always public
Implement authorization for Active Storage endpoints
...
* main: (55 commits)
Add padding to upgrade message on larger screens
Add test coverage for autolinking multiple URLs
Add "noopener" to autolinks' rel attribute
Avoid string manipulation when autolinking.
Only bump z-index when nav is open
Move nav and related elements above footer
Delete Dockerfile.dev
fix: use the right gh-cli arch package (#2232)
Bump actions/attest-build-provenance from 3.0.0 to 3.1.0 (#2257)
Bump docker/setup-buildx-action from 3.11.1 to 3.12.0 (#2256)
Consider user avatars always public
Implement authorization for Active Storage endpoints
Update documentation
Expose the card ID and URL on comments
Don't run application recurring jobs in betas
This link is reduntant if you're over the limits
Add obvious upgrade button when you're out of storage
Internaly only view
Target comment elements more precisely
Better name for helper method
...
* main: (318 commits)
Document the new sign in method
Replace handle_ naming
Use same constant for fake magic links
Replace FakeMagicLink with a temporary object
Tidy up session_token
Clean up interfaces
Split tests by controller or responsibility
Simplify auth logic
Fix due to unit test when creating with invalid emails
Restore sessions_controller test on creating invalid email address
Move magic link api tests to their own files
Rename test to clarify what they're about
Cleanup session creation
Update to always return a pending auth token for JSON responses.
Update API test for cross code
Change test expectation on single tenant mode account creation
Add unit tests for the new endpoints
Pass a server token when creating a magic link via API
Simplify code a bit
Simplify session create logic for both html and json
...
* main: (107 commits)
Document the new sign in method
Replace handle_ naming
Use same constant for fake magic links
Replace FakeMagicLink with a temporary object
Tidy up session_token
Clean up interfaces
Split tests by controller or responsibility
Simplify auth logic
Fix due to unit test when creating with invalid emails
Restore sessions_controller test on creating invalid email address
Move magic link api tests to their own files
Rename test to clarify what they're about
Cleanup session creation
Update to always return a pending auth token for JSON responses.
Update API test for cross code
Change test expectation on single tenant mode account creation
Add unit tests for the new endpoints
Pass a server token when creating a magic link via API
Simplify code a bit
Simplify session create logic for both html and json
...
* main: (119 commits)
Bust comment view cache
Update lexxy to bring fixes from https://github.com/basecamp/lexxy/releases/tag/v0.1.24.beta
Fix unexpected remove empty line from README
Lightbox uses Stimulus target callbacks instead of data-action
Add test coverage for the image lightbox
Add tests for tenancy middleware and timezone cookie
Refactor: Simplify TimeWindowParser using Rails convenience methods
SMTP: support SMTPS on port 465 (#2132)
Bump fizzy-saas to retain fewer docker images (#2134)
Add test coverage for with_golden_first scope (#2130)
Refactor: improve query scope composition with merge syntax (#2131)
Validate avatar sizes
Introduce Vips configuration
Tailscale serve support (#2126)
Update tests with final method naming: record! -> record
CSP config to allow Minio in development
Update fizzy-saas to get employee restriction in staging
Drop staff restriction in beta and staging
Unused
Use new FIZZY_GH_TOKEN with limited access
...
To avoid any visual flashes of the old theme before the Stimulus
controllers load, we can apply the saved theme from `<head>` whenever
there is a full page load.
This applies to both the regular and public views, as we're doing it in
the shared head partial.
* main: (70 commits)
bin/ci: run OSS suite in SAAS mode for full coverage (#2029)
Fix flaky tests caused by leaky show_exceptions twiddling (#2028)
Fix ActiveStorage FileNotFoundError with immediate variant processing (#2022)
Immediate avatar and embed variants (#2002)
Should be in global gitignore
Account for browser button styled and adjust mobile padding for perma BG
Wrap the overflow menu
doc: update style doc reference for LLM agents
Fix Identity destruction callback ordering
Ensure user toggles on board edit page are cached properly
Adopt a cooldown period for dependency updates
Add lazy error context for Rails error reporter (#2014)
Disable board edit buttons for select all/none when not privileged
Autotuner: use structured logging instead of Sentry (#2011)
Add datetime to the search results
Fix involvement button label
Bump mittens to 0.3.1 (#2006)
No need to pass Currentl.user since it is the default value for the param
Validate email before creating identity during join code redemption
Ignore RubyMine project files in .gitignore
...
* main: (82 commits)
We can remove ad-hoc handling now that we rely on page refreshes in the card perma
Only broadcast when the preview changes, use the _later variant for the broadcast, add tests
Update pinned cards when the title changes
Rename to be more consistent
Beautify board watchers list (#1946)
Add missing data-attr on public board
Fix hotkey text size on tiny viewports
Use buil-in support for :self in Stimulus
Save a bunch of invocations on morph events from children elements
Fix: memoization was showing stale values when morphing
GitHub actions: limit GITHUB_TOKEN permissions (#1933)
Validate Identity email address
Drop defunct user creation script
Golden cards should be placed at the top
Animate the column height with a stimulus controller so that it does not depend to the server to update when you D&D
mise: respect .ruby-version
Support custom validation messages
Move css bit to the new blank slates CSS
Prevent board names with only spaces and show validation message
Keep the column color when D&D cards
...
When the auth-related controllers hit rate limits they set an alert in
the flash. But we weren't displaying the flash on the public layout, so
those were never seen.
Changed to surface the alert. But also change the "Try another code"
message to be shake-only instead, to match the current behaviour.
* main: (85 commits)
Fix crash when inserting an emoji into a max length reaction
change the object type in the example code (#1824)
We can't hide public boards like this
Consistent breakpoints for min- and max-width
Repair tooltip z-index selector
Fix bin/setup to explicitly use bash syntax for mise hook-env (#1813)
Update AGENTS.md (#1818)
Bundler: normalize platforms (#1822)
Robots, begone (#1812)
Account for input padding on autoresize pseudo-element
Updated database.sqlite.yml
(account): encode external_account_id in slug
Allow typing magic links on mobile
Add contributing guide
Disconnect action cable when user is deactivated
Disable ARM image builds
Disable image builds for PRs
Add libssl-dev
Add automated Docker image builds
Make the jump nav hotkeys look like the others
...
* main: (30 commits)
Update useragent to recognize twitterbot/facebot
Add defensive styles for non-square avatar images
Update test for copy changes
Missed commit
AI: standardize on https://agents.md
Make it clear this is just notifications, not comprehensive activity
AI: configure MCP servers for Chrome, Grafana, and Sentry (#1727)
Allow requests from Google Image Proxy
Update to basecamp's useragent fork
Clean up a little bit the CSRF reporting code
Claude: production observability guidance (#1725)
Prevent autoscroll to the root columns container to prevent jump on page load
Include full name string so you can type your name to filter
Prioritize current user and assigned users in assignment dropdown
Check and report on Sec-Fetch-Site header for forgery protection
bundle update
Bump bootsnap from 1.18.6 to 1.19.0
Bump rails from `077c3ad` to `17f6e00`
Fix cards getting stuck in edit mode
Don't report ConcurrentMigrationError to Sentry
...
* main: (35 commits)
Replace the whole card on update
Include bottom inset on the modal and footer, too
Attempt to fix expanded search input
Lose the second close button
This seems to have caused the unwanted effect of not focusing the field in Mobile Safari
Always display the cancel button, `esc` isn't obvious
Nothing should cover the bar, trays or search results
Dark theme color isn't black
Add env constaints for mobile layout
Smaller on mobile
Reasonalbe max heights
Remove top orientation (it doesn't work well), make right and left classes exclusive
This is too fancy, remove it
Set reasonable maxes
Restore bubble to Maybe
Restore structured logging of `queenbee_id`
Add a kamal pre-build hook with some safety checks
Configure beta to use production blob store
Configure beta load balancer
Update beta deployment and secrets config
...