echo-core

Author	SHA1	Message	Date
Marius Mutu	77df09974c	fix(auth): restore /echo prefix after proxy strips it from next param The reverse proxy strips /echo/ before Python, so next=/workspace.html. Both the JS redirect and the server-side already-logged-in path now prepend /echo to produce a valid public URL. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-29 14:11:22 +00:00
Marius Mutu	38259f3cfd	fix(auth): redirect to original URL after login Pass current path as ?next= when bouncing unauthenticated requests to /echo/login; after successful auth, JS reads and validates the param (must start with /echo/, not /echo/login) before redirecting. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-29 13:38:27 +00:00
Marius Mutu	1462f98ae9	chore: auto-commit from dashboard	2026-04-28 10:46:30 +00:00
Marius Mutu	5e930ade02	feat(dashboard): unified workspace hub — cookie auth, 9-state projects, planning chat Merges workspace.html + ralph.html into a single unified project hub with: - Cookie-based auth (DASHBOARD_TOKEN, HttpOnly, SameSite=Strict) - 9-state project badge system (running-ralph/manual, planning, approved, pending, blocked, failed, complete, idle) with BUTTONS_FOR_STATE matrix - SSE realtime + polling fallback, version-based optimistic concurrency (If-Match) - Planning chat modal (phase stepper, markdown bubbles, 50s+ wait state, auto-resume) - Propose modal (Variant B: inline Plan-with-Echo checkbox) - 5-type toast taxonomy (success/info/warning/busy/error, 3px colored left-bar) - Inter font self-hosted + shared tokens.css design system + DESIGN.md - src/jsonlock.py (flock helper, sidecar .lock for stable inode) - src/approved_tasks_cli.py (shell-safe wrapper for cron/ralph.sh) - 55 new tests (T#1–T#30) + real jsonlock bug fix caught by T#16/T#28 - No emoji anywhere (enforced by test_dashboard_no_emoji.py) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-28 07:26:19 +00:00

4 Commits