Updates the user-facing docs to match the install flow after the
friction fixes landed:
README.md
Quick Start block now reflects reality: install.sh host-port
check, test-deployment.sh verify step, password file location,
and the useful-tools block (validate-env, test-deployment,
pangolin-teardown, ccp-deregister).
mkdocs prerequisites.md
New warning block under Linux Server covering the cockpit-on-9090
class of port collisions, pointing at the installer's ss-based
preflight and validate-env.sh for manual checks. Checklist gains
a host-port line.
mkdocs installation.md
"What install.sh does" now enumerates the new port check and disk
check. Configuration Wizard Step 4 notes the
data/admin-credentials.txt persistence for auto-generated
passwords. "Verifying Installation" rewritten around
test-deployment.sh. New "Clean reset before reinstall" block with
the teardown sequence.
mkdocs first-steps.md
Log In step tells users where to find the generated password when
they ran config.sh -y without --admin-password.
mkdocs control-panel.md
New "Registering an Existing Install (Phone-Home)" section
covering invite code, --ccp-* flags, approval, rate-limit + backoff
behaviour, and the ccp-deregister.sh teardown path with the
slug-conflict rationale.
Bunker Admin
Gitea SSO: cookie-based single sign-on via nginx auth_request — sets
cml_session cookie on login/refresh, validates via /api/auth/gitea-sso-validate,
injects X-WEBAUTH-USER header for reverse proxy auth. Dedicated GITEA_SSO_SECRET
and SERVICE_PASSWORD_SALT env vars isolate secret rotation.
Security fixes from March 30 audit: IDOR on ticketed events (requireEventOwnership
middleware), IDOR on action items (admin/assignee/creator check), path traversal
on photos (resolve-based validation), CSV upload size limit (5MB), shared calendar
email exposure removed.
Gitea provisioner: auto-sync docs repo collaborator access based on role
(CONTENT_ROLES get write, SUPER_ADMIN gets admin). Gitea client extended
with collaborator management API methods.
Production hardening: NODE_ENV defaults to production in docker-compose.prod.yml,
Grafana anonymous auth disabled, install.sh branch ref updated to main.
Admin UI: moved docs reset from toolbar to MkDocs Settings danger zone,
improved collab Ctrl+S to explicitly save + cache-bust preview.
MkDocs site rebuild with updated repo data, upgrade screenshots, and content.
Bunker Admin
