Updates the user-facing docs to match the install flow after the
friction fixes landed:
README.md
Quick Start block now reflects reality: install.sh host-port
check, test-deployment.sh verify step, password file location,
and the useful-tools block (validate-env, test-deployment,
pangolin-teardown, ccp-deregister).
mkdocs prerequisites.md
New warning block under Linux Server covering the cockpit-on-9090
class of port collisions, pointing at the installer's ss-based
preflight and validate-env.sh for manual checks. Checklist gains
a host-port line.
mkdocs installation.md
"What install.sh does" now enumerates the new port check and disk
check. Configuration Wizard Step 4 notes the
data/admin-credentials.txt persistence for auto-generated
passwords. "Verifying Installation" rewritten around
test-deployment.sh. New "Clean reset before reinstall" block with
the teardown sequence.
mkdocs first-steps.md
Log In step tells users where to find the generated password when
they ran config.sh -y without --admin-password.
mkdocs control-panel.md
New "Registering an Existing Install (Phone-Home)" section
covering invite code, --ccp-* flags, approval, rate-limit + backoff
behaviour, and the ccp-deregister.sh teardown path with the
slug-conflict rationale.
Bunker Admin
Gitea SSO: cookie-based single sign-on via nginx auth_request — sets
cml_session cookie on login/refresh, validates via /api/auth/gitea-sso-validate,
injects X-WEBAUTH-USER header for reverse proxy auth. Dedicated GITEA_SSO_SECRET
and SERVICE_PASSWORD_SALT env vars isolate secret rotation.
Security fixes from March 30 audit: IDOR on ticketed events (requireEventOwnership
middleware), IDOR on action items (admin/assignee/creator check), path traversal
on photos (resolve-based validation), CSV upload size limit (5MB), shared calendar
email exposure removed.
Gitea provisioner: auto-sync docs repo collaborator access based on role
(CONTENT_ROLES get write, SUPER_ADMIN gets admin). Gitea client extended
with collaborator management API methods.
Production hardening: NODE_ENV defaults to production in docker-compose.prod.yml,
Grafana anonymous auth disabled, install.sh branch ref updated to main.
Admin UI: moved docs reset from toolbar to MkDocs Settings danger zone,
improved collab Ctrl+S to explicitly save + cache-bust preview.
MkDocs site rebuild with updated repo data, upgrade screenshots, and content.
Bunker Admin
Consolidates the Termux SMS server code (previously in a separate
campaign_connector git submodule) into termux-sms/ at repo root.
Updates phone clone commands to use sparse checkout so only the
termux-sms/ directory is downloaded onto the Android device.
Bunker Admin
Major additions: onboarding tour system, correlation-id middleware, media
error handler, restore script, env validation script, Dockerignore files.
Updates across 70+ admin components for improved UX and error handling.
Bunker Admin
Drop the custom Dockerfile.code-server that bundled Claude Code CLI,
Python/MkDocs tooling, and build-essential on top of codercom base.
Switch to the already-mirrored linuxserver/code-server image instead.
- Both compose files: use code-server:latest, LinuxServer env vars
(PUID/PGID/DEFAULT_WORKSPACE), port 8443, /config mount layout
- Nginx configs + templates: proxy to :8443 instead of :8080
- API env default: CODE_SERVER_URL updated to :8443
- build-and-push.sh: remove --include-code-server flag
- upgrade.sh: remove code-server conditional rebuild + registry fallback
- install.sh: add --ignore-pull-failures for optional missing images
- .env.example, CCP templates, bunker-ops template: updated
Bunker Admin
New install method: curl one-liner downloads a lightweight release
tarball (~9 MB) and runs the config wizard. No git clone needed,
no TypeScript compilation — pulls pre-built images from Gitea registry.
- docker-compose.prod.yml: production compose without build blocks or
source code volume mounts; IMAGE_TAG defaults to latest
- scripts/install.sh: curl-friendly installer (downloads tarball,
extracts, runs config.sh)
- scripts/build-release.sh: creates release tarball from dev repo
with only runtime files (configs, scripts, docs, empty data dirs)
- config.sh: release-mode detection (VERSION file + no .git dir),
auto-sets IMAGE_TAG=latest and NODE_ENV=production
- upgrade.sh: release-mode upgrade path (downloads new tarball from
Gitea Releases API instead of git pull, always uses registry mode)
- upgrade-check.sh: release-mode version check via Gitea API
- .gitignore: exclude releases/ and api/dist/
- Docs: updated getting-started with pre-built install instructions
Bunker Admin
Use inline JS styles (applySearchLayout) instead of CSS-only approach
for search panel layout - fixes Firefox compatibility where cross-origin
Material stylesheets override !important rules. Adds explicit height,
flex layout, z-index, and background on search elements. Also fixes
click-to-exit by deferring DOM queries to DOMContentLoaded. Syncs
header-builder.service.ts with main.html changes.
Bunker Admin
The collapsed Material header (height: 0, overflow: visible) left the
search input reachable but the __search checkbox was never toggled when
users typed directly into it. This prevented both Material's native CSS
and our custom CSS from revealing the results panel (opacity stayed 0,
scrollwrap max-height stayed 0).
- Add focusin/input event delegation to check __search on direct input
- Add search icon, dark mode toggle, and docs sidebar toggle to header
- Add CSS for hidden Material header, search positioning, palette, tabs
- Avoid Jinja2 block syntax inside JS comments (parsed as directives)
Bunker Admin
- Replace postMessage wildcard ('*') with explicit parent origin passed
via ?origin= parameter to prevent auth state disclosure to arbitrary
embedders
- Tighten frame-ancestors CSP: production restricts to self + DOMAIN,
dev restricts to localhost origins (was frame-ancestors *)
- Remove deprecated X-Frame-Options ALLOW-FROM header (CSP
frame-ancestors is the modern replacement)
- Validate targetOrigin with URL constructor before use
Bunker Admin
ScheduleOutlined was missing from the ANT_ICON_TO_MATERIAL mapping in
header-builder.service.ts, causing Material Icons to render raw text
characters ("S", "O") instead of a clock icon for the Shifts nav item.
Added the missing mapping and a toMaterialIcon() fallback that converts
any unmapped Ant Design icon name to snake_case Material Icons format.
Bunker Admin
Replaced multi-step manual instructions (heredocs, printf, individual echo
commands) with a single convenience script. Users now just clone the repo
and run: bash setup.sh YOUR_API_KEY
The script handles package install, key config, permissions, Termux:Boot,
and starting the server. Updated both the admin wizard and MkDocs docs.
Bunker Admin
printf \n escapes also get mangled by Android clipboard (expanded to real
newlines). Individual echo >> commands are the only reliable approach for
copy-pasting multi-line scripts to a mobile terminal.
Bunker Admin
Heredocs fail silently on Android Termux when copy-pasting from the admin GUI
(trailing whitespace from clipboard prevents EOF recognition). Switched to
printf commands in both the setup wizard and MkDocs docs. Also added
source ~/.bashrc and boot script steps directly in the wizard Step 4.
Bunker Admin
