- Replace postMessage wildcard ('*') with explicit parent origin passed
via ?origin= parameter to prevent auth state disclosure to arbitrary
embedders
- Tighten frame-ancestors CSP: production restricts to self + DOMAIN,
dev restricts to localhost origins (was frame-ancestors *)
- Remove deprecated X-Frame-Options ALLOW-FROM header (CSP
frame-ancestors is the modern replacement)
- Validate targetOrigin with URL constructor before use
Bunker Admin
Remove V1 legacy configs (admin.conf, public.conf) and orphaned backup that
were never used by the container. Stop tracking generated .conf files (built
from *.template by envsubst at startup). Backport improvements to templates:
variable proxy_pass for media-api (fixes startup crash when container is down),
extended bot detection list, and mkdocs-proxy location for volunteer map docs.
Bunker Admin
The gancio-init container only seeded default color palettes but never
created an admin user, causing the settings sync to silently fail on
every API startup. Now creates an admin user via pgcrypto bcrypt hashing
using GANCIO_ADMIN_USER/GANCIO_ADMIN_PASSWORD env vars, with
ON CONFLICT DO NOTHING for idempotency.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Follows the listmonk-init pattern: an alpine:3 container that runs once
after NocoDB is healthy, calls the REST API to register changemaker_v2
as a browsable data source, and exits. Idempotent — exits immediately
if the base already has tables, and guards against duplicate sources
during async table discovery.
Bunker Admin
Closes 12 template drift gaps between the Control Panel templates and
production configs. New instances now provision with full monitoring
(alerts fire properly), correct Gitea DB type (postgres not mysql),
social sharing previews (OG meta bot routes), Excalidraw subdomain
routing, docker-socket-proxy for Homepage, and complete Grafana/
Alertmanager/Prometheus config copying.
Key changes:
- Rewrite Prometheus template: add alerting, rule_files, 5 scrape jobs
- Add cAdvisor, node-exporter, redis-exporter, gotify, docker-socket-proxy
- Fix Gitea env from mysql to postgres to match docker-compose
- Add OG bot detection + rewrite routes for campaigns/pages/gallery
- Add Excalidraw nginx server block + Pangolin draw subdomain
- Add embed port to discovery portConfig + emailTestMode to registration
- Copy alerts.yml, alertmanager.yml, Grafana dashboards to templates
- Add Listmonk proxy port and upgrade volume to API service
Bunker Admin
API container writes trigger files to a shared volume (data/upgrade/),
and a systemd path watcher on the host detects them and runs the
upgrade scripts. This avoids giving the container Docker socket access.
- Add upgrade-check.sh (git fetch + compare + write status.json)
- Add upgrade-watcher.sh (systemd bridge, dispatches check/upgrade)
- Add systemd path/service units with placeholder substitution
- Modify upgrade.sh with --api-mode flag (progress.json + result.json)
- Add API upgrade module (service + routes, SUPER_ADMIN only)
- Add System tab to Settings page with version info, changelog,
progress steps, and upgrade confirmation modal
- Add upgrade watcher installation to config.sh wizard
- Add data/upgrade/ shared volume to api service in docker-compose
Bunker Admin
Mobile users could only see aggregate vote counts (7Y/0M/1N) but not
who voted what. Adds a collapsible "View Responses" panel with per-voter
breakdown and score summary. Also adds a persistent inline success Alert
after vote submission to complement the easy-to-miss toast notification.
Bunker Admin
Replace the bare text input modal with a two-tab PollInsertModal that lets
users browse/search existing polls or create a new one inline, following
the same pattern as AdPickerModal.
Bunker Admin
ScheduleOutlined was missing from the ANT_ICON_TO_MATERIAL mapping in
header-builder.service.ts, causing Material Icons to render raw text
characters ("S", "O") instead of a clock icon for the Shifts nav item.
Added the missing mapping and a toMaterialIcon() fallback that converts
any unmapped Ant Design icon name to snake_case Material Icons format.
Bunker Admin
Users could not submit scheduling poll votes when an invalid or partial
email was entered — Zod rejected empty strings and non-email text with a
generic validation error. Added client-side email validation in both
SchedulingPollPage and SchedulingPollWidget, plus z.preprocess() on the
backend to coerce empty strings to undefined. Also added pridecorner.ca
to all nginx server blocks and added generate_nginx_configs() to
config.sh so template-based configs are generated during setup.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add DELETE /meeting-planner/:id/voters/:voterKey endpoint and delete
button on each voter row in the voting matrix. Includes voterKey in
API response for voter identification.
Bunker Admin
Two issues occurred during upgrades:
1. Gancio config.json lost when Docker volume name prefix changes
(e.g., changemakerlite_ vs changemaker-lite_). Gancio finds existing
DB but no config and enters restart loop. Fix: verify_gancio_config()
checks the volume and regenerates config.json from .env if missing.
2. mkdocs-site-server (LSIO nginx) returns 403 after upgrade because
the anonymous /config volume shadows the ./mkdocs/site bind mount.
Fix: docker compose rm -sf the LSIO container before up -d so the
anonymous volume is recreated fresh.
Also adds Gancio and MkDocs site health checks to Phase 6 verification.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add PUT endpoint for updating individual poll options and replace
read-only text display with inline DatePicker/TimePicker controls
in the edit drawer.
Bunker Admin
Enable starting ad-hoc SMS conversations from the conversations page
by searching contacts across SMS lists, CRM, and existing threads,
then composing and sending a first message.
Bunker Admin
Add getAllEntries API endpoint to query individual contacts across all lists
with optional list filter and case-insensitive search. Redesign the frontend
from a lists-only table to a contacts-first layout with search, list filter
dropdown, and a collapsible lists management panel.
Bunker Admin
The graph view only showed managed Contacts and Users (5 nodes) while
the table/cards views showed all 94 people. Added SMS contacts, address
occupants, campaign senders, shift signups, and donations to the graph
API with email/phone deduplication. Updated the frontend layout to
arrange disconnected nodes in a grid instead of a single horizontal
line, while preserving dagre tree layout for connected components.
Bunker Admin
- Reorder result hierarchy: Pages → Entities → Actions → Settings
(doc files and database records now appear right after page matches)
- Disable fuzzy matching for terms under 5 characters to prevent
false positives like "test" matching "text" (all SMS pages)
- Prefix matching still works for short terms (e.g. "mail" → MailHog)
Bunker Admin
- Add description field to CommandItem and descriptions to all 59 registry entries
- Add SMS Templates navigation and quick action entries
- Integrate favorites store: show starred items above recents when no query, star badges in search results
- Add @prefix: scope filtering (10 scopes) with parseQuery(), scope chip UI, and clickable scope list
- Add contextual command boosting based on current route (+50 path match, +25 group match)
- Reorder result hierarchy: Pages → Actions → Entities → Settings
- Extract CommandGroupSection and EntityGroupSection render helpers
Bunker Admin
- NotFoundPage component with Go Back, Go Home (role-aware), and Report to Admin buttons
- Catch-all routes inside AppLayout, VolunteerLayout, and top-level PublicLayout
- POST /api/public/error-report endpoint sends 404 notification emails to super admins
- Express API 404 handler returns consistent JSON error envelope for /api/* routes
- Fastify media API 404 handler via setNotFoundHandler
- Rate-limited error reports (5/hour per IP)
Bunker Admin
New instances provisioned via CCP were missing env vars for video analytics,
geocoding config, Listmonk SMTP, Gitea comments, Overpass/area import,
monitoring ports, Bunker Ops, and other features added since the template
was last updated.
Bunker Admin
Add Social Dashboard/Graph/Moderation, Jitsi Video Meetings, and Ad Analytics
to searchable command registry. Add missing ContactsOutlined and ScissorOutlined
icons to ICON_MAP. Update defaults-off feature flag list to include enableSocial,
enableChat, and enableMeet.
Bunker Admin
Replaced multi-step manual instructions (heredocs, printf, individual echo
commands) with a single convenience script. Users now just clone the repo
and run: bash setup.sh YOUR_API_KEY
The script handles package install, key config, permissions, Termux:Boot,
and starting the server. Updated both the admin wizard and MkDocs docs.
Bunker Admin
printf \n escapes also get mangled by Android clipboard (expanded to real
newlines). Individual echo >> commands are the only reliable approach for
copy-pasting multi-line scripts to a mobile terminal.
Bunker Admin
Heredocs fail silently on Android Termux when copy-pasting from the admin GUI
(trailing whitespace from clipboard prevents EOF recognition). Switched to
printf commands in both the setup wizard and MkDocs docs. Also added
source ~/.bashrc and boot script steps directly in the wizard Step 4.
Bunker Admin
