admin/changemaker.lite
1
0
Fork 0
Code Issues Packages Projects Releases 35 Wiki Activity

35 Releases 38 Tags

RSS Feed
  • v2.8.0 145ba4268f

    Changemaker Lite v2.8.0 Stable

    admin released this 2026-04-07 17:26:02 -06:00 | 72 commits to main since this release

    v2.8.0 — Remote Instance Management

    Highlights

    Remote Management via CCP Agent — The Changemaker Control Panel can now manage CML instances running on remote servers. A lightweight HTTP agent runs on each remote host, communicating with the CCP over mTLS (mutual TLS) for full lifecycle management: start/stop, health checks, backups, upgrades, and reconfiguration.

    New Features

    • CCP Remote Agent (ccp-agent) — New Docker service that runs on remote CML instances, providing secure remote management capabilities. Deployed as a Docker Compose profile (ccp-agent), activated during setup or from the admin panel.
    • mTLS Certificate Management — CCP acts as its own Certificate Authority. Agent certificates are issued automatically during the phone-home approval flow. Private keys are delivered once and wiped from the database.
    • Phone-Home Registration — Remote instances register with the CCP using single-use invite codes. The CCP admin approves registrations from the dashboard, and certificates are delivered automatically.
    • Admin Panel Registration — Existing instances can register with a CCP directly from the admin GUI (Services > Control Panel) without SSH access.
    • CLI Registration Scriptscripts/register-with-ccp.sh for SSH-based registration of existing installations. Supports --unregister to remove registration.
    • Execution Driver Abstraction — New ExecutionDriver interface transparently routes Docker and filesystem operations to either local Docker socket or remote agent over HTTPS.
    • Invite Code Management — CCP admins can generate, list, and revoke single-use invite codes for agent registration.
    • Agent Registrations Dashboard — CCP admin page to review, approve, or reject pending agent registrations.

    Infrastructure

    • Added ccp-agent as 5th service in build pipeline (build-and-push.sh)
    • Added CCP agent env vars to docker-compose environment passthrough
    • Added configure_control_panel() section to config.sh setup wizard
    • New Prisma models: CcpCertificateAuthority, IssuedAgentCert, AgentInviteCode, AgentRegistration

    Security

    • Certificate bundles (containing private keys) are wiped from the database after first delivery
    • Shell injection prevention: all agent CLI operations use execFile with argument arrays
    • Command allowlist with shell metacharacter rejection for docker compose exec
    • Rate limiting (10 req/15min) on unauthenticated agent registration endpoints
    • Fingerprint pinning auto-populated during phone-home certificate installation
    • Path traversal protection on all agent filesystem operations

    Bug Fixes

    • Fixed Vite allowedHosts blocking production domains
    • Fixed deployment issues found during end-to-end testing
    • Added pagination to public campaign, petition, shift, and shop endpoints
    • Wired ENABLE_SOCIAL, ENABLE_PEOPLE, ENABLE_ANALYTICS through full .env stack

    Upgrade Notes

    • New env vars available: ENABLE_CCP_AGENT, CCP_URL, CCP_INVITE_CODE, CCP_AGENT_URL, CCP_AGENT_PORT
    • The CCP agent is optional — existing installations are unaffected unless you enable it
    • CCP database migration runs automatically on startup (adds remote agent tables)
    Downloads
  • v2.7.3 d010993994

    v2.7.3 Stable

    admin released this 2026-04-07 16:50:20 -06:00 | 73 commits to main since this release

    Remote instance management via mTLS agent

    Major release introducing phone-home registration of remote instances into a Changemaker Control Panel — the foundation layer for fleet management.

    Commits:

    • Add remote instance management with mTLS agent and phone-home registration (721b4df6)
    • Add pagination to public endpoints, Pangolin site picker, and docs editor toolbar (eaffd8a8)
    • Add uninstall.sh and test-deployment.sh to release tarball (d732e03a)
    • Fix Vite allowedHosts blocking production domains (94d800c1)
    • Add openssl to CCP API container for certificate generation (dfc8b4c6)
    • Fix deployment issues found during end-to-end testing (d0a16448)

    Key changes:

    • Phone-home registration: CML agent container polls CCP with an invite code, CCP issues mTLS certs on approval
    • Pagination on public endpoints (campaigns, responses, pages)
    • Pangolin site picker in admin
    • Docs editor toolbar
    • scripts/uninstall.sh and scripts/test-deployment.sh shipped in tarball
    • CCP can now generate mTLS certs (openssl in API image)

    Upgrade notes: Safe upgrade. CCP integration is opt-in.

    Downloads
  • v2.7.1 74e5fa6475

    Changemaker Lite v2.7.1 Stable

    admin released this 2026-04-03 08:52:15 -06:00 | 79 commits to main since this release

    Re-release of v2.7.0

    No code changes vs v2.7.0 — re-cut for release-artifact refresh. If you are on v2.7.0, there is no need to upgrade.

    Downloads
  • v2.7.0 74e5fa6475

    v2.7.0 — Petitions, Analytics, Straw Polls, Gitea SSO Stable

    admin released this 2026-04-03 08:52:15 -06:00 | 79 commits to main since this release

    Changemaker Lite v2.7.0

    Release Date: 2026-04-03
    17 commits since v2.6.0

    New Features

    • Petition & Action Pages — Signature collection with CRM integration and campaign linking. Create public petition landers that feed directly into the people module.
    • Unified Analytics with GeoIP — Site-wide analytics dashboard with MaxMind GeoLite2 geographic tracking, session analysis, and user drill-down views.
    • Straw Polls — Quick opinion polling with public landers, MkDocs widget embeds, and social integration. Supports anonymous and authenticated voting with comments.
    • Engagement Scoring & EventBus — Automatic engagement score calculation with homepage stats listeners. EventBus extended with Rocket.Chat notifications, CRM activity logging, Gancio event migration, and calendar source types.
    • Gitea SSO — Single sign-on between the platform and Gitea, with API token management and automated setup via config wizard.
    • SMS Phone Bridge — Campaign connector (formerly a submodule) moved into the main repo for direct SMS campaign management via Termux Android bridge.
    • Docs Editor File Move — File tree in the docs editor now supports drag-and-drop file moves between directories.

    Security

    • Stripe Payment Hardening — 15 security fixes from payment audit: webhook signature validation, idempotency, amount verification, and error handling.
    • Security Audit Fixes — Comprehensive fixes across IDOR, XSS, path traversal, and production hardening.
    • Gitea Token Separation — Separate local vs remote Gitea API tokens to prevent credential collision.
    • Config Wizard Secrets — Auto-generates GITEA_SSO_SECRET and SERVICE_PASSWORD_SALT during setup.

    Improvements

    • Mobile Responsiveness — Systematic mobile UX improvement across 40+ admin pages: tables, forms, modals, and navigation.
    • Dashboard Mobile Fix — Fixed header overflow, welcome banner, and stats grid layout on mobile.
    • Hero Section Redesign — Two-column layout with showcase cards and animations on the MkDocs landing page.
    • Repo Cleanup — Removed obsolete planning docs and temporary screenshots.

    Upgrade

    # Source installs
./scripts/upgrade.sh

# Registry installs (faster)
./scripts/upgrade.sh --use-registry

# New installs
curl -fsSL https://gitea.bnkops.com/admin/changemaker.lite/raw/branch/main/scripts/install.sh | bash
    Downloads
  • v2.6.0 3de1d3fca5

    Changemaker Lite v2.6.0 Stable

    admin released this 2026-03-31 21:34:15 -06:00 | 96 commits to main since this release

    Re-release / version bump

    No substantive code changes vs v2.5.0 — version bump only. If you are on v2.5.0, there is no need to upgrade.

    Downloads
  • v2.5.0 3de1d3fca5

    Changemaker Lite v2.5.0 Stable

    admin released this 2026-03-31 13:50:57 -06:00 | 96 commits to main since this release

    Re-release / version bump

    No substantive code changes vs v2.4.0 — version bump only. If you are on v2.4.0, there is no need to upgrade.

    Downloads
  • v2.4.0 91db29402c

    v2.4.0 Stable

    admin released this 2026-03-31 11:20:01 -06:00 | 89 commits to main since this release

    Changes

    • Gitea SSO — Cookie-based single sign-on via nginx reverse proxy auth
    • Security audit fixes — IDOR on ticketed events/action items, path traversal on photos, CSV size limit, shared calendar email exposure
    • Production hardening — NODE_ENV defaults to production, Grafana anonymous auth disabled
    • Gitea provisioner — Docs repo collaborator access control, dedicated SERVICE_PASSWORD_SALT
    • Admin UI — Docs reset moved to Settings danger zone, improved collab save
    • MkDocs — Updated site content, upgrade screenshots, repo data refresh
    Downloads
  • v2.3.1 0fc9ea80bf

    Changemaker Lite v2.3.1 Stable

    admin released this 2026-03-27 10:06:38 -06:00 | 101 commits to main since this release

    Security + install pipeline hardening (97 commits)

    Large release consolidating a full security audit, install pipeline hardening, and infrastructure modernization.

    Themes:

    • Security audit (30+ findings across auth/IDOR/XSS/path traversal/infrastructure):

      • Security audit: fix 30 findings across auth, IDOR, XSS, path traversal, infrastructure (1bf19fff)
      • Security audit follow-up: httpOnly cookies, ticket reservations, MongoDB keyfile (b215cda0)
      • MONGO_ROOT_PASSWORD added to docs, config wizard, CCP, prod compose (82a66a97)

    • Install pipeline hardening:

      • Harden install pipeline: health checks, log rotation, backup timer (72873281)
      • Fix curl|bash install: redirect stdin from /dev/tty for interactive prompts (f2284a9c)
      • Replace custom code-server (9GB) with upstream LinuxServer image (~1GB) (0c634e10)
      • Remove hardcoded container names for multi-instance deployment support (3262d920)
      • Various fresh-install + upgrade edge-case fixes (63e05adc, c701f772, 44931260)

    • Pangolin:

      • Fix Pangolin setup: root domain support + disable SSO auth on resources (a56f8446)

    • Features:

      • Add guided tour, media enhancements, error handling, and DevOps improvements (39d74e7b)
      • Admin dashboard polish (204e90dd, abdfd50c)

    • Docs:

      • Update CLAUDE.md with consolidated architecture docs (e0fd4fd7)

    Upgrade notes: Recommended upgrade for any installation predating this release — includes security fixes. Review MONGO_ROOT_PASSWORD in your .env (may need to be added). Code-server image swap reduces disk footprint by ~8GB.

    Downloads
  • v2.2.2 e3bbd96d96

    Changemaker Lite v2.2.2 Stable

    admin released this 2026-03-25 20:17:12 -06:00 | 49 commits to main since this release

    Major feature release — response wall, monitoring, campaigns 2.0 (149 commits)

    Spans months of development. Consolidating themes rather than enumerating commits.

    Themes:

    • Response Wall: new public-facing moderation + upvote + verified-responses flow. Campaigns can now display constituent responses back to supporters.
    • Monitoring stack: Prometheus + Grafana + Alertmanager + cAdvisor + exporters added behind the monitoring docker-compose profile.
    • Campaigns v2: highlighted campaigns, new campaign-creation flow from main dashboard, improved HTML rendering, phone number support, social share buttons, cover photo handling.
    • User management: new user interface + user system. Admin-driven password updates.
    • Geocoding: accuracy and reliability fixes.
    • Dev tooling: MailHog for email testing, services.yaml improvements, health check + logger + metrics utilities, backup script, SMTP toggle.
    • Verified electeds: Verified-response system for elected officials, response-wall verify button, QR code generation.
    • Influence module: integrated into the main Changemaker network.

    This was the release where Changemaker Lite moved from "works" to "production-ready" for advocacy organizations.

    Upgrade notes: Large release. Review .env.example for new variables. Recommended upgrade for all pre-v2.2.2 installations.

    Downloads
  • v2.2.1 e3bbd96d96

    Changemaker Lite v2.2.1 Stable

    admin released this 2026-03-25 17:43:53 -06:00 | 49 commits to main since this release

    Release v2.2.1 (3262d92)

    Downloads