Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: 1mb-dev/markgo
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v3.1.0
Choose a base ref
...
head repository: 1mb-dev/markgo
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v3.2.0
Choose a head ref
  • 12 commits
  • 53 files changed
  • 1 contributor

Commits on Feb 12, 2026

  1. docs: update security, release checklist, and contributing for v3.1 

    SECURITY.md: document CSRF protection, session auth, slug validation,
image upload validation. Remove stale "no CSRF" and "basic auth" claims.
RELEASE_CHECKLIST.md: fix version placeholders, remove stale size ref.
CONTRIBUTING.md: update coverage baseline, fix project structure.
    @vnykmshr
    vnykmshr committed Feb 12, 2026
    Configuration menu
    Copy the full SHA
    2cfda96 View commit details
    Browse the repository at this point in the history

  2. docs(design): fix stale CDN claims, add SPA/PWA/mobile patterns 

    - Replace 3 stale CDN dependency claims with self-hosted reality
- Add SPA navigation, mobile-native UX, quick capture, offline/PWA
  sections to Interaction Principles
- Update auth description from credentials to session-based
    @vnykmshr
    vnykmshr committed Feb 12, 2026
    Configuration menu
    Copy the full SHA
    b637892 View commit details
    Browse the repository at this point in the history

  3. feat(pwa): add share_target to manifest, add constants tests 

    - Add share_target to web manifest (title, text, url params)
- Pre-fill compose form from share_target query params
- Add constants_test.go covering extensions, app metadata
    @vnykmshr
    vnykmshr committed Feb 12, 2026
    Configuration menu
    Copy the full SHA
    08d15b7 View commit details
    Browse the repository at this point in the history

  4. fix(a11y): semantic HTML — single h1, heading hierarchy, section elem… 

    …ents

- Brand title: h1 → span (each page template owns the sole h1)
- Feed page: visible h1 → sr-only h1 (brand already in header)
- Feed cards: h3 → h2 (fixes h1 → h3 hierarchy skip)
- Content streams: div → section with aria-label (feed, tag, category, search)
- About email: div → address element (semantic contact info)
- Admin quick links: add missing rel="noopener" on target="_blank"
    @vnykmshr
    vnykmshr committed Feb 12, 2026
    Configuration menu
    Copy the full SHA
    e98021e View commit details
    Browse the repository at this point in the history

  5. feat(seo): canonical URLs, visible breadcrumbs, structured data 

    - Add canonicalPath to all public handlers (feed, articles, article,
  tags, tag, categories, category, search, about)
- Add visible breadcrumb nav with semantic HTML (nav, ol, aria-current)
- Add CollectionPage + ItemList schema to tag and category pages
- Add publisher logo to article BlogPosting JSON-LD
    @vnykmshr
    vnykmshr committed Feb 12, 2026
    Configuration menu
    Copy the full SHA
    4a0c7d4 View commit details
    Browse the repository at this point in the history

  6. chore(css): remove editorial and bold theme stubs 

    These 14-15 line stubs only set a few CSS variables and create a
broken experience for users who enable them. The theme system remains
extensible — add a CSS file to themes/ and set BLOG_STYLE.
    @vnykmshr
    vnykmshr committed Feb 12, 2026
    Configuration menu
    Copy the full SHA
    1bb8d5b View commit details
    Browse the repository at this point in the history

  7. docs(design): add Web Standards section for v3.2 

    Document heading hierarchy, semantic containers, canonical URLs,
structured data strategy, and external link conventions.
    @vnykmshr
    vnykmshr committed Feb 12, 2026
    Configuration menu
    Copy the full SHA
    46c4ad4 View commit details
    Browse the repository at this point in the history

  8. refactor(web): redesign admin dashboard for consistency with blog UX 

    Replace gradient cards, modal UX, and dead CSS with token-based styling
matching the blog's clean aesthetic. Stats use a number grid, actions are
inline buttons with toast feedback, system info is a definition list.

- Handler: focused stats/system maps, is_dev flag, removed admin routes array
- Template: page-header pattern, semantic sections, no modal
- CSS: 578 → 207 lines, all tokens, no hardcoded gradients
- JS: 245 → 49 lines, POST with toast, no modal code
- Drafts page: page-header pattern for consistency
- Footer now visible on admin pages (removed hiding rule)

Net: -653 lines
    @vnykmshr
    vnykmshr committed Feb 12, 2026
    Configuration menu
    Copy the full SHA
    8f884dd View commit details
    Browse the repository at this point in the history

  9. fix(web): address review findings in admin redesign 

    - Fix body/div class collision: rename inner div to .admin-content
  (body class .admin-page was constraining header/footer to 42rem)
- Remove dead CSS: .drafts-header/.drafts-title/.drafts-subtitle
  from admin.css and cards.css (templates now use .page-header)
- Remove dead variable: totalArticles only fed a debug log
- Add is_dev to JSON response for API consistency
- Restore confirm() before destructive POST actions
- Read server error response body for actionable toast messages
- Guard JSON parse failures with meaningful fallback
- Detect network errors (TypeError) with connection hint
- Add re-entry guard (button.disabled check) against double-click
    @vnykmshr
    vnykmshr committed Feb 12, 2026
    Configuration menu
    Copy the full SHA
    9b0fa82 View commit details
    Browse the repository at this point in the history

  10. feat(web): admin popover, auth-aware UI, breadcrumb fix, sample articles 

    - Replace lock icon with person icon for login/admin trigger
- Admin popover: Dashboard, Compose, Drafts, Sign out (authenticated)
- SessionAware middleware: public routes now set authenticated=true
- Popover mutual exclusion via popover:exclusive custom event
- Breadcrumb alignment: self-constrain to 42rem (matches page content)
- Sample articles: 3 content types (article, thought, link)
- Architecture Decisions section in design.md
    @vnykmshr
    vnykmshr committed Feb 12, 2026
    Configuration menu
    Copy the full SHA
    421c716 View commit details
    Browse the repository at this point in the history

  11. feat(web): public compose, CSRF hardening, 404 fix, review fixes 

    v3.2 changes addressing 4 planned features + 8 review findings:

Features:
- Fix 404/offline CSS class collision (error-page → error-content)
- CSRF tokens on all public pages via SessionAware for login popover
- Compose in header nav (public GET, auth-deferred to POST)
- Dynamic CTA text (Publish/Save Draft/Update based on state)
- FAB visible to all visitors when admin is configured
- SPA CSRF sync — router.js syncs meta tag + hidden inputs

Review fixes:
- Canonical URL conditional (omit for 404/admin/compose/offline)
- CSRF cookie reuse validates 64-char hex format
- CSRF cookie max-age refreshed on reuse to prevent silent expiry
- Compose form handles 403 (CSRF expiry) alongside 401
- Login trigger fallback toast when popover is unavailable
- Compose error shows toast instead of DOM swap (preserves listeners)
- loadPageModule catches dynamic import failures
- Service worker registration logs errors
    @vnykmshr
    vnykmshr committed Feb 12, 2026
    Configuration menu
    Copy the full SHA
    d8d6942 View commit details
    Browse the repository at this point in the history

  12. docs: add v3.2.0 changelog 

    Semantic HTML, SEO, admin redesign, public compose, CSRF hardening.
    @vnykmshr
    vnykmshr committed Feb 12, 2026
    Configuration menu
    Copy the full SHA
    ebff048 View commit details
    Browse the repository at this point in the history
Loading