- Append auth token as query parameter to EventSource URLs
(EventSource API doesn't support custom headers)
- Add null guards for stages arrays from API responses
- Hide sidebar on login page
- Add auth guard in API client: 401 responses redirect to /login
- Fix go:embed with all: prefix to include _app/ directory
- Move jsonContentType middleware to /api routes only
- Use http.ServeContent for correct MIME type detection
- Bump Docker SDK, downgrade otel deps for Go 1.24 compatibility
- Fix duplicate i18n import in InstanceCard
- Fix SvelteKit prerender/strict config for SPA build
- Update Dockerfile with GOTOOLCHAIN=auto
- Generate package-lock.json and go.sum
WIP: still resolving Go 1.24 vs otel transitive dep versions
Design system with CSS custom properties (light/dark themes).
38 Lucide SVG icon components. Dark mode with system preference.
EN/RU localization with i18n store. Skeleton loaders, empty states,
toggle switches, micro-interactions. Responsive sidebar with
mobile hamburger menu. All pages polished with consistent styling.
Per-stage env var overrides with encryption for secrets.
Volume mounts with shared/isolated modes (isolated appends
/{stage}-{tag}/ to source path). Store CRUD, API endpoints,
and frontend editors for both. Env merge during deploy.
Embed SvelteKit static build in Go binary via go:embed. Event bus
for pub/sub with deploy log, instance status, and deploy status events.
SSE endpoints for real-time streaming. Frontend SSE client with
exponential backoff reconnection. Makefile for build pipeline.
Update Phase 12 auth plan with OAuth2/OIDC support.
Quick deploy with 3-step flow (paste URL, inspect, deploy).
Settings pages for global config, registries CRUD with test connection,
NPM credentials with masked display. Toast notification system.
Mount Toast component in root layout.
Remove webhook secret from logs and API response.
Add auth-pending note to router. Fix decrypt fallback that
would use ciphertext as auth token on decrypt failure.
alexei.dolgolyov