10 Commits

Author SHA1 Message Date
Protocolbot 7e00656feb fix: rename 'date added' to 'most recent', simplify date label on detail pages
- Sort toggle now says 'most recent' instead of 'date added'
- Sort logic uses index position instead of text matching
- Detail pages show just the date without 'added' prefix
2026-07-07 10:39:23 -06:00
Protocolbot 1148c19fd6 feat: shared rendering, footer, terms of service, git deployment, consistency fixes
Rendering consistency:
- Create shared renderProtocolPill() and renderCollectionPill() functions
  used everywhere: library, collection detail, user profile, picker
- All protocol/collection modules now look identical across all contexts
- Profile page collections and protocols use the same shared renderers
- Protocol grids wrapped in .protocol-grid for consistent spacing

New features:
- Footer with CC-BY 4.0 license link and Terms of Service link
- Terms of Service page stating admin reserves right to remove content
- CC-BY 4.0 default license for submitted content

Deployment:
- README now recommends git clone for initial deployment
- README documents git pull for updates without data loss
- All nav links use #protocols instead of #library

Bug fixes (from previous commits, re-applied to current codebase):
- Delete redirect: reset currentRoute guard so navigate works after delete
- #protocols routing instead of #library
- forked_from: null no longer shows as clickable link
- Source field suppressed when it duplicates author
- Collections say 'curated by' instead of 'authored by'
- Breadcrumb home click works from detail pages
- Search debounce and double-navigation guard
2026-07-06 22:40:34 -06:00
Protocolbot d3077c78b0 fix: suppress source field when it duplicates author, fix leading separator
- When source equals @username (same as the author), don't show SOURCE line
- When source is empty, don't show a leading · separator before 'authored by'
- Collections say 'curated by' instead of 'authored by'
2026-07-06 22:16:16 -06:00
Protocolbot 4c05c1067e fix: YAML folded scalar parser, delete redirect, #protocols routing, forked_from null
- Fix YAML fallback parser to properly handle folded scalars (>-) at
  both top-level (description, outcome, practice) and step-level
  (step descriptions). Previously stored '>-' as the literal value
  instead of the folded text.

- Fix delete protocol/collection: reset currentRoute guard so
  navigate('library') actually works after deletion.

- Change #library hash to #protocols throughout (routing, nav links,
  breadcrumb shows 'protocols/' on the main page).

- Fix breadcrumb home click not working from detail pages (allow
  re-navigation to library even if currentRoute matches).

- Fix forked_from: null showing as a clickable link — now suppressed
  when value is null or the string 'null'.

- README: replace curl seed instructions with About page button,
  add About page customization instructions for whitelabeling.
2026-07-06 20:42:44 -06:00
Protocolbot 524d9b9c95 feat: add 'Load seed protocols' button on About page for admins
No curl needed — admins can now load the 6 example protocols
directly from the About page with a single click.
2026-07-06 15:28:21 -06:00
Protocolbot 385f68a1d7 docs: add data/ directory permissions step to Cloudron instructions 2026-07-06 15:17:26 -06:00
Protocolbot 1d7b4d7abd fix: strip base path in API router for subdirectory deployments
The API router's parse_path() only stripped /api from the URI, but
when deployed in a subdirectory (e.g. /protocol-droid/), the URI is
/protocol-droid/api/auth/register — the /api regex didn't match.
Now detects base path from SCRIPT_NAME and strips it before routing.
2026-07-06 15:05:13 -06:00
Protocolbot 3386ac6542 feat: switch from MySQL to SQLite for zero-dependency deployment
- Rewrite db.php to use SQLite via PDO (no external DB server needed)
- Rewrite schema.sql for SQLite (AUTOINCREMENT, CHECK constraints,
  triggers for updated_at, ON CONFLICT instead of ON DUPLICATE KEY)
- Fix config.php upsert to use ON CONFLICT syntax
- Fix index.php: tag filter via json_each, vote upsert via ON CONFLICT,
  and fix protocol create route (was returning 405 for POST /api/protocols)
- Fix yaml.php seed import: replace invalid false callbacks with fn() => null,
  fix yaml_parse pos argument (-1 -> 0)
- Update Dockerfile: drop pdo_mysql/mysqli (pdo_sqlite is built in)
- Update CloudronManifest.json: remove mysql addon, bump to v0.3.0
- Update README for SQLite deployment
2026-07-06 14:42:45 -06:00
Protocolbot 7379d0c540 fix: rewrite asset and API paths for subdirectory deployments
index.html uses absolute /frontend/ paths for CSS and JS, and app.js
hardcoded const API = '/api'. In subdirectory deployments these resolve
to the wrong URL, causing unstyled HTML and broken API calls.

- index.php: rewrite /frontend/ references in index.html with detected basePath
- app.js: derive BASE_PATH from the script's own URL and prefix API calls
2026-07-06 13:36:08 -06:00
Protocolbot 02794e565e feat: initial release of Protocol Droid v0.2.0
A tool for authoring, sharing, and curating social protocols.

Features:
- Protocol library with search, tag filtering, and sort by date/relevance
- Protocol authoring with structured fields (title, description, steps, outcome, practice, source, tags)
- Protocol forking with provenance tracking
- Collection creation with searchable protocol picker and ordering
- User accounts with roles (admin, member, viewer)
- YAML import/export for portability
- Self-hostable on LAMP/Cloudron, works in subdirectories
- Responsive design with hamburger menu on mobile
- About page

Security:
- CSRF protection via Origin/Referer validation
- Session regeneration on login/register
- Secure session cookie params (HttpOnly, SameSite, Secure)
- Visibility enforcement on private/unlisted items
- YAML object injection hardening
- Login rate limiting
- Path traversal protection
- Input validation and length clamping
- Vote value constraining

Stack: PHP 8.x + MySQL/MariaDB, vanilla JS frontend, no external dependencies.

Hippocratic License (HL3-CORE).
2026-07-06 13:18:08 -06:00