Commit Graph

3 Commits

Author SHA1 Message Date
Protocolbot 4c05c1067e fix: YAML folded scalar parser, delete redirect, #protocols routing, forked_from null
- Fix YAML fallback parser to properly handle folded scalars (>-) at
  both top-level (description, outcome, practice) and step-level
  (step descriptions). Previously stored '>-' as the literal value
  instead of the folded text.

- Fix delete protocol/collection: reset currentRoute guard so
  navigate('library') actually works after deletion.

- Change #library hash to #protocols throughout (routing, nav links,
  breadcrumb shows 'protocols/' on the main page).

- Fix breadcrumb home click not working from detail pages (allow
  re-navigation to library even if currentRoute matches).

- Fix forked_from: null showing as a clickable link — now suppressed
  when value is null or the string 'null'.

- README: replace curl seed instructions with About page button,
  add About page customization instructions for whitelabeling.
2026-07-06 20:42:44 -06:00
Protocolbot 524d9b9c95 feat: add 'Load seed protocols' button on About page for admins
No curl needed — admins can now load the 6 example protocols
directly from the About page with a single click.
2026-07-06 15:28:21 -06:00
Protocolbot 02794e565e feat: initial release of Protocol Droid v0.2.0
A tool for authoring, sharing, and curating social protocols.

Features:
- Protocol library with search, tag filtering, and sort by date/relevance
- Protocol authoring with structured fields (title, description, steps, outcome, practice, source, tags)
- Protocol forking with provenance tracking
- Collection creation with searchable protocol picker and ordering
- User accounts with roles (admin, member, viewer)
- YAML import/export for portability
- Self-hostable on LAMP/Cloudron, works in subdirectories
- Responsive design with hamburger menu on mobile
- About page

Security:
- CSRF protection via Origin/Referer validation
- Session regeneration on login/register
- Secure session cookie params (HttpOnly, SameSite, Secure)
- Visibility enforcement on private/unlisted items
- YAML object injection hardening
- Login rate limiting
- Path traversal protection
- Input validation and length clamping
- Vote value constraining

Stack: PHP 8.x + MySQL/MariaDB, vanilla JS frontend, no external dependencies.

Hippocratic License (HL3-CORE).
2026-07-06 13:18:08 -06:00