neko/web, branch claude/fix-open-tickets-IVV1C self-hosted, single user rss reader Complete V2 removal from Makefile and check in updated V3 production assets 2026-02-17T04:37:33+00:00 Adam Mathes adam@adammathes.com 2026-02-17T04:37:33+00:00 b9d6416f229340a03202c124a39a0e5160664031 






Remove legacy V2 React frontend and update build/test scripts to focus on Vanilla JS (V3)
2026-02-17T03:40:10+00:00

Adam Mathes
adam@adammathes.com

2026-02-17T03:37:50+00:00

cba29e6aae637b04ff6eaf28f74bc15b6242b9ea












Fix CSP violation on login page by moving inline script to external file
2026-02-17T03:01:17+00:00

Adam Mathes
adam@adammathes.com

2026-02-17T03:01:17+00:00

e8a4f637dfa10510b350b95efaa4b5eb9a8f6f28












Update frontend build artifacts and fix test lint errors
2026-02-17T01:11:59+00:00

Adam Mathes
adam@adammathes.com

2026-02-17T01:11:59+00:00

9d1f2f094a291b8dc5ca8dc006a4f6169d6b873c












Fix scroll-to-read functionality across all UIs (V1, V2, V3)
2026-02-17T00:35:38+00:00

Adam Mathes
adam@adammathes.com

2026-02-17T00:35:38+00:00

72e131f9c273d15e8d3b5c8a9320ab7fb1d533d4












Remove circle styling from NEKO sidebar toggle button
2026-02-16T23:45:10+00:00

Claude
noreply@anthropic.com

2026-02-16T23:45:10+00:00

575b394cb26c435422e8b8c6e411a703327d8b40

Strip border-radius, box-shadow, background, and backdrop-filter from
the sidebar toggle in both v2 and v3 frontends so the logo appears flat.

https://claude.ai/code/session_019Z4VJxzY7tcAuNkPAkvry9





Strip border-radius, box-shadow, background, and backdrop-filter from
the sidebar toggle in both v2 and v3 frontends so the logo appears flat.

https://claude.ai/code/session_019Z4VJxzY7tcAuNkPAkvry9







Add tests for CSRF exclusions, Filter includeContent, multi-feed, and routing
2026-02-16T23:31:54+00:00

Claude
noreply@anthropic.com

2026-02-16T23:31:54+00:00

5f5f8be8c6ca78f5d61372544bb24d692d9597f0

- CSRF: test excluded paths (/api/login, /api/logout), PUT/DELETE methods
- Item model: test Filter includeContent flag, ItemById returns content,
  multiple feed_ids filtering
- API: test read_filter=all param, feed_ids comma-separated filter,
  full_content exclusion from stream
- Routing: add v3 frontend route test

https://claude.ai/code/session_019Z4VJxzY7tcAuNkPAkvry9





- CSRF: test excluded paths (/api/login, /api/logout), PUT/DELETE methods
- Item model: test Filter includeContent flag, ItemById returns content,
  multiple feed_ids filtering
- API: test read_filter=all param, feed_ids comma-separated filter,
  full_content exclusion from stream
- Routing: add v3 frontend route test

https://claude.ai/code/session_019Z4VJxzY7tcAuNkPAkvry9







Align sidebar CSS breakpoints with JS threshold at 1024px
2026-02-16T23:28:59+00:00

Claude
noreply@anthropic.com

2026-02-16T23:28:59+00:00

ed1b953e1336aeda282b46acd1c5e21529fa0950

The sidebar default-closed JS logic used 1024px but CSS media queries
used 768px, causing inconsistent behavior on tablets. Updated all
sidebar-related breakpoints to 1024px/1025px to match.

https://claude.ai/code/session_019Z4VJxzY7tcAuNkPAkvry9





The sidebar default-closed JS logic used 1024px but CSS media queries
used 768px, causing inconsistent behavior on tablets. Updated all
sidebar-related breakpoints to 1024px/1025px to match.

https://claude.ai/code/session_019Z4VJxzY7tcAuNkPAkvry9







Enhance CSRF protection for login page
2026-02-16T22:02:48+00:00

Adam Mathes
adam@adammathes.com

2026-02-16T22:02:48+00:00

2e459c911031669080bc110059cf2b4b19c5379d

Login form now includes a CSRF token from the cookie as a hidden form
field. The CSRF middleware accepts tokens from either the X-CSRF-Token
header (for JS clients) or the csrf_token form field (for HTML forms).
Removed /login from the CSRF exclusion list so login POSTs are now
validated.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>





Login form now includes a CSRF token from the cookie as a hidden form
field. The CSRF middleware accepts tokens from either the X-CSRF-Token
header (for JS clients) or the csrf_token form field (for HTML forms).
Removed /login from the CSRF exclusion list so login POSTs are now
validated.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>







v3 ui: require 100% visibility before marking items as read
2026-02-16T19:13:22+00:00

Claude
noreply@anthropic.com

2026-02-16T19:13:22+00:00

0b08b2fb49827399ff0652bc20d5f71e2066025c

Change IntersectionObserver threshold from 0.5 to 1.0 so items are only
marked as read when fully scrolled into view, reducing accidental
mark-as-read during fast scrolling.

Also fix unused Category import in perf test and add thicket config.json
to repository so future agents can use thicket CLI commands.

Closes NK-s2g59a

https://claude.ai/code/session_019Z4VJxzY7tcAuNkPAkvry9





Change IntersectionObserver threshold from 0.5 to 1.0 so items are only
marked as read when fully scrolled into view, reducing accidental
mark-as-read during fast scrolling.

Also fix unused Category import in perf test and add thicket config.json
to repository so future agents can use thicket CLI commands.

Closes NK-s2g59a

https://claude.ai/code/session_019Z4VJxzY7tcAuNkPAkvry9