v0.2.0
Security hardening across the auth stack, plus cursor pagination for task and completion lists.
Features
- Paginate task lists in the web home and TUI with load-more (25/page) — unified timeline over open tasks, finished one-offs and recurring occurrences (#32) (
e467535) - Paginate the completions list to bound query size (#31) (
0c3f206)
Fixes
- Harden auth, sessions, security headers and CI supply-chain — login rate-limiting + lockout, session invalidation on password change, CSP/X-Frame-Options/HSTS, WebSocket same-origin, constant-time CSRF, 1 MiB request-body caps, one-time API-token cookie, Telegram-token log redaction, SHA-pinned GitHub Actions, CSRF-protected logout (#30) (
c04bfe2)