Changes include:
- GetHostIDForImage method in storage with ORDER BY last_seen DESC
- Agent deployment script improvements
- Build time tracking in agent Dockerfile
- Additional vulnerability scanning infrastructure
These changes were made in previous session but not committed.
🤖 Generated with Claude Code
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Backend changes:
- Updated go.mod module path from github.com/container-census to
github.com/selfhosters-cc to match correct GitHub organization
- Updated all import paths across codebase to use new module name
- This fixes ldflags injection of BuildTime during compilation
- BuildTime now correctly shows in /api/health response
Frontend changes:
- Added build time badge next to version in header
- Shows date and time in compact format (e.g., "🔨 12/11/2025 8:06 PM")
- Hover shows full timestamp
- Only displays if build_time is not "unknown"
The build script already sets BuildTime via ldflags, but it was being
ignored because the module path in go.mod didn't match the ldflags path.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Always show "Manage Plugins" link in sidebar even when all plugins disabled
- Restore NPM plugin static page to avoid bundle.js 404 errors
- Remove npm from dynamic route generateStaticParams (uses static route)
- NPM plugin now properly uses its dedicated React component
- Graph and security plugins continue to use dynamic [pluginId] route
This fixes the issue where disabling all plugins made it impossible to
re-enable them, and resolves bundle.js loading errors for NPM plugin.
- Add /api/stats/hottest endpoint for popular images by containers and adoption
- Add /api/stats/movers endpoint for week-over-week risers and fallers
- Add /api/stats/new-entries endpoint for newly discovered images
- Add image_stats_weekly table with automatic weekly snapshots
- Add Trends tab to vanilla JS dashboard with interactive charts
- Add collector-build.sh and collector-run.sh scripts for local development
- Add Next.js example components (HottestImagesChart, MoversChart, NewEntriesCard)
- Update telemetry-api.ts with new trending API methods and types
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Fixed:
- Image update detection now uses registry digest (RepoDigests) instead of
local image ID, eliminating false positive updates for containers already
running the latest image
- Multi-arch image timestamps now correctly fetched by resolving platform-
specific manifest (linux/amd64) from manifest lists
- Logout button hidden when authentication is disabled
- JS files served with no-cache headers to ensure updates are seen without
hard refresh
Added:
- Agent version display on Hosts page with version fetched on each scan
- Onboarding tour now re-shows on major/minor version upgrades to display
"What's new" information to returning users
Changed:
- Update progress UI shows "Pulling image..." immediately when update starts
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Prevent regression of the "authUsername is not defined" error by
adding comprehensive tests and pre-commit hooks.
New test files:
- scripts/test-auth-migration.sh: Full test suite (8 test cases)
* Checks for obsolete auth variable references
* Validates session management implementation
* Verifies vulnerability functions use correct auth
* Tests logout button and documentation
- scripts/pre-commit-hook.sh: Git pre-commit hook
* Blocks commits containing authUsername/authPassword
* Provides helpful error messages
* Can be installed with symlink
- scripts/TESTING.md: Testing documentation
* How to run tests
* How to install pre-commit hook
* Correct vs incorrect auth patterns
* Troubleshooting guide
All tests currently passing (8/8). Pre-commit hook validated.
These tests ensure the session-based authentication migration
remains complete and prevent accidental reintroduction of removed
Basic Auth variables.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
This commit replaces the browser's native Basic Auth prompt with a
custom login page to improve user experience and avoid browser
credential caching issues.
Authentication Changes:
- Add gorilla/sessions for cookie-based session management
- Create login page with instructions for finding credentials
- Add logout button (🚪 icon) to navbar
- Root path (/) now redirects to /login.html when unauthenticated
- Maintain backward compatibility with Basic Auth for API clients
- Add SESSION_SECRET environment variable for session encryption
Implementation:
- internal/auth/session.go: Session middleware and management
- internal/api/auth_handlers.go: Login/logout HTTP endpoints
- internal/api/handlers.go: Updated routing with selective auth
- cmd/server/main.go: Session store initialization
- web/login.html: Login page with credential finding instructions
- web/login.js: Login form handling
- web/app.js: 401 redirect handling and logout function
- web/index.html: Logout button in navbar
Documentation:
- README.md: Added SESSION_SECRET to docker-compose example
- README.md: Added "Authentication Issues" troubleshooting section
- scripts/run-local.sh: Added auth prompt with qwerty credentials
Onboarding Tour:
- Restored "Join the Selfhosting Community" telemetry opt-in step
- Added updateTelemetrySettings() method
- Tour now has 5 steps including community contribution option
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
