Open Source on GitHub

A django starter for internal apps that leverages the include admin theme and components.

v0.13.2 2 stars 1 forks 12 issues

Changelog

Unreleased

v0.13.2

  • aa0bd50: clients/js v0.3.1: SSR-safe localStorage guard
  • 74c58e1: sc: doc/accuracy polish (testing-agent round 2)
  • b68d1d5: sc: address testing-agent findings
  • 19a953f: docs(sc): agent-facing skill doc + cross-references
  • a0c87fc: sc CLI (P3): write verbs (new/set/rm) through the shared form path
  • 26115b7: sc CLI (P2): operational verbs over the framework's commands
  • b17fbe9: sc CLI (P1): reads over the CRUDView registry
  • 14782d2: release: v0.13.1

v0.13.1

  • 356fecc: Add bundled API clients (clients/js + clients/python)
  • cc834d3: docs(upgrading): add v0.13.0 upgrade notes (runbook, additive)
  • 4728617: docs: add Locality of Behavior area + upgrade-path to the report card
  • a046d1f: Merge feat/report-card: quality report-card skill + cards
  • 1741e43: release: v0.13.0

v0.13.0

  • c9e7ee5: docs: release-tie report cards + surface quality in README
  • 1c29f3f: docs: add quality report-card skill + first card (feat/runbook)
  • 2251250: api_doctor: surface hand-registered (register_api_path) endpoints
  • 0c7c32e: runbook: include section-less docs in ZIP export (F5)
  • 69fbc87: runbook: fix stored XSS in document markdown rendering (BLOCKER)
  • 6423c96: mcp(activity): align filter Apply/Reset buttons with the control row
  • 832fed9: runbook: expand CLI, REST, and dashboard surfaces
  • 3151d48: activity+axes: share one proxy-aware client-IP resolver
  • 29b8e58: axes: resolve real client IP behind kamal-proxy (spoof-resistant)
  • fc00b07: chore(logging): silence the axes INFO startup banner in dev
  • 9869746: perf(runbook cli): eliminate N+1 queries in ls, toc, and sections
  • 27cd258: chore(runbook): finish the integration — rb CLI, skill docs, L2, docstrings
  • 0bd06c2: feat(runbook): integrate the runbook app permanently into smallstack
  • f516e22: chore: sync uv.lock virtual-package version to 0.12.4
  • 7816b1c: release: v0.12.4

v0.12.4

  • bda585f: fix(dev): persist dev SECRET_KEY so authed screenshots work on a fresh clone (F2)
  • 35525cb: fix(api): OpenAPI info.version tracks the package version (F1)
  • 2766a8b: chore: gitignore SQLite WAL sidecar files (-wal/-shm/-journal)
  • 09ce04b: fix(search): register per-model MCP tool independent of app-ready order
  • d7747b5: fix(crud): ordering by a non-DB column degrades to no-sort, not a 500
  • 82d5edc: deps: security patch bump (pip-audit: 13 vulns -> 0)
  • 7c69f24: refactor(D3): slim _api_list + dedup heartbeat timeline preamble
  • ed01bb2: v1.0-readiness: security fixes, code-quality cleanup, tests, and docs
  • 2bbecf5: api: register_api_path — let custom @api_view endpoints join the OpenAPI schema
  • 9aae746: v0.12.3: fix invisible status calendar/timeline cells on standalone pages

v0.12.3

  • 18b528b: v0.12.2: maintenance-aware status + test robustness

v0.12.2

  • 0e663c6: v0.12.1: add merge-0.12.0 upgrade skill

v0.12.1

  • 90b8bfa: docs(skills): add merge-0.12.0 upgrade skill
  • 0902fe1: v0.12.0: pluggable status monitoring system

v0.12.0

  • a4f1373: Merge remote-tracking branch 'origin/main'
  • c76558f: Merge feat/pluggable-status-monitoring: pluggable status monitoring system
  • 11d94a7: Remove temporary "Status Links (dev)" hub
  • ac24b33: Status round-3 fixes: decouple MCP/Search, daily-timeline today coloring, doctor flag-awareness
  • 69dc206: Status module improvements and polish
  • 3cb60b3: Merge branch 'main' into feat/pluggable-status-monitoring
  • 89d3166: fix(explorer): detail grid/form rendered every boolean as ✓ regardless of value
  • 72cc876: docs(skills): add testing skill (pytest, email/auth-flow/CRUDView patterns, gotchas)
  • 4c01e6d: test(auth): cover invite, passwordless, email login, create-with-password, guardrails
  • 4b671b8: Merge branch 'feat/account-invites-passwordless'
  • 29c0115: fix(usermanager): restore tabbed user form (v0.11.19 template-suffix regression)
  • a0ce6a3: feat(auth): enable username-or-email login (EmailOrUsernameBackend)
  • 28d3f72: feat(usermanager): password-on-create, edit actions, guardrails; fix v0.11.19 template regression
  • 2ee076e: feat(accounts): invite-by-email, passwordless code login, branded emails
  • 703571f: v0.11.19: consolidate dashboard stat cards into one {% stat_card %} standard

v0.11.19

  • 5c9560e: feat(activity): link usernames in the All Users drill-down to user detail
  • cd9b3bb: feat(status): cap the SLA maintenance-windows table at 5 rows
  • 0ee2047: style(admin): unify status pills onto a shared {% status_badge %} tag
  • fc46576: v0.11.18: clickable list rows, stat-card drill-down modals, table pagination

v0.11.18

  • 723e3f3: style(admin): unify stat tiles, hero actions, and titles across admin apps
  • c509040: v0.11.17: apps-dropdown redesign, home "four surfaces" + scheduler reorder, light-mode fixes

v0.11.17

  • 299c46d: v0.11.16: editorial Getting Started redesign + Search section on Home

v0.11.16

  • db8ac90: v0.11.15: API endpoints page, MCP filter fix, test-isolation + marker re-scoping

v0.11.15

  • 81e6e47: v0.11.14: pin test settings + hermetic dev-superuser test + v0.12 upgrade note

v0.11.14

  • 38c54fd: v0.11.13: platform re-audit hardening — security, Postgres, CI, tables2 removal

v0.11.13

  • ba0ad5d: audit: log programmatic API/MCP writes + fix Django-6 log_action breakage (L9)
  • 9a122b3: email: wire branded HTML reset email + SITE_NAME; test the surface (L4/L5/L6)
  • ca59d11: harden: dev-superuser DEBUG guard, atomic epoch reset, drop no-op DJANGO_DEBUG (L3/L10/I3)
  • aecaaec: backup: record non-SQLite skip + treat retention<1 as disabled (L7/L8)
  • f2d5353: mcp: return -32600 for non-object JSON-RPC bodies instead of 500 (L2)
  • 7e187d6: search: collision-resistant GIN index name + honest provisioning health (L1/I1/I2)
  • 618f252: security: OAuth hardening — cap scope→role, atomic code redemption (M1/M2/L11)
  • a79757e: test: make H4 backup test backend-agnostic (was SQLite-coupled)
  • 67b910a: security: fix v0.11.13 High audit findings (OAuth, token scope, backups, hosts)
  • 6a3b1f1: ci: add GitHub Actions test workflow (SQLite + Postgres matrix + ruff)
  • 069a4db: docs(skills): add PostgreSQL skill set (setup, prod, testing, differences)
  • 5dccc67: postgres: unblock setup + self-provision FTS for bundled models
  • a40c0e0: v0.12.0 prep (2/4): finish django-tables2 code removal
  • 957fbee: v0.12.0 prep (1/4): migrate usermanager off django-tables2
  • 331ce94: search: fix tools/list visible-but-non-functional carry-over (v0.11.12)

v0.11.12

  • 13214d4: audit close-out: test brittleness + CONTRIBUTING + dead-doc cleanup + button drift (v0.11.11)

v0.11.11

  • 0563574: audit polish: hover sweep + MCP end-user doc + tools/list filtering + a11y (v0.11.10)

v0.11.10

  • a8627df: audit r3 close-out: MCP search gate, user-facing site doc, quality polish (v0.11.9)

v0.11.9

  • 2c27cdf: audit r2: registry first-wins, lift search to auth, decouple scope, filter+order validation (v0.11.8)

v0.11.8

  • 3744d29: docs+devx: address audit findings 2-5 (v0.11.7)

v0.11.7

v0.11.6

  • d2e1337: search: defer FTS ensure_index past AppConfig.ready (v0.11.5)

v0.11.5

  • 28dafbc: search: access audit report + admin badges + AI skill update (v0.11.4)

v0.11.4

  • ad2f3a6: search: 3-level access model + public /search/ for help docs (v0.11.3)

v0.11.3

  • d4299b8: search: per-view security model — staff gate + visibility filter (v0.11.2)

v0.11.2

  • 3fa5509: Editorial theme refresh + public search page + purple default (v0.11.1)

v0.11.1

  • 78a5e54: Update search docs + skills for vibe-coder workflow
  • bf96b09: Swagger-style collapsible source registry on search page
  • 0426c95: test(search): make register_idempotent resilient to default opt-ins
  • eb4992d: feat(search): default opt-in for User + APIToken
  • b17e106: feat(search): model browser in the search-page empty state
  • 6c8df23: feat(search): discoverability + editorial omnibar restyle