ScreenTinker bc445a0a7c fix(boot): auto-apply Phase 1 multi-tenancy migration on startup if not yet applied; refactor scripts/migrate-multitenancy.js to expose runMigration() with CLI wrapper preserved; pre-migration snapshot to db/remote_display.pre-migration-<timestamp>.db; belt-and-suspenders guards on migrateFolderWorkspaceIds + backfillActivityLogWorkspace so the inline backfills skip cleanly if workspaces table absent. Fixes startup crash on pre-multi-tenancy installs (semetra22 / Discord report) where 'npm start' after pulling latest hit migrateFolderWorkspaceIds and crashed with 'no such table: workspaces'. Self-hosters now get an automatic upgrade path without needing to run 'node scripts/migrate-multitenancy.js' manually.		2026-05-12 08:22:47 -05:00
..
config	fix: log real client IPs through Cloudflare instead of CF edge	2026-05-07 15:26:37 -05:00
db	fix(boot): auto-apply Phase 1 multi-tenancy migration on startup if not yet applied; refactor scripts/migrate-multitenancy.js to expose runMigration() with CLI wrapper preserved; pre-migration snapshot to db/remote_display.pre-migration-<timestamp>.db; belt-and-suspenders guards on migrateFolderWorkspaceIds + backfillActivityLogWorkspace so the inline backfills skip cleanly if workspaces table absent. Fixes startup crash on pre-multi-tenancy installs (semetra22 / Discord report) where 'npm start' after pulling latest hit migrateFolderWorkspaceIds and crashed with 'no such table: workspaces'. Self-hosters now get an automatic upgrade path without needing to run 'node scripts/migrate-multitenancy.js' manually.	2026-05-12 08:22:47 -05:00
lib	Phase 2.1: tenancy middleware, permission helpers, JWT workspace context, frontend + backend role-rename compat	2026-05-11 20:02:00 -05:00
middleware	Phase 2.1: tenancy middleware, permission helpers, JWT workspace context, frontend + backend role-rename compat	2026-05-11 20:02:00 -05:00
player	Video walls: free-form canvas editor, leader-driven sync, group dissolve, progress bars	2026-04-29 23:11:16 -05:00
routes	activity_log: stop the bleeding - writer-leak fix on 3 sites (activityLogger middleware, alert service, login route) + one-time backfill of 548 NULL-workspace rows via device.workspace_id or workspace_members lookup; activity.js route migration deferred to its own slice tomorrow.	2026-05-11 23:14:06 -05:00
services	activity_log: stop the bleeding - writer-leak fix on 3 sites (activityLogger middleware, alert service, login route) + one-time backfill of 548 NULL-workspace rows via device.workspace_id or workspace_members lookup; activity.js route migration deferred to its own slice tomorrow.	2026-05-11 23:14:06 -05:00
ws	Video walls: free-form canvas editor, leader-driven sync, group dissolve, progress bars	2026-04-29 23:11:16 -05:00
config.js	Add DISABLE_REGISTRATION env var to block public sign-ups	2026-04-22 19:35:32 -05:00
package-lock.json	Security: fix IDORs, XSS, rate limits, SSRF validation	2026-04-28 14:37:18 -05:00
package.json	Security: fix IDORs, XSS, rate limits, SSRF validation	2026-04-28 14:37:18 -05:00
server.js	fix(server): mount activityLogger middleware before workspace routes so POST/PUT/DELETE actually get logged - pre-existing bug, the middleware was a no-op for every API route because route mounts came first in server.js (L305 routes vs L368 middleware). Zero double-log risk: the one inline logActivity caller at routes/auth.js:452 is on /api/auth which mounts before the new middleware position. activity_log row growth will pick up significantly going forward (pruneActivityLog 90-day retention already handles the bound). Surfaced by Phase 2.2 migration discipline.	2026-05-11 23:17:28 -05:00