Automated release from CI pipeline
Changes:
feat(homecore-ui iter 6): Settings probe-before-persist token validation
CRUD increment 6/6 — closes the sprint. Bearer-token editor now
probes /api/config with the new value BEFORE writing it to
localStorage, so a typo'd or revoked token can't lock the UI out
of the backend.
Three actions:
- Test token probe /api/config, no localStorage write
- Probe & Save probe; write only on 2xx
- Clear remove from localStorage
Inline probe result with sigils:
✓ token accepted (40 ms) — server v0.1.0-alpha.0
✗ HTTP 401: unauthorized
⋯ probing /api/config…
currently stored: line shows masked + length: dev-…ken (9 chars)
so the operator can see what's persisted without exposing the secret.
Empty input → red border + disabled Test/Save buttons. Bad probes
do NOT persist (this is the whole point — never write a token that
the backend rejects).
frontend/src/pages/Settings.ts — full rewrite (~190 LOC, +110 vs
previous version). No new dependencies.
Browser-verified end-to-end:
- Backend section: Home / 0.1.0-alpha.0 / RUNNING / components OK
- Test token: probe ✓, 40 ms, version reported
- Empty input: buttons disabled + red border
- Probe & Save: persists to localStorage, toast shown,
currently stored:updates to masked new token - Clear: localStorage null,
currently stored: (empty) - 0 unexpected console errors
Note: a clean reload lands on Dashboard (the SPA router has no
URL-encoded view yet). The token persistence itself survives reload
correctly; route persistence is a small follow-up if you want
direct URLs like /?view=settings.
CRUD sprint summary (6/6 runtime-validated):
iter 1 Add Entity e7215a1
iter 2 Edit Entity 89190b6
iter 3 Delete + DELETE route c0bb6f4
iter 4 Live validation polish 3f5a741
iter 5 Call Service 99c78f5
iter 6 Settings probe-before-persist (this)
Co-Authored-By: claude-flow ruv@ruv.net
Docker Image:
ghcr.io/ruvnet/RuView:224689a5bcce61b87ce9f670649569bc2e023f00