Add validateCwd() to whitelist.ts for dynamic-cwd validation, update
exec.ts to resolve first arg as cwd when cwd_pattern is set, and extend
commands.yml.example with git_status, git_log_ahead, git_diff, git_fetch.
Add REPO_PATHS to .env.example.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- ops-agent/src/auth.ts: constant-time compare via timingSafeEqual to prevent timing attacks; store secret as Buffer
- ops-agent/src/index.ts + ops-agent.service: bind on 127.0.0.1:3099 (was 4242, per plan)
- app/api/agent/[...path]/route.ts: Next.js proxy route that verifies ops_session cookie then forwards requests to agent with Authorization: Bearer <secret>
- .env.example + deploy/ops-dashboard.env.example: add OPS_AGENT_SECRET and OPS_AGENT_URL
- README.md: rotation procedure for the shared secret
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Models: User, Session, FlowRun, FlowStep met FlowStatus enum
- prisma.config.ts met DATABASE_URL via @prisma/adapter-pg (Prisma 7 API)
- Initiële migratie applied op ops_dashboard database
- Seed-script voor 1 user via SEED_USER_EMAIL/SEED_USER_PASSWORD env-vars
- lib/prisma.ts als gedeelde singleton client voor Next.js
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
