Critical (C1): Added has_permission('security', 'READ') to /health and
/fingerprint endpoints; has_permission('security', 'WRITE') to /recover.
Previously any authenticated user could enumerate encrypted secrets and
overwrite stored values.
High (Bug #1): Fixed recover endpoint — updated/failed status now correctly
reflects whether a non-empty replacement value was submitted. Empty values
now report 'skipped' instead of falsely 'updated'.
High (Bug #2, #3): Replaced all hardcoded English strings in
KeyRecoveryWizard.svelte and SystemSettings.svelte with $t.settings.*
i18n lookups. Keys already existed in en/ru settings.json.
High (H1): Added _sanitize_error() helper to truncate + scrub exception
messages before logging, preventing potential secret leakage in log output.
Cleanup: Moved LLMProviderConfig import to module top. Instantiate
ConnectionService once before for-loop. Added @TEST_EDGE declarations
and @PRE/@SIDE_EFFECT to C4 contract.
Tests: 226 passed
Superset Tools Frontend (SvelteKit)
This is the frontend for the Superset Tools application, built with SvelteKit in SPA mode.
Development
-
Install dependencies:
npm install -
Run development server:
npm run devThe frontend will be available at
http://localhost:5173. It is configured to proxy API requests tohttp://localhost:8000.
Production Build
-
Build the static SPA:
npm run buildThis generates a static SPA in the
build/directory. -
Serve with Backend: The Python backend is configured to serve the files from
frontend/build/. Ensure the backend is running:cd ../backend python src/app.py
Architecture
- Routing: File-based routing in
src/routes/. - Layouts: Shared UI in
src/routes/+layout.svelte. - Data Loading:
loadfunctions in+page.tsfor efficient data fetching. - API Client: Centralized API logic in
src/lib/api.js. - Styling: Tailwind CSS.