Files
ss-tools/frontend
busya 7f9e781873 fix(security): address QA/security audit findings — authorization, i18n, error safety
Critical (C1): Added has_permission('security', 'READ') to /health and
  /fingerprint endpoints; has_permission('security', 'WRITE') to /recover.
  Previously any authenticated user could enumerate encrypted secrets and
  overwrite stored values.

High (Bug #1): Fixed recover endpoint — updated/failed status now correctly
  reflects whether a non-empty replacement value was submitted. Empty values
  now report 'skipped' instead of falsely 'updated'.

High (Bug #2, #3): Replaced all hardcoded English strings in
  KeyRecoveryWizard.svelte and SystemSettings.svelte with $t.settings.*
  i18n lookups. Keys already existed in en/ru settings.json.

High (H1): Added _sanitize_error() helper to truncate + scrub exception
  messages before logging, preventing potential secret leakage in log output.

Cleanup: Moved LLMProviderConfig import to module top. Instantiate
  ConnectionService once before for-loop. Added @TEST_EDGE declarations
  and @PRE/@SIDE_EFFECT to C4 contract.

Tests: 226 passed
2026-07-06 18:22:36 +03:00
..
2026-01-22 23:18:48 +03:00

Superset Tools Frontend (SvelteKit)

This is the frontend for the Superset Tools application, built with SvelteKit in SPA mode.

Development

  1. Install dependencies:

    npm install
    
  2. Run development server:

    npm run dev
    

    The frontend will be available at http://localhost:5173. It is configured to proxy API requests to http://localhost:8000.

Production Build

  1. Build the static SPA:

    npm run build
    

    This generates a static SPA in the build/ directory.

  2. Serve with Backend: The Python backend is configured to serve the files from frontend/build/. Ensure the backend is running:

    cd ../backend
    python src/app.py
    

Architecture

  • Routing: File-based routing in src/routes/.
  • Layouts: Shared UI in src/routes/+layout.svelte.
  • Data Loading: load functions in +page.ts for efficient data fetching.
  • API Client: Centralized API logic in src/lib/api.js.
  • Styling: Tailwind CSS.