ac-tool

Oliver/ac-tool

Fork 0

Commit graph

Author	SHA1	Message	Date
Vadym Samoilenko	08710e1a16	fix: verify JWT signature via JWKS and fix auth dev bypass condition - msal_auth.py: replace verify_signature=False with real JWKS verification using PyJWKClient; validates RS256 signature, aud=clientId, issuer v2.0 - App.tsx: split DEV bypass from empty-accounts case — in production, accounts.length === 0 now correctly triggers loginRedirect instead of calling fetchMe without a token Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-23 14:44:22 +00:00
Vadym Samoilenko	72c50b2c92	Initial commit — AC Tool unified application Merges ac-helper (PHP Activation Calendar) and brief-extractor (Python AI) into a single Docker app with React/TypeScript frontend. Features: - Brief upload → AI extraction → review → Activation Calendar import - Handsontable v17 spreadsheet with dependent dropdowns (148 categories) - AI natural language commands via Gemini (YOLO mode, voice input) - Azure AD MSAL SPA PKCE authentication, user roles (user/admin) - CSV Activation Calendar export - Real-time WebSocket job progress - Admin: user management, dropdown Excel upload - Multi-stage Dockerfile, docker-compose, nginx proxy instructions Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-23 13:24:46 +00:00

Author

SHA1

Message

Date

Vadym Samoilenko

08710e1a16

fix: verify JWT signature via JWKS and fix auth dev bypass condition

- msal_auth.py: replace verify_signature=False with real JWKS verification
  using PyJWKClient; validates RS256 signature, aud=clientId, issuer v2.0
- App.tsx: split DEV bypass from empty-accounts case — in production,
  accounts.length === 0 now correctly triggers loginRedirect instead of
  calling fetchMe without a token

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-03-23 14:44:22 +00:00

Vadym Samoilenko

72c50b2c92

Initial commit — AC Tool unified application

Merges ac-helper (PHP Activation Calendar) and brief-extractor (Python AI)
into a single Docker app with React/TypeScript frontend.

Features:
- Brief upload → AI extraction → review → Activation Calendar import
- Handsontable v17 spreadsheet with dependent dropdowns (148 categories)
- AI natural language commands via Gemini (YOLO mode, voice input)
- Azure AD MSAL SPA PKCE authentication, user roles (user/admin)
- CSV Activation Calendar export
- Real-time WebSocket job progress
- Admin: user management, dropdown Excel upload
- Multi-stage Dockerfile, docker-compose, nginx proxy instructions

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-03-23 13:24:46 +00:00

2 commits