Marco Beretta 730878bc5a 🔐 feat: Use SecretInput for Sensitive Fields (#12955) ... * feat: use SecretInput for sensitive fields * fix: align auth SecretInput styles * chore: remove unused password i18n keys * fix: align SecretInput controls * fix: use SecretInput for dynamic credentials * fix: reveal SecretInput controls on hover * fix: align SecretInput eye icon and modernize controls The wrapper was a flex container, so passing 'mb-2' on the input made it contribute its margin to the wrapper's cross-axis size — the controls overlay spanned the inflated height and centered the toggle 4px below the input's true center. Switching the wrapper to a plain relative block collapses height back to the input. Also tightens the toggle/copy buttons (size-7 rounded-md with hover:bg-surface-hover) and adds a focus ring on the input. Auth pages still override className/buttonClassName so login/register styling is unchanged. * fix: remove focus ring from SecretInput * fix: keep green focus border on auth secret inputs SecretInput's modernized default uses focus-visible:border-border-heavy and hover:border-border-medium, which Tailwind emits after the auth pages' focus: rules and overrides them. Auth pages now also declare focus-visible:border-green-500 and hover:border-border-light so cn()/twMerge resolves them as the winners when classes are concatenated. * feat: add optional sensitive flag to MCP customUserVars Dynamic MCP credential fields all rendered as masked SecretInputs, which also hid non-secret setup values like usernames, project keys, and URLs. Add an optional `sensitive` flag to customUserVars and the plugin auth config. It defaults to masked when omitted, so existing configs keep the safe-by-default behavior; set `sensitive: false` to render a field as plain text. The flag is display-only — values remain encrypted at rest.		2026-06-01 18:14:12 -04:00
..
__tests__	🧯 fix: Harden Data Retention Semantics (#13049)	2026-05-19 21:58:42 -04:00
agents	🧠 refactor: Memoize MCP Permission Checks Per Request (#13419)	2026-05-30 18:32:06 -04:00
assistants	🔐 feat: Add Signed CloudFront File Downloads (#12970)	2026-05-06 19:48:30 -04:00
auth	🤝 fix: Honor OPENID_REUSE_TOKENS in Admin OAuth Exchange (#13154)	2026-05-18 09:34:58 -04:00
AuthController.js	🛡️ fix: Harden OpenID Session Token Reuse (#13086)	2026-05-11 23:29:01 -04:00
AuthController.spec.js	🛡️ fix: Harden OpenID Session Token Reuse (#13086)	2026-05-11 23:29:01 -04:00
Balance.js	📦 refactor: Consolidate DB models, encapsulating Mongoose usage in data-schemas (#11830)	2026-03-21 14:28:53 -04:00
EndpointController.js	✨ refactor: Integrate Capabilities into Agent File Uploads and Tool Handling (#5048)	2024-12-19 13:04:48 -05:00
FavoritesController.js	📌 feat: Add Pin Support for Model Specs (#11219)	2026-04-09 18:37:25 -04:00
FavoritesController.spec.js	📌 feat: Add Pin Support for Model Specs (#11219)	2026-04-09 18:37:25 -04:00
mcp.js	🔐 feat: Use SecretInput for Sensitive Fields (#12955)	2026-06-01 18:14:12 -04:00
ModelController.js	🏗️ refactor: Remove Redundant Caching, Migrate Config Services to TypeScript (#12466)	2026-03-30 16:49:48 -04:00
PermissionsController.js	🛡️ fix: Escape People Picker Search Regex (#13169)	2026-05-18 09:04:31 -04:00
PluginController.js	🪪 fix: Resolve Group-Scoped Config Overrides (#13176)	2026-05-18 10:16:20 -04:00
PluginController.spec.js	🪪 fix: Resolve Group-Scoped Config Overrides (#13176)	2026-05-18 10:16:20 -04:00
SkillStatesController.js	🎚️ feat: Per-User Skill Active/Inactive Toggle with Ownership-Aware Defaults (#12692)	2026-04-25 04:02:00 -04:00
tools.js	🧯 fix: Harden Data Retention Semantics (#13049)	2026-05-19 21:58:42 -04:00
TwoFactorController.js	🔑 fix: Require OTP Verification for 2FA Re-Enrollment and Backup Code Regeneration (#12223)	2026-03-14 01:51:31 -04:00
UserController.js	🧼 fix: Sanitize User Response Fields (#13421)	2026-05-30 19:35:52 -04:00
UserController.spec.js	🧼 fix: Sanitize User Response Fields (#13421)	2026-05-30 19:35:52 -04:00