Replace the image/ prefix match with an explicit allowlist of safe
binary MIME types. SVG is intentionally excluded as it supports
embedded scripts.

Normalize the knot-supplied Content-Type with mime.ParseMediaType
before classification to strip parameters and prevent bypass attempts.
Add X-Content-Type-Options: nosniff as defence-in-depth.

Add tests covering the allowlist invariants and the normalization
behaviour.

Signed-off-by: Matías Insaurralde <matias@insaurral.de>

Signed-off-by: oppiliappan <me@oppi.li>

icon is replaced with spinner with request is inflight.

Signed-off-by: oppiliappan <me@oppi.li>

Signed-off-by: oppiliappan <me@oppi.li>

Signed-off-by: oppiliappan <me@oppi.li>

Cover each filter field individually to guard against future additions
that miss the boolean check. Also documents that non-filter fields
(RepoAt, IsOpen, Knot, Did, State, Page) intentionally do not count
as active filters.

Signed-off-by: Matías Insaurralde <matias@insaurral.de>

Cover the sentinel-timestamp fast path, all two-header combinations
for the heuristic path, the line-10 boundary, and false cases
(empty, single line, plain diff, wrong timestamp, one header,
headers beyond line 10).

Signed-off-by: Matías Insaurralde <matias@insaurral.de>

repos with more stars go higher up in the search results.

the final result order is a bit magic right now, generally speaking:
forks go lower, more stars go higher, for now.

some more areas of improvement:

- boosting for prefix matches
- boosting for exact matches
- boosting for matches in repo name over repo desc/topic/website etc.

Signed-off-by: oppiliappan <me@oppi.li>

to unindex repos when deleted. this changeset also includes a tweak to
the NewRepo event, to fix a bug with the document IDs of new repos (it
was always zero).

Signed-off-by: oppiliappan <me@oppi.li>

the input box is inside an actor-typeahead js component, so we need a
bit of TLC to make it line up.

Signed-off-by: oppiliappan <me@oppi.li>

Signed-off-by: oppiliappan <me@oppi.li>

Signed-off-by: oppiliappan <me@oppi.li>

Signed-off-by: oppiliappan <me@oppi.li>

when the count of issues/pulls/stars changes, we reindex repo because it
is dependent on these fields.

Signed-off-by: oppiliappan <me@oppi.li>

to sort by number of stars/issues, we have to throw these into the bleve
index. as a result, we also need to reindex repos when new
issues/stars/pulls land on a repo.

Signed-off-by: oppiliappan <me@oppi.li>

also use yellow comment highlights.

Signed-off-by: oppiliappan <me@oppi.li>

This reverts commit 411b13efe4fd06d0594687d957f56d0eef74b658.

A single workflow failing to initialize would abort the entire pipeline.
Instead, mark the failed workflow and continue processing the rest,
matching the existing behavior for unknown engines.

Signed-off-by: Evan Jarrett <evan@evanjarrett.com>

Signed-off-by: Seongmin Lee <git@boltless.me>

Some rounded corners caused the background to show through.

Signed-off-by: tobinio <Tobias.frischmann1@gmail.com>

Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>

This is more of a practical proposal than solving a direct
problem. We fire-and-forget our cursor updates even if
an event fails. Instead, we should have it in the same thread
as the record ingestion and not be silent about errors.
Also for verification I think a little retry-backoff would be in order.

Lewis: May this revision serve well! <lewis@tangled.org>

we could just use the knotmirror here directly instead of deploying from
the knot, but we'd need the knotmirror to update before the site. for
now just deploy from the knot.

Signed-off-by: oppiliappan <me@oppi.li>

Signed-off-by: oppiliappan <me@oppi.li>

the subscription message schema was referencing a completely invalid ref, and the gitSync2 interface referenced a required property that doesn't exist

Lewis: May this revision serve well! <lewis@tangled.org>

override the default indigo xrpc client here to use one without retry
logic.

Signed-off-by: oppiliappan <me@oppi.li>

Signed-off-by: Seongmin Lee <git@boltless.me>

Lewis: May this revision serve well! <lewis@tangled.org>

Signed-off-by: eti <eti@eti.tf>

Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>

Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>

Lewis: May this revision serve well! <lewis@tangled.org>

Signed-off-by: Seongmin Lee <git@boltless.me>

So that we can actually know the runtime subscription status and
resubscribe on requestCrawl

Signed-off-by: Seongmin Lee <git@boltless.me>

Lewis: May this revision serve well! <lewis@tangled.org>

Signed-off-by: oppiliappan <me@oppi.li>

Signed-off-by: Lewis <lewis@tangled.org>

Signed-off-by: Lewis <lewis@tangled.org>
Lewis: May this revision serve well! <lewis@tangled.org>

Signed-off-by: Lewis <lewis@tangled.org>

Signed-off-by: Lewis <lewis@tangled.org>
Lewis: May this revision serve well! <lewis@tangled.org>

Signed-off-by: Lewis <lewis@tangled.org>

Signed-off-by: Lewis <lewis@tangled.org>

Signed-off-by: Lewis <lewis@tangled.org>
Lewis: May this revision serve well! <lewis@tangled.org>

Signed-off-by: Lewis <lewis@tangled.org>
Lewis: May this revision serve well! <lewis@tangled.org>

Signed-off-by: Lewis <lewis@tangled.org>
Lewis: May this revision serve well! <lewis@tangled.org>

We ought to harden the knotmirror in case we get errors
from tap or anywhere else, in situations such that the
appview knows about a git repo somewhere but the knot-
mirror doesn't. I would call this good practice in general
so that we have robust infrastructure and other possible
future appviews would also be able to trust that the
knotmirror will serve them repos that in fact exist.

Lewis: May this revision serve well! <lewis@tangled.org>

old version has a bug of not retrying failed resyncs

Signed-off-by: Seongmin Lee <git@boltless.me>

Signed-off-by: oppiliappan <me@oppi.li>

Signed-off-by: eti <eti@eti.tf>

Signed-off-by: oppiliappan <me@oppi.li>

uses the same logic as in the label template to resolve and render
labels.

Signed-off-by: oppiliappan <me@oppi.li>

Signed-off-by: oppiliappan <me@oppi.li>

Signed-off-by: eti <eti@eti.tf>

Lewis: May this revision serve well! <lewis@tangled.org>

Signed-off-by: eti <eti@eti.tf>

Clicking the empty space to the left of the "comment" button toggle
used to collapse the comments column — the hit area has now instead
been limited to the icon/button itself.

Add hit-area utility classes to `input.css`
Source: https://bazza.dev/craft/2026/hit-area

Signed-off-by: eti <eti@eti.tf>