Skip to content

feat: add document management via admin web interface #16

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ckrough merged 3 commits into from
Dec 27, 2025
Merged

feat: add document management via admin web interface #16

ckrough merged 3 commits into from
Dec 27, 2025

Conversation

@ckrough
Copy link
Owner

@ckrough ckrough commented Dec 27, 2025
edited
Loading

Summary

  • Add document upload, delete, and list functionality to admin dashboard
  • Store documents on filesystem with metadata in SQLite database
  • Enforce upload limits: 1 MB per file, 20 documents max
  • Fix pre-existing bandit security findings with nosec annotations

Changes

New Features

  • Upload documents: Admins can upload .md/.txt files through web UI
  • Delete documents: Remove uploaded documents with confirmation dialog
  • List documents: View all uploaded documents with metadata (title, type, size, date)
  • Auto-indexing: Documents automatically indexed to vector store on upload

Security

  • Path traversal prevention with robust filename validation
  • File size validation before reading into memory
  • Document count limit (20) to prevent abuse
  • Sanitized logging to prevent log injection
  • Fixed bandit findings (B104, B106, B704) with nosec annotations

Architecture

  • New documents module following clean architecture pattern
  • Database schema extended with documents table
  • HTMX partials for dynamic UI updates

Test plan

  • Upload a .md file and verify it appears in list
  • Upload a .txt file and verify it appears in list
  • Try uploading a file > 1 MB and verify rejection
  • Delete a document and verify index rebuilds
  • Verify static documents section still works
  • Run /pre-commit - all checks pass

@ckrough
feat: add document management via admin web interface
3fe3bc9 
Add ability for admins to upload, delete, and list documents through the
web UI. Documents are stored on filesystem with metadata in SQLite.

Key features:
- Upload .md/.txt files (max 1 MB, limit 20 documents)
- Auto-extract title from content
- Delete with confirmation (triggers full reindex due to ChromaDB limitation)
- List uploaded documents with metadata (title, type, size, upload date)
- Separate sections for uploaded vs static documents

Security:
- Path traversal prevention with robust filename validation
- File size validation before reading into memory
- Document count limit to prevent abuse
- Sanitized logging to prevent log injection

Also fixes pre-existing bandit findings:
- B104: Add nosec for intentional 0.0.0.0 binding
- B106: Add nosec for OAuth2 "bearer" token type
- B704: Add nosec for bleach-sanitized Markup
@ckrough
fix: add missing documents module to git
5c9ea3d 
The .gitignore pattern 'documents/' was matching src/modules/documents/.
Changed to '/documents/' to only match root documents folder.
@ckrough
test: add comprehensive tests for documents module
e134e19 
Add 31 tests covering:
- Document model and from_row deserialization
- DocumentRepository CRUD operations
- DocumentService upload, delete, list operations
- Validation (size, extension, filename, document limit)
- Exception handling and error cases

Restores coverage to 80%+ (was 75% without tests).
@ckrough ckrough merged commit b38b865 into main Dec 27, 2025
4 checks passed
@ckrough ckrough deleted the ecstatic-poincare branch December 27, 2025 21:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ckrough