LEDMatrix

mirror of https://github.com/ChuckBuilds/LEDMatrix.git synced 2026-04-10 13:02:59 +00:00

Author	SHA1	Message	Date
Chuck	158e07c82b	fix(plugins): prevent root-owned files from blocking plugin updates (#242 ) * fix(web): unify operation history tracking for monorepo plugin operations The operation history UI was reading from the wrong data source (operation_queue instead of operation_history), install/update records lacked version details, toggle operations used a type name that didn't match UI filters, and the Clear History button was non-functional. - Switch GET /plugins/operation/history to read from OperationHistory audit log with return type hint and targeted exception handling - Add DELETE /plugins/operation/history endpoint; wire up Clear button - Add _get_plugin_version helper with specific exception handling (FileNotFoundError, PermissionError, json.JSONDecodeError) and structured logging with plugin_id/path context - Record plugin version, branch, and commit details on install/update - Record install failures in the direct (non-queue) code path - Replace "toggle" operation type with "enable"/"disable" - Add normalizeStatus() in JS to map completed→success, error→failed so status filter works regardless of server-side convention - Truncate commit SHAs to 7 chars in details display - Fix HTML filter options, operation type colors, duplicate JS init Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(plugins): prevent root-owned files from blocking plugin updates The root ledmatrix service creates __pycache__ and data cache files owned by root inside plugin directories. The web service (non-root) cannot delete these when updating or uninstalling plugins, causing operations to fail with "Permission denied". Defense in depth with three layers: - Prevent: PYTHONDONTWRITEBYTECODE=1 in systemd service + run.py - Fallback: sudoers rules for rm on plugin directories - Code: _safe_remove_directory() now uses sudo as last resort, and all bare shutil.rmtree() calls routed through it Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(security): harden sudo removal with path-validated helper script Address code review findings: - Replace raw rm/find sudoers wildcards with a vetted helper script (safe_plugin_rm.sh) that resolves symlinks and validates the target is a strict child of plugin-repos/ or plugins/ before deletion - Add allow-list validation in sudo_remove_directory() that checks resolved paths against allowed bases before invoking sudo - Check _safe_remove_directory() return value before shutil.move() in the manifest ID rename path - Move stat import to module level in store_manager.py - Use stat.S_IRWXU instead of 0o777 in chmod fallback stage - Add ignore_errors=True to temp dir cleanup in finally block - Use command -v instead of which in configure_web_sudo.sh Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(security): address code review round 2 — harden paths and error handling - safe_plugin_rm.sh: use realpath --canonicalize-missing for ALLOWED_BASES so the script doesn't fail under set -e when dirs don't exist yet - safe_plugin_rm.sh: add -- before path in rm -rf to prevent flag injection - permission_utils.py: use shutil.which('bash') instead of hardcoded /bin/bash to match whatever path the sudoers BASH_PATH resolves to - store_manager.py: check _safe_remove_directory() return before shutil.move() in _install_from_monorepo_zip to prevent moving into a non-removed target - store_manager.py: catch OSError instead of PermissionError in Stage 1 removal to handle both EACCES and EPERM error codes - store_manager.py: hoist sudo_remove_directory import to module level - configure_web_sudo.sh: harden safe_plugin_rm.sh to root-owned 755 so the web user cannot modify the vetted helper script Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(security): validate command paths in sudoers config and use resolved paths - configure_web_sudo.sh: validate that required commands (systemctl, bash, python3) resolve to non-empty paths before generating sudoers entries; abort with clear error if any are missing; skip optional commands (reboot, poweroff, journalctl) with a warning instead of emitting malformed NOPASSWD lines; validate helper script exists on disk - permission_utils.py: pass the already-resolved path to the subprocess call and use it for the post-removal exists() check, eliminating a TOCTOU window between Python-side validation and shell-side execution Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Chuck <chuck@example.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-12 19:28:05 -05:00
Chuck	3b8910ac09	Fix/duplicate display settings (#173 ) * fix(plugins): Remove compatible_versions requirement from single plugin install Remove compatible_versions from required fields in install_from_url method to match install_plugin behavior. This allows installing plugins from URLs without manifest version requirements, consistent with store plugin installation. * fix(7-segment-clock): Update submodule with separator and spacing fixes * fix(plugins): Add onchange handlers to existing custom feed inputs - Add onchange handlers to key and value inputs for existing patternProperties fields - Fixes bug where editing existing custom RSS feeds didn't save changes - Ensures hidden JSON input field is updated when users edit feed entries - Affects all plugins using patternProperties (custom_feeds, feed_logo_map, etc.) * Add array-of-objects widget support to web UI - Add support for rendering arrays of objects in web UI (for custom_feeds) - Implement add/remove/update functions for array-of-objects widgets - Support file-upload widgets within array items - Update form data handling to support array JSON data fields * Update plugins_manager.js cache-busting version Update version parameter to force browser to load new JavaScript with array-of-objects widget support. * Fix: Move array-of-objects detection before file-upload/checkbox checks Move the array-of-objects widget detection to the top of the array handler so it's checked before file-upload and checkbox-group widgets. This ensures custom_feeds is properly detected as an array of objects. * Update cache-busting version for array-of-objects fix * Remove duplicate array-of-objects check * Update cache version again * Add array-of-objects widget support to server-side template Add detection and rendering for array-of-objects in the Jinja2 template (plugin_config.html). This enables the custom_feeds widget to display properly with name, URL, enabled checkbox, and logo upload fields. The widget is detected by checking if prop.items.type == 'object' && prop.items.properties, and is rendered before the file-upload widget check. * Use window. prefix for array-of-objects JavaScript functions Explicitly use window.addArrayObjectItem, window.removeArrayObjectItem, etc. in the template to ensure the functions are accessible from inline event handlers. Also add safety checks to prevent errors if functions aren't loaded yet. * Fix duplicate display settings in config Prevent display settings from being saved at both nested (display.hardware/runtime) and root level. The save_main_config function was processing display fields twice - once correctly in the nested structure, and again in the catch-all section creating root-level duplicates. Added display_fields to the skip list in the catch-all section to prevent root-level duplicates. All code expects the nested format, so this ensures consistency. * fix: Recreate one-shot install script with APT permission and non-interactive fixes Recreate one-shot install script that was deleted, with fixes for: 1. APT permission denied errors on /tmp 2. Non-interactive mode support Fixes: 1. Fix /tmp permissions before running first_time_install.sh: - chmod 1777 /tmp to ensure APT can write temp files - Set TMPDIR=/tmp explicitly - Preserve TMPDIR when using sudo -E 2. Enable non-interactive mode: - Pass -y flag or LEDMATRIX_ASSUME_YES=1 to first_time_install.sh - Prevents read prompt failure at line 242 when run via curl \| bash 3. Better error handling: - Temporarily disable errexit to capture exit code - Re-enable errexit after capturing - Added fix_tmp_permissions() function This resolves the 'Permission denied' errors for APT temp files and the interactive prompt failure when running via pipe. * fix(plugins): Restore version and display_modes to required_fields and fix array object data persistence - Restore 'version' and 'display_modes' to required_fields in store_manager.py manifest validation (both occurrences at lines 839 and 977) - Fix updateArrayObjectData to merge input fields with existing item data to preserve non-editable properties like logo objects - Implement handleArrayObjectFileUpload to properly upload files and store metadata in data-file-data attribute - Implement removeArrayObjectFile to properly remove file metadata and update data structure - Update renderArrayObjectItem to preserve file data in data-file-data attribute when rendering existing items * fix(plugins): Remove version from required_fields, keep display_modes required - Remove 'version' from required_fields in store_manager.py (both occurrences) - Some existing plugins have version: null or no version field (basketball-scoreboard, odds-ticker) - All code uses safe accessors (manifest.get('version')), so optional is safe - Keep 'display_modes' as required - all plugins have it and tests expect it * fix: Preserve exit codes in retry() and fix null handling in JSON data detection - Fix retry() function to preserve original command exit code by capturing status immediately after command execution - Fix JSON data detection to prevent null from overwriting config by checking jsonValue !== null before treating as object - Both fixes prevent edge cases that could cause incorrect behavior or data corruption * fix: Resolve merge conflict, fix array-of-objects file upload, and improve retry function - Remove unresolved merge conflict marker in array rendering (checkbox input attributes) - Fix array-of-objects file upload selector mismatch by adding id to wrapper element - Fix index-based preserve corruption by using data-item-data attributes instead of array indices - Add showNotification guards to prevent errors when notifications aren't available - Fix retry() function to work with set -Eeuo pipefail by disabling errexit for command execution * fix: Remove duplicate implementations, fix upload config, and add type coercion - Remove/guard duplicate updateArrayObjectData, handleArrayObjectFileUpload, and removeArrayObjectFile stub implementations that were overwriting real implementations - Fix hard-coded plugin ID fallback in renderArrayObjectItem - use null instead of 'ledmatrix-news' - Fix upload config to use uploadConfig.allowed_types and uploadConfig.max_size_mb from schema instead of hard-coded values - Store uploadConfig in data-upload-config attribute and read it in handleArrayObjectFileUpload for validation - Add type coercion to updateArrayObjectData: coerce number inputs to Number, array inputs via JSON.parse with comma-split fallback * fix: Use event-based element lookup in handleArrayObjectFileUpload - Change from constructing ID to using event.target.closest('.array-object-item') to find item element - Query fileUploadContainer from itemEl instead of using constructed ID lookup - Remove reliance on `${fieldId}_item_${itemIndex}` which breaks after reindexing - Add response.ok check before calling response.json() to avoid JSON parsing errors on HTTP errors - Handle non-OK responses with proper error messages (JSON parse with fallback) * fix: Improve HTML escaping and add pluginId validation for file uploads - Replace manual single-quote escaping with escapeAttribute() for proper HTML escaping in array-of-objects hidden input - Update default allowed_types to include 'image/jpg' in handleArrayObjectFileUpload - Add explicit pluginId validation before upload to fail fast with clear error message - Prevents XSS vulnerabilities and backend rejections from invalid uploads * fix: Use propKey-scoped selector and harden pluginId validation - Narrow file widget lookup to use propKey-specific selector (.file-upload-widget-inline[data-prop-key]) to target correct widget when item has multiple file widgets - Harden pluginId validation by checking typeof pluginId === 'string' before calling trim() to prevent errors on non-string values --------- Co-authored-by: Chuck <chuck@example.com>	2026-01-14 10:51:55 -05:00
Chuck	f1f33989b2	Fix/plugin permission errors (#181 ) * fix: Use plugin.modes instead of manifest.json for available modes - Display controller now checks plugin_instance.modes first before falling back to manifest - This allows plugins to dynamically provide modes based on enabled leagues - Fixes issue where disabled leagues (WNBA, NCAAW) appeared in available modes - Plugins can now control their available modes at runtime based on config * fix: Handle permission errors when removing plugin directories - Added _safe_remove_directory() method to handle permission errors gracefully - Fixes permissions on __pycache__ directories before removal - Updates uninstall_plugin() and install methods to use safe removal - Resolves [Errno 13] Permission denied errors during plugin install/uninstall * refactor: Improve error handling in _safe_remove_directory - Rename unused 'dirs' variable to '_dirs' to indicate intentional non-use - Use logger.exception() instead of logger.error() to preserve stack traces - Add comment explaining 0o777 permissions are acceptable (temporary before deletion) * fix(install): Fix one-shot-install script reliability issues - Install git and curl before attempting repository clone - Add HOME variable validation to prevent path errors - Improve git branch detection (try current branch, main, then master) - Add validation for all directory change operations - Improve hostname command handling in success message - Fix edge cases for better installation success rate * fix(install): Fix IP address display in installation completion message - Replace unreliable pipe-to-while-read loop with direct for loop - Filter out loopback addresses (127.0.0.1, ::1) from display - Add proper message when no non-loopback IPs are found - Fixes blank IP address display issue at end of installation * fix(install): Prevent unintended merges in one-shot-install git pull logic - Use git pull --ff-only for current branch to avoid unintended merges - Use git fetch (not pull) for other branches to check existence without merging - Only update current branch if fast-forward is possible - Provide better warnings when branch updates fail but other branches exist - Prevents risk of merging remote main/master into unrelated working branches * fix(install): Improve IPv6 address handling in installation scripts - Filter out IPv6 link-local addresses (fe80:) in addition to loopback - Properly format IPv6 addresses with brackets in URLs (http://[::1]:5000) - Filter loopback and link-local addresses when selecting IP for display - Prevents invalid IPv6 URLs and excludes non-useful addresses - Fixes: first_time_install.sh and one-shot-install.sh IP display logic --------- Co-authored-by: Chuck <chuck@example.com>	2026-01-12 18:11:54 -05:00
Chuck	0f4dbb6c1a	Feature/one shot installer (#178 ) * fix(plugins): Remove compatible_versions requirement from single plugin install Remove compatible_versions from required fields in install_from_url method to match install_plugin behavior. This allows installing plugins from URLs without manifest version requirements, consistent with store plugin installation. * fix(7-segment-clock): Update submodule with separator and spacing fixes * fix(plugins): Add onchange handlers to existing custom feed inputs - Add onchange handlers to key and value inputs for existing patternProperties fields - Fixes bug where editing existing custom RSS feeds didn't save changes - Ensures hidden JSON input field is updated when users edit feed entries - Affects all plugins using patternProperties (custom_feeds, feed_logo_map, etc.) * Add array-of-objects widget support to web UI - Add support for rendering arrays of objects in web UI (for custom_feeds) - Implement add/remove/update functions for array-of-objects widgets - Support file-upload widgets within array items - Update form data handling to support array JSON data fields * Update plugins_manager.js cache-busting version Update version parameter to force browser to load new JavaScript with array-of-objects widget support. * Fix: Move array-of-objects detection before file-upload/checkbox checks Move the array-of-objects widget detection to the top of the array handler so it's checked before file-upload and checkbox-group widgets. This ensures custom_feeds is properly detected as an array of objects. * Update cache-busting version for array-of-objects fix * Remove duplicate array-of-objects check * Update cache version again * Add array-of-objects widget support to server-side template Add detection and rendering for array-of-objects in the Jinja2 template (plugin_config.html). This enables the custom_feeds widget to display properly with name, URL, enabled checkbox, and logo upload fields. The widget is detected by checking if prop.items.type == 'object' && prop.items.properties, and is rendered before the file-upload widget check. * Use window. prefix for array-of-objects JavaScript functions Explicitly use window.addArrayObjectItem, window.removeArrayObjectItem, etc. in the template to ensure the functions are accessible from inline event handlers. Also add safety checks to prevent errors if functions aren't loaded yet. * Fix syntax error: Missing indentation for html += in array else block The html += statement was outside the else block, causing a syntax error. Fixed by properly indenting it inside the else block. * Update cache version for syntax fix * Add debug logging to diagnose addArrayObjectItem availability * Fix: Wrap array-of-objects functions in window check and move outside IIFE Ensure functions are available globally by wrapping them in a window check and ensuring they're defined outside any IIFE scope. Also fix internal function calls to use window.updateArrayObjectData for consistency. * Update cache version for array-of-objects fix * Move array-of-objects functions outside IIFE to make them globally available The functions were inside the IIFE scope, making them inaccessible from inline event handlers. Moving them outside the IIFE ensures they're available on window when the script loads. * Update cache version for IIFE fix * Fix: Add array-of-objects functions after IIFE ends The functions were removed from inside the IIFE but never added after it. Also removed orphaned code that was causing syntax errors. * Update cache version for array-of-objects fix * Fix: Remove all orphaned code and properly add array-of-objects functions after IIFE * Add array-of-objects functions after IIFE ends These functions must be outside the IIFE to be accessible from inline event handlers in the server-rendered template. * Update cache version for syntax fix * Fix syntax error: Add missing closing brace for else block * Update cache version for syntax fix * Replace complex array-of-objects widget with simple table interface - Replace nested array-of-objects widget with clean table interface - Table shows: Name, URL, Logo (with upload), Enabled checkbox, Delete button - Fix file-upload widget detection order to prevent breaking static-image plugin - Add simple JavaScript functions for add/remove rows and logo upload - Much more intuitive and easier to use * Add simple table interface for custom feeds - Replace complex array-of-objects widget with clean table - Table columns: Name, URL, Logo (upload), Enabled checkbox, Delete - Use dot notation for form field names (feeds.custom_feeds.0.name) - Add JavaScript functions for add/remove rows and logo upload - Fix file-upload detection order to prevent breaking static-image plugin * Fix custom feeds table issues - Fix JavaScript error in removeCustomFeedRow (get tbody before removing row) - Improve array conversion logic to handle nested paths like feeds.custom_feeds - Add better error handling and debug logging for array conversion - Ensure dicts with numeric keys are properly converted to arrays before validation * Add fallback fix for feeds.custom_feeds dict-to-array conversion - Add explicit fallback conversion for feeds.custom_feeds if fix_array_structures misses it - This ensures the dict with numeric keys is converted to an array before validation - Logo field is already optional in schema (not in required array) * feat(web): Add checkbox-group widget support for plugin config arrays Add server-side rendering support for checkbox-group widget in plugin configuration forms. This allows plugins to use checkboxes for multi-select array fields instead of comma-separated text inputs. The implementation: - Checks for x-widget: 'checkbox-group' in schema - Renders checkboxes for each enum item in items.enum - Supports custom labels via x-options.labels - Works with any plugin that follows the pattern Already used by: - ledmatrix-news plugin (enabled_feeds) - odds-ticker plugin (enabled_leagues) * feat(install): Add one-shot installation script - Create comprehensive one-shot installer with robust error handling - Includes network checks, disk space validation, and retry logic - Handles existing installations gracefully (idempotent) - Updates README with quick install command prominently featured - Manual installation instructions moved to collapsible section The script provides explicit error messages and never fails silently. All prerequisites are validated before starting installation. * fix: Remove accidental plugins/7-segment-clock submodule entry Remove uninitialized submodule 'plugins/7-segment-clock' that was accidentally included. This submodule is not related to the one-shot installer feature and should not be part of this PR. - Remove submodule entry from .gitmodules - Remove submodule from git index - Clean up submodule configuration * fix(array-objects): Fix schema lookup, reindexing, and disable file upload Address PR review feedback for array-of-objects helpers: 1. Schema resolution: Use getSchemaProperty() instead of manual traversal - Fixes nested array-of-objects schema lookup (e.g., news.custom_feeds) - Now properly descends through .properties for nested objects 2. Reindexing: Replace brittle regex with targeted patterns - Only replace index in bracket notation [0], [1], etc. for names - Only replace _item_<digits> pattern for IDs (not arbitrary digits) - Use specific function parameter patterns for onclick handlers - Prevents corruption of fieldId, pluginId, or other numeric values 3. File upload: Disable widget until properly implemented - Hide/disable upload button with clear message - Show existing logos if present but disable upload functionality - Prevents silent failures when users attempt to upload files - Added TODO comments for future implementation Also fixes exit code handling in one-shot-install.sh to properly capture first_time_install.sh exit status before error trap fires. * fix(security): Fix XSS vulnerability in handleCustomFeedLogoUpload Replace innerHTML usage with safe DOM manipulation using createElement and setAttribute to prevent XSS when injecting uploadedFile.path and uploadedFile.id values. - Clear logoCell using textContent instead of innerHTML - Create all DOM elements using document.createElement - Set uploadedFile.path and uploadedFile.id via setAttribute (automatically escaped) - Properly structure DOM tree by appending elements in order - Prevents malicious HTML/script injection through file path or ID values * fix: Update upload button onclick when reindexing custom feed rows Fix removeCustomFeedRow to update button onclick handlers that reference file input IDs with _logo_<index> when rows are reindexed after deletion. Previously, after deleting a row, the upload button's onclick still referenced the old file input ID, causing the upload functionality to fail. Now properly updates: - getElementById('..._logo_<num>') patterns in onclick handlers - Other _logo_<num> patterns in button onclick strings - Function parameter indices in onclick handlers This ensures upload buttons continue to work correctly after row deletion. * fix: Make custom feeds table widget-specific instead of generic fallback Replace generic array-of-objects check with widget-specific check for 'custom-feeds' widget to prevent hardcoded schema from breaking other plugins with different array-of-objects structures. Changes: - Check for x-widget == 'custom-feeds' before rendering custom feeds table - Add schema validation to ensure required fields (name, url) exist - Show warning message if schema doesn't match expected structure - Fall back to generic array input for other array-of-objects schemas - Add comments for future generic array-of-objects support This ensures the hardcoded custom feeds table (name, url, logo, enabled) only renders when explicitly requested via widget type, preventing breakage for other plugins with different array-of-objects schemas. * fix: Add image/gif to custom feed logo upload accept attribute Update file input accept attributes for custom feed logo uploads to include image/gif, making it consistent with the file-upload widget which also allows GIF images. Updated in three places: - Template file input (plugin_config.html) - JavaScript addCustomFeedRow function (base.html) - Dynamic file input creation in handleCustomFeedLogoUpload (base.html) All custom feed logo upload inputs now accept: image/png, image/jpeg, image/bmp, image/gif * fix: Add hidden input for enabled checkbox to ensure false is submitted Add hidden input with value='false' before enabled checkbox in custom feeds table to ensure an explicit false value is sent when checkbox is unchecked. Pattern implemented: - Hidden input: name='enabled', value='false' (always submitted) - Checkbox: name='enabled', value='true' (only submitted when checked) - When unchecked: only hidden input submits (false) - When checked: both submit, checkbox value (true) overwrites hidden Updated in two places: - Template checkbox in plugin_config.html (existing rows) - JavaScript addCustomFeedRow function in base.html (new rows) Backend verification: - Backend (api_v3.py) handles string boolean values and converts properly - JavaScript form processing explicitly checks element.checked, independent of this pattern - Standard form submission uses last value when multiple values share same name * fix: Expose renderArrayObjectItem to window for addArrayObjectItem Fix scope issue where renderArrayObjectItem is defined inside IIFE but window.addArrayObjectItem is defined outside, causing the function check to always fail and fallback to degraded HTML rendering. Problem: - renderArrayObjectItem (line 2469) is inside IIFE (lines 796-6417) - window.addArrayObjectItem (line 6422) is outside IIFE - Check 'typeof renderArrayObjectItem === function' at line 6454 always fails - Fallback code lacks file upload widgets, URL input types, descriptions, styling Solution: - Expose renderArrayObjectItem to window object before IIFE closes - Function maintains closure access to escapeHtml and other IIFE-scoped functions - Newly added items now have full functionality matching initially rendered items * fix: Reorder array type checks to match template order Fix inconsistent rendering where JavaScript and Jinja template had opposite ordering for array type checks, causing schemas with both x-widget: file-upload AND items.type: object (like static-image) to render differently. Problem: - Template checks file-upload FIRST (to avoid breaking static-image plugin) - JavaScript checked array-of-objects FIRST - Server-rendered forms showed file-upload widget correctly - JS-rendered forms incorrectly displayed array-of-objects table widget Solution: - Reorder JavaScript checks to match template order: 1. Check file-upload widget FIRST 2. Check checkbox-group widget 3. Check custom-feeds widget 4. Check array-of-objects as fallback 5. Regular array input (comma-separated) This ensures consistent rendering between server-rendered and JS-rendered forms for schemas that have both x-widget: file-upload AND items.type: object. * fix: Handle None value for feeds config to prevent TypeError Fix crash when plugin_config['feeds'] exists but is None, causing TypeError when checking 'custom_feeds' in feeds_config. Problem: - When plugin_config['feeds'] exists but is None, dict.get('feeds', {}) returns None (not the default {}) because dict.get() only uses default when key doesn't exist, not when value is None - Line 3642's 'custom_feeds' in feeds_config raises TypeError because None is not iterable - This can crash the API endpoint if a plugin config has feeds: null Solution: - Change plugin_config.get('feeds', {}) to plugin_config.get('feeds') or {} to ensure feeds_config is always a dict (never None) - Add feeds_config check before 'in' operator for extra safety This ensures the code gracefully handles feeds: null in plugin configuration. * fix: Add default value for AVAILABLE_SPACE to prevent TypeError Fix crash when df produces unexpected output that results in empty AVAILABLE_SPACE variable, causing 'integer expression expected' error. Problem: - df may produce unexpected output format (different locale, unusual filesystem name spanning lines, or non-standard df implementation) - While '\|\| echo "0"' handles pipeline failures, it doesn't trigger if awk succeeds but produces no output (empty string) - When AVAILABLE_SPACE is empty, comparison [ "$AVAILABLE_SPACE" -lt 500 ] fails with 'integer expression expected' error - With set -e, this causes script to exit unexpectedly Solution: - Add AVAILABLE_SPACE=${AVAILABLE_SPACE:-0} before comparison to ensure variable always has a numeric value (defaults to 0 if empty) - This gracefully handles edge cases where df/awk produces unexpected output * fix: Wrap debug console.log in debug flag check Fix unconditional debug logging that outputs internal implementation details to browser console for all users. Problem: - console.log('[ARRAY-OBJECTS] Functions defined on window:', ...) executes unconditionally when page loads - Outputs debug information about function availability to all users - Appears to be development/debugging code inadvertently included - Noisy console output in production Solution: - Wrap console.log statement in _PLUGIN_DEBUG_EARLY check to only output when pluginDebug localStorage flag is enabled - Matches pattern used elsewhere in the file for debug logging - Debug info now only visible when explicitly enabled via localStorage.setItem('pluginDebug', 'true') * fix: Expose getSchemaProperty, disable upload widget, handle bracket notation arrays Multiple fixes for array-of-objects and form processing: 1. Expose getSchemaProperty to window (plugins_manager.js): - getSchemaProperty was defined inside IIFE but needed by global functions - Added window.getSchemaProperty = getSchemaProperty before IIFE closes - Updated window.addArrayObjectItem to use window.getSchemaProperty - Fixes ReferenceError when dynamically adding array items 2. Disable upload widget for custom feeds (plugin_config.html): - File input and Upload button were still active but should be disabled - Removed onchange/onclick handlers, added disabled and aria-disabled - Added visible disabled styling and tooltip - Existing logos continue to display but uploads are prevented - Matches PR objectives to disable upload until fully implemented 3. Handle bracket notation array fields (api_v3.py): - checkbox-group uses name="field_name[]" which sends multiple values - request.form.to_dict() collapses duplicate keys (only keeps last value) - Added handling to detect fields ending with "[]" before to_dict() - Use request.form.getlist() to get all values, combine as comma-separated - Processed before existing array index field handling - Fixes checkbox-group losing all but last selected value * fix: Remove duplicate submit handler to prevent double POSTs Remove document-level submit listener that conflicts with handlePluginConfigSubmit, causing duplicate form submissions with divergent payloads. Problem: - handlePluginConfigSubmit correctly parses JSON from _data fields and maps to flatConfig[baseKey] for patternProperties and array-of-objects - Document-level listener (line 5368) builds its own config without understanding _data convention and posts independently via savePluginConfiguration - Every submit now sends two POSTs with divergent payloads: - First POST: Correct structure with parsed _data fields - Second POST: Incorrect structure with raw _data fields, missing structure - Arrays-of-objects and patternProperties saved incorrectly in second request Solution: - Remove document-level submit listener for #plugin-config-form - Rely solely on handlePluginConfigSubmit which is already attached to the form - handlePluginConfigSubmit properly handles all form-to-config conversion including: - _data field parsing (JSON from hidden fields) - Type-aware conversion using schema - Dot notation to nested object conversion - PatternProperties and array-of-objects support Note: savePluginConfiguration function remains for use by JSON editor saves * fix: Use indexed names for checkbox-group to work with existing parser Change checkbox-group widget to use indexed field names instead of bracket notation, so the existing indexed field parser correctly handles multiple selected values. Problem: - checkbox-group uses name="{{ full_key }}[]" which requires bracket notation handling in backend - While bracket notation handler exists, using indexed names is more robust and leverages existing well-tested indexed field parser - Indexed field parser already handles fields like "field_name.0", "field_name.1" correctly Solution: - Template: Change name="{{ full_key }}[]" to name="{{ full_key }}.{{ loop.index0 }}" - JavaScript: Update checkbox-group rendering to use name="." - Backend indexed field parser (lines 3364-3388) already handles this pattern: - Detects fields ending with numeric indices (e.g., ".0", ".1") - Groups them by base_path and sorts by index - Combines into array correctly This ensures checkbox-group values are properly preserved when multiple options are selected, working with the existing schema-based parsing system. * fix: Set values from item data in fallback array-of-objects rendering Fix fallback code path for rendering array-of-objects items to properly set input values from existing item data, matching behavior of proper renderArrayObjectItem function. Problem: - Fallback code at lines 3078-3091 and 6471-6486 creates input elements without setting values from existing item data - Text inputs have no value attribute set - Checkboxes have no checked attribute computed from item properties - Users would see empty form fields instead of existing configuration data - Proper renderArrayObjectItem function correctly sets values (line 2556) Solution: - Extract propValue from item data: item[propKey] with schema default fallback - For text inputs: Set value attribute with HTML-escaped propValue - For checkboxes: Set checked attribute based on propValue truthiness - Add inline HTML escaping for XSS prevention (since fallback code may run outside IIFE scope where escapeHtml function may not be available) This ensures fallback rendering displays existing data correctly when window.renderArrayObjectItem is not available. * fix: Remove extra closing brace breaking if/else chain Remove stray closing brace at line 3127 that was breaking the if/else chain before the 'else if (prop.enum)' branch, causing 'Unexpected token else' syntax error. Problem: - Extra '}' at line 3127 closed the prop.type === 'array' block prematurely - This broke the if/else chain, causing syntax error when parser reached 'else if (prop.enum)' at line 3128 - Structure was: } else if (array) { ... } } } else if (enum) - extra brace Solution: - Removed the extra closing brace at line 3127 - Structure now correctly: } else if (array) { ... } } else if (enum) - Verified with Node.js syntax checker - no errors * fix: Remove local logger assignments to prevent UnboundLocalError Remove all local logger assignments inside save_plugin_config function that were shadowing the module-level logger, causing UnboundLocalError when nested helpers like normalize_config_values() or debug checks reference logger before those assignments run. Problem: - Module-level logger exists at line 13: logger = logging.getLogger(__name__) - Multiple local assignments inside save_plugin_config (lines 3361, 3401, 3421, 3540, 3660, 3977, 4093, 4118) make logger a local variable for entire function - Python treats logger as local for entire function scope when any assignment exists, causing UnboundLocalError if logger is used before assignments - Nested helpers like normalize_config_values() or debug checks that reference logger before local assignments would fail Solution: - Removed all local logger = logging.getLogger(__name__) assignments in save_plugin_config function - Use module-level logger directly throughout the function - Removed redundant import logging statements that were only used for logger - This ensures logger is always available and references the module-level logger All logger references now use the module-level logger without shadowing. * fix: Fix checkbox-group serialization and array-of-objects key leakage Multiple fixes for array-of-objects and checkbox-group widgets: 1. Fix checkbox-group serialization (JS and template): - Changed from indexed names (categories.0, categories.1) to _data pattern - Added updateCheckboxGroupData() function to sync selected values - Hidden input stores JSON array of selected enum values - Checkboxes use data-checkbox-group and data-option-value attributes - Fixes issue where config.categories became {0: true, 1: true} instead of ['nfl', 'nba'] - Now correctly serializes to array using existing _data handling logic 2. Prevent array-of-objects per-item key leakage: - Added skip pattern in handlePluginConfigSubmit for _item_<n>_ names - Removed name attributes from per-item inputs in renderArrayObjectItem - Per-item inputs now rely solely on hidden _data field - Prevents feeds_item_0_name from leaking into flatConfig 3. Add type coercion to updateArrayObjectData: - Consults itemsSchema.properties[propKey].type for coercion - Handles integer and number types correctly - Preserves string values as-is - Ensures numeric fields in array items are stored as numbers 4. Ensure currentPluginConfig is always available: - Updated addArrayObjectItem to check window.currentPluginConfig first - Added error logging if schema not available - Prevents ReferenceError when global helpers need schema This ensures checkbox-group arrays serialize correctly and array-of-objects per-item fields don't leak extra keys into the configuration. * fix: Make _data field matching more specific to prevent false positives Fix overly broad condition that matched any field containing '_data', causing false positives and inconsistent key transformation. Problem: - Condition 'key.endsWith('_data') \|\| key.includes('_data')' matches any field containing '_data' anywhere (e.g., 'meta_data_field', 'custom_data_config') - key.replace(/_data$/, '') only removes '_data' from end, making logic inconsistent - Fields with '_data' in middle get matched but key isn't transformed - If their value happens to be valid JSON, it gets incorrectly parsed Solution: - Remove 'key.includes('_data')' clause - Only check 'key.endsWith('_data')' to match actual _data suffix pattern - Ensures consistent matching: only fields ending with '_data' are treated as JSON data fields, and only those get the suffix removed - Prevents false positives on fields like 'meta_data_field' that happen to contain '_data' in their name * fix: Add HTML escaping to prevent XSS in fallback code and checkbox-group Add proper HTML escaping for schema-derived values to prevent XSS vulnerabilities in fallback rendering code and checkbox-group widget. Problem: - Fallback code in generateFieldHtml (line 3094) doesn't escape propLabel when building HTML strings, while main renderArrayObjectItem uses escapeHtml() - Checkbox-group widget (lines 3012-3025) doesn't escape option or label values - While risk is limited (values come from plugin schemas), malicious plugin schemas or untrusted schema sources could inject XSS - Inconsistent with main renderArrayObjectItem which properly escapes Solution: - Added escapeHtml() calls for propLabel in fallback array-of-objects rendering (both locations: generateFieldHtml and addArrayObjectItem fallback) - Added escapeHtml() calls for option values in checkbox-group widget: - checkboxId (contains option) - data-option-value attribute - value attribute - label text in span - Ensures consistent XSS protection across all rendering paths This prevents potential XSS if plugin schemas contain malicious HTML/script content in enum values or property titles. * fix: Recreate one-shot install script with APT permission and non-interactive fixes Recreate one-shot install script that was deleted, with fixes for: 1. APT permission denied errors on /tmp 2. Non-interactive mode support Fixes: 1. Fix /tmp permissions before running first_time_install.sh: - chmod 1777 /tmp to ensure APT can write temp files - Set TMPDIR=/tmp explicitly - Preserve TMPDIR when using sudo -E 2. Enable non-interactive mode: - Pass -y flag or LEDMATRIX_ASSUME_YES=1 to first_time_install.sh - Prevents read prompt failure at line 242 when run via curl \| bash 3. Better error handling: - Temporarily disable errexit to capture exit code - Re-enable errexit after capturing - Added fix_tmp_permissions() function This resolves the 'Permission denied' errors for APT temp files and the interactive prompt failure when running via pipe. * fix: Pass both -y flag and env var to first_time_install.sh for non-interactive mode Ensure first_time_install.sh runs in non-interactive mode by passing both: 1. The -y command-line flag 2. The LEDMATRIX_ASSUME_YES=1 environment variable This is necessary because first_time_install.sh re-executes itself with sudo if not running as root (line 131), and we need to ensure the non-interactive flag is preserved through the re-execution. Also added debug_install.sh diagnostic script to help troubleshoot installation failures on the Pi. * fix: Improve /tmp permission handling and non-interactive mode detection Improve handling of /tmp permissions and non-interactive mode: 1. /tmp permissions fix: - Check current permissions before attempting to fix - Display warning when fixing incorrect permissions (2775 -> 1777) - Verify /tmp has permissions 1777 (sticky bit + world writable) 2. Non-interactive mode detection: - Redirect stdin from /dev/null when running via sudo to prevent read commands from hanging when stdin is not a TTY - Add better error message in first_time_install.sh when non-interactive mode is detected but ASSUME_YES is not set - Check if stdin is a TTY before attempting interactive read This fixes the issues identified in diagnostic output: - /tmp permissions 2775 causing APT write failures - read -p failing when stdin is not a TTY (curl \| bash) Fixes installation failures when running one-shot install via curl \| bash. * refactor: Simplify /tmp permission handling - only fix if actually wrong Simplify /tmp permission handling: - Only check and fix /tmp permissions if they're actually incorrect (not preemptively) - Remove redundant fix_tmp_permissions() call from prerequisites check - Keep the fix inline where first_time_install.sh is executed - When running manually, /tmp usually has correct permissions (1777) so no fix needed This makes the script less aggressive and avoids unnecessary permission changes when running manually, while still fixing the issue in automated scenarios. * fix: Remove user confirmation prompts in install_wifi_monitor.sh for non-interactive mode Make install_wifi_monitor.sh respect non-interactive mode: 1. Package installation prompt (line 48): - Check for ASSUME_YES or LEDMATRIX_ASSUME_YES environment variable - If set, automatically install required packages without prompting - If stdin is not a TTY (non-interactive), also auto-install packages - Only prompt user in true interactive mode (TTY available) 2. Continue installation prompt (line 145): - Already checks for ASSUME_YES, but now also checks LEDMATRIX_ASSUME_YES - Skip prompt if stdin is not a TTY - Proceed automatically in non-interactive mode This fixes installation failures at step 8.5 when running via one-shot installer or with -y flag, as the script was hanging on user prompts. * fix: Explicitly pass ASSUME_YES to install_wifi_monitor.sh and simplify package installation Fix WiFi monitor installation failing at step 8.5: 1. Explicitly pass ASSUME_YES environment variable when calling install_wifi_monitor.sh from first_time_install.sh to ensure non-interactive mode is respected 2. Simplify package installation logic in install_wifi_monitor.sh: - Use apt directly when running as root (from first_time_install.sh) - Use sudo when running as regular user (direct script execution) - Always install packages automatically in non-interactive mode - Only prompt in true interactive mode (TTY available and ASSUME_YES not set) This ensures packages are installed automatically when running via one-shot installer or with -y flag, preventing installation failures at step 8.5. * refactor: Remove all prompts from install_wifi_monitor.sh - install packages automatically Simplify WiFi monitor installation by removing all user prompts: 1. Package installation: Always install required packages automatically - No prompt for missing packages (hostapd, dnsmasq, network-manager) - Just install them if missing 2. Network connection warning: Remove prompt to continue - Just display informational message and proceed - WiFi monitor will handle AP mode automatically if no network 3. Remove ASSUME_YES environment variable passing from first_time_install.sh - No longer needed since script has no prompts This makes the installation completely non-interactive and simpler, preventing any hangs or failures at step 8.5. * fix: Address multiple issues in debug script, array rendering, and custom feeds 1. debug_install.sh: Make log path dynamic instead of hardcoded - Compute project root from script location - Use dynamic LOG_DIR instead of hardcoded /home/ledpi/LEDMatrix/logs/ - Works from any clone location and user 2. plugins_manager.js renderArrayObjectItem: Fix XSS and metadata issues - HTML-escape logoValue.path in img src attribute (XSS prevention) - Add data-file-data attribute to preserve file metadata for serialization - Add data-prop-key attribute for proper property tracking - Use schema-driven remove button label (x-removeLabel) with fallback to 'Remove item' 3. base.html addCustomFeedRow: Fix duplicate enabled field and hardcoded pluginId - Remove duplicate hidden input for enabled field (checkbox alone is sufficient) - Add pluginId parameter to function signature - Pass pluginId to handleCustomFeedLogoUpload instead of hardcoded 'ledmatrix-news' - Update caller in plugin_config.html to pass plugin_id These fixes improve security (XSS prevention), functionality (metadata preservation), and maintainability (no hardcoded values). * fix: Make install_wifi_monitor.sh more resilient to failures Make install_wifi_monitor.sh handle errors more gracefully: 1. Remove unnecessary sudo when running as root: - Check EUID before using sudo for systemctl commands - Use systemctl directly when running as root - Use sudo only when running as regular user 2. Add error handling for package installation: - Continue even if apt update fails (just warn) - Continue even if apt install fails (warn and provide manual install command) - Allow installation to continue even if packages fail 3. Make service operations more resilient: - Remove sudo when running as root - Allow service start to fail without exiting script - Print warning if service fails to start - Service will still be enabled and may start on reboot Note: Script still uses 'set -e' but errors in critical paths are handled with \|\| operators to prevent exit. This prevents the script from exiting with code 1 when called from first_time_install.sh, allowing the installation to continue even if some WiFi-related operations fail. * fix: Make WiFi monitor installation failure non-fatal in first_time_install.sh Make the WiFi monitor service installation optional/non-fatal: 1. Capture exit code from install_wifi_monitor.sh but don't fail installation 2. Continue installation even if WiFi monitor installation fails 3. Provide clear messages about the failure but allow installation to proceed 4. Check for service file creation and provide helpful messages WiFi monitor is optional functionality - the main LED Matrix installation should succeed even if WiFi monitor setup fails (e.g., package installation issues, service start failures, etc.). Users can install it later if needed. This prevents the entire installation from failing at step 8.5 due to WiFi monitor installation issues. * fix: Use JSON encoding for bracket-notation arrays and add sentinel for clearing Fix bracket-notation array handling to prevent data loss: 1. Use JSON encoding instead of comma-join (lines 3358-3359): - Comma-join breaks if option values contain commas - Switch to json.dumps() to encode array values as JSON strings - _parse_form_value_with_schema() already handles JSON arrays correctly - Preserves values with commas, special characters, etc. 2. Add sentinel hidden input for clearing arrays: - Add hidden input with name="field[]" value="" in checkbox-group template - Ensures field is always submitted, even when all checkboxes unchecked - Backend filters out sentinel empty strings to detect empty array - Allows users to clear array to [] by unchecking all options 3. Update backend to handle sentinel: - Filter out sentinel empty strings from bracket notation values - Empty array (all unchecked) is represented as "[]" JSON string - Properly handles both sentinel-only (empty array) and sentinel+values cases This fixes data loss when: - Option values contain commas (comma-join corruption) - All checkboxes are unchecked (field omitted from form, can't clear to []) * fix: Harden upload flow - HTTP status check, path normalization, property assignment Fix three security and reliability issues in upload flow: 1. Check HTTP status before calling response.json(): - Prevents JSON parsing errors on non-2xx responses - Properly handles error responses with status codes - Returns error text if available for better debugging - Prevents masking of HTTP errors 2. Normalize uploadedFile.path before using in img src: - Remove leading slashes with replace(/^\/+/, '') - Add single leading slash for image src - Prevents //host/odd paths that could cause security issues - Ensures consistent path format 3. Replace string-based handlers with property assignment: - Replace setAttribute('onchange', ...) with addEventListener('change', ...) - Replace setAttribute('onclick', ...) with addEventListener('click', ...) - Refactor addCustomFeedRow to use DOM manipulation instead of innerHTML - Prevents injection vulnerabilities from string interpolation - Uses property assignment (img.src, input.name, input.value) instead of setAttribute where appropriate These changes improve security by eliminating XSS injection surfaces and improve reliability by properly handling HTTP errors and path formats. * fix: Add bracket notation to checkbox-group input names The backend expects checkbox groups to submit with bracket notation (request.form.getlist("<field>[]")), but the templates were rendering checkboxes without the "[]" suffix in the name attribute. Changes: 1. Add name="{{ full_key }}[]" to checkbox inputs in plugin_config.html 2. Add name="${fullKey}[]" to checkbox inputs in plugins_manager.js This ensures: - Checked checkboxes submit their values with the bracket notation - Backend can use request.form.getlist("<field>[]") to collect all values - Sentinel hidden input (already using bracket notation) works correctly - Backend bracket_array_fields logic receives and processes the array values The sentinel hidden input ensures the field is always submitted (even when all checkboxes are unchecked), allowing the backend to detect and set empty arrays correctly. * fix: Swap order of enabled checkbox and hidden input in custom-feeds The hidden input with value="false" was rendered before the checkbox, causing request.form.to_dict() to use the hidden input's value instead of the checkbox's "true" value when checked. Fix by rendering the checkbox first, then the hidden fallback input. This ensures that when the checkbox is checked, its "true" value overwrites the hidden input's "false" value in request.form.to_dict(). The hidden input still serves as a fallback to ensure "false" is submitted when the checkbox is unchecked (since unchecked checkboxes don't submit a value). * fix: Enable upload buttons for existing custom feed rows in template The template was rendering disabled upload buttons for existing custom feed rows with the message "Logo upload for custom feeds is not yet implemented", while the JavaScript addCustomFeedRow function creates working upload buttons for newly added rows. This created confusing UX where users saw disabled buttons on existing feeds but working buttons on newly added feeds. Since handleCustomFeedLogoUpload is fully implemented and functional, enable the upload buttons in the template to match the JavaScript behavior: 1. Remove disabled and aria-disabled attributes from file input 2. Remove disabled, aria-disabled, misleading title, and update button styling to match working buttons (remove cursor-not-allowed and opacity-50, add hover:bg-gray-300) 3. Add onchange handler to file input calling handleCustomFeedLogoUpload 4. Add onclick handler to button to trigger file input click This ensures consistent UX across existing and newly added custom feed rows, with all upload buttons functional. * fix: Expose escapeHtml to window object for use by global functions The escapeHtml function is defined inside the IIFE (at line 5445) but is called at line 6508 from within window.addArrayObjectItem, which is defined outside the IIFE (starting at line 6465). Since escapeHtml is not exposed to the window object (unlike renderArrayObjectItem and getSchemaProperty which are exposed at lines 6457-6458), the fallback code path throws a ReferenceError: escapeHtml is not defined when window.renderArrayObjectItem is unavailable. Fix by exposing escapeHtml to the window object alongside renderArrayObjectItem and getSchemaProperty, ensuring the fallback code in window.addArrayObjectItem can safely call escapeHtml when the primary rendering function fails to load. This prevents users from being unable to add new items to array-of-objects fields when the primary rendering function is unavailable. * fix: Escape single quotes in checkbox-group JSON value attribute The hidden input for checkbox-group uses a single-quoted value attribute with {{ array_value\|tojson\|safe }}, but the tojson filter doesn't escape single quotes for HTML attributes. While JSON uses double quotes for strings, if array_value contains strings with single quotes (like "Tom's Choice"), the resulting HTML value='["Tom's Choice"]' could have parsing issues in some browsers when the single quote appears inside the JSON string content. The JavaScript equivalent at line 3037 correctly escapes single quotes with .replace(/'/g, "'"), but the Jinja2 template lacked this escaping. Fix by applying the replace filter to escape single quotes: {{ (array_value\|tojson\|safe)\|replace("'", "'") }} This ensures consistent behavior between server-side template rendering and client-side JavaScript rendering, and prevents potential HTML attribute parsing issues. * fix: Move hidden input before checkbox for enabled field in custom-feeds The hidden input and checkbox share the same name, causing duplicate form values. When request.form.to_dict() processes multiple fields with the same name, it uses the LAST value. The previous fix (`a315693b`) had the checkbox first and hidden input second, which meant the hidden input's "false" value would override the checkbox's "true" value when checked. Fix by moving the hidden input BEFORE the checkbox, so: - When checkbox is checked: checkbox value ("true") overrides hidden ("false") - When checkbox is unchecked: hidden input value ("false") is used (checkbox doesn't submit a value) This ensures the correct boolean value is submitted in both cases. * fix: Use dataset-driven indices for custom feed row reindexing After removeCustomFeedRow() reindexes data-index/id/name, the existing file-input change handlers still used stale closure indices, causing querySelector to fail and preventing logo uploads from working. Fix by using dataset-driven indices instead of closure-captured values: 1. In addCustomFeedRow: - Store index in fileInput.dataset.index - Read index from e.target.dataset.index in event handler - Use fileInput.click() directly instead of getElementById 2. In removeCustomFeedRow: - Update dataset.index for all inputs during reindexing - Remove onclick/onchange attribute rewriting (handlers use addEventListener) - Simplify ID updating to handle both _logo_<n> and _logo_preview_<n> 3. In handleCustomFeedLogoUpload: - Store index in fileInput.dataset.index - Read index from e.target.dataset.index in event handler - Use fileInput.click() directly - Set pathInput.value to imageSrc (normalized path) - Reset event.target.value to allow re-uploading the same file This ensures event handlers always use the current index from the DOM, preventing stale closure issues after row removal and reindexing. * fix: Reset file input value to allow re-uploading same file Add event.target.value = '' after successful upload to allow re-uploading the same file (change event won't fire otherwise if the same file is selected again). * fix: Add proper attribute escaping for renderArrayObjectItem The renderArrayObjectItem function was vulnerable because escapeHtml does not properly escape attribute contexts (quotes). This could lead to XSS if user-provided data contains quotes or other special characters in attribute values. Changes: 1. Create escapeAttribute function for proper attribute escaping - Escapes quotes, ampersands, and other special characters - Handles null/undefined values safely 2. Update renderArrayObjectItem to use escapeAttribute for all attribute values: - id attributes (itemId, propKey) - data-* attributes (data-prop-key, data-file-data) - value attributes (input values) - placeholder attributes - title attributes - src attributes (img src) - onclick/onchange handler parameters (fieldId) 3. Safely encode JSON in data-file-data attribute: - Use base64 encoding (btoa) instead of manual quote escaping - Decode with atob when reading the attribute - This safely handles all characters including quotes, newlines, etc. 4. Remove hardcoded 'ledmatrix-news' pluginId fallback: - Change fallback from 'ledmatrix-news' to null - Prevents surprising defaults when uploads are enabled later - Requires explicit pluginId configuration This ensures all attribute values are properly escaped and prevents XSS vulnerabilities from unescaped quotes or special characters. * fix: Expose escapeAttribute to window object The escapeAttribute function was not exposed to the window object, which could cause issues if other code needs to use it. Expose it alongside escapeHtml for consistency. --------- Co-authored-by: Chuck <chuck@example.com>	2026-01-11 16:38:55 -05:00
Chuck	7f230f625d	Feature/one shot installer (#175 ) * fix(plugins): Remove compatible_versions requirement from single plugin install Remove compatible_versions from required fields in install_from_url method to match install_plugin behavior. This allows installing plugins from URLs without manifest version requirements, consistent with store plugin installation. * fix(7-segment-clock): Update submodule with separator and spacing fixes * fix(plugins): Add onchange handlers to existing custom feed inputs - Add onchange handlers to key and value inputs for existing patternProperties fields - Fixes bug where editing existing custom RSS feeds didn't save changes - Ensures hidden JSON input field is updated when users edit feed entries - Affects all plugins using patternProperties (custom_feeds, feed_logo_map, etc.) * Add array-of-objects widget support to web UI - Add support for rendering arrays of objects in web UI (for custom_feeds) - Implement add/remove/update functions for array-of-objects widgets - Support file-upload widgets within array items - Update form data handling to support array JSON data fields * Update plugins_manager.js cache-busting version Update version parameter to force browser to load new JavaScript with array-of-objects widget support. * Fix: Move array-of-objects detection before file-upload/checkbox checks Move the array-of-objects widget detection to the top of the array handler so it's checked before file-upload and checkbox-group widgets. This ensures custom_feeds is properly detected as an array of objects. * Update cache-busting version for array-of-objects fix * Remove duplicate array-of-objects check * Update cache version again * Add array-of-objects widget support to server-side template Add detection and rendering for array-of-objects in the Jinja2 template (plugin_config.html). This enables the custom_feeds widget to display properly with name, URL, enabled checkbox, and logo upload fields. The widget is detected by checking if prop.items.type == 'object' && prop.items.properties, and is rendered before the file-upload widget check. * Use window. prefix for array-of-objects JavaScript functions Explicitly use window.addArrayObjectItem, window.removeArrayObjectItem, etc. in the template to ensure the functions are accessible from inline event handlers. Also add safety checks to prevent errors if functions aren't loaded yet. * Fix syntax error: Missing indentation for html += in array else block The html += statement was outside the else block, causing a syntax error. Fixed by properly indenting it inside the else block. * Update cache version for syntax fix * Add debug logging to diagnose addArrayObjectItem availability * Fix: Wrap array-of-objects functions in window check and move outside IIFE Ensure functions are available globally by wrapping them in a window check and ensuring they're defined outside any IIFE scope. Also fix internal function calls to use window.updateArrayObjectData for consistency. * Update cache version for array-of-objects fix * Move array-of-objects functions outside IIFE to make them globally available The functions were inside the IIFE scope, making them inaccessible from inline event handlers. Moving them outside the IIFE ensures they're available on window when the script loads. * Update cache version for IIFE fix * Fix: Add array-of-objects functions after IIFE ends The functions were removed from inside the IIFE but never added after it. Also removed orphaned code that was causing syntax errors. * Update cache version for array-of-objects fix * Fix: Remove all orphaned code and properly add array-of-objects functions after IIFE * Add array-of-objects functions after IIFE ends These functions must be outside the IIFE to be accessible from inline event handlers in the server-rendered template. * Update cache version for syntax fix * Fix syntax error: Add missing closing brace for else block * Update cache version for syntax fix * Replace complex array-of-objects widget with simple table interface - Replace nested array-of-objects widget with clean table interface - Table shows: Name, URL, Logo (with upload), Enabled checkbox, Delete button - Fix file-upload widget detection order to prevent breaking static-image plugin - Add simple JavaScript functions for add/remove rows and logo upload - Much more intuitive and easier to use * Add simple table interface for custom feeds - Replace complex array-of-objects widget with clean table - Table columns: Name, URL, Logo (upload), Enabled checkbox, Delete - Use dot notation for form field names (feeds.custom_feeds.0.name) - Add JavaScript functions for add/remove rows and logo upload - Fix file-upload detection order to prevent breaking static-image plugin * Fix custom feeds table issues - Fix JavaScript error in removeCustomFeedRow (get tbody before removing row) - Improve array conversion logic to handle nested paths like feeds.custom_feeds - Add better error handling and debug logging for array conversion - Ensure dicts with numeric keys are properly converted to arrays before validation * Add fallback fix for feeds.custom_feeds dict-to-array conversion - Add explicit fallback conversion for feeds.custom_feeds if fix_array_structures misses it - This ensures the dict with numeric keys is converted to an array before validation - Logo field is already optional in schema (not in required array) * feat(web): Add checkbox-group widget support for plugin config arrays Add server-side rendering support for checkbox-group widget in plugin configuration forms. This allows plugins to use checkboxes for multi-select array fields instead of comma-separated text inputs. The implementation: - Checks for x-widget: 'checkbox-group' in schema - Renders checkboxes for each enum item in items.enum - Supports custom labels via x-options.labels - Works with any plugin that follows the pattern Already used by: - ledmatrix-news plugin (enabled_feeds) - odds-ticker plugin (enabled_leagues) * feat(install): Add one-shot installation script - Create comprehensive one-shot installer with robust error handling - Includes network checks, disk space validation, and retry logic - Handles existing installations gracefully (idempotent) - Updates README with quick install command prominently featured - Manual installation instructions moved to collapsible section The script provides explicit error messages and never fails silently. All prerequisites are validated before starting installation. * fix: Remove accidental plugins/7-segment-clock submodule entry Remove uninitialized submodule 'plugins/7-segment-clock' that was accidentally included. This submodule is not related to the one-shot installer feature and should not be part of this PR. - Remove submodule entry from .gitmodules - Remove submodule from git index - Clean up submodule configuration * fix(array-objects): Fix schema lookup, reindexing, and disable file upload Address PR review feedback for array-of-objects helpers: 1. Schema resolution: Use getSchemaProperty() instead of manual traversal - Fixes nested array-of-objects schema lookup (e.g., news.custom_feeds) - Now properly descends through .properties for nested objects 2. Reindexing: Replace brittle regex with targeted patterns - Only replace index in bracket notation [0], [1], etc. for names - Only replace _item_<digits> pattern for IDs (not arbitrary digits) - Use specific function parameter patterns for onclick handlers - Prevents corruption of fieldId, pluginId, or other numeric values 3. File upload: Disable widget until properly implemented - Hide/disable upload button with clear message - Show existing logos if present but disable upload functionality - Prevents silent failures when users attempt to upload files - Added TODO comments for future implementation Also fixes exit code handling in one-shot-install.sh to properly capture first_time_install.sh exit status before error trap fires. * fix(security): Fix XSS vulnerability in handleCustomFeedLogoUpload Replace innerHTML usage with safe DOM manipulation using createElement and setAttribute to prevent XSS when injecting uploadedFile.path and uploadedFile.id values. - Clear logoCell using textContent instead of innerHTML - Create all DOM elements using document.createElement - Set uploadedFile.path and uploadedFile.id via setAttribute (automatically escaped) - Properly structure DOM tree by appending elements in order - Prevents malicious HTML/script injection through file path or ID values * fix: Update upload button onclick when reindexing custom feed rows Fix removeCustomFeedRow to update button onclick handlers that reference file input IDs with _logo_<index> when rows are reindexed after deletion. Previously, after deleting a row, the upload button's onclick still referenced the old file input ID, causing the upload functionality to fail. Now properly updates: - getElementById('..._logo_<num>') patterns in onclick handlers - Other _logo_<num> patterns in button onclick strings - Function parameter indices in onclick handlers This ensures upload buttons continue to work correctly after row deletion. * fix: Make custom feeds table widget-specific instead of generic fallback Replace generic array-of-objects check with widget-specific check for 'custom-feeds' widget to prevent hardcoded schema from breaking other plugins with different array-of-objects structures. Changes: - Check for x-widget == 'custom-feeds' before rendering custom feeds table - Add schema validation to ensure required fields (name, url) exist - Show warning message if schema doesn't match expected structure - Fall back to generic array input for other array-of-objects schemas - Add comments for future generic array-of-objects support This ensures the hardcoded custom feeds table (name, url, logo, enabled) only renders when explicitly requested via widget type, preventing breakage for other plugins with different array-of-objects schemas. * fix: Add image/gif to custom feed logo upload accept attribute Update file input accept attributes for custom feed logo uploads to include image/gif, making it consistent with the file-upload widget which also allows GIF images. Updated in three places: - Template file input (plugin_config.html) - JavaScript addCustomFeedRow function (base.html) - Dynamic file input creation in handleCustomFeedLogoUpload (base.html) All custom feed logo upload inputs now accept: image/png, image/jpeg, image/bmp, image/gif * fix: Add hidden input for enabled checkbox to ensure false is submitted Add hidden input with value='false' before enabled checkbox in custom feeds table to ensure an explicit false value is sent when checkbox is unchecked. Pattern implemented: - Hidden input: name='enabled', value='false' (always submitted) - Checkbox: name='enabled', value='true' (only submitted when checked) - When unchecked: only hidden input submits (false) - When checked: both submit, checkbox value (true) overwrites hidden Updated in two places: - Template checkbox in plugin_config.html (existing rows) - JavaScript addCustomFeedRow function in base.html (new rows) Backend verification: - Backend (api_v3.py) handles string boolean values and converts properly - JavaScript form processing explicitly checks element.checked, independent of this pattern - Standard form submission uses last value when multiple values share same name * fix: Expose renderArrayObjectItem to window for addArrayObjectItem Fix scope issue where renderArrayObjectItem is defined inside IIFE but window.addArrayObjectItem is defined outside, causing the function check to always fail and fallback to degraded HTML rendering. Problem: - renderArrayObjectItem (line 2469) is inside IIFE (lines 796-6417) - window.addArrayObjectItem (line 6422) is outside IIFE - Check 'typeof renderArrayObjectItem === function' at line 6454 always fails - Fallback code lacks file upload widgets, URL input types, descriptions, styling Solution: - Expose renderArrayObjectItem to window object before IIFE closes - Function maintains closure access to escapeHtml and other IIFE-scoped functions - Newly added items now have full functionality matching initially rendered items * fix: Reorder array type checks to match template order Fix inconsistent rendering where JavaScript and Jinja template had opposite ordering for array type checks, causing schemas with both x-widget: file-upload AND items.type: object (like static-image) to render differently. Problem: - Template checks file-upload FIRST (to avoid breaking static-image plugin) - JavaScript checked array-of-objects FIRST - Server-rendered forms showed file-upload widget correctly - JS-rendered forms incorrectly displayed array-of-objects table widget Solution: - Reorder JavaScript checks to match template order: 1. Check file-upload widget FIRST 2. Check checkbox-group widget 3. Check custom-feeds widget 4. Check array-of-objects as fallback 5. Regular array input (comma-separated) This ensures consistent rendering between server-rendered and JS-rendered forms for schemas that have both x-widget: file-upload AND items.type: object. * fix: Handle None value for feeds config to prevent TypeError Fix crash when plugin_config['feeds'] exists but is None, causing TypeError when checking 'custom_feeds' in feeds_config. Problem: - When plugin_config['feeds'] exists but is None, dict.get('feeds', {}) returns None (not the default {}) because dict.get() only uses default when key doesn't exist, not when value is None - Line 3642's 'custom_feeds' in feeds_config raises TypeError because None is not iterable - This can crash the API endpoint if a plugin config has feeds: null Solution: - Change plugin_config.get('feeds', {}) to plugin_config.get('feeds') or {} to ensure feeds_config is always a dict (never None) - Add feeds_config check before 'in' operator for extra safety This ensures the code gracefully handles feeds: null in plugin configuration. * fix: Add default value for AVAILABLE_SPACE to prevent TypeError Fix crash when df produces unexpected output that results in empty AVAILABLE_SPACE variable, causing 'integer expression expected' error. Problem: - df may produce unexpected output format (different locale, unusual filesystem name spanning lines, or non-standard df implementation) - While '\|\| echo "0"' handles pipeline failures, it doesn't trigger if awk succeeds but produces no output (empty string) - When AVAILABLE_SPACE is empty, comparison [ "$AVAILABLE_SPACE" -lt 500 ] fails with 'integer expression expected' error - With set -e, this causes script to exit unexpectedly Solution: - Add AVAILABLE_SPACE=${AVAILABLE_SPACE:-0} before comparison to ensure variable always has a numeric value (defaults to 0 if empty) - This gracefully handles edge cases where df/awk produces unexpected output * fix: Wrap debug console.log in debug flag check Fix unconditional debug logging that outputs internal implementation details to browser console for all users. Problem: - console.log('[ARRAY-OBJECTS] Functions defined on window:', ...) executes unconditionally when page loads - Outputs debug information about function availability to all users - Appears to be development/debugging code inadvertently included - Noisy console output in production Solution: - Wrap console.log statement in _PLUGIN_DEBUG_EARLY check to only output when pluginDebug localStorage flag is enabled - Matches pattern used elsewhere in the file for debug logging - Debug info now only visible when explicitly enabled via localStorage.setItem('pluginDebug', 'true') * fix: Expose getSchemaProperty, disable upload widget, handle bracket notation arrays Multiple fixes for array-of-objects and form processing: 1. Expose getSchemaProperty to window (plugins_manager.js): - getSchemaProperty was defined inside IIFE but needed by global functions - Added window.getSchemaProperty = getSchemaProperty before IIFE closes - Updated window.addArrayObjectItem to use window.getSchemaProperty - Fixes ReferenceError when dynamically adding array items 2. Disable upload widget for custom feeds (plugin_config.html): - File input and Upload button were still active but should be disabled - Removed onchange/onclick handlers, added disabled and aria-disabled - Added visible disabled styling and tooltip - Existing logos continue to display but uploads are prevented - Matches PR objectives to disable upload until fully implemented 3. Handle bracket notation array fields (api_v3.py): - checkbox-group uses name="field_name[]" which sends multiple values - request.form.to_dict() collapses duplicate keys (only keeps last value) - Added handling to detect fields ending with "[]" before to_dict() - Use request.form.getlist() to get all values, combine as comma-separated - Processed before existing array index field handling - Fixes checkbox-group losing all but last selected value * fix: Remove duplicate submit handler to prevent double POSTs Remove document-level submit listener that conflicts with handlePluginConfigSubmit, causing duplicate form submissions with divergent payloads. Problem: - handlePluginConfigSubmit correctly parses JSON from _data fields and maps to flatConfig[baseKey] for patternProperties and array-of-objects - Document-level listener (line 5368) builds its own config without understanding _data convention and posts independently via savePluginConfiguration - Every submit now sends two POSTs with divergent payloads: - First POST: Correct structure with parsed _data fields - Second POST: Incorrect structure with raw _data fields, missing structure - Arrays-of-objects and patternProperties saved incorrectly in second request Solution: - Remove document-level submit listener for #plugin-config-form - Rely solely on handlePluginConfigSubmit which is already attached to the form - handlePluginConfigSubmit properly handles all form-to-config conversion including: - _data field parsing (JSON from hidden fields) - Type-aware conversion using schema - Dot notation to nested object conversion - PatternProperties and array-of-objects support Note: savePluginConfiguration function remains for use by JSON editor saves * fix: Use indexed names for checkbox-group to work with existing parser Change checkbox-group widget to use indexed field names instead of bracket notation, so the existing indexed field parser correctly handles multiple selected values. Problem: - checkbox-group uses name="{{ full_key }}[]" which requires bracket notation handling in backend - While bracket notation handler exists, using indexed names is more robust and leverages existing well-tested indexed field parser - Indexed field parser already handles fields like "field_name.0", "field_name.1" correctly Solution: - Template: Change name="{{ full_key }}[]" to name="{{ full_key }}.{{ loop.index0 }}" - JavaScript: Update checkbox-group rendering to use name="." - Backend indexed field parser (lines 3364-3388) already handles this pattern: - Detects fields ending with numeric indices (e.g., ".0", ".1") - Groups them by base_path and sorts by index - Combines into array correctly This ensures checkbox-group values are properly preserved when multiple options are selected, working with the existing schema-based parsing system. * fix: Set values from item data in fallback array-of-objects rendering Fix fallback code path for rendering array-of-objects items to properly set input values from existing item data, matching behavior of proper renderArrayObjectItem function. Problem: - Fallback code at lines 3078-3091 and 6471-6486 creates input elements without setting values from existing item data - Text inputs have no value attribute set - Checkboxes have no checked attribute computed from item properties - Users would see empty form fields instead of existing configuration data - Proper renderArrayObjectItem function correctly sets values (line 2556) Solution: - Extract propValue from item data: item[propKey] with schema default fallback - For text inputs: Set value attribute with HTML-escaped propValue - For checkboxes: Set checked attribute based on propValue truthiness - Add inline HTML escaping for XSS prevention (since fallback code may run outside IIFE scope where escapeHtml function may not be available) This ensures fallback rendering displays existing data correctly when window.renderArrayObjectItem is not available. * fix: Remove extra closing brace breaking if/else chain Remove stray closing brace at line 3127 that was breaking the if/else chain before the 'else if (prop.enum)' branch, causing 'Unexpected token else' syntax error. Problem: - Extra '}' at line 3127 closed the prop.type === 'array' block prematurely - This broke the if/else chain, causing syntax error when parser reached 'else if (prop.enum)' at line 3128 - Structure was: } else if (array) { ... } } } else if (enum) - extra brace Solution: - Removed the extra closing brace at line 3127 - Structure now correctly: } else if (array) { ... } } else if (enum) - Verified with Node.js syntax checker - no errors * fix: Remove local logger assignments to prevent UnboundLocalError Remove all local logger assignments inside save_plugin_config function that were shadowing the module-level logger, causing UnboundLocalError when nested helpers like normalize_config_values() or debug checks reference logger before those assignments run. Problem: - Module-level logger exists at line 13: logger = logging.getLogger(__name__) - Multiple local assignments inside save_plugin_config (lines 3361, 3401, 3421, 3540, 3660, 3977, 4093, 4118) make logger a local variable for entire function - Python treats logger as local for entire function scope when any assignment exists, causing UnboundLocalError if logger is used before assignments - Nested helpers like normalize_config_values() or debug checks that reference logger before local assignments would fail Solution: - Removed all local logger = logging.getLogger(__name__) assignments in save_plugin_config function - Use module-level logger directly throughout the function - Removed redundant import logging statements that were only used for logger - This ensures logger is always available and references the module-level logger All logger references now use the module-level logger without shadowing. * fix: Fix checkbox-group serialization and array-of-objects key leakage Multiple fixes for array-of-objects and checkbox-group widgets: 1. Fix checkbox-group serialization (JS and template): - Changed from indexed names (categories.0, categories.1) to _data pattern - Added updateCheckboxGroupData() function to sync selected values - Hidden input stores JSON array of selected enum values - Checkboxes use data-checkbox-group and data-option-value attributes - Fixes issue where config.categories became {0: true, 1: true} instead of ['nfl', 'nba'] - Now correctly serializes to array using existing _data handling logic 2. Prevent array-of-objects per-item key leakage: - Added skip pattern in handlePluginConfigSubmit for _item_<n>_ names - Removed name attributes from per-item inputs in renderArrayObjectItem - Per-item inputs now rely solely on hidden _data field - Prevents feeds_item_0_name from leaking into flatConfig 3. Add type coercion to updateArrayObjectData: - Consults itemsSchema.properties[propKey].type for coercion - Handles integer and number types correctly - Preserves string values as-is - Ensures numeric fields in array items are stored as numbers 4. Ensure currentPluginConfig is always available: - Updated addArrayObjectItem to check window.currentPluginConfig first - Added error logging if schema not available - Prevents ReferenceError when global helpers need schema This ensures checkbox-group arrays serialize correctly and array-of-objects per-item fields don't leak extra keys into the configuration. * fix: Make _data field matching more specific to prevent false positives Fix overly broad condition that matched any field containing '_data', causing false positives and inconsistent key transformation. Problem: - Condition 'key.endsWith('_data') \|\| key.includes('_data')' matches any field containing '_data' anywhere (e.g., 'meta_data_field', 'custom_data_config') - key.replace(/_data$/, '') only removes '_data' from end, making logic inconsistent - Fields with '_data' in middle get matched but key isn't transformed - If their value happens to be valid JSON, it gets incorrectly parsed Solution: - Remove 'key.includes('_data')' clause - Only check 'key.endsWith('_data')' to match actual _data suffix pattern - Ensures consistent matching: only fields ending with '_data' are treated as JSON data fields, and only those get the suffix removed - Prevents false positives on fields like 'meta_data_field' that happen to contain '_data' in their name * fix: Add HTML escaping to prevent XSS in fallback code and checkbox-group Add proper HTML escaping for schema-derived values to prevent XSS vulnerabilities in fallback rendering code and checkbox-group widget. Problem: - Fallback code in generateFieldHtml (line 3094) doesn't escape propLabel when building HTML strings, while main renderArrayObjectItem uses escapeHtml() - Checkbox-group widget (lines 3012-3025) doesn't escape option or label values - While risk is limited (values come from plugin schemas), malicious plugin schemas or untrusted schema sources could inject XSS - Inconsistent with main renderArrayObjectItem which properly escapes Solution: - Added escapeHtml() calls for propLabel in fallback array-of-objects rendering (both locations: generateFieldHtml and addArrayObjectItem fallback) - Added escapeHtml() calls for option values in checkbox-group widget: - checkboxId (contains option) - data-option-value attribute - value attribute - label text in span - Ensures consistent XSS protection across all rendering paths This prevents potential XSS if plugin schemas contain malicious HTML/script content in enum values or property titles. --------- Co-authored-by: Chuck <chuck@example.com>	2026-01-08 15:38:08 -05:00
Chuck	7d71656cf1	Plugins (#145 ) Chaotic mega-merge into main. THINGS WILL PROBABLY BE BROKEN * chore: Update soccer-scoreboard submodule to merged commit - Update submodule reference to include manifest.json v2 registry format - Version updated to 1.0.1 * refactor: Remove test_mode and logo_dir config reading from base SportsCore - Remove test_mode initialization and usage - Remove logo_dir reading from mode_config - Use LogoDownloader defaults directly for logo directories * chore: Update plugin submodules after removing global properties - Update basketball-scoreboard submodule (removed global test_mode, live_priority, dynamic_duration, logo_dir) - Update soccer-scoreboard submodule (removed global test_mode, live_priority, dynamic_duration, logo_dir) * feat(calendar): Add credentials.json file upload via web interface - Add API endpoint /api/v3/plugins/calendar/upload-credentials for file upload - Validate JSON format and Google OAuth structure - Save file to plugin directory with secure permissions (0o600) - Backup existing credentials.json before overwriting - Add file upload widget support for string fields in config forms - Add frontend handler handleCredentialsUpload() for single file uploads - Update .gitignore to allow calendar submodule - Update calendar submodule reference * fix(web): Improve spacing for nested configuration sections - Add dynamic margin based on nesting depth (mb-6 for deeply nested sections) - Increase padding in nested content areas (py-3 to py-4) - Add extra spacing after nested sections to prevent overlap - Enhance CSS spacing for nested sections (1.5rem for nested, 2rem for deeply nested) - Add padding-bottom to expanded nested content to prevent cutoff - Fixes issue where game_limits and other nested settings were hidden under next section header * chore(plugins): Update sports scoreboard plugins with live update interval fix - Updated hockey-scoreboard, football-scoreboard, basketball-scoreboard, and soccer-scoreboard submodules - All plugins now fix the interval selection bug that caused live games to update every 5 minutes instead of 30 seconds - Ensures all live games update at the configured live_update_interval (30s) for timely score updates * fix: Initialize test_mode in SportsLive and fix config migration - Add test_mode initialization in SportsLive.__init__() to prevent AttributeError - Remove invalid new_secrets parameter from save_config_atomic() call in config migration - Fixes errors: 'NBALiveManager' object has no attribute 'test_mode' - Fixes errors: ConfigManager.save_config_atomic() got unexpected keyword argument 'new_secrets' * chore: Update submodules with test_mode initialization fixes - Update basketball-scoreboard submodule - Update soccer-scoreboard submodule * fix(plugins): Auto-stash local changes before plugin updates - Automatically stash uncommitted changes before git pull during plugin updates - Prevents update failures when plugins have local modifications - Improves error messages for git update failures - Matches behavior of main LEDMatrix update process * fix(basketball-scoreboard): Update submodule with timeout fix - Updated basketball-scoreboard plugin to fix update() timeout issue - Plugin now uses fire-and-forget odds fetching for upcoming games - Prevents 30-second timeout when processing many upcoming games Also fixed permission issue on devpi: - Changed /var/cache/ledmatrix/display_on_demand_state.json permissions from 600 to 660 to allow web service (devpi user) to read the file * fix(cache): Ensure cache files use 660 permissions for group access - Updated setup_cache.sh to set file permissions to 660 (not 775) - Updated first_time_install.sh to properly set cache file permissions - Modified DiskCache to set 660 permissions when creating cache files - Ensures display_on_demand_state.json and other cache files are readable by web service (devpi user) which is in ledmatrix group This fixes permission issues where cache files were created with 600 permissions, preventing the web service from reading them. Now files are created with 660 (rw-rw----) allowing group read access. * fix(soccer-scoreboard): Update submodule with manifest fix - Updated soccer-scoreboard plugin submodule - Added missing entry_point and class_name to manifest.json - Fixes plugin loading error: 'No class_name in manifest' Also fixed cache file permissions on devpi server: - Changed display_on_demand_state.json from 600 to 660 permissions - Allows web service (devpi user) to read cache files * fix(display): Remove update_display() calls from clear() to prevent black flash Previously, display_manager.clear() was calling update_display() twice, which immediately showed a black screen on the hardware before new content could be drawn. This caused visible black flashes when switching between modes, especially when plugins switch from general modes (e.g., football_upcoming) to specific sub-modes (e.g., nfl_upcoming). Now clear() only prepares the buffer without updating the hardware. Callers can decide when to update the display, allowing smooth transitions from clear → draw → update_display() without intermediate black flashes. Places that intentionally show a cleared screen (error cases) already explicitly call update_display() after clear(), so backward compatibility is maintained. * fix(scroll): Prevent wrap-around before cycle completion in dynamic duration - Check scroll completion BEFORE allowing wrap-around - Clamp scroll_position when complete to prevent visual loop - Only wrap-around if cycle is not complete yet - Fixes issue where stocks plugin showed first stock again at end - Completion logged only once to avoid spam - Ensures smooth transition to next mode without visual repeat * fix(on-demand): Ensure on-demand buttons work and display service runs correctly - Add early stub functions for on-demand modal to ensure availability when Alpine.js initializes - Increase on-demand request cache max_age from 5min to 1hr to prevent premature expiration - Fixes issue where on-demand buttons were not functional due to timing issues - Ensures display service properly picks up on-demand requests when started * test: Add comprehensive test coverage (30%+) - Add 100+ new tests across core components - Add tests for LayoutManager (27 tests) - Add tests for PluginLoader (14 tests) - Add tests for SchemaManager (20 tests) - Add tests for MemoryCache and DiskCache (24 tests) - Add tests for TextHelper (9 tests) - Expand error handling tests (7 new tests) - Improve coverage from 25.63% to 30.26% - All 237 tests passing Test files added: - test/test_layout_manager.py - test/test_plugin_loader.py - test/test_schema_manager.py - test/test_text_helper.py - test/test_config_service.py - test/test_display_controller.py - test/test_display_manager.py - test/test_error_handling.py - test/test_font_manager.py - test/test_plugin_system.py Updated: - pytest.ini: Enable coverage reporting with 30% threshold - test/conftest.py: Enhanced fixtures for better test isolation - test/test_cache_manager.py: Expanded cache component tests - test/test_config_manager.py: Additional config tests Documentation: - HOW_TO_RUN_TESTS.md: Guide for running and understanding tests * test(web): Add comprehensive API endpoint tests - Add 30 new tests for Flask API endpoints in test/test_web_api.py - Cover config, system, display, plugins, fonts, and error handling APIs - Increase test coverage from 30.26% to 30.87% - All 267 tests passing Tests cover: - Config API: GET/POST main config, schedule, secrets - System API: Status, version, system actions - Display API: Current display, on-demand start/stop - Plugins API: Installed plugins, health, config, operations, state - Fonts API: Catalog, tokens, overrides - Error handling: Invalid JSON, missing fields, 404s * test(plugins): Add comprehensive integration tests for all plugins - Add base test class for plugin integration tests - Create integration tests for all 6 plugins: - basketball-scoreboard (11 tests) - calendar (10 tests) - clock-simple (11 tests) - odds-ticker (9 tests) - soccer-scoreboard (11 tests) - text-display (12 tests) - Total: 64 new plugin integration tests - Increase test coverage from 30.87% to 33.38% - All 331 tests passing Tests verify: - Plugin loading and instantiation - Required methods (update, display) - Manifest validation - Display modes - Config schema validation - Graceful handling of missing API credentials Uses hybrid approach: integration tests in main repo, plugin-specific unit tests remain in plugin submodules. * Add mqtt-notifications plugin as submodule * fix(sports): Respect games_to_show settings for favorite teams - Fix upcoming games to show N games per team (not just 1) - Fix recent games to show N games per team (not just 1) - Add duplicate removal for games involving multiple favorite teams - Match behavior of basketball-scoreboard plugin - Affects NFL, NHL, and other sports using base_classes/sports.py * chore: Remove debug instrumentation logs - Remove temporary debug logging added during fix verification - Fix confirmed working by user * debug: Add instrumentation to debug configuration header visibility issue * fix: Resolve nested section content sliding under next header - Remove overflow-hidden from nested-section to allow proper document flow - Add proper z-index and positioning to prevent overlap - Add margin-top to nested sections for better spacing - Remove debug instrumentation that was causing ERR_BLOCKED_BY_CLIENT errors * fix: Prevent unnecessary plugin tab redraws - Add check to only update tabs when plugin list actually changes - Increase debounce timeout to batch rapid changes - Compare plugin IDs before updating to avoid redundant redraws - Fix setter to check for actual changes before triggering updates * fix: Prevent form-groups from sliding out of view when nested sections expand - Increase margin-bottom on nested-sections for better spacing - Add clear: both to nested-sections to ensure proper document flow - Change overflow to visible when expanded to allow natural flow - Add margin-bottom to expanded content - Add spacing rules for form-groups that follow nested sections - Add clear spacer div after nested sections * fix: Reduce excessive debug logging in generateConfigForm - Only log once per plugin instead of on every function call - Prevents log spam when Alpine.js re-renders the form multiple times - Reduces console noise from 10+ logs per plugin to 1 log per plugin * fix: Prevent nested section content from sliding out of view when expanded - Remove overflow-hidden from nested-section in base.html (was causing clipping) - Add scrollIntoView to scroll expanded sections into view within modal - Set nested-section overflow to visible to prevent content clipping - Add min-height to nested-content to ensure proper rendering - Wait for animation to complete before scrolling into view * fix: Prevent form-groups from overlapping and appearing outside view - Change nested-section overflow to hidden by default, visible when expanded - Add :has() selector to allow overflow when content is expanded - Ensure form-groups after nested sections have proper spacing and positioning - Add clear: both and width: 100% to prevent overlap - Use !important for margin-top to ensure spacing is applied - Ensure form-groups are in normal document flow with float: none * fix: Use JavaScript to toggle overflow instead of :has() selector - :has() selector may not be supported in all browsers - Use JavaScript to set overflow: visible when expanded, hidden when collapsed - This ensures better browser compatibility while maintaining functionality * fix: Make parent sections expand when nested sections expand - Add updateParentNestedContentHeight() helper to recursively update parent heights - When a nested section expands, recalculate all parent nested-content max-heights - Ensures parent sections (like NFL) expand to accommodate expanded child sections - Updates parent heights both on expand and collapse for proper animation * refactor: Simplify parent section expansion using CSS max-height: none - Remove complex recursive parent height update function - Use CSS max-height: none when expanded to allow natural expansion - Parent sections automatically expand because nested-content has no height constraint - Simpler and more maintainable solution * refactor: Remove complex recursive parent height update function - CSS max-height: none already handles parent expansion automatically - No need for JavaScript to manually update parent heights - Much simpler and cleaner solution * debug: Add instrumentation to debug auto-collapse issue - Add logging to track toggle calls and state changes - Add guard to prevent multiple simultaneous toggles - Pass event object to prevent bubbling - Improve state detection logic - Add return false to onclick handlers * chore: Remove debug instrumentation from toggleNestedSection - Remove all debug logging code - Keep functional fixes: event handling, toggle guard, improved state detection - Code is now clean and production-ready * fix(web): Add browser refresh note to plugin fetch errors * refactor(text-display): Update submodule to use ScrollHelper * fix(text-display): Fix scrolling display issue - update position in display() * feat(text-display): Add scroll_loop option and improve scroll speed control * debug: Add instrumentation to track plugin enabled state changes Added debug logging to investigate why plugins appear to disable themselves: - Track enabled state during plugin load (before/after schema merge) - Track enabled state during plugin reload - Track enabled state preservation during config save - Track state reconciliation fixes - Track enabled state updates in on_config_change This will help identify which code path is causing plugins to disable. * debug: Fix debug log path to work on Pi Changed hardcoded log path to use dynamic project root detection: - Uses LEDMATRIX_ROOT env var if set - Falls back to detecting project root by looking for config directory - Creates .cursor directory if it doesn't exist - Falls back to /tmp/ledmatrix_debug.log if all else fails - Added better error handling with logger fallback * Remove debug instrumentation for plugin enabled state tracking Removed all debug logging that was added to track plugin enabled state changes. The instrumentation has been removed as requested. * Reorganize documentation and cleanup test files - Move documentation files to docs/ directory - Remove obsolete test files - Update .gitignore and README * feat(text-display): Switch to frame-based scrolling with high FPS support * fix(text-display): Add backward compatibility for ScrollHelper sub-pixel scrolling * feat(scroll_helper): Add sub-pixel scrolling support for smooth movement - Add sub-pixel interpolation using scipy (if available) or numpy fallback - Add set_sub_pixel_scrolling() method to enable/disable feature - Implement _get_visible_portion_subpixel() for fractional pixel positioning - Implement _interpolate_subpixel() for linear interpolation - Prevents pixel skipping at slow scroll speeds - Maintains backward compatibility with integer pixel path * fix(scroll_helper): Reset last_update_time in reset_scroll() to prevent jump-ahead - Reset last_update_time when resetting scroll position - Prevents large delta_time on next update after reset - Fixes issue where scroll would immediately complete again after reset - Ensures smooth scrolling continuation after loop reset * fix(scroll_helper): Fix numpy broadcasting error in sub-pixel interpolation - Add output_width parameter to _interpolate_subpixel() for variable widths - Fix wrap-around case to use correct widths for interpolation - Handle edge cases where source array is smaller than expected - Prevent 'could not broadcast input array' errors in sub-pixel scrolling - Ensure proper width matching in all interpolation paths * feat(scroll): Add frame-based scrolling mode for smooth LED matrix movement - Add frame_based_scrolling flag to ScrollHelper - When enabled, moves fixed pixels per step, throttled by scroll_delay - Eliminates time-based jitter by ignoring frame timing variations - Provides stock-ticker-like smooth, predictable scrolling - Update text-display plugin to use frame-based mode This addresses stuttering issues where time-based scrolling caused visual jitter due to frame timing variations in the main display loop. * fix(scroll): Fix NumPy broadcasting errors in sub-pixel wrap-around - Ensure _interpolate_subpixel always returns exactly requested width - Handle cases where scipy.ndimage.shift produces smaller arrays - Add padding logic for wrap-around cases when arrays are smaller than expected - Prevents 'could not broadcast input array' errors during scrolling * refactor(scroll): Remove sub-pixel interpolation, use high FPS integer scrolling - Disable sub-pixel scrolling by default in ScrollHelper - Simplify get_visible_portion to always use integer pixel positioning - Restore frame-based scrolling logic for smooth high FPS movement - Use high frame rate (like stock ticker) for smoothness instead of interpolation - Reduces complexity and eliminates broadcasting errors * fix(scroll): Prevent large pixel jumps in frame-based scrolling - Initialize last_step_time properly to prevent huge initial jumps - Clamp scroll_speed to max 5 pixels/frame in frame-based mode - Prevents 60-pixel jumps when scroll_speed is misconfigured - Simplified step calculation to avoid lag catch-up jumps * fix(text-display): Align config schema and add validation - Update submodule reference - Adds warning and logging for scroll_speed config issues * fix(scroll): Simplify frame-based scrolling to match stock ticker behavior - Remove throttling logic from frame-based scrolling - Move pixels every call (DisplayController's loop timing controls rate) - Add enable_scrolling attribute to text-display plugin for high-FPS treatment - Matches stock ticker: simple, predictable movement every frame - Eliminates jitter from timing mismatches between DisplayController and ScrollHelper * fix(scroll): Restore scroll_delay throttling in frame-based mode - Restore time-based throttling using scroll_delay - Move pixels only when scroll_delay has passed - Handle lag catch-up with reasonable caps to prevent huge jumps - Preserve fractional timing for smooth operation - Now scroll_delay actually controls the scroll speed as intended * feat(text-display): Add FPS counter logging - Update submodule reference - Adds FPS tracking and logging every 5 seconds * fix(text-display): Add display-width buffer so text scrolls completely off - Update submodule reference - Adds end buffer to ensure text exits viewport before looping * fix: Prevent premature game switching in SportsLive - Set last_game_switch when games load even if current_game already exists - Set last_game_switch when same games update but it's still 0 - Add guard to prevent switching check when last_game_switch is 0 - Fixes issue where first game shows for only ~2 seconds before switching - Also fixes random screen flickering when games change prematurely * feat(plugins): Add branch selection support for plugin installation - Add optional branch parameter to install_plugin() and install_from_url() in store_manager - Update API endpoints to accept and pass branch parameter - Update frontend JavaScript to support branch selection in install calls - Maintain backward compatibility - branch parameter is optional everywhere - Falls back to default branch logic if specified branch doesn't exist * feat(plugins): Add UI for branch selection in plugin installation - Add branch input field in 'Install Single Plugin' section - Add global branch input for store installations - Update JavaScript to read branch from input fields - Branch input applies to all store installations when specified * feat(plugins): Change branch selection to be per-plugin instead of global - Remove global store branch input field - Add individual branch input field to each plugin card in store - Add branch input to custom registry plugin cards - Each plugin can now have its own branch specified independently * debug: Add logging to _should_exit_dynamic * feat(display_controller): Add universal get_cycle_duration support for all plugins UNIVERSAL FEATURE: Any plugin can now implement get_cycle_duration() to dynamically calculate the total time needed to show all content for a mode. New method: - _plugin_cycle_duration(plugin, display_mode): Queries plugin for calculated duration Integration: - Display controller calls plugin.get_cycle_duration(display_mode) - Uses returned duration as target (respecting max cap) - Falls back to cap if not provided Benefits: - Football plugin: Show all games (3 games × 15s = 45s total) - Basketball plugin: Could implement same logic - Hockey/Baseball/any sport: Universal support - Stock ticker: Could calculate based on number of stocks - Weather: Could calculate based on forecast days Example plugin implementation: Result: Plugins control their own display duration based on actual content, creating a smooth user experience where all content is shown before switching. * debug: Add logging to cycle duration call * debug: Change loop exit logs to INFO level * fix: Change cycle duration logs to INFO level * fix: Don't exit loop on False for dynamic duration plugins For plugins with dynamic duration enabled, keep the display loop running even when display() returns False. This allows games to continue rotating within the calculated duration. The loop will only exit when: - Cycle is complete (plugin reports all content shown) - Max duration is reached - Mode is changed externally * fix(schedule): Improve display scheduling functionality - Add GET endpoint for schedule configuration retrieval - Fix mode switching to clean up old config keys (days/start_time/end_time) - Improve error handling with consistent error_response() usage - Enhance display controller schedule checking with better edge case handling - Add validation for time formats and ensure at least one day enabled in per-day mode - Add debug logging for schedule state changes Fixes issues where schedule mode switching left stale config causing incorrect behavior. * fix(install): Add cmake and ninja-build to system dependencies Resolves h3 package build failure during first-time installation. The h3 package (dependency of timezonefinder) requires CMake and Ninja to build from source. Adding these build tools ensures successful installation of all Python dependencies. * fix: Pass display_mode in ALL loop calls to maintain sticky manager CRITICAL FIX: Display controller was only passing display_mode on first call, causing plugins to fall back to internal mode cycling and bypass sticky manager logic. Now consistently passes display_mode=active_mode on every display() call in both high-FPS and normal loops. This ensures plugins maintain mode context and sticky manager state throughout the entire display duration. * feat(install): Add OS check for Raspberry Pi OS Lite (Trixie) - Verify OS is Raspberry Pi OS (raspbian/debian) - Require Debian 13 (Trixie) specifically - Check for Lite version (no desktop environment) - Exit with clear error message if requirements not met - Provide instructions for obtaining correct OS version * fix(web-ui): Add missing notification handlers to quick action buttons - Added hx-on:htmx:after-request handlers to all quick action buttons in overview.html - Added hx-ext='json-enc' for proper JSON encoding - Added missing notification handler for reboot button in index.html - Users will now see toast notifications when actions complete or fail * fix(display): Ensure consistent display mode handling in all plugin calls - Updated display controller to consistently pass display_mode in all plugin display() calls. - This change maintains the sticky manager state and ensures plugins retain their mode context throughout the display duration. - Addresses issues with mode cycling and improves overall display reliability. * fix(display): Enhance display mode persistence across plugin updates - Updated display controller to ensure display_mode is consistently maintained during plugin updates. - This change prevents unintended mode resets and improves the reliability of display transitions. - Addresses issues with mode persistence, ensuring a smoother user experience across all plugins. * feat: Add Olympics countdown plugin as submodule - Add olympics-countdown plugin submodule - Update .gitignore to allow olympics-countdown plugin - Plugin automatically determines next Olympics and counts down to opening/closing ceremonies * feat(web-ui): Add checkbox-group widget support for multi-select arrays - Add checkbox-group widget rendering in plugins_manager.js - Update form processing to handle checkbox groups with [] naming - Support for friendly labels via x-options in config schemas - Update odds-ticker submodule with checkbox-group implementation * fix(plugins): Preserve enabled state when saving plugin config from main config endpoint When saving plugin configuration through save_main_config endpoint, the enabled field was not preserved if missing from the form data. This caused plugins to be automatically disabled when users saved their configuration from the plugin manager tab. This fix adds the same enabled state preservation logic that exists in save_plugin_config endpoint, ensuring consistent behavior across both endpoints. The enabled state is preserved from current config, plugin instance, or defaults to True to prevent unexpected disabling of plugins. * fix(git): Resolve git status timeout and exclude plugins from base project updates - Add --untracked-files=no flag to git status for faster execution - Increase timeout from 5s to 30s for git status operations - Add timeout exception handling for git status and stash operations - Filter out plugins directory from git status checks (plugins are separate repos) - Exclude plugins from stash operations using :!plugins pathspec - Apply same fixes to plugin store manager update operations * feat(plugins): Add granular scroll speed control to odds-ticker and leaderboard plugins - Add display object to both plugins' config schemas with scroll_speed and scroll_delay - Enable frame-based scrolling mode for precise FPS control (100 FPS for leaderboard) - Add set_scroll_speed() and set_scroll_delay() methods to both plugins - Maintain backward compatibility with scroll_pixels_per_second config - Leaderboard plugin now explicitly sets target_fps to 100 for high-performance scrolling * fix(scroll): Correct dynamic duration calculation for frame-based scrolling - Fix calculate_dynamic_duration() to properly handle frame-based scrolling mode - Convert scroll_speed from pixels/frame to pixels/second when in frame-based mode - Prevents incorrect duration calculations (e.g., 2609s instead of 52s) - Affects all plugins using ScrollHelper: odds-ticker, leaderboard, stocks, text-display - Add debug logging to show scroll mode and effective speed * Remove version logic from plugin system, use git commits instead - Remove version parameter from install_plugin() method - Rename fetch_latest_versions to fetch_commit_info throughout codebase - Remove version fields from plugins.json registry (versions, latest_version, download_url_template) - Remove version logging from plugin manager - Update web UI to use fetch_commit_info parameter - Update .gitignore to ignore all plugin folders (remove whitelist exceptions) - Remove plugin directories from git index (plugins now installed via plugin store only) Plugins now always install latest commit from default branch. Version fields replaced with git commit SHA and commit dates. System uses git-based approach for all plugin metadata. * feat(plugins): Normalize all plugins as git submodules - Convert all 18 plugins to git submodules for uniform management - Add submodules for: baseball-scoreboard, christmas-countdown, football-scoreboard, hockey-scoreboard, ledmatrix-flights, ledmatrix-leaderboard, ledmatrix-music, ledmatrix-stocks, ledmatrix-weather, static-image - Re-initialize mqtt-notifications as proper submodule - Update .gitignore to allow all plugin submodules - Add normalize_plugin_submodules.sh script for future plugin management All plugins with GitHub repositories are now managed as git submodules, ensuring consistent version control and easier updates. * refactor(repository): Reorganize scripts and files into organized directory structure - Move installation scripts to scripts/install/ (except first_time_install.sh) - Move development scripts to scripts/dev/ - Move utility scripts to scripts/utils/ - Move systemd service files to systemd/ - Keep first_time_install.sh, start_display.sh, stop_display.sh in root - Update all path references in scripts, documentation, and service files - Add README.md files to new directories explaining their purpose - Remove empty tools/ directory (contents moved to scripts/dev/) - Add .gitkeep to data/ directory * fix(scripts): Fix PROJECT_DIR path in start_web_conditionally.py after move to scripts/utils/ * fix(scripts): Fix PROJECT_DIR/PROJECT_ROOT path resolution in moved scripts - Fix wifi_monitor_daemon.py to use project root instead of scripts/utils/ - Fix shell scripts in scripts/ to correctly resolve project root (go up one more level) - Fix scripts in scripts/fix_perms/ to correctly resolve project root - Update diagnose_web_interface.sh to reference moved start_web_conditionally.py path All scripts now correctly determine project root after reorganization. * fix(install): Update first_time_install.sh to detect and update service files with old paths - Check for old paths in service files and reinstall if needed - Always reinstall main service (install_service.sh is idempotent) - This ensures existing installations get updated paths after reorganization * fix(install): Update install_service.sh message to indicate it updates existing services * fix(wifi): Enable WiFi scan to work when AP mode is active - Temporarily disable AP mode during network scanning - Automatically re-enable AP mode after scan completes - Add proper error handling with try/finally to ensure AP mode restoration - Add user notification when AP mode is temporarily disabled - Improve error messages for common scanning failures - Add timing delays for interface mode switching * fix(wifi): Fix network parsing to handle frequency with 'MHz' suffix - Strip 'MHz' suffix from frequency field before float conversion - Add better error logging for parsing failures - Fixes issue where all networks were silently skipped due to ValueError * debug(wifi): Add console logging and Alpine.js reactivity fixes for network display - Add console.log statements to debug network scanning - Add x-effect to force Alpine.js reactivity updates - Add unique keys to x-for template - Add debug display showing network count - Improve error handling and user feedback * fix(wifi): Manually update select options instead of using Alpine.js x-for - Replace Alpine.js x-for template with manual DOM manipulation - Add updateSelectOptions() method to directly update select dropdown - This fixes issue where networks weren't appearing in dropdown - Alpine.js x-for inside select elements can be unreliable * feat(web-ui): Add patternProperties support for dynamic key-value pairs - Add UI support for patternProperties objects (custom_feeds, feed_logo_map) - Implement key-value pair editor with add/remove functionality - Add JavaScript functions for managing dynamic key-value pairs - Update form submission to handle patternProperties JSON data - Enable easy configuration of feed_logo_map in web UI * chore: Update ledmatrix-news submodule to latest commit * fix(plugins): Handle arrays of objects in config normalization Fix configuration validation failure for static-image plugin by adding recursive normalization support for arrays of objects. The normalize_config_values function now properly handles arrays containing objects (like image_config.images) by recursively normalizing each object in the array using the items schema properties. This resolves the 'configuration validation failed' error when saving static image plugin configuration with multiple images. * fix(plugins): Handle union types in config normalization and form generation Fix configuration validation for fields with union types like ['integer', 'null']. The normalization function now properly handles: - Union types in top-level fields (e.g., random_seed: ['integer', 'null']) - Union types in array items - Empty string to None conversion for nullable fields - Form generation and submission for union types This resolves validation errors when saving plugin configs with nullable integer/number fields (e.g., rotation_settings.random_seed in static-image plugin). Also improves UX by: - Adding placeholder text for nullable fields explaining empty = use default - Properly handling empty values in form submission for union types * fix(plugins): Improve union type normalization with better edge case handling Enhanced normalization for union types like ['integer', 'null']: - Better handling of whitespace in string values - More robust empty string to None conversion - Fallback to None when conversion fails and null is allowed - Added debug logging for troubleshooting normalization issues - Improved handling of nested object fields with union types This should resolve remaining validation errors for nullable integer/number fields in nested objects (e.g., rotation_settings.random_seed). * chore: Add ledmatrix-news plugin to .gitignore exceptions * Fix web interface service script path in install_service.sh - Updated ExecStart path from start_web_conditionally.py to scripts/utils/start_web_conditionally.py - Updated diagnose_web_ui.sh to check for correct script path - Fixes issue where web UI service fails to start due to incorrect script path * Fix nested configuration section headers not expanding Fixed toggleNestedSection function to properly calculate scrollHeight when expanding nested configuration sections. The issue occurred when sections started with display:none - the scrollHeight was being measured before the browser had a chance to lay out the element, resulting in a value of 0. Changes: - Added setTimeout to delay scrollHeight measurement until after layout - Added overflow handling during animations to prevent content jumping - Added fallback for edge cases where scrollHeight might still be 0 - Set maxHeight to 'none' after expansion completes for natural growth - Updated function in both base.html and plugins_manager.js This fix applies to all plugins with nested configuration sections, including: - Hockey/Football/Basketball/Baseball/Soccer scoreboards (customization, global sections) - All plugins with transition, display, and other nested configuration objects Fixes configuration header expansion issues across all plugins. * Fix syntax error in first_time_install.sh step 8.5 Added missing 'fi' statement to close the if block in the WiFi monitor service installation section. This resolves the 'unexpected end of file' error that occurred at line 1385 during step 8.5. * Fix WiFi UI: Display correct SSID and accurate signal strength - Fix WiFi network selection dropdown not showing available networks - Replace manual DOM manipulation with Alpine.js x-for directive - Add fallback watcher to ensure select updates reactively - Fix WiFi status display showing netplan connection name instead of SSID - Query actual SSID from device properties (802-11-wireless.ssid) - Add fallback methods to get SSID from active WiFi connection list - Improve signal strength accuracy - Get signal directly from device properties (WIFI.SIGNAL) - Add multiple fallback methods for robust signal retrieval - Ensure signal percentage is accurate and up-to-date * Improve WiFi connection UI and error handling - Fix connect button disabled condition to check both selectedSSID and manualSSID - Improve error handling to display actual server error messages from 400 responses - Add step-by-step labels (Step 1, Step 2, Step 3) to clarify connection workflow - Add visual feedback showing selected network in blue highlight box - Improve password field labeling with helpful instructions - Add auto-clear logic between dropdown and manual SSID entry - Enhance backend validation with better error messages and logging - Trim SSID whitespace before processing to prevent validation errors * Add WiFi disconnect functionality for AP mode testing - Add disconnect_from_network() method to WiFiManager - Disconnects from current WiFi network using nmcli - Automatically triggers AP mode check if auto_enable_ap_mode is enabled - Returns success/error status with descriptive messages - Add /api/v3/wifi/disconnect API endpoint - POST endpoint to disconnect from current WiFi network - Includes proper error handling and logging - Add disconnect button to WiFi status section - Only visible when connected to a network - Red styling to indicate disconnection action - Shows 'Disconnecting...' state during operation - Automatically refreshes status after disconnect - Integrates with AP mode auto-enable functionality - When disconnected, automatically enables AP mode if configured - Perfect for testing captive portal and AP mode features * Add explicit handling for broken pipe errors during plugin dependency installation - Catch BrokenPipeError and OSError (errno 32) explicitly in all dependency installation methods - Add clear error messages explaining network interruption or buffer overflow causes - Improves error handling in store_manager, plugin_loader, and plugin_manager - Helps diagnose 'Errno 32 Broken Pipe' errors during pip install operations * Add WiFi permissions configuration script and integrate into first-time install - Create configure_wifi_permissions.sh script - Configures passwordless sudo for nmcli commands - Configures PolicyKit rules for NetworkManager control - Fixes 'Not Authorized to control Networking' error - Allows web interface to connect/disconnect WiFi without password prompts - Integrate WiFi permissions configuration into first_time_install.sh - Added as Step 10.1 after passwordless sudo configuration - Runs automatically during first-time installation - Ensures WiFi management works out of the box - Resolves authorization errors when connecting/disconnecting WiFi networks - NetworkManager requires both sudo and PolicyKit permissions - Script configures both automatically for seamless WiFi management * Add WiFi status LED message display integration - Integrate WiFi status messages from wifi_manager into display_controller - WiFi status messages interrupt normal rotation (but respect on-demand) - Priority: on-demand > wifi-status > live-priority > normal rotation - Safe implementation with comprehensive error handling - Automatic cleanup of expired/corrupted status files - Word-wrapping for long messages (max 2 lines) - Centered text display with small font - Non-intrusive: all errors are caught and logged, never crash controller * Fix display loop issues: reduce log spam and handle missing plugins - Change _should_exit_dynamic logging from INFO to DEBUG to reduce log spam in tight loops (every 8ms) that was causing high CPU usage - Fix display loop not running when manager_to_display is None - Add explicit check to set display_result=False when no plugin manager found - Fix logic bug where manager_to_display was overwritten after circuit breaker skip - Ensure proper mode rotation when plugins have no content or aren't found * Add debug logging to diagnose display loop stuck issue * Change debug logs to INFO level to diagnose display loop stuck * Add schedule activation logging and ensure display is blanked when inactive - Add clear INFO-level log message when schedule makes display inactive - Track previous display state to detect schedule transitions - Clear display when schedule makes it inactive to ensure blank screen (prevents showing initialization screen when schedule kicks in) - Initialize _was_display_active state tracking in __init__ * Fix indentation errors in schedule state tracking * Add rotation between hostname and IP address every 10 seconds - Added _get_local_ip() method to detect device IP address - Implemented automatic rotation between hostname and IP every 10 seconds - Enhanced logging to include both hostname and IP in initialization - Updated get_info() to expose device_ip and current_display_mode * Add WiFi connection failsafe system - Save original connection before attempting new connection - Automatically restore original connection if new connection fails - Enable AP mode as last resort if restoration fails - Enhanced connection verification with multiple attempts - Verify correct SSID (not just 'connected' status) - Better error handling and exception recovery - Prevents Pi from becoming unresponsive on connection failure - Always ensures device remains accessible via original WiFi or AP mode * feat(web): Improve web UI startup speed and fix cache permissions - Defer plugin discovery until first API request (removed from startup) - Add lazy loading to operation queue, state manager, and operation history - Defer health monitor initialization until first request - Fix cache directory permission issue: - Add systemd CacheDirectory feature for automatic cache dir creation - Add manual cache directory creation in install script as fallback - Improve cache manager logging (reduce alarming warnings) - Fix syntax errors in wifi_manager.py (unclosed try blocks) These changes significantly improve web UI startup time, especially with many plugins installed, while maintaining full backward compatibility. * feat(plugins): Improve GitHub token pop-up UX and combine warning/settings - Fix visibility toggle to handle inline styles properly - Remove redundant inline styles from HTML elements - Combine warning banner and settings panel into unified component - Add loading states to save/load token buttons - Improve error handling with better user feedback - Add token format validation (ghp_ or github_pat_ prefix) - Auto-refresh GitHub auth status after saving token - Hide warning banner when settings panel opens - Clear input field after successful save for security This creates a smoother UX flow where clicking 'Configure Token' transitions from warning directly to configuration form. * fix(wifi): Prevent WiFi radio disabling during AP mode disable - Make NetworkManager restart conditional (only for hostapd mode) - Add enhanced WiFi radio enable with retry and verification logic - Add connectivity safety check before NetworkManager restart - Ensure WiFi radio enabled after all AP mode disable operations - Fix indentation bug in dnsmasq backup restoration logic - Add pre-connection WiFi radio check for safety Fixes issue where WiFi radio was being disabled when disabling AP mode, especially when connected via Ethernet, making it impossible to enable WiFi from the web UI. * fix(plugin-templates): Fix unreachable fallback to expired cache in update() method The exception handler in update() checked the cached variable, which would always be None or falsy at that point. If fresh cached data existed, the method returned early. If cached data was expired, it was filtered out by max_age constraint. The fix retrieves cached data again in the exception handler with a very large max_age (1 year) to effectively bypass expiration check and allow fallback to expired data when fetch fails. * fix(plugin-templates): Resolve plugin_id mismatch in test template setUp method * feat(plugins): Standardize manifest version fields schema - Consolidate version fields to use consistent naming: - compatible_versions: array of semver ranges (required) - min_ledmatrix_version: string (optional) - max_ledmatrix_version: string (optional) - versions[].ledmatrix_min_version: renamed from ledmatrix_min - Add manifest schema validation (schema/manifest_schema.json) - Update store_manager to validate version fields and schema - Update template and all documentation examples to use standardized fields - Add deprecation warnings for ledmatrix_version and ledmatrix_min fields * fix(templates): Update plugin README template script path to correct location * docs(plugin): Resolve conflicting version management guidance in .cursorrules * chore(.gitignore): Consolidate plugin exclusion patterns Remove unnecessary !plugins//.git pattern and consolidate duplicate negations by keeping only trailing-slash directory exclusions. docs: Add language specifiers to code blocks in STATIC_IMAGE_MULTI_UPLOAD_PLAN.md * fix(templates): Remove api_key from config.json example in plugin README template Remove api_key field from config.json example to prevent credential leakage. API keys should only be stored in config_secrets.json. Added clarifying note about proper credential storage. * docs(README): Add plugin installation and migration information - Add plugin installation instructions via web interface and GitHub URL - Add plugin migration guide for users upgrading from old managers - Improve plugin documentation for new users * docs(readme): Update donation links and add Discord acknowledgment * docs: Add comprehensive API references and consolidate documentation - Add API_REFERENCE.md with complete REST API documentation (50+ endpoints) - Add PLUGIN_API_REFERENCE.md documenting Display Manager, Cache Manager, and Plugin Manager APIs - Add ADVANCED_PLUGIN_DEVELOPMENT.md with advanced patterns and examples - Add DEVELOPER_QUICK_REFERENCE.md for quick developer reference - Consolidate plugin configuration docs into single PLUGIN_CONFIGURATION_GUIDE.md - Archive completed implementation summaries to docs/archive/ - Enhance PLUGIN_DEVELOPMENT_GUIDE.md with API links and 3rd party submission guidelines - Update docs/README.md with new API reference sections - Update root README.md with documentation links * fix(install): Fix IP detection and network diagnostics after fresh install - Fix web-ui-info plugin IP detection to handle no internet, AP mode, and network state changes - Replace socket-based detection with robust interface scanning using hostname -I and ip addr - Add AP mode detection returning 192.168.4.1 when AP mode is active - Add periodic IP refresh every 30 seconds to handle network state changes - Improve network diagnostics in first_time_install.sh showing actual IPs, WiFi status, and AP mode - Add WiFi connection check in WiFi monitor installation with warnings - Enhance web service startup logging to show accessible IP addresses - Update README with network troubleshooting section and fix port references (5001->5000) Fixes issue where display showed incorrect IP (127.0.11:5000) and users couldn't access web UI after fresh install. * chore: Add GitHub sponsor button configuration * fix(wifi): Fix aggressive AP mode enabling and improve WiFi detection Critical fixes: - Change auto_enable_ap_mode default from True to False (manual enable only) - Fixes issue where Pi would disconnect from network after code updates - Matches documented behavior (was incorrectly defaulting to True in code) Improvements: - Add grace period: require 3 consecutive disconnected checks (90s) before enabling AP mode - Prevents AP mode from enabling on transient network hiccups - Improve WiFi status detection with retry logic and better nmcli parsing - Enhanced logging for debugging WiFi connection issues - Better handling of WiFi device detection (works with any wlan device) This prevents the WiFi monitor from aggressively enabling AP mode and disconnecting the Pi from the network when there are brief network issues or during system initialization. * fix(wifi): Revert auto_enable_ap_mode default to True with grace period protection Change default back to True for auto_enable_ap_mode while keeping the grace period protection that prevents interrupting valid WiFi connections. - Default auto_enable_ap_mode back to True (useful for setup scenarios) - Grace period (3 consecutive checks = 90s) prevents false positives - Improved WiFi detection with retry logic ensures accurate status - AP mode will auto-enable when truly disconnected, but won't interrupt valid connections due to transient detection issues * fix(news): Update submodule reference for manifest fix Update ledmatrix-news submodule to include the fixed manifest.json with required entry_point and class_name fields. * fix(news): Update submodule reference with validate_config addition Update ledmatrix-news submodule to include validate_config method for proper configuration validation. * feat: Add of-the-day plugin as git submodule - Add ledmatrix-of-the-day plugin as git submodule - Rename submodule path from plugins/of-the-day to plugins/ledmatrix-of-the-day to match repository naming convention - Update .gitignore to allow ledmatrix-of-the-day submodule - Plugin includes fixes for display rendering and web UI configuration support * fix(wifi): Make AP mode open network and fix WiFi page loading in AP mode AP Mode Changes: - Remove password requirement from AP mode (open network for easier setup) - Update hostapd config to create open network (no WPA/WPA2) - Update nmcli hotspot to create open network (no password parameter) WiFi Page Loading Fixes: - Download local copies of HTMX and Alpine.js libraries - Auto-detect AP mode (192.168.4.x) and use local JS files instead of CDN - Auto-open WiFi tab when accessing via AP mode IP - Add fallback loading if HTMX fails to load - Ensures WiFi setup page works in AP mode without internet access This fixes the issue where the WiFi page wouldn't load on iPhone when accessing via AP mode (192.168.4.1:5000) because CDN resources couldn't be fetched without internet connectivity. * feat(wifi): Add explicit network switching support with clean disconnection WiFi Manager Improvements: - Explicitly disconnect from current network before connecting to a new one - Add skip_ap_check parameter to disconnect_from_network() to prevent AP mode from activating during network switches - Check if already connected to target network to avoid unnecessary work - Improved logging for network switching operations Web UI Improvements: - Detect and display network switching status in UI - Show 'Switching from [old] to [new]...' message when switching networks - Enhanced status reloading after connection (multiple checks at 2s, 5s, 10s) - Better user feedback during network transitions This ensures clean network switching without AP mode interruptions and provides clear feedback to users when changing WiFi networks. * fix(web-ui): Add fallback content loading when HTMX fails to load Problem: - After recent updates, web UI showed navigation and CPU status but main content tabs never loaded - Content tabs depend on HTMX's 'revealed' trigger to load - If HTMX failed to load or initialize, content would never appear Solutions: - Enhanced HTMX loading verification with timeout checks - Added fallback direct fetch for overview tab if HTMX fails - Added automatic tab content loading when tabs change - Added loadTabContent() method to manually trigger content loading - Added global 'htmx-load-failed' event for error handling - Automatic retry after 5 seconds if HTMX isn't available - Better error messages and console logging for debugging This ensures the web UI loads content even if HTMX has issues, providing graceful degradation and better user experience. * feat(web-ui): Add support for plugin custom HTML widgets and static file serving - Add x-widget: custom-html support in config schema generation - Add loadCustomHtmlWidget() function to load HTML from plugin directories - Add /api/v3/plugins/<plugin_id>/static/<file_path> endpoint for serving plugin static files - Enhance execute_plugin_action() to pass params via stdin as JSON for scripts - Add JSON output parsing for script action responses These changes enable plugins to provide custom UI components while keeping all functionality plugin-scoped. Used by of-the-day plugin for file management. * fix(web-ui): Resolve Alpine.js initialization errors - Prevent Alpine.js from auto-initializing before app() function is defined - Add deferLoadingAlpine to ensure proper initialization order - Make app() function globally available via window.app - Fix 'app is not defined' and 'activeTab is not defined' errors - Remove duplicate Alpine.start() calls that caused double initialization warnings * fix(web-ui): Fix IndentationError in api_v3.py OAuth flow - Fix indentation in if action_def.get('oauth_flow') block - Properly indent try/except block and all nested code - Resolves IndentationError that prevented web interface from starting * fix(web-ui): Fix SyntaxError in api_v3.py else block - Fix indentation of OAuth flow code inside else block - Properly indent else block for simple script execution - Resolves SyntaxError at line 3458 that prevented web interface from starting * fix(web-ui): Restructure OAuth flow check to fix SyntaxError - Move OAuth flow check before script execution in else block - Remove unreachable code that was causing syntax error - OAuth check now happens first, then falls back to script execution - Resolves SyntaxError at line 3458 * fix(web-ui): Define app() function in head for Alpine.js initialization - Define minimal app() function in head before Alpine.js loads - Ensures app() is available when Alpine initializes - Full implementation in body enhances/replaces the stub - Fixes 'app is not defined' and 'activeTab is not defined' errors * fix(web-ui): Ensure plugin tabs load when full app() implementation is available - Update stub init() to detect and use full implementation when available - Ensure full implementation properly replaces stub methods - Call init() after merging to load plugins and set up watchers - Fixes issue where installed plugins weren't showing in navigation bar * fix(web-ui): Prevent 'Cannot redefine property' error for installedPlugins - Check if window.installedPlugins property already exists before defining - Make property configurable to allow redefinition if needed - Add _initialized flag to prevent multiple init() calls - Fixes TypeError when stub tries to enhance with full implementation * fix(web-ui): Fix variable redeclaration errors in logs tab - Replace let/const declarations with window properties to avoid redeclaration - Use window._logsEventSource, window._allLogs, etc. to persist across HTMX reloads - Clean up existing event source before reinitializing - Remove and re-add event listeners to prevent duplicates - Fixes 'Identifier has already been declared' error when accessing logs tab multiple times * feat(web-ui): Add support for additionalProperties object rendering - Add handler for objects with additionalProperties containing object schemas - Render dynamic category controls with enable/disable toggles - Display category metadata (display name, data file path) - Used by of-the-day plugin for category management * fix(wifi): Ensure AP mode hotspot is always open (no password) Problem: - LEDMatrix-Setup WiFi AP was still asking for password despite code changes - Existing hotspot connections with passwords weren't being fully cleaned up - NetworkManager might reuse old connection profiles with passwords Solutions: - More thorough cleanup: Delete all hotspot-related connections, not just known names - Verification: Check if hotspot has password after creation - Automatic fix: Remove password and restart connection if security is detected - Better logging: Log when password is detected and removed This ensures the AP mode hotspot is always open for easy setup access, even if there were previously saved connections with passwords. * fix(wifi): Improve network switching reliability and device state handling Problem: - Pi failing to switch WiFi networks via web UI - Connection attempts happening before device is ready - Disconnect not fully completing before new connection attempt - Connection name lookup issues when SSID doesn't match connection name Solutions: - Improved disconnect logic: Disconnect specific connection first, then device - Device state verification: Wait for device to be ready (disconnected/unavailable) before connecting - Better connection lookup: Search by SSID, not just connection name - Increased wait times: 2 seconds for disconnect to complete - State checking before activating existing connections - Enhanced error handling and logging throughout This ensures network switching works reliably by properly managing device state transitions and using correct connection identifiers. * debug(web-ui): Add debug logging for custom HTML widget loading - Add console logging to track widget generation - Improve error messages with missing configuration details - Help diagnose why file manager widget may not be appearing * fix(web-ui): Fix [object Object] display in categories field - Add type checking to ensure category values are strings before rendering - Safely extract data_file and display_name properties - Prevent object coercion issues in category display * perf(web-ui): Optimize plugin loading in navigation bar - Reduce stub init timeout from 100ms to 10ms for faster enhancement - Change full implementation merge from 50ms setTimeout to requestAnimationFrame - Add direct plugin loading in stub while waiting for full implementation - Skip plugin reload in full implementation if already loaded by stub - Significantly improves plugin tab loading speed in navigation bar * feat(web-ui): Adapt file-upload widget for JSON files in of-the-day plugin - Add specialized JSON upload/delete endpoints for of-the-day plugin - Modify file-upload widget to support JSON files (file_type: json) - Render JSON files with file-code icon instead of image preview - Show entry count for JSON files - Store files in plugins/ledmatrix-of-the-day/of_the_day/ directory - Automatically update categories config when files are uploaded/deleted - Populate uploaded_files array from categories on form load - Remove custom HTML widget, use standard file-upload widget instead * fix(web-ui): Add working updatePluginTabs to stub for immediate plugin tab rendering - Stub's updatePluginTabs was empty, preventing tabs from showing - Add basic implementation that creates plugin tabs in navigation bar - Ensures plugin tabs appear immediately when plugins load, even before full implementation merges - Fixes issue where plugin navigation bar wasn't working * feat(api): Populate uploaded_files and categories from disk for of-the-day plugin - Scan of_the_day directory for existing JSON files when loading config - Populate uploaded_files array from files on disk - Populate categories from files on disk if not in config - Categories default to disabled, user can enable them - Ensures existing JSON files (word_of_the_day.json, slovenian_word_of_the_day.json) appear in UI * fix(api): Improve category merging logic for of-the-day plugin - Preserve existing category enabled state when merging with files from disk - Ensure all JSON files from disk appear in categories section - Categories from files default to disabled, preserving user choices - Properly merge existing config with scanned files * fix(wifi): More aggressive password removal for AP mode hotspot Problem: - LEDMatrix-Setup network still asking for password despite previous fixes - NetworkManager may add default security settings to hotspots - Existing connections with passwords may not be fully cleaned up Solutions: - Always remove ALL security settings after creating hotspot (not just when detected) - Remove multiple security settings: key-mgmt, psk, wep-key, auth-alg - Verify security was removed and recreate connection if verification fails - Improved cleanup: Delete connections by SSID match, not just by name - Disconnect connections before deleting them - Always restart connection after removing security to apply changes - Better logging for debugging This ensures the AP mode hotspot is always open, even if NetworkManager tries to add default security settings. * perf(web): Optimize web interface performance and fix JavaScript errors - Add resource hints (preconnect, dns-prefetch) for CDN resources to reduce DNS lookup delays - Fix duplicate response parsing bug in loadPluginConfig that was parsing JSON twice - Replace direct fetch() calls with PluginAPI.getInstalledPlugins() to leverage caching and throttling - Fix Alpine.js function availability issues with defensive checks and $nextTick - Enhance request deduplication with debug logging and statistics - Add response caching headers for static assets and API responses - Add performance monitoring utilities with detailed metrics Fixes console errors for loadPluginConfig and generateConfigForm not being defined. Reduces duplicate API calls to /api/v3/plugins/installed endpoint. Improves initial page load time with resource hints and optimized JavaScript loading. * perf(web-ui): optimize CSS for Raspberry Pi performance - Remove backdrop-filter blur from modal-backdrop - Remove box-shadow transitions (use transform/opacity only) - Remove button ::before pseudo-element animation - Simplify skeleton loader (gradient to opacity pulse) - Optimize transition utility (specific properties, not 'all') - Improve color contrast for WCAG AA compliance - Add CSS containment to cards, plugin-cards, modals - Remove unused CSS classes (duration-300, divider, divider-light) - Remove duplicate spacing utility classes All animations now GPU-accelerated (transform/opacity only). Optimized for low-powered Raspberry Pi devices. * fix(web): Resolve ReferenceError for getInstalledPluginsSafe in v3 stub initialization Move getInstalledPluginsSafe() function definition before the app() stub code that uses it. The function was previously defined at line 3756 but was being called at line 849 during Alpine.js initialization, causing a ReferenceError when loadInstalledPluginsDirectly() attempted to load plugins before the full implementation was ready. * fix(web): Resolve TypeError for installedPlugins.map in plugin loading Fix PluginAPI.getInstalledPlugins() to properly extract plugins array from API response structure. The API returns {status: 'success', data: {plugins: [...]}}, but the method was returning response.data (the object) instead of response.data.plugins (the array). Changes: - api_client.js: Extract plugins array from response.data.plugins - plugins_manager.js: Add defensive array checks and handle array return value correctly - base.html: Add defensive check in getInstalledPluginsSafe() to ensure plugins is always an array This prevents 'installedPlugins.map is not a function' errors when loading plugins. * style(web-ui): Enhance navigation bar styling for better readability - Improve contrast: Change inactive tab text from gray-500 to gray-700 - Add gradient background and thicker border for active tabs - Enhance hover states with background highlights - Add smooth transitions using GPU-accelerated properties - Update all navigation buttons (system tabs and plugin tabs) - Add updatePluginTabStates() method for dynamic tab state management All changes are CSS-only with zero performance overhead. * fix(web-ui): Optimize plugin loading and reduce initialization errors - Make generateConfigForm accessible to inline Alpine components via parent scope - Consolidate plugin initialization to prevent duplicate API calls - Fix script execution from HTMX-loaded content by extracting scripts before DOM insertion - Add request deduplication to loadInstalledPlugins() to prevent concurrent requests - Improve Alpine component initialization with proper guards and fallbacks This eliminates 'generateConfigForm is not defined' errors and reduces plugin API calls from 3-4 duplicate calls to 1 per page load, significantly improving page load performance. * fix(web-ui): Add guard check for generateConfigForm to prevent Alpine errors Add typeof check in x-show to prevent Alpine from evaluating generateConfigForm before the component methods are fully initialized. This eliminates the 'generateConfigForm is not defined' error that was occurring during component initialization. * fix(web-ui): Fix try-catch block structure in script execution code Correct the nesting of try-catch block inside the if statement for script execution. The catch block was incorrectly placed after the else clause, causing a syntax error. * fix(web-ui): Escape quotes in querySelector to avoid HTML attribute conflicts Change double quotes to single quotes in the CSS selector to prevent conflicts with HTML attribute parsing when the x-data expression is embedded. * style(web): Improve button text readability in Quick Actions section * fix(web): Resolve Alpine.js expression errors in plugin configuration component - Capture plugin from parent scope into component data to fix parsing errors - Update all plugin references to use this.plugin in component methods - Fix x-init to properly call loadPluginConfig method - Resolves 'Uncaught ReferenceError' for isOnDemandLoading, onDemandLastUpdated, and other component properties * fix(web): Fix remaining Alpine.js scope issues in plugin configuration - Use this.generateConfigForm in typeof checks and method calls - Fix form submission to use this.plugin.id - Use $root. prefix for parent scope function calls (refreshPlugin, updatePlugin, etc.) - Fix confirm dialog string interpolation - Ensures all component methods and properties are properly scoped * fix(web): Add this. prefix to all Alpine.js component property references - Fix all template expressions to use this. prefix for component properties - Update isOnDemandLoading, onDemandLastUpdated, onDemandRefreshing references - Update onDemandStatusClass, onDemandStatusText, onDemandServiceClass, onDemandServiceText - Update disableRunButton, canStopOnDemand, showEnableHint, loading references - Ensures Alpine.js can properly resolve all component getters and properties * fix(web): Resolve Alpine.js expression errors in plugin configuration - Move complex x-data object to pluginConfigData() function for better parsing - Fix all template expressions to use this.plugin instead of plugin - Add this. prefix to all method calls in event handlers - Fix duplicate x-on:click attribute on uninstall button - Add proper loading state management in loadPluginConfig method This resolves the 'Invalid or unexpected token' and 'Uncaught ReferenceError' errors in the browser console. * fix(web): Fix plugin undefined errors in Alpine.js plugin configuration - Change x-data initialization to capture plugin from loop scope first - Use Object.assign in x-init to merge pluginConfigData properties - Add safety check in pluginConfigData function for undefined plugins - Ensure plugin is available before accessing properties in expressions This resolves the 'Cannot read properties of undefined' errors by ensuring the plugin object is properly captured from the x-for loop scope before any template expressions try to access it. * style(web): Make Quick Actions button text styling consistent - Update Start Display, Stop Display, and Reboot System buttons - Change from text-sm font-medium to text-base font-semibold - All Quick Actions buttons now have consistent bold, larger text - Matches the styling of Update Code, Restart Display Service, and Restart Web Service buttons * fix(wifi): Properly handle AP mode disable during WiFi connection - Check return value of disable_ap_mode() before proceeding with connection - Add verification loop to ensure AP mode is actually disabled - Increase wait time to 5 seconds for NetworkManager restart stabilization - Return clear error messages if AP mode cannot be disabled - Prevents connection failures when switching networks from web UI or AP mode This fixes the issue where WiFi network switching would fail silently when AP mode disable failed, leaving the system in an inconsistent state. * fix(web): Handle API response errors in plugin configuration loading - Add null/undefined checks before accessing API response status - Set fallback defaults when API responses don't have status 'success' - Add error handling for batch API requests with fallback to individual requests - Add .catch() handlers to individual fetch calls to prevent unhandled rejections - Add console warnings to help debug API response failures - Fix applies to both main loadPluginConfig and PluginConfigHelpers.loadPluginConfig This fixes the issue where plugin configuration sections would get stuck showing the loading animation when API responses failed or returned error status. * fix(web): Fix Alpine.js reactivity for plugin config by using direct x-data Changed from Object.assign pattern to direct x-data assignment to ensure Alpine.js properly tracks reactive properties. The previous approach used Object.assign to merge properties into the component after initialization, which caused Alpine to not detect changes to config/schema properties. The fix uses pluginConfigData(plugin) directly as x-data, ensuring all properties including config, schema, loading, etc. are reactive from component initialization. * fix(web): Ensure plugin variable is captured in x-data scope Use spread operator to merge pluginConfigData properties while explicitly capturing the plugin variable from outer x-for scope. This fixes undefined plugin errors when Alpine evaluates the component data. * fix(web): Use $data for Alpine.js reactivity when merging plugin config Use Object.assign with Alpine's $data reactive proxy instead of this to ensure added properties are properly reactive. This fixes the issue where plugin variable scoping from x-for wasn't accessible in x-data expressions. * fix(web): Remove incorrect 'this.' prefix in Alpine.js template expressions Alpine.js template expressions (x-show, x-html, x-text, x-on) use the component data as the implicit context, so 'this.' prefix is incorrect. In template expressions, 'this' refers to the DOM element, not the component data. Changes: - Replace 'this.plugin.' with 'plugin.' in all template expressions (19 instances) - Replace 'this.loading' with 'loading' in x-show directives - Replace 'this.generateConfigForm' with 'generateConfigForm' in x-show/x-html - Replace 'this.savePluginConfig' with 'savePluginConfig' in x-on:submit - Replace 'this.config/schema/webUiActions' with direct property access - Use '$data.loadPluginConfig' in x-init for explicit method call Note: 'this.' is still correct inside JavaScript method definitions within pluginConfigData() function since those run with proper object context. * fix(web): Prevent infinite recursion in plugin config methods Add 'parent !== this' check to loadPluginConfig, generateConfigForm, and savePluginConfig methods in pluginConfigData to prevent infinite recursion when the component tries to delegate to a parent that resolves to itself. This fixes the 'Maximum call stack size exceeded' error that occurred when the nested Alpine component's $root reference resolved to a component that had the same delegating methods via Object.assign. * fix(web): Resolve infinite recursion in plugin config by calling $root directly The previous implementation had delegating methods (generateConfigForm, savePluginConfig) in pluginConfigData that tried to call parent.method(), but the parent detection via getParentApp() was causing circular calls because multiple components had the same methods. Changes: - Template now calls $root.generateConfigForm() and $root.savePluginConfig() directly instead of going through nested component delegation - Removed delegating generateConfigForm and savePluginConfig from pluginConfigData - Removed getParentApp() helper that was enabling the circular calls - Simplified loadPluginConfig to use PluginConfigHelpers directly This fixes the 'Maximum call stack size exceeded' error when rendering plugin configuration forms. * fix(web): Use window.PluginConfigHelpers instead of $root for plugin config The $root magic variable in Alpine.js doesn't correctly reference the app() component's data scope from nested x-data contexts. This causes generateConfigForm and savePluginConfig to be undefined. Changed to use window.PluginConfigHelpers which has explicit logic to find and use the app component's methods. * fix(web): Use direct x-data initialization for plugin config reactivity Changed from Object.assign($data, pluginConfigData(plugin)) to x-data="pluginConfigData(plugin)" to ensure Alpine.js properly tracks reactivity for all plugin config properties. This fixes the issue where all plugin tabs were showing the same config. * refactor(web): Implement server-side plugin config rendering with HTMX Major architectural improvement to plugin configuration management: - Add server-side Jinja2 template for plugin config forms (web_interface/templates/v3/partials/plugin_config.html) - Add Flask route to serve plugin config partials on-demand - Replace complex client-side form generation with HTMX lazy loading - Add Alpine.js store for centralized plugin state management - Mark old pluginConfigData and PluginConfigHelpers as deprecated Benefits: - Lazy loading: configs only load when tab is accessed - Server-side rendering: reduces client-side complexity - Better performance: especially on Raspberry Pi - Cleaner code: Jinja2 macros replace JS string templates - More maintainable: form logic in one place (server) The old client-side code is preserved for backwards compatibility but is no longer used by the main plugin configuration UI. * fix(web): Trigger HTMX manually after Alpine renders plugin tabs HTMX processes attributes at page load time, before Alpine.js renders dynamic content. Changed from :hx-get attribute to x-init with htmx.ajax() to properly trigger the request after the element is rendered. * fix(web): Remove duplicate 'enabled' toggle from plugin config form The 'enabled' field was appearing twice in plugin configuration: 1. Header toggle (quick action, uses HTMX) 2. Configuration form (from schema, requires save) Now only the header toggle is shown, avoiding user confusion. The 'enabled' key is explicitly skipped when rendering schema properties. * perf(web): Optimize plugin manager with request caching and init guards Major performance improvements to plugins_manager.js: 1. Request Deduplication & Caching - Added pluginLoadCache with 3-second TTL - Subsequent calls return cached data instead of making API requests - In-flight request deduplication prevents parallel duplicate fetches - Added refreshInstalledPlugins() for explicit force-refresh 2. Initialization Guards - Added pluginsInitialized flag to prevent multiple initializePlugins() calls - Added _eventDelegationSetup guard on container to prevent duplicate listeners - Added _listenerSetup guards on search/category inputs 3. Debug Logging Control - Added PLUGIN_DEBUG flag (localStorage.setItem('pluginDebug', 'true')) - Most console.log calls now use pluginLog() which only logs when debug enabled - Reduces console noise from ~150 logs to ~10 in production Expected improvements: - API calls reduced from 6+ to 2 on page load - Event listeners no longer duplicated - Cleaner console output - Faster perceived performance * fix(web): Handle missing search elements in searchPluginStore The searchPluginStore function was failing silently when called before the plugin-search and plugin-category elements existed in the DOM. This caused the plugin store to never load. Now safely checks if elements exist before accessing their values. * fix(web): Ensure plugin store loads via pluginManager.searchPluginStore - Exposed searchPluginStore on window.pluginManager for easier access - Updated base.html to fallback to pluginManager.searchPluginStore - Added logging when loading plugin store * fix(web): Expose searchPluginStore from inside the IIFE The function was defined inside the IIFE but only exposed after the IIFE ended, where the function was out of scope. Now exposed immediately after definition inside the IIFE. * fix(web): Add cache-busting version to plugins_manager.js URL Static JS files were being aggressively cached, preventing updates from being loaded by browsers. * fix(web): Fix pluginLog reference error outside IIFE pluginLog is defined inside the IIFE, so use _PLUGIN_DEBUG_EARLY and console.log directly for code outside the IIFE. * chore(web): Update plugins_manager.js cache version * fix(web): Defer plugin store render when grid not ready Instead of showing an error when plugin-store-grid doesn't exist, store plugins in window.__pendingStorePlugins for later rendering when the tab loads (consistent with how installed plugins work). * chore: Bump JS cache version * fix(web): Restore enabledBool variable in plugin render Variable was removed during debug logging optimization but was still being used in the template string for toggle switch rendering. * fix(ui): Add header and improve categories section rendering - Add proper header (h4) to categories section with label - Add debug logging to diagnose categories field rendering - Improve additionalProperties condition check readability * fix(ui): Improve additionalProperties condition check - Explicitly exclude objects with properties to avoid conflicts - Ensure categories section is properly detected and rendered - Categories should show as header with toggles, not text box * fix(web-ui): Fix JSON parsing errors and default value loading for plugin configs - Fix JSON parsing errors when saving file upload fields by properly unescaping HTML entities - Merge config with schema defaults when loading plugin config so form shows default values - Improve default value handling in form generation for nested objects and arrays - Add better error handling for malformed JSON in file upload fields * fix(plugins): Return plugins array from getInstalledPlugins() instead of data object Fixed PluginAPI.getInstalledPlugins() to return response.data.plugins (array) instead of response.data (object). This was preventing window.installedPlugins from being set correctly, which caused plugin configuration tabs to not appear and prevented users from saving plugin configurations via the web UI. The fix ensures that: - window.installedPlugins is properly populated with plugin array - Plugin tabs are created automatically on page load - Configuration forms and save buttons are rendered correctly - Save functionality works as expected * fix(api): Support form data submission for plugin config saves The HTMX form submissions use application/x-www-form-urlencoded format instead of JSON. This update allows the /api/v3/plugins/config POST endpoint to accept both formats: - JSON: plugin_id and config in request body (existing behavior) - Form data: plugin_id from query string, config fields from form Added _parse_form_value helper to properly convert form strings to appropriate Python types (bool, int, float, JSON arrays/objects). * debug: Add form data logging to diagnose config save issue * fix(web): Re-discover plugins before loading config partial The plugin config partial was returning 'not found' for plugins because the plugin manifests weren't loaded. The installed plugins API was working because it calls discover_plugins() first. Changes: - Add discover_plugins() call in _load_plugin_config_partial when plugin info is not found on first try - Remove debug logging from form data handling * fix(web): Comprehensive plugin config save improvements SWEEPING FIX for plugin configuration saving issues: 1. Form data now MERGES with existing config instead of replacing - Partial form submissions (missing fields) no longer wipe out existing config values - Fixes plugins with complex schemas (football, clock, etc.) 2. Improved nested value handling with _set_nested_value helper - Correctly handles deeply nested structures like customization - Properly merges when intermediate objects already exist 3. Better JSON parsing for arrays - RGB color arrays like [255, 0, 0] now parse correctly - Parse JSON before trying number conversion 4. Bump cache version to force JS reload * fix(web): Add early stubs for updatePlugin and uninstallPlugin Ensures these functions are available immediately when the page loads, even before the full IIFE executes. Provides immediate user feedback and makes API calls directly. This fixes the 'Update button does not work' issue by ensuring the function is always defined and callable. * fix(web): Support form data in toggle endpoint The toggle endpoint now accepts both JSON and HTMX form submissions. Also updated the plugin config template to send the enabled state via hx-vals when the checkbox changes. Fixes: 415 Unsupported Media Type error when toggling plugins * fix(web): Prevent config duplication when toggling plugins Changed handleToggleResponse to update UI in place instead of refreshing the entire config partial, which was causing duplication. Also improved refreshPluginConfig with proper container targeting and concurrent refresh prevention (though it's no longer needed for toggles since we update in place). * fix(api): Schema-aware form value parsing for plugin configs Major fix for plugin config saving issues: 1. Load schema BEFORE processing form data to enable type-aware parsing 2. New _parse_form_value_with_schema() function that: - Converts comma-separated strings to arrays when schema says 'array' - Parses JSON strings for arrays/objects - Handles empty strings for arrays (returns [] instead of None) - Uses schema to determine correct number types 3. Post-processing to ensure None arrays get converted to empty arrays 4. Proper handling of nested object fields Fixes validation errors: - 'category_order': Expected type array, got str - 'categories': Expected type object, got str - 'uploaded_files': Expected type array, got NoneType - RGB color arrays: Expected type array, got str * fix(web): Make plugin config handlers idempotent and remove scripts from HTMX partials CRITICAL FIX for script redeclaration errors: 1. Removed all <script> tags from plugin_config.html partial - Scripts were being re-executed on every HTMX swap - Caused 'Identifier already declared' errors 2. Moved all handler functions to base.html with idempotent initialization - Added window.__pluginConfigHandlersInitialized guard - Functions only initialized once, even if script runs multiple times - All state stored on window object (e.g., window.pluginConfigRefreshInProgress) 3. Enhanced error logging: - Client-side: Logs form payload, response status, and parsed error details - Server-side: Logs raw form data and parsed config on validation failures 4. Functions moved to window scope: - toggleSection - handleConfigSave (with detailed error logging) - handleToggleResponse (updates UI in place, no refresh) - handlePluginUpdate - refreshPluginConfig (with duplicate prevention) - runPluginOnDemand - stopOnDemand - executePluginAction This ensures HTMX-swapped fragments only contain HTML, and all scripts run once in the base layout. * fix(api): Filter config to only schema-defined fields before validation When merging with existing_config, fields not in the plugin's schema (like high_performance_transitions, transition, dynamic_duration) were being preserved, causing validation failures when additionalProperties is false. Add _filter_config_by_schema() function to recursively filter config to only include fields defined in the schema before validation. This fixes validation errors like: - 'Additional properties are not allowed (high_performance_transitions, transition were unexpected)' * fix(web): Improve update plugin error handling and support form data 1. Enhanced updatePlugin JavaScript function: - Validates pluginId before sending request - Checks response.ok before parsing JSON - Better error logging with request/response details - Handles both successful and error responses properly 2. Update endpoint now supports both JSON and form data: - Similar to config endpoint, accepts plugin_id from query string or form - Better error messages and debug logging 3. Prevent duplicate function definitions: - Second updatePlugin definition checks if improved version exists - Both definitions now have consistent error handling Fixes: 400 BAD REQUEST 'Request body must be valid JSON' error * fix(web): Show correct 'update' message instead of 'save' for plugin updates The handlePluginUpdate function now: 1. Checks actual HTTP status code (not just event.detail.successful) 2. Parses JSON response to get server's actual message 3. Replaces 'save' with 'update' if message incorrectly says 'save' Fixes: Update button showing 'saved successfully' instead of 'updated successfully' * fix(web): Execute plugin updates immediately instead of queuing Plugin updates are now executed directly (synchronously) instead of being queued for async processing. This provides immediate feedback to users about whether the update succeeded or failed. Updates are fast git pull operations, so they don't need async processing. The operation queue is reserved for longer operations like install/uninstall. Fixes: Update button not actually updating plugins (operations were queued but users didn't see results) * fix(web): Ensure toggleSection function is always available for collapsible headers Moved toggleSection outside the initialization guard block so it's always defined, even if the plugin config handlers have already been initialized. This ensures collapsible sections in plugin config forms work correctly. Added debug logging to help diagnose if sections/icons aren't found. Fixes: Collapsible headers in plugin config schema not collapsing * fix(web): Improve toggleSection to explicitly show/hide collapsible content Changed from classList.toggle() to explicit add/remove of 'hidden' class based on current state. This ensures the content visibility is properly controlled when collapsing/expanding sections. Added better error checking and state detection for more reliable collapsible section behavior. * fix(web): Load plugin tabs on page load instead of waiting for plugin manager tab click The stub's loadInstalledPlugins was an empty function, so plugin tabs weren't loading until the plugin manager tab was clicked. Now the stub implementation: 1. Tries to use global window.loadInstalledPlugins if available 2. Falls back to window.pluginManager.loadInstalledPlugins 3. Finally falls back to direct loading via loadInstalledPluginsDirectly 4. Always updates tabs after loading plugins This ensures plugin navigation tabs are available immediately on page load. Fixes: Plugin tabs only loading after clicking plugin manager tab * fix(web): Ensure plugin navigation tabs load on any page regardless of active tab Multiple improvements to ensure plugin tabs are always visible: 1. Stub's loadInstalledPluginsDirectly now waits for DOM to be ready before updating tabs, using requestAnimationFrame for proper timing 2. Stub's init() now has a retry mechanism that periodically checks if plugins have been loaded by plugins_manager.js and updates tabs accordingly (checks for 2 seconds) 3. Full implementation's init() now properly handles async plugin loading and ensures tabs are updated after loading completes, checking window.installedPlugins first before attempting to load 4. Both stub and full implementation ensure tabs update using $nextTick to wait for Alpine.js rendering cycle This ensures plugin navigation tabs are visible immediately when the page loads, regardless of whether the user is on overview, plugin manager, or any other tab. Fixes: Plugin tabs only appearing after clicking plugin manager tab * fix(web): Fix restart display button not working The initPluginsPage function was returning early before event listeners were set up, making all the event listener code unreachable. Moved the return statement to after all event listeners are attached. This fixes the restart display button and all other buttons in the plugin manager (refresh plugins, update all, search, etc.) that depend on event listeners being set up. Fixes: Restart Display button not working in plugin manager * fix(web-ui): Improve categories field rendering for of-the-day plugin - Add more explicit condition checking for additionalProperties objects - Add debug logging specifically for categories field - Add fallback handler for objects that don't match special cases (render as JSON textarea) - Ensure categories section displays correctly with toggle cards instead of plain text * fix(install): Prevent following broken symlinks during file ownership setup - Add -P flag to find commands to prevent following symlinks when traversing - Add -h flag to chown to operate on symlinks themselves rather than targets - Exclude scripts/dev/plugins directory which contains development symlinks - Fixes error when chown tries to dereference broken symlinks with extra LEDMatrix in path * fix(scroll): Ensure scroll completes fully before switching displays - Add display_width to total scroll distance calculation - Scroll now continues until content is completely off screen - Update scroll completion check to use total_scroll_width + display_width - Prevents scroll from being cut off mid-way when switching to next display * fix(install): Remove unsupported -P flag from find commands - Remove -P flag which is not supported on all find versions - Keep -h flag on chown to operate on symlinks themselves - Change to {} \; syntax for better error handling - Add error suppression to continue on broken symlinks - Exclude scripts/dev/plugins directory to prevent traversal into broken symlinks * docs(wifi): Add trailing newline to WiFi AP failover setup guide * fix(web): Suppress non-critical socket errors and fix WiFi permissions script - Add error filtering in web interface to suppress harmless client disconnection errors - Downgrade 'No route to host' and broken pipe errors from ERROR to DEBUG level - Fix WiFi permissions script to use mktemp instead of manual temp file creation - Add cleanup trap to ensure temp files are removed on script exit - Resolves permission denied errors when creating temp files during installation * fix(web): Ensure plugin navigation tabs load on any page by dispatching events The issue was that when plugins_manager.js loaded and called loadInstalledPlugins(), it would set window.installedPlugins but the Alpine.js component wouldn't know to update its tabs unless the plugin manager tab was clicked. Changes: 1. loadInstalledPlugins() now always dispatches a 'pluginsUpdated' event when it sets window.installedPlugins, not just when plugin IDs change 2. renderInstalledPlugins() also dispatches the event and always updates window.installedPlugins for reactivity 3. Cached plugin data also dispatches the event when returned The Alpine component already listens for the 'pluginsUpdated' event in its init() method, so tabs will now update immediately when plugins are loaded, regardless of which tab is active. Fixes: Plugin navigation tabs only loading after clicking plugin manager tab * fix(web): Improve input field contrast in plugin configuration forms Changed input backgrounds from bg-gray-800 to bg-gray-900 (darker) to ensure high contrast with white text. Added placeholder:text-gray-400 for better placeholder text visibility. Updated in both server-side template (plugin_config.html) and client-side form generation (plugins_manager.js): - Number inputs - Text inputs - Array inputs (comma-separated) - Select dropdowns - Textareas (JSON objects) - Fallback inputs without schema This ensures all form inputs have high contrast white text on dark background, making them clearly visible and readable. Fixes: White text on white background in plugin config inputs * fix(web): Change plugin config input text from white to black Changed all input fields in plugin configuration forms to use black text on white background instead of white text on dark background for better readability and standard form appearance. Updated: - Input backgrounds: bg-gray-900 -> bg-white - Text color: text-white -> text-black - Placeholder color: text-gray-400 -> text-gray-500 Applied to both server-side template and client-side form generation for all input types (number, text, select, textarea). * fix(web): Ensure toggleSection function is available for plugin config collapsible sections Moved toggleSection function definition to an early script block so it's available immediately when HTMX loads plugin configuration content. The function was previously defined later in the page which could cause it to not be accessible when inline onclick handlers try to call it. The function toggles the 'hidden' class on collapsible section content divs and rotates the chevron icon between right (collapsed) and down (expanded) states. Fixes: Plugin configuration section headers not collapsing/expanding * fix(web): Fix collapsible section toggle to properly hide/show content Updated toggleSection function to explicitly set display style in addition to toggling the hidden class. This ensures the content is properly hidden even if CSS specificity or other styles might interfere with just the hidden class. The function now: - Checks both the hidden class and computed display style - Explicitly sets display: '' when showing and display: 'none' when hiding - Rotates chevron icon between right (collapsed) and down (expanded) This ensures collapsible sections in plugin configuration forms properly hide and show their content when the header is clicked. Fixes: Collapsible section headers rotate chevron but don't hide content * fix(web): Fix collapsible section toggle to work on first click Simplified the toggle logic to rely primarily on the 'hidden' class check rather than mixing it with computed display styles. When hiding, we now remove any inline display style to let Tailwind's 'hidden' class properly control the display property. This ensures sections respond correctly on the first click, whether they're starting in a collapsed or expanded state. Fixes: Sections requiring 2 clicks to collapse * fix(web): Ensure collapsible sections start collapsed by default Added explicit display: none style to nested content divs in plugin config template to ensure they start collapsed. The hidden class should handle this, but adding the inline style ensures sections are definitely collapsed on initial page load. Sections now: - Start collapsed (hidden) with chevron pointing right - Expand when clicked (chevron points down) - Collapse when clicked again (chevron points right) This ensures a consistent collapsed initial state across all plugin configuration sections. * fix(web): Fix collapsible section toggle to properly collapse on second click Fixed the toggle logic to explicitly set display: block when showing and display: none when hiding, rather than clearing the display style. This ensures the section state is properly tracked and the toggle works correctly on both expand and collapse clicks. The function now: - When hidden: removes hidden class, sets display: block, chevron down - When visible: adds hidden class, sets display: none, chevron right This fixes the issue where sections would expand but not collapse again. Fixes: Sections not collapsing on second click * feat(web): Ensure plugin navigation tabs load automatically on any page Implemented comprehensive solution to ensure plugin navigation tabs load automatically without requiring a visit to the plugin manager page: 1. Global event listener for 'pluginsUpdated' - works even if Alpine isn't ready yet, updates tabs directly when plugins_manager.js loads plugins 2. Enhanced stub's loadInstalledPluginsDirectly(): - Sets window.installedPlugins after loading - Dispatches 'pluginsUpdated' event for global listener - Adds console logging for debugging 3. Event listener in stub's init() method: - Listens for 'pluginsUpdated' events - Updates component state and tabs when events fire 4. Fallback timer: - If plugins_manager.js hasn't loaded after 2 seconds, fetches plugins directly via API - Ensures tabs appear even if plugins_manager.js fails 5. Improved checkAndUpdateTabs(): - Better logging - Fallback to direct fetch after timeout 6. Enhanced logging throughout plugin loading flow for debugging This ensures plugin tabs are visible immediately on page load, regardless of which tab is active or when plugins_manager.js loads. Fixes: Plugin navigation tabs only loading after visiting plugin manager * fix(web): Improve plugin tabs update logging and ensure immediate execution Enhanced logging in updatePluginTabs() and _doUpdatePluginTabs() to help debug why tabs aren't appearing. Changed debounce behavior to execute immediately on first call to ensure tabs appear quickly. Added detailed console logging with [FULL] prefix to track: - When updatePluginTabs() is called - When _doUpdatePluginTabs() executes - DOM element availability - Tab creation process - Final tab count This will help identify if tabs are being created but not visible, or if the update function isn't being called at all. Fixes: Plugin tabs loading but not visible in navigation bar * fix(web): Prevent duplicate plugin tab updates and clearing Added debouncing and duplicate prevention to stub's updatePluginTabs() to prevent tabs from being cleared and re-added multiple times. Also checks if tabs already match before clearing them. Changes: 1. Debounce stub's updatePluginTabs() with 100ms delay 2. Check if existing tabs match current plugin list before clearing 3. Global event listener only triggers full implementation's updatePluginTabs 4. Stub's event listener only works in stub mode (before enhancement) This prevents the issue where tabs were being cleared and re-added multiple times in rapid succession, which could leave tabs empty. Fixes: Plugin tabs being cleared and not re-added properly * fix(web): Fix plugin tabs not rendering when plugins are loaded Fixed _doUpdatePluginTabs() to properly use component's installedPlugins instead of checking window.installedPlugins first. Also fixed the 'unchanged' check to not skip when both lists are empty (first load scenario). Changes: 1. Check component's installedPlugins first (most up-to-date) 2. Only skip update if plugins exist AND match (don't skip empty lists) 3. Retry if no plugins found (in case they're still loading) 4. Ensure window.installedPlugins is set when loading directly 5. Better logging to show which plugin source is being used This ensures tabs are rendered when plugins are loaded, even on first page load. Fixes: Plugin tabs not being drawn despite plugins being loaded * fix(config): Fix array field parsing and validation for plugin config forms - Added logic to detect and combine indexed array fields (text_color.0, text_color.1, etc.) - Fixed array fields incorrectly stored as dicts with numeric keys - Improved handling of comma-separated array values from form submissions - Ensures array fields meet minItems requirements before validation - Resolves 400 BAD REQUEST errors when saving plugin config with RGB color arrays * fix(config): Improve array field handling and secrets error handling - Use schema defaults when array fields don't meet minItems requirement - Add debug logging for array field parsing - Improve error handling for secrets file writes - Fix arrays stored as dicts with numeric keys conversion - Better handling of incomplete array values from form submissions * fix(config): Convert array elements to correct types (numbers not strings) - Fix array element type conversion when converting dicts to arrays - Ensure RGB color arrays have integer elements, not strings - Apply type conversion for both nested and top-level array fields - Fixes validation errors: 'Expected type number, got str' * fix(config): Fix array fields showing 'none' when value is null - Handle None/null values in array field templates properly - Use schema defaults when array values are None/null - Fix applies to both Jinja2 template and JavaScript form generation - Resolves issue where stock ticker plugin shows 'none' instead of default values * fix(config): Add novalidate to plugin config form to prevent HTML5 validation blocking saves - Prevents browser HTML5 validation from blocking form submission - Allows custom validation logic to handle form data properly - Fixes issue where save button appears unclickable due to invalid form controls - Resolves problems with plugins like clock-simple that have nested/array fields * feat(config): Add helpful form validation with detailed error messages - Keep HTML5 validation enabled (removed novalidate) to prevent broken configs - Add validatePluginConfigForm function that shows which fields fail and why - Automatically expands collapsed sections containing invalid fields - Focuses first invalid field and scrolls to it - Shows user-friendly error messages with field names and specific issues - Prevents form submission until all fields are valid * fix(schema): Remove core properties from required array during validation - Core properties (enabled, display_duration, live_priority) are system-managed - SchemaManager now removes them from required array after injection - Added default values for core properties (enabled=True, display_duration=15, live_priority=False) - Updated generate_default_config() to ensure live_priority has default - Resolves 186 validation issues, reducing to 3 non-blocking warnings (98.4% reduction) - All 19 of 20 plugins now pass validation without errors Documentation: - Created docs/PLUGIN_CONFIG_CORE_PROPERTIES.md explaining core property handling - Updated existing docs to reflect core property behavior - Removed temporary audit files and scripts * fix(ui): Improve button text contrast on white backgrounds - Changed Screenshot button text from text-gray-700 to text-gray-900 - Added global CSS rule to ensure all buttons with white backgrounds use dark text (text-gray-900) for better readability - Fixes contrast issues where light text on light backgrounds was illegible * fix(ui): Add explicit text color to form-control inputs - Added color: #111827 to .form-control class to ensure dark text on white backgrounds - Fixes issue where input fields had white text on white background after button contrast fix - Ensures all form inputs are readable with proper contrast * docs: Update impact explanation and plugin config documentation * docs: Improve documentation and fix template inconsistencies - Add migration guide for script path reorganization (scripts moved to scripts/install/ and scripts/fix_perms/) - Add breaking changes section to README with migration guidance - Fix config template: set plugins_directory to 'plugins' to match actual plugin locations - Fix test template: replace Jinja2 placeholders with plain text to match other templates - Fix markdown linting: add language identifiers to code blocks (python, text, javascript) - Update permission guide: document setgid bit (0o2775) for directory modes - Fix example JSON: pin dependency versions and fix compatible_versions range - Improve readability: reduce repetition in IMPACT_EXPLANATION.md * feat(web): Make v3 interface production-ready for local deployment - Phase 2: Real Service Integration - Replace sample data with real psutil system monitoring (CPU, memory, disk, temp, uptime) - Integrate display controller to read from /tmp/led_matrix_preview.png snapshot - Scan assets/fonts directory and extract font metadata with freetype - Phase 1: Security & Input Validation - Add input validation module with URL, file upload, and config sanitization - Add optional CSRF protection (gracefully degrades if flask-wtf missing) - Add rate limiting (lenient for local use, prevents accidental abuse) - Add file upload validation to font upload endpoint - Phase 3: Error Handling - Add global error handlers for 404, 500, and unhandled exceptions - All endpoints have comprehensive try/except blocks - Phase 4: Monitoring & Observability - Add structured logging with JSON format support - Add request logging middleware (tracks method, path, status, duration, IP) - Add /api/v3/health endpoint with service status checks - Phase 5: Performance & Caching - Add in-memory caching system (separate module to avoid circular imports) - Cache font catalog (5 minute TTL) - Cache system status (10 second TTL) - Invalidate cache on config changes - All changes are non-blocking with graceful error handling - Optional dependencies (flask-wtf, flask-limiter) degrade gracefully - All imports protected with try/except blocks - Verified compilation and import tests pass * docs: Fix caching pattern logic flaw and merge conflict resolution plan - Fix Basic Caching Pattern: Replace broken stale cache fallback with correct pattern - Re-fetch cache with large max_age (31536000) in except block instead of checking already-falsy cached variable - Fixes both instances in ADVANCED_PLUGIN_DEVELOPMENT.md - Matches correct pattern from manager.py.template - Fix MERGE_CONFLICT_RESOLUTION_PLAN.md merge direction - Correct Step 1 to checkout main and merge plugins into it (not vice versa) - Update commit message to reflect 'Merge plugins into main' direction - Fixes workflow to match documented plugins → main merge --------- Co-authored-by: Chuck <chuck@example.com>	2025-12-27 14:15:49 -05:00

6 Commits