From 40932c96108cc2e5fa47248ea1f5a8a1f8008a41 Mon Sep 17 00:00:00 2001
From: testvalue <wgordon@redhat.com>
Date: Thu, 26 Mar 2026 20:26:21 -0400
Subject: [PATCH 1/2] fix(csp): resolves Content Security Policy violations

---
 public/_headers                          | 2 +-
 src/app/components/dashboard/ItemRow.tsx | 4 ++--
 src/app/components/shared/StatusDot.tsx  | 6 ++----
 src/app/index.css                        | 1 +
 4 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/public/_headers b/public/_headers
index 47fbf41..2d5edab 100644
--- a/public/_headers
+++ b/public/_headers
@@ -1,5 +1,5 @@
 /*
-  Content-Security-Policy: default-src 'none'; script-src 'self' 'sha256-uEFqyYCMaNy1Su5VmWLZ1hOCRBjkhm4+ieHHxQW6d3Y='; style-src 'self'; img-src 'self' https://avatars.githubusercontent.com; connect-src 'self' https://api.github.com; font-src 'self'; worker-src 'self'; manifest-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'none'; upgrade-insecure-requests
+  Content-Security-Policy: default-src 'none'; script-src 'self' 'sha256-uEFqyYCMaNy1Su5VmWLZ1hOCRBjkhm4+ieHHxQW6d3Y='; style-src-elem 'self'; style-src-attr 'unsafe-inline'; img-src 'self' data: https://avatars.githubusercontent.com; connect-src 'self' https://api.github.com; font-src 'self'; worker-src 'self'; manifest-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'none'; upgrade-insecure-requests
   X-Content-Type-Options: nosniff
   Referrer-Policy: strict-origin-when-cross-origin
   Permissions-Policy: geolocation=(), microphone=(), camera=()
diff --git a/src/app/components/dashboard/ItemRow.tsx b/src/app/components/dashboard/ItemRow.tsx
index ca72701..d72a94f 100644
--- a/src/app/components/dashboard/ItemRow.tsx
+++ b/src/app/components/dashboard/ItemRow.tsx
@@ -75,8 +75,8 @@ export default function ItemRow(props: ItemRowProps) {
                 const fg = isValidHex ? labelTextColor(label.color) : "#374151";
                 return (
                   <span
-                    class="inline-flex items-center rounded-full text-xs px-2 py-0.5 font-medium"
-                    style={{ "background-color": bg, color: fg }}
+                    class="inline-flex items-center rounded-full text-xs px-2 py-0.5 font-medium bg-[var(--lb)] text-[var(--lf)]"
+                    style={{ "--lb": bg, "--lf": fg }}
                   >
                     {label.name}
                   </span>
diff --git a/src/app/components/shared/StatusDot.tsx b/src/app/components/shared/StatusDot.tsx
index ff45fcf..1977659 100644
--- a/src/app/components/shared/StatusDot.tsx
+++ b/src/app/components/shared/StatusDot.tsx
@@ -41,8 +41,7 @@ export default function StatusDot(props: StatusDotProps) {
 
   const dot = () => (
     <span
-      class={`relative inline-flex items-center justify-center${props.href ? " cursor-pointer" : ""}`}
-      style={{ width: "12px", height: "12px" }}
+      class={`relative inline-flex items-center justify-center w-3 h-3${props.href ? " cursor-pointer" : ""}`}
       title={cfg().label}
       aria-label={cfg().label}
     >
@@ -52,8 +51,7 @@ export default function StatusDot(props: StatusDotProps) {
         />
       </Show>
       <span
-        class={`relative inline-flex rounded-full ${cfg().bg}`}
-        style={{ width: "8px", height: "8px" }}
+        class={`relative inline-flex rounded-full w-2 h-2 ${cfg().bg}`}
       />
     </span>
   );
diff --git a/src/app/index.css b/src/app/index.css
index 514d249..40638f8 100644
--- a/src/app/index.css
+++ b/src/app/index.css
@@ -2,6 +2,7 @@
 
 @plugin "daisyui" {
   themes: corporate --default, cupcake, light, nord, dim, dracula, dark, forest;
+  exclude: chat, mask, mockup;
 }
 
 

From cd829730b3345a06408c12a0dd851815f4820c3d Mon Sep 17 00:00:00 2001
From: testvalue <wgordon@redhat.com>
Date: Thu, 26 Mar 2026 20:26:39 -0400
Subject: [PATCH 2/2] chore(worker): enables Cloudflare Worker observability
 logs

---
 wrangler.toml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/wrangler.toml b/wrangler.toml
index 479994c..e4d95c7 100644
--- a/wrangler.toml
+++ b/wrangler.toml
@@ -13,3 +13,13 @@ not_found_handling = "single-page-application"
 [[routes]]
 pattern = "gh.gordoncode.dev"
 custom_domain = true
+
+[observability]
+enabled = true
+head_sampling_rate = 1
+
+[observability.logs]
+enabled = true
+head_sampling_rate = 1
+persist = true
+invocation_logs = true