docs: sync website + README + wizard guide + changelog with new features

docs/index.html (kportal.raczylo.com):
  - Features grid gains Bulk Generate, Sensitive Header Redaction,
    Verified Installer cards; Headless card subtext clarified to
    'logs to stderr'.
  - Keybindings: 'a' -> 'n' for Add (matches real binding).
  - Quick Install card notes SHA-256 + optional cosign verification
    and DRY_RUN / SKIP_COSIGN env vars.
  - New Bulk Generate usage tile with --dry-run hint; Headless tile
    redirects stderr.
  - HTTP Traffic Logging card mentions automatic header redaction
    and the wizard 'h' toggle.

README.md:
  - install.sh note expanded with DRY_RUN/SKIP_COSIGN table.
  - HTTP Traffic Logging section gains 'Toggling per-forward
    logging', 'Header redaction', and 'Advanced configuration'
    examples.
  - Headless mode clarified to log to stderr (2>kportal.log).
  - Troubleshooting note on accepted context-name characters.

WIZARD_USAGE.md:
  - Add binding corrected from 'a' to 'n'; 'e' (edit) row added.
  - 'h' httpLog toggle and Tab focus switch documented.
  - New 'Edit Forward Wizard' section noting same-port allowed and
    advanced httpLog preserved.
  - Esc-cancels-delete behaviour clarified.

CHANGELOG.md: [Unreleased] populated with Added / Changed / Fixed
entries for this session's user-facing work, dated 2026-05-06.

.kportal.yaml example: inline 'httpLog: true' comment on one
forward as a usage hint.
This commit is contained in:
2026-05-06 15:03:35 +01:00
parent 0c11838326
commit 62483f9475
5 changed files with 136 additions and 14 deletions
+18 -1
View File
@@ -5,7 +5,24 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [Unreleased]
## [Unreleased] - 2026-05-06
### Added
- `kportal generate --context=NAME [--config=PATH] [--dry-run]` subcommand for interactive bulk-add of forwards from a cluster. Walks namespace multi-select, service multi-select, and starting-port input; assigns consecutive local ports; emits one forward per port for multi-port services. Non-TCP ports are skipped and already-configured services are greyed out.
- HTTP log toggle in the add/edit wizard. Pressing `h` on the confirmation step toggles `httpLog: true/false` for the forward being added or edited. Advanced `httpLog` configuration set in YAML (`logFile`, `includeHeaders`, `maxBodySize`, `filterPath`) is preserved across edits.
- HTTP log header redaction. When `httpLog.includeHeaders: true`, sensitive headers (`Authorization`, `Cookie`, `Set-Cookie`, `X-Api-Key`, `X-Auth-Token`, `X-Csrf-Token`, `Proxy-Authorization`, `X-Access-Token`, plus any header whose name contains `token`/`secret`/`password`/`apikey`) have their values replaced with `[REDACTED]`. The header name is preserved. Always on, no opt-out.
- `install.sh` SHA-256 checksum verification. Every install verifies the downloaded archive against the release's `checksums.txt`. If `cosign` is on `PATH`, the checksums file's keyless cosign signature is also verified against the shared-actions reusable workflow identity. Set `DRY_RUN=1` to preview, `SKIP_COSIGN=1` to bypass cosign.
### Changed
- Headless mode (`kportal -headless`) now sends both structured and stdlib logs to stderr by default instead of `io.Discard`. `-v` still controls level (debug vs info), not destination.
- Context-name validator now permits common kubeconfig identifiers containing `@`, `.`, `:`, or `/` (e.g. `admin@home`, `user@cluster.example.com`, GKE dotted names, EKS ARNs).
- Edit-mode wizard now allows keeping the same local port. The port-availability check no longer rejects a forward's own port when editing it.
### Fixed
- `Esc` in the delete-confirmation dialog now cancels instead of confirming deletion (previously a data-loss bug).
- `Manager.Stop()` is now idempotent. Sequential or concurrent double-Stop no longer panics.
- Cosign cert-identity is now pinned to the actual signing workflow (`lukaszraczylo/shared-actions/.github/workflows/go-release.yaml@refs/heads/main`); previously cosign verification always failed.
- Internal concurrency races in the forward manager (`currentConfig` access under lock, `rest.Config` copied before mutation, `ForwardWorker.Stop` wrapped in `sync.Once`, `Reload` no longer kills the health checker). No user-visible flag, but resolves panics some users hit.
## [0.1.5] - 2025-11-23