Reliability improvements to PostgreSQL plugin and performance improvements to SHIELD auth flow#794
Merged
wayneeseguin merged 18 commits intoshieldproject:v10.0.0from Mar 27, 2026
Merged
Conversation
Introduces a checkRestorePermissions function to verify that the user has sufficient privileges before starting a restore operation. This helps prevent restore failures due to inadequate permissions by checking for superuser status or database creation rights.
Introduces a new 'pg_skip_permission_check' boolean field to allow skipping upfront permission validation during restore. This is useful for advanced users who understand the risks and want to bypass permission checks, with appropriate warnings in the help text. The PostgresConnectionInfo struct and related logic are updated to support this option.
Corrected the method call to BooleanValueDefault for 'pg_skip_permission_check' in plugin.go and made minor formatting improvements. Added the postgres.exe binary to the repository.
Added a preliminary authentication check via bearings API before attempting to connect to the WebSocket. Refactored code to fetch and process bearings data only once, improving efficiency by rejecting subscription if authentication fails.
Refactored WebSocket handling to add a dedicated _reconnect method that validates authentication before reconnecting. Bearings data is now only processed on initial connection, not on reconnection, preventing redundant state updates.
Improves logic for processing bearings data on initial connection versus reconnection. On initial connection, all bearings data is cleared and reloaded; on reconnection, only core authentication data and grants are updated. Also fixes passing of bearings data during reconnection.
tristanpoland
changed the title
krutten
approved these changes
Aug 20, 2025
Contributor
krutten
left a comment
krutten
left a comment
There was a problem hiding this comment.
Reviewed Changes.
PostgreSQL changes will need validation in upgrade environments but look correct
Add a local docker-compose stack and developer config, improve build flow, and modernize the UI styles. Files added: docker-compose.local.yml (local stack: vault/core/agent/webdav/demo) and .claude/settings.local.json; .gitignore updated to ignore /.vscode. Dockerfile: bump Go to 1.23 and run go mod tidy + go mod vendor before building. Makefile: add JOBS, more robust plugin build (fallback to module mode), safer demo target, and new demo-local / dev-local targets to run the local stack. Major rewrite of web/htdocs/shield.css to a modern dark/light theme using CSS variables, layout improvements, responsive tweaks and refreshed components.
Introduce a collapsible story-sidebar: include FontAwesome solid icons, restructure sidebar nav items to show icons + labels, and add a toggle button in index.html. Add JS handlers in events.js to toggle collapse state and persist it to localStorage, and restore persisted state on startup in shield.js. Add CSS in shield.css for collapsed/expanded styles, transitions, toggle button, and adjustments to footer and pane widths to support the compact sidebar.
Change index.html labels from "MacOS (M1)" to "MacOS (Apple Silicon)". Major CSS updates to top-bar and account UX in shield.css: set title widths and truncation, add styled account button and dropdown/flyout (menu, header, divider, item states, current-tenant styling), adjust top-bar spacing, move sidebar down (top/height calc) and tweak sidebar-toggle position, and remove an unused selector. These changes improve account menu usability and layout spacing.
Allow the top-bar dropdown to escape the bar and improve the sidebar toggle positioning and visuals. Removed overflow:hidden on table so dropdowns can escape, converted .top-bar .flyout from absolute to fixed (top:48px, min-width:260px) and adjusted its right positioning. Made the sidebar toggle fixed to the viewport and centered on the sidebar right edge / navbar bottom (computed left/top values), changed background to --bg-secondary, increased z-index to sit between sidebar and top-bar, refined transitions, added box-shadow, and consolidated collapsed-state selectors to use body.sidebar-collapsed. Also added a smooth icon rotation transition. These changes fix clipping issues and provide more stable, consistent positioning and styling for the toggle and flyout.
Add a light/dark theme toggle and apply persisted theme before first paint to avoid a flash. Introduce a top-bar inline navigation rendered for authenticated users (remove duplicated nav markup), and add a theme-toggle button with JS to toggle data-theme and store the choice in a cookie. Update CSS to style the new top-nav, compact the LOCKED banner into a compact, responsive inline warning, adjust sidebar-toggle positioning, and refine related layout/spacing for header/account link. Changes touch index.html, js/events.js (theme toggle handler + init script), and shield.css (navigation, theme toggle, locked state and layout tweaks).
Add bg.jpg asset and update shield.css to use it as the .hud background (cover, centered, no-repeat). Add a semi-opaque overlay (::before) to preserve card readability with a light-theme variant, and ensure .hud children are positioned above the overlay via relative positioning and z-index.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request introduces several important improvements across the codebase, focusing on enhanced plugin functionality, improved developer workflows, and updates for compatibility and security. The most significant changes include adding permission checks and a skip option for the Postgres plugin, updating the S3 plugin to use the more secure IMDSv2 for instance profile credentials, and providing new Docker Compose setups for local development. There are also updates to the build process and minor UI enhancements.
Plugin Enhancements
pg_skip_permission_checkoption allowing users to bypass the check if needed. This helps prevent confusing restore failures due to insufficient privileges, while still allowing flexibility for advanced users. [1] [2] [3] [4] [5] [6]Developer Workflow Improvements
docker-compose.local.ymlfile and correspondingdemo-local/dev-localMakefile targets for easy local development and testing with all core components and dependencies. [1] [2]Makefileto provide clearer plugin build messages and fallback logic, and enhanced demo/development targets for a smoother local developer experience. [1] [2]Build and Dependency Updates
Dockerfilefrom 1.21 to 1.23 and ensured dependencies are tidied and vendored before building, improving compatibility and reproducibility. [1] [2]VERSIONvariable to the.envfile for consistent versioning in builds.Security and Permissions
.claude/settings.local.jsonto explicitly allow Bash and Python3 commands for local automation or testing purposes.User Interface Improvements