Hammer
061618cfab
Some checks failed
CI/CD / test (push) Has been cancelled
CI/CD / deploy (push) Has been cancelled
Security Scan / SAST - Semgrep (push) Has been cancelled
Security Scan / Dependency Scan - Trivy (push) Has been cancelled
Security Scan / Secret Detection - Gitleaks (push) Has been cancelled
Phase 1: OWASP API Top 10 per API with real findings from code inspection - Hammer Dashboard, Network App, Todo App, nKode all audited against 10 OWASP risks - Per-API scorecards with visual grid, color-coded by status Phase 2: Full security checklist - 9 categories: Auth, Authz, Input Validation, Transport, Rate Limiting, etc - Interactive checklist UI with click-to-cycle status - Per-project checklist with progress tracking - Comprehensive category audits (Auth, Data Protection, Logging, Infrastructure, etc) Phase 3: Automated pipeline - Semgrep SAST, Trivy dependency scan, Gitleaks secret detection - Gitea Actions CI workflow (security-scan.yml) - Scan results stored in DB and displayed in dashboard Phase 4: Dashboard polish - Overall security posture score with weighted calculation - Score trend charts (SVG) with 7-day history - Critical findings highlight section - Score history snapshots API - Tab-based navigation (Overview, Checklist, per-project) New DB tables: security_score_history, security_checklist, security_scan_results Seed data populated from real code review of all repos
🔨 Hammer Queue
Task queue dashboard for Hammer (AI assistant). Lets Donovan see what Hammer is working on, what's queued, and control task ordering.
Stack
- Frontend: React + Vite + TypeScript + Tailwind CSS
- Backend: Elysia + Bun + TypeScript
- Database: PostgreSQL + Drizzle ORM
- Deploy: Docker Compose / Dokploy
Quick Start (Local Dev)
# Start Postgres
docker compose up db -d
# Backend
cd backend
cp .env.example .env
bun install
bun run db:push
bun run dev
# Frontend (separate terminal)
cd frontend
bun install
bun run dev
Docker
docker compose up --build
Frontend: http://localhost:8080 Backend API: http://localhost:3100
API
Public (no auth)
GET /api/tasks- List all tasks (sorted: active → queued → blocked → completed)GET /health- Health check
Authenticated (Bearer token)
POST /api/tasks- Create taskPATCH /api/tasks/:id- Update task (status, priority, etc.)POST /api/tasks/:id/notes- Add progress notePATCH /api/tasks/reorder- Reorder queued tasks{ ids: string[] }DELETE /api/tasks/:id- Delete task
Example: Hammer creates a task
curl -X POST http://localhost:3100/api/tasks \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{"title": "Build task queue dashboard", "source": "donovan", "priority": "high"}'
Example: Hammer updates status
curl -X PATCH http://localhost:3100/api/tasks/$TASK_ID \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{"status": "active"}'
Example: Add progress note
curl -X POST http://localhost:3100/api/tasks/$TASK_ID/notes \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{"note": "Scaffolded backend, working on frontend now"}'
Environment Variables
| Variable | Description | Default |
|---|---|---|
DATABASE_URL |
Postgres connection string | postgres://hammer_queue:hammer_queue@localhost:5432/hammer_queue |
API_BEARER_TOKEN |
Bearer token for write API | hammer-dev-token |
PORT |
Backend port | 3100 |