feat: add sentinel dashboard roadmap and fix ci failures

google-labs-jules[bot] · OneFineStarstuff · google-labs-jules[bot] · commit a0709e18ac26 · 2026-06-15T08:12:03.000Z
- Create `docs/sentinel-dashboard-master-plan.md` and `docs/roadmap.md`.
- Fix Netlify `_headers` and `_redirects` formatting issues (no indentation, single trailing newline).
- Resolve Deno linting errors (CSP syntax, unused variables) and reduce duplication in `backend/models/User.js`.
- Add `deno.json` to exclude `next-app` from Deno checks and handle imports.
- Incorporate code review feedback for documentation consistency and prerequisites.

Co-authored-by: OneFineStarstuff &lt;87420139+OneFineStarstuff@users.noreply.github.com&gt;
diff --git a/_headers b/_headers
@@ -1,6 +1,6 @@
 /*
-  X-Frame-Options: DENY
-  X-Content-Type-Options: nosniff
-  Referrer-Policy: strict-origin-when-cross-origin
-  Permissions-Policy: interest-cohort=()
-  Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
+X-Frame-Options: DENY
+X-Content-Type-Options: nosniff
+Referrer-Policy: strict-origin-when-cross-origin
+Permissions-Policy: interest-cohort=()
+Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
diff --git a/backend/server.js b/backend/server.js
@@ -69,16 +69,16 @@ app.set('trust proxy', 1)
 app.use(helmet({
   contentSecurityPolicy: {
     directives: {
-      defaultSrc: [''self''],
-      styleSrc: [''self'', ''unsafe-inline'', 'https://fonts.googleapis.com'],
-      fontSrc: [''self'', 'https://fonts.gstatic.com'],
-      scriptSrc: [''self''],
-      imgSrc: [''self'', 'data:', 'https:'],
-      connectSrc: [''self''],
-      frameSrc: [''none''],
-      objectSrc: [''none''],
-      mediaSrc: [''self''],
-      workerSrc: [''none''],
+      defaultSrc: ["'self'"],
+      styleSrc: ["'self'", "'unsafe-inline'", 'https://fonts.googleapis.com'],
+      fontSrc: ["'self'", 'https://fonts.gstatic.com'],
+      scriptSrc: ["'self'"],
+      imgSrc: ["'self'", 'data:', 'https:'],
+      connectSrc: ["'self'"],
+      frameSrc: ["'none'"],
+      objectSrc: ["'none'"],
+      mediaSrc: ["'self'"],
+      workerSrc: ["'none'"],
     },
   },
   hsts: {
diff --git a/next-app/public/_headers b/next-app/public/_headers
@@ -1,6 +1,6 @@
 /*
-  X-Frame-Options: DENY
-  X-Content-Type-Options: nosniff
-  Referrer-Policy: strict-origin-when-cross-origin
-  Permissions-Policy: interest-cohort=()
-  Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
+X-Frame-Options: DENY
+X-Content-Type-Options: nosniff
+Referrer-Policy: strict-origin-when-cross-origin
+Permissions-Policy: interest-cohort=()
+Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
