A modern, secure web application for monitoring Azure DevOps activity across your organization. Get a unified, real-time feed of pull requests and work items from all your projects in one place.

• Unified Feed: View pull requests and work items from all projects in a single timeline
• Real-time Updates: Automatic refresh with background caching for offline access
• Smart Filtering: Filter by type, project, person, work item type, PR status, or search
• Customizable Time Range: From last hour to all-time activity
• Personal Notes: Add private notes to any PR or work item
• Pin & Save: Pin important items and save for later review

• ✅ Comprehensive Input Validation with Zod schemas
• ✅ Content Security Policy and security headers (HSTS, X-Frame-Options, etc.)
• ✅ CSRF Protection on all API endpoints
• ✅ Client-side Rate Limiting to prevent abuse
• ✅ Error Sanitization to prevent information leakage
• ✅ Request Timeouts to prevent hanging connections
• ✅ WIQL Injection Prevention for work item queries
• ✅ Zero Dependencies Vulnerabilities

• 🎨 Beautiful, responsive UI built with Tailwind CSS
• 🚀 Fast performance with Next.js 16 and Turbopack
• 💾 Offline-capable with localStorage caching
• 📱 Mobile-friendly responsive design
• 🔔 New item notifications with visual indicators
• 📊 Activity statistics and metrics

• Node.js 20+
• npm or yarn
• Azure DevOps Personal Access Token with read permissions

# Clone the repository
git clone <your-repo-url>
cd azdonewsfeed

# Install dependencies
npm install

# Run development server
npm run dev

Open http://localhost:3000 in your browser.

1. Click Settings in the navigation
2. Enter your Azure DevOps Organization name
3. Create a Personal Access Token (PAT) with these scopes:
   • Code: Read (for pull requests)
   • Work Items: Read (for work items)
4. Configure your preferences:
   • Time range (e.g., last 7 days or all time)
   • Projects to monitor (specific projects or all)
   • Fetch limits for PRs and work items
5. Click Test Connection to verify
6. Click Save to start monitoring

This application takes security seriously. See SECURITY.md for comprehensive documentation.

⚠️ PAT Storage: Your Personal Access Token is stored in browser localStorage. This is suitable for development but has limitations:

• Only use read-only PATs with minimal permissions
• Never use admin or write permissions
• Your PAT is only sent to Azure DevOps APIs, never to third parties
• Use only on trusted devices

• All traffic forced over HTTPS
• Comprehensive Content Security Policy
• Input validation on all user inputs
• Rate limiting to prevent API abuse
• CSRF protection on all POST endpoints
• Sanitized error messages

# Run all tests
npm test

# Run tests in watch mode
npm run test:watch

# Run tests with coverage
npm run test:coverage

Test Coverage: 43 tests covering security features, validation, rate limiting, and UI components.

azdonewsfeed/
├── src/
│   ├── app/                 # Next.js app router pages
│   │   ├── api/            # API routes
│   │   ├── settings/       # Settings page
│   │   └── page.tsx        # Home page
│   ├── components/         # React components
│   │   ├── FeedShell.tsx   # Main feed component
│   │   ├── PostCard.tsx    # Feed item card
│   │   └── DetailPanel.tsx # Detail sidebar
│   └── lib/                # Utilities and libraries
│       ├── azdo.ts         # Azure DevOps API client
│       ├── validation.ts   # Input validation schemas
│       ├── ratelimit.ts    # Rate limiting utility
│       └── types.ts        # TypeScript types
├── __tests__/              # Test files
├── SECURITY.md             # Security documentation
└── package.json

• Framework: Next.js 16 with App Router
• Language: TypeScript 5
• Styling: Tailwind CSS 4
• Validation: Zod
• Testing: Jest + React Testing Library
• Build Tool: Turbopack

npm run dev          # Start development server
npm run build        # Build for production
npm run start        # Start production server
npm run lint         # Run ESLint
npm test             # Run tests
npm run test:watch   # Run tests in watch mode
npm run test:coverage # Run tests with coverage

• Development Teams: Monitor PR activity across all repositories
• Project Managers: Track work item progress in real-time
• DevOps Engineers: Unified view of development and operations activity
• Team Leads: Stay informed on team contributions and blockers
• Individual Developers: Follow work that matters to you

Contributions are welcome! Please ensure:

• All tests pass (npm test)
• Code follows TypeScript best practices
• Security considerations are addressed
• Documentation is updated

This project is for demonstration and educational purposes.

Built with Next.js and powered by the Azure DevOps REST API.

Note: This is a client-side application with PAT-based authentication. For production use with sensitive organizations, consider implementing OAuth 2.0 and server-side authentication. See SECURITY.md for details.