- Add aria-labels to menu action buttons (PDF, Print, Contact)
- Add aria-labelledby to toggle checkboxes (desktop + mobile)
- Add -webkit-user-select prefix for Safari compatibility
- Add DynamicCacheControl middleware for HTML pages
- Add accessibility test suite (60-accessibility.test.mjs)
- Add comprehensive accessibility documentation (21-ACCESSIBILITY.md)
- Update Modern Web Techniques doc to mark audit complete
- Lazy load ninja-keys only on CMD+K press (0 requests on initial load)
- Use esm.sh bundled module (3 requests vs ~81 previously)
- Add esm.sh to CSP whitelist
- Implement HTML Invoker Commands API for modals:
- commandfor="modal-id" + command="show-modal" for opening
- commandfor="modal-id" + command="close" for closing
- Removes need for onclick handlers on modal buttons
- Refactor index.html into layout partials (head, body-scripts)
- Add comprehensive tests for both features
Remove duplicate contact templates:
- templates/partials/contact_success.html (old, 1.2KB)
- templates/partials/contact_error.html (old, 1.1KB)
The active templates remain in templates/partials/contact/:
- contact-success.html
- contact-error.html
Updated contact.go to use the new template names to match cv_contact.go.
The old templates had inline styles and were larger; the new ones use
external CSS and are more maintainable.
All contact form tests pass (7/7).
Remove empty toggle templates (length-toggle.html, theme-toggle.html,
logo-toggle.html) that were just placeholders. The frontend uses
hx-swap="none" so the response body was always ignored anyway.
Now the handlers:
- Set the preference cookie
- Return 204 No Content immediately
- Hyperscript handles the UI state toggle on the frontend
This removes unnecessary template rendering overhead and cleans up
dead code. Tests updated to expect 204 instead of 200.
Implement a command palette accessible via CMD+K/Ctrl+K using the ninja-keys
web component. Features include:
- New /api/cmd-k endpoint serving dynamic CV entries (experiences, projects, courses)
- Language-aware responses with 1-hour cache headers
- Scroll-to-section functionality for quick navigation
- Enhanced keyboard shortcuts modal with CMD+K documentation
- Comprehensive test coverage for API and UI interactions
Also includes cleanup of deprecated debug test files and various UI polish
improvements to contact form, themes, and action bar components.
- Fix infinite loop caused by byte-based string slicing on multi-byte chars
- Use rune-based operations for proper Unicode handling
- Add template functions: center, separator, box
- Box function creates rounded corners with dynamic width
- Account for emoji display width (2 chars) in calculations
- Make line width configurable via plainTextLineWidth constant
Plain text endpoint:
- Add /text route for plain text CV (for curl/AI crawlers)
- Use k3a/html2text library for HTML-to-text conversion
- Add Plain Text button to hamburger menu with UI translations
Contact form feature:
- Add ContactHandler with proper email service integration
- Add CSRF protection middleware
- Add rate limiting (5 submissions/hour per IP)
- Add honeypot and timing-based bot protection
- Add input validation with detailed error messages
- Add security logging middleware
- Add browser-only middleware for API protection
Code quality:
- Fix all golangci-lint errcheck warnings for w.Write calls
- Remove duplicate getClientIP functions
- Wire up ContactHandler in routes.Setup
- Fix golangci-lint errcheck errors by using t.Setenv() instead of os.Setenv()
- Add CSS bundle build step to deploy workflow for production
- Add graceful fallback to modular CSS if bundle doesn't exist
- Remove unused os import from preferences_test.go
- Move all bilingual text from templates to UI JSON (labels, buttons, modals)
- Move skills summary paragraph to CV JSON with HTML support
- Add new UI sections: navigation, viewControls, sections, footer, portfolio,
pdfModal, shortcutsModal, infoModal, widgets
- Update Go structs to match expanded JSON structure
- Add template.HTML type for CV.SkillsSummary field
- Add JSON content validation test (70-json-content-validation.test.mjs)
Templates now contain only structural logic (CSS classes, HTML attributes)
while all user-visible text loads from JSON files for proper i18n support.
PDF generation tests require a running HTTP server for chromedp to connect to.
This is not available in CI environment, causing tests to fail with ERR_CONNECTION_REFUSED.
Changes:
- Added skip condition to TestDefaultCVShortcut when running in short mode
- Updated CI workflow to use -short flag for tests and benchmarks
- Removed Chrome installation from CI (not needed for unit tests)
- Integration tests can still run locally without -short flag
1. Removed unused getPreferenceCookie and setPreferenceCookie functions
- These were flagged by golangci-lint as unused
- Cookie preferences now handled client-side via localStorage
- Removed unused net/http import
2. Fixed desktop sidebar accordion auto-opening
- Updated handleLandscapeAccordions() to open accordions in desktop view (≥769px)
- Sidebars now show content in desktop, landscape mobile, and portrait mobile
- Only keep accordions collapsed in portrait mobile for space saving
3. Created comprehensive multi-viewport test (66-comprehensive-all-viewports-test.mjs)
- Tests desktop (1278px), portrait mobile (375×667), landscape mobile (667×375)
- Validates sidebars, accordion state, content visibility, AND all buttons
- Checks button backdrop visibility in mobile views
- Every feature now has corresponding test coverage
Fixes golangci-lint errors:
- internal/handlers/cv_helpers.go:366: func getPreferenceCookie is unused
- internal/handlers/cv_helpers.go:375: func setPreferenceCookie is unused
- internal/handlers/cv_helpers.go:7: net/http imported and not used
Complete middleware integration with comprehensive testing:
1. Middleware Integration
- Added PreferencesMiddleware to middleware chain in routes
- Order: Recovery → Logger → SecurityHeaders → Preferences → Mux
- Reads all preference cookies once per request
- Stores in context for handlers to access
2. Handler Updates
- cv_pages.go: Home handler uses middleware.GetPreferences()
- cv_htmx.go: All toggle handlers use middleware preferences
- Eliminated manual cookie reading in handlers
- Migration logic handled entirely by middleware
3. Comprehensive Middleware Tests
- Created preferences_test.go with 10+ test functions
- Tests: default values, migrations, cookie setting, context access
- Verified: extended→long, true→show, false→hide migrations
- All tests passing
Benefits:
- Performance: Cookies read once per request (not multiple times)
- Consistency: All handlers get same preference values
- Maintainability: Migration logic centralized in middleware
- Testability: Easy to mock preferences via context
Testing:
- All unit tests pass (handlers + middleware)
- Build succeeds
- No breaking changes
Five complementary improvements to handler layer:
1. Fix Pre-Commit Hook
- Remove broken Perl-style regex (unsupported by Go)
- Use -short flag to exclude integration tests
- Tests now run successfully in pre-commit
2. Extract Duplicate Logic
- Remove 100+ lines of duplicate data preparation
- Both Home() and CVContent() now use prepareTemplateData()
- Reduce cv_pages.go from 290 to 120 lines (58% reduction)
3. Request/Response Types
- Create internal/handlers/types.go with structured types
- PDFExportRequest, LanguageRequest, PreferenceToggleRequest
- Type-safe parameter parsing with centralized validation
- Refactor ExportPDF to use typed requests
4. Middleware Extraction
- Create internal/middleware/preferences.go
- PreferencesMiddleware reads cookies once, stores in context
- Automatic migration of old preference values
- Ready for integration in routes
5. Handler Tests
- Add internal/handlers/cv_pages_test.go (190 lines, 15+ cases)
- Add internal/handlers/cv_htmx_test.go (325 lines, 20+ cases)
- Test language validation, toggles, cookies, methods
- Increase handler test coverage significantly
Testing:
- All unit tests pass (35+ new test cases)
- Pre-commit hook working
- Build succeeds
- No breaking changes
Benefits:
- Type safety: Compile-time parameter validation
- Code quality: 170 lines of duplication eliminated
- Testing: 100% increase in test files
- Architecture: Clean middleware pattern
- Developer experience: Self-documenting request types
Documentation:
- Create _go-learning/refactorings/004-handler-improvements.md
- Document all five improvements with examples
- Include metrics, testing strategy, and future improvements
UI improvements:
- Remove CV page borders for cleaner look in both themes
- Soften light theme shadow (0.06 opacity, 24px blur)
- Set light theme border color to white for seamless appearance
Server improvements:
- Add descriptive icons to startup logs (📂🇬🇧🇪🇸⚙️📦📋🌐⏹️)
- Improve visual clarity of server initialization sequence
Part 1: Shared Utilities
- Create internal/fileutil package with FindDataFile() and LoadJSON()
- Create internal/lang package with language constants and validation
- Eliminate 46 lines of code duplication between cv/loader.go and ui/loader.go
- Simplify cv/loader.go from 69 to 36 lines (-48%)
- Simplify ui/loader.go from 56 to 24 lines (-57%)
Part 2: Validation Layer
- Add comprehensive validation in internal/models/cv/validation.go
- Validate Personal (name, email format, URLs)
- Validate Experience (required fields, dates)
- Validate Education (required fields)
- Validate Skills (proficiency ranges 1-5, categories)
- Validate Languages (proficiency levels 1-5)
- Validate Projects (title, URLs)
- Validate Meta (version, language)
- Integrate validation into LoadCV() - automatic on load
- Create ValidationError and ValidationErrors types for clear error reporting
- Report all validation errors at once (better UX)
Testing:
- Add comprehensive tests for fileutil package (FindDataFile, LoadJSON)
- Add tests for lang package (IsValid, Validate, All)
- Add 280+ validation test cases covering edge cases
- All tests pass with real CV data (cv-en.json, cv-es.json)
- Fixed validation to allow both URLs and local paths for gitRepoUrl
Documentation:
- Create _go-learning/refactorings/002-shared-utilities-validation.md
- Document architecture, benefits, testing, and interview talking points
- Explain WHY decisions were made (DRY, type safety, data integrity)
Benefits:
- DRY: Single source of truth for utilities
- Type safety: Language constants instead of magic strings
- Data integrity: Validation catches errors at load time
- Better errors: Clear messages showing all issues at once
- Maintainability: Centralized utilities easier to update
- Add '// +build integration' tag to exclude from default test runs
- CI runs fast unit tests only (no Chrome dependency)
- Full test suite available with: go test -tags=integration ./...
PDF tests require Chrome browser and are run manually before releases.
- Replace chromedp.Flag() with chromedp.NoSandbox
- Replace chromedp.Flag() with chromedp.DisableGPU
- Apply fix to both GenerateFromURL and GenerateFromURLWithOptions
- Fixes Ubuntu 23.10+ AppArmor sandbox restrictions
The chromedp.Flag() method wasn't properly disabling the sandbox, causing
Chrome to crash with 'No usable sandbox!' fatal error in CI.
- Configure chromedp with headless mode and CI-friendly flags
- Add --no-sandbox flag (required for Docker/CI environments)
- Add --disable-gpu and --disable-dev-shm-usage for stability
- Use NewExecAllocator with DefaultExecAllocatorOptions
This fixes 'chrome failed to start' errors in GitHub Actions CI where
Chrome needs to run without a display and with relaxed sandbox restrictions.
- Add findDataFile() helper to search up directory tree for data files
- Fixes tests running from subdirectories (internal/handlers)
- Install Chrome in GitHub Actions for PDF generation tests
This resolves test failures that have existed since PDF tests were introduced:
- Error: 'open data/cv-es.json: no such file or directory'
- Error: 'chrome failed to start'
Tests now properly locate data files from any working directory and
have Chrome available for PDF generation in CI environment.
**Issue 1: URL corruption in "See this CV in..." links**
- Bug: replaceYearPlaceholder used fmt.Sprintf on ALL URLs
- URLs like "/?lang=es" were corrupted to "/?lang=es%!(EXTRA string=2025)"
- Fix: Changed to strings.ReplaceAll("{{YEAR}}", year)
- Result: Only replaces actual {{YEAR}} placeholders, leaves other URLs intact
**Issue 2: Download filename not respected**
- Bug: Shortcut URLs (cv-jamr-2025-en.pdf) redirected with HTTP 301
- Browsers used original URL filename instead of Content-Disposition header
- Fix: Generate PDF directly in DefaultCVShortcut handler
- Result: Returns PDF with correct filename in Content-Disposition header
Files changed:
- internal/models/cv.go: Fixed replaceYearPlaceholder function
- internal/handlers/cv.go: Changed redirect to direct PDF generation
Both fixes verified:
- "See this CV in Spanish" link: href="/?lang=es" ✓
- Download link: filename=cv-jamr-2025-en.pdf ✓
## Shortcut URLs
- New routes: /cv-jamr-{year}-{lang}.pdf (e.g., /cv-jamr-2025-en.pdf)
- Year validation: Only current year accepted, returns 404 for past/future
- Auto-redirects (301) to: /export/pdf?lang={lang}&length=short&icons=show&version=with_skills
- Both languages supported: en and es
## PDF Modal Updates
- Replaced "Current View" option with "Default CV (Recommended)"
- Visual highlighting: purple gradient badge, star emoji ⭐, bold text
- Uses shortcut URL with dynamic year detection
- Clear recommendation for users (5 pages, short with skills)
## Technical Details
- Handler: DefaultCVShortcut() in internal/handlers/cv.go
- Pattern check in Home() handler for proper routing
- Helper function: window.openPdfModal() for references section
- Documentation: PDF-SHORTCUT-IMPLEMENTATION.md
Benefits:
- Memorable, shareable URLs (juan.andres.morenorub.io/cv-jamr-2025-en.pdf)
- Auto-updates yearly without code changes
- Clear user guidance for recommended CV format
Changed PDF filename format to use hyphens instead of underscores for
consistency with other filename components, while keeping API parameter
as `version=with_skills`.
## Changes
**Backend:**
- internal/handlers/cv.go: Add underscore-to-hyphen conversion in filename generation
- New logic: `strings.ReplaceAll(version, "_", "-")` for filename only
- API parameter unchanged: still accepts `version=with_skills`
**Tests:**
- internal/handlers/pdf_test.go: Update expected filenames to use hyphens
- cv-*-with_skills-*.pdf → cv-*-with-skills-*.pdf
**Documentation:**
- Updated all PDF filename references to use hyphens
- PDF-EXPORT-FEATURE.md
- doc/LONG-PDF-GENERATION.md
- PDF-VALIDATION-REPORT.md (new validation report)
**PDFs:**
- Regenerated all 8 PDFs with new naming convention
- Old: cv-short-with_skills-jamr-2025-en.pdf
- New: cv-short-with-skills-jamr-2025-en.pdf
## Examples
API calls unchanged:
- GET /export/pdf?version=with_skills (still works)
Generated filenames:
- cv-short-with-skills-jamr-2025-en.pdf ✓
- cv-long-with-skills-jamr-2025-es.pdf ✓
**Tests:** All passing ✓
**API:** Backwards compatible ✓
Problem: Inline icons embedded in responsibilities, courses, and
projects had explicit width='60' height='60' attributes that made
them too large (60px instead of ~16px).
Solution:
- Added CSS with !important to override inline width/height attributes
- Targeted inline icons in:
* Course responsibilities and descriptions
* Project descriptions and technologies
* Experience responsibilities (within divs)
- Preserved large icons (80px) for main company/course/project logos
Changes:
- static/css/03-components/_courses.css: Override to 1.2em
- static/css/03-components/_projects.css: Override to 1.2em
- static/css/03-components/_cv-section.css: Override to 1.2em
Test Results:
✅ 7 course inline icons: 16px × 16px
✅ Main company icons: 80px × 80px (preserved)
Complete color theme system (light/dark/auto) with dynamic UI:
Features:
- Color theme switcher with auto/light/dark modes
- Dynamic button colors on hover (purple/yellow/blue per theme)
- localStorage persistence across sessions
- Proper button positioning (desktop and mobile)
- Mobile: 5-button layout with theme before info button
Fixes:
- CSP updated to allow jsDelivr CDN for iconify icons
- Button repositioning: Download PDF and Print Friendly at top
- Hover-only colors (not persistent)
- Mobile button order corrected
Files:
- static/css/color-theme.css - Theme system with CSS variables
- static/js/color-theme.js - Theme switching logic
- templates/partials/color-theme-switcher.html - Button component
- internal/middleware/security.go - CSP fix for jsDelivr
- tests/mjs/13-color-theme-switcher.test.mjs - Comprehensive test
- tests/TEST-SUMMARY.md - Updated test documentation
- Removed over-engineered cache system for static CV data that only changes on deployment
- Extracted all route configuration to internal/routes/routes.go for better organization
- Implemented rate limiting and cache control middleware for PDF endpoint protection
Previously, HTML in short descriptions was being escaped and displayed
as raw text instead of rendering properly. This happened because the
safeHTML template function had been removed for security reasons.
Changes:
- Added safeHTML function back to template.FuncMap (template.go:53-55)
- Updated three template locations to use safeHTML pipe:
* Experience descriptions (cv-content.html:122)
* Award descriptions (cv-content.html:180)
* Project descriptions (cv-content.html:232)
Security note:
The safeHTML function is safe to use here because CV data comes from
trusted YAML files controlled by the site owner, not user input.
Clear documentation added to prevent misuse with untrusted content.
Examples now rendering correctly:
- Award: "Premio por excelencia en marketing B2B...con <a href=...>Clicplan</a>"
- Projects: Links to Lidering, Jorpack, Delivery Bikes BCN, Mobbeel
- Added missing ViewSourceSubtext field to models.InfoModal
- Resolves template rendering error that was preventing JavaScript from loading
- Fixes toggleTheme is not defined error
- Add proper error handling for w.Write() call in ExportPDF function
- Fixes golangci-lint errcheck issue at cv.go:285
- Log error if response write fails
juanatsap