This commit implements several security enhancements based on the findings of a new security audit report, which has also been added to the documentation.
- **Security Headers:** Adds a strict Content-Security-Policy (CSP) and other security headers (X-Content-Type-Options, Referrer-Policy) via Nuxt route rules.
- **Production Hardening:** Disables Nuxt DevTools in production environments to reduce the attack surface.
- **Mixed Content:** All image assets are now loaded over HTTPS to resolve mixed content issues.
- **Tabnabbing:** Secures `window.open` calls by adding `noopener,noreferrer`.
- **Configuration:** Updates `.gitignore` to ignore all `.env.*` files.
- **Docs:** Adds the full security audit report for reference.
- **Build:** Corrects a case-sensitive import path to ensure cross-platform build compatibility.
This commit introduces a comprehensive engineering audit report for the Tootaio Studio project. The report is structured into documents covering architecture, code quality, performance, security, CI/CD, and
observability. It also includes a phased improvement roadmap and a set of `.patch` files to apply immediate fixes for content schemas, package scripts, and CI configuration.
This commit introduces a complete overhaul of the homepage, rebuilding it from the ground up with Nuxt UI and full
internationalization support. The new design better showcases the studio's capabilities and projects.
- Re-architected the index page with multiple new sections: Capabilities, Featured Projects, Tech Stack, and Why Choose Us.
- Implemented full i18n for English (en-US) and Chinese (zh-CN) across all new content.
- Centralized the page structure into a `default.vue` layout with a global header (including color mode and locale selectors) and
footer.
- Replaced placeholder logos with a dynamic `UMarquee` of technology icons using Iconify.
This commit integrates the `@nuxtjs/seo` module to establish a baseline for search engine optimization.
Key changes include:
- Installation and configuration of the `@nuxtjs/seo` module.
- Definition of default meta tags for title, description, keywords, Open Graph, and Twitter cards.
- Addition of a default Open Graph image.
- Renaming of `robots.txt` to `_robots.txt` to align with the module's conventions for static file handling.
