{"id":28961568,"url":"https://github.com/samcro1967/grylli","last_synced_at":"2026-05-04T13:36:18.913Z","repository":{"id":297244001,"uuid":"991691030","full_name":"samcro1967/grylli","owner":"samcro1967","description":"Secure, CSP-compliant Flask web app for managing reminders, email alerts, notifications, and user accounts.","archived":false,"fork":false,"pushed_at":"2026-04-16T12:54:36.000Z","size":60330,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-16T14:33:56.237Z","etag":null,"topics":["babel","csp","flask","flask-forms","flask-scheduler","flask-sqlalchemy","gunicorn","html","jinga","mfa-authenticator","modular-design","python","rate-limiting","sqlite3","stimulus","tailwindcss","wgsim"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/samcro1967.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-05-28T02:35:47.000Z","updated_at":"2026-04-16T12:54:42.000Z","dependencies_parsed_at":"2025-06-23T23:19:53.608Z","dependency_job_id":"fcb32e02-65ce-4819-b8ce-dbb6f43e8ac3","html_url":"https://github.com/samcro1967/grylli","commit_stats":null,"previous_names":["samcro1967/grylli"],"tags_count":13,"template":false,"template_full_name":null,"purl":"pkg:github/samcro1967/grylli","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/samcro1967%2Fgrylli","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/samcro1967%2Fgrylli/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/samcro1967%2Fgrylli/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/samcro1967%2Fgrylli/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/samcro1967","download_url":"https://codeload.github.com/samcro1967/grylli/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/samcro1967%2Fgrylli/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32610064,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-04T10:08:07.713Z","status":"ssl_error","status_checked_at":"2026-05-04T10:08:02.005Z","response_time":58,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["babel","csp","flask","flask-forms","flask-scheduler","flask-sqlalchemy","gunicorn","html","jinga","mfa-authenticator","modular-design","python","rate-limiting","sqlite3","stimulus","tailwindcss","wgsim"],"created_at":"2025-06-24T02:03:58.297Z","updated_at":"2026-05-04T13:36:18.875Z","avatar_url":"https://github.com/samcro1967.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\r\n \u003cimg src=\"app/static/icons/grylli_icon_dark.png\" alt=\"Grylli Logo\" width=\"256\"\u003e\r\n\u003c/p\u003e\r\n\r\n# Grylli\r\n\r\nGrylli is a secure, self-hosted message delivery platform that automatically sends pre-configured notifications if a user fails to check in within a defined time period.\r\n\r\n---\r\n[![Container Image](https://img.shields.io/badge/ghcr.io-samcro1967%2Fgrylli-blue?logo=github)](https://github.com/samcro1967/grylli/pkgs/container/grylli)\r\n[![Version](https://img.shields.io/github/v/release/samcro1967/grylli)](https://github.com/samcro1967/grylli/releases)\r\n[![License](https://img.shields.io/github/license/samcro1967/grylli)](LICENSE)\r\n\r\n\u003ca name=\"toc\"\u003e\u003c/a\u003e\r\n## Table of Contents\r\n- [Features](#features)\r\n - [Core Application](#core-application)\r\n - [Accessibility \u0026 Inclusive Design](#accessibility-inclusive-design)\r\n - [Notifications](#notifications)\r\n - [Reminder System](#reminder-system)\r\n - [User Management \u0026 Access Control](#user-management-access-control)\r\n - [Email \u0026 Integrations](#email-integrations)\r\n - [Logging \u0026 Diagnostics](#logging-diagnostics)\r\n - [Admin Tasks](#admin-tasks)\r\n - [Admin Reports](#admin-reports)\r\n - [Security \u0026 Production Readiness](#security-production-readiness)\r\n - [Application Trust Model](#application-trust-model)\r\n- [Security Checklist](#security-checklist)\r\n- [Lighthouse Audit Results](#lighthouse-audit-results)\r\n- [Testing \u0026 Quality Assurance](#testing-quality-assurance)\r\n- [Backups \u0026 Maintenance](#backups-maintenance)\r\n- [Screenshots](#screenshots)\r\n- [Docker Compose Configuration](#docker-compose-configuration)\r\n - [Environment Variables](#environment-variables)\r\n- [Credits \u0026 Key Dependencies](#credits-key-dependencies)\r\n- [Recommended Third-Party Services](#recommended-third-party-services)\r\n\r\n---\r\n\r\n## Features\r\n\r\n### Core Application\r\n- Self-hosted Flask web application with user authentication\r\n- Responsive UI built with Tailwind CSS\r\n- Frontend interactivity powered by Stimulus.js for minimal, CSP-compliant JavaScript\r\n- Light and dark mode support with **DaisyUI** components integrated for consistent theme application\r\n- Local timezone support\r\n- Multilingual interface with automatic translation via GPT-PO Translator\r\n- Status endpoint for healthcheck and version\r\n- Integrated version check with GitHub release comparison and automated scheduler updates\r\n- Language selection toggle with per-user preference and locale-aware interface\r\n- Fixed sidebar and header layout with scrollable main content for consistent UX\r\n- Table/Card view preference is saved per module via localStorage for persistent view selection (e.g., Messages, Emails, Reminders, \u0026 Users)\r\n- Modular partial layout: all list views (emails, messages, reminders, Apprise, webhooks) use shared `table_view.html`, `card_view.html`, `actions.html`, and `help_panel.html` partials for maintainability\r\n- Context-sensitive help panels for each major module\r\n- Dashboard with equal-height cards showing reminders, emails, messages, Apprise, webhooks, and SMTP at a glance\r\n- Dedicated **Schedule** tab showing all enabled items and their configured run times\r\n- **Activity** tab displaying filtered logs of recent user actions and system events\r\n- Shared UI components and actions ensure consistency across table and card views\r\n- Progressive Web App (PWA) support: installable manifest, service worker registration, offline metadata caching, and mobile/desktop home screen integration. Requires HTTPS and a public certificate.\r\n- Seamless navigation and interaction using **HTMX**:\r\n - All sidebar and profile dropdown links use HTMX for dynamic content loading\r\n - Add/edit/delete/cancel actions update only affected content via HTMX\r\n - Buttons for test/send/enable/disable are handled dynamically via HTMX and fully CSP-compliant\r\n\r\n---\r\n\r\n### Accessibility \u0026 Inclusive Design\r\n[⬆ Back to Table of Contents](#toc)\r\n- Grylli has undergone a thorough accessibility audit using [pa11y](https://pa11y.org/) and manual contrast verification.\r\n- Main pages (login, signup, dashboard, reminders, emails, messages, settings) have been remediated for WCAG 2.1 AA compliance\r\n- All forms include semantic labels, ARIA feedback, and keyboard-accessible controls\r\n- High-contrast themes and visible focus styles are built-in\r\n- No inline JavaScript or event handlers (CSP-compliant)\r\n- No CAPTCHAs or visual-only barriers; public routes are rate-limited instead\r\n- ⚠️ Minor, non-blocking color contrast issues (e.g. emoji/icons) are acknowledged\r\n\r\n---\r\n\r\n### Messages\r\n[⬆ Back to Table of Contents](#toc)\r\n- Configurable notification and check-in system\r\n- Deliver Messages using [Apprise](https://github.com/caronc/apprise), with support for dozens of services\r\n- Execute webhooks when notification grace period for checkin has expired\r\n- Customizable emails with optional attachments\r\n- Attach multiple files to emails\r\n- Files are loaded from /uploads at send time (edit outside Grylli)\r\n\r\n---\r\n\r\n### Reminder System\r\n[⬆ Back to Table of Contents](#toc)\r\n- Create reminders with labels, subjects, and rich scheduling options\r\n- Assign email, webhook, and Apprise destinations to each reminder\r\n- Optional test-send for validation of all linked services\r\n- Schedule single or recurring reminders (daily, weekly, monthly, etc.)\r\n- Toggle reminders on/off dynamically from the UI\r\n\r\n---\r\n\r\n### User Management \u0026 Access Control\r\n[⬆ Back to Table of Contents](#toc)\r\n- Multi-admin and multi-user support\r\n- Role-based access control (RBAC) with user/admin privileges\r\n- MFA using TOTP apps (e.g. Google Authenticator) with recovery codes\r\n- MFA reset and recovery options for both users and admins\r\n- Admin protection from self-demotion and critical privilege changes\r\n- Sign-up with registration code\r\n- Forgot username and password recovery flows\r\n- User actions to export their data and delete their account\r\n\r\n---\r\n\r\n### Email \u0026 Integrations\r\n[⬆ Back to Table of Contents](#toc)\r\n- Global SMTP settings for system-level notifications\r\n- User-specific SMTP settings for personalized delivery\r\n\r\n---\r\n\r\n### Logging \u0026 Diagnostics\r\n[⬆ Back to Table of Contents](#toc)\r\n- All application events are logged with context, including:\r\n - check-in attempts, enable/disable actions, task execution, test runs, and validation errors\r\n - internal exceptions are captured with full tracebacks and categorized by severity\r\n- Logs are written to both stdout and `data/grylli.log` by default\r\n- Admin panel includes a **filterable and sortable log viewer**:\r\n - Filter by log level, text content, and timestamp (before/after)\r\n - Sort by timestamp or severity column\r\n - HTMX-powered for live interaction without full page reload\r\n- Dedicated **Activity** tab shows recent user-facing log events tied to current user\r\n- CSP violation reports are captured, parsed, and logged for debugging front-end policy violations\r\n- Debug layout view captures DOM structure, controller bindings, loaded styles/scripts, and page metadata\r\n- All logging is structured for human readability and system integration\r\n- Debug-friendly logging helpers (`log_info_message`, `log_exception_with_traceback`) used across all routes for consistent traceability\r\n\r\n---\r\n\r\n### Admin Tasks\r\n[⬆ Back to Table of Contents](#toc)\r\n- Admin-only UI available under **Tasks** for executing one-time system actions\r\n- First task available: **Manual Version Check**\r\n - Triggers the same logic used in the scheduled update check\r\n - Confirms if a new Grylli release is available on GitHub\r\n- Fully CSP-compliant task execution and feedback via flash messages\r\n\r\n---\r\n\r\n### Admin Reports\r\n[⬆ Back to Table of Contents](#toc)\r\n- Admin-only dashboard with real-time reports and usage summaries\r\n- Tabbed UI with HTMX-based dynamic content loading (no full page reloads)\r\n- Currently available reports:\r\n - **Accounts**: Overview of all users, roles, MFA status, activity flags, and lockouts\r\n - **Scheduler Activity**: Displays execution history for scheduled items (reminders, emails, messages)\r\n- Uses modular partial templates and consistent DaisyUI styling\r\n- Reports are automatically updated with the latest activity and user status changes\r\n- Table views support sortable and accessible column headers\r\n\r\n---\r\n\r\n### Security \u0026 Production Readiness\r\n[⬆ Back to Table of Contents](#toc)\r\n- Email integrity is enforced on login: only users can change their own email address, preventing backend tampering\r\n- Sensitive credentials (e.g., SMTP passwords, Apprise tokens) and user-defined data (e.g., message subjects, email recipients, reminder text, etc.) are encrypted at rest using Fernet symmetric encryption\r\n- Fully Content Security Policy (CSP) compliant: dynamic nonces, no inline scripts or handlers, no `.innerHTML`\r\n- Frontend entirely refactored to use Stimulus.js controllers instead of Alpine.js or inline JavaScript\r\n- Password and token reveal functionality is CSP-safe with strict event handling\r\n- Admin routes are tightly permission-controlled with automatic role enforcement\r\n- All public forms and inputs validated server-side using secure WTForms\r\n- App-level logging captures all sensitive operations, errors, and admin events without exposing secrets\r\n- Enforces complex passwords\r\n- Runs as non-root using PUID/PGID\r\n- Reverse proxy ready (`base_url` support)\r\n- Runs in a minimal [distroless](https://github.com/GoogleContainerTools/distroless) container for production, reducing attack surface and image size\r\n- Python sources are precompiled to `.pyc` files for faster startup and to reduce accidental code exposure in the image\r\n- Rate limiting on failed logins and sign up\r\n- Additional HTTP security headers: X-Content-Type-Options: nosniff, X-Frame-Options: DENY, frame-ancestors: 'none' to mitigate common web vulnerabilities\r\n- Account lockout enforced after repeated failed login attempts, with automatic unlock after a delay\r\n- Modular view architecture using partials for cleaner maintenance and CSP compliance\r\n- CAPTCHA-free signup flow with soft rate limiting for better UX and accessibility\r\n\r\n---\r\n\r\n### File Integrity Verification\r\n[⬆ Back to Table of Contents](#toc)\r\n- Grylli performs a secure file integrity check on startup to ensure application files have not been tampered with.\r\n- A `file_hashes.sha256` manifest is generated at build time, containing **SHA-256 hashes** for all `.py`, `.html`, and `.js` files in the source tree.\r\n- At runtime, a built-in Python script verifies these hashes against the actual files on disk.\r\n- If any file has been modified or added, **startup is aborted**, and the failure is logged.\r\n- This ensures administrators or malicious actors cannot modify core logic or templates without detection.\r\n- A scheduler task re-validates file integrity and exits if any tampering is detected.\r\n\r\n---\r\n\r\n### Application Trust Model\r\n[⬆ Back to Table of Contents](#toc)\r\n- Grylli is designed with privacy and control in mind.\r\n- Users retain full control over their check-in schedules, messages, and delivery methods.\r\n- All sensitive user data — including email passwords, Apprise tokens, and webhook URLs — is encrypted before being stored.\r\n- Administrators cannot view stored credentials or plaintext tokens.\r\n- No external telemetry, analytics, or phone-home behavior is present.\r\n- Users can export or delete their data at any time\r\n\r\n---\r\n\r\n## Security Checklist\r\n[⬆ Back to Table of Contents](#toc)\r\n- [x] Passwords and secrets encrypted at rest\r\n- [x] CSP-compliant templates and JavaScript (no inline scripts or handlers)\r\n- [x] Rate-limited login, signup, and reset flows\r\n- [x] MFA with TOTP and recovery support\r\n- [x] Role-based route protections (admin vs. user)\r\n- [x] Admin safeguards (no self-demotion)\r\n- [x] Secure form validation with CSRF and ARIA feedback\r\n- [x] Optional backup and deletion workflows\r\n- [x] Automatic account lockout after repeated failed logins\r\n- [x] CSP Violation Reporting: Server now captures and logs CSP violations\r\n\r\n---\r\n\r\n### Lighthouse Audit Results\r\n[⬆ Back to Table of Contents](#toc)\r\nGrylli has been tested with [Google Lighthouse](https://developer.chrome.com/docs/lighthouse/overview/) across all major modules, achieving:\r\n\r\n| Metric | Average Score |\r\n|----------------|----------------|\r\n| Performance | 96 |\r\n| Accessibility | 99 |\r\n| Best Practices | 93 |\r\n| SEO | 100 |\r\n\r\nAll primary user-facing and administrative pages meet or exceed Lighthouse guidelines. \r\nInstallability was validated using Lighthouse PWA audits.\r\n\r\n---\r\n\r\n## **Testing \u0026 Quality Assurance**\r\n[⬆ Back to Table of Contents](#toc)\r\nGrylli has a comprehensive test suite covering the platform's core features, ensuring the stability, security, and functionality of all workflows.\r\n\r\n### **Test Coverage Breakdown**\r\n[⬆ Back to Table of Contents](#toc)\r\n| Module | Coverage |\r\n|----------------------------|----------|\r\n| **Auth Routes** | 83% |\r\n| **Admin Panels** | 84% |\r\n| **Reminder Logic** | 78% |\r\n| **Email Workflows** | 82% |\r\n| **Apprise \u0026 Webhooks** | 78% |\r\n| **Backup \u0026 Restore** | 85% |\r\n| **MFA Setup \u0026 Reset** | 84% |\r\n| **Account Management** | 68% |\r\n| **CSP Compliance** | 100% |\r\n| **Public Pages** | 100% |\r\n| **Version Metadata** | 100% |\r\n| **Route Permissions** | 100% |\r\n\r\n**Total Coverage**: **81%** \r\n(4977 statements, 933 currently not covered)\r\n\r\n### **Test Framework**\r\n[⬆ Back to Table of Contents](#toc)\r\n- Written using **pytest**\r\n- Uses **SQLAlchemy 2.x-style** `db.session.get()` methods\r\n- Mocks all external calls (email, encryption, login state) for safe, fast test runs\r\n- Enforces role-based access control through simulated admin/user scenarios\r\n- Coverage includes flash messages, status codes, and failure paths\r\n\r\n---\r\n\r\n## Backups \u0026 Maintenance\r\n[⬆ Back to Table of Contents](#toc)\r\n- Automated daily database backups (7-day retention)\r\n- On-demand backup option\r\n\r\n---\r\n\r\n## Screenshots\r\n[⬆ Back to Table of Contents](#toc)\r\n\u003cdetails\u003e\r\n \u003csummary\u003e\u003cstrong\u003eShow Screenshots\u003c/strong\u003e\u003c/summary\u003e\r\n\r\n\u003cimg src=\"screenshots/config.png\" alt=\"Config Tab\" width=\"400\"/\u003e\r\n\u003cimg src=\"screenshots/schedule.png\" alt=\"Schedule Tab\" width=\"400\"/\u003e\r\n\u003cimg src=\"screenshots/activity.png\" alt=\"Activity Tab\" width=\"400\"/\u003e\r\n\u003cimg src=\"screenshots/linked_items.png\" alt=\"Linked Items Tab\" width=\"400\"/\u003e\r\n\u003cimg src=\"screenshots/admin.png\" alt=\"Admin Overview\" width=\"400\"/\u003e\r\n\u003cimg src=\"screenshots/backups.png\" alt=\"Backups\" width=\"400\"/\u003e\r\n\u003cimg src=\"screenshots/logs.png\" alt=\"Application Logs\" width=\"400\"/\u003e\r\n\u003cimg src=\"screenshots/accounts.png\" alt=\"Accounts\" width=\"400\"/\u003e\r\n\u003cimg src=\"screenshots/scheduler.png\" alt=\"Scheduler\" width=\"400\"/\u003e\r\n\u003cimg src=\"screenshots/system_settings.png\" alt=\"System Settings\" width=\"400\"/\u003e\r\n\u003cimg src=\"screenshots/smtp-settings.png\" alt=\"SMTP Settings\" width=\"400\"/\u003e\r\n\u003cimg src=\"screenshots/tasks.png\" alt=\"Admin Tasks\" width=\"400\"/\u003e\r\n\u003cimg src=\"screenshots/users.png\" alt=\"User Management\" width=\"400\"/\u003e\r\n\u003cimg src=\"screenshots/messages.png\" alt=\"Messages\" width=\"400\"/\u003e\r\n\u003cimg src=\"screenshots/apprise.png\" alt=\"Apprise Destinations\" width=\"400\"/\u003e\r\n\u003cimg src=\"screenshots/webhook.png\" alt=\"Webhook Destinations\" width=\"400\"/\u003e\r\n\u003cimg src=\"screenshots/emails.png\" alt=\"Emails\" width=\"400\"/\u003e\r\n\u003cimg src=\"screenshots/user_smtp.png\" alt=\"User SMTP Config\" width=\"400\"/\u003e\r\n\u003cimg src=\"screenshots/reminders.png\" alt=\"Reminders\" width=\"400\"/\u003e\r\n\r\n\u003c/details\u003e\r\n\r\n---\r\n\r\n## Docker Compose Configuration\r\n[⬆ Back to Table of Contents](#toc)\r\n[`docker-compose.sample.yml`](./docker-compose.sample.yml)\r\n\r\nIf you prefer not to use Docker Compose, you can run Grylli with a single command:\r\n\r\n\u003cdetails\u003e\r\n \u003csummary\u003e\u003cstrong\u003eShow Docker Run Command\u003c/strong\u003e\u003c/summary\u003e\r\n \r\n```\r\ndocker run -d \\\r\n --name grylli \\\r\n -p 5069:5069 \\\r\n -v $(pwd)/grylli/data:/data \\\r\n -v $(pwd)/grylli/uploads:/uploads \\\r\n -e TZ=America/Chicago \\\r\n -e PUID=1000 \\\r\n -e PGID=1000 \\\r\n -e GRYLLI_DATA_DIR=/data \\\r\n -e DEBUG=False \\\r\n -e FQDN=http://your.domain.com:5069 \\\r\n -e BASE_URL=/grylli \\\r\n -e FLASK_APP_PORT=5069 \\\r\n -e FLASK_APP_KEY=changeme-supersecret-key \\\r\n -e FERRET_KEY=changeme-fernet-key \\\r\n -e SIGNUP_CODE=YourSuperSecretCode123! \\\r\n -e DEFAULT_LANGUAGE=en \\\r\n -e SMTP_HOST=smtp.example.com \\\r\n -e SMTP_PORT=587 \\\r\n -e SMTP_USE_TLS=1 \\\r\n -e EMAIL_FROM=you@example.com \\\r\n -e SMTP_USER=you@example.com \\\r\n -e SMTP_PASS=your_password_or_app_token \\\r\n --restart unless-stopped \\\r\n ghcr.io/samcro1967/grylli\r\n```\r\n\u003c/details\u003e\r\n\r\n### Environment Variables\r\n[⬆ Back to Table of Contents](#toc)\r\n\u003cdetails\u003e\r\n \u003csummary\u003e\u003cstrong\u003eShow Environment Variables\u003c/strong\u003e\u003c/summary\u003e\r\n\r\n| Variable | Description | Example/Notes |\r\n|--------------------|--------------------------------------------------------------------|-------------------------------------------|\r\n| `TZ` | Timezone for the container | `America/Chicago` |\r\n| `PUID` | User ID for container process (for volume permissions) | `1000` |\r\n| `PGID` | Group ID for container process | `1000` |\r\n| `GRYLLI_DATA_DIR` | Directory for persistent data inside the container | `/data` |\r\n| `DEBUG` | Enable or disable debug mode | `False` (use `True` for debugging) |\r\n| `FQDN` | Public base URL of your Grylli instance | `http://your.domain.com:5069` |\r\n| `BASE_URL` | Base URL path for Grylli (use `/grylli` or `/`) | `/grylli` |\r\n| `FLASK_APP_PORT` | Port Grylli listens on inside the container | `5069` |\r\n| `FLASK_APP_KEY` | Secret key for Flask session security | *(generate a secure random string)* |\r\n| `FERRET_KEY` | Encryption key for sensitive data (Fernet, 32-byte base64 string) | *(generate with Fernet)* |\r\n| `SIGNUP_CODE` | Registration code required for new sign-ups | `YourSuperSecretCode123!` |\r\n| `DEFAULT_LANGUAGE` | Default language code | `en` |\r\n| `SMTP_HOST` | SMTP server hostname | `smtp.example.com` |\r\n| `SMTP_PORT` | SMTP server port | `587` (for TLS), `465` (for SSL) |\r\n| `SMTP_USE_TLS` | Use TLS for SMTP connection (1 for yes, 0 for no) | `1` |\r\n| `EMAIL_FROM` | Default sender email address | `you@example.com` |\r\n| `SMTP_USER` | SMTP authentication username | `you@example.com` |\r\n| `SMTP_PASS` | SMTP authentication password or app token | `your_password_or_app_token` |\r\n\u003c/details\u003e\r\n\r\n\u003e **Note:** See [`docker-compose.sample.yml`](./docker-compose.sample.yml) for instructions on how to generate your own `FLASK_APP_KEY` and `FERRET_KEY`.\r\n\r\n---\r\n\r\n## Credits \u0026 Key Dependencies\r\n\r\n### Core Backend\r\n[⬆ Back to Table of Contents](#toc)\r\n- [Flask](https://flask.palletsprojects.com/) — Python web framework\r\n- [Flask-WTF](https://flask-wtf.readthedocs.io/) — Secure web forms with CSRF protection\r\n- [Flask-Login](https://flask-login.readthedocs.io/) — User session and authentication management\r\n- [Flask-Migrate](https://flask-migrate.readthedocs.io/) — Database migrations powered by Alembic\r\n- [Flask-Babel](https://pythonhosted.org/Flask-Babel/) — Internationalization (i18n) and localization\r\n- [APScheduler](https://apscheduler.readthedocs.io/) — Advanced Python scheduling\r\n- [email-validator](https://email-validator.readthedocs.io/) — Email address validation\r\n- [cryptography](https://cryptography.io/) — Secure encryption for sensitive data at rest\r\n- [PyOTP](https://pypi.org/project/pyotp/) — Time-based one-time passwords for MFA\r\n- [python-dateutil](https://dateutil.readthedocs.io/) — Advanced datetime parsing and timezone handling\r\n- [polib](https://polib.readthedocs.io/) — PO file management for localization workflows\r\n- [GPT-PO Translator](https://github.com/gaborvecsei/gpt-po-translator) — Automated PO file translation with GPT\r\n\r\n### Frontend \u0026 UI\r\n[⬆ Back to Table of Contents](#toc)\r\n- [Stimulus](https://stimulus.hotwired.dev/) — Lightweight JavaScript framework for CSP-compliant interactivity\r\n- [HTMX](https://htmx.org/) — Dynamic HTML-over-the-wire interactivity without custom JavaScript\r\n- [Tailwind CSS](https://tailwindcss.com/) — Utility-first CSS framework for responsive, accessible UI\r\n- [DaisyUI](https://daisyui.com/) — Plugin for TailwindCSS that provides pre-designed components\r\n- [SVGBackgrounds](https://www.svgbackgrounds.com/set/free-svg-backgrounds-and-patterns/) — Open-source SVG background patterns used in the theme-aware background selector\r\n- [PostCSS](https://postcss.org/) — CSS transformation engine used in Tailwind’s build pipeline\r\n- [Autoprefixer](https://github.com/postcss/autoprefixer) — Adds vendor prefixes to CSS rules automatically\r\n\r\n### Integrations \u0026 Features\r\n[⬆ Back to Table of Contents](#toc)\r\n- [Apprise](https://github.com/caronc/apprise) — Notification delivery to dozens of services\r\n- [htmx-extensions: safe-nonce](https://github.com/MichaelWest22/htmx-extensions/tree/main/safe-nonce) — HTMX extension for CSP nonce propagation\r\n- [Critical](https://github.com/addyosmani/critical) — Extracts and inlines critical-path CSS for faster first paint\r\n- [Pa11y](https://pa11y.org/) — Automated accessibility testing and validation\r\n\r\n### Runtime \u0026 Deployment\r\n[⬆ Back to Table of Contents](#toc)\r\n- [gunicorn](https://gunicorn.org/) — Production Python WSGI server\r\n- [Docker](https://www.docker.com/) — Containerized application deployment (distroless)\r\n- [Clean-CSS CLI](https://github.com/jakubpawlowicz/clean-css-cli) — CSS minifier for optimized production output\r\n- [Terser](https://github.com/terser/terser) — JavaScript minifier used in production builds\r\n\r\n### Testing, Auditing, \u0026 Code Quality\r\n[⬆ Back to Table of Contents](#toc)\r\n- [pytest](https://docs.pytest.org/) — Python test framework\r\n- [pytest-cov](https://pypi.org/project/pytest-cov/) — Coverage reporting plugin for pytest\r\n- [black](https://black.readthedocs.io/) — Opinionated Python code formatter\r\n- [isort](https://pycqa.github.io/isort/) — Python import sorter\r\n- [pylint](https://pylint.pycqa.org/) — Static code analysis for Python\r\n- [djlint](https://www.djlint.com/) — Linter and formatter for Jinja2 templates\r\n- [Lighthouse](https://github.com/GoogleChrome/lighthouse) — Performance, accessibility, and SEO auditing for web apps\r\n- [OWASP ZAP](https://www.zaproxy.org/) — Automated security scanning and penetration testing\r\n\r\n\u003e Special thanks to these libraries and their maintainers for powering Grylli.\r\n\r\n---\r\n\r\n## Recommended Third-Party Services\r\n[⬆ Back to Table of Contents](#toc)\r\n- [webhook (adnanh/webhook)](https://github.com/adnanh/webhook) — Simple webhook server\r\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsamcro1967%2Fgrylli","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsamcro1967%2Fgrylli","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsamcro1967%2Fgrylli/lists"}