CapaKraken

Author	SHA1	Message	Date
Hartmut	279eb24e5a	refactor(api): extract assistant staffing demand slice	2026-03-30 22:07:44 +02:00
Hartmut	1568efab30	refactor(api): extract assistant project slice	2026-03-30 22:04:28 +02:00
Hartmut	91ab7898e9	refactor(api): extract assistant estimate slice	2026-03-30 21:57:16 +02:00
Hartmut	18ba6fff9a	refactor(api): extract assistant notifications slice	2026-03-30 21:49:49 +02:00
Hartmut	fec4aa2e23	refactor(api): extract assistant user admin slice	2026-03-30 21:33:49 +02:00
Hartmut	7d3c6d978e	refactor(api): extract assistant self-service slice	2026-03-30 21:31:06 +02:00
Hartmut	72394747f9	refactor(api): extract assistant config readmodels	2026-03-30 21:27:23 +02:00
Hartmut	9571d454d4	refactor(api): extract assistant chargeability and country slices	2026-03-30 21:19:16 +02:00
Hartmut	447d42acb8	refactor(api): extract assistant tool admin slices	2026-03-30 20:56:00 +02:00
Hartmut	a36bca7ca7	refactor(admin): split system settings into section modules	2026-03-30 20:04:06 +02:00
Hartmut	a19d2cbae0	refactor(settings): adopt environment-only runtime secret flow	2026-03-30 19:55:06 +02:00
Hartmut	fed7aa5b61	refactor(runtime): prefer env-backed secrets at runtime	2026-03-30 19:17:32 +02:00
Hartmut	4f5d410b94	docs(architecture): refresh hardening status	2026-03-30 18:56:53 +02:00
Hartmut	dd71e8f80b	fix(comment): align mention audience with entity visibility	2026-03-30 18:50:36 +02:00
Hartmut	34067f1576	fix(tooling): harden database env loading	2026-03-30 14:42:44 +02:00
Hartmut	82466a4e34	fix(api): derive secure sse subscriptions	2026-03-30 14:20:18 +02:00
Hartmut	f0bea6235d	fix(web): reuse project combobox in timeline popovers	2026-03-30 13:34:59 +02:00
Hartmut	58824545fc	fix(assistant): align tool metadata with router audiences	2026-03-30 13:18:00 +02:00
Hartmut	94ad3004b7	docs(scope): mark notification follow-up complete	2026-03-30 12:33:54 +02:00
Hartmut	3c4894a966	docs(scope): refresh backlog status after hardening batch	2026-03-30 12:25:56 +02:00
Hartmut	a9a01e8df0	test(resource): cover chapter and skill import access	2026-03-30 12:23:35 +02:00
Hartmut	d3ad350821	test(assistant): document self-service approval access	2026-03-30 12:20:55 +02:00
Hartmut	c9a35452dc	fix(blueprint): require planning access for global field defs	2026-03-30 12:18:59 +02:00
Hartmut	c82a146f84	docs(scope): add audience scoping backlog	2026-03-30 12:16:16 +02:00
Hartmut	016f862405	fix(holiday-calendar): scope resource holiday reads	2026-03-30 12:10:52 +02:00
Hartmut	c7434c968e	fix(vacation): scope preview requests to owned resources	2026-03-30 12:07:26 +02:00
Hartmut	22cff9648e	test(entitlement): cover self-service and role boundaries	2026-03-30 12:01:34 +02:00
Hartmut	3a29ce4332	fix(blueprint): require planning access for detailed reads	2026-03-30 11:55:43 +02:00
Hartmut	b254ab70ba	test(auth): cover notification and user router audiences	2026-03-30 11:08:14 +02:00
Hartmut	c8e82ac221	feat(settings): restrict AI readiness checks to admins	2026-03-30 11:00:42 +02:00
Hartmut	81a46c81bd	feat(blueprint): scope summary reads to planning audience	2026-03-30 10:55:28 +02:00
Hartmut	9b764008c3	feat(management-level): scope reads to planning audience	2026-03-30 10:45:44 +02:00
Hartmut	c2ca6a6d0d	feat(holiday-calendar): restrict catalog reads to admins	2026-03-30 10:36:05 +02:00
Hartmut	54769ca0f5	feat(utilization-category): scope reads to planning audience	2026-03-30 10:29:40 +02:00
Hartmut	ae74700f7c	feat(client): scope planning reads to explicit audience	2026-03-30 10:24:52 +02:00
Hartmut	2b514ea962	feat(org-unit): scope structural reads to resource overview	2026-03-30 10:17:57 +02:00
Hartmut	65fe7ce04f	feat(assistant): align resource tool visibility with read audiences	2026-03-30 10:11:55 +02:00
Hartmut	bd654251f7	feat(master-data): scope detail reads to resource overview	2026-03-30 10:08:44 +02:00
Hartmut	8495b83b3e	docs(security): document audience scoping rollout rules	2026-03-30 09:59:33 +02:00
Hartmut	93c4374973	feat(auth): introduce explicit planning read permission	2026-03-30 09:15:07 +02:00
Hartmut	a50ca09333	feat(auth): tighten allocation read audiences	2026-03-30 09:03:44 +02:00
Hartmut	db45829eca	feat(auth): classify planning and resource read audiences	2026-03-30 08:51:07 +02:00
Hartmut	f6daf21983	feat(import): harden untrusted spreadsheet boundaries	2026-03-30 08:02:52 +02:00
Hartmut	fac8c1c3a5	feat(sse): scope timeline events to affected audiences	2026-03-30 00:40:24 +02:00
Hartmut	819345acfa	feat(platform): harden access scoping and delivery baseline	2026-03-30 00:27:31 +02:00
Hartmut	00b936fa1f	feat(assistant): extend audit and import parity	2026-03-29 12:56:29 +02:00
Hartmut	47e4d701ff	chore(repo): checkpoint current capakraken implementation state	2026-03-29 12:47:12 +02:00
Hartmut	beae1a5d6e	feat(assistant): add approval inbox and e2e hardening	2026-03-29 10:10:59 +02:00
Hartmut	4f48afe7b4	feat(planning): ship holiday-aware planning and assistant upgrades	2026-03-28 22:49:28 +01:00
Hartmut	1fc1e9f24c	feat: AI security controls + PostgreSQL hardening (Week 1 Quick Wins) AI Security (EGAI 4.3.1.3, 4.3.1.4, 4.1.3.1, IAAI 3.6.26): - AI Disclaimer banner in ChatPanel: "AI responses may be inaccurate" - "AI Generated" violet badge on: chat messages, AI summaries, project narratives, AI-generated cover images - HITL: system prompt now requires explicit user confirmation before any data mutation (strongly worded instruction) - Mutation tool audit logging: all 31 write tools logged with tool name, params, userId, userRole via Pino PostgreSQL Hardening (PG Standard V1.6): - Audit logging: log_connections, log_disconnections, log_statement=ddl, log_min_duration_statement=1000 in docker-compose - SUPERUSER removal script: scripts/harden-postgres.sh (NOSUPERUSER + minimal GRANT for app user) - Health check: pg_isready -U capakraken -d capakraken - Documentation: security-architecture.md Section 12 updated Controls closed: EGAI 4.1.3.1, 4.3.1.3, 4.3.1.4, PG 3.3, 3.5 Co-Authored-By: claude-flow <ruv@ruv.net>	2026-03-27 16:18:35 +01:00

1 2

65 Commits