Covers estimate list, getById, version snapshot aggregation, rethrowEstimateRouterError,
submit/approve/createRevision workflow procedures. Vacation read covers isSameUtcDay,
list, getById, getForResource, team overlap, and team overlap detail.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Covers comment CRUD/resolve/delete, project status transitions and cascade
deletes, dispo import batch read/cancel/commit/resolve, and holiday calendar
catalog read with identifier fallback lookup.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Phase 3c continued: covers admin settings CRUD with secret handling,
webhook lifecycle with SSRF validation, and calculation rules with
controller/manager authorization boundaries.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Phase 3c: covers list/getById/create/update for all three routers
including authorization guards, conflict detection, NOT_FOUND errors,
and audit logging verification.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Phase 3b continued: covers chargeability-relevance pure functions,
estimate CRUD (create, clone, list with filters), and version lifecycle
(submit, approve, create revision) with NOT_FOUND and status guard tests.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Phase 3b Tier 2: covers skill gaps, project health, top value resources,
and peak times dashboard queries including empty data edge cases,
filtering logic, and authorization guards.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Phase 3a: raises shared schema coverage from 5.5% to ~95%. Tests cover
valid roundtrips, invalid rejection, edge cases for refinements, defaults,
date coercion, and the generateDynamicZodSchema runtime builder.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Tests fell behind source changes: lastTotpAt replay-attack prevention,
activeSession invalidation on password reset, select clauses in
permission updates, UNAUTHORIZED (anti-enumeration) for disabled TOTP,
and password minimum raised from 8 to 12 characters.
Also fix root eslint.config.mjs to ignore packages/ (linted via turbo)
and add --no-warn-ignored to lint-staged to suppress warnings for
ignored files.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Cast Zod schemas with .refine()/.superRefine() to z.ZodType<InferredType> at the
procedure level. This short-circuits TypeScript's deep type recursion through
tRPC's middleware chain, eliminating 4 of 5 @ts-expect-error TS2589 suppressions
in web components (VacationModal, ProjectModal, UsersClient, CountriesClient).
Applied same pattern to allocation, timeline, staffing, dashboard, project, and
resource query/mutation procedures to reduce client-side type depth.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- ProjectHealthWidget: row already typed as ProjectHealthRow with id field
- ResourceDetail: use narrowed unknown cast instead of any for error code
- provider.tsx: same pattern for TRPCClientError data access
- ChatPanel: use intersection type for Next.js typed route push
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace ~440 lines of hand-written structural DB client types across 7 lib files
with `Pick<PrismaClient, ...>` from @capakraken/db. This eliminates all `as any`
casts at Prisma boundaries (cron routes, allocation effects, vacation procedures)
and surfaces two pre-existing bugs:
- weekly-digest.ts: `db.allocation.count()` called non-existent model (fixed → demandRequirement)
- estimate-reminders.ts: `submittedAt` field doesn't exist on EstimateVersion (fixed → updatedAt)
Also adds root eslint.config.mjs so lint-staged can lint package files.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Install husky v9 + lint-staged: pre-commit runs eslint --fix and prettier on staged files
- Tighten ESLint base config: no-console→error, ban-ts-comment (ts-ignore banned, ts-expect-error with description allowed), reportUnusedDisableDirectives→error
- Migrate web app from deprecated `next lint` to `eslint src/` with flat config and react-hooks plugin
- Convert all 5 @ts-ignore to @ts-expect-error with descriptions, remove stale disable comments
- Add NEXT_PUBLIC_SENTRY_DSN to docker-compose.prod.yml and .env.example
- Add coverage artifact upload step to CI test job
- Pre-existing violations (102 warnings) downgraded to warn in web config for Phase 2 cleanup
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Unify Saturday+Sunday into single isWeekend flag (header + grid lines)
- Replace hardcoded amber vacation bar/tooltip colors with brand-* classes
- Add global accent-color for checkboxes and radio buttons via CSS variable
- Update VACATION_TIMELINE_COLORS/BORDER to use brand palette (SICK stays red)
- Vacation-only tooltip uses neutral dark surface with brand accent border
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Remove the colored background tint for 50-100% utilized rows entirely.
Only over-utilized rows (>100%) keep the red warning tint.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Replace hardcoded blue-shifted rgba values and slate-* classes with neutral
CSS variable references in timeline resource/project panels, tooltips,
constants, and heatmap mono palette. Change utilization row tint from blue
to green. Replace slate-950 open demand backgrounds with --surface-card.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The widget wrapper had a hardcoded dark gradient using rgba(22,23,26) and
rgba(16,17,19) which are blue-shifted. Replace with CSS variable references
--surface-elevated and --surface-card for neutral dark backgrounds.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Tailwind's gray-950 (rgb(3,7,18)) is blue-shifted. Add solid and opacity
variant overrides (/96, /95, /60, /50, /45, /40) to map gray-950 to
the neutral --surface-card CSS variable in dark mode.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Remove duplicated Tailwind class string constants from 15 component files.
Use app-input, app-select, app-label, app-action-danger-btn, and
app-action-delete CSS component classes from globals.css instead.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Add missing dark: class variants for backgrounds, borders, and text across
dashboard widgets, AppShell sidebar, notification cards, and the chargeability
report table. Replace hardcoded slate/gray hex values with CSS variable
references. Fix chargeability hover tint and remove ineffective sticky thead.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Replace blue-shifted CSS variable values with balanced neutral RGB, add
comprehensive dark-mode overrides for bg-gray-*, border-gray-*, text-gray-*,
and their dark: variant forms. Remove light-mode text/border overrides that
leaked into both modes. Replace hardcoded rgba(255,255,255,...) in component
classes with CSS variable references. Merge duplicate fadeSlideIn keyframe
into fadeSlideUp. Change .app-data-table overflow to clip for sticky compat.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Rules inside @layer components lose to unlayered styles in the CSS cascade,
causing dark mode overrides to be silently ignored. Move ALL :is(.dark) rules
for app-surface, app-surface-strong, app-toolbar, app-input, app-select,
app-label, app-page-title, app-page-subtitle, app-data-table, and action
classes outside @layer — the same fix that resolved app-data-table white bg.
Also switch app-surface/strong from background: shorthand to separate
background-color + background-image to ensure the dark surface-card base
color is always applied independently of the gradient overlay.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Replace `@apply dark:bg-gray-900/95` with an explicit `:is(.dark) .app-data-table`
rule using CSS variables, matching the established pattern of `.app-surface` and
`.app-toolbar`. Fixes Allocations, ResourceTableWidget, and ProjectTableWidget
all appearing white in dark mode.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Replace sidebar #0d0e22 hardcoded hex with .sidebar-panel class backed by
--surface-card CSS variable so all three sidebar elements (desktop, mobile,
mobile header) share the same neutral-dark color as the main content
- Remove purple logo gradient (dark:from-[#0d0e22] dark:to-[#13162a]) — now uses
--surface-elevated for a neutral, unified look
- Add .dark slate-*/gray-900 overrides: bg-slate-700/800/900, border-slate-800,
hover:bg-slate-800 all map to --surface-elevated/--surface-card/--border-subtle
- Remove dead hardcoded rgb(45 51 71) rule for dark bg-gray-100 (was overridden
further down anyway; now consistently uses --surface-elevated)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Dark surface vars changed from purple-navy (8 8 22) to neutral near-black (10 10 12)
so sky/emerald/amber accent themes no longer have a purple cast
- Light surface vars made nearly neutral (252 252 253) — lavender tint removed
- All rgba(100, 80, 160, ...) replaced with rgb(var(--accent-400) / ...) in
.app-surface, .app-surface-strong, and .app-toolbar shadows/borders
- .app-page-title dark gradient midpoint changed from hardcoded #e8e4ff to
rgb(var(--accent-100)) so it adapts to the chosen accent color
- Body light-mode background gradient opacity reduced to avoid over-tinting
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Password validation: min(8) → min(12) across auth.ts, user-procedure-support.ts,
and invite.ts (aligns with NIST SP 800-63B modern recommendations)
- Error boundary: stop rendering raw error.message which could leak internal
details; always show the generic fallback text
- Add `pnpm audit` script (--audit-level=high) for dependency vulnerability scanning
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Postgres and Redis ports now bind to 127.0.0.1 only, preventing exposure
to the network even if the host firewall has a gap
- Redis requires a password (REDIS_PASSWORD) via --requirepass; REDIS_URL in
app and migrator services updated to include the credential
- Redis healthcheck updated to pass -a flag so it still works with auth enabled
- REDIS_PASSWORD added to .env.example with generation hint
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Adds lastTotpAt timestamp to User model. After a successful TOTP validation,
the timestamp is recorded. Any reuse of the same code within the 30-second
window is rejected as a replay attack.
verifyTotp now returns a single generic UNAUTHORIZED error regardless of
whether the user ID is invalid or TOTP is not enabled, preventing enumeration
of user IDs and MFA status.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- blueprint rolePresets: cap array at 100 items to prevent storage abuse
- notification CreateManagedNotification: add .max() on title (500),
body (2000), type (100), entityType/entityId (200), link (1000),
taskAction (200)
- settings: add .max() on all string config fields; add regex allowlist
(/^[a-zA-Z0-9._-]+$/) on model name fields (geminiModel,
azureDalleDeployment, azureOpenAiDeployment) to prevent path manipulation
- sanitizeHtml: fix SSR bypass — server-side branch now strips HTML tags
instead of returning the raw string unchanged
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- setUserPassword and resetPassword now call activeSession.deleteMany after
updating the passwordHash, so any pre-change sessions are immediately revoked
(CWE-613 session fixation after credential change)
- setUserPermissions and resetUserPermissions now use explicit Prisma select to
exclude passwordHash and totpSecret from the returned user object
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Replace max-w-5xl/max-w-7xl constrained wrappers with the app-page utility
class, consistent with other full-width pages like the projects list.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Two related fixes:
1. When localStorage has a saved layout, mark it as authoritative so a DB
response carrying older data (e.g. from a save cancelled by navigating away
within the 2-second debounce window) cannot overwrite it.
2. Flush any pending debounced DB save immediately on component unmount so
that navigating away within the window doesn't silently lose changes.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Installs postgresql-client in the dev image so pg_isready is available.
The startup script now polls until postgres accepts connections, preventing
the P1001 "can't reach database" crash when the app container starts before
postgres is fully ready.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Hartmut