 Hartmut
|
d4641e27aa
|
feat: first-run setup wizard, CLI seed script, and installation docs
- /setup Server Component + SetupClient form + createFirstAdmin Server Action:
zero-users guard (TOCTOU-safe), argon2 hash, ADMIN user creation,
redirects to /auth/signin after setup
- scripts/setup-admin.mjs: CLI alternative for headless/container setups
- docs/installation.md: 7-section install guide (clone → configure → run → verify)
Co-Authored-By: claude-flow <ruv@ruv.net>
|
2026-04-02 20:45:15 +02:00 |
|
|
Hartmut
|
bfdf0a82da
|
security/platform: close audit findings #19–#26
Tests, CSP nonce middleware, SSRF guard, perf-route hardening,
Docker env isolation, migration runbook, RBAC E2E coverage.
Tickets resolved:
- #19: MfaSetup.test.ts — static source tests confirming local QR rendering
- #20: ssrf-guard.test.ts (16 tests) + webhook-procedure-support mock fix
- #21: /api/perf route.test.ts (5 tests) — header-only auth, fail-closed
- #22: middleware.ts (nonce-based CSP) + middleware.test.ts (6 tests);
layout.tsx async + nonce prop; CSP removed from next.config.ts
- #23: Active-session registry enforcement verified (already in codebase)
- #24: docker-compose.yml REDIS_URL hardcoded (no host-env substitution)
- #25: docker-compose.yml REDIS_URL + docs/developer-runbook.md created
- #26: e2e/dev-system/rbac-data-access.spec.ts (12 tests, 3 roles × 4 procedures)
Quality gates: tsc clean, api 1447/1447, web 189/189 passing.
Turbo concurrency capped at 2 (package.json) to prevent OOM under
parallel test runs.
Co-Authored-By: claude-flow <ruv@ruv.net>
|
2026-04-01 22:14:20 +02:00 |
|
|
Hartmut
|
4b14db9dc6
|
fix(timeline): pause sse while hidden
|
2026-04-01 15:05:34 +02:00 |
|
|
Hartmut
|
3258b59e21
|
fix(timeline): resync after sse reconnect
|
2026-04-01 15:04:00 +02:00 |
|
|
Hartmut
|
d4652b7a42
|
fix(timeline): cancel stranded drag interactions
|
2026-04-01 14:57:56 +02:00 |
|
|
Hartmut
|
a71bbeb640
|
fix(timeline): stabilize overlay lifecycle
|
2026-04-01 14:41:03 +02:00 |
|
|
Hartmut
|
6c138964ca
|
docs(repo): sync quality guardrail references
|
2026-04-01 09:05:23 +02:00 |
|
|
Hartmut
|
6249f61ce1
|
chore(repo): add parallel worktree hygiene guardrail
|
2026-04-01 08:53:14 +02:00 |
|
|
Hartmut
|
90f2f3c123
|
docs(backlog): add showcase quality working backlog
|
2026-04-01 08:36:26 +02:00 |
|
|
Hartmut
|
41916a4e46
|
refactor(api): share owned resource read access
|
2026-04-01 07:35:34 +02:00 |
|
|
Hartmut
|
a0c98cf24d
|
test(api): close assistant split regression gaps
|
2026-04-01 07:33:00 +02:00 |
|
|
Hartmut
|
6929482eb0
|
docs(api): note assistant split test gaps
|
2026-04-01 00:53:12 +02:00 |
|
|
Hartmut
|
f2d65d3cd4
|
test(api): add assistant split regression runner
|
2026-04-01 00:51:23 +02:00 |
|
|
Hartmut
|
ac29ce3567
|
refactor(sse): narrow canonical audience scopes
|
2026-03-31 22:56:12 +02:00 |
|
|
Hartmut
|
db50e2e555
|
feat(import): harden workbook parser boundaries
|
2026-03-31 22:48:30 +02:00 |
|
|
Hartmut
|
bec1b98688
|
docs(api): close router verification backlog
|
2026-03-31 21:50:03 +02:00 |
|
|
Hartmut
|
e34c22f3b0
|
refactor(api): extract project procedures
|
2026-03-31 21:28:56 +02:00 |
|
|
Hartmut
|
b1799e4f54
|
refactor(api): extract computation graph procedures
|
2026-03-31 21:24:28 +02:00 |
|
|
Hartmut
|
884f1012c9
|
refactor(api): extract role read procedures
|
2026-03-31 21:22:44 +02:00 |
|
|
Hartmut
|
cba4d44f16
|
refactor(api): extract webhook procedures
|
2026-03-31 21:18:29 +02:00 |
|
|
Hartmut
|
70171d43fd
|
refactor(api): extract calculation rule procedures
|
2026-03-31 21:15:02 +02:00 |
|
|
Hartmut
|
06642e6dc9
|
docs(api): refresh procedure support backlog
|
2026-03-31 21:12:53 +02:00 |
|
|
Hartmut
|
e08a992a65
|
refactor(api): extract entitlement procedures
|
2026-03-31 21:05:56 +02:00 |
|
|
Hartmut
|
a490d68a3b
|
refactor(api): extract resource summary read procedures
|
2026-03-31 20:59:26 +02:00 |
|
|
Hartmut
|
9d6fffc775
|
refactor(api): extract dashboard procedures
|
2026-03-31 20:54:54 +02:00 |
|
|
Hartmut
|
6837568ffe
|
refactor(api): extract notification procedures
|
2026-03-31 20:50:14 +02:00 |
|
|
Hartmut
|
958d2368c1
|
refactor(api): extract chargeability report procedures
|
2026-03-31 20:42:33 +02:00 |
|
|
Hartmut
|
00d5fe7923
|
docs(api): refresh procedure support backlog
|
2026-03-31 20:37:16 +02:00 |
|
|
Hartmut
|
f14d2679cc
|
refactor(api): extract import export procedures
|
2026-03-31 20:36:46 +02:00 |
|
|
Hartmut
|
1d3f1a007f
|
refactor(api): extract dispo procedures
|
2026-03-31 20:32:59 +02:00 |
|
|
Hartmut
|
a2f9b713c1
|
refactor(api): extract org unit procedures
|
2026-03-31 20:28:33 +02:00 |
|
|
Hartmut
|
e641782d50
|
docs(api): track remaining procedure-support slices
|
2026-03-31 20:25:22 +02:00 |
|
|
Hartmut
|
e375d634f6
|
docs(api): capture procedure-support pattern
|
2026-03-31 20:17:09 +02:00 |
|
|
Hartmut
|
4586e94c95
|
refactor(api): extract settings procedures
|
2026-03-31 19:46:50 +02:00 |
|
|
Hartmut
|
a7362f17bd
|
refactor(config): enforce runtime auth secret policy
|
2026-03-30 23:40:00 +02:00 |
|
|
Hartmut
|
7bcc831b5c
|
refactor(ops): standardize image-based production delivery
|
2026-03-30 23:35:29 +02:00 |
|
|
Hartmut
|
ef5e8016a4
|
refactor(api): add redis-backed rate limiting fallback
|
2026-03-30 23:23:56 +02:00 |
|
|
Hartmut
|
bcfb18393e
|
refactor(api): extract assistant vacation entitlement slice
|
2026-03-30 23:09:32 +02:00 |
|
|
Hartmut
|
45c25b17c1
|
refactor(api): extract assistant country read slice
|
2026-03-30 22:53:59 +02:00 |
|
|
Hartmut
|
0cc7b9805a
|
refactor(api): extract assistant planning navigation slice
|
2026-03-30 22:51:39 +02:00 |
|
|
Hartmut
|
aed99cb894
|
refactor(api): extract assistant import export dispo slice
|
2026-03-30 22:45:00 +02:00 |
|
|
Hartmut
|
4d8c91d705
|
refactor(api): extract assistant scenario rate-analysis slice
|
2026-03-30 22:38:01 +02:00 |
|
|
Hartmut
|
d55ab67e04
|
refactor(api): extract assistant audit-history slice
|
2026-03-30 22:30:51 +02:00 |
|
|
Hartmut
|
ab32c7804b
|
refactor(api): extract assistant comments slice
|
2026-03-30 22:29:07 +02:00 |
|
|
Hartmut
|
73fdf1c6ab
|
refactor(api): extract assistant dashboard insights slice
|
2026-03-30 22:23:05 +02:00 |
|
|
Hartmut
|
6c6afdd059
|
refactor(api): extract assistant blueprint rate-card slice
|
2026-03-30 22:17:41 +02:00 |
|
|
Hartmut
|
e1496064e0
|
refactor(api): extract assistant resource slice
|
2026-03-30 22:13:42 +02:00 |
|
|
Hartmut
|
279eb24e5a
|
refactor(api): extract assistant staffing demand slice
|
2026-03-30 22:07:44 +02:00 |
|
|
Hartmut
|
1568efab30
|
refactor(api): extract assistant project slice
|
2026-03-30 22:04:28 +02:00 |
|
|
Hartmut
|
91ab7898e9
|
refactor(api): extract assistant estimate slice
|
2026-03-30 21:57:16 +02:00 |
|