Hartmut/CapaKraken
1
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases Wiki Activity
701 Commits 3 Branches 1 Tag
ed9827aa1671cad237fb29cde8152015cb2213d8
Commit Graph

43 Commits

Author SHA1 Message Date
Hartmut ed9827aa16 ci: fix architecture guardrails and document QNAP runner setup
CI / Architecture Guardrails (push) Failing after 5m46s
Details
CI / Typecheck (push) Failing after 6m20s
Details
CI / Build (push) Has been skipped
Details
CI / E2E Tests (push) Has been skipped
Details
CI / Unit Tests (push) Has been cancelled
Details
CI / Assistant Split Regression (push) Has started running
Details
CI / Lint (push) Has started running
Details
Release Image / Build And Push Images (push) Has been cancelled
Details
Docker Deploy Test / Fresh-Linux Docker Deploy (push) Has started running
Details 
- release-image.yml: add guardrail anchor comments for runner/migrator target markers
- useTimelineSSE.ts: trim JSDoc to stay under 120-line limit
- timelineDragCleanup.ts: bump guardrail to 115 lines (type defs are cohesive, splitting would not reduce complexity)
- .gitea/gitea_compose_qnap_all_in_one.md: full QNAP Container Station setup with absolute /share/Container/gitea paths, explicit act_runner register step, and $$-escaped env vars

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-04-12 12:11:24 +02:00
Hartmut 78d50b78d3 fix: script portability and npm security updates 
Scripts:
- stop.sh: replace Linux-only fuser with cross-platform lsof fallback
- start.sh: parameterize port (APP_PORT) and container name (dynamic lookup)
- app-dev-start.sh: cross-platform stat (GNU -c / BSD -f) and setpriv/su fallback
- deploy-compose.sh: parameterize Docker registry via DOCKER_REGISTRY env var
- harden-postgres.sh: make DB_USER and DB_NAME configurable via env vars

NPM security:
- next: 15.5.12 → 15.5.15 (fixes HTTP request smuggling CVE)
- nodemailer: 8.0.1 → 8.0.5 (fixes SMTP command injection CVEs)
- lodash-es: add pnpm override to force >=4.18.0 (fixes code injection + prototype pollution)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-10 14:06:58 +02:00
Hartmut d4641e27aa feat: first-run setup wizard, CLI seed script, and installation docs 
- /setup Server Component + SetupClient form + createFirstAdmin Server Action:
  zero-users guard (TOCTOU-safe), argon2 hash, ADMIN user creation,
  redirects to /auth/signin after setup
- scripts/setup-admin.mjs: CLI alternative for headless/container setups
- docs/installation.md: 7-section install guide (clone → configure → run → verify)

Co-Authored-By: claude-flow <ruv@ruv.net>
 2026-04-02 20:45:15 +02:00
Hartmut 41eb722369 feat: user invite flow, deactivate/delete, favicon, dashboard loading fix, admin full-width 
- Invite flow: admin can invite users by email with role selection; accept-invite page
  sets password and creates the account; 72-hour token expiry; E2E tests
- User deactivate/reactivate/delete: new tRPC procedures + UI buttons; deactivation
  revokes all active sessions immediately; delete cascades vacation/broadcast records;
  isActive field added via migration 20260402000000_user_isactive
- Auth: block login for inactive users with audit entry
- Favicon: SVG favicon + ICO/PNG fallbacks (16, 32, 180, 192, 512px); manifest updated
- Dashboard: GridLayout dynamic-import loading skeleton prevents blank dark area
  on first login before react-grid-layout chunk is cached
- Admin users: remove max-w-5xl constraint so table uses full page width
- Dev: docker container restart workflow documented in LEARNINGS.md; Prisma generate
  must run inside the container after schema changes (named node_modules volume)

Co-Authored-By: claude-flow <ruv@ruv.net>
 2026-04-02 20:19:26 +02:00
Hartmut d3bfa8ca98 test(mfa): full MFA test coverage — unit + E2E 
Unit tests (packages/api — 13 tests):
- generateTotpSecret: DB write, returns secret + uri
- verifyAndEnableTotp: valid token enables; invalid/already-enabled/no-secret guards
- verifyTotp (login): valid → ok; invalid → UNAUTHORIZED; not-enabled → BAD_REQUEST
- getCurrentMfaStatus: reads totpEnabled flag

E2E tests (apps/web/e2e/dev-system/mfa.spec.ts — 7 scenarios):
- Setup flow: generate secret, enable with valid code, reject invalid code, UI QR check
- Login flow: MFA prompt appears, valid code logs in, wrong code shows error + stays on prompt
- Login without MFA: no TOTP prompt for users without MFA enabled

Also: start.sh health-check timeout 30s → 90s (container startup can exceed 30s)

Co-Authored-By: claude-flow <ruv@ruv.net>
 2026-04-01 22:30:36 +02:00
Hartmut e103174d39 refactor(web): extract preview target setup 2026-04-01 11:59:10 +02:00
Hartmut 2a7769a0de refactor(web): extract range release resolution 2026-04-01 11:53:11 +02:00
Hartmut 1e2bd3d4eb refactor(web): extract project drag finalize 2026-04-01 11:49:14 +02:00
Hartmut 463caedcfd refactor(web): extract touch event forwarding 2026-04-01 11:39:39 +02:00
Hartmut 37c6e03d23 refactor(web): extract allocation release effects 2026-04-01 11:35:17 +02:00
Hartmut f4e9831dea refactor(web): extract allocation drag session 2026-04-01 11:27:03 +02:00
Hartmut 510459fbff refactor(web): extract allocation multi-drag session 2026-04-01 11:22:18 +02:00
Hartmut 5402189158 refactor(web): extract drag position helpers 2026-04-01 11:18:31 +02:00
Hartmut 3fe3a5fb2a refactor(web): extract project drag session 2026-04-01 11:16:15 +02:00
Hartmut 0181f2b304 refactor(web): extract multi-select session 2026-04-01 11:14:28 +02:00
Hartmut b14be80e32 refactor(web): extract timeline drag cleanup 2026-04-01 11:12:20 +02:00
Hartmut 922394c56a refactor(web): split touch canvas adapters 2026-04-01 11:09:26 +02:00
Hartmut a4789d718b refactor(web): centralize multi-select release handling 2026-04-01 10:50:21 +02:00
Hartmut ca947befde refactor(web): extract allocation release classification 2026-04-01 10:48:47 +02:00
Hartmut 0ab1374853 refactor(web): centralize touch mouse adapters 2026-04-01 10:43:38 +02:00
Hartmut eda8722d83 refactor(web): extract document drag listeners 2026-04-01 10:39:28 +02:00
Hartmut 84c5760392 refactor(web): extract range selection bootstrap 2026-04-01 10:17:39 +02:00
Hartmut c941b1e5cf refactor(web): extract allocation drag action plans 2026-04-01 10:15:54 +02:00
Hartmut 203bb8751d refactor(web): extract allocation drag bootstrap 2026-04-01 10:10:06 +02:00
Hartmut 892a9c5ccf refactor(web): extract project drag helpers 2026-04-01 10:06:32 +02:00
Hartmut c32f56ba89 refactor(web): extract allocation multi-drag helpers 2026-04-01 10:03:16 +02:00
Hartmut e23b502dd9 test(repo): guard allocation drag helper boundaries 2026-04-01 09:58:20 +02:00
Hartmut ea4074af8f test(repo): guard timeline drag helper boundaries 2026-04-01 09:52:23 +02:00
Hartmut 167eec31de test(repo): guard timeline live preview boundaries 2026-04-01 09:43:14 +02:00
Hartmut 01e116ce99 test(repo): guard critical ownership surfaces 2026-04-01 09:04:29 +02:00
Hartmut b2568a3cb4 test(repo): cover worktree hygiene guardrails 2026-04-01 09:02:37 +02:00
Hartmut 6249f61ce1 chore(repo): add parallel worktree hygiene guardrail 2026-04-01 08:53:14 +02:00
Hartmut 8c5be51251 feat(platform): checkpoint current implementation state 2026-04-01 07:42:03 +02:00
Hartmut 3e8b1702bc chore(db): harden workspace env wrappers 2026-03-31 22:47:07 +02:00
Hartmut 0b192efdb1 chore(ci): add workspace and db guardrails 2026-03-31 22:36:12 +02:00
Hartmut a7362f17bd refactor(config): enforce runtime auth secret policy 2026-03-30 23:40:00 +02:00
Hartmut 7bcc831b5c refactor(ops): standardize image-based production delivery 2026-03-30 23:35:29 +02:00
Hartmut 34067f1576 fix(tooling): harden database env loading 2026-03-30 14:42:44 +02:00
Hartmut 47e4d701ff chore(repo): checkpoint current capakraken implementation state 2026-03-29 12:47:12 +02:00
Hartmut 4f48afe7b4 feat(planning): ship holiday-aware planning and assistant upgrades 2026-03-28 22:49:28 +01:00
Hartmut 1fc1e9f24c feat: AI security controls + PostgreSQL hardening (Week 1 Quick Wins) 
AI Security (EGAI 4.3.1.3, 4.3.1.4, 4.1.3.1, IAAI 3.6.26):
- AI Disclaimer banner in ChatPanel: "AI responses may be inaccurate"
- "AI Generated" violet badge on: chat messages, AI summaries,
  project narratives, AI-generated cover images
- HITL: system prompt now requires explicit user confirmation
  before any data mutation (strongly worded instruction)
- Mutation tool audit logging: all 31 write tools logged with
  tool name, params, userId, userRole via Pino

PostgreSQL Hardening (PG Standard V1.6):
- Audit logging: log_connections, log_disconnections, log_statement=ddl,
  log_min_duration_statement=1000 in docker-compose
- SUPERUSER removal script: scripts/harden-postgres.sh
  (NOSUPERUSER + minimal GRANT for app user)
- Health check: pg_isready -U capakraken -d capakraken
- Documentation: security-architecture.md Section 12 updated

Controls closed: EGAI 4.1.3.1, 4.3.1.3, 4.3.1.4, PG 3.3, 3.5

Co-Authored-By: claude-flow <ruv@ruv.net>
 2026-03-27 16:18:35 +01:00
Hartmut cd78f72f33 chore: full technical rename planarchy → capakraken 
Complete rename of all technical identifiers across the codebase:

Package names (11 packages):
- @planarchy/* → @capakraken/* in all package.json, tsconfig, imports

Import statements: 277 files, 548 occurrences replaced

Database & Docker:
- PostgreSQL user/db: planarchy → capakraken
- Docker volumes: planarchy_pgdata → capakraken_pgdata
- Connection strings updated in docker-compose, .env, CI

CI/CD:
- GitHub Actions workflow: all filter commands updated
- Test database credentials updated

Infrastructure:
- Redis channel: planarchy:sse → capakraken:sse
- Logger service name: planarchy-api → capakraken-api
- Anonymization seed updated
- Start/stop/restart scripts updated

Test data:
- Seed emails: @planarchy.dev → @capakraken.dev
- E2E test credentials: all 11 spec files updated
- Email defaults: @planarchy.app → @capakraken.app
- localStorage keys: planarchy_* → capakraken_*

Documentation: 30+ .md files updated

Verification:
- pnpm install: workspace resolution works
- TypeScript: only pre-existing TS2589 (no new errors)
- Engine: 310/310 tests pass
- Staffing: 37/37 tests pass

Co-Authored-By: claude-flow <ruv@ruv.net>
 2026-03-27 13:18:09 +01:00
Hartmut 1f079d0309 chore: add start/stop/restart scripts for Planarchy 
- scripts/start.sh: docker compose up, prisma generate, clear .next cache,
  start Next.js, wait for health check, show status
- scripts/stop.sh: kill Next.js by PID + fuser, docker compose stop
- scripts/restart.sh: stop then start

Usage:
  ./scripts/start.sh    # Start everything
  ./scripts/stop.sh     # Stop everything
  ./scripts/restart.sh  # Full restart

Co-Authored-By: claude-flow <ruv@ruv.net>
 2026-03-23 08:35:15 +01:00