Hartmut
0e119cfe73
#19 MFA QR code: render locally via qrcode package, remove external qrserver.com request #20 Webhook SSRF: add ssrf-guard.ts with DNS-verified IP blocklist; enforce on create/update/test/dispatch #21 /api/perf: fail-closed when CRON_SECRET missing; remove query-string token auth #22 CSP: remove unsafe-eval and unsafe-inline from script-src in production builds #23 Active session registry: forward jti into session object; validate against ActiveSession on every tRPC request #24 Docker: add missing packages/application to Dockerfile.dev; fix pnpm-lock.yaml glob; run db:migrate:deploy on container start so a fresh checkout boots without manual steps Also: fix pre-existing TS error in e2e/allocations.spec.ts (args.length literal type overlap) Co-Authored-By: claude-flow <ruv@ruv.net>
Documentation Index
Date: 2026-03-12 Purpose: Single entry point for active CapaKraken product and technical documentation.
Canonical Documents
| Topic | File | Use |
|---|---|---|
| AI excellence due diligence | ai-excellence-due-diligence-roadmap.md | Frank quality assessment and cleanup roadmap toward a showcase AI-built project |
| Showcase quality backlog | showcase-quality-backlog.md | Consolidated working backlog for the current quality and maintainability north star |
| Parallel worktree hygiene | parallel-worktree-hygiene.md | Keep parallel worker slices isolated and the worktree reviewable |
| Target CI/CD architecture | cicd-target-architecture.md | Canonical image-based build, deploy, and rollback flow |
| Active roadmap and open gaps | product-roadmap.md | Primary backlog and current delivery order |
| Estimating system design | estimating-extension-design.md | Workbook analysis, field mapping, and implementation plan |
| Dispo import implementation | dispo-import-implementation.md | Clean-slate Dispo v2 import design, mapping rules, staging flow, and commit policy |
| Dispo import ticket pack | dispo-import-implementation-tickets.md | Worker-ready delivery slices, dependencies, and acceptance criteria for the Dispo import |
| Demand/assignment cutover guide | demand-assignment-migration-cutover.md | Go/no-go criteria, staged cutover, and readiness artifact policy |
| Strategic architecture direction | v2-architecture-proposal-2026-03-11.md | Longer-horizon architecture target |
| Implementation history | LEARNINGS.md | Append-only decisions and lessons |
| Agent/project guidance | CLAUDE.md | Working conventions and quality gates |
Archive Policy
Older plan and proposal markdown files stay in the repository only as archive notes when:
- the feature is already implemented enough to leave the active backlog
- the content was merged into a canonical document
- the file still has historical value, but should not drive current work
Archive-note files should point back to the relevant canonical document instead of carrying parallel backlog state.
Current Archive Notes
All archived markdown plan and proposal files now live under docs/old-markdowns/.