Hartmut
e5ecea81c5
#41 (critical): Replace plain Error throws in authorize() with CredentialsSignin subclasses (MfaRequiredError / MfaRequiredSetupError / InvalidTotpError). Auth.js v5 forwards CredentialsSignin.code to the client via SignInResponse.code; plain throws become CallbackRouteError and the message is never visible. Signin page now checks result.code ?? result.error for exact code matching. #38: MfaPromptBanner converted to fully client-side component via trpc.user.getMfaStatus.useQuery() — disappears immediately after MFA enable without requiring page reload. Snooze key remains userId-scoped via useSession(). Server-side prisma.user.findUnique call removed from (app)/layout.tsx. #40: NEXTAUTH_URL default fallback removed from docker-compose.yml. The variable is now required (:?) — docker compose up fails with a descriptive error if the value is missing, preventing silent localhost redirect bugs. Tests: auth.test.ts (5), MfaPromptBanner.test.ts (7), reset-password.test.ts (6) All new tests green. pnpm --filter @capakraken/web exec tsc --noEmit clean. Co-Authored-By: claude-flow <ruv@ruv.net>
Documentation Index
Date: 2026-03-12 Purpose: Single entry point for active CapaKraken product and technical documentation.
Canonical Documents
| Topic | File | Use |
|---|---|---|
| AI excellence due diligence | ai-excellence-due-diligence-roadmap.md | Frank quality assessment and cleanup roadmap toward a showcase AI-built project |
| Showcase quality backlog | showcase-quality-backlog.md | Consolidated working backlog for the current quality and maintainability north star |
| Parallel worktree hygiene | parallel-worktree-hygiene.md | Keep parallel worker slices isolated and the worktree reviewable |
| Target CI/CD architecture | cicd-target-architecture.md | Canonical image-based build, deploy, and rollback flow |
| Active roadmap and open gaps | product-roadmap.md | Primary backlog and current delivery order |
| Estimating system design | estimating-extension-design.md | Workbook analysis, field mapping, and implementation plan |
| Dispo import implementation | dispo-import-implementation.md | Clean-slate Dispo v2 import design, mapping rules, staging flow, and commit policy |
| Dispo import ticket pack | dispo-import-implementation-tickets.md | Worker-ready delivery slices, dependencies, and acceptance criteria for the Dispo import |
| Demand/assignment cutover guide | demand-assignment-migration-cutover.md | Go/no-go criteria, staged cutover, and readiness artifact policy |
| Strategic architecture direction | v2-architecture-proposal-2026-03-11.md | Longer-horizon architecture target |
| Implementation history | LEARNINGS.md | Append-only decisions and lessons |
| Agent/project guidance | CLAUDE.md | Working conventions and quality gates |
Archive Policy
Older plan and proposal markdown files stay in the repository only as archive notes when:
- the feature is already implemented enough to leave the active backlog
- the content was merged into a canonical document
- the file still has historical value, but should not drive current work
Archive-note files should point back to the relevant canonical document instead of carrying parallel backlog state.
Current Archive Notes
All archived markdown plan and proposal files now live under docs/old-markdowns/.