- Move mid-file pydantic/uuid imports to top of sessions.py
- Add can_access_tree, is_active, and draft status guards to batch_launch_sessions
- Remove notes field from _BatchTarget to keep API clean
- Add max_length=100 cap to targets list in _BatchLaunchRequest
- Hoist tree_snapshot computation above the session creation loop
- Replace N db.refresh() calls with a single bulk select after flush
- Add test_batch_launch_requires_auth and test_batch_launch_rejects_draft_tree tests
- Fix trailing slash on /api/v1/trees/ URL in new test (caused 307 redirect)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Add batch_id (UUID, nullable, indexed) and target_label (String 255,
nullable) columns to the Session model
- Manual Alembic migration 6e8128ef2aa8 applies both columns
- POST /sessions/batch creates one session per target for maintenance
flows; rejects empty targets (422) and non-maintenance trees (400)
- SessionResponse schema exposes batch_id and target_label
- 3 new integration tests, all 540 tests pass
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Introduces the TargetList model (team-scoped JSONB target arrays),
Pydantic schemas, and full CRUD REST API at /target-lists/.
Includes Alembic migration and 5 integration tests (TDD).
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Expand ck_trees_tree_type CHECK constraint to include 'maintenance'
- Add 'maintenance' to TreeType Literal in schemas
- Treat maintenance trees as procedural in can_publish_tree validation
- Alembic migration 0f1ca2af3647 drops and recreates the constraint
- Two integration tests: create and filter by tree_type=maintenance
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* docs: add analytics & user feedback design document
Covers team analytics, personal analytics, flow analytics,
step-level thumbs up/down feedback, and flow CSAT ratings.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* docs: add analytics & feedback implementation plan
12-task TDD plan covering session ratings, step feedback,
team/personal/flow analytics endpoints, and frontend pages.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: add session_ratings table and analytics indexes
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: add SessionRating model and analytics schemas
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: add session CSAT rating endpoint with tests
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: add step thumbs feedback and /ratings alias routes
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: add team, personal, and flow analytics endpoints
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: add recharts, analytics types, and API client
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: add inline step thumbs up/down feedback during sessions
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: add CSAT rating modal after session completion
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: add Team Analytics page with charts and leaderboards
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: add Flow Analytics panel with step dropoff and CSAT data
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: add My Analytics page with personal stats and charts
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* feat: add workspace system and sidebar layout (UI design system Phase A+B)
Backend: Workspace model, migration (036), schemas, CRUD API endpoints.
Adds workspace_id to trees and categories, seeds 4 default workspaces
per account, auto-assigns existing trees by tree_type.
Frontend: Complete AppLayout rewrite from top-nav to CSS Grid shell
with persistent sidebar + topbar. New components: WorkspaceSwitcher,
NavItem, CategoryList, TagCloud, TopBar, Sidebar. Dashboard components:
QuickStats, FiltersBar, SectionGroup, TreeListItem, SessionsPanel.
WorkspaceStore with localStorage persistence.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: add command palette search, dashboard rewrite, and shell height fixes (Phase C)
- Add ⌘K command palette with debounced search across flows and sessions
- Rewrite QuickStartPage as dashboard with stats, filters, sessions panel
- Fix h-[calc(100vh-4rem)] → h-full across all pages for CSS Grid shell
- Add active session count badge to sidebar Sessions nav item
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: add sidebar collapse, category/tag filtering, and workspace CRUD (Phase D)
- Sidebar collapse/expand toggle with icon-only rail mode (persisted)
- Sidebar category/tag clicks navigate to /trees with URL params
- TreeLibraryPage syncs filters from URL search params bidirectionally
- Workspace create modal with icon picker and auto-slug generation
- TopBar logo adapts to collapsed sidebar state
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: add Quick Launch modal with actions and recent flows
- Zap button opens Quick Launch with create/navigate shortcuts
- Shows recent flows for quick session start
- Keyboard navigation support (arrows + enter)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: add activity notifications panel with session feed
- Bell icon shows dot indicator for recent activity
- Dropdown panel shows recent sessions with status icons
- Links to session detail and sessions list page
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: remove workspace system, add pinned flows and label renames
Replace workspace system with pinned flows API (pin/unpin/list/reorder).
Rename user-facing labels: Tree→Flow, Procedure→Project. Add sidebar
nav sub-items for flow type filtering. Remove 11 workspace files,
add migrations 037-038, clean all workspace references.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: collapsed sidebar layout scaling and toggle button size
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor: migrate auth pages to new design system
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor: migrate TreeLibraryPage to new design system
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor: migrate session pages to new design system
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor: migrate TreeEditorPage to new design system
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor: migrate TreeNavigationPage to new design system
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor: migrate session sharing components to new design system
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* chore: remove workspace dropdown animation (dead code)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor: migrate common components to new design system
Migrate 15 components from monochrome glass-card design to purple gradient
accent design system tokens (bg-card, border-border, text-foreground,
bg-gradient-brand, etc.)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor: migrate procedural and step library components to new design system
Migrate 10 components from monochrome glass-card design to purple gradient
accent design system tokens.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor: migrate admin pages and components to new design system
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor: migrate remaining pages to new design system
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor: migrate remaining components to new design system
Migrates 38 files: tree-editor forms, session modals, step library,
common components, library views, tree preview, and misc UI to use
design tokens (bg-card, border-border, text-foreground, bg-accent,
bg-gradient-brand) replacing old monochrome patterns.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: keep brand text visible on sidebar collapse, hide sub-items until hover
- TopBar: always show "ResolutionFlow" text regardless of sidebar state
- NavItem: sub-items (Troubleshooting, Projects) hidden by default,
revealed on hover or when a child route is active
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* feat: add session sharing types, API client, and utilities
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: add SessionTimeline and ActionMenu reusable components
SessionTimeline extracts timeline/checklist rendering from SessionDetailPage
into a reusable component for both authenticated and public session views.
ActionMenu provides a dropdown action menu with keyboard/click-outside dismiss.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: add ShareSessionModal and integrate into SessionDetailPage
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: add Share Progress popover to TreeNavigationPage
Replace the single "Copy for Ticket" button with a "Share Progress"
popover that offers three actions: Copy Progress Summary (existing PSA
export flow), Copy Share Link (auto-creates account-only share if
needed), and Manage Share Links (opens ShareSessionModal).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: add public SharedSessionPage with tree preview
Add the public-facing shared session page at /share/:shareToken that
renders shared sessions without authentication. Includes error handling
for 401 (redirect to login), 403 (access denied), 404 (not found),
and 410 (expired). The page features a minimal header, session metadata,
SessionTimeline component, and a new SharedSessionTreePreview component
that renders the decision tree structure with the path taken highlighted.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: add My Shares management page with nav link
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: address code review issues in session sharing
- Add useCallback for loadShares in ShareSessionModal (React hook deps)
- Use TreeStructure type instead of Record<string, unknown> for type safety
- Fix login redirect format to match LoginPage's expected state shape
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* test: add focused tests for session sharing utilities and API
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: resolve tree_structure type compatibility for shared session views
- Use TreeStructure & Record<string, unknown> intersection for JSONB flexibility
- Add explicit cast in SharedSessionTreePreview for recursive node rendering
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* docs: add session sharing learnings to CLAUDE.md
Add gotchas #12 (TreeStructure vs Tree types) and #13 (login redirect
state format), note about npm run build strictness, and public route
pattern to Common Tasks.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: procedural editor UX improvements
Add URL intake field type, fix variable name editing collapsing fields
(index-based keys/updates), auto-generate variable names by field type,
add section header as first-class step type, and simplify step editor
with "More Options" collapsible for advanced fields.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: allow section_header step type in validation, improve tag input
- Add 'section_header' to VALID_STEP_TYPES in backend validation so
procedural flows with section headers can be published
- Replace procedural editor's inline tag input with TagInput component
(supports autocomplete, Tab, comma, semicolon, and paste splitting)
- Add semicolon delimiter support to TagInput component
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: add type-aware routing for procedural flows
Centralizes tree navigation routing via getTreeNavigatePath helper.
Fixes all pages to route procedural sessions to /flows/:id/navigate
instead of /trees/:id/navigate. Adds safety redirect in troubleshooting
navigator and resume support in procedural navigator.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: remove unused index prop from IntakeFieldEditor
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Adds a new "procedural" tree type for linear step-by-step project workflows
(domain controller setup, M365 onboarding, VPN config, etc). Includes intake
form builder, two-panel step navigation, variable resolution, procedural
exports, 3 seed templates, and UI rename from "Trees" to "Flows".
Also archives 19 implemented plan docs and creates deferred features backlog.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Server-side regex redaction masks IPs, emails, bearer/API tokens, and
UNC paths in exported session content. Redaction runs post-generation
and post-variable-resolution with fail-closed error handling. Frontend
gets a "Mask Sensitive Data" toggle in the export preview modal with
a summary of what was redacted. 24 unit tests passing, frontend build clean.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Mid-session "Copy for Ticket" no longer shows a misleading Resolution
section that echoed the last step's answer.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- max_step_index slices decisions in all 4 export formats
- Only set exported=True when session is completed
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add next_steps TEXT column to sessions table via migration 034
- Add include_outcome_notes, include_next_steps, max_step_index to SessionExport
- Add next_steps to SessionUpdate, SessionResponse, SessionComplete
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Engineers can now paste command output during action steps. Output is
stored in the session decisions JSONB, displayed in session review,
included in all 4 export formats with command context, and preserved
in session-to-tree conversions.
- Collapsible "Paste Output" textarea on action nodes with commands
- 10,000 character limit with live character count
- Works on both built-in and custom action steps
- Preloads output when revisiting a step via Go Back
- All exports show commands run alongside captured output
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Revoke-and-recreate flow for both invite systems with email delivery
via Resend API. Includes account invite email template and audit logging.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Migration 030: add email, assigned_plan, trial_duration_days, email_sent_at
to invite_codes with CHECK constraints
- Resend email integration (graceful degradation when API key not set)
- Invite codes now support plan assignment (free/pro/team) and trial duration (1-90 days)
- Registration applies invite code plan/trial to new subscription
- Auto-downgrade expired trials on authenticated access
- Enriched GET /admin/users/{id} with account, subscription, sessions, audit logs
- New endpoints: PUT /admin/users/{id}/subscription/plan and extend-trial
- Frontend: enhanced invite codes page with email, plan, trial fields
- Frontend: new user detail page at /admin/users/:userId
- Fixed API path drift: /invite-codes -> /invites
- 11 new backend tests, 416 total passing
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Implements the full dual-mode tree editor (Plan Phases 1-5):
Backend:
- JSONB↔Markdown bidirectional serializer/parser with mistune
- Markdown validator with line/column error reporting
- 3 API endpoints: export-markdown, import-markdown, validate-markdown
- Variable extraction/resolution service ([USER_INPUT], [VAR], [SAVE_AS])
- Session variables JSONB column (migration 028)
- 39 tree markdown tests + variable service tests (403 total passing)
Frontend:
- Monaco-based Code Mode with custom Monarch tokenizer and dark theme
- Autocomplete for @node_id refs, type values, variable names
- Debounced validation (800ms) with inline Monaco error markers
- Syntax help panel (absolute overlay, toggleable)
- Starter template for new trees with valid cross-references
- Bidirectional metadata sync (name/description/category/tags frontmatter)
- Synchronous tree→markdown serializer (fixes async race condition)
- Pre-save validation blocks save on broken refs or missing tree name
- Mode-aware undo/redo: Monaco native in Code Mode, throttled zundo in Flow Mode
- Variable prompt modal and frontend resolver for session navigation
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
PSA Export:
- New "PSA / Ticket Note" export format optimized for ConnectWise
- Structured output: Problem, Steps Taken, Resolution, Time Spent, Notes
- Prominent "Copy for Ticket" button on session detail page
- 24 unit tests for PSA export generator
Quick-Start Landing:
- New default landing page with search-first UX
- Auto-focused search bar with debounced tree search
- "Continue Session" cards for active sessions
- "Recent Trees" section from session history
- Home nav item and logo links updated
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds complete super_admin panel with 9 pages and account owner categories page.
Backend includes 5 new DB tables, ~25 API endpoints, settings manager with
in-memory cache, and 29 integration tests. Frontend includes reusable admin
components (DataTable, Pagination, ActionMenu, etc.) with code-split lazy loading.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Backend features:
- Tree sharing via secure tokens with expiration (Issue #16)
- Draft tree status with conditional validation (Issue #25)
- Save session as custom tree with fork tracking (Issue #17)
- Tree validation system for publish requirements
- Session-to-tree conversion preserving custom steps
Database migrations:
- 024: Tree sharing (tree_shares table, visibility field)
- 025: Tree status field (draft/published)
- 25b: Merge migration for indexes
New endpoints:
- POST /api/v1/trees/{id}/share - Generate share token
- GET /api/v1/shared/{token} - Public tree access
- POST /api/v1/trees/{id}/can-publish - Validate tree
- POST /api/v1/sessions/{id}/save-as-tree - Convert session
Test coverage:
- 20 tests for draft trees functionality
- 14 tests for session-to-tree conversion
- 15 tests for tree sharing
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Implement comprehensive search and filtering for Session History to dramatically
improve findability of past troubleshooting sessions.
Backend Enhancements:
- Update GET /api/v1/sessions with 8 filter parameters:
* ticket_number - Partial match search (ILIKE)
* client_name - Partial match search (ILIKE)
* tree_name - JSONB path query on tree_snapshot
* started_after/started_before - DateTime range filtering
* completed_after/completed_before - DateTime range filtering
- Enhanced tree_snapshot to include name, description, category, version
- Migration 11c8abf7ef5b: Added 3 database indexes for performance:
* ix_sessions_ticket_number (B-tree)
* ix_sessions_client_name (B-tree)
* ix_sessions_tree_snapshot_gin (GIN for JSONB queries)
- 7 new integration tests for all filter combinations
Frontend Implementation:
- New SessionFilters component with comprehensive UI:
* Ticket number search input
* Client name search input
* Tree name dropdown (sorted alphabetically)
* Date range picker with react-day-picker integration
* Quick presets: Today, This Week, Last 7 Days, This Month
* Toggle between "Started" and "Completed" date types
* Active filter chips with remove buttons
* "Clear All" button
- Complete SessionHistoryPage rewrite:
* URL state management via useSearchParams (shareable filter links)
* Enhanced session cards showing tree name, client badge, notes indicator
* Smart empty states ("Clear filters" vs "Start new session")
* Debounced search (300ms)
- Custom date picker styling matching ResolutionFlow theme
- Dependencies: react-day-picker@9.13.1, date-fns@4.1.0
Features:
- Multiple filters work together (AND logic)
- Filter state persists in URL for shareable links
- Sub-300ms query performance with database indexes
- Fully responsive design (mobile/tablet/desktop)
- Theme-aware (dark/light mode)
- Toast notifications for errors
Performance:
- Database indexes ensure <300ms queries even with large datasets
- Frontend debouncing reduces API calls
- JSONB GIN index for O(log n) tree name lookups
Bundle Impact:
- JS: +87.83 KB (+12.2%, due to react-day-picker library)
- CSS: +10.53 KB (+25.8%, date picker styles)
- Gzipped: +24.52 KB JS, +1.82 KB CSS
All acceptance criteria met:
✓ Search by ticket number (partial match)
✓ Search by client name (partial match)
✓ Filter by date range (started or completed)
✓ Filter by tree name
✓ Multiple filters work together (AND logic)
✓ Active filters shown as removable chips
✓ "Clear all filters" resets to default view
✓ Search is fast (<300ms)
✓ Filter state in URL (shareable links)
✓ Tree name displayed in session cards
Tests: 34/34 session tests passing (7 new filter tests)
Closes#35
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Implements Issue #34 - Tree Library Full View System
Backend Changes:
- Add sort_by parameter to GET /api/v1/trees endpoint
- Support 6 sorting options: usage_count, updated_at, created_at, name, name_desc, version
- Maintain backward compatibility (defaults to usage_count)
- Add comprehensive test for sorting functionality
- All 104 backend tests passing
Frontend Changes:
- Create ViewToggle component for switching between Grid/List/Table views
- Create SortDropdown component for 6 sort options
- Create TreeGridView component (extracted from TreeLibraryPage)
- Create TreeListView component (compact row-based layout)
- Create TreeTableView component (sortable table with columns)
- Update userPreferencesStore with view and sort preferences
- Update TreeFilters type to include sort_by parameter
- Update TreeLibraryPage to integrate new components
- View and sort preferences persist to localStorage
Features:
- Grid view: Best for discovery (default)
- List view: Best for quick scanning
- Table view: Best for sorting and comparison
- Responsive design: Mobile/tablet/desktop optimized
- Table view hides columns responsively
- Sortable table headers with visual indicators
- Smooth transitions and hover effects
- No layout shift when switching views
Testing:
- Backend: 104/104 tests pass
- Frontend: Build successful, no TypeScript errors
- All existing functionality preserved
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Implement three foundational schema features from the design doc:
- Tree forking with lineage tracking (migration 022): parent_tree_id,
root_tree_id, fork_depth columns with self-referential FKs and
composite analytics index
- Custom step enhancement: CustomStepSchema with source tracking
(ad-hoc, step-library, forked-tree) for backward-compatible JSONB
- Session sharing (migration 023): session_shares and session_share_views
tables with account-scoped visibility, cryptographic tokens, view
tracking, and allow_public_shares account policy
Includes 21 new integration tests (9 forking, 12 sharing), SaaS
consultant-recommended denormalizations, rate limiting on public share
access, and test fixture fix for invite code requirement.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Account.owner_id and User.account_id are both NOT NULL, creating a
circular dependency that prevents inserting either row first. Fix by:
1. Making owner_id nullable (set immediately after user creation)
2. Creating Account before User, then setting owner_id after flush
3. Removing NOT NULL enforcement on owner_id in migration 020
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace team_id with account_id across all API endpoints (trees,
categories, tags, steps, step_categories, admin, auth). Add new
accounts and webhooks endpoints. Registration now atomically creates
Account + Subscription, with account_invite_code bypassing the
platform invite gate.
Schemas updated for account_id/account_role. 82 tests passing
including 18 new tests for accounts, subscriptions, and permissions.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Transition from team-based to account-based multi-tenancy (Free/Pro/Team).
Migrations 016-020 create accounts, subscriptions, plan_limits, and
account_invites tables, then migrate existing users and content FKs.
New models: Account, Subscription, PlanLimits, AccountInvite.
Updated models add account_id alongside existing team_id (coexistence
for safe two-PR deployment). Permissions and deps refactored for
account_role instead of is_team_admin.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The % and _ characters in user search input are now escaped before
the LIKE query, preventing unintended wildcard matching in tag search.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The /debug/cors endpoint is now conditionally registered, preventing
information leakage about CORS configuration in production.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
When a tree is soft-deleted, folder assignments and tag assignments are
now removed from junction tables. Tag usage counts are decremented with
a floor of zero to prevent negative counts.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Passwords must now contain at least one uppercase letter, one lowercase
letter, and one digit (in addition to the existing 10-char minimum).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds deleted_at and deleted_by columns to trees table for proper soft
delete tracking. Supports future 30-day restore window functionality.
The delete endpoint now sets both is_active=False (backward compat) and
deleted_at/deleted_by. Migration backfills existing is_active=False rows.
Fixed ambiguous FK relationship between User/Tree models by adding
explicit foreign_keys to both sides of the author relationship.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Creates AuditLog model with JSONB details column for tracking admin
actions. Integrates log_audit() helper into admin endpoints (role
change, team admin toggle, deactivate, activate) and tree delete.
IP address column reserved for future Railway proxy header support.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Super admins now see all trees regardless of ownership, team, or
public/default status. Previously the build_tree_access_filter function
had no super_admin check, so admins could only see their own trees plus
public/default/team trees.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Phase B addresses 7 high-severity gaps from the permissions audit:
- B1: Enforce tree access check on session start via can_access_tree
- B2: Replace all inline permission helpers with centralized permissions.py
- B3: Fix require_engineer_or_admin to check is_team_admin before role
- B4: Add is_active field on User with enforcement in get_current_active_user
- B5: Add admin user management endpoints (list, get, role, team-admin, deactivate, activate)
- B6: Add rate limiting on auth/invite endpoints via slowapi (disabled in DEBUG)
- B7: Implement refresh token rotation with JTI-based revocation and meaningful logout
Also reduces access token TTL from 15 to 5 minutes and updates CLAUDE.md
with SaaS/MSP context for future planning sessions.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Remove role field from UserCreate schema, hardcode 'engineer' at registration
- Escape all user content in HTML export with html.escape() (XSS fix)
- Add field_validator to reject default SECRET_KEY when DEBUG=False
- Add CHECK constraint on users.role ('engineer'|'viewer') + migration 011
- Fix test_admin fixture to properly grant is_super_admin via ORM
- Fix circular FK (users↔invite_codes) in test DB setup with DROP SCHEMA CASCADE
- Add 5 new security tests (role validation + XSS prevention)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add role-based access control with hierarchy: super_admin > team_admin >
engineer > viewer. Adds is_super_admin boolean to User model (migration 010),
centralized backend permissions module, frontend usePermissions hook, and
UI enforcement (conditional Create/Edit buttons, editor redirect for viewers,
role badge in header). All endpoint admin checks updated from role=="admin"
to is_super_admin.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Fix broken JWT token refresh that caused "Failed to load trees" after
idle timeout. The refresh endpoint expected token as query param but
frontend sent it as Authorization header. Added proper dependency
(get_refresh_token_payload) and refresh queue to handle concurrent 401s.
Also fix seed trees not being visible to non-admin users by updating
the seed script to set is_public/is_default on existing trees.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
