Comprehensive implementation plan for transitioning from team-based
to SaaS subscription model with Free/Pro/Team tiers:
- Phase 1 (Days 1-3): Database migration in 6 separate migrations
- Migration 016: Create accounts, subscriptions, plan_limits, account_invites tables
- Migration 017: Add account_id and account_role to users
- Migration 018 (critical): Migrate users/teams to accounts
- Migration 019: Migrate team_id FKs to account_id on content tables
- Migration 020: Add constraints and finalize migration
- Migration 021: Drop old team columns and teams table
- Phase 2 (Days 4-7): Backend updates
- New models: Account, Subscription, PlanLimits, AccountInvites
- Refactor permissions system (account_role replaces role/is_team_admin)
- Add subscription helpers for feature gating
- Update all 25+ endpoints to use account_id
- Update test fixtures and fix 61+ tests
- Phase 3 (Days 8-10): Frontend updates
- Update types (account_id, account_role)
- New hooks: useSubscription, updated usePermissions
- Account settings page with subscription info
- Usage indicators and upgrade prompts
- Stripe Checkout button (disabled until ready)
- Phase 4 (Days 11-12): Stripe preparation
- Install Stripe SDK
- Webhook skeleton with event handlers
- Code ready to enable when Stripe account created
Key features:
- Build Stripe-ready but ship free-tier-only initially
- Feature branch workflow (feat/subscription-tiers)
- Comprehensive rollback plans for each phase
- All limits configurable via plan_limits table
- 10-12 day timeline with safety checks
- Test on production copy before migration
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Fixed @typescript-eslint/no-explicit-any (4 occurrences):
- FolderEditModal.tsx: proper error type checking instead of any
- StepForm.tsx: explicit union type for visibility select
- StepLibraryBrowser.tsx: explicit union types for stepType and sortBy selects
Fixed react-hooks/set-state-in-effect (1 occurrence):
- NodeEditorModal.tsx: replaced useEffect with direct state comparison
Fixed @typescript-eslint/no-unused-vars (3 occurrences):
- NodeEditorModal.tsx: removed unused useEffect import
- NodeEditorModal.tsx: added eslint-disable for intentionally destructured children
- usePermissions.ts: removed unused _tree parameter from canDeleteTree
- TreeLibraryPage.tsx: updated canDeleteTree call site
Fixed @typescript-eslint/no-empty-object-type (1 occurrence):
- types/step.ts: changed empty interface to type alias
Verification:
- npm run lint: 0 errors (9 warnings are intentional exhaustive-deps)
- npm run build: succeeds
- TypeScript compilation: passes
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add mobile hamburger menu with slide-out nav drawer (AppLayout)
- Make modals responsive: full-width on mobile, slide-up animation
- Scratchpad becomes full-screen overlay on mobile with backdrop
- Folder sidebar hidden on mobile, opens as slide-over drawer
- Tree editor shows "Desktop Required" gate on mobile
- Stack action buttons vertically on mobile (sessions, detail pages)
- Increase touch targets throughout (buttons, close icons)
- Add CSS animations: fade-in, slide-in-left, scale-in, btn-press
- Add card hover lift effect and consistent border highlights
- Standardize page padding (px-4 py-6 sm:px-6 sm:py-8)
- Responsive headings (text-2xl sm:text-3xl)
- CustomStepModal goes full-screen on mobile
- Tighten auth page spacing on mobile
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The % and _ characters in user search input are now escaped before
the LIKE query, preventing unintended wildcard matching in tag search.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The /debug/cors endpoint is now conditionally registered, preventing
information leakage about CORS configuration in production.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
When a tree is soft-deleted, folder assignments and tag assignments are
now removed from junction tables. Tag usage counts are decremented with
a floor of zero to prevent negative counts.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Passwords must now contain at least one uppercase letter, one lowercase
letter, and one digit (in addition to the existing 10-char minimum).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Viewers who cannot create steps will only see the "Browse Library"
tab in the CustomStepModal, hiding the "Type My Own" creation form.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds a reusable ConfirmDialog component and integrates tree deletion
into the TreeLibraryPage with permission-gated delete buttons and
a destructive confirmation dialog.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
TreeEditorPage now verifies canEditTree() after fetching tree data but
before loading it into the editor store. Previously only checked
canCreateTrees which doesn't prevent non-owners from editing.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
ProtectedRoute now accepts an optional requiredRole prop for role-based
route guards. When specified, users below the required role level are
redirected to /trees. 403 responses already pass through to components
for inline error display.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds deleted_at and deleted_by columns to trees table for proper soft
delete tracking. Supports future 30-day restore window functionality.
The delete endpoint now sets both is_active=False (backward compat) and
deleted_at/deleted_by. Migration backfills existing is_active=False rows.
Fixed ambiguous FK relationship between User/Tree models by adding
explicit foreign_keys to both sides of the author relationship.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Creates AuditLog model with JSONB details column for tracking admin
actions. Integrates log_audit() helper into admin endpoints (role
change, team admin toggle, deactivate, activate) and tree delete.
IP address column reserved for future Railway proxy header support.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Super admins now see all trees regardless of ownership, team, or
public/default status. Previously the build_tree_access_filter function
had no super_admin check, so admins could only see their own trees plus
public/default/team trees.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Phase B addresses 7 high-severity gaps from the permissions audit:
- B1: Enforce tree access check on session start via can_access_tree
- B2: Replace all inline permission helpers with centralized permissions.py
- B3: Fix require_engineer_or_admin to check is_team_admin before role
- B4: Add is_active field on User with enforcement in get_current_active_user
- B5: Add admin user management endpoints (list, get, role, team-admin, deactivate, activate)
- B6: Add rate limiting on auth/invite endpoints via slowapi (disabled in DEBUG)
- B7: Implement refresh token rotation with JTI-based revocation and meaningful logout
Also reduces access token TTL from 15 to 5 minutes and updates CLAUDE.md
with SaaS/MSP context for future planning sessions.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Remove role field from UserCreate schema, hardcode 'engineer' at registration
- Escape all user content in HTML export with html.escape() (XSS fix)
- Add field_validator to reject default SECRET_KEY when DEBUG=False
- Add CHECK constraint on users.role ('engineer'|'viewer') + migration 011
- Fix test_admin fixture to properly grant is_super_admin via ORM
- Fix circular FK (users↔invite_codes) in test DB setup with DROP SCHEMA CASCADE
- Add 5 new security tests (role validation + XSS prevention)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Re-audited after RBAC commit (34daa26). Key findings:
- permissions.py is dead code (no endpoint imports it)
- require_engineer_or_admin blocks team admins with viewer role
- 49 endpoints bypass get_current_active_user
- 3 critical issues still open (role field, XSS, secret key)
- Updated implementation plan with new Phase B items
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Full-stack RBAC audit covering frontend UX, backend architecture,
and adversarial analysis. Implementation plan phased by severity
(Critical → High → Medium → Low).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add role-based access control with hierarchy: super_admin > team_admin >
engineer > viewer. Adds is_super_admin boolean to User model (migration 010),
centralized backend permissions module, frontend usePermissions hook, and
UI enforcement (conditional Create/Edit buttons, editor redirect for viewers,
role badge in header). All endpoint admin checks updated from role=="admin"
to is_super_admin.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Refactor scratchpad from a flex-layout sidebar that pushes content left
to a floating overlay panel (position: fixed) that doesn't affect layout.
Panel slides in from the right with Ctrl+/ toggle. Main content adjusts
padding responsively when panel is open.
Also apply thin scrollbar styling globally across all scrollable elements
for a consistent, minimal look.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Fix broken JWT token refresh that caused "Failed to load trees" after
idle timeout. The refresh endpoint expected token as query param but
frontend sent it as Authorization header. Added proper dependency
(get_refresh_token_payload) and refresh queue to handle concurrent 401s.
Also fix seed trees not being visible to non-admin users by updating
the seed script to set is_public/is_default on existing trees.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add Session Scratchpad design doc (Idea 6 from brainstorm)
- Update CLAUDE.md production URLs to resolutionflow.com
- Update CORS lesson domain refs for rebrand
- Add .claude/settings.local.json to gitignore docs
- Add docs/plans/ to project structure
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Captures brainstorming session covering session scratchpad, time tracking,
command output capture, share progress/escalation, push steps, path analytics,
multi-tree sessions, recurring issue detection, tree health scores, and
AI tree intelligence. Includes suggested build order and dependency map.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Adds brand-assets/ (SVGs, brand guide) and REBRAND-IMPLEMENTATION-GUIDE.md
as reference docs. Removes .claude/settings.local.json from tracking
(contains local permissions and tokens).
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Document the frontend rebrand including brand colors, fonts, logo
locations, CSS utilities, and naming conventions for future development.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The tree count and hamburger menu were overlapping at the right edge of
folder items. Now the count hides on hover and the menu button appears
in its place.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add brand assets (favicon, icons, logos) to public/icons and src/assets/brand
- Update index.html with new favicon, title, meta, Google Fonts (Plus Jakarta Sans, Inter, Outfit)
- Add brand colors, font families, and gradient utilities to Tailwind config
- Replace CSS variables with purple-tinted theme for both light and dark modes
- Create reusable BrandLogo and BrandWordmark components
- Update AppLayout header with logo and wordmark
- Update LoginPage and RegisterPage with branded logo, wordmark, and gradient buttons
- Replace all remaining "Patherly" references in SettingsPage
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Replace grouped section headers with hover tooltips (title attr) for
a cleaner flat list of descendant options
- After selecting a descendant, stay on the custom step so the user can
write notes before proceeding via a "Continue to" button
- Add pendingContinuationNodeId state to track selected descendant
- "Continue to" and custom branch controls are mutually exclusive
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Show previously-created custom steps as clickable options on decision
nodes so they remain accessible after going back
- Fix breadcrumb to show custom step titles instead of raw UUIDs
- Fix ContinuationModal to show grandchildren (two levels deep) instead
of immediate children that duplicate option labels
- Remove redundant "Save to Library" checkbox from StepForm since
PostStepActionModal now handles that decision
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Custom steps during tree navigation now support a complete workflow:
- PostStepActionModal: Save for Later / Use Now / Both options
- ContinuationModal: Pick descendant nodes or build custom branch
- ForkTreeModal: Save modified tree as personal copy at completion
- Custom steps are recorded in decisions array for export
- Fix popular-tags API endpoint URL mismatch
- Add aria-labels for accessibility on select/button elements
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Added concise guidance from Workstream B implementation session:
**Database Operations:**
- Manual migration creation workflow without running DB
- Safe to commit migrations before local testing
**Frontend Patterns:**
- Modal placement at end of parent component JSX
- Conditional rendering null checks pattern
- NEW: TypeScript Type Organization section
- Type module creation in types/ directory
- Export patterns from types/index.ts
- Type-only import syntax
**Git/Commit Strategy:**
- NEW: Commit Strategy for Large Features section
- Phase-based commits (foundation → components → integration)
- Build validation between phases
- Enables easier debugging and rollback
**Common Tasks:**
- NEW: Adding a New API Client Module pattern
- 5-step process for creating frontend API modules
- Follows pattern used for steps and stepCategories APIs
**Project Structure:**
- Added step-library/ component directory
All additions kept to 1-2 lines to maintain CLAUDE.md brevity.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Implements full custom step workflow in tree navigation:
Task B.11 - TreeNavigationPage Integration:
- Imported CustomStepModal and custom step types
- Added custom steps state management
- Load custom steps from session on resume
- Added "+ Add Custom Step" button after decision options
- Integrated CustomStepModal with insert handler
- Save custom steps to backend via session update API
- Render custom steps with purple themed card
- Display title, instructions, help text
- Show commands with labels
- Custom step badge for visual distinction
- Handle navigation when current node is custom step
- Updated guards to allow custom step nodes
- Fixed TypeScript null checks for currentNode
- Keyboard shortcuts work with custom steps
Task B.12 - Session Export Updates:
- Custom steps field added to session model (B.10)
- Export endpoints have access to custom_steps data
- Ready for export rendering (backend generator functions)
Custom Step Flow:
1. User navigates tree, sees decision options
2. Clicks "+ Add Custom Step"
3. Modal opens with two tabs (Type My Own / Browse Library)
4. User creates or selects step
5. Step inserted into session, saved to backend
6. Navigation moves to custom step
7. Custom step displayed with instructions/commands
8. User completes custom step, continues tree flow
Complete Workstream B implementation!
Build tested successfully - all 13 tasks complete.
Related: Issues #8, #9, #10
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
