Implements Issue #34 - Tree Library Full View System
Backend Changes:
- Add sort_by parameter to GET /api/v1/trees endpoint
- Support 6 sorting options: usage_count, updated_at, created_at, name, name_desc, version
- Maintain backward compatibility (defaults to usage_count)
- Add comprehensive test for sorting functionality
- All 104 backend tests passing
Frontend Changes:
- Create ViewToggle component for switching between Grid/List/Table views
- Create SortDropdown component for 6 sort options
- Create TreeGridView component (extracted from TreeLibraryPage)
- Create TreeListView component (compact row-based layout)
- Create TreeTableView component (sortable table with columns)
- Update userPreferencesStore with view and sort preferences
- Update TreeFilters type to include sort_by parameter
- Update TreeLibraryPage to integrate new components
- View and sort preferences persist to localStorage
Features:
- Grid view: Best for discovery (default)
- List view: Best for quick scanning
- Table view: Best for sorting and comparison
- Responsive design: Mobile/tablet/desktop optimized
- Table view hides columns responsively
- Sortable table headers with visual indicators
- Smooth transitions and hover effects
- No layout shift when switching views
Testing:
- Backend: 104/104 tests pass
- Frontend: Build successful, no TypeScript errors
- All existing functionality preserved
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Implement three foundational schema features from the design doc:
- Tree forking with lineage tracking (migration 022): parent_tree_id,
root_tree_id, fork_depth columns with self-referential FKs and
composite analytics index
- Custom step enhancement: CustomStepSchema with source tracking
(ad-hoc, step-library, forked-tree) for backward-compatible JSONB
- Session sharing (migration 023): session_shares and session_share_views
tables with account-scoped visibility, cryptographic tokens, view
tracking, and allow_public_shares account policy
Includes 21 new integration tests (9 forking, 12 sharing), SaaS
consultant-recommended denormalizations, rate limiting on public share
access, and test fixture fix for invite code requirement.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Comprehensive schema design for three critical foundational features:
1. Tree Forking Model (Issue #11)
- Add parent_tree_id, fork_reason, parent_updated_at to trees
- Self-referential relationship with orphaning on parent delete
- Update detection mechanism for "parent tree updated" notifications
2. Session Custom Steps Enhancement (Issues #4-#7 partial)
- Backward-compatible JSONB enhancement (no migration)
- Track step source (ad-hoc, library, forked-tree)
- Link to StepLibrary for usage analytics
- Support "save session as tree" reconstruction
3. Session Share Tokens (Issue #15)
- New session_shares table with token-based access
- New session_share_views table for detailed analytics
- Account-level policy: allow_public_shares
- Public vs account-only visibility with permission checks
All schema changes designed for backward compatibility and minimal
migration complexity. Establishes durable domain model that future
features depend on.
Migration plan: 022 (tree forking), 023 (session sharing)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Design document for Tier 1 UX enhancement implementing toast
notifications using sonner library.
- Comprehensive context on current state problems
- Phase-by-phase implementation plan
- Design patterns and best practices
- Complete verification checklist
- Risk assessment and mitigation strategies
Related: #33, #34, #35
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Railway already ran the old migration 020 which enforced NOT NULL on
owner_id. Since alembic won't re-run a corrected 020, this new migration
explicitly reverts the constraint for databases that already applied it.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Account.owner_id and User.account_id are both NOT NULL, creating a
circular dependency that prevents inserting either row first. Fix by:
1. Making owner_id nullable (set immediately after user creation)
2. Creating Account before User, then setting owner_id after flush
3. Removing NOT NULL enforcement on owner_id in migration 020
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace all team_id/team_admin references with account_id/owner across
types, store, hooks, API clients, components, and pages. Add new
AccountSettingsPage, UpgradePrompt, CheckoutButton, useSubscription
hook, and accounts API client. AuthStore now parallel-fetches account
and subscription data alongside user profile.
Also fix folder sidebar not refreshing after tree deletion by
dispatching the folder-changed event in handleDeleteTree.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace team_id with account_id across all API endpoints (trees,
categories, tags, steps, step_categories, admin, auth). Add new
accounts and webhooks endpoints. Registration now atomically creates
Account + Subscription, with account_invite_code bypassing the
platform invite gate.
Schemas updated for account_id/account_role. 82 tests passing
including 18 new tests for accounts, subscriptions, and permissions.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Transition from team-based to account-based multi-tenancy (Free/Pro/Team).
Migrations 016-020 create accounts, subscriptions, plan_limits, and
account_invites tables, then migrate existing users and content FKs.
New models: Account, Subscription, PlanLimits, AccountInvite.
Updated models add account_id alongside existing team_id (coexistence
for safe two-PR deployment). Permissions and deps refactored for
account_role instead of is_team_admin.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Comprehensive implementation plan for transitioning from team-based
to SaaS subscription model with Free/Pro/Team tiers:
- Phase 1 (Days 1-3): Database migration in 6 separate migrations
- Migration 016: Create accounts, subscriptions, plan_limits, account_invites tables
- Migration 017: Add account_id and account_role to users
- Migration 018 (critical): Migrate users/teams to accounts
- Migration 019: Migrate team_id FKs to account_id on content tables
- Migration 020: Add constraints and finalize migration
- Migration 021: Drop old team columns and teams table
- Phase 2 (Days 4-7): Backend updates
- New models: Account, Subscription, PlanLimits, AccountInvites
- Refactor permissions system (account_role replaces role/is_team_admin)
- Add subscription helpers for feature gating
- Update all 25+ endpoints to use account_id
- Update test fixtures and fix 61+ tests
- Phase 3 (Days 8-10): Frontend updates
- Update types (account_id, account_role)
- New hooks: useSubscription, updated usePermissions
- Account settings page with subscription info
- Usage indicators and upgrade prompts
- Stripe Checkout button (disabled until ready)
- Phase 4 (Days 11-12): Stripe preparation
- Install Stripe SDK
- Webhook skeleton with event handlers
- Code ready to enable when Stripe account created
Key features:
- Build Stripe-ready but ship free-tier-only initially
- Feature branch workflow (feat/subscription-tiers)
- Comprehensive rollback plans for each phase
- All limits configurable via plan_limits table
- 10-12 day timeline with safety checks
- Test on production copy before migration
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Fixed @typescript-eslint/no-explicit-any (4 occurrences):
- FolderEditModal.tsx: proper error type checking instead of any
- StepForm.tsx: explicit union type for visibility select
- StepLibraryBrowser.tsx: explicit union types for stepType and sortBy selects
Fixed react-hooks/set-state-in-effect (1 occurrence):
- NodeEditorModal.tsx: replaced useEffect with direct state comparison
Fixed @typescript-eslint/no-unused-vars (3 occurrences):
- NodeEditorModal.tsx: removed unused useEffect import
- NodeEditorModal.tsx: added eslint-disable for intentionally destructured children
- usePermissions.ts: removed unused _tree parameter from canDeleteTree
- TreeLibraryPage.tsx: updated canDeleteTree call site
Fixed @typescript-eslint/no-empty-object-type (1 occurrence):
- types/step.ts: changed empty interface to type alias
Verification:
- npm run lint: 0 errors (9 warnings are intentional exhaustive-deps)
- npm run build: succeeds
- TypeScript compilation: passes
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add mobile hamburger menu with slide-out nav drawer (AppLayout)
- Make modals responsive: full-width on mobile, slide-up animation
- Scratchpad becomes full-screen overlay on mobile with backdrop
- Folder sidebar hidden on mobile, opens as slide-over drawer
- Tree editor shows "Desktop Required" gate on mobile
- Stack action buttons vertically on mobile (sessions, detail pages)
- Increase touch targets throughout (buttons, close icons)
- Add CSS animations: fade-in, slide-in-left, scale-in, btn-press
- Add card hover lift effect and consistent border highlights
- Standardize page padding (px-4 py-6 sm:px-6 sm:py-8)
- Responsive headings (text-2xl sm:text-3xl)
- CustomStepModal goes full-screen on mobile
- Tighten auth page spacing on mobile
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The % and _ characters in user search input are now escaped before
the LIKE query, preventing unintended wildcard matching in tag search.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The /debug/cors endpoint is now conditionally registered, preventing
information leakage about CORS configuration in production.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
When a tree is soft-deleted, folder assignments and tag assignments are
now removed from junction tables. Tag usage counts are decremented with
a floor of zero to prevent negative counts.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Passwords must now contain at least one uppercase letter, one lowercase
letter, and one digit (in addition to the existing 10-char minimum).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Viewers who cannot create steps will only see the "Browse Library"
tab in the CustomStepModal, hiding the "Type My Own" creation form.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds a reusable ConfirmDialog component and integrates tree deletion
into the TreeLibraryPage with permission-gated delete buttons and
a destructive confirmation dialog.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
TreeEditorPage now verifies canEditTree() after fetching tree data but
before loading it into the editor store. Previously only checked
canCreateTrees which doesn't prevent non-owners from editing.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
ProtectedRoute now accepts an optional requiredRole prop for role-based
route guards. When specified, users below the required role level are
redirected to /trees. 403 responses already pass through to components
for inline error display.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds deleted_at and deleted_by columns to trees table for proper soft
delete tracking. Supports future 30-day restore window functionality.
The delete endpoint now sets both is_active=False (backward compat) and
deleted_at/deleted_by. Migration backfills existing is_active=False rows.
Fixed ambiguous FK relationship between User/Tree models by adding
explicit foreign_keys to both sides of the author relationship.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Creates AuditLog model with JSONB details column for tracking admin
actions. Integrates log_audit() helper into admin endpoints (role
change, team admin toggle, deactivate, activate) and tree delete.
IP address column reserved for future Railway proxy header support.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Super admins now see all trees regardless of ownership, team, or
public/default status. Previously the build_tree_access_filter function
had no super_admin check, so admins could only see their own trees plus
public/default/team trees.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Phase B addresses 7 high-severity gaps from the permissions audit:
- B1: Enforce tree access check on session start via can_access_tree
- B2: Replace all inline permission helpers with centralized permissions.py
- B3: Fix require_engineer_or_admin to check is_team_admin before role
- B4: Add is_active field on User with enforcement in get_current_active_user
- B5: Add admin user management endpoints (list, get, role, team-admin, deactivate, activate)
- B6: Add rate limiting on auth/invite endpoints via slowapi (disabled in DEBUG)
- B7: Implement refresh token rotation with JTI-based revocation and meaningful logout
Also reduces access token TTL from 15 to 5 minutes and updates CLAUDE.md
with SaaS/MSP context for future planning sessions.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Remove role field from UserCreate schema, hardcode 'engineer' at registration
- Escape all user content in HTML export with html.escape() (XSS fix)
- Add field_validator to reject default SECRET_KEY when DEBUG=False
- Add CHECK constraint on users.role ('engineer'|'viewer') + migration 011
- Fix test_admin fixture to properly grant is_super_admin via ORM
- Fix circular FK (users↔invite_codes) in test DB setup with DROP SCHEMA CASCADE
- Add 5 new security tests (role validation + XSS prevention)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Re-audited after RBAC commit (34daa26). Key findings:
- permissions.py is dead code (no endpoint imports it)
- require_engineer_or_admin blocks team admins with viewer role
- 49 endpoints bypass get_current_active_user
- 3 critical issues still open (role field, XSS, secret key)
- Updated implementation plan with new Phase B items
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Full-stack RBAC audit covering frontend UX, backend architecture,
and adversarial analysis. Implementation plan phased by severity
(Critical → High → Medium → Low).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add role-based access control with hierarchy: super_admin > team_admin >
engineer > viewer. Adds is_super_admin boolean to User model (migration 010),
centralized backend permissions module, frontend usePermissions hook, and
UI enforcement (conditional Create/Edit buttons, editor redirect for viewers,
role badge in header). All endpoint admin checks updated from role=="admin"
to is_super_admin.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Refactor scratchpad from a flex-layout sidebar that pushes content left
to a floating overlay panel (position: fixed) that doesn't affect layout.
Panel slides in from the right with Ctrl+/ toggle. Main content adjusts
padding responsively when panel is open.
Also apply thin scrollbar styling globally across all scrollable elements
for a consistent, minimal look.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Fix broken JWT token refresh that caused "Failed to load trees" after
idle timeout. The refresh endpoint expected token as query param but
frontend sent it as Authorization header. Added proper dependency
(get_refresh_token_payload) and refresh queue to handle concurrent 401s.
Also fix seed trees not being visible to non-admin users by updating
the seed script to set is_public/is_default on existing trees.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add Session Scratchpad design doc (Idea 6 from brainstorm)
- Update CLAUDE.md production URLs to resolutionflow.com
- Update CORS lesson domain refs for rebrand
- Add .claude/settings.local.json to gitignore docs
- Add docs/plans/ to project structure
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Captures brainstorming session covering session scratchpad, time tracking,
command output capture, share progress/escalation, push steps, path analytics,
multi-tree sessions, recurring issue detection, tree health scores, and
AI tree intelligence. Includes suggested build order and dependency map.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
