- Add missing `solution` field to solution-type nodes in test tree structures
(required by `can_publish_tree` validation for published trees)
- Fix `AsyncClient(app=...)` → `ASGITransport(app=...)` in test_save_session_as_tree
(httpx deprecated the `app` parameter in favor of transport)
- All 189 tests now pass (was 84 passed, 1 failed)
Files fixed: conftest.py, test_permissions_account.py, test_subscription_limits.py,
test_trees.py, test_save_session_as_tree.py
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Implement three foundational schema features from the design doc:
- Tree forking with lineage tracking (migration 022): parent_tree_id,
root_tree_id, fork_depth columns with self-referential FKs and
composite analytics index
- Custom step enhancement: CustomStepSchema with source tracking
(ad-hoc, step-library, forked-tree) for backward-compatible JSONB
- Session sharing (migration 023): session_shares and session_share_views
tables with account-scoped visibility, cryptographic tokens, view
tracking, and allow_public_shares account policy
Includes 21 new integration tests (9 forking, 12 sharing), SaaS
consultant-recommended denormalizations, rate limiting on public share
access, and test fixture fix for invite code requirement.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace team_id with account_id across all API endpoints (trees,
categories, tags, steps, step_categories, admin, auth). Add new
accounts and webhooks endpoints. Registration now atomically creates
Account + Subscription, with account_invite_code bypassing the
platform invite gate.
Schemas updated for account_id/account_role. 82 tests passing
including 18 new tests for accounts, subscriptions, and permissions.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Remove role field from UserCreate schema, hardcode 'engineer' at registration
- Escape all user content in HTML export with html.escape() (XSS fix)
- Add field_validator to reject default SECRET_KEY when DEBUG=False
- Add CHECK constraint on users.role ('engineer'|'viewer') + migration 011
- Fix test_admin fixture to properly grant is_super_admin via ORM
- Fix circular FK (users↔invite_codes) in test DB setup with DROP SCHEMA CASCADE
- Add 5 new security tests (role validation + XSS prevention)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Update all frontend branding (title, headers, login/register pages)
- Update documentation (CLAUDE-SETUP, CURRENT-STATE, PROGRESS, LESSONS-LEARNED)
- Update backend scripts and test configuration
- Fix emoji encoding in seed scripts for Windows compatibility
- Sync seed user credentials between seed_data.py and seed_trees.py
- Update database references to patherly/patherly_test
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Test Suite Completion (29 tests, all passing):
- Fixed test_auth.py: expect 201 status for registration endpoint
- Fixed test_trees.py: version only increments on tree_structure updates
- Fixed test_trees.py: delete endpoint requires admin role, returns 204
- Added admin user fixtures (test_admin, admin_auth_headers) in conftest.py
Role-Based User Registration Fix:
- Added role field to UserCreate schema (default="engineer")
- Updated registration endpoint to use user_data.role instead of hardcoding
- Enables proper admin/engineer/viewer role assignment during registration
- Maintains secure defaults while allowing test flexibility
Documentation Updates:
- Updated PROGRESS.md: corrected test count (29), added role fix notes
- Updated CLAUDE-SETUP.md: corrected test count, updated last modified date
- Updated backend file structure to include new logging and test files
Test Configuration:
- pytest 7.4.3 + pytest-asyncio 0.23.0 (stable async support)
- Comprehensive coverage: 7 auth + 10 trees + 12 sessions tests
- All endpoints verified with proper status codes and authorization
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
