* feat: add session sharing types, API client, and utilities
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: add SessionTimeline and ActionMenu reusable components
SessionTimeline extracts timeline/checklist rendering from SessionDetailPage
into a reusable component for both authenticated and public session views.
ActionMenu provides a dropdown action menu with keyboard/click-outside dismiss.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: add ShareSessionModal and integrate into SessionDetailPage
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: add Share Progress popover to TreeNavigationPage
Replace the single "Copy for Ticket" button with a "Share Progress"
popover that offers three actions: Copy Progress Summary (existing PSA
export flow), Copy Share Link (auto-creates account-only share if
needed), and Manage Share Links (opens ShareSessionModal).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: add public SharedSessionPage with tree preview
Add the public-facing shared session page at /share/:shareToken that
renders shared sessions without authentication. Includes error handling
for 401 (redirect to login), 403 (access denied), 404 (not found),
and 410 (expired). The page features a minimal header, session metadata,
SessionTimeline component, and a new SharedSessionTreePreview component
that renders the decision tree structure with the path taken highlighted.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: add My Shares management page with nav link
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: address code review issues in session sharing
- Add useCallback for loadShares in ShareSessionModal (React hook deps)
- Use TreeStructure type instead of Record<string, unknown> for type safety
- Fix login redirect format to match LoginPage's expected state shape
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* test: add focused tests for session sharing utilities and API
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: resolve tree_structure type compatibility for shared session views
- Use TreeStructure & Record<string, unknown> intersection for JSONB flexibility
- Add explicit cast in SharedSessionTreePreview for recursive node rendering
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* docs: add session sharing learnings to CLAUDE.md
Add gotchas #12 (TreeStructure vs Tree types) and #13 (login redirect
state format), note about npm run build strictness, and public route
pattern to Common Tasks.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: procedural editor UX improvements
Add URL intake field type, fix variable name editing collapsing fields
(index-based keys/updates), auto-generate variable names by field type,
add section header as first-class step type, and simplify step editor
with "More Options" collapsible for advanced fields.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: allow section_header step type in validation, improve tag input
- Add 'section_header' to VALID_STEP_TYPES in backend validation so
procedural flows with section headers can be published
- Replace procedural editor's inline tag input with TagInput component
(supports autocomplete, Tab, comma, semicolon, and paste splitting)
- Add semicolon delimiter support to TagInput component
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: add type-aware routing for procedural flows
Centralizes tree navigation routing via getTreeNavigatePath helper.
Fixes all pages to route procedural sessions to /flows/:id/navigate
instead of /trees/:id/navigate. Adds safety redirect in troubleshooting
navigator and resume support in procedural navigator.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: remove unused index prop from IntakeFieldEditor
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Adds a new "procedural" tree type for linear step-by-step project workflows
(domain controller setup, M365 onboarding, VPN config, etc). Includes intake
form builder, two-panel step navigation, variable resolution, procedural
exports, 3 seed templates, and UI rename from "Trees" to "Flows".
Also archives 19 implemented plan docs and creates deferred features backlog.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Migration 030: add email, assigned_plan, trial_duration_days, email_sent_at
to invite_codes with CHECK constraints
- Resend email integration (graceful degradation when API key not set)
- Invite codes now support plan assignment (free/pro/team) and trial duration (1-90 days)
- Registration applies invite code plan/trial to new subscription
- Auto-downgrade expired trials on authenticated access
- Enriched GET /admin/users/{id} with account, subscription, sessions, audit logs
- New endpoints: PUT /admin/users/{id}/subscription/plan and extend-trial
- Frontend: enhanced invite codes page with email, plan, trial fields
- Frontend: new user detail page at /admin/users/:userId
- Fixed API path drift: /invite-codes -> /invites
- 11 new backend tests, 416 total passing
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Remove outdated purple gradient/theme toggle references, add monochrome
design system patterns and component guidelines for future sessions.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Phase B addresses 7 high-severity gaps from the permissions audit:
- B1: Enforce tree access check on session start via can_access_tree
- B2: Replace all inline permission helpers with centralized permissions.py
- B3: Fix require_engineer_or_admin to check is_team_admin before role
- B4: Add is_active field on User with enforcement in get_current_active_user
- B5: Add admin user management endpoints (list, get, role, team-admin, deactivate, activate)
- B6: Add rate limiting on auth/invite endpoints via slowapi (disabled in DEBUG)
- B7: Implement refresh token rotation with JTI-based revocation and meaningful logout
Also reduces access token TTL from 15 to 5 minutes and updates CLAUDE.md
with SaaS/MSP context for future planning sessions.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Remove role field from UserCreate schema, hardcode 'engineer' at registration
- Escape all user content in HTML export with html.escape() (XSS fix)
- Add field_validator to reject default SECRET_KEY when DEBUG=False
- Add CHECK constraint on users.role ('engineer'|'viewer') + migration 011
- Fix test_admin fixture to properly grant is_super_admin via ORM
- Fix circular FK (users↔invite_codes) in test DB setup with DROP SCHEMA CASCADE
- Add 5 new security tests (role validation + XSS prevention)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add role-based access control with hierarchy: super_admin > team_admin >
engineer > viewer. Adds is_super_admin boolean to User model (migration 010),
centralized backend permissions module, frontend usePermissions hook, and
UI enforcement (conditional Create/Edit buttons, editor redirect for viewers,
role badge in header). All endpoint admin checks updated from role=="admin"
to is_super_admin.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add Session Scratchpad design doc (Idea 6 from brainstorm)
- Update CLAUDE.md production URLs to resolutionflow.com
- Update CORS lesson domain refs for rebrand
- Add .claude/settings.local.json to gitignore docs
- Add docs/plans/ to project structure
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Document the frontend rebrand including brand colors, fonts, logo
locations, CSS utilities, and naming conventions for future development.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Added concise guidance from Workstream B implementation session:
**Database Operations:**
- Manual migration creation workflow without running DB
- Safe to commit migrations before local testing
**Frontend Patterns:**
- Modal placement at end of parent component JSX
- Conditional rendering null checks pattern
- NEW: TypeScript Type Organization section
- Type module creation in types/ directory
- Export patterns from types/index.ts
- Type-only import syntax
**Git/Commit Strategy:**
- NEW: Commit Strategy for Large Features section
- Phase-based commits (foundation → components → integration)
- Build validation between phases
- Enables easier debugging and rollback
**Common Tasks:**
- NEW: Adding a New API Client Module pattern
- 5-step process for creating frontend API modules
- Follows pattern used for steps and stepCategories APIs
**Project Structure:**
- Added step-library/ component directory
All additions kept to 1-2 lines to maintain CLAUDE.md brevity.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Add Environment Variables section with backend/.env and frontend config
- Update Development Commands to use relative paths (cross-platform)
- Add Frontend Operations section (build, preview, lint)
- Enhance Run Tests with first-time setup instructions
- Condense API Endpoints Reference (~85 lines saved, link to OpenAPI docs)
- Add Git Patterns section documenting .gitignore requirements
- Update all commands to work from project root
- Add Windows/Linux/Mac compatibility notes for venv activation
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
## Summary
Implements Phase 2.5 Step Library Foundation:
### Issues Completed
- #3 User Preferences - export format default setting
- #5 Step Categories - database table and seed data
- #6 Step Library - database schema and migrations
- #7 Step Library - CRUD API endpoints
- #8 Step Library - rating and review system
### Changes
**Backend:**
- Migration 007: step_categories table with 10 seeded global categories
- Migration 008: step_library, step_ratings, step_usage_log tables
- Full CRUD API for step categories (/api/v1/step-categories)
- Full CRUD API for step library (/api/v1/steps) with search, filters, ratings
- CORS support for Railway PR environments (ALLOW_RAILWAY_ORIGINS)
**Frontend:**
- User preferences store (Zustand + localStorage)
- Settings page at /settings with export format dropdown
- Default export format applied in SessionDetailPage
### Testing
- Tested in Railway PR environment
- Database seeded with 7 MSP troubleshooting trees
- All API endpoints verified working
Features:
- Categories: Global and team-specific tree categorization (admin-managed)
- Tags: Flexible tree tagging with autocomplete (author + admin)
- User folders: Personal tree collections with subfolder support
- Hierarchical structure (max 3 levels deep)
- Right-click context menu for folder management
- Cascade delete for subfolders
- Filter trees by category, tags, and folder in library view
Backend:
- New models: Category, Tag, UserFolder with relationships
- New API endpoints for categories, tags, and folders
- Tree organization migrations (005, 006)
Frontend:
- FolderSidebar with hierarchical folder tree
- FolderEditModal for create/edit with color picker
- AddToFolderMenu for quick tree organization
- TagInput with autocomplete and TagBadges display
- Updated TreeMetadataForm and TreeLibraryPage
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
