Document the 31 migration files, naming conventions, revision chain,
circular FK workaround, NULL casting gotcha, and migration history table.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Comprehensive schema design for three critical foundational features:
1. Tree Forking Model (Issue #11)
- Add parent_tree_id, fork_reason, parent_updated_at to trees
- Self-referential relationship with orphaning on parent delete
- Update detection mechanism for "parent tree updated" notifications
2. Session Custom Steps Enhancement (Issues #4-#7 partial)
- Backward-compatible JSONB enhancement (no migration)
- Track step source (ad-hoc, library, forked-tree)
- Link to StepLibrary for usage analytics
- Support "save session as tree" reconstruction
3. Session Share Tokens (Issue #15)
- New session_shares table with token-based access
- New session_share_views table for detailed analytics
- Account-level policy: allow_public_shares
- Public vs account-only visibility with permission checks
All schema changes designed for backward compatibility and minimal
migration complexity. Establishes durable domain model that future
features depend on.
Migration plan: 022 (tree forking), 023 (session sharing)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Design document for Tier 1 UX enhancement implementing toast
notifications using sonner library.
- Comprehensive context on current state problems
- Phase-by-phase implementation plan
- Design patterns and best practices
- Complete verification checklist
- Risk assessment and mitigation strategies
Related: #33, #34, #35
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Comprehensive implementation plan for transitioning from team-based
to SaaS subscription model with Free/Pro/Team tiers:
- Phase 1 (Days 1-3): Database migration in 6 separate migrations
- Migration 016: Create accounts, subscriptions, plan_limits, account_invites tables
- Migration 017: Add account_id and account_role to users
- Migration 018 (critical): Migrate users/teams to accounts
- Migration 019: Migrate team_id FKs to account_id on content tables
- Migration 020: Add constraints and finalize migration
- Migration 021: Drop old team columns and teams table
- Phase 2 (Days 4-7): Backend updates
- New models: Account, Subscription, PlanLimits, AccountInvites
- Refactor permissions system (account_role replaces role/is_team_admin)
- Add subscription helpers for feature gating
- Update all 25+ endpoints to use account_id
- Update test fixtures and fix 61+ tests
- Phase 3 (Days 8-10): Frontend updates
- Update types (account_id, account_role)
- New hooks: useSubscription, updated usePermissions
- Account settings page with subscription info
- Usage indicators and upgrade prompts
- Stripe Checkout button (disabled until ready)
- Phase 4 (Days 11-12): Stripe preparation
- Install Stripe SDK
- Webhook skeleton with event handlers
- Code ready to enable when Stripe account created
Key features:
- Build Stripe-ready but ship free-tier-only initially
- Feature branch workflow (feat/subscription-tiers)
- Comprehensive rollback plans for each phase
- All limits configurable via plan_limits table
- 10-12 day timeline with safety checks
- Test on production copy before migration
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Re-audited after RBAC commit (34daa26). Key findings:
- permissions.py is dead code (no endpoint imports it)
- require_engineer_or_admin blocks team admins with viewer role
- 49 endpoints bypass get_current_active_user
- 3 critical issues still open (role field, XSS, secret key)
- Updated implementation plan with new Phase B items
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Full-stack RBAC audit covering frontend UX, backend architecture,
and adversarial analysis. Implementation plan phased by severity
(Critical → High → Medium → Low).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add role-based access control with hierarchy: super_admin > team_admin >
engineer > viewer. Adds is_super_admin boolean to User model (migration 010),
centralized backend permissions module, frontend usePermissions hook, and
UI enforcement (conditional Create/Edit buttons, editor redirect for viewers,
role badge in header). All endpoint admin checks updated from role=="admin"
to is_super_admin.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Refactor scratchpad from a flex-layout sidebar that pushes content left
to a floating overlay panel (position: fixed) that doesn't affect layout.
Panel slides in from the right with Ctrl+/ toggle. Main content adjusts
padding responsively when panel is open.
Also apply thin scrollbar styling globally across all scrollable elements
for a consistent, minimal look.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Fix broken JWT token refresh that caused "Failed to load trees" after
idle timeout. The refresh endpoint expected token as query param but
frontend sent it as Authorization header. Added proper dependency
(get_refresh_token_payload) and refresh queue to handle concurrent 401s.
Also fix seed trees not being visible to non-admin users by updating
the seed script to set is_public/is_default on existing trees.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add Session Scratchpad design doc (Idea 6 from brainstorm)
- Update CLAUDE.md production URLs to resolutionflow.com
- Update CORS lesson domain refs for rebrand
- Add .claude/settings.local.json to gitignore docs
- Add docs/plans/ to project structure
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Captures brainstorming session covering session scratchpad, time tracking,
command output capture, share progress/escalation, push steps, path analytics,
multi-tree sessions, recurring issue detection, tree health scores, and
AI tree intelligence. Includes suggested build order and dependency map.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Replace grouped section headers with hover tooltips (title attr) for
a cleaner flat list of descendant options
- After selecting a descendant, stay on the custom step so the user can
write notes before proceeding via a "Continue to" button
- Add pendingContinuationNodeId state to track selected descendant
- "Continue to" and custom branch controls are mutually exclusive
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Updated IMPLEMENTATION-PLAN-STEP-LIBRARY-FRONTEND.md with design decisions:
- Custom steps persistence: separate `custom_steps` field in sessions
- Custom step navigation: full step type support (decision/action/solution)
- Validation warnings: inline dismissible, no confirmation modal
- Added backend migration task (B.10) for custom_steps field
- Updated file count: 10 new, 8 modified, 1 migration
- Clarified acceptance criteria for validation behavior
- Created docs/plans/2026-02-03-draft-trees-feature.md:
- Comprehensive design for draft trees and custom steps
- Database schema, API changes, frontend UX patterns
- Implementation phases and success metrics
- Related to Issue #25 (planned for Phase 3)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Cherry-picked useful documentation from branches being cleaned up:
- IMPLEMENTATION-PLAN-STEP-LIBRARY-FRONTEND.md: Planning doc for Step Library frontend
- PROJECT-REVIEW-2026-02-02.md: Project status review from February 2026
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
