Implements the complete AI flow builder feature using a guided 4-stage
wizard (Foundation → Scaffold → Branch Detail → Review & Assemble).
AI assists at bounded points using Claude Haiku for cost-efficient
structured JSON generation (~$0.01-0.03/flow).
Backend: new models (ai_conversations, ai_usage), Alembic migration,
quota enforcement with billing anchor, Anthropic API integration with
prompt caching, tree validation, conversation CRUD with 24h TTL,
APScheduler cleanup job, 5 API endpoints, Pydantic schemas.
Frontend: TypeScript types, API client, Zustand store for wizard state,
7 components (modal, step indicator, foundation form, branch selector,
branch detail view, tree preview, quota display), MyTreesPage integration
with "Build with AI" button (hidden when AI not configured).
Tests: 14 validator unit tests + 11 endpoint integration tests with
mocked Anthropic (zero real API spend). All 25 tests passing.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: tree editor authoring blockers - scroll trap, form density, branching hint
- Replace fixed viewport height with flex layout in NodeEditorPanel
- Make footer sticky so Save/Cancel always reachable
- Compact root node banner to single-line with InfoTip tooltip
- Reduce resolution note from callout box to inline text
- Add answer-first branching hint below options label
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: broken functionality - auth errors, toast logic, role update, routing, step library
- Extract backend error detail in auth store login/register
- Fix inverted 4xx toast logic and add 429 rate limit handling
- Send account_role field to match backend schema in role update
- Use type-aware routing for Repeat Last Session button
- Add step library placeholder page and route, remove dot badge
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: navigation correctness - back buttons, exit dialog, dedup nav, redirects
- Standardize all procedural back/exit paths to /trees (not /my-trees)
- Add exit button with ConfirmDialog to procedural session top bar
- Consolidate duplicate account links in sidebar and topbar
- Auto-redirect non-owners to personal analytics
- Add toast feedback before silent permission redirects in tree editor
- Delete orphaned AdminCategoriesPage
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor: shared components, ConfirmDialog migration, pinned flow fixes
- Create shared Spinner component with sm/md/lg sizes
- Migrate 13 page-level spinners to shared Spinner
- Promote EmptyState to shared component, adopt in MyShares and SessionHistory
- Replace window.confirm with ConfirmDialog in 3 files
- Fix PinnedFlow.tree_type to include maintenance, update emoji display
- Verify sidebar unpin handler already correct (no-op)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: visual consistency - toasts, typography, focus rings, container padding
- Remove richColors from Sonner toasts, limit stacking to 3
- Add font-heading to all page H1s (7 files)
- Add font-label (Outfit) to TagBadges component
- Fix focus ring tokens on analytics pages
- Replace deprecated glass-stat with design system tokens
- Standardize container padding on analytics pages
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: backend alignment - remove drafts toggle, clean dead code, truncation indicator
- Remove non-functional drafts toggle and clean TreeFilters type
- Fix AccountInvite type to match backend schema
- Remove dead API methods: pinnedFlows.pin/reorder, trees.getSharedTree
- Remove unused types: SessionListResponse, RatingCreate.is_verified_use
- Add session list truncation indicator with size=51 lookahead
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: remove bg-black from PageLoader and RouteError, fix PageLoader height
PageLoader used h-screen inside a grid cell, causing it to overflow.
Changed to h-full so it fits within the main-content area. Removed
bg-black from both PageLoader and RouteError in favor of theme-aware
bg-background to prevent black flash during lazy loading.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: guard against Pydantic validation error objects in toast/error messages
FastAPI returns `detail` as an array of objects for 422 validation errors,
not a string. Passing these objects to toast.error() or rendering them in
JSX crashes React with Error #31 ("Objects are not valid as a React child").
Now checks typeof detail === 'string' before using it.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: toast styling, node editor first-click, action node placeholder pattern
1. Toast fixes: Add theme="dark" to Sonner, use !important CSS overrides
instead of zero-specificity :where() selectors, suppress noisy 4xx
global toasts (pages handle their own errors)
2. Node editor first-click: Add node.type to draft initialization
useEffect deps so draft resets when answer stub converts to real type
3. Action node redesign: Remove NodePicker dropdown, auto-create answer
placeholder on save (matching decision node pattern). Users click the
placeholder on canvas to choose type and fill in details.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: auto-seed test users when release command fails on PR envs
The background seeder now creates users directly via DB if login fails,
instead of silently aborting. This handles Railway PR environments where
the releaseCommand may not execute properly.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: remove categories/tags from sidebar to prevent footer clipping
Categories and Tags sections were pushing Feedback, Account, and
Collapse off-screen when All Flows expanded its children. These
filters already exist on the TreeLibraryPage, so the sidebar
duplicates were removed.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* docs: add procedural/maintenance editor redesign design
Collapsible sections, fixed-height layout, drag-to-reorder steps,
maintenance schedule section, and step list UX improvements.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* docs: add procedural editor redesign implementation plan
7 tasks across 7 phases: collapsible sections, fixed-height layout,
step list improvements, drag-to-reorder, maintenance schedule section.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: restructure procedural editor with collapsible sections and fixed-height layout
Convert scrolling document layout to fixed-height editor with accordion-mode
collapsible sections for Details and Intake Form. Step list now gets all
remaining height with independent scrolling. Add CollapsibleEditorSection
component with ARIA attributes (aria-expanded, aria-controls).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: add step count with time estimate header and auto-scroll to new steps
Remove outer card wrapper from StepList (now rendered in scrolling container).
Header shows total estimated minutes when steps have time estimates. Auto-scrolls
to newly added steps using ref + scrollIntoView.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: add drag-to-reorder steps with @dnd-kit
Wrap step list in DndContext + SortableContext. Each step/section header
gets a SortableStepWrapper with useSortable. Drag handles have accessible
labels and keyboard support. procedure_end stays non-draggable and always
last. Expanded steps are disabled for dragging. Array-index reorder only.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: add MaintenanceScheduleSection with schedule builder and summary
Schedule draft state is local UI only (not in store). Hydrates form from
existing schedule on load. Includes getScheduleSummary helper for collapsed
section display. Two-stage save: tree first, schedule second. Schedule
failure shows actionable error without rolling back tree save.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: wire maintenance schedule section into procedural editor
Add collapsible Schedule section for maintenance flows with accordion
integration. Schedule summary shows frequency, time, and target count
when collapsed. New maintenance flows default to schedule section expanded.
Two-stage save preserved: tree saved first, schedule managed independently.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: resolve lint issues in maintenance schedule and editor page
Move getScheduleSummary to scheduleUtils.ts to satisfy react-refresh
only-export-components rule. Add onScheduleLoaded to useEffect deps.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* docs: add design and implementation revision documents
Revision docs correct original plans: schedule persistence via API
endpoints (not tree_structure), array-index reorder (no display_order),
store minimum-one-step invariant, accordion mode, ARIA requirements,
and two-stage save orchestration with failure handling.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: auto-seed PR environments with SEED_ON_DEPLOY flag
Release command now runs migrations + seeds test users when
SEED_ON_DEPLOY=true. Tree seeding runs as a background task
on startup via HTTP API. Everything is idempotent and non-fatal.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: add httpx to requirements for PR environment seeding
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: seed all flow types (v2, procedural, maintenance) on deploy
Runs seed_trees, seed_trees_v2, seed_procedural_flows, and
seed_maintenance_flows sequentially as background tasks when
SEED_ON_DEPLOY=true. Each script failure is non-fatal.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* chore: trigger redeploy for full seed
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
- Add backend/app/core/scheduler.py with AsyncIOScheduler, CronTrigger-based
job registration, and _fire_maintenance_schedule to create batch sessions
- Wire scheduler.start()/load_all_schedules()/shutdown() into main.py lifespan
- Call register_schedule() in create_schedule endpoint after commit
- Call register_schedule()/unregister_schedule() in update_schedule based on is_active
- Add TreeShare to models/__init__.py so all SQLAlchemy mapper relationships
resolve before ORM queries in the scheduler context
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Server-side regex redaction masks IPs, emails, bearer/API tokens, and
UNC paths in exported session content. Redaction runs post-generation
and post-variable-resolution with fail-closed error handling. Frontend
gets a "Mask Sensitive Data" toggle in the export preview modal with
a summary of what was redacted. 24 unit tests passing, frontend build clean.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The /debug/cors endpoint is now conditionally registered, preventing
information leakage about CORS configuration in production.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Phase B addresses 7 high-severity gaps from the permissions audit:
- B1: Enforce tree access check on session start via can_access_tree
- B2: Replace all inline permission helpers with centralized permissions.py
- B3: Fix require_engineer_or_admin to check is_team_admin before role
- B4: Add is_active field on User with enforcement in get_current_active_user
- B5: Add admin user management endpoints (list, get, role, team-admin, deactivate, activate)
- B6: Add rate limiting on auth/invite endpoints via slowapi (disabled in DEBUG)
- B7: Implement refresh token rotation with JTI-based revocation and meaningful logout
Also reduces access token TTL from 15 to 5 minutes and updates CLAUDE.md
with SaaS/MSP context for future planning sessions.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The CORS middleware was only using the regex pattern for *.up.railway.app
when ALLOW_RAILWAY_ORIGINS was enabled, ignoring the explicit allowed_origins
list that includes custom domains like app.patherly.com.
Now includes both allow_origins and allow_origin_regex so custom domains
work alongside Railway PR environments.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
## Summary
Implements Phase 2.5 Step Library Foundation:
### Issues Completed
- #3 User Preferences - export format default setting
- #5 Step Categories - database table and seed data
- #6 Step Library - database schema and migrations
- #7 Step Library - CRUD API endpoints
- #8 Step Library - rating and review system
### Changes
**Backend:**
- Migration 007: step_categories table with 10 seeded global categories
- Migration 008: step_library, step_ratings, step_usage_log tables
- Full CRUD API for step categories (/api/v1/step-categories)
- Full CRUD API for step library (/api/v1/steps) with search, filters, ratings
- CORS support for Railway PR environments (ALLOW_RAILWAY_ORIGINS)
**Frontend:**
- User preferences store (Zustand + localStorage)
- Settings page at /settings with export format dropdown
- Default export format applied in SessionDetailPage
### Testing
- Tested in Railway PR environment
- Database seeded with 7 MSP troubleshooting trees
- All API endpoints verified working
- Add Dockerfiles for backend (FastAPI) and frontend (nginx)
- Add railway.toml configs with health checks
- Add .dockerignore files for optimized builds
- Update config.py to auto-convert Railway DATABASE_URL format
- Add FRONTEND_URL env var for production CORS
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
