Full-stack RBAC audit covering frontend UX, backend architecture,
and adversarial analysis. Implementation plan phased by severity
(Critical → High → Medium → Low).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add role-based access control with hierarchy: super_admin > team_admin >
engineer > viewer. Adds is_super_admin boolean to User model (migration 010),
centralized backend permissions module, frontend usePermissions hook, and
UI enforcement (conditional Create/Edit buttons, editor redirect for viewers,
role badge in header). All endpoint admin checks updated from role=="admin"
to is_super_admin.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Refactor scratchpad from a flex-layout sidebar that pushes content left
to a floating overlay panel (position: fixed) that doesn't affect layout.
Panel slides in from the right with Ctrl+/ toggle. Main content adjusts
padding responsively when panel is open.
Also apply thin scrollbar styling globally across all scrollable elements
for a consistent, minimal look.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Fix broken JWT token refresh that caused "Failed to load trees" after
idle timeout. The refresh endpoint expected token as query param but
frontend sent it as Authorization header. Added proper dependency
(get_refresh_token_payload) and refresh queue to handle concurrent 401s.
Also fix seed trees not being visible to non-admin users by updating
the seed script to set is_public/is_default on existing trees.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add Session Scratchpad design doc (Idea 6 from brainstorm)
- Update CLAUDE.md production URLs to resolutionflow.com
- Update CORS lesson domain refs for rebrand
- Add .claude/settings.local.json to gitignore docs
- Add docs/plans/ to project structure
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Captures brainstorming session covering session scratchpad, time tracking,
command output capture, share progress/escalation, push steps, path analytics,
multi-tree sessions, recurring issue detection, tree health scores, and
AI tree intelligence. Includes suggested build order and dependency map.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Replace grouped section headers with hover tooltips (title attr) for
a cleaner flat list of descendant options
- After selecting a descendant, stay on the custom step so the user can
write notes before proceeding via a "Continue to" button
- Add pendingContinuationNodeId state to track selected descendant
- "Continue to" and custom branch controls are mutually exclusive
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Updated IMPLEMENTATION-PLAN-STEP-LIBRARY-FRONTEND.md with design decisions:
- Custom steps persistence: separate `custom_steps` field in sessions
- Custom step navigation: full step type support (decision/action/solution)
- Validation warnings: inline dismissible, no confirmation modal
- Added backend migration task (B.10) for custom_steps field
- Updated file count: 10 new, 8 modified, 1 migration
- Clarified acceptance criteria for validation behavior
- Created docs/plans/2026-02-03-draft-trees-feature.md:
- Comprehensive design for draft trees and custom steps
- Database schema, API changes, frontend UX patterns
- Implementation phases and success metrics
- Related to Issue #25 (planned for Phase 3)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Cherry-picked useful documentation from branches being cleaned up:
- IMPLEMENTATION-PLAN-STEP-LIBRARY-FRONTEND.md: Planning doc for Step Library frontend
- PROJECT-REVIEW-2026-02-02.md: Project status review from February 2026
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
