chihlasm/resolutionflow
1
0
Fork 0
Code Issues 23 Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
bea34229d64d67d2a1cd4096ebcbdd058d71cc03
resolutionflow/CHANGELOG.md
Michael Chihlas bea34229d6
Some checks failed
Mirror to GitHub / mirror (push) Successful in 4s
Details
CI / backend (pull_request) Failing after 18m54s
Details
CI / frontend (pull_request) Failing after 47s
Details
CI / e2e (pull_request) Has been skipped
Details
chore: bump version and changelog (v0.1.0.0) 
Add CW security roles reference docs and PSA ticket management plan.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-16 14:44:03 +00:00

245 lines
17 KiB
Markdown
Raw Blame History

# Changelog
All notable changes to ResolutionFlow are documented here.
## [0.1.0.0] - 2026-04-16
### Added
- **PSA Ticket Management** — dedicated `/tickets` page with URL-param filter state (board, status, priority, company, assignment, closed), paginated ticket list, and slide-in detail panel
- **TicketDetailPanel** — full ticket view with notes feed, configurations, related tickets, and resource manager; optimistic status updates via dropdown
- **NewTicketModal** — two-tab ticket creation: "Quick Create (AI)" parses natural language into a pre-filled form via Claude, "Full Form" for manual entry; validates required fields before submitting to CW
- **AiTicketParseForm** — natural language → structured ticket data using Claude; resolves board and assignee automatically, flags fields needing manual selection
- **TicketResourceManager** — add/remove CW members as ticket resources with member search autocomplete
- **Spin-off ticket creation from ResolutionAssist** — AI can detect when a new ticket should be created mid-session and surface the NewTicketModal pre-filled with session context
- **TicketQueue improvements** — dashboard widget now detects member mapping, caps at 5 items, shows "View All" link to `/tickets`
- **Board statuses endpoint** — `GET /integrations/boards/{board_id}/statuses` for direct status lookup without a ticket context
- **Paginated ticket search** — `search_tickets` returns `{items, total, page, page_size}`; parallel CW count fetch for accurate totals
- **Ticket service layer** — `ticket_service.py` wraps all PSA mutations (create, update status, list/add/remove resources)
- **Priority lookup endpoint** — `GET /integrations/tickets/priorities` for form dropdowns
- **PSA error surfacing** — `/tickets` page shows inline error banner with specific guidance when CW returns a permissions error (replaces silent empty state)
### Fixed
- CW query injection: sanitize search `query` string to strip single quotes before interpolation into CW conditions
- `company_id` filter now correctly applied to CW ticket search conditions (was silently ignored)
- `linkedTicket` fetch in ResolutionAssist guarded with `currentChatRef` to prevent race condition on session switch
- Members endpoint auth gate no longer rejects engineers without a PSA mapping
- Board fallback: ticket list derives available boards from ticket data when the boards API returns empty (permissions)
- Assignment search and "Load More" removed from resource manager in favor of direct member list
## [Unreleased]
### Added
- Tree Templates + Import/Export marketplace (#66)
- Recurring Issue Detection — client-specific pattern alerts (#60)
- Step Feedback Flag — "This Step is Wrong" reporting (#58)
- **Tenant Isolation Phase 0** — multi-tenant data isolation (#132) with app-layer filtering helpers (`tenant_filter()`, `get_tenant_context`), cross-tenant access audit (analytics, categories, AI sessions, trees), UUID endpoint isolation with 404 responses for unauthorized access, ownership checks on all sensitive operations, and CI grep gate for missing tenant filters
- **Tenant Isolation Phase 2** — PostgreSQL Row Level Security (RLS) on 11 session-related tables (ai_sessions, session_steps, session_tags, etc.), account_id NOT NULL enforcement on all write paths, Alembic migrations with dual-env support (Railway native vars + explicit DATABASE_URL_SYNC), RLS test coverage with cross-account isolation verification, migration CI/CD integration
- **Tenant Isolation Phase 3** — RLS on audit_logs and tree_shares tables, cross-tenant session access for public shares (via get_admin_db), complete account_id propagation across PSA integration write paths, final RLS policy enforcement
- **Tenant Isolation Phase 4** (#136) — RLS enforcement on all 31 remaining tables (users, trees, teams, integrations, scripts, categories, templates, surveys, etc.), BYPASSRLS session pattern for auth deps and background jobs, admin session factory for startup routines (service accounts, seed data), global table exclusions (platform_steps, template_trees, script_categories, accounts), RLS tests with complete cross-tenant isolation verification, proper tree_shares ownership checks using tree owner's account_id
- **Script Library default view** — "All Scripts" tab now displays all accessible scripts (team + library)
- **Session documentation overhaul** — reformatted PSA resolution/escalation notes with cleaner headers, inline engineer responses, decimal hour display (0.25 hrs), follow-up recommendations, and improved "What We Know" section from evidence items
- **Client communication improvements** — new `request_info` audience type for client-facing information requests, improved status update and email draft prompts with per-context guidance
- **Image support in Assistant Chat** — paste/attach images in chat input, uploaded to S3, resized for vision model, displayed in conversation history
### Changed
- **Edit Procedure page** — layout overhaul and color system refinements for better visual hierarchy
- **Flows sidebar navigation** — collapsed to reduce visual noise; session recovery removed from library view
- **Account settings page** — audit fixes for improved consistency and usability
- **PSA documentation formatting** — removed duplicate timing blocks and AI confidence sections; added client-facing communication context guidance
- **Status update generation** — fixed option label lookup to use human-readable labels instead of machine values
- **Assistant Chat session actions** — moved Pause/Resume/Close actions from action bar to page header for consistency with FlowPilot
- **Design system token normalization** — unified FlowPilot, AssistantChat, and ScriptBuilder components to use consistent design tokens
- **Tenant data boundaries** — all session and tree endpoints now return 404 (not 403) for cross-tenant access attempts to avoid confirming resource existence
### Fixed
- **CRITICAL: Copilot tree query isolation** (#131) — user could access any tree UUID if known, exposing full tree structure to AI. Now scoped to current account with 404 for inaccessible trees.
- **AI session search isolation** — search endpoint leaked other users' sessions via OR(user_id, account_id). Now restricted to current user only.
- **Analytics endpoint isolation** — GET `/analytics/flows/{tree_id}` exposed session counts for any tree UUID. Now returns 404 if tree doesn't belong to requesting account.
- **Category tree counts** — cross-tenant row count leakage via tree_count field in GET `/categories/{id}`. Now scoped to requesting account.
- **PSA retry ownership check** — retry-psa-push had no ownership validation (CRITICAL). Now validates user ownership before allowing retry.
- **Task Lane save operation** — invalid task_lane_item UUIDs returned 403 revealing existence. Now returns 404 and uses query-level filtering.
- **Phase 4 RLS enforcement** — fixed auth deps, user-mutation endpoints, background jobs, and lifespan routines to use BYPASSRLS sessions for reading/writing tenant-isolated tables; fixed seed scripts to use ADMIN_DATABASE_URL; bootstrap service account now initializes correctly with proper BYPASSRLS context
- Dark text rendering on blue accent step-number badges across all flow types
- Script Library tab ownership filter now preserved across category and search changes
- Race conditions in script builder session creation and slug generation
- Stale async results in Assistant Chat (selectChat) no longer clobber new session task lane
- Sentry DSN hardcoded fallback removed — now uses environment variable only
- Option label resolution in status update context generation
- "Sorry something went wrong" errors in chat when rendering unsupported message types
- Task Lane stale data when creating new chat or resuming from concluded session
- Chat ref invalidation race condition between handleNewChat and async data loads
- Images now properly display in chat message history instead of blank placeholders
---
## [0.11.0] - 2026-03-30
### Changed
- **Landing page redesign** — replaced AI-template layout with bold hero, live chat animation, scroll-driven reveals, and FAQ section; self-contained `--lp-*` palette; electric blue accent throughout
- **Dashboard design critique** — eliminated section redundancy, differentiated card types across PerformanceCards, KnowledgeBaseCards, and TeamSummary; reduced visual noise
- **Session History** — redesigned as tabbed view (AI Sessions / Flow Sessions) with Load More pagination and domain filter chips; AI sessions now support lazy-loaded flow sessions with URL param routing to correct tab
- **Escalation Queue** — improved urgency signaling with time-based styling
- **Assistant page** — TaskLane UX improvements (confirmed-delete, restorable skipped tasks, progress counter); ChatSidebar delete confirmation flow fixed (no accidental chat switch while confirming)
- **Script Library/Builder** — design critique fixes; suggestion chips now correctly respect disabled state during generation
- **Create Flow dropdown** — simplified to two options (Troubleshooting / Procedural); removed AI generate flow and maintenance flow per pilot scope
- **Tag badges and buttons** — fixed unreadable text caused by `bg-accent` with dark foreground; tags now use elevated background with border
### Fixed
- Restored removed icon imports in MyTreesPage; added default export to SessionHistoryPage
- Fixed ternary closing brackets in KnowledgeBaseCards and TeamSummary
- Fixed `loadMoreAiSessions` race condition — stale pages from prior filter queries no longer mix with fresh results
- Fixed `--lp-btn` using `var(--color-accent)` in `landing.css` (violates lesson 104); now hardcoded to `#60a5fa`
---
## [0.10.0] - 2026-03-21
### Added
- **AI Script Builder** — chat-style page (`/script-builder`) for generating PowerShell, Bash, and Python scripts from natural language descriptions, with fullscreen preview modal and save-to-library flow
- **FlowPilot message bar** — always-visible chat input at bottom of guided sessions, replacing hidden "None of these" escape hatch
- **FlowPilot → Script Builder handoff** — FlowPilot detects custom script needs and offers "Open Script Builder" button with context pre-filled via sessionStorage
- **Script Library reorganization** — "My Scripts" / "Team Scripts" tabs, prominent "Build a New Script" button, `language` column on templates
- **Session close/abandon** — "Close" button in FlowPilot action bar sets status to `abandoned` and redirects to Active Sessions
- **Unified session history** — merged Flow Sessions and AI Sessions into single view on Active Sessions page
### Changed
- FlowPilot now asks user preference (GUI walkthrough vs script) before suggesting scripted solutions
- Script Builder messages normalized into separate `script_builder_messages` table (from JSONB array)
- Step card action types use typed content helpers instead of unsafe `as string` casts
- Message bar width expanded and repositioned above action bar
- Date range filters use end-of-day timestamps to include same-day items
### Fixed
- Missing `useNavigate` import causing Railway build failure
- FlowPilot message bar hidden behind fixed action bar
- Date filter excluding items created on the selected end date
---
## [0.9.0] - 2026-03-21
### Added
- **Landing page design audit** — mobile hamburger menu, Privacy and Terms pages, responsive modals
- **Mobile search collapse** — TopBar search bar collapses to magnifying glass icon on mobile
- **Root directory cleanup** — archived 9 completed docs, tracked marketing assets and dev environment guide
### Changed
- Branding updated: "Decision Tree Platform" → "AI-Powered Troubleshooting for MSPs" on login, register, HTML title
- Section spacing tightened on landing page, heading hierarchy fixed (div → h2)
- Register page icon fixed from red/coral to cyan brand color
- `transition: all` replaced with specific properties across landing CSS
- `color-scheme: dark` added to HTML element
- GitHub issues triaged: closed 10 stale issues (6 completed, 4 deferred), 3 remain open
---
## [0.8.0] - 2026-03-20
### Added
- **FlowPilot cockpit dashboard** — quick-start input, active sessions, pending escalations, performance cards, knowledge base cards, team summary
- **Sidebar redesign** — Dashboard → Resolve → Knowledge → Insights hierarchy with collapsible sections
- **Search & Recall** — PostgreSQL FTS on AI sessions, Command Palette integration (Ctrl+K), structured filters
- **Semantic similar sessions** — Voyage AI embeddings for finding related past sessions in FlowPilot sidebar
- **Evidence-rich sessions** — RichTextInput with clipboard paste, S3 file upload/download API
- **Navigation guard** — `useBlocker` warns before leaving active FlowPilot sessions
### Fixed
- FlowPilot action bar height chain (Resolve/Escalate/Pause buttons disappearing)
- `InFailedSQLTransaction` cascade from `get_db` missing rollback
- Session detail 500 errors from serialization issues
- Escalation fallback when `team_id` is null
- CORS middleware returning proper responses instead of re-raising
---
## [0.7.0] - 2026-03-19
### Added
- **Phase 5 Analytics Enhancement** — flow coverage heatmap, quality scoring, PSA activity logging, enhanced metrics
- **Phase 4 Enterprise features** — public templates gallery, admin curation, branded exports, custom branding (logo, accent, company name), multi-PSA adapter stubs (Autotask, Halo), SSO/SAML groundwork
- **Notification system** — multi-channel (in-app, email) with preferences and batch digest
### Fixed
- Analytics domain matching, funnel counts, decimal casts
- Frontend routing, accessibility, error states, sort indicators
---
## [0.6.0] - 2026-03-18
### Added
- **FlowPilot Phase 1** — AI-powered troubleshooting sessions with guided multi-step engine, copilot panel, confidence-tiered model routing
- **FlowPilot Phase 2** — ConnectWise PSA integration (ticket linking, note posting, member mapping), escalation handoff with AI-enhanced briefing, session pause/resume, mid-session ticket linking
- **Knowledge Flywheel (Phase 3)** — AI session analysis → automatic flow proposals, review queue (approve, edit & publish, dismiss, reject), knowledge gap detection, FlowPilot analytics dashboard, APScheduler batch analysis
---
## [0.5.0] - 2026-03-16
### Added
- **Security headers** — CSP (report-only), HSTS, X-Content-Type-Options, X-Frame-Options
- **Coverage gates** — 80% backend coverage enforced in CI, frontend coverage reporting
- **Core Web Vitals** — LCP, FID, CLS reporting to PostHog
- **PostHog analytics** — event tracking across all key user actions, user identification, autocapture
- **Playwright e2e tests** — coverage for new features and uncovered workflows
- **Command palette** — global search (Ctrl+K) with fuzzy matching across flows, sessions, tags
---
## [0.4.0] - 2026-03-14
### Added
- **ConnectWise PSA integration design** — provider abstraction, encrypted credentials, ticket context
- **Script Generator** — backend engine, API, frontend template editor, parameter detector
- **Procedural editor validation** — validation summary with click-to-select and Fix with AI
- **Landing page** — marketing site with beta signup, pricing tiers, product preview mockup
---
## [0.3.0] - 2026-03-03
### Added
- **Slate & Ice design system** — dark glassmorphism, ice-cyan gradient accents, glass-card system, orchestrated animations
- **Tailwind CSS v4 migration** — CSS-only config, `@tailwindcss/vite` plugin
- **KB Accelerator** — convert knowledge base articles into interactive flows
- **AI chat conclusion** — outcome tracking, AI-generated ticket summaries, resume flow
- **Survey system** — public survey page, admin invite tracking, response viewer with CSV export
- **Email verification** — tokens, banner, admin toggle
- **AI assistant** — in-session copilot panel, standalone chat with RAG, prompt caching
- **Sentry error monitoring** — frontend and backend integration
- **Flexible intake** — deferred variables, prepared sessions
- **Session closure** — close from history page with inline popover
- **Shared Modal enforcement** — standardized modal component across codebase
### Fixed
- Race condition hardening across auth, counters, and data fetching
- MissingGreenlet crash in AI Assistant
---
## [0.2.0] - 2026-02-10
### Added
- **Flow Editor** — form-based with visual canvas preview (React Flow + dagre), undo/redo
- **Procedural Flows** — step-by-step checklists with section headers, collapsible fields
- **Maintenance Flows** — scheduled recurring tasks with batch execution
- **AI Flow Builder** — conversational AI generates complete flows from description
- **Step Library** — shared reusable steps with ratings, reviews, verified-use badges
- **Session features** — timer, keyboard shortcuts, scratchpad overlay, auto-recovery, sharing
- **Organization** — categories, tags, folders (3-level), full-text search, grid/list/table views
- **Admin Panel** — 8 pages (dashboard, users, invite codes, audit logs, plan limits, feature flags, settings, categories)
- **Account management** — profile settings, delete/leave/transfer, chat retention
- **Export** — Markdown, text, HTML with detail levels, editable preview, redaction
---
## [0.1.0] - 2026-01-15
### Added
- Initial release: FastAPI backend with JWT auth, PostgreSQL database
- Trees and Sessions CRUD APIs
- Export functionality (Markdown, Text, HTML)
- React frontend with TypeScript
- Railway deployment with auto-deploy on push to main
- Invite code registration system for beta
Reference in New Issue View Git Blame Copy Permalink