Scrum4Me

Author	SHA1	Message	Date
Janpeter Visser	d292e445d9	Sprint: Verbeteren debug mode (#179 ) * feat(PBI-49): add debugProps helper + Vitest test Adds lib/debug.ts with debugProps(id, component, file) that returns data-debug-id and data-debug-label attrs in dev mode, empty object in production. Adds __tests__/lib/debug.test.ts covering both modes. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * docs(PBI-49): add debug-id pattern doc + CLAUDE.md reference Adds docs/patterns/debug-id.md documenting the named-component boundary rule (6 punten), helper-voorbeeld, skip-criteria en motivatie voor handmatige pad-argumenten. Voegt verwijzing toe aan CLAUDE.md patterns-tabel. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * refactor(PBI-49): migrate 17 shared/ components to debugProps helper Replace hardcoded data-debug-id + data-debug-label attribute pairs with {...debugProps(id, component, file)} spread in all 17 components/shared/ files. Existing debug-ids preserved unchanged. * feat(PBI-49): add debugProps to backlog/, sprint/, solo/ components * feat(PBI-49): add debugProps to jobs/ + ideas/ components * feat(PBI-49): add debugProps to products/ + settings/ + notifications/ components * feat(PBI-49): add debugProps to admin/ + dashboard/ + dialogs/ + mobile/ + split-pane/ Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(PBI-49): use attr(data-debug-id) for debug tooltip in globals.css * refactor(PBI-49): remove data-debug-label from debugProps helper + test Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * refactor(PBI-49): strip unused component/file args from debugProps in shared/ Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(PBI-49): add BEM sub-element data-debug-id to StatusBar, NavBar, PanelNavBar Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(PBI-49): add BEM sub-element data-debug-id to components/sprint/* - new-sprint-dialog: __submit on submit button - sprint-backlog: __list on SprintBacklogLeft + SprintBacklogRight scroll areas - sprint-board-client: root wrapper div (display:contents) + __drag-overlay - sprint-header: __title on goal button, __dates on dates button, __actions on action cluster - sprint-run-controls: root on controls div, __start/__cancel on action buttons; __blockers-dialog on dialog content - start-sprint-button: root on trigger button, __dialog on dialog content, __submit on submit button - sync-active-sprint-cookie: no debug-id (returns null, side-effect only), comment added Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(PBI-49): add BEM sub-element data-debug-id to components/backlog/* * feat(PBI-49): add BEM sub-element data-debug-id to components/ideas/* * feat(PBI-49): add BEM sub-element data-debug-id to components/dashboard/* + components/markdown.tsx Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(PBI-49): add BEM sub-element data-debug-id to new-product-button Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(PBI-49): add BEM sub-element data-debug-id to components/solo/* Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(PBI-49): add BEM sub-elements to nav-status-indicators Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(PBI-49): add BEM sub-element data-debug-id to components/jobs/* Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(PBI-49): add BEM sub-element data-debug-id to components/products/* * feat(PBI-49): add BEM sub-element data-debug-id to components/notifications/* - answer-modal: __content (scroll area), __submit (footer) - notifications-bridge: skip comment (bridge, non-rendering wrapper) - notifications-realtime-mount: skip comment (returns null) - notifications-sheet: __header, __items (questions list) - push-toggle: __switch (button), __label (button text) on subscribed/unsubscribed states * feat(PBI-49): add BEM sub-element data-debug-id to components/settings/* - leave-product-button: root only (single-button component) - min-quota-editor: __input (number input), __save (save button) - profile-editor: __username (bio/short-description input), __save (submit) - role-manager: __roles (checkbox list), __add (save button) - token-manager: __tokens (active tokens list), __generate (create button) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(PBI-49): add BEM sub-element data-debug-id to admin, auth, dialogs, entity-dialog, mobile, split-pane * docs(PBI-49): add debug-labels BEM pattern doc + CLAUDE.md entry Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-09 22:46:29 +02:00
Janpeter Visser	c18d17108c	ST-1240: Verwijder backend todo-code (server actions + API route) (#135 ) * feat(cleanup): verwijder Todo's navlink en todo-referenties uit marketing page [cmotto5ia000nx3178lq6xk8d] - nav-bar.tsx: Todo's navLink verwijderd; Ideas-link blijft staan - app/page.tsx: /todos quick-access link, feature-entry en /api/todos API-doc verwijderd Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(cleanup): verwijder app/(app)/todos/ en components/todos/ [cmottjvzo000cx3172472cu4g] * test(cleanup): verwijder POST /api/todos import en describe-block uit security.test.ts [cmotto5jn000px317kjqlba89] - Import 'POST as postTodo' uit verwijderde todos-route verwijderd - describe('POST /api/todos') sectie (3 tests) verwijderd - 73 testfiles / 561 tests groen Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * test(cleanup): verwijder __tests__/api/todos.test.ts en __tests__/actions/todos-promote-idea.test.ts [cmottjw1u000fx317igq27mh5] * feat(cleanup): verwijder actions/todos.ts en app/api/todos/route.ts; verplaats updateRolesAction naar actions/settings.ts [cmottjvy9000ax3173sgfjcqs] --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-06 12:24:48 +02:00
Janpeter Visser	555ed8fe89	feat(ST-qfpqpxzy): DB schema + settings-UI voor min_quota_pct worker-drempel (#118 ) - User.min_quota_pct Int @default(20) + ClaudeWorker.last_quota_pct/last_quota_check_at - Migratie add_worker_quota_gate - lib/schemas/user.ts: minQuotaPctSchema (int, 1-100) - actions/settings.ts: updateMinQuotaPctAction met auth/demo/zod-guard - MinQuotaEditor component met numeric input en DemoTooltip - Settings-pagina: Worker-instellingen sectie Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-06 03:45:59 +02:00
Madhura68	a0a10001d5	feat(rate-limit): per-user mutation-rate-limiting (v1-readiness #3 ) lib/rate-limit.ts: 11 nieuwe scope-configs + enforceUserRateLimit(scope, userId) helper. Returnt { error, code: 429 } shape voor consistent foutbeleid. Toegepast op de high-value mutation-paths: - actions/pbis.ts createPbiAction - actions/stories.ts createStoryAction - actions/tasks.ts saveTask (alleen create-path) + createTaskAction - actions/todos.ts createTodoAction - actions/sprints.ts createSprintAction - actions/products.ts createProductAction + createProductFormAction - actions/api-tokens.ts createApiTokenAction - actions/questions.ts answerQuestion - actions/claude-jobs.ts enqueueClaudeJobAction + enqueueClaudeJobsBatchAction - app/api/profile/avatar/route.ts POST - app/api/stories/[id]/log/route.ts POST Limits zijn ruim genoeg voor normaal gebruik, eng genoeg voor abuse-loops: create-task 100/min, create-todo 60/min, create-pbi 30/min, create-product 5/min, create-token 10/uur, etc. Per-user scope (geen globale block). Niet aangeraakt: reorder/status-toggle (intra-session frequent, lage abuse), update/delete (laag-volume), cron-routes (CRON_SECRET-gated). Consumer-tweaks: 'success' in result narrowing waar TS de bredere union niet meer accepteerde. Tests: 9 nieuwe op rate-limit-helper. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-04 13:48:59 +02:00
Janpeter Visser	1cb5772edd	M12 / ST-1110: Demo gebruiker read-only (#17 ) * feat(ST-1110.3): add proxy.ts demo-guard for non-GET API routes * feat(ST-1110.3+4): demo-guard proxy + block demo in QR-pairing - proxy.ts: gebruik unsealData ipv getIronSession (middleware-compatibel) - pair/start: isDemo-check via cookies() guard - pair/claim: check pairing.user.is_demo na DB-read; 403 + clearPairCookie * feat(ST-1110.5): unify demo write-button pattern to disabled+tooltip Convert all !isDemo && <Button> patterns to <DemoTooltip show={isDemo}> <Button disabled={isDemo}> so demo visitors see app capabilities. Affects: pbi-list, story-panel, story-dialog, task-list, sprint-backlog, token-manager, product-list, activate-product-button, leave-product-button, settings page. * test(ST-1110.6): proxy demo-guard coverage — 403 for demo+non-GET on /api/* * docs(ST-1110.7): document three-layer demo-readonly policy and mirror plan	2026-04-29 18:44:14 +02:00
Madhura68	34e6334051	fix(ST-507): remount email Input on prop change to silence base-ui uncontrolled warning Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-26 19:46:53 +02:00
Madhura68	0dc907b75c	feat(ST-507): add email input to settings and surface in user menu Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-26 19:37:51 +02:00
janpeter visser	1ff894a6c0	feat: gebruikersprofiel met avatar, bio en uitgebreide beschrijving - Schema: bio (160), bio_detail (2000) en avatar_data (bytea) op User - POST /api/profile/avatar: validatie MIME-type + max 12 MB vóór verwerking, Sharp resize naar max 700x700 (fit inside), output WebP q85, opgeslagen als bytea in Neon - GET /api/profile/avatar: serveert avatar met Cache-Control private 1u - updateProfileAction: slaat bio en bio_detail op via Server Action + Zod - ProfileEditor client component: avatar preview, upload met client-side validatie, bio-velden met tekenlimieten - Settings page: profiel-sectie bovenaan, uitgeschakeld voor demo-gebruiker - next.config: sharp als serverExternalPackage Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-25 13:30:38 +02:00
janpeter visser	357b1e32e8	feat: ProductMember — team management for product backlogs - Add ProductMember model (many-to-many User ↔ Product) - Add productAccessFilter helper (owner OR member OR clause) - Replace all ownership checks across actions and API routes - Add addProductMemberAction / removeProductMemberAction / leaveProductAction - Add TeamManager component in product settings (owner adds/removes Developers) - Add LeaveProductButton in user settings (member leaves a product team) - Regenerate Prisma Client after schema migration Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-25 13:09:44 +02:00
janpeter visser	ecc7a10679	fix: lint errors en warnings opgelost voor CI	2026-04-24 14:09:03 +02:00
janpeter visser	d11b114fc1	feat: ST-601-ST-612 M6 polish, beveiliging en launch-ready - ST-601/602: loading skeletons en error boundary - ST-603: Sonner toasts op alle CRUD-operaties - ST-604: DemoTooltip op uitgeschakelde knoppen - ST-605: KeyboardSensor dnd-kit, Escape sluit modals - ST-606: min-width banner < 1024px - ST-607: WCAG AA aria-labels en skip link - ST-608: rate limiting login (10/min) en registratie (5/uur) - ST-609: security integratietests cross-user toegang (7 tests) - ST-610: GitHub Actions CI/CD workflow - ST-611: README met quickstart, deployment en API-docs - ST-612: Lars-flow acceptatiechecklist - fix: settings toont gebruikersnaam i.p.v. interne id - fix: seed idempotent, testdata altijd gekoppeld aan demo-gebruiker Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-24 12:36:23 +02:00
janpeter visser	8bb8754d01	feat: ST-501-ST-506 M5 todo-lijst en rolbeheer - Todo-lijst met snelle invoer via Enter (ST-501) - Todo afvinken met visuele doorstreping (ST-502) - Archiveer afgeronde todos (ST-503) - Promoveer todo naar PBI met product en prioriteit keuze (ST-504) - Promoveer todo naar story met product, PBI en prioriteit keuze (ST-505) - Rolbeheer in instellingen: Product Owner, Scrum Master, Developer (ST-506) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-24 11:59:25 +02:00
janpeter visser	b71a1a7328	feat: ST-401-ST-410 M4 REST API, tokenbeleer en activiteitenlog - api-auth.ts was al aanwezig; demo-check toegevoegd per endpoint (ST-401) - Token aanmaken (SHA-256 hash, eenmalig tonen), intrekken, max 10 (ST-402) - GET /api/products actieve productenlijst (ST-403) - GET /api/products/:id/next-story hoogst geprioriteerde open story (ST-404) - GET /api/sprints/:id/tasks met limit parameter (ST-405) - PATCH /api/stories/:id/tasks/reorder met ID-validatie (ST-406) - POST /api/stories/:id/log met discriminatedUnion per type (ST-407) - PATCH /api/tasks/:id status bijwerken met cross-user bescherming (ST-408) - POST /api/todos via API aanmaken (ST-409) - StoryLog component met kleurcodering per type in story slide-over (ST-410) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-24 11:56:29 +02:00

13 commits