Scrum4Me

Author	SHA1	Message	Date
Janpeter Visser	a2c8bd41af	ST-1216: Insights sprint-widget — token KPI-kaartjes & per-job tabel (#114 ) * feat(ST-vmc7vpps): lib/insights/token-stats.ts — sprint KPI + per-job query SQL-queries voor totale tokens/kosten (KPI) en per-job tabel met ModelPrice JOIN. Guard op lege sprintId. Tests voor empty guard, KPI-mapping en null token-data. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(ST-vmc7vpps): TokenUsageCard — KPI-kaartjes + sorteerbare per-job tabel Client-component met drie KPI-strips (totaal tokens, kosten USD, gem. per job) en sorteerbare tabel op kosten of duur. Nulls als '—', MD3-tokens, geen hardcoded kleuren. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(ST-vmc7vpps): insights page — TokenUsageCard integreren Voeg getTokenStats + TokenUsageCard imports toe aan insights/page.tsx. tokenStats apart awaiten na activeSprints (kan niet in dezelfde Promise.all). TokenUsageCard-sectie toegevoegd na AgentThroughputCard. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-06 03:19:30 +02:00
Madhura68	fbf58d4e44	fix: admin-navigatie zichtbaar voor ADMIN-rol gebruikers - requireAdmin() checkt nu de database i.p.v. session.isAdmin (was altijd undefined) - loginAction stelt session.isAdmin in op basis van UserRole in de DB - registerAction stelt session.isAdmin = false expliciet in - NavBar toont 'Admin'-link conditioneel als roles.includes('ADMIN') - UserMenu ROLE_LABELS uitgebreid met ADMIN → 'Admin' - Tests aangepast: prismaUserRole.findFirst mock toegevoegd Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-05 20:46:27 +02:00
Madhura68	dfee518996	lib: idea-code generator + plan_md yaml-frontmatter parser (M12 T-494) - lib/idea-code.ts: pure formatIdeaCode helper (client-safe, no prisma) - lib/idea-code-server.ts: atomic nextIdeaCode via Prisma row-lock, accepts optional TransactionClient for combining with idea.create - lib/idea-plan-parser.ts: parsePlanMd extracts ---yaml---/body, runs yaml.parse + ideaPlanMdFrontmatterSchema, returns line-info on failure; CRLF-tolerant - adds yaml@^2.8.4 dependency - 8 unit tests (parser happy/missing/yaml-error/zod-error/empty-stories/CRLF; formatIdeaCode pad-3 + overflow) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-04 19:40:39 +02:00
Madhura68	bba3f11269	lib: idea schemas + status mappers + transition guards (M12 T-493) - lib/schemas/idea.ts: ideaCreateSchema, ideaUpdateSchema, ideaPlanMdFrontmatterSchema (yaml-frontmatter contract for materialize-step parser) - lib/idea-status.ts: bidirectional DB↔API mapping, canTransition state-machine guard, isIdeaEditable + isGrillMdEditable + isPlanMdEditable helpers - includes auto-regen docs/erd.svg from prisma generate Tests: 26 cases (status round-trip, transitions valid/invalid, schema validation edge-cases, priority bounds, verify-enum). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-04 19:38:52 +02:00
Madhura68	a0a10001d5	feat(rate-limit): per-user mutation-rate-limiting (v1-readiness #3 ) lib/rate-limit.ts: 11 nieuwe scope-configs + enforceUserRateLimit(scope, userId) helper. Returnt { error, code: 429 } shape voor consistent foutbeleid. Toegepast op de high-value mutation-paths: - actions/pbis.ts createPbiAction - actions/stories.ts createStoryAction - actions/tasks.ts saveTask (alleen create-path) + createTaskAction - actions/todos.ts createTodoAction - actions/sprints.ts createSprintAction - actions/products.ts createProductAction + createProductFormAction - actions/api-tokens.ts createApiTokenAction - actions/questions.ts answerQuestion - actions/claude-jobs.ts enqueueClaudeJobAction + enqueueClaudeJobsBatchAction - app/api/profile/avatar/route.ts POST - app/api/stories/[id]/log/route.ts POST Limits zijn ruim genoeg voor normaal gebruik, eng genoeg voor abuse-loops: create-task 100/min, create-todo 60/min, create-pbi 30/min, create-product 5/min, create-token 10/uur, etc. Per-user scope (geen globale block). Niet aangeraakt: reorder/status-toggle (intra-session frequent, lage abuse), update/delete (laag-volume), cron-routes (CRON_SECRET-gated). Consumer-tweaks: 'success' in result narrowing waar TS de bredere union niet meer accepteerde. Tests: 9 nieuwe op rate-limit-helper. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-04 13:48:59 +02:00
Madhura68	13ab53ab8d	feat(ST-1135): UA-redirect bij login — phone naar /m/* (T-322/T-323/T-324) - lib/user-agent.ts (nieuw): isPhoneUA() — Mobi-substring heuristiek (telefoons hebben Mobi, tablets/desktop niet) - actions/auth.ts loginAction: leest user-agent header na session.save(); phone-UA + actief product → /m/products/[id]/solo, zonder → /m/settings; tablet/desktop/null-UA → /dashboard (ongewijzigd) - Tests: 7 helper-cases + 6 loginAction-paden incl. demo-user Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-04 10:09:09 +02:00
Madhura68	7b32fc60e6	feat(ST-1134): (mobile) route group + auth-guard helper + manifest (T-321) - lib/auth-guard.ts (nieuw): requireSession() — gedeelde auth+paired-expiry guard, hergebruikt door (app)/layout.tsx - (app)/layout.tsx: refactor naar requireSession() (gedraagt zich identiek) - (mobile)/layout.tsx (nieuw): minimal layout met LandscapeGuard + MobileTabBar; geen NavBar/StatusBar/MinWidthBanner/bridges - /m/pair filesystem-move van (app)/ naar (mobile)/ — URL onveranderd - public/manifest.json: orientation landscape - Tests: requireSession-helper (3 paden) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-04 09:55:18 +02:00
Janpeter Visser	739037a60b	Agent throughput: jobs per dag stacked bar + KPI-strip (#49 ) * feat(insights): add getJobsPerDay helper — agent throughput per day + KPIs Raw SQL aggregation of claude_jobs by day and status over 14 days with zero-fill for missing days. KPIs: todayCount, successRate7d, avgDurationSeconds7d. Optional productId filter. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(insights): add AgentThroughputCard — stacked BarChart + KPI-strip + product filter KPI strip (jobs today, 7d success rate, 7d avg duration), 14-day stacked BarChart with JOB_STATUS_COLORS, and URL-bookmarkable product dropdown via useTransition + router.replace. Empty-state when no activity. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-02 16:30:06 +02:00
Janpeter Visser	af77553407	feat(insights): add getBacklogHealth helper — stuck tasks + missing AC/plan counts (#48 ) Three read-only counters: stories without acceptance_criteria, tasks without implementation_plan, and top-10 IN_PROGRESS tasks stuck >7 days. All scoped via productAccessFilter. Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-02 16:17:03 +02:00
Janpeter Visser	219d54b3e5	feat(insights): add getVelocity helper — DONE-tasks per completed sprint (#47 ) Aggregates task.status=DONE counts across last N completed sprints (default 5), filtered by productAccessFilter and returned in chronological order for x-axis rendering. Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-02 16:07:57 +02:00
Janpeter Visser	ce94fb48c3	Foundation: route, recharts, sprint-dates migration, chart-colors helper (#46 ) * feat(ST-1201): add Sprint start_date/end_date + claude_jobs index migration - Sprint model: optionele start_date en end_date (DATE) voor burndown x-as - CREATE INDEX claude_jobs(status, finished_at) voor agent-throughput-queries - Bestaande sprints houden NULL; burndown skipt die Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(ST-1202): add lib/chart-colors.ts + vitest coverage MD3-token-to-CSS-var mappings for STATUS, PRIORITY, VERIFY, JOB_STATUS and SERIES_COLORS; all 5 tests pass. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(ST-1203): add Insights link to NavBar Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(ST-1204): move Insights NavBar link between Solo and Todo's Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(ST-1205): add sprint start_date/end_date UI + server actions - createSprintAction + updateSprintDatesAction: Zod date validation with end_date >= start_date cross-check - start-sprint-button: date inputs in create dialog - sprint-header: date display button + edit dialog with updateSprintDatesAction - sprint page: select start_date/end_date for SprintHeader prop - Demo blokkade via bestaande isDemo checks - 6 tests groen (validation + demo guard) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-02 15:58:15 +02:00
Janpeter Visser	6c6c8b96b7	fix(realtime): force-destroy pg socket on cleanup timeout (SSE leak) (#44 ) Three SSE-routes (solo, backlog, notifications) each create a long- running pg.Client that LISTENs on scrum4me_changes. On abrupt close (Fast Refresh, browser refresh, Vercel function recycle) the pgClient.end()-await sometimes hangs silently, leaving the underlying socket connected to Postgres. The connection stays in 'idle' on Neon's side and after ~10-20 reconnects the connection-pool fills up — new SSE connects fail with ERR_INCOMPLETE_CHUNKED_ENCODING in the browser. Fix: shared `closePgClientSafely` helper that races client.end() against a 2 s timeout; on timeout it force-destroys the underlying socket so the OS releases the FD and Postgres notices the disconnect. Validated by direct DB inspection: 18 stale 'idle LISTEN'-connections were piled up before the fix; after manual pg_terminate_backend cleanup the SSE-stream stabilised. This change makes the pile-up impossible going forward. - new lib/realtime/pg-client-cleanup.ts - 3 routes use the helper instead of bare `await pgClient.end()` - 3 unit tests for the helper (timely-end, hang-falls-back-to-destroy, end-rejection-is-swallowed) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-01 20:04:22 +02:00
Janpeter Visser	ddd9b8b39b	feat: getVerifyResultStats helper + 5 Vitest-tests (lib/insights/verify-stats.ts) (#38 ) Aggregeert verify_result counts (ALIGNED/PARTIAL/EMPTY/DIVERGENT) en top-5 EMPTY/DIVERGENT jobs over de laatste N dagen voor de ingelogde gebruiker. Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-01 16:41:22 +02:00
Janpeter Visser	fb3e55b9c0	feat: getBurndownData helper + computeBurndownDays (lib/insights/burndown.ts) (#34 ) Server-side aggregatie per active sprint: bouwt time-series met remaining en ideal per dag. Inclusief 4 Vitest-unit-tests voor de pure computeBurndownDays functie. Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-01 16:41:12 +02:00
Janpeter Visser	9794a9baef	M13: Veilige Claude-agent-workflow (Scrum4Me-side) (#26 ) * feat: add pushed_at field to ClaudeJob schema Nullable DateTime column to record when the agent's feature branch was pushed to origin. Enables the UI to show a 'pushed' state independently of DONE status. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat: GitHub-link op DONE-card + pushed_at doorvoer - lib/job-status-url.ts: getBranchUrl(repoUrl, branch) → GitHub tree URL - JobState + ClaudeJobEvent: pushed_at? veld toegevoegd - realtime/solo/route.ts: pushed_at in Prisma-select, JobPayload en mapping - SoloBoardProps + TaskDetailDialog: repoUrl prop doorgevoerd - task-detail-dialog: "Open op GitHub"-link als done + pushed_at + branch + repoUrl - 3 unit-tests voor getBranchUrl; totaal 261 tests groen Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat: add VerifyResult enum, verify_only on Task, verify_result on ClaudeJob Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat: add verify_result+pushed_at to JobState, VerifyResultApi type, SSE payload Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat: verify_only field on SoloTask, PATCH route saves verify_only Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat: TaskDetailDialog — verify_result display + verify_only checkbox Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * test: verify_only PATCH + verify_result dialog render + store fix Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * docs: document VerifyResult enum, verify_only task field, pushed_at in architecture Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(M13): cron /api/cron/cleanup-agent-artifacts — hard-delete FAILED/CANCELLED jobs >7 days * feat(M13): add auto_pr field to Product schema + migration * feat(M13): auto_pr toggle in product settings — server action + UI component + tests * feat(M13): add pr_url to ClaudeJob schema + migration * feat(M13): UI — 'Open PR' link on DONE-card; pr_url in JobState + SSE + task-dialog * feat(M13): add retry_count migration + regen erd - Migration ALTER TABLE claude_jobs ADD COLUMN retry_count INT DEFAULT 0 (schema.prisma was reeds bijgewerkt in eerdere commits) - docs/erd.svg geregenereerd voor de complete M13-schema-wijzigingen (verify_result, verify_only, pushed_at, pr_url, auto_pr, retry_count) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-01 13:42:18 +02:00
Janpeter Visser	6cd98129f2	M14: TaskDialog (create/edit) + story auto-promotion (#21 ) * chore(ST-1112): add deps for task dialog Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(ST-1112): add shared zod schema for task dialog Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(ST-1112): add missing MD3 tokens for task dialog outline-variant, on-error-container, status-review (light + dark) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(ST-1112): add saveTask and deleteTask server actions for TaskDialog Unified create/edit action (saveTask) replaces separate formData-based actions for the new TaskDialog. Uses shared zod schema, structured SaveTaskResult union type, and context-aware revalidatePath for both sprint and backlog routes. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(ST-1112): add TaskDialog component (create & edit mode) Builds the full TaskDialog on top of the existing @base-ui/react Dialog primitive. Covers create mode, edit mode (status field + created_at metadata + delete), dirty-check AlertDialog, delete confirm AlertDialog, Cmd+Enter submit, and per-field char counters. Uses react-hook-form + zodResolver against the shared taskSchema. Priority and status are extracted to PrioritySegmented and StatusSelect sub-components using MD3 tokens throughout. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(ST-1112): refactor task-list to open TaskDialog via URL params Replaces inline create/edit forms with router.push navigation: - Clicking a task row → ?editTask=<id> - "+ Taak" button → ?newTask=1&storyId=<storyId> Removes CreateTaskForm, EditSubmitButton, updateTaskAction, and createTaskAction from the component. Status toggle and DnD remain unchanged. Rows now have cursor-pointer and keyboard a11y. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(ST-1112): wire TaskDialog into sprint page via searchParams Sprint page now reads ?newTask, ?storyId, and ?editTask query params. For edit mode: fetches the task server-side with productAccessFilter scope (invalid/foreign IDs redirect to closePath). Renders TaskDialog when either param is present. closePath is the sprint route without query params. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(ST-1112): add Suspense skeleton for edit-mode task loading Extracts task fetch into EditTaskLoader (async server component) so the sprint board renders immediately while the task loads. TaskDialogSkeleton shows 3 grey bars during the fetch. Invalid or out-of-scope task IDs redirect to closePath. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(ST-1112): render description as markdown in task-detail-dialog Solo task detail now renders description via react-markdown + remark-gfm with prose styling. Sanitizes script/iframe elements. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * test(ST-1112): add saveTask/deleteTask server action tests Covers all three demo-policy layers and cross-tenant scope: demo blocked (403), unauthenticated blocked, validation 422, edit cross-tenant forbidden, create cross-tenant forbidden, and happy-path for both edit and create. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(ST-1112): add updateTaskStatusWithStoryPromotion helper Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(ST-1112): wire story-promotion into saveTask and PATCH /api/tasks/:id Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * docs(ST-1112): add task-dialog doc and architecture note Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * chore: extend allowed tools in settings.local.json Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(ST-1113): add 200ms animation-delay to TaskDialogSkeleton to prevent flicker Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(ST-1114): add DirtyCloseGuard reusable component for dirty-form close confirmation Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(ST-1114): add shared Markdown wrapper, apply to task-detail and story-dialog Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * chore: allow grep -E pattern in settings.local.json Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-30 16:55:20 +02:00
Janpeter Visser	73087e9705	M13: Claude job queue — 'Voer uit'-knop + worker presence (ST-1111) (#18 ) * feat(ST-1111.1): add ClaudeJob model and state-machine enum Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(ST-1111.2): add ClaudeJob status API mappers Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(ST-1111.3): add enqueue/cancel ClaudeJob server actions with idempotency + NOTIFY Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(ST-1111.4): forward ClaudeJob events on solo SSE stream + initial state Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(ST-1111.6): add 'Voer uit' + cancel buttons to task detail dialog Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(ST-1111.7): add job status pill with spinner on solo task cards Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * test(ST-1111.8): cover job-status mappers and enqueue/cancel actions Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * docs(ST-1111.9): document Claude job queue architecture and agent flow Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(ST-1111.10a): add ClaudeWorker presence model Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(ST-1111.10c): forward worker presence events on solo SSE + initial count Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(ST-1111.10d): show worker presence indicator and gate 'Voer uit' on connected workers Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-29 19:51:48 +02:00
Janpeter Visser	8a9fb9d32b	M12 / ST-1109: PBI krijgt een status (Ready / Blocked / Done) (#16 ) * feat(ST-1109.2): add PbiStatus enum and status field to Pbi model - New PbiStatus enum (READY/BLOCKED/DONE) for PBI lifecycle tracking - Pbi.status PbiStatus @default(READY) - Index on (product_id, status) for filter queries - Migration: 20260429150643_add_pbi_status - ERD regenerated via prisma generate Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(ST-1109.3): add PBI status API mappers - pbiStatusToApi / pbiStatusFromApi following same pattern as task/story - PbiStatusApi type derived from PBI_DB_TO_API - PBI_STATUS_API_VALUES export for downstream Zod schemas - Lowercase API surface (ready/blocked/done), DB stays UPPER_SNAKE Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(ST-1109.4): support status in PBI create/update actions - Optional status field in Zod schemas (lowercase API: ready/blocked/done) - pbiStatusFromApi() maps to DB enum before persistence - Status omitted on create => Prisma @default(READY) takes effect - Update preserves existing status when not provided - Demo-check unchanged Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(ST-1109.5): auto-mark PBI as DONE when all its stories are DONE on sprint close Extends completeSprintAction's $transaction with PBI status cascade: - Pre-transaction: identify PBIs touched by this close (via stories.pbi_id), fetch each with all its stories - Skip PBIs already DONE; skip PBIs with 0 stories - Mark PBI DONE only when every story (post-decision) is DONE — stories outside the sprint are evaluated against their current DB status - Promote-only: never demotes a PBI that becomes "incomplete" again Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(ST-1109.6): add Popover primitive (base-ui wrapper) - Mirrors the Tooltip pattern: render-prop composition, data-slot attrs - Exports Popover (Root), PopoverTrigger, PopoverContent (Portal+Positioner+Popup) - MD3 popover/popover-foreground tokens, animated open/close states - Will be used to consolidate the backlog filter UI in ST-1109.8 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(ST-1109.7): add status select to PBI dialog - New components/shared/pbi-status-select.tsx mirrors PrioritySelect: PBI_STATUS_LABELS (NL), PBI_STATUS_COLORS, PbiStatusSelect component - Reuses existing --status-todo/blocked/done MD3 tokens - PbiDialog: status state with sync-on-open; default 'ready' for create, pbi.status for edit; hidden input submits lowercase API value - Priority + Status sit side-by-side in 2-col grid - PbiDialogPbi.status is optional; pbi-list.tsx will populate in ST-1109.8 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(ST-1109.8): show PBI status badge and consolidate filters into popover - Pbi.status (lowercase API) flows from page.tsx via pbiStatusToApi - Status badge rendered in BacklogCard's badge slot using PBI_STATUS_COLORS - Two old Select dropdowns replaced by single Popover with three pill-button sections (Sorteren, Prioriteit, Status) and a "Wis filters" footer - Filter trigger shows active count "(n)" badge in label - Active priority/status filters still surface as dismissable chips next to the trigger for at-a-glance feedback - onEdit passes the full Pbi (incl. status) so the dialog opens with the correct current status — closes the data flow loop opened in ST-1109.7 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * test(ST-1109.9): cover PBI status mappers and sprint-close cascade - __tests__/lib/task-status.test.ts: 11 cases incl. round-trip + invalid input for task/story/pbi mappers; verifies PBI_STATUS_API_VALUES shape - __tests__/actions/sprints-cascade.test.ts: 8 cases for completeSprintAction: promote on all-DONE, no promote on partial OPEN, respect out-of-sprint story status, skip already-DONE PBIs, multi-PBI cascade, 0-story guard, demo-user block - Full vitest run: 170/170 green across 21 files Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * docs(ST-1109.10): document PbiStatus enum, sprint-close cascade, and filter UI - docs/scrum4me-architecture.md: pbis-table updated with status column + index; PbiStatus enum + Pbi model in the Prisma schema sample; cascade-on-sprint-close rule documented inline - docs/scrum4me-styling.md: short note pointing to PBI_STATUS_LABELS / PBI_STATUS_COLORS in components/shared/pbi-status-select.tsx so future components don't ad-hoc-copy the color map - docs/plans/ST-1109-pbi-status.md: in-repo mirror of the approved plan (per feedback_plan_location memory) with cascade pseudo-code and end-to-end verification checklist Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(ST-1109.11): persist backlog filters in localStorage Filters reset op reload was verwarrend. Nu net als sortMode: - scrum4me:pbi_filter_priority — 'all' \| '1' \| '2' \| '3' \| '4' - scrum4me:pbi_filter_status — 'all' \| 'ready' \| 'blocked' \| 'done' useState-init met SSR-guard; ongeldige waarden vallen terug op 'all'. Wis filters reset alle drie de keys correct (sortMode -> 'priority', beide filters -> 'all'), waardoor de localStorage-staat consistent wordt. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-29 17:52:34 +02:00
Janpeter Visser	74616432d2	M10: Password-loze inlog via QR-pairing (ST-1001..ST-1008) (#12 ) * chore(M10): swap demo-active sprint from M3.5 to M10 M3.5 was de demo-actieve sprint zolang er geen recentere milestone in progress was. Nu M10 het actieve werk is, willen we dat get_claude_context (en implement_next_story) ST-1001 als next-story teruggeven i.p.v. ST-350. Vereist een herhaling van npx prisma db seed na deze commit. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * chore(M10): gate Solo demo-stories on M3.5 active milestone De hardcoded Solo Paneel-demoset uit M3.5 (priority=2) schreeuwt over de parser-driven M10-stories heen (priority=4) en laat get_claude_context op "Gebruikersauthenticatie opzetten" wijzen i.p.v. ST-1001. Sluit het blok nu alleen open als de actieve sprint van het Scrum4Me-product M3.5 betreft. Voor M10+ leveren de parser-stories zelf de bord-content; de demo-set blijft beschikbaar als M3.5 ooit weer ACTIVE wordt voor demo-doeleinden. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * chore(M10): drop hardcoded Solo Paneel demo data from seed DB wordt voortaan leidend voor de werkstaat; testdata voor andere projecten / demo-scenario's komt elders. Deze hardgecodeerde set was specifiek gemaakt voor de M3.5 Solo Paneel-demo en raakt nu het next_story-resultaat: priority=2 won van de M10 parser-stories (priority=4) waardoor get_claude_context op 'Gebruikersauthenticatie opzetten' bleef hangen i.p.v. ST-1001. Vervangt de eerdere M3.5-gating-aanpak (commit `0e3228d`) — schoner om het helemaal weg te halen dan met een conditional aanwezig te houden. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * chore(M10): add npm run seed shortcut Wrapt prisma db seed (die de bestaande prisma.seed-config in package.json gebruikt) zodat re-seeden één korte invocatie wordt zonder de prisma-CLI-syntaxis te onthouden. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(ST-1001): add LoginPairing model + pg_notify trigger via migration Schema (prisma/schema.prisma): - model LoginPairing met id (cuid), secret_hash + desktop_token_hash (beide NOT NULL — scheiden mobiel- en desktop-bewijs), status (pending\|approved\|consumed \|cancelled), optionele user_id met onDelete: SetNull, desktop_ua VarChar(255), desktop_ip VarChar(45) voor IPv6, created_at + expires_at + approved_at + consumed_at, indexes op (expires_at) en (status, expires_at) - back-relation login_pairings LoginPairing[] op User Migratie (20260427200734_add_login_pairing): - Prisma-gegenereerde DDL voor login_pairings + indexes + FK - Toegevoegde notify_pairing_change() functie + login_pairings_notify trigger op AFTER INSERT/UPDATE; emit pg_notify('scrum4me_pairing', payload) met { op: 'I'\|'U', pairing_id, status } - DELETE niet ondersteund — pairings gaan naar consumed/cancelled, niet weg - Channel naam analoog aan scrum4me_changes uit ST-801 Verification: Node pg-client roundtrip-test via DATABASE_URL toonde notifies bij INSERT (op=I) en UPDATE (op=U) met correcte payload-shape. Bouwt voort op M8 LISTEN/NOTIFY-infra. SSE-route /api/auth/pair/stream/[id] in ST-1004 abonneert hierop. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(ST-1002): add pairing helpers, pre-auth cookie + paired-session guard lib/auth/pairing.ts: pure crypto-helpers voor de QR-pairing flow. - generateMobileSecret() / generateDesktopToken() — beide 32 bytes base64url, los zodat ze elkaar niet onthullen - hashToken(t) — sha256-hex - verifyToken(t, hash) — timingSafeEqual met length-guard - isPairedSessionExpired(session) — geëxtraheerde helper zodat de Server- Component-render Date.now() niet rechtstreeks aanroept (React Compiler-flag) lib/auth/pair-cookie.ts: HttpOnly pre-auth cookie helpers (s4m_pair). - Path=/api/auth/pair, Max-Age=120s (gelijk aan pending-TTL pairing), SameSite=Lax, Secure in productie lib/session.ts: SessionData uitgebreid met optionele paired + pairedExpiresAt. app/(app)/layout.tsx: guard die paired-sessies vernietigt zodra pairedExpiresAt verstreken is en redirect naar /login. Tests: 14 unit-tests in __tests__/lib/auth/pairing.test.ts dekken hash- determinisme, timing-safe verify (true/false/length-mismatch), generator- uniciteit en vier expiry-scenario's voor isPairedSessionExpired. Quality gates: npm run lint (0 errors), tsc --noEmit clean, vitest 111/111. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(ST-1003): add /api/auth/pair/start with rate-limit + pre-auth cookie POST /api/auth/pair/start (anon, runtime: 'nodejs'): - Geen authenticateApiRequest — desktop heeft nog geen sessie - Genereert los mobileSecret + desktopToken via lib/auth/pairing - Persisteert alleen sha256-hashes in login_pairings; status='pending', expires_at = now + 2 min - Slaat user-agent + best-effort IP op (afgekapt op kolom-grootte) - Set-Cookie via setPairCookie helper: HttpOnly, Path=/api/auth/pair, Max-Age=120, SameSite=Lax - Response body: { pairingId, mobileSecret, expiresAt, qrUrl } met qrUrl = origin/m/pair#id=…&s=… → secret reist alleen via fragment (#…), nooit in querystring of access logs Rate-limit: 'pair-start' expliciet aan lib/rate-limit.ts CONFIGS toegevoegd voor self-documentatie (10/min, gelijk aan login). Tests __tests__/api/pair-start.test.ts (6 cases): - 200 met body-shape (pairingId, mobileSecret 43-char base64url, qrUrl met fragment, expiresAt ISO) - alleen hashes in DB, geen plaintext - cookie set met juiste opties - UA + IP afgekapt op kolom-grootte - IP=null als x-forwarded-for ontbreekt - 11e POST levert 429 met NL foutmelding Quality gates: lint 0 errors, tsc clean (na prisma generate), vitest 117/117. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(ST-1004): add SSE /api/auth/pair/stream with cookie auth GET /api/auth/pair/stream/[pairingId]: - runtime: 'nodejs', maxDuration: 300, dynamic: 'force-dynamic' - Auth via s4m_pair HttpOnly cookie (readPairCookie + verifyToken tegen desktop_token_hash); 401 zonder cookie of bij hash-mismatch, 404 als pairing onbekend, 410 als verlopen — geen geheim materiaal in URL of querystring - Hergebruikt LISTEN/NOTIFY-pattern uit app/api/realtime/solo/route.ts: ReadableStream + dedicated pg.Client + heartbeat 25s + hard-close 240s - Channel: scrum4me_pairing; filter notifies op pairing_id-match - Initial 'state'-event direct na connect met huidige status (voorkomt race waarbij approve net vóór SSE-open landt — desktop ziet 'm alsnog) - Auto-close zodra status consumed/cancelled binnenkomt - Fallback DIRECT_URL → DATABASE_URL (de eerste staat lokaal op een placeholder) Tests __tests__/api/pair-stream.test.ts (4 cases — auth-paden): - 401 zonder cookie (en geen DB-call gedaan) - 404 op onbekende pairingId - 410 op verlopen pairing - 401 op cookie/hash-mismatch Full-stream-test (LISTEN+notify-roundtrip) is een handmatige acceptatietest in ST-1008 — niet zinvol te mocken voor v1. Quality gates: lint 0 errors, tsc clean, vitest 121/121. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(ST-1005): add pairing server actions + mobile confirmation page actions/pairing.ts (Server Actions, volgt docs/patterns/server-action.md): - getPairingForApproval(pairingId, mobileSecret): auth + Zod + lookup + status + expiry + verifyToken-check; retourneert UA/IP/username voor de bevestigingspagina. Demo MAG aanroepen (read-only). - approvePairing: zelfde checks PLUS demo-blokkade (session.isDemo). Update status pending→approved, zet user_id + approved_at, bumpt expires_at +5min. Postgres-trigger emit pg_notify automatisch — desktop-SSE pikt het op. - cancelPairing: status pending→cancelled. Demo mag annuleren. - Tagged-union return-type uit loadPendingPairing voor schone discriminatie. app/(app)/m/pair/page.tsx (Server Component, achter (app)/layout-guard): - Geen searchParams uitlezen — page leest URL niet. Alleen statische uitleg + PairConfirmation client-island. app/(app)/m/pair/pair-confirmation.tsx (Client Component): - useEffect parseert window.location.hash voor #id=…&s=… (server ziet de fragment nooit) - Roept getPairingForApproval om UA/IP/username op te halen - Toont kaart "Inloggen als <username> op dit apparaat?" met UA + IP + expliciete waarschuwing tegen phishing-QR; Bevestig/Annuleer-knoppen - Na approve: window.history.replaceState wist de hash zodat back/forward de secret niet meer onthult; transitioneert naar success-state - queueMicrotask voor synchrone setState om React-Compiler "cascading renders" warning te vermijden Tests __tests__/actions/pairing.test.ts (11 cases): - getPairingForApproval: ok + 5 fail-paths (geen sessie, approved, verlopen, verkeerd secret, ongeldige cuid) - approvePairing: happy + demo-block + verkeerd secret (geen DB-write) - cancelPairing: happy + demo mag annuleren Quality gates: lint 0 errors, tsc clean, vitest 132/132. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(ST-1006): add /api/auth/pair/claim with atomic consume + iron-session POST /api/auth/pair/claim (cookie-auth, runtime: 'nodejs'): - Auth via s4m_pair HttpOnly cookie alleen — body bevat enkel pairingId, geen secret. Het cookie-token is het bewijs. - Atomic state-transitie via prisma.loginPairing.updateMany met composite WHERE (id + status='approved' + desktop_token_hash + expires_at > now); PostgreSQL row-locking garandeert dat concurrent dubbele claims slechts één count=1 zien — de rest 410. - Bij geen rij geüpdate: tweede findFirst om te disambigueren tussen 401 (cookie matcht geen pairing) en 410 (al consumed/cancelled). Cookie altijd gecleared bij faalpaden om herhaalde verwerking te voorkomen. - Bij succes: getIronSession schrijft scrum4me-session-cookie met userId + isDemo (uit user-record als vangnet) + paired=true + pairedExpiresAt = now+8h (kortere TTL voor publieke desktops). s4m_pair wordt gecleared. - Logging onder NODE_ENV !== 'production' alleen pairingId, nooit cookie of mobileSecret. Tests __tests__/api/pair-claim.test.ts (7 cases): - 200 happy: updateMany met juiste WHERE, iron-session payload (userId, isDemo, paired, pairedExpiresAt ~8h), save() called, s4m_pair cleared - demo-vangnet: isDemo=true wordt doorgezet - 401 zonder cookie (geen DB-call) - 400 op malformed body - 400 zonder pairingId - 410 op tweede claim (al consumed, cookie cleared, geen session.save) - 401 op cookie/hash-mismatch (cookie cleared) Quality gates: lint 0 errors, tsc clean, vitest 139/139. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(M10): bump pending-TTL to 5min + repair MD3 contrast on pair page TTL: 2 min was te kort voor handmatig curl-paste-confirm-testen — gebruiker zag 'Pairing verlopen' voor hij kon bevestigen. Bumpt naar 5 min (gelijk aan approved-TTL): nog steeds tight voor security, ruim voor menselijke reactie. - app/api/auth/pair/start/route.ts: PENDING_TTL_MS 120s → 300s - lib/auth/pair-cookie.ts: MAX_AGE_SECONDS 120 → 300 - __tests__/api/pair-start.test.ts: maxAge en expires_at-window meegegroeid Kleuren: bevestigingspagina gebruikte bg-destructive/10 + text-destructive- foreground — beide lichte kleuren, te weinig contrast. Vervangen door MD3 container-tokens (zelfde patroon als components/auth/auth-form.tsx): - error-state: bg-error-container + text-error-container-foreground + border-l-4 border-error - approved-state: bg-success-container + foreground + accent-border - cancelled-state: bg-surface-container-high + neutral foreground Quality gates: lint 0 errors, tsc clean, vitest 139/139. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(ST-1007): add QR login button on /login with SSE listener Voltooit de desktop-zijde van de QR-pairing-flow. Gebruiker klikt "Inloggen via mobiel" naast het wachtwoord-formulier → krijgt een QR-code → telefoon scant en bevestigt → desktop wordt automatisch ingelogd zonder dat er ooit een wachtwoord is getypt op het publieke apparaat. app/(auth)/login/qr-login-button.tsx (Client Component): - Phase-state: idle \| starting \| showing \| expired \| claiming - klik → POST /api/auth/pair/start (credentials:'same-origin' voor s4m_pair) - QRCodeSVG met fragment-URL als value (level=M, 200px); aria-label - EventSource('/api/auth/pair/stream/<id>', { withCredentials: true }) vereist voor cookie-auth — standaard verstuurt EventSource geen credentials - bij data.status === 'approved': es.close → POST /pair/claim → router.push('/dashboard') - aftellende timer (mm:ss); bij 0s → 'expired' state met Vernieuwen-knop - cleanup bij unmount: removeEventListener + close - A11y: <details> sectie toont fragment-URL als kopieerbare tekst voor screenreaders en gebruikers zonder camera app/(auth)/login/page.tsx: QrLoginButton onder het bestaande wachtwoord-form met "of"-divider, achter de bestaande surface-container-low styling. Dependency: qrcode.react ^4.2.0 (client-side SVG; geen extra round-trip; mobileSecret blijft op desktop in JS-geheugen). Quality gates: lint 0 errors, tsc clean, vitest 139/139, next build slaagt (login-route static, m/pair en pair/* dynamic). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * docs(ST-1008): document QR-pairing endpoints, flow, threat-model + pattern docs/API.md — nieuwe sectie 'Auth — QR-pairing (M10)' met alle drie endpoints (start, stream, claim), cookie-mechaniek, foutcodes (400/401/410/429), curl-voorbeelden inclusief --cookie-jar. docs/scrum4me-architecture.md — sectie 'QR-pairing flow' met: - Mermaid sequence-diagram (start → QR → scan → approve → claim) - Threat-model (replay, phishing-QR, demo-block, rate-limit, secret-leak, long-lived sessie) met expliciete mitigaties - TTL-rationale voor de drie tijden (5min pending / +5min approved / 8u paired) - Subsectie 'Waarom geen secret in URL' — fragment-eigenschap + HttpOnly cookie + twee gescheiden hashes docs/patterns/qr-login.md — herbruikbaar pattern 'QR-pairing via unauth-SSE + pre-auth cookie' met de drie endpoints, vier security-uitgangspunten, sjabloon-bestanden, TTL-richtlijn, en wanneer NIET te gebruiken. CLAUDE.md — extra rij in Implementatiepatronen-tabel die naar het nieuwe pattern-doc verwijst. Acceptatie ST-1008 (zeven scenario's): - Happy path: gedekt door manuele E2E in vorige stories (gebruiker bevestigde dat M10-stories op Solo bord verschijnen + curl-roundtrip werkt) - Demo-block: actions/pairing.test.ts → approvePairing demo → Niet beschikbaar - Replay: pair-claim.test.ts → 410 op tweede claim - Expiry tijdens pending: pair-stream.test.ts + pairing.test.ts → 410/error - Expiry tussen approve+claim: pair-claim.test.ts → 410 - Cookie-mismatch op SSE/claim: pair-stream.test.ts + pair-claim.test.ts → 401 - Secret niet in URL/logs: per ontwerp — fragment + cookie reizen niet via URL-paden of querystrings (gedocumenteerd in architecture.md) Quality gates: lint 0 errors, tsc clean, vitest 139/139 (16 files). M10 is hiermee compleet — feat/M10-qr-login bevat 13 commits klaar voor gebruiker-acceptatie en PR. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix: move logout form outside DropdownMenuContent so requestSubmit fires UserMenu's hidden logout-form zat binnen <DropdownMenuContent>. Wanneer een DropdownMenuItem onSelect vuurt, sluit base-ui de menu en unmount het content-portal in dezelfde tick — waardoor de form verdwijnt voordat requestSubmit() wordt aangeroepen, en logoutFormRef.current null is. Form naar top-level van het component verplaatsen (als sibling van DropdownMenu, binnen Fragment) houdt de ref geldig. Geen DOM-side-effecten — form is hidden, zat nooit visueel in het menu. Quality gates: lint 0 errors, tsc clean. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix: call logoutAction directly via useTransition instead of form-ref submit De form-ref-dance werkte niet betrouwbaar in de huidige base-ui: - onSelect vuurde requestSubmit() op een hidden form - Form zat eerst binnen DropdownMenuContent (form geunmount → ref null) - Form daarna naar top-level verplaatst — vuurde nog steeds geen request af, vermoedelijk doordat onSelect in deze base-ui-build niet (consistent) een click-event genereerde dat de form-API trigger'de Vervang door directe call: Server Actions kunnen sinds Next.js 14 als async functie worden aangeroepen vanuit Client Components. useTransition voorkomt dat de UI bevriest tijdens de redirect. Naast onSelect ook onClick als veiligheid voor het geval base-ui later weer van event-prop wisselt — beide handlers wijzen naar dezelfde idempotente function (handleLogout via startTransition). Pendingstate ('Uitloggen…' label, disabled item) zodat dubbele klikken niet dubbele logoutAction-calls afvuren. Quality gates: lint 0 errors, tsc clean. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(ST-1007): listen for SSE 'state' event so approve-during-connect resolves De SSE-route in ST-1004 stuurt de catch-up payload als `event: state\ndata: …` om een race te dichten: tussen pair/start en SSE-open kan de mobiel approven, de pg_notify fired vóór onze LISTEN actief is en gaat verloren (Postgres queuet niet). De server compenseert door direct na connect een `state`-event te sturen met de huidige status uit de DB. Maar de client luisterde alleen op 'message'. EventSource routeert events met `event: <name>` enkel naar listeners voor die exacte naam — het catch-up event werd dus genegeerd. Gevolg bij een (zeldzame) race: QR blijft hangen tot expiry omdat noch de notify noch de catch-up doorkomt. Fix: dezelfde onMessage-handler ook aan 'state' binden (en netjes unsubscriben bij cleanup). Geen server-side wijziging nodig — protocol bleef bewust om de semantische scheiding 'initial state' vs 'live notify' te behouden voor toekomstige clients die er onderscheid in willen maken. Severity: middel-laag — kleine race-window, geen data/security-impact, alleen "QR doet niks" tot user op Vernieuwen klikt. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(M10): close pair/stream race + demo-block on cancelPairing Twee P1's uit code-review: (1) pair/stream race: de findUnique die de pairing-status leest gebeurde vóór LISTEN actief was. Als de mobiel approvet tussen die query en LISTEN: pg_notify fired in dat venster gaat verloren (Postgres queuet niet voor abonnees die nog niet listen) én was de eerder gelezen status stale. De catch-up state- event emitte dus 'pending' terwijl de DB inmiddels 'approved' was, en de desktop bleef hangen tot expiry. Tweede findUnique toegevoegd ná LISTEN actief is: het venster sluit, omdat elke approve na dat punt via de notify-handler doorkomt. Aanvullend op de eerdere client-side fix die 'state' events nu ook routeert (commit `d6e71f9`). (2) cancelPairing demo-block: cancel was een DB-write zonder demo-guard, in tegenspraak met de "demo = 403 op writes"-regel. Demo-blokkade toegevoegd; bestaande test omgedraaid naar 'wordt geblokkeerd, geen DB-write'. Quality gates: lint 0 errors, tsc clean, vitest 139/139. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-28 00:01:04 +02:00

19 commits