* docs(ST-1001..1008): add M10 — QR-pairing login milestone to backlog
Plant acht stories ST-1001..ST-1008 voor password-loze inlog via QR-pairing.
Mobiele bevestiging met UA+IP, demo-blokkade, paired-sessie 8u TTL.
Security-uitgangspunt: mobileSecret reist alleen via QR-fragment + POST-body,
desktop-SSE/claim via HttpOnly pre-auth cookie — geheim materiaal nooit in
URL-paden, querystrings, access logs of browsergeschiedenis. Twee gescheiden
hashes in DB (secret_hash + desktop_token_hash). Bouwt voort op M8 LISTEN/NOTIFY-
infra met eigen channel scrum4me_pairing.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* chore(ST-1001..1008): teach backlog parser about M9 + M10
M9 (Actief Product Backlog) was bij eerdere merge per ongeluk overgeslagen in
de drie milestone-maps; viel terug op fallbacks. Nu expliciet, samen met M10
(QR-pairing). Parser self-test toont 12 milestones / 118 stories / 190 tasks.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* docs(ST-1001..1008): document QR-login flow in functional spec + persona
Voeg F-01b (Inloggen via mobiel via QR-pairing) toe aan de functional spec met
acceptatiecriteria, randgevallen en datamodel. Beveiligingsuitgangspunt
expliciet: mobileSecret in URL-fragment en HttpOnly desktop-cookie zodat geheim
materiaal nooit in URL-paden of access logs belandt.
Lars-persona krijgt de bijbehorende use-case (publieke/geleende laptops bij
klantbezoek of familie) zodat de feature een herkenbare aanleiding heeft in v1.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* docs(ST-1001..1008): add M10 implementation plan + link from backlog
Volledig implementatie-plan per story (Bestanden / Stappen / Aandachtspunten /
Verificatie) in dezelfde stijl als M9. Citeert de patronen uit
docs/patterns/iron-session.md, route-handler.md en server-action.md, en
hergebruikt het LISTEN/NOTIFY-pattern uit app/api/realtime/solo/route.ts.
Bevat ook commit/branch-strategie per laag, reseed-stap voor de MCP-context, en
verificatie-acceptatie inclusief log-controle dat geheim materiaal niet in
access logs belandt.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* docs: enforce one-branch-per-milestone policy to limit Vercel builds
Vercel preview-deployments worden bij elke push naar een feature-branch
getriggered en kosten op het Hobby-account budget. Voeg expliciete Branch & PR
Strategy toe aan CLAUDE.md: één branch per milestone, commits accumuleren
lokaal, push + PR pas na handmatige gebruiker-acceptatie. Uitzonderingen voor
planning-only PR's (alleen docs) en hotfixes.
Update tegelijk de branch/commit-strategie-tabel in het M10-implementatieplan
zodat die de nieuwe policy weerspiegelt (één branch feat/M10-qr-login,
chronologische commits per stap, push pas bij groene happy-path-acceptatie).
Bevat een 'Wanneer aanpassen'-sectie zodat de regel makkelijk teruggedraaid kan
worden zodra het account naar Pro gaat.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* feat(tooling): extend backlog parser to support PBI-x milestone headers
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* chore(backlog): mark ST-801–806 as done
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* feat(backlog): sorteer PBI's en stories op prio/code/datum, onthoud keuze in localStorage; vergroot sprint-afronden dialoog
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* feat(ST-901): add user.active_product_id with FK to Product
- Nullable relation User → Product with onDelete: SetNull
- Index on active_product_id for join performance
- Migration: 20260427165329_add_user_active_product_id
- Install @tanstack/react-table (was missing from node_modules)
- Fix PRIORITY_COLORS ref removed in earlier refactor
- Note: User schema change affects vendor/scrum4me-mcp submodule — run prisma generate + tsc --noEmit there after merge
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix: restore priority color on PBI filter pill
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* feat(ST-902): add setActiveProduct + clearActiveProduct server actions
- actions/active-product.ts: setActiveProductAction validates access via
productAccessFilter, rejects archived products and demo users
- archiveProductAction: clears active_product_id for all affected users in transaction
- removeProductMemberAction: clears active_product_id for removed member
- leaveProductAction: clears active_product_id for leaving user
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* feat(ST-903): load active product in layout, replace cookie with DB lookup in solo
- layout.tsx: fetch active_product_id, resolve product, clear stale ref server-side
- NavBar: add activeProduct prop (rendering changes in ST-904)
- solo/page.tsx: redirect via user.active_product_id instead of lastProductId cookie
- proxy.ts: remove lastProductId cookie logic
- lib/cookies.ts: deleted (no longer used)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* feat(ST-904): split NavBar into 5 tabs with disabled-states and product-switcher dropdown
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* feat(ST-905): add Activeer button per product row in dashboard and product header
* feat(ST-906): redirect to dashboard with toast when active product becomes inaccessible
* feat(ST-907): tests for active-product actions and functional spec update for M9
* docs(M9): add implementation plan document and link from backlog
* feat: active PB indicator, Maak actief button and new product link in settings
* feat: apply priority-color card style to sprint story rows
* fix: move add-to-sprint click from entire card to + Toevoegen button
* feat: apply priority-color card style to sprint task rows
* fix(sprint-backlog): prevent text selection on PBI collapse button
* chore: bump version to 0.4.0 (M9 active product backlog)
* fix(landing): align logged-in nav left to match app NavBar
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Plan voor live updates in het Solo Paneel: Server-Sent Events op een
Node.js-runtime route die luistert naar Postgres NOTIFY's op tasks/
stories. Eén bron van waarheid (DB) — werkt onafhankelijk of een
mutatie van de web-UI, REST API of MCP-server komt.
Zes stories:
- ST-801 trigger-functie + triggers
- ST-802 SSE-route /api/realtime/solo
- ST-803 useSoloRealtime hook
- ST-804 solo-store realtime-acties
- ST-805 wire-up + UI-indicator
- ST-806 documentatie + acceptatie
Volledig plan in .Plans/2026-04-27-m8-realtime-solo.md (lokaal).
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The MCP server for Claude Code shipped as a separate private repo,
madhura68/scrum4me-mcp. Document the milestone here so the backlog
stays the canonical source. All ten stories already complete and
covered by an e2e smoke-test against the live DB.
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* docs(ST-511): add backlog entry for entity codes feature
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* fix(ST-511): add createWithCodeRetry helper to handle P2002 race on auto codes
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* fix(ST-511): retry on auto-code unique conflict in story and pbi create
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* fix(ST-511): surface field errors for code and title in PBI dialog
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* fix(ST-511): read create-state errors in Story dialog fieldError
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* docs(ST-512): add backlog entry for REST API code/description/implementation_plan extensions; mark ST-511 done
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* feat(ST-512): extend REST API with code, description and implementation_plan
- GET /api/products returns code, description and definition_of_done
- GET /api/products/:id/next-story returns story.code and per-task code + implementation_plan
- GET /api/sprints/:id/tasks returns description, implementation_plan, story_code and derived per-task code
- POST /api/todos accepts and returns optional description (max 2000)
All changes are additive — existing clients ignore unknown keys.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* docs(ST-512): mark ST-512 as done
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* docs(ST-513): add backlog entry for API hardening for Claude Code
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* feat(ST-513): add task and story status mappers for API boundary
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* feat(ST-513): expose lowercase status on API and accept lowercase in PATCH /api/tasks
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* feat(ST-513): add metadata JSONB column to StoryLog
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* feat(ST-513): accept optional metadata in story log and switch validation errors to 422
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* feat(ST-513): add GET /api/health endpoint with optional db ping
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* feat(ST-513): add GET /api/products/:id/claude-context bundled endpoint
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* docs(ST-513): add docs/API.md and link from CLAUDE.md specs table
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* docs(ST-513): mark ST-513 as done
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* fix(ST-513): split 400 (malformed JSON) from 422 (validation), reject 'review'
Codex review on PR #2:
- P2.1: routes treated JSON parse failures as 422 instead of 400, breaking
the contract in docs/API.md. Replace `request.json().catch(() => null)`
with try/catch in 4 routes (tasks, reorder, todos, story-log) so a
malformed body returns 400 and only well-formed-but-invalid bodies
return 422.
- P2.2: PATCH /api/tasks/:id accepted `status: "review"`, but the sprint
task list UI does not render REVIEW (no label/color, the cycle helper
falls back to TO_DO). Reject `review` at the API until the sprint UI
is extended; document the subset in docs/API.md.
Tests in __tests__/api updated for the new contract (29 assertions:
zod-failures now expect 422, status payloads use lowercase API values,
sprint-tasks mocks include the new story relation).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
All M0–M6 implementation tasks are done. Build passes, all 7 API
route handlers verified present, accessibility fixes applied.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
ST-509: selectie-checkbox voor bulk-archivering (archiveSelectedTodosAction),
aparte rij-klik voor detail-kaart, paginatelling toegevoegd.
ST-510: done-toggle in kaart, promote-knoppen in kaart (→ PBI / → Story),
updateTodoAction dekt title + product_id + done.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Voegt ST-509 (Data Table met TanStack, filter, paginering) en ST-510
(detail-kaart voor aanmaken/bewerken/promoveren) toe aan de backlog.
ST-501–505 gemarkeerd als vervangen door het nieuwe ontwerp.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Settings:
- "Mijn teams" vervangen door gecombineerde "Product Backlogs" sectie
- Toont eigen producten (badge Eigenaar) en team-lidmaatschappen (badge Developer)
- Productnaam is klikbaar naar de product backlog
- "Verlaten"-knop met bevestiging alleen voor Developer-lidmaatschappen
- Lege staat met link naar product aanmaken
Docs:
- architecture.md: users tabel aangevuld met bio/bio_detail/avatar_data;
Prisma schema excerpt bijgewerkt; projectstructuur bijgewerkt (profile route, ProfileEditor)
- functional-spec.md: F-02b gebruikersprofiel en F-02c PB-overzicht toegevoegd;
datamodel users rij bijgewerkt; settings route bijgewerkt
- backlog.md: ST-507 profiel en ST-508 PB-overzicht toegevoegd als afgerond
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Next.js 15 → 16 in architecture doc en stack-tabel
- ProductMember model toegevoegd aan datamodel-sectie en Prisma schema excerpt
- implementation_plan veld gedocumenteerd bij tasks tabel
- lib/product-access.ts en components/products|settings toegevoegd aan projectstructuur
- Functionele spec: MVP-scope bijgewerkt met teambeheer; scope-bullet uitnodigingsflow aangepast
- Rolbeheer-spec: acceptatiecriterium "geen effect in v1" vervangen door Developer-vereiste voor teams
- v2 backlog: multi-user item herschreven naar uitnodigingsflow (basis teambeheer is nu v1)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- scrum4me-*.md en MD3_Color_Scheme_Documentation.md verplaatst naar docs/
- Srum4MeIcons.html verplaatst naar docs/icons.html
- theme.css verplaatst van root naar app/styles/theme.css
- Import in globals.css bijgewerkt
- Alle app-iconen vervangen door nieuw logo (icon-master-light.svg)
- AppIcon component bijgewerkt met nieuw SVG
- CLAUDE.md verwijzingen bijgewerkt
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
