5d457d68bf
feat(06.2-05): clear filters button and active filter count in AuditLogTab
...
- Add clearFilters() function that resets all filter fields and refetches
- Add activeFilterCount computed property (counts non-empty filter fields)
- Add "Clear filters" button (visible only when activeFilterCount > 0)
- Wrap Export CSV button with filter count indicator (amber text below button)
- Add computed to vue import
2026-05-31 20:11:02 +02:00
f5e111bfa2
feat(06.2-05): actionable cloud error + audit log @ prefix
...
- CloudFolderView: detect no-connection error and show actionable message
directing user to Settings; add router-link to /settings and Retry button
- AuditLogTab: prefix user handles with @ in the User column
2026-05-31 20:10:22 +02:00
045e723f7a
feat(06.2-05): show @handle in AccountView and AdminUsersTab
...
- Add Username row (@handle) to Account information section in AccountView.vue
- Add Handle column (th + td with @prefix) to users table in AdminUsersTab.vue
- Both use existing data already present in API responses (no backend changes)
2026-05-31 20:09:50 +02:00
6307d9dd86
test(06.2): update UAT with root cause diagnoses for all 4 gaps
2026-05-31 20:01:56 +02:00
1d8c7dba91
test(06.2): complete UAT — 3 passed, 4 issues, 2 skipped, 2 blocked
2026-05-31 16:10:54 +02:00
77263bd569
docs(phase-06.2): mark validation strategy nyquist-compliant
...
All 11 Wave 0 test stubs verified green (50 passed, 4 xfailed).
Updated per-task map, wave 0 checklist, sign-off, and audit trail.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-31 15:44:25 +02:00
73b180ac9d
docs(phase-06.2): add security threat verification report
...
16/16 threats CLOSED — mitigate dispositions verified in code with exact file:line citations.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-31 15:41:33 +02:00
f037d2be45
docs(06.2): add phase verification report
2026-05-31 15:36:08 +02:00
758d1a687e
docs(06.2): add code review report
2026-05-31 15:29:57 +02:00
abb964531f
docs(phase-06.2): update tracking after wave 2 — plan 06.2-04 complete
2026-05-31 15:24:44 +02:00
46f7505e36
chore: merge executor worktree (worktree-agent-af66944050628b0e4)
2026-05-31 15:23:36 +02:00
893da5b9ba
docs(06.2-04): complete ADMIN-06 audit enrichment + daily exports — 10 tests pass
...
- Handle-enriched audit log (user_handle, actor_handle via aliased double-JOIN)
- user_handle filter with handle-to-UUID resolution, empty result for unknown handles
- fetch+Blob CSV export replacing window.location.href (T-06.2-04-03)
- GET /audit-log/daily-exports and /daily-exports/{date} with date regex validation
- Daily exports section in AuditLogTab with date dropdown + Download button
- Full audit test suite: 10 passed; backend suite: 337 passed, 1 pre-existing failure
2026-05-31 15:22:46 +02:00
0647e6e9bf
feat(06.2-04): frontend — user_handle filter, fetch+Blob export, daily-export section
...
- adminListAuditLog: rename user_id param to user_handle (backend API change)
- adminExportAuditLogCsv(): fetch+Blob pattern — sends Bearer header (D-13, T-06.2-04-03)
- adminListDailyExports(): raw fetch returning JSON for daily export listing (D-17)
- adminDownloadDailyExport(date): fetch+Blob download with audit-{date}.csv filename (D-17)
- AuditLogTab: rename filters.user_id to filters.user_handle + label 'User handle' (D-12, C-5)
- AuditLogTab: exportCsv() replaced with async fetch+Blob call, exportingCsv loading state
- AuditLogTab: daily exports section below pagination — date dropdown + Download button (D-17, C-4)
- window.location.href removed from AuditLogTab (broken auth bypass closed)
- Build exits 0, full backend suite: 337 passed, 1 pre-existing failure
2026-05-31 15:21:23 +02:00
f176235ee8
docs(phase-04): update VALIDATION.md — Nyquist-compliant (all gaps resolved)
...
Mark nyquist_compliant: true. All 22 tasks now have automated coverage.
4 gaps resolved: FOLD-04 sort, FOLD-05 FTS, SEC-08 credentials_enc, SEC-09
MinIO cleanup. 1 impl bug logged and fixed (FTS try/except misplacement).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-31 15:21:08 +02:00
62daf0d750
test(phase-04): fill Nyquist validation gaps — FOLD-04, FOLD-05, SEC-08, SEC-09
...
Add 6 new tests covering document sort (name/size), FTS search cross-user
isolation, credentials_enc exclusion from all responses, and MinIO object
cleanup on user deletion.
Fix FTS try/except misplacement in api/documents.py — was wrapping the ORM
statement builder (never raises) instead of the execute call, causing HTTP 500
on SQLite test env. Now falls back to unfiltered results when @@ unsupported.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-31 15:21:02 +02:00
839bfe0ffe
feat(06.2-04): backend — handle enrichment, user_handle filter, two daily-export endpoints
...
- Add _audit_to_dict_with_handles() with user_handle + actor_handle fields
- Add _build_filtered_query_with_handles() with aliased User double-JOIN
- Change list_audit_log user_id param to user_handle string with handle→UUID resolution
- Change export_audit_log user_id param to user_handle (Pitfall 7 — both endpoints enriched)
- Add GET /audit-log/daily-exports — lists MinIO audit-logs bucket, asyncio.to_thread
- Add GET /audit-log/daily-exports/{date} — streams CSV, date regex validation (T-06.2-04-01)
- Move daily-export endpoints before viewer to ensure specific path registration order
- Update test_audit_log_export_csv to match enriched CSV header (user_handle, actor_handle)
- All 10 test_audit.py tests pass
2026-05-31 15:17:53 +02:00
d7cfc5ccee
test(06.2-04): add failing tests for handle enrichment, user_handle filter, daily exports
...
- test_audit_log_includes_user_handle: asserts user_handle/actor_handle in items
- test_audit_log_filter_by_handle: asserts filtering by handle works correctly
- test_audit_log_filter_unknown_handle: asserts 200+empty for unknown handle
- test_daily_exports_list: mocks MinIO list_objects, asserts sorted items
- test_daily_export_download: mocks MinIO get_object, asserts CSV response + 404 on bad date
2026-05-31 15:15:46 +02:00
eab5f124f6
docs(06.2-03): complete cloud-delete gap closure — 24 tests pass
...
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-31 15:11:51 +02:00
cce8586235
feat(06.2-03): frontend — CloudDeleteWarningModal + remove_only path in DocumentView
...
- api/client.js: deleteDocument gains removeOnly param; deleteDocumentRemoveOnly wrapper added
- DocumentView.vue: confirmDelete inspects response.cloud_delete_failed, shows modal on failure
- DocumentView.vue: inline CloudDeleteWarningModal (C-3 contract) with Remove from app / Cancel
- confirmRemoveOnly() calls DELETE ?remove_only=true and navigates to /
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-31 15:11:31 +02:00
95c7ed786a
feat(06.2-03): backend — cloud-aware delete routing + skip_quota + remove_only param
...
- storage.delete_document gains skip_quota=False param; quota decrement gated on it
- DELETE /api/documents/{id} gains remove_only=bool query param
- Cloud docs (storage_backend != minio): attempt cloud backend delete_object first
- On failure: return HTTP 200 {success: false, cloud_delete_failed: true} (not 4xx)
- On success or remove_only: delete DB row with skip_quota=True
- Cloud creds/exception message never included in response body (T-06.2-03-02)
- Promote 3 xfail stubs to real tests (propagates, failure, remove_only)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-31 15:09:44 +02:00
e812922a26
docs(06.2-02): complete SHARE-05 + SHARE-03 gap closure — 12 tests pass
...
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-31 15:07:26 +02:00
3cc4a5335d
docs(phase-03): update VALIDATION.md — Nyquist-compliant (partial)
...
15 automated tests green, 4 manual-only (PostgreSQL/migration infra).
Added 4 previously unlisted passing tests to task map (D-15, D-16, D-09×2).
Audit trail appended. Status: nyquist_compliant: true, status: partial.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-31 15:07:23 +02:00
1ee27da332
test(phase-03): remove stale xfail markers from quota tests
...
test_quota_increment_atomic and test_quota_exceeded_response were marked
xfail for PostgreSQL but pass on SQLite — markers removed, tests now PASSED.
Concurrent race and delete decrement keep xfail; they require real PG locking.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-31 15:07:18 +02:00
34b18a9f08
feat(06.2-02): frontend — is_shared badge fix + permission dropdown + View/Edit toggle
...
- DocumentCard.vue: fix Shared pill to read doc.is_shared (was doc.share_count > 0)
- ShareModal.vue: add permission select between handle input and submit button
- ShareModal.vue: replace static "view" span with View/Edit toggle group per share row
- ShareModal.vue: add handlePermissionChange with optimistic update + rollback on error
- documents.js: update shareDocument(docId, handle, permission='view') signature
- documents.js: add updateSharePermission(shareId, permission) action
- api/client.js: pass permission in createShare POST body
- api/client.js: add updateSharePermission PATCH helper
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-31 15:07:04 +02:00
ea231853e9
feat(06.2-02): backend — ShareCreate.permission field + PATCH /{share_id} endpoint
...
- Add permission field (default "view") with field_validator to ShareCreate
- Add SharePermissionPatch model with same validator
- Wire body.permission into grant_share() Share constructor
- Add PATCH /{share_id} endpoint with IDOR protection (T-06.2-02-01)
- Promote 3 xfail stubs to real tests (create_with_permission, patch_permission, patch_idor)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-31 15:04:53 +02:00
7e62868fea
docs(phase-02): add VALIDATION.md — Nyquist-compliant, all 24 tasks mapped, 4 manual-only
...
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-31 12:04:28 +02:00
d98e3ab7a1
test(phase-02): add Nyquist validation tests — fill SEC-05, AUTH-08, SEC-03 and frontend gaps
...
8 test files, 60 new tests (14 backend + 46 frontend). All green.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-31 12:04:21 +02:00
6c79f92d70
chore: merge executor worktree (worktree-agent-a3dd74026d1efb9af)
2026-05-31 12:01:28 +02:00
21fde406e7
docs(06.2-01): complete Wave 0 Nyquist scaffold — 11 xfail stubs across 3 test files
...
- 3 stubs in test_shares.py (SHARE-03 permission field, PATCH, IDOR)
- 3 stubs in test_documents.py (cloud delete propagation, failure, remove_only)
- 5 stubs in test_audit.py (handle enrichment, handle filter x2, daily exports x2)
- All 11 reported as XFAIL; full 3-file suite: 35 passed, 15 xfailed, exits 0
2026-05-31 11:58:58 +02:00
7271eeb53c
test(06.2-01): add xfail stubs for ADMIN-06 audit enrichment + daily exports (Task 3)
...
- test_audit_log_includes_user_handle: user_handle and actor_handle in audit items (D-11)
- test_audit_log_filter_by_handle: user_handle query param filters entries (D-12)
- test_audit_log_filter_unknown_handle: unknown handle returns empty list, not 422 (D-12)
- test_daily_exports_list: daily-exports listing endpoint returns {items} (D-15)
- test_daily_export_download: daily export download returns CSV bytes with Content-Disposition (D-16)
2026-05-31 11:58:05 +02:00
bbf5355edb
test(06.2-01): add xfail stubs for cloud-delete document tests (Task 2)
...
- test_delete_cloud_document_propagates: cloud backend delete_object called for non-minio docs (D-01)
- test_delete_cloud_document_failure: structured JSON error when provider raises (D-03)
- test_delete_cloud_remove_only: remove_only=true skips cloud delete, removes DB row only (D-02)
2026-05-31 11:57:55 +02:00
ecdeffb63d
test(06.2-01): add xfail stubs for SHARE-03 permission tests (Task 1)
...
- test_share_create_with_permission: POST /api/shares permission field (SHARE-03, D-08, D-10)
- test_share_patch_permission: PATCH /api/shares/{id} permission change (SHARE-03, D-09)
- test_share_patch_idor: PATCH by non-owner returns 404 IDOR protection (SHARE-03, T-IDOR)
2026-05-31 11:54:52 +02:00
708fd7fad0
docs(phase-6.2): record planning complete — 4 plans verified, state updated
...
- ROADMAP.md: progress table → Planned; wave annotations already added by planner
- STATE.md: phase 6.2 row → Planned (4 plans, 3 waves); session note added
- 06.2-03-PLAN.md: remove incorrect SHARE-03/SHARE-05 from requirements field
- 06.2-RESEARCH.md: mark Open Questions section as RESOLVED
- 06.2-UI-SPEC.md: add to version control (was untracked)
Verification: 0 blockers, 2 cosmetic warnings fixed.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-31 11:41:32 +02:00
4adc77d8cc
docs(06.2): create 4-plan phase covering SHARE-03, SHARE-05, cloud-delete, ADMIN-06
...
Wave 0: 11 xfail stubs across test_shares/test_documents/test_audit
Wave 1 (parallel): SHARE-05 badge + SHARE-03 permission control; cloud-delete propagation
Wave 2: audit handle enrichment, user_handle filter, CSV fetch+Blob, daily-export UI
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-31 11:36:33 +02:00
67f0c01540
docs(phase-6.2): add validation strategy
2026-05-31 11:12:23 +02:00
695649eefa
docs(06.2): add research document for phase 6.2 gap-closure
...
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-31 11:10:59 +02:00
7be48266ae
docs(06.2): capture phase context + fix admin user creation 500
...
- Phase 6.2 CONTEXT.md: cloud-delete propagation, SHARE-03/05, audit
log CSV export fix, daily export UI, user handle display
- Fix: admin create_user missing session.flush() before write_audit_log
caused FK violation on PostgreSQL (silent on SQLite)
- Regression test: test_create_user_writes_audit_log in test_admin_api.py
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-31 11:00:45 +02:00
3825f670a1
docs(phase-6.1): add VALIDATION.md and commit VERIFICATION.md
...
VALIDATION.md: Nyquist audit — 3 gaps found, 2 resolved automated
(SHARE-03 permission field, SHARE-05 is_shared indicator), 1 escalated
to manual-only (STORE-06 requires INTEGRATION=1 PostgreSQL).
VERIFICATION.md: was untracked artifact from gsd-verifier run.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-30 23:38:16 +02:00
ce4dc55e4f
test(6.1): add SHARE-03 and SHARE-05 Nyquist gap tests
...
- test_share_default_permission_view: asserts permission='view' in POST
response and owner's GET /api/shares list (SHARE-03)
- test_share_indicator_in_owner_list: asserts is_shared flips True in
owner's GET /api/documents after sharing (SHARE-05)
All 14 phase tests now pass (9 shares + 5 audit).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-30 23:38:06 +02:00
56bfdba8d1
docs(phase-6.1): mark phase complete — 12 tests, 310 total passing
...
SHARE-01..05 and ADMIN-06 test coverage gaps closed.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-30 23:30:34 +02:00
451fff1e4d
test(6.1): add audit filter behavioral test (ADMIN-06 SC3)
...
Verifies event_type filter returns only matching entries.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-30 23:30:05 +02:00
57784f9f80
fix(6.1): close WR-01/WR-02 code review findings in test_audit.py
...
WR-01: extend nested metadata_ forbidden-key check to all 4 keys
WR-02: assert no forbidden fields in CSV export body (D-15)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-30 23:24:26 +02:00
5762f65b09
docs(6.1): add code review report — 3 warnings, 2 info
...
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-30 23:24:05 +02:00
1e4654aad5
docs(phase-6.1): update tracking after wave 1 — both plans complete
...
11 tests passing (7 shares + 4 audit), 309 total, 0 failures.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-30 23:18:04 +02:00
21ea3bf169
chore: merge executor worktree (06.1-01 shares tests)
2026-05-30 23:16:38 +02:00
eee9970cf2
chore: merge executor worktree (06.1-02 audit tests)
2026-05-30 23:16:14 +02:00
ec14fc722f
docs(6.1-01): complete plan — promote test_shares.py stubs to real tests
...
- 2/2 tasks complete: second_auth_user fixture + 7 real share tests
- 7 PASSED in Docker (0 xfailed, 0 failed)
- SHARE-01..05 requirements covered
2026-05-30 23:13:09 +02:00
9973f42f98
feat(6.1-01): replace 7 xfail stubs with real share tests (SHARE-01..05)
...
- Remove all 7 @pytest.mark.xfail decorators and pytest.xfail() calls
- Remove unused 'import os'
- Add module-level pytestmark = pytest.mark.asyncio
- Add _make_doc() helper: creates uploaded Document row via ORM
- test_share_success: POST grants share, recipient sees doc in /received
- test_share_handle_not_found: unknown handle returns 404
- test_shared_with_me: metadata fields present, extracted_text absent (T-04-04-03)
- test_share_no_quota_impact: recipient used_bytes stays 0 (T-04-04-04)
- test_revoke_share: DELETE 204, doc gone from recipient /received
- test_share_revoke_wrong_owner_404: IDOR protection, 404 not 403 (T-04-04-02)
- test_share_duplicate: second share of same doc+recipient returns 409
- All 7 tests verified passing in Docker (pytest 9.0.3)
2026-05-30 23:12:24 +02:00
0ccdee48ba
docs(6.1-02): complete plan 06.1-02 — promote test_audit.py stubs to real tests
...
- 4 PASSED, 0 xfailed; ADMIN-06 test coverage complete
2026-05-30 23:11:01 +02:00
bda123db8d
feat(6.1-02): promote test_audit.py stubs to real tests (ADMIN-06)
...
- Replace all 4 @pytest.mark.xfail stubs with real assertions
- Add _seed_audit() helper calling write_audit_log() + commit
- test_audit_log_viewer: verifies paginated JSON shape and total >= 1
- test_audit_log_no_doc_content: asserts no filename/extracted_text in items
- test_audit_log_regular_user_403: asserts 403 for regular users
- test_audit_log_export_csv: asserts text/csv content-type and CSV header line
- Remove unused 'import os'
- Add pytestmark = pytest.mark.asyncio at module level
2026-05-30 23:10:14 +02:00
curo1305