Update README v5.5 with Hold Overview/History pages, cascade filters,
table query whitelist, WIP filter preservation, and review hardening
changelog. Sync start_server.sh required frontend entries to cover all
13 Vite-built pages.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The /api/query_table and /api/get_table_columns endpoints accepted arbitrary
table_name values that were interpolated directly into SQL f-strings. Since
api_public is true, any unauthenticated user could exploit this. Now validates
table_name and time_field against TABLES_CONFIG before reaching the database.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Security: sanitize innerHTML with escapeHtml in job-query, add rate limiting
to job-query and job-export endpoints, upgrade login rate limiter to Redis
cross-worker with in-memory fallback, cap resource_ids array at 50, limit
CSV export date range to 365 days.
Stability: wrap initPage calls in onMounted for wip-overview, resource-status,
and resource-history; unload inactive iframes in portal to free memory; add
±15% jitter to auto-refresh timers in useAutoRefresh and useQcGateData; batch
expanded job history loads with concurrency limit of 5.
Config: reorganize sidebar drawers, move query-tool to dev status.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Equipment cache: add freshness gate so only 1 Oracle query per 5-min cycle
across 4 gunicorn workers; sync worker waits before first refresh
- Portal: add frame-busting to prevent recursive iframe nesting
- Hold Overview: remove redundant TreeMap, add Product & Future Hold Comment
columns to LotTable
- Hold History: switch list.sql JOIN from DW_MES_LOT_V (WIP snapshot) to
DW_MES_CONTAINER (historical master) for reliable Product data; add
Future Hold Comment column; fix comment truncation with hover tooltip
- Page status: reorganize drawer groupings
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
URL is now single source of truth for filter state (workorder, lotid,
package, type, status) across WIP Overview and Detail pages. Drill-down
carries all filters + status; back button dynamically reflects Detail
changes. Backend Detail API now supports pj_type filter parameter.
Harden concurrency: add pagehide abort for MPA navigation, double-check
locking on Redis JSON parse and snapshot build to prevent thread pool
saturation during rapid page switching. Fix watchdog setsid and PID
discovery. Fix test_realtime_equipment_cache RUNCARDLOTID field mismatch.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Hold 即時概況 is an independent report, not a drill-down from WIP Overview.
The back link caused iframe navigation to WIP Overview while the sidebar
still highlighted Hold 即時概況.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Sort level-2 resource nodes alphabetically in status matrix hierarchy
- Fix LOT_COUNT using raw row count when no valid RUNCARDLOTID exists,
causing LOT badge to render but click to silently fail
- Change matrix cell filter from single-select to multi-select (OR logic)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
New independent report page based on DWH.DW_MES_HOLDRELEASEHISTORY providing
historical hold/release performance analysis. Includes daily trend with Redis
caching, reason Pareto with click-to-filter, duration distribution with
click-to-filter, multi-select record type filter (new/on_hold/released),
workcenter-group mapping via memory cache, and server-side paginated detail
table. All 32 backend tests passing.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Provide managers with a dedicated page to analyze hold lots across all stations.
Extends existing service functions (get_hold_detail_summary, get_hold_detail_lots,
get_wip_matrix) with optional parameters for backward compatibility, adds one new
function (get_hold_overview_treemap), and registers the page in the portal navigation.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Address 6 code review findings (P0-P3): add Redis distributed lock to prevent
duplicate Oracle pipeline on cold cache, apply rate limiting to 3 high-cost
routes, separate UI filter state from committed query state, add AbortController
for request cancellation, push workcenter group classification into Oracle SQL
CASE WHEN, and add 18 route+service tests. Also add workcenter group selection
to job-query equipment selector and rename button to "查詢".
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
New page for tracing TMTT test station defects back to upstream machines,
stations, and workflows. Three-stage data pipeline (TMTT detection →
SPLITFROMID BFS + COMBINEDASSYLOTS merge expansion → upstream history),
6 KPI cards, 6 Pareto charts, daily trend, paginated LOT detail table.
Summary/detail API separation reduces response from 72 MB to ~16 KB summary
+ ~110 KB/page detail. Loss reasons cached in Redis with 24h TTL (205 types).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Rewrite both resource pages (1,697 lines vanilla JS + 3,200 lines Jinja2 templates)
as Vue 3 SFC components. Extract resource-shared/ module with shared CSS, E10 status
constants, and HierarchyTable tree component. History page charts use vue-echarts,
Status page reuses useAutoRefresh composable with 5-minute interval.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Migrate /wip-overview, /wip-detail, and /hold-detail (1,941 lines vanilla JS)
to Vue 3 SFC architecture. Extract shared CSS/constants/components to
wip-shared/. Switch Pareto charts to vue-echarts with autoresize. Replace
Jinja2 template injection with frontend URL params + constant classification
for Hold Detail. Add 10-min auto-refresh + AbortController to Hold Detail.
Remove three Jinja2 templates, update Flask routes to send_from_directory.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Rewrite 237-line vanilla JS + Jinja2 template into Vue 3 SFC components
(App.vue, TableCatalog.vue, DataViewer.vue, useTableData composable).
Establishes apiPost POST request pattern for pure Vite pages. Removes
templates/index.html, updates Vite entry to HTML, and Flask route to
send_from_directory. Includes sql_fragments WHERE_CLAUSE escaping fix,
updated integration tests, and OpenSpec artifact archive.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
_records_from_index() returned [] when process-level DataFrame cache (30s TTL)
expired but derived index remained ready=true. Now reloads from Redis via
_get_cached_data() instead of returning empty.
Also rename /resource page from "機台狀態" to "設備即時概況" in page_status.json.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Introduce QC-GATE station monitoring with stacked bar chart and filterable LOT table,
using Vue 3 SFC + ECharts via npm. Establishes the pure Vite page architecture pattern
(no Jinja2) for future page migration. Also removes stale design files and README.mdj.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace hardcoded sidebar drawer configuration with admin-manageable
dynamic system. Extend page_status.json with drawer definitions and
page assignments, add drawer CRUD API endpoints, render portal sidebar
via Jinja2 loops, and extend /admin/pages UI with drawer management.
Fix multi-worker cache invalidation via mtime-based staleness detection.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace collapsible <details> drawers with a persistent left sidebar for
報表類, 查詢類, and 開發工具 categories. Unify dev tools handling via
data-tool-src attribute instead of onclick openTool(). Also release
tmtt-defect page status from dev to released.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
