beabigegg
4b7e523f84
feat: implement debug logging cleanup and i18n coverage proposals
...
## cleanup-debug-logging
- Create environment-aware logger utility (logger.ts)
- Replace 60+ console.log/error statements across 28 files
- Production: only warn/error logs visible
- Development: all log levels with prefixes
Updated files:
- Contexts: NotificationContext, ProjectSyncContext, AuthContext
- Components: GanttChart, CalendarView, ErrorBoundary, and 11 others
- Pages: Tasks, Projects, Dashboard, and 7 others
- Services: api.ts
## complete-i18n-coverage
- WeeklyReportPreview: all strings translated, dynamic locale
- ReportHistory: all strings translated, dynamic locale
- AuditPage: detail modal and verification modal translated
- WorkloadPage: error message translated
Locale files updated:
- en/common.json, zh-TW/common.json: reports section
- en/audit.json, zh-TW/audit.json: modal sections
- en/workload.json, zh-TW/workload.json: errors section
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com >
2026-01-13 21:37:29 +08:00
beabigegg
35c90fe76b
feat: implement 5 QA-driven security and quality proposals
...
Implemented proposals from comprehensive QA review:
1. extend-csrf-protection
- Add POST to CSRF protected methods in frontend
- Global CSRF middleware for all state-changing operations
- Update tests with CSRF token fixtures
2. tighten-cors-websocket-security
- Replace wildcard CORS with explicit method/header lists
- Disable query parameter auth in production (code 4002)
- Add per-user WebSocket connection limit (max 5, code 4005)
3. shorten-jwt-expiry
- Reduce JWT expiry from 7 days to 60 minutes
- Add refresh token support with 7-day expiry
- Implement token rotation on refresh
- Frontend auto-refresh when token near expiry (<5 min)
4. fix-frontend-quality
- Add React.lazy() code splitting for all pages
- Fix useCallback dependency arrays (Dashboard, Comments)
- Add localStorage data validation in AuthContext
- Complete i18n for AttachmentUpload component
5. enhance-backend-validation
- Add SecurityAuditMiddleware for access denied logging
- Add ErrorSanitizerMiddleware for production error messages
- Protect /health/detailed with admin authentication
- Add input length validation (comment 5000, desc 10000)
All 521 backend tests passing. Frontend builds successfully.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com >
2026-01-12 23:19:05 +08:00
beabigegg
679b89ae4c
feat: implement security, error resilience, and query optimization proposals
...
Security Validation (enhance-security-validation):
- JWT secret validation with entropy checking and pattern detection
- CSRF protection middleware with token generation/validation
- Frontend CSRF token auto-injection for DELETE/PUT/PATCH requests
- MIME type validation with magic bytes detection for file uploads
Error Resilience (add-error-resilience):
- React ErrorBoundary component with fallback UI and retry functionality
- ErrorBoundaryWithI18n wrapper for internationalization support
- Page-level and section-level error boundaries in App.tsx
Query Performance (optimize-query-performance):
- Query monitoring utility with threshold warnings
- N+1 query fixes using joinedload/selectinload
- Optimized project members, tasks, and subtasks endpoints
Bug Fixes:
- WebSocket session management (P0): Return primitives instead of ORM objects
- LIKE query injection (P1): Escape special characters in search queries
Tests: 543 backend tests, 56 frontend tests passing
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com >
2026-01-11 18:41:19 +08:00
beabigegg
f5f870da56
Fix test failures and workload/websocket behavior
2026-01-11 08:37:21 +08:00
beabigegg
3bdc6ff1c9
feat: implement 8 OpenSpec proposals for security, reliability, and UX improvements
...
## Security Enhancements (P0)
- Add input validation with max_length and numeric range constraints
- Implement WebSocket token authentication via first message
- Add path traversal prevention in file storage service
## Permission Enhancements (P0)
- Add project member management for cross-department access
- Implement is_department_manager flag for workload visibility
## Cycle Detection (P0)
- Add DFS-based cycle detection for task dependencies
- Add formula field circular reference detection
- Display user-friendly cycle path visualization
## Concurrency & Reliability (P1)
- Implement optimistic locking with version field (409 Conflict on mismatch)
- Add trigger retry mechanism with exponential backoff (1s, 2s, 4s)
- Implement cascade restore for soft-deleted tasks
## Rate Limiting (P1)
- Add tiered rate limits: standard (60/min), sensitive (20/min), heavy (5/min)
- Apply rate limits to tasks, reports, attachments, and comments
## Frontend Improvements (P1)
- Add responsive sidebar with hamburger menu for mobile
- Improve touch-friendly UI with proper tap target sizes
- Complete i18n translations for all components
## Backend Reliability (P2)
- Configure database connection pool (size=10, overflow=20)
- Add Redis fallback mechanism with message queue
- Add blocker check before task deletion
## API Enhancements (P3)
- Add standardized response wrapper utility
- Add /health/ready and /health/live endpoints
- Implement project templates with status/field copying
## Tests Added
- test_input_validation.py - Schema and path traversal tests
- test_concurrency_reliability.py - Optimistic locking and retry tests
- test_backend_reliability.py - Connection pool and Redis tests
- test_api_enhancements.py - Health check and template tests
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com >
2026-01-10 22:13:43 +08:00
beabigegg
55f85d0d3c
feat: implement soft delete, task editing fixes, and UI improvements
...
Backend:
- Add soft delete for spaces and projects (is_active flag)
- Add status_id and assignee_id to TaskUpdate schema
- Fix task PATCH endpoint to update status and assignee
- Add validation for assignee_id and status_id in task updates
- Fix health service to count tasks with "Blocked" status as blockers
- Filter out deleted spaces/projects from health dashboard
- Add workload cache invalidation on assignee changes
Frontend:
- Add delete confirmation dialogs for spaces and projects
- Fix UserSelect to display selected user name (valueName prop)
- Fix task detail modal to refresh data after save
- Enforce 2-level subtask depth limit in UI
- Fix timezone bug in date formatting (use local timezone)
- Convert NotificationBell from Tailwind to inline styles
- Add i18n translations for health, workload, settings pages
- Add parent_task_id to Task interface across components
OpenSpec:
- Archive add-delete-capability change
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com >
2026-01-10 01:32:13 +08:00
beabigegg
2796cbb42d
feat: complete i18n translation for remaining components
...
- Translate pages: Projects, ProjectHealthPage, ProjectSettings
- Translate components: TaskDetailModal, KanbanBoard, Comments,
SubtaskList, CalendarView, BlockerDialog
- Add translation keys for tasks namespace: kanban, calendar,
subtasks.error, comments.error, blockers (full translation)
- Add common.labels.task translation key
- Fix task creation: use original_estimate instead of time_estimate
Translation coverage:
- 10 locale files updated (zh-TW & en)
- 6 page/component files translated
- ~100 new translation keys added
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com >
2026-01-08 23:38:21 +08:00
beabigegg
4bc3c24360
feat: add i18n internationalization support
...
- Add react-i18next, i18next with browser language detection
- Support Traditional Chinese (zh-TW) and English (en)
- Default language: zh-TW, stored in localStorage
- Create 10 translation namespaces (common, auth, dashboard, tasks, etc.)
- Add LanguageSwitcher component in header
- Translate pages: Login, Dashboard, Tasks, Spaces, Workload, Audit
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com >
2026-01-08 23:18:41 +08:00
