- Add dark mode with theme toggle, localStorage/cookie persistence, anti-FOUC script
- Add toast notification system with auto-dismiss and color-coded types
- Add api() fetch wrapper with auto JSON, X-Socket-ID, and error toasts
- Add keyboard shortcuts (/ search, b boards, ? help, n new card, Esc close)
- Add error page with status code and navigation
- Add focus trap utility and apply to CardModal with full ARIA dialog support
- Add hamburger menu for mobile, responsive columns, fullscreen card modal on mobile
- Add aria-labels to icon-only buttons and DnD live region
- Migrate all ~30 fetch calls to api() wrapper with success toasts
- Add dark: Tailwind variants to all 20+ pages and components
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add full-text card search (PostgreSQL tsvector + GIN index) with navbar
SearchBar, client-side board filters (label/assignee/due date), board
templates (3 system templates + save-as-template API), and archive
toggle for both board listing and board view.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add activity logging to all write API routes, notification system with
real-time delivery via Socket.IO, @mention parsing in comments, activity
feed sidebar on board page, per-card activity in card modal, and
notification bell with unread badge in the navbar.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Wire Socket.IO broadcast from all write API routes so board changes
propagate instantly to other connected clients. Add session-based auth
on socket connections, in-memory presence tracking, and a presence UI
in the board header showing who else is viewing.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add full CRUD + UI for all card sub-resources (tags/labels, assignees, checklists
with items, comments with markdown, file attachments). Restructure CardModal into
a two-column layout with lazy-loaded data. Upgrade card thumbnails with named label
pills, urgency-colored due date badges, checklist progress indicators, and SVG icons.
Add board categories with filtering on the listing page. Include markdown rendering
with DOMPurify sanitization and .prose CSS styles.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Centralize permission checks into guards.ts (requireAuth, requireBoardView,
requireBoardEditor, requireBoardOwner, requireColumnEditor, requireCardEditor,
requireBoardMemberManager, requireTenantAdmin) that fetch entities and check
permissions in a single call, replacing ~100 lines of duplicated inline checks
across all API routes. Adds board member management (add by email, change role,
remove with last-owner protection), tenant admin panel (user role toggle with
last-admin protection, board overview), and fixes missing view guard on card GET.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Rewrite rls.ts with withTenant()/withBypassRLS() using parameterized
set_config() in interactive Prisma transactions (no SQL injection)
- Add FORCE ROW LEVEL SECURITY on all 15 tenant-scoped tables
- Add __bypass__ sentinel and WITH CHECK clauses to every RLS policy
- Explicitly DISABLE RLS on tenants, tenant_hostnames, sessions
- Wrap all API route and page loader queries in withTenant()
- Wrap validateSession() in withBypassRLS() (joins RLS-protected users)
- Keep existing tenantId where-clause filters as optimization layer
- Add postgresql-client to Dockerfile and auto-apply RLS via entrypoint
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Detailed task breakdowns, file paths, acceptance criteria,
and recommended execution order for all remaining phases.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
DNS is the gatekeeper — if a request arrives, it was pointed
here intentionally. Every new hostname gets its own tenant
automatically, no manual setup or seeding required.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Rename project from "kanban" to "pounce"
- Update landing page: "Pounce on your tasks"
- Replace navbar icon with cat paw
- Update seed hostname to pounce.catrenelle.com
- Write proper README with setup instructions
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The app container starts before DNS resolution is ready,
causing prisma db push to fail. Entrypoint now retries
until the database is reachable.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add python3/make/g++ to Alpine for bcrypt native compilation
- Remove Socket.IO vite plugin (uses SvelteKit aliases unavailable at config level)
- Use prisma db push instead of migrate deploy for initial setup
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>