Private
Public Access
1
0
Commit Graph

22 Commits

Author SHA1 Message Date
Catherine Renelle 95f8e9a70b Fix column/card ordering: set COLLATE C on position columns
Postgres en_US.utf8 collation sorts case-insensitively, breaking the
lexicographic fractional indexing. Setting COLLATE "C" ensures pure
byte-order sorting. Applied via setup-collation.sql in entrypoint
after prisma db push.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-26 07:40:13 -05:00
Catherine Renelle 8a97d354fa Add system board templates seeded at startup
Four templates (Kanban, Simple, Sprint, Bug Tracking) with tenantId=null
are auto-seeded on first startup if none exist. Available to all tenants
in the board creation dropdown.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-26 07:33:08 -05:00
Catherine Renelle 9b5459fa49 Seed default tags and categories for new tenants
New tenants auto-provisioned via hostname get 5 default tags (Bug,
Feature, Enhancement, Urgent, Documentation) and 4 categories
(Frontend, Backend, Design, Infrastructure).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-26 07:28:06 -05:00
Catherine Renelle 062832a1e3 Fix $state runtime error: rename rune stores to .svelte.ts
$state runes only work in .svelte and .svelte.ts files. The toasts and
theme stores used $state in plain .ts files, which compiled in dev but
crashed in production SSR. Renamed and updated all imports.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-26 01:33:15 -05:00
Catherine Renelle 1ec64e4ad5 Update docker-compose.yml for git-based Portainer deployment
Switch from hardcoded credentials to env var substitution (DB_PASSWORD,
SESSION_SECRET, ORIGIN). Use production ports (3200:3000, 3201:5432) and
host.docker.internal for DB connectivity.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-26 01:27:20 -05:00
Catherine Renelle 0bba161c12 Phase 9: Admin & DevOps — health check, rate limiting, logging, site admin, Docker healthcheck
- Health check endpoint (GET /api/health) with DB probe and uptime
- In-memory sliding window rate limiting on login (10/60s) and register (5/3600s)
- Structured logging with pino (request timing in hooks, Socket.IO events in server.js)
- Site admin dashboard with tenant stats, CRUD, and requireSiteAdmin guard
- Tenant admin enhanced with tag and category management UI
- Docker HEALTHCHECK in Dockerfile and docker-compose.yml
- Backup documentation (docs/backup.md)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-26 01:24:24 -05:00
Catherine Renelle 7559102479 Phase 8: Polish & UX — dark mode, toasts, keyboard shortcuts, responsive, accessibility
- Add dark mode with theme toggle, localStorage/cookie persistence, anti-FOUC script
- Add toast notification system with auto-dismiss and color-coded types
- Add api() fetch wrapper with auto JSON, X-Socket-ID, and error toasts
- Add keyboard shortcuts (/ search, b boards, ? help, n new card, Esc close)
- Add error page with status code and navigation
- Add focus trap utility and apply to CardModal with full ARIA dialog support
- Add hamburger menu for mobile, responsive columns, fullscreen card modal on mobile
- Add aria-labels to icon-only buttons and DnD live region
- Migrate all ~30 fetch calls to api() wrapper with success toasts
- Add dark: Tailwind variants to all 20+ pages and components

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-26 01:09:17 -05:00
Catherine Renelle 6ed0349507 Phase 7: Search, filters, templates, and archive UI
Add full-text card search (PostgreSQL tsvector + GIN index) with navbar
SearchBar, client-side board filters (label/assignee/due date), board
templates (3 system templates + save-as-template API), and archive
toggle for both board listing and board view.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-26 00:42:20 -05:00
Catherine Renelle e5f2c64e14 Phase 6: Activity log and notifications
Add activity logging to all write API routes, notification system with
real-time delivery via Socket.IO, @mention parsing in comments, activity
feed sidebar on board page, per-card activity in card modal, and
notification bell with unread badge in the navbar.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-26 00:26:15 -05:00
Catherine Renelle e61c549ddb Phase 5: Real-time updates via Socket.IO
Wire Socket.IO broadcast from all write API routes so board changes
propagate instantly to other connected clients. Add session-based auth
on socket connections, in-memory presence tracking, and a presence UI
in the board header showing who else is viewing.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-26 00:03:13 -05:00
Catherine Renelle 095d9756a8 Phase 4: Rich card features — labels, checklists, comments, attachments, categories
Add full CRUD + UI for all card sub-resources (tags/labels, assignees, checklists
with items, comments with markdown, file attachments). Restructure CardModal into
a two-column layout with lazy-loaded data. Upgrade card thumbnails with named label
pills, urgency-colored due date badges, checklist progress indicators, and SVG icons.
Add board categories with filtering on the listing page. Include markdown rendering
with DOMPurify sanitization and .prose CSS styles.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-25 23:38:31 -05:00
Catherine Renelle 9b5708af64 Phase 3: Roles & permissions enforcement with guards, member management, and admin panel
Centralize permission checks into guards.ts (requireAuth, requireBoardView,
requireBoardEditor, requireBoardOwner, requireColumnEditor, requireCardEditor,
requireBoardMemberManager, requireTenantAdmin) that fetch entities and check
permissions in a single call, replacing ~100 lines of duplicated inline checks
across all API routes. Adds board member management (add by email, change role,
remove with last-owner protection), tenant admin panel (user role toggle with
last-admin protection, board overview), and fixes missing view guard on card GET.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-25 23:13:29 -05:00
Catherine Renelle bd12160ebb Phase 2: Enforce Row-Level Security at the PostgreSQL level
- Rewrite rls.ts with withTenant()/withBypassRLS() using parameterized
  set_config() in interactive Prisma transactions (no SQL injection)
- Add FORCE ROW LEVEL SECURITY on all 15 tenant-scoped tables
- Add __bypass__ sentinel and WITH CHECK clauses to every RLS policy
- Explicitly DISABLE RLS on tenants, tenant_hostnames, sessions
- Wrap all API route and page loader queries in withTenant()
- Wrap validateSession() in withBypassRLS() (joins RLS-protected users)
- Keep existing tenantId where-clause filters as optimization layer
- Add postgresql-client to Dockerfile and auto-apply RLS via entrypoint

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-25 22:54:26 -05:00
Catherine Renelle f6ddfcfc62 Add PLANS.md and MEMORY.md to .gitignore and untrack PLANS.md
These are local planning/memory files that should not be in the repository.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-25 22:37:32 -05:00
Catherine Renelle da0cd816aa Add implementation plans for phases 2-9
Detailed task breakdowns, file paths, acceptance criteria,
and recommended execution order for all remaining phases.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-25 22:34:31 -05:00
Catherine Renelle 80c17d4c6f Auto-create tenant for any hostname that reaches the app
DNS is the gatekeeper — if a request arrives, it was pointed
here intentionally. Every new hostname gets its own tenant
automatically, no manual setup or seeding required.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-25 22:30:05 -05:00
Catherine Renelle 7b540a37ee Rebrand to Pounce, the Open Source Kanban Solution
- Rename project from "kanban" to "pounce"
- Update landing page: "Pounce on your tasks"
- Replace navbar icon with cat paw
- Update seed hostname to pounce.catrenelle.com
- Write proper README with setup instructions

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-25 22:24:43 -05:00
Catherine Renelle bdb8af6ca2 Add kanban.catrenelle.com to seed hostnames
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-25 22:13:27 -05:00
Catherine Renelle f90489c2ff Show prisma db push errors in entrypoint, add .gitattributes for LF
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-25 21:59:23 -05:00
Catherine Renelle b47cc8748d Add docker-entrypoint.sh to retry DB connection on startup
The app container starts before DNS resolution is ready,
causing prisma db push to fail. Entrypoint now retries
until the database is reachable.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-25 21:45:13 -05:00
Catherine Renelle 2c0583d0e4 Fix Docker build: add native deps for bcrypt, simplify vite config
- Add python3/make/g++ to Alpine for bcrypt native compilation
- Remove Socket.IO vite plugin (uses SvelteKit aliases unavailable at config level)
- Use prisma db push instead of migrate deploy for initial setup

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-25 21:05:45 -05:00
Catherine Renelle 2f398711c8 Initial implementation: multi-tenant Kanban board (Phase 1)
Complete Phase 1 foundation with working board, column, and card CRUD:
- SvelteKit + TypeScript + Tailwind CSS v4 + adapter-node
- Full Prisma schema with 18 tables (tenants, users, boards, columns, cards, etc.)
- Multi-tenant architecture with hostname-based tenant resolution
- Email/password auth with bcrypt + session cookies
- Board/Column/Card API routes with full CRUD
- Fractional indexing for drag-and-drop ordering
- Board view with svelte-dnd-action for column and card drag-and-drop
- Card modal with inline editing
- Auth pages (login, register)
- Board listing with create form
- RLS policies SQL script for tenant isolation
- Prisma RLS client extensions (forTenant/bypassRLS)
- Permission helpers (canEditBoard, canManageMembers, etc.)
- Socket.IO server setup (dev Vite plugin + production Express server)
- Client-side socket store for real-time updates
- Docker Compose (app + PostgreSQL 16) + multi-stage Dockerfile
- Database seed script (default tenant + admin user)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-25 20:58:49 -05:00