zhi/HarborForge.Backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
141 Commits 1 Branch 0 Tags
5ccd955a66b90c47c49b5361309615e76606cd18
Commit Graph

141 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
zhi
5ccd955a66 Fix: use role name 'admin' instead of 'superadmin' for global admin check 2026-03-22 11:17:51 +00:00
zhi
15126aa0e5 Apply fix: accept project_code as identifier in project endpoints 2026-03-22 10:57:51 +00:00
zhi
1905378064 Merge fix/three-bugs-2026-03-22: accept task_code/milestone_code as identifiers, add /config/status endpoint 2026-03-22 10:56:34 +00:00
zhi
8b357aabc4 Fix: accept task_code/milestone_code as identifiers, add /config/status endpoint 
- All /tasks/{task_id} endpoints now accept both numeric id and task_code string
- All /milestones/{milestone_id} endpoints (misc.py) now accept both numeric id and milestone_code
- Added _resolve_task() and _resolve_milestone() helpers
- GET /config/status reads initialization state from config volume (no wizard dependency)
- MilestoneResponse schema now includes milestone_code field
- Comments and worklog endpoints also accept task_code
 2026-03-22 10:06:27 +00:00
zhi
88931d822d Fix milestones 422 + acc-mgr user + reset-apikey endpoint 
- Fix: /milestones?project_id= now accepts project_code (str) not just int
- Add: built-in acc-mgr user created on wizard init (account-manager role, no login, undeletable)
- Add: POST /users/{id}/reset-apikey with permission-based access control
- Add: GET /auth/me/apikey-permissions for frontend capability check
- Add: user.reset-self-apikey and user.reset-apikey permissions
- Protect admin and acc-mgr accounts from deletion
- Block acc-mgr from login (/auth/token returns 403)
 2026-03-22 05:39:03 +00:00
zhi
d17072881b feat: add general /supports list endpoint with status/taken_by filters 
- New GET /supports endpoint for listing all support tickets across projects
- Supports optional ?status= and ?taken_by= (me|null|username) query params
- Ordered by created_at descending
- Complements the existing scoped /supports/{project_code}/{milestone_id} endpoint
 2026-03-22 00:17:44 +00:00
zhi
b351075561 chore: remove legacy Python CLI and update README 
- Remove cli.py (superseded by Go-based hf CLI)
- Update README to point to HarborForge.Cli for CLI usage
 2026-03-21 21:38:08 +00:00
zhi
3ff9132596 feat: enrich member/comment/propose APIs with usernames 
- ProjectMemberResponse now includes username and full_name
- Comment list endpoint returns author_username
- ProposeResponse now includes created_by_username
- All serializers resolve User objects to surface human-readable names
- Supports frontend code-first migration (TODO §3.1/3.2)
 2026-03-21 20:28:28 +00:00
zhi
f45f5957f4 docs: refresh openclaw plugin architecture docs 2026-03-21 19:52:09 +00:00
zhi
86911286c0 feat: add code-based meetings router with participant/attend support 
- New dedicated meetings.py router with full CRUD (list/get/create/update/delete)
- All endpoints accept meeting_code or numeric id
- MeetingParticipant model for tracking meeting attendance
- POST /meetings/{id}/attend adds current user to participant list
- Serialization includes participants list, project_code, milestone_code
- Creator auto-added as participant on meeting creation
- Registered in main.py alongside existing routers
 2026-03-21 19:18:20 +00:00
zhi
96cbe109ec Add support code-based action routes 2026-03-21 18:17:11 +00:00
zhi
43af5b29f6 feat: add code-first API support for projects, milestones, proposes, tasks 
- Projects: get/update/delete/members endpoints now accept project_code
- Milestones: all project-scoped and top-level endpoints accept milestone_code
- Proposes: all endpoints accept project_code and propose_code
- Tasks: code-first support for all CRUD + transition + take + search
- Schemas: add code/type/due_date/project_code/milestone_code/taken_by fields
- All endpoints use id-or-code lookup helpers for backward compatibility
- Milestone serializer now includes milestone_code and code fields
- Task serializer enriches responses with project_code, milestone_code, taken_by

Addresses TODO §2.1: code-first API support across CLI-targeted resources
 2026-03-21 18:12:04 +00:00
zhi
32e79a41d8 Expose milestone codes in response schema 2026-03-21 16:06:40 +00:00
zhi
e5fd89f972 feat: add username-based user lookup and permission introspection endpoint 
- users router: accept username or id in get/update/delete/worklogs via _find_user_by_id_or_username()
- auth router: add GET /auth/me/permissions for CLI help introspection (token → user → role → permissions)
 2026-03-21 14:21:54 +00:00
zhi
271d5140e6 feat(users): switch account management to single-role model 
- add users.role_id for one global role per account
- seed protected account-manager role with account.create permission
- default new accounts to guest role
- block admin role assignment through user management
- allow account-manager permission to create accounts
 2026-03-21 08:44:19 +00:00
zhi
7d42d567d1 feat(users): add admin-safe user management endpoints 
- require admin auth for user CRUD
- support editable email/full name/password/admin/active fields
- prevent self lockout and self deletion
- return clear error when related records block deletion
 2026-03-20 10:56:00 +00:00
zhi
14dcda3cdc feat(monitor): store nginx telemetry for generic clients 
- accept nginx installation status and sites-enabled list
- persist nginx fields in server state
- expose nginx data in monitor overview/admin views
- auto-migrate new server_states columns on startup
 2026-03-20 10:03:56 +00:00
hzhang
d67f676006 Merge pull request 'feat: monitor API key flow and versioned telemetry' (#10) from feat/monitor-api-key-v2 into main 
Reviewed-on: #10
 2026-03-20 09:18:08 +00:00
zhi
9b5e2dc15c fix(monitor): harden server delete and remove challenge docs 
- Delete server state before monitored server to avoid FK 500s
- Keep legacy cleanup for obsolete challenge tables
- Rewrite monitor docs to API key-only flow
 2026-03-20 08:02:19 +00:00
zhi
8e0f158266 refactor(monitor): remove deprecated challenge flow 
- Remove challenge issuance endpoint
- Remove monitor websocket challenge handshake flow
- Remove challenge/nonce runtime models
- Keep API key as the only server auth path
 2026-03-20 07:42:43 +00:00
zhi
97f12cac7a feat(monitor): store plugin version separately from openclaw version 
- Add server_states.plugin_version column
- Keep openclaw_version for remote OpenClaw runtime version
- Expose plugin_version in monitor server view
- Accept and persist plugin_version in heartbeat payloads
 2026-03-20 07:23:18 +00:00
zhi
a0d0c7b3a1 fix(monitoring): handle timezone-naive datetimes in get_server_states_view 
Fixes datetime comparison error when last_seen_at from database is
offset-naive (no timezone info) while 'now' is offset-aware (UTC).

This resolves the TypeError: can't subtract offset-naive and
offset-aware datetimes issue in integration tests.
 2026-03-19 20:57:50 +00:00
zhi
c70f90cb52 feat(monitor): add API Key authentication for server heartbeat 
- Add api_key field to MonitoredServer model with unique index
- Add migration to create api_key column
- Add POST /admin/servers/{id}/api-key for key generation
- Add DELETE /admin/servers/{id}/api-key for key revocation
- Add POST /server/heartbeat-v2 with X-API-Key header auth
- TelemetryPayload includes load_avg and uptime_seconds
 2026-03-19 18:17:50 +00:00
zhi
929a722c66 docs: add OpenClaw Plugin development plan 
- docs/OPENCLAW_PLUGIN_DEV_PLAN.md: Complete development plan
  * Backend capability assessment
  * Security analysis (current HTTP heartbeat lacks validation)
  * Three implementation options (enhanced HTTP / API Key / encrypted payload)
  * Phased development plan (Phase 1-3)
  * API specifications
  * Data models
  * Sequence diagrams

- docs/examples/monitor_heartbeat_secure.py: Reference implementation
  for secure HTTP heartbeat with challenge validation
 2026-03-19 14:19:46 +00:00
zhi
67c648d6d8 chore: remove tests - moved to HarborForge.Backend.Test 
All backend tests moved to independent test project at
HarborForge.Test/HarborForge.Backend.Test/
 2026-03-19 12:44:10 +00:00
zhi
403d66e1ba test(P14.1): add comprehensive backend API tests 
Add test coverage for:
- test_auth.py: Login, JWT, protected endpoints (5 tests)
- test_users.py: User CRUD, permissions (8 tests)
- test_projects.py: Project CRUD, ownership (8 tests)
- test_milestones.py: Milestone CRUD, filtering (7 tests)
- test_tasks.py: Task CRUD, filtering by status/assignee (8 tests)
- test_comments.py: Comment CRUD, edit permissions (5 tests)
- test_roles.py: Role/permission management, assignments (9 tests)
- test_misc.py: Milestones global, notifications, activity log, API keys, dashboard, health (14 tests)

Total: 64 new tests covering all major API endpoints.
Uses existing pytest fixtures from conftest.py.
 2026-03-19 12:38:14 +00:00
hzhang
0b1e47ef60 Merge pull request 'feat: milestone state machine + propose flow + task state machine' (#8) from feat/milestone-propose-state-machine into main 
Reviewed-on: #8
 2026-03-19 11:11:09 +00:00
zhi
43742f69da fix: add values_callable to all SQLAlchemy Enum columns 
SQLAlchemy 2.0 defaults to mapping Python enum *names* (OPEN, CLOSED)
to DB values, but MySQL stores lowercase *values* (open, closed).
This mismatch causes LookupError on read.

Adding values_callable=lambda x: [e.value for e in x] tells SQLAlchemy
to use the enum values for DB mapping.

Affected models: milestone, task, meeting, propose, support
 2026-03-19 09:38:37 +00:00
zhi
e938507a24 test(P13.3): propose backend tests — 19 tests covering CRUD, accept/reject/reopen, code generation, feat_task_id protection, edit restrictions, permissions 2026-03-18 05:01:56 +00:00
zhi
c21e4ee335 test(P13.2): task state-machine tests — 34 tests covering transitions, assignee guards, comments, permissions, edit restrictions 2026-03-18 04:02:29 +00:00
zhi
011a2262ce test(P13.1): add milestone state machine tests — 17 tests covering freeze/start/close/auto-complete/preflight 
New test infrastructure:
- tests/conftest.py: SQLite in-memory fixtures, TestClient wired to test DB,
  factory fixtures for User/Project/Milestone/Task/Roles/Permissions
- tests/test_milestone_actions.py: 17 tests covering:
  - freeze success/no-release-task/multiple-release-tasks/wrong-status
  - start success+started_at/deps-not-met/wrong-status
  - close from open/freeze/undergoing, rejected from completed/closed
  - auto-complete on release task finish, no auto-complete for non-release/wrong-status
  - preflight allowed/not-allowed
 2026-03-18 03:07:30 +00:00
zhi
7bad57eb0e feat(P5): sync batch transition with P5.3-P5.6 guards — auth, assignee, comment, permission, deps, auto-complete 2026-03-18 01:01:59 +00:00
zhi
00a1786ec3 feat(P12.1): CLI — add propose subcommands, remove task_type=task, add milestone status filter, transition comment support 2026-03-18 00:01:52 +00:00
zhi
586e06f66a feat(P3.6): lock feature story task body edits when milestone is freeze/undergoing/completed/closed 2026-03-17 23:01:39 +00:00
zhi
ec91a15f65 fix(P7.1): remove TaskType.TASK from models.py + fix milestone task defaults (issue/pending) 2026-03-17 23:01:02 +00:00
zhi
8e38d4cf4d feat(P2.2): add default mgr/dev role seeds with preset permissions for milestone/task/propose actions 2026-03-17 19:02:44 +00:00
zhi
0c75045f6f feat(P4.3): wire task depend_on check into pending→open transition via reusable helper 2026-03-17 18:02:08 +00:00
zhi
c6b14ac25f P4.1: Extract reusable dependency check helper, deduplicate milestone_actions.py 
- New app/services/dependency_check.py with check_milestone_deps()
- Replaces 3x duplicated JSON-parse + query + filter logic
- Supports both milestone and task dependency checking
- Returns structured DepCheckResult with ok/blockers/reason
- Refactored preflight and start endpoints to use shared helper
 2026-03-17 17:03:45 +00:00
zhi
89e3bcdd0f feat(P7.1): remove task_type='task' — migrate to issue/defect, update defaults and DB migration 2026-03-17 16:05:32 +00:00
zhi
3afbbc2a88 feat(P2.1): register 9 new permissions (milestone/task/propose actions) + wire check_permission in all action endpoints 
- Add milestone.freeze/start/close, task.close/reopen_closed/reopen_completed, propose.accept/reject/reopen to DEFAULT_PERMISSIONS
- Replace placeholder check_project_role with check_permission in proposes.py accept/reject/reopen
- Replace freeform permission strings with dotted names in milestone_actions.py
- Add task.close and task.reopen_* permission checks in tasks.py transition endpoint
- Admin role auto-inherits all new permissions via init_wizard
 2026-03-17 15:03:48 +00:00
zhi
c18b8f3850 feat(P9.6): block story/feature and maintenance/release task creation via general create endpoints 2026-03-17 13:02:46 +00:00
zhi
7542f2d7c1 feat(P5.7): task edit restrictions — block body edits in undergoing/completed/closed, enforce assignee-only edit in open+assigned 2026-03-17 12:04:12 +00:00
zhi
ffb0fa6058 feat(P5.3+P5.4): enforce assignee identity on start/complete + require completion comment in transition endpoint 2026-03-17 11:02:19 +00:00
zhi
7a16639aac feat(P8.3): milestone preflight endpoint for freeze/start button pre-condition checks 2026-03-17 10:04:17 +00:00
zhi
314040cef5 feat(P3.6): milestone edit restrictions — block PATCH in terminal states, restrict scope fields in freeze/undergoing, protect delete 2026-03-17 09:01:40 +00:00
zhi
589b1cc8de feat(P5.1-P5.6): task state-machine validation — enforce legal transitions in transition/batch/update endpoints 2026-03-17 08:02:37 +00:00
zhi
7d8c448cb8 feat(P3.1): milestone action endpoints — freeze/start/close + auto-complete hook 
- New milestone_actions router with POST freeze/start/close endpoints
- freeze: validates exactly 1 release maintenance task exists
- start: validates all milestone/task dependencies completed, records started_at
- close: allows from open/freeze/undergoing with reason
- try_auto_complete_milestone helper: auto-completes milestone when sole release task finishes
- Wired auto-complete into task transition and update endpoints
- Added freeze enforcement: no new feature story tasks after freeze
- Added started_at to milestone serializer
- All actions write activity logs
 2026-03-17 04:03:05 +00:00
zhi
75ccbcb362 feat: propose CRUD router + accept/reject/reopen actions (P6.1-P6.4) 2026-03-17 03:01:49 +00:00
zhi
2bea75e843 feat: add Propose model/schema + DB enum migration scripts 
- New Propose model (app/models/propose.py) with status enum (open/accepted/rejected)
- New Propose schemas (ProposeCreate/Update/Response) in schemas.py
- MySQL enum migration in main.py for milestone/task status columns
  - milestone: pending→open, deferred→closed, progressing→undergoing
  - task: progressing→undergoing
- Import propose model in startup for create_all
- Add started_at column migration for milestones
 2026-03-17 02:04:42 +00:00
zhi
9e22c97ae8 refactor: update milestone/task status enums to new state machine values 
Milestone: open/freeze/undergoing/completed/closed (was open/pending/deferred/progressing/closed)
Task: open/pending/undergoing/completed/closed (was open/pending/progressing/closed)

- Add MilestoneStatusEnum to schemas with typed validation
- Add started_at field to Milestone model
- Update all router/CLI references from progressing->undergoing
- Add completed status handling in task transition logic
 2026-03-17 00:04:29 +00:00