zhi/HarborForge.Backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
150 Commits 2 Branches 0 Tags
cb0be052468252a4034ec5b62788840985394f56
Commit Graph

117 Commits

Author SHA1 Message Date
zhi
cb0be05246 BE-PR-007: refactor Proposal Accept to generate story tasks from all Essentials 
- Removed old logic that created a single story/feature task on accept
- Accept now iterates all Essentials under the Proposal
- Each Essential.type maps to a story/* task (feature/improvement/refactor)
- All tasks created in a single transaction
- Added ProposalAcceptResponse and GeneratedTaskSummary schemas
- Proposal must have at least one Essential to be accepted
- No longer writes to deprecated feat_task_id field
 2026-03-30 07:46:20 +00:00
zhi
431f4abe5a BE-PR-006: Add Essential CRUD API under Proposals 
- New router: /projects/{project_id}/proposals/{proposal_id}/essentials
  - GET (list), POST (create), GET/{id}, PATCH/{id}, DELETE/{id}
- All mutations restricted to open proposals only
- Permission: creator, project owner, or global admin
- Registered essentials router in main.py
- Updated GET /proposals/{id} to return ProposalDetailResponse with
  embedded essentials list
- Activity logging on all CRUD operations
 2026-03-30 07:16:30 +00:00
zhi
8d2d467bd8 BE-PR-005: Add Essential schema definitions (create/update/response) and ProposalDetailResponse with nested essentials 2026-03-30 06:45:21 +00:00
zhi
5aca07a7a0 BE-PR-004: implement EssentialCode encoding rules 
- Format: {proposal_code}:E{seq:05x} (e.g. PROJ01:P00001:E00001)
- Prefix 'E' for Essential, 5-digit zero-padded hex sequence
- Sequence scoped per Proposal, derived from max existing code
- No separate counter table needed (uses max-suffix approach)
- Supports batch_offset for bulk creation during Proposal Accept
- Includes validate_essential_code() helper
 2026-03-30 06:16:01 +00:00
zhi
089d75f953 BE-PR-003: Add Essential SQLAlchemy model 
- New app/models/essential.py with Essential model and EssentialType enum
  (feature, improvement, refactor)
- Fields: id, essential_code (unique), proposal_id (FK to proposes),
  type, title, description, created_by_id (FK to users), created_at, updated_at
- Added essentials relationship to Proposal model (cascade delete-orphan)
- Added essentials table auto-migration in main.py _migrate_schema()
- Registered essential module import in startup()
 2026-03-29 16:33:00 +00:00
zhi
119a679e7f BE-PR-002: Proposal model naming & field adjustments 
- Add comprehensive docstring to Proposal model documenting all relationships
- Add column comments for all fields (title, description, status, project_id, etc.)
- Mark feat_task_id as DEPRECATED (will be replaced by Essential->task mapping in BE-PR-008)
- Add proposal_code hybrid property as preferred alias for DB column propose_code
- Update ProposalResponse schema to include proposal_code alongside propose_code
- Update serializer to emit both proposal_code and propose_code for backward compat
- No DB migration needed -- only Python-level changes
 2026-03-29 16:02:18 +00:00
zhi
cfacd432f5 BE-PR-001: Rename Propose -> Proposal across backend 
- New canonical model: Proposal, ProposalStatus (app/models/proposal.py)
- New canonical router: /projects/{id}/proposals (app/api/routers/proposals.py)
- Schemas renamed: ProposalCreate, ProposalUpdate, ProposalResponse, etc.
- Old propose.py and proposes.py kept as backward-compat shims
- Legacy /proposes API still works (delegates to /proposals handlers)
- DB table name (proposes), column (propose_code), and permission names
  (propose.*) kept unchanged for zero-migration compat
- Updated init_wizard.py comments
 2026-03-29 15:35:23 +00:00
zhi
5ccd955a66 Fix: use role name 'admin' instead of 'superadmin' for global admin check 2026-03-22 11:17:51 +00:00
zhi
15126aa0e5 Apply fix: accept project_code as identifier in project endpoints 2026-03-22 10:57:51 +00:00
zhi
1905378064 Merge fix/three-bugs-2026-03-22: accept task_code/milestone_code as identifiers, add /config/status endpoint 2026-03-22 10:56:34 +00:00
zhi
8b357aabc4 Fix: accept task_code/milestone_code as identifiers, add /config/status endpoint 
- All /tasks/{task_id} endpoints now accept both numeric id and task_code string
- All /milestones/{milestone_id} endpoints (misc.py) now accept both numeric id and milestone_code
- Added _resolve_task() and _resolve_milestone() helpers
- GET /config/status reads initialization state from config volume (no wizard dependency)
- MilestoneResponse schema now includes milestone_code field
- Comments and worklog endpoints also accept task_code
 2026-03-22 10:06:27 +00:00
zhi
88931d822d Fix milestones 422 + acc-mgr user + reset-apikey endpoint 
- Fix: /milestones?project_id= now accepts project_code (str) not just int
- Add: built-in acc-mgr user created on wizard init (account-manager role, no login, undeletable)
- Add: POST /users/{id}/reset-apikey with permission-based access control
- Add: GET /auth/me/apikey-permissions for frontend capability check
- Add: user.reset-self-apikey and user.reset-apikey permissions
- Protect admin and acc-mgr accounts from deletion
- Block acc-mgr from login (/auth/token returns 403)
 2026-03-22 05:39:03 +00:00
zhi
d17072881b feat: add general /supports list endpoint with status/taken_by filters 
- New GET /supports endpoint for listing all support tickets across projects
- Supports optional ?status= and ?taken_by= (me|null|username) query params
- Ordered by created_at descending
- Complements the existing scoped /supports/{project_code}/{milestone_id} endpoint
 2026-03-22 00:17:44 +00:00
zhi
3ff9132596 feat: enrich member/comment/propose APIs with usernames 
- ProjectMemberResponse now includes username and full_name
- Comment list endpoint returns author_username
- ProposeResponse now includes created_by_username
- All serializers resolve User objects to surface human-readable names
- Supports frontend code-first migration (TODO §3.1/3.2)
 2026-03-21 20:28:28 +00:00
zhi
86911286c0 feat: add code-based meetings router with participant/attend support 
- New dedicated meetings.py router with full CRUD (list/get/create/update/delete)
- All endpoints accept meeting_code or numeric id
- MeetingParticipant model for tracking meeting attendance
- POST /meetings/{id}/attend adds current user to participant list
- Serialization includes participants list, project_code, milestone_code
- Creator auto-added as participant on meeting creation
- Registered in main.py alongside existing routers
 2026-03-21 19:18:20 +00:00
zhi
96cbe109ec Add support code-based action routes 2026-03-21 18:17:11 +00:00
zhi
43af5b29f6 feat: add code-first API support for projects, milestones, proposes, tasks 
- Projects: get/update/delete/members endpoints now accept project_code
- Milestones: all project-scoped and top-level endpoints accept milestone_code
- Proposes: all endpoints accept project_code and propose_code
- Tasks: code-first support for all CRUD + transition + take + search
- Schemas: add code/type/due_date/project_code/milestone_code/taken_by fields
- All endpoints use id-or-code lookup helpers for backward compatibility
- Milestone serializer now includes milestone_code and code fields
- Task serializer enriches responses with project_code, milestone_code, taken_by

Addresses TODO §2.1: code-first API support across CLI-targeted resources
 2026-03-21 18:12:04 +00:00
zhi
32e79a41d8 Expose milestone codes in response schema 2026-03-21 16:06:40 +00:00
zhi
e5fd89f972 feat: add username-based user lookup and permission introspection endpoint 
- users router: accept username or id in get/update/delete/worklogs via _find_user_by_id_or_username()
- auth router: add GET /auth/me/permissions for CLI help introspection (token → user → role → permissions)
 2026-03-21 14:21:54 +00:00
zhi
271d5140e6 feat(users): switch account management to single-role model 
- add users.role_id for one global role per account
- seed protected account-manager role with account.create permission
- default new accounts to guest role
- block admin role assignment through user management
- allow account-manager permission to create accounts
 2026-03-21 08:44:19 +00:00
zhi
7d42d567d1 feat(users): add admin-safe user management endpoints 
- require admin auth for user CRUD
- support editable email/full name/password/admin/active fields
- prevent self lockout and self deletion
- return clear error when related records block deletion
 2026-03-20 10:56:00 +00:00
zhi
14dcda3cdc feat(monitor): store nginx telemetry for generic clients 
- accept nginx installation status and sites-enabled list
- persist nginx fields in server state
- expose nginx data in monitor overview/admin views
- auto-migrate new server_states columns on startup
 2026-03-20 10:03:56 +00:00
zhi
9b5e2dc15c fix(monitor): harden server delete and remove challenge docs 
- Delete server state before monitored server to avoid FK 500s
- Keep legacy cleanup for obsolete challenge tables
- Rewrite monitor docs to API key-only flow
 2026-03-20 08:02:19 +00:00
zhi
8e0f158266 refactor(monitor): remove deprecated challenge flow 
- Remove challenge issuance endpoint
- Remove monitor websocket challenge handshake flow
- Remove challenge/nonce runtime models
- Keep API key as the only server auth path
 2026-03-20 07:42:43 +00:00
zhi
97f12cac7a feat(monitor): store plugin version separately from openclaw version 
- Add server_states.plugin_version column
- Keep openclaw_version for remote OpenClaw runtime version
- Expose plugin_version in monitor server view
- Accept and persist plugin_version in heartbeat payloads
 2026-03-20 07:23:18 +00:00
zhi
a0d0c7b3a1 fix(monitoring): handle timezone-naive datetimes in get_server_states_view 
Fixes datetime comparison error when last_seen_at from database is
offset-naive (no timezone info) while 'now' is offset-aware (UTC).

This resolves the TypeError: can't subtract offset-naive and
offset-aware datetimes issue in integration tests.
 2026-03-19 20:57:50 +00:00
zhi
c70f90cb52 feat(monitor): add API Key authentication for server heartbeat 
- Add api_key field to MonitoredServer model with unique index
- Add migration to create api_key column
- Add POST /admin/servers/{id}/api-key for key generation
- Add DELETE /admin/servers/{id}/api-key for key revocation
- Add POST /server/heartbeat-v2 with X-API-Key header auth
- TelemetryPayload includes load_avg and uptime_seconds
 2026-03-19 18:17:50 +00:00
zhi
43742f69da fix: add values_callable to all SQLAlchemy Enum columns 
SQLAlchemy 2.0 defaults to mapping Python enum *names* (OPEN, CLOSED)
to DB values, but MySQL stores lowercase *values* (open, closed).
This mismatch causes LookupError on read.

Adding values_callable=lambda x: [e.value for e in x] tells SQLAlchemy
to use the enum values for DB mapping.

Affected models: milestone, task, meeting, propose, support
 2026-03-19 09:38:37 +00:00
zhi
7bad57eb0e feat(P5): sync batch transition with P5.3-P5.6 guards — auth, assignee, comment, permission, deps, auto-complete 2026-03-18 01:01:59 +00:00
zhi
586e06f66a feat(P3.6): lock feature story task body edits when milestone is freeze/undergoing/completed/closed 2026-03-17 23:01:39 +00:00
zhi
ec91a15f65 fix(P7.1): remove TaskType.TASK from models.py + fix milestone task defaults (issue/pending) 2026-03-17 23:01:02 +00:00
zhi
8e38d4cf4d feat(P2.2): add default mgr/dev role seeds with preset permissions for milestone/task/propose actions 2026-03-17 19:02:44 +00:00
zhi
0c75045f6f feat(P4.3): wire task depend_on check into pending→open transition via reusable helper 2026-03-17 18:02:08 +00:00
zhi
c6b14ac25f P4.1: Extract reusable dependency check helper, deduplicate milestone_actions.py 
- New app/services/dependency_check.py with check_milestone_deps()
- Replaces 3x duplicated JSON-parse + query + filter logic
- Supports both milestone and task dependency checking
- Returns structured DepCheckResult with ok/blockers/reason
- Refactored preflight and start endpoints to use shared helper
 2026-03-17 17:03:45 +00:00
zhi
89e3bcdd0f feat(P7.1): remove task_type='task' — migrate to issue/defect, update defaults and DB migration 2026-03-17 16:05:32 +00:00
zhi
3afbbc2a88 feat(P2.1): register 9 new permissions (milestone/task/propose actions) + wire check_permission in all action endpoints 
- Add milestone.freeze/start/close, task.close/reopen_closed/reopen_completed, propose.accept/reject/reopen to DEFAULT_PERMISSIONS
- Replace placeholder check_project_role with check_permission in proposes.py accept/reject/reopen
- Replace freeform permission strings with dotted names in milestone_actions.py
- Add task.close and task.reopen_* permission checks in tasks.py transition endpoint
- Admin role auto-inherits all new permissions via init_wizard
 2026-03-17 15:03:48 +00:00
zhi
c18b8f3850 feat(P9.6): block story/feature and maintenance/release task creation via general create endpoints 2026-03-17 13:02:46 +00:00
zhi
7542f2d7c1 feat(P5.7): task edit restrictions — block body edits in undergoing/completed/closed, enforce assignee-only edit in open+assigned 2026-03-17 12:04:12 +00:00
zhi
ffb0fa6058 feat(P5.3+P5.4): enforce assignee identity on start/complete + require completion comment in transition endpoint 2026-03-17 11:02:19 +00:00
zhi
7a16639aac feat(P8.3): milestone preflight endpoint for freeze/start button pre-condition checks 2026-03-17 10:04:17 +00:00
zhi
314040cef5 feat(P3.6): milestone edit restrictions — block PATCH in terminal states, restrict scope fields in freeze/undergoing, protect delete 2026-03-17 09:01:40 +00:00
zhi
589b1cc8de feat(P5.1-P5.6): task state-machine validation — enforce legal transitions in transition/batch/update endpoints 2026-03-17 08:02:37 +00:00
zhi
7d8c448cb8 feat(P3.1): milestone action endpoints — freeze/start/close + auto-complete hook 
- New milestone_actions router with POST freeze/start/close endpoints
- freeze: validates exactly 1 release maintenance task exists
- start: validates all milestone/task dependencies completed, records started_at
- close: allows from open/freeze/undergoing with reason
- try_auto_complete_milestone helper: auto-completes milestone when sole release task finishes
- Wired auto-complete into task transition and update endpoints
- Added freeze enforcement: no new feature story tasks after freeze
- Added started_at to milestone serializer
- All actions write activity logs
 2026-03-17 04:03:05 +00:00
zhi
75ccbcb362 feat: propose CRUD router + accept/reject/reopen actions (P6.1-P6.4) 2026-03-17 03:01:49 +00:00
zhi
2bea75e843 feat: add Propose model/schema + DB enum migration scripts 
- New Propose model (app/models/propose.py) with status enum (open/accepted/rejected)
- New Propose schemas (ProposeCreate/Update/Response) in schemas.py
- MySQL enum migration in main.py for milestone/task status columns
  - milestone: pending→open, deferred→closed, progressing→undergoing
  - task: progressing→undergoing
- Import propose model in startup for create_all
- Add started_at column migration for milestones
 2026-03-17 02:04:42 +00:00
zhi
9e22c97ae8 refactor: update milestone/task status enums to new state machine values 
Milestone: open/freeze/undergoing/completed/closed (was open/pending/deferred/progressing/closed)
Task: open/pending/undergoing/completed/closed (was open/pending/progressing/closed)

- Add MilestoneStatusEnum to schemas with typed validation
- Add started_at field to Milestone model
- Update all router/CLI references from progressing->undergoing
- Add completed status handling in task transition logic
 2026-03-17 00:04:29 +00:00
zhi
9e14df921e feat: add modal-edit permissions for projects milestones and tasks 2026-03-16 18:13:54 +00:00
zhi
f16bdd9725 fix: align task response time field serialization 2026-03-16 16:32:01 +00:00
zhi
214a9b109d refactor: replace issues backend with milestone tasks 2026-03-16 13:22:14 +00:00
river
61e3349ca4 feat: add role/permission system with tests support 
- Add Role model with 17 default permissions
- Add init_wizard to create admin/guest roles on first startup
- Protect admin role from modification/deletion via API
- Fix MilestoneCreate schema (project_id optional)
- Fix delete role to clean up role_permissions first
- Add check_project_role RBAC function
 2026-03-15 12:25:59 +00:00