np-dms/lcbp3
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

260320:1131 Refactor Overrall #01
Build and Deploy / deploy (push) Has been cancelled
Details

Browse Source
This commit is contained in:
admin
2026-03-20 11:31:27 +07:00
parent f1b81a7d0d
commit 1d3479770b
147 changed files with 1745 additions and 1567 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/Workflow DSL Specification.md
+125
View File
@@ -0,0 +1,125 @@
# **Workflow DSL Specification v1.0**
เอกสารนี้ระบุโครงสร้างภาษา (Domain-Specific Language) สำหรับกำหนด Business Logic ของการเดินเอกสารในระบบ LCBP3-DMS
## **1\. โครงสร้างหลัก (Root Structure)**
ไฟล์ Definition ต้องอยู่ในรูปแบบ YAML หรือ JSON โดยมีโครงสร้างดังนี้:
```json
workflow: "RFA_FLOW" # Workflow (Unique)
version: 1 # Logic
description: "RFA Approval Process" #
#
states:
- name: "DRAFT" # (Case-sensitive)
initial: true # ( 1 )
on: # Action
SUBMIT: # Action ( User )
to: "IN_REVIEW" #
require: # (Optional)
role: "EDITOR"
events: # (Optional)
- type: "notify"
target: "reviewer"
- name: "IN_REVIEW"
on:
APPROVE:
to: "APPROVED"
condition: "context.amount < 1000000" # (Optional) JS Expression
REJECT:
to: "DRAFT"
events:
- type: "notify"
target: "creator"
- name: "APPROVED"
terminal: true # ()
```
## **2. รายละเอียด Field (Field Definitions)**
### **2.1 State Object**
| Field | Type | Required | Description |
| :------- | :------ | :------- | :--------------------------------------------- |
| name | string | Yes | ชื่อสถานะ (Unique Key) |
| initial | boolean | No | ระบุว่าเป็นจุดเริ่มต้น (ต้องมี 1 state ในระบบ) |
| terminal | boolean | No | ระบุว่าเป็นจุดสิ้นสุด |
| on | object | No | Map ของ Action -> Transition Rule |
### **2.2 Transition Rule Object**
| Field | Type | Required | Description |
| :-------- | :----- | :------- | :-------------------------------------- |
| to | string | Yes | ชื่อสถานะปลายทาง |
| require | object | No | เงื่อนไข Role/User |
| condition | string | No | JavaScript Expression (return boolean) |
| events | array | No | Side-effects ที่จะทำงานหลังเปลี่ยนสถานะ |
### **2.3 Requirements Object**
| Field | Type | Description |
| :---- | :----- | :------------------------------------------ |
| role | string | User ต้องมี Role นี้ (เช่น PROJECT_MANAGER) |
| user | string | User ต้องมี ID นี้ (Hard-code) |
### **2.4 Event Object**
| Field | Type | Description |
| :------- | :----- | :----------------------------------------- |
| type | string | notify, webhook, update_status |
| target | string | ผู้รับ (เช่น creator, assignee, หรือ Role) |
| template | string | รหัส Template ข้อความ |
## **3\. ตัวอย่างการใช้งานจริง (Real-world Examples)**
### **ตัวอย่าง: RFA Approval Flow**
```json
{
"workflow": "RFA_STD",
"version": 1,
"states": [
{
"name": "DRAFT",
"initial": true,
"on": {
"SUBMIT": {
"to": "CONSULTANT_REVIEW",
"require": { "role": "CONTRACTOR" }
}
}
},
{
"name": "CONSULTANT_REVIEW",
"on": {
"APPROVE_1": {
"to": "OWNER_REVIEW",
"condition": "context.priority === 'HIGH'"
},
"APPROVE_2": {
"to": "APPROVED",
"condition": "context.priority === 'NORMAL'"
},
"REJECT": {
"to": "DRAFT"
}
}
},
{
"name": "OWNER_REVIEW",
"on": {
"APPROVE": { "to": "APPROVED" },
"REJECT": { "to": "CONSULTANT_REVIEW" }
}
},
{
"name": "APPROVED",
"terminal": true
}
]
}
```
docs/build-status-2026-03-20.md
+92
View File
@@ -0,0 +1,92 @@
# Build Status - 2026-03-20
## 📊 Overall Status: ✅ BUILD SUCCESSFUL
Frontend build passes with **zero TypeScript errors** after comprehensive quality refactor.
---
## 🎨 Frontend Quality Refactor Pass
### ✅ **Build Result: SUCCESS**
- **Framework:** Next.js 16.2.0 (Turbopack)
- **TypeScript:** ✅ Pass (zero errors)
- **Build Time:** ~6.2s (Turbopack)
- **ESLint:** Hardened with `no-explicit-any` + `no-console` warnings
### 📈 Metrics
| Metric | Before | After | Improvement |
|--------|--------|-------|-------------|
| `as any` casts | 69 | 4 | **94% reduction** |
| `console.*` calls | 53 | 4 | **92% reduction** |
| Index-as-key warnings | 6+ | 0 | **100% fixed** |
| Duplicate components | 1 | 0 | **Consolidated** |
### Remaining `as any` (4 — all justified)
All 4 are `zodResolver(formSchema) as any` — known incompatibility between Zod v4.3.6 and @hookform/resolvers v3.9.0. Each annotated with `eslint-disable-line` comment explaining the workaround.
| File | Reason |
|------|--------|
| `numbering/cancel-number-form.tsx` | zod 4 + @hookform/resolvers compat |
| `numbering/manual-override-form.tsx` | zod 4 + @hookform/resolvers compat |
| `numbering/void-replace-form.tsx` | zod 4 + @hookform/resolvers compat |
| `transmittal/transmittal-form.tsx` | zod 4 + @hookform/resolvers compat |
### Remaining `console.error` (4 — all required)
All 4 are in Next.js error boundary files — required by the framework for error reporting.
| File | Reason |
|------|--------|
| `app/error.tsx` | App-level error boundary |
| `app/global-error.tsx` | Global error boundary |
| `app/(dashboard)/error.tsx` | Dashboard error boundary |
| `app/(admin)/error.tsx` | Admin error boundary |
---
## 🔧 Changes Summary
### Phase 1: ESLint Hardening
- `eslint.config.mjs` — Added `@typescript-eslint/no-explicit-any` (warn), `no-console` (warn), `react-hooks/rules-of-hooks` (error), `react-hooks/exhaustive-deps` (warn)
### Phase 2: Component Consolidation
- `correspondences/form.tsx` — Replaced duplicate `FileUpload` with canonical `FileUploadZone`
### Phase 3: Eliminate `any` Types (~40+ files)
- Admin pages: Typed project select casts (6 files)
- Form components: Typed discriminated union errors, mutation payloads, default values
- API responses: Explicit return types on `securityService.getRoles/getPermissions`
- Error handling: `error: any``error: unknown` with typed casts
- DTOs: Added `items?: RFAItem[]` to `CreateRfaDto`
### Phase 4: Remove Console Logs (~30 files)
- Removed debug `console.log` from admin pages, auth, API client
- Removed redundant `console.error` where `toast` already provides feedback
- Replaced `alert()` with `toast.error()` in migration batch commit
### Phase 5: Fix Index-as-Key
- `sidebar.tsx``key={item.href}` instead of `key={index}`
- `admin/page.tsx``key={stat.title}` and `key={link.href}`
### Phase 6: Build Verification
-`pnpm run build` passes with zero errors
---
## 🚀 Deployment Readiness
### ✅ **Ready for Production**
- [x] Zero build errors
- [x] Zero TypeScript errors
- [x] ESLint hardened (any/console warnings)
- [x] No debug console.log in production code
- [x] Proper React keys on dynamic lists
- [x] Security vulnerabilities: 0
---
**Last Updated:** 2026-03-20
**Build Status:** ✅ PRODUCTION READY
docs/documentation-updates-summary-2026-03-19.md
+103
View File
@@ -0,0 +1,103 @@
# Documentation Updates Summary - 2026-03-19
## 🎯 Purpose
This document summarizes all documentation updates made to reflect the backend security hardening and dependency updates completed on 2026-03-19.
## 📋 Updates Completed
### 1. CHANGELOG.md
- ✅ Added comprehensive "Backend Security & Dependency Updates (2026-03-19)" section
- ✅ Documented all 52 vulnerabilities fixed (27 high + 20 moderate + 5 low)
- ✅ Listed major package upgrades: Elasticsearch 9.3.4, Nodemailer 8.0.3, UUID 13.0.0, @types/node 25.5.0
- ✅ Documented Jest configuration updates for UUID v13 compatibility
- ✅ Added package management status (0 vulnerabilities)
### 2. README.md
- ✅ Updated project status to "UAT Ready, Security Hardened (2026-03-19)"
- ✅ Updated backend status to show "0 Vulnerabilities"
- ✅ Updated technology stack section with Elasticsearch 9.3.4 and Nodemailer 8.0.3
- ✅ Added security status line in backend tech stack
- ✅ Updated Version 1.8.1 section to include security hardening achievements
- ✅ Added "Security Hardening (2026-03-19)" subsection with vulnerability details
### 3. CONTRIBUTING.md
- ✅ Added security labels example in issue creation section
- ✅ Updated document history template to include security status
- ✅ Added security status line: "Security: 0 vulnerabilities (backend)"
- ✅ Updated version to 1.8.1 and date to 2026-03-19
### 4. AGENTS.md
- ✅ Updated project status to "UAT Ready, Security Hardened (2026-03-19)"
- ✅ Updated Elasticsearch version from 8.11 to 9.3.4
- ✅ Added security status: "0 vulnerabilities (as of 2026-03-19)"
- ✅ Updated backend status to show "0 Vulnerabilities"
### 5. Security Operations Spec (specs/04-Infrastructure-OPS/04-06-security-operations.md)
- ✅ Updated version from 1.8.0 to 1.8.1
- ✅ Updated last updated date to 2026-03-19
- ✅ Added comprehensive security status section
- ✅ Documented vulnerability resolution details
- ✅ Listed major security updates applied
### 6. Backend Guidelines (specs/05-Engineering-Guidelines/05-02-backend-guidelines.md)
- ✅ Updated version from 1.5.0 to 1.8.1
- ✅ Updated last updated date to 2026-03-19
- ✅ Added "Zero Vulnerabilities" principle to guidelines
- ✅ Documented dependency maintenance commitment
## 📊 Key Changes Highlighted
### Security Achievements
- **52 vulnerabilities resolved** (27 high + 20 moderate + 5 low)
- **0 known vulnerabilities** current status
- **Major package updates** for security
- **Security overrides implemented** via pnpm audit
### Technology Stack Updates
- **Elasticsearch**: 8.19.1 → 9.3.4
- **Nodemailer**: 7.0.11 → 8.0.3
- **UUID**: 11.1.0 → 13.0.0
- **@types/node**: 22.19.1 → 25.5.0
### Process Improvements
- **Jest configuration** updated for UUID v13 ES modules
- **Build verification** completed successfully
- **Test compatibility** maintained
- **Package management** streamlined
## 🎯 Impact
### Documentation Accuracy
- All documentation now reflects current security status
- Technology stack versions are up-to-date
- Security achievements are properly documented
- Process improvements are captured for future reference
### Stakeholder Communication
- Clear security status reporting
- Transparent vulnerability management process
- Updated project readiness indicators
- Enhanced trust through documented security practices
### Development Team Benefits
- Clear guidelines for dependency management
- Updated security principles in engineering guidelines
- Accurate technology stack information
- Documented best practices for maintenance
## ✅ Validation Checklist
- [x] All files updated with correct version (1.8.1)
- [x] All dates updated to 2026-03-19
- [x] Security status accurately reflected (0 vulnerabilities)
- [x] Technology stack versions updated
- [x] Process improvements documented
- [x] Consistent formatting maintained
- [x] Internal links verified
- [x] Thai language consistency maintained
---
**Document Status**: Complete
**Last Updated**: 2026-03-19
**Next Review**: After next dependency update cycle