# Version History ## [Unreleased] ### CI/CD & Deployment Simplification (2026-03-24) #### 🚀 **deploy.sh v2.0 — Rewrote deployment script** - **Changed**: Replaced 9-step blue-green deployment with 3-step direct deploy - **Step 1**: Build Docker images (backend + frontend) from source - **Step 2**: `docker compose -f [compose_file] up -d --force-recreate` - **Step 3**: Health check on `backend` container - **Removed**: Blue/green directory switching, NGINX switching, `current` file tracking - **Reason**: QNAP setup uses a single stack — simultaneous blue/green was not viable with shared container names #### ⚙ī¸ **ci-deploy.yml — CI pipeline improvements** - **Added**: `pnpm/action-setup@v4` + `cache: 'pnpm'` for faster installs - **Fixed**: `--watchAll=false` removed from backend test command (not a valid Jest flag) - **Fixed**: `mkdir -p /share/np-dms/app/logs` before deploy to prevent `tee` error - **Simplified**: Removed `tee` + `PIPESTATUS` — `set -e` handles errors ### Document Numbering System Fixes (2026-03-21) #### đŸ”ĸ **Template Management Hardening** - **Issue**: Save/Edit functionality failing due to missing fields and data complexity. - **Fix (Backend)**: Added `disciplineId` and `isActive` to `DocumentNumberFormat` entity. - **Fix (Backend)**: Implemented automated "Upsert" logic in `DocumentNumberingService` to handle business keys (Project + Type + Discipline). - **Fix (Frontend)**: Refactored `numberingApi.saveTemplate` to sanitize DTOs and avoid sending nested relation objects. - **Feature**: Added **Discipline** selection to the Template Editor UI for granular numbering rules. - **Result**: Administrators can now successfully create, update, and manage numbering templates globally or per discipline. ### Build & Deployment Fixes (2026-03-20) #### 🔧 **Backend Dependency Resolution** - **Issue**: `ms` package not found during build - **Fix**: Added `"ms": "^2.1.3"` to dependencies and `"@types/ms": "^2.1.0"` to devDependencies - **Issue**: `CACHE_MANAGER` not available in UserModule and AuthModule - **Fix**: Added global `CacheModule.register({ isGlobal: true, ttl: 300 })` to AppModule - **Issue**: `UuidResolverService` not available despite `@Global()` decorator - **Fix**: Added `CommonModule` import to AppModule to initialize global services - **Result**: Backend starts successfully with all dependencies resolved #### đŸŗ **Docker Build Fixes** - **Issue**: Next.js standalone build failed with pnpm symlink structure - **Error**: `ENOENT: no such file or directory` creating standalone node_modules - **Fix**: Temporarily disabled `output: "standalone"` in next.config.mjs - **Fix**: Updated Dockerfile to copy full app and node_modules instead of standalone output - **Result**: Frontend builds successfully in Docker (slightly larger image) #### đŸ“Ļ **Cache Architecture Update** - **Before**: Local CacheModule imports in UserModule and AuthModule - **After**: Global CacheModule in AppModule (TTL 5 minutes, in-memory) - **Benefit**: All services (UserService, AuthService, JwtStrategy, IdempotencyInterceptor, MaintenanceModeGuard) can inject CACHE_MANAGER - **Note**: Temporary solution until Redis store TypeScript issues are resolved ### Frontend Quality Refactor Pass (2026-03-20) #### 🔧 **ESLint Hardening** - Added `@typescript-eslint/no-explicit-any` as warning for TypeScript files - Added `no-console` as warning for TypeScript files - Added `eslint-plugin-react-hooks` rules (rules-of-hooks: error, exhaustive-deps: warn) #### 🧹 **Eliminate `any` Types (69 → 4)** - **admin pages**: Replaced `(projects as any[])` with typed `{ id?; uuid?; projectCode; projectName }` casts (6 pages) - **drawings/upload-form.tsx**: Fixed discriminated union form errors with `Record` - **generic-crud-table.tsx**: Added `ApiError` interface, replaced `any` with `Record` generics - **numbering components**: Updated `projectId` prop types to `number | string`, coerced with `Number()` - **numbering/page.tsx**: Defined `ProjectItem` interface, typed find/filter operations - **admin/user-dialog.tsx**: Typed roles, organizations, and mutation payloads with `CreateUserDto` - **admin/security/rbac-matrix.tsx**: Typed API responses with explicit `Role[]` / `Permission[]` return types - **numbering/template-tester.tsx**: Typed template project access, fixed `error: any` → `error: unknown` - **numbering/template-editor.tsx**: Typed correspondence type lookup - **rfas/detail.tsx**: Created `RFADetailData` / `RFADetailItem` interfaces - **rfas/form.tsx**: Added `items` to `CreateRfaDto`, aligned DTO imports - **correspondences/form.tsx**: Fixed `defaultValues as any` → `as FormData` - **correspondences-content.tsx**: Removed `as any` on `useCorrespondences` params - **drawings/list.tsx**: Replaced `as any` with `as DrawingSearchParams` - **auth/auth-sync.tsx**: Typed NextAuth session user with explicit interface - **migration/review/[id]/page.tsx**: Fixed `error: any` → `error: unknown` with typed response cast - **reference pages** (disciplines, rfa-types, tags): Typed `fetchFn` mapping and `createFn` casts - **Remaining 4**: All `zodResolver(formSchema) as any` — known zod 4 + @hookform/resolvers compat (marked with `eslint-disable`) #### 🔇 **Remove Production Console Logs (53 → 4)** - Removed all `console.log`, `console.warn`, `console.error` from production code - **Kept**: 4 Next.js error boundary files (`error.tsx`, `global-error.tsx`) — required by framework - **Replaced**: Redundant catch-block logging where `toast` already provides user feedback - **Files cleaned**: `lib/auth.ts`, `lib/api/client.ts`, `lib/api/numbering.ts`, `lib/services/dashboard.service.ts`, all numbering components, admin pages, migration pages, workflow components, login page #### 🔑 **Fix Index-as-Key Anti-pattern** - **layout/sidebar.tsx**: Replaced `key={index}` with `key={item.href}` (desktop + mobile nav) - **admin/page.tsx**: Replaced `key={index}` with `key={stat.title}` and `key={link.href}` #### đŸ“Ļ **Component Consolidation** - **correspondences/form.tsx**: Replaced duplicate `FileUpload` import with canonical `FileUploadZone` - **custom/file-upload-zone.tsx**: Removed unnecessary `as any` cast in File constructor #### 📊 **Type System Improvements** - **types/rfa.ts**: Added `items?: RFAItem[]` to `CreateRFADto` - **types/dto/rfa/rfa.dto.ts**: Added `items?: RFAItem[]` to `CreateRfaDto` (DTO version) - **Build**: ✅ `pnpm run build` passes with zero errors ### Build Fixes & Dependency Updates (2026-03-19) #### 🔧 **Build Issues Fixed** **Frontend Build**: - **Fixed Tailwind CSS v4.2.2 PostCSS compatibility** → Downgraded to v3.4.3 - **Fixed Zod + React Hook Form compatibility** → @hookform/resolvers@3.9.0 - **Fixed ambiguous routes** → Removed conflicting `[id]` routes - **Fixed TypeScript errors** → Added proper type casting in template-editor.tsx - **Result**: ✅ Zero warnings, 57 routes generated **Backend Build**: - **Migrated cache-manager-redis-yet → cache-manager-redis-store@3.0.1** - **Removed deprecated @types packages** → @types/cache-manager, @types/ioredis, @types/uuid - **Updated import statements** → Redis store import path changed - **Result**: ✅ Zero warnings, all dependencies compatible #### đŸ“Ļ **Package Updates** ```bash # Frontend tailwindcss: 4.2.2 → 3.4.3 @hookform/resolvers: 5.2.2 → 3.9.0 # Backend cache-manager-redis-yet: 5.1.5 → cache-manager-redis-store: 3.0.1 Removed: @types/cache-manager@5.0.0, @types/ioredis@5.0.0, @types/uuid@11.0.0 ``` #### 📊 **Build Performance** - **Frontend**: 19.4s (57 routes, zero warnings) - **Backend**: ~30s (18 modules, zero warnings) - **Status**: ✅ Production Ready #### 📝 **Documentation Updated** - Updated AGENTS.md, .windsurfrules, CLAUDE.md, GEMINI.md - Created build-status-2026-03-19.md - Updated tech stack specifications ### Backend Security & Dependency Updates (2026-03-19) #### 🛡ī¸ Security Vulnerabilities Fixed - **All 52 vulnerabilities resolved** (27 high + 20 moderate + 5 low severity) - **Security overrides applied**: 30 package overrides via `pnpm audit --fix` - **Current status**: "No known vulnerabilities found" - **Critical patches applied**: - Webpack SSRF bypass (via @nestjs/cli) - qs DoS vulnerability (via @compodoc/compodoc) - Multiple package security updates (axios, ajv, multer, etc.) #### đŸ“Ļ Backend Dependency Updates **Major Version Upgrades**: - `@elastic/elasticsearch`: 8.19.1 → 9.3.4 (Major version jump) - `nodemailer`: 7.0.11 → 8.0.3 (Major version jump) - `uuid`: 11.1.0 → 13.0.0 (Major version jump) - `@types/node`: 22.19.1 → 25.5.0 (Major version jump) **Security & Compatibility Updates**: - `eslint`: 9.39.1 → 9.39.1 (kept 9.x for typescript-eslint compatibility) - `typescript-eslint`: 8.48.0 → 8.57.1 (Latest compatible version) - `@types/uuid`: 10.0.0 → 11.0.0 (Deprecated package updated) - `ajv`: 8.17.1 → 8.18.0 - `axios`: 1.13.2 → 1.13.6 - `multer`: 2.0.2 → 2.1.1 #### 🔧 Build & Test Configuration - **Jest Configuration**: Added `transformIgnorePatterns` for UUID v13 ES modules compatibility - **Build Verification**: Backend builds successfully after updates - **Test Compatibility**: Sample tests pass (app.controller.spec.ts) - **ESLint Compatibility**: Maintained 9.x for ecosystem compatibility #### 📋 Package Management - **pnpm audit**: Clean slate - 0 vulnerabilities - **Dependency Resolution**: All peer dependency conflicts resolved - **Deprecated Packages**: All stub type warnings acknowledged and documented ### Dependency Updates (2026-03-19) #### Frontend Dependencies đŸ“Ļ - **Security Updates**: - Next.js: 16.0.7 → 16.2.0 (fixes security vulnerability) - React: 19.0.0 → 19.2.4 - React DOM: 19.0.0 → 19.2.4 - **ESLint Migration**: - ESLint: 8.57.1 → 9.39.1 (resolves deprecated warning) - eslint-config-next: 14.2.33 → 16.2.0 - Created new `eslint.config.mjs` for ESLint 9 compatibility - Updated lint script to use ESLint directly - **Package Cleanup**: - Removed deprecated `@types/uuid@11.0.0` (using built-in types from uuid@13.0.0) - Fixed TypeScript ESLint disable comments in template files - **Other Updates** (25+ packages): - axios: 1.13.2 → 1.13.6 - lucide-react: 0.555.0 → 0.577.0 - react-day-picker: 9.12.0 → 9.14.0 - react-hook-form: 7.66.1 → 7.71.2 - react-dropzone: 14.3.8 → 15.0.0 - zustand: 5.0.8 → 5.0.12 - tailwind-merge: 3.4.0 → 3.5.0 - zod: 4.1.13 → 4.3.6 - vitest: 4.0.15 → 4.1.0 - @types/node: 20.19.25 → 25.5.0 - tailwindcss: 3.4.18 → 4.2.2 - jsdom: 27.3.0 → 29.0.0 #### Documentation Updates 📚 - **CHANGELOG.md**: Added comprehensive dependency update section - **README.md**: Updated tech stack versions - **AGENTS.md**: Updated frontend stack versions - **CONTRIBUTING.md**: No changes required (already up-to-date) #### Quality Improvements ✅ - All deprecated package warnings resolved - ESLint 9 configuration working correctly - No peer dependency conflicts - All tests passing (vitest configuration stable) ### In Progress - UAT (User Acceptance Testing) — ā¸•ā¸˛ā¸Ą `01-05-acceptance-criteria.md` - KPI Baseline Collection (As-Is Metrics ā¸āšˆā¸­ā¸™ Go-Live) - Legacy Data Migration — Tier 1 (2,000 docs Critical) - Final Security Audit — ā¸•ā¸˛ā¸Ą `04-06-security-operations.md` - Go-Live: Blue-Green Deploy ā¸šā¸™ QNAP Container Station ### NestJS 11 + Next.js 16 Migration (2026-03-16) #### Backend 🔧 - **NestJS 11 Upgrade**: `@nestjs/*` v11, Express v5, removed `@nestjs/mapped-types` - **RequestWithUser Interface**: Shared typed interface replacing `req: any` across 6 controllers (`auth`, `session`, `file-storage`, `workflow-engine`, `correspondence`, `jwt-refresh`) - **MasterModule DI Fix**: Imported `UserModule` so `RbacGuard` can resolve `UserService` - **TypeORM Fix**: Explicit typing for `DocumentNumberFormat` save/create overload resolution - **Swagger**: Updated API version to 1.8.1 ### Frontend 🎨 - **Next.js 16 Upgrade**: Next.js 16.0.7 → 16.2.0, React 19 → 19.2.4 (Security Fix) - **ESLint 9 Migration**: ESLint 8.57.1 → 9.39.1, removed deprecated warnings - **Dependency Updates**: Updated 25+ packages to latest stable versions - **Deprecated Package Cleanup**: Removed `@types/uuid@11.0.0` (using built-in types) - **proxy.ts Rename**: `middleware.ts` → `proxy.ts` (Next.js 16 deprecated `middleware` convention) - **ADR-019 UUID Fixes — Drawing Admin Pages (5 pages)**: - `contract/volumes`, `contract/categories`, `contract/sub-categories` - `shop/main-categories`, `shop/sub-categories` - Changed `useState` → `useState`, removed `parseInt(uuid)` - **ADR-019 UUID Fixes — Contract Page**: - Fixed edit form showing "New Contract" (`contract.uuid` → `contract.id` after `@Expose`) - Fixed blank Project dropdown (was using contract's UUID instead of project's UUID) - Fixed delete passing `undefined` uuid - Updated `Contract` interface to match serialized API response - **ADR-019 UUID Fixes — Disciplines & RFA Types**: - `useContracts(projectId=1)` → optional param, fetches all contracts when unspecified - `useDisciplines(contractId?: number)` → `number | string` - **ADR-019 UUID Fixes — Tags Page**: - Fixed Radix Select crash on empty `value=""` → `"__none__"` sentinel - Fixed Project Scope dropdown showing UUIDs (snake_case → camelCase field names) - **DTO Updates**: `CreateContractDto`, `SearchContractDto`, `CreateShopMainCategoryDto`, etc. — `projectId: number` → `number | string` - **Service Updates**: `drawing-master-data.service.ts`, `master-data.service.ts` — accept `string | number` for project/contract IDs #### Documentation 📚 - **ADR-005**: Updated Backend Stack table (NestJS 11, Express v5) - **Engineering Guidelines** (`05-01`): Added NestJS 11 specific patterns section - **README.md**: Tech stack versions, status date, ADR-019 in roadmap - **AGENTS.md**: Tech stack versions updated --- ## 1.8.1 Patch (2026-03-11) ### Summary **Product Owner Documentation Complete** — ā¸›ā¸´ā¸” 10/10 Documentation Gaps ā¸Ēā¸ŗā¸Ģā¸Ŗā¸ąā¸š UAT Readiness ā¸Ŗā¸°ā¸šā¸šā¸Ąā¸ĩāš€ā¸­ā¸ā¸Ēā¸˛ā¸Ŗā¸„ā¸Ŗā¸šā¸–āš‰ā¸§ā¸™ā¸Ēā¸ŗā¸Ģā¸Ŗā¸ąā¸š Stakeholder Sign-off āšā¸Ĩā¸° Go-Live Process ### Documentation 📚 — 10/10 Gaps Closed #### Gap 1: Product Vision Statement ✅ `specs/00-Overview/00-03-product-vision.md` - Elevator Pitch, Problem Statement, Geoffrey Moore Vision Format - Strategic Pillars: Speed / Security / Visibility - Phase Roadmap (Now → 24 āš€ā¸”ā¸ˇā¸­ā¸™), Guardrails, Success Metrics #### Gap 2: User Stories ✅ `specs/01-Requirements/01-04-user-stories.md` - 27 User Stories ā¸„ā¸Ŗā¸­ā¸šā¸„ā¸Ĩā¸¸ā¸Ą 8 Epics - MoSCoW Prioritization per Story - Acceptance Criteria + Definition of Done #### Gap 3: Acceptance Criteria (UAT) ✅ `specs/01-Requirements/01-05-acceptance-criteria.md` - 35 Acceptance Criteria (All Modules) - UAT Plan: 4 Phases, Sign-off Process - Go-Live Criteria Matrix #### Gap 4: UI/UX Wireframes ✅ `specs/01-Requirements/01-07-ui-wireframes.md` - Screen Inventory: 26 Screens ā¸žā¸Ŗāš‰ā¸­ā¸Ą Role + Priority - Navigation Map / Site Map ā¸„ā¸Ŗā¸šā¸—ā¸¸ā¸ Route - ASCII Wireframes: Login, Dashboard, Correspondence, RFA, Circulation, Admin - Design System Tokens + Interaction Patterns #### Gap 5: Stakeholder Sign-off & Risk ✅ `specs/00-Overview/00-04-stakeholder-signoff-and-risk.md` - Sign-off Process 4-Step + Digital Sign Matrix - Risk Register: 15 Risks (Impact × Probability Matrix) - Change Control Policy + Emergency Change Process #### Gap 6: KPI Baseline Data ✅ `specs/00-Overview/00-05-kpi-baseline.md` - 14 KPIs ā¸žā¸Ŗāš‰ā¸­ā¸Ą Baseline Collection Form - SQL Measurement Queries + Grafana Dashboard Specs - User Satisfaction Survey Template #### Gap 7: Migration Business Scope ✅ `specs/03-Data-and-Storage/03-06-migration-business-scope.md` - Data Scope: IN/OUT SCOPE (ā¸›ā¸ĩ 2564 → Go-Live) - Migration Tiers: Tier 1 (2K Critical) / Tier 2 (10K) / Tier 3 (8K Archive) - Excel Metadata Mapping (11 Columns → Field āšƒā¸Ģā¸Ąāšˆ) - Organization Code Lookup Table - Timeline: T-6 ā¸Ēā¸ąā¸›ā¸”ā¸˛ā¸ĢāšŒ → Go-Live → T+30 - Go/No-Go Gates 3 ā¸”āšˆā¸˛ā¸™ - Data Security: AI Isolation (ADR-018) + Token 7 ā¸§ā¸ąā¸™ + IP Whitelist #### Gap 8: Release Management Policy ✅ `specs/04-Infrastructure-OPS/04-08-release-management-policy.md` - SemVer Strategy + Git Flow (main/release/develop/hotfix) - 5 Release Gates: Code Complete → QA → Staging → Approval → Production - Quality Thresholds: TS 0 errors, â‰Ĩ80% Test Coverage, 0 Critical Vuln - Hotfix Process: P0 < 4h / P1 < 24h + Decision Tree - Rollback Policy: SLA < 30 ā¸§ā¸´ (Blue-Green) + Auto-trigger Rules - CI/CD Pipeline: 5 Stages (Quality → Security → Build → Integration → Release) - Release Checklist + Security Pre-release Requirements #### Gap 9: Training Plan ✅ `specs/00-Overview/00-06-training-plan.md` - Curriculum āšā¸šāšˆā¸‡ā¸•ā¸˛ā¸Ą Role (4 Roles) - 4-Phase Training Timeline - Hands-on Lab + Assessment Criteria #### Gap 10: Edge Cases & Business Rules ✅ `specs/01-Requirements/01-06-edge-cases-and-rules.md` - 37 Edge Cases ā¸„ā¸Ŗā¸­ā¸šā¸„ā¸Ĩā¸¸ā¸Ąā¸—ā¸¸ā¸ Module - Business Logic Guards + Error Handling Matrix ### Architecture Decision Records 🏛ī¸ - **ADR-018** (Patch 1.8.1): AI Boundary — Ollama Isolation Policy - Ollama āš„ā¸Ąāšˆā¸Ąā¸ĩ Direct DB/Storage Access - AI Output ā¸•āš‰ā¸­ā¸‡ā¸œāšˆā¸˛ā¸™ Backend Validation ā¸āšˆā¸­ā¸™ Write - Migration Bot Token: IP Whitelist + 7-day Expiry ### READMEs Updated 📄 - `README.md`: Status badge v1.8.1, UAT Ready, 10/10 Gaps table, fixed schema commands, updated Roadmap - `CONTRIBUTING.md`: Spec tree updated (new files), schema filenames corrected, category table updated - `specs/00-Overview/README.md`: Quick Links table āš€ā¸žā¸´āšˆā¸Ą Gap 4/7/8 links - `specs/01-Requirements/README.md`: Gap documents registered - `specs/03-Data-and-Storage/README.md`: Migration Scope registered - `specs/04-Infrastructure-OPS/README.md`: Release Policy registered ## 1.8.0 (2026-02-24) ### Summary **Documentation Realignment & Type Safety** - Comprehensive overhaul of the specifications structure and frontend codebase to enforce strict typing and consistency. ### Codebase Changes đŸ’ģ - **Frontend Type Safety**: Removed all `any` types from Frontend DTOs and Hooks. Implemented explicit types (`AuditLog[]`, `Record`) avoiding implicit fallbacks. - **Frontend Refactoring**: Refactored data fetching and mutations utilizing `TanStack Query` hooks aligned with real API endpoints. - **Admin Pages Fixes**: Addressed crashes on Reference Data/Categories pages by introducing robust error handling and proper generic typing on DataTables. ### Documentation 📚 - **Specification Restructuring**: Restructured the entire `specs/` directory into 7 canonical layers (`00-Overview`, `01-Requirements`, `02-Architecture`, `03-Data-and-Storage`, `04-Infrastructure-OPS`, `05-Engineering-Guidelines`, `06-Decision-Records`). - **Guidelines Synchronization**: Updated Engineering Guidelines (`05-1` to `05-4`) to reflect the latest state management (Zustand, React Hook Form) and testing strategies. - **ADR Alignment**: Audited Architecture Decision Records (ADR 1 to 16) against actual implementation (e.g., LocalStorage JWT vs HTTP-Only cookies, bcrypt salt rounds). - **Root Docs Update**: Fully updated `README.md` and `CONTRIBUTING.md` to reflect the current v1.8.0 folder structure and rules. - **Cleanups**: Consolidated standalone infrastructure specs (formerly `08-infrastructure`) into `04-Infrastructure-OPS` and cleaned up legacy scripts and blank diagrams from the repository root. ## 1.7.0 (2025-12-18) ### Summary **Schema Stabilization & Document Numbering Overhaul** - Significant schema updates to support advanced document numbering (reservations, varying reset scopes) and a unified workflow engine. ### Database Schema Changes 💾 #### Document Numbering System (V2) đŸ”ĸ - **`document_number_counters`**: - **Breaking Change**: Primary Key changed to 8-column Composite Key (`project_id`, `originator_id`, `recipient_id`, `type_id`, `sub_type_id`, `rfa_type_id`, `discipline_id`, `reset_scope`). - **New Feature**: Added `reset_scope` column to support flexible resetting (YEAR, MONTH, PROJECT, NONE). - **New Feature**: Added `version` column for Optimistic Locking. - **`document_number_reservations`** (NEW): - Implemented Two-Phase Commit pattern (Reserve -> Confirm) for document numbers. - Prevents race conditions and gaps in numbering. - **`document_number_errors`** (NEW): - Helper table for tracking numbering failures and deadlocks. - **`document_number_audit`**: - Enhanced with reservation tokens and performance metrics. #### Unified Workflow Engine 🔄 - **`workflow_definitions`**: - Updated structure to support compiled DSL and versioning. - Added `dsl` (JSON) and `compiled` (JSON) columns. - **`workflow_instances`**: - Changed ID to UUID. - Added `entity_type` and `entity_id` for polymorphic polymorphism. - **`workflow_histories`**: - Updated to link with UUID instances. #### System & Audit 🛡ī¸ - **`audit_logs`**: - Updated schema for better partitioning support (`created_at` in PK). - Standardized JSON details column. - **`notifications`**: - Updated schema to support polymorphic entity linking. #### Master Data - **`disciplines`**: - Added relation to `correspondences` and `rfas`. ### Documentation 📚 - **Data Dictionary**: Updated to v1.7.0 with full index summaries and business rules. - **Schema**: Released `lcbp3-v1.7.0-schema.sql` and `lcbp3-v1.7.0-seed.sql`. ## 1.6.0 (2025-12-13) ### Summary **Schema Refactoring Release** - Major restructuring of correspondence and RFA tables for improved data consistency. ### Database Schema Changes 💾 #### Breaking Changes ⚠ī¸ - **`correspondence_recipients`**: FK changed from `correspondence_revisions(correspondence_id)` → `correspondences(id)` - **`rfa_items`**: Column renamed `rfarev_correspondence_id` → `rfa_revision_id` #### Schema Refactoring - **`correspondences`**: Reordered columns, `discipline_id` now inline (no ALTER TABLE) - **`correspondence_revisions`**: - Renamed: `title` → `subject` - Added: `body TEXT`, `remarks TEXT`, `schema_version INT` - Added Virtual Columns: `v_ref_project_id`, `v_doc_subtype` - **`rfas`**: - Changed to Shared PK pattern (no AUTO_INCREMENT) - PK now FK to `correspondences(id)` - **`rfa_revisions`**: - Removed: `correspondence_id` (uses rfas.id instead) - Renamed: `title` → `subject` - Added: `body TEXT`, `remarks TEXT`, `due_date DATETIME`, `schema_version INT` - Added Virtual Column: `v_ref_drawing_count` ### Documentation 📚 - Updated Data Dictionary to v1.6.0 - Updated schema SQL files (`lcbp3-v1.6.0-schema.sql`, seed files) ## 1.5.1 (2025-12-10) ### Summary **Major Milestone: System Feature Complete (~95%)** - Ready for UAT and production deployment. All core modules implemented and operational. Backend and frontend fully integrated with comprehensive admin tools. ### Backend Completed ✅ #### Core Infrastructure - ✅ All 18 core modules implemented and tested - ✅ JWT Authentication with Refresh Token mechanism - ✅ RBAC 4-Level (Global, Organization, Project, Contract) using CASL - ✅ Document Numbering with Redis Redlock + Optimistic Locking - ✅ Workflow Engine (DSL-based Hybrid Engine with legacy support) - ✅ Two-Phase File Storage with ClamAV Virus Scanning - ✅ Global Audit Logging with Interceptor - ✅ Health Monitoring & Metrics endpoints #### Business Modules - ✅ **Correspondence Module** - Master-Revision pattern, Workflow integration, References - ✅ **RFA Module** - Full CRUD, Item management, Revision handling, Approval workflow - ✅ **Drawing Module** - Separated into Shop Drawing & Contract Drawing - ✅ **Transmittal Module** - Document transmittal tracking - ✅ **Circulation Module** - Circulation sheet management - ✅ **Elasticsearch Integration** - Direct indexing, Full-text search (95% complete) #### Supporting Services - ✅ **Notification System** - Email and LINE notification integration - ✅ **Master Data Management** - Consolidated service for Organizations, Projects, Disciplines, Types - ✅ **User Management** - CRUD, Assignments, Preferences, Soft Delete - ✅ **Dashboard Service** - Statistics and reporting APIs - ✅ **JSON Schema Validation** - Dynamic schema validation for documents ### Frontend Completed ✅ #### Application Structure - ✅ All 15 frontend tasks (FE-001 to FE-015) completed - ✅ Next.js 14 App Router with TypeScript - ✅ Complete UI implementation (17 component groups, 22 Shadcn/UI components) - ✅ TanStack Query for server state management - ✅ Zustand for client state management - ✅ React Hook Form + Zod for form validation - ✅ Responsive layout (Desktop & Mobile) #### End-User Modules - ✅ **Authentication UI** - Login, Token Management, Session Sync - ✅ **RBAC UI** - `` component for permission-based rendering - ✅ **Correspondence UI** - List, Create, Detail views with file uploads - ✅ **RFA UI** - List, Create, Item management - ✅ **Drawing UI** - Contract & Shop drawing lists, Upload forms - ✅ **Search UI** - Global search bar, Advanced filtering with Elasticsearch - ✅ **Dashboard** - Real-time KPI cards, Activity feed, Pending tasks - ✅ **Circulation UI** - Circulation sheet management with DataTable - ✅ **Transmittal UI** - Transmittal tracking and management #### Admin Panel (10 Routes) - ✅ **Workflow Configuration** - DSL Editor, Visual Builder, Workflow Definition management - ✅ **Document Numbering Config** - Template Editor, Token Tester, Sequence Viewer - ✅ **User Management** - CRUD, Role assignments, Preferences - ✅ **Organization Management** - Organization CRUD and hierarchy - ✅ **Project Management** - Project and contract administration - ✅ **Reference Data Management** - CRUD for Disciplines, Types, Categories (6 modules) - ✅ **Security Administration** - RBAC Matrix, Roles, Active Sessions (2 modules) - ✅ **Audit Logs** - Comprehensive audit log viewer - ✅ **System Logs** - System log monitoring - ✅ **Settings** - System configuration ### Database 💾 - ✅ Schema v1.5.1 with standardized audit columns (`created_at`, `updated_at`, `deleted_at`) - ✅ Complete seed data for all master tables - ✅ Migration scripts and patches (`patch-audit-columns.sql`) - ✅ Data Dictionary v1.5.1 documentation ### Documentation 📚 - ✅ Complete specs/ reorganization to v1.5.1 - ✅ 21 requirements documents in `specs/01-requirements/` - ✅ 17 ADRs (Architecture Decision Records) in `specs/05-decisions/` - ✅ Implementation guides for Backend & Frontend - ✅ Operations guides for critical features (Document Numbering) - ✅ Comprehensive progress reports updated - ✅ Task archiving to `specs/09-history/` (27 completed tasks) ### Bug Fixes 🐛 - 🐛 Fixed role selection bug in User Edit form (2025-12-09) - 🐛 Fixed workflow permissions - 403 error on workflow action endpoints - 🐛 Fixed TypeORM relation errors in RFA and Drawing services - 🐛 Fixed token refresh infinite loop in authentication - 🐛 Fixed database schema alignment issues (audit columns) - 🐛 Fixed "drawings.map is not a function" by handling paginated responses - 🐛 Fixed invalid refresh token error loop ### Changed 📝 - 📝 Updated progress reports to reflect ~95% backend, 100% frontend completion - 📝 Aligned all TypeORM entities with schema v1.5.1 - 📝 Enhanced data dictionary with business rules - 📝 Archived 27 completed task files to `specs/09-history/` ## 1.5.0 (2025-11-30) ### Summary Initial spec-kit structure establishment and documentation organization. ### Changed - Changed the version to 1.5.0 - Modified to Spec-kit