liderra/portal
1
0
Fork 0
Code Issues Pull Requests Actions 82 Packages Projects Releases Wiki Activity
506 Commits 104 Branches 2 Tags
b9917a90d4b5492c8fe84fc62a72594de85a3ffe
Commit Graph

261 Commits

Author SHA1 Message Date
Дмитрий e79fe95267 docs(audit): Q.DEFER.004 — Playwright+axe-core verification 2026-05-13 
Verified 3 pages with axe-core 4.10 CDN-injected via Playwright MCP:
- /deals (sub-A): 6 label violations REMAIN — Vuetify 3.12 silently drops
  aria-label на v-checkbox-btn (Task 1 source fix не propagates через rendering)
- /admin/supplier-prices (sub-B): 9 label violations REMAIN — 6× v-text-field
  с orphan aria-labelledby + 3× v-switch без aria-label на native input
- /admin/tenants (sub-C): 1 aria-tooltip-name violation confirmed как
  Vuetify-internal artifact (documented limitation, button activator OK)

Root cause: общий Vuetify-internal a11y prop forwarding gap. Source-level
Task 1 + Task 2 fixes присутствуют в коммитах d9fc3d9/c8005e0, но не имеют
user-visible effect — те же 16 residual nodes что pre-fix. Library-level
limitation, не application defect.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-13 00:48:59 +03:00
Дмитрий 484504b78f docs(audit): Q.DEFER.004 CLOSED — sub-A+B fixed, sub-C documented as Vuetify-internal known limitation 2026-05-13 00:40:04 +03:00
Дмитрий a5e99ba0e9 docs(claude-md): v1.89 — factual fix §6 + шапка v1.88 (615db99 ≠ Plan 4) 
В рамках post-audit continuation session 12.05.2026 ночь обнаружен factual
error в v1.88: коммит 615db99 в двух местах представлен как Plan 4 merge,
коммит f4ec5dc как PSR_v1 R15 removal. Оба идентификации неверны.

Verified через git log origin/main + git show <commit>:
- 615db99 = «chore(rules): remove R15 motion-runtime restrictions (PSR_v1 v2.0)» (12.05.2026 07:30) — R15 removal, НЕ Plan 4 merge
- 8681040 = «docs: Plan 4 closure — CLAUDE.md v1.87 + Открытые_вопросы v1.78» — правильный Plan 4 closure marker на origin/main
- a907fea..174dbae = backend Plan 4 task-коммиты (Tasks 9-11), merged ранее
- f4ec5dc = «fix(redesign): sidebar position:fixed + main padding-left» — Quiet Luxury sidebar hotfix на ветке plan5-frontend-projects, НЕ на origin/main, НЕ R15 removal

Правки v1.89:
1. §6 строка обновлена с правильными коммитами + явное разделение «Plan 4 closure 8681040» и «R15 removal 0fd93fd + 615db99» как разные истории
2. Шапка v1.88 changelog inline: 615db998681040 + NB-маркер про factual error
3. §9 v1.88 entry inline: то же исправление + NB
4. Bump CLAUDE.md v1.88 → v1.89 (новая шапка)
5. Новая v1.89 entry в §9 CLAUDE.md + параллельная запись в CHANGELOG
6. CHANGELOG intro обновлён: документировано что v1.84..v1.88 живут inline в §9 (CHANGELOG-обслуживание не велось 10.05.2026–12.05.2026)

Связанные документы (Pravila v1.10 / PSR_v1 v1.7 / Tooling v1.15 / реестр
v1.77 на ветке plan5-frontend-projects) НЕ требуют изменений — фикс
локален в CLAUDE.md.

Источник: post-audit continuation session, bonus-finding во время Q.DEFER.001
(memory description downgrade). Заказчик: «доделывать аудит, поправить
ошибку в CLAUDE.md». Через /claude-md-management:claude-md-improver per
CLAUDE.md §5 п.10.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-13 00:02:36 +03:00
Дмитрий 95f5f94a6b test(api): Q.DEFER.003 sub-A — 43 unit tests for api/*.ts layer 
User chose (A) api/* unit tests first (highest ROI per blocked.md). 5 new
spec files covering auth/deals/notifications/reminders/reports api modules.

- auth-api.spec.ts (13 tests): login/register/me/logout/verifyTwoFactor/
  useRecoveryCode/twoFactorInit/Confirm/Disable/RegenerateRecoveryCodes/
  forgotPassword/resetPassword/updateNotificationPreferences
- deals-api.spec.ts (12 tests): createDeal/bulkDelete/bulkRestore/update/
  transition/exportCSV/exportXLSX/getDeal/listDeals×2/listManagers/
  listProjects
- notifications-api.spec.ts (6 tests): listNotifications×3 (unreadOnly
  variants)/markRead/markAllRead/delete
- reminders-api.spec.ts (6 tests): listReminders×2/create/update/complete/
  delete
- reports-api.spec.ts (6 tests): listReportJobs×2/create/retry/cancel/delete

Approach: vi.mock('../../resources/js/api/client') replaces apiClient with
{get,post,patch,delete} mocks + ensureCsrfCookie mock. Each test verifies:
(1) correct HTTP method, (2) correct URL, (3) correct params/body
(camelCase→snake_case mapping for query params), (4) data unwrap from
wrapper objects ({user}/{deal}/{job}/{reminder}/{managers}/{projects}),
(5) ensureCsrfCookie called for mutating endpoints.

Vitest delta: 614 → 657 passed (+43 / 0 failed); 79 → 84 files (+5).
3 skipped unchanged. Q.DEFER.003 sub-B (security cards) + sub-C (router
guards) remain deferred — sub-A api/* was highest ROI per blocked.md.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-12 22:14:51 +03:00
Дмитрий 143cc458c1 fix(a11y): Q.DEFER.002 sub-B — 12 patterns fixed across 16 auth views 
Q.DEFER.002 sub-B closure: manual Pa11y audit-pass via Playwright MCP login +
axe-core CDN inject on 16 auth-required views. Found ~13 unique violation
patterns, 12 fixed, 3 deferred to Q.DEFER.004.

ROOT CAUSE found: AdminLayout `<v-navigation-drawer color="secondary"
theme="dark">` resolved to Vuetify default-dark `secondary=#54b6b2` (Teal
mid) instead of liderraForest `#012019` теало-нуар. Switching to direct hex
preserves design intent + restores white-text contrast across all 8 admin
views (~50 nodes color-contrast violations cleared).

Patterns fixed:

1. AdminLayout sidebar palette (8 admin views):
   - color="secondary" → color="#012019" (root cause)
   - .brand-sub red #b94837 → #e06155 (3.41 → 5.08)
   - .nav-count gray #7a8c87 → #8a9c95 (4.26 → 5.34)
   - <v-list nav> + role="navigation" + aria-label (aria-required-children
     fix: <v-list role=list> had [role=link] children — undefined для list)

2. DashboardBalance .runway-bar — role="img" (aria-prohibited-attr fix)

3. DashboardKpiRow .delta-up — #2e8b57 → #1b6e3b (4.27 → 6.25)

4. TransactionsTable .tx-amount-up — #2e8b57 → #1b6e3b (same fix)

5. RemindersList .empty-hint — #9a9690 → #6b6356 (2.98 → 5.74; +liderra-muted alignment)

6. KanbanView .kanban-board — tabindex="0" role="region" aria-label
   (scrollable-region-focusable fix)

7. ProjectCard:
   - .v-progress-linear + :aria-label="Прогресс дневной нормы: N%"
   - icon menu :aria-label="Меню действий проекта «...»"
   - bulk-select .card-check input :aria-label="Выбрать проект «...»"

8. useStatusPill in_progress #3F7C95 → #2A5A6E (4.07 → 6.11);
   useStatusPill.spec.ts sync

9. ProjectsView toolbar select-all input aria-label

10. AdminTenants impersonate v-btn aria-label

11. Global app.css:
    `.v-messages, .v-field-label { --v-medium-emphasis-opacity: 0.7; }`
    Vuetify default ~0.52 → rendered #7a7a7a/#767471 fails 4.20-4.29:1;
    0.7 → rendered ≈#595959 → 7.9:1+ passes WCAG AA.

Re-verified post-fix via axe-core on all affected views: all clean except
DEV-only `.dev-index-num` chip (tree-shaked в prod, not a real violation).

Vitest verified post-fix: 79 files / 614 passed / 3 skipped / 0 failed
(baseline preserved).

3 patterns deferred to Q.DEFER.004:
- DealsTable VDataTable show-select bulk-checkboxes (6 nodes) — Vuetify
  slot rewrite needed
- AdminSupplierPrices 9 form inputs — v-text-field/v-switch label props
- Vuetify v-tooltip eager-mount aria-tooltip-name — library-level cosmetic

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-12 22:09:48 +03:00
Дмитрий 420dd26c08 docs(audit): Q.INFO.001 CLOSED — Semgrep CI already exists (audit miss) 
User chose variant (B) Semgrep в CI for Q.INFO.001. Investigation shows
.github/workflows/sast.yml already exists from PR #25 commit 53fb1ec
(10.05.2026, 2 days before audit) with better-than-minimal config:
- semgrep/semgrep-action@v1
- configs p/php + p/javascript + p/typescript + p/secrets
- triggers push/PR на main with path-filters app/app, app/resources/js, app/database/migrations
- SARIF upload to GitHub Security tab via github/codeql-action/upload-sarif@v3

Audit Phase 4 Subagent G missed this — searched only for local `npx semgrep`
CLI without checking existing CI workflows. Tagged as audit-gap finding for
future Phase 4 improvement (check `.github/workflows/` first).

No new code required. +SARIF added to cspell-words.txt.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-12 21:43:10 +03:00
Дмитрий 02d3506803 docs(audit): close 5 Q-items per post-audit user decisions 
Batch closure following Q-tree resolution session 12.05.2026 ночь:

- Q.HARD.001 (admin role-guard) → (A) Через Б-1: documented MVP defer, no code change. router/index.ts:128 TODO + routes/web.php /api/admin/* comments preserved.
- Q.INFO.002 (schema metric drift) → (B) double split confirmed: CLAUDE.md v1.88 §0/§2/§6/§8 already contain baseline (62/12/117/39/5/13/5) + dev-actual (75/102/289/39/5/19/0).
- Q.HARD.002 (pgFormatter swap) → План Б Не трогать: 6284-line cosmetic diff noise unacceptable, manual style preserved.
- Q.PRODUCT.002 (mock-data prod bundle) → (B) prod-fallback: ~7kB gzip mockDeals+mockAdmin remain in bundle until real API integration (Plan 6+).
- Q.DEFER.001 (memory description stale) → (A) downgrade to fact: 5 memory description edits — MEMORY.md (5 lines) + 4 file frontmatters describe plan5-frontend-projects state (PSR v1.7 / Pravila v1.10 / Tooling v1.15 / реестр v1.77 / schema v8.20 / CLAUDE.md v1.88) с notice про origin/main 615db99 divergence (R15 removal: v2.0/v1.11/v1.16 pending merge into plan5).

Bonus finding flagged separately: CLAUDE.md §6 contains factual error — claims 615db99 = Plan 4 merge post-f4ec5dc R15 removal. Actually 615db99 IS R15 removal commit; f4ec5dc is sidebar position:fixed hotfix. Plan 4 commits merged earlier. Fix via /claude-md-management:claude-md-improver in follow-up.

Remaining 3 open Q-items require implementation work next: Q.INFO.001 (Semgrep CI workflow), Q.DEFER.002 sub-B (16 auth-views manual Pa11y), Q.DEFER.003 (A) (~30 api/*.ts unit tests).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-12 21:40:48 +03:00
Дмитрий ac73c88371 docs(audit): record R4-R5 manualChunks experiment + revert (Phase 12) 
После Phase 12 P3 finding R4-R5 (vendor chunk renaming) — попытался применить
`build.rollupOptions.output.manualChunks` в vite.config.js. Vite 8 использует
Rolldown который требует function-form (object-form ломает с
"manualChunks is not a function"). Под function-form Rolldown засосал
все consumers stores в pinia chunk через transitively-import резолюцию:

- Pinia chunk implicit ~5kB → explicit 127kB raw / 50kB gzip
- Total critical-path payload +50 kB gzip vs baseline (net negative)
- Vite auto-split работает better для этого app shape

Reverted to baseline. "VBtn 184 kB" — naming artefact (auto-named первый
Vuetify consumer'ом), не actual perf-issue. R4-R5 closed без code fix —
informational only.

3 гипотезы про cause Pinia blow-up:
- H1 stores transitively-pulled через pinia API import
- H2 cycles vue-core↔pinia в Rolldown greedy chunking
- H3 return null в function manualChunks ломает auto-split fallback

Detailed reverification recommended next session если решим повторить
с `output.preserveModules` или per-store individual manualChunks rules.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-12 21:19:24 +03:00
Дмитрий 15e1c6d34f docs(audit): Phase 12+13 extra — bundle analyzer + Vitest coverage 
После «продолжай всё» — два informational прохода:

**Phase 12 (Bundle analyzer):**
- BUILD_ANALYZE=1 npm run build:analyze → bundle-analyze.html (547 KB)
- Top-15 chunks: VBtn 184kB raw (mislabeled — Vue+Vuetify core), KanbanView 182kB
- 5 recommendations R1-R5: code-split vuedraggable, lazy DealDetailDrawer
- BLOCKED Q.PRODUCT.002: mock-data dev-only vs prod-fallback?

**Phase 13 (Vitest coverage):**
- 79 test files, 614 passed / 3 skipped, 59.55s
- Totals: Stmts 75% / Branch 75% / Funcs 67% / Lines 77%
- 0% api/* layer — cheap ROI (30 unit-тестов поднимут Funcs до 80%)
- 28% security cards, 33% router (guards integration tests missing)
- BLOCKED Q.DEFER.003: coverage debt sprint planning

+мокают в cspell-words.txt.

Phase 12+13 — informational only, не closures P0/P1.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-12 21:16:47 +03:00
Дмитрий b27259e7c5 docs(audit): Q.DEFER.002 marked CLOSED (3/3 contrast fixes applied) 
После follow-up прохода — обе a11y contrast violations исправлены:
- ErrorView support-link (fff2dff) — 2.77 → ~12:1
- ForgotPasswordView info-alert (5cebe24) — 4.18 → ~7.5:1

Final Pa11y baseline на guest URLs: 4/4 No issues found.

Остаётся auth-views coverage (16 views) — требует session cookie
в Pa11y, defer next session.

+неверифицированы в cspell-words.txt.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-12 20:59:01 +03:00
Дмитрий ebebfacab4 docs(audit): Phase 10+11 extra — Pa11y live URLs + TODO sweep 
После заказчик'ого «продолжай ещё тут» — два extra прохода вне scope Phase 5/6:

**Phase 10 (Pa11y on live URLs):**
Phase 5 audit запускал Pa11y только на handoff concepts (`liderra_v8_handoff/concepts/v8_*.html`)
из-за конфига `pa11y.config.json`. Live портал не был проверен. Phase 10
закрывает gap на guest URLs:
- /login → 0 issues
- /register → 0 issues
- /forgot → 2 errors WCAG2AA G18 contrast 4.18:1 < 4.5:1 на v-alert rate-limit
- /404 (catch-all) → 1 error WCAG2AA G18 contrast 2.77:1 < 4.5:1 на text-primary link

Auth-required views НЕ verified — требуют session cookie injection в Pa11y CLI.
Q.DEFER.002 в blocked.md с 4 options для следующей сессии.

**Phase 11 (TODO/FIXME sweep):**
Grep `\b(TODO|FIXME|XXX|HACK)\b` over app/**/*.{php,vue,ts}:
- 19 matches in 15 files.
- 6× MVP-defer Б-1 (admin role-guard, saas-admin auth — cross-link Q.HARD.001).
- 8× feature-defer (DashboardView mock data, region_mask decode Plan 6, и т.д.).
- 1× production-readiness (ProcessWebhookJob Sentry::captureException).
- 3× test-infra known квирк 54 (Vuetify teleport в JSDOM).
- 1× false-positive (TwoFactorSetupTest 'totp_secret' string literal).

Все documented in code — tracked work, не surprise.

cspell-words.txt: +Категоризация, +квирки (для audit-docs prose).

Не закрывают P0/P1. Phase 10/11 — informational только.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-12 20:47:43 +03:00
Дмитрий 1da23b8253 chore(audit): finalize 2026-05-12 portal full audit 
Полный аудит портала проведён в ночь 12.05.2026 на ветке plan5-frontend-projects.
9 phase'ов, 393 findings, 8 fix-commits, 4 BLOCKED-вопроса.

Артефакты:
- docs/superpowers/plans/2026-05-12-portal-full-audit.md — план
- docs/superpowers/audits/*-findings.md — все findings file:line + severity
- docs/superpowers/audits/*-blocked.md — 4 вопроса заказчику
- docs/superpowers/audits/*-report.md — summary с метриками до/после
- audit-screens/views/ — 24 UI smoke screenshots (Playwright)
- audit-screens/legacy/ — 32 untracked PNG из workdir
- app/database/seeders/DemoSeeder.php — idempotent seed
- .gitleaks.toml — allowlist для seeders/audit-docs (демо-фикстуры)
- cspell-words.txt — +12 audit-cited mixed-script artifacts

Метрики (Phase 1+2 baseline → Phase 9 final, все commits 3a8229a..57f0b8e):
- Histoire build BROKEN → 35 stories / 63 variants 
- ESLint 17 → 0 
- vue-tsc 9 → 0 
- Prettier 48 → 0 
- markdownlint 165 → 1 (untracked design.md) 
- cspell 103 → 18 → 0 (after audit-cited words added) 
- Vitest 614 → 614 (0 regression) 
- Pest --parallel 739/0/3 → 739/0/3 
- Vite build 1.80s 0 warnings → 1.72s 0 warnings 
- gitleaks 0 leaks (340 commits) 

🟢 GREEN.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-12 20:37:51 +03:00
Дмитрий b5849bbd2a fix(projects): cyrillic ILIKE via PG ICU + clearable workaround 
Корень: dev-БД `liderra` создавалась с LC_CTYPE=C — lower()/upper() не
делает case-folding для кириллицы, `ILIKE '%сп%'` на «Окна СПб» = 0 строк.
Test-БД с Russian_Russia.1251 маскировала проблему.

Системный fix: dev-БД пересоздана через `LOCALE_PROVIDER icu ICU_LOCALE 'und'`
(PG 16+ ICU collation, кросс-платформенно). Точечный COLLATE-workaround не
понадобился — все 5 ILIKE-endpoint'ов теперь работают с кириллицей без
правки кода. CTO-20 закрыт в реестре v1.81; команда CREATE DATABASE с ICU
зафиксирована для prod-deploy.

Сопутствующее:
- ProjectsView clearable: workaround `::after content '✕'` + видимость
  через `.v-field--dirty` (mdi-* font не подключён в проекте — CTO-19
  заведён в реестре).
- LookupsTest: удалён stale case `GET /api/projects?tenant_id=N`,
  заменённый auth:sanctum-роутом в Plan 5.
- Pest +1 регрессионный тест (`search is case-insensitive for Cyrillic`)
  в ProjectsListShowTest, 10/10 / 37 assertions.
- phpstan-baseline регенерирован (3 actingAs + удалённый case).
- cspell-words: +Регистронезависимый, +und.
- app/.backups/ в gitignore.

Verify:
- Pest --parallel: 742 passed / 1 flaky error (CsvReconcileJobTest cache
  race, в изоляции 2/2 PASS) / 3 skipped.
- Browser: «сп» и «окн» возвращают «Окна СПб».

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-12 19:25:25 +03:00
Дмитрий 4ee718e668 docs(quiet-luxury): disclose ProjectCard template change bundled in 3fc90f1 
Final code reviewer correctly identified that impl-commit 3fc90f1 included
not only the CSS work but also a template change <v-checkbox> →
<label><input><span> on ProjectCard.vue.

Root cause (Task 0 forensics): session-start git status showed
`M app/resources/js/components/projects/ProjectCard.vue` — pre-existing
uncommitted modifications from prior session/work. When the session Read
the file at start, it saw the working-dir version (already with native
<label><input>), not the branch-HEAD 88a13e2 version (with <v-checkbox>).
Stage+commit in 3fc90f1 thus bundled both changes.

The template change is architecturally required for the new CSS to work —
<v-checkbox> renders Vuetify-internal <input> without a sibling <span>,
which is what the scoped :checked + .card-check__box::after selector
needs. The baseline-fix commit 84530d5 was also prepared for the native
input selector, consistent with this template structure.

Updating spec §2 architecture to reflect this honestly rather than leave
a stale «Template / script нетронуты» statement that conflicts with the
diff in main.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-12 18:14:58 +03:00
Дмитрий ab47ad250b docs(quiet-luxury): apply reviewer findings on opacity cascade + error state 
Task 2 code-quality review (subagent verdict: Ready to merge? No) found
two critical correctness bugs in the original CSS template from spec §3.2:

1. Vuetify's outlined variant collapses sub-element opacity through
   --v-field-border-opacity (= 0.38 at idle). Without explicit opacity:1
   on each override block, --liderra-line (alpha 0.08) effective alpha
   becomes 0.03 → border essentially invisible on ivory backgrounds.

2. Overriding border-color with an explicit value breaks the
   currentColor inheritance Vuetify uses for the error state
   (color: rgb(var(--v-theme-error)) on .v-field--error.v-field__outline).
   Without an explicit error rule that restores currentColor, the red
   error border never appears on any of the 5 validated fields.

Also tightened hover from .ld-input-quiet:hover (which is on the .v-input
root, including hint/error message area) to .v-field:hover inside
:deep() — matches Vuetify's own hover scope and avoids triggering on
helper text hover.

Spec §3.2 and plan Task 2.2 updated to the corrected CSS block with
explicit «almost-trap-avoidance» notes documenting why each adjustment
is needed.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-12 17:52:29 +03:00
Дмитрий b2a5a6e18a docs(quiet-luxury): rescope #896 to 5 v-text-fields after vuetify-defaults finding 
Task 0 (pre-flight) обнаружил global Vuetify default в plugins/vuetify.ts:50-54
который уже устанавливает variant=outlined density=comfortable color=primary
для всех VTextField. Изначальная гипотеза spec §1.2 «variant=filled по
умолчанию» была неверна — все 5 v-text-field в NewProjectDialog.vue выглядят
одинаково тёмными (Vuetify default border ≈ 60% on-surface), а не «один
filled среди других».

Заказчик принял расширение области: применить .ld-input-quiet ко всем 5
v-text-field (lines 21, 30, 48, 59, 61), убрать неработоспособные явные
props (variant/density/color/rounded — они уже из global default), и
вынести border-radius в :deep(.v-field) override через --radius-8.

Также Task 0 нашёл pre-existing failing test в ProjectCard.spec.ts:43
(change-trigger на <label> вместо <input> внутри); это будет починено
отдельным atomic-коммитом перед Task 1.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-12 17:35:50 +03:00
Дмитрий 50816403bb docs(quiet-luxury): implementation plan for #1440 + #896 redesign 
7-task plan (pre-flight + 2 implementation tasks + 3 verification tasks + commit/push)
с TDD-стилем bite-sized шагов: baseline Vitest → CSS-only правка ProjectCard
→ template+style правка NewProjectDialog → full regression → manual smoke →
lefthook + commit + push. Includes verification-before-completion checklist
и rollback план.

Spec ref: docs/superpowers/specs/2026-05-12-quiet-luxury-elements-1440-896-design.md

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-12 16:34:49 +03:00
Дмитрий 7d86971e9d docs(quiet-luxury): design spec for elements #1440 + #896 redesign 
Spec по узкому Quiet Luxury редизайну двух конкретных элементов из
Dev Element Indices: card-check__box в ProjectCard и v-text-field
«Название проекта» в NewProjectDialog. Подход — CSS / prop правки
под существующие tokens.css, без новых primitives.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-12 16:21:23 +03:00
Дмитрий 4e27db63a3 plan(projects-bulk): implementation plan — 15 tasks TDD 2026-05-12 14:29:35 +03:00
Дмитрий 1d6d1f2671 docs(spec): projects bulk actions — design 2026-05-12 14:23:37 +03:00
Дмитрий 611506faa1 docs(plans): impl plan — dev element indices (10 tasks, TDD-bite-sized) 
10 задач с TDD-разбиением: types + manifest IO → signature → Vite plugin core
→ vite.config wiring → JSON Schema → useDevIndices composable → DevIndexOverlay
(hover/click/Esc + App.vue mount) → overlay Alt-keys + Alt+Shift+I toggle → CLI
'npm run dx <id>' → end-to-end smoke. Каждая задача self-contained, кончается
commit'ом.

App.vue mount через defineAsyncComponent + import.meta.env.DEV для надёжного
tree-shake в production. Spec coverage table в конце плана.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-12 11:31:52 +03:00
Дмитрий f90ddb09c1 docs(specs): design — dev element indices (per-element data-dx + manifest) 
Утверждённый дизайн: Vite plugin инжектирует data-dx на каждый element
+ persistent dev-indices.json (commit'ится) + DevIndexOverlay
(hover/Alt-keys/Alt+Shift+I toggle/click-to-copy).

Cтабильность через structural signature (file + ancestor chain + tag +
static attrs + text snippet), tombstones для удалённых ID, escape-hatch
через data-dev-name на важных местах. Production: tree-shake'ится через
import.meta.env.DEV.

+3 слова в cspell-words.txt (реордере/реорден/hmr).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-12 11:22:30 +03:00
Дмитрий 43250b6773 docs(specs): I2 backlog +5 final-review findings (token leaks + naming + stagger) 2026-05-12 10:33:53 +03:00
Дмитрий 3ce52fc52f docs(specs): Task 18 — portal redesign Iteration 1 acceptance + I2 backlog 
Iteration 1 verification sweep (commits 38b985a..e266927):
- Vitest 579 passed / 3 skipped / 0 failed (full suite green)
- ESLint debt 15 errors — all in pre-existing Plan 5 files
  (NewProjectDialog/ProjectsView/projectsStore .spec.ts), 0 touched by redesign
- Type-check errors — all in pre-existing Plan 5 files
  (EditProjectDialog.vue, ProjectsView.vue, NewProjectDialog.spec.ts), 0 touched by redesign
- Histoire build — 4 new stories (StatusPill, Kbd, FilterChip, DensityToggle)
  discovered; build fails on pre-existing BulkActionsBar.story.vue Pinia issue

Acceptance §13 checklist (10 items): 8  / 1  / 1 N/A
- 12 CSS tokens , Inter+JetBrains Mono tnum , AppLayout shell 
- StatusPill in Deals  but  NOT integrated in KanbanCard/DashboardView
- 7 motion patterns + prefers-reduced-motion , Density localStorage 
- Vitest unit tests , Histoire stories 
- Pa11y SPA + Lighthouse N/A (skipped per I1 scope)

§15 new section captures 9 Iteration-2 backlog items: slug reconciliation,
sidebar drawer regression, filter chip stubs, status-legend strip,
KanbanCard hover overlap, sidebar marker regex tightening,
prefers-reduced-motion test for ld-marker-grow, Pa11y SPA config, Lighthouse run.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-12 10:31:14 +03:00
Дмитрий 38b985a473 docs(plans): portal redesign — Quiet Luxury Iteration 1 — 18-task TDD decomposition 
Tasks 1-3 CSS foundation (tokens/typography/motion). Task 4 Vuetify theme + global defaults. Tasks 5-7 composables (useStatusPill/useCountUp/useDensity). Tasks 8-11 UI components (StatusPill/Kbd/FilterChip/DensityToggle) + Histoire stories. Task 12 AppSidebar redesign (двухтоновый shell + Cmd-K stub + active marker motion #7). Task 13 page transition wiring (motion #6). Tasks 14-17 view applications (Dashboard count-up #1, Deals filterbar + stagger #2 + hover lift #4, Kanban hover lift, Projects tokens). Task 18 acceptance verification + Pa11y CI sweep.

Self-review: spec coverage complete (all 7 motion patterns wired; stagger #2 added в Task 3 utility + Task 15 application). 0 placeholders. Type consistency across composables verified.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-12 09:09:58 +03:00
Дмитрий 17e07fbe69 docs(specs): portal redesign — Quiet Luxury (Forest extended) design 
Approved through superpowers:brainstorming. Direction A (Quiet Luxury) + двухтоновый Pro Console sidebar + 7 motion patterns (count-up, stagger, pill-morph, hover-lift, skeleton, page-transition, sidebar-marker). Forest palette extended до 12 токенов. Inter + JetBrains Mono с tnum. 44px row default + 36px compact toggle. 14 status-pills (точные slugs из db/schema.sql). prefers-reduced-motion обязательный wrapper. Iteration 1 scope: tokens + typography + shell + components defaults + 4 ключевых view (Dashboard, Deals, Kanban, Projects).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-12 08:57:42 +03:00
Дмитрий 615db99547 chore(rules): remove R15 motion-runtime restrictions (PSR_v1 v2.0) 
Conscious rollback of v1.83 audited construction per user decision
12.05.2026. R15 PSR_v1 section deleted entirely; framer-motion remains
technical block (React-only peerDep), no longer regulatory rule.

Affected:
- PSR_v1 v1.7 -> v2.0 (R15, R0.6 p.11, R8 motion, R11.6, R13 motion rows
  removed; finale + properties reformulated)
- CLAUDE.md v1.87 -> v1.88 (#5 p.12 -> marker; #2 motion stack -> guidance)
- Tooling v1.15 -> v1.16 (#9.2 reformulated; framer-motion + react-spring
  marked as technical block, not regulatory)
- Pravila v1.10 -> v1.11 (#11.5/#13.2 counts updated; #13.9/#13.10 cross-ref
  bumps; #13.10 NOT deleted - it governs R14 UPM/21st pipeline, not R15)
- CHANGELOG_claude_md.md - v1.88 entry

Brainstormed via superpowers:brainstorming. Planned via
superpowers:writing-plans. Executed via superpowers:executing-plans +
/claude-md-management:claude-md-improver + manual Edit.

Spec: docs/superpowers/specs/2026-05-12-remove-r15-motion-restrictions-design.md
Plan: docs/superpowers/plans/2026-05-12-remove-r15-motion-restrictions.md

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-12 07:30:57 +03:00
Дмитрий 0fd93fd686 docs(spec+plan): R15 motion-runtime removal — design + impl plan 
Brainstormed via superpowers:brainstorming. User decision 12.05.2026:
remove R15 PSR_v1 section entirely (variant B). Conscious rollback of
audited construction from v1.83 (10.05.2026).

Spec: docs/superpowers/specs/2026-05-12-remove-r15-motion-restrictions-design.md
Plan: docs/superpowers/plans/2026-05-12-remove-r15-motion-restrictions.md

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-12 07:17:19 +03:00
Дмитрий 32135e62d2 docs(spec): roadmap post-Plan 5 birdseye до production launch 
Линейная лента Sprint 5 → 6 → 7 → 8 → 9 → soft-launch → public launch.
Учитывает закрытые Sprint 0/Sprint 4 и supplier-линию Plans 1-5.
Birdseye-обзор поверх roadmap-to-production-design.md v1.0.
 2026-05-11 19:05:31 +03:00
Дмитрий 51019c5aee docs(plan5): rectify region_mode values 'all'/'whitelist'/'blacklist' → 'include'/'exclude' 
Schema CHECK constraint on projects.region_mode accepts только 'include'/'exclude'.
Spec/plan изначально использовали 'all'/'whitelist'/'blacklist' (semantic naming),
что не соответствует БД-схеме. При имплементации Task 3 implementer выбрал
'include'/'exclude' (match schema = source of truth). Propagate-fix:

- plan (2 PHP Rule::in + ~10 payload mentions + 4 TS form defaults)
- spec (§4.2 описание, 3 JSON API examples, §6.4 текст, §7.1 StoreProjectRequest)

Чтобы Task 5+ (UpdateProjectRequest, frontend tasks 7-11) не повторили
плановую ошибку.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-11 18:40:41 +03:00
Дмитрий 48f27b41e5 docs(plans): Plan 5 (Frontend Projects UI + Backend CRUD) — 12 Tasks TDD decomposition 
12 vertical-slice tasks по spec'у 1ca4378: schema delta v8.20 (archived_at),
backend ProjectController CRUD (index/show/store/update/destroy/sync/toggle/bulk),
SyncSupplierProjectJob + 3 FormRequest + ProjectService, frontend ProjectsView
с карточками+прогресс-баром, NewProjectDialog с 3 табами (Site/Call/SMS),
EditProjectDialog wrapper, BulkActionsBar, polling integration через
setTimeout-recursion + exponential backoff.

Через superpowers:writing-plans skill. Self-review: spec coverage 22/22 AC,
2 явно отмеченных TODO (regions data + region_mask 32-bit лимит → OPEN-Plan5-04),
type consistency проверена.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-11 17:18:36 +03:00
Дмитрий 1ca4378d14 docs(specs): Plan 5 (Frontend Projects UI + Backend CRUD) implementation design 
Spec для full-stack плана: backend CRUD на projects (POST/PATCH/DELETE/sync/bulk),
frontend ProjectsView с карточками+прогресс-баром, NewProjectDialog с 3 табами
(Site/Call/SMS), polling sync-статуса через setTimeout-recursion + backoff,
schema delta v8.19→v8.20 (projects.archived_at).

Через superpowers:brainstorming skill. 11-13 task'ов по vertical-slice TDD
(паттерн Plan 4). Self-review прошёл — 4 inline-фиксы внесены.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-11 17:04:07 +03:00
Дмитрий 8681040479 docs: Plan 4 closure — CLAUDE.md v1.87 + Открытые_вопросы v1.78 
CLAUDE.md v1.86 → v1.87:
- §0 Источник истины row «Схема БД»: schema v8.11 → v8.19, 56 → 62 базовых
  таблиц, 97 → 117 индексов, 38 → 39 RLS-политик.
- §2 Стек строка БД: 4 → 5 ролей БД (+crm_supplier_worker BYPASSRLS из Plan 3
  для sharing-flow + Plan 4 ResetMonthlyCountersCommand + CsvReconcileJob).
- §6 Текущая фаза: +Plan 4 closure block (15 коммитов на plan4-billing,
  Pest 687/684+3/0, Vitest 49/428, Histoire 24/31, lychee 0, gitleaks 0).
- §8 Self-review триггеры: метрики обновлены до v8.19 = 62/12/117/39/5/13.
- §9 История версий: +v1.87 entry с накопленным drift'ом от Plans 1+2+3+4.

Через /claude-md-management:revise-claude-md (project rule §5 п.10).

Открытые_вопросы v1.77 → v1.78:
- +Раздел 13 «Plan 4 — 7 новых открытых вопросов» (Биз-25..31).
- Биз-25 P1: дефолтные tier-цены (placeholder в PricingTierSeeder).
- Биз-26 P2: rate-limit 1/час/tenant ZeroBalancePausedMail.
- Биз-27 P2: tenant видит ВСЕ ступени (transparent).
- Биз-28 P1: CSV-схема discovery (BLOCKED Plan 3 Tasks 1-2).
- Биз-29 P3: CSV window 25h.
- Биз-30 P3: Drift threshold 5%.
- Биз-31 P2: pricing-tier повышение цены — единая логика effective 1-е след. мес.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-11 15:34:44 +03:00
Дмитрий fded2ee392 chore(lychee): Plan 4 plan-file fix 4 broken paths 
Plan-файл лежит в docs/superpowers/plans/, поэтому относительный путь
../../docs/Открытые_вопросы_v8_3.md резолвится в docs/docs/... (двойной docs).
Корректный путь — ../../Открытые_вопросы_v8_3.md (мы уже в docs/).

+ escape line 4536 (placeholder `(path)` в example-template) как code block,
чтобы lychee не трактовал как реальную ссылку.

CV gate Step 1: lychee 298/228 OK/0 Errors/70 Excluded.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-11 11:59:35 +03:00
Дмитрий 0802f7cf4c docs(plans): Plan 4 (Billing + CSV Reconcile + Admin) — 12 Tasks TDD decomposition 
writing-plans skill output для Plan 4 spec (commit 901cf98). 12 атомарных
Task'ов в 3 фазах:

Фаза I — Billing core (Tasks 1-4):
  1. Schema delta v8.18 → v8.19 (+1 таблица supplier_csv_reconcile_log,
     +3 колонки, +3 индекса, +2 CHECK) + Eloquent fillable/casts +
     PricingTierSeeder с 7 дефолтными ступенями.
  2. PricingTierResolver (pure resolver) + PricingTierRepository (DB-обёртка
     для активной сетки) с 7 + 4 тестами.
  3. LedgerService::chargeForDelivery — dual-balance (prepaid-first + bcmath
     rub) + lead_charges/balance_transactions/supplier_lead_costs INSERT с
     6 integration тестами.
  4. Integration LedgerService в RouteSupplierLeadJob с 4 E2E sharing-flow
     тестами + retry-idempotency.

Фаза II — Operations (Tasks 5-8):
  5. ResetMonthlyCountersCommand + Schedule monthlyOn(1, '00:00') Europe/Moscow
     через pgsql_supplier BYPASSRLS, 4 теста.
  6. Auto-pause flow + ZeroBalancePausedMail + 1/час/tenant rate-limit через
     Redis SETNX, 5 sharing-isolation тестов.
  7. SupplierCsvParser (streaming generator) + SupplierPortalClient::downloadLeadsCsv
     с 5 + 3 unit/Http::fake тестами.
  8. CsvReconcileJob (hourly + 25h окно + drift > 5% email) + CsvDriftAlertMail
     + Schedule entry с 6 integration тестами.

Фаза III — UI (Tasks 9-12):
  9. AdminPricingTiersController + AdminPricingTiersView (7-tier CRUD + audit)
     + 4 Histoire variants + 5 Vitest тестов.
  10. AdminSuppliersController + AdminSupplierPricesView (B1/B2/B3 cost editor)
      + 2 Histoire + 3 Vitest.
  11. TenantChargesController + ChargesTab в BillingView + CSV export через
      StreamedResponse + 3 Histoire + 4 Vitest.
  12. Verification gate (14-step CV) + 7 новых Биз-вопросов в реестр +
      CLAUDE.md/memory bumps + FF-merge.

Каждый Task имеет TDD-цикл (failing test → run FAIL → impl → run PASS →
pint + stan + parallel pest → commit) с exact commands и полным кодом
(нет placeholders). Self-review против spec — все 7 разделов покрыты.

+1 термин в cspell-words.txt (bcmath) для прохождения lefthook cspell stage.

Inherits from: Plan 1+2+2.5+2.6+3 (HEAD origin/main = 901cf98 spec).
Parent spec: docs/superpowers/specs/2026-05-11-plan4-billing-csv-admin-design.md

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-11 08:10:51 +03:00
Дмитрий 901cf98281 docs(specs): Plan 4 (Billing + CSV Reconcile + Admin) implementation design 
Brainstorming output для Plan 4: активация ступенчатого биллинга
(pricing_tiers/lead_charges никем не читались/писались), резервный CSV-канал
приёма лидов из портала поставщика, Admin UI (pricing-tiers editor +
supplier-prices editor + tenant ChargesTab).

9 разделов: контекст + 8 бизнес-инвариантов + 9 out-of-scope; schema delta
v8.18 → v8.19 (+1 таблица supplier_csv_reconcile_log, +3 колонки
tenants.delivered_in_month/lead_charges.charge_source/supplier_leads.recovered_from_csv_at,
+3 индекса, +2 CHECK); billing flow в RouteSupplierLeadJob (3 новых сервиса
PricingTierResolver/LedgerService/InsufficientBalanceException + dual-balance
prepaid-first логика + bcmath денежная арифметика); monthly reset
(ResetMonthlyCountersCommand + Schedule monthlyOn(1,'00:00') Europe/Moscow);
auto-pause flow (project.is_active=false + email с rate-limit 1/час/tenant);
CSV reconcile (расширение SupplierPortalClient + SupplierCsvParser +
CsvReconcileJob hourly + drift > 5% → email); Admin UI (2 SaaS-admin
view + 1 tab в существующем BillingView); тестовая стратегия (+71 теста)
и 10 AC; ограничения (6 неверифицированных).

Закрывает TODO «Биллинг per Plan 4» в RouteSupplierLeadJob.php:48.
Inherits from Plans 1+2+2.5+2.6+3 (HEAD origin/main = 926fee9).

Self-review applied 5 fixes inline: AC ссылки §3.5 → §7.1; auto-pause UPDATE
через pgsql_supplier BYPASSRLS connection; supplier_id source для
supplier_lead_costs INSERT; bccomp(bcmul()) вместо PHP float compare;
GRANT-policy в db/02_grants.sql, не schema.sql.

7 открытых вопросов с дефолтами в §7.6 для последующего ввода в реестр.

+5 терминов в cspell-words.txt (декрементится / Инкрементится / Подписочный
/ bcdiv / TRUNC) для прохождения lefthook cspell stage.

Парный план (writing-plans output) будет в docs/superpowers/plans/ отдельным
коммитом после согласования spec'а.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-11 07:56:22 +03:00
Дмитрий 989256b034 docs(plans): Plan 3 (Supplier Sync) implementation plan — 9 Tasks TDD decomposition 
Полный TDD-план для реализации parent design 2026-05-11-plan3-supplier-sync-design.md
(commit 1a265b5). 9 Tasks в 2 фазах:

Фаза I — Discovery (Tasks 1-2):
- Task 1: 5 HTTP-фиксаций через mcp__playwright__browser_* (с явным локальным
  снятием Pravila §6 на discovery-сессию + credentials в app/.env)
- Task 2: spec v1.0 → v1.1 (§4.4 observed AJAX formats)

Фаза II — Implementation (Tasks 3-9):
- Task 3: switch supplier-flow на pgsql_supplier BYPASSRLS (закрывает
  BLOCKER #6 + WARN #2/#3 одной правкой) + 4 regression tests
- Task 4: SupplierPortalClient + 3 Exceptions + DTO + 9 unit tests через Http::fake
- Task 5: PlaywrightBridge (Node subprocess) + RefreshSupplierSessionJob +
  Redis 6h TTL + 5 unit tests
- Task 6: SupplierQuotaAllocator (pure function) + SyncSupplierProjectsJob +
  SupplierCriticalAlertMail + 16 tests (9 allocator + 7 sync)
- Task 7: CleanupInactiveSupplierProjectsJob Phase A→B→C ordering safety +
  6 integration tests (включая критический ordering test)
- Task 8: RetryFailedSupplierJobsCommand + 5 Schedule entries +
  4 integration tests
- Task 9: E2E mock-server test (react/http + react/socket, Linux CI only) +
  lefthook pest-supplier-fast pre-commit job

Total ~50-60 новых тестов. 0 schema changes. Метрики приёма: Pest >=608 PASS,
Larastan 0 errors above baseline, gitleaks 0 leaks.

Self-review встроен: spec coverage 10/10, 0 placeholder violations, type
consistency verified across 9 Tasks (DTO/Exceptions/Client methods/connection
name/cache keys/role refs).

+HAR в cspell-words.txt (HTTP Archive format — для Task 1 discovery терминологии).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-11 00:41:04 +03:00
Дмитрий b53ee28cf2 docs: brain bootstrap discovery results (Phase 0 of brain extraction) 
Captures pre-bootstrap verification: Claude CLI commands availability,
prerequisites (jq/python/git/gitleaks), jq deep-merge behavior, secret
rotation status (DEFERRED), ~/.claude/backups/ leak scope.

Required reading before Phase 1 (brain repo skeleton creation).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-11 00:39:36 +03:00
Дмитрий 1a265b5a38 docs(specs): Plan 3 (Supplier Sync) implementation design 
Brainstorming output: 9-Tasks decomposition в 2 фазы (Discovery + Implementation),
0 schema changes, parent spec 2026-05-10-supplier-integration-design.md.

Архитектурные решения (delegated decision-making у заказчика):
- BLOCKER #6: вариант C (переключение supplier-flow на crm_supplier_worker
  BYPASSRLS-роль из Plan 2.6 #iv 7899071) — закрывает BLOCKER #6 + WARN #2 + WARN #3
  одной правкой, 0 schema bump
- Headless browser: real Playwright через Node.js subprocess (страховка от
  Cloudflare/reCAPTCHA/JS-login/2FA на стороне поставщика в будущем)
- Discovery method: вариант А (Playwright MCP + credentials в .env, явное
  локальное снятие Pravila §6 на одну сессию)

Tasks:
1. Discovery через Playwright MCP (5 HTTP-фиксаций)
2. Spec update v1.0 → v1.1 (§4.4 observed AJAX formats)
3. Switch supplier-flow на pgsql_supplier connection (закрывает BLOCKER #6 + WARN #2/#3)
4. SupplierPortalClient (HTTP-обёртка над rt-*, Redis cache cookie/CSRF)
5. RefreshSupplierSessionJob + PlaywrightBridge (Node subprocess, 6h Redis TTL)
6. SyncSupplierProjectsJob + SupplierQuotaAllocator (20:30 МСК cron, B1/B2/B3 distribution)
7. CleanupInactiveSupplierProjectsJob (Phase A re-activate → B mark → C delete 180d)
8. RetryFailedSupplierJobsCommand (hourly cron + лимит 10 attempts/24h)
9. E2E integration test (Linux CI only, skip на Windows)

Exception hierarchy (3 классa): Auth/Transient/Client + abstract base.
Алерт-каналы: Sentry + email через Unisender Go SMTP relay (без Telegram).
Метрики приёма: Pest >=608/610, Larastan 0 errors, gitleaks 0 leaks.

+JSESSIONID в cspell-words.txt (рядом с PHPSESSID) для будущих spec'ов
session-cookie семантики.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-11 00:29:12 +03:00
Дмитрий 93314604f2 docs(plans): Sprint 5 «Pre-prod tooling» plan (Semgrep + Dependabot + Trivy prep) 
План для активации фазы 3 tooling, не требующего YC-инфраструктуры:
  - Semgrep SAST + Semgrep MCP (npm run sast)
  - GitHub Dependabot (.github/dependabot.yml — npm × 2 + composer)
  - Trivy workflow prep (создан, отключён до Sprint 7 YC Docker pipeline)

Артефакт планировщика, готов к executing-plans. 548 строк.

cspell-words.txt: +1 термин (choco — Chocolatey shortname).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-10 23:34:30 +03:00
Дмитрий 64343bd189 feat(viz): hooks-skills-plugins-map.html — карта работы Claude Code 
Vintage-blueprint визуализация всей системы плагинов/скилов/хуков для проекта
Лидерра. Артефакт параллельной Claude-сессии (mode «экономия 0%», 10.05.2026).

Включает реализации обоих spec'ов из этой сессии:
  - connections-graph: §X interactive force-directed network через D3.js v7
    (~50 узлов, 52 ребра, drag/click/hover/category filters)
  - section-VII-X: §VII Skills regroup на 5 plugin-based групп +
    §X UI локализация на русский + sidebar иерархия + edge-click handler

Tech: vanilla JS + D3.js v7 (CDN) + SVG + Google Fonts (Fraunces/Plus Jakarta
Sans/JetBrains Mono) + CSS variables. Single-file artifact, без сборки.

Размер: 126 KB (~3000 строк HTML+CSS+JS inline).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-10 23:33:52 +03:00
Дмитрий 33fdce8664 docs(viz): §VII regroup + §X Russian/hierarchy spec + plan 
Артефакты параллельной Claude-сессии (mode «экономия 0%», 10.05.2026 ночь финал).

Spec (366 строк): две связанные правки в hooks-skills-plugins-map.html:
1. §VII Skills — перегруппировка с 6 функциональных категорий на 5 plugin-based
   групп (4 плагина: superpowers/claude-md/frontend-design/upm + 1 standalone),
   28 skills без потерь.
2. §X interactive map — локализация UI-strings на русский (filter chips, legend,
   sidebar badges, tooltips); sidebar при клике на узел показывает иерархию:
   «За что отвечает» / «Кто руководит» / «Кем руководит» / «Связи»; edge-click
   handler с переходами к источнику/цели.

Plan (1012 строк): пошаговая реализация для executing-plans с TDD-структурой.
Точечные правки одного файла (HTML text + JS refactor + CSS additions).

cspell-words.txt: +6 терминов (lede/tgt/Скил/Sel/overhead/overhead'ный).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-10 23:33:22 +03:00
Дмитрий 5e38ff6d7e docs(viz): connections-graph spec + plan (D3 force-directed карта связей) 
Артефакты параллельной Claude-сессии (mode «экономия 0%», 10.05.2026 ночь).

Spec (385 строк): расширение hooks-skills-plugins-map.html новой §X
«Связи — interactive map». Force-directed network через D3.js v7 (CDN),
~50 узлов (плагины + скилы + хук-скрипты + hook events + state-файл +
permissions + Pravila §12 + CLAUDE.md), 52 ребра. Vintage-blueprint
aesthetic. Drag/click/hover/category filters/reset.

Plan (1246 строк): пошаговая реализация для executing-plans с TDD-структурой.

cspell-words.txt: +3 термина (диспатчу/скилы/ребёр).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-10 23:31:44 +03:00
Дмитрий e6b89e676f docs(plans): Plan 2.6 supplier cleanup — закрытый plan-файл (Task 5 closure) 
4 atomic commits в стэке (Plan 2.6 #i..#iv):
  - e71a02e supplier:check-webhook-secret deploy validator
  - f78a855 IP allowlist production fail-closed
  - 451a294 timestamp validation ±24h partition guard
  - 7899071 crm_supplier_worker BYPASSRLS-роль для queue worker

Pest 558/556 (+9 от Plan 2.5 baseline 549/547).
Larastan + Pint + squawk clean.
Memory updated (project_supplier_integration.md, project_state.md,
feedback_environment.md quirk #57).

Plan 3 backlog: BLOCKER #6 (RLS на failed_webhook_jobs INSERT NULL tenant)
+ 5 minor WARN + 5 NIT.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-10 23:21:54 +03:00
Дмитрий fe778858ce docs(plans): close Plan 2/5 supplier webhook routing — status header 
Все Tasks 1–9 + CV.1–CV.14 + Task 11 выполнены в main (fb55bfd..c1ae195, 16 commits).
Plan 2.5 hotfix (1ba1df8 fix #3 idempotency + c1ae195 fix #2 concurrency) закрыл
2 из 3 BLOCKER findings CV.11 audit.

В Plan 3 backlog:
- BLOCKER #6 (RLS на failed_webhook_jobs INSERT NULL tenant) — первая задача.
- WARN #4 (placeholder secret '__SET_ON_DEPLOY__') + WARN #5 (пустой IP allowlist)
  — operational deploy gates.
- 8 minor WARN + 5 NIT — Plan 3 NOTES.

Pest 549/547 (+2 от Plan 2 baseline 547/545), Larastan + Pint clean.

Чекбоксы Tasks/CV/Task11 ниже намеренно не tick'нуты — детали статуса
в memory/project_supplier_integration.md и memory/project_state.md.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-10 22:31:59 +03:00
Дмитрий 67cb2cc946 docs(superpowers): economy-mode hook bypass closure spec + plan 
6-component architecture (permissions block + 5 hooks) closing 8 critical/high
bypass paths: settings disable (H1), hook script edit (H2), prompt injection
(H4), state file delete (H6), subagent inheritance (H7), PostCompact loss
(H8), retry exhaustion (H9), verifier endpoint failure (H10), tool output
spoofing (H12), no-claim bypass (H13).

End-of-prompt parsing for "экономия N%". Shared state file in $TEMP.
Sonnet 4.6 verifier on Stop with decision:"block" + max 3 retry → escalate.

Spec: 964 lines, 12 sections.
Plan: 7 stages with TDD per task.
Runtime cost: ~\$7-14/month.

Stage 0 ratchet verified: auto-mode classifier blocks subagent Write on hook
scripts AND Bash heredoc bypass on settings.json.

Also adds 4 cspell vocabulary terms (парсингом/промпт/Mojibake/sed) used
in the new spec.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-10 21:39:23 +03:00
Дмитрий 00aaa9ea89 docs(plan): Plan 2/5 — Supplier Webhook + Sharing Routing 
11 задач + 14-пунктовый Comprehensive Verification Gate.
Spec §5-§6: platform-wide webhook + N deal-копий через LeadRouter.
Legacy /api/webhook/{token} остаётся параллельным каналом.

+ allowlist generic pattern 7\d{3}1234567 для PhonePrefixService docs/tests.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-10 17:55:13 +03:00
Дмитрий 7ab7cf51cb docs(plans): supplier integration plan 1/5 — Foundation (schema + models + validators) 
12 tasks + 3 verification gates covering:
- 5 migrations: extend projects, supplier_projects, pricing_tiers, lead_charges, supplier_sync_log
- 4 new Eloquent models + factories + Pest unit tests
- Project model extension with signal_type/sms_*/supplier_b1/b2/b3 relations
- 3 signal validators (Domain, Phone, SmsSender) with edge-case datasets
- SupplierProjectResolver service with B1+SMS guard
- Comprehensive verification gate: Larastan + squawk + pgFormatter + cspell + markdownlint + cycle-check + code-review subagent

Spec: docs/superpowers/specs/2026-05-10-supplier-integration-design.md §2, §7

cspell-words: +vashinvestor
.gitleaks.toml allowlist: +test phones for validator datasets

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-10 12:10:04 +03:00
Дмитрий 3f463f48ea docs(specs): close all 7 open questions in supplier integration design 
Q1 SMS validation: B2 = (sender, keyword), B3 = sender only; B1 not available
Q2 Supplier pricing: фиксированная цена за лид
Q3 Liderra billing: 7-tier volume pricing, monthly reset (config in admin)
Q4 Geo filter: MVP, union at supplier + filter on our side
Q5 Webhook auth: defense-in-depth (IP allowlist + secret token in URL)
Q6 Cookie/CSRF refresh: hourly headless Playwright cron + reactive on 401/403
Q7 supplier_project TTL: immediate disable, delete after 180 days no activity

cspell-words.txt: +геофильтр, логинится, encrypter, PHPSESSID

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-10 11:39:29 +03:00
Дмитрий ac09603181 docs(specs): supplier integration design (Лидерра ↔ crm.bp-gr.ru) 
Captures brainstorming output for two-way integration:
- Sharing model: один supplier-лид → много deal-копий клиентам Лидерры
- 3 supplier-проекта на источник (B1/B2/B3), shared между клиентами
- Dynamic limit adjustment через 20:30 МСК cron + AJAX rt-project-update
- Quota distribution Total/3 с приоритетом B1→B2 на остатке
- Instant FIFO routing по дате создания проекта клиента
- Резервирование обоих направлений: pending-changes queue + CSV reconciliation

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-10 11:02:19 +03:00