В рамках post-audit continuation session 12.05.2026 ночь обнаружен factual
error в v1.88: коммит 615db99 в двух местах представлен как Plan 4 merge,
коммит f4ec5dc как PSR_v1 R15 removal. Оба идентификации неверны.
Verified через git log origin/main + git show <commit>:
- 615db99 = «chore(rules): remove R15 motion-runtime restrictions (PSR_v1 v2.0)» (12.05.2026 07:30) — R15 removal, НЕ Plan 4 merge
- 8681040 = «docs: Plan 4 closure — CLAUDE.md v1.87 + Открытые_вопросы v1.78» — правильный Plan 4 closure marker на origin/main
- a907fea..174dbae = backend Plan 4 task-коммиты (Tasks 9-11), merged ранее
- f4ec5dc = «fix(redesign): sidebar position:fixed + main padding-left» — Quiet Luxury sidebar hotfix на ветке plan5-frontend-projects, НЕ на origin/main, НЕ R15 removal
Правки v1.89:
1. §6 строка обновлена с правильными коммитами + явное разделение «Plan 4 closure 8681040» и «R15 removal 0fd93fd + 615db99» как разные истории
2. Шапка v1.88 changelog inline: 615db99 → 8681040 + NB-маркер про factual error
3. §9 v1.88 entry inline: то же исправление + NB
4. Bump CLAUDE.md v1.88 → v1.89 (новая шапка)
5. Новая v1.89 entry в §9 CLAUDE.md + параллельная запись в CHANGELOG
6. CHANGELOG intro обновлён: документировано что v1.84..v1.88 живут inline в §9 (CHANGELOG-обслуживание не велось 10.05.2026–12.05.2026)
Связанные документы (Pravila v1.10 / PSR_v1 v1.7 / Tooling v1.15 / реестр
v1.77 на ветке plan5-frontend-projects) НЕ требуют изменений — фикс
локален в CLAUDE.md.
Источник: post-audit continuation session, bonus-finding во время Q.DEFER.001
(memory description downgrade). Заказчик: «доделывать аудит, поправить
ошибку в CLAUDE.md». Через /claude-md-management:claude-md-improver per
CLAUDE.md §5 п.10.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
User chose variant (B) Semgrep в CI for Q.INFO.001. Investigation shows
.github/workflows/sast.yml already exists from PR #25 commit 53fb1ec
(10.05.2026, 2 days before audit) with better-than-minimal config:
- semgrep/semgrep-action@v1
- configs p/php + p/javascript + p/typescript + p/secrets
- triggers push/PR на main with path-filters app/app, app/resources/js, app/database/migrations
- SARIF upload to GitHub Security tab via github/codeql-action/upload-sarif@v3
Audit Phase 4 Subagent G missed this — searched only for local `npx semgrep`
CLI without checking existing CI workflows. Tagged as audit-gap finding for
future Phase 4 improvement (check `.github/workflows/` first).
No new code required. +SARIF added to cspell-words.txt.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
После Phase 12 P3 finding R4-R5 (vendor chunk renaming) — попытался применить
`build.rollupOptions.output.manualChunks` в vite.config.js. Vite 8 использует
Rolldown который требует function-form (object-form ломает с
"manualChunks is not a function"). Под function-form Rolldown засосал
все consumers stores в pinia chunk через transitively-import резолюцию:
- Pinia chunk implicit ~5kB → explicit 127kB raw / 50kB gzip
- Total critical-path payload +50 kB gzip vs baseline (net negative)
- Vite auto-split работает better для этого app shape
Reverted to baseline. "VBtn 184 kB" — naming artefact (auto-named первый
Vuetify consumer'ом), не actual perf-issue. R4-R5 closed без code fix —
informational only.
3 гипотезы про cause Pinia blow-up:
- H1 stores transitively-pulled через pinia API import
- H2 cycles vue-core↔pinia в Rolldown greedy chunking
- H3 return null в function manualChunks ломает auto-split fallback
Detailed reverification recommended next session если решим повторить
с `output.preserveModules` или per-store individual manualChunks rules.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
После follow-up прохода — обе a11y contrast violations исправлены:
- ErrorView support-link (fff2dff) — 2.77 → ~12:1
- ForgotPasswordView info-alert (5cebe24) — 4.18 → ~7.5:1
Final Pa11y baseline на guest URLs: 4/4 No issues found.
Остаётся auth-views coverage (16 views) — требует session cookie
в Pa11y, defer next session.
+неверифицированы в cspell-words.txt.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Phase 6 audit found inconsistency in routes/web.php SPA-shell list.
Comment (line 188-190) declares «Регистрируем явно, а не catch-all»
for test isolation, but the explicit list missed:
- /reminders, /projects (main views from Plan 5)
- /admin and 7× /admin/* (added in Plans 4 + 5)
These paths worked via Route::fallback (line 211), but that risks
runtime-routes from Pest beforeEach('_test/*') being shadowed by
fallback BEFORE catch-all. Align explicit list with router/index.ts
to honor the documented rationale.
No behavioral change for production (same welcome view returned);
test-suite isolation contract restored.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
vue-tsc was emitting 9 errors from two issues:
1. ProjectCard.vue had a local `interface Project` missing region_mask /
region_mode / delivery_days_mask, while stores/projectsStore.ts
exported the canonical one with those fields. ProjectsView.vue passed
the canonical Project to ProjectCard handler signatures which expected
the local incomplete one → 5× TS2322.
2. EditProjectDialog passed `project: Project | Record<string, unknown>`
to NewProjectDialog which expected `Record<string, unknown> | null`.
Project lacks an index signature → TS2322.
3. AppSidebar.vue template referenced `item.countKey` not declared in
NavItem interface → 2× TS2339.
Changes:
- ProjectCard.vue: drop local Project, import from projectsStore.
- NewProjectDialog.vue: project prop type → Project | null (was Record).
Drop `as { id: number }` cast on PATCH URL.
- EditProjectDialog.vue: project prop type → Project | null.
- AppSidebar.vue: add `countKey?: string` to NavItem.
- projectsStore.ts: make region_mask/region_mode/delivery_days_mask
optional (backward-compat for mock fixtures; production rows always
populate them by schema).
- Test/story fixtures expanded with delivered_today/is_active/archived_at/
sync_status to match strict Project shape.
Verification:
- npx vue-tsc --noEmit → 0 errors (was 9).
- npx vitest run on 5 affected specs → 16/16 passed + 2 skipped.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
BulkActionsBar.story.vue calls useProjectsStore() in top-level setup,
which executes before story collection. Without Pinia plugin, Histoire
build aborts with `getActivePinia() was called but there was no active
Pinia` — uncaught exception kills the whole build (24 → 0 stories).
Add createPinia() to histoire.setup.ts alongside Vuetify + vue-router.
Also add `/recovery-use` and `/projects` routes to the stub router
(parity with router/index.ts after Plan 5 frontend), so future story
files needing those paths don't emit Vue Router warns.
Histoire build now: exit 0, 35 stories / 63 variants in 80.6s.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Корень: dev-БД `liderra` создавалась с LC_CTYPE=C — lower()/upper() не
делает case-folding для кириллицы, `ILIKE '%сп%'` на «Окна СПб» = 0 строк.
Test-БД с Russian_Russia.1251 маскировала проблему.
Системный fix: dev-БД пересоздана через `LOCALE_PROVIDER icu ICU_LOCALE 'und'`
(PG 16+ ICU collation, кросс-платформенно). Точечный COLLATE-workaround не
понадобился — все 5 ILIKE-endpoint'ов теперь работают с кириллицей без
правки кода. CTO-20 закрыт в реестре v1.81; команда CREATE DATABASE с ICU
зафиксирована для prod-deploy.
Сопутствующее:
- ProjectsView clearable: workaround `::after content '✕'` + видимость
через `.v-field--dirty` (mdi-* font не подключён в проекте — CTO-19
заведён в реестре).
- LookupsTest: удалён stale case `GET /api/projects?tenant_id=N`,
заменённый auth:sanctum-роутом в Plan 5.
- Pest +1 регрессионный тест (`search is case-insensitive for Cyrillic`)
в ProjectsListShowTest, 10/10 / 37 assertions.
- phpstan-baseline регенерирован (3 actingAs + удалённый case).
- cspell-words: +Регистронезависимый, +und.
- app/.backups/ в gitignore.
Verify:
- Pest --parallel: 742 passed / 1 flaky error (CsvReconcileJobTest cache
race, в изоляции 2/2 PASS) / 3 skipped.
- Browser: «сп» и «окн» возвращают «Окна СПб».
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Final code reviewer correctly identified that impl-commit 3fc90f1 included
not only the CSS work but also a template change <v-checkbox> →
<label><input><span> on ProjectCard.vue.
Root cause (Task 0 forensics): session-start git status showed
`M app/resources/js/components/projects/ProjectCard.vue` — pre-existing
uncommitted modifications from prior session/work. When the session Read
the file at start, it saw the working-dir version (already with native
<label><input>), not the branch-HEAD 88a13e2 version (with <v-checkbox>).
Stage+commit in 3fc90f1 thus bundled both changes.
The template change is architecturally required for the new CSS to work —
<v-checkbox> renders Vuetify-internal <input> without a sibling <span>,
which is what the scoped :checked + .card-check__box::after selector
needs. The baseline-fix commit 84530d5 was also prepared for the native
input selector, consistent with this template structure.
Updating spec §2 architecture to reflect this honestly rather than leave
a stale «Template / script нетронуты» statement that conflicts with the
diff in main.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
ProjectCard.vue: replace 2px noir solid border on .card-check__box with
1px var(--liderra-line) idle / var(--liderra-line-strong) hover / var(--liderra-teal)
checked. Checked state uses tonal 10% teal bg instead of full fill. Size 20→16px.
Added :focus-visible outline for keyboard nav.
NewProjectDialog.vue: add a local .ld-input-quiet class to all 5 v-text-field
in the dialog (domain / phone / sms keyword / name / daily limit). The class
overrides v-field outline border-color through :deep() to use the tokens.css
1px line / line-strong / teal palette, and sets border-radius to var(--radius-8).
All variant/density/color values come from Vuetify global defaults in
plugins/vuetify.ts:50-54. Includes opacity:1 on every override to neutralize
Vuetify's --v-field-border-opacity 0.38 cascade, plus an explicit error-state
rule with border-color:currentColor to preserve Vuetify's red error border.
Twin elements left out of scope: .toolbar-check__box in ProjectsView.vue,
v-combobox/v-autocomplete/v-btn-toggle inside the same dialog, and the
filter-bar v-select inputs.
Spec: docs/superpowers/specs/2026-05-12-quiet-luxury-elements-1440-896-design.md
Plan: docs/superpowers/plans/2026-05-12-quiet-luxury-elements-1440-896.md
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Task 2 code-quality review (subagent verdict: Ready to merge? No) found
two critical correctness bugs in the original CSS template from spec §3.2:
1. Vuetify's outlined variant collapses sub-element opacity through
--v-field-border-opacity (= 0.38 at idle). Without explicit opacity:1
on each override block, --liderra-line (alpha 0.08) effective alpha
becomes 0.03 → border essentially invisible on ivory backgrounds.
2. Overriding border-color with an explicit value breaks the
currentColor inheritance Vuetify uses for the error state
(color: rgb(var(--v-theme-error)) on .v-field--error.v-field__outline).
Without an explicit error rule that restores currentColor, the red
error border never appears on any of the 5 validated fields.
Also tightened hover from .ld-input-quiet:hover (which is on the .v-input
root, including hint/error message area) to .v-field:hover inside
:deep() — matches Vuetify's own hover scope and avoids triggering on
helper text hover.
Spec §3.2 and plan Task 2.2 updated to the corrected CSS block with
explicit «almost-trap-avoidance» notes documenting why each adjustment
is needed.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Pre-existing failing test from commit c9ee8d8 — data-testid lives on
<label>, but @change handler sits on <input> inside it. jsdom does not
bubble change-event from label to input via @vue/test-utils trigger.
Use child-input selector to fire the event on the right node.
Baseline после fix: 614 passed / 3 skipped / 0 failed (vs 613 / 3 / 1).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Task 0 (pre-flight) обнаружил global Vuetify default в plugins/vuetify.ts:50-54
который уже устанавливает variant=outlined density=comfortable color=primary
для всех VTextField. Изначальная гипотеза spec §1.2 «variant=filled по
умолчанию» была неверна — все 5 v-text-field в NewProjectDialog.vue выглядят
одинаково тёмными (Vuetify default border ≈ 60% on-surface), а не «один
filled среди других».
Заказчик принял расширение области: применить .ld-input-quiet ко всем 5
v-text-field (lines 21, 30, 48, 59, 61), убрать неработоспособные явные
props (variant/density/color/rounded — они уже из global default), и
вынести border-radius в :deep(.v-field) override через --radius-8.
Также Task 0 нашёл pre-existing failing test в ProjectCard.spec.ts:43
(change-trigger на <label> вместо <input> внутри); это будет починено
отдельным atomic-коммитом перед Task 1.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Spec по узкому Quiet Luxury редизайну двух конкретных элементов из
Dev Element Indices: card-check__box в ProjectCard и v-text-field
«Название проекта» в NewProjectDialog. Подход — CSS / prop правки
под существующие tokens.css, без новых primitives.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Delta mode combines Add/Remove numeric inputs into a single signed delta;
Replace mode switches to an absolute value input via v-checkbox toggle.
5/5 Vitest pass; full suite 611 passed + 3 skipped.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Refactor ProjectService::bulkAction to accept full payload array and
return structured {updated, skipped, warnings}. Add bulkUpdateRegions
using PG raw bitmask expr (region_mask | add) & ~remove & 255.
Add stubs for bulkUpdateDays/bulkUpdateLimit (Tasks 3-4). Update
controller to pass merged payload and return service result directly.
Un-todo Task-1 region validation test; add regions bitmask test (18/20).
Update phpstan-baseline: actingAs count 5->6, restore match.unhandled.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Replace !empty() check with has()+is_array() so scope:{filter:{}} is
accepted as "all projects" rather than rejected as missing selection.
Expand scope.filter to IDs in the controller (500-row limit guard) so
the service receives a typed array[]; add Pest coverage for this case.
Update phpstan baseline count for new actingAs() call.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Дмитрий