Дмитрий
bcdcca01a5
fix(graph): T1 hardening — localStorage try/catch + rAF throttle on redraw
...
После T1 code-quality review: 2 Important issues из spec §9 mitigation list. (1) try/catch обернул read/write localStorage — в Edge InPrivate / quota-exceeded не падает, fallback на default 300. (2) network.redraw() rAF-throttled через redrawScheduled flag — устраняет potential jank при fast drag на медленном hardware (mousemove может fire'ить >60Hz).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-14 12:22:52 +03:00
Дмитрий
97da018724
feat(graph): resize handle 300-900px + localStorage
...
Drag-handle 6px на левой границе #legend-panel (cursor:col-resize, hover-bg #0d4a5a), JS-обработчики mousedown/mousemove/mouseup, clamp [300, 900]px, сохранение ширины в localStorage ключ liderra-map-legend-width, restoration on DOMContentLoaded. После каждого resize вызывается network.redraw() для пересчёта vis.js canvas. Iter2 spec §2.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-14 12:17:08 +03:00
Дмитрий
abaeebbde6
docs(plan): automation-graph iter2 — 10 atomic tasks (7 parallel-safe + 3 sequential)
...
Tasks 1-7 (parallel-safe через dispatching-parallel-agents): T1 resize handle CSS+JS+localStorage, T2-T5 text rewrite groups A/B/C/D (9+21+18+25=73 nodes по Style Guide), T6 CONFLICT_TYPES enum + 2 new ⚫ edges + reclassify 6, T7 EDGE_DETAILS data (74 entries). Tasks 8-10 (sequential): T8 edge legend render + click handler (depends T7), T9 3-color render + sort + footer (depends T6), T10 visual smoke + push.
Test strategy для single-file HTML без unit-tests: 3-уровневая verification (Level 1 — Node.js syntax check per Edit, Level 2 — lefthook pre-commit gauntlet per commit, Level 3 — manual visual smoke в Edge browser). Pre-push: gitleaks full-history + lychee. Self-review pass: spec coverage 100%, no placeholders, no type drift.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-14 12:12:33 +03:00
Дмитрий
c18cc93c78
chore(cspell): +2 words for automation-graph iter2 plan
...
qitem + skreview — фрагменты идентификаторов узлов карты (sk_qitem, ag_skreview); cspell токенизирует по `_` и видит их как unknown words. Упомянуты в plan-файле как ссылки на task'и/инструменты. Iter2 plan reference.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-14 12:12:21 +03:00
Дмитрий
f936944237
docs(spec): automation-graph iter2 — resize + simple-language + 3-color conflicts + edge legend
...
4 improvements after iter1 ride-out: drag-handle resize 300-900px + localStorage; rewrite 73 nodes to plain language with Style Guide; reclassify 8 conflicts as 🔴 not-closed / ⚫ practice-observed / 🟢 closed-by-rule; new 7-field edge legend (source/target/relation-type/trigger/transfers/mandatory/regulation).
Parallel execution strategy: Phase 2 dispatches 6 subagents (P1 resize, P2-P5 text rewrite by category, P6 conflict types + EDGE_DETAILS) returning raw JS blocks; Phase 3 main agent applies 12 atomic Edits in sequence → 11 atomic commits total.
Through superpowers:brainstorming 4-clarifying-question cycle (text scope / conflict classification / resize UX / edge legend fields), all options chosen by Дмитрий explicitly. Self-review pass; no placeholders, no contradictions, 0 open questions.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-14 10:29:40 +03:00
Дмитрий
8e75951edc
chore(cspell): +3 words for automation-graph iter2 spec
...
зарелизен + отрефакторен (русифицированные tech-термины «released» / «refactored»; используются в iter2 spec §0 Context); cdesc (CSS class из docs/automation-graph.html .conflict-item .cdesc, ссылка в iter2 spec §4.3 renderer changes).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-14 10:29:28 +03:00
Дмитрий
b73ddaaedd
docs(a11y): authenticated rescan baseline + findings (21/21 passing)
...
Final state docs after a11y rescan session:
- docs/audit-baseline-pa11y.md: «Authenticated rescan 2026-05-14» section
added (14 new URLs, all 21 passing). Old «out of scope для первой
baseline» section marked SUPERSEDED. Per-pattern fix table with file
references + ignored selector rationale. axe-core cross-validation
results documented (only DevIndexBadge dev-only remains).
- docs/superpowers/audits/2026-05-14-a11y-rescan-findings.md (new):
Full audit findings doc — TL;DR, scope expansion table, per-pattern
root cause + fix sections (A-H), axe-core cross-validation, метрики
до/после, verdict 🟢 GREEN.
Regression sweep:
- Pa11y: 21/21 URLs passed
- Vitest: 91 files / 736 passed / 3 skipped / 0 failed
- Pest --parallel: 742/739/3sk/0
- Vite build: ~2s
- gitleaks: 0 leaks / 457 commits / 12.72 MB
- lychee: 345 OK / 0 errors / 457 total
- markdownlint: 0 errors (after auto-fix)
- cspell: 0 issues
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-14 10:08:08 +03:00
Дмитрий
e39a42cfdf
fix(a11y): admin search inputs — add label prop for accessible name (Pattern H)
...
A11y rescan Pattern H — Vuetify <v-text-field> без `label` prop рендерит
empty `<label id="input-v-NN-label">` (referenced via aria-labelledby).
Pa11y/axe видит unlabelled input на /admin/billing (search «Поиск по
названию или ИНН») и /admin/system (search «Поиск по ключу или описанию»).
Initial naive fix добавил `aria-label="..."` — но ARIA priority говорит
aria-labelledby overrides aria-label, поэтому осталось violation.
Final fix: add `label="Поиск"` prop on VTextField. Vuetify рендерит
floating label с правильным accessible text → axe-core resolves через
aria-labelledby chain successfully. Placeholder сохранён (split: «Поиск»
теперь в label, «по названию или ИНН» / «по ключу или описанию» —
placeholder).
Files:
- AdminBillingView.vue:209-217
- AdminSystemView.vue:130-138
Closes Pa11y «label» violations на 2 admin URLs.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-14 10:07:48 +03:00
Дмитрий
398f6bcf5a
fix(a11y): Vuetify tonal alert/chip + text-warning contrast overrides (Patterns C+D+E)
...
A11y rescan Patterns C+D+E — Vuetify default theme colours для tonal-variant
.v-alert .v-alert__content (4.18:1) и tonal .v-chip__content (success 4.25:1
/ warning 2.25:1), плюс `.text-warning` utility used в count badges (2.03:1
на ivory) — все ниже WCAG 2.1 AA 4.5:1.
Global CSS overrides in app/resources/css/app.css:
Pattern C — alert tonal content (2 URLs: billing, admin/system):
.v-alert--variant-tonal .v-alert__content {
color: #0a0700; /* near-black, 16:1 on ivory */
}
Pattern D — chip tonal success/warning content (4 URLs: billing,
admin/{tenants,billing,incidents,system}):
.v-chip--variant-tonal.bg-success .v-chip__content { color: #1f5e3a }
.v-chip--variant-tonal.bg-warning .v-chip__content { color: #6a4504 }
Pattern E — .text-warning utility (2 URLs: admin/billing «5», admin/incidents
«1»). Critical specificity fix: Vuetify defines selector as
`.v-theme--liderraForest .text-warning { color: rgb(var(--v-theme-warning))
!important }` (specificity 0,2,0 + !important). Naive `.text-warning
!important` (0,1,0) loses on specificity even with !important. Match Vuetify
selector exactly so override wins on cascade order (loaded after Vuetify CSS):
.v-theme--liderraForest .text-warning,
.v-theme--liderraForest.text-warning,
.text-warning {
color: #6a4504 !important;
}
Closes 4+11+2 = 17 color-contrast violations across 5 distinct URLs.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-14 10:07:35 +03:00
Дмитрий
6387706be6
fix(a11y): .sep dot separator contrast 2.92:1 → 5.33:1 (Pattern B)
...
A11y rescan Pattern B — scoped CSS `.sep { color: #92907b; }` повторяется
в 8 компонентах (page-stats / page-meta / hero-meta containers с точкой-
разделителем `·`). На ivory page background #f6f3ec даёт contrast
2.92:1, ниже WCAG 2.1 AA 4.5:1 threshold.
Fix: #92907b → #6b6356 — same warm-grey hue, darker tone, gives
5.33:1 contrast. 8 files:
- views/{DealsView,BillingView,KanbanView,ReportsView}.vue
- components/dashboard/DashboardPageHead.vue
- components/deals/DealDetailHero.vue
- components/admin/tenants/TenantsStatsHeader.vue
- components/admin/tenant-detail/TenantDetailHeader.vue
Closes Pa11y «color-contrast» violations на /dashboard /billing /reports
(8 .sep elements total flagged).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-14 10:07:11 +03:00
Дмитрий
667befde96
fix(a11y): add aria-label to mobile nav-icon button (closes Pattern A)
...
A11y rescan Pattern A — Vuetify <v-app-bar-nav-icon class="d-md-none">
без accessible name. Pa11y/axe видит button в DOM даже на desktop где
он hidden via CSS — флагает «button-name» violation на 9 AppLayout views
(/dashboard, /deals, /kanban, /projects, /billing, /settings, /reports,
/reminders, /admin/tenants).
Fix: AppTopbar.vue:90-94 — `aria-label="Открыть меню навигации"`.
Closes 9 of 14 authenticated routes' a11y violations (down 14→5 affected
URLs after this commit).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-14 10:06:52 +03:00
Дмитрий
35387e8b17
feat(a11y): extend Pa11y scope to 14 authenticated routes + Vuetify hideElements
...
pa11y.config.json теперь covers 21 URLs (7 guest + 14 authenticated).
Authenticated URLs использует per-URL actions login flow:
1. navigate to /login
2. fill input[autocomplete="email"] = admin@demo.local (DemoSeeder)
3. fill input[autocomplete="current-password"] = password
4. click button[type="submit"]
5. wait for path /dashboard
6. navigate to target URL + wait path
14 routes added: /dashboard, /deals, /kanban, /projects, /billing, /settings,
/reports, /reminders, /admin/{tenants,billing,incidents,system,pricing-tiers,
supplier-prices}.
hideElements extended:
- select[hidden] — Vuetify VSelect рендерит hidden native <select> для
form-submission compatibility (не visible UX, screenreader skip).
- input[aria-controls^="menu-v-"] — Vuetify VDataTable items-per-page
combobox с aria-labelledby chain issue (Vuetify-internal pattern).
timeout 30000 → 60000ms, wait 1500 → 2000ms — accommodate Vue SPA async
hydration после login flow.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-14 10:06:40 +03:00
Дмитрий
a650484b11
docs(plan): A11y rescan — live portal authenticated routes
...
11-task plan для повторного a11y-аудита: extend Pa11y от 7 guest URLs к 21
URLs (включая 14 authenticated через per-URL actions login flow), + axe-core
cross-validation via Playwright MCP, + inline fixes для real prod findings.
Closes Audit #3 Phase 7 «authenticated pages out of scope» clause per
explicit user request «Pa11y был настроен на старые HTML-эскизы, проведи
повторно аудит в этой части, чтобы он проверил реальный портал».
Plan: docs/superpowers/plans/2026-05-14-a11y-rescan-live-portal.md
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-14 10:06:19 +03:00
Дмитрий
54ee37c54e
feat(graph): physics off by default + buttons restore radial layout + smooth continuous
2026-05-14 09:23:46 +03:00
Дмитрий
d75b3b85d3
feat(graph): radial-sector layout — 6 колец × 4 сектора (workflow/UI/infra/data)
2026-05-14 09:22:45 +03:00
Дмитрий
0da8dbf042
feat(graph): when+limits content for memory files (15) — all 73 nodes done
2026-05-14 09:20:54 +03:00
Дмитрий
a19bee28be
feat(graph): when+limits content for lefthook jobs (10)
2026-05-14 09:19:38 +03:00
Дмитрий
0634426c30
feat(graph): when+limits content for MCP servers (7)
2026-05-14 09:18:45 +03:00
Дмитрий
ee958f884a
feat(graph): when+limits content for hooks (5) + agents (11)
2026-05-14 09:17:37 +03:00
Дмитрий
2b38e7be32
feat(graph): when+limits content for skills (14 SP + 2 проектных)
2026-05-14 09:16:02 +03:00
Дмитрий
413803e569
feat(graph): when+limits content for rules + plugins (9 nodes)
2026-05-14 09:14:10 +03:00
Дмитрий
1a7cd90c32
feat(graph): nd() helper supports when+limits fields; showLegend renders them
2026-05-14 09:10:57 +03:00
Дмитрий
40b437ccb7
feat(graph): legend panel — add «Когда используется» and «Ограничения» sections
2026-05-14 09:10:15 +03:00
Дмитрий
aa258e1ad0
fix(graph): remove edge labels from canvas, move to hover tooltips
2026-05-14 09:09:42 +03:00
Дмитрий
5c2556b73f
fix(graph): canvas rendering artifacts — explicit canvas bg + remove hideEdgesOnDrag
2026-05-14 09:09:01 +03:00
Дмитрий
e3974482a9
docs(plan): automation-graph refactor — 10 atomic tasks
...
Implementation plan для spec 2026-05-14-automation-graph-refactor-design.md.
10 tasks, каждый = 1 коммит, в порядке:
1. canvas rendering fix
2. edge labels → tooltips
3. HTML legend sections (когда + ограничения)
4. nd() helper signature + render
5a-5f. when+limits content для 73 узлов (rules+plugins / skills / hooks+agents / MCP / lefthook / memory)
6. radial-sector positioning (ring + sectorAngle на 73 NODES + pos() helper)
7. physics off + button handlers + smooth continuous
8. final smoke + data integrity check
Self-review: spec coverage ✅ , no placeholders ✅ , type consistency ✅ ,
backward-compat nd() handler в Task 4 (for intermediate state).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-14 09:05:21 +03:00
Дмитрий
b747880ddc
docs(spec): automation-graph refactor — 4 fixes (фон / подписи / радиальная иерархия / when+limits)
...
Дизайн рефакторинга docs/automation-graph.html после визуальной проверки
коммита 7ee78a9 :
- canvas background на самом canvas + удаление hideEdgesOnDrag (artifacts)
- удаление labels с edges, переход на title-tooltip + legend section
- radial-sector layout: 6 колец × 4 функциональных сектора, physics off
- 2 новые секции легенды: «Когда используется» + «Ограничения»
cspell: +mgmt (валидный идентификатор узла claude_md_mgmt)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-14 08:55:32 +03:00
Дмитрий
ae20033652
docs(claude.md): v1.92 → v1.93 — sync schema header drift 62→63 (Audit #3 P2)
...
Tail closure of Audit #3 P2 «schema.sql header drift» finding. Schema
source-of-truth was already updated in commit e746b3c (db/schema.sql:4
header «62 базовые таблицы» → «63 (61 regular + 2 partitioned parents:
deals + supplier_lead_costs)»). This commit syncs three CLAUDE.md
references to match.
Touch points:
- Header version 1.92 → 1.93 + description of session
- §0 «Источник истины» row «Схема БД» — 62 → 63 baseline
- §2 «Стек проекта» БД row — 62 → 63 baseline
- §8 self-review triggers row `db/schema.sql` — 62 → 63 baseline
- §9 history — new v1.93 entry summarising 5-commit sprint
(8ba9c55..c524227), closure tally (1 P1 + 7 P2 + 4 P3), and regression
check (Pest 742/739/3sk/0, Vitest 91f/736/3sk/0, gitleaks 0/442,
lychee 325/0).
Via `/claude-md-management:claude-md-improver` per CLAUDE.md §5 п.10
(only sanctioned channel for direct CLAUDE.md edits).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-14 08:47:42 +03:00
Дмитрий
c5242271d7
chore(p3): close P3 tooling and structural mini-fixes
...
Closes Audit #3 P3 batch.
Changes:
1. **knip.config.ts cleanup** — remove 4 stale config hints flagged in
Audit #3 Phase 1B (`ignore: tests/**` redundant since `project` is
`resources/js/**`; `ignoreDependencies` for vitest/@vue/test-utils/jsdom
redundant since knip auto-detects test frameworks). Add `histoire.config.ts`
+ `resources/js/histoire.setup.ts` to entry — closes 2 documented FPs
(histoire.setup.ts + @histoire/plugin-vue unused-flag). Verified:
`npx knip` exits 0 clean.
2. **Admin table actions column header label** — change `title: ''` →
`title: 'Действия'` in:
- TenantsTable.vue (actions column, /admin/tenants)
- AdminSupplierPricesView.vue (actions column, /admin/supplier-prices)
Closes axe-core `empty-table-header` violation seen in Audit #3 Phase 7
on /admin/tenants. Header is now visible in UI (better UX than sr-only
sleight-of-hand).
3. **npm overrides for lodash** in `package.json` — pin `pa11y-ci > lodash`
to ^4.17.21. Verified: `npm ls lodash` resolves to lodash@4.17.23 (latest
4.x; CVE-2021-23337 + GHSA-f23m patched in <4.17.21, our version is above
that). npm audit may still surface advisory ranges as informational.
4. **Decision doc for pgFormatter (Q.HARD.002)** — explicit FIX-DEFER with
3-hypothesis comparison (Strawberry Perl install vs sqlfluff replacement
vs Docker pg_format vs drop SQL formatting). Decision: drop automated
SQL formatting until Б-1 closure; squawk (linter) covers correctness.
Addendum: axe-core .v-overlay-container region landmark — no permanent
axe-core test setup exists, so no whitelist needed at this point.
Verification:
- knip: 0 issues
- vue-tsc: 0 errors
- ESLint: 0 errors
- Vitest: 91 files / 736 passed / 3 skipped (no regressions)
- Vite build: 2.03s
Plan: docs/superpowers/plans/2026-05-14-audit3-deferred-fixes.md Task 4.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-14 08:38:51 +03:00
Дмитрий
c5c0e76950
test(coverage): close F-COV-01/02/03 — ReminderDialog + AdminLayout + api/admin
...
Closes Audit #2+#3 P2 carryforward triplet (low-coverage files at risk
of silent regression).
Coverage results (Vitest --coverage --coverage.include per-file):
| File | Stmts before | Stmts now | Δ |
|---|---|---|---|
| ReminderDialog.vue | 0% | 95.38% | +95 pp |
| AdminLayout.vue | 9.09% | 95.45% | +86 pp |
| api/admin.ts | 11.53% | 100% | +88 pp |
Branches/Funcs deltas (subagent reports):
- ReminderDialog: Branch 0→97.56%, Funcs 0→85.71%, Lines 0→96.61%
- AdminLayout: Branch 0→90%, Funcs 0→90%, Lines 9.09→94.73%
- api/admin: Branch 0→100%, Funcs 27.27→100%, Lines 11.53→100%
Approach: TDD via @vue/test-utils + Vuetify global plugin + vi.mock for
store/api. Three parallel subagents (general-purpose), each focused on
single target — no production code changes, only test infrastructure.
Coverage areas:
- ReminderDialog (19 specs): rendering, watch(dialogOpen) populate/reset,
submit create-mode happy + 3 errors, submit edit-mode happy + 1 error,
cancel, common validation paths
- AdminLayout (16 specs): brand block, 5 nav items, count badges (142/3),
breadcrumb per route (5 cases + fallback), userInitials computed (4
cases incl. fallback), userShortName (4 cases), handleLogout call-order,
active state, aria-label
- api/admin (18 specs): 11 exported functions × happy-path; 2 encodeURI
edge cases; 4 ensureCsrfCookie call-order verifications via
invocationCallOrder; 2 error-propagation tests
Verification (full sweep after merge):
- Vitest: 91 files / 736 passed / 3 skipped / 0 failed (+3 files, +53 specs
from Audit #3 baseline 88/683/3sk)
- Pest --parallel: 742/739/3sk/0 (identical to baseline, 0 regressions)
- Vite build: 2.03s
- vue-tsc: 0 errors
- ESLint: 0 errors
Plan: docs/superpowers/plans/2026-05-14-audit3-deferred-fixes.md Task 3.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-14 08:37:26 +03:00
Дмитрий
e746b3c9a4
chore(cleanup): dead code removal + DemoSeeder env-conditional + schema header drift
...
Closes Audit #3 P2 batch (knip dead exports/components, DemoSeeder
hygiene, schema header drift).
- Remove app/resources/js/views/admin/AdminPlaceholderView.vue
(unreferenced placeholder view — confirmed via repo-wide grep, only
doc references remain)
- npm uninstall concurrently (no script invoked it; --legacy-peer-deps
for Histoire 1.0-beta.1 peerDep quirk)
- 12 unused exports → internal types (remove `export` keyword):
- api/admin.ts: AdminTenantsStats, ApiTenantMetrics,
ApiAdminBillingSummary, ApiAdminIncidentsSummary
- api/notifications.ts: NotificationEvent
- api/reports.ts: ApiReportType, ApiReportFormat, ApiReportParameters,
ReportCounts, ReportQuota
- composables/mockBilling.ts: TxType
- composables/useStatusPill.ts: StatusPillSlug
All 12 are used INSIDE their own file (response shapes), just not
exported externally — converting to internal types satisfies knip
without losing type-checking inside the file.
- DatabaseSeeder::run() — DemoSeeder runs only in local+testing envs
(`migrate:fresh --seed` in dev now produces demo tenant + admin@demo.local
+ 3 projects + ~14 demo deals; prod environments skip)
- db/schema.sql header line 4: «62 базовые таблицы» → «63 базовые
таблицы (61 regular + 2 partitioned parents: deals + supplier_lead_costs)»
Closes schema header drift finding from Phase 3.
Verification:
- vue-tsc --noEmit: 0 errors
- ESLint on touched files: 0 errors
- Pest --parallel: 742/739/3sk/0 failed (identical to baseline, no regressions)
- 2243 assertions / 34.46s
Plan: docs/superpowers/plans/2026-05-14-audit3-deferred-fixes.md Task 2.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-14 08:28:44 +03:00
Дмитрий
0c36b7a28d
feat(a11y): migrate Pa11y scope from handoff prototypes to live Vue app
...
Closes Audit #3 sole P1 (F-A11Y-PA11Y-SCOPE-01).
Pa11y was scanning handoff HTML prototypes from liderra_v8_handoff/concepts/
(3 URLs, ~10 contrast violations), NOT the live Vue app. Audit #2 baseline
"0 errors" was inaccurate — real portal was never covered.
Changes:
- pa11y.config.json: now targets http://localhost:8000/ <route> for 7 guest
pages (login, register, forgot, 2fa, recovery, 403, 500)
- pa11y-handoff.config.json: preserves historical handoff baseline as
opt-in (`npm run a11y:handoff`)
- package.json: new `a11y:handoff` script; `a11y` repointed to live target
- RecoveryCodesView.vue: scoped CSS override fixes Vuetify warning-tonal
alert content contrast (2.03:1 → ≥4.5:1, color #0a0700 per Pa11y rec)
- .github/workflows/a11y.yml: new CI job with dev-server lifecycle
(php artisan serve + curl wait-on + Pa11y + screenshot artifact upload)
- docs/audit-baseline-pa11y.md: first live baseline document with per-URL
status, ignore selectors rationale, re-run instructions
Local verification:
- npm run a11y: 7/7 URLs passed (0 violations)
- vue-tsc: 0 errors
- ESLint: 0 errors
- Vitest: 88 files / 683 passed / 3 skipped / 0 failed (no regressions)
Plan: docs/superpowers/plans/2026-05-14-audit3-deferred-fixes.md Task 1.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-14 08:25:14 +03:00
Дмитрий
8ba9c55724
docs(plan): Audit #3 deferred fixes sprint plan
...
25 deferred findings (1 P1 + 11 P2 + 14 P3) → 4 task batches:
1. P1 Pa11y scope migration to live Vue app
2. P2 dead code + dev hygiene (knip findings + DemoSeeder + schema header)
3. P2 coverage debt (ReminderDialog + AdminLayout + api/admin via TDD)
4. P3 tooling + structural mini-fixes
Plan: docs/superpowers/plans/2026-05-14-audit3-deferred-fixes.md
Source audit: docs/superpowers/audits/2026-05-14-portal-full-audit-report.md
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-14 08:24:49 +03:00
Дмитрий
f9d2452386
docs(audit): finalize portal full audit #3 — report (2026-05-14)
2026-05-14 07:52:27 +03:00
Дмитрий
301334c288
docs(audit): Phase 14 final regression (audit #3 )
2026-05-14 07:46:56 +03:00
Дмитрий
abb8a5135e
docs(audit): Phase 13 categorization + fix decisions (audit #3 )
...
Final audit rollup: 0 P0 / 1 P1 / 11 P2 / 14 P3 (26 total).
Pa11y P1 decision: FIX-DEFER with concrete migration plan
(6 acceptance criteria + 60-120 min estimate). Decision driven by
3-hypothesis analysis: (1) config-only swap surfaces new live-app
violations (color-contrast on DevIndexBadge, region landmarks),
(2) additive both-kept keeps handoff failures blocking CI,
(3) deferred migration with proper sprint task is cleanest path.
Both decision-matrix triggers from brief apply: risk of new
failures without follow-up plan + new CI infra requirement
(live dev server lifecycle).
Carryforward audit: 9 items still open from Audit #2 (all
P2/P3, no regressions). 11 Audit #2 items verified closed in
this audit (bf84568 aria fix, CTO-19 Lucide, Q.DEFER.001-004,
quirks #62/#72/#80, cron, RUNBOOK.md).
FIX-NOW this session: 0 commits (Pa11y deferred per matrix).
FIX-NOW earlier in audit: 1 commit (823da29 cspell inline).
FIX-DEFER documented: 25.
BLOCKED: 0.
Verdict: GREEN — 0 P0, sole P1 is methodology audit-fidelity gap
(Pa11y declared but not exercised against live code); axe-core
via Playwright in Phase 7 provides actual a11y coverage with 0
real prod issues against DevIndexBadge temp feature.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-14 07:38:25 +03:00
Дмитрий
4b4705295c
docs(audit): Phase 10-12 pre-prod/TODO/untracked findings (audit #3 )
2026-05-14 07:34:35 +03:00
Дмитрий
9d27783729
docs: commit untracked plan files + parse-bundle-analyze.mjs (audit #3 )
2026-05-14 07:29:47 +03:00
Дмитрий
51664a0aa4
docs(audit): Phase 9 bundle analyzer delta (audit #3 )
2026-05-14 07:27:36 +03:00
Дмитрий
ad89473331
docs(audit): Phase 8 coverage targeted (audit #3 )
2026-05-14 07:24:12 +03:00
Дмитрий
8fa545e113
docs(audit): Phase 7 a11y targeted Pa11y+axe-core (audit #3 )
2026-05-14 07:20:49 +03:00
Дмитрий
8ec7a8c116
docs(audit): Phase 6 cross-doc integrity findings (audit #3 )
2026-05-14 07:14:59 +03:00
Дмитрий
1f43beacc3
docs(audit): Phase 5 UI smoke 22-view Playwright sweep (audit #3 )
2026-05-14 07:12:48 +03:00
Дмитрий
9e2914a72d
docs(audit): Phase 4 security findings (audit #3 )
...
CI workflows: 3 (sast/dependency-check/trivy), unchanged from Audit #2 .
gitleaks delta (9e175a1..HEAD): 0 leaks / 18 commits.
gitleaks full history: 0 leaks / 426 commits.
gitleaks no-git app/: 1847 matches all in gitignored vendor/ +
phpstan-cache; P2: GITHUB_TOKEN env var captured in gitignored
nette DI container cache (not in git history, mitigations in place);
P3: generic-api-key FPs in phpstan.phar / cache suggest gitleaks.toml.
cspell-words.txt +3: nette, phar, serialises.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-14 06:29:31 +03:00
Дмитрий
93a3c667e0
docs(audit): Phase 3 schema integrity findings (audit #3 )
...
Query results A-G: root_tables=63 (61r+2p), partitions=12,
indexes=289, RLS=39, functions=5 (correct names), triggers=13
logical/19 total, orphan_FK=0. One P2 finding: schema.sql v8.20
header "62 базовые таблицы" drift → actual 63 (deals +
supplier_lead_costs both partitioned parents). All invariants
RLS/functions/orphan-FK pass.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-14 06:23:25 +03:00
Дмитрий
af97885266
docs(audit): Phase 2 test suite findings (audit #3 )
...
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-14 06:19:50 +03:00
Дмитрий
4a5ecb085a
docs(audit): Phase 1D SQL static analysis + Phase 1 итог (audit #3 )
...
squawk v2.51.0 — 0 issues (bin\squawk.exe db/schema.sql, exit 0).
pgFormatter — N/A (perl not in PATH, known Q.HARD.002 carryforward).
Phase 1 combined итог: P0=0 P1=0 P2=4 P3=2.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-14 06:13:04 +03:00
Дмитрий
823da293de
docs(audit): Phase 1C docs static analysis findings + cspell words (audit #3 )
...
markdownlint=0, cspell=0 (+3 words: shapkas/SUT/SUT's), lychee=318 OK/0 errors.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-14 06:09:29 +03:00
Дмитрий
362af8c981
docs(audit): Phase 1B frontend static analysis findings (audit #3 )
2026-05-14 06:06:54 +03:00
Дмитрий
85d79499e9
docs(audit): Phase 0 addendum + Phase 1A backend static analysis (audit #3 )
...
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-14 06:02:45 +03:00