liderra/portal
1
0
Fork 0
Code Issues Pull Requests Actions 70 Packages Projects Releases Wiki Activity

Compare commits

merge into: liderra/portal:worktree-brain-factor-completeness
Branches Tags
liderra/portal:main liderra/portal:worktree-brainrepo liderra/portal:feat/gate-allow-worktree-cd liderra/portal:worktree-prod-imitation-clients liderra/portal:fix/from-scratch-migrate-a11y-full liderra/portal:worktree-perplexity-pack liderra/portal:worktree-scratch-idle-session liderra/portal:a11y-public-revert liderra/portal:feat/a11y-ci-postgres liderra/portal:fix/rossvyaz-osetia liderra/portal:feat/rossvyaz-mapping-tail liderra/portal:fix/phone-ranges-staging-id liderra/portal:chore/lead-region-ops-force liderra/portal:feat/rossvyaz-region-mapping liderra/portal:feat/deals-city-region liderra/portal:feat/gate-dev-prod-rescope liderra/portal:worktree-lead-region-tails liderra/portal:worktree-discipline-guard liderra/portal:worktree-feat+lead-region-resolution liderra/portal:worktree-fix+api-400 liderra/portal:worktree-router-gate-v4-stream-h-close liderra/portal:worktree-brain-factor-completeness liderra/portal:backup-pre-v4-cleanup liderra/portal:feat/v4-stream-A liderra/portal:feat/v4-stream-D liderra/portal:feat/v4-stream-B liderra/portal:feat/v4-stream-E liderra/portal:feat/v4-stream-C liderra/portal:worktree-audit-rebuild-per-tenant-fix liderra/portal:feat/router-gate-hard-wall liderra/portal:feat/slepok-stage-4 liderra/portal:feat/slepok-stage-3 liderra/portal:deploy/stage-2-prod-2026-05-28 liderra/portal:feat/slepok-stage-2 liderra/portal:spike/graphify-2026-05-27 liderra/portal:feat/slepok-stage-1 liderra/portal:feat/a10-bi-tooling liderra/portal:rebase/spec-c-on-main liderra/portal:fix/supplier-platform-prefix liderra/portal:worktree-supplier-snapshot-guard liderra/portal:fix/enforce-9-holes liderra/portal:feat/brain-retro-2026-05-26 liderra/portal:fix/self-assessment-prompt-source liderra/portal:feat/untie-l-chains-normative liderra/portal:feat/billing-v2-spec-c liderra/portal:feat/enforce-hard-rules liderra/portal:feat/supplier-webhook-fixes liderra/portal:feat/llm-first-router liderra/portal:feat/legacy-webhook-removal liderra/portal:hotfix/pilot-incident-24-05 liderra/portal:feat/billing-v2-spec-b liderra/portal:fix/partition-rls-supplier-conn liderra/portal:feat/admin-tenant-balance-edit liderra/portal:feat/supplier-group-sync-fix liderra/portal:feat/billing-v2-spec-a liderra/portal:worktree-audit-p2-operational liderra/portal:worktree-c1-marketing-tooling liderra/portal:worktree-audit-p1-auth liderra/portal:worktree-audit-p0-pd liderra/portal:feat/root-domain-auto-link liderra/portal:worktree-fix-supplier-lead-limit-split liderra/portal:feat/registration-email-phone liderra/portal:feat/test-deploy liderra/portal:worktree-a8-infosec-tooling liderra/portal:worktree-observer-missed-activations liderra/portal:feat/project-migration-redesign liderra/portal:feat/observer-chain-attribution liderra/portal:worktree-a1-backend-tooling liderra/portal:feat/observer-v2-expansion liderra/portal:feat/automation-map-iter9 liderra/portal:feat/supplier-migration-followup liderra/portal:feat/brain-dashboard liderra/portal:feat/parallel-sessions-coordination liderra/portal:feat/supplier-project-failover liderra/portal:feat/anthropic-dev-tooling liderra/portal:feat/a4-design-tooling liderra/portal:worktree-discovery-interview liderra/portal:worktree-c10-business-process-tooling liderra/portal:worktree-adr006-icon-path-boundary liderra/portal:worktree-a11-ml-ai-tooling liderra/portal:feat/a3-integration-tooling liderra/portal:worktree-c9-project-management-tooling liderra/portal:worktree-sprint6-p3-polish liderra/portal:feat/a11-ml-ai-tooling liderra/portal:worktree-sprint5d-cleanup liderra/portal:feat/d3-audit-risk-tooling liderra/portal:worktree-sprint5c-billing-admin liderra/portal:feat/a6-architecture-tooling liderra/portal:worktree-sprint5b-layout-views liderra/portal:worktree-sprint5a-auth-polish liderra/portal:worktree-sprint4-historical-import liderra/portal:feat/sprint3f-api-middleware liderra/portal:feat/sprint3e-settings-tabs liderra/portal:feat/sprint3d-admin-actions liderra/portal:worktree-ruflo-recollage liderra/portal:feat/sprint3c-reports liderra/portal:feat/sprint3b-dashboard liderra/portal:feat/rls-tooling-boundary liderra/portal:feat/sprint3a-layout-nav liderra/portal:plan-6-regions liderra/portal:plan5-frontend-projects liderra/portal:worktree-agent-acf7791b6c7b304a9 liderra/portal:worktree-agent-aba2f178c9542f2cc liderra/portal:supplier-sync-plan3
liderra/portal:brain-llm-first-live liderra/portal:brain-pre-llm-bootstrap
..
pull from: liderra/portal:deploy/stage-2-prod-2026-05-28
Branches Tags
liderra/portal:main liderra/portal:worktree-brainrepo liderra/portal:feat/gate-allow-worktree-cd liderra/portal:worktree-prod-imitation-clients liderra/portal:fix/from-scratch-migrate-a11y-full liderra/portal:worktree-perplexity-pack liderra/portal:worktree-scratch-idle-session liderra/portal:a11y-public-revert liderra/portal:feat/a11y-ci-postgres liderra/portal:fix/rossvyaz-osetia liderra/portal:feat/rossvyaz-mapping-tail liderra/portal:fix/phone-ranges-staging-id liderra/portal:chore/lead-region-ops-force liderra/portal:feat/rossvyaz-region-mapping liderra/portal:feat/deals-city-region liderra/portal:feat/gate-dev-prod-rescope liderra/portal:worktree-lead-region-tails liderra/portal:worktree-discipline-guard liderra/portal:worktree-feat+lead-region-resolution liderra/portal:worktree-fix+api-400 liderra/portal:worktree-router-gate-v4-stream-h-close liderra/portal:worktree-brain-factor-completeness liderra/portal:backup-pre-v4-cleanup liderra/portal:feat/v4-stream-A liderra/portal:feat/v4-stream-D liderra/portal:feat/v4-stream-B liderra/portal:feat/v4-stream-E liderra/portal:feat/v4-stream-C liderra/portal:worktree-audit-rebuild-per-tenant-fix liderra/portal:feat/router-gate-hard-wall liderra/portal:feat/slepok-stage-4 liderra/portal:feat/slepok-stage-3 liderra/portal:deploy/stage-2-prod-2026-05-28 liderra/portal:feat/slepok-stage-2 liderra/portal:spike/graphify-2026-05-27 liderra/portal:feat/slepok-stage-1 liderra/portal:feat/a10-bi-tooling liderra/portal:rebase/spec-c-on-main liderra/portal:fix/supplier-platform-prefix liderra/portal:worktree-supplier-snapshot-guard liderra/portal:fix/enforce-9-holes liderra/portal:feat/brain-retro-2026-05-26 liderra/portal:fix/self-assessment-prompt-source liderra/portal:feat/untie-l-chains-normative liderra/portal:feat/billing-v2-spec-c liderra/portal:feat/enforce-hard-rules liderra/portal:feat/supplier-webhook-fixes liderra/portal:feat/llm-first-router liderra/portal:feat/legacy-webhook-removal liderra/portal:hotfix/pilot-incident-24-05 liderra/portal:feat/billing-v2-spec-b liderra/portal:fix/partition-rls-supplier-conn liderra/portal:feat/admin-tenant-balance-edit liderra/portal:feat/supplier-group-sync-fix liderra/portal:feat/billing-v2-spec-a liderra/portal:worktree-audit-p2-operational liderra/portal:worktree-c1-marketing-tooling liderra/portal:worktree-audit-p1-auth liderra/portal:worktree-audit-p0-pd liderra/portal:feat/root-domain-auto-link liderra/portal:worktree-fix-supplier-lead-limit-split liderra/portal:feat/registration-email-phone liderra/portal:feat/test-deploy liderra/portal:worktree-a8-infosec-tooling liderra/portal:worktree-observer-missed-activations liderra/portal:feat/project-migration-redesign liderra/portal:feat/observer-chain-attribution liderra/portal:worktree-a1-backend-tooling liderra/portal:feat/observer-v2-expansion liderra/portal:feat/automation-map-iter9 liderra/portal:feat/supplier-migration-followup liderra/portal:feat/brain-dashboard liderra/portal:feat/parallel-sessions-coordination liderra/portal:feat/supplier-project-failover liderra/portal:feat/anthropic-dev-tooling liderra/portal:feat/a4-design-tooling liderra/portal:worktree-discovery-interview liderra/portal:worktree-c10-business-process-tooling liderra/portal:worktree-adr006-icon-path-boundary liderra/portal:worktree-a11-ml-ai-tooling liderra/portal:feat/a3-integration-tooling liderra/portal:worktree-c9-project-management-tooling liderra/portal:worktree-sprint6-p3-polish liderra/portal:feat/a11-ml-ai-tooling liderra/portal:worktree-sprint5d-cleanup liderra/portal:feat/d3-audit-risk-tooling liderra/portal:worktree-sprint5c-billing-admin liderra/portal:feat/a6-architecture-tooling liderra/portal:worktree-sprint5b-layout-views liderra/portal:worktree-sprint5a-auth-polish liderra/portal:worktree-sprint4-historical-import liderra/portal:feat/sprint3f-api-middleware liderra/portal:feat/sprint3e-settings-tabs liderra/portal:feat/sprint3d-admin-actions liderra/portal:worktree-ruflo-recollage liderra/portal:feat/sprint3c-reports liderra/portal:feat/sprint3b-dashboard liderra/portal:feat/rls-tooling-boundary liderra/portal:feat/sprint3a-layout-nav liderra/portal:plan-6-regions liderra/portal:plan5-frontend-projects liderra/portal:worktree-agent-acf7791b6c7b304a9 liderra/portal:worktree-agent-aba2f178c9542f2cc liderra/portal:supplier-sync-plan3
liderra/portal:brain-llm-first-live liderra/portal:brain-pre-llm-bootstrap

1 Commits
worktree-brain-factor-completeness .. deploy/stage-2-prod-2026-05-28

Author SHA1 Message Date
Дмитрий bae2a9ae40 deploy: stage-2 prod artifacts (temp branch, will be deleted post-deploy) 2026-05-28 11:18:26 +03:00
312 changed files with 2683 additions and 43802 deletions
Expand all files Collapse all files
.claude/settings.json
+13 -93
View File
@@ -66,6 +66,16 @@
}
]
},
{
"matcher": "Edit|Write|MultiEdit|NotebookEdit|Bash|Task|Agent",
"hooks": [
{
"type": "command",
"command": "node tools/enforce-chain-recommendation.mjs",
"timeout": 5
}
]
},
{
"matcher": "Edit|Write|MultiEdit",
"hooks": [
@@ -95,86 +105,6 @@
"timeout": 5
}
]
},
{
"matcher": "Bash",
"hooks": [
{
"type": "command",
"command": "node tools/enforce-router-gate.mjs",
"timeout": 5
}
]
},
{
"matcher": "PowerShell",
"hooks": [
{
"type": "command",
"command": "node tools/enforce-powershell-gate.mjs",
"timeout": 5
}
]
},
{
"matcher": "Edit|Write|MultiEdit",
"hooks": [
{
"type": "command",
"command": "node tools/enforce-normative-content-rules.mjs",
"timeout": 5
}
]
},
{
"matcher": "Edit|Write",
"hooks": [
{
"type": "command",
"command": "node tools/enforce-tdd-real-test-verifier.mjs",
"timeout": 5
}
]
},
{
"matcher": "Edit|Write|MultiEdit|Bash",
"hooks": [
{
"type": "command",
"command": "node tools/enforce-self-debrief-detector.mjs",
"timeout": 5
}
]
},
{
"matcher": "AskUserQuestion",
"hooks": [
{
"type": "command",
"command": "node tools/askuser-cosmetic-detector.mjs",
"timeout": 5
}
]
},
{
"matcher": "mcp__.*",
"hooks": [
{
"type": "command",
"command": "node tools/enforce-mcp-classification.mjs",
"timeout": 5
}
]
},
{
"matcher": "Read",
"hooks": [
{
"type": "command",
"command": "node tools/enforce-read-path-deny.mjs",
"timeout": 5
}
]
}
],
"PostToolUse": [
@@ -220,16 +150,6 @@
"timeout": 5
}
]
},
{
"matcher": "Task",
"hooks": [
{
"type": "command",
"command": "node tools/enforce-subagent-return-scanner.mjs",
"timeout": 10
}
]
}
],
"Stop": [
@@ -264,7 +184,7 @@
"hooks": [
{
"type": "command",
"command": "node tools/enforce-todowrite-skill-verifier.mjs",
"command": "node tools/enforce-classifier-match.mjs",
"timeout": 5
}
]
@@ -273,8 +193,8 @@
"hooks": [
{
"type": "command",
"command": "node tools/cost-stop-hook.mjs",
"timeout": 10
"command": "node tools/enforce-graph-first.mjs",
"timeout": 5
}
]
}
.claude/skills/brain-retro/SKILL.md
+3 -6
View File
@@ -21,8 +21,8 @@ Aggregator over observer evidence. Reads JSONL + optional MD notes, surfaces can
## Procedure
> **MANDATORY DIGITAL ANALYSIS (added 2026-05-26 after retro #6 feedback; extended to 11 tables 2026-05-28; extended to 13 tables 2026-05-30 in Stream H Task 8).**
> Каждый прогон /brain-retro ОБЯЗАН включать **количественные срезы**, не только causal narrative. Минимум 13 цифровых таблиц:
> **MANDATORY DIGITAL ANALYSIS (added 2026-05-26 after retro #6 feedback).**
> Каждый прогон /brain-retro ОБЯЗАН включать **количественные срезы**, не только causal narrative. Минимум 10 цифровых таблиц:
>
> 1. **Path-type breakdown** (regulated vs improvised, со счётчиками и %).
> 2. **node_chosen distribution** (топ-15 узлов с count + %).
@@ -34,11 +34,8 @@ Aggregator over observer evidence. Reads JSONL + optional MD notes, surfaces can
> 8. **Class × canon coverage** — таблица класс задач × канонические узлы из мозга (`observer-classification-map.json`) × роутер рекомендовал × я реально взял × попало ли в канон. Источник — `result.classCanonCoverage` из analyzer.
> 9. **Router vs Opus** — три секции: A (роутер дал → Opus оценил, расхождение видно сразу), B (роутер молчал → Opus сказал «надо был скил»), C (роутер дал → Opus согласился что скил излишен). Источник — `result.routerVsOpus`.
> 10. **Chain-ignore breakdown** — отдельный срез: сколько раз роутер рекомендовал цепочку vs одиночный узел, какой % я игнорировал, и rework-rate каждого; bucket по длине цепочки (1/2/3+). Источник — `result.chainIgnoreBreakdown`.
> 11. **Chain-hook effectiveness** — парсит `~/.claude/runtime/hook-outcomes.jsonl` за период retro. Buckets: blocked / passed-with-skill / passed-inline-override / passed-global-override / passed-short-chain / passed-no-mutating. Источник — `result.chainHookEffectiveness` из analyzer. Источник правила — brain-retro #9 Candidate 2.
> 12. **Router-gate hook effectiveness (per-rule)** — счётчики fires + blocks по каждому `hook_fired.rule` в эпизодах за период (path-deny / git-conditional / branch-switch / etc). Помогает увидеть, какие правила реально стреляли и какой % fires заканчивался блокировкой. Источник — `result.routerGateHookEffectiveness` (Stream H Task 8). Без таблицы — нет видимости качества защит router-gate v4.
> 13. **Self-fabrication signals** — эпизоды, где `controller_claim` непустой (контроллер заявил действие) но `tool_uses` пуст или отсутствует (записи о реальном tool-call нет). 7 канонических паттернов фабрикации задокументированы в `docs/superpowers/runbooks/recovery-procedures.md` §5. Источник — `result.selfFabricationSignals` (Stream H Task 8).
>
> Без этих 13 таблиц retro считается недоделанным. Narrative-выводы должны опираться на цифры из них, не на «общие ощущения». **Если classifier_output=NULL > 30% эпизодов** — это сигнал, что классификатор сломан; в retro отдельным блоком отчитаться о состоянии классификатора (timeouts/errors/source distribution).
> Без этих 10 таблиц retro считается недоделанным. Narrative-выводы должны опираться на цифры из них, не на «общие ощущения». **Если classifier_output=NULL > 30% эпизодов** — это сигнал, что классификатор сломан; в retro отдельным блоком отчитаться о состоянии классификатора (timeouts/errors/source distribution).
>
> Запрет на жаргон для блока «Report to user»: цифры остаются техническими, словесные выводы пользователю — простым языком (см. memory `feedback_plain_language.md`).
.github/workflows/artisan-run.yml
-119
View File
@@ -1,119 +0,0 @@
name: Run artisan command on liderra.ru
# Universal artisan-runner для прод-команд пока прямой SSH с dev-машины
# заблокирован YC backbone-фильтром. Заказчик пишет команду строкой в
# workflow_dispatch input, workflow проверяет её по whitelist, выполняет на
# проде под sudo -u www-data, выводит результат в job summary.
#
# Whitelist охватывает read-only / dry-run / status команды без подтверждения
# плюс несколько mutating команд с обязательным confirm_apply=true.
#
# Любая команда вне whitelist'а → fail before SSH.
#
# Использует тот же LIDERRA_SSH_KEY что и deploy.yml/ssh-diagnose.yml.
on:
workflow_dispatch:
inputs:
command:
description: 'artisan-команда (например: supplier:rekey-orphans --dry-run)'
required: true
type: string
confirm_apply:
description: 'Подтверждаю выполнение mutating-команды (обязательно true для команд без --dry-run)'
required: false
default: false
type: boolean
jobs:
run:
name: ${{ github.event.inputs.command }}
runs-on: ubuntu-latest
timeout-minutes: 15
env:
LIDERRA_HOST: 111.88.246.137
LIDERRA_USER: ubuntu
CMD: ${{ github.event.inputs.command }}
CONFIRM: ${{ github.event.inputs.confirm_apply }}
steps:
- name: Whitelist check
run: |
set -euo pipefail
CMD_TRIM=$(echo "$CMD" | sed 's/^ *//;s/ *$//')
echo "Requested: '$CMD_TRIM'"
# Group 1 — read-only / dry-run / inspection: всегда разрешены
READ_ONLY_RE='^(migrate:status|route:list|schedule:list|queue:listen --help|about|env:show|config:show|cache:table|view:cache|optimize:status|snapshot:backfill( --date=20[2-9][0-9]-[0-1][0-9]-[0-3][0-9])?|scheduler:check-heartbeats|incidents:watch-failures( --threshold-spike=[0-9]+)?( --threshold-daily=[0-9]+)?( --persistent-hours=[0-9]+)?|supplier:rekey-orphans --dry-run|audit:verify-chains|audit:rebuild-chain --partition=[a-z_0-9]+ --from-id=[0-9]+ --dry-run)( *)$'
# Group 2 — mutating: требуют confirm_apply=true
MUTATING_RE='^(supplier:rekey-orphans|cache:clear|view:clear|config:clear|route:clear|optimize:clear|optimize|queue:restart|partitions:create-months( --months=[0-9]+)?|partitions:drop-old|audit:rebuild-chain --partition=[a-z_0-9]+ --from-id=[0-9]+( --force)?)( *)$'
if [[ "$CMD_TRIM" =~ $READ_ONLY_RE ]]; then
echo "::notice::Command in read-only whitelist — proceeding."
exit 0
fi
if [[ "$CMD_TRIM" =~ $MUTATING_RE ]]; then
if [[ "$CONFIRM" != "true" ]]; then
echo "::error::Mutating command '$CMD_TRIM' requires confirm_apply=true. Re-run with confirm_apply checked."
exit 1
fi
echo "::warning::Mutating command authorized via confirm_apply=true."
exit 0
fi
echo "::error::Command '$CMD_TRIM' is NOT in whitelist. Allowed read-only patterns: $READ_ONLY_RE. Allowed mutating: $MUTATING_RE. Add to whitelist if needed."
exit 1
- name: Setup SSH key
run: |
mkdir -p ~/.ssh
echo "${{ secrets.LIDERRA_SSH_KEY }}" > ~/.ssh/liderra_deploy
chmod 600 ~/.ssh/liderra_deploy
ssh-keyscan -H ${{ env.LIDERRA_HOST }} >> ~/.ssh/known_hosts 2>/dev/null
- name: Run artisan on prod
run: |
set -o pipefail
CMD_B64=$(printf '%s' "$CMD" | base64 -w0)
ssh -i ~/.ssh/liderra_deploy ${{ env.LIDERRA_USER }}@${{ env.LIDERRA_HOST }} \
"CMD_B64='$CMD_B64' bash -s" <<'REMOTE' | tee /tmp/artisan-output.log
set +e
CMD=$(echo "$CMD_B64" | base64 -d)
cd /var/www/liderra/app
echo "=== Running: php artisan $CMD on $(hostname) at $(date -u) ==="
sudo -u www-data php artisan $CMD 2>&1
RC=$?
echo
echo "=== Exit code: $RC ==="
exit $RC
REMOTE
- name: Print summary
if: always()
run: |
{
echo "## artisan \`$CMD\`"
echo
echo "- Host: $LIDERRA_HOST"
echo "- Confirm: $CONFIRM"
echo "- Triggered by: ${{ github.actor }}"
echo
echo '```'
cat /tmp/artisan-output.log 2>/dev/null || echo "(no output captured)"
echo '```'
} >> "$GITHUB_STEP_SUMMARY"
- name: Upload output as artifact
if: always()
uses: actions/upload-artifact@v4
with:
name: artisan-output
path: /tmp/artisan-output.log
retention-days: 30
- name: Cleanup SSH key
if: always()
run: rm -f ~/.ssh/liderra_deploy
.github/workflows/deploy.yml
-229
View File
@@ -1,229 +0,0 @@
name: Deploy to liderra.ru
# Запускается вручную через web-интерфейс GitHub или через `gh workflow run`.
# Решает проблему «дев-машина не достучится по SSH до прод-сервера через YC backbone»:
# GitHub Actions runner — внешний по отношению к YC, его IP не блокируется тем
# фильтром что блокирует мой dev-IP `89.144.17.119`.
#
# Требуемые secrets (Settings → Secrets and variables → Actions):
# LIDERRA_SSH_KEY — содержимое приватного ключа `~/.ssh/liderra_deploy`
# (начинается с `-----BEGIN OPENSSH PRIVATE KEY-----`).
# Host/user захардкожены — публичная информация, нет смысла в secrets.
on:
workflow_dispatch:
inputs:
ref:
description: 'Branch/tag/SHA для деплоя (по умолчанию main)'
required: true
default: 'main'
type: string
backfill_snapshot:
description: 'Запустить snapshot:backfill за сегодня (default yes)'
required: false
default: true
type: boolean
jobs:
deploy:
name: Deploy code + run redeploy.sh
runs-on: ubuntu-latest
timeout-minutes: 20
concurrency:
group: liderra-prod-deploy
cancel-in-progress: false
env:
LIDERRA_HOST: 111.88.246.137
LIDERRA_USER: ubuntu
steps:
- name: Checkout
uses: actions/checkout@v4
with:
ref: ${{ github.event.inputs.ref }}
- name: Setup Node 22
uses: actions/setup-node@v4
with:
node-version: '22'
cache: 'npm'
cache-dependency-path: app/package-lock.json
- name: Install frontend deps
# --legacy-peer-deps: Histoire 1.0-beta.1 заявляет peerDep vite ^7,
# установлено vite 8 — известный квирк проекта (memory feedback_environment.md #74).
working-directory: app
run: npm ci --legacy-peer-deps
- name: Build frontend
working-directory: app
run: npm run build
- name: Verify build artifacts present
run: |
test -f app/public/build/manifest.json
ls app/public/build/assets/ | head -5
du -sh app/public/build/
- name: Create deploy tarball
run: |
tar czf /tmp/deploy.tgz \
--exclude='app/.env' \
--exclude='app/.env.example' \
--exclude='app/.env.production' \
--exclude='app/storage' \
--exclude='app/vendor' \
--exclude='app/node_modules' \
--exclude='app/bootstrap/cache' \
app db
ls -lh /tmp/deploy.tgz
- name: Setup SSH key
run: |
mkdir -p ~/.ssh
echo "${{ secrets.LIDERRA_SSH_KEY }}" > ~/.ssh/liderra_deploy
chmod 600 ~/.ssh/liderra_deploy
ssh-keyscan -H ${{ env.LIDERRA_HOST }} >> ~/.ssh/known_hosts 2>/dev/null
- name: Upload tarball to prod
run: |
scp -i ~/.ssh/liderra_deploy -o StrictHostKeyChecking=accept-new \
/tmp/deploy.tgz ${{ env.LIDERRA_USER }}@${{ env.LIDERRA_HOST }}:/tmp/deploy.tgz
- name: Pre-apply partitioned migrations via postgres superuser
# Workaround for partitioned-table migrations:
# 2026_05_27_120000_create_project_routing_snapshots_table.php has SET ROLE crm_migrator
# which fails when pgsql connection = crm_app_user (not a member of crm_migrator),
# poisoning the transaction. Established prod pattern (memory: paused_at migration 26.05):
# apply schema via sudo -u postgres psql + insert into migrations table.
# Idempotent — skips if already applied.
run: |
ssh -i ~/.ssh/liderra_deploy ${{ env.LIDERRA_USER }}@${{ env.LIDERRA_HOST }} 'bash -s' <<'REMOTE'
set -euo pipefail
MIG_NAME='2026_05_27_120000_create_project_routing_snapshots_table'
ALREADY=$(sudo -u postgres psql -d liderra -tAc \
"SELECT 1 FROM migrations WHERE migration = '${MIG_NAME}' LIMIT 1")
if [ "${ALREADY}" = "1" ]; then
echo "Migration ${MIG_NAME} already in migrations table — skipping."
exit 0
fi
TABLE_EXISTS=$(sudo -u postgres psql -d liderra -tAc \
"SELECT 1 FROM information_schema.tables WHERE table_name='project_routing_snapshots' LIMIT 1")
if [ "${TABLE_EXISTS}" != "1" ]; then
echo "Applying CREATE TABLE project_routing_snapshots via postgres superuser..."
sudo -u postgres psql -d liderra -v ON_ERROR_STOP=1 <<'PSQL'
BEGIN;
CREATE TABLE project_routing_snapshots (
snapshot_date DATE NOT NULL,
project_id BIGINT NOT NULL,
tenant_id BIGINT NOT NULL,
daily_limit INT NOT NULL CHECK (daily_limit >= 0),
delivery_days_mask INT NOT NULL CHECK (delivery_days_mask BETWEEN 0 AND 127),
regions INT[] NOT NULL DEFAULT '{}',
signal_type TEXT NOT NULL CHECK (signal_type IN ('call','site','sms')),
signal_identifier TEXT,
sms_senders JSONB,
sms_keyword TEXT,
expected_volume INT NOT NULL CHECK (expected_volume >= 0),
delivered_count INT NOT NULL DEFAULT 0 CHECK (delivered_count >= 0),
created_at TIMESTAMP NOT NULL DEFAULT NOW(),
PRIMARY KEY (snapshot_date, project_id),
FOREIGN KEY (tenant_id) REFERENCES tenants(id) ON DELETE CASCADE
) PARTITION BY RANGE (snapshot_date);
ALTER TABLE project_routing_snapshots OWNER TO crm_migrator;
CREATE INDEX project_routing_snapshots_tenant_date_idx
ON project_routing_snapshots (tenant_id, snapshot_date);
CREATE INDEX project_routing_snapshots_signal_idx
ON project_routing_snapshots (snapshot_date, signal_type, lower(signal_identifier));
ALTER TABLE project_routing_snapshots ENABLE ROW LEVEL SECURITY;
CREATE POLICY project_routing_snapshots_tenant_isolation
ON project_routing_snapshots
USING (tenant_id = current_setting('app.current_tenant_id', true)::bigint);
GRANT SELECT, INSERT, UPDATE ON project_routing_snapshots TO crm_app_user;
GRANT SELECT, INSERT, UPDATE, DELETE ON project_routing_snapshots TO crm_supplier_worker;
CREATE TABLE project_routing_snapshots_y2026_m05
PARTITION OF project_routing_snapshots
FOR VALUES FROM ('2026-05-01') TO ('2026-06-01');
CREATE TABLE project_routing_snapshots_y2026_m06
PARTITION OF project_routing_snapshots
FOR VALUES FROM ('2026-06-01') TO ('2026-07-01');
ALTER TABLE project_routing_snapshots_y2026_m05 OWNER TO crm_migrator;
ALTER TABLE project_routing_snapshots_y2026_m06 OWNER TO crm_migrator;
INSERT INTO system_settings (key, value, type, description, updated_at)
VALUES ('partition_retention_months_project_routing_snapshots', '3', 'int',
'Retention в месяцах для project_routing_snapshots (90 дней)', NOW())
ON CONFLICT (key) DO NOTHING;
COMMIT;
PSQL
else
echo "Table project_routing_snapshots already exists but migration not marked — marking only."
fi
# Mark migration as applied so Laravel migrate skips it.
# Laravel's migrations table has no UNIQUE on `migration` column, so
# ON CONFLICT doesn't work — use INSERT...SELECT WHERE NOT EXISTS for idempotency.
NEXT_BATCH=$(sudo -u postgres psql -d liderra -tAc "SELECT COALESCE(MAX(batch),0)+1 FROM migrations")
sudo -u postgres psql -d liderra -c \
"INSERT INTO migrations (migration, batch) SELECT '${MIG_NAME}', ${NEXT_BATCH} WHERE NOT EXISTS (SELECT 1 FROM migrations WHERE migration='${MIG_NAME}');"
echo "Marked ${MIG_NAME} as applied (batch ${NEXT_BATCH})"
REMOTE
- name: Extract + run redeploy.sh on prod
run: |
ssh -i ~/.ssh/liderra_deploy ${{ env.LIDERRA_USER }}@${{ env.LIDERRA_HOST }} 'bash -s' <<'REMOTE'
set -euo pipefail
TS=$(date -u +%Y%m%d-%H%M%S)
echo "=== Backup current app ==="
sudo tar czf /home/ubuntu/deploy-backups/app-pre-deploy-${TS}.tgz \
--exclude='storage' --exclude='vendor' --exclude='node_modules' --exclude='public/build' \
-C /var/www/liderra app
ls -lh /home/ubuntu/deploy-backups/app-pre-deploy-${TS}.tgz
echo "=== Extract overlay ==="
cd /var/www/liderra
sudo tar xzf /tmp/deploy.tgz
sudo chown -R www-data:www-data /var/www/liderra/app /var/www/liderra/db
echo "=== redeploy.sh (composer + migrate + optimize + restart) ==="
sudo bash /var/www/liderra/redeploy.sh
rm -f /tmp/deploy.tgz
REMOTE
- name: Backfill today's snapshot
if: ${{ github.event.inputs.backfill_snapshot != 'false' }}
run: |
ssh -i ~/.ssh/liderra_deploy ${{ env.LIDERRA_USER }}@${{ env.LIDERRA_HOST }} 'bash -s' <<'REMOTE'
set -e
cd /var/www/liderra/app
sudo -u www-data php artisan snapshot:backfill --date=$(date +%Y-%m-%d) || \
echo "WARN: backfill returned non-zero — проверь вручную"
REMOTE
- name: Smoke tests
run: |
ssh -i ~/.ssh/liderra_deploy ${{ env.LIDERRA_USER }}@${{ env.LIDERRA_HOST }} 'bash -s' <<'REMOTE'
set -e
cd /var/www/liderra/app
echo '=== Migrations status (last 5) ==='
sudo -u www-data php artisan migrate:status 2>&1 | tail -5
echo '=== Snapshots count (last 3 dates) ==='
sudo -u postgres psql -d liderra -c "SELECT snapshot_date, COUNT(*) AS rows FROM project_routing_snapshots GROUP BY 1 ORDER BY 1 DESC LIMIT 3;" || true
echo '=== Service status ==='
systemctl is-active nginx php8.3-fpm postgresql liderra-queue
echo '=== Internal portal health ==='
curl -sf -o /dev/null -w 'https=%{http_code} time=%{time_total}s\n' --max-time 8 https://127.0.0.1/ -k || true
REMOTE
- name: External portal health (from runner)
run: |
curl -sf -o /dev/null -w 'external https=%{http_code} time=%{time_total}s\n' \
--max-time 15 https://liderra.ru/ || echo "external health returned non-zero"
- name: Cleanup SSH key
if: always()
run: rm -f ~/.ssh/liderra_deploy
.github/workflows/disk-recover.yml
-213
View File
@@ -1,213 +0,0 @@
name: Disk-full recovery on liderra.ru
# Incident response: PG в PANIC loop из-за / диск 100%.
# 1) Диагностика: что где лежит (top-20 крупных, du по /var/log)
# 2) Безопасная чистка:
# - truncate /var/log/postgresql/postgresql-16-main.log (PG в PANIC, не пишет, inode preserved)
# - journalctl --vacuum-size=200M
# - старые ротированные *.gz логи nginx >7 дней
# - apt-get clean
# - Laravel storage/logs *.log >7 дней
# 3) Final df check + PG probe.
#
# Триггер: gh workflow run disk-recover.yml -f confirm_apply=true
on:
workflow_dispatch:
inputs:
confirm_apply:
description: 'Подтверждаю удаление логов на проде'
required: true
default: 'false'
type: boolean
jobs:
recover:
runs-on: ubuntu-latest
timeout-minutes: 10
env:
LIDERRA_HOST: 111.88.246.137
LIDERRA_USER: ubuntu
CONFIRM: ${{ github.event.inputs.confirm_apply }}
steps:
- name: Guard
run: |
if [[ "$CONFIRM" != "true" ]]; then
echo "::error::confirm_apply=true required (this workflow mutates disk on prod)"
exit 1
fi
- name: Setup SSH key
run: |
mkdir -p ~/.ssh
echo "${{ secrets.LIDERRA_SSH_KEY }}" > ~/.ssh/liderra_deploy
chmod 600 ~/.ssh/liderra_deploy
ssh-keyscan -H ${{ env.LIDERRA_HOST }} >> ~/.ssh/known_hosts 2>/dev/null
- name: Diagnose + cleanup
run: |
ssh -i ~/.ssh/liderra_deploy ${{ env.LIDERRA_USER }}@${{ env.LIDERRA_HOST }} \
"bash -s" <<'REMOTE' | tee /tmp/recover.log
set +e
echo "=== A. BEFORE: df -h / ==="
df -h / /var /var/lib/postgresql 2>&1 | head -10
echo
echo "=== B. Top-20 largest files in /var (>50M) ==="
sudo find /var -xdev -type f -size +50M -printf "%s %p\n" 2>/dev/null | sort -rn | head -20 | awk '{printf "%8.1f MB %s\n", $1/1024/1024, $2}'
echo
echo "=== C. du /var/log/ top-15 directories ==="
sudo du -sh /var/log/*/ 2>/dev/null | sort -rh | head -15
echo
echo "=== D. du /var/log/postgresql/* (individual files) ==="
sudo du -sh /var/log/postgresql/* 2>/dev/null | sort -rh | head -10
echo
echo "=== E. journalctl disk usage ==="
sudo journalctl --disk-usage 2>&1
echo
echo "=== F. /var/lib/postgresql/16/main top-15 subdirs ==="
sudo du -sh /var/lib/postgresql/16/main/*/ 2>/dev/null | sort -rh | head -15
echo
echo "=== G. /var/www top-10 if exists ==="
sudo du -sh /var/www/*/ 2>/dev/null | sort -rh | head -10
sudo du -sh /var/www/lidpotok/storage/logs/ 2>/dev/null
echo
echo "=== H. apt cache + tmp ==="
sudo du -sh /var/cache/apt/archives/ /tmp/ /var/tmp/ 2>/dev/null
echo
echo "=========================================="
echo "=== STARTING CLEANUP (confirm_apply=true) ==="
echo "=========================================="
echo
echo "=== 1a. PRIORITY: Truncate laravel.log (8.7 GB!) and rotated copies ==="
for f in /var/www/liderra/app/storage/logs/laravel.log /var/www/liderra/app/storage/logs/laravel.log.1; do
if [[ -f "$f" ]]; then
BEFORE=$(sudo du -m "$f" | cut -f1)
echo "BEFORE: $f = $BEFORE MB"
sudo bash -c ": > '$f'" 2>&1 || sudo truncate -s 0 "$f"
AFTER=$(sudo du -m "$f" | cut -f1)
echo "AFTER: $f = $AFTER MB"
fi
done
# Старые laravel-* (если daily-rotated)
sudo find /var/www/liderra/app/storage/logs -name "laravel-*.log" -mtime +3 -print -delete 2>&1 | head -10
echo
echo "=== 1b. Truncate PG audit log via sudo bash redirect (workaround) ==="
if [[ -f /var/log/postgresql/postgresql-16-main.log ]]; then
BEFORE=$(sudo du -m /var/log/postgresql/postgresql-16-main.log | cut -f1)
echo "BEFORE: $BEFORE MB"
sudo bash -c ': > /var/log/postgresql/postgresql-16-main.log' 2>&1
AFTER=$(sudo du -m /var/log/postgresql/postgresql-16-main.log | cut -f1)
echo "AFTER: $AFTER MB"
fi
sudo find /var/log/postgresql -type f \( -name "*.gz" -o -name "*.log.[0-9]*" \) -delete 2>&1
echo
echo "=== 1c. Truncate syslog (525M) ==="
sudo bash -c ': > /var/log/syslog' 2>&1
echo "syslog now: $(sudo du -m /var/log/syslog 2>/dev/null | cut -f1) MB"
echo
echo "=== 1d. Remove playwright dev cache (~440M, не нужен в проде) ==="
if [[ -d /var/www/.cache/ms-playwright ]]; then
sudo du -sh /var/www/.cache/ms-playwright 2>&1
sudo rm -rf /var/www/.cache/ms-playwright
echo "removed"
fi
echo
echo "=== 2. journalctl vacuum --size=200M ==="
sudo journalctl --vacuum-size=200M 2>&1 | tail -10
echo
echo "=== 3. nginx old rotated logs (gz files >3 days) ==="
sudo find /var/log/nginx -name "*.gz" -mtime +3 -print -delete 2>&1 | head -20
echo
# current access.log если >500M — truncate (nginx переоткрывает по reopen signal)
for f in /var/log/nginx/access.log /var/log/nginx/error.log; do
if [[ -f "$f" ]]; then
SIZE_MB=$(sudo du -m "$f" | cut -f1)
if [[ $SIZE_MB -gt 500 ]]; then
echo "Truncating $f ($SIZE_MB MB)"
sudo truncate -s 0 "$f"
fi
fi
done
echo
echo "=== 4. apt-get clean ==="
sudo apt-get clean 2>&1 | tail -5
echo
echo "=== 5. Laravel storage/logs *.log older 7 days ==="
if [[ -d /var/www/lidpotok ]]; then
sudo find /var/www/lidpotok -path '*/storage/logs/*.log' -mtime +7 -print -delete 2>&1 | head -20
fi
for d in /var/www/*/; do
if [[ -d "$d/storage/logs" ]]; then
for f in "$d"/storage/logs/laravel.log "$d"/storage/logs/worker.log; do
if [[ -f "$f" ]]; then
SIZE_MB=$(sudo du -m "$f" | cut -f1)
if [[ $SIZE_MB -gt 200 ]]; then
echo "Truncating $f ($SIZE_MB MB)"
sudo truncate -s 0 "$f"
fi
fi
done
fi
done
echo
echo "=== 6. Old rotated *.1 *.2 *.gz logs >50M anywhere in /var/log ==="
sudo find /var/log -type f \( -name "*.1" -o -name "*.2" -o -name "*.3" -o -name "*.gz" \) -size +50M -print -delete 2>&1 | head -20
echo
echo "=========================================="
echo "=== AFTER CLEANUP ==="
echo "=========================================="
echo "=== Z1. df -h / ==="
df -h / /var /var/lib/postgresql 2>&1 | head -10
echo
echo "=== Z2. PG status quick check ==="
sudo systemctl status postgresql@16-main --no-pager 2>&1 | head -10
echo
echo "=== Z3. PG probe ==="
sleep 5
sudo -u postgres psql -d liderra -c "SELECT 1 AS probe, NOW() AS ts" 2>&1
echo
echo "=== Z4. HTTPS probe ==="
curl -sI -o /dev/null -w "HTTP %{http_code}\nTotal: %{time_total}s\n" https://liderra.ru/ --max-time 10
echo
echo "=== DONE ==="
REMOTE
- name: Print summary
if: always()
run: |
{
echo "## Disk recovery on liderra.ru"
echo
echo '```'
cat /tmp/recover.log 2>/dev/null || echo "(no log captured)"
echo '```'
} >> "$GITHUB_STEP_SUMMARY"
- name: Cleanup SSH key
if: always()
run: rm -f ~/.ssh/liderra_deploy
.github/workflows/disk-usage-alert.yml
-109
View File
@@ -1,109 +0,0 @@
name: Disk usage alert (prod liderra.ru)
# Incident prevention: 29.05.2026 диск заполнился до 100% за сутки → 4h prod downtime.
# Этот workflow проверяет df -h / каждые 30 минут.
# Threshold: 85% → создаёт row в incidents_log (read by ops monitoring).
# 95% → marks как severity=critical для приоритетного alert'а.
#
# Ref: docs/incidents/2026-05-29-disk-full-pg-recovery.md §5
on:
schedule:
# Every 30 minutes (Mondays-Sundays). At :00 и :30 каждого часа UTC.
- cron: '*/30 * * * *'
workflow_dispatch:
inputs:
threshold:
description: 'Override threshold % (default 85)'
required: false
default: '85'
type: string
jobs:
check:
runs-on: ubuntu-latest
timeout-minutes: 3
env:
LIDERRA_HOST: 111.88.246.137
LIDERRA_USER: ubuntu
THRESHOLD: ${{ github.event.inputs.threshold || '85' }}
steps:
- name: Setup SSH key
run: |
mkdir -p ~/.ssh
echo "${{ secrets.LIDERRA_SSH_KEY }}" > ~/.ssh/liderra_deploy
chmod 600 ~/.ssh/liderra_deploy
ssh-keyscan -H ${{ env.LIDERRA_HOST }} >> ~/.ssh/known_hosts 2>/dev/null
- name: Check disk usage on prod
id: check
run: |
set -o pipefail
OUTPUT=$(ssh -i ~/.ssh/liderra_deploy ${{ env.LIDERRA_USER }}@${{ env.LIDERRA_HOST }} "df -h / | awk 'NR==2 {gsub(\"%\",\"\",\$5); print \$2\" \"\$3\" \"\$4\" \"\$5}'")
read SIZE USED AVAIL PCT <<< "$OUTPUT"
echo "size=$SIZE used=$USED avail=$AVAIL pct=$PCT"
echo "pct=$PCT" >> $GITHUB_OUTPUT
echo "size=$SIZE" >> $GITHUB_OUTPUT
echo "used=$USED" >> $GITHUB_OUTPUT
echo "avail=$AVAIL" >> $GITHUB_OUTPUT
if [[ -z "$PCT" ]]; then
echo "::error::Could not parse df output"
exit 1
fi
if [[ "$PCT" -ge 95 ]]; then
echo "severity=critical" >> $GITHUB_OUTPUT
echo "::error::Disk usage CRITICAL: $PCT% (size=$SIZE used=$USED avail=$AVAIL)"
elif [[ "$PCT" -ge "$THRESHOLD" ]]; then
echo "severity=warning" >> $GITHUB_OUTPUT
echo "::warning::Disk usage HIGH: $PCT% (threshold $THRESHOLD%, size=$SIZE used=$USED avail=$AVAIL)"
else
echo "severity=ok" >> $GITHUB_OUTPUT
echo "::notice::Disk usage OK: $PCT% (size=$SIZE used=$USED avail=$AVAIL)"
fi
- name: Record incident if >= threshold
if: steps.check.outputs.severity != 'ok'
run: |
PCT="${{ steps.check.outputs.pct }}"
SIZE="${{ steps.check.outputs.size }}"
USED="${{ steps.check.outputs.used }}"
AVAIL="${{ steps.check.outputs.avail }}"
SEVERITY="${{ steps.check.outputs.severity }}"
# Note: incidents_log table requires INSERT path through Laravel app.
# GitHub Step Summary serves as primary alert; Telegram bot watches
# GitHub Actions notifications. Future: extend sql-runner whitelist
# для INSERT into incidents_log.
{
echo "## 🚨 Disk usage alert — severity=$SEVERITY ($PCT%)"
echo
echo "- Host: ${{ env.LIDERRA_HOST }}"
echo "- Filesystem: /"
echo "- Size: $SIZE"
echo "- Used: $USED"
echo "- Available: $AVAIL"
echo "- Threshold: ${{ env.THRESHOLD }}%"
echo "- Time UTC: $(date -u)"
echo
echo "**Action required:** Investigate via pg-diagnose.yml workflow."
echo
echo "Likely causes (from incident 2026-05-29):"
echo "- /var/www/liderra/app/storage/logs/laravel.log — Laravel exception accumulation"
echo "- /var/log/postgresql/postgresql-16-main.log — pg_audit verbose logging"
echo "- /var/log/syslog — kernel + service logs"
echo "- /var/www/.cache/ — dev caches leaked to prod"
} >> "$GITHUB_STEP_SUMMARY"
# Fail the job чтобы GitHub Actions подсветило red — это серфисится
# через GitHub notifications (email/desktop/telegram bot).
if [[ "$SEVERITY" == "critical" ]]; then
exit 1
fi
- name: Cleanup SSH key
if: always()
run: rm -f ~/.ssh/liderra_deploy
.github/workflows/f1-apply-via-superuser.yml
-113
View File
@@ -1,113 +0,0 @@
name: Apply F1 audit-chain advisory-lock migration via postgres superuser
# Incident response: redeploy.yml fails on F1 migration because crm_migrator role
# lacks privilege to CREATE OR REPLACE FUNCTION в schema public.
# This workflow applies F1 migration SQL directly via sudo -u postgres psql,
# then INSERTs the migration row so subsequent `php artisan migrate` skips it.
#
# Ref: docs/superpowers/plans/2026-05-29-audit-chain-race-fix.md Task 2
# Migration file: app/database/migrations/2026_05_30_000001_add_advisory_lock_to_audit_chain_hash.php
on:
workflow_dispatch:
inputs:
confirm_apply:
description: 'Подтверждаю применение F1 миграции на проде'
required: true
default: 'false'
type: boolean
jobs:
apply:
runs-on: ubuntu-latest
timeout-minutes: 5
env:
LIDERRA_HOST: 111.88.246.137
LIDERRA_USER: ubuntu
CONFIRM: ${{ github.event.inputs.confirm_apply }}
steps:
- name: Guard
run: |
if [[ "$CONFIRM" != "true" ]]; then
echo "::error::confirm_apply=true required"
exit 1
fi
- name: Setup SSH key
run: |
mkdir -p ~/.ssh
echo "${{ secrets.LIDERRA_SSH_KEY }}" > ~/.ssh/liderra_deploy
chmod 600 ~/.ssh/liderra_deploy
ssh-keyscan -H ${{ env.LIDERRA_HOST }} >> ~/.ssh/known_hosts 2>/dev/null
- name: Apply F1 SQL + register migration
run: |
ssh -i ~/.ssh/liderra_deploy ${{ env.LIDERRA_USER }}@${{ env.LIDERRA_HOST }} \
"bash -s" <<'REMOTE' | tee /tmp/f1-apply.log
set +e
echo "=== 1. BEFORE: current audit_chain_hash function source ==="
sudo -u postgres psql -d liderra -c "\df+ public.audit_chain_hash" 2>&1 | head -20
echo
echo "=== 2. Apply F1 advisory-lock migration via sudo -u postgres ==="
sudo -u postgres psql -d liderra <<'SQL'
CREATE OR REPLACE FUNCTION public.audit_chain_hash() RETURNS trigger AS $$
DECLARE
prev_hash BYTEA;
lock_key BIGINT;
BEGIN
lock_key := ('x' || lpad(to_hex(TG_RELID::int), 16, '0'))::bit(64)::bigint;
PERFORM pg_advisory_xact_lock(lock_key);
EXECUTE format(
'SELECT log_hash FROM %I ORDER BY id DESC LIMIT 1',
TG_TABLE_NAME
) INTO prev_hash;
NEW.log_hash := digest(
COALESCE(prev_hash, ''::bytea) || NEW::text::bytea,
'sha256'
);
RETURN NEW;
END;
$$ LANGUAGE plpgsql;
SQL
APPLY_RC=$?
echo "Apply RC: $APPLY_RC"
echo
echo "=== 3. Verify function now contains pg_advisory_xact_lock ==="
sudo -u postgres psql -d liderra -c "SELECT pg_get_functiondef('public.audit_chain_hash'::regproc) LIKE '%pg_advisory_xact_lock%' AS has_lock"
echo
echo "=== 4. Register migration row (skip if already exists) ==="
sudo -u postgres psql -d liderra <<'SQL'
INSERT INTO migrations (migration, batch)
SELECT '2026_05_30_000001_add_advisory_lock_to_audit_chain_hash', COALESCE(MAX(batch),0)+1 FROM migrations
WHERE NOT EXISTS (
SELECT 1 FROM migrations WHERE migration = '2026_05_30_000001_add_advisory_lock_to_audit_chain_hash'
);
SELECT migration, batch FROM migrations WHERE migration LIKE '%advisory_lock%';
SQL
echo
echo "=== DONE ==="
REMOTE
- name: Print summary
if: always()
run: |
{
echo "## F1 migration apply"
echo
echo '```'
cat /tmp/f1-apply.log 2>/dev/null || echo "(no log)"
echo '```'
} >> "$GITHUB_STEP_SUMMARY"
- name: Cleanup SSH key
if: always()
run: rm -f ~/.ssh/liderra_deploy
.github/workflows/f1-rebuild-via-superuser.yml
-221
View File
@@ -1,221 +0,0 @@
name: Rebuild audit hash chain via postgres superuser (F1 cleanup)
# Closes deferred F1 item from docs/incidents/2026-05-29-disk-full-pg-recovery.md §4.1.
# Sequential hash recomputation в plpgsql DO-блоке через sudo -u postgres psql.
# Identical алгоритм с trigger audit_chain_hash() (post-F1 advisory-lock version),
# но применённый к existing rows.
#
# Использование:
# gh workflow run f1-rebuild-via-superuser.yml \
# -f partition=activity_log_y2026_m05 -f from_id=599 -f confirm_apply=true
#
# Safety:
# - Partition name whitelist (только заранее известные сломанные партиции).
# - dry_run=true mode показывает count + anchor prev_hash без UPDATE.
# - Trigger audit_chain_hash отключён через SET LOCAL session_replication_role=replica
# (постоянный disable невозможен — после COMMIT триггер опять активен).
# - audit_block_mutation также подавлен через session_replication_role=replica.
on:
workflow_dispatch:
inputs:
partition:
description: 'Partition name (whitelist: activity_log_y2026_m05, balance_transactions_y2026_m05)'
required: true
type: string
from_id:
description: 'First broken id (rebuild from here onward)'
required: true
type: string
dry_run:
description: 'Dry-run (показать count + anchor без UPDATE)'
required: false
default: 'false'
type: boolean
confirm_apply:
description: 'Подтверждаю rebuild на проде (требуется если dry_run=false)'
required: false
default: 'false'
type: boolean
jobs:
rebuild:
runs-on: ubuntu-latest
timeout-minutes: 15
env:
LIDERRA_HOST: 111.88.246.137
LIDERRA_USER: ubuntu
PARTITION: ${{ github.event.inputs.partition }}
FROM_ID: ${{ github.event.inputs.from_id }}
DRY_RUN: ${{ github.event.inputs.dry_run }}
CONFIRM: ${{ github.event.inputs.confirm_apply }}
steps:
- name: Validate inputs
run: |
set -euo pipefail
# Whitelist partition names (защита от arbitrary table names)
ALLOWED='^(activity_log_y2026_m05|balance_transactions_y2026_m05)$'
if ! [[ "$PARTITION" =~ $ALLOWED ]]; then
echo "::error::partition '$PARTITION' not in whitelist: $ALLOWED"
exit 1
fi
# from_id is positive integer
if ! [[ "$FROM_ID" =~ ^[0-9]+$ ]]; then
echo "::error::from_id must be positive integer, got '$FROM_ID'"
exit 1
fi
if [[ "$DRY_RUN" != "true" && "$CONFIRM" != "true" ]]; then
echo "::error::Either dry_run=true OR confirm_apply=true must be set"
exit 1
fi
echo "Inputs OK: partition=$PARTITION, from_id=$FROM_ID, dry_run=$DRY_RUN, confirm_apply=$CONFIRM"
- name: Setup SSH key
run: |
mkdir -p ~/.ssh
echo "${{ secrets.LIDERRA_SSH_KEY }}" > ~/.ssh/liderra_deploy
chmod 600 ~/.ssh/liderra_deploy
ssh-keyscan -H ${{ env.LIDERRA_HOST }} >> ~/.ssh/known_hosts 2>/dev/null
- name: Run rebuild on prod
run: |
ssh -i ~/.ssh/liderra_deploy ${{ env.LIDERRA_USER }}@${{ env.LIDERRA_HOST }} \
"PARTITION='$PARTITION' FROM_ID='$FROM_ID' DRY_RUN='$DRY_RUN' bash -s" <<'REMOTE' | tee /tmp/f1-rebuild.log
set +e
echo "=== 1. Anchor + count preview ==="
sudo -u postgres psql -d liderra -v ON_ERROR_STOP=1 <<SQL
\set partition $PARTITION
\set from_id $FROM_ID
-- Anchor: log_hash of row right BEFORE from_id (=> prev_hash for from_id)
SELECT
(SELECT id FROM :"partition" WHERE id < :from_id ORDER BY id DESC LIMIT 1) AS anchor_id,
encode((SELECT log_hash FROM :"partition" WHERE id < :from_id ORDER BY id DESC LIMIT 1), 'hex') AS anchor_log_hash,
(SELECT COUNT(*) FROM :"partition" WHERE id >= :from_id) AS rows_to_rebuild,
(SELECT MIN(id) FROM :"partition" WHERE id >= :from_id) AS first_id,
(SELECT MAX(id) FROM :"partition" WHERE id >= :from_id) AS last_id;
SQL
PRE_RC=$?
if [[ $PRE_RC -ne 0 ]]; then
echo "::error::Pre-check failed (RC=$PRE_RC)"
exit $PRE_RC
fi
if [[ "$DRY_RUN" == "true" ]]; then
echo
echo "=== DRY RUN — no changes applied ==="
exit 0
fi
echo
echo "=== 2. APPLY: rebuild hash chain on $PARTITION from id=$FROM_ID ==="
# Canonical algorithm (mirrors app/app/Console/Commands/AuditRebuildChain.php):
# builds explicit ROW(col1, col2, ..., NULL::bytea on log_hash position, ..., coln)::text::bytea
# so hash matches what audit:verify-chains computes (which uses same COLUMN_CONFIG).
case "$PARTITION" in
activity_log_*)
ROW_EXPR="ROW(t.id, t.tenant_id, t.user_id, t.deal_id, t.event, t.old_value, t.new_value, t.context, t.ip_address, t.user_agent, NULL::bytea, t.created_at)"
;;
balance_transactions_*)
ROW_EXPR="ROW(t.id, t.tenant_id, t.type, t.amount_rub, t.amount_leads, t.balance_rub_after, t.balance_leads_after, t.description, t.related_type, t.related_id, t.user_id, t.admin_user_id, NULL::bytea, t.created_at)"
;;
*)
echo "::error::Unknown partition family — add ROW_EXPR mapping"
exit 1
;;
esac
echo "Using ROW expression: $ROW_EXPR"
sudo -u postgres psql -d liderra -v ON_ERROR_STOP=1 <<SQL
BEGIN;
SET LOCAL session_replication_role = 'replica';
DO \$rebuild\$
DECLARE
cur_id BIGINT;
prev_hash BYTEA;
new_hash BYTEA;
cnt INTEGER := 0;
partition_name TEXT := '$PARTITION';
start_id BIGINT := $FROM_ID;
row_expr TEXT := '$ROW_EXPR';
BEGIN
EXECUTE format(
'SELECT log_hash FROM %I WHERE id < \$1 ORDER BY id DESC LIMIT 1',
partition_name
)
INTO prev_hash
USING start_id;
RAISE NOTICE 'Anchor prev_hash: %', COALESCE(encode(prev_hash, 'hex'), '<NULL — start of chain>');
FOR cur_id IN
EXECUTE format(
'SELECT id FROM %I WHERE id >= \$1 ORDER BY id',
partition_name
)
USING start_id
LOOP
-- Compute new_hash with explicit ROW(...) expression (canonical, matches verify-chains)
EXECUTE format(
'SELECT digest(COALESCE(\$1, ''''::bytea) || %s::text::bytea, ''sha256'') FROM %I t WHERE id = \$2',
row_expr, partition_name
)
INTO new_hash
USING prev_hash, cur_id;
EXECUTE format('UPDATE %I SET log_hash = \$1 WHERE id = \$2', partition_name)
USING new_hash, cur_id;
prev_hash := new_hash;
cnt := cnt + 1;
END LOOP;
RAISE NOTICE 'Rebuilt % rows. Last log_hash: %', cnt, encode(prev_hash, 'hex');
END
\$rebuild\$;
COMMIT;
SQL
APPLY_RC=$?
echo
echo "=== 3. Verify: no NULL log_hash в обновлённых строках ==="
sudo -u postgres psql -d liderra <<SQL
\set partition $PARTITION
\set from_id $FROM_ID
SELECT
COUNT(*) FILTER (WHERE log_hash IS NULL) AS null_count,
COUNT(*) AS total,
MIN(id) AS first_id,
MAX(id) AS last_id
FROM :"partition"
WHERE id >= :from_id;
SQL
echo
echo "=== Apply RC: $APPLY_RC ==="
exit $APPLY_RC
REMOTE
- name: Print summary
if: always()
run: |
{
echo "## F1 chain rebuild — $PARTITION (from_id=$FROM_ID, dry_run=$DRY_RUN)"
echo
echo '```'
cat /tmp/f1-rebuild.log 2>/dev/null || echo "(no log)"
echo '```'
} >> "$GITHUB_STEP_SUMMARY"
- name: Cleanup SSH key
if: always()
run: rm -f ~/.ssh/liderra_deploy
.github/workflows/pg-diagnose.yml
-96
View File
@@ -1,96 +0,0 @@
name: Diagnose PostgreSQL state on liderra.ru
# Read-only diagnostic для incident "PG не принимает connections".
# Запускается вручную: gh workflow run pg-diagnose.yml --ref <branch>
# Ничего не меняет на проде — только читает systemctl/journalctl/df/free/uptime
# + tail последних 200 строк postgresql-16-main.log.
on:
workflow_dispatch:
jobs:
diagnose:
runs-on: ubuntu-latest
timeout-minutes: 5
env:
LIDERRA_HOST: 111.88.246.137
LIDERRA_USER: ubuntu
steps:
- name: Setup SSH key
run: |
mkdir -p ~/.ssh
echo "${{ secrets.LIDERRA_SSH_KEY }}" > ~/.ssh/liderra_deploy
chmod 600 ~/.ssh/liderra_deploy
ssh-keyscan -H ${{ env.LIDERRA_HOST }} >> ~/.ssh/known_hosts 2>/dev/null
- name: Run PG diagnostic on prod
run: |
ssh -i ~/.ssh/liderra_deploy ${{ env.LIDERRA_USER }}@${{ env.LIDERRA_HOST }} \
"bash -s" <<'REMOTE' | tee /tmp/pg-diagnose.log
set +e
echo "=== 1. hostname + UTC time ==="
echo "host=$(hostname); utc=$(date -u)"
echo
echo "=== 2. uptime ==="
uptime
echo
echo "=== 3. last reboot ==="
who -b
last reboot --time-format=iso | head -5
echo
echo "=== 4. df -h / and /var ==="
df -h / /var /var/lib/postgresql 2>&1 | head -10
echo
echo "=== 5. free -h ==="
free -h
echo
echo "=== 6. systemctl status postgresql ==="
sudo systemctl status postgresql --no-pager 2>&1 | head -30
echo
echo "=== 7. systemctl status postgresql@16-main (cluster) ==="
sudo systemctl status postgresql@16-main --no-pager 2>&1 | head -30
echo
echo "=== 8. nginx + php-fpm status (one-line each) ==="
sudo systemctl is-active nginx php8.3-fpm liderra-queue 2>&1
echo
echo "=== 9. ps aux | postgres (top 15) ==="
ps auxf | grep -E "(postgres|recovery)" | grep -v grep | head -15
echo
echo "=== 10. journalctl postgresql last 80 lines ==="
sudo journalctl -u postgresql -n 80 --no-pager 2>&1 | tail -80
echo
echo "=== 11. journalctl postgresql@16-main last 80 lines ==="
sudo journalctl -u postgresql@16-main -n 80 --no-pager 2>&1 | tail -80
echo
echo "=== 12. tail -100 /var/log/postgresql/postgresql-16-main.log ==="
sudo tail -100 /var/log/postgresql/postgresql-16-main.log 2>&1
echo
echo "=== 13. WAL size and count ==="
sudo du -sh /var/lib/postgresql/16/main/pg_wal 2>&1
sudo ls /var/lib/postgresql/16/main/pg_wal 2>&1 | wc -l
echo
echo "=== 14. dmesg tail (kernel events, OOM, IO errors) ==="
sudo dmesg -T 2>&1 | tail -40
echo
echo "=== 15. liderra.ru HTTPS probe ==="
curl -sI -o /dev/null -w "HTTP %{http_code}\nTotal: %{time_total}s\n" https://liderra.ru/ --max-time 10
echo
echo "=== DONE ==="
REMOTE
- name: Print summary
if: always()
run: |
{
echo "## PG diagnostic on liderra.ru"
echo
echo '```'
cat /tmp/pg-diagnose.log 2>/dev/null || echo "(no log captured)"
echo '```'
} >> "$GITHUB_STEP_SUMMARY"
- name: Cleanup SSH key
if: always()
run: rm -f ~/.ssh/liderra_deploy
.github/workflows/pre-deploy-checks.yml
-192
View File
@@ -1,192 +0,0 @@
name: Pre-deploy validation (8 checks)
# Цель: воспроизвести 8 проверок project-local агента `prod-deploy-validator`
# (#85) через GitHub Actions Azure runner — обход YC backbone-фильтра,
# который блокирует direct SSH с dev-IP 89.144.17.119.
#
# Запускается вручную: gh workflow run pre-deploy-checks.yml
# Read-only — ничего не меняет на проде.
#
# 8 checks (per Pravila §2.4 / agent .claude/agents/prod-deploy-validator.md):
# 1. config:cache владелец (quirk 107 — должен быть www-data:www-data, не root)
# 2. .env line endings (CRLF → артефакты)
# 3. свободное место (< 80% использовано)
# 4. свежесть бэкапа БД (≤ 24ч)
# 5. health очереди liderra-queue (active + queue length < 1000)
# 6. nginx syntax (nginx -t)
# 7. fail2ban active (service running)
# 8. pending миграции (php artisan migrate:status — для текущего deploy ожидается 0)
#
# Использует тот же LIDERRA_SSH_KEY что и deploy.yml.
on:
workflow_dispatch:
jobs:
preflight:
runs-on: ubuntu-latest
timeout-minutes: 5
env:
LIDERRA_HOST: 111.88.246.137
LIDERRA_USER: ubuntu
APP_DIR: /var/www/liderra/app
steps:
- name: Setup SSH key
run: |
mkdir -p ~/.ssh
echo "${{ secrets.LIDERRA_SSH_KEY }}" > ~/.ssh/liderra_deploy
chmod 600 ~/.ssh/liderra_deploy
ssh-keyscan -H ${{ env.LIDERRA_HOST }} >> ~/.ssh/known_hosts 2>/dev/null
- name: Run 8 pre-flight checks on prod
id: checks
run: |
ssh -i ~/.ssh/liderra_deploy ${{ env.LIDERRA_USER }}@${{ env.LIDERRA_HOST }} \
"APP_DIR='${APP_DIR}' bash -s" <<'REMOTE' | tee /tmp/preflight.log
set +e
FAILS=0
echo "=== Check 1: config:cache file owner (quirk 107) ==="
CFG_FILE="${APP_DIR}/bootstrap/cache/config.php"
if sudo test -f "$CFG_FILE"; then
OWNER=$(sudo stat -c '%U:%G' "$CFG_FILE")
echo " Owner: $OWNER"
if [ "$OWNER" = "www-data:www-data" ]; then
echo " ✓ PASS"
else
echo " ✗ FAIL — expected www-data:www-data (quirk 107: prod incident 24.05.2026)"
FAILS=$((FAILS+1))
fi
else
echo " ~ SKIP — config.php не существует (будет создан deploy'ем)"
fi
echo
echo "=== Check 2: .env line endings (no CRLF) ==="
ENV_FILE="${APP_DIR}/.env"
if sudo test -f "$ENV_FILE"; then
CRLF_COUNT=$(sudo grep -c $'\r' "$ENV_FILE" 2>/dev/null || echo "0")
echo " CRLF chars: $CRLF_COUNT"
if [ "$CRLF_COUNT" = "0" ]; then
echo " ✓ PASS"
else
echo " ✗ FAIL — .env содержит CRLF ($CRLF_COUNT строк)"
FAILS=$((FAILS+1))
fi
else
echo " ✗ FAIL — .env not found"
FAILS=$((FAILS+1))
fi
echo
echo "=== Check 3: free disk space (< 80% used) ==="
DF_USED=$(df / | tail -1 | awk '{print $5}' | tr -d '%')
echo " Used: ${DF_USED}%"
if [ "$DF_USED" -lt 80 ]; then
echo " ✓ PASS"
else
echo " ✗ FAIL — корневой раздел ${DF_USED}% (>=80%)"
FAILS=$((FAILS+1))
fi
echo
echo "=== Check 4: pre-deploy backup freshness (≤ 24h) ==="
# deploy.yml saves app pre-deploy backups to /home/ubuntu/deploy-backups/
BACKUP_DIR="/home/ubuntu/deploy-backups"
if sudo test -d "$BACKUP_DIR"; then
LATEST=$(sudo find "$BACKUP_DIR" -name 'app-pre-deploy-*.tgz' -mmin -1440 2>/dev/null | sort -r | head -1)
if [ -n "$LATEST" ]; then
MTIME=$(sudo stat -c '%y' "$LATEST" 2>/dev/null)
echo " Latest: $LATEST ($MTIME)"
echo " ✓ PASS"
else
ANY_LATEST=$(sudo find "$BACKUP_DIR" -name 'app-pre-deploy-*.tgz' 2>/dev/null | sort -r | head -1)
if [ -n "$ANY_LATEST" ]; then
ANY_MTIME=$(sudo stat -c '%y' "$ANY_LATEST" 2>/dev/null)
echo " i NOTE — backups exist но >24h ($ANY_LATEST, $ANY_MTIME). Не блокер deploy'а — deploy.yml сам делает свежий backup перед раскаткой."
else
echo " i NOTE — нет pre-deploy бэкапов в $BACKUP_DIR. Не блокер — deploy.yml создаст backup сам."
fi
fi
else
echo " i NOTE — backup dir $BACKUP_DIR не существует (первый deploy?). deploy.yml создаст dir."
fi
echo
echo "=== Check 5: queue health (liderra-queue active + depth) ==="
QUEUE_STATUS=$(systemctl is-active liderra-queue 2>&1)
echo " Service: $QUEUE_STATUS"
if [ "$QUEUE_STATUS" = "active" ]; then
echo " ✓ PASS (service active)"
else
echo " ✗ FAIL — liderra-queue не active"
FAILS=$((FAILS+1))
fi
# NB: queue depth check would need Redis access; skipped (not critical for this deploy)
echo
echo "=== Check 6: nginx syntax ==="
NGINX_TEST=$(sudo nginx -t 2>&1)
echo "$NGINX_TEST" | sed 's/^/ /'
if echo "$NGINX_TEST" | grep -q "syntax is ok" && echo "$NGINX_TEST" | grep -q "test is successful"; then
echo " ✓ PASS"
else
echo " ✗ FAIL — nginx syntax error"
FAILS=$((FAILS+1))
fi
echo
echo "=== Check 7: fail2ban active ==="
F2B_STATUS=$(systemctl is-active fail2ban 2>&1)
echo " Service: $F2B_STATUS"
if [ "$F2B_STATUS" = "active" ]; then
echo " ✓ PASS"
else
echo " ✗ FAIL — fail2ban не active"
FAILS=$((FAILS+1))
fi
echo
echo "=== Check 8: pending migrations ==="
cd "${APP_DIR}"
MIG_STATUS=$(sudo -u www-data php artisan migrate:status 2>&1)
PENDING=$(echo "$MIG_STATUS" | grep -c "Pending")
echo " Pending count: $PENDING"
if [ "$PENDING" = "0" ]; then
echo " ✓ PASS — 0 pending migrations"
else
echo " i NOTE — $PENDING pending migrations (deploy.yml runs them automatically)"
# NB: Pending miграции — это НЕ FAIL для этого deploy (план не включает миграции;
# deploy.yml выполнит их сам). Помечается как INFO, не FAIL.
fi
echo
echo "=== SUMMARY ==="
echo "Total failures: $FAILS"
if [ "$FAILS" = "0" ]; then
echo "VERDICT: GO"
exit 0
else
echo "VERDICT: NO-GO ($FAILS check(s) failed)"
exit 1
fi
REMOTE
REMOTE_EXIT=$?
echo "remote_exit=$REMOTE_EXIT" >> "$GITHUB_OUTPUT"
- name: Print summary
if: always()
run: |
{
echo "## Pre-deploy 8-check validation for liderra.ru"
echo
echo '```'
cat /tmp/preflight.log 2>/dev/null || echo "(no log captured)"
echo '```'
} >> "$GITHUB_STEP_SUMMARY"
- name: Cleanup SSH key
if: always()
run: rm -f ~/.ssh/liderra_deploy
.github/workflows/setup-logrotate.yml
-167
View File
@@ -1,167 +0,0 @@
name: Setup logrotate for Laravel logs (incident prevention)
# Incident response prevention: 8.7G laravel.log заполнил диск (29.05.2026).
# Существующий daily rotation (laravel.log.1) недостаточен — за один день шторма
# accumulated 8.7G. Нужна size-based rotation с лимитом.
#
# This workflow installs /etc/logrotate.d/laravel-liderra config:
# - size 50M (rotate when file >= 50MB, не daily)
# - rotate 5 (keep 5 rotated copies)
# - compress (gzip rotated files)
# - copytruncate (atomic copy + truncate inode-preserving, Laravel handle continues)
# - notifempty (skip if empty)
# - su www-data www-data (correct ownership)
#
# Тестируется logrotate --debug сразу после установки.
#
# Ref: root-cause analysis incident 2026-05-29
on:
workflow_dispatch:
inputs:
confirm_apply:
description: 'Подтверждаю установку logrotate конфига на проде'
required: true
default: 'false'
type: boolean
jobs:
setup:
runs-on: ubuntu-latest
timeout-minutes: 5
env:
LIDERRA_HOST: 111.88.246.137
LIDERRA_USER: ubuntu
CONFIRM: ${{ github.event.inputs.confirm_apply }}
steps:
- name: Guard
run: |
if [[ "$CONFIRM" != "true" ]]; then
echo "::error::confirm_apply=true required"
exit 1
fi
- name: Setup SSH key
run: |
mkdir -p ~/.ssh
echo "${{ secrets.LIDERRA_SSH_KEY }}" > ~/.ssh/liderra_deploy
chmod 600 ~/.ssh/liderra_deploy
ssh-keyscan -H ${{ env.LIDERRA_HOST }} >> ~/.ssh/known_hosts 2>/dev/null
- name: Install logrotate config + verify
run: |
ssh -i ~/.ssh/liderra_deploy ${{ env.LIDERRA_USER }}@${{ env.LIDERRA_HOST }} \
"bash -s" <<'REMOTE' | tee /tmp/logrotate-setup.log
set +e
echo "=== 1. Discover Laravel logs path ==="
LARAVEL_LOG_DIR=""
for candidate in /var/www/liderra/app/storage/logs /var/www/lidpotok/storage/logs; do
if [[ -d "$candidate" ]]; then
LARAVEL_LOG_DIR="$candidate"
break
fi
done
echo "LARAVEL_LOG_DIR=$LARAVEL_LOG_DIR"
if [[ -z "$LARAVEL_LOG_DIR" ]]; then
echo "::error::Cannot find Laravel logs directory"
exit 1
fi
echo "Current sizes:"
sudo du -sh "$LARAVEL_LOG_DIR"/*.log 2>/dev/null | head -10
echo
echo "=== 2. Write logrotate config to /etc/logrotate.d/laravel-liderra ==="
sudo tee /etc/logrotate.d/laravel-liderra > /dev/null <<EOF
$LARAVEL_LOG_DIR/*.log {
size 50M
rotate 5
compress
delaycompress
missingok
notifempty
copytruncate
su www-data www-data
create 0644 www-data www-data
}
EOF
echo "Wrote config:"
sudo cat /etc/logrotate.d/laravel-liderra
sudo chmod 0644 /etc/logrotate.d/laravel-liderra
echo
echo "=== 3. Verify config syntax via logrotate --debug ==="
sudo logrotate --debug /etc/logrotate.d/laravel-liderra 2>&1 | head -30
echo
echo "=== 4. Trigger rotation now (--force) for clean state ==="
sudo logrotate --force /etc/logrotate.d/laravel-liderra 2>&1 | tail -10
echo
echo "=== 5. PostgreSQL log rotation config ==="
# Default Ubuntu postgresql-common rotates daily without size cap.
# We override with size 100M / rotate 7 / postrotate SIGHUP (PG reopens log).
# Higher alpha order than postgresql-common → processed later → wins on same files.
sudo tee /etc/logrotate.d/postgresql-liderra > /dev/null <<EOF
/var/log/postgresql/*.log {
su postgres postgres
size 100M
rotate 7
compress
delaycompress
missingok
notifempty
create 0640 postgres adm
sharedscripts
postrotate
# SIGHUP postmaster для re-open log file (standard PG idiom).
# PG holds log file handle open — без SIGHUP write goes to old (deleted) inode.
if [ -f /var/run/postgresql/16-main.pid ]; then
kill -HUP \$(cat /var/run/postgresql/16-main.pid) 2>/dev/null || true
fi
endscript
}
EOF
echo "Wrote /etc/logrotate.d/postgresql-liderra:"
sudo cat /etc/logrotate.d/postgresql-liderra
sudo chmod 0644 /etc/logrotate.d/postgresql-liderra
echo
echo "=== 6. Verify PG logrotate syntax ==="
sudo logrotate --debug /etc/logrotate.d/postgresql-liderra 2>&1 | head -20
echo
echo "=== 7. Force PG log rotation now (clean state) ==="
sudo logrotate --force /etc/logrotate.d/postgresql-liderra 2>&1 | tail -10
echo
echo "=== 8. AFTER: PG log directory state ==="
sudo ls -lah /var/log/postgresql/ 2>&1 | head -10
echo
echo "=== 9. AFTER: Laravel log directory state ==="
sudo ls -lah "$LARAVEL_LOG_DIR/" 2>&1 | head -20
echo
echo "=== 10. Disk free ==="
df -h / 2>&1 | head -3
echo
echo "=== DONE ==="
REMOTE
- name: Print summary
if: always()
run: |
{
echo "## logrotate setup"
echo
echo '```'
cat /tmp/logrotate-setup.log 2>/dev/null || echo "(no log)"
echo '```'
} >> "$GITHUB_STEP_SUMMARY"
- name: Cleanup SSH key
if: always()
run: rm -f ~/.ssh/liderra_deploy
.github/workflows/sql-rebuild-audit-chain.yml
-208
View File
@@ -1,208 +0,0 @@
name: SQL rebuild audit hash-chain (per-tenant via postgres)
# Запускает per-tenant rebuild hash-chain для аудит-партиции через
# sudo -u postgres psql (обход limitation crm_supplier_worker роли —
# она не может SET session_replication_role).
#
# Поддерживает 2 таблицы (Stage 5 finding 1+2):
# - activity_log → ROW(id,tenant_id,user_id,deal_id,event,old_value,
# new_value,context,ip_address,user_agent,NULL::bytea,created_at)
# - balance_transactions → ROW(id,tenant_id,type,amount_rub,amount_leads,
# balance_rub_after,balance_leads_after,description,related_type,
# related_id,user_id,admin_user_id,NULL::bytea,created_at)
on:
workflow_dispatch:
inputs:
partition:
description: 'Имя партиции, например activity_log_y2026_m05'
required: true
type: string
from_id:
description: 'ID с которого начать пересчёт (включительно)'
required: true
type: string
table_kind:
description: 'activity_log | balance_transactions | pd_processing_log | tenant_operations_log'
required: true
type: choice
options:
- activity_log
- balance_transactions
- pd_processing_log
- tenant_operations_log
confirm_apply:
description: 'Подтверждаю выполнение mutating cleanup'
required: true
default: false
type: boolean
jobs:
rebuild:
runs-on: ubuntu-latest
timeout-minutes: 10
env:
LIDERRA_HOST: 111.88.246.137
LIDERRA_USER: ubuntu
PARTITION: ${{ github.event.inputs.partition }}
FROM_ID: ${{ github.event.inputs.from_id }}
TABLE_KIND: ${{ github.event.inputs.table_kind }}
steps:
- name: Confirm check
run: |
if [[ "${{ github.event.inputs.confirm_apply }}" != "true" ]]; then
echo "::error::confirm_apply=true обязателен"
exit 1
fi
# Sanity: partition must match table_kind
case "$TABLE_KIND" in
activity_log)
if [[ ! "$PARTITION" =~ ^activity_log_y[0-9]{4}_m[0-9]{2}$ ]]; then
echo "::error::partition '$PARTITION' не соответствует table_kind=activity_log"
exit 1
fi
;;
balance_transactions)
if [[ ! "$PARTITION" =~ ^balance_transactions_y[0-9]{4}_m[0-9]{2}$ ]]; then
echo "::error::partition '$PARTITION' не соответствует table_kind=balance_transactions"
exit 1
fi
;;
pd_processing_log)
if [[ ! "$PARTITION" =~ ^pd_processing_log_y[0-9]{4}_m[0-9]{2}$ ]]; then
echo "::error::partition '$PARTITION' не соответствует table_kind=pd_processing_log"
exit 1
fi
;;
tenant_operations_log)
if [[ ! "$PARTITION" =~ ^tenant_operations_log_y[0-9]{4}_m[0-9]{2}$ ]]; then
echo "::error::partition '$PARTITION' не соответствует table_kind=tenant_operations_log"
exit 1
fi
;;
*)
echo "::error::table_kind unknown"
exit 1
;;
esac
if ! [[ "$FROM_ID" =~ ^[0-9]+$ ]]; then
echo "::error::from_id must be numeric"
exit 1
fi
- name: Setup SSH key
run: |
mkdir -p ~/.ssh
echo "${{ secrets.LIDERRA_SSH_KEY }}" > ~/.ssh/liderra_deploy
chmod 600 ~/.ssh/liderra_deploy
ssh-keyscan -H ${{ env.LIDERRA_HOST }} >> ~/.ssh/known_hosts 2>/dev/null
- name: Execute SQL rebuild on prod
run: |
# Build ROW expression per table_kind (mirror AuditChainConfig::TABLES)
case "$TABLE_KIND" in
activity_log)
ROW_EXPR="ROW(t.id, t.tenant_id, t.user_id, t.deal_id, t.event, t.old_value, t.new_value, t.context, t.ip_address, t.user_agent, NULL::bytea, t.created_at)"
;;
balance_transactions)
ROW_EXPR="ROW(t.id, t.tenant_id, t.type, t.amount_rub, t.amount_leads, t.balance_rub_after, t.balance_leads_after, t.description, t.related_type, t.related_id, t.user_id, t.admin_user_id, NULL::bytea, t.created_at)"
;;
pd_processing_log)
ROW_EXPR="ROW(t.id, t.tenant_id, t.subject_type, t.subject_id, t.action, t.purpose, t.actor_tenant_user_id, t.actor_admin_user_id, t.ip_address, NULL::bytea, t.created_at)"
;;
tenant_operations_log)
ROW_EXPR="ROW(t.id, t.tenant_id, t.user_id, t.entity_type, t.entity_id, t.event, t.payload_before, t.payload_after, t.ip_address, t.user_agent, NULL::bytea, t.created_at)"
;;
esac
# Build SQL with substituted PARTITION + FROM_ID + ROW_EXPR
cat > /tmp/rebuild.sql <<SQL
\\set ON_ERROR_STOP 1
SELECT 'BEFORE: mismatches in partition' AS phase, COUNT(*) AS cnt
FROM (
WITH ordered AS (
SELECT id, tenant_id, log_hash AS stored_hash,
LAG(log_hash) OVER (PARTITION BY tenant_id ORDER BY id) AS prev_hash
FROM ${PARTITION}
)
SELECT o.id
FROM ordered o
WHERE o.stored_hash IS DISTINCT FROM
digest(
COALESCE(o.prev_hash, ''::bytea)
|| (SELECT ${ROW_EXPR}::text::bytea FROM ${PARTITION} t WHERE t.id = o.id),
'sha256'
)
) sub;
DO \$\$
DECLARE
tenant_rec RECORD;
row_rec RECORD;
prev_hash BYTEA;
new_hash BYTEA;
updated_count INT := 0;
tenant_count INT := 0;
BEGIN
SET session_replication_role = 'replica';
FOR tenant_rec IN
SELECT DISTINCT tenant_id FROM ${PARTITION} WHERE id >= ${FROM_ID} ORDER BY tenant_id
LOOP
tenant_count := tenant_count + 1;
SELECT log_hash INTO prev_hash
FROM ${PARTITION}
WHERE tenant_id = tenant_rec.tenant_id AND id < ${FROM_ID}
ORDER BY id DESC LIMIT 1;
FOR row_rec IN
SELECT id FROM ${PARTITION}
WHERE tenant_id = tenant_rec.tenant_id AND id >= ${FROM_ID}
ORDER BY id
LOOP
UPDATE ${PARTITION} p
SET log_hash = digest(
COALESCE(prev_hash, ''::bytea)
|| (SELECT ${ROW_EXPR}::text::bytea FROM ${PARTITION} t WHERE t.id = row_rec.id),
'sha256'
)
WHERE p.id = row_rec.id
RETURNING log_hash INTO new_hash;
prev_hash := new_hash;
updated_count := updated_count + 1;
END LOOP;
END LOOP;
SET session_replication_role = 'origin';
RAISE NOTICE 'Rebuild complete: % tenants, % rows updated', tenant_count, updated_count;
END\$\$;
SELECT 'AFTER: mismatches in partition' AS phase, COUNT(*) AS cnt
FROM (
WITH ordered AS (
SELECT id, tenant_id, log_hash AS stored_hash,
LAG(log_hash) OVER (PARTITION BY tenant_id ORDER BY id) AS prev_hash
FROM ${PARTITION}
)
SELECT o.id
FROM ordered o
WHERE o.stored_hash IS DISTINCT FROM
digest(
COALESCE(o.prev_hash, ''::bytea)
|| (SELECT ${ROW_EXPR}::text::bytea FROM ${PARTITION} t WHERE t.id = o.id),
'sha256'
)
) sub;
SQL
scp -i ~/.ssh/liderra_deploy /tmp/rebuild.sql ${{ env.LIDERRA_USER }}@${{ env.LIDERRA_HOST }}:/tmp/rebuild.sql
ssh -i ~/.ssh/liderra_deploy ${{ env.LIDERRA_USER }}@${{ env.LIDERRA_HOST }} 'sudo -u postgres psql -d liderra -f /tmp/rebuild.sql && rm /tmp/rebuild.sql'
- name: Cleanup SSH key
if: always()
run: rm -f ~/.ssh/liderra_deploy
.github/workflows/sql-runner.yml
-104
View File
@@ -1,104 +0,0 @@
name: Run whitelisted SQL on liderra.ru
on:
workflow_dispatch:
inputs:
sql:
description: 'SQL query (SELECT only by default; UPDATE/DELETE need confirm_mutating=true)'
required: true
type: string
confirm_mutating:
description: 'Подтверждаю UPDATE/DELETE на проде'
required: false
default: false
type: boolean
jobs:
run:
runs-on: ubuntu-latest
timeout-minutes: 10
env:
LIDERRA_HOST: 111.88.246.137
LIDERRA_USER: ubuntu
SQL: ${{ github.event.inputs.sql }}
CONFIRM_MUT: ${{ github.event.inputs.confirm_mutating }}
steps:
- name: Whitelist check
run: |
set -euo pipefail
SQL_LOWER=$(echo "$SQL" | tr '[:upper:]' '[:lower:]' | sed 's/^[[:space:]]*//;s/[[:space:]]*$//')
# Reject multi-statement SQL — `;` would let SELECT-prefixed payloads
# smuggle UPDATE/DELETE past READ_RE without confirm_mutating=true.
# Trailing single `;` is also rejected for symmetry (use no trailing `;`).
if [[ "$SQL_LOWER" == *";"* ]]; then
echo "::error::Multi-statement SQL is not allowed (no semicolons)."
exit 1
fi
# Allow: SELECT / WITH (CTE) / \d / EXPLAIN
READ_RE='^(select |with |explain |\\d|\\df|\\di|\\dt)'
# Mutating allowed if confirm=true: targeted UPDATE/DELETE on specific tables
MUTATING_RE='^(update supplier_leads|update supplier_projects|update failed_webhook_jobs|update scheduler_heartbeats|delete from failed_webhook_jobs|delete from incidents_log) '
if [[ "$SQL_LOWER" =~ $READ_RE ]]; then
echo "::notice::SELECT/read-only — allowed."
exit 0
fi
if [[ "$SQL_LOWER" =~ $MUTATING_RE ]]; then
if [[ "$CONFIRM_MUT" != "true" ]]; then
echo "::error::Mutating SQL requires confirm_mutating=true."
exit 1
fi
echo "::warning::Mutating SQL authorized."
exit 0
fi
echo "::error::SQL not in whitelist: $SQL_LOWER"
exit 1
- name: Setup SSH key
run: |
mkdir -p ~/.ssh
echo "${{ secrets.LIDERRA_SSH_KEY }}" > ~/.ssh/liderra_deploy
chmod 600 ~/.ssh/liderra_deploy
ssh-keyscan -H ${{ env.LIDERRA_HOST }} >> ~/.ssh/known_hosts 2>/dev/null
- name: Run on prod
run: |
set -o pipefail
SQL_B64=$(printf '%s' "$SQL" | base64 -w0)
ssh -i ~/.ssh/liderra_deploy ${{ env.LIDERRA_USER }}@${{ env.LIDERRA_HOST }} \
"SQL_B64='$SQL_B64' bash -s" <<'REMOTE' | tee /tmp/sql.log
SQL=$(echo "$SQL_B64" | base64 -d)
echo "=== Running on $(hostname) at $(date -u) ==="
echo "SQL: $SQL"
echo
sudo -u postgres psql -d liderra -c "$SQL"
RC=$?
echo
echo "=== Exit code: $RC ==="
exit $RC
REMOTE
- name: Summary
if: always()
run: |
{
echo "## SQL on prod"
echo
echo '```sql'
echo "$SQL"
echo '```'
echo
echo '```'
cat /tmp/sql.log 2>/dev/null
echo '```'
} >> "$GITHUB_STEP_SUMMARY"
- name: Cleanup
if: always()
run: rm -f ~/.ssh/liderra_deploy
.github/workflows/ssh-diagnose.yml
-136
View File
@@ -1,136 +0,0 @@
name: Diagnose SSH access to liderra.ru
# Цель: понять, почему dev-IP 89.144.17.119 не пускают по SSH.
# Запускается вручную: gh workflow run ssh-diagnose.yml -f dev_ip=89.144.17.119
# Ничего не меняет на проде — только читает состояние fail2ban / iptables / sshd /
# auth.log.
#
# Использует тот же LIDERRA_SSH_KEY что и deploy.yml.
on:
workflow_dispatch:
inputs:
dev_ip:
description: 'IP который нужно проверить на блок (по умолчанию 89.144.17.119)'
required: true
default: '89.144.17.119'
type: string
jobs:
diagnose:
runs-on: ubuntu-latest
timeout-minutes: 5
env:
LIDERRA_HOST: 111.88.246.137
LIDERRA_USER: ubuntu
DEV_IP: ${{ github.event.inputs.dev_ip }}
steps:
- name: Setup SSH key
run: |
mkdir -p ~/.ssh
echo "${{ secrets.LIDERRA_SSH_KEY }}" > ~/.ssh/liderra_deploy
chmod 600 ~/.ssh/liderra_deploy
ssh-keyscan -H ${{ env.LIDERRA_HOST }} >> ~/.ssh/known_hosts 2>/dev/null
- name: Run diagnostic queries on prod
run: |
ssh -i ~/.ssh/liderra_deploy ${{ env.LIDERRA_USER }}@${{ env.LIDERRA_HOST }} \
"DEV_IP='${DEV_IP}' bash -s" <<'REMOTE' | tee /tmp/diagnose.log
set +e
echo "=== 1. fail2ban status (sshd jail) ==="
sudo fail2ban-client status sshd 2>&1 | head -30 || echo "fail2ban not available"
echo
echo "=== 2. Is ${DEV_IP} currently banned by fail2ban? ==="
sudo fail2ban-client get sshd banip 2>&1 | grep -F "${DEV_IP}" || echo "NOT IN fail2ban banlist"
echo
echo "=== 3. Recent fail2ban actions for ${DEV_IP} (last 50 lines) ==="
sudo grep -F "${DEV_IP}" /var/log/fail2ban.log 2>/dev/null | tail -50 || echo "no fail2ban log entries"
echo
echo "=== 4. iptables INPUT rules referencing ${DEV_IP} or :22 ==="
sudo iptables -L INPUT -n -v --line-numbers 2>&1 | grep -E "(${DEV_IP}|dpt:22|tcp dpt:ssh|f2b)" || echo "no specific INPUT rules"
echo
echo "=== 5. iptables chains containing fail2ban (f2b-*) ==="
sudo iptables -L -n 2>&1 | grep -E "^Chain (f2b|INPUT)" | head -10
echo
echo "=== 6. Full f2b-sshd chain (entries banning IPs) ==="
sudo iptables -L f2b-sshd -n -v --line-numbers 2>&1 | head -40 || echo "no f2b-sshd chain"
echo
echo "=== 7. Recent SSH failed attempts from ${DEV_IP} (last 30 lines auth.log) ==="
sudo grep -F "${DEV_IP}" /var/log/auth.log 2>/dev/null | tail -30 || echo "no auth.log entries"
echo
echo "=== 8. Active sshd config: AllowUsers / DenyUsers / Match blocks ==="
sudo grep -E "^(AllowUsers|DenyUsers|AllowGroups|DenyGroups|Match)" /etc/ssh/sshd_config 2>&1 || true
sudo ls /etc/ssh/sshd_config.d/ 2>&1
sudo grep -E "^(AllowUsers|DenyUsers|AllowGroups|DenyGroups|Match)" /etc/ssh/sshd_config.d/*.conf 2>/dev/null || echo "no relevant entries in sshd_config.d"
echo
echo "=== 9. hosts.deny / hosts.allow ==="
echo "--- /etc/hosts.deny ---"
sudo cat /etc/hosts.deny 2>/dev/null | grep -v '^#' | grep -v '^$' || echo "(empty)"
echo "--- /etc/hosts.allow ---"
sudo cat /etc/hosts.allow 2>/dev/null | grep -v '^#' | grep -v '^$' || echo "(empty)"
echo
echo "=== 10. ufw status (если используется) ==="
sudo ufw status verbose 2>&1 | head -20 || echo "ufw not active"
echo
echo "=== 11. nftables ruleset (если активен) ==="
sudo nft list ruleset 2>&1 | head -40 || echo "nftables not active"
echo
echo "=== 12. Last 5 successful SSH logins (who logged in last) ==="
last -n 5 ubuntu 2>&1 | head -10
echo
echo "=== 13. Full content of /etc/ssh/sshd_config.d/01-claude.conf ==="
sudo cat /etc/ssh/sshd_config.d/01-claude.conf 2>&1 | head -80
echo
echo "=== 14. nftables full ruleset (f2b-table content) ==="
sudo nft list ruleset 2>&1 | head -120
echo
echo "=== 15. journalctl ssh.service last 30min ==="
sudo journalctl -u ssh.service --since="30 minutes ago" --no-pager 2>&1 | tail -40
echo
echo "=== 16. /etc/fail2ban/jail.d/ content ==="
sudo ls -la /etc/fail2ban/jail.d/ 2>&1
echo "--- whitelist-dev.conf ---"
sudo cat /etc/fail2ban/jail.d/whitelist-dev.conf 2>&1 || echo "(missing)"
echo "--- jail.local ---"
sudo cat /etc/fail2ban/jail.local 2>&1 | head -40 || echo "(missing)"
echo
echo "=== 17. recidive jail (if any — long-term ban) ==="
sudo fail2ban-client status recidive 2>&1 | head -20 || echo "no recidive jail"
sudo fail2ban-client get recidive banip 2>&1 | grep -F "${DEV_IP}" || echo "NOT IN recidive"
echo
echo "=== DONE ==="
REMOTE
- name: Print summary
if: always()
run: |
{
echo "## SSH diagnostic for $DEV_IP → $LIDERRA_HOST"
echo
echo '```'
cat /tmp/diagnose.log 2>/dev/null || echo "(no log captured)"
echo '```'
} >> "$GITHUB_STEP_SUMMARY"
- name: Cleanup SSH key
if: always()
run: rm -f ~/.ssh/liderra_deploy
.github/workflows/stage5-daily-monitor.yml
-117
View File
@@ -1,117 +0,0 @@
name: Stage 5 daily monitor (29.05→04.06)
# Автоматический ежедневный мониторинг 3 ключевых сигналов прода
# во время 7-дневного окна перед переключением supplier_export_mode
# online→batch (Stage 5 Task 5.1).
#
# Запускается GitHub-cron'ом каждое утро 06:00 UTC (09:00 МСК)
# 29.05.2026 — 04.06.2026 (после 04.06 workflow можно отключить
# через UI Actions tab → Disable workflow, либо удалить файл).
# Также доступен ручной запуск через workflow_dispatch.
#
# Выводит результаты в job summary + сохраняет как artifact.
#
# План мониторинга:
# docs/superpowers/plans/2026-05-29-stage5-monitoring-checklist.md
on:
schedule:
# 06:00 UTC = 09:00 МСК ежедневно
- cron: '0 6 * * *'
workflow_dispatch:
jobs:
monitor:
runs-on: ubuntu-latest
timeout-minutes: 10
# Жёсткий стоп — workflow ничего не делает после 04.06.2026 даже
# если кто-то забудет отключить. CRON в GitHub Actions не имеет
# "until date" — реализуем через if-check на runner side.
if: github.event_name == 'workflow_dispatch' || github.event.schedule == '0 6 * * *'
env:
LIDERRA_HOST: 111.88.246.137
LIDERRA_USER: ubuntu
steps:
- name: Check window not expired
id: window
run: |
TODAY=$(date -u +%Y-%m-%d)
DEADLINE='2026-06-05' # 04.06 + 1 день grace
if [[ "$TODAY" > "$DEADLINE" ]]; then
echo "::notice::Stage 5 monitoring window closed at $DEADLINE. Disable this workflow via Actions UI."
echo "skip=true" >> "$GITHUB_OUTPUT"
else
echo "skip=false" >> "$GITHUB_OUTPUT"
fi
- name: Setup SSH key
if: steps.window.outputs.skip != 'true'
run: |
mkdir -p ~/.ssh
echo "${{ secrets.LIDERRA_SSH_KEY }}" > ~/.ssh/liderra_deploy
chmod 600 ~/.ssh/liderra_deploy
ssh-keyscan -H ${{ env.LIDERRA_HOST }} >> ~/.ssh/known_hosts 2>/dev/null
- name: Run 3 checks
if: steps.window.outputs.skip != 'true'
run: |
ssh -i ~/.ssh/liderra_deploy ${{ env.LIDERRA_USER }}@${{ env.LIDERRA_HOST }} 'bash -s' <<'REMOTE' | tee /tmp/monitor.log
set +e
cd /var/www/liderra/app
echo "=== Date: $(date -u) ==="
echo
echo "=== 1. scheduler:check-heartbeats ==="
sudo -u www-data php artisan scheduler:check-heartbeats 2>&1
echo "Exit: $?"
echo
echo "=== 2. incidents:watch-failures ==="
sudo -u www-data php artisan incidents:watch-failures 2>&1
echo "Exit: $?"
echo
echo "=== 3. migrate:status ==="
sudo -u www-data php artisan migrate:status 2>&1 | tail -8
echo "Exit: $?"
echo
echo "=== Auxiliary signals from system tables ==="
echo "--- last 3 incidents_log entries ---"
sudo -u postgres psql -d liderra -tA -c "SELECT severity, created_at, root_cause FROM incidents_log ORDER BY created_at DESC LIMIT 3;" 2>&1
echo "--- snapshot count last 3 days ---"
sudo -u postgres psql -d liderra -tA -c "SELECT snapshot_date, COUNT(*) FROM project_routing_snapshots GROUP BY 1 ORDER BY 1 DESC LIMIT 3;" 2>&1
echo "--- failed_webhook_jobs last 24h count ---"
sudo -u postgres psql -d liderra -tA -c "SELECT COUNT(*) FROM failed_webhook_jobs WHERE failed_at > NOW() - INTERVAL '24 hours';" 2>&1
echo "--- scheduler_heartbeats with failures ---"
sudo -u postgres psql -d liderra -tA -c "SELECT command_name, consecutive_failures, last_run_at FROM scheduler_heartbeats WHERE consecutive_failures > 0 ORDER BY consecutive_failures DESC;" 2>&1
echo
echo "=== DONE ==="
REMOTE
- name: Print summary
if: always() && steps.window.outputs.skip != 'true'
run: |
{
echo "## Stage 5 daily monitor — $(date -u +%Y-%m-%d)"
echo
echo '```'
cat /tmp/monitor.log 2>/dev/null || echo "(no output)"
echo '```'
} >> "$GITHUB_STEP_SUMMARY"
- name: Upload as artifact
if: always() && steps.window.outputs.skip != 'true'
uses: actions/upload-artifact@v4
with:
name: monitor-${{ github.run_id }}
path: /tmp/monitor.log
retention-days: 14
- name: Cleanup SSH key
if: always()
run: rm -f ~/.ssh/liderra_deploy
.github/workflows/stage5-investigate-day1.yml
-111
View File
@@ -1,111 +0,0 @@
name: Stage 5 day 1 investigation — round 3 (schema + full rows)
# Round 3: реальные имена колонок hash в audit-таблицах,
# реальные имена FK в supplier_projects/supplier_leads,
# полное содержимое битых строк (599/462) и застрявших лидов (1110/1157).
on:
workflow_dispatch:
jobs:
investigate:
runs-on: ubuntu-latest
timeout-minutes: 10
env:
LIDERRA_HOST: 111.88.246.137
LIDERRA_USER: ubuntu
steps:
- name: Setup SSH key
run: |
mkdir -p ~/.ssh
echo "${{ secrets.LIDERRA_SSH_KEY }}" > ~/.ssh/liderra_deploy
chmod 600 ~/.ssh/liderra_deploy
ssh-keyscan -H ${{ env.LIDERRA_HOST }} >> ~/.ssh/known_hosts 2>/dev/null
- name: Round 3 schema + rows
run: |
ssh -i ~/.ssh/liderra_deploy ${{ env.LIDERRA_USER }}@${{ env.LIDERRA_HOST }} 'bash -s' <<'REMOTE' | tee /tmp/investigate3.log
set +e
cd /var/www/liderra/app
echo "=========================================="
echo "SCHEMAS"
echo "=========================================="
echo
echo "--- activity_log columns ---"
sudo -u postgres psql -d liderra -c "SELECT column_name, data_type FROM information_schema.columns WHERE table_name='activity_log' ORDER BY ordinal_position;"
echo
echo "--- balance_transactions columns ---"
sudo -u postgres psql -d liderra -c "SELECT column_name, data_type FROM information_schema.columns WHERE table_name='balance_transactions' ORDER BY ordinal_position;"
echo
echo "--- supplier_projects columns ---"
sudo -u postgres psql -d liderra -c "SELECT column_name, data_type FROM information_schema.columns WHERE table_name='supplier_projects' ORDER BY ordinal_position;"
echo
echo "--- supplier_leads columns ---"
sudo -u postgres psql -d liderra -c "SELECT column_name, data_type FROM information_schema.columns WHERE table_name='supplier_leads' ORDER BY ordinal_position;"
echo
echo "=========================================="
echo "BROKEN ROWS — full SELECT *"
echo "=========================================="
echo
echo "--- activity_log_y2026_m05 ids 597-601 ---"
sudo -u postgres psql -d liderra -x -c "SELECT * FROM activity_log_y2026_m05 WHERE id BETWEEN 597 AND 601 ORDER BY id;"
echo
echo "--- balance_transactions_y2026_m05 ids 460-464 ---"
sudo -u postgres psql -d liderra -x -c "SELECT * FROM balance_transactions_y2026_m05 WHERE id BETWEEN 460 AND 464 ORDER BY id;"
echo
echo "=========================================="
echo "STUCK LEADS 1110 + 1157"
echo "=========================================="
echo
echo "--- supplier_leads.id IN (1110, 1157) ---"
sudo -u postgres psql -d liderra -x -c "SELECT * FROM supplier_leads WHERE id IN (1110, 1157);"
echo
echo "--- failed_webhook_jobs sample raw_payload for sl_id=1110 (1 row) ---"
sudo -u postgres psql -d liderra -x -c "SELECT * FROM failed_webhook_jobs WHERE raw_payload->>'supplier_lead_id' = '1110' ORDER BY failed_at DESC LIMIT 1;"
echo
echo "--- All supplier_projects with platform B1 ---"
sudo -u postgres psql -d liderra -c "SELECT * FROM supplier_projects WHERE platform='B1' LIMIT 5;"
echo
echo "=========================================="
echo "DONE"
echo "=========================================="
REMOTE
- name: Print summary
if: always()
run: |
{
echo "## Stage 5 day 1 investigation — round 3 schemas"
echo
echo '```'
cat /tmp/investigate3.log 2>/dev/null || echo "(no output)"
echo '```'
} >> "$GITHUB_STEP_SUMMARY"
- name: Upload artifact
if: always()
uses: actions/upload-artifact@v4
with:
name: investigate-day1-round3
path: /tmp/investigate3.log
- name: Cleanup SSH key
if: always()
run: rm -f ~/.ssh/liderra_deploy
.lychee.toml
-6
View File
@@ -28,12 +28,6 @@ exclude = [
# Шаблонные плейсхолдеры
"^\\{\\{.*\\}\\}$",
"^\\[.*\\]$",
# v3.9 hooks удалены Stream G (2026-05-30), CLAUDE.md содержит исторические упоминания
"tools/enforce-chain-recommendation\\.mjs",
"tools/enforce-classifier-match\\.mjs",
"tools/enforce-graph-first\\.mjs",
"tools/enforce-semgrep-security\\.mjs",
"tools/enforce-override-limit\\.mjs",
# localhost и приватные адреса
"^https?://localhost",
"^https?://127\\.0\\.0\\.1",
CLAUDE.md
+2 -28
View File
File diff suppressed because one or more lines are too long
app/app/Console/Commands/AuditRebuildChain.php
-225
View File
@@ -1,225 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Console\Commands;
use App\Services\Audit\AuditChainConfig;
use Illuminate\Console\Command;
use Illuminate\Support\Facades\DB;
/**
* Пересчитывает hash-цепь в указанной партиции аудит-таблицы начиная с заданного id.
*
* ADR-018: воспроизводит per-tenant scope триггера audit_chain_hash() (через RLS).
* Для tenant-таблиц (activity_log/balance_transactions/tenant_operations_log/
* pd_processing_log) отдельная цепочка на каждый tenant. Для BYPASSRLS-таблиц
* (auth_log/saas_admin_audit_log) единая цепочка в пределах партиции.
*
* Алгоритм (Вариант B PHP-iteration с partition awareness):
* 1. SET session_replication_role = replica отключает BEFORE-триггеры.
* 2. Determine partition_clause из AuditChainConfig::TABLES[parent_table].
* 3. Для per-tenant таблиц: получить distinct tenant_ids в range, для каждого:
* - prev_hash = log_hash of last row with id<from-id AND tenant_id=X
* - iterate rows ordered by id, UPDATE + propagate prev_hash forward
* Для BYPASSRLS-таблиц: одна iteration без tenant scope.
* 4. Возвращаем session_replication_role = origin.
*
* NB: row-by-row PHP loop сохранён намеренно (вариант с одиночным CTE и
* LAG страдает snapshot-isolation bug downstream rows используют OLD stored
* prev_hash вместо новых хешей текущего UPDATE'а; chain ломается через >1 row).
*
* Ref: docs/adr/ADR-018-audit-chain-per-tenant-semantics.md
* docs/superpowers/plans/2026-05-29-audit-rebuild-per-tenant-fix.md
*/
final class AuditRebuildChain extends Command
{
protected $signature = 'audit:rebuild-chain
{--partition= : Имя партиции, например activity_log_y2026_m05}
{--from-id= : ID с которого начать пересчёт (включительно)}
{--dry-run : Показать сколько строк затронет, без UPDATE}
{--force : Пропустить интерактивное подтверждение (для CI/тестов)}';
protected $description = 'Пересчитать hash-цепь партиции аудит-таблицы (per-tenant per ADR-018)';
public function handle(): int
{
$partition = (string) $this->option('partition');
$fromId = (int) $this->option('from-id');
$dryRun = (bool) $this->option('dry-run');
$force = (bool) $this->option('force');
if ($partition === '' || $fromId <= 0) {
$this->error('--partition и --from-id обязательны');
return self::FAILURE;
}
$parentTable = (string) preg_replace('/_y\d{4}_m\d{2}$/', '', $partition);
if (! array_key_exists($parentTable, AuditChainConfig::TABLES)) {
$this->error("Partition '{$partition}' не относится к поддерживаемым аудит-таблицам.");
$this->line('Поддерживаемые: '.implode(', ', array_keys(AuditChainConfig::TABLES)));
return self::FAILURE;
}
$partitionClause = AuditChainConfig::TABLES[$parentTable]['partition'];
$rowExpr = AuditChainConfig::rowExpression($parentTable);
$count = DB::connection('pgsql_supplier')
->table($partition)
->where('id', '>=', $fromId)
->count();
$scopeLabel = $partitionClause !== '' ? $partitionClause : 'global (within partition)';
$this->info("Партиция : {$partition}");
$this->info("Родитель : {$parentTable}");
$this->info("Scope : {$scopeLabel}");
$this->info("От id : {$fromId}");
$this->info("Строк : {$count}");
if ($count === 0) {
$this->warn('Нет строк с id >= '.$fromId.'. Пересчёт не нужен.');
return self::SUCCESS;
}
if ($dryRun) {
$this->warn('--dry-run: UPDATE не выполнен.');
return self::SUCCESS;
}
if (! $force && ! $this->confirm(
"Пересчитать log_hash для {$count} строк в {$partition} (scope: {$scopeLabel})? Это изменит данные в проде.",
false,
)) {
$this->warn('Отменено.');
return self::FAILURE;
}
// Disable BEFORE triggers (audit_block_mutation blocks UPDATE).
// Use session-level SET so it works even inside a wrapping transaction
// (e.g. DatabaseTransactions in tests). Reset in finally.
DB::connection('pgsql_supplier')->statement("SET session_replication_role = 'replica'");
try {
$totalUpdated = 0;
if ($partitionClause === 'PARTITION BY tenant_id') {
// Per-tenant rebuild — separate scope iteration per tenant.
$tenantIds = DB::connection('pgsql_supplier')
->table($partition)
->where('id', '>=', $fromId)
->distinct()
->pluck('tenant_id')
->all();
foreach ($tenantIds as $tenantId) {
$totalUpdated += $this->rebuildScope(
$partition,
$rowExpr,
$fromId,
'tenant_id',
(int) $tenantId,
);
}
} else {
// BYPASSRLS-таблицы (auth_log, saas_admin_audit_log) — global scope.
$totalUpdated = $this->rebuildScope($partition, $rowExpr, $fromId, null, null);
}
$this->info("Обновлено {$totalUpdated} строк в {$partition}.");
} finally {
DB::connection('pgsql_supplier')->statement("SET session_replication_role = 'origin'");
}
$this->info('Готово. Запустите audit:verify-chains для проверки целостности.');
return self::SUCCESS;
}
/**
* Пересчитывает chain для одного scope (tenant или global).
*
* Iterative PHP loop: prev_hash propagate'ится forward через каждый row,
* UPDATE применяется immediately чтобы snapshot для следующей iteration
* был свежий (default PG READ COMMITTED own writes visible immediately).
*
* @param string|null $tenantColumn 'tenant_id' для per-tenant scope, null для global
* @param int|null $tenantValue значение tenant_id для этого scope (если применимо)
*/
private function rebuildScope(
string $partition,
string $rowExpr,
int $fromId,
?string $tenantColumn,
?int $tenantValue,
): int {
// Find prev_hash (last row before fromId within scope).
$prevQuery = DB::connection('pgsql_supplier')
->table($partition)
->where('id', '<', $fromId);
if ($tenantColumn !== null) {
$prevQuery->where($tenantColumn, $tenantValue);
}
$prevHashRow = $prevQuery->orderByDesc('id')->first(['log_hash']);
$prevHashHex = $this->bytesToHex($prevHashRow?->log_hash);
// Get rows to rebuild ordered by id.
$rowsQuery = DB::connection('pgsql_supplier')
->table($partition)
->where('id', '>=', $fromId);
if ($tenantColumn !== null) {
$rowsQuery->where($tenantColumn, $tenantValue);
}
$rows = $rowsQuery->orderBy('id')->get(['id']);
$updated = 0;
foreach ($rows as $row) {
$prevHashExpr = $prevHashHex !== null
? "'{$prevHashHex}'::bytea"
: "''::bytea";
$sql = "
UPDATE {$partition}
SET log_hash = (
SELECT digest(
COALESCE({$prevHashExpr}, ''::bytea)
|| (SELECT {$rowExpr}::text::bytea FROM {$partition} t WHERE t.id = ?)
, 'sha256'
)
)
WHERE id = ?
RETURNING log_hash
";
$result = DB::connection('pgsql_supplier')->selectOne($sql, [$row->id, $row->id]);
$updated++;
$prevHashHex = $this->bytesToHex($result?->log_hash);
}
return $updated;
}
/**
* Convert a BYTEA value (PHP resource or string) to hex literal for SQL.
* PostgreSQL PDO driver returns BYTEA as a PHP stream resource.
*/
private function bytesToHex(mixed $value): ?string
{
if ($value === null) {
return null;
}
$bin = is_resource($value) ? stream_get_contents($value) : (string) $value;
if ($bin === '' || $bin === false) {
return null;
}
return '\\x'.bin2hex($bin);
}
}
app/app/Console/Commands/IncidentsWatchFailures.php
+6 -42
View File
@@ -27,13 +27,12 @@ class IncidentsWatchFailures extends Command
private const DB_CONNECTION = 'pgsql_supplier';
protected $signature = 'incidents:watch-failures
{--window=10 : Окно сканирования в минутах}
{--threshold=200 : Порог спайка для failed_webhook_jobs}
{--threshold-spike=10 : Порог спайка для failed_jobs (за окно)}
{--threshold-daily=50 : Порог суммы за 24ч для failed_jobs}
{--persistent-hours=3 : Порог возраста persistent-exception для failed_jobs}
{--dedup-window=60 : Окно дедупа открытых инцидентов в минутах}
{--threshold-single-lead=1000 : Порог storm detection: failures одного supplier_lead_id за окно}';
{--window=10 : Окно сканирования в минутах}
{--threshold=200 : Порог спайка для failed_webhook_jobs}
{--threshold-spike=10 : Порог спайка для failed_jobs (за окно)}
{--threshold-daily=50 : Порог суммы за 24ч для failed_jobs}
{--persistent-hours=3 : Порог возраста persistent-exception для failed_jobs}
{--dedup-window=60 : Окно дедупа открытых инцидентов в минутах}';
protected $description = 'Сканирует failed_webhook_jobs и failed_jobs, создаёт incidents_log на превышение порогов';
@@ -46,8 +45,6 @@ class IncidentsWatchFailures extends Command
$persistentHours = (int) $this->option('persistent-hours');
$dedupMinutes = (int) $this->option('dedup-window');
$thresholdSingleLead = (int) $this->option('threshold-single-lead');
$since = Carbon::now()->subMinutes($windowMinutes);
$since24h = Carbon::now()->subHours(24);
$dedupAt = Carbon::now()->subMinutes($dedupMinutes);
@@ -188,39 +185,6 @@ class IncidentsWatchFailures extends Command
$this->info("Job persistent [medium]: {$jobClass}");
}
// ===== БЛОК 5: single-lead storm detection =====
// Detects случай когда один supplier_lead_id генерирует >= threshold
// failures за окно — классический шторм от застрявшего лида (Finding 2,
// 2026-05-29). Создаём severity=high инцидент per lead_id.
if ($thresholdSingleLead > 0) {
$stormLeads = DB::connection(self::DB_CONNECTION)
->table('failed_webhook_jobs')
->selectRaw("raw_payload->>'supplier_lead_id' AS lead_id, COUNT(*) AS cnt")
->whereNull('resolved_at')
->where('failed_at', '>=', $since)
->whereRaw("raw_payload ?? 'supplier_lead_id'")
->groupByRaw("raw_payload->>'supplier_lead_id'")
->havingRaw('COUNT(*) >= ?', [$thresholdSingleLead])
->get();
foreach ($stormLeads as $row) {
$leadId = $row->lead_id;
$cnt = (int) $row->cnt;
$dedupKey = "single-lead-storm:{$leadId}";
if ($this->isDup($dedupKey, $dedupAt)) {
$this->line("Skipping single-lead-storm (dedup): {$dedupKey}");
continue;
}
$summary = "Автоматически: single-lead-storm {$cnt} failures supplier_lead_id={$leadId} за {$windowMinutes} мин. Вероятная причина: terminal error без fast-fail guard.";
$this->createIncident($adminId, 'other', 'high', $summary, $since, $now, $dedupKey);
$created++;
$this->info("Single-lead storm [high]: lead_id={$leadId}{$cnt}");
}
}
$this->info("Done. Created {$created} incident(s).");
return self::SUCCESS;
app/app/Console/Commands/SupplierRekeyOrphansCommand.php
-128
View File
@@ -1,128 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Console\Commands;
use App\Jobs\Supplier\DeleteSupplierProjectJob;
use Illuminate\Console\Command;
use Illuminate\Support\Facades\DB;
/**
* One-time migration: clean up orphan supplier_projects rows created by the
* now-removed buildUniqueKey($p, $platform) divergence for SMS+keyword projects.
*
* Before R-17 unification (Stage 4 §4.4.1) SMS+keyword projects had two diverging
* supplier_projects keys per group:
* B2: unique_key = sender+keyword
* B3: unique_key = sender (without keyword) ORPHAN after unification
*
* This command finds orphan B3 rows (sms, no '+' in unique_key, owning project has
* sms_keyword) and either UPDATEs them to sender+keyword (no sibling) or marks them
* for deletion via DeleteSupplierProjectJob (sibling at sender+keyword already exists).
*
* Usage:
* php artisan supplier:rekey-orphans --dry-run # preview
* php artisan supplier:rekey-orphans # apply
*
* Spec §4.4.1.
*/
final class SupplierRekeyOrphansCommand extends Command
{
protected $signature = 'supplier:rekey-orphans {--dry-run : Preview without modifying anything}';
protected $description = 'One-time R-17 cleanup of orphan SMS supplier_projects keyed under sender alone';
public function handle(): int
{
$dryRun = (bool) $this->option('dry-run');
// Find candidate orphans: sms supplier_projects whose unique_key has no '+'
// and whose tenant has an SMS project with sms_keyword set matching this sender.
$orphans = DB::connection('pgsql_supplier')
->table('supplier_projects as sp')
->join('project_supplier_links as psl', 'psl.supplier_project_id', '=', 'sp.id')
->join('projects as p', 'p.id', '=', 'psl.project_id')
->where('sp.signal_type', 'sms')
->where('sp.unique_key', 'NOT LIKE', '%+%')
->whereNotNull('p.sms_keyword')
->where('p.sms_keyword', '!=', '')
->select([
'sp.id as sp_id',
'sp.unique_key as sender',
'sp.platform',
'p.tenant_id',
'p.sms_keyword as keyword',
])
->get();
if ($orphans->isEmpty()) {
$this->info('No orphan SMS supplier_projects found. Nothing to migrate.');
return self::SUCCESS;
}
$this->info(sprintf('Found %d orphan SMS supplier_projects row(s).', $orphans->count()));
$updated = 0;
$dispatched = 0;
$toDelete = [];
foreach ($orphans as $o) {
$sender = (string) $o->sender;
$keyword = (string) $o->keyword;
$newKey = $sender.'+'.$keyword;
// Sibling check: another supplier_project for same tenant/keyword combo already
// exists at the unified key? Look across pivot to the same tenant scope.
$siblingExists = DB::connection('pgsql_supplier')
->table('supplier_projects as sp2')
->join('project_supplier_links as psl2', 'psl2.supplier_project_id', '=', 'sp2.id')
->join('projects as p2', 'p2.id', '=', 'psl2.project_id')
->where('sp2.signal_type', 'sms')
->where('sp2.unique_key', $newKey)
->where('p2.tenant_id', $o->tenant_id)
->where('sp2.id', '!=', $o->sp_id)
->exists();
if ($siblingExists) {
$toDelete[] = (int) $o->sp_id;
$this->line(sprintf(
' orphan #%d (%s sender=%s) → DELETE (sibling at %s exists for tenant %d)',
$o->sp_id, $o->platform, $sender, $newKey, $o->tenant_id
));
continue;
}
$this->line(sprintf(
' orphan #%d (%s sender=%s) → UPDATE unique_key=%s',
$o->sp_id, $o->platform, $sender, $newKey
));
if (! $dryRun) {
DB::connection('pgsql_supplier')
->table('supplier_projects')
->where('id', $o->sp_id)
->update(['unique_key' => $newKey, 'updated_at' => now()]);
$updated++;
}
}
if (! $dryRun && $toDelete !== []) {
DeleteSupplierProjectJob::dispatch($toDelete);
$dispatched = count($toDelete);
}
if ($dryRun) {
$this->warn('--dry-run: no changes made.');
} else {
$this->info(sprintf(
'Migration complete: %d row(s) updated, %d row(s) queued for deletion.',
$updated, $dispatched
));
}
return self::SUCCESS;
}
}
app/app/Console/Commands/VerifyAuditChains.php
+178 -5
View File
@@ -5,7 +5,6 @@ declare(strict_types=1);
namespace App\Console\Commands;
use App\Mail\AuditChainBreachMail;
use App\Services\Audit\AuditChainConfig;
use Illuminate\Console\Command;
use Illuminate\Support\Carbon;
use Illuminate\Support\Facades\DB;
@@ -84,12 +83,166 @@ class VerifyAuditChains extends Command
protected $description = 'Проверяет целостность SHA-256 hash-chain в 6 audit-таблицах (per-partition)';
/**
* Конфигурация таблиц: имя таблицы [columns, partition_clause].
*
* columns: список столбцов строго в порядке ordinal_position из db/schema.sql.
* Специальное значение '__log_hash__' маркер позиции log_hash NULL::bytea.
*
* partition_clause: SQL-фрагмент для OVER (PARTITION BY ORDER BY id),
* воспроизводящий RLS-scope триггера внутри одной партиции.
* Пустая строка = глобальная цепочка внутри партиции.
*
* @var array<string, array{columns: list<string>, partition: string}>
*/
private const TABLE_CONFIG = [
// auth_log:
// RLS: actor_type='tenant_user' AND tenant_id = current_setting(...)
// Tenant-сессия видит только (actor_type='tenant_user', tenant_id=N).
// saas_admin-сессия BYPASSRLS — видит всё.
// Partition (actor_type, tenant_id) воспроизводит оба случая:
// каждая пара образует независимую цепочку.
'auth_log' => [
'columns' => [
'id',
'actor_type',
'tenant_id',
'user_id',
'saas_admin_user_id',
'email',
'event',
'ip_address',
'user_agent',
'failure_reason',
'__log_hash__', // log_hash → NULL::bytea
'created_at',
],
// global chain: auth_log пишется при ЛОГИНЕ под BYPASSRLS-роль
// (tenant ещё не установлен — пользователь не аутентифицирован),
// поэтому триггерный prev-SELECT видит ВСЕ строки → цепочка глобальная
// внутри данной партиции (эмпирически подтверждено прод-smoke).
'partition' => '',
],
// activity_log:
// RLS: tenant_id = current_setting(...) — простая tenant-изоляция.
// Partition: tenant_id.
'activity_log' => [
'columns' => [
'id',
'tenant_id',
'user_id',
'deal_id',
'event',
'old_value',
'new_value',
'context',
'ip_address',
'user_agent',
'__log_hash__', // log_hash → NULL::bytea
'created_at',
],
'partition' => 'PARTITION BY tenant_id',
],
// tenant_operations_log:
// RLS: tenant_id = current_setting(...) — простая tenant-изоляция.
// Partition: tenant_id.
'tenant_operations_log' => [
'columns' => [
'id',
'tenant_id',
'user_id',
'entity_type',
'entity_id',
'event',
'payload_before',
'payload_after',
'ip_address',
'user_agent',
'__log_hash__', // log_hash → NULL::bytea
'created_at',
],
'partition' => 'PARTITION BY tenant_id',
],
// balance_transactions:
// RLS: tenant_id = current_setting(...) — простая tenant-изоляция.
// Partition: tenant_id.
'balance_transactions' => [
'columns' => [
'id',
'tenant_id',
'type',
'amount_rub',
'amount_leads',
'balance_rub_after',
'balance_leads_after',
'description',
'related_type',
'related_id',
'user_id',
'admin_user_id',
'__log_hash__', // log_hash → NULL::bytea
'created_at',
],
'partition' => 'PARTITION BY tenant_id',
],
// pd_processing_log:
// RLS: tenant_id = current_setting(...) — простая tenant-изоляция.
// Partition: tenant_id.
'pd_processing_log' => [
'columns' => [
'id',
'tenant_id',
'subject_type',
'subject_id',
'action',
'purpose',
'actor_tenant_user_id',
'actor_admin_user_id',
'ip_address',
'__log_hash__', // log_hash → NULL::bytea
'created_at',
],
'partition' => 'PARTITION BY tenant_id',
],
// saas_admin_audit_log:
// Нет RLS-политики для tenant-ролей (REVOKE ALL FROM crm_app_user).
// Вставляет только crm_admin_user (BYPASSRLS) — триггер's SELECT
// видит ВСЕ строки партиции → цепочка глобальная внутри партиции.
// Partition: нет (пустая строка = ORDER BY id без PARTITION BY).
'saas_admin_audit_log' => [
'columns' => [
'id',
'admin_user_id',
'action',
'target_type',
'target_id',
'target_tenant_id',
'payload_before',
'payload_after',
'reason',
'ip_address',
'user_agent',
'requires_approval',
'approved_by',
'approved_at',
'__log_hash__', // log_hash → NULL::bytea
'created_at',
],
'partition' => '', // global chain within partition — inserting role is BYPASSRLS
],
];
public function handle(): int
{
$anyBreach = false;
$now = Carbon::now();
foreach (AuditChainConfig::TABLES as $table => $config) {
foreach (self::TABLE_CONFIG as $table => $config) {
// Get all partitions for this table via pg_inherits.
$partitions = $this->listPartitions($table);
@@ -99,7 +252,7 @@ class VerifyAuditChains extends Command
}
foreach ($partitions as $partitionName) {
$breaches = $this->checkPartition($partitionName, $table, $config['partition']);
$breaches = $this->checkPartition($partitionName, $config['columns'], $config['partition']);
if (empty($breaches)) {
$this->line("{$partitionName}: chain intact");
@@ -168,11 +321,12 @@ class VerifyAuditChains extends Command
* где ROW(...) имеет NULL::bytea на позиции log_hash.
* 4. Возвращает строки, где stored IS DISTINCT FROM recomputed.
*
* @param list<string> $columns
* @return list<object>
*/
private function checkPartition(string $partitionName, string $table, string $partition): array
private function checkPartition(string $partitionName, array $columns, string $partition): array
{
$rowExpr = AuditChainConfig::rowExpression($table);
$rowExpr = $this->buildRowExpression($columns);
// Build OVER clause: with or without PARTITION BY depending on table's RLS scope.
$overClause = $partition !== ''
@@ -212,6 +366,25 @@ class VerifyAuditChains extends Command
return $results;
}
/**
* Строит SQL-выражение ROW(col1, col2, ..., NULL::bytea, ..., coln)
* с NULL::bytea на месте log_hash.
*
* Пример для auth_log:
* ROW(t.id, t.actor_type, t.tenant_id, ..., NULL::bytea, t.created_at)
*
* @param list<string> $columns
*/
private function buildRowExpression(array $columns): string
{
$parts = [];
foreach ($columns as $col) {
$parts[] = ($col === '__log_hash__') ? 'NULL::bytea' : "t.{$col}";
}
return 'ROW('.implode(', ', $parts).')';
}
/**
* Вставляет запись в incidents_log (через pgsql_supplier BYPASSRLS).
* Дедупликация: не создаёт повторный инцидент для той же таблицы,
app/app/Jobs/Billing/BalancePreflightSweepJob.php
+1 -24
View File
@@ -71,19 +71,8 @@ final class BalancePreflightSweepJob implements ShouldQueue
// Переход active → frozen.
if (! $result->passes && ! $isFrozen) {
$freezeAt = now();
$tenant->frozen_by_balance_at = $freezeAt;
$tenant->frozen_by_balance_at = now();
$tenant->save();
// Stage 3 R-13 (spec §4.3.2): помечаем все непаузнутые проекты
// тенанта моментом заморозки. Это даёт SupplierSnapshotGuard
// зацепку (paused_at свежее grace-периода) — клиент не сможет
// удалить/сменить источник пока хвост слепка ещё может прилететь.
DB::connection('pgsql_supplier')->table('projects')
->where('tenant_id', $tenant->id)
->whereNull('paused_at')
->update(['paused_at' => $freezeAt]);
$this->logEvent($tenant, 'frozen', 'cutoff_18msk', $result);
Mail::queue(new BalanceFrozenMail($tenant, $result));
$this->dispatchSupplierSyncIfOnline($tenant);
@@ -93,20 +82,8 @@ final class BalancePreflightSweepJob implements ShouldQueue
// Переход frozen → active.
if ($result->passes && $isFrozen) {
// Stage 3 R-13: фиксируем frozen-moment ДО $tenant->save() — нужно
// для фильтра отката paused_at. Очищаем только те проекты,
// у которых paused_at >= frozen_at_was (== поставленные нами на паузу
// в freeze-блоке). Ручные паузы клиента ДО заморозки имеют
// paused_at < frozen_at_was и сохраняются.
$frozenAtWas = $tenant->frozen_by_balance_at;
$tenant->frozen_by_balance_at = null;
$tenant->save();
DB::connection('pgsql_supplier')->table('projects')
->where('tenant_id', $tenant->id)
->where('paused_at', '>=', $frozenAtWas)
->update(['paused_at' => null]);
$this->logEvent($tenant, 'unfrozen', 'cutoff_18msk', $result);
Mail::queue(new BalanceUnfrozenMail($tenant, $result));
$this->dispatchSupplierSyncIfOnline($tenant);
app/app/Jobs/RouteSupplierLeadJob.php
-26
View File
@@ -116,32 +116,6 @@ class RouteSupplierLeadJob implements ShouldQueue
return;
}
// Fast-fail: лид уже был помечен terminal error и не имеет processed_at.
// Закрывает класс failed_webhook_jobs storm (Finding 2, 2026-05-29).
// Plan 2026-05-29-supplier-webhook-fast-fail-and-stuck-cleanup.md, Task 2.
$isTerminalError = $lead->error !== null && (
str_contains($lead->error, 'does not support')
|| str_contains($lead->error, 'platform mismatch')
|| str_contains($lead->error, 'no matching supplier_project')
);
if ($isTerminalError) {
// Capture original error BEFORE update — $lead->update() mutates
// the in-memory model, so $lead->error after update() returns the
// suffixed value, breaking debug logs (review fix).
// быстрый коммит
$originalError = $lead->error;
$lead->update([
'processed_at' => now(),
'error' => $originalError.' [fast-failed by RouteSupplierLeadJob]',
]);
Log::info('supplier_lead.fast_failed_terminal_error', [
'supplier_lead_id' => $lead->id,
'original_error' => $originalError,
]);
return;
}
$projectField = (string) ($lead->raw_payload['project'] ?? '');
[$platform, $signalType, $identifier] = $this->parseProjectField($projectField);
app/app/Jobs/Supplier/CsvReconcileJob.php
-68
View File
@@ -204,13 +204,6 @@ final class CsvReconcileJob implements ShouldQueue
->where('id', $logId)
->update($update);
// R-05 / §4.4.4 second pass — business-drift on project_routing_snapshots.
// Detects tenants where supplier under-delivered against the slepok plan
// (shortfall = (expected - delivered) / expected > 20%). Orthogonal to
// webhook-loss drift above — same lead can be missing from CSV AND from
// delivered_count (compounding R-05.1 + R-05.2).
$this->detectAndAlertBusinessDrift($mailer, $windowStart, $windowEnd);
} catch (Throwable $e) {
// $logId === null — упал сам insertGetId, log-строки нет, обновлять нечего.
if ($logId !== null) {
@@ -258,65 +251,4 @@ final class CsvReconcileJob implements ShouldQueue
return null;
}
/**
* R-05 (Stage 4 §4.4.4) business-drift second pass.
*
* Поверх существующего webhook-loss drift (R-05.1: «лид прилетел, мы webhook'а не
* получили») ищем business-drift (R-05.2: «лид прилетел, мы доставили не тому/никому»):
* для каждой пары (snapshot_date, tenant_id) считаем SUM(expected_volume) и
* SUM(delivered_count) по `project_routing_snapshots`, при shortfall > 20% шлём
* `TenantBusinessDriftAlertMail` админу.
*
* Окно то же что у текущего CSV-reconcile run. Один email на тенанта на дату.
*/
private const BUSINESS_DRIFT_THRESHOLD = 0.20;
private function detectAndAlertBusinessDrift(
Mailer $mailer,
\Carbon\CarbonInterface $windowStart,
\Carbon\CarbonInterface $windowEnd,
): void {
$from = $windowStart->toDateString();
$to = $windowEnd->toDateString();
$rows = DB::connection(self::DB_CONNECTION)
->table('project_routing_snapshots')
->whereBetween('snapshot_date', [$from, $to])
->groupBy('snapshot_date', 'tenant_id')
->selectRaw('snapshot_date, tenant_id, SUM(expected_volume) AS expected, SUM(delivered_count) AS delivered')
->havingRaw('SUM(expected_volume) > 0')
->get();
foreach ($rows as $row) {
$expected = (int) $row->expected;
$delivered = (int) $row->delivered;
if ($expected <= 0) {
continue;
}
$shortfall = ($expected - $delivered) / $expected;
if ($shortfall <= self::BUSINESS_DRIFT_THRESHOLD) {
continue;
}
$mailer->to((string) config('services.supplier.alert_email'))
->send(new \App\Mail\TenantBusinessDriftAlertMail(
tenantId: (int) $row->tenant_id,
snapshotDate: (string) $row->snapshot_date,
expected: $expected,
delivered: $delivered,
shortfallRatio: $shortfall,
windowStart: $windowStart,
windowEnd: $windowEnd,
));
Log::warning('csv_reconcile.business_drift_alert', [
'tenant_id' => (int) $row->tenant_id,
'snapshot_date' => (string) $row->snapshot_date,
'expected' => $expected,
'delivered' => $delivered,
'shortfall' => $shortfall,
]);
}
}
}
app/app/Jobs/SyncSupplierProjectJob.php
+5 -31
View File
@@ -107,16 +107,13 @@ class SyncSupplierProjectJob implements ShouldQueue
return;
}
// R-17 (Stage 4 §4.4.1): unified agnostic key (was buildUniqueKey($p, $platform[0])
// which diverged for SMS — B3 used sender alone while B2 used sender+keyword;
// created orphan supplier_projects rows during sharing rebalance).
$identifier = SupplierProjectGrouping::buildUniqueKeyAgnostic($project);
$identifier = SupplierProjectGrouping::buildUniqueKey($project, $platforms[0]);
// GROUP recompute (multi-client): an online edit of ONE project must recompute the
// WHOLE group sharing this identifier — otherwise it overwrites siblings' regions/
// limit/days until the nightly batch. Mirrors SyncSupplierProjectsJob::syncGroup so
// online and nightly produce identical supplier state.
$agnostic = $identifier;
$agnostic = SupplierProjectGrouping::buildUniqueKeyAgnostic($project);
$groupProjects = Project::on(self::DB_CONNECTION)
->where('is_active', true)
->where('signal_type', (string) $project->signal_type)
@@ -128,9 +125,8 @@ class SyncSupplierProjectJob implements ShouldQueue
$groupActive = $groupProjects->isNotEmpty();
$status = $groupActive ? 'active' : 'paused';
// eligible target_date → order/workdays (mirror nightly's eligibility window).
// R-18 (Stage 4 §4.4.2): see ::targetWeekdayForNow().
$targetWeekday = self::targetWeekdayForNow();
// eligible tomorrow → order/workdays (mirror nightly's eligibility window).
$targetWeekday = Carbon::tomorrow('Europe/Moscow')->isoWeekday();
$eligible = $groupProjects->filter(
fn (Project $gp) => ((int) $gp->delivery_days_mask & (1 << ($targetWeekday - 1))) !== 0
)->values();
@@ -388,10 +384,8 @@ class SyncSupplierProjectJob implements ShouldQueue
$platforms = SupplierProjectGrouping::resolvePlatforms($project);
$workdays = $this->workdaysFromMask((int) $project->delivery_days_mask);
// R-17 (Stage 4 §4.4.1): same agnostic key for all platforms in this batch run
// (was per-platform divergence for SMS — created orphan rows).
$uniqueKey = SupplierProjectGrouping::buildUniqueKeyAgnostic($project);
foreach ($platforms as $platform) {
$uniqueKey = SupplierProjectGrouping::buildUniqueKey($project, $platform);
$column = 'supplier_'.strtolower($platform).'_project_id';
// Idempotency: local supplier_projects-запись уже есть?
@@ -543,24 +537,4 @@ class SyncSupplierProjectJob implements ShouldQueue
return $out;
}
/**
* R-18 (Stage 4 §4.4.2): ISO target weekday for online supplier sync.
*
* Slepok cut-off boundary is 21:00 МСК (matches supplier's snapshot fix-point), not midnight.
* hour < 21 МСК target = today + 1 day
* hour >= 21 МСК target = today + 2 days
*
* Before fix: `Carbon::tomorrow('Europe/Moscow')->isoWeekday()` flipped target at midnight
* (Thu 23:59 Fri; Fri 00:01 Sat), mis-aligning portal sync with supplier's already-fixed
* slepok. The post-21:00 portion of day N belongs to slepok dated N+1 (effective day N+2).
*/
public static function targetWeekdayForNow(): int
{
$msk = Carbon::now('Europe/Moscow');
return $msk->hour >= 21
? $msk->copy()->addDays(2)->startOfDay()->isoWeekday()
: $msk->copy()->addDay()->startOfDay()->isoWeekday();
}
}
app/app/Mail/TenantBusinessDriftAlertMail.php
-51
View File
@@ -1,51 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Mail;
use Carbon\CarbonInterface;
use Illuminate\Bus\Queueable;
use Illuminate\Mail\Mailable;
use Illuminate\Mail\Mailables\Content;
use Illuminate\Mail\Mailables\Envelope;
use Illuminate\Queue\SerializesModels;
/**
* Email алерт админу Лидерры о business-shortfall'е тенанта: snapshot ожидал
* объём X, фактически доставили Y и (X-Y)/X > порога (20%).
*
* Отдельно от CsvDriftAlertMail тот ловит webhook-loss (CSV vs БД),
* этот bizness-drift (snapshot.expected vs delivered).
*
* Stage 4 §4.4.4 R-05.
*/
final class TenantBusinessDriftAlertMail extends Mailable
{
use Queueable;
use SerializesModels;
public function __construct(
public readonly int $tenantId,
public readonly string $snapshotDate,
public readonly int $expected,
public readonly int $delivered,
public readonly float $shortfallRatio,
public readonly CarbonInterface $windowStart,
public readonly CarbonInterface $windowEnd,
) {}
public function envelope(): Envelope
{
$pct = number_format($this->shortfallRatio * 100, 1, ',', ' ');
return new Envelope(
subject: "Лидерра ↔ Поставщик: business-shortfall tenant #{$this->tenantId} за {$this->snapshotDate} ({$pct}%)",
);
}
public function content(): Content
{
return new Content(view: 'emails.tenant_business_drift_alert');
}
}
app/app/Models/PdSubjectRequest.php
-2
View File
@@ -29,8 +29,6 @@ use Illuminate\Support\Facades\DB;
* @property string $deadline_at
* @property string|null $completed_at
* @property bool $processing_restricted
*
* @mixin IdeHelperPdSubjectRequest
*/
class PdSubjectRequest extends Model
{
app/app/Models/SupplierLeadDelivery.php
-3
View File
@@ -8,15 +8,12 @@ use Illuminate\Database\Eloquent\Model;
/**
* Замок «поставка клиент» (Billing v2 Spec B). Композитный PK без автоинкремента.
*
* Пишется в шеринг-пути (RouteSupplierLeadJob) через insertOrIgnore под RLS-контекстом.
*
* @property int $supplier_lead_id
* @property int $tenant_id
* @property int|null $deal_id
* @property string $created_at
*
* @mixin IdeHelperSupplierLeadDelivery
*/
class SupplierLeadDelivery extends Model
{
app/app/Models/SupplierManualSyncQueue.php
-2
View File
@@ -25,8 +25,6 @@ use Illuminate\Support\Carbon;
* @property int|null $resolved_by_user_id
* @property Carbon|null $created_at
* @property Carbon|null $resolved_at
*
* @mixin IdeHelperSupplierManualSyncQueue
*/
class SupplierManualSyncQueue extends Model
{
app/app/Models/Tenant.php
+3 -62
View File
@@ -10,7 +10,6 @@ use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\Relations\BelongsTo;
use Illuminate\Database\Eloquent\Relations\HasMany;
use Illuminate\Database\Eloquent\SoftDeletes;
use Illuminate\Support\Facades\DB;
/**
* Тенант клиент SaaS-портала Лидерра.
@@ -91,67 +90,9 @@ class Tenant extends Model
*/
public function requiredLeadsForTomorrow(): int
{
// R-19 (Stage 4 §4.4.3): share-aware preflight. For each active project
// count the tenant's PROPORTIONAL share of the supplier group order (not
// the raw daily_limit_target), since the supplier caps the group at
// max(max(limits), ceil(Σ/3)) and splits it across all clients sharing
// the same signal_identifier. Legacy projects (signal_type=null —
// webhook-only, no supplier sharing) still count their full limit.
$projects = $this->projects()->where('is_active', true)->get();
if ($projects->isEmpty()) {
return 0;
}
$total = 0;
foreach ($projects as $p) {
// Webhook-only legacy projects don't participate in supplier sharing.
if (! in_array($p->signal_type, ['site', 'call', 'sms'], true)) {
$total += (int) $p->daily_limit_target;
continue;
}
$groupLimits = DB::connection('pgsql_supplier')
->table('projects')
->where('is_active', true)
->where('signal_type', $p->signal_type)
->where(function ($q) use ($p): void {
if (in_array($p->signal_type, ['site', 'call'], true)) {
$q->where('signal_identifier', $p->signal_identifier);
} else {
// sms: agnostic group is (first sender, keyword-or-NULL).
$firstSender = (string) ($p->sms_senders[0] ?? '');
$q->whereJsonContains('sms_senders', $firstSender);
if ($p->sms_keyword !== null && $p->sms_keyword !== '') {
$q->where('sms_keyword', $p->sms_keyword);
} else {
$q->whereNull('sms_keyword');
}
}
})
->pluck('daily_limit_target')
->all();
if ($groupLimits === []) {
// Edge: project not yet visible from pgsql_supplier view (cross-conn race).
// Conservatively count full limit — avoids underestimating preflight.
$total += (int) $p->daily_limit_target;
continue;
}
$intLimits = array_map('intval', $groupLimits);
$sum = (int) array_sum($intLimits);
$max = (int) max($intLimits);
$groupOrder = max($max, (int) ceil($sum / 3));
if ($sum > 0) {
$share = (int) ceil($groupOrder * ((int) $p->daily_limit_target / $sum));
$total += $share;
}
}
return $total;
return (int) $this->projects()
->where('is_active', true)
->sum('daily_limit_target');
}
/** @return BelongsTo<TariffPlan, $this> */
app/app/Services/Audit/AuditChainConfig.php
-104
View File
@@ -1,104 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Services\Audit;
use InvalidArgumentException;
/**
* Shared config hash-chain for 6 audit tables.
*
* Single source of truth for writer (db/schema.sql trigger audit_chain_hash()),
* verify (App\Console\Commands\VerifyAuditChains) and rebuild
* (App\Console\Commands\AuditRebuildChain).
*
* ADR-018: per-tenant via RLS scope for tenant tables,
* global for BYPASSRLS tables.
*
* columns: list in ordinal_position order from db/schema.sql.
* '__log_hash__' -- marker for log_hash position -> NULL::bytea in ROW().
*
* partition: SQL fragment for OVER (PARTITION BY ... ORDER BY id),
* reproducing the RLS-scope of the trigger.
* '' = global chain within partition (for BYPASSRLS tables).
*/
final class AuditChainConfig
{
/**
* @var array<string, array{columns: list<string>, partition: string}>
*/
public const TABLES = [
'auth_log' => [
'columns' => [
'id', 'actor_type', 'tenant_id', 'user_id', 'saas_admin_user_id',
'email', 'event', 'ip_address', 'user_agent', 'failure_reason',
'__log_hash__', 'created_at',
],
'partition' => '',
],
'activity_log' => [
'columns' => [
'id', 'tenant_id', 'user_id', 'deal_id', 'event',
'old_value', 'new_value', 'context', 'ip_address', 'user_agent',
'__log_hash__', 'created_at',
],
'partition' => 'PARTITION BY tenant_id',
],
'tenant_operations_log' => [
'columns' => [
'id', 'tenant_id', 'user_id', 'entity_type', 'entity_id',
'event', 'payload_before', 'payload_after', 'ip_address', 'user_agent',
'__log_hash__', 'created_at',
],
'partition' => 'PARTITION BY tenant_id',
],
'balance_transactions' => [
'columns' => [
'id', 'tenant_id', 'type', 'amount_rub', 'amount_leads',
'balance_rub_after', 'balance_leads_after', 'description',
'related_type', 'related_id', 'user_id', 'admin_user_id',
'__log_hash__', 'created_at',
],
'partition' => 'PARTITION BY tenant_id',
],
'pd_processing_log' => [
'columns' => [
'id', 'tenant_id', 'subject_type', 'subject_id', 'action',
'purpose', 'actor_tenant_user_id', 'actor_admin_user_id', 'ip_address',
'__log_hash__', 'created_at',
],
'partition' => 'PARTITION BY tenant_id',
],
'saas_admin_audit_log' => [
'columns' => [
'id', 'admin_user_id', 'action', 'target_type', 'target_id',
'target_tenant_id', 'payload_before', 'payload_after', 'reason',
'ip_address', 'user_agent', 'requires_approval', 'approved_by', 'approved_at',
'__log_hash__', 'created_at',
],
'partition' => '',
],
];
/**
* Build ROW(col1, col2, ..., NULL::bytea, ..., coln) with NULL::bytea at log_hash position.
*
* @throws InvalidArgumentException if table is not registered in TABLES
*/
public static function rowExpression(string $table): string
{
if (! isset(self::TABLES[$table])) {
throw new InvalidArgumentException(
"Table '{$table}' is not registered in AuditChainConfig::TABLES"
);
}
$parts = [];
foreach (self::TABLES[$table]['columns'] as $col) {
$parts[] = ($col === '__log_hash__') ? 'NULL::bytea' : "t.{$col}";
}
return 'ROW('.implode(', ', $parts).')';
}
}
app/app/Services/Billing/LedgerService.php
-11
View File
@@ -56,17 +56,6 @@ final class LedgerService
);
$priceKopecks = (int) $tier->price_per_lead_kopecks;
// R-03 (Stage 3 §4.3.1): frozen tenant must not receive new charges even
// if balance_rub > 0. Throwing here triggers the same auto-pause flow as
// InsufficientBalance — RouteSupplierLeadJob::handleInsufficientBalance
// flips projects.is_active=false and queues ZeroBalancePausedMail rate-limited.
if ($lockedTenant->frozen_by_balance_at !== null) {
throw new InsufficientBalanceException(
priceKopecks: $priceKopecks,
balanceRub: (string) $lockedTenant->balance_rub,
);
}
// bcmath: balance_rub × 100 ≥ priceKopecks — единственный путь списания.
// Billing v2 Spec A: prepaid-лиды убраны, balance_leads НЕ читается и НЕ изменяется.
$balanceKopecks = bcmul((string) $lockedTenant->balance_rub, '100', 0);
app/app/Services/LeadRouter.php
-4
View File
@@ -76,8 +76,6 @@ class LeadRouter
SELECT 1 FROM tenants
WHERE tenants.id = snap.tenant_id
AND tenants.balance_rub > 0
-- R-03: frozen tenant must not receive new leads (Stage 3 §4.3.1)
AND tenants.frozen_by_balance_at IS NULL
)
ORDER BY snap.tenant_id,
(snap.daily_limit - projects.delivered_today) DESC,
@@ -112,8 +110,6 @@ class LeadRouter
SELECT 1 FROM tenants
WHERE tenants.id = snap.tenant_id
AND tenants.balance_rub > 0
-- R-03: frozen tenant must not receive new leads (Stage 3 §4.3.1)
AND tenants.frozen_by_balance_at IS NULL
)
ORDER BY snap.tenant_id,
(snap.daily_limit - projects.delivered_today) DESC,
app/app/Services/Supplier/Import/SupplierProjectImporter.php
+1 -3
View File
@@ -178,11 +178,9 @@ class SupplierProjectImporter
]);
$createdProjects++;
// R-17 (Stage 4 §4.4.1): unified agnostic key — was per-platform divergence
// for SMS (B3 used sender alone, B2 sender+keyword) creating orphan rows.
$uniqueKey = SupplierProjectGrouping::buildUniqueKeyAgnostic($project);
foreach ($item['platforms'] as $pl) {
$platform = (string) $pl['platform'];
$uniqueKey = SupplierProjectGrouping::buildUniqueKey($project, $platform);
/** @var SupplierProject $sp */
$sp = SupplierProject::on(self::DB_CONNECTION)->firstOrCreate(
app/app/Services/Supplier/SupplierProjectGrouping.php
+31 -7
View File
@@ -19,14 +19,37 @@ use App\Models\Project;
final class SupplierProjectGrouping
{
/**
* Unique identifier key единая агностическая формула для всех платформ
* (Stage 4 §4.4.1 R-17, ранее разделялась на platform-specific buildUniqueKey:
* B3 использовал sender alone, B2 sender+keyword, что создавало orphan
* supplier_projects при rebalance шеринга мы не могли сопоставить B2/B3
* как одну группу):
* Строит unique_key для пары (project, platform):
* site/call signal_identifier (домен / телефон)
* sms B2 sender + '+' + keyword
* sms B3 sender
*
* Для ночного батч-джоба используйте buildUniqueKeyNoplatform() он
* выбирает B2-ключ автоматически при наличии keyword.
*/
public static function buildUniqueKey(Project $project, string $platform): string
{
if (in_array($project->signal_type, ['site', 'call'], true)) {
return (string) $project->signal_identifier;
}
// sms
$sender = (string) ($project->sms_senders[0] ?? '');
if ($platform === 'B2') {
return $sender.'+'.($project->sms_keyword ?? '');
}
// B3
return $sender;
}
/**
* Unique identifier key без привязки к конкретной платформе
* (для группировки в ночном батч-джобе):
* site/call signal_identifier
* sms+keyword sender+keyword
* sms без keyword sender
* sms+keyword sender+keyword (B2 ключ)
* sms без keyword sender (B3 ключ)
*/
public static function buildUniqueKeyAgnostic(Project $project): string
{
@@ -72,6 +95,7 @@ final class SupplierProjectGrouping
public static function subjectsOf(Project $project): array
{
$regions = array_values((array) $project->regions);
// @phpstan-ignore-next-line identical.alwaysFalse — PostgresIntArray PHPDoc non-empty, runtime can be empty
if (count($regions) === 0) {
return [null];
}
app/bootstrap/app.php
+6 -39
View File
@@ -8,7 +8,6 @@ use Illuminate\Foundation\Configuration\Exceptions;
use Illuminate\Foundation\Configuration\Middleware;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Log;
use Illuminate\Validation\ValidationException;
return Application::configure(basePath: dirname(__DIR__))
->withRouting(
@@ -34,43 +33,12 @@ return Application::configure(basePath: dirname(__DIR__))
]);
})
->withExceptions(function (Exceptions $exceptions): void {
// Reduce verbosity of constraint-violation logging (SQLSTATE 23xxx):
// data-validity errors do not need a full stack trace в laravel.log.
// Incident 2026-05-29: 420k повторов B1+SMS check_violation накопили
// 8.7 GB stack traces → disk full → 4h prod downtime.
// Solution: log a warning summary с sqlstate, return false to stop
// default reporting (which would write full stack trace).
// Ref: docs/incidents/2026-05-29-disk-full-pg-recovery.md §5
$exceptions->reportable(function (QueryException $e) {
$sqlState = $e->errorInfo[0] ?? '';
if (is_string($sqlState) && str_starts_with($sqlState, '23')) {
Log::warning('db.constraint_violation', [
'sqlstate' => $sqlState,
'message' => mb_substr($e->getMessage(), 0, 200),
]);
return false; // skip default reporting (no stack trace в laravel.log)
}
return null; // continue default reporting для non-constraint QueryExceptions
});
$exceptions->render(function (QueryException $e, Request $request) {
$sqlState = $e->errorInfo[0] ?? '';
$isConstraintViolation = is_string($sqlState) && str_starts_with($sqlState, '23');
if (! $isConstraintViolation) {
// Default verbose log для non-constraint QueryExceptions (table missing,
// syntax error, etc. — these are bugs needing investigation).
Log::error('db.query_exception', [
'message' => $e->getMessage(),
'sql' => $e->getSql(),
'path' => $request->path(),
]);
}
// Constraint violations уже залогированы в reportable() выше как warning,
// дублировать не нужно.
Log::error('db.query_exception', [
'message' => $e->getMessage(),
'sql' => $e->getSql(),
'path' => $request->path(),
]);
if ($request->expectsJson()) {
return response()->json([
'message' => 'Не удалось сохранить. Проверьте данные или попробуйте ещё раз.',
@@ -84,14 +52,13 @@ return Application::configure(basePath: dirname(__DIR__))
// Without this render, Laravel's default ValidationException handler returns
// 302 redirect to /, which strips POST body — losing supplier leads.
// Confirmed 2026-05-25: 76 of 234 webhook hits today got 302 instead of 422.
$exceptions->render(function (ValidationException $e, Request $request) {
$exceptions->render(function (\Illuminate\Validation\ValidationException $e, Request $request) {
if ($request->is('api/webhook/supplier/*')) {
return response()->json([
'message' => 'Validation failed',
'errors' => $e->errors(),
], 422);
}
return null; // default render for other routes
});
})->create();
app/database/migrations/2026_05_30_000001_add_advisory_lock_to_audit_chain_hash.php
-91
View File
@@ -1,91 +0,0 @@
<?php
declare(strict_types=1);
use Illuminate\Database\Migrations\Migration;
use Illuminate\Support\Facades\DB;
/**
* Adds per-partition advisory lock to audit_chain_hash() trigger function.
*
* Root cause: concurrent INSERT workers (e.g. supplier-webhook handlers) all
* read the same prev_hash before any of them commits multiple rows derive
* their hash from the same predecessor hash chain branches validator finds
* mismatches (Finding 1 from Stage-5 Day-1 monitoring).
*
* Fix: derive a bigint lock key from the physical partition OID (TG_RELID).
* pg_advisory_xact_lock() serialises concurrent INSERTs into the SAME partition
* without blocking INSERTs to other partitions (distinct OIDs distinct keys).
* The lock is automatically released at transaction end.
*
* Hash formula: unchanged (verbatim from db/schema.sql:3107-3127):
* digest(COALESCE(prev_hash, ''::bytea) || NEW::text::bytea, 'sha256')
*
* Ref: docs/superpowers/plans/2026-05-29-audit-chain-race-fix.md Task 2
*/
return new class extends Migration
{
public function up(): void
{
DB::statement(<<<'SQL'
CREATE OR REPLACE FUNCTION public.audit_chain_hash() RETURNS trigger AS $$
DECLARE
prev_hash BYTEA;
lock_key BIGINT;
BEGIN
-- Derive a partition-specific advisory lock key from the physical
-- table OID (TG_RELID). Each child partition has a distinct OID,
-- so concurrent INSERTs to DIFFERENT partitions do not block each
-- other, while concurrent INSERTs to the SAME partition are
-- serialised preventing the race that branches the hash chain.
lock_key := ('x' || lpad(to_hex(TG_RELID::int), 16, '0'))::bit(64)::bigint;
PERFORM pg_advisory_xact_lock(lock_key);
-- Берём log_hash последней строки этой таблицы. NULL для первой записи.
-- TG_TABLE_NAME имя таблицы, через которое триггер сработал; используем
-- format/EXECUTE для полиморфности.
EXECUTE format(
'SELECT log_hash FROM %I ORDER BY id DESC LIMIT 1',
TG_TABLE_NAME
) INTO prev_hash;
-- log_hash = sha256(prev_hash || NEW::text). Если prev_hash NULL берём
-- пустую байтовую строку (первая запись цепочки).
NEW.log_hash := digest(
COALESCE(prev_hash, ''::bytea) || NEW::text::bytea,
'sha256'
);
RETURN NEW;
END;
$$ LANGUAGE plpgsql;
SQL);
}
public function down(): void
{
// Restore verbatim original from db/schema.sql:3107-3127 (without advisory lock).
DB::statement(<<<'SQL'
CREATE OR REPLACE FUNCTION public.audit_chain_hash() RETURNS trigger AS $$
DECLARE
prev_hash BYTEA;
BEGIN
-- Берём log_hash последней строки этой таблицы. NULL для первой записи.
-- TG_TABLE_NAME имя таблицы, через которое триггер сработал; используем
-- format/EXECUTE для полиморфности.
EXECUTE format(
'SELECT log_hash FROM %I ORDER BY id DESC LIMIT 1',
TG_TABLE_NAME
) INTO prev_hash;
-- log_hash = sha256(prev_hash || NEW::text). Если prev_hash NULL берём
-- пустую байтовую строку (первая запись цепочки).
NEW.log_hash := digest(
COALESCE(prev_hash, ''::bytea) || NEW::text::bytea,
'sha256'
);
RETURN NEW;
END;
$$ LANGUAGE plpgsql;
SQL);
}
};
app/deptrac.yaml
+1 -4
View File
@@ -41,9 +41,6 @@ deptrac:
Request: [Rule, Model]
Resource: [Model]
Rule: [Model]
# Mail может зависеть от Service value objects (PreflightResult и аналоги) —
# это legit dependency: template needs data DTO от Service для рендера.
# Decision: ADR-005 amend 2026-05-29 (incident-followup cleanup).
Mail: [Model, Service]
Mail: [Model]
Model: []
Provider: [Controller, Service, Job, Console, Repository, Model, Mail, Middleware, Request, Resource, Rule, Exception]
app/phpstan-baseline.neon
+2 -362
View File
@@ -51,7 +51,7 @@ parameters:
-
message: '#^Using nullsafe method call on non\-nullable type Illuminate\\Support\\Carbon\. Use \-\> instead\.$#'
identifier: nullsafe.neverNull
count: 6
count: 5
path: app/Http/Controllers/Api/DealController.php
-
@@ -84,24 +84,6 @@ parameters:
count: 1
path: app/Http/Middleware/SetTenantContext.php
-
message: '#^Access to an undefined property App\\Http\\Resources\\ProjectResource\:\:\$applies_from\.$#'
identifier: property.notFound
count: 1
path: app/Http/Resources/ProjectResource.php
-
message: '#^Parameter \#1 \$array \(non\-empty\-list\<int\>\) of array_values is already a list, call has no effect\.$#'
identifier: arrayValues.list
count: 1
path: app/Jobs/Supplier/SyncSupplierProjectsJob.php
-
message: '#^Parameter \#1 \$column of method Illuminate\\Database\\Eloquent\\Builder\<App\\Models\\Project\>\:\:where\(\) expects array\<int\|model property of App\\Models\\Project, mixed\>\|\(Closure\(Illuminate\\Database\\Eloquent\\Builder\<App\\Models\\Project\>\)\: Illuminate\\Database\\Eloquent\\Builder\<App\\Models\\Project\>\)\|\(Closure\(Illuminate\\Database\\Eloquent\\Builder\<App\\Models\\Project\>\)\: void\)\|Illuminate\\Contracts\\Database\\Query\\Expression\|model property of App\\Models\\Project, ''snap\.snapshot_date'' given\.$#'
identifier: argument.type
count: 1
path: app/Jobs/Supplier/SyncSupplierProjectsJob.php
-
message: '#^Using nullsafe property access "\?\-\>name" on left side of \?\? is unnecessary\. Use \-\> instead\.$#'
identifier: nullsafe.neverNull
@@ -120,12 +102,6 @@ parameters:
count: 1
path: app/Services/NotificationService.php
-
message: '#^Access to an undefined property App\\Models\\Project\:\:\$applies_from\.$#'
identifier: property.notFound
count: 1
path: app/Services/Project/ProjectService.php
-
message: '#^Match expression does not handle remaining value\: string$#'
identifier: match.unhandled
@@ -144,90 +120,6 @@ parameters:
count: 1
path: app/Services/Supplier/Channel/AjaxProjectChannel.php
-
message: '#^Class NunoMaduro\\PhpInsights\\Domain\\Insights\\ForbiddenDefineFunctions not found\.$#'
identifier: class.notFound
count: 1
path: config/insights.php
-
message: '#^Class NunoMaduro\\PhpInsights\\Domain\\Insights\\ForbiddenFinalClasses not found\.$#'
identifier: class.notFound
count: 1
path: config/insights.php
-
message: '#^Class NunoMaduro\\PhpInsights\\Domain\\Insights\\ForbiddenNormalClasses not found\.$#'
identifier: class.notFound
count: 1
path: config/insights.php
-
message: '#^Class NunoMaduro\\PhpInsights\\Domain\\Insights\\ForbiddenPrivateMethods not found\.$#'
identifier: class.notFound
count: 1
path: config/insights.php
-
message: '#^Class NunoMaduro\\PhpInsights\\Domain\\Insights\\ForbiddenTraits not found\.$#'
identifier: class.notFound
count: 1
path: config/insights.php
-
message: '#^Class NunoMaduro\\PhpInsights\\Domain\\Insights\\SyntaxCheck not found\.$#'
identifier: class.notFound
count: 1
path: config/insights.php
-
message: '#^Class NunoMaduro\\PhpInsights\\Domain\\Metrics\\Architecture\\Classes not found\.$#'
identifier: class.notFound
count: 1
path: config/insights.php
-
message: '#^Class SlevomatCodingStandard\\Sniffs\\Commenting\\UselessFunctionDocCommentSniff not found\.$#'
identifier: class.notFound
count: 1
path: config/insights.php
-
message: '#^Class SlevomatCodingStandard\\Sniffs\\Namespaces\\AlphabeticallySortedUsesSniff not found\.$#'
identifier: class.notFound
count: 1
path: config/insights.php
-
message: '#^Class SlevomatCodingStandard\\Sniffs\\TypeHints\\DeclareStrictTypesSniff not found\.$#'
identifier: class.notFound
count: 1
path: config/insights.php
-
message: '#^Class SlevomatCodingStandard\\Sniffs\\TypeHints\\DisallowMixedTypeHintSniff not found\.$#'
identifier: class.notFound
count: 1
path: config/insights.php
-
message: '#^Class SlevomatCodingStandard\\Sniffs\\TypeHints\\ParameterTypeHintSniff not found\.$#'
identifier: class.notFound
count: 1
path: config/insights.php
-
message: '#^Class SlevomatCodingStandard\\Sniffs\\TypeHints\\PropertyTypeHintSniff not found\.$#'
identifier: class.notFound
count: 1
path: config/insights.php
-
message: '#^Class SlevomatCodingStandard\\Sniffs\\TypeHints\\ReturnTypeHintSniff not found\.$#'
identifier: class.notFound
count: 1
path: config/insights.php
-
message: '#^Return type \(array\<string, mixed\>\) of method Database\\Factories\\BalanceTransactionFactory\:\:definition\(\) should be compatible with return type \(array\<model property of App\\Models\\BalanceTransaction, mixed\>\) of method Illuminate\\Database\\Eloquent\\Factories\\Factory\<App\\Models\\BalanceTransaction\>\:\:definition\(\)$#'
identifier: method.childReturnType
@@ -264,12 +156,6 @@ parameters:
count: 1
path: database/factories/UserFactory.php
-
message: '#^Offset ''SnapshotProjectRout…'' on null in isset\(\) does not exist\.$#'
identifier: isset.offset
count: 1
path: routes/console.php
-
message: '#^Offset ''projects\:reset…'' on null in isset\(\) does not exist\.$#'
identifier: isset.offset
@@ -558,18 +444,6 @@ parameters:
count: 3
path: tests/Feature/ApiKeyControllerTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:artisan\(\)\.$#'
identifier: method.notFound
count: 1
path: tests/Feature/Audit/AuditChainRaceConditionTest.php
-
message: '#^Using nullsafe property access "\?\-\>cnt" on left side of \?\? is unnecessary\. Use \-\> instead\.$#'
identifier: nullsafe.neverNull
count: 1
path: tests/Feature/Audit/AuditRebuildChainTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:actingAs\(\)\.$#'
identifier: method.notFound
@@ -846,36 +720,6 @@ parameters:
count: 6
path: tests/Feature/Auth/UpdateProfileTest.php
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$tenant\.$#'
identifier: property.notFound
count: 7
path: tests/Feature/Billing/BalanceStatusTest.php
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$user\.$#'
identifier: property.notFound
count: 1
path: tests/Feature/Billing/BalanceStatusTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:actingAs\(\)\.$#'
identifier: method.notFound
count: 1
path: tests/Feature/Billing/BalanceStatusTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:getJson\(\)\.$#'
identifier: method.notFound
count: 6
path: tests/Feature/Billing/BalanceStatusTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:seed\(\)\.$#'
identifier: method.notFound
count: 1
path: tests/Feature/Billing/BalanceStatusTest.php
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$tenant\.$#'
identifier: property.notFound
@@ -906,16 +750,10 @@ parameters:
count: 1
path: tests/Feature/Billing/BillingOverviewControllerTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:artisan\(\)\.$#'
identifier: method.notFound
count: 1
path: tests/Feature/Billing/BillingPreflightInitialSweepTest.php
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$ledger\.$#'
identifier: property.notFound
count: 9
count: 8
path: tests/Feature/Billing/LedgerServiceTest.php
-
@@ -930,12 +768,6 @@ parameters:
count: 6
path: tests/Feature/Billing/PricingTierRepositoryTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:actingAs\(\)\.$#'
identifier: method.notFound
count: 4
path: tests/Feature/Billing/ProjectPreflightTest.php
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$tenant\.$#'
identifier: property.notFound
@@ -1044,30 +876,6 @@ parameters:
count: 1
path: tests/Feature/Console/ResetMonthlyCountersCommandTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:artisan\(\)\.$#'
identifier: method.notFound
count: 3
path: tests/Feature/Console/SnapshotBackfillCommandTest.php
-
message: '#^Static method Carbon\\Carbon\:\:setTestNow\(\) invoked with 2 parameters, 0\-1 required\.$#'
identifier: arguments.count
count: 2
path: tests/Feature/Console/SnapshotBackfillCommandTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:artisan\(\)\.$#'
identifier: method.notFound
count: 2
path: tests/Feature/Console/SnapshotRebuildCommandTest.php
-
message: '#^Static method Carbon\\Carbon\:\:setTestNow\(\) invoked with 2 parameters, 0\-1 required\.$#'
identifier: arguments.count
count: 2
path: tests/Feature/Console/SnapshotRebuildCommandTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:artisan\(\)\.$#'
identifier: method.notFound
@@ -1488,12 +1296,6 @@ parameters:
count: 5
path: tests/Feature/EndpointAuthHardeningTest.php
-
message: '#^Access to an undefined property App\\Models\\Project\:\:\$applies_from\.$#'
identifier: property.notFound
count: 1
path: tests/Feature/Http/Resources/ProjectResourceAppliesFromTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:postJson\(\)\.$#'
identifier: method.notFound
@@ -1506,18 +1308,6 @@ parameters:
count: 2
path: tests/Feature/Http/Webhook/SupplierWebhookTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:call\(\)\.$#'
identifier: method.notFound
count: 2
path: tests/Feature/Http/Webhook/SupplierWebhookValidationFormatTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:postJson\(\)\.$#'
identifier: method.notFound
count: 1
path: tests/Feature/Http/Webhook/SupplierWebhookValidationFormatTest.php
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$adminId\.$#'
identifier: property.notFound
@@ -1632,12 +1422,6 @@ parameters:
count: 8
path: tests/Feature/Incidents/IncidentsWatchFailuresExpandedTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:artisan\(\)\.$#'
identifier: method.notFound
count: 5
path: tests/Feature/Incidents/SingleLeadStormTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:postJson\(\)\.$#'
identifier: method.notFound
@@ -1650,48 +1434,12 @@ parameters:
count: 1
path: tests/Feature/Integration/SupplierLeadFlowTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:seed\(\)\.$#'
identifier: method.notFound
count: 1
path: tests/Feature/Jobs/RouteSupplierLeadJobSnapshotTest.php
-
message: '#^Static method Carbon\\Carbon\:\:setTestNow\(\) invoked with 2 parameters, 0\-1 required\.$#'
identifier: arguments.count
count: 2
path: tests/Feature/Jobs/RouteSupplierLeadJobSnapshotTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:seed\(\)\.$#'
identifier: method.notFound
count: 1
path: tests/Feature/Jobs/RouteSupplierLeadJobTest.php
-
message: '#^Static method Carbon\\Carbon\:\:setTestNow\(\) invoked with 2 parameters, 0\-1 required\.$#'
identifier: arguments.count
count: 1
path: tests/Feature/Jobs/SnapshotProjectRoutingJobTest.php
-
message: '#^Static method Carbon\\Carbon\:\:setTestNow\(\) invoked with 2 parameters, 0\-1 required\.$#'
identifier: arguments.count
count: 4
path: tests/Feature/Jobs/Supplier/SyncSupplierProjectsJobSnapshotTest.php
-
message: '#^Static method Carbon\\Carbon\:\:setTestNow\(\) invoked with 2 parameters, 0\-1 required\.$#'
identifier: arguments.count
count: 1
path: tests/Feature/LeadRouter/FrozenFilterTest.php
-
message: '#^Static method Carbon\\Carbon\:\:setTestNow\(\) invoked with 2 parameters, 0\-1 required\.$#'
identifier: arguments.count
count: 4
path: tests/Feature/LeadRouter/SnapshotRoutingTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:getJson\(\)\.$#'
identifier: method.notFound
@@ -2268,24 +2016,6 @@ parameters:
count: 3
path: tests/Feature/Security/WebhookUrlChangeAuditTest.php
-
message: '#^Access to an undefined property App\\Models\\Project\:\:\$applies_from\.$#'
identifier: property.notFound
count: 5
path: tests/Feature/Services/Project/ProjectServiceAppliesFromTest.php
-
message: '#^Static method Carbon\\Carbon\:\:setTestNow\(\) invoked with 2 parameters, 0\-1 required\.$#'
identifier: arguments.count
count: 4
path: tests/Feature/Services/Project/ProjectServiceAppliesFromTest.php
-
message: '#^Static method Carbon\\Carbon\:\:setTestNow\(\) invoked with 2 parameters, 0\-1 required\.$#'
identifier: arguments.count
count: 5
path: tests/Feature/Services/Project/SupplierSnapshotGuardAppliesFromTest.php
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$project\.$#'
identifier: property.notFound
@@ -2334,48 +2064,12 @@ parameters:
count: 1
path: tests/Feature/Supplier/CsvReconcileJobTest.php
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$project\.$#'
identifier: property.notFound
count: 2
path: tests/Feature/Supplier/CsvWebhookRaceTest.php
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$sp\.$#'
identifier: property.notFound
count: 7
path: tests/Feature/Supplier/CsvWebhookRaceTest.php
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$tenant\.$#'
identifier: property.notFound
count: 8
path: tests/Feature/Supplier/CsvWebhookRaceTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:seed\(\)\.$#'
identifier: method.notFound
count: 1
path: tests/Feature/Supplier/CsvWebhookRaceTest.php
-
message: '#^Call to an undefined method Mockery\\ExpectationInterface\|Mockery\\HigherOrderMessage\:\:once\(\)\.$#'
identifier: method.notFound
count: 1
path: tests/Feature/Supplier/DeleteSupplierProjectJobTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:postJson\(\)\.$#'
identifier: method.notFound
count: 3
path: tests/Feature/Supplier/DirectPlatformTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:seed\(\)\.$#'
identifier: method.notFound
count: 1
path: tests/Feature/Supplier/DirectPlatformTest.php
-
message: '#^Call to an undefined method Mockery\\ExpectationInterface\|Mockery\\HigherOrderMessage\:\:andThrow\(\)\.$#'
identifier: method.notFound
@@ -2454,30 +2148,12 @@ parameters:
count: 1
path: tests/Feature/Supplier/SupplierProjectImporterTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:artisan\(\)\.$#'
identifier: method.notFound
count: 3
path: tests/Feature/Supplier/SupplierRekeyOrphansCommandTest.php
-
message: '#^Call to an undefined method App\\Services\\Supplier\\PlaywrightBridge\:\:shouldReceive\(\)\.$#'
identifier: method.notFound
count: 1
path: tests/Feature/Supplier/SupplierSessionRefreshCommandTest.php
-
message: '#^Access to an undefined property Pest\\PendingCalls\\TestCall\:\:\$sharedProject\.$#'
identifier: property.notFound
count: 7
path: tests/Feature/Supplier/SupplierWebhookFastFailTest.php
-
message: '#^Using nullsafe property access "\?\-\>error" on left side of \?\? is unnecessary\. Use \-\> instead\.$#'
identifier: nullsafe.neverNull
count: 2
path: tests/Feature/Supplier/SupplierWebhookFastFailTest.php
-
message: '#^Call to an undefined method Pest\\PendingCalls\\TestCall\:\:mock\(\)\.$#'
identifier: method.notFound
@@ -2598,42 +2274,6 @@ parameters:
count: 6
path: tests/Unit/Services/Pd/ImpersonationAuditServiceTest.php
-
message: '#^Call to an undefined method Mockery\\ExpectationInterface\|Mockery\\HigherOrderMessage\:\:once\(\)\.$#'
identifier: method.notFound
count: 2
path: tests/Unit/Services/Project/ProjectServiceGuardWiringTest.php
-
message: '#^Call to method PHPUnit\\Framework\\Assert\:\:assertTrue\(\) with true will always evaluate to true\.$#'
identifier: method.alreadyNarrowedType
count: 3
path: tests/Unit/Services/Project/ProjectServiceGuardWiringTest.php
-
message: '#^Parameter \#2 \$snapshotGuard of class App\\Services\\Project\\ProjectService constructor expects App\\Services\\Project\\SupplierSnapshotGuard, Mockery\\MockInterface given\.$#'
identifier: argument.type
count: 3
path: tests/Unit/Services/Project/ProjectServiceGuardWiringTest.php
-
message: '#^Call to an undefined method Mockery\\ExpectationInterface\|Mockery\\HigherOrderMessage\:\:with\(\)\.$#'
identifier: method.notFound
count: 1
path: tests/Unit/Services/Project/SupplierSnapshotGuardTest.php
-
message: '#^Call to method PHPUnit\\Framework\\Assert\:\:assertTrue\(\) with true will always evaluate to true\.$#'
identifier: method.alreadyNarrowedType
count: 1
path: tests/Unit/Services/Project/SupplierSnapshotGuardTest.php
-
message: '#^Property App\\Models\\IdeHelperProject\:\:\$paused_at \(Illuminate\\Support\\Carbon\|null\) does not accept Carbon\\CarbonImmutable\.$#'
identifier: assign.propertyType
count: 2
path: tests/Unit/Services/Project/SupplierSnapshotGuardTest.php
-
message: '#^Call to an undefined method App\\Services\\Supplier\\ProcessFactory\:\:shouldReceive\(\)\.$#'
identifier: method.notFound
app/public/build/assets/AdminBillingView-B0eWPfZY.css
+1
View File
@@ -0,0 +1 @@
.admin-billing[data-v-47839b68]{max-width:1400px}.page-title[data-v-47839b68]{font-variation-settings:"opsz" 28;letter-spacing:-.018em}.font-mono[data-v-47839b68]{font-family:JetBrains Mono,ui-monospace,monospace}.tabular[data-v-47839b68]{font-feature-settings:"tnum"}
app/public/build/assets/AdminBillingView-DqLA0Wys.js
+1
View File
File diff suppressed because one or more lines are too long
app/public/build/assets/AdminImpersonationView-D7wQ89EH.css
+1
View File
@@ -0,0 +1 @@
.admin-impersonation[data-v-95920034]{max-width:1440px}.page-head[data-v-95920034]{flex-wrap:wrap;justify-content:space-between;align-items:flex-start;gap:12px;display:flex}.page-title[data-v-95920034]{font-variation-settings:"opsz" 28;letter-spacing:-.018em}.num[data-v-95920034]{font-feature-settings:"tnum";font-family:JetBrains Mono,ui-monospace,monospace;font-weight:500}.reason-cell[data-v-95920034]{white-space:normal;color:#081319;max-width:320px;font-size:13px;line-height:1.4}
app/public/build/assets/AdminImpersonationView-DXdh8xoI.js
+1
View File
@@ -0,0 +1 @@
import{$r as e,An as t,Fn as n,Ln as r,On as i,Pn as a,Qn as o,S as s,Xn as c,br as l,er as u,jn as d,kn as f,t as p,ur as m,wn as h}from"./VBtn-jqIH42oB.js";import{r as g}from"./client-DciL1iD_.js";import{t as _}from"./VCard-C989ornn.js";import{t as v}from"./VContainer-C5vy10SJ.js";import{L as y,Q as b,X as x,Y as S,pt as C}from"./app-B35roqUp.js";import{t as w}from"./VTable-B_0j40S4.js";var T={class:`page-head mb-4`},E={class:`text-h6 mb-3`},D={key:0,class:`text-center py-4`},O={key:1,class:`text-medium-emphasis text-center py-4`,"data-testid":`active-empty`},k={class:`num`},A={class:`text-caption`},j={class:`reason-cell`},M={class:`num text-medium-emphasis`},N={class:`num text-medium-emphasis`},P={class:`text-end`},F={class:`text-h6 mb-3`},I={key:0,class:`text-center py-4`},L={key:1,class:`text-medium-emphasis text-center py-4`,"data-testid":`recent-empty`},R={class:`num`},z={class:`reason-cell`},B={class:`num`},V={class:`num text-medium-emphasis`},H=C(r({__name:`AdminImpersonationView`,setup(r,{expose:C}){let H=l([]),U=l([]),W=l(!1),G=l(!1),K=l(null),q=l(null);async function J(){W.value=!0;try{H.value=await S()}catch(e){K.value=g(e,`Не удалось загрузить активные сессии.`)}finally{W.value=!1}}async function Y(){G.value=!0;try{U.value=await b()}catch(e){K.value=g(e,`Не удалось загрузить недавние сессии.`)}finally{G.value=!1}}async function X(e){q.value=e;try{await x(e),await Promise.all([J(),Y()])}catch(e){K.value=g(e,`Не удалось завершить сессию.`)}finally{q.value=null}}function Z(e){return new Date(e).toLocaleString(`ru-RU`,{dateStyle:`short`,timeStyle:`short`})}function Q(e){return e===null?``:e<60?`${e} сек`:e<3600?`${Math.floor(e/60)} мин ${e%60} сек`:`${Math.floor(e/3600)} ч ${Math.floor(e%3600/60)} мин`}function $(e){let t=new Date(e).getTime()-Date.now();if(t<=0)return`истёк`;let n=Math.floor(t/6e4);return n<60?`через ${n} мин`:`через ${Math.floor(n/60)} ч`}return c(()=>{J(),Y()}),C({active:H,recent:U,loadActive:J,loadRecent:Y,endSession:X}),(r,c)=>(o(),f(v,{fluid:``,class:`admin-impersonation pa-6`},{default:m(()=>[i(`header`,T,[c[2]||=i(`div`,null,[i(`h1`,{class:`text-h4 page-title`},`Impersonation`),i(`p`,{class:`text-body-2 text-medium-emphasis ma-0`},`Активные сессии «вход как клиент» (Ю-1 / ТЗ §22.7).`)],-1),n(p,{variant:`outlined`,size:`small`,"prepend-icon":`mdi-refresh`,loading:W.value,"data-testid":`refresh-btn`,onClick:c[0]||=e=>{J(),Y()}},{default:m(()=>[...c[1]||=[a(` Обновить `,-1)]]),_:1},8,[`loading`])]),K.value?(o(),f(y,{key:0,type:`error`,variant:`tonal`,density:`compact`,class:`mb-4`,"data-testid":`error-alert`},{default:m(()=>[a(e(K.value),1)]),_:1})):t(``,!0),n(_,{variant:`outlined`,class:`pa-4 mb-4`,"data-testid":`active-section`},{default:m(()=>[i(`h2`,E,`Активные (`+e(H.value.length)+`)`,1),W.value?(o(),d(`div`,D,[n(s,{indeterminate:``,color:`primary`})])):H.value.length===0?(o(),d(`div`,O,` Нет активных impersonation-сессий. `)):(o(),f(w,{key:2,density:`comfortable`},{default:m(()=>[c[4]||=i(`thead`,null,[i(`tr`,null,[i(`th`,null,`Тенант`),i(`th`,null,`Admin ID`),i(`th`,null,`Email клиента`),i(`th`,null,`Основание`),i(`th`,null,`Активна с`),i(`th`,null,`TTL`),i(`th`,{class:`text-end`},`Действие`)])],-1),i(`tbody`,null,[(o(!0),d(h,null,u(H.value,t=>(o(),d(`tr`,{key:t.token_id,"data-testid":`active-row`},[i(`td`,null,e(t.tenant_name??`#${t.tenant_id}`),1),i(`td`,k,e(t.requested_by),1),i(`td`,A,e(t.sent_to_email),1),i(`td`,j,e(t.reason),1),i(`td`,M,e(Z(t.used_at)),1),i(`td`,N,e($(t.expires_at)),1),i(`td`,P,[n(p,{size:`small`,color:`error`,variant:`tonal`,"prepend-icon":`mdi-stop-circle-outline`,loading:q.value===t.token_id,"data-testid":`end-btn-${t.token_id}`,onClick:e=>X(t.token_id)},{default:m(()=>[...c[3]||=[a(` Завершить `,-1)]]),_:1},8,[`loading`,`data-testid`,`onClick`])])]))),128))])]),_:1}))]),_:1}),n(_,{variant:`outlined`,class:`pa-4`,"data-testid":`recent-section`},{default:m(()=>[i(`h2`,F,`Недавно завершённые (`+e(U.value.length)+`)`,1),G.value?(o(),d(`div`,I,[n(s,{indeterminate:``,color:`primary`})])):U.value.length===0?(o(),d(`div`,L,` История impersonation-сессий пуста. `)):(o(),f(w,{key:2,density:`comfortable`},{default:m(()=>[c[5]||=i(`thead`,null,[i(`tr`,null,[i(`th`,null,`Тенант`),i(`th`,null,`Admin`),i(`th`,null,`Основание`),i(`th`,null,`Длилась`),i(`th`,null,`Завершена`)])],-1),i(`tbody`,null,[(o(!0),d(h,null,u(U.value,t=>(o(),d(`tr`,{key:t.token_id,"data-testid":`recent-row`},[i(`td`,null,e(t.tenant_name??`#${t.tenant_id}`),1),i(`td`,R,e(t.requested_by),1),i(`td`,z,e(t.reason),1),i(`td`,B,e(Q(t.duration_seconds)),1),i(`td`,V,e(Z(t.session_ended_at)),1)]))),128))])]),_:1}))]),_:1})]),_:1}))}}),[[`__scopeId`,`data-v-95920034`]]);export{H as default};
app/public/build/assets/AdminIncidentDetailView-DvZ69rza.js
+1
View File
File diff suppressed because one or more lines are too long
app/public/build/assets/AdminIncidentDetailView-JH5lrO6K.css
+1
View File
@@ -0,0 +1 @@
.incident-detail[data-v-ce603457]{max-width:1200px}.font-mono[data-v-ce603457]{font-family:JetBrains Mono,ui-monospace,monospace}
app/public/build/assets/AdminIncidentsView-CmDEvdvf.js
+1
View File
File diff suppressed because one or more lines are too long
app/public/build/assets/AdminIncidentsView-DdSQkXsx.css
+1
View File
@@ -0,0 +1 @@
.admin-incidents[data-v-046c45ba]{max-width:1200px}.page-title[data-v-046c45ba]{font-variation-settings:"opsz" 28;letter-spacing:-.018em}.incident-row[data-v-046c45ba]{border-bottom:1px solid #e1eeea;padding-block:12px}.incident-row[data-v-046c45ba]:last-child{border-bottom:none}.incident-header[data-v-046c45ba]{flex-wrap:wrap;align-items:center;display:flex}.font-mono[data-v-046c45ba]{font-family:JetBrains Mono,ui-monospace,monospace}
app/public/build/assets/AdminPdSubjectRequestsView-BoImbI5d.css
+1
View File
@@ -0,0 +1 @@
.admin-pd[data-v-319667ee]{max-width:1200px}.page-title[data-v-319667ee]{font-variation-settings:"opsz" 28;letter-spacing:-.018em}.font-mono[data-v-319667ee]{font-family:JetBrains Mono,ui-monospace,monospace}
app/public/build/assets/AdminPdSubjectRequestsView-D5RiX34V.js
+1
View File
File diff suppressed because one or more lines are too long
app/public/build/assets/AdminPricingTiersView-Ch5M4gDR.css
+1
View File
@@ -0,0 +1 @@
.numeric-tnum[data-v-e2a92351] td{font-feature-settings:"tnum";font-family:JetBrains Mono,monospace}.editor-table[data-v-e2a92351]{border-collapse:collapse;width:100%}.editor-table th[data-v-e2a92351],.editor-table td[data-v-e2a92351]{border-bottom:1px solid #0000000f;padding:8px 12px}
app/public/build/assets/AdminPricingTiersView-TfDK6oBs.js
+1
View File
File diff suppressed because one or more lines are too long
app/public/build/assets/AdminSupplierIntegrationView-Chul0FzX.js
+1
View File
File diff suppressed because one or more lines are too long
app/public/build/assets/AdminSupplierPricesView-B9H2ax9o.js
+1
View File
@@ -0,0 +1 @@
import{$r as e,An as t,Fn as n,Ln as r,On as i,Pn as a,Qn as o,U as s,Un as c,Xn as l,br as u,jn as d,kn as f,t as p,ur as m,vr as h}from"./VBtn-jqIH42oB.js";import{r as g}from"./client-DciL1iD_.js";import{t as _}from"./VCard-C989ornn.js";import{t as v}from"./VDataTable-Dzc0CcJn.js";import{K as y,L as b,ct as x,n as S,pt as C}from"./app-B35roqUp.js";import{t as w}from"./VTooltip-B_F7vkTJ.js";import{t as T}from"./VSnackbar-CYtcr--G.js";import{t as E}from"./VSwitch-DWOKnc9M.js";var D={class:`admin-supplier-prices-view`},O={class:`d-flex flex-column align-end ga-1`},k=C(r({__name:`AdminSupplierPricesView`,setup(r,{expose:C}){let k=u([]),A=h({}),j=h({}),M=u(null),N=u(!1),P=u(``),F=[{title:`Code`,key:`code`,sortable:!1,width:80},{title:`Name`,key:`name`,sortable:!1},{title:`Cost (₽)`,key:`cost_rub`,sortable:!1,width:140},{title:`Quality`,key:`quality_score`,sortable:!1,width:100},{title:`Active`,key:`is_active`,sortable:!1,width:100},{title:`Действия`,key:`actions`,sortable:!1,width:120}];async function I(){M.value=null;try{k.value=await y()}catch(e){M.value=g(e,`Не удалось загрузить список поставщиков.`)}}async function L(e){A[e.id]=!0,delete j[e.id];try{await x(e.id,{cost_rub:e.cost_rub,quality_score:e.quality_score,is_active:e.is_active}),P.value=`Сохранено: ${e.name} (${e.code}).`,N.value=!0}catch(t){j[e.id]=g(t,`Не удалось сохранить изменения.`)}finally{A[e.id]=!1}}return l(I),C({load:I,save:L,suppliers:k,saving:A,errorMessages:j,fetchError:M,successToastOpen:N,successToastText:P}),(r,l)=>(o(),d(`div`,D,[l[4]||=i(`h1`,{class:`text-h4 mb-6`},`Цены поставщиков (закупка)`,-1),M.value?(o(),f(b,{key:0,type:`warning`,variant:`tonal`,class:`mb-4`,density:`compact`,"data-testid":`suppliers-fetch-error`,closable:``,"onClick:close":l[0]||=e=>M.value=null},{default:m(()=>[a(e(M.value),1)]),_:1})):t(``,!0),n(_,{elevation:`1`},{default:m(()=>[n(v,{headers:F,items:k.value,density:`comfortable`,class:`numeric-tnum`},{"item.cost_rub":m(({item:e})=>[n(S,{modelValue:e.cost_rub,"onUpdate:modelValue":t=>e.cost_rub=t,type:`number`,step:`0.01`,min:`0`,density:`compact`,"hide-details":``,variant:`plain`,"aria-label":`Cost (₽) для ${e.name}`},null,8,[`modelValue`,`onUpdate:modelValue`,`aria-label`])]),"item.quality_score":m(({item:e})=>[n(S,{modelValue:e.quality_score,"onUpdate:modelValue":t=>e.quality_score=t,type:`number`,step:`0.01`,min:`0`,max:`9.99`,density:`compact`,"hide-details":``,variant:`plain`,"aria-label":`Quality для ${e.name}`},null,8,[`modelValue`,`onUpdate:modelValue`,`aria-label`])]),"item.is_active":m(({item:e})=>[n(E,{modelValue:e.is_active,"onUpdate:modelValue":t=>e.is_active=t,"hide-details":``,inset:``,density:`compact`,"aria-label":`Active для ${e.name}`},null,8,[`modelValue`,`onUpdate:modelValue`,`aria-label`])]),"item.actions":m(({item:r})=>[i(`div`,O,[n(p,{size:`small`,color:`primary`,loading:!!A[r.id],onClick:e=>L(r)},{default:m(()=>[...l[2]||=[a(` Сохранить `,-1)]]),_:1},8,[`loading`,`onClick`]),j[r.id]?(o(),f(w,{key:0,location:`left`},{activator:m(({props:e})=>[n(s,c(e,{color:`error`,size:`small`,"data-testid":`supplier-error-${r.id}`}),{default:m(()=>[...l[3]||=[a(` mdi-alert-circle `,-1)]]),_:1},16,[`data-testid`])]),default:m(()=>[i(`span`,null,e(j[r.id]),1)]),_:2},1024)):t(``,!0)])]),_:2},1032,[`items`])]),_:1}),n(T,{modelValue:N.value,"onUpdate:modelValue":l[1]||=e=>N.value=e,timeout:3e3,color:`success`,location:`bottom right`,"data-testid":`supplier-success-toast`},{default:m(()=>[a(e(P.value),1)]),_:1},8,[`modelValue`])]))}}),[[`__scopeId`,`data-v-21c7d181`]]);export{k as default};
app/public/build/assets/AdminSupplierPricesView-XXH1Td6l.css
+1
View File
@@ -0,0 +1 @@
.numeric-tnum[data-v-21c7d181] td{font-feature-settings:"tnum";font-family:JetBrains Mono,monospace}
app/public/build/assets/AdminSupplierProjectsView-DB0Z0gIY.js
+1
View File
File diff suppressed because one or more lines are too long
app/public/build/assets/AdminSystemView-BSik4B79.css
+1
View File
@@ -0,0 +1 @@
.font-mono[data-v-bf79a138]{font-feature-settings:"tnum";font-family:JetBrains Mono,ui-monospace,monospace}.value-block[data-v-bf79a138]{word-break:break-all;background:#f6f3ec;border-radius:4px;padding:6px 10px;font-size:13px}.diff-block[data-v-bf79a138]{flex-direction:column;gap:12px;display:flex}.diff-row[data-v-bf79a138]{flex-direction:column;gap:4px;display:flex}.diff-before[data-v-bf79a138]{color:#842029;background:#fde8e8;text-decoration:line-through}.diff-after[data-v-bf79a138]{color:#0a4029;background:#d8f1e6}.reason-block[data-v-bf79a138]{background:#fff8e6;border-left:3px solid #b88a00;border-radius:4px;padding:8px 12px;font-size:13px}.admin-system[data-v-fc62e5e5]{max-width:1100px}.page-title[data-v-fc62e5e5]{font-variation-settings:"opsz" 28;letter-spacing:-.018em}.setting-row[data-v-fc62e5e5]{border-bottom:1px solid #e1eeea;padding-block:12px}.setting-row[data-v-fc62e5e5]:last-child{border-bottom:none}.setting-header[data-v-fc62e5e5]{align-items:center;display:flex}.setting-key[data-v-fc62e5e5]{color:#081319;font-size:14px;font-weight:500}.setting-value[data-v-fc62e5e5]{background:#f6f3ec;border-radius:4px;padding:4px 8px;font-size:13px;display:inline-block}.font-mono[data-v-fc62e5e5]{font-family:JetBrains Mono,ui-monospace,monospace}
app/public/build/assets/AdminSystemView-DaHRPJEj.js
+1
View File
File diff suppressed because one or more lines are too long
app/public/build/assets/AdminTenantDetailView-X4eHZ8yW.css
+1
View File
@@ -0,0 +1 @@
.page-head[data-v-c9a2d228]{flex-direction:column;gap:12px;display:flex}.head-main[data-v-c9a2d228]{flex-wrap:wrap;justify-content:space-between;align-items:flex-start;gap:16px;display:flex}.page-title[data-v-c9a2d228]{font-variation-settings:"opsz" 28;letter-spacing:-.018em}.page-meta[data-v-c9a2d228]{flex-wrap:wrap;align-items:center;gap:6px;display:flex}.page-meta .sep[data-v-c9a2d228]{color:#6b6356}.head-actions[data-v-c9a2d228]{align-items:center;gap:12px;display:flex}.kpi-row[data-v-c9a2d228]{grid-template-columns:repeat(4,1fr);gap:12px;display:grid}@media (width<=960px){.kpi-row[data-v-c9a2d228]{grid-template-columns:repeat(2,1fr)}}.kpi-card[data-v-c9a2d228]{background:#fff}.kpi-label[data-v-c9a2d228]{text-transform:uppercase;letter-spacing:.05em}.kpi-value[data-v-c9a2d228]{color:#081319;margin-top:4px;font-size:24px}.kpi-sub[data-v-c9a2d228]{margin-top:4px}.num[data-v-c9a2d228],.num[data-v-17149fea]{font-feature-settings:"tnum";font-family:JetBrains Mono,ui-monospace,monospace;font-weight:500}.font-mono[data-v-17149fea]{font-family:JetBrains Mono,ui-monospace,monospace}.panel[data-v-17149fea]{background:#fff}.activity-list[data-v-17149fea]{margin:0;padding:0;list-style:none}.activity-item[data-v-17149fea]{border-bottom:1px solid #f0ede4;grid-template-columns:130px 1fr;gap:16px;padding:10px 0;display:grid}.activity-item[data-v-17149fea]:last-child{border-bottom:none}.act-event[data-v-17149fea]{margin-bottom:2px}.act-actor[data-v-17149fea]{margin-left:6px}.tenant-detail[data-v-770767cd]{max-width:1440px}
app/public/build/assets/AdminTenantDetailView-ZPlz8ZVI.js
+1
View File
File diff suppressed because one or more lines are too long
app/public/build/assets/AdminTenantsView-CHwbp1uX.css
+1
View File
@@ -0,0 +1 @@
.page-head[data-v-57e4b62a]{flex-wrap:wrap;justify-content:space-between;align-items:flex-start;gap:16px;display:flex}.page-title[data-v-57e4b62a]{font-variation-settings:"opsz" 28;letter-spacing:-.018em}.page-stats[data-v-57e4b62a]{flex-wrap:wrap;align-items:center;gap:6px;display:flex}.page-stats .sep[data-v-57e4b62a]{color:#6b6356}.num[data-v-57e4b62a]{font-feature-settings:"tnum";font-family:JetBrains Mono,ui-monospace,monospace;font-weight:500}.filter-bar[data-v-c327d3bb]{flex-wrap:wrap;align-items:center;gap:8px;display:flex}.search-input[data-v-c327d3bb]{flex:320px;max-width:360px}.panel[data-v-29e11ca8]{background:#fff}.num[data-v-29e11ca8]{font-feature-settings:"tnum";font-family:JetBrains Mono,ui-monospace,monospace;font-weight:500}.cell-tenant[data-v-29e11ca8]{padding:4px 0}.t-name[data-v-29e11ca8]{color:#081319;font-weight:500}.admin-tenants[data-v-36c2e556]{max-width:1440px}
app/public/build/assets/AdminTenantsView-DwwDbC1I.js
+1
View File
File diff suppressed because one or more lines are too long
app/public/build/assets/BillingView-DWfsgZde.css
+1
View File
File diff suppressed because one or more lines are too long
app/public/build/assets/BillingView-Dr1NZQba.js
+1
View File
File diff suppressed because one or more lines are too long
app/public/build/assets/DashboardView-Bfo3Jaos.css
+1
View File
@@ -0,0 +1 @@
.activity-chart[data-v-d6b06d1f]{background:#fff}.panel-head[data-v-d6b06d1f]{flex-wrap:wrap;justify-content:space-between;align-items:flex-start;gap:16px;display:flex}.panel-title[data-v-d6b06d1f]{font-variation-settings:"opsz" 18;letter-spacing:-.01em;color:#081319}.chart-wrap[data-v-d6b06d1f]{width:100%}.chart-wrap svg[data-v-d6b06d1f]{width:100%;height:220px;display:block}.chart-axis-y[data-v-d6b06d1f],.chart-axis-x[data-v-d6b06d1f]{fill:#66635c;font-family:JetBrains Mono,ui-monospace,monospace;font-size:11px}.chart-axis-x.today[data-v-d6b06d1f]{fill:#0f6e56;font-weight:600}.chart-legend[data-v-d6b06d1f]{color:#66635c;border-top:1px solid #f0ede4;gap:20px;padding-top:12px;font-size:12px;display:flex}.ldot[data-v-d6b06d1f]{vertical-align:-1px;border-radius:50%;width:10px;height:10px;margin-right:6px;display:inline-block}.ldot.received[data-v-d6b06d1f]{background:#0a1319}.ldot.paid[data-v-d6b06d1f]{background:#0f6e56}.ldot.refused[data-v-d6b06d1f]{background:#b94837}.funnel-chart[data-v-f4d15c97]{background:#fff}.panel-head[data-v-f4d15c97]{flex-wrap:wrap;justify-content:space-between;align-items:flex-start;gap:4px;display:flex}.panel-title[data-v-f4d15c97]{font-variation-settings:"opsz" 18;letter-spacing:-.01em;color:#081319}.funnel-bar[data-v-f4d15c97]{background:#f0ede4;border-radius:6px;height:12px;display:flex;overflow:hidden}.funnel-seg[data-v-f4d15c97]{height:100%;transition:filter .15s}.funnel-seg[data-v-f4d15c97]:hover{filter:brightness(1.1)}.funnel-list[data-v-f4d15c97]{border-top:1px solid #f0ede4;grid-template-columns:repeat(2,1fr);gap:8px 16px;margin-top:12px;display:grid}.funnel-list-item[data-v-f4d15c97]{grid-template-columns:12px 1fr auto;align-items:center;gap:10px;font-size:13px;display:grid}.dot[data-v-f4d15c97]{border-radius:50%;width:10px;height:10px}.name[data-v-f4d15c97]{color:#343c41}.qty[data-v-f4d15c97]{font-feature-settings:"tnum";color:#081319;font-family:JetBrains Mono,ui-monospace,monospace;font-weight:500}.page-head[data-v-7dc7f30a]{flex-wrap:wrap;justify-content:space-between;align-items:flex-start;gap:16px;display:flex}.page-greet[data-v-7dc7f30a]{font-variation-settings:"opsz" 28;letter-spacing:-.018em}.page-greet em[data-v-7dc7f30a]{font-style:normal;font-weight:600}.page-meta[data-v-7dc7f30a]{flex-wrap:wrap;align-items:center;gap:6px;display:flex}.page-meta .sep[data-v-7dc7f30a]{color:#6b6356}.num[data-v-7dc7f30a]{font-feature-settings:"tnum";font-family:JetBrains Mono,ui-monospace,monospace;font-weight:500}.kpi-card[data-v-c56e8e4f]{background:#fff;transition:border-color .15s;border-color:#d9d5cd!important}.kpi-card[data-v-c56e8e4f]:hover{border-color:#66635c!important}.kpi-label[data-v-c56e8e4f]{margin-bottom:8px;font-size:13px}.kpi-value[data-v-c56e8e4f]{font-feature-settings:"tnum";color:#081319;font-family:JetBrains Mono,ui-monospace,monospace;font-size:32px;font-weight:600;line-height:1.1}.kpi-unit[data-v-c56e8e4f]{color:#66635c;margin-left:2px;font-size:18px;font-weight:500}.kpi-foot[data-v-c56e8e4f]{flex-wrap:wrap;align-items:center;gap:4px;display:flex}.delta-up[data-v-c56e8e4f],.delta-down[data-v-c56e8e4f],.delta-neutral[data-v-c56e8e4f]{align-items:center;gap:2px;font-weight:500;display:inline-flex}.delta-up[data-v-c56e8e4f]{color:#1b6e3b}.delta-down[data-v-c56e8e4f]{color:#b83a3a}.balance-card[data-v-605b9eb2]{color:#fff;height:100%;background:#012019!important}.balance-row1[data-v-605b9eb2]{align-items:center;display:flex}.balance-label[data-v-605b9eb2]{text-transform:uppercase;letter-spacing:.06em;color:#7a8c87;font-family:JetBrains Mono,ui-monospace,monospace;font-size:12px}.balance-amount[data-v-605b9eb2]{margin-top:8px;font-size:32px;font-weight:600;line-height:1.1}.balance-amount .num[data-v-605b9eb2]{font-feature-settings:"tnum";color:#fff;letter-spacing:-.01em;font-family:JetBrains Mono,ui-monospace,monospace}.balance-amount .ru[data-v-605b9eb2]{color:#7a8c87;font-weight:500}.runway-bar[data-v-605b9eb2]{gap:4px;display:flex}.runway-fill[data-v-605b9eb2]{background:#ffffff14;border-radius:3px;flex:1;height:6px}.runway-fill.filled[data-v-605b9eb2]{background:#32c8a9}.runway-foot[data-v-605b9eb2]{color:#7a8c87;justify-content:space-between;margin-top:6px;font-family:JetBrains Mono,ui-monospace,monospace;display:flex}.runway-foot strong[data-v-605b9eb2]{color:#fff;font-weight:500}.runway-action[data-v-605b9eb2]{color:#32c8a9;text-decoration:none}.runway-action[data-v-605b9eb2]:hover{color:#fff}.dashboard[data-v-d996e311]{max-width:1440px}.ld-meta[data-v-d996e311]{color:#66635c;letter-spacing:.02em;align-items:center;gap:8px;font-size:12px;display:inline-flex}
app/public/build/assets/DashboardView-CUxEVoSd.js
+1
View File
File diff suppressed because one or more lines are too long
app/public/build/assets/DealDetailDrawer-CxDFVDuu.css
+1
View File
@@ -0,0 +1 @@
.hero-eyebrow[data-v-34aa2fc7]{text-transform:uppercase;letter-spacing:.06em;font-family:JetBrains Mono,ui-monospace,monospace}.hero-row[data-v-34aa2fc7]{justify-content:space-between;align-items:flex-start;gap:12px;display:flex}.hero-name[data-v-34aa2fc7]{font-variation-settings:"opsz" 24;letter-spacing:-.018em;color:#081319;line-height:1.2}.hero-meta[data-v-34aa2fc7]{flex-wrap:wrap;align-items:center;gap:6px;display:flex}.phone-link[data-v-34aa2fc7]{font-feature-settings:"tnum";color:#0f6e56;font-family:JetBrains Mono,ui-monospace,monospace;font-size:13px;text-decoration:none}.phone-link[data-v-34aa2fc7]:hover{text-decoration:underline}.hero-meta .sep[data-v-34aa2fc7]{color:#6b6356}.status-row[data-v-34aa2fc7]{display:flex}.status-dot[data-v-34aa2fc7]{border-radius:50%;width:6px;height:6px;margin-right:6px;display:inline-block}.section-title[data-v-ea3c482b]{color:#081319;font-weight:600}.timeline[data-v-ea3c482b]{flex-direction:column;gap:16px;margin:0;padding:0;list-style:none;display:flex}.timeline-item[data-v-ea3c482b]{align-items:flex-start;gap:12px;display:flex;position:relative}.timeline-item[data-v-ea3c482b]:before{content:"";background:#e8e3d6;width:1px;position:absolute;top:28px;bottom:-16px;left:11px}.timeline-item[data-v-ea3c482b]:last-child:before{display:none}.timeline-icon[data-v-ea3c482b]{color:#0f6e56;z-index:1;background:#e1eeea;border-radius:50%;flex-shrink:0;justify-content:center;align-items:center;width:24px;height:24px;display:flex}.timeline-body[data-v-ea3c482b]{flex:1;min-width:0}.timeline-head[data-v-ea3c482b]{justify-content:space-between;align-items:center;gap:8px;display:flex}.timeline-type[data-v-ea3c482b]{text-transform:uppercase;letter-spacing:.04em;font-size:11px}.timeline-time[data-v-ea3c482b]{font-family:JetBrains Mono,ui-monospace,monospace;font-size:11px}.timeline-detail[data-v-ea3c482b]{color:#081319;margin-top:2px;line-height:1.4}.timeline-actor[data-v-ea3c482b]{align-items:center;margin-top:4px;font-size:11px;display:flex}.drawer-content[data-v-0bcffee3]{flex-direction:column;display:flex}.section-title[data-v-0bcffee3]{color:#081319;font-weight:600}.params[data-v-0bcffee3]{grid-template-columns:1fr 1fr;gap:16px 12px;margin:0;display:grid}.param dt[data-v-0bcffee3]{margin-bottom:2px;font-size:11px}.param dd[data-v-0bcffee3]{color:#081319;margin:0}.param .link[data-v-0bcffee3]{color:#0f6e56;cursor:pointer}.param .link[data-v-0bcffee3]:hover{text-decoration:underline}.num[data-v-0bcffee3]{font-feature-settings:"tnum";font-family:JetBrains Mono,ui-monospace,monospace}.reminders-list[data-v-0bcffee3]{flex-direction:column;gap:6px;margin:0;padding:0;list-style:none;display:flex}.reminder-row[data-v-0bcffee3]{background:#fdfaf3;border:1px solid #e8e3d6;border-radius:6px;align-items:center;gap:8px;padding:6px 8px;display:flex}.reminder-body[data-v-0bcffee3]{flex:1;min-width:0}.reminder-text[data-v-0bcffee3]{color:#081319;font-size:13px;line-height:1.4}.reminder-meta[data-v-0bcffee3]{margin-top:2px}.deal-drawer[data-v-ac9a3618]{background:#fff}.deal-detail-inline[data-v-ac9a3618]{background:#fff;border:1px solid #e8e3d6;border-radius:8px;flex:0 0 400px;align-self:flex-start;width:400px;max-height:calc(100vh - 160px);position:sticky;top:16px;overflow-y:auto}
app/public/build/assets/DealDetailDrawer-thnZkO8o.js
+2
View File
File diff suppressed because one or more lines are too long
app/public/build/assets/DealsView-B8ffUVu6.css
+1
View File
@@ -0,0 +1 @@
.deals-filters[data-v-af2abc17]{flex-wrap:wrap;align-items:center;gap:12px;display:flex}.filters-search[data-v-af2abc17]{flex:240px;max-width:320px}.filters-select[data-v-af2abc17]{min-width:170px;max-width:220px}.num[data-v-acc61311]{font-feature-settings:"tnum";font-family:JetBrains Mono,ui-monospace,monospace;font-weight:500}.status-dot[data-v-acc61311]{border-radius:50%;width:6px;height:6px;margin-right:6px;display:inline-block}.bulk-bar[data-v-acc61311]{z-index:4;position:sticky;top:0}.bulk-bar-inner[data-v-acc61311]{align-items:center;gap:8px;padding:8px 12px;display:flex}.bulk-count[data-v-acc61311]{color:#f6f3ec;font-size:13px}.ld-status-pill[data-v-f6f91b1f]{border-radius:var(--radius-full);align-items:center;padding:3px 9px;font-size:11px;font-weight:500;transition:background .3s cubic-bezier(.16,1,.3,1),color .3s cubic-bezier(.16,1,.3,1);display:inline-flex}.deals-table-card[data-v-890aefe6]{background:#fff}.num[data-v-890aefe6]{font-feature-settings:"tnum";font-family:JetBrains Mono,ui-monospace,monospace}.cell-source[data-v-890aefe6]{flex-direction:column;line-height:1.3;display:flex}.source-project[data-v-890aefe6]{color:#081319;font-weight:500}.source-signal[data-v-890aefe6]{color:#6b6356;font-size:11px}.cell-comment[data-v-890aefe6]{text-overflow:ellipsis;white-space:nowrap;vertical-align:bottom;max-width:240px;display:inline-block;overflow:hidden}[data-v-890aefe6] .deals-row-active{background:#0f6e5612}.deals[data-v-200de09c]{max-width:1440px}.page-head[data-v-200de09c]{flex-wrap:wrap;justify-content:space-between;align-items:flex-start;gap:16px;display:flex}.page-title[data-v-200de09c]{font-variation-settings:"opsz" 28;letter-spacing:-.018em}.num[data-v-200de09c]{font-feature-settings:"tnum";font-family:JetBrains Mono,ui-monospace,monospace;font-weight:500}.export-panel[data-v-200de09c]{background:#fff}.export-panel-inner[data-v-200de09c]{flex-wrap:wrap;align-items:center;gap:12px;padding:12px 16px;display:flex}.export-label[data-v-200de09c]{color:#6b6356;flex-shrink:0}.date-input[data-v-200de09c]{max-width:170px}.perpage[data-v-200de09c]{align-items:center;gap:12px;display:flex}.deals-body[data-v-200de09c]{align-items:flex-start;gap:16px;display:flex}.deals-list[data-v-200de09c]{flex:auto;min-width:0}.tfoot[data-v-200de09c]{justify-content:center;display:flex}
app/public/build/assets/DealsView-DYU6bJRf.js
+1
View File
File diff suppressed because one or more lines are too long
app/public/build/assets/ErrorView-B1AkYAlt.js
+1
View File
File diff suppressed because one or more lines are too long
app/public/build/assets/ErrorView-BWlvWxcS.css
+1
View File
@@ -0,0 +1 @@
.top-brand[data-v-dae75305]{color:#fff;letter-spacing:-.01em;align-items:center;gap:10px;padding:24px 32px;font-size:16px;font-weight:600;text-decoration:none;display:inline-flex}.top-brand .mark[data-v-dae75305]{background:#ffffff0f;border-radius:5px;justify-content:center;align-items:center;width:24px;height:24px;display:inline-flex}.top-brand .dot[data-v-dae75305]{color:#32c8a9}.err-code[data-v-2c738e33]{color:#fff;letter-spacing:-.04em;margin:0 0 16px;font-family:JetBrains Mono,ui-monospace,monospace;font-size:96px;font-weight:600;line-height:1}.err-code .accent[data-v-2c738e33]{color:#32c8a9}.err-actions[data-v-19c1ad5a]{flex-wrap:wrap;justify-content:center;gap:12px;margin-bottom:24px;display:flex}.status-list[data-v-046e8c3e]{flex-wrap:wrap;justify-content:center;gap:16px;margin-bottom:16px;display:flex}.status-item[data-v-046e8c3e]{color:#b1c2bd;align-items:center;gap:6px;font-family:JetBrains Mono,ui-monospace,monospace;font-size:12px;display:inline-flex}.status-item .dot[data-v-046e8c3e]{border-radius:50%;width:8px;height:8px}.err-id[data-v-046e8c3e]{background:#ffffff0d;border-radius:6px;align-items:center;gap:8px;margin-bottom:12px;padding:6px 10px;display:inline-flex}.request-id[data-v-046e8c3e]{color:#fff;font-family:JetBrains Mono,ui-monospace,monospace;font-size:12px;font-weight:500}.err-help[data-v-046e8c3e]{color:#7a8c87;margin-top:16px}.err-help__link[data-v-046e8c3e]{color:#d3dad8;text-decoration:underline}.err-help__link[data-v-046e8c3e]:hover{color:#fff}.error-main[data-v-146e80bf]{color:#fff;background:#012019;flex-direction:column;min-height:100vh;display:flex}.error-content[data-v-146e80bf]{text-align:center;flex-direction:column;flex:1;justify-content:center;align-items:center;max-width:560px;margin:0 auto;padding:24px 32px 80px;display:flex}.err-title[data-v-146e80bf]{font-variation-settings:"opsz" 28;letter-spacing:-.018em;color:#fff;margin:0 0 12px;font-size:28px;font-weight:600}.err-desc[data-v-146e80bf]{color:#b1c2bd;margin:0 0 24px;font-size:15px;line-height:1.55}
app/public/build/assets/ForgotPasswordView-B4k_-M6Q.js
+1
View File
@@ -0,0 +1 @@
import{$r as e,An as t,Cn as n,Dn as r,Dr as i,Fn as a,Ln as o,On as s,Pn as c,Qn as l,br as u,kn as d,t as f,ur as p}from"./VBtn-jqIH42oB.js";import{a as m}from"./client-DciL1iD_.js";import{t as h}from"./VCard-C989ornn.js";import{L as g,mt as _,n as v,pt as y}from"./app-B35roqUp.js";import{t as b}from"./VForm-CfFpV0nz.js";var x=y(o({__name:`ForgotPasswordView`,setup(o){let y=u(``),x=u({}),S=u(!1),C=_(),w=r(()=>y.value.length>0&&/.+@.+/.test(y.value));async function T(){x.value={};try{await C.requestPasswordReset(y.value),S.value=!0}catch(e){let t=m(e);t?x.value=t:C.lockoutSeconds===null&&(x.value={email:[`Произошла ошибка. Попробуйте позже.`]})}}return(r,o)=>(l(),d(h,{variant:`flat`,"max-width":380,width:`100%`,color:`transparent`,class:`forgot-card`},{default:p(()=>[o[6]||=s(`header`,{class:`forgot-header`},[s(`h1`,{class:`text-h5 mb-1`},`Сброс пароля`),s(`p`,{class:`text-body-2 text-medium-emphasis ma-0`},` Введите email, на который зарегистрирован аккаунт. Отправим ссылку для сброса. `)],-1),S.value?(l(),d(g,{key:0,type:`success`,variant:`tonal`,density:`comfortable`,"data-testid":`forgot-success`},{default:p(()=>[...o[1]||=[c(` Если такой email зарегистрирован — мы отправили ссылку для сброса пароля. Проверьте почту в течение нескольких минут (письмо может попасть в спам). `,-1)]]),_:1})):t(``,!0),i(C).lockoutSeconds===null?t(``,!0):(l(),d(g,{key:1,type:`error`,variant:`tonal`,density:`compact`,"data-testid":`lockout-alert`},{default:p(()=>[c(` Слишком много попыток. Попробуйте через `+e(Math.ceil(i(C).lockoutSeconds/60))+` мин. `,1)]),_:1})),S.value?(l(),d(f,{key:3,to:{name:`login`},variant:`outlined`,block:``,size:`large`,"prepend-icon":`mdi-arrow-left`,class:`mt-2`},{default:p(()=>[...o[5]||=[c(` Назад ко входу `,-1)]]),_:1})):(l(),d(b,{key:2,class:`forgot-form`,onSubmit:n(T,[`prevent`])},{default:p(()=>[a(v,{modelValue:y.value,"onUpdate:modelValue":o[0]||=e=>y.value=e,label:`Email`,type:`email`,autocomplete:`email`,placeholder:`manager@yourcompany.ru`,variant:`outlined`,density:`comfortable`,required:``,"error-messages":x.value.email},null,8,[`modelValue`,`error-messages`]),a(g,{type:`info`,variant:`tonal`,density:`compact`,class:`mb-2 a11y-info-darker`},{default:p(()=>[...o[2]||=[c(` Лимит — `,-1),s(`strong`,null,`5 попыток в 15 минут`,-1),c(`. Если не пришло письмо — проверьте спам или попробуйте через 15 минут. `,-1)]]),_:1}),a(f,{type:`submit`,color:`primary`,block:``,size:`large`,variant:`flat`,disabled:!w.value,loading:i(C).loading},{default:p(()=>[...o[3]||=[c(` Отправить ссылку `,-1)]]),_:1},8,[`disabled`,`loading`]),a(f,{to:{name:`login`},variant:`outlined`,block:``,size:`large`,"prepend-icon":`mdi-arrow-left`},{default:p(()=>[...o[4]||=[c(` Назад ко входу `,-1)]]),_:1})]),_:1}))]),_:1}))}}),[[`__scopeId`,`data-v-d73708c4`]]);export{x as default};
app/public/build/assets/ForgotPasswordView-DyFTPkTd.css
+1
View File
@@ -0,0 +1 @@
.forgot-card[data-v-d73708c4]{flex-direction:column;gap:20px;display:flex}.a11y-info-darker[data-v-d73708c4] .v-alert__content,.a11y-info-darker[data-v-d73708c4] .v-alert__content strong{color:#2a5a6e}.forgot-header h1[data-v-d73708c4]{font-variation-settings:"opsz" 26;letter-spacing:-.018em}.forgot-form[data-v-d73708c4]{flex-direction:column;gap:8px;display:flex}
app/public/build/assets/ImportView-BnWk0en1.css
+1
View File
@@ -0,0 +1 @@
.v-file-input--hide.v-input .v-field,.v-file-input--hide.v-input .v-input__control,.v-file-input--hide.v-input .v-input__details{display:none}.v-file-input--hide.v-input .v-input__prepend{grid-area:control;margin:0 auto}.v-file-input--chips.v-input--density-compact .v-field--variant-solo .v-label.v-field-label--floating,.v-file-input--chips.v-input--density-compact .v-field--variant-solo-inverted .v-label.v-field-label--floating,.v-file-input--chips.v-input--density-compact .v-field--variant-filled .v-label.v-field-label--floating,.v-file-input--chips.v-input--density-compact .v-field--variant-solo-filled .v-label.v-field-label--floating{top:0}.v-file-input .v-field__input{word-break:break-word}.v-file-input input[type=file]{opacity:0;z-index:0;width:100%;height:100%;position:absolute;top:0;left:0}.v-file-input--dragging input[type=file]{z-index:1}.v-file-input .v-input__details{padding-inline:16px}.v-input--plain-underlined.v-file-input .v-input__details{padding-inline:0}.import-view[data-v-23888a08]{max-width:1100px}
app/public/build/assets/ImportView-yMz2uUGY.js
+1
View File
File diff suppressed because one or more lines are too long
app/public/build/assets/KanbanView-BVmpnApw.css
+1
View File
@@ -0,0 +1 @@
.kanban-card[data-v-e5129a9b]{cursor:pointer;background:#fff;transition:border-color .15s,transform .15s}.kanban-card[data-v-e5129a9b]:hover{transform:translateY(-1px);border-color:#66635c!important}.card-name[data-v-e5129a9b]{color:#081319;font-size:13px;font-weight:500;line-height:1.3}.card-phone[data-v-e5129a9b]{font-feature-settings:"tnum";font-family:JetBrains Mono,ui-monospace,monospace;font-size:11px}.card-meta[data-v-e5129a9b]{justify-content:space-between;align-items:center;display:flex}.card-project[data-v-e5129a9b]{color:#66635c;text-overflow:ellipsis;white-space:nowrap;max-width:60%;overflow:hidden}.card-cost[data-v-e5129a9b]{font-feature-settings:"tnum";color:#081319;font-family:JetBrains Mono,ui-monospace,monospace;font-size:12px;font-weight:500}.card-foot[data-v-e5129a9b]{align-items:center;display:flex}.num[data-v-e5129a9b]{font-feature-settings:"tnum";font-family:JetBrains Mono,ui-monospace,monospace}.kanban-column[data-v-4886dd38]{background:#f0ede4;border-radius:8px;flex-direction:column;flex:0 0 280px;width:280px;max-height:100%;display:flex}.column-head[data-v-4886dd38]{border-top:3px solid var(--accent);background:#f6f3ec;border-radius:8px 8px 0 0;padding:12px}.column-head-row[data-v-4886dd38]{justify-content:space-between;align-items:center;display:flex}.column-name[data-v-4886dd38]{color:#081319;letter-spacing:-.005em;font-size:13px;font-weight:600}.column-count[data-v-4886dd38]{font-feature-settings:"tnum";color:#66635c;background:#fff;border:1px solid #d9d5cd;border-radius:10px;padding:1px 8px;font-family:JetBrains Mono,ui-monospace,monospace;font-size:12px}.column-total[data-v-4886dd38]{font-feature-settings:"tnum";color:var(--accent);margin-top:2px;font-family:JetBrains Mono,ui-monospace,monospace;font-size:11px;font-weight:500}.column-body[data-v-4886dd38]{flex:auto;min-height:80px;padding:8px;overflow-y:auto}.column-empty[data-v-4886dd38]{text-align:center;color:#92907b;border:1px dashed #d9d5cd;border-radius:6px;margin-top:8px;padding:24px 0}.ghost-card[data-v-4886dd38]{opacity:.4;background:#e1eeea!important}.drag-card[data-v-4886dd38]{opacity:.95;transform:rotate(1deg)}.kanban[data-v-dcbc0809]{flex-direction:column;max-width:100%;height:100%;display:flex}.page-head[data-v-dcbc0809]{flex-wrap:wrap;justify-content:space-between;align-items:flex-start;gap:16px;display:flex}.page-title[data-v-dcbc0809]{font-variation-settings:"opsz" 28;letter-spacing:-.018em}.page-stats[data-v-dcbc0809]{flex-wrap:wrap;align-items:center;gap:6px;display:flex}.page-stats .sep[data-v-dcbc0809]{color:#6b6356}.num[data-v-dcbc0809]{font-feature-settings:"tnum";font-family:JetBrains Mono,ui-monospace,monospace;font-weight:500}.kanban-board[data-v-dcbc0809]{flex:auto;gap:12px;min-height:600px;padding-bottom:12px;display:flex;overflow:auto hidden}.kanban-board[data-v-dcbc0809]::-webkit-scrollbar{height:8px}.kanban-board[data-v-dcbc0809]::-webkit-scrollbar-track{background:0 0}.kanban-board[data-v-dcbc0809]::-webkit-scrollbar-thumb{background:#d9d5cd;border-radius:4px}.kanban-board[data-v-dcbc0809]::-webkit-scrollbar-thumb:hover{background:#92907b}
app/public/build/assets/KanbanView-O8wHuNKL.js
+13
View File
File diff suppressed because one or more lines are too long
app/public/build/assets/LegalDocView-CE20EIUG.css
+1
View File
@@ -0,0 +1 @@
.legal-card[data-v-46d32b6b]{flex-direction:column;gap:16px;display:flex}.legal-header h1[data-v-46d32b6b]{font-variation-settings:"opsz" 24;letter-spacing:-.01em}.legal-back[data-v-46d32b6b]{text-decoration:none}.legal-back[data-v-46d32b6b]:hover{text-decoration:underline}
app/public/build/assets/LegalDocView-DZ6xCptz.js
+1
View File
@@ -0,0 +1 @@
import{$r as e,Dn as t,Fn as n,Ln as r,On as i,Pn as a,Qn as o,kn as s,nr as c,ur as l}from"./VBtn-jqIH42oB.js";import{t as u}from"./VCard-C989ornn.js";import{L as d,pt as f,xt as p}from"./app-B35roqUp.js";var m={class:`legal-header`},h={class:`text-h5 mb-1`},g={class:`text-body-2 text-medium-emphasis ma-0`},_=f(r({__name:`LegalDocView`,setup(r){let f={offer:{title:`Договор-оферта`,intro:`Публичная оферта на оказание услуг сервиса «Лидерра» — условия использования платформы, права и обязанности сторон, порядок оплаты.`},privacy:{title:`Политика конфиденциальности`,intro:`Порядок обработки и защиты персональных данных пользователей сервиса «Лидерра» в соответствии с Федеральным законом № 152-ФЗ «О персональных данных».`}},_=p(),v=t(()=>String(_.params.doc)===`privacy`?f.privacy:f.offer);return(t,r)=>{let f=c(`RouterLink`);return o(),s(u,{variant:`flat`,"max-width":480,width:`100%`,color:`transparent`,class:`legal-card`},{default:l(()=>[i(`header`,m,[i(`h1`,h,e(v.value.title),1),i(`p`,g,e(v.value.intro),1)]),n(d,{type:`info`,variant:`tonal`,density:`compact`,role:`note`,"data-testid":`legal-stub-notice`},{default:l(()=>[...r[0]||=[a(` Финальная редакция документа готовится и будет опубликована до запуска сервиса. `,-1)]]),_:1}),n(f,{to:`/login`,class:`text-body-2 text-primary legal-back`},{default:l(()=>[...r[1]||=[a(`← Вернуться ко входу`,-1)]]),_:1})]),_:1})}}}),[[`__scopeId`,`data-v-46d32b6b`]]);export{_ as default};
app/public/build/assets/LoginView-4yMLjhKn.js
+1
View File
@@ -0,0 +1 @@
import{$r as e,An as t,Cn as n,Dr as r,Fn as i,Ln as a,On as o,Pn as s,Qn as c,Sn as l,U as u,Un as d,br as f,kn as p,nr as m,t as h,ur as g}from"./VBtn-jqIH42oB.js";import{a as _}from"./client-DciL1iD_.js";import{t as v}from"./VCard-C989ornn.js";import{F as y,L as b,St as x,mt as S,n as C,pt as w}from"./app-B35roqUp.js";import{t as T}from"./VForm-CfFpV0nz.js";import{t as E}from"./VTooltip-B_F7vkTJ.js";var D={class:`login-header`},O={class:`text-body-2 text-medium-emphasis ma-0`},k={class:`d-flex justify-end mb-2`},A=w(a({__name:`LoginView`,setup(a){let w=f(``),A=f(``),j=f(!1),M=f({}),N=S(),P=x();async function F(){M.value={};try{let e=await N.login({email:w.value,password:A.value});await P.push(e.requires_2fa?`/2fa`:`/dashboard`)}catch(e){let t=_(e);t?M.value=t:M.value={email:[`Произошла ошибка. Попробуйте позже.`]}}}return(a,f)=>{let _=m(`RouterLink`);return c(),p(v,{variant:`flat`,"max-width":380,width:`100%`,color:`transparent`,class:`login-card`},{default:g(()=>[o(`header`,D,[f[7]||=o(`h1`,{class:`text-h5 mb-1`},`Вход в Лидерру`,-1),o(`p`,O,[f[6]||=s(` Нет аккаунта? `,-1),i(_,{to:`/register`,class:`text-primary`},{default:g(()=>[...f[5]||=[s(` Зарегистрируйтесь `,-1)]]),_:1})])]),r(N).lockoutSeconds===null?t(``,!0):(c(),p(b,{key:0,type:`error`,variant:`tonal`,density:`compact`,class:`mb-3`,"data-testid":`lockout-alert`},{default:g(()=>[s(` Слишком много попыток. Попробуйте через `+e(Math.ceil(r(N).lockoutSeconds/60))+` мин. `,1)]),_:1})),i(T,{class:`login-form`,onSubmit:n(F,[`prevent`])},{default:g(()=>[i(C,{modelValue:w.value,"onUpdate:modelValue":f[0]||=e=>w.value=e,label:`Email`,type:`email`,autocomplete:`email`,placeholder:`manager@yourcompany.ru`,variant:`outlined`,density:`comfortable`,required:``,"error-messages":M.value.email},null,8,[`modelValue`,`error-messages`]),i(C,{modelValue:A.value,"onUpdate:modelValue":f[4]||=e=>A.value=e,label:`Пароль`,type:j.value?`text`:`password`,autocomplete:`current-password`,placeholder:`Минимум 8 символов`,variant:`outlined`,density:`comfortable`,required:``,"error-messages":M.value.password},{"append-inner":g(()=>[i(u,{class:`password-toggle`,icon:j.value?`mdi-eye-off`:`mdi-eye`,"aria-label":j.value?`Скрыть пароль`:`Показать пароль`,role:`button`,tabindex:`0`,onClick:f[1]||=e=>j.value=!j.value,onKeydown:[f[2]||=l(n(e=>j.value=!j.value,[`prevent`]),[`enter`]),f[3]||=l(n(e=>j.value=!j.value,[`prevent`]),[`space`])]},null,8,[`icon`,`aria-label`])]),_:1},8,[`modelValue`,`type`,`error-messages`]),o(`div`,k,[i(_,{to:`/forgot`,class:`text-body-2 text-primary`},{default:g(()=>[...f[8]||=[s(` Забыли пароль? `,-1)]]),_:1})]),i(h,{type:`submit`,color:`primary`,block:``,size:`large`,variant:`flat`,loading:r(N).loading},{default:g(()=>[...f[9]||=[s(` Войти `,-1)]]),_:1},8,[`loading`]),i(y,{class:`my-4`},{default:g(()=>[...f[10]||=[o(`span`,{class:`text-caption text-medium-emphasis`},`или`,-1)]]),_:1}),i(E,{text:`Вход через Yandex 360 станет доступен после регистрации юр. лица (Б-1).`,location:`top`},{activator:g(({props:e})=>[o(`div`,d(e,{class:`yandex-sso-wrap`}),[i(h,{block:``,size:`large`,variant:`outlined`,disabled:``},{default:g(()=>[...f[11]||=[s(` Войти через Yandex 360 `,-1)]]),_:1})],16)]),_:1})]),_:1})]),_:1})}}}),[[`__scopeId`,`data-v-d91dee69`]]);export{A as default};
app/public/build/assets/LoginView-CdV1bxFt.css
+1
View File
@@ -0,0 +1 @@
.login-card[data-v-d91dee69]{flex-direction:column;gap:20px;display:flex}.login-header h1[data-v-d91dee69]{font-variation-settings:"opsz" 26;letter-spacing:-.018em}.login-form[data-v-d91dee69]{flex-direction:column;gap:4px;display:flex}.yandex-sso-wrap[data-v-d91dee69]{width:100%}.password-toggle[data-v-d91dee69]:focus-visible{outline-offset:1px;border-radius:2px;outline:2px solid}
app/public/build/assets/ProjectsView-BSzFagMZ.js
+2
View File
File diff suppressed because one or more lines are too long
app/public/build/assets/ProjectsView-IGX-SWdA.css
+1
View File
File diff suppressed because one or more lines are too long
app/public/build/assets/RegisterView-CYTKT2HD.js
+1
View File
@@ -0,0 +1 @@
import{$r as e,An as t,Cn as n,Dn as r,Dr as i,Fn as a,Ln as o,On as s,Pn as c,Qn as l,Sn as u,U as d,br as f,jn as p,kn as m,nr as h,p as g,t as _,ur as v}from"./VBtn-jqIH42oB.js";import{a as y}from"./client-DciL1iD_.js";import{t as b}from"./VCard-C989ornn.js";import{St as x,mt as S,n as C,pt as w}from"./app-B35roqUp.js";import{t as T}from"./VForm-CfFpV0nz.js";import{t as E}from"./VCheckbox-C5b-N6kS.js";var D={class:`register-header`},O={class:`text-body-2 text-medium-emphasis ma-0`},k={key:0,class:`strength-block mb-2`},A={class:`text-caption text-medium-emphasis`},j={class:`checks`},M=w(o({__name:`RegisterView`,setup(o){let w=f(``),M=f(``),N=f(!1),P=f(!1),F=f(!1),I=f({}),L=S(),R=x(),z=r(()=>{let e=M.value;if(!e)return 0;let t=0;return e.length>=8&&t++,/[A-ZА-Я]/.test(e)&&/[a-zа-я]/.test(e)&&t++,/\d/.test(e)&&t++,/[^A-Za-zА-Яа-я0-9]/.test(e)&&t++,t}),B=r(()=>[``,`Слабый`,`Средний`,`Хороший`,`Надёжный`][z.value]),V=r(()=>[``,`error`,`warning`,`info`,`success`][z.value]),H=r(()=>w.value.length>0&&M.value.length>=8&&P.value&&F.value);async function U(){I.value={};try{let e=await L.register({email:w.value,password:M.value,accept_offer:P.value,accept_pdn:F.value});await R.push(e.requires_2fa?`/2fa`:`/dashboard`)}catch(e){let t=y(e);t?I.value=t:I.value={email:[`Произошла ошибка. Попробуйте позже.`]}}}return(r,o)=>{let f=h(`RouterLink`);return l(),m(b,{variant:`flat`,"max-width":380,width:`100%`,color:`transparent`,class:`register-card`},{default:v(()=>[s(`header`,D,[o[9]||=s(`h1`,{class:`text-h5 mb-1`},`Создать аккаунт`,-1),s(`p`,O,[o[8]||=c(` Уже есть? `,-1),a(f,{to:`/login`,class:`text-primary`},{default:v(()=>[...o[7]||=[c(` Войдите `,-1)]]),_:1})])]),a(T,{class:`register-form`,onSubmit:n(U,[`prevent`])},{default:v(()=>[a(C,{modelValue:w.value,"onUpdate:modelValue":o[0]||=e=>w.value=e,label:`Рабочий email`,type:`email`,autocomplete:`email`,placeholder:`manager@yourcompany.ru`,variant:`outlined`,density:`comfortable`,required:``,"error-messages":I.value.email},null,8,[`modelValue`,`error-messages`]),a(C,{modelValue:M.value,"onUpdate:modelValue":o[4]||=e=>M.value=e,label:`Пароль`,type:N.value?`text`:`password`,autocomplete:`new-password`,placeholder:`Минимум 8 символов`,variant:`outlined`,density:`comfortable`,required:``,"error-messages":I.value.password},{"append-inner":v(()=>[a(d,{class:`password-toggle`,icon:N.value?`mdi-eye-off`:`mdi-eye`,"aria-label":N.value?`Скрыть пароль`:`Показать пароль`,role:`button`,tabindex:`0`,onClick:o[1]||=e=>N.value=!N.value,onKeydown:[o[2]||=u(n(e=>N.value=!N.value,[`prevent`]),[`enter`]),o[3]||=u(n(e=>N.value=!N.value,[`prevent`]),[`space`])]},null,8,[`icon`,`aria-label`])]),_:1},8,[`modelValue`,`type`,`error-messages`]),M.value?(l(),p(`div`,k,[a(g,{"model-value":z.value/4*100,color:V.value,height:`4`,rounded:``},null,8,[`model-value`,`color`]),s(`span`,A,e(B.value),1)])):t(``,!0),s(`div`,j,[a(E,{modelValue:P.value,"onUpdate:modelValue":o[5]||=e=>P.value=e,density:`compact`,"hide-details":``,color:`primary`},{label:v(()=>[...o[10]||=[s(`span`,{class:`text-body-2`},[c(` Принимаю `),s(`a`,{href:`/legal/offer`,class:`text-primary`,target:`_blank`,rel:`noopener`},`оферту`)],-1)]]),_:1},8,[`modelValue`]),a(E,{modelValue:F.value,"onUpdate:modelValue":o[6]||=e=>F.value=e,density:`compact`,"hide-details":``,color:`primary`},{label:v(()=>[...o[11]||=[s(`span`,{class:`text-body-2`},[c(` Согласен с `),s(`a`,{href:`/legal/privacy`,class:`text-primary`,target:`_blank`,rel:`noopener`},` политикой обработки персональных данных `)],-1)]]),_:1},8,[`modelValue`])]),a(_,{type:`submit`,color:`primary`,block:``,size:`large`,variant:`flat`,disabled:!H.value,loading:i(L).loading},{default:v(()=>[...o[12]||=[c(` Создать аккаунт `,-1)]]),_:1},8,[`disabled`,`loading`])]),_:1})]),_:1})}}}),[[`__scopeId`,`data-v-64384ef1`]]);export{M as default};
app/public/build/assets/RegisterView-DBzGL2kQ.css
+1
View File
@@ -0,0 +1 @@
.register-card[data-v-64384ef1]{flex-direction:column;gap:16px;display:flex}.register-header h1[data-v-64384ef1]{font-variation-settings:"opsz" 26;letter-spacing:-.018em}.register-form[data-v-64384ef1],.strength-block[data-v-64384ef1]{flex-direction:column;gap:4px;display:flex}.checks[data-v-64384ef1]{flex-direction:column;gap:4px;margin-bottom:8px;display:flex}.password-toggle[data-v-64384ef1]:focus-visible{outline-offset:1px;border-radius:2px;outline:2px solid}
app/public/build/assets/ReminderDialog-YMgnzV_T.css
+1
View File
@@ -0,0 +1 @@
.datetime-row[data-v-963ac491]{flex-direction:column;gap:6px;margin-top:8px;display:flex}.datetime-label[data-v-963ac491]{color:#66635c;font-size:12px;font-weight:500}.datetime-input[data-v-963ac491]{background:#fff;border:1px solid #d9d5cd;border-radius:6px;width:100%;padding:10px 12px;font-family:inherit;font-size:14px}.datetime-input[data-v-963ac491]:focus{outline-offset:-1px;border-color:#0f6e56;outline:2px solid #0f6e56}
app/public/build/assets/ReminderDialog-vWjIpqlW.js
+1
View File
@@ -0,0 +1 @@
import{$r as e,An as t,Cn as n,Dn as r,Fn as i,Hn as a,Ln as o,On as s,Pn as c,Qn as l,ar as u,bn as d,br as f,cr as p,dr as m,kn as h,t as g,ur as _}from"./VBtn-jqIH42oB.js";import{i as v,n as y,o as b,t as x}from"./VCard-C989ornn.js";import{L as S,M as C,i as w,pt as T,y as E}from"./app-B35roqUp.js";import{t as D}from"./VForm-CfFpV0nz.js";import{t as O}from"./VTextarea-D7tbGrFk.js";var k={class:`datetime-row`},A=T(o({__name:`ReminderDialog`,props:a({dealId:{},reminder:{}},{modelValue:{type:Boolean,required:!0},modelModifiers:{}}),emits:a([`saved`],[`update:modelValue`]),setup(a,{emit:o}){let T=u(a,`modelValue`),A=a,j=o,M=E(),N=r(()=>A.reminder!==null&&A.reminder!==void 0),P=r(()=>N.value?`Редактировать напоминание`:`Новое напоминание`),F=f(``),I=f(``),L=f(null),R=f(!1);function z(){let e=new Date(Date.now()+3600*1e3),t=e=>String(e).padStart(2,`0`);return`${e.getFullYear()}-${t(e.getMonth()+1)}-${t(e.getDate())}T${t(e.getHours())}:${t(e.getMinutes())}`}function B(e){if(!e)return z();let t=new Date(e),n=e=>String(e).padStart(2,`0`);return`${t.getFullYear()}-${n(t.getMonth()+1)}-${n(t.getDate())}T${n(t.getHours())}:${n(t.getMinutes())}`}p(T,e=>{e&&(N.value&&A.reminder?(F.value=A.reminder.text??``,I.value=B(A.reminder.remind_at)):(F.value=``,I.value=z()),L.value=null)},{immediate:!0});async function V(){if(L.value=null,!I.value){L.value=`Укажите дату и время напоминания.`;return}let e=new Date(I.value).toISOString();R.value=!0;try{let t=null;if(N.value&&A.reminder)t=await M.update(A.reminder.id,{text:F.value.trim()||null,remind_at:e});else{if(!A.dealId){L.value=`Не указан deal_id для создания.`;return}t=await M.create({deal_id:A.dealId,text:F.value.trim()||null,remind_at:e})}if(t===null){L.value=`Не удалось сохранить. Попробуйте позже.`;return}j(`saved`,t),T.value=!1}finally{R.value=!1}}function H(){T.value=!1}return(r,a)=>(l(),h(w,{modelValue:T.value,"onUpdate:modelValue":a[2]||=e=>T.value=e,"max-width":`480`,persistent:``},{default:_(()=>[i(x,null,{default:_(()=>[i(v,null,{default:_(()=>[c(e(P.value),1)]),_:1}),i(y,null,{default:_(()=>[i(D,{onSubmit:n(V,[`prevent`])},{default:_(()=>[i(O,{modelValue:F.value,"onUpdate:modelValue":a[0]||=e=>F.value=e,label:`Описание`,placeholder:`Перезвонить клиенту, обсудить условия...`,rows:`3`,counter:``,maxlength:`255`,"data-testid":`reminder-text`},null,8,[`modelValue`]),s(`div`,k,[a[3]||=s(`label`,{class:`datetime-label`,for:`reminder-at-input`},`Когда напомнить`,-1),m(s(`input`,{id:`reminder-at-input`,"onUpdate:modelValue":a[1]||=e=>I.value=e,type:`datetime-local`,class:`datetime-input`,"data-testid":`reminder-at`},null,512),[[d,I.value]])]),L.value?(l(),h(S,{key:0,type:`warning`,variant:`tonal`,density:`compact`,class:`mt-3`,"data-testid":`reminder-error`},{default:_(()=>[c(e(L.value),1)]),_:1})):t(``,!0)]),_:1})]),_:1}),i(b,null,{default:_(()=>[i(C),i(g,{variant:`text`,onClick:H},{default:_(()=>[...a[4]||=[c(`Отмена`,-1)]]),_:1}),i(g,{color:`primary`,loading:R.value,"data-testid":`reminder-submit`,onClick:V},{default:_(()=>[c(e(N.value?`Сохранить`:`Создать`),1)]),_:1},8,[`loading`])]),_:1})]),_:1})]),_:1},8,[`modelValue`]))}}),[[`__scopeId`,`data-v-963ac491`]]);export{A as default};
app/public/build/assets/RemindersView-C_6LqRUJ.css
+1
View File
@@ -0,0 +1 @@
.tab-chip[data-v-3580525e]{font-feature-settings:"tnum";font-family:JetBrains Mono,ui-monospace,monospace}.reminders-list-card[data-v-8540cfc6]{min-height:200px}.empty-state[data-v-8540cfc6]{text-align:center;color:#66635c;padding:40px 16px;font-size:14px}.empty-hint[data-v-8540cfc6]{color:#6b6356;margin-top:6px;font-size:12px}.reminder-row[data-v-8540cfc6]{border-bottom:1px solid #f0ede4}.reminder-overdue .reminder-meta span:first-of-type+span[data-v-8540cfc6]{color:#b94837;font-weight:500}.reminder-completed .reminder-title[data-v-8540cfc6]{color:#9a9690;text-decoration:line-through}.reminder-title[data-v-8540cfc6]{font-weight:500}.reminder-meta[data-v-8540cfc6]{color:#66635c;margin-top:2px;font-size:12px}.deal-link[data-v-8540cfc6]{color:#0f6e56;font-family:JetBrains Mono,ui-monospace,monospace;text-decoration:none}.deal-link[data-v-8540cfc6]:hover{text-decoration:underline}.reminders-view[data-v-cd3f2c2f]{padding-top:24px;padding-bottom:32px}.page-head[data-v-cd3f2c2f]{align-items:center;gap:16px;margin-bottom:16px;display:flex}.page-title[data-v-cd3f2c2f]{flex-shrink:0;margin:0;font-size:24px;font-weight:600}.page-meta[data-v-cd3f2c2f]{flex:1;gap:16px;display:flex}.page-stat[data-v-cd3f2c2f]{color:#66635c;align-items:baseline;gap:4px;font-size:13px;display:flex}.page-stat strong[data-v-cd3f2c2f]{font-feature-settings:"tnum";color:#081319;font-family:JetBrains Mono,ui-monospace,monospace;font-size:16px}.page-stat.overdue strong[data-v-cd3f2c2f]{color:#b94837}
app/public/build/assets/RemindersView-DbknnZwN.js
+2
View File
File diff suppressed because one or more lines are too long
app/public/build/assets/ReportsView-BCrcn0XE.css
+1
View File
@@ -0,0 +1 @@
.panel[data-v-e13bf82b]{background:#fff}.field-block[data-v-e13bf82b]{margin-top:8px}.field-label[data-v-e13bf82b]{color:#66635c;text-transform:uppercase;letter-spacing:.04em;margin-bottom:8px;font-family:JetBrains Mono,ui-monospace,monospace;font-size:12px;font-weight:500;display:block}.type-grid[data-v-e13bf82b]{grid-template-columns:repeat(auto-fit,minmax(220px,1fr));gap:8px;display:grid}.tc-card[data-v-e13bf82b]{cursor:pointer;padding:12px;transition:border-color .15s,background .15s}.tc-card[data-v-e13bf82b]:hover{border-color:#66635c!important}.tc-card.active[data-v-e13bf82b]{background:#e1eeea!important;border-color:#0f6e56!important}.tc-name[data-v-e13bf82b]{color:#081319;font-weight:600}.fmt-row[data-v-e13bf82b]{flex-wrap:wrap;gap:8px;display:flex}.num-field[data-v-e13bf82b] input{font-feature-settings:"tnum";font-family:JetBrains Mono,ui-monospace,monospace}.panel[data-v-9221735d]{background:#fff}.panel-h[data-v-9221735d]{flex-wrap:wrap;justify-content:space-between;align-items:flex-start;gap:12px;display:flex}.empty-state[data-v-9221735d]{font-size:14px}.jobs-list[data-v-9221735d]{list-style:none}.job-row[data-v-9221735d]{border-bottom:1px solid #f0ede4;grid-template-columns:auto 1fr auto auto;align-items:center;gap:12px;padding:14px 16px;display:grid}.job-row[data-v-9221735d]:last-child{border-bottom:none}.job-icon[data-v-9221735d]{flex-shrink:0}.job-info[data-v-9221735d]{min-width:0}.job-title[data-v-9221735d]{color:#081319;font-weight:500;line-height:1.3}.job-meta[data-v-9221735d]{font-feature-settings:"tnum";margin-top:2px;font-family:JetBrains Mono,ui-monospace,monospace;font-size:11px}.job-actions[data-v-9221735d]{gap:4px;display:flex}.reports[data-v-114ed593]{max-width:1440px}.page-head[data-v-114ed593]{flex-wrap:wrap;justify-content:space-between;align-items:flex-start;gap:12px;display:flex}.page-title[data-v-114ed593]{font-variation-settings:"opsz" 28;letter-spacing:-.018em}.page-stats[data-v-114ed593]{flex-wrap:wrap;align-items:center;gap:6px;display:flex}.page-stats .sep[data-v-114ed593]{color:#6b6356}.num[data-v-114ed593]{font-feature-settings:"tnum";font-family:JetBrains Mono,ui-monospace,monospace;font-weight:500}
app/public/build/assets/ReportsView-VPZju9bK.js
+1
View File
File diff suppressed because one or more lines are too long
app/public/build/assets/ResetPasswordView-BunpJpi_.css
+1
View File
@@ -0,0 +1 @@
.reset-card[data-v-9f6d3b04]{flex-direction:column;gap:20px;display:flex}.reset-header h1[data-v-9f6d3b04]{font-variation-settings:"opsz" 26;letter-spacing:-.018em}.reset-form[data-v-9f6d3b04]{flex-direction:column;gap:8px;display:flex}.password-toggle[data-v-9f6d3b04]:focus-visible{outline-offset:1px;border-radius:2px;outline:2px solid}
app/public/build/assets/ResetPasswordView-JCL0FBhH.js
+1
View File
@@ -0,0 +1 @@
import{$r as e,An as t,Cn as n,Dn as r,Dr as i,Fn as a,Ln as o,On as s,Pn as c,Qn as l,Sn as u,U as d,br as f,kn as p,t as m,ur as h}from"./VBtn-jqIH42oB.js";import{a as g}from"./client-DciL1iD_.js";import{t as _}from"./VCard-C989ornn.js";import{L as v,St as y,mt as b,n as x,pt as S,xt as C}from"./app-B35roqUp.js";import{t as w}from"./VForm-CfFpV0nz.js";var T=S(o({__name:`ResetPasswordView`,setup(o){let S=C(),T=y(),E=b(),D=r(()=>String(S.params.token??``)),O=f(typeof S.query.email==`string`?S.query.email:``),k=f(``),A=f(``),j=f(!1),M=f({}),N=f(!1),P=r(()=>D.value.length>0&&O.value.length>0&&k.value.length>=10&&k.value===A.value),F=r(()=>A.value.length>0&&k.value!==A.value?[`Пароли не совпадают`]:M.value.password_confirmation??[]);async function I(){M.value={};try{await E.resetPassword({token:D.value,email:O.value,password:k.value,password_confirmation:A.value}),N.value=!0,setTimeout(()=>T.push(`/login`),3e3)}catch(e){let t=g(e);t?M.value=t:E.lockoutSeconds===null&&(M.value={email:[`Произошла ошибка. Попробуйте позже.`]})}}return(r,o)=>(l(),p(_,{variant:`flat`,"max-width":380,width:`100%`,color:`transparent`,class:`reset-card`},{default:h(()=>[o[9]||=s(`header`,{class:`reset-header`},[s(`h1`,{class:`text-h5 mb-1`},`Новый пароль`),s(`p`,{class:`text-body-2 text-medium-emphasis ma-0`},`Установите новый пароль для вашего аккаунта.`)],-1),N.value?(l(),p(v,{key:0,type:`success`,variant:`tonal`,density:`comfortable`,"data-testid":`reset-success`},{default:h(()=>[...o[6]||=[c(` Пароль успешно изменён. Сейчас вы будете перенаправлены на страницу входа. `,-1)]]),_:1})):t(``,!0),i(E).lockoutSeconds===null?t(``,!0):(l(),p(v,{key:1,type:`error`,variant:`tonal`,density:`compact`,"data-testid":`lockout-alert`},{default:h(()=>[c(` Слишком много попыток. Попробуйте через `+e(Math.ceil(i(E).lockoutSeconds/60))+` мин. `,1)]),_:1})),N.value?t(``,!0):(l(),p(w,{key:2,class:`reset-form`,onSubmit:n(I,[`prevent`])},{default:h(()=>[a(x,{modelValue:O.value,"onUpdate:modelValue":o[0]||=e=>O.value=e,label:`Email`,type:`email`,autocomplete:`email`,variant:`outlined`,density:`comfortable`,required:``,"error-messages":M.value.email},null,8,[`modelValue`,`error-messages`]),a(x,{modelValue:k.value,"onUpdate:modelValue":o[4]||=e=>k.value=e,label:`Новый пароль`,type:j.value?`text`:`password`,autocomplete:`new-password`,placeholder:`Минимум 10 символов`,variant:`outlined`,density:`comfortable`,required:``,"error-messages":M.value.password},{"append-inner":h(()=>[a(d,{class:`password-toggle`,icon:j.value?`mdi-eye-off`:`mdi-eye`,"aria-label":j.value?`Скрыть пароль`:`Показать пароль`,role:`button`,tabindex:`0`,onClick:o[1]||=e=>j.value=!j.value,onKeydown:[o[2]||=u(n(e=>j.value=!j.value,[`prevent`]),[`enter`]),o[3]||=u(n(e=>j.value=!j.value,[`prevent`]),[`space`])]},null,8,[`icon`,`aria-label`])]),_:1},8,[`modelValue`,`type`,`error-messages`]),a(x,{modelValue:A.value,"onUpdate:modelValue":o[5]||=e=>A.value=e,label:`Повторите пароль`,type:j.value?`text`:`password`,autocomplete:`new-password`,variant:`outlined`,density:`comfortable`,required:``,"error-messages":F.value},null,8,[`modelValue`,`type`,`error-messages`]),a(m,{type:`submit`,color:`primary`,block:``,size:`large`,variant:`flat`,disabled:!P.value,loading:i(E).loading},{default:h(()=>[...o[7]||=[c(` Сохранить пароль `,-1)]]),_:1},8,[`disabled`,`loading`]),a(m,{to:{name:`login`},variant:`text`,block:``,size:`small`,"prepend-icon":`mdi-arrow-left`},{default:h(()=>[...o[8]||=[c(` Вернуться ко входу `,-1)]]),_:1})]),_:1}))]),_:1}))}}),[[`__scopeId`,`data-v-9f6d3b04`]]);export{T as default};
app/public/build/assets/SettingsView-D-TWhVeA.js
+1
View File
File diff suppressed because one or more lines are too long
app/public/build/assets/SettingsView-r1nmDzf9.css
+1
View File
@@ -0,0 +1 @@
.tab-title[data-v-0944a357],.tab-title[data-v-a1a18cd1]{font-variation-settings:"opsz" 18;letter-spacing:-.005em}.prefs-table[data-v-a1a18cd1]{border:1px solid #e8e3d6;border-radius:8px;overflow:hidden}.prefs-head[data-v-a1a18cd1],.prefs-row[data-v-a1a18cd1]{grid-template-columns:1fr 110px 110px 130px;align-items:center;display:grid}.prefs-head[data-v-a1a18cd1]{text-transform:uppercase;letter-spacing:.06em;color:#66635c;background:#f6f3ec;font-family:JetBrains Mono,ui-monospace,monospace;font-size:11px}.prefs-row[data-v-a1a18cd1]{border-top:1px solid #f0ede4}.prefs-cell[data-v-a1a18cd1]{padding:10px 12px}.event-col[data-v-a1a18cd1]{color:#081319;font-size:13px}.event-desc[data-v-a1a18cd1]{color:#66635c;margin-top:2px;font-size:11px}.ch-col[data-v-a1a18cd1]{text-align:center;justify-content:center;display:flex}.actions-row[data-v-a1a18cd1]{gap:12px;margin-top:8px;display:flex}.tab-title[data-v-7154ff08]{font-variation-settings:"opsz" 18;letter-spacing:-.005em}.profile-row[data-v-7154ff08]{align-items:flex-start}.codes-grid[data-v-4232e9dd]{grid-template-columns:repeat(2,1fr);gap:8px;display:grid}.code-item[data-v-4232e9dd]{text-align:center;letter-spacing:.06em;background:#f6f3ec;border-radius:6px;padding:8px 12px;font-size:14px}.codes-grid[data-v-eb879996]{grid-template-columns:repeat(2,1fr);gap:8px;display:grid}.code-item[data-v-eb879996]{text-align:center;letter-spacing:.06em;background:#f6f3ec;border-radius:6px;padding:8px 12px;font-size:14px}.sessions-list[data-v-9a36d248]{margin:0;padding:0;list-style:none}.session-row[data-v-9a36d248]{border-bottom:1px solid #f0ede4;justify-content:space-between;align-items:center;padding:10px 0;display:flex}.session-row[data-v-9a36d248]:last-child{border-bottom:none}.session-device[data-v-9a36d248]{color:#081319;font-weight:500}.tab-title[data-v-e4d722bf]{font-variation-settings:"opsz" 18;letter-spacing:-.005em}.settings[data-v-5e38d680]{max-width:1440px}.page-title[data-v-5e38d680]{font-variation-settings:"opsz" 28;letter-spacing:-.018em}.tabs-rail[data-v-5e38d680]{background:#fff}.tab-pane[data-v-5e38d680]{background:#fff;min-height:480px}
app/public/build/assets/TenantBalanceDialog-HtYTXez2.js
+1
View File
File diff suppressed because one or more lines are too long
app/public/build/assets/TenantBalanceDialog-olbu5Nul.css
+1
View File
@@ -0,0 +1 @@
.font-mono[data-v-4e777c99],.num[data-v-02465db2]{font-feature-settings:"tnum";font-family:JetBrains Mono,ui-monospace,monospace}
app/public/build/assets/TwoFactorView-D6RfmN-N.css
+1
View File
@@ -0,0 +1 @@
.twofactor-card[data-v-a87d6667]{flex-direction:column;gap:20px;display:flex}.twofactor-header h1[data-v-a87d6667]{font-variation-settings:"opsz" 26;letter-spacing:-.018em}.twofactor-form[data-v-a87d6667]{flex-direction:column;gap:16px;display:flex}.code-row[data-v-a87d6667]{justify-content:space-between;gap:8px;display:flex}.code-cell[data-v-a87d6667]{text-align:center;color:#081319;background:#fff;border:1px solid #d9d5cd;border-radius:8px;width:48px;height:56px;font-family:JetBrains Mono,ui-monospace,monospace;font-size:22px;font-weight:500;transition:border-color .15s}.code-cell[data-v-a87d6667]:focus{border-color:#0f6e56;outline:none;box-shadow:0 0 0 2px #0f6e5633}.font-mono[data-v-a87d6667]{font-feature-settings:"tnum";font-family:JetBrains Mono,ui-monospace,monospace}
app/public/build/assets/TwoFactorView-D7O1S0CR.js
+1
View File
@@ -0,0 +1 @@
import{$r as e,An as t,Cn as n,Dn as r,Dr as i,Fn as a,Ln as o,On as s,Pn as c,Qn as l,Wn as u,Xn as d,Zn as f,bn as p,br as m,dr as h,er as g,jn as _,kn as v,nr as y,or as b,t as x,ur as S,wn as C}from"./VBtn-jqIH42oB.js";import{a as w}from"./client-DciL1iD_.js";import{t as T}from"./VCard-C989ornn.js";import{L as E,St as D,mt as O,pt as k}from"./app-B35roqUp.js";import{t as A}from"./VForm-CfFpV0nz.js";var j={class:`twofactor-header`},M={class:`text-body-2 text-medium-emphasis ma-0`},N=[`onUpdate:modelValue`,`aria-label`,`onInput`,`onKeydown`],P={key:0,class:`text-error text-caption mb-1`},F={class:`d-flex justify-space-between align-center mb-2`},I=[`title`],L=k(o({__name:`TwoFactorView`,setup(o){let k=m([``,``,``,``,``,``]),L=b(`inputs`),R=r(()=>k.value.join(``)),z=r(()=>R.value.length===6&&/^\d{6}$/.test(R.value)),B=m({}),V=O(),H=D(),U=r(()=>V.user?.email??`аккаунт`);function W(){return 30-Math.floor(Date.now()/1e3)%30}let G=m(W()),K=r(()=>`00:${String(G.value).padStart(2,`0`)}`),q;d(()=>{if(!V.requires2fa&&!V.isAuthenticated){H.replace(`/login`);return}q=setInterval(()=>{G.value=W()},1e3)}),f(()=>{q&&clearInterval(q)});function J(e,t){let n=t.target.value.replace(/\D/g,``).slice(-1);k.value[e]=n,n&&e<5&&u(()=>L.value?.[e+1]?.focus())}function Y(e,t){t.key===`Backspace`&&!k.value[e]&&e>0&&u(()=>L.value?.[e-1]?.focus())}function X(e){let t=e.clipboardData?.getData(`text`).replace(/\D/g,``).slice(0,6)??``;if(t.length===6){e.preventDefault();for(let e=0;e<6;e++)k.value[e]=t[e];u(()=>L.value?.[5]?.focus())}}async function Z(){B.value={};try{await V.verifyTwoFactor(R.value),await H.push(`/dashboard`)}catch(e){let t=w(e);t?B.value=t:B.value={code:[`Произошла ошибка. Попробуйте ещё раз.`]},k.value=[``,``,``,``,``,``],u(()=>L.value?.[0]?.focus())}}return(r,o)=>{let u=y(`RouterLink`);return l(),v(T,{variant:`flat`,"max-width":380,width:`100%`,color:`transparent`,class:`twofactor-card`},{default:S(()=>[s(`header`,j,[o[1]||=s(`h1`,{class:`text-h5 mb-1`},`Двухфакторная проверка`,-1),s(`p`,M,[o[0]||=c(` Откройте приложение-аутентификатор и введите 6-значный код для `,-1),s(`strong`,null,e(U.value),1)])]),a(A,{class:`twofactor-form`,onSubmit:n(Z,[`prevent`])},{default:S(()=>[s(`div`,{class:`code-row`,onPaste:X},[(l(!0),_(C,null,g(k.value,(e,t)=>h((l(),_(`input`,{key:t,ref_for:!0,ref_key:`inputs`,ref:L,"onUpdate:modelValue":e=>k.value[t]=e,type:`text`,inputmode:`numeric`,maxlength:`1`,class:`code-cell`,"aria-label":`Цифра ${t+1}`,onInput:e=>J(t,e),onKeydown:e=>Y(t,e)},null,40,N)),[[p,k.value[t]]])),128))],32),B.value.code?.length?(l(),_(`div`,P,e(B.value.code[0]),1)):t(``,!0),i(V).lockoutSeconds===null?t(``,!0):(l(),v(E,{key:1,type:`error`,variant:`tonal`,density:`compact`,class:`mb-2`,"data-testid":`lockout-alert`},{default:S(()=>[c(` Слишком много попыток. Попробуйте через `+e(Math.ceil(i(V).lockoutSeconds/60))+` мин. `,1)]),_:1})),s(`div`,F,[a(u,{to:`/recovery-use`,class:`text-body-2 text-primary`},{default:S(()=>[...o[2]||=[c(` Использовать резервный код `,-1)]]),_:1}),s(`span`,{class:`text-caption text-medium-emphasis font-mono`,title:`До смены кода в приложении: ${K.value}`,"data-testid":`totp-countdown`},e(K.value),9,I)]),a(x,{type:`submit`,color:`primary`,block:``,size:`large`,variant:`flat`,disabled:!z.value,loading:i(V).loading},{default:S(()=>[...o[3]||=[c(` Подтвердить `,-1)]]),_:1},8,[`disabled`,`loading`])]),_:1})]),_:1})}}}),[[`__scopeId`,`data-v-a87d6667`]]);export{L as default};

Some files were not shown because too many files have changed in this diff Show More