chore: remove old plans, reports, and debug artifacts
Removed: - Implemented plans: BOX_SCANNING_MASTER_PLAN, SECURITY_AUDIT_PLAN - Completed reports: SECURITY_REPORT, PHASE_2_COMPLETION_REPORT, REFACTORING_* - Plan archives: PLAN_HISTORY, SESSION_HISTORY, PLAN.md - Debug files: ZOOM_DEBUG_GUIDE, .impeccable.md - Session memory: .remember/remember.md Kept core files: CLAUDE.md, AI_RULES.md, PROJECT_ARCHITECTURE.md, README.md Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
This commit is contained in:
@@ -1,219 +0,0 @@
|
||||
# AI Session History
|
||||
|
||||
Archive of previous AI handover notes from `SESSION_STATE.md`.
|
||||
Entries are added here when a new AI session starts.
|
||||
|
||||
---
|
||||
|
||||
## [Archived] Claude (Sonnet 4.6) — 2026-04-11 — Login Loop Fix Attempt
|
||||
|
||||
**Active AI:** Claude (Sonnet 4.6)
|
||||
**Archived:** 2026-04-11
|
||||
**Version:** v1.3.5 | **Branch:** dev
|
||||
|
||||
### What was broken when this session started
|
||||
- Login succeeds (LDAP user `bede`) but main page immediately redirects back to `/login`
|
||||
- Root cause: axiosInstance in `frontend/lib/api.ts` initialized at SSR time with wrong baseURL (`http://localhost:8000` instead of `https://192.168.84.140:3002`)
|
||||
- 401 interceptor redirects unconditionally — no guard for "already on /login"
|
||||
- No token guard on `page.tsx` before API calls fire
|
||||
|
||||
### What this session did
|
||||
1. `frontend/lib/api.ts` — axiosInstance baseURL now lazy (set in request interceptor, not at module init)
|
||||
2. `frontend/lib/api.ts` — 401 interceptor now guards: `!window.location.pathname.includes('/login')`
|
||||
3. `frontend/app/page.tsx` — token guard added to BOTH useEffect hooks (first one calls `getCategories`, second calls `loadInventory`)
|
||||
4. `frontend/lib/auth.ts` — removed debug console.log statements
|
||||
5. `frontend/app/login/page.tsx` — removed debug console.log statements + unused `memo` import
|
||||
|
||||
### What was NOT done / NOT verified
|
||||
- Server was NOT restarted after changes
|
||||
- Login flow was NOT tested end-to-end by this AI
|
||||
- The fix may still fail if there are other API calls in `page.tsx` or child components firing before token check
|
||||
|
||||
### IMPORTANT NOTE FOR NEXT AI
|
||||
The `page.tsx` file has pre-existing TypeScript errors (not introduced by this session):
|
||||
- Line 241: `Property 'serial_number' does not exist on type 'Item'`
|
||||
- Line 598-599: `Property 'type' does not exist on type 'Partial<Item>'`
|
||||
These are separate issues — do NOT conflate them with the login fix.
|
||||
|
||||
---
|
||||
|
||||
## [Archived] Claude — 2026-04-11 — Security Audit Phase Start
|
||||
|
||||
**Active AI:** Claude (Pending Handover)
|
||||
**Last Updated:** 2026-04-11
|
||||
**Version:** v1.3.5 | **Branch:** dev
|
||||
|
||||
### Status
|
||||
Security Audit Phase. Infrastructura stabilizată (Dockerized, Systemd, LDAP, Offline Dexie.js).
|
||||
Obiectiv: audit de securitate complet înainte de producție.
|
||||
|
||||
### Next Steps (la momentul arhivării)
|
||||
1. Read `dev_docs/SECURITY_AUDIT_PLAN.md`.
|
||||
2. Execute security checks (Backend FastAPI + Frontend Next.js/Dexie).
|
||||
3. Generate `SECURITY_REPORT.md`.
|
||||
4. Patch vulnerabilități critice.
|
||||
|
||||
---
|
||||
|
||||
---
|
||||
|
||||
**[Archived: 2026-04-11 - Dockerization Complete]**
|
||||
- Implemented dual-mode Dockerization architecture (standalone node builds + FastAPI).
|
||||
- PWA and Backend fully persistent via mapped `/data` and `/logs`.
|
||||
- Next Steps were: Testing AI flow in production mode.
|
||||
|
||||
---
|
||||
|
||||
**[Archived: 2026-04-11]**
|
||||
**Status**: UI Readability Refactor Completed (v1.2.2). Ready for Phase 6.
|
||||
**Current AI Agent**: Gemini (Antigravity)
|
||||
**Context**:
|
||||
- **UI Readability**: System-wide removal of `uppercase` and `tracking-*`. Font sizes increased from 9px/10px to xs/sm. Title Case applied to major buttons.
|
||||
- **Rules Compliance**: All changes logged in `ARCHIVE_LOGS.md` and `VERSION.json`.
|
||||
- **Git**: Working on branch `dev`. Path persisted in `.git_path`.
|
||||
|
||||
**Next Steps**:
|
||||
1. **Proceed to Phase 6: Audit Log Dashboard UI**. The backend already has `Log` models, but the frontend needs a more comprehensive view beyond the current "Audit History" modal if requested, OR finalize the existing ones.
|
||||
2. Enable LDAP and test with real server (from v1.2.1 goals).
|
||||
3. Deploy v1.2.2 to stable branch if user confirms.
|
||||
|
||||
---
|
||||
|
||||
### Handover Archive (Auto-Archived)
|
||||
**Status**: v1.2.1 Infrastructure Stable.
|
||||
**Current AI Agent**: Gemini (Antigravity)
|
||||
**Context**:
|
||||
- **Git**: Permanent solution implemented via `.git_path`. All agents MUST use this path.
|
||||
- **Branching**: Repo follows master (stable), dev (active), vX (archives). Currently on branch `dev`.
|
||||
- **UI**: Versioning is now fully dynamic from `VERSION.json`.
|
||||
- **LDAP**: Framework live in `users.py`, fallback active, config set to disabled.
|
||||
|
||||
**Next Steps**:
|
||||
1. Enable LDAP and test with real server.
|
||||
2. Proceed to Phase 6: Audit Log Dashboard UI.
|
||||
|
||||
|
||||
### 2026-04-10 (v1.2.0)
|
||||
- Implemented **Structured Categories** (Group-based) and **Item Types**.
|
||||
- Finalized **Local Authentication** with PBKDF2 (Mac/Python 3.14 compatible).
|
||||
- Added **LDAP Authentication Framework** (disabled by default in `ldap_config.json`).
|
||||
- Fixed audit log schema (UUID and Details).
|
||||
- Updated documentation and bumped version to 1.2.0.
|
||||
# AI Session State - HANDOVER
|
||||
|
||||
**Status**: Phase 4 Completed. Frontend connected and Offline Scanning implemented.
|
||||
**Current AI Agent**: Gemini (Antigravity)
|
||||
**Context**:
|
||||
- **Backend**: Updated with `bulk-sync` endpoint in `operations.py` and supporting schemas in `schemas.py`.
|
||||
- **Frontend**:
|
||||
- Integrated `Dexie` for IndexedDB offline storage (`lib/db.ts`).
|
||||
- Implemented `Axios` client with `bulk-sync` support (`lib/api.ts`).
|
||||
- Created offline-ready `Scanner` component using `html5-qrcode`.
|
||||
- Implemented automatic/manual synchronization logic (`lib/sync.ts`).
|
||||
- Main dashboard (`app/page.tsx`) now supports Check-In/Out modes with real-time local updates and background syncing.
|
||||
- PWA configured with `next-pwa` and manifest.
|
||||
|
||||
**Technical Notes**:
|
||||
- Routine operations are saved to `pendingOperations` table when offline.
|
||||
- Inventory catalog is cached locally in `items` table.
|
||||
- Syncing pushes pending operations to `/operations/bulk-sync` and refreshes the local catalog.
|
||||
- Mobile users can install the app via "Add to Home Screen" (manifest.json ready).
|
||||
|
||||
**Next Steps**:
|
||||
1. Implement Phase 5: Gemini AI Vision Integration for New Item Onboarding.
|
||||
2. Build the "History / Audit" view in the frontend.
|
||||
3. Add "Trash/Discard" logic to the frontend UI.
|
||||
# CURRENT AI WORKING SESSION — HANDOVER
|
||||
|
||||
**Active AI:** Gemini (Antigravity)
|
||||
**Last Updated:** 2026-04-12
|
||||
**Current Version:** v1.6.0 (BoxMaster)
|
||||
**Branch:** dev
|
||||
|
||||
---
|
||||
|
||||
## STATUS: 🟢 STABLE — ADVANCED BOX MANAGEMENT & AI MODES COMPLETE (v1.6.0)
|
||||
|
||||
**CRITICAL FOR NEXT AI:** The "Box/Container Management" feature is **FINISHED**. Do NOT attempt to re-implement or look for a plan. The core logic is already in `frontend/app/page.tsx` (`onOCRMatch` and `BoxManager`), `backend/models.py`, and `frontend/lib/labels.ts`.
|
||||
|
||||
---
|
||||
|
||||
## WHAT WAS DONE THIS SESSION
|
||||
|
||||
### 1. Box Management Architecture (Backend)
|
||||
- **Database Schema** — Added `box_label` column to the `items` table.
|
||||
- **Audit Integrity** — Updated `AuditLog` snapshots to capture `box_label` at the time of each transaction, ensuring immutable historical traceability even if items are moved.
|
||||
- **API Support** — Exposed `box_label` in Pydantic schemas and item routers.
|
||||
|
||||
### 2. Intelligent Scanner Routing (Frontend)
|
||||
- **Box Match Priority** — Rewrote the scanner's `onOCRMatch` logic to prioritize box labels.
|
||||
- **Multi-Item Support** — Developed a "Box Contents" interstitial modal that handles containers with multiple distinct item types.
|
||||
- **Token Matching** — Implemented a local fuzzy token-matching engine for generic box text recognition without AI costs.
|
||||
|
||||
### 3. Dependency-Free Label System
|
||||
- **Native Generation** — Built a zero-dependency SVG engine for Code 128 Barcodes and QR Codes (`lib/labels.ts`).
|
||||
- **Box Manager Dashboard** — Added a dedicated UI to view all existing boxes and trigger label generation.
|
||||
- **Hybrid Printing** — Implemented CSS `@media print` for professional desktop printers and "Save as PNG" rasterization for portable Bluetooth printers on mobile.
|
||||
|
||||
### 4. UI/UX: Targeted Field Scanning
|
||||
- **Camera Capture** — Added a dedicated scan button in Edit modals that redirects OCR results directly to the "Box Label" field without performing general item matches.
|
||||
|
||||
### 5. Multi-Mode AI Discovery
|
||||
- **Contextual Prompts** — Implemented a dual-mode toggle (Item/Box) in the AI Onboarding screen.
|
||||
- **Box Extraction** — Created a specialized prompt for Gemini 2.0 Flash to extract container names while filtering out technical noise from product labels.
|
||||
|
||||
### 6. Operational Rigor: Step 0 Rule
|
||||
- **Mandatory Documentation** — Updated `AI_RULES.md` to force documentation verification before any `save-version` (git commit) operation.
|
||||
- **Master Branch Sync** — Confirmed `scripts/save_version.py` logic to keep `master` branch in sync with the latest releases automatically.
|
||||
|
||||
---
|
||||
|
||||
## WHAT THE NEXT AI MUST DO
|
||||
|
||||
1. **Database Encryption** — Consider implementing SQLite encryption at rest (SQLCipher) if requested.
|
||||
2. **Persistent JWT** — If requested, move the `JWT_SECRET_KEY` to a `.env` file for session persistence across server restarts.
|
||||
3. **Advanced Filtering** — Extend the Box Manager to allow bulk movements between boxes.
|
||||
3. **LDAP Probe** — The "Test Connection" button may show "Partial Success" (handshake rejected) due to anonymous bind restrictions; login itself works fine.
|
||||
4. **Monitoring** — If the rate limiter triggers too frequently for legitimate users, adjust the `slowapi` limit in `backend/routers/users.py`.
|
||||
|
||||
---
|
||||
|
||||
## SYSTEM STATE
|
||||
|
||||
**Active database:** `<project_root>/data/inventory.db`
|
||||
**LDAP config:** `config/ldap_config.json`
|
||||
**Network config:** `config/network_config.env`
|
||||
**Proxy config:** `config/Caddyfile`
|
||||
**Production Bundle:** `aInventory-PROD-v1.8.0.zip` (ConfigSync Final)
|
||||
|
||||
> [!IMPORTANT]
|
||||
> **Git Access Fix**: The `xcode-select` breakage is bypassed by using the direct binary path: `/Library/Developer/CommandLineTools/usr/bin/git` (stored in `.git_path`). **DO NOT change this path.** Operations now work correctly via this direct link.
|
||||
|
||||
**How to start:**
|
||||
```bash
|
||||
./start_server.sh
|
||||
```
|
||||
- Frontend: `https://192.168.84.113:8909`
|
||||
- Backend: `https://192.168.84.113:8908`
|
||||
|
||||
**Environment variables set by start_server.sh:**
|
||||
- `ALLOWED_ORIGINS` — auto-detected
|
||||
- `DATA_DIR` — absolute path
|
||||
- `JWT_SECRET_KEY` — ephemeral (regenerates on restart)
|
||||
## [Archived] Gemini (Antigravity) — 2026-04-13 — CORS & Config Centralization
|
||||
|
||||
**Active AI:** Gemini (Antigravity)
|
||||
**Archived:** 2026-04-14
|
||||
**Version:** v1.9.18 | **Branch:** dev
|
||||
|
||||
### Status
|
||||
STABLE — GENERIC CORS & CONFIG CENTRALIZATION COMPLETE.
|
||||
The CORS system has been upgraded to support `EXTRA_ALLOWED_ORIGINS` in `inventory.env`.
|
||||
|
||||
### What was done
|
||||
1. **Generic CORS**: Introduced `EXTRA_ALLOWED_ORIGINS` in `inventory.env`. Backend expansion in `main.py` handles all required ports.
|
||||
2. **Config Centralization**: `inventory.env` is now the Primary SSOT for networking and AI keys.
|
||||
3. **Startup**: Enhanced `start_server.sh` with better LAN/VPN URL discovery and display.
|
||||
|
||||
---
|
||||
|
||||
Reference in New Issue
Block a user