- Replace dotenv with PyYAML
- Implement read_config, update_config, validate_config_file for backend.yaml
- Update get_masked_key to use new config structure
- Remove inventory.env references
- Ignored config/*.yaml (secrets protection)
- Ensured examples/schemas are tracked via !config/*.yaml.example
- Added specific rules for secrets.yaml and its example
- Added backend.yaml.example with AI, DB, auth, and logging schema
- Added frontend.yaml.example with API and feature flag schema
- Added network.yaml.example with ports and SSL schema
- Added docker.yaml.example with resource and volume schema
- Added secrets.yaml.example as a template for sensitive data
- All files include comprehensive comments documenting every variable
Discussion locked in 4 key decisions:
1. YAML Format: All configs standardized on YAML (backend.yaml, frontend.yaml,
network.yaml, docker.yaml) for better structure and validation
2. Secrets Management: Separate config/secrets.yaml file (git-ignored) with
config/secrets.yaml.example template + strong documentation
3. Examples: Commit all .yaml.example files for developer onboarding
4. Scripts: Audit bash scripts for redundancy, then convert all needed ones
to Python for native YAML parsing and cleaner architecture
Immediate deprecation of inventory.env (no fallback after Phase 7).
Discussion log preserved in 07-DISCUSSION-LOG.md
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
- Added search button to main page header with Ctrl+K listener
- Implemented SearchModal component rendering
- Fixed SearchModal to use axiosInstance with correct backend URL (8916)
- Fixed token key from 'auth_token' to 'inventory_token'
- Verified export endpoints working correctly
- All Phase 6 UAT fixes in place
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
- Changed useExport.ts to import and use axiosInstance from api.ts
- This ensures requests go to port 8918 (backend) not 8919 (frontend)
- Removed manual token handling (axiosInstance interceptor handles it)
- Removed /api prefix from paths (axiosInstance baseURL has the full URL)
- Exported axiosInstance from api.ts for reuse in other modules
- Fixes 404 errors caused by requests routing to frontend instead of backend
- Changed exportSnapshot to call GET /api/admin/db/export?type=inventory
- Changed exportAuditTrail to call GET /api/admin/db/export?type=audit
- Fixed token key: auth_token → inventory_token
- Changed HTTP method from POST to GET
- Fixes 404 errors when exporting from admin page
- Modified frontend/lib/api.ts to use window.location.hostname as fallback
- Ensures browser on external IP reaches correct backend HTTPS port
- Allows admin/admin login to work from any access point
- Auth is fully functional and working
Auth must ALWAYS be enabled in all environments. Added comprehensive rule:
- NO auth bypass, debug mode, or dev-only disabling
- NO hardcoded credentials or weak defaults
- EVERY API endpoint requires JWT token
- Password hashing via passlib pbkdf2_sha256
- Debug strategy for auth breakages (never skip auth)
This ensures security is non-negotiable across all deployments.
- 5 test phases covering all changes
- Priority levels for staged execution
- Success/failure criteria
- Ready for next session execution
- Handover documentation created
Made id required (breaking change) - reverted back to optional
This allows items without id to exist during lifecycle
Fixes 'Failed to delete item' error
The delete function was broken by forcing id to be required
Changed from localhost-specific to wildcard listening:
- https://:8918 (any IP on port 8918) → backend
- https://:8919 (any IP on port 8919) → frontend
On-demand TLS generates certificates for any accessing IP/hostname
Self-signed certs now work via:
- localhost
- 127.0.0.1
- 192.168.x.x (or any IP on network)
- Any hostname
Tested and verified working via 192.168.84.131:8919
Changed default from 'foreground' (invalid choice) to None
Now correctly handles no arguments to start in foreground mode
Tested and verified:
✓ python3 start_servers.py (foreground - all 3 services running)
✓ python3 start_servers.py start (background)
✓ python3 start_servers.py status (shows all services)
✓ python3 start_servers.py stop (graceful shutdown)
✓ HTTP endpoints responding on 8916/8917
✓ HTTPS endpoints responding on 8918/8919 (Caddy)
✓ All three services (backend, frontend, caddy) working together
Complete feature parity with Docker deployment:
- Caddy reverse proxy manages SSL/TLS
- Ports: 8916/8917 (HTTP), 8918/8919 (HTTPS)
- Self-signed certificates (development-friendly)
- Automatic certificate generation via on-demand TLS
- Security headers (HSTS, XSS Protection, etc.)
Changes:
- Created Caddyfile.standalone for localhost config
- Enhanced start_servers.py with Caddy startup/monitoring
- Auto-install Caddy via apt if not present
- Updated status output to show both HTTP and HTTPS URLs
- All three services (backend, frontend, caddy) in one launcher
Both Docker and Standalone modes now have IDENTICAL capabilities:
- Full production-ready SSL/TLS support
- Reverse proxy with auto-certificate management
- HTTPS-only capable
Resolves dual-deployment equivalence requirement
New commands:
start_servers.py # Foreground (interactive, Ctrl+C to stop)
start_servers.py start # Background mode (detached)
start_servers.py stop # Stop background servers
start_servers.py restart # Stop then start background servers
start_servers.py status # Show running servers and PIDs
Features:
- Process IDs saved to .servers.pid for management
- Status command shows all running servers and URLs
- Full argument parsing with help and examples
- Graceful process group handling for clean shutdown
- Make Item.id required (items from DB always have id)
- Use shared Item type from db.ts in QuantityAdjustmentModal
- Show full npm build output instead of silencing errors
- Ensures all modals use consistent type definitions
- Remove duplicate Item interface from SearchModal
- Import Item from @/lib/db to ensure type consistency
- Fixes TypeScript error with missing category/min_quantity fields
- Create Toast component for success/error messages
- Fix uvicorn invocation: use backend.main:app from project root
- Ensures relative imports work correctly in backend modules
- Use uvicorn CLI directly (not python -c workaround)
- Add process group handling for cleaner shutdown
- Silent npm output during setup
- Better error messages and logging
- Support graceful SIGTERM/SIGINT handling
- Quick start instructions for start_servers.py
- Configuration options and port mapping
- Troubleshooting guide for common issues
- Comparison with Docker deployment
- Replaces bash script with robust Python implementation
- Simpler process management using subprocess module
- Better error handling and logging
- Manages venv, dependencies, and both services
- Handles graceful shutdown on Ctrl+C
- Wrap backend uvicorn with proper working directory subshell
- Wrap frontend Next.js server with proper working directory subshell
- Use subshell syntax (cd && run) to ensure processes inherit correct context
- Fixes processes starting but immediately crashing
- Replace wait with infinite monitoring loop
- Detect and warn if processes die instead of killing them
- Allows independent process failures without terminating script
- Trap still catches Ctrl-C to graceful shutdown
- Virtual environment should be .venv in project root, not parent folder
- Fix venv creation and activation path logic
- Ensures venv is created and found in correct location
- Create .venv automatically if missing
- Activate virtual environment before pip install
- Fixes PEP 668 externally-managed-environment error on Python 3.12
- Virtual environment isolated from system Python packages
- Created OPERATIONAL_RUNBOOK.md: comprehensive step-by-step procedures for both Docker and Standalone deployment modes covering deployment, daily ops, troubleshooting, backup/restore, disaster recovery, scaling, and updates
- Created HEALTH_MONITORING_CHECKLIST.md: daily/weekly/monthly health check procedures with alert thresholds and quick troubleshooting reference
- Created DISASTER_RECOVERY_PLAN.md: detailed procedures for 6 failure scenarios (database corruption, hardware failure, data center failure, app crash, disk full, network isolation) with RTO/RPO targets
- Created CONFIGURATION_REFERENCE.md: complete documentation of all inventory.env parameters for both deployment modes with common scenarios and troubleshooting
- Created EMERGENCY_PROCEDURES.md: quick-reference incident response playbook with 7 critical scenarios, decision tree, escalation path, and printable cheat sheet
- Created scripts/backup.sh: automated backup script supporting both Docker and Standalone with integrity verification and retention management
- Created scripts/restore.sh: restore script with triple confirmation, safety backups, and validation tests for both deployment modes
- Created config/backup-cron.sh: installer for daily/weekly automated backup cron jobs (2 AM daily, 3 AM Sunday)
All documentation covers dual-deployment modes with shared configuration files.
Documentation is operator-ready with copy-paste commands and clear expected outputs.