- Replace dotenv with PyYAML
- Implement read_config, update_config, validate_config_file for backend.yaml
- Update get_masked_key to use new config structure
- Remove inventory.env references
- Ignored config/*.yaml (secrets protection)
- Ensured examples/schemas are tracked via !config/*.yaml.example
- Added specific rules for secrets.yaml and its example
- Added backend.yaml.example with AI, DB, auth, and logging schema
- Added frontend.yaml.example with API and feature flag schema
- Added network.yaml.example with ports and SSL schema
- Added docker.yaml.example with resource and volume schema
- Added secrets.yaml.example as a template for sensitive data
- All files include comprehensive comments documenting every variable
Discussion locked in 4 key decisions:
1. YAML Format: All configs standardized on YAML (backend.yaml, frontend.yaml,
network.yaml, docker.yaml) for better structure and validation
2. Secrets Management: Separate config/secrets.yaml file (git-ignored) with
config/secrets.yaml.example template + strong documentation
3. Examples: Commit all .yaml.example files for developer onboarding
4. Scripts: Audit bash scripts for redundancy, then convert all needed ones
to Python for native YAML parsing and cleaner architecture
Immediate deprecation of inventory.env (no fallback after Phase 7).
Discussion log preserved in 07-DISCUSSION-LOG.md
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
- Added search button to main page header with Ctrl+K listener
- Implemented SearchModal component rendering
- Fixed SearchModal to use axiosInstance with correct backend URL (8916)
- Fixed token key from 'auth_token' to 'inventory_token'
- Verified export endpoints working correctly
- All Phase 6 UAT fixes in place
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
- Changed useExport.ts to import and use axiosInstance from api.ts
- This ensures requests go to port 8918 (backend) not 8919 (frontend)
- Removed manual token handling (axiosInstance interceptor handles it)
- Removed /api prefix from paths (axiosInstance baseURL has the full URL)
- Exported axiosInstance from api.ts for reuse in other modules
- Fixes 404 errors caused by requests routing to frontend instead of backend
- Changed exportSnapshot to call GET /api/admin/db/export?type=inventory
- Changed exportAuditTrail to call GET /api/admin/db/export?type=audit
- Fixed token key: auth_token → inventory_token
- Changed HTTP method from POST to GET
- Fixes 404 errors when exporting from admin page
- Modified frontend/lib/api.ts to use window.location.hostname as fallback
- Ensures browser on external IP reaches correct backend HTTPS port
- Allows admin/admin login to work from any access point
- Auth is fully functional and working
Auth must ALWAYS be enabled in all environments. Added comprehensive rule:
- NO auth bypass, debug mode, or dev-only disabling
- NO hardcoded credentials or weak defaults
- EVERY API endpoint requires JWT token
- Password hashing via passlib pbkdf2_sha256
- Debug strategy for auth breakages (never skip auth)
This ensures security is non-negotiable across all deployments.
- 5 test phases covering all changes
- Priority levels for staged execution
- Success/failure criteria
- Ready for next session execution
- Handover documentation created
Made id required (breaking change) - reverted back to optional
This allows items without id to exist during lifecycle
Fixes 'Failed to delete item' error
The delete function was broken by forcing id to be required
Changed from localhost-specific to wildcard listening:
- https://:8918 (any IP on port 8918) → backend
- https://:8919 (any IP on port 8919) → frontend
On-demand TLS generates certificates for any accessing IP/hostname
Self-signed certs now work via:
- localhost
- 127.0.0.1
- 192.168.x.x (or any IP on network)
- Any hostname
Tested and verified working via 192.168.84.131:8919
Changed default from 'foreground' (invalid choice) to None
Now correctly handles no arguments to start in foreground mode
Tested and verified:
✓ python3 start_servers.py (foreground - all 3 services running)
✓ python3 start_servers.py start (background)
✓ python3 start_servers.py status (shows all services)
✓ python3 start_servers.py stop (graceful shutdown)
✓ HTTP endpoints responding on 8916/8917
✓ HTTPS endpoints responding on 8918/8919 (Caddy)
✓ All three services (backend, frontend, caddy) working together
Complete feature parity with Docker deployment:
- Caddy reverse proxy manages SSL/TLS
- Ports: 8916/8917 (HTTP), 8918/8919 (HTTPS)
- Self-signed certificates (development-friendly)
- Automatic certificate generation via on-demand TLS
- Security headers (HSTS, XSS Protection, etc.)
Changes:
- Created Caddyfile.standalone for localhost config
- Enhanced start_servers.py with Caddy startup/monitoring
- Auto-install Caddy via apt if not present
- Updated status output to show both HTTP and HTTPS URLs
- All three services (backend, frontend, caddy) in one launcher
Both Docker and Standalone modes now have IDENTICAL capabilities:
- Full production-ready SSL/TLS support
- Reverse proxy with auto-certificate management
- HTTPS-only capable
Resolves dual-deployment equivalence requirement