- Replace dotenv with PyYAML
- Implement read_config, update_config, validate_config_file for backend.yaml
- Update get_masked_key to use new config structure
- Remove inventory.env references
- Ignored config/*.yaml (secrets protection)
- Ensured examples/schemas are tracked via !config/*.yaml.example
- Added specific rules for secrets.yaml and its example
- Added backend.yaml.example with AI, DB, auth, and logging schema
- Added frontend.yaml.example with API and feature flag schema
- Added network.yaml.example with ports and SSL schema
- Added docker.yaml.example with resource and volume schema
- Added secrets.yaml.example as a template for sensitive data
- All files include comprehensive comments documenting every variable
Discussion locked in 4 key decisions:
1. YAML Format: All configs standardized on YAML (backend.yaml, frontend.yaml,
network.yaml, docker.yaml) for better structure and validation
2. Secrets Management: Separate config/secrets.yaml file (git-ignored) with
config/secrets.yaml.example template + strong documentation
3. Examples: Commit all .yaml.example files for developer onboarding
4. Scripts: Audit bash scripts for redundancy, then convert all needed ones
to Python for native YAML parsing and cleaner architecture
Immediate deprecation of inventory.env (no fallback after Phase 7).
Discussion log preserved in 07-DISCUSSION-LOG.md
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
- Added search button to main page header with Ctrl+K listener
- Implemented SearchModal component rendering
- Fixed SearchModal to use axiosInstance with correct backend URL (8916)
- Fixed token key from 'auth_token' to 'inventory_token'
- Verified export endpoints working correctly
- All Phase 6 UAT fixes in place
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
- Changed useExport.ts to import and use axiosInstance from api.ts
- This ensures requests go to port 8918 (backend) not 8919 (frontend)
- Removed manual token handling (axiosInstance interceptor handles it)
- Removed /api prefix from paths (axiosInstance baseURL has the full URL)
- Exported axiosInstance from api.ts for reuse in other modules
- Fixes 404 errors caused by requests routing to frontend instead of backend
- Changed exportSnapshot to call GET /api/admin/db/export?type=inventory
- Changed exportAuditTrail to call GET /api/admin/db/export?type=audit
- Fixed token key: auth_token → inventory_token
- Changed HTTP method from POST to GET
- Fixes 404 errors when exporting from admin page
- Modified frontend/lib/api.ts to use window.location.hostname as fallback
- Ensures browser on external IP reaches correct backend HTTPS port
- Allows admin/admin login to work from any access point
- Auth is fully functional and working
Auth must ALWAYS be enabled in all environments. Added comprehensive rule:
- NO auth bypass, debug mode, or dev-only disabling
- NO hardcoded credentials or weak defaults
- EVERY API endpoint requires JWT token
- Password hashing via passlib pbkdf2_sha256
- Debug strategy for auth breakages (never skip auth)
This ensures security is non-negotiable across all deployments.
- 5 test phases covering all changes
- Priority levels for staged execution
- Success/failure criteria
- Ready for next session execution
- Handover documentation created