Files
tfm_ainventory/dev_docs/SESSION_STATE.md
2026-04-12 10:45:57 +03:00

71 lines
3.4 KiB
Markdown

# CURRENT AI WORKING SESSION — HANDOVER
**Active AI:** Gemini (Antigravity)
**Last Updated:** 2026-04-12
**Current Version:** v1.4.0
**Branch:** dev
---
## STATUS: 🟢 STABLE — SECURITY HARDENING & PWA OPTIMIZATION COMPLETE
The TFM aInventory v1.4.0 is now fully hardened, tested, and optimized for mobile/enterprise use. All security vulnerabilities identified in the audit have been addressed, and the UI has been upgraded to a high-fidelity "Premium" standard.
---
## WHAT WAS DONE THIS SESSION
### 1. Security Hardening (Backend)
- **Rate Limiting** — Implemented `slowapi` on `/users/login` (5 req/min) to prevent brute-force attacks.
- **RBAC Enforcement** — Restricted `DELETE /items/` exclusively to the **Admin** role.
- **Sensitive Data** — Scrubbed `JWT_SECRET_KEY` and other sensitive snippets from debug logs.
- **REST API Testing** — Developed an automated Python test suite (`backend/tests/api_bench.py`) to verify Auth, RBAC, and Rate Limiting. Confirmed all **PASS**.
### 2. Admin & LDAP Integration
- **Dual Group Mapping** — Restored the UI fields for strictly mapping separated Admin and User groups in LDAP.
- **TLS Configuration** — Replaced the text link with a high-visibility **Switch Component** for TLS activation.
- **State Cleanup** — Fixed initialization bugs where the Enterprise card wouldn't load from disk correctly.
### 3. PWA & Mobile Expert Audit
- **Icon Assets** — Generated missing PWA icons (192, 512, maskable) from the source logo using `sips`.
- **Manifest Upgrade** — Added "Maskable" icon support, orientation lock, and app shortcuts.
- **iOS Support** — Added Apple-specific meta tags (`apple-mobile-web-app-capable`, status bar styles) for a native experience on iPhone.
### 4. Modern CSS & Visual Excellence
- **Glassmorphism** — Created and applied a custom `.glass-card` utility (backdrop-blur-xl + subtle gradients) to all primary UI sections.
- **Safe Areas** — Implemented `pb-safe` to ensure bottom navigation doesn't overlap with iOS home bars.
- **Fluid Typography** — Added `clamp()` based scaling for better readability across devices.
### 5. Production Export Cleanup
- **`export_prod.sh`** — Updated to explicitly exclude `tests/` folders and development benchmarking scripts.
- **New Bundle** — Generated a clean **`aInventory-PROD-v1.4.0.zip`**.
---
## WHAT THE NEXT AI MUST DO
1. **Database Encryption** — Consider implementing SQLite encryption at rest (SQLCipher) as per the security report.
2. **Persistent JWT** — If requested, move the `JWT_SECRET_KEY` to a `.env` file for session persistence across server restarts.
3. **LDAP Probe** — The "Test Connection" button may show "Partial Success" (handshake rejected) due to anonymous bind restrictions; login itself works fine.
4. **Monitoring** — If the rate limiter triggers too frequently for legitimate users, adjust the `slowapi` limit in `backend/routers/users.py`.
---
## SYSTEM STATE
**Active database:** `<project_root>/data/inventory.db`
**LDAP config:** `backend/config/ldap_config.json`
**Production Bundle:** `aInventory-PROD-v1.4.0.zip` (Clean)
**How to start:**
```bash
./start_server.sh
```
- Frontend: `https://<LOCAL_IP>:3003`
- Backend: `https://<LOCAL_IP>:3002`
**Environment variables set by start_server.sh:**
- `ALLOWED_ORIGINS` — auto-detected
- `DATA_DIR` — absolute path
- `JWT_SECRET_KEY` — ephemeral (regenerates on restart)