Files
tfm_ainventory/dev_docs/SESSION_HISTORY.md

10 KiB

AI Session History

Archive of previous AI handover notes from SESSION_STATE.md. Entries are added here when a new AI session starts.


[Archived] Claude (Sonnet 4.6) — 2026-04-11 — Login Loop Fix Attempt

Active AI: Claude (Sonnet 4.6) Archived: 2026-04-11 Version: v1.3.5 | Branch: dev

What was broken when this session started

  • Login succeeds (LDAP user bede) but main page immediately redirects back to /login
  • Root cause: axiosInstance in frontend/lib/api.ts initialized at SSR time with wrong baseURL (http://localhost:8000 instead of https://192.168.84.140:3002)
  • 401 interceptor redirects unconditionally — no guard for "already on /login"
  • No token guard on page.tsx before API calls fire

What this session did

  1. frontend/lib/api.ts — axiosInstance baseURL now lazy (set in request interceptor, not at module init)
  2. frontend/lib/api.ts — 401 interceptor now guards: !window.location.pathname.includes('/login')
  3. frontend/app/page.tsx — token guard added to BOTH useEffect hooks (first one calls getCategories, second calls loadInventory)
  4. frontend/lib/auth.ts — removed debug console.log statements
  5. frontend/app/login/page.tsx — removed debug console.log statements + unused memo import

What was NOT done / NOT verified

  • Server was NOT restarted after changes
  • Login flow was NOT tested end-to-end by this AI
  • The fix may still fail if there are other API calls in page.tsx or child components firing before token check

IMPORTANT NOTE FOR NEXT AI

The page.tsx file has pre-existing TypeScript errors (not introduced by this session):

  • Line 241: Property 'serial_number' does not exist on type 'Item'
  • Line 598-599: Property 'type' does not exist on type 'Partial<Item>' These are separate issues — do NOT conflate them with the login fix.

[Archived] Claude — 2026-04-11 — Security Audit Phase Start

Active AI: Claude (Pending Handover) Last Updated: 2026-04-11 Version: v1.3.5 | Branch: dev

Status

Security Audit Phase. Infrastructura stabilizată (Dockerized, Systemd, LDAP, Offline Dexie.js). Obiectiv: audit de securitate complet înainte de producție.

Next Steps (la momentul arhivării)

  1. Read dev_docs/SECURITY_AUDIT_PLAN.md.
  2. Execute security checks (Backend FastAPI + Frontend Next.js/Dexie).
  3. Generate SECURITY_REPORT.md.
  4. Patch vulnerabilități critice.


[Archived: 2026-04-11 - Dockerization Complete]

  • Implemented dual-mode Dockerization architecture (standalone node builds + FastAPI).
  • PWA and Backend fully persistent via mapped /data and /logs.
  • Next Steps were: Testing AI flow in production mode.

[Archived: 2026-04-11] Status: UI Readability Refactor Completed (v1.2.2). Ready for Phase 6. Current AI Agent: Gemini (Antigravity) Context:

  • UI Readability: System-wide removal of uppercase and tracking-*. Font sizes increased from 9px/10px to xs/sm. Title Case applied to major buttons.
  • Rules Compliance: All changes logged in ARCHIVE_LOGS.md and VERSION.json.
  • Git: Working on branch dev. Path persisted in .git_path.

Next Steps:

  1. Proceed to Phase 6: Audit Log Dashboard UI. The backend already has Log models, but the frontend needs a more comprehensive view beyond the current "Audit History" modal if requested, OR finalize the existing ones.
  2. Enable LDAP and test with real server (from v1.2.1 goals).
  3. Deploy v1.2.2 to stable branch if user confirms.

Handover Archive (Auto-Archived)

Status: v1.2.1 Infrastructure Stable. Current AI Agent: Gemini (Antigravity) Context:

  • Git: Permanent solution implemented via .git_path. All agents MUST use this path.
  • Branching: Repo follows master (stable), dev (active), vX (archives). Currently on branch dev.
  • UI: Versioning is now fully dynamic from VERSION.json.
  • LDAP: Framework live in users.py, fallback active, config set to disabled.

Next Steps:

  1. Enable LDAP and test with real server.
  2. Proceed to Phase 6: Audit Log Dashboard UI.

2026-04-10 (v1.2.0)

  • Implemented Structured Categories (Group-based) and Item Types.
  • Finalized Local Authentication with PBKDF2 (Mac/Python 3.14 compatible).
  • Added LDAP Authentication Framework (disabled by default in ldap_config.json).
  • Fixed audit log schema (UUID and Details).
  • Updated documentation and bumped version to 1.2.0.

AI Session State - HANDOVER

Status: Phase 4 Completed. Frontend connected and Offline Scanning implemented. Current AI Agent: Gemini (Antigravity) Context:

  • Backend: Updated with bulk-sync endpoint in operations.py and supporting schemas in schemas.py.
  • Frontend:
    • Integrated Dexie for IndexedDB offline storage (lib/db.ts).
    • Implemented Axios client with bulk-sync support (lib/api.ts).
    • Created offline-ready Scanner component using html5-qrcode.
    • Implemented automatic/manual synchronization logic (lib/sync.ts).
    • Main dashboard (app/page.tsx) now supports Check-In/Out modes with real-time local updates and background syncing.
    • PWA configured with next-pwa and manifest.

Technical Notes:

  • Routine operations are saved to pendingOperations table when offline.
  • Inventory catalog is cached locally in items table.
  • Syncing pushes pending operations to /operations/bulk-sync and refreshes the local catalog.
  • Mobile users can install the app via "Add to Home Screen" (manifest.json ready).

Next Steps:

  1. Implement Phase 5: Gemini AI Vision Integration for New Item Onboarding.
  2. Build the "History / Audit" view in the frontend.
  3. Add "Trash/Discard" logic to the frontend UI.

CURRENT AI WORKING SESSION — HANDOVER

Active AI: Gemini (Antigravity) Last Updated: 2026-04-12 Current Version: v1.6.0 (BoxMaster) Branch: dev


STATUS: 🟢 STABLE — ADVANCED BOX MANAGEMENT & AI MODES COMPLETE (v1.6.0)

CRITICAL FOR NEXT AI: The "Box/Container Management" feature is FINISHED. Do NOT attempt to re-implement or look for a plan. The core logic is already in frontend/app/page.tsx (onOCRMatch and BoxManager), backend/models.py, and frontend/lib/labels.ts.


WHAT WAS DONE THIS SESSION

1. Box Management Architecture (Backend)

  • Database Schema — Added box_label column to the items table.
  • Audit Integrity — Updated AuditLog snapshots to capture box_label at the time of each transaction, ensuring immutable historical traceability even if items are moved.
  • API Support — Exposed box_label in Pydantic schemas and item routers.

2. Intelligent Scanner Routing (Frontend)

  • Box Match Priority — Rewrote the scanner's onOCRMatch logic to prioritize box labels.
  • Multi-Item Support — Developed a "Box Contents" interstitial modal that handles containers with multiple distinct item types.
  • Token Matching — Implemented a local fuzzy token-matching engine for generic box text recognition without AI costs.

3. Dependency-Free Label System

  • Native Generation — Built a zero-dependency SVG engine for Code 128 Barcodes and QR Codes (lib/labels.ts).
  • Box Manager Dashboard — Added a dedicated UI to view all existing boxes and trigger label generation.
  • Hybrid Printing — Implemented CSS @media print for professional desktop printers and "Save as PNG" rasterization for portable Bluetooth printers on mobile.

4. UI/UX: Targeted Field Scanning

  • Camera Capture — Added a dedicated scan button in Edit modals that redirects OCR results directly to the "Box Label" field without performing general item matches.

5. Multi-Mode AI Discovery

  • Contextual Prompts — Implemented a dual-mode toggle (Item/Box) in the AI Onboarding screen.
  • Box Extraction — Created a specialized prompt for Gemini 2.0 Flash to extract container names while filtering out technical noise from product labels.

6. Operational Rigor: Step 0 Rule

  • Mandatory Documentation — Updated AI_RULES.md to force documentation verification before any save-version (git commit) operation.
  • Master Branch Sync — Confirmed scripts/save_version.py logic to keep master branch in sync with the latest releases automatically.

WHAT THE NEXT AI MUST DO

  1. Database Encryption — Consider implementing SQLite encryption at rest (SQLCipher) if requested.
  2. Persistent JWT — If requested, move the JWT_SECRET_KEY to a .env file for session persistence across server restarts.
  3. Advanced Filtering — Extend the Box Manager to allow bulk movements between boxes.
  4. LDAP Probe — The "Test Connection" button may show "Partial Success" (handshake rejected) due to anonymous bind restrictions; login itself works fine.
  5. Monitoring — If the rate limiter triggers too frequently for legitimate users, adjust the slowapi limit in backend/routers/users.py.

SYSTEM STATE

Active database: <project_root>/data/inventory.db LDAP config: config/ldap_config.json Network config: config/network_config.env Proxy config: config/Caddyfile Production Bundle: aInventory-PROD-v1.8.0.zip (ConfigSync Final)

Important

Git Access Fix: The xcode-select breakage is bypassed by using the direct binary path: /Library/Developer/CommandLineTools/usr/bin/git (stored in .git_path). DO NOT change this path. Operations now work correctly via this direct link.

How to start:

./start_server.sh
  • Frontend: https://192.168.84.113:8909
  • Backend: https://192.168.84.113:8908

Environment variables set by start_server.sh:

  • ALLOWED_ORIGINS — auto-detected
  • DATA_DIR — absolute path
  • JWT_SECRET_KEY — ephemeral (regenerates on restart)

[Archived] Gemini (Antigravity) — 2026-04-13 — CORS & Config Centralization

Active AI: Gemini (Antigravity) Archived: 2026-04-14 Version: v1.9.18 | Branch: dev

Status

STABLE — GENERIC CORS & CONFIG CENTRALIZATION COMPLETE. The CORS system has been upgraded to support EXTRA_ALLOWED_ORIGINS in inventory.env.

What was done

  1. Generic CORS: Introduced EXTRA_ALLOWED_ORIGINS in inventory.env. Backend expansion in main.py handles all required ports.
  2. Config Centralization: inventory.env is now the Primary SSOT for networking and AI keys.
  3. Startup: Enhanced start_server.sh with better LAN/VPN URL discovery and display.