Conversation
- New mcp_activity table (db/08_mcp_activity.sql) tracks 12 mutating MCP tools: create/delete project, create/update/delete/move/duplicate section, add/remove dependency, add/delete comment, bulk status - _record_activity() helper in server.py with fire-and-forget semantics - Token stats endpoint extended with activity feed (last 50 operations) - Fix duplicate display:none on chat progress bar in index.html - 5 new tests for activity recording and API integration - Migration mounted in both docker-compose files
- Rename ui/ → api/ (Python API backend) - Strip HTML route and static file serving from api/app.py - Scaffold frontend/ with Next.js 15, React 19, Tailwind v4, shadcn/ui - next.config.ts proxies /api/* and /health to python-api:8088 - docker-compose: ui service → python-api, add frontend service on :3000 - docker-compose.prod: python-api :8088 published, frontend :3000 published - build-and-push.yml: 3-image matrix (mcp-server, api, frontend) - test.yml: add Node 22 + frontend lint/typecheck/test steps - Update install.sh for 4-service stack - Update AGENTS.md and README.md architecture sections - Remove test_index_html, update smoke tests - Add vitest config + utils tests for frontend
- 12 shadcn/ui primitives (Button, Badge, Card, Dialog, DropdownMenu, Input, Textarea, Select, Tabs, Tooltip, Avatar, Skeleton) - 4 custom shared components (StatusDot, MarkdownRenderer, EmptyState, LoadingOverlay) - 4 layout/domain components (TopBar, Sidebar, SectionSidebar, SectionViewer) - 3 feature components (ChatPanel, DependencyGraph, TokenStatsDashboard) - 3 page routes (ProjectList, ProjectDetail, ProjectSettings) - TypeScript types matching Python API shape - API client with typed fetch functions - Root page redirects to /projects
- db/07_multi_user.sql: bridge columns (organization_id, created_by, updated_by, user_id) on projects, sections, section_revisions, section_comments, chat_messages, mcp_activity - project_members table with 5 roles (owner/admin/editor/commenter/viewer) - prdforge_bootstrap table for first-user setup flag - All columns nullable for backward compatibility - All statements idempotent (IF NOT EXISTS, DO $$ BEGIN...END $$) - Migration mounted in both compose files - conftest.py cleanup updated for new tables
- Prisma schema with 7 Better Auth tables (user, session, account, verification, organization, member, invitation) - Better Auth config: email/password enabled, sign-up disabled (closed registration — admin creates users) - Auth catch-all route /api/auth/[...all] - First-user bootstrap endpoint /api/auth/setup with race-safe INSERT ON CONFLICT + compensation on failure - Sign-in page at /(auth)/signin - Python auth middleware (api/auth.py): session validation, role resolution from project_members + org membership fallback - Auth contract test (api/auth_contract.py): verifies Better Auth table names and columns match expectations - Remove PUT /api/chat/api-key (env var bridge stays until Phase 5) - Pin better-auth@1.4.7, prisma@5.22.0
- db/09_audit.sql: audit_events table with project + user indexes
- db/10_password_reset.sql: password_reset_tokens for admin-generated
reset links (no email — admin shares URL manually)
- Member management endpoints: GET/POST/DELETE /api/projects/{slug}/members
- Audit events endpoint: GET /api/projects/{slug}/audit
- MemberManager component with role selector and add/remove UI
- Password reset page at /(auth)/reset with token-based flow
- conftest.py cleanup updated for audit_events + password_reset_tokens
- Migrations mounted in both compose files
- Redis 7-alpine added to both compose files with health checks - WS token minting: HMAC-SHA256 with jti, sub, aud, project, exp (api/ws.py) with TTL=120s - POST /api/ws-token endpoint for browser token acquisition - frontend/server.ts: custom Node server with http-proxy for WS upgrade proxying (/ws/** → python-api:8088) — same code path for dev and prod - useProjectWebSocket hook: token-based auth, exponential backoff with jitter reconnect, presence state management - PresenceBar component: avatar stack with tooltips, connection status indicator, active section display - 5 event types defined: section_updated, section_created, section_deleted, comment_added, presence_update - redis[hiredis] + websockets added to Python requirements
- db/11_chat_multiuser.sql: chat_type + section_id + created_by
columns on project_chats, composite unique index for multi-thread
- Support main + per-section chat threads via chat_type column
- Org-level encrypted API key (Fernet/AES-256, API_KEY_ENCRYPTION_SECRET)
- PUT /api/orgs/{slug}/api-key endpoint in Next.js
- Update _get_or_create_project_chat to use new composite index
- Fix test queries for new project_chats unique constraint
- Remove ANTHROPIC_API_KEY env var bridge (use org key)
- api/errors.py: 9 standard error codes (UNAUTHORIZED, PERMISSION_DENIED, NOT_FOUND, VALIDATION_ERROR, CONFLICT, RATE_LIMITED, INTERNAL_ERROR, CHAT_DISABLED, NO_API_KEY) with structured response format - Frontend error boundaries: APIDownBanner (connection lost + auto-retry), SessionExpiredDialog (401 → modal sign-in redirect), ConflictDialog (409 → discard/overwrite/copy options) - ErrorBoundaryFallback for generic component errors - Sonner Toaster added to root layout for toast notifications
- AGENTS.md: updated schema reference (15+ tables including auth, project_members, audit_events, password_reset_tokens), file map with new Python modules (auth.py, errors.py, ws.py), frontend server.ts and Prisma schema - README.md: updated feature list (multi-user, Better Auth, roles), architecture diagram (5 services including Redis), service descriptions
Major changes across the full stack: Auth & Security: - Better Auth tables via SQL migration (db/12_better_auth.sql) - Prisma schema with binary targets for Docker (linux-musl-arm64-openssl-3.0.x) - AuthGuard component with session redirect - Next.js middleware for API proxying (replaces rewrites for PUT/POST/PATCH) - First-user bootstrap, password reset, admin user creation endpoints - 23 new Python tests (auth, WS tokens, members, audit, optimistic locking, errors) Chat Panel: - SSE streaming with tool call display (thinking → using tool → writing) - Selection context from section viewer injected into chat messages - File attachments (text extraction, 200KB limit) - Stop button to abort streaming - Tool approval card for permission-gated MCP tools - Auto-refresh section + project after AI response - Chat history persistence and loading - Markdown rendering in assistant messages - Auto-scroll on new messages Dependencies: - Dual-view component: force-directed SVG graph + grouped list - Graph: colored bubbles by status, hover highlighting, drag to rearrange - Arrows with proper elliptical edge offsets - Status legend, click to navigate Section Viewer: - Clickable status dropdown (draft/in_progress/review/approved/outdated) - Text selection → comment form (detects existing comments, scrolls to them) - Comment resolve/reopen toggle, edit (inline), delete with confirmation - Selection context sent to chat panel Settings: - Loads current values from API on mount - Provider Authentication card (Claude CLI status + Re-login, API key input) - Save with toast feedback - Chat panel conditionally shown based on chat_enabled setting Theme & Styling: - Custom CSS variables matching original Pencil design palette - Dark/light toggle with localStorage persistence (defaults to dark) - Markdown styles via .markdown-body class with remark-gfm for tables - Proper code block, table, heading rendering Infrastructure: - Redis in both compose files with health checks - PRISMA_QUERY_ENGINE_LIBRARY env var for Docker compatibility - DATABASE_URL + BETTER_AUTH_SECRET passed to frontend container - All 31 MCP tools in chat allowlist - Updated TODO.md (18 items completed, outdated items removed)
- Project templates: blank, saas-mvp, mobile-app, api-design with pre-built sections created in a single DB transaction via shared/project_factory.py - Template selector cards in create project dialog - Shared constants module (VALID_SECTION_TYPES) used by both API and MCP - MCP prd_create_project accepts optional template param - Notes accordion: collapsible, editable notes per section with save/cancel - Notes endpoint requires editor role (RBAC) - Auth: require_authenticated_user helper, bootstrap-aware enforcement - Dockerfile: include auth.py and errors.py in API container - README rewritten: features, architecture table, security section - Demo script rewritten for Next.js frontend with auth and templates - Tests: template creation, MCP parity, transaction rollback, notes RBAC
- Add require_project_access to all 3 member endpoints (viewer/admin) - WS token endpoint: derive user_id from session instead of body - WS handshake: re-check membership before accept - Schema-qualify to_regclass calls with public. prefix - Warn on default WS_TOKEN_SECRET and missing Redis (once) - Suppress internal error details in add_project_member
ws.py was missing from COPY in Dockerfile. Module-level logger warning fires before uvicorn configures handlers, so use print to stderr instead for reliable startup visibility.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.