38 Commits

This Branch

This Branch

All Branches

Author	SHA1	Message	Date
pqhuy1987	346bd5d644	[CLAUDE] FE: content polish — typography + PageHeader + Button/Input/Table ... Typography base (both apps): - 14px base, line-height 1.55, letter-spacing -0.003em — Be Vietnam Pro render chắc hơn, dấu tiếng Việt rõ hơn - h1/h2 tracking tighter (-0.018em), h1 weight 700, h2 weight 600 - Tabular numbers trong <table> (tự động align cột số) PageHeader: - Title text-[22px] thay vì text-xl — hierarchy mạnh hơn - Border-bottom + pb-5 thay flat layout — content-area rõ vùng - Description leading-relaxed + slate-500 — dễ đọc hơn Button: - shadow-sm + color-tinted shadow (brand/20, red/20) cho primary/ danger — có chiều sâu - active:translate-y-[0.5px] micro-press feedback - Ring offset 2 (thay 1) + offset-white — focus ring tách rõ Input/Select/Textarea: - h-9 thay h-10 — phù hợp dense table layouts - shadow-[inset_0_1px_0_...] — inset highlight tinh tế - Focus: border-brand-500 + ring-brand-500/20 — 2 lớp chỉ báo - Disabled: bg-slate-50 + opacity-70 — rõ disabled state DataTable: - rounded-xl + shadow-sm + border-200/80 — card feel nhẹ nhàng hơn - Header: UPPERCASE text-[11px] tracking-wider — ERP enterprise look - Row hover: bg-brand-50/40 (thay slate-50) — brand-tinted hover - Padding tăng từ px-3 py-2 → px-4 py-2.5 — breathing room Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-21 16:16:53 +07:00
pqhuy1987	bf1fbe3870	[CLAUDE] FE: favicon dùng chữ 'S' thật từ logo Solutions ... Pipeline: - Pixel-crop chữ 'S' script từ logo.png (x=0..86, y=0..100 — trước underline + tagline) - Scale lên 2x thành 172x200 trên canvas 256x256 transparent, center có padding ~12% - Save thành mark.png (6.8KB, transparent bg) - Embed base64 vào favicon.svg với nền trắng rounded-r-48 (contrast với chữ S xanh brand) — scale mọi size - index.html thêm apple-touch-icon + alternate PNG cho browsers không support SVG favicon Kết quả: favicon giờ là glyph 'S' script thật của Solutions, không phải font-rendered text nữa. Contrast trắng-xanh dễ nhận ra ở size nhỏ. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-21 16:10:05 +07:00
pqhuy1987	4abb5596d5	[CLAUDE] FE-Admin+FE-User: brand identity từ Solutions logo ... Lấy logo gốc từ template docx (SOL-CCM-FO-002.05) và brand color exact pixel-sampled #1F7DC1 từ chữ "Solutions". Thay đổi: - logo.png (407x145, từ header docx) đặt vào /public cả 2 app - favicon.svg: "S" trắng trên nền vuông brand blue bo góc - index.css: palette brand-50..900 generate quanh #1F7DC1 + accent red-500/600 cho ® mark + font Be Vietnam Pro (Google Fonts, designed cho tiếng Việt, diacritics đẹp) với fallback Inter + JetBrains Mono cho font-mono + tùy chỉnh scrollbar - Layout sidebar: logo.png 32px + "Admin"/"ERP" subtitle (thay text "SOLUTION ERP" đơn điệu) - LoginPage: gradient background brand-50 + 2 decorative orbs blur, rounded-2xl card + backdrop-blur, big logo 56px + subtitle tracking-[0.2em] - index.html: lang="vi", title "Solutions ERP · Admin" / "Solutions ERP", theme-color #1F7DC1 cho mobile address bar, preconnect fonts.gstatic.com để load Google Fonts nhanh hơn Tất cả màu hardcoded trong component đã dùng `brand-600` → tự map sang palette mới, không cần đổi logic. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-21 15:57:45 +07:00
pqhuy1987	c73e3f904b	[CLAUDE] FE: login error message hướng dẫn diagnose khi Network Error	2026-04-21 15:46:04 +07:00
pqhuy1987	02b8d4be52	[CLAUDE] Docs: STATUS + session log cho prod go-live + ERP shell + Notifications	2026-04-21 15:35:45 +07:00
pqhuy1987	397eb367e5	[CLAUDE] Scripts: SPA web.config thêm HTTP→HTTPS redirect (fix admin login Network Error)	2026-04-21 15:33:01 +07:00
pqhuy1987	49c0ddc8f4	[CLAUDE] App+Domain+Infra+Api+FE: Notifications module end-to-end ... Domain: - Notification entity + NotificationType enum (stable ints) - Nullable RefId cho correlation (contract, user, ...) Infrastructure: - NotificationConfiguration: bảng Notifications, index theo (UserId, ReadAt) - NotificationService: ghi vào DbContext, không SaveChanges (để caller quyết định unit-of-work — đảm bảo atomic với domain mutation) - EF migration AddNotifications Application: - INotificationService (Notify + NotifyMany) - CQRS: ListMyNotifications / GetMyUnreadCount / MarkRead / MarkAllRead Api: - NotificationsController: GET /api/notifications + unread-count + mark-read Integration: - ContractWorkflowService emit notification tới Drafter khi HĐ chuyển phase (skip nếu actor chính là Drafter). Title + type theo phase đích: DaPhatHanh → ContractPublished, TuChoi → ContractRejected, khác → ContractPhaseTransition. FE: - Both NotificationBell (admin + user) dùng /api/notifications thật (thay cho derived-from-inbox MVP trước đó). 30s refetch, click mark-read, 'Đọc hết' bulk action. Foundation sẵn cho SignalR push + email outbox sau này — chỉ cần mở rộng NotificationService mà không đổi caller. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-21 15:24:09 +07:00
pqhuy1987	6c0e20649a	[CLAUDE] FE-Admin: PermissionsPage improved (search + stats + column bulk toggle + empty state)	2026-04-21 15:17:58 +07:00
pqhuy1987	2b6f91c2b2	[CLAUDE] FE: TopBar + NotificationBell + UserMenu — ERP shell foundation ... Kiến trúc Layout giờ tách thành [sidebar] [topbar + content], foundation để scale thêm module trong tương lai (HR, Accounting, Inventory...). TopBar: title placeholder + NotificationBell + UserMenu (initials avatar + role badges + logout). UserMenu thay cho bottom-of-sidebar (cleaner). NotificationBell: - fe-admin: cảnh báo SLA (HĐ quá/sắp quá hạn, 24h window) - fe-user: hộp thư chờ xử lý (items trong /contracts/inbox) - refetchInterval: 60s - Placeholder cho SignalR/email notifications thật sẽ thay bằng /api/notifications endpoint ở Tier 3. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-21 15:16:15 +07:00
pqhuy1987	2e43799046	[CLAUDE] FE: EmptyState component + MyContracts CTA empty state	2026-04-21 15:13:43 +07:00
pqhuy1987	c1c23619de	[CLAUDE] FE: DataTable skeleton rows khi loading (thay 'Đang tải…' text đơn giản)	2026-04-21 15:06:40 +07:00
pqhuy1987	0e5b5cd670	[CLAUDE] FE-User: stat cards trên Inbox (total, sắp hạn, quá hạn, tổng giá trị)	2026-04-21 15:05:42 +07:00
pqhuy1987	290936a0ca	[CLAUDE] CICD+FE-Admin+FE-User: deploy pool-state guard + SlaTimer component ... CICD: check app pool state before Stop-WebAppPool (idempotent). FE: new SlaTimer component with color-coded countdown (emerald/amber/red) and progress bar. Two variants: - inline: used in list tables (Inbox, Contracts list x2, MyContracts) - full: used in ContractDetail card with progress bar + deadline timestamp Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-21 15:04:44 +07:00
pqhuy1987	b40da1e726	[CLAUDE] CICD: read appsettings template from source workspace (not publish output)	2026-04-21 14:58:51 +07:00
pqhuy1987	5709092e08	[CLAUDE] CICD: fresh node_modules per build (Vite 8 rolldown native binding platform resolve)	2026-04-21 14:53:16 +07:00
pqhuy1987	519ba85f22	[CLAUDE] CICD: use npm install (not ci) to resolve Vite 8 rolldown native binding on Windows	2026-04-21 14:46:37 +07:00
pqhuy1987	489a0054fa	[CLAUDE] CICD: drop GITHUB_PATH step (UTF-16 NUL issue) - PATH already set via NSSM	2026-04-21 14:40:14 +07:00
pqhuy1987	10ae51902b	[CLAUDE] CICD: re-trigger after task 32 stuck (runner restart race)	2026-04-21 14:37:40 +07:00
pqhuy1987	57a027501a	[CLAUDE] CICD: use powershell (5.1) instead of pwsh (7) - not installed on VPS	2026-04-21 14:31:35 +07:00
pqhuy1987	5df883de00	[CLAUDE] CICD: re-trigger workflow after runner PATH fix	2026-04-21 14:27:23 +07:00
pqhuy1987	ccfcfb4907	[CLAUDE] CICD: rewrite workflow for local deploy on self-hosted runner ... VPS runner has only windows-latest label (no ubuntu) and lives on the same VPS as IIS, so WinRM + multi-job artifact handoff is unnecessary. Changes: - Single build-deploy job on windows-latest self-hosted - Uses pre-installed Node 20 and .NET 10 SDK (avoids 500MB setup-* downloads per run) - Deploys directly to C:\inetpub\solution-erp\ — no WinRM - appsettings.Production.json rendered from template via secrets (ConvertFrom-Json + ConvertTo-Json keeps JSON structure intact) - Fixed site name mismatch: SolutionErp-Api (was SolutionErpApi) - Removed IIS_HOST/USER/PASSWORD secrets — no longer needed - Added smoke test step hitting https://api.huypham.vn/health/live Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-21 14:25:02 +07:00
pqhuy1987	45452765e3	[CLAUDE] Scripts: fix setup-ssl.ps1 --installationsiteid flag ... win-acme 2.2.9 with --target manual + --installation iis requires --installationsiteid (not --siteid). --siteid only applies to the iis target plugin, not the iis installation plugin. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-21 14:19:26 +07:00
pqhuy1987	169e268b28	[CLAUDE] Scripts: rewrite 4 deploy PS1 ASCII-only for PS 5.1 compat ... PowerShell 5.1 reads .ps1 files as locale codepage (not UTF-8 no BOM), which corrupts multi-byte Vietnamese chars and breaks parsing. Rewrote setup-iis-sites.ps1, setup-ssl.ps1, setup-gitea-runner.ps1, deploy-all.ps1 as ASCII-only. Also renamed $Host param to $HostName in Ensure-Site to avoid collision with PowerShell built-in $Host automatic variable. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-21 14:17:36 +07:00
pqhuy1987	85acf750b3	[CLAUDE] Scripts: update cho SQLEXPRESS instance + Invoke-Sqlcmd (no sqlcmd.exe binary needed) ... - setup-sql-db.ps1: Server=.\SQLEXPRESS default, dung Invoke-Sqlcmd (SqlServer PS module) voi credential + TrustServerCertificate - appsettings.Production.json.example: Server=.\SQLEXPRESS (voi escaped backslash JSON) - DB_CONNECTION Gitea secret da update (qua API) VPS Windows Server 2022 minimal, co VIETREPORT da chay 4 site, SQL instance SQLEXPRESS. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-21 14:10:08 +07:00
pqhuy1987	1b7d8872ab	[CLAUDE] Scripts: deploy-all.ps1 one-command gop 4 step ... - Pre-check prerequisites (admin, sqlcmd, WebAdministration, .NET 10) - Chay theo thu tu SQL → IIS → appsettings.Production.json (auto write tu template + ACL restrict) → SSL (voi confirm) → Runner - Idempotent: chay lai khong pha - -SkipSsl / -SkipRunner flag cho debug - Summary voi next steps Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-21 13:49:55 +07:00
pqhuy1987	b1a4571c86	[CLAUDE] VPS setup scripts + SSL + runner + FE prod config + master runbook ... Scripts moi (PowerShell admin trên VPS Windows Server): - setup-sql-db.ps1: tao DB SolutionErp + grant db_owner cho vrapp (user shared voi VIETREPORT). Idempotent. - setup-iis-sites.ps1: app pool SolutionErp-Api (NoManagedCode + AlwaysRunning + no idle) + 3 site (SolutionErp-Api/Admin/User) voi host header, C:\inetpub\solution-erp\{api,fe-admin,fe-user,logs,uploads}. Placeholder index.html + SPA web.config voi URL rewrite fallback + security headers. Firewall rule. ACL grant AppPool identity Modify. Naming prefix SolutionErp-* tranh conflict VIETREPORT. - setup-ssl.ps1: download win-acme v2.2.9 → issue cert Let's Encrypt 3 domain (api/admin/user.huypham.vn) qua HTTP-01 challenge + auto install IIS binding + HTTP→HTTPS redirect + scheduled task 90d renew. - setup-gitea-runner.ps1: download act_runner.exe → register voi Gitea git.baocaogiaoduc.vn, install Windows service, labels windows-latest,self-hosted,windows,x64 (cho phep share voi VIETREPORT). FE production config: - fe-admin/.env.production + fe-user/.env.production: VITE_API_BASE_URL=https://api.huypham.vn - fe-admin/src/lib/api.ts + fe-user/src/lib/api.ts: BASE_URL = (import.meta.env.VITE_API_BASE_URL ?? '') + '/api' - Dev: empty prefix → /api qua Vite proxy :5443 - Prod: https://api.huypham.vn/api (cross-origin CORS da config AllowedOrigins) Docs: - docs/guides/vps-setup.md MOI (master runbook): prereq, 4 script chay theo thu tu, set 5 Gitea secrets, first deploy, appsettings.Production.json pattern (file hoac user-secrets), smoke test 3 curl, post go-live checklist (doi admin password, rotate secrets chat-exposed, backup schedule, disable Swagger prod, monitor logs), table co-existence VIETREPORT - CLAUDE.md root: add vps-setup.md reference Gitea repo da setup (extern): - https://git.baocaogiaoduc.vn/vietreport-admin/solution-erp (private) - Secrets set via API: IIS_HOST=103.124.94.38, IIS_USER=Administrator, DB_CONNECTION (voi vrapp password), JWT_SECRET placeholder - CON THIEU: IIS_PASSWORD (Windows admin — user cung cap), JWT_SECRET real value (64-char tu vps-jwt-key.txt — user update qua Gitea UI) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-21 13:37:34 +07:00
pqhuy1987	fba0754110	[CLAUDE] Config: appsettings.Production.json.example voi domain huypham.vn + policy 12-char ... - Template commit (not actual Production.json — bi gitignore de tranh leak secret) - ConnectionStrings: User Id=vrapp, Password placeholder - AllowedOrigins: https://admin.huypham.vn + https://user.huypham.vn - Identity.Password.RequiredLength = 12 prod (dev still 8) - Identity.Lockout: 15min, 5 fail max - Khi deploy: cp appsettings.Production.json.example appsettings.Production.json tren server va set secret thuc te (Jwt.Secret, ConnectionStrings.Default password) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-21 13:27:57 +07:00
pqhuy1987	1b5ef2ed51	[CLAUDE] Phase5.1/3.2: IDOR filter + SLA auto-approve job + admin password warning ... IDOR filter ContractsController: - ListContractsQueryHandler + ICurrentUser: non-admin chi thay HD minh la Drafter hoac role eligible phase hien tai - GetContractQueryHandler + ICurrentUser: throw ForbiddenException neu truy cap HD khong lien quan - GetEligiblePhases() internal static trong ListContractsQueryHandler — mirror GetMyInboxQueryHandler.PhaseActorRoles (Drafter/DeptManager → DangSoanThao/DangDamPhan/DangInKy, ProjectManager+PRO+CCM+FIN+ACT+EQU → DangGopY, CostControl → DangKiemTraCCM, Director+AuthorizedSigner → DangTrinhKy, HrAdmin → DangDongDau) SLA Expiry BackgroundService (Phase 3 iteration 2 partial): - Infrastructure/HostedServices/SlaExpiryJob MOI: BackgroundService moi 15 phut (delay 30s startup) - Query Contracts WHERE SlaDeadline < UtcNow AND Phase NOT IN (DaPhatHanh, TuChoi) - Map phase → next (happy path). Goi IContractWorkflowService.TransitionAsync voi actorUserId=null + Decision=AutoApprove + comment 'AUTO: het SLA phase X (Nh qua han)' - Try-catch tung contract, 1 fail khong block batch - Log structured: 'SlaExpiryJob: auto-approved contract {Id} {From} → {To}' - Package Microsoft.Extensions.Hosting added to Infrastructure - DI register AddHostedService<SlaExpiryJob> Admin password warning (Phase 5.1): - DbInitializer.WarnDefaultAdminPasswordAsync: check CheckPasswordAsync voi AdminPassword default → log WRN '⚠️ Admin user vẫn dùng password mặc định. ĐỔI NGAY trong production!' - Chain vao InitializeAsync sau cac seed E2E verified: - Admin GET /contracts → total 1 (see all) - Drafter GET /contracts → total 0 (IDOR filter, chua tao HD nao) - API startup log: '⚠️ Admin user admin@solutionerp.local vẫn dùng password mặc định' - Build + TS check → pass Docs: - STATUS.md: Phase 5.1 hau nhu xong (IDOR + admin warning + SLA job tick), cumulative BE 3900 LOC - migration-todos.md: tick Phase 5.1 IDOR + admin warning, Phase 3 iter 2 SlaExpiryJob + E2E non-admin + admin warning - session log 2026-04-21-1730-idor-sla-job.md Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-21 13:15:14 +07:00
pqhuy1987	11e61c9c39	[CLAUDE] Phase5.1: Security headers + account lockout + Users management ... Security hardening: - Api/Middleware/SecurityHeadersMiddleware MOI: remove server fingerprint (Server, X-Powered-By, ...), add X-Content-Type-Options:nosniff, X-Frame-Options:DENY, Referrer-Policy:strict-origin-when-cross-origin, Permissions-Policy (disable geolocation/mic/cam/payment), X-Permitted-Cross-Domain-Policies:none, CSP (default-src 'self' + img data: + style inline for Tailwind + frame-ancestors 'none'). Skip CSP tren /swagger (dung inline script). - Program.cs wire UseMiddleware SecurityHeadersMiddleware first in pipeline - Infrastructure/DependencyInjection Identity options: - Password.RequiredLength config-driven (Identity:Password:RequiredLength, default 8 dev, override 12+ prod) - Lockout: DefaultLockoutTimeSpan (15min), MaxFailedAccessAttempts (5), AllowedForNewUsers=true — all config-driven - LoginCommandHandler: IsLockedOutAsync check truoc → throw voi deadline message, AccessFailedAsync khi sai password, ResetAccessFailedCountAsync khi login thanh cong Users management: - Application/Users/UserFeatures.cs: 8 CQRS (ListUsersQuery paging+search, GetUserQuery, CreateUserCommand + Validator, UpdateUserCommand voi self-disable protection, AssignRolesCommand voi self-demote protection (khong tu go Admin), ResetPasswordCommand (invalidate refresh token + unlock), UnlockUserCommand) - UserDto: Id, Email, FullName, IsActive, IsLocked (computed tu LockoutEnd), CreatedAt, Roles - Api/Controllers/UsersController: 7 endpoint (Users.Read/Create/Update policies): - GET / (list paged), GET /{id}, POST /, PUT /{id}, PUT /{id}/roles, POST /{id}/reset-password, POST /{id}/unlock - using alias ValidationException = Application.Common.Exceptions.ValidationException (fix ambiguity voi FluentValidation) Frontend fe-admin: - types/users.ts MOI: User type + AVAILABLE_ROLES 12 role (match BE AppRoles.cs) + RoleLabel Vietnamese - pages/system/UsersPage.tsx MOI: - DataTable columns: Email (mono), FullName, Roles (badge chips voi Vietnamese label), IsActive (CheckCircle/XCircle), IsLocked (KeyRound red), CreatedAt - Actions per row (PermissionGuard Users.Update wrap): Gan role (Shield icon → Dialog grid 12 checkbox), Reset password (KeyRound → Dialog voi warning user se bi logout), Unlock (Unlock icon, chi hien khi isLocked), Toggle active (XCircle/CheckCircle) - Create user dialog: email + fullName + password (min 8) + grid 12 role checkbox - Route /system/users vao App.tsx E2E verified: - Security headers present tren moi response (check qua curl -I) - POST /api/users voi roles: [Drafter] → 201 + id - GET /api/users → paged voi 2 user (admin + new test.drafter) - TS check fe-admin → pass - dotnet build → 0 errors Docs: - docs/STATUS.md: Phase 5.1 xong, cumulative BE 3700 LOC, 42 endpoints, 17 FE pages - docs/HANDOFF.md: phase table update row Phase 5.1, last updated timestamp - docs/changelog/migration-todos.md: tick 6 items Phase 5.1 + 4 items remaining (IDOR, deps scan, admin warning, Roles CRUD) - docs/changelog/sessions/2026-04-21-1630-phase5-1-security-users.md: session log Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> EOF	2026-04-21 13:06:46 +07:00
pqhuy1987	46a2cab788	[CLAUDE] Docs: tick Phase 5 Prep items in migration-todos ... Follow-up: migration-todos Phase 5 section update bi miss trong commit truoc (Edit bi block boi system reminder). Apply lai: - Tick 14 items Prep xong - Split 'Deploy that (can Gitea URL)' va 'Phase 5.1 Security hardening' Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-21 12:58:08 +07:00
pqhuy1987	f3fb3fd565	[CLAUDE] Phase5 prep: production infra + deploy scripts + 4 guides + FE refresh token ... Backend production infra: - Packages: Serilog.Sinks.File, HealthChecks.EntityFrameworkCore (RateLimiting built-in .NET 10) - appsettings.Production.json MOI: placeholder __SET_VIA_SECRETS__, AllowedOrigins, Serilog File sink rolling daily retention 30d, RateLimit config - appsettings.json + Development.json: them Serilog WriteTo Console - Program.cs REWRITE: - Serilog ReadFrom.Configuration (prod file / dev console) - Rate limiter: policy auth-login 5/min/IP (AuthController.Login) + GlobalLimiter 300/min/IP - Health checks: /health/live liveness (empty predicate) + /health/ready DB probe (AddDbContextCheck) - HSTS production 1 year - CORS origins from config AllowedOrigins (default dev 2 localhost) - AuthController.Login gắn [EnableRateLimiting("auth-login")] Deploy scripts: - scripts/deploy-iis.ps1: stop pool → backup current → clean+extract artifact → start pool → health check loop 30s timeout → rollback instruction if fail - scripts/backup-sql.ps1: BACKUP DATABASE voi INIT+COMPRESSION+CHECKSUM + retention 30d auto cleanup - .gitea/workflows/deploy.yml MOI: 4 job build BE (Windows) + build 2 FE (Ubuntu, pin .nvmrc 20) + deploy-iis qua WinRM PSSession (secrets IIS_HOST/USER/PASSWORD/JWT_SECRET/DB_CONNECTION) Docs guides MOI (4 file): - deployment-iis.md: prereqs (IIS features, Hosting Bundle, SQL, WinRM) + setup lan dau (app pool, 3 site, HTTPS win-acme, user-secrets) + deploy hang ngay (CI/CD + manual) + rollback + monitoring + troubleshooting + SPA web.config sample - cicd.md: pipeline overview 4 job, secrets setup, runner Windows+Ubuntu, branch strategy, build optimizations, common CI/CD issues - security-checklist.md: OWASP top 10 2021 mapping voi status + pre go-live checklist + incident response - runbook.md: daily ops (health/logs), restart/rollback, DB backup/restore/migration revert, user management (reset password, unlock, disable), monitoring (CPU/disk/connection pool), deployment checklist, common gotcha Frontend refresh token (ca 2 app fe-admin + fe-user): - lib/api.ts REWRITE: them REFRESH_KEY, axios response interceptor 401 → POST /auth/refresh → retry request goc. Queue pattern cho nhieu request song song chi 1 refresh call chay. Skip retry /auth/login + /auth/refresh tranh infinite loop. _retry flag tren original config. - contexts/AuthContext.tsx: luu+xoa REFRESH_KEY trong login/logout E2E verified: - GET /health/live → 200 Healthy - GET /health/ready → 200 Healthy (DB probe) - Rate limit flood 7 POST /auth/login → #1-5 HTTP 400 (cred sai) + #6-7 HTTP 429 Too Many Requests ✅ - TS check fe-admin + fe-user → pass - dotnet build → 0 errors Docs updates: - docs/STATUS.md: Phase 5 prep done, next Phase 5 deploy production + Phase 5.1 security hardening, cumulative stats 8 commits - docs/HANDOFF.md: phase table them Phase 5 prep row, file tree update voi guides + scripts + workflows, git state commit 8 - docs/changelog/migration-todos.md: tick Phase 5 prep items (12 items done) + Phase 5 deploy items remaining + Phase 5.1 security hardening list - docs/changelog/sessions/2026-04-21-1530-phase5-prep.md: session log chi tiet Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-21 12:57:12 +07:00
pqhuy1987	fe7ad8e4a3	[CLAUDE] Phase4: Report MVP + Docs Consolidation (rules, architecture, schema-diagram) ... Backend Report: - Application/Reports/Dtos/DashboardStatsDto: 5 KPI + PhaseCount + SupplierCount + ProjectCount + MonthlyValue - Application/Reports/Queries/GetDashboardStats handler: total/active/overdue/published this month/totalValueActive + byPhase + top 5 NCC/du an + 12 thang monthly (fill zero khi thang empty) - Application/Reports/Services/IContractExcelExporter interface - Infrastructure/Reports/ContractExcelExporter: ClosedXML workbook 10 cot, header style bold+blue, number format #,##0, formula SUM, auto-fit, freeze header - Application/Reports/Commands/ExportContractsToExcelCommand: filter phase/supplier/project/date range - Api/Controllers/ReportsController: GET /reports/dashboard, GET /reports/contracts/export - DI register IContractExcelExporter (Scoped) Frontend fe-admin: - types/reports.ts: DashboardStats type - components/BarChart.tsx: generic horizontal bar chart — chi Tailwind, khong thu vien ngoai - pages/DashboardPage.tsx REWRITE: 5 KPI card (FileText/TrendingUp/AlertTriangle/CheckCircle2/Coins) + by-phase bar + monthly 12-month chart + top 5 NCC + top 5 du an + skeleton loader - pages/ReportsPage.tsx MOI: filter phase/fromDate/toDate → export Excel button - Route /reports vao App.tsx E2E verified: - GET /api/reports/dashboard → 200 voi day du KPI + monthly fill 12 thang - GET /api/reports/contracts/export → 200 xlsx 7229 bytes (Microsoft Excel 2007+) Docs consolidation (theo yeu cau user): - docs/rules.md MOI: 9 section coding conventions (ngon ngu UI/code/DB/docs, BE Clean Arch, CQRS+MediatR, Validation FluentValidation, Error handling, Async, Entity rules, DI, Package pinning, FE React/TS erasableSyntaxOnly, path alias, TanStack Query, Permission guard, Toast+error, DB convention, Git commit format, Docs structure, Testing, Security) - docs/architecture.md MOI: layered overview ASCII art, request lifecycle (1 POST/api/contracts qua 10 step), workflow state machine 9 phase, permission model, data flow sequence diagram 4 actor (Drafter/Manager/CCM/BOD/HRA), deployment architecture Phase 5, skill library, non-functional table - docs/database/schema-diagram.md MOI: full ERD 19 table mermaid + data flow diagram + vong doi 1 HD (create → 7 transition → gen ma → publish) + index strategy table + relationship cardinality + soft delete behavior + SQL queries (inbox/dashboard/gen ma) + migration history - docs/gotchas.md UPDATE: 17 → 26 pitfalls, them section "Claude Code harness quirks" (Edit File not read, DI build pass nhung runtime fail) + "Contract workflow" (ma HD gen 2 lan, BE-FE NEXT_PHASES sync, race condition) + "Permission matrix" (cache real-time, MenuKey typo) - docs/STATUS.md: Phase 4 MVP done, docs entry points section liet ke het, next Phase 5 Production - docs/HANDOFF.md: phase table them Phase 4 row, file tree update voi Reports, test points day du, git state commit 7 - docs/changelog/migration-todos.md: tick Phase 4 MVP items + them iteration 2 list - docs/changelog/sessions/2026-04-21-1430-phase4-report.md: session log voi thong so cumulative (BE 3100 LOC, 30 docs) - CLAUDE.md root: update Tai lieu quan trong section them rules.md, architecture.md, schema-diagram.md, .claude/skills (13 links now) Bug fix: - TS unused import ContractPhaseLabel trong DashboardPage - DI thieu register IContractExcelExporter — build pass but runtime would fail (added) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-21 12:42:46 +07:00
pqhuy1987	7e957a7654	[CLAUDE] Phase3: Workflow MVP — 9-phase state machine + code gen + FE Inbox/Detail ... Backend Contracts domain (5 entities): - Contract aggregate: Phase (9 enum), SlaDeadline, MaHopDong, BypassProcurementAndCCM, DraftData, SlaWarningSent - ContractApproval: FromPhase → ToPhase, ApproverUserId (null = system auto-approve), Decision, Comment - ContractComment: thread theo Phase current - ContractAttachment: FileName + StoragePath + Purpose (DraftExport/ScannedSigned/SealedCopy) - ContractCodeSequence: Prefix PK + LastSeq — atomic gen EF configs: - Unique MaHopDong filtered [MaHopDong] IS NOT NULL - Indexes: Phase+IsDeleted, SupplierId, ProjectId, SlaDeadline, ContractId+ApprovedAt, ContractId+CreatedAt - Cascade delete Approvals/Comments/Attachments khi Contract xoa - Query filter IsDeleted - Migration AddContractsWorkflow (DB 19 tables) Workflow service: - IContractWorkflowService.TransitionAsync: - Adjacency check qua Transitions Dict<(from,to), roles[]> (12 transitions) - Role guard: user phai co role ∈ allowed - Admin bypass (role Admin pass moi check) - System bypass (userId=null + Decision=AutoApprove → cho SLA job sau nay) - Bypass CCM: BypassProcurementAndCCM=true cho phep DangInKy → DangTrinhKy skip phase 6 - Gen ma HD khi chuyen DangDongDau (idempotent — khong gen lai neu da co) - Reset SlaDeadline = UtcNow + PhaseSla - Insert ContractApproval row Code generator (RG-001): - 7 format theo ContractType: HDTP / HDGK / NCC / HDDV / MB + 2 framework (year prefix) - BeginTransactionAsync(Serializable) + ContractCodeSequences UPSERT → atomic - Idempotent: neu MaHopDong da co thi skip CQRS (8 feature, ContractFeatures.cs): - CreateContractCommand + Validator + Handler (set SlaDeadline = +7d) - UpdateContractDraftCommand (chi khi Phase=DangSoanThao) - TransitionContractCommand (delegate → WorkflowService) - AddCommentCommand (phase = hien tai) - ListContractsQuery (PagedResult + filter phase/supplier/project/search) - GetMyInboxQuery (map Phase → actor roles, filter theo role user) - GetContractQuery (detail + approvals + comments + attachments + resolve user names) - DeleteContractCommand (soft, block > DangInKy) Controller: - ContractsController 8 endpoint: GET list/inbox/detail, POST create/transition/comment, PUT update, DELETE Frontend fe-admin (2 page moi): - types/contracts.ts: ContractPhase const + Label + Color maps + types - components/PhaseBadge.tsx - pages/contracts/ContractsListPage.tsx: filter phase + search + click → detail - pages/contracts/ContractDetailPage.tsx: 2-col layout (info+comments | timeline), action dialog select target phase + comment Frontend fe-user (4 page moi + 14 file shared): - cp 14 file shared tu fe-admin (menuKeys, types/*, DataTable, PhaseBadge, Dialog, Textarea, Select, apiError, usePermission, PermissionGuard) - AuthContext update: load menu tu /menus/me + cache - Layout: menu fixed 3 muc + user info + roles display - InboxPage: list HD cho role user xu ly (sort theo SLA) - ContractCreatePage: form chon loai + template + NCC + du an + gia tri + bypass CDT - ContractDetailPage: duplicate fe-admin pattern (convention) - MyContractsPage: list HD cua toi - App.tsx: 4 route moi E2E verified: - Setup Supplier + Project - POST /contracts → 201 + phase=2 - POST /contracts/{id}/transitions x7 → di het 9 phase - Final: MaHopDong = "FLOCK 01/HĐGK/SOL&PVL2026/01" dung format RG-001 - Approvals: 7 rows audit day du Docs: - .claude/skills/contract-workflow/SKILL.md: placeholder → full spec voi state machine, SLA table, role matrix, 7 code format, code pointers, API, E2E workflow, pitfalls - docs/changelog/sessions/2026-04-21-1330-phase3-workflow.md: session log - docs/STATUS.md: Phase 3 MVP done, next Phase 4 - docs/HANDOFF.md: update phase status + file tree + commit log + testing points - docs/changelog/migration-todos.md: tick Phase 3 MVP items + add iteration 2 list Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-21 12:26:09 +07:00
pqhuy1987	5113e4c771	[CLAUDE] Phase2: Form Engine MVP + docs (gotchas, skill, handoff) ... Backend Forms: - Domain/Forms: ContractTemplate (FormCode, Name, ContractType, FileName, StoragePath, Format, FieldSpec JSON, IsActive) + ContractClause - EF config voi unique FormCode + query filter IsDeleted - DbSets + IApplicationDbContext update - Migration AddForms (bang 14 total) - Packages: DocumentFormat.OpenXml 3.x + ClosedXML 0.105+ - Application/Forms: - IFormRenderer interface + RenderResult record - FormFeatures.cs: List/Get/Render CQRS - IWebHostEnvironmentLocator (abstract IWebHostEnvironment) - Infrastructure/Forms: - DocxRenderer: OpenXml-based placeholder {{field}} replace, handle split runs (gom text tat ca <w:t> trong paragraph, replace, gan lai text dau + clear rest) - XlsxRenderer: ClosedXML cell value replace - FormRenderer router theo format docx/xlsx - Api: - FormsController: GET /templates (filter type, onlyActive), GET /templates/{id}, POST /templates/{id}/render (return file) - WebHostEnvironmentLocator impl - DbInitializer SeedContractTemplatesAsync: seed 8 template metadata, IsActive=true chi khi file ton tai Templates vat ly: - Copy 5 .docx/.xlsx tu FORM/ sang wwwroot/templates/ - 3 .doc (FO-002.02/03/06) chua convert: IsActive=false (Word COM bi stuck luc test, can retry voi DisplayAlerts=0 hoac LibreOffice) - scripts/convert-doc-to-docx.ps1 (Word COM automation) Frontend fe-admin: - types/forms.ts: ContractTemplate + ContractTypeLabel - pages/forms/FormsPage.tsx: list templates + Render dialog (paste JSON data → download .docx/.xlsx) - Route /forms them vao App.tsx Bug fix: - SpaceProcessingModeValues namespace: wrap EnumValue<> full path - SaveAs2($path, 16) thay vi SaveAs([ref], [ref]) — PowerShell type issue - Word COM stuck: kill process, skip .doc cho MVP Docs (theo yeu cau user): - docs/gotchas.md MOI: 17 pitfalls nhom theo tech stack / EF Core / OpenXml / JSON / dev workflow - .claude/skills/form-engine/SKILL.md: placeholder → full spec (algorithm + code pointers + API + limitations) - .claude/skills/permission-matrix/SKILL.md: placeholder → full spec (BE policy + FE guard + seed + pitfalls) - docs/HANDOFF.md MOI: brief 5 phut cho session sau (run quickstart + where we are + next steps + file tree + gotchas ref) - docs/STATUS.md: update cumulative stats + next up Phase 3 - docs/changelog/migration-todos.md: tick Phase 2 iteration 1 items + add iteration 2 list - docs/changelog/sessions/2026-04-21-1200-phase2-form-engine.md: session log - CLAUDE.md root: them reference den gotchas + HANDOFF E2E verified: - GET /api/forms/templates (onlyActive=false) → 8 templates - POST /api/forms/templates/{FO-002.05}/render voi data dict → HTTP 200 + file .docx 482KB (Microsoft Word 2007+ OK) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-21 12:01:11 +07:00
pqhuy1987	54d6c9ba52	[CLAUDE] Phase1.2: CRUD Master + Permission Matrix + FE admin pages ... Backend: - Domain/Master: Supplier (+ SupplierType 5 loai), Project, Department (AuditableEntity) - Domain/Identity: MenuItem, Permission, MenuKeys const (12 menu) - EF Configurations voi unique Code + query filter IsDeleted - DbSets + IApplicationDbContext interface update - Application: PagedResult + PagedRequest generic - Application/Master CQRS CRUD 3 entity (Create/Update/Delete/Get/List voi paging search sort) - Application/Permissions: GetMyMenuTree (union OR role, filter tree), ListMenuItems, ListPermissionsByRole, UpsertPermission (guard admin khong tu giam quyen), ListRoles - Api/Authorization: MenuPermissionRequirement + Handler (Admin bypass, query DB) - Program.cs: register 48 policy {menu}.{action} tu MenuKeys x Actions - Api/Controllers: Suppliers, Projects, Departments, Menus, Roles, Permissions - DbInitializer: seed 12 menu + admin full CRUD permissions - Migration AddMasterData + AddPermissions Frontend (fe-admin): - Types: menuKeys.ts const, menu.ts (MenuNode/Role/Permission), master.ts (Supplier/Project/Department + SupplierType const-object) - AuthContext: load menu from /menus/me, cache localStorage, refreshMenu() - usePermission hook + PermissionGuard component (wrap button) - UI kit them: Dialog (modal overlay), Textarea, Select - Generic: DataTable (column config, sortable, loading, empty) + Pagination - PageHeader component - apiError helper extract message tu ProblemDetails - Layout rewrite: render menu dong tu AuthContext.menu (MenuGroup collapsible + NavLink + lucide icon map) - Pages: master/Suppliers, master/Projects, master/Departments (CRUD + search + sort + paging + Dialog form) - Page system/Permissions: ma tran Role x MenuKey x CRUD checkbox (tick tu dong PUT upsert) - App.tsx them 4 route moi Bug fix: - MenuPermissionHandler: EF expression tree khong support switch expression -> tach switch ra ngoai AnyAsync - TS erasableSyntaxOnly khong cho enum -> SupplierType const-object pattern (typeof[keyof]) E2E verified via Vite proxy: - GET /menus/me -> 6 root + 6 child nodes (12 menus) - GET /roles -> 12 roles - POST/GET/PUT/DELETE /suppliers -> full CRUD, soft delete OK - tsc -b fe-admin pass Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-21 11:30:14 +07:00
pqhuy1987	49a5f57a50	[CLAUDE] Docs: database-guide + 6 flow diagrams ... docs/database/database-guide.md: - Conventions (naming, data types, audit fields, soft delete) - Schema hien tai (Identity tables sau migration Init) + seed 12 role + admin - Schema planned: Phase 1 dot 2 (Supplier/Project/Department + Permission Matrix) - Schema planned: Phase 3 (Contract + Approval + Comment + Attachment + Template + Clause + CodeSequence) - Mermaid ERD cho tung phase - Migration workflow (create/apply/revert) - Index strategy + unique indexes - Backup/restore SQL - Common pitfalls + SQL cheatsheet docs/flows/ — 6 flow documentation: - README.md: index - auth-flow.md: login/refresh/me/logout (IMPLEMENTED, sequence + edge cases + security checklist) - permission-flow.md: Phase 1 dot 2 - Role x MenuKey x CRUD resolution + FE guard + BE policy - contract-creation-flow.md: Phase 2 - Drafter flow chon template -> fill -> preview -> save draft - contract-approval-flow.md: Phase 3 - state machine 9 phase chi tiet + reject flow + timeline UI - form-render-flow.md: Phase 2 - OpenXml + ClosedXML + LibreOffice PDF convert - sla-expiry-flow.md: Phase 3 - BackgroundService auto-approve qua SLA + warning notify Update references: - CLAUDE.md (root): them 2 row Tai lieu quan trong - docs/CLAUDE.md: update project layout voi flows/ + database/ - docs/STATUS.md: log docs addition - docs/changelog/migration-todos.md: tick Phase 0 docs items Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-21 11:15:28 +07:00
pqhuy1987	702411fcc8	[CLAUDE] Phase1: foundation - BE Clean Arch + Identity + JWT + 2 FE React + login E2E ... Backend (.NET 10): - Domain: BaseEntity/AuditableEntity, ContractType/Phase/ApprovalDecision enums, User/Role (Identity<Guid>), AppRoles (12 const) - Application: IApplicationDbContext/ICurrentUser/IDateTime/IJwtTokenService, custom exceptions, ValidationBehavior (MediatR pipeline), Auth CQRS (Login/Refresh/Me), DependencyInjection - Infrastructure: ApplicationDbContext (IdentityDbContext), AuditingInterceptor (auto audit + soft delete), DbInitializer (seed 12 role + admin), DesignTimeDbContextFactory, JwtTokenService, DateTimeService, DI - Api: CurrentUserService, GlobalExceptionMiddleware (ProblemDetails), AuthController, Program.cs rewrite (Serilog + JWT + CORS + Swagger), appsettings + launchSettings (port 5443) - Migration Init applied to SolutionErp_Dev LocalDB Frontend (React 19 + Vite 8 + Tailwind 4): - fe-admin (:8082 blue) + fe-user (:8080 emerald) - shared structure, khac menu + brand color - Tailwind 4 via @tailwindcss/vite plugin, theme brand colors - AuthContext (localStorage token), ProtectedRoute, Layout (sidebar + header) - UI kit: Button/Input/Label (CVA + Tailwind) - LoginPage voi toast error, DashboardPage/InboxPage placeholder - Axios interceptor: auto Bearer + 401 redirect - TanStack Query client, React Router 7, Sonner toast Package downgrades (do .NET 10 / TS 6 compat): - MediatR 14 -> 12.4.1 (v14 breaking changes) - Swashbuckle 10 -> 6.9.0 (v10 khong tuong thich OpenApi 2) - Removed Microsoft.AspNetCore.OpenApi (conflict voi Swashbuckle) E2E verified: POST /api/auth/login qua Vite proxy ca 2 FE -> JWT + user info Credentials seed: admin@solutionerp.local / Admin@123456 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-21 10:59:44 +07:00
pqhuy1987	25dad7f36f	[CLAUDE] Scaffold: khoi tao SOLUTION_ERP Phase 0 ... - .NET 10 Clean Architecture: Domain/Application/Infrastructure/Api (4 project) - 2 React + Vite + TS app: fe-admin (:8082), fe-user (:8080) voi proxy /api - Node engines >=20, .nvmrc = 20 cho CI (bai hoc NamGroup) - SQL Server 2022 qua docker-compose (dev) - Parse 8 FORM -> docs/forms-spec.md (catalog + ma HD format RG-001) - Parse QUY_TRINH -> docs/workflow-contract.md (9 phase state machine + role matrix) - docs: CLAUDE.md, STATUS.md, PROJECT-MAP.md, migration-todos.md (roadmap 5 phase) - .claude/skills: 3 placeholder (contract-workflow, form-engine, permission-matrix) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-21 10:37:34 +07:00