Optimize CI/CD theo Option C bàn trong chat:
==== Path filter (saving 100% time cho commit MD-only) ====
on: push: paths-ignore mới — skip CI khi commit chỉ docs/skill/MD/gitignore.
- 'docs/**'
- '**/*.md'
- '.claude/skills/**'
- '.gitignore'
- 'scripts/**.md'
Commit 'Docs: chốt session' và similar sẽ KHÔNG trigger workflow → save 196s/commit.
Nếu cùng commit thay đổi cả MD + code → vẫn trigger (đúng behavior expected).
Workflow file `.gitea/workflows/**` chính NÓ thì không trong paths-ignore →
vẫn trigger khi sửa CI config (an toàn).
==== npm junction cache (saving ~70-80s code commit) ====
Replace Build fe-admin + fe-user steps với cache-aware version.
Strategy:
- Cache key = SHA256(package.json) 16-char prefix → đổi deps = miss → fresh
- Cache stored: C:\npm-cache-erp\<app>\<hash>\node_modules (ngoài workspace)
- Junction `fe-admin\node_modules → cache` (instant, không file copy)
- Lần đầu (cold): 49s + 33s = 82s (như cũ)
- Lần sau (warm): mklink instant + skip npm install → ~3s + 3s = 6s (saving ~76s)
Safety:
- Trước Deploy: convert junction → nothing (cmd /c rmdir /q chỉ remove ref,
không follow target). Tránh trường hợp act_runner cleanup workspace
follow junction + delete cache.
- Pruning: keep top 5 cache per app (~250MB × 5 × 2 = 2.5GB max disk usage).
Stale evicted FIFO theo LastWriteTime DESC.
Vite 8 rolldown native binding gotcha (#20) vẫn respect: cache install trên
runner Windows nên rolldown binding match → reuse được.
==== Expected ====
- Commit MD-only: 0s CI (skip hoàn toàn)
- Commit code lần đầu sau cache miss (vd npm update): ~3min (như cũ)
- Commit code thường (cache hit): ~120s = 2 phút (giảm 38%)
Verify dotnet test local: 71 pass / 2s (BE không thay đổi).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Vấn đề persistent (run #108 và #109 đều fail trong 21-22s):
Get "https://github.com/actions/checkout/info/refs?service=git-upload-pack":
dial tcp 20.205.243.166:443: connectex: connection failed/timeout
act_runner v0.2.13 mỗi run đều `git fetch` actions/checkout từ github.com
để check update — VPS network → github.com TCP timeout 21s liên tục →
toàn job fail TRƯỚC khi tới test gate.
Fix: thay actions ngoài bằng native shell, eliminate github.com dependency.
- Replace `uses: actions/checkout@v4` → manual `git init` + `git fetch`
từ Gitea internal network (luôn ổn định, không qua public internet)
- Auth: github.token (act_runner cũng dùng tên này) — tự sẵn per job
- Fetch by ref (branch) thay vì SHA, depth=30 đủ buffer nếu main commit
thêm trong lúc job pickup
- Checkout đúng commit SHA của event push
- Log 1-line để confirm checkout đúng
- Replace `uses: actions/upload-artifact@v4` (cũng phụ thuộc github.com)
→ step "List test results" local. TRX file vẫn save trong workspace
test-results/, đọc qua runner workspace nếu cần debug.
Test gate giữ nguyên (Domain + Infra). dotnet test local 71 pass / 2s.
Long-term option (nếu Gitea Actions thêm hỗ trợ): config `github_mirror`
trong gitea-runner config.yaml để mirror github.com → Gitea internal,
hoặc pre-cache actions/* repos vào runner cache dir.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Run #108 failed in 22s với:
Get "https://github.com/actions/checkout/info/refs?service=git-upload-pack":
dial tcp 20.205.243.166:443: connectex: A connection attempt failed
because the connected party did not properly respond...
Network từ VPS → github.com bị timeout transient lúc act_runner clone
`actions/checkout@v4` source. Test gate chưa kịp chạy.
Verify network giờ đã ok (TcpTestSucceeded: True) + dotnet test local
71 pass / 2s. Empty commit để re-trigger CI.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Phase 2 — chống regression code generator. 17 test mới integration với
DB thật (SQLite in-memory) tổng cộng 71 test pass < 3 giây.
Test project:
- tests/SolutionErp.Infrastructure.Tests/ (xUnit + FluentAssertions + EF SQLite 10)
- ProjectReference SolutionErp.Infrastructure (transitively get Application + Domain)
- Added vào SolutionErp.slnx
Test fixtures:
- Common/SqliteDbFixture.cs:
- SQLite ":memory:" + shared connection + EnsureCreated() từ DbContext model
- TestApplicationDbContext subclass — override OnModelCreating replace
'nvarchar(max)' → 'TEXT' (SQLite không support max keyword)
- FixedDateTime stub IDateTime cho deterministic year boundary test
Test files:
- Services/ContractCodeGeneratorTests.cs (10 test):
- Format per ContractType (5 type × Project scope) — RG-001 spec
- Framework HĐ (NguyenTacNCC + NguyenTacDV) → year scope thay vì project
- Sequence increment per prefix (3 calls → /01, /02, /03)
- Different prefixes (project / supplier) → independent sequences
- Year change (2026 → 2027) → reset sequence vì prefix khác
- PersistsSequenceRow LastSeq verification
- Services/PurchaseEvaluationCodeGeneratorTests.cs (7 test):
- Format A/B (DuyetNcc → 'A', DuyetNccPhuongAn → 'B')
- Seq là 3-digit padded (001..012)
- Type A và B sequence độc lập trong cùng năm
- Year boundary reset cả A và B
CI gate update (.gitea/workflows/deploy.yml):
- Step "Run integration tests (Infrastructure)" thêm sau Domain tests
- TRX log saved riêng (infra-tests.trx)
- Cả 2 step đều exit non-zero → no deploy
Verify local:
- dotnet test SolutionErp.slnx → Total tests: 71 (54 Domain + 17 Infra) / Passed: 71 / 2.1s
- dotnet build SolutionErp.slnx → 0 error
Phase 3+ pending:
- Application handler tests (CQRS) với EF InMemory hoặc SQLite (~1 ngày)
- API smoke tests qua WebApplicationFactory (~0.5 ngày)
- FE Vitest cho lib utility (~0.5 ngày)
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Match form chính thức 4 section đánh số:
1. Thông tin gói thầu — chỉ a. Tên gói thầu + b. Dự án (Địa điểm + Mô tả compact bên dưới nếu có).
2. Chọn NCC / TP — đúng a/b/c/d:
a. NCC/TP được chọn — selectedSupplierName badge xanh
b. Ngân sách — link Budget với mã + tên + tổng
c. Giá chào thầu — tự compute = sum quotes của winner supplier (filter quotes.purchaseEvaluationSupplierId === winnerRowId)
d. Bản so sánh — embed GeneralAttachmentsSection (attachments không gắn supplier-row, purpose=ComparisonTable)
+ ĐKTT + HĐ kế thừa link bonus
+ Banner emerald 'Tạo HĐ từ phiếu' khi DaDuyet + chưa có Contract
3. NCC/TP tham gia — section riêng giữ table 5 cột (NCC/Liên hệ/ĐKTT/File/Action — nhiều info hơn spec table 3 cột, useful cho UX web).
4. Hạng mục + Báo giá — matrix với cột 'NS link · Δ' + footer aggregate (giữ nguyên).
Side change:
- FormRow helper mới (label 176px + value flex) thay cho dl grid 2-col cũ — match style form giấy
- Drop Field helper cũ (now unused)
- InfoTab signature đổi: bỏ readOnly param (chỉ display, action move sang ChonNccSection)
TS build pass cả 2 app. Mirror fe-user identical.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
User cung cap danh sach nhan vien thuc te. Add vao SeedDemoUsersAsync,
idempotent (FindByEmail trong reconcile pattern). Pass = User@123456
(matching demo pattern, policy 12 char + digit + lower + upper + special).
PRO (5):
- tra.bui — Bui Le Thuy Tra — TP Cung ung (Procurement+DeptManager)
- phuong.nguyen — Nguyen Thi Bich Phuong (Procurement+Drafter)
- thanh.lethanh — Le Thanh Binh (Procurement+Drafter)
- long.chau — Chau Ta Kim Long (Procurement+Drafter)
- duy.nguyen — Nguyen Van Duy (Procurement+Drafter)
CCM (7):
- chuong.phan — Phan Van Chuong — TP Kiem soat Chi phi (CostControl+DeptManager)
- binh.le — Le Van Binh (CostControl)
- luu.tran — Tran Xuan Luu (CostControl)
- nguyen.ho — Ho Thi Nu Nguyen (CostControl)
- anh.nguyen — Nguyen Thi Kim Anh (CostControl)
- tring.le — Le Tu Dang Trinh (CostControl) — giu literal user provided
- truong.le — Le Tran Dang Truong (CostControl)
ISO (1):
- long.nguyen — Nguyen Hoang Chanh Long — Dep HRA, role HrAdmin (dong dau HD)
CEO (1):
- truong.nguyen — Nguyen Van Truong — Dep BOD, role Director (ASCII fix tu 'truong.nguyen' co dau)
Email typo fix:
- 'phuong.nguyen@soluttions.com' → 'phuong.nguyen@solutions.com.vn'
- 'truong.nguyen' co dau → 'truong.nguyen' ASCII (KHONG conflict voi truong.le CCM)
Reconcile pattern dam bao: neu user da exist (email collision), update
dept/position/role thay vi error. Pass khong overwrite cho existing user.
User request: 'review cap nhat va tai cau truc lai MD sao cho phu hop
voi hien tai, cac phan thua va da dieu chinh co the bo ra luon hoac
cap nhat lai'.
Cleanup highlights:
1. Archive 2 file Phase 0 raw dump → docs/_archive/ (forms-spec-raw 657
line + workflow-raw 62 line). Update link reference 2 file goc.
2. Compact migration-todos.md 386 → 114 line (-71%). Collapse Phase 0-5
+ Tier 3 + Sessions detailed thanh 1 bang summary. Detail xem session
logs. Phase 6 iter 1+2 + Phase 7 active checklist.
3. Compact STATUS.md In Progress: bo ~17 row ✅ done (giu chỉ 5+ task
pending: 3 PE feature gap + 4 optional polish + 2 Ops). Recently Done
table giu day du history.
4. Update flows/README — tat ca 6 flow ✅ Implemented + them PE row
reference architecture.md §9.
5. Update docs/CLAUDE.md — project layout co PurchaseEvaluations, _archive,
skills 6 (3 dom + 3 ops). Roadmap them Phase 6 ✅ + Phase 7 WIP. Lien
he them prod URL solutions.com.vn + SSH config + login admin.
6. Skill ef-core-migration: 13 migration label.
Net delta: -800 line docs (chu yeu archive + collapse migration-todos).
PART A: Section 'Bang so sanh' (file tong ho so so sanh)
User request: 'theo them cho thong tin ve Bang so sanh, cho dinh kem
file so sanh tong len'.
BE:
- PurchaseEvaluationAttachmentPurpose.ComparisonTable = 4 (new enum value)
Backend validator IsInEnum pass, khong can migration (int column).
FE types (2 app):
- PeAttachmentPurpose.ComparisonTable + Label '4: Bang so sanh'.
FE PeDetailTabs:
- Them section thu 4 'Bang so sanh (file tong)' sau 'Hang muc + Bao gia'.
- Component GeneralAttachmentsSection: upload KHONG truyen supplierRowId
(BE luu NULL) → purpose=ComparisonTable default. Filter attachments
co supplierRowId===null de render.
- Card layout khac SupplierAttachmentsCell: full-width card + brand color
+ purpose chip + date. Upload button to hon ([+ Tai len bang so sanh]).
- readOnly hide upload + delete, giu download.
PART B: Demo email rebrand @solutionerp.local → @solutions.com.vn
User request: 'tao nguoi dung demo theo email cua ben nay'.
BE DbInitializer:
- Rename 18 email in source: AdminEmail const + 17 demo users
(bod/pm/ccm/pro/fin/act/equ/hra/qs/nv) — keep password + role unchanged.
- Them BackfillUserEmailDomainAsync (idempotent): scan user co email
@solutionerp.local, rename sang @solutions.com.vn, update Email +
NormalizedEmail + UserName + NormalizedUserName. Skip neu co conflict
user da ton tai voi email moi. Chay truoc SeedAdmin de tranh tao
duplicate admin.
Admin permission tao user da co san qua /system/users page.
Comment input khi duyet da co san o PeWorkflowPanel (Ghi chu tuy chon
Textarea) + ContractDetailContent (Yeu cau sua / Duyet tiep dialog).
User request: 'cho hop dong dua cac thong tin lich su dieu chinh sang
duoi lich su duyet nhen'.
ContractDetailContent (Panel 2): xoa section 'Lich su dieu chinh' (cot
3/10 grid 7/3) → Chi tiet HD gio full-width. Remove import History +
ContractChangelogsTab.
WorkflowHistoryPanel (Panel 3): them section Lich su dieu chinh duoi
Lich su duyet. Import History icon + ContractChangelogsTab. Reuse same
component, chi doi vi tri render.
Mirror fe-admin + fe-user.
User request: 'cho tat ca cai nay the hien tren dung 1 man hinh nhe, cai
duyet va lich su thi dua sang panel 3'.
Panel 2 (PeDetailTabs): truoc 5 tab (Info/NCC/Items/Approvals/History).
Sau bo tabs, flat render 3 section stack doc voi divider + title uppercase:
Thong tin → NCC tham gia (N) → Hang muc + Bao gia (N)
Panel 3 (PeWorkflowPanel): truoc chi workflow timeline + transition btn.
Sau them 2 section ben duoi:
Workflow timeline → Lich su duyet (PeApprovalsSection) → Lich su thay doi
(PeHistorySection)
Export PeApprovalsSection + PeHistorySection tu PeDetailTabs — reuse
ApprovalsTab + HistoryTab logic cu, wrap them <h3> section title.
Dong bo ca fe-admin + fe-user (copy identical file).
Bug: click leaf 'Duyet' (/purchase-evaluations?type=2&pendingMe=1) khien
leaf 'Danh sach' (/purchase-evaluations?type=2) cung highlight cung luc.
Nguyen nhan: NavLink 'end' prop chi match pathname. 2 leaf cung pathname
/purchase-evaluations → ca 2 active.
Fix: custom isActive voi queryMatches helper — compare query string dang
key-value set (thu tu param khong quan trong). 2 leaf chi active khi
pathname + query dung khop.
Dong bo ca fe-admin + fe-user. Anh huong tat ca menu leaf co ?query=
variants: Ct_* (Danh sach /contracts?type=N vs Duyet /contracts?type=N&
pendingMe=1), Pe_* (tuong tu /purchase-evaluations), admin workflow leaf
Wf_* + PeWf_* (khong dinh vi path khong query params).
GetMyMenuTreeQuery truoc chi inherit Contracts (Ct_*) va Workflows
(Wf_*). Extend 2 root moi PurchaseEvaluations (Pe_*) + PeWorkflows
(PeWf_*) de admin co PurchaseEvaluations.Read auto thay 2 group Pe_* +
6 leaf (Danh sach/Thao tac/Duyet x 2 type) + 2 PeWf_* leaf admin designer
UI, khong can add per-subitem permission row.
Verify bug: /menus/me cho admin hien chi root 'PurchaseEvaluations'
+ 'PeWorkflows' nhung khong co Pe_DuyetNcc group / Pe_DuyetNccPhuongAn
group children du DB co 12 row (sqlcmd confirm). Root cause: hardcoded
2 inherit roots trong BuildChildren switch.
Fix: expand switch cover 4 inherit roots. Propagate nextInherit xuong
tat ca descendants.
Bài học từ VietReport VPS shared (2026-04-23): Next.js app hijack port
3000 IPv4 → Gitea bị đẩy IPv6-only → IIS ARR localhost:3000 resolve
IPv4 first → git.baocaogiaoduc.vn trả homepage VietReport.
Apply 3 rules G-084 preemptively cho SOLUTION_ERP (risk thấp vì API
in-process IIS, nhưng vẫn chuẩn hóa):
1. `scripts/deploy-iis.ps1` — HealthUrl `localhost` → `127.0.0.1`
2. `.claude/skills/iis-deploy-runbook/SKILL.md` — 7 ref localhost →
127.0.0.1 + section Hardening mới giải thích G-084 + 3 rules + note
SOLUTION_ERP relevance (risk thấp vì no standalone Kestrel/no ARR
proxy hiện tại, nhưng tương lai thêm phải tuân)
3. `docs/gotchas.md` — thêm entry #33 G-084 full writeup (triệu chứng,
root cause, 3 rules, SOLUTION_ERP relevance) + update debug
checklist
3 rules:
- Reverse-proxy luôn IP literal 127.0.0.1, không localhost
- Backend services bind loopback IPv4 explicit, không 0.0.0.0
- Service dependency cho boot order khi nhiều service cùng port family
BE:
- CreateContractFromEvaluationCommand: guard DaDuyet + SelectedSupplier
+ ContractId=null → tạo Contract draft mới với SupplierId/ProjectId/
DepartmentId kế thừa từ PE. GiaTri = sum(details.thanhTienNganSach).
DraftData = PE.PaymentTerms. Gen MaHopDong ngay + pin WorkflowDefinitionId
theo ContractType user chọn. Log Changelog cả 2 bảng (Contract +
PurchaseEvaluation), link 2 chiều PE.ContractId = contract.Id.
- ListApprovedPurchaseEvaluationsQuery: DaDuyet + ContractId=null cho
FE picker.
- 2 endpoint mới:
GET /api/purchase-evaluations/approved-pending-contract
POST /api/purchase-evaluations/{id}/create-contract
FE:
- PeDetailTabs InfoTab: nếu Phase=DaDuyet && !ContractId && SelectedSupplierId
→ banner emerald + button "Tạo HĐ từ phiếu" → CreateContractDialog
(pick ContractType dropdown 7 loại + TenHopDong + bypass CCM flag)
- Sau khi tạo → navigate /contracts/{newId}
- Mirror fe-user.
KHÔNG auto-map PE Details → Contract Details per-type (PE schema ≠ 7
ContractType details schemas — user điền lại sau). PE → Contract link
qua FK ContractId cho navigation + history.
## User-kind approver guard
Trước: WorkflowDefinition Designer cho admin pick User cụ thể vào step
approver, nhưng runtime guard bỏ qua (User-kind treat như DeptManager
fallback per skill doc).
Bây giờ: enable đầy đủ. WorkflowPolicy + UserTransitions parallel dict
(default null cho hardcoded Standard/SkipCcm, populated qua
FromDefinition khi WorkflowStepApprover Kind=User).
IsTransitionAllowed signature update: (from, to, actorRoles, actorUserId?)
- Check Role first (existing behavior)
- Fallback User-kind: actorUserId.ToString() có trong UserTransitions[(from,to)]?
ContractWorkflowService.TransitionAsync dùng IsTransitionAllowed thay
inline check. Error message thêm "{N} user explicit" nếu policy có
User-kind approvers cho transition đó.
FromDefinition cũng update: nếu step CHỈ có User-kind (không Role),
không fallback DeptManager nữa — guard sẽ check user-level. Chỉ
fallback DeptManager nếu step thiếu cả 2.
## Warning 20% SLA
SlaExpiryJob.ProcessWarningsAsync mới — chạy trước ProcessAsync
(auto-approve quá hạn):
- Pull Contracts WHERE !SlaWarningSent && SlaDeadline > now &&
Phase NOT IN (DaPhatHanh, TuChoi, DangDongDau)
- Per phase, threshold = 20% × default SLA (vd Soạn thảo 7 ngày → 33.6h
remaining trigger warning; In ký 1 ngày → 4.8h)
- Compute remaining = SlaDeadline - now; nếu remaining <= threshold
+ còn slot → notify Drafter via INotificationService
- Set SlaWarningSent = true để chỉ warning 1 lần per phase (reset trong
TransitionAsync khi chuyển phase mới)
- NotificationType.SlaWarning (đã có trong enum) + title icon ⚠
## Build
dotnet build BE pass (0 error)
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
User feedback: /system/roles trỏ tới placeholder "chưa được build" — build
trang quản lý 12 role mặc định + custom role admin tự thêm.
## BE — PermissionFeatures.cs
3 command mới:
- CreateRoleCommand — Name regex `^[A-Za-z][A-Za-z0-9_]*$` (chỉ chữ/số/
underscore, bắt đầu chữ), throw ConflictException nếu code đã tồn tại
- UpdateRoleCommand — CHỈ update ShortName + Description. KHÔNG đổi
Name (Identity FK trong UserRoles + WorkflowStepApprover.AssignmentValue
+ [Authorize(Roles="...")] attr — đổi = data corruption widespread)
- DeleteRoleCommand — block 2 trường hợp:
* Role thuộc AppRoles.All hardcoded (workflow guard reference)
* Còn user assigned (UserManager.GetUsersInRoleAsync count > 0)
ValidationException reference fully-qualified để tránh ambiguous với
FluentValidation.ValidationException.
## BE — RolesController
3 endpoint mới (POST/PUT/DELETE) — Authorize Admin role.
## FE — RolesPage
Table list 12 + custom roles với 5 column (Mã code / Mã viết tắt / Tên
đầy đủ / Loại badge / Ngày tạo) + actions Edit/Delete:
- Edit dialog: chỉ ShortName + Description editable, Name disabled với
hint "Không đổi được sau khi tạo"
- Delete: block với toast nếu role mặc định (HARDCODED_ROLES set check
client-side trước khi gọi BE — UX faster, BE vẫn double-check)
- Create dialog: 3 field Name (regex pattern HTML5) + ShortName + Description
- Banner amber warning về Mã code FK constraint
- Loại badge: Mặc định (slate) vs Tùy chỉnh (brand)
## FE — App.tsx
+ import RolesPage + route /system/roles → RolesPage.
## Build
- BE: dotnet build pass (0 error)
- fe-admin: tsc + vite pass (13.88s)
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
User feedback: thay vì placeholder dashed nhỏ "Chi tiết sẽ hiện sau khi
tạo Header", show structure thật của Chi tiết section ngay từ đầu nhưng
disabled. User thấy trước layout columns + button add → trải nghiệm
liên tục, không bất ngờ khi switch sang edit mode.
## Component mới: ContractDetailsPreview
- Section title "Chi tiết ({TypeLabel})" + amber pill "🔒 Cần tạo Header trước"
- Table opacity-60 với:
- thead column headers per type (sync với HEADERS_BY_TYPE config)
- tbody empty state: Lock icon + "Tạo Header xong sẽ thêm được hạng mục"
- Disabled "+ Thêm dòng" button (cursor-not-allowed, slate-400 text)
## HEADERS_BY_TYPE config
7 type × column headers — duplicate nhỏ với ContractDetailsTab.tsx renderers
(acceptable: chỉ là labels visual, không logic).
## Reactive theo type
User đổi dropdown "Loại HĐ" → preview headers update tương ứng (state-driven).
## Build
- fe-user: tsc + vite pass (586ms)
- fe-admin: tsc + vite pass (709ms)
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
