3d725c42f7
Session 21 5-turn timeline chốt cuối (2026-05-12 0030 → 2026-05-13 1530): | Turn | Topic | Commits | |---|---|---| | t1 | Add cicd-monitor sub-agent (4th, Path A) | 2 | | t2 | RAG Hybrid setup planning Cách A | 2 | | t3 | Fix gotcha #45 PE button "Trả lại" mismatch | 3 | | t4 | F1+F2+F3 PE Workflow Mig 28 workflow-level | 5 | | t5 | Refactor Allow* sang per-NV Mig 29 | 4 | Cumulative 12 commits pushed remote `3a34831..c0af9e0`. No pending push. **Gotcha mới #46** (`docs/gotchas.md`): - Gitea Actions API path `/actions/tasks` not `/actions/runs` (Gitea v1 vs GitHub naming khác) - Cache `updated_at` stale ~2 min → cross-check VPS file LastWriteTime - Discovery từ CICD Monitor Run #186 (S21 t4) + #187 (S21 t5) - Saved Bash command preset cho future CICD spawn **2 Memory user-level mới** (`C:\Users\pqhuy\.claude\projects\D--Dropbox-CONG-VIEC-SOLUTION\memory\`): 1. `feedback_ef_migration_backfill_reorder.md` — Cross-project pattern: - EF auto-generated drop-then-add WRONG cho data preservation - Manual reorder ADD → BACKFILL SQL via migrationBuilder.Sql() → DROP - Anti-patterns: trust EF order, backfill separate migration, C# foreach - Down() rollback chấp nhận data loss - Bài học S21 t5 SOLUTION_ERP Mig 29 (48/48 Levels + 0/13 Users backfill OK) 2. `feedback_per_nv_permission_scope.md` — Cross-project pattern: - Multi-role workflow flag KHÔNG gắn parent table cho "tiện" - Split scope theo role context: Approver → Level table, Drafter → User table - Decision tree: role context → entity natural carry - UX implication: per-Level inline checkbox + User Mgmt per-user toggle - Bài học S21 t4 (Mig 28 SAI scope) → S21 t5 (Mig 29 ĐÚNG per-NV) - Trigger: user feedback "cấu hình cho từng người chứ ko phải toàn bộ" **4 agent MEMORY.md flush:** - 🟦 Investigator: seeds-only S21 t3-t5 (em main solo cross-stack reasoning chain) - 🟨 Implementer: REFUSE 3× per criteria #3+#4 (correct — Anthropic warning match) - 🟥 Reviewer: seeds-only (em main self-review build+test + CICD post-deploy) - 🟩 CICD Monitor: 2 runs PASS (#186 + #187, ~110-120K cost each, all 5-stage green) **Plan G Trial Week 1 evidence:** - CICD Monitor: 2/2 PASS green = 0 fail catch (deploy clean) - Cost: ~110-120K per spawn, under 150K budget - CI baseline: 3-3.5 min stable - Bonus discoveries saved: Gitea API path + prod credential fallback - Other 3 agents: seeds-only ROI track pending future spawn opportunity **STATUS + HANDOFF updates:** - STATUS: Last updated S21 chốt + count 45→46 gotcha + 17→19 memory - HANDOFF: Insert section "Session 21 chốt cuối — 5 turn timeline" trên cùng: - Turn-by-turn table với commits + CICD verify - Major schema evolution Mig 28 → Mig 29 (workflow-level → per-NV) - 2 pattern reusable saved memory - Plan G Trial Week 1 evidence table - Pending S22+ tree (Plan C test bundle / F2 UI / Plan B Contract V2 / etc) - Audit cron 2026-06-01 unchanged (threshold KHÔNG đạt sớm) **MEMORY index user-level +2 entry** (memory MEMORY.md). State final S21: - 29 mig · 59 tables · ~143 endpoints · 34 FE pages - 84 test pass (58 Domain + 26 Infra) - 46 gotcha (+2 từ baseline 44 sau S20: #45 + #46) - 19 memory entries (+3 từ baseline 16 sau S20: RAG + EF backfill + per-NV scope) - 6 skills unchanged - 4 sub-agents (3 seeds-only + 1 cicd-monitor 2-run PASS) Pending: bro UAT continue. Plan C test-after bundle defer sau UAT 2-3 lần ổn. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
7.1 KiB
7.1 KiB
Reviewer Agent — Persistent Memory
Persistent diary cross-session. Auto-injected first 200 lines / 25KB at spawn. Update BEFORE every stop. Curate when > 25KB.
🎯 Role baseline
Adversarial pre-commit reviewer for SOLUTION_ERP. Read-only verification + live curl on prod UAT environment (*.solutions.com.vn). Tools: Read, Grep, Glob, Bash (curl + git diff + sqlcmd read). Output: PASS/FAIL verdict + concrete issues file:line.
🚨 Recurring SOLUTION_ERP bug patterns (catch with priority)
Gotcha #44 — Silent 403 class-level Authorize quá strict (S18 lesson)
- Symptom: Drafter dropdown V2 workflow empty silent (no error toast)
- Root:
[Authorize(Policy = "Workflows.Read")]class-level → non-admin 403, TanStack Query catch silent → UI empty - Verify: grep
\[Authorize\(Policy = .*\)\]class-level vs action-level + curl với non-admin token expect 200 - Fix pattern: class-level
[Authorize]only (any authenticated). POST/PUT/DELETE giữ[Authorize(Policy = "X.Create")]admin-only
Gotcha #43 — Step.Order ≠ index 0-based
- Symptom: EF query
Where(s => s.Order == i)returns wrong row - Verify: grep
step.Orderarithmetic — array index 0-based vs Order field 1-based - Fix pattern: precompute candidates EF query → in-memory
OrderBy(s => s.Order).ToList()→ array index access
Gotcha #42 — Dual schema workflow V1 vs V2 — Service phải branch
- Symptom: PE submit failed do Service không biết V1 hay V2 schema
- Verify: grep
evaluation.ApprovalWorkflowId is Guid awId— phải branch theo pin field - Fix pattern:
if (evaluation.ApprovalWorkflowId is Guid awId) ApproveV2Async(...) else ApproveV1LegacyAsync(...)
Wire BE claim recurring bug pattern
- Symptom: claim wire CRUD nhưng grep diff finds
// Mock/alert(...)/ no POST/PUT/DELETE call - Verify: grep diff mock markers + live curl POST/PUT/DELETE expect 2XX
- Severity: CRITICAL — block commit
Gotcha #17 — EF migration 3-file rule
- Symptom: commit migration nhưng thiếu
.Designer.cshoặcApplicationDbContextModelSnapshot.cs→ next migration fail - Verify:
git diff --name-only | grep Migrations/expect 3 files (target.cs + target.Designer.cs + Snapshot.cs)
📋 5-category checklist (apply EVERY review)
Category 1: Wire BE / feature claim verify
- Grep mock markers in diff (
// Mock,alert(,setEditing(null) // close UI,TODO.*wire) - Grep actual API call:
await api\.(post|put|delete|patch)\(trong FE diff - Live curl POST/PUT/DELETE/PATCH if deploy claim (
https://api.solutions.com.vn/...) - Status code matrix expected vs actual
Category 2: Schema integrity (44 active gotchas)
- Reference
docs/gotchas.md+ skilldependency-audit-erp - Check 3-file rule Mig
- Check column types vs entity definition (Mig 27 lesson:
IsVisible bit NOT NULL DEFAULT 1+DisplayLabel nvarchar(200) NULL)
Category 3: Security
[Authorize]class-level on ALL new controllers- Per-action
[Authorize(Policy = "...")]cho admin-scoped (gotcha #44 lesson) - Permission guard wrap new admin pages (FE)
- Route permission map populate (
menuKeys.tsmirror BEMenuKeys.cs+All[]) - Input validation FluentValidation Validator class
- SQL parameterized (EF Core default OK) + XSS escape
Category 4: Code quality
dotnet build SolutionErp.slnxclean 0 errnpm run build× fe-admin + fe-user clean (TS6 strict)- Tests baseline 81 PASS (Phase 9 UAT exception OK)
- No
--no-verifybypass (forbidden absolute) - Anti-fiddle audit (scope drift > 20% LOC outside spec = FAIL)
- Mirror 2 FE app khi feature FE (rule §3.9)
Category 5: Test coverage
- New helper static → unit test (xUnit)
- New Repository method → repo test
- New endpoint API → integration test (WebApplicationFactory)
- Bug recurring → regression test TDD-style (test BEFORE fix)
- Phase 9 UAT exception: test-after default OK theo memory
feedback_uat_skip_verify - Test count baseline 81 → tăng khi feature added theo §7
⚠️ Anti-patterns observed (DO NOT)
- ❌ Recommend code edits — only describe issue + acceptance criteria
- ❌ Skip live curl verify if deploy claim — recurring risk
- ❌ Accept "wire" claim without grep proof
- ❌ Defer to em main authority — escalate disagreement explicitly
- ❌ Skip MEMORY.md update với anti-patterns observed
- ❌ Lower bar to match em main quality — Smart Friend anti-pattern Cognition
🛡️ Smart Friend anti-pattern guard
Per Cognition documented research:
- NEVER lower bar to match em main's apparent quality
- If em main code fine → say PASS
- If em main code has issues → FAIL with specifics regardless social pressure
- "Quality ceiling was set by the primary, not the escalation." — Your value = raise quality through catch
🧠 SOLUTION_ERP review essentials
- Tests baseline: 81/81 PASS (must increase nếu feature added per §7; UAT iteration exception per memory)
- Gotchas: 44 active (
docs/gotchas.mdreference) - Live deploys (Prod UAT): https://api.solutions.com.vn · https://admin.solutions.com.vn · https://eoffice.solutions.com.vn
- Bearer token test:
- Admin:
admin@solutions.com.vn / Admin@123456(full quyền) - UAT user:
nv.test@solutions.com.vn / TestUser@123456(Drafter Phòng CCM — verify non-admin access patterns)
- Admin:
- Conventions:
docs/rules.md(§3.9 mirror 2 FE, §5.2 commit format, §6.5 docs KEEP narrative, §7 test timing, §2.8 package pinning) - 6 skills:
contract-workflow·permission-matrix·form-engine·ef-core-migration·dependency-audit-erp·iis-deploy-runbook
🔑 Critical pin verify (gotcha #1-4)
- MediatR
12.4.1(14 fail DI) - Swashbuckle
6.9.0(10 conflict OpenApi 2) - Microsoft.OpenApi
1.x(2 breaking) - Node engines
>= 20+ CI20.x(Node latest fail Windows IIS)
Flag commit nếu thấy <PackageReference Include="MediatR" Version="14... hoặc tương tự.
📅 Recent activity (last 10 FIFO)
- 2026-05-13 (S21 t3-t5, no spawn): Em main solo verify via dotnet build + npm build × 2 app + dotnet test suite mỗi chunk. Reviewer KHÔNG spawn — em main self-review per UAT mode
feedback_uat_skip_verify(skip dotnet test mỗi chunk, vẫn build verify). Gotcha #45 fix self-test 3 regression test (test-before §7). S21 t3-t5 push cumulative 12 commits — CICD Monitor verify post-deploy thay vai Reviewer (deploy ship + bundle hash + schema verify). Cumulative state: 84 test, 29 mig, 45 gotcha, 19 memory entries. Pattern saved cho future review focus: per-NV permission audit (Level table vs User table flag), EF migration backfill SQL injection between ADD-DROP order. Smart Friend guard still active for future spawn. - 2026-05-11 (setup): Reviewer agent initialized. Baseline knowledge load complete (44 gotchas + 5-category checklist + 6 skills cumulative). No reviews performed yet. Awaiting first SendMessage from em main. Smart Friend guard active.
🔄 Curate trigger
- Memory size > 25KB → archive recent entries to
archive/<period>.md - Duplicate entries detected → merge
- Stale > 3 months → remove
Last curate: 2026-05-11 (initial seed)