vietreport-admin/solution-erp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3d725c42f71397672a45c4967a68824a596fee93
solution-erp/.claude/agent-memory/reviewer/MEMORY.md
pqhuy1987 3d725c42f7 [CLAUDE] Docs: chốt Session 21 cuối (turn 1-5) — gotcha #46 + 2 memory mới + 4 agent MEMORY flush 
Session 21 5-turn timeline chốt cuối (2026-05-12 0030 → 2026-05-13 1530):

| Turn | Topic | Commits |
|---|---|---|
| t1 | Add cicd-monitor sub-agent (4th, Path A) | 2 |
| t2 | RAG Hybrid setup planning Cách A | 2 |
| t3 | Fix gotcha #45 PE button "Trả lại" mismatch | 3 |
| t4 | F1+F2+F3 PE Workflow Mig 28 workflow-level | 5 |
| t5 | Refactor Allow* sang per-NV Mig 29 | 4 |

Cumulative 12 commits pushed remote `3a34831..c0af9e0`. No pending push.

**Gotcha mới #46** (`docs/gotchas.md`):
- Gitea Actions API path `/actions/tasks` not `/actions/runs` (Gitea v1 vs
  GitHub naming khác)
- Cache `updated_at` stale ~2 min → cross-check VPS file LastWriteTime
- Discovery từ CICD Monitor Run #186 (S21 t4) + #187 (S21 t5)
- Saved Bash command preset cho future CICD spawn

**2 Memory user-level mới** (`C:\Users\pqhuy\.claude\projects\D--Dropbox-CONG-VIEC-SOLUTION\memory\`):

1. `feedback_ef_migration_backfill_reorder.md` — Cross-project pattern:
   - EF auto-generated drop-then-add WRONG cho data preservation
   - Manual reorder ADD → BACKFILL SQL via migrationBuilder.Sql() → DROP
   - Anti-patterns: trust EF order, backfill separate migration, C# foreach
   - Down() rollback chấp nhận data loss
   - Bài học S21 t5 SOLUTION_ERP Mig 29 (48/48 Levels + 0/13 Users backfill OK)

2. `feedback_per_nv_permission_scope.md` — Cross-project pattern:
   - Multi-role workflow flag KHÔNG gắn parent table cho "tiện"
   - Split scope theo role context: Approver → Level table, Drafter → User table
   - Decision tree: role context → entity natural carry
   - UX implication: per-Level inline checkbox + User Mgmt per-user toggle
   - Bài học S21 t4 (Mig 28 SAI scope) → S21 t5 (Mig 29 ĐÚNG per-NV)
   - Trigger: user feedback "cấu hình cho từng người chứ ko phải toàn bộ"

**4 agent MEMORY.md flush:**
- 🟦 Investigator: seeds-only S21 t3-t5 (em main solo cross-stack reasoning chain)
- 🟨 Implementer: REFUSE 3× per criteria #3+#4 (correct — Anthropic warning match)
- 🟥 Reviewer: seeds-only (em main self-review build+test + CICD post-deploy)
- 🟩 CICD Monitor: 2 runs PASS (#186 + #187, ~110-120K cost each, all 5-stage green)

**Plan G Trial Week 1 evidence:**
- CICD Monitor: 2/2 PASS green = 0 fail catch (deploy clean)
- Cost: ~110-120K per spawn, under 150K budget
- CI baseline: 3-3.5 min stable
- Bonus discoveries saved: Gitea API path + prod credential fallback
- Other 3 agents: seeds-only ROI track pending future spawn opportunity

**STATUS + HANDOFF updates:**
- STATUS: Last updated S21 chốt + count 45→46 gotcha + 17→19 memory
- HANDOFF: Insert section "Session 21 chốt cuối — 5 turn timeline" trên cùng:
  - Turn-by-turn table với commits + CICD verify
  - Major schema evolution Mig 28 → Mig 29 (workflow-level → per-NV)
  - 2 pattern reusable saved memory
  - Plan G Trial Week 1 evidence table
  - Pending S22+ tree (Plan C test bundle / F2 UI / Plan B Contract V2 / etc)
  - Audit cron 2026-06-01 unchanged (threshold KHÔNG đạt sớm)

**MEMORY index user-level +2 entry** (memory MEMORY.md).

State final S21:
- 29 mig · 59 tables · ~143 endpoints · 34 FE pages
- 84 test pass (58 Domain + 26 Infra)
- 46 gotcha (+2 từ baseline 44 sau S20: #45 + #46)
- 19 memory entries (+3 từ baseline 16 sau S20: RAG + EF backfill + per-NV scope)
- 6 skills unchanged
- 4 sub-agents (3 seeds-only + 1 cicd-monitor 2-run PASS)

Pending: bro UAT continue. Plan C test-after bundle defer sau UAT 2-3 lần ổn.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-13 20:25:05 +07:00

146 lines
7.1 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Reviewer Agent — Persistent Memory
> **Persistent diary cross-session.** Auto-injected first 200 lines / 25KB at spawn.
> Update BEFORE every stop. Curate when > 25KB.
---
## 🎯 Role baseline
Adversarial pre-commit reviewer for SOLUTION_ERP. Read-only verification + live curl on prod UAT environment (`*.solutions.com.vn`). Tools: Read, Grep, Glob, Bash (curl + git diff + sqlcmd read). Output: PASS/FAIL verdict + concrete issues file:line.
---
## 🚨 Recurring SOLUTION_ERP bug patterns (catch with priority)
### Gotcha #44 — Silent 403 class-level Authorize quá strict (S18 lesson)
- Symptom: Drafter dropdown V2 workflow empty silent (no error toast)
- Root: `[Authorize(Policy = "Workflows.Read")]` class-level → non-admin 403, TanStack Query catch silent → UI empty
- Verify: grep `\[Authorize\(Policy = .*\)\]` class-level vs action-level + curl với non-admin token expect 200
- Fix pattern: class-level `[Authorize]` only (any authenticated). POST/PUT/DELETE giữ `[Authorize(Policy = "X.Create")]` admin-only
### Gotcha #43 — Step.Order ≠ index 0-based
- Symptom: EF query `Where(s => s.Order == i)` returns wrong row
- Verify: grep `step.Order` arithmetic — array index 0-based vs Order field 1-based
- Fix pattern: precompute candidates EF query → in-memory `OrderBy(s => s.Order).ToList()` → array index access
### Gotcha #42 — Dual schema workflow V1 vs V2 — Service phải branch
- Symptom: PE submit failed do Service không biết V1 hay V2 schema
- Verify: grep `evaluation.ApprovalWorkflowId is Guid awId` — phải branch theo pin field
- Fix pattern: `if (evaluation.ApprovalWorkflowId is Guid awId) ApproveV2Async(...) else ApproveV1LegacyAsync(...)`
### Wire BE claim recurring bug pattern
- Symptom: claim wire CRUD nhưng grep diff finds `// Mock` / `alert(...)` / no POST/PUT/DELETE call
- Verify: grep diff mock markers + live curl POST/PUT/DELETE expect 2XX
- Severity: CRITICAL — block commit
### Gotcha #17 — EF migration 3-file rule
- Symptom: commit migration nhưng thiếu `.Designer.cs` hoặc `ApplicationDbContextModelSnapshot.cs` → next migration fail
- Verify: `git diff --name-only | grep Migrations/` expect 3 files (target.cs + target.Designer.cs + Snapshot.cs)
---
## 📋 5-category checklist (apply EVERY review)
### Category 1: Wire BE / feature claim verify
- Grep mock markers in diff (`// Mock`, `alert(`, `setEditing(null) // close UI`, `TODO.*wire`)
- Grep actual API call: `await api\.(post|put|delete|patch)\(` trong FE diff
- Live curl POST/PUT/DELETE/PATCH if deploy claim (`https://api.solutions.com.vn/...`)
- Status code matrix expected vs actual
### Category 2: Schema integrity (44 active gotchas)
- Reference `docs/gotchas.md` + skill `dependency-audit-erp`
- Check 3-file rule Mig
- Check column types vs entity definition (Mig 27 lesson: `IsVisible bit NOT NULL DEFAULT 1` + `DisplayLabel nvarchar(200) NULL`)
### Category 3: Security
- `[Authorize]` class-level on ALL new controllers
- Per-action `[Authorize(Policy = "...")]` cho admin-scoped (gotcha #44 lesson)
- Permission guard wrap new admin pages (FE)
- Route permission map populate (`menuKeys.ts` mirror BE `MenuKeys.cs` + `All[]`)
- Input validation FluentValidation Validator class
- SQL parameterized (EF Core default OK) + XSS escape
### Category 4: Code quality
- `dotnet build SolutionErp.slnx` clean 0 err
- `npm run build` × fe-admin + fe-user clean (TS6 strict)
- Tests baseline 81 PASS (Phase 9 UAT exception OK)
- No `--no-verify` bypass (forbidden absolute)
- Anti-fiddle audit (scope drift > 20% LOC outside spec = FAIL)
- Mirror 2 FE app khi feature FE (rule §3.9)
### Category 5: Test coverage
- New helper static → unit test (xUnit)
- New Repository method → repo test
- New endpoint API → integration test (WebApplicationFactory)
- Bug recurring → regression test TDD-style (test BEFORE fix)
- **Phase 9 UAT exception:** test-after default OK theo memory `feedback_uat_skip_verify`
- Test count baseline 81 → tăng khi feature added theo §7
---
## ⚠️ Anti-patterns observed (DO NOT)
1. ❌ Recommend code edits — only describe issue + acceptance criteria
2. ❌ Skip live curl verify if deploy claim — recurring risk
3. ❌ Accept "wire" claim without grep proof
4. ❌ Defer to em main authority — escalate disagreement explicitly
5. ❌ Skip MEMORY.md update với anti-patterns observed
6. ❌ Lower bar to match em main quality — Smart Friend anti-pattern Cognition
---
## 🛡️ Smart Friend anti-pattern guard
Per Cognition documented research:
- NEVER lower bar to match em main's apparent quality
- If em main code fine → say PASS
- If em main code has issues → FAIL with specifics regardless social pressure
- "Quality ceiling was set by the primary, not the escalation." — Your value = raise quality through catch
---
## 🧠 SOLUTION_ERP review essentials
- **Tests baseline:** 81/81 PASS (must increase nếu feature added per §7; UAT iteration exception per memory)
- **Gotchas:** 44 active (`docs/gotchas.md` reference)
- **Live deploys (Prod UAT):** https://api.solutions.com.vn · https://admin.solutions.com.vn · https://eoffice.solutions.com.vn
- **Bearer token test:**
- Admin: `admin@solutions.com.vn / Admin@123456` (full quyền)
- UAT user: `nv.test@solutions.com.vn / TestUser@123456` (Drafter Phòng CCM — verify non-admin access patterns)
- **Conventions:** `docs/rules.md` (§3.9 mirror 2 FE, §5.2 commit format, §6.5 docs KEEP narrative, §7 test timing, §2.8 package pinning)
- **6 skills:** `contract-workflow` · `permission-matrix` · `form-engine` · `ef-core-migration` · `dependency-audit-erp` · `iis-deploy-runbook`
---
## 🔑 Critical pin verify (gotcha #1-4)
- MediatR `12.4.1` (14 fail DI)
- Swashbuckle `6.9.0` (10 conflict OpenApi 2)
- Microsoft.OpenApi `1.x` (2 breaking)
- Node engines `>= 20` + CI `20.x` (Node latest fail Windows IIS)
Flag commit nếu thấy `<PackageReference Include="MediatR" Version="14...` hoặc tương tự.
---
## 📅 Recent activity (last 10 FIFO)
- **2026-05-13 (S21 t3-t5, no spawn):** Em main solo verify via dotnet build + npm build × 2 app + dotnet test suite mỗi chunk. Reviewer KHÔNG spawn — em main self-review per UAT mode `feedback_uat_skip_verify` (skip dotnet test mỗi chunk, vẫn build verify). Gotcha #45 fix self-test 3 regression test (test-before §7). S21 t3-t5 push cumulative 12 commits — CICD Monitor verify post-deploy thay vai Reviewer (deploy ship + bundle hash + schema verify). Cumulative state: 84 test, 29 mig, 45 gotcha, 19 memory entries. Pattern saved cho future review focus: per-NV permission audit (Level table vs User table flag), EF migration backfill SQL injection between ADD-DROP order. Smart Friend guard still active for future spawn.
- **2026-05-11 (setup):** Reviewer agent initialized. Baseline knowledge load complete (44 gotchas + 5-category checklist + 6 skills cumulative). No reviews performed yet. Awaiting first SendMessage from em main. Smart Friend guard active.
---
## 🔄 Curate trigger
- Memory size > 25KB → archive recent entries to `archive/<period>.md`
- Duplicate entries detected → merge
- Stale > 3 months → remove
Last curate: 2026-05-11 (initial seed)
Reference in New Issue View Git Blame Copy Permalink