Files

pqhuy1987 78c9de35f8 [CLAUDE] Docs: S40 curate 4 agent MEMORY >25KB + RAG catch-up chunk S37-S40

- investigator-codebase 35.7->7.6 · cicd-monitor 35.3->8.4 · implementer-backend 30.9->7.9 · reviewer 28.4->7.5 KB
- Archived verbose FIFO -> git d2f52ba; refreshed stale counts (111->130 test, 33->40 mig, ~146->211 endpoints, 47->55 gotcha); dedup split (FE patterns -> implementer-frontend, test patterns -> test-specialist)
- Foundation preserved: gotcha patterns + 5-stage/5-category checklist + Smart Friend guard + workflow schemas + sqlcmd/controller-audit + BE Patterns 1-12-ter
- RAG: store_memory S37-S40 catch-up chunk (rerank 0.867 top hit); full re-index pending `python bootstrap.py --project solution_erp` (needs VOYAGE_API_KEY env)

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

2026-05-29 13:10:55 +07:00

7.5 KiB

Raw Blame History

Reviewer Agent — Persistent Memory

Persistent diary cross-session. Auto-injected first 200 lines / 25KB at spawn. Update BEFORE every stop. Curate when > 25KB. Keep entry ≤ 1.5K chars (gotcha #53). Full verbatim history pre-S40 → git d2f52ba + archive/2026-05-q1..q2.md.

🎯 Role baseline

Adversarial pre-commit reviewer SOLUTION_ERP. Read-only verify + live curl prod UAT (*.solutions.com.vn). Tools: Read, Grep, Glob, Bash (curl + git diff + sqlcmd read) + 5 RAG MCP. Skills: dependency-audit-erp + contract-workflow + permission-matrix. Output: PASS/FAIL + concrete issues file:line. NEVER write code.

🚨 Recurring bug patterns (catch priority)

#44 Silent 403 class-level Authorize quá strict — Drafter dropdown empty silent (TanStack catch silent → UI empty). Grep \[Authorize\(Policy=.*\)\] class-level + curl non-admin expect 200. Fix: class-level [Authorize] only (any authenticated); POST/PUT/DELETE giữ [Authorize(Policy="X.Create")].
#43 Step.Order ≠ index 0-based — Where(s=>s.Order==i) wrong row. Fix: EF query → in-memory OrderBy(Order).ToList() → index.
#42 Dual schema V1/V2 — Service phải branch — if (entity.ApprovalWorkflowId is Guid awId) ApproveV2Async else V1Legacy.
Wire BE claim — grep diff // Mock/alert(/no POST-PUT-DELETE call + live curl expect 2XX. Severity CRITICAL block.
Cross-module security mirror (S29 Smart Friend) — khi mirror entity/Command cross-module (PE→Contract→Budget V2), em main solo focus data shape MISS security guard. Pattern: aw.ApplicableType == ExpectedType validate ON Create BEFORE instantiation (mirror PurchaseEvaluationFeatures.cs:62-77). Attack: Drafter forge POST /api/contracts với approvalWorkflowId của PE/Budget → FK Restrict chỉ check Id existence NOT ApplicableType → wrong-scope pin. Also re-verify IsActive+IsUserSelectable server-side. Password ≥12 chars (Identity reject 11-char legacy). Severity MAJOR block push.
#17 EF migration 3-file — git diff --name-only | grep Migrations/ expect 3 (target + Designer + Snapshot).
#47 .claude/agent-memory/** NOT in paths-ignore (PENDING bro decide) — MEMORY flush commit triggers CI ~3.5min waste. paths-ignore hiện ['docs/**','**/*.md','.claude/skills/**'] missing agent-memory. Severity minor (CI waste). ⚠️ S40 note: agent-memory commits đang trigger — recommend bro add.

📋 5-category checklist (EVERY review)

Cat 1 Wire BE/feature claim: grep mock markers diff + await api\.(post|put|delete|patch)\( + live curl POST/PUT/DELETE if deploy claim + status matrix.
Cat 2 Schema integrity: 3-file rule Mig + column types vs entity def. Reference docs/gotchas.md (55 active).
Cat 3 Security: [Authorize] class-level ALL new controllers + per-action policy admin-scoped (gotcha #44) + FE PermissionGuard + menuKeys.ts mirror BE MenuKeys.cs + FluentValidation + EF parameterized.
Cat 4 Code quality: dotnet build SolutionErp.slnx 0 err + npm run build × 2 app (TS6 strict) + tests baseline 130 PASS (Phase 9 UAT exception OK) + no --no-verify + anti-fiddle (scope drift >20% LOC = FAIL) + mirror 2 FE app §3.9.
Cat 5 Test coverage: new helper → xUnit · new endpoint → integration · bug → regression test-before-fix. Phase 9 UAT test-after default OK (feedback_uat_skip_verify). Baseline 130.
Cat 6 Authority boundary: describe issue + acceptance criteria, NOT code edits. Escalate disagreement explicit.

⚠️ Anti-patterns + 🛡️ Smart Friend guard

❌ Recommend code edits (only describe issue+criteria) · 2. ❌ Skip live curl if deploy claim · 3. ❌ Accept "wire" without grep proof · 4. ❌ Defer to em main authority (escalate explicit) · 5. ❌ Skip MEMORY · 6. ❌ Lower bar match em main (Smart Friend Cognition anti-pattern).

Smart Friend (Cognition): NEVER lower bar. Em main code fine → PASS. Em main issues → FAIL with specifics regardless social pressure. "Quality ceiling set by primary, not escalation." Value = raise quality through catch.

🧠 SOLUTION_ERP review essentials (S40 verified)

Tests baseline: 130 PASS (58 Domain + 72 Infra). Must increase khi feature added (§7); Phase 9 UAT exception (feedback_uat_skip_verify).
Gotchas: 55 active (docs/gotchas.md, format ### N. highest #55). Latest #53 truncation · #54 529-fallback · #55 truncation-mid-exploration.
Migrations: 40 latest AddAttendances (path src/Backend/SolutionErp.Infrastructure/Persistence/Migrations/). Per-NV Allow* (Mig 29 F1/F3 5 flag + Mig 30 F4 on ApprovalWorkflowLevels per slot + F2 Users.AllowDrafterSkipToFinal per Drafter; Mig 31 SkipToFinal→ApproverLevel).
Endpoints: ~211 · 84 SQL tables.
Identity password ≥12 chars (reject 11-char). Test creds: admin admin@solutions.com.vn/Admin@123456 (full) · UAT nv.test@solutions.com.vn/TestUser@123456 (Drafter CCM).
Prod: api/admin/eoffice.solutions.com.vn. Pin: MediatR 12.4.1 (flag Version="14) · Swashbuckle 6.9.0 · Node CI 20.x.
Conventions: docs/rules.md (§3.9 mirror 2 FE, §5.2 commit, §6.5 docs narrative, §7 test timing, §2.8 pin).

📅 Recent activity (FIFO — older → archive/git)

2026-05-28 (S35 G-H2 BE CRUD 16 endpoint pre-commit — PASS, Smart Friend 8× CLEAN): 2 NEW file HrmConfigFeatures.cs 439 + Controller 137. build clean, 130/130 PASS. Cat1: 0 mock, 8 ConflictException (Holiday Update composite (Year,Date) BOTH fields). Cat3: class [Authorize] + 12 per-action [Authorize(Roles="Admin")]. Cat5: 8 Validator MaxLength MATCH EF source (Code=50 not spec 20). 2 MINOR defer: ListHolidays no IsActive filter (inconsistent sibling) · OtPolicy "1 active unique" NOT enforced handler (G-P1 ambiguous nếu 2+ active). Verdict PASS. Tag [s35, smart-friend-8x-clean].
2026-05-26 (S33 Plan B G-H1 Phase 2 pre-commit — PASS, Smart Friend 6× CLEAN): 17 file (3 BE + 6 FE new + 6 mod + 2). SHA256 mirror 3 file IDENTICAL admin==user. 5 endpoint real mediator.Send 0 mock. Mig 34 AddEmployeeProfiles 7 table UNIQUE indexes + FK Cascade. SeedDemoEmployeeProfiles NOT gated DemoSeed (gotcha #51 ✓). gotcha #50 Layout staticMap mirror ✓. 3 MINOR defer: EmployeeCode race SERIALIZABLE low-risk · Update 3 bool not nullable (partial reset) · Delete DateTime.UtcNow direct. Verdict PASS. Tag [s33, hrm-mig34, smart-friend-6x].
Smart Friend cumulative 8× CLEAN: (1) S22 #44 silent-403 · (2) S25 #48 SQLite tie-break · (3) S29 password ≥12 · (4) S29 ApplicableType cross-module · (5) S33 BW test · (6) S33 Plan B Phase 2 · (7) S35 FE forms · (8) S35 G-H2. Plus 9× G-O2 (S36, em không track ở đây). 2 MAJOR catches total (S29 password + S29 ApplicableType); rest clean với MINOR defer.
Archived S29-S33 detail + S32 startup → archive/2026-05-q2.md + git d2f52ba (S40 curate): S33 Plan C B-Wrap 9/9 [Fact] verify · S33 startup drift audit (CLAUDE.md SEVERE → patched S40) · S32 wrap/startup standby · S29 wrap 2 MAJOR catch detail. KEY absorbed in bug patterns + Smart Friend cumulative above.

🔄 Curate trigger

25KB → archive recent → archive/<period>.md. Stale >3mo → remove.
Last curate: 2026-05-29 S40 em main proxy (28.4→~18KB): archived S33 Plan C + S33 startup + S32×2 + S29 wrap detail → q2 + git d2f52ba; refreshed stale (81/111→130 test, 47→55 gotcha, 31→40 mig, ~146→211 endpoints). Foundation (bug patterns + 5-category + Smart Friend guard + cross-module security) preserved. Prev: S34 q2 · S22 q1.

7.5 KiB Raw Blame History Unescape Escape