solution-erp/.claude/agent-memory/reviewer/MEMORY.md

Reviewer Agent — Persistent Memory

Persistent diary cross-session. Auto-injected first ~200 lines at spawn (L1 HOT). Update BEFORE every stop. Tiered Memory v1: L1 HOT soft-cap ~30KB · L2 archive/ on-demand · L3 RAG search_memory just-in-time. Keep entry ≤ 1.5K chars (gotcha #53). Full verbatim history pre-S40 → git d2f52ba + archive/2026-05-q1..q2.md; S51→S76 detail → archive/2026-06.md (S69/S70/S71/S80 curate). Archive map: archive/_INDEX.md + per-period .gist.md.

📁 Area memory (L2 on-demand — Read khi review vùng tương ứng)

• S62 PE budget soft-warning — PASS: hard-block→soft-warning; submit-guard intact + validator giữ BudgetPeriodAmount>0, row8 negative-safe (additive-only). Validator class PurchaseEvaluationFeatures.cs:317.
• Wire/mirror claim verification anchors — sha256 twin-file · git diff -U0 isolate true-adds · allowNegative bleed check · guard-still-intact grep.

---

🎯 Role baseline

Adversarial pre-commit reviewer SOLUTION_ERP. Read-only verify + live curl prod UAT (*.solutions.com.vn). Tools: Read, Grep, Glob, Bash (curl + git diff + sqlcmd read) + 5 RAG MCP. Skills: dependency-audit-erp + contract-workflow + permission-matrix. Output: PASS/FAIL + concrete issues file:line. NEVER write code.

---

🚨 Recurring bug patterns (catch priority)

• #44 Silent 403 class-level Authorize quá strict — Drafter dropdown empty silent (TanStack catch silent → UI empty). Grep \[Authorize\(Policy=.*\)\] class-level + curl non-admin expect 200. Fix: class-level [Authorize] only (any authenticated); POST/PUT/DELETE giữ [Authorize(Policy="X.Create")].
• #43 Step.Order ≠ index 0-based — Where(s=>s.Order==i) wrong row. Fix: EF query → in-memory OrderBy(Order).ToList() → index.
• #42 Dual schema V1/V2 — Service phải branch — if (entity.ApprovalWorkflowId is Guid awId) ApproveV2Async else V1Legacy.
• Wire BE claim — grep diff // Mock/alert(/no POST-PUT-DELETE call + live curl expect 2XX. Severity CRITICAL block.
• #70 FE absolute-set stale-echo race — N fields cùng-cột share 1 mutation + echo sibling từ server-snapshot (bs) + invalidate() fire-and-forget (không await) → lưu 2 ô liên-tiếp đè mất. Window mở SAU isPending=false (btn re-enable), KHÔNG lúc in-flight. Catch: đếm field-cùng-cột share mutation + check invalidate awaited; fix = useIsFetching gate nút Lưu tới khi refetch land.
• #71 enum proxy-predicate pollution — thêm enum value vào entity dùng-chung → UI/guard phân-loại theo PROXY-predicate (supplierId===null) thay vì enum tường minh → value mới lẫn nhầm phân-loại + false-pass guard. Catch: grep mọi field-proxy predicate, loại value mới tường minh; build-verify TỪNG app.
• Cross-module security mirror (S29 Smart Friend) — khi mirror entity/Command cross-module (PE→Contract→Budget V2), focus data-shape MISS security guard. Pattern: aw.ApplicableType == ExpectedType validate ON Create BEFORE instantiation (mirror PurchaseEvaluationFeatures.cs:62-77). Attack: Drafter forge POST với approvalWorkflowId của module khác → FK Restrict chỉ check Id-existence NOT ApplicableType → wrong-scope pin. Re-verify IsActive+IsUserSelectable server-side. Password ≥12 chars. Severity MAJOR.
• #17 EF migration 3-file — git diff --name-only | grep Migrations/ expect 3 (target + Designer + Snapshot).

---

📋 6-category checklist (EVERY review)

• Cat 1 Wire BE/feature claim: grep mock markers diff + await api\.(post|put|delete|patch)\( + live curl POST/PUT/DELETE if deploy claim + status matrix.
• Cat 2 Schema integrity: 3-file rule Mig + column types vs entity def. Reference docs/gotchas.md (71 active).
• Cat 3 Security: [Authorize] class-level ALL new controllers + per-action policy admin-scoped (gotcha #44) + FE PermissionGuard + menuKeys.ts mirror BE MenuKeys.cs + FluentValidation + EF parameterized.
• Cat 4 Code quality: dotnet build SolutionErp.slnx 0 err + npm run build × 2 app (TS6 strict) + tests baseline 354 PASS (Phase 9 UAT exception OK) + no --no-verify + anti-fiddle (scope drift >20% LOC = FAIL) + mirror 2 FE app §3.9.
• Cat 5 Test coverage: new helper → xUnit · new endpoint → integration · bug → regression test-before-fix. Phase 9 UAT test-after default OK (feedback_uat_skip_verify). Baseline 354.
• Cat 6 Writing-quality (Harness-7, S64): outward text (verdict gửi anh / report) = tiếng Việt câu hoàn-chỉnh đủ dấu đúng ngữ-pháp; describe issue + acceptance criteria, NOT code edits. Escalate disagreement explicit.

---

⚠️ Anti-patterns + 🛡️ Smart Friend guard

1. ❌ Recommend code edits (only describe issue+criteria) · 2. ❌ Skip live curl if deploy claim · 3. ❌ Accept "wire" without grep proof · 4. ❌ Defer to em main authority (escalate explicit) · 5. ❌ Skip MEMORY · 6. ❌ Lower bar match em main (Smart Friend Cognition anti-pattern).

Smart Friend (Cognition): NEVER lower bar. Em main code fine → PASS. Em main issues → FAIL with specifics regardless social pressure. "Quality ceiling set by primary, not escalation." Value = raise quality through catch.

---

🧠 SOLUTION_ERP review essentials (S80 verified — re-ground từ docs/STATUS.md canonical)

• Tests baseline: 354 PASS (45 Domain + 309 Infra · 0 fail/skip). Must increase khi feature added (§7); Phase 9 UAT exception (feedback_uat_skip_verify).
• Gotchas: 71 active (docs/gotchas.md, format ### N.). Latest: #69 bundle-hash non-determ (deploy rebuild-FE-uncond rotate) · #70 FE stale-echo race (useIsFetching gate) · #71 enum proxy-predicate pollution · #66 Tailwind v4 unlayered h1-h4 color thắng utility · #58 EF read-modify-write lost-update→ExecuteUpdate atomic.
• Migrations: 57 latest AddPeSuggestedPriceNotes (path src/Backend/SolutionErp.Infrastructure/Persistence/Migrations/). PE-budget: Mig 50 PeWorkItemBudgets per-gói-thầu (DROP module Budget cũ) · Mig 54 giá-đề-xuất PRO/CCM + giá-chốt · Mig 55 CcmNote · Mig 56 ProInitial/ProAdjust split · Mig 57 ghi-chú-giá PRO/CCM.
• Endpoints: ~253 · 88 SQL tables.
• Identity password ≥12 chars (reject 11-char). Test creds: admin admin@solutions.com.vn/Admin@123456 (full) · UAT nv.test@solutions.com.vn/TestUser@123456 (Drafter CCM).
• Prod: api/admin/eoffice.solutions.com.vn. Bundle live admin CsJetgZH / user BVS0ApIm (Run #330). Pin: MediatR 12.4.1 (flag Version="14) · Swashbuckle 6.9.0 · Node CI 20.x.
• Conventions: docs/rules.md (§1.1 outward writing, §3.9 mirror 2 FE, §5.2 commit, §6.5 docs narrative, §7 test timing, §2.8 pin).

---

📅 Recent activity (compressed — full verbatim → archive/2026-06.md via archive/_INDEX.md)

• S82 (2026-06-21) Harness-15-v2 adopt review (governance delta, 0 code) — 3/3 lane PASS: floor-completeness + faithfulness + honesty-regression, all clean ("genuine PASS not courtesy"). Caught 3 MINOR (đã fix): volume "~42K" stale trong mark · mark What-cell mang nội-dung S82 mà status ghi "anh-confirm S81" → flag pending-confirm · _index pending. Memory-note (chống false-alarm): broadcasts/_index.md sha = notify's self-declared content_sha256 (frontmatter), KHÔNG recompute full-file/body → đừng flag index-vs-file "mismatch" trước khi đọc frontmatter field. Stamped-mark mid-session edit OK khi chỉ refresh What-cell content của decision đã-confirm + status flag pending (KHÔNG mint RC-sig mới, KHÔNG đổi tier) = accuracy-keeping, không phải frozen-record breach.
• S76 (2026-06-19) PE budget ma-trận 3 cột Mig 56 + badge display-only — PASS: MAJOR race = 2 PRO cell cùng-cột share mutation + echo sibling từ bs + fire-and-forget invalidate() → data-loss window (fixed gotcha #70 useIsFetching gate). Badge role-set MUST mirror gate bit-for-bit (đảo-chiều set-lookup = forward Roles.Contains). SURPRISE: spec "KHÔNG migration" FALSE (diff bundle Part1+2+3) — đừng tin scope-framing em-main, đọc changed-set thật. → _INDEX S76 Part1/Part2+3.
• S72/S72bis/S72ter/Q2 (2026-06-18) Mig 54 PE giá-đề-xuất + CCM-finalize OPT-IN — financial go-live PASS: fail-closed guard ORDER = throw TRƯỚC mọi set Phase=DaDuyet; no-deadlock proof = submit-guard invariant (winnerQuoteTotal>0) forward-trace tới finalize candidate-set (FE length===0 branch unreachable); finalize-bypass = 3 gate trực-giao (approver-match ∩ role=CostControl ∩ amount<threshold) + server-recompute amount KHÔNG trust-client; isSystem-exempt = dead-branch single-caller-proof. → _INDEX S72*.
• S71 (2026-06-18) Harness-10 run-trace + finalize double-check — PASS/GAPS: "TRACKED" containment 2-level = check-ignore(eligible) vs git ls-files(committed) — model chỉ work post git add. "Hoàn chỉnh toàn bộ" audit phải check budget.json measured-bytes vs DISK (over-cap re-accumulate mỗi session). → _INDEX S71*.
• S69 (2026-06-17) Office re-skin + golive authz — PASS: re-skin logic-preservation proof = grep api-call + queryKey sorted -u byte-equal OLD-vs-NEW (nhanh+rigorous hơn đọc từng hunk); public-grant security = granted root NOT inherit-root (no sibling cascade gotcha#44-family) + menu-key KHÔNG dùng làm controller [Authorize(Policy=)] (Office=class-[Authorize]+Roles=Admin → CanCreate FE-only, không escalate API write). color-trap: accent thiếu -800 stop = silent no-class Tailwind v4. → _INDEX S69*.
• S65 (2026-06-16) public HRM Hồ sơ + PE mục E — PASS: upgrade-path phải MUTATE row (if(!row.CanRead){...}) KHÔNG skip-existing khi prior revoke pre-set flag false (fix S58-class); menu-hide ≠ API-lock (class-[Authorize] controller data reachable direct-URL bất kể menu). hyperlink free-text = no server-side XSS. → _INDEX S65*.

---

🔄 Curate trigger

• ~30KB → archive recent → L2 archive/<period>.md (byte-exact append) + _INDEX.md substring pointer. Stale >3mo → remove.

• Last curate: 2026-06-20 S80 (em-main, archive-gate keep-floor-hit → manual) (45.2→~14KB): moved 13 recent entries S65→S76 (lines 64-82 byte-exact via sed) → archive/2026-06.md (32.7→70KB, +13 entries) + _INDEX.md +13 substring pointers (all verified count=1). KEPT foundation + 5 compressed recent-summaries; UPDATED stale essentials (130→354 test, 55→71 gotcha, Mig 40→57, 84→88 tables, ~211→~253 endpoints) + 5-cat→6-cat (Cat-6 writing-quality). gist NOT updated (em-main distill later).
• Prev curate: 2026-06-18 S71 (36.7→24.2KB): moved 10 entries; KEPT foundation + newest cluster. Prev S70 (42.5→24.8KB): built _INDEX.md + .gist.md gen:1. Prev S40 (28.4→18KB).