vietreport-admin/solution-erp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
dfde1acbd03d31f93ec4d12d640456a6b3c7bf51
solution-erp/.claude/agent-memory/reviewer/MEMORY.md
pqhuy1987 dfde1acbd0 [CLAUDE] Docs: S82 closeout — STATUS/HANDOFF + session-log + reviewer-memory (Harness-15-v2 adopt) 
- STATUS/HANDOFF: prepend S82, demote S81 (tiering keep current+3)
- session-log 2026-06-21-S82 with spawn-records (2 monitor + 3 workflow reviewer)
- reviewer agent-memory: H15-v2 review + _index-sha-convention memory-note
- %-print CUOI phien lan dau (H15-v2 L.b(c)); archive-gate 2 WATCH strike-1; A7 217/217

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-21 02:09:05 +07:00

78 lines
11 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Reviewer Agent — Persistent Memory
> **Persistent diary cross-session.** Auto-injected first ~200 lines at spawn (L1 HOT).
> Update BEFORE every stop. Tiered Memory v1: L1 HOT soft-cap ~30KB · L2 `archive/` on-demand · L3 RAG `search_memory` just-in-time. Keep entry ≤ 1.5K chars (gotcha #53).
> Full verbatim history pre-S40 → git `d2f52ba` + `archive/2026-05-q1..q2.md`; S51→S76 detail → `archive/2026-06.md` (S69/S70/S71/**S80** curate). Archive map: `archive/_INDEX.md` + per-period `.gist.md`.
## 📁 Area memory (L2 on-demand — Read khi review vùng tương ứng)
- [S62 PE budget soft-warning](project_s62_pe_budget_soft_warning.md) — PASS: hard-block→soft-warning; submit-guard intact + validator giữ `BudgetPeriodAmount>0`, row8 negative-safe (additive-only). Validator class `PurchaseEvaluationFeatures.cs:317`.
- [Wire/mirror claim verification anchors](feedback_wire_claim_verification_anchors.md) — sha256 twin-file · `git diff -U0` isolate true-adds · `allowNegative` bleed check · guard-still-intact grep.
---
## 🎯 Role baseline
Adversarial pre-commit reviewer SOLUTION_ERP. Read-only verify + live curl prod UAT (`*.solutions.com.vn`). Tools: Read, Grep, Glob, Bash (curl + git diff + sqlcmd read) + 5 RAG MCP. Skills: `dependency-audit-erp` + `contract-workflow` + `permission-matrix`. Output: PASS/FAIL + concrete issues file:line. NEVER write code.
---
## 🚨 Recurring bug patterns (catch priority)
- **#44 Silent 403 class-level Authorize quá strict** — Drafter dropdown empty silent (TanStack catch silent → UI empty). Grep `\[Authorize\(Policy=.*\)\]` class-level + curl non-admin expect 200. Fix: class-level `[Authorize]` only (any authenticated); POST/PUT/DELETE giữ `[Authorize(Policy="X.Create")]`.
- **#43 Step.Order ≠ index 0-based** — `Where(s=>s.Order==i)` wrong row. Fix: EF query → in-memory `OrderBy(Order).ToList()` → index.
- **#42 Dual schema V1/V2 — Service phải branch** — `if (entity.ApprovalWorkflowId is Guid awId) ApproveV2Async else V1Legacy`.
- **Wire BE claim** — grep diff `// Mock`/`alert(`/no POST-PUT-DELETE call + live curl expect 2XX. Severity CRITICAL block.
- **#70 FE absolute-set stale-echo race** — N fields cùng-cột share 1 mutation + echo sibling từ server-snapshot (`bs`) + `invalidate()` fire-and-forget (không await) → lưu 2 ô liên-tiếp đè mất. Window mở SAU `isPending=false` (btn re-enable), KHÔNG lúc in-flight. Catch: đếm field-cùng-cột share mutation + check invalidate awaited; fix = `useIsFetching` gate nút Lưu tới khi refetch land.
- **#71 enum proxy-predicate pollution** — thêm enum value vào entity dùng-chung → UI/guard phân-loại theo PROXY-predicate (`supplierId===null`) thay vì enum tường minh → value mới lẫn nhầm phân-loại + false-pass guard. Catch: grep mọi field-proxy predicate, loại value mới tường minh; build-verify TỪNG app.
- **Cross-module security mirror (S29 Smart Friend)** — khi mirror entity/Command cross-module (PE→Contract→Budget V2), focus data-shape MISS security guard. Pattern: `aw.ApplicableType == ExpectedType` validate ON Create BEFORE instantiation (mirror `PurchaseEvaluationFeatures.cs:62-77`). Attack: Drafter forge POST với `approvalWorkflowId` của module khác → FK Restrict chỉ check Id-existence NOT ApplicableType → wrong-scope pin. Re-verify `IsActive`+`IsUserSelectable` server-side. Password ≥12 chars. Severity MAJOR.
- **#17 EF migration 3-file** — `git diff --name-only | grep Migrations/` expect 3 (target + Designer + Snapshot).
---
## 📋 6-category checklist (EVERY review)
- **Cat 1 Wire BE/feature claim:** grep mock markers diff + `await api\.(post|put|delete|patch)\(` + live curl POST/PUT/DELETE if deploy claim + status matrix.
- **Cat 2 Schema integrity:** 3-file rule Mig + column types vs entity def. Reference `docs/gotchas.md` (71 active).
- **Cat 3 Security:** `[Authorize]` class-level ALL new controllers + per-action policy admin-scoped (gotcha #44) + FE PermissionGuard + menuKeys.ts mirror BE MenuKeys.cs + FluentValidation + EF parameterized.
- **Cat 4 Code quality:** `dotnet build SolutionErp.slnx` 0 err + `npm run build` × 2 app (TS6 strict) + tests baseline **354 PASS** (Phase 9 UAT exception OK) + no `--no-verify` + anti-fiddle (scope drift >20% LOC = FAIL) + mirror 2 FE app §3.9.
- **Cat 5 Test coverage:** new helper → xUnit · new endpoint → integration · bug → regression test-before-fix. Phase 9 UAT test-after default OK (`feedback_uat_skip_verify`). Baseline 354.
- **Cat 6 Writing-quality (Harness-7, S64):** outward text (verdict gửi anh / report) = tiếng Việt câu hoàn-chỉnh đủ dấu đúng ngữ-pháp; describe issue + acceptance criteria, NOT code edits. Escalate disagreement explicit.
---
## ⚠️ Anti-patterns + 🛡️ Smart Friend guard
1. ❌ Recommend code edits (only describe issue+criteria) · 2. ❌ Skip live curl if deploy claim · 3. ❌ Accept "wire" without grep proof · 4. ❌ Defer to em main authority (escalate explicit) · 5. ❌ Skip MEMORY · 6. ❌ **Lower bar match em main** (Smart Friend Cognition anti-pattern).
**Smart Friend (Cognition):** NEVER lower bar. Em main code fine → PASS. Em main issues → FAIL with specifics regardless social pressure. "Quality ceiling set by primary, not escalation." Value = raise quality through catch.
---
## 🧠 SOLUTION_ERP review essentials (S80 verified — re-ground từ docs/STATUS.md canonical)
- **Tests baseline:** **354 PASS** (45 Domain + 309 Infra · 0 fail/skip). Must increase khi feature added (§7); Phase 9 UAT exception (`feedback_uat_skip_verify`).
- **Gotchas:** **71 active** (`docs/gotchas.md`, format `### N.`). Latest: #69 bundle-hash non-determ (deploy rebuild-FE-uncond rotate) · #70 FE stale-echo race (useIsFetching gate) · #71 enum proxy-predicate pollution · #66 Tailwind v4 unlayered `h1-h4` color thắng utility · #58 EF read-modify-write lost-update→ExecuteUpdate atomic.
- **Migrations:** **57 latest `AddPeSuggestedPriceNotes`** (path `src/Backend/SolutionErp.Infrastructure/Persistence/Migrations/`). PE-budget: Mig 50 `PeWorkItemBudgets` per-gói-thầu (DROP module Budget cũ) · Mig 54 giá-đề-xuất PRO/CCM + giá-chốt · Mig 55 CcmNote · Mig 56 ProInitial/ProAdjust split · Mig 57 ghi-chú-giá PRO/CCM.
- **Endpoints:** ~253 · **88 SQL tables**.
- **Identity password ≥12 chars** (reject 11-char). Test creds: admin `admin@solutions.com.vn/Admin@123456` (full) · UAT `nv.test@solutions.com.vn/TestUser@123456` (Drafter CCM).
- **Prod:** api/admin/eoffice.solutions.com.vn. Bundle live admin `CsJetgZH` / user `BVS0ApIm` (Run #330). **Pin:** MediatR `12.4.1` (flag `Version="14`) · Swashbuckle `6.9.0` · Node CI `20.x`.
- **Conventions:** `docs/rules.md` (§1.1 outward writing, §3.9 mirror 2 FE, §5.2 commit, §6.5 docs narrative, §7 test timing, §2.8 pin).
---
## 📅 Recent activity (compressed — full verbatim → `archive/2026-06.md` via `archive/_INDEX.md`)
- **S82 (2026-06-21) Harness-15-v2 adopt review (governance delta, 0 code) — 3/3 lane PASS:** floor-completeness + faithfulness + honesty-regression, all clean ("genuine PASS not courtesy"). Caught 3 MINOR (đã fix): volume "~42K" stale trong mark · mark What-cell mang nội-dung S82 mà status ghi "anh-confirm S81" → flag pending-confirm · `_index` pending. **Memory-note (chống false-alarm):** `broadcasts/_index.md` sha = notify's **self-declared `content_sha256`** (frontmatter), KHÔNG recompute full-file/body → đừng flag index-vs-file "mismatch" trước khi đọc frontmatter field. **Stamped-mark mid-session edit OK** khi chỉ refresh What-cell content của decision đã-confirm + status flag pending (KHÔNG mint RC-sig mới, KHÔNG đổi tier) = accuracy-keeping, không phải frozen-record breach.
- **S76 (2026-06-19) PE budget ma-trận 3 cột Mig 56 + badge display-only — PASS:** MAJOR race = 2 PRO cell cùng-cột share mutation + echo sibling từ `bs` + fire-and-forget `invalidate()` → data-loss window (fixed **gotcha #70** useIsFetching gate). Badge role-set MUST mirror gate bit-for-bit (đảo-chiều set-lookup = forward Roles.Contains). **SURPRISE:** spec "KHÔNG migration" FALSE (diff bundle Part1+2+3) — đừng tin scope-framing em-main, đọc changed-set thật. → _INDEX S76 Part1/Part2+3.
- **S72/S72bis/S72ter/Q2 (2026-06-18) Mig 54 PE giá-đề-xuất + CCM-finalize OPT-IN — financial go-live PASS:** fail-closed guard ORDER = throw TRƯỚC mọi set `Phase=DaDuyet`; no-deadlock proof = submit-guard invariant (`winnerQuoteTotal>0`) forward-trace tới finalize candidate-set (FE `length===0` branch unreachable); finalize-bypass = 3 gate trực-giao (approver-match ∩ role=CostControl ∩ amount<threshold) + server-recompute amount KHÔNG trust-client; isSystem-exempt = dead-branch single-caller-proof. _INDEX S72*.
- **S71 (2026-06-18) Harness-10 run-trace + finalize double-check PASS/GAPS:** "TRACKED" containment 2-level = check-ignore(eligible) vs `git ls-files`(committed) model chỉ work post `git add`. "Hoàn chỉnh toàn bộ" audit phải check `budget.json` measured-bytes vs DISK (over-cap re-accumulate mỗi session). _INDEX S71*.
- **S69 (2026-06-17) Office re-skin + golive authz PASS:** re-skin logic-preservation proof = `grep api-call + queryKey sorted -u` byte-equal OLD-vs-NEW (nhanh+rigorous hơn đọc từng hunk); public-grant security = granted root NOT inherit-root (no sibling cascade gotcha#44-family) + menu-key KHÔNG dùng làm controller `[Authorize(Policy=)]` (Office=class-`[Authorize]`+Roles=Admin CanCreate FE-only, không escalate API write). color-trap: accent thiếu -800 stop = silent no-class Tailwind v4. _INDEX S69*.
- **S65 (2026-06-16) public HRM Hồ + PE mục E PASS:** upgrade-path phải MUTATE row (`if(!row.CanRead){...}`) KHÔNG skip-existing khi prior revoke pre-set flag false (fix S58-class); menu-hide API-lock (class-`[Authorize]` controller data reachable direct-URL bất kể menu). hyperlink free-text = no server-side XSS. _INDEX S65*.
---
## 🔄 Curate trigger
- >~30KB → archive recent → L2 `archive/<period>.md` (byte-exact append) + `_INDEX.md` substring pointer. Stale >3mo → remove.
- **Last curate: 2026-06-20 S80 (em-main, archive-gate keep-floor-hit → manual)** (45.2→~14KB): moved 13 recent entries S65→S76 (lines 64-82 byte-exact via `sed`) → `archive/2026-06.md` (32.7→70KB, +13 entries) + `_INDEX.md` +13 substring pointers (all verified count=1). KEPT foundation + 5 compressed recent-summaries; UPDATED stale essentials (130→354 test, 55→71 gotcha, Mig 40→57, 84→88 tables, ~211→~253 endpoints) + 5-cat→6-cat (Cat-6 writing-quality). gist NOT updated (em-main distill later).
- **Prev curate: 2026-06-18 S71** (36.7→24.2KB): moved 10 entries; KEPT foundation + newest cluster. **Prev S70** (42.5→24.8KB): built `_INDEX.md` + `.gist.md` gen:1. **Prev S40** (28.4→18KB).
Reference in New Issue View Git Blame Copy Permalink