solution-erp/docs/changelog/sessions/2026-05-13-2200-s22-chot-cuoi.md

# Session 22 CHỐT CUỐI — 2026-05-13 22:00 — Plan C+D+E + 5 turn S22+

**Dev:** Claude Opus 4.7 1M Max (em main solo throughout — 3 sub-agents seeds-only REFUSE 100% cross-stack reasoning chain per Cognition "writes single-threaded")
**Duration:** ~4h (18:00 start S22 → 22:00 chốt)
**Base commit:** `3d725c4` (S21 chốt cuối)
**Final HEAD:** `b04a11a` (S22+5 Mig 30 per-NV F4 flag)
**Total commits S22:** **11** pushed remote

## 🎯 Trigger session

Bro chốt 4 plan đầu session: Plan C + Plan D + Plan E + Plan F. Em hỏi 3 clarify question:
- Thứ tự: D→C→E→F (an toàn → risk)
- Plan F destructive: drop luôn không backup (UAT chấp nhận risk)
- Plan E scope: toàn bộ List + Inbox + Detail

Em pre-flight Plan F khám phá blocker → ABORT defer S23+.

Bro feedback liên tục → +5 turn:
- S22+1 fix bug "không phải lượt bạn" disable cả 3 button
- S22+2 seed 20 test user prod
- S22+3 rename users sang role-based (`{dept}.{level}@solutions.com.vn`)
- S22+4 view file PDF inline + Section "Điều chỉnh ngân sách"
- S22+5 fix spec S22+4: Mig 30 per-NV admin opt-in flag (KHÔNG default expand)

Cuối session bro confirm **"giải pháp sub agent khá tốt"** ✅ → keep 4 sub-agents ongoing.

## 📋 11 commits S22 timeline

| # | Commit | Topic | Stage |
|---|---|---|---|
| 1 | `60efeed` | Plan D — Users F2 toggle UI | BE+FE Admin |
| 2 | `dbda37e` | Plan C task 4 — 5 reflection test #44 silent 403 | Tests |
| 3 | `215b1e0` | Plan C task 1-3 — 14 test catch-up ReturnMode + Guard | Tests |
| 4 | `f149661` | Plan E — BE PE strict V2 scope (List + Detail) | BE |
| 5 | `a74e671` | Docs S22 + 3 agent MEMORY drift | Docs |
| 6 | `40f64c6` | S22+1 disable 3 button + BE EnsureCanRejectV2Async guard + 1 test | FE+BE |
| 7 | `8185070` | S22+2 seed 20 test user prod | Scripts |
| 8 | `0e70789` | S22+3 rename users sang role-based naming | Scripts |
| 9 | `37b51d7` | S22+4 Chunk A — BE attachment view + AdjustBudgetCommand | BE |
| 10 | `30d51c8` | S22+4 Chunk B — FE AttachmentPreviewDialog + Section Điều chỉnh ngân sách | FE×2 |
| 11 | `b04a11a` | S22+5 Mig 30 +AllowApproverEditBudget per-NV opt-in (spec fix) | BE+FE×2 |

**CICD Monitor verify:** Run #188 PASS (Plan C+D+E push). 7 commits sau (S22+1 → S22+5) chưa spawn verify — em sẽ spawn final at session end.

## 🎨 Plan D — User Management F2 toggle UI (`60efeed`)

BE wire F2 (`User.AllowDrafterSkipToFinal` từ Mig 29):
- `UserDto +AllowDrafterSkipToFinal`
- `SetUserAllowDrafterSkipToFinalCommand` + Handler mirror `SetBypassReview` pattern
- `PATCH /api/users/{id}/allow-skip-final` body `{allowDrafterSkipToFinal:bool}` Policy=`Users.Update`

FE Admin (fe-user KHÔNG có UsersPage admin-only):
- `User` type +`allowDrafterSkipToFinal: boolean`
- Column "Skip cuối" violet `FastForward` badge
- Action button toggle `allowSkipMut`

Verify: BE build clean + npm fe-admin pass 638ms.

## 🧪 Plan C task 4 — Regression test #44 silent 403 (`dbda37e`)

5 reflection-based tests verify `ApprovalWorkflowsV2Controller` Authorize split (gotcha #44 S18 fix `f77ea38`):
- class-level `[Authorize]` only, NO Policy → catch regression nếu ai add Policy lên class-level
- GET Overview inherits class-level (no action-level Policy)
- POST Create + DELETE + PATCH user-selectable require Policy=`Workflows.Create`

Add `ProjectReference SolutionErp.Api` → `SolutionErp.Infrastructure.Tests` cho reflection access Controller types.

Pattern reusable: catch silent 403 regression mà KHÔNG cần WebApplicationFactory heavy.

Verify: 84 → 89 PASS (+5).

## 🧪 Plan C task 1-3 — Service test catch-up S21 t4-t5 (`215b1e0`)

14 test cover 3 helper sửa lớn từ S21 t4-t5:

**Task 1+2 (7 test ReturnMode):**
- `ApplyReturnModeAsync` Drafter allowed/denied/admin bypass
- OneLevel happy path + admin bypass disabled flag
- `skipToFinal` Drafter allowed/denied/admin bypass

**Task 3 (7 test Guard):**
- `EnsureEditableForDetailsAsync` Drafter scope DangSoanThao + TraLai
- F3 Approver scope ChoDuyet + flag on + actor match
- F3 Approver scope ChoDuyet + flag off → ConflictException
- F3 Approver scope ChoDuyet + actor mismatch → ForbiddenException
- Admin bypass ChoDuyet + flag off
- DaDuyet terminal phase + any caller → ConflictException

**Pattern infra:**
- `SeedWorkflowAsync` 1 Step (DepartmentId=null) × 2 Levels
- `SeedApproversAsync` via `IdentityFixture.CreateUserAsync`
- `FakeCurrentUser` impl `ICurrentUser`
- `InternalsVisibleTo` csproj expose internal `PurchaseEvaluationDraftGuard`

Verify: 89 → 103 PASS (+14).

## 🔒 Plan E — Phân quyền strict V2 scope (`f149661`)

Thắt chặt PE V2 List + Detail từ UAT loose sang strict actor.UserId scope (Inbox đã strict từ S17):

`ListPurchaseEvaluationsQuery`:
```csharp
// Trước (loose): || x.e.ApprovalWorkflowId != null
// Sau (strict): pre-compute userApprovalWfIds từ ApprovalWorkflowLevels.ApproverUserId
q = q.Where(x =>
    x.e.DrafterUserId == userId
    || eligiblePhases.Contains(x.e.Phase)
    || (x.e.ApprovalWorkflowId != null && userApprovalWfIds.Contains(x.e.ApprovalWorkflowId.Value)));
```

`GetPurchaseEvaluationQuery` (Detail): similar pattern via `db.ApprovalWorkflowLevels.AnyAsync(l => Step.ApprovalWorkflowId == awId && ApproverUserId == userId)`.

Verify: build clean + 103/103 PASS regression-free.

## ⛔ Plan F — Drop legacy V1 (ABORTED)

Pre-flight SSH vietreport-vps sqlcmd reveal blocker:
- 23 PE pin V1 (`WorkflowDefinitionId` set)
- 4 PE V1-ONLY (no V2 fallback)
- **7 Contract pin V1 + Contract entity HOÀN TOÀN V1** (chưa có `ApprovalWorkflowId` column — Plan B Contract V2 wire CHƯA kick off)

Drop V1 = BE crash startup FK violation. **ABORT defer S23+ sau Plan B Contract V2 wire**.

User confirm ABORTED via AskUserQuestion (empty answer → apply Recommended).

## 🐛 S22+1 — Fix "không phải lượt bạn" disable 3 button (`40f64c6`)

User UAT feedback: trước đây chỉ "Duyệt" disabled khi non-approver. "Trả lại" + "Từ chối" vẫn enabled (design intent S17). Bro override: "Nếu đã không đc quyền thao tác thì ko đc quyền thao tác hết tất cả các hành động".

FE × 2 app (`PeWorkflowPanel.tsx`):
- `isDisabled = blockedByV2Level` (drop `isForwardApprove &&` qualifier)
- Tooltip update "mới thao tác được (Duyệt / Trả lại / Từ chối)"

BE defense-in-depth (`PurchaseEvaluationWorkflowService.cs`):
- Helper `EnsureCanRejectV2Async` mirror FE `actorInV2Level` logic
- Skip silent khi admin/V1/non-ChoDuyet/no actor/no pointer
- Throw `ForbiddenException` khi V2 ChoDuyet + actor != currentLevel.ApproverUserId
- Invoke top Reject branch (cover cả TuChoi + Trả lại)

+1 regression test `Reject_NonApprover_V2_Throws_ForbiddenException`.

Verify: 103 → 104 PASS (+1).

## 👥 S22+2 + S22+3 — Seed 20 test user role-based naming (`8185070` + `0e70789`)

**S22+2 seed:**
- Script `scripts/seed-test-users-prod.ps1` ASCII-only (gotcha #30 PS 5.1 diacritics)
- 6 phòng còn trống × 3 user (NV/PP/TP) + BOD +2 = 20 user
- Password `TestUser@2026` (>=12 chars per Identity policy discovery)
- 4 user advanced flags: 2 CanBypassReview (`act.tp` + `hra.tp`) + 2 AllowDrafterSkipToFinal (`fin.pp` + `pm.nv`)

**S22+3 rename:**
- Email pattern: `{dept}.{level}@solutions.com.vn` (act.nv / act.pp / act.tp / bod.1 / bod.2 / etc.)
- FullName: "ACT NV - Drafter+Accounting [Bypass]" (encode flag inline)
- Identity rename 4 fields atomic (gotcha #38): Email + NormalizedEmail + UserName + NormalizedUserName + FullName
- SQL transaction `SET QUOTED_IDENTIFIER ON` required cho filtered indexes Users

Prod active users: 13 → **33** (no rename existing 13).

**Discoveries:**
1. Identity password policy ≥12 chars (existing memory mention `User@123456` 11 chars — outdated)
2. API auth response field `accessToken` (NOT `token`)
3. PS 5.1 ASCII-only discipline reinforced (gotcha #30)

## 📄 S22+4 — Attachment view + Section "Điều chỉnh ngân sách" Chunk A+B (`37b51d7` + `30d51c8`)

**Chunk A BE:**
- NEW `GET /api/purchase-evaluations/{id}/attachments/{attId}/view` — inline Content-Disposition
- NEW `AdjustPurchaseEvaluationBudgetCommand` + Handler + Validator
- NEW `PATCH /api/purchase-evaluations/{id}/budget-adjust` body `{budgetId, budgetManualName, budgetManualAmount}`

**Chunk B FE × 2 app:**
- NEW component `AttachmentPreviewDialog.tsx`:
  - Fetch BE `/view` as blob → object URL (bearer auth qua axios)
  - Render iframe (PDF) hoặc img (image) trong Dialog
  - Helper `isPreviewable(fileName)` check ext (PDF/PNG/JPG/JPEG/WEBP/GIF)
- `SupplierAttachmentsCell` + `GeneralAttachmentsSection`:
  - 2 button split: 👁️ Eye View (violet) + ⬇️ Download (brand)
  - Filename text-only (KHÔNG còn click download)
- NEW `BudgetAdjustSection` component:
  - Section 5 cuối PeDetail view
  - 2 mode edit: Select Budget link OR Manual amount+name
  - Save → PATCH /budget-adjust

**Verify:** dotnet build clean + npm build × 2 app pass.

## 🔧 S22+5 — Spec fix: Mig 30 +AllowApproverEditBudget per-NV (`b04a11a`)

Bro feedback S22+4 lần 2: "à ko ý tao nói là thêm 1 cái section trên chỗ section 2 là cho phép edit đc ngân sách ấy chứ ko phải thay đổi logic edit, và luồng duyệt. Về edit vẫn như cũ -> chỉ đc sửa lại khi đang nháp, trả lại, và thêm 1 section lúc thiết lập quy trình duyệt nữa là những người nào đc phép edit section ngân sách, tương tự như section 2 thêm NCC các thứ ấy."

→ Em hiểu sai: KHÔNG default Approver scope expansion. Phải admin opt-in flag per slot mirror Mig 29 F3 `AllowApproverEditDetails`.

**Refactor:**

Mig 30 `AddAllowApproverEditBudgetToLevels`:
- ALTER `ApprovalWorkflowLevels +AllowApproverEditBudget bit NOT NULL DEFAULT 0`
- 3-file rule (mig + Designer + Snapshot)
- Apply LocalDB Dev + Design

Domain entity `ApprovalWorkflowLevel +bool AllowApproverEditBudget` (default false).
EF config `HasDefaultValue(false)`.
DTO `AwLevelDto + ApprovalWorkflowOptionsDto + CreateAwLevelInput` extend.

PE GET handler populate `currentLevelOptions.allowApproverEditBudget` từ curLevel slot.

`AdjustBudgetCommand` handler refactor ChoDuyet branch:
- Trước: actor match ApproverUserId (default expand)
- Sau: `level.AllowApproverEditBudget=true` AND actor match → throw ConflictException nếu slot chưa cấp quyền

FE Admin Designer `ApprovalWorkflowsV2Page.tsx`:
- `LevelDto + EditLevelEntry +allowApproverEditBudget`
- `copyFromDefinition + makeDefaultLevelEntry` propagate default false
- POST body include
- Checkbox inline mỗi Level entry "Cho phép chỉnh sửa Section ngân sách lúc đang duyệt"

FE Types × 2 app `purchaseEvaluation.ts` — `ApprovalWorkflowOptions +allowApproverEditBudget`.

FE `BudgetAdjustSection` × 2 app — `isApproverChoDuyet = phase ChoDuyet + actor in approvers + currentLevelOptions.allowApproverEditBudget`.

**Pattern reinforced:** Per-NV admin opt-in flag proven 2× (Mig 29 F1+F3 + Mig 30 F4) — cross-ref memory `feedback_per_nv_permission_scope.md`.

## 📊 Stats cumulative S21 chốt → S22 chốt

| Metric | S21 chốt | S22 chốt | Δ |
|---|---|---|---|
| DB tables | 59 | 59 | 0 |
| **Migrations** | 29 | **30** | +1 (Mig 30) |
| Endpoints | ~143 | **~146** | +3 |
| FE pages | 34 | 34 | 0 |
| **Unit tests** | 84 | **104** | **+20** |
| **Gotchas** | 46 | **47** | +1 (#47 paths-ignore agent-memory PENDING bro decide) |
| Memory entries | 19 | 19 | 0 (reinforced existing `feedback_per_nv_permission_scope`) |
| Skills | 6 | 6 | 0 |
| Sub-agents | 4 | 4 | 0 |
| **Prod active users** | 13 | **33** | **+20** role-based |
| Commits S22 | — | **11** | pushed remote |

## 🧠 Lessons learned

1. **Per-NV admin opt-in flag pattern proven 2×** (Mig 29 F1+F3 + Mig 30 F4) — em main first interpret S22+4 "Approver luôn được edit" → bro corrected "phải tick checkbox per slot mirror Section 2". Anti-pattern: default expand permission scope khi user nói "thêm scope". Reusable cho future flag F5+ (vd `AllowEarlyApprove`, `AllowDelegate`).

2. **Pre-flight prod sqlcmd discipline BẮT BUỘC** cho destructive migration. Plan F catch 3 blocker (Contract V1-only + 4 PE V1-only + 19 PE V1+V2 mix) tránh BE crash startup. Pattern reusable: SSH vietreport-vps verify data state TRƯỚC drop column/table. Audit entity scope toàn bộ — Contract liên đới khi drop V1 schema PE.

3. **Identity password policy ≥12 chars** discovery — `User@123456` (11 chars) FAIL S22+2. Memory entry existing mention pattern S4 outdated. Future seed script use `TestUser@2026` (13 chars) default.

4. **Defense-in-depth FE + BE guard pair** (S22+1) — UI disable + BE helper throw 403. Tránh request forge non-approver gọi PATCH direct qua DevTools/Postman. Pattern reusable: bất kỳ action sensitive (approve/reject/adjust).

5. **Reflection-based regression test cho Authorize policy** (Plan C task 4) — 5 test ~50 LOC catch class-level Policy regression mà KHÔNG cần WebApplicationFactory heavy. Pattern reusable cho future controller sensitive.

6. **Tách endpoint riêng cho narrow scope** (S22+4 AdjustBudget vs UpdatePeDraft) — `UpdatePeDraft` cover Section 1 fields (rộng) chỉ Drafter Nháp/Trả lại. `AdjustBudget` tách riêng narrow scope (Budget* only) cover thêm Approver scope với admin opt-in flag. Tránh accidental edit Section 1 từ Approver.

7. **`.claude/agent-memory/**` thiếu paths-ignore** (gotcha #47 discovery) — MEMORY.md drift commit (end-of-session flush) trigger full CI deploy ~3.5min waste. Fix recommended add path-ignore — PENDING bro confirm.

## ⏭ Handoff S23

### Pending plans

- 🟡 **Plan B Contract V2 wire (Mig 31+32)** — HIGH priority, mirror PE V2 pattern. Mở đường Plan F drop V1 sau.
- ⛔ **Plan F drop V1** — defer SAU Plan B + migrate 4 PE V1-only + UAT 2-3 tuần.
- 🟢 **Plan H PE PDF Export** — LOW priority carry.
- 🟡 **Plan I RAG Hybrid setup 5 dự án** — defer chờ bro confirm.
- 🔧 **Gotcha #47 paths-ignore agent-memory** — bro confirm fix `.gitea/workflows/deploy.yml`.
- 🧪 **Plan C test catch-up bundle** — defer thêm test cho `AdjustBudgetCommand` ChoDuyet branch + V2 strict scope tests. UAT 2-3 lần ổn → viết test.

### Sub-agent status

Bro confirm sub-agent solution KHÁ TỐT ✅:
- 🟦 Investigator — seeds-only S22 (em main solo cross-stack)
- 🟨 Implementer — REFUSE 100% S22 per criteria #3+#4 cross-stack reasoning chain
- 🟥 Reviewer — seeds-only S22 (em main self-review build+test)
- 🟩 CICD Monitor — Run #188 PASS verified S22 chốt initial, 7 commits sau (S22+1 → S22+5) sẽ spawn final verify

4 sub-agents MEMORY.md flushed S22 cumulative — patterns added cho Implementer (7-12), Investigator/Reviewer count refresh, CICD Monitor Mig 30 + 104 test baseline.

## References

- Memory user-level reinforced: `feedback_per_nv_permission_scope.md` (Section "Reinforcement S22+5")
- Gotcha mới: `docs/gotchas.md#47` (paths-ignore agent-memory gap, PENDING)
- Mig 30: `src/Backend/SolutionErp.Infrastructure/Persistence/Migrations/20260513160703_AddAllowApproverEditBudgetToLevels.cs`
- Scripts: `scripts/seed-test-users-prod.ps1` + `scripts/rename-test-users-to-roles.ps1`
- 4 agent MEMORY.md flushed at `.claude/agent-memory/{investigator,implementer,reviewer,cicd-monitor}/MEMORY.md`
- Rules: §3.9 mirror 2 FE, §6.5 KEEP narrative, §7 test timing, `feedback_uat_skip_verify`, `feedback_per_chunk_commit`, `feedback_per_nv_permission_scope` (S22+5 reinforced)