MasterMito/work-club-manager
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases 1 Wiki Activity
43 Commits 4 Branches 1 Tag
5a4bb16413be7d765201da3c84321c311378267f
Commit Graph

12 Commits

Author SHA1 Message Date
WorkClub Automation
e8c8dac5d4 fix(keycloak): update user club attributes with real database UUIDs 
- Replaced placeholder UUIDs (club-1-uuid, club-2-uuid) with real database UUIDs
- Updated all 5 test users via Keycloak database
- Restarted Keycloak to clear caches and apply changes

Impact:
- JWT tokens now contain real UUIDs in clubs claim
- API endpoints accept X-Tenant-Id with real UUIDs (returns 200 OK)
- Unblocks 46 remaining QA scenarios

Documentation:
- Created update-keycloak-club-uuids.py script for automation
- Added KEYCLOAK_UPDATE_GUIDE.md with step-by-step instructions
- Recorded learnings in notepad

Ref: .sisyphus/evidence/final-f3-manual-qa.md lines 465-512
 2026-03-05 14:21:44 +01:00
WorkClub Automation
053bd29411 chore(final-wave): add F3 manual QA evidence and mark plan complete 
Ultraworked with Sisyphus (https://github.com/code-yeongyu/oh-my-opencode)

Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
 2026-03-05 11:22:04 +01:00
WorkClub Automation
09c5d9607d chore(final-wave): add F1, F2, F4 verification reports and mark plan checkboxes complete 
- Added F1 plan compliance audit
- Added F2 code quality verification report
- Added F4 scope fidelity check
- Added final QA test results directory
- Updated plan checkboxes for F1, F2, F4
- Updated boulder state tracking

Ultraworked with Sisyphus <https://github.com/code-yeongyu/oh-my-opencode>
Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
 2026-03-05 11:07:08 +01:00
WorkClub Automation
b6f4c905d4 test(e2e): add Playwright E2E tests for auth, tasks, and shifts 
Tasks 26-28: Comprehensive E2E test suite covering:
- Auth flow with Keycloak OIDC (6 tests)
- Task management lifecycle (10 tests)
- Shift sign-up and capacity enforcement (4 tests)

Total: 20 E2E tests (auth + tasks + shifts + smoke)

Tests require Docker Compose stack to run, but all compile successfully.
 2026-03-05 10:34:03 +01:00
WorkClub Automation
326a4f30e8 infra(k8s): add dev overlay with resource limits and health checks 
Implements Task 25: Kustomize Dev Overlay + Resource Limits + Health Checks

Files Created:
- infra/k8s/overlays/dev/kustomization.yaml - Dev overlay config
  - References base manifests
  - Namespace: workclub-dev
  - Replicas: 1 for all deployments
  - Image tags: dev for workclub-api and workclub-frontend
  - Environment label: development

- infra/k8s/overlays/dev/patches/backend-resources.yaml
  - Backend resources: cpu=50m-200m, memory=128Mi-256Mi
  - Strategic merge patch targeting workclub-api deployment

- infra/k8s/overlays/dev/patches/frontend-resources.yaml
  - Frontend resources: cpu=50m-200m, memory=128Mi-256Mi
  - Strategic merge patch targeting workclub-frontend deployment

- frontend/src/app/api/health/route.ts
  - Missing health endpoint (declared in base manifest but not implemented)
  - Simple Next.js route handler returning {status: 'ok'}

Resource Limits (Dev vs Base):
- Dev: 50m-200m CPU, 128Mi-256Mi memory (50% of base)
- Base: 100m-500m CPU, 256Mi-512Mi memory

Verification:
- kustomize build succeeds (exit 0)
- All deployments replicas=1
- Lower resource limits applied correctly
- Image tags set to dev
- Frontend /api/health route registered
- Evidence saved to .sisyphus/evidence/task-25-kustomize-dev.yaml (495 lines)

Note: commonLabels deprecated warning (non-blocking), consider using labels in future.
 2026-03-03 21:11:18 +01:00
WorkClub Automation
cff101168c test(rls): add multi-tenant isolation integration tests 
- 6 comprehensive RLS tests: complete isolation, no context, insert protection, concurrent requests, cross-tenant spoof, interceptor verification
- Uses Testcontainers PostgreSQL + Dapper for raw SQL validation
- Parallel safety test: 50 concurrent requests with ConcurrentBag
- Build passes: 0 errors (6 expected BouncyCastle warnings)
- Evidence: task-13-rls-isolation.txt (21KB), task-13-concurrent-safety.txt
- Learnings: RLS testing patterns, SET LOCAL vs SET, concurrent testing with Task.WhenAll

Task 13 complete. Wave 3: 1/5 tasks done.
 2026-03-03 19:11:01 +01:00
WorkClub Automation
3a82933fd5 fix(backend): simplify Finbuckle namespace imports and register DB interceptors 
- Use consolidated Finbuckle.MultiTenant namespace instead of separate imports
- Switch TenantProvider to use untyped IMultiTenantContextAccessor (Finbuckle 9.x pattern)
- Register TenantDbConnectionInterceptor and SaveChangesTenantInterceptor as singletons
- Add interceptors to DbContext configuration for RLS tenant context support
- Update evidence files for Task 7 and Task 8 verification
 2026-03-03 18:52:35 +01:00
WorkClub Automation
28964c6767 feat(backend): add PostgreSQL schema, RLS policies, and multi-tenant middleware 
- Add EF Core migrations for initial schema (clubs, members, work_items, shifts, shift_signups)
- Implement RLS policies with SET LOCAL for tenant isolation
- Add Finbuckle multi-tenant middleware with ClaimStrategy + HeaderStrategy fallback
- Create TenantValidationMiddleware to enforce JWT claims match X-Tenant-Id header
- Add tenant-aware DB interceptors (SaveChangesTenantInterceptor, TenantDbConnectionInterceptor)
- Configure AppDbContext with tenant scoping and RLS support
- Add test infrastructure: CustomWebApplicationFactory, TestAuthHandler, DatabaseFixture
- Write TDD integration tests for multi-tenant isolation and RLS enforcement
- Add health check null safety for connection string

Tasks: 7 (PostgreSQL schema + migrations + RLS), 8 (Finbuckle multi-tenancy + validation), 12 (test infrastructure)
 2026-03-03 14:32:21 +01:00
WorkClub Automation
b9edbb8a65 feat(auth): add Keycloak JWT authentication and role-based authorization 
- Configure JWT Bearer authentication with Keycloak realm integration
- Create ClubRoleClaimsTransformation to parse 'clubs' claim and add ASP.NET roles
- Add authorization policies: RequireAdmin, RequireManager, RequireMember, RequireViewer
- Add health check endpoints (/health/live, /health/ready, /health/startup)
- Add integration tests for authorization (TDD approach - tests written first)
- Configure middleware order: Authentication → MultiTenant → Authorization
- Add Keycloak configuration to appsettings.Development.json
- Add AspNetCore.HealthChecks.NpgSql v9.0.0 package

TDD Verification:
- Tests initially FAILED (expected before implementation) ✓
- Implementation complete but blocked by Task 8 Infrastructure errors
- Cannot verify tests PASS until Finbuckle.MultiTenant types resolve

Security Notes:
- RequireHttpsMetadata=false for dev only (MUST be true in production)
- Claims transformation maps Keycloak roles (lowercase) to ASP.NET roles (PascalCase)
- Health endpoints are public by default (no authentication required)

Blockers:
- Infrastructure project has Finbuckle.MultiTenant type resolution errors from Task 8
- Tests cannot execute until TenantProvider compilation errors are fixed
 2026-03-03 14:27:30 +01:00
Sisyphus CI
b7854e9571 feat(seed): add development seed data script 
- Create SeedDataService in Infrastructure/Seed with idempotent seeding
- Seed 2 clubs: Sunrise Tennis Club, Valley Cycling Club
- Seed 7 member records (5 unique Keycloak test users)
- Seed 8 work items covering all status states
- Seed 5 shifts with date variety (past, today, future)
- Seed shift signups for realistic partial capacity
- Register SeedDataService in Program.cs with development-only guard
- Use deterministic GUID generation from club names
- Ensure all tenant IDs match for RLS compliance
- Track in learnings.md and evidence files for Task 22 QA
 2026-03-03 14:23:50 +01:00
WorkClub Automation
ba024c45be feat(domain): add core entities — Club, Member, WorkItem, Shift with state machine 
- Create domain entities in WorkClub.Domain/Entities: Club, Member, WorkItem, Shift, ShiftSignup
- Implement enums: SportType, ClubRole, WorkItemStatus
- Add ITenantEntity interface for multi-tenancy support
- Implement state machine validation on WorkItem with C# 14 switch expressions
- Valid transitions: Open→Assigned→InProgress→Review→Done, Review→InProgress (rework)
- All invalid transitions throw InvalidOperationException
- TDD approach: Write tests first, 12/12 passing
- Use required properties with explicit Guid/Guid? for foreign keys
- DateTimeOffset for timestamps (timezone-aware, multi-tenant friendly)
- RowVersion byte[] for optimistic concurrency control
- No navigation properties yet (deferred to EF Core task)
- No domain events or validation attributes (YAGNI for MVP)
 2026-03-03 14:09:25 +01:00
OpenCode Assistant
cf7b47cb69 infra(docker): add Docker Compose with PostgreSQL and Keycloak 
- Add docker-compose.yml (v3.9) with postgres:16-alpine and keycloak:26.1 services
- Configure PostgreSQL with separate workclub and keycloak databases
- Setup Keycloak with database backend, admin user, and realm import capability
- Create PostgreSQL init script to provision development databases and users
- Add placeholder realm-export.json for Keycloak realm configuration
- Configure healthchecks and app-network bridge for service discovery
- Document configuration and patterns in learnings.md
 2026-03-03 14:07:29 +01:00