flux-srl

davidherran/flux-srl

Fork 0

Commit Graph

Author	SHA1	Message	Date
davidherran	148aefc68f	feat(team): public Team page + HQ CMS panel New "Team" section — a LinkedIn-style minimal profile page for the FLUX team, fully editable from the HQ Command Center. Data model: - New TeamMember model (name, role, bio, photoUrl, optional social links: email/linkedin/x/website, order, isActive, translationsJson). - Additive migration 20260602120000_add_team_member (IF NOT EXISTS guards). - Name stays as written; role + bio are translatable via the AI engine. HQ panel (/hq-command/dashboard/team): - Drag-to-reorder (same HTML5 pattern as the Hero panel). - Inline auto-save for name/role/visibility; expandable editor for photo upload, bio, social links, and AI auto-translate to IT/VEC/ES/DE. - Photo upload reuses /api/assets with a new flat "team" scope -> /public/team/. - Dashboard tile added. Public page (/[locale]/team): - Responsive card grid (framer-motion stagger), portrait + name + role + bio + social icons (only the links that exist render). - Per-member Person JSON-LD + breadcrumb for SEO. - Localized via getLocalizedData; new TeamPage namespace in all 5 locales. - NavBar item "Team" inserted before "Spare Parts" (translated 5 locales). - Added to sitemap. Infra: - "team" scope registered in /api/assets (SCOPE_ROOTS + FLAT_SCOPES + buildPublicUrl) and revalidate.ts (RevalidateScope + path). - Nginx serves /team/ from disk; docker-compose mounts public/team in both app and nginx (rw + ro). Verified: production build compiles, all 5 /[locale]/team routes + the HQ panel render; TypeScript clean; 5 message files valid JSON. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-02 07:17:09 -05:00
davidherran	3a94e7c003	feat(security+ai): security hardening + FluxAI conversation analytics Security (critical): - SESSION_SECRET fail-fast: refuse to boot without a 32+ char secret (src/lib/session.ts, src/app/actions/clientAuth.ts) - Rate limit with pluggable backend: in-memory by default, auto-promotes to Upstash Redis when REDIS_URL is set (src/lib/rateLimit.ts) - CSRF (double-submit HMAC) + Zod validation on /api/consultation; new /api/csrf endpoint mints tokens (src/lib/csrf.ts) - escapeHtml + safeMailto helpers; consultation email template now fully escapes user-controlled fields (src/lib/escapeHtml.ts) - Magic-byte validation for /api/public-upload — rejects HTML/JS payloads renamed to .png/.mp4 (src/lib/fileType.ts) - Nginx: CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy + 5r/m upload zone for /api/public-upload and /api/assets (nginx/conf.d/flux.conf) Quality: - Delete GlobalOperations_old.tsx dead code (310 LOC) - NavBar: replace 2s session polling with CustomEvent("flux:session- changed") + visibilitychange listener (no more interval leaks) - Type-safe CMS shapes via src/types/cms.ts (replaces any[] in ApplicationsDashboard + GlobalOperations) - /api/health now pings Postgres; docker-compose healthcheck added - Structured JSON logger (src/lib/logger.ts) — drop-in replacement for console.error across API routes - Prisma indices on isActive/category/nodeType filters FluxAI persistence + analytics: - New models AiConversation + AiEvent with funnel stage detection (DISCOVERY -> QUALIFY -> RECOMMEND -> HANDOFF) and OperationsSignal back-ref so converted chats link to their consultation ticket - /api/chat persists every user msg, ai msg, tool call, tool result; IP is sha256-hashed with SESSION_SECRET salt; promptCacheKey wired for when @ai-sdk/openai lands the feature - New HQ dashboard at /hq-command/dashboard/conversations: 4 KPIs (total, conversion rate, avg messages, avg tools), funnel + industry breakdowns, last-50 table, per-id transcript with tool timeline - SilentObserver sends sessionId/locale/pageUrl in transport body so the route can stitch messages into the same conversation - src/lib/aiSessionId.ts: localStorage UUID with sessionStorage + in-memory fallbacks for privacy mode - Golden tests via node --test (13 cases, no new deps); npm run test:ai Migration: - prisma/migrations/20260526180000_add_indexes_and_ai_telemetry — additive only, IF NOT EXISTS guards, safe for migrate deploy env template hardened: SESSION_SECRET documented as required + how to generate; REDIS_URL/REDIS_TOKEN documented as opt-in for multi- instance deploys. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 08:10:19 -05:00
davidherran	fc24313f15	production: docker + nginx config for rf-flux.com Deploy to VPS / deploy (push) Has been cancelled Details	2026-03-20 13:46:05 -05:00

Author

SHA1

Message

Date

davidherran

148aefc68f

feat(team): public Team page + HQ CMS panel

New "Team" section — a LinkedIn-style minimal profile page for the FLUX
team, fully editable from the HQ Command Center.

Data model:
- New TeamMember model (name, role, bio, photoUrl, optional social links:
  email/linkedin/x/website, order, isActive, translationsJson).
- Additive migration 20260602120000_add_team_member (IF NOT EXISTS guards).
- Name stays as written; role + bio are translatable via the AI engine.

HQ panel (/hq-command/dashboard/team):
- Drag-to-reorder (same HTML5 pattern as the Hero panel).
- Inline auto-save for name/role/visibility; expandable editor for photo
  upload, bio, social links, and AI auto-translate to IT/VEC/ES/DE.
- Photo upload reuses /api/assets with a new flat "team" scope -> /public/team/.
- Dashboard tile added.

Public page (/[locale]/team):
- Responsive card grid (framer-motion stagger), portrait + name + role +
  bio + social icons (only the links that exist render).
- Per-member Person JSON-LD + breadcrumb for SEO.
- Localized via getLocalizedData; new TeamPage namespace in all 5 locales.
- NavBar item "Team" inserted before "Spare Parts" (translated 5 locales).
- Added to sitemap.

Infra:
- "team" scope registered in /api/assets (SCOPE_ROOTS + FLAT_SCOPES +
  buildPublicUrl) and revalidate.ts (RevalidateScope + path).
- Nginx serves /team/ from disk; docker-compose mounts public/team in both
  app and nginx (rw + ro).

Verified: production build compiles, all 5 /[locale]/team routes + the HQ
panel render; TypeScript clean; 5 message files valid JSON.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

2026-06-02 07:17:09 -05:00

davidherran

3a94e7c003

feat(security+ai): security hardening + FluxAI conversation analytics

Security (critical):
- SESSION_SECRET fail-fast: refuse to boot without a 32+ char secret
  (src/lib/session.ts, src/app/actions/clientAuth.ts)
- Rate limit with pluggable backend: in-memory by default, auto-promotes
  to Upstash Redis when REDIS_URL is set (src/lib/rateLimit.ts)
- CSRF (double-submit HMAC) + Zod validation on /api/consultation;
  new /api/csrf endpoint mints tokens (src/lib/csrf.ts)
- escapeHtml + safeMailto helpers; consultation email template now
  fully escapes user-controlled fields (src/lib/escapeHtml.ts)
- Magic-byte validation for /api/public-upload — rejects HTML/JS
  payloads renamed to .png/.mp4 (src/lib/fileType.ts)
- Nginx: CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy,
  Permissions-Policy + 5r/m upload zone for /api/public-upload and
  /api/assets (nginx/conf.d/flux.conf)

Quality:
- Delete GlobalOperations_old.tsx dead code (310 LOC)
- NavBar: replace 2s session polling with CustomEvent("flux:session-
  changed") + visibilitychange listener (no more interval leaks)
- Type-safe CMS shapes via src/types/cms.ts (replaces any[] in
  ApplicationsDashboard + GlobalOperations)
- /api/health now pings Postgres; docker-compose healthcheck added
- Structured JSON logger (src/lib/logger.ts) — drop-in replacement
  for console.error across API routes
- Prisma indices on isActive/category/nodeType filters

FluxAI persistence + analytics:
- New models AiConversation + AiEvent with funnel stage detection
  (DISCOVERY -> QUALIFY -> RECOMMEND -> HANDOFF) and OperationsSignal
  back-ref so converted chats link to their consultation ticket
- /api/chat persists every user msg, ai msg, tool call, tool result;
  IP is sha256-hashed with SESSION_SECRET salt; promptCacheKey wired
  for when @ai-sdk/openai lands the feature
- New HQ dashboard at /hq-command/dashboard/conversations: 4 KPIs
  (total, conversion rate, avg messages, avg tools), funnel + industry
  breakdowns, last-50 table, per-id transcript with tool timeline
- SilentObserver sends sessionId/locale/pageUrl in transport body so
  the route can stitch messages into the same conversation
- src/lib/aiSessionId.ts: localStorage UUID with sessionStorage +
  in-memory fallbacks for privacy mode
- Golden tests via node --test (13 cases, no new deps);
  npm run test:ai

Migration:
- prisma/migrations/20260526180000_add_indexes_and_ai_telemetry —
  additive only, IF NOT EXISTS guards, safe for migrate deploy

env template hardened: SESSION_SECRET documented as required + how
to generate; REDIS_URL/REDIS_TOKEN documented as opt-in for multi-
instance deploys.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-27 08:10:19 -05:00

davidherran

fc24313f15

production: docker + nginx config for rf-flux.com

Deploy to VPS / deploy (push) Has been cancelled

Details

2026-03-20 13:46:05 -05:00

3 Commits