- Backend: Azure AD JWKS validator with 24h cache, new POST /api/v1/auth/sso/login
endpoint, sso_login() in AuthService with auto-provisioning, password_hash made
nullable, auth_provider column added, Alembic migration c1d2e3f4a5b6
- Frontend: @azure/msal-browser, msal.ts config singleton, ssoLogin() API function,
login page updated with SSO button and redirect callback handling
- Deploy: frontend Dockerfile and docker-compose.prod.yml updated to bake Azure AD
vars into the image at build time; deploy.sh validates SSO config on init/deploy
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Scans storage/amazon/tm/ and storage/amazon/ref/, creates DB registry
entries for each JSON file so they appear in the TM Registry and
Reference Library pages. Extracts channel from TM filenames, locale
from ref filenames, counts JSONL segments. Idempotent (skips duplicates).
Also added to deploy.sh --init flow.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Next.js builds inside Docker's multi-stage builder get cached even when
source files change, causing stale frontends after deploy. Backend still
uses normal caching since Python doesn't have this issue.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Removed old import_reference_files.py step from --init (TM/ref files
are now tracked in git, no separate import needed)
- Added file count verification during --init to confirm TM files arrived
- Added --remove-orphans to docker compose commands to prevent stale
containers serving old builds
- Standard deploy now does compose down before up to ensure clean restart
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Apache reverse proxy config (replaces nginx — server already runs Apache)
- Next.js basePath set to /amazon-transcreation for subpath deployment
- Frontend on port 3050 (3000 taken), backend on 8040
- WebSocket URL auto-detects protocol from page location
- Deploy script handles Apache config injection into existing vhost
- All Docker ports bound to 127.0.0.1 (Apache handles external access)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- deploy.sh: one-command deploy script (--init for first time, bare for updates)
- docker-compose.prod.yml: production stack with nginx, multi-worker uvicorn, no volume mounts for code
- nginx/nginx.conf: reverse proxy with rate limiting, WebSocket support, static asset caching
- Fix login to use real backend API instead of mock localStorage tokens
- Add auth guard to AppShell (prevents flash-of-content on unauthenticated routes)
- JWT claims decoded client-side for user info (no extra /me call needed)
- Switch logo from missing .jpeg to .svg
- Frontend API URL defaults to same-origin (works behind nginx without CORS)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
