1b73d6b8db
Four phases shipped together. Each is a logical deploy unit on its own;
keeping the diff atomic so the rename runbook + migrations stay aligned.
Phase 1 — restore HP's formal review workflow
- Prisma: FeedbackItem, ReviewSession, ReviewSessionItem + enums
- New ApprovalType (NONE | SIMPLE | FORMAL) on PipelineStageDefinition
and PipelineStageTemplate. Stage row UI branches per type.
- feedback-service + review-session-service ported from HP (no ColorProbe)
- annotation-service auto-creates a FeedbackItem; revision-service
carries forward unresolved action items into the new revision.
- API: /api/reviews/*, /api/stages/[id]/feedback, /api/feedback/[id]
- Hooks: use-feedback, use-review-sessions
- UI: feedback-checklist, feedback-item-card, feedback-progress-bar,
create-session-dialog, session-builder, session-presenter,
session-summary, plus a new stage-review-panel
- Pages: /reviews list + detail, deliverable annotation review page
- Pipeline editor gets the approvalType select; sidebar gets Reviews
Phase 2 — full Dow Jones → L'Oréal rebrand + slug rename
- URL slug /dow-prod-tracker → /loreal-prod-tracker (next.config,
base path, redirects)
- docker-compose name + DB → loreal_prod_tracker; server path
/opt/loreal-prod-tracker; apache template renamed
- All visible strings → L'Oréal; sidebar bg #002B5C → black
- docs/RENAME_RUNBOOK.md describes the one-shot server migration
- Internal modules dow-excel-service/dow-import + OMG webhook domain
dowjones.com deliberately preserved (orthogonal to the rebrand)
Phase 3 — external /api/v1 for projects + deliverables
- API-key auth already in middleware; finished idempotency support
via new IdempotencyRecord model + src/lib/api/idempotency.ts
- Default-pipeline fallback in createProject when no template id given
- POST/GET /api/v1/projects + POST /api/v1/projects/[id]/deliverables
- docs/EXTERNAL_API.md with curl examples
Phase 4 — Box bidirectional integration
- JWT app-auth via jose (no extra deps). Config mounted as a docker
compose secret; deploy.sh stubs an empty {} so compose can start
before the operator drops the real JSON.
- Outbound: pushDeliverableToBox auto-fires on !APPROVED → APPROVED
in deliverable-status-service; "Send to client (Box)" manual button
on the approval stage row. Folder naming
{omgJobNumber}_{slug}_v{round}. 3-attempt exp backoff. BoxPushLog
audit.
- Inbound: /api/webhooks/box receives Box's signed events, matches by
OMG # + slug, creates a new Revision, routes to assignee or notifies
project owner. BoxInboundLog audit + two new NotificationType
values (BOX_UNMATCHED_FILE, NEW_FILE_AWAITING_REVIEWER).
- Naming-convention logic isolated in external-delivery-service so an
OMG-API transport can swap in later without touching matchers.
- Admin /settings/box page surfaces config status + recent activity.
Three Prisma migrations to apply on next deploy:
20260512000000_restore_review_workflow
20260512100000_idempotency_records
20260512200000_box_integration
URL rename is a one-shot — see docs/RENAME_RUNBOOK.md.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
87 lines
4.3 KiB
Text
87 lines
4.3 KiB
Text
# ─── Database ────────────────────────────────────────────
|
|
# connection_limit=20 & pool_timeout=10 give us headroom at ~40 concurrent
|
|
# users. Default (cpus*2+1) is ~5-9 inside a container and can exhaust
|
|
# when writes + TanStack Query polling coincide at peak.
|
|
DATABASE_URL="postgresql://postgres:postgres@localhost:5432/dow_prod_tracker?schema=public&connection_limit=20&pool_timeout=10"
|
|
DB_PASSWORD=postgres # Change in production
|
|
|
|
# ─── Auth (Microsoft Entra ID SSO — SPA registration) ───
|
|
AUTH_SECRET="" # Generate with: openssl rand -base64 32
|
|
# Azure AD Application (Client) ID
|
|
AZURE_CLIENT_ID=""
|
|
# Azure AD Directory (Tenant) ID
|
|
AZURE_TENANT_ID=""
|
|
# Redirect URI registered in Azure portal (SPA platform) — must be the login page URL
|
|
# e.g. https://your-domain.com/your-app/login
|
|
AZURE_REDIRECT_URI=""
|
|
# No client secret — SPA registrations use PKCE in the browser (no AUTH_URL needed)
|
|
|
|
# ─── Dev Auth Bypass (local development only) ───────────
|
|
# Set to "true" to skip all auth and auto-login as the DEV_USER_ID user.
|
|
# DANGEROUS — leaves the app wide open. Ignored in production.
|
|
# Default is "false" so the real local-auth flow is exercised on first
|
|
# run (log in as the seed admin — see DEPLOY.md / seed-dow.ts).
|
|
DEV_BYPASS_AUTH="false"
|
|
DEV_USER_ID="dev-user-001"
|
|
|
|
# ─── App ─────────────────────────────────────────────────
|
|
NEXT_PUBLIC_APP_URL="http://localhost:3000"
|
|
|
|
# ─── Claude AI (chat assistant — primary provider) ──────
|
|
ANTHROPIC_API_KEY=""
|
|
# ANTHROPIC_MODEL="claude-haiku-4-5-20251001"
|
|
|
|
# ─── Cron / Scheduler ───────────────────────────────────
|
|
CRON_SECRET="" # Generate with: openssl rand -hex 32
|
|
|
|
# ─── Ollama (AI — embeddings, search, chat fallback) ────
|
|
OLLAMA_HOST="http://localhost:11434"
|
|
OLLAMA_EMBED_MODEL="nomic-embed-text"
|
|
OLLAMA_LLM_MODEL="qwen3:1.7b"
|
|
|
|
# ─── Upstream Webhooks ──────────────────────────────────
|
|
# Three separate HMAC-signed intake endpoints — each has its own secret
|
|
# so compromising one doesn't give an attacker the others.
|
|
# POST /api/webhooks/omg — projects (canonical key: omgJobNumber)
|
|
# POST /api/webhooks/deliverables — deliverables (keyed by project+name)
|
|
# POST /api/webhooks/briefs — pre-project briefs (keyed by externalId)
|
|
#
|
|
# Signature header format is `sha256=<hex>` across all three:
|
|
# X-OMG-Signature — projects webhook
|
|
# X-Deliverable-Signature — deliverables webhook
|
|
# X-Brief-Signature — briefs webhook
|
|
#
|
|
# Set the matching *_ALLOW_INSECURE flag to "true" ONLY for local/stub
|
|
# testing — it short-circuits signature verification.
|
|
|
|
OMG_WEBHOOK_SECRET=""
|
|
OMG_WEBHOOK_ALLOW_INSECURE="false"
|
|
|
|
DELIVERABLE_WEBHOOK_SECRET=""
|
|
DELIVERABLE_WEBHOOK_ALLOW_INSECURE="false"
|
|
|
|
BRIEF_WEBHOOK_SECRET=""
|
|
BRIEF_WEBHOOK_ALLOW_INSECURE="false"
|
|
|
|
# ─── Auth Feature Flags ─────────────────────────────────
|
|
# MVP: false. Flip to "true" post-MVP once Entra redirect URI is live in Oliver's tenant.
|
|
# When false, login page shows only the local email+password form.
|
|
NEXT_PUBLIC_AUTH_ENTRA_ENABLED="false"
|
|
|
|
# ─── Box integration (Phase 4) ──────────────────────────
|
|
# Bidirectional Box transport: outbound on APPROVED, inbound via Box
|
|
# webhook. Auth is JWT app-auth (server-to-server). The JWT app generates
|
|
# a JSON config file in the Box developer console — mount it as a docker
|
|
# secret and point BOX_CONFIG_FILE at the path inside the container.
|
|
#
|
|
# When BOX_CONFIG_FILE is unset or the file doesn't exist, all Box paths
|
|
# fail closed with a clear error and the "Send to client" button surfaces
|
|
# "Box not configured" in the UI.
|
|
|
|
BOX_CONFIG_FILE="/run/secrets/box-config.json"
|
|
BOX_OUT_FOLDER_ID=""
|
|
BOX_WATCH_FOLDER_ID=""
|
|
BOX_WEBHOOK_PRIMARY_KEY=""
|
|
BOX_WEBHOOK_SECONDARY_KEY=""
|
|
# Local dev only — short-circuits Box webhook signature verification.
|
|
BOX_WEBHOOK_ALLOW_INSECURE="false"
|