diff --git a/CHANGELOG.md b/CHANGELOG.md index 958c635..77cb50a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,39 @@ and this project adheres to [Semantic Versioning 2.0](https://semver.org/spec/v2 ## [Unreleased] +## [0.8.0-beta] — 2026-07-13 + +A design + maintenance release on top of v0.7.0-beta: the frontend is +re-skinned to the sibling msk-shop look, board export gains CSV, and every +open Dependabot alert is closed. No schema or crypto-envelope change. + +### Changed + +- **Adopted the msk-shop design system** ([ADR 0025](docs/architecture/0025-adopt-msk-shop-design-system.md), + supersedes ADR 0024). The abandoned "Modern Minimal" direction (Geist fonts, + `#2ee6a6` accent) is replaced by the sibling msk-shop look for one consistent + MSK brand: GitHub-Dark surfaces (`#0d1117` / `#161b22`) + MSK green + (`#5eb131` dark / `#4ea426` light), Inter Variable + JetBrains Mono + (self-hosted via `@fontsource-variable`, no CDN), `next-themes` default dark. + The shadcn/ui + Radix primitives are kept and re-skinned; all screens are + migrated onto them with canonical tokens. + +### Added + +- **CSV board export** — `toCsv` / `downloadCsvExport` and an "Export CSV" button + next to JSON / Markdown / Trello. Flat, one row per card, custom fields as + columns, RFC-4180 escaping, UTF-8 BOM for spreadsheet apps. Completes the + export side of GDPR Art. 20 portability. `tests/unit/csv-export.test.ts`. + +### Security + +- **Dependency + security-alert sweep** — closed every open Dependabot alert: + overrides for vite 6.4.3, js-yaml 4.2.0, @babel/core 7.29.6; and bumps for + undici 7.28.0, nodemailer 9.0.3, next 16.2.9, react/react-dom 19.2.7, + react-hook-form 7.80.0, @types/node 26, prettier 3.9.5, plus the + actions/checkout v7 + actions/cache v6 CI actions. `pnpm audit` reports no + known vulnerabilities. + ## [0.7.0-beta] — 2026-06-07 A post-backlog polish + portability release on top of v0.6.0-beta. Closes the diff --git a/CLAUDE.md b/CLAUDE.md index 4bdddca..801d119 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -6,7 +6,7 @@ > **Repository-Pfad (lokal):** `C:\Users\morit\OneDrive\GitHub Repositories\FiveM Shop\mskanban` > **Server-Deployment:** Debian + Apache2 + MariaDB > **Lokale Entwicklung:** Next.js auf dem Host, MariaDB + Redis in Docker -> **Status:** **Latest release: `v0.7.0-beta` (2026-06-07) — Post-Backlog Polish + Portability: Offline-Create/Comment-Edit (ADR 0023), Live-Cursors default-on (ADR 0011), Trello-Export (DSGVO Art. 20), Mind-Map-Parent-Round-Trip (#49), CSP-style-src-Entscheidung (ADR 0022), externes Audit/Pen-Test-Readiness-Paket. Davor `v0.6.0-beta` (2026-05-30) — schließt den kompletten 25-Punkte-Lücken-Backlog (#27–#51): Auth-Hardening (per-User-Backoff + API-Ratelimit, opt-in HIBP ADR 0017, ReDoS-Guard, DB-append-only AuditLog), Transactional Email (ADR 0018), sanitized Markdown, user-picker Custom-Field, Board-Templates, Extra-Importer (GitHub/Jira/Wekan), Attachments-E2EE, DSGVO Export/Crypto-Shred, Admin-Bereich, Public REST API via PAT (ADR 0019), Mind-Map-View, WCAG-axe-Tests, Table-Virtual-Scrolling, Live-CRDT für Checklists/Comments (ADR 0020) und Offline-first (Precache-SW + card-scoped Write-Outbox, ADR 0021). Davor `v0.5.0-beta` (2026-05-28): account recovery (ADR 0012), workspace member management, WebAuthn 2FA (ADR 0013), public read-only boards (ADR 0014), wrapped BoardKeys (ADR 0015) + 20-bug-Audit. First beta `v0.1.0-beta` (2026-05-24), signed via cosign keyless OIDC.** Alle zehn Phasen (0–10) ✅, inklusive Phase 4 (E2EE-Layer): Krypto-Bibliothek + Key-Hierarchie + Recovery-Phrase voll gewired in Onboarding/Login/alle Board-/Card-/Comment-Pfade — Server sieht ausschließlich opake `v1..`-Envelopes. Phase-3-Plaintext-Pfad (`src/lib/encoding/plaintext-blob.ts` + Migration-Script) ist nach Cleanup entfernt; ADR 0007 ist damit "executed". +> **Status:** **Latest release: `v0.8.0-beta` (2026-07-13) — Design + Maintenance: msk-shop Design-System übernommen (ADR 0025, löst ADR 0024 „Modern Minimal" ab; GitHub-Dark + MSK-Grün, Inter/JetBrains Mono, shadcn/ui behalten + neu eingefärbt, alle ~40 Screens migriert), CSV-Board-Export, Dependency-+Security-Alert-Sweep (0 offene Dependabot-Alerts). Davor `v0.7.0-beta` (2026-06-07) — Post-Backlog Polish + Portability: Offline-Create/Comment-Edit (ADR 0023), Live-Cursors default-on (ADR 0011), Trello-Export (DSGVO Art. 20), Mind-Map-Parent-Round-Trip (#49), CSP-style-src-Entscheidung (ADR 0022), externes Audit/Pen-Test-Readiness-Paket. Davor `v0.6.0-beta` (2026-05-30) — schließt den kompletten 25-Punkte-Lücken-Backlog (#27–#51): Auth-Hardening (per-User-Backoff + API-Ratelimit, opt-in HIBP ADR 0017, ReDoS-Guard, DB-append-only AuditLog), Transactional Email (ADR 0018), sanitized Markdown, user-picker Custom-Field, Board-Templates, Extra-Importer (GitHub/Jira/Wekan), Attachments-E2EE, DSGVO Export/Crypto-Shred, Admin-Bereich, Public REST API via PAT (ADR 0019), Mind-Map-View, WCAG-axe-Tests, Table-Virtual-Scrolling, Live-CRDT für Checklists/Comments (ADR 0020) und Offline-first (Precache-SW + card-scoped Write-Outbox, ADR 0021). Davor `v0.5.0-beta` (2026-05-28): account recovery (ADR 0012), workspace member management, WebAuthn 2FA (ADR 0013), public read-only boards (ADR 0014), wrapped BoardKeys (ADR 0015) + 20-bug-Audit. First beta `v0.1.0-beta` (2026-05-24), signed via cosign keyless OIDC.** Alle zehn Phasen (0–10) ✅, inklusive Phase 4 (E2EE-Layer): Krypto-Bibliothek + Key-Hierarchie + Recovery-Phrase voll gewired in Onboarding/Login/alle Board-/Card-/Comment-Pfade — Server sieht ausschließlich opake `v1..`-Envelopes. Phase-3-Plaintext-Pfad (`src/lib/encoding/plaintext-blob.ts` + Migration-Script) ist nach Cleanup entfernt; ADR 0007 ist damit "executed". **ADR 0009 (2026-05-24):** Master Key bleibt in Memory + sessionStorage-Envelope (per-Tab, wipe-on-logout). Card-Decrypt lazy beim Öffnen eines Boards. diff --git a/README.md b/README.md index eda4d60..5da20b2 100644 --- a/README.md +++ b/README.md @@ -151,10 +151,10 @@ ADRs 0003, 0004, 0007, 0009) and [`docs/threat-model.md`](docs/threat-model.md). custom fields, card templates. - **Milestones** group cards into deliverables with an optional date window — drives the burn-down chart and timeline grouping. -- **Five views per board**: Kanban / Calendar / **Timeline (Gantt)** / - Table / Analytics. Analytics ships cycle time, lead time, CFD, aging - WIP, throughput, **burn-down per milestone** — all computed client- - side on decrypted data. +- **Six views per board**: Kanban / Calendar / **Timeline (Gantt)** / + Table / Analytics / **Mind-Map** (parent-child card links). Analytics + ships cycle time, lead time, CFD, aging WIP, throughput, **burn-down + per milestone** — all computed client-side on decrypted data. - **Real-time collaboration** via Yjs CRDTs. Card descriptions sync between users; **board-level presence** (Yjs awareness) shows who else is online with an avatar stack + per-card "is viewing" dots. The @@ -163,21 +163,31 @@ ADRs 0003, 0004, 0007, 0009) and [`docs/threat-model.md`](docs/threat-model.md). — declarative `{when, do}` rules per board, fully E2EE. Server sees only the plaintext trigger envelope (`trigger_type` + `trigger_meta`) whitelisted on every write; rule bodies live in `enc_rule`. -- **Offline-first PWA** with IndexedDB snapshot cache and a live - online/offline indicator. +- **Offline-first PWA** ([ADR 0021](docs/architecture/0021-offline-first.md)) — + a hand-rolled precache service worker (cold-start offline) plus a + card-scoped write outbox that queues mutations offline and replays them + on reconnect, with a live online/offline indicator. - **Activity feed + notifications** (server-visible metadata only). - **Webhooks** with HMAC-SHA256 signing, SSRF guard, persistent delivery queue with exponential backoff + DLQ surfaced in the UI. -- **Import** from MSKanban JSON, Trello JSON, generic CSV. **Export** - to JSON and Markdown. +- **Import** from MSKanban JSON, Trello, GitHub Projects, Jira (CSV), + Wekan and generic CSV. **Export** to MSKanban JSON, Markdown, + Trello-compatible JSON and CSV. +- **Public REST API** ([ADR 0019](docs/architecture/0019-personal-access-tokens.md)) + via Personal Access Tokens (`/api/v1`, metadata + ciphertext only — the + server has no keys), and **public read-only boards** shared by a link + whose decryption key lives only in the URL fragment. +- **Server admin area** (metadata-only user management, `requireAdmin`) and + a built-in **board-template** set. - **2FA**: TOTP **and** WebAuthn / Passkeys (both shipped), with a status-aware enable/disable screen. - **Account**: change email + password (zero-knowledge), active-session list/revoke, password recovery via a 24-word phrase, optional "stay unlocked on this device". -- **GDPR**: _planned, not yet shipped_ — account-level data export - (Art. 15/20) and crypto-shred deletion (Art. 17) are on the roadmap, - not yet implemented. (Board-level JSON/Markdown export exists today.) +- **GDPR**: account-level data export (Art. 15/20, `GET /api/me/export`) + and crypto-shred account deletion (Art. 17, `DELETE /api/me` with a + 30-day grace) are **shipped**, alongside the per-board JSON / Markdown / + Trello / CSV exports above. --- @@ -207,22 +217,23 @@ ADR 0006 for the reasoning. ## 📍 Status -`v0.1.0-beta` — released 2026-05-24, signed via cosign keyless OIDC. -All ten original roadmap phases shipped; post-beta features (milestones, -timeline, presence, automation) ship under `[Unreleased]` in -[`CHANGELOG.md`](CHANGELOG.md) and become `v0.2.0` when batched. - -| Phase | What | Status | -| ------------- | --------------------------------------------------------------- | -------------------------- | -| 0–3 | Setup + foundation + auth + core Kanban (plaintext MVP) | ✅ | -| 4 | Zero-knowledge E2EE | ✅ | -| 5 | Advanced UX (labels, custom fields, views, templates, activity) | ✅ | -| 6 | Real-time SSE + PWA + IndexedDB + Yjs WS relay | ✅ | -| 7 | Analytics | ✅ | -| 8 | Integrations & I/O (export, import, webhooks) | ✅ | -| 9 | Hardening (CSP nonces, webhook DLQ, SBOM, Cosign) | ✅ | -| 10 | Public Beta (`v0.1.0-beta`) | ✅ | -| **post-beta** | Milestones, Burn-Down, Timeline, Presence, Automation v1 | ✅ shipped, not yet tagged | +**Latest release: `v0.7.0-beta`** (2026-06-07), signed via cosign keyless +OIDC. All ten original roadmap phases **and** the full 25-point post-beta +backlog (#27–#51) are shipped. `main` additionally carries the +[msk-shop design-system redesign](docs/architecture/0025-adopt-msk-shop-design-system.md) +and CSV export under `[Unreleased]` in [`CHANGELOG.md`](CHANGELOG.md). + +| Phase | What | Status | +| --------------------------- | ------------------------------------------------------------------------------------------------------------------ | :----: | +| 0–3 | Setup + foundation + auth + core Kanban | ✅ | +| 4 | Zero-knowledge E2EE | ✅ | +| 5 | Advanced UX (custom fields, views, templates, activity) | ✅ | +| 6 | Real-time SSE + PWA + IndexedDB + Yjs WS relay | ✅ | +| 7 | Analytics | ✅ | +| 8 | Integrations & I/O (export, import, webhooks) | ✅ | +| 9 | Hardening (CSP nonces, webhook DLQ, SBOM, Cosign) | ✅ | +| 10 | Public Beta (`v0.1.0-beta`) | ✅ | +| Post-beta backlog (#27–#51) | Auth hardening, transactional email, admin area, public REST API (PAT), attachments E2EE, GDPR export/delete, mind-map, live CRDT, offline-first, WCAG axe tests | ✅ | Tracker, roadmap and the running design log live in [`CLAUDE.md`](CLAUDE.md) (German — the rest of the docs and code are