feat(platform): tier 2 and tier 3 - webhooks, search, epics, exports, tokens, pages, sharing, importer and more#229
Merged
Merged
Conversation
- per-company webhook registrations: name, url, subscribed events or wildcard, server-generated HMAC secret returned once on create, active toggle - dispatcher piggybacks on the namespaced socketEmitter events every task mutation already fires: classifies update payloads into task.created, task.updated, task.deleted, task.archived and task.restored, debounces per company+task+event, resolves the tenant from the documents own CompanyId - delivery: POST with X-AlianHub-Event and X-AlianHub-Signature HMAC-SHA256 headers, whitelisted task payload, 8s timeout, one retry after 30s on network errors or 5xx; every attempt logged to webhookLogs with status, duration and attempt number - CRUD plus delivery-log endpoints under /api/v2/webhooks with the secret masked everywhere after creation - pure rules module with 17 unit tests; suite 62 passing Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
# Conflicts: # Config/collections.js # Config/schemaType.js # index.js # utils/mongo-handler/createSchema.js # utils/mongo-handler/mongoQueries.js # utils/mongo-handler/schema.js
Schema plumbing for the remaining roadmap features in one pass so the per-feature modules stay conflict-free: apiTokens, apiActivityLogs, exportJobs, importJobs, epics (plus epicId on tasks), pages, pageVersions, publicShares, intakeItems, and the global-DB publicShareIndex for tenant resolution on public links. Adds combined text indexes on tasks, projects and comments for global search. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Completes the changelog feature: GET /api/v2/changelog parses the release-please CHANGELOG.md into structured JSON (mtime-cached, markdown subset rendered to escaped HTML), a whats-new page at /:cid/whats-new, and the header version badge opens it in a new tab. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
POST /api/v2/search runs a per-company regex search across tasks (name and key), projects and comments, capped per type and excluding deleted records. Search all button in the board toolbar opens a spotlight-style modal with grouped, navigable results. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Epics group tasks above the sprint level: CRUD endpoints, task assignment with denormalised taskCount and completedCount counters plus a recount rebuild endpoint, an Epics panel in the board toolbar with inline create and progress bars, and an epic picker in the task detail. Counter deltas are pure and unit tested. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Export jobs persist through queued, processing and done or failed states and process right after creation: project (or sprint) tasks flatten to stable columns and write as CSV with BOM or XLSX under wasabiUploadsLocal exports. Download streams through an ownership checked endpoint. Toolbar Export dropdown starts a job, polls until ready and saves the file. Pure row, filename and CSV escaping rules are unit tested. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Personal tokens (ahp_ prefix, sha256-hashed at rest, shown once, optional read or write scopes and expiry) with CRUD endpoints and a per-call activity log. New self-contained /api/public-v1 namespace authenticates purely by token plus companyId header and exposes read endpoints for projects and tasks, fully decoupled from the web session auth so existing login flows are untouched. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Project documentation pages with a rich-text editor: CRUD endpoints, automatic version snapshots on every save with one-click restore, plain-text extraction for previews, and a Pages panel in the board toolbar with a page list, Quill editor and version history. Real-time co-editing is the documented follow-up; the storage model already supports it. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Sprints can be shared read-only at /share/:token — server-rendered, escaped HTML grouped by status, resolved to the tenant through a global token index, so the public surface needs no SPA route or auth. An optional intake form on the page captures requests into a pending inbox reviewed in-app with accept and reject. Management modal in the board toolbar creates the link, toggles enabled and intake, copies the URL and triages submissions. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
The Projects section already defined copy_link; the public-share modal reuses the existing key. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Upload a Jira CSV export in the new Import Jira modal: rows parse client-side, the server maps statuses case-insensitively onto the company catalog with a done-to-completed alias, maps the Jira priority scale, and feeds the existing createMultipleTasks pipeline so task keys, counters and sockets behave like a native bulk import. Every run is recorded in importJobs with counts and errors. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Fills the empty SaasAdmin routes with self-hoster instance endpoints: stats (version, uptime, company and user counts), a companies list, and a per-tenant audit-log CSV export with date filtering. Everything is gated behind an INSTANCE_ADMIN_KEY env header check and fully disabled when the key is unset, so default installs expose nothing. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Partial-translation baseline: each locale spreads the full English catalogue and overrides the most visible board, page, export, import and comment strings, so missing keys always fall back to English and the team can extend section by section. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Toolbar control wiring the existing auto-archive endpoints: enable toggle and archive-after-days input, saved per project. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Mongoose reserves the errors pathname; the import-job schema and its writers now use errorList. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Plus Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
This was referenced Jun 15, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Tier 2 + Tier 3 of the roadmap on one branch — ten features plus the Changelog page, each as its own conventional commit, all additive.
What''s included (one commit per feature)
d25b4b6f8206c7/:cid/whats-newrenders CHANGELOG.md (parsed + cached server-side); header version badge opens it44244edPOST /api/v2/searchacross tasks/projects/comments + spotlight modal in the toolbare53f9879023a6f9f019ee/api/public-v1tokened namespace (zero coupling with session auth)e46202cbb9a6c1/share/:tokenserver-rendered read-only boards (global token→tenant index), optional public intake form, in-app triage340ecde383007b+0cdbe736a897b9e58d285Also: collections pre-allocated in one plumbing commit (
7592117), tier-1 sync merge, two small fixes (duplicate i18n key, reservederrorsfield).Testing
Breaking changes
/api/public-v1and/share/:tokenare new surfaces, both auth-gated by design (token / unguessable link), and instance-admin endpoints are disabled unlessINSTANCE_ADMIN_KEYis set.Deliberate deferrals (tracked, not forgotten)
🤖 Generated with Claude Code