Skip to content

feat(platform): tier 2 and tier 3 - webhooks, search, epics, exports, tokens, pages, sharing, importer and more#229

Merged
parth0025 merged 17 commits into
stagingfrom
feat/tier-2-platform
Jun 10, 2026
Merged

feat(platform): tier 2 and tier 3 - webhooks, search, epics, exports, tokens, pages, sharing, importer and more#229
parth0025 merged 17 commits into
stagingfrom
feat/tier-2-platform

Conversation

@parth0025

Copy link
Copy Markdown
Collaborator

Summary

Tier 2 + Tier 3 of the roadmap on one branch — ten features plus the Changelog page, each as its own conventional commit, all additive.

What''s included (one commit per feature)

Commit Feature
d25b4b6 Outgoing webhooks — per-company registrations, HMAC-signed deliveries piggybacking the existing socket emits (debounced, 1 retry), delivery log, CRUD API
f8206c7 Changelog page/:cid/whats-new renders CHANGELOG.md (parsed + cached server-side); header version badge opens it
44244ed Global searchPOST /api/v2/search across tasks/projects/comments + spotlight modal in the toolbar
e53f987 Epics — CRUD, task assignment with counter roll-up + recount, toolbar panel with progress bars, picker in task detail
9023a6f Async exports — queued CSV/XLSX jobs, ownership-checked download, toolbar dropdown with polling
9f019ee Personal API tokens — hashed at rest, shown once, scopes/expiry, activity log, plus a self-contained /api/public-v1 tokened namespace (zero coupling with session auth)
e46202c Pages/wiki — versioned rich-text pages per project, snapshot-on-save, one-click restore, toolbar panel
bb9a6c1 Public sharing + intake/share/:token server-rendered read-only boards (global token→tenant index), optional public intake form, in-app triage
340ecde Jira importer — CSV upload modal, status/priority mapping, feeds the existing createMultipleTasks pipeline, run history
383007b+0cdbe73 Instance admin — stats/companies/audit-CSV endpoints, gated by INSTANCE_ADMIN_KEY (off by default)
6a897b9 Languages — ja / ko / pt-BR partial locales over full English fallback
e58d285 Auto-archive settings UI (Tier 1 follow-up)

Also: collections pre-allocated in one plumbing commit (7592117), tier-1 sync merge, two small fixes (duplicate i18n key, reserved errors field).

Testing

  • Unit tests — 136 passing across 16 suites (8 new pure-rules suites for webhooks, search, epics, exports, tokens, pages, shares, jira import)
  • Runtime load checks on every new module against the real singleton
  • ESLint clean on every touched frontend file
  • Manual browser pass — recommended before promote

Breaking changes

  • No — everything is additive: new modules, new collections (pre-declared on strict schemas with safe defaults), new toolbar controls, new endpoints. The only behavioral footnote: /api/public-v1 and /share/:token are new surfaces, both auth-gated by design (token / unguessable link), and instance-admin endpoints are disabled unless INSTANCE_ADMIN_KEY is set.

Deliberate deferrals (tracked, not forgotten)

  • Sign-in expansion (magic link, Microsoft/GitLab OAuth) and SAML/OIDC — auth-critical, deserve unhurried work
  • Wiki real-time co-editing (storage model already supports it)
  • Intake accept → auto-create task (currently marks accepted for manual creation)
  • Toolbar consolidation — the right side now carries many buttons; a "More" menu may be nicer

🤖 Generated with Claude Code

parth0025 and others added 17 commits June 10, 2026 17:46
- per-company webhook registrations: name, url, subscribed events or
  wildcard, server-generated HMAC secret returned once on create,
  active toggle
- dispatcher piggybacks on the namespaced socketEmitter events every
  task mutation already fires: classifies update payloads into
  task.created, task.updated, task.deleted, task.archived and
  task.restored, debounces per company+task+event, resolves the
  tenant from the documents own CompanyId
- delivery: POST with X-AlianHub-Event and X-AlianHub-Signature
  HMAC-SHA256 headers, whitelisted task payload, 8s timeout, one
  retry after 30s on network errors or 5xx; every attempt logged to
  webhookLogs with status, duration and attempt number
- CRUD plus delivery-log endpoints under /api/v2/webhooks with the
  secret masked everywhere after creation
- pure rules module with 17 unit tests; suite 62 passing

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
# Conflicts:
#	Config/collections.js
#	Config/schemaType.js
#	index.js
#	utils/mongo-handler/createSchema.js
#	utils/mongo-handler/mongoQueries.js
#	utils/mongo-handler/schema.js
Schema plumbing for the remaining roadmap features in one pass so the
per-feature modules stay conflict-free: apiTokens, apiActivityLogs,
exportJobs, importJobs, epics (plus epicId on tasks), pages,
pageVersions, publicShares, intakeItems, and the global-DB
publicShareIndex for tenant resolution on public links. Adds combined
text indexes on tasks, projects and comments for global search.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Completes the changelog feature: GET /api/v2/changelog parses the
release-please CHANGELOG.md into structured JSON (mtime-cached,
markdown subset rendered to escaped HTML), a whats-new page at
/:cid/whats-new, and the header version badge opens it in a new tab.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
POST /api/v2/search runs a per-company regex search across tasks
(name and key), projects and comments, capped per type and excluding
deleted records. Search all button in the board toolbar opens a
spotlight-style modal with grouped, navigable results.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Epics group tasks above the sprint level: CRUD endpoints, task
assignment with denormalised taskCount and completedCount counters
plus a recount rebuild endpoint, an Epics panel in the board toolbar
with inline create and progress bars, and an epic picker in the task
detail. Counter deltas are pure and unit tested.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Export jobs persist through queued, processing and done or failed
states and process right after creation: project (or sprint) tasks
flatten to stable columns and write as CSV with BOM or XLSX under
wasabiUploadsLocal exports. Download streams through an ownership
checked endpoint. Toolbar Export dropdown starts a job, polls until
ready and saves the file. Pure row, filename and CSV escaping rules
are unit tested.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Personal tokens (ahp_ prefix, sha256-hashed at rest, shown once,
optional read or write scopes and expiry) with CRUD endpoints and a
per-call activity log. New self-contained /api/public-v1 namespace
authenticates purely by token plus companyId header and exposes
read endpoints for projects and tasks, fully decoupled from the web
session auth so existing login flows are untouched.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Project documentation pages with a rich-text editor: CRUD endpoints,
automatic version snapshots on every save with one-click restore,
plain-text extraction for previews, and a Pages panel in the board
toolbar with a page list, Quill editor and version history. Real-time
co-editing is the documented follow-up; the storage model already
supports it.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Sprints can be shared read-only at /share/:token — server-rendered,
escaped HTML grouped by status, resolved to the tenant through a
global token index, so the public surface needs no SPA route or auth.
An optional intake form on the page captures requests into a pending
inbox reviewed in-app with accept and reject. Management modal in the
board toolbar creates the link, toggles enabled and intake, copies
the URL and triages submissions.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
The Projects section already defined copy_link; the public-share
modal reuses the existing key.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Upload a Jira CSV export in the new Import Jira modal: rows parse
client-side, the server maps statuses case-insensitively onto the
company catalog with a done-to-completed alias, maps the Jira
priority scale, and feeds the existing createMultipleTasks pipeline
so task keys, counters and sockets behave like a native bulk import.
Every run is recorded in importJobs with counts and errors.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Fills the empty SaasAdmin routes with self-hoster instance endpoints:
stats (version, uptime, company and user counts), a companies list,
and a per-tenant audit-log CSV export with date filtering. Everything
is gated behind an INSTANCE_ADMIN_KEY env header check and fully
disabled when the key is unset, so default installs expose nothing.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Partial-translation baseline: each locale spreads the full English
catalogue and overrides the most visible board, page, export, import
and comment strings, so missing keys always fall back to English and
the team can extend section by section.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Toolbar control wiring the existing auto-archive endpoints: enable
toggle and archive-after-days input, saved per project.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Mongoose reserves the errors pathname; the import-job schema and its
writers now use errorList.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@coderabbitai

coderabbitai Bot commented Jun 10, 2026

Copy link
Copy Markdown

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: eaf20755-6d3a-4cb6-9d96-a3066b9a2930

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch feat/tier-2-platform

Comment @coderabbitai help to get the list of available commands and usage tips.

@parth0025 parth0025 merged commit c12c593 into staging Jun 10, 2026
4 checks passed
@parth0025 parth0025 deleted the feat/tier-2-platform branch June 10, 2026 14:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant