Security (Critical/High):
- Fix path traversal bypass in local storage provider (path.resolve + prefix check)
- Fix timing-unsafe HMAC comparison (crypto.timingSafeEqual)
- Add auth + ownership checks to email API routes (verify-credentials, change-password)
- Remove hardcoded secret key fallback in local storage provider
- Add production credential check for MinIO (fail loudly if not set)
- Remove DB error details from health check response
- Add stricter rate limiting on application submissions (5/hour)
- Add rate limiting on email availability check (anti-enumeration)
- Change getAIAssignmentJobStatus to adminProcedure
- Block dangerous file extensions on upload
- Reduce project list max perPage from 5000 to 200
Query Optimization:
- Optimize analytics getProjectRankings with select instead of full includes
- Fix N+1 in mentor.getSuggestions (batch findMany instead of loop)
- Use _count for files instead of fetching full file records in project list
- Switch to bulk notifications in assignment and user bulk operations
- Batch filtering upserts (25 per transaction instead of all at once)
UI/UX:
- Replace Inter font with Montserrat in public layout (brand consistency)
- Use Logo component in public layout instead of placeholder
- Create branded 404 and error pages
- Make admin rounds table responsive with mobile card layout
- Fix notification bell paths to be role-aware
- Replace hardcoded slate colors with semantic tokens in admin sidebar
- Force light mode (dark mode untested)
- Adjust CardTitle default size
- Improve muted-foreground contrast for accessibility (A11Y)
- Move profile form state initialization to useEffect
Code Quality:
- Extract shared toProjectWithRelations to anonymization.ts (removed 3 duplicates)
- Remove dead code: getObjectInfo, isValidImageSize, unused batch tag functions, debug logs
- Remove unused twilio dependency
- Remove redundant email index from schema
- Add actual storage object deletion when file records are deleted
- Wrap evaluation submit + assignment update in
- Add comprehensive platform review document
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Build and Push Docker Image / build (push) Successful in 9m26sDetails
BREAKING CHANGE: AI assignment job now stores suggestions in database
- Add suggestionsJson column to AssignmentJob table
- Store enriched suggestions when job completes
- Update getAISuggestions to retrieve stored suggestions instead of regenerating
- Filter out already-assigned pairs from stored suggestions
Previously, the background job generated suggestions but discarded them,
and getAISuggestions tried to regenerate from scratch (causing infinite loading).
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Build and Push Docker Image / build (push) Successful in 9m7sDetails
- Add missing updatedAt column to AssignmentJob table
- Fix algorithmic assignment to use AI-assigned projectTags instead of raw CSV tags
- Add case-insensitive tag matching for better expertise matching
- Scores should now properly reflect tag matches between judges and projects
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Build and Push Docker Image / build (push) Successful in 9m13sDetails
- Add AssignmentJob model to track AI assignment progress
- Create startAIAssignmentJob mutation for background processing
- Add getAIAssignmentJobStatus query for polling progress
- Update AI assignment service with progress callback support
- Add progress bar UI showing batch/project processing status
- Add toast notifications for job completion/failure
- Add AI_SUGGESTIONS_READY notification type
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Build and Push Docker Image / build (push) Successful in 9m41sDetails
- Add minAssignmentsPerJuror and maxAssignmentsPerJuror fields to Round model
- Update assignment router:
- Calculate effective max from user override or round default
- Add forceOverride parameter for manual assignment beyond limits
- Update getSuggestions to use round constraints with min target bonus
- Update getAISuggestions to pass constraints to AI service
- Update AI assignment service:
- Add minAssignmentsPerJuror to constraints interface
- Update fallback algorithm with under-min bonus scoring
- New score weights: 50% expertise, 30% load, 20% under-min bonus
- Update round router:
- Add new constraint fields to create/update schemas
- Add validation for min <= max constraint
- Update admin UI:
- Add min/max constraint fields to round edit page
- Remove hardcoded maxPerJuror from assignments page
- Add migration files for production deployment:
- User.bio field for judge/mentor profiles
- Round assignment constraint fields
Constraint hierarchy:
1. User.maxAssignments (if set) overrides round default
2. Round.maxAssignmentsPerJuror is the default cap
3. Admin can force-override any limit with confirmation
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Build and Push Docker Image / build (push) Successful in 14m3sDetails
Major cleanup and schema migration:
- Remove unused dynamic form builder system (ApplicationForm, ApplicationFormField, etc.)
- Complete migration from RoundProject junction table to direct Project.roundId
- Add sortOrder and entryNotificationType fields to Round model
- Add country field to User model for mentor matching
- Enhance onboarding with profile photo and country selection steps
- Fix all TypeScript errors related to roundProjects references
- Remove unused libraries (@radix-ui/react-toast, embla-carousel-react, vaul)
Files removed:
- admin/forms/* pages and related components
- admin/onboarding/* pages
- applicationForm.ts and onboarding.ts routers
- Dynamic form builder Prisma models and enums
Schema changes:
- Removed ApplicationForm, ApplicationFormField, OnboardingStep, ApplicationFormSubmission, SubmissionFile models
- Removed FormFieldType and SpecialFieldType enums
- Added Round.sortOrder, Round.entryNotificationType
- Added User.country
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Build and Push Docker Image / build (push) Successful in 8m57sDetails
The suggestions table was showing truncated IDs instead of actual names.
Updated getSuggestions to include jurorName and projectTitle in response.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Build and Push Docker Image / build (push) Successful in 8m18sDetails
- Add 15+ styled email templates matching existing invite email design
- Wire up notification triggers in all routers (assignment, round, project, mentor, application, onboarding)
- Add test email button for each notification type in admin settings
- Add round-attached notifications: admins can configure which notification to send when projects enter a round
- Fall back to status-based notifications when round has no configured notification
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Build and Push Docker Image / build (push) Successful in 8m16sDetails
Projects now exist at the program level instead of being locked to a
single round. A new RoundProject join table enables many-to-many
relationships with per-round status tracking. Rounds have sortOrder
for configurable progression paths.
- Add RoundProject model, programId on Project, sortOrder on Round
- Migration preserves existing data (roundId -> RoundProject entries)
- Update all routers to query through RoundProject join
- Add assign/remove/advance/reorder round endpoints
- Add Assign, Advance, Remove Projects dialogs on round detail page
- Add round reorder controls (up/down arrows) on rounds list
- Show all rounds on project detail page
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Build and Push Docker Image / build (push) Successful in 12m20sDetails
- Add react-easy-crop for circular crop + zoom UI on avatar upload
- Create server-side getUserAvatarUrl utility for generating pre-signed URLs
- Update all nav components (admin, jury, mentor, observer) to show user avatars
- Add avatar URLs to user list, mentor list, and project detail API responses
- Replace initials-only avatars with UserAvatar component across admin pages
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Build and Push Docker Image / build (push) Failing after 10sDetails
Full Next.js 15 platform with tRPC, Prisma, PostgreSQL, NextAuth.
Includes production Dockerfile (multi-stage, port 7600), docker-compose
with registry-based image pull, Gitea Actions CI workflow, nginx config
for portal.monaco-opc.com, deployment scripts, and DEPLOYMENT.md guide.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Matt