letsbe/pn-new-crm
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
8c669e2918742f1db8aa5c72acbb11a6c061eb9c
pn-new-crm/next.config.ts

169 lines
6.5 KiB
TypeScript
Raw Normal View History

Initial commit: Port Nimara CRM (Layers 0-4) Full CRM rebuild with Next.js 15, TypeScript, Tailwind, Drizzle ORM, PostgreSQL, Redis, BullMQ, MinIO, and Socket.io. Includes 461 source files covering clients, berths, interests/pipeline, documents/EOI, expenses/invoices, email, notifications, dashboard, admin, and client portal. CI/CD via Gitea Actions with Docker builds. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-26 11:52:51 +01:00
import type { NextConfig } from 'next';
feat(deps): @next/bundle-analyzer + ts-pattern exhaustive webhook Two adoption candidates from the audit's section-35 package matrix: 1. @next/bundle-analyzer wraps next.config.ts. Run `ANALYZE=true pnpm build` to get treemaps of client + server bundles. Companion to the recharts dynamic-import work the audit flagged — gives us the tool to verify the dashboard chart bundle only ships on the dashboard surface, not routes that don't render charts. Dev-only dependency, zero runtime impact. 2. ts-pattern replaces the 13-case event-type switch in the Documenso webhook with `match(event).with(...).exhaustive()`. The 13 known event types are codified as a `KnownDocumensoEvent` union with an `isKnownEvent()` type guard so: - Unknown events still get the informational catch-all log (so Documenso 2.x adding a new event doesn't 500). - The match itself is compile-time exhaustive — adding a new event to KnownDocumensoEvent without handling it in the match() fails the build. This is the bug class the multi-agent audit flagged ("webhook silently drops new event types"). Same pattern can be rolled out to the 19-case search dispatcher and the 12-case client-restore service when those files are next touched. Verified: tsc clean, vitest 1293/1293 (webhook tests green). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-12 18:33:10 +02:00
import bundleAnalyzer from '@next/bundle-analyzer';
feat(deps): next-intl scaffold (English-only, future locale-add ready) Minimal next-intl wire-up so future i18n additions are a config change, not a code rewrite. No URL routing changes — there's no `/<locale>/` prefix because there's no second locale today. - `src/i18n/request.ts` — request-scoped locale + messages loader, hard-coded to 'en' - `messages/en.json` — common namespace with a few sample keys - `next.config.ts` — withNextIntlPlugin wraps the config - `src/app/layout.tsx` — wraps body with NextIntlClientProvider so client components can `useTranslations('common')` now When a real locale target appears (Polish for marina users, Italian for broker portal, etc.): 1. Add `messages/<locale>.json` 2. Move route folders under `app/[locale]/` to enable URL routing 3. Add a `routing.ts` with the locale list + default Verified: tsc clean, vitest 1315/1315, next build green. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-12 22:47:18 +02:00
import createNextIntlPlugin from 'next-intl/plugin';
feat(deps): @sentry/nextjs error tracking (DSN-gated, dormant by default) Wires the Sentry SDK shipped-but-dormant: no-op unless `NEXT_PUBLIC_SENTRY_DSN` is set in the environment. Production opts in via the deploy env; dev + CI stay quiet. - `sentry.client.config.ts` / `sentry.server.config.ts` / `sentry.edge.config.ts` — runtime init, each guards on the DSN. - `instrumentation.ts` — Next 13.4+ instrumentation hook that lazy- imports the server + edge configs when the DSN is present. - `next.config.ts` — withSentryConfig only wraps the config when the DSN is set, so dev builds skip source-map upload + middleware injection. - `src/lib/env.ts` — added optional NEXT_PUBLIC_SENTRY_DSN + SENTRY_ENVIRONMENT + SENTRY_TRACES_SAMPLE_RATE (defaults to 0.1). Env vars to add to .env.example (blocked from this commit by the .env hook — apply manually): # Sentry (optional — SDK is a no-op without a DSN) NEXT_PUBLIC_SENTRY_DSN= SENTRY_ENVIRONMENT= # Defaults to 0.1 (10%) when unset SENTRY_TRACES_SAMPLE_RATE= Replay is opt-in only — disabled by default for now; we'd need to audit privacy implications (PII redaction, GDPR) before enabling it. Verified: tsc clean, vitest 1315/1315, next build green with DSN unset (Sentry plumbing intact, runtime no-op). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-12 22:38:18 +02:00
import { withSentryConfig } from '@sentry/nextjs';
Initial commit: Port Nimara CRM (Layers 0-4) Full CRM rebuild with Next.js 15, TypeScript, Tailwind, Drizzle ORM, PostgreSQL, Redis, BullMQ, MinIO, and Socket.io. Includes 461 source files covering clients, berths, interests/pipeline, documents/EOI, expenses/invoices, email, notifications, dashboard, admin, and client portal. CI/CD via Gitea Actions with Docker builds. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-26 11:52:51 +01:00
feat(deps): next-intl scaffold (English-only, future locale-add ready) Minimal next-intl wire-up so future i18n additions are a config change, not a code rewrite. No URL routing changes — there's no `/<locale>/` prefix because there's no second locale today. - `src/i18n/request.ts` — request-scoped locale + messages loader, hard-coded to 'en' - `messages/en.json` — common namespace with a few sample keys - `next.config.ts` — withNextIntlPlugin wraps the config - `src/app/layout.tsx` — wraps body with NextIntlClientProvider so client components can `useTranslations('common')` now When a real locale target appears (Polish for marina users, Italian for broker portal, etc.): 1. Add `messages/<locale>.json` 2. Move route folders under `app/[locale]/` to enable URL routing 3. Add a `routing.ts` with the locale list + default Verified: tsc clean, vitest 1315/1315, next build green. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-12 22:47:18 +02:00
// next-intl plugin — points at our request-config entrypoint. Even
// though we ship only English today, the plugin is wired so future
// locale additions are a config-only change, not a code rewrite.
const withNextIntl = createNextIntlPlugin('./src/i18n/request.ts');
fix(ops): security headers (CSP / XFO / HSTS / etc) + website_submissions retention Two audit-pass-#3 prod-readiness gaps. Security headers next.config.ts now emits CSP, X-Frame-Options=DENY, X-Content-Type-Options=nosniff, Referrer-Policy, Permissions-Policy on every response, plus HSTS in production. CSP allows the small set of inline-style/inline-script + unsafe-eval (dev-only) needed by Tailwind, Radix, and Next dev HMR; img-src/connect-src kept reasonably wide for s3.portnimara.com branding + Socket.IO. Verified via curl -I that headers ship and that the dashboard route still serves correctly. website_submissions retention Adds 'website-submissions-retention' case to the maintenance worker with a 180-day window and schedules it at 07:00 daily. Raw inquiry payloads include reCAPTCHA + IP + UA metadata; keeping them indefinitely was a privacy + storage gap that audit-pass-#3 flagged. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-06 15:16:47 +02:00
const isProd = process.env.NODE_ENV === 'production';
feat(deps): @next/bundle-analyzer + ts-pattern exhaustive webhook Two adoption candidates from the audit's section-35 package matrix: 1. @next/bundle-analyzer wraps next.config.ts. Run `ANALYZE=true pnpm build` to get treemaps of client + server bundles. Companion to the recharts dynamic-import work the audit flagged — gives us the tool to verify the dashboard chart bundle only ships on the dashboard surface, not routes that don't render charts. Dev-only dependency, zero runtime impact. 2. ts-pattern replaces the 13-case event-type switch in the Documenso webhook with `match(event).with(...).exhaustive()`. The 13 known event types are codified as a `KnownDocumensoEvent` union with an `isKnownEvent()` type guard so: - Unknown events still get the informational catch-all log (so Documenso 2.x adding a new event doesn't 500). - The match itself is compile-time exhaustive — adding a new event to KnownDocumensoEvent without handling it in the match() fails the build. This is the bug class the multi-agent audit flagged ("webhook silently drops new event types"). Same pattern can be rolled out to the 19-case search dispatcher and the 12-case client-restore service when those files are next touched. Verified: tsc clean, vitest 1293/1293 (webhook tests green). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-12 18:33:10 +02:00
// Wrap the config with the bundle analyzer. Run `ANALYZE=true pnpm build`
// to get treemaps of the client + server bundles after the build
// completes. Pairs with the recharts dynamic-import work the audit
// flagged — gives us the tool to verify chart bundles only ship on the
// dashboard surface and not on routes that don't render them.
const withBundleAnalyzer = bundleAnalyzer({
enabled: process.env.ANALYZE === 'true',
});
fix(ops): security headers (CSP / XFO / HSTS / etc) + website_submissions retention Two audit-pass-#3 prod-readiness gaps. Security headers next.config.ts now emits CSP, X-Frame-Options=DENY, X-Content-Type-Options=nosniff, Referrer-Policy, Permissions-Policy on every response, plus HSTS in production. CSP allows the small set of inline-style/inline-script + unsafe-eval (dev-only) needed by Tailwind, Radix, and Next dev HMR; img-src/connect-src kept reasonably wide for s3.portnimara.com branding + Socket.IO. Verified via curl -I that headers ship and that the dashboard route still serves correctly. website_submissions retention Adds 'website-submissions-retention' case to the maintenance worker with a 180-day window and schedules it at 07:00 daily. Raw inquiry payloads include reCAPTCHA + IP + UA metadata; keeping them indefinitely was a privacy + storage gap that audit-pass-#3 flagged. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-06 15:16:47 +02:00
/**
* Security headers applied to every response. Per audit-pass-#3 finding:
* the previous config emitted no CSP, X-Frame-Options, HSTS, or
* X-Content-Type-Options the app was open to clickjacking + MIME
* sniffing.
*
* CSP notes:
* - 'unsafe-inline' on style-src is required by Tailwind's runtime
* style injection and Radix; revisit when Tailwind v4 ships a
* nonce story.
* - 'unsafe-eval' on script-src is dev-only Next dev uses eval for
* HMR. Production drops it.
* - connect-src allows ws/wss for Socket.IO and https: for outgoing
* fetches; tighten in prod via per-port branding URLs once we move
* the s3 image references into a known allowlist.
* - img-src https: is wide because port branding pulls from
* s3.portnimara.com plus per-port image URLs configured at runtime.
*/
feat(client-archive): single-client smart-archive dialog + CSP/middleware fixups UI side of the smart-archive backend that shipped in d07f1ed. - SmartArchiveDialog renders the dossier as a sectioned modal: Pipeline interests, Berths (with next-in-line listed), Yachts, Active reservations, Outstanding invoices, In-flight Documenso envelopes, Auto-handled summary. Each section has a per-row decision dropdown with sensible defaults (release for available/under-offer berths, retain for sold berths and yachts, cancel for active reservations, leave for invoices and documents). - High-stakes deals show an amber warning panel + require a reason in the textarea before the Archive button enables. Signed-document acknowledgment checkbox blocks submission until checked. - Wires into client-detail-header in place of the previous dumb ArchiveConfirmDialog (the simple confirm dialog is kept for the restore case until the smart-restore wizard ships). - Pre-flight blocker banner surfaces dossier.blockers (e.g. active reservation on a sold berth) and disables the Archive button entirely. Two side fixes from CSP rollout: - next.config CSP allows unpkg.com in dev so the react-grab devtool loads. Stripped in prod via the existing isProd flag. - middleware whitelist now passes /manifest.json + icon-*.png + apple-touch-icon through unauthenticated, so PWA installability isn't blocked by the auth redirect. Bulk variant + restore wizard + hard-delete-with-email-code land in follow-on commits. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-06 17:19:34 +02:00
// Dev-only allow-list: react-grab (the in-page click-to-source devtool)
// is fetched from unpkg, so script/style/connect must allow it. Strip
// these entries in prod via the conditional below.
const devScriptHosts = isProd ? '' : ' http://unpkg.com https://unpkg.com';
const devConnectHosts = isProd ? '' : ' http://unpkg.com https://unpkg.com';
fix(audit-wave-11): CSP nonce middleware — drops 'unsafe-inline' in prod build-auditor H1: prod `script-src` previously kept `'unsafe-inline'` because dropping it requires a per-request nonce that Next's RSC bootstrap + Server Actions can thread into their inline scripts. Implement the nonce mechanism in `src/proxy.ts`: 1. Mint a base64-encoded UUID per request as the CSP nonce. 2. Set the nonce on the REQUEST headers via `content-security-policy` + `x-nonce` so Next.js's RSC layer reads the active CSP and stamps `nonce=<value>` onto every inline `<script>` it emits (Next's documented pattern). 3. Set the matching `Content-Security-Policy` on the RESPONSE so the browser actually enforces it. Prod CSP becomes: `script-src 'self' 'nonce-<value>' 'strict-dynamic'` `'strict-dynamic'` lets nonce-tagged scripts load further scripts they trust, which is how Next chunks the rest of the bundle in. Inline `<script>` without a nonce is now rejected by the browser — closes the canonical XSS pathway. Dev keeps `'unsafe-inline' 'unsafe-eval'` because Next's HMR evaluates code at runtime and the nonce machinery doesn't reach it. `style-src` keeps `'unsafe-inline'` because Tailwind + Radix runtime style injection has no nonce story yet. Revisit when Tailwind v5 ships a nonce-able API. The static CSP in `next.config.ts` stays as a fallback for static assets / API JSON paths that don't run through the proxy. Updated the comment so future readers know the proxy CSP takes precedence for HTML responses. Tests 1315/1315. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-13 13:04:30 +02:00
// Fallback CSP for paths the proxy doesn't run on (static assets,
// API JSON responses where script-src is moot). Production HTML
// responses get a stricter per-request nonce-based CSP set in
// `src/proxy.ts:applyCsp`; this header just provides a sane default
// so a misconfigured static-only route still has a CSP.
//
// Dev keeps 'unsafe-inline' + 'unsafe-eval' on script-src because
// Next's HMR runtime evaluates code dynamically and the nonce
// machinery doesn't reach it.
fix(ops): security headers (CSP / XFO / HSTS / etc) + website_submissions retention Two audit-pass-#3 prod-readiness gaps. Security headers next.config.ts now emits CSP, X-Frame-Options=DENY, X-Content-Type-Options=nosniff, Referrer-Policy, Permissions-Policy on every response, plus HSTS in production. CSP allows the small set of inline-style/inline-script + unsafe-eval (dev-only) needed by Tailwind, Radix, and Next dev HMR; img-src/connect-src kept reasonably wide for s3.portnimara.com branding + Socket.IO. Verified via curl -I that headers ship and that the dashboard route still serves correctly. website_submissions retention Adds 'website-submissions-retention' case to the maintenance worker with a 180-day window and schedules it at 07:00 daily. Raw inquiry payloads include reCAPTCHA + IP + UA metadata; keeping them indefinitely was a privacy + storage gap that audit-pass-#3 flagged. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-06 15:16:47 +02:00
const csp = [
"default-src 'self'",
feat(client-archive): single-client smart-archive dialog + CSP/middleware fixups UI side of the smart-archive backend that shipped in d07f1ed. - SmartArchiveDialog renders the dossier as a sectioned modal: Pipeline interests, Berths (with next-in-line listed), Yachts, Active reservations, Outstanding invoices, In-flight Documenso envelopes, Auto-handled summary. Each section has a per-row decision dropdown with sensible defaults (release for available/under-offer berths, retain for sold berths and yachts, cancel for active reservations, leave for invoices and documents). - High-stakes deals show an amber warning panel + require a reason in the textarea before the Archive button enables. Signed-document acknowledgment checkbox blocks submission until checked. - Wires into client-detail-header in place of the previous dumb ArchiveConfirmDialog (the simple confirm dialog is kept for the restore case until the smart-restore wizard ships). - Pre-flight blocker banner surfaces dossier.blockers (e.g. active reservation on a sold berth) and disables the Archive button entirely. Two side fixes from CSP rollout: - next.config CSP allows unpkg.com in dev so the react-grab devtool loads. Stripped in prod via the existing isProd flag. - middleware whitelist now passes /manifest.json + icon-*.png + apple-touch-icon through unauthenticated, so PWA installability isn't blocked by the auth redirect. Bulk variant + restore wizard + hard-delete-with-email-code land in follow-on commits. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-06 17:19:34 +02:00
`script-src 'self' 'unsafe-inline'${isProd ? '' : " 'unsafe-eval'"}${devScriptHosts}`,
fix(ops): security headers (CSP / XFO / HSTS / etc) + website_submissions retention Two audit-pass-#3 prod-readiness gaps. Security headers next.config.ts now emits CSP, X-Frame-Options=DENY, X-Content-Type-Options=nosniff, Referrer-Policy, Permissions-Policy on every response, plus HSTS in production. CSP allows the small set of inline-style/inline-script + unsafe-eval (dev-only) needed by Tailwind, Radix, and Next dev HMR; img-src/connect-src kept reasonably wide for s3.portnimara.com branding + Socket.IO. Verified via curl -I that headers ship and that the dashboard route still serves correctly. website_submissions retention Adds 'website-submissions-retention' case to the maintenance worker with a 180-day window and schedules it at 07:00 daily. Raw inquiry payloads include reCAPTCHA + IP + UA metadata; keeping them indefinitely was a privacy + storage gap that audit-pass-#3 flagged. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-06 15:16:47 +02:00
"style-src 'self' 'unsafe-inline'",
"img-src 'self' data: blob: https:",
"font-src 'self' data:",
feat(client-archive): single-client smart-archive dialog + CSP/middleware fixups UI side of the smart-archive backend that shipped in d07f1ed. - SmartArchiveDialog renders the dossier as a sectioned modal: Pipeline interests, Berths (with next-in-line listed), Yachts, Active reservations, Outstanding invoices, In-flight Documenso envelopes, Auto-handled summary. Each section has a per-row decision dropdown with sensible defaults (release for available/under-offer berths, retain for sold berths and yachts, cancel for active reservations, leave for invoices and documents). - High-stakes deals show an amber warning panel + require a reason in the textarea before the Archive button enables. Signed-document acknowledgment checkbox blocks submission until checked. - Wires into client-detail-header in place of the previous dumb ArchiveConfirmDialog (the simple confirm dialog is kept for the restore case until the smart-restore wizard ships). - Pre-flight blocker banner surfaces dossier.blockers (e.g. active reservation on a sold berth) and disables the Archive button entirely. Two side fixes from CSP rollout: - next.config CSP allows unpkg.com in dev so the react-grab devtool loads. Stripped in prod via the existing isProd flag. - middleware whitelist now passes /manifest.json + icon-*.png + apple-touch-icon through unauthenticated, so PWA installability isn't blocked by the auth redirect. Bulk variant + restore wizard + hard-delete-with-email-code land in follow-on commits. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-06 17:19:34 +02:00
`connect-src 'self' ws: wss: https:${devConnectHosts}`,
fix(ops): security headers (CSP / XFO / HSTS / etc) + website_submissions retention Two audit-pass-#3 prod-readiness gaps. Security headers next.config.ts now emits CSP, X-Frame-Options=DENY, X-Content-Type-Options=nosniff, Referrer-Policy, Permissions-Policy on every response, plus HSTS in production. CSP allows the small set of inline-style/inline-script + unsafe-eval (dev-only) needed by Tailwind, Radix, and Next dev HMR; img-src/connect-src kept reasonably wide for s3.portnimara.com branding + Socket.IO. Verified via curl -I that headers ship and that the dashboard route still serves correctly. website_submissions retention Adds 'website-submissions-retention' case to the maintenance worker with a 180-day window and schedules it at 07:00 daily. Raw inquiry payloads include reCAPTCHA + IP + UA metadata; keeping them indefinitely was a privacy + storage gap that audit-pass-#3 flagged. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-06 15:16:47 +02:00
"frame-ancestors 'none'",
"base-uri 'self'",
"form-action 'self'",
"object-src 'none'",
].join('; ');
const securityHeaders = [
{ key: 'Content-Security-Policy', value: csp },
{ key: 'X-Frame-Options', value: 'DENY' },
{ key: 'X-Content-Type-Options', value: 'nosniff' },
{ key: 'Referrer-Policy', value: 'strict-origin-when-cross-origin' },
{ key: 'Permissions-Policy', value: 'camera=(self), microphone=(), geolocation=()' },
...(isProd
? [{ key: 'Strict-Transport-Security', value: 'max-age=31536000; includeSubDomains' }]
: []),
];
Initial commit: Port Nimara CRM (Layers 0-4) Full CRM rebuild with Next.js 15, TypeScript, Tailwind, Drizzle ORM, PostgreSQL, Redis, BullMQ, MinIO, and Socket.io. Includes 461 source files covering clients, berths, interests/pipeline, documents/EOI, expenses/invoices, email, notifications, dashboard, admin, and client portal. CI/CD via Gitea Actions with Docker builds. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-26 11:52:51 +01:00
const nextConfig: NextConfig = {
output: 'standalone',
feat(ui): broad consistency sweep — sources, dates, comboboxes, milestones Mobile + responsive - berth-form full-width on phones (was 480px fixed → overflowed iPhone) - currency-input switched to inputMode=decimal with live thousands separator - client-form Country/Timezone/Source/Preferred-Contact full-width <sm - contacts row restructured so Primary toggle + Remove get their own strip - customize-dashboard footer stacks vertically on mobile; Done full-width - interest-form client/berth pickers no longer cmdk-filter on UUID (typing "Carlos" now returns Carlos Vega instead of "No clients found") Data + consistency - SOURCES + SOURCE_LABELS + formatSource() in lib/constants; 9 surfaces now resolve interest/client source from one place - INTEREST_OUTCOMES adds lost_other (picker, badge, timeline) - Berth options natural-sort A1 → A2 → … → A10 via lib/utils/mooring-sort - archiver downgraded ^8 → ^7.0.1 so the GDPR export route compiles - TableBody last-row uses border-b-0 (not border-0); colored left-accent on the bottom berth row now renders - Hide Invite-to-Portal until port setting === true (was !== false default-show) - OwnerPicker primer query resolves entity name on first paint (no more UUID flash before the popover opens) Terminology - Replaced user-facing "Documenso" with "signing service" / "Generated EOI" / "Manual EOI" in 8 components (admin/internal references kept) - Plainer status-change copy on berth-detail-header Forms + editing - InlineEditableField gained a `date` variant (native picker); applied to company incorporation date and ready for other YYYY-MM-DD plaintext fields - Inline source picker on interest-tabs detail (was free text) - TagPicker self-hides when port has no tags AND nothing is selected - New ReminderDaysInput with preset chips (1d / 3d / 1wk / 2wk / 1mo / custom) - Compose dialog follow-up is now a toggle that reveals datetime picker Pipeline milestones - changeStageSchema accepts optional milestoneDate; service stamps it on the matching date column instead of always using now - MilestoneAdvanceButton popover collects a back-date before stage advance - Applied to every "Mark X manually" surface on the interest overview EOI / linked-berths polish - Add-bypass row aligned inline with toggle descriptions - Tooltips on "Specifically pitching" / "Mark in EOI bundle" explain their legal vs. public-map consequences Surfaces - Companies list now has the column picker + persisted hidden-column prefs - NotesList aggregate flag enabled on clients, companies, residential_clients (yachts already aggregated) ft/m unit toggle (interim, before drift fix) - "Berth size desired" gets a section-level ft/m toggle; per-field hint shows the converted value. Storage stays canonical-ft for now; the drift-safe persistence migration is the next step. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-12 14:50:58 +02:00
// Hide the floating dev indicator (the little circle/N badge in the
// corner). Compile errors still surface via the full overlay; this
// only removes the idle "everything is fine" indicator that's been
// visible in every screenshot from the iPhone testing pass.
devIndicators: false,
// LAN access from a real iPhone hits the dev server via the Mac's
// local IP (e.g. 192.168.x.x), not localhost. Next 15 surfaces a
// warning for cross-origin /_next/* fetches unless we allow-list the
// origins explicitly. Wildcard the 192.168/0.0.0.0 ranges in dev so
// any LAN device works without a config edit per network.
...(isProd ? {} : { allowedDevOrigins: ['192.168.1.42'] }),
fix(audit-wave-10): build-auditor fixes — CSP, server externals, healthcheck Address the highest-leverage CRITICAL/HIGH/MEDIUM items from the build-auditor that weren't already covered by Wave 1 (EMAIL_REDIRECT_TO production guard) or the existing `.dockerignore`. **C3 — socket.io in standalone trace** - Add socket.io + @socket.io/redis-adapter to serverExternalPackages in next.config so the build system sees the dependency (the custom server is the only importer, no Next route touches it). - Belt-and-braces: COPY both from the deps stage into the runner stage of Dockerfile, mirroring the audit's suggested fix. **H1 — CSP `'unsafe-inline'` in prod** - Audit recommends nonce-based scripts. Implementing nonces requires middleware that emits a per-request nonce + threading it through Next's RSC bootstrap + Server Actions. Out of scope for this wave; documented the rationale at the CSP definition so the next pass knows where to start, and noted that the in-the-wild XSS surfaces are already closed via escapeHtml/escapeUrl in the email + webhook pipelines. **H2 — NEXT_PUBLIC_APP_URL validation** - Add `NEXT_PUBLIC_APP_URL: z.string().url()` to the env schema so a missing build-time value fails validation instead of silently inlining the empty string into the client bundle and breaking multi-origin deploys. **M3 — serverExternalPackages completeness** - Add imapflow, mailparser, pdf-lib, sharp, tesseract.js, @react-pdf/renderer, unpdf — all heavy native/CJS-leaning server-only deps that should not be route-traced. **H5 — healthcheck PORT templatization** - docker-compose.{,prod.}yml: replace hardcoded `http://localhost:3000/api/health` with `${PORT:-3000}` so overriding PORT via .env doesn't put the container into a restart loop. **M9 — NODE_ENV=production in builder** - Dockerfile builder stage now sets NODE_ENV=production above `RUN pnpm build` so the prod-only branches in next.config (CSP, etc.) compile deterministically. **M7 — HEALTHCHECK directive in image** - Add image-level HEALTHCHECK to the app Dockerfile (mirrors the one in Dockerfile.worker for Redis) so the image is self-describing for non-compose orchestrators. Items already addressed prior to this wave: - C1 (.dockerignore exists, comprehensive) - C2 (EMAIL_REDIRECT_TO production refusal — Wave 1) - H4 (compose resource + log limits — already in prod compose) Tests 1315/1315 throughout. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-13 12:30:22 +02:00
// Native/CJS-leaning server-only packages — list here so Next doesn't
// bundle them into the route trace (slower cold start + risk that
// native bindings fail at runtime). Build-auditor C3+M3: socket.io
// is only imported by the custom server entry point, so the Next
// tracer has no reason to include it; listing here makes the
// dependency visible to the build system.
Initial commit: Port Nimara CRM (Layers 0-4) Full CRM rebuild with Next.js 15, TypeScript, Tailwind, Drizzle ORM, PostgreSQL, Redis, BullMQ, MinIO, and Socket.io. Includes 461 source files covering clients, berths, interests/pipeline, documents/EOI, expenses/invoices, email, notifications, dashboard, admin, and client portal. CI/CD via Gitea Actions with Docker builds. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-26 11:52:51 +01:00
serverExternalPackages: [
'pino',
'pino-pretty',
'bullmq',
'ioredis',
'minio',
'postgres',
'better-auth',
'nodemailer',
fix(audit-wave-10): build-auditor fixes — CSP, server externals, healthcheck Address the highest-leverage CRITICAL/HIGH/MEDIUM items from the build-auditor that weren't already covered by Wave 1 (EMAIL_REDIRECT_TO production guard) or the existing `.dockerignore`. **C3 — socket.io in standalone trace** - Add socket.io + @socket.io/redis-adapter to serverExternalPackages in next.config so the build system sees the dependency (the custom server is the only importer, no Next route touches it). - Belt-and-braces: COPY both from the deps stage into the runner stage of Dockerfile, mirroring the audit's suggested fix. **H1 — CSP `'unsafe-inline'` in prod** - Audit recommends nonce-based scripts. Implementing nonces requires middleware that emits a per-request nonce + threading it through Next's RSC bootstrap + Server Actions. Out of scope for this wave; documented the rationale at the CSP definition so the next pass knows where to start, and noted that the in-the-wild XSS surfaces are already closed via escapeHtml/escapeUrl in the email + webhook pipelines. **H2 — NEXT_PUBLIC_APP_URL validation** - Add `NEXT_PUBLIC_APP_URL: z.string().url()` to the env schema so a missing build-time value fails validation instead of silently inlining the empty string into the client bundle and breaking multi-origin deploys. **M3 — serverExternalPackages completeness** - Add imapflow, mailparser, pdf-lib, sharp, tesseract.js, @react-pdf/renderer, unpdf — all heavy native/CJS-leaning server-only deps that should not be route-traced. **H5 — healthcheck PORT templatization** - docker-compose.{,prod.}yml: replace hardcoded `http://localhost:3000/api/health` with `${PORT:-3000}` so overriding PORT via .env doesn't put the container into a restart loop. **M9 — NODE_ENV=production in builder** - Dockerfile builder stage now sets NODE_ENV=production above `RUN pnpm build` so the prod-only branches in next.config (CSP, etc.) compile deterministically. **M7 — HEALTHCHECK directive in image** - Add image-level HEALTHCHECK to the app Dockerfile (mirrors the one in Dockerfile.worker for Redis) so the image is self-describing for non-compose orchestrators. Items already addressed prior to this wave: - C1 (.dockerignore exists, comprehensive) - C2 (EMAIL_REDIRECT_TO production refusal — Wave 1) - H4 (compose resource + log limits — already in prod compose) Tests 1315/1315 throughout. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-13 12:30:22 +02:00
'socket.io',
'@socket.io/redis-adapter',
'imapflow',
'mailparser',
'pdf-lib',
'sharp',
'tesseract.js',
'@react-pdf/renderer',
'unpdf',
Initial commit: Port Nimara CRM (Layers 0-4) Full CRM rebuild with Next.js 15, TypeScript, Tailwind, Drizzle ORM, PostgreSQL, Redis, BullMQ, MinIO, and Socket.io. Includes 461 source files covering clients, berths, interests/pipeline, documents/EOI, expenses/invoices, email, notifications, dashboard, admin, and client portal. CI/CD via Gitea Actions with Docker builds. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-26 11:52:51 +01:00
],
images: {
remotePatterns: [{ protocol: 'https', hostname: '*.portnimara.com' }],
},
chore(dev): enable Turbopack and lift typedRoutes out of experimental `pnpm dev` now runs `next dev --turbopack` (10–20× speedup vs webpack on cold compile and HMR). Promote `typedRoutes` out of `experimental` to match Next 15.5's stable surface; auto-update `next-env.d.ts` to reference the generated routes.d.ts. Ignore that file in eslint since Next regenerates it and the triple-slash style is fixed by the framework. `next.config.ts` has no custom `webpack()` hook so reverting to the plain dev server is one line if needed. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-09 04:09:56 +02:00
typedRoutes: true,
feat(eoi): in-app pathway fills the same source PDF as Documenso When the in-app pathway is used for EOI templates, we now load the same source PDF that the Documenso template uploads and fill its AcroForm fields with values from EoiContext via pdf-lib. Field names mirror the Documenso template's formValues keys exactly (Name, Email, Address, Yacht Name, Length, Width, Draft, Berth Number + Lease_10 / Purchase checkboxes), so both pathways produce equivalent legal documents — only the renderer differs. The form is left interactive (not flattened) so a recipient can still adjust values before signing. Non-EOI templates (welcome letters, acknowledgments, etc.) keep using the existing HTML→pdfme path. Adds: - pdf-lib direct dep - src/lib/pdf/fill-eoi-form.ts — load + fill helpers, EOI_TEMPLATE_PDF_PATH env override - assets/ + README documenting the expected source PDF - next.config outputFileTracingIncludes so the asset is bundled in the standalone build Tests: 8 new (4 fill-form unit + 2 source-PDF route + 2 fallback); 645/645 green. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-26 13:38:02 +02:00
outputFileTracingIncludes: {
// Bundle the EOI source PDF so the in-app EOI pathway can read it at
// runtime in the standalone build. Reading via fs.readFile from
// process.cwd() requires the file to be traced explicitly.
'/api/v1/document-templates/**': ['./assets/eoi-template.pdf'],
},
chore(documents): remove legacy /documents/files route + folder tree The /documents/files page rendered a storagePath-prefix folder tree disconnected from document_folders. Replaced by the unified hub (Task 15). 301 redirect catches stray bookmarks. file-browser-store repurposed to hold the document_folders.id selection. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-11 12:47:11 +02:00
async redirects() {
return [
{
source: '/:portSlug/documents/files',
destination: '/:portSlug/documents',
permanent: true,
},
{
source: '/:portSlug/documents/files/:path*',
destination: '/:portSlug/documents',
permanent: true,
},
];
},
fix(ops): security headers (CSP / XFO / HSTS / etc) + website_submissions retention Two audit-pass-#3 prod-readiness gaps. Security headers next.config.ts now emits CSP, X-Frame-Options=DENY, X-Content-Type-Options=nosniff, Referrer-Policy, Permissions-Policy on every response, plus HSTS in production. CSP allows the small set of inline-style/inline-script + unsafe-eval (dev-only) needed by Tailwind, Radix, and Next dev HMR; img-src/connect-src kept reasonably wide for s3.portnimara.com branding + Socket.IO. Verified via curl -I that headers ship and that the dashboard route still serves correctly. website_submissions retention Adds 'website-submissions-retention' case to the maintenance worker with a 180-day window and schedules it at 07:00 daily. Raw inquiry payloads include reCAPTCHA + IP + UA metadata; keeping them indefinitely was a privacy + storage gap that audit-pass-#3 flagged. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-06 15:16:47 +02:00
async headers() {
return [
{
source: '/:path*',
headers: securityHeaders,
},
];
},
Initial commit: Port Nimara CRM (Layers 0-4) Full CRM rebuild with Next.js 15, TypeScript, Tailwind, Drizzle ORM, PostgreSQL, Redis, BullMQ, MinIO, and Socket.io. Includes 461 source files covering clients, berths, interests/pipeline, documents/EOI, expenses/invoices, email, notifications, dashboard, admin, and client portal. CI/CD via Gitea Actions with Docker builds. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-26 11:52:51 +01:00
};
feat(deps): @sentry/nextjs error tracking (DSN-gated, dormant by default) Wires the Sentry SDK shipped-but-dormant: no-op unless `NEXT_PUBLIC_SENTRY_DSN` is set in the environment. Production opts in via the deploy env; dev + CI stay quiet. - `sentry.client.config.ts` / `sentry.server.config.ts` / `sentry.edge.config.ts` — runtime init, each guards on the DSN. - `instrumentation.ts` — Next 13.4+ instrumentation hook that lazy- imports the server + edge configs when the DSN is present. - `next.config.ts` — withSentryConfig only wraps the config when the DSN is set, so dev builds skip source-map upload + middleware injection. - `src/lib/env.ts` — added optional NEXT_PUBLIC_SENTRY_DSN + SENTRY_ENVIRONMENT + SENTRY_TRACES_SAMPLE_RATE (defaults to 0.1). Env vars to add to .env.example (blocked from this commit by the .env hook — apply manually): # Sentry (optional — SDK is a no-op without a DSN) NEXT_PUBLIC_SENTRY_DSN= SENTRY_ENVIRONMENT= # Defaults to 0.1 (10%) when unset SENTRY_TRACES_SAMPLE_RATE= Replay is opt-in only — disabled by default for now; we'd need to audit privacy implications (PII redaction, GDPR) before enabling it. Verified: tsc clean, vitest 1315/1315, next build green with DSN unset (Sentry plumbing intact, runtime no-op). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-12 22:38:18 +02:00
// Sentry wrapper is conditional: if NEXT_PUBLIC_SENTRY_DSN isn't set we
// skip its build-time source-map upload + middleware injection so dev
// builds stay fast and CI doesn't need credentials. When the DSN is
// present, withSentryConfig adds instrumentation hooks that route
// errors + traces to Sentry.
const withSentry = process.env.NEXT_PUBLIC_SENTRY_DSN
? (cfg: NextConfig) =>
withSentryConfig(cfg, {
silent: true,
widenClientFileUpload: true,
// We host on our own infra — disable Vercel-specific tunneling.
tunnelRoute: undefined,
// Strip Sentry debug logger from prod bundle.
disableLogger: true,
})
: (cfg: NextConfig) => cfg;
feat(deps): next-intl scaffold (English-only, future locale-add ready) Minimal next-intl wire-up so future i18n additions are a config change, not a code rewrite. No URL routing changes — there's no `/<locale>/` prefix because there's no second locale today. - `src/i18n/request.ts` — request-scoped locale + messages loader, hard-coded to 'en' - `messages/en.json` — common namespace with a few sample keys - `next.config.ts` — withNextIntlPlugin wraps the config - `src/app/layout.tsx` — wraps body with NextIntlClientProvider so client components can `useTranslations('common')` now When a real locale target appears (Polish for marina users, Italian for broker portal, etc.): 1. Add `messages/<locale>.json` 2. Move route folders under `app/[locale]/` to enable URL routing 3. Add a `routing.ts` with the locale list + default Verified: tsc clean, vitest 1315/1315, next build green. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-12 22:47:18 +02:00
export default withSentry(withBundleAnalyzer(withNextIntl(nextConfig)));
Reference in New Issue Copy Permalink