Matt
4b5f85cb7d
Bundles the prior session's 50-task fix sweep (Documenso v2 + EOI/signing-
progress redesign + env-to-admin migration + dev-mode banner) with the
2026-05-18 audit fix wave (3 CRITICAL, 14 HIGH, 28 MEDIUM, 6 LOW).
CRITICAL (3):
- C-01 interest-berths INNER JOIN -> LEFT JOIN so hard-deleted berths
no longer silently drop interest links
- C-02 /setup added to PUBLIC_PATHS; fresh-deploy bootstrap loop fixed
- C-03 generic PATCH /interests/[id] no longer accepts pipelineStage —
callers must go through /stage with the override-guard chain
HIGH (14/15):
- H-01 explicit ON DELETE on previously-implicit NO ACTION FKs across
interests/documents/reservations/reminders/invoices (migration 0070)
- H-02 login page reads ?redirect= param with same-origin guard
- H-03 CRM invite token moves to URL fragment so it never lands in
nginx access logs / Referer headers
- H-04 Retry-After header on sign-in-by-identifier 429 (RFC 6585 §4)
- H-05 toggleAccount writes an audit row
- H-06 upsertSetting masks any value whose key ends with _encrypted
- H-07 archiveClient cascade fires per-interest audit rows
- H-08 createSalesTransporter applies SMTP_TIMEOUTS
- H-09 AppShell stable children — viewport flip across breakpoint no
longer destroys in-progress form drafts
- H-10 portal documents page swaps Unicode glyph status icons for
Lucide CheckCircle2/XCircle/Circle + aria-labels
- H-12 list components swap alert(...) for toast.warning(...)
- H-13 5 icon-only buttons gain aria-label
- H-14 parseBody treats empty bodies as {}
- H-15 admin layout renders a 403 panel instead of silent bounce
- H-11 not applicable — mobile-search-overlay IS a mobile bottom-sheet
MEDIUM (28+):
- M-MT01-05 defense-in-depth port_id/parent-id filters on UPDATE/DELETE
WHEREs across custom-fields, notes (all 6 entity types x update +
delete), client-contacts, yacht ownerClient lookup, webhook reads
- M-D01 documents-hub realtime event-name typo (file:created -> uploaded)
- M-EM01 portal-auth emails thread through portId
- M-EM02 sendEmail accepts cc/bcc params
- M-EM04 notification_digest catalog key
- M-IN01 portal presigned download URLs use 4h TTL
- M-IN02 OpenAI client lazy-instantiated
- M-IN04 stale pdfme refs updated to pdf-lib AcroForm
- M-IN05 umami.testConnection returns tagged union
- M-L01 reservations tenure_type unified with berths
- M-L02 report-generators canonicalize stage values
- M-AU01 audit log placeholder copy fixed
- M-AU04 outcome_set / outcome_cleared distinct audit verbs
- M-NEW-2 activity feed entity name+type separator
- M-R01 portal allowlist narrowed + portal_session backstop in proxy
- M-SC02 companies archived partial index
- M-SC04 audit_logs.searchText documented as DB-managed
- M-S01 storage_s3_access_key_encrypted admin field
- M-U01 audit log empty state uses <EmptyState>
- M-U09 invoice delete dialog -> <AlertDialog>
- M-U10 toast.success on ClientForm + InterestForm create/edit
- M-U11 settings-form-card logo preview alt text
- M-U14 mobile topbar title on clients/yachts/interests/berths
- M-U15 Invoices in mobile More-sheet
LOW (6/8):
- L-AU01 severity defaults for security-relevant verbs
- L-AU02 +13 missing actions in admin audit filter
- L-AU03 +7 missing entity types in admin audit filter
- L-AU04 dead listAuditLogs stubbed
- L-D02 CLAUDE.md Owner-wins chain tightened
Bonus — Document detail polish (#67 partial, 3/6 deliverables):
- state-aware action button per signer
- watcher Add UI with display-name resolution
- cleanSignerName cleanup
Prior session work bundled in:
- Documenso v2 webhook + envelope-ID normalization + sequential signing
- SigningProgress UI redesign (avatars, per-signer state, timestamps)
- env->admin settings registry + RegistryDrivenForm + encrypted creds
- Embedded-signing card + Test connection + setup help
- Dev-mode EMAIL_REDIRECT_TO banner
- Pipeline rules admin page
- Sales email config card
- Audit log details Sheet
- EOI tab: Finalising badge, absolute timestamps, sequential indicator
- Notes pipeline_stage_at_creation (migration 0069)
- Documenso numeric ID dual-key webhook (migration 0068)
- Dimensions criterion copy (migration 0067)
Tests: 1374/1374 vitest pass. tsc clean. lint clean.
See docs/AUDIT-FIX-WAVE-2026-05-18.md for the full progress report and
the user-input items still pending.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
69 lines
3.2 KiB
TypeScript
69 lines
3.2 KiB
TypeScript
import { pgTable, text, timestamp, index, uniqueIndex } from 'drizzle-orm/pg-core';
|
|
import { sql } from 'drizzle-orm';
|
|
import { ports } from './ports';
|
|
import { berths } from './berths';
|
|
import { clients } from './clients';
|
|
import { yachts } from './yachts';
|
|
import { interests } from './interests';
|
|
import { files } from './documents';
|
|
|
|
export const berthReservations = pgTable(
|
|
'berth_reservations',
|
|
{
|
|
id: text('id')
|
|
.primaryKey()
|
|
.$defaultFn(() => crypto.randomUUID()),
|
|
// H-01: reservations are the canonical "who occupies a berth right
|
|
// now" record; RESTRICT on every parent FK keeps an ad-hoc DB-side
|
|
// hard-delete from leaving a reservation pointing at a missing
|
|
// berth/client/yacht. Interest is nullable + SET NULL because a
|
|
// reservation legitimately outlives the originating deal.
|
|
berthId: text('berth_id')
|
|
.notNull()
|
|
.references(() => berths.id, { onDelete: 'restrict' }),
|
|
portId: text('port_id')
|
|
.notNull()
|
|
.references(() => ports.id, { onDelete: 'restrict' }),
|
|
clientId: text('client_id')
|
|
.notNull()
|
|
.references(() => clients.id, { onDelete: 'restrict' }),
|
|
yachtId: text('yacht_id')
|
|
.notNull()
|
|
.references(() => yachts.id, { onDelete: 'restrict' }),
|
|
interestId: text('interest_id').references(() => interests.id, { onDelete: 'set null' }),
|
|
status: text('status').notNull(), // 'pending' | 'active' | 'ended' | 'cancelled'
|
|
startDate: timestamp('start_date', { withTimezone: true, mode: 'date' }).notNull(),
|
|
endDate: timestamp('end_date', { withTimezone: true, mode: 'date' }),
|
|
// M-L01: canonical tenure_type union is
|
|
// `permanent | fixed_term | fee_simple | strata_lot | seasonal`
|
|
// (kept in sync with berths.tenure_type). 'seasonal' is reservation-
|
|
// specific (winter haul-out etc.); the others mirror the berth's
|
|
// own tenure shape. Configurable via the per-port vocabulary at
|
|
// /admin/vocabularies (key: berth_tenure_types).
|
|
tenureType: text('tenure_type').notNull().default('permanent'),
|
|
contractFileId: text('contract_file_id').references(() => files.id, { onDelete: 'set null' }),
|
|
notes: text('notes'),
|
|
createdBy: text('created_by').notNull(),
|
|
createdAt: timestamp('created_at', { withTimezone: true }).notNull().defaultNow(),
|
|
updatedAt: timestamp('updated_at', { withTimezone: true }).notNull().defaultNow(),
|
|
},
|
|
(table) => [
|
|
index('idx_br_berth').on(table.berthId),
|
|
index('idx_br_client').on(table.clientId),
|
|
index('idx_br_yacht').on(table.yachtId),
|
|
index('idx_br_port').on(table.portId),
|
|
// Cover the FKs Postgres doesn't auto-index. Without these, deleting
|
|
// (or restrict-checking) the parent interest / contract file row
|
|
// requires a full scan of berth_reservations. (idx_br_interest is
|
|
// already used by berth_recommendations — namespace this one.)
|
|
index('idx_brr_interest').on(table.interestId),
|
|
index('idx_brr_contract_file').on(table.contractFileId),
|
|
uniqueIndex('idx_br_active')
|
|
.on(table.berthId)
|
|
.where(sql`${table.status} = 'active'`),
|
|
],
|
|
);
|
|
|
|
export type BerthReservation = typeof berthReservations.$inferSelect;
|
|
export type NewBerthReservation = typeof berthReservations.$inferInsert;
|