Migrated templates to use shared pagination macro:
- companies.html, users.html, vendors.html, code-quality-violations.html
Added noqa comments for templates with custom pagination variables:
- marketplace.html (page/limit/totalJobs)
- imports.html (page/limit/totalJobs)
- logs.html (filters.skip/limit/totalLogs)
- login.html (inline spinner SVG for loading state)
Also updated validate_architecture.py to:
- Support noqa: FE-001 comments for custom pagination
- Support noqa: FE-002 comments for intentional inline SVGs
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Update admin components page with documentation for:
- New Macros section listing all available shared macros with imports
- Pagination section with live interactive examples
- Copy-to-clipboard functionality for code snippets
- Dark mode support for all new sections
This serves as a living style guide for developers implementing
new admin pages using the shared component library.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Update pagination in code-quality-violations to match companies/vendors:
- Add numbered page buttons with ellipsis for large page counts
- Add startIndex and endIndex computed properties
- Add goToPage(pageNum) method for direct page navigation
- Use consistent grid layout (col-span-3, col-span-9)
This standardizes pagination UI across all admin tables.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Sidebar sections can now be collapsed/expanded by clicking the header.
State is persisted to localStorage so sections remain open/closed
across page navigation and browser sessions.
Changes:
- init-alpine.js: Added openSections state, toggleSection(),
expandSectionForCurrentPage(), and localStorage helpers
- sidebar.html: Refactored with Jinja2 macros for DRY code,
added collapsible sections with CSS transitions and rotating
chevron icons
Features:
- Click section header to toggle expand/collapse
- Chevron rotates 180 degrees when expanded
- Smooth CSS transitions (no extra Alpine plugins needed)
- State persists in localStorage (admin_sidebar_sections key)
- Default: Platform Administration open, others closed
- Dashboard and Settings always visible (not collapsible)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Contact fields now look consistent with other fields (like Letzshop URLs).
The "(from company)" label still indicates inheritance status.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added company_business_address and company_tax_number to:
- VendorDetailResponse schema
- API response builder
Template now shows actual company values as placeholders instead of
generic "Using company address/tax number" text.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Fixed the inheritance UI to be based on formData content rather than
stale server state (vendor._inherited flags):
- "(from company)" shows when formData field is empty
- "Reset" shows when formData field has a value
- Purple border shows when formData field is empty
- formData initialization: empty for inherited, actual value for overrides
This ensures each field's UI is independent and reactive to user input.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Add UI for vendor contact field inheritance from company:
- Show "(from company)" indicator for inherited fields
- Add "Reset" button per field to clear override
- Add "Reset All to Company" button for bulk reset
- Purple border styling for inherited fields
- Dynamic placeholder showing company values
JavaScript methods:
- resetFieldToCompany(fieldName): Reset individual field
- resetAllContactToCompany(): Reset all contact fields
- hasAnyContactOverride(): Check if any field is overridden
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- seed_demo.py: Change company owner role from "user" to "vendor"
- header.html: Update header partial styling/content
- marketplace.js: Minor JS updates
- marketplace.html: Template updates
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Companies and Vendors pages now use server-side pagination:
- Moved from client-side to server-side pagination
- Added search with debounced input
- Added status and verification filters
- Added pagination state object (page, per_page, total, pages)
- Added pageNumbers computed with ellipsis support
- Updated templates with search bar and filter dropdowns
Benefits:
- Better performance with large datasets
- Consistent UX across all admin list pages
- Reduced initial page load time
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
API endpoints (app/api/v1/admin/users.py):
- GET /users: Paginated list with search and filters
- POST /users: Create new user
- GET /users/{id}: Get user details with related counts
- PUT /users/{id}: Update user information
- PUT /users/{id}/status: Toggle active status
- DELETE /users/{id}: Delete user (with ownership check)
Pydantic schemas (models/schema/auth.py):
- UserCreate: For creating new users
- UserUpdate: For updating user information
- UserDetailResponse: Extended user details with counts
- UserListResponse: Paginated list response
Frontend:
- Updated users.html with server-side pagination and filters
- New user-create.html/js for user creation form
- New user-detail.html/js for viewing user details
- New user-edit.html/js for editing users
Routes added for user create, detail, and edit pages.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Add vendor-create.html template:
- Company dropdown with dynamic loading
- Vendor code and subdomain fields with auto-generation
- Name, description, and optional marketplace CSV URL fields
- Extends admin/base.html with proper layout
Add vendor-create.js:
- Uses centralized logger (vendorCreateLog)
- Alpine.js component for form handling
- Company loading from API
- Subdomain auto-generation from vendor name
- Form submission with validation
Route was already defined in admin_pages.py.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add "View Parent Company" button in More Actions section
- Show parent company name in info text
- Add deleteVendor function to vendor-edit.js
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add company-detail.html with status cards, info sections, vendors list
- Add company-edit.html with transfer ownership modal
- Add company-detail.js and company-edit.js
- Add user search autocomplete for transfer ownership
- Add inline validation errors for transfer form
- Add View button to companies list page
- Add route for /admin/companies/{id} detail page
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Create companies list page with stats (total, verified, active, vendor count)
- Add company creation form with owner account generation
- Implement companies.js with full CRUD operations (list, create, edit, delete)
- Add Companies menu item to admin sidebar (desktop + mobile)
- Create company admin page routes (/admin/companies, /admin/companies/create)
- Register companies API router in admin __init__.py
Features:
- List all companies with pagination
- Create company with automatic owner user creation
- Display temporary password for new owner accounts
- Edit company information
- Delete company (only if no vendors)
- Toggle active/verified status
- Show vendor count per company
UI Components:
- Stats cards (total companies, verified, active, total vendors)
- Company table with status badges
- Create form with validation
- Success/error messaging
- Responsive design with dark mode support
Problem:
- Accessing /admin/code-quality/violations/{id} returned 500 error
- TemplateNotFound: 'admin/code-quality-violation-detail.html'
- Route existed but template file was missing
Solution:
Created complete violation detail template with:
Features:
- Displays violation details (severity, status, rule, file, line)
- Shows code context and suggestions
- Status management (open, assigned, resolved, ignored)
- Assignment to users
- Comment system for collaboration
- Alpine.js component for API integration
- Loading and error states
- Proper dark mode support
Template Structure:
- Extends admin/base.html
- Uses codeQualityViolationDetail(violationId) Alpine component
- Loads violation data via API on init
- Interactive status updates and comments
- Breadcrumb navigation back to violations list
API Endpoints Used:
- GET /api/v1/admin/code-quality/violations/{id}
- PATCH /api/v1/admin/code-quality/violations/{id}/status
- PATCH /api/v1/admin/code-quality/violations/{id}/assign
- POST /api/v1/admin/code-quality/violations/{id}/comments
Now violation detail page loads successfully.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Implement comprehensive code quality dashboard (Phase 2-4) to track and manage
architecture violations found by the validation script.
Backend Implementation:
- Add JSON output support to validate_architecture.py script
- Create CodeQualityService with scan management, violation tracking, and statistics
- Implement REST API endpoints for code quality management:
* POST /admin/code-quality/scan - trigger new architecture scan
* GET /admin/code-quality/scans - list scan history
* GET /admin/code-quality/violations - list violations with filtering/pagination
* GET /admin/code-quality/violations/{id} - get violation details
* POST /admin/code-quality/violations/{id}/assign - assign to developer
* POST /admin/code-quality/violations/{id}/resolve - mark as resolved
* POST /admin/code-quality/violations/{id}/ignore - mark as ignored
* POST /admin/code-quality/violations/{id}/comments - add comments
* GET /admin/code-quality/stats - dashboard statistics
- Fix architecture_scan model imports to use app.core.database
Frontend Implementation:
- Create code quality dashboard page (code-quality-dashboard.html)
* Summary cards for total violations, errors, warnings, health score
* Status breakdown (open, assigned, resolved, ignored)
* Trend visualization for last 7 scans
* Top violating files list
* Violations by rule and module
* Quick action links
- Create violations list page (code-quality-violations.html)
* Filterable table by severity, status, rule ID, file path
* Pagination support
* Violation detail view links
- Add Alpine.js components (code-quality-dashboard.js, code-quality-violations.js)
* Dashboard state management and scan triggering
* Violations list with filtering and pagination
* API integration with authentication
- Add "Code Quality" navigation link in admin sidebar (Developer Tools section)
Routes:
- GET /admin/code-quality - dashboard page
- GET /admin/code-quality/violations - violations list
- GET /admin/code-quality/violations/{id} - violation details
Features:
- Real-time scan execution from UI
- Technical debt score calculation (0-100 scale)
- Violation workflow: open → assigned → resolved/ignored
- Trend tracking across multiple scans
- File and module-level insights
- Assignment system with priorities and due dates
- Collaborative comments on violations
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Implemented automated architecture validation to enforce design decisions:
Architecture Validation System:
- Created .architecture-rules.yaml with comprehensive rule definitions
- Implemented validate_architecture.py script with AST-based validation
- Added pre-commit hook configuration for automatic validation
- Comprehensive documentation in docs/architecture/architecture-patterns.md
Key Design Rules Enforced:
- API-001 to API-004: API endpoint patterns (Pydantic models, no business logic, exception handling, auth)
- SVC-001 to SVC-004: Service layer patterns (domain exceptions, db session params, no HTTP concerns)
- MDL-001 to MDL-002: Model separation (SQLAlchemy vs Pydantic)
- EXC-001 to EXC-002: Exception handling (custom exceptions, no bare except)
- JS-001 to JS-003: JavaScript patterns (apiClient, logger, Alpine components)
- TPL-001: Template patterns (extend base.html)
Features:
- Validates separation of concerns (routes vs services vs models)
- Enforces proper exception handling (domain exceptions in services, HTTP in routes)
- Checks database session patterns and Pydantic model usage
- JavaScript and template validation
- Detailed error reporting with suggestions
- Integration with pre-commit hooks and CI/CD
UI Fix:
- Fixed icon names in content-pages.html (pencil→edit, trash→delete)
Documentation:
- Added architecture patterns guide with examples
- Created scripts/README.md for validator usage
- Updated mkdocs.yml with architecture documentation
- Built and verified documentation successfully
Usage:
python scripts/validate_architecture.py # Validate all
python scripts/validate_architecture.py --verbose # With details
python scripts/validate_architecture.py --errors-only # Errors only
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Add self-hosted Inter font files to ensure application works offline
and reduce dependency on external CDN (Google Fonts).
Problem:
- Google Fonts (fonts.googleapis.com) fails when no internet connection
- Application shows NS_ERROR_UNKNOWN_HOST errors
- Font rendering falls back to system fonts, breaking design consistency
Solution:
- Download Inter font files (weights 400, 500, 600, 700, 800) from Google Fonts
- Host locally in static/shared/fonts/inter/
- Create inter.css with @font-face declarations
- Update all templates to load local fonts FIRST, then Google Fonts as fallback
Files Added:
- static/shared/fonts/inter.css (font-face declarations)
- static/shared/fonts/inter/inter-400.ttf (318KB - Regular)
- static/shared/fonts/inter/inter-500.ttf (318KB - Medium)
- static/shared/fonts/inter/inter-600.ttf (319KB - Semi-bold)
- static/shared/fonts/inter/inter-700.ttf (319KB - Bold)
- static/shared/fonts/inter/inter-800.ttf (320KB - Extra-bold)
Templates Updated (7 files):
- app/templates/admin/base.html
- app/templates/admin/login.html
- app/templates/vendor/base.html
- app/templates/vendor/login.html
- app/templates/shop/account/login.html
- app/templates/shop/account/register.html
- app/templates/shop/account/forgot-password.html
Font Loading Strategy:
1. Load local fonts first (always available, fast)
2. Load Google Fonts second (better quality when online)
3. Browser uses first available source
Example change:
Before:
<link href="https://fonts.googleapis.com/css2?family=Inter..." />
After:
<link href="/static/shared/fonts/inter.css" rel="stylesheet" />
<link href="https://fonts.googleapis.com/css2?family=Inter..." />
Benefits:
- ✅ Works offline without font loading errors
- ✅ Faster initial load (local fonts, no DNS lookup)
- ✅ Reduced external dependencies
- ✅ Consistent typography even when CDN is down
- ✅ Still uses Google Fonts when available (higher quality)
- ✅ Total size: ~1.6MB (reasonable for 5 font weights)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Implement secure customer authentication system with dedicated JWT tokens,
separate from admin/vendor authentication.
Backend Changes:
- Add customer JWT token support in deps.py
- New get_current_customer_from_cookie_or_header dependency
- Validates customer-specific tokens with type checking
- Returns Customer object instead of User for shop routes
- Extend AuthService with customer token support
- Add verify_password() method
- Add create_access_token_with_data() for custom token payloads
- Update CustomerService authentication
- Generate customer-specific JWT tokens with type="customer"
- Use vendor-scoped customer lookup
- Enhance exception handler
- Sanitize validation errors to prevent password leaks in logs
- Fix shop login redirect to support multi-access routing
- Improve vendor context detection from Referer header
- Consistent "path" detection method for cookie path logic
Schema Changes:
- Rename UserLogin.username to email_or_username for flexibility
- Update field validators accordingly
API Changes:
- Update admin/vendor auth endpoints to use email_or_username
- Customer auth already uses email field correctly
Route Changes:
- Update shop account routes to use Customer dependency
- Add /account redirect (without trailing slash)
- Change parameter names from current_user to current_customer
Frontend Changes:
- Update login forms to use email_or_username in API calls
- Change button text from "Log in" to "Sign in" for consistency
- Improve loading spinner layout with flexbox
Security Improvements:
- Customer tokens scoped to vendor_id
- Token type validation prevents cross-context token usage
- Password inputs redacted from validation error logs
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
