npm - @nexttylabs/echo - Versions diffs - 0.3.0 → 0.5.0 - Mend

@nexttylabs/echo 0.3.0 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (248) hide show

package/CHANGELOG.md +25 -0
package/app/(public)/[organizationSlug]/roadmap/page.tsx +19 -1
package/app/api/admin/backup/route.ts +22 -4
package/app/api/auth/register/handler.ts +1 -2
package/lib/auth/config.ts +0 -7
package/lib/db/migrations/0000_needy_leech.sql +335 -0
package/lib/db/migrations/meta/0000_snapshot.json +2186 -1
package/lib/db/migrations/meta/_journal.json +2 -135
package/lib/db/schema/auth.ts +0 -1
package/lib/db/schema/index.ts +0 -1
package/lib/portal/public-context.tsx +5 -0
package/package.json +20 -1
package/.changeset/README.md +0 -21
package/.changeset/config.json +0 -11
package/.changeset/cozy-ghosts-care.md +0 -5
package/.changeset/sharp-lines-stand.md +0 -5
package/.changeset/sour-doodles-eat.md +0 -5
package/.changeset/tender-moose-shop.md +0 -5
package/.github/pull_request_template.md +0 -13
package/.github/workflows/ci.yml +0 -41
package/.github/workflows/publish.yml +0 -44
package/.github/workflows/release.yml +0 -73
package/AGENTS.md +0 -92
package/Dockerfile +0 -57
package/Makefile +0 -77
package/app/api/internal/domain-lookup/route.ts +0 -67
package/bun.lock +0 -2503
package/components/portal/project-switcher.tsx +0 -20
package/docker-compose.dev.yml +0 -26
package/docker-compose.yml +0 -98
package/docs/architecture.md +0 -259
package/docs/component-inventory.md +0 -261
package/docs/database-migrations.md +0 -76
package/docs/development-guide.md +0 -209
package/docs/e2e-user-flows.csv +0 -31
package/docs/er-diagram-feedback.mmd +0 -138
package/docs/er-diagram.mmd +0 -281
package/docs/i18n-check-report.md +0 -296
package/docs/index.md +0 -214
package/docs/logic-chain.md +0 -94
package/docs/plans/2026-01-02-database-migration-scripts.md +0 -496
package/docs/plans/2026-01-02-user-login-design.md +0 -37
package/docs/plans/2026-01-02-user-login.md +0 -437
package/docs/plans/2026-01-02-user-registration-design.md +0 -47
package/docs/plans/2026-01-02-user-registration.md +0 -628
package/docs/plans/2026-01-03-roles-permissions-design.md +0 -20
package/docs/plans/2026-01-03-roles-permissions.md +0 -266
package/docs/plans/2026-01-05-authentication-middleware.md +0 -207
package/docs/plans/2026-01-05-member-removal.md +0 -186
package/docs/plans/2026-01-05-organization-creation.md +0 -374
package/docs/plans/2026-01-05-rbac-middleware.md +0 -112
package/docs/plans/2026-01-05-role-configuration.md +0 -441
package/docs/plans/2026-01-06-file-upload-support.md +0 -804
package/docs/plans/2026-01-06-permission-check-hook.md +0 -155
package/docs/plans/2026-01-06-resource-ownership-check.md +0 -231
package/docs/plans/2026-01-07-feedback-tracking-link.md +0 -459
package/docs/plans/2026-01-09-logout-redirect-design.md +0 -52
package/docs/plans/2026-01-09-phase2-3-plan.md +0 -654
package/docs/plans/2026-01-09-portal-execution-plan.md +0 -408
package/docs/plans/2026-01-09-project-delete-feature-design.md +0 -163
package/docs/plans/2026-01-09-project-delete-implementation.md +0 -451
package/docs/plans/2026-01-09-project-edit-delete-design.md +0 -52
package/docs/plans/2026-01-09-settings-center-design.md +0 -114
package/docs/plans/2026-01-09-settings-center.md +0 -948
package/docs/plans/2026-01-10-organization-only-design.md +0 -66
package/docs/plans/2026-01-10-organization-only-implementation.md +0 -433
package/docs/plans/2026-01-10-portal-settings-restructure-plan.md +0 -18
package/docs/plans/2026-01-10-project-settings-tabs-design-implementation.md +0 -296
package/docs/plans/2026-01-14-e2e-playwright-feedback.md +0 -173
package/docs/plans/2026-01-15-feedback-management-org-context-design.md +0 -82
package/docs/plans/2026-01-15-feedback-management-org-context-implementation-plan.md +0 -521
package/docs/plans/2026-01-16-admin-feedback-filters-design.md +0 -75
package/docs/plans/2026-01-16-admin-feedback-filters-implementation.md +0 -293
package/docs/plans/2026-01-16-admin-feedback-route-consolidation.md +0 -180
package/docs/plans/2026-01-16-e2e-test-fixes.md +0 -158
package/docs/plans/2026-01-17-admin-feedback-filters.md +0 -214
package/docs/plans/2026-01-17-admin-feedback-improvements.md +0 -453
package/docs/plans/2026-01-18-changesets-design.md +0 -40
package/docs/product_changes.md +0 -37
package/docs/project-overview.md +0 -159
package/docs/project-scan-report.json +0 -104
package/docs/route-role-visibility.md +0 -51
package/docs/source-tree-analysis.md +0 -150
package/docs/testing/delete-project-manual-tests.md +0 -18
package/docs/user-story-tracking.md +0 -191
package/eslint.config.mjs +0 -19
package/lib/db/migrations/.gitkeep +0 -0
package/lib/db/migrations/0000_cynical_gladiator.sql +0 -53
package/lib/db/migrations/0001_wandering_sunfire.sql +0 -27
package/lib/db/migrations/0002_shallow_speedball.sql +0 -1
package/lib/db/migrations/0003_add_org_description.sql +0 -1
package/lib/db/migrations/0003_boring_wild_pack.sql +0 -13
package/lib/db/migrations/0004_windy_tyrannus.sql +0 -27
package/lib/db/migrations/0005_perpetual_doorman.sql +0 -5
package/lib/db/migrations/0006_aberrant_captain_midlands.sql +0 -13
package/lib/db/migrations/0007_clever_captain_cross.sql +0 -14
package/lib/db/migrations/0008_sparkling_pandemic.sql +0 -2
package/lib/db/migrations/0009_happy_black_tom.sql +0 -29
package/lib/db/migrations/0010_kind_junta.sql +0 -8
package/lib/db/migrations/0011_mute_squadron_supreme.sql +0 -25
package/lib/db/migrations/0012_giant_power_man.sql +0 -24
package/lib/db/migrations/0013_damp_titanium_man.sql +0 -17
package/lib/db/migrations/0014_blue_alice.sql +0 -18
package/lib/db/migrations/0015_webhook_tables.sql +0 -41
package/lib/db/migrations/0016_github_integration.sql +0 -30
package/lib/db/migrations/0016_overjoyed_ghost_rider.sql +0 -22
package/lib/db/migrations/0017_slimy_inhumans.sql +0 -6
package/lib/db/migrations/0018_same_spitfire.sql +0 -1
package/lib/db/migrations/0019_jittery_loners.sql +0 -16
package/lib/db/migrations/0019_remove_projects_add_org_settings.sql +0 -14
package/lib/db/migrations/meta/0001_snapshot.json +0 -553
package/lib/db/migrations/meta/0002_snapshot.json +0 -560
package/lib/db/migrations/meta/0003_snapshot.json +0 -650
package/lib/db/migrations/meta/0004_snapshot.json +0 -852
package/lib/db/migrations/meta/0005_snapshot.json +0 -900
package/lib/db/migrations/meta/0006_snapshot.json +0 -1011
package/lib/db/migrations/meta/0007_snapshot.json +0 -1125
package/lib/db/migrations/meta/0008_snapshot.json +0 -1146
package/lib/db/migrations/meta/0009_snapshot.json +0 -1386
package/lib/db/migrations/meta/0010_snapshot.json +0 -1419
package/lib/db/migrations/meta/0011_snapshot.json +0 -1615
package/lib/db/migrations/meta/0012_snapshot.json +0 -1805
package/lib/db/migrations/meta/0013_snapshot.json +0 -1948
package/lib/db/migrations/meta/0014_snapshot.json +0 -2082
package/lib/db/migrations/meta/0015_snapshot.json +0 -2476
package/lib/db/migrations/meta/0016_snapshot.json +0 -2633
package/lib/db/migrations/meta/0017_snapshot.json +0 -2680
package/lib/db/migrations/meta/0018_snapshot.json +0 -2686
package/lib/db/migrations/meta/0019_snapshot.json +0 -2741
package/lib/db/schema/projects.ts +0 -145
package/lib/db/schema/user-profiles.ts +0 -31
package/lib/validations/projects.ts +0 -49
package/next-env.d.ts +0 -6
package/playwright.config.ts +0 -44
package/proxy.test.ts +0 -131
package/proxy.ts +0 -190
package/scripts/backup-db.sh +0 -57
package/scripts/backup-db.ts +0 -24
package/scripts/generate-openapi.ts +0 -22
package/scripts/migration-helper.ts +0 -39
package/scripts/pre-deploy.ts +0 -75
package/scripts/restore-db.sh +0 -60
package/scripts/rollback.ts +0 -72
package/scripts/seed-tags.ts +0 -48
package/tests/api/feedback-bulk.test.ts +0 -47
package/tests/api/feedback-by-id.test.ts +0 -67
package/tests/api/feedback-comments-route-import.test.ts +0 -26
package/tests/api/feedback-create.test.ts +0 -71
package/tests/api/feedback-delete.test.ts +0 -160
package/tests/api/feedback-filter.test.ts +0 -250
package/tests/api/feedback-list.test.ts +0 -234
package/tests/api/feedback-route-assignee-condition.test.ts +0 -32
package/tests/api/feedback-similar.test.ts +0 -46
package/tests/api/feedback-sort.test.ts +0 -261
package/tests/api/feedback-status-enum.test.ts +0 -49
package/tests/api/feedback-status-filter.test.ts +0 -117
package/tests/api/feedback-submit-on-behalf.test.ts +0 -269
package/tests/api/feedback.test.ts +0 -175
package/tests/api/identify-jwt.test.ts +0 -25
package/tests/api/invitation-accept.test.ts +0 -213
package/tests/api/organization-invitations.test.ts +0 -186
package/tests/api/organization-members-list.test.ts +0 -79
package/tests/api/organization-members.test.ts +0 -340
package/tests/api/organizations.test.ts +0 -149
package/tests/api/register.test.ts +0 -112
package/tests/api/upload.test.ts +0 -103
package/tests/api/vote.test.ts +0 -82
package/tests/app/admin-feedback-detail-page.test.tsx +0 -25
package/tests/app/admin-feedback-list-page.test.tsx +0 -25
package/tests/app/admin-feedback-new-page.test.tsx +0 -25
package/tests/app/health-route-helpers.test.ts +0 -27
package/tests/app/login-page.test.ts +0 -26
package/tests/app/portal-page.test.ts +0 -29
package/tests/app/project-portal-overview.test.tsx +0 -25
package/tests/app/widget-page-import.test.ts +0 -25
package/tests/components/create-post-dialog-defaults.test.ts +0 -43
package/tests/components/feedback/duplicate-suggestions-inline.test.tsx +0 -27
package/tests/components/feedback/embedded-feedback-form.test.tsx +0 -96
package/tests/components/feedback/feedback-detail.test.tsx +0 -25
package/tests/components/feedback/feedback-stats.test.tsx +0 -49
package/tests/components/feedback-bulk-actions.test.tsx +0 -39
package/tests/components/feedback-i18n-keys.test.ts +0 -70
package/tests/components/feedback-list-controls-compile.test.ts +0 -25
package/tests/components/feedback-list-controls.test.tsx +0 -204
package/tests/components/feedback-list-item.test.tsx +0 -67
package/tests/components/landing/hero.test.tsx +0 -46
package/tests/components/layout/language-switcher.test.tsx +0 -25
package/tests/components/layout/sidebar.test.tsx +0 -157
package/tests/components/login-form.test.ts +0 -25
package/tests/components/organization-form.test.ts +0 -32
package/tests/components/organization-switcher.test.ts +0 -25
package/tests/components/pagination.test.tsx +0 -43
package/tests/components/portal-overview.test.tsx +0 -25
package/tests/components/profile-form.test.tsx +0 -139
package/tests/components/role-selector.test.ts +0 -31
package/tests/components/status-chart.test.tsx +0 -90
package/tests/e2e/auth.e2e.ts +0 -323
package/tests/e2e/feedback-actions.e2e.ts +0 -471
package/tests/e2e/feedback-attachment.e2e.ts +0 -168
package/tests/e2e/feedback-customer.e2e.ts +0 -226
package/tests/e2e/feedback-management.e2e.ts +0 -565
package/tests/e2e/feedback-submit.e2e.ts +0 -133
package/tests/e2e/feedback-view.e2e.ts +0 -297
package/tests/e2e/fixtures/test-data.ts +0 -235
package/tests/e2e/health-check.e2e.ts +0 -230
package/tests/e2e/helpers/test-utils-helpers.test.ts +0 -43
package/tests/e2e/helpers/test-utils.ts +0 -298
package/tests/e2e/integration-placeholders.e2e.ts +0 -199
package/tests/e2e/organization.e2e.ts +0 -292
package/tests/e2e/permissions.e2e.ts +0 -424
package/tests/e2e/project-widget.e2e.ts +0 -63
package/tests/feedback/filters.test.ts +0 -29
package/tests/hooks/use-permissions.test.ts +0 -52
package/tests/lib/ai/classifier.test.ts +0 -104
package/tests/lib/ai/duplicate-detector.test.ts +0 -234
package/tests/lib/attachments-schema.test.ts +0 -30
package/tests/lib/auth/session.test.ts +0 -49
package/tests/lib/auth-client.test.ts +0 -37
package/tests/lib/auth-config.test.ts +0 -26
package/tests/lib/feedback-prefill.test.ts +0 -52
package/tests/lib/feedback-processor.test.ts +0 -41
package/tests/lib/feedback-schema.test.ts +0 -33
package/tests/lib/file-validator.test.ts +0 -48
package/tests/lib/get-feedback-by-id.test.ts +0 -37
package/tests/lib/invitations.test.ts +0 -35
package/tests/lib/login-schema.test.ts +0 -36
package/tests/lib/org-context.test.ts +0 -95
package/tests/lib/organization-access.test.ts +0 -44
package/tests/lib/organization-member-role-schema.test.ts +0 -41
package/tests/lib/permissions.test.ts +0 -88
package/tests/lib/portal-analytics.test.ts +0 -25
package/tests/lib/portal-contributors.test.ts +0 -25
package/tests/lib/portal-copy.test.ts +0 -27
package/tests/lib/portal-i18n.test.ts +0 -30
package/tests/lib/portal-leaderboard-settings.test.ts +0 -25
package/tests/lib/portal-modules.test.ts +0 -25
package/tests/lib/portal-seo.test.ts +0 -25
package/tests/lib/portal-sharing.test.ts +0 -25
package/tests/lib/portal-sorting.test.ts +0 -25
package/tests/lib/portal-theme.test.ts +0 -25
package/tests/lib/rate-limit.test.ts +0 -142
package/tests/lib/resolve-locale.test.ts +0 -34
package/tests/lib/services/backup.test.ts +0 -145
package/tests/lib/user-organizations.test.ts +0 -42
package/tests/lib/user-role-schema.test.ts +0 -33
package/tests/lib/user-schema.test.ts +0 -25
package/tests/setup.ts +0 -74
package/vercel.json +0 -4

package/docs/plans/2026-01-03-roles-permissions.md DELETED Viewed

@@ -1,266 +0,0 @@
-# Roles and Permissions Implementation Plan
-> **For Claude:** REQUIRED SUB-SKILL: Use superpowers:executing-plans to implement this plan task-by-task.
-**Goal:** Add a minimal RBAC module with a `customer` role and keep user schema and validation aligned with the role model.
-**Architecture:** Implement a pure RBAC helper module in `lib/auth/permissions.ts`, update Drizzle `user` table schema to include a `role` column with default `customer`, and add a Zod role schema in `lib/validations/auth.ts`. Cover behavior with focused bun tests.
-**Tech Stack:** Next.js, TypeScript, Bun test runner, Drizzle ORM, Zod.
-### Task 1: Permissions tests
-**Files:**
-- Create: `tests/lib/permissions.test.ts`
-**Step 1: Write the failing test**
-```typescript
-import { describe, expect, it } from "bun:test";
-import {
-  PERMISSIONS,
-  ROLE_PERMISSIONS,
-  hasPermission,
-  canSubmitOnBehalf,
-} from "@/lib/auth/permissions";
-describe("permissions", () => {
-  it("maps roles to expected permissions", () => {
-    expect(ROLE_PERMISSIONS.admin).toEqual(
-      expect.arrayContaining([
-        PERMISSIONS.CREATE_FEEDBACK,
-        PERMISSIONS.SUBMIT_ON_BEHALF,
-        PERMISSIONS.DELETE_FEEDBACK,
-        PERMISSIONS.MANAGE_ORG,
-      ]),
-    );
-    expect(ROLE_PERMISSIONS.product_manager).toEqual(
-      expect.arrayContaining([
-        PERMISSIONS.CREATE_FEEDBACK,
-        PERMISSIONS.SUBMIT_ON_BEHALF,
-        PERMISSIONS.DELETE_FEEDBACK,
-      ]),
-    );
-    expect(ROLE_PERMISSIONS.developer).toEqual(
-      expect.arrayContaining([PERMISSIONS.CREATE_FEEDBACK]),
-    );
-    expect(ROLE_PERMISSIONS.customer_support).toEqual(
-      expect.arrayContaining([
-        PERMISSIONS.CREATE_FEEDBACK,
-        PERMISSIONS.SUBMIT_ON_BEHALF,
-      ]),
-    );
-    expect(ROLE_PERMISSIONS.customer).toEqual(
-      expect.arrayContaining([PERMISSIONS.CREATE_FEEDBACK]),
-    );
-  });
-  it("checks permissions by role", () => {
-    expect(hasPermission("admin", PERMISSIONS.MANAGE_ORG)).toBe(true);
-    expect(hasPermission("developer", PERMISSIONS.DELETE_FEEDBACK)).toBe(false);
-    expect(hasPermission("customer", PERMISSIONS.CREATE_FEEDBACK)).toBe(true);
-  });
-  it("checks submit-on-behalf permission", () => {
-    expect(canSubmitOnBehalf("customer_support")).toBe(true);
-    expect(canSubmitOnBehalf("customer")).toBe(false);
-  });
-});
-```
-**Step 2: Run test to verify it fails**
-Run: `bun test tests/lib/permissions.test.ts`
-Expected: FAIL because `@/lib/auth/permissions` does not exist.
-**Step 3: Commit**
-```bash
-git add tests/lib/permissions.test.ts
-git commit -m "test: add permissions coverage"
-```
-### Task 2: Implement permissions module
-**Files:**
-- Create: `lib/auth/permissions.ts`
-**Step 1: Write minimal implementation**
-```typescript
-export type UserRole =
-  | "admin"
-  | "product_manager"
-  | "developer"
-  | "customer_support"
-  | "customer";
-export const PERMISSIONS = {
-  CREATE_FEEDBACK: "create_feedback",
-  SUBMIT_ON_BEHALF: "submit_on_behalf",
-  DELETE_FEEDBACK: "delete_feedback",
-  MANAGE_ORG: "manage_org",
-} as const;
-export type Permission = (typeof PERMISSIONS)[keyof typeof PERMISSIONS];
-export const ROLE_PERMISSIONS: Record<UserRole, Permission[]> = {
-  admin: [
-    PERMISSIONS.CREATE_FEEDBACK,
-    PERMISSIONS.SUBMIT_ON_BEHALF,
-    PERMISSIONS.DELETE_FEEDBACK,
-    PERMISSIONS.MANAGE_ORG,
-  ],
-  product_manager: [
-    PERMISSIONS.CREATE_FEEDBACK,
-    PERMISSIONS.SUBMIT_ON_BEHALF,
-    PERMISSIONS.DELETE_FEEDBACK,
-  ],
-  developer: [PERMISSIONS.CREATE_FEEDBACK],
-  customer_support: [
-    PERMISSIONS.CREATE_FEEDBACK,
-    PERMISSIONS.SUBMIT_ON_BEHALF,
-  ],
-  customer: [PERMISSIONS.CREATE_FEEDBACK],
-};
-export function hasPermission(role: UserRole, permission: Permission): boolean {
-  return ROLE_PERMISSIONS[role]?.includes(permission) ?? false;
-}
-export function canSubmitOnBehalf(role: UserRole): boolean {
-  return hasPermission(role, PERMISSIONS.SUBMIT_ON_BEHALF);
-}
-```
-**Step 2: Run test to verify it passes**
-Run: `bun test tests/lib/permissions.test.ts`
-Expected: PASS
-**Step 3: Commit**
-```bash
-git add lib/auth/permissions.ts
-git commit -m "feat: add rbac permissions module"
-```
-### Task 3: Role validation
-**Files:**
-- Create: `tests/lib/user-role-schema.test.ts`
-- Modify: `lib/validations/auth.ts`
-**Step 1: Write the failing test**
-```typescript
-import { describe, expect, it } from "bun:test";
-import { userRoleSchema } from "@/lib/validations/auth";
-describe("userRoleSchema", () => {
-  it("accepts known roles", () => {
-    expect(userRoleSchema.safeParse("customer").success).toBe(true);
-    expect(userRoleSchema.safeParse("admin").success).toBe(true);
-    expect(userRoleSchema.safeParse("product_manager").success).toBe(true);
-    expect(userRoleSchema.safeParse("developer").success).toBe(true);
-    expect(userRoleSchema.safeParse("customer_support").success).toBe(true);
-  });
-  it("rejects unknown roles", () => {
-    expect(userRoleSchema.safeParse("guest").success).toBe(false);
-  });
-});
-```
-**Step 2: Run test to verify it fails**
-Run: `bun test tests/lib/user-role-schema.test.ts`
-Expected: FAIL because `userRoleSchema` is missing.
-**Step 3: Write minimal implementation**
-```typescript
-import { z } from "zod";
-export const userRoleSchema = z.enum([
-  "admin",
-  "product_manager",
-  "developer",
-  "customer_support",
-  "customer",
-]);
-export type UserRoleInput = z.infer<typeof userRoleSchema>;
-```
-(Add the above to `lib/validations/auth.ts` while keeping existing schemas.)
-**Step 4: Run test to verify it passes**
-Run: `bun test tests/lib/user-role-schema.test.ts`
-Expected: PASS
-**Step 5: Commit**
-```bash
-git add tests/lib/user-role-schema.test.ts lib/validations/auth.ts
-git commit -m "feat: add user role validation"
-```
-### Task 4: User schema role column
-**Files:**
-- Create: `tests/lib/user-schema.test.ts`
-- Modify: `lib/db/schema/auth.ts`
-**Step 1: Write the failing test**
-```typescript
-import { describe, expect, it } from "bun:test";
-import { user } from "@/lib/db/schema";
-describe("user schema", () => {
-  it("includes role column", () => {
-    expect(user.role).toBeDefined();
-  });
-});
-```
-**Step 2: Run test to verify it fails**
-Run: `bun test tests/lib/user-schema.test.ts`
-Expected: FAIL because `user.role` is undefined.
-**Step 3: Write minimal implementation**
-```typescript
-role: text("role").notNull().default("customer"),
-```
-(Add to `lib/db/schema/auth.ts` in the `user` table definition.)
-**Step 4: Run test to verify it passes**
-Run: `bun test tests/lib/user-schema.test.ts`
-Expected: PASS
-**Step 5: Commit**
-```bash
-git add tests/lib/user-schema.test.ts lib/db/schema/auth.ts
-git commit -m "feat: add user role column"
-```
----
-**Plan complete and saved to `docs/plans/2026-01-03-roles-permissions.md`. Two execution options:**
-**1. Subagent-Driven (this session)** - I dispatch fresh subagent per task, review between tasks, fast iteration
-**2. Parallel Session (separate)** - Open new session with executing-plans, batch execution with checkpoints
-**Which approach?**

package/docs/plans/2026-01-05-authentication-middleware.md DELETED Viewed

@@ -1,207 +0,0 @@
-# Authentication Middleware Implementation Plan
-> **For Claude:** REQUIRED SUB-SKILL: Use superpowers:executing-plans to implement this plan task-by-task.
-**Goal:** Add session-aware auth guarding in Next.js middleware so `/dashboard` and `/feedback` require login while `/login`, `/register`, `/invite/*`, and `/api/auth/*` stay public, without breaking existing request-id/logging behavior.
-**Architecture:** Keep the current global middleware (for `x-request-id` and request logging) and add a protected-route check inside it. Implement a small `getServerSession` helper that wraps `better-auth`’s `auth.api.getSession({ headers })` so middleware can request session data from `NextRequest` headers. Only protected routes trigger session checks; public routes pass through.
-**Tech Stack:** Next.js App Router middleware, TypeScript, better-auth, Bun test runner.
-### Task 1: Add middleware auth behavior tests (failing first)
-**Files:**
-- Modify: `middleware.test.ts`
-**Step 1: Write the failing tests**
-Add tests that cover:
-- Protected route unauthenticated → redirect to `/login`
-- Public route unauthenticated → allowed
-- Protected route authenticated → allowed
-```ts
-import { describe, it, expect, mock } from "bun:test";
-import { NextRequest } from "next/server";
-mock.module("@/lib/auth/session", () => ({
-  getServerSession: async (req: NextRequest) => {
-    const isAuthed = req.headers.get("x-test-auth") === "1";
-    return isAuthed ? { user: { id: "u_test" } } : null;
-  },
-}));
-const { middleware } = await import("./middleware");
-describe("middleware auth", () => {
-  it("redirects unauthenticated users from protected routes", async () => {
-    const req = new NextRequest("http://localhost/dashboard");
-    const res = await middleware(req);
-    expect(res.headers.get("location")).toBe("http://localhost/login");
-  });
-  it("allows unauthenticated users on public routes", async () => {
-    const req = new NextRequest("http://localhost/login");
-    const res = await middleware(req);
-    expect(res.headers.get("location")).toBeNull();
-  });
-  it("allows authenticated users on protected routes", async () => {
-    const req = new NextRequest("http://localhost/dashboard", {
-      headers: { "x-test-auth": "1" },
-    });
-    const res = await middleware(req);
-    expect(res.headers.get("location")).toBeNull();
-  });
-});
-```
-**Step 2: Run test to verify it fails**
-Run: `bun test middleware.test.ts`
-Expected: FAIL because middleware does not yet enforce auth redirect.
-**Step 3: Commit**
-```bash
-git add middleware.test.ts
-git commit -m "test: cover auth redirect behavior in middleware"
-```
-### Task 2: Implement getServerSession helper
-**Files:**
-- Create: `lib/auth/session.ts`
-**Step 1: Write the failing test (optional if skipping unit test)**
-If adding a unit test, create `tests/auth/session.test.ts` verifying `getServerSession` returns `null` when no session is found. Otherwise, proceed to implementation and rely on middleware tests.
-**Step 2: Run test to verify it fails**
-Run (if test added): `bun test tests/auth/session.test.ts`
-Expected: FAIL because helper does not exist.
-**Step 3: Write minimal implementation**
-```ts
-import type { NextRequest } from "next/server";
-import { auth } from "@/lib/auth/config";
-export async function getServerSession(req: NextRequest) {
-  return auth.api.getSession({ headers: req.headers });
-}
-```
-**Step 4: Run test to verify it passes**
-Run: `bun test tests/auth/session.test.ts`
-Expected: PASS (if test added).
-**Step 5: Commit**
-```bash
-git add lib/auth/session.ts tests/auth/session.test.ts
-git commit -m "feat: add getServerSession helper for middleware"
-```
-### Task 3: Enforce authentication in middleware
-**Files:**
-- Modify: `middleware.ts`
-**Step 1: Write the failing test (already in Task 1)**
-Use the tests from Task 1; they should still be failing.
-**Step 2: Run test to verify it fails**
-Run: `bun test middleware.test.ts`
-Expected: FAIL because `/dashboard` is not redirected yet.
-**Step 3: Write minimal implementation**
-Update middleware to:
-- Define `publicRoutes` and `protectedRoutes` lists
-- Skip session check for public routes
-- For protected routes, call `getServerSession(req)` and redirect if falsy
-- Preserve existing `x-request-id` and logging behavior
-```ts
-import { NextRequest, NextResponse } from "next/server";
-import { generateRequestId } from "@/lib/middleware/request-id";
-import { logRequest, logResponse } from "@/lib/middleware/request-logger";
-import { getServerSession } from "@/lib/auth/session";
-const publicRoutes = ["/login", "/register", "/invite", "/invite/", "/api/auth"];
-const protectedRoutes = ["/dashboard", "/feedback"];
-function isRouteMatch(pathname: string, routes: string[]) {
-  return routes.some((route) => pathname === route || pathname.startsWith(route));
-}
-export async function middleware(req: NextRequest) {
-  const startTime = Date.now();
-  const reqId = req.headers.get("x-request-id") || generateRequestId();
-  const requestHeaders = new Headers(req.headers);
-  requestHeaders.set("x-request-id", reqId);
-  logRequest(new Request(req.url, { method: req.method, headers: requestHeaders }));
-  const pathname = req.nextUrl.pathname;
-  const isPublic = isRouteMatch(pathname, publicRoutes);
-  const isProtected = isRouteMatch(pathname, protectedRoutes);
-  let response = NextResponse.next({
-    request: {
-      headers: requestHeaders,
-    },
-  });
-  if (isProtected && !isPublic) {
-    const session = await getServerSession(req);
-    if (!session) {
-      response = NextResponse.redirect(new URL("/login", req.url));
-    }
-  }
-  response.headers.set("x-request-id", reqId);
-  const duration = Date.now() - startTime;
-  logResponse(reqId, response.status, duration);
-  return response;
-}
-```
-**Step 4: Run test to verify it passes**
-Run: `bun test middleware.test.ts`
-Expected: PASS
-**Step 5: Commit**
-```bash
-git add middleware.ts
-git commit -m "feat: enforce auth on protected routes in middleware"
-```
-### Task 4: Full validation
-**Files:**
-- None
-**Step 1: Run lint and tests**
-Run: `bun run lint`
-Expected: PASS
-Run: `bun test`
-Expected: PASS
-**Step 2: Commit (if any fixes were made)**
-```bash
-git add .
-git commit -m "chore: fix lint/test issues"
-```

package/docs/plans/2026-01-05-member-removal.md DELETED Viewed

@@ -1,186 +0,0 @@
-# Member Removal Implementation Plan
-> **For Claude:** REQUIRED SUB-SKILL: Use superpowers:executing-plans to implement this plan task-by-task.
-**Goal:** Allow organization admins to remove members while preventing removal of the last admin or self-removal.
-**Architecture:** Add a DELETE handler using the existing build*Handler pattern and Drizzle queries for role checks and deletion. Render a server-fetched members list in the org settings page, and use a client component with a confirmation dialog to call the DELETE API and update local state.
-**Tech Stack:** Next.js App Router (RSC), TypeScript, Drizzle ORM, Bun test runner, shadcn/ui components.
-### Task 1: Add member removal API (handler + route)
-**Files:**
-- Create: `app/api/organizations/[orgId]/members/[memberId]/handler.ts`
-- Create: `app/api/organizations/[orgId]/members/[memberId]/route.ts`
-- Test: `tests/api/organization-members.test.ts`
-**Step 1: Write the failing tests**
-```ts
-import { describe, expect, it } from "bun:test";
-import { buildRemoveMemberHandler } from "@/app/api/organizations/[orgId]/members/[memberId]/handler";
-import { organizationMembers } from "@/lib/db/schema";
-// Tests:
-// - 401 when unauthenticated
-// - 403 when requester is not admin
-// - 404 when target member not found
-// - 400 when target is last admin (message: 组织至少需要一个管理员)
-// - 400 when requester tries to remove self (message: 不能移除自己)
-// - 200 on success and delete called
-```
-**Step 2: Run test to verify it fails**
-Run: `bun test tests/api/organization-members.test.ts`
-Expected: FAIL with "buildRemoveMemberHandler is not defined" (or module not found).
-**Step 3: Write minimal implementation**
-```ts
-export function buildRemoveMemberHandler(deps: RemoveMemberDeps) {
-  return async function DELETE(req: Request, context: { params: { orgId: string; memberId: string } }) {
-    const session = await deps.auth.api.getSession({ headers: req.headers });
-    if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
-    const { orgId, memberId } = await Promise.resolve(context.params);
-    if (memberId === session.user.id) {
-      return NextResponse.json({ error: "不能移除自己" }, { status: 400 });
-    }
-    const [requester] = await deps.db
-      .select()
-      .from(organizationMembers)
-      .where(and(eq(organizationMembers.organizationId, orgId), eq(organizationMembers.userId, session.user.id)))
-      .limit(1);
-    if (!requester || requester.role !== "admin") {
-      return NextResponse.json({ error: "Forbidden" }, { status: 403 });
-    }
-    const [target] = await deps.db
-      .select()
-      .from(organizationMembers)
-      .where(and(eq(organizationMembers.organizationId, orgId), eq(organizationMembers.userId, memberId)))
-      .limit(1);
-    if (!target) {
-      return NextResponse.json({ error: "Member not found" }, { status: 404 });
-    }
-    const [adminCount] = await deps.db
-      .select({ count: count() })
-      .from(organizationMembers)
-      .where(and(eq(organizationMembers.organizationId, orgId), eq(organizationMembers.role, "admin")));
-    if (target.role === "admin" && adminCount.count === 1) {
-      return NextResponse.json({ error: "组织至少需要一个管理员" }, { status: 400 });
-    }
-    await deps.db
-      .delete(organizationMembers)
-      .where(and(eq(organizationMembers.organizationId, orgId), eq(organizationMembers.userId, memberId)));
-    return NextResponse.json({ message: "成员已移除" }, { status: 200 });
-  };
-}
-```
-**Step 4: Run test to verify it passes**
-Run: `bun test tests/api/organization-members.test.ts`
-Expected: PASS
-**Step 5: Commit**
-```bash
-git add app/api/organizations/[orgId]/members/[memberId]/handler.ts app/api/organizations/[orgId]/members/[memberId]/route.ts tests/api/organization-members.test.ts
-git commit -m "feat: add member removal API"
-```
-### Task 2: Render member list and removal UI
-**Files:**
-- Modify: `app/(dashboard)/settings/organizations/[orgId]/members/page.tsx`
-- Create: `components/settings/organization-members-list.tsx`
-**Step 1: Add a server-side members query**
-```ts
-const members = db
-  ? await db
-      .select({
-        userId: organizationMembers.userId,
-        role: organizationMembers.role,
-        name: user.name,
-        email: user.email,
-      })
-      .from(organizationMembers)
-      .leftJoin(user, eq(user.id, organizationMembers.userId))
-      .where(eq(organizationMembers.organizationId, params.orgId))
-  : [];
-```
-**Step 2: Implement client list with removal**
-```tsx
-<AlertDialog>
-  <AlertDialogTrigger asChild>
-    <Button variant="destructive">移除</Button>
-  </AlertDialogTrigger>
-  <AlertDialogContent>
-    <AlertDialogTitle>确认移除？</AlertDialogTitle>
-    <AlertDialogAction onClick={() => removeMember(member.userId)}>确认</AlertDialogAction>
-  </AlertDialogContent>
-</AlertDialog>
-```
-**Step 3: Disable remove for self**
-```ts
-const isSelf = member.userId === currentUserId;
-<Button disabled={isSelf}>移除</Button>
-```
-**Step 4: Run UI smoke check**
-Run: `bun dev`
-Expected: Members page shows list, remove button opens confirmation, success removes row from UI.
-**Step 5: Commit**
-```bash
-git add app/(dashboard)/settings/organizations/[orgId]/members/page.tsx components/settings/organization-members-list.tsx
-git commit -m "feat: render members list with removal UI"
-```
-### Task 3: Edge cases + validation
-**Files:**
-- Modify: `tests/api/organization-members.test.ts`
-**Step 1: Add edge-case tests (self-removal + missing member)**
-```ts
-it("rejects removing self", async () => {
-  // expect 400 "不能移除自己"
-});
-it("returns 404 when target member missing", async () => {
-  // expect 404
-});
-```
-**Step 2: Run test suite**
-Run: `bun test tests/api/organization-members.test.ts`
-Expected: PASS
-**Step 3: Commit**
-```bash
-git add tests/api/organization-members.test.ts
-git commit -m "test: cover member removal edge cases"
-```