Install symfony/monolog-bundle with rotating_file handlers.
Add named volume inventory_logs for prod log persistence.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The login rate limiter (5 req/min) was triggering 429 on most tests
since each test creates its own authenticated client via POST /api/session/profile.
Set limit to 10000 in test env so the full suite can run unthrottled.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Backend: MaintenanceModeListener blocks non-admin API requests when
var/maintenance flag file exists. MaintenanceController provides
toggle (PUT /api/admin/maintenance) and public check endpoint
(GET /api/maintenance/check).
- Frontend: Toggle button in admin page, maintenance.vue page for
blocked users, middleware redirects non-admins to /maintenance.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Same versioning system as SIRH/Lesstime. Updates nuxt.config.ts,
Dockerfile, deploy.sh, auto-tag CI, and release script.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
ModelType defines a formula with placeholders ({serie}{diametre}{type}).
ReferenceAutoGenerator resolves it from CustomFieldValues with trim+uppercase normalisation.
ReferenceAutoSubscriber (onFlush) recalculates on Piece/CFV insert/update/delete.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The mcp_auth rate limiter requires symfony/rate-limiter which is not
installed. Renamed to .disabled until the MCP stack is ready.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
McpBundle was registered but symfony/ai-mcp-bundle is not installed,
causing a critical error on boot. Disabled all MCP references:
- bundles.php: removed McpBundle
- mcp.yaml: renamed to mcp.yaml.disabled
- routes.yaml: removed mcp route
- services.yaml: commented McpHeaderAuthenticator, excluded src/Mcp/
- security.yaml: commented mcp firewall and access control
- phpunit.dist.xml: excluded tests/Mcp
All marked with TODO for re-enabling when the package is installed.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add selectedPieceId support to ComposantPieceSlotController
- Create ComposantProductSlotController and ComposantSubcomponentSlotController
- Add updateCustomFields() to SkeletonStructureService for managing CustomField entities
- Fix position/orderIndex fallback to array index in all 3 sync strategies
- Fix type comparison in ProductSyncStrategy for dual format support
- Update CLAUDE.md with new entities, controllers, and fixtures documentation
- Update frontend submodule with interactive slot selectors
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Implement the sync orchestrator that delegates to tagged strategies via
AutowireIterator, and the HTTP controller exposing sync-preview and sync
endpoints with transaction wrapping and role-based access control.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add color VARCHAR(7) column to sites entity
- Migration with IF NOT EXISTS for idempotence
- Update reference config
- Frontend: site color picker, dark mode, card styling improvements
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Update frontend submodule pointer to latest UI refactor.
Update config/reference.php with Symfony auto-generated changes.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Symfony's default session_fixation_strategy (migrate) regenerated the
session ID on every authenticated request, breaking concurrent API calls
from the SPA — only the first request succeeded, all others got 401.
The login controller already calls $session->migrate(true) explicitly,
so disabling automatic migration is safe.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Remove orphaned PUBLIC_ACCESS rule for deleted /api/test route
- Remove JWT login firewall (app is session-based only)
- Set APP_SECRET placeholder (real value must be in .env.local)
- Remove JWT env vars from .env
- Add session regeneration on login (prevent session fixation)
- Remove Document.path from API serialization groups (prevent path leak)
- Restrict health check details to ROLE_ADMIN (anonymes get status only)
- Add path traversal guard in DocumentStorageService
- Convert CreateProfileCommand password to interactive hidden prompt
- Restrict Profile Get endpoint to ROLE_ADMIN
- Change api firewall to stateless: false (matches session-based auth)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Register DAMADoctrineTestBundle for test env (transaction rollback)
- Update API Platform title/description, add pagination defaults
- Configure services for new controllers and commands
- Update makefile targets
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
