- US-001: mută queue_client.py în data_entry/services/ocr/
- US-002/003/004: oracle_receipt_writer + oracle_server_id în DB
- US-005: receipt_handlers.py (PDF/photo/callback flow)
- US-006: wire handlers în main.py, per-schema connect, seq_cod.nextval
- US-007: .gitignore secrets/*.oracle_pass
- US-008/009/010: teste unit + integration + E2E
- setup-secrets.sh helper + template
- docs/telegram/README.md actualizat cu arhitectura nouă
Testat E2E pe DB live (MARIUSM_AUTO). COD din seq_cod.nextval.
pypdfium2 fallback pentru PDF decode (fără poppler).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Fix UnicodeEncodeError in OCR worker subprocesses on Windows: spawned processes
with 'spawn' context inherit charmap (CP1252) encoding, causing crashes when
printing Romanian diacritics (ș, ț, ă) from OCR-extracted text.
Fix: reconfigure sys.stdout/sys.stderr to UTF-8 in _worker_initializer().
- Add *.db-wal and *.db-shm to .gitignore for SQLite WAL mode auxiliary files.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Complete implementation of multi-server Oracle database support:
Backend:
- Multi-pool Oracle with lazy loading per server
- Email-to-server cache for automatic server discovery
- JWT tokens include server_id claim
- /auth/check-identity and /auth/check-email endpoints
- /auth/my-servers endpoint for listing user's accessible servers
- Server switch with password re-authentication
Frontend:
- New ServerSelector component for header dropdown
- Multi-step login flow (identity → server → password)
- Server switching from header with password modal
- Mobile drawer menu with server selection
- Dark mode support for all new components
- URL bookmark support with ?server= query param
Scripts:
- Unified start.sh replacing start-prod.sh/start-test.sh
- Unified ssh-tunnel.sh with multi-server support
- Updated status.sh for new architecture
Tests:
- E2E tests for multi-server and single-server login flows
- Backend unit tests for all new endpoints
- Oracle multi-pool integration tests
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Consolidate 3 separate applications (reports-app, data-entry-app, telegram-bot) into a unified
architecture with single backend and frontend:
Backend Changes:
- Unified FastAPI backend at backend/ with modular structure
- Modules: reports, data_entry, telegram in backend/modules/
- Centralized config.py and main.py with all routers registered
- Single worker mode (--workers 1) for Telegram bot compatibility
- Shared Oracle connection pool and JWT authentication
- Unified requirements.txt and environment configuration
Frontend Changes:
- Single Vue.js SPA with module-based routing
- Unified frontend at src/ with modules in src/modules/{reports,data-entry}/
- Shared components and stores in src/shared/
- Error boundaries for module isolation
- Dual API proxy in Vite for module communication
Infrastructure:
- New unified startup scripts: start-prod.sh, start-test.sh, start-backend.sh
- Environment templates: .env.dev.example, .env.test.example, .env.prod.example
- Updated deployment scripts for Windows IIS
- Simplified SSH tunnel management
Documentation:
- Comprehensive CLAUDE.md with architecture overview
- Module-specific docs in docs/{data-entry,telegram}/
- Architecture decision records in docs/ARCHITECTURE-DECISIONS.md
- Deployment guides consolidated in deployment/windows/docs/
This migration reduces complexity, improves maintainability, and enables easier
deployment while maintaining all existing functionality.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Data Entry App:
- Fix shared path finding for both dev and production environments
- Add base URL support for IIS subdirectory deployment (/data-entry/)
- Use import.meta.env.BASE_URL in router for correct path handling
- Add email-validator and python-jose dependencies
Deployment Scripts:
- Enhance Build-ROA2WEB.ps1 with improved build process
- Update ROA2WEB-Console.ps1 with Data Entry support
- Improve Publish-And-Deploy.ps1 deployment workflow
- Update deploy-config.json with new settings
Gitignore:
- Add more build cache patterns to ignore
- Add temp frontend build directories
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Implements secure backup system for environment configuration files (.env, .env.prod)
containing sensitive credentials using AES-256-CBC encryption with OpenSSL.
New utilities:
- scripts/backup-secrets.sh: Encrypts and backs up all .env files to timestamped directory
- scripts/restore-secrets.sh: Decrypts and restores .env files from backup
- scripts/README.md: Complete documentation with usage examples and best practices
Features:
- AES-256-CBC encryption with PBKDF2 key derivation (strong encryption)
- Interactive password prompts with confirmation
- Non-interactive mode via BACKUP_PASSWORD environment variable
- Automatic README generation in each backup with restore instructions
- Color-coded output for better UX
- Validation and error handling
Backup structure:
secrets-backup/
└── YYYY-MM-DD_HH-MM-SS/
├── backend-.env.enc
├── backend-.env.prod.enc
├── telegram-bot-.env.enc
├── telegram-bot-.env.prod.enc
└── README.md
Updated .gitignore to allow committing encrypted .gpg/.enc files while
blocking decrypted .env files in secrets-backup directory.
Usage:
./scripts/backup-secrets.sh # Create encrypted backup
./scripts/restore-secrets.sh [backup-date] # Restore from backup
Tested with OpenSSL (pre-installed on most systems). Provides secure way to
version control and sync credentials across development and production environments.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added essential configuration templates that were missing from the
repository due to overly restrictive .gitignore patterns.
Changes to .gitignore:
- Added negation patterns for .env.example files
- Added negation patterns for .dockerignore files
- These are safe template files with placeholder values
Files added:
- .env.example (root): Main environment configuration template
- reports-app/backend/.env.example: Backend configuration template
- reports-app/frontend/.env.example: Frontend configuration template
- reports-app/telegram-bot/.env.example: Telegram bot config template
- reports-app/telegram-bot/.dockerignore: Docker build exclusions
These template files help developers quickly set up their local
development environment by copying and customizing them.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
This commit addresses the overly restrictive .gitignore pattern that
was excluding all test files (test_*.py), including legitimate pytest
and unittest test suites essential for code quality and CI/CD.
Changes to .gitignore:
- Added negation patterns !**/tests/test_*.py and !**/test_*.py
to allow proper test files while still blocking temporary scripts
- This enables pytest test suites to be tracked by git
Added test files (17 files):
Telegram Bot Tests (15 files):
- reports-app/telegram-bot/tests/test_auth.py
Tests for authentication and account linking flow
- reports-app/telegram-bot/tests/test_callbacks.py
Tests for callback query handlers
- reports-app/telegram-bot/tests/test_formatters.py
Tests for message formatting utilities
- reports-app/telegram-bot/tests/test_formatters_extended.py
Extended formatter tests
- reports-app/telegram-bot/tests/test_handlers_menu.py
Tests for menu handlers
- reports-app/telegram-bot/tests/test_helpers.py
Tests for helper functions
- reports-app/telegram-bot/tests/test_helpers_extended.py
Extended helper tests
- reports-app/telegram-bot/tests/test_helpers_real.py
Real integration tests for helpers
- reports-app/telegram-bot/tests/test_helpers_real_simple.py
Simplified integration tests
- reports-app/telegram-bot/tests/test_login_flow.py
Complete login flow integration tests
- reports-app/telegram-bot/tests/test_menus.py
Menu system tests
- reports-app/telegram-bot/tests/test_session_company.py
Session and company management tests
- reports-app/telegram-bot/test_claude_integration.py
Manual integration test (Claude AI)
- reports-app/telegram-bot/test_claude_response.py
Response formatting test
- reports-app/telegram-bot/test_db.py
Database operations manual test
Shared Module Tests (2 files):
- shared/auth/test_auth.py
Authentication system tests
- shared/database/test_pool.py
Oracle connection pool tests
Security verification:
✅ All test files use mock objects, fixtures, and environment variables
✅ No hardcoded credentials or secrets found
✅ Safe for version control
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
This commit fixes overly broad .gitignore patterns that were excluding
important source code files from version control. Previously, wildcard
patterns like *auth*, *token*, *secret*, *connection*, and *credential*
were excluding ALL files containing these words, including critical
application code.
Changes:
- Updated .gitignore with specific patterns for sensitive config files
(*.json, *.txt, *.yml, *.yaml extensions only)
- Removed broad wildcards that excluded source code files
Added missing source files:
- shared/auth/ (9 files): Complete authentication system
- JWT handler, middleware, auth service, models, routes
- reports-app/backend/app/routers/auth.py: Authentication API router
- reports-app/backend/app/auth_middleware_wrapper.py: Middleware wrapper
- reports-app/frontend/src/stores/auth.js: Vue.js auth store
- reports-app/frontend/tests/: E2E tests and fixtures for auth
- reports-app/telegram-bot/app/auth/: Telegram auth linking module
- deployment/windows/scripts/Setup-ClaudeAuth.ps1: Windows deployment script
- security/secrets_scanner.py: Security scanning utility
These files are essential for the application to function and should
have been included in the initial commit.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
