Sprint History
Changelog
All notable changes to Submicron Central System will be documented here. This project follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/) and will use semantic version
Use this when you need a quick orientation to Sprint History.
All notable changes to Submicron Central System will be documented here. This project follows Keep a Changelog and will use semantic versioning once releases begin.
[Unreleased]
Added
- Sprint 24 actual staging deployment and staging QA preparation with a documented Docker-host/VPS staging target for
https://staging-app.submicrons.net, optional safe staging demo-user seeding, stricter staging environment validation, staging smoke-test command support, expanded local smoke coverage for logout and health/readiness endpoints, staging deployment/QA/runbook docs, manager rehearsal guidance, disabled-integration checklist, UX package metadata, and continued no-production/no-real-data/no-external-integration boundaries. - Sprint 22 UX review package, deal pipeline refinement, quote-set comparison, draft-only technical/commercial proposal summaries, customization foundation, marketing readiness placeholders, idempotent sample data, docs, tests, and safety boundaries with no external sending, autonomous actions, production deployment, or production secrets.
- Sprint 22B remediation for UX screenshot generation, Agent Run detail human summaries, smoke-test reliability, recommended/customer-selected quote badges, richer multi-quote comparison, proposal summary visibility from quotes, saveable customization controls, docs, and local-review policy.
- Sprint 23 staging deployment and operational readiness foundation with local/test/staging env templates, staging env validation, Docker/container strategy files, safe health/readiness endpoints, structured redacted logging, root error fallback, migration/seed/backup/restore/deployment/rollback/domain/demo-user docs, operational runbooks, CI staging-readiness checks, and continued no-production/no-external-integration boundaries.
- Sprint 23 documentation portal UX refinement with role-based reading paths, permanent-doc versus sprint-history separation, document metadata/status classification, search and filters, docs freshness dashboard, richer cards with Developer Details, improved reading pages with table of contents and related docs, documentation maintenance guides, and smoke coverage for portal navigation.
- Sprint 23 staging UX review remediation with expanded UX screenshot coverage, shared authenticated mobile shell/navigation, Command Center section jumps, grouped Settings customization controls, deal actionability badges, and missing-cost quote margin review labels.
- Sprint 21C corrective pass for remaining QA blockers: CRM company/lead/opportunity detail pages with internal comment panels, Developer details consistency for older snapshot/version/prompt payloads, mobile notification bell smoke coverage, docs, and tests.
- Sprint 21B corrective pass for partial QA items: manager-friendly summaries before developer payloads, Command Center high-priority task section, Approval Center domain bridge queues, permission-aware notification bell, expanded source-linked comments on priority detail records, stricter System Settings gates, docs, and tests.
- Sprint 21 UX work coordination and manager rehearsal foundation with global Task, Notification, Comment, Mention, ManagerRehearsalChecklist, and ManagerRehearsalItem models, expanded ApprovalRequest metadata, migration, idempotent seed data, task queues, unified Approval Center, internal Notification Center, record-linked comments/mentions, Settings/System Admin overhaul, Command Center work-coordination metrics, manager rehearsal checklist/feedback, docs, unit tests, and smoke coverage.
- Added logistics/fleet readiness placeholders across tasks, approvals, notifications, settings, Command Center, and manager rehearsal without adding a full logistics module, GPS, maps, driver app, or automated delivery messaging.
- Sprint 20 engineering quality foundation with real ESLint linting, Vitest unit tests, Playwright smoke tests, environment validation, seed idempotency verification, Prisma migration-status script, GitHub Actions CI, PR/release/security/documentation/testing checklists, docs app pages, README updates, and no production deployment or external integrations.
- Sprint 19 controlled communication draft outbox with CommunicationOutboxItem, CommunicationMessageVersion, CommunicationTemplate, CommunicationSendLog, and CommunicationReview models, communication permissions, manual-only copy/send workflow, approved-draft conversion, review queue, templates, channel placeholders, Command Center metrics, seed data, docs, and strict no-external-send boundaries.
- Sprint 18 AI-assisted workflow draft generation and approval queues with AgentWorkflowDraft, AgentWorkflowDraftVersion, and AgentDraftReview models, draft/review permissions, source-linked draft generation, human review statuses, Command Center draft metrics, seeded sample drafts, docs, and strict draft-only safety boundaries.
- Sprint 17B corrective pass for agent governance with
agents.managecreate/edit workflows, approval-gated high-risk configuration, deterministic missing-information request generation during safe assistant runs, human-approved agent memory notes, updated docs/runbook, and LAN verification documentation. - Sprint 17 AI agent governance foundation with AgentProfile, AgentCapability, AgentTool, AgentGuardrail, AgentPrompt/Version, AgentRun/Step, AgentActionProposal, AgentInformationRequest, AgentHandoff, AgentEvaluation, and AgentMemoryNote models, migration, permissions, idempotent seeds, protected pages, Command Center metrics/actions, deterministic local assistant summaries, and documentation.
- Default local-only internal assistants for Founder Chief-of-Staff and Read-Only Company Assistant plus registered/disabled future agent profiles, disabled high-risk tools, blocking guardrails, prompt versioning, run logs, human proposal workflows, information requests, handoffs, evaluations, and memory notes.
- Provider-disabled
@submicron/ai-agentsboundary with deterministic draft helpers and explicit Sprint 17 safety checks; no real AI API keys, external integrations, autonomous agents, production secrets, live sync, customer messaging, or code execution.
- Sprint 16B corrective alignment for exact DataQualityRule, DuplicateReviewCase, RecordOwnershipReview, StaffOnboardingChecklist/Item, StaffUsageMetric, and DailyOperatingChecklist/Item models with additive migration, idempotent seeds, exact
data_quality.approveandadoption.*permissions, missing routes, Command Center metrics/actions, LAN-safe sign-out fallback, and updated docs. - Sprint 16 Data Quality, Duplicate Review, Record Verification, Staff Adoption, Daily Checklist, and System QA issue tracking foundation with new models, migration, RBAC permissions, protected pages, activity logs, and documentation.
- Docs app sections for Data Quality, Duplicate Review, Record Verification, Staff Adoption, Daily Checklist, and System QA issue tracking.
- Sprint 15 local-only real-data import review for CRM and Product CSV/XLSX exports, including ignored local file detection, Git safety cards, header detection, column normalization, blank/template/repeated-header row skipping, mapping suggestions, validation, duplicate candidates, and dry-run staging.
- CRM real import review for Company, Contact, and Lead plus Product real import review for ProductCategory, Product, Supplier, and ProductAlias using existing import approvals and Sprint 14 safe execution modes.
- Post-import verification report page, source-of-truth migration status advancement to
PARTIALLY_MIGRATEDwithout automatic retirement, and Command Center real-import/source-migration alerts/actions. - Real-data import documentation for local file safety, CRM/product guides, validation rules, duplicate handling, verification, source-of-truth migration updates, and permissions.
- Sprint 14 controlled legacy import execution models for executions, execution rows, generic record links, conflicts, rollback references, and post-import verification.
- Approval-gated safe execution modes: create only, create or skip duplicate, update empty fields only, link existing only, and dry run.
- Preflight safety checks for approved batch/mapping status, allowed Sprint 14 targets, critical validation blockers, unsafe duplicate policies, and execute permissions.
- Low-risk import execution support for Company, Contact, Lead, ProductCategory, Product, Supplier, ProductAlias, KnowledgeRecord, SopRecord, DecisionRecord, SourceOfTruthRecord, and DataDictionaryEntry.
- Duplicate detection, conflict recording, target record linking, rollback reference metadata, post-import verification, activity logs, and migration audit logs for controlled import execution.
- Import execution, new execution, detail, execution rows, conflicts, rollback references, and post-import verification pages, plus Command Center import execution alerts/actions and source-of-truth execution visibility.
imports.executeandimports.rollbackpermissions plus local-only approved controlled import sample batches for Sprint 14.- Controlled import execution documentation for workflow, safe modes, duplicate handling, conflict handling, rollback references, verification, allowed/blocked targets, permissions, and local development.
- Sprint 13 DriveFileRecord, LegacySheetRecord, ImportSource, ImportMapping, ImportColumnMapping, ImportBatch, ImportRow, ImportValidationIssue, ImportDuplicateCandidate, and MigrationAuditLog models and migration.
- Permission-gated Drive/legacy import staging overview, registries, import sources, mappings, column editor, preview, validation, duplicate, approval, and migration audit pages.
- Deterministic staging-only mapping, preview, validation, duplicate detection, dry-run, approval, activity-log, and migration-audit workflows with no production import mutation.
- Source-of-truth import status visibility, Command Center import alerts/actions, baseline source registry seeds, opt-in local import sample data, and placeholder-only Google Drive environment variables.
- Sprint 12 knowledge-record, collection, tag, SOP, decision, data-dictionary, source-of-truth, entity-link, search-index, and document-index placeholder models and migration.
- Permission-gated global simple text search across CRM, audit, quote, document, finance, project, support, inventory, knowledge, SOP, decision, and source-of-truth records.
- Knowledge overview, records, collections, tags, SOP registry, decision records, data dictionary, source-of-truth, entity links, and document-index placeholder pages.
- Deterministic source-of-truth and data-dictionary seeds plus opt-in local knowledge sample data.
- Command Center knowledge/source-of-truth review alerts and required actions without AI, vector search, or external service sync.
- Sprint 11 system-alert, required-action, executive-snapshot, and dashboard-preference models and migration.
- Permission-gated executive command center, system alert, required action, activity stream, snapshot, and customer 360 pages.
- Rule-based cross-module KPI summaries spanning sales, audit, quote/document, finance, project, support, and inventory foundations.
- Manual intelligence refresh that upserts actionable alerts and required actions without AI, automation, or external integrations.
- Customer 360, activity stream filters, dashboard preference persistence, opt-in local command-center sample data, and command-center documentation.
- Sprint 10 product, product-category, supplier, stock-location, inventory-item, stock-movement, stock-reservation, price-history, alias, and product-document placeholder models and migration.
- Permission-gated inventory overview, product/detail, category, supplier, stock-item, location, movement, and reservation pages.
- Manual stock movement and reservation workflows with stock/value calculations, approval gates, activity logs, and no automatic stock deduction.
- Quote item product linking that preserves quote pricing plus quote/project/support inventory readiness visibility.
- Opt-in local inventory sample data and inventory workflow, data-model, quote-linking, permission, and local-development documentation.
- Sprint 9 installed-system, support-ticket/comment, maintenance-visit, warranty, and support-plan models and migration.
- Permission-gated support overview, ticket/detail, installed-system/detail, maintenance, warranty, and support-plan pages.
- Calendar-hour SLA defaults, overdue indicators, project-readiness acknowledgements, coverage visibility, and approval gates.
- Project and CRM support-history links plus opt-in local maintenance/support sample data and activity logging.
- Support workflow, installed-system, ticket, maintenance, warranty, plan, SLA, permission, and local-development documentation.
- Sprint 8 project, task, milestone, site-visit, installation-checklist, assignment, and risk models and migration.
- Permission-gated project overview, create, detail, task, milestone, visit, checklist, risk, and handover pages.
- Accepted-quote and eligible-invoice inheritance with explicit outstanding-payment warnings and source visibility.
- Generated installation checklist/milestone defaults, overdue-task and high-risk indicators, approval gates, and shared activity logging.
- Quote, invoice, and CRM related-project links plus opt-in local project operations seed data.
- Project workflow, data-model, checklist, visit, handover, risk, permission, and local-development documentation.
- Sprint 7 invoice, invoice-item, payment, receipt, expense, and payment-schedule models and migration.
- Permission-gated finance overview, invoice/detail, payment, receipt, expense, and installment pages with empty/loading/error states.
- Deterministic invoice totals and confirmed-payment-only balance/status calculations in
@submicron/finance-engine. - Approved/accepted quote inheritance, customer-safe receipts, shared activity logs, quote/document related-finance links, and opt-in local sample data.
- Finance workflow, model, calculation, payment/receipt, expense, permission, and local-development documentation.
- Sprint 6 document, document-version, and document-template models with generic approval-request relationships.
- Six snapshot-based document types with safe customer/internal field selection and Submicron branding placeholders.
- Permission-gated document overview, generation, detail, preview, versions, templates, print, and HTML download workflows.
- Document activity logging, customer-readiness guards, approval reuse, and Quote/Audit related-document visibility.
- Opt-in local document templates and document workflow, model, template, approval, permission, and local-development documentation.
- Sprint 5 quote, option, BOQ item, version, approval, and pricing snapshot models and migration.
- Deterministic BOQ cost, selling, discount, VAT, grand-total, and gross-margin calculations.
- Permission-gated quote overview, create, detail, edit, option, BOQ, version, and approval pages with lifecycle guards.
- Audit-backed quote inheritance, manual-quote warnings, CRM/audit related quote links, activity logging, and opt-in local sample quote data.
- Quote workflow, data-model, calculation, approval, permission, seed, and local-development documentation.
- Sprint 4 audit models for audits, load items, findings, and calculation snapshots.
- Audit lifecycle statuses, finding types/severities, load assessment calculations, generated warnings, and calculation history snapshots.
- Permission-gated audit overview, create, detail, edit, load-item, and finding pages with empty/loading/error states.
- Audit activity logging, CRM related-audit visibility, dashboard navigation, and opt-in local sample audit data.
- Audit README, workflow, data-model, calculation-assumption, permission, seed, and local-development documentation.
- Sprint 3 CRM models for companies, contacts, leads, opportunities, follow-ups, and CRM activity history.
- Twelve-stage CRM pipeline with assignments, next actions, outcomes, lost reasons, and overview metrics.
- Permission-gated CRM overview and record pages with create/edit forms, empty/loading/error states, and dashboard navigation.
- Transactional CRM and system activity logging plus opt-in local sample CRM data.
- CRM workflow, data-model, permission, and local-development documentation.
- PostgreSQL 17 Docker Compose service and root environment template.
- Prisma 7 schema, migration, generated-client workflow, and deterministic seed.
- Better Auth login/logout with database sessions and Next.js 16 route protection.
- Seeded RBAC roles/permissions, reusable authorization helpers, and settings placeholder.
- Structured activity logging and generic approval-request persistence foundations.
- Database, authentication, RBAC, seed, and local-development documentation.
- Initial pnpm and Turborepo monorepo foundation.
- Internal dashboard shell and documentation application.
- Database, UI, auth, shared, AI-agent, quote, audit, and document package boundaries.
- Contribution, security, pull request, and issue documentation.
Security
- Added environment validation that rejects missing auth/database settings, warns on placeholder-shaped local secrets, and rejects placeholder secrets in CI/production without printing secret values.
- Disabled public signup and external authentication providers.
- Added inactive-user session rejection, secure production cookies, origin/CSRF protection, rate limiting, and server-side permission checks.
- External services and production secrets are intentionally excluded from the foundation.
Fixed
- Marked LAN/mobile login QA as fixed and verified after localhost, loopback, LAN IP, and phone login confirmation.
- Documented and corrected local LAN/mobile login behavior so local development auth accepts localhost, loopback, and private LAN IP hosts on port
3000; login now has a POST fallback, same-host redirects, visible failure errors, and no password-bearing query fallback. - Loaded the shared root
.envin the web application so documented development and build commands receive the database and authentication configuration.
[0.1.0] - 2026-06-30
Added
- Repository foundation created.
Developer Details
- Source
- repo root/CHANGELOG.md
- Owner
- Module Owner
- Status
- Current
- Module
- Sprint History
- Related route
- None