mporwoll/cms.c2sgmbh
1
0
Fork 0
mirror of https://github.com/complexcaresolutions/cms.c2sgmbh.git synced 2026-03-17 22:04:10 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
278 commits 17 branches 0 tags 17 MiB
Commit graph

278 commits

This branch
This branch
All branches
Author SHA1 Message Date
dependabot[bot]
4bb5b221c4
deps(deps): bump next from 16.2.0-canary.58 to 16.2.0-canary.59 
Bumps [next](https://github.com/vercel/next.js) from 16.2.0-canary.58 to 16.2.0-canary.59.
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](https://github.com/vercel/next.js/compare/v16.2.0-canary.58...v16.2.0-canary.59)

---
updated-dependencies:
- dependency-name: next
  dependency-version: 16.2.0-canary.59
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-24 03:11:33 +00:00
Martin Porwoll
bd174c8569 docs: update CLAUDE.md tech stack versions after dependency updates 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-23 10:36:26 +00:00
Martin Porwoll
06092335f3 deps: update remaining dependencies (react, dev-tools, bullmq) 
- react/react-dom 19.2.3 → 19.2.4
- @types/react 19.2.7 → 19.2.14
- @types/node 22.19.11 → 25.3.0
- @playwright/test + playwright 1.57.0 → 1.58.2
- vitest + @vitest/coverage-v8 4.0.15 → 4.0.18
- vite-tsconfig-paths 6.0.0 → 6.1.1
- bullmq 5.70.0 → 5.70.1
- jsdom 26.1.0 → 28.1.0

Resolves Dependabot PRs #19, #20, #28, #30, #31 (lockfile conflicts).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-23 09:15:25 +00:00
dependabot[bot]
e860ec3059
deps(dev)(deps-dev): bump eslint-config-next (#29) 
Bumps [eslint-config-next](https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next) from 16.2.0-canary.41 to 16.2.0-canary.58.
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](https://github.com/vercel/next.js/commits/v16.2.0-canary.58/packages/eslint-config-next)

---
updated-dependencies:
- dependency-name: eslint-config-next
  dependency-version: 16.2.0-canary.58
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-23 10:08:09 +01:00
dependabot[bot]
38040a76cb
deps(deps): bump nodemailer from 7.0.13 to 8.0.1 (#27) 
Bumps [nodemailer](https://github.com/nodemailer/nodemailer) from 7.0.13 to 8.0.1.
- [Release notes](https://github.com/nodemailer/nodemailer/releases)
- [Changelog](https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/nodemailer/nodemailer/compare/v7.0.13...v8.0.1)

---
updated-dependencies:
- dependency-name: nodemailer
  dependency-version: 8.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-23 10:08:04 +01:00
dependabot[bot]
b55769f52e
deps(deps): bump googleapis from 170.1.0 to 171.4.0 (#26) 
Bumps [googleapis](https://github.com/googleapis/google-api-nodejs-client) from 170.1.0 to 171.4.0.
- [Release notes](https://github.com/googleapis/google-api-nodejs-client/releases)
- [Changelog](https://github.com/googleapis/google-api-nodejs-client/blob/main/release-please-config.json)
- [Commits](https://github.com/googleapis/google-api-nodejs-client/compare/googleapis-v170.1.0...googleapis-v171.4.0)

---
updated-dependencies:
- dependency-name: googleapis
  dependency-version: 171.4.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-23 10:08:02 +01:00
dependabot[bot]
8ffbb66679
deps(dev)(deps-dev): bump @vitejs/plugin-react from 4.5.2 to 5.1.4 (#25) 
Bumps [@vitejs/plugin-react](https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react) from 4.5.2 to 5.1.4.
- [Release notes](https://github.com/vitejs/vite-plugin-react/releases)
- [Changelog](https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite-plugin-react/commits/plugin-react@5.1.4/packages/plugin-react)

---
updated-dependencies:
- dependency-name: "@vitejs/plugin-react"
  dependency-version: 5.1.4
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-23 10:07:58 +01:00
dependabot[bot]
cfbd445e1b
deps(deps): bump next from 16.2.0-canary.41 to 16.2.0-canary.58 (#24) 
Bumps [next](https://github.com/vercel/next.js) from 16.2.0-canary.41 to 16.2.0-canary.58.
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](https://github.com/vercel/next.js/compare/v16.2.0-canary.41...v16.2.0-canary.58)

---
updated-dependencies:
- dependency-name: next
  dependency-version: 16.2.0-canary.58
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-23 10:07:55 +01:00
dependabot[bot]
511ffbbc88
deps(deps): bump @anthropic-ai/sdk from 0.71.2 to 0.78.0 (#23) 
Bumps [@anthropic-ai/sdk](https://github.com/anthropics/anthropic-sdk-typescript) from 0.71.2 to 0.78.0.
- [Release notes](https://github.com/anthropics/anthropic-sdk-typescript/releases)
- [Changelog](https://github.com/anthropics/anthropic-sdk-typescript/blob/main/CHANGELOG.md)
- [Commits](https://github.com/anthropics/anthropic-sdk-typescript/compare/sdk-v0.71.2...sdk-v0.78.0)

---
updated-dependencies:
- dependency-name: "@anthropic-ai/sdk"
  dependency-version: 0.78.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-23 10:07:42 +01:00
dependabot[bot]
d26ff507c0
deps(deps): bump dotenv from 16.4.7 to 17.3.1 (#22) 
Bumps [dotenv](https://github.com/motdotla/dotenv) from 16.4.7 to 17.3.1.
- [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md)
- [Commits](https://github.com/motdotla/dotenv/compare/v16.4.7...v17.3.1)

---
updated-dependencies:
- dependency-name: dotenv
  dependency-version: 17.3.1
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-23 10:07:35 +01:00
dependabot[bot]
ea3d5b78d4
deps(deps): bump cross-env from 7.0.3 to 10.1.0 (#21) 
Bumps [cross-env](https://github.com/kentcdodds/cross-env) from 7.0.3 to 10.1.0.
- [Release notes](https://github.com/kentcdodds/cross-env/releases)
- [Changelog](https://github.com/kentcdodds/cross-env/blob/main/CHANGELOG.md)
- [Commits](https://github.com/kentcdodds/cross-env/compare/v7.0.3...v10.1.0)

---
updated-dependencies:
- dependency-name: cross-env
  dependency-version: 10.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-23 10:07:28 +01:00
dependabot[bot]
2e2dd8f3e6
deps(actions): bump actions/setup-node from 4 to 6 (#17) 
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4 to 6.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v4...v6)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-23 10:06:27 +01:00
dependabot[bot]
9e630a274b
deps(actions): bump actions/upload-artifact from 4 to 6 (#16) 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 6.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v4...v6)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-23 10:06:21 +01:00
dependabot[bot]
7f91fbfabd
deps(actions): bump actions/download-artifact from 4 to 7 (#15) 
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4 to 7.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v4...v7)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-23 10:06:14 +01:00
dependabot[bot]
a3bb49e11a
deps(actions): bump pnpm/action-setup from 3 to 4 (#14) 
Bumps [pnpm/action-setup](https://github.com/pnpm/action-setup) from 3 to 4.
- [Release notes](https://github.com/pnpm/action-setup/releases)
- [Commits](https://github.com/pnpm/action-setup/compare/v3...v4)

---
updated-dependencies:
- dependency-name: pnpm/action-setup
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-23 10:06:06 +01:00
dependabot[bot]
90fc83d287
deps(actions): bump lewagon/wait-on-check-action from 1.3.4 to 1.5.0 (#13) 
Bumps [lewagon/wait-on-check-action](https://github.com/lewagon/wait-on-check-action) from 1.3.4 to 1.5.0.
- [Release notes](https://github.com/lewagon/wait-on-check-action/releases)
- [Changelog](https://github.com/lewagon/wait-on-check-action/blob/master/CHANGELOG.md)
- [Commits](https://github.com/lewagon/wait-on-check-action/compare/v1.3.4...v1.5.0)

---
updated-dependencies:
- dependency-name: lewagon/wait-on-check-action
  dependency-version: 1.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-23 10:05:59 +01:00
dependabot[bot]
1c9263b244
deps(deps): bump the payload-core group with 11 updates (#18) 
Bumps the payload-core group with 11 updates:

| Package | From | To |
| --- | --- | --- |
| [@payloadcms/db-postgres](https://github.com/payloadcms/payload/tree/HEAD/packages/db-postgres) | `3.76.1` | `3.77.0` |
| [@payloadcms/next](https://github.com/payloadcms/payload/tree/HEAD/packages/next) | `3.76.1` | `3.77.0` |
| [@payloadcms/plugin-form-builder](https://github.com/payloadcms/payload/tree/HEAD/packages/plugin-form-builder) | `3.76.1` | `3.77.0` |
| [@payloadcms/plugin-multi-tenant](https://github.com/payloadcms/payload/tree/HEAD/packages/plugin-multi-tenant) | `3.76.1` | `3.77.0` |
| [@payloadcms/plugin-nested-docs](https://github.com/payloadcms/payload/tree/HEAD/packages/plugin-nested-docs) | `3.76.1` | `3.77.0` |
| [@payloadcms/plugin-redirects](https://github.com/payloadcms/payload/tree/HEAD/packages/plugin-redirects) | `3.76.1` | `3.77.0` |
| [@payloadcms/plugin-seo](https://github.com/payloadcms/payload/tree/HEAD/packages/plugin-seo) | `3.76.1` | `3.77.0` |
| [@payloadcms/richtext-lexical](https://github.com/payloadcms/payload/tree/HEAD/packages/richtext-lexical) | `3.76.1` | `3.77.0` |
| [@payloadcms/translations](https://github.com/payloadcms/payload/tree/HEAD/packages/translations) | `3.76.1` | `3.77.0` |
| [@payloadcms/ui](https://github.com/payloadcms/payload/tree/HEAD/packages/ui) | `3.76.1` | `3.77.0` |
| [payload](https://github.com/payloadcms/payload/tree/HEAD/packages/payload) | `3.76.1` | `3.77.0` |


Updates `@payloadcms/db-postgres` from 3.76.1 to 3.77.0
- [Release notes](https://github.com/payloadcms/payload/releases)
- [Commits](https://github.com/payloadcms/payload/commits/v3.77.0/packages/db-postgres)

Updates `@payloadcms/next` from 3.76.1 to 3.77.0
- [Release notes](https://github.com/payloadcms/payload/releases)
- [Commits](https://github.com/payloadcms/payload/commits/v3.77.0/packages/next)

Updates `@payloadcms/plugin-form-builder` from 3.76.1 to 3.77.0
- [Release notes](https://github.com/payloadcms/payload/releases)
- [Commits](https://github.com/payloadcms/payload/commits/v3.77.0/packages/plugin-form-builder)

Updates `@payloadcms/plugin-multi-tenant` from 3.76.1 to 3.77.0
- [Release notes](https://github.com/payloadcms/payload/releases)
- [Commits](https://github.com/payloadcms/payload/commits/v3.77.0/packages/plugin-multi-tenant)

Updates `@payloadcms/plugin-nested-docs` from 3.76.1 to 3.77.0
- [Release notes](https://github.com/payloadcms/payload/releases)
- [Commits](https://github.com/payloadcms/payload/commits/v3.77.0/packages/plugin-nested-docs)

Updates `@payloadcms/plugin-redirects` from 3.76.1 to 3.77.0
- [Release notes](https://github.com/payloadcms/payload/releases)
- [Commits](https://github.com/payloadcms/payload/commits/v3.77.0/packages/plugin-redirects)

Updates `@payloadcms/plugin-seo` from 3.76.1 to 3.77.0
- [Release notes](https://github.com/payloadcms/payload/releases)
- [Commits](https://github.com/payloadcms/payload/commits/v3.77.0/packages/plugin-seo)

Updates `@payloadcms/richtext-lexical` from 3.76.1 to 3.77.0
- [Release notes](https://github.com/payloadcms/payload/releases)
- [Commits](https://github.com/payloadcms/payload/commits/v3.77.0/packages/richtext-lexical)

Updates `@payloadcms/translations` from 3.76.1 to 3.77.0
- [Release notes](https://github.com/payloadcms/payload/releases)
- [Commits](https://github.com/payloadcms/payload/commits/v3.77.0/packages/translations)

Updates `@payloadcms/ui` from 3.76.1 to 3.77.0
- [Release notes](https://github.com/payloadcms/payload/releases)
- [Commits](https://github.com/payloadcms/payload/commits/v3.77.0/packages/ui)

Updates `payload` from 3.76.1 to 3.77.0
- [Release notes](https://github.com/payloadcms/payload/releases)
- [Commits](https://github.com/payloadcms/payload/commits/v3.77.0/packages/payload)

---
updated-dependencies:
- dependency-name: "@payloadcms/db-postgres"
  dependency-version: 3.77.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: payload-core
- dependency-name: "@payloadcms/next"
  dependency-version: 3.77.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: payload-core
- dependency-name: "@payloadcms/plugin-form-builder"
  dependency-version: 3.77.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: payload-core
- dependency-name: "@payloadcms/plugin-multi-tenant"
  dependency-version: 3.77.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: payload-core
- dependency-name: "@payloadcms/plugin-nested-docs"
  dependency-version: 3.77.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: payload-core
- dependency-name: "@payloadcms/plugin-redirects"
  dependency-version: 3.77.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: payload-core
- dependency-name: "@payloadcms/plugin-seo"
  dependency-version: 3.77.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: payload-core
- dependency-name: "@payloadcms/richtext-lexical"
  dependency-version: 3.77.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: payload-core
- dependency-name: "@payloadcms/translations"
  dependency-version: 3.77.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: payload-core
- dependency-name: "@payloadcms/ui"
  dependency-version: 3.77.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: payload-core
- dependency-name: payload
  dependency-version: 3.77.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: payload-core
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-23 10:04:42 +01:00
Martin Porwoll
b62ca46133 chore: add zweitmeinung migration docs and GitHub protection script 
- docs/zweitmeinung/: Migration guide (Strapi → Payload), content
  inventory, website guide, and reference screenshots
- scripts/setup-github-protection.sh: Branch protection + Dependabot
  auto-merge setup for cms.c2sgmbh repo

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-23 07:16:15 +00:00
Martin Porwoll
1932ad26ef deps: target develop branch for 
Dependabot PRs

  Aligns with git-flow: updates go through develop before main.

  Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-22 16:53:50 +00:00
Martin Porwoll
c85cf22496 deps: add Dependabot config for automated dependency updates 
- Daily npm dependency checks at 04:00 Europe/Berlin
  - Grouped updates: payload-core, react-nextjs, fullcalendar, dev-deps
  - Weekly GitHub Actions updates
  - Auto-merge workflow for patch updates after CI passes
  - Minor dev-dependency updates also auto-merged
  - Critical after CVE-2025-55182 incident on 2025-12-09
 2026-02-22 16:43:42 +00:00
Martin Porwoll
a8a0bf3cb1 chore(deps): update dependencies and fix security vulnerabilities 
Updated: ioredis 5.9.3, nodemailer 7.0.13, recharts 3.7.0,
drizzle-kit 0.31.9, eslint 9.39.3, prettier 3.8.1,
@types/node 22.19.11, @types/nodemailer 7.0.11

Security overrides (pnpm.overrides):
- minimatch >=10.2.1 (CVE-2026-26996 ReDoS)
- esbuild >=0.25.0 (GHSA-67mh-4wv8-2f99)
- ajv >=8.18.0 (GHSA-2g4f-4pwh-qvx6 ReDoS)
- ioredis 5.9.3 (fix BullMQ type mismatch)

Added Codex CLI remote orchestration docs to CLAUDE.md

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-22 14:53:22 +00:00
Martin Porwoll
d234682539 feat(seed): populate service features, icons, and detailSections for zweitmeinung 
Add structured data (icon, features[], detailSections[]) to all 6 services
so the frontend can render benefits grids and checklists from CMS data.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-21 01:34:13 +00:00
Martin Porwoll
03c0e5e5d8 feat(seed): add CMS pages to zweitmeinung seed script 
Adds 9 pages with Payload blocks for tenant 12 (zweitmeinu.ng):
home, fachbereiche, faq, so-funktionierts, motivation, ueber-uns,
kontakt, impressum, datenschutz.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-21 00:59:53 +00:00
Martin Porwoll
ab4ee4bb70 fix(access): allow tenant resolution from query parameter in tenantScopedPublicRead 
Previously, tenantScopedPublicRead only resolved the tenant from the Host
header, which fails when frontend API clients call cms.c2sgmbh.de (the CMS
hostname doesn't match any tenant domain). Now falls back to extracting the
tenant ID from the where[tenant][equals] query parameter. The returned access
filter still enforces tenant isolation.

Also adds seed script for zweitmeinung (tenant 12) with all content:
site settings, 2 service categories, 6 services, 24 FAQs, navigation,
4 social links, and contact form.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-21 00:44:42 +00:00
Martin Porwoll
101ee0abed docs: update documentation for contact form multi-tenant refactoring 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-17 21:06:27 +00:00
Martin Porwoll
290c2af40f fix(cors): add sv-frontend IP to CORS and CSRF whitelist 
Add http://10.10.181.104:3000 (sv-frontend staging) to allow cross-origin
form submissions from the staging frontend to the CMS API.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-17 17:23:35 +00:00
Martin Porwoll
d90657c2cf fix: form submission hooks — tenant propagation + email notification 
- FormSubmissionsOverrides: fields must be a function (not array) for
  the form-builder plugin to merge them with defaultFields
- setSubmissionTenant: add overrideAccess for unauthenticated submissions
- sendFormNotification: handle populated form object (extract ID),
  add overrideAccess for tenant SMTP lookup

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-17 16:58:40 +00:00
Martin Porwoll
5e223cd7fb feat: multi-tenant contact form refactoring 
- Add forms + form-submissions to multiTenantPlugin with tenant scoping
- Inject tenant field into forms via formOverrides
- Reorder plugins: formBuilderPlugin before multiTenantPlugin (fixes warning)
- Refactor ContactFormBlock: form relationship replaces hardcoded recipientEmail
- Add setSubmissionTenant hook to auto-copy tenant from form to submission
- Add tenant field (read-only) to FormSubmissionsOverrides
- Migration: tenant_id on forms/form_submissions, form_id on contact block

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-17 16:22:58 +00:00
Martin Porwoll
130ab46ffb fix(ci): update production deploy workflow for new heap limit and CRON_SECRET 
- Remove redundant NODE_OPTIONS override (heap limit now in package.json)
- Add CRON_SECRET placeholder for pre-test build step

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-17 12:54:08 +00:00
Martin Porwoll
a21f916300 fix(ci): add CRON_SECRET placeholder for production build 
Next.js builds run in NODE_ENV=production which triggers env
validation requiring CRON_SECRET (added by security hardening).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-17 12:09:20 +00:00
Martin Porwoll
4e3710655e fix(ci): increase build heap limit from 2GB to 4GB 
The codebase grew past the 2GB heap limit with security/monitoring
additions. cross-env in build script overrides CI NODE_OPTIONS, so
the limit must be set in package.json itself.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-17 12:03:48 +00:00
Martin Porwoll
037835d1de fix(ci): increase build heap size and format monitoring files 
Build was OOM-ing in CI with default Node heap limit. Added
NODE_OPTIONS with 4GB heap. Also ran Prettier on monitoring files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-17 11:58:08 +00:00
Martin Porwoll
884d33c0ae fix: remove .js extensions from monitoring module imports 
Next.js webpack build cannot resolve .js extensions for .ts files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-17 11:51:25 +00:00
Martin Porwoll
bb02128b28 fix: stabilize guard responses and validation typing 2026-02-17 11:47:55 +00:00
Martin Porwoll
e3987e50dc feat: security hardening, monitoring improvements, and API guards 
- Hardened cron endpoints with coordination and auth improvements
- Added API guards and input validation layer
- Security observability and secrets health checks
- Monitoring types and service improvements
- PDF URL validation and newsletter unsubscribe security
- Unit tests for security-critical paths

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-17 11:42:56 +00:00
Martin Porwoll
4d1456fe98 feat: add production deploy health check script 
Monitors porwoll.de and blogwoman.de for stale builds caused by
Plesk Git's silent deploy failures (code pulled but build never ran).

- Compares source file timestamps vs .next/BUILD_ID mtime
- HTTP health checks via public URLs
- --alert flag for CMS monitoring API integration
- Runs as cron job every 30 minutes on sv-payload

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-17 11:42:45 +00:00
Martin Porwoll
063dae411c security: harden payload endpoints and access controls 2026-02-17 10:41:51 +00:00
Martin Porwoll
01a0a43f39 docs: add tenant SMTP admin-save troubleshooting notes 2026-02-17 09:48:39 +00:00
Martin Porwoll
80f7fd2e75 docs: update project status and add typecheck stabilization report 2026-02-17 09:30:19 +00:00
Martin Porwoll
5f45cc820d fix: unblock tenant SMTP saves in admin 2026-02-17 08:58:21 +00:00
Martin Porwoll
4386ac5d8d fix: resolve global typecheck errors 2026-02-17 08:57:32 +00:00
Martin Porwoll
6b4dae8eeb fix: handle non-JSON responses in test email and prevent cascading failures 
- Add content-type check in TestEmailButton before parsing response as JSON
- Wrap updateEmailLog in error handler with try-catch to prevent double failures

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-16 16:32:32 +00:00
Martin Porwoll
0c222b9aa9 fix(tenants): make SMTP password field visible in admin panel 
neverReadable blocked the field everywhere including the admin UI.
Changed to allow read for authenticated users only, so the field
shows in admin but stays hidden in unauthenticated API responses.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-16 16:19:09 +00:00
Martin Porwoll
9bb041bd7c fix(blocks): add database migration for CardGridBlock icon fields 
Adds missing columns (media_type, icon, icon_position) to
pages_blocks_card_grid_block_cards table. Without this migration,
pages API returns 500 on production.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-16 14:30:04 +00:00
Martin Porwoll
85c76a1eb4 feat(blocks): add icon support to CardGridBlock 
Cards can now display a Lucide icon as alternative to an image,
with configurable position (top/left). Fields show conditionally
based on mediaType selection.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-16 14:07:51 +00:00
Martin Porwoll
8abf3a346e refactor(pages): remove fixed hero group from Pages collection 
Hero content is now handled via HeroBlock/HeroSliderBlock in the
flexible layout blocks system, giving editors full control.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-16 11:17:11 +00:00
Martin Porwoll
9f7a9ad558 docs: update infrastructure, project status, and frontend docs 
Add Multi-Server Orchestration (Phase 1-8) to all docs:
- INFRASTRUCTURE.md: Hetzner 1/2 production servers, SSH infrastructure,
  payload-contracts, deployment workflows, port-forwarding
- PROJECT_STATUS.md: Orchestration changelog, production URLs, SSH commands
- FRONTEND.md: payload-contracts usage, CI/CD pipelines, staging/production
  deploy, work order system, ESLint config, updated tenant IDs

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-15 22:49:38 +00:00
Martin Porwoll
0e978e77f4 feat: add frontend staging deploy script 
Deploys frontend sites on sv-frontend via SSH.
Supports: blogwoman, porwoll, or all sites at once.

Usage: ./scripts/deploy-frontend.sh <blogwoman|porwoll|all>

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-15 18:26:34 +00:00
Martin Porwoll
153e4a2d5f fix(monitoring): regenerate importMap with monitoring components 
The importMap was missing MonitoringNavLinks and MonitoringDashboardView
entries, causing the /admin/monitoring page to render blank.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-15 01:24:51 +00:00
Martin Porwoll
086dd269fa fix(monitoring): address code review findings 
- SSE stream: detect client disconnect via request.signal to stop
  polling loop (prevents wasted DB queries after tab close)
- AlertEvaluator: split shouldFire/recordFired so cooldown is only
  recorded after successful dispatch (prevents alert suppression
  on dispatch failure)
- SnapshotCollector: cache payload instance (avoid re-importing on
  every 60s tick)
- Alert acknowledge: validate alertId type (string|number)
- Logs search: add 300ms debounce to prevent query-per-keystroke
- Replace remaining `any` cast with Record<string, unknown>

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-15 01:02:50 +00:00