- Document develop → staging, main → production workflow
- Add branch descriptions and commit conventions
- Include workflow steps with commands
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add documentation for YouTube/Meta integration:
- YouTube Channels, Content, Series, Notifications APIs
- Social Platforms, Accounts, Community Interactions APIs
- Code examples for frontend integration
- Field documentation with curl examples
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Delete redundant TODO.md (consolidated into PROJECT_STATUS.md)
- Simplify STAGING-DEPLOYMENT.md to quick reference format
- Update PROJECT_STATUS.md with January 2026 status:
- Add Community Management System section
- Document Payload 3.72.0 login bug (#15243)
- Update roadmap and changelog
- Update framework-monitoring.md with current versions and bug warning
- Add YouTube/Meta collections to CLAUDE.md:
- YouTubeChannels, YouTubeContent, YtSeries, YtNotifications
- MetaAccounts
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Abschlussbericht für Konzept-KI erstellt
- vercel.json mit 15-Minuten Cron-Schedule hinzugefügt
- CRON_SECRET in .env konfiguriert (nicht committed)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Implementiert automatische YouTube-Kommentar-Synchronisation und
KI-gestützte Antwortvorschläge für das Community Management.
Neue Features:
- Cron-Endpoint für externen Scheduler (/api/cron/youtube-sync)
- ClaudeReplyService für AI-generierte Antworten (3 Tonalitäten)
- Sync Status API mit Live-Polling
- AI Reply Suggestions UI mit Varianten-Auswahl
- Job Logger für strukturiertes Logging von Background Jobs
Änderungen:
- ClaudeAnalysisService: Model-Update auf claude-3-5-haiku-20241022
- CommunityInbox: Sync Status Badge, AI Reply Suggestions Integration
- SCSS: Styles für Sync-Indicator und Suggestion Cards
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Complete implementation verification for concept AI:
- All 6 API endpoints implemented
- All 6 React components implemented
- SCSS styling with BEM convention
- Responsive design (3 breakpoints)
- Sidebar navigation integration
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fix Server Components render error by using 'use client' directive
- Remove DefaultTemplate which requires server-side props
- Add Community Analytics Dashboard view with charts
- Add Analytics API endpoints (overview, sentiment, response metrics, etc.)
- Add implementation report for design AI
The custom views now work correctly within Payload's RootLayout context.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Complete YouTube content management system:
- YouTubeChannels: Channel management with branding and metrics
- YouTubeContent: Video pipeline with workflow, approvals, scheduling
- YtSeries: Dedicated series management per channel (NEW)
- YtBatches: Production batch tracking with targets and progress
- YtTasks: Task management with notifications
- YtNotifications: User notification system
- YtMonthlyGoals: Monthly production goals per channel
- YtScriptTemplates: Reusable script templates
- YtChecklistTemplates: Checklist templates for workflows
Features:
- Role-based access (YouTubeManager, YouTubeCreator, YouTubeViewer)
- Auto-task generation on status changes
- Series relationship with channel-based filtering
- API endpoints for dashboard, tasks, and task completion
- German/English localization support
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add new collections and blocks for BlogWoman affiliate and video content:
Collections:
- Favorites: Affiliate products with categories, badges, and price ranges
- Series: YouTube series with custom branding (logo, colors)
Blocks:
- FavoritesBlock: Grid/list/carousel display for affiliate products
- SeriesBlock: Series overview with filtering
- SeriesDetailBlock: Single series page with hero
- VideoEmbedBlock: YouTube/Vimeo embed with privacy mode
- FeaturedContentBlock: Curated mixed-content collections
Also includes documentation updates for deployment and API guides.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add drizzle.production.config.ts for schema synchronization
- Add scripts/sync-schema.sh for manual schema sync
- Update deploy-production.sh to run drizzle-kit push after migrations
- Document schema sync workflow in DEPLOYMENT_STRATEGY.md
- Update CLAUDE.md with schema sync commands
This prevents schema drift between DEV and PROD by automatically
syncing the database schema (especially payload_locked_documents_rels)
during deployment.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Remove CodeQL Analysis (requires paid GHAS for private repos)
- Replace with ESLint + pnpm audit for security scanning
- CI: Run full tests only on PRs, not on every push to develop
- CI: Skip CI for markdown-only changes
- Security: Run only on PRs to main and weekly schedule
- Add deploy-production.yml workflow with rollback support
- Add deploy-production.sh script for manual deployments
- Document GitHub Actions cost optimization in DEPLOYMENT_STRATEGY.md
Estimated savings: ~68% of GitHub Actions minutes
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- CLAUDE.md: Update Payload version 3.68.4 → 3.69.0, update date
- PROJECT_STATUS.md: Add changelog entry for 27.12.2025, update version
- INFRASTRUCTURE.md: Update Payload version
- TODO.md: Add detailed changelog entry for bug fixes and updates
- BUG_REPORT_CUSTOM_VIEWS.md: Update versions, add note that bug persists
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add Production API endpoints for frontend SEO data fetching
- Update all URLs from pl.c2sgmbh.de to cms.c2sgmbh.de
- Add Next.js Metadata API integration examples
- Add verification meta tags example
- Add Multi-Tenant SEO section with tenant domains
- Add localization examples (de/en)
- Add Production vs Development URL tables
- Add SEO setup checklist per tenant
- Update robots.txt example with production URL
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Update Umami URLs from internal IPs to production (analytics.c2sgmbh.de)
- Add Development vs Production URL comparison table
- Update UmamiScript component to use production URL as default
- Add Payload CMS API URLs to frontend .env.local example
- Update server-side tracking to use production Umami
- Add global type declarations for gtag and CookieConsent
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Create docs/DEPLOYMENT.md with full deployment documentation
- Document staging (pl.porwoll.tech) and production (cms.c2sgmbh.de) workflows
- Add rollback procedures and migration handling
- Include PM2 configuration and health checks
- Add troubleshooting section and deployment checklists
- Update TODO.md to mark task as completed
- Add DEPLOYMENT.md to CLAUDE.md documentation references
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Change all API URLs from pl.c2sgmbh.de (dev) to cms.c2sgmbh.de (prod)
- Add environment configuration section with production endpoints
- Add explanation why production data is used for development
- Add SEO integration section with production data examples
- Update Cookie-Consent section for production API
- Add Videos, Timelines, Workflows to API endpoints
- Add CORS configuration note
- Update tenant-specific features for current state
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- CSRF: Require CSRF_SECRET in production, throw error on missing secret
- IP Allowlist: TRUST_PROXY must be explicitly set to 'true' for proxy headers
- Rate Limiter: Add proper proxy trust handling for client IP detection
- Login: Add browser form redirect support with safe URL validation
- Add custom admin login page with styled form
- Update CLAUDE.md with TRUST_PROXY documentation
- Update tests for new security behavior
BREAKING: Server will not start in production without CSRF_SECRET or PAYLOAD_SECRET
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add automatic cleanup for email-logs (90 days default)
- Add automatic cleanup for audit-logs (90 days default)
- Add consent-logs archival based on expiresAt (3 years GDPR)
- Add media orphan cleanup for unreferenced files (30 days min age)
- Add BullMQ-based retention worker with daily scheduler
- Add /api/retention endpoint for manual triggers (super-admin only)
- Update queue worker to include retention worker
- Add comprehensive documentation to CLAUDE.md and TODO.md
New files:
- src/lib/retention/retention-config.ts
- src/lib/retention/cleanup-service.ts
- src/lib/retention/index.ts
- src/lib/queue/jobs/retention-job.ts
- src/lib/queue/workers/retention-worker.ts
- src/app/(payload)/api/retention/route.ts
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Remove unused variables and imports across API routes and workers
- Fix TypeScript errors in ConsentLogs.ts (PayloadRequest header access)
- Fix TypeScript errors in formSubmissionHooks.ts (add ResponseTracking interface)
- Update eslint ignores for coverage, test results, and generated files
- Set push: false in payload.config.ts (schema changes only via migrations)
- Update dependencies to latest versions (Payload 3.68.4, React 19.2.3)
- Add framework update check script and documentation
- Regenerate payload-types.ts
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add GitHub Actions workflow for automatic staging deployment on develop branch
- Add manual deploy script with --skip-build and --skip-migrations options
- Update CLAUDE.md with deployment documentation
- Mark staging-deployment TODO as complete
Deployment target: pl.c2sgmbh.de (37.24.237.181)
Triggers: push to develop, manual workflow_dispatch
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add Products collection with comprehensive fields (pricing, inventory, SEO, CTA)
- Add ProductCategories collection with hierarchical structure
- Implement CI/CD pipeline with GitHub Actions (lint, typecheck, test, build, e2e)
- Add access control test utilities and unit tests
- Fix Posts API to include category field for backwards compatibility
- Update ESLint config with ignores for migrations and admin components
- Add centralized access control functions in src/lib/access
- Add db-direct.sh utility script for database access
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add FRONTEND.md with comprehensive frontend development guide
- Update TODO.md with summary of open payload-server tasks
- Mark frontend tasks as moved to FRONTEND.md with [→] symbol
- Include API endpoints, tenant filtering, and localization info
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add backup-db.sh for daily automated backups via cron
- Add restore-db.sh for interactive database restoration
- Add setup-backup.sh for easy setup on new servers
- Support local and S3 (Hetzner Object Storage) backup locations
- 30-day retention with automatic cleanup
- Credentials stored securely in ~/.pgpass and ~/.s3cfg
- Comprehensive documentation with disaster recovery checklist
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add email templates for confirmation, welcome, and unsubscribe
- Create newsletter-service.ts with token validation and 48h expiry
- Add API endpoints: /api/newsletter/subscribe, /confirm, /unsubscribe
- Add afterChange hook for automatic email sending on subscription
- Rate-limiting: 5 subscriptions per 10 minutes per IP
- GDPR-compliant with re-subscription support after unsubscribe
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Install payload-oapi plugin for automatic API documentation
- Configure OpenAPI 3.1 specification at /api/openapi.json
- Add Swagger UI interface at /api/docs
- Update documentation with new API endpoints
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add BullMQ-based job queue with Redis backend
- Implement email worker with tenant-specific SMTP support
- Add PDF worker with Playwright for HTML/URL-to-PDF generation
- Create /api/generate-pdf endpoint with job status polling
- Fix TypeScript errors in Tenants, TenantBreadcrumb, TenantDashboard
- Fix type casts in auditAuthEvents and audit-service
- Remove credentials from ecosystem.config.cjs (now loaded via dotenv)
- Fix ESM __dirname issue with fileURLToPath for PM2 compatibility
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Remove obsolete instruction documents (PROMPT_*.md, SECURITY_FIXES.md)
- Update CLAUDE.md with security features, test suite, audit logs
- Merge Techstack_Dokumentation into INFRASTRUCTURE.md
- Update SECURITY.md with custom login route documentation
- Add changelog to TODO.md
- Update email service and data masking for SMTP error handling
- Extend test coverage for CSRF and data masking
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Created docs/anleitungen/SECURITY.md with comprehensive
security documentation covering:
- Rate Limiter configuration and usage
- IP Allowlist/Blocklist with CIDR and wildcard support
- CSRF Protection (Double Submit Cookie pattern)
- Data Masking for sensitive fields in logs
- Pre-commit hook for secret detection
- CI/CD security workflow
- Test suite overview (143 tests)
- Production checklist and monitoring recommendations
- Updated TODO.md:
- Marked AuditLogs as completed
- Marked CI/CD Pipeline as completed
- Added SECURITY.md to documentation section
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Security Features:
- Central rate-limiter service with Redis support and memory fallback
- Predefined limiters: publicApi, auth, email, search, form, strict
- Automatic cleanup of stale entries
- IP allowlist/blocklist for sensitive endpoints
- CIDR and wildcard support
- Configurable via SEND_EMAIL_ALLOWED_IPS, BLOCKED_IPS env vars
- CSRF protection with Double Submit Cookie pattern
- Token endpoint: GET /api/csrf-token
- Origin header validation
- Data masking service for sensitive data
- Automatic redaction of passwords, tokens, API keys
- Safe logger factory for consistent logging
- Recursive object masking for audit logs
Secret Scanning:
- Pre-commit hook for local secret detection
- GitHub Actions workflow with Gitleaks and CodeQL
- Gitleaks configuration file
- Dependency vulnerability scanning
Updated:
- /api/send-email now uses central rate-limiter and IP allowlist
- Redis lib exports getRedisClient and isRedisAvailable
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add E-Mail system documentation (tenant-specific SMTP, API endpoint)
- Add Redis caching section
- Add complete Collections and Globals overview
- Update project structure with new directories
- Mark Portfolio collections and Email system as completed
- Update environment variables documentation
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add Payload email adapter for system emails (auth, password reset)
- Add EmailLogs collection for tracking all sent emails
- Extend Tenants collection with SMTP configuration fields
- Implement tenant-specific email service with transporter caching
- Add /api/send-email endpoint with:
- Authentication required
- Tenant access control (users can only send for their tenants)
- Rate limiting (10 emails/minute per user)
- Add form submission notification hook with email logging
- Add cache invalidation hook for tenant email config changes
Security:
- SMTP passwords are never returned in API responses
- Passwords are preserved when field is left empty on update
- Only super admins can delete email logs
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add Git & GitHub repository setup as completed
- Mark GitHub CLI installation and configuration as done
- Add isSuperAdmin field to Users Collection
- Update Backup System status (manual backups working)
- Add Techstack documentation to completed docs
- Update last modification date to 05.12.2025
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add isSuperAdmin field to Users collection with migration
- Update API documentation with analytics examples
- Add analytics implementation guide
- Update TODO with completed tasks
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
