- FormSubmissionsOverrides: fields must be a function (not array) for
the form-builder plugin to merge them with defaultFields
- setSubmissionTenant: add overrideAccess for unauthenticated submissions
- sendFormNotification: handle populated form object (extract ID),
add overrideAccess for tenant SMTP lookup
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add forms + form-submissions to multiTenantPlugin with tenant scoping
- Inject tenant field into forms via formOverrides
- Reorder plugins: formBuilderPlugin before multiTenantPlugin (fixes warning)
- Refactor ContactFormBlock: form relationship replaces hardcoded recipientEmail
- Add setSubmissionTenant hook to auto-copy tenant from form to submission
- Add tenant field (read-only) to FormSubmissionsOverrides
- Migration: tenant_id on forms/form_submissions, form_id on contact block
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Automatically transitions YouTube content status when conditions are met
(e.g., upload_scheduled -> published when videoId is present) and sends
notifications to assigned users.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds channelThumbnailUrl field to store YouTube API URL.
afterChange hook downloads image to Payload Media when branding.logo is empty.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Extend admin component overrides to cover all Payload admin views
(no-html-link-for-pages, no-img-element off for admin panel)
- Rename useGeneratedReply to applyGeneratedReply (not a hook)
- Fix useRealtimeUpdates: resolve circular dependency with connectRef,
wrap ref assignments in useEffect for React 19 compiler compliance
- Fix MetaBaseClient: let -> const for single-assignment variable
ESLint now passes with 0 errors (68 warnings only).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Upgrade all 11 @payloadcms/* packages to 3.76.1, gaining fixes from
PRs #15404 (user.collection property for multi-tenant access control)
and #15499 (tenant selector uses beforeNav slot).
Fix afterLogin audit hook deadlock: payload.create() inside the hook
caused a transaction deadlock with PgBouncer in transaction mode under
Payload 3.76.1's stricter transaction handling. Changed to fire-and-forget
pattern to prevent login hangs.
Note: Next.js 15.5.9 peer dependency warning exists but build/runtime
work correctly. Consider upgrading Next.js to 16.x or downgrading to
15.4.11 in a follow-up.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add 5 new collections: SocialPlatforms, SocialAccounts,
CommunityInteractions, CommunityTemplates, CommunityRules
- Add communityRole field to Users collection
- Add YouTube API client for comment sync
- Add Claude AI service for sentiment analysis
- Add API endpoints: /api/community/sync-comments, /api/community/reply
- Add communityAccess.ts for role-based access control
- Add migrations for all new tables and community_role enum fix
Fix: Make audit hooks non-blocking to prevent user save timeout
Dependencies: @anthropic-ai/sdk, googleapis
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Complete YouTube content management system:
- YouTubeChannels: Channel management with branding and metrics
- YouTubeContent: Video pipeline with workflow, approvals, scheduling
- YtSeries: Dedicated series management per channel (NEW)
- YtBatches: Production batch tracking with targets and progress
- YtTasks: Task management with notifications
- YtNotifications: User notification system
- YtMonthlyGoals: Monthly production goals per channel
- YtScriptTemplates: Reusable script templates
- YtChecklistTemplates: Checklist templates for workflows
Features:
- Role-based access (YouTubeManager, YouTubeCreator, YouTubeViewer)
- Auto-task generation on status changes
- Series relationship with channel-based filtering
- API endpoints for dashboard, tasks, and task completion
- German/English localization support
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fix slug-validation.ts: Use proper Where type from Payload
- Fix processFeaturedVideo.ts: Remove TypeWithID constraint, use type casting
- Fix retention-worker.ts: Remove unused import cleanupExpiredConsentLogs
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Video Feature Implementation:
- Add Videos and VideoCategories collections with multi-tenant support
- Extend VideoBlock with library/upload/embed sources and playback options
- Add featuredVideo group to Posts collection with processed embed URLs
Hooks & Validation:
- Add processFeaturedVideo hook for URL parsing and privacy mode embedding
- Add createSlugValidationHook for tenant-scoped slug uniqueness
- Add video-utils library (parseVideoUrl, generateEmbedUrl, formatDuration)
Testing:
- Add 84 unit tests for video-utils (URL parsing, duration, embed generation)
- Add 14 integration tests for Videos collection CRUD and slug validation
Database:
- Migration for videos, video_categories tables with locales
- Migration for Posts featuredVideo processed fields
- Update payload internal tables for new collections
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Remove unused variables and imports across API routes and workers
- Fix TypeScript errors in ConsentLogs.ts (PayloadRequest header access)
- Fix TypeScript errors in formSubmissionHooks.ts (add ResponseTracking interface)
- Update eslint ignores for coverage, test results, and generated files
- Set push: false in payload.config.ts (schema changes only via migrations)
- Update dependencies to latest versions (Payload 3.68.4, React 19.2.3)
- Add framework update check script and documentation
- Regenerate payload-types.ts
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fix rate limiter: await formLimiter.check() (was missing await)
- Prevent duplicate confirmation emails: add context.skipNewsletterEmail flag
- Service sets flag when creating/updating subscribers via API
- Hook skips email sending when flag is present
- Admin panel creations still trigger the hook
- Fix unsubscribe links: use subscriber ID instead of token for welcome/unsubscribe emails
- Token is nullified after confirmation, making old links invalid
- ID-based lookups always work
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add email templates for confirmation, welcome, and unsubscribe
- Create newsletter-service.ts with token validation and 48h expiry
- Add API endpoints: /api/newsletter/subscribe, /confirm, /unsubscribe
- Add afterChange hook for automatic email sending on subscription
- Rate-limiting: 5 subscriptions per 10 minutes per IP
- GDPR-compliant with re-subscription support after unsubscribe
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add BullMQ-based job queue with Redis backend
- Implement email worker with tenant-specific SMTP support
- Add PDF worker with Playwright for HTML/URL-to-PDF generation
- Create /api/generate-pdf endpoint with job status polling
- Fix TypeScript errors in Tenants, TenantBreadcrumb, TenantDashboard
- Fix type casts in auditAuthEvents and audit-service
- Remove credentials from ecosystem.config.cjs (now loaded via dotenv)
- Fix ESM __dirname issue with fileURLToPath for PM2 compatibility
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add getHeaderValue() helper that works with multiple header formats:
- Express req.get() method
- Fetch API headers.get() method
- Direct IncomingHttpHeaders object access
- Add isRequest() type guard to distinguish PayloadRequest from ClientInfo
- Use extractClientInfo() helper for consistent request/ClientInfo handling
- Apply same fix in auditAuthEvents.ts for hook context
This fixes the issue where PayloadRequest objects were incorrectly
detected as ClientInfo because IncomingHttpHeaders doesn't have .get()
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Extend logLoginFailed to accept ClientInfo directly (not just PayloadRequest)
- Add logPasswordReset function for password reset audit logging
- Remove duplicate manual payload.create calls in login routes
- Implement real fallback in auditAfterForgotPassword with structured JSON log
- Login routes now create single audit entry with full IP/User-Agent context
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add Payload email adapter for system emails (auth, password reset)
- Add EmailLogs collection for tracking all sent emails
- Extend Tenants collection with SMTP configuration fields
- Implement tenant-specific email service with transporter caching
- Add /api/send-email endpoint with:
- Authentication required
- Tenant access control (users can only send for their tenants)
- Rate limiting (10 emails/minute per user)
- Add form submission notification hook with email logging
- Add cache invalidation hook for tenant email config changes
Security:
- SMTP passwords are never returned in API responses
- Passwords are preserved when field is left empty on update
- Only super admins can delete email logs
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
