breakpilot-core

Benjamin_Boenisch/breakpilot-core

Fork 0

Commit Graph

Author	SHA1	Message	Date
Sharang Parnerkar	c7ab569b2b	feat(pitch-deck): admin UI for investor + financial-model management (#3 ) All checks were successful CI / test-go-consent (push) Successful in 42s Details CI / test-python-voice (push) Successful in 30s Details CI / test-bqas (push) Successful in 30s Details CI / go-lint (push) Has been skipped Details CI / python-lint (push) Has been skipped Details CI / nodejs-lint (push) Has been skipped Details CI / Deploy (push) Successful in 2s Details Adds /pitch-admin dashboard with real bcrypt admin accounts and full audit attribution for every state-changing action. - pitch_admins + pitch_admin_sessions tables (migration 002) - pitch_audit_logs.admin_id + target_investor_id columns - lib/admin-auth.ts: bcryptjs, single-session, jose JWT with audience claim - middleware.ts: two-cookie gating with bearer-secret CLI fallback - 14 new API routes (admin-auth, dashboard, investor detail/edit/resend, admins CRUD, fm scenarios + assumptions PATCH) - 9 admin pages: login, dashboard, investors list/new/[id], audit, financial-model list/[id], admins - Bootstrap CLI: npm run admin:create - 36 vitest tests covering auth, admin-auth, rate-limit primitives Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-07 10:36:16 +00:00
Sharang Parnerkar	645973141c	feat(pitch-deck): passwordless investor auth, audit logs, snapshots & PWA (#2 ) All checks were successful CI / test-go-consent (push) Successful in 27s Details CI / test-python-voice (push) Successful in 25s Details CI / test-bqas (push) Successful in 27s Details CI / Deploy (push) Successful in 6s Details CI / go-lint (push) Has been skipped Details CI / python-lint (push) Has been skipped Details CI / nodejs-lint (push) Has been skipped Details Adds investor-facing access controls, persistence, and PWA support to the pitch deck: - Passwordless magic-link auth (jose JWT + nodemailer SMTP) - Per-investor audit logging (logins, slide views, assumption changes, chat) - Financial model snapshot persistence (auto-save/restore per investor) - PWA support (manifest, service worker, offline caching, branded icons) - Safeguards: email watermark overlay, security headers, content protection, rate limiting, IP/new-IP detection, single active session per investor - Admin API: invite, list investors, revoke, query audit logs - pitch-deck service added to docker-compose.coolify.yml Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-07 08:48:38 +00:00

Author

SHA1

Message

Date

Sharang Parnerkar

c7ab569b2b

feat(pitch-deck): admin UI for investor + financial-model management (#3 )

CI / test-go-consent (push) Successful in 42s

Details

CI / test-python-voice (push) Successful in 30s

Details

CI / test-bqas (push) Successful in 30s

Details

CI / go-lint (push) Has been skipped

Details

CI / python-lint (push) Has been skipped

Details

CI / nodejs-lint (push) Has been skipped

Details

CI / Deploy (push) Successful in 2s

Details

Adds /pitch-admin dashboard with real bcrypt admin accounts and full
audit attribution for every state-changing action.

- pitch_admins + pitch_admin_sessions tables (migration 002)
- pitch_audit_logs.admin_id + target_investor_id columns
- lib/admin-auth.ts: bcryptjs, single-session, jose JWT with audience claim
- middleware.ts: two-cookie gating with bearer-secret CLI fallback
- 14 new API routes (admin-auth, dashboard, investor detail/edit/resend,
  admins CRUD, fm scenarios + assumptions PATCH)
- 9 admin pages: login, dashboard, investors list/new/[id], audit,
  financial-model list/[id], admins
- Bootstrap CLI: npm run admin:create
- 36 vitest tests covering auth, admin-auth, rate-limit primitives

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-07 10:36:16 +00:00

Sharang Parnerkar

645973141c

feat(pitch-deck): passwordless investor auth, audit logs, snapshots & PWA (#2 )

CI / test-go-consent (push) Successful in 27s

Details

CI / test-python-voice (push) Successful in 25s

Details

CI / test-bqas (push) Successful in 27s

Details

CI / Deploy (push) Successful in 6s

Details

CI / go-lint (push) Has been skipped

Details

CI / python-lint (push) Has been skipped

Details

CI / nodejs-lint (push) Has been skipped

Details

Adds investor-facing access controls, persistence, and PWA support to the pitch deck:

- Passwordless magic-link auth (jose JWT + nodemailer SMTP)
- Per-investor audit logging (logins, slide views, assumption changes, chat)
- Financial model snapshot persistence (auto-save/restore per investor)
- PWA support (manifest, service worker, offline caching, branded icons)
- Safeguards: email watermark overlay, security headers, content protection,
  rate limiting, IP/new-IP detection, single active session per investor
- Admin API: invite, list investors, revoke, query audit logs
- pitch-deck service added to docker-compose.coolify.yml

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-07 08:48:38 +00:00

2 Commits