platform/portal
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
feat/m5.2-shells
portal/CHANGELOG.md
T
sharang 60209428b5
ci / e2e (pull_request) Has been skipped
Details
ci / shared (pull_request) Successful in 4s
Details
ci / test (pull_request) Successful in 26s
Details
ci / image (pull_request) Has been skipped
Details
feat(app): M5.2 — customer-area route shells + role-gated nav 
Adds the M5.2 surface set per PLATFORM_ARCHITECTURE.md §5a. Every route
is a navigable skeleton with a per-route empty-state pointing at the
milestone that ships the real content; the Nav component filters links
by session.org_roles so an IT_ADMIN sees settings + api-keys, a CXO
sees billing, a USER sees only dashboard + products + support, etc.

New surfaces (10):
  /[slug]/products              M10.1
  /[slug]/projects              M10.1
  /[slug]/catalog               M11.1
  /[slug]/settings              M10.1
  /[slug]/settings/users        M10.1
  /[slug]/settings/api-keys     M15.1
  /[slug]/settings/integrations M15.2
  /[slug]/billing               M8.3
  /[slug]/audit                 M10.2
  /[slug]/support               M9.1

Dashboard upgraded: reads session.products, renders one tile per
entitled product (real tile content lands in M10.1). Empty-state when
the user has no entitlements yet — links into the catalog flow.

Backstage stub at /__backstage__ — middleware already rewrites
backstage.<apex>/* to this prefix; real RBAC against BREAKPILOT_ADMIN /
SUPPORT_ENGINEER / SALES_REP lands in M13.2.

Layout enforces tenant-slug match: a session with tenant_slug=A trying
to view /B/... gets redirected to /A/dashboard. Prevents JWT-replay
across tenants (defence in depth; the real guard is at the API layer,
which M4.3 adds in tenant-registry).

src/lib/session.ts is the single source of truth for the role matrix
+ canSee(surface) helper. 13 vitest cases, 100% coverage of src/lib.

Refs: M5.2
2026-05-19 13:54:41 +02:00

1.1 KiB
Raw Permalink Blame History

Changelog

All notable changes to this repo. Format: Keep a Changelog. Generated section is appended on release tag via git-cliff (see .gitea/workflows/release.yaml).

[Unreleased]

Added

  • feat(app): M5.2 — customer-area route shells (settings, billing, audit, support, catalog, products, projects, settings/{users,api-keys,integrations}); shared Nav component reads session.org_roles and shows only what each role can see; backstage stub at /backstage; dashboard renders product tiles from session.products
  • chore(deps): bump next + eslint-config-next to 16.2.6 to clear trivy CVEs (CVE-2025-29927 critical + 7 highs in next 15.0.3)
  • feat(app): Next.js 16 + Auth.js v5 skeleton with host→slug middleware, tenant context layout, OIDC sign-in flow

Changed

  • chore(domain): yourplatform.com → breakpilot.com

Fixed

  • ci: rework workflow for Gitea Actions (bash commitlint, inline gitleaks binary, per-stack jobs gated on real code)

Removed

Security

Reference in New Issue View Git Blame Copy Permalink