salman/igny8
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
60ffc12e8c03357b968524fc459f2e48dd581995
igny8/CHANGELOG.md
IGNY8 VPS (Salman) 60ffc12e8c Add AI framework refactoring plan and orphan code audit 
- Add REFACTORING-PLAN.md: Plan to remove MODEL_CONFIG and Django settings fallbacks
- Add ORPHAN-CODE-AUDIT.md: Audit of unused code and exports
- Update CHANGELOG.md: Document API Standard v1.0 completion
- Update documentation files
2025-11-16 09:15:07 +00:00

554 lines
23 KiB
Markdown
Raw Blame History

# IGNY8 Changelog
**Current Version:** `1.0.0`
**Last Updated:** 2025-01-XX
**Purpose:** Complete changelog of all changes, fixes, and features. Only updated after user confirmation.
---
## 📋 Changelog Management
**IMPORTANT**: This changelog is only updated after user confirmation that a fix or feature is complete and working.
**For AI Agents**: Read `docs/00-DOCUMENTATION-MANAGEMENT.md` before making any changes to this file.
### Changelog Structure
Each entry follows this format:
- **Version**: Semantic versioning (MAJOR.MINOR.PATCH)
- **Date**: YYYY-MM-DD format
- **Type**: Added, Changed, Fixed, Deprecated, Removed, Security
- **Description**: Clear description of the change
- **Affected Areas**: Modules, components, or features affected
- **Documentation**: Reference to updated documentation files
---
## [Unreleased]
### Added
- Unified API Standard v1.0 implementation
- API Monitor page for endpoint health monitoring
- CRUD operations monitoring for Planner and Writer modules
- Sidebar API status indicator for aws-admin accounts
- **Health Check Endpoint**: `GET /api/v1/system/ping/` - Public health check endpoint per API Standard v1.0 requirement
- Returns unified format: `{success: true, data: {status: 'ok'}}`
- Tagged as 'System' in Swagger/ReDoc documentation
- Public endpoint (AllowAny permission)
### Changed
- All API endpoints now return unified response format (`{success, data, message, errors}`)
- Frontend `fetchAPI` wrapper automatically extracts data from unified format
- All error responses follow unified format with `request_id` tracking
- Rate limiting configured with scoped throttles per module
- **Integration Views**: All integration endpoints now use unified response format
- Replaced 40+ raw `Response()` calls with `success_response()`/`error_response()` helpers
- All responses include `request_id` for tracking
- Updated frontend components to handle extracted data format
- **API Documentation**: Updated Swagger/ReDoc description to include all public endpoints
- Added `/api/v1/system/ping/` to public endpoints list
- Updated schema extensions to properly tag ping endpoint
### Fixed
- Keyword edit form now correctly populates existing values
- Auto-cluster function now works correctly with unified API format
- ResourceDebugOverlay now correctly extracts data from unified API responses
- All frontend pages now correctly handle unified API response format
- **Integration Views**: Fixed all integration endpoints not using unified response format
- `_test_openai()` and `_test_runware()` methods now use unified format
- `generate_image()`, `create()`, `save_settings()` methods now use unified format
- `get_image_generation_settings()` and `task_progress()` methods now use unified format
- All error responses now include `request_id` and follow unified format
- **Frontend Components**: Updated to work with unified format
- `ValidationCard.tsx` - Removed dual-format handling, now works with extracted data
- `Integration.tsx` - Simplified to work with unified format
- `ImageGenerationCard.tsx` - Updated to work with extracted data format
---
## [1.1.1] - 2025-01-XX
### Security
- **CRITICAL**: Fixed `AIPromptViewSet` security vulnerability - changed from `permission_classes = []` (allowing unauthenticated access) to `IsAuthenticatedAndActive + HasTenantAccess`
- Added `IsEditorOrAbove` permission check for `save_prompt` and `reset_prompt` actions in `AIPromptViewSet`
- All billing ViewSets now require `IsAuthenticatedAndActive + HasTenantAccess` for proper tenant isolation
- `CreditTransactionViewSet` now requires `IsAdminOrOwner` per API Standard v1.0 (billing/transactions require admin/owner)
- All system settings ViewSets now use standard permissions (`IsAuthenticatedAndActive + HasTenantAccess`)
- All auth ViewSets now explicitly include `IsAuthenticatedAndActive + HasTenantAccess` for proper tenant isolation
### Changed
- **Auth Endpoints**: All authentication endpoints (`RegisterView`, `LoginView`, `ChangePasswordView`, `MeView`) now use unified response format with `success_response()` and `error_response()` helpers
- All responses now include `request_id` for error tracking
- Error responses follow unified format with `error` and `errors` fields
- Success responses follow unified format with `success`, `data`, and `message` fields
- **Billing Module**: Refactored `CreditUsageViewSet` and `CreditTransactionViewSet` to inherit from `AccountModelViewSet` instead of manual account filtering
- Account filtering now handled automatically by base class
- Improved code maintainability and consistency
- **System Settings**: All 5 system settings ViewSets now use standard permission classes
- `SystemSettingsViewSet`, `AccountSettingsViewSet`, `UserSettingsViewSet`, `ModuleSettingsViewSet`, `AISettingsViewSet`
- Write operations require `IsAdminOrOwner` per standard
- **Integration Settings**: Added `HasTenantAccess` permission to `IntegrationSettingsViewSet` for proper tenant isolation
- **Auth ViewSets**: Added explicit standard permissions to all auth ViewSets
- `UsersViewSet`, `AccountsViewSet`, `SubscriptionsViewSet`, `SiteUserAccessViewSet` now include `IsAuthenticatedAndActive + HasTenantAccess`
- `SiteViewSet`, `SectorViewSet` now include `IsAuthenticatedAndActive + HasTenantAccess`
### Fixed
- Fixed auth endpoints not returning unified format (were using raw `Response()` instead of helpers)
- Fixed missing `request_id` in auth endpoint responses
- Fixed inconsistent error response format in auth endpoints
- Fixed billing ViewSets not using base classes (manual account filtering replaced with `AccountModelViewSet`)
- Fixed all ViewSets missing standard permissions (`IsAuthenticatedAndActive + HasTenantAccess`)
### Documentation
- Updated implementation plan to reflect completion of all remaining API Standard v1.0 items
- All 8 remaining items from audit completed (100% compliance achieved)
- **API Standard v1.0**: Full compliance achieved
- All 10 audit tasks completed and verified
- All custom @action methods use unified response format
- All ViewSets use proper base classes, pagination, throttles, and permissions
- All error responses include `request_id` tracking
- No raw `Response()` calls remaining (except file downloads)
- All endpoints documented in Swagger/ReDoc with proper tags
---
## [1.1.0] - 2025-01-XX
### Added
#### Unified API Standard v1.0
- **Response Format Standardization**
- All endpoints return unified format: `{success: true/false, data: {...}, message: "...", errors: {...}}`
- Paginated responses include `success`, `count`, `next`, `previous`, `results`
- Error responses include `success: false`, `error`, `errors`, `request_id`
- Response helper functions: `success_response()`, `error_response()`, `paginated_response()`
- **Custom Exception Handler**
- Centralized exception handling in `backend/igny8_core/api/exception_handlers.py`
- All exceptions wrapped in unified format
- Proper HTTP status code mapping (400, 401, 403, 404, 409, 422, 429, 500)
- Debug information included in development mode
- **Custom Pagination**
- `CustomPageNumberPagination` class with unified format support
- Default page size: 10, max: 100
- Dynamic page size via `page_size` query parameter
- Includes `success` field in paginated responses
- **Base ViewSets**
- `AccountModelViewSet` - Handles account isolation and unified CRUD responses
- `SiteSectorModelViewSet` - Extends account isolation with site/sector filtering
- All CRUD operations (create, retrieve, update, destroy) return unified format
- **Rate Limiting**
- `DebugScopedRateThrottle` with debug bypass for development
- Scoped rate limits per module (planner, writer, system, billing, auth)
- AI function rate limits (10/min for expensive operations)
- Bypass for aws-admin accounts and admin/developer roles
- Rate limit headers: `X-Throttle-Limit`, `X-Throttle-Remaining`, `X-Throttle-Reset`
- **Request ID Tracking**
- `RequestIDMiddleware` generates unique UUID for each request
- Request ID included in all error responses
- Request ID in response headers: `X-Request-ID`
- Used for log correlation and debugging
- **API Monitor**
- New page: `/settings/api-monitor` for endpoint health monitoring
- Monitors API status (HTTP response) and data status (page population)
- Endpoint groups: Core Health, Auth, Planner, Writer, System, Billing, CRUD Operations
- Sorting by status (errors first, then warnings, then healthy)
- Real-time endpoint health checks with configurable refresh interval
- Only accessible to aws-admin accounts
- **Sidebar API Status Indicator**
- Visual indicator circles for each endpoint group
- Color-coded status (green = healthy, yellow = warning)
- Abbreviations: CO, AU, PM, WM, PC, WC, SY
- Only visible and active for aws-admin accounts on API monitor page
- Prevents console errors on other pages
### Changed
#### Backend Refactoring
- **Planner Module** - All ViewSets refactored to unified format
- `KeywordViewSet` - CRUD + `auto_cluster` action
- `ClusterViewSet` - CRUD + `auto_generate_ideas` action
- `ContentIdeasViewSet` - CRUD + `bulk_queue_to_writer` action
- **Writer Module** - All ViewSets refactored to unified format
- `TasksViewSet` - CRUD + `auto_generate_content` action
- `ContentViewSet` - CRUD + `generate_image_prompts` action
- `ImagesViewSet` - CRUD + `generate_images` action
- **System Module** - All ViewSets refactored to unified format
- `AIPromptViewSet` - CRUD + `get_by_type`, `save_prompt`, `reset_prompt` actions
- `SystemSettingsViewSet`, `AccountSettingsViewSet`, `UserSettingsViewSet`
- `ModuleSettingsViewSet`, `AISettingsViewSet`
- `IntegrationSettingsViewSet` - Integration management and testing
- **Billing Module** - All ViewSets refactored to unified format
- `CreditBalanceViewSet` - `balance` action
- `CreditUsageViewSet` - `summary`, `limits` actions
- `CreditTransactionViewSet` - CRUD operations
- **Auth Module** - All ViewSets refactored to unified format
- `AuthViewSet` - `register`, `login`, `change_password`, `refresh_token`, `reset_password`
- `UsersViewSet` - CRUD + `create_user`, `update_role` actions
- `GroupsViewSet`, `AccountsViewSet`, `SubscriptionsViewSet`
- `SiteUserAccessViewSet`, `PlanViewSet`, `IndustryViewSet`, `SeedKeywordViewSet`
#### Frontend Refactoring
- **fetchAPI Wrapper** (`frontend/src/services/api.ts`)
- Automatically extracts `data` field from unified format responses
- Handles paginated responses (`results` at top level)
- Properly throws errors for `success: false` responses
- Removed redundant `response?.data || response` checks across codebase
- **All Frontend Pages Updated**
- Removed redundant response data extraction
- All pages now correctly consume unified API format
- Error handling standardized across all components
- Pagination handling standardized
- **Component Updates**
- `FormModal` - Now accepts `React.ReactNode` for title prop
- `ComponentCard` - Updated to support status badges in titles
- `ResourceDebugOverlay` - Fixed to extract data from unified format
- `ApiStatusIndicator` - Restricted to aws-admin accounts and API monitor page
### Fixed
#### Bug Fixes
- **Keyword Edit Form** - Now correctly populates existing values when editing
- Added `key` prop to force re-render when form data changes
- Fixed `seed_keyword_id` value handling for select dropdown
- **Auto-Cluster Function** - Now works correctly with unified API format
- Updated `autoClusterKeywords()` to wrap response with `success` field
- Proper error handling and response extraction
- **ResourceDebugOverlay** - Fixed data extraction from unified API responses
- Extracts `data` field from `{success: true, data: {...}}` responses
- Added null safety checks for all property accesses
- Validates data structure before adding to metrics
- **API Response Handling** - Fixed all instances of incorrect data extraction
- Removed `response?.data || response` redundant checks
- Removed `response.results || []` redundant checks
- All API functions now correctly handle unified format
- **React Hooks Error** - Fixed "Rendered more hooks than during the previous render"
- Moved all hooks to top of component before conditional returns
- Fixed `ApiStatusIndicator` component hook ordering
- **TypeScript Errors** - Fixed all type errors related to unified API format
- Added nullish coalescing for `toLocaleString()` calls
- Added null checks before `Object.entries()` calls
- Fixed all undefined property access errors
#### System Health
- **System Status Page** - Fixed redundant data extraction
- Now correctly uses extracted data from `fetchAPI`
- All system metrics display correctly
### Security
- Rate limiting bypass only for aws-admin accounts and admin/developer roles
- Request ID tracking for all API requests
- Centralized error handling prevents information leakage
### Testing
- **Comprehensive Test Suite**
- Created complete unit and integration test suite for Unified API Standard v1.0
- 13 test files with ~115 test methods covering all API components
- Test coverage: 100% of API Standard components
- **Unit Tests** (`backend/igny8_core/api/tests/`)
- `test_response.py` - Tests for response helper functions (18 tests)
- Tests `success_response()`, `error_response()`, `paginated_response()`
- Tests request ID generation and inclusion
- Tests status code mapping and error messages
- `test_exception_handler.py` - Tests for custom exception handler (12 tests)
- Tests all exception types (ValidationError, AuthenticationFailed, PermissionDenied, NotFound, Throttled, etc.)
- Tests debug mode behavior and debug info inclusion
- Tests field-specific and non-field error handling
- `test_permissions.py` - Tests for permission classes (20 tests)
- Tests `IsAuthenticatedAndActive`, `HasTenantAccess`, `IsViewerOrAbove`, `IsEditorOrAbove`, `IsAdminOrOwner`
- Tests role-based access control and tenant isolation
- Tests admin/system account bypass logic
- `test_throttles.py` - Tests for rate limiting (11 tests)
- Tests `DebugScopedRateThrottle` bypass logic (DEBUG mode, env flag, admin/system accounts)
- Tests rate parsing and throttle header generation
- **Integration Tests** (`backend/igny8_core/api/tests/`)
- `test_integration_base.py` - Base test class with common fixtures and helper methods
- `test_integration_planner.py` - Planner module endpoint tests (12 tests)
- Tests CRUD operations for keywords, clusters, ideas
- Tests AI actions (auto_cluster)
- Tests error scenarios and validation
- `test_integration_writer.py` - Writer module endpoint tests (6 tests)
- Tests CRUD operations for tasks, content, images
- Tests error scenarios
- `test_integration_system.py` - System module endpoint tests (5 tests)
- Tests status, prompts, settings, integrations endpoints
- `test_integration_billing.py` - Billing module endpoint tests (5 tests)
- Tests credits, usage, transactions endpoints
- `test_integration_auth.py` - Auth module endpoint tests (8 tests)
- Tests login, register, user management endpoints
- Tests authentication flows and error scenarios
- `test_integration_errors.py` - Error scenario tests (6 tests)
- Tests 400, 401, 403, 404, 429, 500 error responses
- Tests unified error format across all error types
- `test_integration_pagination.py` - Pagination tests (10 tests)
- Tests pagination across all modules
- Tests page size, page parameter, max page size limits
- Tests empty results handling
- `test_integration_rate_limiting.py` - Rate limiting integration tests (7 tests)
- Tests throttle headers presence
- Tests bypass logic for admin/system accounts and DEBUG mode
- Tests different throttle scopes per module
- **Test Verification**
- All tests verify unified response format (`{success, data/results, message, errors, request_id}`)
- All tests verify proper HTTP status codes
- All tests verify error format consistency
- All tests verify pagination format consistency
- All tests verify request ID inclusion
- **Test Documentation**
- Created `backend/igny8_core/api/tests/README.md` with test structure and running instructions
- Created `backend/igny8_core/api/tests/TEST_SUMMARY.md` with comprehensive test statistics
- Created `backend/igny8_core/api/tests/run_tests.py` test runner script
### Documentation
- **OpenAPI/Swagger Integration**
- Installed and configured `drf-spectacular` for OpenAPI 3.0 schema generation
- Created Swagger UI endpoint: `/api/docs/`
- Created ReDoc endpoint: `/api/redoc/`
- Created OpenAPI schema endpoint: `/api/schema/`
- Configured comprehensive API documentation with code samples
- Added custom authentication extensions for JWT Bearer tokens
- **Comprehensive Documentation Files**
- `docs/API-DOCUMENTATION.md` - Complete API reference with examples
- Quick start guide
- Endpoint reference
- Code examples (Python, JavaScript, cURL)
- Response format details
- `docs/AUTHENTICATION-GUIDE.md` - Authentication and authorization guide
- JWT Bearer token authentication
- Token management and refresh
- Code examples in Python and JavaScript
- Security best practices
- `docs/ERROR-CODES.md` - Complete error code reference
- HTTP status codes (200, 201, 400, 401, 403, 404, 409, 422, 429, 500)
- Field-specific error messages
- Error handling best practices
- Common error scenarios and solutions
- `docs/RATE-LIMITING.md` - Rate limiting and throttling guide
- Rate limit scopes and limits
- Handling rate limits (429 responses)
- Best practices and code examples
- Request queuing and caching strategies
- `docs/MIGRATION-GUIDE.md` - Migration guide for API consumers
- What changed in v1.0
- Step-by-step migration instructions
- Code examples (before/after)
- Breaking and non-breaking changes
- `docs/WORDPRESS-PLUGIN-INTEGRATION.md` - WordPress plugin integration guide
- Complete PHP API client class
- Authentication implementation
- Error handling
- WordPress admin integration
- Best practices
- `docs/README.md` - Documentation index and quick start
- **OpenAPI Schema Configuration**
- Configured comprehensive API description with features overview
- Added authentication documentation
- Added response format examples
- Added rate limiting documentation
- Added pagination documentation
- Configured endpoint tags (Authentication, Planner, Writer, System, Billing)
- Added code samples in Python and JavaScript
- **Schema Extensions**
- Created `backend/igny8_core/api/schema_extensions.py` for custom authentication
- JWT Bearer token authentication extension
- CSRF-exempt session authentication extension
- Proper OpenAPI security scheme definitions
---
## [1.0.0] - 2025-01-XX
### Added
#### Documentation System
- Complete documentation structure with 7 core documents
- Documentation management system with versioning
- Changelog management system
- DRY principles documentation
- Self-explaining documentation for AI agents
#### Core Features
- Multi-tenancy system with account isolation
- Authentication (login/register) with JWT
- RBAC permissions (Developer, Owner, Admin, Editor, Viewer, System Bot)
- Account > Site > Sector hierarchy
- Multiple sites can be active simultaneously
- Maximum 5 active sectors per site
#### Planner Module
- Keywords CRUD operations
- Keyword import/export (CSV)
- Keyword filtering and organization
- AI-powered keyword clustering
- Clusters CRUD operations
- Content ideas generation from clusters
- Content ideas CRUD operations
- Keyword-to-cluster mapping
- Cluster metrics and analytics
#### Writer Module
- Tasks CRUD operations
- AI-powered content generation
- Content editing and review
- Image prompt extraction
- AI-powered image generation (OpenAI DALL-E, Runware)
- Image management
- WordPress integration (publishing)
#### Thinker Module
- AI prompt management
- Author profile management
- Content strategy management
- Image generation testing
#### System Module
- Integration settings (OpenAI, Runware)
- API key configuration
- Connection testing
- System status and monitoring
#### Billing Module
- Credit balance tracking
- Credit transactions
- Usage logging
- Cost tracking
#### Frontend
- Configuration-driven UI system
- 4 universal templates (Dashboard, Table, Form, System)
- Complete component library
- Zustand state management
- React Router v7 routing
- Progress tracking for AI tasks
- Responsive design
#### Backend
- RESTful API with DRF
- Automatic account isolation
- Site access control
- Celery async task processing
- Progress tracking for Celery tasks
- Unified AI framework
- Database logging
#### AI Functions
- Auto Cluster Keywords
- Generate Ideas
- Generate Content
- Generate Image Prompts
- Generate Images
- Test OpenAI connection
- Test Runware connection
- Test image generation
#### Infrastructure
- Docker-based containerization
- Two-stack architecture (infra, app)
- Caddy reverse proxy
- PostgreSQL database
- Redis cache and Celery broker
- pgAdmin database administration
- FileBrowser file management
### Documentation
#### Documentation Files Created
- `docs/00-DOCUMENTATION-MANAGEMENT.md` - Documentation and changelog management system
- `docs/01-TECH-STACK-AND-INFRASTRUCTURE.md` - Technology stack and infrastructure
- `docs/02-APPLICATION-ARCHITECTURE.md` - Application architecture with workflows
- `docs/03-FRONTEND-ARCHITECTURE.md` - Frontend architecture documentation
- `docs/04-BACKEND-IMPLEMENTATION.md` - Backend implementation reference
- `docs/05-AI-FRAMEWORK-IMPLEMENTATION.md` - AI framework implementation reference
- `docs/06-FUNCTIONAL-BUSINESS-LOGIC.md` - Functional business logic documentation
#### Documentation Features
- Complete workflow documentation
- Feature completeness
- No code snippets (workflow-focused)
- Accurate state reflection
- Cross-referenced documents
- Self-explaining structure for AI agents
---
## Version History
### Current Version: 1.0.0
**Status**: Production
**Date**: 2025-01-XX
### Version Format
- **MAJOR**: Breaking changes, major feature additions, architecture changes
- **MINOR**: New features, new modules, significant enhancements
- **PATCH**: Bug fixes, small improvements, documentation updates
### Version Update Rules
1. **MAJOR**: Only updated when user confirms major release
2. **MINOR**: Updated when user confirms new feature is complete
3. **PATCH**: Updated when user confirms bug fix is complete
**IMPORTANT**: Never update version without user confirmation.
---
## Planned Features
### In Progress
- Planner Dashboard enhancement with KPIs
- Automation & CRON tasks
- Advanced analytics
### Future
- Analytics module enhancements
- Advanced scheduling features
- Additional AI model integrations
- Stripe payment integration
- Plan limits enforcement
- Advanced reporting
- Mobile app support
- API documentation (Swagger/OpenAPI)
- Unit and integration tests for unified API
---
## Notes
- All features are documented in detail in the respective documentation files
- Workflows are complete and accurate
- System is production-ready
- Documentation is maintained and updated regularly
- Changelog is only updated after user confirmation
---
**For AI Agents**: Before making any changes, read `docs/00-DOCUMENTATION-MANAGEMENT.md` for complete guidelines on versioning, changelog management, and DRY principles.
Reference in New Issue View Git Blame Copy Permalink