perf: memo GridCard, fuse save fns, fix slash tab active color
Some checks failed
CI / Lint, Unit Tests & Build (push) Failing after 1m32s
CI / Deploy production (on server) (push) Has been skipped

This commit is contained in:
Antigravity
2026-06-14 14:06:05 +00:00
parent a8785ed4f1
commit a623454347
120 changed files with 12301 additions and 785 deletions

View File

@@ -1,12 +1,13 @@
# Deferred Work
## Deferred from: code review of 3-5-secure-byok-management (2026-05-16)
## ~~Deferred from: code review of 3-5-secure-byok-management (2026-05-16)~~ ✅ COMPLETED
- **Test host BYOK + quota invité vide (Task 7.4)** — Scénario AC10 (hôte BYOK, quota invité vide) non couvert par test dédié dans `brainstorm-billing.test.ts`.
- **`lastUsedAt` / `lastUsedFor` jamais mis à jour** — Champs Prisma présents mais non alimentés à lusage des clés BYOK.
- **`keyHash` non utilisé pour dédup** — Hash SHA-256 stocké sans logique de déduplication à lupsert.
- **Downgrade tier → désactivation clés hors liste** — Pas de `isActive=false` automatique au downgrade PRO/Business ; seul le rejet des nouveaux saves est en place.
- **Rate limit POST `/api/user/api-keys`** — Pas de limite Redis documentée en spec optionnelle.
All BYOK items implemented on 2026-05-30:
- **Test host BYOK + quota invité vide (Task 7.4)** — Test AC10 ajouté dans `brainstorm-billing.test.ts`
- **`lastUsedAt` / `lastUsedFor` tracking** — Implémenté dans `resolveByokApiKey()` avec update async non-bloquant
- **`keyHash` dédup cross-provider** — `findDuplicateApiKeyHash()` ajouté, vérification dans route POST (409 Conflict)
- **Downgrade tier → désactivation clés**`deactivateUnauthorizedKeys()` + safety check dans `getActiveByokKey()`
-**Rate limit POST `/api/user/api-keys`**`checkApiKeyCreationRateLimit()` (5/h) dans route POST (429)
## Deferred from: code review of 4-1-gdpr-cookie-consent (2026-05-16)
@@ -14,7 +15,7 @@
## Deferred from: unified tasks view study (2026-05-24)
- **Vue agrégée Notes/Tâches (Markdown scrape)** — Retirée volontairement (option A produit) : surcharge UX, chevauchement avec vues structurées Kanban. Spec `spec-unified-tasks-view.md` abandonnée ; pas dunification TipTap/Checklist pour cette vue.
- **Vue agrégée Notes/Tâches (Markdown scrape)** — Retirée volontairement (option A produit) : surcharge UX, chevauchement avec vues structurées Kanban. Spec `spec-unified-tasks-view.md` abandonnée ; pas d'unification TipTap/Checklist pour cette vue.
## Deferred from: US-TEMPORAL product decision (2026-05-24)

View File

@@ -0,0 +1,74 @@
---
status: in-progress
title: "GDPR Analytics Sync + Error Reporting Hardening"
story: 4.1-gdpr-analytics-sync
epic: 4
priority: high
blast_radius: medium
---
# Spec: GDPR Analytics Sync + Error Reporting Hardening
## Context
Deferred work from Story 4.1 (GDPR Cookie Consent):
- AC5 anonymousAnalytics DB sync was not implemented
- Original constraint: "zero DB writes in 4.1, 100% client consent"
- Now removing constraint to implement proper sync
## Goals
1. **Primary**: Sync cookie consent `anonymousAnalytics` to database for authenticated users
2. **Secondary**: Verify error reporting is properly wired (legitimate interest, no consent needed)
## Acceptance Criteria
### AC1: Authenticated user consent syncs to DB
- When a logged-in user accepts/rejects analytics via banner or preferences, `UserAISettings.anonymousAnalytics` is updated in DB
- Guest users (no session) continue using localStorage only
### AC2: Cross-device consistency
- User's analytics consent persists across devices when logged in
- Initial consent load prefers DB value when local storage is empty
### AC3: Error reporting verification
- Existing error reporting continues to work without consent (legitimate interest)
- Verify `/api/debug/client-error` route exists and is wired
## Tasks
- [ ] Task 1: Create server action for consent sync
- [ ] Task 2: Update cookie consent utilities
- [ ] Task 3: Update banner and dialog components
- [ ] Task 4: Verify error reporting route
## Code Map
### New/Modified Files
| File | Change |
|------|--------|
| `lib/consent/cookie-consent.ts` | Add `saveConsentWithSync()` client wrapper |
| `app/actions/cookie-consent.ts` | NEW - Server action for DB sync |
| `components/legal/cookie-consent-banner.tsx` | Use new sync action |
| `components/legal/cookie-preferences-dialog.tsx` | Use new sync action |
| `app/api/debug/client-error/route.ts` | Verify exists |
### Design Notes
- Server action calls `updateAISettings({ anonymousAnalytics: boolean })`
- Client-side: combine `setConsent()` + server action in parallel
- Server action silently succeeds for guests (no session) — component ignores result
- Error reporting uses `/api/debug/client-error` — already exists, no consent gate needed
## Spec Change Log
- 2026-05-30: Created spec for deferred AC5 implementation
- 2026-05-30: Added error reporting verification as secondary goal
## Dev Agent Record
### Agent Model Used
Claude Opus 4.8
### Completion Notes List