perf: memo GridCard, fuse save fns, fix slash tab active color
This commit is contained in:
@@ -1,12 +1,13 @@
|
||||
# Deferred Work
|
||||
|
||||
## Deferred from: code review of 3-5-secure-byok-management (2026-05-16)
|
||||
## ~~Deferred from: code review of 3-5-secure-byok-management (2026-05-16)~~ ✅ COMPLETED
|
||||
|
||||
- **Test host BYOK + quota invité vide (Task 7.4)** — Scénario AC10 (hôte BYOK, quota invité vide) non couvert par test dédié dans `brainstorm-billing.test.ts`.
|
||||
- **`lastUsedAt` / `lastUsedFor` jamais mis à jour** — Champs Prisma présents mais non alimentés à l’usage des clés BYOK.
|
||||
- **`keyHash` non utilisé pour dédup** — Hash SHA-256 stocké sans logique de déduplication à l’upsert.
|
||||
- **Downgrade tier → désactivation clés hors liste** — Pas de `isActive=false` automatique au downgrade PRO/Business ; seul le rejet des nouveaux saves est en place.
|
||||
- **Rate limit POST `/api/user/api-keys`** — Pas de limite Redis documentée en spec optionnelle.
|
||||
All BYOK items implemented on 2026-05-30:
|
||||
- ✅ **Test host BYOK + quota invité vide (Task 7.4)** — Test AC10 ajouté dans `brainstorm-billing.test.ts`
|
||||
- ✅ **`lastUsedAt` / `lastUsedFor` tracking** — Implémenté dans `resolveByokApiKey()` avec update async non-bloquant
|
||||
- ✅ **`keyHash` dédup cross-provider** — `findDuplicateApiKeyHash()` ajouté, vérification dans route POST (409 Conflict)
|
||||
- ✅ **Downgrade tier → désactivation clés** — `deactivateUnauthorizedKeys()` + safety check dans `getActiveByokKey()`
|
||||
- ✅ **Rate limit POST `/api/user/api-keys`** — `checkApiKeyCreationRateLimit()` (5/h) dans route POST (429)
|
||||
|
||||
## Deferred from: code review of 4-1-gdpr-cookie-consent (2026-05-16)
|
||||
|
||||
@@ -14,7 +15,7 @@
|
||||
|
||||
## Deferred from: unified tasks view study (2026-05-24)
|
||||
|
||||
- **Vue agrégée Notes/Tâches (Markdown scrape)** — Retirée volontairement (option A produit) : surcharge UX, chevauchement avec vues structurées Kanban. Spec `spec-unified-tasks-view.md` abandonnée ; pas d’unification TipTap/Checklist pour cette vue.
|
||||
- **Vue agrégée Notes/Tâches (Markdown scrape)** — Retirée volontairement (option A produit) : surcharge UX, chevauchement avec vues structurées Kanban. Spec `spec-unified-tasks-view.md` abandonnée ; pas d'unification TipTap/Checklist pour cette vue.
|
||||
|
||||
## Deferred from: US-TEMPORAL product decision (2026-05-24)
|
||||
|
||||
|
||||
@@ -0,0 +1,74 @@
|
||||
---
|
||||
status: in-progress
|
||||
title: "GDPR Analytics Sync + Error Reporting Hardening"
|
||||
story: 4.1-gdpr-analytics-sync
|
||||
epic: 4
|
||||
priority: high
|
||||
blast_radius: medium
|
||||
---
|
||||
|
||||
# Spec: GDPR Analytics Sync + Error Reporting Hardening
|
||||
|
||||
## Context
|
||||
|
||||
Deferred work from Story 4.1 (GDPR Cookie Consent):
|
||||
- AC5 anonymousAnalytics DB sync was not implemented
|
||||
- Original constraint: "zero DB writes in 4.1, 100% client consent"
|
||||
- Now removing constraint to implement proper sync
|
||||
|
||||
## Goals
|
||||
|
||||
1. **Primary**: Sync cookie consent `anonymousAnalytics` to database for authenticated users
|
||||
2. **Secondary**: Verify error reporting is properly wired (legitimate interest, no consent needed)
|
||||
|
||||
## Acceptance Criteria
|
||||
|
||||
### AC1: Authenticated user consent syncs to DB
|
||||
- When a logged-in user accepts/rejects analytics via banner or preferences, `UserAISettings.anonymousAnalytics` is updated in DB
|
||||
- Guest users (no session) continue using localStorage only
|
||||
|
||||
### AC2: Cross-device consistency
|
||||
- User's analytics consent persists across devices when logged in
|
||||
- Initial consent load prefers DB value when local storage is empty
|
||||
|
||||
### AC3: Error reporting verification
|
||||
- Existing error reporting continues to work without consent (legitimate interest)
|
||||
- Verify `/api/debug/client-error` route exists and is wired
|
||||
|
||||
## Tasks
|
||||
|
||||
- [ ] Task 1: Create server action for consent sync
|
||||
- [ ] Task 2: Update cookie consent utilities
|
||||
- [ ] Task 3: Update banner and dialog components
|
||||
- [ ] Task 4: Verify error reporting route
|
||||
|
||||
## Code Map
|
||||
|
||||
### New/Modified Files
|
||||
|
||||
| File | Change |
|
||||
|------|--------|
|
||||
| `lib/consent/cookie-consent.ts` | Add `saveConsentWithSync()` client wrapper |
|
||||
| `app/actions/cookie-consent.ts` | NEW - Server action for DB sync |
|
||||
| `components/legal/cookie-consent-banner.tsx` | Use new sync action |
|
||||
| `components/legal/cookie-preferences-dialog.tsx` | Use new sync action |
|
||||
| `app/api/debug/client-error/route.ts` | Verify exists |
|
||||
|
||||
### Design Notes
|
||||
|
||||
- Server action calls `updateAISettings({ anonymousAnalytics: boolean })`
|
||||
- Client-side: combine `setConsent()` + server action in parallel
|
||||
- Server action silently succeeds for guests (no session) — component ignores result
|
||||
- Error reporting uses `/api/debug/client-error` — already exists, no consent gate needed
|
||||
|
||||
## Spec Change Log
|
||||
|
||||
- 2026-05-30: Created spec for deferred AC5 implementation
|
||||
- 2026-05-30: Added error reporting verification as secondary goal
|
||||
|
||||
## Dev Agent Record
|
||||
|
||||
### Agent Model Used
|
||||
Claude Opus 4.8
|
||||
|
||||
### Completion Notes List
|
||||
Reference in New Issue
Block a user