2026-04-14 - 2026-05-14
Overview
124 Pull requests merged by 1 user
Merged
#568 fix(ci): run svelte-kit sync before lint to fix cache-hit tsconfig miss
Merged
#565 ci: restrict push trigger to main — eliminate duplicate CI runs
Merged
#564 fix(ci): run client coverage even when server coverage fails
Merged
#563 fix(tests): use native element clicks in layout dropdown spec
Merged
#561 fix(ci): add IMPORT_HOST_DIR stub to compose-idempotency job
Merged
#558 ci(devops): downgrade upload-artifact v4 → v3 + ADR-014 + grep guard
Merged
#559 chore(coverage): drop client branches threshold 80→75 to unblock CI
Merged
#555 fix(#553): close [birpc] rpc is closed race — sync-factory invariant + duplicate-ID guard + PR #10267 backport
Merged
#552 fix(notification): replace view-all anchor with button to prevent iframe navigation
Merged
#550 fix(pdf-viewer): eliminate real pdfjs-dist loading from browser tests — stop birpc teardown race
Merged
#549 fix(pdf-viewer): remove banned vi.mock('pdfjs-dist') — ADR 012 enforcement (issue #546)
Merged
#548 fix(test): NotificationDropdown iframe navigation crash + Tailwind CI noise
Merged
#547 test: fix flaky browser-mode tests in AnnotationShape and OcrTrainingCard specs
Merged
#536 fix(#535): eliminate vi.mock(pdfjs-dist) birpc teardown race via libLoader injection
Merged
#544 fix(ci): replace iproute2 ip with /proc/net/route for gateway detection
Merged
#540 fix(ci): resolve smoke test host via bridge gateway, not 127.0.0.1
Merged
#537 ci(nightly): reload Caddy before smoke test
Merged
#505 test(coverage): drive browser tests to 80% on all metrics (#496)
Merged
#526 feat(infra): bind-mount /import for backend mass-import endpoint
Merged
#525 fix(infra): frontend healthcheck on 127.0.0.1, not localhost
Merged
#521 fix(security): promote auth_token cookie to Authorization header (#520)
Merged
#519 fix(user): findOrCreate Administrators group instead of blind-INSERT (#518)
Merged
#517 fix(caddy): wrap actuator block in handle so it takes precedence over catch-all (#512)
Merged
#516 fix(user): rename yaml key username→email so admin seed reads APP_ADMIN_USERNAME (#513)
Merged
#515 fix(frontend): disable prerender crawl so protected routes aren't baked to login-bounces (#514)
Merged
#511 fix(compose): mark create-buckets as one-shot for up --wait (#510)
Merged
#509 fix(workflows): match runner label — runs-on ubuntu-latest (#508)
Merged
#507 fix(minio): bake bootstrap.sh into image instead of bind-mounting (#506)
Merged
#504 fix(fail2ban): pin polling backend so jail actually reads Caddy access log (#503)
Merged
#499 feat(infra): production deployment pipeline — Caddy, staging, Gitea Actions (#497)
Merged
#495 fix(test): make browser-project tests contribute to coverage measurement
Merged
#488 fix(fts): paginate FTS match-set in SQL instead of loading all matching IDs
Merged
#491 fix(db): add indexes on documents.sender_id and document_comments.author_id (#470)
Merged
#493 fix(a11y): increase PdfControls touch targets to 44×44px (#354)
Merged
#494 fix(ci): resolve date-buckets timezone + Testcontainers Docker failures (#476)
Merged
#490 fix(user): replace Math.abs(hashCode()) with Math.floorMod in computeColor
Merged
#489 fix(comment): declare missing @PathVariable params on block comment endpoints
Merged
#492 fix(db): add PRIMARY KEY to group_permissions and promote tbmp UNIQUE to PK (#469)
Merged
#487 fix(documents): filter inputs don't sync with URL on navigation (#482)
Merged
#486 fix(build): unbreak production build — /hilfe/transkription prerender unreachable behind /login
Merged
#484 feat(dashboard): reader dashboard spec alignment #483
Merged
#477 feat(#447): permission-gated reader dashboard
Merged
#478 feat(documents): timeline date-range filter with density bars (#385)
Merged
#475 feat(chronik): add commentPreview to ActivityFeedItemDTO (#454)
Merged
#456 cleanup(legibility): repo hygiene, TODO cleanup, and test flakiness fixes
Merged
#455 cleanup(legibility): polish — CLEANUP-2, CLEANUP-3, CLEANUP-4
Merged
#452 docs(db): add ER and ORM diagrams (PlantUML)
Merged
#450 docs(c4): add C4-PlantUML diagram files for all architecture views
Merged
#448 docs(c4): accuracy audit — split L3 diagrams, add 6 new sub-diagrams, fix all stale content
Merged
#449 docs(spec): reader dashboard design exploration and final spec
Merged
#446 docs: fix stale CLAUDE.md content after design-system refactoring
Merged
#445 docs(legibility): migrate CLAUDE.md rules into human docs — DOC-7
Merged
#444 docs(legibility): DOC-6 — add 18 per-domain README.md files
Merged
#443 docs(legibility): DOC-5 — write docs/DEPLOYMENT.md
Merged
#442 docs(legibility): DOC-4 — write CONTRIBUTING.md with three concrete walkthroughs
Merged
#441 docs(legibility): DOC-2 — write docs/ARCHITECTURE.md
Merged
#440 docs(legibility): write human-targeted README.md at repo root — DOC-1
Merged
#439 docs(legibility): write docs/GLOSSARY.md — DOC-3
Merged
#430 epic(legibility): pre-flight — make tests trustworthy (#402)
Merged
#429 feat(eslint): add boundaries/dependencies rule for frontend domain imports
Merged
#428 test(backend): add ArchUnit domain boundary enforcement (Rules 1–4)
Merged
#426 fix: break Spring Framework 7 circular bean dependency cycles
Merged
#422 refactor(frontend): restructure lib/ from flat-by-type to domain-based (#408)
Merged
#421 refactor: domain-based package layout (#407)
Merged
#420 fix(backend): resolve cross-domain repo + controller→repo violations (#417)
Merged
#419 fix(backend): rename users table to app_users (closes #418)
Merged
#379 feat(person-mention): add @mention discoverability hint to transcription block placeholder
Merged
#378 fix(training): use KURRENT_RECOGNITION label for sender-based block queries
Merged
#382 feat(geschichten): blog-like family memory stories (closes #381)
Merged
#377 feat: auto-open transcription panel when navigating from mission-control cards
Merged
#375 fix: hover card maiden name false positive, editor placeholder on non-empty content, mention persistence
Merged
#373 feat: decouple person-mention display text from person name (#372)
Merged
#371 feat(person-mention): PR-B2 — read-mode rendering + hover card (issue #362)
Merged
#369 feat: person @mentions edit-mode infrastructure (PR-B1, #362)
Merged
#366 feat(transcription): person @mention sidecar + rename propagation (PR-A backend, #362)
Merged
#365 refactor(relationship): use typed RelationType enum in CreateRelationshipRequest
Merged
#360 feat(stammbaum): family network — graph, badge, edit card, /stammbaum page (#358)
Merged
#352 feat(transcription): add "Alle als fertig markieren" bulk action (#345)
Merged
#350 fix(persons): fix person dropdown clipping with fixed positioning and ARIA (#343)
Merged
#348 feat(viewer): show delete icon directly on transcription annotation (#339)
Merged
#347 feat(persons): show merge action inline with danger hint, remove Gefahrenzone collapsible (#342)
Merged
#346 feat(search): add direct page-jump control to document search pagination (#340)
Merged
#349 fix(viewer): fix "Annotieren anzeigen" contrast and add lint rule (#341)
Merged
#351 feat(nav): add tooltip and cursor:pointer to notification bell, fix ThemeToggle i18n (#344)
Merged
#337 feat(audit): track user management events in audit log (#336)
Merged
#333 feat(persons): surface personType + title in forms and detail card
Merged
#331 feat: bulk metadata edit for existing documents
Merged
#329 feat(documents): bulk upload — split-panel with file switcher
Merged
#330 feat(#320): guided empty state + Kurrent primer for first-time transcribers
Merged
#316 feat(documents): paginate /documents search so first paint isn't 1500 rows
Merged
#314 As a user I want the dashboard resume strip to show the actual document thumbnail so I recognize what I was working on at a glance
Merged
#311 feat(briefwechsel): thumbnail rows with summary quote and bilateral distribution bar (#305)
Merged
#304 fix(transcription): replace sendBeacon with fetch keepalive; add catch-all API proxy
Merged
#308 feature: PDF-Thumbnails für Dokumente (Upload + Admin-Backfill)
Merged
#303 fix(nav): replace static back-link hrefs with history.back() + fallback
Merged
#302 feat(dashboard): add kinds CSV query param to /api/dashboard/activity
Merged
#301 feat(chronik): deep-link mentions and comments to the specific comment
Merged
#299 bug: notification deep-link does not scroll to comment on document detail page
Merged
#297 fix(chronik): surface REPLY events in Für-dich feed via youParticipated
Merged
#298 feat: dashboard enrichment-list-block after batch upload (#296)
Merged
#288 feat: unify /notifications and dashboard activity feed into a /chronik page
Merged
#284 feat/issue-283-sender-receiver-grouping
Merged
#282 feat: dedicated /documents search & browse page
Merged
#279 fix(admin): delete user button now works reliably
Merged
#278 feat(dashboard): redesign home as action-led family archive hub (#271)
Merged
#275 feat(audit): domain-level audit log for archive activity
Merged
#273 feat: invite-based self-service registration
Merged
#272 feat: migrate from username to email-only authentication
Merged
#267 feat(enrich): field reordering, required-fields progress bar, and no-PDF upload state
Merged
#265 feat(admin): OCR admin pages — overview & model detail
Merged
#263 feat(ocr): per-sender specialized Kurrent models with automatic active-learning retraining
Merged
#260 feat(ocr): German spell-check post-processing to reduce handwriting gibberish
Merged
#255 feat(ocr): add image preprocessing pipeline to improve transcription quality on aged documents
Merged
#251 feat(tag-typeahead): tree-aware results — expand children & surface ancestor path
Merged
#249 feat(#248): admin tag page complete overhaul — tree panel, merge, subtree delete, new edit components
Merged
#245 feat(#240): Mission Control Strip — backend + frontend implementation
Merged
#242 feat(search): show search result snippets with match highlighting (#219)
Merged
#243 fix(fileloader): prevent infinite reload loop via untrack
Merged
#241 refactor(frontend): utility dedup, component splits, dead code removal (#193–#200)
Merged
#237 feat(search): upgrade to PostgreSQL full-text search with German stemming
Merged
#238 devops(backend): switch to multi-stage Docker build
Merged
#236 feat(search): add year/group headers in document list when sorted by date, sender, or receiver
Merged
#234 fix(ocr): fix segmentation training for ketos 7 and low-memory hosts
Merged
#235 feat(annotations): resize and move annotations in document view
2 Pull requests proposed by 1 user
Proposed
#567 fix(admin): clear unsaved-changes guard before redirect on groups/new and users/new
Proposed
#569 ui(admin/system): improve mass-import card (loading state, i18n, font size)
153 Issues closed from 1 user
Closed
#531 ci(nightly): post-deploy smoke test for /api/admin/import-status
Closed
#557 ci(devops): downgrade actions/upload-artifact v4 → v3 (re-regression — needs ADR to prevent future re-upgrade)
Closed
#554 audit: factory mocks → prop injection migration (sveltest pattern)
Closed
#556 ci(coverage): drop client-project branches threshold 80 → 70 to unblock CI
Closed
#553 Unit & Component Tests job exits 1 — birpc teardown race resurfaces from async vi.mock factory with dynamic import
Closed
#551 fix(test): NotificationDropdown view-all click navigates iframe — breaks vitest coverage
Closed
#546 test: PdfViewer.svelte.test.ts re-introduces banned vi.mock('pdfjs-dist') factory — restores birpc teardown race
Closed
#545 fix(test): NotificationDropdown "view-all link" test causes iframe navigation crash in CI
Closed
#541 test: fix flaky browser-mode tests in AnnotationShape and OcrTrainingCard specs
Closed
#535 Unit & Component Tests job exits 1 from vitest-browser teardown race — every test green but CI red
Closed
#496 Increase browser component test coverage to ≥ 80% on all metrics (statements, lines, branches, functions)
Closed
#522 tech-debt(auth): replace cookie-promotion glue with a proper session-based auth model
Closed
#520 bug(security): browser-side /api/* requests miss Authorization in production → browser shows Basic-auth popup
Closed
#518 bug(user): UserDataInitializer blind-INSERTs Administrators group; fails on retry (HIGH, prod-blocking)
Closed
#512 bug(caddy): respond @actuator 404 swallowed by catch-all handle; /actuator/health returns 302
Closed
#513 bug(user): admin seed ignores APP_ADMIN_USERNAME / PASSWORD — falls back to defaults (HIGH, prod-blocking)
Closed
#514 bug(frontend): SvelteKit prerender-crawl bakes redirect-to-login into static HTML for protected routes (HIGH, prod-blocking)
Closed
#510 bug(compose): up -d --wait treats create-buckets exit(0) as failure
Closed
#508 bug(workflows): deploy workflows use runs-on: self-hosted but runner advertises ubuntu-latest — jobs never picked up
Closed
#506 bug(infra/minio): create-buckets bootstrap.sh bind-mount fails on DooD runner (Is a directory)
Closed
#503 bug(infra/fail2ban): jail defaults to systemd backend on Debian, never inspects Caddy access log
Closed
#497 devops: production deployment — Caddy, staging env, and Gitea Actions CI/CD
Closed
#367 security(transcription): CWE-79 — escapeHtml required for @mention rendering in PR-B
Closed
#425 fix(test): make browser-project tests contribute to coverage measurement
Closed
#468 fix(documents): paginate FTS match-set in SQL instead of loading all matching IDs
Closed
#470 fix(db): add indexes on documents.sender_id and document_comments.author_id
Closed
#423 fix(test): resolve pre-existing TranscriptionEditView and Richtlinien test failures
Closed
#115 fix(ui): replace localStorage panel state restore with SvelteKit snapshot API to eliminate flash on load
Closed
#354 fix(a11y): increase annotation toggle touch target to 44×44px minimum
Closed
#476 fix(ci): two persistent CI failures — date-buckets timezone + Testcontainers Docker
Closed
#471 fix(user): replace Math.abs(hashCode()) in AppUser.computeColor (negative on Integer.MIN_VALUE)
Closed
#473 fix(api): add explicit @PathVariable name on transcription-block comment endpoints
Closed
#469 fix(db): add primary key to group_permissions to prevent duplicate grants
Closed
#482 fix(documents): filter inputs don't sync with URL — Sender/Receiver blank on load, fields don't clear on reset
Closed
#472 fix(build): unbreak production build — /hilfe/transkription prerender unreachable behind /login
Closed
#483 fix(dashboard): align reader dashboard with reader-dashboard-final spec
Closed
#447 feat(dashboard): permission-gated reader dashboard for READ_ALL / BLOG_WRITE users
Closed
#385 feat(documents): timeline date-range filter with density bars
Closed
#454 feat(chronik): add commentPreview field to ActivityFeedItemDTO
Closed
#416 audit(legibility): re-run readiness scorecard; ratify "ready for evaluation"
Closed
#411 epic(legibility): polish — remove smells surfaced by audits
Closed
#415 cleanup(legibility): repo hygiene — proofshot retention, ignore .agent/.worktrees
Closed
#414 cleanup(legibility): rename Helper/Utils/Manager violators to express intent
Closed
#413 cleanup(legibility): rewrite vague comments; remove "ask Marcel" markers
Closed
#412 cleanup(legibility): remove dead code identified by audits
Closed
#451 Add database ER and ORM diagrams (PlantUML)
Closed
#394 epic(legibility): documentation — make the codebase self-explaining
Closed
#401 docs(legibility): migrate CLAUDE.md rules into human docs; mark migrated content
Closed
#400 docs(legibility): add per-domain README.md inside every domain package
Closed
#399 docs(legibility): write docs/DEPLOYMENT.md (production runtime + env vars)
Closed
#398 docs(legibility): write CONTRIBUTING.md with three concrete walkthroughs
Closed
#396 docs(legibility): write docs/ARCHITECTURE.md with diagram and domain list
Closed
#395 docs(legibility): write human-targeted README.md at repo root
Closed
#397 docs(legibility): write docs/GLOSSARY.md disambiguating overloaded terms
Closed
#438 docs(legibility): migrate CLAUDE.md rules to human docs via pointer comments (DOC-7)
Closed
#437 docs(legibility): write 18 README.md files for canonical domain packages (DOC-6)
Closed
#436 docs(legibility): write docs/DEPLOYMENT.md as Day-1 production checklist (DOC-5)
Closed
#435 docs(legibility): write CONTRIBUTING.md with three walkthroughs and Testing section (DOC-4)
Closed
#434 docs(legibility): write docs/GLOSSARY.md disambiguating overloaded terms (DOC-3)
Closed
#433 docs(legibility): write docs/ARCHITECTURE.md with diagram, domains, security model (DOC-2)
Closed
#432 docs(legibility): write human-targeted root README.md (DOC-1)
Closed
#405 test(legibility): verify e2e suite covers every critical user journey
Closed
#404 test(legibility): rewrite tautological tests revealed by TEST-1
Closed
#403 test(legibility): mutation-test critical backend service tests; flag tautologies
Closed
#402 epic(legibility): pre-flight — make tests trustworthy before big-bang refactor
Closed
#390 audit(ocr-service): score ocr-service/ against legibility rubric C1–C10
Closed
#389 audit(backend): score backend/ against legibility rubric C1–C10
Closed
#388 audit(frontend): score frontend/ against legibility rubric C1–C10
Closed
#387 epic(legibility): audit — assess current state of every subsystem
Closed
#391 audit(db): score Flyway migrations + DB schema against legibility rubric
Closed
#392 audit(rest): score infra/, scripts/, root, docs/ against legibility rubric
Closed
#393 audit(rollup): produce global readiness scorecard from subsystem audits
Closed
#406 epic(legibility): big-bang restructure — backend layer→domain, frontend lib→domain
Closed
#410 refactor(frontend): add ESLint rule preventing cross-domain imports
Closed
#409 refactor(backend): add ArchUnit test enforcing domain boundaries
Closed
#408 refactor(frontend): restructure lib/ from flat-by-type to domain-based
Closed
#407 refactor(backend): restructure from layer-based to domain-based packaging
Closed
#417 fix(backend): resolve cross-domain repo + controller→repo violations before REFACTOR-1
Closed
#418 decide(backend): resolve users-table / AppUser-entity naming mismatch before REFACTOR-1
Closed
#370 feat(person-mention): discoverability hint for the @ trigger in the editor
Closed
#381 feat: Geschichten — blog-like family memory stories linked to persons and documents
Closed
#362 feat: Person @mentions in transcription blocks with hover card
Closed
#376 feat: auto-open transcription panel when navigating from mission-control cards
Closed
#374 GET /api/persons leaks PersonSummaryDTO.notes to typeahead clients (CWE-200)
Closed
#372 Person mention: decouple display text from person name to preserve original wording
Closed
#358 feat: Stammbaum — family relationship graph replaces Briefwechsel in nav
Closed
#313 test(briefwechsel): capture visual-regression baselines for the row layout
Closed
#266 fix(ocr): regenerate TypeScript types so TriggerSenderTrainingDTO.personId is non-optional
Closed
#224 feat: show top conversation pairs on briefwechsel entry state
Closed
#338 feat(briefwechsel): discovery landing grid + gap markers
Closed
#345 feat(transcription): add "Alle als fertig markieren" bulk action to transcription panel
Closed
#343 bug(persons): person selection dropdown is visually clipped / cut off
Closed
#339 feat(viewer): show delete icon directly on transcription annotation
Closed
#342 feat(persons): show merge action inline with danger hint, remove Gefahrenzone collapsible
Closed
#340 feat(search): add direct page-jump control to document search pagination
Closed
#341 bug(viewer): "Annotieren anzeigen" text has insufficient contrast in light mode
Closed
#344 feat(nav): add tooltip and cursor:pointer to notification bell icon
Closed
#336 feat(audit): track user management events in audit log (USER_CREATED, USER_DELETED, GROUP_MEMBERSHIP_CHANGED)
Closed
#218 feat(ui): surface title & personType fields in person forms and detail card
Closed
#325 feat(tags): split flat tag taxonomy into documentType + event + freeform dimensions
Closed
#225 feat: bulk metadata edit for existing documents (select → panel → PATCH)
Closed
#317 feat(documents): bulk upload — split-panel with file switcher
Closed
#320 feat(transcribe): guided empty state + Kurrent primer for first-time transcribers
Closed
#315 feat(documents): paginate /documents search so first paint isn't 1500 rows
Closed
#294 As a user creating a new document I want the same split-panel edit view as on existing documents, so I can enter metadata next to the file preview
Closed
#309 As a user I want the dashboard resume strip to show the actual document thumbnail so I recognize what I was working on at a glance
Closed
#305 feature(briefwechsel): thumbnail rows with summary quote and bilateral distribution bar
Closed
#204 Transcription block saves silently lost when navigating away in production
Closed
#307 feature: PDF-Thumbnails für Dokumente (Upload + Admin-Backfill)
Closed
#203 Notification SSE stream retries infinitely when session expires
Closed
#152 bug: HikariCP connection pool exhaustion causes backend outages
Closed
#202 Memory leaks when navigating between documents -- blob URLs never revoked
Closed
#185 fix(nav): replace static back-link hrefs with history.back() + fallback
Closed
#293 feat(dashboard): add kinds CSV query param to /api/dashboard/activity
Closed
#291 observability: add /api/dashboard/activity p95 latency panel to Grafana
Closed
#300 feat: chronik mentions should deep-link to the comment, matching the bell dropdown
Closed
#276 bug: notification deep-link does not scroll to comment on document detail page
Closed
#295 bug: REPLY notifications not surfaced in Chronik "Für dich" feed
Closed
#296 As a user I want to see uploaded documents needing metadata on the dashboard so I can continue enriching after a batch upload
Closed
#285 feat: unify /notifications and dashboard activity feed into a /chronik page
Closed
#280 fix(dashboard): audit_log never written + hero blind to annotation-only work
Closed
#283 feat: restore sender/receiver grouping on /documents when sorting by SENDER or RECEIVER
Closed
#281 feat: dedicated /documents search & browse page
Closed
#277 bug: deleting a user in the admin panel does nothing
Closed
#271 feat(dashboard): redesign Dokumente dashboard as a document hub (Variant A)
Closed
#247 feat: Mission Control Strip — "offen" total count per column
Closed
#246 feat: Mission Control Strip — contributor avatars per queue item
Closed
#274 feat(audit): domain-level audit log for archive activity
Closed
#269 feat: invite-based self-service registration
Closed
#270 feat: migrate from username to email-only authentication
Closed
#261 feat(enrich): field reordering, required-fields progress bar, and no-PDF upload state
Closed
#264 feat(admin): OCR admin pages — overview & model detail
Closed
#253 feat(ocr): per-sender specialized Kurrent models with automatic active-learning retraining
Closed
#254 feat(ocr): German spell-check post-processing to reduce handwriting gibberish
Closed
#256 feat(ocr): two-phase progress indicator distinguishing preprocessing from OCR analysis
Closed
#252 feat(ocr): add image preprocessing pipeline to improve transcription quality on aged documents
Closed
#250 feat(tag-typeahead): tree-aware results — expand children & surface ancestor path
Closed
#248 feat: Admin tag page complete overhaul — hierarchy tree, parent picker, merge, delete guard
Closed
#221 feat: improved tag system — AND/OR filtering and tag hierarchy
Closed
#240 As a family member I want to see which documents need transcription and which are ready to read so I know where to contribute
Closed
#219 feat: show search result snippets with match highlighting
Closed
#195 Unify click-outside handling to use existing clickOutside action
Closed
#194 Extract shared utility functions to eliminate duplication
Closed
#193 Delete dead conversations/ route (old Korrespondenz page)
Closed
#201 Minor structural improvements — notification rows, admin list panels, search filters, icons
Closed
#199 Split TranscriptionEditView.svelte (332 lines) — extract auto-save + drag-drop modules
Closed
#200 Split NotificationBell.svelte (316 lines) — extract dropdown + SSE stream module
Closed
#197 Split EntityNav.svelte (516 lines) into section + item subcomponents
Closed
#198 Split CommentThread.svelte (310 lines) — extract CommentMessage component
Closed
#196 Split PdfViewer.svelte (469 lines) into renderer module + controls component
Closed
#222 feat: upgrade search from ILIKE to PostgreSQL full-text search
Closed
#220 feat: add year/group headers in search results when sorted by date
Closed
#233 feat(annotations): allow user to resize and move annotation boxes after drawing
207 Issues created by 1 user
Opened
#239 devops: add docker-compose.prod.yml overlay for production deployment
Opened
#240 As a family member I want to see which documents need transcription and which are ready to read so I know where to contribute
Opened
#246 feat: Mission Control Strip — contributor avatars per queue item
Opened
#247 feat: Mission Control Strip — "offen" total count per column
Opened
#248 feat: Admin tag page complete overhaul — hierarchy tree, parent picker, merge, delete guard
Opened
#250 feat(tag-typeahead): tree-aware results — expand children & surface ancestor path
Opened
#252 feat(ocr): add image preprocessing pipeline to improve transcription quality on aged documents
Opened
#253 feat(ocr): per-sender specialized Kurrent models with automatic active-learning retraining
Opened
#254 feat(ocr): German spell-check post-processing to reduce handwriting gibberish
Opened
#256 feat(ocr): two-phase progress indicator distinguishing preprocessing from OCR analysis
Opened
#257 devops(ocr): improve startup error clarity for invalid CLAHE env vars
Opened
#258 test(ocr): add integration test for full streaming pipeline with a real image
Opened
#259 feat(ocr): feedback loop to improve spell-check dictionary from user corrections
Opened
#261 feat(enrich): field reordering, required-fields progress bar, and no-PDF upload state
Opened
#262 test(ocr): add integration tests for spell-check routing in main.py
Opened
#264 feat(admin): OCR admin pages — overview & model detail
Opened
#266 fix(ocr): regenerate TypeScript types so TriggerSenderTrainingDTO.personId is non-optional
Opened
#268 test(enrich): E2E coverage for WhoWhenSection autofocus and upload cancel flow
Opened
#269 feat: invite-based self-service registration
Opened
#270 feat: migrate from username to email-only authentication
Opened
#271 feat(dashboard): redesign Dokumente dashboard as a document hub (Variant A)
Opened
#274 feat(audit): domain-level audit log for archive activity
Opened
#276 bug: notification deep-link does not scroll to comment on document detail page
Opened
#277 bug: deleting a user in the admin panel does nothing
Opened
#280 fix(dashboard): audit_log never written + hero blind to annotation-only work
Opened
#281 feat: dedicated /documents search & browse page
Opened
#283 feat: restore sender/receiver grouping on /documents when sorting by SENDER or RECEIVER
Opened
#285 feat: unify /notifications and dashboard activity feed into a /chronik page
Opened
#286 refactor(notification-bell): use SvelteKit form actions instead of raw fetch
Opened
#287 As a user I want count-based messages to be grammatically correct so the UI reads naturally in every supported language
Opened
#289 As a user I want a navigation progress bar so I can see that the app is loading after I click a link
Opened
#290 feat(chronik): add cursor/offset pagination to /api/dashboard/activity + wire "Mehr laden"
Opened
#291 observability: add /api/dashboard/activity p95 latency panel to Grafana
Opened
#292 As a user I want route-specific skeleton loaders so I see the page layout while data is still being fetched
Opened
#293 feat(dashboard): add kinds CSV query param to /api/dashboard/activity
Opened
#294 As a user creating a new document I want the same split-panel edit view as on existing documents, so I can enter metadata next to the file preview
Opened
#295 bug: REPLY notifications not surfaced in Chronik "Für dich" feed
Opened
#296 As a user I want to see uploaded documents needing metadata on the dashboard so I can continue enriching after a batch upload
Opened
#300 feat: chronik mentions should deep-link to the comment, matching the bell dropdown
Opened
#305 feature(briefwechsel): thumbnail rows with summary quote and bilateral distribution bar
Opened
#306 feature(persons): Korrespondenz-Überblick dashboard on /persons/[id]
Opened
#307 feature: PDF-Thumbnails für Dokumente (Upload + Admin-Backfill)
Opened
#309 As a user I want the dashboard resume strip to show the actual document thumbnail so I recognize what I was working on at a glance
Opened
#310 As a user I want to generate a summary and suggest tags from the transcription so I don't have to do both by hand
Opened
#312 refactor(ui): use bg-surface token instead of bg-white on thumbnail tiles
Opened
#313 test(briefwechsel): capture visual-regression baselines for the row layout
Opened
#315 feat(documents): paginate /documents search so first paint isn't 1500 rows
Opened
#317 feat(documents): bulk upload — split-panel with file switcher
Opened
#318 feat(mobile): reader surfaces (Home · /documents · /briefwechsel · /persons) pass mobile-first bar at 375 px
Opened
#319 fix(i18n): translate viewer + Transcribe panel controls so EN/ES locales do not show German labels
Opened
#320 feat(transcribe): guided empty state + Kurrent primer for first-time transcribers
Opened
#321 feat(transcribe): show visible per-document transcription progress in the panel header
Opened
#322 fix(document-viewer): surface error + retry when file load stalls instead of spinning forever
Opened
#323 feat(persons): visually distinguish incomplete placeholder persons + filter by completeness on /persons
Opened
#324 feat(admin): /admin lands on a real dashboard instead of redirecting to /admin/users
Opened
#325 feat(tags): split flat tag taxonomy into documentType + event + freeform dimensions
Opened
#326 feat(admin): informative empty states on master-detail pages (Users · Groups · Tags · Invites)
Opened
#327 feat(transcribe): keyboard shortcuts for the transcribe power path + cheatsheet overlay
Opened
#328 feat(login): add show/hide password toggle on the sign-in form
Opened
#332 refactor: bulk-edit follow-ups deferred from PR #331
Opened
#334 feat(admin): Storage panel on admin dashboard — MinIO admin API integration
Opened
#335 feat(admin): activity panel on admin dashboard — system-wide weekly contribution counts
Opened
#336 feat(audit): track user management events in audit log (USER_CREATED, USER_DELETED, GROUP_MEMBERSHIP_CHANGED)
Opened
#338 feat(briefwechsel): discovery landing grid + gap markers
Opened
#339 feat(viewer): show delete icon directly on transcription annotation
Opened
#340 feat(search): add direct page-jump control to document search pagination
Opened
#341 bug(viewer): "Annotieren anzeigen" text has insufficient contrast in light mode
Opened
#342 feat(persons): show merge action inline with danger hint, remove Gefahrenzone collapsible
Opened
#343 bug(persons): person selection dropdown is visually clipped / cut off
Opened
#344 feat(nav): add tooltip and cursor:pointer to notification bell icon
Opened
#345 feat(transcription): add "Alle als fertig markieren" bulk action to transcription panel
Opened
#353 test(a11y): add axe-playwright E2E gate for PDF viewer WCAG 2.1 AA compliance
Opened
#354 fix(a11y): increase annotation toggle touch target to 44×44px minimum
Opened
#355 feat(transcription): E2E test for bulk "Alle als fertig markieren" action
Opened
#356 ux(transcription): show error toast when bulk "Alle als fertig markieren" fails
Opened
#357 chore(transcription): track handleAnnotationDeleteRequest wiring from PR #352
Opened
#358 feat: Stammbaum — family relationship graph replaces Briefwechsel in nav
Opened
#359 feat: Stammbaum — Mode B social network view (D3-Force, all persons)
Opened
#361 tech-debt: replace Stammbaum DIY layout with a graph-layout dep (dagre) when it stops scaling
Opened
#362 feat: Person @mentions in transcription blocks with hover card
Opened
#363 devops: add Playwright E2E job to CI for stammbaum spec
Opened
#364 feat(stammbaum): show maiden name (geb. Schmidt) below person name in tree and side panel
Opened
#367 security(transcription): CWE-79 — escapeHtml required for @mention rendering in PR-B
Opened
#368 feat(persons): audit + complete person-merge flow for all data domains
Opened
#370 feat(person-mention): discoverability hint for the @ trigger in the editor
Opened
#372 Person mention: decouple display text from person name to preserve original wording
Opened
#374 GET /api/persons leaks PersonSummaryDTO.notes to typeahead clients (CWE-200)
Opened
#376 feat: auto-open transcription panel when navigating from mission-control cards
Opened
#380 feat(transcription): decouple @mention display text from person search
Opened
#381 feat: Geschichten — blog-like family memory stories linked to persons and documents
Opened
#383 refactor(geschichte): switch entity to LAZY fetch and add GeschichteSummary projection DTO
Opened
#384 test(e2e): expand Geschichten Playwright suite with full a11y + visual regression coverage
Opened
#385 feat(documents): timeline date-range filter with density bars
Opened
#386 feat(documents): calendar view with appointment-style document rows
Opened
#387 epic(legibility): audit — assess current state of every subsystem
Opened
#388 audit(frontend): score frontend/ against legibility rubric C1–C10
Opened
#389 audit(backend): score backend/ against legibility rubric C1–C10
Opened
#390 audit(ocr-service): score ocr-service/ against legibility rubric C1–C10
Opened
#391 audit(db): score Flyway migrations + DB schema against legibility rubric
Opened
#392 audit(rest): score infra/, scripts/, root, docs/ against legibility rubric
Opened
#393 audit(rollup): produce global readiness scorecard from subsystem audits
Opened
#394 epic(legibility): documentation — make the codebase self-explaining
Opened
#395 docs(legibility): write human-targeted README.md at repo root
Opened
#396 docs(legibility): write docs/ARCHITECTURE.md with diagram and domain list
Opened
#397 docs(legibility): write docs/GLOSSARY.md disambiguating overloaded terms
Opened
#398 docs(legibility): write CONTRIBUTING.md with three concrete walkthroughs
Opened
#399 docs(legibility): write docs/DEPLOYMENT.md (production runtime + env vars)
Opened
#400 docs(legibility): add per-domain README.md inside every domain package
Opened
#401 docs(legibility): migrate CLAUDE.md rules into human docs; mark migrated content
Opened
#402 epic(legibility): pre-flight — make tests trustworthy before big-bang refactor
Opened
#403 test(legibility): mutation-test critical backend service tests; flag tautologies
Opened
#404 test(legibility): rewrite tautological tests revealed by TEST-1
Opened
#405 test(legibility): verify e2e suite covers every critical user journey
Opened
#406 epic(legibility): big-bang restructure — backend layer→domain, frontend lib→domain
Opened
#407 refactor(backend): restructure from layer-based to domain-based packaging
Opened
#408 refactor(frontend): restructure lib/ from flat-by-type to domain-based
Opened
#409 refactor(backend): add ArchUnit test enforcing domain boundaries
Opened
#410 refactor(frontend): add ESLint rule preventing cross-domain imports
Opened
#411 epic(legibility): polish — remove smells surfaced by audits
Opened
#412 cleanup(legibility): remove dead code identified by audits
Opened
#413 cleanup(legibility): rewrite vague comments; remove "ask Marcel" markers
Opened
#414 cleanup(legibility): rename Helper/Utils/Manager violators to express intent
Opened
#415 cleanup(legibility): repo hygiene — proofshot retention, ignore .agent/.worktrees
Opened
#416 audit(legibility): re-run readiness scorecard; ratify "ready for evaluation"
Opened
#417 fix(backend): resolve cross-domain repo + controller→repo violations before REFACTOR-1
Opened
#418 decide(backend): resolve users-table / AppUser-entity naming mismatch before REFACTOR-1
Opened
#423 fix(test): resolve pre-existing TranscriptionEditView and Richtlinien test failures
Opened
#424 refactor(frontend): move statusDotClass/statusLabel from person/ to document/
Opened
#425 fix(test): make browser-project tests contribute to coverage measurement
Opened
#427 refactor(backend): ArchUnit Rule 5 — enforce controller @RequestMapping URL prefix per domain
Opened
#431 test(e2e): follow-up gaps from legibility pre-flight (#402)
Opened
#432 docs(legibility): write human-targeted root README.md (DOC-1)
Opened
#433 docs(legibility): write docs/ARCHITECTURE.md with diagram, domains, security model (DOC-2)
Opened
#434 docs(legibility): write docs/GLOSSARY.md disambiguating overloaded terms (DOC-3)
Opened
#435 docs(legibility): write CONTRIBUTING.md with three walkthroughs and Testing section (DOC-4)
Opened
#436 docs(legibility): write docs/DEPLOYMENT.md as Day-1 production checklist (DOC-5)
Opened
#437 docs(legibility): write 18 README.md files for canonical domain packages (DOC-6)
Opened
#438 docs(legibility): migrate CLAUDE.md rules to human docs via pointer comments (DOC-7)
Opened
#447 feat(dashboard): permission-gated reader dashboard for READ_ALL / BLOG_WRITE users
Opened
#451 Add database ER and ORM diagrams (PlantUML)
Opened
#453 refactor(admin): dedicated /api/admin/stats endpoint returning counts only
Opened
#454 feat(chronik): add commentPreview field to ActivityFeedItemDTO
Opened
#457 security(deps): bump Spring Boot to 4.0.6 to clear 2 CRIT + 17 HIGH CVEs
Opened
#458 security(deps): bump @sveltejs/kit + vite to clear BODY_SIZE_LIMIT bypass + 5 high devDep CVEs
Opened
#459 security(ocr): run OCR container as non-root user (CIS Docker §4.1)
Opened
#460 security(history): scrub admin:admin123 from .claude/skills/transcribe/SKILL.md git history
Opened
#461 devops(ci): add SAST/SCA/secret-scan/container-scan gates to .gitea/workflows/ci.yml
Opened
#462 feat(observability): add handleError hook with structured stdout sink
Opened
#463 feat(resilience): wrap OCR client with Resilience4j retry + circuit-breaker + time-limiter
Opened
#464 security(uploads): integrate ClamAV scan before persisting documents to MinIO
Opened
#465 refactor(frontend): replace raw fetch with event.fetch in admin/enrich routes (handleFetch bypass)
Opened
#466 refactor(api): migrate GlobalExceptionHandler to RFC 9457 ProblemDetail
Opened
#467 refactor(document): switch Document.tags + receivers + trainingLabels to LAZY + @EntityGraph
Opened
#468 fix(documents): paginate FTS match-set in SQL instead of loading all matching IDs
Opened
#469 fix(db): add primary key to group_permissions to prevent duplicate grants
Opened
#470 fix(db): add indexes on documents.sender_id and document_comments.author_id
Opened
#471 fix(user): replace Math.abs(hashCode()) in AppUser.computeColor (negative on Integer.MIN_VALUE)
Opened
#472 fix(build): unbreak production build — /hilfe/transkription prerender unreachable behind /login
Opened
#473 fix(api): add explicit @PathVariable name on transcription-block comment endpoints
Opened
#474 cleanup(ocr): use %n instead of \n in TrainingDataExportService format string
Opened
#476 fix(ci): two persistent CI failures — date-buckets timezone + Testcontainers Docker
Opened
#479 feat(documents): keyboard-accessible range zoom for timeline
Opened
#480 test(documents): timeline density Playwright coverage
Opened
#481 perf(documents): move density aggregation into SQL when documents > 50k
Opened
#482 fix(documents): filter inputs don't sync with URL — Sender/Receiver blank on load, fields don't clear on reset
Opened
#483 fix(dashboard): align reader dashboard with reader-dashboard-final spec
Opened
#496 Increase browser component test coverage to ≥ 80% on all metrics (statements, lines, branches, functions)
Opened
#497 devops: production deployment — Caddy, staging env, and Gitea Actions CI/CD
Opened
#498 devops: production observability stack — Prometheus, Loki, Grafana, Alertmanager
Opened
#500 devops: bootstrap Renovate config for production deps (MinIO, mc, Postgres, Node, Caddy, mailpit)
Opened
#501 test(ci): production image smoke-test job — boot frontend + backend images, curl /login
Opened
#502 devops: nightly backup pipeline — pg_dump + mc mirror over Tailscale to heim-nas
Opened
#503 bug(infra/fail2ban): jail defaults to systemd backend on Debian, never inspects Caddy access log
Opened
#506 bug(infra/minio): create-buckets bootstrap.sh bind-mount fails on DooD runner (Is a directory)
Opened
#508 bug(workflows): deploy workflows use runs-on: self-hosted but runner advertises ubuntu-latest — jobs never picked up
Opened
#510 bug(compose): up -d --wait treats create-buckets exit(0) as failure
Opened
#512 bug(caddy): respond @actuator 404 swallowed by catch-all handle; /actuator/health returns 302
Opened
#513 bug(user): admin seed ignores APP_ADMIN_USERNAME / PASSWORD — falls back to defaults (HIGH, prod-blocking)
Opened
#514 bug(frontend): SvelteKit prerender-crawl bakes redirect-to-login into static HTML for protected routes (HIGH, prod-blocking)
Opened
#518 bug(user): UserDataInitializer blind-INSERTs Administrators group; fails on retry (HIGH, prod-blocking)
Opened
#520 bug(security): browser-side /api/* requests miss Authorization in production → browser shows Basic-auth popup
Opened
#522 tech-debt(auth): replace cookie-promotion glue with a proper session-based auth model
Opened
#523 feat(auth): server-side session model replacing Basic-auth cookie promotion
Opened
#524 feat(auth): defense-in-depth — CSRF, session revocation, login rate limit
Opened
#527 "Unsaved changes" banner appears after creating a group/user — users think save failed
Opened
#528 security(import): harden DocumentBuilderFactory against XXE in MassImportService
Opened
#529 security(import): validate PDF magic bytes in MassImportService before S3 upload
Opened
#530 security(import): reject path-traversal filenames from ODS in MassImportService.processRows
Opened
#531 ci(nightly): post-deploy smoke test for /api/admin/import-status
Opened
#532 ci(nightly): assert backend container can read /import after deploy
Opened
#533 ui(admin/system): improve mass-import status card (loading state, i18n, font size)
Opened
#534 spec(import): decide and document mass-import operator policy (3 open questions)
Opened
#535 Unit & Component Tests job exits 1 from vitest-browser teardown race — every test green but CI red
Opened
#538 bug(test): flaky browser-mode test — admin edit-user unsaved-changes guard
Opened
#539 ci: extract Reload Caddy step into a composite action
Opened
#541 test: fix flaky browser-mode tests in AnnotationShape and OcrTrainingCard specs
Opened
#542 test: share fakePdfjs fixture across viewer test files
Opened
#543 UX: PDF viewer has no loading indicator or error state when pdfjs-dist fails to initialise
Opened
#545 fix(test): NotificationDropdown "view-all link" test causes iframe navigation crash in CI
Opened
#546 test: PdfViewer.svelte.test.ts re-introduces banned vi.mock('pdfjs-dist') factory — restores birpc teardown race
Opened
#551 fix(test): NotificationDropdown view-all click navigates iframe — breaks vitest coverage
Opened
#553 Unit & Component Tests job exits 1 — birpc teardown race resurfaces from async vi.mock factory with dynamic import
Opened
#554 audit: factory mocks → prop injection migration (sveltest pattern)
Opened
#556 ci(coverage): drop client-project branches threshold 80 → 70 to unblock CI
Opened
#557 ci(devops): downgrade actions/upload-artifact v4 → v3 (re-regression — needs ADR to prevent future re-upgrade)
Opened
#560 audit report: factory vi.mock → prop-injection / __mocks__ migration (87 call sites, 12 modules)
Opened
#566 feat(admin): assign groups when creating an invite link
21 Unresolved Conversations
Open
#83
fix(security): remove hardcoded fallback admin credentials in application.yaml
Open
#84
fix(security): validate file upload MIME type from magic bytes, not client header
Open
#140
Add Prometheus + Loki + Grafana monitoring stack
Open
#142
Add build-and-push and deploy jobs to CI workflow
Open
#124
Add Playwright visual regression tests at 320px, 768px, and 1440px breakpoints
Open
#87
fix(security): explicitly restrict Spring Boot Actuator endpoints in production config
Open
#134
Build production-ready multi-stage Dockerfile for the backend
Open
#135
Build production-ready multi-stage Dockerfile for the frontend
Open
#137
Add application-prod.yaml with secure Spring Boot production defaults
Open
#138
Add automated PostgreSQL backup script with offsite upload
Open
#139
Create .env.example and DEPLOYMENT.md for production onboarding
Open
#141
Add Hetzner VPS to Tailscale tailnet for private deployment access
Open
#116
fix(security): add Content-Security-Policy headers to SvelteKit responses
Open
#111
fix(security): add rate limiting to login and password-reset endpoints
Open
#86
fix(security): set secure: true on auth cookie for production (HTTPS)
Open
#95
bug(mobile): "SAVE & MARK AS REVIEWED" and "MARK FOR REVIEW" buttons wrap to 3 lines at narrow widths
Open
#117
fix(a11y): add skip-to-main-content link in layout for keyboard navigation
Open
#216
feat: support multiple senders per document
Open
#51
As a user I want to split a combined person entry into separate persons so I can clean up incorrectly merged import data
Open
#214
feat(parser): support multi-person splitting for Von-column entries
Open
#223
feat: add sorting options to person list page