4 Commits

Author	SHA1	Message	Date
Marcel	5da78e5e30	docs(architecture): update CSRF section and add CSRF_TOKEN_MISSING / TOO_MANY_LOGIN_ATTEMPTS error codes ... - Remove stale "CSRF protection is disabled" claim; describe the double-submit cookie pattern now in use (CookieCsrfTokenRepository + X-XSRF-TOKEN header) - Link to ADR-022 for the full rationale - Add CSRF_TOKEN_MISSING and TOO_MANY_LOGIN_ATTEMPTS to the exception row Fixes Markus's blocker. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-19 09:23:01 +02:00
Marcel	e2632a556d	docs: align ErrorCode 4-step checklist in CLAUDE.md; note frontend sync in ARCHITECTURE.md ... Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-14 19:26:53 +02:00
Marcel	69b564b34b	docs(legibility): fix three factual errors in ARCHITECTURE.md ... - Add ANNOTATE_ALL to the Permission enum listing (was missing) - Fix transcription block autosave endpoint: PUT not PATCH, correct path /api/documents/{documentId}/transcription-blocks/{blockId} - Clarify auth injection: hooks.server.ts handleFetch injects the Authorization header, not the SvelteKit action directly Refs #396 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-06 07:30:48 +02:00
Marcel	fc53038af2	docs(legibility): write docs/ARCHITECTURE.md ... Human-targeted architecture doc: high-level diagram, 7 Tier-1 + 2 Tier-2 domains, cross-cutting layer, stack-symmetry principle, 6 ADR summaries, layering rule, permission system, and two data-flow walkthroughs (document upload, transcription block autosave). Closes #396 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-06 07:30:48 +02:00