feat: dashboard enrichment-list-block after batch upload (#296) #298

Merged

marcel merged 19 commits from feat/issue-296-enrichment-list-block into main 2026-04-21 08:59:32 +02:00

Conversation 13 Commits 19 Files Changed 24 +753 -59

marcel commented 2026-04-20 22:27:48 +02:00

Owner

Copy Link

Closes #296.

Summary

Restores the enrichment list block on the dashboard so seniors have a visible next step after a batch upload. Re-adds the deleted /api/documents/incomplete endpoint, gates it (and the two existing /incomplete* siblings) behind WRITE_ALL, drops a post-upload banner with a CTA into /enrich, and wires the whole thing into +page.svelte between Resume strip and Mission Control.

Changes

• Backend — re-added GET /api/documents/incomplete (deleted in ddd811c6), capped server-side at 200, retrofitted @RequirePermission(WRITE_ALL) on /incomplete-count, /incomplete, and /incomplete/next (CWE-285 gap Nora flagged). IncompleteDocumentDTO now carries uploadedAt for the relative-time meta line.
• Frontend — new EnrichmentBlock, UploadSuccessBanner, and $lib/relativeTime.ts helper; redesigned DashboardNeedsMetadata with topDocs + totalCount props + chevron row anatomy; DropZone emits onUploadComplete(count) so the dashboard can lift banner state without a store.
• i18n — three new Paraglide keys across de/en/es (upload_banner_singular/plural/cta/close, dashboard_needs_metadata_show_all_count).
• Tests — 24 new unit specs (relativeTime, DashboardNeedsMetadata, UploadSuccessBanner, EnrichmentBlock, DropZone callback), extended DocumentControllerTest/DocumentServiceTest (6 new backend tests), new Playwright spec covering upload → banner → /enrich plus axe sweep at 320/768/1440 × light/dark.

Decisions honoured (#3723)

• WRITE_ALL on all three /incomplete* endpoints.
• Kept existing paths (no refactor).
• Skeleton reserves 360px during $navigating to prevent layout shift.
• Playwright matrix: 320 / 768 / 1440.

Deviations (documented in plan)

• uploadedAt is LocalDateTime (not Instant) to match existing DTO convention (NotificationDTO, DocumentVersionSummary, InviteListItemDTO).
• Kept a minimal generic document icon in each row (PDF-only archive per correction #3721 allows either icon or nothing — picked the visual anchor).

Test plan

• Backend: ./mvnw test (1194/1194 green).
• Frontend unit: vitest src/lib/components/{DashboardNeedsMetadata,UploadSuccessBanner,EnrichmentBlock} + src/lib/relativeTime + src/routes/DropZone + src/routes/page.server — all green.
• E2E: new dashboard-enrichment-block.spec.ts written and queued for CI. Local run blocked by a pre-existing auth.setup.ts bug (looks for "Benutzername" label, login form uses "E-Mail-Adresse") — unrelated to this PR.
• Lint + format green on every commit.

🤖 Generated with Claude Code

Closes #296. ## Summary Restores the enrichment list block on the dashboard so seniors have a visible next step after a batch upload. Re-adds the deleted `/api/documents/incomplete` endpoint, gates it (and the two existing `/incomplete*` siblings) behind `WRITE_ALL`, drops a post-upload banner with a CTA into `/enrich`, and wires the whole thing into `+page.svelte` between Resume strip and Mission Control. ## Changes - **Backend** — re-added `GET /api/documents/incomplete` (deleted in `ddd811c6`), capped server-side at 200, retrofitted `@RequirePermission(WRITE_ALL)` on `/incomplete-count`, `/incomplete`, and `/incomplete/next` (CWE-285 gap Nora flagged). `IncompleteDocumentDTO` now carries `uploadedAt` for the relative-time meta line. - **Frontend** — new `EnrichmentBlock`, `UploadSuccessBanner`, and `$lib/relativeTime.ts` helper; redesigned `DashboardNeedsMetadata` with `topDocs` + `totalCount` props + chevron row anatomy; DropZone emits `onUploadComplete(count)` so the dashboard can lift banner state without a store. - **i18n** — three new Paraglide keys across de/en/es (`upload_banner_singular/plural/cta/close`, `dashboard_needs_metadata_show_all_count`). - **Tests** — 24 new unit specs (relativeTime, DashboardNeedsMetadata, UploadSuccessBanner, EnrichmentBlock, DropZone callback), extended `DocumentControllerTest`/`DocumentServiceTest` (6 new backend tests), new Playwright spec covering upload → banner → `/enrich` plus axe sweep at 320/768/1440 × light/dark. ## Decisions honoured (#3723) - `WRITE_ALL` on all three `/incomplete*` endpoints. - Kept existing paths (no refactor). - Skeleton reserves 360px during `$navigating` to prevent layout shift. - Playwright matrix: 320 / 768 / 1440. ## Deviations (documented in plan) - `uploadedAt` is `LocalDateTime` (not `Instant`) to match existing DTO convention (`NotificationDTO`, `DocumentVersionSummary`, `InviteListItemDTO`). - Kept a minimal generic document icon in each row (PDF-only archive per correction #3721 allows either icon or nothing — picked the visual anchor). ## Test plan - [x] Backend: `./mvnw test` (1194/1194 green). - [x] Frontend unit: vitest `src/lib/components/{DashboardNeedsMetadata,UploadSuccessBanner,EnrichmentBlock}` + `src/lib/relativeTime` + `src/routes/DropZone` + `src/routes/page.server` — all green. - [ ] E2E: new `dashboard-enrichment-block.spec.ts` written and queued for CI. Local run blocked by a pre-existing `auth.setup.ts` bug (looks for "Benutzername" label, login form uses "E-Mail-Adresse") — unrelated to this PR. - [x] Lint + format green on every commit. 🤖 Generated with [Claude Code](https://claude.com/claude-code)

marcel added 15 commits 2026-04-20 22:27:48 +02:00

feat(dto): add uploadedAt to IncompleteDocumentDTO ... d2fc452c1a

Mapper populates uploadedAt from Document.createdAt so the dashboard
enrichment block can show a relative-time meta line ("vor 2 Min.")
per issue #296.

LocalDateTime matches the convention used by NotificationDTO,
DocumentVersionSummary and InviteListItemDTO.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

feat(documents): re-add GET /api/documents/incomplete ... bc3a268f66

Restores the list endpoint removed in ddd811c6 and caps size at 200.
The dashboard enrichment block (issue #296) and /enrich page both
consume it; /enrich was silently 404ing since the deletion.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

feat(documents): gate /incomplete behind WRITE_ALL permission ... 2c5cfcedbc

Only users who can enrich documents should see the queue.
Mirrors the frontend guard in enrich/+page.server.ts and closes the
CWE-285 gap Nora flagged on issue #296.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

test(documents): lock /incomplete size cap at 200 ... 758c708766

Regression test proving the controller clamps client-supplied size
values server-side, closing the unbounded-limit concern Markus flagged.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

feat(documents): retrofit WRITE_ALL guard on /incomplete-count + /incomplete/next ... 47859e5a9b

Closes the CWE-285 gap Nora flagged on issue #296: both endpoints expose
enrichment-queue information that only writers should see. Brings them in
line with the new /incomplete list endpoint and every other write-path
under DocumentController.

Frontend callers (/enrich/[id]/+page.server.ts) already gate on WRITE_ALL
at the route level, so no client-side change is needed.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

chore(frontend): regenerate openapi types for /api/documents/incomplete ... 46fe3655ab

Picks up the restored list endpoint and the new uploadedAt field on
IncompleteDocumentDTO (issue #296).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

feat(frontend): add relativeTimeDe helper for dashboard meta lines ... d5d1a463b8

Pure function with injectable now — lets the dashboard enrichment block
render "vor 2 Min." / "vor 3 Std." / "vor 2 Tagen" without clock-based
test flakiness. Reuses the existing comment_time_minutes / _hours /
_days Paraglide keys, no new translations needed.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

i18n: add upload-banner + enrichment-block keys ... 727569aa32

Singular/plural banner copy, a count-aware "show all" footer link, and
the dismiss aria-label for the new dashboard enrichment-list-block
(issue #296). Covers de / en / es.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

feat(dashboard): redesign needs-metadata with row anatomy + totalCount ... 01e72611f0

Switches to two props — topDocs (max 5, capped by caller) and totalCount —
so the footer link can surface "Alle 12 anzeigen →" even when only 5
items are shown. Each row gets a generic document icon, title, relative
upload time and a chevron, wrapped in a single <a> per the issue spec.

Still returns null when topDocs is empty, keeping the empty dashboard
clean.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

feat(dashboard): add UploadSuccessBanner component ... b29125615f

Transient post-upload banner for issue #296: singular/plural German copy,
aria-live=polite for screen readers, manual X dismiss, 8s auto-dismiss.
"Jetzt ergänzen →" CTA links directly to /enrich so seniors can continue
straight into the enrichment flow after a batch upload.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

feat(dashboard): add EnrichmentBlock wrapper component ... e824e23c8c

Composes UploadSuccessBanner + DashboardNeedsMetadata and reserves a
360px skeleton while \$navigating re-runs the loader with a fresh
incomplete list. Prevents the layout-shift jump after a batch upload
(Leonie's resolved decision #3 on issue #296).

Renders nothing when there is nothing to show — keeps the clean empty
dashboard.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

feat(dropzone): emit onUploadComplete callback with created count ... 90c9ca8708

Optional callback lets the parent route pop a post-upload banner without
lifting state into a store. Dashboard uses it to drive
UploadSuccessBanner (issue #296). Only fires when the server actually
created new documents — duplicates and errors do not trigger it.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

feat(dashboard): wire EnrichmentBlock between Resume strip and Mission Control ... f548128940

Dashboard loader fetches /api/documents/incomplete?size=5 plus the
existing /incomplete-count and surfaces both via data; +page.svelte
renders EnrichmentBlock with the top 5 docs, the total count, and the
bannerCount state bound to DropZone's onUploadComplete callback
(issue #296).

The block returns null when there is nothing to show, so dashboards
without pending uploads stay uncluttered.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

test(e2e): dashboard enrichment block — upload + axe sweep ... 3eda482000

Happy-path journey (upload 2 PDFs → banner → CTA → /enrich) plus axe
sweep at 320/768/1440 × light/dark for the dashboard route. Seeded
docs are cleaned up in afterEach via psql so repeated runs stay green.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

test(dashboard): extend page.server mock chain for incomplete endpoints ... d3f9f8457a

The two "happy path" dashboard load tests now mock the two additional
calls added in f5481289 (/api/documents/incomplete + incomplete-count)
so the Promise.allSettled array resolves fully.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

marcel commented 2026-04-20 22:29:09 +02:00

Author

Owner

Copy Link

🏛️ Markus Keller — Senior Application Architect

Verdict: ✅ Approved

What I checked

• Controller → Service → Repository layering for the new endpoint
• DTO extension shape and boundary discipline
• Whether the dashboard loader grew a module-coupling seam
• Whether EnrichmentBlock composes cleanly without leaking state into +page.svelte

Observations

• Layering is clean. DocumentController.getIncomplete delegates straight to documentService.findIncompleteDocuments(...); no repository touch from the controller, and the cap (Math.min(size, 200)) is at the edge where it belongs. The service mapper stays where it already lived (DocumentService.java:545), so the DTO extension is a one-line touch — no wider ripple.
• DTO boundary respected. IncompleteDocumentDTO stays a record with @Schema(requiredMode = REQUIRED) on every field, which is the codebase convention that drives the TypeScript codegen. I was going to push back on LocalDateTime vs. Instant, but the PR description explicitly calls out the deviation and the reasoning (NotificationDTO, DocumentVersionSummary, InviteListItemDTO all use LocalDateTime). Consistency wins. Good.
• EnrichmentBlock split is exactly what I asked for on the issue. The list-row component stays focused on one visual region; the wrapper owns the skeleton/banner composition. Two nameable regions, two components. Parent +page.svelte remains an orchestrator — no business logic, just bannerCount state and two prop bindings.
• Dashboard loader is now 10 concurrent calls via Promise.allSettled. Still fine — we're nowhere near connection-pool pressure — but this is roughly the limit I'd want before we start thinking about a dashboard-aggregator endpoint. Worth noting for future PRs; not blocking here.

Suggestions (non-blocking)

• frontend/src/routes/+page.server.ts:86 uses incompleteCountResult.value.data?.count as number | undefined. The generated type for /incomplete-count (from api.ts) is Map<String, Long> → { [key: string]: number }, which openapi-typescript flattens to a loosely-typed object. The as number | undefined cast is pragmatic but brittle if the backend shape ever changes to e.g. { count, lastUpdatedAt }. A small helper like extractCount(data): number with a type guard would make this more future-proof. Nit — not blocking.

No boundary violations, no premature abstractions. Ship it.

## 🏛️ Markus Keller — Senior Application Architect **Verdict: ✅ Approved** ### What I checked - Controller → Service → Repository layering for the new endpoint - DTO extension shape and boundary discipline - Whether the dashboard loader grew a module-coupling seam - Whether `EnrichmentBlock` composes cleanly without leaking state into `+page.svelte` ### Observations - **Layering is clean.** `DocumentController.getIncomplete` delegates straight to `documentService.findIncompleteDocuments(...)`; no repository touch from the controller, and the cap (`Math.min(size, 200)`) is at the edge where it belongs. The service mapper stays where it already lived (`DocumentService.java:545`), so the DTO extension is a one-line touch — no wider ripple. - **DTO boundary respected.** `IncompleteDocumentDTO` stays a record with `@Schema(requiredMode = REQUIRED)` on every field, which is the codebase convention that drives the TypeScript codegen. I was going to push back on `LocalDateTime` vs. `Instant`, but the PR description explicitly calls out the deviation and the reasoning (`NotificationDTO`, `DocumentVersionSummary`, `InviteListItemDTO` all use `LocalDateTime`). Consistency wins. Good. - **`EnrichmentBlock` split is exactly what I asked for on the issue.** The list-row component stays focused on one visual region; the wrapper owns the skeleton/banner composition. Two nameable regions, two components. Parent `+page.svelte` remains an orchestrator — no business logic, just `bannerCount` state and two prop bindings. - **Dashboard loader is now 10 concurrent calls via `Promise.allSettled`.** Still fine — we're nowhere near connection-pool pressure — but this is roughly the limit I'd want before we start thinking about a dashboard-aggregator endpoint. Worth noting for future PRs; not blocking here. ### Suggestions (non-blocking) - `frontend/src/routes/+page.server.ts:86` uses `incompleteCountResult.value.data?.count as number | undefined`. The generated type for `/incomplete-count` (from `api.ts`) is `Map<String, Long>` → `{ [key: string]: number }`, which openapi-typescript flattens to a loosely-typed object. The `as number | undefined` cast is pragmatic but brittle if the backend shape ever changes to e.g. `{ count, lastUpdatedAt }`. A small helper like `extractCount(data): number` with a type guard would make this more future-proof. Nit — not blocking. No boundary violations, no premature abstractions. Ship it.

marcel commented 2026-04-20 22:29:28 +02:00

Author

Owner

Copy Link

🔐 Nora "NullX" Steiner — Application Security Engineer

Verdict: ✅ Approved

What I checked

• The CWE-285 retrofit on /incomplete-count, /incomplete, and /incomplete/next
• Whether the new endpoint leaks anything beyond the DTO shape
• XSS surface on the new dashboard row (doc.title, doc.uploadedAt, m.upload_banner_plural)
• ZIP/SSRF/injection — none in this diff, but I looked
• Whether the close button is keyboard-reachable with a descriptive aria-label

Observations

• The CWE-285 gap I flagged on the issue is closed cleanly. All three /incomplete* endpoints now have @RequirePermission(Permission.WRITE_ALL), and the 401 + 403 tests prove both unauthenticated and reader-only paths are denied (DocumentControllerTest.java:395–399, :417–421, :466–471). This is a real security improvement; /incomplete/next previously returned the full Document entity (sender, tags, filename) to anyone with READ_ALL. That's fixed.
• Size cap at 200 is server-side and tested (DocumentControllerTest.java:424–432). The client can't force the server into a large page fetch. Good defense in depth.
• XSS surface looks clean. doc.title is injected into Svelte templates, which auto-escape; same for the banner count in m.upload_banner_plural({ count }). No {@html ...} anywhere in the new markup, no innerHTML, no CSS-class routing from user input (mime-type badge was dropped per correction #3721 — good, it would have been the only risky bit).
• Close button keyboard-reachable with aria-label={m.upload_banner_close()} (UploadSuccessBanner.svelte:44). Banner disappears on Enter/Space via standard button semantics. My a11y-meets-security note from the issue is honoured.
• No secret leakage in error paths. +page.server.ts:101-102 returns a generic 'Daten konnten nicht geladen werden.' on load failure, no backend stack trace reaches the browser.

Suggestions (non-blocking)

• frontend/src/lib/components/DashboardNeedsMetadata.svelte:21 does new Date(doc.uploadedAt) without validating the shape. If a malformed ISO string ever slipped through (e.g. from a manually-written SQL insert during migration), relativeTimeDe returns NaN in the Paraglide key. Not a security issue — a UX papercut. A Number.isFinite(minutes) guard in relativeTime.ts would make it robust; up to Felix whether that's worth the test cost.
• Consider adding a single @Test that asserts the three endpoints are decorated with @RequirePermission at the reflection level, so a future refactor that accidentally removes the annotation trips a build failure, not a pen-test report. Same idea as SecurityConfigTest in some codebases. Optional.

No OWASP Top 10 concerns. No dangerous primitives introduced. Shipping this makes the app more secure than it is on main.

## 🔐 Nora "NullX" Steiner — Application Security Engineer **Verdict: ✅ Approved** ### What I checked - The CWE-285 retrofit on `/incomplete-count`, `/incomplete`, and `/incomplete/next` - Whether the new endpoint leaks anything beyond the DTO shape - XSS surface on the new dashboard row (`doc.title`, `doc.uploadedAt`, `m.upload_banner_plural`) - ZIP/SSRF/injection — none in this diff, but I looked - Whether the close button is keyboard-reachable with a descriptive aria-label ### Observations - **The CWE-285 gap I flagged on the issue is closed cleanly.** All three `/incomplete*` endpoints now have `@RequirePermission(Permission.WRITE_ALL)`, and the 401 + 403 tests prove both unauthenticated and reader-only paths are denied (`DocumentControllerTest.java:395–399`, `:417–421`, `:466–471`). This is a real security improvement; `/incomplete/next` previously returned the full `Document` entity (sender, tags, filename) to anyone with `READ_ALL`. That's fixed. - **Size cap at 200 is server-side and tested** (`DocumentControllerTest.java:424–432`). The client can't force the server into a large page fetch. Good defense in depth. - **XSS surface looks clean.** `doc.title` is injected into Svelte templates, which auto-escape; same for the banner count in `m.upload_banner_plural({ count })`. No `{@html ...}` anywhere in the new markup, no `innerHTML`, no CSS-class routing from user input (mime-type badge was dropped per correction #3721 — good, it would have been the only risky bit). - **Close button keyboard-reachable with `aria-label={m.upload_banner_close()}`** (`UploadSuccessBanner.svelte:44`). Banner disappears on Enter/Space via standard button semantics. My a11y-meets-security note from the issue is honoured. - **No secret leakage in error paths.** `+page.server.ts:101-102` returns a generic `'Daten konnten nicht geladen werden.'` on load failure, no backend stack trace reaches the browser. ### Suggestions (non-blocking) - `frontend/src/lib/components/DashboardNeedsMetadata.svelte:21` does `new Date(doc.uploadedAt)` without validating the shape. If a malformed ISO string ever slipped through (e.g. from a manually-written SQL insert during migration), `relativeTimeDe` returns `NaN` in the Paraglide key. Not a security issue — a UX papercut. A `Number.isFinite(minutes)` guard in `relativeTime.ts` would make it robust; up to Felix whether that's worth the test cost. - Consider adding a single `@Test` that asserts the three endpoints are decorated with `@RequirePermission` at the reflection level, so a future refactor that accidentally removes the annotation trips a build failure, not a pen-test report. Same idea as SecurityConfigTest in some codebases. Optional. No OWASP Top 10 concerns. No dangerous primitives introduced. Shipping this makes the app more secure than it is on `main`.

marcel commented 2026-04-20 22:29:51 +02:00

Author

Owner

Copy Link

🧪 Sara Holt — Senior QA Engineer

Verdict: ⚠️ Approved with concerns

What I checked

• Red/green discipline in the commit history
• Coverage completeness per the test-pyramid slice I drafted on the issue
• Flake-prone patterns (timers, setTimeout sleeps, clock assumptions)
• Whether the new specs actually exercise the new behaviours, not just happy-path smoke

What I like

• Every branch of relativeTimeDe is covered — minutes, hours, days, rounding edge, zero-gap (relativeTime.spec.ts:6-33). Injected now means no clock flake. This is the pattern.
• Size-cap regression test exists and verifies via verify(documentService).findIncompleteDocuments(200) (DocumentControllerTest.java:432). Locks the security decision.
• Banner auto-dismiss uses fake timers, not a real 8s wait (UploadSuccessBanner.svelte.spec.ts:49-55). No CI burn, no flakes.
• DashboardNeedsMetadata covers the 5/6 boundary and the "topDocs ≠ totalCount" case (DashboardNeedsMetadata.svelte.spec.ts:45-60) — exactly the nuance I asked for on the issue.

Concerns

1. DropZone.svelte.spec.ts uses the setTimeout(50) anti-pattern in two places (lines 66 and 80):

   await new Promise((r) => setTimeout(r, 50));
   expect(onUploadComplete).not.toHaveBeenCalled();
   

   This is the exact flake pattern I warned about. On a slow CI runner the microtask chain may not have resolved in 50ms; on a fast runner it resolves in 5ms and a race can falsely-pass. Please replace with vi.waitFor({ timeout, interval }) for the negative assertion, and either vi.waitFor or (preferably) an awaited invalidateAll promise resolution for the last one. The happy-path test (line 46) already uses vi.waitFor correctly — mirror that everywhere.

2. EnrichmentBlock.svelte.spec.ts never exercises the skeleton branch. The mock at line 7-10 creates writable(null) for $navigating and never writes to it, so showSkeleton is always false throughout every test. The skeleton was specifically decision #3 on the issue (Leonie's B) and warrants a test:

   it('renders skeleton when $navigating && topDocs is empty', async () => {
     const nav = writable({ type: 'link' });
     // expose the store via the mock, render, assert the pulsing div exists
   });
   

   Without this, a future refactor could break the skeleton logic silently and no test would catch it.

3. E2E spec was not executed locally. The PR description acknowledges this (pre-existing auth.setup.ts bug). I'll take the commitment to CI-validate, but please flag on merge if CI also red-flags the auth setup so this doesn't land in a "green commit, red CI" state.

Suggestions

• DropZone.svelte.spec.ts test 2 ("does not invoke callback when no files were created") would be stronger as an assertion at a deterministic trigger point — e.g. chain invalidateAll's promise resolution and assert after that resolves. Then no setTimeout at all.

Summary

The TDD commit discipline is excellent (one red/green pair per commit, visible in the log). Coverage is ~95% of what I'd want. Fix the two flake patterns in DropZone.svelte.spec.ts and add the skeleton-branch test and this is a full green check.

## 🧪 Sara Holt — Senior QA Engineer **Verdict: ⚠️ Approved with concerns** ### What I checked - Red/green discipline in the commit history - Coverage completeness per the test-pyramid slice I drafted on the issue - Flake-prone patterns (timers, `setTimeout` sleeps, clock assumptions) - Whether the new specs actually exercise the new behaviours, not just happy-path smoke ### What I like - **Every branch of `relativeTimeDe` is covered** — minutes, hours, days, rounding edge, zero-gap (`relativeTime.spec.ts:6-33`). Injected `now` means no clock flake. This is the pattern. - **Size-cap regression test exists and verifies via `verify(documentService).findIncompleteDocuments(200)`** (`DocumentControllerTest.java:432`). Locks the security decision. - **Banner auto-dismiss uses fake timers, not a real 8s wait** (`UploadSuccessBanner.svelte.spec.ts:49-55`). No CI burn, no flakes. - **`DashboardNeedsMetadata` covers the 5/6 boundary and the "topDocs ≠ totalCount" case** (`DashboardNeedsMetadata.svelte.spec.ts:45-60`) — exactly the nuance I asked for on the issue. ### Concerns 1. **`DropZone.svelte.spec.ts` uses the `setTimeout(50)` anti-pattern in two places** (lines 66 and 80): ```typescript await new Promise((r) => setTimeout(r, 50)); expect(onUploadComplete).not.toHaveBeenCalled(); ``` This is the exact flake pattern I warned about. On a slow CI runner the microtask chain may not have resolved in 50ms; on a fast runner it resolves in 5ms and a race can falsely-pass. Please replace with `vi.waitFor({ timeout, interval })` for the negative assertion, and either `vi.waitFor` or (preferably) an awaited `invalidateAll` promise resolution for the last one. The happy-path test (line 46) already uses `vi.waitFor` correctly — mirror that everywhere. 2. **`EnrichmentBlock.svelte.spec.ts` never exercises the skeleton branch.** The mock at line 7-10 creates `writable(null)` for `$navigating` and never writes to it, so `showSkeleton` is always `false` throughout every test. The skeleton was specifically decision #3 on the issue (`Leonie's B`) and warrants a test: ```typescript it('renders skeleton when $navigating && topDocs is empty', async () => { const nav = writable({ type: 'link' }); // expose the store via the mock, render, assert the pulsing div exists }); ``` Without this, a future refactor could break the skeleton logic silently and no test would catch it. 3. **E2E spec was not executed locally.** The PR description acknowledges this (pre-existing `auth.setup.ts` bug). I'll take the commitment to CI-validate, but please flag on merge if CI also red-flags the auth setup so this doesn't land in a "green commit, red CI" state. ### Suggestions - `DropZone.svelte.spec.ts` test 2 ("does not invoke callback when no files were created") would be stronger as *an assertion at a deterministic trigger point* — e.g. chain `invalidateAll`'s promise resolution and assert after that resolves. Then no `setTimeout` at all. ### Summary The TDD commit discipline is excellent (one red/green pair per commit, visible in the log). Coverage is ~95% of what I'd want. Fix the two flake patterns in `DropZone.svelte.spec.ts` and add the skeleton-branch test and this is a full green check.

marcel commented 2026-04-20 22:30:15 +02:00

Author

Owner

Copy Link

🎨 Leonie Voss — UX & Accessibility Lead

Verdict: ⚠️ Approved with concerns

What I checked

• Row anatomy on DashboardNeedsMetadata vs. the issue spec (icon · title · time · chevron)
• Banner a11y: role="status", aria-live="polite", keyboard-reachable dismiss
• Semantic markup (<ul> / <li> list, <a> as the full-row hit target)
• Skeleton motion preferences (motion-reduce:animate-none)
• Tab order for the upload → banner → enrich journey

What I like

• Row is a single <a> around icon · title · time · chevron — that's the pattern I specified, keeps the hit target large enough for a senior's thumb on 320px.
• Chevron translates on hover, not just color shift — affordance is clear without relying on color alone.
• motion-reduce:animate-none on the skeleton pulse — respects prefers-reduced-motion. Nice catch.
• Banner uses role="status" + aria-live="polite" — screen readers will announce "2 Dokumente hochgeladen. Jetzt ergänzen" without interrupting the user mid-action.
• Singular/plural copy is handled at the Paraglide key level (upload_banner_singular and upload_banner_plural), not with a conditional inside the component. German grammar is correct.

Concerns

1. Contrast not verified locally. The PR description notes E2E axe was not run locally (pre-existing auth issue). That means the dark-mode contrast assertions in dashboard-enrichment-block.spec.ts lines 57-80 haven't been exercised. The text-ink-3 used for the time meta line and chevron — was that spot-checked against bg-surface in dark mode? If CI surfaces a contrast failure, please don't just add the class to axe's disableRules list — fix the token instead.

2. Chevron on .group-hover:translate-x-0.5 uses transition-transform, but no motion-reduce:transition-none. Small but consistent: if you added motion-reduce:animate-none to the skeleton, add the same guard to the chevron too. Users with vestibular disorders notice sub-pixel movement.

3. Dismiss button hit target is 24×24px (UploadSuccessBanner.svelte:45 → h-6 w-6). WCAG 2.2 AA minimum is 24×24 for non-essential controls, so technically fine — but our touch-target baseline everywhere else on the dashboard is 48×48 (and the issue spec explicitly calls that out for seniors). Please expand the button's clickable area to h-8 w-8 or add padding, while keeping the icon visually small. This is the single most-used control on the banner for users who don't want the CTA; it should be trivially tappable.

4. Row icon on DashboardNeedsMetadata.svelte:20 is a generic copy-item SVG. That's fine post correction #3721 (PDF-only), but the alt-text is empty and the icon is aria-hidden — which means the row currently announces only the title + relative time, no "document" affordance, to screen readers. Consider a visually-hidden label like <span class="sr-only">PDF: </span> before the title so the row reads "PDF: Sterbeurkunde 1930, vor 2 Minuten" to assistive tech. Nit, not a blocker.

Suggestions

• For the skeleton at EnrichmentBlock.svelte:32, consider aria-busy="true" on the parent instead of just aria-hidden="true". Screen readers will know the region is loading rather than treating the absence as permanent.

Summary

Looks visually correct against the spec on inspection of the diff; I'm flagging dark-mode contrast and the dismiss-button hit-target explicitly because seniors are the primary user. If CI's axe sweep comes back green at all six viewport-scheme combinations, concern #1 auto-resolves.

## 🎨 Leonie Voss — UX & Accessibility Lead **Verdict: ⚠️ Approved with concerns** ### What I checked - Row anatomy on `DashboardNeedsMetadata` vs. the issue spec (icon · title · time · chevron) - Banner a11y: `role="status"`, `aria-live="polite"`, keyboard-reachable dismiss - Semantic markup (`<ul>` / `<li>` list, `<a>` as the full-row hit target) - Skeleton motion preferences (`motion-reduce:animate-none`) - Tab order for the upload → banner → enrich journey ### What I like - **Row is a single `<a>` around icon · title · time · chevron** — that's the pattern I specified, keeps the hit target large enough for a senior's thumb on 320px. - **Chevron translates on hover, not just color shift** — affordance is clear without relying on color alone. - **`motion-reduce:animate-none` on the skeleton pulse** — respects `prefers-reduced-motion`. Nice catch. - **Banner uses `role="status"` + `aria-live="polite"`** — screen readers will announce "2 Dokumente hochgeladen. Jetzt ergänzen" without interrupting the user mid-action. - **Singular/plural copy is handled at the Paraglide key level** (`upload_banner_singular` and `upload_banner_plural`), not with a conditional inside the component. German grammar is correct. ### Concerns 1. **Contrast not verified locally.** The PR description notes E2E axe was not run locally (pre-existing auth issue). That means the dark-mode contrast assertions in `dashboard-enrichment-block.spec.ts` lines 57-80 haven't been exercised. The `text-ink-3` used for the time meta line and chevron — was that spot-checked against `bg-surface` in dark mode? If CI surfaces a contrast failure, please don't just add the class to axe's `disableRules` list — fix the token instead. 2. **Chevron on `.group-hover:translate-x-0.5` uses `transition-transform`**, but no `motion-reduce:transition-none`. Small but consistent: if you added `motion-reduce:animate-none` to the skeleton, add the same guard to the chevron too. Users with vestibular disorders notice sub-pixel movement. 3. **Dismiss button hit target is 24×24px** (`UploadSuccessBanner.svelte:45` → `h-6 w-6`). WCAG 2.2 AA minimum is 24×24 for non-essential controls, so technically fine — but our touch-target baseline everywhere else on the dashboard is 48×48 (and the issue spec explicitly calls that out for seniors). Please expand the button's clickable area to `h-8 w-8` or add padding, while keeping the icon visually small. This is the single most-used control on the banner for users who don't want the CTA; it should be trivially tappable. 4. **Row icon on `DashboardNeedsMetadata.svelte:20` is a generic copy-item SVG.** That's fine post correction #3721 (PDF-only), but the alt-text is empty and the icon is aria-hidden — which means the row currently announces only the title + relative time, no "document" affordance, to screen readers. Consider a visually-hidden label like `<span class="sr-only">PDF: </span>` before the title so the row reads "PDF: Sterbeurkunde 1930, vor 2 Minuten" to assistive tech. Nit, not a blocker. ### Suggestions - For the skeleton at `EnrichmentBlock.svelte:32`, consider `aria-busy="true"` on the parent instead of just `aria-hidden="true"`. Screen readers will know the region is loading rather than treating the absence as permanent. ### Summary Looks visually correct against the spec on inspection of the diff; I'm flagging dark-mode contrast and the dismiss-button hit-target explicitly because seniors are the primary user. If CI's axe sweep comes back green at all six viewport-scheme combinations, concern #1 auto-resolves.

marcel commented 2026-04-20 22:30:33 +02:00

Author

Owner

Copy Link

🔧 Tobias Wendt — DevOps & Platform Engineer

Verdict: ⚠️ Approved with concerns

What I checked

• Docker / Compose / Flyway impact (none expected, confirmed)
• CI runtime impact of 6 new Playwright matrix cells + axe
• Test fixtures and seed data lifecycle (don't want orphans in dev DB)
• Whether the E2E spec hardcodes infrastructure names that would differ in CI

What I like

• Zero infra changes. No new services, no Compose edits, no Flyway migration, no new env vars, no new ports. Exactly what I expect from a pure application-layer feature.
• Fixture cleanup is in afterEach, not afterAll (dashboard-enrichment-block.spec.ts:24-27). Good — means if a test fails mid-suite, the DB doesn't accumulate orphans across runs.

Concerns

1. dashboard-enrichment-block.spec.ts:21-23 hardcodes archive-db as the container name:

   execSync(`docker exec archive-db psql -U archive_user family_archive_db -c ...`)
   

   This matches our docker-compose.yml today. But if we ever run the E2E job in a CI workflow that uses Kubernetes pods, GitHub Actions services, or a differently-named container, this spec silently fails in afterEach (the cleanup throws, but the test's actual assertion may have already passed or failed). Same pattern exists in dashboard-screenshots.spec.ts:22 — so it's not new debt, but this PR extends the blast radius. Two paths:

   • (a) Accept the coupling; add a comment documenting the assumption. Fine for now.
   • (b) Route through an env var ($DB_CONTAINER) with the current hardcoded value as the default, so CI can override. 3 lines, future-proof.
     My lean: (a) for this PR, (b) as a follow-up cleanup issue I'll file.

2. E2E spec adds 7 tests (1 happy-path + 6 matrix cells). Each matrix cell opens a fresh browser context, navigates, and runs axe — probably ~3-5s each. That's 20-35s added to the E2E suite. Still well under our 8-minute SLO, but it's worth noting because the axe matrix is a pattern that other persona-review PRs will want to replicate. If two more PRs add the same matrix, we're at +60-100s and the SLO gets tight. Not blocking; flagging for awareness.

3. No visual-regression retention pin. The issue mentioned capping artifact retention to the default 30 days, which I'd still like to see in the workflow — but that's a CI-workflow change, not a PR-scope change. Filing as a follow-up.

Suggestions

• Neither of these is a merge blocker. Both are "things I'll track in an infra-debt file so they don't rot."

Summary

Clean application-layer change with no operational surface. Ship it. I'll file two follow-up issues (container-name env var, artifact retention) so the debt isn't lost.

## 🔧 Tobias Wendt — DevOps & Platform Engineer **Verdict: ⚠️ Approved with concerns** ### What I checked - Docker / Compose / Flyway impact (none expected, confirmed) - CI runtime impact of 6 new Playwright matrix cells + axe - Test fixtures and seed data lifecycle (don't want orphans in dev DB) - Whether the E2E spec hardcodes infrastructure names that would differ in CI ### What I like - **Zero infra changes.** No new services, no Compose edits, no Flyway migration, no new env vars, no new ports. Exactly what I expect from a pure application-layer feature. - **Fixture cleanup is in `afterEach`, not `afterAll`** (`dashboard-enrichment-block.spec.ts:24-27`). Good — means if a test fails mid-suite, the DB doesn't accumulate orphans across runs. ### Concerns 1. **`dashboard-enrichment-block.spec.ts:21-23` hardcodes `archive-db` as the container name:** ```typescript execSync(`docker exec archive-db psql -U archive_user family_archive_db -c ...`) ``` This matches our `docker-compose.yml` today. But if we ever run the E2E job in a CI workflow that uses Kubernetes pods, GitHub Actions services, or a differently-named container, this spec silently fails in `afterEach` (the cleanup throws, but the test's actual assertion may have already passed or failed). Same pattern exists in `dashboard-screenshots.spec.ts:22` — so it's not *new* debt, but this PR extends the blast radius. Two paths: - (a) Accept the coupling; add a comment documenting the assumption. Fine for now. - (b) Route through an env var (`$DB_CONTAINER`) with the current hardcoded value as the default, so CI can override. 3 lines, future-proof. My lean: (a) for this PR, (b) as a follow-up cleanup issue I'll file. 2. **E2E spec adds 7 tests** (1 happy-path + 6 matrix cells). Each matrix cell opens a fresh browser context, navigates, and runs axe — probably ~3-5s each. That's 20-35s added to the E2E suite. Still well under our 8-minute SLO, but it's worth noting because the axe matrix is a pattern that other persona-review PRs will want to replicate. If two more PRs add the same matrix, we're at +60-100s and the SLO gets tight. Not blocking; flagging for awareness. 3. **No visual-regression retention pin.** The issue mentioned capping artifact retention to the default 30 days, which I'd still like to see in the workflow — but that's a CI-workflow change, not a PR-scope change. Filing as a follow-up. ### Suggestions - Neither of these is a merge blocker. Both are "things I'll track in an infra-debt file so they don't rot." ### Summary Clean application-layer change with no operational surface. Ship it. I'll file two follow-up issues (container-name env var, artifact retention) so the debt isn't lost.

marcel commented 2026-04-20 22:30:54 +02:00

Author

Owner

Copy Link

👨‍💻 Felix Brandt — Senior Fullstack Developer

Verdict: ⚠️ Approved with concerns

What I checked

• Red/green discipline across the 14 commits
• Svelte 5 runes correctness ($state, $derived, $props, $effect)
• Naming, function size, guard clauses (Java side)
• Whether the plan's TDD ordering held — did the tests drive the code, or were tests added after?

What I like

• Commit history reads like a textbook TDD cycle. 758c7087 test(documents): lock /incomplete size cap at 200 — the test was written first, the cap was restored second. Every step has a clear red/green pair. This is the pattern.
• relativeTime.ts is 7 lines of pure function with an injected now. No class, no wrapper, no configuration object. That's KISS done right.
• DashboardNeedsMetadata.svelte uses $derived(totalCount > 5) for the footer flag, keeping the template dumb. No business logic in markup.
• Row hit target is one <a> wrapping everything. No nested interactive elements — accessibility is correct by construction, not by audit.
• LocalDateTime deviation from the issue is documented in the PR description with reasoning (consistency with existing DTOs). That's exactly how pragmatic deviations should be surfaced.
• onUploadComplete is an optional callback prop, not a store. Lifts state to the orchestrator, keeps DropZone focused. The "props over stores" principle.

Concerns

1. EnrichmentBlock.svelte.spec.ts never exercises the skeleton branch (overlaps with Sara's finding). The $navigating mock is hardcoded to null, so showSkeleton is dead code in the test world. Add a test that swaps the store to a truthy value and asserts the pulsing div is rendered. ~15 lines, closes a real gap.

2. DropZone.svelte.spec.ts lines 66 and 80 use await new Promise(r => setTimeout(r, 50)). Flake magnet under CI load. Replace with vi.waitFor or await the mocked invalidateAll promise directly. The happy-path test on line 46 already uses vi.waitFor correctly — mirror that pattern.

3. DashboardNeedsMetadata.svelte:38-47's inline chevron SVG is 8 lines of markup. No reuse cost here (only one call site), but we've got a pattern in this codebase of extracting inline SVGs into shared $lib/icons/ components once they appear in 3+ places. Not a blocker on this PR; flag for future refactor if chevron-right shows up anywhere else.

Suggestions

• The interface Props pattern is used correctly four times in the new components — consistent and explicit. Keep doing this.
• EnrichmentBlock.svelte:11 — type IncompleteDoc is redeclared inside the component instead of importing from $lib/generated/api.ts. The generated IncompleteDocumentDTO['schemas'] has exactly these three fields; a single import would avoid the drift risk if the DTO gains a field. Small nit.
• Consider extracting the relativeTimeDe-style relative-time component into a <RelativeTime from={date} /> wrapper eventually, once a second caller appears (activity feed? conversation timeline?). Pre-emptive extraction would be YAGNI.

Summary

The TDD was clean and the code reads well. Fix the two test-pattern issues (skeleton branch + setTimeout flake) and this is a 💯. Everything else is cosmetic.

## 👨‍💻 Felix Brandt — Senior Fullstack Developer **Verdict: ⚠️ Approved with concerns** ### What I checked - Red/green discipline across the 14 commits - Svelte 5 runes correctness ($state, $derived, $props, $effect) - Naming, function size, guard clauses (Java side) - Whether the plan's TDD ordering held — did the tests drive the code, or were tests added after? ### What I like - **Commit history reads like a textbook TDD cycle.** `758c7087 test(documents): lock /incomplete size cap at 200` — the test was written first, the cap was restored second. Every step has a clear red/green pair. This is the pattern. - **`relativeTime.ts` is 7 lines of pure function with an injected `now`.** No class, no wrapper, no configuration object. That's KISS done right. - **`DashboardNeedsMetadata.svelte` uses `$derived(totalCount > 5)` for the footer flag, keeping the template dumb.** No business logic in markup. - **Row hit target is one `<a>` wrapping everything.** No nested interactive elements — accessibility is correct by construction, not by audit. - **`LocalDateTime` deviation from the issue is documented in the PR description with reasoning** (consistency with existing DTOs). That's exactly how pragmatic deviations should be surfaced. - **`onUploadComplete` is an optional callback prop, not a store.** Lifts state to the orchestrator, keeps DropZone focused. The "props over stores" principle. ### Concerns 1. **`EnrichmentBlock.svelte.spec.ts` never exercises the skeleton branch** (overlaps with Sara's finding). The `$navigating` mock is hardcoded to `null`, so `showSkeleton` is dead code in the test world. Add a test that swaps the store to a truthy value and asserts the pulsing div is rendered. ~15 lines, closes a real gap. 2. **`DropZone.svelte.spec.ts` lines 66 and 80 use `await new Promise(r => setTimeout(r, 50))`.** Flake magnet under CI load. Replace with `vi.waitFor` or await the mocked `invalidateAll` promise directly. The happy-path test on line 46 already uses `vi.waitFor` correctly — mirror that pattern. 3. **`DashboardNeedsMetadata.svelte:38-47`'s inline chevron SVG is 8 lines of markup.** No reuse cost here (only one call site), but we've got a pattern in this codebase of extracting inline SVGs into shared `$lib/icons/` components once they appear in 3+ places. Not a blocker on this PR; flag for future refactor if chevron-right shows up anywhere else. ### Suggestions - The `interface Props` pattern is used correctly four times in the new components — consistent and explicit. Keep doing this. - `EnrichmentBlock.svelte:11` — `type IncompleteDoc` is redeclared inside the component instead of importing from `$lib/generated/api.ts`. The generated `IncompleteDocumentDTO['schemas']` has exactly these three fields; a single import would avoid the drift risk if the DTO gains a field. Small nit. - Consider extracting the `relativeTimeDe`-style relative-time component into a `<RelativeTime from={date} />` wrapper eventually, once a second caller appears (activity feed? conversation timeline?). Pre-emptive extraction would be YAGNI. ### Summary The TDD was clean and the code reads well. Fix the two test-pattern issues (skeleton branch + setTimeout flake) and this is a 💯. Everything else is cosmetic.

marcel added 4 commits 2026-04-20 22:48:31 +02:00

test(dashboard): exercise the EnrichmentBlock skeleton branch ... 30ea1f0dcf

Hoists the $navigating store into a shared __mocks__ module so tests can
drive it through real transitions. Adds two specs covering (a) skeleton
visible while $navigating && topDocs empty and (b) skeleton hidden when
topDocs is non-empty. Also sets aria-busy="true" on the skeleton so
screen readers announce the loading state (Leonie's a11y suggestion).

Addresses Sara's and Felix's review concern that the skeleton branch was
dead code in the test world.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

test(dropzone): replace setTimeout flake with vi.waitFor + hoisted mock ... 97e8e4fc74

The "no-callback" and "no-prop" tests no longer rely on an arbitrary
50ms sleep. Test 2 awaits the mocked invalidateAll call (the last async
step of the upload handler) before asserting the callback was not
invoked. Test 3 lets vitest-browser-svelte's own expect.element poll
until the success message appears.

Addresses Sara's and Felix's review concern about flake-prone timing.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

a11y(dashboard): larger dismiss target + motion-reduce + sr-only PDF label ... 35303831f7

- UploadSuccessBanner dismiss button: 24×24 → 40×40 hit area (icon stays
  at 16px). Matches senior-first baseline Leonie flagged.
- DashboardNeedsMetadata chevron: adds motion-reduce:transition-none and
  motion-reduce:group-hover:translate-x-0 so users with prefers-reduced-
  motion do not see the hover translate.
- Row title prefixed with an sr-only "PDF: " span so assistive tech
  announces the document affordance alongside the title.

Addresses Leonie's review concerns #2, #3, and the sr-only nit.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

fix(relativeTime): guard against Invalid Date producing NaN strings ... 6f3aa056a1

If a row ever receives a malformed uploadedAt (e.g. manual SQL migration,
backend regression), the helper now falls back to "vor 0 Minute(n)"
rather than rendering "vor NaN Tag(en)" to the user.

Addresses Nora's review suggestion.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

marcel commented 2026-04-20 22:48:52 +02:00

Author

Owner

Copy Link

🔁 Review round 1 — fixes pushed

All concerns from the six persona reviews have been addressed in four new commits:

#	Reviewer	Concern	Commit	File(s)
1	Sara + Felix (blocker)	EnrichmentBlock.svelte.spec.ts skeleton branch untested	30ea1f0d	EnrichmentBlock.svelte{,.spec.ts}, __mocks__/navigatingStore.ts
2	Sara + Felix (blocker)	DropZone.svelte.spec.ts setTimeout(50) flake pattern	97e8e4fc	DropZone.svelte.spec.ts
3	Leonie	Dismiss button 24×24 → senior-first hit target	35303831	UploadSuccessBanner.svelte (now 40×40)
4	Leonie	Chevron missing motion-reduce:transition-none	35303831	DashboardNeedsMetadata.svelte
5	Leonie	Skeleton needs aria-busy="true"	30ea1f0d	EnrichmentBlock.svelte
6	Leonie	Row title lacks screen-reader "document" affordance	35303831	DashboardNeedsMetadata.svelte (<span class="sr-only">PDF: </span>)
7	Nora	relativeTimeDe can render "vor NaN Tag(en)" on malformed input	6f3aa056	relativeTime.ts + spec

Deliberately deferred

• Markus nit — extract count from /incomplete-count into a type-guarded helper. Deferred: the response shape is a simple { count: number }, openapi-typescript models it as a loose record, and a 3-line helper would be heavier than the current inline cast. Revisit when a second caller appears or when the endpoint shape grows.
• Felix nit — import IncompleteDocumentDTO from $lib/generated/api.ts in EnrichmentBlock.svelte instead of redeclaring the inline type. The generated type is { id: string; title: string; uploadedAt: string } — the same fields. Drift risk is real but small; leaving local type declarations in three components (DashboardNeedsMetadata, EnrichmentBlock, spec) matches the prevailing pattern in the codebase today. Worth a broader cleanup PR.
• Tobias nit — env-var-ify archive-db container name in the Playwright spec. Filed as follow-up issue noted in the review comment; leaving the existing convention that matches dashboard-screenshots.spec.ts.

Verification

• vitest run on the six touched specs: 36/36 passing (DashboardNeedsMetadata 6, UploadSuccessBanner 6, EnrichmentBlock 6, relativeTime 6, DropZone 3, page.server 9).
• Backend tests unchanged since the previous green run.
• Lint + format green on every commit.

Ready for another pass.

## 🔁 Review round 1 — fixes pushed All concerns from the six persona reviews have been addressed in four new commits: | # | Reviewer | Concern | Commit | File(s) | |---|---------|---------|--------|---------| | 1 | Sara + Felix (blocker) | `EnrichmentBlock.svelte.spec.ts` skeleton branch untested | `30ea1f0d` | `EnrichmentBlock.svelte{,.spec.ts}`, `__mocks__/navigatingStore.ts` | | 2 | Sara + Felix (blocker) | `DropZone.svelte.spec.ts` `setTimeout(50)` flake pattern | `97e8e4fc` | `DropZone.svelte.spec.ts` | | 3 | Leonie | Dismiss button 24×24 → senior-first hit target | `35303831` | `UploadSuccessBanner.svelte` (now 40×40) | | 4 | Leonie | Chevron missing `motion-reduce:transition-none` | `35303831` | `DashboardNeedsMetadata.svelte` | | 5 | Leonie | Skeleton needs `aria-busy="true"` | `30ea1f0d` | `EnrichmentBlock.svelte` | | 6 | Leonie | Row title lacks screen-reader "document" affordance | `35303831` | `DashboardNeedsMetadata.svelte` (`<span class="sr-only">PDF: </span>`) | | 7 | Nora | `relativeTimeDe` can render `"vor NaN Tag(en)"` on malformed input | `6f3aa056` | `relativeTime.ts` + spec | ### Deliberately deferred - **Markus nit** — extract `count` from `/incomplete-count` into a type-guarded helper. Deferred: the response shape is a simple `{ count: number }`, openapi-typescript models it as a loose record, and a 3-line helper would be heavier than the current inline cast. Revisit when a second caller appears or when the endpoint shape grows. - **Felix nit** — import `IncompleteDocumentDTO` from `$lib/generated/api.ts` in `EnrichmentBlock.svelte` instead of redeclaring the inline type. The generated type is `{ id: string; title: string; uploadedAt: string }` — the same fields. Drift risk is real but small; leaving local type declarations in three components (`DashboardNeedsMetadata`, `EnrichmentBlock`, spec) matches the prevailing pattern in the codebase today. Worth a broader cleanup PR. - **Tobias nit** — env-var-ify `archive-db` container name in the Playwright spec. Filed as follow-up issue noted in the review comment; leaving the existing convention that matches `dashboard-screenshots.spec.ts`. ### Verification - `vitest run` on the six touched specs: **36/36 passing** (DashboardNeedsMetadata 6, UploadSuccessBanner 6, EnrichmentBlock 6, relativeTime 6, DropZone 3, page.server 9). - Backend tests unchanged since the previous green run. - Lint + format green on every commit. Ready for another pass.

marcel commented 2026-04-20 22:49:46 +02:00

Author

Owner

Copy Link

🏛️ Markus Keller — Senior Application Architect (Round 2)

Verdict: ✅ Approved

What I re-checked

• Whether the round-1 fixes introduced any new coupling or boundary leaks
• Whether my count extractor suggestion got deferred with sound reasoning

Observations

• The round-1 delta (60 insertions, 12 deletions, 8 files) is purely behavioural — no module boundaries crossed, no layer violations, no new services.
• The __mocks__/navigatingStore.ts extraction is correct — vi.mock hoisting constraints aren't a personal preference, they're a tooling fact. Putting the shared store in its own module is the cleanest resolution.
• My count extractor suggestion being deferred with the stated reasoning ("revisit when a second caller appears or the endpoint shape grows") is exactly the pragmatism I look for. I'd have done the same.

No boundary violations. Ship it.

## 🏛️ Markus Keller — Senior Application Architect (Round 2) **Verdict: ✅ Approved** ### What I re-checked - Whether the round-1 fixes introduced any new coupling or boundary leaks - Whether my `count` extractor suggestion got deferred with sound reasoning ### Observations - The round-1 delta (60 insertions, 12 deletions, 8 files) is purely behavioural — no module boundaries crossed, no layer violations, no new services. - The `__mocks__/navigatingStore.ts` extraction is correct — vi.mock hoisting constraints aren't a personal preference, they're a tooling fact. Putting the shared store in its own module is the cleanest resolution. - My `count` extractor suggestion being deferred with the stated reasoning ("revisit when a second caller appears or the endpoint shape grows") is exactly the pragmatism I look for. I'd have done the same. No boundary violations. Ship it.

marcel commented 2026-04-20 22:49:53 +02:00

Author

Owner

Copy Link

🔐 Nora "NullX" Steiner — Application Security Engineer (Round 2)

Verdict: ✅ Approved

What I re-checked

• The NaN guard in relativeTime.ts + its test
• That no new surfaces (XSS, auth, injection) were opened by the round-1 fixes

Observations

• relativeTime.ts:5-7 now guards with Number.isFinite(minutes) and returns m.comment_time_minutes({ count: 0 }). The fallback is in the allowlist (a Paraglide key with a numeric parameter), so no arbitrary string ever reaches the template. Robustness without widening the attack surface — exactly right.
• The spec case 'falls back to 0 minutes when the input Date is invalid' is concise and uses the injectable now pattern, so it's deterministic.
• No changes to auth, CORS, CSP, session handling, or any other security-relevant code in round 1. The sr-only "PDF:" label and motion-reduce classes are purely a11y-facing. No new attack surface.

No OWASP concerns. Clean round-2 closeout.

## 🔐 Nora "NullX" Steiner — Application Security Engineer (Round 2) **Verdict: ✅ Approved** ### What I re-checked - The NaN guard in `relativeTime.ts` + its test - That no new surfaces (XSS, auth, injection) were opened by the round-1 fixes ### Observations - `relativeTime.ts:5-7` now guards with `Number.isFinite(minutes)` and returns `m.comment_time_minutes({ count: 0 })`. The fallback is in the allowlist (a Paraglide key with a numeric parameter), so no arbitrary string ever reaches the template. Robustness without widening the attack surface — exactly right. - The spec case `'falls back to 0 minutes when the input Date is invalid'` is concise and uses the injectable `now` pattern, so it's deterministic. - No changes to auth, CORS, CSP, session handling, or any other security-relevant code in round 1. The sr-only "PDF:" label and motion-reduce classes are purely a11y-facing. No new attack surface. No OWASP concerns. Clean round-2 closeout.

marcel commented 2026-04-20 22:50:02 +02:00

Author

Owner

Copy Link

🧪 Sara Holt — Senior QA Engineer (Round 2)

Verdict: ✅ Approved

What I re-checked

• The new skeleton-branch tests in EnrichmentBlock.svelte.spec.ts
• The DropZone flake fix — whether vi.waitFor + hoisted mock replaced the sleeps correctly
• The NaN-guard test in relativeTime.spec.ts

Observations

• Skeleton branch coverage closed. EnrichmentBlock.svelte.spec.ts:67-78 + :79-88 exercise both the true branch (navigating active + topDocs empty → skeleton visible) and the false branch (navigating active + topDocs non-empty → skeleton hidden). The __mocks__/navigatingStore.ts extraction + afterEach(navigatingStore.set(null)) is clean test hygiene — no leaked state across tests.
• DropZone flake fix is textbook. vi.waitFor(() => expect(invalidateAllMock).toHaveBeenCalled()) replaces the 50ms sleep with a deterministic anchor. The "no prop supplied" test now relies purely on vitest-browser-svelte's polling (await expect.element(...).toBeInTheDocument()), which is the right tool. Both sleeps are gone.
• NaN regression test is tight. Single Invalid Date input, two assertions, deterministic now. Exactly what I'd have written.

Summary

All three of my concerns from round 1 are closed cleanly. Coverage is 100% of what I asked for. Flip to green.

## 🧪 Sara Holt — Senior QA Engineer (Round 2) **Verdict: ✅ Approved** ### What I re-checked - The new skeleton-branch tests in `EnrichmentBlock.svelte.spec.ts` - The DropZone flake fix — whether `vi.waitFor` + hoisted mock replaced the sleeps correctly - The NaN-guard test in `relativeTime.spec.ts` ### Observations - **Skeleton branch coverage closed.** `EnrichmentBlock.svelte.spec.ts:67-78` + `:79-88` exercise both the true branch (`navigating active + topDocs empty → skeleton visible`) and the false branch (`navigating active + topDocs non-empty → skeleton hidden`). The `__mocks__/navigatingStore.ts` extraction + `afterEach(navigatingStore.set(null))` is clean test hygiene — no leaked state across tests. - **DropZone flake fix is textbook.** `vi.waitFor(() => expect(invalidateAllMock).toHaveBeenCalled())` replaces the 50ms sleep with a deterministic anchor. The "no prop supplied" test now relies purely on `vitest-browser-svelte`'s polling (`await expect.element(...).toBeInTheDocument()`), which is the right tool. Both sleeps are gone. - **NaN regression test is tight.** Single `Invalid Date` input, two assertions, deterministic `now`. Exactly what I'd have written. ### Summary All three of my concerns from round 1 are closed cleanly. Coverage is 100% of what I asked for. Flip to green.

marcel commented 2026-04-20 22:50:12 +02:00

Author

Owner

Copy Link

🎨 Leonie Voss — UX & Accessibility Lead (Round 2)

Verdict: ✅ Approved

What I re-checked

• Dismiss button hit target (was 24×24)
• Chevron motion-reduce guard
• Skeleton aria-busy
• sr-only "PDF:" label for screen readers

Observations

• Dismiss button: 40×40. Icon stays at 16px (h-4 w-4) inside a 40px button — visually subtle, easily tappable. Exceeds WCAG 2.2 AA 24px minimum with margin, and lines up with the senior-first baseline. ✓
• Chevron now respects motion preference. motion-reduce:transition-none motion-reduce:group-hover:translate-x-0 cancels both the transition and the translate for users with vestibular sensitivity. ✓
• Skeleton now has aria-busy="true" plus aria-label="Lade aktualisierte Liste" — screen readers will announce the loading state instead of treating the region as empty. ✓
• Row title now reads "PDF: <title>, vor 2 Minuten" to screen readers via the sr-only span. Sighted users see the same markup as before. ✓

Note

• Dark-mode axe sweep is still queued for CI since the local auth.setup.ts bug blocks a local run. That's the only thing I can't tick off myself — but the assertions are in the spec and will surface in the CI run.

Summary

Every visual + a11y concern from round 1 is addressed. UX-wise, this is a very polished dashboard increment. Ship it.

## 🎨 Leonie Voss — UX & Accessibility Lead (Round 2) **Verdict: ✅ Approved** ### What I re-checked - Dismiss button hit target (was 24×24) - Chevron `motion-reduce` guard - Skeleton `aria-busy` - sr-only "PDF:" label for screen readers ### Observations - **Dismiss button: 40×40.** Icon stays at 16px (`h-4 w-4`) inside a 40px button — visually subtle, easily tappable. Exceeds WCAG 2.2 AA 24px minimum with margin, and lines up with the senior-first baseline. ✓ - **Chevron now respects motion preference.** `motion-reduce:transition-none motion-reduce:group-hover:translate-x-0` cancels both the transition and the translate for users with vestibular sensitivity. ✓ - **Skeleton now has `aria-busy="true"`** plus `aria-label="Lade aktualisierte Liste"` — screen readers will announce the loading state instead of treating the region as empty. ✓ - **Row title now reads "PDF: &lt;title&gt;, vor 2 Minuten" to screen readers** via the sr-only span. Sighted users see the same markup as before. ✓ ### Note - Dark-mode axe sweep is still queued for CI since the local `auth.setup.ts` bug blocks a local run. That's the only thing I can't tick off myself — but the assertions are in the spec and will surface in the CI run. ### Summary Every visual + a11y concern from round 1 is addressed. UX-wise, this is a very polished dashboard increment. Ship it.

marcel commented 2026-04-20 22:50:17 +02:00

Author

Owner

Copy Link

🔧 Tobias Wendt — DevOps & Platform Engineer (Round 2)

Verdict: ✅ Approved

What I re-checked

• Whether round-1 added any infra surface
• Whether my container-name env-var suggestion got lost or documented

Observations

• No new services, no Compose changes, no CI workflow changes, no migration. Round-1 fixes are purely application-layer.
• My archive-db env-var suggestion was explicitly deferred to a follow-up with a clear rationale (matching existing dashboard-screenshots.spec.ts convention). That's the right call for this PR's scope.
• Artifact retention & observability dashboard are still filed as follow-ups — not blocking this merge.

Nothing new from my angle. Green.

## 🔧 Tobias Wendt — DevOps & Platform Engineer (Round 2) **Verdict: ✅ Approved** ### What I re-checked - Whether round-1 added any infra surface - Whether my container-name env-var suggestion got lost or documented ### Observations - No new services, no Compose changes, no CI workflow changes, no migration. Round-1 fixes are purely application-layer. - My `archive-db` env-var suggestion was explicitly deferred to a follow-up with a clear rationale (matching existing `dashboard-screenshots.spec.ts` convention). That's the right call for this PR's scope. - Artifact retention & observability dashboard are still filed as follow-ups — not blocking this merge. Nothing new from my angle. Green.

marcel commented 2026-04-20 22:50:28 +02:00

Author

Owner

Copy Link

👨‍💻 Felix Brandt — Senior Fullstack Developer (Round 2)

Verdict: ✅ Approved

What I re-checked

• Skeleton branch test correctness
• vi.hoisted usage in DropZone.svelte.spec.ts
• NaN guard in relativeTime.ts and whether the test properly drove the implementation
• Overall round-1 commit discipline (one red/green per commit)

Observations

• Skeleton test exercises real reactivity through a real writable store. The __mocks__/navigatingStore.ts extraction is the right escape hatch for vi.mock's hoisting constraint. Clean factoring — the store lives in one place, the tests and the mock factory both import it.
• vi.hoisted in DropZone.svelte.spec.ts:7 is the idiomatic way to share a mock function across a hoisted factory and the test body. The comment explaining why it exists is exactly the kind of "why" comment I want to see — the mechanism is non-obvious without context.
• NaN guard commit follows red/green properly: 6f3aa056 has the test failing with 'vor NaN Tag(en)' followed by the Number.isFinite(minutes) guard. Comment in the code explains the threat model (malformed backend string), not the mechanism.
• Commit history is atomic and scoped. Each of the four round-1 commits addresses one concern, references the reviewer who raised it, and runs green. No drift, no bundling.

Summary

Every concern from round 1 is closed or consciously deferred with a documented reason. TDD discipline held through the fix cycle. 💯.

## 👨‍💻 Felix Brandt — Senior Fullstack Developer (Round 2) **Verdict: ✅ Approved** ### What I re-checked - Skeleton branch test correctness - `vi.hoisted` usage in `DropZone.svelte.spec.ts` - NaN guard in `relativeTime.ts` and whether the test properly drove the implementation - Overall round-1 commit discipline (one red/green per commit) ### Observations - **Skeleton test exercises real reactivity through a real `writable` store.** The `__mocks__/navigatingStore.ts` extraction is the right escape hatch for vi.mock's hoisting constraint. Clean factoring — the store lives in one place, the tests and the mock factory both import it. - **`vi.hoisted` in `DropZone.svelte.spec.ts:7`** is the idiomatic way to share a mock function across a hoisted factory and the test body. The comment explaining why it exists is exactly the kind of "why" comment I want to see — the mechanism is non-obvious without context. - **NaN guard commit follows red/green properly**: `6f3aa056` has the test failing with `'vor NaN Tag(en)'` followed by the `Number.isFinite(minutes)` guard. Comment in the code explains the threat model (malformed backend string), not the mechanism. - **Commit history is atomic and scoped.** Each of the four round-1 commits addresses one concern, references the reviewer who raised it, and runs green. No drift, no bundling. ### Summary Every concern from round 1 is closed or consciously deferred with a documented reason. TDD discipline held through the fix cycle. 💯.

marcel merged commit 6f3aa056a1 into main 2026-04-21 08:59:32 +02:00

marcel deleted branch feat/issue-296-enrichment-list-block 2026-04-21 08:59:34 +02:00

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

Clear labels

P0-critical

Blocks a core user journey, causes data loss, or is a security/accessibility barrier. Work on this before P1+.

P1-high

Significant friction on a main user journey; workaround exists but is non-obvious. Next up after P0.

P2-medium

Noticeable improvement; doesn't block anything; schedule opportunistically.

P3-later

Cosmetic or parking-lot work; fine to stay open indefinitely.

audit

Read-only audit / assessment work; produces a report rather than changing code

bug

Something isn't working

cleanup

Removal of dead code, vague comments, naming violations, and scratch artifacts

collaboration

We want to extend the family archive to have more collaboration tools

conversation

descoped

We will do that later

devops

documentation

README, ARCHITECTURE, GLOSSARY, CONTRIBUTING, per-domain docs

epic

Marker for epic-level issues that group multiple child issues

feature

file-upload

legibility

Codebase Legibility Refactor — preparing the codebase for human evaluation and bus-factor reduction

notification

person

phase-1: security

Security hygiene — must be done first

phase-2: container-images

Production-ready multi-stage Docker images

phase-3: prod-compose

Production compose overlay + Caddy reverse proxy

phase-4: spring-prod-profile

Spring Boot production configuration profile

phase-5: backups

Database and object storage backup strategy

phase-6: deployment-docs

.env.example, DEPLOYMENT.md, runbook

phase-7: monitoring

Prometheus, Loki, Grafana, Alertmanager

refactor

Code restructuring without behaviour change

security

test

ui

UI/UX and accessibility issues

user

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

Jens marcel

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: marcel/familienarchiv#298