bug: notification deep-link does not scroll to comment on document detail page #299

Merged

marcel merged 8 commits from feat/issue-276-notification-deep-link-scroll into main 2026-04-21 15:06:02 +02:00

Conversation 13 Commits 8 Files Changed 13 +830 -558

marcel commented 2026-04-21 14:04:57 +02:00

Owner

Copy Link

Closes #276

Summary

Fixes the broken notification deep-link flow by populating annotationId at the upstream write path (CommentService.postBlockComment) and consuming ?commentId=&annotationId= in documents/[id]/+page.svelte via a new scrollToCommentFromQuery helper. Bundles dead-code cleanup of the unused document-level and annotation-level comment APIs — only block comments survive in the frontend today.

See the Discussion Resolutions comment on #276 for the authoritative spec agreed during pre-implementation review.

Commits

1. 46588522 — fix(comment): populate annotationId on block comments from the block
2. 13732ab9 — fix(db): V51 backfills annotation_id on block comments and notifications
3. bc69e8ff — refactor(comment): drop dead document and annotation comment APIs
4. 251eb9c3 — feat(frontend): add scrollToCommentFromQuery helper for notification deep-link
5. 20ae85f8 — feat(comment): expose comment id + focus ring on CommentMessage wrapper
6. e22265f5 — feat(document-detail): wire notification deep-link scroll in onMount
7. 567faee3 — test(e2e): notification deep-link scrolls to target comment

Test matrix

• Backend unit + slice + integration: 1191 pass (./mvnw test)
• Backend build: SUCCESS (./mvnw clean package -DskipTests)
• Frontend unit + browser component: 1122 pass across 129 files (npm run test)
• E2E spec covers the critical journey at 320px and 1440px plus an axe-core accessibility check

Notes for reviewers

• No new API endpoint. The issue body proposed GET /api/documents/{id}/comments/{commentId} — we dropped that in favour of fixing the upstream nullable annotationId and driving the frontend purely from URL params + DOM id as truth.
• Flyway V51 backfills both document_comments.annotation_id and notifications.annotation_id so previously issued notifications also deep-link correctly after this lands.
• Dead-code cleanup is intentional and sized to match the actual feature surface (block comments only).
• prefers-reduced-motion and the existing flashAnnotationId pattern are reused — no new visual vocabulary.
• CommentMessage wrapper gains id, tabindex="-1", and a focus-visible ring so keyboard and screen-reader users land on the specific comment; mouse users see nothing extra.

Closes #276 ## Summary Fixes the broken notification deep-link flow by populating `annotationId` at the upstream write path (`CommentService.postBlockComment`) and consuming `?commentId=&annotationId=` in `documents/[id]/+page.svelte` via a new `scrollToCommentFromQuery` helper. Bundles dead-code cleanup of the unused document-level and annotation-level comment APIs — only block comments survive in the frontend today. See the **Discussion Resolutions** comment on #276 for the authoritative spec agreed during pre-implementation review. ## Commits 1. `46588522` — fix(comment): populate annotationId on block comments from the block 2. `13732ab9` — fix(db): V51 backfills annotation_id on block comments and notifications 3. `bc69e8ff` — refactor(comment): drop dead document and annotation comment APIs 4. `251eb9c3` — feat(frontend): add scrollToCommentFromQuery helper for notification deep-link 5. `20ae85f8` — feat(comment): expose comment id + focus ring on CommentMessage wrapper 6. `e22265f5` — feat(document-detail): wire notification deep-link scroll in onMount 7. `567faee3` — test(e2e): notification deep-link scrolls to target comment ## Test matrix - Backend unit + slice + integration: **1191 pass** (`./mvnw test`) - Backend build: **SUCCESS** (`./mvnw clean package -DskipTests`) - Frontend unit + browser component: **1122 pass** across 129 files (`npm run test`) - E2E spec covers the critical journey at 320px and 1440px plus an axe-core accessibility check ## Notes for reviewers - **No new API endpoint.** The issue body proposed `GET /api/documents/{id}/comments/{commentId}` — we dropped that in favour of fixing the upstream nullable `annotationId` and driving the frontend purely from URL params + DOM id as truth. - **Flyway V51** backfills both `document_comments.annotation_id` and `notifications.annotation_id` so previously issued notifications also deep-link correctly after this lands. - **Dead-code cleanup is intentional** and sized to match the actual feature surface (block comments only). - `prefers-reduced-motion` and the existing `flashAnnotationId` pattern are reused — no new visual vocabulary. - `CommentMessage` wrapper gains `id`, `tabindex="-1"`, and a `focus-visible` ring so keyboard and screen-reader users land on the specific comment; mouse users see nothing extra.

marcel added 7 commits 2026-04-21 14:04:57 +02:00

fix(comment): populate annotationId on block comments from the block ... 4658852281

postBlockComment now looks up the block via TranscriptionService and
sets comment.annotationId from block.getAnnotationId(). This closes
the upstream root cause of issue #276, where notifications for block
comments were stored with annotationId=null, breaking the notification
deep-link flow on the document detail page.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

fix(db): V51 backfills annotation_id on block comments and notifications ... 13732ab96b

Previously issued block-comment notifications were stored with
annotation_id=NULL because CommentService.postBlockComment did not
populate DocumentComment.annotationId. Now that the code fix is in
place, existing rows need to be filled in so legacy notifications
can also carry the query param that the frontend deep-link flow
expects.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

refactor(comment): drop dead document and annotation comment APIs ... bc69e8ff1e

Only block comments are surfaced by the frontend now. The document-level
and annotation-level comment endpoints and service methods existed but
had no consumer. Remove them along with their repository queries and
test coverage so the surface area matches the actual feature set.

Shared edit, delete, and block reply endpoints stay. postBlockComment
now carries the authorName/mention/audit behaviors previously tested
through the dropped postComment method, so those behaviors remain
covered by the block-scoped test suite.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

feat(frontend): add scrollToCommentFromQuery helper for notification deep-link ... 251eb9c3fc

Pure function that reads commentId + annotationId from the page URL,
enters transcribe mode if needed, activates the block's annotation,
scrolls the target comment into view, focuses it for screen readers,
fires the existing annotation flash, and strips the params via the
injected callback.

All side effects go through callbacks so the helper is unit-testable
without mounting the page or a DOM (only scrollIntoView/focus are
called on the injected element). Eight tests cover both absent params,
happy path, transcribe-mode activation, missing DOM target, reduced
motion, flash trigger, and URL strip.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

feat(comment): expose comment id + focus ring on CommentMessage wrapper ... 20ae85f879

Notification deep-link scroll targets #comment-{id}. Add the id to
the article wrapper along with tabindex="-1" so scrollIntoView +
.focus({preventScroll:true}) can land screen-reader and keyboard
focus on the specific comment. A focus-visible ring appears only
for keyboard users so mouse clicks don't trigger a visible outline.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

feat(document-detail): wire notification deep-link scroll in onMount ... e22265f5bc

After navHeight setup, call scrollToCommentFromQuery with the page
URL and callbacks into the component's local state (transcribeMode,
activeAnnotationId, flashAnnotationId) plus SvelteKit's replaceState
to strip the consumed query params.

afterTick awaits both Svelte's tick() and one requestAnimationFrame,
mirroring the existing handleAnnotationClick timing so the annotation
panel has rendered before scrollIntoView fires.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

test(e2e): notification deep-link scrolls to target comment ... 567faee3cc

Seeds a document, transcription block, and block comment via API,
then visits /documents/{id}?commentId=X&annotationId=Y and asserts
the page enters transcribe mode, the comment article becomes visible,
and the URL query params are stripped. Runs at 320px and 1440px so
the collapsed PDF strip clipping on mobile is caught. An axe-core
pass guards the new tabindex + focus-visible ring against a11y
regressions.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

marcel commented 2026-04-21 14:07:58 +02:00

Author

Owner

Copy Link

👨‍💻 Felix Brandt — Senior Fullstack Developer

Verdict: ⚠️ Approved with concerns

The PR is clean TDD work — every commit is atomic, every behavior tested, every rename carries intent. Upstream fix + backfill + dead-code cleanup is exactly the shape I hoped for after the Discussion Resolutions. Eight tests on scrollToCommentFromQuery cover the matrix, and the CommentMessage changes have focused component tests. Two small concerns below, none blocking.

Blockers

(none)

Suggestions

• +page.svelte line 319 — defensive default for page.state. On first navigation page.state is typically {} but can be undefined on older browsers or certain redirect paths. replaceState(page.url.pathname, page.state ?? {}) is a zero-cost belt-and-braces. Two chars.
• +page.svelte lines 314-317 — readable afterTick. The inline await new Promise<void>((resolve) => requestAnimationFrame(() => resolve())) is fine but dense. A tiny helper waitForNextFrame() next to the helper makes the intent obvious. Not worth a dedicated refactor unless you're extracting more timing utilities.
• +page.svelte line 304 — fire-and-forget. scrollToCommentFromQuery(...) returns a Promise we don't await. That's intentional (onMount is sync), but if the helper ever throws (e.g. getElement callback crashes), the error is swallowed. Wrapping with .catch((e) => console.error('deep-link scroll failed', e)) surfaces it without changing behavior.
• deepLinkScroll.ts — contract could assert documentId matches. Not a concern now (we read the URL and trust the router), but a expectedDocumentId option that compares against the URL path would make the helper safer against cross-document URL shenanigans. Filing idea for future; no action this PR.

Good things worth noting

• Red-phase evidence is clear in every commit: test names imply the behavior, and the production change is the minimum.
• stubSaveAssigningRandomId() helper in CommentServiceTest.java is reused cleanly across the new postBlockComment_* tests.
• Net −243 lines for a bug fix is the kind of PR I love to merge.

## 👨‍💻 Felix Brandt — Senior Fullstack Developer **Verdict: ⚠️ Approved with concerns** The PR is clean TDD work — every commit is atomic, every behavior tested, every rename carries intent. Upstream fix + backfill + dead-code cleanup is exactly the shape I hoped for after the Discussion Resolutions. Eight tests on `scrollToCommentFromQuery` cover the matrix, and the CommentMessage changes have focused component tests. Two small concerns below, none blocking. ### Blockers _(none)_ ### Suggestions - **`+page.svelte` line 319 — defensive default for `page.state`.** On first navigation `page.state` is typically `{}` but can be `undefined` on older browsers or certain redirect paths. `replaceState(page.url.pathname, page.state ?? {})` is a zero-cost belt-and-braces. Two chars. - **`+page.svelte` lines 314-317 — readable `afterTick`.** The inline `await new Promise<void>((resolve) => requestAnimationFrame(() => resolve()))` is fine but dense. A tiny helper `waitForNextFrame()` next to the helper makes the intent obvious. Not worth a dedicated refactor unless you're extracting more timing utilities. - **`+page.svelte` line 304 — fire-and-forget.** `scrollToCommentFromQuery(...)` returns a `Promise` we don't `await`. That's intentional (onMount is sync), but if the helper ever throws (e.g. `getElement` callback crashes), the error is swallowed. Wrapping with `.catch((e) => console.error('deep-link scroll failed', e))` surfaces it without changing behavior. - **`deepLinkScroll.ts` — contract could assert `documentId` matches.** Not a concern now (we read the URL and trust the router), but a `expectedDocumentId` option that compares against the URL path would make the helper safer against cross-document URL shenanigans. Filing idea for future; no action this PR. ### Good things worth noting - Red-phase evidence is clear in every commit: test names imply the behavior, and the production change is the minimum. - `stubSaveAssigningRandomId()` helper in `CommentServiceTest.java` is reused cleanly across the new `postBlockComment_*` tests. - Net −243 lines for a bug fix is the kind of PR I love to merge.

marcel commented 2026-04-21 14:08:08 +02:00

Author

Owner

Copy Link

🏛️ Markus Keller — Application Architect

Verdict: ✅ Approved

The chosen path is structurally right — upstream fix over scaffolding endpoint, with the data backfill to match. Layering is respected: CommentService calls TranscriptionService.getBlock rather than reaching into TranscriptionBlockRepository, per the project's strict rule. The dead-code cleanup shrinks the surface area to what the frontend actually uses, which is what a codebase of this size deserves.

Observations

• CommentService now has five injected dependencies (commentRepository, userService, notificationService, auditService, transcriptionService). That's at the upper edge of comfortable — if one more lands it's time to split by concern. Not today.
• V51's two UPDATE statements are idempotent and scoped with IS NULL guards. Rerun-safe if the migration gets re-executed in a shadow environment, and the Flyway checksum protects against drift.
• Frontend layering is also clean — scrollToCommentFromQuery is a pure function in $lib/utils/ with all side effects injected. That's the right place for it; keeps the page component orchestration-only.

Suggestions

• No architecture action. One forward-looking note: the DocumentComment.annotationId field now has a single semantic meaning ("the block's annotation for block comments"). Worth a one-line comment on the field or a follow-up cleanup that renames it to blockAnnotationId — but only if someone else is touching that entity for another reason. Don't do it here.

## 🏛️ Markus Keller — Application Architect **Verdict: ✅ Approved** The chosen path is structurally right — upstream fix over scaffolding endpoint, with the data backfill to match. Layering is respected: `CommentService` calls `TranscriptionService.getBlock` rather than reaching into `TranscriptionBlockRepository`, per the project's strict rule. The dead-code cleanup shrinks the surface area to what the frontend actually uses, which is what a codebase of this size deserves. ### Observations - `CommentService` now has five injected dependencies (`commentRepository`, `userService`, `notificationService`, `auditService`, `transcriptionService`). That's at the upper edge of comfortable — if one more lands it's time to split by concern. Not today. - V51's two `UPDATE` statements are idempotent and scoped with `IS NULL` guards. Rerun-safe if the migration gets re-executed in a shadow environment, and the Flyway checksum protects against drift. - Frontend layering is also clean — `scrollToCommentFromQuery` is a pure function in `$lib/utils/` with all side effects injected. That's the right place for it; keeps the page component orchestration-only. ### Suggestions - No architecture action. One forward-looking note: the `DocumentComment.annotationId` field now has a single semantic meaning ("the block's annotation for block comments"). Worth a one-line comment on the field or a follow-up cleanup that renames it to `blockAnnotationId` — but only if someone else is touching that entity for another reason. Don't do it here.

marcel commented 2026-04-21 14:08:15 +02:00

Author

Owner

Copy Link

🛡️ Nora "NullX" Steiner — Application Security Engineer

Verdict: ✅ Approved

No new vulnerabilities introduced by this PR. Confirmed the family-internal auth model per the Discussion Resolutions: every authenticated user can read block comments. The deep-link URL carries ?commentId=&annotationId= (both UUIDs) — anyone opening the URL sees exactly what they'd see by navigating normally, which is the intended posture.

What I checked

• No new endpoints. The originally proposed GET /api/documents/{id}/comments/{commentId} was dropped — no additional attack surface.
• Frontend URL handling. page.url.searchParams.get('commentId') returns a raw string that gets concatenated into #comment-{id} and into the element id attribute on CommentMessage.svelte. Template-literal concatenation only, no innerHTML or eval, no XSS vector.
• document.getElementById(comment-${commentId}) — if commentId is malformed it simply fails to match and the helper no-ops. No crash, no leak.
• Flyway V51 uses server-side UUID join — no user input path into the SQL. Safe.
• Upstream CommentService.postBlockComment — now calls transcriptionService.getBlock(documentId, blockId) which already enforces that the block belongs to the document (see TranscriptionService.java:50-55, findByIdAndDocumentId). Previously this was unchecked: a user could post a block comment with a mismatched {documentId, blockId} pair because the comment stored both independently. This PR closes a latent IDOR on the write path. Worth calling out positively.

Pre-existing observations (not this PR's concern, filing for awareness)

• getBlockComments at CommentController.java:30 uses @PathVariable UUID blockId and ignores documentId. Same in replyToBlockComment. Pre-existing and out of scope here; if you'd like I can open a separate issue for document↔block match on reads. Low severity given the trust model.

Blockers

(none)

## 🛡️ Nora "NullX" Steiner — Application Security Engineer **Verdict: ✅ Approved** No new vulnerabilities introduced by this PR. Confirmed the family-internal auth model per the Discussion Resolutions: every authenticated user can read block comments. The deep-link URL carries `?commentId=&annotationId=` (both UUIDs) — anyone opening the URL sees exactly what they'd see by navigating normally, which is the intended posture. ### What I checked - **No new endpoints.** The originally proposed `GET /api/documents/{id}/comments/{commentId}` was dropped — no additional attack surface. - **Frontend URL handling.** `page.url.searchParams.get('commentId')` returns a raw string that gets concatenated into `#comment-{id}` and into the element id attribute on `CommentMessage.svelte`. Template-literal concatenation only, no `innerHTML` or `eval`, no XSS vector. - **`document.getElementById(`comment-${commentId}`)`** — if `commentId` is malformed it simply fails to match and the helper no-ops. No crash, no leak. - **Flyway V51** uses server-side UUID join — no user input path into the SQL. Safe. - **Upstream `CommentService.postBlockComment`** — now calls `transcriptionService.getBlock(documentId, blockId)` which already enforces that the block belongs to the document (see `TranscriptionService.java:50-55`, `findByIdAndDocumentId`). Previously this was unchecked: a user could post a block comment with a mismatched `{documentId, blockId}` pair because the comment stored both independently. **This PR closes a latent IDOR on the write path.** Worth calling out positively. ### Pre-existing observations (not this PR's concern, filing for awareness) - `getBlockComments` at `CommentController.java:30` uses `@PathVariable UUID blockId` and ignores `documentId`. Same in `replyToBlockComment`. Pre-existing and out of scope here; if you'd like I can open a separate issue for document↔block match on reads. Low severity given the trust model. ### Blockers _(none)_

marcel commented 2026-04-21 14:08:20 +02:00

Author

Owner

Copy Link

🧪 Sara Holt — QA & Test Strategist

Verdict: ✅ Approved

The pyramid is balanced and fast. 1191 backend tests pass, 1122 frontend tests across 129 files pass. TDD discipline is visible in the commit sequence — each commit is red → green → commit. Nothing flaky, nothing mocked that should be real.

What I verified

• Unit coverage (backend): CommentServiceTest has the upstream fix covered in two directions — annotationId populated + notFound propagation. Helper-behavior coverage (authorName, mentions, audit) ported to postBlockComment_* equivalents. Net test count dropped because the removed dead-method tests exceeded the ported equivalents; that's correct for a feature removal.
• Migration test (backend): MigrationIntegrationTest seeds pre-V51-like data and runs the extracted SQL — verifies both comments and notifications are backfilled. JdbcTemplate pattern matches the V23/V30/V42 test style already established in that file. Good consistency.
• Unit coverage (frontend): deepLinkScroll.spec.ts has 8 focused tests, each one logical assertion. Mocks are at the module boundary (injected callbacks, not global fetch). Fake timers not needed since the helper is promise-based — await expect.resolves instead. Clean.
• Component test: CommentMessage.svelte.spec.ts picked up 3 new attribute assertions against getByRole('article').element() — DOM-level correctness for id, tabindex, and the focus-visible class regex. Existing behavior tests (8) still pass.
• E2E: notification-deep-link.spec.ts seeds via API, drives the browser at both 320px and 1440px, asserts URL-strip + comment visibility, and runs axe-core. The viewport parameterization catches the mobile PDF-strip clipping concern we flagged in Theme 5. Screenshots saved for visual regression.

Suggestions

• Consider waitFor rather than expect.poll on URL strip in the E2E. Both work; expect.poll(() => page.url()) re-evaluates until the assertion passes or times out. Fine as-is; just noting the alternative. Zero rewrite value.
• E2E axe check runs on default page state. After the comment becomes visible, which is correct — but by the time axe runs, focus may or may not have landed depending on animation timing. That's acceptable coverage for the new tabindex/focus-visible additions (axe doesn't need focus to be on a specific element to catch tabindex-related violations).

Blockers

(none)

## 🧪 Sara Holt — QA & Test Strategist **Verdict: ✅ Approved** The pyramid is balanced and fast. 1191 backend tests pass, 1122 frontend tests across 129 files pass. TDD discipline is visible in the commit sequence — each commit is red → green → commit. Nothing flaky, nothing mocked that should be real. ### What I verified - **Unit coverage (backend)**: `CommentServiceTest` has the upstream fix covered in two directions — annotationId populated + notFound propagation. Helper-behavior coverage (authorName, mentions, audit) ported to `postBlockComment_*` equivalents. Net test count dropped because the removed dead-method tests exceeded the ported equivalents; that's correct for a feature removal. - **Migration test (backend)**: `MigrationIntegrationTest` seeds pre-V51-like data and runs the extracted SQL — verifies both comments and notifications are backfilled. JdbcTemplate pattern matches the V23/V30/V42 test style already established in that file. Good consistency. - **Unit coverage (frontend)**: `deepLinkScroll.spec.ts` has 8 focused tests, each one logical assertion. Mocks are at the module boundary (injected callbacks, not global fetch). Fake timers not needed since the helper is promise-based — `await expect.resolves` instead. Clean. - **Component test**: `CommentMessage.svelte.spec.ts` picked up 3 new attribute assertions against `getByRole('article').element()` — DOM-level correctness for `id`, `tabindex`, and the focus-visible class regex. Existing behavior tests (8) still pass. - **E2E**: `notification-deep-link.spec.ts` seeds via API, drives the browser at both 320px and 1440px, asserts URL-strip + comment visibility, and runs axe-core. The viewport parameterization catches the mobile PDF-strip clipping concern we flagged in Theme 5. Screenshots saved for visual regression. ### Suggestions - **Consider `waitFor` rather than `expect.poll` on URL strip in the E2E.** Both work; `expect.poll(() => page.url())` re-evaluates until the assertion passes or times out. Fine as-is; just noting the alternative. Zero rewrite value. - **E2E axe check runs on default page state.** After the comment becomes visible, which is correct — but by the time axe runs, focus may or may not have landed depending on animation timing. That's acceptable coverage for the new `tabindex`/`focus-visible` additions (axe doesn't need focus to be on a specific element to catch tabindex-related violations). ### Blockers _(none)_

marcel commented 2026-04-21 14:08:42 +02:00

Author

Owner

Copy Link

🎨 Leonie Voss — UX Designer & Accessibility Strategist

Verdict: ✅ Approved

The visual and interaction decisions match what we agreed. The new landing experience reuses the existing annotation-flash vocabulary so users recognize it immediately; keyboard and screen-reader users now have a first-class landing target that mouse users never see.

What I verified

• CommentMessage.svelte:35-40 — id="comment-{message.id}", tabindex="-1", outline-none focus-visible:ring-2 focus-visible:ring-brand-navy focus-visible:ring-offset-2. Correct tokens (brand-navy, not raw hex), correct use of focus-visible so only keyboard focus shows the ring.
• +page.svelte:309-312 — flash duration respects prefersReducedMotion (2000 ms / 1500 ms) matching the existing handleAnnotationClick behavior at line 237. Same motion policy, no drift.
• deepLinkScroll.ts:31 — scrollIntoView({ behavior, block: 'center' }). 'center' per our 320 px collapsed-PDF-strip discussion. behavior switches to 'instant' under reduced motion. Both correct.
• .focus({ preventScroll: true }) — doesn't nudge the page a second time after scrollIntoView. Good; double-scroll would feel jittery.
• No aria-live added to the comment list container. Confirmed.
• E2E viewport parameterization at 320 px — this is the thing most likely to regress on future layout changes, and it's pinned in CI now. Thank you.

Suggestions

• Minor — the flash targets the annotation polygon, not the comment. That's what we agreed (reuse the existing flashAnnotationId mechanism), but I want to note: if the PDF is still loading when the helper runs, the annotation polygon may not be visible yet when the flash fires. In that case the user sees no flash, only the focused comment. Acceptable for a notification click-through (the PDF typically renders fast), but could be worth a follow-up issue if user reports come in. No action this PR.
• Consider a tiny sr-only live-region announcement on landing — something like "Landed on comment by {authorName}" for screen-reader confirmation. Not a regression from today (nothing was announced before), so it's a pure addition and can be a follow-up.

Blockers

(none)

## 🎨 Leonie Voss — UX Designer & Accessibility Strategist **Verdict: ✅ Approved** The visual and interaction decisions match what we agreed. The new landing experience reuses the existing annotation-flash vocabulary so users recognize it immediately; keyboard and screen-reader users now have a first-class landing target that mouse users never see. ### What I verified - **`CommentMessage.svelte:35-40`** — `id="comment-{message.id}"`, `tabindex="-1"`, `outline-none focus-visible:ring-2 focus-visible:ring-brand-navy focus-visible:ring-offset-2`. Correct tokens (`brand-navy`, not raw hex), correct use of `focus-visible` so only keyboard focus shows the ring. - **`+page.svelte:309-312`** — flash duration respects `prefersReducedMotion` (2000 ms / 1500 ms) matching the existing `handleAnnotationClick` behavior at line 237. Same motion policy, no drift. - **`deepLinkScroll.ts:31`** — `scrollIntoView({ behavior, block: 'center' })`. `'center'` per our 320 px collapsed-PDF-strip discussion. `behavior` switches to `'instant'` under reduced motion. Both correct. - **`.focus({ preventScroll: true })`** — doesn't nudge the page a second time after `scrollIntoView`. Good; double-scroll would feel jittery. - **No `aria-live` added to the comment list container.** Confirmed. - **E2E viewport parameterization at 320 px** — this is the thing most likely to regress on future layout changes, and it's pinned in CI now. Thank you. ### Suggestions - **Minor — the flash targets the annotation polygon, not the comment.** That's what we agreed (reuse the existing `flashAnnotationId` mechanism), but I want to note: if the PDF is still loading when the helper runs, the annotation polygon may not be visible yet when the flash fires. In that case the user sees no flash, only the focused comment. Acceptable for a notification click-through (the PDF typically renders fast), but could be worth a follow-up issue if user reports come in. No action this PR. - **Consider a tiny `sr-only` live-region announcement on landing** — something like `"Landed on comment by {authorName}"` for screen-reader confirmation. Not a regression from today (nothing was announced before), so it's a pure addition and can be a follow-up. ### Blockers _(none)_

marcel commented 2026-04-21 14:08:47 +02:00

Author

Owner

Copy Link

⚙️ Tobias Wendt — DevOps & Platform Engineer

Verdict: ✅ Approved

Zero infrastructure impact. No Compose edits, no Caddy rules, no CI workflow changes, no env vars, no management ports. Ship it.

What I checked

• V51 migration: two UPDATE statements, both idempotent via IS NULL guards. Runs in sub-second on the family dataset; CX32 won't notice. Flyway checksum protects the migration from silent edits. No risk of data loss — the migration only fills nulls, never overwrites.
• Application behavior post-deploy: postBlockComment now makes one extra SELECT on transcription_blocks via TranscriptionService.getBlock. Indexed by primary key, ~1 ms per call. Irrelevant at this volume.
• Deployment sequence is safe without coordination: if V51 runs before the new code, existing nulls are backfilled — new comments still come in with null from old code, but the next deploy fixes them. If code deploys first, new comments get annotationId correctly and V51 cleans up the old nulls. Either order works.
• No new endpoints means no Caddy reverse-proxy changes.
• E2E spec adds one more test file in frontend/e2e/. Runs against the existing Docker Compose stack in CI. Takes ~30 seconds at worst. Fine.

Suggestions

• No infra suggestions. Keep shipping.

Blockers

(none)

## ⚙️ Tobias Wendt — DevOps & Platform Engineer **Verdict: ✅ Approved** Zero infrastructure impact. No Compose edits, no Caddy rules, no CI workflow changes, no env vars, no management ports. Ship it. ### What I checked - **V51 migration**: two `UPDATE` statements, both idempotent via `IS NULL` guards. Runs in sub-second on the family dataset; CX32 won't notice. Flyway checksum protects the migration from silent edits. No risk of data loss — the migration only fills nulls, never overwrites. - **Application behavior post-deploy**: `postBlockComment` now makes one extra `SELECT` on `transcription_blocks` via `TranscriptionService.getBlock`. Indexed by primary key, ~1 ms per call. Irrelevant at this volume. - **Deployment sequence is safe without coordination**: if V51 runs before the new code, existing nulls are backfilled — new comments still come in with null from old code, but the next deploy fixes them. If code deploys first, new comments get annotationId correctly and V51 cleans up the old nulls. Either order works. - **No new endpoints means no Caddy reverse-proxy changes.** - **E2E spec** adds one more test file in `frontend/e2e/`. Runs against the existing Docker Compose stack in CI. Takes ~30 seconds at worst. Fine. ### Suggestions - No infra suggestions. Keep shipping. ### Blockers _(none)_

marcel added 1 commit 2026-04-21 14:11:49 +02:00

polish(document-detail): address review concerns on onMount deep-link wiring ... 3bf0b38c42

Three small refinements from Felix's review cycle 1:

- replaceState(page.url.pathname, page.state ?? {}) — defend against
  first-navigation cases where page.state can be undefined.
- Extract the inline tick + requestAnimationFrame into a named
  waitForPanelRender() helper; intent is now readable from onMount.
- Attach .catch() to the fire-and-forget scrollToCommentFromQuery
  promise so any helper throw surfaces via console.error instead
  of silently disappearing.

No behavior change on the happy path. All existing tests stay green.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

marcel commented 2026-04-21 14:12:02 +02:00

Author

Owner

Copy Link

Review Cycle 1 — Changes

Addressed

• [@developer Felix] replaceState should default page.state to {} — commit 3bf0b38c
• [@developer Felix] afterTick should be extracted to a named helper — extracted as waitForPanelRender() in commit 3bf0b38c
• [@developer Felix] Fire-and-forget promise should surface errors — added .catch((e) => console.error('deep-link scroll failed', e)) in commit 3bf0b38c

Out of scope

• [@developer Felix] expectedDocumentId contract assertion on scrollToCommentFromQuery — Felix explicitly marked this as "Filing idea for future; no action this PR." No issue created; raise manually if needed.

All other personas (Markus, Nora, Sara, Leonie, Tobias) returned ✅ Approved with no blockers.

Re-running review cycle 2.

## Review Cycle 1 — Changes ### Addressed - **[@developer Felix] `replaceState` should default `page.state` to `{}`** — commit `3bf0b38c` - **[@developer Felix] `afterTick` should be extracted to a named helper** — extracted as `waitForPanelRender()` in commit `3bf0b38c` - **[@developer Felix] Fire-and-forget promise should surface errors** — added `.catch((e) => console.error('deep-link scroll failed', e))` in commit `3bf0b38c` ### Out of scope - **[@developer Felix] `expectedDocumentId` contract assertion on `scrollToCommentFromQuery`** — Felix explicitly marked this as "Filing idea for future; no action this PR." No issue created; raise manually if needed. All other personas (Markus, Nora, Sara, Leonie, Tobias) returned ✅ Approved with no blockers. Re-running review cycle 2.

marcel commented 2026-04-21 14:12:40 +02:00

Author

Owner

Copy Link

👨‍💻 Felix Brandt — Senior Fullstack Developer

Verdict: ✅ Approved

All three cycle-1 concerns resolved in 3bf0b38c:

• replaceState(page.url.pathname, page.state ?? {}) at line 321 — defensive default in place.
• waitForPanelRender() helper extracted to lines 294-297 — onMount now reads as intent, not as timing plumbing.
• .catch((e) => console.error('deep-link scroll failed', e)) at line 322 — fire-and-forget errors now surface.

No new issues. The diff since cycle 1 is 6 lines in one file, all polish. deepLinkScroll tests (8/8) still green, prettier clean. Ready to merge.

## 👨‍💻 Felix Brandt — Senior Fullstack Developer **Verdict: ✅ Approved** All three cycle-1 concerns resolved in `3bf0b38c`: - `replaceState(page.url.pathname, page.state ?? {})` at line 321 — defensive default in place. - `waitForPanelRender()` helper extracted to lines 294-297 — onMount now reads as intent, not as timing plumbing. - `.catch((e) => console.error('deep-link scroll failed', e))` at line 322 — fire-and-forget errors now surface. No new issues. The diff since cycle 1 is 6 lines in one file, all polish. `deepLinkScroll` tests (8/8) still green, prettier clean. Ready to merge.

marcel commented 2026-04-21 14:12:43 +02:00

Author

Owner

Copy Link

🏛️ Markus Keller — Application Architect

Verdict: ✅ Approved

No architectural changes since cycle 1. The polish commit adds a single page-local helper (waitForPanelRender) — appropriately scoped, no cross-module leak. My cycle-1 approval stands.

## 🏛️ Markus Keller — Application Architect **Verdict: ✅ Approved** No architectural changes since cycle 1. The polish commit adds a single page-local helper (`waitForPanelRender`) — appropriately scoped, no cross-module leak. My cycle-1 approval stands.

marcel commented 2026-04-21 14:12:48 +02:00

Author

Owner

Copy Link

🛡️ Nora "NullX" Steiner — Application Security Engineer

Verdict: ✅ Approved

Cycle-2 diff is three behavioral tweaks in +page.svelte — no new endpoints, no new input paths, no new DOM injection points. console.error('deep-link scroll failed', e) uses structured logging with the error object as a parameter (not string concatenation) so any sensitive data in the error surfaces through the browser devtools only, not log aggregation. LGTM from my angle.

## 🛡️ Nora "NullX" Steiner — Application Security Engineer **Verdict: ✅ Approved** Cycle-2 diff is three behavioral tweaks in `+page.svelte` — no new endpoints, no new input paths, no new DOM injection points. `console.error('deep-link scroll failed', e)` uses structured logging with the error object as a parameter (not string concatenation) so any sensitive data in the error surfaces through the browser devtools only, not log aggregation. LGTM from my angle.

marcel commented 2026-04-21 14:12:52 +02:00

Author

Owner

Copy Link

🧪 Sara Holt — QA & Test Strategist

Verdict: ✅ Approved

The cycle-2 change is refactor-only on the wiring — no new behavior, no test impact. I re-ran the helper's unit suite (deepLinkScroll.spec.ts: 8/8 pass) and the component tests (CommentMessage.svelte.spec.ts: 11/11 pass). The E2E journey is unchanged and still covered at both 320 px and 1440 px.

One note, no action required: .catch() surfacing errors through console.error is visible in the Playwright test run via page.on('pageerror') or page.on('console') if we ever want to assert on it. Nothing to add now.

Ready to merge.

## 🧪 Sara Holt — QA & Test Strategist **Verdict: ✅ Approved** The cycle-2 change is refactor-only on the wiring — no new behavior, no test impact. I re-ran the helper's unit suite (`deepLinkScroll.spec.ts`: 8/8 pass) and the component tests (`CommentMessage.svelte.spec.ts`: 11/11 pass). The E2E journey is unchanged and still covered at both 320 px and 1440 px. One note, no action required: `.catch()` surfacing errors through `console.error` is visible in the Playwright test run via `page.on('pageerror')` or `page.on('console')` if we ever want to assert on it. Nothing to add now. Ready to merge.

marcel commented 2026-04-21 14:12:54 +02:00

Author

Owner

Copy Link

🎨 Leonie Voss — UX Designer & Accessibility Strategist

Verdict: ✅ Approved

No user-facing change since cycle 1. Cycle-2 is pure code polish on the onMount wiring — motion policy, focus handling, focus-visible ring, and 320 px behavior all unchanged. My cycle-1 approval stands. LGTM.

## 🎨 Leonie Voss — UX Designer & Accessibility Strategist **Verdict: ✅ Approved** No user-facing change since cycle 1. Cycle-2 is pure code polish on the onMount wiring — motion policy, focus handling, focus-visible ring, and 320 px behavior all unchanged. My cycle-1 approval stands. LGTM.

marcel commented 2026-04-21 14:12:56 +02:00

Author

Owner

Copy Link

⚙️ Tobias Wendt — DevOps & Platform Engineer

Verdict: ✅ Approved

Cycle-2 touches one frontend file, zero infra. Migration, Compose, Caddy, CI all unchanged from cycle 1. LGTM — ship it.

## ⚙️ Tobias Wendt — DevOps & Platform Engineer **Verdict: ✅ Approved** Cycle-2 touches one frontend file, zero infra. Migration, Compose, Caddy, CI all unchanged from cycle 1. LGTM — ship it.

marcel merged commit 3bf0b38c42 into main 2026-04-21 15:06:02 +02:00

marcel deleted branch feat/issue-276-notification-deep-link-scroll 2026-04-21 15:06:03 +02:00

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

Clear labels

P0-critical

Blocks a core user journey, causes data loss, or is a security/accessibility barrier. Work on this before P1+.

P1-high

Significant friction on a main user journey; workaround exists but is non-obvious. Next up after P0.

P2-medium

Noticeable improvement; doesn't block anything; schedule opportunistically.

P3-later

Cosmetic or parking-lot work; fine to stay open indefinitely.

audit

Read-only audit / assessment work; produces a report rather than changing code

bug

Something isn't working

cleanup

Removal of dead code, vague comments, naming violations, and scratch artifacts

collaboration

We want to extend the family archive to have more collaboration tools

conversation

descoped

We will do that later

devops

documentation

README, ARCHITECTURE, GLOSSARY, CONTRIBUTING, per-domain docs

epic

Marker for epic-level issues that group multiple child issues

feature

file-upload

legibility

Codebase Legibility Refactor — preparing the codebase for human evaluation and bus-factor reduction

notification

person

phase-1: security

Security hygiene — must be done first

phase-2: container-images

Production-ready multi-stage Docker images

phase-3: prod-compose

Production compose overlay + Caddy reverse proxy

phase-4: spring-prod-profile

Spring Boot production configuration profile

phase-5: backups

Database and object storage backup strategy

phase-6: deployment-docs

.env.example, DEPLOYMENT.md, runbook

phase-7: monitoring

Prometheus, Loki, Grafana, Alertmanager

refactor

Code restructuring without behaviour change

security

test

ui

UI/UX and accessibility issues

user

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

Jens marcel

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: marcel/familienarchiv#299