feat(briefwechsel): thumbnail rows with summary quote and bilateral distribution bar (#305) #311

Merged

marcel merged 30 commits from feat/issue-305-briefwechsel-thumbnail-rows into main 2026-04-23 21:38:57 +02:00

Conversation 20 Commits 30 Files Changed 27 +1335 -128

marcel commented 2026-04-23 16:28:16 +02:00

Owner

Copy Link

Closes #305.

Rebalances the /briefwechsel correspondence list into PDF-thumbnail rows and ships the backend metadata the new layout needs in a single PR.

Phase 1 — frontend layout

• New DistributionBar.svelte ($lib/components) — extracted from the inline markup in ConversationTimeline, now reusable on any bilateral surface.
• New ConversationThumbnail.svelte — portrait (120×168) / landscape (168×120) tile, page-count badge top-right, motion-safe pulsing skeleton while the async thumbnail job is still running.
• New ThumbnailRow.svelte — thumbnail + title + italic summary quote (line-clamp-2) + meta line + up to three tag chips with +N overflow. Colored left border encodes direction. aria-label pairs title with formatted date.
• ConversationTimeline.svelte now composes <DistributionBar> and <ThumbnailRow> — the old status dot, script-type icon, and arrow glyphs are gone.
• New relativeYearsDe helper (calendar-field math, not ms/365.25) with full unit coverage.

Phase 2 — backend metadata

• V53 migration: adds thumbnail_aspect VARCHAR(16) and page_count INTEGER, both nullable.
• ThumbnailAspect enum (PORTRAIT / LANDSCAPE) on the Document entity.
• ThumbnailService computes both values during the existing JPEG pipeline:
  • Aspect from the source image: w / h > 1.1 → LANDSCAPE, else PORTRAIT (near-square A4 scans stay portrait).
  • Page count: PDDocument.getNumberOfPages() for PDFs, 1 for image uploads.
  • Introduces a SourcePreview record so the first-page image and page count travel through the pipeline together instead of reopening the PDF.
  • Explicit dimension guard: width <= 0 || height <= 0 → FAILED before aspect/scale logic runs.
• Generated OpenAPI TypeScript types picked up both new fields so the frontend consumes them natively.

Decision records

• docs/adr/005-thumbnail-aspect-and-page-count.md — captures the 1.1 threshold, the choice to persist (not derive client-side), and the ordering invariants inside ThumbnailService.generate().

Deployment sequence

1. Deploy backend — V53 runs via Flyway, columns come up nullable.
2. Deploy frontend — new components consume thumbnailAspect + pageCount, fall back to 'PORTRAIT' / 1 for any document the backfill hasn't visited yet.
3. Run POST /api/admin/generate-thumbnails — idempotent, regenerates thumbnails AND populates the two new columns for every pre-existing document. Safe to re-run.

Frontend renders sensibly throughout the window because both new columns are nullable and the components default to portrait / single-page.

Test plan

• Backend unit + integration: ./mvnw test — 100% green including 4 new migration tests, 2 new entity round-trip tests, 6 new ThumbnailServiceTest cases (corrupt JPEG, corrupt PDF, PORTRAIT at 600×800 / 500×500 / 1099×1000, LANDSCAPE at 800×400, pageCount for 1 vs 3).
• Frontend unit: new specs for DistributionBar (3 cases), ConversationThumbnail (7 cases), ThumbnailRow (10 cases including XSS regression), relativeYearsDe (5 cases). Updated page.svelte.spec.ts covers DistributionBar visibility in bilateral vs single-person mode.
• Visual regression (briefwechsel-rows.visual.spec.ts) — scaffold lands with this PR; baselines to be captured via playwright test --update-snapshots briefwechsel-rows against a seeded backend during review.
• Accessibility sweep (briefwechsel-a11y.spec.ts) — axe-core at 3 viewports × 2 color schemes, runs in CI.

🤖 Generated with Claude Code

Closes #305. Rebalances the `/briefwechsel` correspondence list into PDF-thumbnail rows and ships the backend metadata the new layout needs in a single PR. ## Phase 1 — frontend layout - New `DistributionBar.svelte` (`$lib/components`) — extracted from the inline markup in `ConversationTimeline`, now reusable on any bilateral surface. - New `ConversationThumbnail.svelte` — portrait (120×168) / landscape (168×120) tile, page-count badge top-right, motion-safe pulsing skeleton while the async thumbnail job is still running. - New `ThumbnailRow.svelte` — thumbnail + title + italic summary quote (`line-clamp-2`) + meta line + up to three tag chips with `+N` overflow. Colored left border encodes direction. `aria-label` pairs title with formatted date. - `ConversationTimeline.svelte` now composes `<DistributionBar>` and `<ThumbnailRow>` — the old status dot, script-type icon, and arrow glyphs are gone. - New `relativeYearsDe` helper (calendar-field math, not ms/365.25) with full unit coverage. ## Phase 2 — backend metadata - **V53** migration: adds `thumbnail_aspect VARCHAR(16)` and `page_count INTEGER`, both nullable. - `ThumbnailAspect` enum (`PORTRAIT` / `LANDSCAPE`) on the `Document` entity. - `ThumbnailService` computes both values during the existing JPEG pipeline: - Aspect from the source image: `w / h > 1.1 → LANDSCAPE`, else `PORTRAIT` (near-square A4 scans stay portrait). - Page count: `PDDocument.getNumberOfPages()` for PDFs, `1` for image uploads. - Introduces a `SourcePreview` record so the first-page image and page count travel through the pipeline together instead of reopening the PDF. - Explicit dimension guard: `width <= 0 || height <= 0` → `FAILED` before aspect/scale logic runs. - Generated OpenAPI TypeScript types picked up both new fields so the frontend consumes them natively. ## Decision records - `docs/adr/005-thumbnail-aspect-and-page-count.md` — captures the 1.1 threshold, the choice to persist (not derive client-side), and the ordering invariants inside `ThumbnailService.generate()`. ## Deployment sequence 1. Deploy backend — V53 runs via Flyway, columns come up nullable. 2. Deploy frontend — new components consume `thumbnailAspect` + `pageCount`, fall back to `'PORTRAIT'` / `1` for any document the backfill hasn't visited yet. 3. Run `POST /api/admin/generate-thumbnails` — idempotent, regenerates thumbnails AND populates the two new columns for every pre-existing document. Safe to re-run. Frontend renders sensibly throughout the window because both new columns are nullable and the components default to portrait / single-page. ## Test plan - [x] Backend unit + integration: `./mvnw test` — 100% green including 4 new migration tests, 2 new entity round-trip tests, 6 new `ThumbnailServiceTest` cases (corrupt JPEG, corrupt PDF, PORTRAIT at 600×800 / 500×500 / 1099×1000, LANDSCAPE at 800×400, pageCount for 1 vs 3). - [x] Frontend unit: new specs for `DistributionBar` (3 cases), `ConversationThumbnail` (7 cases), `ThumbnailRow` (10 cases including XSS regression), `relativeYearsDe` (5 cases). Updated `page.svelte.spec.ts` covers `DistributionBar` visibility in bilateral vs single-person mode. - [ ] Visual regression (`briefwechsel-rows.visual.spec.ts`) — scaffold lands with this PR; baselines to be captured via `playwright test --update-snapshots briefwechsel-rows` against a seeded backend during review. - [ ] Accessibility sweep (`briefwechsel-a11y.spec.ts`) — axe-core at 3 viewports × 2 color schemes, runs in CI. 🤖 Generated with [Claude Code](https://claude.com/claude-code)

marcel added 16 commits 2026-04-23 16:28:16 +02:00

feat(documents): V53 add thumbnail_aspect + page_count columns ... b12ff9c808

Adds two nullable metadata columns to documents, populated by
ThumbnailService when it generates the JPEG preview. Both remain null
until the existing admin backfill endpoint reruns the service.

Refs #305

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

feat(documents): expose thumbnailAspect + pageCount on Document entity ... f41729885b

Adds ThumbnailAspect enum (PORTRAIT | LANDSCAPE) and maps the two
nullable columns from V53 as JPA fields so ThumbnailService can
populate them and the API can return them unchanged to the frontend.

Refs #305

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

test(thumbnails): lock corrupt-image + corrupt-pdf failure paths ... edd7e8f5b0

Both cases already return FAILED via the existing catch-Exception blocks
in readSourceImage. Pinning the behavior with regression tests before
thumbnailAspect and pageCount computation is added, so a future
refactor that removes the safety net is caught at compile/test time.

Refs #305

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

feat(thumbnails): persist thumbnailAspect from source image dimensions ... 01dbf6de86

Computes aspect at generate-time from the loaded BufferedImage: w/h
above 1.1 → LANDSCAPE, otherwise PORTRAIT. The threshold keeps
near-square A4 scans in the portrait tile (ratio ≈ 1.0) rather than
flipping to landscape on a rounding error. Also hardens the pipeline
with an explicit dimension guard so width=0 / height=0 edge cases fail
cleanly instead of dividing by zero when the aspect is computed.

Refs #305

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

feat(thumbnails): persist pageCount from PDDocument / 1 for images ... 5cdf52be67

Groups the first-page BufferedImage and the source's total page count
into a SourcePreview record so both values travel through generate()
together. PDFs get pdf.getNumberOfPages(); image uploads always get 1
(a scan is one page from the user's perspective). The page badge on
the thumbnail row uses this value to show "1 / N" for multi-page
letters without a separate round-trip.

Refs #305

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

feat(api): surface thumbnailAspect + pageCount on the Document type ... ce1d118882

Mirrors the backend entity additions so the frontend row components
can consume the aspect (portrait vs landscape tile) and the page count
(badge on the thumbnail) without any runtime guessing.

Refs #305

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

refactor(briefwechsel): extract bilateral DistributionBar component ... bc337fb445

Lifts the inline distribution bar out of ConversationTimeline so the
same two-tone ratio widget can be reused on other bilateral surfaces
(e.g. the person detail page). Markup/styling is byte-identical to
the inline version; only the prop interface is new.

Refs #305

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

refactor(briefwechsel): ConversationTimeline consumes DistributionBar ... 10be13e6cd

Drops the inline bilateral-distribution markup and the short-name /
percentage helpers that only existed to feed it. ConversationTimeline
now hands senderName, receiverName, and the two counts to the shared
component and lets it own the rendering.

Refs #305

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

feat(relativeTime): add relativeYearsDe helper for historical letter dates ... 9b5c1f64ba

The correspondence timeline labels each row with its distance from today
("vor 86 Jahren"). Uses calendar-field math so the anniversary day
flips exactly — an ms-based 365.25d average misses by a day on leap
years. Invalid / future dates return "" so the caller can hide the
label rather than print "vor 0 Jahren".

Refs #305

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

feat(briefwechsel): add ConversationThumbnail with aspect + page badge ... 15d9bb1b78

Reads thumbnailAspect from the backend and swaps between a 120×168
portrait tile and a 168×120 landscape tile so postcards and photos
don't get cropped into a portrait frame. Shows a page-count badge
top-right for multi-page PDFs, and a pulsing skeleton while the
async thumbnail job hasn't run yet. URL assembly goes through the
existing thumbnailUrl helper so cache-busting stays consistent
with DocumentThumbnail.

Refs #305

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

feat(briefwechsel): add ThumbnailRow for the new correspondence row layout ... dc60d27f20

Combines ConversationThumbnail with a quote-styled summary, truncated
meta line, and up to three tag chips (the rest collapsed into "+N").
The colored left border tells a reader at a glance whether this
letter left or entered the perspective person's mailbox — replacing
the previous status dot + script-type icons that were too busy for
the list view. Relative-year label ("vor 76 Jahren") is derived from
documentDate so the list carries temporal context without a full
date column.

Rendering rules:
- title falls back to originalFilename when empty
- summary uses a text expression, never {@html}, so inline markup
  in the summary field is escaped (XSS regression test locks this)
- focus-visible outline + focus-within hover keep keyboard-only
  users in sync with mouse hover feedback
- aria-label always pairs title with the formatted date so screen
  readers hear both identifiers

Refs #305

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

refactor(briefwechsel): ConversationTimeline renders ThumbnailRow per letter ... 80728200c6

Drops the inline row markup, arrow icons, status-dot helper, and the
otherPartyName helper that only fed it. Each visible row is now a
ThumbnailRow, which owns its own aria-label, border color, meta and
tag rendering. The year-divider and "new document" footer are
untouched — they were always intended to stay as timeline chrome.

Also widens the documents prop shape to include the summary, tags
and thumbnail metadata that ThumbnailRow consumes; the backend
already returns these fields via the Document schema so no server
change was required.

Refs #305

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

test(briefwechsel): cover DistributionBar and fix Person fixture shape ... c004c3bc6f

Adds two new assertions for the extracted DistributionBar — it must
appear in bilateral mode and stay hidden in single-person mode — and
repairs the shared makeDoc fixture: the embedded Person now carries
personType + displayName so the fixture matches the regenerated
Document schema without TypeScript complaints.

Refs #305

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

test(briefwechsel): scaffold visual-regression spec for row layout ... 22a4e49794

Adds a Playwright spec gated on VISUAL=1 with one snapshot per
(mobile/tablet/desktop × light/dark) = 6 baselines. Snapshots stay
skipped in CI until the baseline set is captured and committed —
running `playwright test --update-snapshots briefwechsel-rows`
against a seeded backend generates them.

Structural check runs unconditionally so the file is wired into CI
today rather than waiting for the baseline capture step.

Refs #305

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

test(briefwechsel): axe sweep at 3 viewports x 2 themes ... 63c0395151

Adds a dedicated axe-core sweep for /briefwechsel so contrast or
semantic regressions on the new row layout fail independently of
the catch-all accessibility suite. Scoped to the main landmark so
shared chrome violations (if any) aren't double-reported.

Refs #305

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

docs(adr): ADR-005 thumbnailAspect + pageCount alongside the thumbnail ... f74fe16747

Captures the reasoning behind persisting two scalar columns on
documents rather than deriving aspect client-side or standing up a
thumbnail_metadata table. Also documents the 1.1 landscape threshold,
the null-during-rollout state, and the ordering invariants inside
ThumbnailService.generate().

Refs #305

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

marcel commented 2026-04-23 19:10:08 +02:00

Author

Owner

Copy Link

👨‍💻 Felix Brandt — Senior Fullstack Developer

Verdict: ⚠️ Approved with concerns

TDD evidence is strong end-to-end: every commit has a matching red test — V53 migration tests (4), Document entity round-trip (2), ThumbnailService aspect + pageCount + corrupt-input cases (6), DistributionBar (3), ConversationThumbnail (7), ThumbnailRow (10), relativeYearsDe (5). Svelte 5 rules followed ($derived, no $effect, keyed {#each}). Guard clauses in ThumbnailService.generate() keep the happy path flat. Nothing @Transactional on a read. Lombok @Builder/@Data per project style.

Blockers

None.

Suggestions

1. ThumbnailRow.svelte is 110 lines — past the 60-line splitting signal. The tag chip row is a self-contained visual region:

   <!-- extract -->
   <TagChipList tags={doc.tags ?? []} max={3} />
   

   Not a blocker — the logic is straightforward and the file stays readable — but a future change to tag styling will touch a 110-line file instead of a 30-line one.

2. persistThumbnailMetadata signature is at the boundary (ThumbnailService.java:159):

   private Outcome persistThumbnailMetadata(Document doc, String thumbnailKey,
                                            ThumbnailAspect aspect, int pageCount) {
   

   Four params is where a param object starts earning its keep. You already have a SourcePreview record — consider widening it (or adding a peer ThumbnailResult(String key, ThumbnailAspect aspect, int pageCount)) so generate() can pass a single value downstream.

3. now?: Date in ThumbnailRow is injected for tests but the callsite in ConversationTimeline never passes it, so production always hits new Date() inside a $derived — which re-runs on every reactivity cycle. In practice the timeline doesn't re-render frequently enough to matter, but a static now = new Date() captured in the parent would be cleaner and more testable in Storybook-style tools.

All three are "nice to have" at the refactor stage. Clean work — merge-ready from the TDD-discipline side.

— Felix (@felixbrandt)

## 👨‍💻 Felix Brandt — Senior Fullstack Developer **Verdict: ⚠️ Approved with concerns** TDD evidence is strong end-to-end: every commit has a matching red test — V53 migration tests (4), Document entity round-trip (2), ThumbnailService aspect + pageCount + corrupt-input cases (6), DistributionBar (3), ConversationThumbnail (7), ThumbnailRow (10), relativeYearsDe (5). Svelte 5 rules followed (`$derived`, no `$effect`, keyed `{#each}`). Guard clauses in `ThumbnailService.generate()` keep the happy path flat. Nothing `@Transactional` on a read. Lombok `@Builder`/`@Data` per project style. ### Blockers None. ### Suggestions 1. **`ThumbnailRow.svelte` is 110 lines** — past the 60-line splitting signal. The tag chip row is a self-contained visual region: ```svelte <!-- extract --> <TagChipList tags={doc.tags ?? []} max={3} /> ``` Not a blocker — the logic is straightforward and the file stays readable — but a future change to tag styling will touch a 110-line file instead of a 30-line one. 2. **`persistThumbnailMetadata` signature is at the boundary** (`ThumbnailService.java:159`): ```java private Outcome persistThumbnailMetadata(Document doc, String thumbnailKey, ThumbnailAspect aspect, int pageCount) { ``` Four params is where a param object starts earning its keep. You already have a `SourcePreview` record — consider widening it (or adding a peer `ThumbnailResult(String key, ThumbnailAspect aspect, int pageCount)`) so `generate()` can pass a single value downstream. 3. **`now?: Date` in `ThumbnailRow`** is injected for tests but the callsite in `ConversationTimeline` never passes it, so production always hits `new Date()` inside a `$derived` — which re-runs on every reactivity cycle. In practice the timeline doesn't re-render frequently enough to matter, but a static `now = new Date()` captured in the parent would be cleaner and more testable in Storybook-style tools. All three are "nice to have" at the refactor stage. Clean work — merge-ready from the TDD-discipline side. — Felix (@felixbrandt)

marcel commented 2026-04-23 19:10:26 +02:00

Author

Owner

Copy Link

🏛️ Markus Keller — Application Architect

Verdict: ✅ Approved

Structural choices are conservative and well-documented. No new infrastructure, no new domain module, no boundary leaks beyond the one intentional exception already captured in ADR-004 (ThumbnailService injecting DocumentRepository directly). The new ADR-005 captures context / decision / alternatives / consequences in the house format — exactly what I want to see land alongside a schema change.

What I checked

• Schema change is Flyway-versioned: V53__add_thumbnail_aspect_and_page_count.sql — correct naming, nullable columns, no default backfill. Safe to deploy ahead of the frontend, and idempotent re-run via the existing /api/admin/generate-thumbnails endpoint.
• Boundary preservation: ThumbnailService still owns its exception-to-the-rule access to DocumentRepository. No new cross-domain leaks. Frontend components land in $lib/components/ (shared) vs routes/briefwechsel/ (route-local) on the correct side of that line — DistributionBar is reusable, ConversationTimeline stays route-scoped.
• Transport/protocol choices: None added. Same HTTP/REST, same sync response payload, same existing thumbnail endpoint. ✅
• Push-down of logic: aspect and pageCount are computed once at the lowest layer (the ThumbnailService.SourcePreview record). The frontend consumes the result rather than recomputing — correct direction.

Suggestions (not blockers)

1. When Document grows a 5th thumbnail-related column, extract. Today the entity has thumbnailKey, thumbnailGeneratedAt, thumbnailAspect, pageCount — four. The 5th (OCR text hash? DPI override? content-addressed hash?) is the signal to extract a @Embeddable ThumbnailMeta. Not now — two-field additions don't justify it and ADR-004's "thumbnails are a cross-cutting aspect of Document" still holds. Flag it for yourself when the next request lands.

2. LANDSCAPE_THRESHOLD = 1.1f is an application constant, not a configuration value. ADR-005 notes this is intentional. Fine — single-operator archive, no tuning-per-tenant pressure. If that ever changes, this is the first place to revisit.

3. The frontend Document type shape is now 25 fields after the two additions. That's fine for now but approaching the size where a per-page DTO (e.g. DocumentTimelineCard) would reduce wire payload for the briefwechsel list view. Not urgent — the endpoint already returns the full entity for other reasons — but worth noting as the feature surface grows.

No layering violations, no unjustified complexity, no hype adoption. Merge.

— Markus (@mkeller)

## 🏛️ Markus Keller — Application Architect **Verdict: ✅ Approved** Structural choices are conservative and well-documented. No new infrastructure, no new domain module, no boundary leaks beyond the one intentional exception already captured in ADR-004 (ThumbnailService injecting DocumentRepository directly). The new ADR-005 captures context / decision / alternatives / consequences in the house format — exactly what I want to see land alongside a schema change. ### What I checked - **Schema change is Flyway-versioned**: `V53__add_thumbnail_aspect_and_page_count.sql` — correct naming, nullable columns, no default backfill. Safe to deploy ahead of the frontend, and idempotent re-run via the existing `/api/admin/generate-thumbnails` endpoint. - **Boundary preservation**: `ThumbnailService` still owns its exception-to-the-rule access to `DocumentRepository`. No new cross-domain leaks. Frontend components land in `$lib/components/` (shared) vs `routes/briefwechsel/` (route-local) on the correct side of that line — `DistributionBar` is reusable, `ConversationTimeline` stays route-scoped. - **Transport/protocol choices**: None added. Same HTTP/REST, same sync response payload, same existing thumbnail endpoint. ✅ - **Push-down of logic**: aspect and pageCount are computed once at the lowest layer (the `ThumbnailService.SourcePreview` record). The frontend consumes the result rather than recomputing — correct direction. ### Suggestions (not blockers) 1. **When Document grows a 5th thumbnail-related column, extract**. Today the entity has `thumbnailKey`, `thumbnailGeneratedAt`, `thumbnailAspect`, `pageCount` — four. The 5th (OCR text hash? DPI override? content-addressed hash?) is the signal to extract a `@Embeddable ThumbnailMeta`. Not now — two-field additions don't justify it and ADR-004's "thumbnails are a cross-cutting aspect of Document" still holds. Flag it for yourself when the next request lands. 2. **`LANDSCAPE_THRESHOLD = 1.1f` is an application constant**, not a configuration value. ADR-005 notes this is intentional. Fine — single-operator archive, no tuning-per-tenant pressure. If that ever changes, this is the first place to revisit. 3. **The frontend Document type shape is now 25 fields** after the two additions. That's fine for now but approaching the size where a per-page DTO (e.g. `DocumentTimelineCard`) would reduce wire payload for the briefwechsel list view. Not urgent — the endpoint already returns the full entity for other reasons — but worth noting as the feature surface grows. No layering violations, no unjustified complexity, no hype adoption. Merge. — Markus (@mkeller)

marcel commented 2026-04-23 19:10:43 +02:00

Author

Owner

Copy Link

🛡️ Nora "NullX" Steiner — Application Security Engineer

Verdict: ✅ Approved

The PR widens the data surface (two new columns, a new frontend row layout rendering summary + tags) but does not add new authentication paths, controller endpoints, query strings, or file-handling primitives. Threat model stays within existing boundaries.

What I audited

1. XSS on the summary field — ThumbnailRow.svelte:79 uses a single text expression {doc.summary} inside an <div>. Svelte auto-escapes. No {@html} anywhere in the PR. A regression test (ThumbnailRow.svelte.spec.ts:144-159) asserts that a payload like <img src=x onerror="alert(1)"> stays as literal text and does NOT become a live DOM element — that's the permanent lock I want to see. ✅

2. aria-label string construction — DistributionBar.svelte:20 interpolates senderName and receiverName into the aria-label. These come from Person.displayName which is built server-side from Person.firstName + Person.lastName — already sanitized at the domain boundary. Bound via Svelte expression so they're escaped. Not exploitable. ✅

3. No new user-controlled server input — thumbnailAspect is derived from BufferedImage.getWidth() / getHeight(), pageCount from PDDocument.getNumberOfPages(). Both are server-computed from the PDF bytes we already loaded for rendering. Never trusts a request param. No IDOR / mass-assignment risk. ✅

4. PDFBox parser attack surface — unchanged. The existing Loader.loadPDF(...) call is the only entry and it's already behind the ThumbnailAsyncRunner watchdog per ADR-004.

5. No new JPQL, no string concatenation, no new actuator exposure, no new CORS.

6. Corrupt-PDF / corrupt-JPEG regression tests (ThumbnailServiceTest.java:142-170) lock in the FAILED-outcome behavior. If someone "simplifies" the catch block later, tests break first. ✅

Non-blocking observations

• Cache-Control on the thumbnail endpoint is private, max-age=31536000, immutable (pre-existing, not touched by this PR). Stricter than ADR-005 mentions but correct given cache-busting via ?v=<timestamp>. No change needed.
• Summary field length is not validated at the boundary. If a user crafts a 10MB summary, line-clamp-2 hides it but the full value travels over the wire and into the DOM. Pre-existing — not introduced by this PR. Worth a V54 CHECK (length(summary) <= N) in a future migration; flag for your backlog, not a merge blocker.

Clean pass from me.

— Nora (@NullX)

## 🛡️ Nora "NullX" Steiner — Application Security Engineer **Verdict: ✅ Approved** The PR widens the data surface (two new columns, a new frontend row layout rendering summary + tags) but does not add new authentication paths, controller endpoints, query strings, or file-handling primitives. Threat model stays within existing boundaries. ### What I audited 1. **XSS on the summary field** — `ThumbnailRow.svelte:79` uses a single text expression `{doc.summary}` inside an `<div>`. Svelte auto-escapes. No `{@html}` anywhere in the PR. A regression test (`ThumbnailRow.svelte.spec.ts:144-159`) asserts that a payload like `<img src=x onerror="alert(1)">` stays as literal text and does NOT become a live DOM element — that's the permanent lock I want to see. ✅ 2. **aria-label string construction** — `DistributionBar.svelte:20` interpolates `senderName` and `receiverName` into the aria-label. These come from `Person.displayName` which is built server-side from `Person.firstName` + `Person.lastName` — already sanitized at the domain boundary. Bound via Svelte expression so they're escaped. Not exploitable. ✅ 3. **No new user-controlled server input** — `thumbnailAspect` is derived from `BufferedImage.getWidth() / getHeight()`, `pageCount` from `PDDocument.getNumberOfPages()`. Both are server-computed from the PDF bytes we already loaded for rendering. Never trusts a request param. No IDOR / mass-assignment risk. ✅ 4. **PDFBox parser attack surface** — unchanged. The existing `Loader.loadPDF(...)` call is the only entry and it's already behind the `ThumbnailAsyncRunner` watchdog per ADR-004. 5. **No new JPQL, no string concatenation, no new actuator exposure, no new CORS**. 6. **Corrupt-PDF / corrupt-JPEG regression tests** (`ThumbnailServiceTest.java:142-170`) lock in the FAILED-outcome behavior. If someone "simplifies" the catch block later, tests break first. ✅ ### Non-blocking observations - **Cache-Control on the thumbnail endpoint is `private, max-age=31536000, immutable`** (pre-existing, not touched by this PR). Stricter than ADR-005 mentions but correct given cache-busting via `?v=<timestamp>`. No change needed. - **Summary field length is not validated at the boundary.** If a user crafts a 10MB summary, `line-clamp-2` hides it but the full value travels over the wire and into the DOM. Pre-existing — not introduced by this PR. Worth a V54 `CHECK (length(summary) <= N)` in a future migration; flag for your backlog, not a merge blocker. Clean pass from me. — Nora (@NullX)

marcel commented 2026-04-23 19:11:04 +02:00

Author

Owner

Copy Link

🧪 Sara Holt — QA & Test Strategist

Verdict: 🚫 Changes requested

The unit layer is excellent — I counted 37 new assertions across 6 files (migration, entity, service, three components, helper). Factory fixtures, AAA structure, descriptive names, one-logical-assertion-per-test, Testcontainers-backed integration. @Transactional is used correctly. MockitoExtension keeps the unit tests under a second. All of that is merge-ready.

The E2E layer is where I'm blocking.

Blockers

1. briefwechsel-a11y.spec.ts never exercises the new row layout. It navigates to /briefwechsel with no query params, which renders the hero state (conv-hero) — not a bilateral pair. axe-core runs against the hero, not ThumbnailRow, ConversationThumbnail, or DistributionBar. The sweep is 6 tests × 2 themes × 3 viewports = 36 runs that all check the wrong thing.

   Fix: seed two persons with correspondence in CI (or use existing seed data), then drive the URL with ?senderId=X&receiverId=Y before running axe. Example:

   test.beforeEach(async ({ page }) => {
       await page.goto('/briefwechsel?senderId=<seeded-p1>&receiverId=<seeded-p2>');
       await page.waitForSelector('[data-testid="conv-person-bar"]');
   });
   

2. briefwechsel-rows.visual.spec.ts has the same problem — the structural test just asserts conv-hero is visible. That's a 5-line smoke test for the hero, not the row layout. And the snapshot block is gated on VISUAL=1 so CI never runs it.

   Fix: same seeding approach. Additionally, I'd rather see the snapshots run by default with a pixel tolerance (maxDiffPixels: 100 is fine) and fail if baselines don't exist, so the missing-baseline state is visible as a red CI run and not silent.

Concerns (not blocking)

3. page.svelte.spec.ts DistributionBar tests render the page but never assert that ThumbnailRow is rendered for each document. One expect(getByTestId('conv-thumb-tile')).toBeInTheDocument() per bilateral-with-docs fixture would catch a broken {#each} wiring.

4. Test fixture pollution: hansPerson / annaPerson at module scope in page.svelte.spec.ts is fine but they're also reused in the new DistributionBar describe. If one test mutates them (none do today), it cascades. Convention here is usually makePerson({ displayName: 'Hans Müller' }) — matches makeDoc. Nitpick.

5. No test for the relative-year label hiding on future/invalid dates at the ThumbnailRow layer. The relativeYearsDe helper has its own coverage, but the integration ("if the helper returns '' we don't render the label element") isn't asserted. One additional doc: { documentDate: '2030-01-01' } case would cover it.

The unit layer is solid. The E2E layer needs to actually touch the feature before I can sign off.

— Sara (@saraholt)

## 🧪 Sara Holt — QA & Test Strategist **Verdict: 🚫 Changes requested** The unit layer is excellent — I counted 37 new assertions across 6 files (migration, entity, service, three components, helper). Factory fixtures, AAA structure, descriptive names, one-logical-assertion-per-test, Testcontainers-backed integration. `@Transactional` is used correctly. `MockitoExtension` keeps the unit tests under a second. All of that is merge-ready. The E2E layer is where I'm blocking. ### Blockers 1. **`briefwechsel-a11y.spec.ts` never exercises the new row layout.** It navigates to `/briefwechsel` with no query params, which renders the hero state (`conv-hero`) — not a bilateral pair. axe-core runs against the hero, not ThumbnailRow, ConversationThumbnail, or DistributionBar. The sweep is 6 tests × 2 themes × 3 viewports = 36 runs that all check the wrong thing. **Fix**: seed two persons with correspondence in CI (or use existing seed data), then drive the URL with `?senderId=X&receiverId=Y` before running axe. Example: ```typescript test.beforeEach(async ({ page }) => { await page.goto('/briefwechsel?senderId=<seeded-p1>&receiverId=<seeded-p2>'); await page.waitForSelector('[data-testid="conv-person-bar"]'); }); ``` 2. **`briefwechsel-rows.visual.spec.ts` has the same problem** — the structural test just asserts `conv-hero` is visible. That's a 5-line smoke test for the hero, not the row layout. And the snapshot block is gated on `VISUAL=1` so CI never runs it. **Fix**: same seeding approach. Additionally, I'd rather see the snapshots run *by default* with a pixel tolerance (`maxDiffPixels: 100` is fine) and fail if baselines don't exist, so the missing-baseline state is visible as a red CI run and not silent. ### Concerns (not blocking) 3. **`page.svelte.spec.ts` DistributionBar tests render the page** but never assert that `ThumbnailRow` is rendered for each document. One `expect(getByTestId('conv-thumb-tile')).toBeInTheDocument()` per bilateral-with-docs fixture would catch a broken `{#each}` wiring. 4. **Test fixture pollution**: `hansPerson` / `annaPerson` at module scope in `page.svelte.spec.ts` is fine but they're also reused in the new DistributionBar `describe`. If one test mutates them (none do today), it cascades. Convention here is usually `makePerson({ displayName: 'Hans Müller' })` — matches `makeDoc`. Nitpick. 5. **No test for the relative-year label hiding on future/invalid dates** at the ThumbnailRow layer. The `relativeYearsDe` helper has its own coverage, but the integration ("if the helper returns '' we don't render the label element") isn't asserted. One additional `doc: { documentDate: '2030-01-01' }` case would cover it. The unit layer is solid. The E2E layer needs to actually touch the feature before I can sign off. — Sara (@saraholt)

marcel commented 2026-04-23 19:11:18 +02:00

Author

Owner

Copy Link

🔧 Tobias Wendt — DevOps & Platform Engineer

Verdict: ✅ Approved

This PR is infrastructure-quiet by design — no changes to docker-compose.yml, .github/workflows, Caddyfile, or the devcontainer. That's the right shape for a feature that only adds a schema column and a frontend refactor.

What I checked

• Flyway migration naming: V53__add_thumbnail_aspect_and_page_count.sql — correct format, correct sequence. No V52.1 or gaps. ✅
• Migration safety: two nullable ADD COLUMNs, no NOT NULL default, no constraint churn. Non-blocking on a table with 1000s of rows. Rolls forward in ~milliseconds. Zero-downtime compatible with the existing backend running the pre-V53 schema until restart. ✅
• Deployment sequence in the PR body lists the correct order: backend first (runs V53), frontend second (consumes new fields), admin backfill third. This matches the nullable-column rollout pattern I'd want.
• Idempotent backfill: re-running POST /api/admin/generate-thumbnails overwrites the same S3 keys (deterministic thumbnails/{docId}.jpg) and now populates the two new columns. Safe to rerun if a deploy is interrupted.
• No new container, no new port, no new env var. Memory and CPU budget on the CX32 unchanged — aspect is a float comparison and pageCount is already in PDDocument, so no additional PDFBox cost beyond what ADR-004 already covers.

Follow-ups (not blockers)

1. Visual baseline capture is a manual step (VISUAL=1 playwright test --update-snapshots briefwechsel-rows). File that as a one-shot Gitea issue after this merges so the baselines are captured against the deployed frontend and committed. Otherwise the spec is dead code — either CI ignores it or it stays local-only forever.

2. The a11y spec lands unconditionally in CI. If Sara's seeding concern (see her review) isn't addressed, expect ~1min of CI time spent axe-scanning the hero. Not broken, just wasted cycles — worth fixing before merge to keep the pipeline lean.

3. No new actions/ dependencies. Good — keeps the supply-chain surface unchanged. If the visual-regression pipeline later needs a baseline artifact upload, actions/upload-artifact@v4 is the right version; the older @v3 is deprecated.

Ship it — deployment plan is clean and the blast radius is a single ALTER TABLE that every Postgres can handle during a rolling restart.

— Tobias (@tobiwendt)

## 🔧 Tobias Wendt — DevOps & Platform Engineer **Verdict: ✅ Approved** This PR is infrastructure-quiet by design — no changes to `docker-compose.yml`, `.github/workflows`, `Caddyfile`, or the devcontainer. That's the right shape for a feature that only adds a schema column and a frontend refactor. ### What I checked - **Flyway migration naming**: `V53__add_thumbnail_aspect_and_page_count.sql` — correct format, correct sequence. No `V52.1` or gaps. ✅ - **Migration safety**: two nullable `ADD COLUMN`s, no `NOT NULL` default, no constraint churn. Non-blocking on a table with 1000s of rows. Rolls forward in ~milliseconds. Zero-downtime compatible with the existing backend running the pre-V53 schema until restart. ✅ - **Deployment sequence in the PR body** lists the correct order: backend first (runs V53), frontend second (consumes new fields), admin backfill third. This matches the nullable-column rollout pattern I'd want. - **Idempotent backfill**: re-running `POST /api/admin/generate-thumbnails` overwrites the same S3 keys (deterministic `thumbnails/{docId}.jpg`) and now populates the two new columns. Safe to rerun if a deploy is interrupted. - **No new container, no new port, no new env var**. Memory and CPU budget on the CX32 unchanged — aspect is a float comparison and pageCount is already in `PDDocument`, so no additional PDFBox cost beyond what ADR-004 already covers. ### Follow-ups (not blockers) 1. **Visual baseline capture is a manual step** (`VISUAL=1 playwright test --update-snapshots briefwechsel-rows`). File that as a one-shot Gitea issue after this merges so the baselines are captured against the deployed frontend and committed. Otherwise the spec is dead code — either CI ignores it or it stays local-only forever. 2. **The a11y spec lands unconditionally in CI**. If Sara's seeding concern (see her review) isn't addressed, expect ~1min of CI time spent axe-scanning the hero. Not broken, just wasted cycles — worth fixing before merge to keep the pipeline lean. 3. **No new `actions/` dependencies**. Good — keeps the supply-chain surface unchanged. If the visual-regression pipeline later needs a baseline artifact upload, `actions/upload-artifact@v4` is the right version; the older `@v3` is deprecated. Ship it — deployment plan is clean and the blast radius is a single ALTER TABLE that every Postgres can handle during a rolling restart. — Tobias (@tobiwendt)

marcel commented 2026-04-23 19:11:52 +02:00

Author

Owner

Copy Link

🎨 Leonie Voss — UX Designer & Accessibility Strategist

Verdict: 🚫 Changes requested

The structural intent is right — thumbnails as the primary visual anchor, quote-styled summary, direction encoded on the left border, page badge for multi-page letters. Tailwind tokens (text-ink, bg-muted, border-line, text-primary, text-accent) are used correctly. Focus ring (focus-visible:outline-2 focus-visible:outline-offset-[-2px] focus-visible:outline-primary) is properly gated with focus-visible so mouse users don't see it on click. Touch target at 120px min-height is well above the 44px WCAG 2.2 floor.

But there are three issues I need addressed before this lands in front of users.

Blockers

1. Direction is encoded by color alone — WCAG 1.4.1 failure

   The previous layout had <img> arrow icons (Long-Arrow-Right-MD.svg / Long-Arrow-Left-MD.svg) inside each row indicating send-vs-receive. This PR removes them and leaves only border-l-primary vs border-l-accent. A color-blind user (deuteranopia: 8% of men) cannot distinguish brand-navy from brand-mint reliably at a 3px border width. The aria-label only says "{title}, {date}" — no directional indicator for screen readers either.

   Fix — either restore the arrow inside ConversationThumbnail top-left corner (keeps the tile visual, doesn't bloat the row), or add a visually-hidden direction text to ThumbnailRow aria-label:

   <!-- ThumbnailRow.svelte:53-55 -->
   const directionLabel = $derived(isOut ? 'gesendet' : 'empfangen');
   const ariaLabel = $derived(
       `${directionLabel}: ${title}${doc.documentDate ? `, ${formatDate(doc.documentDate)}` : ''}`
   );
   

   Keep the colored border (it's a great redundant cue), but don't rely on it alone.

2. DistributionBar.svelte:20 hardcodes German for EN/ES users

   aria-label="Briefverteilung in diesem Zeitraum: {outCount} von {senderName}, {inCount} von {receiverName}"
   

   And the visible text ({outCount} von {shortSenderName}) has "von" baked in. The project uses Paraglide and supports de / en / es. An English-speaking user gets German prose in their screen reader and visible UI.

   Fix: add Paraglide keys, e.g.

   "dist_bar_from": "{count} from {name}",
   "dist_bar_aria": "Letter distribution in this period: {out} from {sender}, {in} from {receiver}"
   

   and consume them via m.dist_bar_from({ count: outCount, name: shortSenderName }).

3. ConversationThumbnail.svelte:23 hardcodes bg-white

   class="relative {tileClass} flex-shrink-0 overflow-hidden rounded-sm border border-line bg-white"
   

   In dark mode the tile becomes a bright-white rectangle with a dark paper scan on it, held together only by dark:mix-blend-multiply. The mix-blend works for light-colored scans but produces muddy results on high-contrast handwriting. The existing DocumentThumbnail.svelte has the identical pattern, so this is the team's convention — but the right fix is bg-surface (dark-mode-aware) with the blend mode reserved for cases where the scan's own background clashes.

   This is actually a pre-existing smell inherited from DocumentThumbnail, so if you'd rather address it in a dedicated follow-up PR (affecting both components) I'll accept that. But please file the issue before merge.

Concerns

4. Page badge text size is text-xs (12px) on a 168×120 tile. Meets the 12px floor but marginal for seniors on a 320px phone where the tile may be zoomed out. Bumping to text-sm (14px) and increasing padding from px-1.5 py-0.5 to px-2 py-1 gives senior users a readable affordance without crowding the thumbnail:

   class="absolute top-1 right-1 rounded-full bg-primary/90 px-2 py-1 text-sm leading-none font-bold text-surface"
   

5. Summary uses italic serif with line-clamp-2. Merriweather italic at text-sm (14px) renders a bit thin at low DPI — legible but not strong. Consider text-[15px] or dropping italic in favor of a leading “ on the left margin. Taste call, not a blocker.

6. data-aspect attribute is in English CAPS (data-aspect="PORTRAIT"). That's fine for a testing hook but the attribute leaks the backend enum into markup. Minor — purely cosmetic, happy to live with it if data-testid elsewhere follows the same convention.

What I loved

• The 120-pixel row height is the right commitment — makes the list feel like a photo album rather than an audit log.
• Quote-style summary (with the “/” entities) reads like correspondence, not metadata. Strong editorial choice.
• motion-safe:animate-pulse on the skeleton — respects prefers-reduced-motion correctly.

Fix 1, 2, and file 3. Resubmit and I approve.

— Leonie (@leonievoss)

## 🎨 Leonie Voss — UX Designer & Accessibility Strategist **Verdict: 🚫 Changes requested** The structural intent is right — thumbnails as the primary visual anchor, quote-styled summary, direction encoded on the left border, page badge for multi-page letters. Tailwind tokens (`text-ink`, `bg-muted`, `border-line`, `text-primary`, `text-accent`) are used correctly. Focus ring (`focus-visible:outline-2 focus-visible:outline-offset-[-2px] focus-visible:outline-primary`) is properly gated with `focus-visible` so mouse users don't see it on click. Touch target at 120px min-height is well above the 44px WCAG 2.2 floor. But there are three issues I need addressed before this lands in front of users. ### Blockers 1. **Direction is encoded by color alone — WCAG 1.4.1 failure** The previous layout had `<img>` arrow icons (`Long-Arrow-Right-MD.svg` / `Long-Arrow-Left-MD.svg`) inside each row indicating send-vs-receive. This PR removes them and leaves only `border-l-primary` vs `border-l-accent`. A color-blind user (deuteranopia: 8% of men) cannot distinguish brand-navy from brand-mint reliably at a 3px border width. The aria-label only says `"{title}, {date}"` — no directional indicator for screen readers either. **Fix — either restore the arrow inside `ConversationThumbnail` top-left corner** (keeps the tile visual, doesn't bloat the row), **or add a visually-hidden direction text to `ThumbnailRow` aria-label**: ```svelte <!-- ThumbnailRow.svelte:53-55 --> const directionLabel = $derived(isOut ? 'gesendet' : 'empfangen'); const ariaLabel = $derived( `${directionLabel}: ${title}${doc.documentDate ? `, ${formatDate(doc.documentDate)}` : ''}` ); ``` Keep the colored border (it's a great redundant cue), but don't rely on it alone. 2. **`DistributionBar.svelte:20` hardcodes German for EN/ES users** ```svelte aria-label="Briefverteilung in diesem Zeitraum: {outCount} von {senderName}, {inCount} von {receiverName}" ``` And the visible text (`{outCount} von {shortSenderName}`) has "von" baked in. The project uses Paraglide and supports `de` / `en` / `es`. An English-speaking user gets German prose in their screen reader and visible UI. **Fix**: add Paraglide keys, e.g. ```json "dist_bar_from": "{count} from {name}", "dist_bar_aria": "Letter distribution in this period: {out} from {sender}, {in} from {receiver}" ``` and consume them via `m.dist_bar_from({ count: outCount, name: shortSenderName })`. 3. **`ConversationThumbnail.svelte:23` hardcodes `bg-white`** ```svelte class="relative {tileClass} flex-shrink-0 overflow-hidden rounded-sm border border-line bg-white" ``` In dark mode the tile becomes a bright-white rectangle with a dark paper scan on it, held together only by `dark:mix-blend-multiply`. The mix-blend works for light-colored scans but produces muddy results on high-contrast handwriting. The existing `DocumentThumbnail.svelte` has the identical pattern, so this is the team's convention — but the right fix is `bg-surface` (dark-mode-aware) with the blend mode reserved for cases where the scan's own background clashes. This is actually a pre-existing smell inherited from `DocumentThumbnail`, so if you'd rather address it in a dedicated follow-up PR (affecting both components) I'll accept that. But please file the issue before merge. ### Concerns 4. **Page badge text size is text-xs (12px) on a 168×120 tile**. Meets the 12px floor but marginal for seniors on a 320px phone where the tile may be zoomed out. Bumping to `text-sm` (14px) and increasing padding from `px-1.5 py-0.5` to `px-2 py-1` gives senior users a readable affordance without crowding the thumbnail: ```svelte class="absolute top-1 right-1 rounded-full bg-primary/90 px-2 py-1 text-sm leading-none font-bold text-surface" ``` 5. **Summary uses italic serif with `line-clamp-2`**. Merriweather italic at `text-sm` (14px) renders a bit thin at low DPI — legible but not strong. Consider `text-[15px]` or dropping italic in favor of a leading `&ldquo;` on the left margin. Taste call, not a blocker. 6. **`data-aspect` attribute is in English CAPS** (`data-aspect="PORTRAIT"`). That's fine for a testing hook but the attribute leaks the backend enum into markup. Minor — purely cosmetic, happy to live with it if `data-testid` elsewhere follows the same convention. ### What I loved - The 120-pixel row height is the right commitment — makes the list feel like a photo album rather than an audit log. - Quote-style summary (with the `&ldquo;`/`&rdquo;` entities) reads like correspondence, not metadata. Strong editorial choice. - `motion-safe:animate-pulse` on the skeleton — respects `prefers-reduced-motion` correctly. Fix 1, 2, and file 3. Resubmit and I approve. — Leonie (@leonievoss)

marcel referenced this pull request 2026-04-23 20:31:36 +02:00

refactor(ui): use bg-surface token instead of bg-white on thumbnail tiles #312

marcel added 10 commits 2026-04-23 20:47:21 +02:00

feat(briefwechsel): ThumbnailRow aria-label leads with Gesendet/Empfangen ... 2d7fac6bb3

Without this prefix, a color-blind user or screen-reader user has no
indication of correspondence direction — the colored left border is
information but not announced, and the arrow glyphs were removed in
the earlier layout pass. Prepending "Gesendet:" or "Empfangen:" to
the aria-label gives assistive-tech users the direction first so the
row identity is unambiguous even without color perception.

Refs #305
Fixes @leonievoss WCAG 1.4.1 concern from PR review

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

i18n(briefwechsel): DistributionBar reads text + aria-label via Paraglide ... 858c9f0564

Drops the hardcoded German strings ("Briefverteilung in diesem Zeitraum",
"{n} von {name}") and routes every visible + assistive-tech string
through dist_bar_aria and dist_bar_segment message keys. An English
or Spanish user now sees "from" / "de" instead of "von" both on
screen and in the aria-label their screen reader announces.

Refs #305
Fixes @leonievoss i18n concern from PR review

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

feat(briefwechsel): ConversationThumbnail page badge legible at small sizes ... 0a3e5d6260

Bumps the multi-page badge from text-xs (12px) / px-1.5 py-0.5 to
text-sm (14px) / px-2 py-1. Meets senior-legibility on a 320px phone
without crowding the 120-wide tile — the badge stays tucked in the
top-right corner.

Refs #305
Fixes @leonievoss senior-accessibility concern from PR review

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

test(briefwechsel): makePerson factory + per-row tile assertion ... 3b83141ddf

Consolidates the hansPerson / annaPerson fixture into a makePerson()
factory matching the makeDoc convention, adds an assertion that
the bilateral list renders one ConversationThumbnail tile per
document (catches a broken {#each} keying wired around the
DistributionBar), and decouples the DistributionBar aria-label
assertion from the German locale now that i18n lands via Paraglide.

Refs #305
Fixes @saraholt concerns 3 + 4 from PR review

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

test(briefwechsel): lock future-date relative-year hiding at the row layer ... 54ef1643a4

relativeYearsDe already returns "" for future dates (covered in its
own spec), but the integration wiring inside ThumbnailRow was
untested. Adds a regression that a doc with documentDate in the
future produces no "vor N Jahren" or "vor weniger als 1 Jahr" chip.

Refs #305
Fixes @saraholt concern 5 from PR review

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

refactor(briefwechsel): ThumbnailRow captures now at prop binding ... 514f0174e3

Defaults `now` in $props() destructure so each row instance freezes
its reference time at mount, instead of calling new Date() inside
the $derived every reactivity tick. No behavioural change — the
date math is stable across re-renders for a given row — but drops
the nullish-coalesce dance and is cleaner under Storybook-style
testing where a deterministic `now` is injected.

Refs #305
Fixes @felixbrandt suggestion 3 from PR review

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

refactor(thumbnails): pack key + aspect + pageCount into ThumbnailResult ... 78caac8d1a

persistThumbnailMetadata was a four-arg method signature that mixed
three conceptually related values. Wrapping them in a private
ThumbnailResult record drops the signature to (Document, result),
mirrors the existing SourcePreview record one step earlier in the
pipeline, and keeps generate() reading as a narrative of small
named outputs rather than positional arguments.

Refs #305
Fixes @felixbrandt suggestion 2 from PR review

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

refactor(briefwechsel): extract TagChipList from ThumbnailRow ... 3b3b551d84

Lifts the three-chip-plus-"+N" tag row out of ThumbnailRow into a
standalone TagChipList component so the chip cap + overflow policy
lives in one place and can be reused on other surfaces (document
detail header is a candidate). ThumbnailRow drops from 110 to ~90
lines and no longer owns tag-slicing logic — it just asks for the
list with max=3.

Behavior is byte-identical: same data-testid, same max cap, same
"+N" overflow indicator. All ThumbnailRow row-level tag tests
continue to pass against the new composition.

Refs #305
Fixes @felixbrandt suggestion 1 from PR review

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

test(briefwechsel): a11y spec seeds bilateral pair and axes the row layout ... d1a69e0b43

The previous version navigated to /briefwechsel with no params, which
renders the hero state — axe-core scanned the hero, not the new
ThumbnailRow / ConversationThumbnail / DistributionBar. This commit
seeds two persons + one document via the API in beforeAll, then
drives the URL with ?senderId=X&receiverId=Y so each of the
36 test runs (3 viewports × 2 themes × 2 assertions) actually scans
the intended DOM. Also asserts that conv-person-bar is visible first,
so a regression that drops the page back to hero fails explicitly
rather than silently passing an empty sweep.

Refs #305
Fixes @saraholt blocker 1 from PR review

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

test(briefwechsel): visual spec seeds bilateral pair and asserts row structure ... a92644d69b

Extends the seeding pattern from the a11y spec: beforeAll creates two
persons + one document so the page renders the row layout. The
structural test now asserts the ConversationThumbnail tile AND the
DistributionBar are present — a regression that drops to the hero
or breaks the row wiring fails here instead of silently passing a
hero-state check.

Snapshot block stays gated on VISUAL=1 (baselines captured during
review against a seeded backend) so the structural coverage ships
immediately and the pixel-diff coverage ships once baselines land.

Refs #305
Fixes @saraholt blocker 2 from PR review

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

marcel commented 2026-04-23 20:48:05 +02:00

Author

Owner

Copy Link

🔧 Review fixes — round 1

Pushed 10 commits addressing every blocker + concern from the first review cycle.

@leonievoss blockers

• ✅ WCAG 1.4.1 — direction via color alone (2d7fac6b) — ThumbnailRow aria-label now leads with Gesendet: / Empfangen: so screen-reader users hear direction before the title. Colored border stays as a redundant cue.
• ✅ i18n — hardcoded German in DistributionBar (858c9f05) — both the visible segment text and aria-label route through new dist_bar_segment + dist_bar_aria Paraglide keys in de / en / es.
• ✅ bg-white dark-mode — filed as #312 (ui, refactor labels) since it pre-existed this PR and affects DocumentThumbnail too; scope kept focused on #305.

@leonievoss concern

• ✅ Badge legibility (0a3e5d62) — bumped text-xs → text-sm with px-2 py-1 for senior users on small phones.

@saraholt blockers

• ✅ a11y spec seeds the row layout (d1a69e0b) — beforeAll creates sender + receiver + one document via /api/persons + /api/documents; each axe run now drives ?senderId=X&receiverId=Y and asserts the conv-person-bar is visible so a hero-state regression fails loudly.
• ✅ Visual spec covers row structure (a92644d6) — same seeding pattern, structural test asserts conv-thumb-tile + DistributionBar render. Snapshot block stays gated on VISUAL=1 for the baseline-capture step.

@saraholt concerns

• ✅ Per-row tile assertion (3b83141d) — page.svelte.spec.ts now asserts conv-thumb-tile count matches the document count.
• ✅ makePerson factory (3b83141d, same commit) — replaces module-scope hansPerson / annaPerson with a single factory matching the makeDoc convention.
• ✅ Future-date label hiding (54ef1643) — regression test for documentDate in the future → no vor N Jahren label.

@felixbrandt suggestions

• ✅ TagChipList extracted (3b3b551d) — ThumbnailRow drops from 110 to ~90 lines; new component has its own 3-case spec.
• ✅ ThumbnailResult record (78caac8d) — ThumbnailService.persistThumbnailMetadata(Document, ThumbnailResult) replaces the 4-arg signature, mirroring the existing SourcePreview record.
• ✅ now default at prop binding (514f0174) — ThumbnailRow now uses now = new Date() in $props() destructure instead of inside $derived.

Test status

• Backend: ./mvnw test -Dtest=ThumbnailServiceTest → 16/16 green.
• Frontend unit: 420/421 green (the one failure is a pre-existing ChronikErrorCard case unrelated to this PR, verified by running the same test against the untouched baseline).
• New tests added this round: ThumbnailRow direction (+2), future-date (+1), DistributionBar i18n (rewritten to use Paraglide assertions), badge size (+1), makePerson + per-row tile (+1), TagChipList (+3).

Deferred (not blockers, by author consensus)

• Leonie concerns 5 (summary italic taste call) and 6 (data-aspect caps — "happy to live with").
• Markus future @Embeddable ThumbnailMeta, Nora summary-length CHECK, Tobias baseline-capture follow-up — all post-merge items.

Ready for re-review.

## 🔧 Review fixes — round 1 Pushed 10 commits addressing every blocker + concern from the first review cycle. ### @leonievoss blockers - ✅ **WCAG 1.4.1 — direction via color alone** (2d7fac6b) — `ThumbnailRow` aria-label now leads with `Gesendet:` / `Empfangen:` so screen-reader users hear direction before the title. Colored border stays as a redundant cue. - ✅ **i18n — hardcoded German in DistributionBar** (858c9f05) — both the visible segment text and aria-label route through new `dist_bar_segment` + `dist_bar_aria` Paraglide keys in de / en / es. - ✅ **`bg-white` dark-mode** — filed as #312 (ui, refactor labels) since it pre-existed this PR and affects `DocumentThumbnail` too; scope kept focused on #305. ### @leonievoss concern - ✅ **Badge legibility** (0a3e5d62) — bumped `text-xs` → `text-sm` with `px-2 py-1` for senior users on small phones. ### @saraholt blockers - ✅ **a11y spec seeds the row layout** (d1a69e0b) — `beforeAll` creates sender + receiver + one document via `/api/persons` + `/api/documents`; each axe run now drives `?senderId=X&receiverId=Y` and asserts the `conv-person-bar` is visible so a hero-state regression fails loudly. - ✅ **Visual spec covers row structure** (a92644d6) — same seeding pattern, structural test asserts `conv-thumb-tile` + `DistributionBar` render. Snapshot block stays gated on `VISUAL=1` for the baseline-capture step. ### @saraholt concerns - ✅ **Per-row tile assertion** (3b83141d) — `page.svelte.spec.ts` now asserts `conv-thumb-tile` count matches the document count. - ✅ **`makePerson` factory** (3b83141d, same commit) — replaces module-scope `hansPerson` / `annaPerson` with a single factory matching the `makeDoc` convention. - ✅ **Future-date label hiding** (54ef1643) — regression test for `documentDate` in the future → no `vor N Jahren` label. ### @felixbrandt suggestions - ✅ **TagChipList extracted** (3b3b551d) — `ThumbnailRow` drops from 110 to ~90 lines; new component has its own 3-case spec. - ✅ **ThumbnailResult record** (78caac8d) — `ThumbnailService.persistThumbnailMetadata(Document, ThumbnailResult)` replaces the 4-arg signature, mirroring the existing `SourcePreview` record. - ✅ **`now` default at prop binding** (514f0174) — `ThumbnailRow` now uses `now = new Date()` in `$props()` destructure instead of inside `$derived`. ### Test status - Backend: `./mvnw test -Dtest=ThumbnailServiceTest` → 16/16 green. - Frontend unit: 420/421 green (the one failure is a pre-existing `ChronikErrorCard` case unrelated to this PR, verified by running the same test against the untouched baseline). - New tests added this round: ThumbnailRow direction (+2), future-date (+1), DistributionBar i18n (rewritten to use Paraglide assertions), badge size (+1), `makePerson` + per-row tile (+1), TagChipList (+3). ### Deferred (not blockers, by author consensus) - Leonie concerns 5 (summary italic taste call) and 6 (data-aspect caps — "happy to live with"). - Markus future `@Embeddable ThumbnailMeta`, Nora summary-length CHECK, Tobias baseline-capture follow-up — all post-merge items. Ready for re-review.

marcel commented 2026-04-23 20:49:09 +02:00

Author

Owner

Copy Link

👨‍💻 Felix Brandt — Senior Fullstack Developer

Verdict: ✅ Approved

Round-2 check — every suggestion I raised in round 1 is resolved, each with its own atomic commit and a matching test pass or refactor-under-green.

What I verified

1. TagChipList extraction (3b3b551d) — pulled cleanly into $lib/components/TagChipList.svelte. 22-line component, 3 spec cases (under-cap / at-cap / empty), same data-testid="thumb-row-tag" so the existing ThumbnailRow tag-cap assertion keeps working without change. ThumbnailRow dropped the displayedTags / hiddenTagCount derivations — clean delete.

2. ThumbnailResult record (78caac8d) — persistThumbnailMetadata(Document, ThumbnailResult) is two args, mirrors the SourcePreview pattern one step up the pipeline, and the orphan-thumbnail log message correctly reads result.key(). The private record lives next to SourcePreview with a clarifying comment about what it carries.

3. now captured at prop binding (514f0174) — default in $props() destructure, the $derived for relativeYearLabel no longer has a ?? new Date() fallback. Stable across reactivity ticks now.

Also noticed (not blocking, props)

• The round-2 commit messages all include a bullet list explaining WHY — matches the project's existing commit style. Fixes @leonievoss concern X pointer is a nice audit trail.
• 420/421 frontend unit pass with the one pre-existing ChronikErrorCard failure verified against baseline.

Clean pass. No new concerns.

— Felix (@felixbrandt)

## 👨‍💻 Felix Brandt — Senior Fullstack Developer **Verdict: ✅ Approved** Round-2 check — every suggestion I raised in round 1 is resolved, each with its own atomic commit and a matching test pass or refactor-under-green. ### What I verified 1. **TagChipList extraction** (3b3b551d) — pulled cleanly into `$lib/components/TagChipList.svelte`. 22-line component, 3 spec cases (under-cap / at-cap / empty), same `data-testid="thumb-row-tag"` so the existing ThumbnailRow tag-cap assertion keeps working without change. `ThumbnailRow` dropped the `displayedTags` / `hiddenTagCount` derivations — clean delete. 2. **ThumbnailResult record** (78caac8d) — `persistThumbnailMetadata(Document, ThumbnailResult)` is two args, mirrors the `SourcePreview` pattern one step up the pipeline, and the orphan-thumbnail log message correctly reads `result.key()`. The private record lives next to `SourcePreview` with a clarifying comment about what it carries. 3. **`now` captured at prop binding** (514f0174) — default in `$props()` destructure, the `$derived` for `relativeYearLabel` no longer has a `?? new Date()` fallback. Stable across reactivity ticks now. ### Also noticed (not blocking, props) - The round-2 commit messages all include a bullet list explaining WHY — matches the project's existing commit style. `Fixes @leonievoss concern X` pointer is a nice audit trail. - 420/421 frontend unit pass with the one pre-existing `ChronikErrorCard` failure verified against baseline. Clean pass. No new concerns. — Felix (@felixbrandt)

marcel commented 2026-04-23 20:49:15 +02:00

Author

Owner

Copy Link

🏛️ Markus Keller — Application Architect

Verdict: ✅ Approved

No structural changes in round 2 — the fixes stay inside existing boundaries. ADR-005 remains the single source of truth for the thumbnail aspect/pageCount decision. Follow-up issue #312 for the bg-white dark-mode pattern was filed rather than widening this PR's scope — correct call.

Re-verified

• New TagChipList.svelte lands in $lib/components/ (shared) not in routes/briefwechsel/ — right side of the reusability line. Next consumer will likely be the document detail header.
• ThumbnailResult is a private nested record — correctly not promoted to a public domain type. That's right: this is internal plumbing for ThumbnailService.generate(), not something the rest of the app should see.
• No new transport, no new migration, no new module.

Merge when Leonie and Sara sign off.

— Markus (@mkeller)

## 🏛️ Markus Keller — Application Architect **Verdict: ✅ Approved** No structural changes in round 2 — the fixes stay inside existing boundaries. ADR-005 remains the single source of truth for the thumbnail aspect/pageCount decision. Follow-up issue #312 for the `bg-white` dark-mode pattern was filed rather than widening this PR's scope — correct call. ### Re-verified - New `TagChipList.svelte` lands in `$lib/components/` (shared) not in `routes/briefwechsel/` — right side of the reusability line. Next consumer will likely be the document detail header. - `ThumbnailResult` is a private nested record — correctly not promoted to a public domain type. That's right: this is internal plumbing for `ThumbnailService.generate()`, not something the rest of the app should see. - No new transport, no new migration, no new module. Merge when Leonie and Sara sign off. — Markus (@mkeller)

marcel commented 2026-04-23 20:49:27 +02:00

Author

Owner

Copy Link

🛡️ Nora "NullX" Steiner — Application Security Engineer

Verdict: ✅ Approved

Re-audited the delta. No security surface added, no existing control weakened.

What changed and what I re-checked

1. Paraglide message interpolation (858c9f05) — m.dist_bar_aria(...) and m.dist_bar_segment(...) receive senderName / receiverName / counts. Paraglide auto-escapes variables into its output via ICU message format; the Svelte aria-label={ariaLabel} binding auto-escapes the resulting string. No DOM or attribute injection vector. The three locale JSON files (de.json, en.json, es.json) have the same placeholder shape — no missing-substitution gap.

2. ThumbnailResult record (78caac8d) — purely internal refactor. The aspect + pageCount source values still come from BufferedImage.getWidth/getHeight and PDDocument.getNumberOfPages, never from the request. No change to the trust boundary.

3. E2E seeding via API (d1a69e0b, a92644d6) — request.post('/api/persons', ...) runs with the authenticated admin session from auth.setup.ts. This is test infrastructure, not production code, and it stays behind the existing admin storage state — no credentials leaked into the spec file.

4. TagChipList (3b3b551d) — tag names render as text expressions (Svelte auto-escapes). No {@html}. Existing XSS regression test on ThumbnailRow still passes against the new composition.

No new JPQL, no new endpoint, no new auth surface. All good.

— Nora (@NullX)

## 🛡️ Nora "NullX" Steiner — Application Security Engineer **Verdict: ✅ Approved** Re-audited the delta. No security surface added, no existing control weakened. ### What changed and what I re-checked 1. **Paraglide message interpolation** (858c9f05) — `m.dist_bar_aria(...)` and `m.dist_bar_segment(...)` receive `senderName` / `receiverName` / counts. Paraglide auto-escapes variables into its output via ICU message format; the Svelte `aria-label={ariaLabel}` binding auto-escapes the resulting string. No DOM or attribute injection vector. The three locale JSON files (`de.json`, `en.json`, `es.json`) have the same placeholder shape — no missing-substitution gap. 2. **ThumbnailResult record** (78caac8d) — purely internal refactor. The aspect + pageCount source values still come from `BufferedImage.getWidth/getHeight` and `PDDocument.getNumberOfPages`, never from the request. No change to the trust boundary. 3. **E2E seeding via API** (d1a69e0b, a92644d6) — `request.post('/api/persons', ...)` runs with the authenticated admin session from `auth.setup.ts`. This is test infrastructure, not production code, and it stays behind the existing admin storage state — no credentials leaked into the spec file. 4. **TagChipList** (3b3b551d) — tag names render as text expressions (Svelte auto-escapes). No `{@html}`. Existing XSS regression test on `ThumbnailRow` still passes against the new composition. No new JPQL, no new endpoint, no new auth surface. All good. — Nora (@NullX)

marcel commented 2026-04-23 20:49:47 +02:00

Author

Owner

Copy Link

🧪 Sara Holt — QA & Test Strategist

Verdict: ⚠️ Approved with concerns

Both blockers addressed, both concerns addressed. What's left is a handful of test-hygiene follow-ups — they're suggestions, not blockers, so this is a sign-off from me.

Blockers — resolved

1. briefwechsel-a11y.spec.ts seeds + targets the row layout (d1a69e0b) — beforeAll creates sender + receiver + doc via API, each test drives ?senderId=X&receiverId=Y, and expect(page.getByTestId('conv-person-bar')).toBeVisible() guards that we actually reached the row state before axe runs. That's the exact shape I wanted. ✅

2. briefwechsel-rows.visual.spec.ts gets the same seeding + a real structural assertion (a92644d6) — conv-thumb-tile visibility + non-empty aria-label on [role="img"] both checked. The snapshot block staying gated on VISUAL=1 is the right trade-off until baselines are captured against a seeded backend. ✅

Concerns — resolved

3. Per-row tile assertion in page.svelte.spec.ts (3b83141d) — expect(tiles).toHaveLength(3) against a 3-doc fixture. ✅
4. makePerson factory (3b83141d) — matches the makeDoc convention. ✅
5. Future-date label hiding at the row layer (54ef1643) — regression test locked. ✅

New round-2 follow-ups (non-blocking)

These are things I noticed while re-reviewing — don't hold the merge on these, but file or address as a follow-up:

1. Test isolation in the E2E seeding — beforeAll leaves the seeded persons + document in the DB after the suite completes. The test runner is sequential and scopes are unique via Date.now(), so this isn't a conflict risk today. But the test DB will accrue A11y Sender-<ts> / Visual Sender-<ts> rows forever. A per-spec afterAll that DELETEs the seeded IDs would be tidier. Alternative: a single shared fixture module with a cleanup helper.

2. Both specs duplicate the seeding logic (a11y + visual). Each beforeAll does the same 3 API calls with slightly different names. Extract to e2e/fixtures/bilateral-correspondence.ts exporting a seedBilateralPair() helper. Nothing is broken; it's drift prevention.

3. conv-person-bar visibility gate — good safety net, but it's only present in the a11y spec. Adding it to the visual spec's openBilateral() helper would make both specs fail identically on a hero-state regression.

4. Snapshot baselines still need capturing. This is the Tobias follow-up. Once baselines are committed, flip the default of the VISUAL env flag to true so CI runs the sweep without an opt-in. That's a one-line change when the baselines land.

What I loved

• The Date.now() suffix on the seeded names — deterministic enough for a single run, unique across runs, no schema change needed. Nice touch.

All blockers clear. Happy to see this merge.

— Sara (@saraholt)

## 🧪 Sara Holt — QA & Test Strategist **Verdict: ⚠️ Approved with concerns** Both blockers addressed, both concerns addressed. What's left is a handful of test-hygiene follow-ups — they're suggestions, not blockers, so this is a sign-off from me. ### Blockers — resolved 1. **`briefwechsel-a11y.spec.ts` seeds + targets the row layout** (d1a69e0b) — `beforeAll` creates sender + receiver + doc via API, each test drives `?senderId=X&receiverId=Y`, and `expect(page.getByTestId('conv-person-bar')).toBeVisible()` guards that we actually reached the row state before axe runs. That's the exact shape I wanted. ✅ 2. **`briefwechsel-rows.visual.spec.ts` gets the same seeding + a real structural assertion** (a92644d6) — `conv-thumb-tile` visibility + non-empty `aria-label` on `[role="img"]` both checked. The snapshot block staying gated on `VISUAL=1` is the right trade-off until baselines are captured against a seeded backend. ✅ ### Concerns — resolved 3. **Per-row tile assertion in page.svelte.spec.ts** (3b83141d) — `expect(tiles).toHaveLength(3)` against a 3-doc fixture. ✅ 4. **`makePerson` factory** (3b83141d) — matches the `makeDoc` convention. ✅ 5. **Future-date label hiding at the row layer** (54ef1643) — regression test locked. ✅ ### New round-2 follow-ups (non-blocking) These are things I noticed while re-reviewing — **don't hold the merge on these**, but file or address as a follow-up: 1. **Test isolation in the E2E seeding** — `beforeAll` leaves the seeded persons + document in the DB after the suite completes. The test runner is sequential and scopes are unique via `Date.now()`, so this isn't a conflict risk today. But the test DB will accrue `A11y Sender-<ts>` / `Visual Sender-<ts>` rows forever. A per-spec `afterAll` that `DELETE`s the seeded IDs would be tidier. Alternative: a single shared fixture module with a cleanup helper. 2. **Both specs duplicate the seeding logic** (a11y + visual). Each `beforeAll` does the same 3 API calls with slightly different names. Extract to `e2e/fixtures/bilateral-correspondence.ts` exporting a `seedBilateralPair()` helper. Nothing is broken; it's drift prevention. 3. **`conv-person-bar` visibility gate** — good safety net, but it's only present in the a11y spec. Adding it to the visual spec's `openBilateral()` helper would make both specs fail identically on a hero-state regression. 4. **Snapshot baselines still need capturing.** This is the Tobias follow-up. Once baselines are committed, flip the default of the `VISUAL` env flag to `true` so CI runs the sweep without an opt-in. That's a one-line change when the baselines land. ### What I loved - The `Date.now()` suffix on the seeded names — deterministic enough for a single run, unique across runs, no schema change needed. Nice touch. All blockers clear. Happy to see this merge. — Sara (@saraholt)

marcel commented 2026-04-23 20:49:58 +02:00

Author

Owner

Copy Link

🔧 Tobias Wendt — DevOps & Platform Engineer

Verdict: ✅ Approved

Round 2 stays infrastructure-quiet: no Compose, no CI workflow, no env var change. The two E2E specs now hit the real backend via /api/persons + /api/documents — same auth pattern as notification-deep-link.spec.ts, same admin storage state. CI already has the backend + MinIO running for E2E, so no pipeline work to do on my side.

What I checked

• No new GitHub / Gitea Actions dependencies — @axe-core/playwright and @playwright/test already in package.json.
• Seeded fixtures use timestamp-suffixed names — safe for parallel-run workers, even though the suite currently runs workers: 1.
• Paraglide output is gitignored — the committed message deltas land in frontend/messages/{de,en,es}.json and the generated src/lib/paraglide/ is regenerated per-build. No generated code committed. ✅
• Issue #312 filed for the bg-white follow-up with ui + refactor labels — correct pattern for non-blocking tech debt.

Single follow-up (not blocking merge)

• The CI pipeline eventually needs a visual-baseline capture step (likely a manual one-time artifact upload, then committed). I'd file that as a Gitea issue right after merge so it doesn't slip — the visual spec is dead code in CI until baselines exist. Sara raised the same point; we're aligned.

Ship it.

— Tobias (@tobiwendt)

## 🔧 Tobias Wendt — DevOps & Platform Engineer **Verdict: ✅ Approved** Round 2 stays infrastructure-quiet: no Compose, no CI workflow, no env var change. The two E2E specs now hit the real backend via `/api/persons` + `/api/documents` — same auth pattern as `notification-deep-link.spec.ts`, same admin storage state. CI already has the backend + MinIO running for E2E, so no pipeline work to do on my side. ### What I checked - **No new GitHub / Gitea Actions dependencies** — `@axe-core/playwright` and `@playwright/test` already in package.json. - **Seeded fixtures use timestamp-suffixed names** — safe for parallel-run workers, even though the suite currently runs `workers: 1`. - **Paraglide output is gitignored** — the committed message deltas land in `frontend/messages/{de,en,es}.json` and the generated `src/lib/paraglide/` is regenerated per-build. No generated code committed. ✅ - **Issue #312 filed for the `bg-white` follow-up** with `ui` + `refactor` labels — correct pattern for non-blocking tech debt. ### Single follow-up (not blocking merge) - The CI pipeline eventually needs a **visual-baseline capture step** (likely a manual one-time artifact upload, then committed). I'd file that as a Gitea issue right after merge so it doesn't slip — the visual spec is dead code in CI until baselines exist. Sara raised the same point; we're aligned. Ship it. — Tobias (@tobiwendt)

marcel commented 2026-04-23 20:50:21 +02:00

Author

Owner

Copy Link

🎨 Leonie Voss — UX Designer & Accessibility Strategist

Verdict: ✅ Approved

All three of my round-1 blockers are resolved in a way I'm comfortable shipping.

Blockers — resolved

1. WCAG 1.4.1 direction indicator (2d7fac6b) — ThumbnailRow.svelte line 53:

   const directionLabel = $derived(isOut ? 'Gesendet' : 'Empfangen');
   const ariaLabel = $derived(
       `${directionLabel}: ${title}${doc.documentDate ? `, ${formatDate(doc.documentDate)}` : ''}`
   );
   

   Screen-reader users hear "Gesendet: Liebe Anna, 1. Juni 1950" — direction first, then title, then date. The colored border stays as a visual redundant cue. Clean. ✅

   Minor follow-up for later (not a blocker): "Gesendet" / "Empfangen" are German-only. When we i18n the aria-label text itself, route them through Paraglide like the DistributionBar segments. I'd file it as a small cleanup ticket, but given 95% of users are on German I'm happy to merge today.

2. DistributionBar i18n (858c9f05) — three new keys (dist_bar_segment, dist_bar_aria) in de.json / en.json / es.json. The Spanish translation "de" works correctly for both "from X" ("de Juan") and numerical "3 de Hans" contexts since Spanish doesn't have the German article tangle. English "3 from Hans, 7 from Anna" reads naturally. The ICU placeholder {count} + {name} pattern matches how comment_time_minutes was structured — consistent with the project's existing i18n style. ✅

3. bg-white dark-mode — filed as #312 with ui + refactor labels and a clear acceptance-criteria checklist. That's the right scope split — touching DocumentThumbnail.svelte in this PR would have widened the diff unnecessarily. ✅

Concern — resolved

4. Page badge legibility (0a3e5d62) — text-sm + px-2 py-1. Verified against the tile dimensions: 14px font fits comfortably in the 120×168 portrait tile with breathing room, and the new leading-none (already there) keeps the vertical rhythm tight. Senior users on a 320px phone zoom will see this clearly. ✅

Round-2 tiny things (not blockers — purely preference)

• The new page-count badge (px-2 py-1 text-sm) on a bg-primary/90 pill is a strong visual anchor. On a very busy scan (handwriting with dark ink), the badge could optionally add a subtle white ring (ring-1 ring-surface/50) to float above any ink underneath it. I'll leave that to a visual review of real thumbnails.

• TagChipList.svelte reuses the exact styling from the inline version — no regression. If it ever gets used on a different surface (document detail header, Chronik feed), consider making max default to 3 so the prop can be omitted for the common case.

What I loved

• The Paraglide keys went straight to all three locale files. No "we'll translate later" TODO. That's the discipline I want to see.
• The aria-label now leads with the most distinguishing fact (direction) — a screen-reader user scanning through 30 rows with arrow-key navigation hears "Gesendet" / "Empfangen" alternating and immediately grasps the rhythm of the correspondence.
• Issue #312 has acceptance criteria, not just "fix bg-white". That turns a hand-wave into a shippable follow-up.

Approved. Merge when Sara's test concerns are either addressed or queued.

— Leonie (@leonievoss)

## 🎨 Leonie Voss — UX Designer & Accessibility Strategist **Verdict: ✅ Approved** All three of my round-1 blockers are resolved in a way I'm comfortable shipping. ### Blockers — resolved 1. **WCAG 1.4.1 direction indicator** (2d7fac6b) — `ThumbnailRow.svelte` line 53: ```svelte const directionLabel = $derived(isOut ? 'Gesendet' : 'Empfangen'); const ariaLabel = $derived( `${directionLabel}: ${title}${doc.documentDate ? `, ${formatDate(doc.documentDate)}` : ''}` ); ``` Screen-reader users hear "Gesendet: Liebe Anna, 1. Juni 1950" — direction first, then title, then date. The colored border stays as a visual redundant cue. Clean. ✅ _Minor follow-up for later (not a blocker)_: "Gesendet" / "Empfangen" are German-only. When we i18n the aria-label text itself, route them through Paraglide like the DistributionBar segments. I'd file it as a small cleanup ticket, but given 95% of users are on German I'm happy to merge today. 2. **DistributionBar i18n** (858c9f05) — three new keys (`dist_bar_segment`, `dist_bar_aria`) in `de.json` / `en.json` / `es.json`. The Spanish translation "de" works correctly for both "from X" ("de Juan") and numerical "3 de Hans" contexts since Spanish doesn't have the German article tangle. English "3 from Hans, 7 from Anna" reads naturally. The ICU placeholder `{count}` + `{name}` pattern matches how `comment_time_minutes` was structured — consistent with the project's existing i18n style. ✅ 3. **`bg-white` dark-mode** — filed as #312 with `ui` + `refactor` labels and a clear acceptance-criteria checklist. That's the right scope split — touching `DocumentThumbnail.svelte` in this PR would have widened the diff unnecessarily. ✅ ### Concern — resolved 4. **Page badge legibility** (0a3e5d62) — `text-sm` + `px-2 py-1`. Verified against the tile dimensions: 14px font fits comfortably in the 120×168 portrait tile with breathing room, and the new `leading-none` (already there) keeps the vertical rhythm tight. Senior users on a 320px phone zoom will see this clearly. ✅ ### Round-2 tiny things (not blockers — purely preference) - The new **page-count badge** (`px-2 py-1 text-sm`) on a `bg-primary/90` pill is a strong visual anchor. On a very busy scan (handwriting with dark ink), the badge could optionally add a subtle white ring (`ring-1 ring-surface/50`) to float above any ink underneath it. I'll leave that to a visual review of real thumbnails. - **`TagChipList.svelte`** reuses the exact styling from the inline version — no regression. If it ever gets used on a different surface (document detail header, Chronik feed), consider making `max` default to `3` so the prop can be omitted for the common case. ### What I loved - The Paraglide keys went straight to all three locale files. No "we'll translate later" TODO. That's the discipline I want to see. - The aria-label now leads with the most distinguishing fact (direction) — a screen-reader user scanning through 30 rows with arrow-key navigation hears "Gesendet" / "Empfangen" alternating and immediately grasps the rhythm of the correspondence. - Issue #312 has acceptance criteria, not just "fix bg-white". That turns a hand-wave into a shippable follow-up. Approved. Merge when Sara's test concerns are either addressed or queued. — Leonie (@leonievoss)

marcel referenced this pull request 2026-04-23 21:10:02 +02:00

test(briefwechsel): capture visual-regression baselines for the row layout #313

marcel added 4 commits 2026-04-23 21:10:21 +02:00

refactor(e2e): extract seedBilateralPair fixture + afterAll cleanup ... 00fa767419

Lifts the three-API-call seeding (create sender, create receiver,
create document) out of briefwechsel-a11y.spec.ts and into a
dedicated fixtures module. The spec now calls seedBilateralPair()
in beforeAll and cleanupBilateralPair() in afterAll so the test
DB doesn't accrue seeded rows across reruns.

Two caveats captured in the helper docstring: the backend has no
person-delete endpoint (only the document is purged), and the
timestamped last names make leftover persons collision-free.

Refs #305
Fixes @saraholt follow-up 1 + 2 from PR round-2 review

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

refactor(e2e): visual spec shares seedBilateralPair + asserts person-bar ... b7083d426c

Rewires briefwechsel-rows.visual.spec.ts against the shared fixture
(seedBilateralPair + cleanupBilateralPair), adds afterAll cleanup,
and folds the conv-person-bar visibility gate into openBilateral()
so both the structural test and the snapshot block fail loudly on
a hero-state regression — matching the a11y spec's safety net.

Refs #305
Fixes @saraholt follow-ups 1 + 2 + 3 from PR round-2 review

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

i18n(briefwechsel): ThumbnailRow direction label via Paraglide ... 0da34d0669

Adds row_direction_sent / row_direction_received keys across the
three locale files (de: Gesendet/Empfangen, en: Sent/Received, es:
Enviada/Recibida) and routes ThumbnailRow's directionLabel through
Paraglide. An English or Spanish screen-reader user now hears
"Sent:" / "Enviada:" in their language, matching the DistributionBar
i18n pass.

Refs #305
Fixes @leonievoss round-2 follow-up from PR review

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

refactor(briefwechsel): TagChipList defaults max to 3 ... fba685e7a4

Makes `max` an optional prop with default 3 — the common row-layout
case doesn't need to name the cap explicitly. ThumbnailRow's callsite
drops to `<TagChipList tags={doc.tags ?? []} />`, consistent with how
other shared components in $lib/components expose sensible defaults.

Refs #305
Fixes @leonievoss round-2 follow-up from PR review

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

marcel commented 2026-04-23 21:10:45 +02:00

Author

Owner

Copy Link

🔧 Review fixes — round 2

Pushed 4 commits addressing every non-blocking follow-up from the round-2 reviews.

@saraholt follow-ups

• ✅ Shared seedBilateralPair fixture (00fa7674) — extracted into e2e/fixtures/bilateral-correspondence.ts with matching cleanupBilateralPair. Both specs now call one function instead of duplicating three API calls.
• ✅ afterAll cleanup (00fa7674, b7083d42) — both specs purge the seeded document on teardown. Persons remain (backend has no person-delete endpoint) but the Date.now() suffix guarantees no collisions between runs.
• ✅ conv-person-bar gate in visual spec (b7083d42) — folded into openBilateral() so every test path (structural + snapshot block) fails loudly on a hero-state regression, matching the a11y spec's safety net.

@leonievoss follow-ups

• ✅ Direction label via Paraglide (0da34d06) — row_direction_sent / row_direction_received keys in de (Gesendet/Empfangen), en (Sent/Received), es (Enviada/Recibida). Screen-reader users on EN/ES now hear their language.
• ✅ TagChipList max defaults to 3 (fba685e7) — common case drops to <TagChipList tags={doc.tags ?? []} />; ThumbnailRow simplified accordingly.

@tobiwendt follow-up

• ✅ Visual-baseline capture tracking ticket — filed as #313 with test + devops labels. Step-by-step reproduction included, one-line flip documented so the followup PR is a low-friction change.

Deferred (for a reason)

• Sara follow-up 4 (flip VISUAL default) — depends on #313 landing first; flagged explicitly in that issue.
• Leonie round-2 nit 7 (white ring on busy-scan page badge) — Leonie's exact words: "I'll leave that to a visual review of real thumbnails." Visual call awaiting real scans in the baseline set (#313).

Test status

• Frontend unit: all round-2 edits keep the earlier suite green. ThumbnailRow + TagChipList + DistributionBar green (16 + 4 + 3 = 23 component-level assertions for the briefwechsel surfaces). The pre-existing ChronikErrorCard failure is still the only non-green test, confirmed unrelated.

Commits this round

Commit	Scope	Addresses
00fa7674	refactor(e2e)	@saraholt follow-ups 1 + 2 (a11y spec side)
b7083d42	refactor(e2e)	@saraholt follow-ups 1 + 2 + 3 (visual spec side)
0da34d06	i18n(briefwechsel)	@leonievoss follow-up 6
fba685e7	refactor(briefwechsel)	@leonievoss follow-up 8
—	Gitea issue #313	@tobiwendt follow-up

Ready for re-review / merge.

## 🔧 Review fixes — round 2 Pushed 4 commits addressing every non-blocking follow-up from the round-2 reviews. ### @saraholt follow-ups - ✅ **Shared `seedBilateralPair` fixture** (00fa7674) — extracted into `e2e/fixtures/bilateral-correspondence.ts` with matching `cleanupBilateralPair`. Both specs now call one function instead of duplicating three API calls. - ✅ **`afterAll` cleanup** (00fa7674, b7083d42) — both specs purge the seeded document on teardown. Persons remain (backend has no person-delete endpoint) but the `Date.now()` suffix guarantees no collisions between runs. - ✅ **`conv-person-bar` gate in visual spec** (b7083d42) — folded into `openBilateral()` so every test path (structural + snapshot block) fails loudly on a hero-state regression, matching the a11y spec's safety net. ### @leonievoss follow-ups - ✅ **Direction label via Paraglide** (0da34d06) — `row_direction_sent` / `row_direction_received` keys in de (Gesendet/Empfangen), en (Sent/Received), es (Enviada/Recibida). Screen-reader users on EN/ES now hear their language. - ✅ **`TagChipList` `max` defaults to 3** (fba685e7) — common case drops to `<TagChipList tags={doc.tags ?? []} />`; ThumbnailRow simplified accordingly. ### @tobiwendt follow-up - ✅ **Visual-baseline capture tracking ticket** — filed as #313 with `test` + `devops` labels. Step-by-step reproduction included, one-line flip documented so the followup PR is a low-friction change. ### Deferred (for a reason) - **Sara follow-up 4** (flip `VISUAL` default) — depends on #313 landing first; flagged explicitly in that issue. - **Leonie round-2 nit 7** (white ring on busy-scan page badge) — Leonie's exact words: "I'll leave that to a visual review of real thumbnails." Visual call awaiting real scans in the baseline set (#313). ### Test status - Frontend unit: all round-2 edits keep the earlier suite green. ThumbnailRow + TagChipList + DistributionBar green (16 + 4 + 3 = 23 component-level assertions for the briefwechsel surfaces). The pre-existing `ChronikErrorCard` failure is still the only non-green test, confirmed unrelated. ### Commits this round | Commit | Scope | Addresses | |---|---|---| | 00fa7674 | `refactor(e2e)` | @saraholt follow-ups 1 + 2 (a11y spec side) | | b7083d42 | `refactor(e2e)` | @saraholt follow-ups 1 + 2 + 3 (visual spec side) | | 0da34d06 | `i18n(briefwechsel)` | @leonievoss follow-up 6 | | fba685e7 | `refactor(briefwechsel)` | @leonievoss follow-up 8 | | — | Gitea issue #313 | @tobiwendt follow-up | Ready for re-review / merge.

marcel commented 2026-04-23 21:20:50 +02:00

Author

Owner

Copy Link

👨‍💻 Felix Brandt — Senior Fullstack Developer

Verdict: ✅ Approved

Round-3 check — nothing on my side left to raise.

What I verified

• TagChipList's max defaulting to 3 (fba685e7) — clean Svelte 5 destructure with optional prop typing. ThumbnailRow callsite dropped the explicit max={3} which is the signal that the default is doing its job.
• Helper extraction in e2e/fixtures/bilateral-correspondence.ts — shape matches the existing e2e/fixtures/ conventions (only PDF fixtures lived there before; typed helpers fit fine alongside).
• The two E2E specs are now under 90 lines each and have no duplication between them.
• Direction label i18n (0da34d06) is the consistent next step after the earlier DistributionBar i18n — same pattern, same test-style update via m.row_direction_sent().

All 4 round-2 commits are atomic, TDD-driven where a test existed, and clean refactors-under-green where a test already covered the behavior. Shipit.

— Felix (@felixbrandt)

## 👨‍💻 Felix Brandt — Senior Fullstack Developer **Verdict: ✅ Approved** Round-3 check — nothing on my side left to raise. ### What I verified - `TagChipList`'s `max` defaulting to 3 (fba685e7) — clean Svelte 5 destructure with optional prop typing. `ThumbnailRow` callsite dropped the explicit `max={3}` which is the signal that the default is doing its job. - Helper extraction in `e2e/fixtures/bilateral-correspondence.ts` — shape matches the existing `e2e/fixtures/` conventions (only PDF fixtures lived there before; typed helpers fit fine alongside). - The two E2E specs are now under 90 lines each and have no duplication between them. - Direction label i18n (0da34d06) is the consistent next step after the earlier DistributionBar i18n — same pattern, same test-style update via `m.row_direction_sent()`. All 4 round-2 commits are atomic, TDD-driven where a test existed, and clean refactors-under-green where a test already covered the behavior. Shipit. — Felix (@felixbrandt)

marcel commented 2026-04-23 21:20:55 +02:00

Author

Owner

Copy Link

🏛️ Markus Keller — Application Architect

Verdict: ✅ Approved

Round 3 was pure hygiene — no structural changes. The new fixture module (e2e/fixtures/bilateral-correspondence.ts) is the right shape: a focused helper that doesn't grow into a "test framework", no cross-test global state, typed return value (BilateralPair). That's a fixture, not a framework.

Issue #313 for baseline capture is well-scoped: concrete steps, acceptance criteria, one-line flip documented. That's how follow-up work should be filed — the next person picking it up doesn't need to reconstruct context.

No new ADRs warranted for round-2/3 changes — these are all internal polish within boundaries ADR-004 and ADR-005 already capture.

— Markus (@mkeller)

## 🏛️ Markus Keller — Application Architect **Verdict: ✅ Approved** Round 3 was pure hygiene — no structural changes. The new fixture module (`e2e/fixtures/bilateral-correspondence.ts`) is the right shape: a focused helper that doesn't grow into a "test framework", no cross-test global state, typed return value (`BilateralPair`). That's a fixture, not a framework. Issue #313 for baseline capture is well-scoped: concrete steps, acceptance criteria, one-line flip documented. That's how follow-up work should be filed — the next person picking it up doesn't need to reconstruct context. No new ADRs warranted for round-2/3 changes — these are all internal polish within boundaries ADR-004 and ADR-005 already capture. — Markus (@mkeller)

marcel commented 2026-04-23 21:21:00 +02:00

Author

Owner

Copy Link

🛡️ Nora "NullX" Steiner — Application Security Engineer

Verdict: ✅ Approved

No security surface added in round 3.

What I re-audited

• Fixture module (e2e/fixtures/bilateral-correspondence.ts) — test-only code, runs behind the authenticated admin storage state. request.delete('/api/documents/...') uses the same admin context as the POSTs; no privilege escalation path.
• Paraglide direction keys (0da34d06) — static string returns (no variable interpolation), auto-escaped by Svelte on aria-label={ariaLabel}. Nothing to attack.
• TagChipList default value — purely a TypeScript default, no runtime surface change.

Clean pass.

— Nora (@NullX)

## 🛡️ Nora "NullX" Steiner — Application Security Engineer **Verdict: ✅ Approved** No security surface added in round 3. ### What I re-audited - **Fixture module** (`e2e/fixtures/bilateral-correspondence.ts`) — test-only code, runs behind the authenticated admin storage state. `request.delete('/api/documents/...')` uses the same admin context as the POSTs; no privilege escalation path. - **Paraglide direction keys** (0da34d06) — static string returns (no variable interpolation), auto-escaped by Svelte on `aria-label={ariaLabel}`. Nothing to attack. - **TagChipList default value** — purely a TypeScript default, no runtime surface change. Clean pass. — Nora (@NullX)

marcel commented 2026-04-23 21:21:11 +02:00

Author

Owner

Copy Link

🧪 Sara Holt — QA & Test Strategist

Verdict: ✅ Approved

All four of my round-2 follow-ups resolved in the way I asked for.

Verified

1. seedBilateralPair helper (00fa7674) — typed return (BilateralPair), clear prefix param to disambiguate the two specs ("A11y" vs "Visual"), docstring documents the person-delete caveat up-front. Exactly the shape I wanted.
2. afterAll cleanup in both specs (00fa7674, b7083d42) — purges the document via the existing delete endpoint. The orphaned-persons caveat is called out honestly; Date.now() suffix keeps them unique so they don't accumulate into collisions. Acceptable trade-off for a test DB.
3. conv-person-bar gate in the visual spec (b7083d42) — folded into openBilateral() so every path uses it. Safety net at the right layer.
4. Baseline capture tracking (#313) — reproduction steps, acceptance criteria, and the one-line VISUAL default flip all documented. Whoever picks this up has zero friction.

What I loved

• The helper lives in e2e/fixtures/ next to the existing minimal.pdf / minimal2.pdf — same directory, consistent convention.
• The helper's docstring doesn't pretend the person-delete limitation doesn't exist. Honest about the trade-off.
• fba685e7 (TagChipList max=3 default) got a dedicated test case for the default, not just a refactor commit. That's the TDD discipline showing.

Clean sign-off from me.

— Sara (@saraholt)

## 🧪 Sara Holt — QA & Test Strategist **Verdict: ✅ Approved** All four of my round-2 follow-ups resolved in the way I asked for. ### Verified 1. **`seedBilateralPair` helper** (00fa7674) — typed return (`BilateralPair`), clear prefix param to disambiguate the two specs ("A11y" vs "Visual"), docstring documents the person-delete caveat up-front. Exactly the shape I wanted. 2. **`afterAll` cleanup** in both specs (00fa7674, b7083d42) — purges the document via the existing delete endpoint. The orphaned-persons caveat is called out honestly; `Date.now()` suffix keeps them unique so they don't accumulate into collisions. Acceptable trade-off for a test DB. 3. **`conv-person-bar` gate in the visual spec** (b7083d42) — folded into `openBilateral()` so every path uses it. Safety net at the right layer. 4. **Baseline capture tracking** (#313) — reproduction steps, acceptance criteria, and the one-line `VISUAL` default flip all documented. Whoever picks this up has zero friction. ### What I loved - The helper lives in `e2e/fixtures/` next to the existing `minimal.pdf` / `minimal2.pdf` — same directory, consistent convention. - The helper's docstring doesn't pretend the person-delete limitation doesn't exist. Honest about the trade-off. - `fba685e7` (TagChipList `max=3` default) got a dedicated test case for the default, not just a refactor commit. That's the TDD discipline showing. Clean sign-off from me. — Sara (@saraholt)

marcel commented 2026-04-23 21:21:16 +02:00

Author

Owner

Copy Link

🔧 Tobias Wendt — DevOps & Platform Engineer

Verdict: ✅ Approved

Round 3 is still infrastructure-quiet. Issue #313 filed with the right labels (test, devops), scoped to one clear deliverable, one-line flip documented. That's the right artifact to hand off.

No change to Compose, CI workflow, or secrets. No new dependencies. The seeding goes through the existing authenticated test context — same auth pattern, zero CI pipeline changes needed.

Ship it.

— Tobias (@tobiwendt)

## 🔧 Tobias Wendt — DevOps & Platform Engineer **Verdict: ✅ Approved** Round 3 is still infrastructure-quiet. Issue #313 filed with the right labels (`test`, `devops`), scoped to one clear deliverable, one-line flip documented. That's the right artifact to hand off. No change to Compose, CI workflow, or secrets. No new dependencies. The seeding goes through the existing authenticated test context — same auth pattern, zero CI pipeline changes needed. Ship it. — Tobias (@tobiwendt)

marcel commented 2026-04-23 21:21:25 +02:00

Author

Owner

Copy Link

🎨 Leonie Voss — UX Designer & Accessibility Strategist

Verdict: ✅ Approved

Both round-2 follow-ups I flagged are landed.

Direction label i18n (0da34d06)

Three locales, idiomatic translations:

• DE: Gesendet / Empfangen ✅
• EN: Sent / Received ✅ — concise, screen-reader friendly
• ES: Enviada / Recibida ✅ — correct feminine form since "carta" (letter) is feminine, matches the implicit subject

The $derived wiring uses m.row_direction_sent() / m.row_direction_received() — consistent with the DistributionBar i18n pattern from round 1. A Spanish-speaking user hearing "Enviada: Querida Ana, 1 de junio de 1950" now gets a locally-correct announcement. That's the bar.

TagChipList default (fba685e7)

max = 3 default with optional prop type. Callsite simplified. Future consumers (document detail header, Chronik) get the sensible default for free — matches the size = 'sm' default in DocumentThumbnail. Consistent.

Nothing left on my side

No more UX/a11y follow-ups pending on this PR. The white-ring-on-badge nit is awaiting the baseline PNGs from #313 — correct deferral, I explicitly said that.

Merge.

— Leonie (@leonievoss)

## 🎨 Leonie Voss — UX Designer & Accessibility Strategist **Verdict: ✅ Approved** Both round-2 follow-ups I flagged are landed. ### Direction label i18n (0da34d06) Three locales, idiomatic translations: - DE: Gesendet / Empfangen ✅ - EN: Sent / Received ✅ — concise, screen-reader friendly - ES: Enviada / Recibida ✅ — correct feminine form since "carta" (letter) is feminine, matches the implicit subject The `$derived` wiring uses `m.row_direction_sent()` / `m.row_direction_received()` — consistent with the DistributionBar i18n pattern from round 1. A Spanish-speaking user hearing "Enviada: Querida Ana, 1 de junio de 1950" now gets a locally-correct announcement. That's the bar. ### TagChipList default (fba685e7) `max = 3` default with optional prop type. Callsite simplified. Future consumers (document detail header, Chronik) get the sensible default for free — matches the `size = 'sm'` default in `DocumentThumbnail`. Consistent. ### Nothing left on my side No more UX/a11y follow-ups pending on this PR. The white-ring-on-badge nit is awaiting the baseline PNGs from #313 — correct deferral, I explicitly said that. Merge. — Leonie (@leonievoss)

marcel merged commit 503ce49ef7 into main 2026-04-23 21:38:57 +02:00

marcel deleted branch feat/issue-305-briefwechsel-thumbnail-rows 2026-04-23 21:38:59 +02:00

marcel referenced this issue from a commit 2026-04-23 21:59:59 +02:00

feat(briefwechsel): restore direction arrow next to row title

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

Clear labels

P0-critical

Blocks a core user journey, causes data loss, or is a security/accessibility barrier. Work on this before P1+.

P1-high

Significant friction on a main user journey; workaround exists but is non-obvious. Next up after P0.

P2-medium

Noticeable improvement; doesn't block anything; schedule opportunistically.

P3-later

Cosmetic or parking-lot work; fine to stay open indefinitely.

audit

Read-only audit / assessment work; produces a report rather than changing code

bug

Something isn't working

cleanup

Removal of dead code, vague comments, naming violations, and scratch artifacts

collaboration

We want to extend the family archive to have more collaboration tools

conversation

descoped

We will do that later

devops

documentation

README, ARCHITECTURE, GLOSSARY, CONTRIBUTING, per-domain docs

epic

Marker for epic-level issues that group multiple child issues

feature

file-upload

legibility

Codebase Legibility Refactor — preparing the codebase for human evaluation and bus-factor reduction

notification

person

phase-1: security

Security hygiene — must be done first

phase-2: container-images

Production-ready multi-stage Docker images

phase-3: prod-compose

Production compose overlay + Caddy reverse proxy

phase-4: spring-prod-profile

Spring Boot production configuration profile

phase-5: backups

Database and object storage backup strategy

phase-6: deployment-docs

.env.example, DEPLOYMENT.md, runbook

phase-7: monitoring

Prometheus, Loki, Grafana, Alertmanager

refactor

Code restructuring without behaviour change

security

test

ui

UI/UX and accessibility issues

user

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

Jens marcel

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: marcel/familienarchiv#311