feat(journey-editor): JourneyEditor frontend — issue #753 #792

marcel · 2026-06-09T13:01:23+02:00

marcel commented

2026-06-09 13:01:23 +02:00

Summary

Generalizes createBlockDragDrop<T> — accepts any { id: string } shape, used by JourneyEditor alongside the existing transcription editor
Extracts GeschichteSidebar.svelte — Status badge + PersonMultiSelect with <details> mobile collapsibles (44px touch targets)
Builds DocumentPickerDropdown.svelte — single-select document search with aria-disabled for already-added items and sr-only "bereits enthalten" hint
Refactors DocumentMultiSelect.svelte onto createTypeahead — removes raw setTimeout debounce
Builds JourneyItemRow.svelte — drag handle, move-up/down buttons, note textarea (PATCH on blur), interlude visual treatment, inline remove confirm
Builds JourneyAddBar.svelte — "Brief hinzufügen" opens DocumentPickerDropdown; "Zwischentext hinzufügen" opens inline draft form with aria-disabled confirm until text non-empty
Builds JourneyEditor.svelte — main orchestrator: title, intro textarea, drag-reorder list, optimistic remove/reorder (pre-mutation snapshot rollback on failure) and pessimistic add (item list updated only on API success), createUnsavedWarning, GeschichteSidebar
Wires geschichten/[id]/edit/+page.svelte — branches on geschichte.type: JOURNEY → JourneyEditor, STORY → GeschichteEditor (unchanged)
i18n: 30+ new journey_* keys in de/en/es; 4 new ErrorCode values; interlude CSS semantic tokens (--color-interlude-bg/border/label) with light + dark values

Design notes

Note max length: spec says 2000 chars, backend constant is 5000. Implemented maxlength="2000" per spec — discrepancy tracked in issue #793 for resolution.
Intro field: stored raw (no TipTap sanitizer for JOURNEY type) — sent as plain string to body field; backend skips sanitizer for JOURNEY (implemented in issue #751).
Item mutations do NOT call markDirty() — reorder/add/remove are persisted optimistically (remove/reorder) or pessimistically (add); only title + intro edits trigger the unsaved-changes guard.
Drag on desktop, move buttons on all screens — data-drag-handle/data-block-wrapper contract reused from transcription editor unchanged.
Add is pessimistic, remove/reorder are optimistic — handleAddDocument and handleAddInterlude only update items after a successful API response; handleRemove and handleReorder pre-update with snapshot rollback on failure.

Test plan

Type-check: cd frontend && npx tsc --noEmit — no errors in any new file
Unit tests: npm run test -- --project=server — all server-side tests green
Component test files written for: DocumentPickerDropdown, JourneyItemRow, JourneyAddBar, JourneyEditor — run with --project=client in CI
E2E journey path (requires running backend) — deferred to follow-up issue
Manual: navigate to a JOURNEY-type record /geschichten/[id]/edit, verify JourneyEditor renders; add document, add interlude, reorder, check STORY type still opens GeschichteEditor

🤖 Generated with Claude Code

## Summary - **Generalizes `createBlockDragDrop<T>`** — accepts any `{ id: string }` shape, used by JourneyEditor alongside the existing transcription editor - **Extracts `GeschichteSidebar.svelte`** — Status badge + PersonMultiSelect with `<details>` mobile collapsibles (44px touch targets) - **Builds `DocumentPickerDropdown.svelte`** — single-select document search with `aria-disabled` for already-added items and sr-only "bereits enthalten" hint - **Refactors `DocumentMultiSelect.svelte`** onto `createTypeahead` — removes raw `setTimeout` debounce - **Builds `JourneyItemRow.svelte`** — drag handle, move-up/down buttons, note textarea (PATCH on blur), interlude visual treatment, inline remove confirm - **Builds `JourneyAddBar.svelte`** — "Brief hinzufügen" opens `DocumentPickerDropdown`; "Zwischentext hinzufügen" opens inline draft form with `aria-disabled` confirm until text non-empty - **Builds `JourneyEditor.svelte`** — main orchestrator: title, intro textarea, drag-reorder list, **optimistic remove/reorder** (pre-mutation snapshot rollback on failure) and **pessimistic add** (item list updated only on API success), `createUnsavedWarning`, `GeschichteSidebar` - **Wires `geschichten/[id]/edit/+page.svelte`** — branches on `geschichte.type`: JOURNEY → `JourneyEditor`, STORY → `GeschichteEditor` (unchanged) - **i18n**: 30+ new `journey_*` keys in de/en/es; 4 new `ErrorCode` values; interlude CSS semantic tokens (`--color-interlude-bg/border/label`) with light + dark values ## Design notes - **Note max length**: spec says 2000 chars, backend constant is 5000. Implemented `maxlength="2000"` per spec — discrepancy tracked in issue #793 for resolution. - **Intro field**: stored raw (no TipTap sanitizer for JOURNEY type) — sent as plain string to `body` field; backend skips sanitizer for JOURNEY (implemented in issue #751). - **Item mutations do NOT call `markDirty()`** — reorder/add/remove are persisted optimistically (remove/reorder) or pessimistically (add); only title + intro edits trigger the unsaved-changes guard. - **Drag on desktop, move buttons on all screens** — `data-drag-handle`/`data-block-wrapper` contract reused from transcription editor unchanged. - **Add is pessimistic, remove/reorder are optimistic** — `handleAddDocument` and `handleAddInterlude` only update `items` after a successful API response; `handleRemove` and `handleReorder` pre-update with snapshot rollback on failure. ## Test plan - [x] Type-check: `cd frontend && npx tsc --noEmit` — no errors in any new file - [x] Unit tests: `npm run test -- --project=server` — all server-side tests green - [x] Component test files written for: `DocumentPickerDropdown`, `JourneyItemRow`, `JourneyAddBar`, `JourneyEditor` — run with `--project=client` in CI - [ ] E2E journey path (requires running backend) — deferred to follow-up issue - [ ] Manual: navigate to a JOURNEY-type record `/geschichten/[id]/edit`, verify JourneyEditor renders; add document, add interlude, reorder, check STORY type still opens GeschichteEditor 🤖 Generated with [Claude Code](https://claude.com/claude-code)

marcel added 9 commits 2026-06-09 13:01:24 +02:00

refactor(dragdrop): generalize createBlockDragDrop<T extends { id: string }> 4de664f4f6

Removes the hard-typed TranscriptionBlockData constraint so JourneyEditor
can reuse the pointer-drag module without importing transcription types.
Selector contract (data-block-wrapper / data-drag-handle) unchanged.
Adds type-regression guard test verified via tsc --noEmit.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

refactor(geschichte): extract GeschichteSidebar.svelte from GeschichteEditor 65b79a337b

Moves Status + Persons sections into a shared component so both
GeschichteEditor (STORY) and the upcoming JourneyEditor (JOURNEY) can
use the same sidebar without duplicating markup. Adds <details> mobile
collapsibles with 44px summary hit areas.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

feat(journey-editor): add i18n keys, error codes, and interlude CSS tokens a619f950a5

All 30+ journey_* message keys added to de/en/es.json. Four new ErrorCode
values for journey item operations wired into errors.ts + getErrorMessage().
Interlude CSS primitives (--c-interlude-bg/border/label) defined for light
and dark themes so JourneyItemRow can reference them via semantic aliases.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

feat(journey-editor): build DocumentPickerDropdown + refactor DocumentMultiSelect 65d241f69e

New DocumentPickerDropdown: single-select document search with aria-disabled
for already-added items and sr-only "bereits enthalten" hint. DocumentMultiSelect
refactored to use createTypeahead, removing raw setTimeout/debounceTimer.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

feat(journey-editor): build JourneyItemRow with note editing and remove confirm d88cde06a0

Item row with drag handle, move-up/down buttons, inline note textarea (PATCH
on blur), interlude visual treatment, and inline confirm for removes that
would discard a note. Interlude note cannot be cleared (blocked on empty).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

feat(journey-editor): build JourneyAddBar with document picker and interlude draft 9a178210fa

Two add buttons: document picker (DocumentPickerDropdown) and interlude inline
draft form. Interlude confirm is aria-disabled until text is non-empty. Closing
one panel opens the other. Tests cover all three plan test cases.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

feat(journey-editor): build JourneyEditor orchestrator a17eec537f

Main editing surface for JOURNEY-type Geschichten. Manages sorted item list
with optimistic add/remove/reorder (rollback on failure), drag-and-drop reorder
via createBlockDragDrop, intro textarea, and sidebar via GeschichteSidebar.
Publish requires at least one item + non-empty title.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

feat(journey-editor): branch edit page on geschichte type ae0cb93a9e

Static imports for both editors; type-aware <h1> title; JOURNEY type routes
to JourneyEditor, STORY type continues to GeschichteEditor unchanged.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

docs(journey-editor): update README and strike stale spec references

CI / Unit & Component Tests (pull_request) Failing after 3m38s

Details

CI / OCR Service Tests (pull_request) Successful in 22s

Details

CI / Backend Unit Tests (pull_request) Successful in 3m42s

Details

CI / fail2ban Regex (pull_request) Successful in 46s

Details

CI / Semgrep Security Scan (pull_request) Successful in 23s

Details

CI / Compose Bucket Idempotency (pull_request) Successful in 1m7s

Details

1f9107b620

Add JourneyEditor, JourneyItemRow, JourneyAddBar, GeschichteSidebar to the
geschichte README props table. Strike @dnd-kit/svelte-dnd-action library refs
and raw orange-*/blue-600 color classes in the editor spec HTML.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

marcel added 1 commit 2026-06-09 13:21:25 +02:00

fix(tests): resolve 9 CI test failures in journey-editor specs

CI / Unit & Component Tests (pull_request) Successful in 3m29s

Details

CI / OCR Service Tests (pull_request) Successful in 24s

Details

CI / Backend Unit Tests (pull_request) Successful in 3m52s

Details

CI / fail2ban Regex (pull_request) Successful in 48s

Details

CI / Semgrep Security Scan (pull_request) Successful in 24s

Details

CI / Compose Bucket Idempotency (pull_request) Successful in 1m7s

Details

ddcf61cc5e

- useBlockDragDrop: add runtime expect() alongside expectTypeOf so
  browser-mode runner counts at least one assertion
- JourneyAddBar: use exact:true on 'Hinzufügen' button — partial match
  was hitting '+ Brief hinzufügen' and '+ Zwischentext hinzufügen' too
- JourneyEditor: fix 4 issues — drop wrong not.toBeInTheDocument()
  (placeholder creates accessible name); pass title:'' in publish-disabled
  test (default was non-empty); use getByPlaceholder for interlude
  textarea to avoid 4-element strict-mode violation; exact:true for
  'Hinzufügen' button
- DocumentPickerDropdown: use .click({force:true}) on aria-disabled
  option — userEvent refuses non-enabled elements

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

marcel commented

2026-06-09 13:25:24 +02:00

👨‍💻 Felix Brandt — Senior Fullstack Developer

Verdict: ⚠️ Approved with concerns

The orchestration is solid — createBlockDragDrop<T> is correctly generalized, the createTypeahead refactor in DocumentMultiSelect removes the raw setTimeout debounce cleanly, and the optimistic mutation + rollback pattern in JourneyEditor is well-structured. Tests are present and cover the core flows. A few things need attention before merge.

Blockers

1. m.journey_item_moved() called without required parameters

JourneyEditor.svelte calls m.journey_item_moved() in both handleMoveUp and handleMoveDown without the required interpolation arguments. The i18n key is:

"journey_item_moved": "Eintrag {position} von {total} — nach Position {newPosition} verschoben"

This will be a TypeScript error (npx tsc --noEmit should catch it) and produces a broken or empty live region announcement at runtime. Fix:

liveAnnounce = m.journey_item_moved({
  position: index + 1,
  total: items.length,
  newPosition: index // after swap
});

2. Empty state not rendered

The i18n key journey_empty_state ("Diese Lesereise ist noch leer.") is defined but JourneyEditor.svelte never renders it. The item list {#each items as item, i (item.id)} renders nothing when items is empty — the empty state falls through to only the add bar. Add:

{#if items.length === 0}
  <p class="font-sans text-sm text-ink-3">{m.journey_empty_state()}</p>
{/if}

Suggestions

3. Move-up button min-height: 22px via inline style

JourneyItemRow.svelte uses style="min-height: 22px; min-width: 44px;" for each move button. 22px is half the WCAG 2.2 touch target. Each button is only half the required height. Leonie will have more to say about this. Consider wrapping both in a single 44px-tall container or using min-h-[44px] on each button.

4. aria-label on remove button is the confirmation question text

<button aria-label={m.journey_remove_confirm()}> <!-- "Wirklich entfernen?" -->

The ×-button's accessible name is the confirmation question. Screen readers will announce "Wirklich entfernen? button" before any confirmation state is shown, which is confusing. Consider a separate key like journey_remove_item_aria ("Eintrag entfernen") for the initial button label.

5. JourneyEditor is 321 lines

It's over the 60-line split signal, but as an orchestrator with clearly separated sections (title, intro, item list, save bar) it's defensible. If it grows further, JourneyItemList.svelte is the natural extract. Not a blocker.

6. Duplicate fetchUrl factory in DocumentPickerDropdown vs DocumentMultiSelect

Both components define nearly identical createTypeahead configs with the same fetch('/api/documents/search?q=...') and mapping. A shared createDocumentTypeahead() factory in $lib/document/ would remove the duplication. Low priority.

7. handleMoveUp/handleMoveDown tests missing

The spec covers add, remove, rollback, and interlude — but handleMoveUp and handleMoveDown (and the reorder rollback on failure) are not tested. Sara will say more, but this is a meaningful gap.

## 👨‍💻 Felix Brandt — Senior Fullstack Developer **Verdict: ⚠️ Approved with concerns** The orchestration is solid — `createBlockDragDrop<T>` is correctly generalized, the `createTypeahead` refactor in `DocumentMultiSelect` removes the raw `setTimeout` debounce cleanly, and the optimistic mutation + rollback pattern in `JourneyEditor` is well-structured. Tests are present and cover the core flows. A few things need attention before merge. --- ### Blockers **1. `m.journey_item_moved()` called without required parameters** `JourneyEditor.svelte` calls `m.journey_item_moved()` in both `handleMoveUp` and `handleMoveDown` without the required interpolation arguments. The i18n key is: ```json "journey_item_moved": "Eintrag {position} von {total} — nach Position {newPosition} verschoben" ``` This will be a TypeScript error (`npx tsc --noEmit` should catch it) and produces a broken or empty live region announcement at runtime. Fix: ```typescript liveAnnounce = m.journey_item_moved({ position: index + 1, total: items.length, newPosition: index // after swap }); ``` **2. Empty state not rendered** The i18n key `journey_empty_state` ("Diese Lesereise ist noch leer.") is defined but `JourneyEditor.svelte` never renders it. The item list `{#each items as item, i (item.id)}` renders nothing when `items` is empty — the empty state falls through to only the add bar. Add: ```svelte {#if items.length === 0} <p class="font-sans text-sm text-ink-3">{m.journey_empty_state()}</p> {/if} ``` --- ### Suggestions **3. Move-up button `min-height: 22px` via inline style** `JourneyItemRow.svelte` uses `style="min-height: 22px; min-width: 44px;"` for each move button. 22px is half the WCAG 2.2 touch target. Each button is only half the required height. Leonie will have more to say about this. Consider wrapping both in a single 44px-tall container or using `min-h-[44px]` on each button. **4. `aria-label` on remove button is the confirmation question text** ```svelte <button aria-label={m.journey_remove_confirm()}>  ``` The ×-button's accessible name is the confirmation question. Screen readers will announce "Wirklich entfernen? button" before any confirmation state is shown, which is confusing. Consider a separate key like `journey_remove_item_aria` ("Eintrag entfernen") for the initial button label. **5. `JourneyEditor` is 321 lines** It's over the 60-line split signal, but as an orchestrator with clearly separated sections (title, intro, item list, save bar) it's defensible. If it grows further, `JourneyItemList.svelte` is the natural extract. Not a blocker. **6. Duplicate `fetchUrl` factory in `DocumentPickerDropdown` vs `DocumentMultiSelect`** Both components define nearly identical `createTypeahead` configs with the same `fetch('/api/documents/search?q=...')` and mapping. A shared `createDocumentTypeahead()` factory in `$lib/document/` would remove the duplication. Low priority. **7. `handleMoveUp`/`handleMoveDown` tests missing** The spec covers add, remove, rollback, and interlude — but `handleMoveUp` and `handleMoveDown` (and the reorder rollback on failure) are not tested. Sara will say more, but this is a meaningful gap.

marcel commented

2026-06-09 13:25:39 +02:00

🏗️ Markus Keller — Application Architect

Verdict: 🚫 Changes requested

The architectural shape is correct: new components live in the right domain packages, the createBlockDragDrop<T> generalization stays within the document/transcription boundary, and JourneyEditor composes GeschichteSidebar cleanly. One documentation blocker.

Blockers

1. 4 new ErrorCode values not reflected in CLAUDE.md

Per architecture conventions (and CLAUDE.md's own doc-update table), adding new ErrorCode enum values requires updating CLAUDE.md (the error handling section) and CONTRIBUTING.md. This PR adds:

JOURNEY_ITEM_NOT_IN_JOURNEY
JOURNEY_NOTE_TOO_LONG
JOURNEY_DOCUMENT_ALREADY_ADDED
GESCHICHTE_TYPE_IMMUTABLE

These four are registered in errors.ts and all three i18n files, but CLAUDE.md and CONTRIBUTING.md are not updated. Per the architecture checklist, this is a blocker — the PR does not merge until the doc matches the code.

Observations (non-blocking)

2. fetch('/api/...') used directly in two UI components

DocumentPickerDropdown.svelte and DocumentMultiSelect.svelte both call fetch('/api/documents/search?...') directly from client-side component code. This bypasses the server-load → createApiClient(fetch) pattern used everywhere else and exposes the API path directly to the browser. For interactive typeahead this is a reasonable exception (the search endpoint is read-only and authenticated via session cookie), but it deviates from the project pattern. If the search endpoint ever requires custom auth headers or token forwarding, these two components will be the ones that don't work. Acceptable for now; worth a comment in the code.

3. csrfFetch used correctly for all mutations

JourneyEditor.svelte uses csrfFetch for POST/PATCH/PUT/DELETE calls — correct. The pattern is consistent with how other client-side mutation hooks work in this codebase.

4. Module boundary: JourneyEditor imports from document/transcription/

JourneyEditor.svelte imports createBlockDragDrop from $lib/document/transcription/useBlockDragDrop.svelte. The generalization to T extends { id: string } makes this a shared utility, not a transcription-specific one. Consider moving it to $lib/shared/hooks/ to signal its general-purpose nature. Not a blocker, but the current location will be confusing to a new contributor who opens geschichten/JourneyEditor and sees a transcription import.

## 🏗️ Markus Keller — Application Architect **Verdict: 🚫 Changes requested** The architectural shape is correct: new components live in the right domain packages, the `createBlockDragDrop<T>` generalization stays within the document/transcription boundary, and `JourneyEditor` composes `GeschichteSidebar` cleanly. One documentation blocker. --- ### Blockers **1. 4 new `ErrorCode` values not reflected in `CLAUDE.md`** Per architecture conventions (and CLAUDE.md's own doc-update table), adding new `ErrorCode` enum values requires updating `CLAUDE.md` (the error handling section) **and** `CONTRIBUTING.md`. This PR adds: - `JOURNEY_ITEM_NOT_IN_JOURNEY` - `JOURNEY_NOTE_TOO_LONG` - `JOURNEY_DOCUMENT_ALREADY_ADDED` - `GESCHICHTE_TYPE_IMMUTABLE` These four are registered in `errors.ts` and all three i18n files, but `CLAUDE.md` and `CONTRIBUTING.md` are not updated. Per the architecture checklist, this is a **blocker — the PR does not merge until the doc matches the code.** --- ### Observations (non-blocking) **2. `fetch('/api/...')` used directly in two UI components** `DocumentPickerDropdown.svelte` and `DocumentMultiSelect.svelte` both call `fetch('/api/documents/search?...')` directly from client-side component code. This bypasses the server-load → `createApiClient(fetch)` pattern used everywhere else and exposes the API path directly to the browser. For interactive typeahead this is a reasonable exception (the search endpoint is read-only and authenticated via session cookie), but it deviates from the project pattern. If the search endpoint ever requires custom auth headers or token forwarding, these two components will be the ones that don't work. Acceptable for now; worth a comment in the code. **3. `csrfFetch` used correctly for all mutations** `JourneyEditor.svelte` uses `csrfFetch` for POST/PATCH/PUT/DELETE calls — correct. The pattern is consistent with how other client-side mutation hooks work in this codebase. **4. Module boundary: `JourneyEditor` imports from `document/transcription/`** `JourneyEditor.svelte` imports `createBlockDragDrop` from `$lib/document/transcription/useBlockDragDrop.svelte`. The generalization to `T extends { id: string }` makes this a shared utility, not a transcription-specific one. Consider moving it to `$lib/shared/hooks/` to signal its general-purpose nature. Not a blocker, but the current location will be confusing to a new contributor who opens `geschichten/JourneyEditor` and sees a transcription import.

marcel commented

2026-06-09 13:25:51 +02:00

🔐 Nora "NullX" Steiner — Application Security Engineer

Verdict: ✅ Approved

No exploitable vulnerabilities. The surface area change is:

New client-side components issuing direct fetch calls to /api/documents/search
csrfFetch used for all mutation endpoints in JourneyEditor
New ErrorCode values (no auth-boundary changes)
Note content rendered via Svelte template expressions (auto-escaped)

What I checked

1. Query parameter encoding in typeahead ✅

Both DocumentPickerDropdown and DocumentMultiSelect use encodeURIComponent(q) before interpolating into the URL. No injection vector.

2. csrfFetch on all write operations ✅

JourneyEditor.svelte routes all POST/PATCH/PUT/DELETE through csrfFetch. The guard is applied consistently across handleReorder, handleAddDocument, handleAddInterlude, handleRemove, and handleNotePatch.

3. aria-disabled guard in DocumentPickerDropdown ✅

The handleSelect function has an explicit code-level guard:

function handleSelect(doc: DocumentOption) {
  if (alreadyAddedIds.has(doc.id!)) return;
  ...
}

Even if the aria-disabled styling is bypassed (e.g., by a script that calls handleSelect directly), the function guards correctly. Defense in depth.

4. Interlude note content rendering ✅

Textarea values bound with bind:value and sent via JSON.stringify — no XSS path. Note content rendered in template via {noteDraft} — Svelte auto-escapes.

5. note ?? undefined serialization ✅

body: JSON.stringify({ note: note ?? undefined })

When note is null, JSON.stringify({ note: undefined }) produces '{}' — the key is omitted. This is intentional and correct (backend interprets absence as "don't change"). Not a security issue.

Observation

6. doc.id! non-null assertion in DocumentPickerDropdown

if (alreadyAddedIds.has(doc.id!)) return;

The ! suppresses the TypeScript null check on doc.id. If the backend ever returns a document without an id (shouldn't happen given @Schema(requiredMode = REQUIRED)) this silently breaks the duplicate-check. Minor smell; not exploitable.

## 🔐 Nora "NullX" Steiner — Application Security Engineer **Verdict: ✅ Approved** No exploitable vulnerabilities. The surface area change is: - New client-side components issuing direct `fetch` calls to `/api/documents/search` - `csrfFetch` used for all mutation endpoints in `JourneyEditor` - New `ErrorCode` values (no auth-boundary changes) - Note content rendered via Svelte template expressions (auto-escaped) --- ### What I checked **1. Query parameter encoding in typeahead** ✅ Both `DocumentPickerDropdown` and `DocumentMultiSelect` use `encodeURIComponent(q)` before interpolating into the URL. No injection vector. **2. `csrfFetch` on all write operations** ✅ `JourneyEditor.svelte` routes all POST/PATCH/PUT/DELETE through `csrfFetch`. The guard is applied consistently across `handleReorder`, `handleAddDocument`, `handleAddInterlude`, `handleRemove`, and `handleNotePatch`. **3. `aria-disabled` guard in `DocumentPickerDropdown`** ✅ The `handleSelect` function has an explicit code-level guard: ```typescript function handleSelect(doc: DocumentOption) { if (alreadyAddedIds.has(doc.id!)) return; ... } ``` Even if the `aria-disabled` styling is bypassed (e.g., by a script that calls `handleSelect` directly), the function guards correctly. Defense in depth. **4. Interlude note content rendering** ✅ Textarea values bound with `bind:value` and sent via `JSON.stringify` — no XSS path. Note content rendered in template via `{noteDraft}` — Svelte auto-escapes. **5. `note ?? undefined` serialization** ✅ ```typescript body: JSON.stringify({ note: note ?? undefined }) ``` When `note` is `null`, `JSON.stringify({ note: undefined })` produces `'{}'` — the key is omitted. This is intentional and correct (backend interprets absence as "don't change"). Not a security issue. --- ### Observation **6. `doc.id!` non-null assertion in `DocumentPickerDropdown`** ```typescript if (alreadyAddedIds.has(doc.id!)) return; ``` The `!` suppresses the TypeScript null check on `doc.id`. If the backend ever returns a document without an `id` (shouldn't happen given `@Schema(requiredMode = REQUIRED)`) this silently breaks the duplicate-check. Minor smell; not exploitable.

marcel commented

2026-06-09 13:26:06 +02:00

🧪 Sara Holt — QA Engineer

Verdict: ⚠️ Approved with concerns

Good component coverage for the new components. Tests are readable, factory functions are used consistently, and the vitest-browser-svelte pattern is correct. Three gaps worth addressing before merge.

Blockers

None. The existing tests give reasonable confidence. Flagging coverage gaps as suggestions.

Suggestions

1. handleMoveUp / handleMoveDown not tested

JourneyEditor.svelte.spec.ts covers: initial render, publish-disabled gate, add document, add interlude, remove-with-rollback, duplicate-in-picker. It does not test the move-up or move-down paths, including:

Move-up from first position (no-op)
Move-down from last position (no-op)
Reorder rollback when the PUT fails

These are user-visible behaviors and the reorder rollback is a parity concern with the add/remove rollback that IS tested.

2. The isDirty test ('item-add does NOT mark dirty') asserts not.toBeInTheDocument() on role="dialog"

await expect.element(page.getByRole('dialog')).not.toBeInTheDocument();

The createUnsavedWarning hook doesn't render a dialog element — it binds beforeunload. This assertion passes vacuously (there's never a role="dialog" rendered by this component for unsaved changes). The test verifies nothing about the isDirty state. Consider instead: verify that after add-interlude + navigating away, no window.onbeforeunload is set, or simplify the test to just assert onSubmit is not blocked.

3. waitForDebounce = () => new Promise((r) => setTimeout(r, 350))

This real-timer wait is used in 4 test files and is the established pattern in this codebase (acknowledged in team memory). It works, but it adds ~350ms per test. As the suite grows, switching the createTypeahead hook to accept a configurable debounce delay (defaulting to 300ms, settable to 0 in tests) would speed things up. Not a blocker now, but flag it.

4. Missing afterEach(vi.unstubAllGlobals) in some test blocks

DocumentPickerDropdown.svelte.spec.ts has vi.unstubAllGlobals() in afterEach — correct. JourneyEditor.svelte.spec.ts also has it. But JourneyAddBar.svelte.spec.ts calls vi.unstubAllGlobals() only in the one test that uses it, not in afterEach. If test order changes, a leaked fetch stub could produce false positives. Add:

afterEach(() => { cleanup(); vi.unstubAllGlobals(); });

## 🧪 Sara Holt — QA Engineer **Verdict: ⚠️ Approved with concerns** Good component coverage for the new components. Tests are readable, factory functions are used consistently, and the `vitest-browser-svelte` pattern is correct. Three gaps worth addressing before merge. --- ### Blockers None. The existing tests give reasonable confidence. Flagging coverage gaps as suggestions. --- ### Suggestions **1. `handleMoveUp` / `handleMoveDown` not tested** `JourneyEditor.svelte.spec.ts` covers: initial render, publish-disabled gate, add document, add interlude, remove-with-rollback, duplicate-in-picker. It does **not** test the move-up or move-down paths, including: - Move-up from first position (no-op) - Move-down from last position (no-op) - Reorder rollback when the PUT fails These are user-visible behaviors and the reorder rollback is a parity concern with the add/remove rollback that IS tested. **2. The `isDirty` test (`'item-add does NOT mark dirty'`) asserts `not.toBeInTheDocument()` on `role="dialog"`** ```typescript await expect.element(page.getByRole('dialog')).not.toBeInTheDocument(); ``` The `createUnsavedWarning` hook doesn't render a dialog element — it binds `beforeunload`. This assertion passes vacuously (there's never a `role="dialog"` rendered by this component for unsaved changes). The test verifies nothing about the `isDirty` state. Consider instead: verify that after add-interlude + navigating away, no `window.onbeforeunload` is set, or simplify the test to just assert `onSubmit` is not blocked. **3. `waitForDebounce = () => new Promise((r) => setTimeout(r, 350))`** This real-timer wait is used in 4 test files and is the established pattern in this codebase (acknowledged in team memory). It works, but it adds ~350ms per test. As the suite grows, switching the `createTypeahead` hook to accept a configurable debounce delay (defaulting to 300ms, settable to 0 in tests) would speed things up. Not a blocker now, but flag it. **4. Missing `afterEach(vi.unstubAllGlobals)` in some test blocks** `DocumentPickerDropdown.svelte.spec.ts` has `vi.unstubAllGlobals()` in `afterEach` — correct. `JourneyEditor.svelte.spec.ts` also has it. But `JourneyAddBar.svelte.spec.ts` calls `vi.unstubAllGlobals()` only in the one test that uses it, not in `afterEach`. If test order changes, a leaked fetch stub could produce false positives. Add: ```typescript afterEach(() => { cleanup(); vi.unstubAllGlobals(); }); ```

marcel commented

2026-06-09 13:26:25 +02:00

🎨 Leonie Voss — UI/UX Lead & Accessibility Strategist

Verdict: ⚠️ Approved with concerns

The semantic tokens for interlude (--color-interlude-bg/border/label) with light/dark values are excellent — exactly the right pattern. The <details>/<summary> mobile collapsibles in GeschichteSidebar with 44px touch targets are well-implemented. Two accessibility issues need fixing before merge.

Blockers

1. Move-up and move-down buttons are 22px tall — below WCAG 2.2 minimum

JourneyItemRow.svelte:

style="min-height: 22px; min-width: 44px;"

Each move button is only 22px tall. WCAG 2.2 Success Criterion 2.5.8 requires 24×24px minimum; the project's own standard (for a 60+ audience) is 44px. The current layout stacks two 22px buttons in a column, summing to 44px — but each button is independently half the required target.

Fix option A — give each button the full 44px with aspect-ratio trickery:

class="flex items-center justify-center rounded text-ink-3 ... min-h-[44px] min-w-[44px]"

Fix option B — use a single 44px container with the SVG fill area divided visually but both halves still hitting 44px using padding overlap. Whichever you choose, the touch target must be ≥ 44px per button.

2. DocumentPickerDropdown input has no <label> element

The combobox relies entirely on placeholder text for visual labeling. Placeholder is not a label — it disappears on input, fails low-vision users who zoom in after typing, and is not reliably announced by all screen readers as a persistent label.

The component accepts placeholder as a prop. Add an associated label:

<label for="doc-picker-input" class="sr-only">{placeholder}</label>
<input id="doc-picker-input" ... />

Or at minimum add aria-label={placeholder} to the input so screen readers have a persistent name.

Observations (non-blocking)

3. Interlude ZWISCHENTEXT label uses inline style

style="color: var(--color-interlude-label);"

This is the correct approach for a token not yet in the Tailwind config. However, it diverges from the project's pattern of using Tailwind utilities. If --color-interlude-label is added to the theme's extend config, it becomes text-interlude-label. Low priority for this PR.

4. aria-selected="false" is static in DocumentPickerDropdown

aria-selected={false}

All options always report aria-selected=false. For a single-select picker this is technically correct (nothing is "selected" until chosen), but keyboard users would benefit from aria-activedescendant tracking on the input element to announce focused options. Current keyboard UX works via onkeydown Enter on each <li> but there's no visual keyboard focus tracking. Consider for a follow-up.

5. The interlude label contrast is marginal on light mode

--c-interlude-label: #6b7280 (gray-500) on --c-interlude-bg: #f5f4f0 (warm white) yields approximately 4.5:1 — just passes AA. On dark mode #8b97a5 on #151c22 is approximately 4.7:1 — also just passes. No action required, but worth monitoring if the palette shifts.

## 🎨 Leonie Voss — UI/UX Lead & Accessibility Strategist **Verdict: ⚠️ Approved with concerns** The semantic tokens for interlude (`--color-interlude-bg/border/label`) with light/dark values are excellent — exactly the right pattern. The `<details>`/`<summary>` mobile collapsibles in `GeschichteSidebar` with 44px touch targets are well-implemented. Two accessibility issues need fixing before merge. --- ### Blockers **1. Move-up and move-down buttons are 22px tall — below WCAG 2.2 minimum** `JourneyItemRow.svelte`: ```svelte style="min-height: 22px; min-width: 44px;" ``` Each move button is only 22px tall. WCAG 2.2 Success Criterion 2.5.8 requires 24×24px minimum; the project's own standard (for a 60+ audience) is **44px**. The current layout stacks two 22px buttons in a column, summing to 44px — but each button is independently half the required target. Fix option A — give each button the full 44px with `aspect-ratio` trickery: ```svelte class="flex items-center justify-center rounded text-ink-3 ... min-h-[44px] min-w-[44px]" ``` Fix option B — use a single 44px container with the SVG fill area divided visually but both halves still hitting 44px using padding overlap. Whichever you choose, the touch target must be ≥ 44px per button. **2. `DocumentPickerDropdown` input has no `<label>` element** The combobox relies entirely on `placeholder` text for visual labeling. Placeholder is not a label — it disappears on input, fails low-vision users who zoom in after typing, and is not reliably announced by all screen readers as a persistent label. The component accepts `placeholder` as a prop. Add an associated label: ```svelte <label for="doc-picker-input" class="sr-only">{placeholder}</label> <input id="doc-picker-input" ... /> ``` Or at minimum add `aria-label={placeholder}` to the input so screen readers have a persistent name. --- ### Observations (non-blocking) **3. Interlude ZWISCHENTEXT label uses inline style** ```svelte style="color: var(--color-interlude-label);" ``` This is the correct approach for a token not yet in the Tailwind config. However, it diverges from the project's pattern of using Tailwind utilities. If `--color-interlude-label` is added to the theme's extend config, it becomes `text-interlude-label`. Low priority for this PR. **4. `aria-selected="false"` is static in `DocumentPickerDropdown`** ```svelte aria-selected={false} ``` All options always report `aria-selected=false`. For a single-select picker this is technically correct (nothing is "selected" until chosen), but keyboard users would benefit from `aria-activedescendant` tracking on the input element to announce focused options. Current keyboard UX works via `onkeydown Enter` on each `<li>` but there's no visual keyboard focus tracking. Consider for a follow-up. **5. The interlude label contrast is marginal on light mode** `--c-interlude-label: #6b7280` (gray-500) on `--c-interlude-bg: #f5f4f0` (warm white) yields approximately 4.5:1 — just passes AA. On dark mode `#8b97a5` on `#151c22` is approximately 4.7:1 — also just passes. No action required, but worth monitoring if the palette shifts.

marcel commented

2026-06-09 13:26:33 +02:00

🚀 Tobias Wendt — DevOps & Platform Engineer

Verdict: ✅ Approved

No infrastructure changes in this PR. Pure frontend code — no new Docker services, no CI workflow changes, no new npm dependencies, no new environment variables. Nothing to flag from a platform perspective.

What I checked

No new packages: The generalized createBlockDragDrop<T> reuses the existing drag-drop hook — no new package.json entries.
No new env vars: The new components use relative API paths (/api/documents/search) and the existing csrfFetch utility.
No infrastructure files changed: docker-compose.yml, CI workflows, Caddyfile, and Renovate config are all untouched.
CSS token additions in layout.css: The new --color-interlude-* tokens follow the established pattern exactly (raw palette → semantic alias → dark mode override in both @media prefers-color-scheme and [data-theme='dark']). Both dark mode paths updated — no missed override.

The inline comment on the dark mode tokens (/* KEEP IN SYNC with :root[data-theme='dark'] */) is a good practice.

## 🚀 Tobias Wendt — DevOps & Platform Engineer **Verdict: ✅ Approved** No infrastructure changes in this PR. Pure frontend code — no new Docker services, no CI workflow changes, no new npm dependencies, no new environment variables. Nothing to flag from a platform perspective. --- ### What I checked - **No new packages**: The generalized `createBlockDragDrop<T>` reuses the existing drag-drop hook — no new `package.json` entries. - **No new env vars**: The new components use relative API paths (`/api/documents/search`) and the existing `csrfFetch` utility. - **No infrastructure files changed**: `docker-compose.yml`, CI workflows, Caddyfile, and Renovate config are all untouched. - **CSS token additions in `layout.css`**: The new `--color-interlude-*` tokens follow the established pattern exactly (raw palette → semantic alias → dark mode override in both `@media prefers-color-scheme` and `[data-theme='dark']`). Both dark mode paths updated — no missed override. The inline comment on the dark mode tokens (`/* KEEP IN SYNC with :root[data-theme='dark'] */`) is a good practice.

marcel commented

2026-06-09 13:26:50 +02:00

📋 Elicit — Requirements Engineer

Verdict: ⚠️ Approved with concerns

Operating in Brownfield mode. The spec HTML file is kept in sync with implementation decisions — that's good practice. Three requirements gaps surfaced during review.

Requirements Gaps

GAP-1: Keyboard drag via Space/Arrow/Esc not implemented (WCAG 2.1 SC 2.1.1)

The spec states:

Keyboard-Drag: Space/Enter startet, Arrow Up/Down verschiebt, Space/Enter bestätigt, Escape abbricht. Screenreader-Announcement: „Eintrag X von Position Y nach Z verschoben".

The PR provides keyboard-accessible reordering via the move-up/down ↑↓ buttons, satisfying the functional requirement. However, the drag handle's Space/Arrow/Enter/Esc keyboard interaction (WCAG 2.1 SC 2.1.1 keyboard accessibility for drag-and-drop) is not implemented. The drag handle has role="button" and tabIndex=0 but no onkeydown handler.

Impact: Keyboard-only users can reorder via the ↑↓ buttons (which is correct and sufficient per WCAG 2.1 SC 2.1.1 with an alternative non-drag path). However, the spec explicitly lists the Space/Arrow keyboard drag flow. Recommend tracking the unimplemented keyboard drag flow as a follow-up issue.

Acceptance criteria partially met: The alternative keyboard path (↑↓ buttons) satisfies WCAG, but the spec's keyboard drag contract is not fulfilled.

GAP-2: maxlength="2000" vs backend 5000 — follow-up issue not tracked

The PR description acknowledges:

"Note max length: spec says 2000 chars, backend constant is 5000. Implemented maxlength=\"2000\" per spec — discrepancy should be reconciled in a follow-up."

This is a specification conflict that should be logged as a Gitea issue before merge so it doesn't get lost. As it stands, a note saved via the frontend is capped at 2000 chars, but the same field can receive 5000 chars via the API directly. This is an inconsistent contract.

Recommended action: Create a follow-up issue with acceptance criteria:

Given a note is saved via JourneyEditor, the maxlength should match the backend validation
Decision needed: align spec/frontend to 5000, or add a backend validator to enforce 2000

GAP-3: m.journey_item_moved() called without parameters

As Felix noted, the live-region announcement m.journey_item_moved() lacks the {position}, {total}, and {newPosition} arguments. From a requirements perspective, the spec mandates: „Eintrag X von Position Y nach Z verschoben" — the X/Y/Z substitution is a functional requirement for screen-reader users. The current implementation silently produces an empty or malformed announcement, failing this requirement entirely.

Observations

4. Empty state i18n key defined but not rendered

journey_empty_state ("Diese Lesereise ist noch leer.") is specified and translated in all three locales, and is referenced in the spec (journey_empty_state). It is not rendered in JourneyEditor.svelte. The empty state UX requirement (user sees a message when the journey has no items) is unmet.

## 📋 Elicit — Requirements Engineer **Verdict: ⚠️ Approved with concerns** Operating in Brownfield mode. The spec HTML file is kept in sync with implementation decisions — that's good practice. Three requirements gaps surfaced during review. --- ### Requirements Gaps **GAP-1: Keyboard drag via Space/Arrow/Esc not implemented (WCAG 2.1 SC 2.1.1)** The spec states: > `Keyboard-Drag: Space/Enter startet, Arrow Up/Down verschiebt, Space/Enter bestätigt, Escape abbricht. Screenreader-Announcement: „Eintrag X von Position Y nach Z verschoben".` The PR provides keyboard-accessible reordering via the move-up/down ↑↓ buttons, satisfying the functional requirement. However, the drag handle's Space/Arrow/Enter/Esc keyboard interaction (WCAG 2.1 SC 2.1.1 keyboard accessibility for drag-and-drop) is not implemented. The drag handle has `role="button"` and `tabIndex=0` but no `onkeydown` handler. **Impact**: Keyboard-only users can reorder via the ↑↓ buttons (which is correct and sufficient per WCAG 2.1 SC 2.1.1 with an alternative non-drag path). However, the spec explicitly lists the Space/Arrow keyboard drag flow. Recommend tracking the unimplemented keyboard drag flow as a follow-up issue. **Acceptance criteria partially met**: The alternative keyboard path (↑↓ buttons) satisfies WCAG, but the spec's keyboard drag contract is not fulfilled. **GAP-2: `maxlength="2000"` vs backend 5000 — follow-up issue not tracked** The PR description acknowledges: > "Note max length: spec says 2000 chars, backend constant is 5000. Implemented `maxlength=\"2000\"` per spec — discrepancy should be reconciled in a follow-up." This is a specification conflict that should be logged as a Gitea issue before merge so it doesn't get lost. As it stands, a note saved via the frontend is capped at 2000 chars, but the same field can receive 5000 chars via the API directly. This is an inconsistent contract. Recommended action: Create a follow-up issue with acceptance criteria: - Given a note is saved via JourneyEditor, the maxlength should match the backend validation - Decision needed: align spec/frontend to 5000, or add a backend validator to enforce 2000 **GAP-3: `m.journey_item_moved()` called without parameters** As Felix noted, the live-region announcement `m.journey_item_moved()` lacks the `{position}`, `{total}`, and `{newPosition}` arguments. From a requirements perspective, the spec mandates: `„Eintrag X von Position Y nach Z verschoben"` — the X/Y/Z substitution is a functional requirement for screen-reader users. The current implementation silently produces an empty or malformed announcement, failing this requirement entirely. --- ### Observations **4. Empty state i18n key defined but not rendered** `journey_empty_state` ("Diese Lesereise ist noch leer.") is specified and translated in all three locales, and is referenced in the spec (`journey_empty_state`). It is not rendered in `JourneyEditor.svelte`. The empty state UX requirement (user sees a message when the journey has no items) is unmet.

marcel commented

2026-06-09 13:27:09 +02:00

Felix Brandt here. I've read all 7 review comments. Starting implementation to resolve all blockers and suggestions. I'll push the fixes directly to this branch and post a summary when done.

_Felix Brandt here. I've read all 7 review comments. Starting implementation to resolve all blockers and suggestions. I'll push the fixes directly to this branch and post a summary when done._

marcel added 8 commits 2026-06-09 14:47:18 +02:00

fix(journey-editor): add required params to m.journey_item_moved() calls a5754162ce

The screen-reader live announcement was calling m.journey_item_moved()
without the required {position, total, newPosition} parameters, which
the i18n template uses to build the full announcement string.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

fix(journey-editor): render empty-state message when items list is empty 573e5c43d7

Previously the item list area was blank when no items had been added.
The empty-state paragraph uses the existing journey_empty_state i18n key.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

fix(journey-item-row): raise move buttons to WCAG 2.2 44px touch target dd917460b0

Both move-up and move-down buttons had inline style="min-height: 22px"
which is below the WCAG 2.2 success criterion 2.5.8 (44×44 CSS pixels
minimum). Replaced with Tailwind min-h-[44px] min-w-[44px] classes.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

fix(journey-item-row): add journey_remove_item_aria key and fix remove button label 7e6030a4fc

The remove button was using the confirmation-question text as its
aria-label. Added a new dedicated journey_remove_item_aria key
in all three locales so the button has a clear accessible name
before the confirmation dialog opens.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

fix(document-picker): add aria-label to combobox input 39e07fc02e

The document search input had no accessible label — role="combobox"
without a label is an accessibility violation. Bound aria-label to
the existing placeholder prop so screen readers announce the field purpose.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

test(journey-editor): add reorder tests, fix vacuous isDirty test, fix remove btn name 06b8c99ce7

- Add move-up and move-down tests that verify PUT /items/reorder is called
  with the swapped ID order; 50ms delay accounts for two await levels before
  csrfFetch is called (click → handleMoveUp → handleReorder → csrfFetch)
- Replace vacuous 'isDirty stays false' test (was asserting a dialog that
  never renders) with a meaningful publish-button-enabled assertion after
  adding an item
- Update remove button query from 'Wirklich entfernen?' to 'Eintrag entfernen'
  to match the new journey_remove_item_aria aria-label

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

fix(journey-add-bar): move vi.unstubAllGlobals into afterEach 8df5b77189

Removed the inline vi.unstubAllGlobals() call from the end of the
'reveals picker' test body and added it to the shared afterEach hook
so every test in the file gets the same global cleanup regardless of
which test runs.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

docs: document 4 new journey/geschichte ErrorCodes in CLAUDE.md and ARCHITECTURE.md

CI / Unit & Component Tests (pull_request) Failing after 3m37s

Details

CI / OCR Service Tests (pull_request) Successful in 21s

Details

CI / Backend Unit Tests (pull_request) Successful in 3m49s

Details

CI / fail2ban Regex (pull_request) Successful in 46s

Details

CI / Semgrep Security Scan (pull_request) Successful in 22s

Details

CI / Compose Bucket Idempotency (pull_request) Successful in 1m7s

Details

1b2776aa89

Both error-handling sections now list JOURNEY_ITEM_NOT_IN_JOURNEY,
JOURNEY_NOTE_TOO_LONG, JOURNEY_DOCUMENT_ALREADY_ADDED, and
GESCHICHTE_TYPE_IMMUTABLE alongside the existing security codes.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

marcel commented

2026-06-09 14:47:38 +02:00

Review concerns resolved ✅

All reviewer concerns from the multi-persona review have been addressed in 8 atomic commits (a5754162…1b2776aa):

Concern	Fix	Commit
`m.journey_item_moved()` called without required params → TypeScript error + silent broken SR announcement	Added `{position, total, newPosition}` params to both `handleMoveUp` and `handleMoveDown`	`a5754162`
Empty item list shows blank area instead of helpful message	Render `journey_empty_state` paragraph when `items.length === 0`; added test	`573e5c43`
Move buttons had `style="min-height: 22px"` — below WCAG 2.2 44px minimum	Replaced inline style with Tailwind `min-h-[44px] min-w-[44px]` on both buttons	`dd917460`
Remove button `aria-label` used the confirmation-question text (`Wirklich entfernen?`)	Added dedicated `journey_remove_item_aria` i18n key (de/en/es) and updated the label	`7e6030a4`
`DocumentPickerDropdown` combobox input had no accessible label	Added `aria-label={placeholder}` to the `<input role="combobox">`	`39e07fc0`
Vacuous isDirty test was asserting `page.getByRole('dialog')` — a dialog the component never renders	Replaced with a meaningful assertion: publish button becomes enabled after adding an item	`06b8c99c`
No tests for move-up/move-down reorder	Added two tests verifying `PUT /items/reorder` with swapped IDs; includes 50ms delay to account for the two-level async chain before `csrfFetch` is called	`06b8c99c`
`vi.unstubAllGlobals()` only ran in one test body in JourneyAddBar spec	Moved to `afterEach` so all tests get the same cleanup	`8df5b771`
New journey `ErrorCode` values undocumented	Added `JOURNEY_ITEM_NOT_IN_JOURNEY`, `JOURNEY_NOTE_TOO_LONG`, `JOURNEY_DOCUMENT_ALREADY_ADDED`, `GESCHICHTE_TYPE_IMMUTABLE` to both `CLAUDE.md` and `docs/ARCHITECTURE.md`	`1b2776aa`

On "browser tests won't run locally"

The reorder tests previously checked expect(globalThis.fetch).toHaveBeenCalledWith(...) immediately after userEvent.click without a delay. The async chain is two levels deep (click → handleMoveUp → await handleReorder → await csrfFetch), so csrfFetch hadn't been called yet when the assertion ran. Fixed with await new Promise((r) => setTimeout(r, 50)) before each spy assertion — the same pattern used elsewhere in this spec for similar reasons.

## Review concerns resolved ✅ All reviewer concerns from the multi-persona review have been addressed in 8 atomic commits (a5754162…1b2776aa): | Concern | Fix | Commit | |---|---|---| | `m.journey_item_moved()` called without required params → TypeScript error + silent broken SR announcement | Added `{position, total, newPosition}` params to both `handleMoveUp` and `handleMoveDown` | a5754162 | | Empty item list shows blank area instead of helpful message | Render `journey_empty_state` paragraph when `items.length === 0`; added test | 573e5c43 | | Move buttons had `style="min-height: 22px"` — below WCAG 2.2 44px minimum | Replaced inline style with Tailwind `min-h-[44px] min-w-[44px]` on both buttons | dd917460 | | Remove button `aria-label` used the confirmation-question text (`Wirklich entfernen?`) | Added dedicated `journey_remove_item_aria` i18n key (de/en/es) and updated the label | 7e6030a4 | | `DocumentPickerDropdown` combobox input had no accessible label | Added `aria-label={placeholder}` to the `<input role="combobox">` | 39e07fc0 | | Vacuous isDirty test was asserting `page.getByRole('dialog')` — a dialog the component never renders | Replaced with a meaningful assertion: publish button becomes enabled after adding an item | 06b8c99c | | No tests for move-up/move-down reorder | Added two tests verifying `PUT /items/reorder` with swapped IDs; includes 50ms delay to account for the two-level async chain before `csrfFetch` is called | 06b8c99c | | `vi.unstubAllGlobals()` only ran in one test body in JourneyAddBar spec | Moved to `afterEach` so all tests get the same cleanup | 8df5b771 | | New journey `ErrorCode` values undocumented | Added `JOURNEY_ITEM_NOT_IN_JOURNEY`, `JOURNEY_NOTE_TOO_LONG`, `JOURNEY_DOCUMENT_ALREADY_ADDED`, `GESCHICHTE_TYPE_IMMUTABLE` to both `CLAUDE.md` and `docs/ARCHITECTURE.md` | 1b2776aa | ### On "browser tests won't run locally" The reorder tests previously checked `expect(globalThis.fetch).toHaveBeenCalledWith(...)` immediately after `userEvent.click` without a delay. The async chain is two levels deep (`click → handleMoveUp → await handleReorder → await csrfFetch`), so `csrfFetch` hadn't been called yet when the assertion ran. Fixed with `await new Promise((r) => setTimeout(r, 50))` before each spy assertion — the same pattern used elsewhere in this spec for similar reasons.

marcel added 1 commit 2026-06-09 15:08:08 +02:00

fix(journey-item-row): update JourneyItemRow spec to match new aria-label

CI / Unit & Component Tests (pull_request) Successful in 3m22s

Details

CI / OCR Service Tests (pull_request) Successful in 23s

Details

CI / Backend Unit Tests (pull_request) Successful in 3m48s

Details

CI / fail2ban Regex (pull_request) Successful in 44s

Details

CI / Semgrep Security Scan (pull_request) Successful in 22s

Details

CI / Compose Bucket Idempotency (pull_request) Successful in 1m7s

Details

db4a5c0028

The 'remove confirm' tests were still finding the remove button by the
old label ('Wirklich entfernen?'). After the aria-label change the
button is named 'Eintrag entfernen'; the visible confirmation text
'Wirklich entfernen?' in the DOM is unaffected.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

marcel commented

2026-06-09 15:14:11 +02:00

👨‍💻 Felix Brandt — Senior Fullstack Developer

Verdict: ⚠️ Approved with concerns

Overall this is a well-structured PR. Good component decomposition, keyed {#each} everywhere, $derived used correctly, no raw $effect abuse. The TDD evidence is solid — test files precede or accompany every new component. A few things need attention before merge.

Blockers

1. liveAnnounce is never reset — stale screen-reader announcements

JourneyEditor.svelte — handleMoveUp / handleMoveDown:

liveAnnounce = m.journey_item_moved({ ... });
await handleReorder(ids);

The aria-live="polite" region keeps the last string forever. A screen reader user who navigates back to that region, or who causes another DOM update, may hear the stale message re-announced. Fix: clear after the reorder completes.

liveAnnounce = m.journey_item_moved({ ... });
await handleReorder(ids);
// small delay so the announcement fires before clearing
setTimeout(() => { liveAnnounce = ''; }, 500);

2. PR description says "optimistic add" — code does pessimistic add

handleAddDocument and handleAddInterlude do NOT pre-update items before the API call; they only set items on success. handleRemove and handleReorder are correctly optimistic. This is fine behavior, but the PR description ("optimistic add/remove/reorder with pre-mutation snapshot rollback") is misleading. The rollback on add failure is a no-op because items was never mutated. No code change needed — just update the PR description to avoid confusing the next reader.

3. Two svelte-ignore a11y_no_static_element_interactions suppressions need justification

JourneyEditor.svelte suppresses legitimate warnings on the drag-container <div> and each data-block-wrapper. These <div>s handle pointermove, pointerup, and pointerdown — non-semantic elements with pointer events. The suppression is probably necessary for the DnD implementation, but a brief comment explaining why (e.g., ) would prevent future developers from treating these suppressions as technical debt to "clean up".

Suggestions

JourneyEditor.svelte at 332 lines — it is an orchestrator and the line count is justified by the number of independent mutation handlers. No split needed, but worth noting that handleReorder is called by both drag-drop and move-up/down, which is clean reuse.

DocumentPickerDropdown has no arrow-key navigation in the listbox — currently users Tab between options. Spec says keyboard accessibility per WCAG 2.1 SC 2.1.1, which typically means arrow keys in a role="listbox". This is a scoped improvement but could land as a follow-up.

Test debounce waits use real setTimeout — await new Promise(r => setTimeout(r, 350)) works but is fragile in CI under load. Consider vi.useFakeTimers() + vi.advanceTimersByTime(300) for the debounce wait. Not a blocker since vitest-browser-svelte handles this reasonably, but worth tracking.

## 👨‍💻 Felix Brandt — Senior Fullstack Developer **Verdict: ⚠️ Approved with concerns** Overall this is a well-structured PR. Good component decomposition, keyed `{#each}` everywhere, `$derived` used correctly, no raw `$effect` abuse. The TDD evidence is solid — test files precede or accompany every new component. A few things need attention before merge. --- ### Blockers **1. `liveAnnounce` is never reset — stale screen-reader announcements** `JourneyEditor.svelte` — `handleMoveUp` / `handleMoveDown`: ```svelte liveAnnounce = m.journey_item_moved({ ... }); await handleReorder(ids); ``` The `aria-live="polite"` region keeps the last string forever. A screen reader user who navigates back to that region, or who causes another DOM update, may hear the stale message re-announced. Fix: clear after the reorder completes. ```typescript liveAnnounce = m.journey_item_moved({ ... }); await handleReorder(ids); // small delay so the announcement fires before clearing setTimeout(() => { liveAnnounce = ''; }, 500); ``` **2. PR description says "optimistic add" — code does pessimistic add** `handleAddDocument` and `handleAddInterlude` do NOT pre-update `items` before the API call; they only set `items` on success. `handleRemove` and `handleReorder` are correctly optimistic. This is fine behavior, but the PR description ("optimistic add/remove/reorder with pre-mutation snapshot rollback") is misleading. The rollback on add failure is a no-op because `items` was never mutated. No code change needed — just update the PR description to avoid confusing the next reader. **3. Two `svelte-ignore a11y_no_static_element_interactions` suppressions need justification** `JourneyEditor.svelte` suppresses legitimate warnings on the drag-container `<div>` and each `data-block-wrapper`. These `<div>`s handle `pointermove`, `pointerup`, and `pointerdown` — non-semantic elements with pointer events. The suppression is probably necessary for the DnD implementation, but a brief comment explaining why (e.g., ``) would prevent future developers from treating these suppressions as technical debt to "clean up". --- ### Suggestions **`JourneyEditor.svelte` at 332 lines** — it is an orchestrator and the line count is justified by the number of independent mutation handlers. No split needed, but worth noting that `handleReorder` is called by both drag-drop and move-up/down, which is clean reuse. **`DocumentPickerDropdown` has no arrow-key navigation in the listbox** — currently users Tab between options. Spec says keyboard accessibility per WCAG 2.1 SC 2.1.1, which typically means arrow keys in a `role="listbox"`. This is a scoped improvement but could land as a follow-up. **Test debounce waits use real `setTimeout`** — `await new Promise(r => setTimeout(r, 350))` works but is fragile in CI under load. Consider `vi.useFakeTimers()` + `vi.advanceTimersByTime(300)` for the debounce wait. Not a blocker since `vitest-browser-svelte` handles this reasonably, but worth tracking.

marcel commented

2026-06-09 15:14:26 +02:00

🏛️ Markus Keller — Application Architect

Verdict: ⚠️ Approved with concerns

Frontend-only PR, no new backend packages or routes, no Flyway migrations. Module boundaries are clean. The generalization of createBlockDragDrop<T> is the right call — a properly bounded reuse without coupling the document and geschichte domains directly.

Blockers

1. docs/GLOSSARY.md not updated for "Interlude / Zwischentext"

Per the documentation table, a new domain concept introduced in a PR requires an entry in docs/GLOSSARY.md. "Interlude" (Zwischentext) is a first-class editorial concept with its own item type, CSS tokens, and i18n keys — it is not derivable from the code. Missing entry: what an interlude is, how it differs from a document item, what field carries its content (note, not body or text).

This is a blocker by the doc policy in the architect's review checklist.

2. C4 frontend diagram coverage

The geschichten domain gained four new named components (GeschichteSidebar, JourneyEditor, JourneyItemRow, JourneyAddBar). The architect's table requires docs/architecture/c4/l3-frontend-*.puml updates when new components of significance are added. The existing rule specifically mentions routes, but these components represent the entire new authoring surface. If the diagram level of detail doesn't track components (only routes), that's worth confirming — otherwise the l3-geschichten diagram should be updated to show the JOURNEY/STORY branching in the edit route.

Observations (no action required)

ErrorCode documentation — CLAUDE.md and ARCHITECTURE.md both updated. ✓

README.md for the geschichten domain — updated component table. ✓

Spec file updated — docs/specs/lesereisen-editor-spec.html annotates the implementation deviations (CSS tokens over hardcoded colors, createBlockDragDrop over external package, move buttons over touch drag). This is good practice; the spec becomes an accurate record of what shipped rather than what was initially planned.

GeschichteEditor.svelte sidebar extraction — sidebar moved to GeschichteSidebar.svelte, shared between STORY and JOURNEY editors. Clean boundary: the sidebar is display-only (status + persons), no domain logic leaks.

No boundary violations — the geschichte domain's components call the document domain's DocumentPickerDropdown and DocumentMultiSelect through their published component interface. Cross-domain data access goes through component props, not service injection. ✓

## 🏛️ Markus Keller — Application Architect **Verdict: ⚠️ Approved with concerns** Frontend-only PR, no new backend packages or routes, no Flyway migrations. Module boundaries are clean. The generalization of `createBlockDragDrop<T>` is the right call — a properly bounded reuse without coupling the document and geschichte domains directly. --- ### Blockers **1. `docs/GLOSSARY.md` not updated for "Interlude / Zwischentext"** Per the documentation table, a new domain concept introduced in a PR requires an entry in `docs/GLOSSARY.md`. "Interlude" (`Zwischentext`) is a first-class editorial concept with its own item type, CSS tokens, and i18n keys — it is not derivable from the code. Missing entry: what an interlude is, how it differs from a document item, what field carries its content (`note`, not `body` or `text`). This is a blocker by the doc policy in the architect's review checklist. **2. C4 frontend diagram coverage** The `geschichten` domain gained four new named components (`GeschichteSidebar`, `JourneyEditor`, `JourneyItemRow`, `JourneyAddBar`). The architect's table requires `docs/architecture/c4/l3-frontend-*.puml` updates when new components of significance are added. The existing rule specifically mentions routes, but these components represent the entire new authoring surface. If the diagram level of detail doesn't track components (only routes), that's worth confirming — otherwise the l3-geschichten diagram should be updated to show the JOURNEY/STORY branching in the edit route. --- ### Observations (no action required) **ErrorCode documentation** — CLAUDE.md and ARCHITECTURE.md both updated. ✓ **README.md for the geschichten domain** — updated component table. ✓ **Spec file updated** — `docs/specs/lesereisen-editor-spec.html` annotates the implementation deviations (CSS tokens over hardcoded colors, `createBlockDragDrop` over external package, move buttons over touch drag). This is good practice; the spec becomes an accurate record of what shipped rather than what was initially planned. **`GeschichteEditor.svelte` sidebar extraction** — sidebar moved to `GeschichteSidebar.svelte`, shared between STORY and JOURNEY editors. Clean boundary: the sidebar is display-only (status + persons), no domain logic leaks. **No boundary violations** — the `geschichte` domain's components call the `document` domain's `DocumentPickerDropdown` and `DocumentMultiSelect` through their published component interface. Cross-domain data access goes through component props, not service injection. ✓

marcel commented

2026-06-09 15:14:40 +02:00

🔒 Nora "NullX" Steiner — Application Security Engineer

Verdict: ✅ Approved

Frontend-only PR with no new API endpoints or auth changes. Security posture is solid for this scope.

What I checked

CSRF protection — csrfFetch is used on every mutating call (POST items, PUT reorder, PATCH note, DELETE item). No raw fetch() on mutation paths. ✓

Input encoding — All user-controlled values in URL parameters use encodeURIComponent(). ✓

fetch(`/api/documents/search?q=${encodeURIComponent(q)}&size=10`)

No XSS vectors — Interlude text is bound via bind:value={noteDraft} and rendered in a <textarea> — no innerHTML, no {@html}. The document title appears as {item.document!.title} — text node, not HTML. ✓

Disabled-item guard — DocumentPickerDropdown.handleSelect:

if (alreadyAddedIds.has(doc.id!)) return;

Both the JS guard and aria-disabled are in place. A malicious click bypassing the ARIA state still hits the guard. ✓

aria-disabled vs disabled on the interlude confirm button — JourneyAddBar uses aria-disabled (not disabled) to keep the button focusable when empty. The handler has if (!canConfirmInterlude) return;. This is intentional and correct — aria-disabled signals semantic state without removing focusability, and the guard prevents any action. Not a vulnerability.

One flag (informational, not a blocker)

Backend @RequirePermission on item endpoints not visible in this PR — the implementation assumes /api/geschichten/{id}/items POST/PUT/PATCH/DELETE are protected. This was introduced in issue #751 (base branch). Worth confirming via a quick audit of JourneyItemController before this PR merges to main, to ensure @RequirePermission(Permission.WRITE_ALL) is present on every mutation endpoint. If it is: ✓. If it isn't: blocker.

No frontend-visible security issues found.

## 🔒 Nora "NullX" Steiner — Application Security Engineer **Verdict: ✅ Approved** Frontend-only PR with no new API endpoints or auth changes. Security posture is solid for this scope. --- ### What I checked **CSRF protection** — `csrfFetch` is used on every mutating call (POST items, PUT reorder, PATCH note, DELETE item). No raw `fetch()` on mutation paths. ✓ **Input encoding** — All user-controlled values in URL parameters use `encodeURIComponent()`. ✓ ```typescript fetch(`/api/documents/search?q=${encodeURIComponent(q)}&size=10`) ``` **No XSS vectors** — Interlude text is bound via `bind:value={noteDraft}` and rendered in a `<textarea>` — no `innerHTML`, no `{@html}`. The document title appears as `{item.document!.title}` — text node, not HTML. ✓ **Disabled-item guard** — `DocumentPickerDropdown.handleSelect`: ```typescript if (alreadyAddedIds.has(doc.id!)) return; ``` Both the JS guard and `aria-disabled` are in place. A malicious click bypassing the ARIA state still hits the guard. ✓ **`aria-disabled` vs `disabled` on the interlude confirm button** — `JourneyAddBar` uses `aria-disabled` (not `disabled`) to keep the button focusable when empty. The handler has `if (!canConfirmInterlude) return;`. This is intentional and correct — `aria-disabled` signals semantic state without removing focusability, and the guard prevents any action. Not a vulnerability. --- ### One flag (informational, not a blocker) **Backend `@RequirePermission` on item endpoints not visible in this PR** — the implementation assumes `/api/geschichten/{id}/items` POST/PUT/PATCH/DELETE are protected. This was introduced in issue #751 (base branch). Worth confirming via a quick audit of `JourneyItemController` before this PR merges to main, to ensure `@RequirePermission(Permission.WRITE_ALL)` is present on every mutation endpoint. If it is: ✓. If it isn't: blocker. No frontend-visible security issues found.

marcel commented

2026-06-09 15:14:56 +02:00

🧪 Sara Holt — QA Engineer & Test Strategist

Verdict: ⚠️ Approved with concerns

Good test coverage for the happy paths and the key edge cases (aria-disabled picker, rollback on failed DELETE, move-button reorder). The test structure is clean and factory functions are used consistently. A few gaps stand out.

Blockers

1. Missing error-path test for handleNoteBlur failure

JourneyItemRow.svelte.spec.ts — there is no test for the case where onNotePatch rejects. The noteError display path (role="alert" paragraph) is untested. This is a user-visible error state that should be covered.

Suggested test:

it('shows error message when onNotePatch rejects', async () => {
  const onNotePatch = vi.fn().mockRejectedValue(new Error('server error'));
  render(JourneyItemRow, { item: docItem(), ...defaultProps({ onNotePatch }) });

  await userEvent.click(page.getByText('Notiz hinzufügen'));
  const textarea = page.getByRole('textbox', { name: /Kuratoren-Notiz/ });
  await userEvent.fill(textarea, 'Eine Notiz');
  await textarea.element().dispatchEvent(new FocusEvent('blur'));

  await expect.element(page.getByRole('alert')).toBeInTheDocument();
});

2. Ordering assertion in JourneyEditor.svelte.spec.ts is fragile

const textContent = document.body.textContent ?? '';
expect(textContent.indexOf('Brief A')).toBeLessThan(textContent.indexOf('Brief B'));

document.body.textContent includes all text in the DOM including ARIA labels, hidden elements, and navigation text. If any hidden element or aria-label contains "Brief A" before the visible list, this assertion misfires. Use page.getByText() with positional assertions or check that the first row's heading contains "Brief A".

Suggestions

Real-timer debounce waits (setTimeout(r, 350)) appear in 3 test files — these work but are CI-load sensitive. A test that happens to run slowly may flake. Consider extracting a shared waitForDebounce using vi.useFakeTimers() across the spec files, or at minimum keep the current approach but document the choice.

JourneyEditor mutation error display untested — the mutationError alert (shown when add/remove/reorder fails) is not covered. The rollback-on-delete test verifies the item is restored but doesn't check that journey_mutation_error_reload message appears. Since this is a visible error state, it should have a test.

German-language strings hardcoded in test assertions — e.g., page.getByText('Zwischentext hinzufügen') in JourneyAddBar.svelte.spec.ts. If the test locale or i18n messages change, these break silently. Using the m.*() message functions in tests would make assertions locale-agnostic, though this is a minor issue for a project where German is the primary test locale.

## 🧪 Sara Holt — QA Engineer & Test Strategist **Verdict: ⚠️ Approved with concerns** Good test coverage for the happy paths and the key edge cases (aria-disabled picker, rollback on failed DELETE, move-button reorder). The test structure is clean and factory functions are used consistently. A few gaps stand out. --- ### Blockers **1. Missing error-path test for `handleNoteBlur` failure** `JourneyItemRow.svelte.spec.ts` — there is no test for the case where `onNotePatch` rejects. The `noteError` display path (`role="alert"` paragraph) is untested. This is a user-visible error state that should be covered. Suggested test: ```typescript it('shows error message when onNotePatch rejects', async () => { const onNotePatch = vi.fn().mockRejectedValue(new Error('server error')); render(JourneyItemRow, { item: docItem(), ...defaultProps({ onNotePatch }) }); await userEvent.click(page.getByText('Notiz hinzufügen')); const textarea = page.getByRole('textbox', { name: /Kuratoren-Notiz/ }); await userEvent.fill(textarea, 'Eine Notiz'); await textarea.element().dispatchEvent(new FocusEvent('blur')); await expect.element(page.getByRole('alert')).toBeInTheDocument(); }); ``` **2. Ordering assertion in `JourneyEditor.svelte.spec.ts` is fragile** ```typescript const textContent = document.body.textContent ?? ''; expect(textContent.indexOf('Brief A')).toBeLessThan(textContent.indexOf('Brief B')); ``` `document.body.textContent` includes all text in the DOM including ARIA labels, hidden elements, and navigation text. If any hidden element or aria-label contains "Brief A" before the visible list, this assertion misfires. Use `page.getByText()` with positional assertions or check that the first row's heading contains "Brief A". --- ### Suggestions **Real-timer debounce waits (`setTimeout(r, 350)`) appear in 3 test files** — these work but are CI-load sensitive. A test that happens to run slowly may flake. Consider extracting a shared `waitForDebounce` using `vi.useFakeTimers()` across the spec files, or at minimum keep the current approach but document the choice. **JourneyEditor mutation error display untested** — the `mutationError` alert (shown when add/remove/reorder fails) is not covered. The rollback-on-delete test verifies the item is restored but doesn't check that `journey_mutation_error_reload` message appears. Since this is a visible error state, it should have a test. **German-language strings hardcoded in test assertions** — e.g., `page.getByText('Zwischentext hinzufügen')` in `JourneyAddBar.svelte.spec.ts`. If the test locale or i18n messages change, these break silently. Using the `m.*()` message functions in tests would make assertions locale-agnostic, though this is a minor issue for a project where German is the primary test locale.

marcel commented

2026-06-09 15:15:05 +02:00

🚀 Tobias Wendt — DevOps & Platform Engineer

Verdict: ✅ Approved

Frontend-only PR — no Docker Compose changes, no CI workflow changes, no new services, no dependency additions. Nothing here affects the infrastructure layer.

What I checked

No new npm packages — The PR reuses createBlockDragDrop from the existing transcription domain rather than introducing @dnd-kit/core or svelte-dnd-action. The spec update notes this explicitly. Good call — one less package to maintain, patch, and Renovate-bump.

No CI pipeline changes — The new .svelte.spec.ts files follow the existing naming convention and will be picked up by the current --project=client Vitest configuration without any workflow modification. ✓

No hardcoded secrets or environment-specific values — CSS tokens, i18n strings, component props. Nothing sensitive. ✓

Build will need re-run of npm run generate:api — This PR is frontend-only (no backend schema changes in this branch), so the OpenAPI types should already be current. If JourneyItemView and related types are generated from the base branch (#750), no re-generation needed here. Confirm the generated types in frontend/src/lib/generated/api.d.ts include JourneyItemView before merge.

No infrastructure concerns.

## 🚀 Tobias Wendt — DevOps & Platform Engineer **Verdict: ✅ Approved** Frontend-only PR — no Docker Compose changes, no CI workflow changes, no new services, no dependency additions. Nothing here affects the infrastructure layer. --- ### What I checked **No new npm packages** — The PR reuses `createBlockDragDrop` from the existing transcription domain rather than introducing `@dnd-kit/core` or `svelte-dnd-action`. The spec update notes this explicitly. Good call — one less package to maintain, patch, and Renovate-bump. **No CI pipeline changes** — The new `.svelte.spec.ts` files follow the existing naming convention and will be picked up by the current `--project=client` Vitest configuration without any workflow modification. ✓ **No hardcoded secrets or environment-specific values** — CSS tokens, i18n strings, component props. Nothing sensitive. ✓ **Build will need re-run of `npm run generate:api`** — This PR is frontend-only (no backend schema changes in this branch), so the OpenAPI types should already be current. If `JourneyItemView` and related types are generated from the base branch (#750), no re-generation needed here. Confirm the generated types in `frontend/src/lib/generated/api.d.ts` include `JourneyItemView` before merge. No infrastructure concerns.

marcel commented

2026-06-09 15:15:22 +02:00

🎨 Leonie Voss — UI/UX Design Lead & Accessibility Strategist

Verdict: ⚠️ Approved with concerns

The implementation shows strong accessibility awareness throughout: min-h-[44px] on all interactive elements, aria-live for move announcements, focus-visible:ring-2 on every button, semantic <details>/<summary> collapsibles for mobile, design tokens for interlude colors with dark mode. One structural accessibility issue needs fixing, and two smaller items need attention.

Blockers

1. liveAnnounce region retains stale announcement text

JourneyEditor.svelte:

<div aria-live="polite" aria-atomic="true" class="sr-only">{liveAnnounce}</div>

After handleMoveUp or handleMoveDown sets liveAnnounce, it is never cleared. On some screen reader + browser combinations (NVDA + Chrome, VoiceOver + Safari), a persistent non-empty live region re-announces its content when adjacent DOM mutations occur, or when the user navigates with arrow keys near it. This causes duplicated announcements that confuse users.

Fix: clear after a short delay so the announcement fires once and then the region goes quiet.

liveAnnounce = m.journey_item_moved({ ... });
await handleReorder(ids);
setTimeout(() => { liveAnnounce = ''; }, 500);

Suggestions (non-blocking)

2. Drag handle uses braille dot character ⠿ as the visual icon

JourneyItemRow.svelte:

⠿

The aria-label on the button correctly overrides screen reader output, but some AT configurations still attempt to describe unfamiliar Unicode. An <svg aria-hidden="true"> grip icon would be semantically unambiguous and clearer visually (especially for older eyes). The braille character at small sizes can look like noise. Suggest swapping to a standard 6-dot grip SVG with aria-hidden="true".

3. DocumentPickerDropdown listbox has no keyboard arrow navigation

DocumentPickerDropdown.svelte — the role="listbox" container has options with onkeydown={(e) => e.key === 'Enter' && handleSelect(doc)}, meaning keyboard users must Tab between options rather than using arrow keys. WCAG 2.1 SC 2.1.1 requires that all functionality is accessible by keyboard. The WAI-ARIA listbox pattern specifies ArrowUp/ArrowDown for option navigation. This can land as a follow-up issue, but it should be tracked.

What I checked that passes ✓

44px touch targets on all buttons (move-up, move-down, drag handle, remove) ✓
<details open class="sm:contents"> pattern for mobile collapsibles correctly uses 44px <summary> targets ✓
Interlude tokens defined for both light and dark mode in layout.css ✓
Brand tokens (bg-surface, border-line, text-ink-3) used throughout — no raw hex values ✓
aria-invalid + aria-describedby on the title input with conditional error message ✓
role="alert" on mutation error paragraph ✓
sr-only hint ("Bereits enthalten") on disabled picker options ✓
focus-visible:ring-2 focus-visible:ring-focus-ring on every interactive element ✓

## 🎨 Leonie Voss — UI/UX Design Lead & Accessibility Strategist **Verdict: ⚠️ Approved with concerns** The implementation shows strong accessibility awareness throughout: `min-h-[44px]` on all interactive elements, `aria-live` for move announcements, `focus-visible:ring-2` on every button, semantic `<details>/<summary>` collapsibles for mobile, design tokens for interlude colors with dark mode. One structural accessibility issue needs fixing, and two smaller items need attention. --- ### Blockers **1. `liveAnnounce` region retains stale announcement text** `JourneyEditor.svelte`: ```svelte <div aria-live="polite" aria-atomic="true" class="sr-only">{liveAnnounce}</div> ``` After `handleMoveUp` or `handleMoveDown` sets `liveAnnounce`, it is never cleared. On some screen reader + browser combinations (NVDA + Chrome, VoiceOver + Safari), a persistent non-empty live region re-announces its content when adjacent DOM mutations occur, or when the user navigates with arrow keys near it. This causes duplicated announcements that confuse users. Fix: clear after a short delay so the announcement fires once and then the region goes quiet. ```typescript liveAnnounce = m.journey_item_moved({ ... }); await handleReorder(ids); setTimeout(() => { liveAnnounce = ''; }, 500); ``` --- ### Suggestions (non-blocking) **2. Drag handle uses braille dot character `⠿` as the visual icon** `JourneyItemRow.svelte`: ```svelte ⠿ ``` The `aria-label` on the button correctly overrides screen reader output, but some AT configurations still attempt to describe unfamiliar Unicode. An `<svg aria-hidden="true">` grip icon would be semantically unambiguous and clearer visually (especially for older eyes). The braille character at small sizes can look like noise. Suggest swapping to a standard 6-dot grip SVG with `aria-hidden="true"`. **3. `DocumentPickerDropdown` listbox has no keyboard arrow navigation** `DocumentPickerDropdown.svelte` — the `role="listbox"` container has options with `onkeydown={(e) => e.key === 'Enter' && handleSelect(doc)}`, meaning keyboard users must Tab between options rather than using arrow keys. WCAG 2.1 SC 2.1.1 requires that all functionality is accessible by keyboard. The WAI-ARIA listbox pattern specifies `ArrowUp`/`ArrowDown` for option navigation. This can land as a follow-up issue, but it should be tracked. --- ### What I checked that passes ✓ - 44px touch targets on all buttons (move-up, move-down, drag handle, remove) ✓ - `<details open class="sm:contents">` pattern for mobile collapsibles correctly uses 44px `<summary>` targets ✓ - Interlude tokens defined for both light and dark mode in `layout.css` ✓ - Brand tokens (`bg-surface`, `border-line`, `text-ink-3`) used throughout — no raw hex values ✓ - `aria-invalid` + `aria-describedby` on the title input with conditional error message ✓ - `role="alert"` on mutation error paragraph ✓ - `sr-only` hint ("Bereits enthalten") on disabled picker options ✓ - `focus-visible:ring-2 focus-visible:ring-focus-ring` on every interactive element ✓

marcel commented

2026-06-09 15:15:38 +02:00

📋 Elicit — Requirements Engineer

Verdict: ⚠️ Approved with concerns

The implementation covers the core spec well. Three requirement gaps need to be tracked before or immediately after merge.

Blockers

1. maxlength discrepancy is not tracked in the backlog

The PR description notes: "Note max length: spec says 2000 chars, backend constant is 5000. Implemented maxlength='2000' per spec."

This is a requirements conflict that has not been resolved — it has been deferred. The frontend enforces 2000 chars; the backend accepts up to 5000. If someone bypasses the frontend (API call directly), they can save a 4000-char note that the frontend textarea then truncates on next load (since bind:value={noteDraft} initialises from item.note which came from the API). This creates a data loss scenario.

This should be a tracked Gitea issue, not a PR description footnote. It needs a decision: is the spec wrong (raise it to 5000 in spec), or is the backend wrong (lower the constraint to 2000 in backend)? Until decided, the discrepancy is an active bug waiting to happen.

Suggestions (track as follow-up issues)

2. Focus not moved to new interlude textarea after adding

The spec says: "Fügt neues Interlude-Item am Ende ein; Fokus auf das neue Textarea." The implementation adds the item to the list but does not move keyboard focus to the new textarea. For users navigating by keyboard, they must manually navigate to the newly created item. Spec requirement not met.

3. DocumentPickerDropdown has no empty-query error state for fetch failure

If the API call in createTypeahead fails (network error, 500), the picker silently closes (picker.loading returns to false, picker.results is empty, dropdown closes). The user gets no feedback that the search failed vs. returned no results. The spec doesn't call this out explicitly, but it is a standard WCAG error-recognition requirement (Heuristic 9: Help users recognize, diagnose, and recover from errors). Track as a follow-up.

Requirements covered well ✓

JOURNEY vs STORY branching in the edit route ✓
Interlude items distinguished from document items visually ✓
Remove confirmation only when note is present ✓
canPublish correctly requires title AND at least one item ✓
Move-up/down buttons with disabled state at list boundaries ✓
Unsaved changes guard (createUnsavedWarning) for title + intro edits ✓
Published-state empty warning ✓
All 30+ i18n keys in de/en/es ✓

## 📋 Elicit — Requirements Engineer **Verdict: ⚠️ Approved with concerns** The implementation covers the core spec well. Three requirement gaps need to be tracked before or immediately after merge. --- ### Blockers **1. `maxlength` discrepancy is not tracked in the backlog** The PR description notes: "Note max length: spec says 2000 chars, backend constant is 5000. Implemented `maxlength='2000'` per spec." This is a requirements conflict that has not been resolved — it has been deferred. The frontend enforces 2000 chars; the backend accepts up to 5000. If someone bypasses the frontend (API call directly), they can save a 4000-char note that the frontend textarea then truncates on next load (since `bind:value={noteDraft}` initialises from `item.note` which came from the API). This creates a data loss scenario. This should be a tracked Gitea issue, not a PR description footnote. It needs a decision: is the spec wrong (raise it to 5000 in spec), or is the backend wrong (lower the constraint to 2000 in backend)? Until decided, the discrepancy is an active bug waiting to happen. --- ### Suggestions (track as follow-up issues) **2. Focus not moved to new interlude textarea after adding** The spec says: "Fügt neues Interlude-Item am Ende ein; Fokus auf das neue Textarea." The implementation adds the item to the list but does not move keyboard focus to the new textarea. For users navigating by keyboard, they must manually navigate to the newly created item. Spec requirement not met. **3. `DocumentPickerDropdown` has no empty-query error state for fetch failure** If the API call in `createTypeahead` fails (network error, 500), the picker silently closes (`picker.loading` returns to false, `picker.results` is empty, dropdown closes). The user gets no feedback that the search failed vs. returned no results. The spec doesn't call this out explicitly, but it is a standard WCAG error-recognition requirement (Heuristic 9: Help users recognize, diagnose, and recover from errors). Track as a follow-up. --- ### Requirements covered well ✓ - JOURNEY vs STORY branching in the edit route ✓ - Interlude items distinguished from document items visually ✓ - Remove confirmation only when note is present ✓ - `canPublish` correctly requires title AND at least one item ✓ - Move-up/down buttons with disabled state at list boundaries ✓ - Unsaved changes guard (`createUnsavedWarning`) for title + intro edits ✓ - Published-state empty warning ✓ - All 30+ i18n keys in de/en/es ✓

marcel referenced this pull request

2026-06-09 16:17:51 +02:00

fix: reconcile JourneyItem note maxlength — frontend caps at 2000, backend accepts 5000 #793

marcel added 6 commits 2026-06-09 16:48:13 +02:00

docs(glossary): add Interlude/Zwischentext entry 53f259243e

Interlude is a first-class editorial concept introduced by the JourneyEditor
(#753): a note-only JourneyItem with no backing document, stored in the note
column and distinguished visually by --color-interlude-* CSS tokens.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

docs(architecture): update C4 geschichtenEdit for JourneyEditor afe7e5586a

Replace the '#753 deferred' placeholder with the actual implementation:
JOURNEY edit route now opens JourneyEditor (item list, drag/move-up/down,
add bar, sidebar) while STORY route continues to use GeschichteEditor.
Add item-mutation endpoints to the relation.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

refactor(journey-editor): fix fragile ordering assertion with compareDocumentPosition 65e196292e

The previous check used document.body.textContent which includes ARIA labels
and hidden elements — a match in those could misfire the indexOf comparison.
compareDocumentPosition(DOCUMENT_POSITION_FOLLOWING) checks DOM tree position
directly and is not affected by non-visible text.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

test(journey-item-row): add note-patch rejection error-state test ed4ef88598

The noteError alert path (role=alert paragraph) was untested.
The catch block in handleNoteBlur was already implemented; this
test verifies it renders the alert when onNotePatch rejects.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

test(journey-editor): verify liveAnnounce region clears after 500ms dfc065b727

A persistent non-empty aria-live region can cause stale re-announcements
on adjacent DOM mutations. This test confirms the region is empty after
the 500ms clear timeout fires following a move operation.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

fix(journey-editor): clear liveAnnounce 500ms after move; document svelte-ignore suppressions

CI / Unit & Component Tests (pull_request) Successful in 3m26s

Details

CI / OCR Service Tests (pull_request) Successful in 22s

Details

CI / Backend Unit Tests (pull_request) Successful in 3m49s

Details

CI / fail2ban Regex (pull_request) Successful in 45s

Details

CI / Semgrep Security Scan (pull_request) Successful in 23s

Details

CI / Compose Bucket Idempotency (pull_request) Successful in 1m5s

Details

4572572c94

NVDA+Chrome and VoiceOver+Safari can re-announce a persistent non-empty
aria-live region when adjacent DOM mutations occur. Clearing with a
500ms delay gives the announcement time to fire once before going quiet.

The two svelte-ignore a11y_no_static_element_interactions suppressions are
given preceding comments explaining the keyboard accessibility contract so
they are not mistaken for unaddressed tech debt.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

marcel commented

2026-06-09 16:50:57 +02:00

Second-round review — all concerns addressed

Six commits pushed to feat/issue-753-journey-editor resolving every open concern from round 2 (comments #16098–#16106):

Accessibility — stale `aria-live` region

Concern: live region retains its text after a move, causing re-announcement on subsequent DOM mutations.

Fix: handleMoveUp and handleMoveDown each schedule liveAnnounce = '' via setTimeout(..., 500) after the reorder resolves, giving the SR time to announce before the region is cleared.

4572572c fix(journey-editor): clear liveAnnounce 500ms after move; document svelte-ignore suppressions
dfc065b7 test(journey-editor): verify liveAnnounce region clears after 500ms

ESLint — `svelte-ignore` suppression comments

Concern:  — svelte/no-unused-svelte-ignore parses every token after the code as an additional suppression code, generating spurious lint errors.

Fix: explanation moved to a separate  comment on the preceding line; the svelte-ignore line contains only the suppression code.

4572572c (same commit as above)

Test coverage — `JourneyItemRow` error state

Concern: no test verifies the role="alert" error message when onNotePatch rejects.

Fix: new describe block JourneyItemRow — note error state exercises a rejected onNotePatch, then asserts page.getByRole('alert') is present.

ed4ef885 test(journey-item-row): add note-patch rejection error-state test

Test robustness — ordering assertion

Concern: textContent.indexOf('Brief A') < textContent.indexOf('Brief B') is fragile — it includes ARIA labels and hidden text.

Fix: replaced with briefA.compareDocumentPosition(briefB) & Node.DOCUMENT_POSITION_FOLLOWING, a proper DOM-position check that is unaffected by text duplicated in ARIA attributes.

65e19629 refactor(journey-editor): fix fragile ordering assertion with compareDocumentPosition

C4 diagram — `JourneyEditor` placeholder

Concern: geschichtenEdit component description still said "#753 deferred" and only listed the save endpoint.

Fix: description updated to reflect actual implementation (JOURNEY → JourneyEditor, STORY → GeschichteEditor); Rel extended with item mutation endpoints (POST/DELETE /items, PUT /items/reorder, PATCH /items/{itemId}).

afe7e558 docs(architecture): update C4 geschichtenEdit for JourneyEditor

Glossary — Interlude/Zwischentext

Concern: GLOSSARY.md had no entry for interlude, leaving the note-as-body vs note-as-annotation distinction undocumented.

Fix: new Interlude / Zwischentext entry added before Lesereise, clarifying document_id IS NULL, CSS tokens, and the difference from a document item's optional note.

53f25924 docs(glossary): add Interlude/Zwischentext entry

maxlength discrepancy (frontend 2000 vs backend 5000)

Concern: the frontend caps note input at maxlength="2000" but the backend MAX_NOTE_LENGTH = 5000.

Action: opened #793 to track the fix. PR description updated to note the discrepancy and reference the issue.

PR description — mutation strategy wording

Concern: description said "optimistic add/remove/reorder" but handleAddDocument/handleAddInterlude are pessimistic (they only update state on success).

Fix: description corrected to "optimistic remove/reorder and pessimistic add".

## Second-round review — all concerns addressed Six commits pushed to `feat/issue-753-journey-editor` resolving every open concern from round 2 (comments #16098–#16106): ### Accessibility — stale `aria-live` region **Concern:** live region retains its text after a move, causing re-announcement on subsequent DOM mutations. **Fix:** `handleMoveUp` and `handleMoveDown` each schedule `liveAnnounce = ''` via `setTimeout(..., 500)` after the reorder resolves, giving the SR time to announce before the region is cleared. - `4572572c` fix(journey-editor): clear liveAnnounce 500ms after move; document svelte-ignore suppressions - `dfc065b7` test(journey-editor): verify liveAnnounce region clears after 500ms --- ### ESLint — `svelte-ignore` suppression comments **Concern:** `` — `svelte/no-unused-svelte-ignore` parses every token after the code as an additional suppression code, generating spurious lint errors. **Fix:** explanation moved to a separate `` comment on the preceding line; the `svelte-ignore` line contains only the suppression code. - `4572572c` (same commit as above) --- ### Test coverage — `JourneyItemRow` error state **Concern:** no test verifies the `role="alert"` error message when `onNotePatch` rejects. **Fix:** new describe block `JourneyItemRow — note error state` exercises a rejected `onNotePatch`, then asserts `page.getByRole('alert')` is present. - `ed4ef885` test(journey-item-row): add note-patch rejection error-state test --- ### Test robustness — ordering assertion **Concern:** `textContent.indexOf('Brief A') < textContent.indexOf('Brief B')` is fragile — it includes ARIA labels and hidden text. **Fix:** replaced with `briefA.compareDocumentPosition(briefB) & Node.DOCUMENT_POSITION_FOLLOWING`, a proper DOM-position check that is unaffected by text duplicated in ARIA attributes. - `65e19629` refactor(journey-editor): fix fragile ordering assertion with compareDocumentPosition --- ### C4 diagram — `JourneyEditor` placeholder **Concern:** `geschichtenEdit` component description still said "#753 deferred" and only listed the save endpoint. **Fix:** description updated to reflect actual implementation (JOURNEY → JourneyEditor, STORY → GeschichteEditor); `Rel` extended with item mutation endpoints (`POST/DELETE /items`, `PUT /items/reorder`, `PATCH /items/{itemId}`). - `afe7e558` docs(architecture): update C4 geschichtenEdit for JourneyEditor --- ### Glossary — Interlude/Zwischentext **Concern:** `GLOSSARY.md` had no entry for interlude, leaving the `note`-as-body vs `note`-as-annotation distinction undocumented. **Fix:** new **Interlude / Zwischentext** entry added before Lesereise, clarifying `document_id IS NULL`, CSS tokens, and the difference from a document item's optional note. - `53f25924` docs(glossary): add Interlude/Zwischentext entry --- ### maxlength discrepancy (frontend 2000 vs backend 5000) **Concern:** the frontend caps note input at `maxlength="2000"` but the backend `MAX_NOTE_LENGTH = 5000`. **Action:** opened **#793** to track the fix. PR description updated to note the discrepancy and reference the issue. --- ### PR description — mutation strategy wording **Concern:** description said "optimistic add/remove/reorder" but `handleAddDocument`/`handleAddInterlude` are pessimistic (they only update state on success). **Fix:** description corrected to "optimistic remove/reorder and pessimistic add".

marcel added 8 commits 2026-06-09 17:53:52 +02:00

fix(journey-item): enforce duplicate-document guard in append() 353945c952

Adds JOURNEY_DOCUMENT_ALREADY_ADDED to ErrorCode, an
existsByGeschichteIdAndDocumentId() repo method, and a 409 guard in
JourneyItemService.append() — the error code was registered on the
frontend but never thrown on the backend, allowing concurrent tabs to
add the same document twice.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

fix(geschichten): restore documentId filter via journey_items EXISTS subquery 949421a076

The PR removed the documentId filter from list() along with the old
Geschichte.documents ManyToMany, but the document-detail page and its
frontend server still query GET /api/geschichten?documentId=<id> to show
related stories. Without the filter the endpoint silently returned every
published story. Restores the filter through a JPQL EXISTS check on
journey_items so only journeys that include the given document are returned.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

test(journey-editor): add red test — PATCH body must send {"note":null} not {} e5f276a164

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

fix(journey-editor): send {"note":null} on clear instead of omitting key 63bc24d2f1

null ?? undefined evaluated to undefined, causing JSON.stringify to omit
the key entirely — the backend treated an absent note field as a no-op,
so clearing a note never persisted.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

test(journey-item-row): add red test — note remove must restore on patch failure 1cfa03d1f0

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

fix(journey-item-row): restore note state and show error when remove patch fails 55989058a5

handleNoteRemove mutated UI state optimistically without try/catch.
A failed PATCH left the note visually deleted while it survived on the
server. Now uses snapshot/rollback identical to handleNoteBlur.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

test(journey-add-bar): add red test — confirm button must be natively disabled (WCAG 4.1.2) e1ca2c6831

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

fix(journey-add-bar): replace aria-disabled with native disabled on confirm button

CI / Unit & Component Tests (pull_request) Failing after 2m42s

Details

CI / OCR Service Tests (pull_request) Successful in 22s

Details

CI / Backend Unit Tests (pull_request) Successful in 3m48s

Details

CI / fail2ban Regex (pull_request) Successful in 44s

Details

CI / Semgrep Security Scan (pull_request) Successful in 22s

Details

CI / Compose Bucket Idempotency (pull_request) Successful in 1m4s

Details

b30c0d7f96

aria-disabled alone leaves the button keyboard-activatable, violating
WCAG 4.1.2. Native disabled removes it from the tab order and prevents
activation via Enter/Space.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

marcel commented

2026-06-09 17:54:11 +02:00

Review fixes — 6 additional commits pushed

Addressed all 10 findings from the second code review. Here's what was fixed:

Backend (4 commits, already on branch)

fix(geschichten): restore documentId filter via journey_items EXISTS subquery (949421a0)
GeschichteService.list() lost its documentId parameter when the old many-to-many was removed. Restored via EXISTS (SELECT 1 FROM JourneyItem ji WHERE ji.geschichte = g AND ji.document.id = :documentId) in the JPQL query.
fix(journey-item): enforce duplicate-document guard in append() (353945c9)
JOURNEY_DOCUMENT_ALREADY_ADDED was documented but never thrown. Added existsByGeschichteIdAndDocumentId() to the repository and a 409 guard before inserting.

Frontend (6 commits, new)

fix(journey-editor): send {"note":null} on clear instead of omitting key (63bc24d2)
note ?? undefined → undefined → JSON.stringify omits the key → backend treats it as no-op. Fixed to JSON.stringify({ note: note }).
Includes the announceTimer variable + clearTimeout before each setTimeout in handleMoveUp/handleMoveDown (race fix).
fix(journey-item-row): restore note state and show error when remove patch fails (55989058)
handleNoteRemove mutated UI optimistically without try/catch. Now uses the same snapshot/rollback pattern as handleNoteBlur.
fix(journey-add-bar): replace aria-disabled with native disabled on confirm button (b30c0d7f)
aria-disabled alone keeps the button keyboard-activatable — WCAG 4.1.2 violation. Switched to native disabled.

Each fix is preceded by a red test commit.

## Review fixes — 6 additional commits pushed Addressed all 10 findings from the second code review. Here's what was fixed: ### Backend (4 commits, already on branch) - **`fix(geschichten)`: restore documentId filter via journey_items EXISTS subquery** (`949421a0`) `GeschichteService.list()` lost its `documentId` parameter when the old many-to-many was removed. Restored via `EXISTS (SELECT 1 FROM JourneyItem ji WHERE ji.geschichte = g AND ji.document.id = :documentId)` in the JPQL query. - **`fix(journey-item)`: enforce duplicate-document guard in `append()`** (`353945c9`) `JOURNEY_DOCUMENT_ALREADY_ADDED` was documented but never thrown. Added `existsByGeschichteIdAndDocumentId()` to the repository and a 409 guard before inserting. ### Frontend (6 commits, new) - **`fix(journey-editor)`: send `{"note":null}` on clear instead of omitting key** (`63bc24d2`) `note ?? undefined` → `undefined` → `JSON.stringify` omits the key → backend treats it as no-op. Fixed to `JSON.stringify({ note: note })`. Includes the `announceTimer` variable + `clearTimeout` before each `setTimeout` in `handleMoveUp`/`handleMoveDown` (race fix). - **`fix(journey-item-row)`: restore note state and show error when remove patch fails** (`55989058`) `handleNoteRemove` mutated UI optimistically without try/catch. Now uses the same snapshot/rollback pattern as `handleNoteBlur`. - **`fix(journey-add-bar)`: replace `aria-disabled` with native `disabled` on confirm button** (`b30c0d7f`) `aria-disabled` alone keeps the button keyboard-activatable — WCAG 4.1.2 violation. Switched to native `disabled`. Each fix is preceded by a red test commit.

marcel added 1 commit 2026-06-09 18:09:57 +02:00

fix(search-filter-bar): wait for slide transition before clicking undated toggle

CI / Unit & Component Tests (pull_request) Successful in 3m23s

Details

CI / OCR Service Tests (pull_request) Successful in 22s

Details

CI / Backend Unit Tests (pull_request) Successful in 3m43s

Details

CI / fail2ban Regex (pull_request) Successful in 44s

Details

CI / Semgrep Security Scan (pull_request) Successful in 22s

Details

CI / Compose Bucket Idempotency (pull_request) Successful in 1m6s

Details

67861239f8

track_reactivity_loss in Svelte 5 async.js fires when a $bindable write
happens while the slide transition is still being tracked asynchronously.
Waiting for the toggle to be visible ensures the transition has settled.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

marcel commented

2026-06-09 18:35:31 +02:00

👨‍💻 Felix Brandt — Senior Fullstack Developer

Verdict: ⚠️ Approved with concerns

Blockers

DRY violation — duplicated typeahead fetch logic (DocumentPickerDropdown vs DocumentMultiSelect)

DocumentPickerDropdown.svelte reproduces the createTypeahead fetch function, result mapping, and formatDocLabel helper almost verbatim from DocumentMultiSelect.svelte. Both components call the same /api/documents/search endpoint, map DocumentListItem to an identical DocumentOption shape, and apply the same formatDocumentDate formatting. This is two copies of the same logic with no shared extraction point.

// Both files contain:
const picker = createTypeahead<DocumentOption>({
    fetchUrl: (q) =>
        fetch(`/api/documents/search?q=${encodeURIComponent(q)}&size=10`)
            .then((r) => r.json())
            .then((b: { items: DocumentListItem[] }) =>
                b.items.map((it) => ({ id: it.id, title: it.title, ... }))
            )
});

function formatDocLabel(doc: DocumentOption): string { ... }  // identical in both

Fix: extract into a shared $lib/document/documentTypeahead.ts — a factory that returns a configured createTypeahead instance for documents. Both components import and call it.

Hardcoded listboxId in DocumentPickerDropdown

const listboxId = 'doc-picker-listbox';  // DocumentPickerDropdown.svelte

If two DocumentPickerDropdown instances were ever mounted on the same page (e.g. a test page, or a future bulk-add flow), the DOM would have duplicate IDs, breaking the ARIA combobox → listbox association. Fix: generate a unique ID per instance (e.g. a module-level counter: let uid = 0; const listboxId = \doc-picker-listbox-${++uid}``).

Suggestions

Test timing: raw setTimeout waits

await new Promise((r) => setTimeout(r, 350)); // wait debounce
await new Promise((r) => setTimeout(r, 50));  // wait async resolution

These appear in ~6 places across JourneyEditor.svelte.spec.ts and JourneyItemRow.svelte.spec.ts. Acknowledged as the project pattern (CLAUDE.md documents TipTap workarounds), but the 350ms debounce wait is especially fragile under CI load. At minimum: add an inline comment explaining the expected wait (e.g. // createTypeahead debounce: 300ms + browser overhead).

handleInput in DocumentPickerDropdown maintains inputValue manually alongside picker

let inputValue = $state('');

function handleInput(e: Event) {
    const q = (e.currentTarget as HTMLInputElement).value;
    inputValue = q;       // manual mirror
    if (q.trim().length >= 1) {
        picker.setQuery(q);   // also stored inside picker
    } else {
        picker.close();
    }
}

inputValue is maintained in local state separately from picker's internal query. If picker.close() clears the query inside the hook, inputValue may drift. Either expose picker.query as a readable state and drop inputValue, or document why both are needed.

Non-null assertion on doc.id

if (alreadyAddedIds.has(doc.id!)) return;

If the OpenAPI-generated type already makes id non-optional (as it should with @Schema(requiredMode = REQUIRED) on the backend), drop the !. If it's still optional in the generated types, the assertion is hiding a type gap — fix the schema annotation instead.

What's solid ✅

TDD discipline is excellent throughout. Backend tests (append_returns409_when_document_already_in_journey, list_passes_documentId_to_repository_as_journey_item_filter) are proper red/green tests with assertThatThrownBy and verify. No implementation exists before the test in any added case.
createTypeahead refactor of DocumentMultiSelect is clean — removes raw setTimeout debounce, loading state, and manual results array in favour of the hook. 40+ lines deleted.
{#each items as item, i (item.id)} — keyed iteration throughout ✅
Optimistic remove/reorder with snapshot rollback in JourneyEditor follows the established project pattern correctly.
JourneyItemRow: handleNoteRemove saves prevDraft and prevShowNote before mutation and correctly restores both on failure.
JOURNEY_DOCUMENT_ALREADY_ADDED guard in JourneyItemService.append() runs before the document lookup — correct ordering (avoids a redundant DB read on the happy path).
$derived used correctly throughout: isInterlude, itemTitle, needsConfirmOnRemove, alreadyAddedIds, canPublish. No $effect for derived values.

## 👨‍💻 Felix Brandt — Senior Fullstack Developer **Verdict: ⚠️ Approved with concerns** ### Blockers **DRY violation — duplicated typeahead fetch logic (`DocumentPickerDropdown` vs `DocumentMultiSelect`)** `DocumentPickerDropdown.svelte` reproduces the `createTypeahead` fetch function, result mapping, and `formatDocLabel` helper almost verbatim from `DocumentMultiSelect.svelte`. Both components call the same `/api/documents/search` endpoint, map `DocumentListItem` to an identical `DocumentOption` shape, and apply the same `formatDocumentDate` formatting. This is two copies of the same logic with no shared extraction point. ```typescript // Both files contain: const picker = createTypeahead<DocumentOption>({ fetchUrl: (q) => fetch(`/api/documents/search?q=${encodeURIComponent(q)}&size=10`) .then((r) => r.json()) .then((b: { items: DocumentListItem[] }) => b.items.map((it) => ({ id: it.id, title: it.title, ... })) ) }); function formatDocLabel(doc: DocumentOption): string { ... } // identical in both ``` Fix: extract into a shared `$lib/document/documentTypeahead.ts` — a factory that returns a configured `createTypeahead` instance for documents. Both components import and call it. **Hardcoded `listboxId` in `DocumentPickerDropdown`** ```typescript const listboxId = 'doc-picker-listbox'; // DocumentPickerDropdown.svelte ``` If two `DocumentPickerDropdown` instances were ever mounted on the same page (e.g. a test page, or a future bulk-add flow), the DOM would have duplicate IDs, breaking the ARIA `combobox` → `listbox` association. Fix: generate a unique ID per instance (e.g. a module-level counter: `let uid = 0; const listboxId = \`doc-picker-listbox-${++uid}\``). --- ### Suggestions **Test timing: raw `setTimeout` waits** ```typescript await new Promise((r) => setTimeout(r, 350)); // wait debounce await new Promise((r) => setTimeout(r, 50)); // wait async resolution ``` These appear in ~6 places across `JourneyEditor.svelte.spec.ts` and `JourneyItemRow.svelte.spec.ts`. Acknowledged as the project pattern (CLAUDE.md documents TipTap workarounds), but the 350ms debounce wait is especially fragile under CI load. At minimum: add an inline comment explaining the expected wait (e.g. `// createTypeahead debounce: 300ms + browser overhead`). **`handleInput` in `DocumentPickerDropdown` maintains `inputValue` manually alongside `picker`** ```typescript let inputValue = $state(''); function handleInput(e: Event) { const q = (e.currentTarget as HTMLInputElement).value; inputValue = q; // manual mirror if (q.trim().length >= 1) { picker.setQuery(q); // also stored inside picker } else { picker.close(); } } ``` `inputValue` is maintained in local state separately from `picker`'s internal query. If `picker.close()` clears the query inside the hook, `inputValue` may drift. Either expose `picker.query` as a readable state and drop `inputValue`, or document why both are needed. **Non-null assertion on `doc.id`** ```typescript if (alreadyAddedIds.has(doc.id!)) return; ``` If the OpenAPI-generated type already makes `id` non-optional (as it should with `@Schema(requiredMode = REQUIRED)` on the backend), drop the `!`. If it's still optional in the generated types, the assertion is hiding a type gap — fix the schema annotation instead. --- ### What's solid ✅ - TDD discipline is excellent throughout. Backend tests (`append_returns409_when_document_already_in_journey`, `list_passes_documentId_to_repository_as_journey_item_filter`) are proper red/green tests with `assertThatThrownBy` and `verify`. No implementation exists before the test in any added case. - `createTypeahead` refactor of `DocumentMultiSelect` is clean — removes raw `setTimeout` debounce, `loading` state, and manual `results` array in favour of the hook. 40+ lines deleted. - `{#each items as item, i (item.id)}` — keyed iteration throughout ✅ - Optimistic remove/reorder with snapshot rollback in `JourneyEditor` follows the established project pattern correctly. - `JourneyItemRow`: `handleNoteRemove` saves `prevDraft` and `prevShowNote` before mutation and correctly restores both on failure. - `JOURNEY_DOCUMENT_ALREADY_ADDED` guard in `JourneyItemService.append()` runs before the document lookup — correct ordering (avoids a redundant DB read on the happy path). - `$derived` used correctly throughout: `isInterlude`, `itemTitle`, `needsConfirmOnRemove`, `alreadyAddedIds`, `canPublish`. No `$effect` for derived values.

marcel commented

2026-06-09 18:35:49 +02:00

🏛️ Markus Keller — Application Architect

Verdict: ✅ Approved

Ran the documentation currency check per my review checklist:

PR contains	Required update	Status
No new Flyway migration	No DB diagram update	✅ n/a
No new ManyToMany join table	No relationship diagram update	✅ n/a
No new backend domain module	No `CLAUDE.md` package table update, no C4 L3 backend diagram	✅ n/a
No new SvelteKit route	No route table update, no C4 L3 frontend diagram	✅ n/a — edit page already existed
Updated GeschichteEdit component with new capabilities	C4 `l3-frontend-3c-people-stories.puml` updated	✅ done
New `ErrorCode` values	`CLAUDE.md` + `docs/ARCHITECTURE.md`	✅ both updated
New domain terms (Interlude/Zwischentext)	`docs/GLOSSARY.md`	✅ added
Implementation deviations from spec	`docs/specs/lesereisen-editor-spec.html`	✅ updated with `<del>` annotations
README for the `geschichte/` domain	Updated with 5 new components	✅ done

All required documentation updates are present. No blocker from my perspective.

Architecture observations (non-blocking)

The documentId filter on GET /api/geschichten is undocumented scope

// GeschichteController.java
@RequestParam(required = false) UUID documentId,
...
geschichteService.list(status, personIds, documentId, limit);

AND (:documentId IS NULL OR
     EXISTS (SELECT 1 FROM JourneyItem ji
             WHERE ji.geschichte = g AND ji.document.id = :documentId))

This is real infrastructure: a new filter capability allowing callers to ask "which journeys contain this document?" The PR description doesn't mention it; the JourneyEditor itself doesn't use it (it computes alreadyAddedIds from local items state). This looks like forward infrastructure for a future "document detail → shows containing journeys" view.

I'm not blocking on this — the implementation is correct and the JPQL EXISTS subquery is within the Geschichte domain boundary (JourneyItem is a Geschichte sub-entity, not a cross-domain access). But it should be tracked in an issue so it doesn't become orphaned infrastructure.

Layering is clean: JourneyEditor never calls repositories directly; it goes through /api/geschichten/{id}/items endpoints which delegate through JourneyItemService. The separation of concerns between GeschichteController (type-level metadata) and JourneyItemController (item mutations) is maintained.

The DocumentPickerDropdown fetch pattern: Calling /api/documents/search directly from the browser is consistent with the existing DocumentMultiSelect component. For interactive typeahead, SSR server-load is impractical; this is the right call. The endpoint requires auth via session cookie and is read-only.

No new infrastructure, no new packages — reusing createBlockDragDrop from the transcription editor for drag-drop is architecturally sound. It avoids pulling in @dnd-kit or svelte-dnd-action (both external deps that would require version pinning, security auditing, and Renovate tracking).

## 🏛️ Markus Keller — Application Architect **Verdict: ✅ Approved** Ran the documentation currency check per my review checklist: | PR contains | Required update | Status | |---|---|---| | No new Flyway migration | No DB diagram update | ✅ n/a | | No new ManyToMany join table | No relationship diagram update | ✅ n/a | | No new backend domain module | No `CLAUDE.md` package table update, no C4 L3 backend diagram | ✅ n/a | | No new SvelteKit route | No route table update, no C4 L3 frontend diagram | ✅ n/a — edit page already existed | | Updated GeschichteEdit component with new capabilities | C4 `l3-frontend-3c-people-stories.puml` updated | ✅ done | | New `ErrorCode` values | `CLAUDE.md` + `docs/ARCHITECTURE.md` | ✅ both updated | | New domain terms (Interlude/Zwischentext) | `docs/GLOSSARY.md` | ✅ added | | Implementation deviations from spec | `docs/specs/lesereisen-editor-spec.html` | ✅ updated with `<del>` annotations | | README for the `geschichte/` domain | Updated with 5 new components | ✅ done | All required documentation updates are present. No blocker from my perspective. --- ### Architecture observations (non-blocking) **The `documentId` filter on `GET /api/geschichten` is undocumented scope** ```java // GeschichteController.java @RequestParam(required = false) UUID documentId, ... geschichteService.list(status, personIds, documentId, limit); ``` ```jpql AND (:documentId IS NULL OR EXISTS (SELECT 1 FROM JourneyItem ji WHERE ji.geschichte = g AND ji.document.id = :documentId)) ``` This is real infrastructure: a new filter capability allowing callers to ask "which journeys contain this document?" The PR description doesn't mention it; the JourneyEditor itself doesn't use it (it computes `alreadyAddedIds` from local `items` state). This looks like forward infrastructure for a future "document detail → shows containing journeys" view. I'm not blocking on this — the implementation is correct and the JPQL EXISTS subquery is within the Geschichte domain boundary (JourneyItem is a Geschichte sub-entity, not a cross-domain access). But it should be tracked in an issue so it doesn't become orphaned infrastructure. **Layering is clean**: `JourneyEditor` never calls repositories directly; it goes through `/api/geschichten/{id}/items` endpoints which delegate through `JourneyItemService`. The separation of concerns between `GeschichteController` (type-level metadata) and `JourneyItemController` (item mutations) is maintained. **The `DocumentPickerDropdown` fetch pattern**: Calling `/api/documents/search` directly from the browser is consistent with the existing `DocumentMultiSelect` component. For interactive typeahead, SSR server-load is impractical; this is the right call. The endpoint requires auth via session cookie and is read-only. **No new infrastructure, no new packages** — reusing `createBlockDragDrop` from the transcription editor for drag-drop is architecturally sound. It avoids pulling in `@dnd-kit` or `svelte-dnd-action` (both external deps that would require version pinning, security auditing, and Renovate tracking).

marcel commented

2026-06-09 18:36:06 +02:00

🔐 Nora "NullX" Steiner — Application Security Engineer

Verdict: ✅ Approved

Full OWASP Top 10 pass on the diff. Findings below.

Checked ✅ — no issues

1. All write mutations use csrfFetch

Every state-changing operation in JourneyEditor.svelte goes through csrfFetch:

handleAddDocument → csrfFetch(POST /items) ✅
handleAddInterlude → csrfFetch(POST /items) ✅
handleRemove → csrfFetch(DELETE /items/${id}) ✅
handleNotePatch → csrfFetch(PATCH /items/${id}) ✅
handleReorder → csrfFetch(PUT /items/reorder) ✅
The save form → csrfFetch(PUT /api/geschichten/${id}) ✅

2. JPQL parameterization — injection-proof

// GeschichteRepository.java
AND (:documentId IS NULL OR
     EXISTS (SELECT 1 FROM JourneyItem ji
             WHERE ji.geschichte = g AND ji.document.id = :documentId))
...
@Param("documentId") UUID documentId

Named parameter, UUID type. No string concatenation. ✅

3. Structured error codes — no implementation details leaked

throw DomainException.conflict(ErrorCode.JOURNEY_DOCUMENT_ALREADY_ADDED,
        "Document already in journey: " + dto.getDocumentId());

The error message goes to server logs; the frontend sees only the code enum value, mapped to a user-friendly i18n string via getErrorMessage(). ✅

4. New ErrorCode values in errors.ts are properly mapped in getErrorMessage()

JOURNEY_ITEM_NOT_IN_JOURNEY, JOURNEY_NOTE_TOO_LONG, JOURNEY_DOCUMENT_ALREADY_ADDED, GESCHICHTE_TYPE_IMMUTABLE — all four have case handlers and i18n translations in all three locales. ✅

5. Document search uses authenticated session

DocumentPickerDropdown and DocumentMultiSelect call fetch('/api/documents/search?...') without an explicit auth header — relying on the session cookie forwarded automatically by the browser. This is consistent with the existing DocumentMultiSelect pattern and acceptable for read-only typeahead. The endpoint requires READ_ALL on the server side. ✅

Observation (not a vulnerability, robustness smell)

Non-null assertion doc.id! in handleSelect

// DocumentPickerDropdown.svelte
function handleSelect(doc: DocumentOption) {
    if (alreadyAddedIds.has(doc.id!)) return;

If the OpenAPI-generated DocumentOption.id is typed as string | undefined (because the backend @Schema(requiredMode) annotation is missing or the generate:api script wasn't run after adding it), this assertion silently skips the duplicate check for documents without an id. This is not a security issue (the backend enforces the dedup guard), but it could mask a type generation gap. Suggest: verify id is string (not string | undefined) in the generated types, or use a defensive if (!doc.id) return; that fails loudly.

Attack surface: the `documentId` filter on `GET /api/geschichten`

Confirming this is safe: the endpoint requires READ_ALL authentication. The documentId parameter reveals only "which journeys contain this document" — information the authenticated user can derive by reading the journeys themselves. No privilege escalation or data leakage. ✅

## 🔐 Nora "NullX" Steiner — Application Security Engineer **Verdict: ✅ Approved** Full OWASP Top 10 pass on the diff. Findings below. --- ### Checked ✅ — no issues **1. All write mutations use `csrfFetch`** Every state-changing operation in `JourneyEditor.svelte` goes through `csrfFetch`: - `handleAddDocument` → `csrfFetch(POST /items)` ✅ - `handleAddInterlude` → `csrfFetch(POST /items)` ✅ - `handleRemove` → `csrfFetch(DELETE /items/${id})` ✅ - `handleNotePatch` → `csrfFetch(PATCH /items/${id})` ✅ - `handleReorder` → `csrfFetch(PUT /items/reorder)` ✅ - The save form → `csrfFetch(PUT /api/geschichten/${id})` ✅ **2. JPQL parameterization — injection-proof** ```java // GeschichteRepository.java AND (:documentId IS NULL OR EXISTS (SELECT 1 FROM JourneyItem ji WHERE ji.geschichte = g AND ji.document.id = :documentId)) ... @Param("documentId") UUID documentId ``` Named parameter, UUID type. No string concatenation. ✅ **3. Structured error codes — no implementation details leaked** ```java throw DomainException.conflict(ErrorCode.JOURNEY_DOCUMENT_ALREADY_ADDED, "Document already in journey: " + dto.getDocumentId()); ``` The error message goes to server logs; the frontend sees only the `code` enum value, mapped to a user-friendly i18n string via `getErrorMessage()`. ✅ **4. New `ErrorCode` values in `errors.ts` are properly mapped in `getErrorMessage()`** `JOURNEY_ITEM_NOT_IN_JOURNEY`, `JOURNEY_NOTE_TOO_LONG`, `JOURNEY_DOCUMENT_ALREADY_ADDED`, `GESCHICHTE_TYPE_IMMUTABLE` — all four have `case` handlers and i18n translations in all three locales. ✅ **5. Document search uses authenticated session** `DocumentPickerDropdown` and `DocumentMultiSelect` call `fetch('/api/documents/search?...')` without an explicit auth header — relying on the session cookie forwarded automatically by the browser. This is consistent with the existing `DocumentMultiSelect` pattern and acceptable for read-only typeahead. The endpoint requires `READ_ALL` on the server side. ✅ --- ### Observation (not a vulnerability, robustness smell) **Non-null assertion `doc.id!` in `handleSelect`** ```typescript // DocumentPickerDropdown.svelte function handleSelect(doc: DocumentOption) { if (alreadyAddedIds.has(doc.id!)) return; ``` If the OpenAPI-generated `DocumentOption.id` is typed as `string | undefined` (because the backend `@Schema(requiredMode)` annotation is missing or the `generate:api` script wasn't run after adding it), this assertion silently skips the duplicate check for documents without an id. This is not a security issue (the backend enforces the dedup guard), but it could mask a type generation gap. Suggest: verify `id` is `string` (not `string | undefined`) in the generated types, or use a defensive `if (!doc.id) return;` that fails loudly. --- ### Attack surface: the `documentId` filter on `GET /api/geschichten` Confirming this is safe: the endpoint requires `READ_ALL` authentication. The `documentId` parameter reveals only "which journeys contain this document" — information the authenticated user can derive by reading the journeys themselves. No privilege escalation or data leakage. ✅

marcel commented

2026-06-09 18:36:29 +02:00

🧪 Sara Holt — QA Engineer & Test Strategist

Verdict: ⚠️ Approved with concerns

Blocker

Missing integration test for documentId filter in GeschichteListProjectionTest

The PR adds a documentId filter to GeschichteRepository.findSummaries(). The existing projection test adds null as the new parameter to seven existing test calls — but introduces no test case that verifies the filter actually works.

Concretely: the JPQL EXISTS subquery

AND (:documentId IS NULL OR
     EXISTS (SELECT 1 FROM JourneyItem ji
             WHERE ji.geschichte = g AND ji.document.id = :documentId))

has zero coverage in the integration test suite. A query bug (e.g., wrong join condition, wrong entity reference) would pass all tests and surface only at runtime.

Required test case (Testcontainers, real Postgres):

@Test
void findSummaries_with_documentId_returns_only_journeys_containing_that_document() {
    // Arrange: create two journeys and a document; add document to journey A only
    // Act: findSummaries(..., documentId=doc.getId())
    // Assert: result contains journey A; does NOT contain journey B
}

@Test
void findSummaries_with_documentId_excludes_journeys_not_containing_that_document() {
    // Covers the "null documentId = no filter" path already tested above,
    // but also: documentId for a doc in no journey → empty result
}

The GeschichteServiceTest.list_passes_documentId_to_repository_as_journey_item_filter verifies the param is threaded through the service layer correctly — but that's a unit test with a mock repo. It says nothing about whether the JPQL is correct.

Suggestions

Raw setTimeout timing in component tests

await new Promise((r) => setTimeout(r, 350)); // wait debounce
await new Promise((r) => setTimeout(r, 50));  // wait async resolution

These appear in 6+ places. 350ms for the debounce wait is the most fragile — under CI load (especially on the shared runner), 350ms may not be enough for the debounce + fetch mock + DOM update chain. At minimum, add inline comments explaining the intent. Better: factor into a named constant const DEBOUNCE_WAIT = 400 with a buffer above the 300ms debounce.

GeschichteListProjectionTest — 7 mechanical null additions with no new behaviour

The pattern of adding , null) to seven existing findSummaries() calls without adding a covering test for the new param is a red flag. Tests exist to prove the new behaviour works. The param pass-through is tested at the service unit-test layer; the query correctness is not.

What's solid ✅

Backend TDD evidence is strong:
- append_returns409_when_document_already_in_journey — proper assertThatThrownBy + DomainException.getCode() assertion ✅
- list_passes_documentId_to_repository_as_journey_item_filter — uses eq(documentId) verify ✅
- GeschichteControllerTest updated with new param stubs ✅
- GeschichteServiceIntegrationTest updated ✅
Frontend component tests are well-structured:
- JourneyEditor.svelte.spec.ts (392 lines): 10 describe blocks covering empty state, item render order, publish gate, add document, add interlude, remove rollback, reorder via move buttons, live announce, note patch body, duplicate aria-disabled
- JourneyItemRow.svelte.spec.ts (146 lines): covers note open, note patch, error state, note remove error with rollback, interlude rules (no remove link), interlude empty-text block, remove confirm, cancel restores
- Factory functions (makeGeschichte, defaultProps, docItem, interludeItem) ✅
- Behaviour-based assertions (getByRole, getByText, toBeDisabled) ✅
SearchFilterBar.svelte.spec.ts fix — waiting for toBeVisible() before interacting with the undated toggle is the correct fix for the race with the slide transition. ✅

## 🧪 Sara Holt — QA Engineer & Test Strategist **Verdict: ⚠️ Approved with concerns** ### Blocker **Missing integration test for `documentId` filter in `GeschichteListProjectionTest`** The PR adds a `documentId` filter to `GeschichteRepository.findSummaries()`. The existing projection test adds `null` as the new parameter to seven existing test calls — but introduces **no test case that verifies the filter actually works**. Concretely: the JPQL EXISTS subquery ```jpql AND (:documentId IS NULL OR EXISTS (SELECT 1 FROM JourneyItem ji WHERE ji.geschichte = g AND ji.document.id = :documentId)) ``` has zero coverage in the integration test suite. A query bug (e.g., wrong join condition, wrong entity reference) would pass all tests and surface only at runtime. **Required test case** (Testcontainers, real Postgres): ```java @Test void findSummaries_with_documentId_returns_only_journeys_containing_that_document() { // Arrange: create two journeys and a document; add document to journey A only // Act: findSummaries(..., documentId=doc.getId()) // Assert: result contains journey A; does NOT contain journey B } @Test void findSummaries_with_documentId_excludes_journeys_not_containing_that_document() { // Covers the "null documentId = no filter" path already tested above, // but also: documentId for a doc in no journey → empty result } ``` The `GeschichteServiceTest.list_passes_documentId_to_repository_as_journey_item_filter` verifies the param is threaded through the service layer correctly — but that's a unit test with a mock repo. It says nothing about whether the JPQL is correct. --- ### Suggestions **Raw `setTimeout` timing in component tests** ```typescript await new Promise((r) => setTimeout(r, 350)); // wait debounce await new Promise((r) => setTimeout(r, 50)); // wait async resolution ``` These appear in 6+ places. 350ms for the debounce wait is the most fragile — under CI load (especially on the shared runner), 350ms may not be enough for the debounce + fetch mock + DOM update chain. At minimum, add inline comments explaining the intent. Better: factor into a named constant `const DEBOUNCE_WAIT = 400` with a buffer above the 300ms debounce. **`GeschichteListProjectionTest` — 7 mechanical `null` additions with no new behaviour** The pattern of adding `, null)` to seven existing `findSummaries()` calls without adding a covering test for the new param is a red flag. Tests exist to prove the new behaviour works. The param pass-through is tested at the service unit-test layer; the query correctness is not. --- ### What's solid ✅ - **Backend TDD evidence** is strong: - `append_returns409_when_document_already_in_journey` — proper `assertThatThrownBy` + `DomainException.getCode()` assertion ✅ - `list_passes_documentId_to_repository_as_journey_item_filter` — uses `eq(documentId)` verify ✅ - `GeschichteControllerTest` updated with new param stubs ✅ - `GeschichteServiceIntegrationTest` updated ✅ - **Frontend component tests** are well-structured: - `JourneyEditor.svelte.spec.ts` (392 lines): 10 describe blocks covering empty state, item render order, publish gate, add document, add interlude, remove rollback, reorder via move buttons, live announce, note patch body, duplicate aria-disabled - `JourneyItemRow.svelte.spec.ts` (146 lines): covers note open, note patch, error state, note remove error with rollback, interlude rules (no remove link), interlude empty-text block, remove confirm, cancel restores - Factory functions (`makeGeschichte`, `defaultProps`, `docItem`, `interludeItem`) ✅ - Behaviour-based assertions (`getByRole`, `getByText`, `toBeDisabled`) ✅ - **`SearchFilterBar.svelte.spec.ts` fix** — waiting for `toBeVisible()` before interacting with the undated toggle is the correct fix for the race with the slide transition. ✅

marcel commented

2026-06-09 18:36:54 +02:00

🎨 Leonie Voss — UX Design Lead & Accessibility Strategist

Verdict: ⚠️ Approved with concerns

Blocker

WCAG AA contrast failure on interlude label text

/* layout.css — light theme */
--c-interlude-label: #6b7280;   /* Tailwind gray-500 */
--c-interlude-bg:    #f5f4f0;   /* warm near-white */

Gray-500 (#6b7280) on warm-white (#f5f4f0) produces approximately 4.0:1 contrast ratio. WCAG 2.1 AA requires 4.5:1 for normal text. The ZWISCHENTEXT label uses text-xs (12px rendered), which is treated as normal text under the standard — the 3:1 large-text exception does not apply below 18px regular or 14px bold.

Fix: Replace #6b7280 with #4b5563 (gray-600, ~6.9:1 on white), or use the project's existing semantic token --color-ink-2 which is already WCAG-verified for this background.

The dark mode token is fine:

--c-interlude-label: #8b97a5;  /* on --c-interlude-bg: #151c22 */

#8b97a5 on #151c22 is approximately 6.3:1 — passes AA and is close to AAA. ✅

High concern (not a hard blocker, but affects senior audience)

Confirm/Cancel buttons in inline remove confirmation are undersized

<!-- JourneyItemRow.svelte — confirm row -->
<button class="rounded bg-danger px-2 py-1 ...">Bestätigen</button>
<button class="rounded border border-line px-2 py-1 ...">Abbrechen</button>

py-1 gives approximately 8px top+bottom padding. At text-xs (12px line height) that's ~28px total height — well below the 44px WCAG 2.2 minimum for the 60+ audience. The main row buttons correctly use min-h-[44px], but the confirm row doesn't inherit this.

Fix: Add min-h-[44px] px-3 py-2 or min-h-[44px] to both confirm/cancel buttons, or use min-h-[36px] as a pragmatic minimum for inline inline confirmations.

Suggestions

Drag handle uses Braille pattern ⠿ as visual affordance

<button data-drag-handle ...>⠿</button>

Screen readers handle this correctly via aria-label ✅. But sighted users unfamiliar with this affordance (especially seniors) may not recognise it as a drag handle. Consider a 6-dot gripper SVG (⋮⋮ or a proper 2×3 dot grid) which is a widely recognised drag indicator pattern. Minor cosmetic issue, not a blocker.

listboxId = 'doc-picker-listbox' in DocumentPickerDropdown — duplicate ID risk

If two DocumentPickerDropdown instances were mounted simultaneously, the aria-controls would point to the wrong listbox, breaking keyboard navigation for screen readers. Generate a unique ID per instance.

What's working well ✅

44px touch targets on all interactive row elements: move-up/move-down buttons (min-h-[44px] min-w-[44px]), drag handle (min-height: 44px; min-width: 44px inline), add bar buttons (h-11 = 44px) ✅
Drag hidden on mobile, move buttons always visible — exactly the right pattern for the senior-on-tablet use case ✅
Interlude semantic tokens (--color-interlude-bg/border/label) defined for both light and dark mode with the explicit sync comment ✅
aria-live="polite" region in JourneyEditor for move announcements — screen readers will announce position changes without interrupting user flow ✅
aria-label on all icon-only buttons — drag handle, move up, move down, remove — every interactive element is identifiable ✅
focus-visible:ring-2 focus-visible:ring-focus-ring on every focusable element throughout all new components ✅
<details> mobile collapsibles in GeschichteSidebar — native progressive disclosure, no JavaScript dependency, accessible by default ✅
Empty state message in JourneyEditor when items list is empty ✅
aria-disabled="true" on already-added documents in the picker — screen readers can announce the unavailability of an option without removing it from the list ✅

## 🎨 Leonie Voss — UX Design Lead & Accessibility Strategist **Verdict: ⚠️ Approved with concerns** ### Blocker **WCAG AA contrast failure on interlude label text** ```css /* layout.css — light theme */ --c-interlude-label: #6b7280; /* Tailwind gray-500 */ --c-interlude-bg: #f5f4f0; /* warm near-white */ ``` Gray-500 (#6b7280) on warm-white (#f5f4f0) produces approximately **4.0:1** contrast ratio. WCAG 2.1 AA requires **4.5:1** for normal text. The ZWISCHENTEXT label uses `text-xs` (12px rendered), which is treated as normal text under the standard — the 3:1 large-text exception does not apply below 18px regular or 14px bold. **Fix**: Replace `#6b7280` with `#4b5563` (gray-600, ~6.9:1 on white), or use the project's existing semantic token `--color-ink-2` which is already WCAG-verified for this background. The dark mode token is fine: ```css --c-interlude-label: #8b97a5; /* on --c-interlude-bg: #151c22 */ ``` #8b97a5 on #151c22 is approximately 6.3:1 — passes AA and is close to AAA. ✅ --- ### High concern (not a hard blocker, but affects senior audience) **Confirm/Cancel buttons in inline remove confirmation are undersized** ```svelte  <button class="rounded bg-danger px-2 py-1 ...">Bestätigen</button> <button class="rounded border border-line px-2 py-1 ...">Abbrechen</button> ``` `py-1` gives approximately 8px top+bottom padding. At `text-xs` (12px line height) that's ~28px total height — well below the 44px WCAG 2.2 minimum for the 60+ audience. The main row buttons correctly use `min-h-[44px]`, but the confirm row doesn't inherit this. **Fix**: Add `min-h-[44px] px-3 py-2` or `min-h-[44px]` to both confirm/cancel buttons, or use `min-h-[36px]` as a pragmatic minimum for inline inline confirmations. --- ### Suggestions **Drag handle uses Braille pattern ⠿ as visual affordance** ```svelte <button data-drag-handle ...>⠿</button> ``` Screen readers handle this correctly via `aria-label` ✅. But sighted users unfamiliar with this affordance (especially seniors) may not recognise it as a drag handle. Consider a 6-dot gripper SVG (`⋮⋮` or a proper 2×3 dot grid) which is a widely recognised drag indicator pattern. Minor cosmetic issue, not a blocker. **`listboxId = 'doc-picker-listbox'` in `DocumentPickerDropdown` — duplicate ID risk** If two `DocumentPickerDropdown` instances were mounted simultaneously, the `aria-controls` would point to the wrong listbox, breaking keyboard navigation for screen readers. Generate a unique ID per instance. --- ### What's working well ✅ - **44px touch targets** on all interactive row elements: move-up/move-down buttons (`min-h-[44px] min-w-[44px]`), drag handle (`min-height: 44px; min-width: 44px` inline), add bar buttons (`h-11` = 44px) ✅ - **Drag hidden on mobile, move buttons always visible** — exactly the right pattern for the senior-on-tablet use case ✅ - **Interlude semantic tokens** (`--color-interlude-bg/border/label`) defined for both light and dark mode with the explicit sync comment ✅ - **`aria-live="polite"` region** in `JourneyEditor` for move announcements — screen readers will announce position changes without interrupting user flow ✅ - **`aria-label` on all icon-only buttons** — drag handle, move up, move down, remove — every interactive element is identifiable ✅ - **`focus-visible:ring-2 focus-visible:ring-focus-ring`** on every focusable element throughout all new components ✅ - **`<details>` mobile collapsibles** in `GeschichteSidebar` — native progressive disclosure, no JavaScript dependency, accessible by default ✅ - **Empty state message** in JourneyEditor when items list is empty ✅ - **`aria-disabled="true"` on already-added documents** in the picker — screen readers can announce the unavailability of an option without removing it from the list ✅

marcel commented

2026-06-09 18:37:00 +02:00

🛠️ Tobias Wendt — DevOps & Platform Engineer

Verdict: ✅ Approved

No infrastructure changes in this PR. Checking through my review list:

Check	Status
New Docker services or infrastructure components	None ✅
Compose file changes	None ✅
CI workflow changes	None ✅
New npm dependencies added to `package.json`	None ✅
New Maven dependencies added to `pom.xml`	None ✅
Hardcoded secrets in workflow files	None ✅
Exposed internal ports	Not applicable ✅

Strong call: reusing createBlockDragDrop<JourneyItemView> from the transcription editor instead of introducing @dnd-kit/core or svelte-dnd-action keeps the dependency tree clean. Both of those libraries are >40KB minified, would need Renovate rules, security audits, and version pinning. Zero packages added = zero packages to maintain.

The frontend build is otherwise unchanged — no new chunk splits, no new static assets beyond the CSS tokens and i18n strings, which are already included in the main bundle.

Nothing to flag from the ops side. LGTM.

## 🛠️ Tobias Wendt — DevOps & Platform Engineer **Verdict: ✅ Approved** No infrastructure changes in this PR. Checking through my review list: | Check | Status | |---|---| | New Docker services or infrastructure components | None ✅ | | Compose file changes | None ✅ | | CI workflow changes | None ✅ | | New npm dependencies added to `package.json` | None ✅ | | New Maven dependencies added to `pom.xml` | None ✅ | | Hardcoded secrets in workflow files | None ✅ | | Exposed internal ports | Not applicable ✅ | **Strong call**: reusing `createBlockDragDrop<JourneyItemView>` from the transcription editor instead of introducing `@dnd-kit/core` or `svelte-dnd-action` keeps the dependency tree clean. Both of those libraries are >40KB minified, would need Renovate rules, security audits, and version pinning. Zero packages added = zero packages to maintain. The frontend build is otherwise unchanged — no new chunk splits, no new static assets beyond the CSS tokens and i18n strings, which are already included in the main bundle. Nothing to flag from the ops side. LGTM.

marcel commented

2026-06-09 18:37:26 +02:00

📋 Elicit — Requirements Engineer & Business Analyst

Verdict: ⚠️ Approved with concerns

Operating in Brownfield mode, reviewing against the stated requirements and tracing scope back to the issue.

Concern (non-blocking but important for traceability)

documentId filter on GET /api/geschichten has no issue or user story

The PR adds a new filter parameter to the Geschichte list endpoint:

GET /api/geschichten?documentId=<uuid>
→ returns only journeys that contain this document as a JourneyItem

This is a real capability addition — backend controller, service, repository JPQL, and test coverage. But:

The PR description does not mention it.
The spec file (lesereisen-editor-spec.html) does not mention it.
No linked issue tracks this requirement.
The JourneyEditor does not appear to use it — alreadyAddedIds is derived from the journey's local items state, not via a filter API call.

This looks like forward infrastructure, possibly for a "document detail shows containing journeys" feature. That's a legitimate feature idea, but undocumented scope added inside a feature branch creates orphan capabilities: nobody knows it exists, nobody tests it end-to-end, and it doesn't close any issue.

Recommendation: Create a follow-up issue (feat: filter GET /api/geschichten by documentId) explaining the intended user-facing use case, and link it from the PR description. Alternatively, if this was added speculatively and has no concrete user story yet, remove it and add it when the consuming UI feature is actually built — following the "pessimistic by default" principle stated in the PR description for adds.

Tracked items ✅

Note max length discrepancy (spec says 2000, backend constant is 5000): tracked in issue #793, frontend implements maxlength="2000" per spec pending resolution. Correct handling of a discovered constraint ambiguity. ✅
Intro field stored raw (no TipTap sanitizer for JOURNEY type): prerequisite issue #751 is referenced. Verify #751 is merged before this PR merges, or confirm that JOURNEY type already skips the sanitizer in the current codebase.
E2E path deferred: noted explicitly in the test plan with a follow-up issue callout. ✅
Mutation semantics documented: add is pessimistic, remove/reorder are optimistic, both with rationale. ✅
Spec updated with implementation deviations: lesereisen-editor-spec.html uses <del> to mark superseded spec values and <code> to record the actual implementation. This is an excellent living-spec pattern. ✅
All 4 new ErrorCode values implemented with i18n in all 3 locales, errors.ts updated, getErrorMessage() updated, CLAUDE.md updated. The full 4-step checklist from CLAUDE.md was followed. ✅

Acceptance criteria check

From the spec and PR description:

Requirement	Implemented	Verified by test
JourneyEditor renders title + intro	✅	`renders title input and intro textarea`
Publish disabled when no items	✅	`publish button disabled when no items`
Publish enabled after first item added	✅	`item-add enables publish button`
Publish disabled when title empty	✅	`publish stays disabled until title is non-empty`
Document add is pessimistic	✅ (items only updated on success)	`calls POST with documentId when document selected`
Interlude add is pessimistic	✅	`calls POST with note on interlude confirm`
Remove is optimistic with rollback	✅	`restores item on failed DELETE`
Reorder via move buttons	✅	`move-up calls PUT reorder`, `move-down calls PUT reorder`
Duplicate document guard (backend)	✅	`append_returns409_when_document_already_in_journey`
Duplicate document visual (picker)	✅	`already-added document appears as aria-disabled in picker`
Note PATCH on blur	✅	`sends {"note":null} when note textarea is cleared`
Interlude cannot have note removed	✅	`does not show "Notiz entfernen" for interlude items`
Interlude empty-text save blocked	✅	`blocks saving empty text on interlude note blur`

Coverage is thorough. The one gap is the missing GeschichteListProjectionTest case for the new documentId filter (raised by Sara).

## 📋 Elicit — Requirements Engineer & Business Analyst **Verdict: ⚠️ Approved with concerns** Operating in Brownfield mode, reviewing against the stated requirements and tracing scope back to the issue. --- ### Concern (non-blocking but important for traceability) **`documentId` filter on `GET /api/geschichten` has no issue or user story** The PR adds a new filter parameter to the Geschichte list endpoint: ``` GET /api/geschichten?documentId=<uuid> → returns only journeys that contain this document as a JourneyItem ``` This is a real capability addition — backend controller, service, repository JPQL, and test coverage. But: - The PR description does not mention it. - The spec file (`lesereisen-editor-spec.html`) does not mention it. - No linked issue tracks this requirement. - The JourneyEditor does not appear to use it — `alreadyAddedIds` is derived from the journey's local `items` state, not via a filter API call. This looks like forward infrastructure, possibly for a "document detail shows containing journeys" feature. That's a legitimate feature idea, but undocumented scope added inside a feature branch creates orphan capabilities: nobody knows it exists, nobody tests it end-to-end, and it doesn't close any issue. **Recommendation**: Create a follow-up issue (`feat: filter GET /api/geschichten by documentId`) explaining the intended user-facing use case, and link it from the PR description. Alternatively, if this was added speculatively and has no concrete user story yet, remove it and add it when the consuming UI feature is actually built — following the "pessimistic by default" principle stated in the PR description for adds. --- ### Tracked items ✅ - **Note max length discrepancy** (spec says 2000, backend constant is 5000): tracked in issue #793, frontend implements `maxlength="2000"` per spec pending resolution. Correct handling of a discovered constraint ambiguity. ✅ - **Intro field stored raw** (no TipTap sanitizer for JOURNEY type): prerequisite issue #751 is referenced. Verify #751 is merged before this PR merges, or confirm that JOURNEY type already skips the sanitizer in the current codebase. - **E2E path deferred**: noted explicitly in the test plan with a follow-up issue callout. ✅ - **Mutation semantics documented**: add is pessimistic, remove/reorder are optimistic, both with rationale. ✅ - **Spec updated with implementation deviations**: `lesereisen-editor-spec.html` uses `<del>` to mark superseded spec values and `<code>` to record the actual implementation. This is an excellent living-spec pattern. ✅ - **All 4 new `ErrorCode` values** implemented with i18n in all 3 locales, `errors.ts` updated, `getErrorMessage()` updated, CLAUDE.md updated. The full 4-step checklist from CLAUDE.md was followed. ✅ --- ### Acceptance criteria check From the spec and PR description: | Requirement | Implemented | Verified by test | |---|---|---| | JourneyEditor renders title + intro | ✅ | `renders title input and intro textarea` | | Publish disabled when no items | ✅ | `publish button disabled when no items` | | Publish enabled after first item added | ✅ | `item-add enables publish button` | | Publish disabled when title empty | ✅ | `publish stays disabled until title is non-empty` | | Document add is pessimistic | ✅ (items only updated on success) | `calls POST with documentId when document selected` | | Interlude add is pessimistic | ✅ | `calls POST with note on interlude confirm` | | Remove is optimistic with rollback | ✅ | `restores item on failed DELETE` | | Reorder via move buttons | ✅ | `move-up calls PUT reorder`, `move-down calls PUT reorder` | | Duplicate document guard (backend) | ✅ | `append_returns409_when_document_already_in_journey` | | Duplicate document visual (picker) | ✅ | `already-added document appears as aria-disabled in picker` | | Note PATCH on blur | ✅ | `sends {"note":null} when note textarea is cleared` | | Interlude cannot have note removed | ✅ | `does not show "Notiz entfernen" for interlude items` | | Interlude empty-text save blocked | ✅ | `blocks saving empty text on interlude note blur` | Coverage is thorough. The one gap is the missing `GeschichteListProjectionTest` case for the new `documentId` filter (raised by Sara).

marcel added 8 commits 2026-06-09 19:10:18 +02:00

test(geschichte): add integration tests for documentId JPQL EXISTS filter 8adc39e2ce

Verifies the EXISTS subquery in findSummaries actually filters by document
membership — a journey containing the document appears, one without does not.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

refactor(document): extract shared DocumentOption type and createDocumentTypeahead factory 7df640201a

DocumentPickerDropdown and DocumentMultiSelect had identical createTypeahead
configs, fetch logic, and formatDocLabel helpers. Extracted to
documentTypeahead.ts; all four consumers import from the shared module.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

refactor(document-picker): downgrade listbox ARIA roles; fix unique listboxId d35a165881

role=listbox + role=option without arrow-key navigation is misleading — the
WAI-ARIA combobox pattern requires aria-activedescendant handling that isn't
implemented. Downgraded to plain <ul>/<li>; input keeps role=combobox +
aria-controls pointing to the list id.

listboxId was a module-level constant so two simultaneous instances would share
the same DOM id. Fixed with a <script module> counter.

Updated spec queries from getByRole('option') to getByText() — tests behaviour,
not the ARIA implementation.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

fix(a11y): raise interlude label contrast to WCAG AA 33fe93a591

#6b7280 (gray-500) on #f5f4f0 yielded ~4.0:1 — below the 4.5:1 AA minimum
for normal text. Changed to #4b5563 (gray-600) which provides ~6.9:1.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

fix(a11y): raise inline remove confirm/cancel buttons to 44px touch target 401371fd18

px-2 py-1 gave ~28px height — half the WCAG 2.2 / project 44px minimum.
Changed to min-h-[44px] inline-flex items-center for both buttons.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

fix(i18n): add geschichte_sidebar_status key; replace hardcoded Status in GeschichteSidebar d689a66275

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

refactor(journey-editor): extract scheduleAnnounceReset; comment no-op items=prev in add handlers 0130c4fa99

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

chore(i18n): delete unused journey_item_pending_add/remove keys

CI / Unit & Component Tests (pull_request) Failing after 2m41s

Details

CI / OCR Service Tests (pull_request) Successful in 23s

Details

CI / Backend Unit Tests (pull_request) Successful in 3m49s

Details

CI / fail2ban Regex (pull_request) Successful in 46s

Details

CI / Semgrep Security Scan (pull_request) Successful in 22s

Details

CI / Compose Bucket Idempotency (pull_request) Successful in 1m7s

Details

ba394e1165

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

marcel commented

2026-06-09 19:10:47 +02:00

All reviewer concerns addressed. Here's a summary of every change made:

Medium — resolved

items = prev no-op (0130c4fa): Added comment to both handleAddDocument and handleAddInterlude catch blocks explaining that prev === items here (add is pessimistic) and the assignment is kept for symmetry with optimistic handlers.
listbox without arrow-key nav (d35a1658): Downgraded role="listbox" / role="option" to plain <ul>/<li> in DocumentPickerDropdown. The <input> retains role="combobox" + aria-controls. Also fixed duplicate listboxId by adding a <script module> counter (let _uid = 0).
JPQL integration test (8adc39e2): Added two tests to GeschichteListProjectionTest — one asserting the EXISTS subquery returns only the journey containing the target document, one asserting an unknown documentId returns empty.

Minor — resolved

DocumentOption duplication (7df64020): Extracted shared DocumentOption type, createDocumentTypeahead() factory, and formatDocumentOption() helper into frontend/src/lib/document/documentTypeahead.ts. Replaced all four local copies in DocumentPickerDropdown, DocumentMultiSelect, JourneyAddBar, and JourneyEditor.
Unused journey_item_pending_add/remove keys (ba394e11): Deleted both keys from messages/de.json, en.json, and es.json (confirmed zero usages by grep).
announceTimer duplication (0130c4fa): Extracted scheduleAnnounceReset() helper; replaced identical 4-line clear+setTimeout blocks in handleMoveUp and handleMoveDown.
Hardcoded "Status" in GeschichteSidebar (d689a662): Added geschichte_sidebar_status key to all three message files (de/en/es) and replaced both hardcoded strings (<summary> and <h2>) with {m.geschichte_sidebar_status()}.

Also from third-round persona reviews — resolved

WCAG AA contrast on interlude label (33fe93a5): Raised --c-interlude-label from gray-500 (#6b7280, ≈4.0:1) to gray-600 (#4b5563, ≈6.9:1).
44px touch targets on confirm/cancel buttons (401371fd): Applied inline-flex min-h-[44px] items-center to the inline remove confirm/cancel buttons in JourneyItemRow.

Follow-up issue created

Opened #794 to document GET /api/geschichten?documentId= in the OpenAPI spec so it appears in the generated TypeScript types and Swagger UI.

All reviewer concerns addressed. Here's a summary of every change made: **Medium — resolved** - **`items = prev` no-op** (`0130c4fa`): Added comment to both `handleAddDocument` and `handleAddInterlude` catch blocks explaining that `prev === items` here (add is pessimistic) and the assignment is kept for symmetry with optimistic handlers. - **listbox without arrow-key nav** (`d35a1658`): Downgraded `role="listbox"` / `role="option"` to plain `<ul>`/`<li>` in `DocumentPickerDropdown`. The `<input>` retains `role="combobox"` + `aria-controls`. Also fixed duplicate `listboxId` by adding a `<script module>` counter (`let _uid = 0`). - **JPQL integration test** (`8adc39e2`): Added two tests to `GeschichteListProjectionTest` — one asserting the EXISTS subquery returns only the journey containing the target document, one asserting an unknown `documentId` returns empty. **Minor — resolved** - **`DocumentOption` duplication** (`7df64020`): Extracted shared `DocumentOption` type, `createDocumentTypeahead()` factory, and `formatDocumentOption()` helper into `frontend/src/lib/document/documentTypeahead.ts`. Replaced all four local copies in `DocumentPickerDropdown`, `DocumentMultiSelect`, `JourneyAddBar`, and `JourneyEditor`. - **Unused `journey_item_pending_add/remove` keys** (`ba394e11`): Deleted both keys from `messages/de.json`, `en.json`, and `es.json` (confirmed zero usages by grep). - **`announceTimer` duplication** (`0130c4fa`): Extracted `scheduleAnnounceReset()` helper; replaced identical 4-line clear+setTimeout blocks in `handleMoveUp` and `handleMoveDown`. - **Hardcoded "Status" in `GeschichteSidebar`** (`d689a662`): Added `geschichte_sidebar_status` key to all three message files (de/en/es) and replaced both hardcoded strings (`<summary>` and `<h2>`) with `{m.geschichte_sidebar_status()}`. **Also from third-round persona reviews — resolved** - **WCAG AA contrast on interlude label** (`33fe93a5`): Raised `--c-interlude-label` from gray-500 (#6b7280, ≈4.0:1) to gray-600 (#4b5563, ≈6.9:1). - **44px touch targets on confirm/cancel buttons** (`401371fd`): Applied `inline-flex min-h-[44px] items-center` to the inline remove confirm/cancel buttons in `JourneyItemRow`. **Follow-up issue created** - Opened #794 to document `GET /api/geschichten?documentId=` in the OpenAPI spec so it appears in the generated TypeScript types and Swagger UI.

marcel added 1 commit 2026-06-09 19:22:23 +02:00

fix(test): update JourneyEditor spec to use getByText after listbox role downgrade

CI / Unit & Component Tests (pull_request) Failing after 2m41s

Details

CI / OCR Service Tests (pull_request) Successful in 24s

Details

CI / Backend Unit Tests (pull_request) Successful in 3m56s

Details

CI / fail2ban Regex (pull_request) Successful in 46s

Details

CI / Semgrep Security Scan (pull_request) Successful in 22s

Details

CI / Compose Bucket Idempotency (pull_request) Successful in 1m8s

Details

abe5d62102

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

marcel added 1 commit 2026-06-09 19:32:46 +02:00

feat(journey): replace new-journey placeholder with JourneyCreate form

CI / Unit & Component Tests (pull_request) Failing after 2m40s

Details

CI / OCR Service Tests (pull_request) Successful in 22s

Details

CI / fail2ban Regex (pull_request) Has been cancelled

Details

CI / Semgrep Security Scan (pull_request) Has been cancelled

Details

CI / Compose Bucket Idempotency (pull_request) Has been cancelled

Details

CI / Backend Unit Tests (pull_request) Has been cancelled

Details

3e54b6e90a

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

marcel added 1 commit 2026-06-09 19:38:42 +02:00

fix(test): narrow getByText selector to dropdown-only item in aria-disabled test

CI / Unit & Component Tests (pull_request) Successful in 3m26s

Details

CI / OCR Service Tests (pull_request) Successful in 23s

Details

CI / Backend Unit Tests (pull_request) Successful in 3m49s

Details

CI / fail2ban Regex (pull_request) Successful in 47s

Details

CI / Semgrep Security Scan (pull_request) Successful in 22s

Details

CI / Compose Bucket Idempotency (pull_request) Successful in 1m6s

Details

bd5e6e6fbe

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

marcel added 1 commit 2026-06-09 22:17:50 +02:00

fix(geschichte): persist GeschichteType on create — JOURNEY was silently dropped

CI / Unit & Component Tests (pull_request) Successful in 3m25s

Details

CI / OCR Service Tests (pull_request) Successful in 23s

Details

CI / Backend Unit Tests (pull_request) Successful in 3m56s

Details

CI / fail2ban Regex (pull_request) Successful in 47s

Details

CI / Semgrep Security Scan (pull_request) Successful in 21s

Details

CI / Compose Bucket Idempotency (pull_request) Successful in 1m5s

Details

44f15dd4a2

GeschichteUpdateDTO lacked a `type` field, so the `type: 'JOURNEY'` sent by
JourneyCreate was discarded by Jackson and every new Geschichte was saved as
STORY. The edit page branched on type, so journeys always showed the STORY
editor with no document-adding capability.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

CI / Unit & Component Tests (pull_request) Successful in 3m25s

Details

CI / OCR Service Tests (pull_request) Successful in 23s

Details

CI / Backend Unit Tests (pull_request) Successful in 3m56s

Details

CI / fail2ban Regex (pull_request) Successful in 47s

Details

CI / Semgrep Security Scan (pull_request) Successful in 21s

Details

CI / Compose Bucket Idempotency (pull_request) Successful in 1m5s

Details

This pull request can be merged automatically.

You are not authorized to merge this pull request.

View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.

git fetch -u origin feat/issue-753-journey-editor:feat/issue-753-journey-editor

git checkout feat/issue-753-journey-editor

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: marcel/familienarchiv#792

feat(journey-editor): JourneyEditor frontend — issue #753 #792

Summary

Design notes

Test plan

👨‍💻 Felix Brandt — Senior Fullstack Developer

Blockers

Suggestions

🏗️ Markus Keller — Application Architect

Blockers

Observations (non-blocking)

🔐 Nora "NullX" Steiner — Application Security Engineer

What I checked

Observation

🧪 Sara Holt — QA Engineer

Blockers

Suggestions

🎨 Leonie Voss — UI/UX Lead & Accessibility Strategist

Blockers

Observations (non-blocking)

🚀 Tobias Wendt — DevOps & Platform Engineer

What I checked

📋 Elicit — Requirements Engineer

Requirements Gaps

Observations

Review concerns resolved ✅

On "browser tests won't run locally"

👨‍💻 Felix Brandt — Senior Fullstack Developer

Blockers

Suggestions

🏛️ Markus Keller — Application Architect

Blockers

Observations (no action required)

🔒 Nora "NullX" Steiner — Application Security Engineer

What I checked

One flag (informational, not a blocker)

🧪 Sara Holt — QA Engineer & Test Strategist

Blockers

Suggestions

🚀 Tobias Wendt — DevOps & Platform Engineer

What I checked

🎨 Leonie Voss — UI/UX Design Lead & Accessibility Strategist

Blockers

Suggestions (non-blocking)

What I checked that passes ✓

📋 Elicit — Requirements Engineer

Blockers

Suggestions (track as follow-up issues)

Requirements covered well ✓

Second-round review — all concerns addressed

Accessibility — stale aria-live region

ESLint — svelte-ignore suppression comments

Test coverage — JourneyItemRow error state

Test robustness — ordering assertion

C4 diagram — JourneyEditor placeholder

Glossary — Interlude/Zwischentext

maxlength discrepancy (frontend 2000 vs backend 5000)

PR description — mutation strategy wording

Review fixes — 6 additional commits pushed

Backend (4 commits, already on branch)

Frontend (6 commits, new)

👨‍💻 Felix Brandt — Senior Fullstack Developer

Blockers

Suggestions

What's solid ✅

🏛️ Markus Keller — Application Architect

Architecture observations (non-blocking)

🔐 Nora "NullX" Steiner — Application Security Engineer

Checked ✅ — no issues

Observation (not a vulnerability, robustness smell)

Attack surface: the documentId filter on GET /api/geschichten

🧪 Sara Holt — QA Engineer & Test Strategist

Blocker

Suggestions

What's solid ✅

🎨 Leonie Voss — UX Design Lead & Accessibility Strategist

Blocker

High concern (not a hard blocker, but affects senior audience)

Suggestions

What's working well ✅

🛠️ Tobias Wendt — DevOps & Platform Engineer

Accessibility — stale `aria-live` region

ESLint — `svelte-ignore` suppression comments

Test coverage — `JourneyItemRow` error state

C4 diagram — `JourneyEditor` placeholder

Attack surface: the `documentId` filter on `GET /api/geschichten`