- Add BACKEND_SECURITY.md with security analysis and hardening guide
- Add FRONTEND_TESTING_STRATEGY.md with test coverage strategy
- Update API.md with new endpoints (candidates, tickets, credentials)
- Update AGENTS.md documentation index
- Add test coverage strategy for Next.js 15 App Router
- Document Server vs Client Components testing approach
- Include MSW mock strategy for API testing
- Add edge cases often forgotten (auth, forms, pagination, uploads)
- Provide templates for unit, integration, and E2E tests
- Include Zustand store testing patterns
- Move backoffice functionality into settings page as new tab
- Remove standalone backoffice page and sidebar link
- Add edit/delete buttons for credentials management
- Update credentials service to allow overwriting existing credentials
- Add API documentation for system credentials endpoints
Antes: 010_seed_super_admin.sql tinha hash bcrypt fixo amarrado a um pepper
específico. Qualquer mudança no PASSWORD_PEPPER quebrava todos os logins
silenciosamente após reset do banco.
Agora:
- migration 010: insere superadmin com placeholder inválido + force_change_password.
ON CONFLICT DO NOTHING preserva o hash se o seeder já rodou.
- seeder users.js: faz upsert de 'lol' com bcrypt(senha + env.PASSWORD_PEPPER)
em runtime. Mudar o pepper e re-rodar o seeder é suficiente para atualizar
as credenciais sem tocar em nenhuma migration.
- docs/AGENTS.md: atualiza gotcha #1 explicando o novo fluxo migrate → seed
- docs/DEVOPS.md: fix opção 1 do troubleshooting inclui re-deploy do seeder
Fluxo correto após reset do banco (coberto pelo start.sh opções 2, 6, 8):
npm run migrate → superadmin criado, hash = placeholder
npm run seed → hash recalculado com PEPPER do ambiente, status = active
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Atualiza hash hardcoded em 010_seed_super_admin.sql para hash válido
gerado com pepper=gohorse-pepper (o antigo hash estava inválido e causava
AUTH_INVALID_CREDENTIALS em qualquer reset do banco)
- Corrige valor de PASSWORD_PEPPER e CORS_ORIGINS no DEVOPS.md para
refletir os valores reais do Coolify DEV
- Adiciona seção de troubleshooting no DEVOPS.md com diagnóstico e fix
passo-a-passo para mismatch de pepper
- Adiciona seção "Known Gotchas" no AGENTS.md documentando:
* Regra do PASSWORD_PEPPER (deve ser gohorse-pepper em todos ambientes)
* Campo de login é email no DTO, não identifier
* Hashes bcrypt em SQL devem usar arquivo -f, nunca -c ($ é expandido)
* Credenciais de teste do ambiente DEV
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add full infrastructure Mermaid diagrams (Redbull + Apolo + CI/CD flow)
- Create TEST_USERS.md with all seeder credentials organized by role
- Fix Coolify URL from IP to https://redbull.rede5.com.br
- Update Coolify resources with current domains and status
- Add TEST_USERS.md reference to AGENTS.md, README.md, and doc index
- Update deployment section with both DEV environments
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Frontend: Remove duplicate useState import in applications page
- Backoffice: Install devDependencies during build for nest CLI
- Seeder: Fix healthcheck port to match app port (8080)
- Add Coolify CI/CD workflow for automatic deployment on push to dev
- Update DEVOPS.md with Coolify environment documentation
- Video Interview system (backend + frontend)
- Date Posted filter (24h, 7d, 30d)
- Company filter in jobs listing
- Recent searches persistence (LocalStorage)
- Job Alerts with email confirmation
- Favorite jobs with API
- Company followers system
- Careerjet URL compatibility (s/l aliases)
Frontend:
- Implementar máscara de entrada de telefone para números BR ((XX) XXXXX-XXXX).
- Atualizar formulário de cadastro para enviar dados completos do perfil do candidato (endereço, formação, habilidades, etc.).
- Corrigir problemas de idioma misto na página de Detalhes da Vaga e adicionar traduções faltantes.
Backend:
- Atualizar modelo de Usuário, Entidade e DTOs para incluir campos de perfil (Data de Nascimento, Endereço, Formação, etc.).
- Atualizar UserRepository para persistir e recuperar os dados estendidos do usuário no PostgreSQL.
- Atualizar RegisterCandidateUseCase para mapear campos de entrada para a entidade Usuário.
- Replace sessionStorage with localStorage for user data persistence
- Add refreshSession() function to restore session from HTTPOnly cookie via /users/me
- Update tests to use localStorage mocks
- Add 3 new tests for refreshSession() functionality
- Update superadmin credentials in README.md and DEVOPS.md
- Add new test files for handlers (storage, payment, settings)
- Add new test files for services (chat, email, storage, settings, admin)
- Add integration tests for services
- Update handler implementations with bug fixes
- Add coverage reports and test documentation
- Create docs/API.md with complete API reference
- 40+ routes documented
- Permission matrix by role
- Module breakdown (Auth, Users, Jobs, Applications, etc.)
- Error response examples
- ID format documentation
- Fix seeders to use SERIAL (not UUID) for jobs.id
- jobs.js: let DB auto-generate id
- acme.js, fictional-companies.js, epic-companies.js: same fix
- Update README.md with API documentation link
Migrations:
- Fix 010_seed_super_admin.sql: only use columns from migration 001
- Add 021_create_uuid_v7_function.sql: PostgreSQL uuid_generate_v7() function
- Add 022_migrate_to_uuid_v7.sql: update notifications, tickets, job_payments to use v7
Seeder:
- Create seeder-api/src/utils/uuid.js with uuidv7() function
- Update notifications.js to use uuidv7() instead of randomUUID()
Docs:
- Update DATABASE.md with UUID v7 section and benefits
UUID v7 benefits:
- Time-ordered (sortable by creation time)
- Better index performance than v4
- RFC 9562 compliant
