From 40e7f94c52e1b401e1d8ace563e2a6838ef606b1 Mon Sep 17 00:00:00 2001 From: Jean-Luc Makiola Date: Sun, 12 Apr 2026 17:51:49 +0200 Subject: [PATCH] docs(phase-28): complete phase execution --- .planning/ROADMAP.md | 4 +- .planning/STATE.md | 24 +++--- .../28-VERIFICATION.md | 83 +++++++++++++++++++ 3 files changed, 97 insertions(+), 14 deletions(-) create mode 100644 .planning/phases/28-profile-and-logto-integration/28-VERIFICATION.md diff --git a/.planning/ROADMAP.md b/.planning/ROADMAP.md index 215a895..cfb34f1 100644 --- a/.planning/ROADMAP.md +++ b/.planning/ROADMAP.md @@ -80,7 +80,7 @@ **Milestone Goal:** Fix broken user-facing features and polish the experience for real users — working profiles, better image handling, refreshed onboarding, and mobile refinements. -- [ ] **Phase 28: Profile & Logto Integration** — Fix profile page, integrate Logto for profile management, customize login branding, configure email verification +- [x] **Phase 28: Profile & Logto Integration** — Fix profile page, integrate Logto for profile management, customize login branding, configure email verification (completed 2026-04-12) - [ ] **Phase 29: Image Presentation** — Fit-within framing with letterbox/pillarbox instead of hard crops, optional crop positioning - [ ] **Phase 30: Onboarding Redesign** — Catalog-driven onboarding replacing manual entry, visual refresh to match current UI (promotes 999.2) - [ ] **Phase 31: Mobile Polish** — Icon-based action buttons on item views, small UX improvements @@ -256,7 +256,7 @@ Plans: | 25. Catalog Enrichment & Agent Tools | v2.1 | 2/2 | Complete | 2026-04-10 | | 26. Discovery Landing Page | v2.1 | 3/3 | Complete | 2026-04-10 | | 27. Top Nav Restructure & Search Bar Rethink | v2.1 | 4/4 | Complete | 2026-04-12 | -| 28. Profile & Logto Integration | v2.2 | TBD | Pending | — | +| 28. Profile & Logto Integration | v2.2 | 3/3 | Complete | 2026-04-12 | | 29. Image Presentation | v2.2 | TBD | Pending | — | | 30. Onboarding Redesign | v2.2 | TBD | Pending | — | | 31. Mobile Polish | v2.2 | TBD | Pending | — | diff --git a/.planning/STATE.md b/.planning/STATE.md index 8410fc3..5f6b382 100644 --- a/.planning/STATE.md +++ b/.planning/STATE.md @@ -2,16 +2,16 @@ gsd_state_version: 1.0 milestone: v2.2 milestone_name: User Experience Polish -status: Milestone v2.1 shipped — v2.2 roadmap formalized, ready to discuss Phase 28 +status: executing stopped_at: Phase 28 context gathered -last_updated: "2026-04-12T15:33:02.725Z" -last_activity: 2026-04-12 - Roadmap updated with v2.2 and v2.3 milestones +last_updated: "2026-04-12T15:51:46.073Z" +last_activity: 2026-04-12 progress: total_phases: 33 - completed_phases: 20 - total_plans: 55 - completed_plans: 53 - percent: 96 + completed_phases: 21 + total_plans: 58 + completed_plans: 56 + percent: 97 --- # Project State @@ -21,14 +21,14 @@ progress: See: .planning/PROJECT.md (updated 2026-04-09) **Core value:** Help people make better gear decisions — discover what others use, compare real-world data, and see how a potential buy affects your setup before committing. -**Current focus:** v2.2 User Experience Polish — Phase 28 (Profile & Logto Integration) +**Current focus:** Phase 28 — Profile & Logto Integration ## Current Position -Phase: 28 +Phase: 999.1 Plan: Not started -Status: Milestone v2.1 shipped — v2.2 roadmap formalized, ready to discuss Phase 28 -Last activity: 2026-04-12 - Roadmap updated with v2.2 and v2.3 milestones +Status: Executing Phase 28 +Last activity: 2026-04-12 Progress: [░░░░░░░░░░] 0% @@ -36,7 +36,7 @@ Progress: [░░░░░░░░░░] 0% **Velocity:** -- Total plans completed: 55 (all milestones through v2.0) +- Total plans completed: 58 (all milestones through v2.0) - v1.3: 6 plans across 4 phases (2026-03-16 to 2026-04-08) - v2.0: 32 plans across 10 phases (2026-03-17 to 2026-04-08) diff --git a/.planning/phases/28-profile-and-logto-integration/28-VERIFICATION.md b/.planning/phases/28-profile-and-logto-integration/28-VERIFICATION.md new file mode 100644 index 0000000..568a790 --- /dev/null +++ b/.planning/phases/28-profile-and-logto-integration/28-VERIFICATION.md @@ -0,0 +1,83 @@ +--- +phase: 28 +status: human_needed +verified: 2026-04-12 +score: 8/11 +--- + +# Phase 28: Profile & Logto Integration - Verification + +## Phase Goal +Users have a working profile page with account management powered by Logto, branded login screens, and email verification. + +## Must-Haves Verification + +### Plan 01: Logto Management API Client & Account Routes + +| # | Must-Have | Status | Evidence | +|---|-----------|--------|----------| +| 1 | Logto Management API client acquires and caches M2M access tokens | ✓ PASS | `src/server/services/logto.service.ts` contains `getAccessToken()` with TTL caching; 12 unit tests pass | +| 2 | Password change endpoint verifies current password before setting new one | ✓ PASS | `src/server/routes/account.ts` calls `verifyPassword()` before `updatePassword()` | +| 3 | Email change endpoint updates primary email on Logto user record | ✓ PASS | `POST /api/account/email` calls `logtoClient.updateEmail()` | +| 4 | Account deletion endpoint removes user from both GearBox DB and Logto | ✓ PASS | Transaction deletes DB data, then calls `logtoClient.deleteUser()` | +| 5 | All account management endpoints require authentication | ✓ PASS | `app.use("*", requireAuth)` in account.ts | + +### Plan 02: Profile Page & Settings Separation + +| # | Must-Have | Status | Evidence | +|---|-----------|--------|----------| +| 6 | /profile route renders profile info, account info, security, and danger zone sections | ✓ PASS | `src/client/routes/profile.tsx` has all four sections | +| 7 | /settings no longer contains ProfileSection | ✓ PASS | `grep -c "ProfileSection" src/client/routes/settings.tsx` returns 0 | +| 8 | Profile page shows email from auth session and member-since date | ✓ PASS | AccountInfoSection renders email and formatted createdAt | + +### Plan 03: Navigation, /me Extension, Logto Configuration + +| # | Must-Have | Status | Evidence | +|---|-----------|--------|----------| +| 9 | Navigation includes link to /profile page | ✓ PASS | UserMenu.tsx contains `` | +| 10 | /me endpoint returns createdAt field | ✓ PASS | auth.ts queries full user record, returns `createdAt: fullUser?.createdAt?.toISOString()` | +| 11 | Logto sign-in page shows GearBox branding | PENDING | Requires manual Logto Console configuration | + +## Automated Checks + +``` +bun test tests/services/logto.service.test.ts → 12/12 pass +bun run lint → 0 errors +grep "accountRoutes" src/server/index.ts → found +grep "requireAuth" src/server/routes/account.ts → found +grep "ProfileSection" src/client/routes/settings.tsx → not found (correct) +``` + +## Human Verification Required + +The following items require manual verification after Logto Console configuration: + +1. **D-07**: Visit /login — verify GearBox branding (logo, colors) appears on Logto sign-in page +2. **D-08**: Verify auth.gearbox.de resolves to Logto (if custom domain configured) +3. **D-09**: Verify Google and GitHub social sign-in buttons appear on login page +4. **D-10**: Create new account — verify email verification is required +5. **D-11**: Try weak password at signup — verify policy enforcement (8+ chars, mixed case, number) +6. **Profile page**: Navigate to /profile — verify all four sections render with correct data +7. **Password change**: Change password using the Security section — verify success/error flows +8. **Email change**: Change email using the Account section — verify update reflects +9. **Settings page**: Visit /settings — verify ProfileSection is gone, only app preferences remain + +## Decision Coverage + +| Decision | Implemented | Notes | +|----------|------------|-------| +| D-01 | ✓ | Profile at /profile, settings keeps only app preferences | +| D-02 | ✓ | Profile shows displayName, bio, avatar, email, member-since | +| D-03 | ✓ | No gear stats on profile page | +| D-04 | ✓ | All account management proxied through GearBox backend | +| D-05 | ✓ | Three actions: change password, change email, delete account | +| D-06 | ✓ | Deletion anonymizes public setups to "Deleted User" sentinel | +| D-07 | PENDING | Requires Logto Console CSS/branding configuration | +| D-08 | PENDING | Requires DNS/reverse proxy configuration | +| D-09 | PENDING | Requires Logto Console social connector setup | +| D-10 | PENDING | Requires Logto Console sign-up configuration | +| D-11 | PENDING | Requires Logto Console password policy configuration | + +## Summary + +Code implementation is complete (8/11 must-haves verified). Remaining 3 items are Logto Console configuration tasks that require manual human action. No code gaps found.