Release: merge development into beta#71
Open
github-actions[bot] wants to merge 187 commits into
Open
Conversation
The docs/ folder already contained the full Docusaurus setup. Remove the duplicate docusaurus/ folder, switch to the company-wide reusable workflow, and update .gitignore for docs/ build artifacts.
Contributor
Author
Quality Report
Summary
PHP Quality
Vue Quality
Security
License Compliance
composer dependencies (110 total)
npm dependencies (266 total)
PHPUnit Tests
Code coverage: 0% (0 / 10 statements) Integration Tests (Newman)Newman integration tests were not enabled for this run. Generated automatically by the Quality workflow.
|
Contributor
Author
Quality Report
Summary
PHP Quality
Vue Quality
Security
License Compliance
composer dependencies (110 total)
npm dependencies (266 total)
PHPUnit Tests
Code coverage: 0% (0 / 10 statements) Integration Tests (Newman)Newman integration tests were not enabled for this run. Generated automatically by the Quality workflow.
|
Add .phpunit.cache/, coverage/, and phpmetrics/ entries to prevent generated test and quality tool artifacts from being tracked.
…Badge Replace custom table, stat cards, and CSS badge classes with shared @conduction/nextcloud-vue components following the OpenRegister pattern.
Replace custom detail layout with CnDetailPage for consistent loading, error, and stats display. Use CnStatusBadge for entity type badge.
…k and CnStatusBadge Use shared components for KPI widgets and consent status display, removing custom CSS badge classes.
Move document-creatie-sjablonen, document-signing, and register-i18n (all status: proposed) from specs/ to changes/ with proper OpenSpec change structure. Remove woo-transparency redirect (moved to OpenCatalogi). 9 reviewed specs remain in specs/.
- Move 3 proposed specs (document-creatie-sjablonen, document-signing, register-i18n) to changes/ - Add status: implemented frontmatter to woo-transparency stub - Create .openspec.yaml, proposal.md, tasks.md for each new change - Rename '## ADDED Requirements' to '## Requirements' in archive specs
All specs moved from openspec/specs/ to openspec/changes/ with proper proposal.md as the entry point. Follows the spec-driven workflow: proposal -> design -> specs -> tasks
Add ADR references to the rules section of openspec/config.yaml so that ADR constraints are injected into openspec instructions output during artifact creation.
Make ADR-011 more specific: list concrete directories to search and common duplications to prevent future utility reimplementations.
Preset 3.6.0 ships the traditional-SEO baseline (sitemap lastmod, drops priority/changefreq per Google 2026 guidance, fixes the legal- link 404s on subdomain footers, adds searchConsoleVerification opt). The lockfile bump uses --min-release-age=0 per .npmrc cooldown override (required for fresh @conduction/* releases under the 24h supply-chain cooldown).
Preset 3.6.0 shipped with a JSDoc parse bug (literal */ inside backticks closed the comment early). 3.6.1 fixed it; this lockfile bump pulls the patched version so the Documentation workflow's npm ci succeeds and the deploy finally fires with the AI baseline.
3.6.2 relaxes the sitemap-lastmod check from hard-fail to advisory. The hard-fail was blocking every fleet deploy because fleet sites pass their own `presets:` array, which means the preset's DEFAULT_SITEMAP_OPTIONS (with lastmod: 'date') never applies. Tracked as preset 4.0 follow-up (wrap user presets to inject defaults). For now the validator warns but does not block, so deploys can proceed and surface other latent issues.
…lies) (#195) 3.7.0 wraps user opts.presets so DEFAULT_SITEMAP_OPTIONS (lastmod from git mtime, drops priority + changefreq) deep-merges into the classic preset's sitemap key. After this bump the site's sitemap.xml will finally ship <lastmod> tags on every URL, which is the single sitemap-level signal Google still uses for recrawl priority. The validator's lastmod check also flipped back to hard-fail in this release, so deploys regression-test the contract automatically.
Adds missing @playwright/test, playwright, playwright-core, fsevents entries that broke npm ci on development since the @playwright/test dependency was added to package.json without lockfile regeneration. Unbreaks all Code Quality vue-quality/security/license/SBOM jobs.
… + seed data
Implements the add-dossier-schema change end-to-end as a JSON-only
addition to lib/Settings/docudesk_register.json. No new PHP code —
folder binding and CRUD ride on OpenRegister's existing @self.folder
pipeline and the generic /api/objects/{register}/{schema} routes.
JSON additions:
- components.registers.dossier (schemas: dossier + base; v1.0.0).
- components.schemas.base
required: name, description; icon: Gavel.
- components.schemas.dossier
required: name; optional description, bases, checkedOn.
bases is an array of strings (slugs of base objects in the same
register) — NOT $ref. See "Spec/design adjustment" below.
checkedOn is a facetable date-time.
- components.objects (was empty, now 11 entries):
6 canonical Woo Art. 5 base seeds (slugs persoonsgegevens,
bijzondere-persoonsgegevens, strafrechtelijk,
bedrijfs-fabricagegegevens, onevenredige-benadeling,
nationale-veiligheid) with Dutch name + description.
5 dossier seeds across personas (Demostad x2, Conduction x1,
Zonnestraal x2) with @self.folder placeholders for
RegistersLoader to materialise.
Last seed (zonnestraal-incident-2026-03) exercises the
optionality cases: bases=[] AND checkedOn=null.
JSON envelope version: 4.0.0 -> 5.0.0 so OpenRegister's
imported_config_docudesk_version gate re-imports.
Spec/design adjustment (apply-time finding):
The original design specified `bases.items.$ref:
"#/components/schemas/base"` per OpenRegister's native referential-
integrity mechanism. That broke at import-time: OpenRegister's
register-config import path runs each schema through `opis/json-
schema`, which rejects `#/components/schemas/<x>` references when
the schema is validated in isolation. Every existing register-
config in the codebase uses string arrays for cross-schema
references; $ref is a runtime-only convention.
v1 fix: store `bases` as an array of slug strings; consumer apps
(DocuDesk's anonymisation-grondslagen-summary) resolve at read
time against the seeded base register. Trade-offs are explicit:
OR does NOT validate slug resolution, OR does NOT block deletion
of a referenced base. Same operator-discipline + audit-log
contract as the entity-relation-grondslagen rework. A follow-up
change can add either an OR-specific `or-ref` schema keyword or
a separate validate-on-write step if hard FK enforcement becomes
load-bearing.
spec.md and design.md updated to document the slug-string model
and the v1 trade-offs. openspec validate add-dossier-schema is
clean.
Live-stack verification (against master-nextcloud-1):
Triggered import via SettingsService::initialize() -> import
succeeded with version 5.0.0. Verified:
- /api/registers includes "dossier" with schemas [dossier, base].
- /api/schemas includes "base" and "dossier".
- /api/objects/dossier/base returns 6 seed objects with the
canonical slugs.
- /api/objects/dossier/dossier returns 5 seed objects with
correct names, bases, checkedOn, and @self.folder bound to
real NC folder IDs (238-242, materialised by RegistersLoader
from the seed-folder-<slug> placeholders).
- zonnestraal-incident-2026-03 has bases=None and checkedOn=None
(OR normalises empty arrays to null on read; documented).
Tests:
- tests/unit/Settings/DossierRegisterConfigTest.php — 6 tests, 41
assertions, green: dossier register present with both schemas;
dossier schema has required name + optional bases/checkedOn (with
items.type=string); base schema has required name + description;
all six canonical grondslag slugs present; >=5 dossier seeds; at
least one with empty bases + null checkedOn.
Docs:
- CHANGELOG.md Unreleased > Added entry.
- docs/features/dossier-register.md — schema fields, seed table,
slug-string trade-offs, relation to downstream changes.
Out of scope:
- Sections 3-6 (live-stack install/verify/audit) already completed
manually against the running container; documented in this commit
message. PR-time re-verification is recommended.
- Sections 7-8 (translations, screenshots) deferred to PR review;
schema titles already in NL.
Refs: #110
…t items) DD #146 reviewer flagged inconsistencies between the spec, the register-config version bump, and the CHANGELOG entry after the mid-proposal pivot from `$ref`-based `bases` to slug-string `bases`. **Blocker — delta-section convention.** Added a top-of-file comment on `openspec/changes/add-dossier-schema/specs/dossier-register/spec.md` documenting that this change introduces a NEW capability (no prior `dossier-register` spec exists), so every Requirement is `## ADDED` and no `## MODIFIED` or `## REMOVED` sections are appropriate. The note also captures that the `bases` Requirement was revised mid-proposal (originally `$ref`, now slug-string) — the rewrite is not a MODIFIED delta against any earlier spec but the rationale is preserved inline so future readers see why the slug-string form was chosen over the original `$ref` design. **Significant — CHANGELOG stale `$ref` description.** Line 6's parenthetical `($ref array to base objects)` no longer matches the implementation. Rewritten to state `bases[]` is a JSON array of strings (each element a slug of a `base` object in the same register), with a back-pointer to the openspec change folder that holds the trade-off rationale. **Significant — version bump 4.0.0 → 5.0.0 without CHANGELOG entry.** Added a `### Changed` block under Unreleased recording the configuration-version bump so consumers reading `imported_config_docudesk_version` know what to expect post-upgrade. **Significant — stale `<base-uuid>` example in the "all fields set" scenario.** That scenario still showed `bases: [<base-uuid>]` despite the rewrite to slug-strings (this was the example contradicting the new Requirement). Replaced with `bases: ["persoonsgegevens"]` (a known seed slug). Also added an explicit GIVEN clause stating "the dossier register has been installed and the six canonical seed `base` objects exist" so the scenario reads cleanly cold; the contradiction between the slug-string Requirement and the UUID example is gone, and the AND clause now asserts the slug is stored verbatim (not resolved to a UUID), matching the Requirement. No code changes in this commit — spec + CHANGELOG only.
…icle + IndexNow) (#198) 3.8.0 adds: - BreadcrumbList JSON-LD on marketing pages via <DetailHero> - TechArticle JSON-LD on docs pages via DocItem/Content swizzle - IndexNow plugin (sites need to set indexnow.key to enable Bing pings) Pure lockfile bump; package.json range ^3.7.0 already satisfies.
3.9.0 adds a hard-fail validator check for TechArticle JSON-LD on docs pages, on top of the swizzle that ships the schema (3.8.0). Pure lockfile bump; package.json range ^3.7.0 already satisfies.
Replace bare-brand Layout title with descriptive form that includes the keyword payload. Docusaurus auto-appends the site title as suffix, so SERPs no longer show duplicate brand titles.
fix(docs): descriptive homepage title (#80)
Replace auto-generated meta descriptions on the highest-traffic pages with hand-written, CTR-tuned variants. Part of the SEO epic ConductionNL/.github#75.
fix(docs): hand-written meta descriptions (#81)
Picks up the post-hydration stylesheet loader so canal-footer + kade-cyclist + decorative CSS no longer block first paint. Part of ConductionNL/.github#75 SEO epic.
chore(docs): bump @conduction/docusaurus-preset to 3.10.0 (#79)
When each app shipped its own /iso/, /privacy/, /terms/ pages, Google indexed them under docudesk.conduction.nl. The SEO baseline work centralised legal pages on www.conduction.nl/{iso,privacy,terms}, leaving the per-app slugs as 404s — flagged by Google Search Console this week. Wires @docusaurus/plugin-client-redirects with four cross-domain redirects so the indexed entries pass their equity to the canonical pages instead of decaying as 404s: - /iso/ -> https://www.conduction.nl/iso/ - /privacy/ -> https://www.conduction.nl/privacy/ - /terms/ -> https://www.conduction.nl/terms/ - /nl/terms/ -> https://www.conduction.nl/terms/ The plugin emits a static HTML page per `from` with a meta-refresh plus <link rel="canonical"> to the new target, which Google treats as a 301 signal.
fix(seo): redirect legacy /iso, /privacy, /terms to www.conduction.nl
Phase 3 of the v2 manifest rollout (hydra ADR-036). Docudesk previously had no src/manifest.json and was on @conduction/nextcloud-vue@^0.1.0-beta.3. Jumps straight to v2 — no intermediate v1 adoption — per scaffold-v2 pattern (nc-template #44). Bumps nc-vue to ^1.0.0-beta.58 (Ajv standalone CSP-safe). Authors a fresh v2 manifest derived from existing router + views; 5-kind component registry for custom pages. References: procest #512, mydash #206.
Two-part fix for docudesk's v2 build (PR #211 admin-merged but build broken locally): 1. @nextcloud/axios alias: 2.6.0+ removed dist/index.cjs and ships ESM-only. Webpack 5 alias now points at dist/index.js. The lib's ESM exports work natively under webpack 5. 2. node-polyfill-webpack-plugin: pin to ^3.0.0 (was ^4.1.0). v4 broke the 'buffer' module resolution under axios's fully-specified ESM imports, throwing Cannot read properties of undefined (reading 'module') during concatenation analysis. Build result: 3 pre-existing warnings, 0 errors. Same fix pattern likely needed for opencatalogi (same polyfill issue surfaced in the boot-test sweep).
The icon hex was filled with the legacy '#4376FC' (the conduction-design-tokens 'Conduction Cobalt'). The design-system has retired this in preview/colors.html with the caption > Our legacy blue (#4376FC) read as 'cloud / SaaS', light, frisky, > lacking weight. Cobalt is the official blue of the Dutch flag, > Dutch by birthright, dark enough to feel serious, light enough > to stay blue, and AAA-contrast on white so it can carry body > text. Swap to #21468B (--c-blue-cobalt in tokens.css) so the app-store hex matches the navbar wordmark and the rest of the brand chrome. Fleet sweep 2026-05-13.
.php-cs-fixer.dist.php is broken/orphaned scaffolding: no composer script invokes php-cs-fixer, no CI workflow references it (verified 2026-05-21). The same dead file lives in 5 other apps; canonical (nextcloud-app-template) doesn't ship it. Part of the fleetwide root-config consolidation.
Phase 2 fleet rollout for docudesk. Drops per-app phpcs/phpmd/psalm/phpstan extensions in favour of the canonical from nextcloud-app-template, then cleans the mechanical phpmd violations unmasked by the sync. Pattern from shillinq#300 and decidesk#243. Config changes: - phpcs.xml: sync canonical (adds SpecTagSniff/NoLegacyServerAccessorsSniff wiring, ignore_warnings_on_exit, vendor-bin + lib/Resources/template excludes, lineLimit 150). Preserves DocuDesk description string. - phpmd.xml: byte-canonical (preserves DocuDesk ruleset name). - psalm.xml: sync canonical (adds CalendarEventService + 16 other OCP/OR referencedClass entries fleetwide-promoted in nextcloud-app-template#49, plus docudesk-specific entries: OpenRegister EntityRelationMapper + RiskLevelService, thiagoalessio TesseractOCR). - phpstan.neon: sync canonical (adds includes phpstan-baseline.neon, Doctrine\DBAL + broader OC\ + OCA\DAV\ + OCP stub-gap ignoreErrors, vendor-bin + lib/Resources/template excludePaths). - phpstan-baseline.neon: NEW, captures the 15 tracked phpstan errors that remain after canonical sync - all tracked in #227 for source-level cleanup. - phpcs-custom-sniffs/.../SpecTagSniff.php + phpcs-custom-sniffs/.../NoLegacyServerAccessorsSniff.php: NEW, copied from canonical so they can be referenced by the synced phpcs.xml. - phpstan-bootstrap.php: NEW, copied from canonical. Source changes - 49 mechanical phpmd fixes + 452 phpcbf auto-fixes: - 38 MissingImport: add `use Exception;` / `use DateTimeImmutable;` / `use DateTimeInterface;` / `use RuntimeException;` / `use Imagick;` / `use OCP\Files\File;` at the top of each affected file and replace `\Foo` references with the short name. - 5 ElseExpression: refactor `if/else` into pre-assign default + conditional override (preserves behaviour, no `else` keyword left) in OcrService, EntityConsolidationService, BatchAnonymizationController, SigningService (3 sites). - 1 UnusedLocalVariable: drop the unused 3rd-arg out-parameter on preg_match_all() in SigningVerificationService. - 1 UnusedLocalVariable: drop the assigned-but-unused $userId in FileListingService while keeping the side-effecting call (auth check). - 3 UnusedFormalParameter / UnusedPrivateMethod: annotate with `@SuppressWarnings(PHPMD.UnusedFormalParameter)` / `@SuppressWarnings(PHPMD.UnusedPrivateMethod)` where the parameter is part of a stable controller signature or the method is referenced via string callable. - 452 phpcbf auto-fixes: blank-line-between-function-defs style cleanup across the lib/ tree. After this PR: - phpcs: 0 violations (295 advisory @SPEC warnings, gated by ignore_warnings_on_exit). - psalm: 0 errors. - phpstan: 0 unmatched (15 baselined per #227). - phpmd: 9 architectural violations remain (ShortVariable, TooManyPublicMethods, Cyclomatic/NPath complexity, CountInLoopExpression, CouplingBetweenObjects, Superglobals) - tracked in #227 for follow-up PRs. phpmd does not support a native baseline file, so its CI gate stays red until #227 closes. This is the agreed-upon tracked-debt pattern for the fleet: per-app deviations are forbidden, but a tracked GitHub issue with a removal plan is acceptable. Refs: #227
Brings the composer require.php constraint in line with the runtime the container + CI already use (PHP 8.3). Drops formal support for PHP 8.1 and 8.2. Several vendor packages (e.g. azjezz/psl@4.3.0) use PHP 8.3 typed class constants, making the codebase functionally 8.3-only already. Part of the fleet-wide PHP 8.3 sweep.
…-impl feat: dossier register with Woo Art. 5 grondslagen seeds (#110)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Automated PR to sync development changes to beta for beta release.
Merging this PR will trigger the beta release workflow.