pplate/cannamanage
1
0
Fork 0
Code Issues 9 Pull Requests Actions Packages Projects Releases Wiki Activity
47 Commits 2 Branches 0 Tags
106229e0e3a220303c04bb1c8db1851439f60a9d
Commit Graph

47 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Patrick Plate 106229e0e3 fix(frontend): add build-time ARG placeholders for NEXTAUTH_URL/SECRET/BACKEND_URL
Deploy to Production / test (push) Has been cancelled
Details
Deploy to Production / deploy (push) Has been cancelled
Details
2026-06-13 09:27:01 +02:00
Patrick Plate d0c53a912c fix(service): DsgvoService getMembershipNumber + remove non-existent setPhone
Deploy to Production / test (push) Has been cancelled
Details
Deploy to Production / deploy (push) Has been cancelled
Details
2026-06-13 09:23:33 +02:00
Patrick Plate 61707ffe68 fix(service): add spring-boot-starter-websocket dep for SimpMessagingTemplate
Deploy to Production / test (push) Has been cancelled
Details
Deploy to Production / deploy (push) Has been cancelled
Details
2026-06-13 09:21:54 +02:00
Patrick Plate 1e693e3d2a feat(sprint-6): Phase 7 — Launch checklist, pricing page, legal templates
Deploy to Production / test (push) Has been cancelled
Details
Deploy to Production / deploy (push) Has been cancelled
Details 
- docs/sprint-6/launch-checklist.md: comprehensive pre/post-launch checklist
- /pricing: public pricing page (Starter €19, Pro €49, Enterprise)
- /impressum, /datenschutz, /agb: legal page templates (placeholder text)
- (marketing) route group: public layout without auth
- Footer links to legal pages on login + portal
- i18n for marketing namespace (de + en)
- Fix pre-existing lint errors (unused vars, missing @stomp/stompjs types)
 2026-06-12 23:16:47 +02:00
Patrick Plate 599514c0db feat(sprint-6): Phase 6 — Notifications (WebSocket) + PWA
Deploy to Production / test (push) Has been cancelled
Details
Deploy to Production / deploy (push) Has been cancelled
Details 
- WebSocket: Spring STOMP + SockJS, NotificationService, persistent notifications table
- NotificationController: GET/PUT endpoints for notification management
- Frontend: notification bell with unread badge, dropdown panel, real-time via STOMP
- PWA: manifest.json, service worker (manual sw.js), offline page, install prompt
- PWA icons (192+512), dark theme colors, standalone display
- Full i18n (de/en) for notifications and PWA
- Flyway V10 migration for notifications table
- spring-boot-starter-websocket dependency added
 2026-06-12 23:02:44 +02:00
Patrick Plate 076fd6f9b3 feat(sprint-6): Phase 5 — Full grow calendar (sensors, photos, feeding, harvest traceability)
Deploy to Production / test (push) Has been cancelled
Details
Deploy to Production / deploy (push) Has been cancelled
Details 
- V9 migration: grow_entries, grow_stage_logs, sensor_readings, grow_photos, feeding_logs
- 5 entities + GrowStage enum (7 stages) + SensorReadingType enum
- GrowCalendarService: CRUD + stage advancement + harvest-to-batch linking
- GrowCalendarController: 8 endpoints (/api/v1/grow/*)
- Frontend: /grow list + /grow/[id] detail (timeline, sensor charts, photo gallery, feeding log)
- Sensor chart (Recharts line: temp + humidity over time)
- Harvest completion links grow entry → batch (full traceability)
- React Query hooks for all grow operations
- Full i18n (de/en) with 7 grow stage labels
- Sidebar navigation updated with Anbau/Grow entry
 2026-06-12 22:51:45 +02:00
Patrick Plate 05933a08ca feat(sprint-6): Phase 4 — Immutable audit log
Deploy to Production / test (push) Has been cancelled
Details
Deploy to Production / deploy (push) Has been cancelled
Details 
- V8 migration: audit_events table (JSONB metadata, immutable by design)
- AuditEvent entity + AuditEventType enum (18 event types)
- AuditService: log events, paginated query, PDF export
- AuditController: GET /api/v1/audit (paginated, filtered), GET export
- AuditEventRepository with JPQL filtered queries
- Frontend: /audit-log page (read-only, filterable, timezone-aware)
- PDF export button for Behörde inspections
- Sidebar: 'Protokoll' under new Compliance section
- PdfReportGenerator: generateAuditReport method added
- 10-year retention, REVOKE DELETE documented
- Full i18n (de/en) with 18 event type translations
 2026-06-12 22:40:40 +02:00
Patrick Plate 61e481b37b feat(sprint-6): Phase 3 — Stripe integration (SEPA + PayPal + Card)
Deploy to Production / test (push) Has been cancelled
Details
Deploy to Production / deploy (push) Has been cancelled
Details 
- V7 migration: subscriptions table with plan tiers
- Subscription entity + PlanTier/SubscriptionStatus enums
- StripeService: customer creation, checkout, portal, webhook handling
- SubscriptionController: /api/v1/billing endpoints
- Webhook handler: invoice.paid, payment_failed, subscription.deleted/updated
- Plan enforcement: member limit interceptor, trial expiry check
- Frontend: /settings/billing page (plan card, usage, upgrade, portal link)
- Trial expired banner on all admin pages
- React Query hooks (useSubscriptionQuery, checkout/portal mutations)
- Stripe Java SDK 28.2.0
- Full i18n (de/en) for billing namespace
 2026-06-12 22:31:03 +02:00
Patrick Plate 3232d2f7fd feat(sprint-6): Phase 2 — DSGVO consent management
Deploy to Production / test (push) Has been cancelled
Details
Deploy to Production / deploy (push) Has been cancelled
Details 
- V6 migration: consents table with audit columns
- Consent entity, repository, service (grant/revoke/check)
- ConsentController: GET/POST/DELETE consent endpoints
- DSGVO export (Art. 15): full personal data JSON download
- DSGVO deletion (Art. 17): anonymization + account deactivation
- Frontend: consent banner (modal, cannot dismiss), privacy settings page
- React Query hooks for consent + DSGVO operations
- Full i18n (de/en) for consent and DSGVO namespaces
 2026-06-12 22:22:48 +02:00
Patrick Plate b38902a7ee feat(sprint-6): Phase 1 — Production deployment infrastructure (IONOS)
Deploy to Production / test (push) Has been cancelled
Details
Deploy to Production / deploy (push) Has been cancelled
Details 
- docker-compose.prod.yml: production Docker Compose with health checks, logging, restart policies, resource limits
- deploy/nginx/cannamanage.conf: Nginx reverse proxy with TLS, CSP, security headers, rate limiting
- deploy/.env.production.example: environment template for secrets
- deploy/backup.sh: GPG-encrypted daily/weekly PostgreSQL backup with retention
- deploy/deploy.sh: manual deploy script with health check verification
- .gitea/workflows/deploy.yml: Gitea Actions CI/CD pipeline (test + deploy)
- application-production.properties: Spring Boot production profile (no stacktraces, Swagger disabled, Stripe)
- .gitignore: added .env to prevent accidental secret commits
 2026-06-12 22:11:43 +02:00
Patrick Plate 4fa068092f fix: apply 8 persona review corrections to Sprint 6 plan (v3) 2026-06-12 22:06:08 +02:00
Patrick Plate 8391dbb2cd docs: Sprint 6 plan v2 — Q&A decisions (IONOS, Stripe tiers, full grow calendar) 2026-06-12 21:55:40 +02:00
Patrick Plate 9373c7ad69 fix: address Snyk findings (remove mock password, override vulnerable deps) 2026-06-12 21:05:27 +02:00
Patrick Plate 5c02cb0cde docs: Sprint 5 security review (Snyk + SonarQube) 2026-06-12 21:00:03 +02:00
Patrick Plate 4d64576f22 test: Vitest setup + unit tests for API client, hooks, services + staff E2E 
- Vitest + React Testing Library + MSW setup
- API client: 11 unit tests (fetch, errors, auth header, download, network failure)
- Service hooks: 26 tests across members, distributions, stock, dashboard, staff
- Custom hooks: 5 debounce tests (timer behavior, reset, custom delay)
- Components: 5 tests (offline banner, error boundary with retry)
- E2E: staff management page interactions
- npm scripts: test, test:run, test:coverage
 2026-06-12 20:50:45 +02:00
Patrick Plate d1487539b6 feat(sprint-5): Phase 7 — System test harness 
- docker-compose.test.yml: full stack test profile with seed + playwright
- scripts/seed/init.sql: test data (admin, members, batches, distributions)
- scripts/seed/seed.sh: backend readiness validation script
- e2e/system-test.spec.ts: full user journey against real/mock stack
- package.json: test:e2e, test:system, test:all scripts
- scripts/README.md: system test documentation and usage instructions
 2026-06-12 20:39:09 +02:00
Patrick Plate 2cc8c89944 feat(sprint-5): Phase 6 — Staff management UI (list, invite, permissions, revoke) 
- /settings/staff: staff account table with role badges + permission chips
- Invite sheet: email + role template + 8 granular permission checkboxes
- Edit permissions dialog with optimistic update
- Revoke access with AlertDialog confirmation
- React Query hooks wired (useStaffListQuery, mutations)
- Full i18n (de/en), mock fallback, loading skeletons
- Sidebar nav updated: Personal → /settings/staff with UserCog icon
- Added @radix-ui/react-checkbox + Checkbox UI component
 2026-06-12 20:32:54 +02:00
Patrick Plate ed1efccc90 feat(sprint-5): Phase 5 — Wire reports + portal to React Query 
- Reports: preview queries + apiDownload for PDF/CSV
- Portal dashboard: usePortalDashboardQuery with quota fallback
- Portal history: usePortalHistoryQuery with month filter
- Portal profile: usePortalProfileQuery + useChangePasswordMutation
- All pages show loading skeletons, graceful mock fallback
 2026-06-12 20:24:11 +02:00
Patrick Plate be63a84fe8 feat(sprint-5): Phase 4 — Wire distributions + stock to React Query 
- Distribution list: useDistributionsQuery with date filter + member search
- New distribution: multi-step with live quota + batch queries + create mutation
- Stock page: useBatchesQuery + useRecallBatchMutation (optimistic)
- Add batch: useStrainsQuery + useCreateBatchMutation
- All pages show loading skeletons, graceful mock fallback
 2026-06-12 20:15:26 +02:00
Patrick Plate b170bb9d87 feat(sprint-5): Phase 3 — Wire dashboard + members to React Query 
- Dashboard: useClubStatsQuery + useRecentDistributionsQuery with fallback
- Members list: useMembersQuery with debounced search + pagination
- Member detail: useMemberQuery + useUpdateMemberMutation
- Add member: useCreateMemberMutation with invalidation
- All pages show loading skeletons during fetch
- Graceful fallback to mock data when backend unavailable
- New useDebounce hook for search input (300ms delay)
 2026-06-12 20:07:16 +02:00
Patrick Plate f42c166329 feat(sprint-5): Phase 2 — React Query API client layer 
- @tanstack/react-query with QueryClientProvider in providers/index.tsx
- Typed api-client.ts fetch wrapper with ApiError class + apiDownload
- Service modules: members, distributions, stock, reports, dashboard, portal, staff
- Offline banner component (onlineManager subscription)
- API error boundary with retry button
- Loading skeleton components (card, table, chart, form, dashboard)
- i18n for error/loading states (de/en)
 2026-06-12 19:59:41 +02:00
Patrick Plate 279f2f6de0 feat(sprint-5): Phase 1 — Docker Compose full stack, CORS, Next.js upgrade 
- Dockerfile.backend: multi-stage Java 21 build (eclipse-temurin)
- docker-compose.yml: PostgreSQL 16 + backend + frontend with health checks
- SecurityConfig: CORS for localhost:3000 frontend origin
- application-docker.properties: Docker profile with env vars
- Spring Boot Actuator health endpoint enabled
- Next.js upgraded 15.2.8 → 15.5.18 (security fixes)
 2026-06-12 19:51:24 +02:00
Patrick Plate dce27a4291 fix: center content alignment on portal and stock pages 2026-06-12 19:01:47 +02:00
Patrick Plate 7f99e11d9f test: authenticated admin E2E tour with smart mock backend (all pages screenshot) 
- Rewrote e2e/mock-backend.mjs to return valid auth responses (login + refresh)
- Created e2e/authenticated-tour.spec.ts that logs in and screenshots all 7 admin pages
- Fixed (dashboard-layout)/layout.tsx: added missing NextIntlClientProvider
- All pages render error-free in dark mode with mock data
- Screenshots: dashboard, members, distributions, distribution/new, stock, stock/new, reports
 2026-06-12 18:38:22 +02:00
Patrick Plate 09d5ca6db0 fix: regenerate screenshots from stable server (replace error-state captures) 2026-06-12 18:27:25 +02:00
Patrick Plate 02e4bbad18 test: comprehensive E2E functional test suite (Sprint 4) 
66 tests across 13 test groups covering:
- Login form interactions & validation
- Portal login flow
- Navigation & layout verification
- Theme/dark mode detection
- Auth redirect behavior (8 protected routes)
- Portal dashboard (quota rings, navbar, footer)
- Portal history page
- Portal profile page
- Cross-page portal navigation
- Responsive design (mobile/tablet/desktop)
- Accessibility basics (labels, headings, autocomplete)
- Error states & edge cases
- Portal page content verification
 2026-06-12 18:11:47 +02:00
Patrick Plate f8f562915e docs: Sprint 4 visual tour with 19 Playwright screenshots 2026-06-12 17:35:39 +02:00
Patrick Plate 154f79fe60 docs: Sprint 4 walkthrough guide 2026-06-12 17:28:56 +02:00
Patrick Plate fe6e96dd3f feat: Sprint 4 complete — frontend MVP (admin dashboard + member portal) 
Shadboard starter-kit (Next.js 15 + React 19 + shadcn/ui + Tailwind 4)

Sprint 4.a — Admin Dashboard:
- Auth: NextAuth.js v5, login page, middleware, token rotation
- Dashboard: KPI cards, Recharts stock chart, quick actions
- Members: TanStack Table (search/sort/paginate), add/edit forms
- Distributions: multi-step form, real-time quota check, history
- Stock: batch management, recall dialog, bar chart
- Reports: monthly/member-list/recall, PDF/CSV download, preview

Sprint 4.b — Member Portal:
- Separate route group with top-nav layout (mobile-first)
- Quota dashboard with radial SVG progress indicators
- Distribution history with month filter
- Profile/settings with password change

Cross-cutting:
- i18n: German (default) + English via next-intl
- Dark + light mode (next-themes, user-togglable)
- Playwright E2E tests (6/6 green)
- Docker multi-stage build (node:22-alpine)
- API proxy via Next.js rewrites

Tech: Next.js 15.2.8, React 19, Tailwind 4, NextAuth v5,
TanStack Table, Recharts, Zod, React Hook Form, Playwright
 2026-06-12 17:18:38 +02:00
Patrick Plate a1d4ba44e3 fix(security): re-add dependency version overrides for SCA compliance 2026-06-12 11:17:40 +02:00
Patrick Plate 864bbbdde1 feat(sprint-3): Phase 7 — integration tests (Testcontainers PostgreSQL) 
- Add AbstractIntegrationTest base class with Testcontainers PostgreSQL,
  RestClient helpers, and test data factories
- AuthIntegrationTest: login, refresh, token rotation, error cases
- TenantIsolationTest: multi-tenant data isolation verification
- StaffPermissionIntegrationTest: invite → activate → permission enforcement
- PortalIntegrationTest: session-based portal auth flow
- ReportIntegrationTest: JSON/PDF/CSV report generation E2E
- TokenRevocationIntegrationTest: permission change → JWT revocation
- application-integration.properties: Flyway-enabled test profile
- Remove obsolete Boot 3 @WebMvcTest/@MockBean tests (Boot 4 incompatible)
  replaced by comprehensive integration tests with real PostgreSQL
 2026-06-12 11:05:40 +02:00
Patrick Plate 4f00872486 feat(sprint-3): Phase 6 — prevention officer capability 
- PreventionOfficerService: limit enforcement, under-21 monitoring, monthly distribution tracking
- PUT /api/v1/staff/{id}/prevention-officer: assign/revoke with club limit check (409 on exceed)
- GET /api/v1/members/under-21: list under-21 members with quota data (prevention officer access)
- GET /api/v1/members/{id}/prevention-data: member prevention details (quota, distributions)
- PreventionOfficerLimitExceededException mapped to 409 in GlobalExceptionHandler
- StaffResponse extended with preventionOfficer field
- PreventionOfficerServiceTest: 10 unit tests covering assignment, revocation, limits, age calc
- MemberRepository.findByTenantIdAndUnder21True added
 2026-06-12 10:20:20 +02:00
Patrick Plate 87568e5bfc feat(sprint-3): Phase 5 — member portal (session-based auth) 2026-06-12 10:11:58 +02:00
Patrick Plate 64927a3244 feat(sprint-3): Phase 4 — report controller + PDF/CSV generation 
- Add report data models (MonthlyReport, MemberListReport, RecallReport)
- Implement ReportService with monthly aggregation, member list, recall batch tracing
- Add PdfReportGenerator using OpenPDF with minimal club branding
- Add PdfFooterHandler for timestamp + page numbers on every page
- Add CsvReportGenerator with UTF-8 BOM for Excel compatibility
- Create ReportController with 3 endpoints (monthly, members, recall)
  supporting JSON/PDF/CSV format negotiation via ?format= param
- Add DTO records (MonthlyReportResponse, MemberListResponse, RecallReportResponse)
- Extend DistributionRepository + MemberRepository with report queries
- Update Commons CSV from 1.11.0 to 1.12.0
- 10 unit tests (ReportServiceTest: 6, PdfReportGeneratorTest: 4) all passing

Endpoints:
  GET /api/v1/reports/monthly?month=YYYY-MM&format=json|pdf|csv
  GET /api/v1/reports/members?format=json|pdf|csv&status=ACTIVE
  GET /api/v1/reports/recall/{batchId}?format=json|pdf
 2026-06-12 09:38:57 +02:00
Patrick Plate a267a90542 docs: add strategic differentiation plan 2026-06-12 09:25:50 +02:00
Patrick Plate 59b7486cec Merge sprint/3-staff-portal into main 2026-06-12 08:27:36 +02:00
Patrick Plate 752101c6c9 docs: add competitor & CSC market analysis PDF 
- German market: Hanf-App, Cannanas, 420cloud feature comparison
- US market: Flowhub, BioTrack, Metrc, Dutchie design inspiration
- Switzerland: Cannavigia track & trace
- Spain: Historical CSC market (no software yet)
- Design recommendations derived from competitor analysis
- Differentiation strategy for CannaManage
 2026-06-11 19:10:35 +02:00
Patrick Plate 302b7da8ca docs: add frontend UI shopping list PDF + OpenPDF/CSV deps in service POM 
- Added OpenPDF 2.0.4 and Commons CSV 1.11.0 dependencies (Phase 4 prep)
- Generated frontend framework evaluation PDF with ranked templates and live demo links
 2026-06-11 18:25:10 +02:00
Patrick Plate 6c66783b58 feat(sprint-3): Phase 3 — staff management + invite flow 
- Step 3.1: Spring Boot Starter Mail dependency (api + service)
- Step 3.2: InviteToken JPA entity with 72h expiry
- Step 3.3: InviteTokenRepository with valid-token finder
- Step 3.4: EmailService (plain text invite email via JavaMailSender)
- Step 3.5: StaffService (CRUD + invite + email pattern validation + token revocation)
- Step 3.6: Staff DTOs (CreateStaffRequest, UpdateStaffRequest, StaffResponse)
- Step 3.7: SetPasswordRequest with password complexity (@Pattern: 1 digit + 1 special)
- Step 3.8: StaffController (6 endpoints, ADMIN-only via @PreAuthorize)
- Step 3.9: POST /api/v1/auth/set-password (public, generic error messages)
- Step 3.10: StaffTemplates (ausgabe, lager, vorstand predefined permission sets)
- Step 3.11: AuthService rejects inactive users with 'Account not activated'
- Step 3.12: Token revocation on permission change via revokeAllForUser()
- Step 3.13: invite-email.txt template (German, 72h expiry note)
- Step 3.14: Spring Mail config (Mailpit dev defaults, env var overrides)
- Step 3.15: Unit tests (StaffServiceTest, StaffControllerTest, EmailServiceTest)
- V5 Flyway migration for invite_tokens table

Security review findings incorporated:
- Password complexity: min 8 chars, 1 digit + 1 special char
- Generic 'invalid or expired token' error (no state leakage)
- SecureRandom 32-byte Base64 token generation
- Token values never logged
 2026-06-11 18:03:12 +02:00
Patrick Plate 36deb72cf0 feat(sprint-3): Phase 2 — club settings controller 2026-06-11 16:56:44 +02:00
Patrick Plate 55d8434f35 feat(sprint-3): Phase 1 — staff permissions + token revocation 
- StaffPermission enum (8 granular permissions)
- StaffAccount JPA entity with permissions collection
- RevokedToken entity for JWT blacklisting
- Flyway V3 migration (staff_accounts, staff_account_permissions, revoked_tokens)
- StaffAccountRepository + RevokedTokenRepository
- TokenRevocationService with Caffeine cache (60s TTL, 10k max)
- StaffPermissionChecker SpEL bean (@staffPermissions.has)
- PreventionOfficerChecker SpEL bean (@preventionOfficer.check)
- JwtService: added jti claim + generateStaffAccessToken + extractJti/extractPermissions
- JwtAuthFilter: token blacklist check via TokenRevocationService
- SecurityConfig: STAFF role added to endpoint matchers
- Controllers updated with @PreAuthorize for fine-grained access
- TokenCleanupScheduler (daily 03:00 cleanup of expired revoked tokens)
- Caffeine dependency added to cannamanage-service
- Unit tests: StaffPermissionCheckerTest (7), TokenRevocationServiceTest (9)
 2026-06-11 16:45:21 +02:00
Patrick Plate 08b8e43ae8 docs: add comprehensive README with project overview, API docs, and sprint history 2026-06-11 13:35:28 +02:00
Patrick Plate a1ddec37da test(sprint-2): add integration tests for Auth + Compliance controllers 
- AuthControllerIntegrationTest: 7 tests (login, refresh, error cases)
- ComplianceControllerIntegrationTest: 5 tests (quota, auth, 404)
- Fix Boot 4.0 @EntityScan relocation (boot.persistence.autoconfigure)
- Fix BCrypt 72-byte limit for refresh tokens (use SHA-256 instead)
- Configure H2 test DB with NON_KEYWORDS for reserved words (month/year)
 2026-06-11 13:30:07 +02:00
Patrick Plate 2ede872d11 feat: Sprint 2 REST API layer — full implementation 
- Fix critical Hibernate @Filter activation bug (TenantFilterAspect)
- Rename UserRole.ROLE_MANAGER → ROLE_STAFF (future-proofing)
- SecurityConfig: ADMIN + MEMBER roles only for Sprint 2
- AuthController: POST /auth/login + POST /auth/refresh with JWT
- AuthService: login, refresh token rotation, hashed refresh storage
- MemberController: CRUD (GET/POST/PUT /members)
- DistributionController: list + record distributions (CanG §26)
- StockController: batch management (GET/POST /stock/batches)
- ComplianceController: quota check (GET /compliance/quota/{id})
- OpenAPI/Swagger config with bearer-jwt security scheme
- GlobalExceptionHandler: full RFC 9457 problem+json coverage
- UserRepository: findByEmail, findByEmailAndTenantId
- Flyway V2: role rename migration + login indexes
- Testcontainers + test profile infrastructure (integration tests deferred)
- Parent POM: Testcontainers BOM, entity scan via properties

Controllers use validated DTOs (Jakarta Bean Validation records).
Compliance checks run before distribution recording.
Tenant filter AOP aspect ensures multi-tenant data isolation.
 2026-06-11 12:05:52 +02:00
Patrick Plate 86c922e1f9 feat(sprint-2): add security infrastructure 
- Spring Security 6 with dual SecurityFilterChain (API stateless JWT + public Swagger)
- JwtService: generate/validate access + refresh tokens (JJWT 0.12.6)
- JwtAuthFilter: extract Bearer token, set SecurityContext + TenantContext
- GlobalExceptionHandler: RFC 9457 ProblemDetail responses
- Dependencies: spring-security, jjwt, springdoc-openapi, bean-validation, h2-test
- Application properties: JWT config + OpenAPI paths
 2026-06-11 10:46:48 +02:00
Patrick Plate 10891e7b89 chore: upgrade Spring Boot 3.3.4 → 4.0.6 
- Remove manually-pinned versions (Hibernate, Flyway, AssertJ, Mockito)
  now managed by Boot 4.0.6 BOM
- Remove @EntityScan and @EnableJpaRepositories — auto-detected via
  scanBasePackages covering de.cannamanage hierarchy
- All 25 tests pass, build compiles in 9.6s
 2026-06-11 10:41:59 +02:00
Patrick Plate fa1eaf64e0 feat(sprint-1): CannaManage foundation — compliance engine, JPA entities, tests TC-001→TC-025 
- Maven multi-module project (parent + domain + service + api)
- AbstractTenantEntity with Hibernate @Filter for multi-tenancy (explicit getters/setters, Java 25 compatible)
- TenantContext ThreadLocal for request-scoped tenant isolation
- 8 JPA entities: Club, Member, Strain, Batch, Distribution, MonthlyQuota, StockMovement, User
- ComplianceConstants with CanG §19 limits (25g/day adult, 50g/month adult, 30g/month under-21, 10% THC cap)
- ComplianceService: checkDistributionAllowed() with fail-fast sequential CanG checks
- Unit tests TC-001→TC-025: 25/25 passing, 100% line+branch coverage on ComplianceService (JaCoCo 0.8.13)
- Flyway V1__initial_schema.sql: all 8 tables + indexes
- docker-compose.yml: PostgreSQL 16 local dev
- application-local.properties: local profile configuration

Closes #1 #2 #3 #4 #5 #6 #7 #8 #9 #10
 2026-04-12 20:30:12 +02:00