crewli

bert.hausmans/crewli

Fork 0

Commit Graph

Author	SHA1	Message	Date
bert.hausmans	e4294702c5	feat(form-builder): public resources — TAG_PICKER tags, schema version, submission shape S2c D1, D5, D7. PublicFormSchemaResource: - Carries available_tags on every TAG_PICKER field, respecting validation_rules.tag_categories when set. Tags prefetched once per org to avoid N+1. - Surfaces the schema version and an opened_at timestamp so the portal can detect drift between GET-time and submit-time. PublicFormSubmissionResource (new): the submission envelope the portal sees on every lifecycle endpoint. No PII echo — public_submitter_name, public_submitter_email, public_submitter_ip never appear. Admin metadata (review_status, reviewed_by, schema_snapshot, submitter user id) is filtered out. Includes schema_drift computed from schema.version vs schema_version_at_submit, and identity_match read from the §31.1 listener's column with a Dutch message per state (pending\|matched\|none). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-17 22:55:54 +02:00
bert.hausmans	4b7e66b83f	feat(form-builder): API resources with FieldAccessService filtering Phase 4 of S2b. Nine resources that shape the universal form builder responses. FieldAccessService::filterVisibleFields gates every field array — the primary defence tested by FormResourceSecurityTest (§22.9). - FormSchemaResource: includes fields_count, submissions_count, has_submissions, is_locked (derived from edit_lock_*), public_form_url when public_token is set, and filtered fields collection. - FormSchemaSummaryResource: lean list-endpoint variant. - FormFieldResource: effective_label / help_text / options resolved via FormLocaleResolver + translations JSON, plus TAG_PICKER available_tags filtered by validation_rules.tag_categories. - FormSubmissionResource: values keyed by field slug with FieldAccessService filtering, section_statuses, active delegations, review_info, submitted_in_locale, submission_duration_seconds. - FormSubmissionSummaryResource: lean list variant. - FormTemplateResource, FormFieldLibraryResource. - PublicFormSchemaResource: strictly limited per §10 — only is_portal_visible=true AND is_admin_only=false fields, no PII hints, no role_restrictions, no submissions_count. - FormSchemaWebhookResource: url/secret never returned; only url_host + has_secret boolean. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-17 21:13:40 +02:00

Author

SHA1

Message

Date

bert.hausmans

e4294702c5

feat(form-builder): public resources — TAG_PICKER tags, schema version, submission shape

S2c D1, D5, D7.

PublicFormSchemaResource:
- Carries available_tags on every TAG_PICKER field, respecting
  validation_rules.tag_categories when set. Tags prefetched once per
  org to avoid N+1.
- Surfaces the schema version and an opened_at timestamp so the portal
  can detect drift between GET-time and submit-time.

PublicFormSubmissionResource (new): the submission envelope the portal
sees on every lifecycle endpoint. No PII echo — public_submitter_name,
public_submitter_email, public_submitter_ip never appear. Admin
metadata (review_status, reviewed_by, schema_snapshot, submitter user
id) is filtered out. Includes schema_drift computed from
schema.version vs schema_version_at_submit, and identity_match read
from the §31.1 listener's column with a Dutch message per state
(pending|matched|none).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-04-17 22:55:54 +02:00

bert.hausmans

4b7e66b83f

feat(form-builder): API resources with FieldAccessService filtering

Phase 4 of S2b. Nine resources that shape the universal form builder
responses. FieldAccessService::filterVisibleFields gates every field
array — the primary defence tested by FormResourceSecurityTest (§22.9).

- FormSchemaResource: includes fields_count, submissions_count,
  has_submissions, is_locked (derived from edit_lock_*), public_form_url
  when public_token is set, and filtered fields collection.
- FormSchemaSummaryResource: lean list-endpoint variant.
- FormFieldResource: effective_label / help_text / options resolved via
  FormLocaleResolver + translations JSON, plus TAG_PICKER available_tags
  filtered by validation_rules.tag_categories.
- FormSubmissionResource: values keyed by field slug with FieldAccessService
  filtering, section_statuses, active delegations, review_info,
  submitted_in_locale, submission_duration_seconds.
- FormSubmissionSummaryResource: lean list variant.
- FormTemplateResource, FormFieldLibraryResource.
- PublicFormSchemaResource: strictly limited per §10 — only
  is_portal_visible=true AND is_admin_only=false fields, no PII hints,
  no role_restrictions, no submissions_count.
- FormSchemaWebhookResource: url/secret never returned; only url_host +
  has_secret boolean.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-04-17 21:13:40 +02:00

2 Commits