calminer/changelog.md

Changelog

2025-11-09

• Captured current implementation status, requirements coverage, missing features, and prioritized roadmap in calminer-docs/implementation_status.md to guide future development.
• Added core SQLAlchemy domain models, shared metadata descriptors, and Alembic migration setup (with initial schema snapshot) to establish the persistence layer foundation.
• Introduced repository and unit-of-work helpers for projects, scenarios, financial inputs, and simulation parameters to support service-layer operations.
• Added SQLite-backed pytest coverage for repository and unit-of-work behaviours to validate persistence interactions.
• Exposed project and scenario CRUD APIs with validated schemas and integrated them into the FastAPI application.
• Connected project and scenario routers to new Jinja2 list/detail/edit views with HTML forms and redirects.
• Implemented FR-009 client-side enhancements with responsive navigation toggle, mobile-first scenario tables, and shared asset loading across templates.
• Added scenario comparison validator, FastAPI comparison endpoint, and comprehensive unit tests to enforce FR-009 validation rules through API errors.
• Delivered a new dashboard experience with templates/dashboard.html, dedicated styling, and a FastAPI route supplying real project/scenario metrics via repository helpers.
• Extended repositories with count/recency utilities and added pytest coverage, including a dashboard rendering smoke test validating empty-state messaging.
• Brought project and scenario detail pages plus their forms in line with the dashboard visuals, adding metric cards, layout grids, and refreshed CTA styles.
• Reordered project route registration to prioritize static UI paths, eliminating 422 errors on /projects/ui and /projects/create, and added pytest smoke coverage for the navigation endpoints.
• Added end-to-end integration tests for project and scenario lifecycles, validating HTML redirects, template rendering, and API interactions, and updated ProjectRepository.get to deduplicate joined loads for detail views.
• Updated all Jinja2 template responses to the new Starlette signature to eliminate deprecation warnings while keeping request-aware context available to the templates.
• Introduced services/security.py to centralize Argon2 password hashing utilities and JWT creation/verification with typed payloads, and added pytest coverage for hashing, expiry, tampering, and token type mismatch scenarios.
• Added routes/auth.py with registration, login, and password reset flows, refreshed auth templates with error messaging, wired navigation links, and introduced end-to-end pytest coverage for the new forms and token flows.
• Implemented cookie-based authentication session middleware with automatic access token refresh, logout handling, navigation adjustments, and documentation/test updates capturing the new behaviour.
• Delivered idempotent seeding utilities with scripts/initial_data.py, entry-point runner scripts/00_initial_data.py, documentation updates, and pytest coverage to verify role/admin provisioning.
• Secured project and scenario routers with RBAC guard dependencies, enforced repository access checks via helper utilities, and aligned template routes with FastAPI dependency injection patterns.

2025-11-10

• Added dedicated pytest coverage for guard dependencies, exercising success plus failure paths (missing session, inactive user, missing roles, project/scenario access errors) via tests/test_dependencies_guards.py.
• Added integration tests in tests/test_authorization_integration.py verifying anonymous 401 responses, role-based 403s, and authorized project manager flows across API and UI endpoints.
• Implemented environment-driven admin bootstrap settings, wired the bootstrap_admin helper into FastAPI startup, added pytest coverage for creation/idempotency/reset logic, and documented operational guidance in the RBAC plan and security concept.
• Retired the legacy authentication RBAC implementation plan document after migrating its guidance into live documentation and synchronized the contributor instructions to reflect the removal.
• Completed the Authentication & RBAC checklist by shipping the new models, migrations, repositories, guard dependencies, and integration tests.
• Documented the project/scenario import/export field mapping and file format guidelines in calminer-docs/requirements/FR-008.md, and introduced schemas/imports.py with Pydantic models that normalise incoming CSV/Excel rows for projects and scenarios.
• Added services/importers.py to load CSV/XLSX files into the new import schemas, pulled in openpyxl for Excel support, and covered the parsing behaviour with tests/test_import_parsing.py.
• Expanded the import ingestion workflow with staging previews, transactional persistence commits, FastAPI preview/commit endpoints under /imports, and new API tests (tests/test_import_ingestion.py, tests/test_import_api.py) ensuring end-to-end coverage.
• Added persistent audit logging via ImportExportLog, structured log emission, Prometheus metrics instrumentation, /metrics endpoint exposure, and updated operator/deployment documentation to guide monitoring setup.

2025-11-11

• Centralised ISO-4217 currency validation across scenarios, imports, and export filters (models/scenario.py, routes/scenarios.py, schemas/scenario.py, schemas/imports.py, services/export_query.py) so malformed codes are rejected consistently at every entry point.
• Updated scenario services and UI flows to surface friendly validation errors and added regression coverage for imports, exports, API creation, and lifecycle flows ensuring currencies are normalised end-to-end.
• Recorded the completed “Ensure currency is used consistently” work in .github/instructions/DONE.md and ran the full pytest suite (150 tests) to verify the refactor.
• Linked projects to their pricing settings by updating SQLAlchemy models, repositories, seeding utilities, and migrations, and added regression tests to cover the new association and default backfill.
• Bootstrapped database-stored pricing settings at application startup, aligned initial data seeding with the database-first metadata flow, and added tests covering pricing bootstrap creation, project assignment, and idempotency.
• Extended pricing configuration support to prefer persisted metadata via dependencies.get_pricing_metadata, added retrieval tests for project/default fallbacks, and refreshed docs (calminer-docs/specifications/price_calculation.md, pricing_settings_data_model.md) to describe the database-backed workflow and bootstrap behaviour.
• Added services/financial.py NPV, IRR, and payback helpers with robust cash-flow normalisation, convergence safeguards, and fractional period support, plus comprehensive pytest coverage exercising representative project scenarios and failure modes.
• Authored calminer-docs/specifications/financial_metrics.md capturing DCF assumptions, solver behaviours, and worked examples, and cross-linked the architecture concepts to the new reference for consistent navigation.
• Implemented services/simulation.py Monte Carlo engine with configurable distributions, summary aggregation, and reproducible RNG seeding, introduced regression tests in tests/test_simulation.py, and documented configuration/usage in calminer-docs/specifications/monte_carlo_simulation.md with architecture cross-links.
• Polished reporting HTML contexts by cleaning stray fragments in routes/reports.py, adding download action metadata for project and scenario pages, and generating scenario comparison download URLs with correctly serialised repeated scenario_ids parameters.
• Consolidated Alembic history into a single initial migration (20251111_00_initial_schema.py), removed superseded revision files, and ensured Alembic metadata still references the project metadata for clean bootstrap.
• Added scripts/run_migrations.py and a Docker entrypoint wrapper to run Alembic migrations before uvicorn starts, removed the fallback Base.metadata.create_all call, and updated calminer-docs/admin/installation.md so developers know how to apply migrations locally or via Docker.
• Configured pytest defaults to collect coverage (--cov) with an 80% fail-under gate, excluded entrypoint/reporting scaffolds from the calculation, updated contributor docs with the standard pytest command, and verified the suite now reports 83% coverage.