From e9e18f6c380ad8b6b7f24f6c02d98dadf67026a7 Mon Sep 17 00:00:00 2001 From: hsiegeln <37154749+hsiegeln@users.noreply.github.com> Date: Mon, 27 Apr 2026 15:09:41 +0200 Subject: [PATCH] docs: update CLAUDE.md for account package, vendor admins, and shared components - Add account/ package to Key Packages table - Add VendorAdminService/Controller to vendor/ package - Note TenantPortalService delegation to AccountService - Update ui/CLAUDE.md: AccountSettingsPage, VendorAdminsPage, Administrators sidebar, user menu dropdown, shared components Co-Authored-By: Claude Opus 4.6 (1M context) --- CLAUDE.md | 17 +++++++++-------- ui/CLAUDE.md | 7 ++++--- 2 files changed, 13 insertions(+), 11 deletions(-) diff --git a/CLAUDE.md b/CLAUDE.md index d6baa7f..0c83395 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -27,9 +27,10 @@ Agent-server protocol is defined in `cameleer/cameleer-common/PROTOCOL.md`. The |---------|---------|-------------| | `config/` | Security, tenant isolation, web config | `SecurityConfig`, `TenantIsolationInterceptor`, `TenantContext`, `PublicConfigController`, `MeController` | | `tenant/` | Tenant data model | `TenantEntity` (JPA: id, name, slug, tier, status, logto_org_id, db_password) | -| `vendor/` | Vendor console (platform:admin) | `VendorTenantService`, `VendorTenantController`, `InfrastructureService`, `EmailConnectorService`, `EmailConnectorController`, `VendorAuthPolicyController`, `VendorAuthPolicyEntity` | +| `account/` | Shared user account operations | `AccountService` (profile, password, MFA, passkeys), `AccountController` (`/api/account/*`) | +| `vendor/` | Vendor console (platform:admin) | `VendorTenantService`, `VendorTenantController`, `InfrastructureService`, `EmailConnectorService`, `EmailConnectorController`, `VendorAuthPolicyController`, `VendorAuthPolicyEntity`, `VendorAdminService`, `VendorAdminController` | | `onboarding/` | Self-service sign-up onboarding | `OnboardingController`, `OnboardingService` | -| `portal/` | Tenant admin portal (org-scoped) | `TenantPortalService`, `TenantPortalController` | +| `portal/` | Tenant admin portal (org-scoped) | `TenantPortalService` (delegates user-level ops to AccountService), `TenantPortalController` | | `provisioning/` | Pluggable tenant provisioning | `DockerTenantProvisioner`, `TenantDatabaseService`, `TenantDataCleanupService` | | `certificate/` | TLS certificate lifecycle | `CertificateService`, `CertificateController`, `TenantCaCertService` | | `license/` | License management | `LicenseService`, `LicenseController` | @@ -81,7 +82,7 @@ PostgreSQL (Flyway): `src/main/resources/db/migration/` # GitNexus — Code Intelligence -This project is indexed by GitNexus as **cameleer-saas** (3330 symbols, 7090 relationships, 281 execution flows). Use the GitNexus MCP tools to understand code, assess impact, and navigate safely. +This project is indexed by GitNexus as **vendor-admin-account** (3510 symbols, 7678 relationships, 298 execution flows). Use the GitNexus MCP tools to understand code, assess impact, and navigate safely. > If any GitNexus tool warns the index is stale, run `npx gitnexus analyze` in terminal first. @@ -97,7 +98,7 @@ This project is indexed by GitNexus as **cameleer-saas** (3330 symbols, 7090 rel 1. `gitnexus_query({query: ""})` — find execution flows related to the issue 2. `gitnexus_context({name: ""})` — see all callers, callees, and process participation -3. `READ gitnexus://repo/cameleer-saas/process/{processName}` — trace the full execution flow step by step +3. `READ gitnexus://repo/vendor-admin-account/process/{processName}` — trace the full execution flow step by step 4. For regressions: `gitnexus_detect_changes({scope: "compare", base_ref: "main"})` — see what your branch changed ## When Refactoring @@ -136,10 +137,10 @@ This project is indexed by GitNexus as **cameleer-saas** (3330 symbols, 7090 rel | Resource | Use for | |----------|---------| -| `gitnexus://repo/cameleer-saas/context` | Codebase overview, check index freshness | -| `gitnexus://repo/cameleer-saas/clusters` | All functional areas | -| `gitnexus://repo/cameleer-saas/processes` | All execution flows | -| `gitnexus://repo/cameleer-saas/process/{name}` | Step-by-step execution trace | +| `gitnexus://repo/vendor-admin-account/context` | Codebase overview, check index freshness | +| `gitnexus://repo/vendor-admin-account/clusters` | All functional areas | +| `gitnexus://repo/vendor-admin-account/processes` | All execution flows | +| `gitnexus://repo/vendor-admin-account/process/{name}` | Step-by-step execution trace | ## Self-Check Before Finishing diff --git a/ui/CLAUDE.md b/ui/CLAUDE.md index 5206c45..bc987b8 100644 --- a/ui/CLAUDE.md +++ b/ui/CLAUDE.md @@ -6,7 +6,7 @@ React 19 SPA served at `/platform/*` by the Spring Boot backend. - `main.tsx` — React 19 root - `router.tsx` — `/vendor/*` + `/tenant/*` with `RequireScope` guards, `LandingRedirect` that waits for scopes (redirects to `/onboarding` if user has zero orgs), `/register` route for OIDC sign-up flow, `/onboarding` route for self-service tenant creation -- `Layout.tsx` — persona-aware sidebar: vendor sees expandable "Vendor" section (Tenants, Audit Log, Certificates, Metrics, Infrastructure, Email Connector, Logto Console), tenant admin sees Dashboard/License/SSO/Team/Audit/Settings +- `Layout.tsx` — persona-aware sidebar: vendor sees expandable "Vendor" section (Tenants, Audit Log, Certificates, Metrics, Infrastructure, Email Connector, Administrators, Logto Console), tenant admin sees Dashboard/License/SSO/Team/Audit/Settings. TopBar user dropdown includes "Account Settings" link. - `OrgResolver.tsx` — merges global + org-scoped token scopes (vendor's platform:admin is global) - `config.ts` — fetch Logto config from /platform/api/config @@ -22,8 +22,9 @@ React 19 SPA served at `/platform/*` by the Spring Boot backend. ## Pages - **Onboarding**: `OnboardingPage.tsx` — self-service trial tenant creation (org name + slug), shown to users with zero org memberships after sign-up -- **Vendor pages**: `VendorTenantsPage.tsx`, `CreateTenantPage.tsx`, `TenantDetailPage.tsx`, `VendorAuditPage.tsx`, `CertificatesPage.tsx`, `InfrastructurePage.tsx`, `EmailConfigPage.tsx` (SMTP connector config, registration toggle, test email) -- **Tenant pages**: `TenantDashboardPage.tsx` (restart + upgrade server), `TenantLicensePage.tsx`, `SsoPage.tsx`, `TeamPage.tsx` (reset member passwords), `TenantAuditPage.tsx`, `SettingsPage.tsx` (change own password, reset server admin password) +- **Shared pages**: `AccountSettingsPage.tsx` — `/settings/account`, any authenticated user. Profile, password (with current-password verification), TOTP MFA, passkeys. Composes shared components from `components/account/`. +- **Vendor pages**: `VendorTenantsPage.tsx`, `CreateTenantPage.tsx`, `TenantDetailPage.tsx`, `VendorAuditPage.tsx`, `CertificatesPage.tsx`, `InfrastructurePage.tsx`, `EmailConfigPage.tsx` (SMTP connector config, registration toggle, test email), `VendorAdminsPage.tsx` (platform admin list, invite/create, remove, reset password/MFA) +- **Tenant pages**: `TenantDashboardPage.tsx` (restart + upgrade server), `TenantLicensePage.tsx`, `SsoPage.tsx`, `TeamPage.tsx` (reset member passwords), `TenantAuditPage.tsx`, `SettingsPage.tsx` (imports shared account components, plus tenant-specific auth policy, MFA enforcement toggle, server admin password) ## Custom Sign-in UI (`ui/sign-in/`)