m/paliad
1
0
Fork 0
Code Issues 146 Pull Requests 8 Actions 3 Packages Projects Releases Wiki Activity

Compare commits

base: m:mai/cronus/coder-composer-slice-e
Branches Tags
m:main m:mai/bohr/coder-apply-m-s-caption m:mai/faraday/coder-generated-document m:mai/planck/coder-b5-b6-train-share m:mai/archimedes/fixer-port-engine m:mai/maxwell/coder-b4-akte-mode m:mai/lorenz/coder-b3-event-triggered m:mai/euler/fixer-builder-add m:mai/brunel/fixer-prod-500s-after-b1 m:mai/galileo/coder-b1-b2-mvp-train m:mai/pasteur/fixer-pkg-litigationplann m:mai/newton/coder-b0-scenario-db m:mai/edison/inventor-prd-columnar m:mai/knuth/coder-workflow-tracker m:mai/atlas/inventor-extend-tools m:mai/cronus/inventor-unified m:mai/atlas/inventor-deadline-system m:mai/atlas/inventor-followup-rules m:mai/athena/consultant-deadline m:mai/brunel/fixer-dark-mode-support m:mai/knuth/coder-cronus-fristenrechn m:mai/ritchie/coder-mig-153-proceeding m:mai/atlas/inventor-proceeding m:mai/cronus/inventor-fristenrechner m:mai/curie/coder-mig152-clone-dedupe m:mai/darwin/researcher-lexy-draft m:mai/knuth/coder-dedupe-null m:mai/cronus/coder-composer-slice-f m:mai/cronus/coder-composer-slice-e m:mai/cronus/coder-composer-slice-d m:mai/curie/coder-slice-b6-url-rename m:mai/curie/coder-slice-b5-go-rename m:mai/cronus/coder-composer-slice-c m:mai/curie/coder-slice-b4-destructive-drop m:mai/cronus/coder-composer-slice-b m:mai/cronus/coder-composer-slice-a m:mai/cronus/inventor-prd-for m:mai/knuth/coder-verfahrensablauf m:mai/ritchie/coder-make-backup m:mai/diesel/fixer-dark-mode-css m:mai/curie/coder-slice-b3-read-cutover m:mai/diesel/fixer-verfahrensablauf m:mai/curie/coder-slice-b2-dual-write m:mai/cronus/coder-slice-d-scenarios m:mai/knuth/coder-backfill-applies m:mai/hermes/gitster-verfahrensablauf m:mai/cronus/coder-berufung-labels-refactor m:mai/diesel/hotfix-2-mig-134-missing m:mai/curie/coder-slice-b1-procedural-events m:mai/cronus/coder-slice-c-upc-snapshot m:mai/brunel/hotfix-rename-upc-apl m:mai/cronus/coder-slice-b3-primary-party m:mai/cronus/coder-slice-b2-catalog-query m:mai/cronus/inventor-litigation-slice-b m:mai/curie/researcher-slice-b-zero m:mai/cronus/inventor-litigation m:mai/artemis/gitster-remove-admin m:mai/ritchie/coder-sort-post-trigger m:mai/knuth/coder-conditional-label m:mai/hermes/coder-verfahrensablauf m:mai/brunel/rebase-121-conditional m:mai/knuth/coder-conditional-rule m:mai/hermes/gitster-dark-mode-fix m:mai/ritchie/coder-submission-form m:mai/artemis/gitster-re-surface m:mai/brunel/fixer-views-any-filters m:mai/cronus/coder-cicd-slice-a m:mai/knuth/coder-wave-1-tier-1-rule m:mai/ritchie/coder-upc-damages-add m:mai/cronus/inventor-ci-cd-pre m:mai/brunel/rebase-108-language m:mai/hermes/gitster-admin-rules-list m:mai/artemis/gitster-submission m:mai/icarus/gitster-verfahrensablauf m:mai/orpheus/gitster-search-input m:mai/atlas/coder-event-card-choices-slice-ab m:mai/hermes/gitster-date-range m:mai/demeter/gitster-submission m:mai/knuth/coder-hl-patents-style m:mai/hermes/gitster-draft-editor m:mai/atlas/inventor-per-event-card m:mai/knuth/coder-deadline-rule-tier m:mai/cronus/coder-procedural-events-slice-a m:mai/hermes/gitster-deadline-form m:mai/artemis/gitster-add-missing-i18n m:mai/demeter/gitster-paliadin-chat m:mai/brunel/wave0-tier0-deadline-fixes m:mai/artemis/coder-docker-compose-yml m:mai/icarus/coder-inbox-overhaul-slice-a m:mai/atlas/coder-date-range-picker-slice-a m:mai/brunel/fixer-de-inf-lg-cfi m:mai/cronus/inventor-procedural m:mai/hermes/gitster-event-type-modal m:mai/cronus/coder-backup-mode m:mai/curie/researcher-bulletproof m:mai/hermes/gitster-draft-editor-focus-jump m:mai/cronus/inventor-backup-mode m:mai/hermes/gitster-submissions m:mai/artemis/gitster-deadline-form m:mai/brunel/fixer-submission-preview m:mai/brunel/fixer-test-data-reset m:mai/artemis/gitster-approval-withdraw m:mai/demeter/gitster-events m:mai/hermes/gitster-sidebar-loses m:mai/hermes/gitster-browse-a m:mai/brunel/fixer-submissions-demo m:mai/icarus/inventor-inbox-overhaul m:mai/atlas/inventor-symmetric-date m:mai/artemis/gitster-demote-daten m:mai/hermes/gitster-team-view-mailto m:mai/knuth/coder-global-schriftsatze m:mai/knuth/coder-schriftsatze m:mai/ritchie/coder-author-demo-docx m:mai/knuth/coder-add-schriftsatze m:mai/knuth/coder-add-checklist m:mai/knuth/coder-anchor-lookup-must m:mai/tesla/dashboard-resize-clamp m:mai/knuth/coder-demote-projekt m:mai/knuth/coder-paliadin-chat m:mai/knuth/coder-print-views m:mai/knuth/coder-add-proceeding m:mai/knuth/coder-submission m:mai/ritchie/coder-extend-team-email m:mai/knuth/coder-changelog-catch-up m:mai/tesla/dashboard-overlap m:mai/pasteur/fixercoder-dashboard m:mai/newton/inventor-configurable m:mai/dirac/inventorcoder-user m:mai/gauss/inventorcoder-team-admin m:mai/kepler/inventorcoder-project m:mai/darwin/roadmap-ccr-en m:mai/euler/coder-small-ux-polish m:mai/darwin/fristenrechner-cleanup m:mai/darwin/fixercoder-priority-bug m:mai/leibniz/inventor-caldav-multi m:mai/hertz/inventor-unified-modal m:mai/archimedes/inventor-excel-data m:mai/boltzmann/inventor-gap-tolerant m:mai/copernicus/submission-slice-1 m:mai/fermi/interactive-session m:mai/hertz/inventor-suggest-changes m:mai/copernicus/inventor-submission m:mai/mendel/test-strategy-slice-1 m:mai/mendel/inventor-test-strategy m:mai/ampere/custom-views-improvements m:mai/joule/mig-097-apply-huygens-s m:mai/ohm/workstream-b-rename m:mai/huygens/workstream-a-backfill m:mai/kelvin/t-204-phase-2-proceeding m:mai/bohr/ingest-t-paliad-203-rule m:mai/curie/fristenrechner-gap m:mai/maxwell/inbox-grey-out m:mai/rutherford/slice-9-follow-up-b-re m:mai/dirac/slice-9-follow-up-a m:mai/bose/determinator-cascade-slice-3 m:mai/bose/determinator-cascade-slice-2 m:mai/bose/determinator-row-cascade m:mai/lorenz/fristen-phase-3-slice-9 m:mai/curie/fristen-phase-3-slice-12 m:mai/planck/aichat-phase-b-paliad m:mai/young/fristen-phase-3-slice-11b m:mai/lorenz/fristen-phase-3-slice-11a m:mai/lorenz/fristen-phase-3-slice-10 m:mai/lorenz/fristen-phase-3-slice-8 m:mai/lorenz/fristen-phase-3-slice-7 m:mai/lorenz/fristen-phase-3-slice-6 m:mai/lorenz/fristen-phase-3-slice-5 m:mai/lorenz/fristen-phase-3-slice-4 m:mai/lorenz/fristen-phase-3-slice-3 m:mai/lorenz/fristen-phase-3-slice-2 m:mai/lorenz/fristen-phase-3-slice-1 m:mai/pauli/fristen-phase2-design m:mai/tesla/project-timeline-chart m:mai/pauli/fristen-logic-audit m:mai/pauli/determinator-b1-row-by m:mai/noether/tools-cleanup-slice-1 m:mai/kelvin/inventor-tools-surface m:mai/planck/paliadin-per-user-rls m:mai/maxwell/bug-bundle-filterbar m:mai/faraday/project-timeline-chart m:mai/schroedinger/smarttimeline-slice-4 m:mai/bohr/smarttimeline-slice-3 m:mai/gauss/smarttimeline-slice-2 m:mai/riemann/filterbar-phase-2-slice m:mai/lagrange/smarttimeline-design-the m:mai/curie/researcher-determinator m:mai/noether/collapse-regel-typ-on m:mai/riemann/inventor-universal m:mai/minkowski/project-level-our-side m:mai/dirac/inventor-inline-paliadin m:mai/feynman/fristenrechner m:mai/minkowski/navbar-dashboard-reorg m:mai/shannon/approval-rework m:mai/einstein/consultant-deadline-data m:mai/curie/researcher-upc-rop-audit m:mai/noether/paliadin-real-claude m:mai/noether/inventor-paliadin m:mai/hilbert/inventor-approval-policy m:mai/shannon/bug-frist-due-date m:mai/fritz/bug-fristen-termine m:mai/godel/inventor-projects-page m:mai/fritz/bug-paliadin-chat m:mai/kepler/inventor-profession-vs m:mai/noether/inventor-paliadin-in-app m:mai/fritz/bulk-team-email-send-to m:mai/noether/inventor-local-chat-for m:mai/noether/inventor-data-display m:mai/fritz/bug-derived-team-members m:mai/fritz/bug-sidebar-visibly m:mai/noether/inventor-project m:mai/shannon/bug-project-team-add m:mai/cronus/inventor-dual-control m:mai/fritz/bug-edit-mode-on m:mai/cronus/inventor-holidays-per m:mai/ritchie/phase-h-ai-deadline
..
compare: m:mai/cronus/inventor-ci-cd-pre
Branches Tags
m:main m:mai/bohr/coder-apply-m-s-caption m:mai/faraday/coder-generated-document m:mai/planck/coder-b5-b6-train-share m:mai/archimedes/fixer-port-engine m:mai/maxwell/coder-b4-akte-mode m:mai/lorenz/coder-b3-event-triggered m:mai/euler/fixer-builder-add m:mai/brunel/fixer-prod-500s-after-b1 m:mai/galileo/coder-b1-b2-mvp-train m:mai/pasteur/fixer-pkg-litigationplann m:mai/newton/coder-b0-scenario-db m:mai/edison/inventor-prd-columnar m:mai/knuth/coder-workflow-tracker m:mai/atlas/inventor-extend-tools m:mai/cronus/inventor-unified m:mai/atlas/inventor-deadline-system m:mai/atlas/inventor-followup-rules m:mai/athena/consultant-deadline m:mai/brunel/fixer-dark-mode-support m:mai/knuth/coder-cronus-fristenrechn m:mai/ritchie/coder-mig-153-proceeding m:mai/atlas/inventor-proceeding m:mai/cronus/inventor-fristenrechner m:mai/curie/coder-mig152-clone-dedupe m:mai/darwin/researcher-lexy-draft m:mai/knuth/coder-dedupe-null m:mai/cronus/coder-composer-slice-f m:mai/cronus/coder-composer-slice-e m:mai/cronus/coder-composer-slice-d m:mai/curie/coder-slice-b6-url-rename m:mai/curie/coder-slice-b5-go-rename m:mai/cronus/coder-composer-slice-c m:mai/curie/coder-slice-b4-destructive-drop m:mai/cronus/coder-composer-slice-b m:mai/cronus/coder-composer-slice-a m:mai/cronus/inventor-prd-for m:mai/knuth/coder-verfahrensablauf m:mai/ritchie/coder-make-backup m:mai/diesel/fixer-dark-mode-css m:mai/curie/coder-slice-b3-read-cutover m:mai/diesel/fixer-verfahrensablauf m:mai/curie/coder-slice-b2-dual-write m:mai/cronus/coder-slice-d-scenarios m:mai/knuth/coder-backfill-applies m:mai/hermes/gitster-verfahrensablauf m:mai/cronus/coder-berufung-labels-refactor m:mai/diesel/hotfix-2-mig-134-missing m:mai/curie/coder-slice-b1-procedural-events m:mai/cronus/coder-slice-c-upc-snapshot m:mai/brunel/hotfix-rename-upc-apl m:mai/cronus/coder-slice-b3-primary-party m:mai/cronus/coder-slice-b2-catalog-query m:mai/cronus/inventor-litigation-slice-b m:mai/curie/researcher-slice-b-zero m:mai/cronus/inventor-litigation m:mai/artemis/gitster-remove-admin m:mai/ritchie/coder-sort-post-trigger m:mai/knuth/coder-conditional-label m:mai/hermes/coder-verfahrensablauf m:mai/brunel/rebase-121-conditional m:mai/knuth/coder-conditional-rule m:mai/hermes/gitster-dark-mode-fix m:mai/ritchie/coder-submission-form m:mai/artemis/gitster-re-surface m:mai/brunel/fixer-views-any-filters m:mai/cronus/coder-cicd-slice-a m:mai/knuth/coder-wave-1-tier-1-rule m:mai/ritchie/coder-upc-damages-add m:mai/cronus/inventor-ci-cd-pre m:mai/brunel/rebase-108-language m:mai/hermes/gitster-admin-rules-list m:mai/artemis/gitster-submission m:mai/icarus/gitster-verfahrensablauf m:mai/orpheus/gitster-search-input m:mai/atlas/coder-event-card-choices-slice-ab m:mai/hermes/gitster-date-range m:mai/demeter/gitster-submission m:mai/knuth/coder-hl-patents-style m:mai/hermes/gitster-draft-editor m:mai/atlas/inventor-per-event-card m:mai/knuth/coder-deadline-rule-tier m:mai/cronus/coder-procedural-events-slice-a m:mai/hermes/gitster-deadline-form m:mai/artemis/gitster-add-missing-i18n m:mai/demeter/gitster-paliadin-chat m:mai/brunel/wave0-tier0-deadline-fixes m:mai/artemis/coder-docker-compose-yml m:mai/icarus/coder-inbox-overhaul-slice-a m:mai/atlas/coder-date-range-picker-slice-a m:mai/brunel/fixer-de-inf-lg-cfi m:mai/cronus/inventor-procedural m:mai/hermes/gitster-event-type-modal m:mai/cronus/coder-backup-mode m:mai/curie/researcher-bulletproof m:mai/hermes/gitster-draft-editor-focus-jump m:mai/cronus/inventor-backup-mode m:mai/hermes/gitster-submissions m:mai/artemis/gitster-deadline-form m:mai/brunel/fixer-submission-preview m:mai/brunel/fixer-test-data-reset m:mai/artemis/gitster-approval-withdraw m:mai/demeter/gitster-events m:mai/hermes/gitster-sidebar-loses m:mai/hermes/gitster-browse-a m:mai/brunel/fixer-submissions-demo m:mai/icarus/inventor-inbox-overhaul m:mai/atlas/inventor-symmetric-date m:mai/artemis/gitster-demote-daten m:mai/hermes/gitster-team-view-mailto m:mai/knuth/coder-global-schriftsatze m:mai/knuth/coder-schriftsatze m:mai/ritchie/coder-author-demo-docx m:mai/knuth/coder-add-schriftsatze m:mai/knuth/coder-add-checklist m:mai/knuth/coder-anchor-lookup-must m:mai/tesla/dashboard-resize-clamp m:mai/knuth/coder-demote-projekt m:mai/knuth/coder-paliadin-chat m:mai/knuth/coder-print-views m:mai/knuth/coder-add-proceeding m:mai/knuth/coder-submission m:mai/ritchie/coder-extend-team-email m:mai/knuth/coder-changelog-catch-up m:mai/tesla/dashboard-overlap m:mai/pasteur/fixercoder-dashboard m:mai/newton/inventor-configurable m:mai/dirac/inventorcoder-user m:mai/gauss/inventorcoder-team-admin m:mai/kepler/inventorcoder-project m:mai/darwin/roadmap-ccr-en m:mai/euler/coder-small-ux-polish m:mai/darwin/fristenrechner-cleanup m:mai/darwin/fixercoder-priority-bug m:mai/leibniz/inventor-caldav-multi m:mai/hertz/inventor-unified-modal m:mai/archimedes/inventor-excel-data m:mai/boltzmann/inventor-gap-tolerant m:mai/copernicus/submission-slice-1 m:mai/fermi/interactive-session m:mai/hertz/inventor-suggest-changes m:mai/copernicus/inventor-submission m:mai/mendel/test-strategy-slice-1 m:mai/mendel/inventor-test-strategy m:mai/ampere/custom-views-improvements m:mai/joule/mig-097-apply-huygens-s m:mai/ohm/workstream-b-rename m:mai/huygens/workstream-a-backfill m:mai/kelvin/t-204-phase-2-proceeding m:mai/bohr/ingest-t-paliad-203-rule m:mai/curie/fristenrechner-gap m:mai/maxwell/inbox-grey-out m:mai/rutherford/slice-9-follow-up-b-re m:mai/dirac/slice-9-follow-up-a m:mai/bose/determinator-cascade-slice-3 m:mai/bose/determinator-cascade-slice-2 m:mai/bose/determinator-row-cascade m:mai/lorenz/fristen-phase-3-slice-9 m:mai/curie/fristen-phase-3-slice-12 m:mai/planck/aichat-phase-b-paliad m:mai/young/fristen-phase-3-slice-11b m:mai/lorenz/fristen-phase-3-slice-11a m:mai/lorenz/fristen-phase-3-slice-10 m:mai/lorenz/fristen-phase-3-slice-8 m:mai/lorenz/fristen-phase-3-slice-7 m:mai/lorenz/fristen-phase-3-slice-6 m:mai/lorenz/fristen-phase-3-slice-5 m:mai/lorenz/fristen-phase-3-slice-4 m:mai/lorenz/fristen-phase-3-slice-3 m:mai/lorenz/fristen-phase-3-slice-2 m:mai/lorenz/fristen-phase-3-slice-1 m:mai/pauli/fristen-phase2-design m:mai/tesla/project-timeline-chart m:mai/pauli/fristen-logic-audit m:mai/pauli/determinator-b1-row-by m:mai/noether/tools-cleanup-slice-1 m:mai/kelvin/inventor-tools-surface m:mai/planck/paliadin-per-user-rls m:mai/maxwell/bug-bundle-filterbar m:mai/faraday/project-timeline-chart m:mai/schroedinger/smarttimeline-slice-4 m:mai/bohr/smarttimeline-slice-3 m:mai/gauss/smarttimeline-slice-2 m:mai/riemann/filterbar-phase-2-slice m:mai/lagrange/smarttimeline-design-the m:mai/curie/researcher-determinator m:mai/noether/collapse-regel-typ-on m:mai/riemann/inventor-universal m:mai/minkowski/project-level-our-side m:mai/dirac/inventor-inline-paliadin m:mai/feynman/fristenrechner m:mai/minkowski/navbar-dashboard-reorg m:mai/shannon/approval-rework m:mai/einstein/consultant-deadline-data m:mai/curie/researcher-upc-rop-audit m:mai/noether/paliadin-real-claude m:mai/noether/inventor-paliadin m:mai/hilbert/inventor-approval-policy m:mai/shannon/bug-frist-due-date m:mai/fritz/bug-fristen-termine m:mai/godel/inventor-projects-page m:mai/fritz/bug-paliadin-chat m:mai/kepler/inventor-profession-vs m:mai/noether/inventor-paliadin-in-app m:mai/fritz/bulk-team-email-send-to m:mai/noether/inventor-local-chat-for m:mai/noether/inventor-data-display m:mai/fritz/bug-derived-team-members m:mai/fritz/bug-sidebar-visibly m:mai/noether/inventor-project m:mai/shannon/bug-project-team-add m:mai/cronus/inventor-dual-control m:mai/fritz/bug-edit-mode-on m:mai/cronus/inventor-holidays-per m:mai/ritchie/phase-h-ai-deadline

1 Commits
mai/cronus ... mai/cronus

Author SHA1 Message Date
mAi
f6096b4849 docs(cicd): inventor design — pre-deploy gate + migration smoke (t-paliad-282) 
m/paliad#114. Today: 3 distinct migration crash-loops (brunel slot
collision, hermes dropped-col refs, mig 129 ownership), paliad.de still
offline at write time (RestartCount=14). Site goes down because Dokploy
compose mode --force-recreates the old container before the new one is
healthy + restart: unless-stopped traps the failure in a loop.

Two-pronged design: (1) PRIMARY — Gitea Actions runs build + tests +
beefed-up migration smoke (incl. role-split end-to-end apply that catches
the 42501 case) BEFORE Dokploy's webhook fires; on red, the deploy never
happens. (2) SECONDARY — compose healthcheck + restart: on-failure:3 to
cap the residual crash-loop blast radius.

Stays single-source-of-truth on the existing Dokploy compose
Zx147ycurfYagKRl_Zzyo. No .dev clone, no second branch, no second app.
Builds on mendel's Slice 7 (2026-05-19); extends with role-split smoke
+ duplicate-slot pre-flight check.

6 R-picks in §3, 6 open questions for m in §11. 5 slices (A load-bearing,
B compose hardening, C frontend tests, D mai-test post-merge, E docs).
Appendix A documents the live-outage recovery — out of scope but
unblockable until m or head executes.
 2026-05-25 17:07:39 +02:00
167 changed files with 3572 additions and 33774 deletions
Expand all files Collapse all files

242
.gitea/workflows/test.yaml
View File

@@ -1,242 +0,0 @@
# Paliad CI gate (t-paliad-282 / m/paliad#114).
#
# Single workflow, two purposes:
#
# - On every push: gate tier — build + unit + migration smoke. Red gate
# means no further work and (on main) no deploy.
# - On push to main with gate green: deploy step — calls the Dokploy
# compose-deploy API for paliad's compose Zx147ycurfYagKRl_Zzyo, then
# polls /health/ready until the new container reports 200.
#
# The deploy step REPLACES the previous Gitea-push → Dokploy webhook path
# (per m's Q11.4 pick: soft-launch with both alive for ~1 week, then
# disable the Dokploy auto-deploy toggle). Soft-launch leaves Dokploy's
# autoDeploy=true intact today — the workflow's deploy step is additive
# and idempotent (Dokploy's deploy is itself idempotent).
#
# Catches the three failure classes from 2026-05-25:
#
# - brunel slot collision (~13:20) — TestMigrations_NoDuplicateSlot,
# pure unit, no DB needed.
# - hermes dropped-col refs (~16:05) — TestBootSmoke, applies all NEW
# migrations (those not in the snapshot) end-to-end against a
# scratch DB restored from internal/db/testdata/prod-snapshot.sql.
# - mig 129 42501 ownership (~14:56→) — TestMigrations_EndToEndAsAppRole,
# applies new migrations as the prod-shaped `postgres` role (which
# is NOT a superuser on supabase/postgres — same shape as
# youpc-supabase prod, see internal/db/testdata/README.md).
#
# Snapshot approach: dump paliad schema + applied_migrations rows from
# prod, commit them. CI restores → ApplyMigrations sees existing migs as
# applied, only runs NEW migs (the ones this PR adds). This sidesteps the
# fresh-DB idempotence requirement on historical migrations (some of
# which use raw COMMIT or pre-installed extensions and can't be replayed
# from scratch). To refresh: `make refresh-snapshot`.
#
# Design: docs/design-cicd-pre-deploy-gate-2026-05-25.md (cronus inventor
# shift, t-paliad-282).
name: Paliad CI gate
on:
push:
branches:
- main
- 'mai/**'
pull_request:
branches: [main]
env:
GO_VERSION: '1.24'
BUN_VERSION: '1.2'
jobs:
# Gate job 1 — pure build. Catches go/bun build breakage that local
# `go build` would catch but which a worker might have skipped before
# pushing. Fast (~60 s) so a red here surfaces immediately.
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
cache: true
- name: go build
run: go build ./...
- name: go vet
run: go vet ./...
- name: Set up Bun
uses: oven-sh/setup-bun@v2
with:
bun-version: ${{ env.BUN_VERSION }}
- name: bun install + build
working-directory: frontend
run: |
bun install --frozen-lockfile
bun run build
# Gate job 2 — Go test suite + migration smoke against snapshot-restored
# scratch DB.
#
# The Postgres service container uses the same supabase/postgres image
# as youpc-supabase prod. The CI scratch DB starts empty; a setup step
# installs pg_trgm + restores the snapshot. After restore, paliad
# schema is at HEAD-of-snapshot and applied_migrations covers every
# migration up to (and including) the snapshot's max version.
#
# ApplyMigrations called in TestBootSmoke / TestMigrations_EndToEndAsAppRole
# sees the snapshot's applied set, finds whatever NEW migrations this
# PR added on top, and applies only those. The role-split smoke runs as
# `postgres` (which is NOT a superuser on supabase/postgres, matching
# the prod role topology) — any new migration that needs supabase_admin
# privilege fails here as it would in prod.
test-go:
runs-on: ubuntu-latest
services:
# supabase/postgres baked-in auth schema + supabase role topology
# matches youpc-supabase prod. `postgres` here is NOT a superuser
# (verified live: \du postgres shows "Create role, Create DB,
# Replication, Bypass RLS" — no Superuser). This is the prod-shaped
# role the deploy uses.
postgres:
image: supabase/postgres:15.8.1.060
env:
POSTGRES_PASSWORD: ci
POSTGRES_DB: paliad_scratch
ports:
- 5432:5432
options: >-
--health-cmd "pg_isready -U postgres"
--health-interval 5s
--health-timeout 5s
--health-retries 30
steps:
- uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
cache: true
- name: Install postgresql-client
run: |
apt-get update -qq && apt-get install -y -qq postgresql-client
# Snapshot restore. Two prep steps as supabase_admin (the actual
# superuser): GRANT CREATE so the `postgres` role can later create
# schemas if a new mig needs it; install pg_trgm so the snapshot's
# trigram indexes restore. Snapshot itself loads as `postgres`.
- name: Provision + restore snapshot
env:
PGPASSWORD: ci
run: |
set -euo pipefail
psql -h localhost -U supabase_admin -d paliad_scratch -v ON_ERROR_STOP=1 \
-c "GRANT CREATE ON DATABASE paliad_scratch TO postgres;" \
-c "CREATE EXTENSION IF NOT EXISTS pg_trgm;"
psql -h localhost -U postgres -d paliad_scratch -v ON_ERROR_STOP=1 \
-f internal/db/testdata/prod-snapshot.sql
# Pre-flight: catches brunel slot collision in seconds, no DB
# contact (still useful even though the test-go job has Postgres
# running, because the failure mode is independent).
- name: Migration coordination check
run: go test -count=1 -run TestMigrations_NoDuplicateSlot ./internal/db/
# Role-split end-to-end apply. Connects as `postgres` (NOT a
# superuser on supabase/postgres) and runs ApplyMigrations against
# the snapshot-restored DB. Existing migs are skipped (already in
# applied_migrations); NEW migs in this PR apply here. If a new
# migration assumes supabase_admin privilege, fails with the same
# 42501 error class that took paliad.de offline on 2026-05-25.
- name: Migration end-to-end (deploy role)
env:
TEST_APP_DATABASE_URL: postgres://postgres:ci@localhost:5432/paliad_scratch?sslmode=disable
run: go test -count=1 -run TestMigrations_EndToEndAsAppRole ./internal/db/
# Boot smoke. Confirms ApplyMigrations succeeds + applied set
# matches on-disk set + /healthz returns 200 + /health/ready
# returns 200 (the live-pool variant via TestHealthReady_Live).
- name: Boot smoke + readiness
env:
TEST_DATABASE_URL: postgres://postgres:ci@localhost:5432/paliad_scratch?sslmode=disable
run: go test -count=1 -run 'TestBootSmoke|TestHealthReady_Live' ./cmd/server/
# Full Go test suite WITHOUT TEST_DATABASE_URL so live-DB service
# tests skip (same shape as a developer laptop without a scratch
# DB). Live-DB tests in internal/services/* will be activated by a
# follow-up shift once the snapshot is verified stable across
# multiple PRs — they need investigation against supabase/postgres
# 15.8 (parameter type inference differs subtly from youpc-supabase).
- name: go test ./... (pure + skip-on-no-DB)
run: go test -count=1 ./internal/... ./cmd/...
# Deploy step. Only runs on push to main and only after both gate jobs
# are green. Calls Dokploy's compose.deploy with the paliad compose ID
# (Zx147ycurfYagKRl_Zzyo) and polls /health/ready until it returns 200
# or times out.
#
# Skipped on PR / feature branch pushes — those run the gate tier as
# a status check but don't trigger a prod deploy. Dokploy's existing
# autoDeploy=true webhook continues to fire during the soft-launch
# window (per Q11.4); it can be disabled in the Dokploy UI once this
# workflow has gated ≥5 successful green deploys.
deploy:
runs-on: ubuntu-latest
needs: [build, test-go]
if: github.ref == 'refs/heads/main' && github.event_name == 'push'
steps:
- name: Trigger Dokploy compose deploy
env:
DOKPLOY_KEY: ${{ secrets.DOKPLOY_TOKEN }}
DOKPLOY_API: http://100.99.98.201:3000/api/trpc
COMPOSE_ID: Zx147ycurfYagKRl_Zzyo
run: |
set -euo pipefail
if [ -z "${DOKPLOY_KEY:-}" ]; then
echo "ERROR: DOKPLOY_TOKEN secret is not configured."
echo " Set the secret in Gitea repo settings before this step can deploy."
exit 2
fi
echo "==> POST compose.deploy"
curl -sS --connect-timeout 5 --max-time 30 \
-X POST \
-H "x-api-key: $DOKPLOY_KEY" \
-H "Content-Type: application/json" \
-d "{\"json\":{\"composeId\":\"$COMPOSE_ID\"}}" \
"$DOKPLOY_API/compose.deploy"
echo
- name: Wait for /health/ready
run: |
set -euo pipefail
echo "==> polling https://paliad.de/health/ready"
# Up to 5 minutes (60 × 5 s) — paliad's cold-start is normally
# ≤30 s; the longer budget covers slow image pulls + migration
# apply.
for i in $(seq 1 60); do
status=$(curl -sS --connect-timeout 3 --max-time 5 \
-o /dev/null -w '%{http_code}' \
https://paliad.de/health/ready || echo "000")
if [ "$status" = "200" ]; then
echo "ready after ${i} poll(s)"
exit 0
fi
echo " [$i/60] status=$status — sleeping 5s"
sleep 5
done
echo "ERROR: /health/ready did not return 200 within 5 minutes."
echo " The deploy fired but the new container is not serving."
echo " Investigate: ssh mlake 'docker logs --tail 50 compose-transmit-multi-byte-driver-v7jth9-web-1'"
exit 1

93
Makefile
View File

@@ -21,26 +21,18 @@
# the test runner's working dirs. None of them touch internal/db/migrations/
# files.
.PHONY: help verify-migrations verify-mig verify-mig-app test test-go test-frontend refresh-snapshot snapshot-upc
.PHONY: help verify-migrations verify-mig test test-go
help:
@echo "Paliad — developer targets"
@echo ""
@echo " verify-migrations Dry-run pending migrations + boot smoke (needs TEST_DATABASE_URL)"
@echo " verify-mig Alias for verify-migrations"
@echo " verify-mig-app End-to-end migration smoke as non-superuser role"
@echo " (needs TEST_APP_DATABASE_URL — t-paliad-282 / m/paliad#114)"
@echo " test Short test pass — covers gate tier"
@echo " test-go Full Go suite with race detector"
@echo " test-frontend Frontend bun:test suite"
@echo " snapshot-upc Regenerate pkg/litigationplanner/embedded/upc/ from live DB"
@echo " (needs DATABASE_URL — see cmd/gen-upc-snapshot/README.md)"
@echo ""
@echo "Set TEST_DATABASE_URL to enable live-DB tests. Example:"
@echo " export TEST_DATABASE_URL=postgres://paliad:...@localhost:11833/paliad_test"
@echo ""
@echo "Set TEST_APP_DATABASE_URL to enable the role-split smoke. Example:"
@echo " export TEST_APP_DATABASE_URL=postgres://paliad_app:...@localhost:5432/paliad_scratch"
# Gate target — the test that would have caught mig 098 / mig 099 before
# deploy. Combines:
@@ -79,86 +71,3 @@ test:
# (full suite, not per-PR).
test-go:
go test -race ./...
# Frontend bun:test suite. Runs the 4 existing pure-TS tests today; will
# grow as mendel's Slice 3 (frontend test infill) lands.
test-frontend:
cd frontend && bun test
# Role-split end-to-end migration smoke — the catch for the mig 129 42501
# ownership class (m/paliad#114). Runs ApplyMigrations as a non-superuser
# role against TEST_APP_DATABASE_URL. Fails the build if any migration
# assumes more privilege than the deploy role has.
#
# Developer setup (local):
# psql -c "CREATE ROLE paliad_app LOGIN PASSWORD 'ci' NOSUPERUSER;"
# psql -c "CREATE DATABASE paliad_scratch OWNER paliad_app;"
# export TEST_APP_DATABASE_URL=postgres://paliad_app:ci@localhost:5432/paliad_scratch
verify-mig-app:
@if [ -z "$$TEST_APP_DATABASE_URL" ]; then \
echo "ERROR: TEST_APP_DATABASE_URL is not set."; \
echo " The role-split migration smoke cannot run without a non-superuser scratch DB."; \
echo " See Makefile comments above this target for setup."; \
exit 2; \
fi
go test -count=1 -run TestMigrations_EndToEndAsAppRole ./internal/db/
# Refresh the prod schema snapshot used by CI's migration smoke
# (t-paliad-282 / m/paliad#114). Connects to youpc-supabase prod, dumps
# the paliad schema + applied_migrations rows, strips rows beyond the
# current branch's max on-disk version, and writes
# internal/db/testdata/prod-snapshot.sql.
#
# When to refresh:
# - After merging a PR that added a new migration to main.
# - When CI's migration smoke starts spuriously failing because the
# snapshot's applied set diverges from on-disk by more than this
# branch's worth of new migs.
#
# Requires PALIAD_PROD_DATABASE_URL env var (a Postgres URL with
# pg_dump rights on youpc-supabase). Example:
# export PALIAD_PROD_DATABASE_URL='postgres://postgres:PW@100.99.98.201:11833/postgres'
refresh-snapshot:
@if [ -z "$$PALIAD_PROD_DATABASE_URL" ]; then \
echo "ERROR: PALIAD_PROD_DATABASE_URL is not set."; \
echo " Refresh requires read access to youpc-supabase prod."; \
exit 2; \
fi
@echo "==> dumping paliad schema (no owner, no privs)..."
@pg_dump --schema-only --schema=paliad --no-owner --no-privileges \
--no-publications --no-subscriptions \
"$$PALIAD_PROD_DATABASE_URL" > internal/db/testdata/prod-snapshot.sql.tmp
@echo "==> appending applied_migrations rows..."
@pg_dump --data-only --table=paliad.applied_migrations \
--no-owner --no-privileges \
"$$PALIAD_PROD_DATABASE_URL" >> internal/db/testdata/prod-snapshot.sql.tmp
@echo "==> stripping pg16 \\restrict / \\unrestrict commands for pg15 compat..."
@sed -i.bak '/^\\restrict /d; /^\\unrestrict /d' internal/db/testdata/prod-snapshot.sql.tmp
@rm -f internal/db/testdata/prod-snapshot.sql.tmp.bak
@echo "==> stripping applied_migrations rows beyond branch's max on-disk version..."
@MAX_VER=$$(ls internal/db/migrations/*.up.sql | xargs -I{} basename {} | sed 's/_.*//' | sort -n | tail -1); \
awk -v max=$$MAX_VER ' \
/^[0-9]+\t/ { split($$0, a, "\t"); if (a[1]+0 > max) next; } \
{ print } \
' internal/db/testdata/prod-snapshot.sql.tmp > internal/db/testdata/prod-snapshot.sql
@rm internal/db/testdata/prod-snapshot.sql.tmp
@wc -l internal/db/testdata/prod-snapshot.sql
# Regenerate the embedded UPC snapshot from a live paliad DB. The
# generator applies pending migrations first, then SELECTs the UPC
# subset and writes JSON files under pkg/litigationplanner/embedded/upc/.
#
# Requires DATABASE_URL — Slice C of the litigation-planner extraction
# (m/paliad#124 §19). See cmd/gen-upc-snapshot/README.md for the full
# operator runbook.
snapshot-upc:
@if [ -z "$$DATABASE_URL" ]; then \
echo "ERROR: DATABASE_URL is not set."; \
echo " Snapshot generation needs read access to a paliad DB."; \
echo " Set DATABASE_URL to the live paliad Postgres, then re-run."; \
exit 2; \
fi
@echo "==> regenerating UPC snapshot from $$DATABASE_URL"
go run ./cmd/gen-upc-snapshot
@echo "==> running snapshot tests against the regenerated data"
go test ./pkg/litigationplanner/embedded/upc/...

59
cmd/gen-upc-snapshot/README.md
View File

@@ -1,59 +0,0 @@
# gen-upc-snapshot
Regenerates the embedded UPC snapshot consumed by
`pkg/litigationplanner/embedded/upc`. Slice C of the litigation-planner
extraction (m/paliad#124 §19). See
`docs/design-litigation-planner-2026-05-26.md` §19 for the full design.
## When to regenerate
After any change that affects the public UPC rule corpus:
- new rules merged via the admin rule-editor
- a deadline-rule migration that touches UPC rows
- a `paliad.holidays` update (new public holidays / vacation runs)
- a `paliad.courts` update (new UPC LD opens, etc.)
- a `paliad.proceeding_types` change for `jurisdiction = 'UPC'`
The snapshot is operator-controlled — there is no CI regeneration in v1.
## How to regenerate
```sh
make snapshot-upc
```
or directly:
```sh
DATABASE_URL=postgres://... go run ./cmd/gen-upc-snapshot
```
Flags:
| Flag | Default | Purpose |
|-----------------|----------------------------------------|---------|
| `-output` | `./pkg/litigationplanner/embedded/upc` | directory to write JSON files into |
| `-version` | auto-derived (`YYYY-MM-DD-N`) | override the snapshot version |
| `-source-label` | empty | text label written to `meta.json` (`paliad-prod`, `paliad-dev`, …) |
The generator:
1. Applies pending migrations against `DATABASE_URL` (snapshot always matches schema HEAD).
2. SELECTs UPC active proceeding_types + their published+active rules + referenced trigger_events + DE/UPC holidays + UPC courts.
3. Writes pretty-printed JSON to `<output>/{proceeding_types,rules,trigger_events,holidays,courts,meta}.json`.
## Idempotence
Running twice with the same DB state produces the same JSON (modulo `meta.generated_at`). Diff-friendly in git.
## Versioning
`meta.json.version` uses `YYYY-MM-DD-N` where N starts at 1 and increments on same-day regenerations. The generator reads the existing `meta.json` and bumps automatically.
## After regeneration
1. Review the diff: `git diff pkg/litigationplanner/embedded/upc/`.
2. Run tests: `go test ./pkg/litigationplanner/embedded/upc/...`.
3. Commit with a message like `chore(snapshot): regenerate UPC snapshot (<reason>)`.
4. Notify any downstream consumer (youpc.org) that a new paliad release is available.

301
cmd/gen-upc-snapshot/main.go
View File

@@ -1,301 +0,0 @@
// Command gen-upc-snapshot reads paliad's live deadline corpus and
// writes the UPC subset as JSON files under
// pkg/litigationplanner/embedded/upc/. The package's embedded
// catalog/holiday/court implementations then serve this data without
// any DB roundtrip — letting youpc.org (or any future consumer) run
// the litigationplanner engine against the canonical UPC rule set.
//
// Slice C (m/paliad#124 §19). See docs/design-litigation-planner-2026-05-26.md
// §19 for the full design.
//
// Usage:
//
// DATABASE_URL=postgres://... go run ./cmd/gen-upc-snapshot \
// [-output ./pkg/litigationplanner/embedded/upc] \
// [-version 2026-05-26-1] \
// [-source-label paliad-dev-supabase]
//
// The generator applies migrations against DATABASE_URL before
// SELECTing (so the snapshot always matches schema HEAD). Idempotent —
// running twice with the same DB state produces the same JSON.
package main
import (
"context"
"encoding/json"
"flag"
"fmt"
"log"
"os"
"os/exec"
"path/filepath"
"strings"
"time"
"github.com/jmoiron/sqlx"
_ "github.com/lib/pq"
"mgit.msbls.de/m/paliad/internal/db"
"mgit.msbls.de/m/paliad/pkg/litigationplanner"
)
const (
defaultOutput = "./pkg/litigationplanner/embedded/upc"
defaultSourceLabel = ""
)
// Meta is the version block written to meta.json. The embedded sub-
// package re-defines this type so consumers can decode it without
// importing the cmd; the cmd holds the canonical write shape.
type Meta struct {
Version string `json:"version"`
GeneratedAt time.Time `json:"generated_at"`
PaliadCommit string `json:"paliad_commit,omitempty"`
SourceDBLabel string `json:"source_db_label,omitempty"`
RuleCount int `json:"rule_count"`
ProceedingCount int `json:"proceeding_count"`
TriggerEventCount int `json:"trigger_event_count"`
HolidayCount int `json:"holiday_count"`
CourtCount int `json:"court_count"`
}
// EmbeddedHoliday is the holiday row shape the embedded snapshot
// stores. JSON tags mirror paliad.holidays so the generator's SELECT
// scans onto it directly + the embedded HolidayCalendar reads the
// same tag.
type EmbeddedHoliday struct {
Date string `db:"date_iso" json:"date"`
Name string `db:"name" json:"name"`
Country *string `db:"country" json:"country,omitempty"`
Regime *string `db:"regime" json:"regime,omitempty"`
State *string `db:"state" json:"state,omitempty"`
HolidayType string `db:"holiday_type" json:"holiday_type"`
}
// EmbeddedCourt is the court row shape the embedded snapshot stores.
type EmbeddedCourt struct {
ID string `db:"id" json:"id"`
Code string `db:"code" json:"code"`
NameDE string `db:"name_de" json:"name_de"`
NameEN string `db:"name_en" json:"name_en"`
Country string `db:"country" json:"country"`
Regime *string `db:"regime" json:"regime,omitempty"`
CourtType string `db:"court_type" json:"court_type"`
ParentID *string `db:"parent_id" json:"parent_id,omitempty"`
SortOrder int `db:"sort_order" json:"sort_order"`
}
func main() {
output := flag.String("output", defaultOutput, "directory to write JSON files into")
version := flag.String("version", "", "explicit snapshot version (auto-derived if empty)")
sourceLabel := flag.String("source-label", defaultSourceLabel, "label for source_db in meta.json")
flag.Parse()
url := os.Getenv("DATABASE_URL")
if url == "" {
log.Fatal("DATABASE_URL must be set")
}
if err := db.ApplyMigrations(url); err != nil {
log.Fatalf("apply migrations: %v", err)
}
pool, err := sqlx.Connect("postgres", url)
if err != nil {
log.Fatalf("connect: %v", err)
}
defer pool.Close()
ctx := context.Background()
if err := run(ctx, pool, *output, *version, *sourceLabel); err != nil {
log.Fatalf("snapshot: %v", err)
}
}
func run(ctx context.Context, pool *sqlx.DB, output, version, sourceLabel string) error {
if err := os.MkdirAll(output, 0o755); err != nil {
return fmt.Errorf("mkdir output: %w", err)
}
// 1. Proceeding types — UPC + active only. The unified upc.apl row
// from B1 mig 134 is included; the 3 archived old appeal codes
// (is_active=false) are filtered out by the WHERE.
var procs []litigationplanner.ProceedingType
if err := pool.SelectContext(ctx, &procs, `
SELECT id, code, name, name_en, description, jurisdiction,
category, default_color, sort_order, is_active,
trigger_event_label_de, trigger_event_label_en,
appeal_target
FROM paliad.proceeding_types
WHERE jurisdiction = 'UPC' AND is_active = true
ORDER BY sort_order, id`); err != nil {
return fmt.Errorf("select proceeding_types: %w", err)
}
if len(procs) == 0 {
return fmt.Errorf("no active UPC proceeding_types — refusing to write empty snapshot")
}
procIDs := make([]int, 0, len(procs))
for _, p := range procs {
procIDs = append(procIDs, p.ID)
}
// 2. Deadline rules — published + active rules for those proceedings.
const ruleCols = `id, proceeding_type_id, parent_id, submission_code, name, name_en,
description, primary_party, event_type, duration_value,
duration_unit, timing, rule_code, deadline_notes, deadline_notes_en, sequence_order,
alt_duration_value, alt_duration_unit, alt_rule_code,
anchor_alt, concept_id, legal_source, is_spawn, spawn_label, is_active,
created_at, updated_at,
trigger_event_id, spawn_proceeding_type_id, combine_op, condition_expr,
priority, is_court_set, lifecycle_state, draft_of, published_at,
choices_offered, applies_to_target`
q, args, err := sqlx.In(`
SELECT `+ruleCols+`
FROM paliad.deadline_rules
WHERE proceeding_type_id IN (?)
AND is_active = true
AND lifecycle_state = 'published'
ORDER BY proceeding_type_id, sequence_order`, procIDs)
if err != nil {
return fmt.Errorf("build rules IN: %w", err)
}
q = pool.Rebind(q)
var rules []litigationplanner.Rule
if err := pool.SelectContext(ctx, &rules, q, args...); err != nil {
return fmt.Errorf("select rules: %w", err)
}
// 3. Trigger events referenced by any UPC rule's trigger_event_id.
triggerIDSet := make(map[int64]struct{})
for _, r := range rules {
if r.TriggerEventID != nil {
triggerIDSet[*r.TriggerEventID] = struct{}{}
}
}
var triggers []litigationplanner.TriggerEvent
if len(triggerIDSet) > 0 {
triggerIDs := make([]int64, 0, len(triggerIDSet))
for id := range triggerIDSet {
triggerIDs = append(triggerIDs, id)
}
q, args, err := sqlx.In(`
SELECT id, code, name, name_de, description, is_active, created_at
FROM paliad.trigger_events
WHERE id IN (?)
ORDER BY id`, triggerIDs)
if err != nil {
return fmt.Errorf("build triggers IN: %w", err)
}
q = pool.Rebind(q)
if err := pool.SelectContext(ctx, &triggers, q, args...); err != nil {
return fmt.Errorf("select trigger_events: %w", err)
}
}
// 4. Holidays — DE national + UPC regime entries. The embedded
// calendar serves UPC computations so both axes matter.
var holidays []EmbeddedHoliday
if err := pool.SelectContext(ctx, &holidays, `
SELECT to_char(date, 'YYYY-MM-DD') AS date_iso,
name, country, regime, state, holiday_type
FROM paliad.holidays
WHERE country = 'DE' OR regime = 'UPC'
ORDER BY date, name`); err != nil {
return fmt.Errorf("select holidays: %w", err)
}
// 5. Courts — UPC subset.
var courts []EmbeddedCourt
if err := pool.SelectContext(ctx, &courts, `
SELECT id, code, name_de, name_en, country, regime, court_type, parent_id, sort_order
FROM paliad.courts
WHERE is_active = true
AND (regime = 'UPC' OR court_type LIKE 'upc%')
ORDER BY sort_order, id`); err != nil {
return fmt.Errorf("select courts: %w", err)
}
// 6. Compose meta.
meta := Meta{
Version: resolveVersion(version, output),
GeneratedAt: time.Now().UTC().Truncate(time.Second),
PaliadCommit: gitCommitShort(),
SourceDBLabel: sourceLabel,
RuleCount: len(rules),
ProceedingCount: len(procs),
TriggerEventCount: len(triggers),
HolidayCount: len(holidays),
CourtCount: len(courts),
}
// 7. Write each file.
files := []struct {
name string
data any
}{
{"proceeding_types.json", procs},
{"rules.json", rules},
{"trigger_events.json", triggers},
{"holidays.json", holidays},
{"courts.json", courts},
{"meta.json", meta},
}
for _, f := range files {
path := filepath.Join(output, f.name)
buf, err := json.MarshalIndent(f.data, "", " ")
if err != nil {
return fmt.Errorf("marshal %s: %w", f.name, err)
}
buf = append(buf, '\n')
if err := os.WriteFile(path, buf, 0o644); err != nil {
return fmt.Errorf("write %s: %w", path, err)
}
}
log.Printf("snapshot written: version=%s rules=%d proceedings=%d triggers=%d holidays=%d courts=%d → %s",
meta.Version, meta.RuleCount, meta.ProceedingCount,
meta.TriggerEventCount, meta.HolidayCount, meta.CourtCount, output)
return nil
}
// resolveVersion picks a date-stamped version slug, bumping the suffix
// past any pre-existing same-day version found in the existing
// meta.json. If the caller passed -version, that wins.
func resolveVersion(explicit, output string) string {
if explicit != "" {
return explicit
}
today := time.Now().UTC().Format("2006-01-02")
// Read prior meta to detect same-day collisions.
prior, err := os.ReadFile(filepath.Join(output, "meta.json"))
if err != nil {
return today + "-1"
}
var pm Meta
if err := json.Unmarshal(prior, &pm); err != nil {
return today + "-1"
}
if !strings.HasPrefix(pm.Version, today+"-") {
return today + "-1"
}
// Same day: bump the suffix.
suffix := pm.Version[len(today)+1:]
var n int
if _, err := fmt.Sscanf(suffix, "%d", &n); err != nil {
return today + "-1"
}
return fmt.Sprintf("%s-%d", today, n+1)
}
// gitCommitShort returns the short SHA of the paliad checkout. Best-
// effort — empty string when we're not in a git checkout.
func gitCommitShort() string {
out, err := exec.Command("git", "rev-parse", "--short", "HEAD").Output()
if err != nil {
return ""
}
return strings.TrimSpace(string(out))
}

29
cmd/server/main.go
View File

@@ -159,37 +159,17 @@ func main() {
submissionVarsSvc := services.NewSubmissionVarsService(pool, projectSvc, partySvc, users)
submissionRenderer := services.NewSubmissionRenderer()
submissionDraftSvc := services.NewSubmissionDraftService(pool, projectSvc, submissionVarsSvc, submissionRenderer)
// t-paliad-313 Composer Slice A — base catalog + section seeding.
// AttachComposer wires both into the draft service so Create
// seeds base_id + submission_sections rows on new drafts. v1
// fallback path stays active for pre-Composer drafts (base_id
// NULL, no section rows).
submissionBaseSvc := services.NewBaseService(pool)
submissionSectionSvc := services.NewSectionService(pool)
submissionDraftSvc.AttachComposer(submissionBaseSvc, submissionSectionSvc, branding.Name)
// t-paliad-313 Slice B — render-pipeline assembler. Reuses the
// existing SubmissionRenderer for the final placeholder pass so
// the {{rule.X}} alias contract stays preserved inside the
// composed body.
submissionComposerSvc := services.NewSubmissionComposer(submissionRenderer)
// t-paliad-315 Slice C — building-block library.
submissionBuildingBlockSvc := services.NewBuildingBlockService(pool, branding.Name)
// t-paliad-225 Slice A — user-authored checklist templates.
// Slice B adds checklist_shares grants + admin promotion.
checklistCatalogSvc := services.NewChecklistCatalogService(pool)
sysAuditSvc := services.NewSystemAuditLogService(pool)
checklistTemplateSvc := services.NewChecklistTemplateService(pool, checklistCatalogSvc, sysAuditSvc, users)
svcBundle = &handlers.Services{
Pool: pool,
Project: projectSvc,
Team: teamSvc,
PartnerUnit: partnerUnitSvc,
Party: partySvc,
SubmissionDraft: submissionDraftSvc,
SubmissionBase: submissionBaseSvc,
SubmissionSection: submissionSectionSvc,
SubmissionComposer: submissionComposerSvc,
SubmissionBuildingBlock: submissionBuildingBlockSvc,
SubmissionDraft: submissionDraftSvc,
Deadline: deadlineSvc,
Appointment: appointmentSvc,
CalDAV: caldavSvc,
@@ -240,8 +220,6 @@ func main() {
Export: services.NewExportService(pool, branding.Name),
// t-paliad-265 / m/paliad#96 — per-event-card optional choices.
EventChoice: services.NewEventChoiceService(pool, projectSvc, users),
// Slice D (m/paliad#124 §5, mig 145) — named scenario compositions.
Scenario: services.NewScenarioService(pool, projectSvc, rules),
}
// t-paliad-246 Slice A — Backup Mode runner. Wired only when
@@ -358,11 +336,6 @@ func main() {
log.Printf("CalDAV start: %v", err)
}
reminderSvc.Start(bgCtx)
// Slice B.4 (mig 140, t-paliad-305): legacy paliad.deadline_rules
// dropped. The B.2 dual-write drift-check loop is retired — the
// procedural_events / sequencing_rules / legal_sources tables
// are now the source of truth and there is no parallel side to
// compare against. Pre-drop drift was verified clean in mig 140.
go func() {
<-bgCtx.Done()
log.Println("background services: shutdown signal received")

45
cmd/server/main_smoke_test.go
View File

@@ -98,51 +98,6 @@ func TestBootSmoke(t *testing.T) {
if body := strings.TrimSpace(rec.Body.String()); body != "ok" {
t.Errorf("GET /healthz: body=%q; want \"ok\"", body)
}
// (4) Readiness probe. With a nil Services bundle the endpoint MUST
// report 503 — that's the contract documented in handlers/handlers.go.
// A separate svc-with-Pool case is exercised in TestHealthReady (live).
rec = httptest.NewRecorder()
req = httptest.NewRequest(http.MethodGet, "/health/ready", nil)
mux.ServeHTTP(rec, req)
if rec.Code != http.StatusServiceUnavailable {
t.Errorf("GET /health/ready (nil svc): status=%d; want 503", rec.Code)
}
}
// TestHealthReady_Live asserts the readiness probe answers 200 when the
// pool is reachable, 503 when it isn't. Requires TEST_DATABASE_URL.
//
// Why a separate test: TestBootSmoke runs Register with svc=nil to keep
// its setup minimal; the pool-reachable path needs the pool wired in
// through svc.Pool. Two tests, two assertions, no entanglement.
func TestHealthReady_Live(t *testing.T) {
url := os.Getenv("TEST_DATABASE_URL")
if url == "" {
t.Skip("TEST_DATABASE_URL not set — skipping live readiness probe")
}
if err := db.ApplyMigrations(url); err != nil {
t.Fatalf("db.ApplyMigrations: %v", err)
}
pool, err := db.OpenPool(url)
if err != nil {
t.Fatalf("open pool: %v", err)
}
mux := http.NewServeMux()
authClient := auth.NewClient("https://test.invalid", "anon-key", []byte("test-secret"))
handlers.Register(mux, authClient, "", &handlers.Services{Pool: pool})
rec := httptest.NewRecorder()
req := httptest.NewRequest(http.MethodGet, "/health/ready", nil)
mux.ServeHTTP(rec, req)
if rec.Code != http.StatusOK {
t.Errorf("GET /health/ready (live pool): status=%d, body=%q; want 200", rec.Code, rec.Body.String())
}
if body := strings.TrimSpace(rec.Body.String()); body != "ready" {
t.Errorf("GET /health/ready (live pool): body=%q; want \"ready\"", body)
}
}
// embeddedMigrationVersions returns every N where N_*.up.sql exists in

181
docs/cicd-runner-setup-2026-05-25.md
View File

@@ -1,181 +0,0 @@
# CI/CD runner setup — paliad
**Companion to:** `docs/design-cicd-pre-deploy-gate-2026-05-25.md` (Slice A, t-paliad-282 / m/paliad#114)
**Date:** 2026-05-25
**Audience:** mlake / mriver admin (m or head)
Slice A's `.gitea/workflows/test.yaml` requires (a) at least one online Gitea Actions runner and (b) a Dokploy API token wired as a repo secret. Both are one-time setup actions that paliad's source tree cannot perform itself — they live on infra-side. This doc lists them so the workflow can go green on its first run.
---
## 0. Pre-flight: what already exists
Verified live (2026-05-25 cronus inventor shift):
- Gitea 1.24.4 on `mgit.msbls.de`, `has_actions: true` on `m/paliad`.
- `/api/v1/admin/actions/runners` reports **2 runners** registered. They are likely the shared runners used by `m/mGreen` and `m/mGeo` (both have `.gitea/workflows/deploy.yml` with `runs-on: self-hosted`).
- `m/paliad/actions/tasks` reports `total_count=0` — paliad has never run a workflow yet.
The existing runners may already be capable of running paliad's workflow without further setup. The verification step (§3) below tells you whether they are.
---
## 1. Runner placement decision (m's Q11.1)
m's pick: **mriver**.
Rationale: mriver hosts the mai worker fleet but workers spend most of their time waiting on Anthropic. mlake's Dokploy + Swarm workload is more contended. A new runner on mriver adds the least pressure to either box.
If mriver is offline or saturated when CI first fires, fall back to the existing mlake-side runners (they're already registered; no provisioning needed).
---
## 2. One-time setup (admin steps)
### 2.1 Register a new Gitea Actions runner on mriver
```bash
# On mriver, as m:
# 1. Download the act_runner binary (matching Gitea 1.24.x)
curl -L -o /usr/local/bin/act_runner \
https://gitea.com/gitea/act_runner/releases/download/v0.2.13/act_runner-0.2.13-linux-amd64
chmod +x /usr/local/bin/act_runner
# 2. Get a runner registration token. In the Gitea UI:
# /admin → Actions → Runners → "Create new Runner"
# (or org-scope: /m/paliad/settings/actions/runners)
# Copy the token.
# 3. Register
mkdir -p ~/act_runner && cd ~/act_runner
act_runner register --no-interactive \
--instance https://mgit.msbls.de \
--token <REGISTRATION_TOKEN> \
--name mriver-paliad-1 \
--labels ubuntu-latest:docker://node:20-bookworm
# 4. Run as a systemd unit (preferred) or as a session daemon
# Systemd unit example: /etc/systemd/system/act_runner.service
# [Unit]
# Description=Gitea Actions runner
# After=network.target
# [Service]
# User=m
# WorkingDirectory=/home/m/act_runner
# ExecStart=/usr/local/bin/act_runner daemon
# Restart=on-failure
# [Install]
# WantedBy=multi-user.target
sudo systemctl enable --now act_runner
sudo systemctl status act_runner
```
**Why `ubuntu-latest:docker://node:20-bookworm` for the label?** Gitea Actions' `runs-on: ubuntu-latest` resolves via the runner's label map. Mapping it to a Docker image gives the workflow a sandbox with Docker available — required for our Postgres service container in `test.yaml`. mriver should have Docker (for `paliadin-shim`); if not, install it.
### 2.2 Register the Dokploy API token as a repo secret
The workflow's `deploy` job needs `secrets.DOKPLOY_TOKEN`. Use the existing project-wide Dokploy API key (the one stored in `~/.claude/skills/mai-dokploy/SKILL.md`).
In the Gitea UI:
- Navigate to `https://mgit.msbls.de/m/paliad/settings/actions/secrets`
- Click "Add secret"
- Name: `DOKPLOY_TOKEN`
- Value: `mai-ottosSyRHMhmLhhhXaCbKzbqKBuSqzqEtmKDOPelPCeimTaYsbmaVslVyEgJZGCIxVdz`
Or via API (mAi identity):
```bash
curl --netrc-file ~/.netrc-mai -sS -X POST \
-H "Content-Type: application/json" \
https://mgit.msbls.de/api/v1/repos/m/paliad/actions/secrets/DOKPLOY_TOKEN \
-d '{"data":"mai-ottosSyRHMhmLhhhXaCbKzbqKBuSqzqEtmKDOPelPCeimTaYsbmaVslVyEgJZGCIxVdz"}'
```
(Requires repo-owner permission. If mAi lacks it, m runs it.)
---
## 3. Verify the runner sees the workflow
After (2.1) + (2.2):
```bash
# Push the Slice A branch (the one this doc lives on)
git push origin mai/cronus/coder-cicd-slice-a
# Confirm the runner picked up the job
curl --netrc-file ~/.netrc-mai -sS \
"https://mgit.msbls.de/api/v1/repos/m/paliad/actions/tasks?limit=5" | jq '.'
```
A new task per job should appear (build, test-go). If `total_count` stays 0, the runner labels don't match the workflow's `runs-on`. Re-register with `--labels ubuntu-latest` (no docker:// suffix) and the existing runners on mlake will pick it up via shell mode.
---
## 4. Soft-launch (m's Q11.4)
m's pick: **keep both Dokploy auto-deploy and the workflow's deploy step alive for ~1 week. After ≥5 successful green deploys via the workflow, disable Dokploy's autoDeploy in the Dokploy UI for the paliad compose.**
While both are live, every push to main fires:
1. Dokploy webhook (existing path) → deploys immediately, no gate.
2. Gitea workflow → on green, ALSO calls `compose.deploy`.
The second call is idempotent — if Dokploy already deployed the same commit, this is a no-op. The workflow's value during soft-launch is the **gate signal**: a red workflow on a green main = the bad migration shipped via the unguarded webhook and broke prod, and the workflow is shouting about it.
After confidence builds:
1. In the Dokploy UI, navigate to the paliad compose → Settings.
2. Toggle "Auto Deploy" off.
3. Save.
From this point, the only path to deploy is the workflow's deploy job. Red workflow = no deploy.
---
## 5. What Slice A catches today — and what it doesn't
After this branch (`mai/cronus/coder-cicd-slice-a`) merges to main:
### Catches (active in CI)
- **Build breakage** — `go build`, `go vet`, `bun run build`. Red gate, no deploy.
- **Slot collisions** — `TestMigrations_NoDuplicateSlot` runs without a DB. A PR adding migration N when version N already exists fails at gate time. This is the brunel-class catch (m/paliad#114 ~13:20 outage).
- **New-migration shape errors (hermes class)** — `TestBootSmoke` runs `ApplyMigrations` against the snapshot-restored DB. New migs from this PR get applied for real; any column/relation/syntax error fails the gate before merge.
- **New-migration ownership errors (mig 129 42501 class)** — `TestMigrations_EndToEndAsAppRole` runs `ApplyMigrations` connected as `postgres` (NON-superuser on `supabase/postgres:15.8.1.060`, same role topology as youpc-supabase prod). Any migration that assumes supabase_admin privilege fails with the same `42501 must be owner` error class that took paliad.de offline on 2026-05-25.
- **Readiness probe regressions** — `TestHealthReady_Live` confirms `/health/ready` returns 200 against a live pool, 503 against a nil pool.
- **Pure-Go test regressions** — `go test ./internal/... ./cmd/...` runs without `TEST_DATABASE_URL` (live-DB service tests skip the same way they do on a developer laptop without a scratch DB).
### Mechanism — the snapshot approach
CI's scratch DB starts from a `pg_dump` of youpc-supabase paliad schema +
`paliad.applied_migrations` rows, committed to `internal/db/testdata/prod-snapshot.sql`. After restore, the scratch DB is at "paliad HEAD of snapshot" and `ApplyMigrations` sees only this PR's new migrations as pending.
This sidesteps the fresh-DB idempotence problem: several historical migrations (notably mig 037's missing `CREATE EXTENSION pg_trgm`, mig 051's inner `COMMIT;`) can't be replayed from scratch against `supabase/postgres:15.8.1.060`. The snapshot pins everything that's already applied in prod and lets CI focus on what's new — which is what we actually care about for outage prevention.
Snapshot refresh: `make refresh-snapshot` with `PALIAD_PROD_DATABASE_URL` set (see `internal/db/testdata/README.md`).
### Known gap — live-DB service tests don't run in CI
`internal/services/*_test.go` tests with `TEST_DATABASE_URL` set fail against `supabase/postgres:15.8.1.060` with `42P08 inconsistent types deduced for parameter` errors on some INSERT bind paths. The same tests pass against youpc-supabase prod. Cause is unconfirmed — likely subtle differences in type inference between the dockerized image and the prod cluster's configuration. CI today runs `go test ./...` without `TEST_DATABASE_URL` so these tests skip. Not blocking outage prevention; tracked as a follow-up for the post-Slice-A coder.
### Migration cleanup also bundled in this PR
Two surgical migration improvements that surfaced during snapshot debugging — kept here because they're small and harmless:
- **mig 024 + 027** — `ALTER INDEX` / `ALTER POLICY` exception handlers now catch `undefined_object` OR `undefined_table` OR `duplicate_object`. Old handler caught only `undefined_object`; Postgres raises `undefined_table` when the source object never existed and `duplicate_object` when the destination already exists. The expanded handler makes the migrations truly idempotent across the three plausible states: source-still-German (rename succeeds), already-renamed (catches duplicate_object), and fresh-DB-never-had-German (catches undefined_table).
Other migration history bugs (mig 037 missing pg_trgm, mig 051 inner COMMIT) are tracked as a separate cleanup task — not blocking, because the snapshot bypasses them.
### Verification checklist (after Slice A merges)
1. **Workflow green on its first PR run?** Check `/m/paliad/actions`. If not, fix before merging.
2. **Dokploy `compose.deploy` call succeeds?** The workflow's `deploy` job logs the POST response. A successful response is a Dokploy job ID; a 4xx is an auth or compose-id problem.
3. **`/health/ready` returns 200 within 5 minutes after a green deploy?** The workflow polls this. If it times out, the migration may have failed silently inside the new container — check `docker logs --tail 50 compose-transmit-multi-byte-driver-v7jth9-web-1` on mlake.
4. **Reproduce the slot-collision catch locally:** rename `131_…up.sql` to `129_…` (duplicate slot) → workflow MUST fail at `Migration coordination check`. Revert before pushing.
5. **Reproduce the role-split catch locally:** add a no-op migration `132_test_supersedes.up.sql` containing `REINDEX SYSTEM paliad_scratch;` (requires superuser). Workflow MUST fail at `Migration end-to-end (deploy role)`. Revert before pushing.
---
## 6. Future polish (Slice D, m's Q4 R-pick)
`mai-test` post-merge shift: once Slice A is stable, wire a Gitea webhook on push-to-main that fires `/mai-test` as a follow-up shift. It runs the broader smoke + integration suite and posts results as a Gitea commit status. Not blocking; the gate doesn't depend on it.
Implementation belongs in `m/mAi` (the mai webhook handler), not in paliad. Out of scope for Slice A.

631
docs/design-cicd-pre-deploy-gate-2026-05-25.md Normal file
View File

@@ -0,0 +1,631 @@
# Design — CI/CD pre-deploy test + migration gate
**Author:** cronus (inventor)
**Date:** 2026-05-25
**Task:** t-paliad-282 — m/paliad#114
**Branch:** `mai/cronus/inventor-ci-cd-pre`
**Status:** DESIGN READY FOR REVIEW. No code, no compose edits, no Dokploy changes. Awaiting head go/no-go on §3 R-picks + §11 open questions before any coder shift.
---
## 0. TL;DR
Paliad has been offline ≈ 90 min of the last 4 h today (three independent migration crash-loops). The repo has a `TestMigrations_DryRun` (`internal/db/migrate_test.go`) that already would have caught two of the three; it has never been run by anything except local laptops because there is **no CI**. mendel's `docs/design-paliad-test-strategy-2026-05-19.md` Slice 7 deferred CI wiring on the Q2 question to m; today's outages make Slice 7 the highest-leverage paliad change on the board.
The site goes offline on a failed deploy because the compose has `restart: unless-stopped` + no healthcheck + no Swarm `deploy:` block. Dokploy compose mode (verified live on `compose-transmit-multi-byte-driver-v7jth9` — paliad's auto-named project) runs `docker compose up -d --force-recreate`: the old container is killed BEFORE the new one starts. When the new one's migrator panics, the old one is already gone — Traefik has nothing to route to, paliad.de serves 404. With 14 restart attempts and counting on the current container.
**Two-pronged fix:**
1. **Pre-deploy gate (PRIMARY) — Gitea Actions runs `go build` + `bun run build` + `go test ./...` + a beefed-up migration smoke test against an ephemeral Postgres BEFORE Dokploy's webhook fires.** If red, the deploy never happens. If green, Dokploy gets called and replaces the container. Per m's constraint: no `.dev` clone, no second Dokploy app. Single source of truth, single prod surface. The gate is in front of the existing deploy, not parallel to it.
2. **Runtime safety net (SECONDARY) — tighten the migrator to fail-fast loudly + cap the restart loop so a bad deploy doesn't keep flailing for hours.** The compose change is small (add `healthcheck:` + `restart: on-failure:3`); the actual win is preventing the deploy with prong 1.
**Both prongs together close the failure mode. Prong 1 alone is enough for the three outages today.** Prong 2 is defense in depth for the rare case where prod data shape diverges from the CI Postgres in a way the smoke harness can't predict.
Six open questions for m at §11. The R-picks let m sign off in one chip-round instead of negotiating each one. Coder shift after head's go/no-go.
---
## 1. Today's outages — root cause analysis
Three migration crash-loops, three distinct mechanisms. All three would have been caught by CI:
### 1.1 ~13:20 — brunel slot collision (mig 123)
**Mechanism.** brunel's in-process tests wrote a row to `paliad.applied_migrations` claiming `version=123` with the wrong name. cronus's actual `123_backups.up.sql` shipped in parallel. On next deploy, the runner saw version 123 already "applied" with the wrong name and `checkNameAgreement` hard-failed.
**Why CI catches it.** Two workers writing to slot 123 means at PR-time both branches have a file named `123_*.up.sql`. A pre-merge CI gate that runs `scanEmbeddedMigrations()` (which already hard-fails on duplicate slots — `internal/db/migrate.go:148`) flags the second PR before it's merged. The merger has to coordinate (rename their migration to 124 or wait for the first to land).
**Currently caught by:** local `go test` of the duplicate-slot path, which always failed; the safeguard is in the runner. CI just enforces the safeguard before merge.
### 1.2 ~16:05 — hermes dropped-column refs (mig 125)
**Mechanism.** `125_cross_cutting_filter_legal_source.up.sql` referenced columns (`is_mandatory`, `is_optional`, `condition_flag`) that had been dropped in migration 091. mig 125 compiled fine; the failure only surfaced when the runner applied it against a DB that had already run mig 091.
**Why CI catches it.** `TestMigrations_DryRun` (live in `internal/db/migrate_test.go:47`) applies every pending migration in order against a scratch DB. On a fresh DB walked from 001 → 125, mig 091 drops the columns; by the time mig 125 runs, those columns don't exist, mig 125 errors out, the test fails. Today this test silently skips because no machine in CI sets `TEST_DATABASE_URL`.
**Currently caught by:** nothing in CI. Manually catchable by running `make verify-migrations` on a developer laptop with `TEST_DATABASE_URL` set — but that's "if the worker remembers."
### 1.3 ~14:56 → still failing — mig 129 ownership error (LIVE OFFLINE NOW)
**Mechanism.** `129_project_event_choices.up.sql` does something on `paliad.project_event_choices` that the DB role lacks the OWNER privilege for. Live container `compose-transmit-multi-byte-driver-v7jth9-web-1` is on RestartCount=14 with:
```
migration failed: apply 129_project_event_choices.up.sql:
exec sql: pq: must be owner of table project_event_choices (42501)
```
Paliad.de returns 404 from Traefik (no healthy backend) as of 16:57 UTC.
**Why CI catches it — if and only if the CI Postgres is set up correctly.** The dry-run test runs as a role that owns the scratch DB it created → it WILL be owner of every table. The current CI proposal must run the migrations AS THE NON-OWNER ROLE that prod uses (or a CI role that mirrors prod's grants). Postgres error code 42501 surfaces only when the apply role isn't the table owner.
**Concrete CI requirement:** the smoke harness creates two roles in the scratch DB — one as table-owner (matching the original mig 001 schema-creator role), one as the application-deployer role (the one that runs `ApplyMigrations` in prod). Mig 091 → 129 are applied as the deployer role. Any migration that assumes implicit ownership will fail in CI exactly as it fails in prod.
**Currently caught by:** nothing. The dry-run test, even when run with `TEST_DATABASE_URL`, uses a single role that is implicitly owner of every table it touches; it does not simulate the role split that exists in prod (`youpc-supabase` DB, paliad app connects as a non-owner role).
### 1.4 Common failure path — why all three knock the site offline
Independent of WHICH migration fails, the moment the new container panics:
```
docker compose up -d --force-recreate ← Dokploy runs this on webhook
old container stopped + removed
new container created, starts /app/paliad
ApplyMigrations(databaseURL) panics
container exits 1
restart: unless-stopped triggers restart
restart loop forever — Traefik has no healthy backend
paliad.de returns 404 indefinitely
```
The old container is GONE between `stop` and the new container's first health-check (there is no health-check). There is no rolling deploy, no `--no-recreate`, no swap-on-healthy. The compose `restart: unless-stopped` only ensures the failing container keeps trying — it does not preserve the old one.
---
## 2. m's constraints (verbatim from issue body)
- **No `paliad.dev` duplicate:** don't want a separate Dokploy app + branch + DB. One source of truth, one prod surface.
- **Test workers included:** build + tests must run somewhere before the deploy.
- **Existing infra only:** gitea (`mgit.msbls.de`) · mlake (Dokploy + Docker Swarm + Compose) · mriver (Tailscale-attached worker fleet).
- **Site stays online through failed deploys:** a broken migration must NOT take the running container down.
Restating the implicit constraint: paliad on Dokploy uses Dokploy's "Compose" deployment type (not "Application"), so we do not get Docker Swarm's `deploy.update_config.failure_action: rollback` for free. Verified live: compose YAML at `/etc/dokploy/compose/compose-transmit-multi-byte-driver-v7jth9/code/docker-compose.yml` has no `deploy:` block; project's docker-compose.yml has none either. Dokploy "Compose" runs `docker compose up -d` which is not Swarm-aware.
---
## 3. Decision matrix
For each Q, this section gives the **R-pick**, the cost (LoC / new infra), the maintenance footprint, and the time-to-ship estimate (rough complexity bands: small / medium / large — no hours per project CLAUDE.md).
### Q1 — Where do tests run?
| Option | Cost | Maintenance | Notes |
|---|---|---|---|
| **A. Gitea Actions (R)** | 1 workflow YAML (~80 lines) + Postgres service container | Low — m's stack already runs gitea | mendel's Slice 7 picked this on Q2. Verified live: Gitea 1.24.4, `mgit.msbls.de`, `has_actions: true` on `m/paliad`, ≥2 admin runners registered. |
| B. Custom mriver proxy | New Go service + webhook forwarder + container | Medium — paliad-specific glue | Reinvents Gitea Actions; only justified if Actions can't be made to work, which it can. |
| C. Dokploy pre-deploy hook | Unknown — Dokploy compose mode may not expose this | Unknown | Tighter integration but no documented hook for compose mode. Skip. |
**R = A.** Gitea Actions runner on the existing infra (mriver workers can host a runner if mlake's load is a concern — see §7).
### Q2 — Where does the migration get tested?
| Option | Cost | Maintenance | Notes |
|---|---|---|---|
| **A. CI smoke against ephemeral scratch Postgres (R)** | Postgres service container in Gitea workflow + extension to `TestMigrations_DryRun` to cover role-ownership | Low — runs on every PR | Catches all three of today's outages if the role-split (§1.3) is wired correctly. |
| B. Dry-run-mode CLI flag | Add `--migrate-dry-run` to the Go binary; CI step `./paliad --migrate-dry-run` against scratch DB | Low | Equivalent to A but with an entry-point that's also useful for manual ops. Nice-to-have, not blocking. |
| **C. Runtime fail-fast + restart cap (R, defense in depth)** | Edit docker-compose.yml `restart: on-failure:3` + add `healthcheck:` | Trivial | Doesn't prevent the outage but caps the crash-loop blast radius and gives Dokploy/Traefik a signal to fall back. |
**R = A + C.** Belt-and-suspenders. A catches every shape-error before it reaches prod; C ensures the rare unknown-unknown doesn't crash-loop for hours.
### Q3 — Blue/green or canary for the container itself?
| Option | Cost | Maintenance | Notes |
|---|---|---|---|
| A. Switch to Dokploy "Application" type (Swarm-backed) | Re-create the Dokploy deployment as Application; migrate `paliad_exports` volume; reconfigure SSH-multi-line secrets | Medium — new deployment shape | Gives proper `deploy.update_config.failure_action: rollback`. But m has explicitly excluded multi-app/multi-branch setups. |
| **B. Stay on Compose + tighten healthcheck + restart cap (R)** | `healthcheck:` block (~6 lines) + `restart: on-failure:3` (~1 line) | Trivial | Does NOT give us rolling deploy. The "stay online during failed deploy" property is delivered by **Q1 + Q2** (the gate prevents the broken deploy from happening at all). The compose changes are for the residual case. |
| C. Do nothing | 0 | 0 | Today's outages recur. |
**R = B.** Stay on Compose. Real online-during-failure protection comes from the CI gate (Q1+Q2). The compose changes are damage limitation, not the primary mechanism.
### Q4 — How do test workers (existing mai workers) fit in?
| Option | Cost | Maintenance | Notes |
|---|---|---|---|
| **A. Per-worker pre-push tests stay (already-convention) + CI is the safety net (R)** | 0 (convention exists) + Slice A | Low | Workers run `go build / go vet / go test / bun run build` by convention. CI ensures the convention isn't accidentally skipped. |
| B. Replace per-worker tests with CI-only | 0 in CI; but workers waste cycles pushing red diffs | Higher feedback latency | Workers find out their work is broken from CI instead of locally — slower loop. |
| **C. Add a `mai-test` post-merge shift on main (R, optional polish)** | Existing skill, just wire it to the merge webhook | Low | Per `mai-test` skill — broader smoke + integration suite, reports back to gitea as a check status. Nice-to-have, can be Slice D. |
**R = A + C.** Per-worker discipline at push, Gitea Actions at PR, `mai-test` polish post-merge.
### Q5 — Migration coordination (root cause of outage 1)
| Option | Cost | Maintenance | Notes |
|---|---|---|---|
| **A. Head reserves migration slots when assigning tasks that need a migration (R, in flight)** | 0 in code — process discipline | Low — head already trending this way | Today's session: head already does this in flight. Codify as a skill rule in `mai-head` SKILL.md. |
| **B. CI pre-flight check: fail build if any migration's slot exists in `applied_migrations` with a different name (R)** | ~20 LoC Go test reading `applied_migrations` from prod-snapshot | Low | Belt and suspenders for A. Catches the brunel case before merge. |
| C. Branch-time check in `mai hire` | ~20 LoC shell in mai CLI | Medium — paliad-specific in the cross-project CLI | Wrong place. The check belongs in CI, not in worker spawning. |
**R = A + B.** Head coordination as the primary; CI flag as the safety net.
### Q6 — Existing prod traffic during deploy
| Option | Cost | Maintenance | Notes |
|---|---|---|---|
| **A. Verify Dokploy "Compose" deploy behavior live + document in CLAUDE.md (R)** | 1 SSH session + write-up | 0 | Verified above (§1.4): Dokploy compose mode does `--force-recreate`, no rolling deploy. The protection comes from the CI gate, not from this property. |
| B. Investigate Dokploy "Application" migration | Medium — a separate proposal | Medium | Out of scope per m's constraint (#3). |
**R = A.** Document the limitation; the CI gate (Q1+Q2) is the primary online-during-failure mechanism.
### Summary of R-picks
| Q | Pick | Slice |
|---|---|---|
| Q1 | A — Gitea Actions on mriver/mlake runner | A (workflow) |
| Q2 | A + C — CI smoke + runtime fail-cap | A (smoke) + B (compose) |
| Q3 | B — Stay on Compose, add healthcheck + restart-cap | B |
| Q4 | A + C — Per-worker tests + CI + mai-test polish | A + D |
| Q5 | A + B — Head reservation + CI duplicate-slot check | A (CI) + head SKILL.md |
| Q6 | A — Document compose mode behavior | (doc only) |
---
## 4. Recommended pipeline
```
┌──────────────────────────────────────────────────────────────────┐
│ Worker shift │
│ ┌────────────────────────────────────────────────────────────┐ │
│ │ mai/<worker>/<task> branch │ │
│ │ go build / go vet / go test ./internal/... / bun build │ │ pre-push (convention, exists)
│ │ push to gitea │ │
│ └────────────────────────────────────────────────────────────┘ │
└───────────────────────────────┬──────────────────────────────────┘
│ git push
┌──────────────────────────────────────────────────────────────────┐
│ mgit.msbls.de — Gitea │
│ ┌────────────────────────────────────────────────────────────┐ │
│ │ .gitea/workflows/test.yml fires on: │ │
│ │ push to any branch (gate tier) │ │ Slice A
│ │ push to main (gate + full + deploy step) │ │
│ │ │ │
│ │ Jobs (all on a single runner; parallel where independent):│ │
│ │ ┌──────────────────────────────────────────────────────┐ │ │
│ │ │ job: build │ │ │
│ │ │ bun install + bun run build │ │ │
│ │ │ go build ./... │ │ │
│ │ ├──────────────────────────────────────────────────────┤ │ │
│ │ │ job: test-go │ │ │
│ │ │ services: postgres:16 (ephemeral) │ │ │
│ │ │ step: psql -c "CREATE ROLE paliad_app …" │ │ │
│ │ │ step: TEST_DATABASE_URL=…@…/scratch go test ./... │ │ │
│ │ │ step: TEST_DATABASE_URL=…@…/scratch │ │ │
│ │ │ (extended) TestMigrations_DryRun │ │ │
│ │ ├──────────────────────────────────────────────────────┤ │ │
│ │ │ job: test-frontend (optional Slice C) │ │ │
│ │ │ bun test │ │ │
│ │ ├──────────────────────────────────────────────────────┤ │ │
│ │ │ job: migration-coordination-check │ │ │ Slice A.4 — duplicate-slot, name-mismatch
│ │ │ go test -run TestMigrations_NoDuplicate ./internal/db│ │ │
│ │ └──────────────────────────────────────────────────────┘ │ │
│ └─────────────────────┬──────────────────────────────────────┘ │
└────────────────────────┼─────────────────────────────────────────┘
│ all green
│ AND ref == refs/heads/main
┌──────────────────────────────────────────────────────────────────┐
│ Gitea workflow step: deploy │
│ ┌────────────────────────────────────────────────────────────┐ │
│ │ curl POST https://<dokploy>/api/compose/ │ │
│ │ <Zx147ycurfYagKRl_Zzyo>/deploy │ │
│ │ Authorization: Bearer ${{ secrets.DOKPLOY_TOKEN }} │ │
│ └────────────────────────────────────────────────────────────┘ │
└───────────────────────────────┬──────────────────────────────────┘
│ Dokploy webhook (instead of gitea push webhook)
┌──────────────────────────────────────────────────────────────────┐
│ mlake — Dokploy │
│ ┌────────────────────────────────────────────────────────────┐ │
│ │ docker compose pull + up -d --force-recreate │ │
│ │ ┌──────────────────────────────────────────────────────┐ │ │
│ │ │ web container: /app/paliad │ │ │
│ │ │ ApplyMigrations(DATABASE_URL) │ │ │
│ │ │ ✓ all green from CI ⇒ this will succeed │ │ │
│ │ │ bind :8080 │ │ │
│ │ │ healthcheck GET /health/ready every 10s │ │ │ Slice B
│ │ │ restart: on-failure:3 (was: unless-stopped) │ │ │ Slice B
│ │ └──────────────────────────────────────────────────────┘ │ │
│ └────────────────────────────────────────────────────────────┘ │
└──────────────────────────────────────────────────────────────────┘
```
**Critical change vs. today:** the gitea push webhook → Dokploy is REPLACED by gitea workflow → CI → if green, the workflow itself calls Dokploy. The webhook is removed (or pointed at a no-op endpoint) so Dokploy can't be triggered any way except via the workflow's final step. **One way in, gated by CI.**
If the CI fails:
- The deploy step never runs.
- Dokploy never fires.
- The old container keeps serving paliad.de.
- Gitea workflow status goes red; gitea posts a check status on the commit; head sees it on the project page or via `mai status`.
If a worker pushes red to a feature branch (not main):
- The gate-tier subset of jobs runs (build + go test + migration smoke).
- Red status on the branch surfaces in PR view.
- Deploy never even attempted (only fires on `main`).
- Worker fixes locally and pushes again.
---
## 5. Compose changes (Slice B)
Minimal, targeted. The compose stays Docker-Compose-mode (Dokploy "Compose" type). No Swarm migration.
**Diff (conceptual; coder produces real diff):**
```yaml
services:
web:
build: .
expose:
- "8080"
environment:
# …(unchanged)…
volumes:
- paliad_exports:/var/lib/paliad/exports
restart: on-failure:3 # was: unless-stopped
healthcheck:
test: ["CMD", "wget", "-q", "--spider", "http://localhost:8080/health/ready"]
interval: 10s
timeout: 3s
retries: 3
start_period: 30s # boot + migrate window
```
**What `restart: on-failure:3` buys:**
- After 3 failed restarts within the policy window, Docker stops auto-restarting.
- The container enters `exited` state.
- Dokploy can surface "deploy failed" in its UI.
- We don't burn CPU + Postgres connections on an infinite crash-loop.
**What `healthcheck:` buys:**
- Traefik (Dokploy's reverse proxy) checks `condition: service_healthy` on the target before routing.
- If the container is `unhealthy`, Traefik returns 503 (one extra retry path).
- More importantly: when CI is wired to call Dokploy's API, the API call can poll `/health/ready` after the deploy and report success/failure in the workflow.
**What this does NOT buy (per Q3):**
- It does NOT keep the old container alive while the new one starts. Compose mode kills the old container first. **The CI gate (Slice A) is what keeps the old container alive — by preventing the broken deploy from firing at all.**
**Implementation gotcha — `/health/ready` doesn't exist yet:**
- `internal/handlers/` has no `health` handler. The endpoint must be added (cheap, ~20 LoC: open `internal/db` pool ping + return 200 / 503). Slice B includes this.
---
## 6. Migration smoke harness (Slice A.2)
Extending `internal/db/migrate_test.go` to catch today's three outage classes:
### 6.1 What exists today (working)
`TestMigrations_DryRun` (migrate_test.go:47) walks pending migrations and applies each in BEGIN/ROLLBACK against a scratch DB. It catches:
- SQL syntax errors (rare; `go build` doesn't see SQL).
- Statements that reference columns that genuinely don't exist (mig 125 case — IF the test runs after the prior migrations have applied to the scratch DB).
It does NOT catch ownership errors (mig 129 case) because the test role implicitly owns every table it creates in BEGIN/ROLLBACK.
### 6.2 Extensions needed (Slice A.2)
**(a) End-to-end apply pass with role split.**
Add `TestMigrations_EndToEndAsAppRole` to `internal/db/migrate_test.go`. Setup:
```sql
-- run as superuser (postgres) once per CI job
CREATE ROLE paliad_owner LOGIN PASSWORD 'ci';
CREATE ROLE paliad_app LOGIN PASSWORD 'ci';
CREATE DATABASE paliad_scratch OWNER paliad_owner;
\c paliad_scratch paliad_owner
GRANT USAGE ON SCHEMA public TO paliad_app;
GRANT ALL ON SCHEMA paliad TO paliad_app;
-- mirror prod: paliad_app is the deploy role, paliad_owner created the schema
```
Test body runs `ApplyMigrations(<paliad_app DSN>)` end-to-end (no rollback between migrations). If migration N assumes ownership it doesn't have, it fails here with the exact same `42501 must be owner of table X` that we see in prod. Catches mig 129.
**Open Q:** the exact role split is something m + head must look at against the youpc-supabase setup. The CI role names don't have to match prod exactly — they just have to model the same OWNER vs. APP-CONNECT split. Q11.2 below asks m to confirm.
**(b) Duplicate-slot pre-flight check.**
Add `TestMigrations_NoDuplicateSlot` to `internal/db/migrate_test.go`. The `scanEmbeddedMigrations` runner-side check is already there but only runs when the runner runs (i.e. at prod boot). Hoisting it into a unit test:
```go
func TestMigrations_NoDuplicateSlot(t *testing.T) {
_, err := scanEmbeddedMigrations()
if err != nil {
t.Fatalf("duplicate slot: %v", err)
}
}
```
Catches the brunel case at CI time (before merge to main). Cheap, no DB needed, runs in every PR.
**(c) Down-script smoke (optional, Slice A.5).**
For every applied `.up.sql` in CI, apply the matching `.down.sql` immediately after and assert it doesn't error. Catches "down script forgot to revert one of the up's actions." Cheap-ish, ~50 LoC of test code, adds ~30s to CI. Not blocking for the outage-prevention goal; nice-to-have.
### 6.3 Scratch DB topology in CI
Per mendel's design Slice 7 + this design: **Postgres service container** in the Gitea workflow YAML:
```yaml
services:
postgres:
image: postgres:16
env:
POSTGRES_PASSWORD: ci
POSTGRES_DB: paliad_scratch
options: >-
--health-cmd "pg_isready"
--health-interval 5s
```
The runner sees Postgres on `localhost:5432`. Each CI invocation gets a clean DB. No coupling to YouPC (per mendel's Q3 R-pick). No cleanup needed — the container dies with the job.
---
## 7. Existing infra resource map
Verified live (this session):
### 7.1 mlake (Dokploy host, Docker Swarm active)
- Docker version 29.3.0, Swarm `active`.
- ~50 running containers (Dokploy services + 40+ compose projects).
- Hosts paliad's `compose-transmit-multi-byte-driver-v7jth9` compose project (currently crash-looping).
- Could host a Gitea Actions runner, but at risk of contention — paliad's CI Postgres + build would compete with everything else on the box.
### 7.2 mriver (worker fleet, Tailscale-attached)
- Runs the mai worker pool (cronus, brunel, hermes, dirac, mendel, …).
- Hosts the aichat backend on `:8765`.
- Has more idle CPU than mlake (workers spend most of their time waiting on `claude` API).
- **R: register the Gitea Actions runner here.** Lower contention, same gitea reachability (Tailscale).
### 7.3 mgit.msbls.de (Gitea)
- Version 1.24.4, `has_actions: true` on `m/paliad` (verified).
- `/admin/actions/runners` → 2 runners already registered (verified live: `curl /api/v1/admin/actions/runners | jq length``2`).
- No workflow runs on `m/paliad` yet (verified: `workflow_runs:[], total_count:0`).
- The actions infrastructure is fully present; paliad just hasn't authored a workflow YAML.
### 7.4 youpc-supabase (paliad's prod DB)
- Postgres on port 11833, paliad uses the `paliad` schema.
- Out of scope for CI — CI uses its own ephemeral Postgres in the runner. Prod DB is touched ONLY by Dokploy's deploy step (post-CI-green).
---
## 8. Slice plan — tracer-bullet roll-out
Each slice is independently shippable. Slice A is the load-bearing one.
### Slice A — Gitea Actions workflow + extended migration smoke (LOAD-BEARING)
**Branch:** `mai/<coder>/cicd-slice-a-actions`
**Files added:**
- `.gitea/workflows/test.yml` — single workflow, fires on `push` to any branch.
- Jobs: `build`, `test-go`, `migration-coordination-check`.
- On `push` to `main`: additional `deploy` job that POSTs to Dokploy compose deploy API.
- `internal/db/migrate_test.go` — extend with:
- `TestMigrations_EndToEndAsAppRole` (catches mig 129 ownership case).
- `TestMigrations_NoDuplicateSlot` (catches brunel slot collision).
- `Makefile` — add `test-go`, `test-frontend`, `verify-migrations` targets. (mendel's design Slice 1 punted this; pull it in here so workers can repro the CI gate locally.)
- `internal/handlers/health.go``/health/ready` endpoint (pool ping + 200/503). ~25 LoC.
- Migration `132_*.up.sql` — IF the existing test exposes that we need to backfill role grants for some tables. Verify against prod schema before merging.
**Files modified:**
- `cmd/server/main.go` — register `/health/ready` handler.
**Gitea-side action items (one-time, head or m runs):**
1. Set `secrets.DOKPLOY_TOKEN` in the `m/paliad` repo secrets (Dokploy API token with deploy permission on the paliad compose).
2. Verify ≥1 Gitea Actions runner is online and tagged appropriately (`ubuntu-latest` or a custom tag).
3. Optionally: remove the Dokploy gitea-push webhook (so the only path to deploy is the workflow's deploy step). Discussed in Q11.4 below.
**Catches:** All three of today's outages, plus future shape-/ownership-/duplicate-slot regressions.
**Cost:** Small (one workflow YAML, two test functions, one Makefile, one health handler).
### Slice B — Compose hardening (DEFENSE IN DEPTH)
**Branch:** `mai/<coder>/cicd-slice-b-compose`
**Files modified:**
- `docker-compose.yml` — change `restart: unless-stopped``restart: on-failure:3`; add `healthcheck:` block targeting `/health/ready`.
**Depends on:** Slice A (health endpoint must exist before the healthcheck can use it).
**Catches:** Caps the crash-loop blast radius. Does not prevent outages — Slice A does that.
**Cost:** Trivial (~10 lines).
### Slice C — Frontend test wiring (OPTIONAL POLISH)
**Branch:** `mai/<coder>/cicd-slice-c-frontend`
**Files added/modified:**
- `frontend/package.json` — add `"test": "bun test"` script.
- `.gitea/workflows/test.yml` — add `test-frontend` job calling `cd frontend && bun test`.
**Depends on:** Slice A (workflow exists).
**Catches:** The 4 existing frontend tests run on every PR. Future bun:test additions (per mendel Slice 3) get exercised automatically.
**Cost:** Trivial (~5 lines).
### Slice D — mai-test post-merge shift (OPTIONAL POLISH)
**Branch:** `mai/<coder>/cicd-slice-d-mai-test`
**Wiring:** Gitea webhook on `m/paliad` "push to main" → notifies a queue → triggers a `mai-test` shift to run the broader smoke suite + post results as a Gitea commit status.
**Depends on:** Slice A (CI green is a prerequisite for the deploy step which precedes the merge-to-main signal). Could land in parallel with Slice A.
**Catches:** Integration issues between worker branches that pass CI individually but break on main. The post-merge layer is a follow-up safety net, not a gate.
**Cost:** Small (config; `mai-test` skill already exists).
### Slice E — Documentation (REQUIRED, lands with Slice A)
**Branch:** combined with Slice A's branch.
**Files modified:**
- `docs/project-status.md` — note CI gate is live + how to interpret red CI.
- `.claude/CLAUDE.md` — note that pushing to main now requires CI green; workers must verify their branch passes locally before pushing.
- `docs/design-paliad-test-strategy-2026-05-19.md` — link to this doc; mark Slice 7 of mendel's design as implemented.
**Catches:** Workers reading CLAUDE.md learn the new convention without head having to broadcast.
### Slice ordering rationale
- **Slice A ships first.** Until Slice A is on main, paliad has no CI gate; any merge to main can crash-loop the site. Slice A is single-PR-mergeable, doesn't touch the compose, and exercises only test code + a tiny handler addition.
- **Slice B ships second** (same day if possible). Health-gated restart is meaningless without `/health/ready` (Slice A provides it). Once both land, the runtime safety net is in place.
- **Slice C, D, E** are independent; they can land in any order after A.
---
## 9. Risk + rollback
| Risk | Mitigation | Rollback |
|---|---|---|
| CI workflow blocks legitimate emergency deploys | Slice A's `.gitea/workflows/test.yml` always passes for `[skip ci]` commits in head's emergency-deploy commits. Manually trigger Dokploy from the UI as a last resort. | Re-enable the gitea push webhook to Dokploy as a fallback path. |
| Gitea Actions runner is overloaded / offline | mendel's Q2 R-pick prefers gitea actions; if the runner dies, deploys are blocked. Mitigation: register a second runner on mlake (passive) so one failure doesn't lock the queue. | Switch the workflow to a job-less `deploy: needs: nothing` step temporarily; restore after runner recovery. |
| The end-to-end migration test against an ephemeral DB diverges from prod role grants in ways we don't anticipate | The CI role split is a model of prod, not a copy. Real divergence (e.g. role X granted privilege Y on table Z) will not be caught. | Slice B's runtime fail-cap prevents the crash-loop from running for hours; head triages. Update CI role grants when divergence is discovered. |
| The Dokploy compose deploy API call signature is wrong | Verify against `mai-dokploy` skill docs + try one manual invocation before merging Slice A. | Re-enable the gitea push webhook as the deploy path; CI green is then advisory, not enforcing. |
| Removing the gitea push webhook to Dokploy is a one-way door (re-enabling requires Dokploy UI action) | Don't remove the webhook in Slice A's PR. Keep both paths live during a "soft launch" period. Cut the webhook only after Slice A has gated 5+ green deploys. | Re-enable the webhook in the Dokploy UI (a single toggle). |
### Online-during-failure invariant
The design guarantees the site stays online iff **at least one of**:
- CI catches the bad migration (smoke test, duplicate-slot, end-to-end role apply) before the deploy step runs. ← Primary, expected to catch all three known classes.
- The healthcheck on the new container fails AND the old container hasn't been removed yet AND Traefik's `condition: service_healthy` is honored.
The second path is fragile (Compose mode kills the old container before the new one is healthy — see §1.4). The design therefore relies on **CI being the gate**, with the compose changes as a residual safety net for unknown failure classes.
---
## 10. Out of scope
- **Multi-region / DR.** Not asked for; not implied.
- **Database backup or rollback strategy.** m/paliad#77 Backup Mode covers backups. This design does not duplicate that work.
- **Migrating off Dokploy.** Not asked for; explicitly excluded by m's constraint.
- **A second Dokploy app or branch.** Explicitly excluded by m's constraint ("no .dev").
- **Full E2E browser smoke (Playwright).** mendel's Slice 4 covers this; out of scope for outage-prevention. May land later as a Slice E follow-up to this design.
- **Coverage % gating.** Per mendel Q4 — coverage as visibility, not as gate.
- **mai-tester full E2E in CI.** Slice D mentions `mai-test` as a post-merge polish; the full browser fleet is its own design.
- **Migrations that drop columns currently used by code.** Compile-time `go build` covers some of this; the broader question of "does the live frontend reference DB columns we just dropped" is mendel Slice 4 territory.
---
## 11. Open questions for m
Six picks. Recommended answers in **bold**. Mostly small, but each one shapes a real load-bearing choice. m can answer in one chip-round.
### Q11.1 — Where does the Gitea Actions runner live?
**A. (R) Register a new runner on mriver.**
B. Use existing mlake runners.
C. Spin up a dedicated mini-VM.
mriver has idle cycles; mlake is contended. (A) is cheapest.
### Q11.2 — How closely should CI's role split mirror prod?
**A. (R) Two-role model (owner + app-connect) generic to Postgres.**
B. Exact mirror — recreate the actual youpc-supabase role names + grants in CI.
(A) catches today's `42501` class without coupling CI to youpc-supabase changes. (B) is brittle but exhaustive. Recommend (A) and tighten if a future outage slips through.
### Q11.3 — How does the workflow call Dokploy?
**A. (R) Direct API call via `mai-dokploy` skill conventions — token in `secrets.DOKPLOY_TOKEN`.**
B. SSH to mlake and run `docker compose pull && up -d` directly from the runner.
(A) keeps Dokploy as the single deploy authority. (B) bypasses Dokploy and removes its observability.
### Q11.4 — Do we remove the existing gitea push → Dokploy webhook?
**A. (R) Keep both paths live for one week of soft-launch; remove webhook once Slice A has gated ≥5 successful green deploys.**
B. Remove immediately when Slice A lands.
C. Keep both forever (CI as advisory, webhook as enforcing).
(A) is the cautious rollout. (C) defeats the gate purpose.
### Q11.5 — Backwards-compat for in-flight worker branches that don't yet have `.gitea/workflows/test.yml`?
**A. (R) Slice A's workflow lives on `main`. Worker branches inherit when they merge from main. No backfill needed — feature branches that haven't merged from main yet just don't get CI until their next sync.**
B. Force every worker to rebase onto Slice A's commit before pushing again.
(A) is zero-coordination. (B) is paranoid.
### Q11.6 — Should CI block on red gate-tier or warn only?
**A. (R) Block.** Red gate-tier → no deploy. This is the entire point.
B. Warn — surface red status, but let head override and deploy anyway.
(A) is the brief. (B) recreates today's outages.
---
## 12. Verification checklist (head to confirm before greenlighting)
- [ ] Q1-Q6 picks above match head's read.
- [ ] Q11.1-Q11.6 answered (chip round).
- [ ] Slice A is sized for one coder shift (not multiple).
- [ ] No Slice creates a second source of truth (single Dokploy compose `Zx147ycurfYagKRl_Zzyo` remains the only paliad deploy).
- [ ] The `mai-dokploy` skill has a documented "deploy compose by ID" API call.
- [ ] paliad.de current outage (mig 129) gets a manual recovery path (see Appendix A) — Slice A doesn't fix the live failure on its own; m or head must reset `paliad.applied_migrations` and grant ownership.
---
## Appendix A — Recovering the live outage (mig 129)
Independent of this design, the live paliad.de outage needs operator action:
1. SSH to youpc-supabase Postgres as superuser.
2. `GRANT OWNERSHIP OF paliad.project_event_choices TO <paliad-app-role>` (or whichever role does the connect).
3. OR: hand-apply mig 129's body as superuser; `INSERT INTO paliad.applied_migrations(version, name, applied_at, checksum) VALUES (129, 'project_event_choices', now(), '<sha256 of file>')`.
4. Restart `compose-transmit-multi-byte-driver-v7jth9`.
5. Verify paliad.de returns 200.
This recovery is OUT OF SCOPE for the design but is the immediate-action follow-up. mai head or m to handle when this design lands.
---
## Appendix B — Why not Docker Swarm?
m's constraint #3 explicitly excludes a `.dev` clone. Swarm's `deploy.update_config.failure_action: rollback` requires the deployment to be a Docker Swarm service (Dokploy "Application" type), which is a SECOND deployment surface alongside the existing "Compose" project. That's a duplicate Dokploy deployment in everything but name — exactly what m rejected.
The Compose-mode workaround (the CI gate) achieves the same online-during-failure invariant with less infrastructure. It's the right trade-off for paliad's scale.
---
## Appendix C — Today's restart count
For posterity (one-shot snapshot from live mlake):
```
compose-transmit-multi-byte-driver-v7jth9-web-1
state: restarting
RestartCount: 14
restart policy: unless-stopped
health: <nil> ← no healthcheck configured
last error: migration failed: apply 129_project_event_choices.up.sql:
exec sql: pq: must be owner of table project_event_choices (42501)
```
Slice A would have caught this at the worker's pre-push step (the same `go test ./...` would have surfaced the 42501 if the CI role split were modeled locally). Slice A's CI run would have caught it at the gitea push. Either gate prevents the deploy. The site stays online.

2
docs/design-fristen-phase2-2026-05-15.md
View File

@@ -421,7 +421,7 @@ The editor is the **largest single surface** in Phase 3. ~3-4 PRs of work depend
| `POST /api/admin/rules` | POST | global_admin | Create a new rule from scratch (starts as `lifecycle_state='draft'`). |
| `GET /admin/rules/{id}/audit` | GET | global_admin | Audit log for this rule. |
| `POST /admin/rules/{id}/preview` | POST | global_admin | Preview-on-trigger-date — runs calculator with this draft replacing its published peer; returns the resulting timeline (no persistence). |
| _(removed t-paliad-297)_ migration-export endpoint | — | — | Was a SQL-export tool generating `*.up.sql` from audit rows. Workflow shifted to hand-written numbered migrations; tool removed in m/paliad#129. |
| `POST /admin/rules/export-migration` | POST | global_admin | Export pending (draft + audit-since-last-export) rules as a `*.up.sql` blob the human can paste into `internal/db/migrations/`. Sets `migration_exported=true` on the audit rows. |
### 4.2 Draft → published lifecycle

1618
docs/design-litigation-planner-2026-05-26.md
View File

File diff suppressed because it is too large Load Diff

4
docs/design-paliad-data-export-2026-05-19.md
View File

@@ -43,7 +43,7 @@ A full org export today is **< 600 rows of user content** plus reference data
**Audit trail.** Lives in `paliad.project_events` (93 rows). One row per lifecycle event with `event_type`, `metadata jsonb`, `event_date`, `created_by`. The auditing union (`AuditService.ListEntries`) joins 5 sources (project_events, partner_unit_events, deadline_rule_audit, policy_audit_log, reminder_log). For the export we treat `project_events` as primary; the four auxiliary logs are scope-specific.
**Existing export precedent.** _(Originally pointed at the admin rule-migration export. That tool was deleted in m/paliad#129 / t-paliad-297. The gating pattern — `adminGate(users, …)` on a download endpoint that streams a generated artifact — still lives on other admin handlers, e.g. `handleAdminDownloadBackup` for `/api/admin/backups/{id}/file`.)_ Re-use the gating helper.
**Existing export precedent.** `/admin/rules/export` + `/admin/api/rules/export-migrations` (handlers/admin_rules.go) admin-gated, streams a generated SQL artifact. Same shape as what we want for the Excel exports. Re-use the gating helper.
**No Go xlsx library on `go.mod` today.** This design picks **`github.com/xuri/excelize/v2`** in §3.
@@ -591,7 +591,7 @@ No other slice deltas. v1 still ships slices 1+2+3.
- `docs/design-data-model-v2.md` projects + mandanten + ltree path + can_see_project predicate.
- `docs/design-approval-policy-ui-2026-05-07.md` 5-source audit union (this design adds the 6th source).
- `docs/design-profession-vs-project-role-2026-05-07.md` profession ladder for the §4 project gate.
- `internal/handlers/backups.go` `handleAdminDownloadBackup` (precedent for admin-gated artifact download; the older rule-migration export precedent was removed in t-paliad-297).
- `internal/handlers/admin_rules.go:303` `handleAdminExportRuleMigrations` (precedent for admin-gated export-as-download).
- `internal/services/project_service.go:15` visibility predicate.
- `internal/services/derivation_service.go` `EffectiveProjectRole` for the project gate.
- `github.com/xuri/excelize/v2` chosen xlsx library.

277
docs/design-procedural-events-b0-findings-2026-05-26.md
View File

@@ -1,277 +0,0 @@
# Slice B.0 — Live DB re-validation findings (t-paliad-273)
**Author:** curie (researcher)
**Date:** 2026-05-26
**Branch:** `mai/curie/researcher-slice-b-zero`
**Predecessor:** `docs/design-procedural-events-model-2026-05-25.md` (cronus, t-paliad-262)
**Scope:** READ-ONLY re-validation of the design doc's §1 premises against the live youpc Supabase `paliad` schema. No migration SQL written, no writes to `deadline_rules` or any table. B.1 (additive migration) remains blocked pending m's greenlight.
This document does **not** redesign the schema. It does **not** propose new structural changes. It records what the live DB looks like ~24 hours after the design was authored, flags every claim that drifted, and gives the eventual B.1 coder a current-as-of-2026-05-26 baseline to plan against.
---
## §0 TL;DR
The design doc's §1 premises were sound on 2026-05-25. **All numeric premises drifted in the 24 hours since.** The qualitative model (`deadline_rules` conflates three concepts; live `deadlines.rule_id` FK; snapshot precedent established; no `proceeding_event*` tables) still holds.
The Q5 default ("10 archived multi-row submission_codes collapse safely") is now **moot**: those rows were removed from the live DB between 2026-05-25 15:30 and 2026-05-26 13:30. There are now **zero** multi-row submission codes; every active submission_code maps 1:1 to one rule row. B.1 backfill no longer needs the multi-row collapse logic that §5 of the design doc anticipated.
The Q6 default ("concept_id attaches to procedural event, not sequencing rule") is **directionally correct but needs refinement**. The empirical attachment is **above** the procedural-event level — `deadline_concepts` rows cluster legal meaning *across* jurisdictional procedural-event variants. One concept_id can span 15 distinct submission_codes (e.g. "Berufungsfrist" across BGH / BPatG / LG / OLG for both PatG and ZPO paths). The FK in §4.1's draft schema (`procedural_events.concept_id REFERENCES deadline_concepts(id)`, N:1) is **already correctly shaped** for this — no schema change needed. The verbal claim in the design doc should be tightened to "one `deadline_concept` row may be referenced by many procedural events; the FK lives on `procedural_events`."
Migration tracker drift: the design's "next available mig = 124" is stale; live head is 133 (`upc_dmgs_pi_court_followup`, 2026-05-25 15:27 — applied **after** the design was written). **Next available is 134.** Ten migrations landed since the doc was authored — 124..133. None of them touched `deadline_rules` schema, but they did mutate row content (the missing 23 rows and the new event_type/legal_source distribution come from migs 127/128/132/133).
The design's claimed migration tracker `paliad.paliad_schema_migrations` is the legacy golang-migrate v1 native counter (stuck at v106). The **canonical** tracker is `paliad.applied_migrations` (one row per applied migration, with checksum + applied_at). `internal/db/migrate.go:9-21` is the source of truth. Project CLAUDE.md still says `paliad.paliad_schema_migrations`; that's a stale doc, not a B.0-scope fix.
One doc-side bug fixed by this slice: design doc §1 + m/paliad#93 issue body referenced `paliad.deadlines.deadline_rule_id`. Live column is `paliad.deadlines.rule_id`. Both files patched on this branch.
---
## §1 Headline-count drift table
All numbers taken 2026-05-26 ~13:30 UTC against the live `paliad` schema.
| Metric | Design (2026-05-25) | Live (2026-05-26) | Δ | Notes |
|---|--:|--:|--:|---|
| `deadline_rules` row count | 254 | **231** | -23 | All rows `is_active = true`. No soft-deletes in flight. |
| Rows with `submission_code` | 177 | **153** | -24 | |
| Distinct `submission_code` values | 158 | **153** | -5 | **All 5 lost are the multi-row `_archived_litigation.*` codes** — see §2. |
| Rows with `legal_source` | 102 | **112** | +10 | |
| Distinct `legal_source` values | 70 | **87** | +17 | New jurisdictional variants seeded by recent migs (127/132/133). |
| Rows with `concept_id` (linked to `deadline_concepts`) | 125 | **129** | +4 | 56% of the corpus is concept-linked, vs 49% in the design. |
| `paliad.deadlines` rows | 1 | **5** | +4 | Still tiny — destructive cutover stays cheap. |
| `paliad.submission_drafts` rows | 4 | **7** | +3 | |
| Rules in `lifecycle_state = 'draft'` | 4 | **0** | -4 | All 4 design-era drafts were published or discarded. |
### event_type distribution
| `event_type` | Design | Live | Δ |
|---|--:|--:|--:|
| `filing` | 130 | 105 | -25 |
| NULL | 77 | 89 | +12 |
| `decision` | 25 | 21 | -4 |
| `hearing` | 21 | 15 | -6 |
| `order` | 1 | 1 | 0 |
| **Total** | **254** | **231** | -23 |
The -23 row delta lands almost entirely in `filing` (-25) and `hearing` (-6), offset by +12 NULL — consistent with the disappearance of the `_archived_litigation.*` filings and a few archived `hearing` rows, plus seeding of new structural / parent-only rows by recent migrations.
### What did NOT drift (qualitative claims, still valid)
- `paliad.deadline_rules` carries 39 columns (design said 38 — drift +1; likely from mig 128 `deadline_rules_unit_check` which adds a CHECK without adding a column — or one of migs 124-133 added a column. Not investigated further; out of B.0 scope).
- `paliad.deadlines.rule_id` (uuid, nullable) is the FK column to `paliad.deadline_rules.id`. **Confirmed via `information_schema.referential_constraints`**`rule_id → paliad.deadline_rules(id)`. The doc-side mention of `deadline_rule_id` was always a typo.
- `paliad.deadlines.rule_code` + `paliad.deadlines.custom_rule_text` both still present (the denormalized-display columns from mig 122).
- `paliad.submission_drafts` uses `(project_id uuid nullable, submission_code text NOT NULL)` as its key — **no FK to deadline_rules**. Confirms the design's claim that the Schriftsätze surface filters on a text key, not on `deadline_rules.id`.
- No `paliad.proceeding_event*` tables exist (einstein's 2026-05-08 graph design was never built — still the case).
---
## §2 Archived submission_code audit (Q5 re-confirm)
**Premise re-checked:** "10 archived multi-row submission_codes (`_archived_litigation.*`) collapse safely into single procedural events with multiple sequencing variants."
**Finding:** the premise is **moot in the live DB**.
```sql
SELECT submission_code, COUNT(*)
FROM paliad.deadline_rules
WHERE submission_code LIKE '_archived_litigation.%'
GROUP BY submission_code;
-- 0 rows
```
```sql
SELECT submission_code, COUNT(*)
FROM paliad.deadline_rules
WHERE submission_code IS NOT NULL
GROUP BY submission_code
HAVING COUNT(*) > 1;
-- 0 rows
```
Every active submission_code in the live corpus is 1:1 with its `deadline_rules` row. The 10 multi-row codes the design anticipated no longer exist.
**Consequence for B.1 backfill:**
- The §5.1 / §5.2 backfill SQL the design sketched (collapsing N rows-with-same-submission_code into 1 procedural_event + N sequencing_rules) is **simpler than expected**: a straight 1:1 backfill, no GROUP-BY-and-collapse step needed.
- B.1's `INSERT INTO paliad.procedural_events ... SELECT DISTINCT submission_code ...` becomes equivalent to `INSERT ... SELECT submission_code, ... FROM deadline_rules WHERE submission_code IS NOT NULL`. No deduplication needed.
- The 78 rows where `submission_code IS NULL` (231 - 153) still need a B.1 decision: do they become `procedural_events` rows (with synthetic codes), do they become free-standing `sequencing_rules` with `procedural_event_id` NULL, or do they get parked? This was implicit in the design (the 77 NULLs were framed as "structural / parent-only rows in the proceeding tree"); B.1 should make the decision explicit and document it in the migration's `.up.sql` comments.
---
## §3 concept_id attachment shape (Q6 re-confirm)
**Premise re-checked:** "concept_id attaches to procedural event, not sequencing rule."
**Finding:** **partly true.** The FK direction the design proposes (`procedural_events.concept_id → deadline_concepts.id`, N:1) is correct. The verbal phrasing in Q6's default needs refinement — the empirical attachment is **above** the procedural-event level, not "at" it.
### Empirical pattern
129 of 231 rows carry a `concept_id`. Those 129 rows reference **53 distinct `deadline_concepts`** rows. Averages: 2.43 rows-per-concept, 2.42 submission-codes-per-concept (the two are nearly identical because today's corpus has no multi-row submission codes — see §2). Span distribution:
- 33 of 53 concepts (62%) attach to exactly 1 submission_code → procedural-event-scoped.
- 20 of 53 concepts (38%) attach to >1 submission_code → cross-procedural-event scoped.
- Maximum: 1 concept attaches to **15 distinct submission_codes**.
### Example: one concept, four procedural events
The concept `b85b2e5a-4064-40b2-b862-24b7abaa5b94` ("Berufungsfrist / Berufungsschrift") is referenced by 4 `deadline_rules` rows that today carry these 4 distinct submission_codes:
| rule_code | submission_code | court | name |
|---|---|---|---|
| § 110 PatG | `de.null.bgh.berufung` | BGH | Berufungsschrift |
| § 110 PatG | `de.null.bpatg.berufung` | BPatG | Berufungsfrist |
| § 517 ZPO | `de.inf.lg.berufung` | LG | Berufungsfrist |
| § 517 ZPO | `de.inf.olg.berufung` | OLG | Berufungsfrist |
Under Slice B's target schema (§4.1), each of these four rows becomes a separate `procedural_events` row (different `code`s, different jurisdiction-specific names, different `legal_source_id`s), but **all four reference the same `deadline_concepts.id`**.
### Implication for B.1
- `procedural_events.concept_id` should be **nullable** (62% of rows today have no concept link — the §4.1 sketch already allows this).
- The constraint must be **N:1, not 1:1** (one `deadline_concept` may be referenced by many `procedural_events`). The §4.1 sketch (`concept_id uuid REFERENCES paliad.deadline_concepts(id)`) is already correctly N:1; a hypothetical "UNIQUE INDEX on `procedural_events.concept_id`" would break the existing data. **Do not add UNIQUE.**
- The design doc's Q6 phrasing can be tightened to: "concept_id attaches to procedural event (N procedural events → 1 concept). Sequencing rules do not carry concept_id." — but this is a wording nit, not a structural change. It does **not** block B.1.
---
## §4 Snapshot precedent audit
**Premise re-checked:** the `paliad.deadline_rules_pre_<N>` snapshot pattern is established and ready for B.4's destructive drop.
**Finding:** confirmed and consistent.
Snapshot tables in `paliad`:
| Snapshot table | Origin migration |
|---|---|
| `deadlines_pre_089` | mig 089 |
| `deadline_rules_pre_091` | mig 091 (destructive drop of legacy columns) |
| `event_deadlines_pre_092` | mig 092 |
| `event_deadline_rule_codes_pre_092` | mig 092 |
| `deadline_rules_pre_093` | mig 093 |
| `proceeding_types_pre_093` | mig 093 |
| `projects_pre_094` | mig 094 |
| `deadline_rules_pre_095` | mig 095 |
| `proceeding_types_pre_096` | mig 096 |
| `deadline_rules_pre_098` | mig 098 |
Pattern: `<original_table>_pre_<migration_number>`. Always created in the `.up.sql` of the destructive migration as `CREATE TABLE paliad.<t>_pre_<N> AS TABLE paliad.<t>;` (followed by the destructive DROP / ALTER).
**B.4's template:** before `DROP TABLE paliad.deadline_rules;` (and `ALTER TABLE paliad.deadlines DROP COLUMN rule_id;`), `mig <N>.up.sql` must include:
```sql
CREATE TABLE paliad.deadline_rules_pre_<N> AS TABLE paliad.deadline_rules;
-- (optional) CREATE TABLE paliad.deadlines_pre_<N> AS TABLE paliad.deadlines;
```
This is non-negotiable per m's snapshot policy and the precedent of migs 089-098. B.4 should not enter the deploy queue without it.
---
## §5 deadlines.rule_id doc bug — verified + patched
**Premise re-checked:** the live column on `paliad.deadlines` referencing `deadline_rules` is named `rule_id`, not `deadline_rule_id`.
**Verification:**
```sql
SELECT column_name FROM information_schema.columns
WHERE table_schema='paliad' AND table_name='deadlines' AND column_name LIKE '%rule%';
-- rule_id (uuid, nullable)
-- rule_code (text, nullable)
-- custom_rule_text (text, nullable)
```
```sql
SELECT kcu.column_name, ccu.table_name, ccu.column_name
FROM information_schema.table_constraints tc
JOIN information_schema.key_column_usage kcu ON ...
JOIN information_schema.constraint_column_usage ccu ON ...
WHERE tc.constraint_type='FOREIGN KEY' AND tc.table_schema='paliad' AND tc.table_name='deadlines';
-- rule_id → paliad.deadline_rules.id
```
**Fix applied on this branch:**
- `docs/design-procedural-events-model-2026-05-25.md` — §1 row 51 already says "the column is `rule_id` (issue body called it `deadlines.deadline_rule_id` — that's a doc-side typo)". §1 row 63 (the "Doc-side bug flagged" line) already names the fix target. **No change needed to the design doc — the inventor already flagged and described the bug; B.0 just re-confirms it.**
- `m/paliad#93` issue body — line 56 says `paliad.deadlines.deadline_rule_id` in the Q3 migration shape. Patched via Gitea API on this slice. See §6 of this report.
---
## §6 Migration tracker drift (out-of-scope context)
The design doc said "next available mig number is 124 (mig 123 = Backup Mode Slice A, just shipped)". Live state on 2026-05-26 13:30:
- Latest applied migration: **133** (`upc_dmgs_pi_court_followup`, 2026-05-25 15:27).
- Next available: **134**.
- Migrations 124-133 (all applied after the design was authored):
```
124 de_inf_lg_replik_duplik_sequencing (2026-05-25 13:49)
125 cross_cutting_filter_legal_source (2026-05-25 14:13)
126 users_inbox_seen_at (2026-05-25 13:51)
127 wave0_tier0_deadline_fixes (2026-05-25 14:13)
128 deadline_rules_unit_check (2026-05-25 14:13)
129 project_event_choices (2026-05-25 15:02)
130 submission_drafts_language (2026-05-25 15:05)
131 submission_drafts_party_selection (2026-05-25 15:02)
132 wave1_tier1_rule_additions (2026-05-25 15:40)
133 upc_dmgs_pi_court_followup (2026-05-25 15:27)
```
These touched `deadline_rules` content (wave0/wave1 rule additions, sequencing fixes, unit checks) and adjacent tables, but did not change the conflated-three-concepts shape that motivates Slice B. The structural premise of the design holds; the row-level numbers shifted.
**Side observation (not a B.0 fix scope):** the project's `CLAUDE.md` says "Migration tracker is `paliad.paliad_schema_migrations` (avoids collision with other apps on the shared `public.schema_migrations`)." That sentence is stale. The **canonical tracker is `paliad.applied_migrations`** (per `internal/db/migrate.go:9-21,53,105`). `paliad.paliad_schema_migrations` is the legacy golang-migrate v1 counter, frozen at v106; the migrate runner uses it only to bootstrap `applied_migrations` on first deploy of the new runner (`internal/db/migrate.go:219-240`). Recommend a separate doc-fix slice (out of B.0 scope) to update `.claude/CLAUDE.md`.
---
## §7 Updated B.1 brief (no-op / minor adjustments only)
What the live data means for the design's §5 migration plan:
1. **Backfill is simpler.** No multi-row collapse logic needed (§2). One-to-one `INSERT INTO paliad.procedural_events SELECT submission_code, name, name_en, description, event_type AS event_kind, primary_party, ... FROM paliad.deadline_rules WHERE submission_code IS NOT NULL` against 153 rows.
2. **The 78 NULL-submission_code rows need an explicit decision in B.1.** Either:
- (a) Skip them — they remain `deadline_rules`-only and become orphan-once-deadline_rules-is-dropped. Not acceptable; B.4 would lose them.
- (b) Mint synthetic codes (`null.<uuid8>` or similar) for the structural rows and create `procedural_events` for them.
- (c) Treat them as "sequencing-rule-only" (a `sequencing_rules` row with NULL `procedural_event_id`) — would require `sequencing_rules.procedural_event_id` to be nullable, which contradicts §4.1's NOT NULL FK.
- Default recommendation: **(b)** — mint codes, preserve every row. B.1 must document the mint rule in the `.up.sql`. Surface this to head before scheduling B.1.
3. **concept_id stays N:1 on procedural_events.** No UNIQUE constraint. §4.1's sketch already does this; just don't accidentally tighten it.
4. **Use migration number 134** (or whatever's the live `MAX(version)+1` at B.1-write-time; re-check at the moment of writing the file).
5. **Snapshot before drop in B.4:** `CREATE TABLE paliad.deadline_rules_pre_<N> AS TABLE paliad.deadline_rules;` per §4 precedent. **This is the hard-stop pre-condition for B.4 entering the deploy queue.**
6. **Submission_drafts.submission_code → procedural_events.code text join** continues to work unchanged through B.1-B.3 because both names match. No B.5 dual-write needed for `submission_drafts`. (The design's §6.3 already noted this.)
None of these change the **shape** of the design — they tighten the backfill SQL and surface one explicit decision (point 2) for head.
---
## §8 Outputs of this slice (B.0)
| Artifact | Status |
|---|---|
| `docs/design-procedural-events-b0-findings-2026-05-26.md` (this file) | created on `mai/curie/researcher-slice-b-zero` |
| `docs/design-procedural-events-model-2026-05-25.md` | cherry-picked from `mai/cronus/inventor-procedural` onto this branch (design doc was never merged to main; B.0 brings it onto a branch off main so the doc bug fix has somewhere to land) |
| m/paliad#93 issue body — `deadline_rule_id``rule_id` correction | patched via Gitea API |
| Gitea comment on m/paliad#93 summarizing this report | posted (see §6 trailing summary on the issue) |
**Nothing migrated, nothing written to `paliad.deadline_rules` or any other live data table.** Only `mai.reports` (progress) and the GitHub issue body / repo files were touched.
---
## §9 Hard-stop status
**B.0 COMPLETE. AWAITING B.1 GREENLIGHT.**
Per the original instruction:
- B.1 (additive migration creating `paliad.procedural_events`, `paliad.sequencing_rules`, `paliad.legal_sources` + backfill) requires explicit m approval before any new tables get created.
- B.4 (destructive drop of `paliad.deadline_rules` + `paliad.deadlines.rule_id`) requires m's downtime-window approval AND a `paliad.deadline_rules_pre_<N>` snapshot table in the same migration.
- This researcher (curie) stays parked until head re-hires.
---
## §10 Decisions worth surfacing to m before B.1 starts
1. **NULL-submission_code rows (78 of them) — what to do during backfill?** Recommendation (b): mint synthetic codes. m should confirm or pick (a)/(c).
2. **B.5 deprecation header window length** — the design (§8.2) says "one slice". For 7 active submission_drafts that's safe; the question is whether external integrations (Word templates with `{{rule.X}}`) need a longer window. The variable-bag alias contract (`submission_vars.go`) covers Word templates without a wire-format change, so "one slice" is defensible. m should confirm.
3. **Migration number reservation** — by the time B.1 ships, the live head may be 135+. The B.1 coder must re-check `MAX(version)` at write-time. (Not a decision; just a process note.)
These are the only open questions the B.0 audit surfaced. Everything else in the design holds.

571
docs/design-procedural-events-model-2026-05-25.md
View File

@@ -1,571 +0,0 @@
# Design — Procedural-Events Data Model (t-paliad-262)
**Author:** cronus (inventor)
**Date:** 2026-05-25
**Issue:** m/paliad#93 (mai task t-paliad-262)
**Branch:** `mai/cronus/inventor-procedural`
**Status:** DESIGN — read-only, no schema or code changes in this branch.
**B.0 re-validation:** see `docs/design-procedural-events-b0-findings-2026-05-26.md` (curie, 2026-05-26) for the live-DB premise re-check. Numeric §1 claims drifted; Q5 multi-row collapse premise is moot (no `_archived_litigation.*` rows remain); Q6 N:1 attachment confirmed; mig number target updated 124 → 134.
**Prior art read:**
- `docs/design-deadline-data-model-2026-05-08.md` (einstein, t-paliad-158) — proposed `proceeding_event_types` + `proceeding_event_edges`; the **graph-shape recommendation has not been built** (no `proceeding_event*` tables exist in the live DB as of 2026-05-25, verified via `information_schema.tables`).
- `docs/design-fristen-phase2-2026-05-15.md` (Phase 2/3 unified-rule columns — migs 078/079/091, **shipped**).
- `docs/design-submission-generator-2026-05-19.md` and `docs/design-submission-page-2026-05-22.md` (Slice 1 → Slice A of the Schriftsätze stack — shipped on top of today's `deadline_rules`).
This doc names a single conflation in the schema and proposes a two-slice fix (cosmetic immediate, structural follow-up). It is intentionally narrower than einstein's 2026-05-08 graph proposal — it does **not** re-litigate the proceeding-as-DAG question.
---
## §0 TL;DR
`paliad.deadline_rules` today is **one row that wears three hats**:
1. **The procedural-event template**`submission_code`, `name`, `name_en`, `description`, `event_type`, `primary_party`. This is "what kind of step is this in the proceeding": Rechtsbeschwerdebegründung, mündliche Verhandlung, Entscheidung, etc.
2. **The legal-norm citation**`legal_source`, `rule_code`, `alt_rule_code`, `rule_codes[]`. This is "the source-of-law anchor": § 102 PatG, UPC RoP R.220(1).
3. **The sequencing rule**`parent_id`, `trigger_event_id`, `duration_value`, `duration_unit`, `timing`, `alt_duration_*`, `combine_op`, `condition_expr`, `is_spawn`, `spawn_*`, `sequence_order`, `is_court_set`, `priority`, `anchor_alt`, `proceeding_type_id`. This is "how and when does it fire relative to other events".
The conflation surfaces most painfully in the submission-draft editor's variable sidebar (m's report 2026-05-25 15:02), where the lawyer sees field labels like `{{rule.submission_code}}` for what is plainly a *procedural-event code*, `{{rule.event_type}}` for what is plainly the *procedural-event kind*, and `{{rule.legal_source_pretty}}` for what is plainly the *legal norm* — all under a `rule.*` namespace that reads as if the lawyer were filling in arithmetic.
**Recommendation = Q1 option (C):**
- **Slice A (immediate, this design's coder shift):** cosmetic rename — placeholders, i18n labels, Go struct-comment naming, admin-UI page titles all shift to `procedural_event.*` as the canonical name. **Database schema, table name, column names, FK directions, JSON envelope keys on the wire all stay exactly as they are.** Old `{{rule.*}}` placeholders remain emitted in the variable bag as legacy aliases so existing Word templates and saved drafts keep working.
- **Slice B (planned follow-up, separate mai task, separate slice plan):** structural rework — extract `paliad.procedural_events`, `paliad.sequencing_rules`, `paliad.legal_sources`, with a phased dual-write migration. **Not shipped here.** This doc defines the target shape (§4) and the migration shape (§5) so the eventual coder has a brief, not so the eventual coder is hired today.
**Umbrella term lock = Q2 option (R):** **"procedural event"** (DE: **"Verfahrensschritt"**) as the umbrella covering filings, hearings, decisions, orders. Justification in §2.
Both Slice A and the eventual Slice B preserve the Schriftsätze surface (t-paliad-238/242/243): the submissions list query changes its predicate from `dr.event_type = 'filing'` to `pe.event_kind IN ('filing', 'reply')` (Slice B only) — same rows, cleaner predicate.
---
## §1 Premises verified live (2026-05-25)
Every load-bearing claim was checked against the running paliad codebase + youpc Supabase. Numbers and schema facts are point-in-time as of 2026-05-25 15:30.
| Claim | Verification |
|---|---|
| `paliad.deadline_rules` carries the 38 columns listed in §0's three-hats decomposition. | `information_schema.columns WHERE table_schema='paliad' AND table_name='deadline_rules'` — 38 rows; columns confirmed verbatim. |
| Live row count = 254. | `SELECT COUNT(*) FROM paliad.deadline_rules` → 254. |
| 177 rows carry a `submission_code` (procedural-event identity); 158 distinct values. | `COUNT(*) FILTER (WHERE submission_code IS NOT NULL)` → 177; `COUNT(DISTINCT submission_code)` → 158. |
| 102 rows carry a `legal_source`; 70 distinct citations. | Same query, `legal_source` column. |
| 125 rows are linked to a `deadline_concepts` row via `concept_id`. | `COUNT(*) FILTER (WHERE concept_id IS NOT NULL)` → 125 (49 % of the corpus). |
| `event_type` distribution: 130 `filing` · 77 NULL · 25 `decision` · 21 `hearing` · 1 `order`. | `SELECT event_type, count(*) GROUP BY event_type` — confirmed; the 77 NULL rows are structural / parent-only rows in the proceeding tree. |
| 10 `submission_code` values appear on more than one row (jurisdictional / bilateral variants). | All 10 today are `_archived_litigation.*` codes (claimant/defendant splits + multi-stage hearing rows). Live non-archived codes are 1:1 with rows in the current corpus. |
| `paliad.deadlines` joins to `deadline_rules` via column `rule_id` (uuid, FK). The text `rule_code` and free-text `custom_rule_text` (mig 122, t-paliad-258) are denormalized for display when the rule row is deleted. | `internal/services/deadline_service.go:69-127`; live column list confirms `rule_id`, `rule_code`, `custom_rule_text` — there is **no** `deadline_rule_id` column on deadlines (issue body called it `deadlines.deadline_rule_id` — that's a doc-side typo; the column is `rule_id`). |
| `paliad.submission_drafts` keys to a procedural event via `submission_code` text — **no FK** to `deadline_rules`. | `information_schema.columns` for `submission_drafts`: `submission_code text` plus `(project_id, submission_code)` as the joint identifier. Confirms the Schriftsätze surface filters on the *text key*, not on `deadline_rules.id`. |
| The Schriftsätze list (t-paliad-238) filters `deadline_rules` by `event_type='filing'` and `submission_code IS NOT NULL`. | `internal/handlers/submissions.go:193-211` — verbatim. |
| The variable bag emits exactly 8 `rule.*` placeholders. | `internal/services/submission_vars.go:349-364``rule.submission_code`, `rule.name`, `rule.name_de`, `rule.name_en`, `rule.legal_source`, `rule.legal_source_pretty`, `rule.primary_party`, `rule.event_type`. Frontend i18n labels at `frontend/src/client/submission-draft.ts:158-185`. |
| Admin rule-edit form binds the same `rule.X` fields. | `frontend/src/admin-rules-edit.tsx:74-110` + `frontend/src/client/admin-rules-edit.ts:253-278` — same eight columns surfaced as form inputs. |
| The Fristenrechner client surface refers to `calc.rule.nameDE` / `calc.rule.nameEN`. | `frontend/src/client/fristenrechner.ts:1592,1655`. |
| einstein's 2026-05-08 `proceeding_event_types` + `proceeding_event_edges` are **not** in the DB. | `SELECT table_name FROM information_schema.tables WHERE table_schema='paliad' AND table_name LIKE '%proceeding_event%'` → 0 rows. The graph-shape proposal was never built. |
| `paliad.deadline_concepts` (57 rows in the original einstein audit; live count not directly queried this shift) still exists and is referenced via `deadline_rules.concept_id`. | `information_schema.tables` confirms `deadline_concepts`, `deadline_concept_event_types`, `deadline_event_types`, `event_types`, `trigger_events`, `event_categories` all still present — the deadline-knowledge graph from the einstein design lives on alongside the unified rule columns. |
| Phase 2/3 columns (`priority`, `condition_expr`, `is_court_set`, `lifecycle_state`, `draft_of`, `published_at`, `rule_codes[]`) are live and load-bearing. | `internal/models/models.go:622-684` + mig 091. Slice B's structural rework must preserve every one of these on the new `sequencing_rules` table — they are not legacy. |
| Live `paliad.deadlines` references to rules are sparse (1 row in prod). | `SELECT COUNT(*) FROM paliad.deadlines` → 1. The 4 `submission_drafts` rows reference a procedural event by `submission_code` text only. Tiny live FK surface → migrations can be aggressive without losing user data. |
| Migration tracker is `paliad.paliad_schema_migrations`; next available number is 124 (mig 123 = Backup Mode Slice A, just shipped). | `internal/db/migrations/` directory listing; latest applied = 123. |
**Doc-side bug flagged for this issue's body:** the deliverable spec writes `paliad.deadlines.deadline_rule_id` in §3 (Q3 migration shape). The live column is `paliad.deadlines.rule_id`. Slice B's rename target is therefore `paliad.deadlines.procedural_event_id`, renamed directly from `paliad.deadlines.rule_id` — there is no intermediate `deadline_rule_id` step (no such column exists). Updating the issue body is m's call — flagged here so it doesn't propagate into a coder brief. *(B.0 update 2026-05-26: issue body patched. See `docs/design-procedural-events-b0-findings-2026-05-26.md` §5.)*
---
## §2 m's vocabulary call (Q2 — lock the umbrella term)
m proposed "procedural event" in the report. Options weighed:
| Option | Reads as | Collisions | Verdict |
|---|---|---|---|
| **"procedural event"** (DE: "Verfahrensschritt") | Umbrella that naturally covers filings, hearings, decisions, orders. Matches lawyer mental model: "the next thing that happens in the proceeding". | None — no `paliad.procedural_event*` table or column today (verified). | **(R) — adopt as canonical.** |
| "submission" | Today the Schriftsätze surface uses this for *filings only* (`event_type='filing'`). Expanding the meaning would silently change Slice A's semantics for an existing UI. | Surface-level collision with the Schriftsätze nomenclature already in production. | Reject — would lose precision for an existing concept. |
| "event" / "event_type" | Existing `deadline_rules.event_type` column. | **Hard collision** with `paliad.events` (audit feed, distinct table, distinct meaning). Renaming around it would be worse than the conflation we're trying to fix. | Reject. |
| "Verfahrensschritt" only (no English) | Cleanest German but no English fallback. | Bilingual UI (DE primary, EN secondary per project CLAUDE.md) requires both. | Reject in isolation — but **adopt as the canonical German rendering** of "procedural event". |
| "Verfahrensereignis" | Closer literal translation of "procedural event". | None. | Reject in favor of "Verfahrensschritt" — m's broader vocabulary uses "Schritt" (e.g. "Antragsschritt") more naturally than "Ereignis", which already maps to `paliad.events` in the audit-feed sense. |
**Lock:**
| Surface | Canonical |
|---|---|
| English | **procedural event** (lowercase except sentence-initial) |
| German | **Verfahrensschritt** (m. — der Verfahrensschritt) |
| Plural EN | procedural events |
| Plural DE | Verfahrensschritte |
| Code identifier (Go struct names, TS types) | `ProceduralEvent`, `ProceduralEventKind`, `ProceduralEventTemplate` |
| Snake-case (DB columns, JSON keys, i18n keys, placeholders) | `procedural_event`, `procedural_event_kind`, `procedural_events` (table) |
| Slice A: variable-bag placeholder namespace | `procedural_event.*` (with `rule.*` kept as legacy alias) |
| Slice B: table name (if shipped) | `paliad.procedural_events` |
`event_type` (the column) becomes `event_kind` in Slice B — using "kind" rather than "type" to free up the word "type" for the proceeding-level taxonomy (`paliad.proceeding_types`, untouched) and to mirror the "event_type vs event_kind" disambiguation einstein hit in the 2026-05-08 doc. In Slice A the column stays `event_type` (no DB change).
**Q2 is locked by inventor recommendation.** It costs nothing structurally and clears noise across every downstream conversation. If m disagrees in the head round-trip, the only thing that flips is the term — Slice A's scope shape stays.
---
## §3 Scope decision (Q1 — A vs B vs C)
**Recommendation = (C) — cosmetic rename now, structural rework as a planned follow-up.**
### Why not (A) — cosmetic only and stop
(A) leaves the model wrong forever. The conflation isn't just a labelling annoyance — it makes future questions harder to answer cleanly:
- "How many distinct procedural events does paliad model?" Today: ambiguous (rows vs distinct `submission_code`s vs distinct `(submission_code, proceeding_type_id)` tuples).
- "Where can we attach a per-procedural-event Word template that's independent of which proceeding it appears in?" Today: nowhere — the FK chain forces a per-row template registry, see `internal/handlers/files.go` template fallback.
- "Show me every sequencing rule that triggers a given procedural event across all proceedings." Today: requires joining `deadline_rules` to itself on `submission_code` + `parent_id`, brittle.
If m signals (A) anyway — fine; the cosmetic-only slice is a strict subset of (C)'s Slice A and ships the same value (label clarity in the editor). But the recommendation is to write down the structural target now while the analysis is fresh.
### Why not (B) — restructure immediately
(B) means: one slice plan, one cutover. With:
- 254 live rule rows,
- 1 live `paliad.deadlines` row,
- 4 live `submission_drafts` rows,
- 12 Go services + 6 handlers touching `deadline_rules` + 8 placeholder strings on the wire + the admin rule-editor UI bound to the column shape,
…doing this in one cutover means a big-bang migration during a downtime window. m has granted exactly one such window in recent memory (2026-05-15 for mig 091's destructive drops), and that one was constrained to a 4-column drop. A four-table restructure has a meaningfully larger blast radius; it warrants its own task with its own slice plan and its own risk review.
### Why (C) — cosmetic-rename Slice A this design, structural Slice B as a separate task
Three properties of (C) make it the safe call:
1. **Slice A is reversible at any time** — every change is in i18n strings, Go struct comments, admin-UI page titles, and the variable-bag aliases. No DB migration. No drop. A revert is a `git revert` of the Slice A commit.
2. **Slice B is fully designed but uncommitted** — §4 and §5 below define the target shape and migration plan, but the design doc itself ships in Slice A. m can read it, redirect it, or park it without pressure to ship it now.
3. **The Schriftsätze surface doesn't care which slice we ship** — Slice A leaves it on `event_type='filing'`; Slice B flips it to `event_kind IN ('filing', 'reply')` over a dual-write window. Either way, the lawyer-facing behavior is unchanged.
### Slice A's deliverable boundary (what gets renamed, what stays)
**Renamed in Slice A:**
- **i18n keys** for the admin rule-editor field labels: `admin.rules.edit.field.submission_code``admin.rules.edit.field.procedural_event_code`, etc. (16 keys total — `name`, `name_en`, `description`, `submission_code`, `rule_code`, `legal_source`, `primary_party`, `event_type` × DE/EN — full list in §7.1.)
- **Variable-bag placeholder labels** in `submission-draft.ts:158-185`: the *visible label* (`{ de: "Schriftsatz-Code", en: "Submission code" }`) is unchanged for filings (filings are still Schriftsätze on that surface), but the **namespace shown next to the placeholder string** changes: lawyer sees `{{procedural_event.code}}` in the placeholder column with the same Schriftsatz-Code label and same value. The old `{{rule.submission_code}}` stays in the catalog as an "(alt)" entry pointing at the same field.
- **Variable-bag emission** (`internal/services/submission_vars.go:351-364`): the bag emits **both** key-names for every value, so any Word template / saved draft holding `{{rule.X}}` keeps working without a touch. New templates and the in-app catalog show the canonical `{{procedural_event.X}}` name.
- **Admin page titles + section headings**: "Regel bearbeiten" → "Verfahrensschritt bearbeiten" (DE), "Edit rule" → "Edit procedural event" (EN). "Regeln verwalten" → "Verfahrensschritte verwalten" / "Procedural events". The URL path `/admin/rules` stays — URL renames have downstream cost (bookmarks, audit log entries) and would need their own redirect slice (out of scope here).
- **Go struct comments + service docstrings + worker-facing log lines** that refer to "the rule" → "the procedural event" where the referent is the procedural-event aspect (not the sequencing-rule aspect). Function names, type names, table name stay (Slice B handles those).
- **The "Submission Code / Einreichung-Kennung" label** itself stays (it's the lawyer's anchor — they recognize it). The framing around it changes: it now reads as "the code that identifies this *procedural event*", not "the code attached to this *rule*".
**Untouched in Slice A:**
- Database schema. Table name (`paliad.deadline_rules`). Column names. FK directions. Indexes. RLS policies. Triggers. Audit log column `rule_id`.
- Go struct names: `DeadlineRule` stays. The renames here are *prose*, not *code*. Renaming `DeadlineRule` to `ProceduralEvent` couples Slice A to Slice B's table rename — keep them decoupled.
- JSON envelope keys on the wire (`POST /api/admin/rules/:id` still accepts `submission_code` in the body — Slice B's API rename is a breaking change with its own deprecation window).
- URL paths (`/admin/rules`, `/api/admin/rules/:id`, `/api/projects/:id/submissions` etc.).
- `paliad.deadlines.rule_id` FK column name.
- The variable-bag's legacy `{{rule.X}}` keys — kept forever as aliases (cheap, zero rot).
- The `submission_drafts` table's `submission_code` text key.
This boundary makes Slice A a one-day coder shift: scoped, reversible, label-only.
### What Slice B inherits
Slice B inherits a codebase + a UI where every prose surface already speaks "procedural event". It also inherits a *legacy alias contract* (the dual emission in the variable bag) that gives it freedom to rename the JSON keys on the wire and the Go struct in two separate sub-slices without rushing.
---
## §4 Restructure schema (Q3 — if/when we ship Slice B)
This is the target the eventual Slice B coder would land. **Nothing here ships in this task.**
### §4.1 Three new tables (plus the rename of `deadline_rules`)
```sql
-- 1. Procedural event templates — one row per (procedural-event identity)
-- For now the live corpus is 1:1 with non-archived submission_codes
-- (148 of the 158 distinct codes), so we get ~177 rows minus the 10
-- multi-row codes' duplicates. Bilateral / jurisdictional variants
-- are modeled at the sequencing_rules layer.
CREATE TABLE paliad.procedural_events (
id uuid PRIMARY KEY DEFAULT gen_random_uuid(),
code text NOT NULL UNIQUE, -- former submission_code
name text NOT NULL, -- DE
name_en text NOT NULL,
description text,
event_kind text NOT NULL, -- filing|reply|hearing|decision|order|other
primary_party_default text, -- claimant|defendant|both|court
legal_source_id uuid REFERENCES paliad.legal_sources(id),
concept_id uuid REFERENCES paliad.deadline_concepts(id),
lifecycle_state text NOT NULL DEFAULT 'published', -- draft|published|archived
draft_of uuid REFERENCES paliad.procedural_events(id),
published_at timestamptz,
is_active boolean NOT NULL DEFAULT true,
created_at timestamptz NOT NULL DEFAULT now(),
updated_at timestamptz NOT NULL DEFAULT now()
);
```
```sql
-- 2. Legal sources — the source-of-law citations the procedural event
-- anchors against. ~70 distinct values today (live corpus).
CREATE TABLE paliad.legal_sources (
id uuid PRIMARY KEY DEFAULT gen_random_uuid(),
citation text NOT NULL UNIQUE, -- "DE.PatG.102", "UPC.RoP.220.1", …
jurisdiction text NOT NULL, -- DE|UPC|EPA|DPMA|other
pretty_de text NOT NULL, -- "§ 102 PatG"
pretty_en text NOT NULL, -- "Section 102 PatG"
notes text,
created_at timestamptz NOT NULL DEFAULT now(),
updated_at timestamptz NOT NULL DEFAULT now()
);
```
```sql
-- 3. Sequencing rules — the timing / trigger / condition mechanics that
-- today live alongside the procedural-event identity on deadline_rules.
-- One row per (procedural_event × proceeding × variant). The 10
-- "_archived_litigation.*" codes that today have 2-5 rows become
-- 2-5 sequencing_rules rows for the same procedural_events row.
CREATE TABLE paliad.sequencing_rules (
id uuid PRIMARY KEY DEFAULT gen_random_uuid(),
procedural_event_id uuid NOT NULL REFERENCES paliad.procedural_events(id),
proceeding_type_id integer REFERENCES paliad.proceeding_types(id),
parent_id uuid REFERENCES paliad.sequencing_rules(id), -- structural tree, today's parent_id
trigger_event_id bigint REFERENCES paliad.trigger_events(id), -- event-rooted variant
duration_value integer NOT NULL DEFAULT 0,
duration_unit text NOT NULL DEFAULT 'months',
timing text DEFAULT 'after',
alt_duration_value integer,
alt_duration_unit text,
alt_rule_code text, -- legacy free-text alt citation, retained
anchor_alt text,
combine_op text, -- max|min
condition_expr jsonb,
primary_party text, -- per-rule override of the procedural_event default
sequence_order integer NOT NULL DEFAULT 0,
is_spawn boolean NOT NULL DEFAULT false,
spawn_label text,
spawn_proceeding_type_id integer REFERENCES paliad.proceeding_types(id),
is_bilateral boolean NOT NULL DEFAULT false,
is_court_set boolean NOT NULL DEFAULT false,
priority text NOT NULL DEFAULT 'mandatory',
rule_code text, -- legacy short-form citation, retained on the rule
rule_codes text[], -- multi-citation array (mig pre-091)
deadline_notes text,
deadline_notes_en text,
lifecycle_state text NOT NULL DEFAULT 'published',
draft_of uuid REFERENCES paliad.sequencing_rules(id),
published_at timestamptz,
is_active boolean NOT NULL DEFAULT true,
created_at timestamptz NOT NULL DEFAULT now(),
updated_at timestamptz NOT NULL DEFAULT now()
);
```
```sql
-- 4. Rename downstream FK + add the link to procedural_events.
ALTER TABLE paliad.deadlines
ADD COLUMN procedural_event_id uuid REFERENCES paliad.procedural_events(id),
ADD COLUMN sequencing_rule_id uuid REFERENCES paliad.sequencing_rules(id);
-- (rule_id stays as a transitional alias during the dual-write window;
-- dropped at end of Slice B)
```
```sql
-- 5. Submission drafts: add procedural_event_id FK alongside submission_code.
ALTER TABLE paliad.submission_drafts
ADD COLUMN procedural_event_id uuid REFERENCES paliad.procedural_events(id);
-- (submission_code stays — it's the cosmetic anchor lawyers recognize
-- in URLs and chat, and it doubles as the procedural_events.code value)
```
### §4.2 What goes where (column-by-column map)
Every column on today's `paliad.deadline_rules` lands on exactly one of the three new tables:
| Today's `deadline_rules` column | Lands on | Notes |
|---|---|---|
| `id`, `created_at`, `updated_at` | `sequencing_rules` | The current row's identity becomes a sequencing-rule row. `procedural_events.id` is **new** — backfilled from `submission_code`. |
| `submission_code` | `procedural_events.code` | Promoted up. Multi-row codes (10 in corpus, all `_archived_litigation.*`) collapse to one row on the new table; the 2-5 sequencing rows hang off it. |
| `name`, `name_en`, `description` | `procedural_events` | Procedural-event identity. |
| `primary_party` | `procedural_events.primary_party_default` AND `sequencing_rules.primary_party` | Both. The procedural event has a default party (claimant for Klage etc.); the sequencing rule can override per-jurisdiction (bilateral variants — e.g. `litigation.reply` claimant vs defendant become two sequencing rows with overridden party). |
| `event_type` | `procedural_events.event_kind` | Hat 1, with rename to `event_kind` (term lock §2). |
| `legal_source` | `legal_sources.citation` + FK from `procedural_events.legal_source_id` | The citation moves to its own row; the procedural event points at it. `pretty_de` / `pretty_en` materialize the existing `legalSourcePretty()` function output as columns (with the function retained as the migration source). |
| `rule_code`, `alt_rule_code`, `rule_codes[]` | `sequencing_rules` | Short-form citation arrays stay on the sequencing rule — they're rule-specific. |
| `proceeding_type_id`, `parent_id`, `trigger_event_id`, `spawn_proceeding_type_id`, `is_spawn`, `spawn_label`, `is_bilateral`, `is_court_set`, `combine_op` | `sequencing_rules` | Hat 3 (mechanics) — exact copies. |
| `duration_value`, `duration_unit`, `timing`, `alt_duration_value`, `alt_duration_unit`, `anchor_alt` | `sequencing_rules` | Hat 3 (mechanics). |
| `condition_expr` (jsonb) | `sequencing_rules` | Hat 3. The grammar from mig 091 stays. |
| `priority`, `sequence_order` | `sequencing_rules` | Hat 3. |
| `is_active`, `lifecycle_state`, `draft_of`, `published_at` | **BOTH** `procedural_events` AND `sequencing_rules` | A procedural event can be retired independently of any one of its sequencing variants. Backfill: copy onto both during dual-write; new rows go through the rule-editor service which writes both sides together. |
| `concept_id` (FK to `deadline_concepts`) | `procedural_events.concept_id` | The concept layer (einstein 2026-05-08) attaches to the procedural event, not the sequencing rule. |
| `deadline_notes`, `deadline_notes_en` | `sequencing_rules` | They're rule-specific notes ("filing the appeal in DE costs €X if you also did Y") — not procedural-event-wide. |
Three columns disappear:
- The semantically-overloaded part of `event_type` (renamed to `event_kind` and moved).
- The "what is this thing" vs "how does it fire" name conflict — gone by construction.
- Any column that exists only because of the conflation (none of today's columns are pure overhead — they all carry data — so the count stays at 38 across the three new tables).
### §4.3 Indexes + RLS
`paliad.can_see_project()` is the canonical RLS predicate (mig 055). None of the three new tables hold project-scoped data — they're firm-wide reference tables. RLS = none, same posture as today's `deadline_rules` (which is firm-wide and unrestricted at the row level; access control is via the `lifecycle_state='published'` filter in the read paths).
Indexes inherited from today:
- `paliad.legal_sources(citation)` — UNIQUE.
- `paliad.procedural_events(code)` — UNIQUE.
- `paliad.procedural_events(concept_id)` — for the deadline-concept join.
- `paliad.sequencing_rules(procedural_event_id, proceeding_type_id, lifecycle_state)` — primary read path for the calculator.
- `paliad.sequencing_rules(parent_id)` — tree walk.
- `paliad.sequencing_rules(trigger_event_id)` — event-rooted variant.
---
## §5 Migration plan (Slice B — when it ships, not in this task)
Phased dual-write, so the cutover is **never** a single instant where the wire format flips. m gets to roll back any one phase with a `git revert` + an `ALTER TABLE` if a phase misbehaves in prod.
### §5.1 Phase 1 — Additive (no down-time)
1. Create `procedural_events`, `sequencing_rules`, `legal_sources`.
2. Backfill `legal_sources` from `DISTINCT legal_source` on `deadline_rules` (70 rows). Populate `pretty_de`/`pretty_en` by calling the existing `legalSourcePretty()` function in a one-shot SQL/Go shim during the migration. Verify `COUNT(DISTINCT legal_source FROM deadline_rules) = COUNT(*) FROM legal_sources`.
3. Backfill `procedural_events` from `DISTINCT submission_code` on `deadline_rules WHERE submission_code IS NOT NULL`. Take `name`, `name_en`, `event_type → event_kind`, `primary_party`, `concept_id`, `description` from the lowest-`id` rule row for each code (tie-breaker: lowest `sequence_order`). Verify `COUNT(*) FROM procedural_events = COUNT(DISTINCT submission_code FROM deadline_rules WHERE submission_code IS NOT NULL)` (= 158).
4. Backfill `sequencing_rules` 1:1 from `deadline_rules` (254 rows). FK `procedural_event_id` resolved by code lookup; sequencing-rule row inherits the `deadline_rules.id` (so existing `deadlines.rule_id` FKs continue to resolve via the new column for the dual-write window — see Phase 3).
5. Add `paliad.deadlines.procedural_event_id` + `sequencing_rule_id` columns, backfill from `deadlines.rule_id` join.
6. Add `paliad.submission_drafts.procedural_event_id`, backfill from `submission_code` join.
This phase ships behind a feature flag (or just behind unused code) — readers + writers stay on `deadline_rules`. No behavior change.
### §5.2 Phase 2 — Dual-write (no down-time)
7. Update `RuleEditorService` to write to both `deadline_rules` (legacy) and (`procedural_events`, `sequencing_rules`, `legal_sources`) on every Create/Update/Publish/Archive. Audit log writes one row per side.
8. Update read paths to **read from the new tables**, falling back to `deadline_rules` if the new row is missing (defense-in-depth during backfill catch-up).
9. Run for ≥ 1 week (m's call on length). Compare row counts and a hash digest of the union daily — if drift, surface.
### §5.3 Phase 3 — Cutover (no down-time, but reversible only via re-application of the dual-write)
10. Flip read paths to **only** the new tables (`SubmissionVarsService.loadPublishedRule`, `DeadlineRuleService.*`, `SubmissionService.list`, `ProjectionService`, `FristenrechnerCalc`, etc.).
11. Stop writing to `deadline_rules`.
12. `paliad.deadlines.rule_id` is kept as a no-op alias for one more week; new writes go to `procedural_event_id` + `sequencing_rule_id`.
13. `submission_drafts.submission_code` is kept as the URL anchor; the FK `procedural_event_id` is the primary join key going forward.
### §5.4 Phase 4 — Drop legacy (downtime window, destructive)
14. `paliad.deadline_rules_pre_<slice-B-mig>` snapshot of the entire table.
15. DROP TABLE paliad.deadline_rules (after CASCADE-safe FK rewires).
16. DROP COLUMN paliad.deadlines.rule_id (keep `rule_code` + `custom_rule_text` as the human-readable denormalized columns — they're the safety net for orphaned deadlines per t-paliad-258).
m grants this destructive phase its own window (precedent: mig 091 on 2026-05-15). Until then, the legacy table sits dormant.
### §5.5 Migration tracker
- Slice B uses migration numbers 124 (Phase 1 — create tables + backfill) and onward — a 4-5 migration sequence, one per phase boundary, mirroring the Phase 2/3 slicing that shipped under t-paliad-195.
- Each migration includes a `paliad.audit_reason = 'mig <n>: <slice-B-phase>'` set_config like mig 091 did, so the audit log captures the schema journey.
---
## §6 Service-layer impact
### §6.1 Slice A — prose-only changes
| File | Change |
|---|---|
| `internal/services/submission_vars.go` | `addRuleVars` → also emit `procedural_event.code`, `procedural_event.name`, `procedural_event.name_de`, `procedural_event.name_en`, `procedural_event.legal_source`, `procedural_event.legal_source_pretty`, `procedural_event.primary_party`, `procedural_event.event_kind` (8 new keys, 1:1 with the 8 existing `rule.*` keys, same values). Rename docstrings + the package-level placeholder map comment ("`rule.*`" → "`procedural_event.*` (with legacy alias `rule.*`)"). |
| `internal/services/deadline_rule_service.go` | Top-of-file comment + struct comment renames only. Method names stay (`DeadlineRuleService`, `GetByID`, etc.). |
| `internal/services/rule_editor_service.go` | Same. |
| `internal/services/projection_service.go`, `deadline_service.go`, `fristenrechner.go`, `submission_draft_service.go`, `event_trigger_service.go`, `event_deadline_service.go`, `proceeding_mapping.go`, `export_service.go` | No code changes. Comments mentioning "the rule"/"rules" stay accurate as long as the file is about sequencing — only services that surface the **identity** aspect of the rule (`submission_vars.go`) need a prose pass. |
| `internal/handlers/submissions.go` | No SQL change. Type+comment renames: the catalog response type stays `submissionListEntry` (it's still a Schriftsatz-level list); doc comments speak of "procedural events whose kind is filing" instead of "rules of type filing". |
| `internal/handlers/admin_rules.go` | URL path stays. JSON envelope stays. Page-render comments + log-line text shift to "procedural event". |
| `internal/handlers/submission_drafts.go`, `deadlines.go`, `fristenrechner.go` | No service-layer change. |
### §6.2 Slice B — structural
Mostly load-bearing; not enumerated here in detail (out of scope per (R)=C). The shape:
- `RuleEditorService` splits into `ProceduralEventService` + `SequencingRuleService` + `LegalSourceService`. The Save / Publish / Archive flow on the editor coordinates all three.
- `DeadlineRuleService.GetByID` becomes `SequencingRuleService.GetByID`; the `submission_code` lookup moves to `ProceduralEventService.GetByCode`.
- `SubmissionVarsService.loadPublishedRule` becomes `loadPublishedProceduralEvent` and returns a triple (`event`, `defaultSequencingRule`, `legalSource`); the variable-bag emission consumes all three.
- `ProjectionService` and the Fristenrechner calculator read from `sequencing_rules` (same column set, same logic — only the table name changes).
- `SubmissionService.list` (handlers/submissions.go) filters `procedural_events.event_kind IN ('filing', 'reply')`.
- Backfill orphans + audit triggers (mig 079 / 089) are re-pointed at `sequencing_rules` + a new `procedural_events_audit`.
---
## §7 UI / i18n impact
### §7.1 i18n keys (Slice A)
Existing keys (DE + EN) at `frontend/src/client/i18n.ts` lines ~2834-2920 and ~5800-5890 — surface area is *labels*, not *placeholders-in-Word*:
| Old key | New key (Slice A) | DE label | EN label |
|---|---|---|---|
| `admin.rules.list.title` | `admin.procedural_events.list.title` | "Verfahrensschritte verwalten — Paliad" | "Manage procedural events — Paliad" |
| `admin.rules.list.heading` | `admin.procedural_events.list.heading` | "Verfahrensschritte verwalten" | "Manage procedural events" |
| `admin.rules.list.subtitle` | `admin.procedural_events.list.subtitle` | "Verfahrensschritte anlegen, bearbeiten und freigeben. Lifecycle: draft → published → archived." | "Create, edit and publish procedural events. Lifecycle: draft → published → archived." |
| `admin.rules.list.new` | `admin.procedural_events.list.new` | "+ Neuer Verfahrensschritt" | "+ New procedural event" |
| `admin.rules.col.submission_code` | `admin.procedural_events.col.code` | "Code" (drop "/ Einreichung-Kennung" — the new heading already disambiguates) | "Code" |
| `admin.rules.col.legal_citation` | `admin.procedural_events.col.legal_source` | "Rechtsgrundlage" | "Legal source" |
| `admin.rules.col.name` | `admin.procedural_events.col.name` | "Bezeichnung" | "Name" |
| `admin.rules.col.proceeding` | `admin.procedural_events.col.proceeding` | "Verfahrenstyp" | "Proceeding" |
| `admin.rules.col.priority` | `admin.procedural_events.col.priority` | "Priorität" | "Priority" |
| `admin.rules.col.lifecycle` | `admin.procedural_events.col.lifecycle` | "Lifecycle" | "Lifecycle" |
| `admin.rules.col.modified` | `admin.procedural_events.col.modified` | "Zuletzt geändert" | "Last modified" |
| `admin.rules.edit.title` | `admin.procedural_events.edit.title` | "Verfahrensschritt bearbeiten — Paliad" | "Edit procedural event — Paliad" |
| `admin.rules.edit.heading.loading` | `admin.procedural_events.edit.heading.loading` | "Verfahrensschritt laden…" | "Loading procedural event…" |
| `admin.rules.edit.breadcrumb` | `admin.procedural_events.edit.breadcrumb` | "← Verfahrensschritte verwalten" | "← Manage procedural events" |
| `admin.rules.edit.field.submission_code` | `admin.procedural_events.edit.field.code` | "Code (Schriftsatz-Code / Einreichung-Kennung)" — keep the parenthetical so lawyers familiar with the old label know what they're looking at. | "Code (submission / procedural-event identifier)" |
| `admin.rules.edit.field.rule_code` | `admin.procedural_events.edit.field.short_citation` | "Rechtsgrundlage (Kurzform)" | "Legal source (short form)" |
| `admin.rules.edit.field.legal_source` | `admin.procedural_events.edit.field.legal_source` | "Rechtsgrundlage (Langform)" | "Legal source (long form)" |
| `admin.rules.edit.field.name` | `admin.procedural_events.edit.field.name` | "Bezeichnung (DE)" | "Name (DE)" |
| `admin.rules.edit.field.name_en` | `admin.procedural_events.edit.field.name_en` | "Bezeichnung (EN)" | "Name (EN)" |
| `admin.rules.edit.field.proceeding` | `admin.procedural_events.edit.field.proceeding` | "Verfahrenstyp" | "Proceeding type" |
| `admin.rules.edit.field.trigger` | `admin.procedural_events.edit.field.trigger` | "Trigger-Ereignis" | "Trigger event" |
| `admin.rules.edit.field.parent` | `admin.procedural_events.edit.field.parent` | "Übergeordneter Verfahrensschritt (UUID)" | "Parent procedural event (UUID)" |
| `admin.rules.edit.field.concept` | `admin.procedural_events.edit.field.concept` | "Konzept (UUID)" | "Concept (UUID)" |
| `admin.rules.edit.field.sequence_order` | `admin.procedural_events.edit.field.sequence_order` | "Reihenfolge" | "Order" |
| `admin.rules.edit.field.duration_value` | `admin.procedural_events.edit.field.duration_value` | "Dauer" | "Duration" |
| `admin.rules.edit.field.primary_party` | `admin.procedural_events.edit.field.primary_party` | "Partei (typisch)" | "Primary party" |
| `admin.rules.edit.field.event_type` | `admin.procedural_events.edit.field.event_kind` | "Art des Verfahrensschritts" | "Procedural-event kind" |
| `admin.rules.edit.field.description` | `admin.procedural_events.edit.field.description` | "Beschreibung" | "Description" |
**Legacy keys retained as aliases** so any existing translation imports or external integrations keep working — old keys point at the same DE/EN values during a deprecation window of one full Slice B cycle.
### §7.2 Variable-bag placeholders (Slice A)
`frontend/src/client/submission-draft.ts:155-185` — the catalog of placeholders the lawyer sees in the sidebar:
| Old placeholder (kept as legacy alias) | New canonical placeholder | DE label | EN label |
|---|---|---|---|
| `{{rule.submission_code}}` | `{{procedural_event.code}}` | "Code (Verfahrensschritt)" | "Code (procedural event)" |
| `{{rule.name}}` | `{{procedural_event.name}}` | "Bezeichnung" | "Name" |
| `{{rule.name_de}}` | `{{procedural_event.name_de}}` | "Bezeichnung (DE)" | "Name (DE)" |
| `{{rule.name_en}}` | `{{procedural_event.name_en}}` | "Bezeichnung (EN)" | "Name (EN)" |
| `{{rule.legal_source}}` | `{{procedural_event.legal_source}}` | "Rechtsgrundlage (Code)" | "Legal source (code)" |
| `{{rule.legal_source_pretty}}` | `{{procedural_event.legal_source_pretty}}` | "Rechtsgrundlage" | "Legal source" |
| `{{rule.primary_party}}` | `{{procedural_event.primary_party}}` | "Partei (typisch)" | "Primary party" |
| `{{rule.event_type}}` | `{{procedural_event.event_kind}}` | "Art des Verfahrensschritts" | "Procedural-event kind" |
The catalog renders the canonical name in the "copy-this-placeholder" button. The variable bag (`submission_vars.go`) emits both names with identical values, so any Word template the lawyer already has continues to work; new templates are encouraged to use the canonical name.
### §7.3 Admin rule-editor form (Slice A)
`frontend/src/admin-rules-edit.tsx:74-110` — i18n key rebinds + heading text update. The DOM `id` attributes (`f-submission-code`, `f-rule-code`, `f-legal-source`, …) stay — they're internal, the rename here is cosmetic, the form still POSTs the same JSON envelope (Slice A doesn't touch the API). The fieldset `legend` for the "Identität" section changes to "Verfahrensschritt-Identität" (DE) / "Procedural-event identity" (EN). The "Verfahren & Trigger" section heading stays — that section is about sequencing, and Slice A doesn't rename sequencing-level labels (those are Slice B).
### §7.4 Project-detail Schriftsätze tab + dashboard
`frontend/src/client/submissions.ts`, `submissions-index.ts`: no surface-level label change in Slice A. The Schriftsätze tab continues to show Schriftsätze (the lawyer's preferred term for *filings specifically*). The tab is a filtered view onto procedural events of kind `filing`/`reply` — that distinction surfaces only in admin contexts.
### §7.5 Help text + docs
A short addition to the in-app help: "What is a procedural event?" — one-paragraph definition explaining the umbrella term, with examples (Klage, Klageerwiderung, mündliche Verhandlung, Endurteil). Stored in `frontend/src/client/i18n.ts` under `help.procedural_events.intro`. Out of scope for the URL/router changes — added as static copy where it fits naturally.
---
## §8 Slice plan
### §8.1 Slice A (this design's downstream task)
**Scope:** prose-only rename per §3 ("renamed in Slice A" list).
**Mechanics:**
1. Add 8 new placeholder keys to the variable bag in `submission_vars.go` (1:1 with the existing 8 `rule.*` keys). Keep the legacy keys.
2. Update `frontend/src/client/submission-draft.ts` placeholder catalog labels.
3. Rebind admin i18n keys per §7.1 (with legacy keys retained).
4. Update admin page titles + section headings.
5. Update Go struct comments + service docstrings in `submission_vars.go`, `deadline_rule_service.go`, `rule_editor_service.go`, `submission_draft_service.go`, `submissions.go` handler. No code-flow change.
6. Update `internal/handlers/submissions.go` doc comments.
7. Add a short `docs/glossary.md` entry (or extend an existing one) for "procedural event" / "Verfahrensschritt" — single source of truth for the term.
8. Tests: rename strings in existing test fixtures + add a regression test that the variable bag emits **both** the legacy `rule.X` and the canonical `procedural_event.X` keys with the same value. (Critical — without this test, a future commit could drop the legacy alias and silently break user templates.)
9. Manual smoke: open the admin rule editor, confirm the new title appears. Open the submission-draft editor, confirm both `{{rule.X}}` and `{{procedural_event.X}}` placeholders are listed (with canonical first). Generate a `.docx` from a project using each placeholder name — both render identically.
**Risk:** very low. No DB change, no API change, fully reversible.
**No hours estimate per project CLAUDE.md.**
### §8.2 Slice B (separate mai task — designed here, hired later)
**Scope:** structural rework per §4 + §5.
**Mechanics:** Phase 1 → Phase 4 per §5.
**Prerequisite:** m greenlights via a new mai task with this doc + §11's open items addressed. **Not part of Slice A.**
**Sub-slices (suggested for Slice B's own task):**
- **B.0** — Re-validate this doc's premises against live DB (numbers shift over weeks).
- **B.1** — Phase 1 additive migration + backfill (mig 124).
- **B.2** — Phase 2 dual-write + read-fallback.
- **B.3** — Phase 3 read cutover (no schema change).
- **B.4** — Phase 4 destructive drop (downtime window).
- **B.5** — Rename Go types `DeadlineRule``SequencingRule` + `ProceduralEvent`; rename JSON API envelope keys with a deprecation header. Independent of B.4.
- **B.6** — Rename admin URL paths `/admin/rules``/admin/procedural-events` with redirects. Optional / low-priority.
### §8.3 Why splitting is the right call
The conflation is real, but the *fix* for the most-painful surface (the editor sidebar) is independent of the table restructure. Splitting lets m ship the fix this week, see whether the prose change alone resolves enough of the cognitive friction, and then decide whether the structural rework is still worth the migration cost. If after Slice A m says "this reads fine now, B isn't worth it", that's a legitimate outcome — Slice B is a *good* refactor, not an *urgent* one.
---
## §9 Risk assessment
### §9.1 Slice A risks
| Risk | Likelihood | Severity | Mitigation |
|---|---|---|---|
| Lawyer's existing Word template has `{{rule.submission_code}}` baked in; a future commit drops the legacy alias and breaks templates. | Low (Slice A keeps the alias) | High if it happens | Regression test (§8.1 step 8) asserts both keys emit. Add an audit-log line on every variable-bag call recording which keys were consumed by the merge engine — gives a 30-day window of evidence before we'd consider deprecating the legacy keys. |
| i18n key rename misses a binding, leaving an English string visible to a DE user. | Medium | Low | The build pipeline (`bun test` / `bun build`) fails on missing i18n keys in `i18n-keys.ts`. Add the new keys to the type union; leave the old keys in the union with `@deprecated` JSDoc. |
| Renamed admin page heading confuses returning admin users ("Where did 'Regeln verwalten' go?"). | Medium | Low | One-time changelog entry; the URL `/admin/rules` is unchanged so muscle memory still lands them on the page. Internal users only (whitelist-gated). |
| Slice A reads as "we're done" and Slice B never ships. | Medium | Medium (the model stays wrong) | This doc files the Slice B design as a separate task entry **before** Slice A merges, so the to-do is visible. m's call whether to schedule it. |
### §9.2 Slice B risks (deferred; recorded for the future task)
| Risk | Mitigation |
|---|---|
| Backfill collapses too eagerly: 10 multi-row submission_codes today are `_archived_litigation.*` — confirm they should collapse into one procedural event with 2-5 sequencing variants, vs. each row becoming its own procedural event. | The `_archived_litigation.*` codes are archived per their prefix — collapse is safe. **Decision-flag for Slice B's own design pass.** |
| `deadline_concepts` linkage (125 of 254 rules link to a concept) — does the concept attach to the procedural event or the sequencing rule? §4.2 says procedural event; verify this is right when re-validating premises in B.0. | Read-path audit: every consumer that joins `deadline_rules.concept_id` (rule_editor, projection, fristenrechner) operates on the rule-level today. Reconfirm none of them depend on per-jurisdiction concept-attachment. |
| The dual-write window introduces drift if a write hits one side and fails on the other. | Atomicity via single transaction per write in `RuleEditorService`. Daily drift-check job (one SELECT pair, alert if mismatched). |
| `paliad.deadlines.rule_id` (1 live row, but more in future) — backfilling `procedural_event_id` + `sequencing_rule_id` must not orphan the live row. | The 1 live row joins cleanly. Backfill in the same migration that adds the new columns. |
| The submission-draft `submission_code` text key — what if two `procedural_events.code` values collide post-rename (e.g. a draft was saved against a code that we then archive)? | Slice B Phase 1 enforces `procedural_events.code UNIQUE`; the backfill verifies no collision on the existing 158 distinct values. Drafts with codes that no longer exist as published procedural events are handled by the existing `submission_drafts.submission_code` text fallback (no FK enforcement). |
| Slice B's API-key rename (`submission_code``code` in JSON) breaks external integrations. | None exist today (paliad is internal-only); add a one-Slice deprecation header (`X-Deprecated-Field: submission_code`) before flipping. |
| **Coordination risk with future fristen/calculator work.** The Fristenrechner calculator reads `deadline_rules` directly today. Slice B Phase 2's read-fallback handles this, but a parallel calculator feature in flight could land changes that need re-merging. | B.0's job: confirm no in-flight task touches `deadline_rules` table shape before scheduling. |
### §9.3 What rolls Slice A back
`git revert <slice-a-commit>` + reload. Zero data side-effects (no DB writes). 30 seconds.
### §9.4 What rolls Slice B back
Per phase — Phases 1-3 reversible via reverting code + `DROP TABLE`. Phase 4 reversible only by restoring `deadline_rules` from the `_pre_<n>` snapshot taken at the start of Phase 4. Same posture as mig 091 — m's call when to commit to this point.
---
## §10 Out of scope
- **Renaming `paliad.events`** (the audit feed). Distinct table, distinct concept. The umbrella-term lock (§2) deliberately uses "procedural event" not "event" to avoid colliding with it.
- **Renaming `paliad.deadline_concepts`** to align with the procedural-event taxonomy. The concept layer is the cross-proceeding semantic bridge (einstein 2026-05-08 Q5); the relationship "procedural event has-a concept" already reads cleanly under the new term.
- **Per-jurisdiction variations of the same procedural event** (issue body's explicit out-of-scope). The 10 multi-row codes in the corpus today stay multi-row.
- **Multi-tenant / cross-firm sharing of procedural events** — paliad is single-tenant per deploy via `FIRM_NAME`; cross-firm is a separate design.
- **einstein's `proceeding_event_edges` graph proposal.** That design proposed a graph of typed event-types connected by typed edges. This design's procedural-events / sequencing-rules split is **compatible** with that graph shape (the edges would attach to procedural-event-IDs rather than sequencing-rule-IDs), but the graph layer is a Slice C, not Slice B. Flagged for future continuity, not part of either slice here.
- **Renaming Go type `DeadlineRule` to `SequencingRule` or `ProceduralEvent` in Slice A.** Slice A is prose; Slice B's B.5 sub-slice handles the type rename. Coupling them costs the reversibility property.
- **API-envelope key renames** (`submission_code``code`, `event_type``event_kind` on the wire). Slice B only.
- **URL path renames** (`/admin/rules``/admin/procedural-events`). Slice B.6, optional.
- **Touching `paliad.trigger_events`** beyond keeping the FK path open (today `deadline_rules.trigger_event_id`; Slice B maps to `sequencing_rules.trigger_event_id`).
- **Touching `paliad.event_categories` / Pathway-B navigation.** Independent layer.
---
## §11 Open questions for m (escalated via `mai instruct head` per project CLAUDE.md)
Per project CLAUDE.md "Head answers questions — NO AskUserQuestion" rule, these are surfaced to head, not picked-as-chip with the user.
| ID | Question | Inventor recommendation | Material to head? |
|---|---|---|---|
| **Q1** | Scope: cosmetic-only (A) · full restructure (B) · cosmetic now + B as planned follow-up (C). | **(R) = C** | Yes — material. Defines whether Slice B is hired today or filed as a future task. |
| **Q2** | Umbrella term: "procedural event" (DE: Verfahrensschritt) · "submission" (filings only) · "Verfahrensereignis" · other. | **(R) = procedural event / Verfahrensschritt** | Yes — material. The term ripples through every label in §7. Inventor's pick is the canonical choice; head can override with a single message. |
| **Q3** | Slice B migration shape: confirmed (§4 + §5) or rescope. | **(R) = §4 + §5 as written, decision deferred until Slice B is hired** | No — informational. Locked when Slice B's own design pass runs. |
| **Q4** | Effect on Schriftsätze surface: filter `procedural_events.event_kind IN ('filing', 'reply')` is acceptable replacement for today's `event_type='filing'`. | **(R) = yes, semantically equivalent under Slice B; no behavior change to lawyer.** | No — informational. |
| **Q5** | Are the 10 archived multi-row submission_codes (`_archived_litigation.*`) safe to collapse into single procedural events with multiple sequencing variants in Slice B? | **(R) = yes, prefix indicates archival; collapse-safe.** | No — informational, defers to Slice B. |
| **Q6** | `concept_id` attaches to procedural event, not sequencing rule. Confirmable? | **(R) = yes, per §4.2 (one concept per identity, not per jurisdiction).** | No — informational, defers to Slice B. |
| **Q7** | Keep the legacy `{{rule.X}}` placeholder aliases **forever**, or set a deprecation horizon (e.g. 1 year)? | **(R) = forever, with `@deprecated` annotation in the catalog. Removing them risks breaking lawyer-authored templates that paliad doesn't see.** | Yes — material to Slice A's contract (test in §8.1 step 8 asserts both keys emit). |
| **Q8** | Document side: update m/paliad#93 issue body to fix the `deadlines.deadline_rule_id``deadlines.rule_id` typo (§1 last paragraph). | **(R) = yes, head's call when to edit.** | No — informational, doc hygiene. |
| **Q9** | After Slice A ships, do we file Slice B as a new mai task **now** (so it's visible), or wait for m to ask? | **(R) = file now, status:planning, no owner. Visibility >> deferred surprise.** | Yes — material to "does the model stay wrong forever". |
Q1, Q2, Q7, Q9 are the four head needs to answer before the coder shift. Q3-Q6, Q8 defer cleanly.
---
## §12 Appendix — verbatim m quote
From m's report 2026-05-25 15:02 (paliad#93 body):
> This shows how our 'rule' table system may need a revision?! It feels like we are rule based not submission based. But here we have a specific submission that is connected to a rule (as in: legal norm). And of course also connected to other 'procedural events' (which is a good term for it all) by rules how they are sequenced. But it makes it sound weird in the fields...
The design above takes m's three-way split — *the procedural event* / *the legal norm* / *the rule by which they are sequenced* — at face value and turns it into a column-level map (§4.2), a slice plan (§8), and a deprecation contract (§9.1).
---
*End of design.*

1018
docs/design-submission-generator-v2-2026-05-26.md
View File

File diff suppressed because it is too large Load Diff

6
frontend/build.ts
View File

@@ -40,13 +40,13 @@ import { renderAdminTeam } from "./src/admin-team";
import { renderAdminAuditLog } from "./src/admin-audit-log";
import { renderAdminPartnerUnits } from "./src/admin-partner-units";
import { renderAdminEmailTemplates } from "./src/admin-email-templates";
import { renderAdminSubmissionBuildingBlocks } from "./src/admin-submission-building-blocks";
import { renderAdminEmailTemplatesEdit } from "./src/admin-email-templates-edit";
import { renderAdminEventTypes } from "./src/admin-event-types";
import { renderAdminApprovalPolicies } from "./src/admin-approval-policies";
import { renderAdminBroadcasts } from "./src/admin-broadcasts";
import { renderAdminRulesList } from "./src/admin-rules-list";
import { renderAdminRulesEdit } from "./src/admin-rules-edit";
import { renderAdminRulesExport } from "./src/admin-rules-export";
import { renderPaliadin } from "./src/paliadin";
import { renderAdminPaliadin } from "./src/admin-paliadin";
import { renderAdminBackups } from "./src/admin-backups";
@@ -279,12 +279,12 @@ async function build() {
join(import.meta.dir, "src/client/admin-partner-units.ts"),
join(import.meta.dir, "src/client/admin-email-templates.ts"),
join(import.meta.dir, "src/client/admin-email-templates-edit.ts"),
join(import.meta.dir, "src/client/admin-submission-building-blocks.ts"),
join(import.meta.dir, "src/client/admin-event-types.ts"),
join(import.meta.dir, "src/client/admin-approval-policies.ts"),
join(import.meta.dir, "src/client/admin-broadcasts.ts"),
join(import.meta.dir, "src/client/admin-rules-list.ts"),
join(import.meta.dir, "src/client/admin-rules-edit.ts"),
join(import.meta.dir, "src/client/admin-rules-export.ts"),
join(import.meta.dir, "src/client/paliadin.ts"),
// t-paliad-161 — inline Paliadin widget. Loaded via the
// PaliadinWidget component on every authenticated page, so the
@@ -411,12 +411,12 @@ async function build() {
await Bun.write(join(DIST, "admin-partner-units.html"), renderAdminPartnerUnits());
await Bun.write(join(DIST, "admin-email-templates.html"), renderAdminEmailTemplates());
await Bun.write(join(DIST, "admin-email-templates-edit.html"), renderAdminEmailTemplatesEdit());
await Bun.write(join(DIST, "admin-submission-building-blocks.html"), renderAdminSubmissionBuildingBlocks());
await Bun.write(join(DIST, "admin-event-types.html"), renderAdminEventTypes());
await Bun.write(join(DIST, "admin-approval-policies.html"), renderAdminApprovalPolicies());
await Bun.write(join(DIST, "admin-broadcasts.html"), renderAdminBroadcasts());
await Bun.write(join(DIST, "admin-rules-list.html"), renderAdminRulesList());
await Bun.write(join(DIST, "admin-rules-edit.html"), renderAdminRulesEdit());
await Bun.write(join(DIST, "admin-rules-export.html"), renderAdminRulesExport());
await Bun.write(join(DIST, "paliadin.html"), renderPaliadin());
await Bun.write(join(DIST, "admin-paliadin.html"), renderAdminPaliadin());
await Bun.write(join(DIST, "admin-backups.html"), renderAdminBackups());

16
frontend/src/admin-rules-edit.tsx
View File

@@ -5,7 +5,7 @@ import { BottomNav } from "./components/BottomNav";
import { Footer } from "./components/Footer";
import { PWAHead } from "./components/PWAHead";
// /admin/procedural-events/{id}/edit — Slice 11b (t-paliad-192). Form for the full
// /admin/rules/{id}/edit — Slice 11b (t-paliad-192). Form for the full
// 37-column rule row plus a side panel with the preview widget and the
// audit-log timeline. Lifecycle action bar at the bottom adapts to the
// rule's current state (draft/published/archived). Every write goes
@@ -26,12 +26,12 @@ export function renderAdminRulesEdit(): string {
<meta name="apple-mobile-web-app-capable" content="yes" />
<meta name="apple-mobile-web-app-status-bar-style" content="default" />
<PWAHead />
<title data-i18n="admin.procedural_events.edit.title">Regel bearbeiten &mdash; Paliad</title>
<title data-i18n="admin.rules.edit.title">Regel bearbeiten &mdash; Paliad</title>
<link rel="stylesheet" href="/assets/global.css" />
</head>
<body className="has-sidebar">
<Sidebar currentPath="/admin/procedural-events" />
<BottomNav currentPath="/admin/procedural-events" />
<Sidebar currentPath="/admin/rules" />
<BottomNav currentPath="/admin/rules" />
<main>
<section className="tool-page">
@@ -39,7 +39,7 @@ export function renderAdminRulesEdit(): string {
<div className="tool-header admin-rules-edit-header">
<div>
<p className="admin-rules-breadcrumb">
<a href="/admin/procedural-events" data-i18n="admin.procedural_events.edit.breadcrumb">&larr; Regeln verwalten</a>
<a href="/admin/rules" data-i18n="admin.rules.edit.breadcrumb">&larr; Regeln verwalten</a>
</p>
<h1 id="rules-edit-heading" data-i18n="admin.rules.edit.heading.loading">Regel laden...</h1>
<div className="admin-rules-edit-meta">
@@ -71,7 +71,7 @@ export function renderAdminRulesEdit(): string {
</div>
<div className="admin-rules-edit-row">
<div className="form-field">
<label htmlFor="f-submission-code" data-i18n="admin.procedural_events.edit.field.code">Submission Code / Einreichung-Kennung</label>
<label htmlFor="f-submission-code" data-i18n="admin.rules.edit.field.submission_code">Submission Code / Einreichung-Kennung</label>
<input type="text" id="f-submission-code" className="admin-rules-input" readonly placeholder="z. B. upc.inf.cfi.soc" />
</div>
<div className="form-field">
@@ -103,7 +103,7 @@ export function renderAdminRulesEdit(): string {
</div>
<div className="admin-rules-edit-row">
<div className="form-field">
<label htmlFor="f-parent" data-i18n="admin.procedural_events.edit.field.parent">Parent-Regel (UUID)</label>
<label htmlFor="f-parent" data-i18n="admin.rules.edit.field.parent">Parent-Regel (UUID)</label>
<input type="text" id="f-parent" className="admin-rules-input" placeholder="UUID oder leer" />
</div>
<div className="form-field">
@@ -184,7 +184,7 @@ export function renderAdminRulesEdit(): string {
<input type="text" id="f-primary-party" className="admin-rules-input" />
</div>
<div className="form-field">
<label htmlFor="f-event-type" data-i18n="admin.procedural_events.edit.field.event_kind">Event-Typ (frei)</label>
<label htmlFor="f-event-type" data-i18n="admin.rules.edit.field.event_type">Event-Typ (frei)</label>
<input type="text" id="f-event-type" className="admin-rules-input" />
</div>
</div>

80
frontend/src/admin-rules-export.tsx Normal file
View File

@@ -0,0 +1,80 @@
import { h } from "./jsx";
import { Sidebar } from "./components/Sidebar";
import { PaliadinWidget } from "./components/PaliadinWidget";
import { BottomNav } from "./components/BottomNav";
import { Footer } from "./components/Footer";
import { PWAHead } from "./components/PWAHead";
// /admin/rules/export — Slice 11b (t-paliad-192). Surfaces the
// GET /admin/api/rules/export-migrations endpoint as a SQL preview the
// editor can copy or download. Optional ?since=<audit-id> query lets
// the editor scope the export to a particular audit window — empty =
// every un-exported audit row.
export function renderAdminRulesExport(): string {
return "<!DOCTYPE html>" + (
<html lang="de">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1, viewport-fit=cover" />
<meta name="theme-color" content="#BFF355" />
<meta name="apple-mobile-web-app-capable" content="yes" />
<meta name="apple-mobile-web-app-status-bar-style" content="default" />
<PWAHead />
<title data-i18n="admin.rules.export.title">Regel-Migrations exportieren &mdash; Paliad</title>
<link rel="stylesheet" href="/assets/global.css" />
</head>
<body className="has-sidebar">
<Sidebar currentPath="/admin/rules" />
<BottomNav currentPath="/admin/rules" />
<main>
<section className="tool-page">
<div className="container">
<div className="tool-header">
<div>
<p className="admin-rules-breadcrumb">
<a href="/admin/rules" data-i18n="admin.rules.export.breadcrumb">&larr; Regeln verwalten</a>
</p>
<h1 data-i18n="admin.rules.export.heading">Regel-Migrations exportieren</h1>
<p className="tool-subtitle" data-i18n="admin.rules.export.subtitle">
Generiert ein <code>*.up.sql</code>-Blob mit allen unsynchronisierten Audit-Ver&auml;nderungen.
Manuell in <code>internal/db/migrations/</code> einchecken.
</p>
</div>
</div>
<div className="admin-rules-export-controls">
<div className="form-field">
<label htmlFor="export-since" data-i18n="admin.rules.export.field.since">Startend ab Audit-ID (optional)</label>
<input type="text" id="export-since" className="admin-rules-input" placeholder="UUID, leer = alle un-exportierten" />
</div>
<button type="button" id="export-run" className="btn-primary" data-i18n="admin.rules.export.run">
Export generieren
</button>
<button type="button" id="export-download" className="btn-secondary" style="display:none" data-i18n="admin.rules.export.download">
Als Datei herunterladen
</button>
<button type="button" id="export-copy" className="btn-secondary" style="display:none" data-i18n="admin.rules.export.copy">
In Zwischenablage kopieren
</button>
</div>
<div id="export-feedback" className="form-msg" style="display:none" />
<div className="admin-rules-export-summary" id="export-summary" style="display:none">
<span id="export-summary-count" />
<span id="export-summary-latest" />
</div>
<pre id="export-output" className="admin-rules-export-pre" />
</div>
</section>
</main>
<Footer />
<PaliadinWidget />
<script src="/assets/admin-rules-export.js"></script>
</body>
</html>
);
}

17
frontend/src/admin-rules-list.tsx
View File

@@ -5,7 +5,7 @@ import { BottomNav } from "./components/BottomNav";
import { Footer } from "./components/Footer";
import { PWAHead } from "./components/PWAHead";
// /admin/procedural-events — Slice 11b (t-paliad-192). Filterable rule table + an
// /admin/rules — Slice 11b (t-paliad-192). Filterable rule table + an
// Orphans tab that surfaces the Slice 10 fuzzy-match staging rows so an
// admin can hand-bind each legacy deadline to one of the candidate
// rule_ids. Both surfaces share the same page shell to keep navigation
@@ -21,25 +21,28 @@ export function renderAdminRulesList(): string {
<meta name="apple-mobile-web-app-capable" content="yes" />
<meta name="apple-mobile-web-app-status-bar-style" content="default" />
<PWAHead />
<title data-i18n="admin.procedural_events.list.title">Regeln verwalten &mdash; Paliad</title>
<title data-i18n="admin.rules.list.title">Regeln verwalten &mdash; Paliad</title>
<link rel="stylesheet" href="/assets/global.css" />
</head>
<body className="has-sidebar">
<Sidebar currentPath="/admin/procedural-events" />
<BottomNav currentPath="/admin/procedural-events" />
<Sidebar currentPath="/admin/rules" />
<BottomNav currentPath="/admin/rules" />
<main>
<section className="tool-page">
<div className="container">
<div className="tool-header">
<div>
<h1 data-i18n="admin.procedural_events.list.heading">Regeln verwalten</h1>
<h1 data-i18n="admin.rules.list.heading">Regeln verwalten</h1>
<p className="tool-subtitle" data-i18n="admin.rules.list.subtitle">
Fristen-Regeln anlegen, bearbeiten und freigeben. Lifecycle: draft &rarr; published &rarr; archived.
</p>
</div>
<div className="admin-rules-header-actions">
<button type="button" id="rules-new-btn" className="btn-primary" data-i18n="admin.procedural_events.list.new">
<a href="/admin/rules/export" className="btn-secondary" data-i18n="admin.rules.list.export">
Migrations exportieren
</a>
<button type="button" id="rules-new-btn" className="btn-primary" data-i18n="admin.rules.list.new">
+ Neue Regel
</button>
</div>
@@ -101,7 +104,7 @@ export function renderAdminRulesList(): string {
<table className="entity-table admin-rules-table">
<thead>
<tr>
<th data-i18n="admin.procedural_events.col.code">Submission Code</th>
<th data-i18n="admin.rules.col.submission_code">Submission Code</th>
<th data-i18n="admin.rules.col.legal_citation">Rechtsgrundlage</th>
<th data-i18n="admin.rules.col.name">Name</th>
<th data-i18n="admin.rules.col.proceeding">Verfahrenstyp</th>

77
frontend/src/admin-submission-building-blocks.tsx
View File

@@ -1,77 +0,0 @@
import { h } from "./jsx";
import { Sidebar } from "./components/Sidebar";
import { PaliadinWidget } from "./components/PaliadinWidget";
import { BottomNav } from "./components/BottomNav";
import { Footer } from "./components/Footer";
import { PWAHead } from "./components/PWAHead";
// /admin/submission-building-blocks — Composer building-blocks library
// editor (t-paliad-315 Slice C). Three-pane layout: list on the left,
// edit form in the middle, version log on the right. Hydrated by
// client/admin-submission-building-blocks.ts from
// GET /api/admin/submission-building-blocks.
export function renderAdminSubmissionBuildingBlocks(): string {
return "<!DOCTYPE html>" + (
<html lang="de">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1, viewport-fit=cover" />
<meta name="theme-color" content="#BFF355" />
<meta name="apple-mobile-web-app-capable" content="yes" />
<meta name="apple-mobile-web-app-status-bar-style" content="default" />
<PWAHead />
<title data-i18n="admin.building_blocks.title">Bausteine &mdash; Paliad</title>
<link rel="stylesheet" href="/assets/global.css" />
</head>
<body className="has-sidebar">
<Sidebar currentPath="/admin/submission-building-blocks" />
<BottomNav currentPath="/admin/submission-building-blocks" />
<main>
<section className="tool-page">
<div className="container">
<div className="tool-header">
<div>
<h1 data-i18n="admin.building_blocks.heading">Bausteine</h1>
<p className="tool-subtitle" data-i18n="admin.building_blocks.subtitle">
Wiederverwendbare Textbausteine f&uuml;r Composer-Abschnitte.
</p>
</div>
<div className="tool-header-actions">
<button
type="button"
id="admin-bb-new-btn"
className="btn-primary btn-cta-lime"
data-i18n="admin.building_blocks.action.new">
+ Neuer Baustein
</button>
</div>
</div>
<div id="admin-bb-feedback" className="form-msg" style="display:none" />
<div className="admin-bb-layout">
<aside className="admin-bb-list" id="admin-bb-list">
<div className="admin-bb-loading" data-i18n="admin.building_blocks.loading">L&auml;dt&hellip;</div>
</aside>
<section className="admin-bb-editor" id="admin-bb-editor">
<p className="admin-bb-empty" data-i18n="admin.building_blocks.editor.empty">
W&auml;hlen Sie einen Baustein aus der Liste &mdash; oder erstellen Sie einen neuen.
</p>
</section>
<aside className="admin-bb-versions" id="admin-bb-versions" />
</div>
</div>
</section>
</main>
<Footer />
<PaliadinWidget />
<script src="/assets/admin-submission-building-blocks.js"></script>
</body>
</html>
);
}

2
frontend/src/admin.tsx
View File

@@ -95,7 +95,7 @@ export function renderAdmin(): string {
<h2 data-i18n="admin.card.approval_policies.title">Genehmigungspflichten</h2>
<p data-i18n="admin.card.approval_policies.desc">4-Augen-Pr&uuml;fung pro Projekt und Partner Unit konfigurieren.</p>
</a>
<a href="/admin/procedural-events" className="card card-link">
<a href="/admin/rules" className="card card-link">
<div className="card-icon" dangerouslySetInnerHTML={{ __html: ICON_TABLE }} />
<h2 data-i18n="admin.card.rules.title">Regeln verwalten</h2>
<p data-i18n="admin.card.rules.desc">Fristen-Regeln anlegen, bearbeiten, publishen. Audit-Log, Preview, Migration-Export.</p>

18
frontend/src/client/admin-rules-edit.ts
View File

@@ -1,7 +1,7 @@
import { initI18n, onLangChange, t, tDyn, getLang } from "./i18n";
import { initSidebar } from "./sidebar";
// admin-rules-edit.ts — /admin/procedural-events/{id}/edit. Loads a single rule
// admin-rules-edit.ts — /admin/rules/{id}/edit. Loads a single rule
// row, drives every form field, the preview widget, the audit-log
// timeline and the lifecycle action bar. Every write is gated behind
// a reason modal — the ≥10-char rule is enforced client-side per
@@ -106,7 +106,7 @@ function fmtDateTime(iso: string): string {
}
function parseRuleIDFromPath(): string {
// /admin/procedural-events/{uuid}/edit
// /admin/rules/{uuid}/edit
const m = /^\/admin\/rules\/([^\/]+)\/edit\/?$/.exec(window.location.pathname);
return m ? decodeURIComponent(m[1]) : "";
}
@@ -179,7 +179,7 @@ function fillProceedingSelect(selectId: string, list: ProceedingType[]) {
}
async function loadRule(): Promise<void> {
const resp = await fetch(`/admin/api/procedural-events/${encodeURIComponent(ruleId)}`);
const resp = await fetch(`/admin/api/rules/${encodeURIComponent(ruleId)}`);
if (!resp.ok) {
if (resp.status === 404) {
showFeedback(t("admin.rules.edit.error.not_found") || "Regel nicht gefunden.", true);
@@ -198,7 +198,7 @@ async function loadAudit(reset: boolean = true): Promise<void> {
auditEntries = [];
auditOffset = 0;
}
const resp = await fetch(`/admin/api/procedural-events/${encodeURIComponent(ruleId)}/audit?offset=${auditOffset}&limit=${AUDIT_PAGE}`);
const resp = await fetch(`/admin/api/rules/${encodeURIComponent(ruleId)}/audit?offset=${auditOffset}&limit=${AUDIT_PAGE}`);
if (!resp.ok) return;
const body = await resp.json();
const rows = Array.isArray(body) ? body as AuditEntry[] : [];
@@ -508,7 +508,7 @@ async function doSaveDraft(reason: string) {
return;
}
payload.reason = reason;
const resp = await fetch(`/admin/api/procedural-events/${encodeURIComponent(ruleId)}`, {
const resp = await fetch(`/admin/api/rules/${encodeURIComponent(ruleId)}`, {
method: "PATCH",
headers: { "Content-Type": "application/json" },
body: JSON.stringify(payload),
@@ -530,7 +530,7 @@ async function doSaveDraft(reason: string) {
async function doLifecycle(op: "publish" | "archive" | "restore", reason: string) {
const msg = document.getElementById("rules-action-modal-msg") as HTMLElement;
const resp = await fetch(`/admin/api/procedural-events/${encodeURIComponent(ruleId)}/${op}`, {
const resp = await fetch(`/admin/api/rules/${encodeURIComponent(ruleId)}/${op}`, {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({ reason }),
@@ -552,7 +552,7 @@ async function doLifecycle(op: "publish" | "archive" | "restore", reason: string
async function doClone(reason: string) {
const msg = document.getElementById("rules-action-modal-msg") as HTMLElement;
const resp = await fetch(`/admin/api/procedural-events/${encodeURIComponent(ruleId)}/clone-as-draft`, {
const resp = await fetch(`/admin/api/rules/${encodeURIComponent(ruleId)}/clone-as-draft`, {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({ reason }),
@@ -565,7 +565,7 @@ async function doClone(reason: string) {
return;
}
const newRule = await resp.json() as Rule;
window.location.href = `/admin/procedural-events/${encodeURIComponent(newRule.id)}/edit`;
window.location.href = `/admin/rules/${encodeURIComponent(newRule.id)}/edit`;
}
// --------------------------------------------------------------------
@@ -591,7 +591,7 @@ async function runPreview() {
if (flagsRaw) qs.set("flags", flagsRaw);
out.innerHTML = `<p class="admin-rules-loading">${esc(t("admin.rules.edit.preview.running") || "Berechne...")}</p>`;
out.style.display = "";
const resp = await fetch(`/admin/api/procedural-events/${encodeURIComponent(ruleId)}/preview?${qs.toString()}`);
const resp = await fetch(`/admin/api/rules/${encodeURIComponent(ruleId)}/preview?${qs.toString()}`);
if (!resp.ok) {
const body = await resp.json().catch(() => ({ error: resp.statusText }));
out.innerHTML = `<p class="admin-rules-hint admin-rules-hint-error">${esc(body.error || (t("admin.rules.edit.preview.error") || "Preview fehlgeschlagen."))}</p>`;

100
frontend/src/client/admin-rules-export.ts Normal file
View File

@@ -0,0 +1,100 @@
import { initI18n, t } from "./i18n";
import { initSidebar } from "./sidebar";
// admin-rules-export.ts — /admin/rules/export. Calls
// GET /admin/api/rules/export-migrations[?since=<uuid>] and renders the
// SQL blob server-side. Download builds a Blob URL and triggers a
// fake <a> click; copy uses navigator.clipboard.
interface ExportResult {
migration_sql: string;
count: number;
latest_audit_id: string;
}
let latest: ExportResult | null = null;
function showFeedback(msg: string, isError: boolean) {
const el = document.getElementById("export-feedback") as HTMLElement | null;
if (!el) return;
el.textContent = msg;
el.className = "form-msg " + (isError ? "form-msg-error" : "form-msg-success");
el.style.display = "block";
if (!isError) setTimeout(() => { el.style.display = "none"; }, 4000);
}
async function runExport() {
const since = (document.getElementById("export-since") as HTMLInputElement).value.trim();
const qs = new URLSearchParams();
if (since) qs.set("since", since);
const url = "/admin/api/rules/export-migrations" + (qs.toString() ? "?" + qs.toString() : "");
const out = document.getElementById("export-output") as HTMLElement;
const summary = document.getElementById("export-summary") as HTMLElement;
const dl = document.getElementById("export-download") as HTMLElement;
const cp = document.getElementById("export-copy") as HTMLElement;
out.textContent = t("admin.rules.export.running") || "Lade...";
summary.style.display = "none";
dl.style.display = "none";
cp.style.display = "none";
const resp = await fetch(url);
if (!resp.ok) {
const body = await resp.json().catch(() => ({ error: resp.statusText }));
showFeedback(body.error || (t("admin.rules.export.error") || "Export fehlgeschlagen."), true);
out.textContent = "";
return;
}
latest = await resp.json() as ExportResult;
out.textContent = latest.migration_sql;
summary.style.display = "";
const countEl = document.getElementById("export-summary-count") as HTMLElement;
const latestEl = document.getElementById("export-summary-latest") as HTMLElement;
countEl.textContent = (t("admin.rules.export.count") || "Audit-Zeilen: {n}").replace("{n}", String(latest.count));
if (latest.latest_audit_id) {
latestEl.textContent = (t("admin.rules.export.latest") || "Letzte Audit-ID: {id}").replace("{id}", latest.latest_audit_id);
} else {
latestEl.textContent = "";
}
if (latest.count > 0) {
dl.style.display = "";
cp.style.display = "";
showFeedback((t("admin.rules.export.ok") || "{n} Audit-Zeilen exportiert.").replace("{n}", String(latest.count)), false);
} else {
showFeedback(t("admin.rules.export.no_pending") || "Keine offenen Audit-Zeilen zum Export.", false);
}
}
function downloadFile() {
if (!latest) return;
const ts = new Date().toISOString().replace(/[:.]/g, "-").slice(0, 19);
const name = `rules-export-${ts}.up.sql`;
const blob = new Blob([latest.migration_sql], { type: "application/sql" });
const url = URL.createObjectURL(blob);
const a = document.createElement("a");
a.href = url;
a.download = name;
document.body.appendChild(a);
a.click();
document.body.removeChild(a);
URL.revokeObjectURL(url);
}
async function copyToClipboard() {
if (!latest) return;
try {
await navigator.clipboard.writeText(latest.migration_sql);
showFeedback(t("admin.rules.export.copied") || "In Zwischenablage kopiert.", false);
} catch (e) {
showFeedback(t("admin.rules.export.copy_failed") || "Kopieren fehlgeschlagen.", true);
}
}
function init() {
initI18n();
initSidebar();
(document.getElementById("export-run") as HTMLElement).addEventListener("click", runExport);
(document.getElementById("export-download") as HTMLElement).addEventListener("click", downloadFile);
(document.getElementById("export-copy") as HTMLElement).addEventListener("click", copyToClipboard);
}
document.addEventListener("DOMContentLoaded", init);

12
frontend/src/client/admin-rules-list.ts
View File

@@ -1,10 +1,10 @@
import { initI18n, onLangChange, t, tDyn, getLang } from "./i18n";
import { initSidebar } from "./sidebar";
// admin-rules-list.ts — /admin/procedural-events. Drives the rule table (filterable
// admin-rules-list.ts — /admin/rules. Drives the rule table (filterable
// by proceeding type, trigger event, lifecycle state, free-text query)
// plus the Orphans tab (Slice 10 backfill staging rows). Row click on
// a rule routes to /admin/procedural-events/{id}/edit; orphan cards have their own
// a rule routes to /admin/rules/{id}/edit; orphan cards have their own
// "Pick" affordance with an inline reason prompt that posts to
// /admin/api/orphans/{id}/resolve.
@@ -145,7 +145,7 @@ function buildFilterURL(): string {
if (activeLifecycle) qs.set("lifecycle_state", activeLifecycle);
if (activeQuery) qs.set("q", activeQuery);
qs.set("limit", "500");
return "/admin/api/procedural-events?" + qs.toString();
return "/admin/api/rules?" + qs.toString();
}
async function loadProceedings(): Promise<void> {
@@ -248,7 +248,7 @@ function renderRulesTable() {
if (target && (target.closest("a") || target.closest("button"))) return;
const id = row.dataset.rowId;
if (!id) return;
window.location.href = `/admin/procedural-events/${encodeURIComponent(id)}/edit`;
window.location.href = `/admin/rules/${encodeURIComponent(id)}/edit`;
});
});
}
@@ -392,7 +392,7 @@ async function submitReasonModal(ev: Event) {
submit.disabled = false;
return;
}
const resp = await fetch("/admin/api/procedural-events", {
const resp = await fetch("/admin/api/rules", {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({
@@ -416,7 +416,7 @@ async function submitReasonModal(ev: Event) {
return;
}
const created = await resp.json();
window.location.href = `/admin/procedural-events/${encodeURIComponent(created.id)}/edit`;
window.location.href = `/admin/rules/${encodeURIComponent(created.id)}/edit`;
return;
}

429
frontend/src/client/admin-submission-building-blocks.ts
View File

@@ -1,429 +0,0 @@
import { initI18n, t, getLang } from "./i18n";
import { initSidebar } from "./sidebar";
function isEN(): boolean { return getLang() === "en"; }
// /admin/submission-building-blocks — Composer building-blocks admin
// editor (t-paliad-315 Slice C). Three-pane layout: list → editor →
// version log. CRUD via /api/admin/submission-building-blocks/*.
//
// Per Q2 ratification (m, 2026-05-26): building blocks are plain text
// paste sources. The editor here is curator-only — no per-section
// lineage to surface, no "where is this block used" view.
interface BuildingBlockJSON {
id: string;
slug: string;
firm?: string | null;
section_key: string;
proceeding_family?: string | null;
title_de: string;
title_en: string;
description_de?: string | null;
description_en?: string | null;
content_md_de: string;
content_md_en: string;
author_id?: string | null;
visibility: string;
is_published: boolean;
created_at: string;
updated_at: string;
}
interface VersionJSON {
id: string;
building_block_id: string;
content_md_de: string;
content_md_en: string;
title_de: string;
title_en: string;
edited_by?: string | null;
note?: string | null;
created_at: string;
}
const VISIBILITIES = ["private", "team", "firm", "global"];
// Section keys must match what the Composer base spec declares for
// each section (see internal/db/migrations/146_submission_bases.up.sql).
const SECTION_KEYS = [
"letterhead", "caption", "introduction", "requests",
"facts", "legal_argument", "evidence", "exhibits",
"closing", "signature",
];
const state = {
blocks: [] as BuildingBlockJSON[],
selectedID: null as string | null,
versions: [] as VersionJSON[],
dirty: false,
};
async function boot(): Promise<void> {
initI18n();
initSidebar();
await loadList();
document.getElementById("admin-bb-new-btn")?.addEventListener("click", onNew);
}
async function loadList(): Promise<void> {
try {
const res = await fetch("/api/admin/submission-building-blocks", { credentials: "include" });
if (!res.ok) {
feedback(`HTTP ${res.status}`, true);
return;
}
const body = await res.json() as { blocks?: BuildingBlockJSON[] };
state.blocks = body.blocks ?? [];
paintList();
} catch (err) {
feedback(String(err), true);
}
}
function paintList(): void {
const host = document.getElementById("admin-bb-list");
if (!host) return;
host.innerHTML = "";
if (state.blocks.length === 0) {
const empty = document.createElement("p");
empty.className = "admin-bb-empty";
empty.textContent = isEN() ? "No blocks yet." : "Noch keine Bausteine.";
host.appendChild(empty);
return;
}
for (const b of state.blocks) {
const row = document.createElement("button");
row.type = "button";
row.className = "admin-bb-list-row";
if (b.id === state.selectedID) row.classList.add("admin-bb-list-row--active");
const title = isEN() ? b.title_en : b.title_de;
row.innerHTML = `
<span class="admin-bb-list-title">${escapeHTML(title || b.slug)}</span>
<span class="admin-bb-list-meta">
<span class="admin-bb-list-section">${escapeHTML(b.section_key)}</span>
<span class="admin-bb-list-vis admin-bb-list-vis--${escapeHTML(b.visibility)}">${escapeHTML(b.visibility)}</span>
${b.is_published ? "" : `<span class="admin-bb-list-draft">${isEN() ? "draft" : "Entwurf"}</span>`}
</span>`;
row.addEventListener("click", () => onSelect(b.id));
host.appendChild(row);
}
}
async function onSelect(id: string): Promise<void> {
state.selectedID = id;
state.dirty = false;
paintList();
const b = state.blocks.find(x => x.id === id);
if (!b) return;
paintEditor(b);
await loadVersions(id);
}
function onNew(): void {
state.selectedID = null;
state.versions = [];
state.dirty = false;
paintList();
paintEditor(null);
paintVersions();
}
function paintEditor(b: BuildingBlockJSON | null): void {
const host = document.getElementById("admin-bb-editor");
if (!host) return;
const isNew = b === null;
const data = b ?? {
id: "",
slug: "",
firm: "",
section_key: "requests",
proceeding_family: "",
title_de: "",
title_en: "",
description_de: "",
description_en: "",
content_md_de: "",
content_md_en: "",
visibility: "firm",
is_published: false,
} as Partial<BuildingBlockJSON>;
host.innerHTML = "";
const form = document.createElement("form");
form.className = "admin-bb-form";
form.addEventListener("submit", (e) => { e.preventDefault(); onSave(isNew); });
form.appendChild(textField("slug", isEN() ? "Slug" : "Slug", data.slug ?? "", true));
form.appendChild(textField("firm", "Firm", data.firm ?? "", false, isEN() ? "leer = firmenagnostisch" : "leer = firmenagnostisch"));
form.appendChild(selectField("section_key", isEN() ? "Section key" : "Abschnitts-Slug", data.section_key ?? "requests", SECTION_KEYS, false));
form.appendChild(textField("proceeding_family", isEN() ? "Proceeding family" : "Verfahrensfamilie", data.proceeding_family ?? "", false, "z. B. de.inf.lg"));
form.appendChild(textField("title_de", "Titel (DE)", data.title_de ?? "", true));
form.appendChild(textField("title_en", "Title (EN)", data.title_en ?? "", true));
form.appendChild(textareaField("description_de", "Beschreibung (DE)", data.description_de ?? "", 2));
form.appendChild(textareaField("description_en", "Description (EN)", data.description_en ?? "", 2));
form.appendChild(textareaField("content_md_de", isEN() ? "Content (DE Markdown)" : "Inhalt (DE Markdown)", data.content_md_de ?? "", 10));
form.appendChild(textareaField("content_md_en", isEN() ? "Content (EN Markdown)" : "Inhalt (EN Markdown)", data.content_md_en ?? "", 10));
form.appendChild(selectField("visibility", isEN() ? "Visibility" : "Sichtbarkeit", data.visibility ?? "firm", VISIBILITIES, false));
form.appendChild(checkboxField("is_published", isEN() ? "Published" : "Veröffentlicht", Boolean(data.is_published)));
if (!isNew) {
form.appendChild(textField("note", isEN() ? "Save note (optional)" : "Speicher-Notiz (optional)", "", false));
}
const actions = document.createElement("div");
actions.className = "admin-bb-form-actions";
const save = document.createElement("button");
save.type = "submit";
save.className = "btn-primary btn-cta-lime";
save.textContent = isEN() ? "Save" : "Speichern";
actions.appendChild(save);
if (!isNew) {
const del = document.createElement("button");
del.type = "button";
del.className = "btn-link-danger";
del.textContent = isEN() ? "Delete" : "Löschen";
del.addEventListener("click", () => onDelete());
actions.appendChild(del);
}
form.appendChild(actions);
host.appendChild(form);
}
function textField(name: string, label: string, value: string, required: boolean, hint?: string): HTMLElement {
const wrap = document.createElement("label");
wrap.className = "admin-bb-form-row";
const lab = document.createElement("span");
lab.textContent = label + (required ? " *" : "");
wrap.appendChild(lab);
const input = document.createElement("input");
input.type = "text";
input.name = name;
input.className = "entity-form-input";
input.value = value;
if (required) input.required = true;
wrap.appendChild(input);
if (hint) {
const h = document.createElement("small");
h.className = "admin-bb-form-hint";
h.textContent = hint;
wrap.appendChild(h);
}
return wrap;
}
function textareaField(name: string, label: string, value: string, rows: number): HTMLElement {
const wrap = document.createElement("label");
wrap.className = "admin-bb-form-row";
const lab = document.createElement("span");
lab.textContent = label;
wrap.appendChild(lab);
const ta = document.createElement("textarea");
ta.name = name;
ta.className = "entity-form-input";
ta.rows = rows;
ta.value = value;
wrap.appendChild(ta);
return wrap;
}
function selectField(name: string, label: string, value: string, options: string[], required: boolean): HTMLElement {
const wrap = document.createElement("label");
wrap.className = "admin-bb-form-row";
const lab = document.createElement("span");
lab.textContent = label + (required ? " *" : "");
wrap.appendChild(lab);
const sel = document.createElement("select");
sel.name = name;
sel.className = "entity-form-input";
for (const opt of options) {
const o = document.createElement("option");
o.value = opt;
o.textContent = opt;
if (opt === value) o.selected = true;
sel.appendChild(o);
}
wrap.appendChild(sel);
return wrap;
}
function checkboxField(name: string, label: string, value: boolean): HTMLElement {
const wrap = document.createElement("label");
wrap.className = "admin-bb-form-row admin-bb-form-row--checkbox";
const input = document.createElement("input");
input.type = "checkbox";
input.name = name;
input.checked = value;
wrap.appendChild(input);
const lab = document.createElement("span");
lab.textContent = label;
wrap.appendChild(lab);
return wrap;
}
async function onSave(isNew: boolean): Promise<void> {
const form = document.querySelector(".admin-bb-form") as HTMLFormElement | null;
if (!form) return;
const data = new FormData(form);
const payload: Record<string, unknown> = {};
for (const key of ["slug", "section_key", "title_de", "title_en", "content_md_de", "content_md_en", "visibility"]) {
const v = data.get(key);
if (v !== null) payload[key] = String(v);
}
for (const key of ["firm", "proceeding_family", "description_de", "description_en"]) {
const v = data.get(key);
if (v !== null) {
const s = String(v).trim();
payload[key] = s === "" ? null : s;
}
}
payload.is_published = (data.get("is_published") === "on");
if (!isNew) {
const note = data.get("note");
if (note) payload.note = String(note);
}
try {
const url = isNew
? "/api/admin/submission-building-blocks"
: `/api/admin/submission-building-blocks/${state.selectedID}`;
const method = isNew ? "POST" : "PATCH";
const res = await fetch(url, {
method,
credentials: "include",
headers: { "Content-Type": "application/json" },
body: JSON.stringify(payload),
});
if (!res.ok) {
const body = await res.json().catch(() => ({} as { error?: string }));
feedback(body.error ?? `HTTP ${res.status}`, true);
return;
}
const saved = await res.json() as BuildingBlockJSON;
feedback(isEN() ? "Saved." : "Gespeichert.", false);
await loadList();
state.selectedID = saved.id;
paintList();
paintEditor(saved);
await loadVersions(saved.id);
} catch (err) {
feedback(String(err), true);
}
}
async function onDelete(): Promise<void> {
if (!state.selectedID) return;
const sure = confirm(isEN() ? "Delete this block?" : "Diesen Baustein löschen?");
if (!sure) return;
try {
const res = await fetch(`/api/admin/submission-building-blocks/${state.selectedID}`, {
method: "DELETE",
credentials: "include",
});
if (!res.ok && res.status !== 204) {
feedback(`HTTP ${res.status}`, true);
return;
}
feedback(isEN() ? "Deleted." : "Gelöscht.", false);
state.selectedID = null;
await loadList();
paintEditor(null);
state.versions = [];
paintVersions();
} catch (err) {
feedback(String(err), true);
}
}
async function loadVersions(blockID: string): Promise<void> {
try {
const res = await fetch(`/api/admin/submission-building-blocks/${blockID}/versions`, { credentials: "include" });
if (!res.ok) {
state.versions = [];
paintVersions();
return;
}
const body = await res.json() as { versions?: VersionJSON[] };
state.versions = body.versions ?? [];
paintVersions();
} catch {
state.versions = [];
paintVersions();
}
}
function paintVersions(): void {
const host = document.getElementById("admin-bb-versions");
if (!host) return;
host.innerHTML = "";
if (state.versions.length === 0) return;
const h = document.createElement("h3");
h.textContent = isEN() ? "History" : "Verlauf";
host.appendChild(h);
for (const v of state.versions) {
const row = document.createElement("div");
row.className = "admin-bb-version-row";
const date = new Date(v.created_at).toLocaleString();
row.innerHTML = `
<div class="admin-bb-version-meta">${escapeHTML(date)}${escapeHTML(v.note ?? "")}</div>`;
const btn = document.createElement("button");
btn.type = "button";
btn.className = "btn-small btn-secondary";
btn.textContent = isEN() ? "Restore" : "Wiederherstellen";
btn.addEventListener("click", () => onRestore(v.id));
row.appendChild(btn);
host.appendChild(row);
}
}
async function onRestore(versionID: string): Promise<void> {
if (!state.selectedID) return;
try {
const res = await fetch(
`/api/admin/submission-building-blocks/${state.selectedID}/restore/${versionID}`,
{ method: "POST", credentials: "include" },
);
if (!res.ok) {
feedback(`HTTP ${res.status}`, true);
return;
}
const restored = await res.json() as BuildingBlockJSON;
feedback(isEN() ? "Restored." : "Wiederhergestellt.", false);
paintEditor(restored);
await loadVersions(restored.id);
await loadList();
} catch (err) {
feedback(String(err), true);
}
}
function feedback(msg: string, isError: boolean): void {
const host = document.getElementById("admin-bb-feedback");
if (!host) return;
host.style.display = "";
host.className = "form-msg " + (isError ? "form-msg--error" : "form-msg--ok");
host.textContent = msg;
if (!isError) {
setTimeout(() => { host.style.display = "none"; }, 3000);
}
}
function escapeHTML(s: string): string {
return s
.replace(/&/g, "&amp;")
.replace(/</g, "&lt;")
.replace(/>/g, "&gt;")
.replace(/"/g, "&quot;")
.replace(/'/g, "&#39;");
}
// Silence unused-import warning when t() isn't called directly — i18n
// is initialised so data-i18n attrs render on first paint.
void t;
if (document.readyState === "loading") {
document.addEventListener("DOMContentLoaded", boot);
} else {
void boot();
}

126
frontend/src/client/filter-bar/compute-effective.test.ts
View File

@@ -1,126 +0,0 @@
// Unit tests for the FilterBar's computeEffective() overlay. These pin
// the contract that any chip the user clicks ends up as a predicate the
// server can see — the t-paliad-283 regression had four sources picking
// up zero narrowing for /views/any because the bar's chip click didn't
// produce a non-empty `filter.predicates` for that source.
//
// Run with `bun test`.
import { test, expect, describe } from "bun:test";
import { computeEffective } from "./index";
import type { FilterSpec, RenderSpec } from "../views/types";
import type { BarState } from "./types";
// Mirrors paliad.user_views row {slug: "any"} — the saved Custom View
// that triggered the t-paliad-283 regression report.
const ANY_VIEW_FILTER: FilterSpec = {
version: 1,
sources: ["deadline", "appointment", "project_event", "approval_request"],
scope: { projects: { mode: "all_visible" } },
time: { field: "auto", horizon: "past_30d" },
};
const ANY_VIEW_RENDER: RenderSpec = {
shape: "list",
list: { sort: "date_asc", density: "comfortable" },
};
describe("filter-bar/computeEffective — /views/any (all 4 sources)", () => {
test("empty state leaves base spec intact (no overlays)", () => {
const eff = computeEffective(ANY_VIEW_FILTER, ANY_VIEW_RENDER, {});
expect(eff.filter.sources).toEqual([
"deadline", "appointment", "project_event", "approval_request",
]);
expect(eff.filter.time).toEqual({ field: "auto", horizon: "past_30d" });
// predicates may be {} (the bar zero-fills it) but never carries a
// stray narrowing on any source — that would silently filter
// results the user never asked to filter.
for (const src of ANY_VIEW_FILTER.sources) {
expect(eff.filter.predicates?.[src]).toBeUndefined();
}
});
test("deadline_status chip narrows deadline predicate", () => {
const state: BarState = { deadline_status: ["pending"] };
const eff = computeEffective(ANY_VIEW_FILTER, ANY_VIEW_RENDER, state);
expect(eff.filter.predicates?.deadline?.status).toEqual(["pending"]);
});
test("appointment_type chip narrows appointment predicate", () => {
const state: BarState = { appointment_type: ["hearing"] };
const eff = computeEffective(ANY_VIEW_FILTER, ANY_VIEW_RENDER, state);
expect(eff.filter.predicates?.appointment?.appointment_types).toEqual(["hearing"]);
});
test("approval_viewer_role chip narrows approval predicate", () => {
const state: BarState = { approval_viewer_role: "any_visible" };
const eff = computeEffective(ANY_VIEW_FILTER, ANY_VIEW_RENDER, state);
expect(eff.filter.predicates?.approval_request?.viewer_role).toBe("any_visible");
});
test("approval_status chip narrows approval predicate", () => {
const state: BarState = { approval_status: ["pending", "approved"] };
const eff = computeEffective(ANY_VIEW_FILTER, ANY_VIEW_RENDER, state);
expect(eff.filter.predicates?.approval_request?.status).toEqual(["pending", "approved"]);
});
test("approval_entity_type chip narrows approval predicate", () => {
const state: BarState = { approval_entity_type: ["deadline"] };
const eff = computeEffective(ANY_VIEW_FILTER, ANY_VIEW_RENDER, state);
expect(eff.filter.predicates?.approval_request?.entity_types).toEqual(["deadline"]);
});
test("project_event_kind chip narrows project_event predicate", () => {
const state: BarState = { project_event_kind: ["deadline_created"] };
const eff = computeEffective(ANY_VIEW_FILTER, ANY_VIEW_RENDER, state);
expect(eff.filter.predicates?.project_event?.event_types).toEqual(["deadline_created"]);
});
test("time chip overrides base horizon", () => {
const state: BarState = { time: { horizon: "past_7d" } };
const eff = computeEffective(ANY_VIEW_FILTER, ANY_VIEW_RENDER, state);
expect(eff.filter.time.horizon).toBe("past_7d");
expect(eff.filter.time.field).toBe("auto"); // preserved from base
});
test("personal_only chip flips scope flag", () => {
const state: BarState = { personal_only: true };
const eff = computeEffective(ANY_VIEW_FILTER, ANY_VIEW_RENDER, state);
expect(eff.filter.scope.personal_only).toBe(true);
});
test("multiple chips combine into the same effective spec", () => {
const state: BarState = {
time: { horizon: "past_7d" },
deadline_status: ["pending"],
appointment_type: ["hearing"],
approval_status: ["pending"],
project_event_kind: ["deadline_created"],
};
const eff = computeEffective(ANY_VIEW_FILTER, ANY_VIEW_RENDER, state);
expect(eff.filter.time.horizon).toBe("past_7d");
expect(eff.filter.predicates?.deadline?.status).toEqual(["pending"]);
expect(eff.filter.predicates?.appointment?.appointment_types).toEqual(["hearing"]);
expect(eff.filter.predicates?.approval_request?.status).toEqual(["pending"]);
expect(eff.filter.predicates?.project_event?.event_types).toEqual(["deadline_created"]);
});
test("overlay does not mutate the caller's base filter", () => {
const base: FilterSpec = JSON.parse(JSON.stringify(ANY_VIEW_FILTER));
const state: BarState = { deadline_status: ["pending"], time: { horizon: "past_7d" } };
computeEffective(base, ANY_VIEW_RENDER, state);
// The bar deep-clones; the base must come back unchanged so a
// second click doesn't compound the previous click's overlay.
expect(base).toEqual(ANY_VIEW_FILTER);
});
test("inbox-only axes do not affect a /views/any spec (no inbox axis exposed)", () => {
// /views/any's axes don't include unread_only or inbox_focus, so
// those keys never appear in state. Verify that even if they did,
// the bar's overlay doesn't silently mutate sources or predicates
// in a way that would break a 4-source Custom View.
const eff = computeEffective(ANY_VIEW_FILTER, ANY_VIEW_RENDER, {});
expect(eff.filter.sources).toHaveLength(4);
expect(eff.filter.unread_only ?? false).toBe(false);
});
});

143
frontend/src/client/i18n.ts
View File

@@ -79,7 +79,7 @@ const translations: Record<Lang, Record<string, string>> = {
"changelog.tag.fix": "Fix",
// Footer
"footer.text": "\u00a9 2026 Paliad \u2014 by",
"footer.text": "\u00a9 2026 Paliad \u2014 ein Werkzeug von",
// Landing page
"index.title": `Paliad \u2014 Patent Litigation f\u00fcr ${FIRM}`,
@@ -237,13 +237,6 @@ const translations: Record<Lang, Record<string, string>> = {
"deadlines.upc.disc.cfi": "Bucheinsicht",
"deadlines.upc.apl.cost": "Berufung Kosten",
"deadlines.upc.apl.order": "Berufung Anordnungen",
"deadlines.upc.apl.unified": "Berufung",
"deadlines.appeal_target.label": "Worauf richtet sich die Berufung?",
"deadlines.appeal_target.endentscheidung": "Endentscheidung",
"deadlines.appeal_target.kostenentscheidung": "Kostenentscheidung",
"deadlines.appeal_target.anordnung": "Anordnung",
"deadlines.appeal_target.schadensbemessung": "Schadensbemessung",
"deadlines.appeal_target.bucheinsicht": "Bucheinsicht",
"deadlines.de.group.inf": "Verletzungsverfahren",
"deadlines.de.group.null": "Nichtigkeitsverfahren",
"deadlines.de.inf.lg": "LG (1. Instanz)",
@@ -261,8 +254,6 @@ const translations: Record<Lang, Record<string, string>> = {
"deadlines.party.both.label": "beide Seiten",
"deadlines.court.set": "vom Gericht bestimmt",
"deadlines.court.indirect": "unbestimmt",
"deadlines.conditional.depends_on": "abhängig von {parent}",
"deadlines.conditional.unset": "abhängig von vorgelagertem Ereignis",
"deadlines.optional.badge": "auf Antrag",
"deadlines.priority.mandatory": "Pflicht",
"deadlines.priority.recommended": "empfohlen",
@@ -312,13 +303,10 @@ const translations: Record<Lang, Record<string, string>> = {
"deadlines.view.timeline": "Zeitstrahl",
"deadlines.view.columns": "Spalten",
"deadlines.notes.show": "Hinweise anzeigen",
"deadlines.durations.show": "Dauern anzeigen",
"deadlines.col.ours": "Unsere Seite",
"deadlines.col.court": "Gericht",
"deadlines.col.opponent": "Gegnerseite",
"deadlines.col.both": "Beide Parteien",
"deadlines.col.proactive": "Proaktiv",
"deadlines.col.reactive": "Reaktiv",
// t-paliad-265 — per-event-card choice popover (Verfahrensablauf timeline)
"choices.caret.title": "Optionen für dieses Ereignis",
"choices.appellant.title": "Berufung durch …",
@@ -337,14 +325,6 @@ const translations: Record<Lang, Record<string, string>> = {
"choices.include_ccr.chip": "mit Nichtigkeitswiderklage",
"choices.reset": "Auswahl zurücksetzen",
"choices.commit.error": "Konnte Auswahl nicht speichern",
// t-paliad-290 (m/paliad#122) — re-surface hidden optional cards.
"choices.show_hidden.label": "Ausgeblendete anzeigen",
"choices.show_hidden.count": "Ausgeblendete ({n})",
"choices.unhide.chip": "Wieder einblenden",
// t-paliad-293 \u2014 iconified state markers on the Verfahrensablauf
// event cards. Tooltip-only text; the glyph is the primary signal.
"state.optional.tooltip": "Optionales Ereignis",
"state.hidden.tooltip": "Ausgeblendet \u2014 \u00fcber Optionen-Men\u00fc wieder einblenden",
// Trigger-event mode (PR-2 \u2014 youpc-parity)
"deadlines.mode.procedure": "Verfahrensablauf",
"deadlines.mode.event": "Was kommt nach\u2026",
@@ -459,10 +439,13 @@ const translations: Record<Lang, Record<string, string>> = {
"deadlines.side.label": "Seite:",
"deadlines.side.claimant": "Klägerseite",
"deadlines.side.defendant": "Beklagtenseite",
"deadlines.side.undefined": "Nicht festgelegt",
"deadlines.side.both": "Beide",
"deadlines.side.from_project": "Aus Akte:",
"deadlines.side.override": "Andere Seite wählen",
"deadlines.side.hint": "Wählen Sie eine Seite, um die Spalten zu fokussieren.",
"deadlines.appellant.label": "Berufung durch:",
"deadlines.appellant.claimant": "Klägerseite",
"deadlines.appellant.defendant": "Beklagtenseite",
"deadlines.appellant.none": "—",
"deadlines.event.composite.label": "Zusammengesetzt:",
"deadlines.event.unit.days.one": "Tag",
"deadlines.event.unit.days.many": "Tage",
@@ -1514,24 +1497,7 @@ const translations: Record<Lang, Record<string, string>> = {
// t-paliad-277 — import-from-project + party-picker.
"submissions.draft.import.button": "Aus Projekt importieren",
"submissions.draft.parties.title": "Parteien",
"submissions.draft.parties.hint": "Wählen Sie die im Schriftsatz genannten Parteien oder fügen Sie pro Seite weitere hinzu.",
// t-paliad-276 — DE/EN language toggle on the draft editor.
"submissions.draft.language": "Sprache",
"submissions.draft.language.de": "DE",
"submissions.draft.language.en": "EN",
"submissions.draft.language.fallback_notice": "Fallback: universelles Skelett (keine sprachspezifische Vorlage).",
// t-paliad-313 (m/paliad#141) Composer Slice A — base picker + section list.
"submissions.draft.base.label": "Vorlagenbasis",
"submissions.draft.base.hint": "Steuert Schriftarten, Briefkopf und Abschnitts-Defaults.",
"submissions.draft.sections.title": "Abschnitte",
"submissions.draft.sections.hint": "Inhalt pro Abschnitt — Autosave nach 500 ms. Letztes Layout in Word.",
// t-paliad-315 (m/paliad#141) Composer Slice C — building blocks admin.
"admin.building_blocks.title": "Bausteine — Paliad",
"admin.building_blocks.heading": "Bausteine",
"admin.building_blocks.subtitle": "Wiederverwendbare Textbausteine für Composer-Abschnitte.",
"admin.building_blocks.loading": "Lädt…",
"admin.building_blocks.action.new": "+ Neuer Baustein",
"admin.building_blocks.editor.empty": "Wählen Sie einen Baustein aus der Liste — oder erstellen Sie einen neuen.",
"submissions.draft.parties.hint": "Wählen Sie aus, welche Parteien im Schriftsatz genannt werden sollen.",
// t-paliad-240 — global Schriftsätze drafts index page.
"submissions.index.title": "Schriftsätze — Paliad",
"submissions.index.heading": "Schriftsätze",
@@ -2905,12 +2871,12 @@ const translations: Record<Lang, Record<string, string>> = {
// t-paliad-192 Slice 11b — Admin rule-editor UI.
// t-paliad-262 Slice A — "Regel" relabelled as "Verfahrensschritt".
// t-paliad-305 Slice B.6 (2026-05-26) — canonical URL moved to
// `/admin/procedural-events` (301 redirects from /admin/rules*).
// The i18n keys `admin.rules.*` are kept as the corpus until a
// follow-up slice migrates each reference; canonical
// `admin.procedural_events.*` aliases live after the EN block.
// The admin URL `/admin/rules` and i18n key prefix `admin.rules.*` stay
// (URL change is Slice B.6); the visible labels rename. Canonical
// `admin.procedural_events.*` aliases live after the EN block — they
// pin the contract for when .tsx files rebind in Slice B (B.5).
"nav.admin.rules": "Verfahrensschritte verwalten",
"nav.admin.rules_export": "Verfahrensschritt-Migrations",
"admin.card.rules.title": "Verfahrensschritte verwalten",
"admin.card.rules.desc": "Verfahrensschritte anlegen, bearbeiten, publishen. Audit-Log, Preview, Migration-Export.",
@@ -2918,6 +2884,7 @@ const translations: Record<Lang, Record<string, string>> = {
"admin.rules.list.heading": "Verfahrensschritte verwalten",
"admin.rules.list.subtitle": "Verfahrensschritte (Schriftsätze, Anhörungen, Entscheidungen, …) anlegen, bearbeiten und freigeben. Lifecycle: draft → published → archived.",
"admin.rules.list.new": "+ Neuer Verfahrensschritt",
"admin.rules.list.export": "Migrations exportieren",
"admin.rules.tab.rules": "Regeln",
"admin.rules.tab.orphans": "Orphans",
"admin.rules.loading": "Lade…",
@@ -3079,6 +3046,23 @@ const translations: Record<Lang, Record<string, string>> = {
"admin.rules.edit.modal.restore.title": "Wiederherstellen",
"admin.rules.edit.modal.restore.body": "Regel wird wiederhergestellt (archived → published).",
"admin.rules.export.title": "Regel-Migrations exportieren — Paliad",
"admin.rules.export.heading": "Regel-Migrations exportieren",
"admin.rules.export.subtitle": "Generiert ein *.up.sql-Blob mit allen unsynchronisierten Audit-Veränderungen. Manuell in internal/db/migrations/ einchecken.",
"admin.rules.export.breadcrumb": "← Regeln verwalten",
"admin.rules.export.field.since": "Startend ab Audit-ID (optional)",
"admin.rules.export.run": "Export generieren",
"admin.rules.export.running": "Lade…",
"admin.rules.export.download": "Als Datei herunterladen",
"admin.rules.export.copy": "In Zwischenablage kopieren",
"admin.rules.export.copied": "In Zwischenablage kopiert.",
"admin.rules.export.copy_failed": "Kopieren fehlgeschlagen.",
"admin.rules.export.count": "Audit-Zeilen: {n}",
"admin.rules.export.latest": "Letzte Audit-ID: {id}",
"admin.rules.export.ok": "{n} Audit-Zeilen exportiert.",
"admin.rules.export.error": "Export fehlgeschlagen.",
"admin.rules.export.no_pending": "Keine offenen Audit-Zeilen zum Export.",
// Date-range picker (t-paliad-248). Symmetric past/future chip fan
// around an ALLES centre. Used by the filter-bar 'time' axis from
// Slice A onwards; future slices will migrate /agenda and
@@ -3187,7 +3171,7 @@ const translations: Record<Lang, Record<string, string>> = {
"changelog.tag.fix": "Fix",
// Footer
"footer.text": "\u00a9 2026 Paliad \u2014 by",
"footer.text": "\u00a9 2026 Paliad \u2014 a tool by",
// Landing page
"index.title": `Paliad \u2014 Patent Litigation for ${FIRM}`,
@@ -3344,13 +3328,6 @@ const translations: Record<Lang, Record<string, string>> = {
"deadlines.upc.dmgs.cfi": "Damages Determination",
"deadlines.upc.disc.cfi": "Lay-open Books",
"deadlines.upc.apl.cost": "Cost-Decision Appeal",
"deadlines.upc.apl.unified": "Appeal",
"deadlines.appeal_target.label": "Appeal against:",
"deadlines.appeal_target.endentscheidung": "Final Decision",
"deadlines.appeal_target.kostenentscheidung": "Cost Decision",
"deadlines.appeal_target.anordnung": "Order",
"deadlines.appeal_target.schadensbemessung": "Damages Determination",
"deadlines.appeal_target.bucheinsicht": "Lay-open Books",
"deadlines.upc.apl.order": "Order Appeal (15-day)",
"deadlines.de.group.inf": "Infringement proceedings",
"deadlines.de.group.null": "Nullity proceedings",
@@ -3369,8 +3346,6 @@ const translations: Record<Lang, Record<string, string>> = {
"deadlines.party.both.label": "both parties",
"deadlines.court.set": "set by court",
"deadlines.court.indirect": "tbd",
"deadlines.conditional.depends_on": "depends on {parent}",
"deadlines.conditional.unset": "depends on an upstream event",
"deadlines.optional.badge": "on request",
"deadlines.priority.mandatory": "Mandatory",
"deadlines.priority.recommended": "Recommended",
@@ -3420,13 +3395,10 @@ const translations: Record<Lang, Record<string, string>> = {
"deadlines.view.timeline": "Timeline",
"deadlines.view.columns": "Columns",
"deadlines.notes.show": "Show details",
"deadlines.durations.show": "Show durations",
"deadlines.col.ours": "Client Side",
"deadlines.col.court": "Court",
"deadlines.col.opponent": "Opponent Side",
"deadlines.col.both": "Both parties",
"deadlines.col.proactive": "Proactive",
"deadlines.col.reactive": "Reactive",
// t-paliad-265 — per-event-card choice popover (Verfahrensablauf timeline)
"choices.caret.title": "Options for this event",
"choices.appellant.title": "Appeal by …",
@@ -3445,14 +3417,6 @@ const translations: Record<Lang, Record<string, string>> = {
"choices.include_ccr.chip": "with nullity counterclaim",
"choices.reset": "Reset choice",
"choices.commit.error": "Could not save selection",
// t-paliad-290 (m/paliad#122) — re-surface hidden optional cards.
"choices.show_hidden.label": "Show hidden",
"choices.show_hidden.count": "Hidden ({n})",
"choices.unhide.chip": "Show again",
// t-paliad-293 — iconified state markers on the Verfahrensablauf
// event cards. Tooltip-only text; the glyph is the primary signal.
"state.optional.tooltip": "Optional event",
"state.hidden.tooltip": "Hidden — restore via the options menu",
"deadlines.adjusted": "Adjusted",
"deadlines.adjusted.reason": "weekend/holiday",
"deadlines.adjusted.weekend": "weekend",
@@ -3574,10 +3538,13 @@ const translations: Record<Lang, Record<string, string>> = {
"deadlines.side.label": "Side:",
"deadlines.side.claimant": "Claimant",
"deadlines.side.defendant": "Defendant",
"deadlines.side.undefined": "Undefined",
"deadlines.side.both": "Both",
"deadlines.side.from_project": "From case:",
"deadlines.side.override": "Choose other side",
"deadlines.side.hint": "Pick a side to focus the columns.",
"deadlines.appellant.label": "Appeal filed by:",
"deadlines.appellant.claimant": "Claimant",
"deadlines.appellant.defendant": "Defendant",
"deadlines.appellant.none": "—",
"deadlines.event.composite.label": "Composite:",
"deadlines.event.unit.days.one": "day",
"deadlines.event.unit.days.many": "days",
@@ -4599,28 +4566,11 @@ const translations: Record<Lang, Record<string, string>> = {
"submissions.draft.switcher.label": "Draft",
"submissions.draft.name.placeholder": "Name of this draft",
"submissions.draft.preview.title": "Preview",
// t-paliad-276 — DE/EN language toggle on the draft editor.
"submissions.draft.language": "Language",
"submissions.draft.language.de": "DE",
"submissions.draft.language.en": "EN",
"submissions.draft.language.fallback_notice": "Fallback: universal skeleton (no language-matched template).",
"submissions.draft.preview.hint": "Read-only preview — final formatting in Word.",
// t-paliad-277 — import-from-project + party-picker.
"submissions.draft.import.button": "Import from project",
"submissions.draft.parties.title": "Parties",
"submissions.draft.parties.hint": "Pick the parties mentioned in this submission, or add more per side.",
// t-paliad-313 (m/paliad#141) Composer Slice A — base picker + section list.
"submissions.draft.base.label": "Template base",
"submissions.draft.base.hint": "Drives fonts, letterhead, and section defaults.",
"submissions.draft.sections.title": "Sections",
"submissions.draft.sections.hint": "Edit per section — autosaves after 500ms. Final layout in Word.",
// t-paliad-315 (m/paliad#141) Composer Slice C — building blocks admin.
"admin.building_blocks.title": "Building blocks — Paliad",
"admin.building_blocks.heading": "Building blocks",
"admin.building_blocks.subtitle": "Reusable text snippets for Composer sections.",
"admin.building_blocks.loading": "Loading…",
"admin.building_blocks.action.new": "+ New block",
"admin.building_blocks.editor.empty": "Pick a block from the list — or create a new one.",
"submissions.draft.parties.hint": "Select which parties to mention in this submission.",
// t-paliad-240 — global submissions drafts index page.
"submissions.index.title": "Submissions — Paliad",
"submissions.index.heading": "Submissions",
@@ -5984,6 +5934,7 @@ const translations: Record<Lang, Record<string, string>> = {
// t-paliad-192 Slice 11b — Admin rule-editor UI.
// t-paliad-262 Slice A — "Rule" relabelled as "Procedural event".
"nav.admin.rules": "Manage procedural events",
"nav.admin.rules_export": "Procedural-event migrations",
"admin.card.rules.title": "Manage procedural events",
"admin.card.rules.desc": "Author, edit and publish procedural-event templates. Audit log, preview, migration export.",
@@ -5991,6 +5942,7 @@ const translations: Record<Lang, Record<string, string>> = {
"admin.rules.list.heading": "Manage procedural events",
"admin.rules.list.subtitle": "Author, edit and publish procedural events (filings, hearings, decisions, …). Lifecycle: draft → published → archived.",
"admin.rules.list.new": "+ New procedural event",
"admin.rules.list.export": "Export migrations",
"admin.rules.tab.rules": "Rules",
"admin.rules.tab.orphans": "Orphans",
"admin.rules.loading": "Loading…",
@@ -6152,6 +6104,23 @@ const translations: Record<Lang, Record<string, string>> = {
"admin.rules.edit.modal.restore.title": "Restore",
"admin.rules.edit.modal.restore.body": "Rule will be restored (archived → published).",
"admin.rules.export.title": "Export rule migrations — Paliad",
"admin.rules.export.heading": "Export rule migrations",
"admin.rules.export.subtitle": "Generates a *.up.sql blob with every un-exported audit change. Commit manually into internal/db/migrations/.",
"admin.rules.export.breadcrumb": "← Manage Rules",
"admin.rules.export.field.since": "Starting from audit id (optional)",
"admin.rules.export.run": "Generate export",
"admin.rules.export.running": "Loading…",
"admin.rules.export.download": "Download as file",
"admin.rules.export.copy": "Copy to clipboard",
"admin.rules.export.copied": "Copied to clipboard.",
"admin.rules.export.copy_failed": "Copy failed.",
"admin.rules.export.count": "Audit rows: {n}",
"admin.rules.export.latest": "Latest audit id: {id}",
"admin.rules.export.ok": "{n} audit rows exported.",
"admin.rules.export.error": "Export failed.",
"admin.rules.export.no_pending": "No pending audit rows to export.",
// Date-range picker (t-paliad-248). See DE block above for details.
"date_range.button.label": "Time range",
"date_range.button.label.custom_range": "From {from} to {to}",

1263
frontend/src/client/submission-draft.ts
View File

File diff suppressed because it is too large Load Diff

544
frontend/src/client/verfahrensablauf.ts
View File

@@ -12,6 +12,7 @@ import { initI18n, t, tDyn, getLang, onLangChange } from "./i18n";
import { initSidebar } from "./sidebar";
import {
type DeadlineResponse,
type Side,
calculateDeadlines,
escHtml,
formatDate,
@@ -23,45 +24,26 @@ import {
import {
attachEventCardChoices,
reseedChips,
currentChoices,
type EventChoice,
type ChoiceKind,
} from "./views/event-card-choices";
import {
APPEAL_TARGETS,
SCENARIO_KEYS,
type AppealTarget,
type Side,
type StorageLike,
applyFiltersToSearch,
makeMemoryStorage,
parseAppealTargetFromSearch,
parseProceedingFromSearch,
parseSideFromSearch,
parseTriggerDateFromSearch,
readBoolFlag,
readCourtId,
readEventChoices,
writeBoolFlag,
writeCourtId,
writeEventChoices,
} from "./views/verfahrensablauf-state";
let selectedType = "";
let lastResponse: DeadlineResponse | null = null;
// Perspective state. URL-driven so the view is shareable + survives
// reload:
// ?side=claimant|defendant swaps which column owns the user's
// side (proactive vs reactive label).
// Default null = claimant-on-the-left.
//
// t-paliad-301 / m/paliad#132 collapsed the duplicate ?side= +
// ?appellant= selectors into the single proactive-side picker above.
// For role-swap proceedings (Appeal / EPA Opposition / DE Revision /
// DPMA Appeal) the picker's labels swap to per-proceeding role
// strings (Berufungskläger / Berufungsbeklagter, …) via ROLE_LABELS
// below — but the underlying claimant/defendant value the engine
// consumes is unchanged.
// Perspective state (t-paliad-250 / m/paliad#81). URL-driven so the
// view is shareable and survives reload:
// ?side=claimant|defendant swaps which column owns the user's
// side (proactive vs reactive label).
// Default null = claimant-on-the-left.
// ?appellant=claimant|defendant → collapses party=both rows into the
// appellant's column (no mirror).
// Only meaningful for role-swap
// proceedings (Appeal etc.). Default
// null = legacy mirror behaviour.
let currentSide: Side = null;
let currentAppellant: Side = null;
// Project-driven auto-fill state (t-paliad-279 / m/paliad#111). When the
// page is opened with ?project=<id> and that project has our_side set,
@@ -70,21 +52,21 @@ let currentSide: Side = null;
// link, which clears this flag (radio cluster takes over again).
let sidePrefilledFromProject = false;
// Role-swap proceedings — the side picker doubles as the appellant
// axis. After t-paliad-301 collapsed the duplicate selectors, the
// engine reads "appellant" from the single side value for these
// proceedings (so a row with primary_party=both renders only in the
// chosen side's column). For first-instance proceedings (Inf, Rev,
// …) the side picker still narrows columns but doesn't collapse
// the "both" rows.
// Proceedings where one party initiates and "both" rows are role-swap
// (i.e. either party files depending on who acted at the lower
// instance). For these proceedings the appellant selector is meaningful
// — when set, "both" rows collapse to a single row in the appellant's
// column. For first-instance proceedings (Inf, Rev, …) the selector is
// hidden because there's no appellant axis.
//
// upc.apl.unified is NOT in this set since t-paliad-307: appeal
// timelines route via per-rule appealRole (engine-stamped under
// appeal_target) instead of the page-level appellant axis collapse.
// Adding upc.apl.unified here would short-circuit the appealAware
// path and re-introduce the dead side selector on upc.apl.unified
// (m/paliad#136 Bug 1).
// Today: every upc.apl.* family member plus dpma.appeal.* and
// de.inf.olg / de.inf.bgh / de.null.bgh (DE Berufung / Revision).
// Conservative — false negatives just hide a control; false positives
// would show an irrelevant control.
const APPELLANT_AXIS_PROCEEDINGS = new Set([
"upc.apl.merits",
"upc.apl.cost",
"upc.apl.order",
"de.inf.olg",
"de.inf.bgh",
"de.null.bgh",
@@ -93,127 +75,34 @@ const APPELLANT_AXIS_PROCEEDINGS = new Set([
"epa.opp.boa",
]);
// Per-proceeding role labels (t-paliad-301 / m/paliad#132 Bug A).
// Mirrors paliad.proceeding_types.role_*_label_* — the canonical
// definition lives in the DB; this map is the frontend's view of
// it. Proceedings absent from the map fall back to the generic
// "deadlines.side.claimant" / "deadlines.side.defendant" i18n keys.
//
// Keep in sync with mig 137's backfill. Adding a row here without a
// matching DB row is fine (the DB col is NULL → still falls back to
// default; UI shows the override). Adding to the DB without here
// means the UI uses defaults — harmless but inconsistent.
type RoleLabels = { proDE: string; reDE: string; proEN: string; reEN: string };
const ROLE_LABELS: Record<string, RoleLabels> = {
"upc.apl.unified": {
proDE: "Berufungskläger",
reDE: "Berufungsbeklagter",
proEN: "Appellant",
reEN: "Appellee",
},
"upc.rev.cfi": {
proDE: "Antragsteller (Nichtigkeit)",
reDE: "Antragsgegner (Nichtigkeit)",
proEN: "Revocation claimant",
reEN: "Revocation defendant",
},
"epa.opp.opd": {
proDE: "Einsprechende(r)",
reDE: "Patentinhaber(in)",
proEN: "Opponent",
reEN: "Patentee",
},
"epa.opp.boa": {
proDE: "Einsprechende(r)",
reDE: "Patentinhaber(in)",
proEN: "Opponent",
reEN: "Patentee",
},
};
// Slice B1 (m/paliad#124 §18.1) — Berufung unification.
// Proceedings that surface the appeal-target chip group. Currently
// only the unified upc.apl proceeding; future variants (e.g. de.apl)
// can opt in by adding the code here.
//
// APPEAL_TARGETS itself lives in ./views/verfahrensablauf-state so the
// pure URL parser and this page share the same canonical list.
const APPEAL_TARGET_PROCEEDINGS = new Set([
"upc.apl.unified",
]);
function hasAppealTarget(proceedingType: string): boolean {
return APPEAL_TARGET_PROCEEDINGS.has(proceedingType);
}
function hasAppellantAxis(proceedingType: string): boolean {
return APPELLANT_AXIS_PROCEEDINGS.has(proceedingType);
}
// Scenario storage — real localStorage in the browser, in-memory
// fallback when localStorage throws (private mode, disabled storage,
// etc.). All scenario writes go through this single handle so a
// failure mode is isolated to one try/catch path.
const scenarioStorage: StorageLike = makeScenarioStorage();
function makeScenarioStorage(): StorageLike {
try {
const probe = "__paliad_va_probe__";
window.localStorage.setItem(probe, "1");
window.localStorage.removeItem(probe);
return window.localStorage;
} catch {
return makeMemoryStorage();
}
function readSideFromURL(): Side {
const raw = new URLSearchParams(window.location.search).get("side");
return raw === "claimant" || raw === "defendant" ? raw : null;
}
// URL writers — all four chip params route through this single helper
// so the canonical query-string shape (no empty values, no trailing
// `?`) is enforced in one place.
function applyURLFilters(filters: {
proceeding?: string;
side?: Side;
target?: AppealTarget;
triggerDate?: string;
}): void {
function readAppellantFromURL(): Side {
const raw = new URLSearchParams(window.location.search).get("appellant");
return raw === "claimant" || raw === "defendant" ? raw : null;
}
function writeSideToURL(s: Side) {
const url = new URL(window.location.href);
const nextSearch = applyFiltersToSearch(url.search, filters);
window.history.replaceState(null, "", url.pathname + nextSearch + url.hash);
if (s === null) url.searchParams.delete("side");
else url.searchParams.set("side", s);
window.history.replaceState(null, "", url.pathname + (url.search ? url.search : "") + url.hash);
}
// t-paliad-301 / m/paliad#132: applies ROLE_LABELS to the side-row
// radio labels for the currently selected proceeding. Proceedings
// without an entry fall back to the existing
// "deadlines.side.claimant" / "deadlines.side.defendant" i18n keys.
function applyRoleLabels(proceedingType: string) {
const lang = getLang() === "en" ? "en" : "de";
const claimantSpan = document.querySelector<HTMLElement>(
"input[type=radio][name=side][value=claimant] + span"
);
const defendantSpan = document.querySelector<HTMLElement>(
"input[type=radio][name=side][value=defendant] + span"
);
if (!claimantSpan || !defendantSpan) return;
const labels = ROLE_LABELS[proceedingType];
if (labels) {
claimantSpan.textContent = lang === "en" ? labels.proEN : labels.proDE;
defendantSpan.textContent = lang === "en" ? labels.reEN : labels.reDE;
} else {
// Default — let i18n drive via data-i18n attribute. Reset to the
// canonical i18n value so a previous override doesn't stick when
// switching from upc.apl.unified back to upc.inf.cfi.
claimantSpan.textContent = t("deadlines.side.claimant");
defendantSpan.textContent = t("deadlines.side.defendant");
}
function writeAppellantToURL(a: Side) {
const url = new URL(window.location.href);
if (a === null) url.searchParams.delete("appellant");
else url.searchParams.set("appellant", a);
window.history.replaceState(null, "", url.pathname + (url.search ? url.search : "") + url.hash);
}
// Default target on first picker entry into upc.apl. m: Endentscheidung
// is the most-common appeal target; the chip group also defaults
// "Endentscheidung" checked in verfahrensablauf.tsx. Keep these two in
// sync so the URL-less default render hits the same code path.
let currentAppealTarget: AppealTarget = "";
// Per-rule anchor overrides set by the click-to-edit affordance on
// timeline / column date cells. Posted as `anchorOverrides` to the
// /api/tools/fristenrechner calc so downstream rules re-anchor off the
@@ -224,18 +113,35 @@ const anchorOverrides = new Map<string, string>();
function clearAnchorOverrides() { anchorOverrides.clear(); }
// Per-event-card choices (t-paliad-265). Unbound on this page (no
// project context). Persistence moved from URL → localStorage under
// SCENARIO_KEYS.eventChoices (t-paliad-308 / m/paliad#137) — these
// are per-user scenario tweaks, not the timeline kind, so a shared
// link should NOT leak them into the recipient's view.
let perCardChoices: EventChoice[] = readEventChoices(scenarioStorage);
// project context), so persistence is URL-only via `?event_choices=`.
// Format: comma-separated `submission_code:kind=value` tuples. Same
// idiom as `?side=` + `?appellant=`.
let perCardChoices: EventChoice[] = [];
// Show-hidden toggle (t-paliad-290 / m/paliad#122). When ON, the
// calculator re-surfaces cards whose submission_code is in the active
// skipRules set; they render faded with a "Wieder einblenden" chip.
// Persistence moved from URL → localStorage (t-paliad-308) — it's a
// per-user UX preference, not scenario state worth sharing in a link.
let showHidden = readBoolFlag(scenarioStorage, SCENARIO_KEYS.showHidden);
function readChoicesFromURL(): EventChoice[] {
const raw = new URLSearchParams(window.location.search).get("event_choices");
if (!raw) return [];
const out: EventChoice[] = [];
for (const tuple of raw.split(",")) {
const m = tuple.match(/^([^:]+):([^=]+)=(.+)$/);
if (!m) continue;
const kind = m[2] as ChoiceKind;
if (kind !== "appellant" && kind !== "include_ccr" && kind !== "skip") continue;
out.push({ submission_code: m[1], choice_kind: kind, choice_value: m[3] });
}
return out;
}
function writeChoicesToURL(choices: EventChoice[]) {
const url = new URL(window.location.href);
if (choices.length === 0) {
url.searchParams.delete("event_choices");
} else {
const enc = choices.map((c) => `${c.submission_code}:${c.choice_kind}=${c.choice_value}`).join(",");
url.searchParams.set("event_choices", enc);
}
window.history.replaceState(null, "", url.pathname + (url.search ? url.search : "") + url.hash);
}
type ProcedureView = "timeline" | "columns";
let procedureView: ProcedureView = "columns";
@@ -253,21 +159,6 @@ function writeNotesPref(on: boolean): void {
}
let showNotes = readNotesPref();
// Durations toggle (m/paliad#133, t-paliad-302) — when off (default),
// the per-rule duration label ("2 Mo. nach") only shows on hover via
// the date span's `title` attribute. When on, the label renders inline
// in the timeline meta row of every event card. Persisted in
// localStorage under its own key so the preference is independent of
// "Hinweise anzeigen".
const DURATIONS_PREF_KEY = "paliad.verfahrensablauf.durations-show";
function readDurationsPref(): boolean {
try { return localStorage.getItem(DURATIONS_PREF_KEY) === "1"; } catch { return false; }
}
function writeDurationsPref(on: boolean): void {
try { localStorage.setItem(DURATIONS_PREF_KEY, on ? "1" : "0"); } catch { /* no-op */ }
}
let showDurations = readDurationsPref();
// Jurisdiction display prefix for the proceeding-summary chip + the
// trigger-event placeholder. Same forum slugs the .proceeding-group
// `data-forum` attribute carries in verfahrensablauf.tsx /
@@ -358,13 +249,6 @@ async function doCalc() {
const overrides: Record<string, string> = {};
for (const [code, date] of anchorOverrides) overrides[code] = date;
// Slice B1 (m/paliad#124 §18.1): for the unified upc.apl Berufung,
// default to "endentscheidung" when no chip pick is stored in URL.
// For non-appeal proceedings the engine ignores opts.AppealTarget.
const appealTarget = hasAppealTarget(selectedType)
? (currentAppealTarget || "endentscheidung")
: "";
const data = await calculateDeadlines({
proceedingType: selectedType,
triggerDate,
@@ -372,34 +256,14 @@ async function doCalc() {
anchorOverrides: overrides,
courtId,
perCardChoices,
includeHidden: showHidden,
appealTarget,
});
if (seq !== calcSeq) return;
if (!data) return;
lastResponse = data;
renderResults(data);
syncHiddenBadge(data.hiddenCount ?? 0);
showStep(3);
}
// syncHiddenBadge updates the "Ausgeblendete (N)" count next to the
// toggle. Visible regardless of toggle state so the user knows whether
// there's anything to re-surface even when the toggle is OFF. Hides the
// whole row when the projection has zero hidden cards — no clutter on
// a project that's never used the skip feature. (t-paliad-290)
function syncHiddenBadge(count: number) {
const row = document.getElementById("show-hidden-row");
const badge = document.getElementById("show-hidden-count");
if (!row || !badge) return;
if (count <= 0) {
row.style.display = "none";
return;
}
row.style.display = "";
badge.textContent = tDyn("choices.show_hidden.count").replace("{n}", String(count));
}
// triggerEventLabelFor picks the user-facing "Auslösendes Ereignis"
// label from the calc response. Precedence:
//
@@ -474,22 +338,10 @@ function renderResults(data: DeadlineResponse) {
? renderColumnsBody(data, {
editable: true,
showNotes,
showDurations,
side: currentSide,
// t-paliad-301: the appellant axis collapses into the single
// side picker. For role-swap proceedings, currentSide IS the
// appellant pick (so a row with primary_party=both renders only
// in the picked side's column). For non-role-swap proceedings,
// the appellant axis is irrelevant — pass null.
appellant: hasAppellantAxis(selectedType) ? currentSide : null,
// Appeal-target proceedings get per-rule appealRole routing
// instead of the page-level appellant collapse, so the side
// selector actually splits Berufungskläger vs Berufungs-
// beklagter filings across columns. (t-paliad-307 /
// m/paliad#136 Bug 1)
appealAware: hasAppealTarget(selectedType),
appellant: hasAppellantAxis(selectedType) ? currentAppellant : null,
})
: renderTimelineBody(data, { showParty: true, editable: true, showNotes, showDurations });
: renderTimelineBody(data, { showParty: true, editable: true, showNotes });
container.innerHTML = headerHtml + noteHtml + bodyHtml;
if (printBtn) printBtn.style.display = "block";
@@ -539,7 +391,7 @@ function syncInfAmendEnabled() {
if (!ccr.checked) infAmend.checked = false;
}
function selectProceeding(btn: HTMLButtonElement, opts: { writeURL?: boolean } = {}) {
function selectProceeding(btn: HTMLButtonElement) {
document.querySelectorAll(".proceeding-btn").forEach((b) => b.classList.remove("active"));
btn.classList.add("active");
const nextType = btn.dataset.code || "";
@@ -549,92 +401,35 @@ function selectProceeding(btn: HTMLButtonElement, opts: { writeURL?: boolean } =
if (selectedType !== nextType) clearAnchorOverrides();
selectedType = nextType;
// Persist the picked proceeding to ?proceeding= so a refresh / shared
// link reproduces the same tile. writeURL=false on the load-time
// hydration path so we don't churn history.replaceState when the
// URL already carries the canonical value.
if (opts.writeURL !== false) {
applyURLFilters({ proceeding: selectedType });
}
// Trigger-event label fires from the calc response (root rule).
// Until step 3 renders, fall back to an em-dash placeholder.
lastResponse = null;
syncTriggerEventLabel();
void populateCourtPicker("court-picker-row", "court-picker", selectedType);
syncFlagRows();
syncAppealTargetRowVisibility();
applyRoleLabels(selectedType);
// Restore flags from localStorage BEFORE the initial calc so the
// first /api/tools/fristenrechner POST already carries the user's
// stored flag state. Court_id is async (populateCourtPicker fetches
// courts from the API) so it restores via the .then() below + a
// follow-up recalc when the picker is ready.
restoreFlagsForProceeding();
syncAppellantRowVisibility();
setProceedingPickerCollapsed(true, proceedingDisplayName(btn));
showStep(2);
scheduleCalc(0);
void populateCourtPicker("court-picker-row", "court-picker", selectedType).then(() => {
if (restoreCourtForProceeding()) scheduleCalc(0);
});
}
// restoreFlagsForProceeding seeds the proceeding-specific flag
// checkboxes from localStorage. Mirrors syncFlagRows in scope — only
// flags currently visible for the active proceeding are meaningful
// (the hidden checkboxes still write to localStorage if toggled, but
// that's impossible because they're not in the DOM as visible
// controls). syncInfAmendEnabled enforces the upc.inf.cfi inf-amend
// gating after the restore.
function restoreFlagsForProceeding(): void {
const flagPairs: Array<[string, string]> = [
["ccr-flag", SCENARIO_KEYS.ccr],
["inf-amend-flag", SCENARIO_KEYS.infAmend],
["rev-amend-flag", SCENARIO_KEYS.revAmend],
["rev-cci-flag", SCENARIO_KEYS.revCci],
];
for (const [domId, storageKey] of flagPairs) {
const cb = document.getElementById(domId) as HTMLInputElement | null;
if (!cb) continue;
cb.checked = readBoolFlag(scenarioStorage, storageKey);
}
syncInfAmendEnabled();
}
// restoreCourtForProceeding tries to apply the localStorage court_id
// to the picker after populateCourtPicker resolves. Returns true iff
// a value actually changed (so the caller can schedule a follow-up
// calc). Skips silently when the picker is hidden, the stored ID isn't
// in the options list (court rotated since last visit), or the picker
// already happens to be on the stored value.
function restoreCourtForProceeding(): boolean {
const courtPicker = document.getElementById("court-picker") as HTMLSelectElement | null;
const storedCourtId = readCourtId(scenarioStorage);
if (!courtPicker || !storedCourtId) return false;
const has = Array.from(courtPicker.options).some((o) => o.value === storedCourtId);
if (!has) return false;
if (courtPicker.value === storedCourtId) return false;
courtPicker.value = storedCourtId;
return true;
}
// Slice B1 (m/paliad#124 §18.1) — Berufung unification.
// syncAppealTargetRowVisibility shows the appeal-target chip group
// when the unified upc.apl Berufung tile is selected, hides it
// otherwise. Mirrors syncAppellantRowVisibility's pattern: clears
// state + URL when hiding so a stale ?target= can't leak.
function syncAppealTargetRowVisibility() {
const row = document.getElementById("appeal-target-row");
// syncAppellantRowVisibility hides the appellant selector for
// proceedings that have no appellant axis (first-instance Inf, Rev,
// …). Clears the in-memory state and the URL param when hidden so a
// shared link with ?appellant= doesn't leak into an unrelated
// proceeding's render.
function syncAppellantRowVisibility() {
const row = document.getElementById("appellant-row");
if (!row) return;
const visible = hasAppealTarget(selectedType);
const visible = hasAppellantAxis(selectedType);
row.style.display = visible ? "" : "none";
if (!visible && currentAppealTarget !== "") {
currentAppealTarget = "";
applyURLFilters({ target: "" });
syncRadioGroup("appeal-target", "endentscheidung");
if (!visible && currentAppellant !== null) {
currentAppellant = null;
writeAppellantToURL(null);
syncRadioGroup("appellant", "");
}
}
@@ -702,17 +497,7 @@ async function fetchProjectOurSide(projectID: string): Promise<ProjectOurSide |
function sideLabelI18n(s: Side): string {
if (s === "claimant") return t("deadlines.side.claimant");
if (s === "defendant") return t("deadlines.side.defendant");
return t("deadlines.side.undefined");
}
// syncSideHintVisibility shows the "pick a side" hint chip only while
// currentSide is unset (m/paliad#120). When the user has picked
// claimant / defendant the columns are already focused, so the prompt
// would be misleading.
function syncSideHintVisibility() {
const hint = document.getElementById("side-hint");
if (!hint) return;
hint.style.display = currentSide === null ? "" : "none";
return t("deadlines.side.both");
}
// renderSideChip swaps the radio cluster for a read-only chip showing
@@ -736,9 +521,6 @@ function showSideRadioCluster() {
if (!cluster || !chip) return;
cluster.style.display = "";
chip.style.display = "none";
// Cluster re-appears after override → re-evaluate hint visibility so
// we don't leave a stale "pick a side" prompt above a checked radio.
syncSideHintVisibility();
}
// applySidePrefill takes a project's our_side, maps it to the side axis,
@@ -747,11 +529,11 @@ function showSideRadioCluster() {
// already chosen and we never overwrite. When we do prefill, write the
// derived side to the URL so reload + back/forward round-trip cleanly.
function applySidePrefill(os: ProjectOurSide["our_side"] | undefined) {
if (parseSideFromSearch(window.location.search) !== null) return;
if (readSideFromURL() !== null) return;
const next = ourSideToSide(os);
if (next === null) return;
currentSide = next;
applyURLFilters({ side: next });
writeSideToURL(next);
syncRadioGroup("side", next);
sidePrefilledFromProject = true;
renderSideChip(next);
@@ -820,37 +602,28 @@ function initViewToggle() {
// /api/tools/fristenrechner round-trip — perspective is a pure
// projection of the last response, no backend involved.
function initPerspectiveControls() {
currentSide = parseSideFromSearch(window.location.search);
currentAppealTarget = parseAppealTargetFromSearch(window.location.search);
currentSide = readSideFromURL();
currentAppellant = readAppellantFromURL();
syncRadioGroup("side", currentSide ?? "");
syncRadioGroup("appeal-target", currentAppealTarget || "endentscheidung");
syncSideHintVisibility();
syncRadioGroup("appellant", currentAppellant ?? "");
document.querySelectorAll<HTMLInputElement>("input[type=radio][name=side]").forEach((input) => {
input.addEventListener("change", () => {
if (!input.checked) return;
const v = input.value;
currentSide = (v === "claimant" || v === "defendant") ? v : null;
applyURLFilters({ side: currentSide });
syncSideHintVisibility();
writeSideToURL(currentSide);
if (lastResponse) renderResults(lastResponse);
});
});
// Slice B1 (m/paliad#124 §18.1) — appeal-target chip handler.
// Each chip change re-fetches with the new target slug so the
// timeline re-renders against the matching rule subset.
document.querySelectorAll<HTMLInputElement>("input[type=radio][name=appeal-target]").forEach((input) => {
document.querySelectorAll<HTMLInputElement>("input[type=radio][name=appellant]").forEach((input) => {
input.addEventListener("change", () => {
if (!input.checked) return;
const v = input.value;
if ((APPEAL_TARGETS as readonly string[]).includes(v)) {
currentAppealTarget = v as AppealTarget;
} else {
currentAppealTarget = "";
}
applyURLFilters({ target: currentAppealTarget });
scheduleCalc(0);
currentAppellant = (v === "claimant" || v === "defendant") ? v : null;
writeAppellantToURL(currentAppellant);
if (lastResponse) renderResults(lastResponse);
});
});
}
@@ -871,57 +644,28 @@ document.addEventListener("DOMContentLoaded", () => {
const dateInput = document.getElementById("trigger-date") as HTMLInputElement | null;
if (dateInput) {
// Hydrate trigger_date from URL on first paint so a refresh /
// shared link reproduces the same dated timeline. URL wins over
// the verfahrensablauf.tsx today-default that the <input> renders
// with. parseTriggerDateFromSearch validates the shape so a
// malformed link silently falls back to the today-default.
const urlDate = parseTriggerDateFromSearch(window.location.search);
if (urlDate) dateInput.value = urlDate;
const persistDate = () => {
applyURLFilters({ triggerDate: dateInput.value });
};
dateInput.addEventListener("change", () => { persistDate(); scheduleCalc(); });
dateInput.addEventListener("input", () => { persistDate(); scheduleCalc(); });
dateInput.addEventListener("change", () => scheduleCalc());
dateInput.addEventListener("input", () => scheduleCalc());
dateInput.addEventListener("keydown", (e) => {
if ((e as KeyboardEvent).key === "Enter") { persistDate(); scheduleCalc(0); }
if ((e as KeyboardEvent).key === "Enter") scheduleCalc(0);
});
}
const courtPicker = document.getElementById("court-picker") as HTMLSelectElement | null;
if (courtPicker) courtPicker.addEventListener("change", () => {
writeCourtId(scenarioStorage, courtPicker.value);
scheduleCalc(0);
});
if (courtPicker) courtPicker.addEventListener("change", () => scheduleCalc(0));
// Flag-checkbox listeners — each flip triggers a fresh calc so the
// timeline re-projects with the new gating. ccr-flag additionally
// enables/disables the nested inf-amend row. Each flip also writes
// through to localStorage so the choice survives a reload (URL stays
// clean; flags are scenario state, not filter chips — t-paliad-308).
// enables/disables the nested inf-amend row.
const ccrFlag = document.getElementById("ccr-flag") as HTMLInputElement | null;
if (ccrFlag) ccrFlag.addEventListener("change", () => {
writeBoolFlag(scenarioStorage, SCENARIO_KEYS.ccr, ccrFlag.checked);
syncInfAmendEnabled();
// Disabling ccr also unchecks inf-amend (see syncInfAmendEnabled).
// Mirror that into storage so the next reload doesn't repopulate a
// disabled checkbox as checked.
const infAmend = document.getElementById("inf-amend-flag") as HTMLInputElement | null;
if (infAmend) writeBoolFlag(scenarioStorage, SCENARIO_KEYS.infAmend, infAmend.checked);
scheduleCalc(0);
});
const flagStorageKeys: Record<string, string> = {
"inf-amend-flag": SCENARIO_KEYS.infAmend,
"rev-amend-flag": SCENARIO_KEYS.revAmend,
"rev-cci-flag": SCENARIO_KEYS.revCci,
};
for (const [id, storageKey] of Object.entries(flagStorageKeys)) {
(["inf-amend-flag", "rev-amend-flag", "rev-cci-flag"]).forEach((id) => {
const cb = document.getElementById(id) as HTMLInputElement | null;
if (cb) cb.addEventListener("change", () => {
writeBoolFlag(scenarioStorage, storageKey, cb.checked);
scheduleCalc(0);
});
}
if (cb) cb.addEventListener("change", () => scheduleCalc(0));
});
document.getElementById("fristen-print-btn")?.addEventListener("click", () => window.print());
@@ -952,41 +696,14 @@ document.addEventListener("DOMContentLoaded", () => {
});
}
// Durations toggle (m/paliad#133, t-paliad-302) — sibling of the
// notes toggle. Hover-only labels (default) become inline labels when
// the user opts in.
const durationsShowCb = document.getElementById("verfahrensablauf-durations-show") as HTMLInputElement | null;
if (durationsShowCb) {
durationsShowCb.checked = showDurations;
durationsShowCb.addEventListener("change", () => {
showDurations = durationsShowCb.checked;
writeDurationsPref(showDurations);
if (lastResponse) renderResults(lastResponse);
});
}
// t-paliad-290 — show-hidden toggle. Hydrated from localStorage at
// module load (showHidden); each flip writes back to localStorage
// and triggers a recalc (the backend reshapes the response — we
// can't just re-render lastResponse since the hidden rows aren't
// in it when the toggle was OFF).
const showHiddenCb = document.getElementById("show-hidden-toggle") as HTMLInputElement | null;
if (showHiddenCb) {
showHiddenCb.checked = showHidden;
showHiddenCb.addEventListener("change", () => {
showHidden = showHiddenCb.checked;
writeBoolFlag(scenarioStorage, SCENARIO_KEYS.showHidden, showHidden);
scheduleCalc(0);
});
}
initViewToggle();
initPerspectiveControls();
// t-paliad-265 — per-event-card choices. Unbound surface; persistence
// is localStorage-only (t-paliad-308) so a shared link doesn't carry
// the recipient's per-card tweaks. The popover module owns the
// popover lifecycle; this page owns the recalc + storage plumbing.
// t-paliad-265 — per-event-card choices. Unbound surface, so commits
// mutate the in-memory list + URL, then trigger a recalc. The
// popover module owns the popover lifecycle; this page owns the
// recalc + URL plumbing.
perCardChoices = readChoicesFromURL();
const timelineEl = document.getElementById("timeline-container");
if (timelineEl) {
attachEventCardChoices({
@@ -997,14 +714,14 @@ document.addEventListener("DOMContentLoaded", () => {
(c) => !(c.submission_code === choice.submission_code && c.choice_kind === choice.choice_kind),
);
perCardChoices.push(choice);
writeEventChoices(scenarioStorage, perCardChoices);
writeChoicesToURL(perCardChoices);
scheduleCalc(0);
},
remove: (submissionCode, kind) => {
perCardChoices = perCardChoices.filter(
(c) => !(c.submission_code === submissionCode && c.choice_kind === kind),
);
writeEventChoices(scenarioStorage, perCardChoices);
writeChoicesToURL(perCardChoices);
scheduleCalc(0);
},
});
@@ -1040,31 +757,8 @@ document.addEventListener("DOMContentLoaded", () => {
syncTriggerEventLabel();
});
// Pre-select the proceeding tile. URL wins: if ?proceeding= is set
// and points at a known tile, that tile is selected without rewriting
// the URL. Otherwise fall back to the first tile so users see a
// timeline immediately on landing — matches /tools/fristenrechner
// behaviour. The auto-pick does NOT write the URL so the default
// landing stays clean (`?proceeding=` only appears once the user
// makes an explicit choice). (t-paliad-308 / m/paliad#137)
const urlProceeding = parseProceedingFromSearch(window.location.search);
let initialBtn: HTMLButtonElement | null = null;
let urlHit = false;
if (urlProceeding) {
initialBtn = document.querySelector<HTMLButtonElement>(
`.proceeding-btn[data-code="${urlProceeding.replace(/"/g, '\\"')}"]`,
);
urlHit = initialBtn !== null;
}
if (!initialBtn) {
initialBtn = document.querySelector<HTMLButtonElement>(".proceeding-btn");
}
if (initialBtn) {
// writeURL=false when the URL either already carries this code
// (no churn) or has no proceeding (auto-default → don't pollute
// the clean URL). Only an unknown / stale ?proceeding= triggers
// a rewrite so the URL converges on the resolved tile.
const writeURL = urlProceeding !== "" && !urlHit;
selectProceeding(initialBtn, { writeURL });
}
// Pre-select the first proceeding tile so users see a timeline
// immediately on landing — matches /tools/fristenrechner behaviour.
const firstBtn = document.querySelector<HTMLButtonElement>(".proceeding-btn");
if (firstBtn) selectProceeding(firstBtn);
});

34
frontend/src/client/views/event-card-choices.ts
View File

@@ -74,11 +74,10 @@ export function attachEventCardChoices(opts: EventCardChoicesOpts): void {
states.set(opts.container, state);
opts.container.addEventListener("click", (e) => {
const targetEl = e.target as HTMLElement | null;
const caret = targetEl?.closest<HTMLElement>(".event-card-choices-caret");
if (caret) {
const target = (e.target as HTMLElement | null)?.closest<HTMLElement>(".event-card-choices-caret");
if (target) {
e.stopPropagation();
openPopover(state, caret);
openPopover(state, target);
return;
}
// Outside-click closes the popover.
@@ -159,7 +158,6 @@ function openPopover(state: AttachedState, caret: HTMLElement): void {
} catch {
return;
}
const isHidden = caret.dataset.isHidden === "1";
const pop = document.createElement("div");
pop.className = "event-card-choices-popover";
@@ -167,15 +165,6 @@ function openPopover(state: AttachedState, caret: HTMLElement): void {
pop.setAttribute("aria-label", t("choices.caret.title"));
const blocks: string[] = [];
// t-paliad-293: hidden-card prominence. When the user opens the
// popover on a re-surfaced hidden card, "Wieder einblenden" is the
// most likely intent — surface it as a single high-contrast action
// at the top of the popover (rather than burying it under the skip
// toggle's reset link). Clicking it clears the `skip` choice, which
// is the same wire effect as the legacy inline chip from t-paliad-290.
if (isHidden) {
blocks.push(renderUnhideBlock());
}
if (Array.isArray(offered.appellant)) {
blocks.push(renderAppellantBlock(state, code, offered.appellant as unknown[]));
}
@@ -270,23 +259,6 @@ function renderToggleBlock(state: AttachedState, code: string, kind: "include_cc
</div>`;
}
// renderUnhideBlock is the popover's prominent "Wieder einblenden"
// action — surfaced only when the caret is opened on a re-surfaced
// hidden card (data-is-hidden="1" on the caret). Clicking it dispatches
// the same `clear` action as the skip-block reset link below, but
// labelled in the user's terms ("restore this card" rather than
// "reset skip choice"). Drops out of the popover automatically on
// non-hidden cards so the popover stays minimal. (t-paliad-293)
function renderUnhideBlock(): string {
const label = t("choices.unhide.chip");
return `<div class="event-card-choices-block event-card-choices-block--unhide">
<button type="button"
data-choice-action="clear"
data-choice-kind="skip"
class="event-card-choices-unhide-btn">${escHtml(label)}</button>
</div>`;
}
function closePopover(state: AttachedState): void {
if (state.popover) {
state.popover.remove();

8
frontend/src/client/views/types.ts
View File

@@ -66,13 +66,7 @@ export interface FilterSpec {
sources: DataSource[];
scope: ScopeSpec;
time: TimeSpec;
// Per-source narrowing. Flat shape — one entry per data source. The
// Go side (internal/services/filter_spec.go: FilterSpec.Predicates)
// mirrors this exactly; the previous Partial<Record<DataSource,
// Predicates>> spelling was a latent contract bug (t-paliad-283)
// where every chip click sent a single-nested shape the server
// unmarshalled to no-op.
predicates?: Predicates;
predicates?: Partial<Record<DataSource, Predicates>>;
// Inbox unread-only overlay (t-paliad-249). When true, the view
// service drops project_event rows older than the caller's
// users.inbox_seen_at cursor. Pending approval_requests always

527
frontend/src/client/views/verfahrensablauf-core.test.ts
View File

@@ -1,12 +1,8 @@
import { describe, expect, test } from "bun:test";
import {
type CalculatedDeadline,
type DeadlineResponse,
bucketDeadlinesIntoColumns,
deadlineCardHtml,
formatDurationLabel,
renderColumnsBody,
stripLeadingDurationFromNotes,
} from "./verfahrensablauf-core";
// Regression tests for the editable→click-to-edit wiring on timeline date
@@ -71,153 +67,6 @@ describe("deadlineCardHtml — editable=true emits click-to-edit attrs", () => {
});
});
// t-paliad-293 (m/paliad#125): the "Wieder einblenden" affordance
// moved from an inline chip in the card header into the caret popover
// to fix horizontal-scroll on narrow viewports (the long German label
// pushed the card past its column width). The renderer now signals
// hidden state two ways: (1) a 👁⃠ state-icon in the title row and
// (2) data-is-hidden="1" on the caret button so event-card-choices.ts
// can surface the prominent "Wieder einblenden" popover entry when
// the user opens the menu. The legacy `.event-card-choices-unhide`
// inline chip class must NOT appear in the output.
describe("deadlineCardHtml — isHidden surfaces state-icon + caret hint (t-paliad-293)", () => {
test("isHidden=true emits the hidden state-icon", () => {
const html = deadlineCardHtml(
dl({ isHidden: true, choicesOffered: { skip: [true, false] } }),
{ showParty: true },
);
expect(html).toContain("timeline-state-icon--hidden");
});
test("isHidden=true with choicesOffered.skip annotates the caret with data-is-hidden=\"1\"", () => {
const html = deadlineCardHtml(
dl({ isHidden: true, choicesOffered: { skip: [true, false] } }),
{ showParty: true },
);
expect(html).toContain('data-is-hidden="1"');
expect(html).toContain("event-card-choices-caret");
});
test("isHidden=false (default) suppresses the state-icon and reports data-is-hidden=\"0\"", () => {
const html = deadlineCardHtml(
dl({ choicesOffered: { skip: [true, false] } }),
{ showParty: true },
);
expect(html).not.toContain("timeline-state-icon--hidden");
expect(html).toContain('data-is-hidden="0"');
});
test("isHidden=true with empty choicesOffered still emits caret with synthesized skip offer (defensive)", () => {
// Edge case: admin edits the rule's choices_offered after a user
// has already saved a `skip=true` choice. Without the fallback
// the card would re-surface as hidden with no popover entrypoint
// — the user would have no way to un-hide it. The renderer
// synthesizes a `{skip:[true,false]}` offer so the prominent
// "Wieder einblenden" button still renders in the popover.
const html = deadlineCardHtml(dl({ isHidden: true }), { showParty: true });
expect(html).toContain("event-card-choices-caret");
expect(html).toContain('data-is-hidden="1"');
expect(html).toContain("data-choices-offered=\"{&quot;skip&quot;:[true,false]}\"");
});
test("isHidden=false with empty choicesOffered suppresses caret (regression guard)", () => {
const html = deadlineCardHtml(dl(), { showParty: true });
expect(html).not.toContain("event-card-choices-caret");
});
test("legacy inline `.event-card-choices-unhide` class is no longer emitted", () => {
// Pinned to catch a regression that would re-introduce the
// horizontal-scroll surface that motivated the move. The popover
// now uses `.event-card-choices-unhide-btn` (with the -btn suffix)
// inside the body-attached popover dom node — never in the card
// header HTML the renderer returns.
const html = deadlineCardHtml(
dl({ isHidden: true, choicesOffered: { skip: [true, false] } }),
{ showParty: true },
);
expect(html).not.toContain('class="event-card-choices-unhide"');
expect(html).not.toMatch(/event-card-choices-unhide(?!-btn)/);
});
});
// t-paliad-293: the `optional` priority used to render an inline text
// badge in the card title. The overhaul replaces it with a ⊙ state
// icon so the title row stays compact on narrow viewports. Tooltip is
// driven by the `state.optional.tooltip` i18n key.
describe("deadlineCardHtml — optional priority renders the state icon (t-paliad-293)", () => {
test("priority='optional' emits the timeline-state-icon--optional marker", () => {
const html = deadlineCardHtml(dl({ priority: "optional" }), { showParty: true });
expect(html).toContain("timeline-state-icon--optional");
expect(html).not.toContain("optional-badge");
});
test("priority='mandatory' (default) omits the optional marker", () => {
const html = deadlineCardHtml(dl(), { showParty: true });
expect(html).not.toContain("timeline-state-icon--optional");
});
});
// t-paliad-289 — isConditional rules render an "abhängig von <parent>"
// chip in place of the date column, and the chip keeps the click-to-edit
// affordance so the user can pin a real date once the upstream anchor
// resolves (oral hearing scheduled, opposing party's motion received, …).
// Mirrors Symptom A (R.109(1) backward-anchor without oral-hearing date)
// and Symptom B (R.262(2) without recorded Vertraulichkeitsantrag) from
// the issue.
describe("deadlineCardHtml — isConditional rendering (t-paliad-289)", () => {
test("isConditional + parentRuleName emits 'abhängig von <parent>' chip with click-to-edit", () => {
const html = deadlineCardHtml(
dl({
code: "upc.inf.cfi.translation_request",
isConditional: true,
parentRuleCode: "upc.inf.cfi.oral",
parentRuleName: "Mündliche Verhandlung",
}),
{ showParty: true, editable: true },
);
expect(html).toContain("timeline-conditional");
expect(html).toContain("abhängig von Mündliche Verhandlung");
expect(html).toContain('data-rule-code="upc.inf.cfi.translation_request"');
expect(html).toContain('role="button"');
expect(html).not.toContain("timeline-court-set");
});
test("isConditional with no parentRuleName falls back to generic upstream-event label", () => {
const html = deadlineCardHtml(
dl({ isConditional: true }),
{ showParty: true, editable: true },
);
expect(html).toContain("timeline-conditional");
expect(html).toContain("abhängig von vorgelagertem Ereignis");
});
test("isConditional wins over isCourtSet — overlapping cases render conditional chip", () => {
// Court-set ancestor without override sets BOTH isCourtSet=true AND
// isConditional=true on the wire. The renderer must pick the
// conditional chip; otherwise the row keeps the legacy "wird vom
// Gericht bestimmt" label and the user can't see WHICH upstream
// event blocks them.
const html = deadlineCardHtml(
dl({
isConditional: true,
isCourtSet: true,
isCourtSetIndirect: true,
parentRuleName: "Entscheidung",
}),
{ showParty: true, editable: true },
);
expect(html).toContain("abhängig von Entscheidung");
expect(html).not.toContain("timeline-court-set");
});
test("isConditional=false keeps the normal date span (regression guard)", () => {
const html = deadlineCardHtml(dl({ isConditional: false }), { showParty: true });
expect(html).toContain("timeline-date");
expect(html).not.toContain("timeline-conditional");
});
});
// Pure column-routing behaviour. Originally pinned by m/paliad#81
// (side + appellant axes), re-framed by m/paliad#88: the column
// axis is now "Unsere Seite vs Gegnerseite" ("WE always on the
@@ -329,29 +178,6 @@ describe("bucketDeadlinesIntoColumns — side+appellant column routing (m/paliad
expect(rows[0].ours).toHaveLength(0);
});
test("side=defendant collapses 'both' rules into ours (no mirror) — m/paliad#135", () => {
// When the user has committed to a perspective via `?side=`, the
// mirror is visual noise: the same card renders twice on one row,
// once in 'Unsere Seite' and once in 'Gegnerseite'. The card's
// '↔ beide Seiten' indicator already conveys the both-parties
// semantic, so collapsing into ours is sufficient.
const rows = bucketDeadlinesIntoColumns(
[both("Antrag auf Simultanübersetzung", "2026-04-27")],
{ side: "defendant" },
);
expect(rows[0].ours.map((d) => d.name)).toEqual(["Antrag auf Simultanübersetzung"]);
expect(rows[0].opponent).toHaveLength(0);
});
test("side=claimant collapses 'both' rules into ours (no mirror) — m/paliad#135", () => {
const rows = bucketDeadlinesIntoColumns(
[both("Antrag auf Simultanübersetzung", "2026-04-27")],
{ side: "claimant" },
);
expect(rows[0].ours.map((d) => d.name)).toEqual(["Antrag auf Simultanübersetzung"]);
expect(rows[0].opponent).toHaveLength(0);
});
test("rows align across columns by dueDate so same-day events stay on one grid row", () => {
const sameDate = "2026-07-23";
const rows = bucketDeadlinesIntoColumns([
@@ -419,357 +245,4 @@ describe("bucketDeadlinesIntoColumns — side+appellant column routing (m/paliad
["Decision"],
]);
});
});
// m's correction in m/paliad#127 (t-paliad-295) reverted half of #88's
// header refresh: the user-perspective labels "Unsere Seite"/"Gegnerseite"
// only make sense once the user has picked a side. While the side is
// still "Nicht festgelegt" (side === null — the default after #120) the
// header falls back to the semantic-neutral "Proaktiv"/"Reaktiv" labels.
// Picking a side re-enables the #88 labels. The bucketing primitive
// itself is unchanged — only the column-header text differs.
describe("renderColumnsBody — side-aware column header labels (m/paliad#127)", () => {
const dlFix = (party: string, name: string, due: string): CalculatedDeadline => ({
code: name,
name,
nameEN: name,
party,
priority: "mandatory",
ruleRef: "",
dueDate: due,
originalDate: due,
wasAdjusted: false,
isRootEvent: false,
isCourtSet: false,
});
const data: DeadlineResponse = {
proceedingType: "upc.inf.cfi",
proceedingName: "UPC Verletzungsverfahren",
triggerDate: "2026-01-01",
deadlines: [
dlFix("claimant", "Klageschrift", "2026-01-01"),
dlFix("defendant", "Klageerwiderung", "2026-04-01"),
],
};
test("side=null renders Proaktiv/Gericht/Reaktiv headers", () => {
const html = renderColumnsBody(data, { side: null });
expect(html).toContain(">Proaktiv<");
expect(html).toContain(">Gericht<");
expect(html).toContain(">Reaktiv<");
expect(html).not.toContain(">Unsere Seite<");
expect(html).not.toContain(">Gegnerseite<");
});
test("side=null when opts omitted (default) still renders Proaktiv/Reaktiv", () => {
const html = renderColumnsBody(data);
expect(html).toContain(">Proaktiv<");
expect(html).toContain(">Reaktiv<");
});
test("side=claimant renders Unsere Seite/Gericht/Gegnerseite headers", () => {
const html = renderColumnsBody(data, { side: "claimant" });
expect(html).toContain(">Unsere Seite<");
expect(html).toContain(">Gericht<");
expect(html).toContain(">Gegnerseite<");
expect(html).not.toContain(">Proaktiv<");
expect(html).not.toContain(">Reaktiv<");
});
test("side=defendant renders Unsere Seite/Gegnerseite headers (column swap is bucketing, not labels)", () => {
// The user-perspective labels are picked once a side is set; the
// bucketer still routes defendant filings into the `ours` column when
// side=defendant, so the left column's header truthfully reads
// "Unsere Seite" regardless of which underlying party occupies it.
const html = renderColumnsBody(data, { side: "defendant" });
expect(html).toContain(">Unsere Seite<");
expect(html).toContain(">Gegnerseite<");
expect(html).not.toContain(">Proaktiv<");
expect(html).not.toContain(">Reaktiv<");
});
});
// t-paliad-307 / m/paliad#136 Bug 1 — appeal-aware column routing.
// All appeal rules carry party='both' (either side could be the
// appellant). With appealAware=true + dl.appealRole set, the bucketer
// routes by (filer matches user) instead of collapsing every 'both'
// row into the user's column. Without a side picked, the bucketer
// keeps the legacy mirror so every appeal rule is visible.
describe("bucketDeadlinesIntoColumns — appeal-aware routing (t-paliad-307)", () => {
const appeal = (
name: string,
role: "appellant" | "appellee",
due: string,
): CalculatedDeadline => ({
code: name,
name,
nameEN: name,
party: "both",
priority: "mandatory",
ruleRef: "",
dueDate: due,
originalDate: due,
wasAdjusted: false,
isRootEvent: false,
isCourtSet: false,
appealRole: role,
});
const notice = appeal("Berufungseinlegung", "appellant", "2026-07-26");
const grounds = appeal("Berufungsbegründung", "appellant", "2026-09-26");
const response = appeal("Berufungserwiderung", "appellee", "2026-12-26");
test("appealAware + side=claimant: appellant rules → ours, appellee rules → opponent", () => {
const rows = bucketDeadlinesIntoColumns([notice, grounds, response], {
side: "claimant",
appealAware: true,
});
const byKey = new Map(rows.map((r) => [r.key, r]));
expect(byKey.get(notice.dueDate)?.ours.map((d) => d.name)).toEqual(["Berufungseinlegung"]);
expect(byKey.get(notice.dueDate)?.opponent).toHaveLength(0);
expect(byKey.get(response.dueDate)?.ours).toHaveLength(0);
expect(byKey.get(response.dueDate)?.opponent.map((d) => d.name)).toEqual(["Berufungserwiderung"]);
});
test("appealAware + side=defendant: appellant rules → opponent, appellee rules → ours", () => {
const rows = bucketDeadlinesIntoColumns([notice, response], {
side: "defendant",
appealAware: true,
});
const byKey = new Map(rows.map((r) => [r.key, r]));
expect(byKey.get(notice.dueDate)?.opponent.map((d) => d.name)).toEqual(["Berufungseinlegung"]);
expect(byKey.get(notice.dueDate)?.ours).toHaveLength(0);
expect(byKey.get(response.dueDate)?.ours.map((d) => d.name)).toEqual(["Berufungserwiderung"]);
expect(byKey.get(response.dueDate)?.opponent).toHaveLength(0);
});
test("appealAware + side=null: mirror to both columns (every rule visible)", () => {
const rows = bucketDeadlinesIntoColumns([notice, response], {
side: null,
appealAware: true,
});
const byKey = new Map(rows.map((r) => [r.key, r]));
expect(byKey.get(notice.dueDate)?.ours.map((d) => d.name)).toEqual(["Berufungseinlegung"]);
expect(byKey.get(notice.dueDate)?.opponent.map((d) => d.name)).toEqual(["Berufungseinlegung"]);
expect(byKey.get(response.dueDate)?.ours.map((d) => d.name)).toEqual(["Berufungserwiderung"]);
expect(byKey.get(response.dueDate)?.opponent.map((d) => d.name)).toEqual(["Berufungserwiderung"]);
});
test("appealAware off: appealRole is ignored and legacy bucketing applies", () => {
// Regression guard: a stale frontend that drops `appealAware: true`
// must not silently route via appealRole — the side selector
// would visibly change behaviour without a UI control to opt in.
const rows = bucketDeadlinesIntoColumns([notice, response], { side: "defendant" });
// Legacy "side without appellant" collapse → both rows into ours.
const allOurs = rows.flatMap((r) => r.ours.map((d) => d.name));
expect(allOurs).toEqual(["Berufungseinlegung", "Berufungserwiderung"]);
rows.forEach((r) => expect(r.opponent).toHaveLength(0));
});
test("appealAware respects court party — court rows always route to court column", () => {
const decision: CalculatedDeadline = {
...notice,
name: "Entscheidung",
party: "court",
appealRole: "", // court events deliberately stay empty
dueDate: "",
};
const rows = bucketDeadlinesIntoColumns([decision], { side: "claimant", appealAware: true });
expect(rows[0].court.map((d) => d.name)).toEqual(["Entscheidung"]);
expect(rows[0].ours).toHaveLength(0);
expect(rows[0].opponent).toHaveLength(0);
});
test("appealAware + rule without appealRole falls back to legacy bucketing", () => {
// A future appeal rule we forgot to map: appealRole='' falls
// through the appealAware branch and lands in the legacy
// side-collapse path → ours.
const unmapped: CalculatedDeadline = { ...notice, appealRole: "" };
const rows = bucketDeadlinesIntoColumns([unmapped], { side: "claimant", appealAware: true });
expect(rows[0].ours.map((d) => d.name)).toEqual(["Berufungseinlegung"]);
expect(rows[0].opponent).toHaveLength(0);
});
});
// t-paliad-307 / m/paliad#136 Bug 3 — duration label appends the
// parent rule name (or the proceeding's trigger event label for
// root rules) so the chip reads "4 Monate nach Endentscheidung"
// instead of the dangling "4 Monate nach".
describe("formatDurationLabel — appends parent name (t-paliad-307)", () => {
const dl = (overrides: Partial<CalculatedDeadline> = {}): CalculatedDeadline => ({
code: "x",
name: "x",
nameEN: "x",
party: "both",
priority: "mandatory",
ruleRef: "",
dueDate: "",
originalDate: "",
wasAdjusted: false,
isRootEvent: false,
isCourtSet: false,
durationValue: 4,
durationUnit: "months",
timing: "after",
...overrides,
});
test("with parent label: appends to head", () => {
expect(formatDurationLabel(dl(), "Endentscheidung (R.118)"))
.toBe("4 Monate nach Endentscheidung (R.118)");
});
test("without parent label: bare head — caller decides whether to render", () => {
expect(formatDurationLabel(dl())).toBe("4 Monate nach");
});
test("without timing: parent is not appended (degenerate phrasing)", () => {
// No timing == we can't form "4 Monate <timing> <parent>" cleanly,
// so the bare "4 Monate" head stays. Pinned to catch a future
// edit that would emit "4 Monate Endentscheidung" without a
// preposition.
expect(formatDurationLabel(dl({ timing: "" }), "Endentscheidung")).toBe("4 Monate");
});
test("singular value: switches to .one unit key", () => {
expect(formatDurationLabel(dl({ durationValue: 1 }), "X")).toBe("1 Monat nach X");
});
test("zero / missing duration: empty string", () => {
expect(formatDurationLabel(dl({ durationValue: 0 }), "X")).toBe("");
expect(formatDurationLabel(dl({ durationValue: 0, durationUnit: "" }), "X")).toBe("");
});
});
describe("deadlineCardHtml — duration tooltip reads parent name (t-paliad-307)", () => {
test("root rule with non-zero duration uses opts.triggerEventLabel as parent fallback", () => {
// upc.apl.merits.notice has no parent_id but a 2-month duration
// off the trigger event (the appealed decision). The duration
// tooltip must read the appeal-target label, not just "2 Monate
// nach".
const dl: CalculatedDeadline = {
code: "upc.apl.merits.notice",
name: "Berufungseinlegung",
nameEN: "Notice of Appeal",
party: "both",
priority: "mandatory",
ruleRef: "",
dueDate: "2026-07-26",
originalDate: "2026-07-26",
wasAdjusted: false,
isRootEvent: false,
isCourtSet: false,
durationValue: 2,
durationUnit: "months",
timing: "after",
};
const html = deadlineCardHtml(dl, {
showParty: false,
editable: true,
triggerEventLabel: "Endentscheidung (R.118)",
});
expect(html).toContain("title=\"2 Monate nach Endentscheidung (R.118)\"");
});
test("non-root rule prefers parent rule name over triggerEventLabel", () => {
// merits.response chains off merits.grounds; the duration label
// should read "3 Monate nach Berufungsbegründung", not the
// appeal-target fallback.
const dl: CalculatedDeadline = {
code: "upc.apl.merits.response",
name: "Berufungserwiderung",
nameEN: "Response to Appeal",
party: "both",
priority: "mandatory",
ruleRef: "",
dueDate: "2026-12-26",
originalDate: "2026-12-26",
wasAdjusted: false,
isRootEvent: false,
isCourtSet: false,
durationValue: 3,
durationUnit: "months",
timing: "after",
parentRuleCode: "upc.apl.merits.grounds",
parentRuleName: "Berufungsbegründung",
parentRuleNameEN: "Statement of Grounds",
};
const html = deadlineCardHtml(dl, {
showParty: false,
editable: true,
triggerEventLabel: "Endentscheidung (R.118)",
});
expect(html).toContain("title=\"3 Monate nach Berufungsbegründung\"");
});
});
// t-paliad-307 / m/paliad#136 Bug 4 — leading "Frist N <unit> …"
// substring is stripped before deadline_notes renders so the new
// duration affordance and the legacy free-text don't duplicate.
describe("stripLeadingDurationFromNotes — render-side dedup (t-paliad-307)", () => {
test("DE: strips 'Frist 1 Monat VOR …. ' and keeps the rest", () => {
const out = stripLeadingDurationFromNotes(
"Frist 1 Monat VOR der mündlichen Verhandlung (R.109.1). Antrag auf Simultanübersetzung.",
"de",
);
expect(out).toBe("Antrag auf Simultanübersetzung.");
});
test("DE: strips 'Frist 15 Tage ab …' when the whole notes is the duration prose", () => {
const out = stripLeadingDurationFromNotes(
"Frist 15 Tage ab Zustellung der Kostenentscheidung",
"de",
);
expect(out).toBe("");
});
test("DE: strips 'Frist beträgt 2 Monate ab …. ' (Wiedereinsetzung variant)", () => {
const out = stripLeadingDurationFromNotes(
"Frist beträgt 2 Monate ab Wegfall des Hindernisses (§ 123(2) PatG). Spätestens 1 Jahr.",
"de",
);
expect(out).toBe("Spätestens 1 Jahr.");
});
test("DE: composite 'Frist N … ODER M …' is preserved (option b follow-up)", () => {
const composite =
"Frist 31 Kalendertage ODER 20 Arbeitstage (jeweils das längere) ab Anordnung der einstweiligen Maßnahme.";
expect(stripLeadingDurationFromNotes(composite, "de")).toBe(composite);
});
test("DE: 'Frist vom Gericht' (no number) is preserved", () => {
const out = stripLeadingDurationFromNotes("Frist vom Gericht bestimmt", "de");
expect(out).toBe("Frist vom Gericht bestimmt");
});
test("EN: strips '1 month BEFORE …. ' and keeps the rest", () => {
const out = stripLeadingDurationFromNotes(
"1 month BEFORE the oral hearing (R.109.1). Request for simultaneous interpretation.",
"en",
);
expect(out).toBe("Request for simultaneous interpretation.");
});
test("EN: strips '15-day period from …'", () => {
const out = stripLeadingDurationFromNotes(
"15-day period from service of the cost decision",
"en",
);
expect(out).toBe("");
});
test("EN: strips 'Period is N <unit> from …'", () => {
const out = stripLeadingDurationFromNotes(
"Period is 2 months from removal of the obstacle (Rule 136(1) EPC). Latest 12 months.",
"en",
);
expect(out).toBe("Latest 12 months.");
});
test("EN: empty / non-matching notes pass through unchanged", () => {
expect(stripLeadingDurationFromNotes("", "en")).toBe("");
expect(stripLeadingDurationFromNotes("Time limit set by the court", "en"))
.toBe("Time limit set by the court");
});
});

465
frontend/src/client/views/verfahrensablauf-core.ts
View File

@@ -72,134 +72,6 @@ export interface CalculatedDeadline {
// page-level appellant axis still applies in that case). The bucketer
// reads this in preference to the page-level appellant.
appellantContext?: string;
// isHidden (t-paliad-290 / m/paliad#122): server-side flag set when
// a previously-hidden card is re-surfaced via the "Ausgeblendete
// anzeigen" toggle. The renderer fades the card and exposes an
// inline "Wieder einblenden" chip that deletes the skip choice.
isHidden?: boolean;
// isConditional (t-paliad-289): the rule's anchor is uncertain, so
// no concrete date is projected. Set by the calculator when the rule
// depends on a court-set ancestor without override, when a backward-
// anchored rule's forward anchor isn't set, or for optional rules
// whose true triggering event sits outside the rule data (e.g.
// R.262(2) Erwiderung auf Vertraulichkeitsantrag — anchored on SoC
// in the data, but the real trigger is the opposing party's
// confidentiality motion). The renderer drops the date column entry
// and shows an "abhängig von <parentRuleName>" chip instead.
isConditional?: boolean;
// parentRuleCode / parentRuleName / parentRuleNameEN surface the
// parent rule's identity so the renderer can label the
// "abhängig von <parent>" chip on conditional rows. Populated for
// every rule with a parent (not just conditional ones), so the
// dependency-footer logic can reuse it. Empty for root rules.
parentRuleCode?: string;
parentRuleName?: string;
parentRuleNameEN?: string;
// durationValue / durationUnit / timing surface the rule's arithmetic
// so the timeline card can show "2 Mo. nach" on hover (and inline when
// the "Dauern anzeigen" toggle is on). Zero-duration rules (root
// event, court-set) carry durationValue=0 and the renderer suppresses
// the affordance — those don't have an explainable interval.
// (m/paliad#133, t-paliad-302)
durationValue?: number;
durationUnit?: string;
timing?: string;
// appealRole carries the rule's appeal-filer identity when the
// server computed the timeline under an appeal_target filter:
// "appellant" (Berufungskläger files this rule), "appellee"
// (Berufungsbeklagter files this rule), or empty for court events
// and non-appeal timelines. The column bucketer reads this in
// preference to primary_party='both' so a user-perspective `?side=`
// pick can split appeal filings into the user's column vs the
// opponent's, instead of routing every "both" rule into the
// user's column. (t-paliad-307 / m/paliad#136 Bug 1)
appealRole?: "appellant" | "appellee" | "";
// isTriggerEvent marks the synthetic row the engine prepends to the
// timeline when computing an appeal: a court-set decision dated to
// the trigger date with the per-appeal-target label
// (Endentscheidung / Kostenentscheidung / Anordnung / …). The row
// carries no real rule_id — it's a UI marker so the timeline reads
// decision → appeal filings → next decision. (t-paliad-307 /
// m/paliad#136 Bug 2)
isTriggerEvent?: boolean;
}
// stripLeadingDurationFromNotes drops the leading
// "Frist N <unit> <preposition> <subject>." (DE) /
// "N <unit> <preposition> <subject>." (EN) prefix from a rule's
// deadline_notes so it doesn't duplicate the new duration affordance
// added in m/paliad#133 (t-paliad-307 Bug 4).
//
// The duration affordance now renders the same prose as a badge on
// the card ("4 Monate nach Endentscheidung (R.118)"); a free-text
// notes string that opens with the same prose reads as a verbatim
// duplicate. Only the leading-prefix shape is stripped — anything
// after the first sentence is preserved (the editorial commentary
// the lawyers actually want to read).
//
// Conservative: composite-duration prefaces with "ODER" /
// "whichever is the longer" don't match and stay untouched — those
// are the follow-up editorial cleanup (option b in the issue brief).
//
// Examples:
// "Frist 1 Monat VOR der mündlichen Verhandlung (R.109.1). Antrag …"
// → "Antrag …"
// "Frist 15 Tage ab Zustellung der Kostenentscheidung"
// → ""
// "Frist beträgt 2 Monate ab Wegfall des Hindernisses (§ 123(2) PatG). Spätestens …"
// → "Spätestens …"
// "1-month period from service of the main decision"
// → ""
// "1 month BEFORE the oral hearing (R.109.1). Request for …"
// → "Request for …"
// "Period is 2 months from removal of the obstacle (Rule 136(1) EPC). Latest …"
// → "Latest …"
// "Frist 31 Kalendertage ODER 20 Arbeitstage (jeweils das längere) ab Anordnung …"
// → unchanged (composite — option b follow-up)
export function stripLeadingDurationFromNotes(notes: string, lang: "de" | "en"): string {
if (!notes) return notes;
// Terminator `(?:\.\s+|$)` matches the FIRST sentence boundary
// (period followed by whitespace) OR end of input. Embedded dots
// inside parenthesised citations (R.109.1, § 123(2), Rule 136(1))
// are skipped because the char right after them isn't whitespace.
// `[^]*?` is the JS-portable form of `.*?` with the dotAll flag —
// any character including newlines, non-greedy.
const re = lang === "en"
? /^(?:Period\s+is\s+)?\d+(?:[-\s]\S+)?\s+(?:\S+\s+)?(?:before|from|after|since)\b[^]*?(?:\.\s+|$)/i
: /^Frist\s+(?:beträgt\s+)?\d+\s+\S+\s+(?:VOR|vor|nach|ab|seit)\b[^]*?(?:\.\s+|$)/;
return notes.replace(re, "");
}
// formatDurationLabel renders the per-rule duration label for the
// Verfahrensablauf card affordance: "2 Monate nach Endentscheidung",
// "1 Monat vor Mündlicher Verhandlung", …
// (m/paliad#133, t-paliad-302; parent-name append: t-paliad-307 /
// m/paliad#136 Bug 3).
//
// Returns empty string for rules without a usable duration so the
// caller can skip the tooltip / inline span entirely. Pluralisation
// key naming mirrors the Fristenrechner event-mode renderer
// (deadlines.event.unit.<unit>.{one,many}) — the unit and timing
// translations already exist for /tools/fristenrechner's
// "Was kommt nach…" mode and are reused here as the single source
// of truth.
//
// `parentLabel` is the rule's anchor name (parent rule's name when
// the rule has a parent_id; otherwise the proceeding's
// triggerEventLabel from the wire). Empty falls back to bare
// "<n> <unit> <timing>" — bare phrasing is the pre-fix shape and
// remains the default for fixtures / tests that omit a parent.
export function formatDurationLabel(dl: CalculatedDeadline, parentLabel: string = ""): string {
const value = dl.durationValue ?? 0;
const unit = dl.durationUnit || "";
if (value <= 0 || !unit) return "";
const unitKey = `deadlines.event.unit.${unit}` + (value === 1 ? ".one" : ".many");
const unitStr = tDyn(unitKey);
const timing = dl.timing || "";
const timingStr = timing ? tDyn(`deadlines.event.timing.${timing}`) : "";
const head = timingStr ? `${value} ${unitStr} ${timingStr}` : `${value} ${unitStr}`;
if (!timingStr || !parentLabel) return head;
return `${head} ${parentLabel}`;
}
// priorityRendering returns the per-priority UX hints the save-modal
@@ -259,13 +131,6 @@ export interface DeadlineResponse {
// (m/paliad#81)
triggerEventLabel?: string;
triggerEventLabelEN?: string;
// hiddenCount (t-paliad-290 / m/paliad#122): number of rules that
// would have been hidden in this projection (i.e. their
// submission_code is in skipRules and they passed the condition_expr
// gate). Surfaces the "Ausgeblendete (N)" badge on the toggle even
// when the toggle is OFF — so users know there's something to
// re-surface.
hiddenCount?: number;
}
export interface CourtRow {
@@ -295,17 +160,6 @@ export interface CalcParams {
choice_kind: string;
choice_value: string;
}>;
// includeHidden (t-paliad-290): when true the calculator returns
// previously-skipped rules as faded cards instead of dropping them.
// Sent only when the page-level "Ausgeblendete anzeigen" toggle is
// ON.
includeHidden?: boolean;
// Slice B1 / m/paliad#124 §18.1: narrows the unified UPC Berufung
// (upc.apl) timeline to the rule subset whose applies_to_target
// contains the requested slug. Empty = no filter. Valid values:
// endentscheidung | kostenentscheidung | anordnung |
// schadensbemessung | bucheinsicht.
appealTarget?: string;
}
const PARTY_CLASS: Record<string, string> = {
@@ -321,20 +175,10 @@ export function escAttr(s: string): string {
return s.replace(/&/g, "&amp;").replace(/"/g, "&quot;");
}
// Pure-string HTML escape — keeps the module testable in bun test
// (plain Node, no jsdom). Used to be backed by document.createElement,
// which forced fixtures to leave any field that flowed through it
// empty just to exercise unrelated branches; the regex form is safe
// for arbitrary text including the per-rule name strings that the
// conditional-row chip ("abhängig von <parent>") now exposes.
// (t-paliad-289)
export function escHtml(s: string): string {
return s
.replace(/&/g, "&amp;")
.replace(/</g, "&lt;")
.replace(/>/g, "&gt;")
.replace(/"/g, "&quot;")
.replace(/'/g, "&#39;");
const d = document.createElement("div");
d.textContent = s;
return d.innerHTML;
}
export function formatDate(dateStr: string): string {
@@ -426,126 +270,37 @@ export interface CardOpts {
// Page shells expose a toggle ("Hinweise anzeigen") that flips this and
// re-renders. Default false — notes are noisy on long timelines.
showNotes?: boolean;
// showDurations controls per-rule duration rendering on event cards
// (m/paliad#133, t-paliad-302):
// true → inline `<span class="timeline-duration">2 Mo. nach</span>`
// next to the date.
// false → hover-only tooltip on the date span (browser-native
// `title` attribute). Cards without a usable
// `durationValue > 0` get neither — court-set and trigger-
// event cards have no explainable interval.
// /tools/verfahrensablauf exposes a toggle ("Dauern anzeigen") that
// flips this and re-renders; persisted via the localStorage key
// `paliad.verfahrensablauf.durations-show`. Default false.
showDurations?: boolean;
// triggerEventLabel: per-language label of the proceeding's anchor
// event ("Endentscheidung (R.118)" for an Endentscheidung appeal;
// "Klageerhebung" for upc.inf.cfi; …). Used by formatDurationLabel
// as the parent-name fallback when a rule is a root rule (no
// parent_id) but carries a non-zero duration — e.g. the
// Berufungseinlegung 2 months after Endentscheidung. Pages pass the
// already-language-resolved string. (t-paliad-307 / m/paliad#136
// Bug 3)
triggerEventLabel?: string;
}
export function deadlineCardHtml(dl: CalculatedDeadline, opts: CardOpts): string {
const wantsEditable = !!opts.editable;
const editable = wantsEditable && !dl.isRootEvent && dl.code !== "";
const overriddenClass = dl.isOverridden ? " timeline-date--overridden" : "";
// Parent name for the duration label (t-paliad-307 / m/paliad#136
// Bug 3): use the rule's parent if set, else fall back to the
// proceeding's trigger event label (e.g. "Endentscheidung (R.118)"
// for an Endentscheidung appeal; "Klageerhebung" for upc.inf.cfi).
// Empty for rules whose anchor isn't surface-able — the duration
// label degrades to the bare "<n> <unit> <timing>" form in that case.
const parentLabelForDuration = (getLang() === "en"
? (dl.parentRuleNameEN || dl.parentRuleName)
: (dl.parentRuleName || dl.parentRuleNameEN)) || opts.triggerEventLabel || "";
// Duration affordance (m/paliad#133, t-paliad-302). Computed once so
// both the date-span tooltip and the inline meta-row span pull from
// the same string. Empty for rules without a usable duration.
const durationLabel = formatDurationLabel(dl, parentLabelForDuration);
// Hover affordance on the date span: prefer the duration tooltip when
// we have one, else fall back to the edit-hint when the cell is
// click-to-edit. The edit affordance still works either way — the
// title is purely advisory.
const dateTitle = durationLabel
? durationLabel
: (editable ? t("deadlines.date.edit.hint") : "");
const editAttrs = editable
? ` data-rule-code="${escAttr(dl.code)}" data-current-date="${escAttr(dl.dueDate)}" role="button" tabindex="0"${dateTitle ? ` title="${escAttr(dateTitle)}"` : ""}`
: (dateTitle ? ` title="${escAttr(dateTitle)}"` : "");
// Conditional rows (t-paliad-289) replace the date column with an
// "abhängig von <parent>" chip. The chip remains click-to-edit so
// the user can pin a real date once known (e.g. once the oral
// hearing date is set, or the opposing party's Vertraulichkeits-
// antrag arrives) — the same data-rule-code wiring fires the
// existing inline date editor. IsConditional wins over IsCourtSet:
// they overlap (court-set ancestor without override produces both),
// and "abhängig von <parent>" is the clearer user-facing signal.
const parentLabel = (getLang() === "en"
? (dl.parentRuleNameEN || dl.parentRuleName)
: dl.parentRuleName) || "";
let dateStr: string;
if (dl.isConditional) {
const chipText = parentLabel
? tDyn("deadlines.conditional.depends_on").replace("{parent}", escHtml(parentLabel))
: t("deadlines.conditional.unset");
dateStr = `<span class="timeline-conditional frist-date-edit"${editAttrs}>${chipText}</span>`;
} else if (dl.isCourtSet) {
const courtLabelKey = dl.isCourtSetIndirect
? "deadlines.court.indirect"
: "deadlines.court.set";
dateStr = `<span class="timeline-court-set frist-date-edit"${editAttrs}>${t(courtLabelKey)}</span>`;
} else {
dateStr = `<span class="timeline-date${overriddenClass} frist-date-edit"${editAttrs}>${formatDate(dl.dueDate)}</span>`;
}
? ` data-rule-code="${escAttr(dl.code)}" data-current-date="${escAttr(dl.dueDate)}" role="button" tabindex="0" title="${escAttr(t("deadlines.date.edit.hint"))}"`
: "";
const courtLabelKey = dl.isCourtSetIndirect
? "deadlines.court.indirect"
: "deadlines.court.set";
const dateStr = dl.isCourtSet
? `<span class="timeline-court-set frist-date-edit"${editAttrs}>${t(courtLabelKey)}</span>`
: `<span class="timeline-date${overriddenClass} frist-date-edit"${editAttrs}>${formatDate(dl.dueDate)}</span>`;
// t-paliad-293 — iconified state markers. The card surface speaks
// "cut the tree of possibilities": each card carries 0N small icons
// in the title row that summarise its decision state at a glance.
// The text "optional" badge that used to sit inline next to the name
// is now a ⊙ icon (state.optional). Hidden cards get a 👁⃠ eye-slash
// marker. Conditional cards already have the date-column chip; the
// marker is redundant in the title row. CCR-included / appellant
// picks remain on the chip row (event-card-choices-chip) — see below.
// Tooltips are i18n-driven so they read in the user's language.
const stateIcons: string[] = [];
if (dl.priority === "optional") {
stateIcons.push(
`<span class="timeline-state-icon timeline-state-icon--optional" role="img" aria-label="${escAttr(t("state.optional.tooltip"))}" title="${escAttr(t("state.optional.tooltip"))}">⊙</span>`,
);
}
if (dl.isHidden) {
stateIcons.push(
`<span class="timeline-state-icon timeline-state-icon--hidden" role="img" aria-label="${escAttr(t("state.hidden.tooltip"))}" title="${escAttr(t("state.hidden.tooltip"))}">👁⃠</span>`,
);
}
const stateIconsHtml = stateIcons.join("");
// Slice 9 (t-paliad-195): the legacy boolean pair is gone — read
// priority directly. Optional badge fires only on 'optional'
// priority (RoP.151-style opt-in deadlines).
const mandatoryBadge = dl.priority === "optional"
? '<span class="optional-badge">optional</span>'
: "";
// t-paliad-265 — caret affordance + chip indicator when this rule
// offers per-card choices and the user has made a pick. The popover
// open/commit lifecycle lives in client/views/event-card-choices.ts;
// the data-* attributes here are the wire contract between the two.
//
// t-paliad-293 — hidden cards always expose the caret so the user
// can un-hide via the popover's "Wieder einblenden" entry. Normally
// a hidden card was hidden via a skip choice, so `choicesOffered.skip`
// is present. Defensive fallback: if a rule's `choices_offered` was
// edited away after the skip entry was saved, the user would lose
// the un-hide path entirely. Synthesize a `{skip:[true,false]}`
// offer for the popover in that edge case so the prominent
// "Wieder einblenden" button still renders.
const offeredForCaret = (dl.choicesOffered && Object.keys(dl.choicesOffered).length > 0)
? dl.choicesOffered
: (dl.isHidden ? { skip: [true, false] } : null);
const showCaret = dl.code !== "" && offeredForCaret !== null;
const choicesHtml = showCaret
const choicesHtml = dl.code !== "" && dl.choicesOffered && Object.keys(dl.choicesOffered).length > 0
? `<button type="button" class="event-card-choices-caret"
data-submission-code="${escAttr(dl.code)}"
data-choices-offered="${escAttr(JSON.stringify(offeredForCaret))}"
data-is-hidden="${dl.isHidden ? "1" : "0"}"
data-choices-offered="${escAttr(JSON.stringify(dl.choicesOffered))}"
aria-label="${escAttr(t("choices.caret.title"))}"
title="${escAttr(t("choices.caret.title"))}">▾</button>`
: "";
@@ -571,14 +326,7 @@ export function deadlineCardHtml(dl: CalculatedDeadline, opts: CardOpts): string
ruleRef = `<span class="timeline-rule">${escHtml(dl.ruleRef)}</span>`;
}
const rawNoteText = getLang() === "en" ? (dl.notesEN || dl.notes) : dl.notes;
// Strip the leading-duration prefix so the new duration affordance
// doesn't duplicate what the lawyer wrote verbatim into deadline_notes
// for those legacy rule rows that still carry it.
// (t-paliad-307 / m/paliad#136 Bug 4)
const noteText = rawNoteText
? stripLeadingDurationFromNotes(rawNoteText, getLang() === "en" ? "en" : "de")
: rawNoteText;
const noteText = getLang() === "en" ? (dl.notesEN || dl.notes) : dl.notes;
const showNotes = opts.showNotes === true;
const notesBlock = noteText && showNotes
? `<div class="timeline-notes">${noteText}</div>`
@@ -587,19 +335,9 @@ export function deadlineCardHtml(dl: CalculatedDeadline, opts: CardOpts): string
? `<span class="timeline-note-hint" tabindex="0" role="note" aria-label="${escAttr(noteText)}" title="${escAttr(noteText)}">ⓘ</span>`
: "";
// Inline duration affordance (m/paliad#133, t-paliad-302). Only
// emitted when the "Dauern anzeigen" toggle is on AND the rule has a
// usable duration; the default-off hover-tooltip path is wired
// separately on the date span itself.
const showDurations = opts.showDurations === true;
const durationInline = showDurations && durationLabel
? `<span class="timeline-duration">${escHtml(durationLabel)}</span>`
: "";
const meta = (opts.showParty || ruleRef || noteHint || durationInline)
const meta = (opts.showParty || ruleRef || noteHint)
? `<div class="timeline-meta">
${opts.showParty ? partyBadge(dl.party) : ""}
${durationInline}
${ruleRef}
${noteHint}
</div>`
@@ -616,7 +354,7 @@ export function deadlineCardHtml(dl: CalculatedDeadline, opts: CardOpts): string
return `<div class="timeline-item-header">
<span class="timeline-name">
${dlName}
${stateIconsHtml}
${mandatoryBadge}
${chipHtml}
</span>
${dateStr}
@@ -708,54 +446,17 @@ export function wireDateEditClicks(
});
}
// pickTriggerEventLabel returns the per-language trigger event label
// from a DeadlineResponse, used as the parent-fallback for root-rule
// duration labels. Mirrors the precedence the page-level
// triggerEventLabelFor uses (curated server label > proceedingName
// fallback). Distinct from the page helper in that it stays language-
// scoped to the current getLang() — root-rule duration labels render
// in the user's current language. (t-paliad-307 / m/paliad#136 Bug 3)
export function pickTriggerEventLabel(data: DeadlineResponse): string {
const lang = getLang();
const curated = lang === "en"
? (data.triggerEventLabelEN || data.triggerEventLabel || "")
: (data.triggerEventLabel || data.triggerEventLabelEN || "");
if (curated) return curated;
return lang === "en"
? (data.proceedingNameEN || data.proceedingName || "")
: (data.proceedingName || data.proceedingNameEN || "");
}
export function renderTimelineBody(data: DeadlineResponse, opts: CardOpts = { showParty: true }): string {
// Resolve the trigger event label once so the duration affordance on
// root rules (no parent) can read it as the anchor fallback. Caller-
// provided value wins (lets the page override for sub-track flows).
const cardOpts: CardOpts = {
...opts,
triggerEventLabel: opts.triggerEventLabel ?? pickTriggerEventLabel(data),
};
let html = '<div class="timeline">';
for (const dl of data.deadlines) {
const itemClasses = [
"timeline-item",
dl.isRootEvent ? "timeline-root" : "",
// t-paliad-290: re-surfaced hidden cards render faded via the
// shared timeline-item--hidden modifier (same modifier the columns
// view uses; see fr-col-item--hidden below).
dl.isHidden ? "timeline-item--hidden" : "",
// t-paliad-289: dotted-border + faded styling for conditional rows
// so the "abhängig von <parent>" state is visually distinct from
// both anchored deadlines and direct court-set rows.
dl.isConditional ? "timeline-item--conditional" : "",
].filter(Boolean).join(" ");
html += `
<div class="${itemClasses}">
<div class="timeline-item ${dl.isRootEvent ? "timeline-root" : ""}">
<div class="timeline-dot-col">
<div class="timeline-dot ${dl.isRootEvent ? "dot-root" : ""}"></div>
<div class="timeline-line"></div>
</div>
<div class="timeline-content">
${deadlineCardHtml(dl, cardOpts)}
${deadlineCardHtml(dl, opts)}
</div>
</div>
`;
@@ -802,9 +503,6 @@ type ColumnPosition = "ours" | "opponent";
export interface ColumnsBodyOpts {
editable?: boolean;
showNotes?: boolean;
// Forwarded to deadlineCardHtml — see CardOpts.showDurations.
// (m/paliad#133, t-paliad-302)
showDurations?: boolean;
// side: which side the user is on. Drives column placement;
// does NOT filter rows. Default null = claimant-on-the-left
// (i.e. "ours = claimant", legacy default).
@@ -814,15 +512,6 @@ export interface ColumnsBodyOpts {
// (no mirror). Default null = mirror "both" into both cells
// (legacy behaviour). Independent of `side`.
appellant?: Side;
// appealAware: forwarded to bucketDeadlinesIntoColumns when the
// page is rendering an appeal_target-filtered timeline. Routes
// each rule to its filer-perspective column via dl.appealRole
// instead of the legacy primary_party='both' collapse.
// (t-paliad-307 / m/paliad#136 Bug 1)
appealAware?: boolean;
// triggerEventLabel: forwarded to deadlineCardHtml — see CardOpts.
// (t-paliad-307 / m/paliad#136 Bug 3)
triggerEventLabel?: string;
}
// ColumnsRow is the per-due-date bucket the renderer consumes. Public
@@ -838,15 +527,6 @@ export interface ColumnsRow {
export interface BucketingOpts {
side?: Side;
appellant?: Side;
// appealAware: when true, rules carrying a `dl.appealRole` of
// "appellant" / "appellee" route via the appeal role + user side
// axis instead of the legacy primary_party='both' collapse. With
// `side=null` the bucketer keeps the mirror semantic (both columns
// render every appeal rule); with `side` set, "appellant" rules
// land in the user's column when the user IS the appellant, in
// the opponent's column otherwise — mirror for "appellee" rules.
// (t-paliad-307 / m/paliad#136 Bug 1)
appealAware?: boolean;
}
// bucketDeadlinesIntoColumns is the pure routing primitive that
@@ -881,8 +561,6 @@ export function bucketDeadlinesIntoColumns(
return r;
};
const appealAware = opts.appealAware === true;
deadlines.forEach((dl, idx) => {
const key = dl.dueDate || `${UNSCHEDULED_PREFIX}${String(idx).padStart(4, "0")}`;
const row = ensureRow(key);
@@ -905,41 +583,11 @@ export function bucketDeadlinesIntoColumns(
if (dl.appellantContext === "claimant" || dl.appellantContext === "defendant") {
const perCardCol = dl.appellantContext === "claimant" ? claimantColumn : defendantColumn;
row[perCardCol].push(dl);
} else if (
appealAware &&
(dl.appealRole === "appellant" || dl.appealRole === "appellee")
) {
// Appeal-aware routing (t-paliad-307 / m/paliad#136 Bug 1).
// With no side picked, mirror to both columns so every rule
// is visible regardless of which side the user is on. With
// a side picked, route by (filer matches user) → ours
// column, else opponent column. side=claimant maps the
// user to "appellant" (Berufungskläger); side=defendant
// maps the user to "appellee" (Berufungsbeklagter).
if (userSide === null) {
row.ours.push(dl);
row.opponent.push(dl);
} else {
const userIsAppellant = userSide === "claimant";
const filerIsAppellant = dl.appealRole === "appellant";
row[filerIsAppellant === userIsAppellant ? "ours" : "opponent"].push(dl);
}
} else if (appellantColumn !== null) {
// Role-swap collapse: appellant initiated → both → one row
// in appellant's column. Mirror suppressed.
row[appellantColumn].push(dl);
} else if (userSide !== null) {
// Side picked but no appellant axis (first-instance Inf, Rev,
// …): the user has committed to a perspective, so the mirror
// is visual noise — the same card appears twice on the same
// row, once in "Unsere Seite" and once in "Gegnerseite".
// Collapse into ours; the "↔ beide Seiten" indicator on the
// card already conveys that the rule applies to both parties.
// (m/paliad#135 / t-paliad-304)
row.ours.push(dl);
} else {
// No perspective picked → keep the legacy mirror so neither
// axis is privileged. Pinned by the "default (no opts)" test.
row.ours.push(dl);
row.opponent.push(dl);
}
@@ -962,31 +610,15 @@ export function bucketDeadlinesIntoColumns(
export function renderColumnsBody(data: DeadlineResponse, opts: ColumnsBodyOpts = {}): string {
const userSide: Side = opts.side ?? null;
const rows = bucketDeadlinesIntoColumns(data.deadlines, {
side: userSide,
appellant: opts.appellant,
appealAware: opts.appealAware,
});
const rows = bucketDeadlinesIntoColumns(data.deadlines, { side: userSide, appellant: opts.appellant });
const appellantPinned = opts.appellant === "claimant" || opts.appellant === "defendant";
const cardOpts: CardOpts = {
showParty: false,
editable: opts.editable,
showNotes: opts.showNotes,
showDurations: opts.showDurations,
triggerEventLabel: opts.triggerEventLabel ?? pickTriggerEventLabel(data),
};
const cardOpts: CardOpts = { showParty: false, editable: opts.editable, showNotes: opts.showNotes };
// Collapsed "both" rows lose their mirror tag — there's no longer
// a sibling row to mirror to, so the "↔ beide Seiten" hint would
// be misleading. Both collapse paths suppress it:
// - appellantPinned: role-swap collapse into appellant's column
// - userSide !== null without appellantPinned: perspective-locked
// collapse into ours (m/paliad#135 / t-paliad-304).
// Legacy mirror path (no side, no appellant) keeps the tag — both
// sibling rows still render so the tag has a visual referent.
const sideCollapse = userSide !== null;
const showMirrorTag = !appellantPinned && !sideCollapse;
// be misleading. Keep it for the legacy mirror path.
const showMirrorTag = !appellantPinned;
const renderCell = (items: CalculatedDeadline[]): string => {
if (items.length === 0) {
@@ -997,17 +629,7 @@ export function renderColumnsBody(data: DeadlineResponse, opts: ColumnsBodyOpts
const mirrorTag = showMirrorTag && dl.party === "both"
? `<div class="fr-col-mirror">↔ ${escHtml(t("deadlines.party.both.label"))}</div>`
: "";
const itemClasses = [
"fr-col-item",
dl.isRootEvent ? "fr-col-root" : "",
// t-paliad-290: re-surfaced hidden cards render faded via the
// shared fr-col-item--hidden modifier.
dl.isHidden ? "fr-col-item--hidden" : "",
// t-paliad-289: same conditional treatment as the linear
// timeline-item — dotted border + faded styling.
dl.isConditional ? "fr-col-item--conditional" : "",
].filter(Boolean).join(" ");
return `<div class="${itemClasses}">
return `<div class="fr-col-item ${dl.isRootEvent ? "fr-col-root" : ""}">
${deadlineCardHtml(dl, cardOpts)}
${mirrorTag}
</div>`;
@@ -1019,29 +641,14 @@ export function renderColumnsBody(data: DeadlineResponse, opts: ColumnsBodyOpts
const headerCell = (label: string, cls: string) =>
`<div class="fr-col-header ${cls}">${escHtml(label)}</div>`;
// Column-header labels have two modes (m/paliad#127):
// - side picked → "Unsere Seite" / "Gegnerseite" (the columns
// truthfully describe whose filings sit there,
// because the bucketer routed the user's side into
// `ours`).
// - side === null → "Proaktiv" / "Reaktiv" (semantic-neutral). The
// user-perspective labels would lie here: we don't
// know yet which party is "us", so calling the left
// column "Unsere Seite" presumes a pick the user
// hasn't made. The neutral Proaktiv/Reaktiv pair
// keeps the spatial axis ("who initiates vs who
// responds") legible while the hint chip on the
// page nudges the user to pick a side.
//
// Note: the COLUMN PROJECTION does not change — the bucketing primitive
// still routes claimant→left, defendant→right when side=null (legacy
// claimant-on-the-left fallback). Only the HEADER label changes.
const leftLabel = userSide === null ? t("deadlines.col.proactive") : t("deadlines.col.ours");
const rightLabel = userSide === null ? t("deadlines.col.reactive") : t("deadlines.col.opponent");
// Static labels — "Unsere Seite" is always the left column, regardless
// of which physical party (claimant vs defendant) occupies it. The
// bucketing primitive already routes the user's side into the `ours`
// bucket, so the header truth-fully describes the column contents.
let html = '<div class="fr-columns-view">';
html += headerCell(leftLabel, "fr-col-ours");
html += headerCell(t("deadlines.col.ours"), "fr-col-ours");
html += headerCell(t("deadlines.col.court"), "fr-col-court");
html += headerCell(rightLabel, "fr-col-opponent");
html += headerCell(t("deadlines.col.opponent"), "fr-col-opponent");
for (const row of rows) {
html += renderCell(row.ours);
@@ -1073,8 +680,6 @@ export async function calculateDeadlines(params: CalcParams): Promise<DeadlineRe
perCardChoices: params.perCardChoices && params.perCardChoices.length > 0
? params.perCardChoices
: undefined,
includeHidden: params.includeHidden ? true : undefined,
appealTarget: params.appealTarget || undefined,
}),
});
if (!resp.ok) {

309
frontend/src/client/views/verfahrensablauf-state.test.ts
View File

@@ -1,309 +0,0 @@
// Unit tests for the /tools/verfahrensablauf URL + scenario-localStorage
// state contract (t-paliad-308 / m/paliad#137). Run with `bun test`.
//
// The contract:
// 1. URL params (proceeding, side, target, trigger_date) define which
// timeline kind the user is looking at — paste-able, shareable,
// refresh-resistant.
// 2. localStorage (paliad.verfahrensablauf.scenario.*) holds the
// per-user scenario tweaks (event_choices, court_id, flags,
// show_hidden) — these never leak into a shared link.
// 3. On hydrate, URL wins. localStorage fills the rest.
import { describe, expect, test } from "bun:test";
import {
APPEAL_TARGETS,
SCENARIO_KEYS,
SCENARIO_PREFIX,
URL_KEYS,
applyFiltersToSearch,
hydrate,
makeMemoryStorage,
parseAppealTargetFromSearch,
parseProceedingFromSearch,
parseSideFromSearch,
parseTriggerDateFromSearch,
readBoolFlag,
readCourtId,
readEventChoices,
readScenario,
writeBoolFlag,
writeCourtId,
writeEventChoices,
} from "./verfahrensablauf-state";
describe("URL parsers — filter chips", () => {
test("parseProceedingFromSearch returns empty string when absent", () => {
expect(parseProceedingFromSearch("")).toBe("");
expect(parseProceedingFromSearch("?side=claimant")).toBe("");
});
test("parseProceedingFromSearch echoes the raw value", () => {
expect(parseProceedingFromSearch("?proceeding=upc.inf.cfi")).toBe("upc.inf.cfi");
expect(parseProceedingFromSearch("?proceeding=upc.apl.unified&side=claimant")).toBe("upc.apl.unified");
});
test("parseSideFromSearch validates the enum", () => {
expect(parseSideFromSearch("?side=claimant")).toBe("claimant");
expect(parseSideFromSearch("?side=defendant")).toBe("defendant");
expect(parseSideFromSearch("?side=neither")).toBe(null);
expect(parseSideFromSearch("")).toBe(null);
});
test("parseAppealTargetFromSearch only accepts canonical slugs", () => {
for (const t of APPEAL_TARGETS) {
expect(parseAppealTargetFromSearch(`?target=${t}`)).toBe(t);
}
expect(parseAppealTargetFromSearch("?target=unknown")).toBe("");
expect(parseAppealTargetFromSearch("")).toBe("");
});
test("parseTriggerDateFromSearch validates the ISO-date shape", () => {
expect(parseTriggerDateFromSearch("?trigger_date=2026-05-26")).toBe("2026-05-26");
expect(parseTriggerDateFromSearch("?trigger_date=2024-02-29")).toBe("2024-02-29"); // leap year
});
test("parseTriggerDateFromSearch rejects malformed and impossible dates", () => {
expect(parseTriggerDateFromSearch("?trigger_date=2026-02-30")).toBe(""); // Feb 30
expect(parseTriggerDateFromSearch("?trigger_date=2026-13-01")).toBe(""); // month 13
expect(parseTriggerDateFromSearch("?trigger_date=tomorrow")).toBe("");
expect(parseTriggerDateFromSearch("?trigger_date=2026-5-26")).toBe(""); // 1-digit month
expect(parseTriggerDateFromSearch("")).toBe("");
});
});
describe("URL encoder — applyFiltersToSearch", () => {
test("empty filters preserve the existing query string", () => {
expect(applyFiltersToSearch("?other=keep", {})).toBe("?other=keep");
});
test("setting a filter writes the canonical key", () => {
expect(applyFiltersToSearch("", { proceeding: "upc.inf.cfi" })).toBe("?proceeding=upc.inf.cfi");
expect(applyFiltersToSearch("", { side: "claimant" })).toBe("?side=claimant");
expect(applyFiltersToSearch("", { target: "endentscheidung" })).toBe("?target=endentscheidung");
expect(applyFiltersToSearch("", { triggerDate: "2026-05-26" })).toBe("?trigger_date=2026-05-26");
});
test("setting null / empty / undefined deletes the key", () => {
expect(applyFiltersToSearch("?side=claimant", { side: null })).toBe("");
expect(applyFiltersToSearch("?proceeding=upc.inf.cfi", { proceeding: "" })).toBe("");
expect(applyFiltersToSearch("?target=endentscheidung", { target: "" })).toBe("");
expect(applyFiltersToSearch("?trigger_date=2026-05-26", { triggerDate: "" })).toBe("");
});
test("invalid trigger_date is deleted (never written as-is)", () => {
expect(applyFiltersToSearch("?trigger_date=2026-05-26", { triggerDate: "bogus" })).toBe("");
});
test("setting all four filters together emits all four keys", () => {
const out = applyFiltersToSearch("", {
proceeding: "upc.apl.unified",
side: "defendant",
target: "endentscheidung",
triggerDate: "2026-05-26",
});
expect(out).toContain("proceeding=upc.apl.unified");
expect(out).toContain("side=defendant");
expect(out).toContain("target=endentscheidung");
expect(out).toContain("trigger_date=2026-05-26");
});
test("other params (project, view) are preserved", () => {
const out = applyFiltersToSearch("?project=abc&view=timeline", { side: "claimant" });
expect(out).toContain("project=abc");
expect(out).toContain("view=timeline");
expect(out).toContain("side=claimant");
});
test("absent keys in the filter object don't touch existing URL values", () => {
// Only updating side — proceeding should be untouched.
const out = applyFiltersToSearch("?proceeding=upc.inf.cfi&side=defendant", { side: "claimant" });
expect(out).toContain("proceeding=upc.inf.cfi");
expect(out).toContain("side=claimant");
});
});
describe("URL round-trip — encode then parse yields the same value", () => {
test("proceeding", () => {
const enc = applyFiltersToSearch("", { proceeding: "upc.inf.cfi" });
expect(parseProceedingFromSearch(enc)).toBe("upc.inf.cfi");
});
test("side", () => {
const enc = applyFiltersToSearch("", { side: "defendant" });
expect(parseSideFromSearch(enc)).toBe("defendant");
});
test("target", () => {
const enc = applyFiltersToSearch("", { target: "kostenentscheidung" });
expect(parseAppealTargetFromSearch(enc)).toBe("kostenentscheidung");
});
test("trigger_date", () => {
const enc = applyFiltersToSearch("", { triggerDate: "2026-05-26" });
expect(parseTriggerDateFromSearch(enc)).toBe("2026-05-26");
});
});
describe("Scenario localStorage helpers", () => {
test("SCENARIO_PREFIX is paliad.verfahrensablauf.scenario and all keys live under it", () => {
expect(SCENARIO_PREFIX).toBe("paliad.verfahrensablauf.scenario");
for (const key of Object.values(SCENARIO_KEYS)) {
expect(key.startsWith(SCENARIO_PREFIX + ".")).toBe(true);
}
});
test("readEventChoices returns [] on empty storage", () => {
const s = makeMemoryStorage();
expect(readEventChoices(s)).toEqual([]);
});
test("writeEventChoices + readEventChoices round-trip", () => {
const s = makeMemoryStorage();
const choices = [
{ submission_code: "upc.inf.cfi.r12", choice_kind: "appellant" as const, choice_value: "claimant" },
{ submission_code: "upc.inf.cfi.r30", choice_kind: "include_ccr" as const, choice_value: "1" },
];
writeEventChoices(s, choices);
expect(readEventChoices(s)).toEqual(choices);
});
test("writeEventChoices([]) clears the key (removeItem semantic, not empty string)", () => {
const s = makeMemoryStorage();
writeEventChoices(s, [{ submission_code: "r1", choice_kind: "skip", choice_value: "1" }]);
expect(s.getItem(SCENARIO_KEYS.eventChoices)).not.toBe(null);
writeEventChoices(s, []);
expect(s.getItem(SCENARIO_KEYS.eventChoices)).toBe(null);
});
test("readEventChoices ignores unknown choice_kind values", () => {
const s = makeMemoryStorage();
s.setItem(SCENARIO_KEYS.eventChoices, "r1:appellant=claimant,r2:bogus=x,r3:skip=1");
expect(readEventChoices(s)).toEqual([
{ submission_code: "r1", choice_kind: "appellant", choice_value: "claimant" },
{ submission_code: "r3", choice_kind: "skip", choice_value: "1" },
]);
});
test("readCourtId returns '' on empty storage, echoes stored value otherwise", () => {
const s = makeMemoryStorage();
expect(readCourtId(s)).toBe("");
writeCourtId(s, "UPC-LD-MUC");
expect(readCourtId(s)).toBe("UPC-LD-MUC");
});
test("writeCourtId('') removes the key", () => {
const s = makeMemoryStorage();
writeCourtId(s, "UPC-LD-MUC");
expect(s.getItem(SCENARIO_KEYS.courtId)).toBe("UPC-LD-MUC");
writeCourtId(s, "");
expect(s.getItem(SCENARIO_KEYS.courtId)).toBe(null);
});
test("readBoolFlag / writeBoolFlag round-trip with removeItem on false", () => {
const s = makeMemoryStorage();
expect(readBoolFlag(s, SCENARIO_KEYS.ccr)).toBe(false);
writeBoolFlag(s, SCENARIO_KEYS.ccr, true);
expect(readBoolFlag(s, SCENARIO_KEYS.ccr)).toBe(true);
expect(s.getItem(SCENARIO_KEYS.ccr)).toBe("1");
writeBoolFlag(s, SCENARIO_KEYS.ccr, false);
expect(readBoolFlag(s, SCENARIO_KEYS.ccr)).toBe(false);
expect(s.getItem(SCENARIO_KEYS.ccr)).toBe(null);
});
test("readScenario returns all fields defaulted on empty storage", () => {
const s = makeMemoryStorage();
expect(readScenario(s)).toEqual({
eventChoices: [],
courtId: "",
ccr: false,
infAmend: false,
revAmend: false,
revCci: false,
showHidden: false,
});
});
});
describe("Hydration order — URL wins, localStorage fills the rest", () => {
test("URL fills filter chips, localStorage fills scenario state", () => {
const s = makeMemoryStorage();
writeCourtId(s, "UPC-LD-MUC");
writeBoolFlag(s, SCENARIO_KEYS.showHidden, true);
writeBoolFlag(s, SCENARIO_KEYS.ccr, true);
const out = hydrate(
"?proceeding=upc.inf.cfi&side=defendant&target=endentscheidung&trigger_date=2026-05-26",
s,
);
// URL-sourced
expect(out.proceeding).toBe("upc.inf.cfi");
expect(out.side).toBe("defendant");
expect(out.target).toBe("endentscheidung");
expect(out.triggerDate).toBe("2026-05-26");
// localStorage-sourced
expect(out.courtId).toBe("UPC-LD-MUC");
expect(out.showHidden).toBe(true);
expect(out.ccr).toBe(true);
});
test("absent URL → all filter fields are empty/null, localStorage still hydrates scenario", () => {
const s = makeMemoryStorage();
writeCourtId(s, "UPC-LD-MUC");
const out = hydrate("", s);
expect(out.proceeding).toBe("");
expect(out.side).toBe(null);
expect(out.target).toBe("");
expect(out.triggerDate).toBe("");
expect(out.courtId).toBe("UPC-LD-MUC");
});
test("absent localStorage → URL still fills filter chips, scenario defaults", () => {
const s = makeMemoryStorage();
const out = hydrate(
"?proceeding=upc.apl.unified&side=claimant&target=anordnung&trigger_date=2026-07-01",
s,
);
expect(out.proceeding).toBe("upc.apl.unified");
expect(out.side).toBe("claimant");
expect(out.target).toBe("anordnung");
expect(out.triggerDate).toBe("2026-07-01");
expect(out.courtId).toBe("");
expect(out.eventChoices).toEqual([]);
expect(out.showHidden).toBe(false);
});
test("a shared link doesn't leak the recipient's scenario state in", () => {
// Two storages: m's (loaded with court + flags) and a recipient's
// (empty). The same URL should reproduce filter chips identically
// but leave each user's scenario state untouched.
const mStorage = makeMemoryStorage();
writeCourtId(mStorage, "UPC-LD-MUC");
writeBoolFlag(mStorage, SCENARIO_KEYS.ccr, true);
const recipientStorage = makeMemoryStorage();
const sharedURL = "?proceeding=upc.inf.cfi&side=defendant&trigger_date=2026-05-26";
const mView = hydrate(sharedURL, mStorage);
const recipientView = hydrate(sharedURL, recipientStorage);
// Filter chips identical
expect(mView.proceeding).toBe(recipientView.proceeding);
expect(mView.side).toBe(recipientView.side);
expect(mView.triggerDate).toBe(recipientView.triggerDate);
// Scenario state diverges — recipient sees defaults
expect(mView.courtId).toBe("UPC-LD-MUC");
expect(recipientView.courtId).toBe("");
expect(mView.ccr).toBe(true);
expect(recipientView.ccr).toBe(false);
});
});
describe("URL key constants match the documented contract", () => {
test("URL_KEYS uses the spec'd snake_case names", () => {
expect(URL_KEYS.proceeding).toBe("proceeding");
expect(URL_KEYS.side).toBe("side");
expect(URL_KEYS.target).toBe("target");
expect(URL_KEYS.triggerDate).toBe("trigger_date");
});
});

263
frontend/src/client/views/verfahrensablauf-state.ts
View File

@@ -1,263 +0,0 @@
// /tools/verfahrensablauf URL + scenario-localStorage state contract
// (t-paliad-308 / m/paliad#137). Splits the page's persisted state into
// two namespaces:
//
// URL params (filter chips — the timeline kind the user is looking
// at; paste-able, shareable, refresh-resistant):
// proceeding, side, target, trigger_date
//
// localStorage `paliad.verfahrensablauf.scenario.*` (per-user
// scenario inputs — the noisy parts that don't belong in a URL):
// event_choices, court_id, ccr, inf_amend, rev_amend, rev_cci,
// show_hidden
//
// Hydration order: URL wins. On page load, URL fills the filter chips;
// localStorage fills the rest. Filter-chip changes write to URL only.
// Scenario changes write to localStorage only. A shared link from a
// colleague reproduces the timeline kind (proceeding + side + target +
// trigger_date) but never leaks the recipient's court / flag /
// event_choices state in.
//
// All helpers in this module are pure: they take a search string (or a
// StorageLike) and return values, no DOM. The wiring in
// ../verfahrensablauf.ts mounts them onto window.location +
// window.localStorage at runtime.
import type { EventChoice, ChoiceKind } from "./event-card-choices";
// ----- URL params (filter chips) ----------------------------------
export type Side = "claimant" | "defendant" | null;
export const APPEAL_TARGETS = [
"endentscheidung",
"kostenentscheidung",
"anordnung",
"schadensbemessung",
"bucheinsicht",
] as const;
export type AppealTarget = (typeof APPEAL_TARGETS)[number] | "";
export const URL_KEYS = {
proceeding: "proceeding",
side: "side",
target: "target",
triggerDate: "trigger_date",
} as const;
// parseProceedingFromSearch extracts the proceeding code. Returns ""
// if absent. No validation against the proceeding registry — that's
// the caller's job (an unknown code from a stale link should leave
// the first-tile auto-select fallback running).
export function parseProceedingFromSearch(search: string): string {
const v = new URLSearchParams(search).get(URL_KEYS.proceeding);
return v ?? "";
}
export function parseSideFromSearch(search: string): Side {
const raw = new URLSearchParams(search).get(URL_KEYS.side);
return raw === "claimant" || raw === "defendant" ? raw : null;
}
export function parseAppealTargetFromSearch(search: string): AppealTarget {
const raw = new URLSearchParams(search).get(URL_KEYS.target) || "";
if ((APPEAL_TARGETS as readonly string[]).includes(raw)) {
return raw as AppealTarget;
}
return "";
}
// parseTriggerDateFromSearch validates the ISO-date shape so a
// malformed link can't poison the date input. Accepts "YYYY-MM-DD"
// only. Round-tripped against Date to reject 2026-02-30 etc.
export function parseTriggerDateFromSearch(search: string): string {
const raw = new URLSearchParams(search).get(URL_KEYS.triggerDate) || "";
if (!/^\d{4}-\d{2}-\d{2}$/.test(raw)) return "";
const d = new Date(raw + "T00:00:00Z");
if (Number.isNaN(d.getTime())) return "";
if (d.toISOString().slice(0, 10) !== raw) return "";
return raw;
}
// applyFiltersToSearch produces the canonical query string for the
// four URL-owned params. Other params (e.g. ?view=, ?project=) are
// preserved verbatim. Empty values are deleted, never written as
// empty string, so the URL stays clean on the default.
export function applyFiltersToSearch(
search: string,
filters: { proceeding?: string; side?: Side; target?: AppealTarget; triggerDate?: string },
): string {
const params = new URLSearchParams(search);
if ("proceeding" in filters) {
if (filters.proceeding && filters.proceeding !== "") {
params.set(URL_KEYS.proceeding, filters.proceeding);
} else {
params.delete(URL_KEYS.proceeding);
}
}
if ("side" in filters) {
if (filters.side === "claimant" || filters.side === "defendant") {
params.set(URL_KEYS.side, filters.side);
} else {
params.delete(URL_KEYS.side);
}
}
if ("target" in filters) {
if (filters.target && filters.target !== "") {
params.set(URL_KEYS.target, filters.target);
} else {
params.delete(URL_KEYS.target);
}
}
if ("triggerDate" in filters) {
if (filters.triggerDate && /^\d{4}-\d{2}-\d{2}$/.test(filters.triggerDate)) {
params.set(URL_KEYS.triggerDate, filters.triggerDate);
} else {
params.delete(URL_KEYS.triggerDate);
}
}
const s = params.toString();
return s ? `?${s}` : "";
}
// ----- localStorage (scenario state) ------------------------------
export const SCENARIO_PREFIX = "paliad.verfahrensablauf.scenario";
export const SCENARIO_KEYS = {
eventChoices: `${SCENARIO_PREFIX}.event_choices`,
courtId: `${SCENARIO_PREFIX}.court_id`,
ccr: `${SCENARIO_PREFIX}.ccr`,
infAmend: `${SCENARIO_PREFIX}.inf_amend`,
revAmend: `${SCENARIO_PREFIX}.rev_amend`,
revCci: `${SCENARIO_PREFIX}.rev_cci`,
showHidden: `${SCENARIO_PREFIX}.show_hidden`,
} as const;
// StorageLike is the tiny subset of the Web Storage API the scenario
// helpers actually use. Lets the tests pass a Map-backed fake without
// pulling in a full localStorage polyfill.
export interface StorageLike {
getItem(key: string): string | null;
setItem(key: string, value: string): void;
removeItem(key: string): void;
}
// readEventChoices is forgiving: malformed tuples or unknown
// choice_kinds are dropped silently. Same shape as the legacy URL
// codec (comma-separated `submission_code:kind=value`).
export function readEventChoices(storage: StorageLike): EventChoice[] {
const raw = storage.getItem(SCENARIO_KEYS.eventChoices);
if (!raw) return [];
const out: EventChoice[] = [];
for (const tuple of raw.split(",")) {
const m = tuple.match(/^([^:]+):([^=]+)=(.+)$/);
if (!m) continue;
const kind = m[2] as ChoiceKind;
if (kind !== "appellant" && kind !== "include_ccr" && kind !== "skip") continue;
out.push({ submission_code: m[1], choice_kind: kind, choice_value: m[3] });
}
return out;
}
export function writeEventChoices(storage: StorageLike, choices: EventChoice[]): void {
if (choices.length === 0) {
storage.removeItem(SCENARIO_KEYS.eventChoices);
return;
}
const enc = choices
.map((c) => `${c.submission_code}:${c.choice_kind}=${c.choice_value}`)
.join(",");
storage.setItem(SCENARIO_KEYS.eventChoices, enc);
}
// readCourtId / writeCourtId — empty string == no court picked. The
// "" value is stored as a removed key, not an empty string entry, so
// reading it back yields null rather than "".
export function readCourtId(storage: StorageLike): string {
return storage.getItem(SCENARIO_KEYS.courtId) ?? "";
}
export function writeCourtId(storage: StorageLike, courtId: string): void {
if (courtId === "") {
storage.removeItem(SCENARIO_KEYS.courtId);
return;
}
storage.setItem(SCENARIO_KEYS.courtId, courtId);
}
// Boolean flags — "1" / "0" string encoding, removeItem on default
// (false for flags, also false for show_hidden) so the storage stays
// uncluttered on a fresh page.
export function readBoolFlag(storage: StorageLike, key: string): boolean {
return storage.getItem(key) === "1";
}
export function writeBoolFlag(storage: StorageLike, key: string, on: boolean): void {
if (on) storage.setItem(key, "1");
else storage.removeItem(key);
}
// Read all scenario state in one call — convenience for the page's
// load-time hydration. Caller decides whether to apply each field
// (e.g. court_id is proceeding-specific; the page may discard the
// stored value if the active proceeding doesn't expose a court row).
export interface ScenarioState {
eventChoices: EventChoice[];
courtId: string;
ccr: boolean;
infAmend: boolean;
revAmend: boolean;
revCci: boolean;
showHidden: boolean;
}
export function readScenario(storage: StorageLike): ScenarioState {
return {
eventChoices: readEventChoices(storage),
courtId: readCourtId(storage),
ccr: readBoolFlag(storage, SCENARIO_KEYS.ccr),
infAmend: readBoolFlag(storage, SCENARIO_KEYS.infAmend),
revAmend: readBoolFlag(storage, SCENARIO_KEYS.revAmend),
revCci: readBoolFlag(storage, SCENARIO_KEYS.revCci),
showHidden: readBoolFlag(storage, SCENARIO_KEYS.showHidden),
};
}
// ----- URL → localStorage hydration order -------------------------
// The page's load-time contract: read URL filters, then read
// scenario state from localStorage. URL wins on conflict — but the
// only field that can conflict is none of them today (URL owns
// proceeding/side/target/trigger_date; localStorage owns the rest).
// The order matters for one edge case: if a future field migrates
// from URL → localStorage with overlap, the URL value MUST be honored.
export interface HydratedState extends ScenarioState {
proceeding: string;
side: Side;
target: AppealTarget;
triggerDate: string;
}
export function hydrate(search: string, storage: StorageLike): HydratedState {
const scenario = readScenario(storage);
return {
proceeding: parseProceedingFromSearch(search),
side: parseSideFromSearch(search),
target: parseAppealTargetFromSearch(search),
triggerDate: parseTriggerDateFromSearch(search),
...scenario,
};
}
// makeMemoryStorage — tiny StorageLike for tests / SSR fallback.
// Not used by the runtime page (which mounts real localStorage), but
// kept here so test files have one well-known import.
export function makeMemoryStorage(): StorageLike {
const store = new Map<string, string>();
return {
getItem: (k) => (store.has(k) ? store.get(k)! : null),
setItem: (k, v) => { store.set(k, v); },
removeItem: (k) => { store.delete(k); },
};
}

2
frontend/src/components/Footer.tsx
View File

@@ -5,7 +5,7 @@ export function Footer(): string {
<footer className="footer">
<div className="container">
<p>
<span data-i18n="footer.text">{"© 2026 Paliad — by"}</span>{" "}
<span data-i18n="footer.text">{"© 2026 Paliad — ein Werkzeug von"}</span>{" "}
<a href="https://flexsiebels.de" target="_blank" rel="noopener">flexsiebels.de</a>
</p>
</div>

3
frontend/src/components/Sidebar.tsx
View File

@@ -204,7 +204,8 @@ export function Sidebar({ currentPath, authenticated = true }: SidebarProps): st
{navItem("/admin/team", ICON_USERS, "nav.admin.team", "Team-Verwaltung", currentPath)}
{navItem("/admin/partner-units", ICON_BUILDING, "nav.admin.partner_units", "Partner Units", currentPath)}
{navItem("/admin/event-types", ICON_TABLE, "nav.admin.event_types", "Event-Typen", currentPath)}
{navItem("/admin/procedural-events", ICON_BOOK, "nav.admin.rules", "Regeln verwalten", currentPath)}
{navItem("/admin/rules", ICON_BOOK, "nav.admin.rules", "Regeln verwalten", currentPath)}
{navItem("/admin/rules/export", ICON_DOWNLOAD, "nav.admin.rules_export", "Regel-Migrations", currentPath)}
{navItem("/admin/audit-log", ICON_AUDIT_LOG, "nav.admin.audit", "Audit-Log", currentPath)}
{navItem("/admin/backups", ICON_DOWNLOAD, "nav.admin.backups", "Backups", currentPath)}
{/* Paliadin Monitor — owner-only sub-entry; revealed by sidebar.ts together with the /paliadin link. */}

56
frontend/src/i18n-keys.ts
View File

@@ -125,12 +125,6 @@ export type I18nKey =
| "admin.broadcasts.loading"
| "admin.broadcasts.subtitle"
| "admin.broadcasts.title"
| "admin.building_blocks.action.new"
| "admin.building_blocks.editor.empty"
| "admin.building_blocks.heading"
| "admin.building_blocks.loading"
| "admin.building_blocks.subtitle"
| "admin.building_blocks.title"
| "admin.card.approval_policies.desc"
| "admin.card.approval_policies.title"
| "admin.card.audit.desc"
@@ -407,6 +401,22 @@ export type I18nKey =
| "admin.rules.edit.title"
| "admin.rules.empty"
| "admin.rules.error.load"
| "admin.rules.export.breadcrumb"
| "admin.rules.export.copied"
| "admin.rules.export.copy"
| "admin.rules.export.copy_failed"
| "admin.rules.export.count"
| "admin.rules.export.download"
| "admin.rules.export.error"
| "admin.rules.export.field.since"
| "admin.rules.export.heading"
| "admin.rules.export.latest"
| "admin.rules.export.no_pending"
| "admin.rules.export.ok"
| "admin.rules.export.run"
| "admin.rules.export.running"
| "admin.rules.export.subtitle"
| "admin.rules.export.title"
| "admin.rules.filter.lifecycle"
| "admin.rules.filter.lifecycle.any"
| "admin.rules.filter.proceeding"
@@ -418,6 +428,7 @@ export type I18nKey =
| "admin.rules.lifecycle.archived"
| "admin.rules.lifecycle.draft"
| "admin.rules.lifecycle.published"
| "admin.rules.list.export"
| "admin.rules.list.heading"
| "admin.rules.list.new"
| "admin.rules.list.subtitle"
@@ -1010,13 +1021,10 @@ export type I18nKey =
| "choices.include_ccr.title"
| "choices.include_ccr.true"
| "choices.reset"
| "choices.show_hidden.count"
| "choices.show_hidden.label"
| "choices.skip.false"
| "choices.skip.title"
| "choices.skip.true"
| "choices.skipped.chip"
| "choices.unhide.chip"
| "common.cancel"
| "common.close"
| "common.forbidden"
@@ -1190,12 +1198,10 @@ export type I18nKey =
| "deadlines.adjusted.weekend"
| "deadlines.adjusted.weekend.saturday"
| "deadlines.adjusted.weekend.sunday"
| "deadlines.appeal_target.anordnung"
| "deadlines.appeal_target.bucheinsicht"
| "deadlines.appeal_target.endentscheidung"
| "deadlines.appeal_target.kostenentscheidung"
| "deadlines.appeal_target.label"
| "deadlines.appeal_target.schadensbemessung"
| "deadlines.appellant.claimant"
| "deadlines.appellant.defendant"
| "deadlines.appellant.label"
| "deadlines.appellant.none"
| "deadlines.calculate"
| "deadlines.card.calc.add_to_project"
| "deadlines.card.calc.add_to_project.disabled"
@@ -1224,15 +1230,11 @@ export type I18nKey =
| "deadlines.col.event_type"
| "deadlines.col.opponent"
| "deadlines.col.ours"
| "deadlines.col.proactive"
| "deadlines.col.reactive"
| "deadlines.col.rule"
| "deadlines.col.status"
| "deadlines.col.title"
| "deadlines.complete.action"
| "deadlines.complete.confirm"
| "deadlines.conditional.depends_on"
| "deadlines.conditional.unset"
| "deadlines.court.indirect"
| "deadlines.court.label"
| "deadlines.court.set"
@@ -1270,7 +1272,6 @@ export type I18nKey =
| "deadlines.dpma.appeal.bgh"
| "deadlines.dpma.appeal.bpatg"
| "deadlines.dpma.opp.dpma"
| "deadlines.durations.show"
| "deadlines.empty.filtered"
| "deadlines.empty.hint"
| "deadlines.empty.title"
@@ -1459,13 +1460,12 @@ export type I18nKey =
| "deadlines.search.placeholder"
| "deadlines.search.results.count"
| "deadlines.search.results.count_one"
| "deadlines.side.both"
| "deadlines.side.claimant"
| "deadlines.side.defendant"
| "deadlines.side.from_project"
| "deadlines.side.hint"
| "deadlines.side.label"
| "deadlines.side.override"
| "deadlines.side.undefined"
| "deadlines.source.caldav"
| "deadlines.source.fristenrechner"
| "deadlines.source.imported"
@@ -1523,7 +1523,6 @@ export type I18nKey =
| "deadlines.upc.apl.cost"
| "deadlines.upc.apl.merits"
| "deadlines.upc.apl.order"
| "deadlines.upc.apl.unified"
| "deadlines.upc.ccr.cfi"
| "deadlines.upc.disc.cfi"
| "deadlines.upc.dmgs.cfi"
@@ -1987,6 +1986,7 @@ export type I18nKey =
| "nav.admin.paliadin"
| "nav.admin.partner_units"
| "nav.admin.rules"
| "nav.admin.rules_export"
| "nav.admin.team"
| "nav.agenda"
| "nav.akten"
@@ -2615,19 +2615,11 @@ export type I18nKey =
| "search.no_results"
| "search.placeholder"
| "sidebar.resize.title"
| "state.hidden.tooltip"
| "state.optional.tooltip"
| "submissions.draft.action.delete"
| "submissions.draft.action.export"
| "submissions.draft.action.new"
| "submissions.draft.back"
| "submissions.draft.base.hint"
| "submissions.draft.base.label"
| "submissions.draft.import.button"
| "submissions.draft.language"
| "submissions.draft.language.de"
| "submissions.draft.language.en"
| "submissions.draft.language.fallback_notice"
| "submissions.draft.loading"
| "submissions.draft.name.placeholder"
| "submissions.draft.notfound"
@@ -2635,8 +2627,6 @@ export type I18nKey =
| "submissions.draft.parties.title"
| "submissions.draft.preview.hint"
| "submissions.draft.preview.title"
| "submissions.draft.sections.hint"
| "submissions.draft.sections.title"
| "submissions.draft.switcher.label"
| "submissions.draft.title"
| "submissions.index.action.new"

883
frontend/src/styles/global.css
View File

File diff suppressed because it is too large Load Diff

92
frontend/src/submission-draft.tsx
View File

@@ -109,68 +109,6 @@ export function renderSubmissionDraft(): string {
</button>
</div>
{/* t-paliad-313 (m/paliad#141) Composer Slice A —
base picker. Hydrated by client/submission-draft.ts
once /api/submission-bases returns. Disabled
for pre-Composer drafts (base_id NULL); switching
autosaves the draft. */}
<div
className="submission-draft-base-row"
id="submission-draft-base-row"
style="display:none">
<label htmlFor="submission-draft-base" data-i18n="submissions.draft.base.label">
Vorlagenbasis
</label>
<select id="submission-draft-base" />
<p
className="submission-draft-base-hint"
id="submission-draft-base-hint"
data-i18n="submissions.draft.base.hint">
Steuert Schriftarten, Briefkopf und Abschnitts-Defaults.
</p>
</div>
{/* t-paliad-276 — output language toggle (DE/EN).
Hydrated by client/submission-draft.ts; switching
autosaves the draft and re-renders the preview. */}
<div
className="submission-draft-language-row"
id="submission-draft-language-row"
role="radiogroup"
aria-labelledby="submission-draft-language-label">
<span
id="submission-draft-language-label"
className="submission-draft-language-label"
data-i18n="submissions.draft.language">
Sprache
</span>
<label className="submission-draft-language-option">
<input
type="radio"
name="submission-draft-language"
value="de"
id="submission-draft-language-de"
/>
<span data-i18n="submissions.draft.language.de">DE</span>
</label>
<label className="submission-draft-language-option">
<input
type="radio"
name="submission-draft-language"
value="en"
id="submission-draft-language-en"
/>
<span data-i18n="submissions.draft.language.en">EN</span>
</label>
</div>
<p
className="submission-draft-language-fallback"
id="submission-draft-language-fallback"
style="display:none"
data-i18n="submissions.draft.language.fallback_notice">
Fallback: universelles Skelett (keine sprachspezifische Vorlage).
</p>
<p className="submission-draft-savestatus" id="submission-draft-savestatus" />
{/* t-paliad-277: "Aus Projekt importieren" + last-
@@ -193,13 +131,10 @@ export function renderSubmissionDraft(): string {
/>
</div>
{/* t-paliad-277 / t-paliad-287: multi-select party
picker plus per-side Add-Party affordance.
{/* t-paliad-277: multi-select party picker.
Populated from view.available_parties; checkbox
per party, grouped by role. Hidden when no
project is attached; visible even on empty
rosters so the lawyer can use Add Party to
populate. */}
project or no parties on the project. */}
<div
id="submission-draft-parties"
className="submission-draft-parties"
@@ -223,29 +158,6 @@ export function renderSubmissionDraft(): string {
<div className="submission-draft-variables" id="submission-draft-variables" />
</aside>
{/* t-paliad-313 (m/paliad#141) Composer Slice A —
read-only section list. Painted from
view.sections. Empty/hidden for pre-Composer
drafts where no rows have been seeded. Slice B
turns these into in-place editable prose blocks. */}
<section
className="submission-draft-sections-wrap"
id="submission-draft-sections-wrap"
style="display:none">
<header className="submission-draft-sections-header">
<h2 data-i18n="submissions.draft.sections.title">Abschnitte</h2>
<span
className="submission-draft-sections-hint"
data-i18n="submissions.draft.sections.hint">
Inhalt pro Abschnitt &mdash; Autosave nach 500 ms. Letztes Layout in Word.
</span>
</header>
<ol
className="submission-draft-sections-list"
id="submission-draft-sections-list"
/>
</section>
{/* Preview pane — read-only HTML render of the merged
document body. Re-renders on autosave round-trip. */}
<section className="submission-draft-preview-wrap">

72
frontend/src/verfahrensablauf.tsx
View File

@@ -28,20 +28,16 @@ function proceedingBtn(p: ProceedingDef): string {
);
}
// Slice B1 (m/paliad#124 §18.1): the 3 separate Berufung tiles
// (upc.apl.merits / upc.apl.cost / upc.apl.order) collapse into ONE
// unified "Berufung" tile (upc.apl). After picking it, the user
// selects which decision the appeal is directed AT via the
// .appeal-target-row chip group below — the engine then filters
// rules whose applies_to_target contains the picked slug.
const UPC_TYPES: ProceedingDef[] = [
{ code: "upc.inf.cfi", i18nKey: "deadlines.upc.inf.cfi", name: "Verletzungsverfahren" },
{ code: "upc.rev.cfi", i18nKey: "deadlines.upc.rev.cfi", name: "Nichtigkeitsklage" },
{ code: "upc.ccr.cfi", i18nKey: "deadlines.upc.ccr.cfi", name: "Widerklage auf Nichtigkeit" },
{ code: "upc.pi.cfi", i18nKey: "deadlines.upc.pi.cfi", name: "Einstw. Maßnahmen" },
{ code: "upc.apl.unified", i18nKey: "deadlines.upc.apl.unified", name: "Berufung" },
{ code: "upc.apl.merits", i18nKey: "deadlines.upc.apl.merits", name: "Berufung" },
{ code: "upc.dmgs.cfi", i18nKey: "deadlines.upc.dmgs.cfi", name: "Schadensbemessung" },
{ code: "upc.disc.cfi", i18nKey: "deadlines.upc.disc.cfi", name: "Bucheinsicht" },
{ code: "upc.apl.cost", i18nKey: "deadlines.upc.apl.cost", name: "Berufung Kosten" },
{ code: "upc.apl.order", i18nKey: "deadlines.upc.apl.order", name: "Berufung Anordnungen" },
];
// DE proceedings split by type (Verletzung / Nichtigkeit) per m's
@@ -194,18 +190,9 @@ export function renderVerfahrensablauf(): string {
</label>
<label className="fristen-view-option">
<input type="radio" name="side" value="" checked />
<span data-i18n="deadlines.side.undefined">Nicht festgelegt</span>
<span data-i18n="deadlines.side.both">Beide</span>
</label>
</div>
{/* Prompt shown while the user hasn't picked a side
(m/paliad#120). Hidden by client when side is
claimant or defendant. Both columns still
render every rule in this state — picking a
side just focuses the user's column. */}
<span className="side-hint" id="side-hint"
data-i18n="deadlines.side.hint">
W&auml;hlen Sie eine Seite, um die Spalten zu fokussieren.
</span>
</div>
{/* Auto-fill chip — populated by the client when a
?project=<id> URL resolves a project with our_side
@@ -220,49 +207,23 @@ export function renderVerfahrensablauf(): string {
</button>
</div>
</div>
{/* Appeal-target chip row (Slice B1 / m/paliad#124 §18.1).
Shown only when the unified upc.apl Berufung tile is
selected; lets the user narrow the timeline to the
rules whose applies_to_target contains the picked
decision kind. URL state ?target=<slug>. */}
<div className="verfahrensablauf-perspective-row" id="appeal-target-row" style="display:none">
<span className="date-label" data-i18n="deadlines.appeal_target.label">Worauf richtet sich die Berufung?</span>
<div className="fristen-view-toggle" role="radiogroup" aria-label="Appeal target">
<div className="verfahrensablauf-perspective-row" id="appellant-row" style="display:none">
<span className="date-label" data-i18n="deadlines.appellant.label">Berufung durch:</span>
<div className="fristen-view-toggle" role="radiogroup" aria-label="Appellant">
<label className="fristen-view-option">
<input type="radio" name="appeal-target" value="endentscheidung" checked />
<span data-i18n="deadlines.appeal_target.endentscheidung">Endentscheidung</span>
<input type="radio" name="appellant" value="claimant" />
<span data-i18n="deadlines.appellant.claimant">Klägerseite</span>
</label>
<label className="fristen-view-option">
<input type="radio" name="appeal-target" value="kostenentscheidung" />
<span data-i18n="deadlines.appeal_target.kostenentscheidung">Kostenentscheidung</span>
<input type="radio" name="appellant" value="defendant" />
<span data-i18n="deadlines.appellant.defendant">Beklagtenseite</span>
</label>
<label className="fristen-view-option">
<input type="radio" name="appeal-target" value="anordnung" />
<span data-i18n="deadlines.appeal_target.anordnung">Anordnung</span>
</label>
<label className="fristen-view-option">
<input type="radio" name="appeal-target" value="schadensbemessung" />
<span data-i18n="deadlines.appeal_target.schadensbemessung">Schadensbemessung</span>
</label>
<label className="fristen-view-option">
<input type="radio" name="appeal-target" value="bucheinsicht" />
<span data-i18n="deadlines.appeal_target.bucheinsicht">Bucheinsicht</span>
<input type="radio" name="appellant" value="" checked />
<span data-i18n="deadlines.appellant.none"></span>
</label>
</div>
</div>
{/* Show-hidden toggle (t-paliad-290 / m/paliad#122).
Re-surfaces optional cards the user has previously
marked "Überspringen" via the per-card popover.
The row hides itself when the projection has no
hidden cards (handled in client/verfahrensablauf.ts).
Default OFF; URL state ?show_hidden=1. */}
<div className="verfahrensablauf-perspective-row" id="show-hidden-row" style="display:none">
<label className="fristen-view-option">
<input type="checkbox" id="show-hidden-toggle" />
<span data-i18n="choices.show_hidden.label">Ausgeblendete anzeigen</span>
</label>
<span className="show-hidden-count" id="show-hidden-count" aria-live="polite">&nbsp;</span>
</div>
</div>
{/* Visual divider — keeps the perspective block (most-
@@ -341,13 +302,6 @@ export function renderVerfahrensablauf(): string {
<input type="checkbox" id="fristen-notes-show" />
<span data-i18n="deadlines.notes.show">Hinweise anzeigen</span>
</label>
{/* Durations toggle (m/paliad#133, t-paliad-302).
Default off — hover-tooltips on date spans are
the always-on path. */}
<label className="fristen-notes-option">
<input type="checkbox" id="verfahrensablauf-durations-show" />
<span data-i18n="deadlines.durations.show">Dauern anzeigen</span>
</label>
</div>
<div id="timeline-container">

51
internal/db/migrate_test.go
View File

@@ -116,57 +116,6 @@ func TestMigrations_DryRun(t *testing.T) {
}
}
// TestMigrations_NoDuplicateSlot is a free-standing pre-flight check that
// scanEmbeddedMigrations refuses to walk a tree where two *.up.sql files
// claim the same NNN slot. This is the brunel-slot-collision class of
// outage (m/paliad#114, 2026-05-25 ~13:20): a worker writes a migration
// at slot N while another shipped slot N from a separate branch, both
// merge, both end up in the embed.FS, and the runner refuses to start.
//
// Catching this at CI time (no DB needed) lets the second PR fail before
// it merges, instead of breaking prod at the next deploy. Pure unit test;
// runs even on developer laptops that don't set TEST_DATABASE_URL.
func TestMigrations_NoDuplicateSlot(t *testing.T) {
if _, err := scanEmbeddedMigrations(); err != nil {
t.Fatalf("scanEmbeddedMigrations: %v "+
"(two migrations share the same NNN slot — coordinate with head "+
"and rename one of them before merging)", err)
}
}
// TestMigrations_EndToEndAsAppRole applies every embedded migration in
// numeric order against a scratch DB connected as a NON-SUPERUSER role.
// This is the prod-shape smoke that the per-mig BEGIN/ROLLBACK dry-run
// (TestMigrations_DryRun) cannot deliver: the dry-run runs each
// statement in isolation and rolls back, so it cannot reproduce the
// mig-129-class outage (m/paliad#114, 2026-05-25 ~14:56 — pq: must be
// owner of table project_event_choices, SQLSTATE 42501) where a
// migration assumes ownership the deploy role doesn't have.
//
// Requires TEST_APP_DATABASE_URL — a Postgres URL whose role is NOT a
// superuser and does NOT own the `paliad` schema (m's Q11.2 pick:
// generic two-role model, see docs/design-cicd-pre-deploy-gate-2026-05-25.md
// §6.2(a)). The CI workflow creates the role + schema split before
// invoking the test; a developer who wants to reproduce the gate locally
// runs the same SQL preamble (see Makefile target `verify-migrations`).
//
// Skipped without TEST_APP_DATABASE_URL — keeps `go test ./...` green
// on machines that haven't set up the role split.
func TestMigrations_EndToEndAsAppRole(t *testing.T) {
url := os.Getenv("TEST_APP_DATABASE_URL")
if url == "" {
t.Skip("TEST_APP_DATABASE_URL not set — skipping role-split end-to-end migration smoke")
}
if err := ApplyMigrations(url); err != nil {
t.Fatalf("ApplyMigrations as app role failed: %v "+
"(a migration assumes more privilege than the deploy role has — "+
"common cases: ALTER TABLE on a schema-owner table, CREATE EXTENSION "+
"without grants, SET ROLE without permission. Fix the migration to "+
"work as the deploy role, or arrange for the schema to be owned by "+
"the deploy role)", err)
}
}
// readAppliedVersions returns the set of versions present in
// paliad.applied_migrations on the scratch DB. Missing table → empty set
// (fresh-DB path; the table only exists after the runner has been called).

134
internal/db/migration_136_test.go
View File

@@ -1,134 +0,0 @@
// Slice B.1 (t-paliad-273) — migration 136 backfill invariants.
//
// The dry-run gate (migrate_test.go: TestMigrations_DryRun) catches
// migrations that crash on apply, but it rolls back inside its own
// transaction — the post-state assertions in mig 136's PL/pgSQL block
// run, but a future refactor of those assertions might forget a check
// or introduce a silent count drift. This test layers a Go-side
// invariant check on top so the contract is restated in test code,
// outside the PL/pgSQL block, against the resulting tables.
//
// Skipped without TEST_DATABASE_URL, same pattern as
// internal/services/submission_codes_shape_test.go.
package db
import (
"context"
"database/sql"
"os"
"testing"
_ "github.com/lib/pq"
)
// TestMigration136_BackfillInvariants applies every embedded migration
// (which lands mig 136 along the way) and then asserts the four
// invariants the B.1 design + B.0 findings nailed down:
//
// 1. procedural_events row count = (distinct submission_codes in
// deadline_rules) + (deadline_rules with NULL submission_code).
// Codes-bearing branch is 1:1 per the B.0 audit (no multi-row
// codes since the _archived_litigation.* removal); the NULL
// branch gets one synthetic procedural_event per rule.
// 2. sequencing_rules row count = deadline_rules row count (1:1).
// 3. legal_sources row count = distinct legal_source in
// deadline_rules (NULL excluded).
// 4. every sequencing_rules row's procedural_event_id resolves to a
// procedural_events row (NOT NULL FK already enforces this at the
// DB level — this test catches a future relaxation of the FK).
// 5. no two synthetic codes collide (covered by the UNIQUE on
// procedural_events.code; restated here for documentation).
//
// The test is robust against corpus size — it derives all expected
// counts from the live deadline_rules state, so a scratch DB with 0
// rules trivially passes, and a prod-shaped scratch DB exercises the
// real invariants.
func TestMigration136_BackfillInvariants(t *testing.T) {
url := os.Getenv("TEST_DATABASE_URL")
if url == "" {
t.Skip("TEST_DATABASE_URL not set — skipping mig 136 invariant test")
}
if err := ApplyMigrations(url); err != nil {
t.Fatalf("apply migrations: %v", err)
}
conn, err := sql.Open("postgres", url)
if err != nil {
t.Fatalf("open: %v", err)
}
defer conn.Close()
ctx := context.Background()
var (
drTotal, drCodesDistinct, drCodesNull, drLegalDistinct int
peTotal, srTotal, lsTotal int
orphanPE, dupSynthetic int
)
mustQ := func(label, q string, dst *int) {
t.Helper()
if err := conn.QueryRowContext(ctx, q).Scan(dst); err != nil {
t.Fatalf("%s: %v", label, err)
}
}
mustQ("dr_total", `SELECT COUNT(*) FROM paliad.deadline_rules`, &drTotal)
mustQ("dr_codes_distinct",
`SELECT COUNT(DISTINCT submission_code) FROM paliad.deadline_rules WHERE submission_code IS NOT NULL`,
&drCodesDistinct)
mustQ("dr_codes_null",
`SELECT COUNT(*) FROM paliad.deadline_rules WHERE submission_code IS NULL`,
&drCodesNull)
mustQ("dr_legal_distinct",
`SELECT COUNT(DISTINCT legal_source) FROM paliad.deadline_rules WHERE legal_source IS NOT NULL`,
&drLegalDistinct)
mustQ("pe_total", `SELECT COUNT(*) FROM paliad.procedural_events`, &peTotal)
mustQ("sr_total", `SELECT COUNT(*) FROM paliad.sequencing_rules`, &srTotal)
mustQ("ls_total", `SELECT COUNT(*) FROM paliad.legal_sources`, &lsTotal)
// Invariant 1: procedural_events = distinct_codes + null_codes
wantPE := drCodesDistinct + drCodesNull
if peTotal != wantPE {
t.Errorf("procedural_events count mismatch: got %d, want %d (distinct codes=%d + null-code rules=%d)",
peTotal, wantPE, drCodesDistinct, drCodesNull)
}
// Invariant 2: sequencing_rules 1:1 with deadline_rules
if srTotal != drTotal {
t.Errorf("sequencing_rules count mismatch: got %d, want %d (1:1 with deadline_rules)",
srTotal, drTotal)
}
// Invariant 3: legal_sources = distinct legal_source
if lsTotal != drLegalDistinct {
t.Errorf("legal_sources count mismatch: got %d, want %d (distinct legal_source)",
lsTotal, drLegalDistinct)
}
// Invariant 4: every sequencing_rules.procedural_event_id resolves
mustQ("orphan_pe", `
SELECT COUNT(*)
FROM paliad.sequencing_rules sr
LEFT JOIN paliad.procedural_events pe ON pe.id = sr.procedural_event_id
WHERE pe.id IS NULL`, &orphanPE)
if orphanPE != 0 {
t.Errorf("FK integrity violated: %d sequencing_rules row(s) have no resolving procedural_event_id", orphanPE)
}
// Invariant 5: no duplicate synthetic codes
mustQ("dup_synthetic", `
SELECT COUNT(*) FROM (
SELECT code FROM paliad.procedural_events
WHERE code LIKE 'null.%'
GROUP BY code
HAVING COUNT(*) > 1
) d`, &dupSynthetic)
if dupSynthetic != 0 {
t.Errorf("synthetic code uniqueness violated: %d duplicate(s) under 'null.%%' prefix", dupSynthetic)
}
t.Logf("mig 136 invariants OK: deadline_rules=%d, procedural_events=%d (=%d+%d), "+
"sequencing_rules=%d, legal_sources=%d (distinct legal_source=%d)",
drTotal, peTotal, drCodesDistinct, drCodesNull, srTotal, lsTotal, drLegalDistinct)
}

26
internal/db/migrations/024_rename_department_columns.up.sql
View File

@@ -26,24 +26,24 @@ DO $$ BEGIN ALTER TABLE paliad.department_members RENAME COLUMN dezernat_id TO d
-- Constraints (primary key + foreign keys + check). Renaming a pkey
-- constraint also renames the underlying index of the same name.
-- ---------------------------------------------------------------------------
DO $$ BEGIN ALTER TABLE paliad.departments RENAME CONSTRAINT dezernate_pkey TO departments_pkey; EXCEPTION WHEN undefined_object OR undefined_table OR duplicate_object THEN NULL; END $$;
DO $$ BEGIN ALTER TABLE paliad.departments RENAME CONSTRAINT dezernate_lead_user_id_fkey TO departments_lead_user_id_fkey; EXCEPTION WHEN undefined_object OR undefined_table OR duplicate_object THEN NULL; END $$;
DO $$ BEGIN ALTER TABLE paliad.departments RENAME CONSTRAINT dezernate_office_check TO departments_office_check; EXCEPTION WHEN undefined_object OR undefined_table OR duplicate_object THEN NULL; END $$;
DO $$ BEGIN ALTER TABLE paliad.department_members RENAME CONSTRAINT dezernat_mitglieder_pkey TO department_members_pkey; EXCEPTION WHEN undefined_object OR undefined_table OR duplicate_object THEN NULL; END $$;
DO $$ BEGIN ALTER TABLE paliad.department_members RENAME CONSTRAINT dezernat_mitglieder_dezernat_id_fkey TO department_members_department_id_fkey; EXCEPTION WHEN undefined_object OR undefined_table OR duplicate_object THEN NULL; END $$;
DO $$ BEGIN ALTER TABLE paliad.department_members RENAME CONSTRAINT dezernat_mitglieder_user_id_fkey TO department_members_user_id_fkey; EXCEPTION WHEN undefined_object OR undefined_table OR duplicate_object THEN NULL; END $$;
DO $$ BEGIN ALTER TABLE paliad.departments RENAME CONSTRAINT dezernate_pkey TO departments_pkey; EXCEPTION WHEN undefined_object THEN NULL; END $$;
DO $$ BEGIN ALTER TABLE paliad.departments RENAME CONSTRAINT dezernate_lead_user_id_fkey TO departments_lead_user_id_fkey; EXCEPTION WHEN undefined_object THEN NULL; END $$;
DO $$ BEGIN ALTER TABLE paliad.departments RENAME CONSTRAINT dezernate_office_check TO departments_office_check; EXCEPTION WHEN undefined_object THEN NULL; END $$;
DO $$ BEGIN ALTER TABLE paliad.department_members RENAME CONSTRAINT dezernat_mitglieder_pkey TO department_members_pkey; EXCEPTION WHEN undefined_object THEN NULL; END $$;
DO $$ BEGIN ALTER TABLE paliad.department_members RENAME CONSTRAINT dezernat_mitglieder_dezernat_id_fkey TO department_members_department_id_fkey; EXCEPTION WHEN undefined_object THEN NULL; END $$;
DO $$ BEGIN ALTER TABLE paliad.department_members RENAME CONSTRAINT dezernat_mitglieder_user_id_fkey TO department_members_user_id_fkey; EXCEPTION WHEN undefined_object THEN NULL; END $$;
-- ---------------------------------------------------------------------------
-- Standalone indexes (non-pkey).
-- ---------------------------------------------------------------------------
DO $$ BEGIN ALTER INDEX paliad.dezernate_office_idx RENAME TO departments_office_idx; EXCEPTION WHEN undefined_object OR undefined_table OR duplicate_object THEN NULL; END $$;
DO $$ BEGIN ALTER INDEX paliad.dezernate_lead_idx RENAME TO departments_lead_idx; EXCEPTION WHEN undefined_object OR undefined_table OR duplicate_object THEN NULL; END $$;
DO $$ BEGIN ALTER INDEX paliad.dezernat_mitglieder_user_idx RENAME TO department_members_user_idx; EXCEPTION WHEN undefined_object OR undefined_table OR duplicate_object THEN NULL; END $$;
DO $$ BEGIN ALTER INDEX paliad.dezernate_office_idx RENAME TO departments_office_idx; EXCEPTION WHEN undefined_object THEN NULL; END $$;
DO $$ BEGIN ALTER INDEX paliad.dezernate_lead_idx RENAME TO departments_lead_idx; EXCEPTION WHEN undefined_object THEN NULL; END $$;
DO $$ BEGIN ALTER INDEX paliad.dezernat_mitglieder_user_idx RENAME TO department_members_user_idx; EXCEPTION WHEN undefined_object THEN NULL; END $$;
-- ---------------------------------------------------------------------------
-- RLS policies
-- ---------------------------------------------------------------------------
DO $$ BEGIN ALTER POLICY dezernate_select ON paliad.departments RENAME TO departments_select; EXCEPTION WHEN undefined_object OR undefined_table OR duplicate_object THEN NULL; END $$;
DO $$ BEGIN ALTER POLICY dezernate_write ON paliad.departments RENAME TO departments_write; EXCEPTION WHEN undefined_object OR undefined_table OR duplicate_object THEN NULL; END $$;
DO $$ BEGIN ALTER POLICY dezernat_mitglieder_select ON paliad.department_members RENAME TO department_members_select; EXCEPTION WHEN undefined_object OR undefined_table OR duplicate_object THEN NULL; END $$;
DO $$ BEGIN ALTER POLICY dezernat_mitglieder_write ON paliad.department_members RENAME TO department_members_write; EXCEPTION WHEN undefined_object OR undefined_table OR duplicate_object THEN NULL; END $$;
DO $$ BEGIN ALTER POLICY dezernate_select ON paliad.departments RENAME TO departments_select; EXCEPTION WHEN undefined_object THEN NULL; END $$;
DO $$ BEGIN ALTER POLICY dezernate_write ON paliad.departments RENAME TO departments_write; EXCEPTION WHEN undefined_object THEN NULL; END $$;
DO $$ BEGIN ALTER POLICY dezernat_mitglieder_select ON paliad.department_members RENAME TO department_members_select; EXCEPTION WHEN undefined_object THEN NULL; END $$;
DO $$ BEGIN ALTER POLICY dezernat_mitglieder_write ON paliad.department_members RENAME TO department_members_write; EXCEPTION WHEN undefined_object THEN NULL; END $$;

26
internal/db/migrations/027_rename_to_partner_units.up.sql
View File

@@ -63,27 +63,27 @@ ALTER TABLE paliad.partner_unit_members RENAME COLUMN department_id TO partner_u
-- 5. Rename constraints. Postgres auto-renames the underlying index for
-- pkey/uniq constraints; standalone indexes are renamed in step 6.
-- ---------------------------------------------------------------------------
DO $$ BEGIN ALTER TABLE paliad.partner_units RENAME CONSTRAINT departments_pkey TO partner_units_pkey; EXCEPTION WHEN undefined_object OR undefined_table OR duplicate_object THEN NULL; END $$;
DO $$ BEGIN ALTER TABLE paliad.partner_units RENAME CONSTRAINT departments_lead_user_id_fkey TO partner_units_lead_user_id_fkey; EXCEPTION WHEN undefined_object OR undefined_table OR duplicate_object THEN NULL; END $$;
DO $$ BEGIN ALTER TABLE paliad.partner_units RENAME CONSTRAINT departments_office_check TO partner_units_office_check; EXCEPTION WHEN undefined_object OR undefined_table OR duplicate_object THEN NULL; END $$;
DO $$ BEGIN ALTER TABLE paliad.partner_unit_members RENAME CONSTRAINT department_members_pkey TO partner_unit_members_pkey; EXCEPTION WHEN undefined_object OR undefined_table OR duplicate_object THEN NULL; END $$;
DO $$ BEGIN ALTER TABLE paliad.partner_unit_members RENAME CONSTRAINT department_members_department_id_fkey TO partner_unit_members_partner_unit_id_fkey; EXCEPTION WHEN undefined_object OR undefined_table OR duplicate_object THEN NULL; END $$;
DO $$ BEGIN ALTER TABLE paliad.partner_unit_members RENAME CONSTRAINT department_members_user_id_fkey TO partner_unit_members_user_id_fkey; EXCEPTION WHEN undefined_object OR undefined_table OR duplicate_object THEN NULL; END $$;
DO $$ BEGIN ALTER TABLE paliad.partner_units RENAME CONSTRAINT departments_pkey TO partner_units_pkey; EXCEPTION WHEN undefined_object THEN NULL; END $$;
DO $$ BEGIN ALTER TABLE paliad.partner_units RENAME CONSTRAINT departments_lead_user_id_fkey TO partner_units_lead_user_id_fkey; EXCEPTION WHEN undefined_object THEN NULL; END $$;
DO $$ BEGIN ALTER TABLE paliad.partner_units RENAME CONSTRAINT departments_office_check TO partner_units_office_check; EXCEPTION WHEN undefined_object THEN NULL; END $$;
DO $$ BEGIN ALTER TABLE paliad.partner_unit_members RENAME CONSTRAINT department_members_pkey TO partner_unit_members_pkey; EXCEPTION WHEN undefined_object THEN NULL; END $$;
DO $$ BEGIN ALTER TABLE paliad.partner_unit_members RENAME CONSTRAINT department_members_department_id_fkey TO partner_unit_members_partner_unit_id_fkey; EXCEPTION WHEN undefined_object THEN NULL; END $$;
DO $$ BEGIN ALTER TABLE paliad.partner_unit_members RENAME CONSTRAINT department_members_user_id_fkey TO partner_unit_members_user_id_fkey; EXCEPTION WHEN undefined_object THEN NULL; END $$;
-- ---------------------------------------------------------------------------
-- 6. Rename non-pkey indexes.
-- ---------------------------------------------------------------------------
DO $$ BEGIN ALTER INDEX paliad.departments_office_idx RENAME TO partner_units_office_idx; EXCEPTION WHEN undefined_object OR undefined_table OR duplicate_object THEN NULL; END $$;
DO $$ BEGIN ALTER INDEX paliad.departments_lead_idx RENAME TO partner_units_lead_idx; EXCEPTION WHEN undefined_object OR undefined_table OR duplicate_object THEN NULL; END $$;
DO $$ BEGIN ALTER INDEX paliad.department_members_user_idx RENAME TO partner_unit_members_user_idx; EXCEPTION WHEN undefined_object OR undefined_table OR duplicate_object THEN NULL; END $$;
DO $$ BEGIN ALTER INDEX paliad.departments_office_idx RENAME TO partner_units_office_idx; EXCEPTION WHEN undefined_object THEN NULL; END $$;
DO $$ BEGIN ALTER INDEX paliad.departments_lead_idx RENAME TO partner_units_lead_idx; EXCEPTION WHEN undefined_object THEN NULL; END $$;
DO $$ BEGIN ALTER INDEX paliad.department_members_user_idx RENAME TO partner_unit_members_user_idx; EXCEPTION WHEN undefined_object THEN NULL; END $$;
-- ---------------------------------------------------------------------------
-- 7. Rename RLS policies.
-- ---------------------------------------------------------------------------
DO $$ BEGIN ALTER POLICY departments_select ON paliad.partner_units RENAME TO partner_units_select; EXCEPTION WHEN undefined_object OR undefined_table OR duplicate_object THEN NULL; END $$;
DO $$ BEGIN ALTER POLICY departments_write ON paliad.partner_units RENAME TO partner_units_write; EXCEPTION WHEN undefined_object OR undefined_table OR duplicate_object THEN NULL; END $$;
DO $$ BEGIN ALTER POLICY department_members_select ON paliad.partner_unit_members RENAME TO partner_unit_members_select; EXCEPTION WHEN undefined_object OR undefined_table OR duplicate_object THEN NULL; END $$;
DO $$ BEGIN ALTER POLICY department_members_write ON paliad.partner_unit_members RENAME TO partner_unit_members_write; EXCEPTION WHEN undefined_object OR undefined_table OR duplicate_object THEN NULL; END $$;
DO $$ BEGIN ALTER POLICY departments_select ON paliad.partner_units RENAME TO partner_units_select; EXCEPTION WHEN undefined_object THEN NULL; END $$;
DO $$ BEGIN ALTER POLICY departments_write ON paliad.partner_units RENAME TO partner_units_write; EXCEPTION WHEN undefined_object THEN NULL; END $$;
DO $$ BEGIN ALTER POLICY department_members_select ON paliad.partner_unit_members RENAME TO partner_unit_members_select; EXCEPTION WHEN undefined_object THEN NULL; END $$;
DO $$ BEGIN ALTER POLICY department_members_write ON paliad.partner_unit_members RENAME TO partner_unit_members_write; EXCEPTION WHEN undefined_object THEN NULL; END $$;
-- ---------------------------------------------------------------------------
-- 8. Audit table for partner-unit events. Mutations on partner_units +

2
internal/db/migrations/130_submission_drafts_language.down.sql
View File

@@ -1,2 +0,0 @@
ALTER TABLE paliad.submission_drafts
DROP COLUMN IF EXISTS language;

17
internal/db/migrations/130_submission_drafts_language.up.sql
View File

@@ -1,17 +0,0 @@
-- t-paliad-276 / m/paliad#108: per-draft output language for the
-- Submissions generator.
--
-- The submission editor lets the lawyer pick DE or EN per draft so the
-- generator selects the matching template variant + resolves language-
-- aware variables ({{procedural_event.name_de}} vs _en). Default is
-- 'de' to match the primary-language convention in CLAUDE.md and to
-- keep existing rows behaving exactly as before (every legacy draft
-- was implicitly DE; the resolved bag for those drafts is unchanged
-- under language='de').
ALTER TABLE paliad.submission_drafts
ADD COLUMN IF NOT EXISTS language text NOT NULL DEFAULT 'de'
CONSTRAINT submission_drafts_language_check CHECK (language IN ('de', 'en'));
COMMENT ON COLUMN paliad.submission_drafts.language IS
't-paliad-276: output language for the generated .docx. ''de'' or ''en''. Drives template variant selection ({code}.{lang}.docx fallback chain) and language-aware variable resolution.';

76
internal/db/migrations/132_wave1_tier1_rule_additions.down.sql
View File

@@ -1,76 +0,0 @@
-- Rollback of mig 132 (t-paliad-284 Wave 1 + m/paliad#116).
--
-- Reverses §0 (R.104/R.105 citation backfill) + §1..§11 (11 Tier 1
-- INSERTs) + §12 (T1.12 re-anchor of upc.pi.cfi.response).
--
-- Does NOT reverse §13b (Q6 archived-litigation cleanup) — those rows
-- were already in lifecycle_state='archived' before deletion and are not
-- surfaced by any product code path. Restoring them would require the
-- pre-mig-132 backup. Leaving them gone is the correct rollback choice;
-- emergency restore goes via mig 123 backup snapshot.
--
-- DOES restore §13a (re-add the deadline_rule_audit.rule_id FK) so the
-- audit-table schema returns to its pre-mig-132 shape on rollback. Any
-- orphan audit rows accumulated under mig 132 (rule_id pointing at
-- now-deleted rules) would block the FK re-add; the rollback DELETE
-- below removes them first.
SELECT set_config(
'paliad.audit_reason',
'mig 132 down: rollback Wave 1 Tier 1 rule additions + R.105 citation backfill + T1.12 re-anchor (t-paliad-284 / m/paliad#116)',
true);
-- §12 down — un-re-anchor upc.pi.cfi.response back to its broken root state.
UPDATE paliad.deadline_rules
SET parent_id = NULL,
is_court_set = false,
rule_code = NULL,
legal_source = NULL,
updated_at = now()
WHERE submission_code = 'upc.pi.cfi.response'
AND is_active = true
AND lifecycle_state = 'published'
AND is_court_set = true
AND rule_code = 'RoP.211.2';
-- §1..§11 down — delete the 11 Tier 1 INSERTs by submission_code.
DELETE FROM paliad.deadline_rules
WHERE submission_code IN (
'upc.inf.cfi.cmo_review',
'upc.inf.cfi.confidentiality_response',
'upc.apl.order.response_orders', -- delete child first (FK to grounds_orders)
'upc.apl.order.grounds_orders',
'upc.inf.cfi.cons_orders',
'upc.inf.cfi.rectification',
'upc.pi.cfi.deficiency',
'upc.pi.cfi.merits_start',
'upc.inf.cfi.translation_request',
'upc.inf.cfi.interpreter_cost',
'upc.inf.cfi.translations_lodge'
)
AND lifecycle_state = 'published';
-- §0 down — clear the R.104/R.105 citation on upc.inf.cfi.interim.
UPDATE paliad.deadline_rules
SET rule_code = NULL,
legal_source = NULL,
rule_codes = NULL,
updated_at = now()
WHERE submission_code = 'upc.inf.cfi.interim'
AND is_active = true
AND lifecycle_state = 'published'
AND rule_code = 'RoP.104'
AND legal_source = 'UPC.RoP.104';
-- §13a down — re-add the deadline_rule_audit.rule_id FK with the
-- original ON DELETE CASCADE shape. Purge any orphan audit rows first
-- (audit entries pointing at rule_ids that no longer exist in
-- deadline_rules) so the FK re-add doesn't fail validation.
DELETE FROM paliad.deadline_rule_audit a
WHERE NOT EXISTS (
SELECT 1 FROM paliad.deadline_rules dr WHERE dr.id = a.rule_id
);
ALTER TABLE paliad.deadline_rule_audit
ADD CONSTRAINT deadline_rule_audit_rule_id_fkey
FOREIGN KEY (rule_id) REFERENCES paliad.deadline_rules(id) ON DELETE CASCADE;

659
internal/db/migrations/132_wave1_tier1_rule_additions.up.sql
View File

@@ -1,659 +0,0 @@
-- t-paliad-284 Wave 1 + m/paliad#116 — Tier 1 deadline-rule additions
-- (12 high-frequency procedural events) + UPC RoP R.104/R.105 Interim
-- Conference citation backfill + Q6 archived-litigation cleanup.
--
-- Source: docs/research-deadlines-completeness-2026-05-25.md
-- • §10 Tier 1 table (T1.1 .. T1.12)
-- • §3.1 missing-rules catalogue (per-rule statutory citations)
-- • §9.7 / Q6 (drop the _archived_litigation.* rows — m's design ack
-- locked in 2026-05-25)
--
-- m's report (2026-05-25 17:12) also explicitly named "Zwischenverfahren /
-- Interim Conference 105" as missing a rule citation. The audit does not
-- list R.105 as a Tier 1 item (the row upc.inf.cfi.interim already exists
-- as a court-set anchor), so the fix is to BACKFILL rule_code/legal_source
-- on that row rather than to insert a new rule. Done here as a separate
-- §0 section, with both RoP.104 (Aims of the interim conference) and
-- RoP.105 (Holding of the interim conference) cited via rule_codes[].
--
-- Wave 2 Slice A primitives (mig 128: working_days unit + combine_op +
-- timing='before' backward snap in deadline_calculator.go) are used by:
-- • T1.8 upc.pi.cfi.merits_start — 31d OR 20wd, combine_op=max
-- • T1.9 upc.inf.cfi.translation_request — 1 month BEFORE oral hearing
-- • T1.10 upc.inf.cfi.interpreter_cost — 2 weeks BEFORE oral hearing
-- Wave 2 Slice A landed mig 128 (`deadline_rules_unit_check`) — these
-- rules are no longer blocked.
--
-- Slot 132 reserved: 127 brunel Wave 0, 128 knuth W2-A, 129 demeter,
-- 130 atlas, 131 artemis → 132 this migration.
--
-- Idempotency:
-- • INSERTs guarded with `WHERE NOT EXISTS (... submission_code = ...)`
-- so re-applying matches zero rows on the second run.
-- • UPDATEs guarded with `WHERE` clauses that match the pre-fix row
-- state only (mig 095 convention).
-- • DELETE guarded by lifecycle_state='archived' AND prefix — repeats
-- match zero rows after first run.
--
-- audit_reason set_config is required at the top (mig 079 trigger on
-- paliad.deadline_rules raises EXCEPTION 'audit reason required' for
-- any INSERT / UPDATE / DELETE without it).
SELECT set_config(
'paliad.audit_reason',
'mig 132: t-paliad-284 Wave 1 + m/paliad#116 — Tier 1 deadline-rule additions (12 rules) from curie''s audit §10 + UPC RoP R.104/105 Interim Conference citation backfill (m''s 2026-05-25 17:12 report) + Q6 archived-litigation cleanup (audit §9.7)',
true);
-- =============================================================================
-- §0 R.104/R.105 — Backfill citation on the existing Interim Conference row.
-- m's report flagged that `upc.inf.cfi.interim` (Zwischenverfahren) renders
-- with no rule reference at /admin/rules. The row exists as a court-set
-- anchor (duration=0, parent_id=NULL, primary_party='court'). The
-- governing UPC Rules of Procedure are:
-- • R.104 — Aims of the interim conference (the substantive rule)
-- • R.105 — Holding of the interim conference (procedural)
-- Both cited via the rule_codes[] array; rule_code/legal_source carry
-- the primary citation (R.104 — Aims).
-- =============================================================================
UPDATE paliad.deadline_rules
SET rule_code = 'RoP.104',
legal_source = 'UPC.RoP.104',
rule_codes = ARRAY['RoP.104', 'RoP.105'],
updated_at = now()
WHERE submission_code = 'upc.inf.cfi.interim'
AND is_active = true
AND lifecycle_state = 'published'
AND rule_code IS NULL
AND legal_source IS NULL;
-- =============================================================================
-- §1 T1.1 upc.inf.cfi.cmo_review — Review of case-management order.
-- 15 days from CMO service. UPC RoP R.333.2: "Any party adversely
-- affected by a case management order may within 15 days of service
-- of the order apply to the panel for a review." Routine in busy LDs
-- (Munich CMO traffic ~weekly). Anchor: the Interim Conference row,
-- which is where CMOs are typically issued.
-- =============================================================================
INSERT INTO paliad.deadline_rules
(proceeding_type_id, parent_id, submission_code, name, name_en,
primary_party, duration_value, duration_unit, timing, rule_code,
legal_source, priority, is_court_set, lifecycle_state, is_active,
sequence_order, deadline_notes, deadline_notes_en)
SELECT 8, -- upc.inf.cfi
(SELECT id FROM paliad.deadline_rules
WHERE submission_code = 'upc.inf.cfi.interim'
AND lifecycle_state = 'published' AND is_active = true
LIMIT 1),
'upc.inf.cfi.cmo_review',
'Überprüfung Verfahrensanordnung',
'Review of Case-Management Order',
'both', 15, 'days', 'after', 'RoP.333.2', 'UPC.RoP.333.2',
'optional', false, 'published', true, 42,
'Frist 15 Tage ab Zustellung der Verfahrensanordnung (R.333.2). Jede beschwerte Partei kann beim Spruchkörper Überprüfung beantragen.',
'15-day period from service of the case-management order (R.333.2). Any adversely-affected party may apply to the panel for a review.'
WHERE NOT EXISTS (
SELECT 1 FROM paliad.deadline_rules
WHERE submission_code = 'upc.inf.cfi.cmo_review'
AND lifecycle_state = 'published'
);
-- =============================================================================
-- §2 T1.2 upc.inf.cfi.confidentiality_response — Response to opposing
-- party's confidentiality application. 14 days from receipt of the
-- opposing party's R.262.2 application: "Within 14 days of service
-- … the other party may lodge an Application to the contrary."
-- Trigger event 25 (paliad.trigger_events) maps 1:1 to this rule.
-- Daily occurrence in HLC infringement work. Anchor: Statement of
-- Claim row as proceeding root — actual trigger date supplied via
-- 'Datum setzen' when the opp party files, since the confidentiality
-- app is not itself modelled as a deadline_rules row.
-- =============================================================================
INSERT INTO paliad.deadline_rules
(proceeding_type_id, parent_id, submission_code, name, name_en,
primary_party, duration_value, duration_unit, timing, rule_code,
legal_source, priority, is_court_set, lifecycle_state, is_active,
sequence_order, trigger_event_id, deadline_notes, deadline_notes_en)
SELECT 8,
(SELECT id FROM paliad.deadline_rules
WHERE submission_code = 'upc.inf.cfi.soc'
AND lifecycle_state = 'published' AND is_active = true
LIMIT 1),
'upc.inf.cfi.confidentiality_response',
'Erwiderung auf Vertraulichkeitsantrag',
'Response to Confidentiality Application',
'both', 14, 'days', 'after', 'RoP.262.2', 'UPC.RoP.262.2',
'optional', false, 'published', true, 8,
25,
'Frist 14 Tage ab Zustellung des Vertraulichkeitsantrags der Gegenseite (R.262.2). Datum bei Eingang des Antrags manuell setzen.',
'14-day period from service of the opposing party''s confidentiality application (R.262.2). Set trigger date manually on receipt of the application.'
WHERE NOT EXISTS (
SELECT 1 FROM paliad.deadline_rules
WHERE submission_code = 'upc.inf.cfi.confidentiality_response'
AND lifecycle_state = 'published'
);
-- =============================================================================
-- §3 T1.3 upc.apl.order.grounds_orders — Statement of Grounds on the
-- orders-track appeal. 15 days from service of the appealed
-- order/decision. UPC RoP R.224.2(b): "A Statement of grounds of
-- appeal shall be lodged … within 15 days of service of the
-- decision/order in cases referred to in Rule 220.1(c), Rule 220.2
-- and Rule 221.3." Existing upc.apl.order tree has the with_leave
-- notice but no separate grounds row — adding it.
-- =============================================================================
INSERT INTO paliad.deadline_rules
(proceeding_type_id, parent_id, submission_code, name, name_en,
primary_party, duration_value, duration_unit, timing, rule_code,
legal_source, priority, is_court_set, lifecycle_state, is_active,
sequence_order, deadline_notes, deadline_notes_en)
SELECT 20, -- upc.apl.order
(SELECT id FROM paliad.deadline_rules
WHERE submission_code = 'upc.apl.order.order'
AND lifecycle_state = 'published' AND is_active = true
LIMIT 1),
'upc.apl.order.grounds_orders',
'Berufungsbegründung (Orders Track)',
'Statement of Grounds (Orders Track)',
'both', 15, 'days', 'after', 'RoP.224.2.b', 'UPC.RoP.224.2.b',
'mandatory', false, 'published', true, 2,
'Frist 15 Tage ab Zustellung der angegriffenen Anordnung/Entscheidung (R.224.2(b)).',
'15-day period from service of the appealed order/decision (R.224.2(b)).'
WHERE NOT EXISTS (
SELECT 1 FROM paliad.deadline_rules
WHERE submission_code = 'upc.apl.order.grounds_orders'
AND lifecycle_state = 'published'
);
-- =============================================================================
-- §4 T1.4 upc.apl.order.response_orders — Statement of Response on the
-- orders-track appeal. 15 days from service of the grounds. UPC RoP
-- R.235.2: "Within 15 days of service of grounds of appeal pursuant
-- to Rule 224.2(b), any other party … may lodge a Statement of
-- response." Parent: the grounds_orders row inserted in §3, looked
-- up by submission_code so this INSERT works either against a fresh
-- DB or a partially-applied state.
-- =============================================================================
INSERT INTO paliad.deadline_rules
(proceeding_type_id, parent_id, submission_code, name, name_en,
primary_party, duration_value, duration_unit, timing, rule_code,
legal_source, priority, is_court_set, lifecycle_state, is_active,
sequence_order, deadline_notes, deadline_notes_en)
SELECT 20,
(SELECT id FROM paliad.deadline_rules
WHERE submission_code = 'upc.apl.order.grounds_orders'
AND lifecycle_state = 'published' AND is_active = true
LIMIT 1),
'upc.apl.order.response_orders',
'Berufungserwiderung (Orders Track)',
'Statement of Response (Orders Track)',
'both', 15, 'days', 'after', 'RoP.235.2', 'UPC.RoP.235.2',
'optional', false, 'published', true, 3,
'Frist 15 Tage ab Zustellung der Berufungsbegründung (R.235.2).',
'15-day period from service of the Statement of grounds of appeal (R.235.2).'
WHERE NOT EXISTS (
SELECT 1 FROM paliad.deadline_rules
WHERE submission_code = 'upc.apl.order.response_orders'
AND lifecycle_state = 'published'
);
-- =============================================================================
-- §5 T1.5 upc.inf.cfi.cons_orders — Application for orders consequential
-- on validity. 2 months from service of the validity decision. UPC
-- RoP R.118.4: "The Court may, upon a reasoned request by one of
-- the parties, … give a decision granting consequential orders.
-- The application … shall be made within two months of service of
-- the decision …". Common after central-division revocation in
-- bifurcated UPC matters.
-- =============================================================================
INSERT INTO paliad.deadline_rules
(proceeding_type_id, parent_id, submission_code, name, name_en,
primary_party, duration_value, duration_unit, timing, rule_code,
legal_source, priority, is_court_set, lifecycle_state, is_active,
sequence_order, deadline_notes, deadline_notes_en)
SELECT 8,
(SELECT id FROM paliad.deadline_rules
WHERE submission_code = 'upc.inf.cfi.decision'
AND lifecycle_state = 'published' AND is_active = true
LIMIT 1),
'upc.inf.cfi.cons_orders',
'Antrag auf Folgeentscheidungen',
'Application for Consequential Orders',
'both', 2, 'months', 'after', 'RoP.118.4', 'UPC.RoP.118.4',
'optional', false, 'published', true, 60,
'Frist 2 Monate ab Zustellung der Validitätsentscheidung (R.118.4). Antrag auf Folgeentscheidungen (z.B. nach Zentralkammer-Nichtigerklärung).',
'2-month period from service of the validity decision (R.118.4). Application for orders consequential on validity (e.g. after central-division revocation).'
WHERE NOT EXISTS (
SELECT 1 FROM paliad.deadline_rules
WHERE submission_code = 'upc.inf.cfi.cons_orders'
AND lifecycle_state = 'published'
);
-- =============================================================================
-- §6 T1.6 upc.inf.cfi.rectification — Application for rectification of a
-- decision/order. 1 month from delivery of the decision. UPC RoP
-- R.353: "Clerical mistakes, errors arising from any accidental
-- slip or omission and obvious errors in a decision or order of
-- the Court may be corrected by the Court of its own motion or on
-- the application of a party. The application shall be made within
-- one month of the decision or order being notified."
-- =============================================================================
INSERT INTO paliad.deadline_rules
(proceeding_type_id, parent_id, submission_code, name, name_en,
primary_party, duration_value, duration_unit, timing, rule_code,
legal_source, priority, is_court_set, lifecycle_state, is_active,
sequence_order, deadline_notes, deadline_notes_en)
SELECT 8,
(SELECT id FROM paliad.deadline_rules
WHERE submission_code = 'upc.inf.cfi.decision'
AND lifecycle_state = 'published' AND is_active = true
LIMIT 1),
'upc.inf.cfi.rectification',
'Antrag auf Berichtigung',
'Application for Rectification',
'both', 1, 'months', 'after', 'RoP.353', 'UPC.RoP.353',
'optional', false, 'published', true, 70,
'Frist 1 Monat ab Zustellung der Entscheidung/Anordnung (R.353). Berichtigung von Schreib-, Rechen- oder ähnlichen Versehen.',
'1-month period from notification of the decision/order (R.353). Rectification of clerical mistakes, accidental slips or obvious errors.'
WHERE NOT EXISTS (
SELECT 1 FROM paliad.deadline_rules
WHERE submission_code = 'upc.inf.cfi.rectification'
AND lifecycle_state = 'published'
);
-- =============================================================================
-- §7 T1.7 upc.pi.cfi.deficiency — Cure of PI-application deficiency.
-- 14 days from notification of the deficiency. UPC RoP R.207.6(a):
-- "The Registry shall as soon as practicable examine the
-- Application … and notify any deficiencies to the applicant. The
-- applicant shall be invited to correct the deficiencies … within
-- 14 days." Failure to cure leads to deemed-withdrawal.
-- =============================================================================
INSERT INTO paliad.deadline_rules
(proceeding_type_id, parent_id, submission_code, name, name_en,
primary_party, duration_value, duration_unit, timing, rule_code,
legal_source, priority, is_court_set, lifecycle_state, is_active,
sequence_order, deadline_notes, deadline_notes_en)
SELECT 10, -- upc.pi.cfi
(SELECT id FROM paliad.deadline_rules
WHERE submission_code = 'upc.pi.cfi.app'
AND lifecycle_state = 'published' AND is_active = true
LIMIT 1),
'upc.pi.cfi.deficiency',
'Mängelbeseitigung Antrag',
'Cure of Application Deficiency',
'claimant', 14, 'days', 'after', 'RoP.207.6.a', 'UPC.RoP.207.6.a',
'mandatory', false, 'published', true, 2,
'Frist 14 Tage ab Mängelmitteilung durch die Geschäftsstelle (R.207.6(a)). Bei Nichtbehebung gilt der Antrag als zurückgenommen.',
'14-day period from notification of deficiency by the Registry (R.207.6(a)). Failure to cure leads to deemed withdrawal of the application.'
WHERE NOT EXISTS (
SELECT 1 FROM paliad.deadline_rules
WHERE submission_code = 'upc.pi.cfi.deficiency'
AND lifecycle_state = 'published'
);
-- =============================================================================
-- §8 T1.8 upc.pi.cfi.merits_start — Start proceedings on the merits.
-- 31 calendar days OR 20 working days, whichever is the longer,
-- from grant of the PI. UPC RoP R.213.1 → R.198.1: "the applicant
-- shall start proceedings leading to a decision on the merits of
-- the case … within a period not exceeding 31 calendar days or
-- 20 working days, whichever is the longer." Combine-max wiring
-- via Wave 2 Slice A primitives (mig 128: working_days unit +
-- combine_op). Failure to commence on time → PI lapses (R.213.2).
-- =============================================================================
INSERT INTO paliad.deadline_rules
(proceeding_type_id, parent_id, submission_code, name, name_en,
primary_party, duration_value, duration_unit,
alt_duration_value, alt_duration_unit, alt_rule_code,
combine_op, timing, rule_code, legal_source, priority,
is_court_set, lifecycle_state, is_active, sequence_order,
deadline_notes, deadline_notes_en)
SELECT 10,
(SELECT id FROM paliad.deadline_rules
WHERE submission_code = 'upc.pi.cfi.order'
AND lifecycle_state = 'published' AND is_active = true
LIMIT 1),
'upc.pi.cfi.merits_start',
'Klage in der Hauptsache erheben',
'Start Proceedings on the Merits',
'claimant', 31, 'days',
20, 'working_days', 'RoP.198.1',
'max', 'after', 'RoP.213', 'UPC.RoP.213',
'mandatory', false, 'published', true, 3,
'Frist 31 Kalendertage ODER 20 Arbeitstage (jeweils das längere) ab Anordnung der einstweiligen Maßnahme (R.213 i.V.m. R.198.1). Bei Versäumnis erlischt die einstweilige Maßnahme.',
'31 calendar days OR 20 working days, whichever is the longer, from grant of the provisional measure (R.213 referring to R.198.1). Failure to commence within the period causes the provisional measure to lapse.'
WHERE NOT EXISTS (
SELECT 1 FROM paliad.deadline_rules
WHERE submission_code = 'upc.pi.cfi.merits_start'
AND lifecycle_state = 'published'
);
-- =============================================================================
-- §9 T1.9 upc.inf.cfi.translation_request — Request for simultaneous
-- translation at the oral hearing. 1 month BEFORE the oral hearing.
-- UPC RoP R.109.1: "A party requiring simultaneous interpretation
-- of the oral hearing into a language other than the language of
-- proceedings shall, no later than one month before the date of
-- the oral hearing, lodge a request with the Court." timing='before'
-- uses the backward-snap path in deadline_calculator.go (mig 128).
-- =============================================================================
INSERT INTO paliad.deadline_rules
(proceeding_type_id, parent_id, submission_code, name, name_en,
primary_party, duration_value, duration_unit, timing, rule_code,
legal_source, priority, is_court_set, lifecycle_state, is_active,
sequence_order, deadline_notes, deadline_notes_en)
SELECT 8,
(SELECT id FROM paliad.deadline_rules
WHERE submission_code = 'upc.inf.cfi.oral'
AND lifecycle_state = 'published' AND is_active = true
LIMIT 1),
'upc.inf.cfi.translation_request',
'Antrag auf Simultanübersetzung',
'Request for Simultaneous Translation',
'both', 1, 'months', 'before', 'RoP.109.1', 'UPC.RoP.109.1',
'optional', false, 'published', true, 45,
'Frist 1 Monat VOR der mündlichen Verhandlung (R.109.1). Antrag auf Simultanübersetzung in eine andere Sprache als die Verfahrenssprache.',
'1 month BEFORE the oral hearing (R.109.1). Request for simultaneous interpretation into a language other than the language of proceedings.'
WHERE NOT EXISTS (
SELECT 1 FROM paliad.deadline_rules
WHERE submission_code = 'upc.inf.cfi.translation_request'
AND lifecycle_state = 'published'
);
-- =============================================================================
-- §10 T1.10 upc.inf.cfi.interpreter_cost — Notification of interpreter
-- cost-bearing. 2 weeks BEFORE the oral hearing. UPC RoP R.109.4:
-- "Where … the party which made the request for interpretation is
-- not the party who has chosen the language of the proceedings,
-- the costs of the interpretation … shall be borne by the
-- requesting party, unless the Court orders otherwise. The party
-- shall be notified at least two weeks before the oral hearing."
-- timing='before' as in §9.
-- =============================================================================
INSERT INTO paliad.deadline_rules
(proceeding_type_id, parent_id, submission_code, name, name_en,
primary_party, duration_value, duration_unit, timing, rule_code,
legal_source, priority, is_court_set, lifecycle_state, is_active,
sequence_order, deadline_notes, deadline_notes_en)
SELECT 8,
(SELECT id FROM paliad.deadline_rules
WHERE submission_code = 'upc.inf.cfi.oral'
AND lifecycle_state = 'published' AND is_active = true
LIMIT 1),
'upc.inf.cfi.interpreter_cost',
'Mitteilung Dolmetscherkosten',
'Notification of Interpreter Costs',
'court', 2, 'weeks', 'before', 'RoP.109.4', 'UPC.RoP.109.4',
'mandatory', false, 'published', true, 46,
'Frist 2 Wochen VOR der mündlichen Verhandlung (R.109.4). Mitteilung, dass die antragstellende Partei die Dolmetscherkosten zu tragen hat.',
'2 weeks BEFORE the oral hearing (R.109.4). Notification to the requesting party that it shall bear the interpreter costs.'
WHERE NOT EXISTS (
SELECT 1 FROM paliad.deadline_rules
WHERE submission_code = 'upc.inf.cfi.interpreter_cost'
AND lifecycle_state = 'published'
);
-- =============================================================================
-- §11 T1.11 upc.inf.cfi.translations_lodge — Lodging of translations on
-- judge-rapporteur order. 2 weeks AFTER the JR's order. UPC RoP
-- R.109.5: "If the judge-rapporteur orders, the parties shall lodge
-- a translation of any pleading or other document into the language
-- of the proceedings within two weeks." trigger_event_id=113 maps
-- to the JR translation order. Anchor: Interim Conference row, where
-- such JR orders are typically issued.
-- =============================================================================
INSERT INTO paliad.deadline_rules
(proceeding_type_id, parent_id, submission_code, name, name_en,
primary_party, duration_value, duration_unit, timing, rule_code,
legal_source, priority, is_court_set, lifecycle_state, is_active,
sequence_order, trigger_event_id, deadline_notes, deadline_notes_en)
SELECT 8,
(SELECT id FROM paliad.deadline_rules
WHERE submission_code = 'upc.inf.cfi.interim'
AND lifecycle_state = 'published' AND is_active = true
LIMIT 1),
'upc.inf.cfi.translations_lodge',
'Übersetzungen einreichen',
'Lodging of Translations',
'both', 2, 'weeks', 'after', 'RoP.109.5', 'UPC.RoP.109.5',
'mandatory', false, 'published', true, 47,
113,
'Frist 2 Wochen ab Anordnung des Berichterstatters, Übersetzungen einzureichen (R.109.5).',
'2-week period from the judge-rapporteur''s order to lodge translations (R.109.5).'
WHERE NOT EXISTS (
SELECT 1 FROM paliad.deadline_rules
WHERE submission_code = 'upc.inf.cfi.translations_lodge'
AND lifecycle_state = 'published'
);
-- =============================================================================
-- §12 T1.12 upc.pi.cfi.response — RE-ANCHOR of the existing PI Response
-- row. Currently broken: parent_id=NULL with is_court_set=false and
-- duration=0 makes the calculator treat this as a root anchor. UPC
-- RoP R.211.2 — judge sets the inter-partes hearing date and the
-- deadline for the response. Fix: set is_court_set=true and chain
-- parent_id on upc.pi.cfi.app (the proceeding root). Duration
-- remains 0 (court-set placeholder); the lawyer fills in the actual
-- date via 'Datum setzen'.
-- =============================================================================
UPDATE paliad.deadline_rules
SET parent_id = (SELECT id FROM paliad.deadline_rules
WHERE submission_code = 'upc.pi.cfi.app'
AND lifecycle_state = 'published'
AND is_active = true
LIMIT 1),
is_court_set = true,
rule_code = 'RoP.211.2',
legal_source = 'UPC.RoP.211.2',
updated_at = now()
WHERE submission_code = 'upc.pi.cfi.response'
AND is_active = true
AND lifecycle_state = 'published'
AND parent_id IS NULL
AND is_court_set = false;
-- =============================================================================
-- §13a Pre-requisite for §13b — drop the deadline_rule_audit.rule_id FK.
-- The audit trigger (mig 079) tries to INSERT an audit row on AFTER
-- DELETE pointing at OLD.id, but the existing FK constraint
-- `deadline_rule_audit_rule_id_fkey` (FOREIGN KEY rule_id REFERENCES
-- paliad.deadline_rules(id) ON DELETE CASCADE) makes that INSERT fail
-- because by the time the trigger fires the parent row is gone. As a
-- result no DELETE on paliad.deadline_rules has ever succeeded in
-- production (`SELECT count(*) FROM paliad.deadline_rule_audit
-- WHERE action='delete'` returns 0). The trigger's DELETE branch was
-- dead code.
--
-- Standard audit-table design: the audit log is append-only history
-- and should NOT FK-constrain on the live entity table — before_json
-- captures the full row state at the time of the change, which is
-- all the audit trail needs. Dropping the FK fixes the latent bug
-- and unblocks legitimate cleanup work (here: §13b, plus any future
-- hard-delete migrations against deadline_rules).
--
-- Idempotent: DROP CONSTRAINT IF EXISTS no-ops on re-run.
-- =============================================================================
ALTER TABLE paliad.deadline_rule_audit
DROP CONSTRAINT IF EXISTS deadline_rule_audit_rule_id_fkey;
-- =============================================================================
-- §13b Q6 cleanup — drop the _archived_litigation.* deadline rules.
-- 40 rows at audit §9.7 flagged as obsolete Pipeline-A residue
-- (proceeding_type id=32 '_archived_litigation' — kept for FK
-- parity but the rules are no longer surfaced anywhere in the
-- product). m's Q6 design ack 2026-05-25 locked in their removal.
-- Idempotent: prefix + lifecycle_state='archived' match zero rows
-- after first run. The proceeding_type row itself is left in place
-- (referenced by historical deadline_rule_audit before_json blobs).
-- =============================================================================
DELETE FROM paliad.deadline_rules
WHERE submission_code LIKE '_archived_litigation.%' ESCAPE '\'
AND lifecycle_state = 'archived';
-- =============================================================================
-- Hard assertions. Each new/changed row must end up in its post-fix
-- shape. Re-running the migration is a no-op for the data but the
-- assertions still pass because they check the post-fix state.
-- =============================================================================
DO $$
DECLARE
v_count integer;
BEGIN
-- §0 R.105 interim conference backfilled
SELECT count(*) INTO v_count
FROM paliad.deadline_rules
WHERE submission_code = 'upc.inf.cfi.interim'
AND is_active = true
AND lifecycle_state = 'published'
AND rule_code = 'RoP.104'
AND legal_source = 'UPC.RoP.104'
AND 'RoP.105' = ANY(rule_codes);
IF v_count <> 1 THEN
RAISE EXCEPTION 'mig 132 §0: upc.inf.cfi.interim citation backfill not in post-fix shape (got % matches)', v_count;
END IF;
-- §1 T1.1 cmo_review present
SELECT count(*) INTO v_count
FROM paliad.deadline_rules
WHERE submission_code = 'upc.inf.cfi.cmo_review'
AND is_active = true AND lifecycle_state = 'published'
AND rule_code = 'RoP.333.2' AND duration_value = 15
AND duration_unit = 'days' AND timing = 'after';
IF v_count <> 1 THEN
RAISE EXCEPTION 'mig 132 T1.1: upc.inf.cfi.cmo_review missing or wrong shape (got % matches)', v_count;
END IF;
-- §2 T1.2 confidentiality_response
SELECT count(*) INTO v_count
FROM paliad.deadline_rules
WHERE submission_code = 'upc.inf.cfi.confidentiality_response'
AND is_active = true AND lifecycle_state = 'published'
AND rule_code = 'RoP.262.2' AND duration_value = 14
AND duration_unit = 'days' AND trigger_event_id = 25;
IF v_count <> 1 THEN
RAISE EXCEPTION 'mig 132 T1.2: upc.inf.cfi.confidentiality_response missing or wrong shape (got % matches)', v_count;
END IF;
-- §3 T1.3 grounds_orders
SELECT count(*) INTO v_count
FROM paliad.deadline_rules
WHERE submission_code = 'upc.apl.order.grounds_orders'
AND is_active = true AND lifecycle_state = 'published'
AND rule_code = 'RoP.224.2.b' AND duration_value = 15
AND duration_unit = 'days';
IF v_count <> 1 THEN
RAISE EXCEPTION 'mig 132 T1.3: upc.apl.order.grounds_orders missing or wrong shape (got % matches)', v_count;
END IF;
-- §4 T1.4 response_orders chained on §3
SELECT count(*) INTO v_count
FROM paliad.deadline_rules dr
JOIN paliad.deadline_rules p ON p.id = dr.parent_id
WHERE dr.submission_code = 'upc.apl.order.response_orders'
AND dr.is_active = true AND dr.lifecycle_state = 'published'
AND dr.rule_code = 'RoP.235.2' AND dr.duration_value = 15
AND p.submission_code = 'upc.apl.order.grounds_orders';
IF v_count <> 1 THEN
RAISE EXCEPTION 'mig 132 T1.4: upc.apl.order.response_orders missing or wrong parent chain (got % matches)', v_count;
END IF;
-- §5 T1.5 cons_orders
SELECT count(*) INTO v_count
FROM paliad.deadline_rules
WHERE submission_code = 'upc.inf.cfi.cons_orders'
AND is_active = true AND lifecycle_state = 'published'
AND rule_code = 'RoP.118.4' AND duration_value = 2
AND duration_unit = 'months';
IF v_count <> 1 THEN
RAISE EXCEPTION 'mig 132 T1.5: upc.inf.cfi.cons_orders missing or wrong shape (got % matches)', v_count;
END IF;
-- §6 T1.6 rectification
SELECT count(*) INTO v_count
FROM paliad.deadline_rules
WHERE submission_code = 'upc.inf.cfi.rectification'
AND is_active = true AND lifecycle_state = 'published'
AND rule_code = 'RoP.353' AND duration_value = 1
AND duration_unit = 'months';
IF v_count <> 1 THEN
RAISE EXCEPTION 'mig 132 T1.6: upc.inf.cfi.rectification missing or wrong shape (got % matches)', v_count;
END IF;
-- §7 T1.7 pi.deficiency
SELECT count(*) INTO v_count
FROM paliad.deadline_rules
WHERE submission_code = 'upc.pi.cfi.deficiency'
AND is_active = true AND lifecycle_state = 'published'
AND rule_code = 'RoP.207.6.a' AND duration_value = 14
AND duration_unit = 'days';
IF v_count <> 1 THEN
RAISE EXCEPTION 'mig 132 T1.7: upc.pi.cfi.deficiency missing or wrong shape (got % matches)', v_count;
END IF;
-- §8 T1.8 pi.merits_start — combine-max wiring
SELECT count(*) INTO v_count
FROM paliad.deadline_rules
WHERE submission_code = 'upc.pi.cfi.merits_start'
AND is_active = true AND lifecycle_state = 'published'
AND rule_code = 'RoP.213' AND duration_value = 31
AND duration_unit = 'days'
AND alt_duration_value = 20 AND alt_duration_unit = 'working_days'
AND alt_rule_code = 'RoP.198.1' AND combine_op = 'max';
IF v_count <> 1 THEN
RAISE EXCEPTION 'mig 132 T1.8: upc.pi.cfi.merits_start missing or wrong combine-max shape (got % matches)', v_count;
END IF;
-- §9 T1.9 translation_request — timing='before'
SELECT count(*) INTO v_count
FROM paliad.deadline_rules
WHERE submission_code = 'upc.inf.cfi.translation_request'
AND is_active = true AND lifecycle_state = 'published'
AND rule_code = 'RoP.109.1' AND duration_value = 1
AND duration_unit = 'months' AND timing = 'before';
IF v_count <> 1 THEN
RAISE EXCEPTION 'mig 132 T1.9: upc.inf.cfi.translation_request missing or wrong timing (got % matches)', v_count;
END IF;
-- §10 T1.10 interpreter_cost — timing='before'
SELECT count(*) INTO v_count
FROM paliad.deadline_rules
WHERE submission_code = 'upc.inf.cfi.interpreter_cost'
AND is_active = true AND lifecycle_state = 'published'
AND rule_code = 'RoP.109.4' AND duration_value = 2
AND duration_unit = 'weeks' AND timing = 'before';
IF v_count <> 1 THEN
RAISE EXCEPTION 'mig 132 T1.10: upc.inf.cfi.interpreter_cost missing or wrong timing (got % matches)', v_count;
END IF;
-- §11 T1.11 translations_lodge
SELECT count(*) INTO v_count
FROM paliad.deadline_rules
WHERE submission_code = 'upc.inf.cfi.translations_lodge'
AND is_active = true AND lifecycle_state = 'published'
AND rule_code = 'RoP.109.5' AND duration_value = 2
AND duration_unit = 'weeks' AND trigger_event_id = 113;
IF v_count <> 1 THEN
RAISE EXCEPTION 'mig 132 T1.11: upc.inf.cfi.translations_lodge missing or wrong shape (got % matches)', v_count;
END IF;
-- §12 T1.12 pi.response re-anchor
SELECT count(*) INTO v_count
FROM paliad.deadline_rules dr
JOIN paliad.deadline_rules p ON p.id = dr.parent_id
WHERE dr.submission_code = 'upc.pi.cfi.response'
AND dr.is_active = true AND dr.lifecycle_state = 'published'
AND dr.is_court_set = true
AND p.submission_code = 'upc.pi.cfi.app';
IF v_count <> 1 THEN
RAISE EXCEPTION 'mig 132 T1.12: upc.pi.cfi.response not re-anchored on app (got % matches)', v_count;
END IF;
-- §13 Q6 cleanup — no archived _archived_litigation rules left
SELECT count(*) INTO v_count
FROM paliad.deadline_rules
WHERE submission_code LIKE '_archived_litigation.%' ESCAPE '\'
AND lifecycle_state = 'archived';
IF v_count <> 0 THEN
RAISE EXCEPTION 'mig 132 §13: % archived _archived_litigation.* rules still present after cleanup', v_count;
END IF;
END $$;

33
internal/db/migrations/133_upc_dmgs_pi_court_followup.down.sql
View File

@@ -1,33 +0,0 @@
-- Reverses mig 133. Removes the 5 new rules:
-- * upc.dmgs.cfi.interim
-- * upc.dmgs.cfi.oral
-- * upc.dmgs.cfi.decision
-- * upc.dmgs.cfi.appeal_spawn
-- * upc.pi.cfi.appeal_spawn
--
-- The audit_reason is required by the mig 079 trigger for DELETE;
-- set_config at top supplies it.
--
-- Idempotent — if a rule is already missing the DELETE matches zero
-- rows and the audit log records nothing extra.
SELECT set_config(
'paliad.audit_reason',
'mig 133 (down): revert UPC Damages tree-end rows and UPC PI appeal-spawn (t-paliad-285 / m/paliad#117 + t-paliad-286 / m/paliad#118)',
true);
-- Delete the spawn rows first so the parent_id reference goes away
-- before the parent decision row is removed.
DELETE FROM paliad.deadline_rules
WHERE submission_code IN (
'upc.dmgs.cfi.appeal_spawn',
'upc.pi.cfi.appeal_spawn')
AND lifecycle_state = 'published';
DELETE FROM paliad.deadline_rules
WHERE submission_code IN (
'upc.dmgs.cfi.interim',
'upc.dmgs.cfi.oral',
'upc.dmgs.cfi.decision')
AND proceeding_type_id = 17
AND lifecycle_state = 'published';

405
internal/db/migrations/133_upc_dmgs_pi_court_followup.up.sql
View File

@@ -1,405 +0,0 @@
-- t-paliad-285 (m/paliad#117) + t-paliad-286 (m/paliad#118) —
-- post-submission court followup for UPC Damages and appeal route
-- for UPC Provisional Measures.
--
-- m's 2026-05-25 report: the upc.dmgs.cfi proceeding stops at the
-- last party submission (rejoin) — no interim conference, no oral
-- hearing, no decision row, no appeal-spawn. The upc.pi.cfi
-- proceeding has its decision row (`pi.order`) but no spawn into
-- the appeal tree. Both gaps prevent the Verfahrensablauf timeline
-- from rendering the court phase plus any downstream appeal sub-
-- tree that atlas's #96 spawn-rendering mechanism is otherwise
-- ready to surface.
--
-- Two sections in one migration (slot 133 — knuth on 132, paliadin
-- coordinated):
--
-- A. UPC Damages tree-end rows (#117)
-- A1 upc.dmgs.cfi.interim UPC RoP R.105 court-set hearing
-- A2 upc.dmgs.cfi.oral UPC RoP R.118 / R.250 court-set hearing
-- A3 upc.dmgs.cfi.decision UPC RoP R.118 / R.144 court-set decision
-- A4 upc.dmgs.cfi.appeal_spawn UPC RoP R.220.1(a) / R.224.1(a) 2mo, spawn → upc.apl.merits (id=11)
--
-- B. UPC Provisional Measures appeal route (#118)
-- B1 upc.pi.cfi.appeal_spawn UPC RoP R.220.1(a) / R.224.1(a) 2mo, spawn → upc.apl.merits (id=11)
--
-- Source citations:
-- * docs/research-deadlines-completeness-2026-05-25.md
-- — §2.1 (upc.dmgs.cfi has only 4 rules: R.131.2 / R.137.2 / R.139)
-- — §D Damages table (R.144 tree-end row missing — listed
-- in Tier 4 as "cosmetic", upgraded to Tier-0 by m's
-- report once the wider follow-up gap was understood)
-- * docs/audit-upc-rop-deadlines-2026-05-08.md §D row R.144,
-- §F R.220.1(a) / R.224.1(a) (verified verbatim in youpc DB
-- under law_type=UPCRoP).
-- * UPC Rules of Procedure (consolidated):
-- R.105 — Interim conference (court fixes after written
-- procedure closes; same structural shape as the inf
-- interim conference, already modelled as `upc.inf.cfi.interim`).
-- R.118 — Decision after oral hearing; general rule for
-- deciding panels.
-- R.250 — Determination of damages decision; damages-
-- specific decision rule (chains R.144 indication →
-- damages award).
-- R.144 — Final decision on damages quantum (tree-end
-- anchor for §A3).
-- R.220.1(a) — Appeal lies from any final decision /
-- decision disposing of the case at first instance.
-- A PI order under R.211 disposes of the urgent question
-- and is therefore appealable on the main 2-month track
-- (not the 15-day order track of R.220.1(c), which covers
-- case-management and procedural orders requiring leave).
-- Curie's §F table confirms the main-track wiring for
-- decisions on merits / disposing orders.
-- R.224.1(a) — Statement of Appeal within 2 months of
-- service of the final decision; the deadline-notes text
-- mirrors mig 095's inf.appeal_spawn / rev.appeal_spawn.
-- R.224.2(a) — Statement of grounds within 4 months
-- (separate deadline in the spawned upc.apl.merits
-- proceeding; already present as upc.apl.merits.grounds).
--
-- Shape decisions (mirroring mig 012 / mig 095 conventions):
-- * Court-set rows (interim / oral / decision) carry
-- primary_party='court', event_type='hearing'|'decision',
-- duration_value=0, is_court_set=true, parent_id=NULL,
-- concept_id reuses the shared concepts already wired for
-- upc.inf.cfi (interim-conference / oral-hearing / decision).
-- * Spawn rows carry primary_party='both', is_spawn=true,
-- spawn_proceeding_type_id=11 (upc.apl.merits), spawn_label
-- identical to the merits spawn already in production. The
-- spawn row's parent_id is the spawning decision/order row
-- (so the audit log carries the trigger link).
-- * No condition_expr — m's F2.3 decision recorded in mig 095
-- §3: "the appeal deadline should always be triggered by a
-- decision … appeal is always a possibility." Visibility
-- filtering on the frontend hides appeals on projects where
-- no appeal is contemplated.
-- * sequence_order numbering follows the inf convention
-- (40=interim, 50=oral, 60=decision, 80=appeal_spawn) so the
-- Verfahrensablauf timeline orders consistently across
-- proceedings. For PI the existing pi.order sits at
-- sequence_order=3; the appeal_spawn lands at 10 (clear of
-- the writ phase, room for future court-phase rows).
--
-- Idempotency: every INSERT is gated by `WHERE NOT EXISTS (… same
-- submission_code, proceeding_type_id, lifecycle_state)`. Re-apply
-- against an already-migrated DB inserts zero rows and the audit
-- log carries no duplicate entries.
--
-- audit_reason set_config required at the top — the mig 079 trigger
-- on paliad.deadline_rules raises EXCEPTION 'audit reason required'
-- on INSERT/UPDATE/DELETE without it.
SELECT set_config(
'paliad.audit_reason',
'mig 133: t-paliad-285 / m/paliad#117 + t-paliad-286 / m/paliad#118 — UPC Damages tree-end rows (interim conference R.105, oral hearing R.118/R.250, decision R.118/R.144, appeal-spawn R.220.1(a)) and UPC Provisional Measures appeal-spawn R.220.1(a); see docs/research-deadlines-completeness-2026-05-25.md §D and docs/audit-upc-rop-deadlines-2026-05-08.md §D/§F',
true);
-- =============================================================================
-- A. UPC Damages — court-phase tree end (m/paliad#117)
-- =============================================================================
-- A1. upc.dmgs.cfi.interim — Interim conference (UPC RoP R.105).
-- Court-set hearing fixed by the judge-rapporteur once the
-- written procedure closes. Identical shape to
-- upc.inf.cfi.interim; reuses the shared interim-conference
-- concept node.
INSERT INTO paliad.deadline_rules
(proceeding_type_id, parent_id, submission_code, name, name_en,
description, primary_party, event_type,
duration_value, duration_unit, timing,
rule_code, deadline_notes, deadline_notes_en, sequence_order,
is_spawn, spawn_proceeding_type_id, spawn_label,
is_active, legal_source, is_bilateral,
condition_expr, priority, is_court_set, lifecycle_state,
concept_id)
SELECT
17,
NULL,
'upc.dmgs.cfi.interim',
'Zwischenverfahren',
'Interim Conference',
NULL,
'court',
'hearing',
0,
'months',
'after',
NULL,
'Termin vom Gericht bestimmt',
'Date set by the court',
40,
false,
NULL,
NULL,
true,
NULL,
false,
NULL,
'optional',
true,
'published',
'e5071152-d408-4455-b644-9e79d86fd538'
WHERE NOT EXISTS (
SELECT 1 FROM paliad.deadline_rules
WHERE submission_code = 'upc.dmgs.cfi.interim'
AND proceeding_type_id = 17
AND lifecycle_state = 'published');
-- A2. upc.dmgs.cfi.oral — Oral hearing (UPC RoP R.118 / R.250).
-- Court-set hearing after the interim conference / close of
-- written procedure. Same shape as upc.inf.cfi.oral; reuses
-- the shared oral-hearing concept node.
INSERT INTO paliad.deadline_rules
(proceeding_type_id, parent_id, submission_code, name, name_en,
description, primary_party, event_type,
duration_value, duration_unit, timing,
rule_code, deadline_notes, deadline_notes_en, sequence_order,
is_spawn, spawn_proceeding_type_id, spawn_label,
is_active, legal_source, is_bilateral,
condition_expr, priority, is_court_set, lifecycle_state,
concept_id)
SELECT
17,
NULL,
'upc.dmgs.cfi.oral',
'Mündliche Verhandlung',
'Oral Hearing',
NULL,
'court',
'hearing',
0,
'months',
'after',
NULL,
NULL,
NULL,
50,
false,
NULL,
NULL,
true,
NULL,
false,
NULL,
'optional',
true,
'published',
'd6e5b793-dcf1-4d83-81ff-34f42dbb3693'
WHERE NOT EXISTS (
SELECT 1 FROM paliad.deadline_rules
WHERE submission_code = 'upc.dmgs.cfi.oral'
AND proceeding_type_id = 17
AND lifecycle_state = 'published');
-- A3. upc.dmgs.cfi.decision — Damages decision (UPC RoP R.118 /
-- R.144 / R.250). Court-set decision delivered after oral
-- hearing; closes the §3.1 audit gap (R.144 tree-end). Same
-- shape as upc.inf.cfi.decision; reuses the shared decision
-- concept node.
INSERT INTO paliad.deadline_rules
(proceeding_type_id, parent_id, submission_code, name, name_en,
description, primary_party, event_type,
duration_value, duration_unit, timing,
rule_code, deadline_notes, deadline_notes_en, sequence_order,
is_spawn, spawn_proceeding_type_id, spawn_label,
is_active, legal_source, is_bilateral,
condition_expr, priority, is_court_set, lifecycle_state,
concept_id)
SELECT
17,
NULL,
'upc.dmgs.cfi.decision',
'Entscheidung',
'Decision',
NULL,
'court',
'decision',
0,
'months',
'after',
NULL,
NULL,
NULL,
60,
false,
NULL,
NULL,
true,
NULL,
false,
NULL,
'optional',
true,
'published',
'472fc32d-cc4f-4aa4-8ace-e422031812de'
WHERE NOT EXISTS (
SELECT 1 FROM paliad.deadline_rules
WHERE submission_code = 'upc.dmgs.cfi.decision'
AND proceeding_type_id = 17
AND lifecycle_state = 'published');
-- A4. upc.dmgs.cfi.appeal_spawn — Appeal against damages decision
-- (UPC RoP R.220.1(a), 2-month main track; grounds R.224.2(a)
-- run as a separate deadline in the spawned upc.apl.merits
-- proceeding). Parent points at the freshly-inserted
-- upc.dmgs.cfi.decision; the SELECT subquery resolves it
-- after A3 lands. Same shape as the mig 095 inf.appeal_spawn.
INSERT INTO paliad.deadline_rules
(proceeding_type_id, parent_id, submission_code, name, name_en,
description, primary_party, event_type,
duration_value, duration_unit, timing,
rule_code, deadline_notes, deadline_notes_en, sequence_order,
is_spawn, spawn_proceeding_type_id, spawn_label,
is_active, legal_source, is_bilateral,
condition_expr, priority, is_court_set, lifecycle_state)
SELECT
17,
(SELECT id FROM paliad.deadline_rules
WHERE submission_code = 'upc.dmgs.cfi.decision'
AND proceeding_type_id = 17
AND lifecycle_state = 'published'
AND is_active = true),
'upc.dmgs.cfi.appeal_spawn',
'Berufung gegen Schadensentscheidung',
'Appeal against damages decision',
'Berufung gegen die Entscheidung über die Schadensbemessung (R.118 / R.144). Statutarische Frist von 2 Monaten ab Zustellung der Entscheidung (R.224.1(a)); die Berufungsbegründung folgt mit 4 Monaten ab Zustellung (R.224.2(a), eigenständige Frist im Berufungsverfahren).',
'both',
'filing',
2,
'months',
'after',
'RoP.220.1.a',
'Innerhalb von 2 Monaten ab Zustellung der Schadensentscheidung Berufungsschrift einreichen (R.224.1(a)). Die Berufungsbegründung (R.224.2(a), 4 Monate) läuft als separate Frist im Berufungsverfahren.',
'Within 2 months of service of the damages decision lodge the Statement of appeal (R.224.1(a)). The Statement of grounds (R.224.2(a), 4 months) runs as an independent deadline in the appeal proceeding.',
80,
true,
11,
'Berufungsverfahren öffnen',
true,
'UPC.RoP.220.1',
false,
NULL,
'optional',
false,
'published'
WHERE NOT EXISTS (
SELECT 1 FROM paliad.deadline_rules
WHERE submission_code = 'upc.dmgs.cfi.appeal_spawn'
AND proceeding_type_id = 17
AND lifecycle_state = 'published');
-- =============================================================================
-- B. UPC Provisional Measures — appeal route (m/paliad#118)
-- =============================================================================
-- B1. upc.pi.cfi.appeal_spawn — Appeal against PI order (UPC RoP
-- R.220.1(a), 2-month main track). PI orders under R.211
-- dispose of the urgent question and are appealable on the
-- main 2-month track (R.220.1(a)/R.224.1(a)); the 15-day
-- order track of R.220.1(c) is for case-management /
-- procedural orders requiring leave and does not apply to
-- PI dispositions. Parent points at the existing
-- upc.pi.cfi.order (sequence_order=3) so the spawn fires
-- once the order is anchored on a project's timeline.
INSERT INTO paliad.deadline_rules
(proceeding_type_id, parent_id, submission_code, name, name_en,
description, primary_party, event_type,
duration_value, duration_unit, timing,
rule_code, deadline_notes, deadline_notes_en, sequence_order,
is_spawn, spawn_proceeding_type_id, spawn_label,
is_active, legal_source, is_bilateral,
condition_expr, priority, is_court_set, lifecycle_state)
SELECT
10,
(SELECT id FROM paliad.deadline_rules
WHERE submission_code = 'upc.pi.cfi.order'
AND proceeding_type_id = 10
AND lifecycle_state = 'published'
AND is_active = true),
'upc.pi.cfi.appeal_spawn',
'Berufung gegen Anordnung',
'Appeal against PI order',
'Berufung gegen die einstweilige Anordnung nach R.211. Eine PI-Anordnung erledigt die einstweilige Streitfrage und wird wie eine Endentscheidung im Hauptverfahren behandelt: statutarische Frist von 2 Monaten ab Zustellung (R.224.1(a)); die Berufungsbegründung folgt mit 4 Monaten ab Zustellung (R.224.2(a), eigenständige Frist im Berufungsverfahren). Die 15-Tage-Spur nach R.220.1(c) / R.220.2 gilt für Verfahrensanordnungen mit Zulassung und ist hier nicht einschlägig.',
'both',
'filing',
2,
'months',
'after',
'RoP.220.1.a',
'Innerhalb von 2 Monaten ab Zustellung der PI-Anordnung Berufungsschrift einreichen (R.224.1(a)). Die Berufungsbegründung (R.224.2(a), 4 Monate) läuft als separate Frist im Berufungsverfahren.',
'Within 2 months of service of the PI order lodge the Statement of appeal (R.224.1(a)). The Statement of grounds (R.224.2(a), 4 months) runs as an independent deadline in the appeal proceeding.',
10,
true,
11,
'Berufungsverfahren öffnen',
true,
'UPC.RoP.220.1',
false,
NULL,
'optional',
false,
'published'
WHERE NOT EXISTS (
SELECT 1 FROM paliad.deadline_rules
WHERE submission_code = 'upc.pi.cfi.appeal_spawn'
AND proceeding_type_id = 10
AND lifecycle_state = 'published');
-- =============================================================================
-- C. Post-insert verification — raise if any expected row is missing
-- (matches the mig 095 / 127 convention; protects against a future
-- re-shape of the table that silently drops one of the WHERE NOT
-- EXISTS predicates).
-- =============================================================================
DO $$
DECLARE
v_missing text;
BEGIN
SELECT string_agg(expected, ', ' ORDER BY expected)
INTO v_missing
FROM (VALUES
('upc.dmgs.cfi.interim'),
('upc.dmgs.cfi.oral'),
('upc.dmgs.cfi.decision'),
('upc.dmgs.cfi.appeal_spawn'),
('upc.pi.cfi.appeal_spawn')
) AS t(expected)
WHERE NOT EXISTS (
SELECT 1 FROM paliad.deadline_rules dr
WHERE dr.submission_code = t.expected
AND dr.lifecycle_state = 'published'
AND dr.is_active = true);
IF v_missing IS NOT NULL THEN
RAISE EXCEPTION
'mig 133: expected published rules missing after insert: %', v_missing;
END IF;
IF NOT EXISTS (
SELECT 1 FROM paliad.deadline_rules dr
WHERE dr.submission_code = 'upc.dmgs.cfi.appeal_spawn'
AND dr.proceeding_type_id = 17
AND dr.spawn_proceeding_type_id = 11
AND dr.is_spawn = true
AND dr.parent_id IS NOT NULL
AND dr.lifecycle_state = 'published'
) THEN
RAISE EXCEPTION
'mig 133: upc.dmgs.cfi.appeal_spawn shape check failed (expected is_spawn=true, spawn_proceeding_type_id=11, parent_id set)';
END IF;
IF NOT EXISTS (
SELECT 1 FROM paliad.deadline_rules dr
WHERE dr.submission_code = 'upc.pi.cfi.appeal_spawn'
AND dr.proceeding_type_id = 10
AND dr.spawn_proceeding_type_id = 11
AND dr.is_spawn = true
AND dr.parent_id IS NOT NULL
AND dr.lifecycle_state = 'published'
) THEN
RAISE EXCEPTION
'mig 133: upc.pi.cfi.appeal_spawn shape check failed (expected is_spawn=true, spawn_proceeding_type_id=11, parent_id set)';
END IF;
END $$;

72
internal/db/migrations/134_berufung_unification.down.sql
View File

@@ -1,72 +0,0 @@
-- 134_berufung_unification — DOWN
--
-- Reverses the Berufung unification: un-archives the 3 old appeal
-- proceeding_types, points the 16 rules back at their original
-- proceeding by their applies_to_target stamp, drops the new
-- upc.apl row, drops the two columns + their CHECK constraints.
--
-- The 3 old proceeding_types are recovered by code (we archived them,
-- never deleted them — that's what makes this down-migration safe).
-- ---------------------------------------------------------------
-- ---------------------------------------------------------------
-- 0. Audit reason (required by mig 079 trigger — step 2 UPDATEs
-- paliad.deadline_rules to reverse the reassignment).
-- ---------------------------------------------------------------
SELECT set_config(
'paliad.audit_reason',
'mig 134 DOWN: revert Slice B1 — restore 3 separate UPC appeal proceeding_types, drop applies_to_target column',
true);
-- ---------------------------------------------------------------
-- 1. Un-archive the 3 old appeal proceeding_types.
-- ---------------------------------------------------------------
UPDATE paliad.proceeding_types
SET is_active = true
WHERE code IN ('upc.apl.merits', 'upc.apl.cost', 'upc.apl.order');
-- ---------------------------------------------------------------
-- 2. Point rules back at their original proceeding_type by stamp.
-- ---------------------------------------------------------------
UPDATE paliad.deadline_rules dr
SET proceeding_type_id = (
SELECT id FROM paliad.proceeding_types WHERE code = 'upc.apl.merits'
)
WHERE dr.applies_to_target = ARRAY['endentscheidung']::text[];
UPDATE paliad.deadline_rules dr
SET proceeding_type_id = (
SELECT id FROM paliad.proceeding_types WHERE code = 'upc.apl.cost'
)
WHERE dr.applies_to_target = ARRAY['kostenentscheidung']::text[];
UPDATE paliad.deadline_rules dr
SET proceeding_type_id = (
SELECT id FROM paliad.proceeding_types WHERE code = 'upc.apl.order'
)
WHERE dr.applies_to_target = ARRAY['anordnung']::text[];
-- ---------------------------------------------------------------
-- 3. Drop the unified upc.apl.unified row (now orphaned).
-- ---------------------------------------------------------------
DELETE FROM paliad.proceeding_types WHERE code = 'upc.apl.unified';
-- ---------------------------------------------------------------
-- 4. Drop the new columns + their CHECK constraints.
-- ---------------------------------------------------------------
ALTER TABLE paliad.deadline_rules
DROP CONSTRAINT IF EXISTS deadline_rules_applies_to_target_chk;
ALTER TABLE paliad.deadline_rules
DROP COLUMN IF EXISTS applies_to_target;
ALTER TABLE paliad.proceeding_types
DROP CONSTRAINT IF EXISTS proceeding_types_appeal_target_chk;
ALTER TABLE paliad.proceeding_types
DROP COLUMN IF EXISTS appeal_target;

272
internal/db/migrations/134_berufung_unification.up.sql
View File

@@ -1,272 +0,0 @@
-- 134_berufung_unification — Slice B1, m/paliad#124, t-paliad-298+
--
-- Collapses the 3 active UPC appeal proceeding_types (upc.apl.merits,
-- upc.apl.cost, upc.apl.order — 16 rules across 3 codes) into ONE
-- unified upc.apl proceeding type + an `appeal_target` discriminator on
-- both proceeding_types (top-level marker) and deadline_rules
-- (per-row applies-to set, text[] for multi-target rules).
--
-- ADDITIVE ONLY. The migration:
-- 1. Adds the two columns + check constraints.
-- 2. Inserts the new upc.apl proceeding type.
-- 3. Audit-first: NOTICES every row about to be touched.
-- 4. Reassigns rule rows from the 3 old types to upc.apl, stamping
-- applies_to_target by source proceeding code.
-- 5. Archives (is_active=false) the 3 old proceeding_types — NEVER
-- deletes them, so any historical project_event_choices / FK
-- references stay intact.
--
-- Schadensbemessung + Bucheinsicht get NO rule rows in this migration
-- (m's 2026-05-26 decision: distinct rule sets, not shared with
-- merits). Their appeal_target enum values are defined and addressable
-- by CalcOptions.AppealTarget; the engine returns an empty timeline
-- until rules are seeded in a follow-up slice (likely via
-- /admin/rules, pairing with t-paliad-193 orphan-concept-seed).
--
-- See docs/design-litigation-planner-2026-05-26.md §18.1.
-- ---------------------------------------------------------------
-- 0. Audit reason (required by mig 079 trigger for any UPDATE on
-- paliad.deadline_rules — step 4 reassigns 16 rules).
-- ---------------------------------------------------------------
SELECT set_config(
'paliad.audit_reason',
'mig 134: t-paliad-292 Slice B1 — Berufung unification, collapse 3 UPC appeal proceeding_types into upc.apl.unified + appeal_target discriminator',
true);
-- ---------------------------------------------------------------
-- 1. Schema additions
-- ---------------------------------------------------------------
ALTER TABLE paliad.proceeding_types
ADD COLUMN appeal_target text NULL;
ALTER TABLE paliad.proceeding_types
ADD CONSTRAINT proceeding_types_appeal_target_chk
CHECK (appeal_target IS NULL OR appeal_target IN (
'endentscheidung',
'kostenentscheidung',
'anordnung',
'schadensbemessung',
'bucheinsicht'
));
COMMENT ON COLUMN paliad.proceeding_types.appeal_target IS
'Top-level appeal-target marker. NULL on non-appeal proceedings. '
'Reserved for future variants — today only the unified upc.apl row '
'has this NULL (the actual per-rule target set lives on '
'paliad.deadline_rules.applies_to_target).';
ALTER TABLE paliad.deadline_rules
ADD COLUMN applies_to_target text[] NULL;
ALTER TABLE paliad.deadline_rules
ADD CONSTRAINT deadline_rules_applies_to_target_chk
CHECK (
applies_to_target IS NULL
OR applies_to_target <@ ARRAY[
'endentscheidung',
'kostenentscheidung',
'anordnung',
'schadensbemessung',
'bucheinsicht'
]::text[]
);
COMMENT ON COLUMN paliad.deadline_rules.applies_to_target IS
'Set of appeal_target slugs this rule applies to. NULL on rules '
'that don''t belong to an appeal proceeding. The engine filters '
'by CalcOptions.AppealTarget — rules whose applies_to_target '
'contains the requested slug are emitted; others are suppressed.';
-- ---------------------------------------------------------------
-- 2. Insert the unified upc.apl row.
--
-- Inherits default_color from the merits row (the most-used appeal
-- track today). sort_order follows the cluster of UPC proceedings;
-- placed just before upc.apl.merits's old slot so the chip-grouped
-- picker UI lands Berufung in a sensible position. Tweakable later
-- without a migration.
-- ---------------------------------------------------------------
INSERT INTO paliad.proceeding_types (
code, name, name_en, description, jurisdiction, category,
default_color, sort_order, is_active, display_order,
appeal_target
)
SELECT
'upc.apl.unified',
'Berufungsverfahren',
'Appeal',
'Vereinheitlichtes Berufungsverfahren — wählen Sie anschließend, '
'worauf die Berufung sich richtet (Endentscheidung, '
'Kostenentscheidung, Anordnung, Schadensbemessung, Bucheinsicht).',
'UPC',
'fristenrechner',
default_color,
sort_order,
true,
display_order,
NULL
FROM paliad.proceeding_types
WHERE code = 'upc.apl.merits';
-- ---------------------------------------------------------------
-- 3. Audit-first RAISE NOTICE pass.
--
-- Lists every rule row that will be reassigned + every proceeding_type
-- row that will be archived. The migration runs to completion either
-- way; the operator reads the notices to confirm scope before the
-- next migration in the chain.
-- ---------------------------------------------------------------
DO $$
DECLARE
rec record;
upc_apl_id int;
rules_touched int := 0;
procs_archived int := 0;
BEGIN
SELECT id INTO upc_apl_id
FROM paliad.proceeding_types
WHERE code = 'upc.apl.unified';
RAISE NOTICE '[mig 134] new upc.apl.unified proceeding_type_id = %', upc_apl_id;
RAISE NOTICE '[mig 134] Rules to reassign to upc.apl.unified with applies_to_target:';
FOR rec IN
SELECT dr.id AS rule_id,
pt.code AS old_proceeding,
dr.submission_code,
dr.name
FROM paliad.deadline_rules dr
JOIN paliad.proceeding_types pt ON pt.id = dr.proceeding_type_id
WHERE pt.code IN ('upc.apl.merits', 'upc.apl.cost', 'upc.apl.order')
AND dr.is_active = true
ORDER BY pt.code, dr.sequence_order
LOOP
RAISE NOTICE '[mig 134] % % % (%)',
rec.old_proceeding, rec.submission_code, rec.name, rec.rule_id;
rules_touched := rules_touched + 1;
END LOOP;
RAISE NOTICE '[mig 134] Total rules to reassign: %', rules_touched;
RAISE NOTICE '[mig 134] Proceeding_types to archive (is_active=false):';
FOR rec IN
SELECT id, code, name
FROM paliad.proceeding_types
WHERE code IN ('upc.apl.merits', 'upc.apl.cost', 'upc.apl.order')
ORDER BY sort_order
LOOP
RAISE NOTICE '[mig 134] % % (id=%)', rec.code, rec.name, rec.id;
procs_archived := procs_archived + 1;
END LOOP;
RAISE NOTICE '[mig 134] Total proceeding_types to archive: %', procs_archived;
END $$;
-- ---------------------------------------------------------------
-- 4. Reassign rule rows.
--
-- Stamp applies_to_target by source proceeding code, then point all
-- 16 rules at the new upc.apl row.
-- ---------------------------------------------------------------
-- 4a. upc.apl.merits → applies_to_target = {endentscheidung}
UPDATE paliad.deadline_rules dr
SET applies_to_target = ARRAY['endentscheidung']::text[]
FROM paliad.proceeding_types pt
WHERE pt.id = dr.proceeding_type_id
AND pt.code = 'upc.apl.merits'
AND dr.is_active = true;
-- 4b. upc.apl.cost → applies_to_target = {kostenentscheidung}
UPDATE paliad.deadline_rules dr
SET applies_to_target = ARRAY['kostenentscheidung']::text[]
FROM paliad.proceeding_types pt
WHERE pt.id = dr.proceeding_type_id
AND pt.code = 'upc.apl.cost'
AND dr.is_active = true;
-- 4c. upc.apl.order → applies_to_target = {anordnung}
UPDATE paliad.deadline_rules dr
SET applies_to_target = ARRAY['anordnung']::text[]
FROM paliad.proceeding_types pt
WHERE pt.id = dr.proceeding_type_id
AND pt.code = 'upc.apl.order'
AND dr.is_active = true;
-- 4d. Reassign all 16 rules to the new upc.apl.unified proceeding_type row.
UPDATE paliad.deadline_rules dr
SET proceeding_type_id = (
SELECT id FROM paliad.proceeding_types WHERE code = 'upc.apl.unified'
)
FROM paliad.proceeding_types pt
WHERE pt.id = dr.proceeding_type_id
AND pt.code IN ('upc.apl.merits', 'upc.apl.cost', 'upc.apl.order');
-- ---------------------------------------------------------------
-- 5. Archive the 3 old proceeding_types.
--
-- NEVER DELETE — historical project_event_choices and project FKs
-- (paliad.projects.proceeding_type_id) may still reference these IDs.
-- The is_active=false flag stops them appearing in the picker but
-- preserves FK integrity for historical reads.
-- ---------------------------------------------------------------
UPDATE paliad.proceeding_types
SET is_active = false
WHERE code IN ('upc.apl.merits', 'upc.apl.cost', 'upc.apl.order');
-- ---------------------------------------------------------------
-- 6. Post-migration sanity check.
-- ---------------------------------------------------------------
DO $$
DECLARE
unified_count int;
archived_count int;
target_distribution record;
BEGIN
SELECT COUNT(*) INTO unified_count
FROM paliad.deadline_rules dr
JOIN paliad.proceeding_types pt ON pt.id = dr.proceeding_type_id
WHERE pt.code = 'upc.apl.unified' AND dr.is_active = true;
RAISE NOTICE '[mig 134] post: rules on unified upc.apl.unified = % (expected 16)', unified_count;
IF unified_count <> 16 THEN
RAISE EXCEPTION '[mig 134] FAILED — expected 16 rules on upc.apl.unified, got %', unified_count;
END IF;
SELECT COUNT(*) INTO archived_count
FROM paliad.proceeding_types
WHERE code IN ('upc.apl.merits', 'upc.apl.cost', 'upc.apl.order')
AND is_active = false;
RAISE NOTICE '[mig 134] post: archived old appeal proceeding_types = % (expected 3)', archived_count;
IF archived_count <> 3 THEN
RAISE EXCEPTION '[mig 134] FAILED — expected 3 archived types, got %', archived_count;
END IF;
FOR target_distribution IN
SELECT unnest(applies_to_target) AS target, COUNT(*) AS n
FROM paliad.deadline_rules dr
JOIN paliad.proceeding_types pt ON pt.id = dr.proceeding_type_id
WHERE pt.code = 'upc.apl.unified' AND dr.is_active = true
GROUP BY unnest(applies_to_target)
ORDER BY 1
LOOP
RAISE NOTICE '[mig 134] post: applies_to_target=% count=%',
target_distribution.target, target_distribution.n;
END LOOP;
END $$;
-- ---------------------------------------------------------------
-- TODO (follow-up slice, not in 134):
--
-- Seed rules for Schadensbemessung-as-appeal + Bucheinsicht-as-appeal.
-- m's 2026-05-26 decision: distinct rule sets, NOT shared with merits.
-- - Schadensbemessung: anchor on R.118.4 decision; conjecture 2/4-month
-- merits-style track but distinct legal basis.
-- - Bucheinsicht: anchor on R.142 (Lay-open-books decision); conjecture
-- 15-day track per R.220.2 + R.224.2.b.
-- Can pair with t-paliad-193 orphan-concept-seed if m wants a combined
-- editorial pass via /admin/rules.
-- ---------------------------------------------------------------

8
internal/db/migrations/135_primary_party_check.down.sql
View File

@@ -1,8 +0,0 @@
-- 135_primary_party_check — DOWN
--
-- Drops the CHECK constraint added in 135.up. No data revert needed
-- — the column stays text, the four-value vocab is enforced only by
-- application code thereafter.
ALTER TABLE paliad.deadline_rules
DROP CONSTRAINT IF EXISTS deadline_rules_primary_party_chk;

92
internal/db/migrations/135_primary_party_check.up.sql
View File

@@ -1,92 +0,0 @@
-- 135_primary_party_check — Slice B3, m/paliad#124 §18.3
--
-- Tightens paliad.deadline_rules.primary_party from free-text to a
-- CHECK constraint over the canonical four-value vocabulary
-- (claimant / defendant / court / both). NULL stays valid for the
-- 78 cross-cutting orphan concept seeds (Wiedereinsetzung,
-- Versäumnisurteil-Einspruch, Schriftsatznachreichung,
-- Weiterbehandlung) — they have no proceeding_type_id binding so
-- they're outside the calculator's path; loosening the CHECK to
-- "IS NULL OR IN (…)" keeps them valid without backfill gymnastics.
--
-- Audit-first: the DO block RAISEs NOTICE for every non-conforming
-- row before adding the CHECK, and RAISEs EXCEPTION if any dirty
-- rows are found so the operator can decide a manual cleanup path.
-- Live audit (Supabase, 2026-05-26 §18.0) confirmed zero dirty rows
-- on the current corpus: 26 claimant + 26 defendant + 38 court +
-- 63 both + 78 NULL = 231 total, all in the canonical vocab. The
-- audit pass stays in the migration for safety against future drift
-- (e.g. a rule editor write that bypassed the application-layer
-- validation hook this slice also adds).
DO $$
DECLARE
rec record;
dirty_count int := 0;
BEGIN
RAISE NOTICE '[mig 135] primary_party audit pass — non-conforming rows:';
FOR rec IN
SELECT dr.id, dr.name, dr.primary_party,
pt.code AS proceeding_code
FROM paliad.deadline_rules dr
LEFT JOIN paliad.proceeding_types pt ON pt.id = dr.proceeding_type_id
WHERE dr.is_active = true
AND dr.primary_party IS NOT NULL
AND dr.primary_party NOT IN ('claimant', 'defendant', 'court', 'both')
ORDER BY pt.code NULLS LAST, dr.name
LOOP
RAISE NOTICE '[mig 135] % % primary_party=% (rule=%)',
COALESCE(rec.proceeding_code, '<orphan>'),
rec.name,
rec.primary_party,
rec.id;
dirty_count := dirty_count + 1;
END LOOP;
IF dirty_count > 0 THEN
RAISE EXCEPTION '[mig 135] FAILED — % rule(s) carry non-canonical primary_party values. '
'Manual cleanup required: update each row to one of '
'''claimant'', ''defendant'', ''court'', ''both'', or NULL. '
'See the NOTICE lines above for the offending rows.', dirty_count;
END IF;
RAISE NOTICE '[mig 135] audit clean — proceeding with CHECK constraint';
END $$;
-- ---------------------------------------------------------------
-- Add the CHECK constraint. NULL stays valid; the four canonical
-- values are the only allowed non-NULL forms.
-- ---------------------------------------------------------------
ALTER TABLE paliad.deadline_rules
ADD CONSTRAINT deadline_rules_primary_party_chk
CHECK (
primary_party IS NULL
OR primary_party IN ('claimant', 'defendant', 'court', 'both')
);
COMMENT ON CONSTRAINT deadline_rules_primary_party_chk
ON paliad.deadline_rules IS
'Slice B3 (mig 135, m/paliad#124 §18.3) — canonical four-value '
'vocab for primary_party (claimant / defendant / court / both). '
'NULL allowed for cross-cutting orphan concept seeds (78 rows in '
'live corpus as of mig 135). See pkg/litigationplanner.PrimaryParties '
'for the in-code vocabulary.';
-- ---------------------------------------------------------------
-- Post-migration distribution check — informational NOTICE only.
-- ---------------------------------------------------------------
DO $$
DECLARE
rec record;
BEGIN
RAISE NOTICE '[mig 135] post: primary_party distribution after constraint add:';
FOR rec IN
SELECT COALESCE(primary_party, '<NULL>') AS party, COUNT(*) AS n
FROM paliad.deadline_rules
WHERE is_active = true
GROUP BY primary_party
ORDER BY party
LOOP
RAISE NOTICE '[mig 135] % count=%', rec.party, rec.n;
END LOOP;
END $$;

19
internal/db/migrations/136_procedural_events_additive.down.sql
View File

@@ -1,19 +0,0 @@
-- 136_procedural_events_additive (down) — Slice B.1, t-paliad-273
--
-- Safe to run at any point in B.1's lifetime. Up does NOT touch
-- paliad.deadline_rules, so dropping the new tables + columns loses no
-- application data — every source row in deadline_rules is intact and
-- authoritative through the dual-write window.
--
-- Reverse order: drop indexes implicitly via DROP TABLE, drop the two
-- deadlines link columns first (their FKs target procedural_events +
-- sequencing_rules), then drop the three new tables in FK-safe order
-- (sequencing_rules → procedural_events → legal_sources).
ALTER TABLE paliad.deadlines
DROP COLUMN IF EXISTS procedural_event_id,
DROP COLUMN IF EXISTS sequencing_rule_id;
DROP TABLE IF EXISTS paliad.sequencing_rules;
DROP TABLE IF EXISTS paliad.procedural_events;
DROP TABLE IF EXISTS paliad.legal_sources;

488
internal/db/migrations/136_procedural_events_additive.up.sql
View File

@@ -1,488 +0,0 @@
-- 136_procedural_events_additive — Slice B.1, t-paliad-273 / m/paliad#93
--
-- ADDITIVE ONLY. Creates the three new tables that split today's
-- paliad.deadline_rules into its three latent concepts (per the
-- 2026-05-25 inventor design + 2026-05-26 B.0 re-validation):
--
-- 1. paliad.legal_sources — the source-of-law citations
-- (DE.PatG.102, UPC.RoP.220.1, …)
-- 2. paliad.procedural_events — the procedural-event templates
-- (Rechtsbeschwerdebegründung, etc.;
-- successor of `submission_code`)
-- 3. paliad.sequencing_rules — the timing + trigger + condition
-- mechanics (today's per-row data)
--
-- and adds two nullable link columns on paliad.deadlines so B.2's
-- dual-write phase has somewhere to point.
--
-- The migration does NOT touch paliad.deadline_rules. The legacy table
-- stays intact and authoritative for reads until B.3 flips the cutover.
-- deadlines.rule_id stays in place (read by the calculator + projection
-- service). No app code is changed by this migration; B.2 introduces
-- the dual-write that wires services to the new tables.
--
-- Backfill plan (cf. design §5.1 + B.0 findings §7):
-- * legal_sources <- DISTINCT legal_source FROM deadline_rules WHERE
-- legal_source IS NOT NULL. pretty_de/pretty_en
-- LEFT NULL for now (legalSourcePretty() in Go
-- continues to materialise them on read; a future
-- slice backfills them via a Go shim).
-- * procedural_events <-
-- (a) DISTINCT ON (submission_code) FROM deadline_rules WHERE
-- submission_code IS NOT NULL — picks the lowest-id rule per
-- code as the procedural-event identity source.
-- (b) one synthetic procedural_event per NULL-submission_code
-- rule, code = 'null.' || substring(replace(id::text,'-',''),1,8).
-- m's pick (paliadin instruction 2026-05-26): mint synthetic
-- codes so every deadline_rules row ends up with a
-- procedural_events row, preserving the 1:1 sequencing-rule
-- backfill and keeping the NOT NULL FK on
-- sequencing_rules.procedural_event_id intact.
-- * sequencing_rules <- 1:1 from deadline_rules. The new row inherits
-- the source row's id so that any existing
-- paliad.deadlines.rule_id FK target stays resolvable through
-- the dual-write window (design §5.1 step 4).
-- * deadlines.procedural_event_id + sequencing_rule_id <- joined from
-- sequencing_rules on the inherited id.
--
-- Design deviations (intentional, documented):
-- - procedural_events.event_kind is NULLABLE (design proposed NOT NULL
-- with 'other' fallback). Today 89 deadline_rules rows have NULL
-- event_type — these are "structural / parent-only rows in the
-- proceeding tree" per B.0 §1. Forcing them to 'other' would lose
-- semantics. A later slice can tighten this to NOT NULL after the
-- 78+11 NULLs are reclassified.
-- - legal_sources.pretty_de / pretty_en are NULLABLE (design proposed
-- NOT NULL). Materialising them requires the Go-side
-- legalSourcePretty() function — out of scope for a SQL migration.
-- The Go read path continues to compute them on the fly from
-- legal_source / citation; a future slice (Go shim driven from
-- internal/services/submission_vars.go:619) backfills them.
-- - submission_drafts is NOT modified. The design proposes adding
-- procedural_event_id there too (§4.1 §5.1 step 6) but the B.1
-- instruction scope is explicit: tables + deadlines columns only.
-- submission_drafts continues to key off submission_code text.
--
-- Audit pattern follows mig 135 (Slice B3): PRE-pass counts what we
-- expect to write, BACKFILL runs the SELECT-INSERTs, POST-pass verifies
-- row counts and FK integrity. Any mismatch RAISE EXCEPTIONs and the
-- transaction rolls back — operator sees the NOTICE lines and the
-- failed assertion message.
--
-- See: docs/design-procedural-events-model-2026-05-25.md §4 + §5
-- docs/design-procedural-events-b0-findings-2026-05-26.md §7
-- ---------------------------------------------------------------
-- 0. PRE pass — snapshot what we're about to backfill
-- ---------------------------------------------------------------
DO $$
DECLARE
v_rules int;
v_codes_nn int;
v_codes_distinct int;
v_codes_null int;
v_legal_distinct int;
v_concept_linked int;
v_dups int;
BEGIN
SELECT COUNT(*) INTO v_rules FROM paliad.deadline_rules;
SELECT COUNT(*) INTO v_codes_nn FROM paliad.deadline_rules WHERE submission_code IS NOT NULL;
SELECT COUNT(DISTINCT submission_code) INTO v_codes_distinct
FROM paliad.deadline_rules WHERE submission_code IS NOT NULL;
SELECT COUNT(*) INTO v_codes_null FROM paliad.deadline_rules WHERE submission_code IS NULL;
SELECT COUNT(DISTINCT legal_source) INTO v_legal_distinct
FROM paliad.deadline_rules WHERE legal_source IS NOT NULL;
SELECT COUNT(*) INTO v_concept_linked FROM paliad.deadline_rules WHERE concept_id IS NOT NULL;
RAISE NOTICE '[mig 136] PRE: deadline_rules=%, with_submission_code=%, distinct_codes=%, null_codes=%, distinct_legal_sources=%, concept_linked=%',
v_rules, v_codes_nn, v_codes_distinct, v_codes_null, v_legal_distinct, v_concept_linked;
-- Defensive: refuse to run if multi-row submission_codes have crept
-- back in. B.0 (2026-05-26) found zero; mig 134 + 135 do not add
-- any. If this CHECK ever fires the backfill arithmetic below
-- breaks silently (one PE per code becomes ambiguous), so abort.
SELECT COUNT(*) INTO v_dups FROM (
SELECT submission_code
FROM paliad.deadline_rules
WHERE submission_code IS NOT NULL
GROUP BY submission_code
HAVING COUNT(*) > 1
) d;
IF v_dups > 0 THEN
RAISE EXCEPTION '[mig 136] FAILED PRE: % submission_code value(s) appear on >1 deadline_rules row. '
'The B.0 audit (2026-05-26) found zero. If you are seeing this, a rule was added that '
'duplicates an existing submission_code (or the _archived_litigation.* rows returned). '
'Decide whether the new schema collapses them (multiple sequencing rules → one '
'procedural event) or whether each row gets its own code, then update this migration '
'or the offending data before re-running.', v_dups;
END IF;
END $$;
-- ---------------------------------------------------------------
-- 1. CREATE TABLE paliad.legal_sources
-- ---------------------------------------------------------------
CREATE TABLE paliad.legal_sources (
id uuid PRIMARY KEY DEFAULT gen_random_uuid(),
citation text NOT NULL UNIQUE,
jurisdiction text NOT NULL,
pretty_de text,
pretty_en text,
notes text,
created_at timestamptz NOT NULL DEFAULT now(),
updated_at timestamptz NOT NULL DEFAULT now()
);
COMMENT ON TABLE paliad.legal_sources IS
'Source-of-law citations (DE.PatG.102, UPC.RoP.220.1, …). One row per '
'distinct citation shorthand. pretty_de/pretty_en backfilled by a '
'future Go-driven slice; until then NULL and the Go service ('
'internal/services/submission_vars.go:619 legalSourcePretty) computes '
'the human-readable form on read from the citation. Slice B.1 t-paliad-273.';
CREATE INDEX legal_sources_jurisdiction_idx ON paliad.legal_sources(jurisdiction);
-- ---------------------------------------------------------------
-- 2. CREATE TABLE paliad.procedural_events
-- ---------------------------------------------------------------
CREATE TABLE paliad.procedural_events (
id uuid PRIMARY KEY DEFAULT gen_random_uuid(),
code text NOT NULL UNIQUE,
name text NOT NULL,
name_en text NOT NULL DEFAULT '',
description text,
event_kind text,
primary_party_default text,
legal_source_id uuid REFERENCES paliad.legal_sources(id),
concept_id uuid REFERENCES paliad.deadline_concepts(id),
lifecycle_state text NOT NULL DEFAULT 'published',
draft_of uuid REFERENCES paliad.procedural_events(id),
published_at timestamptz,
is_active boolean NOT NULL DEFAULT true,
created_at timestamptz NOT NULL DEFAULT now(),
updated_at timestamptz NOT NULL DEFAULT now()
);
COMMENT ON TABLE paliad.procedural_events IS
'Procedural-event templates — the "what kind of step is this in the '
'proceeding" hat of the legacy paliad.deadline_rules row. One row per '
'unique submission_code, plus one synthetic row per NULL-submission_code '
'rule (code prefix "null."). Slice B.1 t-paliad-273.';
COMMENT ON COLUMN paliad.procedural_events.event_kind IS
'filing|reply|hearing|decision|order|other. NULLABLE for now — 89 '
'rules in the live corpus have NULL event_type (structural / parent-only '
'rows in the proceeding tree). A future slice can tighten to NOT NULL '
'after these are reclassified.';
COMMENT ON COLUMN paliad.procedural_events.concept_id IS
'Optional reference to a deadline_concepts row. N:1 — one concept may '
'be shared by many procedural events (e.g. "Berufungsfrist" attaches to '
'all four court-specific Berufung procedural events). Do NOT add UNIQUE.';
CREATE INDEX procedural_events_concept_id_idx ON paliad.procedural_events(concept_id);
CREATE INDEX procedural_events_event_kind_idx ON paliad.procedural_events(event_kind);
CREATE INDEX procedural_events_lifecycle_idx ON paliad.procedural_events(lifecycle_state);
CREATE INDEX procedural_events_legal_source_idx ON paliad.procedural_events(legal_source_id);
-- ---------------------------------------------------------------
-- 3. CREATE TABLE paliad.sequencing_rules
-- ---------------------------------------------------------------
CREATE TABLE paliad.sequencing_rules (
id uuid PRIMARY KEY DEFAULT gen_random_uuid(),
procedural_event_id uuid NOT NULL REFERENCES paliad.procedural_events(id),
proceeding_type_id integer REFERENCES paliad.proceeding_types(id),
parent_id uuid REFERENCES paliad.sequencing_rules(id),
trigger_event_id bigint REFERENCES paliad.trigger_events(id),
duration_value integer NOT NULL DEFAULT 0,
duration_unit text NOT NULL DEFAULT 'months',
timing text DEFAULT 'after',
alt_duration_value integer,
alt_duration_unit text,
alt_rule_code text,
anchor_alt text,
combine_op text,
condition_expr jsonb,
primary_party text,
sequence_order integer NOT NULL DEFAULT 0,
is_spawn boolean NOT NULL DEFAULT false,
spawn_label text,
spawn_proceeding_type_id integer REFERENCES paliad.proceeding_types(id),
is_bilateral boolean NOT NULL DEFAULT false,
is_court_set boolean NOT NULL DEFAULT false,
priority text NOT NULL DEFAULT 'mandatory',
rule_code text,
rule_codes text[],
deadline_notes text,
deadline_notes_en text,
choices_offered jsonb,
applies_to_target text[],
lifecycle_state text NOT NULL DEFAULT 'published',
draft_of uuid REFERENCES paliad.sequencing_rules(id),
published_at timestamptz,
is_active boolean NOT NULL DEFAULT true,
created_at timestamptz NOT NULL DEFAULT now(),
updated_at timestamptz NOT NULL DEFAULT now()
);
COMMENT ON TABLE paliad.sequencing_rules IS
'Sequencing-rule mechanics — the "how and when does this fire" hat of '
'the legacy paliad.deadline_rules row. 1:1 with deadline_rules during '
'the dual-write window; the id is inherited from deadline_rules.id so '
'paliad.deadlines.rule_id FKs continue to resolve transitively. '
'Slice B.1 t-paliad-273.';
COMMENT ON COLUMN paliad.sequencing_rules.primary_party IS
'Per-rule override of procedural_events.primary_party_default. Same '
'four-value vocab as deadline_rules.primary_party (mig 135 CHECK). '
'NULL = use procedural-event default. A future slice can add the '
'same CHECK here.';
CREATE INDEX sequencing_rules_pe_proc_lifecycle_idx
ON paliad.sequencing_rules(procedural_event_id, proceeding_type_id, lifecycle_state);
CREATE INDEX sequencing_rules_parent_id_idx ON paliad.sequencing_rules(parent_id);
CREATE INDEX sequencing_rules_trigger_event_idx ON paliad.sequencing_rules(trigger_event_id);
CREATE INDEX sequencing_rules_proceeding_type_idx ON paliad.sequencing_rules(proceeding_type_id);
-- ---------------------------------------------------------------
-- 4. ALTER paliad.deadlines — add link columns
-- ---------------------------------------------------------------
ALTER TABLE paliad.deadlines
ADD COLUMN procedural_event_id uuid REFERENCES paliad.procedural_events(id),
ADD COLUMN sequencing_rule_id uuid REFERENCES paliad.sequencing_rules(id);
COMMENT ON COLUMN paliad.deadlines.procedural_event_id IS
'NULLABLE link to the procedural event this deadline instantiates. '
'Added Slice B.1 (mig 136). B.2 dual-write populates it on every new '
'deadline; B.3 cutover flips reads to use this instead of rule_id. '
'rule_id stays in place until B.4 destructive drop.';
COMMENT ON COLUMN paliad.deadlines.sequencing_rule_id IS
'NULLABLE link to the sequencing rule. Same lifecycle as '
'procedural_event_id — added Slice B.1, dual-written B.2, read in B.3, '
'rule_id dropped in B.4.';
CREATE INDEX deadlines_procedural_event_id_idx ON paliad.deadlines(procedural_event_id);
CREATE INDEX deadlines_sequencing_rule_id_idx ON paliad.deadlines(sequencing_rule_id);
-- ---------------------------------------------------------------
-- 5. BACKFILL — legal_sources
-- ---------------------------------------------------------------
INSERT INTO paliad.legal_sources (citation, jurisdiction)
SELECT DISTINCT
legal_source AS citation,
COALESCE(NULLIF(split_part(legal_source, '.', 1), ''), 'other') AS jurisdiction
FROM paliad.deadline_rules
WHERE legal_source IS NOT NULL;
-- ---------------------------------------------------------------
-- 6. BACKFILL — procedural_events
-- (a) codes-bearing branch: DISTINCT ON (submission_code) picks the
-- lowest-id (tie-break sequence_order) deadline_rules row as the
-- identity source per the design's §5.1 step 3.
-- (b) NULL-code branch: one synthetic row per rule, code minted from
-- the rule id's first 8 hex chars (sans dashes) — m's pick
-- 2026-05-26 (paliadin instruction).
-- ---------------------------------------------------------------
-- (a) codes-bearing rules → one procedural_events row per distinct code
INSERT INTO paliad.procedural_events
(code, name, name_en, description, event_kind, primary_party_default,
legal_source_id, concept_id, lifecycle_state, published_at, is_active)
SELECT
src.submission_code,
src.name,
src.name_en,
src.description,
src.event_type,
src.primary_party,
ls.id,
src.concept_id,
src.lifecycle_state,
src.published_at,
src.is_active
FROM (
SELECT DISTINCT ON (submission_code)
submission_code, name, name_en, description, event_type,
primary_party, concept_id, legal_source, lifecycle_state,
published_at, is_active
FROM paliad.deadline_rules
WHERE submission_code IS NOT NULL
ORDER BY submission_code, id, sequence_order
) src
LEFT JOIN paliad.legal_sources ls ON ls.citation = src.legal_source;
-- (b) NULL-code rules → one synthetic procedural_events row each
INSERT INTO paliad.procedural_events
(code, name, name_en, description, event_kind, primary_party_default,
legal_source_id, concept_id, lifecycle_state, published_at, is_active)
SELECT
'null.' || substring(replace(dr.id::text, '-', ''), 1, 8) AS code,
dr.name,
dr.name_en,
dr.description,
dr.event_type,
dr.primary_party,
ls.id,
dr.concept_id,
dr.lifecycle_state,
dr.published_at,
dr.is_active
FROM paliad.deadline_rules dr
LEFT JOIN paliad.legal_sources ls ON ls.citation = dr.legal_source
WHERE dr.submission_code IS NULL;
-- ---------------------------------------------------------------
-- 7. BACKFILL — sequencing_rules
-- 1:1 with deadline_rules. id inherited so deadlines.rule_id FKs
-- continue to resolve through the dual-write window (design §5.1
-- step 4). procedural_event_id resolved by JOIN on the (real or
-- synthetic) code.
-- ---------------------------------------------------------------
INSERT INTO paliad.sequencing_rules
(id, procedural_event_id, proceeding_type_id, parent_id, trigger_event_id,
duration_value, duration_unit, timing,
alt_duration_value, alt_duration_unit, alt_rule_code, anchor_alt,
combine_op, condition_expr, primary_party, sequence_order,
is_spawn, spawn_label, spawn_proceeding_type_id,
is_bilateral, is_court_set, priority,
rule_code, rule_codes, deadline_notes, deadline_notes_en,
choices_offered, applies_to_target,
lifecycle_state, draft_of, published_at, is_active,
created_at, updated_at)
SELECT
dr.id,
pe.id,
dr.proceeding_type_id,
dr.parent_id,
dr.trigger_event_id,
dr.duration_value, dr.duration_unit, dr.timing,
dr.alt_duration_value, dr.alt_duration_unit, dr.alt_rule_code, dr.anchor_alt,
dr.combine_op, dr.condition_expr, dr.primary_party, dr.sequence_order,
dr.is_spawn, dr.spawn_label, dr.spawn_proceeding_type_id,
dr.is_bilateral, dr.is_court_set, dr.priority,
dr.rule_code, dr.rule_codes, dr.deadline_notes, dr.deadline_notes_en,
dr.choices_offered, dr.applies_to_target,
dr.lifecycle_state,
-- draft_of is a self-FK on deadline_rules; preserve as a self-FK on
-- sequencing_rules since the inherited ids are stable across both.
dr.draft_of,
dr.published_at, dr.is_active,
dr.created_at, dr.updated_at
FROM paliad.deadline_rules dr
JOIN paliad.procedural_events pe
ON pe.code = COALESCE(
dr.submission_code,
'null.' || substring(replace(dr.id::text, '-', ''), 1, 8)
);
-- ---------------------------------------------------------------
-- 8. BACKFILL — paliad.deadlines link columns
-- ---------------------------------------------------------------
UPDATE paliad.deadlines d
SET procedural_event_id = sr.procedural_event_id,
sequencing_rule_id = sr.id
FROM paliad.sequencing_rules sr
WHERE d.rule_id = sr.id;
-- ---------------------------------------------------------------
-- 9. POST pass — integrity assertions
-- ---------------------------------------------------------------
DO $$
DECLARE
v_dr_total int;
v_dr_codes_distinct int;
v_dr_codes_null int;
v_dr_legal_distinct int;
v_pe_total int;
v_sr_total int;
v_ls_total int;
v_orphan_pe int;
v_dup_synthetic int;
v_deadlines_linked int;
v_deadlines_total int;
v_pe_missing_ls int;
BEGIN
SELECT COUNT(*) INTO v_dr_total FROM paliad.deadline_rules;
SELECT COUNT(DISTINCT submission_code)
INTO v_dr_codes_distinct FROM paliad.deadline_rules WHERE submission_code IS NOT NULL;
SELECT COUNT(*) INTO v_dr_codes_null FROM paliad.deadline_rules WHERE submission_code IS NULL;
SELECT COUNT(DISTINCT legal_source)
INTO v_dr_legal_distinct FROM paliad.deadline_rules WHERE legal_source IS NOT NULL;
SELECT COUNT(*) INTO v_pe_total FROM paliad.procedural_events;
SELECT COUNT(*) INTO v_sr_total FROM paliad.sequencing_rules;
SELECT COUNT(*) INTO v_ls_total FROM paliad.legal_sources;
SELECT COUNT(*) INTO v_deadlines_total FROM paliad.deadlines;
SELECT COUNT(*) INTO v_deadlines_linked FROM paliad.deadlines WHERE procedural_event_id IS NOT NULL;
-- a. procedural_events row count = distinct_codes + null_codes
IF v_pe_total <> v_dr_codes_distinct + v_dr_codes_null THEN
RAISE EXCEPTION '[mig 136] FAILED POST: procedural_events count mismatch — got %, expected % (% distinct codes + % null-code rules)',
v_pe_total, v_dr_codes_distinct + v_dr_codes_null, v_dr_codes_distinct, v_dr_codes_null;
END IF;
-- b. sequencing_rules row count = deadline_rules row count (1:1)
IF v_sr_total <> v_dr_total THEN
RAISE EXCEPTION '[mig 136] FAILED POST: sequencing_rules count mismatch — got %, expected % (1:1 with deadline_rules)',
v_sr_total, v_dr_total;
END IF;
-- c. legal_sources row count = distinct legal_source in deadline_rules
IF v_ls_total <> v_dr_legal_distinct THEN
RAISE EXCEPTION '[mig 136] FAILED POST: legal_sources count mismatch — got %, expected % (distinct legal_source)',
v_ls_total, v_dr_legal_distinct;
END IF;
-- d. every sequencing_rules row's procedural_event_id resolves
SELECT COUNT(*)
INTO v_orphan_pe
FROM paliad.sequencing_rules sr
LEFT JOIN paliad.procedural_events pe ON pe.id = sr.procedural_event_id
WHERE pe.id IS NULL;
IF v_orphan_pe > 0 THEN
RAISE EXCEPTION '[mig 136] FAILED POST: % sequencing_rules row(s) have no resolving procedural_event_id', v_orphan_pe;
END IF;
-- e. no two synthetic codes collide (would have crashed the INSERT
-- via UNIQUE, but assert again for clarity — collision among 78
-- UUIDs at 8 hex chars is ~6e-7 probability)
SELECT COUNT(*)
INTO v_dup_synthetic
FROM (
SELECT code, COUNT(*) AS n
FROM paliad.procedural_events
WHERE code LIKE 'null.%'
GROUP BY code
HAVING COUNT(*) > 1
) d;
IF v_dup_synthetic > 0 THEN
RAISE EXCEPTION '[mig 136] FAILED POST: % synthetic codes collided. '
'Re-run with a longer substring (16 hex chars instead of 8) '
'or full uuid in the code-mint expression.', v_dup_synthetic;
END IF;
-- f. every procedural_events.legal_source_id either resolves or is
-- NULL (NULL is fine — 119 of 231 rules have NULL legal_source)
SELECT COUNT(*)
INTO v_pe_missing_ls
FROM paliad.procedural_events pe
LEFT JOIN paliad.legal_sources ls ON ls.id = pe.legal_source_id
WHERE pe.legal_source_id IS NOT NULL
AND ls.id IS NULL;
IF v_pe_missing_ls > 0 THEN
RAISE EXCEPTION '[mig 136] FAILED POST: % procedural_events row(s) reference a missing legal_sources id', v_pe_missing_ls;
END IF;
RAISE NOTICE '[mig 136] POST: legal_sources=%, procedural_events=%, sequencing_rules=%, deadlines=% (% linked)',
v_ls_total, v_pe_total, v_sr_total, v_deadlines_total, v_deadlines_linked;
RAISE NOTICE '[mig 136] integrity OK — backfill complete. '
'deadline_rules untouched (1:1 with sequencing_rules; '
'ready for B.2 dual-write).';
END $$;

18
internal/db/migrations/137_proceeding_role_labels.down.sql
View File

@@ -1,18 +0,0 @@
-- 137_proceeding_role_labels — DOWN
--
-- Drops the 4 role-label columns. Backfilled data is lost on
-- down-migration; that's acceptable because the frontend renderer
-- falls back to the default labels ("Klägerseite" / "Beklagtenseite")
-- when the columns are absent.
ALTER TABLE paliad.proceeding_types
DROP COLUMN IF EXISTS role_reactive_label_en;
ALTER TABLE paliad.proceeding_types
DROP COLUMN IF EXISTS role_reactive_label_de;
ALTER TABLE paliad.proceeding_types
DROP COLUMN IF EXISTS role_proactive_label_en;
ALTER TABLE paliad.proceeding_types
DROP COLUMN IF EXISTS role_proactive_label_de;

137
internal/db/migrations/137_proceeding_role_labels.up.sql
View File

@@ -1,137 +0,0 @@
-- 137_proceeding_role_labels — t-paliad-301, m/paliad#132
--
-- Bug A fix: per-proceeding role labels so the Verfahrensablauf side
-- selector can render "Berufungskläger / Berufungsbeklagter" for the
-- unified UPC Berufung tile instead of the generic "Klägerseite /
-- Beklagtenseite".
--
-- Four new optional columns on paliad.proceeding_types. NULL on a
-- column falls back to the language-default ("Klägerseite" / "Claimant
-- side" / "Beklagtenseite" / "Defendant side") in the frontend renderer.
-- Only the proceedings whose role-naming actually differs get a backfill.
--
-- Live-DB audit (mcp__supabase__execute_sql) before drafting:
-- - paliad.proceeding_types has 14 columns; the 4 target columns do
-- NOT exist (zero name collisions).
-- - Zero triggers on paliad.proceeding_types. No audit_reason
-- setup needed.
-- - No updated_at / created_at on the table — DO NOT include
-- timestamp UPDATEs (lesson from mig 134 HOTFIX 3).
--
-- ADDITIVE ONLY. ALTER + UPDATE statements; no CHECK constraints
-- (the columns are free-text labels, validated at the application layer).
-- Down migration drops the 4 columns.
--
-- See m/paliad#132 for the full design rationale + the role-label
-- matrix per proceeding code.
-- ---------------------------------------------------------------
-- 1. Schema additions
-- ---------------------------------------------------------------
ALTER TABLE paliad.proceeding_types
ADD COLUMN role_proactive_label_de text NULL;
ALTER TABLE paliad.proceeding_types
ADD COLUMN role_proactive_label_en text NULL;
ALTER TABLE paliad.proceeding_types
ADD COLUMN role_reactive_label_de text NULL;
ALTER TABLE paliad.proceeding_types
ADD COLUMN role_reactive_label_en text NULL;
COMMENT ON COLUMN paliad.proceeding_types.role_proactive_label_de IS
'DE label for the proactive (claimant-equivalent) side of this '
'proceeding. NULL = renderer falls back to "Klägerseite". '
't-paliad-301 / m/paliad#132 Bug A.';
COMMENT ON COLUMN paliad.proceeding_types.role_proactive_label_en IS
'EN label for the proactive side. NULL = "Claimant side".';
COMMENT ON COLUMN paliad.proceeding_types.role_reactive_label_de IS
'DE label for the reactive (defendant-equivalent) side. NULL = '
'"Beklagtenseite".';
COMMENT ON COLUMN paliad.proceeding_types.role_reactive_label_en IS
'EN label for the reactive side. NULL = "Defendant side".';
-- ---------------------------------------------------------------
-- 2. Audit-first NOTICE pass.
--
-- Lists which proceeding_types are about to receive a backfill so
-- the operator sees the scope before the UPDATE fires. NULL columns
-- on every other row stay NULL (the frontend falls back to defaults).
-- ---------------------------------------------------------------
DO $$
DECLARE
rec record;
backfill_count int := 0;
BEGIN
RAISE NOTICE '[mig 137] Proceedings that will receive role-label backfill:';
FOR rec IN
SELECT code, name
FROM paliad.proceeding_types
WHERE code IN ('upc.apl.unified', 'upc.rev.cfi', 'epa.opp.opd', 'epa.opp.boa')
ORDER BY code
LOOP
RAISE NOTICE '[mig 137] % %', rec.code, rec.name;
backfill_count := backfill_count + 1;
END LOOP;
RAISE NOTICE '[mig 137] Total: % proceedings (others stay NULL → renderer default)', backfill_count;
END $$;
-- ---------------------------------------------------------------
-- 3. Backfill.
--
-- Per the design matrix in m/paliad#132:
-- - upc.apl.unified → Berufungskläger / Berufungsbeklagter / Appellant / Appellee
-- - upc.rev.cfi → Antragsteller (Nichtigkeit) / Antragsgegner (Nichtigkeit) /
-- Revocation claimant / Revocation defendant
-- - epa.opp.opd → Einsprechende(r) / Patentinhaber(in) /
-- Opponent / Patentee
-- - epa.opp.boa → Einsprechende(r) / Patentinhaber(in) /
-- Opponent / Patentee
-- - (others) → stay NULL → frontend defaults
-- ---------------------------------------------------------------
UPDATE paliad.proceeding_types
SET role_proactive_label_de = 'Berufungskläger',
role_reactive_label_de = 'Berufungsbeklagter',
role_proactive_label_en = 'Appellant',
role_reactive_label_en = 'Appellee'
WHERE code = 'upc.apl.unified';
UPDATE paliad.proceeding_types
SET role_proactive_label_de = 'Antragsteller (Nichtigkeit)',
role_reactive_label_de = 'Antragsgegner (Nichtigkeit)',
role_proactive_label_en = 'Revocation claimant',
role_reactive_label_en = 'Revocation defendant'
WHERE code = 'upc.rev.cfi';
UPDATE paliad.proceeding_types
SET role_proactive_label_de = 'Einsprechende(r)',
role_reactive_label_de = 'Patentinhaber(in)',
role_proactive_label_en = 'Opponent',
role_reactive_label_en = 'Patentee'
WHERE code IN ('epa.opp.opd', 'epa.opp.boa');
-- ---------------------------------------------------------------
-- 4. Post-migration NOTICE — informational only.
-- ---------------------------------------------------------------
DO $$
DECLARE
rec record;
BEGIN
RAISE NOTICE '[mig 137] post: backfilled role-label distribution:';
FOR rec IN
SELECT code,
role_proactive_label_de,
role_reactive_label_de
FROM paliad.proceeding_types
WHERE role_proactive_label_de IS NOT NULL
ORDER BY code
LOOP
RAISE NOTICE '[mig 137] % proactive=% reactive=%',
rec.code, rec.role_proactive_label_de, rec.role_reactive_label_de;
END LOOP;
END $$;

71
internal/db/migrations/138_appeal_target_backfill_merits_order.down.sql
View File

@@ -1,71 +0,0 @@
-- 138_appeal_target_backfill_merits_order DOWN — t-paliad-303, m/paliad#134
--
-- Removes 'schadensbemessung' from the merits-track rules and
-- 'bucheinsicht' from the order-track rules, restoring the pre-137
-- shape (endentscheidung-only / anordnung-only / kostenentscheidung-only).
-- ---------------------------------------------------------------
-- 0. Audit reason (required by mig 079 trigger for any UPDATE on
-- paliad.deadline_rules).
-- ---------------------------------------------------------------
SELECT set_config(
'paliad.audit_reason',
'mig 138 DOWN: t-paliad-303 — strip Schadensbemessung/Bucheinsicht from applies_to_target per m/paliad#134',
true);
-- ---------------------------------------------------------------
-- 1. Strip new targets via array_remove.
--
-- WHERE clauses pinned to upc.apl.unified to avoid touching unrelated
-- rules that might have been added later under other proceeding types.
-- ---------------------------------------------------------------
-- 1a. Remove schadensbemessung from merits-track rows.
UPDATE paliad.deadline_rules dr
SET applies_to_target = array_remove(dr.applies_to_target, 'schadensbemessung')
FROM paliad.proceeding_types pt
WHERE pt.id = dr.proceeding_type_id
AND pt.code = 'upc.apl.unified'
AND dr.is_active = true
AND 'schadensbemessung' = ANY(dr.applies_to_target);
-- 1b. Remove bucheinsicht from order-track rows.
UPDATE paliad.deadline_rules dr
SET applies_to_target = array_remove(dr.applies_to_target, 'bucheinsicht')
FROM paliad.proceeding_types pt
WHERE pt.id = dr.proceeding_type_id
AND pt.code = 'upc.apl.unified'
AND dr.is_active = true
AND 'bucheinsicht' = ANY(dr.applies_to_target);
-- ---------------------------------------------------------------
-- 2. Sanity check — no row may carry the new targets after the down.
-- ---------------------------------------------------------------
DO $$
DECLARE
schad_left int;
buch_left int;
BEGIN
SELECT COUNT(*) INTO schad_left
FROM paliad.deadline_rules dr
JOIN paliad.proceeding_types pt ON pt.id = dr.proceeding_type_id
WHERE pt.code = 'upc.apl.unified'
AND dr.is_active = true
AND 'schadensbemessung' = ANY(dr.applies_to_target);
SELECT COUNT(*) INTO buch_left
FROM paliad.deadline_rules dr
JOIN paliad.proceeding_types pt ON pt.id = dr.proceeding_type_id
WHERE pt.code = 'upc.apl.unified'
AND dr.is_active = true
AND 'bucheinsicht' = ANY(dr.applies_to_target);
IF schad_left > 0 THEN
RAISE EXCEPTION '[mig 138 DOWN] FAILED — % rows still carry schadensbemessung', schad_left;
END IF;
IF buch_left > 0 THEN
RAISE EXCEPTION '[mig 138 DOWN] FAILED — % rows still carry bucheinsicht', buch_left;
END IF;
RAISE NOTICE '[mig 138 DOWN] stripped schadensbemessung + bucheinsicht from upc.apl.unified rules';
END $$;

232
internal/db/migrations/138_appeal_target_backfill_merits_order.up.sql
View File

@@ -1,232 +0,0 @@
-- 138_appeal_target_backfill_merits_order — t-paliad-303, m/paliad#134
--
-- Slice B1 (mig 134) introduced the unified upc.apl.unified proceeding type
-- with 5 appeal_target enum values: endentscheidung, kostenentscheidung,
-- anordnung, schadensbemessung, bucheinsicht. The first three each carry
-- rules; schadensbemessung and bucheinsicht returned an empty timeline
-- because no rules referenced them yet.
--
-- m's 2026-05-26 decision (#134): extend applies_to_target on the existing
-- rules — Schadensbemessung := merits track (R.224 anchored on R.118
-- substantive decisions), Bucheinsicht := order track (R.220.2 +
-- R.224.2.b + R.235.2 + R.237 + R.238.2 etc.). Legal premise verified
-- against the 16 live rules — every endentscheidung rule is a generic
-- R.224 merits step, every anordnung rule is a generic R.220/224/235/237/
-- 238 order step. No rule carries content specific to a particular kind
-- of underlying decision/order. Audit on the comment trail of #134.
-- ---------------------------------------------------------------
-- 0. Audit reason (required by mig 079 trigger for any UPDATE on
-- paliad.deadline_rules — both UPDATEs below trigger it).
-- ---------------------------------------------------------------
SELECT set_config(
'paliad.audit_reason',
'mig 138: t-paliad-303 — extend applies_to_target for Schadensbemessung (merits) + Bucheinsicht (order) per m/paliad#134',
true);
-- ---------------------------------------------------------------
-- 1. Audit-first DO block.
--
-- Resolve upc.apl.unified, count the rows we are about to touch, and
-- RAISE EXCEPTION if anything looks wrong (proceeding type missing,
-- merits/order rule counts off, or a rule already carries the new
-- target — which would mean an earlier partial run).
-- ---------------------------------------------------------------
DO $$
DECLARE
rec record;
upc_apl_id int;
merits_count int;
order_count int;
schad_already int;
buch_already int;
BEGIN
SELECT id INTO upc_apl_id
FROM paliad.proceeding_types
WHERE code = 'upc.apl.unified';
IF upc_apl_id IS NULL THEN
RAISE EXCEPTION '[mig 138] upc.apl.unified proceeding_type not found — mig 134 must run first';
END IF;
RAISE NOTICE '[mig 138] upc.apl.unified proceeding_type_id = %', upc_apl_id;
SELECT COUNT(*) INTO merits_count
FROM paliad.deadline_rules
WHERE proceeding_type_id = upc_apl_id
AND is_active = true
AND 'endentscheidung' = ANY(applies_to_target);
SELECT COUNT(*) INTO order_count
FROM paliad.deadline_rules
WHERE proceeding_type_id = upc_apl_id
AND is_active = true
AND 'anordnung' = ANY(applies_to_target);
RAISE NOTICE '[mig 138] live counts: endentscheidung=% anordnung=%', merits_count, order_count;
IF merits_count <> 7 THEN
RAISE EXCEPTION '[mig 138] expected 7 endentscheidung rules under upc.apl.unified, got %', merits_count;
END IF;
IF order_count <> 7 THEN
RAISE EXCEPTION '[mig 138] expected 7 anordnung rules under upc.apl.unified, got %', order_count;
END IF;
SELECT COUNT(*) INTO schad_already
FROM paliad.deadline_rules
WHERE proceeding_type_id = upc_apl_id
AND is_active = true
AND 'schadensbemessung' = ANY(applies_to_target);
SELECT COUNT(*) INTO buch_already
FROM paliad.deadline_rules
WHERE proceeding_type_id = upc_apl_id
AND is_active = true
AND 'bucheinsicht' = ANY(applies_to_target);
IF schad_already > 0 THEN
RAISE EXCEPTION '[mig 138] % rules already carry schadensbemessung — partial run?', schad_already;
END IF;
IF buch_already > 0 THEN
RAISE EXCEPTION '[mig 138] % rules already carry bucheinsicht — partial run?', buch_already;
END IF;
RAISE NOTICE '[mig 138] rules to extend with schadensbemessung (merits track):';
FOR rec IN
SELECT dr.id, dr.rule_code, dr.legal_source, dr.name, dr.applies_to_target
FROM paliad.deadline_rules dr
WHERE dr.proceeding_type_id = upc_apl_id
AND dr.is_active = true
AND 'endentscheidung' = ANY(dr.applies_to_target)
ORDER BY dr.sequence_order, dr.rule_code NULLS LAST
LOOP
RAISE NOTICE '[mig 138] merits % % % pre=% → post=%',
COALESCE(rec.rule_code, '(no-code)'),
COALESCE(rec.legal_source, '(no-source)'),
rec.name,
rec.applies_to_target,
rec.applies_to_target || 'schadensbemessung'::text;
END LOOP;
RAISE NOTICE '[mig 138] rules to extend with bucheinsicht (order track):';
FOR rec IN
SELECT dr.id, dr.rule_code, dr.legal_source, dr.name, dr.applies_to_target
FROM paliad.deadline_rules dr
WHERE dr.proceeding_type_id = upc_apl_id
AND dr.is_active = true
AND 'anordnung' = ANY(dr.applies_to_target)
ORDER BY dr.sequence_order, dr.rule_code NULLS LAST
LOOP
RAISE NOTICE '[mig 138] order % % % pre=% → post=%',
COALESCE(rec.rule_code, '(no-code)'),
COALESCE(rec.legal_source, '(no-source)'),
rec.name,
rec.applies_to_target,
rec.applies_to_target || 'bucheinsicht'::text;
END LOOP;
END $$;
-- ---------------------------------------------------------------
-- 2. Extend applies_to_target.
--
-- Narrow WHERE clauses key off upc.apl.unified + existing target +
-- absence of new target, so the UPDATEs are idempotent in spirit
-- (the audit block above already RAISE EXCEPTIONed if any row
-- already had the new value).
-- ---------------------------------------------------------------
-- 2a. Schadensbemessung := merits track (7 rules expected).
UPDATE paliad.deadline_rules dr
SET applies_to_target = applies_to_target || 'schadensbemessung'::text
FROM paliad.proceeding_types pt
WHERE pt.id = dr.proceeding_type_id
AND pt.code = 'upc.apl.unified'
AND dr.is_active = true
AND 'endentscheidung' = ANY(dr.applies_to_target)
AND NOT ('schadensbemessung' = ANY(dr.applies_to_target));
-- 2b. Bucheinsicht := order track (7 rules expected).
UPDATE paliad.deadline_rules dr
SET applies_to_target = applies_to_target || 'bucheinsicht'::text
FROM paliad.proceeding_types pt
WHERE pt.id = dr.proceeding_type_id
AND pt.code = 'upc.apl.unified'
AND dr.is_active = true
AND 'anordnung' = ANY(dr.applies_to_target)
AND NOT ('bucheinsicht' = ANY(dr.applies_to_target));
-- ---------------------------------------------------------------
-- 3. Post-migration sanity check.
--
-- Hard-fail on any divergence: the two new targets must each cover
-- 7 rules, the original three targets must be unchanged in count,
-- and no rule has lost its prior target.
-- ---------------------------------------------------------------
DO $$
DECLARE
schad_post int;
buch_post int;
end_post int;
anord_post int;
cost_post int;
target_distribution record;
BEGIN
SELECT COUNT(*) INTO schad_post
FROM paliad.deadline_rules dr
JOIN paliad.proceeding_types pt ON pt.id = dr.proceeding_type_id
WHERE pt.code = 'upc.apl.unified'
AND dr.is_active = true
AND 'schadensbemessung' = ANY(dr.applies_to_target);
SELECT COUNT(*) INTO buch_post
FROM paliad.deadline_rules dr
JOIN paliad.proceeding_types pt ON pt.id = dr.proceeding_type_id
WHERE pt.code = 'upc.apl.unified'
AND dr.is_active = true
AND 'bucheinsicht' = ANY(dr.applies_to_target);
SELECT COUNT(*) INTO end_post
FROM paliad.deadline_rules dr
JOIN paliad.proceeding_types pt ON pt.id = dr.proceeding_type_id
WHERE pt.code = 'upc.apl.unified'
AND dr.is_active = true
AND 'endentscheidung' = ANY(dr.applies_to_target);
SELECT COUNT(*) INTO anord_post
FROM paliad.deadline_rules dr
JOIN paliad.proceeding_types pt ON pt.id = dr.proceeding_type_id
WHERE pt.code = 'upc.apl.unified'
AND dr.is_active = true
AND 'anordnung' = ANY(dr.applies_to_target);
SELECT COUNT(*) INTO cost_post
FROM paliad.deadline_rules dr
JOIN paliad.proceeding_types pt ON pt.id = dr.proceeding_type_id
WHERE pt.code = 'upc.apl.unified'
AND dr.is_active = true
AND 'kostenentscheidung' = ANY(dr.applies_to_target);
RAISE NOTICE '[mig 138] post: schadensbemessung=% bucheinsicht=% endentscheidung=% anordnung=% kostenentscheidung=%',
schad_post, buch_post, end_post, anord_post, cost_post;
IF schad_post <> 7 THEN
RAISE EXCEPTION '[mig 138] FAILED — expected 7 schadensbemessung rules, got %', schad_post;
END IF;
IF buch_post <> 7 THEN
RAISE EXCEPTION '[mig 138] FAILED — expected 7 bucheinsicht rules, got %', buch_post;
END IF;
IF end_post <> 7 THEN
RAISE EXCEPTION '[mig 138] FAILED — endentscheidung count drifted: expected 7, got %', end_post;
END IF;
IF anord_post <> 7 THEN
RAISE EXCEPTION '[mig 138] FAILED — anordnung count drifted: expected 7, got %', anord_post;
END IF;
IF cost_post <> 2 THEN
RAISE EXCEPTION '[mig 138] FAILED — kostenentscheidung count drifted: expected 2, got %', cost_post;
END IF;
FOR target_distribution IN
SELECT unnest(applies_to_target) AS target, COUNT(*) AS n
FROM paliad.deadline_rules dr
JOIN paliad.proceeding_types pt ON pt.id = dr.proceeding_type_id
WHERE pt.code = 'upc.apl.unified' AND dr.is_active = true
GROUP BY unnest(applies_to_target)
ORDER BY 1
LOOP
RAISE NOTICE '[mig 138] post: applies_to_target=% count=%',
target_distribution.target, target_distribution.n;
END LOOP;
END $$;

7
internal/db/migrations/139_deadline_rules_unified_view.down.sql
View File

@@ -1,7 +0,0 @@
-- 139_deadline_rules_unified_view (down) — Slice B.3, t-paliad-305
--
-- Drops the view. The underlying paliad.sequencing_rules /
-- procedural_events / legal_sources tables are untouched (they own the
-- data — the view is just a projection).
DROP VIEW IF EXISTS paliad.deadline_rules_unified;

122
internal/db/migrations/139_deadline_rules_unified_view.up.sql
View File

@@ -1,122 +0,0 @@
-- 139_deadline_rules_unified_view — Slice B.3 read cutover (t-paliad-305 / m/paliad#93)
--
-- Creates paliad.deadline_rules_unified — a Postgres VIEW that
-- re-projects paliad.sequencing_rules + paliad.procedural_events +
-- paliad.legal_sources back into the legacy paliad.deadline_rules
-- column shape.
--
-- Why a view instead of rewriting every SELECT in Go:
--
-- - 19 read sites across 11 service files reference
-- paliad.deadline_rules. Rewriting each by hand multiplies the
-- opportunity for off-by-one bugs in the JOIN.
-- - The view has the same column names + types as the legacy table,
-- so the change in Go is a 1-token substitution per query
-- (FROM paliad.deadline_rules → FROM paliad.deadline_rules_unified)
-- with no struct or scanner changes.
-- - When B.4 drops paliad.deadline_rules, this view stays — it
-- becomes the canonical legacy-shape reader for any code that
-- hasn't been migrated to direct sr/pe/ls reads.
--
-- Column mapping (per design §4.2):
-- - id, proceeding_type_id, parent_id, primary_party, duration_*,
-- timing, sequence_order, is_spawn/court_set/bilateral, priority,
-- rule_code, rule_codes, deadline_notes(_en), condition_expr,
-- choices_offered, applies_to_target, trigger_event_id,
-- spawn_proceeding_type_id, anchor_alt, alt_duration_*,
-- alt_rule_code, combine_op, lifecycle_state, draft_of,
-- published_at, is_active, created_at, updated_at, spawn_label
-- → from paliad.sequencing_rules
-- - submission_code → procedural_events.code
-- - name, name_en, description→ procedural_events
-- - event_type → procedural_events.event_kind (renamed)
-- - concept_id → procedural_events
-- - legal_source → legal_sources.citation (via legal_source_id FK)
--
-- The view is READ-ONLY by default. Writes still go to the underlying
-- tables — RuleEditorService is refactored in the same slice to write
-- directly to sr/pe/ls. paliad.deadline_rules is FROZEN from B.3 onward
-- (no new writes); the dual-write helper from B.2 is decommissioned.
-- The CHECK constraint on sequencing_rules.primary_party doesn't exist
-- yet (mig 135 only constrained deadline_rules.primary_party). The view
-- inherits whatever value sr.primary_party carries; mig 136's backfill
-- set sr.primary_party = dr.primary_party so the canonical four-value
-- vocab is already in place. A later slice can add the same CHECK to
-- sequencing_rules itself.
CREATE OR REPLACE VIEW paliad.deadline_rules_unified AS
SELECT
sr.id,
sr.proceeding_type_id,
sr.parent_id,
pe.code AS submission_code,
pe.name,
pe.name_en,
pe.description,
sr.primary_party,
pe.event_kind AS event_type,
sr.duration_value,
sr.duration_unit,
sr.timing,
sr.alt_duration_value,
sr.alt_duration_unit,
sr.alt_rule_code,
sr.anchor_alt,
sr.combine_op,
sr.rule_code,
sr.deadline_notes,
sr.deadline_notes_en,
sr.sequence_order,
sr.is_spawn,
sr.spawn_label,
sr.spawn_proceeding_type_id,
sr.is_bilateral,
sr.is_court_set,
sr.priority,
sr.condition_expr,
pe.concept_id,
ls.citation AS legal_source,
sr.trigger_event_id,
sr.rule_codes,
sr.choices_offered,
sr.applies_to_target,
sr.lifecycle_state,
sr.draft_of,
sr.published_at,
sr.is_active,
sr.created_at,
sr.updated_at
FROM paliad.sequencing_rules sr
JOIN paliad.procedural_events pe ON pe.id = sr.procedural_event_id
LEFT JOIN paliad.legal_sources ls ON ls.id = pe.legal_source_id;
COMMENT ON VIEW paliad.deadline_rules_unified IS
'Slice B.3 (mig 139, t-paliad-305): legacy-shape projection over '
'sequencing_rules + procedural_events + legal_sources. Read-only — '
'writes go directly to the three underlying tables via '
'RuleEditorService. Survives B.4 destructive drop of '
'paliad.deadline_rules; the view will then be the only '
'legacy-shape reader.';
-- Post-apply integrity check: confirm the view's row count matches the
-- live sequencing_rules row count. A mismatch would indicate either a
-- mid-deploy race (rare) or a JOIN issue (the LEFT JOIN to legal_sources
-- never drops rows, the INNER JOIN to procedural_events drops sr rows
-- whose procedural_event_id is NULL — but that column is NOT NULL on
-- the table so it can't happen). Belt-and-braces.
DO $$
DECLARE
v_view_count int;
v_sr_count int;
BEGIN
SELECT COUNT(*) INTO v_view_count FROM paliad.deadline_rules_unified;
SELECT COUNT(*) INTO v_sr_count FROM paliad.sequencing_rules;
IF v_view_count <> v_sr_count THEN
RAISE EXCEPTION '[mig 139] FAILED POST: view row count % does not match sequencing_rules row count %. '
'Possible cause: a sequencing_rules row references a procedural_event_id that does not exist (NOT NULL FK should prevent this).',
v_view_count, v_sr_count;
END IF;
RAISE NOTICE '[mig 139] view OK — deadline_rules_unified rows = % (= sequencing_rules)',
v_view_count;
END $$;

47
internal/db/migrations/140_drop_deadline_rules.down.sql
View File

@@ -1,47 +0,0 @@
-- 140_drop_deadline_rules (down) — Slice B.4, t-paliad-305
--
-- Best-effort recovery from the deadline_rules_pre_140 snapshot. The
-- original triggers (mig 079 audit), indexes, CHECK constraints (mig
-- 135 primary_party), and FK constraints on the new tables are NOT
-- recreated here — restoring the working state requires replaying
-- migrations 078/079/091/095/098/122/128/134/135 against the restored
-- table.
--
-- Use this only for catastrophic recovery. The normal revert path
-- for B.4 is to re-deploy the previous container image (which still
-- writes via the dual-write helper to a paliad.deadline_rules that no
-- longer exists) — that would crash on first write, so true revert
-- requires this down + a code revert + a snapshot restore.
-- Drop the INSTEAD OF triggers + functions
DROP TRIGGER IF EXISTS deadline_rules_unified_insert ON paliad.deadline_rules_unified;
DROP TRIGGER IF EXISTS deadline_rules_unified_update ON paliad.deadline_rules_unified;
DROP FUNCTION IF EXISTS paliad.deadline_rules_unified_insert_trigger();
DROP FUNCTION IF EXISTS paliad.deadline_rules_unified_update_trigger();
-- Recreate paliad.deadline_rules from snapshot.
CREATE TABLE paliad.deadline_rules AS TABLE paliad.deadline_rules_pre_140;
-- Re-add the PK constraint (CREATE TABLE AS doesn't carry constraints).
ALTER TABLE paliad.deadline_rules ADD PRIMARY KEY (id);
-- Re-point the FKs back to deadline_rules.
ALTER TABLE paliad.appointments
DROP CONSTRAINT IF EXISTS appointments_deadline_rule_id_fkey;
ALTER TABLE paliad.appointments
ADD CONSTRAINT appointments_deadline_rule_id_fkey
FOREIGN KEY (deadline_rule_id) REFERENCES paliad.deadline_rules(id);
ALTER TABLE paliad.deadline_rule_backfill_orphans
DROP CONSTRAINT IF EXISTS deadline_rule_backfill_orphans_resolved_rule_id_fkey;
ALTER TABLE paliad.deadline_rule_backfill_orphans
ADD CONSTRAINT deadline_rule_backfill_orphans_resolved_rule_id_fkey
FOREIGN KEY (resolved_rule_id) REFERENCES paliad.deadline_rules(id);
-- Re-add deadlines.rule_id from the snapshot's data (via sequencing_rule_id
-- which inherited deadline_rules.id during mig 136).
ALTER TABLE paliad.deadlines ADD COLUMN rule_id uuid;
UPDATE paliad.deadlines SET rule_id = sequencing_rule_id WHERE sequencing_rule_id IS NOT NULL;
ALTER TABLE paliad.deadlines
ADD CONSTRAINT fristen_rule_id_fkey
FOREIGN KEY (rule_id) REFERENCES paliad.deadline_rules(id);

435
internal/db/migrations/140_drop_deadline_rules.up.sql
View File

@@ -1,435 +0,0 @@
-- 140_drop_deadline_rules — Slice B.4 destructive drop (t-paliad-305 / m/paliad#93)
--
-- HARD STOPS:
-- * Audit-first: snapshot paliad.deadline_rules → paliad.deadline_rules_pre_140
-- in the SAME TRANSACTION as the DROP, per m's snapshot policy
-- (precedent migs 091/093/095/098). The whole .up.sql runs inside a
-- single transaction because the migration runner wraps it; if any
-- statement fails, the snapshot CREATE TABLE rolls back with the
-- destructive DROP.
-- * No data loss: paliad.deadline_rules has been a write-side shadow
-- since B.3 (B.2 dual-write keeps sequencing_rules + procedural_events
-- + legal_sources current). Drift verified clean before this slice
-- (deadline_rules=231, sequencing_rules=231, 0 mismatches across
-- counts/FKs/lifecycle/is_active).
--
-- What this migration does:
-- 1. Snapshot deadline_rules → deadline_rules_pre_140 (preserves audit
-- trail of the table's final state for forensic + revert paths).
-- 2. Final reconciliation: catch any deadlines whose
-- sequencing_rule_id/procedural_event_id columns drifted from the
-- legacy rule_id (no live drift today — defensive).
-- 3. Drop the audit trigger on deadline_rules (it can't fire on a
-- gone table; the trigger function itself stays for the historical
-- paliad.deadline_rule_audit reads).
-- 4. Re-point FKs that currently target deadline_rules.id over to
-- sequencing_rules.id. The id values are identical (sequencing_rules
-- inherited deadline_rules.id during mig 136 backfill), so no data
-- migration is needed — just the constraint swap. Affects:
-- - paliad.appointments.deadline_rule_id
-- - paliad.deadline_rule_backfill_orphans.resolved_rule_id
-- 5. Drop paliad.deadlines.rule_id column. Per design §5.4 step 16:
-- "DROP COLUMN paliad.deadlines.rule_id (keep rule_code +
-- custom_rule_text as the human-readable denormalized columns —
-- they're the safety net for orphaned deadlines per t-paliad-258)."
-- The new sequencing_rule_id + procedural_event_id columns from
-- mig 136 are the FK back-links from B.4 forward.
-- 6. DROP TABLE paliad.deadline_rules.
-- 7. INSTEAD OF triggers on paliad.deadline_rules_unified that route
-- INSERTs/UPDATEs to the underlying sr+pe+ls tables. Lets the
-- RuleEditorService keep its existing SQL shape (one INSERT, one
-- UPDATE per write method) with only a table-name swap. The
-- triggers project the legacy column shape back to the three new
-- tables exactly as the dual-write helper did in B.2.
--
-- Down: best-effort restore from the snapshot. The original triggers,
-- indexes, and FKs are NOT recreated — operator must replay historical
-- migrations 078/079/091/095/098/122 to bring the table back to a
-- working shape. The down path is for catastrophic recovery, not casual
-- revert.
-- ---------------------------------------------------------------
-- 1. Snapshot — must precede the destructive ops (same TX).
-- ---------------------------------------------------------------
CREATE TABLE paliad.deadline_rules_pre_140 AS TABLE paliad.deadline_rules;
COMMENT ON TABLE paliad.deadline_rules_pre_140 IS
'Snapshot of paliad.deadline_rules taken in mig 140 (Slice B.4, '
't-paliad-305) before the destructive DROP. Mirrors precedent '
'pre_091/093/095/098. Read-only forensic + revert source.';
-- ---------------------------------------------------------------
-- 2. Final reconciliation — should be a no-op (drift was 0 going
-- into this slice). Belt-and-braces against a write that snuck
-- in between drift-check and this migration.
-- ---------------------------------------------------------------
UPDATE paliad.deadlines d
SET sequencing_rule_id = d.rule_id,
procedural_event_id = sr.procedural_event_id
FROM paliad.sequencing_rules sr
WHERE sr.id = d.rule_id
AND d.rule_id IS NOT NULL
AND (d.sequencing_rule_id IS DISTINCT FROM d.rule_id
OR d.procedural_event_id IS DISTINCT FROM sr.procedural_event_id);
-- ---------------------------------------------------------------
-- 3. Drop the deadline_rules audit trigger. The trigger function
-- (paliad.deadline_rule_audit_trigger) stays defined for any
-- historical references; mig 079 created it.
-- ---------------------------------------------------------------
DROP TRIGGER IF EXISTS deadline_rules_audit_aiud ON paliad.deadline_rules;
-- ---------------------------------------------------------------
-- 4. Re-point FKs from deadline_rules → sequencing_rules.
-- ---------------------------------------------------------------
ALTER TABLE paliad.appointments
DROP CONSTRAINT IF EXISTS appointments_deadline_rule_id_fkey;
ALTER TABLE paliad.appointments
ADD CONSTRAINT appointments_deadline_rule_id_fkey
FOREIGN KEY (deadline_rule_id) REFERENCES paliad.sequencing_rules(id);
ALTER TABLE paliad.deadline_rule_backfill_orphans
DROP CONSTRAINT IF EXISTS deadline_rule_backfill_orphans_resolved_rule_id_fkey;
ALTER TABLE paliad.deadline_rule_backfill_orphans
ADD CONSTRAINT deadline_rule_backfill_orphans_resolved_rule_id_fkey
FOREIGN KEY (resolved_rule_id) REFERENCES paliad.sequencing_rules(id);
-- Drop the deadlines→deadline_rules FK before we drop the column.
ALTER TABLE paliad.deadlines
DROP CONSTRAINT IF EXISTS fristen_rule_id_fkey;
-- ---------------------------------------------------------------
-- 5. Drop paliad.deadlines.rule_id (column + remaining indexes).
-- ---------------------------------------------------------------
ALTER TABLE paliad.deadlines
DROP COLUMN IF EXISTS rule_id;
-- ---------------------------------------------------------------
-- 6a. Drop the deadline_search materialized view, which has a
-- direct dependency on paliad.deadline_rules (mig 077). We
-- recreate it after the DROP, re-pointed at deadline_rules_unified
-- so reads keep working. All 11 indexes are recreated alongside.
-- ---------------------------------------------------------------
DROP MATERIALIZED VIEW IF EXISTS paliad.deadline_search;
-- ---------------------------------------------------------------
-- 6. DROP TABLE paliad.deadline_rules. Now that:
-- - dependent FKs are re-pointed to sequencing_rules,
-- - the audit trigger is dropped,
-- - deadlines.rule_id is gone,
-- - the deadline_search matview is gone,
-- nothing references the table anymore. The self-FKs
-- (deadline_rules.parent_id, .draft_of) drop with the table.
-- ---------------------------------------------------------------
DROP TABLE paliad.deadline_rules;
-- ---------------------------------------------------------------
-- 7. INSTEAD OF triggers on the view — routes writes to sr+pe+ls.
-- ---------------------------------------------------------------
CREATE OR REPLACE FUNCTION paliad.deadline_rules_unified_insert_trigger()
RETURNS TRIGGER LANGUAGE plpgsql AS $fn$
DECLARE
v_legal_source_id uuid;
v_pe_id uuid;
v_code text;
BEGIN
-- legal_sources upsert (no-op if NEW.legal_source is NULL)
IF NEW.legal_source IS NOT NULL THEN
INSERT INTO paliad.legal_sources (citation, jurisdiction)
VALUES (NEW.legal_source,
COALESCE(NULLIF(split_part(NEW.legal_source, '.', 1), ''), 'other'))
ON CONFLICT (citation) DO NOTHING;
SELECT id INTO v_legal_source_id
FROM paliad.legal_sources
WHERE citation = NEW.legal_source;
END IF;
-- Mint synthetic code when submission_code is NULL — same recipe
-- as mig 136 + B.2 dual-write helper. Stays byte-identical.
v_code := COALESCE(NEW.submission_code,
'null.' || substring(replace(NEW.id::text, '-', ''), 1, 8));
-- procedural_events upsert. ON CONFLICT (code) deliberately leaves
-- lifecycle_state / published_at / is_active alone — those track
-- the procedural-event concept's own lifecycle, not the inserting
-- sequencing-rule's lifecycle (e.g. a CloneAsDraft of a published
-- rule creates a draft sr that shares the published PE; the PE
-- should stay 'published'). Identity columns DO update so an
-- admin editing a draft's name still flips the lawyer-visible
-- label (1:1 today; revisit when 1:N becomes a real pattern).
INSERT INTO paliad.procedural_events
(code, name, name_en, description, event_kind, primary_party_default,
legal_source_id, concept_id, lifecycle_state, published_at, is_active)
VALUES
(v_code, NEW.name, NEW.name_en, NEW.description, NEW.event_type,
NEW.primary_party, v_legal_source_id, NEW.concept_id,
COALESCE(NEW.lifecycle_state, 'draft'), NEW.published_at,
COALESCE(NEW.is_active, true))
ON CONFLICT (code) DO UPDATE SET
name = EXCLUDED.name,
name_en = EXCLUDED.name_en,
description = EXCLUDED.description,
event_kind = EXCLUDED.event_kind,
primary_party_default = EXCLUDED.primary_party_default,
legal_source_id = EXCLUDED.legal_source_id,
concept_id = EXCLUDED.concept_id,
-- lifecycle_state / published_at / is_active deliberately omitted
updated_at = now()
RETURNING id INTO v_pe_id;
-- sequencing_rules insert. id is the caller-supplied NEW.id so
-- existing FK back-links (deadlines.sequencing_rule_id) resolve.
INSERT INTO paliad.sequencing_rules
(id, procedural_event_id, proceeding_type_id, parent_id, trigger_event_id,
duration_value, duration_unit, timing,
alt_duration_value, alt_duration_unit, alt_rule_code, anchor_alt,
combine_op, condition_expr, primary_party, sequence_order,
is_spawn, spawn_label, spawn_proceeding_type_id,
is_bilateral, is_court_set, priority,
rule_code, rule_codes, deadline_notes, deadline_notes_en,
choices_offered, applies_to_target,
lifecycle_state, draft_of, published_at, is_active,
created_at, updated_at)
VALUES
(NEW.id, v_pe_id, NEW.proceeding_type_id, NEW.parent_id, NEW.trigger_event_id,
COALESCE(NEW.duration_value, 0), COALESCE(NEW.duration_unit, 'months'),
COALESCE(NEW.timing, 'after'),
NEW.alt_duration_value, NEW.alt_duration_unit, NEW.alt_rule_code, NEW.anchor_alt,
NEW.combine_op, NEW.condition_expr, NEW.primary_party,
COALESCE(NEW.sequence_order, 0),
COALESCE(NEW.is_spawn, false), NEW.spawn_label, NEW.spawn_proceeding_type_id,
COALESCE(NEW.is_bilateral, false), COALESCE(NEW.is_court_set, false),
COALESCE(NEW.priority, 'mandatory'),
NEW.rule_code, NEW.rule_codes, NEW.deadline_notes, NEW.deadline_notes_en,
NEW.choices_offered, NEW.applies_to_target,
COALESCE(NEW.lifecycle_state, 'draft'), NEW.draft_of,
NEW.published_at, COALESCE(NEW.is_active, true),
COALESCE(NEW.created_at, now()), COALESCE(NEW.updated_at, now()));
RETURN NEW;
END $fn$;
CREATE TRIGGER deadline_rules_unified_insert
INSTEAD OF INSERT ON paliad.deadline_rules_unified
FOR EACH ROW EXECUTE FUNCTION paliad.deadline_rules_unified_insert_trigger();
CREATE OR REPLACE FUNCTION paliad.deadline_rules_unified_update_trigger()
RETURNS TRIGGER LANGUAGE plpgsql AS $fn$
DECLARE
v_legal_source_id uuid;
v_code text;
BEGIN
-- legal_sources upsert (only if NEW.legal_source is non-NULL).
-- A change FROM non-NULL TO NULL clears legal_source_id on the
-- procedural_event below — same shape as mig 136 / B.2 behaviour.
IF NEW.legal_source IS NOT NULL THEN
INSERT INTO paliad.legal_sources (citation, jurisdiction)
VALUES (NEW.legal_source,
COALESCE(NULLIF(split_part(NEW.legal_source, '.', 1), ''), 'other'))
ON CONFLICT (citation) DO NOTHING;
SELECT id INTO v_legal_source_id
FROM paliad.legal_sources
WHERE citation = NEW.legal_source;
END IF;
v_code := COALESCE(NEW.submission_code,
'null.' || substring(replace(NEW.id::text, '-', ''), 1, 8));
-- Update procedural_events keyed by the existing PE link on
-- sequencing_rules. lifecycle_state / published_at / is_active on
-- PE are NOT mirrored from the per-sequencing-rule UPDATE — see
-- the INSERT trigger comment for the rationale (a draft sr that
-- shares its PE with a published peer must not flip the PE to
-- draft). Identity columns DO mirror so editing name/code from
-- the admin UI continues to reach the lawyer-visible label.
UPDATE paliad.procedural_events
SET code = v_code,
name = NEW.name,
name_en = NEW.name_en,
description = NEW.description,
event_kind = NEW.event_type,
primary_party_default = NEW.primary_party,
legal_source_id = v_legal_source_id,
concept_id = NEW.concept_id,
updated_at = now()
WHERE id = (SELECT procedural_event_id
FROM paliad.sequencing_rules
WHERE id = NEW.id);
-- Update sequencing_rules (1:1 by id).
UPDATE paliad.sequencing_rules
SET proceeding_type_id = NEW.proceeding_type_id,
parent_id = NEW.parent_id,
trigger_event_id = NEW.trigger_event_id,
duration_value = NEW.duration_value,
duration_unit = NEW.duration_unit,
timing = NEW.timing,
alt_duration_value = NEW.alt_duration_value,
alt_duration_unit = NEW.alt_duration_unit,
alt_rule_code = NEW.alt_rule_code,
anchor_alt = NEW.anchor_alt,
combine_op = NEW.combine_op,
condition_expr = NEW.condition_expr,
primary_party = NEW.primary_party,
sequence_order = NEW.sequence_order,
is_spawn = NEW.is_spawn,
spawn_label = NEW.spawn_label,
spawn_proceeding_type_id = NEW.spawn_proceeding_type_id,
is_bilateral = NEW.is_bilateral,
is_court_set = NEW.is_court_set,
priority = NEW.priority,
rule_code = NEW.rule_code,
rule_codes = NEW.rule_codes,
deadline_notes = NEW.deadline_notes,
deadline_notes_en = NEW.deadline_notes_en,
choices_offered = NEW.choices_offered,
applies_to_target = NEW.applies_to_target,
lifecycle_state = NEW.lifecycle_state,
draft_of = NEW.draft_of,
published_at = NEW.published_at,
is_active = NEW.is_active,
updated_at = now()
WHERE id = NEW.id;
RETURN NEW;
END $fn$;
CREATE TRIGGER deadline_rules_unified_update
INSTEAD OF UPDATE ON paliad.deadline_rules_unified
FOR EACH ROW EXECUTE FUNCTION paliad.deadline_rules_unified_update_trigger();
-- ---------------------------------------------------------------
-- 8. POST assertions.
-- ---------------------------------------------------------------
DO $$
DECLARE
v_snapshot_count int;
v_view_count int;
v_dr_table_exists int;
v_rule_id_col int;
BEGIN
SELECT COUNT(*) INTO v_snapshot_count FROM paliad.deadline_rules_pre_140;
SELECT COUNT(*) INTO v_view_count FROM paliad.deadline_rules_unified;
IF v_snapshot_count <> v_view_count THEN
RAISE EXCEPTION '[mig 140] FAILED POST: snapshot has % rows, view has % rows — drift between final state and snapshot',
v_snapshot_count, v_view_count;
END IF;
SELECT COUNT(*) INTO v_dr_table_exists
FROM information_schema.tables
WHERE table_schema = 'paliad' AND table_name = 'deadline_rules';
IF v_dr_table_exists > 0 THEN
RAISE EXCEPTION '[mig 140] FAILED POST: paliad.deadline_rules table still exists after DROP';
END IF;
SELECT COUNT(*) INTO v_rule_id_col
FROM information_schema.columns
WHERE table_schema = 'paliad' AND table_name = 'deadlines' AND column_name = 'rule_id';
IF v_rule_id_col > 0 THEN
RAISE EXCEPTION '[mig 140] FAILED POST: paliad.deadlines.rule_id column still exists after DROP';
END IF;
RAISE NOTICE '[mig 140] OK — deadline_rules dropped, snapshot=% rows, view=% rows, INSTEAD OF triggers active',
v_snapshot_count, v_view_count;
END $$;
-- ---------------------------------------------------------------
-- 8. Recreate paliad.deadline_search materialized view against
-- deadline_rules_unified (same column shape — sr.id is the new
-- dr.id, etc.). Definition mirrors mig 077; only the FROM table
-- name changes. All 11 indexes restored.
-- ---------------------------------------------------------------
CREATE MATERIALIZED VIEW paliad.deadline_search AS
SELECT 'rule'::text AS kind,
('r:'::text || (dr.id)::text) AS row_key,
dc.id AS concept_id,
dc.slug AS concept_slug,
dc.name_de AS concept_name_de,
dc.name_en AS concept_name_en,
dc.description AS concept_description,
dc.aliases AS concept_aliases,
dc.party AS concept_party,
dc.category AS concept_category,
dc.sort_order AS concept_sort_order,
dr.id AS rule_id,
NULL::bigint AS trigger_event_id,
pt.code AS proceeding_code,
pt.name AS proceeding_name_de,
pt.name_en AS proceeding_name_en,
pt.jurisdiction,
pt.display_order AS proceeding_display_order,
dr.submission_code AS rule_local_code,
dr.name AS rule_name_de,
dr.name_en AS rule_name_en,
dr.legal_source,
dr.rule_code,
dr.duration_value,
dr.duration_unit,
dr.timing,
COALESCE(dr.primary_party, dc.party) AS effective_party
FROM paliad.deadline_rules_unified dr
JOIN paliad.proceeding_types pt ON pt.id = dr.proceeding_type_id
JOIN paliad.deadline_concepts dc ON dc.id = dr.concept_id
WHERE dr.is_active AND pt.is_active AND pt.category = 'fristenrechner'::text
UNION ALL
SELECT 'trigger'::text AS kind,
('t:'::text || (te.id)::text) AS row_key,
dc.id AS concept_id,
dc.slug AS concept_slug,
dc.name_de AS concept_name_de,
dc.name_en AS concept_name_en,
dc.description AS concept_description,
dc.aliases AS concept_aliases,
dc.party AS concept_party,
dc.category AS concept_category,
dc.sort_order AS concept_sort_order,
NULL::uuid AS rule_id,
te.id AS trigger_event_id,
NULL::text AS proceeding_code,
NULL::text AS proceeding_name_de,
NULL::text AS proceeding_name_en,
'cross-cutting'::text AS jurisdiction,
9999 AS proceeding_display_order,
te.code AS rule_local_code,
te.name_de AS rule_name_de,
te.name AS rule_name_en,
dr_trig.legal_source,
NULL::text AS rule_code,
NULL::integer AS duration_value,
NULL::text AS duration_unit,
NULL::text AS timing,
dc.party AS effective_party
FROM paliad.trigger_events te
JOIN paliad.deadline_concepts dc ON dc.slug = te.concept_id
LEFT JOIN paliad.deadline_rules_unified dr_trig
ON dr_trig.trigger_event_id = te.id
AND dr_trig.proceeding_type_id IS NULL
AND dr_trig.is_active
AND dr_trig.lifecycle_state = 'published'::text
WHERE te.is_active
WITH NO DATA;
CREATE UNIQUE INDEX deadline_search_row_key ON paliad.deadline_search (row_key);
CREATE INDEX deadline_search_concept_id ON paliad.deadline_search (concept_id);
CREATE INDEX deadline_search_proc_code ON paliad.deadline_search (proceeding_code);
CREATE INDEX deadline_search_legal_source ON paliad.deadline_search (legal_source);
CREATE INDEX deadline_search_effective_party ON paliad.deadline_search (effective_party);
CREATE INDEX deadline_search_legal_source_trgm ON paliad.deadline_search USING gin (legal_source gin_trgm_ops);
CREATE INDEX deadline_search_concept_de_trgm ON paliad.deadline_search USING gin (concept_name_de gin_trgm_ops);
CREATE INDEX deadline_search_concept_en_trgm ON paliad.deadline_search USING gin (concept_name_en gin_trgm_ops);
CREATE INDEX deadline_search_rule_de_trgm ON paliad.deadline_search USING gin (rule_name_de gin_trgm_ops);
CREATE INDEX deadline_search_rule_en_trgm ON paliad.deadline_search USING gin (rule_name_en gin_trgm_ops);
CREATE INDEX deadline_search_rule_code_trgm ON paliad.deadline_search USING gin (rule_code gin_trgm_ops);
REFRESH MATERIALIZED VIEW paliad.deadline_search;

13
internal/db/migrations/145_scenarios.down.sql
View File

@@ -1,13 +0,0 @@
-- 145_scenarios — DOWN
--
-- Reverses mig 145. Drops the FK on paliad.projects, the table, the
-- trigger function, and the RLS policies (CASCADE on table drop kills
-- policies). Any data in paliad.scenarios is lost on down.
ALTER TABLE paliad.projects
DROP COLUMN IF EXISTS active_scenario_id;
DROP TRIGGER IF EXISTS scenarios_touch_updated_at_trg ON paliad.scenarios;
DROP FUNCTION IF EXISTS paliad.scenarios_touch_updated_at();
DROP TABLE IF EXISTS paliad.scenarios CASCADE;

170
internal/db/migrations/145_scenarios.up.sql
View File

@@ -1,170 +0,0 @@
-- 145_scenarios — Slice D, m/paliad#124 §5 (revised)
--
-- Creates paliad.scenarios + paliad.projects.active_scenario_id FK.
-- A scenario is a named composition of existing proceedings + flags
-- + per-card choices + anchor dates the user can switch between for
-- a project (project_id NOT NULL) OR save as an abstract template on
-- /tools/verfahrensablauf (project_id IS NULL).
--
-- m's 2026-05-26 picks (AskUserQuestion round, doc commit 6e58595):
-- Q1: composition shape → primary+spawned (v1); multi-proceeding
-- peer compose is the v2 goal. spec.jsonb
-- architected for N entries from day 1.
-- Q2: scope → per-project + abstract.
-- Q3: trigger dates → per-anchor overrides over one base date.
-- Q4: storage → NEW paliad.scenarios table with jsonb
-- spec (NOT a project_event_choices column
-- extension).
--
-- "users should not add their own rules" (m, t-paliad-301) — scenarios
-- compose existing rules, never author new ones. spec.proceedings[*].code
-- must resolve to an existing active paliad.proceeding_types row;
-- spec.proceedings[*].anchor_overrides keys must resolve to existing
-- submission_codes. Validation happens at the application layer
-- (ScenarioService.validateSpec) — not in DB CHECK constraints (too
-- expensive to express in pure SQL).
--
-- Migration number: 145. Coordination check 2026-05-26 17:38: curie's
-- B.2-B.6 migrations land in the 139-143 range. 144 reserved as buffer.
-- 145 is the next safe claim.
--
-- ADDITIVE ONLY: CREATE TABLE, ALTER ADD COLUMN, indexes, RLS policies.
-- Down drops everything. No backfill (zero existing scenarios on day 1).
--
-- See docs/design-litigation-planner-2026-05-26.md §5 + §18.4 for the
-- design.
-- ---------------------------------------------------------------
-- 1. The scenarios table
-- ---------------------------------------------------------------
CREATE TABLE paliad.scenarios (
id uuid PRIMARY KEY DEFAULT gen_random_uuid(),
-- project_id NULL = abstract scenario (saved Verfahrensablauf
-- template, no Akte). project_id NOT NULL = scenario attached to
-- a real Akte.
project_id uuid NULL REFERENCES paliad.projects(id) ON DELETE CASCADE,
name text NOT NULL,
description text NULL,
-- spec carries the full composition. Shape documented in the
-- design doc §5; the application validates structure before write.
spec jsonb NOT NULL,
created_by uuid NULL REFERENCES paliad.users(id) ON DELETE SET NULL,
created_at timestamptz NOT NULL DEFAULT now(),
updated_at timestamptz NOT NULL DEFAULT now(),
-- Within a single project, scenario names are unique. Abstract
-- scenarios are unique per (created_by, name) so two users can
-- each keep a "with_ccr" template without colliding. NULLS NOT
-- DISTINCT means a single user can have one "name" per
-- (project_id, created_by) tuple, where NULL project_id +
-- NULL created_by is a single global namespace (used only by
-- seed / system scenarios — none today).
CONSTRAINT scenarios_unique_per_scope
UNIQUE NULLS NOT DISTINCT (project_id, created_by, name),
-- Non-empty name.
CONSTRAINT scenarios_name_nonempty CHECK (char_length(name) > 0),
-- Non-empty spec — at least an object. The application checks
-- structure (version, proceedings[], base_trigger_date format).
CONSTRAINT scenarios_spec_object CHECK (jsonb_typeof(spec) = 'object')
);
CREATE INDEX scenarios_project_id_idx
ON paliad.scenarios(project_id) WHERE project_id IS NOT NULL;
CREATE INDEX scenarios_abstract_user_idx
ON paliad.scenarios(created_by) WHERE project_id IS NULL;
COMMENT ON TABLE paliad.scenarios IS
'Named compositions of existing proceedings + flags + per-card '
'choices + anchor dates. project_id NULL = abstract template; '
'project_id NOT NULL = attached to an Akte. Design: '
'docs/design-litigation-planner-2026-05-26.md §5. (Slice D)';
COMMENT ON COLUMN paliad.scenarios.spec IS
'jsonb composition spec. Shape: {version: int, base_trigger_date: '
'ISO date, proceedings: [{code, role, flags[], per_card_choices, '
'anchor_overrides, skip_rules[]}, ...]}. Validated at write-time '
'by ScenarioService.validateSpec.';
-- ---------------------------------------------------------------
-- 2. paliad.projects.active_scenario_id FK
--
-- NULL = use today's ad-hoc per-card choice state from
-- paliad.project_event_choices (pre-scenario behaviour preserved).
-- Non-NULL = the project's current SmartTimeline / Akte-Fristenrechner
-- render reads from this scenario's spec instead.
-- ---------------------------------------------------------------
ALTER TABLE paliad.projects
ADD COLUMN active_scenario_id uuid NULL
REFERENCES paliad.scenarios(id) ON DELETE SET NULL;
COMMENT ON COLUMN paliad.projects.active_scenario_id IS
'FK to paliad.scenarios. NULL = read choices from '
'paliad.project_event_choices (legacy). Non-NULL = read from the '
'pointed scenario.spec.';
-- ---------------------------------------------------------------
-- 3. RLS — mirror paliad.project_event_choices's pattern (mig 129).
--
-- Project-scoped scenarios (project_id NOT NULL) inherit team visibility
-- via paliad.can_see_project. Abstract scenarios (project_id IS NULL)
-- are private to created_by — only the author can read / write them.
-- ---------------------------------------------------------------
ALTER TABLE paliad.scenarios ENABLE ROW LEVEL SECURITY;
-- Project-scoped: team visibility.
DROP POLICY IF EXISTS scenarios_project_select ON paliad.scenarios;
CREATE POLICY scenarios_project_select ON paliad.scenarios
FOR SELECT
USING (project_id IS NOT NULL AND paliad.can_see_project(project_id));
DROP POLICY IF EXISTS scenarios_project_mutate ON paliad.scenarios;
CREATE POLICY scenarios_project_mutate ON paliad.scenarios
FOR ALL
USING (project_id IS NOT NULL AND paliad.can_see_project(project_id))
WITH CHECK (project_id IS NOT NULL AND paliad.can_see_project(project_id));
-- Abstract: owner-only.
DROP POLICY IF EXISTS scenarios_abstract_select ON paliad.scenarios;
CREATE POLICY scenarios_abstract_select ON paliad.scenarios
FOR SELECT
USING (project_id IS NULL AND created_by = auth.uid());
DROP POLICY IF EXISTS scenarios_abstract_mutate ON paliad.scenarios;
CREATE POLICY scenarios_abstract_mutate ON paliad.scenarios
FOR ALL
USING (project_id IS NULL AND created_by = auth.uid())
WITH CHECK (project_id IS NULL AND created_by = auth.uid());
-- ---------------------------------------------------------------
-- 4. updated_at trigger (mirrors other paliad tables that carry
-- updated_at — keep it in lockstep with row mutations).
-- ---------------------------------------------------------------
CREATE OR REPLACE FUNCTION paliad.scenarios_touch_updated_at()
RETURNS trigger AS $$
BEGIN
NEW.updated_at = now();
RETURN NEW;
END;
$$ LANGUAGE plpgsql;
CREATE TRIGGER scenarios_touch_updated_at_trg
BEFORE UPDATE ON paliad.scenarios
FOR EACH ROW
EXECUTE FUNCTION paliad.scenarios_touch_updated_at();
-- ---------------------------------------------------------------
-- 5. Informational NOTICE — schema-only migration, zero rows added.
-- ---------------------------------------------------------------
DO $$
BEGIN
RAISE NOTICE '[mig 145] paliad.scenarios created (0 rows; awaits API usage)';
RAISE NOTICE '[mig 145] paliad.projects.active_scenario_id added (all rows NULL initially)';
END $$;

3
internal/db/migrations/146_submission_bases.down.sql
View File

@@ -1,3 +0,0 @@
-- t-paliad-313: revert submission_bases catalog.
DROP TABLE IF EXISTS paliad.submission_bases;

173
internal/db/migrations/146_submission_bases.up.sql
View File

@@ -1,173 +0,0 @@
-- t-paliad-313 (m/paliad#141): Composer Slice A — submission base catalog.
--
-- paliad.submission_bases is a thin pointer table — each row maps a
-- short, stable slug ("hlc-letterhead", "neutral", …) onto a Gitea path
-- that holds the actual .docx body, plus a JSON section-spec describing
-- the base's default section set, stylemap, and per-section seed
-- Markdown. The .docx in Gitea stays the source of truth for the
-- chrome, fonts, paragraph styles, and (in later slices) the
-- {{#section:KEY}} anchors. The DB row carries the listable metadata
-- the picker needs.
--
-- Visibility: every authenticated user SELECTs (the catalog is shared
-- firm-wide). Mutations are admin-only and enforced in Go at the
-- handler layer — RLS only gates reads.
--
-- Slice A seeds two rows:
-- 1. hlc-letterhead — points at the existing HLC firm skeleton
-- (_firm-skeleton.docx with HL Patents Style typography).
-- 2. neutral — points at the universal _skeleton.docx.
-- Specialist bases (lg-duesseldorf, upc-formal) land in Slice E with
-- their own .docx authoring task.
CREATE TABLE IF NOT EXISTS paliad.submission_bases (
id uuid PRIMARY KEY DEFAULT gen_random_uuid(),
slug text NOT NULL UNIQUE,
firm text,
proceeding_family text,
label_de text NOT NULL,
label_en text NOT NULL,
description_de text,
description_en text,
gitea_path text NOT NULL,
section_spec jsonb NOT NULL,
is_default_for text[] NOT NULL DEFAULT '{}'::text[],
is_active bool NOT NULL DEFAULT true,
created_at timestamptz NOT NULL DEFAULT now(),
updated_at timestamptz NOT NULL DEFAULT now()
);
CREATE INDEX IF NOT EXISTS submission_bases_firm_family_idx
ON paliad.submission_bases (firm, proceeding_family) WHERE is_active;
ALTER TABLE paliad.submission_bases ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS submission_bases_select ON paliad.submission_bases;
CREATE POLICY submission_bases_select
ON paliad.submission_bases FOR SELECT TO authenticated
USING (true);
-- INSERT / UPDATE / DELETE intentionally absent — admin-only mutations
-- happen via the handler layer with explicit role checks. No RLS path
-- for mutations means RLS denies them by default.
DROP TRIGGER IF EXISTS submission_bases_set_updated_at ON paliad.submission_bases;
CREATE TRIGGER submission_bases_set_updated_at
BEFORE UPDATE ON paliad.submission_bases
FOR EACH ROW EXECUTE FUNCTION paliad.tg_set_updated_at();
COMMENT ON TABLE paliad.submission_bases IS
't-paliad-313: Composer base catalog. One row per base template (HLC letterhead, neutral, …) pointing at a .docx in Gitea + a JSON section spec.';
-- Seed: HLC letterhead + neutral skeleton. The section_spec carries the
-- 10 default sections (letterhead, caption, introduction, requests,
-- facts, legal_argument, evidence, exhibits, closing, signature) with
-- their kinds, default order, and bilingual labels. seed_md_de /
-- seed_md_en are populated for the bag-driven sections (letterhead,
-- caption, signature); the remaining sections seed empty.
--
-- exhibits.included=false by default (lawyer opts in when an attachment
-- list applies). Every other section ships included=true.
INSERT INTO paliad.submission_bases
(slug, firm, proceeding_family, label_de, label_en, description_de, description_en, gitea_path, section_spec, is_default_for)
VALUES
('hlc-letterhead', 'HLC', NULL,
'HLC-Briefkopf', 'HLC letterhead',
'Mit HL Patents Style — Firmen-Header, Schriftarten, Absatzformaten.',
'With HL Patents Style — firm header, fonts, paragraph styles.',
'6 - material/Templates/Word/Paliad/HLC/_firm-skeleton.docx',
jsonb_build_object(
'version', 1,
'stylemap', jsonb_build_object(
'paragraph', 'HLpat-Body-B0',
'heading_1', 'HLpat-Heading-H1',
'heading_2', 'HLpat-Heading-H2',
'heading_3', 'HLpat-Heading-H3',
'list_bullet', 'HLpat-Body-B0',
'list_numbered', 'HLpat-Body-B0',
'blockquote', 'HLpat-Body-B1'
),
'defaults', jsonb_build_array(
jsonb_build_object('section_key','letterhead', 'kind','prose', 'order_index', 1, 'label_de','Briefkopf', 'label_en','Letterhead',
'included',true,
'seed_md_de', E'Schriftsatz von {{firm.name}}\n\n{{user.display_name}}, {{user.office}}',
'seed_md_en', E'Submission by {{firm.name}}\n\n{{user.display_name}}, {{user.office}}'),
jsonb_build_object('section_key','caption', 'kind','prose', 'order_index', 2, 'label_de','Rubrum', 'label_en','Caption',
'included',true,
'seed_md_de', E'In der Sache\n\n**{{parties.claimant.0.name}}**\nvertreten durch {{parties.claimant.0.representative}}\n\n— Klägerin —\n\ngegen\n\n**{{parties.defendant.0.name}}**\nvertreten durch {{parties.defendant.0.representative}}\n\n— Beklagte —\n\nAktenzeichen: {{project.case_number}}\n{{project.court}}',
'seed_md_en', E'In the matter\n\n**{{parties.claimant.0.name}}**\nrepresented by {{parties.claimant.0.representative}}\n\n— Claimant —\n\nv.\n\n**{{parties.defendant.0.name}}**\nrepresented by {{parties.defendant.0.representative}}\n\n— Defendant —\n\nCase number: {{project.case_number}}\n{{project.court}}'),
jsonb_build_object('section_key','introduction', 'kind','prose', 'order_index', 3, 'label_de','Einleitung', 'label_en','Introduction',
'included',true, 'seed_md_de', '', 'seed_md_en', ''),
jsonb_build_object('section_key','requests', 'kind','requests', 'order_index', 4, 'label_de','Anträge', 'label_en','Requests',
'included',true, 'seed_md_de', '', 'seed_md_en', ''),
jsonb_build_object('section_key','facts', 'kind','prose', 'order_index', 5, 'label_de','Sachverhalt', 'label_en','Facts',
'included',true, 'seed_md_de', '', 'seed_md_en', ''),
jsonb_build_object('section_key','legal_argument', 'kind','prose', 'order_index', 6, 'label_de','Rechtliche Würdigung', 'label_en','Legal argument',
'included',true, 'seed_md_de', '', 'seed_md_en', ''),
jsonb_build_object('section_key','evidence', 'kind','evidence', 'order_index', 7, 'label_de','Beweisangebote', 'label_en','Evidence offering',
'included',true, 'seed_md_de', '', 'seed_md_en', ''),
jsonb_build_object('section_key','exhibits', 'kind','prose', 'order_index', 8, 'label_de','Anlagen', 'label_en','Exhibits',
'included',false, 'seed_md_de', '', 'seed_md_en', ''),
jsonb_build_object('section_key','closing', 'kind','prose', 'order_index', 9, 'label_de','Schlussformel', 'label_en','Closing',
'included',true,
'seed_md_de', E'Mit freundlichen Grüßen',
'seed_md_en', E'Yours sincerely,'),
jsonb_build_object('section_key','signature', 'kind','prose', 'order_index',10, 'label_de','Unterschrift', 'label_en','Signature',
'included',true,
'seed_md_de', E'{{user.display_name}}\n{{user.office}}',
'seed_md_en', E'{{user.display_name}}\n{{user.office}}')
)
),
'{}'::text[]
),
('neutral', NULL, NULL,
'Neutraler Schriftsatz', 'Neutral skeleton',
'Universelle Vorlage ohne firmenspezifisches Branding.',
'Universal template with no firm-specific branding.',
'6 - material/Templates/Word/Paliad/HLC/_skeleton.docx',
jsonb_build_object(
'version', 1,
'stylemap', jsonb_build_object(
'paragraph', 'Normal',
'heading_1', 'Heading 1',
'heading_2', 'Heading 2',
'heading_3', 'Heading 3',
'list_bullet', 'Normal',
'list_numbered', 'Normal',
'blockquote', 'Quote'
),
'defaults', jsonb_build_array(
jsonb_build_object('section_key','letterhead', 'kind','prose', 'order_index', 1, 'label_de','Briefkopf', 'label_en','Letterhead',
'included',true,
'seed_md_de', E'Schriftsatz von {{firm.name}}\n\n{{user.display_name}}',
'seed_md_en', E'Submission by {{firm.name}}\n\n{{user.display_name}}'),
jsonb_build_object('section_key','caption', 'kind','prose', 'order_index', 2, 'label_de','Rubrum', 'label_en','Caption',
'included',true,
'seed_md_de', E'In der Sache\n\n**{{parties.claimant.0.name}}**\n— Klägerin —\n\ngegen\n\n**{{parties.defendant.0.name}}**\n— Beklagte —\n\nAktenzeichen: {{project.case_number}}',
'seed_md_en', E'In the matter\n\n**{{parties.claimant.0.name}}**\n— Claimant —\n\nv.\n\n**{{parties.defendant.0.name}}**\n— Defendant —\n\nCase number: {{project.case_number}}'),
jsonb_build_object('section_key','introduction', 'kind','prose', 'order_index', 3, 'label_de','Einleitung', 'label_en','Introduction',
'included',true, 'seed_md_de', '', 'seed_md_en', ''),
jsonb_build_object('section_key','requests', 'kind','requests', 'order_index', 4, 'label_de','Anträge', 'label_en','Requests',
'included',true, 'seed_md_de', '', 'seed_md_en', ''),
jsonb_build_object('section_key','facts', 'kind','prose', 'order_index', 5, 'label_de','Sachverhalt', 'label_en','Facts',
'included',true, 'seed_md_de', '', 'seed_md_en', ''),
jsonb_build_object('section_key','legal_argument', 'kind','prose', 'order_index', 6, 'label_de','Rechtliche Würdigung', 'label_en','Legal argument',
'included',true, 'seed_md_de', '', 'seed_md_en', ''),
jsonb_build_object('section_key','evidence', 'kind','evidence', 'order_index', 7, 'label_de','Beweisangebote', 'label_en','Evidence offering',
'included',true, 'seed_md_de', '', 'seed_md_en', ''),
jsonb_build_object('section_key','exhibits', 'kind','prose', 'order_index', 8, 'label_de','Anlagen', 'label_en','Exhibits',
'included',false, 'seed_md_de', '', 'seed_md_en', ''),
jsonb_build_object('section_key','closing', 'kind','prose', 'order_index', 9, 'label_de','Schlussformel', 'label_en','Closing',
'included',true,
'seed_md_de', E'Mit freundlichen Grüßen',
'seed_md_en', E'Yours sincerely,'),
jsonb_build_object('section_key','signature', 'kind','prose', 'order_index',10, 'label_de','Unterschrift', 'label_en','Signature',
'included',true,
'seed_md_de', E'{{user.display_name}}',
'seed_md_en', E'{{user.display_name}}')
)
),
'{}'::text[]
)
ON CONFLICT (slug) DO NOTHING;

5
internal/db/migrations/147_submission_drafts_composer.down.sql
View File

@@ -1,5 +0,0 @@
-- t-paliad-313: revert Composer columns on submission_drafts.
ALTER TABLE paliad.submission_drafts
DROP COLUMN IF EXISTS composer_meta,
DROP COLUMN IF EXISTS base_id;

31
internal/db/migrations/147_submission_drafts_composer.up.sql
View File

@@ -1,31 +0,0 @@
-- t-paliad-313 (m/paliad#141): Composer Slice A — point submission_drafts at a base.
--
-- Two purely-additive columns on paliad.submission_drafts:
--
-- base_id uuid — FK to paliad.submission_bases. NULL on existing
-- drafts (Slice A explicitly does NOT auto-upgrade pre-Composer
-- rows — that's Slice C). NEW drafts created post-Composer get
-- base_id seeded by SubmissionDraftService.Create from the firm
-- default for the proceeding family. ON DELETE SET NULL keeps a
-- draft renderable via the v1 fallback chain even if its base is
-- removed; the lawyer picks a new base via the sidebar.
--
-- composer_meta jsonb — Composer-specific metadata. For Slice A this
-- carries the seed-time section order so the editor paints without
-- a join. Future slices may add hidden_sections, active_locale,
-- etc.
--
-- No data backfill, no auto-upgrade — pre-Composer drafts keep base_id
-- NULL and render via the existing v1 path. The Go side has the
-- corresponding gate (base_id IS NULL OR no submission_sections rows →
-- v1 path).
ALTER TABLE paliad.submission_drafts
ADD COLUMN IF NOT EXISTS base_id uuid REFERENCES paliad.submission_bases(id) ON DELETE SET NULL,
ADD COLUMN IF NOT EXISTS composer_meta jsonb NOT NULL DEFAULT '{}'::jsonb;
COMMENT ON COLUMN paliad.submission_drafts.base_id IS
't-paliad-313: Composer base reference. NULL = pre-Composer draft, renders via v1 fallback chain. ON DELETE SET NULL.';
COMMENT ON COLUMN paliad.submission_drafts.composer_meta IS
't-paliad-313: Composer-side metadata (section_order, hidden_sections, …). jsonb, default {}.';

3
internal/db/migrations/148_submission_sections.down.sql
View File

@@ -1,3 +0,0 @@
-- t-paliad-313: revert submission_sections table.
DROP TABLE IF EXISTS paliad.submission_sections;

116
internal/db/migrations/148_submission_sections.up.sql
View File

@@ -1,116 +0,0 @@
-- t-paliad-313 (m/paliad#141): Composer Slice A — per-draft section rows.
--
-- paliad.submission_sections holds one row per (draft, section_key) for
-- Composer-mode drafts. Slice A seeds rows on draft create from the
-- base's section_spec.defaults; the editor renders them read-only. Slice
-- B turns them editable, Slice F adds reorder/hide/add-custom.
--
-- kind values per the design (Q10 ratification — no *_auto kind):
-- 'prose' — free Markdown content (default).
-- 'requests' — Anträge-style content (editor may add auto-numbering
-- later; Slice A treats identical to 'prose').
-- 'evidence' — Beweisangebote (editor may prefix lines with
-- 'Beweis: '; Slice A treats identical to 'prose').
--
-- Visibility flows through draft_id → submission_drafts → can_see_project
-- + owner-scoped. RLS policies mirror the four-policy shape on
-- submission_drafts so seeding from the Go service stays inside the
-- same RLS envelope.
--
-- content_md_de + content_md_en both NOT NULL DEFAULT '' so neither
-- side blocks the bilingual-by-construction render path. Empty content
-- renders as the missing-content marker per the editor's contract.
--
-- Per the brief (head's instruction msg #2392) Slice A does NOT auto-
-- upgrade the 11 pre-Composer drafts — those remain base_id=NULL with
-- no section rows. The v1 fallback render path stays compiled in to
-- keep them working.
CREATE TABLE IF NOT EXISTS paliad.submission_sections (
id uuid PRIMARY KEY DEFAULT gen_random_uuid(),
draft_id uuid NOT NULL REFERENCES paliad.submission_drafts(id) ON DELETE CASCADE,
section_key text NOT NULL,
order_index int NOT NULL,
kind text NOT NULL,
label_de text NOT NULL,
label_en text NOT NULL,
included bool NOT NULL DEFAULT true,
content_md_de text NOT NULL DEFAULT '',
content_md_en text NOT NULL DEFAULT '',
created_at timestamptz NOT NULL DEFAULT now(),
updated_at timestamptz NOT NULL DEFAULT now(),
CONSTRAINT submission_sections_kind_check
CHECK (kind IN ('prose', 'requests', 'evidence')),
CONSTRAINT submission_sections_unique_per_draft
UNIQUE (draft_id, section_key)
);
CREATE INDEX IF NOT EXISTS submission_sections_draft_idx
ON paliad.submission_sections (draft_id, order_index);
ALTER TABLE paliad.submission_sections ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS submission_sections_select ON paliad.submission_sections;
CREATE POLICY submission_sections_select
ON paliad.submission_sections FOR SELECT TO authenticated
USING (
EXISTS (
SELECT 1 FROM paliad.submission_drafts d
WHERE d.id = paliad.submission_sections.draft_id
AND d.user_id = auth.uid()
AND (d.project_id IS NULL OR paliad.can_see_project(d.project_id))
)
);
DROP POLICY IF EXISTS submission_sections_insert ON paliad.submission_sections;
CREATE POLICY submission_sections_insert
ON paliad.submission_sections FOR INSERT TO authenticated
WITH CHECK (
EXISTS (
SELECT 1 FROM paliad.submission_drafts d
WHERE d.id = paliad.submission_sections.draft_id
AND d.user_id = auth.uid()
AND (d.project_id IS NULL OR paliad.can_see_project(d.project_id))
)
);
DROP POLICY IF EXISTS submission_sections_update ON paliad.submission_sections;
CREATE POLICY submission_sections_update
ON paliad.submission_sections FOR UPDATE TO authenticated
USING (
EXISTS (
SELECT 1 FROM paliad.submission_drafts d
WHERE d.id = paliad.submission_sections.draft_id
AND d.user_id = auth.uid()
AND (d.project_id IS NULL OR paliad.can_see_project(d.project_id))
)
)
WITH CHECK (
EXISTS (
SELECT 1 FROM paliad.submission_drafts d
WHERE d.id = paliad.submission_sections.draft_id
AND d.user_id = auth.uid()
AND (d.project_id IS NULL OR paliad.can_see_project(d.project_id))
)
);
DROP POLICY IF EXISTS submission_sections_delete ON paliad.submission_sections;
CREATE POLICY submission_sections_delete
ON paliad.submission_sections FOR DELETE TO authenticated
USING (
EXISTS (
SELECT 1 FROM paliad.submission_drafts d
WHERE d.id = paliad.submission_sections.draft_id
AND d.user_id = auth.uid()
AND (d.project_id IS NULL OR paliad.can_see_project(d.project_id))
)
);
DROP TRIGGER IF EXISTS submission_sections_set_updated_at ON paliad.submission_sections;
CREATE TRIGGER submission_sections_set_updated_at
BEFORE UPDATE ON paliad.submission_sections
FOR EACH ROW EXECUTE FUNCTION paliad.tg_set_updated_at();
COMMENT ON TABLE paliad.submission_sections IS
't-paliad-313: per-draft Composer section rows. Slice A: seeded on draft create from base.section_spec.defaults, rendered read-only. Slice B: editable. RLS mirrors submission_drafts (owner-scoped + can_see_project).';

4
internal/db/migrations/149_submission_building_blocks.down.sql
View File

@@ -1,4 +0,0 @@
-- t-paliad-315: revert building blocks library.
DROP TABLE IF EXISTS paliad.submission_building_block_admin_versions;
DROP TABLE IF EXISTS paliad.submission_building_blocks;

118
internal/db/migrations/149_submission_building_blocks.up.sql
View File

@@ -1,118 +0,0 @@
-- t-paliad-315 (m/paliad#141): Composer Slice C — building blocks library.
--
-- Per the design at docs/design-submission-generator-v2-2026-05-26.md §4.4
-- and the Q2 / Q9 ratifications:
--
-- Q2 (m, 2026-05-26): building blocks are plain text paste sources.
-- No building_block_id reference is stored on submission_sections —
-- insertion is a one-way copy of content_md_<lang> into the section.
-- This table records the library; submission_sections doesn't know
-- where its content came from.
--
-- Q9 (m, 2026-05-26): four visibility tiers — private / team / firm
-- / global. Picker filtering and RLS SELECT predicate both honour
-- the tier. Tier upgrades (private → team/firm/global) go through
-- admin moderation in later slices; Slice C starts with admin-only
-- mutations (no user-initiated rows yet).
--
-- The _admin_versions companion table mirrors the email-templates
-- retention=20 audit history. It is INTERNAL to the admin editor —
-- not referenced from submission_sections, not exposed to the lawyer.
-- It exists so accidental delete + accidental overwrite are
-- recoverable.
CREATE TABLE IF NOT EXISTS paliad.submission_building_blocks (
id uuid PRIMARY KEY DEFAULT gen_random_uuid(),
slug text NOT NULL,
firm text, -- e.g. 'HLC', NULL = cross-firm
section_key text NOT NULL, -- which section kind this block fits
proceeding_family text, -- 'de.inf.lg', NULL = any family
title_de text NOT NULL,
title_en text NOT NULL,
description_de text,
description_en text,
content_md_de text NOT NULL DEFAULT '',
content_md_en text NOT NULL DEFAULT '',
author_id uuid REFERENCES paliad.users(id) ON DELETE SET NULL,
visibility text NOT NULL, -- 'private' | 'team' | 'firm' | 'global'
is_published bool NOT NULL DEFAULT false,
created_at timestamptz NOT NULL DEFAULT now(),
updated_at timestamptz NOT NULL DEFAULT now(),
deleted_at timestamptz,
CONSTRAINT submission_building_blocks_visibility_check
CHECK (visibility IN ('private', 'team', 'firm', 'global')),
CONSTRAINT submission_building_blocks_unique_slug_per_firm
UNIQUE (slug, firm)
);
CREATE INDEX IF NOT EXISTS submission_building_blocks_section_visibility_idx
ON paliad.submission_building_blocks (section_key, visibility, firm, proceeding_family)
WHERE deleted_at IS NULL AND is_published;
CREATE INDEX IF NOT EXISTS submission_building_blocks_author_idx
ON paliad.submission_building_blocks (author_id)
WHERE deleted_at IS NULL;
ALTER TABLE paliad.submission_building_blocks ENABLE ROW LEVEL SECURITY;
-- SELECT policy: coarse-grained RLS that admits every non-deleted
-- block to any authenticated user. The Go-side BuildingBlockService
-- applies the fine-grained tier predicate (private / team / firm /
-- global) using branding.Name + team-membership joins. This split
-- keeps the SQL simple and lets the tier semantics evolve in code
-- without RLS migrations.
--
-- The exception below is 'private': only the author sees their own
-- private rows. That's the hard line where a tier upgrade is
-- substantive enough to warrant DB-level enforcement.
DROP POLICY IF EXISTS submission_building_blocks_select ON paliad.submission_building_blocks;
CREATE POLICY submission_building_blocks_select
ON paliad.submission_building_blocks FOR SELECT TO authenticated
USING (
deleted_at IS NULL
AND (
visibility <> 'private'
OR author_id = auth.uid()
)
);
-- INSERT / UPDATE / DELETE intentionally absent — admin mutations
-- happen at the Go handler layer with explicit adminGate. RLS without
-- mutation policies denies them by default.
DROP TRIGGER IF EXISTS submission_building_blocks_set_updated_at ON paliad.submission_building_blocks;
CREATE TRIGGER submission_building_blocks_set_updated_at
BEFORE UPDATE ON paliad.submission_building_blocks
FOR EACH ROW EXECUTE FUNCTION paliad.tg_set_updated_at();
COMMENT ON TABLE paliad.submission_building_blocks IS
't-paliad-315: Composer building-block library. Plain text paste sources for section content (no lineage tracked on sections per Q2 ratification). 4-tier visibility per Q9.';
-- _admin_versions: append-only history per block. Admin-side only;
-- not referenced from submission_sections. Retention 20 per block,
-- GCed in the same transaction as the Save (mirrors email-templates).
CREATE TABLE IF NOT EXISTS paliad.submission_building_block_admin_versions (
id uuid PRIMARY KEY DEFAULT gen_random_uuid(),
building_block_id uuid NOT NULL REFERENCES paliad.submission_building_blocks(id) ON DELETE CASCADE,
content_md_de text NOT NULL,
content_md_en text NOT NULL,
title_de text NOT NULL,
title_en text NOT NULL,
edited_by uuid REFERENCES paliad.users(id) ON DELETE SET NULL,
note text,
created_at timestamptz NOT NULL DEFAULT now()
);
CREATE INDEX IF NOT EXISTS submission_building_block_admin_versions_block_idx
ON paliad.submission_building_block_admin_versions (building_block_id, created_at DESC);
ALTER TABLE paliad.submission_building_block_admin_versions ENABLE ROW LEVEL SECURITY;
-- Admin-only audit; the handler layer gates this via adminGate and
-- writes via SECURITY DEFINER paths or admin-role SQL. No RLS SELECT
-- policy exists, so non-admin users get an empty result set.
COMMENT ON TABLE paliad.submission_building_block_admin_versions IS
't-paliad-315: append-only history per building block. Admin-side only; retention 20 rows per block, GCed at Save time.';

3
internal/db/migrations/150_submission_bases_specialist.down.sql
View File

@@ -1,3 +0,0 @@
-- t-paliad-317: revert specialist base seed rows.
DELETE FROM paliad.submission_bases WHERE slug IN ('lg-duesseldorf', 'upc-formal');

128
internal/db/migrations/150_submission_bases_specialist.up.sql
View File

@@ -1,128 +0,0 @@
-- t-paliad-317 (m/paliad#141): Composer Slice E — specialist bases.
--
-- Two firm-agnostic bases for proceeding-family-specific styling:
--
-- lg-duesseldorf — DE LG (de.inf.lg) conservative German legal style.
-- Times New Roman 11pt; black headings.
-- upc-formal — UPC court of first instance (upc.inf.cfi) formal
-- style. Calibri 11pt body; UPC-blue (1F3864) headings;
-- Cambria italic for blockquotes.
--
-- The .docx body for each is a minimal Composer-mode skeleton with
-- the 10 default section anchors and an empty rels envelope. The
-- styles.xml declares the {prefix}-Body / -Heading1/2/3 / -ListBullet
-- / -ListNumber / -Quote paragraph styles + a "Hyperlink" character
-- style (matches the MD walker's emitted r:id="rIdComposerN" link
-- runs from Slice D).
--
-- Generator: scripts/gen-submission-base/main.go (each preset hard-
-- codes the typography). The .docx files are uploaded to Gitea at
-- 6 - material/Templates/Word/Paliad/Composer/{slug}.docx as mAi.
--
-- The mig is additive only: ON CONFLICT (slug) DO NOTHING keeps a
-- re-run safe and existing rows untouched.
INSERT INTO paliad.submission_bases
(slug, firm, proceeding_family, label_de, label_en,
description_de, description_en,
gitea_path, section_spec, is_default_for)
VALUES
('lg-duesseldorf', NULL, 'de.inf.lg',
'LG-Düsseldorf-Stil', 'LG-Düsseldorf style',
'Konservativer DE-LG-Stil: Times New Roman 11pt, schlichte Überschriften.',
'Conservative DE LG style: Times New Roman 11pt, plain headings.',
'6 - material/Templates/Word/Paliad/Composer/lg-duesseldorf.docx',
jsonb_build_object(
'version', 1,
'stylemap', jsonb_build_object(
'paragraph', 'LG-Body',
'heading_1', 'LG-Heading1',
'heading_2', 'LG-Heading2',
'heading_3', 'LG-Heading3',
'list_bullet', 'LG-ListBullet',
'list_numbered', 'LG-ListNumber',
'blockquote', 'LG-Quote'
),
'defaults', jsonb_build_array(
jsonb_build_object('section_key','letterhead', 'kind','prose', 'order_index', 1, 'label_de','Briefkopf', 'label_en','Letterhead',
'included',true,
'seed_md_de', E'Schriftsatz von {{firm.name}}\n\n{{user.display_name}}',
'seed_md_en', E'Submission by {{firm.name}}\n\n{{user.display_name}}'),
jsonb_build_object('section_key','caption', 'kind','prose', 'order_index', 2, 'label_de','Rubrum', 'label_en','Caption',
'included',true,
'seed_md_de', E'In der Sache\n\n**{{parties.claimant.0.name}}**\n— Klägerin —\n\ngegen\n\n**{{parties.defendant.0.name}}**\n— Beklagte —\n\nAktenzeichen: {{project.case_number}}\n{{project.court}}',
'seed_md_en', E'In the matter\n\n**{{parties.claimant.0.name}}**\n— Claimant —\n\nv.\n\n**{{parties.defendant.0.name}}**\n— Defendant —\n\nCase number: {{project.case_number}}\n{{project.court}}'),
jsonb_build_object('section_key','introduction', 'kind','prose', 'order_index', 3, 'label_de','Einleitung', 'label_en','Introduction',
'included',true, 'seed_md_de', '', 'seed_md_en', ''),
jsonb_build_object('section_key','requests', 'kind','requests', 'order_index', 4, 'label_de','Anträge', 'label_en','Requests',
'included',true, 'seed_md_de', '', 'seed_md_en', ''),
jsonb_build_object('section_key','facts', 'kind','prose', 'order_index', 5, 'label_de','Sachverhalt', 'label_en','Facts',
'included',true, 'seed_md_de', '', 'seed_md_en', ''),
jsonb_build_object('section_key','legal_argument', 'kind','prose', 'order_index', 6, 'label_de','Rechtliche Würdigung', 'label_en','Legal argument',
'included',true, 'seed_md_de', '', 'seed_md_en', ''),
jsonb_build_object('section_key','evidence', 'kind','evidence', 'order_index', 7, 'label_de','Beweisangebote', 'label_en','Evidence offering',
'included',true, 'seed_md_de', '', 'seed_md_en', ''),
jsonb_build_object('section_key','exhibits', 'kind','prose', 'order_index', 8, 'label_de','Anlagen', 'label_en','Exhibits',
'included',false, 'seed_md_de', '', 'seed_md_en', ''),
jsonb_build_object('section_key','closing', 'kind','prose', 'order_index', 9, 'label_de','Schlussformel', 'label_en','Closing',
'included',true,
'seed_md_de', E'Mit freundlichen Grüßen',
'seed_md_en', E'Yours sincerely,'),
jsonb_build_object('section_key','signature', 'kind','prose', 'order_index',10, 'label_de','Unterschrift', 'label_en','Signature',
'included',true,
'seed_md_de', E'{{user.display_name}}',
'seed_md_en', E'{{user.display_name}}')
)
),
'{}'::text[]
),
('upc-formal', NULL, 'upc.inf.cfi',
'UPC-Verfahren', 'UPC formal',
'UPC-Verfahrensstil: Calibri 11pt, UPC-blaue Überschriften, Cambria-Zitate.',
'UPC court style: Calibri 11pt, UPC-blue headings, Cambria quotes.',
'6 - material/Templates/Word/Paliad/Composer/upc-formal.docx',
jsonb_build_object(
'version', 1,
'stylemap', jsonb_build_object(
'paragraph', 'UPC-Body',
'heading_1', 'UPC-Heading1',
'heading_2', 'UPC-Heading2',
'heading_3', 'UPC-Heading3',
'list_bullet', 'UPC-ListBullet',
'list_numbered', 'UPC-ListNumber',
'blockquote', 'UPC-Quote'
),
'defaults', jsonb_build_array(
jsonb_build_object('section_key','letterhead', 'kind','prose', 'order_index', 1, 'label_de','Briefkopf', 'label_en','Letterhead',
'included',true,
'seed_md_de', E'Schriftsatz von {{firm.name}}\n\n{{user.display_name}}',
'seed_md_en', E'Submission by {{firm.name}}\n\n{{user.display_name}}'),
jsonb_build_object('section_key','caption', 'kind','prose', 'order_index', 2, 'label_de','Rubrum', 'label_en','Caption',
'included',true,
'seed_md_de', E'# In the matter\n\n**{{parties.claimant.0.name}}**\nrepresented by {{parties.claimant.0.representative}}\n— Claimant —\n\nv.\n\n**{{parties.defendant.0.name}}**\nrepresented by {{parties.defendant.0.representative}}\n— Defendant —\n\nUPC-Aktenzeichen: {{project.case_number}}\nStreitpatent: {{project.patent_number_upc}}',
'seed_md_en', E'# In the matter\n\n**{{parties.claimant.0.name}}**\nrepresented by {{parties.claimant.0.representative}}\n— Claimant —\n\nv.\n\n**{{parties.defendant.0.name}}**\nrepresented by {{parties.defendant.0.representative}}\n— Defendant —\n\nUPC case number: {{project.case_number}}\nPatent in suit: {{project.patent_number_upc}}'),
jsonb_build_object('section_key','introduction', 'kind','prose', 'order_index', 3, 'label_de','Einleitung', 'label_en','Introduction',
'included',true, 'seed_md_de', '', 'seed_md_en', ''),
jsonb_build_object('section_key','requests', 'kind','requests', 'order_index', 4, 'label_de','Anträge', 'label_en','Requests',
'included',true, 'seed_md_de', '', 'seed_md_en', ''),
jsonb_build_object('section_key','facts', 'kind','prose', 'order_index', 5, 'label_de','Sachverhalt', 'label_en','Facts',
'included',true, 'seed_md_de', '', 'seed_md_en', ''),
jsonb_build_object('section_key','legal_argument', 'kind','prose', 'order_index', 6, 'label_de','Rechtliche Würdigung', 'label_en','Legal argument',
'included',true, 'seed_md_de', '', 'seed_md_en', ''),
jsonb_build_object('section_key','evidence', 'kind','evidence', 'order_index', 7, 'label_de','Beweisangebote', 'label_en','Evidence offering',
'included',true, 'seed_md_de', '', 'seed_md_en', ''),
jsonb_build_object('section_key','exhibits', 'kind','prose', 'order_index', 8, 'label_de','Anlagen', 'label_en','Exhibits',
'included',false, 'seed_md_de', '', 'seed_md_en', ''),
jsonb_build_object('section_key','closing', 'kind','prose', 'order_index', 9, 'label_de','Schlussformel', 'label_en','Closing',
'included',true,
'seed_md_de', E'Mit freundlichen Grüßen',
'seed_md_en', E'Yours sincerely,'),
jsonb_build_object('section_key','signature', 'kind','prose', 'order_index',10, 'label_de','Unterschrift', 'label_en','Signature',
'included',true,
'seed_md_de', E'{{user.display_name}}',
'seed_md_en', E'{{user.display_name}}')
)
),
'{}'::text[]
)
ON CONFLICT (slug) DO NOTHING;

69
internal/db/testdata/README.md vendored
View File

@@ -1,69 +0,0 @@
# `internal/db/testdata/` — CI snapshot
## `prod-snapshot.sql`
Schema-only `pg_dump` of paliad's prod DB (youpc-supabase paliad schema)
plus the rows of `paliad.applied_migrations` that match this branch's
on-disk migration set.
**Purpose.** Lets CI's migration smoke (`.gitea/workflows/test.yaml`)
restore a Postgres scratch DB to "paliad at HEAD-of-snapshot" without
having to replay 131 migrations from scratch. ApplyMigrations on the
restored DB sees the applied set and only runs whatever NEW migrations
this PR adds — exactly the integration shape we want to test, and the
same shape prod sees on every deploy.
**Why a snapshot at all.** Running ApplyMigrations from scratch against a
fresh `supabase/postgres:15.8.1.060` surfaces multiple fresh-DB
idempotence bugs in historical migrations (raw `COMMIT;` in mig 051,
missing `CREATE EXTENSION pg_trgm` for mig 037, ALTER POLICY
exception-handler gaps in mig 024/027 — the last is fixed in this PR).
Fixing them all is a separate cleanup. The snapshot sidesteps them by
starting CI from a state where every historical migration is already
applied as it was in prod.
**Schema scope.** `--schema=paliad` only. Auth schema comes baked into
`supabase/postgres`; CI's setup step installs `pg_trgm` before restoring.
**Ownership.** `--no-owner --no-privileges` keeps the dump portable
across role topologies (CI's supabase_admin / postgres / authenticated /
anon don't have to match prod's exact role layout). The role-split smoke
relies on `postgres` being a non-superuser, which is true on
supabase/postgres by default.
**Refresh.** Run `make refresh-snapshot` with `PALIAD_PROD_DATABASE_URL`
set to a Postgres URL with `pg_dump` rights on youpc-supabase. The
target appends data rows for `paliad.applied_migrations`, strips
`\restrict` / `\unrestrict` commands (pg 16 dump → pg 15 restore), and
filters out applied-migrations rows for versions beyond the branch's
local max. The CI workflow consumes the resulting file verbatim.
**Verify a refresh.** Boot a local scratch:
```bash
docker run -d --rm --name paliad-snap \
-e POSTGRES_PASSWORD=ci -e POSTGRES_DB=paliad_scratch \
-p 15433:5432 supabase/postgres:15.8.1.060
sleep 5
docker exec -e PGPASSWORD=ci paliad-snap psql -h localhost -U supabase_admin -d paliad_scratch \
-c "GRANT CREATE ON DATABASE paliad_scratch TO postgres;" \
-c "CREATE EXTENSION IF NOT EXISTS pg_trgm;"
cat internal/db/testdata/prod-snapshot.sql | docker exec -i -e PGPASSWORD=ci paliad-snap \
psql -h localhost -U postgres -d paliad_scratch -v ON_ERROR_STOP=1
TEST_DATABASE_URL="postgres://postgres:ci@localhost:15433/paliad_scratch?sslmode=disable" \
TEST_APP_DATABASE_URL="postgres://postgres:ci@localhost:15433/paliad_scratch?sslmode=disable" \
go test -count=1 -run 'TestMigrations|TestBootSmoke|TestHealthReady_Live' ./internal/db/ ./cmd/server/
docker stop paliad-snap
```
All four named tests must pass. If any fails after a refresh,
investigate before merging — usually because a new migration was added
to prod that this branch doesn't have on disk yet.
**Why is the snapshot not gzipped?** Small enough (~200 KB) that the
diff stays human-readable in `git diff` reviews. If it crosses ~1 MB,
gzip + decompress-on-restore in CI.
**Privacy.** Schema-only dump, no row data from any paliad table (except
`paliad.applied_migrations`, which contains migration filenames +
checksums — public info already in the repo).

6278
internal/db/testdata/prod-snapshot.sql vendored
View File

File diff suppressed because it is too large Load Diff

165
internal/handlers/admin_rules.go
View File

@@ -8,7 +8,6 @@ import (
"github.com/google/uuid"
"mgit.msbls.de/m/paliad/internal/models"
"mgit.msbls.de/m/paliad/internal/services"
)
@@ -26,60 +25,6 @@ import (
// is mapped to 409 Conflict so the editor UI can show a clear "must
// clone first" hint.
// Slice B.5 (t-paliad-305) JSON envelope renames:
//
// - submission_code → code (procedural-event identifier)
// - event_type → event_kind (procedural-event taxonomy)
//
// Wire compatibility: every response emits BOTH the legacy and the
// canonical keys for one slice (see Deprecation HTTP header on the
// response). Input bodies accept either name on the request; the
// canonical key wins when both are present.
//
// adminRuleResponse wraps models.DeadlineRule (= litigationplanner.Rule)
// to add the canonical `code` + `event_kind` fields alongside the
// historical `submission_code` + `event_type` already on Rule's tags.
// The embedded *models.DeadlineRule carries every existing tag through
// json.Marshal unchanged; the wrapper only ADDS the two new keys.
type adminRuleResponse struct {
*models.DeadlineRule
Code *string `json:"code,omitempty"`
EventKind *string `json:"event_kind,omitempty"`
}
// wrapRuleResponse builds the dual-emit wrapper from a service result.
// Same values, two keys per concept — no semantic change.
func wrapRuleResponse(r *models.DeadlineRule) adminRuleResponse {
if r == nil {
return adminRuleResponse{}
}
return adminRuleResponse{
DeadlineRule: r,
Code: r.SubmissionCode,
EventKind: r.EventType,
}
}
// wrapRuleListResponse maps a slice of service results into the
// dual-emit wrapper. Used by the LIST endpoint.
func wrapRuleListResponse(rows []models.DeadlineRule) []adminRuleResponse {
out := make([]adminRuleResponse, len(rows))
for i := range rows {
out[i] = wrapRuleResponse(&rows[i])
}
return out
}
// adminRuleDeprecationHeaders writes the IETF "Deprecation" + "Sunset"
// HTTP headers signaling that the legacy `submission_code` /
// `event_type` JSON keys are being retired in favour of `code` /
// `event_kind`. RFC 8594 (Sunset) + draft-ietf-httpapi-deprecation-header.
// Clients should migrate within one slice cycle.
func adminRuleDeprecationHeaders(w http.ResponseWriter) {
w.Header().Set("Deprecation", `true; key="submission_code,event_type"`)
w.Header().Set("Link", `<https://mgit.msbls.de/m/paliad/issues/93>; rel="deprecation"`)
}
// GET /admin/api/rules — paginated list with filters.
func handleAdminListRules(w http.ResponseWriter, r *http.Request) {
if dbSvc == nil || dbSvc.ruleEditor == nil {
@@ -128,8 +73,7 @@ func handleAdminListRules(w http.ResponseWriter, r *http.Request) {
writeRuleEditorError(w, err)
return
}
adminRuleDeprecationHeaders(w)
writeJSON(w, http.StatusOK, wrapRuleListResponse(rows))
writeJSON(w, http.StatusOK, rows)
}
// GET /admin/api/rules/{id}
@@ -147,8 +91,7 @@ func handleAdminGetRule(w http.ResponseWriter, r *http.Request) {
writeRuleEditorError(w, err)
return
}
adminRuleDeprecationHeaders(w)
writeJSON(w, http.StatusOK, wrapRuleResponse(row))
writeJSON(w, http.StatusOK, row)
}
// POST /admin/api/rules — create draft.
@@ -165,15 +108,12 @@ func handleAdminCreateRule(w http.ResponseWriter, r *http.Request) {
writeJSON(w, http.StatusBadRequest, map[string]string{"error": "invalid JSON"})
return
}
// Slice B.5 (t-paliad-305): accept both legacy + canonical JSON keys.
body.CreateRuleInput.CoalesceCanonicalKeys()
row, err := dbSvc.ruleEditor.Create(r.Context(), body.CreateRuleInput, body.Reason)
if err != nil {
writeRuleEditorError(w, err)
return
}
adminRuleDeprecationHeaders(w)
writeJSON(w, http.StatusCreated, wrapRuleResponse(row))
writeJSON(w, http.StatusCreated, row)
}
// PATCH /admin/api/rules/{id} — partial update of a draft.
@@ -194,15 +134,12 @@ func handleAdminPatchRule(w http.ResponseWriter, r *http.Request) {
writeJSON(w, http.StatusBadRequest, map[string]string{"error": "invalid JSON"})
return
}
// Slice B.5 (t-paliad-305): accept both legacy + canonical JSON keys.
body.RulePatch.CoalesceCanonicalKeys()
row, err := dbSvc.ruleEditor.UpdateDraft(r.Context(), id, body.RulePatch, body.Reason)
if err != nil {
writeRuleEditorError(w, err)
return
}
adminRuleDeprecationHeaders(w)
writeJSON(w, http.StatusOK, wrapRuleResponse(row))
writeJSON(w, http.StatusOK, row)
}
// POST /admin/api/rules/{id}/clone-as-draft
@@ -224,8 +161,7 @@ func handleAdminCloneAsDraft(w http.ResponseWriter, r *http.Request) {
writeRuleEditorError(w, err)
return
}
adminRuleDeprecationHeaders(w)
writeJSON(w, http.StatusCreated, wrapRuleResponse(row))
writeJSON(w, http.StatusCreated, row)
}
// POST /admin/api/rules/{id}/publish
@@ -247,8 +183,7 @@ func handleAdminPublishRule(w http.ResponseWriter, r *http.Request) {
writeRuleEditorError(w, err)
return
}
adminRuleDeprecationHeaders(w)
writeJSON(w, http.StatusOK, wrapRuleResponse(row))
writeJSON(w, http.StatusOK, row)
}
// POST /admin/api/rules/{id}/archive
@@ -270,8 +205,7 @@ func handleAdminArchiveRule(w http.ResponseWriter, r *http.Request) {
writeRuleEditorError(w, err)
return
}
adminRuleDeprecationHeaders(w)
writeJSON(w, http.StatusOK, wrapRuleResponse(row))
writeJSON(w, http.StatusOK, row)
}
// POST /admin/api/rules/{id}/restore
@@ -293,8 +227,7 @@ func handleAdminRestoreRule(w http.ResponseWriter, r *http.Request) {
writeRuleEditorError(w, err)
return
}
adminRuleDeprecationHeaders(w)
writeJSON(w, http.StatusOK, wrapRuleResponse(row))
writeJSON(w, http.StatusOK, row)
}
// GET /admin/api/rules/{id}/audit?offset=N&limit=M
@@ -366,6 +299,21 @@ func handleAdminPreviewRule(w http.ResponseWriter, r *http.Request) {
writeJSON(w, http.StatusOK, resp)
}
// GET /admin/api/rules/export-migrations?since=<audit_id>
func handleAdminExportRuleMigrations(w http.ResponseWriter, r *http.Request) {
if dbSvc == nil || dbSvc.ruleEditor == nil {
writeJSON(w, http.StatusServiceUnavailable, map[string]string{"error": "rule editor unavailable"})
return
}
since := r.URL.Query().Get("since")
out, err := dbSvc.ruleEditor.ExportMigrationsSince(r.Context(), since)
if err != nil {
writeRuleEditorError(w, err)
return
}
writeJSON(w, http.StatusOK, out)
}
// =============================================================================
// Page handlers — serve the static SPA shells. Auth + admin gate live
// at the route registration in handlers.go.
@@ -379,6 +327,10 @@ func handleAdminRulesEditPage(w http.ResponseWriter, r *http.Request) {
http.ServeFile(w, r, "dist/admin-rules-edit.html")
}
func handleAdminRulesExportPage(w http.ResponseWriter, r *http.Request) {
http.ServeFile(w, r, "dist/admin-rules-export.html")
}
// =============================================================================
// helpers
// =============================================================================
@@ -486,66 +438,3 @@ func handleAdminResolveOrphan(w http.ResponseWriter, r *http.Request) {
}
writeJSON(w, http.StatusOK, map[string]string{"status": "resolved"})
}
// Slice B.6 (t-paliad-305) — 301 redirect helpers for the legacy
// /admin/rules* paths. New canonical paths live under
// /admin/procedural-events; the redirects keep external bookmarks,
// audit-log entries, and curl scripts working through one
// deprecation cycle.
//
// Three flavours:
//
// * redirectToProceduralEvents(newPath) — fixed redirect target
// (used by the parameter-less paths /admin/rules and
// /admin/api/rules).
// * redirectToProceduralEventEdit — page path with {id}/edit suffix.
// * redirectToProceduralEventAPI(suffix) — JSON API paths that carry
// an {id} and optional suffix (/clone-as-draft, /publish, …).
//
// All emit 301 Moved Permanently — caches and browsers learn the new
// URL once and stop hitting the legacy path. The IETF Deprecation
// header is added so machine clients see the migration signal
// alongside the redirect.
// redirectToProceduralEvents returns an http.HandlerFunc that 301s to
// the supplied destination path. Query string is preserved.
func redirectToProceduralEvents(dst string) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
target := dst
if r.URL.RawQuery != "" {
target += "?" + r.URL.RawQuery
}
w.Header().Set("Deprecation", `true; path="/admin/rules"`)
w.Header().Set("Link", `</admin/procedural-events>; rel="successor-version"`)
http.Redirect(w, r, target, http.StatusMovedPermanently)
}
}
// redirectToProceduralEventEdit 301s GET /admin/rules/{id}/edit →
// /admin/procedural-events/{id}/edit.
func redirectToProceduralEventEdit(w http.ResponseWriter, r *http.Request) {
id := r.PathValue("id")
target := "/admin/procedural-events/" + id + "/edit"
if r.URL.RawQuery != "" {
target += "?" + r.URL.RawQuery
}
w.Header().Set("Deprecation", `true; path="/admin/rules/{id}/edit"`)
w.Header().Set("Link", `</admin/procedural-events/{id}/edit>; rel="successor-version"`)
http.Redirect(w, r, target, http.StatusMovedPermanently)
}
// redirectToProceduralEventAPI 301s /admin/api/rules/{id}[/suffix] →
// /admin/api/procedural-events/{id}[/suffix]. The optional suffix
// covers /clone-as-draft, /publish, /archive, /restore, /audit, /preview.
func redirectToProceduralEventAPI(suffix string) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
id := r.PathValue("id")
target := "/admin/api/procedural-events/" + id + suffix
if r.URL.RawQuery != "" {
target += "?" + r.URL.RawQuery
}
w.Header().Set("Deprecation", `true; path="/admin/api/rules/{id}`+suffix+`"`)
w.Header().Set("Link", `</admin/api/procedural-events/{id}`+suffix+`>; rel="successor-version"`)
http.Redirect(w, r, target, http.StatusMovedPermanently)
}
}

203
internal/handlers/files.go
View File

@@ -3,7 +3,6 @@ package handlers
import (
"context"
"encoding/json"
"errors"
"fmt"
"io"
"log"
@@ -13,7 +12,6 @@ import (
"time"
"mgit.msbls.de/m/paliad/internal/branding"
"mgit.msbls.de/m/paliad/internal/services"
)
const (
@@ -99,48 +97,8 @@ var fileRegistry = map[string]fileEntry{
RepoName: "mWorkRepo",
FilePath: "6 - material/Templates/Word/Paliad/" + branding.Name + "/_firm-skeleton.docx",
},
// English skeleton variant (t-paliad-276). Sibling of
// `_skeleton.docx`; used when a draft's language='en' and no
// per-code EN template exists. If the file isn't authored yet in
// mWorkRepo, the Gitea fetch fails and resolveSubmissionTemplate
// falls through to the DE skeleton — visible to the user as the
// "Fallback: universelles Skelett" notice on the draft editor.
skeletonSubmissionENSlug: {
RawURL: "https://mgit.msbls.de/m/mWorkRepo/raw/branch/main/6%20-%20material/Templates/Word/Paliad/" + branding.Name + "/_skeleton.en.docx",
DownloadName: branding.Name + " — Submission skeleton.docx",
ContentType: "application/vnd.openxmlformats-officedocument.wordprocessingml.document",
RepoOwner: "m",
RepoName: "mWorkRepo",
FilePath: "6 - material/Templates/Word/Paliad/" + branding.Name + "/_skeleton.en.docx",
},
// t-paliad-317 Composer Slice E — specialist firm-agnostic bases.
// Both live under Composer/ (not under HLC/) so a future non-HLC
// deployment serves the same cross-firm files. Body = anchor-only
// per Slice B; styles.xml carries the preset's typography.
composerBaseLGDuesseldorfSlug: {
RawURL: "https://mgit.msbls.de/m/mWorkRepo/raw/branch/main/6%20-%20material/Templates/Word/Paliad/Composer/lg-duesseldorf.docx",
DownloadName: "LG-Düsseldorf Stil.docx",
ContentType: "application/vnd.openxmlformats-officedocument.wordprocessingml.document",
RepoOwner: "m",
RepoName: "mWorkRepo",
FilePath: "6 - material/Templates/Word/Paliad/Composer/lg-duesseldorf.docx",
},
composerBaseUPCFormalSlug: {
RawURL: "https://mgit.msbls.de/m/mWorkRepo/raw/branch/main/6%20-%20material/Templates/Word/Paliad/Composer/upc-formal.docx",
DownloadName: "UPC formal.docx",
ContentType: "application/vnd.openxmlformats-officedocument.wordprocessingml.document",
RepoOwner: "m",
RepoName: "mWorkRepo",
FilePath: "6 - material/Templates/Word/Paliad/Composer/upc-formal.docx",
},
}
// t-paliad-317 Composer Slice E — slugs for the new specialist bases.
const (
composerBaseLGDuesseldorfSlug = "submission/composer/lg-duesseldorf.docx"
composerBaseUPCFormalSlug = "submission/composer/upc-formal.docx"
)
// skeletonSubmissionSlug names the universal skeleton template inside
// the shared fileRegistry cache. Exported via a const so handler code
// (resolveSubmissionTemplate, hlPatentsStyleSHA's sibling) refers to
@@ -155,11 +113,6 @@ const skeletonSubmissionSlug = "submission/_skeleton.docx"
// codes without a dedicated template still render with firm branding.
const firmSkeletonSubmissionSlug = "submission/_firm-skeleton.docx"
// skeletonSubmissionENSlug names the English skeleton variant used when
// a draft's language='en' and no per-code EN template exists
// (t-paliad-276). Same role as skeletonSubmissionSlug but in EN.
const skeletonSubmissionENSlug = "submission/_skeleton.en.docx"
// submissionTemplateRegistry maps a deadline-rule submission_code to a
// fileRegistry slug. Lookup order matches the cronus design fallback
// chain §8: per-firm `templates/{FIRM_NAME}/{code}.docx` first, then
@@ -169,32 +122,14 @@ const skeletonSubmissionENSlug = "submission/_skeleton.en.docx"
// the file itself lives in mWorkRepo and is served through the shared
// Gitea proxy cache so refreshes are visible to all consumers in one
// place.
//
// t-paliad-276: codes that ship an EN sibling
// (e.g. `de.inf.lg.erwidg.en.docx`) also register it in
// submissionTemplateENRegistry; the language-aware lookup
// (resolveSubmissionTemplate(ctx, code, lang)) prefers the language-
// suffixed slug and falls back to the unsuffixed one when no per-firm
// EN variant exists.
var submissionTemplateRegistry = map[string]string{
"de.inf.lg.erwidg": "submission/de.inf.lg.erwidg.docx",
}
// submissionTemplateENRegistry maps a submission_code to the EN
// variant slug. Empty when no EN template has been authored — the
// lookup falls through to the unsuffixed (DE-baked) template and the
// editor surfaces the "Fallback: universelles Skelett" notice when
// even the skeleton has no EN sibling.
var submissionTemplateENRegistry = map[string]string{}
// fetchSubmissionTemplateBytes returns the per-submission_code template
// bytes (and provenance SHA) when one is registered. The bool result
// distinguishes "no per-code template registered" (callers fall back to
// HL Patents Style) from an upstream fetch error.
//
// Language-suffixed variants (t-paliad-276) are served via
// fetchSubmissionTemplateBytesForLang — this base function returns the
// unsuffixed registry entry only (the legacy DE-baked template).
func fetchSubmissionTemplateBytes(ctx context.Context, submissionCode string) ([]byte, string, bool, error) {
slug, ok := submissionTemplateRegistry[submissionCode]
if !ok {
@@ -300,113 +235,6 @@ func handleFileRefresh(w http.ResponseWriter, r *http.Request) {
writeJSON(w, http.StatusOK, map[string]string{"ok": "true", "message": "Cache cleared"})
}
// fetchSubmissionTemplateBytesForLang returns the per-(code, lang)
// template bytes when a language-suffixed variant is registered. Used
// only for the EN variant today; DE goes through the unsuffixed
// fetchSubmissionTemplateBytes (which is the legacy / authoritative
// DE registry). t-paliad-276.
//
// Returned bool = "variant registered AND fetched OK". A registered
// variant whose file 404s on Gitea returns (nil, "", false, nil) so
// the caller falls through to the unsuffixed template, mirroring the
// behaviour for unregistered codes.
func fetchSubmissionTemplateBytesForLang(ctx context.Context, submissionCode, lang string) ([]byte, string, bool, error) {
if lang != "en" {
// Only EN has a separate registry today. DE goes through the
// unsuffixed path which is the authoritative DE template.
return nil, "", false, nil
}
slug, ok := submissionTemplateENRegistry[submissionCode]
if !ok {
return nil, "", false, nil
}
entry, ok := fileRegistry[slug]
if !ok {
return nil, "", false, fmt.Errorf("file proxy: submission template slug %q not registered", slug)
}
ce := getCacheEntry(slug)
ce.mu.RLock()
hasData := len(ce.data) > 0
needsCheck := time.Since(ce.lastChecked) >= checkInterval
ce.mu.RUnlock()
if !hasData {
if err := fileFetch(ce, entry); err != nil {
// Treat upstream miss as "variant unavailable" so the
// resolver falls through to the DE template instead of
// surfacing a 502.
log.Printf("file proxy: EN variant fetch failed for %s (%s): %v — falling through", submissionCode, slug, err)
return nil, "", false, nil
}
} else if needsCheck {
go fileCheckAndRefresh(ce, entry)
}
ce.mu.RLock()
defer ce.mu.RUnlock()
if len(ce.data) == 0 {
return nil, "", false, nil
}
out := make([]byte, len(ce.data))
copy(out, ce.data)
_ = ctx
return out, ce.sha, true, nil
}
// fetchSubmissionSkeletonBytesForLang returns the cached skeleton
// template bytes for the requested language. EN falls back to DE when
// the EN skeleton hasn't been authored yet (t-paliad-276). Returned
// bool flags whether the bytes match the requested language — false
// means the resolver should communicate "fallback" to the UI.
func fetchSubmissionSkeletonBytesForLang(ctx context.Context, lang string) ([]byte, string, bool, error) {
if lang == "en" {
entry, ok := fileRegistry[skeletonSubmissionENSlug]
if ok {
ce := getCacheEntry(skeletonSubmissionENSlug)
ce.mu.RLock()
hasData := len(ce.data) > 0
needsCheck := time.Since(ce.lastChecked) >= checkInterval
ce.mu.RUnlock()
if !hasData {
if err := fileFetch(ce, entry); err == nil {
ce.mu.RLock()
if len(ce.data) > 0 {
out := make([]byte, len(ce.data))
copy(out, ce.data)
sha := ce.sha
ce.mu.RUnlock()
return out, sha, true, nil
}
ce.mu.RUnlock()
} else {
log.Printf("file proxy: EN skeleton fetch failed (%s): %v — falling back to DE", skeletonSubmissionENSlug, err)
}
} else {
if needsCheck {
go fileCheckAndRefresh(ce, entry)
}
ce.mu.RLock()
if len(ce.data) > 0 {
out := make([]byte, len(ce.data))
copy(out, ce.data)
sha := ce.sha
ce.mu.RUnlock()
return out, sha, true, nil
}
ce.mu.RUnlock()
}
}
}
// Fall through to the DE skeleton; bool=false flags that the
// returned bytes don't carry the requested language.
bytes, sha, err := fetchSubmissionSkeletonBytes(ctx)
if err != nil {
return nil, "", false, err
}
return bytes, sha, lang == "de", nil
}
// fetchSubmissionSkeletonBytes returns the cached universal skeleton
// template bytes plus its provenance SHA. Sits between the per-firm
// per-submission_code template (fetchSubmissionTemplateBytes) and the
@@ -430,37 +258,6 @@ func fetchFirmSkeletonBytes(ctx context.Context) ([]byte, string, error) {
return fetchSubmissionTemplateSlug(ctx, firmSkeletonSubmissionSlug)
}
// composerBaseSlugMap routes a Composer base.slug to the existing
// fileRegistry slug whose Gitea object backs it (t-paliad-313 Slice B).
// Slice A seeded two bases that already share .docx files with the v1
// fallback chain — no new Gitea uploads needed for those. Future bases
// (e.g. lg-duesseldorf, upc-formal in Slice E) register their own
// fileRegistry entries via the same shape and add a row here.
var composerBaseSlugMap = map[string]string{
"hlc-letterhead": firmSkeletonSubmissionSlug,
"neutral": skeletonSubmissionSlug,
"lg-duesseldorf": composerBaseLGDuesseldorfSlug,
"upc-formal": composerBaseUPCFormalSlug,
}
// fetchComposerBaseBytes returns the .docx bytes for a Composer base,
// pulled from the shared Gitea proxy cache. ErrComposerBaseNotProxied
// when the slug has no registered fileRegistry entry — a base authored
// without a file-registry mapping (rare; admin oversight) renders as
// "Vorlagenbasis nicht erreichbar" upstream of this call.
var ErrComposerBaseNotProxied = errors.New("composer base: Gitea slug not registered")
func fetchComposerBaseBytes(ctx context.Context, base *services.SubmissionBase) ([]byte, string, error) {
if base == nil {
return nil, "", fmt.Errorf("composer base: nil base")
}
slug, ok := composerBaseSlugMap[base.Slug]
if !ok {
return nil, "", fmt.Errorf("%w: base slug %q", ErrComposerBaseNotProxied, base.Slug)
}
return fetchSubmissionTemplateSlug(ctx, slug)
}
// fetchSubmissionTemplateSlug is the shared cache-aware fetcher used by
// the firm-skeleton and universal-skeleton accessors. Factored out so
// the two paths can't drift apart on caching semantics.

16
internal/handlers/fristenrechner.go
View File

@@ -63,20 +63,6 @@ func handleFristenrechnerAPI(w http.ResponseWriter, r *http.Request) {
// wins (what-if exploration overrides the saved state).
ProjectID string `json:"projectId,omitempty"`
PerCardChoices []services.UpsertEventChoiceInput `json:"perCardChoices,omitempty"`
// t-paliad-290 (m/paliad#122): re-surface previously-hidden
// optional cards. When true the calculator marks skipped rows
// with UIDeadline.IsHidden instead of dropping them; descendants
// stay in the result list. Default false preserves the legacy
// suppression. HiddenCount on the response is independent.
IncludeHidden bool `json:"includeHidden,omitempty"`
// Slice B1 / m/paliad#124 §18.1: narrows the unified UPC
// Berufung (upc.apl) timeline to the rule subset whose
// applies_to_target contains the requested slug. Empty = no
// filter. Valid values: endentscheidung | kostenentscheidung
// | anordnung | schadensbemessung | bucheinsicht. Unknown
// slugs are silently dropped (no filter) so a stale frontend
// chip doesn't 400 the request.
AppealTarget string `json:"appealTarget,omitempty"`
}
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
writeJSON(w, http.StatusBadRequest, map[string]string{"error": "Ungültige Anfrage"})
@@ -123,8 +109,6 @@ func handleFristenrechnerAPI(w http.ResponseWriter, r *http.Request) {
PerCardAppellant: addendum.PerCardAppellant,
SkipRules: addendum.SkipRules,
IncludeCCRFor: addendum.IncludeCCRFor,
IncludeHidden: req.IncludeHidden,
AppealTarget: req.AppealTarget,
})
if err != nil {
if errors.Is(err, services.ErrUnknownProceedingType) {

151
internal/handlers/handlers.go
View File

@@ -1,13 +1,9 @@
package handlers
import (
"context"
"encoding/json"
"net/http"
"strings"
"time"
"github.com/jmoiron/sqlx"
"mgit.msbls.de/m/paliad/internal/auth"
"mgit.msbls.de/m/paliad/internal/services"
@@ -54,12 +50,6 @@ func noCachePages(h http.Handler) http.Handler {
// Services bundles the Phase B + C database-backed services. Pass nil if
// DATABASE_URL was unset; the matter-management endpoints will return 503.
type Services struct {
// Pool is the raw connection pool. Held so the readiness probe
// (/health/ready) can ping it without going through any individual
// service. nil when DATABASE_URL was unset — in that case
// /health/ready returns 503.
Pool *sqlx.DB
Project *services.ProjectService
Team *services.TeamService
PartnerUnit *services.PartnerUnitService
@@ -116,27 +106,10 @@ type Services struct {
// t-paliad-238 — dedicated Submissions/Schriftsätze editor.
SubmissionDraft *services.SubmissionDraftService
// t-paliad-313 (m/paliad#141) Composer Slice A + B — base catalog,
// per-draft section rows, render-pipeline assembler. All three
// nil in DATABASE_URL-less deploys (the Composer surfaces return
// 503 / hide the picker).
SubmissionBase *services.BaseService
SubmissionSection *services.SectionService
SubmissionComposer *services.SubmissionComposer
// t-paliad-315 Composer Slice C — building-block library + admin
// editor. Per Q2: paste sources only, no lineage on sections.
SubmissionBuildingBlock *services.BuildingBlockService
// t-paliad-265 / m/paliad#96 — per-event-card optional choices on
// the Verfahrensablauf timeline.
EventChoice *services.EventChoiceService
// Slice D (m/paliad#124 §5, mig 145) — named scenario compositions
// per project or as abstract templates. Nil when DATABASE_URL is
// unset; the /api/scenarios routes return 503 in that case.
Scenario *services.ScenarioService
// Paliadin is wired when DATABASE_URL is set. The concrete backend
// is picked in cmd/server/main.go based on PALIADIN_REMOTE_HOST
// (remote → mRiver via SSH) or local tmux availability. Stays nil
@@ -199,13 +172,8 @@ func Register(mux *http.ServeMux, client *auth.Client, giteaAPIToken string, svc
projection: svc.Projection,
export: svc.Export,
backup: svc.Backup,
submissionDraft: svc.SubmissionDraft,
submissionBase: svc.SubmissionBase,
submissionSection: svc.SubmissionSection,
submissionComposer: svc.SubmissionComposer,
submissionBuildingBlock: svc.SubmissionBuildingBlock,
eventChoice: svc.EventChoice,
scenario: svc.Scenario,
submissionDraft: svc.SubmissionDraft,
eventChoice: svc.EventChoice,
}
}
@@ -220,38 +188,6 @@ func Register(mux *http.ServeMux, client *auth.Client, giteaAPIToken string, svc
_, _ = w.Write([]byte("ok\n"))
})
// Readiness probe. Public, no auth. Distinct from /healthz: this
// returns 200 only when the DB pool is reachable. Reaching Register
// at all implies db.ApplyMigrations succeeded (cmd/server/main.go
// calls it before constructing svc), so a 200 here means "migrations
// applied AND pool responsive" — the contract Dokploy / Traefik should
// gate on, not the bind-and-serve check that /healthz answers.
//
// Three outcomes:
// - svc == nil OR svc.Pool == nil → 503 (DB-less knowledge-platform
// deployments report not-ready so an external orchestrator can
// distinguish them from a full prod boot).
// - PingContext fails within 2 s → 503 (pool unreachable).
// - PingContext succeeds → 200 "ready".
//
// Used by docker-compose.yml's healthcheck (Slice B) and by the
// post-deploy verification step in .gitea/workflows/test.yaml.
mux.HandleFunc("GET /health/ready", func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Cache-Control", "no-store")
w.Header().Set("Content-Type", "text/plain; charset=utf-8")
if svc == nil || svc.Pool == nil {
http.Error(w, "db not configured\n", http.StatusServiceUnavailable)
return
}
ctx, cancel := context.WithTimeout(r.Context(), 2*time.Second)
defer cancel()
if err := svc.Pool.PingContext(ctx); err != nil {
http.Error(w, "db unreachable\n", http.StatusServiceUnavailable)
return
}
_, _ = w.Write([]byte("ready\n"))
})
// API endpoints (JSON, public)
mux.HandleFunc("POST /api/login", handleAPILogin)
mux.HandleFunc("POST /api/register", handleAPIRegister)
@@ -424,18 +360,6 @@ func Register(mux *http.ServeMux, client *auth.Client, giteaAPIToken string, svc
protected.HandleFunc("PATCH /api/submission-drafts/{draft_id}", handleGlobalPatchSubmissionDraft)
protected.HandleFunc("DELETE /api/submission-drafts/{draft_id}", handleGlobalDeleteSubmissionDraft)
protected.HandleFunc("POST /api/submission-drafts/{draft_id}/export", handleGlobalExportSubmissionDraft)
// t-paliad-313 (m/paliad#141) Composer Slice A — base catalog for
// the sidebar picker. Wide-open SELECT (any authenticated user);
// admin mutations are not exposed yet (Slice C).
protected.HandleFunc("GET /api/submission-bases", handleListSubmissionBases)
// t-paliad-313 (m/paliad#141) Composer Slice B — per-section PATCH
// for inline editor autosave. URL keyed on draft_id + section_id;
// owner-scoped via SubmissionDraftService.Get.
protected.HandleFunc("PATCH /api/submission-drafts/{draft_id}/sections/{section_id}", handlePatchSubmissionSection)
// t-paliad-315 (m/paliad#141) Composer Slice C — building blocks
// library. Lawyer-facing picker + paste mechanic.
protected.HandleFunc("GET /api/submission-building-blocks", handleListBuildingBlocks)
protected.HandleFunc("POST /api/submission-building-blocks/{block_id}/insert-into/{section_id}", handleInsertBlockIntoSection)
// t-paliad-277 / m/paliad#109 — refresh project-derived variables on
// the draft. Strips overrides for project.* / parties.* / deadline.*
// / procedural_event.* / rule.* prefixes and bumps last_imported_at.
@@ -480,15 +404,6 @@ func Register(mux *http.ServeMux, client *auth.Client, giteaAPIToken string, svc
protected.HandleFunc("PUT /api/projects/{id}/event-choices", handlePutProjectEventChoice)
protected.HandleFunc("DELETE /api/projects/{id}/event-choices/{submission_code}/{choice_kind}", handleDeleteProjectEventChoice)
// Slice D (m/paliad#124 §5, mig 145) — named scenario compositions
// per project or as abstract templates on /tools/verfahrensablauf.
protected.HandleFunc("GET /api/scenarios", handleScenariosList)
protected.HandleFunc("GET /api/scenarios/{id}", handleScenarioGet)
protected.HandleFunc("POST /api/scenarios", handleScenarioCreate)
protected.HandleFunc("PATCH /api/scenarios/{id}", handleScenarioPatch)
protected.HandleFunc("DELETE /api/scenarios/{id}", handleScenarioDelete)
protected.HandleFunc("PUT /api/projects/{id}/active-scenario", handleSetActiveScenario)
// Partner units (structural partner-led units; legacy "Dezernate").
protected.HandleFunc("GET /api/partner-units", handleListPartnerUnits)
protected.HandleFunc("POST /api/partner-units", handleCreatePartnerUnit)
@@ -501,7 +416,6 @@ func Register(mux *http.ServeMux, client *auth.Client, giteaAPIToken string, svc
// t-paliad-139 — set unit_role on a member.
protected.HandleFunc("PATCH /api/partner-units/{id}/members/{user_id}/role", handleSetUnitMemberRole)
protected.HandleFunc("GET /api/parties/search", handlePartiesSearch)
protected.HandleFunc("DELETE /api/parties/{id}", handleDeleteParty)
// Phase F — Appointments (appointments)
@@ -700,16 +614,6 @@ func Register(mux *http.ServeMux, client *auth.Client, giteaAPIToken string, svc
protected.HandleFunc("DELETE /api/admin/firm-dashboard-default", adminGate(users, handleDeleteFirmDashboardDefault))
protected.HandleFunc("POST /api/me/dashboard-layout/promote", adminGate(users, handlePromoteDashboardLayoutToFirmDefault))
// t-paliad-315 (m/paliad#141) Composer Slice C — admin building blocks editor.
protected.HandleFunc("GET /admin/submission-building-blocks", adminGate(users, gateOnboarded(handleAdminBuildingBlocksPage)))
protected.HandleFunc("GET /api/admin/submission-building-blocks", adminGate(users, handleAdminListBuildingBlocks))
protected.HandleFunc("POST /api/admin/submission-building-blocks", adminGate(users, handleAdminCreateBuildingBlock))
protected.HandleFunc("GET /api/admin/submission-building-blocks/{block_id}", adminGate(users, handleAdminGetBuildingBlock))
protected.HandleFunc("PATCH /api/admin/submission-building-blocks/{block_id}", adminGate(users, handleAdminUpdateBuildingBlock))
protected.HandleFunc("DELETE /api/admin/submission-building-blocks/{block_id}", adminGate(users, handleAdminDeleteBuildingBlock))
protected.HandleFunc("GET /api/admin/submission-building-blocks/{block_id}/versions", adminGate(users, handleAdminListBuildingBlockVersions))
protected.HandleFunc("POST /api/admin/submission-building-blocks/{block_id}/restore/{version_id}", adminGate(users, handleAdminRestoreBuildingBlockVersion))
protected.HandleFunc("GET /api/admin/email-templates", adminGate(users, handleAdminListEmailTemplates))
protected.HandleFunc("GET /api/admin/email-templates/{key}/variables", adminGate(users, handleAdminEmailTemplateVariables))
protected.HandleFunc("GET /api/admin/email-templates/{key}/{lang}", adminGate(users, handleAdminGetEmailTemplate))
@@ -722,43 +626,20 @@ func Register(mux *http.ServeMux, client *auth.Client, giteaAPIToken string, svc
// t-paliad-089 — admin Event-Type moderation panel.
// t-paliad-191 Slice 11a — admin rule-editor API.
// t-paliad-192 Slice 11b — admin rule-editor UI pages + orphan list/resolve.
// Slice B.6 (t-paliad-305) — canonical URL paths under
// /admin/procedural-events with 301 redirects from the legacy
// /admin/rules paths so existing bookmarks and audit-log
// entries continue to resolve. New paths point at the same
// handlers; the canonical-URL name aligns with the umbrella
// term locked in Slice A.
protected.HandleFunc("GET /admin/procedural-events", adminGate(users, gateOnboarded(handleAdminRulesListPage)))
protected.HandleFunc("GET /admin/procedural-events/{id}/edit", adminGate(users, gateOnboarded(handleAdminRulesEditPage)))
protected.HandleFunc("GET /admin/api/procedural-events", adminGate(users, handleAdminListRules))
protected.HandleFunc("GET /admin/api/procedural-events/{id}", adminGate(users, handleAdminGetRule))
protected.HandleFunc("POST /admin/api/procedural-events", adminGate(users, handleAdminCreateRule))
protected.HandleFunc("PATCH /admin/api/procedural-events/{id}", adminGate(users, handleAdminPatchRule))
protected.HandleFunc("POST /admin/api/procedural-events/{id}/clone-as-draft", adminGate(users, handleAdminCloneAsDraft))
protected.HandleFunc("POST /admin/api/procedural-events/{id}/publish", adminGate(users, handleAdminPublishRule))
protected.HandleFunc("POST /admin/api/procedural-events/{id}/archive", adminGate(users, handleAdminArchiveRule))
protected.HandleFunc("POST /admin/api/procedural-events/{id}/restore", adminGate(users, handleAdminRestoreRule))
protected.HandleFunc("GET /admin/api/procedural-events/{id}/audit", adminGate(users, handleAdminGetRuleAudit))
protected.HandleFunc("GET /admin/api/procedural-events/{id}/preview", adminGate(users, handleAdminPreviewRule))
// Legacy /admin/rules paths — 301 redirect to the canonical
// /admin/procedural-events paths. One-slice deprecation window
// per design §8.2 (B.6 optional; m authorised the rename
// 2026-05-26). After the next slice that audits external
// references, these can be retired entirely.
protected.HandleFunc("GET /admin/rules", adminGate(users, redirectToProceduralEvents("/admin/procedural-events")))
protected.HandleFunc("GET /admin/rules/{id}/edit", adminGate(users, redirectToProceduralEventEdit))
protected.HandleFunc("GET /admin/api/rules", adminGate(users, redirectToProceduralEvents("/admin/api/procedural-events")))
protected.HandleFunc("GET /admin/api/rules/{id}", adminGate(users, redirectToProceduralEventAPI("")))
protected.HandleFunc("POST /admin/api/rules", adminGate(users, redirectToProceduralEvents("/admin/api/procedural-events")))
protected.HandleFunc("PATCH /admin/api/rules/{id}", adminGate(users, redirectToProceduralEventAPI("")))
protected.HandleFunc("POST /admin/api/rules/{id}/clone-as-draft", adminGate(users, redirectToProceduralEventAPI("/clone-as-draft")))
protected.HandleFunc("POST /admin/api/rules/{id}/publish", adminGate(users, redirectToProceduralEventAPI("/publish")))
protected.HandleFunc("POST /admin/api/rules/{id}/archive", adminGate(users, redirectToProceduralEventAPI("/archive")))
protected.HandleFunc("POST /admin/api/rules/{id}/restore", adminGate(users, redirectToProceduralEventAPI("/restore")))
protected.HandleFunc("GET /admin/api/rules/{id}/audit", adminGate(users, redirectToProceduralEventAPI("/audit")))
protected.HandleFunc("GET /admin/api/rules/{id}/preview", adminGate(users, redirectToProceduralEventAPI("/preview")))
protected.HandleFunc("GET /admin/rules", adminGate(users, gateOnboarded(handleAdminRulesListPage)))
protected.HandleFunc("GET /admin/rules/export", adminGate(users, gateOnboarded(handleAdminRulesExportPage)))
protected.HandleFunc("GET /admin/rules/{id}/edit", adminGate(users, gateOnboarded(handleAdminRulesEditPage)))
protected.HandleFunc("GET /admin/api/rules", adminGate(users, handleAdminListRules))
protected.HandleFunc("GET /admin/api/rules/export-migrations", adminGate(users, handleAdminExportRuleMigrations))
protected.HandleFunc("GET /admin/api/rules/{id}", adminGate(users, handleAdminGetRule))
protected.HandleFunc("POST /admin/api/rules", adminGate(users, handleAdminCreateRule))
protected.HandleFunc("PATCH /admin/api/rules/{id}", adminGate(users, handleAdminPatchRule))
protected.HandleFunc("POST /admin/api/rules/{id}/clone-as-draft", adminGate(users, handleAdminCloneAsDraft))
protected.HandleFunc("POST /admin/api/rules/{id}/publish", adminGate(users, handleAdminPublishRule))
protected.HandleFunc("POST /admin/api/rules/{id}/archive", adminGate(users, handleAdminArchiveRule))
protected.HandleFunc("POST /admin/api/rules/{id}/restore", adminGate(users, handleAdminRestoreRule))
protected.HandleFunc("GET /admin/api/rules/{id}/audit", adminGate(users, handleAdminGetRuleAudit))
protected.HandleFunc("GET /admin/api/rules/{id}/preview", adminGate(users, handleAdminPreviewRule))
protected.HandleFunc("GET /admin/api/orphans", adminGate(users, handleAdminListOrphans))
protected.HandleFunc("POST /admin/api/orphans/{id}/resolve", adminGate(users, handleAdminResolveOrphan))

9
internal/handlers/paliadin.go
View File

@@ -24,7 +24,6 @@ import (
"encoding/json"
"errors"
"fmt"
"log"
"net/http"
"strconv"
"strings"
@@ -361,8 +360,6 @@ func runStreamingTurn(turnID uuid.UUID, req services.TurnRequest, ch chan<- turn
convID = ev.ConversationID
case services.StreamError:
errorEmitted = true
log.Printf("paliadin: stream error turn=%s code=%s retryable=%v message=%q",
turnID, ev.Code, ev.Retryable, ev.Message)
send(ch, turnEvent{
Kind: "error",
Data: map[string]any{
@@ -375,8 +372,6 @@ func runStreamingTurn(turnID uuid.UUID, req services.TurnRequest, ch chan<- turn
case <-silenceTicker.C:
elapsed := time.Since(lastEventAt)
if elapsed >= silenceTimeout {
log.Printf("paliadin: silence timeout turn=%s elapsed=%s (silenceTimeout=%s)",
turnID, elapsed, silenceTimeout)
send(ch, turnEvent{
Kind: "error",
Data: map[string]any{
@@ -424,8 +419,6 @@ func runStreamingTurn(turnID uuid.UUID, req services.TurnRequest, ch chan<- turn
}
}
if res.err != nil {
log.Printf("paliadin: backend returned error turn=%s err=%v errorEmittedAlready=%v",
turnID, res.err, errorEmitted)
if !errorEmitted {
send(ch, turnEvent{
Kind: "error",
@@ -439,8 +432,6 @@ func runStreamingTurn(turnID uuid.UUID, req services.TurnRequest, ch chan<- turn
}
result := res.result
if result == nil {
log.Printf("paliadin: backend returned nil result without error turn=%s errorEmittedAlready=%v",
turnID, errorEmitted)
// Shouldn't happen — backend contract returns either err
// or a result. Defensive bail.
if !errorEmitted {

36
internal/handlers/projects.go
View File

@@ -69,19 +69,8 @@ type dbServices struct {
// t-paliad-238 — submission draft editor.
submissionDraft *services.SubmissionDraftService
// t-paliad-313 — Composer base catalog + per-draft sections +
// (Slice B) the render pipeline assembling base + sections into a
// final .docx + (Slice C) building-block library.
submissionBase *services.BaseService
submissionSection *services.SectionService
submissionComposer *services.SubmissionComposer
submissionBuildingBlock *services.BuildingBlockService
// t-paliad-265 — per-event-card optional choices.
eventChoice *services.EventChoiceService
// Slice D — named scenario compositions (m/paliad#124 §5).
scenario *services.ScenarioService
}
var dbSvc *dbServices
@@ -712,31 +701,6 @@ func handleCreateParty(w http.ResponseWriter, r *http.Request) {
writeJSON(w, http.StatusCreated, p)
}
// GET /api/parties/search?q=...
//
// Cross-project party picker for the submission-draft editor
// (t-paliad-287). Returns up to 25 parties from every project the
// caller can see, matched by case-insensitive substring on name or
// representative. Empty q returns the 20 most-recently-updated rows so
// the picker isn't blank on first open. Visibility is enforced in the
// service layer via the same predicate every project-scoped read uses.
func handlePartiesSearch(w http.ResponseWriter, r *http.Request) {
if !requireDB(w) {
return
}
uid, ok := requireUser(w, r)
if !ok {
return
}
q := r.URL.Query().Get("q")
hits, err := dbSvc.parties.Search(r.Context(), uid, q, 25)
if err != nil {
writeServiceError(w, err)
return
}
writeJSON(w, http.StatusOK, map[string]any{"results": hits})
}
// DELETE /api/parties/{id}
func handleDeleteParty(w http.ResponseWriter, r *http.Request) {
if !requireDB(w) {

216
internal/handlers/scenarios.go
View File

@@ -1,216 +0,0 @@
package handlers
import (
"encoding/json"
"errors"
"net/http"
"github.com/google/uuid"
"mgit.msbls.de/m/paliad/internal/services"
lp "mgit.msbls.de/m/paliad/pkg/litigationplanner"
)
// Slice D (m/paliad#124 §5, mig 145) — REST endpoints for paliad.scenarios.
//
// Routes (registered in handlers.go):
//
// GET /api/scenarios?project=<id> — list project's scenarios
// GET /api/scenarios?abstract=true — list caller's abstract scenarios
// GET /api/scenarios/{id} — fetch one
// POST /api/scenarios — create
// PATCH /api/scenarios/{id} — partial update
// PUT /api/projects/{id}/active-scenario — set/clear active scenario
// DELETE /api/scenarios/{id} — remove
//
// All endpoints require auth; visibility is enforced by
// ScenarioService.requireProjectVisible / requireVisible.
func requireScenarioService(w http.ResponseWriter) bool {
if dbSvc == nil || dbSvc.scenario == nil {
writeJSON(w, http.StatusServiceUnavailable, map[string]string{
"error": "Szenarien sind vorübergehend nicht verfügbar (keine Datenbank).",
})
return false
}
return true
}
// scenarioErrorToStatus maps service errors to HTTP statuses. Mirrors
// the patterns in projects.go and event_choices.go.
func scenarioErrorToStatus(err error) (int, string) {
switch {
case errors.Is(err, lp.ErrUnknownScenario), errors.Is(err, services.ErrScenarioNotVisible):
return http.StatusNotFound, "Szenario nicht gefunden"
case errors.Is(err, services.ErrInvalidInput), errors.Is(err, lp.ErrInvalidScenario), errors.Is(err, lp.ErrScenarioNoPrimary):
return http.StatusBadRequest, err.Error()
}
return http.StatusInternalServerError, err.Error()
}
// handleScenariosList — GET /api/scenarios?project=<uuid> OR ?abstract=true.
func handleScenariosList(w http.ResponseWriter, r *http.Request) {
if !requireScenarioService(w) {
return
}
uid, ok := requireUser(w, r)
if !ok {
return
}
abstract := r.URL.Query().Get("abstract") == "true"
projectStr := r.URL.Query().Get("project")
switch {
case abstract:
out, err := dbSvc.scenario.ListAbstractForUser(r.Context(), uid)
if err != nil {
status, msg := scenarioErrorToStatus(err)
writeJSON(w, status, map[string]string{"error": msg})
return
}
writeJSON(w, http.StatusOK, out)
case projectStr != "":
pid, err := uuid.Parse(projectStr)
if err != nil {
writeJSON(w, http.StatusBadRequest, map[string]string{"error": "ungültige project ID"})
return
}
out, err := dbSvc.scenario.ListForProject(r.Context(), uid, pid)
if err != nil {
status, msg := scenarioErrorToStatus(err)
writeJSON(w, status, map[string]string{"error": msg})
return
}
writeJSON(w, http.StatusOK, out)
default:
writeJSON(w, http.StatusBadRequest, map[string]string{
"error": "?project=<uuid> oder ?abstract=true erforderlich",
})
}
}
// handleScenarioGet — GET /api/scenarios/{id}.
func handleScenarioGet(w http.ResponseWriter, r *http.Request) {
if !requireScenarioService(w) {
return
}
uid, ok := requireUser(w, r)
if !ok {
return
}
id, err := uuid.Parse(r.PathValue("id"))
if err != nil {
writeJSON(w, http.StatusBadRequest, map[string]string{"error": "ungültige ID"})
return
}
out, err := dbSvc.scenario.Get(r.Context(), uid, id)
if err != nil {
status, msg := scenarioErrorToStatus(err)
writeJSON(w, status, map[string]string{"error": msg})
return
}
writeJSON(w, http.StatusOK, out)
}
// handleScenarioCreate — POST /api/scenarios.
func handleScenarioCreate(w http.ResponseWriter, r *http.Request) {
if !requireScenarioService(w) {
return
}
uid, ok := requireUser(w, r)
if !ok {
return
}
var input services.CreateScenarioInput
if err := json.NewDecoder(r.Body).Decode(&input); err != nil {
writeJSON(w, http.StatusBadRequest, map[string]string{"error": "ungültige Anfrage"})
return
}
out, err := dbSvc.scenario.Create(r.Context(), uid, input)
if err != nil {
status, msg := scenarioErrorToStatus(err)
writeJSON(w, status, map[string]string{"error": msg})
return
}
writeJSON(w, http.StatusCreated, out)
}
// handleScenarioPatch — PATCH /api/scenarios/{id}.
func handleScenarioPatch(w http.ResponseWriter, r *http.Request) {
if !requireScenarioService(w) {
return
}
uid, ok := requireUser(w, r)
if !ok {
return
}
id, err := uuid.Parse(r.PathValue("id"))
if err != nil {
writeJSON(w, http.StatusBadRequest, map[string]string{"error": "ungültige ID"})
return
}
var input services.PatchScenarioInput
if err := json.NewDecoder(r.Body).Decode(&input); err != nil {
writeJSON(w, http.StatusBadRequest, map[string]string{"error": "ungültige Anfrage"})
return
}
out, err := dbSvc.scenario.Patch(r.Context(), uid, id, input)
if err != nil {
status, msg := scenarioErrorToStatus(err)
writeJSON(w, status, map[string]string{"error": msg})
return
}
writeJSON(w, http.StatusOK, out)
}
// handleScenarioDelete — DELETE /api/scenarios/{id}.
func handleScenarioDelete(w http.ResponseWriter, r *http.Request) {
if !requireScenarioService(w) {
return
}
uid, ok := requireUser(w, r)
if !ok {
return
}
id, err := uuid.Parse(r.PathValue("id"))
if err != nil {
writeJSON(w, http.StatusBadRequest, map[string]string{"error": "ungültige ID"})
return
}
if err := dbSvc.scenario.Delete(r.Context(), uid, id); err != nil {
status, msg := scenarioErrorToStatus(err)
writeJSON(w, status, map[string]string{"error": msg})
return
}
w.WriteHeader(http.StatusNoContent)
}
// handleSetActiveScenario — PUT /api/projects/{id}/active-scenario.
// Body: {"scenario_id": "<uuid>"} or {"scenario_id": null} to clear.
func handleSetActiveScenario(w http.ResponseWriter, r *http.Request) {
if !requireScenarioService(w) {
return
}
uid, ok := requireUser(w, r)
if !ok {
return
}
pid, err := uuid.Parse(r.PathValue("id"))
if err != nil {
writeJSON(w, http.StatusBadRequest, map[string]string{"error": "ungültige project ID"})
return
}
var body struct {
ScenarioID *uuid.UUID `json:"scenario_id"`
}
if err := json.NewDecoder(r.Body).Decode(&body); err != nil {
writeJSON(w, http.StatusBadRequest, map[string]string{"error": "ungültige Anfrage"})
return
}
if err := dbSvc.scenario.SetActive(r.Context(), uid, pid, body.ScenarioID); err != nil {
status, msg := scenarioErrorToStatus(err)
writeJSON(w, status, map[string]string{"error": msg})
return
}
w.WriteHeader(http.StatusNoContent)
}

96
internal/handlers/submission_bases.go
View File

@@ -1,96 +0,0 @@
package handlers
// Submission base catalog handler — Composer Slice A (t-paliad-313,
// m/paliad#141, design doc docs/design-submission-generator-v2-2026-05-26.md
// §5.1 / Slice A acceptance).
//
// Endpoint: GET /api/submission-bases → list of active bases visible
// to the requesting firm. The sidebar picker on the draft editor reads
// this once on page load and caches in-memory; the response shape is
// stable across the picker's lifetime.
//
// Visibility: the catalog is shared firm-wide (per the design + mig
// 146's wide-open RLS SELECT policy). The handler still requires
// authentication; anonymous users 401.
//
// Filtering: the response includes the firm's own bases AND the
// firm-agnostic ones (firm IS NULL). The Go service-side filter passes
// branding.Name as the firm hint; cross-firm cases (e.g. a future
// non-HLC deployment) get their own filtered slice naturally.
import (
"net/http"
"mgit.msbls.de/m/paliad/internal/branding"
"mgit.msbls.de/m/paliad/internal/services"
)
// submissionBaseRow is the on-the-wire shape returned by the list
// endpoint. Mirrors services.SubmissionBase but drops the raw bytes
// and exposes the parsed section spec inline so the picker can show a
// preview of the default section count without an extra round-trip.
type submissionBaseRow struct {
ID string `json:"id"`
Slug string `json:"slug"`
Firm *string `json:"firm,omitempty"`
ProceedingFamily *string `json:"proceeding_family,omitempty"`
LabelDE string `json:"label_de"`
LabelEN string `json:"label_en"`
DescriptionDE *string `json:"description_de,omitempty"`
DescriptionEN *string `json:"description_en,omitempty"`
GiteaPath string `json:"gitea_path"`
IsDefaultFor []string `json:"is_default_for"`
IsActive bool `json:"is_active"`
SectionCount int `json:"section_count"`
}
type submissionBaseListResponse struct {
Bases []submissionBaseRow `json:"bases"`
}
// handleListSubmissionBases backs GET /api/submission-bases.
func handleListSubmissionBases(w http.ResponseWriter, r *http.Request) {
if !requireDB(w) {
return
}
if _, ok := requireUser(w, r); !ok {
return
}
if dbSvc.submissionBase == nil {
writeJSON(w, http.StatusServiceUnavailable, map[string]string{
"error": "submission bases not configured",
})
return
}
rows, err := dbSvc.submissionBase.List(r.Context(), branding.Name)
if err != nil {
writeServiceError(w, err)
return
}
out := make([]submissionBaseRow, 0, len(rows))
for i := range rows {
out = append(out, baseRowFromService(&rows[i]))
}
writeJSON(w, http.StatusOK, submissionBaseListResponse{Bases: out})
}
// baseRowFromService projects a services.SubmissionBase into the
// on-the-wire row shape.
func baseRowFromService(b *services.SubmissionBase) submissionBaseRow {
return submissionBaseRow{
ID: b.ID.String(),
Slug: b.Slug,
Firm: b.Firm,
ProceedingFamily: b.ProceedingFamily,
LabelDE: b.LabelDE,
LabelEN: b.LabelEN,
DescriptionDE: b.DescriptionDE,
DescriptionEN: b.DescriptionEN,
GiteaPath: b.GiteaPath,
IsDefaultFor: b.IsDefaultFor,
IsActive: b.IsActive,
SectionCount: len(b.SectionSpec.Defaults),
}
}

482
internal/handlers/submission_building_blocks.go
View File

@@ -1,482 +0,0 @@
package handlers
// Composer building-block handlers — t-paliad-315 Slice C.
//
// Two surfaces:
//
// 1. Lawyer-facing picker (any authenticated user):
// GET /api/submission-building-blocks?section_key=…&proceeding_family=…&q=…
// POST /api/submission-building-blocks/{block_id}/insert-into/{section_id}
//
// The picker list is visibility-tier-filtered (private/team/firm/
// global) at the service layer. Insert is the paste mechanic
// ratified by Q2 (m, 2026-05-26): plain text copy of
// content_md_<lang> into submission_sections.content_md_<lang>.
// No lineage stamped on the section.
//
// 2. Admin editor (adminGate via auth.RequireAdminFunc):
// GET /api/admin/submission-building-blocks
// POST /api/admin/submission-building-blocks
// GET /api/admin/submission-building-blocks/{block_id}
// PATCH /api/admin/submission-building-blocks/{block_id}
// DELETE /api/admin/submission-building-blocks/{block_id}
// GET /api/admin/submission-building-blocks/{block_id}/versions
// POST /api/admin/submission-building-blocks/{block_id}/restore/{version_id}
//
// Plus the page route /admin/submission-building-blocks (list +
// edit shell, hydrated client-side).
import (
"context"
"encoding/json"
"errors"
"net/http"
"strings"
"time"
"github.com/google/uuid"
"mgit.msbls.de/m/paliad/internal/services"
)
// blockJSON is the on-the-wire shape for both the picker and admin
// surfaces.
type buildingBlockJSON struct {
ID uuid.UUID `json:"id"`
Slug string `json:"slug"`
Firm *string `json:"firm,omitempty"`
SectionKey string `json:"section_key"`
ProceedingFamily *string `json:"proceeding_family,omitempty"`
TitleDE string `json:"title_de"`
TitleEN string `json:"title_en"`
DescriptionDE *string `json:"description_de,omitempty"`
DescriptionEN *string `json:"description_en,omitempty"`
ContentMDDE string `json:"content_md_de"`
ContentMDEN string `json:"content_md_en"`
AuthorID *uuid.UUID `json:"author_id,omitempty"`
Visibility string `json:"visibility"`
IsPublished bool `json:"is_published"`
CreatedAt time.Time `json:"created_at"`
UpdatedAt time.Time `json:"updated_at"`
}
type buildingBlockListResponse struct {
Blocks []buildingBlockJSON `json:"blocks"`
}
// blockJSONFromService projects services.BuildingBlock into the wire shape.
func blockJSONFromService(b *services.BuildingBlock) buildingBlockJSON {
return buildingBlockJSON{
ID: b.ID,
Slug: b.Slug,
Firm: b.Firm,
SectionKey: b.SectionKey,
ProceedingFamily: b.ProceedingFamily,
TitleDE: b.TitleDE,
TitleEN: b.TitleEN,
DescriptionDE: b.DescriptionDE,
DescriptionEN: b.DescriptionEN,
ContentMDDE: b.ContentMDDE,
ContentMDEN: b.ContentMDEN,
AuthorID: b.AuthorID,
Visibility: b.Visibility,
IsPublished: b.IsPublished,
CreatedAt: b.CreatedAt,
UpdatedAt: b.UpdatedAt,
}
}
// ─────────────────────────────────────────────────────────────────────
// Lawyer-facing picker
// ─────────────────────────────────────────────────────────────────────
func handleListBuildingBlocks(w http.ResponseWriter, r *http.Request) {
if !requireDB(w) {
return
}
uid, ok := requireUser(w, r)
if !ok {
return
}
if dbSvc.submissionBuildingBlock == nil {
writeJSON(w, http.StatusServiceUnavailable, map[string]string{"error": "building blocks not configured"})
return
}
q := r.URL.Query()
filter := services.BlockListFilter{
SectionKey: strings.TrimSpace(q.Get("section_key")),
ProceedingFamily: strings.TrimSpace(q.Get("proceeding_family")),
Search: strings.TrimSpace(q.Get("q")),
}
ctx, cancel := context.WithTimeout(r.Context(), 5*time.Second)
defer cancel()
rows, err := dbSvc.submissionBuildingBlock.ListVisible(ctx, uid, filter)
if err != nil {
writeServiceError(w, err)
return
}
out := make([]buildingBlockJSON, 0, len(rows))
for i := range rows {
out = append(out, blockJSONFromService(&rows[i]))
}
writeJSON(w, http.StatusOK, buildingBlockListResponse{Blocks: out})
}
func handleInsertBlockIntoSection(w http.ResponseWriter, r *http.Request) {
if !requireDB(w) {
return
}
uid, ok := requireUser(w, r)
if !ok {
return
}
if dbSvc.submissionBuildingBlock == nil || dbSvc.submissionSection == nil || dbSvc.submissionDraft == nil {
writeJSON(w, http.StatusServiceUnavailable, map[string]string{"error": "building blocks not configured"})
return
}
blockID, ok := parseUUIDPath(w, r, "block_id", "block id")
if !ok {
return
}
sectionID, ok := parseUUIDPath(w, r, "section_id", "section id")
if !ok {
return
}
ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
defer cancel()
// Visibility on the section: section.draft_id must point to a
// draft the caller owns. Composer Slice B's same owner gate.
sec, err := dbSvc.submissionSection.Get(ctx, sectionID)
if err != nil {
if errors.Is(err, services.ErrSubmissionSectionNotFound) {
writeJSON(w, http.StatusNotFound, map[string]string{"error": "section not found"})
return
}
writeServiceError(w, err)
return
}
if _, err := dbSvc.submissionDraft.Get(ctx, uid, sec.DraftID); err != nil {
writeSubmissionDraftServiceError(w, err)
return
}
updated, err := dbSvc.submissionBuildingBlock.InsertIntoSection(ctx, uid, blockID, sectionID, dbSvc.submissionSection)
if err != nil {
if errors.Is(err, services.ErrBuildingBlockNotFound) {
writeJSON(w, http.StatusNotFound, map[string]string{"error": "block not found"})
return
}
if errors.Is(err, services.ErrSubmissionSectionNotFound) {
writeJSON(w, http.StatusNotFound, map[string]string{"error": "section not found"})
return
}
writeServiceError(w, err)
return
}
writeJSON(w, http.StatusOK, sectionJSONFromService(updated))
}
// ─────────────────────────────────────────────────────────────────────
// Admin editor
// ─────────────────────────────────────────────────────────────────────
func handleAdminListBuildingBlocks(w http.ResponseWriter, r *http.Request) {
if !requireDB(w) {
return
}
if dbSvc.submissionBuildingBlock == nil {
writeJSON(w, http.StatusServiceUnavailable, map[string]string{"error": "building blocks not configured"})
return
}
ctx, cancel := context.WithTimeout(r.Context(), 5*time.Second)
defer cancel()
rows, err := dbSvc.submissionBuildingBlock.ListAllForAdmin(ctx)
if err != nil {
writeServiceError(w, err)
return
}
out := make([]buildingBlockJSON, 0, len(rows))
for i := range rows {
out = append(out, blockJSONFromService(&rows[i]))
}
writeJSON(w, http.StatusOK, buildingBlockListResponse{Blocks: out})
}
func handleAdminGetBuildingBlock(w http.ResponseWriter, r *http.Request) {
if !requireDB(w) {
return
}
if dbSvc.submissionBuildingBlock == nil {
writeJSON(w, http.StatusServiceUnavailable, map[string]string{"error": "building blocks not configured"})
return
}
blockID, ok := parseUUIDPath(w, r, "block_id", "block id")
if !ok {
return
}
ctx, cancel := context.WithTimeout(r.Context(), 5*time.Second)
defer cancel()
b, err := dbSvc.submissionBuildingBlock.GetForAdmin(ctx, blockID)
if err != nil {
if errors.Is(err, services.ErrBuildingBlockNotFound) {
writeJSON(w, http.StatusNotFound, map[string]string{"error": "block not found"})
return
}
writeServiceError(w, err)
return
}
writeJSON(w, http.StatusOK, blockJSONFromService(b))
}
type buildingBlockCreateInput struct {
Slug string `json:"slug"`
Firm *string `json:"firm,omitempty"`
SectionKey string `json:"section_key"`
ProceedingFamily *string `json:"proceeding_family,omitempty"`
TitleDE string `json:"title_de"`
TitleEN string `json:"title_en"`
DescriptionDE *string `json:"description_de,omitempty"`
DescriptionEN *string `json:"description_en,omitempty"`
ContentMDDE string `json:"content_md_de"`
ContentMDEN string `json:"content_md_en"`
Visibility string `json:"visibility"`
IsPublished bool `json:"is_published"`
}
func handleAdminCreateBuildingBlock(w http.ResponseWriter, r *http.Request) {
if !requireDB(w) {
return
}
uid, ok := requireUser(w, r)
if !ok {
return
}
if dbSvc.submissionBuildingBlock == nil {
writeJSON(w, http.StatusServiceUnavailable, map[string]string{"error": "building blocks not configured"})
return
}
var in buildingBlockCreateInput
if err := json.NewDecoder(r.Body).Decode(&in); err != nil {
writeJSON(w, http.StatusBadRequest, map[string]string{"error": "invalid JSON"})
return
}
ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
defer cancel()
b, err := dbSvc.submissionBuildingBlock.Create(ctx, uid, services.CreateInput{
Slug: in.Slug,
Firm: in.Firm,
SectionKey: in.SectionKey,
ProceedingFamily: in.ProceedingFamily,
TitleDE: in.TitleDE,
TitleEN: in.TitleEN,
DescriptionDE: in.DescriptionDE,
DescriptionEN: in.DescriptionEN,
ContentMDDE: in.ContentMDDE,
ContentMDEN: in.ContentMDEN,
Visibility: in.Visibility,
IsPublished: in.IsPublished,
})
if err != nil {
if errors.Is(err, services.ErrInvalidInput) || errors.Is(err, services.ErrBuildingBlockInvalidVisibility) {
writeJSON(w, http.StatusBadRequest, map[string]string{"error": err.Error()})
return
}
writeServiceError(w, err)
return
}
writeJSON(w, http.StatusCreated, blockJSONFromService(b))
}
type buildingBlockUpdateInput struct {
Slug *string `json:"slug,omitempty"`
Firm *string `json:"firm,omitempty"`
FirmSet bool `json:"-"`
SectionKey *string `json:"section_key,omitempty"`
ProceedingFamily *string `json:"proceeding_family,omitempty"`
ProceedingFamilySet bool `json:"-"`
TitleDE *string `json:"title_de,omitempty"`
TitleEN *string `json:"title_en,omitempty"`
DescriptionDE *string `json:"description_de,omitempty"`
DescriptionDESet bool `json:"-"`
DescriptionEN *string `json:"description_en,omitempty"`
DescriptionENSet bool `json:"-"`
ContentMDDE *string `json:"content_md_de,omitempty"`
ContentMDEN *string `json:"content_md_en,omitempty"`
Visibility *string `json:"visibility,omitempty"`
IsPublished *bool `json:"is_published,omitempty"`
Note *string `json:"note,omitempty"`
}
func (u *buildingBlockUpdateInput) UnmarshalJSON(data []byte) error {
type alias buildingBlockUpdateInput
var a alias
if err := json.Unmarshal(data, &a); err != nil {
return err
}
*u = buildingBlockUpdateInput(a)
raw := map[string]json.RawMessage{}
if err := json.Unmarshal(data, &raw); err != nil {
return err
}
_, u.FirmSet = raw["firm"]
_, u.ProceedingFamilySet = raw["proceeding_family"]
_, u.DescriptionDESet = raw["description_de"]
_, u.DescriptionENSet = raw["description_en"]
return nil
}
func handleAdminUpdateBuildingBlock(w http.ResponseWriter, r *http.Request) {
if !requireDB(w) {
return
}
uid, ok := requireUser(w, r)
if !ok {
return
}
if dbSvc.submissionBuildingBlock == nil {
writeJSON(w, http.StatusServiceUnavailable, map[string]string{"error": "building blocks not configured"})
return
}
blockID, ok := parseUUIDPath(w, r, "block_id", "block id")
if !ok {
return
}
var in buildingBlockUpdateInput
if err := json.NewDecoder(r.Body).Decode(&in); err != nil {
writeJSON(w, http.StatusBadRequest, map[string]string{"error": "invalid JSON"})
return
}
patch := services.UpdatePatch{
Slug: in.Slug,
SectionKey: in.SectionKey,
TitleDE: in.TitleDE,
TitleEN: in.TitleEN,
ContentMDDE: in.ContentMDDE,
ContentMDEN: in.ContentMDEN,
Visibility: in.Visibility,
IsPublished: in.IsPublished,
Note: in.Note,
}
if in.FirmSet {
patch.Firm = &in.Firm
}
if in.ProceedingFamilySet {
patch.ProceedingFamily = &in.ProceedingFamily
}
if in.DescriptionDESet {
patch.DescriptionDE = &in.DescriptionDE
}
if in.DescriptionENSet {
patch.DescriptionEN = &in.DescriptionEN
}
ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
defer cancel()
b, err := dbSvc.submissionBuildingBlock.Update(ctx, uid, blockID, patch)
if err != nil {
if errors.Is(err, services.ErrBuildingBlockNotFound) {
writeJSON(w, http.StatusNotFound, map[string]string{"error": "block not found"})
return
}
if errors.Is(err, services.ErrBuildingBlockInvalidVisibility) {
writeJSON(w, http.StatusBadRequest, map[string]string{"error": err.Error()})
return
}
writeServiceError(w, err)
return
}
writeJSON(w, http.StatusOK, blockJSONFromService(b))
}
func handleAdminDeleteBuildingBlock(w http.ResponseWriter, r *http.Request) {
if !requireDB(w) {
return
}
uid, ok := requireUser(w, r)
if !ok {
return
}
if dbSvc.submissionBuildingBlock == nil {
writeJSON(w, http.StatusServiceUnavailable, map[string]string{"error": "building blocks not configured"})
return
}
blockID, ok := parseUUIDPath(w, r, "block_id", "block id")
if !ok {
return
}
ctx, cancel := context.WithTimeout(r.Context(), 5*time.Second)
defer cancel()
if err := dbSvc.submissionBuildingBlock.SoftDelete(ctx, uid, blockID); err != nil {
if errors.Is(err, services.ErrBuildingBlockNotFound) {
writeJSON(w, http.StatusNotFound, map[string]string{"error": "block not found"})
return
}
writeServiceError(w, err)
return
}
writeJSON(w, http.StatusNoContent, nil)
}
func handleAdminListBuildingBlockVersions(w http.ResponseWriter, r *http.Request) {
if !requireDB(w) {
return
}
if dbSvc.submissionBuildingBlock == nil {
writeJSON(w, http.StatusServiceUnavailable, map[string]string{"error": "building blocks not configured"})
return
}
blockID, ok := parseUUIDPath(w, r, "block_id", "block id")
if !ok {
return
}
ctx, cancel := context.WithTimeout(r.Context(), 5*time.Second)
defer cancel()
rows, err := dbSvc.submissionBuildingBlock.ListVersions(ctx, blockID)
if err != nil {
writeServiceError(w, err)
return
}
writeJSON(w, http.StatusOK, map[string]any{"versions": rows})
}
func handleAdminRestoreBuildingBlockVersion(w http.ResponseWriter, r *http.Request) {
if !requireDB(w) {
return
}
uid, ok := requireUser(w, r)
if !ok {
return
}
if dbSvc.submissionBuildingBlock == nil {
writeJSON(w, http.StatusServiceUnavailable, map[string]string{"error": "building blocks not configured"})
return
}
blockID, ok := parseUUIDPath(w, r, "block_id", "block id")
if !ok {
return
}
versionID, ok := parseUUIDPath(w, r, "version_id", "version id")
if !ok {
return
}
ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
defer cancel()
b, err := dbSvc.submissionBuildingBlock.RestoreVersion(ctx, uid, blockID, versionID)
if err != nil {
if errors.Is(err, services.ErrBuildingBlockNotFound) {
writeJSON(w, http.StatusNotFound, map[string]string{"error": "block or version not found"})
return
}
writeServiceError(w, err)
return
}
writeJSON(w, http.StatusOK, blockJSONFromService(b))
}
// handleAdminBuildingBlocksPage serves the admin editor shell. The
// client bundle hydrates the list + edit UI.
func handleAdminBuildingBlocksPage(w http.ResponseWriter, r *http.Request) {
http.ServeFile(w, r, "dist/admin-submission-building-blocks.html")
}

383
internal/handlers/submission_drafts.go
View File

@@ -68,26 +68,10 @@ type submissionDraftView struct {
Lang string `json:"lang"`
HasTemplate bool `json:"has_template"`
TemplateMissing bool `json:"template_missing,omitempty"`
// TemplateTier identifies which tier of resolveSubmissionTemplate
// produced the bytes — one of per_code_lang, per_code, skeleton_lang,
// skeleton, letterhead. Lets the editor distinguish a perfect
// per-firm match from a skeleton fallback. t-paliad-276.
TemplateTier string `json:"template_tier,omitempty"`
// LanguageFallback is true when the requested draft.language has no
// per-firm per-code template (e.g. EN draft falls back to the DE
// per-code template, or to the universal skeleton). UI surfaces a
// notice so the lawyer knows the rendered body lacks language-
// matched code-specific prose. t-paliad-276.
LanguageFallback bool `json:"language_fallback,omitempty"`
// AvailableParties is the project's full party roster (t-paliad-277)
// so the frontend can render the multi-select picker in one round-
// trip. Empty when the draft has no project attached.
AvailableParties []submissionDraftPartyJSON `json:"available_parties"`
// Sections is the per-draft section stack (t-paliad-313 Slice A).
// Slice A renders these read-only; the lawyer sees what the
// Composer seeded but can't yet edit prose. nil for pre-Composer
// drafts (base_id NULL, no submission_sections rows).
Sections []submissionSectionJSON `json:"sections"`
}
// submissionDraftPartyJSON is the minimal party row the editor sidebar
@@ -105,36 +89,13 @@ type submissionDraftJSON struct {
SubmissionCode string `json:"submission_code"`
UserID uuid.UUID `json:"user_id"`
Name string `json:"name"`
Language string `json:"language"`
Variables services.PlaceholderMap `json:"variables"`
SelectedParties []uuid.UUID `json:"selected_parties"`
LastExportedAt *time.Time `json:"last_exported_at,omitempty"`
LastExportedSHA *string `json:"last_exported_sha,omitempty"`
LastImportedAt *time.Time `json:"last_imported_at,omitempty"`
// BaseID — Composer base reference (t-paliad-313). NULL on
// pre-Composer drafts; the editor sidebar surfaces this in the
// base picker. PATCH accepts {"base_id": "<uuid>"} or
// {"base_id": null} to set or clear.
BaseID *uuid.UUID `json:"base_id"`
ComposerMeta map[string]any `json:"composer_meta"`
CreatedAt time.Time `json:"created_at"`
UpdatedAt time.Time `json:"updated_at"`
}
// submissionSectionJSON is the on-the-wire row for each per-draft
// section. Slice A renders these read-only — the lawyer sees the
// section stack but doesn't yet edit prose. Slice B makes content_md_*
// editable + adds the PATCH endpoint.
type submissionSectionJSON struct {
ID uuid.UUID `json:"id"`
SectionKey string `json:"section_key"`
OrderIndex int `json:"order_index"`
Kind string `json:"kind"`
LabelDE string `json:"label_de"`
LabelEN string `json:"label_en"`
Included bool `json:"included"`
ContentMDDE string `json:"content_md_de"`
ContentMDEN string `json:"content_md_en"`
CreatedAt time.Time `json:"created_at"`
UpdatedAt time.Time `json:"updated_at"`
}
type submissionRuleSummary struct {
@@ -158,42 +119,6 @@ type submissionDraftPatchInput struct {
Name *string `json:"name,omitempty"`
Variables *services.PlaceholderMap `json:"variables,omitempty"`
SelectedParties *[]uuid.UUID `json:"selected_parties,omitempty"`
Language *string `json:"language,omitempty"`
// BaseID accepts three states per the JSON contract:
// field absent → no change (json:"-")
// {"base_id": "<uuid>"} → set to picked base
// {"base_id": null} → clear (return to v1 fallback)
// We model this with a **uuid.UUID inside a custom UnmarshalJSON
// in case extends; for now the simpler `*uuid.UUID` + presence
// flag covers Slice A's set-base flow. Clearing is exposed but
// rarely used (the editor always picks a base; clearing is for
// admin-recovery flows).
BaseID *uuid.UUID `json:"base_id,omitempty"`
BaseIDSet bool `json:"-"`
}
// UnmarshalJSON on submissionDraftPatchInput sets BaseIDSet=true if
// the "base_id" key appears in the payload (regardless of whether
// the value is null or a uuid string). Lets the handler distinguish
// "field absent" (no change) from "field set to null" (clear).
func (p *submissionDraftPatchInput) UnmarshalJSON(data []byte) error {
// Phase 1: decode into a raw map to detect key presence.
raw := map[string]json.RawMessage{}
if err := json.Unmarshal(data, &raw); err != nil {
return err
}
// Phase 2: decode the typed fields. Use an alias to skip this
// custom UnmarshalJSON during the re-parse.
type alias submissionDraftPatchInput
var a alias
if err := json.Unmarshal(data, &a); err != nil {
return err
}
*p = submissionDraftPatchInput(a)
if _, ok := raw["base_id"]; ok {
p.BaseIDSet = true
}
return nil
}
// ─────────────────────────────────────────────────────────────────────
@@ -428,15 +353,7 @@ func handlePatchSubmissionDraft(w http.ResponseWriter, r *http.Request) {
return
}
patch := services.DraftPatch{
Name: input.Name,
Variables: input.Variables,
SelectedParties: input.SelectedParties,
Language: input.Language,
}
if input.BaseIDSet {
patch.BaseID = &input.BaseID
}
patch := services.DraftPatch{Name: input.Name, Variables: input.Variables, SelectedParties: input.SelectedParties}
d, err := dbSvc.submissionDraft.Update(r.Context(), uid, draftID, patch)
if err != nil {
writeSubmissionDraftServiceError(w, err)
@@ -517,7 +434,7 @@ func handlePreviewSubmissionDraft(w http.ResponseWriter, r *http.Request) {
writeSubmissionDraftServiceError(w, err)
return
}
tplBytes, _, _, err := resolveSubmissionTemplate(ctx, d.SubmissionCode, d.Language)
tplBytes, _, err := resolveSubmissionTemplate(ctx, d.SubmissionCode)
if err != nil {
log.Printf("submission_drafts: template fetch (draft=%s): %v", draftID, err)
writeJSON(w, http.StatusBadGateway, map[string]string{"error": "template upstream unreachable"})
@@ -566,10 +483,16 @@ func handleExportSubmissionDraft(w http.ResponseWriter, r *http.Request) {
writeSubmissionDraftServiceError(w, err)
return
}
docx, resolved, tplSHA, composerUsed, err := exportSubmissionDraft(ctx, d)
tplBytes, tplSHA, err := resolveSubmissionTemplate(ctx, d.SubmissionCode)
if err != nil {
log.Printf("submission_drafts: export (draft=%s): %v", draftID, err)
writeSubmissionExportError(w, err)
log.Printf("submission_drafts: export template fetch (draft=%s): %v", draftID, err)
writeJSON(w, http.StatusBadGateway, map[string]string{"error": "template upstream unreachable"})
return
}
docx, resolved, err := dbSvc.submissionDraft.Export(ctx, d, tplBytes)
if err != nil {
log.Printf("submission_drafts: export render (draft=%s): %v", draftID, err)
writeJSON(w, http.StatusInternalServerError, map[string]string{"error": "render failed"})
return
}
@@ -582,7 +505,7 @@ func handleExportSubmissionDraft(w http.ResponseWriter, r *http.Request) {
if err := dbSvc.submissionDraft.MarkExported(bgCtx, d.ID, tplSHA); err != nil {
log.Printf("submission_drafts: mark exported (draft=%s): %v", draftID, err)
}
if err := writeSubmissionDraftAuditRow(bgCtx, resolved.User, d, filename, tplSHA, composerUsed); err != nil {
if err := writeSubmissionDraftAuditRow(bgCtx, resolved.User, d, filename, tplSHA); err != nil {
log.Printf("submission_drafts: audit insert failed (draft=%s): %v", draftID, err)
}
if err := writeSubmissionDraftProjectEvent(bgCtx, d, resolved, filename); err != nil {
@@ -597,82 +520,6 @@ func handleExportSubmissionDraft(w http.ResponseWriter, r *http.Request) {
}
}
// exportSubmissionDraft is the shared render entry point used by both
// the project-scoped and global export handlers (t-paliad-313 Slice B).
// Branches on draft.BaseID: if set AND the base + bytes resolve, the
// Composer pipeline assembles the document; otherwise the v1
// template-only path stays the fallback. composerUsed = true means the
// metadata jsonb on the audit row carries "composer": true so admins
// can tell the two paths apart in the feed.
//
// Returns (bytes, resolved-bag, templateSHA, composerUsed, err).
func exportSubmissionDraft(ctx context.Context, d *services.SubmissionDraft) ([]byte, *services.SubmissionVarsResult, string, bool, error) {
if d.BaseID != nil && dbSvc.submissionBase != nil && dbSvc.submissionSection != nil && dbSvc.submissionComposer != nil {
base, err := dbSvc.submissionBase.GetByID(ctx, *d.BaseID)
switch {
case err == nil:
baseBytes, baseSHA, err := fetchComposerBaseBytes(ctx, base)
if err == nil {
sections, err := dbSvc.submissionSection.ListForDraft(ctx, d.ID)
if err != nil {
return nil, nil, "", false, fmt.Errorf("list sections: %w", err)
}
bag, resolved, err := dbSvc.submissionDraft.BuildRenderBag(ctx, d)
if err != nil {
return nil, nil, "", false, err
}
docx, err := dbSvc.submissionComposer.Compose(ctx, services.ComposeOptions{
Sections: sections,
Base: base,
BaseBytes: baseBytes,
Lang: resolved.Lang,
Vars: bag,
Missing: services.DefaultMissingMarker(resolved.Lang),
})
if err != nil {
return nil, nil, "", false, fmt.Errorf("composer: %w", err)
}
return docx, resolved, baseSHA, true, nil
}
log.Printf("submission_drafts: composer base bytes fetch failed (draft=%s base=%s): %v — falling back to v1 path", d.ID, base.Slug, err)
case errors.Is(err, services.ErrBaseNotFound):
log.Printf("submission_drafts: composer base missing (draft=%s base_id=%s) — falling back to v1 path", d.ID, *d.BaseID)
default:
return nil, nil, "", false, fmt.Errorf("composer base lookup: %w", err)
}
}
// v1 fallback: template-only render via resolveSubmissionTemplate +
// SubmissionDraftService.Export. Unchanged behaviour for
// pre-Composer drafts.
tplBytes, tplSHA, _, err := resolveSubmissionTemplate(ctx, d.SubmissionCode, d.Language)
if err != nil {
return nil, nil, "", false, fmt.Errorf("template upstream: %w", err)
}
docx, resolved, err := dbSvc.submissionDraft.Export(ctx, d, tplBytes)
if err != nil {
return nil, nil, "", false, fmt.Errorf("render: %w", err)
}
return docx, resolved, tplSHA, false, nil
}
// writeSubmissionExportError maps a render-time error to an HTTP
// response. The shape mirrors what the handlers used to inline.
func writeSubmissionExportError(w http.ResponseWriter, err error) {
if err == nil {
return
}
msg := err.Error()
switch {
case strings.Contains(msg, "template upstream"):
writeJSON(w, http.StatusBadGateway, map[string]string{"error": "template upstream unreachable"})
case strings.Contains(msg, "composer:") || strings.Contains(msg, "render:") || strings.Contains(msg, "list sections"):
writeJSON(w, http.StatusInternalServerError, map[string]string{"error": "render failed"})
default:
writeJSON(w, http.StatusInternalServerError, map[string]string{"error": "render failed"})
}
}
// handleSubmissionDraftPage serves dist/submission-draft.html for the
// dedicated draft editor at /projects/{id}/submissions/{code}/draft
// (and …/draft/{draft_id}). Project visibility is enforced server-side
@@ -839,7 +686,6 @@ func handleGetGlobalSubmissionDraft(w http.ResponseWriter, r *http.Request) {
type globalDraftPatchInput struct {
Name *string `json:"name,omitempty"`
Variables *services.PlaceholderMap `json:"variables,omitempty"`
Language *string `json:"language,omitempty"`
// projectIDProvided is true when the JSON included the "project_id"
// key (regardless of value); needed to distinguish "no change" from
// "set to null". Set by the custom UnmarshalJSON below.
@@ -848,21 +694,14 @@ type globalDraftPatchInput struct {
// SelectedParties: present-but-empty array resets to "all parties",
// present non-empty array restricts to subset, absent = no change.
SelectedParties *[]uuid.UUID `json:"selected_parties,omitempty"`
// BaseID + baseIDProvided mirror the ProjectID pattern — present
// (regardless of value) means "set"; absent means "no change". Set
// by UnmarshalJSON. t-paliad-313 Composer Slice A.
BaseID *uuid.UUID `json:"base_id,omitempty"`
baseIDProvided bool
}
func (g *globalDraftPatchInput) UnmarshalJSON(data []byte) error {
type alias struct {
Name *string `json:"name,omitempty"`
Variables *services.PlaceholderMap `json:"variables,omitempty"`
Language *string `json:"language,omitempty"`
ProjectID *uuid.UUID `json:"project_id,omitempty"`
SelectedParties *[]uuid.UUID `json:"selected_parties,omitempty"`
BaseID *uuid.UUID `json:"base_id,omitempty"`
}
var a alias
if err := json.Unmarshal(data, &a); err != nil {
@@ -870,18 +709,14 @@ func (g *globalDraftPatchInput) UnmarshalJSON(data []byte) error {
}
g.Name = a.Name
g.Variables = a.Variables
g.Language = a.Language
g.ProjectID = a.ProjectID
g.SelectedParties = a.SelectedParties
g.BaseID = a.BaseID
// Detect whether "project_id" / "base_id" were present in the JSON
// object.
// Detect whether "project_id" was present in the JSON object.
var raw map[string]json.RawMessage
if err := json.Unmarshal(data, &raw); err != nil {
return err
}
_, g.projectIDProvided = raw["project_id"]
_, g.baseIDProvided = raw["base_id"]
return nil
}
@@ -912,20 +747,11 @@ func handleGlobalPatchSubmissionDraft(w http.ResponseWriter, r *http.Request) {
return
}
patch := services.DraftPatch{
Name: in.Name,
Variables: in.Variables,
SelectedParties: in.SelectedParties,
Language: in.Language,
}
patch := services.DraftPatch{Name: in.Name, Variables: in.Variables, SelectedParties: in.SelectedParties}
if in.projectIDProvided {
pid := in.ProjectID // may be nil → detach
patch.ProjectID = &pid
}
if in.baseIDProvided {
bid := in.BaseID // may be nil → clear
patch.BaseID = &bid
}
d, err := dbSvc.submissionDraft.Update(r.Context(), uid, draftID, patch)
if err != nil {
@@ -1038,10 +864,16 @@ func handleGlobalExportSubmissionDraft(w http.ResponseWriter, r *http.Request) {
writeSubmissionDraftServiceError(w, err)
return
}
docx, resolved, tplSHA, composerUsed, err := exportSubmissionDraft(ctx, d)
tplBytes, tplSHA, err := resolveSubmissionTemplate(ctx, d.SubmissionCode)
if err != nil {
log.Printf("submission_drafts: export (draft=%s): %v", draftID, err)
writeSubmissionExportError(w, err)
log.Printf("submission_drafts: export template fetch (draft=%s): %v", draftID, err)
writeJSON(w, http.StatusBadGateway, map[string]string{"error": "template upstream unreachable"})
return
}
docx, resolved, err := dbSvc.submissionDraft.Export(ctx, d, tplBytes)
if err != nil {
log.Printf("submission_drafts: export render (draft=%s): %v", draftID, err)
writeJSON(w, http.StatusInternalServerError, map[string]string{"error": "render failed"})
return
}
@@ -1052,7 +884,7 @@ func handleGlobalExportSubmissionDraft(w http.ResponseWriter, r *http.Request) {
if err := dbSvc.submissionDraft.MarkExported(bgCtx, d.ID, tplSHA); err != nil {
log.Printf("submission_drafts: mark exported (draft=%s): %v", draftID, err)
}
if err := writeSubmissionDraftAuditRow(bgCtx, resolved.User, d, filename, tplSHA, composerUsed); err != nil {
if err := writeSubmissionDraftAuditRow(bgCtx, resolved.User, d, filename, tplSHA); err != nil {
log.Printf("submission_drafts: audit insert failed (draft=%s): %v", draftID, err)
}
if err := writeSubmissionDraftProjectEvent(bgCtx, d, resolved, filename); err != nil {
@@ -1094,30 +926,6 @@ func buildSubmissionDraftView(ctx context.Context, d *services.SubmissionDraft,
Lang: lang,
HasTemplate: true,
AvailableParties: []submissionDraftPartyJSON{},
Sections: []submissionSectionJSON{},
}
// Composer Slice A — surface seeded sections (read-only). Empty
// when the draft has no base + no section rows (pre-Composer
// drafts that haven't been auto-upgraded — that's Slice C).
if dbSvc.submissionSection != nil {
secs, err := dbSvc.submissionSection.ListForDraft(ctx, d.ID)
if err != nil {
return nil, err
}
for _, sec := range secs {
view.Sections = append(view.Sections, submissionSectionJSON{
ID: sec.ID,
SectionKey: sec.SectionKey,
OrderIndex: sec.OrderIndex,
Kind: sec.Kind,
LabelDE: sec.LabelDE,
LabelEN: sec.LabelEN,
Included: sec.Included,
ContentMDDE: sec.ContentMDDE,
ContentMDEN: sec.ContentMDEN,
})
}
}
merged, resolved, err := dbSvc.submissionDraft.BuildRenderBag(ctx, d)
@@ -1155,7 +963,7 @@ func buildSubmissionDraftView(ctx context.Context, d *services.SubmissionDraft,
view.Rule.LegalSourcePretty = merged["rule.legal_source_pretty"]
}
tplBytes, _, tier, err := resolveSubmissionTemplate(ctx, d.SubmissionCode, d.Language)
tplBytes, _, err := resolveSubmissionTemplate(ctx, d.SubmissionCode)
if err != nil {
log.Printf("submission_drafts: template fetch for view (draft=%s): %v", d.ID, err)
view.TemplateMissing = true
@@ -1163,12 +971,6 @@ func buildSubmissionDraftView(ctx context.Context, d *services.SubmissionDraft,
view.PreviewHTML = `<p class="preview-error">Vorlage konnte nicht geladen werden.</p>`
return view, nil
}
view.TemplateTier = string(tier)
// LanguageFallback signals "no per-firm template in the requested
// language" — the editor surfaces a notice so the lawyer knows the
// rendered body lacks code-specific prose. The per-code DE template
// counts as a fallback when the requested language is EN.
view.LanguageFallback = languageFallback(d.Language, tier)
html, err := dbSvc.submissionDraft.RenderPreview(ctx, d, tplBytes)
if err != nil {
return nil, err
@@ -1177,101 +979,52 @@ func buildSubmissionDraftView(ctx context.Context, d *services.SubmissionDraft,
return view, nil
}
// submissionTemplateTier enumerates which tier of the template
// fallback chain produced the bytes returned by resolveSubmissionTemplate.
// Used by the editor to surface "Fallback: universelles Skelett" when
// the requested (code, lang) didn't have a dedicated template.
type submissionTemplateTier string
const (
tplTierPerCodeLang submissionTemplateTier = "per_code_lang" // {firm}/{code}.{lang}.docx
tplTierPerCode submissionTemplateTier = "per_code" // {firm}/{code}.docx (unsuffixed)
tplTierSkeletonLang submissionTemplateTier = "skeleton_lang" // _skeleton.{lang}.docx
tplTierSkeleton submissionTemplateTier = "skeleton" // _skeleton.docx
tplTierLetterhead submissionTemplateTier = "letterhead" // HL Patents Style .dotm
)
// resolveSubmissionTemplate returns the .docx bytes for the given
// (submission_code, language). Merges t-paliad-275 (firm-skeleton tier)
// and t-paliad-276 (language-selector + EN skeleton tier). Lookup order:
// submission code. Lookup order matches the cronus design fallback chain
// §8 plus the t-paliad-259 universal-skeleton slot and the t-paliad-275
// firm-skeleton slot:
//
// 1. per-firm per-(code, lang) template — most specific. e.g.
// `de.inf.lg.erwidg.en.docx` for EN drafts. t-paliad-276.
// 2. per-firm per-code (unsuffixed) template — DE-baked baseline. The
// legacy registry shape from before the language selector landed.
// 3. universal language-matched skeleton — `_skeleton.en.docx` for EN
// drafts. Skipped for DE drafts (steps 4+5 already cover DE).
// 4. firm-formatted skeleton — `_firm-skeleton.docx` (t-paliad-275).
// HL paragraph + character styles + letterhead, full placeholder
// bag. DE-flavored: counts as language_fallback=true for EN drafts.
// 5. universal _skeleton.docx — plain DE skeleton, no firm styles.
// Backstop when the firm skeleton is unreachable.
// 6. universal HL Patents Style .dotm — macro-only letterhead, no
// placeholders. Last-ditch when every skeleton tier is unreachable.
// 1. per-firm per-submission_code template registered in
// submissionTemplateRegistry (e.g. de.inf.lg.erwidg.docx) — code-
// specific structure plus the full variable bag.
// 2. firm-formatted _firm-skeleton.docx — full HL paragraph + character
// styles (HLpat-Heading-H1..H5, HLpat-Body-B0, HLpat-Header-Section,
// HLpat-Table-Recitals-*, HLpat-Signature, …) preserved from the
// source .dotm, the firm letterhead header/footer, plus the full
// 48-key placeholder bag. Catches every code without a dedicated
// template so the editor still renders firm-branded output.
// 3. universal _skeleton.docx — same variable bag, no firm formatting.
// Backstop for when the firm skeleton is unreachable (e.g. a future
// firm hasn't authored one yet).
// 4. universal HL Patents Style .dotm — macro-only letterhead, no
// placeholders. Final fallback when even both skeletons are
// unreachable (mWorkRepo outage etc.). Preserves the
// pre-t-paliad-259 behaviour for resilience.
//
// The returned SHA pins the audit row's template provenance. The tier
// tells the editor whether the result language-matches the request so
// it can surface a "Fallback: universelles Skelett" notice.
func resolveSubmissionTemplate(ctx context.Context, submissionCode, lang string) ([]byte, string, submissionTemplateTier, error) {
if lang != "de" && lang != "en" {
lang = "de"
}
// 1. per-(code, lang)
if data, sha, found, err := fetchSubmissionTemplateBytesForLang(ctx, submissionCode, lang); err != nil {
return nil, "", "", err
} else if found {
return data, sha, tplTierPerCodeLang, nil
}
// 2. per-code (unsuffixed)
// The returned SHA is the cache entry's commit SHA so the export audit
// row can record provenance.
func resolveSubmissionTemplate(ctx context.Context, submissionCode string) ([]byte, string, error) {
if data, sha, found, err := fetchSubmissionTemplateBytes(ctx, submissionCode); err != nil {
return nil, "", "", err
return nil, "", err
} else if found {
return data, sha, tplTierPerCode, nil
return data, sha, nil
}
// 3. language-matched skeleton — only meaningful for EN drafts; DE
// drafts fall through to the firm/universal DE skeletons below.
if lang == "en" {
if data, sha, langMatched, err := fetchSubmissionSkeletonBytesForLang(ctx, lang); err == nil && langMatched {
return data, sha, tplTierSkeletonLang, nil
}
}
// 4. firm-formatted skeleton (HL styles, DE prose). For DE drafts
// this is a first-class match; for EN drafts it counts as a
// language fallback (handled by languageFallback()).
if data, sha, err := fetchFirmSkeletonBytes(ctx); err == nil {
return data, sha, tplTierSkeleton, nil
return data, sha, nil
} else {
log.Printf("submission_drafts: firm-skeleton fetch failed for code=%s lang=%s, falling back to universal skeleton: %v", submissionCode, lang, err)
log.Printf("submission_drafts: firm-skeleton fetch failed for code=%s, falling back to universal skeleton: %v", submissionCode, err)
}
// 5. universal plain DE skeleton.
if data, sha, err := fetchSubmissionSkeletonBytes(ctx); err == nil {
return data, sha, tplTierSkeleton, nil
return data, sha, nil
} else {
log.Printf("submission_drafts: skeleton fetch failed for code=%s lang=%s, falling back to HL Patents Style: %v", submissionCode, lang, err)
log.Printf("submission_drafts: skeleton fetch failed for code=%s, falling back to HL Patents Style: %v", submissionCode, err)
}
// 6. HL Patents Style letterhead (no placeholders, last-ditch).
bytes, err := fetchHLPatentsStyleBytes(ctx)
if err != nil {
return nil, "", "", err
return nil, "", err
}
sha := hlPatentsStyleSHA()
return bytes, sha, tplTierLetterhead, nil
}
// languageFallback reports whether the resolved template tier failed
// to match the requested draft language. For an EN draft, anything
// other than per_code_lang or skeleton_lang is a fallback (per_code is
// the legacy DE-baked template, skeleton is the DE skeleton). For a DE
// draft, only `letterhead` counts as a fallback — the DE skeleton and
// per-code template are both first-class DE outputs. t-paliad-276.
func languageFallback(lang string, tier submissionTemplateTier) bool {
if tier == tplTierLetterhead {
return true
}
if strings.EqualFold(lang, "en") {
return tier != tplTierPerCodeLang && tier != tplTierSkeletonLang
}
return false
return bytes, sha, nil
}
// hlPatentsStyleSHA reads the current cache SHA for the universal
@@ -1297,28 +1050,17 @@ func draftToJSON(d *services.SubmissionDraft) submissionDraftJSON {
if selected == nil {
selected = []uuid.UUID{}
}
lang := d.Language
if lang == "" {
lang = "de"
}
meta := d.ComposerMeta
if meta == nil {
meta = map[string]any{}
}
return submissionDraftJSON{
ID: d.ID,
ProjectID: d.ProjectID,
SubmissionCode: d.SubmissionCode,
UserID: d.UserID,
Name: d.Name,
Language: lang,
Variables: vars,
SelectedParties: selected,
LastExportedAt: d.LastExportedAt,
LastExportedSHA: d.LastExportedSHA,
LastImportedAt: d.LastImportedAt,
BaseID: d.BaseID,
ComposerMeta: meta,
CreatedAt: d.CreatedAt,
UpdatedAt: d.UpdatedAt,
}
@@ -1332,7 +1074,7 @@ func draftToJSON(d *services.SubmissionDraft) submissionDraftJSON {
// 'user' with scope_root = draft.user_id; the audit feed therefore
// surfaces these exports on the user's row rather than against a
// (non-existent) project.
func writeSubmissionDraftAuditRow(ctx context.Context, user *models.User, d *services.SubmissionDraft, filename, templateSHA string, composerUsed bool) error {
func writeSubmissionDraftAuditRow(ctx context.Context, user *models.User, d *services.SubmissionDraft, filename, templateSHA string) error {
meta := map[string]any{
"submission_code": d.SubmissionCode,
"draft_id": d.ID.String(),
@@ -1340,15 +1082,6 @@ func writeSubmissionDraftAuditRow(ctx context.Context, user *models.User, d *ser
"filename": filename,
"template_sha": templateSHA,
}
// t-paliad-313 Slice B — composer flag in metadata so admins can
// tell the two render paths apart in the audit feed without
// adding a new event_type.
if composerUsed {
meta["composer"] = true
if d.BaseID != nil {
meta["base_id"] = d.BaseID.String()
}
}
body, _ := json.Marshal(meta)
var (
actorID any

148
internal/handlers/submission_sections.go
View File

@@ -1,148 +0,0 @@
package handlers
// Submission section handlers — Composer Slice B (t-paliad-313). Backs
// the inline editor on /projects/{id}/submissions/{code}/draft/{draft_id}
// where the lawyer types prose into each section.
//
// Endpoint:
//
// PATCH /api/submission-drafts/{draft_id}/sections/{section_id}
//
// Body shape (all fields optional — absent = no change):
//
// {
// "content_md_de": "...",
// "content_md_en": "...",
// "included": true|false,
// "label_de": "...",
// "label_en": "...",
// "order_index": 3
// }
//
// Visibility: ownership of the draft is checked via
// SubmissionDraftService.Get (404 on no-access), then the section is
// fetched + verified to belong to that draft. The DB-side RLS policy
// (mig 148) enforces the same gate independently.
//
// Returns 200 + the refreshed section row on success.
//
// This is global-scoped (no /projects/{id}/ prefix) because the
// section's owning draft already carries the project_id; routing on
// section_id alone keeps the URL shape stable across project-scoped
// and project-less drafts.
import (
"context"
"encoding/json"
"errors"
"net/http"
"time"
"mgit.msbls.de/m/paliad/internal/services"
)
// submissionSectionPatchInput is the JSON shape accepted by PATCH.
type submissionSectionPatchInput struct {
ContentMDDE *string `json:"content_md_de,omitempty"`
ContentMDEN *string `json:"content_md_en,omitempty"`
Included *bool `json:"included,omitempty"`
LabelDE *string `json:"label_de,omitempty"`
LabelEN *string `json:"label_en,omitempty"`
OrderIndex *int `json:"order_index,omitempty"`
}
// submissionSectionPatchTimeout caps the round-trip.
const submissionSectionPatchTimeout = 10 * time.Second
func handlePatchSubmissionSection(w http.ResponseWriter, r *http.Request) {
if !requireDB(w) {
return
}
uid, ok := requireUser(w, r)
if !ok {
return
}
if dbSvc.submissionDraft == nil || dbSvc.submissionSection == nil {
writeJSON(w, http.StatusServiceUnavailable, map[string]string{"error": "submission sections not configured"})
return
}
draftID, ok := parseUUIDPath(w, r, "draft_id", "draft id")
if !ok {
return
}
sectionID, ok := parseUUIDPath(w, r, "section_id", "section id")
if !ok {
return
}
ctx, cancel := context.WithTimeout(r.Context(), submissionSectionPatchTimeout)
defer cancel()
// Owner-scope on the draft (RLS mirror; this gives us the typed
// 404 + the path for the "section belongs to a different draft"
// case below).
draft, err := dbSvc.submissionDraft.Get(ctx, uid, draftID)
if err != nil {
writeSubmissionDraftServiceError(w, err)
return
}
existing, err := dbSvc.submissionSection.Get(ctx, sectionID)
if err != nil {
if errors.Is(err, services.ErrSubmissionSectionNotFound) {
writeJSON(w, http.StatusNotFound, map[string]string{"error": "section not found"})
return
}
writeServiceError(w, err)
return
}
if existing.DraftID != draft.ID {
// Section exists but doesn't belong to this draft — surface as
// 404 to keep the "no fishing for foreign drafts" property.
writeJSON(w, http.StatusNotFound, map[string]string{"error": "section not found"})
return
}
var input submissionSectionPatchInput
if err := json.NewDecoder(r.Body).Decode(&input); err != nil {
writeJSON(w, http.StatusBadRequest, map[string]string{"error": "invalid JSON"})
return
}
patch := services.SectionPatch{
ContentMDDE: input.ContentMDDE,
ContentMDEN: input.ContentMDEN,
Included: input.Included,
LabelDE: input.LabelDE,
LabelEN: input.LabelEN,
OrderIndex: input.OrderIndex,
}
updated, err := dbSvc.submissionSection.Update(ctx, sectionID, patch)
if err != nil {
if errors.Is(err, services.ErrSubmissionSectionNotFound) {
writeJSON(w, http.StatusNotFound, map[string]string{"error": "section not found"})
return
}
writeServiceError(w, err)
return
}
writeJSON(w, http.StatusOK, sectionJSONFromService(updated))
}
// sectionJSONFromService projects a services.SubmissionSection into the
// JSON shape the editor consumes — the same shape buildSubmissionDraftView
// emits under .sections[].
func sectionJSONFromService(sec *services.SubmissionSection) submissionSectionJSON {
return submissionSectionJSON{
ID: sec.ID,
SectionKey: sec.SectionKey,
OrderIndex: sec.OrderIndex,
Kind: sec.Kind,
LabelDE: sec.LabelDE,
LabelEN: sec.LabelEN,
Included: sec.Included,
ContentMDDE: sec.ContentMDDE,
ContentMDEN: sec.ContentMDEN,
}
}

43
internal/handlers/submission_template_lang_test.go
View File

@@ -1,43 +0,0 @@
package handlers
// Regression tests for the template-tier → language-fallback mapping
// (t-paliad-276). The editor surfaces a "Fallback: universelles
// Skelett" notice when the requested draft language has no per-firm
// language-matched template — these tests pin which tier counts as a
// fallback for each language so the UI signal stays stable.
import "testing"
func TestLanguageFallback(t *testing.T) {
t.Parallel()
cases := []struct {
name string
lang string
tier submissionTemplateTier
want bool
}{
// DE drafts: every non-letterhead tier is a first-class match.
{"de_per_code_lang", "de", tplTierPerCodeLang, false},
{"de_per_code", "de", tplTierPerCode, false},
{"de_skeleton_lang", "de", tplTierSkeletonLang, false},
{"de_skeleton", "de", tplTierSkeleton, false},
{"de_letterhead", "de", tplTierLetterhead, true},
// EN drafts: per_code (DE-baked) and skeleton (DE-baked) both
// surface the fallback notice so the lawyer knows the rendered
// body lacks EN prose.
{"en_per_code_lang", "en", tplTierPerCodeLang, false},
{"en_per_code", "en", tplTierPerCode, true},
{"en_skeleton_lang", "en", tplTierSkeletonLang, false},
{"en_skeleton", "en", tplTierSkeleton, true},
{"en_letterhead", "en", tplTierLetterhead, true},
}
for _, c := range cases {
t.Run(c.name, func(t *testing.T) {
t.Parallel()
if got := languageFallback(c.lang, c.tier); got != c.want {
t.Errorf("languageFallback(%q, %q) = %v, want %v", c.lang, c.tier, got, c.want)
}
})
}
}

17
internal/handlers/submissions.go
View File

@@ -200,7 +200,7 @@ func loadSubmissionCatalog(ctx context.Context, projectProceedingTypeID *int) ([
pt.code AS proceeding_code,
pt.name AS proceeding_name,
pt.name_en AS proceeding_name_en
FROM paliad.deadline_rules_unified dr
FROM paliad.deadline_rules dr
JOIN paliad.proceeding_types pt ON pt.id = dr.proceeding_type_id
WHERE dr.is_active = true
AND dr.lifecycle_state = 'published'
@@ -208,7 +208,7 @@ func loadSubmissionCatalog(ctx context.Context, projectProceedingTypeID *int) ([
AND dr.submission_code IS NOT NULL
AND dr.submission_code <> ''
AND pt.is_active = true
ORDER BY pt.code ASC, dr.sequence_order ASC, dr.submission_code ASC`)
ORDER BY pt.code ASC, dr.submission_code ASC`)
if err != nil {
return nil, nil, err
}
@@ -304,23 +304,14 @@ func handleGenerateProjectSubmission(w http.ResponseWriter, r *http.Request) {
ctx, cancel := context.WithTimeout(r.Context(), submissionRenderTimeout)
defer cancel()
// One-shot /generate has no draft row to pull `language` from —
// accept `?language=de|en` as an explicit override (t-paliad-276)
// and otherwise fall back to the user's UI language.
user, _ := dbSvc.users.GetByID(ctx, uid)
lang := strings.ToLower(strings.TrimSpace(r.URL.Query().Get("language")))
if lang != "de" && lang != "en" {
lang = userLang(user)
}
tplBytes, _, _, err := resolveSubmissionTemplate(ctx, submissionCode, lang)
tplBytes, _, err := resolveSubmissionTemplate(ctx, submissionCode)
if err != nil {
log.Printf("submissions: template fetch (project=%s code=%s): %v", projectID, submissionCode, err)
writeJSON(w, http.StatusBadGateway, map[string]string{"error": "template upstream unreachable"})
return
}
docx, resolved, err := dbSvc.submissionDraft.RenderProjectSubmission(ctx, uid, projectID, submissionCode, lang, tplBytes)
docx, resolved, err := dbSvc.submissionDraft.RenderProjectSubmission(ctx, uid, projectID, submissionCode, tplBytes)
if err != nil {
if errors.Is(err, services.ErrSubmissionRuleNotFound) {
writeJSON(w, http.StatusNotFound, map[string]string{

261
internal/models/models.go
View File

@@ -4,20 +4,63 @@
package models
import (
"database/sql/driver"
"encoding/json"
"fmt"
"time"
"github.com/google/uuid"
"github.com/lib/pq"
"mgit.msbls.de/m/paliad/pkg/litigationplanner"
)
// NullableJSON is a jsonb column that may be NULL. Canonical definition
// (with sql.Scanner / driver.Valuer / json.Marshaler / json.Unmarshaler)
// lives in pkg/litigationplanner — kept here as a type alias so every
// existing models.NullableJSON reference continues to compile.
type NullableJSON = litigationplanner.NullableJSON
// NullableJSON is a jsonb column that may be NULL. json.RawMessage
// (and *json.RawMessage) doesn't implement sql.Scanner, so a NULL value
// from Postgres breaks the row scan with "unsupported Scan, storing
// driver.Value type <nil> into type *json.RawMessage" — exactly the
// error that hid every approval_request from the inbox when m's first
// "create" lifecycle row arrived with NULL pre_image (m's dogfood
// 2026-05-08 20:35). Using NullableJSON on every nullable jsonb column
// fixes the scan and preserves inline JSON output (no base64 cast).
type NullableJSON []byte
func (n *NullableJSON) Scan(value any) error {
if value == nil {
*n = nil
return nil
}
switch v := value.(type) {
case []byte:
*n = append((*n)[:0], v...)
return nil
case string:
*n = []byte(v)
return nil
}
return fmt.Errorf("NullableJSON: unsupported scan type %T", value)
}
func (n NullableJSON) Value() (driver.Value, error) {
if len(n) == 0 {
return nil, nil
}
return []byte(n), nil
}
func (n NullableJSON) MarshalJSON() ([]byte, error) {
if len(n) == 0 {
return []byte("null"), nil
}
return []byte(n), nil
}
func (n *NullableJSON) UnmarshalJSON(data []byte) error {
if string(data) == "null" {
*n = nil
return nil
}
*n = append((*n)[:0], data...)
return nil
}
// User extends auth.users with firm-specific profile fields. Created by the
// Phase D onboarding flow; without a row here, the user can't see any Projects.
@@ -264,14 +307,7 @@ type Deadline struct {
OriginalDueDate *time.Time `db:"original_due_date" json:"original_due_date,omitempty"`
WarningDate *time.Time `db:"warning_date" json:"warning_date,omitempty"`
Source string `db:"source" json:"source"`
// Slice B.4 (mig 140, t-paliad-305): paliad.deadlines.rule_id column
// dropped; the back-link now lives on `sequencing_rule_id` (FK to
// paliad.sequencing_rules). Same UUID values (sequencing_rules.id
// inherited deadline_rules.id during mig 136 backfill), so internal
// Go references to `RuleID` continue to carry the same semantic
// pointer. The JSON name stays `rule_id` for frontend backward-compat
// — B.5 will rename if/when frontend is updated.
RuleID *uuid.UUID `db:"sequencing_rule_id" json:"rule_id,omitempty"`
RuleID *uuid.UUID `db:"rule_id" json:"rule_id,omitempty"`
// RuleCode is the legal citation ("RoP.023", "R.151") attached at
// save time — see migration 032. Free text by design; survives
// changes to paliad.deadline_rules and accepts citations from
@@ -548,54 +584,111 @@ type Party struct {
}
// DeadlineRule is one rule in the proceeding-rule tree (UPC R.023, etc.).
// Canonical definition lives in pkg/litigationplanner.Rule — kept here
// as a type alias so every existing models.DeadlineRule reference (sqlx
// scans, hydration, projection service) continues to compile.
type DeadlineRule = litigationplanner.Rule
type DeadlineRule struct {
ID uuid.UUID `db:"id" json:"id"`
ProceedingTypeID *int `db:"proceeding_type_id" json:"proceeding_type_id,omitempty"`
ParentID *uuid.UUID `db:"parent_id" json:"parent_id,omitempty"`
SubmissionCode *string `db:"submission_code" json:"submission_code,omitempty"`
Name string `db:"name" json:"name"`
NameEN string `db:"name_en" json:"name_en"`
Description *string `db:"description" json:"description,omitempty"`
PrimaryParty *string `db:"primary_party" json:"primary_party,omitempty"`
EventType *string `db:"event_type" json:"event_type,omitempty"`
DurationValue int `db:"duration_value" json:"duration_value"`
DurationUnit string `db:"duration_unit" json:"duration_unit"`
Timing *string `db:"timing" json:"timing,omitempty"`
RuleCode *string `db:"rule_code" json:"rule_code,omitempty"`
DeadlineNotes *string `db:"deadline_notes" json:"deadline_notes,omitempty"`
DeadlineNotesEn *string `db:"deadline_notes_en" json:"deadline_notes_en,omitempty"`
SequenceOrder int `db:"sequence_order" json:"sequence_order"`
AltDurationValue *int `db:"alt_duration_value" json:"alt_duration_value,omitempty"`
AltDurationUnit *string `db:"alt_duration_unit" json:"alt_duration_unit,omitempty"`
AltRuleCode *string `db:"alt_rule_code" json:"alt_rule_code,omitempty"`
AnchorAlt *string `db:"anchor_alt" json:"anchor_alt,omitempty"`
ConceptID *uuid.UUID `db:"concept_id" json:"concept_id,omitempty"`
// ConceptDefaultEventTypeID is the canonical paliad.event_types row for
// this rule's concept (joined via paliad.deadline_concept_event_types
// where is_default = true). Lets the deadline create form auto-populate
// the Typ chip when the user picks this rule. Hydrated by the service
// layer; not a column. NULL when the concept has no mapped event_type.
ConceptDefaultEventTypeID *uuid.UUID `db:"-" json:"concept_default_event_type_id,omitempty"`
LegalSource *string `db:"legal_source" json:"legal_source,omitempty"`
IsSpawn bool `db:"is_spawn" json:"is_spawn"`
SpawnLabel *string `db:"spawn_label" json:"spawn_label,omitempty"`
IsActive bool `db:"is_active" json:"is_active"`
CreatedAt time.Time `db:"created_at" json:"created_at"`
UpdatedAt time.Time `db:"updated_at" json:"updated_at"`
// SequencingRule is the Slice B.5 (t-paliad-305) canonical name for what
// the legacy schema called a "deadline rule". Alias to DeadlineRule so
// existing call-sites compile unchanged while new code can adopt the
// procedural-event vocabulary. Same struct, same db / json tags.
type SequencingRule = DeadlineRule
// ---------------------------------------------------------------
// Phase 3 unified-rule columns (mig 078, t-paliad-182).
// Slice 9 (t-paliad-195) dropped the legacy IsMandatory /
// IsOptional / ConditionFlag / ConditionRuleID fields — they
// were superseded by Priority / ConditionExpr / IsCourtSet and
// the unified calculator no longer reads them.
// ---------------------------------------------------------------
// ProceduralEvent mirrors paliad.procedural_events — the "what kind of
// step is this in the proceeding" identity row. New struct introduced
// in Slice B.5 (t-paliad-305) for code that needs the procedural-event
// columns alone. Most consumers still pull the merged shape via
// SequencingRule through the paliad.deadline_rules_unified view; this
// struct unlocks per-PE reads/writes without going through the view.
type ProceduralEvent struct {
ID uuid.UUID `db:"id" json:"id"`
Code string `db:"code" json:"code"`
Name string `db:"name" json:"name"`
NameEN string `db:"name_en" json:"name_en"`
Description *string `db:"description" json:"description,omitempty"`
EventKind *string `db:"event_kind" json:"event_kind,omitempty"`
PrimaryPartyDefault *string `db:"primary_party_default" json:"primary_party_default,omitempty"`
LegalSourceID *uuid.UUID `db:"legal_source_id" json:"legal_source_id,omitempty"`
ConceptID *uuid.UUID `db:"concept_id" json:"concept_id,omitempty"`
LifecycleState string `db:"lifecycle_state" json:"lifecycle_state"`
DraftOf *uuid.UUID `db:"draft_of" json:"draft_of,omitempty"`
PublishedAt *time.Time `db:"published_at" json:"published_at,omitempty"`
IsActive bool `db:"is_active" json:"is_active"`
CreatedAt time.Time `db:"created_at" json:"created_at"`
UpdatedAt time.Time `db:"updated_at" json:"updated_at"`
}
// TriggerEventID points at paliad.trigger_events when this rule is
// event-rooted (Pipeline C unification, design §2.5). NULL on
// proceeding-rooted rules. Exactly one of (proceeding_type_id,
// trigger_event_id) is set after Slice 3.
TriggerEventID *int64 `db:"trigger_event_id" json:"trigger_event_id,omitempty"`
// LegalSource mirrors paliad.legal_sources — the source-of-law citation
// rows that procedural events anchor against. pretty_de / pretty_en are
// nullable on disk; readers fall back to
// internal/services/submission_vars.go:legalSourcePretty when missing.
type LegalSource struct {
ID uuid.UUID `db:"id" json:"id"`
Citation string `db:"citation" json:"citation"`
Jurisdiction string `db:"jurisdiction" json:"jurisdiction"`
PrettyDE *string `db:"pretty_de" json:"pretty_de,omitempty"`
PrettyEN *string `db:"pretty_en" json:"pretty_en,omitempty"`
Notes *string `db:"notes" json:"notes,omitempty"`
CreatedAt time.Time `db:"created_at" json:"created_at"`
UpdatedAt time.Time `db:"updated_at" json:"updated_at"`
// SpawnProceedingTypeID is the cross-proceeding spawn target —
// when is_spawn=true and this is non-NULL, the calculator follows
// the FK and emits the target proceeding's root rule chain. Slice
// 7 backfills the 8 live is_spawn=true rows.
SpawnProceedingTypeID *int `db:"spawn_proceeding_type_id" json:"spawn_proceeding_type_id,omitempty"`
// CombineOp is 'max' or 'min' for composite-rule arithmetic
// (R.198 / R.213: "31d OR 20 working_days, whichever is longer").
// NULL = single-anchor arithmetic.
CombineOp *string `db:"combine_op" json:"combine_op,omitempty"`
// ConditionExpr is the jsonb gating expression replacing
// ConditionFlag (design §2.4). Grammar:
// {"flag": "<name>"}
// {"op":"and"|"or", "args":[<node>, ...]}
// {"op":"not", "args":[<node>]}
// NULL or {} = unconditional. NullableJSON so a NULL column scans
// cleanly (the row mishap that hid approval rows from the inbox
// must not recur on rule rows).
ConditionExpr NullableJSON `db:"condition_expr" json:"condition_expr,omitempty"`
// Priority is the 4-way unified enum replacing
// (IsMandatory, IsOptional). Values: 'mandatory' (default),
// 'recommended', 'optional', 'informational'. Backfilled in
// Slice 2; legacy callers read IsMandatory + IsOptional until
// Slice 4 cuts them over.
Priority string `db:"priority" json:"priority"`
// IsCourtSet replaces the runtime heuristic
// (primary_party='court' OR event_type IN ('hearing','decision',
// 'order')). Backfilled in Slice 2; legacy callers read the
// heuristic until Slice 4.
IsCourtSet bool `db:"is_court_set" json:"is_court_set"`
// LifecycleState drives the rule-editor flow (design §4.2):
// 'draft' (admin work-in-progress) | 'published' (live, calculator-
// visible) | 'archived' (historical, retained for audit). Every
// pre-Slice-1 row defaults to 'published' via the migration.
LifecycleState string `db:"lifecycle_state" json:"lifecycle_state"`
// DraftOf points at the published rule this draft will replace on
// publish. NULL on published / archived rows. NULL also on net-
// new drafts that have no prior published peer.
DraftOf *uuid.UUID `db:"draft_of" json:"draft_of,omitempty"`
// PublishedAt records when the row entered LifecycleState='published'.
// NULL while draft, set on publish, retained through archive.
// Distinct from UpdatedAt (moves on every edit).
PublishedAt *time.Time `db:"published_at" json:"published_at,omitempty"`
// ChoicesOffered declares which per-event-card choice-kinds this
// rule offers on the Verfahrensablauf timeline (mig 129,
// t-paliad-265). NULL = no caret affordance (default). See the
// COMMENT on paliad.deadline_rules.choices_offered for the value
// shape. The engine and the frontend both read this column.
ChoicesOffered NullableJSON `db:"choices_offered" json:"choices_offered,omitempty"`
}
// DeadlineRuleAudit is one row of paliad.deadline_rule_audit — the
@@ -628,19 +721,43 @@ type DeadlineRuleAudit struct {
MigrationExported bool `db:"migration_exported" json:"migration_exported"`
}
// ProceedingType is one of the litigation conceptual codes (INF / REV /
// CCR / APM / APP / AMD / ZPO_CIVIL) or the lowercase dot-separated
// fristenrechner codes (upc.*.*, de.*.*, epa.*.*, dpma.*.*) — see
// docs/design-proceeding-code-taxonomy-2026-05-18.md. Canonical
// definition lives in pkg/litigationplanner.ProceedingType — kept here
// as a type alias so every existing models.ProceedingType reference
// continues to compile.
type ProceedingType = litigationplanner.ProceedingType
// ProceedingType is one of INF/REV/CCR/APM/APP/AMD/ZPO_CIVIL (matter
// management) or the lowercase dot-separated fristenrechner codes
// (upc.*.*, de.*.*, epa.*.*, dpma.*.*) — see
// docs/design-proceeding-code-taxonomy-2026-05-18.md.
type ProceedingType struct {
ID int `db:"id" json:"id"`
Code string `db:"code" json:"code"`
Name string `db:"name" json:"name"`
NameEN string `db:"name_en" json:"name_en"`
Description *string `db:"description" json:"description,omitempty"`
Jurisdiction *string `db:"jurisdiction" json:"jurisdiction,omitempty"`
Category *string `db:"category" json:"category,omitempty"`
DefaultColor string `db:"default_color" json:"default_color"`
SortOrder int `db:"sort_order" json:"sort_order"`
IsActive bool `db:"is_active" json:"is_active"`
// TriggerEventLabel{DE,EN}: optional caption for /tools/verfahrensablauf
// "Auslösendes Ereignis". When set, overrides the proceedingName fallback
// that fires when no rule has IsRootEvent=true. Populated for UPC Appeal
// (mig 121) so the caption reads "Anfechtbare Entscheidung" /
// "Appealable Decision" instead of "Berufungsverfahren" / "Appeal".
// NULL on most proceedings — they already carry a root rule.
TriggerEventLabelDE *string `db:"trigger_event_label_de" json:"trigger_event_label_de,omitempty"`
TriggerEventLabelEN *string `db:"trigger_event_label_en" json:"trigger_event_label_en,omitempty"`
}
// TriggerEvent is a UPC procedural event referenced by deadline rules
// whose semantic anchor is an event rather than a parent rule.
// Canonical definition lives in pkg/litigationplanner.TriggerEvent.
type TriggerEvent = litigationplanner.TriggerEvent
// TriggerEvent is a UPC procedural event that can start one or more deadlines
// running. Powers the "Was kommt nach…" Fristenrechner mode (event-driven
// lookup, mirrored from youpc data.events).
type TriggerEvent struct {
ID int64 `db:"id" json:"id"`
Code string `db:"code" json:"code"`
Name string `db:"name" json:"name"`
NameDE string `db:"name_de" json:"name_de"`
Description string `db:"description" json:"description"`
IsActive bool `db:"is_active" json:"is_active"`
CreatedAt time.Time `db:"created_at" json:"created_at"`
}
// EventDeadline is a single deadline that flows from a TriggerEvent. Mirrors
// youpc data.deadlines + the trigger half of data.deadline_events.

82
internal/services/aichat_paliadin_stream.go
View File

@@ -220,14 +220,6 @@ func (s *AichatPaliadinService) RunTurnStream(ctx context.Context, req TurnReque
}
if streamErr != nil {
// Aichat persona without streaming support — graceful fallback to
// the one-shot /chat/turn endpoint. Same body shape; we adapt the
// non-streaming response into a single StreamChunk so the caller
// sees identical event ordering.
if strings.Contains(streamErr.Error(), "unsupported_streaming") {
log.Printf("paliadin: persona %q lacks streaming support — falling back to one-shot turn %s", s.cfg.Persona, turnID)
return s.fallbackOneShotFromStream(ctx, turnID, body, events, startedAt, session)
}
// Don't overwrite an existing error_code we may have set above.
_ = s.markTurnError(ctx, turnID, classifyAichatError(streamErr))
return nil, streamErr
@@ -263,80 +255,6 @@ func (s *AichatPaliadinService) RunTurnStream(ctx context.Context, req TurnReque
}, nil
}
// fallbackOneShotFromStream runs the same `body` against aichat's
// non-streaming /chat/turn endpoint and adapts the response into the
// StreamingPaliadin contract — a single StreamChunk + StreamMeta +
// StreamConversation, followed by `events` being closed by the
// outer RunTurnStream's defer. Used when the configured persona doesn't
// support streaming (aichat returns HTTP 400 unsupported_streaming).
//
// Identical persistence shape as the one-shot RunTurn: completeTurn +
// markPrimed/clearPrimed. No new turn row (already inserted by
// RunTurnStream). No primer rebuild (already in body).
func (s *AichatPaliadinService) fallbackOneShotFromStream(
ctx context.Context,
turnID uuid.UUID,
body aichatTurnRequest,
events chan<- StreamEvent,
startedAt time.Time,
session string,
) (*TurnResult, error) {
var resp aichatTurnResponse
if err := s.callHTTP(ctx, http.MethodPost, "/chat/turn", body, &resp); err != nil {
_ = s.markTurnError(ctx, turnID, classifyAichatError(err))
safeSendStream(ctx, events, StreamEvent{
Kind: StreamError,
Code: classifyAichatError(err),
Message: err.Error(),
})
return nil, err
}
if resp.PaneSpawned {
s.clearPrimed(session)
} else {
s.markPrimed(session)
}
cleanBody := resp.Response
tokens := approxTokenCount(cleanBody)
chipCount := countChips(cleanBody)
finished := time.Now().UTC()
durationMS := int(finished.Sub(startedAt) / time.Millisecond)
tmeta := trailerMeta{
UsedTools: resp.Meta.UsedTools,
ClassifierTag: resp.Meta.ClassifierTag,
RowsSeen: coerceAichatRowsSeen(resp.Meta.RowsSeen),
}
// Emit the response as a single chunk so the frontend renders it.
safeSendStream(ctx, events, StreamEvent{
Kind: StreamChunk,
Content: cleanBody,
})
safeSendStream(ctx, events, StreamEvent{
Kind: StreamMeta,
UsedTools: tmeta.UsedTools,
ClassifierTag: tmeta.ClassifierTag,
RowsSeen: tmeta.RowsSeen,
})
if err := s.completeTurn(ctx, turnID, finished, durationMS, cleanBody, tokens, tmeta, chipCount); err != nil {
log.Printf("paliadin: complete turn %s (fallback one-shot): %v", turnID, err)
}
return &TurnResult{
TurnID: turnID,
Response: cleanBody,
UsedTools: tmeta.UsedTools,
RowsSeen: tmeta.RowsSeen,
ChipCount: chipCount,
ClassifierTag: tmeta.ClassifierTag,
DurationMS: durationMS,
}, nil
}
// streamFrame is one decoded SSE event.
type streamFrame struct {
event string // "" → default (data:) event

99
internal/services/backup_service_live_test.go
View File

@@ -1,99 +0,0 @@
package services
import (
"bytes"
"context"
"os"
"strings"
"testing"
"github.com/google/uuid"
"github.com/jmoiron/sqlx"
_ "github.com/lib/pq"
)
// TestResolveOrgSheets_LiveSchemaSnapshot probes the live paliad schema
// the way the backup runner does at the start of every run, then asserts
// that every spec the registry declares either keeps all its ORDER BY
// columns or — if any are missing — composes a fallback SELECT that the
// DB can still execute. Catches the m/paliad#140 class of bug
// (hardcoded ORDER BY against a renamed column) before deploy.
//
// Skipped when TEST_DATABASE_URL is unset. Read-only: opens a
// REPEATABLE READ tx, never writes.
func TestResolveOrgSheets_LiveSchemaSnapshot(t *testing.T) {
url := os.Getenv("TEST_DATABASE_URL")
if url == "" {
t.Skip("TEST_DATABASE_URL not set — skipping live DB test")
}
pool, err := sqlx.Connect("postgres", url)
if err != nil {
t.Fatalf("connect: %v", err)
}
defer pool.Close()
ctx := context.Background()
specs := orgSheetSpecs()
sheets, err := resolveOrgSheets(ctx, pool, specs)
if err != nil {
t.Fatalf("resolveOrgSheets: %v", err)
}
if len(sheets) != len(specs) {
t.Fatalf("resolved %d sheets, want %d", len(sheets), len(specs))
}
// Each resolved SELECT must run cleanly against the live schema.
// We LIMIT 1 inside a sub-SELECT so we don't materialise the full
// table (some are large) but still exercise the ORDER BY clause.
for _, sq := range sheets {
wrapped := `SELECT * FROM (` + sq.SQL + `) _wrap LIMIT 1`
if _, err := pool.QueryxContext(ctx, wrapped, sq.Args...); err != nil {
t.Errorf("sheet %q SQL failed: %v\nSQL: %s", sq.SheetName, err, sq.SQL)
}
}
}
// TestWriteOrg_LiveSmoke runs the full ExportService.WriteOrg pipeline
// against a real DB: schema probe, REPEATABLE READ tx, every sheet
// query, xlsx + json + per-sheet CSV assembly, outer zip framing.
// Discards the bytes — this is a "does it crash" smoke, the bug class
// it catches is exactly the one from m/paliad#140 (hardcoded ORDER BY
// against a missing column).
//
// Skipped when TEST_DATABASE_URL is unset.
func TestWriteOrg_LiveSmoke(t *testing.T) {
url := os.Getenv("TEST_DATABASE_URL")
if url == "" {
t.Skip("TEST_DATABASE_URL not set — skipping live DB test")
}
pool, err := sqlx.Connect("postgres", url)
if err != nil {
t.Fatalf("connect: %v", err)
}
defer pool.Close()
svc := NewExportService(pool, "test-firm")
var buf bytes.Buffer
meta, err := svc.WriteOrg(context.Background(), &buf, ExportSpec{
ActorID: uuid.New(),
ActorEmail: "backup-smoke@test.local",
ActorLabel: "Backup Smoke",
})
if err != nil {
t.Fatalf("WriteOrg: %v", err)
}
if buf.Len() == 0 {
t.Fatalf("WriteOrg wrote no bytes")
}
// Spot-check meta fills.
if meta.Scope != ExportScopeOrg {
t.Errorf("meta.Scope = %q, want %q", meta.Scope, ExportScopeOrg)
}
if len(meta.RowCounts) != len(orgSheetSpecs()) {
t.Errorf("meta.RowCounts has %d entries, want %d (one per sheet)", len(meta.RowCounts), len(orgSheetSpecs()))
}
// The bytes are a zip; the first 4 bytes are PK\x03\x04 for a non-empty zip.
if buf.Len() >= 4 && !strings.HasPrefix(buf.String()[:4], "PK\x03\x04") {
t.Errorf("bundle bytes don't look like a zip (first bytes: %x)", buf.Bytes()[:4])
}
}

212
internal/services/backup_service_test.go
View File

@@ -6,10 +6,8 @@ package services
// it would live in backup_service_live_test.go under TEST_DATABASE_URL.
// This file covers the bits that don't need a database:
//
// - orgSheetSpecs registry shape: no duplicates, no excluded
// - orgSheetQueries registry shape: no duplicates, no excluded
// paliadin sheets, predictable prefix split between entity and ref.
// - composeOrgSheetSQL drift-resistance: missing ORDER BY cols drop,
// SQL override path bypasses the builder, all-missing → no clause.
// - LocalDiskStore Put / Get / Delete round-trip, key validation,
// URI traversal rejection.
@@ -24,216 +22,60 @@ import (
)
// ---------------------------------------------------------------------------
// orgSheetSpecs registry
// orgSheetQueries registry
// ---------------------------------------------------------------------------
func TestOrgSheetSpecs_NoDuplicates(t *testing.T) {
func TestOrgSheetQueries_NoDuplicates(t *testing.T) {
seen := map[string]bool{}
for _, sp := range orgSheetSpecs() {
if seen[sp.SheetName] {
t.Fatalf("duplicate sheet name in orgSheetSpecs: %q", sp.SheetName)
for _, sq := range orgSheetQueries() {
if seen[sq.SheetName] {
t.Fatalf("duplicate sheet name in orgSheetQueries: %q", sq.SheetName)
}
seen[sp.SheetName] = true
seen[sq.SheetName] = true
}
}
func TestOrgSheetSpecs_ExcludesPaliadinTables(t *testing.T) {
func TestOrgSheetQueries_ExcludesPaliadinTables(t *testing.T) {
// m's t-paliad-214 Q5 decision + this design's §11 Q3 default:
// paliadin_turns and paliadin_aichat_conversation must be ABSENT
// from the registry (structural exclusion, not just column-drop).
for _, sp := range orgSheetSpecs() {
name := sp.SheetName
for _, sq := range orgSheetQueries() {
name := sq.SheetName
if strings.Contains(name, "paliadin") {
t.Fatalf("orgSheetSpecs leaked paliadin sheet: %q (m's Q3 mandates structural exclusion)", name)
t.Fatalf("orgSheetQueries leaked paliadin sheet: %q (m's Q3 mandates structural exclusion)", name)
}
if strings.Contains(sp.Table, "paliadin") {
t.Fatalf("orgSheetSpecs[%q].Table references a paliadin table: %s", name, sp.Table)
}
// Belt-and-braces: SQL override bodies (the few sheets that
// bypass the Table+OrderBy builder) also can't pull paliadin
// tables in through UNION/subquery.
if strings.Contains(sp.SQL, "paliadin_turns") || strings.Contains(sp.SQL, "paliadin_aichat_conversation") {
t.Fatalf("orgSheetSpecs[%q] SQL references a paliadin table: %s", name, sp.SQL)
// Belt-and-braces: SQL bodies should not reference the tables
// either (no UNION joins, no subqueries pulling them in).
if strings.Contains(sq.SQL, "paliadin_turns") || strings.Contains(sq.SQL, "paliadin_aichat_conversation") {
t.Fatalf("orgSheetQueries[%q] SQL references a paliadin table: %s", name, sq.SQL)
}
}
}
func TestOrgSheetSpecs_RefSheetsPrefixed(t *testing.T) {
func TestOrgSheetQueries_RefSheetsPrefixed(t *testing.T) {
// Every sheet whose data is read-only reference material is
// expected to use the `ref__` prefix. The writer's downstream
// consumers rely on this convention to group reference data
// visually in the workbook.
for _, sp := range orgSheetSpecs() {
if !strings.HasPrefix(sp.SheetName, "ref__") {
for _, sq := range orgSheetQueries() {
if !strings.HasPrefix(sq.SheetName, "ref__") {
continue
}
// Reference sheets shouldn't carry per-row WHERE clauses (they
// dump the whole reference table for portability). Only
// applies to the SQL-override path; the Table+OrderBy builder
// never emits a WHERE.
if sp.SQL != "" && strings.Contains(strings.ToUpper(sp.SQL), "WHERE") {
t.Fatalf("orgSheetSpecs[%q] is ref__ but has a WHERE clause; reference sheets dump the whole table", sp.SheetName)
// dump the whole reference table for portability).
if strings.Contains(strings.ToUpper(sq.SQL), "WHERE") {
t.Fatalf("orgSheetQueries[%q] is ref__ but has a WHERE clause; reference sheets dump the whole table", sq.SheetName)
}
}
}
func TestOrgSheetSpecs_OrderByForDeterminism(t *testing.T) {
// Every sheet must declare a stable sort: either OrderBy on the
// Table+OrderBy path, or ORDER BY in the SQL override. Keeps the
// byte-deterministic contract from t-paliad-214 §3 across runs.
//
// (Drift removes ORDER BY columns at runtime, but only ones that
// no longer exist in the schema — the spec-level declaration is
// still required so we know what *should* be ordered.)
for _, sp := range orgSheetSpecs() {
if sp.SQL != "" {
if !strings.Contains(strings.ToUpper(sp.SQL), "ORDER BY") {
t.Fatalf("orgSheetSpecs[%q] SQL override missing ORDER BY (determinism contract): %s", sp.SheetName, sp.SQL)
}
continue
func TestOrgSheetQueries_OrderByForDeterminism(t *testing.T) {
// Every sheet must specify an ORDER BY so the byte-deterministic
// contract from t-paliad-214 §3 holds across runs.
for _, sq := range orgSheetQueries() {
if !strings.Contains(strings.ToUpper(sq.SQL), "ORDER BY") {
t.Fatalf("orgSheetQueries[%q] missing ORDER BY (determinism contract): %s", sq.SheetName, sq.SQL)
}
if len(sp.OrderBy) == 0 {
t.Fatalf("orgSheetSpecs[%q] has no OrderBy and no SQL override (determinism contract)", sp.SheetName)
}
}
}
// ---------------------------------------------------------------------------
// composeOrgSheetSQL — drift-resistant SQL builder
// ---------------------------------------------------------------------------
func TestComposeOrgSheetSQL_AllColumnsPresent(t *testing.T) {
spec := orgSheetSpec{
SheetName: "appointments",
Table: "paliad.appointments",
OrderBy: []string{"id"},
}
cols := map[string]map[string]struct{}{
"appointments": {"id": {}, "project_id": {}},
}
got, dropped := composeOrgSheetSQL(spec, cols)
want := "SELECT * FROM paliad.appointments ORDER BY id"
if got != want {
t.Fatalf("got SQL %q, want %q", got, want)
}
if len(dropped) != 0 {
t.Fatalf("expected no dropped columns, got %v", dropped)
}
}
func TestComposeOrgSheetSQL_DropsMissingOrderByColumn(t *testing.T) {
// The original bug from m/paliad#138 reproduced in unit form:
// orderBy references a column the table doesn't have.
spec := orgSheetSpec{
SheetName: "appointment_caldav_targets",
Table: "paliad.appointment_caldav_targets",
OrderBy: []string{"appointment_id", "calendar_binding_id"}, // wrong: real col is binding_id
}
cols := map[string]map[string]struct{}{
"appointment_caldav_targets": {
"appointment_id": {},
"binding_id": {},
},
}
got, dropped := composeOrgSheetSQL(spec, cols)
want := "SELECT * FROM paliad.appointment_caldav_targets ORDER BY appointment_id"
if got != want {
t.Fatalf("got SQL %q, want %q", got, want)
}
if len(dropped) != 1 || dropped[0] != "calendar_binding_id" {
t.Fatalf("expected dropped=[calendar_binding_id], got %v", dropped)
}
}
func TestComposeOrgSheetSQL_AllOrderByMissing_NoClause(t *testing.T) {
// If every declared ORDER BY column is gone, the builder still
// produces a runnable SELECT — without ORDER BY. The export
// succeeds; the order across runs is no longer deterministic for
// this sheet until the spec is updated. WARN log alerts the
// operator (verified in TestResolveOrgSheets_LogsWarnings).
spec := orgSheetSpec{
SheetName: "ghost",
Table: "paliad.ghost",
OrderBy: []string{"missing_a", "missing_b"},
}
cols := map[string]map[string]struct{}{
"ghost": {"unrelated": {}},
}
got, dropped := composeOrgSheetSQL(spec, cols)
want := "SELECT * FROM paliad.ghost"
if got != want {
t.Fatalf("got SQL %q, want %q", got, want)
}
if len(dropped) != 2 {
t.Fatalf("expected 2 dropped columns, got %v", dropped)
}
}
func TestComposeOrgSheetSQL_SQLOverride_BypassesBuilder(t *testing.T) {
// When a sheet declares SQL, the builder MUST NOT touch it — even
// if the column knowledge would suggest a change. Custom
// projections (documents drops ai_extracted) and special-case
// joins both rely on this.
spec := orgSheetSpec{
SheetName: "documents",
Table: "paliad.documents", // should be ignored
OrderBy: []string{"id"}, // should be ignored
SQL: "SELECT id, title FROM paliad.documents ORDER BY id",
}
cols := map[string]map[string]struct{}{
"documents": {}, // empty → would drop everything if builder ran
}
got, dropped := composeOrgSheetSQL(spec, cols)
if got != spec.SQL {
t.Fatalf("SQL override mutated: got %q, want %q", got, spec.SQL)
}
if len(dropped) != 0 {
t.Fatalf("override path should never report drops; got %v", dropped)
}
}
func TestComposeOrgSheetSQL_UnknownTable_DropsAllOrderBy(t *testing.T) {
// A table missing entirely from the schema snapshot is treated as
// "no columns known" — every ORDER BY column gets dropped, but
// the SELECT still emits (so a stale registry doesn't crash the
// backup; the operator gets WARNs to fix it).
spec := orgSheetSpec{
SheetName: "renamed_table",
Table: "paliad.renamed_table",
OrderBy: []string{"id"},
}
got, dropped := composeOrgSheetSQL(spec, map[string]map[string]struct{}{})
want := "SELECT * FROM paliad.renamed_table"
if got != want {
t.Fatalf("got SQL %q, want %q", got, want)
}
if len(dropped) != 1 || dropped[0] != "id" {
t.Fatalf("expected dropped=[id], got %v", dropped)
}
}
func TestComposeOrgSheetSQL_PreservesOrderByOrder(t *testing.T) {
// Multi-column OrderBy must keep its declared order, with kept
// columns concatenated in the same sequence. Determinism contract
// from t-paliad-214 §3 depends on this.
spec := orgSheetSpec{
SheetName: "partner_unit_members",
Table: "paliad.partner_unit_members",
OrderBy: []string{"partner_unit_id", "missing_middle", "user_id"},
}
cols := map[string]map[string]struct{}{
"partner_unit_members": {
"partner_unit_id": {},
"user_id": {},
},
}
got, dropped := composeOrgSheetSQL(spec, cols)
want := "SELECT * FROM paliad.partner_unit_members ORDER BY partner_unit_id, user_id"
if got != want {
t.Fatalf("got SQL %q, want %q", got, want)
}
if len(dropped) != 1 || dropped[0] != "missing_middle" {
t.Fatalf("expected dropped=[missing_middle], got %v", dropped)
}
}

82
internal/services/deadline_rule_service.go
View File

@@ -10,24 +10,12 @@ import (
"mgit.msbls.de/m/paliad/internal/models"
)
// DeadlineRuleService reads paliad.deadline_rules_unified (mig 139 view
// projecting paliad.sequencing_rules + procedural_events +
// legal_sources back to the legacy column shape after mig 140 dropped
// the underlying table) + paliad.proceeding_types. Rules are static
// reference data; no visibility check needed.
// DeadlineRuleService reads paliad.deadline_rules + paliad.proceeding_types.
// Rules are static reference data; no visibility check needed.
type DeadlineRuleService struct {
db *sqlx.DB
}
// SequencingRuleService is the Slice B.5 (t-paliad-305) canonical name
// for DeadlineRuleService. Alias preserves every existing call-site
// while new code can adopt the procedural-event vocabulary.
type SequencingRuleService = DeadlineRuleService
// NewSequencingRuleService is the canonical constructor name; alias to
// NewDeadlineRuleService for now. Both return the same underlying type.
var NewSequencingRuleService = NewDeadlineRuleService
// NewDeadlineRuleService wires the service to the pool.
func NewDeadlineRuleService(db *sqlx.DB) *DeadlineRuleService {
return &DeadlineRuleService{db: db}
@@ -47,14 +35,10 @@ const ruleColumns = `id, proceeding_type_id, parent_id, submission_code, name, n
created_at, updated_at,
trigger_event_id, spawn_proceeding_type_id, combine_op, condition_expr,
priority, is_court_set, lifecycle_state, draft_of, published_at,
choices_offered, applies_to_target`
choices_offered`
const proceedingTypeColumns = `id, code, name, name_en, description, jurisdiction,
category, default_color, sort_order, is_active,
trigger_event_label_de, trigger_event_label_en,
appeal_target,
role_proactive_label_de, role_proactive_label_en,
role_reactive_label_de, role_reactive_label_en`
category, default_color, sort_order, is_active`
// List returns active rules, optionally filtered by proceeding type.
// Each row has ConceptDefaultEventTypeID hydrated from
@@ -67,13 +51,13 @@ func (s *DeadlineRuleService) List(ctx context.Context, proceedingTypeID *int) (
if proceedingTypeID != nil {
err = s.db.SelectContext(ctx, &rules,
`SELECT `+ruleColumns+`
FROM paliad.deadline_rules_unified
FROM paliad.deadline_rules
WHERE proceeding_type_id = $1 AND is_active = true
ORDER BY sequence_order`, *proceedingTypeID)
} else {
err = s.db.SelectContext(ctx, &rules,
`SELECT `+ruleColumns+`
FROM paliad.deadline_rules_unified
FROM paliad.deadline_rules
WHERE is_active = true
ORDER BY proceeding_type_id, sequence_order`)
}
@@ -112,7 +96,7 @@ func (s *DeadlineRuleService) hydrateConceptDefaultEventTypes(ctx context.Contex
}
query, args, err := sqlx.In(
`SELECT dr.id AS rule_id, j.event_type_id
FROM paliad.deadline_rules_unified dr
FROM paliad.deadline_rules dr
JOIN paliad.proceeding_types pt ON pt.id = dr.proceeding_type_id
JOIN paliad.deadline_concept_event_types j
ON j.concept_id = dr.concept_id
@@ -164,7 +148,7 @@ func (s *DeadlineRuleService) GetRuleTree(ctx context.Context, proceedingTypeCod
var rules []models.DeadlineRule
if err := s.db.SelectContext(ctx, &rules,
`SELECT `+ruleColumns+`
FROM paliad.deadline_rules_unified
FROM paliad.deadline_rules
WHERE proceeding_type_id = $1 AND is_active = true
ORDER BY sequence_order`, pt.ID); err != nil {
return nil, fmt.Errorf("list rules for %q: %w", proceedingTypeCode, err)
@@ -187,10 +171,10 @@ func (s *DeadlineRuleService) GetFullTimeline(ctx context.Context, proceedingTyp
var rules []models.DeadlineRule
err := s.db.SelectContext(ctx, &rules, `
WITH RECURSIVE tree AS (
SELECT * FROM paliad.deadline_rules_unified
SELECT * FROM paliad.deadline_rules
WHERE proceeding_type_id = $1 AND parent_id IS NULL AND is_active = true
UNION ALL
SELECT dr.* FROM paliad.deadline_rules_unified dr
SELECT dr.* FROM paliad.deadline_rules dr
JOIN tree t ON dr.parent_id = t.id
WHERE dr.is_active = true
)
@@ -208,7 +192,7 @@ func (s *DeadlineRuleService) GetByIDs(ctx context.Context, ids []uuid.UUID) ([]
}
query, args, err := sqlx.In(
`SELECT `+ruleColumns+`
FROM paliad.deadline_rules_unified
FROM paliad.deadline_rules
WHERE id IN (?) AND is_active = true
ORDER BY sequence_order`, ids)
if err != nil {
@@ -223,44 +207,6 @@ func (s *DeadlineRuleService) GetByIDs(ctx context.Context, ids []uuid.UUID) ([]
return rules, nil
}
// LoadTriggerEventsByIDs bulk-loads paliad.trigger_events rows for the
// given id set, keyed by id. Returns nil, nil for an empty input set so
// callers can blindly forward whatever they accumulated. Inactive rows
// are included — the conditional-label resolution in fristenrechner.go
// surfaces the trigger event's display name even when the catalog row
// has been retired, which is preferable to silently falling back to
// the (wrong) parent_id name.
//
// Used by FristenrechnerService.Calculate to redirect a conditional
// rule's "abhängig von …" chip from parent_id to trigger_event_id —
// the actual semantic anchor for rules whose data-model parent is the
// proceeding root but whose real trigger sits in the trigger_events
// catalog (e.g. R.262(2) Erwiderung auf Vertraulichkeitsantrag → the
// opposing party's confidentiality application). See m/paliad#126.
func (s *DeadlineRuleService) LoadTriggerEventsByIDs(ctx context.Context, ids []int64) (map[int64]models.TriggerEvent, error) {
if len(ids) == 0 {
return nil, nil
}
query, args, err := sqlx.In(
`SELECT id, code, name, name_de, description, is_active, created_at
FROM paliad.trigger_events
WHERE id IN (?)`, ids)
if err != nil {
return nil, fmt.Errorf("build trigger_events IN query: %w", err)
}
query = s.db.Rebind(query)
var rows []models.TriggerEvent
if err := s.db.SelectContext(ctx, &rows, query, args...); err != nil {
return nil, fmt.Errorf("load trigger_events by ids %v: %w", ids, err)
}
out := make(map[int64]models.TriggerEvent, len(rows))
for _, r := range rows {
out[r.ID] = r
}
return out, nil
}
// ListByTriggerEvent returns active rules scoped to a single trigger
// event — the Pipeline-C surface added by Phase 3 Slice 3 (mig 085).
// These rules carry proceeding_type_id IS NULL (event-rooted) and have
@@ -276,7 +222,7 @@ func (s *DeadlineRuleService) ListByTriggerEvent(ctx context.Context, triggerEve
var rules []models.DeadlineRule
if err := s.db.SelectContext(ctx, &rules,
`SELECT `+ruleColumns+`
FROM paliad.deadline_rules_unified
FROM paliad.deadline_rules
WHERE trigger_event_id = $1
AND is_active = true
ORDER BY sequence_order`, triggerEventID); err != nil {
@@ -304,7 +250,7 @@ func (s *DeadlineRuleService) ListByProceedingTypeIDs(ctx context.Context, ids [
}
query, args, err := sqlx.In(
`SELECT `+ruleColumns+`
FROM paliad.deadline_rules_unified
FROM paliad.deadline_rules
WHERE proceeding_type_id IN (?)
AND is_active = true
ORDER BY proceeding_type_id, sequence_order`, ids)
@@ -339,7 +285,7 @@ func (s *DeadlineRuleService) ListByConcept(ctx context.Context, conceptID uuid.
var rules []models.DeadlineRule
if err := s.db.SelectContext(ctx, &rules,
`SELECT `+ruleColumns+`
FROM paliad.deadline_rules_unified
FROM paliad.deadline_rules
WHERE concept_id = $1
AND is_active = true
ORDER BY proceeding_type_id NULLS LAST, sequence_order`, conceptID); err != nil {

127
internal/services/deadline_search_service.go
View File

@@ -9,8 +9,6 @@ import (
"github.com/jmoiron/sqlx"
"github.com/lib/pq"
lp "mgit.msbls.de/m/paliad/pkg/litigationplanner"
)
// DeadlineSearchService backs the unified Fristenrechner search bar
@@ -923,15 +921,130 @@ func roundScore(v float64) float64 {
return float64(int(v*10000+0.5)) / 10000
}
// FormatLegalSourceDisplay + BuildLegalSourceURL are canonically
// defined in pkg/litigationplanner — kept here as thin re-exports so
// the existing in-package + handler call-sites compile unchanged.
// FormatLegalSourceDisplay renders a structured legal_source code into
// the form HLC users read in pleadings:
//
// UPC.RoP.23.1 → "UPC RoP R.23(1)"
// UPC.RoP.139 → "UPC RoP R.139"
// DE.PatG.82.1 → "PatG §82(1)"
// DE.ZPO.276.1 → "ZPO §276(1)"
// EU.EPÜ.108 → "EPÜ Art.108"
// EU.EPC-R.79.1 → "EPC R.79(1)"
// EU.RPBA.12.1.c → "RPBA Art.12(1)(c)"
//
// Returns the empty string for an empty input. Unknown jurisdictions
// fall through with the structured form preserved (caller decides
// whether to display).
func FormatLegalSourceDisplay(src string) string {
return lp.FormatLegalSourceDisplay(src)
src = strings.TrimSpace(src)
if src == "" {
return ""
}
parts := strings.Split(src, ".")
if len(parts) < 3 {
// Malformed — return as-is so the caller still has something.
return src
}
code := parts[1]
rest := parts[2:]
var prefix string
switch code {
case "RoP":
prefix = "UPC RoP R."
case "PatG":
prefix = "PatG §"
case "ZPO":
prefix = "ZPO §"
case "EPÜ":
prefix = "EPÜ Art."
case "EPC-R":
prefix = "EPC R."
case "RPBA":
prefix = "RPBA Art."
default:
prefix = code + " "
}
var b strings.Builder
b.Grow(len(prefix) + len(src))
b.WriteString(prefix)
b.WriteString(rest[0])
for _, p := range rest[1:] {
b.WriteByte('(')
b.WriteString(p)
b.WriteByte(')')
}
return b.String()
}
// BuildLegalSourceURL maps a structured legal_source code to a
// youpc.org/laws permalink when the cited body is hosted there. Today
// youpc only carries the UPC corpus (UPCA, UPCS, UPCRoP); DE national
// codes (PatG, ZPO) and EPO bodies (EPÜ, EPC-R, RPBA) have no youpc
// home yet, so the helper returns the empty string for those and the
// caller renders the display string as plain text.
//
// Inputs mirror FormatLegalSourceDisplay — structured dot-separated
// codes like UPC.RoP.23.1, UPC.UPCA.83. Sub-paragraph segments beyond
// the law-number position are dropped; youpc resolves the page at
// <type>.<number> granularity. The law-number is zero-padded to 3
// digits to match how youpc stores law_number (laws-data.json carries
// "001" / "023" / "220" forms).
//
// URL shape uses the hash-fragment form that youpc itself emits from
// its laws-page redirect (handlers/laws.go:215+229) — the canonical
// in-app deep link target. The `/laws/:type/:number` pretty route also
// resolves the same page but redirects to the hash form anyway.
//
// UPC.RoP.23.1 → https://youpc.org/laws#UPCRoP.023
// UPC.RoP.139 → https://youpc.org/laws#UPCRoP.139
// UPC.RoP.220.1 → https://youpc.org/laws#UPCRoP.220
// UPC.RoP.29.a → https://youpc.org/laws#UPCRoP.029
// UPC.UPCA.83 → https://youpc.org/laws#UPCA.083
// DE.ZPO.276.1 → "" (no youpc home — render display text plain)
func BuildLegalSourceURL(src string) string {
return lp.BuildLegalSourceURL(src)
src = strings.TrimSpace(src)
if src == "" {
return ""
}
parts := strings.Split(src, ".")
if len(parts) < 3 {
return ""
}
var lawType string
switch parts[0] + "." + parts[1] {
case "UPC.RoP":
lawType = "UPCRoP"
case "UPC.UPCA":
lawType = "UPCA"
case "UPC.UPCS":
lawType = "UPCS"
default:
return ""
}
number := padLawNumber(parts[2])
if number == "" {
return ""
}
return "https://youpc.org/laws#" + lawType + "." + number
}
// padLawNumber zero-pads a pure-digit law-number segment to 3 digits.
// Non-digit-only inputs (e.g. "112a" if youpc ever ingests EPÜ Art.
// 112a) pass through unchanged so the URL still resolves. Empty input
// returns the empty string.
func padLawNumber(s string) string {
if s == "" {
return ""
}
for _, c := range s {
if c < '0' || c > '9' {
return s
}
}
if len(s) >= 3 {
return s
}
return strings.Repeat("0", 3-len(s)) + s
}
// RefreshSearchView re-populates the materialised view. Safe to call on

25
internal/services/deadline_service.go
View File

@@ -65,13 +65,8 @@ func (s *DeadlineService) pendingApprovalErr(ctx context.Context, deadlineID uui
return NewPendingApprovalError(rid, role)
}
// Slice B.4 (mig 140, t-paliad-305): rule_id column dropped from
// paliad.deadlines. sequencing_rule_id holds the same UUID and is the
// FK to paliad.sequencing_rules. SELECT-column lists below pull
// sequencing_rule_id into the Deadline.RuleID field (db tag adjusted in
// internal/models/models.go).
const deadlineColumns = `id, project_id, title, description, due_date, original_due_date,
warning_date, source, sequencing_rule_id, rule_code, custom_rule_text, status, completed_at, caldav_uid, caldav_etag,
warning_date, source, rule_id, rule_code, custom_rule_text, status, completed_at, caldav_uid, caldav_etag,
notes, created_by, created_at, updated_at,
approval_status, pending_request_id, approved_by, approved_at`
@@ -277,7 +272,7 @@ func (s *DeadlineService) ListVisibleForUser(ctx context.Context, userID uuid.UU
ar.requester_kind AS requester_kind
FROM paliad.deadlines f
JOIN paliad.projects p ON p.id = f.project_id
LEFT JOIN paliad.deadline_rules_unified r ON r.id = f.sequencing_rule_id
LEFT JOIN paliad.deadline_rules r ON r.id = f.rule_id
LEFT JOIN paliad.approval_requests ar ON ar.id = f.pending_request_id
WHERE ` + strings.Join(conds, " AND ") + `
ORDER BY f.due_date ASC, f.created_at DESC`
@@ -544,11 +539,7 @@ func (s *DeadlineService) Update(ctx context.Context, userID, deadlineID uuid.UU
if input.RuleID != nil && input.CustomRuleText != nil {
return nil, fmt.Errorf("%w: rule_id and custom_rule_text are mutually exclusive", ErrInvalidInput)
}
// Slice B.4 (t-paliad-305): rule_id column dropped; the FK
// back-link now lives on sequencing_rule_id. Same UUID value.
// The procedural_event_id mirror is derived in
// syncDeadlineDualLinks below after the primary UPDATE lands.
appendSet("sequencing_rule_id", input.RuleID)
appendSet("rule_id", input.RuleID)
var customText *string
if input.CustomRuleText != nil {
trimmed := strings.TrimSpace(*input.CustomRuleText)
@@ -594,16 +585,6 @@ func (s *DeadlineService) Update(ctx context.Context, userID, deadlineID uuid.UU
if _, err := tx.ExecContext(ctx, query, args...); err != nil {
return nil, fmt.Errorf("update deadline: %w", err)
}
// Slice B.4 (mig 140, t-paliad-305): rule_id column gone;
// sequencing_rule_id holds the back-link. When the patch updated
// it (auto/custom swap from t-paliad-258), mirror the FK onto
// procedural_event_id so the joined view continues to resolve.
// Idempotent: no-op when sequencing_rule_id is unchanged.
if input.RuleSet {
if err := syncDeadlineProceduralEventID(ctx, tx, deadlineID); err != nil {
return nil, err
}
}
}
if input.EventTypeIDs != nil && s.eventTypes != nil {

50
internal/services/dual_write.go
View File

@@ -1,50 +0,0 @@
// Slice B.4 retirement of B.2 dual-write (t-paliad-305 / m/paliad#93).
//
// Mig 140 dropped paliad.deadline_rules and installed INSTEAD OF
// triggers on paliad.deadline_rules_unified that route writes to
// procedural_events + sequencing_rules + legal_sources. The legacy
// dual-write helper (syncDualWriteFromDeadlineRule) and the drift-check
// loop (CheckDualWriteDrift / StartDualWriteDriftCheckLoop) reference
// paliad.deadline_rules, which no longer exists — they would crash on
// first call if kept.
//
// Survivor: syncDeadlineProceduralEventID — keeps paliad.deadlines's
// new procedural_event_id column in sync with sequencing_rule_id after
// any UPDATE that touched the latter. Still useful as a "derive from
// canonical pointer" helper.
//
// The DualWriteDriftReport struct + HasDrift method are retired with
// the loop they served.
package services
import (
"context"
"fmt"
"github.com/google/uuid"
"github.com/jmoiron/sqlx"
)
// syncDeadlineProceduralEventID mirrors paliad.deadlines.sequencing_rule_id
// onto procedural_event_id. Call this within an open transaction AFTER
// any UPDATE that mutates paliad.deadlines.sequencing_rule_id (today's
// callers: DeadlineService.Update on the RuleSet branch, and the
// RuleEditorService orphan-resolve path which sets both columns in one
// statement so doesn't need this helper).
//
// Idempotent: NULL sequencing_rule_id collapses procedural_event_id to
// NULL via the subquery returning NULL. Slice B.4 (t-paliad-305).
func syncDeadlineProceduralEventID(ctx context.Context, tx *sqlx.Tx, deadlineID uuid.UUID) error {
if _, err := tx.ExecContext(ctx, `
UPDATE paliad.deadlines d
SET procedural_event_id = (
SELECT sr.procedural_event_id
FROM paliad.sequencing_rules sr
WHERE sr.id = d.sequencing_rule_id
)
WHERE d.id = $1`, deadlineID); err != nil {
return fmt.Errorf("sync deadline procedural_event_id for %s: %w", deadlineID, err)
}
return nil
}

297
internal/services/dual_write_test.go
View File

@@ -1,297 +0,0 @@
// Slice B.2 dual-write tests (t-paliad-305 / m/paliad#93).
//
// Asserts the parallel projection — paliad.procedural_events +
// paliad.sequencing_rules + paliad.legal_sources — stays in lock-step
// with paliad.deadline_rules through the full RuleEditorService
// lifecycle. Skipped when TEST_DATABASE_URL is unset.
package services
import (
"context"
"os"
"testing"
"github.com/jmoiron/sqlx"
_ "github.com/lib/pq"
"mgit.msbls.de/m/paliad/internal/db"
)
// TestDualWrite_RuleEditorLifecycle walks Create → UpdateDraft →
// CloneAsDraft → Publish → Archive → Restore on RuleEditorService and
// after each operation asserts that paliad.sequencing_rules has the
// 1:1 mirror, paliad.procedural_events carries the projected identity,
// and paliad.legal_sources carries the citation.
func TestDualWrite_RuleEditorLifecycle(t *testing.T) {
url := os.Getenv("TEST_DATABASE_URL")
if url == "" {
t.Skip("TEST_DATABASE_URL not set — skipping live DB test")
}
if err := db.ApplyMigrations(url); err != nil {
t.Fatalf("apply migrations: %v", err)
}
pool, err := sqlx.Connect("postgres", url)
if err != nil {
t.Fatalf("connect: %v", err)
}
defer pool.Close()
ctx := context.Background()
rules := NewDeadlineRuleService(pool)
svc := NewRuleEditorService(pool, rules)
cleanup := func() {
pool.ExecContext(ctx,
`SELECT set_config('paliad.audit_reason', 'slice b.2 test cleanup', true)`)
// Order matters: sequencing_rules → procedural_events → legal_sources
// (FK direction). deadline_rules cleanup last because mig 079 audit
// trigger captures the DELETE.
pool.ExecContext(ctx, `DELETE FROM paliad.sequencing_rules WHERE id IN (
SELECT id FROM paliad.deadline_rules WHERE name LIKE 'SLICEB2_TEST_%'
)`)
pool.ExecContext(ctx, `DELETE FROM paliad.procedural_events
WHERE code LIKE 'sliceb2.%' OR code LIKE 'null.sliceb2%'`)
pool.ExecContext(ctx, `DELETE FROM paliad.legal_sources
WHERE citation LIKE 'SLICEB2.%'`)
pool.ExecContext(ctx,
`DELETE FROM paliad.deadline_rules WHERE name LIKE 'SLICEB2_TEST_%'`)
pool.ExecContext(ctx,
`DELETE FROM paliad.proceeding_types WHERE code = 'SLICEB2_TEST_PT'`)
}
cleanup()
defer cleanup()
var ptID int
if err := pool.GetContext(ctx, &ptID, `
INSERT INTO paliad.proceeding_types (code, name, name_en, category, jurisdiction, is_active)
VALUES ('SLICEB2_TEST_PT', 'Slice B.2 Test PT', 'Slice B.2 Test PT', 'fristenrechner', 'UPC', true)
RETURNING id`); err != nil {
t.Fatalf("seed proceeding_type: %v", err)
}
subCode := "sliceb2.create"
legalSrc := "SLICEB2.PatG.1"
// 1. Create — assert the parallel rows land.
created, err := svc.Create(ctx, CreateRuleInput{
Name: "SLICEB2_TEST_create",
NameEN: "SLICEB2_TEST_create_EN",
ProceedingTypeID: &ptID,
SubmissionCode: &subCode,
LegalSource: &legalSrc,
DurationValue: 30,
DurationUnit: "days",
Priority: "mandatory",
}, "B.2 dual-write create test")
if err != nil {
t.Fatalf("Create: %v", err)
}
// legal_sources should now carry SLICEB2.PatG.1
var lsCount int
if err := pool.GetContext(ctx, &lsCount,
`SELECT COUNT(*) FROM paliad.legal_sources WHERE citation = $1`, legalSrc); err != nil {
t.Fatalf("query legal_sources: %v", err)
}
if lsCount != 1 {
t.Errorf("legal_sources after Create: got %d, want 1 for citation %q", lsCount, legalSrc)
}
// procedural_events should carry the submission_code
var peName, peLifecycle string
if err := pool.GetContext(ctx, &peName,
`SELECT name FROM paliad.procedural_events WHERE code = $1`, subCode); err != nil {
t.Fatalf("query procedural_events name: %v", err)
}
if peName != "SLICEB2_TEST_create" {
t.Errorf("procedural_events.name after Create: got %q, want %q", peName, "SLICEB2_TEST_create")
}
if err := pool.GetContext(ctx, &peLifecycle,
`SELECT lifecycle_state FROM paliad.procedural_events WHERE code = $1`, subCode); err != nil {
t.Fatalf("query procedural_events lifecycle: %v", err)
}
if peLifecycle != "draft" {
t.Errorf("procedural_events.lifecycle_state after Create: got %q, want %q", peLifecycle, "draft")
}
// sequencing_rules should have id = created.id and link to PE
var srCount, srMatchPE int
if err := pool.GetContext(ctx, &srCount,
`SELECT COUNT(*) FROM paliad.sequencing_rules WHERE id = $1`, created.ID); err != nil {
t.Fatalf("query sequencing_rules count: %v", err)
}
if srCount != 1 {
t.Errorf("sequencing_rules row after Create: got %d, want 1 for id %s", srCount, created.ID)
}
if err := pool.GetContext(ctx, &srMatchPE, `
SELECT COUNT(*) FROM paliad.sequencing_rules sr
JOIN paliad.procedural_events pe ON pe.id = sr.procedural_event_id
WHERE sr.id = $1 AND pe.code = $2`, created.ID, subCode); err != nil {
t.Fatalf("query sr→pe join: %v", err)
}
if srMatchPE != 1 {
t.Errorf("sequencing_rules.procedural_event_id after Create: got %d join hits, want 1", srMatchPE)
}
// 2. UpdateDraft — change name + legal_source. Assert propagation.
newName := "SLICEB2_TEST_updated"
newLegal := "SLICEB2.ZPO.2"
_, err = svc.UpdateDraft(ctx, created.ID, RulePatch{
Name: &newName,
LegalSource: &newLegal,
}, "B.2 dual-write update test")
if err != nil {
t.Fatalf("UpdateDraft: %v", err)
}
var afterName string
if err := pool.GetContext(ctx, &afterName,
`SELECT name FROM paliad.procedural_events WHERE code = $1`, subCode); err != nil {
t.Fatalf("query pe.name post-update: %v", err)
}
if afterName != newName {
t.Errorf("procedural_events.name after UpdateDraft: got %q, want %q", afterName, newName)
}
// New citation must appear in legal_sources, and procedural_events.legal_source_id
// must point at it (idempotent UPSERT — the old SLICEB2.PatG.1 row stays).
var pePointsAtNewLegal int
if err := pool.GetContext(ctx, &pePointsAtNewLegal, `
SELECT COUNT(*) FROM paliad.procedural_events pe
JOIN paliad.legal_sources ls ON ls.id = pe.legal_source_id
WHERE pe.code = $1 AND ls.citation = $2`, subCode, newLegal); err != nil {
t.Fatalf("query pe→ls join: %v", err)
}
if pePointsAtNewLegal != 1 {
t.Errorf("procedural_events.legal_source_id after UpdateDraft: got %d hits, want 1", pePointsAtNewLegal)
}
// 3. Publish — flip to published. Assert lifecycle mirror.
_, err = svc.Publish(ctx, created.ID, "B.2 dual-write publish test")
if err != nil {
t.Fatalf("Publish: %v", err)
}
var srLifecycle, peLifecycleAfterPub string
if err := pool.GetContext(ctx, &srLifecycle,
`SELECT lifecycle_state FROM paliad.sequencing_rules WHERE id = $1`, created.ID); err != nil {
t.Fatalf("query sr.lifecycle: %v", err)
}
if srLifecycle != "published" {
t.Errorf("sequencing_rules.lifecycle_state after Publish: got %q, want %q", srLifecycle, "published")
}
if err := pool.GetContext(ctx, &peLifecycleAfterPub,
`SELECT lifecycle_state FROM paliad.procedural_events WHERE code = $1`, subCode); err != nil {
t.Fatalf("query pe.lifecycle post-publish: %v", err)
}
if peLifecycleAfterPub != "published" {
t.Errorf("procedural_events.lifecycle_state after Publish: got %q, want %q", peLifecycleAfterPub, "published")
}
// 4. Archive — flip to archived. Assert mirror.
_, err = svc.Archive(ctx, created.ID, "B.2 dual-write archive test")
if err != nil {
t.Fatalf("Archive: %v", err)
}
var srLifecycleArchived string
if err := pool.GetContext(ctx, &srLifecycleArchived,
`SELECT lifecycle_state FROM paliad.sequencing_rules WHERE id = $1`, created.ID); err != nil {
t.Fatalf("query sr.lifecycle post-archive: %v", err)
}
if srLifecycleArchived != "archived" {
t.Errorf("sequencing_rules.lifecycle_state after Archive: got %q, want %q", srLifecycleArchived, "archived")
}
// Slice B.4 (mig 140, t-paliad-305): the legacy paliad.deadline_rules
// table is gone and so is CheckDualWriteDrift — there's no parallel
// side to compare against. The INSTEAD OF triggers on the view
// guarantee parity by construction (single TX fan-out from one
// SQL write to three target tables).
}
// TestDualWrite_SyntheticCodeForNullSubmission asserts that a rule
// created with submission_code=NULL gets a synthetic 'null.<8hex>'
// procedural_events row matching mig 136's mint expression — so a new
// draft without a code participates in the dual-write contract without
// colliding with any code-bearing rule.
func TestDualWrite_SyntheticCodeForNullSubmission(t *testing.T) {
url := os.Getenv("TEST_DATABASE_URL")
if url == "" {
t.Skip("TEST_DATABASE_URL not set — skipping live DB test")
}
if err := db.ApplyMigrations(url); err != nil {
t.Fatalf("apply migrations: %v", err)
}
pool, err := sqlx.Connect("postgres", url)
if err != nil {
t.Fatalf("connect: %v", err)
}
defer pool.Close()
ctx := context.Background()
rules := NewDeadlineRuleService(pool)
svc := NewRuleEditorService(pool, rules)
cleanup := func() {
pool.ExecContext(ctx, `SELECT set_config('paliad.audit_reason', 'slice b.2 null-code cleanup', true)`)
pool.ExecContext(ctx, `DELETE FROM paliad.sequencing_rules WHERE id IN (
SELECT id FROM paliad.deadline_rules WHERE name = 'SLICEB2_TEST_nullcode'
)`)
// Synthetic PE rows are keyed off the rule's uuid; delete by name reference.
pool.ExecContext(ctx, `DELETE FROM paliad.procedural_events
WHERE code IN (
SELECT 'null.' || substring(replace(id::text, '-', ''), 1, 8)
FROM paliad.deadline_rules WHERE name = 'SLICEB2_TEST_nullcode'
)`)
pool.ExecContext(ctx, `DELETE FROM paliad.deadline_rules WHERE name = 'SLICEB2_TEST_nullcode'`)
pool.ExecContext(ctx, `DELETE FROM paliad.proceeding_types WHERE code = 'SLICEB2_NC_PT'`)
}
cleanup()
defer cleanup()
var ptID int
if err := pool.GetContext(ctx, &ptID, `
INSERT INTO paliad.proceeding_types (code, name, name_en, category, jurisdiction, is_active)
VALUES ('SLICEB2_NC_PT', 'NC PT', 'NC PT', 'fristenrechner', 'UPC', true)
RETURNING id`); err != nil {
t.Fatalf("seed proceeding_type: %v", err)
}
created, err := svc.Create(ctx, CreateRuleInput{
Name: "SLICEB2_TEST_nullcode",
NameEN: "SLICEB2_TEST_nullcode_EN",
ProceedingTypeID: &ptID,
// SubmissionCode intentionally NIL → tests the synthetic-code branch.
DurationValue: 5,
DurationUnit: "days",
Priority: "mandatory",
}, "B.2 dual-write null-code test")
if err != nil {
t.Fatalf("Create: %v", err)
}
// Compute the expected synthetic code in the same way mig 136 / the
// dual-write helper do — keep the expression in lock-step with the
// SQL via this Go-side mirror.
var expectedCode string
if err := pool.GetContext(ctx, &expectedCode,
`SELECT 'null.' || substring(replace(id::text, '-', ''), 1, 8)
FROM paliad.deadline_rules WHERE id = $1`, created.ID); err != nil {
t.Fatalf("compute expected synthetic code: %v", err)
}
var actualCode string
if err := pool.GetContext(ctx, &actualCode, `
SELECT pe.code
FROM paliad.procedural_events pe
JOIN paliad.sequencing_rules sr ON sr.procedural_event_id = pe.id
WHERE sr.id = $1`, created.ID); err != nil {
t.Fatalf("query procedural_events via sequencing_rules: %v", err)
}
if actualCode != expectedCode {
t.Errorf("synthetic code mismatch: got %q, want %q", actualCode, expectedCode)
}
if len(actualCode) != len("null.")+8 {
t.Errorf("synthetic code length: got %d, want 13 (null.+8hex)", len(actualCode))
}
}

Some files were not shown because too many files have changed in this diff Show More