CRM refactor changelog
A high-level history of the F0–F10 sweep on tenant-backend-crm +
the CRM modules in tenant-frontend. Granular per-batch close logs
live in tenant/tenant-backend-crm/AUDIT_FINDINGS.md.
The sweep ran during a single sprint window starting 2026-05-11. All dates below are in that timeline.
High-level deliverables
| Phase | Theme | Status |
|---|---|---|
| F0 | Security KRITIKUS (41 findings) | Done |
| F1 | Frontend cleanup | Partial — Vuexy bloat audit deferred; hardcoded strings cleaned in CRM modules |
| F2 | Mock + test environment | Partial — DevOps API mock landed, OpenAPI workflow wired |
| F3 | Controller split (15 controllers extracted) | Done |
| F4 | Menu + i18n completeness (hu/en/de) | Mostly done — de.json CRM namespace filled, ~200 new keys |
| F5 | OpenAPI + SDK | Done — Scramble + @hey-api/openapi-ts + npm run api:check drift gate |
| F6 | Backend security & quality | Done — 30+ MAGAS findings closed |
| F7 | Missing functions (RabbitMQ consumers, audit trail) | Done — IdentityEventConsumer + ActivityLog publish events |
| F8 | Tests | Done — vitest scaffold + 58 backend + 41 frontend tests |
| F9 | Documentation | Done — 21 sidebar docs (incl. permissions, webhook-events, tenant-clone added in F9 polish pass) + composables README |
| F10 | UI/UX deep review | Done — composables, deep-link, empty states |
F3 controller split inventory
Refactored 1 monolith into 6 (Chat), then continued through Task, Project, Document, ending up with 15 extracted controllers + 3 trait helpers.
| Origin | Extract | Lines moved |
|---|---|---|
| ChatController | ChatReactionController | ~60 |
| ChatController | ChatFileController | ~110 |
| ChatController | ChatParticipantController | ~140 |
| ChatController | ChatBotMembershipController | ~110 |
| ChatController | ChatMessageController | ~280 |
| TaskController | TaskBoardController | ~150 |
| TaskController | TaskAssignmentController | ~190 |
| TaskController | TaskHistoryController | ~30 |
| ProjectController | ProjectMemberController | ~135 |
| ProjectController | ProjectStatsController | ~55 |
| DocumentController | DocumentVersionController | ~115 |
| DocumentFolderController | DocumentFolderMemberController | ~110 |
Traits (shared guards):
App\Http\Concerns\EnsuresProjectMembership— used by Task* + parent controllers.App\Http\Concerns\EnsuresFolderAccess— used by Document + DocumentVersion.
Before/after sizes:
| Controller | Before | After |
|---|---|---|
| ChatController | ~800 lines | ~140 lines |
| TaskController | ~660 lines | ~360 lines |
| ProjectController | ~280 lines | ~130 lines |
| DocumentController | ~410 lines | ~280 lines |
| DocumentFolderController | ~360 lines | ~260 lines |
F10 composables
Five composables landed:
| Composable | Adopted by | Tests |
|---|---|---|
useApiError | 13+ stores | 12 |
useDeleteDialog | 11 list pages | 8 |
usePaginationDeepLink | 7 list pages | 12 |
useTypeAhead | (not yet adopted in a picker) | 7 |
useRequestHandler | legacy | — |
The list-page adoption tally as of batch 20: companies, contacts, projects, kb-articles, blog-posts, pages, sms-templates, leave-requests, shifts, webhooks, sms-settings.
Audit-trail (ActivityLog) coverage
CRM writes ActivityLog rows for compliance-relevant events. As of
the F0 sweep:
blog_post.published/blog_post.unpublished(MAGAS #51)page.published/page.unpublished(MAGAS #51)chat_bot.token_regenerated(batch 14)project.deleted(batch 19)
All entries carry the auditActor block (actor_user_id +
impersonator_id when applicable, cross-repo #36).
Migrations landed in the sweep
| Date | Migration | Purpose |
|---|---|---|
| 2026-05-12 | drop_tenant_id_from_crm_tables | 46 tables — moved to per-deployment isolation |
| 2026-05-12 | add_soft_deletes_to_project_members | MAGAS #58 — audit-trail preservation |
| 2026-05-12 | enable_unaccent_extension | MAGAS #61 — diacritic-insensitive search |
| 2026-05-12 | add_unique_unresolved_sla_breach_index | MAGAS #65 — concurrent breach race |
| 2026-05-12 | widen_project_member_role | MAGAS #63 — ENUM → varchar |
Frontend i18n
Three locale files (hu/en/de). Coverage:
- hu: ~3990 keys
- en: ~3990 keys (1:1 with hu)
- de: ~2500 keys (CRM namespace + notification keys; broader filling deferred)
200+ keys added during the sweep in the *.notifications.* and
*.emptySearch namespaces.
Tests
- Backend Unit: 58 tests across model contracts, traits, state-machines, controller extracts.
- Frontend Unit: 41 tests across composables (useApiError, useDeleteDialog, usePaginationDeepLink, useTypeAhead).
- Feature TestCase work (DB-touching) deferred to follow-up.
Where to learn more
- audit findings full text — per-batch close log
- architecture — layer diagrams
- troubleshooting — symptom→cause→fix table