KTC-Diversion

Active — MR !13 in Review
Diversion program expense tracking dashboard for Keys to Change AZ nonprofit. Built on Next.js 16.2 App Router with real DigitalOcean PostgreSQL data, Microsoft Entra ID SSO + credentials auth, and a full analytics suite. Containerized on Docker Desktop port 3006. · GitHub
35
Done
🔄
2
In Progress
0
Blocked
📋
8
Backlog
📋 Backlog8
********************************\***\*\*\*\*\*\*\***Run migrate-access-log.sql in production\***\*\*\*\*\*\*\***********************************
Execute `scripts/migrate-access-log.sql` against production DB to create ktc_access_log table for persistent audit log storage
Securitydatabase
********************************\***\*\*\*\*\*\*\***Set DATABASE_CA_CERT in 1Password vault\***\*\*\*\*\*\*\***********************************
Download DigitalOcean CA cert → add to 1Password vault as DATABASE_CA_CERT → enables rejectUnauthorized: true in production
Securitydatabase
********************************\***\*\*\*\*\*\*\***Set SSH_KNOWN_HOSTS in GitLab CI variables\***\*\*\*\*\*\*\***********************************
Run ssh-keyscan manually for deploy host → paste fingerprint as masked CI variable SSH_KNOWN_HOSTS
Securityci-cd
********************************\***\*\*\*\*\*\*\***Export to PDF / Excel from reports page\***\*\*\*\*\*\*\***********************************
Allow caseworkers to download filtered reports as PDF or Excel
Featurereports
********************************\***\*\*\*\*\*\*\***File attachments for diversion forms\***\*\*\*\*\*\*\***********************************
Upload and attach supporting documents to each diversion request
Featurestorage
********************************\***\*\*\*\*\*\*\***Email notifications for new/completed requests\***\*\*\*\*\*\*\***********************************
Automated email to caseworkers when request status changes
Featurenotifications
********************************\***\*\*\*\*\*\*\***Production deploy planning\***\*\*\*\*\*\*\***********************************
Plan VPS / DigitalOcean App Platform deploy with domain and SSL
Infradevops
********************************\***\*\*\*\*\*\*\***Rate limiting on auth endpoints\***\*\*\*\*\*\*\***********************************
Add per-IP and per-email rate limiting beyond the existing 5 req/5 min credentials guard
SecurityBackend
🔄 In Progress2
********************************\***\*\*\*\*\*\*\***MR !13 — feature/ssh-key-from-1password → develop\***\*\*\*\*\*\*\***********************************
Wave 2 UI + security audit v2 remediation (10/10 findings) + modern UI components — open since 2026-05-20 (5 days), awaiting human review and approval. Commit 96f18d5, 46 files, 6292 insertions. Score 96/100.
ci-cdSecurityreview
********************************\***\*\*\*\*\*\*\***Azure App Registration redirect URI registration\***\*\*\*\*\*\*\***********************************
Register callback URL on Azure Entra ID — user action required before SSO works in prod
Authazure
⛔ Blocked0
Vacío
✅ Done35
**************************Security audit v2 — all 10 findings fixed (V2026.05.20-001)**************************
shippedSecurity
**************************Wave 2 UI — content-visibility, whileInView, view transitions, dark mode**************************
shippedui
**************************Modern UI components — dialog, toast, tooltip, mobile drawer**************************
shippedui
**************************MR !10 + post-merge version bump V2026.05.19-003**************************
shipped
**************************Migrate 1Password vault to one-item-per-secret structure**************************
shipped
**************************Resolve MR !9 merge conflicts + fix invalid YAML pipeline**************************
shipped
****************************Commit, Docker rebuild, push + worktree cleanup****************************
shippedupdateupdateupdate
****************************UI polish — make-interfaces-feel-better****************************
shippedupdateupdateupdateupdate
****************************Migrate secrets system to 1Password Connect****************************
shippednewupdateupdateupdate
****************************Fix PostgreSQL error 53300 — switch to PgBouncer****************************
shippedfixupdate
******************************Security Audit v1******************************
shipped
******************************Add Register Form nav item to sidebar******************************
shipped
********************************\***\*\*\*\*\***Full pipeline green — deploy:dev success\***\*\*\*\*\***********************************
shippedupdate
********************************\***\*\*\*\*\***Fix APP_URL missing protocol in Vaultwarden\***\*\*\*\*\***********************************
shippedfix
********************************\***\*\*\*\*\***Fix Docker healthcheck wget → node\***\*\*\*\*\***********************************
shippedfix
********************************\***\*\*\*\*\***Add /api/health route\***\*\*\*\*\***********************************
shippednewupdate
********************************\***\*\*\*\*\***Fix docker-compose.yml for CI deploy\***\*\*\*\*\***********************************
shippedfix
********************************\***\*\*\*\*\***Fix Trivy scan registry credentials\***\*\*\*\*\***********************************
shippedfix
********************************\***\*\*\*\*\***Raise bundle budget 300 KB → 400 KB\***\*\*\*\*\***********************************
shippedfix
********************************\***\*\*\*\*\***Fix CI test job (missing @vitest/coverage-v8)\***\*\*\*\*\***********************************
shippedfix
********************************\***\*\*\*\*\***Read CI/CD pipeline and understand deploy flow\***\*\*\*\*\***********************************
shippedupdate
********************************\***\*\*\*\*\*\*\***Full Next.js 16 scaffold with KTC brand theme** (V2026.05.12-001)**\*\*\*\*\*\*\*\*********************************
nextjsshipped
********************************\***\*\*\*\*\*\*\***Microsoft Entra ID SSO + Credentials dual login** (V2026.05.12-001)**\*\*\*\*\*\*\*\*********************************
Authshipped
********************************\***\*\*\*\*\*\*\***Dashboard page with real DB KPIs + charts** (V2026.05.12-001)**\*\*\*\*\*\*\*\*********************************
uishipped
********************************\***\*\*\*\*\*\*\***Expenses master table** (V2026.05.12-002)**\*\*\*\*\*\*\*\*********************************
uishipped
********************************\***\*\*\*\*\*\*\***Expenses detail page** (V2026.05.12-002)**\*\*\*\*\*\*\*\*********************************
uishipped
********************************\***\*\*\*\*\*\*\***Reports page — 4 Recharts visualizations** (V2026.05.12-002)**\*\*\*\*\*\*\*\*********************************
uishipped
********************************\***\*\*\*\*\*\*\***DigitalOcean PostgreSQL integration** (V2026.05.12-001)**\*\*\*\*\*\*\*\*********************************
databaseshipped
********************************\***\*\*\*\*\*\*\***Docker containerization** (V2026.05.12-003)**\*\*\*\*\*\*\*\*********************************
dockershipped
********************************\***\*\*\*\*\*\*\***SSL fix for pg v8+ sslmode behavior** (V2026.05.12-001)**\*\*\*\*\*\*\*\*********************************
databaseSecurityshipped
********************************\***\*\*\*\*\*\*\***RSC boundary pattern for icon serialization** (V2026.05.12-001)**\*\*\*\*\*\*\*\*********************************
nextjsshipped
********************************\***\*\*\*\*\*\*\***DB connection pool tuning** (V2026.05.12-001)**\*\*\*\*\*\*\*\*********************************
databaseshipped
********************************\***\*\*\*\*\*\*\***GitLab CI/CD pipeline** (V2026.05.12-003)**\*\*\*\*\*\*\*\*********************************
ci-cdshipped
********************************\***\*\*\*\*\*\*\***Full security audit** (V2026.05.12-004)**\*\*\*\*\*\*\*\*********************************
Securityshipped
********************************\***\*\*\*\*\*\*\***All 14 security findings remediated** (V2026.05.12-004)**\*\*\*\*\*\*\*\*********************************
Securityshipped
📓 Daily Recaps