Schema:
- Block: new optional fields `optional` (boolean) and `optionalLabel` (string)
- DocBody: new field `disabledBlockIds` — IDs of optional blocks turned off on this instance
- Renderer skips blocks whose id is in disabledBlockIds
Template authoring (BlocksEditor):
- Each block card has «Опциональный» checkbox + custom label input
- Optional blocks visually highlighted (amber border)
Document editing (DocumentEdit):
- New «Расширенный режим» toggle in header (default off → simple mode)
- Simple mode: only document header, lines, and «Дополнительные пункты»
section listing optional blocks as checkboxes
- Advanced mode: also shows full BlocksEditor (previous behavior)
- Toggling optional block updates body.disabledBlockIds; renderer/PDF reflects it
Workflow: автор шаблона помечает спорные блоки как опциональные → пользователь
при создании документа просто отмечает галочки, не залезая в контент.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- Projects.tsx: pre-validate empty name, show fieldErrors on Field
(root cause of '400 validation_error' was empty name silently rejected)
- ProjectPicker component for DocumentEdit; selecting a project autofills
default client when no client is yet set
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- Prompt: explicit rule that party blocks always go at the end, before signatures;
preamble in the beginning is a paragraph, not party
- Postprocess: deterministic reorder pulls party blocks to the position right
before the last signatures block (or to the end if no signatures)
Existing imported templates can be re-imported, or party blocks moved manually
in the editor (↑↓ buttons). New imports come out in correct order.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- New API endpoint GET /api/lookup/party?inn=... — proxies to DaData API,
returns parsed party (name, kpp, ogrn, address, signatory, status)
- Env DADATA_API_KEY (optional) — without it endpoint returns 503/no_dadata_key
- Web: InnLookupButton component shown next to ИНН field in Clients form
and Company requisites; on click fetches DaData and fills all matching
fields. Warns if status is not ACTIVE (liquidated, etc.)
Free DaData tier: 10000 requests/day. Get key at
https://dadata.ru/api/find-party/ — paste into DADATA_API_KEY in
docker/.env on queoserver.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- Renamed singular /api/organization → CRUD /api/organizations
- New BankAccount table with CRUD under /api/organizations/:orgId/bank-accounts
- TochkaCredential gets optional bankAccountId for future per-account bank API config
- Active organization stored in cookie dm_org, /api/active-organization GET/POST
- activeOrgPlugin resolves req._orgId from cookie (or first non-archived as fallback)
- Migration 1_multiorg: BankAccount table + data backfill from legacy Organization.bank* fields
- Web: new /companies list + /companies/:id with tabs (Реквизиты, Банки и счета, Интеграции stub)
- Web: OrgSwitcher dropdown in header (active org + management link)
- Removed nav "Реквизиты", "Банк" — replaced by "Компании"
- Per-field error highlighting wired up on new forms
Existing organization data backfills cleanly: legacy bank* fields stay readable, but new
BankAccount becomes the source of truth going forward.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
ApiError.fieldErrors() returns map field→ru-message; forms set fieldErrors state
on save failure, pass error prop to Field components (red border + inline message),
clear individual error when user edits that field.
Wired up: Clients, Organization. Services и Documents — позже.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- zod-utils.ts: optionalRegex/optionalEmail/optionalText with preprocess('' -> null)
- clients/organizations/services schemas now accept empty strings for optional fields
(controlled inputs naturally produce '' instead of null)
- ApiError.prettyMessage() unfolds zod fieldErrors so users see which field failed
Reproduce: POST /api/clients with email="" or empty inn returned 400 validation_error.
Now it succeeds (empty stays null), and any real validation error names the field.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
GET /auth/login → 404. Auth_server's user-facing login form lives at
GET https://auth.queo.ru/login (rendered by views/login.html), while
POST /auth/login is the JSON API. Web was redirecting to wrong path.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- monorepo (npm workspaces): apps/api (Fastify+Prisma+TS), apps/web (Vite+React+TS), packages/shared (zod schemas)
- SSO via auth.queo.ru: jose+JWKS plugin, requireDocPermission(viewer|user|admin)
- DEV_BYPASS_AUTH for local development (hard-checked off in production)
- M2: organization upsert, clients CRUD with search, services catalog with soft-delete
- BigInt -> Number serializer for Prisma money columns
- Embedded Postgres + npm run dev:demo for one-command local boot
- Docker compose for queoserver: postgres + api + web (nginx as ingress proxying /api -> api:3030)
- First migration 0_init committed (prisma migrate diff)
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
admin