books/backend/Books.Api/Database/Migrations/030_AddPostedAtColumn.sql

-- Migration: 030_AddPostedAtColumn
-- Description: Add posted_at column to journal_entry_draft_read_models
-- for audit trail compliance (exact timestamp when draft was posted to ledger)

ALTER TABLE journal_entry_draft_read_models
ADD COLUMN IF NOT EXISTS posted_at TIMESTAMPTZ;

COMMENT ON COLUMN journal_entry_draft_read_models.posted_at IS
'Exact timestamp when the journal entry draft was posted to the ledger';
Full product audit: fix security, compliance, UX, and wire broken features Security (Phase 1): - Add authentication middleware on /graphql endpoint - Filter company queries by user access (prevent IDOR) - Add role-based authorization on mutations (owner/accountant) - Reduce API key cache TTL from 24h to 5 minutes - Hide exception details in production GraphQL errors - Fix RBAC in frontend companyStore (was hardcoded) Wiring broken features (Phase 2): - Wire Kassekladde submit/void/copy to GraphQL mutations - Wire Kontooversigt account creation to createAccount mutation - Wire Settings save to updateCompany mutation - Wire CreateFiscalYearModal and CloseFiscalYearWizard to mutations - Replace Momsindberetning mock data with real useVatReport query - Remove Dashboard hardcoded percentages and fake VAT deadline - Fix Kreditnotaer invoice selector to use real data - Fix mutation retry from 1 to 0 (prevent duplicate operations) Accounting compliance (Phase 3): - Add balanced entry validation (debit==credit) in JournalEntryDraftAggregate - Add fiscal year boundary enforcement (status, date range checks) - Add PostedAt timestamp to posted events (Bogføringsloven §7) - Add account number uniqueness check within company - Add fiscal year overlap and gap checks - Add sequential invoice auto-numbering - Fix InvoiceLine VAT rate to use canonical VatCodes - Fix SAF-T account type mapping (financial → Expense) - Add DraftLine validation (cannot have both debit and credit > 0) UX improvements (Phase 4): - Fix Danish character encoding across 15+ files (ø, æ, å) - Deploy DemoDataDisclaimer on pages with mock/incomplete data - Adopt PageHeader component universally across all pages - Standardize active/inactive filtering to Switch pattern - Fix dead buttons in Header (Help, Notifications) - Remove hardcoded mock data from Settings - Fix Sidebar controlled state and Kontooversigt navigation Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-05 21:35:26 +01:00			`-- Migration: 030_AddPostedAtColumn`
			`-- Description: Add posted_at column to journal_entry_draft_read_models`
			`-- for audit trail compliance (exact timestamp when draft was posted to ledger)`

			`ALTER TABLE journal_entry_draft_read_models`
			`ADD COLUMN IF NOT EXISTS posted_at TIMESTAMPTZ;`

			`COMMENT ON COLUMN journal_entry_draft_read_models.posted_at IS`
			`'Exact timestamp when the journal entry draft was posted to the ledger';`