Backend Security & Data Integrity:
- Block negative debit/credit amounts that bypass balance validation
- Require document date at posting (was optional, bypassing fiscal year checks)
- Fix event sourcing anti-pattern: timestamps now stored in events, not UtcNow in Apply
- Add [Authorize] to BankingController OAuth callback
- Add company access check on attachment downloads
- Validate CVR in CompanyAggregate.Create and CompanyAggregate.Update
- Require company CVR for invoice creation (Momsloven §52)
- Delete leftover WeatherForecastController
- Fix duplicate migration number 007 (renamed to 007b)
- Remove dead code in VatCalculationService (identical if/else branches)
Accounting Compliance:
- Add missing VAT accounts to StandardDanishAccounts (5610, 5611, 5620)
- Populate SAF-T TaxInformation on transaction lines (was always null)
- Add AuditFileCountry and TaxRegistrationNumber to SAF-T header
Critical Frontend Bugs:
- Fix Dashboard <a href> causing full page reloads (now uses React Router Link)
- Wire Kassekladde filters to actual data (account, status, date range)
- Pre-populate form when editing existing Kassekladde drafts
- Add detail drawer for "Vis detaljer" action (was just a toast)
- Toggle advanced filters with "Flere filtre" button
- CloseFiscalYearWizard now actually posts closing entries via mutations
- "Create next year" checkbox now creates the next fiscal year
Danish Character Encoding (~50 fixes):
- Fix ø/æ/å across Momsindberetning, DocumentUploadModal, Bankafstemning,
Kontooversigt, CloseFiscalYearWizard, vatCodes, periodStore, periods,
accounting, types/periods
Dead Buttons & UX:
- Disable Momsindberetning PDF/Export buttons with tooltips
- FiscalYearSelector "Administrer" now navigates to Settings
- Settings bank tab now uses real BankConnectionsTab component
- Bankafstemning save button disabled with development tooltip
- Replace hardcoded account options with real API data (Bankafstemning, Fakturaer)
- Header help button shows info message, notification bell shows popover
Consistency & Quality:
- Remove 7 console.log statements from production code
- Adopt PageHeader on 6 remaining pages (Kreditnotaer, Settings, Admin, etc.)
- Standardize loading states to Skeleton pattern (5 pages)
- Replace deprecated bodyStyle prop on Ant Design Cards
- Standardize date format to DD-MM-YYYY
- Fix sidebar width mismatch in designTokens
- Fix Kontooversigt breadcrumb pointing to non-existent route
Accessibility:
- Add aria-label to sidebar navigation
- Add +/- prefix to AmountText for color-blind users
- Fix CompanySwitcher permanent skeleton when no companies
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Security (Phase 1):
- Add authentication middleware on /graphql endpoint
- Filter company queries by user access (prevent IDOR)
- Add role-based authorization on mutations (owner/accountant)
- Reduce API key cache TTL from 24h to 5 minutes
- Hide exception details in production GraphQL errors
- Fix RBAC in frontend companyStore (was hardcoded)
Wiring broken features (Phase 2):
- Wire Kassekladde submit/void/copy to GraphQL mutations
- Wire Kontooversigt account creation to createAccount mutation
- Wire Settings save to updateCompany mutation
- Wire CreateFiscalYearModal and CloseFiscalYearWizard to mutations
- Replace Momsindberetning mock data with real useVatReport query
- Remove Dashboard hardcoded percentages and fake VAT deadline
- Fix Kreditnotaer invoice selector to use real data
- Fix mutation retry from 1 to 0 (prevent duplicate operations)
Accounting compliance (Phase 3):
- Add balanced entry validation (debit==credit) in JournalEntryDraftAggregate
- Add fiscal year boundary enforcement (status, date range checks)
- Add PostedAt timestamp to posted events (Bogføringsloven §7)
- Add account number uniqueness check within company
- Add fiscal year overlap and gap checks
- Add sequential invoice auto-numbering
- Fix InvoiceLine VAT rate to use canonical VatCodes
- Fix SAF-T account type mapping (financial → Expense)
- Add DraftLine validation (cannot have both debit and credit > 0)
UX improvements (Phase 4):
- Fix Danish character encoding across 15+ files (ø, æ, å)
- Deploy DemoDataDisclaimer on pages with mock/incomplete data
- Adopt PageHeader component universally across all pages
- Standardize active/inactive filtering to Switch pattern
- Fix dead buttons in Header (Help, Notifications)
- Remove hardcoded mock data from Settings
- Fix Sidebar controlled state and Kontooversigt navigation
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add hasNavigatedRef to prevent multiple navigation calls
- Move /opret-virksomhed route outside CompanyGuard in App.tsx
- Reduce retry count and disable refetchOnWindowFocus to limit re-renders
- Remove activeCompany from useEffect dependencies (use getState() instead)
This fixes "Too many calls to Location or History APIs" error that caused
the app to crash with DOMException.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Remove duplicate sync logic from CompanySwitcher (CompanyGuard handles it)
- Validate persisted activeCompany against API response in CompanyGuard
- Reset fiscal year state when switching companies in FiscalYearSelector
- Validate currentFiscalYear belongs to current company's data
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- CompanySwitcher: Use useMyCompanies() hook instead of mockCompanies
- FiscalYearSelector: Use useFiscalYears() hook instead of mockFiscalYears
- Kontooversigt: Use useAccounts() and useAccountBalances() hooks
- Kassekladde: Use useActiveAccounts() and useJournalEntryDrafts() hooks
- Bankafstemning: Use useActiveBankConnections() and usePendingBankTransactions()
- Dashboard: Calculate metrics from useAccountBalances(), useInvoices(), useVatReport()
All components now show loading skeletons and empty states appropriately.
Closes books-ljg
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Frontend build fixes:
- Add formatDateTimeISO and parseISODate to formatters.ts
- Add default type parameter to fetchGraphQL function
- Add toggleMobileDrawer and mobileDrawerOpen to uiStore
- Add compact prop to CompanySwitcher component
- Add JournalEntryDraft types to accounting.ts
- Add reopened/locked fields to FiscalYear type
- Fix documentProcessing.ts import
Closes books-0rs
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
UX improvements (books-8lo):
- Use PageHeader component for consistent header with breadcrumbs
- Add responsive mobile breakpoints
- Improve accessibility with aria-labels
- Better information hierarchy
Fixes (books-1rp):
- Add missing validateCVRModulus11 function to formatters
- Fixes TypeScript errors in Kunder.tsx and CompanySetupWizard.tsx
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Uses the DemoDataDisclaimer component to inform users that data
shown on these pages is for demonstration purposes only.
Closes books-wzq
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Creates a recurring Hangfire job that compares bank account balances
from Enable Banking with the corresponding ledger accounts:
- Runs daily via Hangfire recurring schedule
- Supports manual trigger per company via GraphQL
- Flags discrepancies > 1 cent with detailed logging
- Includes retry logic for transient failures
Closes books-5tg
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add decodeHtmlEntities function to formatters.ts for handling HTML entity decoding
- Add CompanyRole type and role helper functions (getRoleLabel, getRoleColor)
- Add useActiveCompanyRole hook for getting current user's company role
- Add Ledger.Core and QuestPDF project references to backend
- Add additional fields to CompanyReadModelDto
Closes books-hzt
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The username text next to the profile icon in the header was already
removed in a previous commit.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The user's name/email is no longer displayed next to the profile avatar
in the header. The avatar dropdown menu remains functional for accessing
user settings and logout.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Delete the quick booking page, components, and store:
- HurtigBogforing.tsx page
- simple-booking/ components (AccountQuickPicker, BankTransactionCard, QuickBookModal, SplitBookModal)
- simpleBookingStore.ts
Remove related navigation and shortcuts:
- Route from routes.tsx
- Menu item from Sidebar
- goToHurtigBogforing shortcut and navigation route
- Command palette icon reference
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Backend:
- Cookie + OIDC + API Key authentication schemes
- ApiKeyAuthenticationHandler with SHA-256 validation and 24h cache
- AuthController with login/logout/profile endpoints
- API Key domain model (EventFlow aggregate, events, commands)
- ApiKeyReadModel and repository for key validation
- Database migration 002_ApiKeys.sql
- CORS configuration for frontend
Frontend:
- authService.ts for login/logout/profile API calls
- authStore.ts (Zustand) for user context state
- ProtectedRoute component for route guards
- Header updated with user display and logout
- GraphQL client with credentials: include
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- .env.example: Documentation template
- .env.development: Local dev defaults (localhost:5000)
- .env.production: Production defaults (relative /graphql path)
- Updated .gitignore to track non-secret env files
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Backend (.NET 10):
- EventFlow CQRS/Event Sourcing with PostgreSQL
- GraphQL.NET API with mutations and queries
- Custom ReadModelSqlGenerator for snake_case PostgreSQL columns
- Hangfire for background job processing
- Integration tests with isolated test databases
Frontend (React/Vite):
- Initial project structure
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
