Lewati ke isi

Changelog

Milestone tingkat tinggi proyek HUPH, reverse kronologis. Ini bukan log per-commit — untuk itu pakai git log. Untuk keputusan desain, lihat spec di docs/superpowers/specs/.

2026-04-25 — Audit auth + refresh situs docs

  • fix(auth) — Zitadel aud claim mismatch yang menyebabkan /api/v1/* invalid_token. Perbaikan tiga bagian: admin sekarang meminta scope urn:zitadel:iam:org:project:id:<PROJECT_ID>:aud agar aud access token mengandung project_id; verifier API defensif menerima project_id ATAU client_id (token lama tetap valid selama rollout); middleware requireZitadelJwt sekarang menulis audit_log pada kegagalan header_missing / jwt_invalid (sebelumnya invisible).
  • fix(admin) — Link docs di banner PageHelp pada 9 halaman admin diperbaiki — mkdocs-static-i18n tidak melayani URL <page>.id/.
  • Refresh situs docs — referensi RAG diganti Dify, alur auth Zitadel SSO ditulis ulang di glosarium + integrations matrix, changelog + onboarding + ops runbook disinkronkan dengan kondisi saat ini, palet/typografi/landing page dimodernisasi (Inter + JetBrains Mono, slate + amber, card grids, hero).

2026-04-24 — Phase 1 visibility + Phase 4 audit + Operator alerts (bundle 76 commit)

  • Phase 1 Visibility-First (gating Phase 2 contextual tunability)
  • Widget Judge Decisions di Bot Health (Langfuse-backed, audit monitoring.judge.read)
  • Widget Feature Coverage di SystemDashboard (super_admin saja, audit monitoring.coverage.read)
  • Halaman Executive Summary + handbook (KPI lintas-cluster)
  • Retrofit Phase 4 audit — kolom JSONB before_state / after_state + 16 keluarga aksi di-instrument (cluster, persona, guidance/audience rules, config, escalation rules, FAQ CRUD + bulk, intent rules, campaigns, follow-up rules, KB upload/edit/archive, crawl source, follow-up cancel, conversation notes), audit-coverage-report.sh, widget RecentConfigChanges di dashboard dengan auto-refresh, tampilan diff before/after di expanded view audit, filter "config changes only", partial index, ekspor CSV
  • Persiapan Phase 2 knob #1 (flag-gated) — wrapper Dify setAnnotationThreshold(), migrasi app_config, endpoint /settings/faq-threshold GET/PUT (gated oleh FEATURE_FAQ_THRESHOLD), slider admin di /settings/chatbot, smoke test
  • Operator alerts — alert in-app hot_lead_wait + cron_failure dengan cron alerts_sweep (setiap 5 menit), kill switch via FEATURE_ALERTS=false
  • fix(api) P0: parseAuthMode sekarang mengenali legacy dan both (dipetakan ke enforce); celah sebelumnya diam-diam mem-bypass middleware inner-guard
  • fix(auth) — allow-list auth sekarang match req.originalUrl bukan req.path ter-mount — menghilangkan noise audit 2k/minggu dari poll admin proxy
  • Reliability — fan-out escalation race-free via pg_advisory_xact_lock, alert fall back ke counselor cluster saat assigned inactive, transaction atomic + FOR UPDATE snapshot di leadsV2, FAQ deactivate fail-safe (502 jika Dify DELETE gagal), partial index notifications, faqKbSync timer unref
  • Temuan strategis — riset mendalam mengungkap HUPH masih pre-GTM (5 conv/30d, 3-4 operator harian); kecepatan engineering ≠ nilai produk; gate-off Feature Coverage + Executive Summary nav sampai traffic membenarkannya

2026-04-22–23 — Foundations Dify Phase A + bilingual + Quality Gate

  • Foundations Phase A — tooling chatflow versioning, slot dual LLM, error_strategy guardrails
  • Phase A.6 chatflow bilingual (dormant) — chatflow v2 dual LLM-per-path live; ID stabil, EN +13.7pp; menunggu flip BILINGUAL_ENABLED
  • Phase A.5 Quality Gate observe-mode — node judge + aggregator + error_strategy live di chatflow v3; block-flip ditunda setelah 5 putaran riset + replay produksi
  • 32 commit di mega-session 23 April termasuk banner PageHelp pada 10 halaman admin, sequence onboarding admin K1/K2/K3, orientation D1, infra otomatisasi screenshot D2

2026-04-19–21 — Migrasi Zitadel SSO + persiapan rollout bilingual

  • Migrasi Zitadel Week 1-3 — pre-token Action live di prod (HMAC gaya Stripe atas rawBody), provider Auth.js v5 Zitadel, Credentials provider dihapus Week 3, kolom password_hash dormant untuk soak 30-hari sebelum drop
  • Pass UX Bahasa Indonesia — aturan non-negosiasi: roleDisplay saja, label Bahasa, toast sonner, tanpa alert/confirm, aria-label pada icon button, helper bersama di 4 modul lib, error boundary di semua route utama
  • Code chatbot bilingual + runbook — chatflow + persiapan re-embed KB + eval gate + prosedur ramp bertahap dirilis (flip live menyusul)

2026-04-15–17 — Campaigns, conversation guard, redesign KB, FAQ cluster

  • Campaign tracking links — CRUD + generasi QR + atribusi klik
  • deteksi bot + breakdown referrer
  • Conversation guard — profanity 3-strike, repetition filter, cooldown, dapat dikonfigurasi dari admin
  • Konfigurasi channel WhatsApp — endpoint health + test message
  • KB redesign multi-dataset — 4 dataset, pre-retrieval, chatflow Claude, normalisasi query
  • CASS KB v2 + frontend config + sistem FAQ cluster-aware
  • 40+ commit pada 15-17 April

2026-04-14 — Sidebar nav + ops hardening

  • Redesign sidebar nav (6 grup), perbaikan env follow-up, sweep keamanan, audit performa

2026-04-13 — Activity Timeline + Test Hardening

(Section unchanged — see changelog.en.md for full detail.)

2026-04-09 — Documentation Revamp Pass 1

  • Full bilingual MkDocs Material site (ID + EN via mkdocs-static-i18n)
  • 8 halaman operator, 2 lift stakeholder, 1 stub content-team, 5 dev onboarding + 5 dev architecture + 4 dev ops baru + 3 runbook yang diangkat, glosarium bilingual + changelog ini
  • 9 file markdown root stale diarsipkan ke docs/archive/root-legacy/
  • docs/discovery/ diarsipkan
  • Spec: docs/superpowers/specs/2026-04-09-documentation-revamp-design.md
  • Plan: docs/superpowers/plans/2026-04-09-documentation-revamp.md

2026-04-09 — API HTTP Auth Middleware (Phase 0)

  • Defense-in-depth HTTP auth untuk Express API di apps/api
  • Layer 1: HMAC internal secret (verify constant-time)
  • Layer 2: Forwarding JWE NextAuth via X-Forwarded-Session
  • Layer 3 (webhook HMAC): DEFERRED — tier 360dialog saat ini tidak expose App Secret
  • 3-mode middleware: disabled | warn | enforce, rollback env-flip sub-30 detik
  • 21 route proxy admin dimigrasi ke helper serverFetch
  • PR #3 (open per 2026-04-09, belum di-merge)
  • Spec: 2026-04-09-api-http-auth-design.md

2026-04-09 — Counselor Dashboard (Phase 1.6)

  • View antrian per-counselor dengan akses lead + conversation yang di-scope
  • KPI (conversion rate, response time, contacted count)
  • Di-merge via PR #2
  • Spec: 2026-04-08-counselor-dashboard-design.md

2026-04-08 — RBAC Phase 1.5

  • Access control cluster-based pada endpoint admin
  • marketing_counselor dengan cluster_id=X hanya lihat cluster X
  • marketing_staff + marketing_admin bersifat global
  • Diaplikasikan di admin proxy + layer route Prisma
  • Spec: 2026-04-08-rbac-phase15-design.md

2026-04-08 — Escalation Routing Phase 1

  • Propagasi conversations.cluster_id via trigger dari leads
  • Notification fan-out dengan 2 kind: escalation + notify
  • Room Socket.io cluster-scoped (cluster:<id>) menerima event
  • Global recipient di-bootstrap: marketing_admin + marketing_staff
  • Spec: 2026-04-08-escalation-routing-phase1-design.md

2026-04-08 — Team Ownership

  • Model ownership cluster hybrid-lite: program_match (fluid) → register_intent (lock) → manual (selalu menang)
  • Cluster resolver dengan exact + prefix program match
  • UI admin reassign dengan ConfirmDialog
  • Backfill: 25 dari 28 lead existing match; 3 legacy row tetap NULL
  • Spec: 2026-04-08-team-ownership-design.md

2026-04-08 — Realtime Socket.io + Channel Cleanup

  • Mengganti SSE deprecated dengan substrate Socket.io di API
  • Single bridge pg_notify LISTEN → room Socket.io
  • 5 fungsi trigger DB (message, conversation, lead, notification, followup)
  • Enterprise shell fix (h-screen overflow-hidden, bukan min-h-screen)
  • Channel Telegram + Web dihapus — WhatsApp satu-satunya channel ke depan
  • Apr 8 ClickHouse OOM fix (memory cap + log disable)
  • Fix bug timezone WIB trigger (AT TIME ZONE 'UTC' di semua trigger)
  • 148 commit selama sesi Apr 7-8
  • Spec: 2026-04-07-realtime-socketio-design.md

2026-04-07 — Lead Capture Phase 2A + Analytics Phase 2B.1

  • Ekstraktor kontak hybrid 4-tier (regex Layer 1 + Claude Haiku Layer 2)
  • State machine untuk multi-turn slot filling (TTL 6 jam)
  • leadStore.upsert atomic dengan inline status recompute
  • /admin/leads-v2 dengan filter chip + polling 30 detik
  • 11 endpoint analytics backend + /admin/analytics-v2 dengan 13 komponen chart
  • Spec: 2026-04-07-intent-routing-phase2a-design.md

2026-04-07 — Intent Router Phase 1

  • Classifier 4-tier: deterministic regex → keyword heuristic → Claude Haiku → default
  • 10 intent handler seeded (wantRegister, sharePersonalInfo, wantVisitCampus, dst.)
  • Engine escalation rule dengan 3 rule seeded
  • Spec: 2026-04-07-intent-routing-design.md

2026-03-27 — KB Phase 1-3 Complete

  • Full KB system: integrasi Milvus + Langfuse + Dify
  • 308+ halaman di-crawl dari uph.edu
  • Lompatan eval: 26% → 74% → 95.2% via fix dataset + konten fakultas + tuning prompt
  • Hybrid search (dense + sparse) dengan reranking
  • Memori: project_kb_phase3_complete, project_eval_baseline

2026-03-21 — Enterprise Admin Redesign (Phase 0-9)

  • Redesign penuh apps/admin pakai shadcn/ui (style new-york)
  • Recharts untuk analytics
  • Font Inter, design token skala biru UPH primary
  • Split-pane Conversations, tabbed Leads/Analytics
  • Realtime berbasis SSE (kemudian diganti Socket.io di Apr 8)
  • Spec: 2026-03-21-enterprise-admin-redesign-design.md

2026-03-18 — Phase 1 Foundation Complete

  • Setup repo + DNS awal
  • Service infrastructure (Postgres, Redis, Qdrant, Phoenix)
  • Skeleton API (Node.js + Express)
  • Skeleton RAG (Python + FastAPI)
  • Sertifikat SSL + auto-renewal
  • Infrastructure Docker + docker-compose

Lihat juga: - History per-commit: git log --oneline - Design spec: docs/superpowers/specs/ - Implementation plan: docs/superpowers/plans/ - Record memori: /home/valid/.claude/projects/-opt-huph/memory/