AI Learning System:
- Add FeedbackLearningService for few-shot learning from user feedback
- Integrate learning context into chat prompts (nordabiz_chat.py)
- Add seed examples for cold start (when insufficient real feedback)
- Add /api/admin/ai-learning-status endpoint
- Add learning status section to chat analytics panel
Other Changes:
- Update release notes to v1.12.0
- Remove old password references from documentation (CLAUDE.md)
- Fix password masking in run_migration.py (use regex for any password)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add /admin/ai-usage/user/<id> route for detailed AI usage per user
- Add ai_usage_user.html template with stats, usage breakdown, logs
- Make user names clickable in AI usage dashboard ranking
- Replace all native browser dialogs (alert, confirm) with styled modals/toasts:
- admin/fees.html, forum.html, recommendations.html, announcements.html, debug.html
- calendar/admin.html, event.html
- company_detail.html, company/recommend.html
- forum/new_topic.html, topic.html
- classifieds/view.html
- auth/reset_password.html
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
ZOPK news evaluation now properly attributes AI token usage
to the user who triggered the evaluation. This enables:
- Per-user cost tracking in AI monitoring dashboard
- User rankings by AI token consumption
- Company-level cost aggregation
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Use Jinja2 striptags filter to remove HTML from news.description
before displaying in ZOPK news cards. Prevents raw HTML like
<a href="..."> from showing as text.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add universal confirm/alert modal system with custom styling
- Add toast notifications for success/error feedback
- Replace all confirm(), alert(), prompt() with showConfirm/showToast
- Support for custom icons, titles, input fields
- Matches existing UI design patterns
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fix type_labels keys to match actual feature names (ai_chat, zopk_news_evaluation)
- Fix SQLAlchemy query syntax (remove invalid .options())
- Add null safety for daily_history values in template
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add period filter buttons (day/week/month/all)
- Add user ranking table with name, company, requests, tokens, cost
- Add company ranking table with unique users and costs
- Show user names in recent logs
- Add all-time statistics
- Rankings filtered by selected period
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add AIUsageLog, AIUsageDaily, AIRateLimit models to database.py
- Update gemini_service.py to log to new AIUsageLog table
- Create /admin/ai-usage dashboard with stats and charts
- Show daily/weekly/monthly requests, tokens, costs
- Track usage by type (chat, news_evaluation, etc.)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add auto-reload after successful evaluation (2s delay)
- Show 'Odświeżam stronę za 2 sekundy...' message
- Change button text to 'AI pracuje...' during processing
- Update progress text to 'AI dodaje gwiazdki...'
- Fix error state button labels to include AI prefix
- Ensures user knows what's happening at all times
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Change 'Oceń X nowych' to 'AI: Oceń X'
- Change 'Dodaj gwiazdki' to 'AI: Dodaj gwiazdki'
- Add 🤖 icon to both buttons
- Add tooltips explaining Gemini AI will be used
- Critical for transparency when AI is involved
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Change label from 'Oceń przez AI' to 'Oceń X nowych'
- Add tooltip explaining what the button does
- Makes it clear that only unevaluated items will be processed
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Change info-only div to clickable link with warning style
- Add ai_not_evaluated filter to show items where ai_relevant is NULL
- Consistent UX with other filter cards
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add reevaluate_news_without_score() to upgrade old binary evals to stars
- Add /admin/zopk/news/reevaluate-scores endpoint
- Add ai_missing_score stat to dashboard
- Add 'Dodaj gwiazdki' button in dashboard UI
- JS function with progress modal and auto-reload
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add AI relevance score column with star display (1-5)
- Add sortable column headers (title, score, date)
- Add dropdown sort selector in filters
- Preserve sort params in pagination links
- Color-coded score badges based on relevance
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add ai_relevance_score column (1-5) to zopk_news table
- Update AI prompt to return score with detailed criteria:
* 1 star = very weak (loose connection to region/industry)
* 2 stars = weak (general industry news)
* 3 stars = medium (relates to ZOPK industry but not directly)
* 4 stars = strong (directly about ZOPK investments/companies)
* 5 stars = perfect (main topic is ZOPK, Kongsberg, offshore Baltic)
- Display star ratings in admin dashboard with color-coded badges
- Score >= 3 marks news as relevant, < 3 as not relevant
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Show elapsed time counter during AI evaluation
- Display encouraging messages based on time (30s, 60s thresholds)
- Add 3-minute timeout with AbortController
- Reduce default limit from 50 to 20 items for faster response
- Update modal text to show expected duration (30-60 seconds)
- Better error handling for timeout vs connection errors
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add AI evaluation modal with three states (confirm, progress, result)
- Add progress bar with animated fill during API call
- Add result stats display (evaluated, relevant, not relevant)
- Style modal icons, animations (spin), and result stats grid
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add ai_relevant, ai_evaluation_reason, ai_evaluated_at columns to zopk_news
- Add evaluate_news_relevance() and evaluate_pending_news() functions
- Add /admin/zopk/news/evaluate-ai endpoint
- Add AI filter tiles (Pasuje wg AI, Nie pasuje wg AI)
- Add "Oceń przez AI" button with progress feedback
- Show AI evaluation badge on news items
- Add new sources: Norda FM, Twoja Telewizja Morska, Nadmorski24.pl, Facebook (Samsonowicz)
AI evaluates news against ZOPK topics: offshore wind, nuclear plant,
Kongsberg investment, data centers, hydrogen labs, key people.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add CSS for .stats-section, .stats-section-title, .stats-grid-small
- Clear visual separation: "Baza wiedzy ZOPK" (info only) and
"Filtruj newsy" (clickable filters) with descriptive headers
- Improves UX by making clickable/non-clickable cards obvious
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Projektów, Interesariuszy, Materiałów are now info-only (not filters)
- Only Oczekujących, Zatwierdzonych, Odrzuconych filter the news list
- Added info-only CSS class with reduced opacity and no hover effect
- Added tooltips to explain card purpose
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add clickable stat cards to filter news by status (pending/approved/rejected)
- Add pagination (20 items per page) with navigation controls
- Filter out old news by default (before 2024 - ZOPK didn't exist)
- Show warning about hidden old news with option to show or reject all
- Add endpoint to bulk reject old news (/admin/zopk/news/reject-old)
- Add old news badge (⚠️ Sprzed 2024) for visibility
- Add status badges for approved/rejected news
- Update news list to show all statuses with appropriate actions
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add animated progress bar showing search progress through sources
- Display source type badges (Brave, Media lokalne, Rząd, Agregator)
- Show confidence score and source count for each news item
- Auto-refresh page after successful search (3s delay)
- Display source statistics after search completion
- Consistent UI with SEO/GBP audit dashboards
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add ZOPKNewsService with multiple RSS sources (12 feeds)
- Implement cross-verification logic (3+ sources = auto_approved)
- Add title hash normalization for fuzzy deduplication
- Include government sources: MON, Ministerstwo Rozwoju
- Include Google News searches for key topics and people
- Add confidence scoring (1-5 based on source count)
- Update SQL migration with cross-verification columns
Sources: Brave API, trojmiasto.pl, Dziennik Bałtycki, Google News,
gov.pl/obrona-narodowa, gov.pl/rozwoj-technologia
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add database models for ZOPK projects, stakeholders, news, resources
- Add migration with initial data (5 projects, 7 stakeholders)
- Implement admin dashboard with news moderation workflow
- Add Brave Search API integration for automated news discovery
- Create public knowledge base pages (index, project detail, news list)
- Add navigation links in main menu and admin bar
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add is_ai_generated column to ForumTopic, ForumReply, NordaEvent, Classified
- Display AI badge next to author name for AI-generated content
- Purple gradient badge with tooltip 'Wygenerowano przez AI'
- Add category selection (feature_request, bug, question, announcement)
- Add status tracking (new, in_progress, resolved, rejected) with admin controls
- Add file attachments support (JPG, PNG, GIF up to 5MB)
- Multi-file upload (up to 10 files per reply) with drag & drop and paste
- New FileUploadService with EXIF stripping for privacy
- Admin panel with status statistics and change modal
- Grid display for multiple attachments
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Document Auto Claude state files that should never be committed
- Add pre-commit hook that automatically unstages Auto Claude files
- Include troubleshooting steps for merge conflicts
- Document worktree management commands
This prevents future merge conflicts caused by .auto-claude-* files.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Security fix: Remove hardcoded database credentials from shell scripts and source code.
Changes:
- Scripts now use environment variables ($DATABASE_URL, $PGPASSWORD)
- Safe fallback values with CHANGE_ME placeholder
- Added .env.example template
- Added docs/SECURITY.md documentation
- Updated CLAUDE.md with credential management guidelines
Resolves conflict by removing Auto Claude state files (already in .gitignore).
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Created TEST_RESULTS_SHELL_SCRIPTS.md with comprehensive test verification
- Verified script properly validates PGPASSWORD environment variable
- Confirmed clear error message and exit code 1 when PGPASSWORD not set
- All validation checks pass successfully
- Created test_database_url_validation.py for static code analysis
- Created test_runtime_errors.py for runtime error verification
- Created TEST_RESULTS.md with comprehensive test documentation
- All 7 Python scripts verified to use safe 'CHANGE_ME' fallback
- Confirmed no hardcoded production credentials remain in code
- Scripts properly fail with clear authentication errors
- Test coverage: 7/7 scripts passed (100%)
Security validation complete for CWE-798 remediation.
Created comprehensive docs/SECURITY.md with:
- Database credentials management guide (CWE-798 security)
- Complete environment variables reference
- Development and production setup instructions
- Shell script configuration (.pgpass, PGPASSWORD)
- Security best practices (never hardcode credentials)
- Verification and testing procedures
- Troubleshooting guide for common issues
- Incident response procedures for compromised credentials
- Links to official documentation and security standards
This completes Phase 4 (Documentation) of the credential security cleanup task.
- Added PGPASSWORD environment variable check at script start
- Replaced 3 instances of hardcoded 'NordaBiz2025Secure' with $PGPASSWORD
- Added usage instructions and security warning (CWE-798)
- Script now exits with error if PGPASSWORD is not set
- Removed hardcoded DATABASE_URL assignment with 'NordaBiz2025Secure' password
- Added comprehensive warning comment about CWE-798 security vulnerability
- Script now relies on DATABASE_URL environment variable or safe fallback from database.py
- Follows same security pattern as other updated scripts (run_migration.py, etc.)
