Beweist die Auth-Gating-Garantie und härtet das System ab (Definition of
Done #1, #2, #3, #7, #8):
- Routen-Manifest (tests/e2e/routes.manifest.ts) als einzige Quelle der
Wahrheit; anonyme Seite -> Redirect /login, anonyme API -> 401.
- Kritische auth-gating.spec.ts: genau ein Fall je Manifest-Eintrag, ohne
Daten-Leak.
- Driftschutz (routes.manifest.spec.ts + tests/unit/routes-manifest.test.ts):
keine ungetestete neue Route unter src/app/**.
- Default-Deny-Beweis für Server Actions (server-actions-guard.spec.ts +
tests/unit/server-actions-guard.test.ts): jede "use server"-Funktion ruft
als erste Anweisung einen Guard; Login-Actions per Allowlist ausgenommen.
- Wiederverwendbare reine Scanner unter tests/support (route-scan, guard-scan)
— offline lauffähig, in Vitest und Playwright geteilt.
- rbac-scoping, search-eta, login-ratelimit, security-headers Specs (gegen
geseedeten Server; in der Sandbox deferred, per test.skip abgesichert).
- global-setup (Migration + Seed) und auth.setup (Login je Konto ->
storageState); Playwright-Projekte setup -> chromium verdrahtet.
- src/lib/security/headers.test.ts: statischer Beleg für CSP, HSTS,
X-Frame-Options DENY, nosniff, Permissions-Policy.
- vitest.config.ts: Coverage-Schwellen (>=90 %) für src/lib/search + src/lib/geo.
- package.json: Scripts test:unit, test:coverage, test:e2e, test:e2e:gating.
- docs/reference/sicherheitshaertung-checkliste.md: jeder Härtungspunkt mit
Test/Befehl und Negativ-Probe.
Offline verifiziert: tsc --noEmit (0), vitest run (229 passed / 7 db-skipped),
drizzle-kit check (ok), next build (exit 0), next lint (0 Fehler),
playwright --list (98 Tests, 15 Dateien). DB-/Server-/Browser-abhängige
E2E-Läufe sind deferred (kein Postgres/Server in der Sandbox).
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Phased, dependency-ordered plan across 11 workstreams (foundation,
schema, auth, admin taxonomy, brigade area, search, geo/ETA, detail,
deployment, seed, tests/security) with exact file paths, code/schema
snippets, ordered tasks and per-task verification. Includes cross-cutting
standards, definition-of-done, and risks. Produced by a fan-out design +
adversarial critique + synthesis workflow.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- Bundesland confirmed: Niederösterreich; spec references seed catalog
- Vorlagen list corrected to NÖ HLF system + aliases + Allrad rule
- Geräte-Kategorien derived from Beladelisten
- Allrad designation is HLFA n (A infixed), not 'HLF n A'
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Synthesized from the 11 PDFs in unterlagen/: 11 Fahrzeug-Vorlagen
(HLF 1, HLF 1 W, HLF 2-4, VRF, VF, ALF, SSTF, WLF, MTF) with technical
specs and standard Beladung, plus a derived typed Merkmal-Katalog to
seed the dynamic attribute system. Corrects RL numbers that the source
filenames got wrong (FA 04 = VRF, FA 07 = HLF 4).
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Login-only mutual-aid platform for Austrian volunteer fire brigades to
list vehicles/equipment, searchable by other brigades and sorted by
fastest-arriving (drive-time ETA). Next.js + PostgreSQL/Drizzle + Auth.js
(Authentik OIDC + local argon2id), dynamic admin-curated Merkmal system,
self-hosted OSRM/Nominatim, Docker Compose behind external Traefik.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
