Replace vergabe's blue brand-* palette with whynot's near-black/paper/yellow
visual language. Tokens vendored at static/src/vendor/whynot-design/ (synced
from commit 9419f16 via scripts/sync-whynot-design.sh / make sync-whynot-design).
main.css imports the vendored CSS first, exposes ink/paper/hi as Tailwind
@theme tokens (bg-paper, text-ink, border-line, etc.), and re-tones every
component class (.btn-*, .card, .field-row, .phase-*, .form-input, .table-*,
.sidebar-*). Border radii drop to whynot's 0-4px; .card loses its shadow.
Legacy text-brand-* / bg-brand-* / border-brand-* template references are
kept working via @theme aliases that map the old blue scale onto the whynot
ink ramp — Phase 1 is tokens-only, no template churn.
btn-danger keeps an off-spec red (#B22222) as a local --danger var until
upstream defines a canonical destructive color.
base.html body class swapped: bg-slate-50 → bg-paper-2 text-ink.
Phase 2 (component adoption) deferred until whynot-design ships Lit web
components + missing atoms (Card, Modal, Input, Table, Toast). See
wiki/DesignSystem.md and history/2026-05-23-whynot-design-cross-framework-analysis.md.
Verified: 8/8 e2e tests pass; dev server boots; static/dist/main.css contains
no #3b5bdb references. Visual pixel-level verification still pending Bernd's
browser walk.
Add cross-framework analysis to history/ and WP-0017 workplan for the
tokens+CSS phase of adopting ~/whynot-design. Component port deferred until
upstream ships Lit web components and missing atoms (Card, Modal, Input,
Table, Toast).
Decisions captured: vendor (not npm), big-bang swap (not pilot), keep
off-spec red for btn-danger until upstream defines one.
prod.py never read the CSRF_TRUSTED_ORIGINS env var the deployment already
injects, so Django's setting stayed empty. Behind traefik's TLS termination
Django saw requests as HTTP and rejected the browser's https:// Origin on
every POST with a CSRF failure (403) — forms could not be saved and the DB
stayed empty.
- Read CSRF_TRUSTED_ORIGINS from env (filtering empties).
- Set SECURE_PROXY_SSL_HEADER so Django recognizes HTTPS via X-Forwarded-Proto.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
The Dockerfile asset stage copied only static/src + vite.config.js, never
the HTML templates. Tailwind v4 generates CSS by scanning source files for
class usage, so with no templates present it emitted a stripped CSS with
zero utility classes — breaking layout and ballooning SVG icons (w-5/h-5
no longer applied) on deployed builds.
- main.css: add explicit @source directive for the templates dir so content
detection no longer depends on the build CWD.
- Dockerfile: copy vergabe_teilnahme/templates into the assets stage so the
@source path resolves at build time.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
issue-facade was renamed to issue-core. Update the dependency
declaration and the three Python imports it touched. Model field
names (issue_facade_backend, issue_facade_id) and the Django setting
ISSUE_FACADE_LOCAL_DB stay as-is — they are persisted/semantic
identifiers, not part of the package wiring.
All 20 aufgaben tests pass after the rewire.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
