docs: update changelog

docs/development-progress-log.md

@@ -1752,8 +1752,151 @@ This project demonstrates a modern Phoenix application built with:
 
 ---
 
-**Document Version:** 1.4  
-**Last Updated:** 2026-01-13  
+---
+
+## Recent Updates (2026-01-13 to 2026-01-27)
+
+### Groups Feature Implementation (2026-01-27)
+
+**PR #378:** *Add groups resource* (closes #371)
+- Created `Mv.Membership.Group` resource with name, slug, description
+- Created `Mv.Membership.MemberGroup` join table for many-to-many relationship
+- Automatic slug generation from name (immutable after creation)
+- Case-insensitive name uniqueness via LOWER(name) index
+- Database migration: `20260127141620_add_groups_and_member_groups.exs`
+
+**PR #382:** *Groups Admin UI* (closes #372)
+- Groups management LiveViews (`/groups`)
+- Create, edit, delete groups with confirmation
+- Member count display per group
+- Add/remove members from groups
+- Groups displayed in member overview and detail views
+- Filter and sort by groups in member list
+
+**Key Features:**
+- Many-to-many relationship: Members can belong to multiple groups
+- Groups searchable via member search vector (full-text search)
+- CASCADE delete: Removing member/group removes associations
+- Unique constraint prevents duplicate member-group associations
+
+### CSV Import Feature Implementation (2026-01-27)
+
+**PR #359:** *Implements CSV Import UI* (closes #335)
+- Import/Export LiveView (`/import_export`)
+- CSV file upload with auto-upload
+- Real-time import progress tracking
+- Error and warning reporting
+- Chunked processing (200 rows per chunk)
+
+**PR #394:** *Adds config for import limits* (closes #336)
+- Configurable maximum file size (default: 10 MB)
+- Configurable maximum rows (default: 1000)
+- Configuration via `config :mv, csv_import: [max_file_size_mb: ..., max_rows: ...]`
+- UI displays limits to users
+
+**PR #395:** *Implements custom field CSV import* (closes #338)
+- Support for importing custom field values via CSV
+- Custom field mapping by slug or name
+- Validation of custom field value types
+- Error reporting with line numbers and field names
+- CSV templates (German and English) available for download
+
+**Key Features:**
+- Member field import (email, first_name, last_name, etc.)
+- Custom field value import (all types: string, integer, boolean, date, email)
+- Error capping (max 50 errors per import to prevent memory issues)
+- Async chunk processing with progress updates
+- Admin-only access (requires `:create` permission on Member resource)
+
+### Page Permission Router Plug (2026-01-27)
+
+**PR #390:** *Page Permission Router Plug* (closes #388)
+- `MvWeb.Plugs.CheckPagePermission` plug for page-level authorization
+- Route-based permission checking
+- Automatic redirects for unauthorized access
+- Integration with permission sets (own_data, read_only, normal_user, admin)
+- Documentation: `docs/page-permission-route-coverage.md`
+
+**Key Features:**
+- Page-level access control before LiveView mount
+- Permission set-based route matrix
+- Redirect targets for different permission levels
+- Public paths (login, OIDC callbacks) excluded from checks
+
+### Resource Policies Implementation (2026-01-27)
+
+**PR #387:** *CustomField Resource Policies* (closes #386)
+- CustomField resource policies with actor-based authorization
+- Admin-only create/update/destroy operations
+- Read access for authenticated users
+- No system-actor fallback (explicit actor required)
+
+**PR #377:** *CustomFieldValue Resource Policies* (closes #369)
+- CustomFieldValue resource policies
+- own_data permission set: can create/update own linked member's custom field values
+- Admin and normal_user: full access
+- Bypass read rule for CustomFieldValue pattern (documented)
+
+**PR #364:** *User Resource Policies* (closes #363)
+- User resource policies with scope filtering
+- own_data: can read/update own user record
+- Admin: full access
+- Email change validation for linked members
+
+### System Actor Improvements (2026-01-27)
+
+**PR #379:** *Fix System missing system actor in prod and prevent deletion*
+- System actor user creation in migrations
+- Block update/destroy on system-actor user
+- System user handling in UserLive forms
+- Normalize system actor email
+
+**PR #361:** *System Actor Mode for Systemic Flows* (closes #348)
+- System actor pattern for systemic operations
+- Email synchronization uses system actor
+- Cycle generation uses system actor
+- Documentation: `docs/roles-and-permissions-architecture.md` (Authorization Bootstrap Patterns)
+
+**PR #367:** *Remove NoActor bypass*
+- Removed NoActor bypass to prevent masking authorization bugs
+- All tests now require explicit actor
+- Exception: AshAuthentication bypass tests (conscious exception)
+
+### Email Sync Fixes (2026-01-27)
+
+**PR #380:** *Fix email sync (user->member) when changing password and email*
+- Email sync when admin sets password via `admin_set_password`
+- Bidirectional email synchronization improvements
+- Validation fixes for linked user-member pairs
+
+### UI/UX Improvements (2026-01-27)
+
+**PR #389:** *Change Logo* (closes #385)
+- Updated application logo
+- Logo display in sidebar and navigation
+
+**PR #362:** *Add boolean custom field filters to member overview* (closes #309)
+- Boolean custom field filtering in member list
+- Filter by true/false values
+- Integration with existing filter system
+
+### Test Performance Optimization (2026-01-27)
+
+**PR #384:** *Minor test refactoring to improve on performance* (closes #383)
+- Moved slow tests to nightly test suite
+- Optimized policy tests
+- Reduced test complexity in seeds tests
+- Documentation: `docs/test-performance-optimization.md`
+
+**Key Changes:**
+- Fast tests (standard CI): Business logic, validations, data persistence
+- Slow tests (nightly): Performance tests, large datasets, query optimization
+- UI tests: Basic HTML rendering, navigation, translations
+
+---
+
+**Document Version:** 1.5  
+**Last Updated:** 2026-01-27  
 **Maintainer:** Development Team  
 **Status:** Living Document (update as project evolves)