Merge pull request 'fix: remove MCP application-level authorization' (#19) from fix/remove-mcp-auth into main

Reviewed-on: #19

.env.example

@@ -14,7 +14,5 @@ PARSER_USE_PLAYWRIGHT=false
 ADMIN_USERNAME=admin
 ADMIN_PASSWORD=change-me
 SESSION_SECRET=change-me-session-secret
-MCP_TOKEN=change-me-mcp-token
-
 API_PORT=8000
 MCP_PORT=8001

README.md

@@ -6,7 +6,7 @@
 
 - `api`: FastAPI, REST API, HTML-админка, healthcheck.
 - `worker`: weekly scheduler, который запускает парсинг по `CRAWL_CRON`.
-- `mcp`: HTTP MCP endpoint с bearer token.
+- `mcp`: открытый HTTP MCP endpoint для ИИ-агентов.
 - `postgres`: основная БД.
 
 Парсер использует фиксированный источник сотрудников, по умолчанию `https://miem.hse.ru/persons`. Для каждой карточки сохраняются ФИО, должности, год начала работы, контакты, идентификаторы, вкладки профиля, секции, публикации, курсы, ВКР, JSON-снапшот и сжатый HTML-снапшот. Ссылки обходятся только из меню профиля самого сотрудника (`person-menu`), например `#sci`, `#teaching`, `#main`.
@@ -27,7 +27,6 @@ cp .env.example .env
 - `CRAWL_LIMIT`: опциональный лимит профилей для тестового запуска.
 - `ADMIN_USERNAME`, `ADMIN_PASSWORD`: логин и пароль админки.
 - `SESSION_SECRET`: секрет подписи cookie.
-- `MCP_TOKEN`: bearer token для `/mcp`.
 - `PARSER_USE_PLAYWRIGHT`: включение Playwright-рендера динамических вкладок.
 
 ## Локальный запуск
@@ -82,7 +81,7 @@ curl -X POST http://localhost:8000/api/crawl-runs --cookie "miem_admin_session=.
 
 ## MCP
 
-Endpoint: `POST /mcp`, авторизация `Authorization: Bearer <MCP_TOKEN>`.
+Endpoint: `POST /mcp`, без авторизации на уровне приложения.
 
 Поддерживаемые tools:
 
@@ -92,15 +91,16 @@ Endpoint: `POST /mcp`, авторизация `Authorization: Bearer <MCP_TOKEN>
 - `list_employee_courses(profile_id_or_url)`
 - `get_crawl_status()`
 
-Пример:
+Пример локального legacy-режима со статическим токеном:
 
 ```bash
 curl http://localhost:8001/mcp \
-  -H "Authorization: Bearer change-me-mcp-token" \
   -H "Content-Type: application/json" \
   -d '{"jsonrpc":"2.0","id":1,"method":"tools/list","params":{}}'
 ```
 
+Если MCP нужно ограничить, делайте это на сетевом уровне: localhost binding, VPN, firewall, reverse proxy или другой внешний контур доступа.
+
 ## Обслуживание
 
 ```bash
@@ -110,4 +110,4 @@ docker compose exec postgres pg_dump -U miem miem_workers > backup.sql
 docker compose down
 ```
 
-Версия сервиса: `0.2.8`. Админка всегда показывает версии backend и frontend в footer.
+Версия сервиса: `0.4.5`. Админка всегда показывает версии backend и frontend в footer.

app/admin.py

@@ -8,7 +8,14 @@ from app.config import Settings, get_settings
 from app.db import SessionLocal, get_db
 from app.models import CrawlError, CrawlRun, Employee
 from app.security import SESSION_COOKIE, require_admin, sign_session, verify_admin
-from app.services.admin_data import employee_detail_payload, format_admin_datetime, list_employees_page, run_payload, stats_payload
+from app.services.admin_data import (
+    employee_detail_payload,
+    format_admin_datetime,
+    list_employees_page,
+    run_detail_payload,
+    run_payload,
+    stats_payload,
+)
 from app.services.crawl_control import get_running_run, run_crawl_if_idle
 from app.version import BACKEND_VERSION, FRONTEND_VERSION
 
@@ -22,7 +29,7 @@ def dashboard(request: Request, db: Session = Depends(get_db), settings: Setting
     counts = stats_payload(db)
     counts["runs"] = db.scalar(select(func.count()).select_from(CrawlRun)) or 0
     counts["errors"] = db.scalar(select(func.count()).select_from(CrawlError)) or 0
-    run_models = db.scalars(select(CrawlRun).order_by(desc(CrawlRun.started_at)).limit(10)).all()
+    run_models = db.scalars(select(CrawlRun).order_by(desc(CrawlRun.started_at)).limit(5)).all()
     runs = [run_payload(run) for run in run_models]
     return _render(request, "dashboard.html", {"counts": counts, "runs": runs, "latest_run": runs[0] if runs else None})
 
@@ -150,6 +157,20 @@ def runs(request: Request, db: Session = Depends(get_db), settings: Settings = D
     return _render(request, "runs.html", {"runs": items, "errors": errors})
 
 
+@router.get("/runs/{run_id}", response_class=HTMLResponse)
+def run_detail(
+    run_id: int,
+    request: Request,
+    db: Session = Depends(get_db),
+    settings: Settings = Depends(get_settings),
+):
+    require_admin(request, settings)
+    run = db.get(CrawlRun, run_id)
+    if not run:
+        return RedirectResponse("/admin/runs", status_code=303)
+    return _render(request, "run_detail.html", {"run": run_detail_payload(db, run)})
+
+
 @router.post("/runs")
 def trigger_run(
     request: Request,

app/api.py

@@ -8,7 +8,7 @@ from app.config import Settings, get_settings
 from app.db import SessionLocal, get_db
 from app.models import CrawlRun, Employee
 from app.security import require_admin
-from app.services.admin_data import employee_display_payload, list_employees_page, run_payload, stats_payload
+from app.services.admin_data import employee_display_payload, list_employees_page, run_detail_payload, run_payload, stats_payload
 from app.services.crawl_control import get_running_run, run_crawl_if_idle
 from app.version import BACKEND_VERSION, FRONTEND_VERSION
 
@@ -88,6 +88,20 @@ def latest_crawl_run(
     return {"running": run_payload(running), "latest": run_payload(latest)}
 
 
+@router.get("/crawl-runs/{run_id}")
+def get_crawl_run(
+    run_id: int,
+    request: Request,
+    db: Session = Depends(get_db),
+    settings: Settings = Depends(get_settings),
+) -> dict:
+    require_admin(request, settings)
+    run = db.get(CrawlRun, run_id)
+    if not run:
+        return {"error": "not_found"}
+    return run_detail_payload(db, run) or {"error": "not_found"}
+
+
 @router.post("/crawl-runs")
 def trigger_crawl(
     request: Request,

app/config.py

@@ -17,7 +17,6 @@ class Settings(BaseSettings):
     admin_username: str = "admin"
     admin_password: str = "admin"
     session_secret: str = Field(default="dev-session-secret", min_length=8)
-    mcp_token: str = "dev-mcp-token"
 
     @field_validator("crawl_limit", mode="before")
     @classmethod
@@ -26,7 +25,6 @@ class Settings(BaseSettings):
             return None
         return value
 
-
 @lru_cache
 def get_settings() -> Settings:
     return Settings()

app/mcp.py

@@ -4,10 +4,10 @@ from fastapi import APIRouter, Depends, Request
 from sqlalchemy import desc, or_, select
 from sqlalchemy.orm import Session
 
-from app.config import Settings, get_settings
 from app.db import get_db
 from app.models import CrawlRun, Employee
-from app.security import require_mcp_token
+from app.services.admin_data import run_detail_payload
+from app.version import BACKEND_VERSION
 
 router = APIRouter(prefix="/mcp")
 
@@ -46,6 +46,15 @@ TOOLS = [
         "description": "Return the latest crawl run status.",
         "inputSchema": {"type": "object", "properties": {}},
     },
+    {
+        "name": "get_crawl_run_details",
+        "description": "Return detailed employee changes and errors for one crawl run.",
+        "inputSchema": {
+            "type": "object",
+            "properties": {"run_id": {"type": "integer"}},
+            "required": ["run_id"],
+        },
+    },
 ]
 
 
@@ -53,9 +62,7 @@ TOOLS = [
 async def mcp_http(
     request: Request,
     db: Session = Depends(get_db),
-    settings: Settings = Depends(get_settings),
 ) -> dict:
-    require_mcp_token(request, settings)
     payload = await request.json()
     method = payload.get("method")
     request_id = payload.get("id")
@@ -65,7 +72,7 @@ async def mcp_http(
         if method == "initialize":
             result = {
                 "protocolVersion": "2024-11-05",
-                "serverInfo": {"name": "miem-employees", "version": "0.1.0"},
+                "serverInfo": {"name": "miem-employees", "version": BACKEND_VERSION},
                 "capabilities": {"tools": {}},
             }
         elif method == "tools/list":
@@ -94,6 +101,9 @@ def _call_tool(db: Session, name: str, arguments: dict) -> dict:
     if name == "get_crawl_status":
         run = db.scalar(select(CrawlRun).order_by(desc(CrawlRun.started_at)).limit(1))
         return _tool_response(_run_payload(run) if run else {"status": "never_run"})
+    if name == "get_crawl_run_details":
+        run = db.get(CrawlRun, int(arguments["run_id"]))
+        return _tool_response(run_detail_payload(db, run) if run else {"error": "not_found"})
     raise ValueError(f"Unknown tool: {name}")
 
 

app/models.py

@@ -41,6 +41,7 @@ class Employee(Base):
 
     snapshots: Mapped[list["EmployeeSnapshot"]] = relationship(back_populates="employee")
     tabs: Mapped[list["ProfileTab"]] = relationship(back_populates="employee", cascade="all, delete-orphan")
+    crawl_run_changes: Mapped[list["CrawlRunEmployeeChange"]] = relationship(back_populates="employee")
 
 
 class EmployeeSnapshot(Base):
@@ -74,6 +75,31 @@ class CrawlRun(Base):
     dismissed_count: Mapped[int] = mapped_column(Integer, default=0, nullable=False)
     message: Mapped[str | None] = mapped_column(Text)
 
+    employee_changes: Mapped[list["CrawlRunEmployeeChange"]] = relationship(back_populates="crawl_run")
+
+
+class CrawlRunEmployeeChange(Base):
+    __tablename__ = "crawl_run_employee_changes"
+    __table_args__ = (
+        Index("ix_crawl_run_employee_changes_run_id", "crawl_run_id"),
+        Index("ix_crawl_run_employee_changes_employee_id", "employee_id"),
+        Index("ix_crawl_run_employee_changes_change_type", "change_type"),
+    )
+
+    id: Mapped[int] = mapped_column(Integer, primary_key=True)
+    crawl_run_id: Mapped[int] = mapped_column(ForeignKey("crawl_runs.id"), nullable=False)
+    employee_id: Mapped[int | None] = mapped_column(ForeignKey("employees.id"))
+    profile_key: Mapped[str] = mapped_column(String(255), nullable=False)
+    profile_url: Mapped[str] = mapped_column(Text, nullable=False)
+    full_name: Mapped[str | None] = mapped_column(Text)
+    change_type: Mapped[str] = mapped_column(String(32), nullable=False)
+    profile_available: Mapped[bool | None] = mapped_column()
+    message: Mapped[str | None] = mapped_column(Text)
+    created_at: Mapped[datetime] = mapped_column(DateTime(timezone=True), default=utcnow, nullable=False)
+
+    crawl_run: Mapped[CrawlRun] = relationship(back_populates="employee_changes")
+    employee: Mapped[Employee | None] = relationship(back_populates="crawl_run_changes")
+
 
 class CrawlError(Base):
     __tablename__ = "crawl_errors"

app/security.py

@@ -44,9 +44,3 @@ def require_admin(request: Request, settings: Settings) -> str:
     if not username:
         raise HTTPException(status_code=status.HTTP_303_SEE_OTHER, headers={"Location": "/admin/login"})
     return username
-
-
-def require_mcp_token(request: Request, settings: Settings) -> None:
-    auth = request.headers.get("authorization", "")
-    if not auth.startswith("Bearer ") or not hmac.compare_digest(auth.removeprefix("Bearer ").strip(), settings.mcp_token):
-        raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid MCP token")

app/services/admin_data.py

@@ -8,7 +8,7 @@ from zoneinfo import ZoneInfo
 from sqlalchemy import Select, Text, and_, desc, func, or_, select
 from sqlalchemy.orm import Session
 
-from app.models import CrawlRun, Employee
+from app.models import CrawlError, CrawlRun, CrawlRunEmployeeChange, Employee
 
 EMPLOYEE_SORTS = {
     "full_name": Employee.full_name,
@@ -175,6 +175,26 @@ def run_payload(run: CrawlRun | None) -> dict[str, Any] | None:
     }
 
 
+def run_detail_payload(db: Session, run: CrawlRun | None) -> dict[str, Any] | None:
+    if not run:
+        return None
+    changes = db.scalars(
+        select(CrawlRunEmployeeChange)
+        .where(CrawlRunEmployeeChange.crawl_run_id == run.id)
+        .order_by(CrawlRunEmployeeChange.created_at, CrawlRunEmployeeChange.id)
+    ).all()
+    errors = db.scalars(select(CrawlError).where(CrawlError.crawl_run_id == run.id).order_by(CrawlError.created_at)).all()
+    grouped_changes = {"new": [], "missing_from_source": [], "dismissed": []}
+    for change in changes:
+        grouped_changes.setdefault(change.change_type, []).append(_change_payload(change))
+    return {
+        **(run_payload(run) or {}),
+        "changes_detail_available": bool(changes),
+        "changes": grouped_changes,
+        "errors": [_crawl_error_payload(error) for error in errors],
+    }
+
+
 def format_admin_datetime(value: Any) -> str:
     if not value:
         return "Не указано"
@@ -200,6 +220,52 @@ def _run_status_display(status: str | None) -> str:
     return labels.get(status or "", status or "Не указано")
 
 
+def _change_payload(change: CrawlRunEmployeeChange) -> dict[str, Any]:
+    return {
+        "id": change.id,
+        "employee_id": change.employee_id,
+        "profile_key": change.profile_key,
+        "profile_url": change.profile_url,
+        "full_name": change.full_name,
+        "change_type": change.change_type,
+        "change_type_display": _change_type_display(change.change_type),
+        "profile_available": change.profile_available,
+        "profile_available_display": _profile_available_display(change.profile_available),
+        "message": change.message,
+        "created_at": change.created_at.isoformat() if change.created_at else None,
+        "created_display": format_admin_datetime(change.created_at),
+    }
+
+
+def _crawl_error_payload(error: CrawlError) -> dict[str, Any]:
+    return {
+        "id": error.id,
+        "crawl_run_id": error.crawl_run_id,
+        "profile_url": error.profile_url,
+        "error_type": error.error_type,
+        "message": error.message,
+        "created_at": error.created_at.isoformat() if error.created_at else None,
+        "created_display": format_admin_datetime(error.created_at),
+    }
+
+
+def _change_type_display(change_type: str | None) -> str:
+    labels = {
+        "new": "Новый",
+        "missing_from_source": "Потеряшка",
+        "dismissed": "Уволен",
+    }
+    return labels.get(change_type or "", change_type or "Не указано")
+
+
+def _profile_available_display(value: bool | None) -> str:
+    if value is True:
+        return "Профиль доступен"
+    if value is False:
+        return "Профиль недоступен"
+    return "Не проверялось"
+
+
 def _count_section_items(sections: list[dict[str, Any]], section_type: str) -> int:
     total = 0
     for section in sections:

app/services/crawler.py

@@ -9,7 +9,7 @@ from sqlalchemy import select
 from sqlalchemy.orm import Session
 
 from app.config import Settings
-from app.models import CrawlError, CrawlRun, Employee, EmployeeSnapshot, ParserSource, ProfileTab
+from app.models import CrawlError, CrawlRun, CrawlRunEmployeeChange, Employee, EmployeeSnapshot, ParserSource, ProfileTab
 from app.parser.collector import collect_profile_links
 from app.parser.profile import parse_person_profile
 from app.parser.profile_url import profile_key
@@ -68,7 +68,7 @@ def run_crawl(db: Session, settings: Settings) -> CrawlRun:
                 finally:
                     time.sleep(settings.request_delay_seconds)
 
-        run.dismissed_count = _mark_dismissed(db, found_keys)
+        run.dismissed_count = _mark_dismissed(db, run, found_keys, session, settings.request_timeout)
         run.status = "completed"
     except Exception as exc:
         run.status = "failed"
@@ -107,6 +107,9 @@ def _upsert_employee(db: Session, run: CrawlRun, parsed: dict) -> Employee:
         )
         db.add(employee)
         run.new_count += 1
+        is_new = True
+    else:
+        is_new = False
 
     employee.full_name = parsed.get("full_name")
     employee.status = "active"
@@ -117,6 +120,16 @@ def _upsert_employee(db: Session, run: CrawlRun, parsed: dict) -> Employee:
     employee.current_checksum = checksum
     db.flush()
 
+    if is_new:
+        _record_employee_change(
+            db,
+            run,
+            employee,
+            "new",
+            profile_available=True,
+            message="Сотрудник впервые найден в источнике.",
+        )
+
     db.query(ProfileTab).filter(ProfileTab.employee_id == employee.id).delete()
     for tab in parsed.get("tabs") or []:
         db.add(
@@ -141,20 +154,70 @@ def _upsert_employee(db: Session, run: CrawlRun, parsed: dict) -> Employee:
     return employee
 
 
-def _mark_dismissed(db: Session, found_keys: set[str]) -> int:
+def _mark_dismissed(db: Session, run: CrawlRun, found_keys: set[str], session: requests.Session, timeout: int) -> int:
     dismissed = 0
     active = db.scalars(select(Employee).where(Employee.status == "active")).all()
     now = datetime.now(timezone.utc)
     for employee in active:
         if employee.profile_key in found_keys:
             continue
+        profile_available = _profile_is_available(session, employee.canonical_url, timeout)
+        if profile_available:
+            _record_employee_change(
+                db,
+                run,
+                employee,
+                "missing_from_source",
+                profile_available=True,
+                message="Профиль доступен, но ссылка отсутствует в исходном списке.",
+            )
+            continue
         employee.status = "dismissed"
         employee.dismissed_at = now
+        _record_employee_change(
+            db,
+            run,
+            employee,
+            "dismissed",
+            profile_available=False,
+            message="Сотрудник отсутствует в исходном списке, профиль не подтвердился как доступный.",
+        )
         dismissed += 1
     db.commit()
     return dismissed
 
 
+def _profile_is_available(session: requests.Session, url: str, timeout: int) -> bool:
+    try:
+        response = session.get(url, headers=HEADERS, timeout=timeout, allow_redirects=True)
+        return response.status_code < 400
+    except requests.RequestException:
+        return False
+
+
+def _record_employee_change(
+    db: Session,
+    run: CrawlRun,
+    employee: Employee,
+    change_type: str,
+    *,
+    profile_available: bool | None,
+    message: str,
+) -> None:
+    db.add(
+        CrawlRunEmployeeChange(
+            crawl_run_id=run.id,
+            employee_id=employee.id,
+            profile_key=employee.profile_key,
+            profile_url=employee.canonical_url,
+            full_name=employee.full_name,
+            change_type=change_type,
+            profile_available=profile_available,
+            message=message,
+        )
+    )
+
+
 def _checksum(data: dict) -> str:
     payload = json.dumps(data, ensure_ascii=False, sort_keys=True, separators=(",", ":"))
     return hashlib.sha256(payload.encode("utf-8")).hexdigest()

app/static/admin.css

@@ -1,6 +1,8 @@
 .admin {
   margin: 0;
   min-height: 100vh;
+  display: flex;
+  flex-direction: column;
   color: #1f2937;
   background: #f6f7f9;
   font-family: Arial, sans-serif;
@@ -21,6 +23,11 @@
   font-size: 20px;
 }
 
+.admin__brand-link {
+  color: inherit;
+  text-decoration: none;
+}
+
 .admin__nav {
   display: flex;
   align-items: center;
@@ -34,6 +41,7 @@
 }
 
 .admin__main {
+  flex: 1;
   width: min(1180px, calc(100% - 32px));
   margin: 28px auto;
 }
@@ -52,18 +60,30 @@
 }
 
 .metric {
+  display: block;
   padding: 18px;
   background: #ffffff;
   border: 1px solid #d9dee7;
   border-radius: 8px;
 }
 
+.metric--link {
+  color: inherit;
+  text-decoration: none;
+}
+
+.metric--link:hover {
+  border-color: #0f766e;
+}
+
 .metric__label {
+  display: block;
   color: #6b7280;
   font-size: 13px;
 }
 
 .metric__value {
+  display: block;
   margin-top: 8px;
   font-size: 28px;
   font-weight: 700;
@@ -87,6 +107,14 @@
   border-collapse: collapse;
 }
 
+.table__row {
+  cursor: pointer;
+}
+
+.table__row:hover {
+  background: #f0fdfa;
+}
+
 .table__cell,
 .table__head {
   padding: 10px 8px;
@@ -331,12 +359,22 @@
 }
 
 .stats-strip__item {
+  display: block;
   padding: 14px 16px;
   background: #ffffff;
   border: 1px solid #d9dee7;
   border-radius: 8px;
 }
 
+.stats-strip__item--link {
+  color: inherit;
+  text-decoration: none;
+}
+
+.stats-strip__item--link:hover {
+  border-color: #0f766e;
+}
+
 .stats-strip__label {
   display: block;
   color: #6b7280;

app/static/admin.js

@@ -59,10 +59,23 @@
         applyColumns(columns);
       });
     });
+  }
+
+  function setupClickableRows() {
+    const openRow = (row) => {
+      window.location.href = row.dataset.rowHref;
+    };
+
     document.querySelectorAll("[data-row-href]").forEach((row) => {
       row.addEventListener("click", (event) => {
         if (event.target.closest("a, button, input, select, label")) return;
-        window.location.href = row.dataset.rowHref;
+        openRow(row);
+      });
+      row.addEventListener("keydown", (event) => {
+        if (!["Enter", " "].includes(event.key)) return;
+        if (event.target.closest("a, button, input, select, label")) return;
+        event.preventDefault();
+        openRow(row);
       });
     });
   }
@@ -107,5 +120,6 @@
   }
 
   setupColumns();
+  setupClickableRows();
   setupProgress();
 })();

app/templates/base.html

@@ -8,7 +8,7 @@
   </head>
   <body class="admin">
     <header class="admin__header">
-      <h1 class="admin__brand">MIEM Employees</h1>
+      <h1 class="admin__brand"><a class="admin__brand-link" href="/admin">MIEM Employees</a></h1>
       <nav class="admin__nav">
         <a class="admin__link" href="/admin">Обзор</a>
         <a class="admin__link" href="/admin/directory">Сотрудники</a>

app/templates/dashboard.html

@@ -2,10 +2,10 @@
 {% block title %}Обзор · MIEM Employees{% endblock %}
 {% block content %}
 <section class="admin__grid">
-  <div class="metric"><div class="metric__label">Всего в базе</div><div class="metric__value">{{ counts.total }}</div></div>
-  <div class="metric"><div class="metric__label">Работают</div><div class="metric__value">{{ counts.active }}</div></div>
-  <div class="metric"><div class="metric__label">Новые за запуск</div><div class="metric__value">{{ counts.new_in_last_run }}</div></div>
-  <div class="metric"><div class="metric__label">Уволены</div><div class="metric__value">{{ counts.dismissed }}</div></div>
+  <a class="metric metric--link" href="/admin/directory"><span class="metric__label">Всего в базе</span><span class="metric__value">{{ counts.total }}</span></a>
+  <a class="metric metric--link" href="/admin/directory?status=active"><span class="metric__label">Работают</span><span class="metric__value">{{ counts.active }}</span></a>
+  <a class="metric metric--link" href="{% if latest_run %}/admin/runs/{{ latest_run.id }}#new-employees{% else %}/admin/runs{% endif %}"><span class="metric__label">Новые за запуск</span><span class="metric__value">{{ counts.new_in_last_run }}</span></a>
+  <a class="metric metric--link" href="/admin/directory?status=dismissed"><span class="metric__label">Уволены</span><span class="metric__value">{{ counts.dismissed }}</span></a>
 </section>
 <section class="stats-strip">
   <div class="stats-strip__item">
@@ -16,10 +16,10 @@
     <span class="stats-strip__value">Сотрудников пока нет</span>
     {% endif %}
   </div>
-  <div class="stats-strip__item">
+  <a class="stats-strip__item stats-strip__item--link" href="/admin/runs">
     <span class="stats-strip__label">Запуски</span>
     <span class="stats-strip__value">{{ counts.runs }}</span>
-  </div>
+  </a>
   <div class="stats-strip__item">
     <span class="stats-strip__label">Ошибки</span>
     <span class="stats-strip__value">{{ counts.errors }}</span>
@@ -51,7 +51,7 @@
     <thead><tr><th class="table__head">ID</th><th class="table__head">Статус</th><th class="table__head">Обработано</th><th class="table__head">Ошибки</th><th class="table__head">Старт</th></tr></thead>
     <tbody>
       {% for run in runs %}
-      <tr><td class="table__cell">{{ run.id }}</td><td class="table__cell">{{ run.status_display }}</td><td class="table__cell">{{ run.parsed_count }}</td><td class="table__cell">{{ run.error_count }}</td><td class="table__cell">{{ run.started_display }}</td></tr>
+      <tr class="table__row" onclick="window.location.href='/admin/runs/{{ run.id }}'" onkeydown="if (event.key === 'Enter' || event.key === ' ') { event.preventDefault(); window.location.href='/admin/runs/{{ run.id }}'; }" role="link" tabindex="0"><td class="table__cell">{{ run.id }}</td><td class="table__cell">{{ run.status_display }}</td><td class="table__cell">{{ run.parsed_count }}</td><td class="table__cell">{{ run.error_count }}</td><td class="table__cell">{{ run.started_display }}</td></tr>
       {% endfor %}
     </tbody>
   </table>

app/templates/run_detail.html

@@ -0,0 +1,64 @@
+{% extends "base.html" %}
+{% block title %}Запуск {{ run.id }} · MIEM Employees{% endblock %}
+{% block content %}
+<section class="panel">
+  <div class="progress-panel__header">
+    <div>
+      <h2 class="panel__title">Запуск {{ run.id }}</h2>
+      <p class="progress-panel__empty">{{ run.started_display }} · {{ run.status_display }}</p>
+    </div>
+    <a class="admin__link" href="/admin/runs">Все запуски</a>
+  </div>
+  <div class="stats-strip">
+    <div class="stats-strip__item"><span class="stats-strip__label">Найдено</span><span class="stats-strip__value">{{ run.found_count }}</span></div>
+    <div class="stats-strip__item"><span class="stats-strip__label">Обработано</span><span class="stats-strip__value">{{ run.parsed_count }}</span></div>
+    <div class="stats-strip__item"><span class="stats-strip__label">Новые</span><span class="stats-strip__value">{{ run.new_count }}</span></div>
+    <div class="stats-strip__item"><span class="stats-strip__label">Потеряшки</span><span class="stats-strip__value">{{ run.changes.missing_from_source | length }}</span></div>
+    <div class="stats-strip__item"><span class="stats-strip__label">Уволены</span><span class="stats-strip__value">{{ run.dismissed_count }}</span></div>
+    <div class="stats-strip__item"><span class="stats-strip__label">Ошибки</span><span class="stats-strip__value">{{ run.error_count }}</span></div>
+  </div>
+  {% if not run.changes_detail_available %}
+  <p class="progress-panel__empty">Детализация сотрудников для этого запуска недоступна. Она сохраняется только для новых запусков после обновления.</p>
+  {% endif %}
+</section>
+
+{% for group, title in [("new", "Новые сотрудники"), ("missing_from_source", "Потеряшки"), ("dismissed", "Уволенные")] %}
+<section class="panel"{% if group == "new" %} id="new-employees"{% endif %}>
+  <h2 class="panel__title">{{ title }}</h2>
+  {% set items = run.changes[group] %}
+  {% if items %}
+  <table class="table">
+    <thead><tr><th class="table__head">ФИО</th><th class="table__head">Профиль</th><th class="table__head">Проверка</th><th class="table__head">Комментарий</th></tr></thead>
+    <tbody>
+      {% for item in items %}
+      <tr>
+        <td class="table__cell">{% if item.employee_id %}<a class="admin__link" href="/admin/employees/{{ item.employee_id }}">{{ item.full_name or item.profile_key }}</a>{% else %}{{ item.full_name or item.profile_key }}{% endif %}</td>
+        <td class="table__cell"><a class="admin__link" href="{{ item.profile_url }}">{{ item.profile_url }}</a></td>
+        <td class="table__cell">{{ item.profile_available_display }}</td>
+        <td class="table__cell">{{ item.message or "" }}</td>
+      </tr>
+      {% endfor %}
+    </tbody>
+  </table>
+  {% else %}
+  <p class="progress-panel__empty">Нет записей.</p>
+  {% endif %}
+</section>
+{% endfor %}
+
+<section class="panel">
+  <h2 class="panel__title">Ошибки запуска</h2>
+  {% if run.errors %}
+  <table class="table">
+    <thead><tr><th class="table__head">Профиль</th><th class="table__head">Ошибка</th><th class="table__head">Время</th></tr></thead>
+    <tbody>
+      {% for error in run.errors %}
+      <tr><td class="table__cell">{{ error.profile_url or "" }}</td><td class="table__cell">{{ error.error_type }}: {{ error.message }}</td><td class="table__cell">{{ error.created_display }}</td></tr>
+      {% endfor %}
+    </tbody>
+  </table>
+  {% else %}
+  <p class="progress-panel__empty">Ошибок нет.</p>
+  {% endif %}
+</section>
+{% endblock %}

app/templates/runs.html

@@ -38,7 +38,7 @@
     <thead><tr><th class="table__head">ID</th><th class="table__head">Статус</th><th class="table__head">Найдено</th><th class="table__head">Обработано</th><th class="table__head">Новые</th><th class="table__head">Ошибки</th><th class="table__head">Уволены</th><th class="table__head">Старт</th></tr></thead>
     <tbody>
       {% for run in runs %}
-      <tr><td class="table__cell">{{ run.id }}</td><td class="table__cell">{{ run.status_display }}</td><td class="table__cell">{{ run.found_count }}</td><td class="table__cell">{{ run.parsed_count }}</td><td class="table__cell">{{ run.new_count }}</td><td class="table__cell">{{ run.error_count }}</td><td class="table__cell">{{ run.dismissed_count }}</td><td class="table__cell">{{ run.started_display }}</td></tr>
+      <tr class="table__row" onclick="window.location.href='/admin/runs/{{ run.id }}'" onkeydown="if (event.key === 'Enter' || event.key === ' ') { event.preventDefault(); window.location.href='/admin/runs/{{ run.id }}'; }" role="link" tabindex="0"><td class="table__cell">{{ run.id }}</td><td class="table__cell">{{ run.status_display }}</td><td class="table__cell">{{ run.found_count }}</td><td class="table__cell">{{ run.parsed_count }}</td><td class="table__cell">{{ run.new_count }}</td><td class="table__cell">{{ run.error_count }}</td><td class="table__cell">{{ run.dismissed_count }}</td><td class="table__cell">{{ run.started_display }}</td></tr>
       {% endfor %}
     </tbody>
   </table>

app/version.py

@@ -1,3 +1,3 @@
-APP_VERSION = "0.2.8"
-FRONTEND_VERSION = "0.2.8"
-BACKEND_VERSION = "0.2.8"
+APP_VERSION = "0.4.5"
+FRONTEND_VERSION = "0.4.5"
+BACKEND_VERSION = "0.4.5"

docker-compose.yml

@@ -47,5 +47,31 @@ services:
       postgres:
         condition: service_healthy
 
+  keycloak:
+    image: quay.io/keycloak/keycloak:latest
+    container_name: keycloak
+    restart: unless-stopped
+    environment:
+      KC_DB: postgres
+      KC_DB_URL: jdbc:postgresql://postgres:5432/${KEYCLOAK_DB_NAME}
+      KC_DB_USERNAME: ${KEYCLOAK_DB_USER}
+      KC_DB_PASSWORD: ${KEYCLOAK_DB_PASSWORD}
+
+      KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN}
+      KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD}
+
+      KC_HTTP_ENABLED: true
+      KC_PROXY_HEADERS: xforwarded
+      KC_HOSTNAME: ${KEYCLOAK_HOSTNAME}
+
+      KC_HEALTH_ENABLED: true
+      KC_METRICS_ENABLED: true
+    command: start
+    ports:
+      - "127.0.0.1:8080:8080"
+    depends_on:
+      postgres:
+        condition: service_healthy
+
 volumes:
   postgres_data:

migrations/003_crawl_run_employee_changes.sql

@@ -0,0 +1,21 @@
+CREATE TABLE IF NOT EXISTS crawl_run_employee_changes (
+  id SERIAL PRIMARY KEY,
+  crawl_run_id INTEGER NOT NULL REFERENCES crawl_runs(id),
+  employee_id INTEGER REFERENCES employees(id),
+  profile_key VARCHAR(255) NOT NULL,
+  profile_url TEXT NOT NULL,
+  full_name TEXT,
+  change_type VARCHAR(32) NOT NULL,
+  profile_available BOOLEAN,
+  message TEXT,
+  created_at TIMESTAMPTZ NOT NULL DEFAULT now()
+);
+
+CREATE INDEX IF NOT EXISTS ix_crawl_run_employee_changes_run_id
+  ON crawl_run_employee_changes (crawl_run_id);
+
+CREATE INDEX IF NOT EXISTS ix_crawl_run_employee_changes_employee_id
+  ON crawl_run_employee_changes (employee_id);
+
+CREATE INDEX IF NOT EXISTS ix_crawl_run_employee_changes_change_type
+  ON crawl_run_employee_changes (change_type);

pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "miem-workers"
-version = "0.2.8"
+version = "0.4.5"
 description = "MIEM employees parser, admin API, and MCP server"
 requires-python = ">=3.11"
 dependencies = [

tests/test_admin_data.py

@@ -1,11 +1,12 @@
 from datetime import datetime, timezone
 
-from app.models import CrawlRun, Employee
+from app.models import CrawlError, CrawlRun, CrawlRunEmployeeChange, Employee
 from app.services.admin_data import (
     employee_detail_payload,
     employee_display_payload,
     format_admin_datetime,
     list_employees_page,
+    run_detail_payload,
     run_payload,
     stats_payload,
 )
@@ -207,3 +208,43 @@ def test_run_payload_calculates_progress():
     assert payload["processed_count"] == 5
     assert payload["progress_percent"] == 50.0
     assert payload["status_display"] == "Выполняется"
+
+
+def test_run_detail_payload_groups_changes_and_handles_old_runs(db_session):
+    old_run = CrawlRun(source_url="https://miem.hse.ru/persons", status="completed")
+    run = CrawlRun(source_url="https://miem.hse.ru/persons", status="completed", new_count=1)
+    employee = Employee(
+        profile_key="staff:new",
+        canonical_url="https://www.hse.ru/staff/new",
+        full_name="New Person",
+        status="active",
+        first_seen_at=datetime.now(timezone.utc),
+        last_seen_at=datetime.now(timezone.utc),
+    )
+    db_session.add_all([old_run, run, employee])
+    db_session.commit()
+    db_session.add(
+        CrawlRunEmployeeChange(
+            crawl_run_id=run.id,
+            employee_id=employee.id,
+            profile_key=employee.profile_key,
+            profile_url=employee.canonical_url,
+            full_name=employee.full_name,
+            change_type="new",
+            profile_available=True,
+            message="added",
+        )
+    )
+    db_session.add(
+        CrawlError(crawl_run_id=run.id, profile_url=employee.canonical_url, error_type="ValueError", message="bad")
+    )
+    db_session.commit()
+
+    payload = run_detail_payload(db_session, run)
+    old_payload = run_detail_payload(db_session, old_run)
+
+    assert payload["changes_detail_available"] is True
+    assert payload["changes"]["new"][0]["full_name"] == "New Person"
+    assert payload["errors"][0]["error_type"] == "ValueError"
+    assert old_payload["changes_detail_available"] is False
+    assert old_payload["changes"]["new"] == []

tests/test_admin_templates.py

@@ -8,6 +8,7 @@ def test_base_navigation_is_russian_and_has_no_legacy_employees_link():
     assert "Сотрудники" in template
     assert "Запуски" in template
     assert "Выйти" in template
+    assert '<a class="admin__brand-link" href="/admin">MIEM Employees</a>' in template
     assert ">Employees<" not in template
     assert "/admin/employees" not in template
 
@@ -32,3 +33,61 @@ def test_admin_employees_route_redirects_to_directory():
     source = Path("app/admin.py").read_text(encoding="utf-8")
 
     assert 'RedirectResponse("/admin/directory", status_code=303)' in source
+
+
+def test_dashboard_limits_latest_runs_to_five():
+    source = Path("app/admin.py").read_text(encoding="utf-8")
+
+    assert "order_by(desc(CrawlRun.started_at)).limit(5)" in source
+    assert "order_by(desc(CrawlRun.started_at)).limit(10)" not in source
+
+
+def test_runs_template_links_to_run_detail():
+    template = Path("app/templates/runs.html").read_text(encoding="utf-8")
+
+    assert 'onclick="window.location.href=\'/admin/runs/{{ run.id }}\'"' in template
+    assert "onkeydown=\"if (event.key === 'Enter' || event.key === ' ')" in template
+    assert 'role="link"' in template
+    assert 'tabindex="0"' in template
+    assert 'data-row-href="/admin/runs/{{ run.id }}"' not in template
+    assert '<a class="admin__link" href="/admin/runs/{{ run.id }}">' not in template
+
+
+def test_run_detail_template_extends_base_and_shows_change_groups():
+    template = Path("app/templates/run_detail.html").read_text(encoding="utf-8")
+
+    assert '{% extends "base.html" %}' in template
+    assert 'id="new-employees"' in template
+    assert "Новые сотрудники" in template
+    assert "Потеряшки" in template
+    assert "Уволенные" in template
+    assert "Детализация сотрудников для этого запуска недоступна" in template
+
+
+def test_dashboard_metric_cards_link_to_admin_targets():
+    template = Path("app/templates/dashboard.html").read_text(encoding="utf-8")
+
+    assert 'href="/admin/directory"' in template
+    assert 'href="/admin/directory?status=active"' in template
+    assert '/admin/runs/{{ latest_run.id }}#new-employees' in template
+    assert 'href="/admin/directory?status=dismissed"' in template
+    assert 'href="/admin/runs"' in template
+
+
+def test_dashboard_latest_run_rows_link_to_run_detail():
+    template = Path("app/templates/dashboard.html").read_text(encoding="utf-8")
+
+    assert 'onclick="window.location.href=\'/admin/runs/{{ run.id }}\'"' in template
+    assert "onkeydown=\"if (event.key === 'Enter' || event.key === ' ')" in template
+    assert 'role="link"' in template
+    assert 'tabindex="0"' in template
+    assert 'data-row-href="/admin/runs/{{ run.id }}"' not in template
+    assert '<a class="admin__link" href="/admin/runs/{{ run.id }}">' not in template
+
+
+def test_admin_js_supports_keyboard_activation_for_clickable_rows():
+    source = Path("app/static/admin.js").read_text(encoding="utf-8")
+
+    assert 'addEventListener("keydown"' in source
+    assert '"Enter"' in source
+    assert '" "' in source

tests/test_api_mcp.py

@@ -8,7 +8,7 @@ from sqlalchemy.pool import StaticPool
 from app.config import Settings, get_settings
 from app.db import Base, get_db
 from app.main import app
-from app.models import CrawlRun, Employee
+from app.models import CrawlRun, CrawlRunEmployeeChange, Employee
 from app.security import SESSION_COOKIE, sign_session
 
 
@@ -18,10 +18,10 @@ def test_health_returns_versions():
     response = client.get("/api/health")
 
     assert response.status_code == 200
-    assert response.json()["backend_version"] == "0.2.8"
+    assert response.json()["backend_version"] == "0.4.5"
 
 
-def test_mcp_requires_token_and_lists_tools():
+def test_mcp_lists_tools_without_auth_and_ignores_auth_header():
     engine = create_engine(
         "sqlite:///:memory:",
         connect_args={"check_same_thread": False},
@@ -38,19 +38,20 @@ def test_mcp_requires_token_and_lists_tools():
             session.close()
 
     app.dependency_overrides[get_db] = override_db
-    app.dependency_overrides[get_settings] = lambda: Settings(mcp_token="secret", session_secret="session-secret")
     client = TestClient(app)
 
-    unauthorized = client.post("/mcp", json={"jsonrpc": "2.0", "id": 1, "method": "tools/list", "params": {}})
-    authorized = client.post(
+    without_auth = client.post("/mcp", json={"jsonrpc": "2.0", "id": 1, "method": "tools/list", "params": {}})
+    with_auth = client.post(
         "/mcp",
-        headers={"Authorization": "Bearer secret"},
+        headers={"Authorization": "Bearer anything"},
         json={"jsonrpc": "2.0", "id": 1, "method": "tools/list", "params": {}},
     )
 
-    assert unauthorized.status_code == 401
-    assert authorized.status_code == 200
-    assert authorized.json()["result"]["tools"][0]["name"] == "search_employees"
+    assert without_auth.status_code == 200
+    assert with_auth.status_code == 200
+    assert without_auth.json()["result"]["tools"][0]["name"] == "search_employees"
+    assert any(tool["name"] == "get_crawl_run_details" for tool in without_auth.json()["result"]["tools"])
+    assert with_auth.json()["result"]["tools"] == without_auth.json()["result"]["tools"]
 
     app.dependency_overrides.clear()
 
@@ -88,12 +89,10 @@ def test_mcp_search_employees_returns_matching_employee():
             db.close()
 
     app.dependency_overrides[get_db] = override_db
-    app.dependency_overrides[get_settings] = lambda: Settings(mcp_token="secret", session_secret="session-secret")
     client = TestClient(app)
 
     response = client.post(
         "/mcp",
-        headers={"Authorization": "Bearer secret"},
         json={
             "jsonrpc": "2.0",
             "id": 1,
@@ -108,6 +107,80 @@ def test_mcp_search_employees_returns_matching_employee():
     app.dependency_overrides.clear()
 
 
+def test_mcp_get_crawl_run_details_returns_changes():
+    engine = create_engine(
+        "sqlite:///:memory:",
+        connect_args={"check_same_thread": False},
+        poolclass=StaticPool,
+    )
+    Base.metadata.create_all(engine)
+    Session = sessionmaker(bind=engine)
+    session = Session()
+    run = CrawlRun(source_url="https://miem.hse.ru/persons", status="completed", new_count=1)
+    employee = Employee(
+        profile_key="staff:new",
+        profile_type="staff",
+        profile_id="new",
+        canonical_url="https://www.hse.ru/staff/new",
+        full_name="New Person",
+        status="active",
+        first_seen_at=datetime.now(timezone.utc),
+        last_seen_at=datetime.now(timezone.utc),
+    )
+    session.add_all([run, employee])
+    session.commit()
+    session.add(
+        CrawlRunEmployeeChange(
+            crawl_run_id=run.id,
+            employee_id=employee.id,
+            profile_key=employee.profile_key,
+            profile_url=employee.canonical_url,
+            full_name=employee.full_name,
+            change_type="new",
+            profile_available=True,
+            message="added",
+        )
+    )
+    session.commit()
+    run_id = run.id
+    session.close()
+
+    def override_db():
+        db = Session()
+        try:
+            yield db
+        finally:
+            db.close()
+
+    app.dependency_overrides[get_db] = override_db
+    client = TestClient(app)
+
+    response = client.post(
+        "/mcp",
+        json={
+            "jsonrpc": "2.0",
+            "id": 1,
+            "method": "tools/call",
+            "params": {"name": "get_crawl_run_details", "arguments": {"run_id": run_id}},
+        },
+    )
+
+    assert response.status_code == 200
+    text = response.json()["result"]["content"][0]["text"]
+    assert "New Person" in text
+    assert "changes_detail_available" in text
+
+    app.dependency_overrides.clear()
+
+
+def test_mcp_protected_resource_metadata_route_is_removed():
+    client = TestClient(app)
+
+    response = client.get("/.well-known/oauth-protected-resource")
+
+    assert response.status_code == 404
+
+
 def test_api_employees_and_stats_require_admin_session():
     engine = create_engine(
         "sqlite:///:memory:",
@@ -130,8 +203,23 @@ def test_api_employees_and_stats_require_admin_session():
             current_data={"contacts": {"emails": ["alpha@hse.ru"]}, "sections": []},
         )
     )
-    db.add(CrawlRun(source_url="https://miem.hse.ru/persons", status="completed", new_count=1))
+    run = CrawlRun(source_url="https://miem.hse.ru/persons", status="completed", new_count=1)
+    db.add(run)
     db.commit()
+    db.add(
+        CrawlRunEmployeeChange(
+            crawl_run_id=run.id,
+            employee_id=1,
+            profile_key="staff:alpha",
+            profile_url="https://www.hse.ru/staff/alpha",
+            full_name="Alpha Person",
+            change_type="new",
+            profile_available=True,
+            message="added",
+        )
+    )
+    db.commit()
+    run_id = run.id
     db.close()
 
     settings = Settings(admin_username="admin", admin_password="password", session_secret="session-secret")
@@ -150,10 +238,13 @@ def test_api_employees_and_stats_require_admin_session():
 
     employees = client.get("/api/employees", params={"q": "Alpha", "has_email": True})
     stats = client.get("/api/stats")
+    run_details = client.get(f"/api/crawl-runs/{run_id}")
 
     assert employees.status_code == 200
     assert employees.json()["total"] == 1
     assert stats.status_code == 200
     assert stats.json()["new_in_last_run"] == 1
+    assert run_details.status_code == 200
+    assert run_details.json()["changes"]["new"][0]["full_name"] == "Alpha Person"
 
     app.dependency_overrides.clear()

tests/test_crawler.py

@@ -1,10 +1,25 @@
 from datetime import datetime, timezone
 
-from app.models import CrawlRun, Employee
+from app.models import CrawlRun, CrawlRunEmployeeChange, Employee
 from app.services.crawler import _mark_dismissed, _upsert_employee
 
 
-def test_mark_dismissed_only_marks_missing_active_employees(db_session):
+class FakeResponse:
+    def __init__(self, status_code):
+        self.status_code = status_code
+
+
+class FakeSession:
+    def __init__(self, statuses):
+        self.statuses = statuses
+
+    def get(self, url, **_kwargs):
+        return FakeResponse(self.statuses[url])
+
+
+def test_mark_dismissed_records_missing_source_when_profile_is_available(db_session):
+    run = CrawlRun(source_url="https://miem.hse.ru/persons", status="running")
+    db_session.add(run)
     db_session.add(
         Employee(
             profile_key="staff:kept",
@@ -16,8 +31,8 @@ def test_mark_dismissed_only_marks_missing_active_employees(db_session):
     )
     db_session.add(
         Employee(
-            profile_key="staff:gone",
-            canonical_url="https://www.hse.ru/staff/gone",
+            profile_key="staff:missing",
+            canonical_url="https://www.hse.ru/staff/missing",
             status="active",
             first_seen_at=datetime.now(timezone.utc),
             last_seen_at=datetime.now(timezone.utc),
@@ -25,16 +40,53 @@ def test_mark_dismissed_only_marks_missing_active_employees(db_session):
     )
     db_session.commit()
 
-    dismissed = _mark_dismissed(db_session, {"staff:kept"})
+    dismissed = _mark_dismissed(
+        db_session,
+        run,
+        {"staff:kept"},
+        FakeSession({"https://www.hse.ru/staff/missing": 200}),
+        30,
+    )
+
+    assert dismissed == 0
+    assert db_session.query(Employee).filter_by(profile_key="staff:kept").one().status == "active"
+    missing = db_session.query(Employee).filter_by(profile_key="staff:missing").one()
+    assert missing.status == "active"
+    assert missing.dismissed_at is None
+    change = db_session.query(CrawlRunEmployeeChange).one()
+    assert change.change_type == "missing_from_source"
+    assert change.profile_available is True
+
+
+def test_mark_dismissed_marks_missing_employee_when_profile_is_unavailable(db_session):
+    run = CrawlRun(source_url="https://miem.hse.ru/persons", status="running")
+    employee = Employee(
+        profile_key="staff:gone",
+        canonical_url="https://www.hse.ru/staff/gone",
+        status="active",
+        first_seen_at=datetime.now(timezone.utc),
+        last_seen_at=datetime.now(timezone.utc),
+    )
+    db_session.add_all([run, employee])
+    db_session.commit()
+
+    dismissed = _mark_dismissed(
+        db_session,
+        run,
+        set(),
+        FakeSession({"https://www.hse.ru/staff/gone": 404}),
+        30,
+    )
 
     assert dismissed == 1
-    assert db_session.query(Employee).filter_by(profile_key="staff:kept").one().status == "active"
-    gone = db_session.query(Employee).filter_by(profile_key="staff:gone").one()
-    assert gone.status == "dismissed"
-    assert gone.dismissed_at is not None
+    assert employee.status == "dismissed"
+    assert employee.dismissed_at is not None
+    change = db_session.query(CrawlRunEmployeeChange).one()
+    assert change.change_type == "dismissed"
+    assert change.profile_available is False
 
 
-def test_upsert_employee_increments_new_count_for_new_employee(db_session):
+def test_upsert_employee_increments_new_count_and_records_change_for_new_employee(db_session):
     run = CrawlRun(source_url="https://miem.hse.ru/persons", status="running")
     db_session.add(run)
     db_session.commit()
@@ -56,3 +108,6 @@ def test_upsert_employee_increments_new_count_for_new_employee(db_session):
     db_session.commit()
 
     assert run.new_count == 1
+    change = db_session.query(CrawlRunEmployeeChange).one()
+    assert change.change_type == "new"
+    assert change.full_name == "New Person"