cards

till/cards

Fork 0

Commit graph

Author	SHA1	Message	Date
Till	0328caa333	Phase 5: Föderations-Endpunkte — Cards ist föderierter Peer Endpoints (alle Pfade aus app-manifest.json): - POST /api/v1/share/receive — User-JWT-Auth, ShareEnvelope-Strict- Validation (cross-user-forbidden), Recipient-Match, Type-Accept- Lookup über Manifest, Payload-Schema-Validation, Handler-Dispatch - POST /api/v1/tools/:name — User-JWT, dispatch nach `cards.create` und `cards.search` mit Tool-Schemas aus @cards/domain - GET /api/v1/search — User-JWT, ILIKE auf cards.fields jsonb + decks.name, baut SearchResultEnvelope für mana-search-Aggregator - GET /api/v1/dsgvo/export?user_id=… — Service-Key, voll-Bundle aller Cards-Daten des Users (decks, cards, reviews, study_sessions, tags, media_refs, import_jobs) - POST /api/v1/dsgvo/delete — Service-Key, kaskadiert via FK-Cascade decks → cards → reviews/media_refs/card_tags/tags/study_sessions plus separates Cleanup von import_jobs Share-Handlers (apps/api/src/share-handlers/): - create_card_from_quote (mana/quote → front=text, back=source) - save_link_as_card (mana/url → front=title, back=url+description) - create_card_from_text (mana/text → front=erste-zeile, back=rest) Alle landen via ensureInboxDeck() in einem auto-erstellten "Inbox"-Deck pro User, inklusive automatischer FSRS-Reviews-Init in Transaktion. Lokales Protocol-Mirror in @cards/domain/src/protocol/ (envelope, payloads, search): TEMPORARY-Markierung mit Swap-Plan auf @mana/shared-share-protocol via Verdaccio sobald NPM_AUTH_TOKEN da ist. Spec-strict — UUID für user_id, ULID für share_id, Crockford-Base32. Service-Key-Middleware mit constant-time-Compare gegen process.env.CARDS_DSGVO_SERVICE_KEY (Phase F-1: ersetzt durch mana-auth.app_service_keys-Lookup). Tests: - 70 Vitest-Tests grün (27 cards-domain + 43 apps/api): - share.test.ts: Auth-Gate, Cross-User-Sperre, User-Mismatch (403), Wrong-Recipient (422), Unknown-Type (422), Invalid-Payload (422), Wrapped { envelope, delivery_token }-Body akzeptiert - tools.test.ts: Auth, Unknown-Tool (404), cards.create-Validation, cards.search-Envelope-Shape - search.test.ts: Auth, Missing-Query (422), Query-too-long (422), Envelope-Version 0.1 + envelope-Felder - dsgvo.test.ts: Service-Key-Gate (401), Missing-User-ID (400), Export-Bundle-Shape, Delete-Counts, Key-not-configured (500) - pnpm run type-check ✅ 4/4 packages - E2E-Smoke gegen Postgres: Quote-Share→Inbox-Deck→Karte→Search-Hit→ DSGVO-Export+Delete-Roundtrip clean (alle 3 Tabellen 0 nach delete) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-08 17:10:35 +02:00
Till	45a47e0ffd	Phase 3: Domain-Modell + Decks/Cards/Reviews-CRUD Domain (@cards/domain): - zod-Schemas SSOT für Deck, Card, Review, StudySession, FsrsSettings, Tools (cards.create + cards.search Input/Output) - CardType-Discriminated-Union: MVP basic+basic-reverse, Future-Set (cloze, type-in, image-occlusion, audio, multiple-choice) für Schema-stable-Migration vorbereitet - validateFieldsForType() Pure-Function pro CardType - FSRS-Adapter über ts-fsrs v5.3.2: newReview, gradeReview, subIndexCount, toFsrsCard/fromFsrsCard ISO↔Date-Roundtrip - Encryption-Hinweis: reviews bleiben PLAINTEXT (Scheduler quert täglich `due <= now`, siehe Lessons §3) Drizzle-Schemas (apps/api/src/db/schema, alles in pgSchema('cards')): - decks, cards, card_tags, reviews (PK card_id+sub_index), study_sessions, tags (deck-skopiert), media_refs (verweist auf mana-media), import_jobs - _schema.ts-Pattern um Zirkular-Imports zu vermeiden (Lesson aus mana-share/-events während F-0) - Hot-Path-Index reviews_user_due_idx für Scheduler-Queries Routes (apps/api/src/routes): - POST/GET/PATCH/DELETE /api/v1/decks (Deck-CRUD) - POST/GET/PATCH/DELETE /api/v1/cards (Card-CRUD mit Auto-Reviews-Init: beim Card-Insert werden N Reviews via subIndexCount(type) angelegt, in einer Transaktion) - GET /api/v1/reviews/due (Hot-Path, optional deck_id-Filter, Limit 500) - POST /api/v1/reviews/:cardId/:subIndex/grade (FSRS-State-Transition, per-Deck FSRS-Settings) Auth: Stub-Middleware liest X-User-Id-Header (Phase 2 ersetzt durch @mana/shared-hono authMiddleware mit JWKS-Cache). Tests (vitest, Hono app.request()): - @cards/domain: fsrs.test.ts (newReview, gradeReview Roundtrip, Rating-Mapping), schemas.test.ts (zod-strict-Variants, Field-Type- Validation, hex-Color) - apps/api: decks.test.ts + cards.test.ts + reviews.test.ts — Auth-Gate + Input-Validation. Volle DB-Integrationstests folgen mit pg-mem oder testcontainers in späterer Phase. Cleanup: types.ts entfernt, zod-Schemas sind SSOT (z.infer für Types). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-08 14:21:54 +02:00
Till	8605b1b517	Phase 0+1: Repo-Skelett für Cards-Greenfield Strategie B (beschlossen 2026-05-08): Cards wird als eigenständige föderierte App neu gebaut, ohne Code-Übernahme aus mana-monorepo. Skelett enthält: - apps/api: Hono+Bun mit /healthz, /version, Manifest-Endpoint, leere pgSchema('cards'), Drizzle-Config, erstem Vitest - apps/web: SvelteKit 2 + Svelte 5 (runes), Vite auf 3082 - packages/cards-domain: Pure-TS, CardType-Discriminated-Union, SubIndex-Granularität für Reviews, Future-CardType-Set vorbereitet - infrastructure/docker-compose.yml: Postgres 16 auf 5435 - app-manifest.json: v1.0.0, Verein-owned, beta-tier - .github/workflows/ci.yml - docs/LESSONS_FROM_MANA_MONOREPO.md (Read-Day-Output, 15 Lehren) Pre-Flight für Phase 2 (Auth-Föderation): DNS cardecky.mana.how, GitHub-Repo mana-ev/cards, Cards-App-Registrierung in mana-auth, NPM_AUTH_TOKEN für Verdaccio. Plan: mana/docs/playbooks/CARDS_GREENFIELD.md Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-08 14:08:41 +02:00

Author

SHA1

Message

Date

Till

0328caa333

Phase 5: Föderations-Endpunkte — Cards ist föderierter Peer

Endpoints (alle Pfade aus app-manifest.json):
- POST /api/v1/share/receive — User-JWT-Auth, ShareEnvelope-Strict-
  Validation (cross-user-forbidden), Recipient-Match, Type-Accept-
  Lookup über Manifest, Payload-Schema-Validation, Handler-Dispatch
- POST /api/v1/tools/:name — User-JWT, dispatch nach `cards.create`
  und `cards.search` mit Tool-Schemas aus @cards/domain
- GET /api/v1/search — User-JWT, ILIKE auf cards.fields jsonb +
  decks.name, baut SearchResultEnvelope für mana-search-Aggregator
- GET /api/v1/dsgvo/export?user_id=… — Service-Key, voll-Bundle aller
  Cards-Daten des Users (decks, cards, reviews, study_sessions, tags,
  media_refs, import_jobs)
- POST /api/v1/dsgvo/delete — Service-Key, kaskadiert via FK-Cascade
  decks → cards → reviews/media_refs/card_tags/tags/study_sessions
  plus separates Cleanup von import_jobs

Share-Handlers (apps/api/src/share-handlers/):
- create_card_from_quote (mana/quote → front=text, back=source)
- save_link_as_card (mana/url → front=title, back=url+description)
- create_card_from_text (mana/text → front=erste-zeile, back=rest)
Alle landen via ensureInboxDeck() in einem auto-erstellten "Inbox"-Deck
pro User, inklusive automatischer FSRS-Reviews-Init in Transaktion.

Lokales Protocol-Mirror in @cards/domain/src/protocol/ (envelope,
payloads, search): TEMPORARY-Markierung mit Swap-Plan auf
@mana/shared-share-protocol via Verdaccio sobald NPM_AUTH_TOKEN da ist.
Spec-strict — UUID für user_id, ULID für share_id, Crockford-Base32.

Service-Key-Middleware mit constant-time-Compare gegen
process.env.CARDS_DSGVO_SERVICE_KEY (Phase F-1: ersetzt durch
mana-auth.app_service_keys-Lookup).

Tests:
- 70 Vitest-Tests grün (27 cards-domain + 43 apps/api):
  - share.test.ts: Auth-Gate, Cross-User-Sperre, User-Mismatch (403),
    Wrong-Recipient (422), Unknown-Type (422), Invalid-Payload (422),
    Wrapped { envelope, delivery_token }-Body akzeptiert
  - tools.test.ts: Auth, Unknown-Tool (404), cards.create-Validation,
    cards.search-Envelope-Shape
  - search.test.ts: Auth, Missing-Query (422), Query-too-long (422),
    Envelope-Version 0.1 + envelope-Felder
  - dsgvo.test.ts: Service-Key-Gate (401), Missing-User-ID (400),
    Export-Bundle-Shape, Delete-Counts, Key-not-configured (500)
- pnpm run type-check ✅ 4/4 packages
- E2E-Smoke gegen Postgres: Quote-Share→Inbox-Deck→Karte→Search-Hit→
  DSGVO-Export+Delete-Roundtrip clean (alle 3 Tabellen 0 nach delete)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-08 17:10:35 +02:00

Till

45a47e0ffd

Phase 3: Domain-Modell + Decks/Cards/Reviews-CRUD

Domain (@cards/domain):
- zod-Schemas SSOT für Deck, Card, Review, StudySession, FsrsSettings,
  Tools (cards.create + cards.search Input/Output)
- CardType-Discriminated-Union: MVP basic+basic-reverse, Future-Set
  (cloze, type-in, image-occlusion, audio, multiple-choice) für
  Schema-stable-Migration vorbereitet
- validateFieldsForType() Pure-Function pro CardType
- FSRS-Adapter über ts-fsrs v5.3.2: newReview, gradeReview,
  subIndexCount, toFsrsCard/fromFsrsCard ISO↔Date-Roundtrip
- Encryption-Hinweis: reviews bleiben PLAINTEXT (Scheduler quert
  täglich `due <= now`, siehe Lessons §3)

Drizzle-Schemas (apps/api/src/db/schema, alles in pgSchema('cards')):
- decks, cards, card_tags, reviews (PK card_id+sub_index), study_sessions,
  tags (deck-skopiert), media_refs (verweist auf mana-media), import_jobs
- _schema.ts-Pattern um Zirkular-Imports zu vermeiden (Lesson aus
  mana-share/-events während F-0)
- Hot-Path-Index reviews_user_due_idx für Scheduler-Queries

Routes (apps/api/src/routes):
- POST/GET/PATCH/DELETE /api/v1/decks (Deck-CRUD)
- POST/GET/PATCH/DELETE /api/v1/cards (Card-CRUD mit Auto-Reviews-Init:
  beim Card-Insert werden N Reviews via subIndexCount(type) angelegt,
  in einer Transaktion)
- GET /api/v1/reviews/due (Hot-Path, optional deck_id-Filter, Limit 500)
- POST /api/v1/reviews/:cardId/:subIndex/grade (FSRS-State-Transition,
  per-Deck FSRS-Settings)

Auth: Stub-Middleware liest X-User-Id-Header (Phase 2 ersetzt durch
@mana/shared-hono authMiddleware mit JWKS-Cache).

Tests (vitest, Hono app.request()):
- @cards/domain: fsrs.test.ts (newReview, gradeReview Roundtrip,
  Rating-Mapping), schemas.test.ts (zod-strict-Variants, Field-Type-
  Validation, hex-Color)
- apps/api: decks.test.ts + cards.test.ts + reviews.test.ts —
  Auth-Gate + Input-Validation. Volle DB-Integrationstests folgen mit
  pg-mem oder testcontainers in späterer Phase.

Cleanup: types.ts entfernt, zod-Schemas sind SSOT (z.infer für Types).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-08 14:21:54 +02:00

Till

8605b1b517

Phase 0+1: Repo-Skelett für Cards-Greenfield

Strategie B (beschlossen 2026-05-08): Cards wird als eigenständige
föderierte App neu gebaut, ohne Code-Übernahme aus mana-monorepo.

Skelett enthält:
- apps/api: Hono+Bun mit /healthz, /version, Manifest-Endpoint, leere
  pgSchema('cards'), Drizzle-Config, erstem Vitest
- apps/web: SvelteKit 2 + Svelte 5 (runes), Vite auf 3082
- packages/cards-domain: Pure-TS, CardType-Discriminated-Union,
  SubIndex-Granularität für Reviews, Future-CardType-Set vorbereitet
- infrastructure/docker-compose.yml: Postgres 16 auf 5435
- app-manifest.json: v1.0.0, Verein-owned, beta-tier
- .github/workflows/ci.yml
- docs/LESSONS_FROM_MANA_MONOREPO.md (Read-Day-Output, 15 Lehren)

Pre-Flight für Phase 2 (Auth-Föderation): DNS cardecky.mana.how,
GitHub-Repo mana-ev/cards, Cards-App-Registrierung in mana-auth,
NPM_AUTH_TOKEN für Verdaccio.

Plan: mana/docs/playbooks/CARDS_GREENFIELD.md

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-08 14:08:41 +02:00

3 commits