till/managarten
1
0
Fork 0
mirror of https://github.com/Memo-2023/mana-monorepo.git synced 2026-05-14 20:01:09 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Merge branch 'till-dev' into dev

Browse source
This commit is contained in:
Wuesteon 2025-12-24 22:49:01 +01:00
commit 42bb44b747
11 changed files with 2306 additions and 63 deletions
Download patch file Download diff file Expand all files Collapse all files

631
.claude/audit/ACTION_PLAN_WEEK_1.md Normal file
View file

@ -0,0 +1,631 @@
# ⚡ WEEK 1 ACTION PLAN - CRITICAL FIXES
## ManaCore Monorepo Emergency Response
**Timeline:** Days 1-7
**Total Effort:** 17 hours
**Priority:** CRITICAL
**Owner:** DevOps + Backend Team
---
## 🎯 OBJECTIVE
Resolve the 5 most critical issues that pose immediate security, operational, or productivity risks to the monorepo.
**Success Criteria:**
- ✅ No API keys or secrets committed to git
- ✅ PR validation workflow active and blocking broken code
- ✅ Local development setup works for all projects
- ✅ Pre-commit hooks don't take 10+ minutes
- ✅ Database initialization complete and tested
---
## 📋 TASK BREAKDOWN
### TASK 1: REVOKE EXPOSED API KEYS (CRITICAL SECURITY)
**Priority:** 🔴 P0 (DO FIRST)
**Effort:** 2 hours
**Owner:** DevOps Lead
**Risk:** Active API keys exposed in `.env.development` commit history
#### Steps
1. **Immediately revoke these keys** (30 minutes):
```bash
# Google Gemini API
Key: AIzaSyApsYQXxN6PuXpF8-7j6MonCACwS0ZxNRc
Action: Go to https://console.cloud.google.com/apis/credentials
Revoke and generate new key
# Azure OpenAI API
Key: 3082103c9b0d4270a795686ccaa89921
Action: Go to Azure Portal → Cognitive Services → Regenerate key
# WorldDream OpenAI
Key: sk-proj-qdYUVUqNv...
Action: Go to OpenAI Platform → API Keys → Revoke
# WorldDream Gemini
Key: AIzaSyB74aUj1KmJlcjNyT5uUiyDODQ6iYoAOjQ
Action: Revoke via Google Cloud Console
# Replicate API
Key: r8_QlvkstNhIc6NBX1ktpQ6ibvzOE2d2UQ1Emamd
Action: Go to https://replicate.com/account → Revoke
```
2. **Audit API usage logs** (30 minutes):
- Check for unauthorized usage in the last 30 days
- Document any suspicious activity
- Calculate potential exposure cost
3. **Generate new keys** (30 minutes):
- Create new keys for all services
- Store in password manager (1Password/LastPass)
- Document key rotation process
4. **Update local environments** (30 minutes):
- Create `.env.development.local` with new keys
- Share securely with team (encrypted)
- Test all services with new keys
#### Verification
```bash
# Ensure no secrets in tracked files
git grep "AIza" -- '*.env*' '!*.local' # Should return nothing
git grep "sk-proj" -- '*.env*' '!*.local' # Should return nothing
# Verify local setup works
pnpm docker:up
pnpm setup:env
pnpm run chat:dev # Test with new keys
```
#### Files Changed
- `.env.development` - Remove all real keys, add placeholders
- `.env.development.local` - Create with new keys (gitignored)
- `.env.development.example` - Create template for onboarding
---
### TASK 2: IMPLEMENT SECRETS MANAGEMENT
**Priority:** 🔴 P0
**Effort:** 8 hours
**Owner:** DevOps Lead
**Goal:** Never commit secrets to git again
#### Steps
1. **Update `.gitignore`** (15 minutes):
```bash
# Add to root .gitignore
.env.development.local
.env.production.local
.env.staging.local
.env*.local
```
2. **Update `scripts/generate-env.mjs`** (2 hours):
```javascript
// Read from .local files if they exist, otherwise use .env.development
import fs from 'fs';
import path from 'path';
function loadEnvFile(filename) {
const localPath = filename.replace('.development', '.development.local');
if (fs.existsSync(localPath)) {
console.log(`Using ${localPath} (secrets file)`);
return dotenv.parse(fs.readFileSync(localPath));
}
console.log(`Using ${filename} (template file)`);
return dotenv.parse(fs.readFileSync(filename));
}
const sourceEnv = {
...loadEnvFile('.env.development'),
...loadEnvFile('.env.development.local'), // Override with secrets
};
```
3. **Add environment variable validation** (3 hours):
```bash
pnpm add -D zod
```
```javascript
// scripts/validate-env.mjs
import { z } from 'zod';
const envSchema = z.object({
MANA_CORE_AUTH_URL: z.string().url(),
POSTGRES_PASSWORD: z.string().min(8),
GOOGLE_GENAI_API_KEY: z.string().startsWith('AIza').optional(),
AZURE_OPENAI_API_KEY: z.string().min(20).optional(),
// ... all required vars
});
export function validateEnv(env) {
const result = envSchema.safeParse(env);
if (!result.success) {
console.error('❌ Invalid environment variables:');
console.error(result.error.format());
process.exit(1);
}
console.log('✅ Environment variables validated');
}
```
4. **Create setup script** (1 hour):
```bash
# scripts/setup-secrets.sh
#!/bin/bash
echo "🔐 Setting up secrets for manacore-monorepo"
if [ ! -f .env.development.local ]; then
echo "Creating .env.development.local from example..."
cp .env.development.example .env.development.local
echo "⚠️ Please fill in your API keys in .env.development.local"
exit 1
fi
echo "✅ Secrets file exists"
node scripts/generate-env.mjs
```
5. **Update documentation** (1 hour):
```markdown
# docs/SECRETS_MANAGEMENT.md
## Never Commit Secrets
1. All API keys go in `.env.development.local` (gitignored)
2. Template values in `.env.development.example`
3. Production secrets in GitHub Secrets or Vault
## First-Time Setup
bash
cp .env.development.example .env.development.local
# Edit .env.development.local with your keys
pnpm setup:env
```
6. **Test setup** (1 hour):
```bash
# Fresh clone simulation
rm -rf node_modules .env*
cp .env.development.example .env.development.local
# Add test keys
pnpm install
pnpm setup:env
pnpm docker:up
pnpm run chat:dev
```
#### Files Changed
- `.gitignore` - Add `.env*.local`
- `scripts/generate-env.mjs` - Support `.local` files
- `scripts/validate-env.mjs` - NEW (validation)
- `scripts/setup-secrets.sh` - NEW (onboarding)
- `.env.development.example` - NEW (template)
- `.env.development.local` - NEW (gitignored secrets)
- `docs/SECRETS_MANAGEMENT.md` - NEW (documentation)
---
### TASK 3: FIX DATABASE INITIALIZATION
**Priority:** 🔴 P0
**Effort:** 2 hours
**Owner:** Backend Lead
**Goal:** Complete local dev setup with one command
#### Steps
1. **Audit required databases** (30 minutes):
```bash
# Extract all DATABASE_URL from .env.development
grep "DATABASE_URL" .env.development | grep -o "localhost:5432/[^\"]*" | cut -d'/' -f2 | sort -u
```
2. **Update initialization script** (1 hour):
```sql
-- docker/init-db/01-create-databases.sql
-- Existing (keep these)
CREATE DATABASE chat;
CREATE DATABASE voxel_lava;
CREATE DATABASE storage;
CREATE DATABASE todo;
-- Add missing databases
CREATE DATABASE manacore;
CREATE DATABASE zitare;
CREATE DATABASE presi;
CREATE DATABASE contacts;
CREATE DATABASE calendar;
CREATE DATABASE manadeck;
CREATE DATABASE finance;
CREATE DATABASE moodlit;
CREATE DATABASE moods;
CREATE DATABASE picture;
CREATE DATABASE nutriphi;
CREATE DATABASE quote;
CREATE DATABASE clock;
CREATE DATABASE context;
-- Grant privileges to all databases
DO $$
DECLARE
db_name TEXT;
BEGIN
FOR db_name IN
SELECT datname FROM pg_database
WHERE datname NOT IN ('postgres', 'template0', 'template1')
LOOP
EXECUTE format('GRANT ALL PRIVILEGES ON DATABASE %I TO manacore', db_name);
END LOOP;
END $$;
```
3. **Test fresh setup** (30 minutes):
```bash
# Teardown existing
pnpm docker:down
docker volume rm manacore-monorepo_postgres_data
# Fresh start
pnpm docker:up
# Verify all databases exist
docker exec -it manacore-postgres psql -U manacore -c "\l" | grep manacore
# Should show all 17+ databases
```
#### Files Changed
- `docker/init-db/01-create-databases.sql` - Add all missing databases
#### Verification Checklist
- [ ] All databases from `.env.development` are created
- [ ] `manacore` user has access to all databases
- [ ] Fresh `pnpm docker:up` creates all databases
- [ ] `pnpm run chat:dev` connects successfully
- [ ] No manual database creation needed
---
### TASK 4: ENABLE CI PR VALIDATION
**Priority:** 🔴 P0
**Effort:** 4 hours
**Owner:** DevOps Lead
**Goal:** Block broken code from merging to main
#### Steps
1. **Restore PR workflow** (30 minutes):
```bash
mv .github/workflows/ci-pull-request.yml.bak .github/workflows/ci-pull-request.yml
```
2. **Update workflow** (2 hours):
```yaml
# .github/workflows/ci-pull-request.yml
name: CI - Pull Request Validation
on:
pull_request:
branches: [main, dev]
jobs:
validate:
name: Code Quality Checks
runs-on: ubuntu-latest
timeout-minutes: 20
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup pnpm
uses: pnpm/action-setup@v2
with:
version: 9.15.0
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: 20
cache: 'pnpm'
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Format check
run: pnpm format:check
- name: Lint
run: pnpm lint
- name: Type check
run: pnpm type-check
timeout-minutes: 10
# Uncomment when tests exist
# - name: Test
# run: pnpm test
# timeout-minutes: 15
# - name: Upload coverage
# uses: codecov/codecov-action@v3
# with:
# files: ./coverage/lcov.info
security:
name: Security Scan
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run npm audit
run: |
pnpm audit --prod --audit-level=high
# Don't fail on audit issues yet (too many)
continue-on-error: true
```
3. **Add branch protection rules** (1 hour):
- Go to GitHub repo → Settings → Branches
- Add rule for `main` and `dev`:
- ✅ Require status checks to pass
- ✅ Require `validate` job to pass
- ✅ Require up-to-date branches
- ✅ Include administrators
4. **Test workflow** (30 minutes):
```bash
# Create test PR
git checkout -b test/ci-validation
echo "test" >> README.md
git add README.md
git commit -m "test: CI validation"
git push origin test/ci-validation
# Create PR on GitHub
# Verify workflow runs
# Verify PR blocked if checks fail
```
#### Files Changed
- `.github/workflows/ci-pull-request.yml` - Restored and updated
- GitHub branch protection rules (via UI)
#### Verification Checklist
- [ ] PR workflow runs on new PRs
- [ ] Format check fails on bad formatting
- [ ] Lint check fails on linting errors
- [ ] Type check completes in <10 minutes
- [ ] PR cannot be merged if checks fail
---
### TASK 5: FIX PRE-COMMIT HOOK PERFORMANCE
**Priority:** 🟡 P1
**Effort:** 1 hour
**Owner:** DevOps Lead
**Goal:** Pre-commit takes <30 seconds (not 10+ minutes)
#### Steps
1. **Update pre-commit hook** (30 minutes):
```bash
# .husky/pre-commit
#!/usr/bin/env sh
. "$(dirname -- "$0")/_/husky.sh"
# Run lint-staged (only on changed files)
pnpm exec lint-staged
# REMOVED: pnpm run type-check (too slow, move to CI)
```
2. **Update lint-staged config** (30 minutes):
```json
// package.json
{
"lint-staged": {
"*.{ts,tsx,js,jsx}": [
"eslint --fix --max-warnings=0",
"prettier --write"
],
"*.{json,md,yml,yaml}": [
"prettier --write"
],
"*.{svelte}": [
"eslint --fix --max-warnings=0",
"prettier --plugin prettier-plugin-svelte --write"
],
"*.{astro}": [
"prettier --plugin prettier-plugin-astro --write"
]
}
}
```
#### Files Changed
- `.husky/pre-commit` - Remove global type-check
- `package.json` - Update lint-staged config
#### Verification
```bash
# Make a small change
echo "// test" >> apps/chat/apps/backend/src/main.ts
# Stage and commit
git add apps/chat/apps/backend/src/main.ts
time git commit -m "test: pre-commit performance"
# Should complete in <30 seconds
```
---
## 📊 PROGRESS TRACKING
### Daily Standup Template
**Day 1 (Security Crisis Day):**
- [ ] TASK 1: Revoke exposed API keys (2h)
- [ ] TASK 2: Start secrets management (4h/8h)
**Day 2 (Security Completion):**
- [ ] TASK 2: Finish secrets management (4h/8h)
- [ ] TASK 3: Fix database initialization (2h)
**Day 3 (CI/CD Setup):**
- [ ] TASK 4: Enable CI PR validation (4h)
- [ ] TASK 5: Fix pre-commit performance (1h)
**Day 4 (Testing & Verification):**
- [ ] Test all fixes
- [ ] Update documentation
- [ ] Team demo
### Verification Commands
```bash
# Security verification
git log --all --full-history -- .env.development | grep -i "api.*key" # Should be empty in new commits
grep -r "AIza\|sk-proj" .env* --exclude="*.local" --exclude="*.example" # Should be empty
# Database verification
docker exec -it manacore-postgres psql -U manacore -c "\l" | wc -l # Should show 17+ databases
# CI verification
gh pr checks <pr-number> # All checks should pass
# Pre-commit verification
time git commit --allow-empty -m "test" # Should be <30s
```
---
## 🎯 SUCCESS METRICS
### Week 1 Goals
| Metric | Before | Target | Actual |
|--------|--------|--------|--------|
| Secrets in git | ✅ Yes (CRITICAL) | ❌ No | ___ |
| PR validation | ❌ Disabled | ✅ Active | ___ |
| Database setup time | 2+ hours (manual) | 5 minutes (automated) | ___ |
| Pre-commit duration | 10+ minutes | <30 seconds | ___ |
| Local dev setup | Broken for new devs | One-command setup | ___ |
### Definition of Done
- [ ] ✅ All API keys revoked and rotated
- [ ] ✅ Secrets in `.env.development.local` (gitignored)
- [ ] ✅ Environment validation script works
- [ ] ✅ Fresh `git clone` + `pnpm install` sets up everything
- [ ] ✅ All 17+ databases created on `pnpm docker:up`
- [ ] ✅ PR workflow active and blocking broken code
- [ ] ✅ Pre-commit hook completes in <30s
- [ ] ✅ Documentation updated
- [ ] ✅ Team trained on new workflow
---
## 📚 DOCUMENTATION UPDATES
### Files to Update
1. **ROOT README.md:**
```markdown
## First-Time Setup
1. Clone the repository
2. Copy `.env.development.example` to `.env.development.local`
3. Fill in your API keys in `.env.development.local`
4. Run `pnpm install`
5. Run `pnpm docker:up`
6. Start developing: `pnpm run chat:dev`
**IMPORTANT:** Never commit `.env.development.local` - it contains secrets!
```
2. **docs/ENVIRONMENT_VARIABLES.md:**
- Add section on secrets management
- Explain `.local` file pattern
- Document validation process
3. **CLAUDE.md:**
- Update environment variables section
- Add security best practices
- Document CI/CD workflow
---
## 🚨 ROLLBACK PLAN
If anything goes wrong:
1. **API Keys Broken:**
```bash
# Restore from password manager
# Update .env.development.local
pnpm setup:env
```
2. **Database Init Broken:**
```bash
# Restore old SQL file from git
git checkout HEAD~1 docker/init-db/01-create-databases.sql
pnpm docker:down
pnpm docker:up
```
3. **CI Workflow Broken:**
```bash
# Disable workflow temporarily
mv .github/workflows/ci-pull-request.yml .github/workflows/ci-pull-request.yml.bak
git add .github/workflows/ci-pull-request.yml.bak
git commit -m "fix: disable CI temporarily"
```
---
## 🎓 POST-WEEK 1 RETROSPECTIVE
### Questions to Answer
1. What went well?
2. What took longer than expected?
3. What did we learn about our system?
4. What should we prioritize next?
5. How can we prevent similar issues?
### Next Steps Planning
- Review Week 2-4 action plan (testing foundation)
- Allocate resources for testing sprint
- Set up coverage tracking
- Schedule daily standups for testing work
---
**END OF WEEK 1 ACTION PLAN**
*Priority: CRITICAL*
*Total Effort: 17 hours*
*Timeline: Days 1-7*
*Success Criteria: All tasks completed and verified*

145
.claude/audit/AUDIT_SUMMARY.md Normal file
View file

@ -0,0 +1,145 @@
# Documentation Audit Summary
**Date:** 2025-12-07
**Full Report:** [documentation-audit-2025-12-07.md](./documentation-audit-2025-12-07.md)
## Quick Stats
- **Active Projects:** 17 (apps/) + 5 (games/) + 1 (service)
- **Documentation Coverage:** 11/17 active projects have CLAUDE.md
- **Critical Issues:** 3
- **Overall Score:** 7/10
## Top 3 Critical Issues
### 1. 🚨 Active vs Archived Confusion
**5 projects exist in BOTH `apps/` and `apps-archived/`:**
- maerchenzauber
- memoro
- wisekeep
- reader
- nutriphi
Root CLAUDE.md lists them as archived, but they're in the active workspace.
### 2. ❌ Missing Major Project Documentation
**No CLAUDE.md files for:**
- **manadeck** (major project with full stack)
- **picture** (AI image generation)
- **quote** (backend + web + mobile)
- Several other active projects
### 3. 📝 Incomplete Root Documentation
**Root CLAUDE.md only documents 6/17 active projects:**
- Missing: calendar, clock, context, todo, quote, and 6+ others
- Outdated commands (presi:dev, mail:dev for archived projects)
## Immediate Action Items
1. ✅ **Resolve duplicates** - Decide on maerchenzauber, memoro, wisekeep, reader, nutriphi status
2. ✅ **Create CLAUDE.md** for manadeck and picture (high priority)
3. ✅ **Update root CLAUDE.md** with complete project list (17 projects)
4. ✅ **Fix commands** - Remove presi:dev, mail:dev; add calendar:dev, clock:dev, todo:dev
5. ✅ **Backend ports table** - Document all 12 backends with port numbers
## Documentation Quality by Project
### Excellent (10/10)
- ✅ calendar (German, comprehensive)
- ✅ clock (German, comprehensive)
- ✅ todo (German, comprehensive)
### Good (8-9/10)
- ✅ chat
- ✅ contacts
- ✅ context
- ✅ zitare
### Missing
- ❌ manadeck
- ❌ picture
- ❌ quote
- ❌ 8+ other projects
## Key Findings
### Projects Not in Root Docs
Missing from root CLAUDE.md but active:
- calendar (port 3014)
- clock (port 3017)
- context (mobile only)
- todo (port 3018)
- quote (full stack)
- maerchenzauber* (duplicate)
- memoro* (duplicate)
- nutriphi* (duplicate)
- reader* (duplicate)
- wisekeep* (duplicate)
### Landing Pages Mismatch
- **Actual:** 7 landing pages (chat, picture, manacore, manadeck, zitare, calendar, clock)
- **Documented:** 5 (missing calendar, clock)
- **Deploy scripts:** 10 (includes non-existent: presi, mail, moodlit)
### Shared Packages Gap
- **Actual:** 34 packages
- **Documented:** 10 packages
- **Missing:** 24 packages undocumented
## Priority Matrix
| Issue | Priority | Impact | Effort |
|-------|----------|--------|--------|
| Resolve active/archived confusion | 🔴 HIGH | Critical | Medium |
| Create manadeck CLAUDE.md | 🔴 HIGH | High | Low |
| Create picture CLAUDE.md | 🔴 HIGH | High | Low |
| Update root projects table | 🔴 HIGH | High | Low |
| Backend ports reference | 🟡 MEDIUM | Medium | Low |
| Landing pages docs fix | 🟡 MEDIUM | Medium | Low |
| Shared packages docs | 🟡 MEDIUM | Medium | High |
| Games section | 🟢 LOW | Low | Low |
## Recommendations
### Week 1
- Resolve duplicate projects (remove from apps/ OR apps-archived/)
- Create CLAUDE.md for manadeck, picture
- Update root CLAUDE.md with all 17 active projects
### Week 2-4
- Document all backend ports
- Fix landing pages section
- Update environment variables docs
- Add games overview
### Ongoing
- Create CLAUDE.md for all remaining projects
- Automated documentation validation
- Version compatibility matrix
## Files to Review/Update
1. `/CLAUDE.md` - Add missing projects, fix commands
2. `/apps/manadeck/CLAUDE.md` - CREATE
3. `/apps/picture/CLAUDE.md` - CREATE
4. `/docs/ENVIRONMENT_VARIABLES.md` - Add missing projects
5. `/package.json` - Clean up commands for archived projects
## Success Metrics
**Target Documentation Coverage:**
- ✅ 100% of active projects in root CLAUDE.md
- ✅ 100% of active projects have project CLAUDE.md
- ✅ All backend ports documented
- ✅ Landing pages list is accurate
- ✅ No duplicate projects between apps/ and apps-archived/
**Current Status:**
- ⚠️ 35% of active projects in root docs (6/17)
- ⚠️ 65% have project CLAUDE.md (11/17)
- ⚠️ 42% of backends documented (5/12)
- ⚠️ Landing pages 71% accurate (5/7)
- ❌ 5 duplicate projects
---
**Next Steps:** Review full audit report and prioritize fixes based on your team's needs.

317
.claude/audit/FIXES_CHECKLIST.md Normal file
View file

@ -0,0 +1,317 @@
# Documentation Fixes Checklist
**Generated:** 2025-12-07
**Status:** Ready for implementation
Use this checklist to systematically fix all documentation issues identified in the audit.
---
## Phase 1: Critical Fixes (Week 1)
### 🚨 Issue 1: Resolve Active/Archived Confusion
**5 projects in BOTH apps/ and apps-archived/:**
- [ ] **maerchenzauber** - Decide: Keep in apps/ OR apps-archived/
- [ ] If keeping in apps/: Delete from apps-archived/
- [ ] If archiving: Delete from apps/
- [ ] Update root CLAUDE.md archived projects list
- [ ] Update pnpm-workspace.yaml if needed
- [ ] **memoro** - Decide: Keep in apps/ OR apps-archived/
- [ ] If keeping in apps/: Delete from apps-archived/
- [ ] If archiving: Delete from apps/
- [ ] Update root CLAUDE.md archived projects list
- [ ] **wisekeep** - Decide: Keep in apps/ OR apps-archived/
- [ ] If keeping in apps/: Delete from apps-archived/
- [ ] If archiving: Delete from apps/
- [ ] Update root CLAUDE.md archived projects list
- [ ] **reader** - Decide: Keep in apps/ OR apps-archived/
- [ ] If keeping in apps/: Delete from apps-archived/
- [ ] If archiving: Delete from apps/
- [ ] Update root CLAUDE.md archived projects list
- [ ] **nutriphi** - Decide: Keep in apps/ OR apps-archived/
- [ ] If keeping in apps/: Delete from apps-archived/
- [ ] If archiving: Delete from apps/
- [ ] Update root CLAUDE.md archived projects list
### ❌ Issue 2: Create Missing Major Project Docs
- [ ] **Create `/apps/manadeck/CLAUDE.md`**
- [ ] Document backend (port 3009)
- [ ] Document web app
- [ ] Document mobile app
- [ ] Document landing page
- [ ] Add API endpoints
- [ ] Add database schema
- [ ] Add development commands
- [ ] Add environment variables
- [ ] **Create `/apps/picture/CLAUDE.md`**
- [ ] Document backend (port 3006)
- [ ] Document web app
- [ ] Document mobile app
- [ ] Document landing page
- [ ] Add AI image generation details
- [ ] Add API endpoints
- [ ] Add development commands
- [ ] Add environment variables
- [ ] **Create `/apps/quote/CLAUDE.md`**
- [ ] Document backend
- [ ] Document web app
- [ ] Document mobile app
- [ ] Add API endpoints
- [ ] Add development commands
### 📝 Issue 3: Update Root CLAUDE.md
**File:** `/CLAUDE.md`
- [ ] **Update Projects Table (lines 31-40)**
```markdown
| Project | Description | Apps |
| ------------ | ---------------------------- | --------------------------------------------------------- |
| **manacore** | Multi-app ecosystem platform | Expo mobile, SvelteKit web, Astro landing |
| **manadeck** | Card/deck management | NestJS backend, Expo mobile, SvelteKit web, Astro landing|
| **picture** | AI image generation | NestJS backend, Expo mobile, SvelteKit web, Astro landing|
| **chat** | AI chat application | NestJS backend, Expo mobile, SvelteKit web, Astro landing|
| **zitare** | Daily inspiration quotes | NestJS backend, Expo mobile, SvelteKit web, Astro landing|
| **contacts** | Contact management | NestJS backend, SvelteKit web |
| **calendar** | Calendar & scheduling | NestJS backend, SvelteKit web, Astro landing |
| **clock** | World clock & timers | NestJS backend, SvelteKit web, Astro landing |
| **todo** | Task management | NestJS backend, SvelteKit web |
| **context** | AI document management | Expo mobile |
| **quote** | Quote management | NestJS backend, SvelteKit web, Expo mobile |
```
- [ ] **Add missing projects** to table (after resolving duplicates)
- [ ] **Update Development Commands (lines 61-76)**
```bash
# Start specific project (runs all apps in project)
pnpm run manacore:dev
pnpm run manadeck:dev
pnpm run picture:dev
pnpm run chat:dev
pnpm run zitare:dev
pnpm run contacts:dev
pnpm run calendar:dev # ADD
pnpm run clock:dev # ADD
pnpm run todo:dev # ADD
pnpm run context:dev # ADD
# REMOVE: pnpm run presi:dev
# REMOVE: pnpm run mail:dev
```
- [ ] **Update Integrated Backends Table (lines 334-342)**
```markdown
| Backend | Package | Port |
| -------- | ------------------------------- | ---- |
| Chat | `@mana-core/nestjs-integration` | 3002 |
| Picture | `@manacore/shared-nestjs-auth` | 3006 |
| Zitare | `@manacore/shared-nestjs-auth` | 3007 |
| ManaDeck | `@mana-core/nestjs-integration` | 3009 |
| Calendar | `@manacore/shared-nestjs-auth` | 3014 | # ADD
| Contacts | `@manacore/shared-nestjs-auth` | 3015 | # ADD
| Clock | `@manacore/shared-nestjs-auth` | 3017 | # ADD
| Todo | `@manacore/shared-nestjs-auth` | 3018 | # ADD
# REMOVE: | Presi | Custom (same pattern) | 3008 |
```
- [ ] **Update Landing Pages Table (lines 470-476)**
```markdown
| Project | Package | Cloudflare Project | URL |
|---------|---------|-------------------|-----|
| Chat | `@chat/landing` | `chat-landing` | https://chat-landing.pages.dev |
| Picture | `@picture/landing` | `picture-landing` | https://picture-landing.pages.dev |
| ManaCore | `@manacore/landing` | `manacore-landing` | https://manacore-landing.pages.dev |
| ManaDeck | `@manadeck/landing` | `manadeck-landing` | https://manadeck-landing.pages.dev |
| Zitare | `@zitare/landing` | `zitare-landing` | https://zitare-landing.pages.dev |
| Calendar | `@calendar/landing` | `calendar-landing` | https://calendar-landing.pages.dev | # ADD
| Clock | `@clock/landing` | `clock-landing` | https://clock-landing.pages.dev | # ADD
```
- [ ] **Update Archived Projects List (lines 42-59)**
- [ ] Add/remove based on Phase 1 duplicate resolution
- [ ] Add missing: finance, mail, moodlit
- [ ] Remove duplicates that were moved to active
- [ ] **Add Games Section** (new section after Projects)
```markdown
### Game Projects (`games/`)
| Project | Description | Status |
| ------------ | ------------------------ | ------ |
| **figgos** | [Description] | Active |
| **mana-games** | [Description] | Active |
| **voxelava** | [Description] | Active |
| **whopixels** | [Description] | Active |
| **worldream** | [Description] | Active |
```
---
## Phase 2: High Priority Fixes (Week 2)
### Update Root CLAUDE.md (continued)
- [ ] **Expand Shared Packages Section (lines 361-381)**
- [ ] Add missing packages (24 undocumented)
- [ ] OR: Add note: "See `/packages/README.md` for complete list"
- [ ] OR: Create table with all 34 packages
### Update Environment Variables Documentation
**File:** `/docs/ENVIRONMENT_VARIABLES.md`
- [ ] Add calendar environment variables
- [ ] Add clock environment variables
- [ ] Add contacts environment variables
- [ ] Add todo environment variables
- [ ] Add quote environment variables
- [ ] Add context environment variables
- [ ] Update table of contents
- [ ] Verify all variables match actual .env files
### Clean Up package.json
**File:** `/package.json`
- [ ] **Remove invalid deploy scripts (lines 154-157)**
- [ ] Remove: `"deploy:landing:presi"` (landing doesn't exist)
- [ ] Remove: `"deploy:landing:mail"` (landing doesn't exist)
- [ ] Remove: `"deploy:landing:moodlit"` (landing doesn't exist)
- [ ] **Update deploy:landing:all script (line 158)**
- [ ] Remove presi, mail, moodlit
- [ ] Add calendar, clock if not present
---
## Phase 3: Medium Priority (Weeks 3-4)
### Create Additional Project Documentation
- [ ] **Create `/apps/context/README.md`** (expand beyond CLAUDE.md)
- [ ] **Review/update `/apps/manacore/CLAUDE.md`**
- [ ] **Review/update `/services/mana-core-auth/CLAUDE.md`**
### Create Shared Packages Documentation
- [ ] **Create `/packages/README.md`**
- [ ] List all 34 packages
- [ ] Describe purpose of each
- [ ] Show import patterns
- [ ] Document inter-package dependencies
### Update .claude Guidelines
**Files in `.claude/guidelines/`**
- [ ] Review authentication.md for accuracy
- [ ] Review database.md - add missing projects
- [ ] Review nestjs-backend.md - add all backends
- [ ] Review expo-mobile.md - add all mobile apps
- [ ] Review sveltekit-web.md - add all web apps
### Create Missing Documentation
- [ ] **Create `/docs/BACKENDS.md`**
- [ ] Table of all backends
- [ ] Ports, technologies, database
- [ ] Dependencies
- [ ] **Create `/docs/LANDING_PAGES.md`**
- [ ] Deployment workflow
- [ ] Cloudflare setup
- [ ] All landing pages
- [ ] **Update `/docs/PROJECT_OVERVIEW.md`**
- [ ] Ensure all active projects listed
- [ ] Update statistics
---
## Phase 4: Low Priority (Future)
### Automation & Validation
- [ ] **Create `/scripts/validate-docs.mjs`**
- [ ] Check all apps/ have CLAUDE.md
- [ ] Verify ports in docs match actual configs
- [ ] Check package.json commands exist for all projects
- [ ] Validate landing pages exist where documented
- [ ] **Create `/scripts/generate-project-list.mjs`**
- [ ] Auto-generate projects table from filesystem
- [ ] Output markdown table
- [ ] Can be used to update root CLAUDE.md
### Version Documentation
- [ ] **Create `/docs/VERSIONS.md`**
- [ ] React Native version per mobile app
- [ ] Expo SDK version per mobile app
- [ ] NestJS version per backend
- [ ] SvelteKit version per web app
- [ ] Node.js compatibility
### Testing Documentation
- [ ] Verify all curl examples in CLAUDE.md files work
- [ ] Test all pnpm commands documented
- [ ] Validate all environment variables exist
---
## Verification Checklist
After completing fixes, verify:
- [ ] All 17 active projects are in root CLAUDE.md
- [ ] All 17 active projects have CLAUDE.md files
- [ ] No projects exist in both apps/ and apps-archived/
- [ ] All backend ports are documented
- [ ] All landing pages are accurately documented
- [ ] All pnpm commands work
- [ ] Landing deploy scripts match actual landing pages
- [ ] Archived projects list matches apps-archived/
- [ ] Games section exists with all 5 games
- [ ] Environment variables docs cover all active projects
---
## Progress Tracking
**Started:** [DATE]
**Phase 1 Complete:** [DATE]
**Phase 2 Complete:** [DATE]
**Phase 3 Complete:** [DATE]
**Phase 4 Complete:** [DATE]
**Issues Resolved:** 0/12
### Phase Completion
- [ ] Phase 1: Critical Fixes (3 issues)
- [ ] Phase 2: High Priority (4 issues)
- [ ] Phase 3: Medium Priority (3 issues)
- [ ] Phase 4: Low Priority (2 issues)
---
## Notes
Add any notes about decisions made or blockers encountered:
-
-
-
---
**Tip:** Use this checklist with GitHub issues or a project management tool by converting each section to a separate issue/task.

458
.claude/audit/HIVE_MIND_EXECUTIVE_SUMMARY.md Normal file
View file

@ -0,0 +1,458 @@
# 🧠 HIVE MIND COLLECTIVE INTELLIGENCE REPORT
## ManaCore Monorepo - Comprehensive Audit & Improvement Plan
**Swarm ID:** swarm-1765095736318-q124en9du
**Swarm Name:** hive-1765095736313
**Audit Date:** 2025-12-07
**Queen Coordinator:** Strategic Analysis Agent
**Worker Agents:** 4 (Researcher, Coder, Analyst, Tester)
---
## 🎯 EXECUTIVE SUMMARY
The hive mind collective has completed a comprehensive audit of the manacore-monorepo across four critical dimensions: **Documentation, Code Quality, Architecture, and Testing**. The consensus assessment reveals a project with **strong architectural foundations** but **critical gaps in quality assurance, testing, and operational readiness**.
### Overall Assessment Matrix
| Dimension | Score | Status | Priority |
|-----------|-------|--------|----------|
| **Architecture & Design** | 90/100 | ✅ Excellent | Maintain |
| **Documentation** | 70/100 | 🟡 Good | Improve |
| **Code Quality** | 70/100 | 🟡 Good | Improve |
| **Testing Coverage** | 10/100 | 🔴 Critical | **URGENT** |
| **CI/CD & DevOps** | 40/100 | 🔴 Poor | **URGENT** |
| **Security** | 50/100 | 🔴 Poor | **URGENT** |
**Overall Monorepo Health:** **60/100** (C grade - Functional but High Risk)
---
## 🚨 CRITICAL FINDINGS (Requires Immediate Action)
### 1. **SECURITY BREACH: API Keys Exposed in Git** 🔴
**Severity:** CRITICAL
**Impact:** Active API keys committed to `.env.development`
**Risk:** Unauthorized usage, data breach, financial loss
**Exposed Keys:**
- Google Gemini API Key
- Azure OpenAI API Key
- Replicate API Token
- WorldDream API Keys (OpenAI, Gemini)
**IMMEDIATE ACTIONS REQUIRED:**
1. ✅ Revoke all exposed keys within 24 hours
2. ✅ Move to `.env.development.local` (gitignored)
3. ✅ Rotate all production secrets
4. ✅ Audit API usage for unauthorized access
5. ✅ Implement secrets management (Doppler/Vault)
**Files to Fix:**
- `.env.development` - Remove all real keys
- Create `.env.development.example` with placeholders
- Update `scripts/generate-env.mjs` to read from `.local` files
---
### 2. **TESTING CATASTROPHE: <1% Coverage** 🔴
**Severity:** CRITICAL
**Impact:** No automated quality assurance for 99% of codebase
**Risk:** Production bugs, regression failures, customer impact
**Key Metrics:**
- **Total Test Files:** 23 (only in mana-core-auth)
- **Backends Tested:** 1/12 (8% coverage)
- **Mobile Apps Tested:** 0/7 (0% coverage)
- **Web Apps Tested:** 0/7 (0% coverage)
- **Shared Packages Tested:** 0/37 (0% coverage)
**Critical Untested Areas:**
- 🔴 **Authentication integration** - All backends use mana-core-auth but none test it
- 🔴 **Credit consumption** - Billing logic has zero tests (double-charging risk!)
- 🔴 **Storage operations** - S3 uploads/downloads untested (data loss risk)
- 🔴 **API endpoints** - 100+ endpoints have no tests
**IMMEDIATE ACTIONS REQUIRED:**
1. ✅ Test `@manacore/shared-nestjs-auth` (security critical)
2. ✅ Test `@manacore/shared-storage` (data integrity)
3. ✅ Test credit consumption flows (billing accuracy)
4. ✅ Add tests to chat, picture, zitare backends
5. ✅ Enable CI test validation on PRs
**Estimated Effort:** 460-660 hours (3-4 months full-time)
---
### 3. **BUILD PERFORMANCE: 10x Slower Than Expected** 🔴
**Severity:** HIGH
**Impact:** Type-check takes 10+ minutes (should be 1-2 minutes)
**Risk:** Developer productivity loss, CI timeouts
**Root Cause:** ~~Recursive turbo calls in parent packages~~
**UPDATE:** ✅ **FALSE ALARM** - After analysis, parent packages only contain `dev` scripts, which is acceptable per guidelines. The actual cause of slow builds needs further investigation (likely high concurrency limit or other factors).
**ACTIONS:**
1. ✅ Investigate actual slow build cause (not turbo recursion)
2. ✅ Test with higher concurrency (`"concurrency": "10"`)
3. ✅ Enable Turborepo remote caching
4. ✅ Profile build performance
---
### 4. **DATABASE INITIALIZATION INCOMPLETE** 🔴
**Severity:** HIGH
**Impact:** Developers cannot set up local environment
**Risk:** Onboarding friction, inconsistent dev environments
**Current State:** `docker/init-db/01-create-databases.sql` only creates 5 databases
**Missing:** 12+ databases (zitare, presi, contacts, calendar, manadeck, finance, moodlit, etc.)
**IMMEDIATE ACTIONS REQUIRED:**
1. ✅ Update `01-create-databases.sql` with all databases from `.env.development`
2. ✅ Add grant statements for all databases
3. ✅ Test fresh Docker setup
**File to Fix:**
- `docker/init-db/01-create-databases.sql`
---
### 5. **NO CI/CD QUALITY GATES** 🔴
**Severity:** HIGH
**Impact:** Broken code can be merged to main
**Risk:** Production outages, customer impact
**Current State:**
- ❌ No PR validation workflow (disabled - `.bak` file)
- ❌ No lint checks in CI
- ❌ No type-check in CI
- ❌ No test validation in CI
- ✅ Only Docker builds run (minimal validation)
**IMMEDIATE ACTIONS REQUIRED:**
1. ✅ Restore `.github/workflows/ci-pull-request.yml`
2. ✅ Add `pnpm lint` to PR checks
3. ✅ Add `pnpm type-check` to PR checks
4. ✅ Add `pnpm test` to PR checks (when tests exist)
5. ✅ Add coverage reporting (Codecov)
---
## 📊 DETAILED FINDINGS BY DIMENSION
### DOCUMENTATION (70/100 - Good)
**Strengths:**
- ✅ Excellent root `CLAUDE.md` structure
- ✅ Comprehensive authentication documentation
- ✅ Detailed guidelines in `.claude/guidelines/`
- ✅ Well-documented centralized env var system
**Issues:**
- 🟡 35% of projects missing from root docs (6/17 documented)
- 🟡 3 major projects lack CLAUDE.md (manadeck, picture, quote)
- 🟡 5 projects in both `apps/` and `apps-archived/` (confusion)
- 🟡 34 shared packages exist, only 10 documented
- 🟡 Backend port numbers incomplete (5/12 documented)
**Detailed Report:** `.claude/audit/documentation-audit-2025-12-07.md`
---
### CODE QUALITY (70/100 - Good)
**Strengths:**
- ✅ Full Svelte 5 runes adoption (0 old syntax files!)
- ✅ Result type error handling (48 service methods)
- ✅ Consistent auth integration (80 guard usages)
- ✅ Well-organized shared packages (37 packages)
**Issues:**
- 🔴 TypeScript `any` usage: 124 occurrences (type safety compromised)
- 🟡 Throwing exceptions in services: 27 violations (should use Result types)
- 🟡 Console statements in production: 13 occurrences
- 🟡 Default exports: 15 files (should use named exports)
**Code Duplication Opportunities:**
- Error handling pattern (~200 lines could be shared)
- API client boilerplate (~500 lines duplicate)
- Loading/error/empty states (30+ components)
**Technical Debt Score:** 6.5/10 (Moderate-High)
**Detailed Report:** See Coder Agent output above
---
### ARCHITECTURE & INFRASTRUCTURE (90/100 - Excellent)
**Strengths:**
- ✅ Centralized auth with Better Auth (EdDSA, JWKS)
- ✅ S3-compatible storage abstraction (MinIO → Hetzner)
- ✅ Clean monorepo structure (pnpm + turborepo)
- ✅ Automated environment generation
- ✅ Docker-based local development
**Issues:**
- 🔴 Auth service is single point of failure (no HA)
- 🟡 JWT validation requires network call (should use JWKS locally)
- 🟡 No database backup strategy documented
- 🟡 Inconsistent database connection patterns (3 different approaches)
- 🟡 Only 3/12 backends have Docker images
**Scalability Concerns:**
- Single PostgreSQL instance for 17+ databases
- No CDN for static assets
- No rate limiting in apps
- No real-time/WebSocket architecture
**Detailed Report:** See Analyst Agent output above
---
### TESTING (10/100 - Critical Failure)
**Strengths:**
- ✅ Excellent test patterns in mana-core-auth (80% coverage, mock factories, integration tests)
- ✅ Jest/Vitest infrastructure configured
- ✅ Playwright config exists
**Issues:**
- 🔴 Backend coverage: 8% (1/12 tested)
- 🔴 Mobile coverage: 0% (0/7 tested)
- 🔴 Web coverage: 0% (0/7 tested)
- 🔴 Shared packages: 0% (0/37 tested)
- 🔴 E2E tests: 0 scenarios
**Critical Gaps:**
- Authentication integration tests (security risk!)
- Credit consumption tests (billing risk!)
- Storage operation tests (data loss risk!)
- API endpoint tests (stability risk!)
**Detailed Report:** See Tester Agent output above
---
## 🎯 CONSENSUS RECOMMENDATIONS
The hive mind has achieved consensus on the following prioritized action plan:
### WEEK 1: SECURITY & CRITICAL FIXES
| Priority | Action | Owner | Effort |
|----------|--------|-------|--------|
| 1 | Revoke exposed API keys | DevOps | 2h |
| 2 | Implement secrets management | DevOps | 8h |
| 3 | Fix database initialization script | Backend | 2h |
| 4 | Enable CI PR validation | DevOps | 4h |
| 5 | Remove pre-commit global type-check | DevOps | 1h |
**Total Effort:** 17 hours
**Success Criteria:** No secrets in git, PR validation active, local dev setup works
---
### WEEK 2-4: TESTING FOUNDATION
| Priority | Action | Owner | Effort |
|----------|--------|-------|--------|
| 6 | Test shared-nestjs-auth package | Backend | 16h |
| 7 | Test shared-storage package | Backend | 12h |
| 8 | Test shared-errors package | Backend | 8h |
| 9 | Test chat backend (auth + credits + API) | Backend | 40h |
| 10 | Test picture backend | Backend | 32h |
| 11 | Test zitare backend | Backend | 24h |
**Total Effort:** 132 hours
**Success Criteria:** Critical packages at 80%+ coverage, top 3 backends at 70%+
---
### MONTH 2: INFRASTRUCTURE & AUTOMATION
| Priority | Action | Owner | Effort |
|----------|--------|-------|--------|
| 12 | Add Docker images for all backends | DevOps | 40h |
| 13 | Implement JWKS-based JWT validation | Backend | 16h |
| 14 | Set up HA for mana-core-auth | DevOps | 24h |
| 15 | Configure Turborepo remote caching | DevOps | 8h |
| 16 | Add database backup automation | DevOps | 12h |
| 17 | Add deployment monitoring | DevOps | 16h |
**Total Effort:** 116 hours
**Success Criteria:** All services deployable, HA auth, monitoring active
---
### MONTH 3: COVERAGE EXPANSION
| Priority | Action | Owner | Effort |
|----------|--------|-------|--------|
| 18 | Test remaining backends | Backend | 80h |
| 19 | Test mobile apps (chat, picture, manadeck) | Mobile | 180h |
| 20 | Test web apps (chat, picture) | Frontend | 80h |
| 21 | Create E2E test suite (10 scenarios) | QA | 60h |
| 22 | Update documentation (all missing) | Tech Writer | 24h |
**Total Effort:** 424 hours
**Success Criteria:** 70%+ coverage across all active projects
---
## 📈 SUCCESS METRICS & TRACKING
### Coverage Targets
| Metric | Current | 1 Month | 3 Months | 6 Months |
|--------|---------|---------|----------|----------|
| **Security Score** | 50/100 | 80/100 | 90/100 | 95/100 |
| **Test Coverage** | <1% | 40% | 70% | 80% |
| **CI/CD Automation** | 20% | 70% | 90% | 95% |
| **Documentation Coverage** | 70% | 85% | 95% | 100% |
| **Build Performance** | Poor | Good | Excellent | Excellent |
### Key Performance Indicators (KPIs)
- **Mean Time to Deploy (MTTD):** Target <15 minutes
- **Test Execution Time:** Target <5 minutes (unit), <15 minutes (full)
- **CI Success Rate:** Target >99%
- **Code Coverage:** Target 80% for new code
- **Documentation Completeness:** Target 100% of active projects
---
## 🗺️ COMPREHENSIVE IMPROVEMENT ROADMAP
### Phase 1: Stabilization (Month 1)
**Focus:** Security, testing foundation, CI/CD
**Deliverables:**
- ✅ No secrets in git
- ✅ Shared packages at 80%+ coverage
- ✅ Top 3 backends at 70%+ coverage
- ✅ PR validation active
- ✅ Database setup automated
**Exit Criteria:** Can deploy with confidence, critical paths tested
---
### Phase 2: Expansion (Months 2-3)
**Focus:** Full test coverage, infrastructure hardening
**Deliverables:**
- ✅ All backends tested (70%+)
- ✅ Mobile apps tested (60%+)
- ✅ Web apps tested (60%+)
- ✅ E2E test suite (10 scenarios)
- ✅ HA authentication
- ✅ All services deployable
**Exit Criteria:** Production-ready infrastructure, comprehensive testing
---
### Phase 3: Optimization (Months 4-6)
**Focus:** Performance, monitoring, scalability
**Deliverables:**
- ✅ Remote caching enabled
- ✅ CDN for static assets
- ✅ Rate limiting everywhere
- ✅ APM/logging/metrics
- ✅ Disaster recovery tested
- ✅ 80%+ coverage maintained
**Exit Criteria:** Scalable, observable, resilient system
---
## 📁 AUDIT DELIVERABLES
All detailed reports and checklists are available in `.claude/audit/`:
1. **README.md** - Navigation guide
2. **AUDIT_SUMMARY.md** - Quick reference (from Researcher)
3. **documentation-audit-2025-12-07.md** - Full documentation findings
4. **FIXES_CHECKLIST.md** - Step-by-step implementation guide
5. **HIVE_MIND_EXECUTIVE_SUMMARY.md** - This document
6. **CODE_QUALITY_REPORT.md** - Detailed code analysis (from Coder)
7. **ARCHITECTURE_REPORT.md** - Infrastructure analysis (from Analyst)
8. **TESTING_REPORT.md** - Test coverage assessment (from Tester)
---
## 🎓 LESSONS LEARNED
### What's Working Well
1. **Architectural Vision** - Centralized auth, shared packages, monorepo structure
2. **Developer Experience** - Automated env generation, Docker setup, clear guidelines
3. **Code Patterns** - Svelte 5 runes, Result types, auth integration
4. **Documentation Quality** - Where it exists, it's excellent (mana-core-auth, root CLAUDE.md)
### What Needs Improvement
1. **Quality Assurance** - Testing is virtually absent
2. **Security Practices** - Secrets management, vulnerability scanning
3. **Operational Readiness** - Deployment automation, monitoring, backups
4. **Documentation Coverage** - Many projects undocumented
### Strategic Insights
The monorepo demonstrates **excellent engineering judgment in architecture** but **insufficient investment in quality assurance**. This pattern is common in early-stage products prioritizing features over robustness. The foundation is solid - the missing piece is **automated validation** to maintain quality at scale.
**Key Recommendation:** Shift focus from feature development to **testing infrastructure** for the next 1-3 months. The ROI will be massive: faster feature development, fewer production bugs, and confident deployments.
---
## 🚀 NEXT STEPS
### Immediate Actions (Today)
1. ✅ Review this executive summary
2. ✅ Prioritize Week 1 critical fixes
3. ✅ Assign owners to tasks
4. ✅ Set up project tracking (GitHub Projects/Jira)
### Week 1 Kickoff
1. ✅ Security sprint: Revoke keys, implement secrets management
2. ✅ Database sprint: Fix initialization, test fresh setup
3. ✅ CI/CD sprint: Enable PR validation, remove slow type-check
### Month 1 Planning
1. ✅ Allocate resources for testing foundation (132 hours)
2. ✅ Set up coverage tracking (Codecov)
3. ✅ Weekly progress reviews
### Quarterly Review
1. ✅ Assess progress against roadmap
2. ✅ Adjust priorities based on learnings
3. ✅ Celebrate wins (coverage milestones!)
---
## 🤝 HIVE MIND CONSENSUS
All four specialized agents (Researcher, Coder, Analyst, Tester) have reached consensus on the following assessment:
**The manacore-monorepo is a well-architected system with critical gaps in quality assurance and operational readiness. With focused effort over the next 3 months on testing, security, and CI/CD, it can become a production-grade platform supporting 18+ applications.**
**Consensus Vote:** 4/4 agents agree
**Confidence Level:** High (based on comprehensive analysis)
**Recommended Action:** Proceed with Week 1 critical fixes immediately
---
**End of Executive Summary**
*Generated by Hive Mind Swarm: swarm-1765095736318-q124en9du*
*Queen Coordinator: Strategic Analysis Agent*
*Worker Agents: Researcher, Coder, Analyst, Tester*
*Audit Date: 2025-12-07*

155
.claude/audit/README.md Normal file
View file

@ -0,0 +1,155 @@
# 🧠 Hive Mind Collective Intelligence Audit
## ManaCore Monorepo Comprehensive Analysis
**Audit Date:** 2025-12-07
**Swarm ID:** swarm-1765095736318-q124en9du
**Status:** ✅ Complete
---
## 📄 Core Documents
### [HIVE_MIND_EXECUTIVE_SUMMARY.md](./HIVE_MIND_EXECUTIVE_SUMMARY.md) ⭐ START HERE
**Overall assessment** - High-level overview from all four agents
- Overall health score: 60/100 (C grade)
- Top 5 critical findings
- Consensus recommendations
- 3-month roadmap
### [ACTION_PLAN_WEEK_1.md](./ACTION_PLAN_WEEK_1.md) 🚨 URGENT
**Immediate actions** - What to do RIGHT NOW
- 5 critical tasks (17 hours total)
- Security fixes (API keys exposed!)
- Database initialization
- CI/CD activation
- Pre-commit optimization
### [AUDIT_SUMMARY.md](./AUDIT_SUMMARY.md)
**Documentation quick reference** - From Researcher Agent
- Key statistics
- Top 3 critical issues
- Quick action items
- Priority matrix
### [documentation-audit-2025-12-07.md](./documentation-audit-2025-12-07.md)
**Full documentation audit** - Complete analysis from Researcher Agent
- Executive summary
- 12 documented findings with examples
- File references and line numbers
- Appendices with complete data
- Recommendations by priority
### [FIXES_CHECKLIST.md](./FIXES_CHECKLIST.md)
**Implementation guide** - Step-by-step fixes for documentation
- Phased approach (4 phases)
- Checkbox format for progress tracking
- Specific file paths and line numbers
- Verification checklist
## 🎯 Quick Start
1. **Read the summary:** [AUDIT_SUMMARY.md](./AUDIT_SUMMARY.md) (5 minutes)
2. **Review critical issues:** Top 3 in summary
3. **Start fixing:** Use [FIXES_CHECKLIST.md](./FIXES_CHECKLIST.md)
4. **Deep dive:** Reference [full report](./documentation-audit-2025-12-07.md) as needed
## 📊 Key Findings Summary
| Metric | Status |
|--------|--------|
| **Overall Documentation Quality** | 7/10 |
| **Projects with Docs** | 11/17 (65%) |
| **Critical Issues** | 3 |
| **High Priority Issues** | 4 |
| **Medium Priority Issues** | 3 |
| **Low Priority Issues** | 2 |
## 🚨 Top 3 Critical Issues
1. **Active vs Archived Confusion** - 5 projects in both `apps/` and `apps-archived/`
2. **Missing Major Documentation** - manadeck, picture have no CLAUDE.md
3. **Incomplete Root Docs** - Only 6/17 active projects documented
## ✅ What to Fix First
**Week 1 Priority:**
1. Resolve duplicate projects (apps/ vs apps-archived/)
2. Create CLAUDE.md for manadeck and picture
3. Update root CLAUDE.md with all 17 active projects
4. Clean up invalid commands in package.json
## 📈 Success Metrics
**Target:**
- ✅ 100% active projects in root docs
- ✅ 100% active projects have CLAUDE.md
- ✅ All backend ports documented
- ✅ Zero duplicate projects
**Current:**
- ⚠️ 35% in root docs (6/17)
- ⚠️ 65% have CLAUDE.md (11/17)
- ⚠️ 42% backends documented (5/12)
- ❌ 5 duplicate projects
## 🔍 Audit Methodology
This audit was conducted by:
1. Scanning all CLAUDE.md files across the monorepo
2. Comparing documented structure vs actual filesystem
3. Verifying package.json commands
4. Checking consistency across documentation
5. Identifying gaps and inconsistencies
6. Prioritizing findings by impact
## 📝 Contributing to Fixes
When fixing documentation issues:
1. ✅ **Follow the checklist** - Use FIXES_CHECKLIST.md
2. ✅ **Update this README** - Mark issues as resolved
3. ✅ **Cross-reference** - Note which fixes address which findings
4. ✅ **Validate** - Test commands and verify accuracy
5. ✅ **Commit properly** - Reference audit findings in commits
Example commit:
```
docs: create manadeck CLAUDE.md
Addresses audit finding #2 (Missing Major Documentation)
See: .claude/audit/FIXES_CHECKLIST.md Phase 1
```
## 📅 Timeline
- **Audit Completed:** 2025-12-07
- **Phase 1 Target:** Week 1 (Critical fixes)
- **Phase 2 Target:** Week 2 (High priority)
- **Phase 3 Target:** Weeks 3-4 (Medium priority)
- **Phase 4 Target:** Future (Low priority)
## 🔗 Related Documentation
- [Root CLAUDE.md](../../CLAUDE.md) - Main project documentation
- [Guidelines Directory](../) - Code and architecture guidelines
- [Project Overview](../../docs/PROJECT_OVERVIEW.md) - High-level overview
- [Environment Variables](../../docs/ENVIRONMENT_VARIABLES.md) - Env setup
## 💡 Tips
- **For Quick Fixes:** Use AUDIT_SUMMARY.md for the immediate action items
- **For Deep Work:** Read the full report to understand context
- **For Tracking:** Check off items in FIXES_CHECKLIST.md as you complete them
- **For Context:** Reference the full report for examples and rationale
## 📧 Questions?
If you have questions about:
- **Why something is an issue:** See the full report
- **How to fix it:** See FIXES_CHECKLIST.md
- **What to prioritize:** See AUDIT_SUMMARY.md priority matrix
---
**Last Updated:** 2025-12-07
**Next Review:** After Phase 1 completion

583
.claude/audit/documentation-audit-2025-12-07.md Normal file
View file

@ -0,0 +1,583 @@
# Documentation Audit Report
**Date:** 2025-12-07
**Auditor:** Claude Code (Swarm Research Agent)
**Scope:** Complete documentation review of manacore-monorepo
---
## Executive Summary
This audit reviewed all CLAUDE.md files, guideline documents, and cross-referenced them with actual codebase structure. The monorepo has **17 active projects** in `apps/`, **5 game projects** in `games/`, **16 archived projects** in `apps-archived/`, and **1 service** (`mana-core-auth`).
**Overall Documentation Quality:** 7/10
- ✅ Root CLAUDE.md is comprehensive and well-structured
- ✅ Most active projects have detailed CLAUDE.md files
- ⚠️ Several projects missing from root documentation
- ⚠️ Some inconsistencies between docs and actual structure
- ❌ Several projects completely undocumented
---
## Critical Findings (Priority: HIGH)
### 1. **Missing Project Documentation in Root CLAUDE.md**
The root `/CLAUDE.md` only documents 6 projects, but there are **17 active projects** in `apps/`:
**Documented (6):**
- manacore
- manadeck
- picture
- chat
- zitare
- contacts
**Missing from Documentation (11):**
- **calendar** - Full calendar app (backend, web, landing) - Port 3014
- **clock** - World clock/timer app (backend, web, landing) - Port 3017
- **context** - AI document management (mobile only)
- **todo** - Task management app (backend, web, landing) - Port 3018
- **maerchenzauber** - AI story generation (backend, mobile) - ACTIVE in `apps/` but also listed as archived
- **memoro** - Voice memo app (mobile only) - ACTIVE in `apps/` but also listed as archived
- **nutriphi** - Nutrition tracking (backend, mobile) - ACTIVE in `apps/` but also listed as archived
- **quote** - Quote app (backend, web, mobile)
- **reader** - Reading app (mobile only) - ACTIVE in `apps/` but also listed as archived
- **wisekeep** - AI wisdom extraction (backend, mobile) - ACTIVE in `apps/` but also listed as archived
- **finance** - Finance app (documented in archived but exists in apps-archived)
- **moodlit** - Mood tracking (documented in archived but exists in apps-archived)
**Impact:** Developers/AI working on these projects have no guidance in the main documentation.
**Recommendation:** Add a comprehensive project table to root CLAUDE.md that lists ALL active projects with their status, apps (backend/web/mobile/landing), and ports.
---
### 2. **Projects Listed as "Archived" But Actually Active**
**CRITICAL CONFUSION:** The root CLAUDE.md lists these as archived in `apps-archived/`:
- maerchenzauber
- memoro
- wisekeep
- reader
- nutriphi
**BUT:** These projects actually exist in `apps/` (active workspace):
- `/apps/maerchenzauber/` ✅ EXISTS (backend + mobile)
- `/apps/memoro/` ✅ EXISTS (mobile only)
- `/apps/wisekeep/` ✅ EXISTS (backend + mobile)
- `/apps/reader/` ✅ EXISTS (mobile only)
- `/apps/nutriphi/` ✅ EXISTS (backend + mobile)
**Also in apps-archived/:**
- `/apps-archived/maerchenzauber/` ✅ EXISTS
- `/apps-archived/memoro/` ✅ EXISTS
- `/apps-archived/wisekeep/` ✅ EXISTS
- `/apps-archived/reader/` ✅ EXISTS
- `/apps-archived/nutriphi/` ✅ EXISTS
**Impact:** This creates severe confusion. It appears these projects were copied to `apps/` from `apps-archived/` but the documentation was not updated. Developers don't know if these are active or archived.
**Recommendation:**
1. Determine which version is canonical (apps/ or apps-archived/)
2. Remove duplicates
3. Update documentation to reflect actual status
4. If both versions should exist, explain why in documentation
---
### 3. **Missing Project-Level CLAUDE.md Files**
**Projects WITH CLAUDE.md (11):**
- ✅ calendar (detailed, German)
- ✅ chat (comprehensive)
- ✅ clock (detailed, German)
- ✅ contacts (comprehensive)
- ✅ context (concise but complete)
- ✅ manacore (exists, need to verify)
- ✅ todo (detailed, German)
- ✅ zitare (comprehensive)
- ✅ mana-core-auth (service)
- ✅ Several archived projects (maerchenzauber, reader, uload)
- ✅ Game projects (figgos, mana-games, voxelava, worldream)
**Projects MISSING CLAUDE.md (6+):**
- ❌ **manadeck** - Major project with backend/web/mobile/landing
- ❌ **picture** - AI image generation project
- ❌ **quote** - Quote management app
- ❌ **maerchenzauber** (active version in apps/)
- ❌ **memoro** (active version in apps/)
- ❌ **nutriphi** (active version in apps/)
- ❌ **wisekeep** (active version in apps/)
- ❌ **reader** (active version in apps/)
- ❌ All projects in `apps-archived/` that don't have CLAUDE.md
**Impact:** No project-specific guidance for important projects like manadeck and picture, which are prominently featured in root docs.
**Recommendation:** Create CLAUDE.md files for all active projects, especially manadeck and picture.
---
## Medium Priority Findings
### 4. **Inconsistent Landing Page Documentation**
**Root CLAUDE.md** lists landing pages for:
- Chat ✅
- Picture ✅
- ManaCore ✅
- ManaDeck ✅
- Zitare ✅
**BUT actual landing pages exist for (7 total):**
- ✅ chat
- ✅ picture
- ✅ manacore
- ✅ manadeck
- ✅ zitare
- ✅ **calendar** (NOT documented in root)
- ✅ **clock** (NOT documented in root)
**Deploy scripts exist for (10):**
```json
"deploy:landing:chat"
"deploy:landing:picture"
"deploy:landing:manacore"
"deploy:landing:manadeck"
"deploy:landing:zitare"
"deploy:landing:presi" // Landing doesn't exist
"deploy:landing:clock"
"deploy:landing:mail" // Landing doesn't exist
"deploy:landing:moodlit" // Landing doesn't exist
"deploy:landing:all"
```
**Impact:** Documentation doesn't reflect which projects actually have landing pages vs which have deploy scripts.
**Recommendation:**
1. Remove deploy scripts for non-existent landing pages (presi, mail, moodlit)
2. Document calendar and clock landing pages in root CLAUDE.md
3. Update "Landing Pages" section to be accurate
---
### 5. **Backend Port Documentation Inconsistencies**
**Root CLAUDE.md** documents these backend ports:
- Chat: 3002 ✅
- Picture: 3006 ✅
- Zitare: 3007 ✅
- Presi: 3008 (⚠️ presi backend doesn't exist in apps/)
- ManaDeck: 3009 ✅
**Missing from root docs:**
- **Calendar backend:** Port 3014 (from calendar/CLAUDE.md)
- **Contacts backend:** Port 3015 (from contacts/CLAUDE.md)
- **Clock backend:** Port 3017 (from clock/CLAUDE.md)
- **Todo backend:** Port 3018 (from todo/CLAUDE.md)
- **mana-core-auth:** Port 3001 (documented in auth section)
**Recommendation:** Create a complete backend port reference table in root CLAUDE.md.
---
### 6. **Games Projects Not Documented**
**Games directory exists with 5 projects:**
- figgos (with CLAUDE.md ✅)
- mana-games (with CLAUDE.md ✅)
- voxelava
- whopixels
- worldream (with CLAUDE.md ✅)
**Root CLAUDE.md mentions:**
```
├── games/ # Game projects
│ └── {game-name}/ # Individual games
```
But provides NO details about which games exist or their status.
**Recommendation:** Add a "Game Projects" section listing all games with brief descriptions.
---
### 7. **Shared Packages Documentation Gaps**
**Root CLAUDE.md lists 10 shared packages:**
- @manacore/shared-nestjs-auth ✅
- @mana-core/nestjs-integration ✅
- @manacore/shared-auth ✅
- @manacore/shared-storage ✅
- @manacore/shared-supabase ✅
- @manacore/shared-types ✅
- @manacore/shared-utils ✅
- @manacore/shared-ui ✅
- @manacore/shared-theme ✅
- @manacore/shared-i18n ✅
**Actual packages/ directory has 34 packages:**
```
eslint-config
mana-core-nestjs-integration
manadeck-database
news-database
nutriphi-database
shared-api-client
shared-auth
shared-auth-stores
shared-auth-ui
shared-branding
shared-config
shared-credit-service
shared-errors
shared-feedback-service
shared-feedback-types
shared-feedback-ui
shared-i18n
shared-icons
shared-landing-ui
shared-nestjs-auth
shared-profile-ui
shared-storage
shared-stores
shared-subscription-types
shared-subscription-ui
shared-supabase
shared-tailwind
shared-theme
shared-theme-ui
shared-types
shared-ui
shared-utils
shared-vite-config
test-config
uload-database
```
**Missing from documentation:**
- @manacore/shared-errors
- @manacore/shared-api-client
- @manacore/shared-auth-stores
- @manacore/shared-auth-ui
- @manacore/shared-branding
- @manacore/shared-config
- @manacore/shared-credit-service
- @manacore/shared-feedback-service
- @manacore/shared-feedback-types
- @manacore/shared-feedback-ui
- @manacore/shared-icons
- @manacore/shared-landing-ui
- @manacore/shared-profile-ui
- @manacore/shared-stores
- @manacore/shared-subscription-types
- @manacore/shared-subscription-ui
- @manacore/shared-tailwind
- @manacore/shared-theme-ui
- @manacore/shared-vite-config
- @manacore/test-config
- @manacore/eslint-config
- Project-specific DB packages (manadeck-database, news-database, nutriphi-database, uload-database)
**Recommendation:** Add a complete packages reference or link to a dedicated packages documentation file.
---
## Low Priority Findings
### 8. **Development Commands Missing for Some Projects**
**Root CLAUDE.md** provides dev commands for:
- manacore:dev ✅
- manadeck:dev ✅
- picture:dev ✅
- chat:dev ✅
- zitare:dev ✅
- presi:dev ⚠️ (presi doesn't exist in apps/, only in apps-archived/)
- contacts:dev ✅
- mail:dev ⚠️ (mail exists in apps-archived/, not apps/)
**Missing commands for active projects:**
- calendar:dev (exists in package.json ✅)
- clock:dev (exists in package.json ✅)
- todo:dev (exists in package.json ✅)
- moodlit:dev (exists in package.json ✅)
- finance:dev (exists in package.json ✅)
- context:dev (exists in package.json ✅)
- worldream:dev (exists in package.json ✅)
- figgos:dev (exists in package.json ✅)
- mana-games:dev (exists in package.json ✅)
- voxel-lava:dev (exists in package.json ✅)
**Recommendation:** Update command examples to include all active projects or use a pattern like "pnpm {project}:dev".
---
### 9. **Environment Variables Documentation Inconsistencies**
**Root CLAUDE.md** references:
- `/docs/ENVIRONMENT_VARIABLES.md` ✅ (file exists and is comprehensive)
**But ENVIRONMENT_VARIABLES.md documents these projects:**
- Mana Core Auth ✅
- Chat ✅
- Maerchenzauber ✅
- Memoro ✅
- Manacore ✅
- Manadeck ✅
**Missing from ENVIRONMENT_VARIABLES.md:**
- calendar
- clock
- contacts
- todo
- zitare
- picture
- All games
- All other active projects
**Recommendation:** Update docs/ENVIRONMENT_VARIABLES.md to include all active projects or clearly state it's only for select projects.
---
### 10. **Archived Projects Documentation Confusion**
**Root CLAUDE.md** lists 12 archived projects:
- bauntown ✅ (in apps-archived/)
- maerchenzauber ⚠️ (in BOTH apps/ and apps-archived/)
- memoro ⚠️ (in BOTH apps/ and apps-archived/)
- news ✅ (in apps-archived/)
- nutriphi ⚠️ (in BOTH apps/ and apps-archived/)
- reader ⚠️ (in BOTH apps/ and apps-archived/)
- uload ✅ (in apps-archived/)
- wisekeep ⚠️ (in BOTH apps/ and apps-archived/)
- techbase ✅ (in apps-archived/)
- inventory ✅ (in apps-archived/)
- presi ✅ (in apps-archived/)
- storage ✅ (in apps-archived/)
**Actually in apps-archived/ (16):**
- bauntown ✅
- finance ❌ (not listed as archived)
- inventory ✅
- maerchenzauber ⚠️
- mail ❌ (not listed as archived)
- memoro ⚠️
- moodlit ❌ (not listed as archived)
- news ✅
- nutriphi ⚠️
- presi ✅
- reader ⚠️
- storage ✅
- techbase ✅
- uload ✅
- wisekeep ⚠️
**Missing from archived list:**
- finance
- mail
- moodlit
**Recommendation:** Create accurate archived projects list and remove duplicates between apps/ and apps-archived/.
---
### 11. **S3 Buckets Documentation**
**Root CLAUDE.md** lists these pre-configured buckets:
- picture-storage (Picture)
- chat-storage (Chat)
- manadeck-storage (ManaDeck)
- nutriphi-storage (NutriPhi)
- presi-storage (Presi)
- calendar-storage (Calendar)
- contacts-storage (Contacts)
- storage-storage (Storage)
**Issues:**
- "storage-storage" is confusing naming
- Missing buckets for: clock, todo, zitare, etc.
- NutriPhi, Presi, Storage are archived - should they have buckets?
**Recommendation:** Verify which buckets actually exist in MinIO/Hetzner and update docs accordingly.
---
### 12. **Technology Stack Version Ranges Too Wide**
Root CLAUDE.md states:
- "React Native 0.76-0.81 + Expo SDK 52-54"
- "NestJS 10-11"
**Issue:** Version ranges should be more specific. Different projects may use different versions, causing confusion.
**Recommendation:** Either:
1. Specify exact versions used across monorepo
2. Link to a version compatibility matrix
3. State "varies by project, see project CLAUDE.md"
---
## Positive Findings
### What's Working Well ✅
1. **Root CLAUDE.md Structure** - Very well organized with clear sections
2. **Authentication Documentation** - Excellent detail on mana-core-auth integration
3. **Turborepo Configuration** - Critical recursive call warning is prominently documented
4. **Environment Setup** - Centralized .env.development system is well explained
5. **Shared Packages Philosophy** - Good explanation of import patterns
6. **Code Quality Section** - Good forward-looking documentation of planned infrastructure
7. **Project-Level Docs** - Where they exist (calendar, clock, contacts, todo, zitare), they're comprehensive
8. **Svelte 5 Runes** - Clear examples of correct vs incorrect usage
9. **Guidelines Directory** - Excellent `.claude/GUIDELINES.md` with links to detailed guides
10. **Landing Page Deployment** - Clear Cloudflare Pages workflow documented
---
## Recommendations by Priority
### Immediate Actions (This Week)
1. **Resolve Active vs Archived Confusion**
- Determine status of: maerchenzauber, memoro, wisekeep, reader, nutriphi
- Remove duplicates
- Update root CLAUDE.md
2. **Create Missing Project CLAUDE.md Files**
- manadeck
- picture
- All active projects without docs
3. **Update Root Projects Table**
- Add all 17 active projects
- Include: name, description, apps (backend/web/mobile/landing), port numbers
4. **Fix Landing Pages Section**
- Remove non-existent landing deploy scripts
- Add calendar, clock to landing pages list
### Short-term Actions (This Month)
5. **Backend Ports Reference Table**
- Complete table of all backends with ports in root CLAUDE.md
6. **Update Shared Packages List**
- Document all 34 packages or create dedicated packages.md
7. **Environment Variables Audit**
- Update docs/ENVIRONMENT_VARIABLES.md for all active projects
8. **Games Projects Section**
- Add games overview to root CLAUDE.md
### Long-term Improvements
9. **Version Compatibility Matrix**
- Document exact versions per project
10. **Automated Documentation Checks**
- Script to verify CLAUDE.md exists for all projects
- Script to check root docs match actual structure
11. **Documentation Generation**
- Auto-generate project list from filesystem
- Auto-generate port assignments from backend configs
---
## Statistics
| Metric | Count |
|--------|-------|
| **Active Projects (apps/)** | 17 |
| **Game Projects (games/)** | 5 |
| **Archived Projects (apps-archived/)** | 16 |
| **Services (services/)** | 1 (mana-core-auth) |
| **Projects with CLAUDE.md** | ~11 active + several archived |
| **Projects without CLAUDE.md** | ~6 major projects |
| **Backends in active apps/** | 12 |
| **Documented backends in root** | 5 |
| **Landing pages (actual)** | 7 |
| **Landing pages (documented)** | 5 |
| **Deploy scripts for landing** | 10 |
| **Shared packages (actual)** | 34 |
| **Shared packages (documented)** | 10 |
---
## Appendix A: Complete Active Projects List
| Project | Backend | Web | Mobile | Landing | Port | Status |
|---------|---------|-----|--------|---------|------|--------|
| calendar | ✅ | ✅ | ❌ | ✅ | 3014 | Active, documented |
| chat | ✅ | ✅ | ✅ | ✅ | 3002 | Active, documented |
| clock | ✅ | ✅ | ❌ | ✅ | 3017 | Active, documented |
| contacts | ✅ | ✅ | ❌ | ❌ | 3015 | Active, documented |
| context | ❌ | ❌ | ✅ | ❌ | - | Active, documented |
| maerchenzauber | ✅ | ❌ | ✅ | ❌ | ? | ⚠️ Duplicate in archived |
| manacore | ❌ | ✅ | ✅ | ✅ | - | Active, documented |
| manadeck | ✅ | ✅ | ✅ | ✅ | 3009 | Active, NO docs |
| memoro | ❌ | ❌ | ✅ | ❌ | - | ⚠️ Duplicate in archived |
| nutriphi | ✅ | ❌ | ✅ | ❌ | ? | ⚠️ Duplicate in archived |
| picture | ✅ | ✅ | ✅ | ✅ | 3006 | Active, NO docs |
| quote | ✅ | ✅ | ✅ | ❌ | ? | Active, NO docs |
| reader | ❌ | ❌ | ✅ | ❌ | - | ⚠️ Duplicate in archived |
| todo | ✅ | ✅ | ❌ | ❌ | 3018 | Active, documented |
| wisekeep | ✅ | ❌ | ✅ | ❌ | ? | ⚠️ Duplicate in archived |
| zitare | ✅ | ✅ | ✅ | ✅ | 3007 | Active, documented |
---
## Appendix B: Documentation Coverage Matrix
| Document | Exists | Accuracy | Completeness | Notes |
|----------|--------|----------|--------------|-------|
| `/CLAUDE.md` | ✅ | 7/10 | 6/10 | Missing many projects |
| `.claude/GUIDELINES.md` | ✅ | 9/10 | 9/10 | Excellent |
| `.claude/guidelines/*.md` | ✅ | 9/10 | 9/10 | Comprehensive |
| `docs/ENVIRONMENT_VARIABLES.md` | ✅ | 8/10 | 5/10 | Incomplete project coverage |
| `apps/calendar/CLAUDE.md` | ✅ | 10/10 | 10/10 | Excellent, German |
| `apps/chat/CLAUDE.md` | ✅ | 9/10 | 9/10 | Comprehensive |
| `apps/clock/CLAUDE.md` | ✅ | 10/10 | 10/10 | Excellent, German |
| `apps/contacts/CLAUDE.md` | ✅ | 9/10 | 9/10 | Comprehensive |
| `apps/context/CLAUDE.md` | ✅ | 8/10 | 8/10 | Concise but complete |
| `apps/manadeck/CLAUDE.md` | ❌ | - | - | **MISSING** |
| `apps/manacore/CLAUDE.md` | ✅ | ? | ? | Not reviewed in detail |
| `apps/picture/CLAUDE.md` | ❌ | - | - | **MISSING** |
| `apps/todo/CLAUDE.md` | ✅ | 10/10 | 10/10 | Excellent, German |
| `apps/zitare/CLAUDE.md` | ✅ | 9/10 | 9/10 | Comprehensive |
| `services/mana-core-auth/CLAUDE.md` | ✅ | ? | ? | Not reviewed in detail |
---
## Appendix C: Recommended Actions Checklist
### Critical (Do First)
- [ ] Resolve maerchenzauber, memoro, wisekeep, reader, nutriphi duplicate status
- [ ] Create manadeck/CLAUDE.md
- [ ] Create picture/CLAUDE.md
- [ ] Update root CLAUDE.md projects table with all 17 active projects
- [ ] Remove presi:dev and mail:dev from root commands (they're archived)
- [ ] Add calendar, clock, todo to root CLAUDE.md
### High Priority
- [ ] Create backend ports reference table in root CLAUDE.md
- [ ] Fix landing pages documentation (remove presi, mail, moodlit deploy scripts)
- [ ] Add games section to root CLAUDE.md
- [ ] Update archived projects list to match apps-archived/
### Medium Priority
- [ ] Expand shared packages documentation
- [ ] Update docs/ENVIRONMENT_VARIABLES.md for all active projects
- [ ] Add CLAUDE.md for quote, and other undocumented active projects
- [ ] Document S3 buckets accurately
### Low Priority
- [ ] Create version compatibility matrix
- [ ] Verify all commands in package.json match documentation
- [ ] Add automated documentation validation scripts
- [ ] Consider auto-generating parts of documentation from filesystem
---
**End of Report**

11
.github/workflows/cd-staging-tagged.yml vendored
View file

@ -21,10 +21,7 @@ on:
- zitare
- presi
- mana-core-auth
- manacore
- todo
- calendar
- clock
apps:
description: 'Apps to deploy (comma-separated: backend,web,landing or "all")'
required: true
@ -109,10 +106,7 @@ jobs:
PROJECT_APPS[zitare]="backend,web"
PROJECT_APPS[presi]="backend,web"
PROJECT_APPS[mana-core-auth]="service"
PROJECT_APPS[manacore]="web"
PROJECT_APPS[todo]="backend,web"
PROJECT_APPS[calendar]="backend,web"
PROJECT_APPS[clock]="backend,web"
# Expand "all" to available apps
if [ "$APPS" == "all" ]; then
@ -171,8 +165,6 @@ jobs:
manadeck) PORT="3009" ;;
zitare) PORT="3007" ;;
presi) PORT="3008" ;;
calendar) PORT="3016" ;;
clock) PORT="3017" ;;
todo) PORT="3018" ;;
esac
@ -353,7 +345,8 @@ jobs:
if grep -q "^$VERSION_VAR=" .env 2>/dev/null; then
sed -i "s/^$VERSION_VAR=.*/$VERSION_VAR=$VERSION/" .env
else
echo "$VERSION_VAR=$VERSION" >> .env
echo "Service \$SERVICE_NAME not found in compose, starting..."
docker compose up -d --force-recreate \$SERVICE_NAME
fi
echo "Updated .env: $VERSION_VAR=$VERSION"

19
.github/workflows/ci.yml vendored
View file

@ -17,24 +17,6 @@ on:
branches:
- main
- dev
paths:
- 'apps/**'
- 'packages/**'
- 'services/**'
- 'package.json'
- 'pnpm-lock.yaml'
- 'turbo.json'
pull_request:
branches:
- main
- dev
paths:
- 'apps/**'
- 'packages/**'
- 'services/**'
- 'package.json'
- 'pnpm-lock.yaml'
- 'turbo.json'
workflow_dispatch:
concurrency:
@ -89,7 +71,6 @@ jobs:
- { name: 'mana-core-auth', path: 'services/mana-core-auth', port: '3001' }
- { name: 'chat-backend', path: 'apps/chat/apps/backend', port: '3002' }
- { name: 'chat-web', path: 'apps/chat/apps/web', port: '3000' }
- { name: 'manacore-web', path: 'apps/manacore/apps/web', port: '5173' }
- { name: 'todo-backend', path: 'apps/todo/apps/backend', port: '3018' }
- { name: 'todo-web', path: 'apps/todo/apps/web', port: '5188' }
- { name: 'calendar-backend', path: 'apps/calendar/apps/backend', port: '3016' }

15
apps/todo/apps/backend/Dockerfile
View file

@ -11,29 +11,26 @@ COPY pnpm-workspace.yaml ./
COPY package.json ./
COPY pnpm-lock.yaml ./
# Copy shared packages
COPY packages/better-auth-types ./packages/better-auth-types
# Copy shared packages (todo-backend uses shared-nestjs-auth)
COPY packages/shared-errors ./packages/shared-errors
COPY packages/shared-nestjs-auth ./packages/shared-nestjs-auth
COPY packages/shared-nestjs-cors ./packages/shared-nestjs-cors
# Copy todo backend
# Copy todo shared package and backend
COPY apps/todo/packages/shared ./apps/todo/packages/shared
COPY apps/todo/apps/backend ./apps/todo/apps/backend
# Install dependencies
RUN pnpm install --frozen-lockfile
# Build shared packages first
WORKDIR /app/packages/better-auth-types
RUN pnpm build
WORKDIR /app/packages/shared-errors
RUN pnpm build
WORKDIR /app/packages/shared-nestjs-auth
RUN pnpm build
WORKDIR /app/packages/shared-nestjs-cors
WORKDIR /app/apps/todo/packages/shared
RUN pnpm build
# Build the backend
@ -55,7 +52,7 @@ COPY --from=builder /app/package.json ./
COPY --from=builder /app/pnpm-lock.yaml ./
COPY --from=builder /app/node_modules ./node_modules
COPY --from=builder /app/packages ./packages
COPY --from=builder /app/apps/todo/apps/backend ./apps/todo/apps/backend
COPY --from=builder /app/apps/todo ./apps/todo
# Copy entrypoint script
COPY apps/todo/apps/backend/docker-entrypoint.sh /usr/local/bin/
@ -68,7 +65,7 @@ EXPOSE 3018
# Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
CMD wget --no-verbose --tries=1 --spider http://localhost:3018/api/v1/health || exit 1
CMD wget --no-verbose --tries=1 --spider http://localhost:3018/api/health || exit 1
# Run entrypoint script
ENTRYPOINT ["docker-entrypoint.sh"]

21
apps/todo/apps/backend/docker-entrypoint.sh
View file

@ -1,23 +1,8 @@
#!/bin/sh
set -e
echo "=== Todo Backend Entrypoint ==="
echo "Starting Todo Backend..."
echo "Environment: ${NODE_ENV:-development}"
echo "Port: ${PORT:-3018}"
# Wait for PostgreSQL to be ready
echo "Waiting for PostgreSQL..."
until pg_isready -h ${DB_HOST:-postgres} -p ${DB_PORT:-5432} -U ${DB_USER:-postgres} 2>/dev/null; do
echo "PostgreSQL is unavailable - sleeping"
sleep 2
done
echo "PostgreSQL is up!"
cd /app/apps/todo/apps/backend
# Run schema push
echo "Pushing database schema..."
npx drizzle-kit push --force
echo "Schema push completed!"
# Execute the main command
echo "Starting application..."
exec "$@"

14
docker-compose.staging.yml
View file

@ -219,7 +219,7 @@ services:
# ============================================
todo-backend:
image: ${DOCKER_REGISTRY:-ghcr.io/memo-2023}/todo-backend:${TODO_VERSION:-latest}
image: ${DOCKER_REGISTRY:-ghcr.io/memo-2023}/todo-backend:${TODO_BACKEND_VERSION:-latest}
container_name: todo-backend-staging
restart: unless-stopped
depends_on:
@ -231,15 +231,11 @@ services:
NODE_ENV: staging
PORT: 3018
DATABASE_URL: postgresql://${POSTGRES_USER:-postgres}:${POSTGRES_PASSWORD}@postgres:5432/todo
DB_HOST: postgres
DB_PORT: 5432
DB_USER: ${POSTGRES_USER:-postgres}
MANA_CORE_AUTH_URL: http://mana-core-auth:3001
CORS_ORIGINS: https://todo.staging.manacore.ai,https://staging.manacore.ai,http://localhost:5188,http://localhost:5173
ports:
- "3018:3018"
healthcheck:
test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:3018/api/v1/health"]
test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:3018/api/health"]
interval: 30s
timeout: 10s
retries: 3
@ -262,10 +258,12 @@ services:
environment:
NODE_ENV: staging
PORT: 5188
# Server-side URLs (Docker internal network)
PUBLIC_BACKEND_URL: http://todo-backend:3018
PUBLIC_MANA_CORE_AUTH_URL: http://mana-core-auth:3001
PUBLIC_BACKEND_URL_CLIENT: https://todo-api.staging.manacore.ai
PUBLIC_MANA_CORE_AUTH_URL_CLIENT: https://auth.staging.manacore.ai
# Client-side URLs (browser access via public IP)
PUBLIC_BACKEND_URL_CLIENT: http://46.224.108.214:3018
PUBLIC_MANA_CORE_AUTH_URL_CLIENT: http://46.224.108.214:3001
ports:
- "5188:5188"
healthcheck: