feat(cutover): platform services build from ../mana, not from this repo

Part of the 8-Doppel-Cutover (2026-05-08, plan ~/.claude/plans/floating-swinging-flurry.md): - docker-compose.{macmini,dev,test}.yml: build context for mana-{auth,credits,media,llm,notify} switched to ../mana/services/... so the Mac Mini stack pulls platform services from the platform repo (sibling clone), not from services/ in this monorepo. - .npmrc + apps/api/{Dockerfile,package.json}: @mana/media-client now resolved from Verdaccio (npm.mana.how, ^0.1.0) instead of as a workspace COPY from services/mana-media/packages/client. Build-arg NPM_TOKEN flows through .npmrc for pnpm install auth. Required before services/mana-media/ can be deleted. - .github/workflows/{ci,cd-macmini,daily-tests}.yml: removed the detect-/build-/test-jobs that targeted services/mana-{auth,credits, notify,media}/. Those services build out of the platform repo now — CI for them belongs in mana/-repo (open). cd-macmini's workflow_dispatch can still rebuild any of them on demand; auto-detect on path-change is gone for these five. - scripts/{mac-mini/push-schemas.sh,run-integration-tests.sh}: rewritten to look in ../mana/ for the platform services. - package.json dev:{auth,credits,notify,media}: paths point at ../mana/services/... so local dev still works post-cutover. What this commit does NOT do: delete services/mana-{auth,credits,...} from this repo. That waits for Phase 7 once the Mac Mini stack has booted cleanly from the new build paths. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-14 16:41:08 +02:00 · 2026-05-08 18:40:08 +02:00 · 2026-05-08 18:40:08 +02:00 · 774852ba2d
commit 774852ba2d
parent 7b362066bb
12 changed files with 76 additions and 363 deletions
--- a/.github/workflows/cd-macmini.yml
+++ b/.github/workflows/cd-macmini.yml
@ -118,10 +118,18 @@ jobs:
          # Service → source paths. One line per compose service. Space-
          # separated paths are OR'd: any of them matching triggers a rebuild.
          # Keep names aligned with `docker compose config --services`.
          #
          # NOTE 2026-05-08 — 5 Plattform-Services (mana-auth, mana-credits,
          # mana-notify, mana-media, mana-llm) bauen ab dem Cutover aus
          # `../mana/services/...`. Ihre Source-Pfade liegen im Schwester-Repo
          # `mana/` und werden von diesem `git diff` (das nur das Monorepo
          # sieht) NICHT mehr automatisch erkannt. Manuelles Deploy geht
          # weiterhin via `workflow_dispatch` mit `service: mana-<x>` —
          # `docker compose build` zieht dann aus `../mana/`. Für
          # Auto-Detect bei Plattform-Code-Änderungen gehört ein eigener
          # CD-Workflow ins `mana/`-Repo (Offener Punkt, Phase 8).
          SERVICE_SOURCES=(
            "mana-auth|services/mana-auth/"
            "mana-ai|services/mana-ai/"
            "mana-credits|services/mana-credits/"
            "mana-research|services/mana-research/"
            "mana-events|services/mana-events/"
            "mana-geocoding|services/mana-geocoding/"
@ -130,11 +138,8 @@ jobs:
            "mana-analytics|services/mana-analytics/"
            "mana-search|services/mana-search/ packages/shared-go/"
            "mana-sync|services/mana-sync/ packages/shared-go/"
            "mana-notify|services/mana-notify/ packages/shared-go/"
            "mana-crawler|services/mana-crawler/ packages/shared-go/"
            "mana-api-gateway|services/mana-api-gateway/ packages/shared-go/"
            "mana-media|services/mana-media/"
            "mana-llm|services/mana-llm/"
            "mana-landing-builder|services/mana-landing-builder/ packages/shared-landing-ui/ packages/shared-types/"
            "mana-web|apps/mana/apps/web/ apps/mana/packages/"
            "mana-api|apps/api/"
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -303,90 +303,20 @@ jobs:
          fi
  # ===========================================
-  # Auth flow integration test
+  # NOTE 2026-05-08 — Plattform-Service-Tests/Builds (mana-auth,
  # mana-credits, mana-mail, mana-media, mana-llm, mana-notify, mana-stt,
  # mana-tts) leben jetzt im Schwester-Repo `mana/` und sind dort zu
  # testen + zu bauen. Der frühere `auth-integration`-Job und
  # `build-mana-{auth,notify,media,credits}` wurden entfernt, weil sie
  # `services/mana-<x>/` aus diesem Repo erwarteten — diese Verzeichnisse
  # gibt es ab Phase 7 nicht mehr. Offener Punkt: eigene CI im
  # `mana/`-Repo aufsetzen (mit auth-integration + Build-Push).
  # ===========================================
  # Spins up postgres + redis + mailpit + mana-auth + mana-notify via
  # docker-compose.test.yml and runs tests/integration/auth-flow.test.ts.
  # Catches register/verify/login/JWT/encryption-vault regressions before
  # they can be merged. Required check — never bypass.
  auth-integration:
    name: Auth flow integration test
    runs-on: ubuntu-latest
    if: github.event_name == 'pull_request'
    timeout-minutes: 15
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      - name: Setup pnpm
        uses: pnpm/action-setup@v2
        with:
          version: ${{ env.PNPM_VERSION }}
      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: ${{ env.NODE_VERSION }}
          cache: 'pnpm'
      - name: Setup Bun
        uses: oven-sh/setup-bun@v2
        with:
          bun-version: latest
      - name: Install dependencies
        run: pnpm install --frozen-lockfile
      - name: Run auth flow integration test
        run: ./scripts/run-integration-tests.sh
      - name: Dump test stack logs on failure
        if: failure()
        run: |
          echo "::group::mana-auth logs"
          docker logs mana-test-mana-auth 2>&1 | tail -200 || true
          echo "::endgroup::"
          echo "::group::mana-notify logs"
          docker logs mana-test-mana-notify 2>&1 | tail -200 || true
          echo "::endgroup::"
          echo "::group::mailpit messages"
          curl -s http://localhost:8026/api/v1/messages | head -100 || true
          echo "::endgroup::"
  # ===========================================
  # Build Docker images - only changed services
  # ===========================================
  build-mana-auth:
    name: Build mana-auth
    runs-on: ubuntu-latest
    needs: detect-changes
    if: needs.detect-changes.outputs.mana-auth == 'true'
    steps:
      - uses: actions/checkout@v4
      - uses: docker/setup-qemu-action@v3
      - uses: docker/setup-buildx-action@v3
      - uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - uses: docker/metadata-action@v5
        id: meta
        with:
          images: ghcr.io/${{ github.repository_owner }}/mana-auth
          tags: type=raw,value=latest
      - uses: docker/build-push-action@v5
        with:
          context: .
          file: services/mana-auth/Dockerfile
          platforms: linux/amd64,linux/arm64
          push: true
          tags: ${{ steps.meta.outputs.tags }}
          cache-from: type=gha
          cache-to: type=gha,mode=max
  build-mana-search:
    name: Build mana-search
    runs-on: ubuntu-latest
@ -446,35 +376,6 @@ jobs:
          cache-from: type=gha
          cache-to: type=gha,mode=max
  build-mana-notify:
    name: Build mana-notify
    runs-on: ubuntu-latest
    needs: detect-changes
    if: needs.detect-changes.outputs.mana-notify == 'true'
    steps:
      - uses: actions/checkout@v4
      - uses: docker/setup-qemu-action@v3
      - uses: docker/setup-buildx-action@v3
      - uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - uses: docker/metadata-action@v5
        id: meta
        with:
          images: ghcr.io/${{ github.repository_owner }}/mana-notify
          tags: type=raw,value=latest
      - uses: docker/build-push-action@v5
        with:
          context: .
          file: services/mana-notify/Dockerfile
          platforms: linux/amd64,linux/arm64
          push: true
          tags: ${{ steps.meta.outputs.tags }}
          cache-from: type=gha
          cache-to: type=gha,mode=max
  build-mana-api-gateway:
    name: Build mana-api-gateway
    runs-on: ubuntu-latest
@ -534,60 +435,6 @@ jobs:
          cache-to: type=gha,mode=max
  # Hono/Bun services
-  build-mana-media:
+  # NOTE 2026-05-08 — `build-mana-media` und `build-mana-credits` sind
-    name: Build mana-media
+  # entfallen: Plattform-Services leben jetzt im Schwester-Repo `mana/`.
-    runs-on: ubuntu-latest
+  # Build-Push gehört in eine separate CI dort. Siehe Header oben.
    needs: detect-changes
    if: needs.detect-changes.outputs.mana-media == 'true'
    steps:
      - uses: actions/checkout@v4
      - uses: docker/setup-qemu-action@v3
      - uses: docker/setup-buildx-action@v3
      - uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - uses: docker/metadata-action@v5
        id: meta
        with:
          images: ghcr.io/${{ github.repository_owner }}/mana-media
          tags: type=raw,value=latest
      - uses: docker/build-push-action@v5
        with:
          context: services/mana-media/apps/api
          file: services/mana-media/apps/api/Dockerfile
          platforms: linux/amd64,linux/arm64
          push: true
          tags: ${{ steps.meta.outputs.tags }}
          cache-from: type=gha
          cache-to: type=gha,mode=max
  build-mana-credits:
    name: Build mana-credits
    runs-on: ubuntu-latest
    needs: detect-changes
    if: needs.detect-changes.outputs.mana-credits == 'true'
    steps:
      - uses: actions/checkout@v4
      - uses: docker/setup-qemu-action@v3
      - uses: docker/setup-buildx-action@v3
      - uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - uses: docker/metadata-action@v5
        id: meta
        with:
          images: ghcr.io/${{ github.repository_owner }}/mana-credits
          tags: type=raw,value=latest
      - uses: docker/build-push-action@v5
        with:
          context: services/mana-credits
          file: services/mana-credits/Dockerfile
          platforms: linux/amd64,linux/arm64
          push: true
          tags: ${{ steps.meta.outputs.tags }}
          cache-from: type=gha
          cache-to: type=gha,mode=max
--- a/.github/workflows/daily-tests.yml
+++ b/.github/workflows/daily-tests.yml
@ -38,182 +38,18 @@ env:
  COVERAGE_THRESHOLD: ${{ github.event.inputs.coverage_threshold || '80' }}
 jobs:
-  # Job 1: Test mana-auth with coverage
+  # NOTE 2026-05-08 — `test-mana-auth` (Coverage-Job) ist entfernt:
-  test-mana-auth:
+  # mana-auth lebt seit dem 8-Doppel-Cutover im Schwester-Repo `mana/`.
-    name: Test mana-auth
+  # Der Coverage-Test gehört dort hin (Offener Punkt). `test-integration`
-    runs-on: ubuntu-latest
+  # wurde ebenfalls zur Plattform — siehe nächster Job.
-    services:
+  # Job 2 (test-integration) ebenfalls entfernt — der frühere Job lief
-      postgres:
+  # `services/mana-auth/test/integration`-Suite, die nach Phase 7 nicht
-        image: postgres:16-alpine
+  # mehr existiert. Gehört in den `mana/`-Repo-CI.
        env:
          POSTGRES_USER: mana
          POSTGRES_PASSWORD: testpassword
          POSTGRES_DB: mana
        options: >-
          --health-cmd pg_isready
          --health-interval 10s
          --health-timeout 5s
          --health-retries 5
        ports:
          - 5432:5432
      redis:
        image: redis:7-alpine
        options: >-
          --health-cmd "redis-cli ping"
          --health-interval 10s
          --health-timeout 5s
          --health-retries 5
        ports:
          - 6379:6379
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      - name: Setup pnpm
        uses: pnpm/action-setup@v2
        with:
          version: ${{ env.PNPM_VERSION }}
      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: ${{ env.NODE_VERSION }}
          cache: 'pnpm'
      - name: Install dependencies
        run: pnpm install --frozen-lockfile
      - name: Build dependencies
        run: pnpm run build:packages
      - name: Setup test database
        working-directory: services/mana-auth
        env:
          DATABASE_URL: postgresql://mana:testpassword@localhost:5432/mana
        run: pnpm run db:migrate
      - name: Run tests with coverage
        working-directory: services/mana-auth
        env:
          DATABASE_URL: postgresql://mana:testpassword@localhost:5432/mana
          REDIS_URL: redis://localhost:6379
          NODE_ENV: test
          JWT_ISSUER: mana
          JWT_AUDIENCE: mana
        run: |
          if [ "${{ github.event.inputs.verbose }}" = "true" ]; then
            pnpm run test:cov --verbose
          else
            pnpm run test:cov
          fi
      - name: Upload coverage to artifact
        if: always()
        uses: actions/upload-artifact@v4
        with:
          name: coverage-mana-auth
          path: services/mana-auth/coverage
          retention-days: 30
      - name: Check coverage threshold
        working-directory: services/mana-auth
        run: |
          if [ -f "coverage/coverage-summary.json" ]; then
            COVERAGE=$(node -e "const c = require('./coverage/coverage-summary.json'); console.log(c.total.lines.pct)")
            echo "Coverage for mana-auth: ${COVERAGE}%"
            if (( $(echo "$COVERAGE < $COVERAGE_THRESHOLD" | bc -l) )); then
              echo "::error::Coverage ${COVERAGE}% is below threshold ${COVERAGE_THRESHOLD}%"
              exit 1
            fi
          fi
  # Job 2: Integration tests (E2E flows)
  test-integration:
    name: Integration Tests
    runs-on: ubuntu-latest
    services:
      postgres:
        image: postgres:16-alpine
        env:
          POSTGRES_USER: mana
          POSTGRES_PASSWORD: testpassword
          POSTGRES_DB: mana
        options: >-
          --health-cmd pg_isready
          --health-interval 10s
          --health-timeout 5s
          --health-retries 5
        ports:
          - 5432:5432
      redis:
        image: redis:7-alpine
        options: >-
          --health-cmd "redis-cli ping"
          --health-interval 10s
          --health-timeout 5s
          --health-retries 5
        ports:
          - 6379:6379
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      - name: Setup pnpm
        uses: pnpm/action-setup@v2
        with:
          version: ${{ env.PNPM_VERSION }}
      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: ${{ env.NODE_VERSION }}
          cache: 'pnpm'
      - name: Install dependencies
        run: pnpm install --frozen-lockfile
      - name: Build dependencies
        run: pnpm run build:packages
      - name: Setup databases for integration tests
        working-directory: services/mana-auth
        env:
          DATABASE_URL: postgresql://mana:testpassword@localhost:5432/mana
        run: pnpm run db:migrate
      - name: Run integration tests
        env:
          DATABASE_URL: postgresql://mana:testpassword@localhost:5432/mana
          REDIS_URL: redis://localhost:6379
          NODE_ENV: test
          JWT_ISSUER: mana
          JWT_AUDIENCE: mana
        run: |
          # Run auth integration tests
          cd services/mana-auth
          if [ -d "test/integration" ]; then
            pnpm run test:e2e || pnpm run test -- test/integration
          fi
      - name: Upload integration test results
        if: always()
        uses: actions/upload-artifact@v4
        with:
          name: integration-test-results
          path: services/mana-auth/test-results
          retention-days: 30
  # Job 3: Always send Discord notification (success or failure)
  notify:
    name: Discord Notification
    needs: [test-mana-auth, test-integration]
    if: always()
    runs-on: ubuntu-latest
--- a/.npmrc
+++ b/.npmrc
@ -1 +1,3 @@
 node-linker=hoisted
@mana:registry=https://npm.mana.how/
 //npm.mana.how/:_authToken=${NPM_TOKEN}
--- a/apps/api/Dockerfile
+++ b/apps/api/Dockerfile
@ -25,6 +25,10 @@ RUN npm install -g pnpm@9.15.0
 # before we add source. This caches the install layer for incremental
 # rebuilds when only source changes.
 COPY package.json pnpm-lock.yaml pnpm-workspace.yaml ./
 # Repo-`.npmrc` enthält die Auth-Variable `${NPM_TOKEN}` für
 # `npm.mana.how`. pnpm substituiert die Variable aus dem ENV unten —
 # der Token landet nicht in einem Layer (kein `RUN echo` mit dem Wert).
 COPY .npmrc ./
 COPY apps/api/package.json ./apps/api/package.json
 # Workspace packages that apps/api depends on, plus their transitive
@ -38,11 +42,17 @@ COPY packages/shared-storage ./packages/shared-storage
 COPY packages/shared-types ./packages/shared-types
 COPY packages/shared-ai ./packages/shared-ai
 COPY packages/shared-rss ./packages/shared-rss
-# @mana/media-client lives under services/mana-media (sub-package).
+# `@mana/media-client` kommt seit dem 8-Doppel-Cutover (2026-05-08) aus
-COPY services/mana-media/packages/client ./services/mana-media/packages/client
+# Verdaccio (`npm.mana.how`), nicht mehr als Workspace-COPY aus
 # `services/mana-media/packages/client/` (das Verzeichnis verschwindet
 # mit Phase 7).
 # Resolve the dependency graph for apps/api only (--filter ...
-# follows the workspace transitive deps automatically).
+# follows the workspace transitive deps automatically). NPM_TOKEN ist
 # Build-Arg aus `docker-compose.macmini.yml` → `args.NPM_TOKEN` und wird
 # von pnpm in `.npmrc` substituiert.
 ARG NPM_TOKEN
 ENV NPM_TOKEN=${NPM_TOKEN}
 RUN pnpm install --filter @mana/api... --no-frozen-lockfile --ignore-scripts
 # Copy the api source and tsconfig last so source-only changes don't
--- a/apps/api/package.json
+++ b/apps/api/package.json
@ -14,7 +14,7 @@
 	},
 	"dependencies": {
 		"@ai-sdk/openai-compatible": "^2.0.41",
-		"@mana/media-client": "workspace:*",
+		"@mana/media-client": "^0.1.0",
 		"@mana/shared-ai": "workspace:*",
 		"@mana/shared-hono": "workspace:*",
 		"@mana/shared-rss": "workspace:*",
--- a/docker-compose.dev.yml
+++ b/docker-compose.dev.yml
@ -153,7 +153,7 @@ services:
  mana-auth:
    profiles: ["auth", "all"]
    build:
-      context: .
+      context: ../mana
      dockerfile: ./services/mana-auth/Dockerfile
    container_name: mana-auth
    restart: unless-stopped
--- a/docker-compose.macmini.yml
+++ b/docker-compose.macmini.yml
@ -204,7 +204,7 @@ services:
  mana-auth:
    build:
-      context: .
+      context: ../mana
      dockerfile: services/mana-auth/Dockerfile
    image: mana-auth:local
    container_name: mana-auth
@ -270,7 +270,7 @@ services:
  mana-credits:
    build:
-      context: .
+      context: ../mana
      dockerfile: services/mana-credits/Dockerfile
    image: mana-credits:local
    container_name: mana-credits
@ -635,7 +635,7 @@ services:
  mana-notify:
    build:
-      context: .
+      context: ../mana
      dockerfile: services/mana-notify/Dockerfile
    image: mana-notify:local
    container_name: mana-core-notify
@ -726,7 +726,7 @@ services:
  mana-media:
    build:
-      context: services/mana-media/apps/api
+      context: ../mana/services/mana-media/apps/api
    image: mana-media:local
    container_name: mana-core-media
    restart: always
@ -1090,7 +1090,7 @@ services:
  mana-llm:
    build:
-      context: ./services/mana-llm
+      context: ../mana/services/mana-llm
      dockerfile: Dockerfile
    container_name: mana-service-llm
    restart: unless-stopped
@ -1278,6 +1278,12 @@ services:
    build:
      context: .
      dockerfile: apps/api/Dockerfile
      args:
        # Verdaccio-Token zum Pullen von @mana/media-client (und künftiger
        # Plattform-Pakete). Auf dem Mac-Mini kommt aus `.env.macmini`,
        # in CI aus `secrets.NPM_AUTH_TOKEN`. Setzt die `.npmrc`-
        # Variable `${NPM_TOKEN}` zur Build-Zeit.
        NPM_TOKEN: ${NPM_AUTH_TOKEN:-${NPM_TOKEN:-}}
    image: mana-api:local
    container_name: mana-api
    restart: always
--- a/docker-compose.test.yml
+++ b/docker-compose.test.yml
@ -83,8 +83,8 @@ services:
  mana-auth:
    build:
-      context: ./services/mana-auth
+      context: ../mana
-      dockerfile: Dockerfile
+      dockerfile: services/mana-auth/Dockerfile
    container_name: mana-test-mana-auth
    environment:
      NODE_ENV: production    # exercise the prod KEK validation path
@ -119,7 +119,7 @@ services:
  mana-notify:
    build:
-      context: .
+      context: ../mana
      dockerfile: services/mana-notify/Dockerfile
    container_name: mana-test-mana-notify
    # mana-notify pings the database once at startup and exits on
--- a/package.json
+++ b/package.json
@ -78,7 +78,7 @@
 		"dev:chat:web": "pnpm --filter @chat/web dev",
 		"dev:chat:landing": "pnpm --filter @chat/landing dev",
 		"dev:chat:app": "concurrently -n api,web -c yellow,cyan \"pnpm dev:api\" \"pnpm dev:chat:web\"",
-		"dev:auth": "cd services/mana-auth && bun run --hot src/index.ts",
+		"dev:auth": "cd ../mana/services/mana-auth && bun run --hot src/index.ts",
 		"dev:events": "cd services/mana-events && bun run --hot src/index.ts",
 		"dev:analytics": "cd services/mana-analytics && bun run --hot src/index.ts",
 		"dev:sync": "cd services/mana-sync && JWKS_URL=http://localhost:3001/api/auth/jwks DATABASE_URL=postgresql://mana:devpassword@localhost:5432/mana_sync ./server",
@ -234,8 +234,8 @@
 		"cf:projects:create": "echo 'Creating Cloudflare Pages projects...' && npx wrangler pages project create chat-landing --production-branch=main && npx wrangler pages project create picture-landing --production-branch=main && npx wrangler pages project create mana-landing --production-branch=main && npx wrangler pages project create cards-landing --production-branch=main && npx wrangler pages project create quotes-landing --production-branch=main",
 		"dev:search": "cd services/mana-search && PORT=3021 SEARXNG_URL=http://localhost:8080 REDIS_HOST=localhost REDIS_PORT=6379 REDIS_PASSWORD=${REDIS_PASSWORD:-devpassword} go run ./cmd/server",
 		"dev:crawler": "cd services/mana-crawler && go run ./cmd/server",
-		"dev:credits": "cd services/mana-credits && bun run --hot src/index.ts",
+		"dev:credits": "cd ../mana/services/mana-credits && bun run --hot src/index.ts",
-		"dev:notify": "cd services/mana-notify && DATABASE_URL=postgresql://mana:devpassword@localhost:5432/mana_notify go run ./cmd/server",
+		"dev:notify": "cd ../mana/services/mana-notify && DATABASE_URL=postgresql://mana:devpassword@localhost:5432/mana_notify go run ./cmd/server",
 		"questions:dev": "turbo run dev --filter=questions...",
 		"dev:questions:web": "pnpm --filter @questions/web dev",
 		"dev:questions:app": "concurrently -n api,web -c yellow,cyan \"pnpm dev:api\" \"pnpm dev:questions:web\"",
@ -267,7 +267,7 @@
 		"dev:times:local": "concurrently -n sync,web -c magenta,cyan \"pnpm dev:sync\" \"pnpm dev:times:web\"",
 		"dev:calc:local": "concurrently -n sync,web -c magenta,cyan \"pnpm dev:sync\" \"pnpm dev:calc:web\"",
 		"dev:manavoxel:local": "concurrently -n sync,web -c magenta,cyan \"pnpm dev:sync\" \"pnpm dev:manavoxel:web\"",
-		"dev:media": "cd services/mana-media/apps/api && bun run --hot src/index.ts",
+		"dev:media": "cd ../mana/services/mana-media/apps/api && bun run --hot src/index.ts",
 		"dev:geocoding": "cd services/mana-geocoding && bun run --hot src/index.ts",
 		"dev:mana:servers": "concurrently -n auth,sync,api,media,crawler,credits,search -c blue,magenta,yellow,green,cyan,red,gray \"pnpm dev:auth\" \"pnpm dev:sync\" \"pnpm dev:api\" \"pnpm dev:media\" \"pnpm dev:crawler\" \"pnpm dev:credits\" \"pnpm dev:search\""
 	},
--- a/scripts/mac-mini/push-schemas.sh
+++ b/scripts/mac-mini/push-schemas.sh
@ -29,8 +29,11 @@ push_schema() {
 }
 echo "Core Services:"
-push_schema "mana-auth" "services/mana-auth"
+# Plattform-Services bauen ab dem 2026-05-08-Cutover aus dem
-push_schema "mana-credits" "services/mana-credits"
+# Schwester-Repo `../mana/`. Auf dem Mac Mini liegt das als
 # `/Users/mana/projects/mana/`, parallel zu `mana-monorepo`.
 push_schema "mana-auth" "../mana/services/mana-auth"
 push_schema "mana-credits" "../mana/services/mana-credits"
 push_schema "mana-user" "services/mana-user"
 push_schema "mana-subscriptions" "services/mana-subscriptions"
 push_schema "mana-analytics" "services/mana-analytics"
--- a/scripts/run-integration-tests.sh
+++ b/scripts/run-integration-tests.sh
@ -50,14 +50,18 @@ trap cleanup EXIT
 echo "==> Building & starting test stack"
 $DOCKER compose -f "$COMPOSE_FILE" up -d --build --wait
 # Plattform-`mana-auth` lebt seit dem 2026-05-08-Cutover im Schwester-
 # Repo `../mana/`. Schema-Push und SQL-Migrationen kommen von dort.
 MANA_PLATFORM_DIR="${MANA_PLATFORM_DIR:-$REPO_ROOT/../mana}"
 echo "==> Pushing mana-auth Drizzle schema into test postgres"
-DATABASE_URL="postgresql://mana:testpassword@localhost:5443/mana_platform" \
+( cd "$MANA_PLATFORM_DIR" && DATABASE_URL="postgresql://mana:testpassword@localhost:5443/mana_platform" \
-	pnpm --filter @mana/auth db:push --force >/dev/null
+	pnpm --filter @mana/auth db:push --force >/dev/null )
 echo "==> Applying encryption-vault SQL migrations (002, 003)"
-$DOCKER cp "$REPO_ROOT/services/mana-auth/sql/002_encryption_vaults.sql" \
+$DOCKER cp "$MANA_PLATFORM_DIR/services/mana-auth/sql/002_encryption_vaults.sql" \
 	mana-test-postgres:/tmp/002.sql
-$DOCKER cp "$REPO_ROOT/services/mana-auth/sql/003_recovery_wrap.sql" \
+$DOCKER cp "$MANA_PLATFORM_DIR/services/mana-auth/sql/003_recovery_wrap.sql" \
 	mana-test-postgres:/tmp/003.sql
 $DOCKER exec mana-test-postgres psql -U mana -d mana_platform -f /tmp/002.sql >/dev/null
 $DOCKER exec mana-test-postgres psql -U mana -d mana_platform -f /tmp/003.sql >/dev/null