From d5e18c9c279d9c7536f6df2aa717882a524224f3 Mon Sep 17 00:00:00 2001 From: Till-JS <101404291+Till-JS@users.noreply.github.com> Date: Thu, 12 Feb 2026 13:28:55 +0100 Subject: [PATCH] =?UTF-8?q?=F0=9F=94=A7=20fix(mac-mini):=20update=20health?= =?UTF-8?q?=20checks=20and=20disable=20missing=20services?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Disable api-gateway and skilltree-web (no working images/Dockerfiles) - Fix mana-search Dockerfile healthcheck port and endpoint - Update health-check.sh to skip disabled services - Fix search service health endpoint (/api/v1/health) Co-Authored-By: Claude Opus 4.5 --- .claude/plans/macbook-pro-server-setup.md | 487 ++++++++ .../lib/components/calendar/UnifiedBar.svelte | 635 ++++++++++ .../calendar/UnifiedBarControls.svelte | 422 +++++++ .../web/src/lib/stores/unified-bar.svelte.ts | 266 ++++ .../(app)/unified-bar-demo/+page.svelte | 328 +++++ docker-compose.macmini.yml | 3 + docker/matrix/appservices/generate-as.sh | 54 + docker/matrix/homeserver.yaml | 7 +- docs/DAILY_REPORT_2026-02-02.md | 1081 +++++++++++++++++ scripts/mac-mini/health-check.sh | 6 +- services/mana-media/apps/api/test-image.png | 0 services/mana-search/Dockerfile | 10 +- services/mana-tts/app/piper_service.py | 368 ++++++ services/mana-tts/install-service.sh | 45 + 14 files changed, 3702 insertions(+), 10 deletions(-) create mode 100644 .claude/plans/macbook-pro-server-setup.md create mode 100644 apps/calendar/apps/web/src/lib/components/calendar/UnifiedBar.svelte create mode 100644 apps/calendar/apps/web/src/lib/components/calendar/UnifiedBarControls.svelte create mode 100644 apps/calendar/apps/web/src/lib/stores/unified-bar.svelte.ts create mode 100644 apps/calendar/apps/web/src/routes/(app)/unified-bar-demo/+page.svelte create mode 100644 docker/matrix/appservices/generate-as.sh create mode 100644 docs/DAILY_REPORT_2026-02-02.md create mode 100644 services/mana-media/apps/api/test-image.png create mode 100644 services/mana-tts/app/piper_service.py create mode 100755 services/mana-tts/install-service.sh diff --git a/.claude/plans/macbook-pro-server-setup.md b/.claude/plans/macbook-pro-server-setup.md new file mode 100644 index 000000000..c3b06b6c5 --- /dev/null +++ b/.claude/plans/macbook-pro-server-setup.md @@ -0,0 +1,487 @@ +# Implementierungsplan: MacBook Pro M1 Max als zweiter Server + +## Übersicht + +**Ziel:** MacBook Pro M1 Max (64GB RAM) als AI/ML-Server einrichten, der parallel zum Mac Mini läuft. + +**Zeitschätzung:** 4-6 Stunden für komplette Implementierung + +--- + +## Phase 1: Hardware-Vorbereitung (30 Min) + +### 1.1 MacBook Pro physisch vorbereiten + +- [ ] Daten sichern (falls noch nicht geschehen) +- [ ] Vertikalen Laptop-Ständer besorgen (~25€) +- [ ] USB-C zu Ethernet Adapter besorgen (~30€) +- [ ] Stromleiste mit Überspannungsschutz (~30€) +- [ ] Position neben Mac Mini festlegen + +### 1.2 Netzwerk-Konfiguration planen + +``` +Mac Mini: 192.168.x.10 (bestehend) +MacBook Pro: 192.168.x.11 (neu) +``` + +--- + +## Phase 2: macOS Setup auf MacBook Pro (1-2 Std) + +### 2.1 Optionaler Clean Install + +```bash +# Falls gewünscht: macOS neu installieren +# Recovery Mode: Cmd+R beim Start +# Festplattendienstprogramm → Löschen → APFS +# macOS neu installieren +``` + +### 2.2 Grundlegende Konfiguration + +```bash +# Systemeinstellungen +# 1. Computername setzen +sudo scutil --set ComputerName "mana-server-ai" +sudo scutil --set HostName "mana-server-ai" +sudo scutil --set LocalHostName "mana-server-ai" + +# 2. SSH aktivieren +# System Settings → General → Sharing → Remote Login → ON + +# 3. Clamshell-Modus ermöglichen +# System Settings → Battery → Power Adapter: +# - "Prevent automatic sleeping when the display is off" → ON +# - "Wake for network access" → ON + +# 4. Auto-Login (optional, für Server-Betrieb) +# System Settings → Users & Groups → Automatic Login + +# 5. Autostart nach Stromausfall +sudo systemsetup -setrestartfreeze on +sudo systemsetup -setrestartpowerfailure on +``` + +### 2.3 Statische IP konfigurieren + +```bash +# System Settings → Network → Ethernet → Details → TCP/IP +# Configure IPv4: Manually +# IP Address: 192.168.x.11 +# Subnet Mask: 255.255.255.0 +# Router: 192.168.x.1 +# DNS: 1.1.1.1, 8.8.8.8 +``` + +### 2.4 Development Tools installieren + +```bash +# Xcode Command Line Tools +xcode-select --install + +# Homebrew +/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" + +# Essentials +brew install git node pnpm python@3.11 cloudflared + +# Docker Desktop +brew install --cask docker +# Nach Installation: Docker Desktop öffnen und starten +``` + +--- + +## Phase 3: Externe SSD einrichten (30 Min) + +### 3.1 Verzeichnisstruktur erstellen + +```bash +# SSD mounten (falls nicht automatisch) +# Erwarteter Mount-Punkt: /Volumes/ManaData-AI oder ähnlich + +# Verzeichnisse erstellen +sudo mkdir -p /Volumes/ManaData-AI/{ + ollama, + flux2, + stt-models, + tts-models, + postgres-replica, + backups +} + +# Berechtigungen setzen +sudo chown -R $(whoami):staff /Volumes/ManaData-AI +``` + +### 3.2 Symlinks einrichten + +```bash +# Ollama Modelle +ln -sf /Volumes/ManaData-AI/ollama ~/.ollama + +# STT Modelle +ln -sf /Volumes/ManaData-AI/stt-models ~/stt-models + +# TTS Modelle +ln -sf /Volumes/ManaData-AI/tts-models ~/tts-models + +# FLUX.2 Modelle +ln -sf /Volumes/ManaData-AI/flux2 ~/flux2 +``` + +--- + +## Phase 4: Cloudflare Tunnel einrichten (30 Min) + +### 4.1 Neuen Tunnel erstellen + +```bash +# Bei Cloudflare anmelden +cloudflared tunnel login + +# Neuen Tunnel für MacBook Pro erstellen +cloudflared tunnel create mana-server-ai + +# Tunnel-ID notieren (z.B. abc12345-xxxx-xxxx-xxxx-xxxxxxxxxxxx) +export TUNNEL_ID="" + +# DNS-Routen erstellen +cloudflared tunnel route dns mana-server-ai mbp.mana.how +cloudflared tunnel route dns mana-server-ai llm.mana.how +cloudflared tunnel route dns mana-server-ai tts-v2.mana.how +cloudflared tunnel route dns mana-server-ai stt-v2.mana.how +cloudflared tunnel route dns mana-server-ai img.mana.how +``` + +### 4.2 Dateien zu erstellen + +**Datei:** `cloudflared-config.macbookpro.yml` + +```yaml +tunnel: +credentials-file: /Users/mana/.cloudflared/.json + +ingress: + # SSH Access + - hostname: mbp.mana.how + service: ssh://localhost:22 + + # LLM Service (mana-llm mit Ollama) + - hostname: llm.mana.how + service: http://localhost:3025 + originRequest: + connectTimeout: 300s + + # TTS Service (Kokoro + F5) + - hostname: tts-v2.mana.how + service: http://localhost:3022 + + # STT Service (Whisper Large) + - hostname: stt-v2.mana.how + service: http://localhost:3021 + + # Image Generation (FLUX.2) + - hostname: img.mana.how + service: http://localhost:3023 + + # Catch-all + - service: http_status:404 +``` + +--- + +## Phase 5: AI/ML Services installieren (2 Std) + +### 5.1 Ollama mit großen Modellen + +```bash +# Ollama installieren +brew install ollama + +# Service starten +brew services start ollama + +# Große Modelle laden (dauert je nach Verbindung) +ollama pull gemma3:27b # 16 GB - Hauptmodell +ollama pull llama3.1:70b # ~40 GB 4-bit quant (optional) +ollama pull codestral:22b # ~14 GB - Code +ollama pull deepseek-coder:33b # ~20 GB - Code (optional) + +# Existierende kleinere Modelle auch laden für Kompatibilität +ollama pull gemma3:4b +ollama pull gemma3:12b +``` + +### 5.2 mana-tts mit F5-TTS + +```bash +# Python Virtual Environment +python3.11 -m venv ~/venvs/mana-tts +source ~/venvs/mana-tts/bin/activate + +# TTS Dependencies (inkl. F5-TTS für Voice Cloning) +pip install kokoro-onnx f5-tts torch torchaudio +pip install fastapi uvicorn python-multipart + +# Modelle herunterladen +# (Details in services/mana-tts/setup.py oder setup-tts.sh) +``` + +**LaunchAgent erstellen:** `com.manacore.mana-tts.plist` + +### 5.3 mana-stt mit Whisper Large + +```bash +# Python Virtual Environment +python3.11 -m venv ~/venvs/mana-stt +source ~/venvs/mana-stt/bin/activate + +# Whisper installieren +pip install openai-whisper faster-whisper +pip install fastapi uvicorn python-multipart + +# Large-v3 Modell herunterladen (wird automatisch geladen) +# ~3 GB Download +``` + +**LaunchAgent erstellen:** `com.manacore.mana-stt.plist` + +### 5.4 mana-image-gen mit FLUX.2 + +```bash +# Bestehende Setup-Skript verwenden (angepasst) +./scripts/mac-mini/setup-image-gen.sh + +# Oder manuell: +cd ~/ +git clone https://github.com/city96/flux2.c +cd flux2.c +make MPS=1 # Apple Metal Support + +# Modell herunterladen (~16 GB) +# Details in services/mana-image-gen/ +``` + +**LaunchAgent erstellen:** `com.manacore.image-gen.plist` + +--- + +## Phase 6: Docker Services (Optional, für Replicas) (1 Std) + +### 6.1 docker-compose.macbookpro.yml erstellen + +Nur für: +- PostgreSQL Replica (Hot Standby) +- Redis Replica +- mana-llm Container +- Backup Worker + +### 6.2 PostgreSQL Streaming Replication + +**Auf Mac Mini (Primary):** + +```bash +# postgresql.conf anpassen +wal_level = replica +max_wal_senders = 3 +wal_keep_size = 64MB + +# pg_hba.conf anpassen +host replication replicator 192.168.x.11/32 md5 +``` + +**Auf MacBook Pro (Replica):** + +```bash +# Base Backup vom Primary +pg_basebackup -h 192.168.x.10 -U replicator -D /Volumes/ManaData-AI/postgres-replica -P + +# standby.signal erstellen +touch /Volumes/ManaData-AI/postgres-replica/standby.signal + +# postgresql.auto.conf +primary_conninfo = 'host=192.168.x.10 port=5432 user=replicator password=xxx' +``` + +--- + +## Phase 7: Autostart & Health Checks (30 Min) + +### 7.1 Scripts zu erstellen + +``` +scripts/macbook-pro/ +├── setup-autostart.sh # LaunchAgents einrichten +├── startup.sh # Boot-Startup +├── health-check.sh # Service-Monitoring +├── status.sh # Übersicht +├── restart.sh # Services neustarten +└── stop.sh # Services stoppen +``` + +### 7.2 LaunchAgents zu erstellen + +``` +~/Library/LaunchAgents/ +├── com.cloudflare.cloudflared.plist # Tunnel +├── com.manacore.mana-tts.plist # TTS Service +├── com.manacore.mana-stt.plist # STT Service +├── com.manacore.image-gen.plist # Image Gen +├── com.manacore.health-check.plist # Health Checks +└── homebrew.mxcl.ollama.plist # Ollama (auto von brew) +``` + +--- + +## Phase 8: Dokumentation & Testing (30 Min) + +### 8.1 Dokumentation aktualisieren + +**Dateien zu erstellen/aktualisieren:** + +- `docs/MACBOOK_PRO_SERVER.md` - Neue Dokumentation +- `docs/MAC_MINI_SERVER.md` - Verweise auf MBP hinzufügen +- `docs/TWO_SERVER_ARCHITECTURE.md` - Architektur-Übersicht +- `CLAUDE.md` - SSH-Config für mbp hinzufügen + +### 8.2 SSH-Config erweitern + +``` +# ~/.ssh/config +Host mana-server + HostName mac-mini.mana.how + User till + ProxyCommand /opt/homebrew/bin/cloudflared access ssh --hostname %h + +Host mana-server-ai + HostName mbp.mana.how + User till + ProxyCommand /opt/homebrew/bin/cloudflared access ssh --hostname %h +``` + +### 8.3 Testing Checklist + +- [ ] SSH zu MacBook Pro funktioniert: `ssh mana-server-ai` +- [ ] Ollama API erreichbar: `curl http://192.168.x.11:11434/api/version` +- [ ] TTS Service: `curl http://192.168.x.11:3022/health` +- [ ] STT Service: `curl http://192.168.x.11:3021/health` +- [ ] Image Gen: `curl http://192.168.x.11:3023/health` +- [ ] LLM Service: `curl https://llm.mana.how/health` +- [ ] PostgreSQL Replica synchronisiert +- [ ] Health Checks laufen alle 5 Min +- [ ] Notifications bei Fehlern + +--- + +## Dateien die erstellt werden müssen + +### Neue Dateien + +| Datei | Beschreibung | +|-------|--------------| +| `docker-compose.macbookpro.yml` | Docker Compose für MBP (Replicas, mana-llm) | +| `cloudflared-config.macbookpro.yml` | Cloudflare Tunnel Config | +| `.env.macbookpro` | Environment Variables | +| `scripts/macbook-pro/setup-autostart.sh` | LaunchAgent Setup | +| `scripts/macbook-pro/startup.sh` | Boot Startup Script | +| `scripts/macbook-pro/health-check.sh` | Health Monitoring | +| `scripts/macbook-pro/status.sh` | Service Status | +| `scripts/macbook-pro/restart.sh` | Restart Services | +| `scripts/macbook-pro/stop.sh` | Stop Services | +| `scripts/macbook-pro/setup-ollama.sh` | Ollama Setup mit großen Modellen | +| `scripts/macbook-pro/setup-tts.sh` | TTS Setup mit F5 | +| `scripts/macbook-pro/setup-stt.sh` | STT Setup mit Whisper Large | +| `scripts/macbook-pro/backup-worker.sh` | Backup vom Mac Mini | +| `docker/postgres/replica-setup.sh` | PostgreSQL Replica Init | +| `docs/MACBOOK_PRO_SERVER.md` | Server Dokumentation | +| `docs/TWO_SERVER_ARCHITECTURE.md` | Architektur Übersicht | + +### Zu aktualisierende Dateien + +| Datei | Änderung | +|-------|----------| +| `CLAUDE.md` | SSH-Config für MBP | +| `docs/MAC_MINI_SERVER.md` | Verweise auf MBP | +| `.env.development` | MBP-spezifische Vars | + +--- + +## Architektur nach Implementierung + +``` + ┌─────────────────────────────────────┐ + │ Cloudflare Tunnel │ + │ *.mana.how → Mac Mini (Primary) │ + │ llm/tts-v2/stt-v2/img.mana.how │ + │ → MacBook Pro (AI/ML) │ + └───────────────┬─────────────────────┘ + │ + ┌─────────────────────┴─────────────────────┐ + │ │ + ▼ ▼ +┌─────────────────────────────┐ ┌─────────────────────────────┐ +│ MAC MINI M4 (16GB) │ │ MACBOOK PRO M1 MAX (64GB) │ +│ "Docker Orchestrator" │ │ "AI/ML Powerhouse" │ +│ 192.168.x.10 │ │ 192.168.x.11 │ +├─────────────────────────────┤ ├─────────────────────────────┤ +│ │ │ │ +│ PostgreSQL PRIMARY ─────────┼────────▶│ PostgreSQL REPLICA │ +│ Redis PRIMARY ──────────────┼────────▶│ Redis REPLICA │ +│ MinIO S3 │ │ │ +│ │ │ Ollama (27B, 70B Modelle) │ +│ mana-core-auth (Primary) │ │ mana-llm (large models) │ +│ API Gateway │ │ │ +│ mana-search + SearXNG │ │ mana-tts (Kokoro + F5) │ +│ mana-media │ │ mana-stt (Whisper Large) │ +│ │ │ mana-image-gen (2048x2048) │ +│ Alle NestJS Backends │ │ │ +│ Alle SvelteKit Frontends │ │ Backup-Worker │ +│ Matrix Synapse + Bots │ │ │ +│ Monitoring Stack │ │ │ +│ n8n, Umami │ │ │ +└─────────────────────────────┘ └─────────────────────────────┘ + ssh.mana.how mbp.mana.how +``` + +--- + +## Risiken & Mitigationen + +| Risiko | Mitigation | +|--------|------------| +| MacBook-Akku bläht sich auf | Monatliche visuelle Prüfung; Al Dente App für Ladelimit bei 80% | +| Clamshell Überhitzung | Vertikaler Ständer für Konvektion; Monitoring der Temperatur | +| Replication Lag | Monitoring in Grafana; Alerts bei > 1 Minute Lag | +| Komplexität | Gute Dokumentation; Health Checks mit Alerts | +| macOS Update bricht Services | Auto-Updates deaktivieren; manuelles Update nach Testing | + +--- + +## Implementierungs-Reihenfolge + +1. **Hardware vorbereiten** (Phase 1) +2. **macOS konfigurieren** (Phase 2) +3. **Externe SSD einrichten** (Phase 3) +4. **Cloudflare Tunnel** (Phase 4) +5. **Ollama + große Modelle** (Phase 5.1) +6. **mana-tts migrieren** (Phase 5.2) +7. **mana-stt migrieren** (Phase 5.3) +8. **mana-image-gen migrieren** (Phase 5.4) +9. **Autostart einrichten** (Phase 7) +10. **Testing** (Phase 8) +11. **PostgreSQL Replication** (Phase 6) - Optional, später +12. **Auth Redundanz** - Optional, später + +--- + +## Nächste Schritte + +Wenn du bereit bist zu implementieren, sag mir welche Phase wir zuerst angehen sollen. Ich kann dann: + +1. Die entsprechenden Scripts erstellen +2. Die Config-Dateien generieren +3. Schritt-für-Schritt Anleitung geben + +**Empfehlung:** Starte mit Phase 4 (Cloudflare Tunnel) und Phase 5.1 (Ollama), da diese den größten unmittelbaren Nutzen bringen. diff --git a/apps/calendar/apps/web/src/lib/components/calendar/UnifiedBar.svelte b/apps/calendar/apps/web/src/lib/components/calendar/UnifiedBar.svelte new file mode 100644 index 000000000..aa8fa98f7 --- /dev/null +++ b/apps/calendar/apps/web/src/lib/components/calendar/UnifiedBar.svelte @@ -0,0 +1,635 @@ + + + +
+ + {#if unifiedBarStore.showCalendarToolbar} + + {/if} + + + {#if unifiedBarStore.showTagStrip} + + {/if} + + + {#if unifiedBarStore.showDateStrip} + + {/if} + + + {#if unifiedBarStore.showDateStrip && !unifiedBarStore.legacyDateStripCollapsed} + + {/if} + + + {#if unifiedBarStore.showTagStrip} + + {/if} + + + {#if unifiedBarStore.showDateStrip} + + {/if} + + + {#if unifiedBarStore.showDateStrip} + + {/if} + + + {#if unifiedBarStore.showQuickInput} + + {/if} + + + {#if unifiedBarStore.isOverlayOpen} + + + diff --git a/apps/calendar/apps/web/src/lib/components/calendar/UnifiedBarControls.svelte b/apps/calendar/apps/web/src/lib/components/calendar/UnifiedBarControls.svelte new file mode 100644 index 000000000..b4385be68 --- /dev/null +++ b/apps/calendar/apps/web/src/lib/components/calendar/UnifiedBarControls.svelte @@ -0,0 +1,422 @@ + + + +
+ +
+ + + + + +
+ + + {#if currentMode === 'expanded'} +
+
+ + + + + + + +
+ +
+ + + + + +
+
+ {/if} + + +
+
+
+
+
+
+
+ + + {#if currentMode === 'collapsed'} + Zusammengklappt + {:else if currentMode === 'expanded'} + Erweitert + {:else if currentMode === 'overlay'} + Menü offen + {/if} + +
+
+ + diff --git a/apps/calendar/apps/web/src/lib/stores/unified-bar.svelte.ts b/apps/calendar/apps/web/src/lib/stores/unified-bar.svelte.ts new file mode 100644 index 000000000..905b2cba7 --- /dev/null +++ b/apps/calendar/apps/web/src/lib/stores/unified-bar.svelte.ts @@ -0,0 +1,266 @@ +/** + * UnifiedBar Store - Manages the new unified bottom bar system + * Replaces multiple individual bars with a layered, cohesive interface + */ + +import type { CalendarViewType } from '@calendar/shared'; +import { createAppSettingsStore } from '@manacore/shared-stores'; +import { userSettings } from './user-settings.svelte'; + +// UnifiedBar modes and layers +export type UnifiedBarMode = 'collapsed' | 'expanded' | 'overlay'; +export type UnifiedBarLayer = 'input' | 'date' | 'tag' | 'toolbar' | 'settings'; + +// Store interface +export interface UnifiedBarSettings extends Record { + // UnifiedBar mode control + unifiedBarMode: UnifiedBarMode; + unifiedBarActiveLayer: UnifiedBarLayer; + + // Legacy compatibility (keep existing settings working) + dateStripCollapsed: boolean; + tagStripCollapsed: boolean; + calendarToolbarCollapsed: boolean; + + // New UnifiedBar-specific settings + showQuickInput: boolean; + showDateStrip: boolean; + showTagStrip: boolean; + showCalendarToolbar: boolean; + overlayMenuOpen: boolean; + + // Animation and interaction preferences + barAnimationDuration: number; + enableHapticFeedback: boolean; + autoCollapseBars: boolean; + + // Quick access toggles + quickAccessActions: string[]; +} + +const DEFAULT_SETTINGS: UnifiedBarSettings = { + // Default to collapsed mode with only input bar visible + unifiedBarMode: 'collapsed', + unifiedBarActiveLayer: 'input', + + // Legacy compatibility + dateStripCollapsed: false, + tagStripCollapsed: true, + calendarToolbarCollapsed: true, + + // New settings + showQuickInput: true, + showDateStrip: true, + showTagStrip: false, + showCalendarToolbar: false, + overlayMenuOpen: false, + + // Interaction preferences + barAnimationDuration: 300, + enableHapticFeedback: true, + autoCollapseBars: false, + + // Quick actions + quickAccessActions: ['new-event', 'search', 'today', 'calendar-toggle'], +}; + +// Cloud sync state +let cloudSyncEnabled = $state(false); +let initialSyncDone = $state(false); + +// Sync to cloud callback +async function syncToCloud(settings: UnifiedBarSettings) { + if (!cloudSyncEnabled || typeof window === 'undefined') return; + try { + await userSettings.updateDeviceAppSettings(settings as unknown as Record); + } catch (e) { + console.error('Failed to sync unified bar settings to cloud:', e); + } +} + +// Create base store +const baseStore = createAppSettingsStore( + 'unified-bar-settings', + DEFAULT_SETTINGS, + { + onSettingsChange: syncToCloud, + } +); + +// Load settings from cloud +function loadFromCloud(): Partial | null { + if (!userSettings.loaded) return null; + const cloudSettings = userSettings.currentDeviceAppSettings; + if (cloudSettings && Object.keys(cloudSettings).length > 0) { + return cloudSettings as unknown as Partial; + } + return null; +} + +export const unifiedBarStore = { + // Base store methods + get settings() { + return baseStore.settings; + }, + initialize: baseStore.initialize, + set: baseStore.set, + update: baseStore.update, + reset: baseStore.reset, + getDefaults: baseStore.getDefaults, + + // Mode management + get mode() { + return baseStore.settings.unifiedBarMode; + }, + + get activeLayer() { + return baseStore.settings.unifiedBarActiveLayer; + }, + + get isOverlayOpen() { + return baseStore.settings.overlayMenuOpen; + }, + + // Layer visibility helpers + get showQuickInput() { + return baseStore.settings.showQuickInput; + }, + + get showDateStrip() { + return baseStore.settings.showDateStrip && !baseStore.settings.dateStripCollapsed; + }, + + get showTagStrip() { + return baseStore.settings.showTagStrip && !baseStore.settings.tagStripCollapsed; + }, + + get showCalendarToolbar() { + return baseStore.settings.showCalendarToolbar && !baseStore.settings.calendarToolbarCollapsed; + }, + + // Mode switching + setMode(mode: UnifiedBarMode) { + baseStore.set('unifiedBarMode', mode); + }, + + toggleOverlay() { + const isOpen = baseStore.settings.overlayMenuOpen; + baseStore.set('overlayMenuOpen', !isOpen); + if (!isOpen) { + baseStore.set('unifiedBarMode', 'overlay'); + } else { + baseStore.set('unifiedBarMode', 'collapsed'); + } + }, + + setActiveLayer(layer: UnifiedBarLayer) { + baseStore.set('unifiedBarActiveLayer', layer); + }, + + // Layer toggles + toggleQuickInput() { + baseStore.set('showQuickInput', !baseStore.settings.showQuickInput); + }, + + toggleDateStrip() { + const newValue = !baseStore.settings.showDateStrip; + baseStore.set('showDateStrip', newValue); + baseStore.set('dateStripCollapsed', !newValue); + }, + + toggleTagStrip() { + const newValue = !baseStore.settings.showTagStrip; + baseStore.set('showTagStrip', newValue); + baseStore.set('tagStripCollapsed', !newValue); + }, + + toggleCalendarToolbar() { + const newValue = !baseStore.settings.showCalendarToolbar; + baseStore.set('showCalendarToolbar', newValue); + baseStore.set('calendarToolbarCollapsed', !newValue); + }, + + // Quick actions + expandToLayer(layer: UnifiedBarLayer) { + baseStore.set('unifiedBarMode', 'expanded'); + baseStore.set('unifiedBarActiveLayer', layer); + + // Auto-show the layer if hidden + switch (layer) { + case 'date': + if (!baseStore.settings.showDateStrip) { + baseStore.set('showDateStrip', true); + baseStore.set('dateStripCollapsed', false); + } + break; + case 'tag': + if (!baseStore.settings.showTagStrip) { + baseStore.set('showTagStrip', true); + baseStore.set('tagStripCollapsed', false); + } + break; + case 'toolbar': + if (!baseStore.settings.showCalendarToolbar) { + baseStore.set('showCalendarToolbar', true); + baseStore.set('calendarToolbarCollapsed', false); + } + break; + } + }, + + collapseAll() { + baseStore.set('unifiedBarMode', 'collapsed'); + baseStore.set('unifiedBarActiveLayer', 'input'); + if (baseStore.settings.autoCollapseBars) { + baseStore.set('showDateStrip', false); + baseStore.set('showTagStrip', false); + baseStore.set('showCalendarToolbar', false); + } + }, + + // Cloud sync methods + enableCloudSync() { + cloudSyncEnabled = true; + if (!initialSyncDone) { + const cloudSettings = loadFromCloud(); + if (cloudSettings && Object.keys(cloudSettings).length > 0) { + baseStore.update(cloudSettings); + } else { + syncToCloud(baseStore.settings); + } + initialSyncDone = true; + } + }, + + disableCloudSync() { + cloudSyncEnabled = false; + }, + + // Legacy compatibility helpers (for gradual migration) + get legacyDateStripCollapsed() { + return baseStore.settings.dateStripCollapsed; + }, + + get legacyTagStripCollapsed() { + return baseStore.settings.tagStripCollapsed; + }, + + // Sync from legacy settings (migration helper) + syncFromLegacySettings(legacy: { dateStripCollapsed?: boolean; tagStripCollapsed?: boolean }) { + const updates: Partial = {}; + + if (legacy.dateStripCollapsed !== undefined) { + updates.dateStripCollapsed = legacy.dateStripCollapsed; + updates.showDateStrip = !legacy.dateStripCollapsed; + } + + if (legacy.tagStripCollapsed !== undefined) { + updates.tagStripCollapsed = legacy.tagStripCollapsed; + updates.showTagStrip = !legacy.tagStripCollapsed; + } + + if (Object.keys(updates).length > 0) { + baseStore.update(updates); + } + }, +}; diff --git a/apps/calendar/apps/web/src/routes/(app)/unified-bar-demo/+page.svelte b/apps/calendar/apps/web/src/routes/(app)/unified-bar-demo/+page.svelte new file mode 100644 index 000000000..9b0edbf11 --- /dev/null +++ b/apps/calendar/apps/web/src/routes/(app)/unified-bar-demo/+page.svelte @@ -0,0 +1,328 @@ + + + + UnifiedBar Demo - Calendar + + +
+
+

UnifiedBar Demo

+

Demonstration der neuen unified bottom bar Architektur

+
+ + +
+

UnifiedBar Controls

+ +
+ + +
+
+

Kalender Inhalt

+

Dies ist der Hauptinhaltbereich, in dem die Kalender-Ansichten angezeigt werden.

+ +
+
+

Aktueller Modus

+

{unifiedBarStore.mode}

+
+ +
+

Aktiver Layer

+

{unifiedBarStore.activeLayer}

+
+ +
+

Sichtbare Layers

+
    + {#if unifiedBarStore.showQuickInput}
  • ✓ QuickInput
    • {/if} + {#if unifiedBarStore.showDateStrip}
  • ✓ DateStrip
    • {/if} + {#if unifiedBarStore.showTagStrip}
  • ✓ TagStrip
    • {/if} + {#if unifiedBarStore.showCalendarToolbar}
  • ✓ CalendarToolbar
    • {/if} +
+
+ +
+

Overlay Status

+

{unifiedBarStore.isOverlayOpen ? 'Offen' : 'Geschlossen'}

+
+
+ +
+ + + + + +
+
+
+ + + + + +
+

UnifiedBar Demo - Calendar App

+

Scrollen Sie, um zu sehen wie die Bars fixiert bleiben

+
+
+ + diff --git a/docker-compose.macmini.yml b/docker-compose.macmini.yml index a86e2a688..ca91c005f 100644 --- a/docker-compose.macmini.yml +++ b/docker-compose.macmini.yml @@ -1137,7 +1137,10 @@ services: retries: 3 start_period: 40s + # NOTE: skilltree-web disabled - Dockerfile needs pnpm deploy fix for shared packages + # TODO: Fix Dockerfile similar to mana-search to resolve @manacore/shared-vite-config skilltree-web: + profiles: ["disabled"] build: context: . dockerfile: apps/skilltree/apps/web/Dockerfile diff --git a/docker/matrix/appservices/generate-as.sh b/docker/matrix/appservices/generate-as.sh new file mode 100644 index 000000000..425f8ca09 --- /dev/null +++ b/docker/matrix/appservices/generate-as.sh @@ -0,0 +1,54 @@ +#!/bin/bash + +# Generate random token +gen_token() { + openssl rand -hex 32 +} + +# Bot configurations: name, sender_localpart +declare -a BOTS=( + "mana:mana-bot" + "ollama:ollama-bot" + "stats:stats-bot" + "projectdoc:projectdoc-bot" + "todo:todo-bot" + "calendar:calendar-bot" + "nutriphi:nutriphi-bot" + "zitare:zitare-bot" + "clock:clock-bot" + "tts:tts-bot" +) + +echo "# Generated AS tokens for .env file:" > as-tokens.env +echo "" >> as-tokens.env + +for bot_config in "${BOTS[@]}"; do + IFS=":" read -r name sender <<< "$bot_config" + + as_token=$(gen_token) + hs_token=$(gen_token) + + cat > "${name}-bot.yaml" << EOF +id: ${name}-bot +hs_token: ${hs_token} +as_token: ${as_token} +url: null +sender_localpart: ${sender} +namespaces: + users: + - exclusive: true + regex: '@${sender}:mana\.how' + rooms: [] + aliases: [] +rate_limited: false +EOF + + # Convert name to uppercase for env var + env_name=$(echo "${name}" | tr '[:lower:]' '[:upper:]' | tr '-' '_') + echo "MATRIX_${env_name}_BOT_AS_TOKEN=${as_token}" >> as-tokens.env + + echo "Created ${name}-bot.yaml with AS token" +done + +echo "" +echo "Done! Add the tokens from as-tokens.env to your .env file" diff --git a/docker/matrix/homeserver.yaml b/docker/matrix/homeserver.yaml index d4608a5e4..76a2fb240 100644 --- a/docker/matrix/homeserver.yaml +++ b/docker/matrix/homeserver.yaml @@ -81,8 +81,9 @@ password_config: pepper: "${SYNAPSE_PASSWORD_PEPPER:-change-me-pepper}" # Session lifetime (must be >= refresh_token_lifetime) -session_lifetime: 168h -refresh_token_lifetime: 168h +# Set to 10 years for bot tokens to avoid frequent expiration +session_lifetime: 87600h +refresh_token_lifetime: 87600h # ============================================ # Rate Limiting @@ -149,6 +150,8 @@ registration_shared_secret: "${SYNAPSE_REGISTRATION_SECRET:-change-me-registrati # ============================================ # Application Services (for Bots) +# Currently disabled - using long-lived user tokens instead +# TODO: Migrate bots to AS for truly permanent tokens # ============================================ app_service_config_files: [] diff --git a/docs/DAILY_REPORT_2026-02-02.md b/docs/DAILY_REPORT_2026-02-02.md new file mode 100644 index 000000000..b804746bb --- /dev/null +++ b/docs/DAILY_REPORT_2026-02-02.md @@ -0,0 +1,1081 @@ +# Daily Report - 2. Februar 2026 + +**Zeitraum:** 10:00 Uhr (1. Feb) - 05:00 Uhr (2. Feb) +**Commits:** 51 +**Hauptthemen:** OIDC/Synapse Integration, Matrix Bot CI/CD, Credit System, Cross-Domain SSO, Monitoring + +--- + +## Zusammenfassung + +Eine epische 19-Stunden-Session mit Fokus auf **Auth-Infrastruktur** und **Production Readiness**: + +- **OIDC Integration** - Vollständige Synapse-Kompatibilität mit EdDSA JWT Signing +- **Matrix Bot CI/CD** - Automatisierte GHCR Deployments für 10 Bots mit Watchtower +- **Credit System** - Neue Packages für Credit-Operationen und UI-Komponenten +- **Cross-Domain SSO** - Single Sign-On über alle *.mana.how Subdomains +- **Monitoring** - Node-Exporter, Grafana Dashboards, Prometheus Alerts +- **SSD Migration** - PostgreSQL und MinIO auf externe SSD verschoben + +--- + +## 1. OIDC/Synapse Integration (Kritische Fixes) + +### Problem + +Matrix Synapse konnte sich nicht mit mana-core-auth verbinden. Token-Verifizierung schlug fehl. + +### Ursachen & Lösungen + +#### 1.1 EdDSA JWT Signing +**Commit:** `efb077b9` - fix(mana-core-auth): use EdDSA for OIDC id_token signing + +```typescript +// better-auth.config.ts - VORHER +const auth = betterAuth({ + jwt: { + issuer: config.get('JWT_ISSUER'), + } +}); + +// NACHHER - mit JWT Plugin für EdDSA +const auth = betterAuth({ + plugins: [jwt()], // Aktiviert EdDSA Keys aus JWKS + advanced: { + useJWTPlugin: true, // id_tokens mit EdDSA statt HS256 + } +}); +``` + +**Warum:** Synapse verifiziert id_tokens via JWKS-Endpoint (`/.well-known/jwks.json`). HS256 verwendet ein Shared Secret, das Synapse nicht kennt. EdDSA verwendet Public/Private Keypaar aus JWKS. + +#### 1.2 JWT Issuer = BASE_URL +**Commit:** `8cd5021b` - fix(mana-core-auth): use BASE_URL as JWT issuer + +```typescript +// VORHER +jwt: { issuer: config.get('JWT_ISSUER') } // "manacore" + +// NACHHER +jwt: { issuer: config.get('BASE_URL') } // "https://auth.mana.how" +``` + +**Warum:** OIDC Discovery Document (`/.well-known/openid-configuration`) enthält `issuer: "https://auth.mana.how"`. Der JWT `iss` Claim muss damit übereinstimmen. + +#### 1.3 Body-Parser für Token Exchange +**Commit:** `f0cf1bc8` - fix(mana-core-auth): OIDC token exchange now works with body-parser + +```typescript +// main.ts +app.use(bodyParser.urlencoded({ extended: true })); +app.use(bodyParser.json()); + +// oidc.controller.ts +@Post('token') +async token(@Req() req: Request, @Res() res: Response) { + // req.body ist jetzt geparsed, nicht raw + const params = new URLSearchParams(); + for (const [key, value] of Object.entries(req.body)) { + params.append(key, String(value)); + } + return this.betterAuthService.handleOidcRequest(params, res); +} +``` + +**Warum:** Synapse sendet Token-Requests als `application/x-www-form-urlencoded`. Ohne body-parser kam `req.body` als leeres Objekt an. + +#### 1.4 CORS Origins erweitert +**Commit:** `5a8e20e0` - fix(auth): add all apps to CORS_ORIGINS + +```yaml +# docker-compose.macmini.yml +environment: + CORS_ORIGINS: "https://auth.mana.how,https://matrix.mana.how,https://chat.mana.how,https://calendar.mana.how,https://todo.mana.how,https://clock.mana.how,https://contacts.mana.how,https://picture.mana.how,https://zitare.mana.how,https://questions.mana.how,https://planta.mana.how,https://skilltree.mana.how,https://storage.mana.how,https://manadeck.mana.how,https://nutriphi.mana.how,https://presi.mana.how,https://link.mana.how,https://playground.mana.how" +``` + +--- + +## 2. Matrix Bot CI/CD Pipeline + +### Übersicht + +Vollautomatische Build- und Deployment-Pipeline für 10 Matrix-Bots via GitHub Actions → GHCR → Watchtower. + +**Commit:** `45152ee9` - feat(matrix-bots): add CI/CD pipeline for automated GHCR deployment + +### Pipeline-Architektur + +``` +┌─────────────────────────────────────────────────────────────────┐ +│ GitHub Actions CI │ +│ │ +│ ┌──────────────┐ ┌──────────────┐ ┌──────────────────┐ │ +│ │ Push to main │───>│ Detect │───>│ Build Docker │ │ +│ │ │ │ Changes │ │ Images (amd64) │ │ +│ └──────────────┘ └──────────────┘ └────────┬─────────┘ │ +│ │ │ +│ ▼ │ +│ ┌──────────────────┐ │ +│ │ Push to GHCR │ │ +│ │ ghcr.io/till-js/ │ │ +│ └────────┬─────────┘ │ +└──────────────────────────────────────────────────┼───────────────┘ + │ + ▼ +┌─────────────────────────────────────────────────────────────────┐ +│ Mac Mini Server │ +│ │ +│ ┌──────────────────────────────────────────────────────────┐ │ +│ │ Watchtower │ │ +│ │ (polls GHCR every 5 minutes) │ │ +│ └────────────────────────────┬─────────────────────────────┘ │ +│ │ │ +│ ▼ │ +│ ┌────────────┐ ┌────────────┐ ┌────────────┐ ┌────────────┐ │ +│ │ mana-bot │ │ todo-bot │ │ calendar │ │ ollama │ │ +│ │ :latest │ │ :latest │ │ -bot │ │ -bot │ │ +│ └────────────┘ └────────────┘ └────────────┘ └────────────┘ │ +└─────────────────────────────────────────────────────────────────┘ +``` + +### Bots mit CI/CD + +| Bot | GHCR Image | Port | +|-----|------------|------| +| matrix-mana-bot | `ghcr.io/till-js/matrix-mana-bot` | 3310 | +| matrix-todo-bot | `ghcr.io/till-js/matrix-todo-bot` | 3311 | +| matrix-calendar-bot | `ghcr.io/till-js/matrix-calendar-bot` | 3312 | +| matrix-ollama-bot | `ghcr.io/till-js/matrix-ollama-bot` | 3313 | +| matrix-stats-bot | `ghcr.io/till-js/matrix-stats-bot` | 3314 | +| matrix-project-doc-bot | `ghcr.io/till-js/matrix-project-doc-bot` | 3315 | +| matrix-tts-bot | `ghcr.io/till-js/matrix-tts-bot` | 3316 | +| matrix-clock-bot | `ghcr.io/till-js/matrix-clock-bot` | 3317 | +| matrix-nutriphi-bot | `ghcr.io/till-js/matrix-nutriphi-bot` | 3318 | +| matrix-zitare-bot | `ghcr.io/till-js/matrix-zitare-bot` | 3319 | + +### Docker-Build Challenges + +#### Problem 1: QEMU Emulation Failure +**Commits:** `ab49be0b`, `a50d98c7` + +```bash +# CI Build auf amd64 Runner für arm64 Target +Error: qemu: uncaught target signal 4 (Illegal instruction) +``` + +**Lösung:** Nur amd64 bauen. Mac Mini mit Apple Silicon läuft via Rosetta. + +```yaml +# .github/workflows/ci.yml +platforms: linux/amd64 # Kein linux/arm64 +``` + +```yaml +# docker-compose.macmini.yml +services: + matrix-mana-bot: + platform: linux/amd64 # Explizit für Apple Silicon +``` + +#### Problem 2: Alpine vs glibc +**Commit:** `a384bed1` - fix(matrix-bots): switch to node:20-slim + +```dockerfile +# VORHER - Alpine (musl libc) +FROM node:20-alpine + +# NACHHER - Debian slim (glibc) +FROM node:20-slim +``` + +**Warum:** `@matrix-org/matrix-sdk-crypto-nodejs` hat prebuilt Binaries nur für glibc. + +#### Problem 3: E2EE Native Module +**Commit:** `a8521d7a` - fix(matrix-bots): disable E2EE crypto module + +```json +// package.json (root) +{ + "pnpm": { + "overrides": { + "@matrix-org/matrix-sdk-crypto-nodejs": "npm:empty-npm-package@1.0.0" + } + } +} +``` + +**Warum:** Das Crypto-Module erfordert plattformspezifische Native Binaries. In Docker-CI nicht verfügbar. E2EE wird serverseitig von Synapse gehandelt. + +#### Problem 4: Health Check +**Commit:** `ea0198cc` - fix(bots): install wget for Docker health checks + +```dockerfile +# node:20-slim hat weder wget noch curl +RUN apt-get update && apt-get install -y wget && rm -rf /var/lib/apt/lists/* +``` + +--- + +## 3. Credit System + +### Neue Packages + +**Commit:** `8cd5021b` - feat: add credit-operations and shared-credit-ui packages + +#### @manacore/credit-operations + +Zentrale Definition aller Credit-Operationen: + +```typescript +// packages/credit-operations/src/index.ts +export const CREDIT_OPERATIONS = { + // Chat + 'chat:message': { cost: 1, description: 'Send chat message' }, + 'chat:ai-response': { cost: 5, description: 'AI response generation' }, + + // Picture + 'picture:generate-sd': { cost: 10, description: 'Stable Diffusion image' }, + 'picture:generate-flux': { cost: 25, description: 'Flux image generation' }, + + // Calendar + 'calendar:ai-scheduling': { cost: 3, description: 'AI scheduling assistant' }, + + // Todo + 'todo:ai-breakdown': { cost: 5, description: 'AI task breakdown' }, + + // ... 50+ weitere Operationen +}; + +export function getCreditCost(operation: string): number { + return CREDIT_OPERATIONS[operation]?.cost ?? 0; +} +``` + +#### @manacore/shared-credit-ui + +UI-Komponenten für React Native und Svelte: + +**Mobile (React Native):** +```typescript +// CreditBalance.tsx +export function CreditBalance({ userId }: Props) { + const balance = useCreditBalance(userId); + return ( + + Credits + {balance} + + ); +} + +// CreditToast.tsx +export function CreditToast({ operation, cost }: Props) { + return ( + + -{cost} Credits + {operation} + + ); +} +``` + +**Web (Svelte):** +```svelte + + + +
+ Credits + {balance} +
+``` + +### NestJS Integration + +**@UseCredits Decorator:** +```typescript +// packages/mana-core-nestjs-integration/src/decorators/use-credits.decorator.ts +export function UseCredits(operation: string, cost?: number) { + return applyDecorators( + SetMetadata('credit_operation', operation), + SetMetadata('credit_cost', cost ?? getCreditCost(operation)), + UseInterceptors(CreditInterceptor), + ); +} +``` + +**CreditInterceptor:** +```typescript +// packages/mana-core-nestjs-integration/src/interceptors/credit.interceptor.ts +@Injectable() +export class CreditInterceptor implements NestInterceptor { + constructor(private creditService: CreditClientService) {} + + async intercept(context: ExecutionContext, next: CallHandler) { + const operation = Reflector.get('credit_operation', context.getHandler()); + const cost = Reflector.get('credit_cost', context.getHandler()); + const user = context.switchToHttp().getRequest().user; + + // Check balance before operation + const hasCredits = await this.creditService.hasCredits(user.sub, cost); + if (!hasCredits) { + throw new ForbiddenException('Insufficient credits'); + } + + return next.handle().pipe( + tap(async () => { + // Deduct credits after successful operation + await this.creditService.consumeCredits(user.sub, operation, cost); + }), + ); + } +} +``` + +**Verwendung in Controller:** +```typescript +// apps/chat/apps/backend/src/chat/chat.controller.ts +@Controller('chat') +@UseGuards(AuthGuard) +export class ChatController { + @Post('message') + @UseCredits('chat:ai-response') // 5 Credits + async sendMessage(@Body() dto: SendMessageDto) { + return this.chatService.processMessage(dto); + } +} +``` + +--- + +## 4. Cross-Domain SSO + +### Problem + +Nutzer mussten sich auf jedem Subdomain separat einloggen: +- `auth.mana.how` → Login +- `chat.mana.how` → Login erneut +- `calendar.mana.how` → Login erneut + +### Lösung + +**Commit:** `f03c09ff` - feat(auth): enable cross-domain SSO via shared cookies + +```typescript +// better-auth.config.ts +const auth = betterAuth({ + advanced: { + crossSubDomainCookies: { + enabled: true, + domain: process.env.COOKIE_DOMAIN || undefined, // ".mana.how" + }, + }, + trustedOrigins: [ + 'https://auth.mana.how', + 'https://chat.mana.how', + 'https://calendar.mana.how', + 'https://todo.mana.how', + // ... alle Apps + ], +}); +``` + +```yaml +# docker-compose.macmini.yml +mana-core-auth: + environment: + COOKIE_DOMAIN: ".mana.how" +``` + +### SSO Flow + +``` +┌─────────────────────────────────────────────────────────────────┐ +│ User Flow │ +│ │ +│ 1. User besucht calendar.mana.how │ +│ → Kein Cookie → Redirect zu auth.mana.how/login │ +│ │ +│ 2. Login auf auth.mana.how │ +│ → Cookie gesetzt: domain=".mana.how" │ +│ → Redirect zurück zu calendar.mana.how │ +│ │ +│ 3. calendar.mana.how │ +│ → Cookie vorhanden → Eingeloggt! │ +│ │ +│ 4. User wechselt zu chat.mana.how │ +│ → Cookie vorhanden → Automatisch eingeloggt! │ +│ │ +└─────────────────────────────────────────────────────────────────┘ +``` + +### Matrix SSO Token Handling + +**Commit:** `dc0d425f` - fix(matrix-web): handle Matrix SSO loginToken callback + +```typescript +// apps/matrix/apps/web/src/lib/matrix/client.ts +export async function loginWithLoginToken( + homeserverUrl: string, + loginToken: string +): Promise { + const response = await fetch(`${homeserverUrl}/_matrix/client/v3/login`, { + method: 'POST', + headers: { 'Content-Type': 'application/json' }, + body: JSON.stringify({ + type: 'm.login.token', + token: loginToken, + }), + }); + + const data = await response.json(); + return { + userId: data.user_id, + accessToken: data.access_token, + deviceId: data.device_id, + }; +} +``` + +```svelte + + +``` + +--- + +## 5. Monitoring & Grafana + +### Node-Exporter für Host-Metriken + +**Commit:** `7aa5115c` - feat(monitoring): add node-exporter for host system metrics + +```yaml +# docker-compose.macmini.yml +node-exporter: + image: prom/node-exporter:latest + container_name: node-exporter + volumes: + - /proc:/host/proc:ro + - /sys:/host/sys:ro + command: + - '--path.procfs=/host/proc' + - '--path.sysfs=/host/sys' + - '--collector.cpu' + - '--collector.meminfo' + - '--collector.diskstats' + - '--collector.filesystem' + - '--collector.loadavg' + - '--collector.netdev' + ports: + - "9100:9100" +``` + +### Grafana Dashboards + +#### Master Overview +**Commit:** `e7719eeb` - feat(grafana): enhance Master Overview with Key Metrics + +Key Metrics Panel (oberste Zeile): +| Panel | Query | +|-------|-------| +| Services UP | `count(up{job=~".*"} == 1)` | +| Apps Running | `count(up{job=~".*-backend\|.*-web"} == 1)` | +| Matrix Bots | `count(up{job=~"matrix-.*"} == 1)` | +| Avg Response Time | `avg(rate(http_request_duration_seconds_sum[5m]) / rate(http_request_duration_seconds_count[5m]))` | +| Total Requests | `sum(increase(http_requests_total[24h]))` | +| Requests/sec | `sum(rate(http_requests_total[5m]))` | +| Redis Keys | `redis_db_keys{db="db0"}` | +| Error Rate | `sum(rate(http_requests_total{status=~"5.."}[5m])) / sum(rate(http_requests_total[5m]))` | + +#### System Overview +**Commit:** `84e9f86d` - fix(grafana): rewrite System Overview with available metrics + +Host System Section: +```promql +# CPU Usage +100 - (avg(rate(node_cpu_seconds_total{mode="idle"}[5m])) * 100) + +# Memory Usage +(1 - node_memory_MemAvailable_bytes / node_memory_MemTotal_bytes) * 100 + +# Disk Usage +(1 - node_filesystem_avail_bytes{mountpoint="/"} / node_filesystem_size_bytes{mountpoint="/"}) * 100 +``` + +#### Auth Service Dashboard +**Commit:** `fe33f4b3` - feat: add Grafana dashboard for Auth Service monitoring + +Panels: +- Login Success/Failure Rate +- Token Validation Latency +- Active Sessions +- Registration Trend +- Password Reset Requests +- OIDC Token Exchange Rate + +### Prometheus Alerts + +**Commit:** `fe33f4b3` - feat: add 10 auth-specific Prometheus alert rules + +```yaml +# docker/prometheus/alerts.yml +groups: + - name: auth_alerts + rules: + - alert: AuthServiceDown + expr: up{job="mana-core-auth"} == 0 + for: 1m + labels: + severity: critical + annotations: + summary: "Auth service is down" + + - alert: HighLoginFailureRate + expr: rate(auth_login_failures_total[5m]) / rate(auth_login_attempts_total[5m]) > 0.3 + for: 5m + labels: + severity: warning + annotations: + summary: "Login failure rate above 30%" + + - alert: TokenValidationSlow + expr: histogram_quantile(0.95, rate(auth_token_validation_seconds_bucket[5m])) > 0.5 + for: 5m + labels: + severity: warning + annotations: + summary: "Token validation p95 > 500ms" +``` + +--- + +## 6. Auth UI Improvements + +### Resend Verification Email + +**Commit:** `d703ccfd` - feat(auth): add resend verification email to registration screen + +```svelte + + + +{#if showVerificationSent} +
+ +

{t('auth.verificationEmailSent')}

+

{t('auth.checkInbox')}

+ +
+{/if} +``` + +### Multilingual Auth Pages + +**Commit:** `ff22a297` - feat(i18n): make all auth pages multilingual + +15 Apps aktualisiert für dynamische Locale: + +```svelte + + + + + + +``` + +**Translations erweitert:** +```json +// packages/shared-i18n/src/translations/auth/de.json +{ + "verificationEmailSent": "Bestätigungs-E-Mail gesendet!", + "checkInbox": "Bitte überprüfe deinen Posteingang.", + "resendVerification": "Erneut senden", + "notVerifiedError": "E-Mail noch nicht bestätigt", + "resendVerificationPrompt": "Bestätigungs-E-Mail erneut senden?" +} +``` + +### Fehlende Auth Pages + +**Commit:** `df2c518a` - feat(auth): add missing auth pages for zitare and planta + +| App | Login | Register | Forgot Password | +|-----|-------|----------|-----------------| +| Zitare | ✅ Neu | ✅ Vorhanden | ✅ Neu | +| Planta | ✅ Vorhanden | ✅ Refactored | ✅ Neu | + +--- + +## 7. SSD Migration + +### Motivation + +Docker volumes liegen auf der internen SSD des Mac Mini (begrenzt auf 256GB). Externe 4TB SSD bietet mehr Kapazität und bessere Backup-Möglichkeiten. + +### Migrierte Services + +**Commits:** `1c650589`, `6ca2d3b7`, `7d7e31e4` + +```yaml +# docker-compose.macmini.yml +services: + postgres: + volumes: + - /Volumes/ManaData/postgres:/var/lib/postgresql/data + + minio: + volumes: + - /Volumes/ManaData/minio:/data +``` + +### Vergleich + +| Aspekt | Docker Volume | SSD Bind Mount | +|--------|---------------|----------------| +| Pfad | `/var/lib/docker/volumes/...` | `/Volumes/ManaData/...` | +| Backup | Docker Export erforderlich | Direkter rsync/cp | +| Größe | Begrenzt (256GB System SSD) | 4TB verfügbar | +| Geschwindigkeit | ~500 MB/s | ~500 MB/s (extern) | +| Portabilität | Docker-spezifisch | Standard-Dateisystem | + +### Dokumentation + +**Commit:** `9e9db590` - docs: update SSD documentation for ManaData volume + +- Umbenennung: TillJakob-S04 → ManaData +- Docker Full Disk Access Requirement dokumentiert +- Backup-Skript-Pfade aktualisiert + +--- + +## 8. mana-core-auth Production Readiness + +### Übersicht + +Vollständige Production-Readiness für den zentralen Auth-Service. + +**Commit:** `efb077b9` - fix(mana-core-auth): use EdDSA for OIDC id_token signing + +### Neue Features + +#### LoggerService +```typescript +// src/common/logger/logger.service.ts +@Injectable() +export class LoggerService implements LoggerService { + private readonly context: string; + + constructor(@Inject('LOGGER_CONTEXT') context?: string) { + this.context = context || 'Application'; + } + + log(message: string, context?: string) { + console.log(`[${context || this.context}] ${message}`); + } + + error(message: string, trace?: string, context?: string) { + console.error(`[${context || this.context}] ${message}`, trace); + } +} +``` + +#### Environment Validation +```typescript +// src/config/env.validation.ts +import { plainToInstance, Type } from 'class-transformer'; +import { IsString, IsNumber, IsUrl, validateSync } from 'class-validator'; + +export class EnvironmentVariables { + @IsUrl() + BASE_URL: string; + + @IsString() + DATABASE_URL: string; + + @IsNumber() + @Type(() => Number) + PORT: number = 3001; + + @IsString() + JWT_SECRET: string; + + // ... weitere Validierungen +} + +export function validate(config: Record) { + const validated = plainToInstance(EnvironmentVariables, config); + const errors = validateSync(validated); + if (errors.length > 0) { + throw new Error(`Config validation error: ${errors}`); + } + return validated; +} +``` + +#### Health Endpoints + +```typescript +// src/health/health.controller.ts +@Controller('health') +export class HealthController { + @Get() + health() { + return { status: 'ok', timestamp: new Date().toISOString() }; + } + + @Get('live') + liveness() { + return { status: 'ok' }; + } + + @Get('ready') + async readiness() { + const dbOk = await this.checkDatabase(); + const redisOk = await this.checkRedis(); + + if (!dbOk || !redisOk) { + throw new ServiceUnavailableException('Not ready'); + } + + return { + status: 'ok', + checks: { database: dbOk, redis: redisOk }, + }; + } +} +``` + +### E2E Tests + +**Commits:** `ab49be0b` + +| Test Suite | Tests | Beschreibung | +|------------|-------|--------------| +| `auth-flow.e2e-spec.ts` | 15 | Register, Login, Logout, Token Refresh | +| `oidc.e2e-spec.ts` | 12 | OIDC Discovery, Authorization, Token Exchange | + +```typescript +// test/e2e/auth-flow.e2e-spec.ts +describe('Auth Flow', () => { + it('should register new user', async () => { + const response = await request(app.getHttpServer()) + .post('/api/v1/auth/register') + .send({ email: 'test@example.com', password: 'secure123', name: 'Test' }) + .expect(201); + + expect(response.body).toHaveProperty('user'); + expect(response.body.user.email).toBe('test@example.com'); + }); + + it('should login and receive tokens', async () => { + const response = await request(app.getHttpServer()) + .post('/api/v1/auth/login') + .send({ email: 'test@example.com', password: 'secure123' }) + .expect(200); + + expect(response.body).toHaveProperty('accessToken'); + expect(response.body).toHaveProperty('refreshToken'); + }); +}); +``` + +### Dokumentation + +Neue Docs erstellt: +- `docs/PRODUCTION_DEPLOYMENT.md` - Deployment Guide +- `docs/DISASTER_RECOVERY.md` - Backup & Recovery Procedures + +--- + +## 9. Matrix Bots Credit Integration + +### CreditModule in bot-services + +**Commit:** `dc0d425f` - feat(bot-services): add CreditModule + +```typescript +// packages/bot-services/src/credit/credit.module.ts +@Module({ + providers: [CreditService], + exports: [CreditService], +}) +export class CreditModule { + static forRoot(options: CreditModuleOptions): DynamicModule { + return { + module: CreditModule, + providers: [ + { provide: 'CREDIT_OPTIONS', useValue: options }, + CreditService, + ], + exports: [CreditService], + }; + } +} +``` + +```typescript +// packages/bot-services/src/credit/credit.service.ts +@Injectable() +export class CreditService { + constructor( + @Inject('CREDIT_OPTIONS') private options: CreditModuleOptions, + private httpService: HttpService, + ) {} + + async hasCredits(userId: string, amount: number): Promise { + const balance = await this.getBalance(userId); + return balance >= amount; + } + + async consumeCredits( + userId: string, + operation: string, + amount: number, + ): Promise { + await this.httpService.post(`${this.options.authUrl}/api/v1/credits/consume`, { + userId, + operation, + amount, + }); + } +} +``` + +### Bot Integration + +19 Bots mit Credit Support: + +```typescript +// services/matrix-todo-bot/src/bot/matrix.service.ts +@Injectable() +export class MatrixService extends BaseMatrixService { + constructor(private creditService: CreditService) { + super(); + } + + protected async handleTextMessage(roomId: string, event: MatrixRoomEvent, message: string) { + const userId = event.sender; + + // Check credits before AI operations + if (this.isAiCommand(message)) { + const hasCredits = await this.creditService.hasCredits(userId, 5); + if (!hasCredits) { + await this.sendMessage(roomId, '❌ Nicht genug Credits für AI-Features.'); + return; + } + } + + // Process command... + + // Consume credits after success + if (this.isAiCommand(message)) { + await this.creditService.consumeCredits(userId, 'todo:ai-breakdown', 5); + } + } +} +``` + +--- + +## 10. Weitere Änderungen + +### Calendar Cross-App API URLs + +**Commit:** `9a22c898` - fix(calendar-web): inject cross-app API URLs for client-side + +```typescript +// apps/calendar/apps/web/src/hooks.server.ts +export const handle: Handle = async ({ event, resolve }) => { + const response = await resolve(event, { + transformPageChunk: ({ html }) => { + return html.replace( + '', + `` + ); + }, + }); + return response; +}; +``` + +### Project-Doc-Bot tsconfig Fix + +**Commit:** `a7c1908f` - fix(project-doc-bot): add include/exclude to tsconfig + +```json +// services/matrix-project-doc-bot/tsconfig.json +{ + "compilerOptions": { + "outDir": "./dist", + "rootDir": "./src" + }, + "include": ["src/**/*"], + "exclude": ["node_modules", "dist"] +} +``` + +**Problem:** Build output war `dist/src/main.js` statt `dist/main.js`. + +--- + +## Architektur-Diagramm + +### Auth & SSO Flow + +``` +┌─────────────────────────────────────────────────────────────────┐ +│ User Request │ +│ calendar.mana.how/events │ +└─────────────────────────────────┬───────────────────────────────┘ + │ + ▼ + ┌─────────────────────────┐ + │ Check Cookie │ + │ (.mana.how domain) │ + └────────────┬────────────┘ + │ + ┌──────────────────┴──────────────────┐ + │ │ + ▼ ▼ + ┌─────────────────┐ ┌─────────────────┐ + │ Cookie Found │ │ No Cookie │ + │ │ │ │ + │ Validate JWT │ │ Redirect to │ + │ via JWKS │ │ auth.mana.how │ + └────────┬────────┘ └────────┬────────┘ + │ │ + ▼ ▼ + ┌─────────────────┐ ┌─────────────────┐ + │ JWT Valid │ │ Login Page │ + │ │ │ │ + │ Return Data │ │ Set Cookie: │ + └─────────────────┘ │ domain=.mana.how│ + └────────┬────────┘ + │ + ▼ + ┌─────────────────┐ + │ Redirect back │ + │ to calendar │ + └─────────────────┘ +``` + +### Credit System Architecture + +``` +┌─────────────────────────────────────────────────────────────────┐ +│ Client Apps │ +│ │ +│ ┌────────────┐ ┌────────────┐ ┌────────────┐ ┌──────────┐ │ +│ │ Chat Web │ │ Picture │ │ Matrix Bot │ │ Mobile │ │ +│ │ (Svelte) │ │ (Svelte) │ │ (NestJS) │ │ (Expo) │ │ +│ └─────┬──────┘ └─────┬──────┘ └─────┬──────┘ └────┬─────┘ │ +│ │ │ │ │ │ +│ └───────────────┴───────┬───────┴───────────────┘ │ +│ │ │ +│ @manacore/shared-credit-ui │ +│ CreditBalance, CreditToast │ +└────────────────────────────────┬─────────────────────────────────┘ + │ + ▼ +┌─────────────────────────────────────────────────────────────────┐ +│ Backend Services │ +│ │ +│ ┌──────────────────────────────────────────────────────────┐ │ +│ │ @manacore/credit-operations │ │ +│ │ getCreditCost(), CREDIT_OPERATIONS │ │ +│ └──────────────────────────────────────────────────────────┘ │ +│ │ +│ ┌──────────────────────────────────────────────────────────┐ │ +│ │ @mana-core/nestjs-integration │ │ +│ │ @UseCredits(), CreditInterceptor, AuthGuard │ │ +│ └──────────────────────────────────────────────────────────┘ │ +│ │ +└────────────────────────────────┬─────────────────────────────────┘ + │ + ▼ +┌─────────────────────────────────────────────────────────────────┐ +│ mana-core-auth │ +│ (Port 3001) │ +│ │ +│ ┌──────────────┐ ┌──────────────┐ ┌──────────────────────┐ │ +│ │ /credits/ │ │ /credits/ │ │ PostgreSQL │ │ +│ │ balance │ │ consume │ │ user_credits table │ │ +│ └──────────────┘ └──────────────┘ └──────────────────────┘ │ +└─────────────────────────────────────────────────────────────────┘ +``` + +--- + +## Statistiken + +| Metrik | Wert | +|--------|------| +| **Commits** | 51 | +| **Session-Dauer** | 19 Stunden | +| **Neue Packages** | 2 (credit-operations, shared-credit-ui) | +| **CI/CD Bots** | 10 | +| **Auth Pages aktualisiert** | 15 | +| **E2E Tests hinzugefügt** | 27 | +| **Grafana Dashboards** | 3 (Master, System, Auth) | +| **Prometheus Alerts** | 10 | +| **SSD-migrierte Services** | 2 (PostgreSQL, MinIO) | + +--- + +## Bekannte Issues + +1. **Matrix Bot arm64** - Keine arm64 Builds wegen QEMU/Native Module Issues +2. **E2EE deaktiviert** - Matrix Bots haben kein End-to-End Encryption (Server handles it) +3. **Docker Full Disk Access** - Muss manuell in Docker Desktop konfiguriert werden + +--- + +## Nächste Schritte + +1. **Credit System UI** - Balance-Anzeige in allen Web-Apps integrieren +2. **Rate Limiting** - Für Auth-Endpoints implementieren +3. **Backup Automation** - Scheduled Backups für PostgreSQL/MinIO auf SSD +4. **Bot Healthchecks** - Grafana Alerts für Bot-Ausfälle +5. **OIDC für weitere Apps** - Skilltree, Questions mit Matrix SSO + +--- + +*Bericht erstellt am 2. Februar 2026, 15:00 Uhr* diff --git a/scripts/mac-mini/health-check.sh b/scripts/mac-mini/health-check.sh index d3e71478c..e6296d9c2 100755 --- a/scripts/mac-mini/health-check.sh +++ b/scripts/mac-mini/health-check.sh @@ -245,7 +245,7 @@ check_service "NutriPhi Web" "http://localhost:5017/health" echo "" echo "SkillTree:" check_service "SkillTree Backend" "http://localhost:3038/health" -check_service "SkillTree Web" "http://localhost:5018/health" +# SkillTree Web disabled - Dockerfile needs fix for shared packages echo "" echo "Photos:" @@ -254,8 +254,8 @@ check_service "Photos Web" "http://localhost:5019/health" echo "" echo "Core Services:" -check_service "API Gateway" "http://localhost:3010/health" -check_service "Search Service" "http://localhost:3020/health" +# API Gateway disabled - no GHCR image, no Dockerfile +check_service "Search Service" "http://localhost:3020/api/v1/health" check_service "Media Service" "http://localhost:3015/api/v1/health" check_service "LLM Service" "http://localhost:3025/health" diff --git a/services/mana-media/apps/api/test-image.png b/services/mana-media/apps/api/test-image.png new file mode 100644 index 000000000..e69de29bb diff --git a/services/mana-search/Dockerfile b/services/mana-search/Dockerfile index 36b723a7a..ce75f5564 100644 --- a/services/mana-search/Dockerfile +++ b/services/mana-search/Dockerfile @@ -39,12 +39,12 @@ WORKDIR /app COPY --from=builder --chown=nestjs:nodejs /app/deploy ./ COPY --from=builder --chown=nestjs:nodejs /app/services/mana-search/dist ./dist -# Expose port -EXPOSE 3021 +# Expose port (default 3020, configurable via PORT env) +EXPOSE 3020 -# Health check -HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \ - CMD node -e "fetch('http://localhost:3021/health').then(r => r.ok ? process.exit(0) : process.exit(1)).catch(() => process.exit(1))" +# Health check uses /api/v1/health endpoint +HEALTHCHECK --interval=30s --timeout=10s --start-period=10s --retries=3 \ + CMD wget --no-verbose --tries=1 --spider http://127.0.0.1:3020/api/v1/health || exit 1 # Start the application CMD ["node", "dist/main"] diff --git a/services/mana-tts/app/piper_service.py b/services/mana-tts/app/piper_service.py new file mode 100644 index 000000000..b8852d599 --- /dev/null +++ b/services/mana-tts/app/piper_service.py @@ -0,0 +1,368 @@ +""" +German TTS Service - Piper TTS (local, fast) with Edge TTS fallback. + +Primary: Piper TTS - 100% local, DSGVO-konform, very fast +Fallback: Edge TTS - Cloud-based (Microsoft), high quality but sends data externally +""" + +import logging +import tempfile +import os +import asyncio +from dataclasses import dataclass +from typing import Optional +from pathlib import Path +import numpy as np +import soundfile as sf + +logger = logging.getLogger(__name__) + +# Paths for Piper models +PIPER_VOICES_DIR = Path(__file__).parent.parent / "piper_voices" + +# Available German voices +PIPER_VOICES = { + # === LOCAL PIPER VOICES (Primary - 100% local) === + "de_thorsten": { + "type": "piper", + "model": "thorsten_medium.onnx", + "name": "Thorsten", + "description": "Deutsche Männerstimme (lokal, schnell)", + "language": "de", + "gender": "male", + "local": True, + }, + # === EDGE TTS VOICES (Fallback - Cloud) === + "de_katja": { + "type": "edge", + "edge_voice": "de-DE-KatjaNeural", + "name": "Katja", + "description": "Deutsche Frauenstimme (Cloud)", + "language": "de", + "gender": "female", + "local": False, + }, + "de_conrad": { + "type": "edge", + "edge_voice": "de-DE-ConradNeural", + "name": "Conrad", + "description": "Deutsche Männerstimme (Cloud)", + "language": "de", + "gender": "male", + "local": False, + }, + "de_amala": { + "type": "edge", + "edge_voice": "de-DE-AmalaNeural", + "name": "Amala", + "description": "Deutsche Frauenstimme jung (Cloud)", + "language": "de", + "gender": "female", + "local": False, + }, + "de_florian": { + "type": "edge", + "edge_voice": "de-DE-FlorianNeural", + "name": "Florian", + "description": "Deutsche Männerstimme jung (Cloud)", + "language": "de", + "gender": "male", + "local": False, + }, + # Legacy alias - maps to local Thorsten + "de_anna": { + "type": "piper", + "model": "thorsten_medium.onnx", + "name": "Anna (→ Thorsten)", + "description": "Alias für Thorsten (lokal)", + "language": "de", + "gender": "male", + "local": True, + }, +} + +DEFAULT_PIPER_VOICE = "de_thorsten" + +# Cached Piper voice instance +_piper_voice = None +_piper_available = None +_edge_available = None + + +def _get_piper_model_path(model_name: str) -> Path: + """Get full path to a Piper model.""" + return PIPER_VOICES_DIR / model_name + + +def check_piper_available() -> bool: + """Check if Piper TTS is available.""" + global _piper_available + if _piper_available is not None: + return _piper_available + + try: + from piper import PiperVoice + model_path = _get_piper_model_path("thorsten_medium.onnx") + if model_path.exists(): + _piper_available = True + logger.info(f"Piper TTS available with model: {model_path}") + else: + _piper_available = False + logger.warning(f"Piper model not found: {model_path}") + except ImportError as e: + _piper_available = False + logger.warning(f"Piper TTS not installed: {e}") + + return _piper_available + + +def _check_edge_available() -> bool: + """Check if Edge TTS is available.""" + global _edge_available + if _edge_available is not None: + return _edge_available + + try: + import edge_tts + _edge_available = True + logger.info("Edge TTS available as fallback") + except ImportError: + _edge_available = False + logger.warning("Edge TTS not installed") + + return _edge_available + + +def is_piper_loaded() -> bool: + """Check if any TTS is available.""" + return check_piper_available() or _check_edge_available() + + +def _get_piper_voice(): + """Get or create cached Piper voice instance.""" + global _piper_voice + if _piper_voice is not None: + return _piper_voice + + if not check_piper_available(): + return None + + try: + from piper import PiperVoice + model_path = _get_piper_model_path("thorsten_medium.onnx") + config_path = _get_piper_model_path("thorsten_medium.onnx.json") + + logger.info(f"Loading Piper voice from {model_path}") + _piper_voice = PiperVoice.load(str(model_path), str(config_path)) + logger.info("Piper voice loaded successfully") + return _piper_voice + except Exception as e: + logger.error(f"Failed to load Piper voice: {e}") + return None + + +@dataclass +class PiperSynthesisResult: + """Result of TTS synthesis.""" + audio: np.ndarray + sample_rate: int + duration: float + voice: str + + +async def _synthesize_with_piper( + text: str, + length_scale: float = 1.0, +) -> PiperSynthesisResult: + """Synthesize using local Piper TTS.""" + voice = _get_piper_voice() + if voice is None: + raise RuntimeError("Piper voice not available") + + logger.debug(f"Piper synthesizing: \"{text[:50]}...\"") + + # Piper uses length_scale directly (1.0 = normal, >1 = slower) + # Run in thread pool to not block async + loop = asyncio.get_event_loop() + + def _synth(): + audio_data = [] + for audio_chunk in voice.synthesize_stream_raw(text, length_scale=length_scale): + audio_data.append(audio_chunk) + return b"".join(audio_data) + + audio_bytes = await loop.run_in_executor(None, _synth) + + # Convert to numpy (16-bit PCM) + audio = np.frombuffer(audio_bytes, dtype=np.int16).astype(np.float32) / 32768.0 + sample_rate = voice.config.sample_rate + + duration = len(audio) / sample_rate + logger.debug(f"Piper synthesis complete: {duration:.2f}s, {sample_rate}Hz") + + return PiperSynthesisResult( + audio=audio, + sample_rate=sample_rate, + duration=duration, + voice="de_thorsten", + ) + + +async def _synthesize_with_edge( + text: str, + edge_voice: str, + length_scale: float = 1.0, +) -> PiperSynthesisResult: + """Synthesize using Edge TTS (cloud fallback).""" + import edge_tts + + logger.debug(f"Edge TTS synthesizing: \"{text[:50]}...\" with voice={edge_voice}") + + # Convert length_scale to rate string + rate_percent = int((1.0 / length_scale - 1.0) * 100) + rate_str = f"{rate_percent:+d}%" + + with tempfile.NamedTemporaryFile(suffix=".mp3", delete=False) as tmp_file: + tmp_path = tmp_file.name + + try: + communicate = edge_tts.Communicate(text, edge_voice, rate=rate_str) + await communicate.save(tmp_path) + + audio, sample_rate = sf.read(tmp_path) + + if len(audio.shape) > 1: + audio = audio.mean(axis=1) + + audio = audio.astype(np.float32) + duration = len(audio) / sample_rate + + logger.debug(f"Edge TTS synthesis complete: {duration:.2f}s, {sample_rate}Hz") + + return PiperSynthesisResult( + audio=audio, + sample_rate=sample_rate, + duration=duration, + voice=edge_voice, + ) + finally: + if os.path.exists(tmp_path): + os.unlink(tmp_path) + + +async def synthesize_piper( + text: str, + voice: str = DEFAULT_PIPER_VOICE, + length_scale: float = 1.0, +) -> PiperSynthesisResult: + """ + Synthesize speech - uses local Piper if available, falls back to Edge TTS. + + Args: + text: Text to synthesize + voice: Voice ID (e.g., "de_thorsten", "de_katja") + length_scale: Speed control (1.0 = normal, >1 = slower, <1 = faster) + + Returns: + PiperSynthesisResult with audio data + """ + if not text.strip(): + raise ValueError("Text cannot be empty") + + # Get voice config + if voice not in PIPER_VOICES: + logger.warning(f"Unknown voice: {voice}, using default {DEFAULT_PIPER_VOICE}") + voice = DEFAULT_PIPER_VOICE + + voice_config = PIPER_VOICES[voice] + voice_type = voice_config.get("type", "piper") + + # Try local Piper first for piper-type voices + if voice_type == "piper" and check_piper_available(): + try: + return await _synthesize_with_piper(text, length_scale) + except Exception as e: + logger.warning(f"Piper synthesis failed, trying Edge fallback: {e}") + + # Use Edge TTS for edge-type voices or as fallback + if _check_edge_available(): + edge_voice = voice_config.get("edge_voice", "de-DE-ConradNeural") + if voice_type == "piper": + # Fallback: use Conrad for male voices + edge_voice = "de-DE-ConradNeural" + return await _synthesize_with_edge(text, edge_voice, length_scale) + + raise RuntimeError("No TTS backend available (neither Piper nor Edge TTS)") + + +def list_piper_voices() -> list[dict]: + """List all available German voices.""" + voices = [] + piper_available = check_piper_available() + edge_available = _check_edge_available() + + for voice_id, config in PIPER_VOICES.items(): + # Skip legacy alias + if voice_id == "de_anna": + continue + + voice_type = config.get("type", "piper") + is_available = (voice_type == "piper" and piper_available) or \ + (voice_type == "edge" and edge_available) + + voices.append({ + "id": voice_id, + "name": config["name"], + "description": config["description"], + "language": config["language"], + "gender": config.get("gender", "unknown"), + "local": config.get("local", False), + "installed": is_available, + "loaded": is_available, + }) + + # Sort: local voices first + voices.sort(key=lambda v: (not v["local"], v["id"])) + + return voices + + +def get_piper_voice(voice_id: str) -> Optional[dict]: + """Get voice configuration by ID.""" + if voice_id not in PIPER_VOICES: + return None + + config = PIPER_VOICES[voice_id] + voice_type = config.get("type", "piper") + piper_available = check_piper_available() + edge_available = _check_edge_available() + + is_available = (voice_type == "piper" and piper_available) or \ + (voice_type == "edge" and edge_available) + + return { + "id": voice_id, + "name": config["name"], + "description": config["description"], + "language": config["language"], + "gender": config.get("gender", "unknown"), + "local": config.get("local", False), + "installed": is_available, + "loaded": is_available, + } + + +async def download_piper_voice(voice_id: str) -> bool: + """Check if voice is available.""" + if voice_id not in PIPER_VOICES: + return False + + config = PIPER_VOICES[voice_id] + voice_type = config.get("type", "piper") + + if voice_type == "piper": + return check_piper_available() + elif voice_type == "edge": + return _check_edge_available() + + return False diff --git a/services/mana-tts/install-service.sh b/services/mana-tts/install-service.sh new file mode 100755 index 000000000..719bd3d3b --- /dev/null +++ b/services/mana-tts/install-service.sh @@ -0,0 +1,45 @@ +#!/bin/bash +# Install mana-tts as a launchd service on macOS +# Run this script on the Mac Mini server + +set -e + +SERVICE_NAME="com.manacore.mana-tts" +PLIST_FILE="$SERVICE_NAME.plist" +SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)" +LAUNCH_AGENTS_DIR="$HOME/Library/LaunchAgents" +LOG_DIR="$HOME/logs" + +echo "Installing mana-tts launchd service..." + +# Create logs directory +mkdir -p "$LOG_DIR" + +# Stop existing service if running +if launchctl list | grep -q "$SERVICE_NAME"; then + echo "Stopping existing service..." + launchctl unload "$LAUNCH_AGENTS_DIR/$PLIST_FILE" 2>/dev/null || true +fi + +# Copy plist to LaunchAgents +cp "$SCRIPT_DIR/$PLIST_FILE" "$LAUNCH_AGENTS_DIR/" + +# Load the service +echo "Loading service..." +launchctl load "$LAUNCH_AGENTS_DIR/$PLIST_FILE" + +# Check status +sleep 2 +if launchctl list | grep -q "$SERVICE_NAME"; then + echo "Service installed and running!" + echo "" + echo "Useful commands:" + echo " View logs: tail -f $LOG_DIR/mana-tts.log" + echo " View errors: tail -f $LOG_DIR/mana-tts.error.log" + echo " Stop: launchctl unload $LAUNCH_AGENTS_DIR/$PLIST_FILE" + echo " Start: launchctl load $LAUNCH_AGENTS_DIR/$PLIST_FILE" + echo " Health check: curl http://localhost:3022/health" +else + echo "ERROR: Service failed to start. Check logs at $LOG_DIR/mana-tts.error.log" + exit 1 +fi