Align all 20 web app auth stores to a consistent pattern:
- Use DEV_* constants with import.meta.env.DEV guard (no localhost leak in prod)
- Pass backendUrl to initializeWebAuth for automatic 401 token refresh
- Add redirectTo to forgotPassword for correct post-reset redirect
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The onboarding package was imported in the layout but not copied
into the Docker build context, causing production builds to fail.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Move secondary navigation items (Themes, Spiral) from the main pill
nav bar into the user profile dropdown menu. Feedback and Settings
were already there. This declutters the main nav to just core views:
Liste, Kanban, Filter, Tags.
Add themesHref and spiralHref optional props to PillNavigation
component so any app can show these in the user dropdown.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The browser error tracking hooks.client.ts added earlier requires the
shared-error-tracking package to be copied and built in the Docker image.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Raise FAB z-index from 50 to 1002 so close button is clickable above PillNav (z:1000)
- Remove Settings from standalone nav items (already in account dropdown)
- Move Mana button from standalone pill into account dropdown
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add @sentry/browser integration via shared-error-tracking/browser export
and hooks.client.ts in every web app for client-side error reporting to GlitchTip.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Create Analytics.astro component in @manacore/shared-landing-ui that
automatically tracks CTA clicks and pricing section views via Umami.
The component uses event delegation and auto-detection of section
context (hero/pricing/footer) from section IDs or DOM position,
requiring zero changes to existing landing page content.
Tracked events: cta_click (with location), pricing_viewed,
pricing_plan_selected (with plan name)
Added to all 10 landing page Layout.astro files.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace hardcoded Umami website IDs in all 10 Astro landing pages with
import.meta.env.PUBLIC_UMAMI_WEBSITE_ID, following the same pattern
as the web apps.
- Add UMAMI_WEBSITE_ID_*_LANDING vars for all 10 landings in .env.development
- Add landing page configs to generate-env.mjs
- Replace hardcoded IDs with env var in 7 existing Layout.astro files
- Add Umami tracking to 3 missing landings (NutriPhi, Presi, Mukke)
- Fix Todo Landing invalid ID ("todo-landing" -> proper UUID)
- Update ANALYTICS.md with new landing page IDs
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Create @manacore/shared-utils/security-headers with setSecurityHeaders()
utility that sets standard security headers (CSP, X-Frame-Options,
X-Content-Type-Options, Referrer-Policy, Permissions-Policy).
CSP includes stats.mana.how (Umami) and glitchtip.mana.how by default.
Each app passes its own connectSrc origins (auth URL, backend URL, etc.).
Previously only Calendar and Storage had CSP headers - now all 17 web
apps have consistent security headers via the shared utility.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The production domain is mana.how, not manacore.app. Updated all
references across shared-branding APP_URLS, app configs, landing pages,
docs, help content, calendar iCal UIDs, and deploy scripts.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Move Umami analytics from hardcoded script tags in app.html to
server-side injection via hooks.server.ts. Website IDs are now
managed centrally in .env.development and distributed via
generate-env.mjs as PUBLIC_UMAMI_WEBSITE_ID.
- Add @manacore/shared-utils/analytics-server with injectUmamiAnalytics()
- Add UMAMI_WEBSITE_ID_* for all 17 web apps to .env.development
- Add PUBLIC_UMAMI_WEBSITE_ID mapping in generate-env.mjs for all web apps
- Update 10 existing hooks.server.ts to use shared utility
- Create 7 new hooks.server.ts (picture, planta, presi, photos, clock,
questions, manadeck)
- Remove hardcoded Umami scripts from all 17 app.html files
- Add missing Umami tracking to Mukke and Questions
- Add shared-utils dependency to 6 web apps that lacked it
- Update ANALYTICS.md with architecture docs and "add new app" guide
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Remove hand-written sw.js, offline.html, and manifest.json from todo/skilltree/zitare web apps
in favor of the Workbox-based service worker generated by @vite-pwa/sveltekit. This fixes an
issue where the custom SW could get stuck serving the offline fallback page even when the server
was reachable. Also extracts the duplicated offline page (~80 lines each across 19 apps) into a
shared OfflinePage component in @manacore/shared-ui with 3 props (appName, offlineMessage,
accentColor), reducing each app's offline route to an 8-line wrapper.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add BUILD_TIME and BUILD_HASH exports to all version.ts files
- Add getBuildDefines() to all vite.config.ts for compile-time injection
- Add buildTime prop to shared LoginPage component
- Display formatted date/time next to version number (e.g. "v1.0.0 · 21.03.2026 10:30")
- Add app.d.ts type declarations for __BUILD_TIME__ and __BUILD_HASH__
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add docker/Dockerfile.nestjs-base with all shared packages pre-built
- Convert 6 backend Dockerfiles (chat, todo, calendar, clock, contacts,
mukke) to inherit from nestjs-base:local
- Fix bugs: duplicate shared-nestjs-setup builds (mukke), unnecessary
shared-error-tracking rebuild in production stage (chat, clock)
- CD pipeline builds base image before services when backends deploy
- Net reduction: 317 lines removed, 112 added (-205 lines)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Dockerfile, docker-compose service (port 5100), Caddy and cloudflared
routing for the WhoPixels game. PORT is now configurable via env var.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add pnpm prune --prod and remove .ts/.map/test/docs files from
node_modules in the builder stage for chat, todo, calendar, clock,
and contacts backends. Same approach as mana-core-auth optimization.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Feedback is now a sub-item under the Konto (user) dropdown in PillNavigation
instead of a standalone pill in the nav bar. Added feedbackHref prop to
PillNavigation (defaults to /feedback) and removed feedback from nav items
in all 11 apps and shared app-routes config.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add batch cover-url endpoint (POST /library/cover-urls) to efficiently
resolve multiple cover art presigned URLs in a single request. Integrate
cover art display across all UI surfaces: album grid, album detail header,
song list thumbnails, playlist grid, and playlist detail song list.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Ensure shared-nestjs-metrics, shared-nestjs-setup, and shared-error-tracking
are all built in correct dependency order before the backend build step.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
All 3 backends (calendar, contacts, todo) need these packages copied and
built in the Docker build stage for error tracking and Swagger support.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Reflect production readiness improvements: Chat 74→82, Picture 72→81, Mukke 71→80.
Also fix Dockerfiles to include shared-error-tracking and shared-nestjs-setup packages.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Infrastructure:
- Add GlitchTip (web + worker) to docker-compose.macmini.yml (port 8020)
- Add glitchtip.mana.how to Cloudflare Tunnel config
- Add glitchtip database to init-db SQL
- Add GLITCHTIP_DSN to .env.development
Shared Package (@manacore/shared-error-tracking):
- initErrorTracking() - Sentry-compatible init with GlitchTip DSN
- captureException(), captureMessage(), setUser(), setTag(), flush()
- SentryExceptionFilter for NestJS (captures 5xx errors only)
- Graceful no-op when DSN is not configured
Integration:
- Add instrument.ts to calendar, contacts, todo backends
- Import instrument.ts before app bootstrap in all 3 main.ts files
- Error tracking auto-initializes when GLITCHTIP_DSN env var is set
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add skip-to-content link ("Zum Inhalt springen") to all 3 app layouts
- Add id="main-content" to main content areas
- Add ariaLabel prop to shared PillNavigation component
- Set aria-label="Hauptnavigation" on nav elements in all 3 apps
- Add aria-label to icon-only nav toggle button in todo
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Extend shared-nestjs-setup bootstrapApp with optional swagger config
- Auto-setup Swagger/OpenAPI when swagger: true is passed
- Add @nestjs/swagger as optional peer dependency
- Enable swagger in calendar (:3014/api/docs), contacts (:3015/api/docs), todo (:3018/api/docs)
- Migrate todo main.ts from custom bootstrap to shared bootstrapApp
- JWT Bearer auth configured in Swagger UI
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add +error.svelte to Calendar (blue) and Todo (emerald) web apps
- Add FR, IT, ES locale files for Contacts (216 keys each)
- Add FR, IT, ES locale files for Todo (104 keys each)
- Update i18n index.ts to register new locales
All three apps now support DE, EN, FR, IT, ES
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Calendar: validate startTime < endTime on event create/update, verify
share invitation recipient matches accepting user, add @MaxLength on
search DTO, use ConfigService for FRONTEND_URL, fix Docker default port.
Contacts: replace Error with NotFoundException in tag controller, verify
contact ownership before tag operations, add @ArrayMaxSize(100) on batch
DTOs, add unique constraint on contact tags (userId, name), add
@MaxLength(10000) on note content, reorder photo upload for safety.
Todo: add self-referencing FK on parentTaskId with cascade delete,
validate parent task ownership on create, add @Min/@Max on query
limit/offset, add @MaxLength(500) on search, add error handling to
quick add in web app.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
All SvelteKit web apps now have complete auth flows:
- login, register, forgot-password, and reset-password
Changes:
- Add reset-password page to: chat, clock, contacts, context,
manadeck, nutriphi, planta, presi, questions, skilltree,
todo, zitare, photos
- Add forgot-password page to photos (was also missing)
- Add resetPasswordWithToken() method to all 13 auth stores
- Each page customized with app-specific logo, colors, branding
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Critical bugs: fix contacts delete() inverted logic, fix photo URLs
hardcoded to localhost:9000. Add missing DB indexes across all three
apps (27 indexes total). Add data integrity constraints: cascade delete
on tasks.projectId, unique label names per user, unique default calendar
per user with race condition handling. Wrap 12 multi-step operations in
transactions (todo). Replace contacts duplicate detection full-table scan
with targeted SQL GROUP BY queries. Fix calendar N+1 event tag queries
with batch loading. Fix contacts tagId filter not being applied. Add
proper RRULE error logging. Clear calendar auth store on sign-out.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Calendar backend: upgrade jest 29→30 to fix broken pnpm symlink
(jest 29 wasn't resolving in pnpm store, all 63 tests now pass)
- Contacts backend: add @nestjs/throttler (100 req/min)
- Todo backend: add @nestjs/throttler (100 req/min)
- Consistent rate limiting across all three backends (calendar already had it)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Restructure standalone traces app into monorepo pattern with mobile + backend + shared types.
Add NestJS backend with Drizzle ORM schema for locations, cities, places, POIs, and AI guides.
Add mobile sync layer, cities tab, and guide generation UI. Fix pre-existing type errors across
mobile codebase, matrix-mana-bot (sendDirectMessage), llm-playground, and all web auth stores
(signUp call signature).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Remove isSidebarMode and onModeChange props from PillNavigation
- Remove desktopPosition prop (always bottom now)
- Remove toolbarContent snippet support
- Simplify PillTabGroup (remove sidebar mode)
- Update navigation-simple.ts store factory
- Remove navigation position settings from GlobalSettingsSection
- Update all 12 app layouts to use simplified navigation
- Add missing @sqlite.org/sqlite-wasm dependency to calendar
BREAKING CHANGE: PillNavigation no longer supports sidebar mode.
Navigation is now always horizontal at the bottom of the screen.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add interactive spiral database visualization to todo app:
- SpiralCanvas component for pixel-based image rendering
- Reactive Svelte 5 store for SpiralDB state management
- Full /spiral page with stats, zoom, grid toggle, emoji view
- Import existing todos into spiral format
- PNG export/download functionality
- Navigation link in app layout
Add @vite-pwa/sveltekit and @manacore/shared-pwa devDependencies
to enable unified PWA architecture across all web applications:
- Calendar, Chat, Clock, Contacts, LightWrite
- ManaCore, ManaDeck, Matrix, NutriPhi, Photos
- Picture, Planta, Presi, Questions, Skilltree
- Storage, Todo, Zitare
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add all new organization management endpoints to API table
- Add new Invitations section for invitation endpoints
- Update controller JSDoc with complete endpoint list
- Update last updated date
