Documented two additional staging deployment issues discovered today:
Problem 5: Client-Side Calling localhost Instead of Public IP
- Root cause: process.env not available in browser
- Solution: Use hooks.server.ts transformPageChunk to inject window.__VAR__
- Pattern: Separate _CLIENT env vars for browser access
Problem 6: CORS Blocking Cross-Origin Requests
- Root cause: Different ports = different origins
- Solution: Add CORS_ORIGINS env var to mana-core-auth
- Verification: Test with curl OPTIONS preflight
Also added:
- Updated checklist with CORS and client URL verification
- 4 new lessons learned (#7-#10)
- Environment variable flow diagram
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Allow cross-origin requests from chat-web (port 3000) and chat-backend (port 3002)
to mana-core-auth (port 3001) on staging server.
Without this, browser requests from chat-web to mana-core-auth are blocked
by CORS policy since they're on different ports (3000 vs 3001).
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Problem: Browser was calling localhost:3001 instead of staging server IP
because environment variables from Docker aren't available client-side.
Solution:
1. Add PUBLIC_*_CLIENT env vars to docker-compose.staging.yml for browser URLs
2. Inject these into window.__PUBLIC_*__ via hooks.server.ts transformPageChunk
3. Auth store reads from window variable for client-side requests
This pattern properly handles:
- SSR: Uses Docker internal URLs (http://mana-core-auth:3001)
- Client: Uses public URLs (http://46.224.108.214:3001)
- Local dev: Falls back to localhost
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Comprehensive documentation of the staging deployment journey including:
- Problem 1: GitHub workflow file extensions (.yml.bak to disable)
- Problem 2: chat-backend health check path (/api/v1/health not /api/health)
- Problem 3: SvelteKit static env imports (use runtime patterns for Docker)
- Problem 4: Orphan Docker containers
Also fixes the cd-staging.yml health check path for chat-backend to match
the actual NestJS endpoint at /api/v1/health.
Includes checklists, debugging commands, and lessons learned.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
The chat-backend NestJS health endpoint is at /api/v1/health, not /api/health.
This was causing the container to be marked as unhealthy, preventing chat-web
from starting due to its depends_on condition.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
GitHub was running .full.yml files as workflows. Changed extension
to .bak which GitHub won't recognize.
To restore:
mv file.yml.bak file.yml
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Changed PUBLIC_MANA_CORE_AUTH_URL from $env/static/public to runtime
environment variables so the Docker build doesn't fail.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Renamed test.yml and test-coverage.yml to .disabled extension to
completely stop them from running during rapid iteration testing.
Only mana-core-auth and chat Docker builds run now on main branch.
To re-enable later:
mv .github/workflows/test.yml.disabled .github/workflows/test.yml
mv .github/workflows/test-coverage.yml.disabled .github/workflows/test-coverage.yml
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Before: validate job installed ALL deps + built ALL packages (~10 min)
After: Just build 3 Docker images in parallel (~3-5 min)
Each Dockerfile handles its own dependencies, no pre-validation needed.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add @sveltejs/adapter-node for server-side rendering
- Create Dockerfile for chat web SvelteKit app
- Add /health endpoint for container health checks
- Add chat-web service to docker-compose.staging.yml
- Update CI/CD workflow with chat-web health check
The chat app now deploys with both backend and web frontend:
- mana-core-auth (port 3001) - central auth
- chat-backend (port 3002) - API
- chat-web (port 3000) - web frontend
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Archived full staging config for future restoration:
- docker-compose.staging.full.yml (includes manadeck, nginx)
- .github/workflows/cd-staging.full.yml (includes all health checks)
Simplified staging deployment:
- Only deploys postgres, redis, mana-core-auth, chat-backend
- Added database creation step for manacore_auth and chat DBs
- Faster iteration for testing central auth integration
To restore full config:
cp docker-compose.staging.full.yml docker-compose.staging.yml
cp .github/workflows/cd-staging.full.yml .github/workflows/cd-staging.yml
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Fixed NestJS dependency injection error in ChatService by converting type-only import to regular import.
Root cause: Type-only imports are erased at compile time, causing NestJS to fail dependency injection at runtime.
Error: "Nest can't resolve dependencies of the ChatService (?, DATABASE_CONNECTION)"
This was the same issue we fixed in mana-core-auth services.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Fixed remaining NestJS dependency injection issues by converting type-only imports to regular imports for all injectable services used in controllers and service dependencies.
Changes:
- feedback.service.ts: Fixed AiService import (was causing "argument Function at index [1]" error)
- auth.controller.ts: Fixed BetterAuthService import
- feedback.controller.ts: Fixed FeedbackService import
- credits.controller.ts: Fixed CreditsService import
- settings.controller.ts: Fixed SettingsService import
Root cause: Type-only imports (`import { type X }`) are erased at compile time, causing NestJS to fail dependency injection at runtime. All injectable classes must use regular imports.
Verified locally: All modules initialize successfully without DI errors.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Found and fixed type-only ConfigService imports in 6 service files that were causing "Nest can't resolve dependencies" errors:
- better-auth.service.ts (BetterAuthService)
- ai.service.ts (AiService)
- settings.service.ts
- feedback.service.ts
- credits.service.ts
- jwt-auth.guard.ts
- optional-auth.guard.ts
Type-only imports are erased at compile time, preventing NestJS from injecting the ConfigService class at runtime.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Document the type-only import issue that causes "Nest can't resolve dependencies" errors. This was the root cause of the AiService injection failure that took significant debugging to identify.
Key learnings:
- Type-only imports are erased at compile time
- NestJS needs actual class imports for DI
- Docker cache can mask source code changes
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
The `type` keyword on ConfigService import was causing NestJS to fail resolving the dependency at runtime, as type-only imports are erased during compilation. Changed to regular import to fix DI.
Error was: "Nest can't resolve dependencies of the AiService (?)"
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Fixes NestJS dependency injection error where AiService couldn't
resolve ConfigService dependency.
Error:
> Nest can't resolve dependencies of the AiService (?).
> Please make sure that the argument Function at index [0] is available
Root cause: AiModule was missing ConfigModule in its imports array,
but AiService constructor requires ConfigService to read ai.geminiApiKey.
This was preventing mana-core-auth from starting in staging deployment.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Reduced GitHub Secrets requirements from 21 to 12 by hardcoding
non-sensitive configuration values directly in the workflow file.
Changes:
- Hardcoded: DB/Redis host/port, STAGING_HOST, STAGING_USER, MANA_SERVICE_URL
- Keep as secrets: passwords, API keys, JWT keys, SSH private key
- Updated generate-staging-secrets.sh to reflect reduced secret list
- Added get-ssh-key.sh helper script for SSH key extraction
Benefits:
- Fewer secrets to manage in GitHub
- Configuration visible in code review
- Easier to update non-sensitive values (no UI navigation)
- Better separation of config vs secrets
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Fixes two critical deployment issues:
1. Postgres Container Startup Failure:
- Remove missing init.sql volume mount that caused postgres to fail
- Postgres was trying to mount ./docker/postgres/init.sql which doesn't exist
- Added REDIS_PASSWORD environment variable
2. Health Check SSH Issues:
- Consolidated health checks into single SSH session
- Increased wait time from 30s to 60s for services to fully initialize
- Improved health check output with clear status messages
- Added container status logging for debugging
3. Docker Compose Improvements:
- Remove obsolete 'version: 3.9' field (deprecated in Compose v2)
- Increase initial startup wait from 10s to 15s
Changes to docker-compose.staging.yml:
- Removed non-existent init.sql volume mount from postgres
- Removed obsolete version field
Changes to .github/workflows/cd-staging.yml:
- Added REDIS_PASSWORD to environment variables
- Consolidated health checks into single SSH session (fixes "ssh: command not found")
- Increased wait times for service initialization
- Improved logging and error messages
This should fix the "dependency failed to start: container manacore-postgres-staging is unhealthy" error.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Changes to .github/workflows/cd-staging.yml:
- Add Docker login step for GitHub Container Registry (ghcr.io)
- Add permissions for packages:read
- Update service deployment options to only include services with Dockerfiles
- Update health checks to match deployed services
Changes to docker-compose.staging.yml:
- Comment out services without Dockerfiles:
- maerchenzauber-backend (no Dockerfile yet)
- nutriphi-backend (no Dockerfile yet)
- news-api (no Dockerfile yet)
- Keep only services with Docker images:
- mana-core-auth ✅
- chat-backend ✅
- manadeck-backend ✅
- Update nginx dependencies to remove disabled services
This fixes the "error from registry: denied" error that was preventing
staging deployments. The deployment was trying to pull Docker images
that were never built because those services don't have Dockerfiles.
Now only services with actual Docker images will be deployed to staging.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Changes:
- Replace npm with pnpm for workspace dependency support
- Copy workspace files (pnpm-workspace.yaml, package.json, pnpm-lock.yaml)
- Copy and build shared package dependencies:
- @manacore/shared-errors
- @manacore/manadeck-database
- @mana-core/nestjs-integration
- Use pnpm install --frozen-lockfile
- Update base image to node:20-alpine
- Use dumb-init for proper signal handling
This fixes the "Unsupported URL Type 'workspace:'" error that was
preventing Docker builds. The new approach matches the pattern used
by the chat backend Dockerfile.
Fixes build error in CI/CD pipeline.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Parent workspace packages (apps/*/package.json, games/*/package.json) had
build scripts that called 'turbo run build' or 'pnpm run --recursive build',
creating infinite recursion when root turbo orchestrates builds.
When root turbo runs 'build', it finds packages with build scripts and
executes them. If those scripts also call 'turbo run build', it spawns
another turbo process → infinite loop.
Changes:
- Removed 'build' script from 7 parent packages (calendar, contacts, zitare, picture, presi, mana-games, voxel-lava)
- Also removed redundant 'clean', 'lint', 'type-check' scripts where they had recursive calls
- Root turbo.json already handles orchestration of these tasks
This follows the guideline in CLAUDE.md:
> Parent workspace packages must NEVER have scripts that call turbo run
> for tasks that turbo orchestrates from the root.
Fixes CI build timeout (was running for 10+ minutes with infinite task spawning).
- Copy packages/shared-nestjs-auth in build stage
- Build shared-nestjs-auth before backend
- Resolves TS2307 errors in Docker build CI
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Fixed formatting in 21 files across calendar, contacts, manacore, manadeck,
picture, storage apps and shared-ui package.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- lint:root: run ESLint with root config on all files
- lint:fix: run ESLint with auto-fix
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add eslint.config.mjs at root with TypeScript/JS rules
- Configure lint-staged to run ESLint --fix on JS/TS files
- Add ESLint dependencies to root package.json
- Set "type": "module" in package.json to fix module warning
- Ignore projects with their own ESLint configs
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Compact header styling with smaller buttons and reduced padding
- Add configurable hour filter display in header
- Add QuickEventOverlay component for fast event creation
- Add allDayDisplayMode to event metadata types
- Extend settings store with filter hours configuration
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Fixes race condition in CI where stale dist/renderers.mjs causes build failures.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Install lint-staged to format staged files before commit
- Update pre-commit hook to run lint-staged then type-check
- Auto-format ts, tsx, js, jsx, json, md, svelte, astro files
Run prettier --write to fix formatting inconsistencies in 80 files
across calendar, contacts, picture, presi, storage, zitare apps
and shared packages/documentation.
