Calendar: validate startTime < endTime on event create/update, verify
share invitation recipient matches accepting user, add @MaxLength on
search DTO, use ConfigService for FRONTEND_URL, fix Docker default port.
Contacts: replace Error with NotFoundException in tag controller, verify
contact ownership before tag operations, add @ArrayMaxSize(100) on batch
DTOs, add unique constraint on contact tags (userId, name), add
@MaxLength(10000) on note content, reorder photo upload for safety.
Todo: add self-referencing FK on parentTaskId with cascade delete,
validate parent task ownership on create, add @Min/@Max on query
limit/offset, add @MaxLength(500) on search, add error handling to
quick add in web app.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Critical bugs: fix contacts delete() inverted logic, fix photo URLs
hardcoded to localhost:9000. Add missing DB indexes across all three
apps (27 indexes total). Add data integrity constraints: cascade delete
on tasks.projectId, unique label names per user, unique default calendar
per user with race condition handling. Wrap 12 multi-step operations in
transactions (todo). Replace contacts duplicate detection full-table scan
with targeted SQL GROUP BY queries. Fix calendar N+1 event tag queries
with batch loading. Fix contacts tagId filter not being applied. Add
proper RRULE error logging. Clear calendar auth store on sign-out.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Calendar backend: upgrade jest 29→30 to fix broken pnpm symlink
(jest 29 wasn't resolving in pnpm store, all 63 tests now pass)
- Contacts backend: add @nestjs/throttler (100 req/min)
- Todo backend: add @nestjs/throttler (100 req/min)
- Consistent rate limiting across all three backends (calendar already had it)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add 22 E2E tests across 5 test suites covering auth, calendar views,
settings, event CRUD, and calendar management. Tests that require the
calendar backend gracefully skip when it's not running.
Also fixes: hooks.server.ts env fallbacks, ThrottlerGuard DI error,
and auth metrics service TypeScript error.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The package was imported but not listed in package.json, causing
Docker builds to fail since hoisted node_modules aren't available.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Backend/Web Dockerfiles: use PORT env var in healthcheck (was hardcoded)
- Web Dockerfile: align default port to 5012 (matching docker-compose)
- docker-compose.macmini.yml: add ENCRYPTION_KEY env var for calendar-backend
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add AES-256-GCM encryption for CalDAV/Apple passwords in sync service
- Add rate limiting (100 req/min) via @nestjs/throttler
- Add pagination (limit/offset) to events API with metadata response
- Add security headers (CSP, X-Frame-Options, etc.) to web app
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Restructure standalone traces app into monorepo pattern with mobile + backend + shared types.
Add NestJS backend with Drizzle ORM schema for locations, cities, places, POIs, and AI guides.
Add mobile sync layer, cities tab, and guide generation UI. Fix pre-existing type errors across
mobile codebase, matrix-mana-bot (sendDirectMessage), llm-playground, and all web auth stores
(signUp call signature).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Remove isSidebarMode and onModeChange props from PillNavigation
- Remove desktopPosition prop (always bottom now)
- Remove toolbarContent snippet support
- Simplify PillTabGroup (remove sidebar mode)
- Update navigation-simple.ts store factory
- Remove navigation position settings from GlobalSettingsSection
- Update all 12 app layouts to use simplified navigation
- Add missing @sqlite.org/sqlite-wasm dependency to calendar
BREAKING CHANGE: PillNavigation no longer supports sidebar mode.
Navigation is now always horizontal at the bottom of the screen.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add @vite-pwa/sveltekit and @manacore/shared-pwa devDependencies
to enable unified PWA architecture across all web applications:
- Calendar, Chat, Clock, Contacts, LightWrite
- ManaCore, ManaDeck, Matrix, NutriPhi, Photos
- Picture, Planta, Presi, Questions, Skilltree
- Storage, Todo, Zitare
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add all new organization management endpoints to API table
- Add new Invitations section for invitation endpoints
- Update controller JSDoc with complete endpoint list
- Update last updated date
- Add new ViewsBar component with same design as InputBar
- Position ViewsBar next to InputBar (left on desktop, above on mobile)
- Remove view switcher from PillNavigation prependElements
- Remove PillViewSwitcher from CalendarToolbarContent
- Clean up unused imports and code from layout
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Update all 15 web apps with correct Umami website IDs:
- calendar, chat, clock, contacts, manacore, manadeck, picture, planta, todo: updated IDs
- zitare, storage, nutriphi, skilltree, photos, presi: added tracking
All IDs now match the websites configured in Umami.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Increase resize handle height from 8px to 20px with visual grip indicator
- Show live time preview during resize operations
- Add drag-to-create functionality: click and hold on empty cell to drag and create events with custom duration
- Fix zitare TypeScript errors (SearchResultItem -> QuickInputItem, createUserSettingsStore API)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add PillTagSelector component for tag selection in navigation
- Remove separate TagStrip bar (saves 70px vertical space)
- Add tag-selector support to PillNavigation element rendering
- Remove hasTagStrip prop from DateStrip/DateStripFab components
- Export PillTagSelector and types from shared-ui
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add padding-top (1rem) and padding-bottom (200px) to time-column and day-column
- Ensures content can be scrolled past the bottom UI (PillNav, InputBar, etc.)
- Applied to DayView, WeekView, and MultiDayView
- Hide tasks in calendar by default on app load (not persisted from sessions)
- Auto-scroll to current hour when loading DayView, WeekView, MultiDayView
- Center current hour in viewport for immediate visibility
- Exclude task/sidebar settings from cloud sync to ensure clean initial state
Changed sharedWithUserId and invitedBy from UUID to TEXT type
in calendar_shares table to match Mana Core Auth user ID format.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
All backends with setGlobalPrefix('api/v1') were registering routes
as /api/v1/api/v1/admin instead of /api/v1/admin. Changed all admin
controllers to use @Controller('admin') instead of @Controller('api/v1/admin').
Affected backends:
- calendar
- contacts
- picture
- presi
- todo
- zitare
- chat
Note: storage backend still uses @Controller('api/v1/admin') as it has
no global prefix.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Disable api-gateway and skilltree-web (no working images/Dockerfiles)
- Fix mana-search Dockerfile healthcheck port and endpoint
- Update health-check.sh to skip disabled services
- Fix search service health endpoint (/api/v1/health)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
All backends use postgres-js driver, not node-postgres. The admin
services incorrectly imported from drizzle-orm/node-postgres which
caused runtime errors: "Cannot find module 'pg'"
Fixed in: chat, todo, calendar, contacts, picture, zitare
The root package.json postinstall script runs scripts/generate-env.mjs
which doesn't exist in the Docker build context. Using --ignore-scripts
skips this postinstall step since env generation isn't needed in Docker.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add comprehensive admin dashboard to view and manage user data across all projects:
Backend:
- Add admin endpoints to Chat, Todo, Contacts, Calendar, Picture, Zitare, Presi
- Each backend exposes GET/DELETE /api/v1/admin/user-data/:userId
- Service-to-service auth via X-Service-Key header
Aggregation (mana-core-auth):
- GET /api/v1/admin/users - Paginated user list with search
- GET /api/v1/admin/users/:userId/data - Aggregated data from all backends
- DELETE /api/v1/admin/users/:userId/data - GDPR deletion across all projects
Frontend (ManaCore web):
- New User Data tab in admin navigation
- User search page at /admin/user-data
- User detail page with ProjectDataCard components
- GDPR deletion dialog with email confirmation
Presi:
- Migrate user_id from UUID to TEXT for Better Auth compatibility
- Add SQL migration script
Simplify the bottom bars by removing the unused sidebar mode:
- Remove isSidebarMode prop from all components
- Remove sidebar-related CSS classes and styles
- Simplify CalendarToolbar to pure wrapper component
- Remove localStorage persistence for sidebar mode
This removes ~230 lines of unused code across 8 files.
- Add showTasksInCalendar setting (default: false) to hide task blocks
- Auto-scroll time-grid views to 12:00 on initial load for better UX
- Tasks can be re-enabled via settings toggle
Add Single Sign-On (SSO) support across all mana.how subdomains:
- Add trySSO() method to @manacore/shared-auth that exchanges session
cookies for JWT tokens
- Add /api/v1/auth/session-to-token endpoint to mana-core-auth service
- Update all 15 web apps to try SSO during auth initialization
SSO Flow:
1. User logs in on any app (e.g., calendar.mana.how)
2. Session cookie is set with Domain=.mana.how
3. When visiting another app (e.g., todo.mana.how), it checks for
local tokens first
4. If no local tokens, tries SSO via session cookie
5. Session cookie is exchanged for JWT tokens via new endpoint
6. User is automatically authenticated
Apps updated: calendar, chat, clock, contacts, manacore, manadeck,
nutriphi, picture, planta, presi, questions, skilltree, storage,
todo, zitare
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The calendar frontend integrates with todo and contacts backends
for tasks and birthdays. The env vars were only available during
SSR, not in client-side JavaScript.
- Add PUBLIC_TODO_BACKEND_URL and PUBLIC_CONTACTS_API_URL injection
in hooks.server.ts
- Update todos.ts to use injected window variable
- Update birthdays.ts to use injected window variable
Fixes 404 errors on calendar.mana.how for /tasks/* and /contacts/birthdays
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Build matrix-mana-bot only for linux/amd64 (arm64 fails due to QEMU)
- Move pnpm overrides for cpu-features and ssh2 to root package.json
- These native deps cause illegal instruction errors under QEMU emulation
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add prominent email verification success UI with resend button
- Show resend verification option when registration fails with "not verified" error
- Improve form spacing with space-y-4 for better visual consistency
- Add translations for resend verification in all languages (de, en, fr, it, es)
- Update all 13 app register pages to pass onResendVerification prop
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Simplify vite.config.ts files to avoid type incompatibility errors
caused by different @types/node versions across the monorepo
- Add missing set() method to isSidebarMode store in matrix/web
Affected apps: calendar, chat, clock, contacts, manacore, manadeck,
matrix, nutriphi, picture, planta, presi, questions, storage, todo
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Define compiler options locally instead of extending shared-tsconfig
to fix drizzle-orm type compatibility issues. Also add missing
shared-vite-config dependency to skilltree/web.
Fixed backends:
- calendar, chat, clock, contacts, nutriphi
- picture, presi, questions, skilltree, todo
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Remove demo events and related data files
- Redirect unauthenticated users to /login
- Remove AuthGateModal, GuestWelcomeModal
- Remove demo banner and related CSS
- Simplify events store (no more demo checks)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add build script to compile TypeScript to dist/
- Update exports to point to compiled files
- Update calendar-web Dockerfile to build shared-vite-config
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add mana-search + SearXNG to docker-compose.macmini.yml
- Add api-gateway dependency on mana-search
- Add CI workflow for building mana-search Docker image
- Add CI workflow for building api-gateway Docker image
- Add factory for writable navigation stores with optional persistence
- Support toolbar collapsed state with withToolbar option
- Migrate all 10 navigation stores to use shared factory
- Clock saves 32 LOC with built-in localStorage persistence
Savings: ~50 LOC (68 LOC removed, factory adds reusable 94 LOC)
- Add missing packages to MANACORE_SHARED_PACKAGES list
- Migrate all SvelteKit apps to use createViteConfig/mergeViteConfig
- Matrix preserves special WASM config for matrix-js-sdk crypto
- Update consolidation docs with completed Vite config task
Savings: ~350 LOC (-318 net lines)
