Calendar: validate startTime < endTime on event create/update, verify
share invitation recipient matches accepting user, add @MaxLength on
search DTO, use ConfigService for FRONTEND_URL, fix Docker default port.
Contacts: replace Error with NotFoundException in tag controller, verify
contact ownership before tag operations, add @ArrayMaxSize(100) on batch
DTOs, add unique constraint on contact tags (userId, name), add
@MaxLength(10000) on note content, reorder photo upload for safety.
Todo: add self-referencing FK on parentTaskId with cascade delete,
validate parent task ownership on create, add @Min/@Max on query
limit/offset, add @MaxLength(500) on search, add error handling to
quick add in web app.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
All SvelteKit web apps now have complete auth flows:
- login, register, forgot-password, and reset-password
Changes:
- Add reset-password page to: chat, clock, contacts, context,
manadeck, nutriphi, planta, presi, questions, skilltree,
todo, zitare, photos
- Add forgot-password page to photos (was also missing)
- Add resetPasswordWithToken() method to all 13 auth stores
- Each page customized with app-specific logo, colors, branding
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Critical bugs: fix contacts delete() inverted logic, fix photo URLs
hardcoded to localhost:9000. Add missing DB indexes across all three
apps (27 indexes total). Add data integrity constraints: cascade delete
on tasks.projectId, unique label names per user, unique default calendar
per user with race condition handling. Wrap 12 multi-step operations in
transactions (todo). Replace contacts duplicate detection full-table scan
with targeted SQL GROUP BY queries. Fix calendar N+1 event tag queries
with batch loading. Fix contacts tagId filter not being applied. Add
proper RRULE error logging. Clear calendar auth store on sign-out.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Calendar backend: upgrade jest 29→30 to fix broken pnpm symlink
(jest 29 wasn't resolving in pnpm store, all 63 tests now pass)
- Contacts backend: add @nestjs/throttler (100 req/min)
- Todo backend: add @nestjs/throttler (100 req/min)
- Consistent rate limiting across all three backends (calendar already had it)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Restructure standalone traces app into monorepo pattern with mobile + backend + shared types.
Add NestJS backend with Drizzle ORM schema for locations, cities, places, POIs, and AI guides.
Add mobile sync layer, cities tab, and guide generation UI. Fix pre-existing type errors across
mobile codebase, matrix-mana-bot (sendDirectMessage), llm-playground, and all web auth stores
(signUp call signature).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add @vite-pwa/sveltekit and @manacore/shared-pwa devDependencies
to enable unified PWA architecture across all web applications:
- Calendar, Chat, Clock, Contacts, LightWrite
- ManaCore, ManaDeck, Matrix, NutriPhi, Photos
- Picture, Planta, Presi, Questions, Skilltree
- Storage, Todo, Zitare
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add all new organization management endpoints to API table
- Add new Invitations section for invitation endpoints
- Update controller JSDoc with complete endpoint list
- Update last updated date
Update all 15 web apps with correct Umami website IDs:
- calendar, chat, clock, contacts, manacore, manadeck, picture, planta, todo: updated IDs
- zitare, storage, nutriphi, skilltree, photos, presi: added tracking
All IDs now match the websites configured in Umami.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
All backends with setGlobalPrefix('api/v1') were registering routes
as /api/v1/api/v1/admin instead of /api/v1/admin. Changed all admin
controllers to use @Controller('admin') instead of @Controller('api/v1/admin').
Affected backends:
- calendar
- contacts
- picture
- presi
- todo
- zitare
- chat
Note: storage backend still uses @Controller('api/v1/admin') as it has
no global prefix.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
All backends use postgres-js driver, not node-postgres. The admin
services incorrectly imported from drizzle-orm/node-postgres which
caused runtime errors: "Cannot find module 'pg'"
Fixed in: chat, todo, calendar, contacts, picture, zitare
The root package.json postinstall script runs scripts/generate-env.mjs
which doesn't exist in the Docker build context. Using --ignore-scripts
skips this postinstall step since env generation isn't needed in Docker.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add comprehensive admin dashboard to view and manage user data across all projects:
Backend:
- Add admin endpoints to Chat, Todo, Contacts, Calendar, Picture, Zitare, Presi
- Each backend exposes GET/DELETE /api/v1/admin/user-data/:userId
- Service-to-service auth via X-Service-Key header
Aggregation (mana-core-auth):
- GET /api/v1/admin/users - Paginated user list with search
- GET /api/v1/admin/users/:userId/data - Aggregated data from all backends
- DELETE /api/v1/admin/users/:userId/data - GDPR deletion across all projects
Frontend (ManaCore web):
- New User Data tab in admin navigation
- User search page at /admin/user-data
- User detail page with ProjectDataCard components
- GDPR deletion dialog with email confirmation
Presi:
- Migrate user_id from UUID to TEXT for Better Auth compatibility
- Add SQL migration script
Simplify navigation by removing unused sidebar mode from both apps:
Todo App:
- Remove isSidebarMode state, handlers, and localStorage persistence
- Remove sidebar-related CSS classes and styles
- Simplify TodoToolbar to pure wrapper component
Contacts App:
- Remove isSidebarMode state, handlers, and localStorage persistence
- Remove sidebar-related CSS from ContactsToolbar and ContactAlphabetView
- Always show view-mode-pill (no longer conditional on sidebar mode)
This removes ~250 lines of unused code across 5 files.
- user-settings.svelte.ts: use getAuthUrl() for settings API
- contacts.ts: use getAuthUrl() for tags API client
- feedback.ts: use getAuthUrl() for feedback service
This fixes Mixed Content errors where the app was trying to reach
internal Docker URLs (http://mana-auth:3001) instead of production
URLs (https://auth.mana.how).
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Fixes contacts-web using localhost URLs instead of production URLs.
SvelteKit bakes environment variables at build time, so we need to
inject runtime URLs via hooks.server.ts for Docker deployments.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add Single Sign-On (SSO) support across all mana.how subdomains:
- Add trySSO() method to @manacore/shared-auth that exchanges session
cookies for JWT tokens
- Add /api/v1/auth/session-to-token endpoint to mana-core-auth service
- Update all 15 web apps to try SSO during auth initialization
SSO Flow:
1. User logs in on any app (e.g., calendar.mana.how)
2. Session cookie is set with Domain=.mana.how
3. When visiting another app (e.g., todo.mana.how), it checks for
local tokens first
4. If no local tokens, tries SSO via session cookie
5. Session cookie is exchanged for JWT tokens via new endpoint
6. User is automatically authenticated
Apps updated: calendar, chat, clock, contacts, manacore, manadeck,
nutriphi, picture, planta, presi, questions, skilltree, storage,
todo, zitare
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add prominent email verification success UI with resend button
- Show resend verification option when registration fails with "not verified" error
- Improve form spacing with space-y-4 for better visual consistency
- Add translations for resend verification in all languages (de, en, fr, it, es)
- Update all 13 app register pages to pass onResendVerification prop
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Simplify vite.config.ts files to avoid type incompatibility errors
caused by different @types/node versions across the monorepo
- Add missing set() method to isSidebarMode store in matrix/web
Affected apps: calendar, chat, clock, contacts, manacore, manadeck,
matrix, nutriphi, picture, planta, presi, questions, storage, todo
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Define compiler options locally instead of extending shared-tsconfig
to fix drizzle-orm type compatibility issues. Also add missing
shared-vite-config dependency to skilltree/web.
Fixed backends:
- calendar, chat, clock, contacts, nutriphi
- picture, presi, questions, skilltree, todo
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Enforce login redirect for unauthenticated users
- Remove demo banner, AuthGateModal, and GuestWelcomeModal
- Remove guest mode state variables and CSS styles
- Simplify showLogout to always show when user is logged in
Affected apps: todo-web, contacts-web, clock-web, questions-web, chat-web
- Add mana-search + SearXNG to docker-compose.macmini.yml
- Add api-gateway dependency on mana-search
- Add CI workflow for building mana-search Docker image
- Add CI workflow for building api-gateway Docker image
- Add slide-in sidebar overlay with backdrop on mobile
- Make message actions appear below message on mobile
- Adjust emoji picker positioning for viewport awareness
- Reduce excessive padding on mobile screens
- Hide disabled call buttons on small screens
- Add responsive widths to panels and dialogs
- Close sidebar automatically when selecting room on mobile
- Add factory for writable navigation stores with optional persistence
- Support toolbar collapsed state with withToolbar option
- Migrate all 10 navigation stores to use shared factory
- Clock saves 32 LOC with built-in localStorage persistence
Savings: ~50 LOC (68 LOC removed, factory adds reusable 94 LOC)
- Add missing packages to MANACORE_SHARED_PACKAGES list
- Migrate all SvelteKit apps to use createViteConfig/mergeViteConfig
- Matrix preserves special WASM config for matrix-js-sdk crypto
- Update consolidation docs with completed Vite config task
Savings: ~350 LOC (-318 net lines)
Replace local MetricsService implementations with @manacore/shared-nestjs-metrics:
- chat, calendar, todo, clock, contacts, skilltree
Removes ~350 LOC of duplicated metrics code:
- Delete local metrics directories (service, module, controller)
- Remove manual metrics middleware from main.ts
- Use MetricsModule.register({ prefix: 'app_' }) pattern
Part of consolidation effort - see docs/CONSOLIDATION_OPPORTUNITIES.md
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Extract setupGlobalErrorHandler() utility from contacts app and add to
@manacore/shared-ui. Migrate 7 apps to use the shared implementation:
calendar, chat, clock, contacts, matrix, picture, storage.
Features:
- Catches unhandled promise rejections with error classification
- Handles offline/online network status changes
- Built-in i18n (DE + EN) with customizable translations
- Optional onAuthError callback for redirect handling
- Returns cleanup function for proper unmounting
- Create shared AuthGateModal component in @manacore/shared-auth-ui
- Migrate 4 apps to use shared component: chat, todo, contacts, calendar
- Remove duplicate local AuthGateModal components
- Support for 'save', 'sync', 'feature', 'ai' actions
- Built-in i18n (DE + EN) with custom translation support
- Optional migration info display for session data
- Uses Phosphor icons from @manacore/shared-icons
- Update CONSISTENCY_REPORT.md
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add ability to resend verification email when login fails with
"Email not verified" error. Implemented across all 14 apps using
Mana Core Auth.
Changes:
- Add POST /api/v1/auth/resend-verification endpoint to mana-core-auth
- Add resendVerificationEmail method to shared-auth client
- Update LoginPage component with resend UI and translations
- Add resendVerificationEmail to all app auth stores
- Add translations for de, en, fr, es, it
- Add PlantaLogo to shared-branding
- Migrate planta login to shared LoginPage component
- Update todo, contacts, storage web apps to use @manacore/shared-api-client
- Maintain backward compatibility with existing legacy wrappers
- Todo: apiClient wrapper for setAccessToken/getAccessToken pattern
- Contacts: fetchWithAuth/fetchWithAuthFormData wrappers
- Storage: toLegacyResponse wrapper for ApiResponse format
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Update all 15 web apps to consistent dependency versions:
- @sveltejs/kit: ^2.47.1 (was mixed ^2.0.0 to ^2.47.1)
- svelte: ^5.41.0 (was mixed ^5.0.0 to ^5.41.0)
- svelte-check: ^4.3.3 (was mixed ^4.0.0 to ^4.3.3)
- typescript: ^5.9.3 (was mixed ^5.0.0 to ^5.9.3)
Benefits:
- Consistent type checking behavior across apps
- All apps benefit from latest Svelte 5 features
- Easier maintenance with unified versions
Add a unified welcome modal for guest mode that displays:
- App icon, name, and description from shared-branding
- Feature list of what guests can do (localized DE/EN)
- Warning about local-only data storage
- Login, Register, Help, and "Continue as Guest" buttons
New files:
- GuestWelcomeModal.svelte - The modal component
- guestWelcome.ts - localStorage utilities for tracking seen state
Integrated into: contacts, chat, todo, calendar, and clock apps
Add verified banner and email pre-fill to LoginPage component when
users are redirected after email verification. Updates all app login
pages to pass verification params from URL query string.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add sourceAppUrl tracking during registration to redirect users back
to the app they registered from after email verification. Includes
URL validation for security (only *.mana.how, mana.how, localhost).
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
