The sessions table on staging was missing newer columns like remember_me,
refresh_token, device_id, etc. because the initial migration uses
CREATE TABLE IF NOT EXISTS which skips if the table already exists.
This migration adds all potentially missing columns to the sessions table
using IF NOT EXISTS checks for each column.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The migration was failing on staging because the auth schema already
existed from previous db:push operations. This fix makes all DDL
statements idempotent:
- CREATE SCHEMA IF NOT EXISTS for all schemas
- DO $$ BEGIN ... EXCEPTION WHEN duplicate_object ... END $$ for ENUMs
- CREATE TABLE IF NOT EXISTS for all tables
- CREATE INDEX IF NOT EXISTS for all indexes
- DO $$ BEGIN ... EXCEPTION WHEN duplicate_object ... END $$ for constraints
This ensures migrations can run safely against databases that already
have the schema partially or fully created.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Added rootDir: "./src" to tsconfig.json so that main.ts compiles to
dist/main.js instead of dist/src/main.js. This matches the CMD path
in the Dockerfile.
Also added include/exclude and moduleResolution to match other backends.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The mana-core-auth configuration.ts was already splitting CORS_ORIGINS
into an array, but createCorsConfig expected a string and called .split()
on it, causing "corsOriginsEnv.split is not a function" TypeError.
Now handles both string and array inputs gracefully.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The Docker build was failing because adapter-netlify outputs to .netlify/
directory but the Dockerfile expected build output in build/ directory.
Switched to adapter-node with explicit `out: 'build'` configuration
which matches the Dockerfile expectations.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add picture-backend and picture-web to CI Docker build matrix
- Add picture services to staging deployment workflow
- Add picture-backend to production deployment workflow
- Create Dockerfile and docker-entrypoint.sh for picture-web
- Fix picture-backend Dockerfile port (3003→3006) and health endpoint
- Add picture routes to Caddyfile.staging
- Add REPLICATE_API_TOKEN and MANA_CORE_SERVICE_KEY env vars
The shared-nestjs-cors package was exporting raw TypeScript files, which caused
runtime errors in production Docker containers:
SyntaxError: Unexpected token 'export'
Changes:
- Add build script to compile TypeScript to JavaScript
- Update package.json to export compiled dist files instead of src
- Add build step to all backend Dockerfiles that use this package
- Package now builds to CommonJS in dist/ folder
Fixes staging deployment failures for mana-core-auth and other backends.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add clear error messages when pre-commit checks fail
- Add clear error messages when pre-push builds fail
- Explicitly warn against using --no-verify flag
- Encourage developers to fix issues rather than bypass checks
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Add includeAllManaApps option to enable all ManaCore apps to communicate
with each other without manually listing each app's domains.
**Changes:**
- Added MANACORE_STAGING_ORIGINS, MANACORE_PRODUCTION_ORIGINS, and
MANACORE_ALL_APP_ORIGINS constants
- Added includeAllManaApps flag to CorsConfigOptions interface
- Updated createCorsConfig() and createCorsConfigWithCallback() to support
the new flag
- Updated mana-core-auth to use includeAllManaApps: true (auth needs to be
accessible by all apps)
- Updated documentation with usage examples and decision matrix
**Benefits:**
- One-line configuration enables cross-app communication
- Automatically stays in sync as new apps are added
- No need to manually update CORS_ORIGINS for each app
- Works in both staging and production environments
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Add required name field (min 2 chars) to all registration forms to fix
Better Auth validation error. Updates backend DTO, shared-auth service,
shared-auth-ui RegisterPage component, i18n translations, and all app
auth stores and register pages.
- Add StatsSidebarSection component with event statistics, weekly trend chart, and calendar activity
- Show stats sidebar when heatmap mode is enabled instead of todo section
- Add heatmap level classes (1-5) to YearView with GitHub-style coloring
- Only show StatsOverlay when sidebar is collapsed
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Create SettingsModal component with all settings sections
- Update layout to show settings modal when clicking Settings in PillNav
- Modal appears above the input bar with glassmorphism styling
- Settings changes are saved immediately via settingsStore
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add network view as "N" option in view switcher (like contacts app pattern)
- Create view-mode store to switch between calendar/network modes
- Move NetworkView from /network route to embedded component
- Add heatmap mode with StatsOverlay for event density visualization
- Extend network service to create connections by:
- Shared tags (highest priority, variable strength)
- Same calendar (strength 50%)
- Same date (strength 40%)
- Same location (strength 60%)
- Fix network controller route prefix (was /api/v1/api/v1/network)
- Remove separate /network and /statistics pages
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add selectedTagIds to settings store with toggle/clear methods
- Update TagStrip to select tags for filtering instead of navigation
- Add filterByTags function to eventFiltering utils
- Apply tag filtering across all calendar views:
- MultiDayView (timed & all-day events)
- AgendaView (with empty group removal)
- MonthView
- YearView (event counts)
- Add "Filter löschen" button (hidden when no tags selected)
- Rename buttons: "Mehr" → "Alle Tags", "Neu" → "Neuer Tag"
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Fix flexbox layout for month view grid cells by:
- Adding height: 100% and min-height: 0 to .month-view container
- Using flex: 1 1 0 on week rows for equal distribution
- Adding overflow: hidden on day cells to prevent content overflow
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Optimize CLAUDE.md based on industry best practices from HN and HumanLayer:
Changes:
- Trim CLAUDE.md from 678 to 176 lines (74% reduction, 5.7KB)
- Add "Critical Gotchas" section for common AI mistakes
- Add verification signature (🏗️ ManaCore Monorepo)
- Create docs/README.md navigation hub with "I want to..." index
- Delete 5 outdated audit files (ENV_AUDIT_*, DEPENDENCY_ALIGNMENT)
- Archive 7 analysis/historical docs to docs/archive/
- Keep authentication docs separate per request (.claude/guidelines/)
Benefits:
- Better AI instruction adherence (within ~150-200 line budget)
- Progressive disclosure via signposting to detailed docs
- Cleaner navigation with topic-based organization
- Reduced maintenance burden (stale docs archived)
Backup: CLAUDE.md.backup preserves original 678-line version
Change log: docs/archive/RESTRUCTURE_2025-12-16.md
Calendar app was using $env/dynamic/public for TODO and Contacts API
URLs, which doesn't work in SPA mode. Updated to use runtime config:
- Add TODO_API_URL and CONTACTS_API_URL to runtime config
- Update docker-entrypoint.sh to include new env vars
- Refactor todos.ts and birthdays.ts to use lazy-loaded clients
- Refactor user-settings.svelte.ts with lazy store initialization
- Add env vars to docker-compose.staging.yml
This fixes staging deployment where cross-app integrations were
calling localhost instead of staging URLs.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
SvelteKit pre-compresses static files (config.json.br, config.json.gz)
during build. When docker-entrypoint.sh regenerates config.json at
runtime, the server still serves the stale compressed versions.
This fix removes the .br and .gz files after generating the fresh
config.json, ensuring browsers receive the correct runtime configuration.
Affected apps: calendar, chat, clock, contacts, manacore
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add missing @manacore/better-auth-types package to backend Docker builds.
The shared-nestjs-auth package depends on this new types package.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add missing @manacore/better-auth-types package to Docker builds.
The shared-auth package now depends on this new types package.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add comprehensive tests for role field security:
- Default role assignment verification
- input:false security (prevents role escalation)
- JWT payload role validation
- Role consistency across sessions
- Minimal JWT claims (no sensitive data)
Test infrastructure improvements:
- Add jose mock for ESM compatibility
- Update better-auth mock response format
- Configure Jest e2e to use mocks
Create new shared package for Better Auth type definitions:
- UserRole, JWTPayload, CurrentUserData types
- Type guards: isValidUserRole, isValidOrganizationRole
- Utility functions: jwtPayloadToCurrentUser
- userAdditionalFields for client type inference
Migrate shared packages to use centralized types:
- @manacore/shared-auth re-exports from new package
- @manacore/shared-nestjs-auth uses new package as dependency
- Fix `requestPasswordReset` method name (was incorrectly `forgetPassword`)
- Add proper TypeScript types for password reset, session, and JWT methods
- Consolidate API accessor from `orgApi` to `api` for all Better Auth calls
- Remove unnecessary `as any` casts by extending BetterAuthAPI interface
- Clean up unused imports
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Refactor @manacore/shared-storage to use single `manacore-storage` bucket
- Add generateStorageKey() for path structure: {userId}/{appName}/...
- Update docker-compose.dev.yml for unified MinIO bucket
- Migrate CD workflow to use GitHub Environment Secrets
- Update picture and contacts backends to use unified storage
- Remove per-app bucket configuration (cleaner architecture)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Critical fixes for runtime configuration:
- auth.svelte.ts: Added missing await on getAuthUrl() in validateReferralCode()
- user-settings.svelte.ts: Replaced window injection with runtime config loading
This fixes ERR_CONNECTION_REFUSED on staging by ensuring auth URL is properly loaded from config.json before making API calls.
The entrypoint was trying to write to /app/build/client/config.json with an
absolute path, but since WORKDIR is /app/apps/manacore/apps/web, it should
use relative paths instead.
Changes:
- Use relative path 'build/client/config.json' instead of '/app/build/client/config.json'
- Add 'mkdir -p build/client' to ensure directory exists
- Update cat command to use relative path
This fixes the "nonexistent directory" error causing manacore-web to crash
in staging environment.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Fixes CI/CD frozen-lockfile failure. The pnpm-lock.yaml had zod entries for
Calendar and Chat web apps, but their package.json files were missing the
dependency. This mismatch caused CI builds to fail.
Added zod@^3.25.76 to:
- apps/calendar/apps/web/package.json
- apps/chat/apps/web/package.json
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added zod ^3.25.76 to package.json dependencies for:
- @clock/web
- @contacts/web
This fixes build failures in pre-push hook where runtime.ts config validation
required zod but it wasn't listed as a dependency.
Calendar and Chat apps already had zod installed (^4.2.0).
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Replace window injection and build-time env vars with runtime config
loaded from /config.json (generated by Docker entrypoint). This fixes
the staging deployment issue where apps were requesting localhost URLs
instead of production URLs.
Changes:
- Add runtime.ts config loader with Zod validation (fail-hard in prod)
- Disable SSR via +layout.ts (apps are client-only SPAs)
- Update API clients and auth stores to use async config getters
- Add docker-entrypoint.sh scripts to generate config.json at startup
- Update Dockerfiles with ENTRYPOINT for config generation
- Simplify docker-compose.staging.yml env vars (12-factor pattern)
- Add static/config.json as dev fallback (localhost defaults)
- Fix onMount return type (Svelte 5 compatibility)
- Add zod dependency to Picture app
- Add backward compat exports for Contacts app
Apps updated:
- Clock (port 3017)
- Chat (port 3002)
- Picture (port 3006)
- Contacts (port 3015)
- Calendar (port 3016)
- Manacore (multi-app platform)
Benefits:
- Build once, deploy anywhere (same Docker image for all envs)
- Configuration in environment, not code (12-factor compliance)
- Fail-hard on missing/invalid config in production
- No accidental SSR localhost fallbacks
- Schema validation ensures all required URLs are present
- Add staging URLs section with all web apps, APIs, and landing pages
- Update project list to reflect current active apps
- Add quick start commands with dev:*:full patterns
- Update shared packages list
- Modernize repository structure diagram
- Add deployment and documentation sections
- Create build-changed-apps.sh script that:
- Detects which web apps have changes vs remote branch
- Builds only affected apps (not all apps)
- For shared packages, builds main apps that depend on them
- Enable pre-push hook to run build validation
This catches npm package incompatibilities and build failures
before pushing to remote, preventing CI/CD failures.
Skip with: git push --no-verify
- Replace lucide-svelte with @lucide/svelte (Svelte 5 runes compatible)
- Add shared-splitscreen and shared-types to todo-web Dockerfile
- Update pnpm-lock.yaml with new dependencies
The old lucide-svelte package used $$props (Svelte 4 syntax) which
fails in Svelte 5 runes mode. The new @lucide/svelte package is
built specifically for Svelte 5.
