Setup nestjs-pino for structured JSON logging in production and
pretty-printed colorized logs in development. Health/metrics
endpoints excluded from auto-logging to reduce noise.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Setup @nestjs/swagger with auto-generated API docs at /api/docs.
Documents all 35 endpoints with bearer auth support.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Implements passwordless authentication via passkeys using @simplewebauthn:
Backend (mana-core-auth):
- New passkeys table in auth schema (credentialId, publicKey, counter, etc.)
- PasskeyService with registration/authentication flows and challenge storage
- 7 new API endpoints (register, authenticate, list, delete, rename)
- createSessionAndTokens helper for non-password auth flows
- Security event types for passkey operations
Client (shared-auth):
- signInWithPasskey() and registerPasskey() with dynamic @simplewebauthn/browser imports
- isPasskeyAvailable() browser capability check
- Passkey management methods (list, delete, rename)
UI (shared-auth-ui):
- Passkey button on LoginPage with key icon, shown when browser supports WebAuthn
- Divider between passkey and email/password form
App integration:
- All 19 web app auth stores have isPasskeyAvailable() and signInWithPasskey()
- All 19 web app login pages pass passkeyAvailable and onSignInWithPasskey props
- rpID=mana.how in production enables cross-app passkey usage (SSO-compatible)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
No external auth providers to keep authentication fully self-sovereign
and avoid dependency on third-party services. Removes Google Sign-In,
Apple Sign-In components, utilities, endpoints, translations, and
mobile dependencies across all apps and shared packages.
Google/Apple integrations for data sync (Contacts import, Calendar sync)
are intentionally preserved as they serve a different purpose.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The package was dynamically imported in the map page but not declared
in package.json, causing production builds to fail.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Nutriphi, Photos, Planta, and Presi backends had MetricsModule imported
but were missing the prom-client peer dependency, causing /metrics to
return 404 and VictoriaMetrics to report them as down (73% healthy).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add defaultTranslationsDE/EN and getHelpTranslations() to shared-help-ui
so apps only need to override the subtitle instead of duplicating ~80 lines
- Refactor all 6 existing help pages to use getHelpTranslations()
(Contacts, Calendar, Todo, Storage, Chat, Picture)
- Add help page to Zitare (FAQ, features, contact — no shortcuts)
- Migrate Mukke from custom SettingsPage-based help to shared HelpPage
(FAQ with audio formats, lyrics editor, playlists; features; shortcuts)
All 8 web apps now use the unified shared help system.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add help pages to the remaining high-maturity production apps:
- Storage (84/100): FAQ (upload, sharing, versioning, trash, privacy),
features (cloud storage, sharing, versioning, search), shortcuts
- Chat (82/100): FAQ (AI models, spaces, templates, comparison, privacy),
features (multi-model, spaces, comparison, templates), shortcuts
- Picture (81/100): FAQ (generation, credits, moodboards, explore, privacy),
features (AI generation, gallery, moodboards, explore), shortcuts
All 6 production web apps now have standardized help pages using the
shared help system.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add help pages to Calendar and Todo web apps using the shared help system:
- Calendar: FAQ (events, recurring, sharing, sync, privacy), features,
shortcuts, contact — with DE/EN/FR/IT/ES content support
- Todo: FAQ (quick add syntax, projects, kanban, recurring, privacy),
features, shortcuts, contact — with DE/EN content
Both apps follow the Contacts reference implementation pattern.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
New script scans source imports vs package.json deps to catch missing
workspace dependencies that work locally but break in Docker.
Fixed: manadeck-web and presi-web missing shared-stores.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
TasksTodayWidget imports date-fns but it wasn't in package.json,
causing Docker build failure.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
hooks.server.ts imports @manacore/shared-utils/analytics-server but
shared-utils wasn't listed as a dependency. pnpm doesn't create the
symlink without it, causing Rollup to fail during Docker builds.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
1. SEO Slugs: Auto-generated from name (ä→ae, ö→oe, etc.), unique with
-2/-3 suffix. Routes accept both UUID and slug. Seed data includes slugs.
2. Opening Hours + Contact: website, phone, openingHours fields in schema.
Displayed on detail page, editable in add/edit forms.
3. Landing Page with API: Fetches locations from backend at build time,
falls back to hardcoded JSON if API unreachable.
4. Frontend Tests: Vitest setup with api.test.ts (50 backend + web tests).
5. Marker Clustering: leaflet.markercluster for 10+ locations on map,
direct markers for fewer.
6. Favorite Collections: New collections table with CRUD endpoints.
Favorites page has tabs for favorites vs collections. Create, view,
delete collections with location management.
7. Rate Limiting: In-memory guard (10 req/min) on write endpoints.
Returns 429 with retryAfter.
8. Soft Deletes: deletedAt field, all reads filter deleted records.
POST /locations/:id/restore endpoint for owners.
50 backend tests passing, 0 type errors.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Migrate matrix-project-doc-bot from raw fetch to @manacore/shared-llm
and remove the unused openai npm package. The bot was already using
mana-llm and mana-stt (not OpenAI directly), but the code still had
raw fetch calls and the openai package installed.
Changes:
- generation.service.ts: raw fetch → llm.chat() via LlmClientService
- app.module.ts: add LlmModule.forRootAsync()
- Remove openai dependency (was unused in code)
- Update CLAUDE.md: document actual AI stack (mana-llm + mana-stt)
- Update TECH_STACK_INDEPENDENCE.md: mark Prio 1-3 as completed
- Prio 1: Picture App → mana-image-gen ✅
- Prio 2: Project Doc Bot → Ollama + mana-stt ✅
- Prio 3: All LLM calls via mana-llm ✅
- Self-hosted percentage: 75% → ~80%
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Adds a "Kosten" tab showing all 40+ credit operations across all apps,
grouped by app with category filters (AI, Productivity, Premium) and
color-coded cost badges.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add onboarding with feature overview, preference selection, and tips to
Zitare, Mukke, Photos, Planta, SkillTree, and Questions. Insert a new
first "features" info step into all 10 existing onboarding flows so every
app now starts with a core-features overview page.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
New service that generates static Astro landing pages for organizations
and deploys them to Cloudflare Pages at {slug}.mana.how.
Components:
- Landing Builder Service (NestJS, port 3030) with Astro template
- Admin UI in Manacore web dashboard at /organizations/[id]/landing
- TeamSection + ContactSection for shared-landing-ui
- Two org themes (classic dark, warm light)
- LandingPageConfig types in shared-types
- Docker + CI/CD integration for Mac Mini deployment
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace 900+ lines of custom auth implementation (authService, tokenManager,
deviceManager, safeStorage) with ~280 lines wrapping @manacore/shared-auth.
Auth now goes through mana-core-auth directly instead of manadeck backend.
Backward-compatible API: all consumers (stores, apiClient, hooks) work
without changes thanks to wrapper maintaining the same export interface.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Make SSO loginToken homeserver configurable via VITE_MATRIX_HOMESERVER
- Add vitest setup with 14 unit tests for Matrix client functions
(discoverHomeserver, checkHomeserver, loginWithToken)
- Show amber warning banner when E2EE is not available
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The LLM playground is a SvelteKit web app (frontend), not a backend
microservice. Moving it to apps/ follows the monorepo convention where
all user-facing apps live under apps/.
- Moved services/llm-playground/ → apps/playground/apps/web/
- Renamed package from @mana-llm/playground to @playground/web
- Updated Dockerfile paths for new location
- Updated docker-compose.macmini.yml build context
- Removed unused concurrently dependency
- Added parent package.json
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
PWA: @vite-pwa/sveltekit with shared-pwa config, offline fallback page, service worker with standard caching preset.
i18n: svelte-i18n with DE/EN locale files, all UI strings translated, language switcher in PillNav, auth pages use shared-i18n translations.
Landing: Migrated from scoped CSS to Tailwind CSS with @astrojs/tailwind. Hero section, card grid, category filter buttons, detail page with timeline. Removed unused components (Welcome, ThemeToggle, update-locations.js).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
mana-media uses NestJS 11 while shared-nestjs-metrics targets NestJS 10,
causing DynamicModule type incompatibility. Use prom-client directly with
a simple MetricsController to expose /metrics endpoint.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add MetricsModule to 8 backends missing it (photos, zitare, mukke,
planta, picture, storage, presi, nutriphi)
- Enable Prometheus scraping for all 15 backends in prometheus.yml
(was only 6, with 3 commented out and 6 missing entirely)
- Update ServiceDown alert rule to cover all 15 backends
- Update Grafana dashboards (backends, master-overview, system-overview)
with all backend services in health panels
- Fix imprecise regex in application-details dashboard
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Move Umami analytics from hardcoded script tags in app.html to
server-side injection via hooks.server.ts. Website IDs are now
managed centrally in .env.development and distributed via
generate-env.mjs as PUBLIC_UMAMI_WEBSITE_ID.
- Add @manacore/shared-utils/analytics-server with injectUmamiAnalytics()
- Add UMAMI_WEBSITE_ID_* for all 17 web apps to .env.development
- Add PUBLIC_UMAMI_WEBSITE_ID mapping in generate-env.mjs for all web apps
- Update 10 existing hooks.server.ts to use shared utility
- Create 7 new hooks.server.ts (picture, planta, presi, photos, clock,
questions, manadeck)
- Remove hardcoded Umami scripts from all 17 app.html files
- Add missing Umami tracking to Mukke and Questions
- Add shared-utils dependency to 6 web apps that lacked it
- Update ANALYTICS.md with architecture docs and "add new app" guide
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Remove hand-written sw.js, offline.html, and manifest.json from todo/skilltree/zitare web apps
in favor of the Workbox-based service worker generated by @vite-pwa/sveltekit. This fixes an
issue where the custom SW could get stuck serving the offline fallback page even when the server
was reachable. Also extracts the duplicated offline page (~80 lines each across 19 apps) into a
shared OfflinePage component in @manacore/shared-ui with 3 props (appName, offlineMessage,
accentColor), reducing each app's offline route to an 8-line wrapper.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Split monolithic RPGScene.js (1210 lines) into modular manager classes:
- WorldManager, PlayerManager, NPCManager, ChatUI, StorageManager,
SoundManager, TouchControls
Key improvements:
- Constants config (GAME_CONFIG) replacing all magic numbers
- JSDoc types + jsconfig.json for IDE type-safety
- LocalStorage persistence for progress, stats, and custom avatars
- Synthesized sound effects via Web Audio API
- 26 NPCs (up from 10) in 3 categories
- Stats/leaderboard in main menu
- Pixel editor avatar integration with RPG game
- Mobile touch controls (virtual joystick + interact button)
- Chat UI with typing indicator and conversation history
- Interactive tutorial overlay for first-time players
- Floating question mark over NPCs in range
- Server hardened: rate limiting, input sanitization, CORS restrictions,
API timeouts, conversation history cap
- Particle effect object pooling
- i18n framework with DE/EN and language switcher
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
3-step onboarding using shared-app-onboarding package (same as calendar):
1. Sort order: first name vs last name
2. Import: Google, vCard/CSV, or skip — navigates to import page on completion
3. Tips: self-contact card, quick input, focus mode, tags
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Switch from adapter-netlify to adapter-node for self-hosted Docker deployment.
Add missing Button and Card UI components, remove Netlify config files,
and add picture-backend + picture-web services to docker-compose and
Cloudflare tunnel routing (picture.mana.how).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Switch from bcrypt (native C++ addon) to bcryptjs (pure JavaScript)
- Remove python3/make/g++ build tools from Dockerfile builder stage
- bcryptjs is 100% hash-compatible with bcrypt
- Smaller builder image and faster Docker builds
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Fix exists() to only catch 404/NotFound, rethrow real errors
- Add downloadStream() for memory-efficient large file downloads
- Add uploadMultipart() using @aws-sdk/lib-storage for large files
- Add automatic pagination to list() via continuation tokens
- Add CDN URL support (cdnUrl in BucketConfig, getCdnUrl() method)
- Reduce factory boilerplate with generic createStorage() function
- Add MinIO lifecycle rules for tmp/ prefixes (chat 90d, calendar 30d, picture 7d)
- Add vitest setup with 56 tests covering client, factory, and utils
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add 7 database indexes on all query paths (userId, deckId, order, themeId)
- Add timestamps with timezone for all tables
- Enable Swagger/OpenAPI documentation at /api/docs
- Add ApiTags and ApiBearerAuth to all controllers
- Add ParseUUIDPipe on all ID parameters
- Harden DTO validation: string length limits, @IsIn for enums,
@IsUrl for URLs, @ArrayMaxSize for arrays, @Min(0) for order fields
- Update audit to reflect improvements
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add 10 test files covering all 5 services and 5 controllers
- Add global ThrottlerGuard (100 req/min) via APP_GUARD
- Add SvelteKit +error.svelte error boundary
- Add Jest config and test dependencies
- Update audit to reflect improvements
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Assign version numbers based on app maturity: Calendar/Contacts/Todo (1.0.0),
Chat/Picture (0.3.0), 11 beta apps (0.2.0), Context/Planta/Questions (0.1.0),
Traces (0.0.1). Set up @changesets/cli for future version management.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replaces the custom sidebar layout with PillNavigation, SplitPaneContainer,
and app switcher from shared packages. Adds theme variants, keyboard
shortcuts (Ctrl+1-5), and consistent bottom-pill navigation matching
other apps like calendar and contacts.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Auto-extract metadata (title, artist, album, genre, year, BPM, cover art)
from uploaded files using music-metadata. Add SongEditor modal for editing
metadata in the library view. Support writing ID3 tags back to MP3 files
via node-id3.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Infrastructure:
- Add GlitchTip (web + worker) to docker-compose.macmini.yml (port 8020)
- Add glitchtip.mana.how to Cloudflare Tunnel config
- Add glitchtip database to init-db SQL
- Add GLITCHTIP_DSN to .env.development
Shared Package (@manacore/shared-error-tracking):
- initErrorTracking() - Sentry-compatible init with GlitchTip DSN
- captureException(), captureMessage(), setUser(), setTag(), flush()
- SentryExceptionFilter for NestJS (captures 5xx errors only)
- Graceful no-op when DSN is not configured
Integration:
- Add instrument.ts to calendar, contacts, todo backends
- Import instrument.ts before app bootstrap in all 3 main.ts files
- Error tracking auto-initializes when GLITCHTIP_DSN env var is set
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Extend shared-nestjs-setup bootstrapApp with optional swagger config
- Auto-setup Swagger/OpenAPI when swagger: true is passed
- Add @nestjs/swagger as optional peer dependency
- Enable swagger in calendar (:3014/api/docs), contacts (:3015/api/docs), todo (:3018/api/docs)
- Migrate todo main.ts from custom bootstrap to shared bootstrapApp
- JWT Bearer auth configured in Swagger UI
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Create NestJS backend on port 3020 with 4 modules (space, document, ai, token)
- Add Drizzle schema with 5 tables (spaces, documents, token_transactions, model_prices, user_tokens)
- Rewrite web services (spaces, documents, tokens, ai) to use shared API client instead of Supabase
- Move AI API keys server-side (Azure OpenAI, Google Gemini)
- Add seed script for model prices (gpt-4.1, gemini-pro, gemini-flash)
- Add 70 unit tests across 4 test suites (space, document, token, ai services)
- Add monorepo integration (setup-databases.sh, generate-env.mjs, docker init-db, root scripts)
- Remove @supabase/supabase-js dependency and delete supabase.ts from web app
- Update CLAUDE.md with full API documentation
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Calendar backend: upgrade jest 29→30 to fix broken pnpm symlink
(jest 29 wasn't resolving in pnpm store, all 63 tests now pass)
- Contacts backend: add @nestjs/throttler (100 req/min)
- Todo backend: add @nestjs/throttler (100 req/min)
- Consistent rate limiting across all three backends (calendar already had it)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Traces:
- Change bundle ID from com.memoro.locations to com.mana.traces
- Update BGTask identifiers to match new bundle ID
- Add react-native-worklets dependency for reanimated compatibility
- Configure eas.json with monorepo-optimized build settings
- Add pnpm patch for reanimated 4.1.x to accept worklets 0.7.x
- Skip auto-fingerprint on EAS (pnpm hoisted mode)
- Disable default cache paths to avoid ENOENT
Bot-services:
- Add types: ["node"] to tsconfig to prevent RN type conflicts in hoisted mode
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add 22 E2E tests across 5 test suites covering auth, calendar views,
settings, event CRUD, and calendar management. Tests that require the
calendar backend gracefully skip when it's not running.
Also fixes: hooks.server.ts env fallbacks, ThrottlerGuard DI error,
and auth metrics service TypeScript error.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
