First pass of the Multi-Agent discoverability UX. A new /agents/
templates route showcases pre-configured agents; clicking one creates
agent + scene + starter mission(s) as a single bundle. Addresses the
"blank form anxiety" + "user doesn't know what agents are for"
observations from the UX brainstorm.
Three templates for v1 (shared-ai/src/agents/templates/):
- 🔍 Recherche-Agent — reads sources one by one, writes a note per
source, summarizes into a report. Manual-cadence mission; all
writes propose so user curates.
- 🧭 Kontext-Agent — learns about the user via a weekly check-in.
Reads kontext/notes/goals, asks 2-3 questions, proposes a diff-
style context update. Weekly Sunday cadence.
- 🌅 Today-Agent — researches "on this day" history each morning,
writes a 4-8 line German poem, proposes a journal note. Daily 7am
cadence. A "delight" agent, not a productive one.
Each template packs (agent config, scene layout, starter mission):
- AgentTemplate type lives in @mana/shared-ai — pure data, no runtime
imports. Adding a new template = drop a file in templates/ and
extend ALL_TEMPLATES.
- Template-specific policies derive from the proposable-tool list so
drift-guard catches divergence from the canonical set.
- Starter missions default to startPaused=true — user sees the
mission ready-to-go and hits Play when ready. Prevents surprise
autonomous work on first apply.
Applicator (data/ai/agents/apply-template.ts):
- Creates agent → scene (if template defines one) → missions in
order. Agent failure = abort; scene/mission failures surface as
warnings in the result without blocking.
- Duplicate-name handling: falls through to findByName, returns
existing agent with wasExisting=true; scene is skipped in that
case to avoid clone-proliferation.
Gallery page /(app)/agents/templates/+page.svelte:
- Three large cards side-by-side (stacks on mobile) with avatar /
label / tagline / meta chips (Scene, N Missionen).
- Click opens detail panel with full description, scene preview
(app-ids + widths), mission preview (title / objective / cadence),
and override checkboxes (create scene, create missions, start
active vs paused).
- Success panel shows what landed with warnings inline; CTA back to
workbench.
Discoverability in /ai-agents module:
- Bar now has two buttons: "Aus Template" (primary, goto templates
route) + "Eigener Agent" (secondary, opens the existing blank-form
create mode).
- When only the default "Mana" agent exists, render a dashed promo
banner at the top linking to the template gallery. Disappears as
soon as the user has a second agent.
Tests: webapp svelte-check 0 errors, 0 warnings. shared-ai 26/26.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Makes the "read all notes and tag them #Natur/#Technologie/…" use case
fully functional. Four new ModuleTool entries in notes/tools.ts:
- list_notes(limit?, query?, includeArchived?) — auto, read-only. Returns
id + title + excerpt so the planner can reference concrete notes
without dumping full bodies.
- update_note(noteId, title?, content?) — proposable. Destructive full
overwrite. Docstring nudges toward append_to_note when applicable.
- append_to_note(noteId, content) — proposable, non-destructive. Handles
the trailing-newline separator so markdown stays clean.
- add_tag_to_note(noteId, tag) — proposable, idempotent, case-insensitive.
Strips leading #, replaces spaces with _, skips if already present.
Exactly the categorization primitive the user asked for.
All three writes are added to AI_PROPOSABLE_TOOL_NAMES so both the
webapp policy and mana-ai's boot-time drift guard agree (now 11 tools).
Mirrored in services/mana-ai/src/planner/tools.ts.
AiProposalInbox mounted on /notes so approvals land inline in the
notes module too (already appears in the mission-detail cross-module
inbox via the earlier commit).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Third naming convention uncovered: six shared-auth-ui components
(PasskeyManager, SessionManager, TwoFactorSetup, AuditLog,
ChangePassword, SecurityOnboarding) use --theme-muted, --theme-border,
etc. These tokens are not defined anywhere in the Mana theme system —
they only rendered because of inline raw-channel fallbacks, so they
never tracked the active theme variant.
Map to the canonical --color-* tokens:
--theme-background → --color-background
--theme-border → --color-border
--theme-foreground → --color-foreground
--theme-muted → --color-muted
--theme-muted-foreground → --color-muted-foreground
--theme-surface → --color-surface
Visible on the Security tab in the unified settings page, where the
inner passkey/session/2FA/audit cards can now pick up theme changes.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Follow-up to the shared-packages migration. Covers 61 more files
across the mana web app (lib/components, lib/modules, routes) and
the same handful of packages, including surface / error / success /
warning tokens that were missed in the first pass.
Two patterns migrated:
1. hsl(var(--X[, raw-channels])) → hsl(var(--color-X[, raw-channels]))
2. var(--X, #hex) → hsl(var(--color-X))
(the hex fallback was only doing work because the CSS var was
undefined; now that the theme resolves cleanly, the fallback is
unnecessary and actively wrong — it never tracked the active theme)
Module-literal accents (news-research's #0891b2 / #10b981) left
untouched per the themes.css convention for brand-semantic colors.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
News Research's web-search backend (mana-search → SearXNG) was missing
from the standard dev stack — a "Finden" click failed with a connect
error until the standalone services/mana-search/docker-compose.dev.yml
was started by hand.
- docker-compose.dev.yml: add `searxng` (Port 8080), config mounted
read-only from the service tree. Reuses the shared mana-redis,
no second cache instance needed.
- package.json: docker:up + docker🆙infra include searxng;
dev:mana:servers spawns dev:search alongside the other 6 servers;
dev:search now passes PORT=3021 + REDIS auth so it talks to the
shared password-protected mana-redis instead of defaulting to a
no-auth localhost:6379
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
New sibling module to news/. Discovers topic-matched RSS feeds via
SearXNG (mana-search) or rel="alternate" probing of a site URL,
filters articles by keyword with a recency + title-match boost,
and exports the top hits as a markdown context block for the AI.
- API: /api/v1/news-research/{discover,validate,search,extract}
- Frontend: /news-research route + workbench ListView (compact card)
- Tool: research_news LLM tool (read-only, runs auto)
- Pin feeds → newsPreferences.customFeeds (encrypted) — covers the
long-missing custom-RSS subscription gap; reading-list saves still
go through articlesStore.saveFromUrl into the existing newsArticles
- shared-branding: new news-research entry + binoculars icon
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
news-ingester and apps/api both shipped their own copy of rss-parser
+ jsdom + Readability glue. Single source now in packages/shared-rss.
Adds discoverFeeds (rel=alternate + common-paths probe) and validateFeed
which News Research will use. JSDOM virtualConsole is silenced once,
in the package, instead of in two parallel call sites.
- packages/shared-rss: parse, extract, discover, validate
- services/news-ingester: drop local parsers, depend on @mana/shared-rss
- apps/api: drop @mozilla/readability + jsdom direct deps, use shared
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
app.css lives at apps/mana/apps/web/src/app.css — five directory
levels below the repo root. All existing @source directives used
four ../ segments, resolving to apps/packages/... which does not
exist. Tailwind silently scanned nothing.
Consequence: arbitrary-value utilities only used inside shared
packages (e.g. bg-[hsl(var(--color-muted))] in GlobalSettingsSection)
were never generated. Standard utilities kept working because they
also appear in app sources, but the language / week-start / sounds
buttons in the settings Allgemein tab rendered transparent.
- Bump every @source to 5x ../ so it points into /packages
- Drop the non-existent shared-subscription-ui entry
- Add subscriptions and credits, whose .svelte files also use
arbitrary-value classes
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The Multi-Agent Workbench shipped end-to-end (commits 1771063df through
7c89eb625). This commit turns the plan doc into a proper history + post-
mortem and captures the deferred Team-Workbench as its own forward plan
so the architectural breadcrumbs don't rot.
docs/plans/multi-agent-workbench.md:
- Status bumped to ✅ Shipped; every phase checkbox flipped.
- Open-questions section rewritten with the decisions that were
actually made (name-unique via store write-time check, per-source
system principalIds, policy fully migrated, scene binding default-
empty with smart suggestion).
- New "Shipping-Historie" table mapping each phase to its commit, the
number of files touched, and the test outcome.
- New "Lessons Learnt + Follow-Up Ideen" with:
* What went better than expected (L3 Actor cutover, getOrCreate
instead of unique index, displayName caching)
* Thin spots worth revisiting (avatar not on Actor, missing token
counter for budget, no missions list on agent detail, no
drag-reassign, scene binding doesn't drive filters yet)
* Five deferred follow-up projects (team features, agent memory
self-update, agent-to-agent messaging, meta-planner, per-agent
encryption domains)
docs/plans/team-workbench.md (NEW):
- Full forward-looking plan for the deferred Team-Workbench.
- Two use-cases (human multi-user vs multi-agent sharing team
context) with the observation that they share the same infra.
- Decision candidates table (still open — meant as T0 RFC fodder,
not baked in).
- Architecture sketch with data-model deltas over the current
single-user shape.
- Encryption subsection dedicated to the hardest problems: team-key
wrapping per member (reuses Mission-Grant pattern), member-removal
rotation (lazy vs eager), Zero-Knowledge-mode incompatibility.
- T0..T6 phasing (~7 weeks for a clean first-pass).
- Section "Wie Multi-Agent dafür den Weg geebnet hat" enumerating
the four invariants the shipped Phase 0-7 deliberately preserved
to make this plan cheap when it lands.
docs/plans/README.md (NEW):
- Index doc with the AI/Workbench roadmap as an ASCII flow so future
contributors can locate themselves in the sequence without reading
three 400-line plans first.
docs/future/AI_AGENTS_IDEAS.md:
- Header marks Point 1 (encrypted tables) as shipped via the Mission
Grant plan; points 2-8 stay relevant. Cross-link to all three plan
docs so this stays the go-to backlog.
services/mana-ai/CLAUDE.md:
- Design-context header expanded to link to all four related docs
(arch §20-22, both shipped plans, forward team plan, ideas backlog).
No code changes.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Several shared-ui / shared-auth-ui / subscriptions / credits
components used shadcn-style bare CSS variables (--muted, --primary,
--foreground, etc.), but the Mana theme system standardized on
--color-*. The mismatch meant bg-[hsl(var(--muted))] classes
resolved to an invalid color and rendered transparent — most
visible on the Allgemein settings tab where language and week-start
buttons had no background.
Mechanical prefix across ~30 files. Two semantic renames:
- --destructive → --color-error (Mana uses "error" as the token name)
- --popover → --color-card (no popover token; card is the closest)
With shared packages on the correct naming, drop the shadcn-compat
alias shim from app.css.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Phase 6 — Multi-Agent observability:
- AI Workbench timeline gets a per-agent filter (dropdown with avatars)
alongside module + mission. TimelineBucket gains agentId +
agentDisplayName, projected off the bucket's first AI actor.
- Bucket header now leads with the agent's avatar + name (lookup via
the live useAgents query so renamed agents reflect instantly) and
falls back to Actor.displayName for deleted agents.
- AiProposalInbox card header replaces the generic Sparkle + "KI
schlägt vor" with an agent chip "🤖 Cashflow Watcher schlägt vor"
using the cached Actor.displayName. Ghost-agent label preserved
via the cached displayName even when the agent record is gone.
Phase 7 — Docs:
- docs/architecture/COMPANION_BRAIN_ARCHITECTURE.md §22 added:
data model, identity flow, tick gate order, Scene-Agent binding
semantics, non-goals.
- services/mana-ai/CLAUDE.md status bumped to v0.5 (Multi-Agent
Workbench) with the per-agent runner features + metrics listed.
- apps/mana/CLAUDE.md AI Workbench section rewritten to cover the
Agent primitive, per-agent policy, scene lens, and the updated
timeline header.
Multi-Agent rollout is code-complete end-to-end:
Phase 0 Plan ✓ Phase 4 Policy-per-agent ✓
Phase 1 Actor identity ✓ Phase 5 Agent UI + Scene lens ✓
Phase 2 Agent CRUD ✓ Phase 6 Observability ✓
Phase 3 Tick agent-aware ✓ Phase 7 Docs ✓
Tests: webapp svelte-check 0 errors, 0 warnings.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Debug log on a "Recherchiere News über Adult Learning" mission showed
the deep-research pipeline (mana-search + LLM synthesis) returned 0
sources but reported success — planner then either hallucinated or
fell back to create_task. The webapp already has a documented
RSS-based research path in news-research/{discoverByQuery,searchFeeds}
that's faster, free (no credits), and matches the companion-flow
contract written in news-research/tools.ts: "research_news → save_news_article".
Now:
- Pre-step calls discoverByQuery + searchFeeds directly.
- Empty discovery / empty results throw an explicit error so the
failure-injection branch surfaces it to the planner instead of
silently feeding a "0 sources" success message.
- Injected ResolvedInput now carries explicit instructions ("rufe für
jeden relevanten Artikel save_news_article auf — erfinde keine
URLs") so the planner doesn't have to infer the next move.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
GlobalSettingsSection (and a few other shared-ui/auth-ui components)
reference shadcn-style bare CSS variables like --muted and --primary,
but this app standardized on --color-muted/--color-primary. The
mismatch meant classes like bg-[hsl(var(--muted))] resolved to an
invalid color → buttons in the Allgemein settings tab rendered
without a background.
Add one-way aliases in :root so the bare names resolve to the
color-prefixed ones. No changes to shared-ui required.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The Multi-Agent Workbench becomes visible. User can now create named
agents with their own persona (name, avatar, role), policy, memory,
and budgets; missions are created against a specific agent; scenes
can be bound to an agent so the Workbench tab shows who's at home.
New UI:
- /ai-agents module (ListView with list/create/detail modes, mirroring
the ai-missions pattern). Detail view exposes:
* Profile (name, avatar emoji, role) + pause/resume/archive/delete
* Behavior (systemPrompt + memory — both encrypted at rest per the
registry)
* Limits (maxConcurrentMissions, maxTokensPerDay)
* Policy editor: global default (auto/propose/deny) + per-module
overrides for the usual suspects (todo / calendar / notes / …).
Three quick-apply templates: Standard, Cautious, Aggressive.
* Clear save path with duplicate-name handling from the store.
- Registered under the 'ai' category alongside the existing AI apps.
New component: AgentPicker — compact <select> over active agents plus
an optional "— keiner —" slot. Reused in:
- ai-missions create flow (new "Agent" fieldset — who executes this
mission; passes agentId through to createMission so the very first
server-iteration writes land under the right principal).
- BindAgentDialog — scene context-menu entry "An Agent binden…"
opens this dialog. Purely a UI lens: scene.viewingAsAgentId ends up
set, SceneAppBar now renders the agent's avatar on the scene tab
next to the name (tooltip on hover). No data-scope change.
Store updates:
- WorkbenchScene gains viewingAsAgentId?; patchScene accepts it;
workbenchScenesStore.setSceneAgent(id, agentId|undefined) helper.
- CreateMissionInput gains agentId?; the ai-missions create form
passes it. MissionPatch also extended so future editors can reassign
a mission to a different agent.
Tests: webapp svelte-check 0 errors, 0 warnings.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
ListView rendered GlobalSettingsSection directly for the 'general' tab,
so the header unification in GeneralSection.svelte never took effect —
the sticky "App-Einstellungen" pill still leaked through.
- Swap inline block for <GeneralSection />
- Carry showTheme={false} into GeneralSection (Themes is its own app)
- Drop now-unused GlobalSettingsSection/userSettings/onMount/SettingsPanel imports
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Every tab now leads with the same SettingsSectionHeader
(icon-circle + title + description), matching Credits and Data:
- AiSection wraps AiSettings with SettingsSectionHeader (Robot, indigo);
AiSettings's inline icon+title is removed
- GeneralSection wraps GlobalSettingsSection with SettingsSectionHeader
(Gear); suppresses the inner sticky pill header via title=""
- SecuritySection adds one top-level SettingsSectionHeader
(ShieldCheck, blue) above the four sub-panels
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Settings lives in the Workbench now — no longer needs its own pill.
settingsHref becomes optional; both places that render the entry
(user-menu link list + nav overflow dropdown) skip it when unset.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Until now AiPolicy lived as a user-global setting consulted for every
AI action. With agents as the principal unit of AI behavior, policy
belongs on the agent — different agents can be aggressive about tasks
but conservative about calendar edits, etc.
Webapp (tools/executor.ts):
- When an AI actor invokes a tool, the executor looks up the owning
agent via getAgent(actor.principalId) and passes agent.policy into
resolvePolicy. Falls back to DEFAULT_AI_POLICY when the agent record
is missing (legacy write, deleted agent, race) so no tool call can
silently bypass the propose/deny path.
- resolvePolicy already accepted an optional policy arg, so the call
site change is a single line plus the agent load.
Server (mana-ai):
- ServerAgent gains an optional policy field, projected off the same
plaintext JSONB that the webapp writes.
- Tick loop filters AI_AVAILABLE_TOOLS through filterToolsByAgentPolicy
before passing them to the planner prompt. Resolution order mirrors
the webapp: tools[name] → defaultsByModule → defaultForAi; 'deny'
drops the tool so the LLM never even sees it.
Phase 5 will surface a per-agent policy editor on the agent-detail
UI. Until then all agents inherit DEFAULT_AI_POLICY (baked in during
createAgent), which means no behavior change for existing users —
every tool that was 'propose' before is still 'propose' now, just
reached via agent.policy instead of the user-level singleton.
Tests: mana-ai 41/41, webapp svelte-check clean.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
SceneTabs.svelte had no remaining importers — the homepage
switched to SceneAppBar long ago, and nothing else in the repo
referenced it (grep for imports comes back empty). It still
carried its own rendering logic, context menu, and rename-dialog
wiring, which kept drifting from the real bar (e.g. the scene
icon field removal yesterday had to touch it even though the
file is never mounted). Remove it outright; any future compact
scene tab ever needed can be re-added fresh against the current
store shape.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
When the scene has zero apps the carousel used to show just a
small "+ Hinzufügen" button centered in 60vh of whitespace —
visually underpowered and easy to miss on mobile. Replace with a
proper empty state:
- Heading: "Diese Szene ist leer"
- Hint line: "Füge eine App hinzu, um loszulegen — oder drücke [0]"
- The existing add-card button sits underneath
The kbd chip styles match the layout's typical keyboard hint
pattern and quietly teach the '0' shortcut that already opens
the picker (registered at +page.svelte keybind handler).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Two tightly coupled UX fixes on the homepage:
1. Switching scenes via SceneAppBar used to leave the carousel
parked wherever it was before — the new scene's SceneHeader
appeared off-screen to the left, and the user saw a seemingly
stale row of cards until they manually scrolled. Now an
$effect watches activeSceneId, tracks the last seen value, and
smooth-scrolls the .fokus-track to left=0 on every real change
(ignoring the initial hydration tick so we don't fight the
carousel's own centering).
2. Scene rename had two concurrent paths: the SceneHeader
contenteditable <h1> (live DOM) and a SceneRenameDialog modal
opened from the scene-pill context menu (reads from the store).
If a user was mid-edit inline and right-clicked Umbenennen,
the dialog opened with the pre-edit value and on save clobbered
the inline change. The modal is gone. The context-menu
"Umbenennen" entry now switches to the target scene, scrolls
the carousel to the header, and focuses the contenteditable
after a 120ms tick so the scroll has time to start. Single
source of truth, single code path.
SceneRenameDialog.svelte + the sceneDialog state machine in
+page.svelte are removed. ConfirmDialog (used for delete) is
untouched.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Mission detail now renders all pending proposals for that mission,
across every module, directly above the iteration list. No more jumping
between /todo, /news, /calendar to approve what the agent staged.
AiProposalInbox.module is now optional; when omitted, every card grows
a small lowercase module badge (e.g. "news", "todo") so the user knows
where each proposal will land on approve. The existing per-module
inboxes on /todo, /news, /calendar still work — proposals show in both
places via the same live query, so approving in one auto-clears the
other.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Pencil button on each question opens the bottom form pre-filled;
submit updates in place instead of appending.
- Guest users now see the demo quiz on first visit (QUIZ_GUEST_SEED
registered with seedAllGuestData).
- Silence state_referenced_locally warnings with svelte-ignore to
match the pattern used in cards / landing / rsvp views.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Four question types (single/multi/truefalse/text), inline editor,
play view with per-question feedback + final score review. Attempts
are persisted per quiz. Encrypted at rest: title/description/tags on
the container, questionText/explanation/options on questions.
Attempts stay plaintext. Dexie v21, appId 'quiz', tier 'guest'.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Third phase of the Multi-Agent Workbench. The background mission
runner now respects the owning Agent: agent state gates whether
a mission runs, concurrency is capped per-agent, and server-produced
iterations carry the agent's identity as their Actor.
Data layer:
- db/migrate.ts: new mana_ai.agent_snapshots table (mirrors
mission_snapshots) with indexes on (user_id, last_applied_at) and
a partial index on active agents.
- db/agents-projection.ts: refreshAgentSnapshots (incremental LWW
replay over sync_changes appId='ai' table='agents') +
loadActiveAgents / loadAgent helpers. mergeRaw exported for tests.
- db/missions-projection.ts: ServerMission.agentId + projection
reads the JSONB field (undefined for legacy missions).
Tick integration (cron/tick.ts):
- Refreshes both snapshot tables on every pass (parallel).
- Per-user in-tick agent cache (Map<userId, Map<agentId, Agent>>)
so N missions for one user hit the DB once.
- Gate order: agent archived → skip silently; agent paused → skip;
per-agent maxConcurrentMissions exhausted this tick → defer to next.
All skip paths bump mana_ai_agent_decisions_total{decision}.
- Prompt injection: withAgentContext prepends an <agent_context>
block to the system prompt with the agent's name + role, and
plaintext systemPrompt + memory when available. Ciphertext
(enc:1:… blobs) are skipped — server has no key by design. Mirrors
the Mission Grant privacy stance: encrypted context belongs to the
foreground runner.
Iteration writer (db/iteration-writer.ts):
- New optional `agent` + `iterationId` + `rationale` inputs.
- When agent is present, the sync_changes row is stamped with a
makeAgentActor actor (principalId=agentId, displayName=agent.name)
so the webapp timeline groups the write under the right agent.
- Falls back to an AI actor with LEGACY_AI_PRINCIPAL + 'Mana' when
the mission has no owning agent; ultimate fallback to the
mission-runner system actor when iterationId is also missing.
Metrics:
- mana_ai_agent_decisions_total{decision=ran|skipped-paused|
skipped-archived|skipped-concurrency}. Missions without an agent
don't produce this metric — plansWrittenBackTotal is the universal
"did we run" counter.
Tests: 41/41 (was 35) including 6 new cases for the agent LWW merge.
mana-ai type-check clean. Webapp svelte-check: 0 errors (4 unrelated
warnings in a different module).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
PageShell drops the bottom-right drag handle and its pointer/touch
tracking entirely, and adds a small header button (ArrowsOutLineHorizontal)
that opens a menu with five discrete widths: XS 340 · S 440 · M 540 ·
L 720 · XL 960. Each entry shows its label and pixel value and
highlights whichever one is currently closest to the persisted
widthPx — so legacy freehand values (e.g. 823) still light up the
nearest entry when the menu first opens.
New module width-presets.ts holds the preset array and a
nearestPresetIndex() helper so the same snapping logic isn't
duplicated between PageShell and the store.
Also drops the .page-shell.resizing style (and the `resizing`
state, the shellEl ref, and the MIN/MAX width/height constants)
that only existed to colour the shell while a drag was active.
The five presets cover the useful width range without wasting
space on tiny viewport-sized differences; anyone wanting an
uncommon width can adjust widthPx directly in Dexie for now.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Height was practically unused — most WorkbenchSceneApp rows had
heightPx: undefined and scrolled internally, and the few explicit
values nobody ever revisited were just noise in the sync ledger.
Same goes for pixel-precise drag: users would produce widths like
823px and then never touch them again. Both paths come out in
favour of a fixed set of five width presets (next commit) that
guarantee cards sit on sensible sizes without a decision per card.
- types/workbench-scenes: heightPx removed from WorkbenchSceneApp
- page-carousel/types: heightPx removed from CarouselPage
- stores/workbench-scenes: resizeApp(appId, widthPx) loses its
height param; patchScene allowlist no longer lists heightPx.
Existing Dexie rows with heightPx set simply stop being read
— the field ages out the next time the row is written.
- PageCarousel: placeholder renders width-only; comment updated
- AppPage: heightPx prop + onResize height param gone
- +page.svelte: carouselPages no longer carries heightPx, handler
signature narrowed to (id, widthPx)
This commit removes the data; the next commit rewires PageShell's
UI so the drag handle is replaced by the five-preset picker.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Second phase of the Multi-Agent Workbench rollout (docs/plans/
multi-agent-workbench.md). Builds on Phase 1's identity-aware Actor.
Adds the Agent primitive — a named AI persona that owns Missions,
carries its own policy + memory, and (from Phase 3 on) drives the
Workbench lens. Everything is wired; a single user currently has one
"Mana" default agent until the UI (Phase 5) lets them create more.
Shared types (@mana/shared-ai):
- agents/types.ts: Agent, AgentState, DEFAULT_AGENT_ID/NAME constants
- policy/types.ts: AiPolicy + PolicyDecision (moved from webapp so
Agent.policy can reference it without a runtime dep on the web app)
- missions/types.ts: new optional Mission.agentId field
Webapp data layer:
- data/ai/agents/{types,store,queries,bootstrap}.ts
- Dexie schema v19 adds `agents` table (indexes on state, name,
[state+name]); sync registered under the existing ai app-id
- Encryption registry: agents.systemPrompt + agents.memory encrypted;
name/role/avatar/policy stay plaintext for search + UI rendering
- DuplicateAgentNameError thrown at write time (not a Dexie unique
index — bootstrap races between tabs would otherwise hit
ConstraintError; store now resolves via getOrCreateAgent)
- bootstrap.ts: ensureDefaultAgent + backfillMissionsAgentId. The
backfill runs once per device (localStorage sentinel) so missions
that pre-date the rollout get stamped with the default agent's id.
Called fire-and-forget from startMissionTick() during layout init.
Runner threading (already merged into d5c351d63 via Till's debug-log
commit that picked up my uncommitted edits):
- runner.ts + server-iteration-staging.ts now resolve mission.agentId
to the real Agent and build makeAgentActor with agent.name as
displayName. Missing-agent fallback keeps using LEGACY_AI_PRINCIPAL
so historical writes still attribute cleanly.
Tests: shared-ai 26/26, mana-ai 35/35, svelte-check 0 errors.
Agent store vitest suite is present but blocked by a pre-existing
\$lib alias resolution issue in the webapp vitest config that
predates this phase (proposals/store.test.ts is broken the same way
on HEAD). Will address separately.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
New local-only Dexie table _aiDebugLog (v20, never synced) holds one
row per mission iteration with the full system+user prompt, raw LLM
response, latency, every ResolvedInput the planner saw, and pre-step
state (kontext-injected? web-research-ok-or-error?). Capped at 50
newest rows.
aiPlanTask always returns the captured prompt/response on AiPlanOutput.
debug; the runner persists it only when isAiDebugEnabled() — toggled
via a checkbox in the Mission detail header (defaults to on in DEV
builds, off in prod, override via localStorage 'mana.ai.debug').
New <AiDebugBlock> component renders below each iteration card:
expandable sections for Pre-Step, Resolved Inputs (each input
individually collapsible), System Prompt, User Prompt, Raw Response,
plus a "📋 JSON" copy-to-clipboard button for bug reports.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Prettier kept reformatting the <h1>/<p> bodies onto their own
indented lines, which contenteditable renders verbatim — the user
saw leading/trailing whitespace inside the edit buffer.
prettier-ignore only applies to the immediately next node, and the
svelte-ignore comment was taking that slot, so the directive never
reached the element.
Rewire with bind:this + two $effects that set textContent whenever
the scene prop changes and the element isn't currently focused.
Side benefit: a scene name synced from another device now updates
the header live without interrupting an in-progress edit.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Two small follow-ups to the inline-edit header:
- Reduce the right padding from 2.5rem to 0.25rem so the scene name
sits visually adjacent to the first card. With the carousel's own
1rem gap between flex children the total breathing room is now
~20px instead of ~56px, which matches how hero titles usually
relate to the cards below / beside them.
- prettier-ignore on the <h1> and <p> element blocks. Prettier's
default Svelte formatting moved {scene.name} onto its own line
with indentation whitespace, which contenteditable renders
verbatim as literal leading / trailing spaces in the editor
content. Keep the mustache on the same line as the tag so the
text value is what the store actually holds.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Foundation for the Multi-Agent Workbench roadmap
(docs/plans/multi-agent-workbench.md). Every event, record, and
sync_changes row now carries a principal identity + cached display
name in addition to the three-kind discriminator.
Shape change (source of truth in @mana/shared-ai):
Before: { kind: 'user' | 'ai' | 'system', ...kind-specific fields }
After: discriminated union on kind, with
- common: principalId, displayName
- 'user': principalId = userId
- 'ai': principalId = agentId + missionId/iterationId/rationale
- 'system': principalId = one of SYSTEM_* sentinel strings
('system:projection', 'system:mission-runner', etc.)
Key design calls (from the plan's Q&A):
- System sub-sources get distinct principalIds (not a shared 'system'
bucket) — lets Workbench filter + revert distinguish projection
writes from migration writes from server-iteration writes
- displayName cached on the record so renaming an agent doesn't
rewrite history
- normalizeActor() compat shim fills principalId/displayName on
legacy rows with 'legacy:*' sentinels so historical events never
crash the timeline
New exports:
- BaseActor / UserActor / AiActor / SystemActor (narrowed types)
- makeUserActor, makeAgentActor, makeSystemActor (factories with
typed return)
- SYSTEM_PROJECTION, SYSTEM_RULE, SYSTEM_MIGRATION, SYSTEM_STREAM,
SYSTEM_MISSION_RUNNER (principalId constants)
- LEGACY_USER_PRINCIPAL, LEGACY_AI_PRINCIPAL, LEGACY_SYSTEM_PRINCIPAL
- isUserActor / isFromMissionRunner predicates
Webapp:
- data/events/actor.ts now re-exports from shared-ai, keeps runtime
ambient-context (runAs, getCurrentActor) local
- bindDefaultUser(userId, displayName) lets the auth layer replace
the legacy placeholder with the real logged-in user actor at login
- Mission runner + server-iteration-staging stamp LEGACY_AI_PRINCIPAL
as the agentId placeholder — Phase 2 will thread the real agent
- Streaks projection uses makeSystemActor(SYSTEM_PROJECTION)
- All test fixtures migrated to factories
Service:
- mana-ai/db/iteration-writer.ts stamps makeSystemActor(
SYSTEM_MISSION_RUNNER) instead of the old { kind:'system',
source:'mission-runner' } shape. Phase 3 will switch this to an
agent actor per mission.
Tests: 26 shared-ai + 21 webapp vitest + 35 mana-ai — all green.
svelte-check: 0 errors, 0 warnings.
No behavior change; purely a type + shape upgrade. Old sync_changes
rows parse via the normalizeActor compat shim at read time.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
SceneHeader switches from a button-that-opens-a-dialog to inline
contenteditable fields. Click the title → caret appears, type →
Enter commits, Escape reverts, blur commits. Same for the
description except Enter is allowed (multi-line).
- contenteditable="plaintext-only" keeps pasted rich text from
leaking styles into the store
- onfocus selects the existing text so the first keystroke
replaces rather than appends (matches the expected rename feel)
- :empty-based ::before placeholder shows "Beschreibung
hinzufügen…" on blank descriptions, including while focused
(slightly dimmer) so the edit target is still visible before
the first character
- Empty name on blur reverts to the previous value (empty scene
names aren't a valid state the rest of the UI handles)
- Empty description commits as null, matching the store's
setSceneDescription contract
handleEditActiveScene and the SceneHeader.onEdit prop are gone —
the dialog is no longer reachable from the header. It stays
hooked up to SceneTabs' right-click → Umbenennen path for users
who prefer the modal.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
New SceneHeader component: big scene name (clamp 2.75rem–4.5rem
responsive) plus a muted description underneath, or an italic
"Beschreibung hinzufügen…" placeholder when empty. The whole block
is a button — clicking it opens the existing scene edit dialog,
now pulling double duty for both name and description.
Wired through PageCarousel's new leading snippet from the previous
commit, so the header scrolls with the track and stays anchored to
the visual start of the carousel without needing a second scroll
container.
SceneRenameDialog grows a description textarea (maxlength 240,
3 rows, vertically resizable) and onSubmit now passes (name,
description). The caller translates an empty description to null
so the DB column reflects "no description set" rather than an
empty string — keeps WorkbenchScene.description truthy checks
honest.
handleEditActiveScene resolves the currently-active scene and
opens the dialog pre-filled; used by the SceneHeader click.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Consumers of PageCarousel can now pass a \`leading\` Snippet that
renders as the first flex child inside .fokus-track, ahead of the
page wrappers. Used on the workbench homepage for the scene header
(name + description). Scrolls with the track rather than sticking
in place — reads as an intro block, not app chrome, and doesn't
steal viewport from the cards on narrow screens.
Styled as flex-aligned, align-self:stretch so its intrinsic layout
decides the height and it centres vertically against the cards.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Schema + store preparation for the new scene header on the homepage
(next commit). Scenes get an optional free-text description stamped
as its own field — LWW through the existing mana-sync pipeline, no
new sync contract. The unused icon field is removed everywhere:
- types/workbench-scenes.ts: description?: string | null replaces icon
- stores/workbench-scenes.svelte.ts: createScene, renameScene,
duplicateScene, toScene, patchScene all updated. New method
setSceneDescription(id, value) mirrors renameScene so the caller
can change just the description without re-submitting the name.
- components/workbench/scenes/SceneTabs.svelte: the tab-bar rendered
{#if scene.icon} before the name — scene.name is unique enough to
identify a scene, and the UI direction is away from emoji chrome.
Existing scene rows in Dexie simply omit description (undefined → null
on read); the icon field on old rows is ignored and will age out of
the schema the next time the row is written.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
When the pre-step research call throws (mana-search down, missing tier,
402 credits, etc.), the runner used to swallow the error and feed an
empty input to the planner — which then made up a story about a "failed
web search" and fell back to create_task. Now we inject an explicit
"research failed" ResolvedInput with the actual error message, plus
write the truncated message into phaseDetail so it's visible in the
mission card without DevTools.
Bundles an in-flight actor refactor merge in runner.ts (makeAgentActor
+ LEGACY_AI_PRINCIPAL) — those lines came from the parallel Phase-1
identity work, not this fix.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The standalone "Cloud Sync" pill sat fifth in the bar-mode pill row
on mobile / narrow layouts, pushing the pill row to 5+ items and
duplicating actions the user menu already surfaces (Sync-Einstellungen,
credits link). Move the sync status + actions into userMenuBarItems
so they appear as a labelled section inside the bar that opens when
the user pill is tapped.
Render order for signed-in users now goes:
account · settings · theme-mode · theme · [Sync section] · logout
The section header uses the existing `divider: true, label: 'Sync'`
shape PillDropdownBar already understands, so the status line ("Cloud
Sync aktiv", etc.) sits under a real heading. For guests the section
is skipped entirely — sync doesn't apply before login.
Left the non-barMode popover path alone (showSyncStatus + syncStatusItems
still drive the inline PillDropdown when a popover is in use) since
the complaint was specifically about the bar's fifth pill on mobile.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Mission objectives matching /recherch|research|news|finde|suche|aktuelle|neueste/i
trigger a synchronous deep-research call (mana-search + mana-llm via the
existing /api/v1/research/start-sync pipeline) before the planner runs;
the summary plus top-8 source URLs are injected as a synthetic ResolvedInput
so the planner can stage save_news_article proposals against real URLs.
The kontext singleton is auto-attached to every mission's planner input
(decrypted client-side, gated on non-empty content + not already linked).
save_news_article is a new proposable tool routed through articlesStore
.saveFromUrl (Readability via /api/v1/news/extract/save). AiProposalInbox
mounted on /news so the user can approve/reject inline. mana-ai planner
tool list mirrors the new tool to keep the boot-time drift guard happy.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The shared-hono credits client returns DEFAULT_BALANCE=1000 when
/api/v1/internal/credits/balance/:userId responds with no row, so
local-dev accounts silently diverge from production — credit-gated
flows look free in dev and only blow up after deploy. Seeding a
real credits.balances row makes the fallback unreachable and the
dev stack exercises the same code path as prod.
Default is 10_000 credits (overridable via CREDITS env var) and
is applied alongside the existing tier + role + sync-gift upserts,
so setup-dev-user.sh stays a single idempotent pass. Existing dev
accounts (tills95, tilljkb, rajiehq) were backfilled manually
once; re-running the script won't clobber a higher balance
because the ON CONFLICT uses GREATEST.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Running pnpm type-check inside apps/api failed before any real
error could run, blocked by two structural errors: drizzle.presi.config.ts
and scripts/generate-who-dossiers.ts are deliberately outside src/
but are matched by the include pattern, tripping TS6059 against
rootDir=src. And @mana/shared-types imports peer files with explicit
.ts extensions, which needs allowImportingTsExtensions under
moduleResolution=bundler.
Remove rootDir (we're noEmit anyway — Bun runs src/index.ts
directly, tsc is only a lint pass), drop the unused outDir, add
noEmit explicitly, and enable allowImportingTsExtensions. Type-check
now completes cleanly.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Admin-gated backend endpoints (e.g. POST /api/v1/admin/sync/:id/gift,
GET /api/v1/admin/users/:id/tier) check auth.users.role === 'admin',
which is orthogonal to access_tier. The script was already lifting
every dev account to tier=founder but left role at the 'user'
default, so founders couldn't exercise the admin UI flows against
their local stack. Wire role alongside tier (both via env-overridable
defaults) and reflect it in the success output so re-runs surface
what's being applied.
Backfilled the existing three dev accounts (tills95, tilljkb,
rajiehq) to role=admin manually once; re-running the script now is
idempotent.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The Go binary's config.go hardcoded "postgresql://…/mana" as the
DATABASE_URL fallback, but no database named "mana" exists locally
or in the macmini compose stack — the platform DB is mana_platform.
Anyone running the crawler without an explicit override got a
"database \"mana\" does not exist" crash at startup. The dev:crawler
script in package.json had been papering over this by setting
DATABASE_URL explicitly; drop that override now that the binary
default is correct.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Two halves of the same "why is sync inactive in dev" fix:
- package.json: new dev:credits script and mana-credits added to
the dev:mana:servers concurrently group. The service was never
started by pnpm dev:mana:all, so the frontend's
GET /api/v1/sync/status failed, syncBilling.load() caught the
error and defaulted to inactive — while mana-sync (Go) was
actually fail-open on the billing check, making the UI
indicator lie about the backend state.
- scripts/dev/setup-dev-user.sh: after the existing
email-verify + tier-lift UPDATE, upsert a row into
credits.sync_subscriptions with is_gifted=true. Mirrors what
POST /api/v1/admin/sync/:id/gift would do, so every new dev
user gets Cloud Sync from the first login without a separate
admin call. The credits schema lives inside mana_platform, so
no new database needed — just a second statement in the same
psql heredoc.
Existing dev users (tills95, tilljkb, rajiehq) were backfilled
manually with the same INSERT … ON CONFLICT DO UPDATE once;
future runs of setup-dev-user.sh stay idempotent.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Public ingress for the Mission Key-Grant audit endpoint
(/api/v1/me/ai-audit) so the Workbench "Datenzugriff" tab can reach
mana-ai from the browser. Background tick + /metrics stay internal;
only the JWT-gated user endpoint is exposed.
Requires a Cloudflare DNS record pointing mana-ai.mana.how at the
tunnel CNAME (one-off: \`cloudflared tunnel route dns
1435166a-0e3f-4222-8de6-744f32cea5c9 mana-ai.mana.how\`), then sync
via scripts/mac-mini/sync-tunnel-config.sh.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Two visible issues on /login and /register in the Mana web app:
- The "Zum Anmeldeformular springen" skip link was visible in the
top-left corner instead of only on keyboard focus. It's an a11y
nicety that in practice clutters the page for every user. Remove
the button (and the dead skipToForm() handler in LoginPage) rather
than try to fix an sr-only variant that apparently doesn't survive
the Tailwind v4 @source pipeline here.
- The form card rendered ~full-width on desktop even though the
existing max-w-[440px] / max-w-[480px] arbitrary-value classes
should have constrained it. Replace those with style:max-width
inline so the 440px cap is guaranteed regardless of how Tailwind
picks up classes from the shared-auth-ui package.
Same changes applied to RegisterPage (only width — no skip link
there) so the two pages stay visually identical.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
useRegisterSW() reaches for navigator.serviceWorker at call time, which
crashes SvelteKit SSR with "ReferenceError: navigator is not defined"
(Node has no navigator). The prod mana-web container crash-looped on
every request after the rebuild because the layout mounts this
component unconditionally.
Fix: branch on \$app/environment's \`browser\` flag. On the server,
hand back a noop writable + async-noop updater so the downstream
template code stays unchanged.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The 2rem linear-gradient mask at each end of the tag strip was
supposed to hint at scrollable overflow, but it cuts off the
leading + trailing tags on narrow layouts where they're already
just barely visible. Dropping both mask-image declarations lets
the pills render edge-to-edge. Overflow scrolling + hidden
scrollbar stay as they were, plus the hover-lift removal from
the previous commit.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The whole pill family used a translateY(-1px / -2px) on :hover that
made the chrome jitter every time the cursor crossed anything —
especially noticeable in the TagStrip, PillNav, and the user-menu
bar where pills sit close together and a 1-2px jump reads as
twitching rather than polish.
Removed the hover transform (and the matching :active reset on
the base Pill) from:
- Pill.svelte — base primitive, covers PillNav + every bar pill
- AppDrawer.svelte — .glass-pill in the app switcher
- PillTagSelector.svelte — .glass-pill in the quick-input tag selector
- PillTimeRangeSelector.svelte — .glass-pill in the calendar range picker
- UserMenuPanel.svelte — .chip hover in the popover variant
Background, border, and shadow hover states are kept — only the
vertical displacement is gone.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
When the right-hand user pill is clicked as a guest (barMode), the
opening bar used to show just a decorative "Menü" label pill on
the left and then settings + theme toggles — none of which are a
useful first action for someone not logged in.
- phosphor-icon-map: register SignIn as `login`, so PillDropdownBar
can render it the same way as the existing `logout` glyph.
- PillNavigation.userMenuBarItems: prepend an "Anmelden" item for
guests (no userEmail + loginHref given) that navigates to
loginHref. It becomes the first CTA in the bar, above settings /
theme / language.
- PillNavigation.userBarConfig: drop the bar-header label when the
viewer is a guest. The decorative "Menü" pill added nothing
alongside the new Anmelden action and just cluttered the leading
edge of the bar.
The popover variant of the user menu (UserMenuPanel) already had
its own guest login button — this mirrors that behaviour for the
bottom-bar variant used on mobile / narrow layouts.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
