Better Auth's OIDC provider expects redirect_urls to be a comma-separated
string, not a JSON array. Updated seed script and schema documentation.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The OIDC request handler was not properly forwarding sign-in requests.
Added a dedicated handler that:
- Directly calls Better Auth's handler
- Properly handles Set-Cookie headers for session cookies
- Exposed getHandler() method from BetterAuthService
- Added trustedOrigins configuration to allow cross-origin requests
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Chat interface with message history
- Model selector for available LLM models
- Parameter panel (temperature, max tokens, etc.)
- System prompt editor
- Svelte 5 runes-based stores
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Update pnpm-lock.yaml with matrix bot dependencies
- Add environment variables to generate-env.mjs
- Improve mana-llm config and ollama provider
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Quick chat mode for stateless single messages (!chat)
- Full conversation management (create, list, select, delete)
- Message history with context-aware AI responses
- Model selection (Ollama, OpenRouter, OpenAI, Anthropic)
- Conversation actions: archive, restore, pin, unpin, rename
- German/English command aliases
- Number-based reference system for ease of use
- JWT auth via mana-core-auth
- Health check endpoint on port 3327
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Skill management: create, list, view details, delete
- XP tracking with level-up notifications
- Branch filtering (intellect, body, creativity, social, practical, mindset, custom)
- Activity history per skill or global
- User statistics (total XP, skill count, highest level, streak)
- German/English command aliases
- Number-based reference system for ease of use
- JWT auth via mana-core-auth
- Health check endpoint on port 3326
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The OIDC login page was using our custom /api/v1/auth/login endpoint
which returns tokens but doesn't set session cookies. Better Auth's
OIDC provider needs session cookies to recognize logged-in users.
Changes:
- Update login page to use /api/auth/sign-in/email (Better Auth native)
- Add sign-in endpoint handler in oidc.controller.ts
- Add route exclusion in main.ts for the sign-in path
This fixes the infinite redirect loop where users would log in but
then be sent back to login because the OAuth2 authorize endpoint
couldn't detect the session.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add build script to compile TypeScript to dist/
- Update exports to point to compiled files
- Update calendar-web Dockerfile to build shared-vite-config
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
When redirected from authorization endpoint, the client_id is encoded
in the returnUrl parameter, not directly in query params. This fix
extracts it properly to display the correct application name.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Full NestJS bot with matrix-bot-sdk integration
- Plant CRUD: list, add, view, edit, delete plants
- Watering: mark as watered, upcoming waterings, history
- Care settings: light, humidity, temperature, soil, notes
- Watering interval configuration
- Health status tracking with emoji indicators
- German/English command aliases
- Number-based reference system for plants
- JWT auth via mana-core-auth
- Runs on port 3322
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The login page uses inline JavaScript for the form submission handler.
Helmet's default CSP was blocking this, preventing users from logging in
via OIDC/SSO flows (e.g., Matrix Synapse).
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Full NestJS bot with matrix-bot-sdk integration
- Deck CRUD: list, create, view, delete decks
- Card management: view cards and card details
- AI generation: generate decks with AI (30 Mana)
- Study sessions: start learning sessions
- Progress tracking: due cards, statistics
- Public features: featured decks, leaderboard
- Credit system: mana balance display
- German/English command aliases
- Number-based reference system for decks and cards
- JWT auth via mana-core-auth
- Runs on port 3321
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- List, search, and view contact details
- Create, edit, and delete contacts
- Toggle favorites and archive status
- Number-based reference system for easy commands
- German and English command aliases
- Login/logout via mana-core-auth
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Generate images via Picture backend with `!generate` command
- Support prompt options (--width, --height, --steps, --negative)
- Model selection with `!models` and `!model [id]`
- Image history and deletion
- Login/logout via mana-core-auth
- Credit balance display
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Email alerts were causing too many notifications. Changed default
from true to false so new users won't receive email notifications
unless explicitly enabled. Push notifications remain enabled.
Move queue name constants to separate file (queue-names.ts) to avoid
circular dependency between queue.module.ts and processor files.
The @Processor decorator evaluates at module load time, and importing
constants from queue.module.ts created a circular dependency that
resulted in undefined queue names.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Migrate all LLM consumers from direct Ollama calls to centralized
mana-llm service with OpenAI-compatible API.
Migrated services:
- matrix-ollama-bot
- telegram-ollama-bot
- chat-backend
- telegram-project-doc-bot
New env vars: MANA_LLM_URL, LLM_MODEL, LLM_TIMEOUT
Replaces: OLLAMA_URL, OLLAMA_MODEL, OLLAMA_TIMEOUT
- Update mana-search Dockerfile to use monorepo root context
- Update api-gateway Dockerfile to use monorepo root context
- Fix CI workflow to use context: . for mana-search
- Use pnpm --filter for proper workspace package installation
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add Swagger/OpenAPI documentation at /docs endpoint
- Add admin module for system-wide API key management
- Add scheduler for monthly credit reset and usage cleanup
- Add Docker Compose entry for Mac Mini deployment
- Document all endpoints with descriptions and examples
Implement custom NestJS API Gateway for mana-search, mana-stt, and mana-tts:
- API Key management with CRUD operations and key regeneration
- Redis-based sliding window rate limiting
- Credit-based billing with tier support (free, pro, enterprise)
- Usage tracking with daily aggregates
- Proxy services to backend microservices
- Prometheus metrics endpoint
- JWT auth for management API, API key auth for public API
Database schema uses separate `api_gateway` schema in shared manacore DB.
- NestJS bot that converts text messages to speech via mana-tts
- Commands: !voice, !voices, !speed, !status, !help
- User settings stored in-memory (voice, speed per user)
- Docker config for Mac Mini deployment
- Setup script for bot registration
Co-Authored-By: Claude <noreply@anthropic.com>
Add ability to resend verification email when login fails with
"Email not verified" error. Implemented across all 14 apps using
Mana Core Auth.
Changes:
- Add POST /api/v1/auth/resend-verification endpoint to mana-core-auth
- Add resendVerificationEmail method to shared-auth client
- Update LoginPage component with resend UI and translations
- Add resendVerificationEmail to all app auth stores
- Add translations for de, en, fr, es, it
- Add PlantaLogo to shared-branding
- Migrate planta login to shared LoginPage component
Add internationalization (DE + EN) to previously missing apps:
- todo: task management translations
- skilltree: skill/XP system translations
- nutriphi: nutrition tracking translations
- planta: plant care translations
- questions: research app translations
- matrix: chat client translations (layout integration)
Each app includes:
- svelte-i18n setup with SSR support
- localStorage persistence ({app}_locale pattern)
- i18n loading state in +layout.svelte
- German (default) and English translations
Updated CONSISTENCY_REPORT.md to mark i18n task as complete.
Also includes:
- mana-tts service placeholder files
- bot-services: Add registerAsync to AI, Calendar, Clock, Todo modules
- bot-services: Add convenience methods to ClockService for bot handlers
- bot-services: Make CreateEventInput.endTime optional with sensible defaults
- bot-services: Fix empty interface ESLint errors (use type aliases)
- questions-backend: Add missing schema columns (isDefault, sortOrder, deletedAt)
- questions-backend: Fix or() return type handling in question service
- questions-web: Add guard for undefined question ID in route params
- skilltree-web: Fix DBSchema type by not extending idb interface directly
- calendar-web: Fix Check icon prop (use weight instead of strokeWidth)
- matrix-mana-bot: Update clock handler to use new service methods
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Remove :ro flag from volume mounts (SearXNG needs write access)
- Simplify limiter.toml to match current SearXNG schema
- Disable link_token for API usage without browser
Add a simple login page at /login for OIDC authorization flows.
When users access the authorization endpoint without being logged in,
Better Auth redirects them to this page. After successful login,
users are redirected back to continue the authorization flow.
- Create OidcLoginController with login page HTML
- Add controller to AuthModule
- Exclude /login from global prefix
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Better Auth's OIDC discovery document advertises endpoints at
/api/auth/oauth2/* paths. Add routes for these native paths to
ensure Matrix Synapse and other OIDC clients can complete the
authorization flow.
Routes added:
- GET /api/auth/oauth2/authorize
- POST /api/auth/oauth2/token
- GET /api/auth/oauth2/userinfo
- GET /api/auth/jwks
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add explicit path exclusions and path-to-regexp wildcard patterns
to ensure /api/auth/jwks and other OIDC routes are excluded from
the /api/v1 global prefix. This fixes JWKS endpoint accessibility
for Matrix Synapse OIDC integration.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Better Auth's discovery document points to /api/auth/jwks,
so we need to expose this route directly in NestJS.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fix AiHandler to use correct service methods:
- setSessionModel instead of setModel
- clearSessionHistory instead of clearHistory
- compareModels for model comparison
- Fix TodoHandler to use index-based methods:
- completeTaskByIndex instead of completeTask
- deleteTaskByIndex instead of deleteTask
- Add deploy-mana-bot.sh script for full deployment automation
https://claude.ai/code/session_015bwcqVRiFmSydYTjvDJGTc
Introduces a unified Matrix bot that combines all features:
- AI Chat (Ollama integration)
- Todo management
- Calendar events
- Timers & Alarms
- Cross-feature orchestration (!summary, !ai-todo)
Architecture:
- Uses @manacore/bot-services for shared business logic
- Command router with natural language support
- Handlers delegate to shared services
- Orchestration layer for cross-feature AI features
This enables users to interact with a single bot for all features,
while standalone bots remain available for dedicated use cases.
https://claude.ai/code/session_015bwcqVRiFmSydYTjvDJGTc
