Builds the user-facing surface on top of the data layer landed in the
previous commit. After this commit the Body module is reachable at
/body and surfaces an at-a-glance tile on the customizable dashboard.
Components (lib/modules/body/components/):
- SetRow — inline editable set with weight/reps/RPE/warmup/delete.
Local $state mirrors the prop and re-syncs via $effect when the
parent re-emits the row through liveQuery.
- WorkoutLogger — active-session console. Groups sets by exercise,
pre-fills the next-set form from the most recent working set on
the same exercise so progressive overload is one tap.
- MeasurementForm — quick-log with type picker; unit auto-follows
(kg for weight/muscle, % for body fat, cm for circumferences).
- WeightChart — pure SVG line chart, no chart-lib dependency.
Auto-scales the y-axis with padding so flat-line periods don't
collapse to a single horizontal line.
- DailyCheckCard — 1-5 dot buttons for energy/sleep/soreness/mood,
upserts to bodyChecks per day so re-tapping overwrites today.
- RecentWorkouts — finished sessions with set count, total volume,
duration.
ListView.svelte composes everything into the main view: active
workout console when running (otherwise a "start" CTA), weight
chart + measurement form, today's daily check card, recent
workouts. Phase pill in the header (Cut/Bulk/Maintenance) with
color-coded background.
Route (routes/(app)/body/):
- +layout.svelte sets seven contexts via the useAllBody*() hooks
so child pages get observable streams without prop drilling.
- +page.svelte renders ListView.
i18n (lib/i18n/locales/body/):
- de/en/it/fr/es JSON files with title, subtitle, workout state,
measurement.* (10 types), check.* (4 fields), phase.* (4 kinds),
log/finish/start strings.
- Registered in lib/i18n/index.ts alongside the other module dicts.
Dashboard widget (lib/modules/body/widgets/BodyStatsWidget.svelte):
- Surfaces latest weight + delta vs the previous reading, plus
either the active workout (with today's set count + volume) or
a "start workout" CTA when idle.
- Reads bodyMeasurements / bodyWorkouts / bodySets directly via
liveQuery + decryptRecords (same pattern as NewsUnreadWidget).
- Wired into widget-registry.ts as 'body-stats', registered in
types/dashboard.ts WIDGET_REGISTRY with 💪 icon and the new
'body' requiredBackend tier.
- Strings added under dashboard.widgets.body_stats.* in all five
locales.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Adds the unified Body module that merges what would otherwise be two
separate apps (fitness + bodylog) into one. The value lives in their
intersection: tracking lifts alongside bodyweight is what enables
real progressive-overload + recomp insights, and shared primitives
(charts, time series, units, photos) avoid duplicating UI surface.
This commit lands only the data layer + module registration so the
follow-up UI / route / dashboard widget can build on a stable
foundation.
Tables (db.version(2), already in place):
bodyExercises — exercise library (Squat, Bench, Deadlift, OHP,
Row, Pull-Up seeded as presets)
bodyRoutines — saved workout templates
bodyWorkouts — one logged training session
bodySets — set rows inside a workout, indexed [workoutId+order]
bodyMeasurements — weight + measurements over time, indexed [type+date]
bodyChecks — daily energy/sleep/soreness/mood self-rating,
upserted per day
bodyPhases — cut/bulk/maintenance/recomp phase markers, with
auto-close on phase change so the "active phase"
view always has at most one open row
Encryption (registry.ts): all 7 tables flipped to enabled. Health
data is GDPR Art. 9 special-category, so user-typed text + the
sensitive numeric fields (weight, reps, value, startWeight,
targetWeight, energy/sleep/soreness/mood) are wrapped. Indexed
columns (ids, FKs, ordering, dates, kind/type/equipment enums)
stay plaintext so the existing query layer keeps working without
decrypt-on-every-row.
Module wiring:
- bodyModuleConfig added to module-registry.ts
- Body app entry registered in shared-branding mana-apps.ts
(red→orange icon to set it apart from the green health-adjacent
modules and the pink cycles icon)
- APP_ICONS.body added (dumbbell + heart-pulse hybrid SVG)
Also captures the broader module-ideas brainstorm in
docs/future/MODULE_IDEAS.md and marks fitness + bodylog as merged
into the new body module.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The PlayView's send() catch sets a local `error` state which renders
as a small banner near the input — easy to miss when the chat area
is the first thing the eye looks at after pressing send. Add an
explicit console.error so the next time something goes wrong end
to end, the actual exception is one DevTools tab away instead of
"my message disappeared and I have no idea why".
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Adds a contextMenuActions entry to the nutriphi registerApp() block
matching the convention todo / calendar / contacts / habits / notes /
dreams / cycles all use: a Plus-icon "Neue Mahlzeit" action that
dispatches a window CustomEvent('mana:quick-action', { app: 'nutriphi',
action: 'new' }).
Note: there is currently no registered listener for mana:quick-action
in the codebase — every existing module dispatches it but nothing
consumes it yet (presumably waiting for a central handler in the
workbench shell). Adding the entry now keeps nutriphi consistent with
the convention so it will light up automatically once the listener
lands.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The who module landed with whoGames + whoMessages declared inside
db.version(1). That's wrong: existing browsers (every tester
including the developer's own) already had Dexie persisted at v1
with the OLD schema (no who tables). When the new bundle declared
v1 with a different schema, Dexie refused the schema diff and the
optimistic insert in whoGamesStore.sendMessage silently failed —
neither the user's message nor the server reply appeared in the
PlayView, even though the deck picker and game start worked
(those write whoGames which has the same schema-mismatch issue
but the failure is only visible once a chat starts).
The pre-launch cleanup doc says "edit version(1) directly until
launch", but in practice that bricks every developer's local
state on every additive change. The right rule is: bump the
version for additive table additions even pre-launch — Dexie
handles the additive case cleanly with no upgrade function.
This commit:
- Removes whoGames + whoMessages from db.version(1)
- Adds them to a new db.version(3) block (v2 was already taken
by the bodyExercises / bodyRoutines / etc. body module)
- Existing IndexedDB databases at v1 or v2 will run the
additive upgrade automatically on next page load. No data
loss, no upgrade function needed (no rows to migrate yet).
Also: add a console.error to PlayView's send() catch so future
sendMessage failures actually show up in DevTools instead of
only being visible as a tiny error banner near the input.
Fixes the "ich tippe eine frage und nichts passiert" symptom
the developer hit on the first end-to-end live test of the who
module on production.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Adds nutriphi to the unified quick-input registry so the global search
bar gains meal-aware behaviour whenever the user is on a /nutriphi route.
Adapter contract (mirrors planta / todo / calendar):
- onSearch: decrypts meals (description is in the encrypted allowlist)
and substring-matches by description, sorted newest-first, capped at 10
- onCreate: parses an optional meal-type prefix from the query
("frühstück: müsli mit beeren", "snack: apfel", english + ASCII
variants accepted) and falls back to suggestMealType() based on
time-of-day when no prefix is given
- onParseCreate: shows a preview line so users see which meal type
will be picked before they hit enter
Persistence goes through mealMutations.create — same code path the
workbench card uses, so encryption + sync work for free.
Tests: 13 cases covering parser branches (German + English prefixes,
case insensitivity, time-of-day fallback for the three meal windows,
edge cases like unknown prefixes, far-away colons, empty descriptions
after a prefix). Parser is exported to keep the test independent of
the adapter's network-touching hooks.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Two surprises came out of "why do we still use Gemma 3 instead of 4":
1. The hardcoded default in ManaServerBackend was `gemma3:4b`, which
was even smaller than mana-llm's actual server-side default of
`gemma3:12b`. My initial guess from docs/LOCAL_LLM_MODELS.md was
conservative.
2. The mana-llm OLLAMA_URL points at host.docker.internal:13434,
which is NOT the Mac Mini's local Ollama — it's a Python TCP
forwarder (~/gpu-proxy.py) that proxies to 192.168.178.11:11434
on the Windows GPU server. So title generation has been running
on the RTX 3090 the whole time, not on the M4 Metal GPU. The
Mac Mini's brew-installed ollama 0.15.4 wasn't even being used
for inference — only as a CLI to inspect the proxied Ollama.
To get to Gemma 4, both Ollama instances needed an upgrade:
- Mac Mini brew : 0.15.4 → 0.20.4 (cosmetic, the binary isn't on
the inference path; upgraded for consistency)
- GPU server : 0.18.2 → 0.20.4 via winget. Required restarting
the daemon via the OllamaServe scheduled task
that was already configured.
Then `ollama pull gemma4:e4b` on the GPU server (9.6 GB, ~10 min on
the LAN). Verified end-to-end via the proxy with a real chat
completion request to mana-llm — gemma4:e4b answered with a clean
4-word German title for a sample voice memo prompt:
prompt: "Erstelle einen kurzen 3-Wort Titel für: Es ist ein
schöner Tag heute am 9. April"
→ "Schöner Tag, neuntes April"
Changes in this commit:
packages/shared-llm/src/backends/mana-server.ts
- defaultModel: 'gemma3:4b' → 'gemma4:e4b'
- Updated docstring to explain why E4B is the right Mana-Server
tier default: 9.6 GB on disk, 128K context, "Effective 4B"
arch punches above its weight class for German prompts, and
the family stays consistent with the browser tier (Gemma 4
E2B is the smaller sibling) so the source label and prompt
behavior remain coherent across tiers.
apps/mana/apps/web/src/lib/modules/memoro/views/DetailView.svelte
- TITLE_SOURCE_LABELS map updated:
browser → "Auf deinem Gerät (Gemma 4 E2B)" (was "(Gemma 4)")
mana-server → "Mana-Server (Gemma 4 E4B)" (was "(gemma3:4b)")
- The label now reflects that BOTH the browser and the mana-server
tier are running Gemma 4 variants, which is more honest than
the previous mix.
Did NOT change:
- The Ollama OLLAMA_DEFAULT_MODEL env var in docker-compose.macmini.yml
(still gemma3:12b). That's the fallback for callers who don't
specify a model in their request. Our generate-title task always
sends an explicit model string, so it's unaffected. Bumping the
global default is a separate decision — it would change behavior
for the playground module and any other consumer that relies on
the implicit fallback.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Adds the test that would have caught the inventar↔inventory drift
months earlier (commit 45790ffbb fixed the actual mismatch). Walks
both directions:
1. Every workbench-registered app must have a MANA_APPS entry, OR
be in the WORKBENCH_ONLY allowlist (currently `automations`,
`playground` — internal devtools we don't want in marketing).
2. Every MANA_APPS entry must be registered in the workbench, OR
be in the BRANDING_ONLY allowlist (`mana` itself, standalone
subdomains like `arcade`, "Coming Soon" placeholders like
`wisekeep`/`mail`/`events`, and modules whose workbench
integration is still pending like `guides`/`who`).
Plus a regression guard that fails loudly if anyone reintroduces
`inventar` as an id in either registry.
The point: every future drift between the two registries forces the
contributor to either fix it on the spot or explicitly classify the
new entry in one of the allowlists with a comment. No more silent
fail-open tier-gating.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The workbench card was read-only — users had to navigate to /nutriphi/add
to log anything. Now the card has a quick-add bar in the toolbar slot:
- Text input → Enter or send button → mealMutations.create() with
suggestMealType() (no AI round-trip; users get instant persistence
and can edit nutrition later from the detail page)
- 📷 button → file picker (capture=environment for mobile camera) →
photoMutations.uploadAndAnalyze → mealMutations.createFromPhoto with
the full Gemini result (foods + thumbnail + confidence)
- Toast on success ("📷 Mahlzeit hinzugefügt · KI 87%") and on error
Item rendering also got a small upgrade:
- Each row is now a link to /nutriphi/[id] (matches the rest of the
nutriphi pages now that the detail route exists)
- Thumbnail shown next to the row when present (uses photoThumbnailUrl
for bandwidth)
- 📷 indicator badge for photo-mode meals
Pre-existing bug fix in passing: the goals query was reading from the
non-existent table 'nutriphiGoals' instead of 'goals' (the actual table
name from module.config.ts), so the calorie target was never visible
in the workbench card. Switched to 'goals'.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Surfaces News in two extra entry points beyond the dedicated /news
route. The workbench ListView is a compact ranked-feed view designed
for the AppPage carousel slot — it boots the same feed-cache poll, runs
the same scoreArticle pipeline, but renders smaller cards and skips the
onboarding wizard (un-onboarded users get a CTA pointing them at /news
instead). The NewsUnreadWidget shows the top three ranked unread
articles on the dashboard, sharing the exact same engine inputs so the
ordering matches the main feed. WidgetType + WIDGET_REGISTRY get the
new 'news-unread' entry, and dashboard.widgets.news_unread is added to
all five locale files.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Adds the seven (app)/news/* routes: layout that boots the feed-cache
poll, main page with the 3-step onboarding wizard and the ranked feed
with reaction buttons, dual-source reader at /news/[id], saved reading
list with category filter strip + inline category editor + 3 tabs
(unread/favorites/archive), /news/add for ad-hoc URL paste,
/news/preferences for topics/languages/weight reset, /news/sources
for per-source block toggles. Five locale JSON files (de/en/es/fr/it,
~60 keys each) for the eventual $_('news.…') refactor.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Adds the local-first News module: 5 Dexie tables (newsArticles,
newsCategories, newsPreferences, newsReactions, newsCachedFeed) with
the cached pool intentionally outside the sync map, four mutation
stores (articles, categories, preferences, reactions, feed-cache),
typed DTOs + queries with decryption-aware liveQueries, the api.ts
client for /api/v1/news/{feed,extract}, and the pure feed-engine that
scores articles by recency × topicWeight × sourceWeight and applies
reaction-driven weight updates client-side.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Adds the services/news-ingester Bun service that pulls 25 public RSS/JSON
feeds into news.curated_articles every 15 min, with Mozilla Readability
fallback for thin RSS bodies and 30-day retention. apps/api /feed is
rewritten to read from the new pool table directly instead of the
sync_changes hack, with topics/lang/since/limit/offset query params.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The workbench-registry app id 'inventar' did not match its
@mana/shared-branding MANA_APPS counterpart 'inventory', so the tier-
gating join in apps/web/src/lib/app-registry/registry.ts silently
failed for the inventory module — it fell into the "no MANA_APPS
entry, default visible" fallback and was effectively un-gated. The
codebase had also voted overwhelmingly for 'inventar' (53 files) vs
'inventory' (3 files in shared-branding), so the long-standing
mismatch was just bookkeeping debt waiting to bite.
Pre-release, no live data, so the cleanest fix is to align everything
on the English 'inventory':
- Workbench-registry id, module.config.ts appId, module folder, route
folder and i18n locale folder all renamed via git mv
- Standalone apps/inventar/ workspace package renamed
- All imports, store identifiers (InventarEvents → InventoryEvents,
INVENTAR_GUEST_SEED, inventarModuleConfig), i18n keys and href/goto
paths follow the rename
- The German display label "Inventar" is preserved everywhere it is a
user-visible string (page titles, i18n values, toast labels)
- Dexie table prefixes (invCollections, invItems, …) are unchanged
- Drive-by fix: ListView.svelte was querying non-existent
inventarCollections/inventarItems tables — corrected to the actual
invCollections/invItems names from module.config
- The "inventar ↔ inventory id mismatch" workaround comment in
registry.ts is removed since the mismatch no longer exists
module-registry.ts also picks up the user's parallel newsModuleConfig
addition because both edits land in the same import block — keeping
them split would have left the build in an inconsistent state.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The who module's chat endpoint was returning 502 to the browser
because mana-api called /api/v1/chat/completions on mana-llm and
got 404 — mana-llm exposes the OpenAI-compatible /v1/chat/completions
path with no /api/ prefix.
This is the same bug research had until commit 63a91e36a fixed its
path. The chat module (apps/api/src/modules/chat/routes.ts) still
has the wrong path — flagged as a follow-up.
Diagnostic from inside the mana-api container:
/v1/chat/completions → 422 (right path, empty body)
/api/v1/chat/completions → 404 (wrong path)
mana-api log line that flagged it:
who.llm_non_200 status:404
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Five new cases against fake-indexeddb covering the new update mutation:
- patches description and re-encrypts (verified via ENC_PREFIX wire
format check + absence of original AND new plaintext in the blob)
- patches numeric nutrition fields (stays plaintext for aggregation)
- partial update only touches the supplied fields (mealType change
does not zero out nutrition)
- bumps updatedAt
- throws on missing id
Total nutriphi suite is now 16/16 cases, ~50ms.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
New /nutriphi/[id] route — the missing endpoint of the photo workflow.
Loads the meal via inline useLiveQueryWithDefault(loadMealById, ...) so
the closure captures page.params.id directly (planta DetailView pattern).
Detail page features:
- Full-resolution photo, click-to-expand lightbox modal
- All six nutrient cards with the same color tokens as the dashboard
- "Erkannte Bestandteile" — list of AI-identified foods (name +
quantity + kcal) so users can see what Gemini actually parsed
- Inline edit form (mealtype + description + 6 nutrient inputs),
persists via mealMutations.update
- "🔄 Erneut analysieren" for photo meals — calls analyze on the
stored URL and overwrites description + nutrition without
re-uploading the file
- Two-stage delete confirm
Add page (add/+page.svelte):
- Captures upload.thumbnailUrl + analysis.foods after KI analysis
- Persists both via the extended createFromPhoto signature
- Shows the foods breakdown card under the confidence badge so users
see the parse before saving (closes the trust gap on low-confidence
runs)
List pages (Heute + History):
- Switch to photoThumbnailUrl ?? photoUrl for the row image — saves
bandwidth on the most-rendered surface
- Each meal row is now a link to /nutriphi/[id]
- History row layout split into <a> + sibling delete button so the
delete click doesn't bubble through navigation
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Schema additions on LocalMeal:
- photoThumbnailUrl: pre-generated mana-media thumbnail URL, used in
list views to save bandwidth (full photoUrl stays for the detail
view + lightbox)
- foods: AnalyzedFood[] (name / quantity / calories) — Gemini Vision
already returns this breakdown but the previous flow threw it away
- new AnalyzedFood type exported from the barrel
Encryption registry:
- meals encrypted allowlist now includes 'foods' (food names are
user content; aes.ts JSON-stringifies arrays before wrap, so an
array value works the same as a string)
- registry comment updated to enumerate which photo fields stay
plaintext and why
New mutation: mealMutations.update(id, dto) for inline meal edits.
Patches only the supplied fields, runs encryptRecord on the partial
update so encrypted columns stay encrypted, then re-decrypts the merged
row to return a plaintext snapshot.
queries.ts: new loadMealById(id) helper used by the detail page's
inline useLiveQueryWithDefault wrapper (matches the planta DetailView
pattern of capturing the route param directly in the closure).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Wires the new backend endpoints into the unified Mana app and rebuilds
the meal-add page around two modes:
- Text mode: free-text description + optional "✨ KI-Vorschlag" button
that runs Gemini on the description and prefills all six nutrient
fields. The badge auto-clears if the user edits the description so
stale estimates can't be silently saved.
- Foto mode: file picker (accept=image/*, capture=environment for
mobile camera) → preview → upload to mana-media → Gemini Vision on
the stored URL. Result prefills the same form fields for review.
Re-analyze without re-upload is supported.
Both modes show a confidence badge (green ≥50 %, yellow with a "prüfen"
warning below). Save is disabled in foto mode until the upload+analysis
has completed, so a meal can never be persisted with a dangling photo
reference.
New module files:
- api.ts server-only client (uploadMealPhoto, analyzeMealPhoto, analyzeMealText)
- mutations.ts mealMutations.create / .createFromPhoto / .delete + photoMutations
keeps the encryption pattern explicit (clone → encrypt → write,
return plaintext snapshot)
Touched:
- queries.ts propagate photoMediaId/photoUrl through toMealWithNutrition
- index.ts export the new mutations + types
- registry.ts extend the meals comment to document why nutrition,
photoMediaId, photoUrl and confidence stay plaintext
- +page.svelte / history/+page.svelte show 64×64 / 48×48 thumbnail
+ 📷 indicator for photo-mode meals
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Mirror the planta two-step pattern: a FormData upload endpoint that
returns mediaId/publicUrl from mana-media, and a separate Gemini Vision
analysis endpoint that takes a photoUrl. Drops the base64 inline path
and the half-finished parallel-upload kludge in the old combined route.
Why: the old endpoint was wired neither in the frontend nor used
elsewhere, and the combined base64+upload+analyze design made it
impossible to show the photo to the user before AI ran or to re-analyze
without re-uploading.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Chrome deprecates the apple-prefixed meta and now logs a warning
asking for the standardized mobile-web-app-capable equivalent. Adds
the standard tag alongside the apple one so iOS Safari keeps working.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replaces the cross-origin call to https://mana-api.mana.how with a
SvelteKit catch-all server route that proxies internally to the
mana-api container over the docker network.
Why
---
The mana-api.mana.how cloudflared route was added as part of the
production deploy of apps/api, but reloading the cloudflared
LaunchDaemon to pick up the new ingress rule needs sudo. The deploy
automation runs unattended (no interactive password prompt), so
the cloudflared route ends up registered with Cloudflare DNS but
not yet served by the local tunnel — every browser request to
mana-api.mana.how gets a 404 from the catch-all rule until someone
manually restarts the daemon.
Same-origin proxy through mana-web sidesteps the whole problem:
browser → cloudflared → mana-web (mana.how) → mana-api (docker net)
mana.how is already routed, mana-web is already up, mana-api is
already on the same docker network — no new cloudflared work
needed. The deploy is now fully sudo-free and self-contained.
What's in this commit
---------------------
routes/api/v1/who/[...path]/+server.ts (NEW)
Catch-all SvelteKit handler. Forwards GET/POST/PUT/DELETE to
http://mana-api:3060/api/v1/who/<path> with the Authorization
header from the incoming request. 30s timeout, body streamed
through, status + content-type passed through 1:1, errors
surface as 502 so DevTools clearly distinguishes "proxy
failed" from "handler crashed".
modules/who/stores/games.svelte.ts
Drop the getManaApiUrl() import. API_BASE is now the constant
string '/api/v1/who' — same-origin, no env injection needed.
modules/who/ListView.svelte
Same change for the deck-catalogue fetch on mount.
The MANA_API_INTERNAL_URL env var on the proxy lets the upstream
hostname be overridden for local-dev use (default
http://mana-api:3060 matches the docker compose service name).
Trade-off: one extra hop (mana-web in the middle) for every
request. Measured in single-digit ms over the bridge network so
the practical cost is invisible. The big win is the sudo-free
deploy.
Pattern can be reused for the other apps/api modules as their
compute features come online in production — same shape, just
swap [...path] segment to /api/v1/calendar/[...path],
/api/v1/picture/[...path], etc.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The "App hinzufügen" picker now sorts available apps alphabetically by
their (i18n-resolved) display name and shows an autofocused search input
above the list to filter quickly. Enter selects the first match.
PickerOverlay gains a `subheader` snippet slot so other pickers can
embed their own controls between header and list without having to
re-implement the shell.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Adds an optional icon field to AppDescriptor and assigns a Phosphor icon
to all 33 registered apps (CheckSquare for todo, Calendar for calendar,
AddressBook for contacts, …). AppPage now passes both the icon and
titleHref={`/${appId}`} to PageShell, so workbench cards show the
module's icon next to the now-clickable title instead of the generic
color dot.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
PageShell gains an optional titleHref prop — when set, the header title
renders as an <a target="_blank"> with hover underline. Also wires this
into the homepage app gallery (shared-ui/AppsPage): the grid card title
is now an anchor to /{app.id}, while the rest of the card still opens
the existing detail modal. Card converted from <button> to role=button
so the nested anchor is valid HTML.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Mirror the "Voxtral via mana-stt" label that already sits under the
transcript: a small italic line directly below the title input
showing which tier (and roughly which model) generated the title.
This way the user can see at a glance whether the title came from
the local rules engine, from Gemma 4 in their browser, from
gemma3:4b on the Mana server, or from Google Gemini — and can
decide whether to keep it or rewrite manually.
Storage:
apps/mana/apps/web/src/lib/modules/memoro/llm-watcher.svelte.ts
- When applying a completed title task, the watcher now also
stamps memo.metadata.titleSource with the LlmTier string
('none' | 'browser' | 'mana-server' | 'cloud') from the queue
row's `source` field. Stored in the existing plaintext metadata
object — no encryption needed (the tier name isn't sensitive
and the encryption registry for memos only covers
title/intro/transcript). Existing metadata fields are
spread-preserved so we don't accidentally wipe STT failure
markers etc.
Manual override clears the marker:
apps/mana/apps/web/src/lib/modules/memoro/stores/memos.svelte.ts
- memosStore.update() now detects when `title` is in the diff
and clears `metadata.titleSource` so the DetailView stops
showing "via Mana-Server (gemma3:4b)" for a title the user
typed themselves. Only fires when title is actually present
in the update payload — non-title updates leave metadata alone
so we don't blow away other markers.
Display:
apps/mana/apps/web/src/lib/modules/memoro/views/DetailView.svelte
- New TITLE_SOURCE_LABELS map gives each tier a human-readable
label that surfaces the actual model name where known:
none → "Lokal (regelbasiert)"
browser → "Auf deinem Gerät (Gemma 4)"
mana-server → "Mana-Server (gemma3:4b)"
cloud → "Google Gemini"
We deliberately don't reuse @mana/shared-llm's tierLabel()
because the model name is more informative than the abstract
tier in this UX context.
- $derived `titleSourceLabel` reads memo.metadata.titleSource
and validates it via an isLlmTier type guard. Returns null
(→ no label rendered) when:
* the entity hasn't loaded yet
* a title task is currently in flight (titleIsGenerating)
* the title input is currently focused (user is editing)
* the metadata field is missing or not a known tier value
- New `<div class="source-label title-source-label">` slot
between the title-row and the properties block, with a small
CSS override (.title-source-label) for a tighter top gap and
a slight left indent so it visually lines up under the input
text rather than under the input border.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
createUnifiedSync exported onPendingChange but nothing ever called it,
so the Dexie hook in database.ts recorded _pendingChanges rows that
the sync engine never heard about. Live writes only ever drained on
the next page reload (via drainLeftoverPending). Observed live as
fresh calendar/timeblocks writes piling up in _pendingChanges with
zero POST traffic to sync.mana.how.
Add a listener bridge: database.ts exposes setPendingChangeListener,
trackPendingChange invokes it after each successful _pendingChanges
insert, and sync.ts registers schedulePush (gated on a known channel)
inside startAll. stopAll clears the listener so a torn-down sync
engine can't get re-triggered by a stale callback.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
oven/bun:1 doesn't ship with npm or pnpm, so the previous
`RUN npm install -g pnpm@9.15.0` failed with `/bin/sh: 1: npm: not
found` on the first Mac Mini build. Bun's own install command
doesn't honor pnpm-workspace.yaml, so we can't use it as a drop-in.
Switch the builder stage to node:20-alpine which has npm built in,
install pnpm there, resolve the workspace graph, then COPY the
finished tree into the bun runtime stage. The runtime stage stays
on oven/bun:1 — bun handles pnpm's node_modules/.pnpm symlink farm
natively, so the workspace layout works the same as it does on a
developer machine.
Tested locally: `docker compose -f docker-compose.macmini.yml build
mana-api` now succeeds through the install stage. The runtime
stage is unchanged.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Adds the missing production deployment artifacts for the unified
apps/api Hono/Bun server. Until now apps/api was code-only — built
during the consolidation sweep but never wired into the Mac Mini
compose stack, so all 17 product modules that depend on it
(calendar, todo, picture, planta, nutriphi, news, traces, presi,
music, contacts, storage, context, guides, research, chat, moodlit,
who) effectively had no backend in production. The frontend modules
shipped, but their compute calls fell through to localhost:3060 in
the browser and just failed.
This commit fixes the gap.
apps/api/Dockerfile (NEW)
-------------------------
Multi-stage Bun build that runs from the monorepo root so the four
workspace dependencies (@mana/shared-hono, @mana/shared-logger,
@mana/shared-storage, @mana/media-client) actually resolve. Builder
stage installs via pnpm with the --filter @mana/api... selector to
keep the install graph minimal; runtime stage copies the resulting
workspace tree (including the pnpm symlink farm) and runs the entry
script with bun directly — no compile step, since bun handles
TypeScript natively.
@mana/media-client lives under services/mana-media/packages/client,
not packages/, so the COPY path is the awkward
services/mana-media/packages/client → ./services/mana-media/packages/
client mirror to keep the workspace layout intact.
Healthcheck hits /health every 30s with a 15s start period — same
shape as the other Bun services in this compose file.
docker-compose.macmini.yml — new mana-api service
-------------------------------------------------
Slotted between glitchtip-worker and the games section. Build
context is the monorepo root (`.`) because the Dockerfile needs the
workspace tree. Container name `mana-api`, image `mana-api:local`,
mem_limit 384m (higher than the smaller Bun services because the
unified server holds 17 modules' route definitions + Drizzle schema
caches in memory).
Environment wires up everything apps/api needs:
- MANA_AUTH_URL → mana-auth:3001 for JWT validation
- MANA_LLM_URL → mana-llm:3025 for chat / picture / who LLM calls
- MANA_SEARCH_URL → mana-search:3012 for guides / research
- MANA_CREDITS_URL → mana-credits:3002 for credit validation
- MANA_MEDIA_URL → mana-media:3011 for image uploads
- DATABASE_URL → mana_platform Postgres for the few server-side
state stores (research_results, presi share-links, traces guides)
- MANA_SERVICE_KEY → for the credit/auth service-to-service calls
- LOGGER_FORMAT=json → structured logs for grafana ingestion
- CORS_ORIGINS=https://mana.how → only the unified web origin
needs access, the standalone game frontends don't call this
Port 3060 is exposed on the host so cloudflared can route
api.mana.how → mana-api:3060 (separate Mac Mini side step, not
in this commit).
docker-compose.macmini.yml — mana-web wiring
--------------------------------------------
Two new env vars:
PUBLIC_MANA_API_URL=http://mana-api:3060
PUBLIC_MANA_API_URL_CLIENT=https://api.mana.how
The hooks.server.ts injection plumbing for window.__PUBLIC_MANA_API_URL__
already existed (added in an earlier sweep but never had a value to
inject). The CSP connect-src list and the SSR injection script tag
also already include PUBLIC_MANA_API_URL_CLIENT — so once the env
arrives, the existing client-side getManaApiUrl() helper picks it
up automatically.
mana-web also gets a depends_on entry on mana-api with
condition: service_healthy so the web container doesn't start
serving requests against a dead API.
Verification
------------
docker compose -f docker-compose.macmini.yml config validates
cleanly (no YAML errors). Image build is NOT exercised in this
commit — that happens on the Mac Mini via build-app.sh after the
push lands.
Out of scope for this commit (Mac Mini side, manual steps):
1. ssh mana-server, git pull
2. ./scripts/mac-mini/build-app.sh mana-api (first build, ~3-5 min)
3. ./scripts/mac-mini/build-app.sh mana-web (rebuild with new env)
4. cloudflared route: add api.mana.how → mana-api:3060 to
~/.cloudflared/config.yml and `systemctl restart cloudflared`
5. Test https://api.mana.how/health from anywhere
6. Test https://mana.how/who in a browser
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The package was a leftover from the per-product Planta backend that
got consolidated into apps/api a while back. Repo-wide grep for
@planta/shared returns zero matches — it had no consumers.
- Delete the four files (package.json, src/index.ts, src/types/index.ts,
tsconfig.json)
- Update apps/planta/CLAUDE.md to reflect the cleanup (the previous
note pointed at a refactoring audit doc that already tracked it)
- Refresh pnpm-lock.yaml so the workspace member is no longer pinned
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add /planta/+layout.svelte that provides every live-query context
the legacy routes already reference via getContext (plants,
plantPhotos, wateringSchedules, wateringLogs, plantTags, tags).
Without this layout the legacy routes would crash at runtime with
"Cannot read properties of undefined (reading 'value')" — they had
always relied on a provider that did not exist anywhere in the repo.
- Replace every hardcoded German label across +page.svelte,
[id]/+page.svelte, add/+page.svelte and tags/+page.svelte with
$_('planta.*') calls so the locale switcher actually changes the
copy. Health/light/humidity helper maps converted from German maps
to switch + i18n lookups.
- Fix the 4 type errors in [id]/+page.svelte caused by SvelteKit's
$page.params.id being string | undefined: coerce to '' so the
helpers stay strictly typed and "missing id" still resolves to
"not found".
- Fix the SSR hydration warning on /planta from a <button> nested
inside another <button> in the plant grid. Replaced the outer
card with <div role="link" tabindex="0"> + Enter/Space keydown
handler so the inner "water now" button is structurally legal.
- formatDate calls drop the hardcoded de-DE locale and use the
browser locale (undefined) instead.
- Toast notifications on every mutation in these routes so failures
are user-visible (handleWater, handleDelete, savePlant).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Brings the planta module to production-ready state:
- Photo upload UI in the workbench DetailView (file picker, primary
selection, removal, hover overlay) wired to /api/v1/planta/photos/upload
- AI plant identification trigger that calls /analysis/identify on the
primary photo and shows a result card with apply-to-plant CTA;
applyIdentification only fills empty fields by default to avoid
clobbering user edits
- Tag picker (chip UI + dropdown) backed by plantTagOps junction
- Watering history list (last 5 logs) in DetailView
- Full i18n: every locale (de/en/es/fr/it) now has plant/list/photo/
identify/errors/success keys; ListView and DetailView consume them
via $_('planta.*') instead of hardcoded German
- Toast notifications on every mutation success/failure path
- mutations.ts refactored: methods now throw on failure instead of
swallowing errors and returning null, so callers can surface them
- New api.ts client for the two server-only operations (upload, identify)
- New photoMutations + plantMutations.applyIdentification helpers
- quick-input-adapter type fix: stop referencing the non-existent
parsed.species field; create plants through plantMutations.create
so encryption + timestamps run, and decrypt names before substring
search
- 20 new tests:
- queries.test.ts (13 pure-function tests for getDaysUntilWatering /
isWateringOverdue / getScheduleForPlant / getLogsForPlant)
- mutations.test.ts (7 fake-indexeddb integration tests for
wateringMutations.logWatering — log appended, schedule re-anchored,
soft-deleted schedules skipped, multi-call uniqueness)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The OfflineIndicator badge shows networkStore.pendingCount, which is
only refreshed inside unifiedSync.onStatusChange. That callback fires
on transitions only — so on a fresh tab where sync stays idle, the
badge sticks at the last persisted value (or 0). Observed live as
"13 pending" while _pendingChanges actually held 27 rows.
Extract refreshPendingCount as a local helper and call it once right
after startAll() to seed the badge. The transition-driven refresh
inside onStatusChange now reuses the same helper.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
startAll() registered channels but never kicked a push for changes
that survived across page reloads. schedulePush only fires from the
Dexie hook on fresh writes, so any pending row from a previous session
sat in _pendingChanges until the user happened to mutate the same
table again — observed live as 27 pending across mana/memoro/places
that never reached the server despite a healthy sync route.
Add drainLeftoverPending() called once at the end of startAll(): scan
_pendingChanges for distinct appIds and schedulePush each registered
channel. Fire-and-forget; errors swallowed because the push retry
path already handles failures.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
User test on the mana-server tier showed Ollama gemma3:4b returning
LITERALLY empty content for the title task, which is much weirder
than the small browser model misbehaving. Three layered fixes plus
diagnostics that will tell us what's actually happening over the
wire next time.
1. remote.ts: SSE diagnostics + liberal field shape
The mana-llm /v1/chat/completions endpoint claims OpenAI
compatibility, but different upstream providers (Ollama, OpenAI,
Gemini) wrap their token text in different field paths inside
the SSE delta. Be liberal in what we accept:
- choice.delta.content (canonical OpenAI)
- choice.delta.text (some Ollama-compat shims)
- choice.message.content (non-streaming response embedded in stream)
- choice.text (legacy completion API)
Plus: count totalFrames + dataFrames + capture firstFrameRaw +
firstFrameParsed during the stream. When `collected` is empty at
the end of the stream, dump all of that to console.warn so the
next test session shows us exactly what mana-llm is sending. This
is the only reliable way to debug "empty completion" without a
network sniffer in the user's browser.
2. generate-title.ts: drop few-shot, use simple system+user prompt
The previous few-shot prompt with three `Aufnahme: "..."\nTitel: ...`
examples was apparently too much for Ollama gemma3:4b on the
mana-server tier — it returned literal "" for reasons we don't
fully understand (chat-template confusion with the embedded
quotes? multi-section format? some quirk of how mana-llm formats
the messages for Ollama?). Either way, the failure mode is clear.
Replace with a minimal two-message format:
- system: "Du erzeugst einen kurzen Titel (3-5 Wörter)..."
- user: <transcript>
Same instruction, much simpler shape. Bumped maxTokens 24 → 32
to give the model breathing room.
3. generate-title.ts: rules fallback detects sentence fragments
Even when the LLM fails and we fall through to runRules, the
previous heuristic for medium-length transcripts (10-20 words)
would extract the first 7 words verbatim — which for a typical
"Eine kleine Testaufnahme um zu sehen ob alles funktioniert" memo
produces "Eine kleine Testaufnahme, um zu sehen, ob" as the
"title". That's a sentence fragment ending mid-thought, not a
title. Worse than "Memo vom 9. April 2026".
Add a "looks like a sentence fragment" heuristic: if the last
word of the extracted slice is a German stop-word or article
(und/oder/wenn/ob/zu/um/der/die/das/ein/...) the result is
clearly mid-clause. In that case fall through to dateLabel()
instead of writing the fragment.
Stop-word list is curated to 30 entries — common conjunctions,
articles, prepositions, auxiliaries. Not exhaustive but catches
the typical "first 7 words of a German sentence" failure mode.
After this commit lands, the next test will surface in the console
EITHER:
- the actual delta shape mana-llm is using (so we know if our
parser is wrong or if the model is genuinely silent)
- a real LLM-generated title (if the simpler prompt worked)
- "Memo vom <date>" via the rules fallback (if the LLM still
fails but the rules fragment detection caught the bad slice)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Client side of the who module. Standard Mana module pattern: types,
collections (Dexie), queries (live), store (mutations), UI components,
routes. Plus three integration points (data layer registries).
Module files
------------
types.ts
Two Dexie record interfaces (LocalWhoGame, LocalWhoMessage) and
matching view types. Server response shapes (WhoChatResponse,
WhoRandomResponse, WhoGuessResponse) live here too so the store
and UI both type-check against the same wire contract.
collections.ts
Dexie table accessors. No guest seed — the picker handles empty
state directly.
queries.ts
Three liveQueries (allGames$, gameByIdLive, messagesForGameLive)
that decrypt the encrypted-at-rest fields before returning view
types. The messages query uses the [gameId+createdAt] composite
index for ordering. toWhoGame / toWhoMessage converters bridge
the BaseRecord-extended local types to the public view types.
module.config.ts
Standard ModuleConfig: appId='who', tables=[whoGames as 'games',
whoMessages as 'messages']. The syncName remap means the unified
Dexie table whoGames syncs to mana-sync's `games` collection
under appId 'who' — keeps the wire format clean.
stores/games.svelte.ts
The mutation surface. Five public methods:
- start(deckId) → POST /who/random + insert LocalWhoGame
- sendMessage(id, txt) → optimistic insert + POST /who/chat +
insert NPC reply + (on win) flip status
- submitGuess(id, txt) → POST /who/guess + (on match) flip
- surrender(id) → status=surrendered + finishedAt
- setNotes(id, notes) → encrypted post-game notes
- deleteGame(id) → soft-delete game + cascade messages
All writes go through encryptRecord for encrypted-at-rest fields.
UI components
-------------
ListView.svelte
Module landing page. Header + 4 deck cards (loaded from
GET /api/v1/who/decks on mount) + past-games list. Picking a
deck calls store.start() and navigates to the play view. Past
games are clickable (read-only for finished games) and
deletable.
views/PlayView.svelte
The chat-loop screen. Header with deck/difficulty + back button
+ Tippen/Aufgeben actions while playing. Scrollable message
area with bubbles (user purple-tinted, NPC white-tinted).
Textarea input with Enter-to-send + sending disabled state.
On reveal: result banner with "Erraten in N Nachrichten!" and
the resolved name. Post-game: input area swaps to a notes
textarea with debounced auto-save. Explicit guess modal as
fallback when the LLM forgets to emit the sentinel.
Routes
------
/(app)/who → ListView wrapper
/(app)/who/play/[gameId] → PlayView wrapper, $page.params.gameId
Registry plumbing
-----------------
database.ts
Two new Dexie tables in version(1):
whoGames: 'id, status, deckId, startedAt, finishedAt, [status+startedAt]'
whoMessages: 'id, gameId, sender, createdAt, [gameId+createdAt]'
module-registry.ts
Imports whoModuleConfig and adds to MODULE_CONFIGS. The sync
engine picks up the appId/table mapping automatically — no
edits needed in sync.ts.
crypto/registry.ts
Two entries:
whoGames: { enabled: true, fields: ['revealedName', 'notes'] }
whoMessages: { enabled: true, fields: ['content'] }
All other fields stay plaintext for index/sort/filter.
Closes Phase A.2 / A.3 / A.4 / A.5 of docs/WHO_MODULE.md.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Server side of the who module. Three endpoints under /api/v1/who/*:
POST /chat
Hot path. Body: { gameId, characterId, message, history[] }.
Looks up character by id (server-side only — clients never see
personalities), builds a system prompt instructing the LLM to
roleplay the figure WITHOUT revealing its name and to append
[IDENTITY_REVEALED] when the player has guessed correctly,
forwards to mana-llm. Response: { reply, identityRevealed,
characterName? } — characterName only present on win.
Same credit pattern as chat module: validateCredits + consume
after the LLM call succeeds. Operation 'AI_WHO', cheap (0.1
credit) for local models, 5 for cloud.
POST /random
Picks a random character from a deck and returns just the id +
category + difficulty. Frontend uses this to start a new game
without ever knowing the personality pool. Server-side
randomness so a determined attacker can't predict picks.
POST /guess
Explicit "I think it's X" submission. Fallback path for when
the LLM forgets to emit the sentinel even though the player
clearly said the right name. Deterministic lowercase substring
match against the canonical name (with diacritic stripping +
last-name-only matching for unambiguous figures like "Tesla").
GET /decks
Public deck catalogue with counts and category labels. Zero
sensitive data — never leaks names or personalities. Used by
the picker UI on mount.
data/characters.ts holds 37 characters: the original 26 from
whopixels verbatim + 11 new for the antiquity / women / inventors
decks. Each entry is in one or more decks via a `decks` array, so
e.g. Marie Curie shows up in both `historical` and `women`. Adding
a new character is one entry.
The system prompt is the carefully-tested German prompt from the
original whopixels server.js — tells the LLM to respond in the
language the user writes, give subtle hints, never directly say
"I am X", and emit the sentinel only on a correct guess.
The explicit-guess matcher catches three patterns:
1. Exact normalized match ("Marie Curie" === "marie curie")
2. Last-name-only ("Curie" matches "Marie Curie")
3. Guess-contains-name ("I think it's Marie Curie" → contains)
Closes Phase A.1 of docs/WHO_MODULE.md.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
User test on browser tier (Gemma 4 E2B) showed two compounding bugs:
1. The LLM produces empty content. The cleanup chain strips it to ""
and falls through to runRules.
2. runRules takes the first 7 words of the transcript. For short
voice memos like "So erneut eine kleine Testaufnahme hier"
(6 words) that means the entire transcript becomes the title —
not actually a title, just the recording verbatim.
User log:
[memoro] enqueued title task ...
[generateTitle] LLM returned empty after cleanup, falling back to rules
[memoro-llm-watcher] writing title to memo X: "So erneut eine kleine Testaufnahme hier"
Three changes to fix the actual quality, not just the empty-string
symptom from the previous commit:
1. Rewrite the LLM prompt as few-shot
Replace the previous "Du erstellst kurze Titel — kein Markdown,
keine Anführungszeichen, keine Vorrede, kein Punkt am Ende" prompt
(a wall of negative constraints that small instruct models like
Gemma 4 E2B handle poorly) with a few-shot user-only message:
Erstelle einen kurzen Titel (3-5 Wörter) für die folgende Aufnahme.
Beispiel 1:
Aufnahme: "Erinnere mich daran, morgen Vormittag den Müll
rauszubringen, bevor die Müllabfuhr kommt."
Titel: Erinnerung Müll rausbringen
Beispiel 2: ... (Idee Präsentation Demo-Start)
Beispiel 3: ... (Steuererklärung 2025)
Aufnahme: "<user transcript>"
Titel:
Small instruct models complete the pattern much more reliably
than they obey negative constraints. The expected continuation is
just the title text, no punctuation, no markdown, no preamble.
2. Rolling cleanup that won't go to empty
The previous cleanup chain (`.trim().replace(quotes).replace(dots).trim()`)
could end up with "" if the model emitted only `.` or `**.**` or
similar. Replace with a four-stage chain that picks the FIRST
non-empty stage from the bottom up:
trimmed = result.content.trim()
stripFences = first line only (kills any model rambling)
stripQuotes = strip surrounding quotes/markdown markers
stripDots = strip trailing dots
cleaned = stripDots || stripQuotes || stripFences || trimmed
This way "Test." → "Test" but `"."` → `"."` (kept as-is rather
than stripped to empty). The runRules fallback only fires when
the model truly emits nothing usable in any stage.
3. runRules is smarter about short transcripts
For voice memos with ≤8 words in the first sentence, the "title"
would just be the whole transcript echoed back. That's not useful.
The new threshold: short transcripts get a date label instead
("Memo vom 9. April 2026"), longer ones still get the first-N-words
snippet. The threshold is empirical — short voice memos benefit
from a date marker, longer ones can spare a few words for a snippet.
Extracted dateLabel() to a module-scope function so both rulesImpl
(for empty/short transcripts) and the watcher's last-resort
backstop can format dates consistently.
Diagnostic: log the RAW LLM output before cleanup so the next test
session shows exactly what Gemma is producing. If the model is still
emitting only punctuation despite the few-shot prompt, the log will
show `"\n"` or `"."` and we'll know the bug is in the inference path
rather than the cleanup.
After this commit, the user-visible result for a 6-word transcript
on the browser tier should be:
- LLM produces something real ("Test der Sprachaufnahme") → write it
- LLM produces nothing → rules → "Memo vom 9. April 2026"
- both fail somehow → watcher's date backstop → same
- never the verbatim transcript
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
These were latent rendering bugs: --color-X holds raw HSL channels at
runtime (set by createThemeStore), so a bare var(--color-foreground) is
not a valid CSS color value — the browser falls back to inherited and
the affected elements render with the wrong color (often invisible
text on the same-colored background).
Mechanical wrap of every bare reference in the affected files:
var(--color-X) → hsl(var(--color-X))
var(--color-X, #fallback) → hsl(var(--color-X)) (fallback dropped)
color-mix(... var(--color-X) N%, transparent)
→ hsl(var(--color-X) / 0.NN)
Also re-mapped two long-removed token names:
--color-surface → --color-muted (subtle surface intent)
--color-destructive → --color-error (semantic alias)
190 refs across 19 files (habits, photos, notes, places, todo, cycles
helpers + their parent route shells). Brand-literal hex/rgba colors
left untouched (cycles pink, sport/category palettes, indigo→violet
gradients, photo placeholder gradients).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
User test surfaced the actual auto-title bug: the entire pipeline
(enqueue → process → watcher) works correctly, but the task result
itself is empty:
[memoro] enqueued title task { taskId, memoId }
[memoro-llm-watcher] saw 1 done title task(s)
[memoro-llm-watcher] writing title to memo XXX: ""
[memoro-llm-watcher] applied + cleared row YYY
The watcher faithfully wrote "" to memo.title, the input placeholder
showed "Titel..." again, and we looked stuck. Three layered fixes so
this can't bite us in any execution path going forward.
1. generate-title.ts: extract rules logic + use it as runLlm fallback
Pulled the deterministic first-sentence heuristic into a private
`rulesImpl()` function so both `runLlm` and `runRules` can call
it. runLlm now invokes rulesImpl as a fallback when the cleaned
LLM output is empty. This catches the case where the model emits
only punctuation, only special tokens, or only whitespace — all
of which collapse to "" after my cleanup chain (`.trim()` → strip
surrounding quotes/markdown → strip trailing dots → `.trim()`).
The most likely real-world trigger: Gemma 4 occasionally emits a
single `.` for short prompts that hit its over-strict
"answer with ONLY the title" instruction. The cleanup turns
"." into "" and we lose the result.
2. llm-watcher.svelte.ts: date-based backstop for any empty result
Belt-and-suspenders: even if a future task implementation forgets
the rules fallback, the watcher itself now guarantees a non-empty
title. When `row.result.trim()` is empty, synthesize a label like
"Memo vom 9. April 2026" from the memo's createdAt (or the
current date if createdAt is also broken). The user always sees a
real title — never an empty placeholder.
Same write path otherwise (encryptRecord + memoTable.update +
delete queue row), just with the guaranteed-non-empty value.
3. llm-watcher.svelte.ts: enhanced diagnostic logging
The "writing title" log now includes `row.source` (which tier
actually executed) and `row.attempts`, so the next time we see
weird behavior we can tell at a glance whether it was the
browser tier, the rules tier, or the server. The empty-result
path logs `console.warn` (not info) with the raw result via
JSON.stringify so we see exactly what came back ("", ".", " ",
undefined-coerced-to-string, etc.).
After this commit lands:
- Tier 0 user: runRules returns at minimum "Ohne Titel" (its
own fallback). The watcher writes that.
- Browser tier with empty Gemma output: runLlm now falls through
to rulesImpl which also can't return empty. The watcher writes
the rules-tier output.
- Any other freak case where the result is still empty: the
watcher's date-based backstop kicks in. "Memo vom <date>".
So the user-visible "stuck on empty title" symptom is impossible in
all three layers.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
calendar, contacts, finance, spiral, todo route shells: bare var()
references → wrapped hsl(), broken rgba/hex fallback chains dropped.
DnD overlay (`.mana-drop-target-hover` / `-success`) is duplicated
inline in calendar/contacts/todo since it's a `:global()` rule each
route declares for itself; all three now read --color-primary +
--color-success for the drop animation instead of literal indigo/green.
finance: income=success, expense=error, type-toggle uses
--color-error/--color-success with /0.15 + /0.3 alpha modifiers.
spiral: indigo→violet stat highlight + app-bar gradient stay literal
(spiral's brand mark is the indigo→violet ramp, not the app theme
primary). Danger button now uses --color-error.
Skipped: rsvp/[token] (public landing, deliberate rose palette outside
the auth-gated chrome) and observatory (cosmic-scenes brand palette,
already established as brand-legitimate).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
User reported three issues after the Phase 5 + the encryption-decrypt
fix landed:
1. Auto-title still doesn't appear (placeholder "Titel..." stays empty)
2. No loading state visible while transcription / title are in flight
3. Transcript should say which STT engine produced it
This commit ships diagnostics for issue 1 and concrete UX for 2 + 3.
Issue 1 — diagnostics (no fix yet, root cause unknown):
Add console.info logs at every step of the auto-title pipeline so
the next test session surfaces exactly where it breaks:
- memos.svelte.ts after llmTaskQueue.enqueue() succeeds:
"[memoro] enqueued title task { taskId, memoId }"
- memos.svelte.ts on enqueue failure:
"[memoro] failed to enqueue title task: <err>"
- memoro/llm-watcher.svelte.ts on subscribe:
"[memoro-llm-watcher] starting subscription"
- watcher's next handler when rows arrive:
"[memoro-llm-watcher] saw N done title task(s)"
- applyRow logs each step: drop / skip / write / consume
Refactor: extract per-row logic into applyRow() so the next handler
loop can wrap each row in try/catch — a single bad row won't crash
the watcher and prevent later rows from being processed.
Belt-and-suspenders startup sweep: run a one-shot manual sweep of
done rows immediately after subscribing. Dexie liveQuery sometimes
misses the first emission when the subscription is set up in the
same microtask as a recent table update; the sweep catches any
done rows that already exist from a previous tab session OR that
were written between layout mount and subscription start.
Encryption check fix: the previous skip-if-manual-title check
read `memo.title?.trim()` after Dexie.get(), but Dexie reads
return the ENCRYPTED row (no decrypt hook) — so memo.title is
either null/undefined (no manual title) OR an `enc:1:...` blob
(manual title set). Either way, presence-check is enough; no
need to decrypt to know whether the user filled it in. The old
code happened to work because trim() on a non-empty string
returns truthy regardless. Comment now spells this out.
Issue 2 — visible loading states:
apps/mana/apps/web/src/lib/modules/memoro/views/DetailView.svelte
Transcript area now branches on processingStatus:
- processing → "Wird transkribiert…" with three pulsing dots
(CSS @keyframes loadingPulse)
- failed → red error message + manual retry hint
- completed + transcript → the transcript itself + source label
- completed + no transcript → italic "Kein Transkript vorhanden."
Title input placeholder swaps to "Titel wird generiert…" while a
generateTitleTask for this memo is in pending or running state.
The check uses a Dexie liveQuery against llmQueueDb.tasks via the
[refType+refId] compound index, returning the most recent task row.
Reactive — the placeholder switches back to plain "Titel…" the
moment the watcher writes the title and deletes the queue row.
Issue 3 — transcription source label:
Below the transcript: a small italic "Voxtral via mana-stt" label.
Hardcoded to Voxtral because that's services/mana-stt's default
model (DEFAULT_MODEL = "mistralai/Voxtral-Mini-3B-2507" in
voxtral_service.py). If we ever route to Whisper or another model
per-request, the label will need to come from the response payload
rather than be hardcoded — Phase 5.5 work.
After this commit lands, the test loop is: record a memo, watch the
browser console for the [memoro] / [memoro-llm-watcher] log lines.
Whichever step is missing identifies the broken link.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
photos/PhotoCard + PhotoDetailModal: bare var() refs → hsl(var()), broken
fallbacks dropped. The lightbox backdrop stays explicit near-black — photo
viewing chrome is intentionally theme-neutral.
times/FocusCard: phase color (focus=red, break=green, idle=muted) reads
theme tokens via wrapped hsl() strings so the SVG ring tracks variants.
The bogus --color-input fallback is gone.
times/EntryItem: was referencing the long-removed shadcn aliases without
the --color- prefix (--border, --card, --foreground, --muted-foreground,
--primary, --input). Re-prefixed; --input → --background since we have
no separate input token. The delete button's text-red-500 / hover bg are
now --color-error so they track theme variants.
contacts/ContactPage: avatar + self-badge color-mix fallback chains
collapse to plain hsl(var(--color-primary) / 0.12).
The cycles pink #ec4899 birthday accent on the contact row stays literal
— it's a deliberate brand color, not theme intent.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Item #21 in the pre-launch audit suggested merging the four
config-y packages (shared-config, shared-tsconfig, shared-vite-config,
shared-drizzle-config) into a single @mana/build-config with
conditional exports. The first reality-check of the item counted
package.json declarations and reported 5 total consumer relationships.
A second reality-check while implementing — grep over actual .ts /
.svelte / .json imports — showed two of the four packages are dead:
- packages/shared-config/ (598 LOC, 4 TS files)
Declared in apps/mana/apps/web/package.json but never imported
anywhere. Stale dep from before the consolidation.
- packages/shared-tsconfig/ (5 JSON tsconfig presets)
Zero references anywhere. Not extended by any tsconfig.json,
not declared in any package.json. Pure Pre-Consolidation
leftover.
The remaining two packages were left intact:
- shared-vite-config (3 real consumers in vite.config.ts files)
- shared-drizzle-config (1 real consumer in mana-media)
They cover different toolchains (Vite SSR config vs drizzle-kit
generator config) — merging them into a single build-config would
be cosmetic, not a real reduction in complexity. Audit's "merge to
1" goal was based on the inflated consumer count and is no longer
worth doing.
Verification:
- pnpm install completes cleanly
- apps/api type-check still 0 errors
- packages/shared-hono type-check still 0 errors
Net: 4 → 2 config packages, ~700 LOC dead code removed.
Also closes item #26 (non-root pnpm-lock.yaml status) — already
done in commit 034a07d16, doc was just out of date. Audit is now
29/29 items fully processed.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Wraps all `var(--color-X)` references with `hsl()` and routes the muted
backgrounds + borders through `--color-card` / `--color-border` instead
of the rgba-on-white fallbacks. The brand violet (#8b5cf6) automations
accent and the deliberate when/filter/then flow-step palette
(blue/amber/green) stay literal — they encode trigger/condition/action
semantics, not theme intent.
Last file from the original P5 ListView migration list.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Six chrome-level UI components — modals, toasts and prompts that float
above the workbench — moved off hand-rolled #1e293b/#e5e7eb/#6366f1/etc.
literals onto theme tokens.
Files migrated:
- RecoveryCodeUnlockModal — backdrop overlay (literal black/60),
danger-state background → color-error
- SessionWarning — warning toast bg → color-warning, dark text on the
bright warning bg stays literal (intentional contrast pair)
- SuggestionToast — primary CTA → color-primary, muted/error text →
tokens. The toast itself keeps its dark literal bg by design (it's
a floating notification, not a theme-aware surface)
- SyncConflictToast — hover background → color-surface-hover
- PwaUpdatePrompt — primary CTA was hardcoded indigo (#6366f1), now
follows the active theme variant
- auth/AuthRequiredModal — backdrop overlay literal, primary button
text → color-primary-foreground
Backdrop overlays use literal `hsl(0 0% 0% / 0.6)` rather than a theme
token because semi-transparent black is the deliberate UI affordance
for "modal screen dimmer", not a theme-aware surface.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
skilltree/types.ts has had `var(--color-branch-{intellect,body,creativity,
social,practical,mindset})` references for as long as I can grep, but those
CSS variables were never defined anywhere. Every skill in the gamified
tree was rendering inherited color (effectively invisible accent), making
the 6 branches visually indistinguishable.
Add the 6 colors as a new "domain accent" section in shared-tailwind/themes.css,
defined once at :root and never overridden by .dark or variant blocks
(they're brand-internal accents, not theme-aware — the same way cycles
keeps its brand pink literal).
- intellect → blue (217 91% 60%) — knowledge, thinking
- body → red (0 84% 60%) — physical, energy
- creativity → violet (271 91% 65%) — art, expression
- social → amber (38 92% 50%) — warmth, relationships
- practical → teal (173 80% 40%) — craft, tools
- mindset → green (142 71% 45%) — calm, growth
Also update skilltree/types.ts to wrap the var() calls with hsl() per
the canonical convention (the values are now raw HSL channels).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Two pre-existing bugs in the memoro module that became visible after
the Phase 5 LLM auto-title work landed. Both are independent of the
Phase 5 framework — neither was introduced by it — but the auto-title
was the first feature to systematically write to memo.title, which is
when the broken read path stopped hiding behind always-null titles.
Bug 1: DetailView shows ciphertext instead of plaintext
apps/mana/apps/web/src/lib/modules/memoro/views/DetailView.svelte
passed `useDetailEntity({ table: 'memos', ... })` WITHOUT setting
`decrypt: true`. The crypto registry has memos.{title, intro,
transcript} marked as encrypted, so the inputs were binding to
raw `enc:1:Ghj1eJV0zz4PgfRL...` ciphertext strings instead of
plaintext. Nobody noticed before because:
- title was always null (no UI path to set it until Phase 5)
- intro is rarely used
- transcript was the only visible encrypted field, and the
garbled `enc:1:...` string in the transcript area was apparently
attributed to "broken transcription" rather than "broken read"
Add `decrypt: true` to the useDetailEntity options. Same flag the
other Mana modules already use for their encrypted DetailViews.
Bug 2: createdAt and updatedAt never set on memo records
apps/mana/apps/web/src/lib/modules/memoro/stores/memos.svelte.ts
create() built a LocalMemo object without populating createdAt or
updatedAt. The LocalMemo type declares both as required strings,
but TypeScript didn't catch the omission because the store relied
on a TS Type assertion / partial-shape pattern.
The Dexie creating hook in apps/mana/apps/web/src/lib/data/database.ts
only auto-stamps userId + __fieldTimestamps — it does NOT auto-stamp
createdAt. Module stores are expected to set their own timestamps
(consistent with the todo, calendar, contacts, notes stores etc.).
So every memoro memo had `createdAt === undefined`, and the
DetailView's `new Date(memo.createdAt ?? '').toLocaleDateString('de')`
rendered as "Erstellt: Invalid Date" for every single memo.
Fix: set both timestamps explicitly in create() before the Dexie
add. Existing memos in the wild are still broken — they'd need a
one-shot migration to backfill createdAt from the
__fieldTimestamps map, but that's a bigger commit.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The /admin route in the unified Mana web app was rendering hardcoded
mock data (42 users, 156 successful logins, 3 failed) for every
admin who opened it. The previous code had a TODO comment to wire
up a real endpoint and the backend half had been waiting for the
frontend half ever since the consolidation landed.
Backend (mana-auth):
Add GET /api/v1/admin/stats — admin-only, returns the seven counts
the dashboard needs in a single response. Each count is its own
Drizzle query against auth.users / auth.sessions / auth.login_
attempts; they run in parallel via Promise.all so total latency is
dominated by the round-trip to Postgres, not the per-query work.
Stats:
- totalUsers → users where deleted_at IS NULL
- newUsers7d → users created in the last 7 days
- newUsers30d → users created in the last 30 days
- activeSessions → sessions where expires_at > now() AND not revoked
- uniqueUsers24h → distinct user_id from sessions with last_activity
in the last 24h (and not revoked)
- loginSuccess7d → login_attempts where successful=true, last 7d
- loginFailed7d → login_attempts where successful=false, last 7d
Plus a generatedAt ISO timestamp so the client can show staleness
if it ever caches the response.
Frontend (apps/mana/apps/web):
- Add adminService.getStats() in the existing admin API service
(sits next to getUsers / getUserData / deleteUserData; uses the
same authenticated base-client and ApiResult envelope).
- Replace the onMount mock-data block in admin/+page.svelte with
a single adminService.getStats() call. Drop the local Stats
interface in favor of the AdminStats type exported from the
service.
- Guard the Success Rate calculation against division by zero on
fresh deployments — when there have been no login attempts in
the last 7 days, render '—%' instead of NaN%.
Verification:
- mana-auth type-check unchanged (baseline errors only)
- mana-auth runtime tests still 19/19 passing
- svelte-check on the two changed web files: zero errors
Closes item #12 in docs/REFACTORING_AUDIT_2026_04.md.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
