All matrix bots use matrix-bot-sdk which has native dependencies
(cpu-features, ssh2) that cause QEMU emulation failures during CI
arm64 builds. Build amd64 only - can run on arm64 via Rosetta.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Mount MinIO data directly to /Volumes/ManaData/minio for better
performance and persistence on external SSD.
Requires Docker Desktop "Full Disk Access" permission on Mac Mini.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fix LoggerService mock in better-auth.service.spec.ts
- Fix name assertion in auth.controller.spec.ts (empty string fallback)
- Fix createRemoteJWKSet mock in jwt-auth.guard.spec.ts
- Add Grafana dashboard for Auth Service monitoring
- Add 10 auth-specific Prometheus alert rules
- Update production readiness plan to 100% complete
All 199 unit tests passing.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Build matrix-mana-bot only for linux/amd64 (arm64 fails due to QEMU)
- Move pnpm overrides for cpu-features and ssh2 to root package.json
- These native deps cause illegal instruction errors under QEMU emulation
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
OIDC providers like Synapse expect the JWT issuer claim to match the
discovery document's issuer URL. Changed JWT plugin config from
JWT_ISSUER to BASE_URL to ensure consistency.
Also adds:
- @manacore/credit-operations package with operation definitions
- @manacore/shared-credit-ui package with React Native and Svelte components
- CreditInterceptor and @UseCredits decorator in nestjs-integration
- Credit system integration in chat backend
Set useJWTPlugin: true so id_tokens are signed with EdDSA keys
from JWKS instead of HS256. This fixes Synapse OIDC integration
which verifies tokens via JWKS endpoint.
SSD bind mount requires Docker Desktop GUI configuration for
/Volumes access. Reverting to standard volume until manually configured.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add zitare login page with standard pattern
- Add zitare forgot-password page
- Add planta forgot-password page
- Refactor planta register to use shared RegisterPage component
All apps now have consistent login, register, and forgot-password pages
using the shared auth-ui components and i18n translations.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Update 10 Matrix Bot Dockerfiles for monorepo builds with pnpm
- Add shared package support (bot-services, matrix-bot-common)
- Extend CI pipeline with change detection and build jobs
- Update docker-compose.macmini.yml to use GHCR images
- Enable Watchtower auto-updates for Matrix Bots
Bots: mana, ollama, stats, project-doc, todo, calendar, nutriphi, zitare, clock, tts
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add dynamic locale support to all login, register, and forgot-password
pages across apps. Pages now use $locale from svelte-i18n instead of
hardcoded language codes.
Apps updated:
- clock: login (also consolidated to standard pattern)
- manacore: register
- manadeck: register
- nutriphi: login, register, forgot-password
- picture: register, forgot-password
- planta: login
- questions: login, register, forgot-password
- skilltree: login, register, forgot-password
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Use ClockLogo from shared-branding
- Use translations from shared-i18n
- Change onSubmit to onSignUp pattern
- Add onResendVerification support
- Add amber color theming (#f59e0b)
- Remove manual loading/error state management
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add prominent email verification success UI with resend button
- Show resend verification option when registration fails with "not verified" error
- Improve form spacing with space-y-4 for better visual consistency
- Add translations for resend verification in all languages (de, en, fr, it, es)
- Update all 13 app register pages to pass onResendVerification prop
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Switch MinIO from Docker VM storage to external SSD volume
at /Volumes/TillJakob-S04/ManaData/minio for better performance.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Remove rslave mount that doesn't work on macOS
- Use selective collectors instead of defaults
- Note: This monitors the Docker VM metrics, not host Mac
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add node-exporter service to docker-compose for CPU/Memory/Disk monitoring
- Enable node-exporter scrape target in Prometheus config
- Update System Overview dashboard with Host System section:
- CPU, Memory, Disk usage gauges
- Total RAM, Total Disk, Uptime, Load stats
- CPU & Memory over time graph
- Network I/O graph
- Add Node Exporter to service status panel
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Removed node_* metrics (node-exporter not deployed)
- Removed container_last_seen (cAdvisor not deployed)
- Added Service Status, Traffic Overview, Database sections
- All panels now use available Prometheus metrics
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Added Total Requests counter for overall user interaction
- Added Requests/sec for current load visibility
- Reduced panel width to fit 8 metrics in one row
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Move Key Metrics section to top of dashboard
- Add new panels: Services UP, Apps Running, Matrix Bots, Avg Response Time
- Reorganize layout for better overview at a glance
- Remove CPU/Memory/Disk (no node-exporter), add Redis Keys
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Removed debug logging that exposed sensitive client_secret in production logs
- The body-parser middleware in main.ts correctly handles form-urlencoded token requests
- handleOidcRequest properly converts parsed body to URLSearchParams for Better Auth
Commented out:
- node-exporter (container not deployed)
- cadvisor (container not deployed)
- storage/presi/nutriphi-backend (no /metrics endpoint yet)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Container was built with PORT=5180 but docker-compose had PORT=4090.
Fixed port mapping and healthcheck to use correct internal port.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add t@t.de with password +üp+üp+üp to DEV_USERS array
- Refactor seed script to iterate over multiple users
- Ensures test user is always available after db:seed:dev
Documents the intensive night session covering:
- Voice integration for matrix-mana-bot (4 phases)
- Bot consolidation with shared packages (~5,500 lines deduplicated)
- Node.js v25 ESM compatibility fixes
- NestJS dependency injection fixes
- Matrix authenticated media API fix for Synapse 1.98+
- Mac Mini deployment and testing
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Documents that the token endpoint accepts both JSON and form-urlencoded
bodies per OAuth2 spec, with form data parsed by body-parser middleware.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Newer Synapse versions (1.98+) require authenticated downloads via
/_matrix/client/v1/media/download/ endpoint. Falls back to legacy
API for older servers.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Wrap Phosphor icon components in span elements with title attribute
since IconComponentProps doesn't support title prop directly.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Simplify vite.config.ts files to avoid type incompatibility errors
caused by different @types/node versions across the monorepo
- Add missing set() method to isSidebarMode store in matrix/web
Affected apps: calendar, chat, clock, contacts, manacore, manadeck,
matrix, nutriphi, picture, planta, presi, questions, storage, todo
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
