Stale GHCR image didn't include cross-app URL injection for todo/contacts
backends, causing all task/birthday requests to hit calendar-api instead.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace GHCR images with local Docker builds for consistency.
All 13 deployed backends now use the same build pattern:
build: context: . / dockerfile: apps/*/apps/backend/Dockerfile
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add import './instrument' to 15 remaining backend main.ts files
- Add GLITCHTIP_DSN to 10 additional backends in docker-compose.macmini.yml
- Total: 13/13 deployed backends have DSNs configured
- Total: 18/18 backends have instrument.ts + import
Backends with live error tracking after next rebuild:
chat, todo, calendar, clock, contacts, storage, presi, nutriphi,
skilltree, photos, zitare, mukke, planta
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Several apps (mukke, photos, planta, questions, todo, traces, context,
docs, manadeck, zitare) were missing from Better Auth's trustedOrigins,
causing SSO session cookie exchange to fail for those apps. Also synced
CORS_ORIGINS in docker-compose.macmini.yml.
Added 47 SSO contract tests to prevent regressions.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
GlitchTip is publicly accessible like other monitoring tools (Grafana, Umami).
No login restriction needed for internal dev tooling.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Sentry SDK v9 rejects UUID-formatted keys with hyphens. Use the compact
hex format returned by GlitchTip's get_dsn() method.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Combines LightWrite (beat/lyrics editor) and Mukke (iOS music player) into
a single web-based music workspace app. Archives the old Mukke mobile app.
- Rename: @lightwrite/* → @mukke/*, all branding, configs, Dockerfiles
- New DB schemas: songs, playlists, playlist_songs + songId FK on projects
- New backend modules: SongModule, PlaylistModule, LibraryModule
- New web: app shell with sidebar, library (songs/albums/artists/genres),
web player (queue/shuffle/repeat/MediaSession), playlists, search,
upload, dashboard, album/artist/genre detail pages
- Auth: add forgot-password + reset-password pages, extend auth store
- Tests: 40 backend unit tests (song, playlist, library services)
- Config: env generation, MinIO bucket, docker-compose prod, cloudflare
- Docs: update CLAUDE.md, auth guidelines with SvelteKit checklist
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Backend/Web Dockerfiles: use PORT env var in healthcheck (was hardcoded)
- Web Dockerfile: align default port to 5012 (matching docker-compose)
- docker-compose.macmini.yml: add ENCRYPTION_KEY env var for calendar-backend
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Update Dockerfile HEALTHCHECK to use /api/v1/health
- Update docker-compose.macmini.yml health check endpoint
- Increase start_period to 30s
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add Dockerfile and docker-entrypoint.sh for planta-backend
- Add planta-backend service to docker-compose.macmini.yml (port 3022)
- Add matrix-planta-bot service to docker-compose.macmini.yml (port 4022)
- Configure dependencies: mana-auth, minio, redis, synapse, planta-backend
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
When services run in Docker with internal endpoints (e.g., http://minio:9000),
presigned URLs are inaccessible from browsers. This adds S3_PUBLIC_ENDPOINT
support to generate presigned URLs using a publicly accessible endpoint
(e.g., https://minio.mana.how) while keeping internal operations on the
Docker network.
Changes:
- Add publicEndpoint to StorageConfig type
- Create separate S3Client for presigned URL generation
- Add S3_PUBLIC_ENDPOINT to factory configuration
- Configure lightwrite-backend with public MinIO endpoint
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add lightwrite, zitare, questions, planta, manadeck, picture to
mana-core-auth CORS_ORIGINS to allow auth requests from these apps.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Replace DaisyUI classes with the custom glassmorphic theme:
- Use bg-white/80 dark:bg-black/80 with backdrop-blur
- Use border-black/10 dark:border-white/10 for borders
- Use text-foreground and text-muted-foreground for text
- Add gradient avatars matching rest of app
- Fix tab styling with proper active states
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add STT_API_KEY to matrix-mana-bot and matrix-clock-bot
- Fix STT_URL port (3020/3021 → 3026) for consistency
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add STT bot container config on port 4021
- Uses mana-stt service via host.docker.internal:3026
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
NestJS matches routes in declaration order. The dynamic :code route was
matching before me/created and me/received, treating 'me' as a gift code.
Moved specific routes before the dynamic parameter route.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add REDIS_HOST, REDIS_PASSWORD for session storage
- Add MANA_CORE_AUTH_URL, MANA_CORE_SERVICE_KEY for Matrix-SSO-Link
- Add redis dependency to depends_on
- Use local image build instead of GHCR
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Download and configure Kerstin Piper voice (63MB, local)
- Update piper_service.py to support multiple voice models
- Set de_kerstin as default voice for TTS bot
- Update help text with new voice options
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Switch from GHCR image to local build
- Add MANA_CORE_AUTH_URL, MANA_CORE_SERVICE_KEY for SSO-Link
- Add Redis config for session storage
- Add dependencies on mana-auth and redis
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Connect stats-bot to VictoriaMetrics for infrastructure
monitoring commands (!system, !services, !traffic, !db, !growth)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add TTS_API_KEY config option to configuration.ts
- Send X-API-Key header in TtsService requests
- Update docker-compose.macmini.yml with TTS_INTERNAL_API_KEY env var
- Update .env.example and CLAUDE.md documentation
The mana-tts service requires authentication, but the TTS bot was not
sending the required X-API-Key header, causing 401 errors.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Fix Dockerfile to include all required shared packages and add
health endpoint for Docker healthcheck. Enable skilltree-web
service in docker-compose.macmini.yml.
- Add Dockerfile for production build
- Add docker-entrypoint.sh for runtime config
- Add hooks.server.ts for client-side env injection
- Add zitare-web service to docker-compose.macmini.yml
- Port 5012
- Depends on zitare-backend
- Health check on /health endpoint
- Add Dockerfile for zitare-backend (multi-stage build, port 3007)
- Add docker-entrypoint.sh for database setup
- Add zitare-backend service to docker-compose.macmini.yml
- Update matrix-zitare-bot to depend on zitare-backend
- Add zitare-backend to CI workflow (change detection + build job)
After successful !login, the bot now stores a persistent link between
the Matrix user ID and the Mana account in mana-core-auth. This allows
the bot to auto-authenticate users in the future without requiring
another !login command.
Changes:
- Add createMatrixUserLink() method to SessionService
- Call link creation after successful login
- Add MANA_CORE_SERVICE_KEY to todo and calendar bot docker config
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Switch manacore-web from GHCR image to local build for faster
deployment of frontend changes (self-service /settings/my-data).
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Medium priority stability improvements:
Alerting:
- Add vmalert for evaluating Prometheus alert rules
- Add alertmanager for alert routing and grouping
- Add alert-notifier service for Telegram/ntfy notifications
- Enable cadvisor scraping in prometheus config
Disk Monitoring:
- Add check-disk-space.sh for hourly disk monitoring
- Alert on 80% (warning) and 90% (critical) thresholds
- Auto-cleanup Docker when disk is critical
- Add com.manacore.disk-check.plist for LaunchD
Weekly Reports:
- Add weekly-report.sh for system health summary
- Includes: backup status, disk usage, container health,
database stats, error log summary
- Runs every Sunday at 10 AM via LaunchD
Health Check Updates:
- Add checks for vmalert, alertmanager, alert-notifier
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add admin modules with GET/DELETE /api/v1/admin/user-data/:userId
- Photos: albums, favorites, tags counting and deletion
- Clock: alarms, timers, world clocks, presets counting and deletion
- Storage: files, folders, shares, tags counting and deletion
- Update UserDataService to include photos, clock, storage backends
- Add ADMIN_SERVICE_KEY env var to all backends in docker-compose
- Build storage-backend locally instead of using GHCR image
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Configure mana-auth with internal Docker network URLs to query
project backends for user data (Chat, Todo, Calendar, Contacts,
Picture, Presi).
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Disable api-gateway and skilltree-web (no working images/Dockerfiles)
- Fix mana-search Dockerfile healthcheck port and endpoint
- Update health-check.sh to skip disabled services
- Fix search service health endpoint (/api/v1/health)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- mana-search: GHCR image is broken (missing node_modules)
- skilltree-web: GHCR image doesn't exist
- api-gateway: disabled (no image, no Dockerfile)
All three now build locally on Mac Mini instead of pulling from GHCR.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Switch 5 backends from pulling ghcr.io images to building locally:
- chat-backend
- todo-backend
- calendar-backend
- clock-backend
- contacts-backend
This ensures Dockerfiles with shared-drizzle-config are used directly.
mana-media Dockerfile has a pre-existing bug with pnpm symlinks
that needs to be fixed separately.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add Dockerfile for photos-backend (port 3039)
- Add Dockerfile for photos-web (port 5019)
- Add docker-entrypoint.sh for database migrations
- Add health endpoint for photos-web
- Add photos services to docker-compose.macmini.yml
- Update CORS_ORIGINS for mana-auth and mana-media
- Update CLAUDE.md with production URLs
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
