The tsconfig was missing include/exclude which caused the build to
output to dist/src/main.js instead of dist/main.js.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
node:20-slim doesn't include wget or curl, which is required
for the HEALTHCHECK commands in the Dockerfiles.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add root-level pnpm override to replace @matrix-org/matrix-sdk-crypto-nodejs
with empty-npm-package. This disables E2EE support but allows matrix bots
to run without native module compilation issues.
The bots don't need E2EE since Matrix Synapse handles encryption at
the server level for our use case.
Also removes the explicit pnpm add commands from Dockerfiles since the
override handles the module replacement.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The pnpm lockfile doesn't contain the linux-x64-gnu variant of
@matrix-org/matrix-sdk-crypto-nodejs since it was created on macOS.
Explicitly adding this package during Docker build ensures the
correct native binary is available at runtime.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add loginWithLoginToken function to exchange Matrix SSO loginToken for credentials.
The app layout now detects the loginToken URL parameter and completes the SSO flow.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The @matrix-org/matrix-sdk-crypto-nodejs package needs a rebuild step
after install to properly select the platform-specific prebuilt binary.
Without this, the module fails to find the correct binding at runtime.
Adds `pnpm rebuild @matrix-org/matrix-sdk-crypto-nodejs || true` after
both the dev and prod install steps in all matrix bot Dockerfiles.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Move PostgreSQL data from Docker volume to /Volumes/ManaData/postgres
for better data safety and performance.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The root package.json has postinstall hooks (generate-env, build:packages,
husky) that fail in Docker context. --ignore-scripts prevents these from
running while still allowing the build to complete.
Using node:20-slim (glibc) should handle matrix-sdk crypto modules via
prebuilt binaries without needing install scripts.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Changed base images from Alpine to Debian slim (glibc vs musl)
- Removed --ignore-scripts to allow native module builds
- Fixed user creation commands for Debian-based images
The matrix-bot-sdk requires @matrix-org/matrix-sdk-crypto-nodejs which
needs platform-specific native binaries. Alpine's musl libc causes
compatibility issues with these modules.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Mac Mini with Apple Silicon needs explicit platform specification
to pull amd64 images since matrix bots only have amd64 builds.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
All matrix bots use matrix-bot-sdk which has native dependencies
(cpu-features, ssh2) that cause QEMU emulation failures during CI
arm64 builds. Build amd64 only - can run on arm64 via Rosetta.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Mount MinIO data directly to /Volumes/ManaData/minio for better
performance and persistence on external SSD.
Requires Docker Desktop "Full Disk Access" permission on Mac Mini.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fix LoggerService mock in better-auth.service.spec.ts
- Fix name assertion in auth.controller.spec.ts (empty string fallback)
- Fix createRemoteJWKSet mock in jwt-auth.guard.spec.ts
- Add Grafana dashboard for Auth Service monitoring
- Add 10 auth-specific Prometheus alert rules
- Update production readiness plan to 100% complete
All 199 unit tests passing.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Build matrix-mana-bot only for linux/amd64 (arm64 fails due to QEMU)
- Move pnpm overrides for cpu-features and ssh2 to root package.json
- These native deps cause illegal instruction errors under QEMU emulation
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
OIDC providers like Synapse expect the JWT issuer claim to match the
discovery document's issuer URL. Changed JWT plugin config from
JWT_ISSUER to BASE_URL to ensure consistency.
Also adds:
- @manacore/credit-operations package with operation definitions
- @manacore/shared-credit-ui package with React Native and Svelte components
- CreditInterceptor and @UseCredits decorator in nestjs-integration
- Credit system integration in chat backend
Set useJWTPlugin: true so id_tokens are signed with EdDSA keys
from JWKS instead of HS256. This fixes Synapse OIDC integration
which verifies tokens via JWKS endpoint.
SSD bind mount requires Docker Desktop GUI configuration for
/Volumes access. Reverting to standard volume until manually configured.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add zitare login page with standard pattern
- Add zitare forgot-password page
- Add planta forgot-password page
- Refactor planta register to use shared RegisterPage component
All apps now have consistent login, register, and forgot-password pages
using the shared auth-ui components and i18n translations.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Update 10 Matrix Bot Dockerfiles for monorepo builds with pnpm
- Add shared package support (bot-services, matrix-bot-common)
- Extend CI pipeline with change detection and build jobs
- Update docker-compose.macmini.yml to use GHCR images
- Enable Watchtower auto-updates for Matrix Bots
Bots: mana, ollama, stats, project-doc, todo, calendar, nutriphi, zitare, clock, tts
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add dynamic locale support to all login, register, and forgot-password
pages across apps. Pages now use $locale from svelte-i18n instead of
hardcoded language codes.
Apps updated:
- clock: login (also consolidated to standard pattern)
- manacore: register
- manadeck: register
- nutriphi: login, register, forgot-password
- picture: register, forgot-password
- planta: login
- questions: login, register, forgot-password
- skilltree: login, register, forgot-password
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Use ClockLogo from shared-branding
- Use translations from shared-i18n
- Change onSubmit to onSignUp pattern
- Add onResendVerification support
- Add amber color theming (#f59e0b)
- Remove manual loading/error state management
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add prominent email verification success UI with resend button
- Show resend verification option when registration fails with "not verified" error
- Improve form spacing with space-y-4 for better visual consistency
- Add translations for resend verification in all languages (de, en, fr, it, es)
- Update all 13 app register pages to pass onResendVerification prop
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Switch MinIO from Docker VM storage to external SSD volume
at /Volumes/TillJakob-S04/ManaData/minio for better performance.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Remove rslave mount that doesn't work on macOS
- Use selective collectors instead of defaults
- Note: This monitors the Docker VM metrics, not host Mac
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add node-exporter service to docker-compose for CPU/Memory/Disk monitoring
- Enable node-exporter scrape target in Prometheus config
- Update System Overview dashboard with Host System section:
- CPU, Memory, Disk usage gauges
- Total RAM, Total Disk, Uptime, Load stats
- CPU & Memory over time graph
- Network I/O graph
- Add Node Exporter to service status panel
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Removed node_* metrics (node-exporter not deployed)
- Removed container_last_seen (cAdvisor not deployed)
- Added Service Status, Traffic Overview, Database sections
- All panels now use available Prometheus metrics
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Added Total Requests counter for overall user interaction
- Added Requests/sec for current load visibility
- Reduced panel width to fit 8 metrics in one row
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Move Key Metrics section to top of dashboard
- Add new panels: Services UP, Apps Running, Matrix Bots, Avg Response Time
- Reorganize layout for better overview at a glance
- Remove CPU/Memory/Disk (no node-exporter), add Redis Keys
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Removed debug logging that exposed sensitive client_secret in production logs
- The body-parser middleware in main.ts correctly handles form-urlencoded token requests
- handleOidcRequest properly converts parsed body to URLSearchParams for Better Auth
Commented out:
- node-exporter (container not deployed)
- cadvisor (container not deployed)
- storage/presi/nutriphi-backend (no /metrics endpoint yet)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Container was built with PORT=5180 but docker-compose had PORT=4090.
Fixed port mapping and healthcheck to use correct internal port.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
