Switch devlog convention from daily to session-based (vormittag/abend).
Add devlog for Manalink prod-readiness work and deployment.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
New service that generates static Astro landing pages for organizations
and deploys them to Cloudflare Pages at {slug}.mana.how.
Components:
- Landing Builder Service (NestJS, port 3030) with Astro template
- Admin UI in Manacore web dashboard at /organizations/[id]/landing
- TeamSection + ContactSection for shared-landing-ui
- Two org themes (classic dark, warm light)
- LandingPageConfig types in shared-types
- Docker + CI/CD integration for Mac Mini deployment
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Align mobile AuthProviders (chat, manacore) with web auth stores:
- Replace { error: { message } | null } with { success: boolean, error?: string }
- Add needsVerification support to signUp return type
- Update all consumer screens (login, register, reset-password) accordingly
All auth methods across web and mobile now use the same return pattern.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace 900+ lines of custom auth implementation (authService, tokenManager,
deviceManager, safeStorage) with ~280 lines wrapping @manacore/shared-auth.
Auth now goes through mana-core-auth directly instead of manadeck backend.
Backward-compatible API: all consumers (stores, apiClient, hooks) work
without changes thanks to wrapper maintaining the same export interface.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Tests: Jest + ts-jest with mock factories. 4 test suites covering LocationService (CRUD, search), FavoriteService (add/remove, conflicts), LocationLookupService (web search, extraction, error handling), LocationController (endpoints, query params).
Docs: Complete CLAUDE.md rewrite with live URLs, all endpoints, web pages, features, environment variables, Docker config, and test overview.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Copying all packages pulled in Astro deps that need git. Back to
explicit copies with eslint-config added.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Backend: GET /locations/lookup?q= endpoint that searches via mana-search, extracts content from top results, auto-detects address and category, returns pre-filled data with source links.
Frontend: /add page now has a two-step flow:
1. Search step: user enters a place name, backend scrapes the web
2. Edit step: form pre-filled with found data (name, description, address, category), user can review/edit before submitting. Shows source links.
Also fixed all API paths to use /api/v1/ prefix via centralized api() helper.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Make SSO loginToken homeserver configurable via VITE_MATRIX_HOMESERVER
- Add vitest setup with 14 unit tests for Matrix client functions
(discoverHomeserver, checkHomeserver, loginWithToken)
- Show amber warning banner when E2EE is not available
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
API paths: Created centralized api() helper in $lib/api.ts. All fetch calls now use /api/v1/ prefix matching the production NestJS route structure.
New feature: /add page where authenticated users can submit new locations with name, category, description, and optional address. Added "Hinzufügen" nav item with plus icon.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Align all 20 web app auth stores to a consistent pattern:
- Use DEV_* constants with import.meta.env.DEV guard (no localhost leak in prod)
- Pass backendUrl to initializeWebAuth for automatic 401 token refresh
- Add redirectTo to forgotPassword for correct post-reset redirect
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Keys were removed from .env.development but remain in git history.
OpenAI, Gemini, Replicate, and Supabase keys need rotation.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Package was unused — no imports found across the entire codebase.
All apps have migrated to direct PostgreSQL (Drizzle ORM) for backends
and mana-core-auth API for mobile/web clients.
Removes package and all documentation references.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Complete migration of Context mobile app from direct Supabase access
to NestJS backend API with mana-core-auth authentication.
New files:
- context/AuthProvider.tsx: mana-core-auth integration via @manacore/shared-auth
- services/backendApi.ts: Backend API client for spaces, documents, AI, tokens
Rewritten services (same exports, backend implementation):
- supabaseService.ts: Now thin wrapper around backendApi
- aiService.ts: Uses backendApi for auth token
- tokenCountingService.ts: Model prices from backend API
- tokenTransactionService.ts: All token ops via backend API
- revenueCatService.ts: Token balance via backend API
Updated 16 consumer files (auth forms, token components, AI toolbars)
Deleted:
- utils/supabase.ts, context/AuthContext.tsx
- services/spaceService.ts, services/spaceServiceDirect.ts
Dependencies:
- Added: @manacore/shared-auth, expo-secure-store
- Removed: @supabase/supabase-js, @google/generative-ai, openai, @azure/openai
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add error/404 page, security headers (hooks.server.ts), fix SSO to use
dynamic homeserver, make auth URL configurable via env var, remove all
console.log statements, and disable PWA devOptions in production.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The onboarding package was imported in the layout but not copied
into the Docker build context, causing production builds to fail.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The LLM playground is a SvelteKit web app (frontend), not a backend
microservice. Moving it to apps/ follows the monorepo convention where
all user-facing apps live under apps/.
- Moved services/llm-playground/ → apps/playground/apps/web/
- Renamed package from @mana-llm/playground to @playground/web
- Updated Dockerfile paths for new location
- Updated docker-compose.macmini.yml build context
- Removed unused concurrently dependency
- Added parent package.json
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
SECURITY: Remove live API keys that were committed to .env.development:
- Worldream OpenAI key (sk-proj-...)
- Worldream Gemini key
- Worldream Replicate token
- Worldream Supabase anon key (live JWT)
These keys should be rotated immediately.
Also removes dead Supabase config for:
- Maerchenzauber (archived)
- Memoro (archived)
- ManaDeck (migrated to PostgreSQL + Drizzle)
- ManaCore (will be migrated to mana-core-auth)
Cleans up generate-env.mjs to remove Memoro entries and
Supabase references from ManaDeck and Worldream.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
SECURITY FIX: The mobile app had Azure OpenAI and Google Gemini API keys
exposed in client code (dangerouslyAllowBrowser: true).
Changes:
- Mobile aiService.ts: Remove OpenAI/Gemini SDKs, route all AI calls
through the Context backend API (which uses mana-llm)
- Backend ai.controller.ts: Add /generate/mobile and /estimate/mobile
endpoints that accept Supabase JWT tokens (extracts userId from payload)
- Original /generate and /estimate endpoints unchanged (mana-core-auth)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
PWA: @vite-pwa/sveltekit with shared-pwa config, offline fallback page, service worker with standard caching preset.
i18n: svelte-i18n with DE/EN locale files, all UI strings translated, language switcher in PillNav, auth pages use shared-i18n translations.
Landing: Migrated from scoped CSS to Tailwind CSS with @astrojs/tailwind. Hero section, card grid, category filter buttons, detail page with timeline. Removed unused components (Welcome, ThemeToggle, update-locations.js).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Move secondary navigation items (Themes, Spiral) from the main pill
nav bar into the user profile dropdown menu. Feedback and Settings
were already there. This declutters the main nav to just core views:
Liste, Kanban, Filter, Tags.
Add themesHref and spiralHref optional props to PillNavigation
component so any app can show these in the user dropdown.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Delete .prettierrc (conflicted with .prettierrc.json — kept tabs config)
- Delete .env.example (outdated, .env.development is the source of truth)
- Rewrite README.md with all 18 active projects (was listing only 4)
- Fix CLAUDE.md apps-archived section (listed 11 non-existent apps)
- Delete apps-archived/mukke (duplicate of active apps/mukke)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
mana-media uses NestJS 11 while shared-nestjs-metrics targets NestJS 10,
causing DynamicModule type incompatibility. Use prom-client directly with
a simple MetricsController to expose /metrics endpoint.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add spiral-db integration to Contacts as the third app using
pixel-based spiral visualization. Contacts are encoded with
name, company, city, and email/phone flags.
Changes:
- Add createContactSchema() to spiral-db with bool fields for
hasEmail/hasPhone and nullable company/city
- Create Svelte 5 spiral store with importContacts from contactsStore
- Add SpiralCanvas component and /spiral route
- Wire up navigation (Ctrl+5) with auto-import on mount
- Favorites show as starred entries with gold border
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Backend: GET /locations/search?q= endpoint with ILIKE on name, description, address.
Frontend: QuickInputBar wired up in app layout, searches locations via API, navigates to detail page on select.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
New project with three apps:
- Landing (Astro): static site with SVG illustrations, location data
- Backend (NestJS, port 3025): CRUD API for locations + favorites, Drizzle ORM, auth via mana-core-auth
- Web (SvelteKit, port 5196): Tailwind 4, PillNav, auth (login/register/SSO), Leaflet map, favorites with optimistic updates, theme/settings
Infrastructure: DB init SQL, setup-databases.sh, generate-env.mjs, root package.json scripts, Dockerfiles, docker-compose.macmini.yml (backend:3025, web:5022), Cloudflare wrangler.toml.
Branding: registered in shared-branding (AppId, APP_BRANDING, APP_ICONS, MANA_APPS, CitycornersLogo).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace popup overlay with fullscreen page where the visualizer fills
the entire background. Controls overlay at bottom with gradient for
readability. Visualizer switcher in top-right corner.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The pnpm-lock.yaml references patches (react-native-reanimated) which
must be present for pnpm install --frozen-lockfile to succeed.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add spiral-db integration to Zitare as the second app (after Todo) to
use pixel-based spiral data visualization. Favorites are encoded as
colored pixels in a spiral pattern and can be exported/imported as PNG.
Changes:
- Add createQuoteSchema() to spiral-db with fields for category,
language, author, text, and quoteId
- Create Svelte 5 spiral store with importFavorites, CRUD, PNG export
- Add SpiralCanvas component for interactive visualization
- Add /spiral route with stats, records list, and actions
- Wire up navigation (Ctrl+6) and auto-import favorites on mount
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Butterchurn (Milkdrop) uses eval() for preset/shader compilation which
was blocked by CSP. Add unsafe-eval to script-src for mukke only.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Comprehensive analysis of self-hosted vs cloud dependencies with
prioritized roadmap to reach ~90% self-hosting. Key findings: mana-image-gen
can replace Replicate, all LLM calls should route through mana-llm,
and backup strategy needs strengthening.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add comprehensive test suite (174 tests) covering encoding, schema,
image, database CRUD, and PNG round-trip. Fix critical bugs:
- PNG compression: replace non-functional zlibCompress with pako.deflate
- PNG import: add CRC validation, support all filter types (Sub/Up/Avg/Paeth)
- Input validation: validate records against schema before insert
- Index overflow: dynamic dataStartRing prevents index/data ring overlap
- Image expansion: expand before writes instead of after to prevent OOB
- update() read bug: search index from end to find latest entry, not deleted one
- String encoding: enforce 511-byte max length
- Index ring count: use 6 bits (2 pixels) instead of 3 bits for >7 ring support
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Set crossOrigin='anonymous' on audio element for Web Audio API
compatibility with cross-origin sources. Add MINIO_API_CORS_ALLOW_ORIGIN
to allow browser requests from all web apps.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add mediaSrc option to shared security headers and configure mukke
to allow audio loading from minio.mana.how (S3 presigned URLs).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Use existing --color-surface-elevated CSS variable instead of
non-existent --color-surface-elevated-3. Add box-shadow for depth.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Replace hardcoded website IDs with env variable references (IDs were stale)
- Add missing web apps: Zitare, Presi, NutriPhi, Storage, Photos, SkillTree
- Fix AuthEvents docs to include 'github' method
- Add note that AuthEvents helpers are rarely used directly
- Fix Development Mode section (no console logging, events silently ignored)
- Fix Umami server details: container name, image, correct port (8010, not 3200)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add GlitchTip to health-check.sh monitoring endpoints
- Add native disk space checks for / and /Volumes/ManaData with 80%/90% thresholds
- Extend Prometheus disk alerts to include /host_mnt/Volumes/ManaData mountpoint
- Add ManaData disk usage gauge to Grafana system-overview dashboard
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
