Keys were removed from .env.development but remain in git history.
OpenAI, Gemini, Replicate, and Supabase keys need rotation.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Package was unused — no imports found across the entire codebase.
All apps have migrated to direct PostgreSQL (Drizzle ORM) for backends
and mana-core-auth API for mobile/web clients.
Removes package and all documentation references.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Complete migration of Context mobile app from direct Supabase access
to NestJS backend API with mana-core-auth authentication.
New files:
- context/AuthProvider.tsx: mana-core-auth integration via @manacore/shared-auth
- services/backendApi.ts: Backend API client for spaces, documents, AI, tokens
Rewritten services (same exports, backend implementation):
- supabaseService.ts: Now thin wrapper around backendApi
- aiService.ts: Uses backendApi for auth token
- tokenCountingService.ts: Model prices from backend API
- tokenTransactionService.ts: All token ops via backend API
- revenueCatService.ts: Token balance via backend API
Updated 16 consumer files (auth forms, token components, AI toolbars)
Deleted:
- utils/supabase.ts, context/AuthContext.tsx
- services/spaceService.ts, services/spaceServiceDirect.ts
Dependencies:
- Added: @manacore/shared-auth, expo-secure-store
- Removed: @supabase/supabase-js, @google/generative-ai, openai, @azure/openai
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add error/404 page, security headers (hooks.server.ts), fix SSO to use
dynamic homeserver, make auth URL configurable via env var, remove all
console.log statements, and disable PWA devOptions in production.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The onboarding package was imported in the layout but not copied
into the Docker build context, causing production builds to fail.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The LLM playground is a SvelteKit web app (frontend), not a backend
microservice. Moving it to apps/ follows the monorepo convention where
all user-facing apps live under apps/.
- Moved services/llm-playground/ → apps/playground/apps/web/
- Renamed package from @mana-llm/playground to @playground/web
- Updated Dockerfile paths for new location
- Updated docker-compose.macmini.yml build context
- Removed unused concurrently dependency
- Added parent package.json
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
SECURITY: Remove live API keys that were committed to .env.development:
- Worldream OpenAI key (sk-proj-...)
- Worldream Gemini key
- Worldream Replicate token
- Worldream Supabase anon key (live JWT)
These keys should be rotated immediately.
Also removes dead Supabase config for:
- Maerchenzauber (archived)
- Memoro (archived)
- ManaDeck (migrated to PostgreSQL + Drizzle)
- ManaCore (will be migrated to mana-core-auth)
Cleans up generate-env.mjs to remove Memoro entries and
Supabase references from ManaDeck and Worldream.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
SECURITY FIX: The mobile app had Azure OpenAI and Google Gemini API keys
exposed in client code (dangerouslyAllowBrowser: true).
Changes:
- Mobile aiService.ts: Remove OpenAI/Gemini SDKs, route all AI calls
through the Context backend API (which uses mana-llm)
- Backend ai.controller.ts: Add /generate/mobile and /estimate/mobile
endpoints that accept Supabase JWT tokens (extracts userId from payload)
- Original /generate and /estimate endpoints unchanged (mana-core-auth)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
PWA: @vite-pwa/sveltekit with shared-pwa config, offline fallback page, service worker with standard caching preset.
i18n: svelte-i18n with DE/EN locale files, all UI strings translated, language switcher in PillNav, auth pages use shared-i18n translations.
Landing: Migrated from scoped CSS to Tailwind CSS with @astrojs/tailwind. Hero section, card grid, category filter buttons, detail page with timeline. Removed unused components (Welcome, ThemeToggle, update-locations.js).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Move secondary navigation items (Themes, Spiral) from the main pill
nav bar into the user profile dropdown menu. Feedback and Settings
were already there. This declutters the main nav to just core views:
Liste, Kanban, Filter, Tags.
Add themesHref and spiralHref optional props to PillNavigation
component so any app can show these in the user dropdown.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Delete .prettierrc (conflicted with .prettierrc.json — kept tabs config)
- Delete .env.example (outdated, .env.development is the source of truth)
- Rewrite README.md with all 18 active projects (was listing only 4)
- Fix CLAUDE.md apps-archived section (listed 11 non-existent apps)
- Delete apps-archived/mukke (duplicate of active apps/mukke)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
mana-media uses NestJS 11 while shared-nestjs-metrics targets NestJS 10,
causing DynamicModule type incompatibility. Use prom-client directly with
a simple MetricsController to expose /metrics endpoint.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add spiral-db integration to Contacts as the third app using
pixel-based spiral visualization. Contacts are encoded with
name, company, city, and email/phone flags.
Changes:
- Add createContactSchema() to spiral-db with bool fields for
hasEmail/hasPhone and nullable company/city
- Create Svelte 5 spiral store with importContacts from contactsStore
- Add SpiralCanvas component and /spiral route
- Wire up navigation (Ctrl+5) with auto-import on mount
- Favorites show as starred entries with gold border
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Backend: GET /locations/search?q= endpoint with ILIKE on name, description, address.
Frontend: QuickInputBar wired up in app layout, searches locations via API, navigates to detail page on select.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
New project with three apps:
- Landing (Astro): static site with SVG illustrations, location data
- Backend (NestJS, port 3025): CRUD API for locations + favorites, Drizzle ORM, auth via mana-core-auth
- Web (SvelteKit, port 5196): Tailwind 4, PillNav, auth (login/register/SSO), Leaflet map, favorites with optimistic updates, theme/settings
Infrastructure: DB init SQL, setup-databases.sh, generate-env.mjs, root package.json scripts, Dockerfiles, docker-compose.macmini.yml (backend:3025, web:5022), Cloudflare wrangler.toml.
Branding: registered in shared-branding (AppId, APP_BRANDING, APP_ICONS, MANA_APPS, CitycornersLogo).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace popup overlay with fullscreen page where the visualizer fills
the entire background. Controls overlay at bottom with gradient for
readability. Visualizer switcher in top-right corner.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The pnpm-lock.yaml references patches (react-native-reanimated) which
must be present for pnpm install --frozen-lockfile to succeed.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add spiral-db integration to Zitare as the second app (after Todo) to
use pixel-based spiral data visualization. Favorites are encoded as
colored pixels in a spiral pattern and can be exported/imported as PNG.
Changes:
- Add createQuoteSchema() to spiral-db with fields for category,
language, author, text, and quoteId
- Create Svelte 5 spiral store with importFavorites, CRUD, PNG export
- Add SpiralCanvas component for interactive visualization
- Add /spiral route with stats, records list, and actions
- Wire up navigation (Ctrl+6) and auto-import favorites on mount
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Butterchurn (Milkdrop) uses eval() for preset/shader compilation which
was blocked by CSP. Add unsafe-eval to script-src for mukke only.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Comprehensive analysis of self-hosted vs cloud dependencies with
prioritized roadmap to reach ~90% self-hosting. Key findings: mana-image-gen
can replace Replicate, all LLM calls should route through mana-llm,
and backup strategy needs strengthening.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add comprehensive test suite (174 tests) covering encoding, schema,
image, database CRUD, and PNG round-trip. Fix critical bugs:
- PNG compression: replace non-functional zlibCompress with pako.deflate
- PNG import: add CRC validation, support all filter types (Sub/Up/Avg/Paeth)
- Input validation: validate records against schema before insert
- Index overflow: dynamic dataStartRing prevents index/data ring overlap
- Image expansion: expand before writes instead of after to prevent OOB
- update() read bug: search index from end to find latest entry, not deleted one
- String encoding: enforce 511-byte max length
- Index ring count: use 6 bits (2 pixels) instead of 3 bits for >7 ring support
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Set crossOrigin='anonymous' on audio element for Web Audio API
compatibility with cross-origin sources. Add MINIO_API_CORS_ALLOW_ORIGIN
to allow browser requests from all web apps.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add mediaSrc option to shared security headers and configure mukke
to allow audio loading from minio.mana.how (S3 presigned URLs).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Use existing --color-surface-elevated CSS variable instead of
non-existent --color-surface-elevated-3. Add box-shadow for depth.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Replace hardcoded website IDs with env variable references (IDs were stale)
- Add missing web apps: Zitare, Presi, NutriPhi, Storage, Photos, SkillTree
- Fix AuthEvents docs to include 'github' method
- Add note that AuthEvents helpers are rarely used directly
- Fix Development Mode section (no console logging, events silently ignored)
- Fix Umami server details: container name, image, correct port (8010, not 3200)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add GlitchTip to health-check.sh monitoring endpoints
- Add native disk space checks for / and /Volumes/ManaData with 80%/90% thresholds
- Extend Prometheus disk alerts to include /host_mnt/Volumes/ManaData mountpoint
- Add ManaData disk usage gauge to Grafana system-overview dashboard
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The previous commit added MetricsModule to these backends but their
Dockerfiles didn't COPY the shared-nestjs-metrics package into the
build context, causing Docker builds to fail.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
LightWrite was replaced by Mukke on the same ports (5180/3010).
Update reverse proxy to use mukke.mana.how and mukke-api.mana.how.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add MetricsModule to 8 backends missing it (photos, zitare, mukke,
planta, picture, storage, presi, nutriphi)
- Enable Prometheus scraping for all 15 backends in prometheus.yml
(was only 6, with 3 commented out and 6 missing entirely)
- Update ServiceDown alert rule to cover all 15 backends
- Update Grafana dashboards (backends, master-overview, system-overview)
with all backend services in health panels
- Fix imprecise regex in application-details dashboard
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The browser error tracking hooks.client.ts added earlier requires the
shared-error-tracking package to be copied and built in the Docker image.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
MiniPlayer was fixed at bottom-0 behind PillNav (z-1000). Now offset
by 80px + safe-area so it sits directly above the navigation bar.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Raise FAB z-index from 50 to 1002 so close button is clickable above PillNav (z:1000)
- Remove Settings from standalone nav items (already in account dropdown)
- Move Mana button from standalone pill into account dropdown
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Change tsconfig module from commonjs to ES2020 and moduleResolution to
bundler so browser.js exports ESM that Vite/Rollup can tree-shake.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace static FrequencyBars with VisualizerRenderer supporting multiple
visualizer backends via registry. Add Butterchurn (Milkdrop) and Particle
(pixi.js) visualizers with runtime switching.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
