till/managarten
1
0
Fork 0
mirror of https://github.com/Memo-2023/mana-monorepo.git synced 2026-05-14 22:21:10 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
Mirror of github.com/Memo-2023/mana-monorepo
3774 commits 34 branches 38 tags 143 MiB
Find a file
Till JS bcc21ca785 feat(geocoding): privacy hardening — sensitive-query block + coord 
quantization + extended cache TTL for public answers

Three independent defenses limit what public geocoding APIs (Photon,
Nominatim) can learn from our outbound traffic:

1. **Sensitive-query block** (`lib/sensitive-query.ts`)
   Queries matching the medical/mental-health/crisis-service keyword
   list (Hausarzt, Psychiater, Klinikum, HIV, Frauenhaus, …) are
   never forwarded to public APIs. The chain detects sensitivity at
   the route layer and runs the search in localOnly mode — providers
   with `privacy: 'public'` are filtered out before iteration begins.
   When no local provider is available (Pelias stopped), a sensitive
   query returns ok:true with results:[] and notice:
   'sensitive_local_unavailable' so the UI can show a sensible
   message instead of "no results".

   The keyword list is documented inline. False negatives are the
   risk; false positives just produce a 0-result UX hit (better
   trade-off).

2. **Coordinate quantization** (`lib/privacy.ts`)
   Forward-search focus.lat/lon: rounded to 2 decimals (~1.1km).
     Enough for the bias to work, hides exact GPS.
   Reverse-geocoding lat/lon: rounded to 3 decimals (~110m).
     City-block resolution — sufficient for "what's near me?",
     avoids reverse-geocoding the user's exact front door.
   Pelias always gets full precision; quantization only on the way
   out to public APIs. New `privacy: 'local' | 'public'` field on
   the GeocodingProvider interface drives this.

3. **Extended cache TTL for public answers**
   New `cache.publicTtlMs` config option, default 7 days (vs. 24h
   for local-provider answers). LRU cache extended with optional
   `ttlOverrideMs` per entry. Same query from N users → 1 outbound
   request to Photon/Nominatim. Strongest privacy lever we have
   over public providers (we can't change their logging, only the
   rate at which we feed them queries).

Threat coverage:
   ✓ User IP / identity hidden (already true — wrapper is the proxy)
   ✓ Exact GPS hidden (quantization)
   ✓ Sensitive query content protected (block)
   ~ Non-sensitive query content visible (acceptable trade-off)
   ~ Aggregate profiling reduced ~10–100× (cache)
   ✗ TLS-level traffic analysis, compelled disclosure (out of scope)

Tests: 141 (was 115). New coverage:
- privacy.test.ts: quantization rules (locks the privacy claim)
- sensitive-query.test.ts: positive matches across categories +
  documented false positives we accept
- chain.test.ts: localOnly mode end-to-end including the load-
  bearing assertion that public providers' search() must NEVER be
  called when the chain is in localOnly mode (no race window)
- cache.test.ts: per-entry ttlOverride longer + shorter than default

Live smoke verified end-to-end:
- "Hausarzt Konstanz" with Pelias down → no public API call,
  notice: 'sensitive_local_unavailable'
- "Konstanz" → falls through to Photon, notice: 'fallback_used'
- Reverse with high-precision GPS → Photon receives quantized
  coords, returns city-block-level result
2026-04-28 16:04:56 +02:00
.changeset feat(versioning): add semantic versioning and changesets to all apps 2026-03-19 16:20:18 +01:00
.claude docs: surface i18n validator stack + format helper convention 2026-04-25 12:07:35 +02:00
.github chore(ci): drop 16 dead build-* jobs + per-product detect-changes branches 2026-04-28 15:32:43 +02:00
.husky chore(hooks): drop --fail-on-warnings from pre-push svelte-check 2026-04-17 02:53:44 +02:00
apps feat(geocoding): privacy hardening — sensitive-query block + coord 2026-04-28 16:04:56 +02:00
docker fix(docker): COPY packages/shared-privacy into sveltekit-base 2026-04-27 01:02:55 +02:00
docs chore(dev): pnpm dev:analytics script + test-checklist mentions local-dev startup 2026-04-28 14:54:32 +02:00
games/arcade fix(tsconfig): unblock shared-types consumers 2026-04-21 18:53:55 +02:00
load-tests refactor: rename zitare -> quotes (Zitate) 2026-04-14 20:59:16 +02:00
NewAppIdeas/Roblox Reimagined chore: complete ManaCore → Mana rename (docs, go modules, plists, images) 2026-04-07 12:26:10 +02:00
packages feat(feedback): heart-half als globales Feedback-Icon + inline-Form in der Workbench 2026-04-28 15:36:52 +02:00
patches fix(traces): configure EAS Build for TestFlight and fix bot-services build 2026-03-17 13:16:38 +01:00
scripts i18n(drink+habits+picture): translate 3 list views via $_() 2026-04-27 22:36:57 +02:00
services feat(geocoding): privacy hardening — sensitive-query block + coord 2026-04-28 16:04:56 +02:00
tests feat(personas): M5.a — Playwright visual suite scaffold 2026-04-23 14:33:06 +02:00
.dockerignore make auth working 2025-11-26 01:31:12 +01:00
.editorconfig feat: add monorepo configuration and shared packages structure 2025-11-22 23:41:52 +01:00
.env.development feat(llm-aliases): M5 — migrate consumers to MANA_LLM aliases 2026-04-26 21:26:03 +02:00
.env.macmini.example chore(infra): unify prod deploy on .env.macmini + document missing keys 2026-04-23 13:01:29 +02:00
.env.secrets.example feat(env): persistent dev secrets via .env.secrets override 2026-04-08 17:50:37 +02:00
.gitignore feat(personas): M5.a — Playwright visual suite scaffold 2026-04-23 14:33:06 +02:00
.npmrc fix(monorepo): add .npmrc with node-linker=hoisted for EAS Build compatibility 2026-03-15 08:50:18 +01:00
.nvmrc feat: add monorepo configuration and shared packages structure 2025-11-22 23:41:52 +01:00
.prettierignore refactor: rename zitare -> quotes (Zitate) 2026-04-14 20:59:16 +02:00
.prettierrc.json fix(cicd): docker paths, formatting config, 2025-11-27 18:33:08 +01:00
CLAUDE.md docs: surface i18n validator stack + format helper convention 2026-04-25 12:07:35 +02:00
cloudflared-config.yml feat(infra): community.mana.how (instead of analytics.*) for the public-feedback hub 2026-04-27 01:00:22 +02:00
docker-compose.dev.yml chore(dev): wire SearXNG + mana-search into dev:mana:all 2026-04-15 22:31:29 +02:00
docker-compose.macmini.yml infra(macmini): bump squeezed container memory limits 2026-04-28 15:02:38 +02:00
docker-compose.test.yml test(integration): end-to-end auth flow test with Mailpit + CI gating 2026-04-08 17:14:02 +02:00
eslint.config.mjs feat(personas): M2.a-c — persona schemas + admin endpoints + seed pipeline 2026-04-23 13:55:14 +02:00
gift-codes-2026-02-14.txt feat(gifts): add gift code creation script and initial codes 2026-02-14 11:23:08 +01:00
lint-staged.config.js refactor(theming): re-apply theme validator suite after parallel rebase 2026-04-22 17:07:48 +02:00
package.json chore(dev): pnpm dev:analytics script + test-checklist mentions local-dev startup 2026-04-28 14:54:32 +02:00
playwright.config.ts style: auto-format codebase with Prettier 2025-11-27 18:33:16 +01:00
pnpm-lock.yaml fix(mana-media): HEIC uploads from Chrome — sniff + transcode at the edge 2026-04-25 13:46:13 +02:00
pnpm-workspace.yaml chore: delete 25 web-archived directories, remove stale stubs, clean workspace config 2026-04-03 13:03:49 +02:00
README.md refactor: rename zitare -> quotes (Zitate) 2026-04-14 20:59:16 +02:00
SYNC_DEBUG.md docs(sync): add SYNC_DEBUG runbook with new debug API in Schritt C 2026-04-09 17:20:46 +02:00
TROUBLESHOOTING.md refactor: rename zitare -> quotes (Zitate) 2026-04-14 20:59:16 +02:00
turbo.json chore(ci): add v8 test coverage tracking (non-blocking baseline) 2026-04-19 19:21:14 +02:00
vitest.config.ts feat: rename ManaCore to Mana across entire codebase 2026-04-05 20:00:13 +02:00

README.md

Mana Monorepo

Monorepo containing all Mana projects — a self-hosted multi-app ecosystem with shared packages and unified tooling.

Projects

Project Description Apps
mana Multi-app ecosystem platform Expo mobile, SvelteKit web
chat AI chat application NestJS backend, Expo mobile, SvelteKit web, Astro landing
todo Task management NestJS backend, SvelteKit web, Astro landing
calendar Calendar & scheduling NestJS backend, SvelteKit web, Astro landing
clock Pomodoro & time tracking NestJS backend, SvelteKit web, Astro landing
contacts Contact management NestJS backend, SvelteKit web
picture AI image generation NestJS backend, Expo mobile, SvelteKit web, Astro landing
cards Card/deck management NestJS backend, Expo mobile, SvelteKit web
quotes Daily inspiration quotes NestJS backend, Expo mobile, SvelteKit web, Astro landing
mukke Music player NestJS backend, SvelteKit web
plants Plant care tracker NestJS backend, SvelteKit web
storage Cloud storage NestJS backend, SvelteKit web
questions Q&A with web search SvelteKit web
skilltree Skill tree visualization NestJS backend, SvelteKit web
food Nutrition tracking NestJS backend, SvelteKit web
citycorners City guide NestJS backend, SvelteKit web, Astro landing
presi Presentation tool NestJS backend, SvelteKit web
photos Photo management NestJS backend, SvelteKit web

Getting Started

Prerequisites

  • Node.js 20+
  • pnpm 9.15.0+
  • Docker (for PostgreSQL, Redis, MinIO)

Installation

pnpm install

Development

# Start infrastructure (PostgreSQL, Redis, MinIO)
pnpm docker:up

# Start any app with auto DB setup
pnpm dev:chat:full
pnpm dev:todo:full
pnpm dev:calendar:full
pnpm dev:contacts:full

# Build & quality
pnpm run build
pnpm run type-check
pnpm run format

See CLAUDE.md for comprehensive development documentation.

Architecture

mana-monorepo/
├── apps/                    # Product applications
├── services/                # Microservices (auth, search, LLM, bots)
├── packages/                # Shared packages
├── docker/                  # Docker configuration
└── scripts/                 # Development & deployment scripts

Tooling

  • Package Manager: pnpm 9.15.0
  • Build System: Turborepo
  • Formatting: Prettier (tabs, single quotes, 100 char width)
  • Hosting: Mac Mini (self-hosted) via Docker + Cloudflare Tunnel
  • Analytics: Umami (stats.mana.how)

License

Private - All rights reserved