till/managarten
1
0
Fork 0
mirror of https://github.com/Memo-2023/mana-monorepo.git synced 2026-05-15 09:41:09 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
managarten/apps/mana
History
Till JS bed08a1aa6 feat(mana/web): encryption phase 4 — notes pilot live 
First module with at-rest encryption flipped on. The notes table's
title + content are now encrypted with AES-GCM-256 before any write
hits Dexie, decrypted on every read coming back through liveQuery,
and travel as opaque ciphertext through the sync wire (pending
changes, server push, applyServerChanges, the lot).

What changes for the user
  - Nothing visible. Optimistic UI render still uses the plaintext
    snapshot returned by createNote(). Edits look identical to the
    old Phase 3 behaviour. The difference is invisible until you
    crack open DevTools → Application → IndexedDB → mana → notes,
    where you'll see ciphertext instead of "Buy milk".

What changes on disk
  - notes.title and notes.content store ciphertext blobs
    (`enc:1:<iv-b64>.<ct-b64>`)
  - All other columns (id, color, isPinned, isArchived, createdAt,
    updatedAt, deletedAt, userId, __fieldTimestamps) stay plaintext
    so liveQuery filtering, sorting, and Field-Level LWW continue to
    work without changes.
  - _pendingChanges.data carries the same ciphertext blobs — server
    receives opaque values, never plaintext.

Files
  registry.ts
    notes flipped to enabled:true with the corrected field list
    ['title', 'content'] (the schema has no 'body' column).

  aes.test.ts
    Existing assertion that "Phase 1 has no encrypted tables" is
    rewritten as "notes is enabled in Phase 4" so the registry flip
    doesn't break the foundation suite.

  record-helpers.ts
    encryptRecord/decryptRecord/decryptRecords loosen the generic
    constraint from `T extends Record<string, unknown>` to
    `T extends object`. Domain types like LocalNote work as direct
    arguments without an `as Record<string, unknown>` cast at every
    call site. Internal field reads/writes go through a sealed
    Record-shaped view.

  notes/stores/notes.svelte.ts
    createNote: snapshots the plaintext for the optimistic return
    value, then encryptRecord('notes', record) before noteTable.add.
    updateNote: encrypts the diff in place; non-encrypted fields
    (color, isPinned, isArchived) pass through untouched.
    togglePin / archiveNote / deleteNote: untouched — they only
    update plaintext columns.

  notes/queries.ts
    useAllNotes: filter on plaintext metadata first (deletedAt,
    isArchived) so the decrypt workload is bounded by the visible
    set, not the whole table. Then decryptRecords across what's
    left, then map+sort.
    useNote(id): new helper for detail views.

  notes-encryption.test.ts (new — 8 cases)
    End-to-end against fake-indexeddb with a real Web Crypto master
    key in MemoryKeyProvider:
      1. Title + content land as ciphertext on disk
      2. Structural fields stay plaintext on disk
      3. updateNote re-encrypts modified content but leaves flags
      4. togglePin / archiveNote produce byte-identical title blobs
         (i.e. no spurious re-encryption)
      5. _pendingChanges.data carries ciphertext + plaintext metadata
      6. Wrong-key decrypt fails closed (returns blobs, not garbage)
      7. Locked vault refuses new writes with VaultLockedError
      8. Locked vault still serves blobs without crashing on read

Test bilanz: 4 crypto-related test files, 64/64 passing
(31 AES + 12 record-helpers + 12 vault-client + 8 notes E2E + 1 misc).
Full mana/web suite: 20 files, 262/262 tests passing.

Stand der encryption pipeline:
  Phase 1   Foundation (1ba5948ce)
  Phase 2   Server vault (e9915428c)
  Phase 3   Wire-up (354cbcb17)
  Phase 4   Notes pilot (this commit)
  Phase 5 → roll out to chat, dreams, memoro, contacts, etc.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-07 19:00:11 +02:00
..
apps feat(mana/web): encryption phase 4 — notes pilot live 2026-04-07 19:00:11 +02:00
.gitignore feat: rename ManaCore to Mana across entire codebase 2026-04-05 20:00:13 +02:00
CLAUDE.md chore: complete ManaCore → Mana rename (docs, go modules, plists, images) 2026-04-07 12:26:10 +02:00
README.md chore: complete ManaCore → Mana rename (docs, go modules, plists, images) 2026-04-07 12:26:10 +02:00

README.md

Mana Apps

A unified application ecosystem built on a shared authentication system, supporting multiple branded applications across web and mobile platforms.

Overview

Mana Apps is a monorepo containing web and mobile applications that provide organization management, team collaboration, and credit transfer capabilities. The system supports multiple branded applications (Memoro, Cards, Storyteller, Mana) through a flexible multi-tenant architecture.

Applications

  • Web App (apps/web) - SvelteKit-based web application
  • Mobile App (apps/mobile) - React Native (Expo) app for iOS, Android, and web
  • Landing (apps/landing) - Landing page (planned)

Features

  • 🔐 Unified authentication with Supabase
  • 🏢 Organization management with role-based access
  • 👥 Team collaboration and member management
  • 💰 Mana credit system with transfers and balance tracking
  • 🎨 Multi-brand support with configurable themes
  • 📱 Cross-platform (Web, iOS, Android)
  • 🔄 Real-time updates across all platforms
  • 🧪 Comprehensive testing with Vitest and Playwright

Quick Start

Prerequisites

  • Node.js 20+
  • pnpm (for web app)
  • npm (for mobile app)
  • Supabase account with project configured
  • Expo CLI (for mobile development)

Setup

  1. Clone the repository

    git clone <repository-url>
cd mana-core-apps

  2. Web App Setup

    cd apps/web
pnpm install
cp .env.example .env
# Edit .env with your Supabase credentials
pnpm dev

  3. Mobile App Setup

    cd apps/mobile
npm install
cp .env.example .env
# Edit .env with your Supabase credentials
npm start

Project Structure

mana-core-apps/
├── apps/
│   ├── web/                    # SvelteKit web application
│   │   ├── src/
│   │   │   ├── routes/        # File-based routing
│   │   │   │   ├── (auth)/    # Public auth pages
│   │   │   │   └── (app)/     # Protected pages
│   │   │   ├── lib/
│   │   │   │   ├── components/
│   │   │   │   ├── config/    # Multi-app configuration
│   │   │   │   ├── server/    # Server-only utilities
│   │   │   │   └── types/
│   │   │   └── hooks.server.ts # Auth middleware
│   │   └── package.json
│   │
│   ├── mobile/                 # React Native (Expo) app
│   │   ├── app/               # File-based routing (Expo Router)
│   │   │   ├── (drawer)/      # Drawer navigation
│   │   │   ├── auth/          # Auth screens
│   │   │   └── _layout.tsx    # Root layout with auth
│   │   ├── components/        # React components
│   │   ├── utils/            # Utilities (Supabase, storage)
│   │   └── package.json
│   │
│   └── landing/               # Landing page (planned)
│
├── CLAUDE.md                  # Developer documentation
└── README.md                  # This file

Technology Stack

Web App (apps/web)

Category Technology
Framework SvelteKit 2 with Svelte 5 (Runes)
Language TypeScript
Styling TailwindCSS 3 with PostCSS
Database Supabase (PostgreSQL)
Auth Supabase Auth with SSR
Testing Vitest (unit) + Playwright (E2E)
Build Tool Vite

Mobile App (apps/mobile)

Category Technology
Framework Expo 52 with React Native 0.76
Language TypeScript
Routing Expo Router 4 (file-based)
Styling NativeWind (TailwindCSS for RN)
Navigation React Navigation (drawer, tabs)
Database Supabase
Build EAS Build
Platforms iOS, Android, Web

Development

Web App Commands

cd apps/web

# Development
pnpm dev                # Start dev server (http://localhost:5173)
pnpm build              # Build for production
pnpm preview            # Preview production build

# Code Quality
pnpm check              # Type-check with svelte-check
pnpm check:watch        # Type-check in watch mode
pnpm lint               # Check formatting and lint
pnpm format             # Format code with Prettier

# Testing
pnpm test               # Run unit tests (Vitest)
pnpm test:ui            # Run tests with UI
pnpm test:e2e           # Run E2E tests (Playwright)

Mobile App Commands

cd apps/mobile

# Development
npm start               # Start Expo dev server
npm run ios             # Run on iOS simulator
npm run android         # Run on Android emulator
npm run web             # Run web version (http://localhost:19006)

# Building
npm run build:dev       # Build dev client
npm run build:preview   # Build for internal testing
npm run build:prod      # Build for production

# Code Quality
npm run lint            # Lint and check formatting
npm run format          # Fix linting and format code

# Setup
npm run prebuild        # Generate native projects

Environment Configuration

Both apps require Supabase configuration. Create .env files based on .env.example:

Web App (apps/web/.env)

PUBLIC_SUPABASE_URL=your_supabase_project_url
PUBLIC_SUPABASE_ANON_KEY=your_supabase_anon_key
MIDDLEWARE_URL=https://mana-middleware-111768794939.europe-west3.run.app
PUBLIC_APP_NAME=Mana Web
NODE_ENV=development

Mobile App (apps/mobile/.env)

EXPO_PUBLIC_SUPABASE_URL=your_supabase_project_url
EXPO_PUBLIC_SUPABASE_ANON_KEY=your_supabase_anon_key

Architecture

Multi-Tenant System

The system supports multiple branded applications sharing the same authentication backend:

  • Memoro - Voice recordings and memory management
  • Cards - AI-powered flashcard learning
  • Storyteller - Creative writing with AI assistance
  • Mana - Central account and organization management

App configurations are centralized in apps/web/src/lib/config/apps.ts, defining branding, features, and routing for each application.

Authentication Flow

Web (SvelteKit):

  1. Server-side authentication using @supabase/ssr
  2. Middleware in hooks.server.ts handles session validation
  3. Protected routes in (app) group require authentication
  4. JWT validation via safeGetSession() before allowing access

Mobile (Expo):

  1. Client-side authentication using @supabase/supabase-js
  2. Custom memory storage for session persistence
  3. AuthProvider in app/_layout.tsx manages auth state
  4. Automatic navigation based on authentication status

Database Schema

Key tables:

  • users - User profiles (linked via auth_id to Supabase Auth)
  • organizations - Organization entities
  • user_roles - User-organization relationships with roles
  • teams - Team entities within organizations
  • team_members - User-team memberships
  • credit_transactions - Mana credit transfer history

See CLAUDE.md for detailed architecture documentation.

Testing

Web App

cd apps/web

# Unit tests
pnpm test              # Run all tests
pnpm test:ui           # Open Vitest UI

# E2E tests
pnpm test:e2e          # Run Playwright tests
pnpm test:e2e --ui     # Run with Playwright UI

Mobile App

Mobile testing is primarily done through Expo Go or development builds:

cd apps/mobile
npm start              # Start dev server
# Then press 'i' for iOS or 'a' for Android

Deployment

Web App

Vercel (Recommended):

cd apps/web
vercel

Netlify:

cd apps/web
netlify deploy

Mobile App

iOS and Android (via EAS):

cd apps/mobile

# Preview build (internal testing)
npm run build:preview

# Production build
npm run build:prod

Configure EAS in eas.json with your build profiles.

Contributing

  1. Create a feature branch from main
  2. Make your changes
  3. Run linting and tests
  4. Submit a pull request

Code Style

  • Use TypeScript for type safety
  • Follow ESLint and Prettier configurations
  • Write tests for new features
  • Use conventional commit messages

Documentation

  • CLAUDE.md - Comprehensive developer guide for Claude Code
  • apps/web/README.md - Web-specific documentation
  • Individual component documentation in source files

Support

For questions or issues, please contact the development team or open an issue in the repository.

License

Private - All rights reserved