Livestock and household pets as leaves on the Location tree, mirroring Garden.
- Animal model (species/breed/sex/birthdate/location, soft-delete) + AnimalLog
(feeding, vet, weight, medication, breeding, acquired, died); Task.animalId for
recurring care reminders
- API-first /api/v1/animals (CRUD) + logs, animals:read/write scopes; animals
service shared with the coming MCP
- Animals pages: list grouped by species with auto-computed age, detail with
facts + latest weight + care log; add/edit/remove + log entry. Nav entry.
Backup/restore cover the new tables
- Pure age.ts (newborn/days/months/years) with tests; verified end-to-end against
a running server (create, vet + weigh-in logs, read-back)
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The first inventory vertical on the shared spine. Things you own — tools, gear,
equipment — each living in a Location or inside another Item.
- Item model (kind DURABLE|CONSUMABLE; consumable fields present but unused so
Pantry needs no migration), self-nesting via parentItemId (toolbox holds drill,
with a cycle guard), value/warranty/serial/brand/qty, qrSlug, photo
- Label (m2m) + ItemAttachment (photos/manuals/receipts) + ItemLog
(maintenance/repair/move/dispose) history; Task.itemId
- API-first: /api/v1/items (CRUD), labels, logs, multipart attachments — the UI
consumes the same scoped endpoints. items service shared with the coming MCP
- Inventory pages: tree grouped by Location with items nested inside items;
item detail with warranty status, photos, contents, history; add/edit/delete,
log, photo upload. Nav entry. Backup/restore cover the new tables
- Pure value.ts (warrantyStatus, totalValue) with tests; verified end-to-end
against a running server (nest, cycle-guard 400, log 201)
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
A bidirectional API so other apps (Home Assistant, phone shortcuts, scripts,
and the coming MCP server) can read and update the homestead.
- ApiToken model (sha256-hashed, scoped, with prefix/lastUsed/expiry/revoke)
- authenticateRequest() accepts EITHER a NextAuth cookie session OR a Bearer
PAT; cookie sessions get full access, tokens are limited to their scopes
(write implies read; resource and global wildcards). ApiError + handleApiError
- Shared service layer (plants/tasks/locations/plant-types) reused by every
endpoint and, later, the MCP server — logic lives once
- /api/v1: plants (read + add log), plant-types, locations, tasks (read/create/
complete), and a whoami/discovery root
- Settings → API tokens: create with per-resource read/write checkboxes, raw
token shown once, revoke; tokens added to backup/restore
- Pure tests for scope matching + token hashing; verified end-to-end (401/403/
201, lastUsedAt) against a running server
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>