The dashboard gate trusted session.user.mustChangePassword from the JWT, which is
only refreshed on re-login/update() — so after a user set a new password the stale
cookie kept bouncing them back to /change-password. Read the flag from the DB (the
source of truth) so it clears immediately and never re-fires. Cheap for a 2-user
app; also re-checks the account is still active.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Bring an existing HomeBox inventory straight in, and capture the fields HomeBox
has that we were missing (skipping asset IDs per Tony).
- Item: soldTo/soldPrice/soldDate/soldNotes + flexible customFields (JSON, e.g.
VIN / oil weight for vehicles); both editable in the item dialog and shown on
the detail page
- Pure HomeBox CSV parser (src/lib/inventory/homebox-import.ts, +5 tests) —
RFC4180 quoting (commas/newlines/escaped quotes in fields), HomeBox's 0001-*
null dates and 0 = empty price, semicolon labels, HB.field.* custom columns,
nested 'A / B' location paths
- Import service + /api/v1/items/import: find-or-creates the nested locations
and labels, creates items, recomputes location paths, returns a summary
- Inventory 'Import' button: paste/upload CSV, review every row with checkboxes
(uncheck to skip), then import. Preview parses client-side (parser is pure)
- Verified end-to-end: nested locations, split labels, sold + custom fields,
skip, quoted names, null-date handling. tsc + 38 tests + build green
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Rounds out Inventory toward HomeBox, and gives Locations a real home.
Inventory:
- Attach manuals, receipts, and warranty docs (any file), not just photos —
attachment uploader now has a kind picker; WARRANTY kind added
- Richer purchase/warranty: purchasedFrom, warrantyDetails, lifetimeWarranty,
insured (item dialog + detail facts + header badge)
- Schedule recurring maintenance from an item (creates a Task linked via
itemId); item detail shows its maintenance with overdue flagged. Task create
now accepts itemId/animalId
Locations:
- New Locations page + nav: browse/add/rename/move/delete the whole place tree
(LocationManager over the existing /api/locations routes); shows plant/item
counts per place. The spot to merge near-dupes before dropping legacy zone
Verified end-to-end against a running server (new fields round-trip, maintenance
task links to item, MANUAL attachment stored). tsc + 33 tests + build green.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Livestock and household pets as leaves on the Location tree, mirroring Garden.
- Animal model (species/breed/sex/birthdate/location, soft-delete) + AnimalLog
(feeding, vet, weight, medication, breeding, acquired, died); Task.animalId for
recurring care reminders
- API-first /api/v1/animals (CRUD) + logs, animals:read/write scopes; animals
service shared with the coming MCP
- Animals pages: list grouped by species with auto-computed age, detail with
facts + latest weight + care log; add/edit/remove + log entry. Nav entry.
Backup/restore cover the new tables
- Pure age.ts (newborn/days/months/years) with tests; verified end-to-end against
a running server (create, vet + weigh-in logs, read-back)
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The first inventory vertical on the shared spine. Things you own — tools, gear,
equipment — each living in a Location or inside another Item.
- Item model (kind DURABLE|CONSUMABLE; consumable fields present but unused so
Pantry needs no migration), self-nesting via parentItemId (toolbox holds drill,
with a cycle guard), value/warranty/serial/brand/qty, qrSlug, photo
- Label (m2m) + ItemAttachment (photos/manuals/receipts) + ItemLog
(maintenance/repair/move/dispose) history; Task.itemId
- API-first: /api/v1/items (CRUD), labels, logs, multipart attachments — the UI
consumes the same scoped endpoints. items service shared with the coming MCP
- Inventory pages: tree grouped by Location with items nested inside items;
item detail with warranty status, photos, contents, history; add/edit/delete,
log, photo upload. Nav entry. Backup/restore cover the new tables
- Pure value.ts (warrantyStatus, totalValue) with tests; verified end-to-end
against a running server (nest, cycle-guard 400, log 201)
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Fixes from the code review:
- #1 Wire mustChangePassword: dashboard layout redirects to a new /change-password
page + /api/account/change-password (verifies current pw, re-hashes, clears the
flag, refreshes the session). Provisioned admins can no longer keep the default.
- #2 Assert NEXTAUTH_SECRET in production (not during build); set it on authOptions.
- #3 Backup page now server-gated to admins (split into server page + client panel),
matching the Updates page.
- #4 Restore validates input: strict zod schema for the users table (known fields,
role enum) + array checks for the rest; returns generic errors instead of String(err).
No version bump/changelog — left for you to fold into the next release (you're
editing those live). Not pushed, not deployed.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
A bidirectional API so other apps (Home Assistant, phone shortcuts, scripts,
and the coming MCP server) can read and update the homestead.
- ApiToken model (sha256-hashed, scoped, with prefix/lastUsed/expiry/revoke)
- authenticateRequest() accepts EITHER a NextAuth cookie session OR a Bearer
PAT; cookie sessions get full access, tokens are limited to their scopes
(write implies read; resource and global wildcards). ApiError + handleApiError
- Shared service layer (plants/tasks/locations/plant-types) reused by every
endpoint and, later, the MCP server — logic lives once
- /api/v1: plants (read + add log), plant-types, locations, tasks (read/create/
complete), and a whoami/discovery root
- Settings → API tokens: create with per-resource read/write checkboxes, raw
token shown once, revoke; tokens added to backup/restore
- Pure tests for scope matching + token hashing; verified end-to-end (401/403/
201, lastUsedAt) against a running server
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
A rich-but-all-optional reference record per kind of plant (care, sun, water,
bloom & harvest windows, toxic-to-pets, edible parts, spacing), distinct from a
specific planting or a group.
- PlantType model + optional Plant.plantTypeId; migration + idempotent backfill
that seeds 247 kinds from the built-in plant library and links plantings by
species/common name (wired into the deploy entrypoint)
- /api/plant-types CRUD; new "Plant types" section (browse by category, edit a
kind, see every spot you've planted it)
- New plants auto-link to their type on create; plant detail shows "More about…"
- PlantType added to backup/restore; bump APP_VERSION 0.11.0 + changelog
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Completes the Location feature (schema + migration landed earlier under 98cabc5).
- Hierarchical Location model is the shared spine; unlimited nesting
- Garden add/edit now picks a reusable Location (inline create) instead of
freeform text; garden groups By Location off the real tree
- Dual-write keeps legacy Plant.zone in sync with location.name (Release A)
- /api/locations CRUD + /api/locations/[id]/log (logs a location + its sub-locations)
- Location tree pure-core (buildTree/computePath/descendantIds) with tests
- Location added to backup/restore export
- Bump APP_VERSION 0.10.0 + plain-English changelog entry
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
webhook returns 200 even when a trigger rule isn't satisfied, which would let
the app's res.ok check falsely report success if the secret drifted. Set
trigger-rule-mismatch-http-response-code: 403 so unauthorized triggers are
clearly rejected.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The -template parser is Go text/template; JSON-escaped \" broke the action.
Backtick raw-string literal is valid inside the JSON string and parses cleanly.
Config-only (mounted + hotreload) — no app rebuild.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Add an admin 'Pull & rebuild' button (Settings → Updates). It POSTs an
admin-gated route that signals a privileged 'updater' sidecar (adnanh/webhook +
docker socket) over the internal network with a shared secret; the sidecar runs
'git fetch && reset --hard origin/master && docker compose up -d --build app'
detached. The UI polls /api/version until the rebuilt app returns on the new
version, then reloads.
Secret matching uses webhook -template + getenv so UPDATER_SECRET stays out of
the repo (host .env only). No request data reaches the shell — the command is
fixed in updater/update.sh.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Footer becomes a changelog chip and shows an 'Update available' badge when a
newer APP_VERSION exists upstream. Detection reads src/lib/version.ts from the
Gitea default branch (dms model) and compares — self-contained, no OTM control
plane. Adds src/lib/update-check.ts and GET /api/version (also a running-version
probe for the upcoming one-click rebuild).
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Wire the shared Gitea-backed suggestions panel: page, list/create + comments +
upload API routes, sidebar link. Suggestions file as issues on bonna61/Moonbase;
screenshot uploads persist via a mounted volume. Mirrors the FMB wiring.
Secrets (NEXTAUTH_SECRET, GITEA_TOKEN) moved out of docker-compose.yml to an
interpolated gitignored .env on the host, per CLAUDE.md (never commit the token).
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Version the backup/restore feature that merged in unversioned, and add
netcat-openbsd to the bookworm-slim runtime so the new entrypoint Postgres
readiness check (nc -z postgres 5432) works instead of looping forever.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The NAS container was crash-looping: npx pulled Prisma 7.8.0 (which rejects
url in the datasource), and the alpine + non-root + standalone setup couldn't
detect openssl or write the migration engine. Switch to the FMB-proven runtime
(node:20-bookworm-slim + openssl, run as root, full node_modules, next start)
so the local pinned Prisma 5.22 CLI runs and migrations apply cleanly.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
npx prisma was downloading Prisma CLI v7.8.0 which dropped the
url = env("DATABASE_URL") schema syntax. Use the project's own
installed Prisma CLI from node_modules instead, copied from the
builder stage.