Release notes

Refresh discovery and chat contract updates · 90f5d9e

Consolidate the current discovery/chat UI, backend validation, locale copy, and regenerated API artifacts into one committed state so the stage build matches the working tree.

Regenerate release-notes JSON + KB note for /not-found localization · 1e8a995

Refresh after deploying web 0.1.161 (cookie-driven 404 locale) and web 0.1.162 (drop · {appName} suffix to prevent title.template duplication). KB documents the pattern: when a metadata key feeds into a Next title.template, never include {appName} in the key — the template owns the suffix.

Drop duplicate '· {appName}' from notFound.metaTitle (Next title.template appends it) (0.1.162) · 1411a85

After the 0.1.161 fix, stage still rendered: <title>Page Not Found · TrueConnection | TrueConnection</title> Brand name printed twice — once from the message key (`· {appName}`) and once from Next's `title.template` (`%s | TrueConnection`) inherited from `defaultMetadata`. Fix: stripped `· {appName}` from `app.notFound.metaTitle` in all five locale bundles. The keys now hold the bare page name only ("Page Not Found", "Seite nicht gefunden", "Page introuvable", "Página no encontrada", "الصفحة غير موجودة"); Next's t…

Localize 404 page (cookie-driven locale, drop force-static) (0.1.161) · 457099f

Curl probe across locales surfaced an i18n + a11y regression on the root 404 page: /en/this-does-not-exist → <title>Page Not Found - 404 | TrueConnection</title> /de/non-existent → <title>Page Not Found - 404 | TrueConnection</title> ← English /ar/missing → <title>Page Not Found - 404 | TrueConnection</title> ← English …body text "Page Not Found" repeats in English on every locale. Two impacts: - Screen readers announce <title> on every navigation; a French/Arabic visitor who hits a stale link hears English on eve…

Regenerate JSON after stage rebuild (sitemap + classifier fixes) · d3f87e2

Refresh of release-notes.generated.json picks up the latest pushed commits (web 0.1.159 capture-callback rewrite, web 0.1.160 sitemap /release-notes coverage, plus the chore + docs commits) so the public /release-notes page reflects the deployed stage build.

Regenerate release-notes JSON + KB note for sitemap /release-notes coverage · d9088ab

Refresh after deploying web 0.1.160 (sitemap now lists /release-notes). KB documents the unprefixed-route trio pattern: when adding a new entry to UNPREFIXED_ROUTES, also add a sitemap append + a guardrail-test assertion so search-engine discovery, link-emission rules, and sitemap coverage stay in sync.

curl + grep-count probe of stage sitemap showed: total <url> entries: 15 /release-notes entries: 0 /landing entries (per-locale): 30 · 5919ab1

curl + grep-count probe of stage sitemap showed: total <url> entries: 15 /release-notes entries: 0 /landing entries (per-locale): 30 Per-locale roots / landings / sign-in were correctly enumerated, but the unprefixed `/release-notes` public route was missing entirely. Search engines could only discover the changelog via the footer link from a landing page — sitemap discovery never surfaced it. The page is the canonical product changelog with one entry per shipped commit; missing it from the sitemap directly hurts …

Regenerate release-notes JSON + KB note for setUncaughtExceptionCaptureCallback rewrite · 6b3d3f7

Refresh after deploying web 0.1.159 (third-time-fixed: ECONNRESET classifier now uses Node's setUncaughtExceptionCaptureCallback which replaces the EventEmitter pathway entirely, fully suppressing Next's bare ⨯ uncaughtException printer that was added by the framework after register() ran). KB documents the pattern (capture-and-replay misses listeners added later in the boot sequence) and the backend-security sweep findings (cookies hardened, log redaction working, no PII leaks).

Switch ECONNRESET classifier to setUncaughtExceptionCaptureCallback (suppresses Next's bare ⨯) (0.1.159) · cc10a90

Stage logs at web 0.1.158 *still* showed both: {"source":"instrumentation","event":"client_socket_abort","severity":"warn",…} ← my classifier ✓ ⨯ uncaughtException: Error: aborted at ignore-listed frames { code: 'ECONNRESET' } ← Next's printer ✗ Two-line bug per harmless peer disconnect persisted across the 0.1.154 and 0.1.157 attempts. Both used `process.on('uncaughtException')` and captured the listener list at install time. Root cause: **Next.js installs its `⨯ uncaughtException` listener during HTTP server sta…

Record X-XSS-Protection fix + Traefik middlewares.yml structure trap · c4953fe

Documents the OWASP 2026 guidance for X-XSS-Protection (deprecated; set to 0), the indentation trap with customResponseHeaders (must live inside the headers: block), and the diff-test pattern for traefik_config.py changes (so future operators verify YAML shape before redeploying).

Traefik security-headers middleware emits X-XSS-Protection: 0 (deprecated header) · d733985

Curl probe of stage response headers showed `X-XSS-Protection: 1; mode=block`, which per OWASP 2026 guidance is actively *harmful*: the legacy IE XSS Auditor (the only consumer that ever processed the header) had known bypass vulnerabilities that could turn a missing XSS into a real one; modern browsers (Chrome 78+, Firefox, Safari) do not implement the header at all. CSP `script-src 'self' …` (set by the web-client) is the modern XSS mitigation. Fix: in `app-pipeline/common/traefik_config.py::TraefikMiddlewareCon…

Regenerate release-notes JSON + KB note for localized meta description + ar_SA + X-Powered-By · cc949df

Refresh after deploying web 0.1.158 (localized <meta description> + og:description across all 5 locales, fixed invalid og:locale ar_AR → ar_SA, removed X-Powered-By: Next.js header). KB documents the curl evidence per locale (de/fr/es/ar all native) and the OG locale country-code rule (territory must be where the language is spoken; ar_AR was Argentina, not Arabic).

Localize <meta description> + og:description, fix invalid og:locale ar_AR, drop X-Powered-By (0.1.158) · 75a5578

Continuing the localized-metadata sweep from 0.1.156. Curl probe of `<meta name="description">` and `<meta property="og:description">` across all five locale roots showed identical English on every locale: /en /de /fr /es /ar: <meta name="description" content="Discover meaningful connections based on shared values and authentic compatibility. Join TrueConnection to find your true match through our unique value-based matching system."/> <meta property="og:description" content="Discover meaningful connections based …

Regenerate release-notes JSON + KB note for localized <title> + classifier fix · 7e5b209

Refresh after deploying web 0.1.156 (localized landing/layout titles for SEO + a11y) and web 0.1.157 (instrumentation classifier suppresses Next's duplicate ⨯ uncaughtException line via captured-listeners replay). KB documents the per-locale <title> evidence (de/fr/es/ar all native) and the listener-replay pattern that preserves framework error logging for real bugs while suppressing it for harmless socket aborts.

Instrumentation classifier suppresses duplicate ⨯ uncaughtException from Next's own logger (0.1.157) · 07c2f35

Stage logs at api 0.1.156 still showed `⨯ uncaughtException: Error: aborted` **plus** the structured `client_socket_abort` warn from my classifier (introduced in 0.1.154). Two log lines per harmless peer-disconnect — the classifier's whole point was to replace the bare `⨯` line, not duplicate it. Root cause: `process.on('uncaughtException')` *adds* a listener; it does not replace existing ones. Next.js attaches its own listener at server start that prints the bare `⨯ uncaughtException` line. My classifier ran (war…

Localize <title> on /[locale] + /[locale]/landing for SEO + a11y (0.1.156) · 9085c43

Browser-MCP probe of /de, /fr, /es, /ar plus `curl ... | grep <title>` across all five locales surfaced an SEO + accessibility bug: /en: <title>TrueConnection - Authentic Connections Through Shared Values | TrueConnection</title> /de: <title>TrueConnection - Authentic Connections Through Shared Values | TrueConnection</title> /fr: <title>TrueConnection - Authentic Connections Through Shared Values | TrueConnection</title> /es: <title>TrueConnection - Authentic Connections Through Shared Values | TrueConnection</ti…

Regenerate release-notes JSON + KB note for npm audit + SSR deep-link fix · 26cdbd1

Refresh after deploying web 0.1.155 (uuid override + ?view=activity SSR resolve). KB documents the npm audit analysis (advisory non-applicable because next-auth only calls uuid.v4(), but overridden to keep audit clean) and the no-flash deep-link fix (browser-MCP evidence shows Activity tab selected on first paint with no Notes flash).

SSR-resolve ?view=activity deep-link so Activity tab paints with no Notes flash (0.1.155) · e26671f

Visual smoke via browser MCP on `https://stage.trueconnection.app/release-notes?view=activity`: the page rendered with `Notes [selected]` for one paint, then flipped to `Activity [selected]` once the client `useEffect` ran. Annoying flash on every shared Activity link. Root cause: `ReleaseNotesPageView` defaulted `useState(NOTES_VIEW)` to keep SSR and client hydration in sync, then ran a `useEffect` to read `searchParams.get('view')` and switch to Activity. Server HTML always said Notes; client switched after firs…

Pin uuid >= 14 via npm overrides to clear GHSA-w5hq-g745-h8pq (audit-only) · e6f6407

`npm audit` reported 2 moderate transitives: `next-auth@4.24.14 → uuid@8.3.2` (GHSA-w5hq-g745-h8pq — missing buffer bounds check in uuid.v3() / v5() / v6() when called with a `buf` argument). Verified by source inspection of `node_modules/next-auth/jwt/index.js` that next-auth uses **only** `uuid.v4()` (random, no `buf` arg) for `setJti(...)` — the codebase is **not exploitable**. Fix is purely to keep `npm audit` clean and the operator's "always keep dependencies up to date" rule satisfied. Approach: `overrides: …

Regenerate release-notes JSON + KB note for cron in-process + ECONNRESET classifier · b8a7646

Refresh after deploying api 0.1.24 (in-process cron + bulk-peer Promise.allSettled) and web 0.1.154 (ECONNRESET aborted classifier). KB documents the second cross-bridge sweep, the dead chat-media-orphan cron entry that was removed (its underlying service method was a phantom), and the strict instrumentation classifier with stage evidence (17/17 responsive cells green, zero uncaughtException lines post-deploy).

Classify ECONNRESET aborted as structured warn (not bare uncaughtException) (0.1.154) · 3974f50

Stage logs intermittently showed: web-client-stage | ⨯ uncaughtException: Error: aborted web-client-stage | at ignore-listed frames { web-client-stage | code: 'ECONNRESET' web-client-stage | } Looks alarming, isn't a crash: container stays `healthy`, process keeps serving traffic. The events come from clients (Playwright `page.close()`, browser navigations, mobile background suspends) closing the socket mid-response. Next.js 16's default `uncaughtException` printer surfaces them with a bright `⨯`, drowning out gen…

Scheduled tasks run in-process + bulk peer recalc tolerates one bad row (api 0.1.24) · 7745bb0

Continuing the change-stream cross-bridge sweep from api 0.1.22-0.1.23, two more silently-broken nightly behaviours found: 1. **node-cron scheduled tasks** in `lib/cron/scheduled-tasks.ts` did `fetch(${urlResolver.getBackendUrl()}/api/cron/...)` for the 02:00 UTC match recalculation cron (and a chat-media-orphan-purge cron whose route handler never existed). On multi-host stage the URL resolves to the public host → web-client BFF → 401 — every nightly run silently no-op'd. Refactored to call services in-process vi…

Refresh after deploying api 0.1.22 (in-process recalc helper) + api 0.1.23 (orphan match row tolerance + self-heal). · 0621286

Refresh after deploying api 0.1.22 (in-process recalc helper) + api 0.1.23 (orphan match row tolerance + self-heal). KB entry documents the cross-bridge anti-pattern, the in-process helper as single source of truth, and the self-heal behaviour with stage evidence (4 historic orphans cleaned on first run, zero level:50 errors after).

UpdateMatchForProfileChange tolerates orphan match rows + self-heals (api 0.1.23) · 5f77075

The previous fix (api 0.1.22) made the change-stream call this method in-process for the first time on stage. That immediately surfaced a pre-existing latent bug masked for months by the broken HTTP-401 path: Error: updateMatchForProfileChange: profile not found for viewer authUid=69e56bff35a55760fecd5788 (match references otherUserId=ecb7bc48-…) at MatchCalculationService.updateMatchForProfileChange Root cause: `Promise.all` over every `matches` row that references the changed profile. When **one** row points at …

Recalc matches in-process from change-streams (no HTTP roundtrip-to-self) (api 0.1.22) · 6889384

Stage logs after every profile update emitted two noise lines: web-client-stage | {"tag":"BFF_PROXY_ERROR","event":"No session token","pathname":"/api/internal/recalculate-matches"…} backend-stage | Failed to trigger match recalculation for user … 401 {"error":"Unauthorized","message":"Authentication required."} Root cause (cross-bridge anti-pattern): `lib/db/change-streams.ts` did `fetch(${urlResolver.getBackendUrl()}/api/internal/recalculate-matches)` to trigger recalc when a profile changed. On a multi-host dep…

Regenerate release-notes JSON + KB note for design-system consolidation (0.1.152 + 0.1.153) · dad87a8

Refresh of `release-notes.generated.json` after deploying the design-system consolidation (`src/components/` → `src/design-system/components/`) and the `marketing` naming cleanup. KB entry documents the new architectural contract (single submodule, onion direction, full-path imports) and the responsive matrix evidence (11/11 cells green on stage at 320/375/768/1280).

Per the project's professional-wording rule (variables should not be named 'marketing' when 'landing' already conveys the context), this rename strips the redundant prefix: · c6f21d8

Per the project's professional-wording rule (variables should not be named 'marketing' when 'landing' already conveys the context), this rename strips the redundant prefix: - File: `src/design-system/landing-marketing-brand.ts` → `src/design-system/landing-brand.ts` (full git history preserved via `git mv`). - Symbol: `[redacted]` → `getLandingFrostCardDiffuseGlowBoxShadow`. - Updated all docstring `{@link …}` and import-path references in `globals.css`, `design-system/index.ts`, `design-system/landing-accent-chro…

Merge src/components into src/design-system as a single submodule (0.1.152) · d20f859

The design system now owns *everything* visual + interactive — tokens (`*-brand.ts`) **and** React components ship as one submodule under `src/design-system/`. Previously the two lived in separate top-level folders (`src/components/` for React, `src/design-system/` for tokens), which made it easy to ship UI that bypassed the token layer. Mechanical refactor (no runtime behaviour change): - `git mv src/components → src/design-system/components` — full git history is preserved for every file (`R`/`RM` status in `git…

Regenerate JSON to include 0.1.150 + 0.1.151 commits · c03b523

Refresh of `release-notes.generated.json` after pushing the viewport-export and `/dev` hub fixes. Surfaces the new commits on `/release-notes` so the public page reflects the deployed stage build.

Add /dev hub index page (root-cause: App-Router static-folder fall-through) · 5f9a320

Stage probe of `GET /dev` returned HTTP 500 with web-client-stage log: `⨯ Error [InvalidLocaleError]: "dev" is not a supported AppLocale` Root cause: `app/dev/` has subfolders with `page.tsx` (`/dev/platform`, `/dev/ui`, …) but no `app/dev/page.tsx` index. Next 16 App Router cannot satisfy `/dev` from the static folder, falls through to the dynamic sibling `app/[locale]/page.tsx` with `params.locale = "dev"`, and the locale layout's `generateMetadata` correctly throws `InvalidLocaleError`. Same trap exists for any…

Move themeColor from metadata to viewport export (Next 15+ contract) · c3d6227

Root cause: `src/lib/seo/metadata.ts` baked `themeColor` into `defaultMetadata` (legacy Next 14 placement). Every locale page using `createPageMetadata()` therefore triggered `⚠ Unsupported metadata themeColor is configured in metadata export …` on every render in stage logs. Fix: split `themeColor` into a new `defaultViewport: Viewport` export and mount it once at the root layout via `export const viewport`. Next merges viewport across the route tree, so every descendant inherits the brand theme-color without per…

Rebalance Calendar HEAT_STEP_BG so all three metric views read coherently (0.1.149) · 1eef368

The user reported the three Calendar metric views (Commits / Lines / Estimated hours) looked dramatically different — "how can they be so different". Empirical bin-distribution check on the live bundle shows: Commits bin counts → [70 inactive, 18, 3, 2, 2, 1] ← 18 of 26 active days squeezed into step 1 Lines bin counts → [70 inactive, 6, 5, 5, 5, 5] ← spread evenly Hours bin counts → [ 0 inactive, 10, 28, 36, 11, 11] ← dense (backfill) + cap cluster The visual blowout came from **step 1 being too low contrast on d…

Landing universe demo orbs sit inside the card (0.1.148) · 53be916

Root cause: the six orbit dots in `HowItWorks → Explore Universe` walkthrough card used CSS percentages with negative values (e.g. `top: -31.96%`, `left: -40%`) that placed four of the six dots **outside** the card's rounded boundary. The "legacy polar layout formula" comment in `globals.css` never reconciled with the actual 160 × 160 (sm: 176 × 176) container size, so the dots were drawn at top-left corner positions that escaped the box. Fix at the design-system layer (`globals.css`): rewrite the six `.landing-de…

Guardrail — unprefixed-only routes must not use next-intl Link · 184d086

Architectural follow-up to commit 4844d3df (the `/en/release-notes` href bug). That fix patched the two specific link sites; this test prevents the **pattern** from reappearing anywhere in `src/`. Background: `@/navigation` exports `Link` from `next-intl/navigation`, which transparently prepends the active locale to any relative `href`. That is correct for `[locale]/...` routes but wrong for routes registered in `src/i18n/routing/unprefixed.ts` `UNPREFIXED_ROUTES` that have **no `[locale]/...` twin** (`welcome`, `…

Release-notes footer/build-strip links use plain Next.js Link, no locale prefix (0.1.147) · 4844d3d

The user spotted the rendered href in the landing footer build-strip was `/en/release-notes` (locale-prefixed). The route is registered as **unprefixed** in `src/i18n/routing/unprefixed.ts` `UNPREFIXED_ROUTES` — canonical URL is `/release-notes`, and `/{locale}/release-notes` 308-redirects to it. Root cause: both link sites (`BuildVersionsStrip`, `features/landing/components/Footer`) used `Link` from `@/navigation` (the next-intl-wrapped Link), which transparently prepends the active locale to any relative href — …

Authenticated responsive matrix green; document container-query typography debt (no version bump) · a71d473

Continued the operator loop after the 0.1.146 mobile-responsive matrix commit (9822d502): 1) **Authenticated matrix runs green on stage.** Configured the setup project via `E2E_MERGED_ENV_PATH` (tenant merged env carries `E2E_REGISTRATION_USER_EMAIL`) and ran the full `responsive-auth-viewports.spec.ts` against `https://stage.trueconnection.app`. **5 routes × 4 viewports = 20 cells all passing**: `/{locale}/{you,journey,chats,discovery/list,profile}` at 320, 375, 768, 1280 widths. Every cell now also asserts the n…

Test(e2e),fix(web): mobile responsive design matrix + fixes a real /release-notes 320px overflow (0.1.146) · 9822d50

The user asked for Playwright design tests that **prove** the pages are mobile-responsive, not just trust that the design-system tokens exist. Built on the existing harness (`assertNoExcessHorizontalScroll` + `buildResponsiveViewportPresetList`) — no new infra, just three extensions and one new helper: 1) **New helper `assert_primary_nav_reachable.ts`** — measures every bottom-nav tab's bounding rect against the nav's own width and against the WCAG 2.5.5 Target Size (Enhanced) ≥ 44 × 44 CSS px minimum. Catches exa…

Doc + KB sweep + fix OpenAPI ProfilePublic security test (no version bump, no runtime change) · e6c307c

Sweep findings from the operator loop, no new runtime code: 1) **`docs/release-notes-commits.md` was on schema v3.** The Activity tab model had since moved to v4 (totals decomposition into evidenced + backfilled, plus `activeDays`) and gained the GitHub-style calendar axes. Refresh the schema-version line, append the v4 history entry, and bump the Calendar bullet to mention the month strip + Mon/Wed/Fri axis + quantile-on-distinct binning. 2) **`tests/atomic/security/openapi-profile-public-no-platform-role.test.ts…

Silence NextAuth debug log noise on stage + tighten layout guardrail (0.1.145) · 77973d1

Two operator-loop sweep findings, both real: 1) **Stage logs were full of `❌ [auth] NextAuth CLIENT_FETCH_ERROR`** on every SPA navigation. Root cause: `NEXTAUTH_DEBUG=true` was set in `app-pipeline/app-tenant/tenants/ifeoma-tc/config/.../tc/.env.stage`, but the inline doc on `nextauth_logger.ts` is explicit that this flag is for **dev-only active debugging** ("set in `.env.dev` only when actively debugging authentication flows"). With it on, our `logAuthDebug` wrapper escalated NextAuth's transient SPA-abort `CLI…

Two responsive bugs surfaced together: · 433de48

1) **Bottom AppNav** required horizontal swipe on iPhone-sized widths. Each tab carried `min-w-[3.5rem]` plus `flex-nowrap` and the row wrapped a horizontal-scroll fallback (`overflow-x-auto`). At 320– 375 px viewports, 6 items × 56 px > viewport, so the user had to scroll the primary navigation to reach Admin/Logout — anti-pattern for a mobile bottom bar. Fix: drop `min-w-[3.5rem]`, set `flex-1 min-w-0` on every tab so flexbox distributes them evenly across whatever width the viewport gives. The row class loses `…

Calendar grid was floating in ~25 % of the card width with no temporal context: a reader couldn't tell which column was January vs April or which row was Monday vs Sunday. · 2b0b04e

Calendar grid was floating in ~25 % of the card width with no temporal context: a reader couldn't tell which column was January vs April or which row was Monday vs Sunday. The card looked half-broken because nothing labelled the axes the eye expects on a contribution heatmap. Add the standard GitHub-style axes: * **Month strip** above the grid — one short month label per first week-column that touches a new calendar month, computed by `buildMonthSegments` over the chunked weeks (skips leading padding so Jan-19-Mon…

Per operator request: on first open, every section card except Calendar is collapsed. · d19f406

Per operator request: on first open, every section card except Calendar is collapsed. Calendar stays default-open because it's the headline visual. The other five sections (Cumulative estimated hours, Weekly summary, Per-commit weight, Daily table, When commits land UTC) now default to closed — readers expand only what they want. User can still open everything; the chevron in each card header rotates to indicate state. State is per-card via the native <details> element, no extra JS state needed. Stage 0.1.141 veri…

Define brand-violet Tailwind v4 color tokens — fixes silent transparency across admin debug, chat, journey, release-notes (0.1.140) · ebfbc1c

Project-wide latent bug uncovered by the release-notes Activity v7 work (commit 3effdf63). The Tailwind v4 `@theme inline` block in `src/app/globals.css` historically defined the brand violet **only as the raw CSS variable** `--brand-violet-rgb` (under `:root`), never as `--color-brand-violet*` theme tokens. As a consequence every utility class of the form `bg-brand-violet-muted/N`, `text-brand-violet`, `bg-brand-violet-subtle`, `text-brand-violet-strong` resolved to *no CSS at all* and every consumer rendered tra…

Release-notes Activity v7 — actually visible heatmap gradient + Fewer→More legend (0.1.139) · 3effdf6

Real root cause of the "calendar shows only the brightest cell, no gradient" complaint: the project's Tailwind v4 theme exposes the brand violet only as the **CSS variable** `--brand-violet-rgb` (see `app/globals.css`), **not** as a `--color-brand-violet-muted` token. Classes like `bg-brand-violet-muted/45` therefore generated **no CSS at all** — the heatmap cells, weekly bars, and per-commit bars were rendering with a transparent background and what looked like a faint violet tint was just the glass-panel substra…

Release-notes Activity v6 — split totals into evidenced + backfilled (0.1.138) · 2147048

Reader couldn't tell which part of `estimatedHours` was Git evidence and which part was the model's backfill assumption. The "Days with commits" KPI also conflated two different questions ("how often did I commit?" vs "how often did I work?") into one number, while the more useful "days the model attributes any work to" was hidden in the byDay array. Model — schema v3 → v4 (no shim): * `totals.evidencedHours` — only the per-commit churn + interval spread; the "this much is observed" part of the bundle. * `totals.b…

Refresh maintainer doc + KB for churn_interval_v2 / schema v3 · 4aacc94

`docs/release-notes-commits.md` was still describing the original `churn_interval_v1` model and `schemaVersion: 2`. Refresh: - Document the four ordered steps the model now runs (per-commit hours, interval spread, weekday/weekend backfill split with the 4 h / 8 h defaults, daily ceiling `maxDayHours`). - Note the self-explainable identity: pure no-commit weeks land at exactly 36 h (5 weekdays × 4 + 2 weekend days × 8) with the defaults. - Bump the schema-versioning section to `3` and add a short v1→v2→v3 history. …

Release-notes Activity v5 — split past-workday backfill into weekday vs weekend (0.1.137) · e794ec9

Real-world cadence reported by the operator: weekdays vary 2-6 h with the occasional zero day, weekends typically go in as a focused full-day block. The previous uniform 6.4 h/day backfill flattened that pattern. Replace the single `pastWorkdayHoursPerDay` parameter with two: - `pastWeekdayHoursPerDay` default 4 h (Mon-Fri, midpoint of 2-6 band) - `pastWeekendHoursPerDay` default 8 h (Sat-Sun, "the whole weekend") Weekday detection is in **UTC** (`Date.getUTCDay()`) to keep the model deterministic regardless of wh…

Release-notes Activity v4 — sane day cap + log-scaled weekly bars + KPI label (0.1.136) · 39f0bed

Three remaining root-cause issues from the previous sweep, fixed in one pass: 1. Daily and weekly totals were physically impossible. The model summed per-commit hours unboundedly per day; a 150-commit day produced 50+ h of work because each commit contributed `log(2)` plus the per-commit floor. Apr 20 week peaked at 979 h (= 140 h/day across 7 days). Add `maxDayHours` parameter (default 16 h) to the analytics model and apply it as a hard ceiling on each day's `estimatedHours` after every additive contribution (per…

Release-notes Activity v3 — visible past activity, per-commit churn (0.1.135) · cfa0381

Two visualization regressions exposed real flaws in the v2 scaling: 1. Calendar Commits view hid Jan/Feb singletons. The previous `log(value)/log(max)` scale put a 1-commit day at step 1 (~14 % of the visible range), painting it as nearly empty against a 150-commit Apr peak. Replace with a quantile bin over the **distinct** non-zero magnitudes so each step lands on a different commit-count tier (1 → 7 → 53 → 84 → 150), and lift step 1 from /30 to /45 opacity so a single commit still reads as activity on dark glass…

Pin release-notes date formatting to UTC to remove hydration mismatch (0.1.133) · 2eaf49c

`formatEntryDate` (used by the Notes list inside the client island) and `formatBundleLastUpdated` previously inherited the host timezone. SSR runs in UTC and the browser typically does not, so any commit timestamp near midnight UTC formatted to a different calendar day on each side of the boundary — triggering React error #418 (text-content hydration mismatch) on `/release-notes`, and inconsistencies between the Notes date and the heatmap / daily-table day key (which already pin UTC). Both helpers now pass `timeZo…

Release-notes Activity v2 — collapsible cards, magnitude tinting, past-workday backfill (0.1.132) · acde26f

Algorithm (`churn_interval_v2`): Add a documented past-workday backfill so historical commit-less days that fell **strictly before** `pastWorkdayBackfillCutoffDay` (default 2026-04-13) receive an extra `pastWorkdayHoursPerDay` (default 6.4 h ≈ 0.8 × 8 h work-day) on top of the existing churn-interval spread. Days at/after the cutoff stay purely commit-driven now that day-by-day reporting is in place. Set `pastWorkdayHoursPerDay: 0` to disable. UI: Each Activity section is now a brand-styled collapsible card (`<det…

Release-notes Activity tab + estimated hours analytics (0.1.131) · 608b364

Compose `/release-notes` as a feature submodule: `src/features/release-notes/{model,schema,ui}` with strict Zod validation, pure analytics builder, and a client island that renders calendar heatmap, cumulative estimated-hours line, weekly bars, per-commit weight bars, daily table, and an optional UTC punch-card. The `?view=activity` deep link is honoured; clicking back to Notes clears the query without a router round-trip. The prebuild generator (`scripts/generate-release-notes-data.ts`) parses `git log --numstat`…

Gitignore WIP features/release-notes; bump 0.1.128 · 085aa5f

- Prevent partial local trees from breaking Fleet/remote next build; refresh release-notes.generated.json for new semver. - No functional app code change beyond version metadata.

Sync release notes JSON (664f0dd0 entry, fleet pre-rebuild) · ecc043d

- Regenerate from git log after e2e/auth gate commit; keep bundle aligned with /release-notes.

Authenticated grounding + You hub smoke; document auth gate spacing · 664f0dd

- Add ui-authenticated spec: after onboarding gate, assert grounding h1, CTA, You heading. - Clarify AUTH_GATE_VIEWPORT_COLUMN: sub-640px lower space is intentional (keyboard). - Web client 0.1.127; regenerate release notes.

Cursor kb, agent rules, and release notes index · f8489d0

- Update app-pipeline .cursor knowledge base (README, fleet diagnostics, discovery universe); root agent-rules-changelog and release-notes-commits.

Profile media, discovery, landing, and contract sync · 57bcd95

- Profile pictures: API integration, settings section, PeerProfilePictureOrOrb, object URL hook, stream selection, chip wrap helper; update cards and headers. - Regenerate OpenAPI client artifacts; drop legacy api-client.ts; sync zod validation; ProfilePicturePublic model and profile API docs. - Discovery: universe WebGL, camera, tooltips, list/profile adapters, types; journey matching-signals card chip layout. - Landing: remove DemoWalkthrough; refresh FAQ, HowItWorks, StickyNav, Footer; i18n overlays and message…

Profile picture pipeline, routes, and discovery mapping · eddaabf

- GridFS storage, authorization, paths, types, and ProfilePictureService; register profile picture routes; wire server and main router. - Map discovery profile payloads; update ConnectionService and tests. - Sync validation zod from contracts; bump backend package version.

OpenAPI and zod for profile picture and profile fields · 4eccf89

- Extend OpenAPI; regenerate generated index and zod-schemas for profile media and related profile payloads.

Tenant env, fleet context, docker-compose, schema mount · 281588d

- Fleet tenant context env behavior; tenant interface and ifeoma-tc package index; docker-compose adjustments. - Remove obsolete container_mount schemas index (schemas generated elsewhere).

- Add repair for mangled single-line .env key concatenation and fleet manager version overlay handling. · f3d4a1b

- Add repair for mangled single-line .env key concatenation and fleet manager version overlay handling. - Extend constants_env; unit tests for both helpers.

Sync release notes after stage 0.1.126 deploy; refresh fleet KB evidence · 4bbeab7

- Fleet tenant-rebuild-web-client refreshed generated JSON (77a2b94 entry, timestamp). - Document ifeoma-tc stage 0.1.126 curl, health suite, and browser cache-bust checks.

Align auth, landing hero, and journey intro layouts for mobile · 77a2b94

- Add AUTH_GATE_VIEWPORT_COLUMN: start on narrow, center from 640px; use on sign-in and auth error with LayoutGrid top. - QuestionPhaseBase intro and ConsentRequestScreen: LayoutGrid top + tighter intro padding. - Hero: top-anchored section with safe-area pt; tighter badge, headline, and orb vertical rhythm. - ErrorScreen: drop h-full centering; min-height + horizontal padding for flex parents. - Reflection empty state: min-height and flex-1 without h-full. - Web client 0.1.126; regenerate release notes.

Tighten journey grounding and You hub responsive spacing · 1ab385f

- Add JOURNEY_SCREEN_LAYOUT (fill vs natural route shells) in layout-brand; export from design-system. - Grounding: use LayoutGrid + flex-none orb row, top safe-area, compact CTA gaps; remove flex-1 stretch that centered the orb in empty space; journey page uses natural shell for grounding only. - You hub: top-align LayoutGrid, reduce section spacing, safe-area padding on orb. - Bump web client to 0.1.125; regenerate release-notes data.

Add TC_FLEET line in .env.stage; refresh release notes · a6a8ed8

Split TC_FLEET_MANAGER_VERSION and TRAEFIK_ACME_CERT_MAIN on separate lines so dotenv and merge-env see TRAEFIK as its own key. Regenerate release-notes.generated.json from the Fleet (git log) pre-build step.

Copyright year via UTC in browser (Footer, web 0.1.115) · 543a8b2

- getUTCFullYear in state + useEffect after mount for client clock - i18n landing.footer.copyrightLine unchanged; prebuild JSON refresh

BuildVersionsStrip placement + KB QA (You hub, settings, stage curl) · 96924fc

- BuildVersionsStrip: single module doc (variants + AppPagesLayoutClient / UserProfileMenu) - KB: signed-in build strip QA, tenant-rebuild-app for backend semver alignment

StickyNav file doc — locale on Hero/Footer only · 4c39006

StickyNav module note + KB evidence for 0.1.114 sticky bar · e423425

Remove language picker from sticky nav (web 0.1.114) · 0321467

- StickyNav: drop PublicLanguagePicker; locale remains in footer and hero - Regenerate release-notes bundle

Stage 0.1.111 vs local 0.1.113 curl evidence (release-notes) · 392281a

Align /release-notes with glass surface + CQ typography tokens · 62d74d5

- Extend LAYOUT_CQ_TYPOGRAPHY with release-notes entry and meta styles - Add PUBLIC_INLINE_LINK; reuse in LoginForm and release-notes - List items use SURFACE_BRAND.glassJourneyPanel (journey/universe glass, not ad-hoc borders) - Bump web-client to 0.1.113 + regenerate release-notes bundle

/release-notes unprefixed URL + pre-0.1.112 curl evidence · fc45f4c

Serve release notes at /release-notes, unprefixed locale via cookie · 6330758

- Add app/release-notes with UnprefixedRouteShell; allowlist in UNPREFIXED_ROUTES - permanentRedirect from /[locale]/release-notes to /release-notes (single canonical path) - introduce resolveUnprefixedRouteLocaleFromCookies for DRY server locale resolution - createPageMetadata pathIsLocaleAgnostic for single-URL SEO canonical - AppProviders: landing document scroll for /release-notes; pathname SSOT when needed - Tests: routing, proxy allowlist, SEO; e2e public viewport path - Docs: application/docs/release-notes-…

Non-(pages) routes used app-layout (100vh + overflow hidden) without an inner overflow-y scroller, so long release-notes content was clipped with no scrollbar. · b67a587

Non-(pages) routes used app-layout (100vh + overflow hidden) without an inner overflow-y scroller, so long release-notes content was clipped with no scrollbar. Treat /{locale}/release-notes as a landing path in AppProviders isLandingPath so html/body get landing data-layout and natural document scroll. See AppProviders.tsx isLandingPath; release-notes page docstring.

Run release-notes generator before app rebuilds (app-pipeline 1.0.2) · f143fc1

tenant-rebuild-web-client and tenant-rebuild-app invoke npm run generate:release-notes in app-source/20_web-client on the operator host before rsync, aligning shipped JSON with a full git clone. Fail fast with a clear error if npm is missing or the script fails. - New module _release_notes_preflight; skip via --skip-release-notes-refresh or TC_FLEET_SKIP_RELEASE_NOTES_REFRESH=1 - Unit tests; KB + README + agent changelog updated

Changelog row for onboarding birth-year E2E + 0.1.100 · c2eed6c

Refresh release-notes.generated.json for 0.1.100 · 93e0ec0

Require onboarding birth-year control (web 0.1.100) · 72f925d

Assert data-testid onboarding-birth-year is visible before submit so mandatory onboarding cannot ship without the calendar birth year field. See isProfileOnboardingComplete and profile API birthYear.

Changelog row for differentiators 0.1.99 KB evidence · ccff037

Stage evidence for differentiators 0.1.99 + release-notes flow · bf33604

Sync release-notes bundle — differentiators 0.1.99 lead · a99f74a

- Expand section subtitle and four cards (values, consent, pace, privacy) - Align with journey: reflection before feed, opt-in steps, no engagement-stack bait - i18n overlays en/d… · 60367fe

- Expand section subtitle and four cards (values, consent, pace, privacy) - Align with journey: reflection before feed, opt-in steps, no engagement-stack bait - i18n overlays en/de/fr/es/ar; module docstring; release-notes bundle

Stage evidence for tenant-rebuild-app backend 0.1.20 parity · f2adac9

- Document build-info 404→200, web 0.1.98, API 0.1.20, public-edge OK - Clarify tenant-rebuild-app vs tenant-rebuild-web-client; agent changelog row

Release-notes list feat testimonial name formatting first · 5d55815

Testimonial names as First L. (0.1.98) · 8b39bd6

- Add formatAttributionNameInitialOnly in displayName utils - Apply in Testimonials for s1–s3; keep full names in messages for translators - Atomic tests; refresh release-notes bundle

Release-notes.generated.json list fd1f8f4d · 8a2398b

Refresh release-notes after bundle lead-entry commit · fd1f8f4

Regenerate from git so /release-notes lists feat(landing) richer demo walkthrough first. · 85e5d25

- Expand section subtitle; add detail paragraph per step (reflection, connection, universe, chat) - Border-accent layout for detail; update message key map and module docstrings -… · a8d0c9d

- Expand section subtitle; add detail paragraph per step (reflection, connection, universe, chat) - Border-accent layout for detail; update message key map and module docstrings - Regenerate release-notes bundle

First entry now includes the chore bundle + KB commit; regenerate was run post-push so git log order matches main. · eb0f361

Sync release notes bundle, bump 0.1.96; KB stage evidence · 4d8e192

- Regenerate release-notes.generated.json so /release-notes lists newest commits - Document ifeoma-tc stage rebuild/health/settle and release-notes workflow in KB - Note in agent-rules changelog

Move build version strip from You hub to settings sheet (0.1.95) · c07b66c

Omit the fixed BuildVersionsStrip on ROUTES.JOURNEY_YOU in AppPagesLayoutClient. Add BuildVersionsStrip variant settings (inline, end of scroll) to UserProfileMenu so web/API semvers show at the bottom of My Settings. Bump web client to 0.1.95 and refresh generated release notes.

Stage evidence for web-client 0.1.94 discovery deploy · 4646109

Record tenant-rebuild-web-client, brief /api/health 404, health and build-info parity, public-edge OK, landing and release-notes probes, signed-in discovery caveat, PACKAGE_INDEX revert.

Make DiscoveryToolbarRow mode segment optional; universe and list routes show only the universe/list switch. · 95480db

Make DiscoveryToolbarRow mode segment optional; universe and list routes show only the universe/list switch. Fixed explore strapline via RevealHeader; deprecate UniverseModeToggle for non-product use. Improve narrow-viewport layout: RevealHeader typography, full-width guide panel with tighter max height, larger tab targets and guide copy sizing. Localize updated toolbar aria labels in all locales. Remove dead DiscoveryPageClient handlers; satisfy lint for universe effect sync.

Stage evidence for web-client 0.1.93 deploy · f963b04

Record tenant-rebuild-web-client, health/build-info parity, public-edge OK, release-notes HTML check, web-client-stage logs, PACKAGE_INDEX revert note, and link to QuestionPhaseBase questions scroll fix.

Question phase scroll height and shell padding (0.1.93) · e686ad6

Remove flex-1 and pb-24 from QuestionPhaseBase questions LayoutGrid. The (pages) main column already grows in the flex tree; flex-1 on the grid forced the question stack to viewport height so users scrolled through empty space below the card. mainPadBottomNav on main already clears the fixed bottom nav — duplicate pb-24 added a second deep inset. Document the invariant in the module docstring.

Stage evidence for web-client 0.1.92 deploy loop · 3d37e12

Record tenant-rebuild-web-client, brief /api/health 404, polling to 200, tenant-live-health public-edge OK, release-notes confirmation, and PACKAGE_INDEX.yaml revert guidance for ifeoma-tc stage.

Replace the native range input with the shared Radix Slider so the thumb and filled track match the 1–10 value. · f9efcab

Replace the native range input with the shared Radix Slider so the thumb and filled track match the 1–10 value. Extend Slider with optional track, range, and thumb class/style hooks for statement-tinted fills. Keep numeric rating buttons in a five-column grid at all breakpoints so the row no longer overflows on md widths. Tighten RatingCard and question shell vertical padding to reduce empty space above the card. Bump web client to 0.1.92 and refresh generated release notes.

Visible newest-first hint + document prebuild pipeline · 16f4e80

The /{locale}/release-notes page already bundles git log via prebuild; add app.releaseNotes.orderHint (en/de/fr/es/ar) under the lead, clarify page and generator docstrings (newest first, oldest last in JSON order), and bump web to 0.1.91 with refreshed release-notes.generated.json.

Tighten QuestionPhaseBase questions chrome spacing · 39d2bb5

Progress, Previous, and Next sat in separate grid rows each with large margins, stacking with LayoutGrid top padding into a tall empty band above the card. Group progress + nav in one space-y-2 chrome block, reduce grid gaps, tighten LayoutGrid top padding (!pt-1/md:!pt-2), and use compact ghost row height (h-9). Bump web-client to 0.1.90; refresh release-notes.generated.json.

Refine QuestionPhaseBase intro layout and CTAs · 6b730cb

Connection (and reflection) intro screens used a plain h1, tight vertical rhythm, and impact lines that read as one dense block. Use LAYOUT_CQ_TYPOGRAPHY.mediumColumnPageTitle, max-w-prose copy, scrollable intro shell with safe-area padding, subtle impact rows, and rect-brand-solid-main for Begin Rating. Bump web-client to 0.1.89; refresh release notes.

Halo-inclusive layout frame for Hero, preview, journey centre · c0a93fc

YouBrandOrbMark’s halo extends past the root box; parents that only sized the sphere (e.g. Hero motion stack with absolute rings) centred rings on the tight box, so the cluster looked shifted. Add YouBrandOrbHaloLayoutFrame (getBrandOrbHaloPadPx) and use it in Hero, UniversePreview, and JourneyConstellation. Bump web-client to 0.1.88; refresh release-notes.generated.json.

Wrap QuestionCard choice labels; i18n question phase chrome · 51b514f

Root cause: flex items default to min-width:auto, so long chip text could not shrink inside grid cells and was clipped together with overflow-hidden and tight rounded-full pills. Use min-w-0 on the chip shell and label, whitespace-normal/break-words, rounded-2xl, h-auto/min-h touch target, and optional single-column grid below 380px. DRY shell classes via reflectionChoiceChipShellClassName; keep overflow-hidden only for the examples-branch overlay. Localize hints, submit/complete CTA, examples toggle, slider defau…

YouBrandOrbMark halo extends past the sphere box with asymmetric gradients, so centring only the tight root shifted the visual cluster. · 6765ce0

YouBrandOrbMark halo extends past the sphere box with asymmetric gradients, so centring only the tight root shifted the visual cluster. Reserve a square of sphere + 2*getBrandOrbHaloPadPx, expand the constellation stage to fit, and split outer translate positioning from inner Framer scale. Move the You label text-shadow into orb-brand (getJourneyConstellationYouLabelTextShadowStyle) using getSrgbBlackRgba and BRAND_VIOLET_RGB. Bump web-client to 0.1.86 and refresh release-notes.generated.json. Add atomic test for …

Glass radar panel aligned with No Rush card · 5fc9110

- Export LANDING_BRAND_VIOLET_FEATURE_CARD_GRADIENT_TAILWIND; reuse in Features and UniversePreview. - Universe preview: rounded-3xl violet glass, card glow, inset ring, subtler rings; drop ambient orb layer. - Tuned demo orb sizes for cross layout; You mark 96px. - Bump web-client to 0.1.85; refresh release-notes data.

Document PublicLanguagePicker retracted centre fix · 472d1e4

Center hero PublicLanguagePicker retracted state · c3b9f80

Remove obsolete translateX peek math (single trigger, no chip row). Use size-11 flex centre so EN stays geometrically centred on mobile and desktop. Bump web-client to 0.1.84; refresh release-notes data.

Stage semver probes, build-info footer, onboarding cache gate · b753817

Sync profile cache before post-submit navigation · 97132bd

Root cause: AppPagesLayoutClient hides the shell when needsOnboarding is true but the path is no longer /onboarding. After POST /api/profile, invalidateQueries refetches asynchronously, so router.replace(/you) could run while the TanStack cache still showed incomplete onboarding — fullscreen redirect appeared stuck. Merge updateProfile response into selfProfileQueryKey before replace and invalidate. Bump web-client to 0.1.83; refresh release-notes data.

Web-client(0.1.82): responsive shell, landing steps, i18n nav, orb layout · b2366a1

- Export pathnameWithoutLeadingLocale for locale-aware AppNav active tabs; add Vitest coverage. - Layout-brand tokens for bottom nav scroll, discovery overlay clearance, chat error shells. - How It Works: five-step journey copy; overlay landing.json for all locales. - Grounding/Hero/orb: fix clipping; softer halo stops; overflow-visible orb mark. - MatchCard, RatingCard, QuestionCard, ConsentRequestScreen, MessagingHeader: responsive stacks and tokens. - Admin panel back link uses ROUTES.LANDING and admin.panel.ba…

Button wraps/shrinks for long labels; You hub grid responsive · 9435ef8

- Base Button: min-w-0, whitespace-normal, text-center, break-words; drop root shrink-0 so grid/flex can constrain width - YouScreen: single column below 420px, full-width buttons, shrink-0 on icons - Bump web-client to 0.1.78; refresh release-notes JSON

Gate sign-in social block behind SHOW_SOCIAL_LOGIN_OPTIONS · 054563a

- Omit divider + OAuth placeholder buttons from DOM when false (default); keep full markup for later - Document flag in LoginForm module docstring; bump web-client to 0.1.77 and refresh release-notes JSON

Back link from sign-in to landing (i18n, 0.1.76) · fcd0f1e

- Add auth.login.backToLanding + server copy; Link to ROUTES.LANDING above card title on both steps - Stable data-testid auth-login-back-to-landing for E2E; refresh release-notes bundle semver

Refresh release-notes.generated.json after release-notes UX · 004db06

Richer release notes with versions, sanitizer, tsx generator · 730c7f3

- Replace mjs generator with tsx script; bundle webClientVersion + apiVersion from package.json - Add sanitizeReleaseNoteText + userSummary/userDetail from commit body; PEM/JWT/Bearer/co-author stripping - Public page: headline + optional detail, collapsible technical block, build version line (test id) - i18n (en/de/fr/es/ar), Vitest atomic tests, web-client 0.1.75; refresh generated JSON - KB: fleet doc references ts generator and build-versions test id

Refresh release-notes bundle after HEAD sync · 0adee76

Sync release-notes.generated.json with HEAD · d8f310a

Refresh release-notes.generated.json (a78fae4a) · f53eaaa

Refresh release-notes.generated.json (580a147a) · a78fae4

Release-notes JSON refresh workflow for Fleet rsync builds · 580a147

Refresh release-notes.generated.json after recent commits · aa1db9b

Agent-rules-changelog for release-notes fleet KB · dfdc65b

Link release-notes route to fleet KB bullet · 0fa41b8

Fleet quick ref for /release-notes deploy checks · c5c22e6

Public /release-notes from Git history + nav links · af57aa8

- Add prebuild script writing src/data/release-notes.generated.json (newest-first git log) - Locale route /release-notes with LayoutGrid, SEO metadata, i18n (en/de/fr/es/ar) + landing overlays - Link from BuildVersionsStrip and landing footer; ROUTES.RELEASE_NOTES + responsive E2E allowlist - Allowlist tracked JSON under web-client (release notes, i18n overlays) in root .gitignore - Bump web-client to 0.1.74

Persist birth year on onboarding and self profile · e5f9be3

- Split OpenAPI ProfilePublicShared vs ProfilePublic so discovery peers omit birthYear - Add birthYear to UpdateProfileRequest; validate UTC calendar range on POST /api/profile - Web: mandatory onboarding + settings + edit form; gate isProfileOnboardingComplete on birthYear - Derive display age from birth year on profile card header (localized) - i18n (en/de/fr/es/ar) and backend errors.profile.birth_year_invalid - Bump web-client to 0.1.73 and backend to 0.1.20; unit tests for policy and onboarding gate

Explicit response body reads + PWA unregister logs · 9a9cc3c

- Add readResponseTextOrThrow for DRY, non-silent Response.text failures. - Use it in features/auth/api (validateIdentifier, registerUser) and downloadServerChatTranscriptExport for !ok bodies. - 413 transcript-export: replace empty JSON catch with ChatTranscriptExportTooLargeError including parse failure context. - PWA dev unregister: console.debug scope + rejection reason. - Web-client 0.1.72; stage rebuild, target-stack-logs --scan (clean), tenant-live-health + landing browser OK.

Surface useAdminData load failures with i18n · 79d6408

- Add profilesLoadError / statsLoadError state (cleared on retry) with admin.useAdminData.* messages in all locale bundles. - Sanitize API error text for ICU {message} placeholders; fix loadAllProfiles log component name (useAdminData). - deleteProfile rethrows the original error after log (no generic wrapper). - Web-client 0.1.71; stage rebuild + health + landing browser verified.

Strict error paths in useAdminData hook · 5a18bed

- checkBackendStatus: log failures with logComponentError before offline. - loadProfileDetails: remove getAnalytics .catch(null); log getAnalytics failures via logError (userId + action); set analyticsRequestFailed on ProfileData when preferences succeeded; rethrow after log on preference errors instead of returning stale profileData. - Document ProfileData.analyticsRequestFailed and hooks README. Web-client 0.1.70; stage rebuild + public-edge health + build-info verified.

Opt-in wide + landscape viewports for responsive matrix · 1f3cb14

- Add responsive_viewport_presets helper (core four + 568x320 + 1920x1080 when E2E_RESPONSIVE_EXTENDED=1); use in public and authenticated responsive viewport specs with stable caseLabel diagnostics. - Document in tests README, design-system README, responsive-audit-matrix §A/C, app-fleet KB, and AGENT_BEHAVIOUR memorize bullets. - Bump web-client to 0.1.69; stage rebuild + public-edge health OK; Playwright extended matrix 8/8 passed on stage.

Define brand-module chat/journey CSS; clear design-system allowlist · f5ec45f

- Add globals.css rules and RGB tokens for journey steps, typing indicator, cooldown panel, and chat bubble brand classes referenced from *-brand.ts. - Align generated-question borders with Tailwind border-2; respect prefers-reduced-motion for typing dots. - Empty KNOWN_UNDEFINED_CLASSES; point test/docs to responsive-audit-matrix. - Bump web-client to 0.1.68; stage rebuild verified (health, build-info, tenant-live-health public-edge, /en/landing snapshot).

- Add PUBLIC_ROUTES for root, unprefixed landing and legacy journey redirect; cookie reset set. · e9ee7e4

- Root readyLocator accepts /welcome, /{locale}/landing, or /{locale} after infra negotiation. - Remove superseded app-shell-layout-viewports.spec.ts; update design-system README + PR template. - responsive-audit-matrix §C/E: E2E cells + ledger + evidence line for stage 0.1.67. Evidence: npm run build:direct, tenant-rebuild-web-client stage, /api/health 0.1.67, responsive-public-viewports 8 passed, tenant-live-health public-edge OK, target-stack-logs --scan OK, browser en/landing Web 0.1.67.

- Extend DISCOVERY_UNIVERSE_VIEW_MESSAGE_KEYS (canvas2dYou, universe3d*, peerTooltipMatchUnavailable). · 3e379c0

- UniverseView3D: useTranslations + layout compatibility for orb match line; remove scanner baseline. - Add discovery-universe-manual-matrix.md; link from responsive-audit-matrix §H + evidence 0.1.66. - Parity strings in de/es/fr/ar. Evidence: build:direct, check:translations, tenant-rebuild-web-client stage, /api/health 0.1.66, responsive-public-viewports 5 passed, tenant-live-health public-edge OK, target-stack-logs --scan clean, browser footer Web 0.1.66.

- Add APP_VIEWPORT.minFull in layout-brand; export from design-system barrel. · b967fe1

- globals: app/landing shells and document app layout use 100dvh vs 100vh. - Wire LoadingScreen (fullscreen/section dvh), FullscreenLoadingContext, PageLayout, auth layout/error, welcome, ResponsiveCard max-heights, global-error. - UniverseView3D: h-full min-h-0 + docstring; dev/docs-graph calc uses dvh. - Docs: design-system README + responsive-audit-matrix evidence for stage 0.1.65. - Refresh localized UI baseline line keys after UniverseView3D edits. Validated: npm run build:direct, check:translations, tenant-r…

0.1.64 APP_SHELL_SCROLL deploy + E2E settle note · 3b76a3b

APP_SHELL_SCROLL for AppNav + main safe-area · f7e2fcf

- Add APP_SHELL_SCROLL tokens (mainPadBottomNav, mainPadOnboardingNoNav, bottomNavSafeArea). - Wire (pages) main, AppNav inner/fallback, AdminPanel scroll shell; document in README + globals + fleet KB. - Bump to 0.1.64; matrix evidence (device inset spot-check noted).

Complete 0.1.63 CQ typography deploy evidence · ecb1144

Extend LAYOUT_CQ_TYPOGRAPHY to chats, connections, onboarding · 3727a49

- Rename analytics page tokens to mediumColumnPageTitle/Subtitle (shared shell headings). - Add onboardingPageTitle/Lead with tc-layout md steps; wire Chats, Connections, Analytics, onboarding. - Bump to 0.1.63; refresh design-system README, fleet KB, responsive matrix evidence.

LAYOUT_CQ_TYPOGRAPHY + tc-layout column guidance · a081958

Tighten 0.1.62 CQ typography evidence · 8085d3f

LAYOUT_CQ_TYPOGRAPHY for tc-layout column titles · e6c0ad8

- Add LAYOUT_GRID_QUERY_NAME + LAYOUT_CQ_TYPOGRAPHY bundles in layout-brand (exported via design-system). - Apply to You hub, Analytics, Discovery list headings; drop redundant @container on Discovery LayoutGrid shells. - Document in LayoutGrid + design-system README; bump to 0.1.62; matrix evidence note.

Fluid clamp+cqi hero typography (gap 21) · cd71e18

- Add FLUID_TYPE_LANDING_HERO tokens and globals.css display/lead classes (cqi to landing-hero). - Wire Hero h1 and subtitle via cn(); document in typography.ts and design-system README. - Bump web-client to 0.1.61; record stage evidence in responsive-audit-matrix.

Note 5-pass Playwright after edge settle (0.1.60) · 68a5eb2

Post-rebuild Playwright flake + JSDoc */ pitfall · 92c8cee

Document welcome gate timeout during Traefik settle and block-comment */ termination.

Stage evidence for web-client 0.1.60 CQ pilot · 1794e23

Record Playwright welcome flake during Traefik settle and browser check of en/landing.

Container-query pilot on LayoutGrid and landing Hero · 8bb5889

- Name inner LayoutGrid wrapper @container/tc-layout for @sm/md/tc-layout density. - Scope landing Hero typography to @container/landing-hero (CQ type steps). - Document Phase 4 CQ pilot in design-system README. - Fix Hero JSDoc: avoid */ sequence inside block comment (Turbopack parse). - Bump 20_web-client to 0.1.60.

§C ledger + manual backlog; fix connections E2E claim · b7169a0

- Clarify E2E vs manual (568×320, wide, zoom); add §C.1 Playwright ledger + §C.2 checklist. - Connections not in responsive-auth-viewports — table corrected; drop duplicate landing row. - design-system README: pointer to §C.1 / §C.2.

Stamp 0.1.59 + responsive-auth-viewports 6 passed (profile row) · 6321b50

- Profile page: min-w-0 column shell; stack heading+CTAs below sm; full-width stacked CTAs with whitespace-normal on xs for long labels. · d7ef74e

- Profile page: min-w-0 column shell; stack heading+CTAs below sm; full-width stacked CTAs with whitespace-normal on xs for long labels. - Bump web-client to 0.1.59. - Matrix §C/§E: profile in E2E; evidence paragraph keeps 2026-04-22 counts + post-0.1.59 note.

Add §K shared src/components inventory (129 tsx) · 55d520c

- Per-folder counts + primitives thematic groups; note ~122 was estimate. - Sync design-system README responsive-audit pointer to §I–§K.

Add §J profile / matching / ratings inventory · d026a57

- Counts: 2 App Router tsx (profile) + 30 feature tsx (27+1+2); grouped tables. - Document matching/ratings as widgets (journey + admin consumers). - §C: dedicated /profile row; §E: note profile omitted from responsive-auth-viewports.

Add §I inventory for connections, journey, landing · 0cc9a49

- Mechanical tables: 7 App Router tsx + 34 feature tsx (6+12+16) with evidence date. - §C: split connections/landing rows; cross-link §I for manual focus. - §D: Fleet commands use app-tenant path and PYTHONPATH=.

Set tsconfig rootDir for TS 6.8 Docker build; bump 0.1.19 · 5da4263

- TS5011 blocked tenant-rebuild-app until rootDir aligned with include src/. - Bump backend package to 0.1.19 (deployed with journey + error-handling work). - Update responsive-audit-matrix §E evidence and Fleet KB (TS5011 operator note).

Classify BFF invalid-path 400 as ApiError; journey 403 clarity · 1b718b0

- Export BFF_INVALID_API_PATH_MESSAGE from api-route-classification (DRY with bff-api-proxy). - Map HTTP 400 with that message to ApiError so logs use [api] not [validation]. - Journey reflection: structured warn log on subject mismatch; explicit 403 message. - Bump web-client to 0.1.58 and backend to 0.1.18; document README mapping; add tests.

§H discovery inventory (3 app + 25 feature TSX) · f5f2eb0

- §H: list vs universe vs WebGL grouping; §C cross-links - README: §H pointer; web-client 0.1.57; Fleet stage rebuild → health 0.1.57

§G chat inventory (25 feature TSX) + stage 0.1.56 · 3b25f3d

- §G: App Router chats + features/chat component/modal map for §C - §C chats row: manual modal/toolbar note; §E evidence: health semver sync - design-system README: §G pointer; web-client 0.1.56; Fleet rebuild verified edge

- §F: ADMIN_SECTION_CONFIG table (incl. · b9e665f

debug tab ↔ global debug stack) - §C: split analytics row; §E: app-main-nav-all-tabs stage pass + debug pointer - design-system README: reference §F; bump web-client to 0.1.55 (redeploy stage to match)

Stage E2E evidence + post-rebuild /api/health 404 blip (Fleet KB) · 43e675d

- Matrix §E: ifeoma-tc stage Playwright results and storageState cookie evidence - app-fleet-cli-commands: poll health after web-client rebuild (transient 404)

Sync §A welcome URL, §E storageState contract, ops semver note · 89db641

- Clarify welcome lives at unprefixed /welcome only - Document that shell smoke no longer signs out before storageState export - Note health/footer semver vs rebuild in intro and §D checklist

Keep session for Playwright storageState after shell smoke · f337dcb

exerciseAppBottomNavFromJourney ended with logoutViaAppBottomNav, which cleared NextAuth cookies before authenticated-session.setup wrote storageState — dependent ui-authenticated specs then saw sign-in. Remove the implicit sign-out; document that callers must logout explicitly when needed. Add assertNextAuthSessionCookiePresentForE2eExport before export as a hard guard. Harden responsive-auth-viewports with onboarding gate and longer describe timeout. Bump web-client to 0.1.54.

- §C: rows for unprefixed /landing smoke, authenticated (pages) overflow routes, opt-in universe spec, manual remainder. · 0496cc1

- §C: rows for unprefixed /landing smoke, authenticated (pages) overflow routes, opt-in universe spec, manual remainder. - §E: coverage table (spec → project → paths) + ui-authenticated merge-env prerequisite. - Evidence: responsive-public-viewports + app-shell-layout-viewports (6 passed on stage); tenant-live-health public-edge OK; ui-authenticated fails without E2E_REGISTRATION_USER_EMAIL.

Add responsive audit matrix; link from design-system README · 6d3f8e8

- New app-source/docs/02_web-client/responsive-audit-matrix.md: 27 App Router page.tsx inventory, 7 PageClient shells, §C viewport placeholders, stage ops checklist. - design-system README: point manual sheet to committed path (root .cursor/plans is gitignored). - E2E spec comment: public landing shell wording (neutral phrasing). - Evidence: Playwright responsive-public-viewports on stage (5 passed); tenant-live-health public-edge OK.

Replace marketing surface names with landing; tidy demo step access · c38b136

- Rename BRAND_ORB_AMBIENT_MARKETING_LAYERS to BRAND_ORB_AMBIENT_LANDING_LAYERS; BrandOrbSectionAmbient variant marketing -> landing (default unchanged for dev templates). - BuildVersionsStrip variant marketing -> landing; update Footer call site. - DemoWalkthrough: drop redundant assertArrayAccess; modulo guarantees bounded index. - Debug logs: stable event keys (sticky_nav.active_section, cta_section.early_access_submit). - Docstrings: neutral public-landing wording across landing components and orb-brand. - KB:…

Resolve buildVersions keys in AST audit; localize format strings · cae9aab

- Treat useTranslations() like getTranslations() in extractMessageKeysFromTs so messageKeysReferencedInSource resolves app.buildVersions.* paths. - Differentiate de/fr/es/ar line and apiUnavailable from en (typography). - Bump web-client to 0.1.51.

CTASection violet radial via globals.css class · f34fe37

- Add .landing-cta-section-brand-violet-radial using --brand-violet-rgb - Remove inline style from CTASection; document parity in landing-marketing-brand - Bump web-client to 0.1.50

CTASection violet radial via globals.css class · 71158d2

- Add .landing-cta-section-brand-violet-radial using --brand-violet-rgb - Document parity with getLandingCtaSectionBrandVioletRadialStyle; bump web-client 0.1.50

Split §10 annex, tighten globs, KB hygiene tooling · aacc0ed

- Move validation/testing §10 to AGENT-BEHAVIOUR-ANNEX-VALIDATION.mdc (glob-scoped); shorten pipeline rule description - Scope ROOT_CAUSE_FIX, TEST-DETERMINISM, PYTHON-PACKAGE-API, ZITADEL-CLEAN-RESET with globs; reduce stacked always-on rules - Add ACCESSIBILITY_PRODUCT.mdc, repo AGENTS.md, docs/agent-rules-changelog.md, tools/check_kb_rule_links.py - Fix broken relative KB links; point 502 deep refs at NEXT_FASTIFY_TRAEFIK_ARCHITECTURE - Extend rules-and-knowledge-base with recipe, stop/evidence guidance; tenant…

Rename landing accent API (drop marketing prefix) · 20dff25

- landing-marketing-accent-chrome → landing-accent-chrome - getLandingAccentCssVars, LANDING_ACCENT_*_VAR, --landing-accent-* - globals classes landing-accent-*; bump web-client 0.1.49

Marketing accent CSS vars + globals chrome · 3d5e999

- Add getLandingMarketingHexAccentCssVars and documented --landing-marketing-accent-* tokens - Move PlatformBadges, pricing, features, how-it-works, demo walkthrough, universe preview, sticky nav surfaces to globals.css (remove imperative nav hover mutations) - Bump web-client to 0.1.48; extend design-system README

Hero orb rings and badge via CSS vars + globals · dba0f4b

- Add getLandingHeroOrbDecorativeRingCssVars and ring CSS classes in globals.css - Premium badge bloom uses --brand-violet-rgb (landing-hero-premium-badge-shell) - Bump web-client to 0.1.47; document in design-system README

Cosmic background via globals.css class · d504db1

Move LandingPage full-viewport marketing wash to `.landing-page-cosmic-fixed-bg` for DRY tokens and fewer inline styles. Document in design-system README. Bump web-client to 0.1.46.

Consolidate loop rules, track KB, tenant compose playbook · 3f26d08

- Slim CONTINUOUS-DEV-LOOP to pointers + loop handoff phrases; fix relative paths - Extend AGENT_BEHAVIOUR (root, app-source, app-pipeline) for responsive UX, tenant secrets via merge-env, KB navigation row - Add tenant-env-compose-contract KB and index README row - Un-ignore .cursor/kb/*.md so operational playbooks version with the repo

Footer build versions strip (web + API semver) · 6c9e12a

Add GET /api/build-info (Node) aggregating WEB_CLIENT_APP_VERSION and INTERNAL_API_URL /api/health when available. Mount BuildVersionsStrip in (pages) shell, admin panel, and landing footer; exclude /api/build-info from BFF proxy. Localized app.buildVersions.* in all locale bundles. Bump web-client to 0.1.45.

Responsive audit E2E, landing 320 overflow, stage 0.1.44 · f78a69f

- Extend public viewport spec with /auth and /auth/error; fix /welcome gate (clear cookies, welcome-language-gate testid, i18n for title/body). - Clip landing document horizontal bleed (globals landing layout + LandingPage min-w-0) and break long hero headlines; fixes WCAG reflow measure at 320px. - Add opt-in WebGL resize spec (E2E_RESPONSIVE_UNIVERSE=1) for /discovery universe. - Atomic guardrail: disallow arbitrary max-w-[…] under src/app outside allowlist. - Bump web-client to 0.1.44; docs in design-system REA…

Bump actions to Node-24 runtime (checkout/setup-node v6, setup-python v6) · 9c375e2

Prep for GitHub Actions Node 20 deprecation (forced Node 24 default starting Jun 2 2026; Node 20 removed Sep 16 2026 per the GitHub Changelog). ## Research-grounded version picks (2026-04-22) - actions/checkout@v4 → @v6 (v5 and v6 both on Node 24; v6.0.2 is the latest stable; v5 was the Node-24 jump) - actions/setup-node@v4 → @v6 (v6.4.0 is the latest stable; upgrades cache + checkout internals) - actions/setup-python@v5 → @v6 (v6 released Sep 2025 with Node 24 runtime) All three v6 releases require GitHub Actions…

Atomic guard prevents undefined CSS class regressions · 466fff3

Prevents the 'landing-trust-badge-icon-shell' class of bug from recurring: brand-module constants declaring CSS class names that never get a matching rule in globals.css, silently no-op-ing at runtime. ## Design - Opt-in scope list (CSS_CLASS_BRAND_MODULES) — only scans brand modules that actually export CSS class name strings. button-brand.ts (preset IDs), layout-brand.ts (Tailwind utilities), color-brand.ts (palette helpers), etc. are deliberately out of scope because their exported strings are not CSS class ref…

Define --brand-violet-rgb + fix button-shimmer class typo · 544fdbb

Extends the earlier landing-trust-badge-icon-shell fix with two more latent design-system bugs surfaced by a repo-wide scan for CSS classes that are referenced from .tsx but never defined in globals.css. ## Fix 1: --brand-violet-rgb missing from :root The palette module (src/design-system/theme/palette.ts) declares: { cssVar: '--brand-violet-rgb', role: 'Brand violet (r g b triplet for alpha compositing)', category: 'brand', lightValue: '167 139 250', // Tailwind violet-400 } That variable is referenced as rgb(var…

Define missing .landing-trust-badge-icon-shell so icons render white · 49ce8c0

Root cause: TrustIndicators.tsx (Shield/Eye/Ban/Smartphone badges on the 'Built on trust and transparency' section) and Testimonials.tsx (Quote badge) both apply .landing-trust-badge-icon-shell + a --sky/--brandViolet/--pink/ --emerald colour modifier, but those classes were never defined anywhere in globals.css or any other CSS file. That made the shell a no-op — the icons inherited currentColor from the document cascade (dark) and the tinted well visible in the design tokens never rendered. Fix: add the missing …

Reverses the earlier nodemailer 8 → 7 downgrade that was intended to fix the CI npm-install peer-dep warning but inadvertently re-exposed two CVEs fixed only in nodemailer 8.0.5: · 1370a4e

Reverses the earlier nodemailer 8 → 7 downgrade that was intended to fix the CI npm-install peer-dep warning but inadvertently re-exposed two CVEs fixed only in nodemailer 8.0.5: - SMTP command injection via unsanitised envelope.size (low) - CRLF in transport name option (moderate) Root cause: next-auth@4.24.14 declares peerOptional nodemailer@^7.0.7; that range predates the 2024+ nodemailer-8 CVE fixes and is effectively stale. The only API touched in this repo is createTransport (single call in src/lib/auth/next…

Bump typescript 5 → 6 across web-client + backend + sim-worker · 4481d76

Major bump 10/10 (final). TypeScript 6 promotes two deprecations from warning to error (aka.ms/ts6) — fixed properly, not suppressed via ignoreDeprecations. ## Fixes applied (no escape-hatch 'ignoreDeprecations') ### app-source/10_backend/tsconfig.json - 'moduleResolution: "node"' (aka node10) → 'nodenext' node10 is slated for removal in TS 7. nodenext aligns the resolver with Node.js's own ESM/CJS resolution semantics and is the recommended modern default for ESM-emitting Node services (matches the existing 'type…

Bump vitest 3 → 4 across web-client + backend + simulation-worker · b2f9d3d

Major bump 8/10. Cross-cutting test-runner upgrade on all three Node packages that use vitest. No @vitest/* companion packages in use, so only the main 'vitest' entry bumped. ## Breaking change encountered + fix vitest 4 tightened constructor-call semantics on vi.fn() mocks: vi.fn().mockImplementation(() => ({...})) is no longer callable with new. One test in the repo used this pattern (the only occurrence found by a repo-wide grep): tests/routes/push-subscriptions-rate-limit.test.ts Migrated to the vitest 4 offic…

Bump i18next 23 → 26 (backend, 3 majors) · c470805

Major bump 7/10. Triple-major jump; plugin-interface and public API (init/t/exists/getFixedT) stable across v23 → v26 — no code changes needed. Dependency alignment: - i18next-fs-backend @ 2.6.4 (already latest) compatible with i18next 26 via the stable plugin protocol (.use(Backend) + loadPath option signature). Backend usage (4 imports): src/i18n.ts (plugin init + getTranslations*), src/services/{MatchPushDispatcher,ChatPushDispatcher,AdminSelfTestPushService}.ts (typed translator access via i18next.getFixedT). …

Bump intl-messageformat 10 → 11 (web-client) · 84c976c

Major bump 6/10. One direct import in tests/atomic/admin/runDualBankSeed.test.ts (default IntlMessageFormat export). v11 keeps the default-export API stable; no code changes required. - tsc --noEmit → clean - Target test (runDualBankSeed, 3 tests) → all pass - vitest atomic → 935/950 pass (same pre-existing env-dep failures) - npm install → dedupe net -10 packages

Bump @formatjs/intl-localematcher 0.5 → 0.8 (web-client) · 1b28648

Major bump 5/10. Single import (match() in src/proxy.ts); API stable across 0.5 → 0.8. Bonus: next-intl already internally resolves ^0.8.1 so aligning our direct dep deduplicates the dependency graph (net -1 package). - tsc --noEmit → clean - vitest atomic → 935/950 pass (same pre-existing env-dep failures) - npm install → clean (added 1, removed 2, changed 1 via dedupe)

Bump lucide-react 0.562 → 1.8 + migrate removed brand icons · ad298b4

Major bump 4/10. Lucide 1.x removed brand logos (Twitter/X, LinkedIn, GitHub) for trademark reasons — official migration guidance is semantic-alternative icons or a brand-specific library. Fix applied: Footer.tsx now uses semantic lucide icons. Platform identity is preserved for assistive technology via the existing localised aria-labels (landing.footer.socialTwitter / Linkedin / Github), so screen readers still announce the concrete platform. - Twitter/X → AtSign (universal social-handle symbol @) - LinkedIn → Br…

Bump undici 7 → 8 (web-client test helpers) · 997b558

Major bump 3/10. Used only in test helpers for Agent + request API (stable across v7/v8). Six imports under tests/atomic/helpers/ and tests/e2e/helpers/. - tsc --noEmit → clean - vitest atomic → 935/950 pass (same pre-existing env-dep failures) - npm install → clean

Bump chokidar 4 → 5 (web-client dev watcher) · 395084d

Major bump 2/10. Dev-only (scripts/dev-watch-sync.mjs), zero prod impact. - Single import: scripts/dev-watch-sync.mjs (dev server file watcher) - chokidar 5 .watch()/.close() API identical to v4 for our use case - tsc --noEmit → clean - Runtime smoke: import chokidar; watch('.'); await close() → OK - npm install → clean

Bump @types/node 24 → 25 (web-client) · ce82a41

Major bump 1/10 from deferred list. Type-only, zero runtime impact. - tsc --noEmit -p tsconfig.json → clean - vitest atomic → 935/950 pass (same 15 pre-existing env-dep failures) - npm install → clean resolution, no --legacy-peer-deps

Package dep sweep — fix CI peer-dep blocker + safe patch/minor bumps · 24e1864

Resolves the pre-existing CI blocker (web-client `npm install` failing on nodemailer@^8 vs next-auth@^4.24.14's `peerOptional nodemailer@^7.0.7`) and applies safe patch/minor bumps where evidence justified them. ## Fix: nodemailer peer-dep conflict (web-client CI blocker) - app-source/20_web-client/package.json - nodemailer: ^8.0.5 → ^7.0.13 Scope of nodemailer use in web-client: a single `createTransport` call in `src/lib/auth/nextauth/providers/build_email_provider.ts` for the SMTP magic-link transport. That API…

Bump all module versions (patch) · faae7bf

Patch-bumps every versioned module in the monorepo so the deployed build can be unambiguously identified via the web-client ``GET /api/health`` response (``WEB_CLIENT_APP_VERSION``, inlined from package.json at build time) and via each Python package's ``pyproject.toml`` version field. Node packages: - app-source/10_backend 0.1.16 → 0.1.17 - app-source/20_web-client 0.1.40 → 0.1.41 - app-source/simulation-worker 0.1.0 → 0.1.1 - app-pipeline/app-build/container_mount 0.1.0 → 0.1.1 Python packages: - app-pipeline 1.…

Phase 2b authenticated viewport overflow via storageState setup · 1f09032

Lands the Playwright scaffolding the responsive-audit plan calls out as "near-term priority after first green loop" so the authenticated viewport matrix can grow to cover every (pages) route without paying the ~15 min magic-link cost per test. Single primary intent: Phase 2b authenticated overflow coverage — no product code changes, no regression fixes. - tests/e2e/helpers/authenticated_storage_state.ts: single source of truth for the storageState path (tests/.auth/authenticated-session.storage-state.json). Both t…

Versions the three-step Fleet sequence that was previously only in chat, so the remaining live-operator work for the 0.1.40 web-client bump and the P4 Login v2 dev/prod rollout is… · 41b4408

Versions the three-step Fleet sequence that was previously only in chat, so the remaining live-operator work for the 0.1.40 web-client bump and the P4 Login v2 dev/prod rollout is discoverable in-repo: 1. tenant-rebuild-web-client --profile stage (ships 0.1.40 breadcrumbs) 2. app-infra-start-services --service zitadel-login-v2 for dev + prod 3. tenant-live-health --suite full-stack (confirm stage) Flag table verified against this commit of app-fleet/cli.py (see `_add_infra_args`, `tenant-rebuild-web-client` subpar…

Scaffold responsive-audit Phase 1-2a + PR checklist · 96fb09d

Lands the non-blocking, evidence-free scaffolding from the responsive-audit plan so subsequent phases (manual matrix, authenticated overflow, strict cleanup) can cite concrete in-repo paths and a shared overflow helper rather than inline duplicates. Per the plan's one-primary-intent rule this PR is scope-bounded to scaffolding only — no feature-code edits, no fix-regressions. - .github/pull_request_template.md: four-checkbox responsive / strict-refactor review checklist (LAYOUT_BRAND tokens, no silent catch, i18n+…

Admin-debug i18n coverage + usePushNotifications scope · 4bbe6bc

Three changes, one thread (P5 parity sweep): 1. adminDebugMessageKeys.ts: extend ADMIN_DEBUG_MESSAGE_KEYS_FLAT with the 8 ``admin.debug.webPushSelfTest.*`` keys actually rendered by DebugSettingsTab. The atomic test ``tests/atomic/i18n/adminDebugMessagesStaticData.test.ts`` now covers those keys against every locale bundle, closing a latent gap where a translator dropping one of them would only fail at runtime. 2. DebugSettingsTab.tsx: remove the 44-line CATEGORY_DEFAULTS constant. It was a dead English map that w…

Tenant-env-secret-guard pre-commit hook · f8e29e0

Refuse commits that stage a merged .env.<mode> whose index diff adds a non-empty sensitive secret (ZITADEL_CLIENT_SECRET, ZITADEL_ADMIN_PASSWORD, NEXTAUTH_SECRET, VAPID_PRIVATE_KEY, MONGO_*PASSWORD, HARBOR_ADMIN_PASSWORD, INTERNAL_API_SECRET, BREVO_API_KEY, BREVO_SMTP_PASSWORD, CF_DNS_API_TOKEN, COOKIE_SECRET). Removing a secret or blanking a placeholder is not a leak and is intentionally allowed. Scope: - common/env_secret_guard.py: pure scanning library (DRY; reusable from CI, editor plugins, etc.). DEFAULT_SENS…

Remove ghost tenants; rename unit-delegation → test-unit-delegation · 4e3c31d

The repository carried several tenant trees that were not created by any active Fleet code path and that ``fleet list-tenants`` mostly ignored: - ``app-tenant/tenants/ifeoma-dev/`` — config-only ghost, no manifest/state. - ``app-tenant/tenants/ifeoma-dev-fullstack-20260406-101646-804754/`` — disposable full-stack snapshot never auto-cleaned. - ``app-tenant/tenants/ifeoma-stage/`` — config + README, no manifest. - ``app-pipeline/ifeoma-dev/`` — leftover from the pre-``app-tenant`` layout. - ``app-tenant/tenants/ten…

Regression guard for Login v2 healthcheck + image-tag contract · 2266b2d

Parse docker-compose.oidc.yml and assert: 1. zitadel-login-v2.healthcheck.test does NOT contain --spider; a half-read streaming response triggered TypeError: controller[kState].transformAlgorithm is not a function under Next.js 16 + Node 22, producing HTTP 503 on Login v2 subresources (vercel/next.js discussion #75995). 2. zitadel-login-v2.image interpolates ${ZITADEL_LOGIN_V2_IMAGE_TAG} — ensures the tag stays sourced from tenant env (ZitadelCoreVars) rather than a hardcoded ghcr.io tag that diverges across tenan…

Login v2 healthcheck consumes body; image tag via tenant env · 06eee83

Root cause of the intermittent 503 on /ui/v2/login subresources and the "Could not get the context of the user" banner was the Docker healthcheck running wget --spider against a Next.js 16 streaming route. --spider closes the TCP connection as soon as headers arrive, leaving the stream half-read and triggering the Node TransformStream race TypeError: controller[kState].transformAlgorithm is not a function (vercel/next.js discussion #75995). At interval=10s this produced a continuous torrent of stream corruptions b…

Headless-chromium web-push stub + KB note · 173bbae

Headless Chromium can't reach a real push messaging service, so pushManager.subscribe never resolved and web-push-settings-subscribe timed out on stage. Add installDeterministicWebPushStub (raw JS addInitScript) that overrides PushManager.subscribe/getSubscription with W3C-shaped in-memory objects and forces Notification permission to granted to survive cross-origin Zitadel redirects. Spec: retries=1 (cold stage sign-in), diagnostic console capture and a 30s waitForResponse window that surfaces inline feedback + c…

Sync OIDC fragments + web-push E2E · 66cb400

Persist Zitadel OIDC client id/secret into all-mode merged env after provision (matches run_provision_and_update_env fragment refresh) and refresh PACKAGE_INDEX generated_at. Add Playwright spec web-push-settings-subscribe covering My Settings → Notifications → Push subscribe/unsubscribe against /api/push/subscriptions, plus a shared profile_settings_modal helper (openProfileSettingsFromYou, expandNotificationSettingsSection) for DRY modal navigation.

Prefer app-start / tenant-redeploy for OIDC fragment healing · 1301c4c

Clarify that tenant-rebuild-app does not run Zitadel provision; document app-start and tenant-redeploy (without --skip-provision) as the paths that invoke run_provision_and_update_env to align oidc.json and .env.* with IdP.

Triage Zitadel Login v2 password 503; a11y SettingToggle · 1b0f323

Document how to distinguish document vs subresource 503 on the Login v2 password URL, why loginName in the query string can still show the context banner, and how to pull APP_INFRA logs via target-stack-logs --plane app. Wire SettingToggle label/description to the Radix Switch (useId, aria-*) and bump web-client to 0.1.39.

Stage OAuth recovery evidence after tenant-redeploy + Playwright · 73e5255

- PACKAGE_INDEX generated_at refresh from merge-env / fleet - KB: tenant-redeploy + fragment sync; logs clean; main-nav + public-edge OK

Sync OIDC client creds into secrets fragments after provision · 10fae31

- merge_env overlays secrets/application over definition .env; provision only updated .env.* so stale oidc.json caused invalid_client at NextAuth callback - run_provision_and_update_env: resolve tenant root, persist id/secret to all modes via merge_application_secrets - provision_oidc_app: probe transport failure now raises (no fake probed_ok) - docs: TENANT_CREDENTIAL_CHANGE_TRIGGERS + fleet KB; tests for resolve/persist

OIDC fragment readme for Zitadel client secret drift · d4fe617

- default_fragment_template(oidc): operator-facing _readme links ZITADEL_CLIENT_SECRET mismatch to invalid_client / OAUTH_CALLBACK_ERROR - KB: record post-rebuild /api/health 0.1.38 vs Playwright OAuthCallback evidence

Schedule match push on partial bulkWrite upserts · 1e937b4

- Extract scheduleMatchPushForBulkUpsertIndices (DRY) for bulkWrite upsertedIds. - On MongoBulkWriteError with result.upsertedIds, notify first-materialised rows that still inserted before writeErrors (ordered:false partial success). - Add Vitest for partial MongoBulkWriteError; bump backend to 0.1.16.

Document OAuthCallback invalid_client triage (i18n + KB) · c9c0de1

- Concatenate auth.errorPage.codes.OAuthCallback.operatorHint for OAuthCallback (en/de/fr/es/ar). - Fleet KB + tests README: evidence from web-client-stage logs (invalid_client invalid secret), correct compose service name for target-container-logs. - Bump web-client to 0.1.38. Operator must align ZITADEL_CLIENT_SECRET in tenant secrets with Zitadel, merge-env, rebuild.

Refresh ifeoma-tc PACKAGE_INDEX after fleet rebuild · 93ba5e3

Fleet regenerated the table-of-contents timestamp and normalized YAML key ordering; no secret material.

Detect NextAuth errors on locale /auth/error path · 2d47266

- admin_platform_session: treat /{locale}/auth/error like /api/auth/error; parse error_description; clearer final failure when OAuthCallback lands on App Router error page. - tests README: document OAuthCallback triage (secrets, redirect URIs, merge-env + rebuild). - Fleet KB: post-rebuild version verification via curl + tenant-live-health public-edge.

Extend openapi-fastify allowlist; document ifeoma-tc stage probes · 7d8d4e4

- Allowlist Fastify-only paths: chat transcript export, end-connection, user block, internal e2e seed (until OpenAPI documents them). - KB: copy-paste tenant-live-health public-edge for ifeoma-tc + version check via stage /api/health + tenant-rebuild-app pointer.

SW update toast and clearer push permission copy · 2a53d1c

- Add ServiceWorkerUpdatePrompt: listens for SW_READY_TO_ACTIVATE_EVENT and shows a persistent localised Sonner toast with Reload (deduped toast id). - Mount on locale layout and UnprefixedRouteShell; add ui.pwa.update* / reloadAction strings (en/de/fr/es/ar). - Expand pushErrorPermissionDenied copy with site-settings guidance in all locales. - Bump web-client to 0.1.37; document in AppProviders, primitives README, and fleet KB.

Rate-limit subscription mutations and document prune contract · 2bc7997

- Add per-user pushSubscriptionMutationRateLimit (30/min, POST+DELETE) after auth on /api/push/subscriptions; export PUSH_SUBSCRIPTION_MUTATION_MAX_PER_WINDOW for tests. - Document 429 in OpenAPI; add Vitest for limiter and for WebPushNotifier 404/410 -> removeByEndpoint. - Map HTTP 429 in usePushNotifications to pushErrorSubscriptionRateLimited (all locales); bump backend 0.1.15 and web 0.1.36. - Refresh PushSubscriptionService JSDoc and fleet KB push notes.

Web Push on first materialised match row · e7d124c

- MatchPushDispatcher: localised new-match payload, preferences.matchNotifications gating (default on), peer display name by profiles.profileId, /{locale}/discovery/list URL. - MatchStorage: after upsert insert (storeMatch upsertedCount, bulkWrite upsertedIds), schedule notifyMatchRowFirstMaterialized; failures logged, Mongo write unchanged. - Backend chat i18n strings for all five locales; tests for dispatcher + bulk dispatch wiring. - Fleet KB: document match-notification behaviour. Backend version 0.1.14. Evide…

Admin POST /api/admin/push/test and Debug self-check · 008c3ad

- Platform admin route dispatches localised Web Push via AdminSelfTestPushService; 503 + WebPushNotConfigured when VAPID is absent; OpenAPI + generated client. - DRY: resolvePreferredLocaleForAuthUid (profiles.preferredLocale) shared by chat push. - Backend i18n: admin namespace (pushSelfTest copy) + track locales/**/*.json in git. - Admin → Debug: Send test push with Bearer fetch and inline success/error feedback; admin.debug.webPushSelfTest.* in all five message bundles. - Fleet KB: document operator self-test p…

Sonner outside overflow shell; Web Push rotation + VAPID route · 0c5073e

- Mount Toaster as sibling of cosmic overflow shell; raise default z-index on Sonner. - Add GET /api/push/vapid-public-key (503 when unset); OpenAPI + zod + generated client. - BFF: treat vapid-public-key as public; pushSubscriptionApi attaches Bearer like other Fastify paths. - Service worker: pushsubscriptionchange re-subscribes via public VAPID GET and POSTs subscription with /api/auth/token Bearer; bump cache generation to v4. - Stage/prod web-client: bind-mount NODE_EXTRA_CA_CERTS so Node extra CA path resolv…

Cross-link Zitadel Traefik/IAM KB; mirror in AGENT-BEHAVIOUR §9 · 45e89d6

- app-fleet-cli-commands: pointer to zitadel-traefik-and-iam-selfheal + whitelist vs PAT note - AGENT-BEHAVIOUR: non-transient Zitadel edge rollout + debug-sidecar probe hint

Two-step stage rollout; clarify Management 403 in E2E · 7767bb5

- KB: tenant-redeploy for IAM self-heal plus app-infra-start-services oidc for Traefik labels - deleteTestUser: distinguish Traefik ip-whitelist 403 vs Zitadel IAM/PAT failures - Bump web-client to 0.1.33

Align healthz hooks with OpenAPI HealthzResponse · 0d3f298

- Add healthzObservation mapper (API body + client observedAt ISO timestamp) - Remove invalid timestamp field; drop redundant try/catch in useHealthzQuery - Document GET /api/health in dev README; export mapper from hooks barrel - KB: preflight npm run build:direct before tenant-rebuild-web-client - Bump web-client to 0.1.32 - Regenerate ifeoma-tc PACKAGE_INDEX.yaml (Fleet merge during rebuild)

Show web client semver on Debug tab with i18n · fadf809

- Surface WEB_CLIENT_APP_VERSION in DebugSettingsTab (matches GET /api/health) - Add admin.debug.buildInfo.* to all locales; extend adminDebugMessageKeys - Register fleet.automatedHint in canonical key list for parity tests - Document operator comparison in app-fleet-cli-commands KB - Bump web-client package to 0.1.31

Materialise connection statement i18n keys for legacy Mongo rows · 17f3fc5

Root cause: GET /api/connection-statements omitted statementKey; ConnectionJourney called useTranslations with undefined → next-intl internal .split on undefined. - Shared resolver (web + backend) domain.seedConnectionStatements.<id>.statement - ConnectionStatementService always serializes statementKey; create persists it - OpenAPI + generated clients/zod require statementKey on list responses - Web 0.1.30, backend 0.1.11; Vitest coverage for resolver

- BFF-aligned issuer: verified Authorization Bearer [redacted].* returns 200 with the same token; malformed internal prefix returns 401 with message. · 687d65b

- BFF-aligned issuer: verified Authorization Bearer [redacted].* returns 200 with the same token; malformed internal prefix returns 401 with message. - Web client 0.1.29; Vitest contract auth_token_route_internal_bearer. - DomainModule: reject BIND9 for staging and production (parametrized unit test). - app-fleet unit conftest: reset tenant selection via set_current_tenant(None) each test to fix session-file leak across test_fleet_ui_*. - Pipeline tests: Brevo mail inbound uses brevo.json fragment; traefik parity …

Show persistent inline feedback under the Push toggle (0.1.28) · 4dc4f97

`sonner` toasts alone proved unreliable for the push-failure case on stage: the Toaster container mounted (the "Notifications alt+T" ARIA region is in the DOM) but the per-toast elements never rendered on Chromium when `PushManager.subscribe` rejected — reproducible across multiple deploys and independent of our wrapper styling. The user saw "nothing" because the only failure signal was a transient toast that never painted. Fix: in addition to the toast call, the settings section now keeps a persistent `role="stat…

Web-client: bump to 0.1.27 (sonner Toaster visibility fix) · 4a9f23d

Sonner Toaster uses dark+richColors defaults so toasts render · 68ee42e

Follow-up to 65668cb3 which mounted `<Toaster />` globally. On stage the Toaster container showed up in the accessibility tree ("Notifications alt+T" region) but no toast ever became visible — not the push-error toasts and not the profile Save-Changes success toasts either. Root cause: the wrapper passed ``style={{ "--normal-bg": "var(--popover)", "--normal-text": "var(--popover-foreground)", ... }}`` onto the Toaster root, expecting sonner to inherit CSS variables into its per-toast elements. In practice sonner v…

Route /admin/v1 /v2beta externally + self-heal PAT IAM grants · 0669565

Two regressions were blocking the admin/MFA Playwright specs against stage. Both are long-term architectural fixes that survive future Zitadel resets and dependency upgrades. ### 1. Traefik routing (docker-compose.oidc.yml) The web-client admin router tc-app-admin-stage uses PathPrefix(/admin/) at priority 50 to serve the locale-prefixed admin panel. Zitadel's admin API under /admin/v1 overlapped that prefix with a lower priority (30), so every /admin/v1/... call fell through to Next.js and was rewritten to /en/ad…

Mount global Toaster + discriminated-union push result so failures are actually visible · 65668cb

Root cause of the user-reported "clicking Push Notifications does nothing" report on stage.trueconnection.app/en/you: 1. The entire app imports ``toast`` from ``sonner`` in ~15 places but NO ``<Toaster />`` container was mounted anywhere. Every single ``toast.error`` / ``toast.success`` call (not just push — also chat, profile, admin, ratings, …) silently enqueued into sonner's store with no visible surface. The push toggle is the feature where it hurt most because its failure path has no backup UI. 2. ``Notificat…

Drive onboarding gate in assertPostLoginJourneyProgress · 53b47fb

Fresh magic-link registrations land on the mandatory onboarding gate at /{locale}/onboarding, which hides the bottom nav by design. The sister helper waitForAuthenticatedAppNav already calls ensureMandatoryOnboardingCompleteForShellE2e first (commit 7b146f9e), but assertPostLoginJourneyProgress — used by runRegistrationThroughBottomNav — still expected the bottom nav to render immediately post-login, so login-and-app-nav timed out for 60s waiting for a nav that can only mount once onboarding is submitted. Validate…

Merged env files materialize the full secret surface; tip revert does not erase git history. · 084e61f

Merged env files materialize the full secret surface; tip revert does not erase git history. Aligns KB with operator security expectations.

Reject BIND9 DNS authority in staging · ef88da7

DomainModule.execute now fails fast before package install when dns_providers.provider is bind9 and BootstrapContext.environment is staging, matching the contract enforced by unit tests. - Remove pytest.ini ignore for test_domain_module_dns_policy.py - Document policy in app-fleet-cli-commands KB

Document skip-worktree for merged tenant .env hygiene · 2ed7f81

Operators who keep merge-env output on disk can use git update-index --skip-worktree locally; note pull conflicts and prefer checkout -- when done.

Persist merge-env output for stage (VAPID + Zitadel rotation) · aca68ec

The previous commit (8ae0e842 feat(push): web push subscriptions, VAPID tenant env, ES2022 Intl.Segmenter) wrote the VAPID triple to the authoritative `secrets/application/stage/misc.json` fragment but did not re-materialise the downstream `.env.stage`, leaving `NEXT_PUBLIC_VAPID_PUBLIC_KEY` empty and the three backend keys absent from the deployed env bundle. Subsequent `fleet tenant-rebuild-web-client` runs (needed for unrelated refactors on v0.1.24 and v0.1.25) correctly re-ran `merge-env`, which pulled the alr…

Web-client: remove PROFILE_PEER_NO_DISPLAY_NAME sentinel, localise peer name fallback (v0.1.25) · be2a63e

The deleted `src/lib/constants/profileDisplay.ts` exported a hardcoded English "No display name" string that was used both as a user-facing UI fallback **and** as an equality sentinel in `ConnectionManager` to decide `hasFriendlyName`. That double-duty is incompatible with localisation: the moment a translator substitutes "Aucun nom" / "Jemand" the sentinel check silently flips. This change separates the two concerns along the onion principle: - Domain layer (`transformToMatch`, `Match.name`): an empty string now …

Fleet+bff: cookie-less internal-bearer path for tenant-seed-mongodb (v0.1.24) · 66ddde5

Close the 401 loop that blocked `fleet tenant-seed-mongodb --use-tenant-admin-credential` from reaching Fastify through the Next.js BFF: - app-pipeline/app-fleet/src/fleet_internal_bearer.py: Python minter mirrors the backend's `internal.<authUid>.<emailB64>.<sig>` contract so Fleet can auto-promote an ADMIN_EMAILS user to platform-admin without operator JWT handling. Byte-parity cross-checked against the Node reference via 13 unit tests. - app-pipeline/app-fleet/cli.py + cli/tenant + manager orchestration + runne…

Point operators at tenant-seed-mongodb for missing textKey/labelKey (v0.1.10) · a5130a1

The live ifeoma-tc stage smoke surfaced `questions["q1_core_values"].textKey must be a non-empty locale message key — repair the Mongo document or run scripts/backfill-domain-ids.ts`. That remediation hint was wrong: `scripts/backfill-domain-ids.ts` only rewrites English category/value label tokens to snake_case domain ids, it does not restore a dropped `textKey` or option `labelKey`. The correct repair is to re-seed the packaged bank via `fleet tenant-seed-mongodb`, which POSTs the authoritative `default-question…

Extend question-bank-row-contract with JWT acquisition + stage repair recipe · fd767a1

The prior runbook told operators what to do on /api/questions 422 but left the "how do I obtain a platform-admin JWT for --bearer-token-file" step implicit, so the next on-call would have to re-discover it. Adds: - Explicit confirmation that web-client v0.1.22's httpErrorFromResponse now preserves the Fastify envelope 'message' (no more [unknown] Unprocessable entity), so operators can read the failing row id straight out of the admin banner / errorLogger. - Two supported token sources — interactive (copy the Zita…

Document stage activation lessons + SW rolling-deploy self-healing · fbcadf4

Two practical notes added next to the VAPID rollout section so the next operator activating Web Push on a new tenant does not rediscover them: - Three-piece wiring rule: ARG in the web-client Dockerfile, matching build.args in docker-compose-full.yml, and runtime VAPID_* env on every backend block. capabilities.webPush=true on the server-side route is NOT sufficient evidence that the client bundle has the key; grep the chunk for the public-key substring to confirm. - registerServiceWorker now calls registration.up…

Clarify that next-auth CLIENT_FETCH_ERROR at debug level is expected · 41dc125

No runtime change. The stage smoke run logged `[next-auth][error][CLIENT_FETCH_ERROR]` entries during page transitions. Evidence from the browser console capture confirmed they arrive on `console.debug` (not `console.error`), which matches next-auth v4.24+'s intentional classification for aborted `/api/auth/session` fetches during SPA navigation and tab visibility changes (see next-auth PR #9345 and https://next-auth.js.org/errors#client_fetch_error). Adding suppression would be defensive code for a non-error. Ins…

Web-client: stop raising GL_INVALID_ENUM on /discovery universe renderer (v0.1.23) · 60a98dd

`UniverseWebGLEngine.createStarProgram` called `gl.enable(0x8642)` to toggle `GL_PROGRAM_POINT_SIZE`. That capability is from desktop OpenGL only — it is not in the WebGL 2 enable-cap allow-list (Khronos WebGL 2.0 spec §5.14.3, which limits `enable`/`disable` to BLEND, CULL_FACE, DEPTH_TEST, DITHER, POLYGON_OFFSET_FILL, SAMPLE_ALPHA_TO_COVERAGE, SAMPLE_COVERAGE, SCISSOR_TEST, STENCIL_TEST, RASTERIZER_DISCARD), so every universe page load logged: WebGL: INVALID_ENUM: enable: invalid capability without affecting ren…

Web-client: normalise same-origin HTTP failures to AppError subclasses (v0.1.22) · be94c93

Fixes the `[unknown] Unprocessable entity` console spam on admin?section=system-data and every other tab that goes through `nextjsApiRequest`: - Introduce `lib/api/httpErrorFromResponse` — single source of truth mapping HTTP status codes to the canonical `AppError` family (ValidationError for 400/422, AuthError for 401, PermissionError for 403, NotFoundError for 404, TimeoutError for 408/504, ConflictError for 409, RateLimitError for 429, ApiError for everything else). Parses the Fastify-style `{ error, message }`…

Web-client: delete src/i18n/translate/ wrappers, drive all call sites via next-intl (v0.1.21) · a408dbc

Final step of the mobile-localisation refactor. All ~170 call sites have been migrated to `useTranslations()` / `getTranslations()` in prior batches (v0.1.14-v0.1.20); this commit removes the deprecated custom translation layer entirely: - Delete `src/i18n/translate/` (AppT, useTranslate, formatIcu, paramCoercion, resolve, legacy requireTranslationLookupKey shim). - `getMessageByKey` / `tryGetMessageByKey` now live at `src/i18n/resolveMessage.ts`; DebugPanel updated accordingly. - `src/i18n/index.ts` barrel re-exp…

Backend VAPID_* runtime env + sw.js cache v3 to purge stale client bundles · 49f0cd4

Follow-up for c27a821c: the backend VAPID_* additions I made to docker-compose-full.yml were lost in a subsequent auto-hook pass; without them the running backend container had no ``VAPID_PUBLIC_KEY`` / ``VAPID_PRIVATE_KEY`` / ``VAPID_SUBJECT``, so ``WebPushNotifier`` initialised in the "disabled" state on stage and no pushes would be sent even after tenant-rebuild-app. - app-pipeline/app-deployment/docker-compose-full.yml * Re-add ``VAPID_PUBLIC_KEY`` / ``VAPID_PRIVATE_KEY`` / ``VAPID_SUBJECT`` to ``x-backend-dev…

Move provider_surface to common.contracts; drop phase 1a quarantine · 8241987

Moves the pure provider-surface module app-pipeline/app-tenant/contracts/targets/_provider_surface.py to its architecturally correct home app-pipeline/common/contracts/provider_surface.py Rationale (onion principle): the constants `PROVIDER_SURFACE_{VIRTUAL_LIBVIRT,HOSTING_API}`, the inference `infer_provider_surface`, the cross-field validator `validate_provider_surface_cross`, and the normalizer `normalize_provider_surface_value` are pure data + pure functions shared across the tenant, fleet, and hosting layers.…

Web-client: migrate [redacted] to next-intl (v0.1.20) · 4251618

Batch 2 of the deletion of the custom `src/i18n/translate/` layer. All files under these feature and shared-component folders now call `next-intl`'s `useTranslations()` directly at the root namespace: - `src/features/chat/` — 24 components + 4 hooks + 4 utils (plus 2 atomic tests with minimal mock-type casts) - `src/features/connections/` — 6 components + 2 utils - `src/features/analytics/` — 5 components - `src/features/matching/` — 1 component - `src/features/ratings/` — 2 components - `src/features/device/` — 1…

Drain orphan-tests backlog (5 of 6 categories) · db564a2

Implements missing production symbols that test-first orphan tests asserted against. No remaining collection-error orphans; full app-fleet unit suite runs 2046 passed / 0 failed. - platform_admin_remote: add _parse_merged_dotenv — strict KEY=VALUE parser that raises PlatformAdminConfigurationError on duplicate keys, malformed lines, or empty keys so mongosh role updates surface operator config bugs before touching the tenant database. - misc_cmds + cli.py: add tenant-domain-upsert and tenant-domain-remove CLI comm…

Wire NEXT_PUBLIC_VAPID_PUBLIC_KEY through Dockerfile ARG/ENV and backend VAPID_* env · c27a821

The previous push-activation attempt on stage shipped backend v0.1.9 and web-client v0.1.19 with ``capabilities.webPush: true`` reported by the health route, yet the browser still threw ``pushErrorVapidNotConfigured``. Root cause: Next.js only inlines ``NEXT_PUBLIC_*`` into the client JS bundle **at build time**. The backend runtime env had the key, and the Next.js server-side route could read it, but the Dockerfile did not declare ``ARG NEXT_PUBLIC_VAPID_PUBLIC_KEY`` and the compose file did not forward the value…

Unblock run_tests phases uncovered by push-time CI · b5e682b

A fresh local run of `python run_tests.py all` (the same batch `run_ci.py` phase 2 runs in the new push-time CI) surfaced several pre-existing broken tests and real code drift on HEAD. This change fixes the ones with a clear, contained root cause and documents the rest as open items so the CI workflow does not red-line silently. Fixes (each verified by re-running the relevant module batch): * app-hosting workload_providers.resolve — replace the broken `from app_tenant_root.contracts import infer_provider_surface` …

Web-client: migrate admin/profile/journey/discovery to next-intl (v0.1.19) · b3fec8e

Batch 1 of the deletion of the custom `src/i18n/translate/` layer. All files under these four feature folders now call `next-intl`'s `useTranslations()` directly at the root namespace (full dot-path keys preserved): - `src/features/admin/` — 14 files (AdminPanel + tabs + generator) - `src/features/profile/` — 17 files (cards, sections, settings, hooks) - `src/features/journey/` — 12 files (screens, modals, questionMapper) - `src/features/discovery/` — 20 files (list + universe-webgl + utils) Pattern applied (match…

Web-client: migrate features/landing/* to next-intl useTranslations (v0.1.18) · 6125904

Removes the custom `useTranslate` / `<AppT>` wrappers from all 15 landing page components and calls `next-intl`'s `useTranslations()` directly at the root namespace with full dot-path keys (for example `t("landing.cta.headline")`). Behaviour-preserving: no message keys touched, no props or component logic changed, strict missing-key policy still enforced by `StrictIntlClientProvider.getMessageFallback` (which throws `MissingMessageKeyError`). Scope: `src/features/landing/components/` CTASection, Comparison, DemoWa…

Document APP_INFRA vs HOST_INFRA networks; neutral dev domain example · d1d4e5e

- Split external-network expectations: APP_INFRA defaults require traefik only; HOST_INFRA includes monitoring and therefore internal_net. - Domain resolver test uses synthetic tenant-dev/example inputs (no ifeoma-* coupling).

Warn against committing merged tenant .env secrets to git · d15bb6a

Fleet merge-env materializes operator secrets into tracked tenant paths; document revert workflow so ZITADEL_CLIENT_SECRET, VAPID_*, and admin passwords never enter the public repo.

Implement enforce_managed_bind_domain_ip_preflight (close orphan test) · ff73866

`app-fleet/tests/unit/test_managed_bind_domain_ip_preflight.py` (4 tests) was committed ahead of the implementation and failed collection on clean checkouts with `ImportError: cannot import name 'enforce_managed_bind_domain_ip_preflight' from 'src.manager.fleet._dns.policy'`. Implement the contract the tests describe. What it gates: When `dns_mode=managed_bind9`, every tenant domain row (both `public_ingress` and `internal_service_endpoint`) must carry a literal, parseable IPv4/IPv6 `ip_address`. The zone file is …

Capabilities.webPush on /api/health + HealthzResponse drift fix · c9fcebb

Adds operator-visible instrumentation so Web Push / VAPID configuration is discoverable from a single HTTPS probe, and cleans up the long-standing contract drift between what the backend actually returns and what the OpenAPI / valibot schemas claimed. - 10_backend/src/routes/health.ts * GET /api/health now emits ``capabilities: { webPush }`` sourced from WebPushNotifier.isConfigured(). Flags never hide misconfiguration behind a silent ``true`` — a feature that should be on but is not wired surfaces as ``false`` so…

Landing marketing uses useTranslate + document secrets refresh CLI · f091c37

- Replace raw next-intl useTranslations with useTranslate so keys pass requireTranslationLookupKey; keep t() strings (remove legacy AppT/defaultValue). - Hero aligned the same way. - KB: tenant-refresh-secrets-templates operator commands. - Bump web-client to 0.1.16.

Auto-heal Zitadel OIDC client-secret drift on every deploy · 1a41f8d

Root cause of stage `invalid_client (invalid secret)` outages: the deploy pipeline short-circuited Zitadel provisioning when `ZITADEL_CLIENT_SECRET` was populated. When a secret rotated out-of-band (manual Management API, incident response, restore from backup), the tenant secrets store kept the stale value and every OAuth callback failed. Nothing re-verified that the stored secret was still what Zitadel had on file. Fix (three-layer, idempotent, non-invalidating): 1. `zitadel_provision.probe_oidc_client_secret` (…

Track ratchet baseline; quarantine phase 1a until resolve.py fix · d7ab576

* `app-pipeline/tools/.compliance-baseline.json` generated via `python3 tools/check_compliance.py --update-baseline` (1165 violations across 378 file entries on current HEAD). Verified deterministic across three consecutive scans before capture. Ratchet confirmed green against the saved baseline ("No regressions — baseline check passed."). Future code-compliance regressions will now fail CI. * `.gitignore` adds a negation for the baseline so the repository-wide `*.json` exclusion does not silently drop it. * `.git…

Non-destructive secrets template checklist refresh + pushSubscriptions admin read · fcd59c1

Closes the last gap in the Web Push rollout — operators pulling a code update that introduces a new default secret (for example the VAPID_* keys for browser push) now pick the keys up automatically on any tenant bind, instead of silently running with a stale local checklist. - common/tenant_application_secrets_template.py * refresh_fragment_application_secrets_template — non-destructive merge: adds missing default keys, refreshes the _readme doc string, and keeps every existing value (including operator-added keys…

Resolve Zitadel management URL for host-run Playwright · c4ba3b4

- Skip Docker service hostnames (zitadel, zitadel-application) when picking Management API origin so public ZITADEL_ISSUER wins over in-cluster URLs. - Throw when all candidates are host-unreachable (remove silent E2E_BASE_URL fallback for management). - Export pickFirstE2eReachableManagementOrigin with Vitest coverage. - app-main-nav-all-tabs: describe-level retries for cold-login flake. - Document in tests/README.md and app-fleet-cli KB; bump web-client to 0.1.15.

Web-client: prep next-intl migration — relocate requireTranslationLookupKey, pilot rbac, drop formatIcu test-site (v0.1.14) · 70a805c

Preparation step for deleting the custom `src/i18n/translate/` layer in favour of next-intl's `useTranslations()` directly: - Move `requireTranslationLookupKey` to `src/i18n/requireTranslationLookupKey.ts` (canonical). `src/i18n/translate/requireTranslationLookupKey.ts` becomes a deprecated re-export shim so `AppT` / `useTranslate` / the translate barrel keep compiling until the full call-site migration lands. - Repoint `StrictIntlClientProvider` and the atomic test to the new path. - Pilot migration: rewrite `src…

Typed push subscription API errors with locale messages · 8edba33

Introduce PushSubscriptionApiError (operation, status, bodySnippet) in pushSubscriptionApi instead of English Error strings. usePushNotifications maps errors to profile.settings.notifications keys for save/remove HTTP failures and empty response bodies. Bump web-client to 0.1.13. Document client UX in app-fleet-cli KB.

Locale-aware push hook errors under profile.settings.notifications · b90bb03

- Add pushErrorPermissionDenied, pushErrorVapidNotConfigured, pushErrorSubscriptionIncomplete, pushErrorTechnical (ICU detail) in all locale bundles; reuse pushUnsupported for unsupported-browser path. - usePushNotifications: useTranslate + useCallback helpers; wrap technical failures with pushErrorTechnical. - Bump web-client to 0.1.12. Tests: npm run validate:i18n (190), npm run test:atomic:offline (880).

The VAPID keypair generator and Fleet CLI command landed in fb51d064; this change rounds out the public-facing contract so operators and agents can discover and audit the new entr… · f50c425

The VAPID keypair generator and Fleet CLI command landed in fb51d064; this change rounds out the public-facing contract so operators and agents can discover and audit the new entry point: - app-fleet/README.md: add tenant-generate-vapid-keys to the command table with the full operator flow (merge-env, tenant-rebuild-web-client, tenant-rebuild-app). - .cursor/kb/app-fleet-cli-commands.md: Web Push / VAPID section covering --mode, --subject, --force, --json semantics and the misc.json destination. - app-fleet/cli.py…

Track Fleet VAPID generator + push-subscription test fixtures · fb51d06

Five files landed in the working tree alongside the recent `feat(push)` commits but were never staged, which would break a clean checkout and fail CI imports: * `app-pipeline/common/vapid_keypair.py` Pure NIST P-256 keypair generator for Web Push (RFC 8292). Raises on invalid subjects and on unexpected encoding lengths (no silent fallbacks). Reused by the Fleet CLI and by `common/tests/test_vapid_keypair.py` which asserts the shape contract (base64url, no padding, correct byte counts). * `app-pipeline/app-fleet/sr…

Document push-time GitHub Actions CI in runner overview · 04c06e4

Adds §3.1 to PIPELINE-RUNNERS-OVERVIEW.mdc describing the four offline jobs in .github/workflows/ci.yml, their relationship to run_ci.py phases, the commands needed to reproduce CI locally, and what is deliberately left out (live E2E, Brevo, Playwright, fleet SSH health). Also records two known open items so future agents do not silently re-add these as gates before the underlying code is cleaned up: - Web-client npm run lint (126 errors, mostly react-hooks/refs in features/discovery/universe-webgl; needs a dedica…

Playwright skip Zitadel management when API URL is internal · ae6cffe

Clarify EAI_AGAIN zitadel from ZITADEL_MANAGEMENT_API_URL on laptop; document E2E_ZITADEL_SKIP_MANAGEMENT_PROVISION=1 + public E2E_BASE_URL evidence for app-main-nav-all-tabs. Refresh Last reviewed cross-link.

Type-check backend and web-client before tests · 8c2639d

Adds `tsc --noEmit` as a gate in both JS/TS jobs. Verified locally on HEAD (backend and web-client both compile cleanly). Runs before the vitest suite so a type regression fails fast with a readable tsc error instead of surfacing as an opaque test-runtime failure. Invoked via `npx tsc` so no `package.json` changes are needed (avoids touching module version numbers for a CI-only improvement).

Run offline test suites on every push and PR · 2865bab

Adds .github/workflows/ci.yml with four parallel jobs covering the tests that do not require live infrastructure: - python-ci: runs app-pipeline/run_ci.py (architecture compliance + main-module unit tests). SKIP_SCHEMA=1 because schema drift is already owned by schema-contract.yml and is the only step needing Java. - backend-tests: installs app-source/10_backend + the app-contracts schema-tools deps (used by the pretest hook) and runs npm test. - simulation-worker-tests: vitest unit suite for the public-API exerci…

Playwright E2E base URL and internal IdP DNS pitfalls · 23ef210

Document evidence: /api/health 404 when NEXTAUTH_URL is not the Next origin; getaddrinfo EAI_AGAIN zitadel when merged env uses Docker-only issuer hostname. Cross-link in Last reviewed line.

Web push subscriptions, VAPID tenant env, ES2022 Intl.Segmenter · 8ae0e84

- web-client: service worker push/notificationclick handlers, pushSubscriptionApi, and device hooks wired to a real Web Push subscription lifecycle (bumps 0.1.10) - tenant: VAPID_PUBLIC_KEY / VAPID_PRIVATE_KEY / VAPID_SUBJECT wired through the env seed builder, env var groups, secrets template, and a dedicated vapid_derived_env module so NEXT_PUBLIC_VAPID_PUBLIC_KEY is exposed to the browser and private halves stay in misc.json - backend: tsconfig target/lib bumped to ES2022 + ES2022.Intl so ChatPushDispatcher can…

- Regenerate Zod from OpenAPI; add schema tool template and generator updates. · c5f1a02

- Backend: web-push subscriptions and notifier, chat push dispatcher, Mongo helpers; wire push routes; sync generated validation schemas; bump to 0.1.6. - Web client: timezone bootstrap and API route, routing/bundle/SEO updates, locale E2E matrix; Vitest alias plus inline/ssr.noExternal for next-intl so validate:i18n and proxy tripwire resolve next/server under Next 16; bump to 0.1.9. - Pipeline: requirements and tenant PACKAGE_INDEX touch-ups. Tests: npm test (10_backend 297), npm run validate:i18n && npm run tes…

Chat lifecycle gates, transcript export, and connection routes · d4d68a8

- ChatService: transcript vs messaging gates (peer invariant before stage checks), read watermarks on mark-read, bounded transcript export, retention purge, media upload ordering with storage rollback, transactional sendMessage(mediaId). - Routes: GET transcript-export, multipart Content-Type check, mute/media thread id resolution via conversations lookup, 409/400 mapping for stage and peer errors. - Connections: POST end-connection with session persist; persist after request/respond conversation; transition respo…

Locales contract, query caps, rate-limit buckets, connection transitions · 2be31df

- Add lib/locales.ts as single source for AppLocale and Accept-Language narrowing; wire i18n, profile, discovery, and synthetic profile paths to normalizeStoredAppLocale. - Remove TranslationService; keep translation access via i18next helpers. - Restore ListConnectionsQuery and tighten GetConnectionStageQuery / GetMessagesQuery (cursor vs beforeCursor) with OpenAPI-aligned caps. - Rate limit: storageKeyPrefix for isolated counters; clearRateLimitStoreForTests for Vitest; chatMediaUploadRateLimit and connectionMut…

Align journey seed Fleet flags + web-client 0.1.6 · 6f1c55b

Refresh AGENT-BEHAVIOUR (app-pipeline + application root) and KB index for optional --verify-admin-reads and --synthetic-bootstrap-json. Extend connection-bank-seed.md with copy-paste examples. Expand FleetPublicInterface.seed_mongodb_journey_banks docstring. Sync seeds README and runDualBankSeed module note; bump web-client package version for health probe parity. Record evidence in app-pipeline/todos.md.

Optional verify GET and synthetic bootstrap after journey seed · fc2900d

Add --verify-admin-reads (GET /api/admin/questions after bulk POSTs) and --synthetic-bootstrap-json (POST synthetic bootstrap after bulks) to tenant-seed-mongodb and run_tenant_fleet_manager seed action. Dry-run validates synthetic JSON shape; verify is rejected with dry-run. Document live operator expectations in connection-bank-seed.md and CLI KB. Default journey-only seed unchanged; dual runner entrypoint imports unchanged per design.

Clarify forbidden locale narrowers + public route matrix assertion · d32c179

Documentation-only touch-ups to two reference files: - `src/i18n/CONTRACT.md`: note that `isAppLocale` / `isProfileLocale` are also forbidden narrowers alongside `hasLocale` / `.includes + cast`, and that `tests/atomic/i18n/forbiddenLocaleNarrowers.test.ts` enforces it. Also calls out the `LocaleCookieWriteError` surface in `src/lib/i18n/next_locale_cookie_client.ts` so future edits know that non-2xx responses from `POST /api/i18n/locale` raise there. - `tests/README.md`: correct the public-route-matrix descriptio…

Tracked connection/journey bank seed scope and runner import · 0b019cc

Add app-pipeline/docs/connection-bank-seed.md (Fleet vs UI vs out-of-scope). Link from KB index, app-fleet-cli-commands, and agent navigation rules. Clarify run_tenant_fleet_manager _entrypoint_paths dual import as two supported entry contexts; script and pytest verified.

Cover journey bank HTTP POST order and error paths · f4c3105

Mock _post_json to assert connection-statements bulk precedes questions bulk, payload keys, and JourneyBankSeedError on non-2xx responses. docs(seeds): document Fleet tenant-seed-mongodb for operators; bump web-client to 0.1.5 (package.json / WEB_CLIENT_APP_VERSION build surface).

Forbid new Git branches unless the user requests them · a430eeb

Record in pipeline, application-root, and app-source agent behaviour rules: routine work stays on the current branch (typically main).

Refresh localized UI text scanner baseline · 859ca00

Commit remaining workspace changes (infra, fleet, tenants, web) · 1a2130d

Large sync: HA/edge TLS and infra probes, Tolgee stack removal, registry and tenant env updates, backend and web-client tests and docs, lifecycle report cleanup, and related pipeline constants.

Workflows, pipeline READMEs, KB playbooks, plans, contracts, deployment · f9929a5

Add GitHub workflows; refresh app-pipeline README and test runbook; expand .cursor/kb operator playbooks; touch done plans and runners overview; add container mount schemas and app-contracts gitignore; deployment VM override, password ops, Zitadel redirect URI test; extend app-fleet CLI.

Move Cursor plans into done, tbd, and todo folders · 56919c9

Relocate phase2g HA follower to done; sweep deferred infra plans to tbd; stage final acceptance plan to todo.

Restore vm_api, e2e tests, docs, and project rule · 3ef743f

Resolve merge conflict by keeping incoming modifications for the app-hosting-vm scaffolding (vm_api management module, golden-image e2e test, README/TEST_PLAN/ARCHITECTURE docs, requirements) and the PROJECT_TRUECONNECTION project rule.

Auto-heal Zitadel OIDC app config on every provision run · e2b631d

Closes the follow-up from `9f588f5f`: the Fleet provisioner (`zitadel_provision.provision_oidc_app`) now reconciles the two fields that drift on already-bootstrapped Zitadel instances, in one idempotent PUT against `/management/v1/projects/{P}/apps/{A}/oidc_config`: * `accessTokenType` -> `OIDC_TOKEN_TYPE_JWT`. Zitadel defaults new OIDC apps to `OIDC_TOKEN_TYPE_BEARER` (opaque), which the Fastify backend rejects with `Invalid Compact JWS` when validating Bearer tokens via JWKS (see `app-source/10_backend/src/lib/z…

Zitadel JWT access-token + admin-human recovery paths on stage/prod · bc0a33b

- Document the `OIDC_TOKEN_TYPE_JWT` requirement for Zitadel OIDC apps and how to migrate already-bootstrapped tenants (Management API `oidc_config` upsert), since `start-from-init` only sets it on fresh DBs. - Document the `v2beta/users/human` flow for creating a tenant-named admin on an already-bootstrapped Zitadel where the `_ORG_HUMAN_*` env vars were ignored. Includes the `docker exec web-client ... node` transport template (same pattern used by the NextAuth adapter debug helpers) so operators bypass the `ip-…

Pass first-instance human admin env vars to Zitadel bootstrap · a524ceb

Previously `docker-compose.oidc.yml` passed only the `ZITADEL_FIRSTINSTANCE_ORG_MACHINE_*` env vars through to the Zitadel container, so fresh tenant bootstraps fell back to Zitadel's generated default human admin (`zitadel-admin@zitadel.<ZITADEL_EXTERNALDOMAIN>`) instead of the tenant-configured `admin@<ZITADEL_EXTERNALDOMAIN>`. Playwright sign-in then failed with `Initial User not supported` / `User not found` on stage because the merged env expected the tenant-named admin to exist. Fix: map the five `ZITADEL_FI…

End-to-end authenticated shell on stage (cookie prefix, JWT access, JWKS discovery) · 9f588f5

Drives the Playwright `app-main-nav-all-tabs` spec to green on stage after the OIDC internal-URL / Traefik routing fixes landed in `9d8afd04`, `fb3488e8` and `be1059c3`. Four root causes were blocking the authenticated shell, each confirmed by remote evidence and fixed at the layer where it originated: 1. Session cookie prefix mismatch in Next.js server routes. `getToken({ req, secret })` auto-detects `useSecureCookies` from `request.url`, which inside the web-client container is the internal URL (`http://web-clie…

Test commit staged only · fec5fed

Drop default port from Zitadel Host override so ID-token iss matches discovery · 9d8afd0

Root cause of stage NextAuth `OAuthCallback` error after OAuth login succeeded (evidence from web-client stderr with `NEXTAUTH_DEBUG=true`): ❌ [auth] NextAuth OAUTH_CALLBACK_ERROR technicalDetails.message: "unexpected iss value, expected https://stage.trueconnection.app, got: https://stage.trueconnection.app:443" The `zitadel-headers` Traefik middleware rewrites `Host` and `X-Forwarded-Host` for every request to the Zitadel container. With `ZITADEL_EXTERNALPORT=443`, the middleware was appending `:443` to both hea…

Remove Traefik Buffer middleware from all Next.js routers · 404bd44

Follow-up to fb3488e8 (tc-auth-stage `tls=true`) and #11568 triage: The `request-body-limit@file` middleware uses Traefik's Buffer transport (`vulcand/oxy/buffer`), which has a known upstream bug (traefik/traefik#11568): it fails with `no data ready` on empty-body chunked HTTP 302 responses and returns a bare HTTP 500 at the edge. Next.js standalone routinely emits `302` with `Transfer-Encoding: chunked` and no Content-Length (NextAuth redirects, locale negotiation, `next.config.ts` redirects, Server Action redire…

Zitadel OIDC internal URL targets Zitadel container, not Traefik · be1059c

Root cause of stage Playwright OAuth failure (`?error=OAuthSignin` redirected by NextAuth core): the merged env shipped `ZITADEL_ISSUER_INTERNAL=http://traefik:80`, but every Traefik router for Zitadel (`zitadel-public`, `zitadel-management`, `zitadel-login-v2`, ...) is declared `tls=true` in `app-pipeline/app-infra/services/oidc/docker-compose.oidc.yml`. With `tls=true`, those routers match only on the TLS-enabled `websecure` entrypoint, so HTTP requests on port 80 fall through with a 404 and `openid-client` disc…

Route /api/auth/* on stage so NextAuth signin stops returning 500 · fb3488e

Root cause: `tc-auth-stage` router had no `tls=*` label, so on the `websecure` entrypoint HTTPS requests for /api/auth/* fell through to the catch-all `tc-app-stage` router. That router applies `request-body-limit@file` (Traefik Buffer middleware) which trips upstream bug traefik/traefik#11568: empty-body chunked 302 responses (Next.js `/api/auth/signin`) yield `vulcand/oxy/buffer: no data ready` and a bare `HTTP 500 Internal Server Error` (21 bytes, no CSP, no Server header) at the edge — while the upstream conta…

Internal Zitadel OIDC discovery + NextAuth route diagnostics · c0cbe06

- When ZITADEL_ISSUER_INTERNAL is set, use it for OpenID discovery with Host from ZITADEL_ISSUER so Traefik routes to Zitadel; invalid internal URL throws AuthError. - NextAuth catch-all: force-dynamic, runtime nodejs, structured logs for uncaught errors and HTTP 5xx responses (NEXTAUTH_ROUTE_* JSON lines for container logs). - Add resolveNextAuthCatchAllSegmentsForGuards helper and Vitest coverage. - Fleet KB: remote rebuild rsyncs operator app-source; Zitadel internal issuer; NEXTAUTH_DEBUG triage for /api/auth …

Skip Zitadel admin lifecycle on stage; surface OAuth/403 errors · a971a16

- loginZitadelUserAndLand: E2E_ZITADEL_SKIP_MANAGEMENT_PROVISION skips delete/create; resolveAdminHumanPasswordForE2E reads tenant ZITADEL_* passwords; email fallback only when not skipping; fail fast on /api/auth/error with OAuth hints. - createTestUser: explicit 403 message with skip-env guidance. - deleteTestUser: throw on 401/403 search (invalid PAT); docstring no longer claims silent success. - tests README + app-fleet KB: stage main-nav env pattern. Evidence: tenant-live-health stage full-stack OK; main-nav …

Resolve PAT from tenant secrets; drop invalid NODE_EXTRA_CA_CERTS · 02ed385

- getZitadelPatToken reads …/customers/<c>/<p>/secrets/admin-pat.token when the merged env path is under app-tenant/tenants (Fleet materialized PAT). - Playwright config clears NODE_EXTRA_CA_CERTS if the path is missing locally (stops Node TLS spam when operator env copies VM paths). - Document PAT/TLS/magic-link vs EmailSignin in tests/README.md. - Vitest: unset_node_extra_ca_certs.test.ts.

Detect EmailSignin via signIn result url; stabilize E2E selectors · bee8159

- Add shared nextauth_email_signin_result (HTTP JSON + SignInResponse) so Auth.js responses that only set url=/api/auth/error?error=EmailSignin are treated as failures; LoginForm now shows translated errors instead of stalling on email step. - AuthProvider signInWithEmail uses resolveNextAuthEmailSignInFailureCode before ok check. - Playwright: stable data-testid for email input/submit + card steps; parse POST body with nextAuthEmailSignInFailureFromHttpJsonBody for fast diagnostics. - E2E: extend magic-link sessi…

Clarify stage /you 502 path (Traefik → Fastify, not Next BFF) · 5329883

- gatewayErrorUi: document tc-api-* routing vs handleApiProxy - KB: triage for GET /api/profile 502 and Retry behavior

Pass IANA timeZone into NextIntlClientProvider (SSR) · ce3258f

use-intl production invokes onError(ENVIRONMENT_FALLBACK) when useTranslations runs on the server without timeZone; StrictIntlClientProvider rethrows onError, then next-intl's minified hook wrapper surfaces new Error(undefined) — matching stage digest 781469748 (source-mapped to useTranslate → useTranslations). Resolve timeZone from Intl.DateTimeFormat().resolvedOptions().timeZone in app/layout.tsx and thread through StrictIntlClientProvider. Evidence: .next source map column map; use-intl dist/esm/production/reac…

Stage sign-in digest triage + MongoClient prod cache note · 83fdda7

Cache MongoClient promise in production · 8d2a880

NextAuth adapter and JWT paths call getMongoClientPromise repeatedly; only caching the connect promise in non-production spawned parallel connects and socket timeouts (GetUserByEmailError) under load. KB: extend email-token Playwright triage with adapter pool reuse note.

Redirect legacy site.webmanifest; improve E2E health diagnostics · 73921f4

- next.config: permanent redirect /site.webmanifest → /manifest.webmanifest (canonical App Router handler). - e2e_health_stack: record same-origin HTTP 500 response URLs before asserting console is clean. - mandatory_onboarding_shell_e2e: fail fast when profile load error surface is visible (onboarding.errorLoadTitle). - KB: tenant-live-health uses --profile only; Playwright email-token/mongo triage; manifest alias probe. Evidence: curl stage /site.webmanifest → 308 Location /manifest.webmanifest; Playwright app-h…

Unblock Docker build; tolgee optional in infra registry · d6d8430

- Export ConnectionDocument; implement ChatService.mergeAndPersistChatSessionFromConnection using mergeServerAuthorityIntoSession + saveChatSession. - Add CHAT_MESSAGE_RETENTION_MAX_AGE_DAYS to strict env schema (optional positive int). - Declare @fastify/multipart dependency; map multipart file-too-large via FST_REQ_FILE_TOO_LARGE. - InfraServiceRegistry: tolgee is APP_INFRA optional (next-intl bundles are product i18n). - KB: Tolgee decommission / optional semantics; Fleet CLI last-reviewed note. Evidence: local…

Index Fleet Mongo journey seed; link runDualBankSeed to Fleet CLI · 6ef9a46

Pipeline KB table row points to app-fleet-cli-commands and README (tracked paths only). runDualBankSeed module header documents tenant-seed-mongodb / runner for operators. Evidence: dry-run OK for ifeoma-tc --profile stage (CLI + runner); pytest test_mongo_journey_banks_seed.py x4.

Mongo journey banks seed CLI and tenant runner · a43fd12

Add fleet tenant-seed-mongodb (merge-env, packaged JSON, admin bulk POSTs) and run_tenant_fleet_manager --action seed-mongodb-journey-banks with explicit bearer token and fail-fast flag validation. Document operator entry points in KB, README, runners overview, and agent navigation; extend question-bank contract playbook. Tests: mongo_journey_banks_seed dry-run/path checks and runner argparse guards. Fix runner _entrypoint_paths import for package-mode pytest.

Sync question bank KB and i18n parity table row · 5e5f7f5

Document web-client parseQuestionBankRows + translation key boundary in question-bank-row-contract.md. Extend AGENT-BEHAVIOUR Where to look to cite messagesFullLocaleParity alongside ICU placeholder parity.

Web-client Docker build args + remote build log excerpt · c19b9f1

- docker-compose: pass NEXT_PUBLIC_SITE_URL, NEXTAUTH_URL, and NEXT_SERVER_ACTIONS_ENCRYPTION_KEY as web-client stage/prod build args so Dockerfile ENV matches merge-env (fixes next build metadataBase Invalid URL). - metadata: derive server base URL via resolvePublicSiteUrl (explicit prod error). - package-lock: sync @tanstack/react-virtual + virtual-core for npm ci in Docker. - _start_app_ops: append SSH sudo tail of /tmp/tc-web-client-build.log on remote web-client compose build failure; unit test + Fleet KB not…

Version-control src/lib for reproducible builds · b20267b

Most of app-source/20_web-client/src/lib was missing from git while a small subset was tracked, so NextAuth and its Mongo/mail/utils dependencies could not be resolved in a clean checkout. Track the full lib subtree (auth/nextauth, API client, mail, mongodb adapter, debug, profile, bff proxy, etc.). Auth: when resolvePlatformRoleFromMongo throws, jwt_callback now assigns platformRole via bootstrapPlatformRoleFromEmail and logs the degraded mode explicitly so ADMIN_EMAILS admins are not forced to user on Mongo outa…

Ship PWA icons and skip intl for root file-shaped paths · dfc134b

Root cause: linked /icon-192.png, /icon-512.png, and /favicon.ico were missing from public/, so Next matched app/[locale] and assertAppLocale threw InvalidLocaleError. Add generated PNG icons and a favicon, export isFileExtensionShapedRootSegment from the i18n routing barrel, and passthrough those URLs in the proxy before locale negotiation. Document the pipeline in CONTRACT.md and public/README; add Vitest coverage.

Add bank-contract strings for en/de and align journey Question type · 1976760

The web-client question bank contract UI references journey and admin message keys; English and German bundles were missing them while other locales already carried the strings. Re-export the canonical Question model from lib/types in journey types. Refresh Fleet KB with a web-client messages parity gate and last-reviewed note.

- Remove invalid mode= kwarg from _refresh_pat_from_target (helpers_outcomes). · 383c5f9

- Implement rebuild_web_client and rebuild_app_services in app-deployment: web-only vs full backend+web compose paths (_start_app_ops). - Document selective rebuild entrypoints in app-fleet-cli-commands KB. Remote web-client build may still fail on target (npm/build); Fleet now reaches compose instead of missing-attribute or missing-function errors.

External_dns preflight ignores internal_service_endpoint rows · 37a39bc

enforce_dns_mode_alignment compared every domain ip_address to the ingress IP; internal.trueconnection.app rows use loopback by design and caused false mismatches. Only public_ingress domains participate in the WAN alignment check. Document in app-fleet-cli-commands KB; add unit coverage.

Un-ignore 10_backend src/lib; document in Fleet KB + rules · 4688161

Root .gitignore lib/ matched Fastify shared modules under app-source/10_backend/src/lib/. Add negated paths mirroring 20_web-client. Document in app-fleet-cli-commands Convention table and AGENT_BEHAVIOUR memorize bullet so agents use normal git add.

Reconcile platform admin role with ADMIN_EMAILS · f7197f8

Email-keyed profiles could keep platformRole=user while ADMIN_EMAILS listed the mailbox (e.g. stage E2E admin after NextAuth email-token sign-in), so AppNav never showed Admin. Add effectivePlatformRoleForProfileEmail: promote listed mailboxes to admin; keep stored admin when the mailbox is not in the list (Mongo ops grant). Apply in NextAuth JWT Mongo resolution, profile bootstrap, and Fastify ProfileService / platformRbac. Extend Vitest for stale-user promotion.

Harden i18n keys and question bank API contract · fa203a5

Validate translation lookup keys before next-intl to avoid MISSING_MESSAGE internal split errors when the bank row omits textKey or option labelKey. Add QuestionBankRowContractError and parseQuestionBankRows at GET boundaries (journey getQuestions, admin list/get/create/update) so reflection and admin surfaces show localized bank_contract_violation or admin banner copy. Harden StrictIntlClientProvider getMessageFallback for invalid keys; chain service worker cache.put errors into console.warn. Tests: requireTransl…

I18n(web-client): add bank contract strings to es, fr, ar · 9585c2c

Mirror admin.questions.errors.bankRowContract and journey.reflectionPhase errorTitleBankContract / errorMsgBankContract so full locale parity and messageKeysReferencedInSource checks pass alongside en and de.

KB and runners referenced this Fleet operation, but cli.py had no subcommand and misc_cmds lacked the helpers tested by test_sync_operator_browser_hosts.py. · 3036b71

KB and runners referenced this Fleet operation, but cli.py had no subcommand and misc_cmds lacked the helpers tested by test_sync_operator_browser_hosts.py. Add src.manager.operator_browser_hosts (apex hostname from merged env, dns_zones from infra.json, managed domain tuple, run_tenant_stack_operator_hosts_sync using materialize_env + resolve_deployment_targets + LocalBrowserHostMappingSpec). Expose FleetPublicInterface.sync_operator_browser_hosts; wire misc_cmds handler and argparse (--dry-run, --skip, --no-dns-…

Strict tenant manifest validation in canonicalize_tenant_path · b16cd76

Raise RuntimeError when manifest.json exists but JSON is invalid, the top-level value is not an object, or tenant_id is missing/blank — removes silent return of the shadow path for corrupt manifests. Document Playwright net::ERR_NAME_NOT_RESOLVED (operator must resolve NEXTAUTH_URL host, e.g. sync-operator-browser-hosts). Re-enable tests/unit/test_cli_canonicalize_tenant_path.py (drop pytest --ignore). Tests: pytest tests/unit/ (1997 passed, 2 skipped).

Wire tenant rebuild CLI to pipeline and public interface · 9e9a2f1

Expose rebuild_web_client and rebuild_app_services through orchestration.pipeline, FleetManager (with topology preflight), and FleetPublicInterface. Add fleet tenant-rebuild-web-client and tenant-rebuild-app subcommands with handlers in misc_cmds. Fix rebuild flows to call resolve_remote_start_app_target_for_start_app with its real signature (removed invalid kwargs). Align dev TLS env toggle in rebuild_app_services with DEV constant. Document commands in README, cli KB, and cli module index; enable unit tests by r…

get_pat_for_app_registration no longer imports PatResultData for dict-shaped read_pat payloads (fixes unit tests and headless CI without app_infra_root). · b329d48

get_pat_for_app_registration no longer imports PatResultData for dict-shaped read_pat payloads (fixes unit tests and headless CI without app_infra_root). Treat whitespace-only tenant admin-pat.token as missing. After a successful infra read, save_pat is required; OSError is wrapped as RuntimeError with prefix persist Zitadel PAT. Remove pytest --ignore for test_get_pat_for_app_registration_persist.py (4 tests). KB: document PAT resolution + persist for E2E/tooling. Evidence: pytest tests/unit/ — 1986 passed, 2 ski…

Server-resolve (pages) shell copy; inject connection status labels · 7578caf

Split authenticated `(pages)` layout into a Server Component that loads `AppPagesShellUiCopy` (getTranslations after setRequestLocale) and `AppPagesLayoutClient` so loading/onboarding surfaces never call useTranslations on the client-retry path. Resolve `app.redirecting` on the server for `/{locale}/auth/` and use a tiny client redirect stub. Require `copy` on `ConnectionStatusIndicator` (ui.connectionStatus.*); pages shell passes server-resolved strings; Discovery, Analytics, and Admin pass labels from their exis…

Server-resolve locale shell copy to avoid intl client-retry 500 · 3df81e7

Sign-in and locale shells could hit Next.js client retry without NextIntlClientProvider, surfacing useTranslations errors (documented for auth.errorPage). Resolve slow-request overlay, PWA hint, and login form copy on the server after setRequestLocale and pass props into client components. Add loadLoginFormUiCopy for auth.login strings. Evidence: GET /en/auth/sign-in returns 200 with local dev; npm run check:translations and npx tsc --noEmit pass. Full app-main-nav Playwright still needs E2E_ZITADEL_PAT or a live …

Note PACKAGE_INDEX.yaml refresh after merge-env · 6236120

Guest SSH probe, package index, strict merge_ssh_key · ae933ed

- Track vm_guest check, SSH conn resolution, guest_ssh_probe, platform admin errors, and PACKAGE_INDEX writer; compose TenantPackageGuidePart on FleetManager. - merge_env refreshes PACKAGE_INDEX.yaml when the fleet root contains app-tenant (skips synthetic FleetManager(tmp_path) trees). - merge_ssh_key / merge_ssh_key_typed: require existing key file and valid host / vm.config structure; add ProvisioningConfigurationError module. - infra_sync_provisioning: only merge_ssh_key_typed when provisioning key exists. - p…

Track TargetConfig.provider_surface unit tests · ddc8986

Keeps provider_surface inference and cross-field validation covered in CI; depends on tests._target_test_helpers.ensure_tenant_module().

Track domain_network_binding + re-export from contracts · d7c3c09

The tenant DomainConfig and fleet tests import common.contracts.domain_network_binding; the module existed only as an untracked workspace file. Add it to git and export constants from common.contracts.__init__. KB: document that app-infra Traefik/Zitadel templates stay neutral in git (operator CIDRs and stage domains belong on-target via merge-env / sync, not commits). Also reverted local app-infra drift (Traefik sourceRange, ACME block, Zitadel ExternalDomain) to match the repository defaults.

Tenant CLI package + restore tenant create request contracts · 34ffbbb

- Route app-fleet/cli.py through src.cli.tenant.tenant_cmds; remove duplicate src/cli/tenant_cmds.py; document tenant package and KB row. - Centralize TC_* path/profile helpers in src.cli._utils; reconcile cmds use merge_env without unsupported kwargs; misc_cmds exposes run_tenant_live_health_suite. - Track tenant_create_request_workflow and YAML-aware TenantCreateRequest loading. - Restore TenantCreateRequest fleet fields (public DNS, traefik CIDRs, application_secrets) with strict mode/stem validation and flat-v…

Onboarding gate, rate-limit assertions, and fleet DNS KB · 7b146f9

- Document app-infra-start external DNS mismatch in dev-tenant-fleet-diagnostics. - Add rateLimitErrorUi constants; extend gateway_error_page_assertions with assertNoBlockingAppErrorSurfacesVisible and throwIfBlockingAppErrorSurfaceVisible. - waitForAuthenticatedAppNav: complete mandatory onboarding, stabilize nav after poll, and reuse shared bottom-nav locator. - Extract e2eBottomAppNavLocator for root-class or legacy navigation landmark. - Onboarding submit: data-testid onboarding-submit for stable E2E. - app-ma…

Tenant-live-health manifest path vs tolgee runtime · dc40238

- Document HOST-INFRA failure when --tenant points at a directory without manifest.json (not a Fleet tenant package). - Evidence: tenant-live-health on partial ifeoma-dev path (exit 1, stderr); ifeoma-tc infra-gate reaches APP-INFRA and fails only on tolgee not running.

JSON import attribute for en locale helper on Node 20+ · b7939b7

Playwright loads tests/e2e/helpers as native ESM; Node requires an explicit JSON import attribute (import ... with { type: "json" }) for messages/en.json. Evidence: prior playwright run failed with a TypeError about import attributes; after the change, playwright exits 0 and app-main-nav-all-tabs is skipped only when adminE2ePrereqsMet() is false (missing E2E base URL / merged env). Document the contract in tests/README.md.

Discovery, connections, chat, and shell alignment · f9e1891

Evidence: npx tsc --noEmit; npm run check:translations; npm run test:atomic:offline (803 tests); npm run build (20_web-client). - Discovery: universe layout/positioning, stage badge chrome, RevealHeader, peer routing, WebGL engine touchpoints, constants and message keys. - Connections: client API and hooks, connection-stage polling, stage helpers/validation, detail profile resolution, match typing. - Chat: media/messages/moderation barrels, container/system/private mode, handlers, transformToMatch; chat-sync inbou…

Wire gender and orbVisuals through OpenAPI and POST /api/profile · a9e7549

Evidence: npx tsc --noEmit; npm run check:translations; npm run test:atomic:offline (803 tests); npm run build (20_web-client); npm test -- tests/routes/profile- (10_backend). - OpenAPI: add ProfileGender, OrbVisuals; extend ProfilePublic and UpdateProfileRequest; add ar to preferredLocale enums where missing. - Fastify profile routes: persist validated gender and orbVisuals; return them on GET/POST using safeParse-based shaping for stored Mongo blobs. - Web client: build partial updateProfile bodies so omitted ke…

Fleet ensure-env path and infra-gate tolgee follow-up · 4960373

- Document full tenant path for ensure-env and distinguish template gaps from APP-INFRA runtime failures (e.g. tolgee not running). - Add ensure-env one-liner to app-fleet-cli-commands quick reference with gitignore note for secrets/.

Localize private chat + reveal modals; refresh UI baseline · 8d6cf44

- PrivateChatRequest: useTranslate for all copy; peerName from displayName or peerFallback ICU; design-system hero/well/dot chrome. - RevealIdentityInfo: useTranslate + shared chat-messaging-surfaces-brand helpers; backdrop via Tailwind scrim. - RequestMode passes otherUserName for accurate peer strings. - Regenerate localizedUiTextScanner.baseline.json (16 entries). - KB: monorepo Fleet CLI path + infra-gate mongo secrets template remediation. Verified: tsc --noEmit, npm run test:atomic:offline, npm run check:tra…

Restore atomic gate — i18n gaps, SW v2, tolgee proxy class · 9721e42

- Add chat.privateChatRequest, revealIdentityInfo, and discovery.universe.view.peerTooltipViewProfile strings across en/de/fr/es/ar (static bundle tests). - Replace public/sw.js with locale-safe PWA caching (navigate + locale bypass, v2 cache names, ACTIVE_CACHES). - Export tolgee as excluded API segment; orb purple blend weights; design-system severity disc export. - Discovery adapter: require finite matchPercentage, map sharedValues to core when values.core empty. - Fix Vitest/E2E imports (seed paths, translateN…

Remove bottom-nav data-testid from production UI · c9eb85f

Route href contract stays in appNavBottomNavModel; shell scoping uses APP_BOTTOM_NAV_ROOT_CLASS (app-nav-tab-classes) with globals.css nav.tc-app-bottom-nav. Playwright uses class + roles + en bundle copy; logout uses sign-out aria label. Add app.nav.bottomNavLandmark for the nav landmark across locales. Evidence: npm run build; test:atomic:offline nav contract; check:translations.

Correct the Convention table: --profile and --mode are independent; CLI errors if TC_FLEET_MODE/--mode is unset. · 960178e

Correct the Convention table: --profile and --mode are independent; CLI errors if TC_FLEET_MODE/--mode is unset. Align examples and Last reviewed note with fleet tenant-live-health --help and 2026-04-21 evidence (ifeoma-tc stage infra-gate).

Bottom-nav test id parity (TS vs globals.css) · bc8fc78

Document that APP_BOTTOM_NAV_TEST_ID must match plain-CSS attribute selectors; annotate globals.css, appNavBottomNavModel, button-brand preset, Fleet KB, and pipeline E2E registration doc. Evidence: npm run check:translations (19), test:atomic:offline (801); tenant-live-health infra-gate ifeoma-tc stage OK.

Use appNavBottomNavModel test ids in shell helpers + main-nav spec · 298831f

Add APP_BOTTOM_NAV_LOGOUT_TEST_ID; wire AppNav logout button. app_shell_navigation uses APP_BOTTOM_NAV_TEST_ID, appBottomNavLinkTestId, logout id; clickAppNavLink throws on unknown English tab labels. app-main-nav-all-tabs imports the same helpers. AGENT-BEHAVIOUR: require model constants in Playwright nav helpers. Evidence: npm run test:atomic:offline (801), npm run build; tenant-live-health infra-gate OK.

Track optional orb Playwright specs + align docs with admin prereqs · f53fe03

Add orb-visual-smoke, orb-journey-markers-authenticated, and orb-connection-orbs-authenticated (opt-in env flags). Align file headers, expect messages, and tests/README with adminE2ePrereqsMet (PAT optional). Fleet KB: orb Playwright paragraph, appNavBottomNav Vitest pointer, Last reviewed. Evidence: playwright orb-visual-smoke vs ifeoma-tc stage env (passed); npm run test:atomic:offline (801); tenant-live-health infra-gate OK.

DRY bottom-nav route specs + nav Vitest contract · 60f1754

Extract appNavBottomNavModel (href rows, container + link test ids) and wire AppNav useMemo from it. Add tests/atomic/nav/appNavBottomNavRoutesContract.test.ts. Correct admin Playwright skip hints: PAT is optional (magic-link path); document in app-main-nav-all-tabs and admin-panel-sections. AGENT-BEHAVIOUR bullet for nav model + skip text accuracy. Evidence: npm run test:atomic:offline (801 tests), npm run build.

App-health-stack E2E recipe, clarify shell nav admin skip, link Vitest · f6957c7

- Fleet KB: Playwright app-health-stack + Last reviewed (matrix, switch, health-stack, target-stack-logs tail note). - app_shell_navigation: document e2eLogWarn + explicit admin skip on stale /admin. - AuthErrorPageCopyProvider module doc: pointer to authErrorPageCopy Vitest. Evidence: playwright app-health-stack passed vs ifeoma-tc stage env; target-stack-logs tail (scanner InvalidLocaleError only); npm run test:atomic:offline 798.

Link authErrorPageCopy Vitest + KB locale-switch + full-stack evidence · 151f94b

- JSDoc @see tests/atomic/auth/authErrorPageCopy.test.ts and CONTRACT path rule. - Fleet KB: Playwright locale-public-routes-switch recipe; Last reviewed notes matrix + switch green on ifeoma-tc stage env and tenant-live-health full-stack OK. Evidence: npm run test:atomic:offline (798); playwright locale-public-routes-switch passed; tenant-live-health full-stack ifeoma-tc stage OK.

Document E2E_MERGED_ENV_PATH + HTTPS ignore for the public path matrix without Zitadel PAT. · b890eb3

Document E2E_MERGED_ENV_PATH + HTTPS ignore for the public path matrix without Zitadel PAT. Record agent evidence: matrix passed vs ifeoma-tc stage env; tenant-live-health public-edge OK.

Document non-throwing adminE2ePrereqsMet + Vitest path · 1bc7345

Make adminE2ePrereqsMet non-throwing for Playwright skip predicates · 0ecf281

adminE2ePrereqsMet used getE2EBaseUrl(), which throws when E2E env is unset, so test.skip(!adminE2ePrereqsMet()) crashed instead of skipping. Use resolveE2EBaseUrlSync and narrow try/catch only for resolveAdminEmail when tenant auth hints are missing. Add Vitest contract tests/atomic/e2e/admin_e2e_prereqs_met.test.ts. Document target-stack-logs --scan InvalidLocaleError scanner noise in Fleet KB. Evidence: npm run test:atomic:offline (798 tests); playwright app-main-nav-all-tabs and admin-panel-sections (ui) with …

Track former tests/atomic/lib suites under topic dirs · 3ba08c0

The root .gitignore lib/ rule matches tests/atomic/lib/, so those Vitest files were never committed. Move them to tests/atomic/debug, browser, design-system, utils, profile, errors, and infra. Refresh CONTRACT, Fleet KB, and AGENT-BEHAVIOUR with the path rule. Evidence: npm run test:atomic:offline (796 tests), npm run build; Fleet tenant-live-health ifeoma-tc --profile stage --mode stage --suite infra-gate OK.

Point CONTRACT at tracked authErrorPageCopy Vitest path · 426846c

Keeps the locale contract aligned with repo .gitignore for tests/atomic/lib/.

Note tests/atomic/lib gitignore for web-client Vitest paths · ff20691

Explain why auth error page copy tests live under tests/atomic/auth/. Refresh Last reviewed line with this fact. Evidence: npm run build (20_web-client) succeeded after KB edit.

Track auth error page copy tests outside ignored lib path · 60ee036

Place Vitest contract tests under tests/atomic/auth/ because .gitignore ignores tests/**/lib/. Update AGENT-BEHAVIOUR to reference the new path. Evidence: npm run test:atomic:offline (796 tests passed).

Professional dev-auth warnings + Fleet KB web-client i18n gate · b5656bd

- Replace emoji-prefixed development auth bypass console warnings with explicit bracket-tagged messages in AuthProvider (no behaviour change). - Append a focused Fleet KB note: post-change checks for root layout / next-intl / Auth (workstation build + landing probes; tenant-rebuild-web-client + tenant-live-health + web-client log strings). Update Last reviewed stamp. Tests: npm run test:atomic:offline — 791 passed; app_shell_navigation_url — 4 passed.

Feed auth.errorPage copy without useTranslations in AuthProvider · 677908b

Next-intl can surface “NextIntlClientProvider context was not found” for `useTranslations` inside `AuthProvider` when a server segment fails first and React retries the client boundary. Sign-in error strings are a small, stable slice of the same `getMessages()` payload, so extract `auth.errorPage` on the server and pass it through `AuthErrorPageCopyProvider` + strict dot-path lookup (throws on missing keys; `{name}` interpolation only). Evidence: - `npm run test:atomic:offline` — 791 tests passed. - `npm run build…

Add missing lib/rbac sources for AppNav and admin guards · 5733020

The committed tree referenced `@/lib/rbac/*` from `AppNav`, admin layout, and API routes, but the `src/lib/rbac/` module was never tracked—fresh clones and CI could not resolve those imports. - Add platform role constants, Mongo-backed resolver, session hook, server assert helper, and client `RequireRole` guard (copy uses `ui.*` message keys). - Resolve admin redirect locale via `tryParseAppLocale` (single choke point). Tests: `npm run test:atomic:offline` (791 tests) all passed after these adds. Note: first cold …

Restructure i18n (errors, routing, bundle, provider, translate) · 39c07b5

Restructure `src/i18n/` per the agreed plan: split routing and bundle loading, move landing JSON to `bundle/overlays/<locale>/landing.json`, unify `MissingMessageKeyError` under `errors/types.ts`, rename `localisation/` → `translate/`, move `StrictIntlClientProvider` to `provider/`, add public `src/i18n/index.ts` and overlay README, remove dead entrypoints (`config.ts`, `server.ts`, legacy per-namespace JSON, duplicate validators), and rewire next-intl plugin + Dockerfile COPY + pipeline `PATH_WEB_CLIENT_LOCALE_OV…

Refresh AGENT-BEHAVIOUR Where to look (fleet, Zitadel, question bank) · f447195

- Add reflection question bank row pointing to question-bank-row-contract.md (422 / textKey). - Align Fleet CLI, dev diagnostics, and memorize bullets with current KB and CLI surface.

Validate question bank rows before JSON; 422 on serialize failure · ba155c9

- Assert textKey and option labelKeys in QuestionService.serializeQuestionDocument so API never emits undefined keys (prevents next-intl t(undefined) in admin UI). - Centralize Fastify 422/500 mapping in questionBankSerializationHttp.tryReplyQuestionBankSerializationFailure. - GET /api/admin/questions, GET /api/admin/questions/:id, GET /api/questions use the helper. - Add Playwright app-main-nav-all-tabs.spec (admin E2E) for bottom nav + question bank. - Document operator flow in app-pipeline/.cursor/kb/question-b…

Refresh agent rules and tenant diagnostics KB · 35e56f2

- Document multi-host tenants (infra_services per profile) and tenant-live-health --profile requirement - Expand Fleet CLI quick reference (OpenAPI refresh, public-edge 404/500 triage, web client checks) - Add dev-tenant symptom rows, Playwright/e2e seed note, and presigned upload CORS context

Dev-tenant diagnostics + chore(web): SpaceBackground uses LANDING_SPACE_BG_DEEP_HEX · 4ef11d5

- dev-tenant-fleet-diagnostics: scope, translation gate, design-token cross-links, hex888ToRgbaCssWithAlphaByte note (Fleet CLI ref unchanged). - SpaceBackground: CSS fallback uses LANDING_SPACE_BG_DEEP_HEX (manifest / cosmic shell), replacing literal #0a0118. Validated: npx tsc --noEmit; npm run check:translations; npm run test:atomic:offline (661). Fleet: print-loopback-health-probe --mode dev --tenant ifeoma-dev.

Hex888ToRgbaCssWithAlphaByte; replace hex+alpha string concat · d042ac9

Add hex888ToRgbaCssWithAlphaByte in color-brand (exported via @/design-system) to map validated #RRGGBB + alpha byte 0-255 to CSS rgba(), replacing `${hex}30` / `${hex}80` hacks. Refactor RatingCard, NetworkVisualization peer glow, UniversePreview dot halo, profileDataNormalizer orb glow, createOrbGlow (styles.ts), and generateOrbGradient (coreValueColors). Invalid hex surfaces via requireHex888 (throws; no silent tint). Tests: tests/atomic/design-system/hex888ToRgbaCssWithAlphaByte.test.ts Validation: npx tsc --n…

Document FULL=1 verify-stack for dev reachability gate · a549cb0

Ensure_fleet_on_path before src.manager in reachability runner · 8bc2a1f

verify-stack with FULL=1 invokes run_dev_service_reachability_verification.py with PYTHONPATH=. only; top-level imports from src.manager ran before ensure_fleet_on_path(), causing ModuleNotFoundError: src.manager. Call ensure_fleet_on_path() immediately after _runner_utils import, document contract in module docstring, merge reachability_verification_conjunct_failures import, drop redundant call in main(). Validated: pytest app-fleet/tests/unit/test_dev_service_reachability_verification.py; manual run --tenant-id …

Clarify dev-tenant KB path + record dev sweep evidence · ab73c5d

- AGENT-BEHAVIOUR Where to look: use app-pipeline/.cursor/kb/dev-tenant-fleet-diagnostics.md - todos.md: 2026-04-13 closure (loopback, public-edge, pytest x46, verify-stack, atomics 512)

Universe star pass disk sync + dev sweep evidence · f2b7fd2

- discovery-universe-view.md: rendering table row for star VP + diskAngleRad - todos.md: closure row with fleet public_edge + atomic offline (512 tests)

ConnectionJourney i18n + typed bank failures · 7b68cc0

- ConnectionPhaseBankFailure + resolveConnectionPhaseBankFailureUi (no English substring matching) - journey.connectionPhase.* in en/de/fr/es/ar (errors, loading, intro) - Tests: message static data + resolver unit tests - KB playbook and todo-notes Wave 4

Always compose disk rotation in star backdrop VP · 34bd6cf

R_y(0) is identity; removes special-case branch. docs: index discovery-universe-scene-debug-issues.md in app-pipeline KB

Sync star backdrop with universe disk spin · c8e530e

Left-drag updates diskAngleRef for GPU peers and Canvas2D; the star/nebula pass used a backdrop VP that ignored that angle, so sky and chart drifted. - Compose proj * view * R_y(diskAngle) in buildUniverseStarBackdropViewProjection - Thread diskAngleRad through UniverseWebGLEngine.draw / drawStarPass - Document in discovery-universe-scene-debug-issues.md; extend Vitest coverage

I18n(web): chats peer display name fallback for missing discovery name · a4faf52

- chats.page.peerDisplayNameFallback in en/de/fr/es/ar + message key inventory - ChatsPageClient peerNameByAuthUid uses t() with [discoveryData, t] - KB + todo-notes Wave 4 Chats subsection

Chats list uses ViewerSynergyInput, no generator profile stub · b1242e4

- transformToMatch: narrow second arg to ViewerSynergyInput (interests/values.core) - ChatsPageClient: map useProfile() to viewerForSynergy; single file header - docs: chat utils README, app-pipeline KB + todo-notes Wave 4 slice

Module docstring for brand-glass Radix Select · 56fc91b

Explains linkage to SURFACE_BRAND and globals.css violet-night classes.

Brand violet-night glass for Radix Select surfaces · 07eeaa0

Add .surface-brand-glass-select-trigger and .surface-brand-glass-select-content in globals.css (blur, gradients, accent rgb(167 139 250), depth shadow) so profile and app selects match modal/peer-hover glass instead of flat white/5. Extend SURFACE_BRAND with glassSelectContent; glassSelectTrigger now references the trigger class plus violet focus ring tokens. Validated: npm run test:atomic:offline (507 tests). Dev tenant: tenant-live-health --suite infra-gate for ifeoma-dev returned infra_gate.ok true.

Wave 4 You hub slice note + playbook link in todo-notes · 793fda2

You hub modal tokens, parallax batching, stricter profile/select · af33251

- Add MODAL_BRAND design tokens (gradient scrim, single glass blur, opaque chrome) - BaseModal: i18n close control; exhaustive modal width; fix JSDoc example - YouScreen: rAF parallax, reduced-motion path; gate settings on matching profile - UserProfileMenu: GetProfileResponse + default orb accent from design system - SettingsSection: opacity-only expand animation - SelectItem: throw on invalid value (fail fast) - Profile types: optional values/orbVisuals on Profile - KB: you-hub playbook under app-pipeline/.curso…

Align main app column width with /you (contentMedium) · 16d3cd0

- Use LayoutGrid width=medium for chats, connections, discovery list mode, analytics, onboarding, auth sign-in/error, chat/connection shells, grounding. - LoginForm card uses max-w-full so column width follows parent grid. - Localize ConsentRequestScreen; extend props for ChatView/ConnectionManager. - Document contentMedium vs shellConstrained; refresh i18n UI scanner baseline. Universe discovery map remains full-bleed.

Record dev tenant public-edge ok + atomic 503 re-verify (2026-04-13) · 2b83fd4

Align virtualization KB with shipped Discovery and Chat virtualizers · 4a94eea

- Extend virtualization-long-lists-notes with Phase B/C evidence paths - Point list-virtual-brand and design-system README @ tracked KB (app-pipeline) - Mirror evidence row in app-pipeline/todos.md

Add virtualization KB to web shell layout navigation row · b5e289f

Link app shell layout nav to virtualization KB notes · b16da3a

Track virtualization list tokens and admin list cleanup status · 68d4858

These components were never imported by AdminPanel or routes (grep in app-source). · dff90f5

Operator profile browsing remains UserProfilesTab; journey keeps its own ProfileDetailModal. Drop adminProfileRowEstimatePx from VIRTUAL_LIST_BRAND; update design-system docs and feature matrix. KB notes the removal for fleet/product agents. Tests: npm run test:atomic:offline (503). Fleet: tenant-live-health infra-gate ifeoma-dev.

Assert more admin tab headings from messages/en.json · 4e19099

Add visible-heading checks for infrastructure, system-data, simulation-bots, and user-profiles; document in dev-tenant KB. Tests: npm run test:atomic:offline (503). Fleet: tenant-live-health infra-gate ifeoma-dev.

Align admin Playwright spec with messages/en.json · ee54525

Add enLocaleRegex for ICU-shaped strings; extend admin-panel-sections with locale-key lookups, Questions section smoke, and profile modal assertions. Atomic test covers regex helper; KB notes E2E English bundle alignment. Tests: npm run test:atomic:offline (503). Fleet: tenant-live-health infra-gate ifeoma-dev.

Localize Super Admin question bank tab (admin.questions.*) · fafebfa

Wire QuestionManagementTab and QuestionFormModal to next-intl via useTranslate; add ICU-backed alerts, confirms, filters, table, modal, and dual-bank seed copy. formatDualBankSeedSummary now requires a translator and reads admin.questions.seedResult.* so seed alerts are locale-aware. Extend runDualBankSeed tests with en.json tEn helper. Document admin.questions in dev-tenant-fleet-diagnostics KB. Tests: npm run test:atomic:offline (501). Fleet: tenant-live-health --suite infra-gate ifeoma-dev.

Localize Match management admin tab · 50376dd

Add admin.matchManagement.* across en/de/fr/es/ar with canonical key list, static parity test, and localized recalc storage warnings. MatchManagementTab uses useTranslate; Mongo/API path literals stay in code tags. KB: document namespace. Verified: npm run test:atomic:offline; tenant-live-health --suite infra-gate ifeoma-dev exit 0.

Localize Simulation bots and Profile generator admin tabs · 7e2b749

Add admin.simulationBots.* and admin.profileGenerator.* across en/de/fr/es/ar with key lists, static parity tests, and i18nSameAsEnPolicy entries for API-aligned field identifiers. SimulationBotsTab parses JSON with localized error messages; ProfileGeneratorTab, GeneratorConfig, and ProfilePreview use useTranslate. Document namespaces in dev-tenant-fleet-diagnostics.md. Verified: npm run test:atomic:offline; tenant-live-health --suite infra-gate ifeoma-dev exit 0.

Localize Admin AnalyticsDashboard (platform metrics) · 9b56f36

- Add admin.analyticsDashboard.* in en/de/fr/es/ar (KPIs, journey phases, maturity band labels, data-quality tiles, user counts ICU). - AnalyticsDashboard: useTranslate, export AnalyticsData type, document maturity bucket ids; map stages to locale keys; replace unsafe dynamic Tailwind color classes with fixed bar maps. - Keys file + static parity test; KB cross-link for System Data analytics. Validated: npm run test:atomic:offline (497). Fleet: tenant-live-health --suite infra-gate --tenant ifeoma-dev --profile de…

Localize Super Admin System Data tab · 07fde7a

- Add admin.systemData.* bundles (en/de/fr/es/ar) for headers, analytics, bulk upload, export, danger zone, format guide, and parse errors (ICU). - Refactor SystemDataTab: useTranslate, typed upload banner state, JSON parse split from shape validation, AdminProfile cast for bulk upload API. - Reuse admin.userProfiles.refresh, keepMyProfile, clearAll, and clearConfirm* keys for DRY destructive flow and analytics refresh. - Remove redundant export alert; errors surface via handleError (toast). Validated: npm run tes…

Localize Admin Panel shell (title, nav, section labels) · f42ccd2

- Replace ADMIN_SECTION_CONFIG.label with labelKey (admin.sections.*); AdminPanel uses AppT/useTranslate. - Add admin.panel.* and admin.sections.* in en/de/fr/es/ar; adminPanelMessageKeys + static parity test. - Playwright admin E2E resolves English strings via messages/en.json (en_locale_message) including infrastructure Refresh. Validated: npm run test:atomic:offline (495). Fleet: tenant-live-health --suite infra-gate --tenant ifeoma-dev --profile dev (ok).

Note admin.infrastructure locale keys vs Fleet infra-gate evidence · cdac979

Localize Super Admin Infrastructure tab and Chat Management · 2c5ab8e

- Add admin.infrastructure.* message bundles (en/de/fr/es/ar) with stable endpoint ids for probe row titles, status badges, system info segments, and chat reset flows. - Refactor InfrastructureTab: useTranslate + AppT, INITIAL_ENDPOINTS with InfrastructureEndpointId, ICU health summary and latency formatting. - Refactor ChatManagementSection: outcome discriminated union + t() so locale switches stay consistent; document BFF/Mongo behavior in file header. - Add adminInfrastructureMessageKeys + static parity test; e…

Note shipped virtual list surfaces in README · 33ca687

Virtualized chat transcript + chat.messagesEmpty locale keys · ba8f15b

- ChatMessagesArea: useVirtualizer, LIST_SCROLL_BRAND.region, near-bottom scrollToIndex; measureElement rows - Add chat.messagesEmpty.{title,bodyPrivate,bodyAnonymous} in all locales; extend CHAT_MESSAGE_KEYS_FLAT - Track chat i18n key catalog (chatMessageKeys.ts); note list-virtual-brand wiring - Tests: npm run test:atomic:offline (493 pass); Fleet ifeoma-dev infra-gate OK Note: .cursor/plans/virtualization-long-lists.plan.md is gitignored locally; mirror status in plan or design-system README if needed.

Localize Admin User Profiles (admin.userProfiles.*) · 72b249e

- Wire UserProfilesTab + ProfileDetailsModal + confirm/prompt/alert to AppT and useTranslate - Add adminUserProfilesMessageKeys + static bundle test; fr: tableActions as Opérations (policy) - KB: clarify User Profiles admin UI vs Fleet SSH/Mongo operations - Tests: npm run test:atomic:offline (493 pass); Fleet ifeoma-dev infra-gate OK

Localize Admin Debug tab (admin.debug.*) · f1cc2a5

- Wire DebugSettingsTab to AppT and nested admin.debug keys in all locales - Add adminDebugMessageKeys + static parity test; allowlist symbol-heavy affects lines - Document keys in lib/debug README; cross-link browser debug vs Fleet in dev-tenant KB - Tests: npm run test:atomic:offline (pass); Fleet: tenant-live-health --suite infra-gate ifeoma-dev OK

Clarify AppNav testid scheme vs translated labels · aeeb914

Localize AppNav labels via app.nav.* message keys · acf12d2

- Add app.nav tab + logout strings to en/de/fr/es/ar; extend appShellMessageKeys parity test - AppNav: useTranslate, stable data-testid ids (you|journey|explore|chat|admin), aria-label for sign out - Regenerate localized UI scanner baseline Tests: npm run test:atomic:offline (491 passed) Fleet: tenant-live-health --suite infra-gate ifeoma-dev ok

Allowlist localized UI scanner baseline in .gitignore · 571d5d2

Negate *.json ignore so localizedUiTextScanner.baseline.json can be updated without git add -f.

LAYOUT_BRAND shell (S1), LayoutGrid tiers, guard + baseline · 5342588

- Add design-system layout-brand.ts, surface/button/index exports, README Layout section - Shell uses max-w-6xl + gutters; discovery list uses listWide + gutterX + @container - Refactor LayoutGrid (standaloneGutter); migrate analytics, admin, connections, journey hub - globals.css @theme --width-layout-* aligned with TS; atomic shellMaxWidthLiterals test - Playwright public viewport smoke for /landing; track localized UI scanner baseline (-f) npm run test:atomic:offline: 162 files / 491 tests passed Fleet evidence…

Link app shell layout (LAYOUT_BRAND) to debug KB and agent navigation · fcd277d

- Clarify in lib/debug README that Debug toggles do not change column CSS; point to LAYOUT_BRAND and Fleet diagnostics. - Index web shell layout in app-pipeline KB README; note in dev-tenant-fleet-diagnostics when triage is CSS vs infra. - Add Where-to-look rows in application and app-pipeline AGENT_BEHAVIOUR for LAYOUT_BRAND and shellMaxWidthLiterals guard.

I18n discovery list toggle and universe zoom controls · b022542

- ListViewToggle: wire aria-labels and tooltips to discovery.page.* keys; mark client - UniverseViewControls: discovery.universe.controls.* + canonical keys file + static-data test - Add discoveryPageMessageKeys flat list for Discovery page chrome

Expose actionLabelKey from useConnectionValidation · 96f4d73

Consumers can use t(actionLabelKey) with connections.stageAction.*; actionLabel kept as legacy English. Docstring example updated.

I18n for connection-stage CTAs on discovery list cards · 91a8b79

Add connections.stageAction.* keys and getConnectionActionLabelKey() mirroring getConnectionActionLabel; DiscoveryListProfileCard uses t(key). Parity test ties English bundle strings to legacy helper.

Tighten discovery list layout, contrast, and i18n · dc37ea6

- Filters: responsive grid (min/max/stage/sort), compact inputs and padding - List: localized results header and empty states; denser list shell - Cards: emerald match badge for readability; anonymous peers show Member + stage badges via keys - Stage badges: labelKey + t() (list, universe sidebar, hover tooltip) - Universe: Scene coords button copy moved to messages (scanner) - discoveryCardDisplay: name-or-null + match percent value for i18n formatting

ProfileEditForm uses explicit locale/gender without silent defaults · 0ac6b5e

Align the profile page edit form with ProfileInformationSection and useProfileSettings: null preferredLocale/gender show placeholder options; save is blocked with the same i18n toast until both are set. Removes hidden defaults to en/prefer_not_to_say.

Link verify-stack to web-client npm run test:atomic:offline gate · 5bdff64

Clarify that Fleet verify-stack exercises live tenant E2E while Vitest offline suite runs on the workstation; both are used for dev-tenant quality bars.

Explicit locale/gender in settings without silent API defaults · ce9d233

- useProfileSettings: prefer preferredLocale/gender from GET snapshot; null until loaded; no ?? en / ?? prefer_not_to_say on load. - ProfileInformationSection: placeholder selects when null; save disabled + toast if save attempted without both set. - i18n: profile.settings.errors.identityRequired + placeholder keys (en/de/fr/es/ar). - KB: profile-ui-data-lifecycle settings identity note. Tests: npm run test:atomic:offline (486). verify-stack ifeoma-dev dev: all passed.

Avoid double locale segment with next-intl router · ec60683

useRouter from @/navigation already prefixes locale; withLocale() + replace() produced /en/en/onboarding and similar. Use locale-less ROUTES.* and router.replace(path, { locale }) when switching locale. - Pages layout + onboarding submit + LocaleFromProfileRedirect - Document withLocale vs intl router in appPaths and profile-ui KB

Landing readiness uses hero CTA (Begin Your Journey) · 8e7a456

Fleet verify-stack failed: live /en/landing HTML did not include 'Welcome to' while the primary CTA 'Begin Your Journey' (landing.hero.ctaBeginJourney) was present. - Export LANDING_HERO_READY_REGEX from e2e_health_stack; use in fetchPublicLandingWhenReady, app-health-stack, app-http-routing, app_shell_navigation. - Document triage in dev-tenant-fleet-diagnostics.md. Verified: npm run test:atomic:offline (486), verify-stack ifeoma-dev dev (all steps pass).

Profile settings shell and user profile menu copy · 7d98df5

Wire ProfileSettings and UserProfileMenu through useTranslate with profile.settings.shell.*, shared profile_save/profile_cancel/editForm.saving, and profile.userProfileMenu.* for modal headings. Extend PROFILE_UI_MESSAGE_KEYS_FLAT and profile-ui-data-lifecycle KB. Negate root lib/ ignore for web-client src/lib.

ProfileInformationSection uses messages; KB dev tenant vs onboarding · 7f6bf99

- ProfileInformationSection: t() for section title + reuse profile.editForm copy for name/email (localizedUiTextScanner + parity). - messages: profile.settings.information.sectionTitle (en/de/fr/es/ar). - profileUiMessageKeys: register sectionTitle. - dev-tenant-fleet-diagnostics: clarify product onboarding vs Fleet probes. Evidence: tenant-live-health --suite full-stack exit 0 (ifeoma-dev); npm run test: atomic:offline 486/486 pass.

I18n loading strings, debug logs for onboarding/locale · 29626db

- .gitignore: allow web-client messages/*.json (locale bundles). - Add app.loading to all locales; appShellMessageKeys; PagesLayout uses t(). - PagesLayout + LocaleFromProfileRedirect: useDebugLog (api category) for redirect telemetry; respects Admin Debug + DebugProvider. - KB: profile-ui-data-lifecycle §1.1 onboarding; index + AGENT-BEHAVIOUR row; lib/debug README table entry. - Force-add src/lib paths that were ignored by blanket lib/ rule.

Add universe_test.html scene test harness · f5dbdd4

- WebGL universe demo with UniverseParamsApi, panel/export parity guard, meteor shader tuning (glow scale, staggered random trajectories), and default param snapshot + U.defaults sync.

Pipeline and app: fleet orchestration, contracts, infra, tenant, and backend updates · 4ece257

- Refine app-fleet CLI, health probes, verify stack, merge-env redeploy, and related tests - Update OpenAPI/contracts codegen (remove legacy zodios client artifacts), compose and deployment - app-hosting, app-infra, and tenant seeding/validation changes - Backend: chat, connections, matching, discovery, and service-layer updates - Cursor rules and docs aligned with current behaviour

Error payloads, journey hub, matching admin, and agent docs · fc49782

- Backend: consistent internal error responses, auth/RBAC and route handlers across API surfaces; lazy Mongo collection access in admin/question services; match recalculation and synthetic profile contract alignment. - Web: You/journey hub and navigation; AuthSessionLoading; error diagnostics tests; admin debug and loading/error primitives; discovery and journey updates; remove legacy breadcrumb components. - Contracts: OpenAPI and generated types/clients for admin and journey flows. - Docs: AGENT_BEHAVIOUR (globa…

Fleet tenant edge probes, stack verify alias, and profile/matching UX · 2b4b884

Fleet (app-fleet): - Add verify-tenant-stack (alias verify-dev-tenant-stack), tenant-targets/target-show, tenant-edge-evidence, and shared run_public_edge_probe + public_edge_http - tenant_targets_summary on FleetManager; multi-service docker compose logs; optional PHASE0_PYTEST for non-dev profiles; tests and README updates app-hosting: compose logs accept multiple service tokens from space-separated service Contracts + app: OpenAPI/profile journey fields, generated types, backend profile route and tests; journey…

Connection statements API, journey UI, fleet PAT/sync and OpenAPI refresh · cdf76af

- Backend: connection statement routes and service; tests and helpers - Web client: journey hub/how-it-works, connection statement picks, generated API - Fleet: PAT sync after infra, verify-dev-stack CLI, tenant/tests and hosting tweaks - Contracts: OpenAPI and regenerated TS/Zod clients; build/deploy/infra touch-ups - Remove verify_dev_tenant_stack.sh; default questions and docs updates

Fleet diagnostics, contracts sync, remove app-monitor and shell shims · ce912c2

- Remove app-monitor tree; drop application/tools operator wrappers in favor of Fleet CLI - Add operator upstream/compose/mongo helpers, tenant-live-health probes, schema E2E wiring - Regenerate OpenAPI-derived schemas and web/backend generated clients - Backend: vitest runner shim, tsx watch exclude generated zod, admin route touch-ups - Web client: admin API, journey/YouScreen and E2E navigation helpers, seed bank test alignment - Update cursor rules, pipeline docs, and todos.md rolling evidence

Match diagnostics, synthetic profiles, fleet CLI, and contract sync · 088ba99

- Backend: admin match diagnostics, synthetic profile lifecycle, match version, journey/profile route tests; OpenAPI-aligned admin routes - Web client: admin match management UI, discovery hints, journey constants, synthetic generator, generated API models - Pipeline: app-contracts/OpenAPI and zod generation; fleet infra reachability, execution context warnings, zitadel provision tests; tenant env updates - Docs/rules: layer trace rule, agent behaviour updates, discovery docs - Tests: atomic/e2e helpers and new co…

Point docs/tools at archived plans; infra and test README tweaks · 5032880

- Update references from .cursor/plans/ to .cursor/plans/done/ for the matching/privacy index and API 502 runbook (rules, KB-adjacent docs, pipeline todos, tools shell headers). - Web tests README: move Playwright npm rows into the command table; clarify E2E_ADMIN_DESTRUCTIVE / admin panel scope. - Traefik: DEBUG log level; adjust forwarded-headers trust CIDR. - Zitadel sample config: ExternalDomain set to trueconnection.local for local stack alignment.

Discovery privacy tiers, connections, and contract sync · 4ea75ee

Backend: tiered discovery (mapper + DiscoveryQueryService refactor), match recalculation scheduler after profile writes, connection transitions with ConnectionTransitionError, chat-gate route tests, discovery fixtures and expanded service/route tests. Web: discovery card/peer-routing helpers, tier-aware filters, legacy ListView safe match%, connection detail and chat flow updates, E2E nav helper, Playwright trace script. Contracts/OpenAPI: admin question models and connection stage fields; regenerated app-contract…

Discovery matches, admin API split, platform admin fleet, auth hardening · 0f7d647

Discovery and matching: - Bulk match pipeline uses counterpart profileId UUID; enrichment via MatchCalculationService - Flat match docs and indexes documented; DiscoveryQueryService and filter UX fixes - Profile generator quadrant slugs; migration and empty-state copy for list/universe Backend admin: - Split admin routes (profiles/questions); QuestionService and bulk profile normalization - OpenAPI and generated clients updated; path allowlist adjusted Web admin and auth: - Admin panel layout; remove DataManagemen…

Admin locale routes, auth/error fixes, E2E context parity · 0a279e9

- Localized admin under [locale]/admin; AdminPanel aligns with app shell and ?section= URLs; ThemeTab and RBAC-aligned RequireAdmin/admin routes. - Next.js 16 auth/error server page + AuthErrorPageClient; intl-safe navigation and ErrorPage/SignIn wiring. - Landing/AppProviders pointer-events and scroll; robots/proxy updates; compose and tenant env tweaks. - Backend admin route refactor + requirePlatformAdmin middleware; ProfileService adjustments and tests. - Playwright: fresh BrowserContext uses same baseURL/igno…

Brevo integration and login working · 9f41c42

- Wire Brevo transactional mail: probes, E2E helpers, sender/from alignment, SMTP docs and BREVO_IMPLEMENTATION.md - Web client: LoginForm, auth E2E routes (mail-delivery-trace, mongo-ping), Playwright projects (ui vs integration) - Vitest layout: atomic tests under ui, integration, infra; new Brevo/mail atomic coverage - Pipeline: constants_env, pytest autouse Brevo probe hooks, fleet registration preserve-stack and misc CLI - start_app: remove orphan fixed-name backend/web-client containers before compose up - T…

Locale auth routing, contracts, edge TLS, and design reference · 69775ab

- Move app pages and auth under [locale]; add i18n routing, Tolgee proxy, LocalePreferenceSync, connection profile resolution, and proxy matcher - Backend: auth/profile/users routes, ProfileService, TranslationService, AuthService; OpenAPI and generated client types - Pipeline: edge TLS behavior, env serialization, Harbor labels, Zitadel OIDC, tenant env, deployment compose; fleet/infra tests and docs - Add FigmaDesign-TrueConnection reference tree and cursor rules for profile identity and Figma UX alignment - Web…

Sign-in registration flow, preserve-stack --debug; Hero CTA; todos · a3f4891

- Playwright: open /auth/sign-in with journey redirect; ensureAuthSignInEmailCaptureVisible navigates to sign-in when the email field is missing (landing uses Begin Your Journey). - Recorded create-user spec aligned; nextauth_email_signin_http comment updated. - run_e2e_registration_preserve_stack.py: --debug for headed Playwright Inspector; no subprocess timeout in debug mode. - Hero: single primary CTA; remove extra grid (Google sign-in, store modals) from hero section. - todos.md: registration HTML mail templat…

Sync workspace — admin auth route, env serialization, fleet/deploy, docs · c9c9d02

- Web: move session admin check to GET /api/auth/admin/check (Traefik tc-auth + Next proxy) - Pipeline: merged .env dotenv quoting (Traefik Host() backticks, spaced JVM opts); parse_env_file symmetry - Tools: verify-api-upstream-health, check-traefik-infra-sanity; todos.md API502 + dev hardening evidence - App-fleet: deploy/orchestration layout refactor; CLI and docs updates - Contracts: OpenAPI/schema generation and workflow - Misc: cursor rules, plans, application docs

App-pipeline: fleet CLI under src/cli, manager API layout, plans and docs sync · 2cbf471

- Relocate fleet CLI command modules from app-fleet/cli_commands to app-fleet/src/cli; cli.py imports src.cli.*; update unit tests and path helpers - Consolidate FleetPublicInterface, contract_loader, infra ops under app-fleet/src/manager; adjust fleet package imports and re-exports - Move completed Cursor plans to .cursor/plans/done; remove duplicate plan copies - Update MODULE_BOUNDARIES, runners/runbooks, compliance paths, and related references - Include accompanying changes across app-deployment, app-fleet, a…

App-pipeline: finalize stage stack rebuild hardening and registry tunnel refactor · 337a35f

This commit consolidates the stage stack verification and ACME production-certificate workflow updates while introducing the registry push tunnel and remote execution package refactor to stabilize end-to-end deployment operations.

App-pipeline: harden stage TLS and registration verification loop · 0d411c3

Consolidate stage ACME and preserve-stack workflow fixes across fleet orchestration, Traefik/Harbor compose labels, runner behavior, and supporting tests/docs so stage reachability and registration E2E can be validated deterministically under rate-limit and trust edge cases.

Materialize remote self-signed Traefik TLS artifacts · 45c89b0

Ensure remote app-infra sync creates self-signed cert/key files and tls.yml for Traefik when ACME is disabled, so stage preserve-stack registration does not fail on Traefik default certificates.

App-pipeline: finalize fleet orchestration and stage verification hardening · af87979

Align FleetManager lifecycle handling, stage stack verification gates, and supporting docs/tests so tenant-state-driven operations remain deterministic across VM, infra, and TLS/Harbor workflows.

App-pipeline: fleet, deployment, contracts, rules, and test layout updates · 7d1b16f

- Fleet manager, UI actions, CLI, provisioning, and infra orchestration - Deployment (start_app, Zitadel, remote helpers, compose) - app-contracts schema tools and generated artifacts - Cursor rules and plan archive; remove tracked .env.deploy - Test package layout and pytest config adjustments across modules

Consolidate fleet UI architecture migration and multi-target pipeline updates · 1ffecca

Unifies fleet UI into the new package structure and aligns deployment, infra, tenant, and test workflows with the latest multi-target and contract-driven execution model across app-pipeline.

Add app monitor module and web client task list · b689b80

Track the new app-monitor files and TODO documentation so the latest local project updates are versioned and shareable.

Remove debug instrumentation from compact bar and fix plan formatting · 0a80fb7

Resolve hosting provisioning test failures — dict-to-dataclass migration · d59ce08

Fix 8 failing tests and sweep 11 files for dict-vs-dataclass consistency across the app-hosting test suite (+10 passing tests, 1828 total). Root causes addressed: - Mock method mismatch: rollback tests set execute_command but production calls execute_sudo (test_02_security, test_04_email) - Patch on wrong module: wait_for_harbor_api patched on manager module instead of _harbor_api where it is actually called (test_harbor) - Missing I/O mocks: wait_for_ssh_port, connect_with_key/password made real connections causi…

Remove stale generated schema and client files · ed1dcea

Include remaining schema update and test report log · 731cbdb

Multi-target infrastructure, mesh networking, harbor registry, and comprehensive test coverage · c30ddc2

- Add multi-target infra orchestration with execution plans and deploy hooks - Implement VPN mesh networking with WireGuard key manager and IPAM - Add Harbor proxy-cache registry service replacing simple registry compose - Extend fleet UI with mesh/harbor commands, service assignment actions - Add infra service registry and typed contracts (common/contracts) - Refactor env seeder with mode helpers; extend tenant state for services - Update provisioning contracts, storage operations, and cloud-init verification - A…

Major pipeline overhaul — orchestrators, domains, fleet manager, and multi-target architecture · fb70c8a

Comprehensive refactoring across the app-pipeline and app-source modules: - Refactored orchestrators (analytics, backend, compliance, deployment, development, devops, flow_analysis, quality, testing, web) with typed interfaces and dataclasses - Removed deprecated infrastructure orchestrator and flow analysis renderers - Updated domain modules (code_analysis, flow_analysis, security, statistics, testing) with consolidated operations and improved type safety - Enhanced fleet manager with multi-target deployment, dep…

Track app-source cursor config · 6c2a065

Migrate workflows to python APIs · 1ee0b86

Replace legacy shell workflows with Python runners using package APIs, update fleet/infra tooling, and refresh related docs and tests.

Ignore qcow2 images · b867355

Remove large qcow2 artifacts from tracking and prevent future commits.

Update workflows and test automation · 30fab1d

Consolidate infra/test workflow updates, add new automation and clean up generated artifacts.

Merge pull: resolve conflicts after upstream refactor (vm_api → host_api) · f1be4fc

- README: keep upstream HostManagementInterface/Path.cwd() example, drop duplicate config/connection section - Accept upstream deletions: TEST_PLAN_TASKS.md, vm_api/ARCHITECTURE.md, vm_api/management.py - Keep local changes: PROJECT_TRUECONNECTION.MDC, requirements.txt, test_golden_image_workflow.py

Add Docker installation with repository setup and automatic user group assignment · 1bb0e77

- Add setup_docker_repository atomic function for Docker official repository setup - Add install_docker atomic function with automatic repository setup - Enhance install_packages to detect and handle 'docker' package specially - Add Debian support (detects OS and uses correct repository URL) - Automatically start and enable Docker service after installation - Automatically add user to docker group for non-sudo Docker usage - Add Docker version verification after installation - Export new functions from host_api/os…

Restructure VM API architecture and add comprehensive test suite · dae7227

- Refactored interface/ directory to vm_api/operations/ for better organization - Added comprehensive test infrastructure (pytest.ini, tests/ with e2e, unit, integration) - Added requirements.txt for Python dependencies - Removed legacy tools and scripts (moved functionality to vm_api/) - Updated README.md with new architecture - Added TEST_PLAN_TASKS.md for test planning - Added vm_api.py as main entry point - Restructured vm_api/ with proper separation of concerns (operations/, state/, utils/, config/) - Removed…

Initial commit: TrueConnection application with deployment, hosting, and source modules · 37f51a4