- Add Logto OIDC provider to docker-compose.yml and docker-compose.dev.yml
- Create docker/init-logto-db.sql to initialize separate Logto database on Postgres
- Add OIDC env vars (issuer, client ID/secret, auth secret) to app service
- Document all required env vars in .env.example
- All beforeEach now use async/await createTestDb()
- All service calls in tests now awaited
- All direct DB calls (.run()/.all()) replaced with await
- All test callbacks made async
- Fixed PostgreSQL GROUP BY strictness in totals.service.ts (categories.name and categories.icon added to groupBy)
- db type changed to 'any' to accommodate PGlite type differences
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add 14-04-SUMMARY.md documenting async conversion of all 9 route files and auth middleware
- Update STATE.md with progress (83%) and decisions
- Update ROADMAP.md with plan progress
- Add await before all service calls in auth, OAuth routes
- Convert settings.ts direct DB calls: remove .get()/.run(), use await + destructuring
- Auth middleware: await getUserCount, getSession, refreshSession
- Fix formatting in threads.ts for biome compliance
- All files pass lint
- One-time migration script with type conversions (unix timestamps to Date, int to bool)
- Migrates all 13 tables in FK dependency order
- Resets serial sequences after data migration
- Adds db:migrate-from-sqlite npm script
- Remove apt-get install of python3/make/g++ (no longer needed without better-sqlite3)
- Change COPY drizzle to COPY drizzle-pg for PostgreSQL migrations
- Remove mkdir -p data (no SQLite data directory needed)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Create docker-compose.dev.yml with Postgres 16 for local development
- Rewrite docker-compose.yml with Postgres service, healthcheck, and app dependency chain
- Production uses externalized POSTGRES_PASSWORD and DATABASE_URL env vars
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Created 14-01-SUMMARY.md with execution results
- Updated STATE.md with plan progress and decisions
- Updated ROADMAP.md progress table (1/6 plans)
- Marked DB-01 and DB-03 requirements complete
- Rewrite tests/helpers/db.ts to use drizzle-orm/pglite with async createTestDb()
- Generate initial migration with 13 CREATE TABLE statements in drizzle-pg/
- Add drizzle-pg to biome ignore list (generated files)
- PGlite smoke test confirms migrations apply and seed works
- Replace all 13 sqliteTable definitions with pgTable (pg-core)
- Convert integer timestamps to native timestamp type with defaultNow()
- Convert real columns to doublePrecision, integer used to boolean
- Rewrite db connection to use postgres.js driver with DATABASE_URL
- Rewrite migrate.ts to use postgres-js migrator targeting drizzle-pg/
- Convert seed.ts to async
- Update drizzle.config.ts to postgresql dialect
- Install postgres and @electric-sql/pglite, remove better-sqlite3
The MCP auth spec (2025-06-18+) requires /.well-known/oauth-protected-resource
in addition to /.well-known/oauth-authorization-server. Claude fetches
the protected resource metadata first after receiving a 401, then discovers
the authorization server from it. Also fixes WWW-Authenticate header to
use absolute URL pointing to the protected resource endpoint.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
verifyAccessToken is async and returns a Promise. Without await,
the Promise object is always truthy, so any Bearer token (even
invalid ones) was accepted. This fixes MCP OAuth authentication.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Required for claude.ai browser-based OAuth flows that make
cross-origin requests to discovery, token, and MCP endpoints.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add well-known metadata, dynamic client registration, authorization
flow with PKCE, and token exchange/refresh endpoints with route-level
integration tests.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Document the Gitea Actions release pipeline and how to trigger it
via API with patch/minor/major bump types.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
