Implement in-memory rate limiter with 5 attempts per 15-minute window per IP address. Protects brute-force attacks on credential endpoints.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Adds parseId helper in src/server/lib/params.ts and applies it across
all route files so non-positive-integer IDs return 400 instead of
silently passing NaN to services.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The @/ alias resolves via tsconfig but not in production where
Bun runs server files directly. Use relative paths instead.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Exclude drizzle/ and .planning/ from Biome (generated files with
incompatible formatting). Auto-fix import ordering and formatting
in existing source files.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The wizard creates categories via POST which requires auth.
Gate the wizard on isAuthenticated so users create their
account first via Sign In, then the wizard appears.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- MCP auth middleware now rejects requests without API key when users exist
- Image /from-url route distinguishes validation errors (400) from server errors (500)
- Password change route returns 401 when no session cookie instead of crashing
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Wrap existing service layer with MCP-compatible tool handlers for items,
categories, threads/candidates, setups, and image fetching. Add collection
summary resource for overview data. All 14 MCP-specific tests passing.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Extend uiStore candidateViewMode union to include "compare" value
- Add columns-3 compare toggle button, shown only when thread has 2+ candidates
- Hide "Add Candidate" button when in compare view (read-only intent)
- Import and render ComparisonTable when candidateViewMode === "compare"
- Pass displayItems so compare view reflects any pending reorder state
- Existing list/grid views unchanged; all 135 tests pass
onPointerUp was incorrectly placed on the resolved-thread div instead
of the active-thread Reorder.Group, causing drag reorder to not persist.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add useReorderCandidates mutation hook with apiPatch to /candidates/reorder endpoint
- Add candidateViewMode (list|grid) state and setCandidateViewMode to uiStore
- Create CandidateListItem component with drag handle, rank badge, horizontal layout
- Export RankBadge helper (gold/silver/bronze medal icons for top 3)
- Add style prop support to LucideIcon component
- Add pros/cons fields to CandidateWithCategory in useThreads.ts
- Add sortOrder REAL column to threadCandidates schema (default 0)
- Add sort_order column to test helper CREATE TABLE
- Add reorderCandidatesSchema to shared/schemas.ts
- Add ReorderCandidates type to shared/types.ts
- getThreadWithCandidates now orders candidates by sort_order ASC
- createCandidate appends at max sort_order + 1000 (first = 1000)
- Add reorderCandidates service function (transaction, active-only guard)
- Add 5 new tests: ordering, appending, reorder success, resolved guard, missing thread
Redesign WeightSummaryCard stats from a disconnected 4-column grid to a
compact legend-style list with color dots, percentages, and a divider
before the total row. Switch chart and legend colors to a neutral gray
palette.
Add a currency selector to settings (USD, EUR, GBP, JPY, CAD, AUD) that
changes the displayed symbol across the app. This is visual only — no
value conversion is performed.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add classification text column (default 'base') to setupItems schema
- Add classificationSchema and updateClassificationSchema Zod validators
- Add UpdateClassification type inferred from Zod schema
- Implement updateItemClassification service function
- Modify getSetupWithItems to return classification field
- Modify syncSetupItems to preserve classifications across re-sync
- Add tests for classification CRUD, preservation, and cross-setup independence
- Generate and apply Drizzle migration
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- StatusBadge: clickable pill badge with popup menu (researching/ordered/arrived)
- Muted gray styling, LucideIcon per status, click-outside dismiss, Escape key support
- CandidateCard: status + onStatusChange props, StatusBadge in pill row after category
- Thread detail page: passes candidate.status and useUpdateCandidate for onStatusChange
- Fix Biome formatting for candidateStatusSchema enum
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Sticky search/filter toolbar with text input and CategoryFilterDropdown
- useMemo-based filtering by name (search) and categoryId (dropdown)
- "Showing X of Y items" count when filters active
- Flat grid (no category headers) when any filter is active
- "No items match your search" empty state for filtered results
- Replace PlanningView native select with CategoryFilterDropdown
- Schema: status TEXT NOT NULL DEFAULT 'researching' on thread_candidates
- Zod: candidateStatusSchema enum (researching/ordered/arrived) added to createCandidateSchema
- Service: getThreadWithCandidates selects status, createCandidate sets status, updateCandidate accepts status
- Client hooks: CandidateWithCategory and CandidateResponse types include status field
- Migration generated and applied
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Searchable dropdown with Lucide icons per category option
- "All categories" as first option with null value
- Click-outside and Escape key dismissal
- Clear button on trigger when category selected
- Auto-focus search input when dropdown opens
- State reset (search text) when dropdown closes
- Add segmented g/oz/lb/kg toggle to TotalsBar with settings persistence
- Pass unit parameter to all 8 formatWeight call sites across components and routes
- Import useWeightUnit hook in ItemCard, CandidateCard, CategoryHeader, SetupCard, ItemPicker, Dashboard, SetupDetail
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Wraps useSetting("weightUnit") with typed WeightUnit return
- Validates stored value against known units (g, oz, lb, kg)
- Defaults to "g" when no setting exists (backward compatible)
- Fix config.json formatting (tabs per biome config)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Setups now lives alongside My Gear and Planning under /collection?tab=setups
instead of its own /setups route. Dashboard card updated to link to the new
tab. Setup detail pages (/setups/:id) remain unchanged.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add Lucide package icon as SVG favicon (white stroke) and display it
next to the GearBox title in the TotalsBar.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Switch all interactive UI elements (buttons, focus rings, active tabs,
FAB, links, spinners) from blue to gray to match icon colors for a
more cohesive look. Mute card badge text colors to pastels (blue-400,
green-500, purple-500) to keep the focus on card content.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
drizzle-kit push depends on better-sqlite3 which isn't supported in
Bun, causing migrations to fail and the server to crash-loop in prod.
Replace with drizzle-orm/bun-sqlite/migrator that applies the existing
SQL migration files using the native bun:sqlite driver.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Run biome check --write --unsafe to fix tabs, import ordering, and
non-null assertions across entire codebase. Disable a11y rules not
applicable to this single-user app. Exclude auto-generated routeTree.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add multi-stage Dockerfile, docker-compose with persistent volumes,
and Gitea Actions workflows for CI (lint/test/build) and releases
(tag, Docker image push, changelog). Support DATABASE_PATH env var
for configurable SQLite location to enable proper volume mounting.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Show an external link icon on ItemCard and CandidateCard that opens a
confirmation dialog before navigating to product URLs.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace all raw emoji characters in dashboard cards, empty states,
and onboarding wizard with LucideIcon components for visual consistency.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
