- Add upsertGlobalItemSchema and bulkUpsertGlobalItemsSchema to schemas.ts
- Add UpsertGlobalItemInput and BulkUpsertGlobalItemsInput types to types.ts
- Implement upsertGlobalItem with onConflictDoUpdate and tag sync
- Implement bulkUpsertGlobalItems processing array in single transaction
- Fix migration 0003 to only add new columns + unique constraint
- All 21 tests pass including 8 new upsert operation tests
Public setup view was missing image URL enrichment, causing item images
to be absent for anonymous visitors. Matches the private endpoint pattern.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Remove authLoading spinner gate — app renders immediately for all visitors
- Expand isPublicRoute to include /, /global-items/*, /setups/*, /users/, /login
- Replace hard window.location.href redirect with soft navigate() after auth resolves
- Remove onboarding loading spinner — pass isAuthenticated as enabled to guard query
- Add AuthPromptModal to root JSX for global availability
- Guard Add to Collection and Add to Thread buttons with isAuthenticated check
- Rework setup detail page to use usePublicSetup for anonymous visitors
- Wrap all write action UI (Add Items, Delete, Public toggle, remove/classify) in isAuthenticated guards
- Import createRateLimit in server index
- Create browseTier (120 req/min) for list/search endpoints
- Create detailTier (60 req/min) for individual resource endpoints
- Apply browseTier to /api/global-items and /api/tags GET routes
- Apply detailTier to /api/global-items/:id, /api/setups/:id/public, /api/users/:id/profile GET routes
- Rate limits placed before auth middleware per D-07, D-08
- Extend uiStore with showAuthPrompt/openAuthPrompt/closeAuthPrompt state
- Create AuthPromptModal component with sign in/sign up CTAs pointing to /login
- Add usePublicSetup hook to useSetups for anonymous setup viewing via public API
- Rework useOnboardingComplete to accept enabled param (guards auth-gated call)
- Add createRateLimit(maxAttempts, windowMs) factory function
- Rewrite rateLimit export to delegate to factory (backward compatible)
- Keep shared store, getClientIp, cleanup, and _resetForTesting unchanged
- Add createRateLimit factory test suite with 5 test cases
- All existing rateLimit middleware tests still pass
activeThreads[0].id in useEffect dependency array threw when the array
was empty. Use optional chaining to safely handle the empty case.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The /me endpoint was returning auth.sub (Logto's opaque string) as the
user ID, but the frontend and other API endpoints expect numeric DB IDs.
This caused "can't access property 'id', w[0] is undefined" after login.
Also documents Logto OIDC setup requirements (scopes, env vars) in
CLAUDE.md.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The @hono/oidc-auth middleware catches all errors and rethrows as
"Invalid session", hiding the real cause. This adds a startup probe
to OIDC discovery endpoint so the actual error appears in logs.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- OAuth: add userId to oauth_codes schema and migration, derive userId
from stored auth code/token record instead of passing separately
- Auth middleware tests: destructure {db, userId} from createTestDb,
pass userId to createApiKey, fix error message assertion
- MCP tests: add missing await on getCollectionSummary and
createSecondTestUser calls
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Fix unused function parameters (prefix with _)
- Fix unused imports in test files
- Fix import ordering in test files
- Auto-fix formatting issues across 22 files
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Remove weight unit switcher pills and collection stats (items, weight,
spent) from TotalsBar. Top bar now shows only logo/title and user menu.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Reference items show catalog image as read-only in edit mode (no upload)
- "Delete" button renamed to "Remove from Collection" for reference items
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Reference items (linked to global catalog) now show name, brand, weight,
and MSRP as read-only in edit mode with "from the catalog" hint. Only
personal fields (notes, category, quantity, image, product URL) are
editable. Standalone items retain full edit access.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Remove duplicate back arrow/header from ManualEntryForm (overlay already shows it)
- Move ImageUpload to top of ManualEntryForm for visual cohesion
- Change "Submit to Catalog?" from text link to checkbox-style toggle
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add manualEntryMode and savedItemName local state with resets on overlay close
- Back arrow is context-sensitive: returns to search when in manual mode, closes overlay otherwise
- Header text updates to 'Manual Entry' or 'Item Added' in manual entry mode
- Search input, filters, and view toggles hidden when in manual entry mode
- EmptyState now accepts onAddManually callback with context-sensitive link text
- Persistent 'Can't find it? Add manually' link shown below search results
- ManualEntryForm rendered inline when manualEntryMode is active
- Success card shown after save with 'Submit to Catalog?' toast-only button
- 'Add Another' resets to search, 'Done' closes overlay
- Compact form with name, category, weight, price, purchase price, product URL, notes, image
- Uses CategoryPicker and ImageUpload reusable components
- Calls useCreateItem without globalItemId for standalone item creation
- Back arrow (ArrowLeft) calls onBack prop to return to search results
- Converts price strings to cents via Math.round(Number(val) * 100)
- No toast.success on save — success card in overlay handles feedback
- Create AddToThreadModal with pick/create modes for thread selection
- Support existing thread selection with category display
- Support new thread creation with candidate in one step
- Pre-select session thread via catalogSessionThreadId
- Auto-switch to create mode when no active threads exist
- Wire AddToThreadModal at root layout level
- Replace handleAddStub with handleAdd dispatching to correct modal by mode
- Global item detail page: add both "Add to Collection" and "Add to Thread" buttons
- Remove console.log stub from detail page
- Import useUIStore in both components
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Remove Item and Candidate SlideOutPanel instances from __root.tsx
- Remove SlideOutPanel, ItemForm, CandidateForm imports from root
- Remove panel state (panelMode, editingItemId, candidatePanelMode, editingCandidateId) from UIStore
- Remove panel actions (openEditPanel, openAddPanel, closePanel, etc.) from UIStore
- Preserve currentThreadId derivation for CandidateDeleteDialog
- Update CollectionView empty state to use catalog search instead of add panel
- Update ItemForm/CandidateForm with onClose prop replacing store panel close
- Clean all dead panel references across src/client/
- Add local AddCandidateModal component with all candidate form fields
- Remove openCandidateAddPanel UIStore dependency
- Modal includes image upload, category picker, pros/cons, validation
- Add image placeholder (package icon) when no imageUrl exists
- Add 'Add to Collection' button stub between specs and description
- Button styled per D-10, logs to console (actual flow wired in Phase 22)
- Consistent layout with item detail page
- Full detail page at /items/:id with hero image, name, spec badges, notes, product link
- Edit mode toggle: read-only by default, editable inputs when Edit clicked
- Save persists via useUpdateItem, Cancel reverts to read-only
- Duplicate and Delete actions via existing hooks/dialogs
- Back link to /collection, loading shimmer, error state
- CategoryPicker and ImageUpload in edit mode
- Move $threadId.tsx to $threadId/index.tsx for nested route support
- Create candidate detail page at /threads/:threadId/candidates/:candidateId
- Edit mode toggle with form fields for all candidate properties
- Back navigation, pick-as-winner, and delete actions
- Seed runner inserts user, categories, global items, tags, user items,
threads with candidates, setups, and settings in FK order
- Idempotent: checks for dev-user-seed logtoSub before running
- Reuses seedGlobalItems() for base catalog data
- Added db:seed:dev npm script to package.json
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- 10 categories, 36 global items with realistic weights/prices
- 17 user items (10 catalog-linked, 7 standalone)
- 3 threads with candidates, 2 setups, tag assignments, settings
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Replace old single-action FAB with FabMenu component
- Add CatalogSearchOverlay to root layout
- FAB now visible on all authenticated non-public routes
- Detect setups page for conditional New Setup menu item
- Remove unused openAddPanel reference
- FabMenu with animated mini menu (Add to Collection, Start Thread, New Setup)
- CatalogSearchOverlay with debounced search, tag chip filtering, result cards
- Loading skeleton grid and empty state
- Framer Motion animations for menu entrance/exit and overlay transitions
- Add fabMenuOpen, openFabMenu, closeFabMenu to UIStore
- Add catalogSearchOpen, catalogSearchMode, openCatalogSearch, closeCatalogSearch
- openCatalogSearch also closes FAB menu (natural flow)
- Create useTags hook with 5-min staleTime cache
- Add optional tags parameter to useGlobalItems for tag filtering
- Create tags table in schema with id, name (unique), createdAt
- Generate migration for tags table
- Create tag.service.ts with getAllTags (id+name, alphabetical order)
- Create tags.ts route with GET / handler
- Register /api/global-items and /api/tags routes in index.ts
- Add auth skip for GET /api/tags and GET /api/global-items
- Setup service: LEFT JOIN globalItems in getAllSetups totals and getSetupWithItems
- Totals service: LEFT JOIN globalItems in getCategoryTotals and getGlobalTotals
- Profile service: LEFT JOIN globalItems in getPublicProfile totals and getPublicSetupWithItems
- CSV service: LEFT JOIN globalItems in exportItemsCsv for merged name/weight/price
- searchGlobalItems now accepts tagNames param with AND intersection logic
- Owner count uses items.globalItemId instead of removed itemGlobalLinks
- Removed linkItemToGlobal and unlinkItemFromGlobal functions
- Route handlers now async with tags query param support
- Rewrote tests to async PGlite pattern, added tag filtering tests
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- getThreadWithCandidates LEFT JOINs globalItems with COALESCE for name, weight, price, image
- createCandidate accepts and stores globalItemId
- resolveThread branches: reference item (globalItemId set) vs standalone (full data copy)
- Removed link/unlink endpoints from items route (replaced by direct globalItemId FK)
- 6 new tests for catalog-linked candidates and branched resolution
- getAllItems and getItemById LEFT JOIN globalItems with COALESCE for name, weight, price, image
- createItem accepts globalItemId and purchasePriceCents, stores brand+model as fallback name
- duplicateItem preserves globalItemId and purchasePriceCents
- updateItem type includes globalItemId and purchasePriceCents
- 10 new tests for reference item creation and merged data retrieval
- Add globalItemId and purchasePriceCents to createItemSchema
- Add globalItemId to createCandidateSchema
- Add tags param to searchGlobalItemsSchema
- Remove linkItemSchema from schemas and types
- Replace ItemGlobalLink with Tag and GlobalItemTag types
- Convert seedGlobalItems to async, add seedTags with 30 curated tags
- Add globalItemId and purchasePriceCents columns to items table
- Add globalItemId column to threadCandidates table
- Add tags and globalItemTags tables for tag system
- Remove itemGlobalLinks table (replaced by direct FK)
- Generate migration with data migration step before table drop
- Add auth redirect in root layout for unauthenticated users
- Proxy OIDC routes (/login, /callback, /logout) through Vite dev server
- Strip Secure flag from OIDC cookies in dev mode (HTTP localhost)
- Disable retry on auth query to prevent stale cookie loops
- Fix SQLite .get()/.all()/.run() calls in category and global-item
services for PostgreSQL compatibility
- Add userId scoping to category service functions
- Add OIDC error logging in auth middleware
- Apply linter auto-formatting across affected files
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
