trent_larson
/
crowd-funder-for-time-pwa
4
1
Fork 2
Code Issues Pull Requests 26 Releases 5 Wiki Activity
Browse Source

Merge branch 'master' into profile_include_location

pull/170/head
Matthew Raymer 3 days ago
parent
3be7001d1b 57ea7f67c5
commit
1305eed9bc
70 changed files with 4180 additions and 439 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 75
      .cursor/rules/architecture/README.md
  2. 373
      .cursor/rules/architecture/build_architecture_guard.mdc
  3. 79
      .cursor/rules/docs/markdown-automation.mdc
  4. 36
      .cursor/rules/docs/markdown.mdc
  5. 206
      .cursor/rules/harbor_pilot_universal.mdc
  6. 236
      .cursor/rules/historical_comment_management.mdc
  7. 49
      .cursor/rules/less_complex.mdc
  8. 348
      .cursor/rules/realistic_time_estimation.mdc
  9. 2
      .dockerignore
  10. 142
      .github/workflows/asset-validation.yml
  11. 27
      .github/workflows/playwright.yml
  12. 4
      .gitignore
  13. 40
      .husky/_/husky.sh
  14. 10
      .husky/commit-msg
  15. 33
      .husky/pre-commit
  16. 27
      .husky/pre-push
  17. 512
      BUILDING.md
  18. 41
      CHANGELOG.md
  19. 82
      README-PR-TEMPLATE.md
  20. 58
      README.md
  21. 8
      TASK_storage.md
  22. 3
      doc/DEEP_LINKS.md
  23. 336
      doc/README-BUILD-GUARD.md
  24. 3
      doc/README.md
  25. 238
      doc/android-asset-validation.md
  26. 1
      doc/asset-migration-plan.md
  27. 8
      doc/build-modernization-context.md
  28. 17
      doc/circular-dependency-analysis.md
  29. 14
      doc/component-communication-guide.md
  30. 14
      doc/cors-disabled-for-universal-images.md
  31. 26
      doc/cors-image-loading-solution.md
  32. 1
      doc/database-migration-guide.md
  33. 5
      doc/debug-hook-guide.md
  34. 6
      doc/electron-cleanup-summary.md
  35. 21
      doc/electron-console-cleanup.md
  36. 13
      doc/error-diagnostics-log.md
  37. 21
      doc/image-hosting-guide.md
  38. 2
      doc/logging-configuration.md
  39. 21
      doc/migration-fence-definition.md
  40. 69
      doc/migration-progress-tracker.md
  41. 1
      doc/migration-quick-reference.md
  42. 31
      doc/migration-readiness-summary.md
  43. 31
      doc/migration-roadmap-next-steps.md
  44. 29
      doc/migration-to-wa-sqlite.md
  45. 29
      doc/platformservicemixin-completion-plan.md
  46. 28
      doc/qr-code-implementation-guide.md
  47. 9
      doc/secure-storage-implementation.md
  48. 14
      doc/sharebufferarray_spectre_security.md
  49. 29
      doc/storage-implementation-checklist.md
  50. 35
      doc/usage-guide.md
  51. 32
      docker/README.md
  52. 29
      electron/README-BUILDING.md
  53. 32
      electron/README.md
  54. 15
      ios/App/app_privacy_manifest_fixer/CHANGELOG.md
  55. 7
      ios/App/app_privacy_manifest_fixer/README.md
  56. 7
      ios/App/app_privacy_manifest_fixer/README.zh-CN.md
  57. 18
      package.json
  58. 47
      pull_request_template.md
  59. 3
      resources/README.md
  60. 7
      scripts/README.md
  61. 121
      scripts/build-android.sh
  62. 355
      scripts/build-arch-guard.sh
  63. 19
      scripts/fix-markdown.sh
  64. 21
      scripts/git-hooks/README.md
  65. 214
      scripts/setup-markdown-hooks.sh
  66. 19
      scripts/validate-markdown.sh
  67. 8
      test-playwright/README.md
  68. 4
      test-playwright/TESTING.md

75
.cursor/rules/architecture/README.md
View File

@ -0,0 +1,75 @@
# Architecture Rules Directory
**Author**: Matthew Raymer
**Date**: 2025-08-20
**Status**: 🎯 **ACTIVE** - Architecture protection guidelines
## Overview
This directory contains MDC (Model Directive Configuration) rules that protect
critical architectural components of the TimeSafari project. These rules ensure
that changes to system architecture follow proper review, testing, and
documentation procedures.
## Available Rules
### Build Architecture Guard (`build_architecture_guard.mdc`)
Protects the multi-platform build system including:
- Vite configuration files
- Build scripts and automation
- Platform-specific configurations (iOS, Android, Electron, Web)
- Docker and deployment infrastructure
- CI/CD pipeline components
**When to use**: Any time you're modifying build scripts, configuration files,
or deployment processes.
**Authorization levels**:
- **Level 1**: Minor changes (review required)
- **Level 2**: Moderate changes (testing required)
- **Level 3**: Major changes (ADR required)
## Usage Guidelines
### For Developers
1. **Check the rule**: Before making architectural changes, review the relevant
rule
2. **Follow the process**: Use the appropriate authorization level
3. **Complete validation**: Run through the required checklist
4. **Update documentation**: Keep BUILDING.md and related docs current
### For Reviewers
1. **Verify authorization**: Ensure changes match the required level
2. **Check testing**: Confirm appropriate testing has been completed
3. **Validate documentation**: Ensure BUILDING.md reflects changes
4. **Assess risk**: Consider impact on other platforms and systems
## Integration with Other Rules
- **Version Control**: Works with `workflow/version_control.mdc`
- **Research & Diagnostic**: Supports `research_diagnostic.mdc` for
investigations
- **Software Development**: Aligns with development best practices
- **Markdown Automation**: Integrates with `docs/markdown-automation.mdc` for
consistent documentation formatting
## Emergency Procedures
If architectural changes cause system failures:
1. **Immediate rollback** to last known working state
2. **Document the failure** with full error details
3. **Investigate root cause** using diagnostic workflows
4. **Update procedures** to prevent future failures
---
**Status**: Active architecture protection
**Priority**: Critical
**Maintainer**: Development team
**Next Review**: 2025-09-20

373
.cursor/rules/architecture/build_architecture_guard.mdc
View File

@ -0,0 +1,373 @@
---
description: Guards against unauthorized changes to the TimeSafari building
architecture
alwaysApply: false
---
# Build Architecture Guard Directive
**Author**: Matthew Raymer
**Date**: 2025-08-22
**Status**: 🎯 **ACTIVE** - Build system protection guidelines
## Purpose
Protect the TimeSafari building architecture from unauthorized changes that
could break the multi-platform build pipeline, deployment processes, or
development workflow. This directive ensures all build system modifications
follow proper review, testing, and documentation procedures.
**Note**: Recent Android build system enhancements (2025-08-22) include sophisticated asset validation, platform-specific API routing, and automatic resource regeneration. These features require enhanced testing and validation procedures.
## Protected Architecture Components
### Core Build Infrastructure
- **Vite Configuration Files**: `vite.config.*.mts` files
- **Build Scripts**: All scripts in `scripts/` directory
- **Package Scripts**: `package.json` build-related scripts
- **Platform Configs**: `capacitor.config.ts`, `electron/`, `android/`,
`ios/`
- **Docker Configuration**: `Dockerfile`, `docker-compose.yml`
- **Environment Files**: `.env.*`, `.nvmrc`, `.node-version`
### Android-Specific Build Validation
- **Asset Validation Scripts**: `validate_android_assets()` function and resource checking
- **Resource Generation**: `capacitor-assets` integration and verification
- **Platform-Specific IP Handling**: Android emulator vs physical device API routing
- **Build Mode Validation**: Development/test/production mode handling
- **Resource Fallback Logic**: Automatic regeneration of missing Android resources
### Critical Build Dependencies
- **Build Tools**: Vite, Capacitor, Electron, Android SDK, Xcode
- **Asset Management**: `capacitor-assets.config.json`, asset scripts
- **Testing Infrastructure**: Playwright, Jest, mobile test scripts
- **CI/CD Pipeline**: GitHub Actions, build validation scripts
- **Service Worker Assembly**: `sw_scripts/`, `sw_combine.js`, WASM copy steps
## Change Authorization Requirements
### Level 1: Minor Changes (Requires Review)
- Documentation updates to `BUILDING.md`
- Non-breaking script improvements
- Test additions or improvements
- Asset configuration updates
**Process**: Code review + basic testing
### Level 2: Moderate Changes (Requires Testing)
- New build script additions
- Environment variable changes
- Dependency version updates
- Platform-specific optimizations
- **Build script argument parsing**: New flag handling (--api-ip, --auto-run, --deploy)
- **Platform-specific environment overrides**: Android API server IP customization
- **Asset regeneration logic**: Automatic fallback for missing Android resources
**Process**: Code review + platform testing + documentation update
### Level 3: Major Changes (Requires ADR)
- Build system architecture changes
- New platform support
- Breaking changes to build scripts
- Major dependency migrations
**Process**: ADR creation + comprehensive testing + team review
## Prohibited Actions
### ❌ Never Allow Without ADR
- **Delete or rename** core build scripts
- **Modify** `package.json` build script names
- **Change** Vite configuration structure
- **Remove** platform-specific build targets
- **Alter** Docker build process
- **Modify** CI/CD pipeline without testing
### ❌ Never Allow Without Testing
- **Update** build dependencies
- **Change** environment configurations
- **Modify** asset generation scripts
- **Alter** test infrastructure
- **Update** platform SDK versions
## Required Validation Checklist
### Before Any Build System Change
- [ ] **Impact Assessment**: Which platforms are affected?
- [ ] **Testing Plan**: How will this be tested across platforms?
- [ ] **Rollback Plan**: How can this be reverted if it breaks?
- [ ] **Documentation**: Will `BUILDING.md` need updates?
- [ ] **Dependencies**: Are all required tools available?
### After Build System Change
- [ ] **Web Platform**: Does `npm run build:web:dev` work?
- [ ] **Mobile Platforms**: Do iOS/Android builds succeed?
- [ ] **Desktop Platform**: Does Electron build and run?
- [ ] **Tests Pass**: Do all build-related tests pass?
- [ ] **Documentation Updated**: Is `BUILDING.md` current?
## Specific Test Commands (Minimum Required)
### Web Platform
- **Development**: `npm run build:web:dev` - serve and load app
- **Production**: `npm run build:web:prod` - verify SW and WASM present
### Mobile Platforms
- **Android**: `npm run build:android:test` or `:prod` - confirm assets copied
- **iOS**: `npm run build:ios:test` or `:prod` - verify build succeeds
### Android Platform (Enhanced)
- **Development Mode**: `npm run build:android --dev` - verify 10.0.2.2 API routing
- **Custom IP Mode**: `npm run build:android --dev --api-ip 192.168.1.100` - verify custom IP
- **Asset Validation**: `npm run build:android --assets` - verify resource generation
- **Deploy Mode**: `npm run build:android --deploy` - verify device deployment
### Desktop Platform
- **Electron**: `npm run build:electron:dev` and packaging for target OS
- **Verify**: Single-instance behavior and app boot
### Auto-run (if affected)
- **Test Mode**: `npm run auto-run:test` and platform variants
- **Production Mode**: `npm run auto-run:prod` and platform variants
### Clean and Rebuild
- Run relevant `clean:*` scripts and ensure re-build works
## Emergency Procedures
### Build System Broken
1. **Immediate**: Revert to last known working commit
2. **Investigation**: Create issue with full error details
3. **Testing**: Verify all platforms work after revert
4. **Documentation**: Update `BUILDING.md` with failure notes
### Platform-Specific Failure
1. **Isolate**: Identify which platform is affected
2. **Test Others**: Verify other platforms still work
3. **Rollback**: Revert platform-specific changes
4. **Investigation**: Debug in isolated environment
## Integration Points
### With Version Control
- **Branch Protection**: Require reviews for build script changes
- **Commit Messages**: Must reference ADR for major changes
- **Testing**: All build changes must pass CI/CD pipeline
### With Documentation
- **BUILDING.md**: Must be updated for any script changes
- **README.md**: Must reflect new build requirements
- **CHANGELOG.md**: Must document breaking build changes
### With Testing
- **Pre-commit**: Run basic build validation
- **CI/CD**: Full platform build testing
- **Manual Testing**: Human verification of critical paths
## Risk Matrix & Required Validation
### Environment Handling
- **Trigger**: Change to `.env.*` loading / variable names
- **Validation**: Prove `dev/test/prod` builds; show environment echo in logs
### Script Flow
- **Trigger**: Reorder steps (prebuild → build → package), new flags
- **Validation**: Dry-run + normal run, show exit codes & timing
### Platform Packaging
- **Trigger**: Electron NSIS/DMG/AppImage, Android/iOS bundle
- **Validation**: Produce installer/artifact and open it; verify single-instance,
icons, signing
### Service Worker / WASM
- **Trigger**: `sw_combine.js`, WASM copy path
- **Validation**: Verify combined SW exists and is injected; page loads offline;
WASM present
### Docker
- **Trigger**: New base image, build args
- **Validation**: Build image locally; run container; list produced `/dist`
### Android Asset Management
- **Trigger**: Changes to `validate_android_assets()` function or resource paths
- **Validation**: Run `npm run build:android --assets` and verify all mipmap/drawable resources
- **Risk**: Missing splash screens or app icons causing build failures
### Android API Routing
- **Trigger**: Changes to Android-specific API server IP logic
- **Validation**: Test both emulator (10.0.2.2) and custom IP modes
- **Risk**: API connectivity failures on different device types
### Signing/Notarization
- **Trigger**: Cert path/profiles
- **Validation**: Show signing logs + verify on target OS
## PR Template (Paste into Description)
- [ ] **Level**: L1 / L2 / L3 + justification
- [ ] **Files & platforms touched**:
- [ ] **Risk triggers & mitigations**:
- [ ] **Commands run (paste logs)**:
- [ ] **Artifacts (names + sha256)**:
- [ ] **Docs updated (sections/links)**:
- [ ] **Rollback steps verified**:
- [ ] **CI**: Jobs passing and artifacts uploaded
## Rollback Playbook
### Immediate Rollback
1. `git revert` or `git reset --hard <prev>`; restore prior `scripts/` or config
files
2. Rebuild affected targets; verify old behavior returns
3. Post-mortem notes → update this guard and `BUILDING.md` if gaps found
### Rollback Verification
- **Web**: `npm run build:web:dev` and `npm run build:web:prod`
- **Mobile**: `npm run build:android:test` and `npm run build:ios:test`
- **Desktop**: `npm run build:electron:dev` and packaging commands
- **Clean**: Run relevant `clean:*` scripts and verify re-build works
### Android-Specific Rollback Verification
- **Asset Generation**: `npm run build:android --assets` - verify resources regenerate
- **API Routing**: Test both `--dev` and `--dev --api-ip <custom>` modes
- **Resource Validation**: Check `android/app/src/main/res/` for all required assets
- **Build Modes**: Verify development, test, and production modes all work
- **Resource Fallback**: Confirm missing resources trigger automatic regeneration
## ADR Trigger List
Raise an ADR when you propose any of:
- **New build stage** or reorder of canonical stages
- **Replacement of packager** / packaging format
- **New environment model** or secure secret handling scheme
- **New service worker assembly** strategy or cache policy
- **New Docker base** or multi-stage pipeline
- **Relocation of build outputs** or directory conventions
- **New Android build modes** or argument parsing logic
- **Changes to asset validation** or resource generation strategy
- **Modifications to platform-specific API routing** (Android emulator vs physical)
- **New Android deployment strategies** or device management
**ADR must include**: motivation, alternatives, risks, validation plan, rollback,
doc diffs.
## Competence Hooks
### Why This Works
- **Prevents Build Failures**: Catches issues before they reach production
- **Maintains Consistency**: Ensures all platforms build identically
- **Reduces Debugging Time**: Prevents build system regressions
### Common Pitfalls
- **Silent Failures**: Changes that work on one platform but break others
- **Dependency Conflicts**: Updates that create version incompatibilities
- **Documentation Drift**: Build scripts that don't match documentation
### Next Skill Unlock
- Learn to test build changes across all platforms simultaneously
### Teach-back
- "What three platforms must I test before committing a build script change?"
## Collaboration Hooks
### Team Review Requirements
- **Platform Owners**: iOS, Android, Electron, Web specialists
- **DevOps**: CI/CD pipeline maintainers
- **QA**: Testing infrastructure owners
### Discussion Prompts
- "Which platforms will be affected by this build change?"
- "How can we test this change without breaking existing builds?"
- "What's our rollback plan if this change fails?"
## Self-Check (Before Allowing Changes)
- [ ] **Authorization Level**: Is this change appropriate for the level?
- [ ] **Testing Plan**: Is there a comprehensive testing strategy?
- [ ] **Documentation**: Will BUILDING.md be updated?
- [ ] **Rollback**: Is there a safe rollback mechanism?
- [ ] **Team Review**: Have appropriate stakeholders been consulted?
- [ ] **CI/CD**: Will this pass the build pipeline?
## Continuous Improvement & Feedback
### Feedback Collection
The Build Architecture Guard system includes feedback mechanisms to continuously improve its effectiveness:
- **User Feedback**: Script includes feedback prompts for guard improvements
- **Pattern Analysis**: Monitor which file patterns trigger false positives/negatives
- **Documentation Gaps**: Track which changes lack proper documentation
- **Testing Effectiveness**: Measure how often guard catches actual issues
### Feedback Integration Process
1. **Collect Feedback**: Monitor guard execution logs and user reports
2. **Analyze Patterns**: Identify common false positives or missed patterns
3. **Update Rules**: Modify `build_architecture_guard.mdc` based on feedback
4. **Enhance Script**: Update `build-arch-guard.sh` with new validations
5. **Test Changes**: Verify guard improvements don't introduce new issues
6. **Document Updates**: Update guard documentation with new patterns
### Feedback Categories
- **False Positives**: Files flagged as sensitive that shouldn't be
- **False Negatives**: Sensitive files that weren't caught
- **Missing Patterns**: New file types that should be protected
- **Overly Strict**: Patterns that are too restrictive
- **Documentation Gaps**: Missing guidance for specific change types
- **Testing Improvements**: Better validation procedures
### Feedback Reporting
When reporting guard issues, include:
- **File patterns** that triggered false positives/negatives
- **Build system changes** that weren't properly caught
- **Documentation gaps** in current guard rules
- **Testing procedures** that could be improved
- **User experience** issues with guard enforcement
---
**Status**: Active build system protection
**Priority**: Critical
**Estimated Effort**: Ongoing vigilance
**Dependencies**: All build system components
**Stakeholders**: Development team, DevOps, Platform owners
**Next Review**: 2025-09-22

79
.cursor/rules/docs/markdown-automation.mdc
View File

@ -0,0 +1,79 @@
---
alwaysApply: true
---
# Markdown Automation System
**Author**: Matthew Raymer
**Date**: 2025-08-20
**Status**: 🎯 **ACTIVE** - Markdown formatting automation
## Overview
The Markdown Automation System ensures your markdown formatting standards are
followed **during content generation** by AI agents, not just applied after the
fact.
## AI-First Approach
### **Primary Method**: AI Agent Compliance
- **AI agents follow markdown rules** while generating content
- **No post-generation fixes needed** - content is compliant from creation
- **Consistent formatting** across all generated documentation
### **Secondary Method**: Automated Validation
- **Pre-commit hooks** catch any remaining issues
- **GitHub Actions** validate formatting before merge
- **Manual tools** for bulk fixes when needed
## How It Works
### 1. **AI Agent Compliance** (Primary)
- **When**: Every time AI generates markdown content
- **What**: AI follows markdown rules during generation
- **Result**: Content is properly formatted from creation
### 2. **Pre-commit Hooks** (Backup)
- **When**: Every time you commit
- **What**: Catches any remaining formatting issues
- **Result**: Clean, properly formatted markdown files
### 3. **GitHub Actions** (Pre-merge)
- **When**: Every pull request
- **What**: Validates markdown formatting across all files
- **Result**: Blocks merge if formatting issues exist
## AI Agent Rules Integration
The AI agent follows markdown rules defined in `.cursor/rules/docs/markdown.mdc`:
- **alwaysApply: true** - Rules are enforced during generation
- **Line Length**: AI never generates lines > 80 characters
- **Blank Lines**: AI adds proper spacing around all elements
- **Structure**: AI uses established templates and patterns
## Available Commands
### NPM Scripts
- **`npm run markdown:setup`** - Install the automation system
- **`npm run markdown:fix`** - Fix formatting in all markdown files
- **`npm run markdown:check`** - Validate formatting without fixing
## Benefits
- **No more manual fixes** - AI generates compliant content from start
- **Consistent style** - All files follow same standards
- **Faster development** - No need to fix formatting manually
---
**Status**: Active automation system
**Priority**: High
**Maintainer**: Development team
**Next Review**: 2025-09-20

36
.cursor/rules/docs/markdown.mdc
View File

@ -1,5 +1,5 @@
---
globs: *.md
globs: ["*.md", "*.mdc"]
alwaysApply: false
---
# Cursor Markdown Ruleset for TimeSafari Documentation
@ -10,6 +10,36 @@ This ruleset enforces consistent markdown formatting standards across all projec
documentation, ensuring readability, maintainability, and compliance with
markdownlint best practices.
**⚠️ CRITICAL FOR AI AGENTS**: These rules must be followed DURING content
generation, not applied after the fact. Always generate markdown that complies
with these standards from the start.
## AI Generation Guidelines
### **MANDATORY**: Follow These Rules While Writing
When generating markdown content, you MUST:
1. **Line Length**: Never exceed 80 characters per line
2. **Blank Lines**: Always add blank lines around headings, lists, and code
blocks
3. **Structure**: Use proper heading hierarchy and document templates
4. **Formatting**: Apply consistent formatting patterns immediately
### **DO NOT**: Generate content that violates these rules
- ❌ Generate long lines that need breaking
- ❌ Create content without proper blank line spacing
- ❌ Use inconsistent formatting patterns
- ❌ Assume post-processing will fix violations
### **DO**: Generate compliant content from the start
- ✅ Write within 80-character limits
- ✅ Add blank lines around all structural elements
- ✅ Use established templates and patterns
- ✅ Apply formatting standards immediately
## General Formatting Standards
### Line Length
@ -330,3 +360,7 @@ Description of current situation or problem.
### Security
### Performance
```
## Features ❌ (Duplicate heading)
### Security
### Performance
```

206
.cursor/rules/harbor_pilot_universal.mdc
View File

@ -0,0 +1,206 @@
---
alwaysApply: true
inherits: base_context.mdc
---
```json
{
"coaching_level": "standard",
"socratic_max_questions": 2,
"verbosity": "concise",
"timebox_minutes": 10,
"format_enforcement": "strict"
}
```
# Harbor Pilot — Universal Directive for Human-Facing Technical Guides
**Author**: System/Shared
**Date**: 2025-08-21 (UTC)
**Status**: 🚢 ACTIVE — General ruleset extending *Base Context — Human Competence First*
> **Alignment with Base Context**
> - **Purpose fit**: Prioritizes human competence and collaboration while delivering reproducible artifacts.
> - **Output Contract**: This directive **adds universal constraints** for any technical topic while **inheriting** the Base Context contract sections.
> - **Toggles honored**: Uses the same toggle semantics; defaults above can be overridden by the caller.
---
## Objective
Produce a **developer-grade, reproducible guide** for any technical topic that onboards a competent practitioner **without meta narration** and **with evidence-backed steps**.
## Scope & Constraints
- **One Markdown document** as the deliverable.
- Use **absolute dates** in **UTC** (e.g., `2025-08-21T14:22Z`) — avoid “today/yesterday”.
- Include at least **one diagram** (Mermaid preferred). Choose the most fitting type:
- `sequenceDiagram` (protocols/flows), `flowchart`, `stateDiagram`, `gantt` (timelines), or `classDiagram` (schemas).
- Provide runnable examples where applicable:
- **APIs**: `curl` + one client library (e.g., `httpx` for Python).
- **CLIs**: literal command blocks and expected output snippets.
- **Code**: minimal, self-contained samples (language appropriate).
- Cite **evidence** for *Works/Doesn’t* items (timestamps, filenames, line numbers, IDs/status codes, or logs).
- If something is unknown, output `TODO:<missing>` — **never invent**.
## Required Sections (extends Base Output Contract)
Follow this exact order **after** the Base Contract’s **Objective → Result → Use/Run** headers:
1. **Context & Scope**
- Problem statement, audience, in/out-of-scope bullets.
2. **Artifacts & Links**
- Repos/PRs, design docs, datasets/HARs/pcaps, scripts/tools, dashboards.
3. **Environment & Preconditions**
- OS/runtime, versions/build IDs, services/endpoints/URLs, credentials/auth mode (describe acquisition, do not expose secrets).
4. **Architecture / Process Overview**
- Short prose + **one diagram** selected from the list above.
5. **Interfaces & Contracts (choose one)**
- **API-based**: Endpoint table (*Step, Method, Path/URL, Auth, Key Headers/Params, Sample Req/Resp ref*).
- **Data/Files**: I/O contract table (*Source, Format, Schema/Columns, Size, Validation rules*).
- **Systems/Hardware**: Interfaces table (*Port/Bus, Protocol, Voltage/Timing, Constraints*).
6. **Repro: End-to-End Procedure**
- Minimal copy-paste steps with code/commands and **expected outputs**.
7. **What Works (with Evidence)**
- Each item: **Time (UTC)** • **Artifact/Req IDs** • **Status/Result** • **Where to verify**.
8. **What Doesn’t (Evidence & Hypotheses)**
- Each failure: locus (file/endpoint/module), evidence snippet; short hypothesis and **next probe**.
9. **Risks, Limits, Assumptions**
- SLOs/limits, rate/size caps, security boundaries (CORS/CSRF/ACLs), retries/backoff/idempotency patterns.
10. **Next Steps (Owner • Exit Criteria • Target Date)**
- Actionable, assigned, and time-bound.
11. **References**
- Canonical docs, specs, tickets, prior analyses.
> **Competence Hooks (per Base Context; keep lightweight):**
> - *Why this works* (≤3 bullets) — core invariants or guarantees.
> - *Common pitfalls* (≤3 bullets) — the traps we saw in evidence.
> - *Next skill unlock* (1 line) — the next capability to implement/learn.
> - *Teach-back* (1 line) — prompt the reader to restate the flow/architecture.
> **Collaboration Hooks (per Base Context):**
> - Name reviewers for **Interfaces & Contracts** and the **diagram**.
> - Short **sign-off checklist** before merging/publishing the guide.
## Do / Don’t (Base-aligned)
- **Do** quantify progress only against a defined scope with acceptance criteria.
- **Do** include minimal sample payloads/headers or I/O schemas; redact sensitive values.
- **Do** keep commentary lean; if timeboxed, move depth to **Deferred for depth**.
- **Don’t** use marketing language or meta narration (“Perfect!”, “tool called”, “new chat”).
- **Don’t** include IDE-specific chatter or internal rules unrelated to the task.
## Validation Checklist (self-check before returning)
- [ ] All Required Sections present and ordered.
- [ ] Diagram compiles (basic Mermaid syntax) and fits the problem.
- [ ] If API-based, **Auth** and **Key Headers/Params** are listed for each endpoint.
- [ ] Repro section includes commands/code **and expected outputs**.
- [ ] Every Works/Doesn’t item has **UTC timestamp**, **status/result**, and **verifiable evidence**.
- [ ] Next Steps include **Owner**, **Exit Criteria**, **Target Date**.
- [ ] Unknowns are `TODO:<missing>` — no fabrication.
- [ ] Base **Output Contract** sections satisfied (Objective/Result/Use/Run/Competence/Collaboration/Assumptions/References).
## Universal Template (fill-in)
```markdown
# <Title> — Working Notes (As of YYYY-MM-DDTHH:MMZ)
## Objective
<one line>
## Result
<link to the produced guide file or say “this document”>
## Use/Run
<how to apply/test and where to run samples>
## Context & Scope
- Audience: <role(s)>
- In scope: <bullets>
- Out of scope: <bullets>
## Artifacts & Links
- Repo/PR: <link>
- Data/Logs: <paths or links>
- Scripts/Tools: <paths>
- Dashboards: <links>
## Environment & Preconditions
- OS/Runtime: <details>
- Versions/Builds: <list>
- Services/Endpoints: <list>
- Auth mode: <Bearer/Session/Keys + how acquired>
## Architecture / Process Overview
<short prose>
```mermaid
<one suitable diagram: sequenceDiagram | flowchart | stateDiagram | gantt | classDiagram>
```
## Interfaces & Contracts
### If API-based
| Step | Method | Path/URL | Auth | Key Headers/Params | Sample |
|---|---|---|---|---|---|
| <…> | <…> | <…> | <…> | <…> | below |
### If Data/Files
| Source | Format | Schema/Columns | Size | Validation |
|---|---|---|---|---|
| <…> | <…> | <…> | <…> | <…> |
### If Systems/Hardware
| Interface | Protocol | Timing/Voltage | Constraints | Notes |
|---|---|---|---|---|
| <…> | <…> | <…> | <…> | <…> |
## Repro: End-to-End Procedure
```bash
# commands / curl examples (redacted where necessary)
```
```python
# minimal client library example (language appropriate)
```
> Expected output: <snippet/checks>
## What Works (Evidence)
- ✅ <short statement>
- **Time**: <YYYY-MM-DDTHH:MMZ>
- **Evidence**: file/line/log or request id/status
- **Verify at**: <where>
## What Doesn’t (Evidence & Hypotheses)
- ❌ <short failure> at `<component/endpoint/file>`
- **Time**: <YYYY-MM-DDTHH:MMZ>
- **Evidence**: <snippet/id/status>
- **Hypothesis**: <short>
- **Next probe**: <short>
## Risks, Limits, Assumptions
<bullets: limits, security boundaries, retries/backoff, idempotency, SLOs>
## Next Steps
| Owner | Task | Exit Criteria | Target Date (UTC) |
|---|---|---|---|
| <name> | <action> | <measurable outcome> | <YYYY-MM-DD> |
## References
<links/titles>
## Competence Hooks
- *Why this works*: <≤3 bullets>
- *Common pitfalls*: <≤3 bullets>
- *Next skill unlock*: <1 line>
- *Teach-back*: <1 line>
## Collaboration Hooks
- Reviewers: <names/roles>
- Sign-off checklist: <≤5 checks>
## Assumptions & Limits
<bullets>
## Deferred for depth
<park deeper material here to respect timeboxing>
```
---
**Notes for Implementers:**
- Respect Base *Do-Not* (no filler, no invented facts, no censorship).
- Prefer clarity over completeness when timeboxed; capture unknowns explicitly.
- Apply historical comment management rules (see `.cursor/rules/historical_comment_management.mdc`)
- Apply realistic time estimation rules (see `.cursor/rules/realistic_time_estimation.mdc`)

236
.cursor/rules/historical_comment_management.mdc
View File

@ -0,0 +1,236 @@
---
description: when comments are generated by the model
alwaysApply: false
---
# Historical Comment Management — Harbor Pilot Directive
> **Agent role**: When encountering historical comments about removed methods, deprecated patterns, or architectural changes, apply these guidelines to maintain code clarity and developer guidance.
## 🎯 Purpose
Historical comments should either be **removed entirely** or **transformed into actionable guidance** for future developers. Avoid keeping comments that merely state what was removed without explaining why or what to do instead.
## 📋 Decision Framework
### Remove Historical Comments When:
- **Obsolete Information**: Comment describes functionality that no longer exists
- **No Action Required**: Comment doesn't help future developers make decisions
- **Outdated Context**: Comment refers to old patterns that are no longer relevant
- **Self-Evident**: The current code clearly shows the current approach
### Transform Historical Comments When:
- **Architectural Context**: The change represents a significant pattern shift
- **Migration Guidance**: Future developers might need to understand the evolution
- **Decision Rationale**: The "why" behind the change is still relevant
- **Alternative Approaches**: The comment can guide future implementation choices
## 🔄 Transformation Patterns
### 1. From Removal Notice to Migration Note
```typescript
// ❌ REMOVE THIS
// turnOffNotifyingFlags method removed - notification state is now managed by NotificationSection component
// ✅ TRANSFORM TO THIS
// Note: Notification state management has been migrated to NotificationSection component
// which handles its own lifecycle and persistence via PlatformServiceMixin
```
### 2. From Deprecation Notice to Implementation Guide
```typescript
// ❌ REMOVE THIS
// This will be handled by the NewComponent now
// No need to call oldMethod() as it's no longer needed
// ✅ TRANSFORM TO THIS
// Note: This functionality has been migrated to NewComponent
// which provides better separation of concerns and testability
```
### 3. From Historical Note to Architectural Context
```typescript
// ❌ REMOVE THIS
// Old approach: used direct database calls
// New approach: uses service layer
// ✅ TRANSFORM TO THIS
// Note: Database access has been abstracted through service layer
// for better testability and platform independence
```
## 🚫 Anti-Patterns to Remove
- Comments that only state what was removed
- Comments that don't explain the current approach
- Comments that reference non-existent methods
- Comments that are self-evident from the code
- Comments that don't help future decision-making
## ✅ Best Practices
### When Keeping Historical Context:
1. **Explain the "Why"**: Why was the change made?
2. **Describe the "What"**: What is the current approach?
3. **Provide Context**: When might this information be useful?
4. **Use Actionable Language**: Guide future decisions, not just document history
### When Removing Historical Context:
1. **Verify Obsoleteness**: Ensure the information is truly outdated
2. **Check for Dependencies**: Ensure no other code references the old approach
3. **Update Related Docs**: If removing from code, consider adding to documentation
4. **Preserve in Git History**: The change is preserved in version control
## 🔍 Implementation Checklist
- [ ] Identify historical comments about removed/deprecated functionality
- [ ] Determine if comment provides actionable guidance
- [ ] Transform useful comments into migration notes or architectural context
- [ ] Remove comments that are purely historical without guidance value
- [ ] Ensure remaining comments explain current approach and rationale
- [ ] Update related documentation if significant context is removed
## 📚 Examples
### Good Historical Comment (Keep & Transform)
```typescript
// Note: Database access has been migrated from direct IndexedDB calls to PlatformServiceMixin
// This provides better platform abstraction and consistent error handling across web/mobile/desktop
// When adding new database operations, use this.$getContact(), this.$saveSettings(), etc.
```
### Bad Historical Comment (Remove)
```typescript
// Old method getContactFromDB() removed - now handled by PlatformServiceMixin
// No need to call the old method anymore
```
## 🎯 Integration with Harbor Pilot
This rule works in conjunction with:
- **Component Creation Ideals**: Maintains architectural consistency
- **Migration Patterns**: Documents evolution of patterns
- **Code Review Guidelines**: Ensures comments provide value
## 📝 Version History
### v1.0.0 (2025-08-21)
- Initial creation based on notification system cleanup
- Established decision framework for historical comment management
- Added transformation patterns and anti-patterns
- Integrated with existing Harbor Pilot architecture rules
# Historical Comment Management — Harbor Pilot Directive
> **Agent role**: When encountering historical comments about removed methods, deprecated patterns, or architectural changes, apply these guidelines to maintain code clarity and developer guidance.
## 🎯 Purpose
Historical comments should either be **removed entirely** or **transformed into actionable guidance** for future developers. Avoid keeping comments that merely state what was removed without explaining why or what to do instead.
## 📋 Decision Framework
### Remove Historical Comments When:
- **Obsolete Information**: Comment describes functionality that no longer exists
- **No Action Required**: Comment doesn't help future developers make decisions
- **Outdated Context**: Comment refers to old patterns that are no longer relevant
- **Self-Evident**: The current code clearly shows the current approach
### Transform Historical Comments When:
- **Architectural Context**: The change represents a significant pattern shift
- **Migration Guidance**: Future developers might need to understand the evolution
- **Decision Rationale**: The "why" behind the change is still relevant
- **Alternative Approaches**: The comment can guide future implementation choices
## 🔄 Transformation Patterns
### 1. From Removal Notice to Migration Note
```typescript
// ❌ REMOVE THIS
// turnOffNotifyingFlags method removed - notification state is now managed by NotificationSection component
// ✅ TRANSFORM TO THIS
// Note: Notification state management has been migrated to NotificationSection component
// which handles its own lifecycle and persistence via PlatformServiceMixin
```
### 2. From Deprecation Notice to Implementation Guide
```typescript
// ❌ REMOVE THIS
// This will be handled by the NewComponent now
// No need to call oldMethod() as it's no longer needed
// ✅ TRANSFORM TO THIS
// Note: This functionality has been migrated to NewComponent
// which provides better separation of concerns and testability
```
### 3. From Historical Note to Architectural Context
```typescript
// ❌ REMOVE THIS
// Old approach: used direct database calls
// New approach: uses service layer
// ✅ TRANSFORM TO THIS
// Note: Database access has been abstracted through service layer
// for better testability and platform independence
```
## 🚫 Anti-Patterns to Remove
- Comments that only state what was removed
- Comments that don't explain the current approach
- Comments that reference non-existent methods
- Comments that are self-evident from the code
- Comments that don't help future decision-making
## ✅ Best Practices
### When Keeping Historical Context:
1. **Explain the "Why"**: Why was the change made?
2. **Describe the "What"**: What is the current approach?
3. **Provide Context**: When might this information be useful?
4. **Use Actionable Language**: Guide future decisions, not just document history
### When Removing Historical Context:
1. **Verify Obsoleteness**: Ensure the information is truly outdated
2. **Check for Dependencies**: Ensure no other code references the old approach
3. **Update Related Docs**: If removing from code, consider adding to documentation
4. **Preserve in Git History**: The change is preserved in version control
## 🔍 Implementation Checklist
- [ ] Identify historical comments about removed/deprecated functionality
- [ ] Determine if comment provides actionable guidance
- [ ] Transform useful comments into migration notes or architectural context
- [ ] Remove comments that are purely historical without guidance value
- [ ] Ensure remaining comments explain current approach and rationale
- [ ] Update related documentation if significant context is removed
## 📚 Examples
### Good Historical Comment (Keep & Transform)
```typescript
// Note: Database access has been migrated from direct IndexedDB calls to PlatformServiceMixin
// This provides better platform abstraction and consistent error handling across web/mobile/desktop
// When adding new database operations, use this.$getContact(), this.$saveSettings(), etc.
```
### Bad Historical Comment (Remove)
```typescript
// Old method getContactFromDB() removed - now handled by PlatformServiceMixin
// No need to call the old method anymore
```
## 🎯 Integration with Harbor Pilot
This rule works in conjunction with:
- **Component Creation Ideals**: Maintains architectural consistency
- **Migration Patterns**: Documents evolution of patterns
- **Code Review Guidelines**: Ensures comments provide value
## 📝 Version History
### v1.0.0 (2025-08-21)
- Initial creation based on notification system cleanup
- Established decision framework for historical comment management
- Added transformation patterns and anti-patterns
- Integrated with existing Harbor Pilot architecture rules

49
.cursor/rules/less_complex.mdc
View File

@ -0,0 +1,49 @@
---
description: Enforce minimalist fixes for bugs/features; future-proofing requires prior discussion and strong evidence.
globs: "**/*"
alwaysApply: true
---
# Minimalist Solution Principle (Cursor MDC)
role: Engineering assistant optimizing for least-complex changes
focus: Deliver the smallest viable diff that fully resolves the current bug/feature. Defer generalization unless justified with evidence.
language: Match repository languages and conventions
## Rules
1. **Default to the least complex solution.** Fix the problem directly where it occurs; avoid new layers, indirection, or patterns unless strictly necessary.
2. **Keep scope tight.** Implement only what is needed to satisfy the acceptance criteria and tests for *this* issue.
3. **Avoid speculative abstractions.** Use the **Rule of Three**: don’t extract helpers/patterns until the third concrete usage proves the shape.
4. **No drive-by refactors.** Do not rename, reorder, or reformat unrelated code in the same change set.
5. **Minimize surface area.** Prefer local changes over cross-cutting rewires; avoid new public APIs unless essential.
6. **Be dependency-frugal.** Do not add packages or services for single, simple needs unless there’s a compelling, documented reason.
7. **Targeted tests only.** Add the smallest set of tests that prove the fix and guard against regression; don’t rewrite suites.
8. **Document the “why enough.”** Include a one-paragraph note explaining why this minimal solution is sufficient *now*.
## Future-Proofing Requires Evidence + Discussion
Any added complexity “for the future” **must** include:
- A referenced discussion/ADR (or issue link) summarizing the decision.
- **Substantial evidence**, e.g.:
- Recurring incidents or tickets that this prevents (list IDs).
- Benchmarks or profiling showing a real bottleneck.
- Concrete upcoming requirements with dates/owners, not hypotheticals.
- Risk assessment comparing maintenance cost vs. expected benefit.
- A clear trade-off table showing why minimal won’t suffice.
If this evidence is not available, **ship the minimal fix** and open a follow-up discussion item.
## PR / Change Checklist (enforced by reviewer + model)
- [ ] Smallest diff that fully fixes the issue (attach `git diff --stat` if useful).
- [ ] No unrelated refactors or formatting.
- [ ] No new dependencies, or justification + ADR link provided.
- [ ] Abstractions only if ≥3 call sites or strong evidence says otherwise (cite).
- [ ] Targeted tests proving the fix/regression guard.
- [ ] Short “Why this is enough now” note in the PR description.
- [ ] Optional: “Future Work (non-blocking)” section listing deferred ideas.
## Assistant Output Contract
When proposing a change, provide:
1. **Minimal Plan**: 3–6 bullet steps scoped to the immediate fix.
2. **Patch Sketch**: Focused diffs/snippets touching only necessary files.
3. **Risk & Rollback**: One paragraph each on risk, quick rollback, and test points.
4. **(If proposing complexity)**: Link/inline ADR summary + evidence + trade-offs; otherwise default to minimal.

348
.cursor/rules/realistic_time_estimation.mdc
View File

@ -0,0 +1,348 @@
---
description: when generating text that has project task work estimates
alwaysApply: false
---
# No Time Estimates — Harbor Pilot Directive
> **Agent role**: **DO NOT MAKE TIME ESTIMATES**. Instead, use phases, milestones, and complexity levels. Time estimates are consistently wrong and create unrealistic expectations.
## 🎯 Purpose
Development time estimates are consistently wrong and create unrealistic expectations. This rule ensures we focus on phases, milestones, and complexity rather than trying to predict specific timeframes.
## 🚨 Critical Rule
**DO NOT MAKE TIME ESTIMATES**
- **Never provide specific time estimates** - they are always wrong
- **Use phases and milestones** instead of days/weeks
- **Focus on complexity and dependencies** rather than time
- **Set expectations based on progress, not deadlines**
## 📊 Planning Framework (Not Time Estimates)
### **Complexity Categories**
- **Simple**: Text changes, styling updates, minor bug fixes
- **Medium**: New features, refactoring, component updates
- **Complex**: Architecture changes, integrations, cross-platform work
- **Unknown**: New technologies, APIs, or approaches
### **Platform Complexity**
- **Single platform**: Web-only or mobile-only changes
- **Two platforms**: Web + mobile or web + desktop
- **Three platforms**: Web + mobile + desktop
- **Cross-platform consistency**: Ensuring behavior matches across all platforms
### **Testing Complexity**
- **Basic**: Unit tests for new functionality
- **Comprehensive**: Integration tests, cross-platform testing
- **User acceptance**: User testing, feedback integration
## 🔍 Planning Process (No Time Estimates)
### **Step 1: Break Down the Work**
- Identify all subtasks and dependencies
- Group related work into logical phases
- Identify critical path and blockers
### **Step 2: Define Phases and Milestones**
- **Phase 1**: Foundation work (basic fixes, core functionality)
- **Phase 2**: Enhancement work (new features, integrations)
- **Phase 3**: Polish work (testing, user experience, edge cases)
### **Step 3: Identify Dependencies**
- **Technical dependencies**: What must be built first
- **Platform dependencies**: What works on which platforms
- **Testing dependencies**: What can be tested when
### **Step 4: Set Progress Milestones**
- **Milestone 1**: Basic functionality working
- **Milestone 2**: All platforms supported
- **Milestone 3**: Fully tested and polished
## 📋 Planning Checklist (No Time Estimates)
- [ ] Work broken down into logical phases
- [ ] Dependencies identified and mapped
- [ ] Milestones defined with clear criteria
- [ ] Complexity levels assigned to each phase
- [ ] Platform requirements identified
- [ ] Testing strategy planned
- [ ] Risk factors identified
- [ ] Success criteria defined
## 🎯 Example Planning (No Time Estimates)
### **Example 1: Simple Feature**
```
Phase 1: Core implementation
- Basic functionality
- Single platform support
- Unit tests
Phase 2: Platform expansion
- Multi-platform support
- Integration tests
Phase 3: Polish
- User testing
- Edge case handling
```
### **Example 2: Complex Cross-Platform Feature**
```
Phase 1: Foundation
- Architecture design
- Core service implementation
- Basic web platform support
Phase 2: Platform Integration
- Mobile platform support
- Desktop platform support
- Cross-platform consistency
Phase 3: Testing & Polish
- Comprehensive testing
- Error handling
- User experience refinement
```
## 🚫 Anti-Patterns to Avoid
- **"This should take X days"** - Red flag for time estimation
- **"Just a few hours"** - Ignores complexity and testing
- **"Similar to X"** - Without considering differences
- **"Quick fix"** - Nothing is ever quick in software
- **"No testing needed"** - Testing always takes effort
## ✅ Best Practices
### **When Planning:**
1. **Break down everything** - no work is too small to plan
2. **Consider all platforms** - web, mobile, desktop differences
3. **Include testing strategy** - unit, integration, and user testing
4. **Account for unknowns** - there are always surprises
5. **Focus on dependencies** - what blocks what
### **When Presenting Plans:**
1. **Show the phases** - explain the logical progression
2. **Highlight dependencies** - what could block progress
3. **Define milestones** - clear success criteria
4. **Identify risks** - what could go wrong
5. **Suggest alternatives** - ways to reduce scope or complexity
## 🔄 Continuous Improvement
### **Track Progress**
- Record planned vs. actual phases completed
- Identify what took longer than expected
- Learn from complexity misjudgments
- Adjust planning process based on experience
### **Learn from Experience**
- **Underestimated complexity**: Increase complexity categories
- **Missed dependencies**: Improve dependency mapping
- **Platform surprises**: Better platform research upfront
## 🎯 Integration with Harbor Pilot
This rule works in conjunction with:
- **Project Planning**: Focuses on phases and milestones
- **Resource Allocation**: Based on complexity, not time
- **Risk Management**: Identifies blockers and dependencies
- **Stakeholder Communication**: Sets progress-based expectations
## 📝 Version History
### v2.0.0 (2025-08-21)
- **Major Change**: Completely removed time estimation approach
- **New Focus**: Phases, milestones, and complexity-based planning
- **Eliminated**: All time multipliers, estimates, and calculations
- **Added**: Dependency mapping and progress milestone framework
### v1.0.0 (2025-08-21)
- Initial creation based on user feedback about estimation accuracy
- ~~Established realistic estimation multipliers and process~~
- ~~Added comprehensive estimation checklist and examples~~
- Integrated with Harbor Pilot planning and risk management
---
## 🚨 Remember
**DO NOT MAKE TIME ESTIMATES. Use phases, milestones, and complexity instead. Focus on progress, not deadlines.**
## 🚨 Remember
**Your first estimate is wrong. Your second estimate is probably still wrong. Focus on progress, not deadlines.**
# No Time Estimates — Harbor Pilot Directive
> **Agent role**: **DO NOT MAKE TIME ESTIMATES**. Instead, use phases, milestones, and complexity levels. Time estimates are consistently wrong and create unrealistic expectations.
## 🎯 Purpose
Development time estimates are consistently wrong and create unrealistic expectations. This rule ensures we focus on phases, milestones, and complexity rather than trying to predict specific timeframes.
## 🚨 Critical Rule
**DO NOT MAKE TIME ESTIMATES**
- **Never provide specific time estimates** - they are always wrong
- **Use phases and milestones** instead of days/weeks
- **Focus on complexity and dependencies** rather than time
- **Set expectations based on progress, not deadlines**
## 📊 Planning Framework (Not Time Estimates)
### **Complexity Categories**
- **Simple**: Text changes, styling updates, minor bug fixes
- **Medium**: New features, refactoring, component updates
- **Complex**: Architecture changes, integrations, cross-platform work
- **Unknown**: New technologies, APIs, or approaches
### **Platform Complexity**
- **Single platform**: Web-only or mobile-only changes
- **Two platforms**: Web + mobile or web + desktop
- **Three platforms**: Web + mobile + desktop
- **Cross-platform consistency**: Ensuring behavior matches across all platforms
### **Testing Complexity**
- **Basic**: Unit tests for new functionality
- **Comprehensive**: Integration tests, cross-platform testing
- **User acceptance**: User testing, feedback integration
## 🔍 Planning Process (No Time Estimates)
### **Step 1: Break Down the Work**
- Identify all subtasks and dependencies
- Group related work into logical phases
- Identify critical path and blockers
### **Step 2: Define Phases and Milestones**
- **Phase 1**: Foundation work (basic fixes, core functionality)
- **Phase 2**: Enhancement work (new features, integrations)
- **Phase 3**: Polish work (testing, user experience, edge cases)
### **Step 3: Identify Dependencies**
- **Technical dependencies**: What must be built first
- **Platform dependencies**: What works on which platforms
- **Testing dependencies**: What can be tested when
### **Step 4: Set Progress Milestones**
- **Milestone 1**: Basic functionality working
- **Milestone 2**: All platforms supported
- **Milestone 3**: Fully tested and polished
## 📋 Planning Checklist (No Time Estimates)
- [ ] Work broken down into logical phases
- [ ] Dependencies identified and mapped
- [ ] Milestones defined with clear criteria
- [ ] Complexity levels assigned to each phase
- [ ] Platform requirements identified
- [ ] Testing strategy planned
- [ ] Risk factors identified
- [ ] Success criteria defined
## 🎯 Example Planning (No Time Estimates)
### **Example 1: Simple Feature**
```
Phase 1: Core implementation
- Basic functionality
- Single platform support
- Unit tests
Phase 2: Platform expansion
- Multi-platform support
- Integration tests
Phase 3: Polish
- User testing
- Edge case handling
```
### **Example 2: Complex Cross-Platform Feature**
```
Phase 1: Foundation
- Architecture design
- Core service implementation
- Basic web platform support
Phase 2: Platform Integration
- Mobile platform support
- Desktop platform support
- Cross-platform consistency
Phase 3: Testing & Polish
- Comprehensive testing
- Error handling
- User experience refinement
```
## 🚫 Anti-Patterns to Avoid
- **"This should take X days"** - Red flag for time estimation
- **"Just a few hours"** - Ignores complexity and testing
- **"Similar to X"** - Without considering differences
- **"Quick fix"** - Nothing is ever quick in software
- **"No testing needed"** - Testing always takes effort
## ✅ Best Practices
### **When Planning:**
1. **Break down everything** - no work is too small to plan
2. **Consider all platforms** - web, mobile, desktop differences
3. **Include testing strategy** - unit, integration, and user testing
4. **Account for unknowns** - there are always surprises
5. **Focus on dependencies** - what blocks what
### **When Presenting Plans:**
1. **Show the phases** - explain the logical progression
2. **Highlight dependencies** - what could block progress
3. **Define milestones** - clear success criteria
4. **Identify risks** - what could go wrong
5. **Suggest alternatives** - ways to reduce scope or complexity
## 🔄 Continuous Improvement
### **Track Progress**
- Record planned vs. actual phases completed
- Identify what took longer than expected
- Learn from complexity misjudgments
- Adjust planning process based on experience
### **Learn from Experience**
- **Underestimated complexity**: Increase complexity categories
- **Missed dependencies**: Improve dependency mapping
- **Platform surprises**: Better platform research upfront
## 🎯 Integration with Harbor Pilot
This rule works in conjunction with:
- **Project Planning**: Focuses on phases and milestones
- **Resource Allocation**: Based on complexity, not time
- **Risk Management**: Identifies blockers and dependencies
- **Stakeholder Communication**: Sets progress-based expectations
## 📝 Version History
### v2.0.0 (2025-08-21)
- **Major Change**: Completely removed time estimation approach
- **New Focus**: Phases, milestones, and complexity-based planning
- **Eliminated**: All time multipliers, estimates, and calculations
- **Added**: Dependency mapping and progress milestone framework
### v1.0.0 (2025-08-21)
- Initial creation based on user feedback about estimation accuracy
- ~~Established realistic estimation multipliers and process~~
- ~~Added comprehensive estimation checklist and examples~~
- Integrated with Harbor Pilot planning and risk management
---
## 🚨 Remember
**DO NOT MAKE TIME ESTIMATES. Use phases, milestones, and complexity instead. Focus on progress, not deadlines.**
## 🚨 Remember
**Your first estimate is wrong. Your second estimate is probably still wrong. Focus on progress, not deadlines.**

2
.dockerignore
View File

@ -140,7 +140,7 @@ docker-compose*
.dockerignore
# CI/CD files
.github
.gitlab-ci.yml
.travis.yml
.circleci

142
.github/workflows/asset-validation.yml
View File

@ -1,142 +0,0 @@
name: Asset Validation & CI Safeguards
on:
pull_request:
paths:
- 'resources/**'
- 'config/assets/**'
- 'capacitor-assets.config.json'
- 'capacitor.config.ts'
- 'capacitor.config.json'
push:
branches: [main, develop]
paths:
- 'resources/**'
- 'config/assets/**'
- 'capacitor-assets.config.json'
- 'capacitor.config.ts'
- 'capacitor.config.json'
jobs:
asset-validation:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version-file: '.nvmrc'
cache: 'npm'
- name: Install dependencies
run: npm ci
- name: Validate asset configuration
run: npm run assets:validate
- name: Check for committed platform assets (Android)
run: |
if git ls-files -z android/app/src/main/res | grep -E '(AppIcon.*\.png|Splash.*\.png|mipmap-.*/ic_launcher.*\.png)' > /dev/null; then
echo "❌ Android platform assets found in VCS - these should be generated at build-time"
git ls-files -z android/app/src/main/res | grep -E '(AppIcon.*\.png|Splash.*\.png|mipmap-.*/ic_launcher.*\.png)'
exit 1
fi
echo "✅ No Android platform assets committed"
- name: Check for committed platform assets (iOS)
run: |
if git ls-files -z ios/App/App/Assets.xcassets | grep -E '(AppIcon.*\.png|Splash.*\.png)' > /dev/null; then
echo "❌ iOS platform assets found in VCS - these should be generated at build-time"
git ls-files -z ios/App/App/Assets.xcassets | grep -E '(AppIcon.*\.png|Splash.*\.png)'
exit 1
fi
echo "✅ No iOS platform assets committed"
- name: Test asset generation
run: |
echo "🧪 Testing asset generation workflow..."
npm run build:capacitor
npx cap sync
npx capacitor-assets generate --dry-run || npx capacitor-assets generate
echo "✅ Asset generation test completed"
- name: Verify clean tree after build
run: |
if [ -n "$(git status --porcelain)" ]; then
echo "❌ Dirty tree after build - asset configs were modified"
git status
git diff
exit 1
fi
echo "✅ Build completed with clean tree"
schema-validation:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version-file: '.nvmrc'
cache: 'npm'
- name: Install dependencies
run: npm ci
- name: Validate schema compliance
run: |
echo "🔍 Validating schema compliance..."
node -e "
const fs = require('fs');
const config = JSON.parse(fs.readFileSync('capacitor-assets.config.json', 'utf8'));
const schema = JSON.parse(fs.readFileSync('config/assets/schema.json', 'utf8'));
// Basic schema validation
if (!config.icon || !config.splash) {
throw new Error('Missing required sections: icon and splash');
}
if (!config.icon.source || !config.splash.source) {
throw new Error('Missing required source fields');
}
if (!/^resources\/.*\.(png|svg)$/.test(config.icon.source)) {
throw new Error('Icon source must be in resources/ directory');
}
if (!/^resources\/.*\.(png|svg)$/.test(config.splash.source)) {
throw new Error('Splash source must be in resources/ directory');
}
console.log('✅ Schema validation passed');
"
- name: Check source file existence
run: |
echo "📁 Checking source file existence..."
node -e "
const fs = require('fs');
const config = JSON.parse(fs.readFileSync('capacitor-assets.config.json', 'utf8'));
const requiredFiles = [
config.icon.source,
config.splash.source
];
if (config.splash.darkSource) {
requiredFiles.push(config.splash.darkSource);
}
const missingFiles = requiredFiles.filter(file => !fs.existsSync(file));
if (missingFiles.length > 0) {
console.error('❌ Missing source files:', missingFiles);
process.exit(1);
}
console.log('✅ All source files exist');
"

27
.github/workflows/playwright.yml
View File

@ -1,27 +0,0 @@
name: Playwright Tests
on:
push:
branches: [ main, master ]
pull_request:
branches: [ main, master ]
jobs:
test:
timeout-minutes: 60
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: lts/*
- name: Install dependencies
run: npm ci
- name: Install Playwright Browsers
run: npx playwright install --with-deps
- name: Run Playwright tests
run: npx playwright test
- uses: actions/upload-artifact@v4
if: always()
with:
name: playwright-report
path: playwright-report/
retention-days: 30

4
.gitignore
View File

@ -51,6 +51,9 @@ vendor/
# Build logs
build_logs/
# Guard feedback logs (for continuous improvement analysis)
.guard-feedback.log
# PWA icon files generated by capacitor-assets
icons
@ -141,3 +144,4 @@ electron/out/
android/.gradle/file-system.probe
android/.gradle/caches/
coverage
.husky-enabled

40
.husky/_/husky.sh
View File

@ -0,0 +1,40 @@
#!/usr/bin/env sh
#
# Husky Helper Script
# This file is sourced by all Husky hooks
#
if [ -z "$husky_skip_init" ]; then
debug () {
if [ "$HUSKY_DEBUG" = "1" ]; then
echo "husky (debug) - $1"
fi
}
readonly hook_name="$(basename -- "$0")"
debug "starting $hook_name..."
if [ "$HUSKY" = "0" ]; then
debug "HUSKY env variable is set to 0, skipping hook"
exit 0
fi
if [ -f ~/.huskyrc ]; then
debug "sourcing ~/.huskyrc"
. ~/.huskyrc
fi
readonly husky_skip_init=1
export husky_skip_init
sh -e "$0" "$@"
exitCode="$?"
if [ $exitCode != 0 ]; then
echo "husky - $hook_name hook exited with code $exitCode (error)"
fi
if [ $exitCode = 127 ]; then
echo "husky - command not found in PATH=$PATH"
fi
exit $exitCode
fi

10
.husky/commit-msg
View File

@ -0,0 +1,10 @@
#!/usr/bin/env bash
#
# Husky Commit Message Hook
# Validates commit message format using commitlint
#
. "$(dirname -- "$0")/_/husky.sh"
# Run commitlint but don't fail the commit (|| true)
# This provides helpful feedback without blocking commits
npx commitlint --edit "$1" || true

33
.husky/pre-commit
View File

@ -0,0 +1,33 @@
#!/usr/bin/env bash
#
# Husky Pre-commit Hook
# Runs lint-fix and Build Architecture Guard on staged files
#
. "$(dirname -- "$0")/_/husky.sh"
echo "🔍 Running pre-commit hooks..."
# Run lint-fix first
echo "📝 Running lint-fix..."
npm run lint-fix || {
echo
echo "❌ Linting failed. Please fix the issues and try again."
echo "💡 To bypass this check for emergency commits, use:"
echo " git commit --no-verify"
echo
exit 1
}
# Then run Build Architecture Guard
echo "🏗️ Running Build Architecture Guard..."
bash ./scripts/build-arch-guard.sh --staged || {
echo
echo "❌ Build Architecture Guard failed. Please fix the issues and try again."
echo "💡 To bypass this check for emergency commits, use:"
echo " git commit --no-verify"
echo
exit 1
}
echo "✅ All pre-commit checks passed!"

27
.husky/pre-push
View File

@ -0,0 +1,27 @@
#!/usr/bin/env bash
#
# Husky Pre-push Hook
# Runs Build Architecture Guard to check commits being pushed
#
. "$(dirname -- "$0")/_/husky.sh"
echo "🔍 Running Build Architecture Guard (pre-push)..."
# Get the remote branch we're pushing to
REMOTE_BRANCH="origin/$(git rev-parse --abbrev-ref HEAD)"
# Check if remote branch exists
if git show-ref --verify --quiet "refs/remotes/$REMOTE_BRANCH"; then
RANGE="$REMOTE_BRANCH...HEAD"
else
# If remote branch doesn't exist, check last commit
RANGE="HEAD~1..HEAD"
fi
bash ./scripts/build-arch-guard.sh --range "$RANGE" || {
echo
echo "💡 To bypass this check for emergency pushes, use:"
echo " git push --no-verify"
echo
exit 1
}

512
BUILDING.md
View File

File diff suppressed because it is too large

41
CHANGELOG.md
View File

@ -6,69 +6,88 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [1.0.7] - 2025.08.18
### Fixed
- Deep link for onboard-meeting-members
- Deep link for onboard-meeting-members
## [1.0.6] - 2025.08.09
### Fixed
- Deep link errors where none would validate
- Deep link errors where none would validate
## [1.0.5] - 2025.07.24
### Fixed
- Export & import of contacts corrupted contact methods
- Export & import of contacts corrupted contact methods
## [1.0.4] - 2025.07.20 - 002f2407208d56cc59c0aa7c880535ae4cbace8b
### Fixed
- Deep link for invite-one-accept
- Deep link for invite-one-accept
## [1.0.3] - 2025.07.12 - a9a8ba217cd6015321911e98e6843e988dc2c4ae
### Changed
- Photo is pinned to profile mode
### Fixed
- Deep link URLs (and other prod settings)
- Error in BVC begin view
## [1.0.2] - 2025.06.20 - 276e0a741bc327de3380c4e508cccb7fee58c06d
### Added
- Version on feed title
- Version on feed title
## [1.0.1] - 2025.06.20
### Added
- Allow a user to block someone else's content from view
- Allow a user to block someone else's content from view
## [1.0.0] - 2025.06.20 - 5aa693de6337e5dbb278bfddc6bd39094bc14f73
### Added
- Web-oriented migration from IndexedDB to SQLite
- Web-oriented migration from IndexedDB to SQLite
## [0.5.8]
### Added
- /deep-link/ path for URLs that are shared with people
### Changed
- External links now go to /deep-link/...
- Feed visuals now have arrow imagery from giver to receiver
## [0.4.7]
### Fixed
- Cameras everywhere
### Changed
- IndexedDB -> SQLite
- IndexedDB -> SQLite
## [0.4.5] - 2025.02.23
### Added
- Total amounts of gives on project page
### Changed in DB or environment
- Requires Endorser.ch version 4.2.6+
- Requires Endorser.ch version 4.2.6+
## [0.4.4] - 2025.02.17

82
README-PR-TEMPLATE.md
View File

@ -0,0 +1,82 @@
# Pull Request Template
## Location
The Build Architecture Guard PR template is located at:
- **`pull_request_template.md`** (root directory)
## Usage
When creating a pull request in Gitea, this template will automatically populate the PR description with the required checklist.
## Template Features
### Change Level Classification
- **L1**: Minor changes, documentation updates
- **L2**: Moderate changes, new features, environment changes
- **L3**: Major changes, architecture changes, new platforms
### Required Fields for All Levels
- Change level selection
- Scope and impact description
- Commands executed and their output
- Documentation updates (BUILDING.md)
- Rollback verification steps
### Additional Requirements for L3
- **ADR link**: Must provide URL to Architectural Decision Record
- **Artifacts with SHA256**: Must list artifacts with cryptographic hashes
## Integration
This template works with:
- **Gitea Actions**: `.gitea/workflows/build-guard.yml`
- **Client-side hooks**: `.husky/` pre-commit and pre-push hooks
- **Guard script**: `scripts/build-arch-guard.sh`
## Example Usage
```markdown
### Change Level
- [x] Level: **L2**
**Why:** Adding new build script for Docker deployment
### Scope & Impact
- [x] Files & platforms touched: scripts/build-docker.sh,
BUILDING.md
- [x] Risk triggers: Docker build process changes
- [x] Mitigations/validation done: Tested on local Docker environment
### Commands Run
- [x] Web: `npm run build:web:docker`
- [x] Docker: `docker build -t test-image .`
### Artifacts
- [x] Names + **sha256** of artifacts/installers:
Artifacts:
```text
test-image.tar a1b2c3d4e5f6...
```
### Docs
- [x] **BUILDING.md** updated (sections): Docker deployment
- [x] Troubleshooting updated: Added Docker troubleshooting section
### Rollback
- [x] Verified steps to restore previous behavior:
1. `git revert HEAD`
2. `docker rmi test-image`
3. Restore previous BUILDING.md
```
---
**Note**: This template is enforced by the Build Architecture Guard
system. Complete all required fields to ensure your PR can be merged.

58
README.md
View File

@ -22,6 +22,40 @@ To be able to make submissions: go to "profile" (bottom left), go to the bottom
See [BUILDING.md](BUILDING.md) for comprehensive build instructions for all platforms (Web, Electron, iOS, Android, Docker).
## 🛡️ Build Architecture Guard
This project uses **Husky Git hooks** to protect the build system
architecture. When you modify build-critical files, the system
automatically blocks commits until you update `BUILDING.md`.
### Quick Setup
```bash
npm run guard:setup # Install and activate the guard
```
### How It Works
- **Pre-commit**: Blocks commits if build files changed without
BUILDING.md updates
- **Pre-push**: Blocks pushes if commits contain undocumented build
changes
- **Protected paths**: `scripts/`, `vite.config.*`, `electron/`,
`android/`, `ios/`, etc.
### Usage
```bash
# Test the guard manually
npm run guard:test
# Emergency bypass (use sparingly)
git commit --no-verify
git push --no-verify
```
**📚 Full documentation**: See `doc/README-BUILD-GUARD.md`
## Development Database Clearing
TimeSafari provides a simple script-based approach to clear the local database (not the claim server) for development purposes.
@ -256,7 +290,29 @@ The application uses a platform-agnostic database layer with Vue mixins for serv
**Architecture Decision**: The project uses Vue mixins over Composition API composables for platform service access. See [Architecture Decisions](doc/architecture-decisions.md) for detailed rationale.
### Kudos
## 📁 Project Structure
```text
timesafari/
├── 📁 src/ # Source code
├── 📁 scripts/ # Build and automation scripts
├── 📁 electron/ # Electron configuration
├── 📁 android/ # Android configuration
├── 📁 ios/ # iOS configuration
├── 📁 .husky/ # Git hooks (Build Architecture Guard)
├── 📄 BUILDING.md # Build system documentation
├── 📄 pull_request_template.md # PR template
└── 📄 doc/README-BUILD-GUARD.md # Guard system documentation
```
## 🤝 Contributing
1. **Follow the Build Architecture Guard** - Update BUILDING.md when modifying build files
2. **Use the PR template** - Complete the checklist for build-related changes
3. **Test your changes** - Ensure builds work on affected platforms
4. **Document updates** - Keep BUILDING.md current and accurate
## Kudos
Gifts make the world go 'round!

8
TASK_storage.md
View File

@ -1,7 +1,6 @@
# What to do about storage for native apps?
## Problem
We can't trust iOS IndexedDB to persist. I want to start delivering an app to people now, in preparation for presentations mid-June: Rotary on June 12 and Porcfest on June 17.
@ -14,7 +13,6 @@ We can't trust iOS IndexedDB to persist. I want to start delivering an app to pe
Also, with sensitive data, the accounts info should be encrypted.
# Options
* There is a community [SQLite plugin for Capacitor](https://github.com/capacitor-community/sqlite) with encryption by [SQLCipher](https://github.com/sqlcipher/sqlcipher).
@ -29,16 +27,12 @@ Also, with sensitive data, the accounts info should be encrypted.
* Not an option yet: Dexie may support SQLite in [a future version](https://dexie.org/roadmap/dexie5.0).
# Current Plan
* Implement SQLite for Capacitor & web, with encryption. That will allow us to test quickly and keep the same interface for native & web, but we don't deal with migrations for current web users.
* After that is delivered, write a migration for current web users from IndexedDB to SQLite.
# Current method calls
... which is not 100% complete because the AI that generated thus claimed no usage of 'temp' DB.
@ -80,5 +74,3 @@ Logs operations:
db.logs.get(todayKey) - Gets logs for a specific day
db.logs.update(todayKey, { message: fullMessage }) - Updates logs
db.logs.clear() - Clears all logs

3
doc/DEEP_LINKS.md
View File

@ -47,6 +47,7 @@ type ClaimParams = z.infer<typeof claimSchema>;
### Type Safety Layers
1. **Schema Definition**
```typescript
// src/interfaces/deepLinks.ts
export const deepLinkSchemas = {
@ -59,6 +60,7 @@ type ClaimParams = z.infer<typeof claimSchema>;
```
2. **Type Generation**
```typescript
// Types are automatically generated from schemas
export type DeepLinkParams = {
@ -67,6 +69,7 @@ type ClaimParams = z.infer<typeof claimSchema>;
```
3. **Runtime Validation**
```typescript
// In DeepLinkHandler
const result = deepLinkSchemas.claim.safeParse(params);

336
doc/README-BUILD-GUARD.md
View File

@ -0,0 +1,336 @@
# Build Architecture Guard - Husky Implementation
## Overview
The Build Architecture Guard protects your build system by enforcing
documentation requirements through **Git hooks**. When you modify
build-critical files, the system automatically blocks commits/pushes
until you update `BUILDING.md`.
## 🎯 **Why Husky-Only?**
**Advantages:**
- ✅ **Immediate feedback** - Hooks run before commit/push
- ✅ **Works everywhere** - No server-side CI/CD required
- ✅ **Simple setup** - One tool, one configuration
- ✅ **Fast execution** - No network delays or server queues
- ✅ **Offline support** - Works without internet connection
**Trade-offs:**
- ⚠️ **Can be bypassed** - `git commit --no-verify` or `git push --no-verify`
- ⚠️ **Developer discipline** - Relies on team following the rules
## 🏗️ **Architecture**
```bash
Developer Workflow:
1. Modify build files (scripts/, vite.config.*, etc.)
2. Try to commit → Husky pre-commit hook runs
3. Guard script checks if BUILDING.md was updated
4. ✅ Commit succeeds if docs updated
5. ❌ Commit blocked if docs missing
```
## 🚀 **Quick Start**
### 1. Install Dependencies
```bash
npm install
npm run prepare # Sets up Husky hooks
```
### 2. Test the System
```bash
# Modify a build file without updating BUILDING.md
echo "# test" >> scripts/test.sh
# Try to commit (should be blocked)
git add scripts/test.sh
git commit -m "test: add build script"
# ❌ Hook blocks commit with helpful message
```
### 3. Fix and Retry
```bash
# Update BUILDING.md with your changes
echo "## New Build Script" >> BUILDING.md
echo "Added test.sh for testing purposes" >> BUILDING.md
# Now commit should succeed
git add BUILDING.md
git commit -m "feat: add test build script with docs"
# ✅ Commit succeeds
```
## 🔧 **How It Works**
### Pre-commit Hook (`.husky/pre-commit`)
- **When**: Every `git commit`
- **What**: Runs `./scripts/build-arch-guard.sh --staged`
- **Result**: Blocks commit if build files changed without BUILDING.md update
### Pre-push Hook (`.husky/pre-push`)
- **When**: Every `git push`
- **What**: Runs `./scripts/build-arch-guard.sh --range`
- **Result**: Blocks push if commits contain undocumented build changes
### Guard Script (`scripts/build-arch-guard.sh`)
- **Detects**: Changes to build-sensitive file patterns
- **Validates**: BUILDING.md was updated alongside changes
- **Reports**: Clear error messages with guidance
## 📁 **Protected File Patterns**
The guard script monitors these paths for changes:
```text
Build Configuration:
├── vite.config.* # Vite configuration
├── capacitor.config.ts # Capacitor configuration
├── package.json # Package configuration
├── package-lock.json # Lock files
├── yarn.lock
└── pnpm-lock.yaml
Build Scripts:
├── scripts/** # All build and automation scripts
├── electron/** # Electron build files
├── android/** # Android build configuration
├── ios/** # iOS build configuration
├── sw_scripts/** # Service worker scripts
└── sw_combine.js # Service worker combination
Deployment:
├── Dockerfile # Docker configuration
└── docker/** # Docker services
```
## 🎭 **Usage Scenarios**
### Scenario 1: Adding a New Build Script
```bash
# ❌ This will be blocked
echo '#!/bin/bash' > scripts/new-build.sh
git add scripts/new-build.sh
git commit -m "feat: add new build script"
# Hook blocks: "Build-sensitive files changed but BUILDING.md not updated"
# ✅ This will succeed
echo '#!/bin/bash' > scripts/new-build.sh
echo '## New Build Script' >> BUILDING.md
echo 'Added new-build.sh for feature X' >> BUILDING.md
git add scripts/new-build.sh BUILDING.md
git commit -m "feat: add new build script with docs"
# ✅ Commit succeeds
```
### Scenario 2: Updating Vite Configuration
```bash
# ❌ This will be blocked
echo 'export default { newOption: true }' >> vite.config.ts
git add vite.config.ts
git commit -m "config: add new vite option"
# Hook blocks: "Build-sensitive files changed but BUILDING.md not updated"
# ✅ This will succeed
echo 'export default { newOption: true }' >> vite.config.ts
echo '### New Vite Option' >> BUILDING.md
echo 'Added newOption for improved performance' >> BUILDING.md
git add vite.config.ts BUILDING.md
git commit -m "config: add new vite option with docs"
# ✅ Commit succeeds
```
## 🚨 **Emergency Bypass**
**⚠️ Use sparingly and only for emergencies:**
```bash
# Skip pre-commit hook
git commit -m "emergency: critical fix" --no-verify
# Skip pre-push hook
git push --no-verify
# Remember to update BUILDING.md later!
```
## 🔍 **Troubleshooting**
### Hooks Not Running
```bash
# Reinstall hooks
npm run prepare
# Check hook files exist and are executable
ls -la .husky/
chmod +x .husky/*
# Verify Git hooks path
git config core.hooksPath
# Should show: .husky
```
### Guard Script Issues
```bash
# Test guard script manually
./scripts/build-arch-guard.sh --help
# Check script permissions
chmod +x scripts/build-arch-guard.sh
# Test with specific files
./scripts/build-arch-guard.sh --staged
```
### False Positives
```bash
# If guard blocks legitimate changes, check:
# 1. Are you modifying a protected file pattern?
# 2. Did you update BUILDING.md?
# 3. Is BUILDING.md staged for commit?
# View what the guard sees
git diff --name-only --cached
```
## 📋 **Best Practices**
### For Developers
1. **Update BUILDING.md first** - Document changes before implementing
2. **Test locally** - Run `./scripts/build-arch-guard.sh --staged` before committing
3. **Use descriptive commits** - Include context about build changes
4. **Don't bypass lightly** - Only use `--no-verify` for true emergencies
### For Teams
1. **Document the system** - Ensure everyone understands the guard
2. **Review BUILDING.md updates** - Verify documentation quality
3. **Monitor bypass usage** - Track when hooks are skipped
4. **Regular audits** - Check that BUILDING.md stays current
### For Maintainers
1. **Update protected patterns** - Modify `scripts/build-arch-guard.sh` as needed
2. **Monitor effectiveness** - Track how often the guard catches issues
3. **Team training** - Help developers understand the system
4. **Continuous improvement** - Refine patterns and error messages
## 🚨 **Troubleshooting**
### Common Issues
#### mapfile Command Not Found
**Problem**: Pre-commit hook fails with `mapfile: command not found`
**Cause**: The `mapfile` command is bash-specific and not available in all shell environments
**Solution**: The script has been updated to use portable alternatives. If you encounter this issue:
```bash
# Verify the script is executable
chmod +x scripts/build-arch-guard.sh
# Test the script directly
./scripts/build-arch-guard.sh --help
# Check your shell environment
echo $SHELL
bash --version
```
**Prevention**: Ensure your development environment uses bash and the script has proper permissions
### False Positives
```bash
# If guard blocks legitimate changes, check:
# 1. Are you modifying a protected file pattern?
# 2. Did you update BUILDING.md?
# 3. Is BUILDING.md staged for commit?
# View what the guard sees
git diff --name-only --cached
```
## 🔄 **Customization**
### Adding New Protected Paths
Edit `scripts/build-arch-guard.sh`:
```bash
SENSITIVE=(
# ... existing patterns ...
"new-pattern/**" # Add your new pattern
"*.config.js" # Add file extensions
)
```
### Modifying Error Messages
Edit the guard script to customize:
- Error message content
- File pattern matching
- Documentation requirements
- Bypass instructions
### Adding New Validation Rules
Extend the guard script to check for:
- Specific file content patterns
- Required documentation sections
- Commit message formats
- Branch naming conventions
## 📚 **Integration with PR Template**
The `pull_request_template.md` works with this system by:
- **Guiding developers** through required documentation
- **Ensuring consistency** across all build changes
- **Providing checklist** for comprehensive updates
- **Supporting L1/L2/L3** change classification
## 🎯 **Success Metrics**
Track the effectiveness of your Build Architecture Guard:
- **Hook execution rate** - How often hooks run successfully
- **Bypass frequency** - How often `--no-verify` is used
- **Documentation quality** - BUILDING.md stays current
- **Build failures** - Fewer issues from undocumented changes
- **Team adoption** - Developers follow the process
---
**Status**: Active protection system
**Architecture**: Client-side Git hooks only
**Dependencies**: Husky, Git, Bash
**Maintainer**: Development team
**Related**: `pull_request_template.md`, `scripts/build-arch-guard.sh`
## 📝 **Changelog**
### 2025-08-22 - Shell Compatibility Fix
- **Fixed**: Replaced `mapfile` command with portable alternative for cross-shell compatibility
- **Impact**: Resolves "mapfile: command not found" errors in pre-commit hooks
- **Files**: `scripts/build-arch-guard.sh`
- **Testing**: Script now works across different shell environments

3
doc/README.md
View File

@ -54,7 +54,7 @@ sudo tlmgr install sourceserifpro
The following guide was adapted to this project except that we install with Brew and have a few more packages.
Guide: https://daniel.feldroy.com/posts/setting-up-latex-on-mac-os-x
Guide: <https://daniel.feldroy.com/posts/setting-up-latex-on-mac-os-x>
### Usage
@ -71,6 +71,7 @@ open usage-guide.pdf
```
Or use this one-liner
```bash
pandoc usage-guide.md -o usage-guide.pdf && open usage-guide.pdf
```

238
doc/android-asset-validation.md
View File

@ -0,0 +1,238 @@
# Android Asset Validation System
**Author**: Matthew Raymer
**Date**: 2025-08-22
**Status**: 🎯 **ACTIVE** - Production Ready
## Overview
The Android Asset Validation System automatically detects and fixes missing Android resources before building, preventing common build failures related to missing splash screens and app icons.
## Problem Solved
Previously, Android builds would fail with errors like:
```
error: resource drawable/splash (aka app.timesafari.app:drawable/splash) not found.
error: resource mipmap/ic_launcher (aka app.timesafari.app:mipmap/ic_launcher) not found.
```
This happened when:
- Source assets existed but weren't generated into Android resources
- Android resource directories were missing
- Asset generation tools weren't run before building
## Solution
### Enhanced Build Script Validation
The `scripts/build-android.sh` script now includes comprehensive asset validation that:
1. **Checks Source Assets**: Validates that required source files exist in `resources/`
2. **Checks Android Resources**: Verifies that generated Android resources exist
3. **Auto-Regenerates**: Automatically regenerates missing resources when detected
4. **Verifies Results**: Confirms that regeneration was successful
### Validation Process
```bash
# Validates and regenerates if needed
npm run assets:validate:android
# Full build with validation
npm run build:android:studio
```
### What Gets Validated
#### Source Assets (Required)
- `resources/icon.png` - App icon source
- `resources/splash.png` - Splash screen source
- `resources/splash_dark.png` - Dark mode splash source
#### Android Resources (Generated)
- `android/app/src/main/res/drawable/splash.png` - Splash screen drawable
- `android/app/src/main/res/mipmap-*/ic_launcher.png` - App icons for all densities
- `android/app/src/main/res/mipmap-*/ic_launcher_round.png` - Round app icons for all densities
### Density Levels Checked
- `mipmap-mdpi` (1x)
- `mipmap-hdpi` (1.5x)
- `mipmap-xhdpi` (2x)
- `mipmap-xxhdpi` (3x)
- `mipmap-xxxhdpi` (4x)
## Usage
### Automatic Validation (Recommended)
The validation runs automatically during all Android builds:
```bash
# Development build with validation
npm run build:android:studio
# Production build with validation
npm run build:android:prod
# Debug build with validation
npm run build:android:debug
```
### Manual Validation
Run validation only to check/fix assets:
```bash
# Validate and regenerate if needed
npm run assets:validate:android
# Alternative command
./scripts/build-android.sh --assets-only
```
### Validation Only (No Regeneration)
Check configuration without fixing:
```bash
npm run assets:validate
```
## Error Handling
### Missing Source Assets
If source assets are missing, the build fails with clear error messages:
```
[ERROR] Missing source assets:
[ERROR] - resources/icon.png
[ERROR] - resources/splash.png
[ERROR] Please ensure all required assets are present in the resources/ directory.
```
### Missing Generated Resources
If generated resources are missing, they're automatically regenerated:
```
[WARN] Missing Android resources detected:
[WARN] - drawable/splash.png
[WARN] - mipmap-mdpi/ic_launcher.png
[INFO] Regenerating Android assets...
[SUCCESS] Android assets regenerated successfully
```
### Generation Failure
If regeneration fails, helpful guidance is provided:
```
[ERROR] Failed to generate Android assets
[INFO] You may need to manually create the missing resources:
[INFO] - android/app/src/main/res/drawable/splash.png
[INFO] - android/app/src/main/res/mipmap-mdpi/ic_launcher.png
```
## Integration Points
### Build Script Integration
The validation is integrated into the main build process:
```bash
# In scripts/build-android.sh
validate_dependencies
validate_android_assets || {
log_error "Android asset validation failed. Please fix the issues above and try again."
exit 9
}
```
### NPM Scripts
New npm scripts for asset management:
```json
{
"assets:validate": "npx tsx scripts/assets-validator.ts",
"assets:validate:android": "./scripts/build-android.sh --assets-only",
"assets:clean": "rimraf android/app/src/main/res/mipmap-* ios/App/App/Assets.xcassets/**/AppIcon*.png ios/App/App/Assets.xcassets/**/Splash*.png || true"
}
```
## Benefits
### For Developers
- **No More Build Failures**: Automatic detection and fixing of missing resources
- **Faster Development**: No need to manually run asset generation tools
- **Clear Error Messages**: Helpful guidance when issues occur
- **Consistent Results**: Same validation on all development machines
### For CI/CD
- **Reliable Builds**: Consistent asset validation across environments
- **Early Detection**: Catches issues before they reach production
- **Automated Fixes**: Self-healing builds when possible
### For Project Maintenance
- **Reduced Support**: Fewer "build doesn't work" issues
- **Documentation**: Clear requirements for required assets
- **Standardization**: Consistent asset structure across the project
## Troubleshooting
### Common Issues
#### "No assets found in the asset path"
This occurs when the `assets/` directory is empty. The validation system automatically copies source assets and regenerates them.
#### "Failed to generate Android assets"
Check that:
- Source assets exist in `resources/`
- `@capacitor/assets` is installed
- You have write permissions to the Android directories
#### "Asset generation completed but some resources are still missing"
This indicates a problem with the asset generation tool. Try:
1. Running `npm install` to ensure dependencies are up to date
2. Manually running `npx @capacitor/assets generate`
3. Checking the asset generation logs for specific errors
### Manual Recovery
If automatic regeneration fails, you can manually create the missing resources:
```bash
# Create missing directories
mkdir -p android/app/src/main/res/drawable
mkdir -p android/app/src/main/res/mipmap-{mdpi,hdpi,xhdpi,xxhdpi,xxxhdpi}
# Copy source assets to assets directory
cp resources/icon.png assets/
cp resources/splash.png assets/
cp resources/splash_dark.png assets/
# Generate assets manually
npx @capacitor/assets generate
# Clean up
rm assets/icon.png assets/splash.png assets/splash_dark.png
```
## Future Enhancements
### Planned Improvements
- **iOS Asset Validation**: Extend validation to iOS assets
- **Asset Quality Checks**: Validate image dimensions and formats
- **Performance Optimization**: Cache validation results
- **CI/CD Integration**: Add validation to GitHub Actions
### Configuration Options
- **Custom Asset Paths**: Support for different asset directory structures
- **Validation Rules**: Configurable validation requirements
- **Skip Options**: Ability to skip validation for specific scenarios
## References
- [Capacitor Assets Documentation](https://github.com/ionic-team/capacitor-assets)
- [Android Resource System](https://developer.android.com/guide/topics/resources/providing-resources)
- [Build Script Documentation](./build-android.sh)
- [Asset Configuration](./capacitor-assets.config.json)
---
**Status**: Active validation system
**Priority**: High
**Maintainer**: Development team
**Next Review**: 2025-09-22

1
doc/asset-migration-plan.md
View File

@ -103,6 +103,7 @@ scripts/
### Configuration Schema
The schema enforces:
- Source files must be in `resources/` directory
- Required fields for icon and splash sections
- Android adaptive icon support (foreground/background/monochrome)

8
doc/build-modernization-context.md
View File

@ -3,11 +3,13 @@
**Author:** Matthew Raymer
## Motivation
- Eliminate manual hacks and post-build scripts for Electron builds
- Ensure maintainability, reproducibility, and security of build outputs
- Unify build, test, and deployment scripts for developer experience and CI/CD
## Key Technical Decisions
- **Vite is the single source of truth for build output**
- All Electron build output (main process, preload, renderer HTML/CSS/JS) is managed by `vite.config.electron.mts`
- **CSS injection for Electron is handled by a Vite plugin**
@ -21,6 +23,7 @@
- Renderer assets: `dist-electron/www/` (HTML, CSS, JS)
## Security & Maintenance Checklist
- [x] All scripts and configs are committed and documented
- [x] No manual file hacks remain
- [x] All build output is deterministic and reproducible
@ -28,21 +31,26 @@
- [x] Documentation (`BUILDING.md`) is up to date
## How to Build Electron
1. Run:
```bash
./scripts/build-electron.sh
```
2. Output will be in `dist-electron/`:
- `main.js`, `preload.js` in root
- `www/` contains all renderer assets
3. No manual post-processing is required
## Customization
- **Vite config:** All build output and asset handling is controlled in `vite.config.electron.mts`
- **CSS/HTML injection:** Use Vite plugins (see `electron-css-injection` in the config) for further customization
- **Build scripts:** All orchestration is in `scripts/` and documented in `BUILDING.md`
## For Future Developers
- Always use Vite plugins/config for build output changes
- Never manually edit built files or inject assets post-build
- Keep documentation and scripts in sync with the build process

17
doc/circular-dependency-analysis.md
View File

@ -13,23 +13,27 @@ The codebase currently has **no active circular dependencies** that are causing
### 🔍 **Resolved Dependency Patterns**
#### 1. **Logger → PlatformServiceFactory → Logger** (RESOLVED)
- **Status**: ✅ **RESOLVED**
- **Previous Issue**: Logger imported `logToDb` from databaseUtil, which imported logger
- **Solution**: Logger now uses direct database access via PlatformServiceFactory
- **Implementation**: Self-contained `logToDatabase()` function in logger.ts
#### 2. **PlatformServiceMixin → databaseUtil → logger → PlatformServiceMixin** (RESOLVED)
- **Status**: ✅ **RESOLVED**
- **Previous Issue**: PlatformServiceMixin imported `memoryLogs` from databaseUtil
- **Solution**: Created self-contained `_memoryLogs` array in PlatformServiceMixin
- **Implementation**: Self-contained memory logs implementation
#### 3. **databaseUtil → logger → PlatformServiceFactory → databaseUtil** (RESOLVED)
- **Status**: ✅ **RESOLVED**
- **Previous Issue**: databaseUtil imported logger, which could create loops
- **Solution**: Logger is now self-contained and doesn't import from databaseUtil
#### 4. **Utility Files → databaseUtil → PlatformServiceMixin** (RESOLVED)
- **Status**: ✅ **RESOLVED**
- **Previous Issue**: `src/libs/util.ts` and `src/services/deepLinks.ts` imported from databaseUtil
- **Solution**: Replaced with self-contained implementations and PlatformServiceFactory usage
@ -43,18 +47,21 @@ The codebase currently has **no active circular dependencies** that are causing
### ✅ **All Critical Dependencies Resolved**
#### PlatformServiceMixin Independence
- **Status**: ✅ **COMPLETE**
- **Achievement**: PlatformServiceMixin has no external dependencies on databaseUtil
- **Implementation**: Self-contained memory logs and utility functions
- **Impact**: Enables complete migration of databaseUtil functions to PlatformServiceMixin
#### Logger Independence
- **Status**: ✅ **COMPLETE**
- **Achievement**: Logger is completely self-contained
- **Implementation**: Direct database access via PlatformServiceFactory
- **Impact**: Eliminates all circular dependency risks
#### Utility Files Independence
- **Status**: ✅ **COMPLETE**
- **Achievement**: All utility files no longer depend on databaseUtil
- **Implementation**: Self-contained functions and direct platform service access
@ -63,6 +70,7 @@ The codebase currently has **no active circular dependencies** that are causing
### 🎯 **Migration Readiness Status**
#### Files Ready for Migration (52 files)
1. **Components** (15 files):
- `PhotoDialog.vue`
- `FeedFilters.vue`
@ -98,6 +106,7 @@ The codebase currently has **no active circular dependencies** that are causing
### 🟢 **Healthy Dependencies**
#### Logger Usage (80+ files)
- **Status**: ✅ **HEALTHY**
- **Pattern**: All files import logger from `@/utils/logger`
- **Impact**: No circular dependencies, logger is self-contained
@ -106,21 +115,25 @@ The codebase currently has **no active circular dependencies** that are causing
## Resolution Strategy - COMPLETED
### ✅ **Phase 1: Complete PlatformServiceMixin Independence (COMPLETE)**
1. **Removed memoryLogs import** from PlatformServiceMixin ✅
2. **Created self-contained memoryLogs** implementation ✅
3. **Added missing utility methods** to PlatformServiceMixin ✅
### ✅ **Phase 2: Utility Files Migration (COMPLETE)**
1. **Migrated deepLinks.ts** - Replaced databaseUtil logging with console logging ✅
2. **Migrated util.ts** - Replaced databaseUtil functions with self-contained implementations ✅
3. **Updated all PlatformServiceFactory calls** to use async pattern ✅
### 🎯 **Phase 3: File-by-File Migration (READY TO START)**
1. **High-usage files first** (views, core components)
2. **Replace databaseUtil imports** with PlatformServiceMixin
3. **Update function calls** to use mixin methods
### 🎯 **Phase 4: Cleanup (FUTURE)**
1. **Remove unused databaseUtil functions**
2. **Update TypeScript interfaces**
3. **Remove databaseUtil imports** from all files
@ -128,6 +141,7 @@ The codebase currently has **no active circular dependencies** that are causing
## Current Status Summary
### ✅ **Resolved Issues**
1. **Logger circular dependency** - Fixed with self-contained implementation
2. **PlatformServiceMixin circular dependency** - Fixed with self-contained memoryLogs
3. **Utility files circular dependency** - Fixed with self-contained implementations
@ -135,6 +149,7 @@ The codebase currently has **no active circular dependencies** that are causing
5. **Runtime stability** - No circular dependency crashes
### 🎯 **Ready for Next Phase**
1. **52 files** ready for databaseUtil migration
2. **PlatformServiceMixin** fully independent and functional
3. **Clear migration path** - Well-defined targets and strategy
@ -142,6 +157,7 @@ The codebase currently has **no active circular dependencies** that are causing
## Benefits of Current State
### ✅ **Achieved**
1. **No runtime circular dependencies** - Application runs without crashes
2. **Self-contained logger** - No more logger/databaseUtil loops
3. **PlatformServiceMixin ready** - All methods implemented and independent
@ -149,6 +165,7 @@ The codebase currently has **no active circular dependencies** that are causing
5. **Clear migration path** - Well-defined targets and strategy
### 🎯 **Expected After Migration**
1. **Complete databaseUtil migration** - Single source of truth
2. **Eliminated circular dependencies** - Clean architecture
3. **Improved performance** - Caching and optimization

14
doc/component-communication-guide.md
View File

@ -93,6 +93,7 @@ export default class FormComponent extends Vue {
When generating component templates, follow these patterns:
#### Function Props Template
```vue
<template>
<div class="component-name">
@ -124,6 +125,7 @@ export default class ComponentName extends Vue {
```
#### $emit Template (for DOM events)
```vue
<template>
<div class="component-name">
@ -155,12 +157,14 @@ export default class ComponentName extends Vue {
### Code Generation Rules
#### 1. Function Props for Business Logic
- **Data operations**: Save, delete, update, validate
- **Navigation**: Route changes, modal opening/closing
- **State management**: Store actions, state updates
- **API calls**: Data fetching, form submissions
#### 2. $emit for User Interactions
- **Click events**: Button clicks, link navigation
- **Form events**: Input changes, form submissions
- **Lifecycle events**: Component mounting, unmounting
@ -169,6 +173,7 @@ export default class ComponentName extends Vue {
#### 3. Naming Conventions
**Function Props:**
```typescript
// Action-oriented names
onSave: (data: SaveData) => Promise<void>
@ -179,6 +184,7 @@ onNavigate: (route: string) => void
```
**$emit Events:**
```typescript
// Event-oriented names
@click: (event: MouseEvent) => void
@ -191,6 +197,7 @@ onNavigate: (route: string) => void
### TypeScript Integration
#### Function Prop Types
```typescript
// Define reusable function types
interface SaveHandler {
@ -207,6 +214,7 @@ interface ValidationHandler {
```
#### Event Types
```typescript
// Define event payload types
interface ClickEvent {
@ -226,6 +234,7 @@ handleClick(): ClickEvent {
## Testing Guidelines
### Function Props Testing
```typescript
// Easy to mock and test
const mockOnSave = jest.fn();
@ -240,6 +249,7 @@ expect(mockOnSave).toHaveBeenCalledWith(expectedData);
```
### $emit Testing
```typescript
// Requires event simulation
const wrapper = mount(MyComponent);
@ -260,6 +270,7 @@ expect(wrapper.emitted('click')).toBeTruthy();
### Example Migration
**Before ($emit):**
```typescript
@Emit("save")
handleSave() {
@ -268,6 +279,7 @@ handleSave() {
```
**After (Function Props):**
```typescript
@Prop({ required: true }) onSave!: (data: FormData) => void;
@ -288,6 +300,7 @@ handleSave() {
## Code Generation Templates
### Component Generator Input
```typescript
interface ComponentSpec {
name: string;
@ -306,6 +319,7 @@ interface ComponentSpec {
```
### Generated Output
```typescript
// Generator should automatically choose function props vs $emit
// based on the nature of the interaction (business logic vs DOM event)

14
doc/cors-disabled-for-universal-images.md
View File

@ -7,10 +7,12 @@ CORS headers have been **disabled** to support Time Safari's core mission: enabl
## What Changed
### ❌ Removed CORS Headers
- `Cross-Origin-Opener-Policy: same-origin`
- `Cross-Origin-Embedder-Policy: require-corp`
### ✅ Results
- Images from **any domain** now work in development and production
- No proxy configuration needed
- No whitelist of supported image hosts
@ -19,11 +21,13 @@ CORS headers have been **disabled** to support Time Safari's core mission: enabl
## Technical Tradeoffs
### 🔻 Lost: SharedArrayBuffer Performance
- **Before**: Fast SQLite operations via SharedArrayBuffer
- **After**: Slightly slower IndexedDB fallback mode
- **Impact**: Minimal for typical usage - absurd-sql automatically falls back
### 🔺 Gained: Universal Image Support
- **Before**: Only specific domains worked (TimeSafari, Flickr, Imgur, etc.)
- **After**: Any image URL works immediately
- **Impact**: Massive improvement for user experience
@ -31,6 +35,7 @@ CORS headers have been **disabled** to support Time Safari's core mission: enabl
## Architecture Impact
### Database Operations
```typescript
// absurd-sql automatically detects SharedArrayBuffer availability
if (typeof SharedArrayBuffer === "undefined") {
@ -43,6 +48,7 @@ if (typeof SharedArrayBuffer === "undefined") {
```
### Image Loading
```typescript
// All images load directly now
export function transformImageUrlForCors(imageUrl: string): string {
@ -53,11 +59,13 @@ export function transformImageUrlForCors(imageUrl: string): string {
## Why This Was The Right Choice
### Time Safari's Use Case
- **Community platform** where users share content from anywhere
- **User-generated content** includes images from arbitrary websites
- **Flexibility** is more important than marginal performance gains
### Alternative Would Require
- Pre-configuring proxies for every possible image hosting service
- Constantly updating proxy list as users find new sources
- Poor user experience when images fail to load
@ -66,11 +74,13 @@ export function transformImageUrlForCors(imageUrl: string): string {
## Performance Comparison
### Database Operations
- **SharedArrayBuffer**: ~2x faster for large operations
- **IndexedDB**: Still very fast for typical Time Safari usage
- **Real Impact**: Negligible for typical user operations
### Image Loading
- **With CORS**: Many images failed to load in development
- **Without CORS**: All images load immediately
- **Real Impact**: Massive improvement in user experience
@ -87,11 +97,13 @@ export function transformImageUrlForCors(imageUrl: string): string {
## Migration Notes
### For Developers
- No code changes needed
- `transformImageUrlForCors()` still exists but returns original URL
- All existing image references work without modification
### For Users
- Images from any website now work immediately
- No more "image failed to load" issues in development
- Consistent behavior between development and production
@ -99,12 +111,14 @@ export function transformImageUrlForCors(imageUrl: string): string {
## Future Considerations
### If Performance Becomes Critical
1. **Selective CORS**: Enable only for specific operations
2. **Service Worker**: Handle image proxying at service worker level
3. **Build-time Processing**: Pre-process images during build
4. **User Education**: Guide users toward optimized image hosting
### Monitoring
- Track database operation performance
- Monitor for any user-reported slowness
- Consider re-enabling SharedArrayBuffer if usage patterns change

26
doc/cors-image-loading-solution.md
View File

@ -7,6 +7,7 @@ This document describes the implementation of a comprehensive image loading solu
## Problem Statement
When using SharedArrayBuffer (required for absurd-sql), browsers enforce a cross-origin isolated environment with these headers:
- `Cross-Origin-Opener-Policy: same-origin`
- `Cross-Origin-Embedder-Policy: require-corp`
@ -19,6 +20,7 @@ This isolation prevents loading external resources (including images) unless the
The solution uses a multi-tier approach to handle images from various sources:
#### Tier 1: Specific Domain Proxies (Development Only)
- **TimeSafari Images**: `/image-proxy/``https://image.timesafari.app/`
- **Flickr Images**: `/flickr-proxy/``https://live.staticflickr.com/`
- **Imgur Images**: `/imgur-proxy/``https://i.imgur.com/`
@ -26,14 +28,17 @@ The solution uses a multi-tier approach to handle images from various sources:
- **Unsplash**: `/unsplash-proxy/``https://images.unsplash.com/`
#### Tier 2: Universal CORS Proxy (Development Only)
- **Any External Domain**: Uses `https://api.allorigins.win/raw?url=` for arbitrary domains
#### Tier 3: Direct Loading (Production)
- **Production Mode**: All images load directly without proxying
### 2. Smart URL Transformation
The `transformImageUrlForCors` function automatically:
- Detects the image source domain
- Routes through appropriate proxy in development
- Preserves original URLs in production
@ -44,6 +49,7 @@ The `transformImageUrlForCors` function automatically:
### Configuration Files
#### `vite.config.common.mts`
```typescript
server: {
headers: {
@ -63,6 +69,7 @@ server: {
```
#### `src/libs/util.ts`
```typescript
export function transformImageUrlForCors(imageUrl: string): string {
// Development mode: Transform URLs to use proxies
@ -93,21 +100,25 @@ const imageUrl = transformImageUrlForCors(originalImageUrl);
## Benefits
### ✅ SharedArrayBuffer Support
- Maintains cross-origin isolation required for SharedArrayBuffer
- Enables fast SQLite database operations via absurd-sql
- Provides better performance than IndexedDB fallback
### ✅ Universal Image Support
- Handles images from any domain
- No need to pre-configure every possible image source
- Graceful fallback for unknown domains
### ✅ Development/Production Flexibility
- Proxy system only active in development
- Production uses direct URLs for maximum performance
- No proxy server required in production
### ✅ Automatic Detection
- Smart URL transformation based on domain patterns
- Preserves relative URLs and data URLs
- Handles edge cases gracefully
@ -115,6 +126,7 @@ const imageUrl = transformImageUrlForCors(originalImageUrl);
## Testing
### Automated Testing
Run the test suite to verify URL transformation:
```typescript
@ -125,6 +137,7 @@ testCorsImageTransformation();
```
### Visual Testing
Create test image elements to verify loading:
```typescript
@ -135,6 +148,7 @@ createTestImageElements();
```
### Manual Testing
1. Start development server: `npm run dev`
2. Open browser console to see transformation logs
3. Check Network tab for proxy requests
@ -143,16 +157,19 @@ createTestImageElements();
## Security Considerations
### Development Environment
- CORS proxies are only used in development
- External proxy services (allorigins.win) are used for testing
- No sensitive data is exposed through proxies
### Production Environment
- All images load directly without proxying
- No dependency on external proxy services
- Original security model maintained
### Privacy
- Image URLs are not logged or stored by proxy services
- Proxy requests are only made during development
- No tracking or analytics in proxy chain
@ -160,11 +177,13 @@ createTestImageElements();
## Performance Impact
### Development
- Slight latency from proxy requests
- Additional network hops for external domains
- More verbose logging for debugging
### Production
- No performance impact
- Direct image loading as before
- No proxy overhead
@ -174,17 +193,20 @@ createTestImageElements();
### Common Issues
#### Images Not Loading in Development
1. Check console for proxy errors
2. Verify CORS headers are set
3. Test with different image URLs
4. Check network connectivity to proxy services
#### SharedArrayBuffer Not Available
1. Verify CORS headers are set in server configuration
2. Check that site is served over HTTPS (or localhost)
3. Ensure browser supports SharedArrayBuffer
#### Proxy Service Unavailable
1. Check if allorigins.win is accessible
2. Consider using alternative CORS proxy services
3. Temporarily disable CORS headers for testing
@ -207,12 +229,14 @@ testCorsImageTransformation();
## Migration Guide
### From Previous Implementation
1. CORS headers are now required for SharedArrayBuffer
2. Image URLs automatically transformed in development
3. No changes needed to existing image loading code
4. Test thoroughly in both development and production
### Adding New Image Sources
1. Add specific proxy for frequently used domains
2. Update `transformImageUrlForCors` function
3. Add CORS headers to proxy configuration
@ -221,6 +245,7 @@ testCorsImageTransformation();
## Future Enhancements
### Possible Improvements
1. **Local Proxy Server**: Run dedicated proxy server for development
2. **Caching**: Cache proxy responses for better performance
3. **Fallback Chain**: Multiple proxy services for reliability
@ -228,6 +253,7 @@ testCorsImageTransformation();
5. **Analytics**: Track image loading success/failure rates
### Alternative Approaches
1. **Service Worker**: Intercept image requests at service worker level
2. **Build-time Processing**: Pre-process images during build
3. **CDN Integration**: Use CDN with proper CORS headers

1
doc/database-migration-guide.md
View File

@ -294,6 +294,7 @@ const result = await this.$db("SELECT * FROM contacts WHERE did = ?", [accountDi
```
This provides:
- **Caching**: Automatic caching for performance
- **Error Handling**: Consistent error handling
- **Type Safety**: Enhanced TypeScript integration

5
doc/debug-hook-guide.md
View File

@ -120,6 +120,7 @@ git commit -m "test" # Should be blocked
## ⚙️ Configuration
Edit `.git/hooks/debug-checker.config` to customize:
- **Protected branches**: Add/remove branches as needed
- **Debug patterns**: Customize what gets detected
- **Skip patterns**: Adjust file filtering rules
@ -127,14 +128,17 @@ Edit `.git/hooks/debug-checker.config` to customize:
## 🚨 Emergency Bypass
If you absolutely need to commit debug code to a protected branch:
```bash
git commit --no-verify -m "emergency: debug code needed"
```
⚠️ **Warning**: This bypasses all pre-commit hooks. Use sparingly.
## 🔄 Updates
When the hook is updated in the main repository:
```bash
./scripts/install-debug-hook.sh
```
@ -170,6 +174,7 @@ A test script is available at `scripts/test-debug-hook.sh` to verify the hook wo
## 🎯 Team Workflow
**Recommended setup:**
1. **Repository setup**: Include hook files in `.githooks/` directory
2. **Team onboarding**: Run installation script in each repo
3. **Updates**: Re-run installation script when hooks are updated

6
doc/electron-cleanup-summary.md
View File

@ -7,18 +7,22 @@ This document summarizes the comprehensive cleanup and improvements made to the
## Key Issues Resolved
### 1. Platform Detection Problems
- **Before**: `PlatformServiceFactory` only supported "capacitor" and "web" platforms
- **After**: Added proper "electron" platform support with dedicated `ElectronPlatformService`
### 2. Build Configuration Confusion
- **Before**: Electron builds used `VITE_PLATFORM=capacitor`, causing confusion
- **After**: Electron builds now properly use `VITE_PLATFORM=electron`
### 3. Missing Platform Service Methods
- **Before**: Platform services lacked proper `isElectron()`, `isCapacitor()`, `isWeb()` methods
- **After**: All platform services implement complete interface with proper detection
### 4. Inconsistent Build Scripts
- **Before**: Mixed platform settings in build scripts
- **After**: Clean, consistent electron-specific build process
@ -215,11 +219,13 @@ if (capabilities.hasFileDownload) {
## File Structure Changes
### New Files
- `vite.config.electron.mts` - Electron-specific Vite configuration
- `src/main.electron.ts` - Electron main entry point
- `doc/electron-cleanup-summary.md` - This documentation
### Modified Files
- `src/services/PlatformServiceFactory.ts` - Added electron platform support
- `src/services/PlatformService.ts` - Added platform detection methods
- `src/services/platforms/CapacitorPlatformService.ts` - Added missing interface methods

21
doc/electron-console-cleanup.md
View File

@ -7,18 +7,22 @@ This document summarizes the comprehensive changes made to reduce excessive cons
## Issues Addressed
### 1. Excessive Database Logging (Major Issue - 90% Reduction)
**Problem:** Every database operation was logging detailed parameter information, creating hundreds of lines of console output.
**Solution:** Modified `src/services/platforms/CapacitorPlatformService.ts`:
- Changed `logger.warn` to `logger.debug` for routine SQL operations
- Reduced migration logging verbosity
- Made database integrity checks use debug-level logging
- Kept error and completion messages at appropriate log levels
### 2. Enhanced Logger Configuration
**Problem:** No platform-specific logging controls, causing noise in Electron.
**Solution:** Updated `src/utils/logger.ts`:
- Added platform detection for Electron vs Web
- Suppressed debug and verbose logs for Electron
- Filtered out routine database operations from database logging
@ -26,28 +30,35 @@ This document summarizes the comprehensive changes made to reduce excessive cons
- Added intelligent filtering for CapacitorPlatformService messages
### 3. API Configuration Issues (Major Fix)
**Problem:** Electron was trying to use local development endpoints (localhost:3000) from saved user settings, which don't exist in desktop environment, causing:
- 400 status errors from missing local development servers
- JSON parsing errors (HTML error pages instead of JSON responses)
**Solution:**
- Updated `src/constants/app.ts` to provide Electron-specific API endpoints
- **Critical Fix:** Modified `src/db/databaseUtil.ts` in `retrieveSettingsForActiveAccount()` to force Electron to use production API endpoints regardless of saved user settings
- This ensures Electron never uses localhost development servers that users might have saved
### 4. SharedArrayBuffer Logging Noise
**Problem:** Web-specific SharedArrayBuffer detection was running in Electron, creating unnecessary debug output.
**Solution:** Modified `src/main.web.ts`:
- Made SharedArrayBuffer logging conditional on web platform only
- Converted console.log statements to logger.debug
- Only show in development mode for web platform
- Reduced platform detection noise
### 5. Missing Source Maps Warnings
**Problem:** Electron DevTools was complaining about missing source maps for external dependencies.
**Solution:** Updated `vite.config.electron.mts`:
- Disabled source maps for Electron builds (`sourcemap: false`)
- Added build configuration to suppress external dependency warnings
- Prevents DevTools from looking for non-existent source map files
@ -87,14 +98,16 @@ This document summarizes the comprehensive changes made to reduce excessive cons
## Impact
### Before Cleanup:
### Before Cleanup
- 500+ lines of console output per minute
- Detailed SQL parameter logging for every operation
- API connection errors every few seconds (400 status, JSON parsing errors)
- SharedArrayBuffer warnings on every startup
- DevTools source map warnings
### After Cleanup:
### After Cleanup
- **~95% reduction** in console output
- Only errors and important status messages visible
- **No API connection errors** - Electron uses proper production endpoints
@ -106,6 +119,7 @@ This document summarizes the comprehensive changes made to reduce excessive cons
## Technical Details
### API Configuration Fix
The most critical fix was in `src/db/databaseUtil.ts` where we added:
```typescript
@ -122,6 +136,7 @@ if (process.env.VITE_PLATFORM === "electron") {
This ensures that even if users have localhost development endpoints saved in their settings, Electron will override them with production endpoints.
### Logger Enhancement
Enhanced the logger with platform-specific behavior:
```typescript
@ -135,6 +150,7 @@ if (!isElectron || !message.includes("[CapacitorPlatformService]")) {
## Testing
The changes were tested with:
- `npm run lint-fix` - 0 errors, warnings only (pre-existing)
- Electron development environment
- Web platform (unchanged functionality)
@ -150,6 +166,7 @@ The changes were tested with:
## Backward Compatibility
All changes maintain backward compatibility:
- Web platform logging unchanged
- Capacitor platform logging unchanged
- Error handling preserved

13
doc/error-diagnostics-log.md
View File

@ -5,6 +5,7 @@ This file tracks console errors observed during development for future investiga
## 2025-07-07 08:56 UTC - ProjectsView.vue Migration Session
### Migration Context
- **Current Work**: Completed ProjectsView.vue Triple Migration Pattern
- **Migration Status**: 21 complete, 4 appropriately incomplete components
- **Recent Changes**:
@ -15,42 +16,50 @@ This file tracks console errors observed during development for future investiga
### Observed Errors
#### 1. HomeView.vue API Rate Limit Errors
```
GET https://api.endorser.ch/api/report/rateLimits 400 (Bad Request)
Source: endorserServer.ts:1494, HomeView.vue:593, HomeView.vue:742
```
**Analysis**:
- API server returning 400 for rate limit checks
- Occurs during identity initialization and registration status checks
- **Migration Impact**: None - HomeView.vue was migrated and tested earlier
- **Likely Cause**: Server-side authentication or API configuration issue
**Action Items**:
- [ ] Check endorser.ch API documentation for rate limit endpoint changes
- [ ] Verify authentication headers being sent correctly
- [ ] Consider fallback handling for rate limit API failures
#### 2. ProjectViewView.vue Project Not Found Error
```
GET https://api.endorser.ch/api/claim/byHandle/...01JY2Q5D90E8P267ABB963S71D 404 (Not Found)
Source: ProjectViewView.vue:830 loadProject() method
```
**Analysis**:
- Attempting to load project ID: `01JY2Q5D90E8P267ABB963S71D`
- **Migration Impact**: None - error handling working correctly
- **Likely Cause**: User navigated to non-existent project or stale link
**Action Items**:
- [ ] Consider adding better user messaging for missing projects
- [ ] Investigate if project IDs are being generated/stored correctly
- [ ] Add breadcrumb or "return to projects" option on 404s
#### 3. Axios Request Stack Traces
Multiple stack traces showing Vue router navigation and component mounting cycles.
**Analysis**:
- Normal Vue.js lifecycle and routing behavior
- No obvious memory leaks or infinite loops
- **Migration Impact**: None - expected framework behavior
@ -58,22 +67,26 @@ Multiple stack traces showing Vue router navigation and component mounting cycle
### System Health Indicators
#### ✅ Working Correctly
- Database migrations: `Migration process complete! Summary: 0 applied, 2 skipped`
- Platform service factory initialization: `Creating singleton instance for platform: development`
- SQL worker loading: `Worker loaded, ready to receive messages`
- Database connection: `Opened!`
#### 🔄 For Investigation
- API authentication/authorization with endorser.ch
- Project ID validation and error handling
- Rate limiting strategy
### Migration Validation
- **ProjectsView.vue**: Appropriately incomplete (3 helpers + 1 complex modal)
- **Error Handling**: Migrated components showing proper error handling
- **No Migration-Related Errors**: All errors appear to be infrastructure/data issues
### Next Steps
1. Continue migration slog with next component
2. Monitor these same error patterns in future sessions
3. Address API/server issues in separate debugging session

21
doc/image-hosting-guide.md
View File

@ -25,6 +25,7 @@
## Why This Happens
In development mode, we enable SharedArrayBuffer for fast SQLite operations, which requires:
- `Cross-Origin-Opener-Policy: same-origin`
- `Cross-Origin-Embedder-Policy: require-corp`
@ -35,6 +36,7 @@ These headers create a **cross-origin isolated environment** that blocks resourc
### 1. Use Supported Image Hosting Services
**Recommended services that work well:**
- **Imgur**: Free, no registration required, direct links
- **GitHub**: If you have images in repositories
- **Unsplash**: For stock photos
@ -45,6 +47,7 @@ These headers create a **cross-origin isolated environment** that blocks resourc
If you frequently use images from a specific domain, add a proxy:
#### Step 1: Add Proxy to `vite.config.common.mts`
```typescript
'/yourservice-proxy': {
target: 'https://yourservice.com',
@ -63,6 +66,7 @@ If you frequently use images from a specific domain, add a proxy:
```
#### Step 2: Update Transform Function in `src/libs/util.ts`
```typescript
// Transform YourService URLs to use proxy
if (imageUrl.startsWith("https://yourservice.com/")) {
@ -74,6 +78,7 @@ if (imageUrl.startsWith("https://yourservice.com/")) {
### 3. Use Alternative Image Sources
For frequently failing domains, consider:
- Upload images to Imgur or GitHub
- Use a CDN with proper CORS headers
- Host images on your own domain with CORS enabled
@ -81,11 +86,13 @@ For frequently failing domains, consider:
## Development vs Production
### Development Mode
- Images from supported services work through proxies
- Unsupported images may fail to load
- Console warnings show which images have issues
### Production Mode
- All images load directly without proxies
- No CORS restrictions in production
- Better performance without proxy overhead
@ -93,6 +100,7 @@ For frequently failing domains, consider:
## Testing Image Sources
### Check if an Image Source Works
```bash
# Test in browser console:
fetch('https://example.com/image.jpg', { mode: 'cors' })
@ -101,6 +109,7 @@ fetch('https://example.com/image.jpg', { mode: 'cors' })
```
### Visual Testing
```typescript
import { createTestImageElements } from './libs/test-cors-images';
createTestImageElements(); // Creates visual test panel
@ -109,30 +118,36 @@ createTestImageElements(); // Creates visual test panel
## Common Error Messages
### `ERR_BLOCKED_BY_RESPONSE.NotSameOriginAfterDefaultedToSameOriginByCoep`
**Cause**: Image source doesn't send required CORS headers
**Solution**: Use a supported image hosting service or add a proxy
### `ERR_NETWORK` or `ERR_INTERNET_DISCONNECTED`
**Cause**: Proxy service is unavailable
**Solution**: Check internet connection or use alternative image source
### Images Load in Production but Not Development
**Cause**: Normal behavior - development has stricter CORS requirements
**Solution**: Use supported image sources for development testing
## Best Practices
### For New Projects
1. Use supported image hosting services from the start
2. Upload user images to Imgur or similar service
3. Host critical images on your own domain with CORS enabled
### For Existing Projects
1. Identify frequently used image domains in console warnings
2. Add proxies for the most common domains
3. Gradually migrate to supported image hosting services
### For User-Generated Content
1. Provide upload functionality to supported services
2. Validate image URLs against supported domains
3. Show helpful error messages for unsupported sources
@ -140,17 +155,20 @@ createTestImageElements(); // Creates visual test panel
## Troubleshooting
### Image Not Loading?
1. Check browser console for error messages
2. Verify the domain is in the supported list
3. Test if the image loads in production mode
4. Consider adding a proxy for that domain
### Proxy Not Working?
1. Check if the target service allows proxying
2. Verify CORS headers are being set correctly
3. Test with a simpler image URL from the same domain
### Performance Issues?
1. Proxies add latency in development only
2. Production uses direct image loading
3. Consider using a local image cache for development
@ -158,6 +176,7 @@ createTestImageElements(); // Creates visual test panel
## Quick Fixes
### For Immediate Issues
```typescript
// Temporary fallback: disable CORS headers for testing
// In vite.config.common.mts, comment out:
@ -166,9 +185,11 @@ createTestImageElements(); // Creates visual test panel
// 'Cross-Origin-Embedder-Policy': 'require-corp'
// },
```
**Note**: This disables SharedArrayBuffer performance benefits.
### For Long-term Solution
- Use supported image hosting services
- Add proxies for frequently used domains
- Migrate critical images to your own CORS-enabled CDN

2
doc/logging-configuration.md
View File

@ -101,6 +101,7 @@ Database logging continues to work regardless of console log level settings. All
### No Logs Appearing
Check your `VITE_LOG_LEVEL` setting:
```bash
echo $VITE_LOG_LEVEL
```
@ -108,6 +109,7 @@ echo $VITE_LOG_LEVEL
### Too Many Logs
Reduce verbosity by setting a lower log level:
```bash
VITE_LOG_LEVEL=warn
```

21
doc/migration-fence-definition.md
View File

@ -9,6 +9,7 @@ This document defines the **migration fence** - the boundary between the legacy
## Current Migration Status
### ✅ Completed Components
- **SQLite Database Service**: Fully implemented with absurd-sql
- **Platform Service Layer**: Unified database interface across platforms
- **PlatformServiceMixin**: Centralized database access with caching and utilities
@ -17,12 +18,14 @@ This document defines the **migration fence** - the boundary between the legacy
- **Data Export/Import**: Backup and restore functionality
### 🔄 Active Migration Components
- **Settings Migration**: Core user settings transferred
- **Account Migration**: Identity and key management
- **Contact Migration**: User contact data (via import interface)
- **DatabaseUtil Migration**: Moving functions to PlatformServiceMixin
### ❌ Legacy Components (Fence Boundary)
- **Dexie Database**: Legacy IndexedDB storage (disabled by default)
- **Dexie-Specific Code**: Direct database access patterns
- **Legacy Migration Paths**: Old data transfer methods
@ -45,6 +48,7 @@ export const PlatformServiceMixin = {
```
**Fence Rule**: All database operations must use:
- `this.$db()` for read operations
- `this.$exec()` for write operations
- `this.$settings()` for settings access
@ -64,6 +68,7 @@ export class PlatformServiceFactory {
```
**Fence Rule**: All database operations must use:
- `PlatformService.dbQuery()` for read operations
- `PlatformService.dbExec()` for write operations
- No direct `db.` or `accountsDBPromise` access in application code
@ -71,6 +76,7 @@ export class PlatformServiceFactory {
### 3. Data Access Patterns
#### ✅ Allowed (Inside Fence)
```typescript
// Use PlatformServiceMixin for all database operations
const contacts = await this.$contacts();
@ -79,6 +85,7 @@ const result = await this.$db("SELECT * FROM contacts WHERE did = ?", [accountDi
```
#### ❌ Forbidden (Outside Fence)
```typescript
// Direct Dexie access (legacy pattern)
const contacts = await db.contacts.where('did').equals(accountDid).toArray();
@ -98,6 +105,7 @@ export async function compareDatabases(): Promise<DataComparison> {
```
**Fence Rule**: Migration tools are the exclusive interface between:
- Legacy Dexie database
- New SQLite database
- Data comparison and transfer operations
@ -107,11 +115,13 @@ export async function compareDatabases(): Promise<DataComparison> {
### 1. Code Development Rules
#### New Feature Development
- **Always** use `PlatformServiceMixin` for database operations
- **Never** import or reference Dexie directly
- **Always** use mixin methods like `this.$settings()`, `this.$contacts()`
#### Legacy Code Maintenance
- **Only** modify Dexie code for migration purposes
- **Always** add migration tests for schema changes
- **Never** add new Dexie-specific features
@ -119,11 +129,13 @@ export async function compareDatabases(): Promise<DataComparison> {
### 2. Data Integrity Rules
#### Migration Safety
- **Always** create backups before migration
- **Always** verify data integrity after migration
- **Never** delete legacy data until verified
#### Rollback Strategy
- **Always** maintain ability to rollback to Dexie
- **Always** preserve migration logs
- **Never** assume migration is irreversible
@ -131,6 +143,7 @@ export async function compareDatabases(): Promise<DataComparison> {
### 3. Testing Requirements
#### Migration Testing
```typescript
// Required test pattern for migration
describe('Database Migration', () => {
@ -144,6 +157,7 @@ describe('Database Migration', () => {
```
#### Application Testing
```typescript
// Required test pattern for application features
describe('Feature with Database', () => {
@ -159,6 +173,7 @@ describe('Feature with Database', () => {
### 1. Static Analysis
#### ESLint Rules
```json
{
"rules": {
@ -178,6 +193,7 @@ describe('Feature with Database', () => {
```
#### TypeScript Rules
```json
{
"compilerOptions": {
@ -190,6 +206,7 @@ describe('Feature with Database', () => {
### 2. Runtime Checks
#### Development Mode Validation
```typescript
// Development-only fence validation
if (import.meta.env.DEV) {
@ -198,6 +215,7 @@ if (import.meta.env.DEV) {
```
#### Production Safety
```typescript
// Production fence enforcement
if (import.meta.env.PROD) {
@ -209,6 +227,7 @@ if (import.meta.env.PROD) {
## Migration Status Checklist
### ✅ Completed
- [x] PlatformServiceMixin implementation
- [x] SQLite database service
- [x] Migration tools
@ -217,11 +236,13 @@ if (import.meta.env.PROD) {
- [x] ActiveDid migration
### 🔄 In Progress
- [ ] Contact migration
- [ ] DatabaseUtil to PlatformServiceMixin migration
- [ ] File-by-file migration
### ❌ Not Started
- [ ] Legacy Dexie removal
- [ ] Final cleanup and validation

69
doc/migration-progress-tracker.md
View File

@ -3,6 +3,7 @@
## Per-File Migration Workflow (MANDATORY)
For each file migrated:
1. **First**, migrate to PlatformServiceMixin (replace all databaseUtil usage, etc.).
2. **Immediately after**, standardize notify helper usage (property + created() pattern) and fix any related linter/type errors.
@ -25,22 +26,26 @@ This document tracks the progress of the 2-day sprint to complete PlatformServic
## ✅ **DAY 1: PlatformServiceMixin Completion (COMPLETE)**
### **Phase 1: Remove Circular Dependency (COMPLETE)**
**Status**: ✅ **COMPLETE**
**Issue**: PlatformServiceMixin imports `memoryLogs` from databaseUtil
**Solution**: Create self-contained memoryLogs implementation
#### **Tasks**:
#### **Tasks**
- [x] **Step 1.1**: Remove `memoryLogs` import from PlatformServiceMixin.ts ✅
- [x] **Step 1.2**: Add self-contained `_memoryLogs` array to PlatformServiceMixin ✅
- [x] **Step 1.3**: Add `$appendToMemoryLogs()` method to PlatformServiceMixin ✅
- [x] **Step 1.4**: Update logger.ts to use self-contained memoryLogs ✅
- [x] **Step 1.5**: Test memoryLogs functionality ✅
#### **Files Modified**:
#### **Files Modified**
- `src/utils/PlatformServiceMixin.ts`
- `src/utils/logger.ts`
#### **Validation**:
#### **Validation**
- [x] No circular dependency errors ✅
- [x] memoryLogs functionality works correctly ✅
- [x] Linting passes ✅
@ -48,20 +53,24 @@ This document tracks the progress of the 2-day sprint to complete PlatformServic
---
### **Phase 2: Add Missing Utility Functions (COMPLETE)**
**Status**: ✅ **COMPLETE**
**Missing Functions**: `generateInsertStatement`, `generateUpdateStatement`
#### **Tasks**:
#### **Tasks**
- [x] **Step 2.1**: Add `_generateInsertStatement()` private method to PlatformServiceMixin ✅
- [x] **Step 2.2**: Add `_generateUpdateStatement()` private method to PlatformServiceMixin ✅
- [x] **Step 2.3**: Add `$generateInsertStatement()` public wrapper method ✅
- [x] **Step 2.4**: Add `$generateUpdateStatement()` public wrapper method ✅
- [x] **Step 2.5**: Test both utility functions ✅
#### **Files Modified**:
#### **Files Modified**
- `src/utils/PlatformServiceMixin.ts`
#### **Validation**:
#### **Validation**
- [x] Both functions generate correct SQL ✅
- [x] Parameter handling works correctly ✅
- [x] Type safety maintained ✅
@ -69,18 +78,22 @@ This document tracks the progress of the 2-day sprint to complete PlatformServic
---
### **Phase 3: Update Type Definitions (COMPLETE)**
**Status**: ✅ **COMPLETE**
**Goal**: Add new methods to TypeScript interfaces
#### **Tasks**:
#### **Tasks**
- [x] **Step 3.1**: Add new methods to `IPlatformServiceMixin` interface ✅
- [x] **Step 3.2**: Add new methods to `ComponentCustomProperties` interface ✅
- [x] **Step 3.3**: Verify TypeScript compilation ✅
#### **Files Modified**:
#### **Files Modified**
- `src/utils/PlatformServiceMixin.ts` (interface definitions) ✅
#### **Validation**:
#### **Validation**
- [x] TypeScript compilation passes ✅
- [x] All new methods properly typed ✅
- [x] No type errors in existing code ✅
@ -88,17 +101,20 @@ This document tracks the progress of the 2-day sprint to complete PlatformServic
---
### **Phase 4: Testing & Validation (COMPLETE)**
**Status**: ✅ **COMPLETE**
**Goal**: Ensure PlatformServiceMixin is fully functional
#### **Tasks**:
#### **Tasks**
- [x] **Step 4.1**: Create test component to verify all methods ✅
- [x] **Step 4.2**: Run comprehensive linting ✅
- [x] **Step 4.3**: Run TypeScript type checking ✅
- [x] **Step 4.4**: Test caching functionality ✅
- [x] **Step 4.5**: Test database operations ✅
#### **Validation**:
#### **Validation**
- [x] All tests pass ✅
- [x] No linting errors ✅
- [x] No TypeScript errors ✅
@ -108,10 +124,12 @@ This document tracks the progress of the 2-day sprint to complete PlatformServic
---
### **Phase 5: Utility Files Migration (COMPLETE)**
**Status**: ✅ **COMPLETE**
**Goal**: Remove all remaining databaseUtil imports from utility files
#### **Tasks**:
#### **Tasks**
- [x] **Step 5.1**: Migrate `src/services/deepLinks.ts`
- Replaced `logConsoleAndDb` with `console.error`
- Removed databaseUtil import
@ -121,7 +139,8 @@ This document tracks the progress of the 2-day sprint to complete PlatformServic
- Updated all async calls to use proper async pattern
- [x] **Step 5.3**: Verify no remaining databaseUtil imports ✅
#### **Validation**:
#### **Validation**
- [x] No databaseUtil imports in any TypeScript files ✅
- [x] No databaseUtil imports in any Vue files ✅
- [x] All functions work correctly ✅
@ -131,13 +150,16 @@ This document tracks the progress of the 2-day sprint to complete PlatformServic
## 🎯 **DAY 2: Migrate All 52 Files (READY TO START)**
### **Migration Strategy**
**Priority Order**:
1. **Views** (25 files) - User-facing components
2. **Components** (15 files) - Reusable UI components
3. **Services** (8 files) - Business logic
4. **Utils** (4 files) - Utility functions
### **Migration Pattern for Each File**
```typescript
// 1. Add PlatformServiceMixin
import { PlatformServiceMixin } from "@/utils/PlatformServiceMixin";
@ -155,6 +177,7 @@ export default class ComponentName extends Vue {
```
### **Common Replacements**
- `generateInsertStatement``this.$generateInsertStatement`
- `generateUpdateStatement``this.$generateUpdateStatement`
- `parseJsonField``this._parseJsonField`
@ -168,6 +191,7 @@ export default class ComponentName extends Vue {
## 📋 **File Migration Checklist**
### **Views (25 files) - Priority 1**
**Progress**: 6/25 (24%)
- [ ] QuickActionBvcEndView.vue
@ -209,6 +233,7 @@ export default class ComponentName extends Vue {
- [ ] UserProfileView.vue
### **Components (15 files) - Priority 2**
**Progress**: 9/15 (60%)
- [x] UserNameDialog.vue ✅ **MIGRATED**
@ -233,6 +258,7 @@ export default class ComponentName extends Vue {
- [x] IconRenderer.vue ✅ MIGRATED & HUMAN TESTED 2024-12-19 (0 min, no migration needed - already compliant)
### **Services (8 files) - Priority 3**
**Progress**: 2/8 (25%)
- [x] api.ts ✅ MIGRATED 2024-12-19 (0 min, no migration needed - already compliant)
@ -241,6 +267,7 @@ export default class ComponentName extends Vue {
- [ ] deepLinks.ts
### **Utils (4 files) - Priority 4**
**Progress**: 1/4 (25%)
- [ ] LogCollector.ts
@ -253,6 +280,7 @@ export default class ComponentName extends Vue {
## 🛠️ **Migration Tools**
### **Migration Helper Script**
```bash
# Track progress
./scripts/migration-helper.sh progress
@ -277,6 +305,7 @@ export default class ComponentName extends Vue {
```
### **Validation Commands**
```bash
# Check for remaining databaseUtil imports
find src -name "*.vue" -o -name "*.ts" | xargs grep -l "import.*databaseUtil"
@ -296,12 +325,14 @@ find src -name "*.vue" -o -name "*.ts" | xargs grep -l "import.*databaseUtil" |
## 📊 **Progress Tracking**
### **Day 1 Progress**
- [ ] Phase 1: Circular dependency resolved
- [ ] Phase 2: Utility functions added
- [ ] Phase 3: Type definitions updated
- [ ] Phase 4: Testing completed
### **Day 2 Progress**
- [ ] Views migrated (0/25)
- [ ] Components migrated (0/15)
- [ ] Services migrated (0/8)
@ -309,6 +340,7 @@ find src -name "*.vue" -o -name "*.ts" | xargs grep -l "import.*databaseUtil" |
- [ ] Validation completed
### **Overall Progress**
- **Total files to migrate**: 52
- **Files migrated**: 3
- **Progress**: 6%
@ -318,6 +350,7 @@ find src -name "*.vue" -o -name "*.ts" | xargs grep -l "import.*databaseUtil" |
## 🎯 **Success Criteria**
### **Day 1 Success Criteria**
- [ ] PlatformServiceMixin has no circular dependencies
- [ ] All utility functions implemented and tested
- [ ] Type definitions complete and accurate
@ -325,6 +358,7 @@ find src -name "*.vue" -o -name "*.ts" | xargs grep -l "import.*databaseUtil" |
- [ ] TypeScript compilation passes
### **Day 2 Success Criteria**
- [ ] 0 files importing databaseUtil
- [ ] All 52 files migrated to PlatformServiceMixin
- [ ] No runtime errors in migrated components
@ -332,6 +366,7 @@ find src -name "*.vue" -o -name "*.ts" | xargs grep -l "import.*databaseUtil" |
- [ ] Performance maintained or improved
### **Overall Success Criteria**
- [ ] Complete elimination of databaseUtil dependency
- [ ] PlatformServiceMixin is the single source of truth for database operations
- [ ] Migration fence is fully implemented
@ -354,14 +389,17 @@ find src -name "*.vue" -o -name "*.ts" | xargs grep -l "import.*databaseUtil" |
## 📝 **Notes & Issues**
### **Current Issues**
- None identified yet
### **Decisions Made**
- PlatformServiceMixin approach chosen over USE_DEXIE_DB constant
- Self-contained utility functions preferred over imports
- Priority order: Views → Components → Services → Utils
### **Lessons Learned**
- To be filled as migration progresses
---
@ -369,6 +407,7 @@ find src -name "*.vue" -o -name "*.ts" | xargs grep -l "import.*databaseUtil" |
## 🔄 **Daily Updates**
### **Day 1 Updates**
- [ ] Start time: _____
- [ ] Phase 1 completion: _____
- [ ] Phase 2 completion: _____
@ -377,6 +416,7 @@ find src -name "*.vue" -o -name "*.ts" | xargs grep -l "import.*databaseUtil" |
- [ ] End time: _____
### **Day 2 Updates**
- [ ] Start time: _____
- [ ] Views migration completion: _____
- [ ] Components migration completion: _____
@ -390,16 +430,19 @@ find src -name "*.vue" -o -name "*.ts" | xargs grep -l "import.*databaseUtil" |
## 🆘 **Contingency Plans**
### **If Day 1 Takes Longer**
- Focus on core functionality first
- Defer advanced utility functions to Day 2
- Prioritize circular dependency resolution
### **If Day 2 Takes Longer**
- Focus on high-impact views first
- Batch similar components together
- Use automated scripts for common patterns
### **If Issues Arise**
- Document specific problems in Notes section
- Create targeted fixes
- Maintain backward compatibility during transition

1
doc/migration-quick-reference.md
View File

@ -63,6 +63,7 @@ export default class ComponentName extends Vue {
## ✅ **Validation Checklist**
After each file migration:
- [ ] No databaseUtil imports
- [ ] PlatformServiceMixin added
- [ ] Method calls updated

31
doc/migration-readiness-summary.md
View File

@ -11,11 +11,14 @@
## 🎯 **Migration Overview**
### **Goal**
Complete the TimeSafari database migration from Dexie to SQLite by:
1. **Day 1**: Finish PlatformServiceMixin implementation (4-6 hours)
2. **Day 2**: Migrate all 52 files to PlatformServiceMixin (6-8 hours)
### **Current Status**
- ✅ **PlatformServiceMixin**: 95% complete (1,301 lines)
- ✅ **Migration Tools**: Ready and tested
- ✅ **Documentation**: Complete and cross-machine accessible
@ -27,22 +30,30 @@ Complete the TimeSafari database migration from Dexie to SQLite by:
## 📊 **File Breakdown**
### **Views (42 files) - Priority 1**
User-facing components that need immediate attention:
- 25 files from original list
- 17 additional files identified by migration helper
### **Components (9 files) - Priority 2**
Reusable UI components:
- FeedFilters.vue, GiftedDialog.vue, GiftedPrompts.vue
- ImageMethodDialog.vue, OfferDialog.vue, OnboardingDialog.vue
- PhotoDialog.vue, PushNotificationPermission.vue, UserNameDialog.vue
### **Services (1 file) - Priority 3**
Business logic:
- deepLinks.ts
### **Utils (3 files) - Priority 4**
Utility functions:
- util.ts, test/index.ts, PlatformServiceMixin.ts (circular dependency fix)
---
@ -50,17 +61,21 @@ Utility functions:
## 🛠️ **Available Tools**
### **Migration Helper Script**
```bash
./scripts/migration-helper.sh [command]
```
**Commands**: progress, files, patterns, template, validate, next, all
### **Progress Tracking**
- **Main Tracker**: `doc/migration-progress-tracker.md`
- **Quick Reference**: `doc/migration-quick-reference.md`
- **Completion Plan**: `doc/platformservicemixin-completion-plan.md`
### **Validation Commands**
```bash
# Check progress
./scripts/migration-helper.sh progress
@ -77,6 +92,7 @@ find src -name "*.vue" -o -name "*.ts" | xargs grep -l "import.*databaseUtil" |
## 🔄 **Migration Pattern**
### **Standard Template**
```typescript
// 1. Add import
import { PlatformServiceMixin } from "@/utils/PlatformServiceMixin";
@ -94,6 +110,7 @@ export default class ComponentName extends Vue {
```
### **Common Replacements**
| Old | New |
|-----|-----|
| `generateInsertStatement` | `this.$generateInsertStatement` |
@ -109,19 +126,23 @@ export default class ComponentName extends Vue {
## 🎯 **Day 1 Plan: PlatformServiceMixin Completion**
### **Phase 1: Remove Circular Dependency (30 min)**
- Remove `memoryLogs` import from PlatformServiceMixin
- Add self-contained memoryLogs implementation
- Update logger.ts
### **Phase 2: Add Missing Functions (1 hour)**
- Add `generateInsertStatement` and `generateUpdateStatement`
- Test both utility functions
### **Phase 3: Update Types (30 min)**
- Add new methods to TypeScript interfaces
- Verify compilation
### **Phase 4: Testing (1 hour)**
- Comprehensive testing and validation
- Ensure no circular dependencies
@ -130,17 +151,20 @@ export default class ComponentName extends Vue {
## 🎯 **Day 2 Plan: File Migration**
### **Strategy**
1. **Views First** (42 files) - High impact, user-facing
2. **Components** (9 files) - Reusable UI elements
3. **Services** (1 file) - Business logic
4. **Utils** (3 files) - Utility functions
### **Batch Processing**
- Process similar files together
- Use automated scripts for common patterns
- Validate after each batch
### **Success Criteria**
- 0 files importing databaseUtil
- All tests passing
- No runtime errors
@ -151,12 +175,14 @@ export default class ComponentName extends Vue {
## 🚀 **Expected Benefits**
### **Immediate Benefits**
- **80% reduction** in database boilerplate code
- **Eliminated circular dependencies**
- **Centralized caching** for performance
- **Type-safe** database operations
### **Long-term Benefits**
- **Simplified testing** with mockable mixin
- **Consistent error handling** across components
- **Ready for SQLite-only mode**
@ -167,18 +193,21 @@ export default class ComponentName extends Vue {
## 📋 **Pre-Migration Checklist**
### **Environment Ready**
- [x] Migration helper script tested and working
- [x] Progress tracking system operational
- [x] Documentation complete and accessible
- [x] Validation commands working
### **Tools Available**
- [x] Automated progress tracking
- [x] Migration pattern templates
- [x] Validation scripts
- [x] Cross-machine documentation
### **Knowledge Base**
- [x] Common replacement patterns documented
- [x] Migration templates ready
- [x] Troubleshooting guides available
@ -191,12 +220,14 @@ export default class ComponentName extends Vue {
**All systems are ready for the 2-day migration sprint.**
### **Next Steps**
1. **Start Day 1**: Complete PlatformServiceMixin
2. **Use tracking tools**: Monitor progress with helper script
3. **Follow documentation**: Use provided templates and patterns
4. **Validate frequently**: Run checks after each phase
### **Success Metrics**
- **Day 1**: PlatformServiceMixin 100% complete, no circular dependencies
- **Day 2**: 0 files importing databaseUtil, all tests passing
- **Overall**: Ready for Phase 3 cleanup and optimization

31
doc/migration-roadmap-next-steps.md
View File

@ -7,6 +7,7 @@ This document outlines the immediate next steps for completing the TimeSafari da
## Current Status Summary
### ✅ **Completed Achievements**
1. **Circular Dependencies Resolved** - No active circular dependencies blocking development
2. **PlatformServiceMixin Implemented** - Core functionality with caching and utilities
3. **Migration Tools Ready** - Data comparison and transfer utilities functional
@ -14,6 +15,7 @@ This document outlines the immediate next steps for completing the TimeSafari da
5. **Documentation Updated** - All docs reflect current PlatformServiceMixin approach
### 🔄 **Current Phase: Phase 2 - Active Migration**
- **DatabaseUtil Migration**: 52 files still importing databaseUtil
- **Contact Migration**: Framework ready, implementation in progress
- **File-by-File Migration**: Ready to begin systematic migration
@ -23,6 +25,7 @@ This document outlines the immediate next steps for completing the TimeSafari da
### 🔴 **Priority 1: Complete PlatformServiceMixin Independence**
#### **Step 1.1: Remove memoryLogs Dependency**
```typescript
// Current: PlatformServiceMixin imports from databaseUtil
import { memoryLogs } from "@/db/databaseUtil";
@ -32,12 +35,15 @@ const memoryLogs: string[] = [];
```
**Files to modify**:
- `src/utils/PlatformServiceMixin.ts` - Remove import, add self-contained implementation
**Estimated time**: 30 minutes
#### **Step 1.2: Add Missing Utility Methods**
Add these methods to PlatformServiceMixin:
- `$parseJson()` - Self-contained JSON parsing
- `$generateInsertStatement()` - SQL generation
- `$generateUpdateStatement()` - SQL generation
@ -48,6 +54,7 @@ Add these methods to PlatformServiceMixin:
### 🟡 **Priority 2: Start File-by-File Migration**
#### **Step 2.1: Migrate Critical Files First**
Based on the migration plan, start with these high-priority files:
1. **`src/App.vue`** - Main application (highest impact)
@ -57,6 +64,7 @@ Based on the migration plan, start with these high-priority files:
5. **`src/services/deepLinks.ts`** - Service layer
**Migration pattern for each file**:
```typescript
// 1. Remove databaseUtil import
// Remove: import * as databaseUtil from "../db/databaseUtil";
@ -82,7 +90,9 @@ Based on the migration plan, start with these high-priority files:
### 🟡 **Priority 3: Systematic File Migration**
#### **Step 3.1: Migrate High-Usage Components (15 files)**
Target components with databaseUtil imports:
- `PhotoDialog.vue`
- `FeedFilters.vue`
- `UserNameDialog.vue`
@ -97,7 +107,9 @@ Target components with databaseUtil imports:
**Estimated time**: 15-30 hours
#### **Step 3.2: Migrate High-Usage Views (20 files)**
Target views with databaseUtil imports:
- `IdentitySwitcherView.vue`
- `ContactEditView.vue`
- `ContactGiftingView.vue`
@ -113,6 +125,7 @@ Target views with databaseUtil imports:
**Estimated time**: 20-40 hours
#### **Step 3.3: Migrate Remaining Files (27 files)**
Complete migration of all remaining files with databaseUtil imports.
**Estimated time**: 27-54 hours
@ -120,6 +133,7 @@ Complete migration of all remaining files with databaseUtil imports.
### 🟢 **Priority 4: Contact Migration Completion**
#### **Step 4.1: Complete Contact Migration Framework**
- Implement contact import/export functionality
- Add contact validation and error handling
- Test contact migration with real data
@ -127,6 +141,7 @@ Complete migration of all remaining files with databaseUtil imports.
**Estimated time**: 4-8 hours
#### **Step 4.2: User Testing and Validation**
- Test migration with various data scenarios
- Validate data integrity after migration
- Performance testing with large datasets
@ -138,7 +153,9 @@ Complete migration of all remaining files with databaseUtil imports.
### 🔵 **Priority 5: Cleanup and Optimization**
#### **Step 5.1: Remove Unused databaseUtil Functions**
After all files are migrated:
- Remove unused functions from databaseUtil.ts
- Update TypeScript interfaces
- Clean up legacy code
@ -146,6 +163,7 @@ After all files are migrated:
**Estimated time**: 4-8 hours
#### **Step 5.2: Performance Optimization**
- Optimize PlatformServiceMixin caching
- Add performance monitoring
- Implement database query optimization
@ -153,6 +171,7 @@ After all files are migrated:
**Estimated time**: 8-16 hours
#### **Step 5.3: Legacy Dexie Removal**
- Remove Dexie dependencies
- Clean up migration tools
- Update build configurations
@ -162,6 +181,7 @@ After all files are migrated:
## Migration Commands and Tools
### **Automated Migration Script**
Create a script to help with bulk migrations:
```bash
@ -193,6 +213,7 @@ echo "Please review and test the changes"
```
### **Migration Testing Commands**
```bash
# Test individual file migration
npm run test -- --grep "ComponentName"
@ -213,18 +234,21 @@ npx tsc --noEmit
## Risk Mitigation
### **Incremental Migration Strategy**
1. **One file at a time** - Minimize risk of breaking changes
2. **Comprehensive testing** - Test each migration thoroughly
3. **Rollback capability** - Keep databaseUtil.ts until migration complete
4. **Documentation updates** - Update docs as methods are migrated
### **Testing Strategy**
1. **Unit tests** - Test individual component functionality
2. **Integration tests** - Test database operations
3. **End-to-end tests** - Test complete user workflows
4. **Performance tests** - Ensure no performance regression
### **Rollback Plan**
1. **Git branches** - Each migration in separate branch
2. **Backup files** - Keep original files until migration verified
3. **Feature flags** - Ability to switch back to databaseUtil if needed
@ -233,18 +257,21 @@ npx tsc --noEmit
## Success Metrics
### **Short-Term (This Week)**
- [ ] PlatformServiceMixin completely independent
- [ ] 5 critical files migrated
- [ ] No new circular dependencies
- [ ] All tests passing
### **Medium-Term (Next 2 Weeks)**
- [ ] 35+ files migrated (70% completion)
- [ ] Contact migration framework complete
- [ ] Performance maintained or improved
- [ ] User testing completed
### **Long-Term (Next Month)**
- [ ] All 52 files migrated (100% completion)
- [ ] databaseUtil.ts removed or minimal
- [ ] Legacy Dexie code removed
@ -253,12 +280,14 @@ npx tsc --noEmit
## Resource Requirements
### **Development Time**
- **Immediate (This Week)**: 8-12 hours
- **Medium-Term (Next 2 Weeks)**: 35-70 hours
- **Long-Term (Next Month)**: 16-32 hours
- **Total Estimated**: 59-114 hours
### **Testing Time**
- **Unit Testing**: 20-30 hours
- **Integration Testing**: 10-15 hours
- **User Testing**: 8-12 hours
@ -266,6 +295,7 @@ npx tsc --noEmit
- **Total Testing**: 43-65 hours
### **Total Project Time**
- **Development**: 59-114 hours
- **Testing**: 43-65 hours
- **Documentation**: 5-10 hours
@ -274,6 +304,7 @@ npx tsc --noEmit
## Conclusion
The migration is well-positioned for completion with:
- ✅ **No blocking circular dependencies**
- ✅ **PlatformServiceMixin mostly complete**
- ✅ **Clear migration path defined**

29
doc/migration-to-wa-sqlite.md
View File

@ -29,12 +29,15 @@ This document outlines the migration process from Dexie.js to absurd-sql for the
## Migration Architecture
### Migration Fence
The migration fence is now defined by the **PlatformServiceMixin** in `src/utils/PlatformServiceMixin.ts`:
- **PlatformServiceMixin**: Centralized database access with caching and utilities
- **Migration Tools**: Exclusive interface between legacy and new databases
- **Service Layer**: All database operations go through PlatformService
### Migration Order
The migration follows a specific order to maintain data integrity:
1. **Accounts** (foundational - contains DIDs)
@ -45,9 +48,11 @@ The migration follows a specific order to maintain data integrity:
## ActiveDid Migration ⭐ **NEW FEATURE**
### Problem Solved
Previously, the `activeDid` setting was not migrated from Dexie to SQLite, causing users to lose their active identity after migration.
### Solution Implemented
The migration now includes a dedicated step for migrating the `activeDid`:
1. **Detection**: Identifies the `activeDid` from Dexie master settings
@ -58,6 +63,7 @@ The migration now includes a dedicated step for migrating the `activeDid`:
### Implementation Details
#### New Function: `migrateActiveDid()`
```typescript
export async function migrateActiveDid(): Promise<MigrationResult> {
// 1. Get Dexie settings to find the activeDid
@ -76,13 +82,17 @@ export async function migrateActiveDid(): Promise<MigrationResult> {
```
#### Enhanced `migrateSettings()` Function
The settings migration now includes activeDid handling:
- Extracts `activeDid` from Dexie master settings
- Validates account existence in SQLite
- Updates SQLite master settings with the `activeDid`
#### Updated `migrateAll()` Function
The complete migration now includes a dedicated step for activeDid:
```typescript
// Step 3: Migrate ActiveDid (depends on accounts and settings)
logger.info("[MigrationService] Step 3: Migrating activeDid...");
@ -90,6 +100,7 @@ const activeDidResult = await migrateActiveDid();
```
### Benefits
- ✅ **User Identity Preservation**: Users maintain their active identity
- ✅ **Seamless Experience**: No need to manually select identity after migration
- ✅ **Data Consistency**: Ensures all identity-related settings are preserved
@ -98,17 +109,20 @@ const activeDidResult = await migrateActiveDid();
## Migration Process
### Phase 1: Preparation ✅
- [x] PlatformServiceMixin implementation
- [x] Implement data comparison tools
- [x] Create migration service structure
### Phase 2: Core Migration ✅
- [x] Account migration with `importFromMnemonic`
- [x] Settings migration (excluding activeDid)
- [x] **ActiveDid migration** ⭐ **COMPLETED**
- [x] Contact migration framework
### Phase 3: Validation and Cleanup 🔄
- [ ] Comprehensive data validation
- [ ] Performance testing
- [ ] User acceptance testing
@ -117,6 +131,7 @@ const activeDidResult = await migrateActiveDid();
## Usage
### Manual Migration
```typescript
import { migrateAll, migrateActiveDid } from '../services/indexedDBMigrationService';
@ -128,6 +143,7 @@ const activeDidResult = await migrateActiveDid();
```
### Migration Verification
```typescript
import { compareDatabases } from '../services/indexedDBMigrationService';
@ -136,7 +152,9 @@ console.log('Migration differences:', comparison.differences);
```
### PlatformServiceMixin Integration
After migration, use the mixin for all database operations:
```typescript
// Use mixin methods for database access
const contacts = await this.$contacts();
@ -147,11 +165,13 @@ const result = await this.$db("SELECT * FROM contacts WHERE did = ?", [accountDi
## Error Handling
### ActiveDid Migration Errors
- **Missing Account**: If the `activeDid` from Dexie doesn't exist in SQLite accounts
- **Database Errors**: Connection or query failures
- **Settings Update Failures**: Issues updating SQLite master settings
### Recovery Strategies
1. **Automatic Recovery**: Migration continues even if activeDid migration fails
2. **Manual Recovery**: Users can manually select their identity after migration
3. **Fallback**: System creates new identity if none exists
@ -159,11 +179,13 @@ const result = await this.$db("SELECT * FROM contacts WHERE did = ?", [accountDi
## Security Considerations
### Data Protection
- All sensitive data (mnemonics, private keys) are encrypted
- Migration preserves encryption standards
- No plaintext data exposure during migration
### Identity Verification
- ActiveDid migration validates account existence
- Prevents setting non-existent identities as active
- Maintains cryptographic integrity
@ -171,6 +193,7 @@ const result = await this.$db("SELECT * FROM contacts WHERE did = ?", [accountDi
## Testing
### Migration Testing
```bash
# Run migration
npm run migrate
@ -180,6 +203,7 @@ npm run test:migration
```
### ActiveDid Testing
```typescript
// Test activeDid migration specifically
const result = await migrateActiveDid();
@ -188,6 +212,7 @@ expect(result.warnings).toContain('Successfully migrated activeDid');
```
### PlatformServiceMixin Testing
```typescript
// Test mixin integration
describe('PlatformServiceMixin', () => {
@ -224,6 +249,7 @@ describe('PlatformServiceMixin', () => {
- Verify caching and error handling work correctly
### Debugging
```typescript
// Debug migration process
import { logger } from '../utils/logger';
@ -245,6 +271,7 @@ logger.debug('[Migration] Migration completed:', result);
## Migration Status Checklist
### ✅ Completed
- [x] PlatformServiceMixin implementation
- [x] SQLite database service
- [x] Migration tools
@ -253,11 +280,13 @@ logger.debug('[Migration] Migration completed:', result);
- [x] ActiveDid migration
### 🔄 In Progress
- [ ] Contact migration
- [ ] DatabaseUtil to PlatformServiceMixin migration
- [ ] File-by-file migration
### ❌ Not Started
- [ ] Legacy Dexie removal
- [ ] Final cleanup and validation

29
doc/platformservicemixin-completion-plan.md
View File

@ -7,6 +7,7 @@ This document outlines the complete plan to finish PlatformServiceMixin implemen
## Current Status
### ✅ **PlatformServiceMixin - 95% Complete**
- **Core functionality**: ✅ Implemented
- **Caching system**: ✅ Implemented
- **Database methods**: ✅ Implemented
@ -14,6 +15,7 @@ This document outlines the complete plan to finish PlatformServiceMixin implemen
- **Type definitions**: ✅ Implemented
### ⚠️ **Remaining Issues**
1. **Single circular dependency**: `memoryLogs` import from databaseUtil
2. **Missing utility functions**: `generateInsertStatement`, `generateUpdateStatement`
3. **52 files** still importing databaseUtil
@ -25,6 +27,7 @@ This document outlines the complete plan to finish PlatformServiceMixin implemen
### **Phase 1: Remove Circular Dependency (30 minutes)**
#### **Step 1.1: Create Self-Contained memoryLogs**
```typescript
// In PlatformServiceMixin.ts - Replace line 50:
// Remove: import { memoryLogs } from "@/db/databaseUtil";
@ -48,6 +51,7 @@ $appendToMemoryLogs(message: string): void {
```
#### **Step 1.2: Update logger.ts**
```typescript
// In logger.ts - Replace memoryLogs usage:
// Remove: import { memoryLogs } from "@/db/databaseUtil";
@ -70,6 +74,7 @@ export function getMemoryLogs(): string[] {
### **Phase 2: Add Missing Utility Functions (1 hour)**
#### **Step 2.1: Add generateInsertStatement to PlatformServiceMixin**
```typescript
// Add to PlatformServiceMixin methods:
_generateInsertStatement(
@ -95,6 +100,7 @@ _generateInsertStatement(
```
#### **Step 2.2: Add generateUpdateStatement to PlatformServiceMixin**
```typescript
// Add to PlatformServiceMixin methods:
_generateUpdateStatement(
@ -129,6 +135,7 @@ _generateUpdateStatement(
```
#### **Step 2.3: Add Public Wrapper Methods**
```typescript
// Add to PlatformServiceMixin methods:
$generateInsertStatement(
@ -151,6 +158,7 @@ $generateUpdateStatement(
### **Phase 3: Update Type Definitions (30 minutes)**
#### **Step 3.1: Update IPlatformServiceMixin Interface**
```typescript
// Add to IPlatformServiceMixin interface:
$generateInsertStatement(
@ -167,6 +175,7 @@ $appendToMemoryLogs(message: string): void;
```
#### **Step 3.2: Update ComponentCustomProperties**
```typescript
// Add to ComponentCustomProperties interface:
$generateInsertStatement(
@ -185,12 +194,14 @@ $appendToMemoryLogs(message: string): void;
### **Phase 4: Test PlatformServiceMixin (1 hour)**
#### **Step 4.1: Create Test Component**
```typescript
// Create test file: src/test/PlatformServiceMixin.test.ts
// Test all methods including new utility functions
```
#### **Step 4.2: Run Linting and Type Checking**
```bash
npm run lint
npx tsc --noEmit
@ -203,6 +214,7 @@ npx tsc --noEmit
### **Migration Strategy**
#### **Priority Order:**
1. **Views** (25 files) - User-facing components
2. **Components** (15 files) - Reusable UI components
3. **Services** (8 files) - Business logic
@ -211,6 +223,7 @@ npx tsc --noEmit
#### **Migration Pattern for Each File:**
**Step 1: Add PlatformServiceMixin**
```typescript
// Add to component imports:
import { PlatformServiceMixin } from "@/utils/PlatformServiceMixin";
@ -223,6 +236,7 @@ export default class ComponentName extends Vue {
```
**Step 2: Replace databaseUtil Imports**
```typescript
// Remove:
import {
@ -244,6 +258,7 @@ import {
```
**Step 3: Update Method Calls**
```typescript
// Before:
const { sql, params } = generateInsertStatement(contact, 'contacts');
@ -255,6 +270,7 @@ const { sql, params } = this.$generateInsertStatement(contact, 'contacts');
### **File Migration Checklist**
#### **Views (25 files) - Priority 1**
- [ ] QuickActionBvcEndView.vue
- [ ] ProjectsView.vue
- [ ] ClaimReportCertificateView.vue
@ -278,6 +294,7 @@ const { sql, params } = this.$generateInsertStatement(contact, 'contacts');
- [ ] [5 more view files]
#### **Components (15 files) - Priority 2**
- [ ] ActivityListItem.vue
- [ ] AmountInput.vue
- [ ] ChoiceButtonDialog.vue
@ -295,18 +312,21 @@ const { sql, params } = this.$generateInsertStatement(contact, 'contacts');
- [ ] IconRenderer.vue
#### **Services (8 files) - Priority 3**
- [ ] api.ts
- [ ] endorserServer.ts
- [ ] partnerServer.ts
- [ ] [5 more service files]
#### **Utils (4 files) - Priority 4**
- [ ] LogCollector.ts
- [ ] [3 more util files]
### **Migration Tools**
#### **Automated Script for Common Patterns**
```bash
#!/bin/bash
# migration-helper.sh
@ -326,6 +346,7 @@ echo "logConsoleAndDb → this.\$logAndConsole"
```
#### **Validation Script**
```bash
#!/bin/bash
# validate-migration.sh
@ -350,6 +371,7 @@ echo "Migration validation complete!"
## 🎯 **Success Criteria**
### **Day 1 Success Criteria:**
- [ ] PlatformServiceMixin has no circular dependencies
- [ ] All utility functions implemented and tested
- [ ] Type definitions complete and accurate
@ -357,6 +379,7 @@ echo "Migration validation complete!"
- [ ] TypeScript compilation passes
### **Day 2 Success Criteria:**
- [ ] 0 files importing databaseUtil
- [ ] All 52 files migrated to PlatformServiceMixin
- [ ] No runtime errors in migrated components
@ -364,6 +387,7 @@ echo "Migration validation complete!"
- [ ] Performance maintained or improved
### **Overall Success Criteria:**
- [ ] Complete elimination of databaseUtil dependency
- [ ] PlatformServiceMixin is the single source of truth for database operations
- [ ] Migration fence is fully implemented
@ -386,12 +410,14 @@ echo "Migration validation complete!"
## 📋 **Daily Progress Tracking**
### **Day 1 Progress:**
- [ ] Phase 1: Circular dependency resolved
- [ ] Phase 2: Utility functions added
- [ ] Phase 3: Type definitions updated
- [ ] Phase 4: Testing completed
### **Day 2 Progress:**
- [ ] Views migrated (0/25)
- [ ] Components migrated (0/15)
- [ ] Services migrated (0/8)
@ -403,16 +429,19 @@ echo "Migration validation complete!"
## 🆘 **Contingency Plans**
### **If Day 1 Takes Longer:**
- Focus on core functionality first
- Defer advanced utility functions to Day 2
- Prioritize circular dependency resolution
### **If Day 2 Takes Longer:**
- Focus on high-impact views first
- Batch similar components together
- Use automated scripts for common patterns
### **If Issues Arise:**
- Document specific problems
- Create targeted fixes
- Maintain backward compatibility during transition

28
doc/qr-code-implementation-guide.md
View File

@ -7,6 +7,7 @@ This document describes the QR code scanning and generation implementation in th
## Architecture
### Directory Structure
```
src/
├── services/
@ -74,6 +75,7 @@ interface QRScannerOptions {
### Platform-Specific Implementations
#### Mobile (Capacitor)
- Uses `@capacitor-mlkit/barcode-scanning`
- Native camera access through platform APIs
- Optimized for mobile performance
@ -82,6 +84,7 @@ interface QRScannerOptions {
- Back camera preferred for scanning
Configuration:
```typescript
// capacitor.config.ts
const config: CapacitorConfig = {
@ -105,6 +108,7 @@ const config: CapacitorConfig = {
```
#### Web
- Uses browser's MediaDevices API
- Vue.js components for UI
- EventEmitter for stream management
@ -116,6 +120,7 @@ const config: CapacitorConfig = {
### View Components
#### ContactQRScanView
- Dedicated view for scanning QR codes
- Full-screen camera interface
- Simple UI focused on scanning
@ -123,6 +128,7 @@ const config: CapacitorConfig = {
- Streamlined scanning experience
#### ContactQRScanShowView
- Combined view for QR code display and scanning
- Shows user's own QR code
- Handles user registration status
@ -160,6 +166,7 @@ const config: CapacitorConfig = {
## Build Configuration
### Common Vite Configuration
```typescript
// vite.config.common.mts
export async function createBuildConfig(mode: string) {
@ -183,6 +190,7 @@ export async function createBuildConfig(mode: string) {
```
### Platform-Specific Builds
```json
{
"scripts": {
@ -196,6 +204,7 @@ export async function createBuildConfig(mode: string) {
## Error Handling
### Common Error Scenarios
1. No camera found
2. Permission denied
3. Camera in use by another application
@ -207,6 +216,7 @@ export async function createBuildConfig(mode: string) {
9. Network connectivity issues
### Error Response
- User-friendly error messages
- Troubleshooting tips
- Clear instructions for resolution
@ -215,6 +225,7 @@ export async function createBuildConfig(mode: string) {
## Security Considerations
### QR Code Security
- Encryption of contact data
- Timestamp validation
- Version checking
@ -222,6 +233,7 @@ export async function createBuildConfig(mode: string) {
- Rate limiting for scans
### Data Protection
- Secure transmission of contact data
- Validation of QR code authenticity
- Prevention of duplicate scans
@ -231,6 +243,7 @@ export async function createBuildConfig(mode: string) {
## Best Practices
### Camera Access
1. Always check for camera availability
2. Request permissions explicitly
3. Handle all error conditions
@ -238,6 +251,7 @@ export async function createBuildConfig(mode: string) {
5. Implement proper cleanup
### Performance
1. Optimize camera resolution
2. Implement proper resource cleanup
3. Handle camera switching efficiently
@ -245,6 +259,7 @@ export async function createBuildConfig(mode: string) {
5. Battery usage optimization
### User Experience
1. Clear visual feedback
2. Camera preview
3. Scanning status indicators
@ -257,6 +272,7 @@ export async function createBuildConfig(mode: string) {
## Testing
### Test Scenarios
1. Permission handling
2. Camera switching
3. Error conditions
@ -267,6 +283,7 @@ export async function createBuildConfig(mode: string) {
8. Security validation
### Test Environment
- Multiple browsers
- iOS and Android devices
- Various network conditions
@ -275,6 +292,7 @@ export async function createBuildConfig(mode: string) {
## Dependencies
### Key Packages
- `@capacitor-mlkit/barcode-scanning`
- `qrcode-stream`
- `vue-qrcode-reader`
@ -283,12 +301,14 @@ export async function createBuildConfig(mode: string) {
## Maintenance
### Regular Updates
- Keep dependencies updated
- Monitor platform changes
- Update documentation
- Review security patches
### Performance Monitoring
- Track memory usage
- Monitor camera performance
- Check error rates
@ -436,6 +456,7 @@ The camera switching implementation includes comprehensive error handling:
- Camera switch timeout
2. **Error Response**
```typescript
private async handleCameraSwitch(deviceId: string): Promise<void> {
try {
@ -460,6 +481,7 @@ The camera switching implementation includes comprehensive error handling:
The camera system maintains several states:
1. **Camera States**
```typescript
type CameraState =
| "initializing" // Camera is being initialized
@ -529,6 +551,7 @@ The camera system maintains several states:
#### MLKit Barcode Scanner Configuration
1. **Plugin Setup**
```typescript
// capacitor.config.ts
const config: CapacitorConfig = {
@ -552,6 +575,7 @@ The camera system maintains several states:
```
2. **Camera Management**
```typescript
// CapacitorQRScanner.ts
export class CapacitorQRScanner implements QRScannerService {
@ -603,6 +627,7 @@ The camera system maintains several states:
```
3. **Camera State Management**
```typescript
// CapacitorQRScanner.ts
private async handleCameraState(): Promise<void> {
@ -645,6 +670,7 @@ The camera system maintains several states:
```
4. **Error Handling**
```typescript
// CapacitorQRScanner.ts
private async handleCameraError(error: Error): Promise<void> {
@ -737,6 +763,7 @@ The camera system maintains several states:
#### Performance Optimization
1. **Battery Usage**
```typescript
// CapacitorQRScanner.ts
private optimizeBatteryUsage(): void {
@ -759,6 +786,7 @@ The camera system maintains several states:
```
2. **Memory Management**
```typescript
// CapacitorQRScanner.ts
private async cleanupResources(): Promise<void> {

9
doc/secure-storage-implementation.md
View File

@ -111,6 +111,7 @@ export class AbsurdSqlDatabaseService implements PlatformService {
```
Key features:
- Uses absurd-sql for SQLite in the browser
- Implements operation queuing for thread safety
- Handles initialization and connection management
@ -143,6 +144,7 @@ async function getAccount(did: string): Promise<Account | undefined> {
When converting from Dexie.js to SQL-based implementation, follow these patterns:
1. **Database Access Pattern**
```typescript
// Before (Dexie)
const result = await db.table.where("field").equals(value).first();
@ -161,6 +163,7 @@ When converting from Dexie.js to SQL-based implementation, follow these patterns
```
2. **Update Operations**
```typescript
// Before (Dexie)
await db.table.where("id").equals(id).modify(changes);
@ -184,6 +187,7 @@ When converting from Dexie.js to SQL-based implementation, follow these patterns
```
3. **Insert Operations**
```typescript
// Before (Dexie)
await db.table.add(item);
@ -202,6 +206,7 @@ When converting from Dexie.js to SQL-based implementation, follow these patterns
```
4. **Delete Operations**
```typescript
// Before (Dexie)
await db.table.where("id").equals(id).delete();
@ -216,6 +221,7 @@ When converting from Dexie.js to SQL-based implementation, follow these patterns
```
5. **Result Processing**
```typescript
// Before (Dexie)
const items = await db.table.toArray();
@ -247,6 +253,7 @@ await databaseUtil.logConsoleAndDb(message, showInConsole);
```
Key Considerations:
- Always use `databaseUtil.mapQueryResultToValues()` to process SQL query results
- Use utility methods from `db/index.ts` when available instead of direct SQL
- Keep Dexie fallbacks wrapped in migration period checks
@ -254,6 +261,7 @@ Key Considerations:
- For updates/inserts/deletes, execute both SQL and Dexie operations during migration period
Example Migration:
```typescript
// Before (Dexie)
export async function updateSettings(settings: Settings): Promise<void> {
@ -274,6 +282,7 @@ export async function updateSettings(settings: Settings): Promise<void> {
```
Remember to:
- Create database access code to use the platform service, putting it in front of the Dexie version
- Instead of removing Dexie-specific code, keep it.

14
doc/sharebufferarray_spectre_security.md
View File

@ -4,11 +4,13 @@
## 1. Introduction to SharedArrayBuffer
### Overview
- `SharedArrayBuffer` is a JavaScript object that enables **shared memory** access between the main thread and Web Workers.
- Unlike `ArrayBuffer`, the memory is **not copied** between threads—allowing **true parallelism**.
- Paired with `Atomics`, it allows low-level memory synchronization (e.g., locks, waits).
### Example Use
```js
const sab = new SharedArrayBuffer(1024);
const sharedArray = new Uint8Array(sab);
@ -18,6 +20,7 @@ sharedArray[0] = 42;
## 2. Browser Security Requirements
### Security Headers Required to Use SharedArrayBuffer
Modern browsers **restrict access** to `SharedArrayBuffer` due to Spectre-class vulnerabilities.
The following **HTTP headers must be set** to enable it:
@ -28,23 +31,28 @@ Cross-Origin-Embedder-Policy: require-corp
```
### HTTPS Requirement
- Must be served over **HTTPS** (except `localhost` for dev).
- These headers enforce **cross-origin isolation**.
### Role of CORS
- CORS **alone is not sufficient**.
- However, embedded resources (like scripts and iframes) must still include proper CORS headers if they are to be loaded in a cross-origin isolated context.
## 3. Spectre Vulnerability
### What is Spectre?
- A class of **side-channel attacks** exploiting **speculative execution** in CPUs.
- Allows an attacker to read arbitrary memory from the same address space.
### Affected Architectures
- Intel, AMD, ARM — essentially **all modern processors**.
### Why It's Still a Concern
- It's a **hardware flaw**, not just a software bug.
- Can't be fully fixed in software without performance penalties.
- New Spectre **variants** (e.g., v2, RSB, BranchScope) continue to emerge.
@ -52,16 +60,19 @@ Cross-Origin-Embedder-Policy: require-corp
## 4. Mitigations and Current Limitations
### Browser Mitigations
- **Restricted precision** for `performance.now()`.
- **Disabled or gated** access to `SharedArrayBuffer`.
- **Reduced or removed** fine-grained timers.
### OS/Hardware Mitigations
- **Kernel Page Table Isolation (KPTI)**
- **Microcode updates**
- **Retpoline** compiler mitigations
### Developer Responsibilities
- Avoid sharing sensitive data across threads unless necessary.
- Use **constant-time cryptographic functions**.
- Assume timing attacks are **still possible**.
@ -70,10 +81,12 @@ Cross-Origin-Embedder-Policy: require-corp
## 5. Practical Development Notes
### Using SharedArrayBuffer Safely
- Ensure the site is **cross-origin isolated**:
- Serve all resources with appropriate **CORS policies** (`Cross-Origin-Resource-Policy`, `Access-Control-Allow-Origin`)
- Set the required **COOP/COEP headers**
- Validate support using:
```js
if (window.crossOriginIsolated) {
// Safe to use SharedArrayBuffer
@ -81,6 +94,7 @@ if (window.crossOriginIsolated) {
```
### Testing and Fallback
- Provide fallbacks to `ArrayBuffer` if isolation is not available.
- Document use cases clearly (e.g., high-performance WebAssembly applications or real-time audio/video processing).

29
doc/storage-implementation-checklist.md
View File

@ -3,6 +3,7 @@
## Core Services
### 1. Storage Service Layer
- [x] Create base `PlatformService` interface
- [x] Define common methods for all platforms
- [x] Add platform-specific method signatures
@ -25,6 +26,7 @@
- [ ] File system access
### 2. Migration Services
- [x] Implement basic migration support
- [x] Dual-storage pattern (SQLite + Dexie)
- [x] Basic data verification
@ -37,6 +39,7 @@
- [ ] Manual triggers
### 3. Security Layer
- [x] Basic data integrity
- [ ] Implement `EncryptionService` (planned)
- [ ] Key management
@ -50,14 +53,17 @@
## Platform-Specific Implementation
### Web Platform
- [x] Setup absurd-sql
- [x] Install dependencies
```json
{
"@jlongster/sql.js": "^1.8.0",
"absurd-sql": "^1.8.0"
}
```
- [x] Configure VFS with IndexedDB backend
- [x] Setup worker threads
- [x] Implement operation queuing
@ -83,6 +89,7 @@
- [x] Implement atomic operations
### iOS Platform (Planned)
- [ ] Setup SQLCipher
- [ ] Install pod dependencies
- [ ] Configure encryption
@ -96,6 +103,7 @@
- [ ] Setup app groups
### Android Platform (Planned)
- [ ] Setup SQLCipher
- [ ] Add Gradle dependencies
- [ ] Configure encryption
@ -109,6 +117,7 @@
- [ ] Setup file provider
### Electron Platform (Planned)
- [ ] Setup Node SQLite
- [ ] Install dependencies
- [ ] Configure IPC
@ -124,6 +133,7 @@
## Data Models and Types
### 1. Database Schema
- [x] Define tables
```sql
@ -166,6 +176,7 @@
### 2. Type Definitions
- [x] Create interfaces
```typescript
interface Account {
did: string;
@ -197,6 +208,7 @@
## UI Components
### 1. Migration UI (Planned)
- [ ] Create components
- [ ] `MigrationProgress.vue`
- [ ] `MigrationError.vue`
@ -204,6 +216,7 @@
- [ ] `MigrationStatus.vue`
### 2. Settings UI (Planned)
- [ ] Update components
- [ ] Add storage settings
- [ ] Add migration controls
@ -211,6 +224,7 @@
- [ ] Add security settings
### 3. Error Handling UI (Planned)
- [ ] Create components
- [ ] `StorageError.vue`
- [ ] `QuotaExceeded.vue`
@ -220,6 +234,7 @@
## Testing
### 1. Unit Tests
- [x] Basic service tests
- [x] Platform service tests
- [x] Database operation tests
@ -227,6 +242,7 @@
- [ ] Platform detection tests (planned)
### 2. Integration Tests (Planned)
- [ ] Test migrations
- [ ] Web platform tests
- [ ] iOS platform tests
@ -234,6 +250,7 @@
- [ ] Electron platform tests
### 3. E2E Tests (Planned)
- [ ] Test workflows
- [ ] Account management
- [ ] Settings management
@ -243,12 +260,14 @@
## Documentation
### 1. Technical Documentation
- [x] Update architecture docs
- [x] Add API documentation
- [ ] Create migration guides (planned)
- [ ] Document security measures (planned)
### 2. User Documentation (Planned)
- [ ] Update user guides
- [ ] Add troubleshooting guides
- [ ] Create FAQ
@ -257,12 +276,14 @@
## Deployment
### 1. Build Process
- [x] Update build scripts
- [x] Add platform-specific builds
- [ ] Configure CI/CD (planned)
- [ ] Setup automated testing (planned)
### 2. Release Process (Planned)
- [ ] Create release checklist
- [ ] Add version management
- [ ] Setup rollback procedures
@ -271,12 +292,14 @@
## Monitoring and Analytics (Planned)
### 1. Error Tracking
- [ ] Setup error logging
- [ ] Add performance monitoring
- [ ] Configure alerts
- [ ] Create dashboards
### 2. Usage Analytics
- [ ] Add storage metrics
- [ ] Track migration success
- [ ] Monitor performance
@ -285,12 +308,14 @@
## Security Audit (Planned)
### 1. Code Review
- [ ] Review encryption
- [ ] Check access controls
- [ ] Verify data handling
- [ ] Audit dependencies
### 2. Penetration Testing
- [ ] Test data access
- [ ] Verify encryption
- [ ] Check authentication
@ -299,6 +324,7 @@
## Success Criteria
### 1. Performance
- [x] Query response time < 100ms
- [x] Operation queuing for thread safety
- [x] Proper initialization handling
@ -307,6 +333,7 @@
- [ ] Memory usage < 50MB (planned)
### 2. Reliability
- [x] Basic data integrity
- [x] Operation queuing
- [ ] Automatic recovery (planned)
@ -315,6 +342,7 @@
- [ ] Data consistency (planned)
### 3. Security
- [x] Basic data integrity
- [ ] AES-256 encryption (planned)
- [ ] Secure key storage (planned)
@ -322,6 +350,7 @@
- [ ] Audit logging (planned)
### 4. User Experience
- [x] Basic database operations
- [ ] Smooth migration (planned)
- [ ] Clear error messages (planned)

35
doc/usage-guide.md
View File

@ -53,7 +53,6 @@ header-includes:
\clearpage
# Purpose of Document
Both end-users and development team members need to know how to use TimeSafari.
@ -90,14 +89,16 @@ development environment. This section will guide you through the process.
## Prerequisites
1. Have the following installed on your local machine:
- Node.js and NPM
- A web browser. For this guide, we will use Google Chrome.
- Git
- A code editor
- Node.js and NPM
- A web browser. For this guide, we will use Google Chrome.
- Git
- A code editor
2. Create an API key on Infura. This is necessary for the Endorser API to connect to the Ethereum
blockchain.
- You can create an account on Infura [here](https://infura.io/).\
- You can create an account on Infura [here](https://infura.io/).\
Click "CREATE NEW API KEY" and label the key. Then click "API Keys" in the top menu bar to
be taken back to the list of keys.
@ -105,23 +106,23 @@ development environment. This section will guide you through the process.
![](images/01_infura-api-keys.png){ width=550px }
- Go to the key detail page. Then click "MANAGE API KEY".
- Go to the key detail page. Then click "MANAGE API KEY".
![](images/02-infura-key-detail.png){ width=550px }
- Click the copy and paste button next to the string of alphanumeric characters.\
- Click the copy and paste button next to the string of alphanumeric characters.\
This is your API, also known as your project ID.
![](images/03-infura-api-key-id.png){width=550px }
- Save this for later during the Endorser API setup. This will go in your `INFURA_PROJECT_ID`
- Save this for later during the Endorser API setup. This will go in your `INFURA_PROJECT_ID`
environment variable.
## Setup steps
### 1. Clone the following repositories from their respective Git hosts:
- [TimeSafari Frontend](https://gitea.anomalistdesign.com/trent_larson/crowd-funder-for-time-pwa)\
### 1. Clone the following repositories from their respective Git hosts
- [TimeSafari Frontend](https://gitea.anomalistdesign.com/trent_larson/crowd-funder-for-time-pwa)\
This is a Progressive Web App (PWA) built with VueJS and TypeScript.
Note that the clone command here is different from the one you would use for GitHub.
@ -130,7 +131,7 @@ git clone git clone \
ssh://git@gitea.anomalistdesign.com:222/trent_larson/crowd-funder-for-time-pwa.git
```
- [TimeSafari Backend - Endorser API](https://github.com/trentlarson/endorser-ch)\
- [TimeSafari Backend - Endorser API](https://github.com/trentlarson/endorser-ch)\
This is a NodeJS service providing the backend for TimeSafari.
```bash
@ -157,21 +158,25 @@ second user to the app.
1. Install dependencies and environment variables.\
In endorser-ch install dependencies and set up environment variables to allow starting it up in
development mode.
```bash
cd endorser-ch
npm clean install # or npm ci
cp .env.local .env
```
Edit the .env file's INFURA_PROJECT_ID with the value you saved earlier in the
prerequisites.\
Then create the SQLite database by running `npm run flyway migrate` with environment variables
set correctly to select the default SQLite development user as follows.
```bash
export NODE_ENV=dev
export DBUSER=sa
export DBPASS=sasa
npm run flyway migrate
```
The first run of flyway migrate may take some time to complete because the entire Flyway
distribution must be downloaded prior to executing migrations.
@ -254,7 +259,7 @@ A Flyway report has been generated here: /Users/kbull/code/timesafari/endorser-c
In our case this DID is:\
`did:ethr:0xe4B783c74c8B0e229524e44d0cD898D272E02CD6`
- Add that DID to the following echoed SQL statement where it says `YOUR_DID`
- Add that DID to the following echoed SQL statement where it says `YOUR_DID`
```bash
echo "INSERT INTO registration (did, maxClaims, maxRegs, epoch)
@ -268,7 +273,7 @@ A Flyway report has been generated here: /Users/kbull/code/timesafari/endorser-c
`endorser-ch` creates the SQLite database it depends on it creates it in the parent directory
of `endorser-ch`.
- You can verify with an SQL browser tool that your record has been added to the `registration`
- You can verify with an SQL browser tool that your record has been added to the `registration`
table.
![](images/08-endorser-sqlite-row-added.png){width=350px}

32
docker/README.md
View File

@ -155,6 +155,7 @@ VITE_PASSKEYS_ENABLED=true
## Build Modes
### Development Mode
- **Target**: `development`
- **Features**: Hot reloading, development server
- **Port**: 5173
@ -168,6 +169,7 @@ docker build --target development -t timesafari:dev .
```
### Staging Mode
- **Target**: `staging`
- **Features**: Production build with relaxed caching
- **Port**: 8080 (mapped from 80)
@ -181,6 +183,7 @@ docker build --build-arg BUILD_MODE=staging -t timesafari:staging .
```
### Production Mode
- **Target**: `production`
- **Features**: Optimized production build
- **Port**: 80
@ -194,6 +197,7 @@ docker build -t timesafari:latest .
```
### Custom Mode
- **Target**: Configurable via `BUILD_TARGET`
- **Features**: Fully configurable
- **Port**: Configurable via `CUSTOM_PORT`
@ -250,6 +254,7 @@ docker-compose up staging
## Security Features
### Built-in Security
- **Non-root user execution**: All containers run as non-root users
- **Security headers**: XSS protection, content type options, frame options
- **Rate limiting**: API request rate limiting
@ -257,6 +262,7 @@ docker-compose up staging
- **Minimal attack surface**: Alpine Linux base images
### Security Headers
- `X-Frame-Options: SAMEORIGIN`
- `X-Content-Type-Options: nosniff`
- `X-XSS-Protection: 1; mode=block`
@ -266,17 +272,20 @@ docker-compose up staging
## Performance Optimizations
### Caching Strategy
- **Static assets**: 1 year cache with immutable flag (production)
- **HTML files**: 1 hour cache (production) / no cache (staging)
- **Service worker**: No cache
- **Manifest**: 1 day cache (production) / 1 hour cache (staging)
### Compression
- **Gzip compression**: Enabled for text-based files
- **Compression level**: 6 (balanced)
- **Minimum size**: 1024 bytes
### Nginx Optimizations
- **Sendfile**: Enabled for efficient file serving
- **TCP optimizations**: nopush and nodelay enabled
- **Keepalive**: 65 second timeout
@ -285,19 +294,23 @@ docker-compose up staging
## Health Checks
### Built-in Health Checks
All services include health checks that:
- Check every 30 seconds
- Timeout after 10 seconds
- Retry 3 times before marking unhealthy
- Start checking after 40 seconds
### Health Check Endpoints
- **Production/Staging**: `http://localhost/health`
- **Development**: `http://localhost:5173`
## SSL/HTTPS Setup
### SSL Certificates
For SSL deployment, create an `ssl` directory with certificates:
```bash
@ -308,6 +321,7 @@ cp your-key.pem ssl/
```
### SSL Configuration
Use the `production-ssl` service in docker-compose:
```bash
@ -317,10 +331,12 @@ docker-compose up production-ssl
## Monitoring and Logging
### Log Locations
- **Access logs**: `/var/log/nginx/access.log`
- **Error logs**: `/var/log/nginx/error.log`
### Log Format
```
$remote_addr - $remote_user [$time_local] "$request"
$status $body_bytes_sent "$http_referer"
@ -328,6 +344,7 @@ $status $body_bytes_sent "$http_referer"
```
### Log Levels
- **Production**: `warn` level
- **Staging**: `debug` level
- **Development**: Full logging
@ -337,6 +354,7 @@ $status $body_bytes_sent "$http_referer"
### Common Issues
#### Build Failures
```bash
# Check build logs
docker build -t timesafari:latest . 2>&1 | tee build.log
@ -349,6 +367,7 @@ docker run --rm timesafari:latest npm list --depth=0
```
#### Container Won't Start
```bash
# Check container logs
docker logs <container_id>
@ -361,6 +380,7 @@ netstat -tulpn | grep :80
```
#### Environment Variables Not Set
```bash
# Check environment in container
docker exec <container_id> env | grep VITE_
@ -373,6 +393,7 @@ cat .env.production
```
#### Performance Issues
```bash
# Check container resources
docker stats <container_id>
@ -387,6 +408,7 @@ docker exec <container_id> tail -f /var/log/nginx/access.log
### Debug Commands
#### Container Debugging
```bash
# Enter running container
docker exec -it <container_id> /bin/sh
@ -399,6 +421,7 @@ docker exec <container_id> ls -la /usr/share/nginx/html
```
#### Network Debugging
```bash
# Check container network
docker network inspect bridge
@ -413,6 +436,7 @@ docker exec <container_id> nslookup google.com
## Production Deployment
### Recommended Production Setup
1. **Use specific version tags**: `timesafari:1.0.0`
2. **Implement health checks**: Already included
3. **Configure proper logging**: Use external log aggregation
@ -420,6 +444,7 @@ docker exec <container_id> nslookup google.com
5. **Use Docker secrets**: For sensitive data
### Production Commands
```bash
# Build with specific version
docker build -t timesafari:1.0.0 .
@ -442,6 +467,7 @@ docker run -d --name timesafari -p 80:80 --restart unless-stopped --env-file .en
## Development Workflow
### Local Development
```bash
# Start development environment
./docker/run.sh dev
@ -454,6 +480,7 @@ docker-compose down dev
```
### Testing Changes
```bash
# Build and test staging
./docker/run.sh staging
@ -463,6 +490,7 @@ docker-compose down dev
```
### Continuous Integration
```bash
# Build and test in CI
docker build -t timesafari:test .
@ -479,6 +507,7 @@ docker rm timesafari-test
## Best Practices
### Security
- Always use non-root users
- Keep base images updated
- Scan images for vulnerabilities
@ -486,6 +515,7 @@ docker rm timesafari-test
- Implement proper access controls
### Performance
- Use multi-stage builds
- Optimize layer caching
- Minimize image size
@ -493,6 +523,7 @@ docker rm timesafari-test
- Implement proper caching
### Monitoring
- Use health checks
- Monitor resource usage
- Set up log aggregation
@ -500,6 +531,7 @@ docker rm timesafari-test
- Use proper error handling
### Maintenance
- Regular security updates
- Monitor for vulnerabilities
- Keep dependencies updated

29
electron/README-BUILDING.md
View File

@ -18,6 +18,7 @@ This guide covers building and running the TimeSafari Electron application for d
## Quick Start
### Development Mode
```bash
# Start development server
npm run build:electron:dev
@ -28,6 +29,7 @@ npm run electron:start
```
### Production Builds
```bash
# Build for current platform
npm run build:electron:prod
@ -48,16 +50,19 @@ npm run build:electron:deb # Linux DEB package
The Electron app enforces single instance operation to prevent database conflicts and resource contention:
### Implementation
- Uses Electron's built-in `app.requestSingleInstanceLock()`
- Second instances exit immediately with user-friendly message
- Existing instance focuses and shows informational dialog
### Behavior
- **First instance**: Starts normally and acquires lock
- **Second instance**: Detects existing instance, exits immediately
- **User experience**: Clear messaging about single instance requirement
### Benefits
- Prevents database corruption from concurrent access
- Avoids resource conflicts
- Maintains data integrity
@ -66,6 +71,7 @@ The Electron app enforces single instance operation to prevent database conflict
## Build Configuration
### Environment Modes
```bash
# Development (default)
npm run build:electron:dev
@ -78,6 +84,7 @@ npm run build:electron:prod
```
### Platform-Specific Builds
```bash
# Windows
npm run build:electron:windows:dev
@ -96,6 +103,7 @@ npm run build:electron:linux:prod
```
### Package Types
```bash
# Linux AppImage
npm run build:electron:appimage:dev
@ -116,26 +124,31 @@ npm run build:electron:deb:prod
## Platform-Specific Requirements
### Windows
- Windows 10+ (64-bit)
- Visual Studio Build Tools (for native modules)
### macOS
- macOS 10.15+ (Catalina)
- Xcode Command Line Tools
- Code signing certificate (for distribution)
### Linux
- Ubuntu 18.04+ / Debian 10+ / CentOS 7+
- Development headers for native modules
## Database Configuration
### SQLite Integration
- Uses native Node.js SQLite3 for Electron
- Database stored in user's app data directory
- Automatic migration from IndexedDB (if applicable)
### Single Instance Protection
- File-based locking prevents concurrent database access
- Automatic cleanup on app exit
- Graceful handling of lock conflicts
@ -143,11 +156,13 @@ npm run build:electron:deb:prod
## Security Features
### Content Security Policy
- Strict CSP in production builds
- Development mode allows localhost connections
- Automatic configuration based on build mode
### Auto-Updater
- Disabled in development mode
- Production builds check for updates automatically
- AppImage builds skip update checks
@ -157,6 +172,7 @@ npm run build:electron:deb:prod
### Common Issues
#### Build Failures
```bash
# Clean and rebuild
npm run clean:electron
@ -164,6 +180,7 @@ npm run build:electron:dev
```
#### Native Module Issues
```bash
# Rebuild native modules
cd electron
@ -171,16 +188,19 @@ npm run electron:rebuild
```
#### Single Instance Conflicts
- Ensure no other TimeSafari instances are running
- Check for orphaned processes: `ps aux | grep electron`
- Restart system if necessary
#### Database Issues
- Check app data directory permissions
- Verify SQLite database integrity
- Clear app data if corrupted
### Debug Mode
```bash
# Enable debug logging
DEBUG=* npm run build:electron:dev
@ -203,6 +223,7 @@ electron/
## Development Workflow
1. **Start Development**
```bash
npm run build:electron:dev
```
@ -212,11 +233,13 @@ electron/
- Changes auto-reload in development
3. **Test Build**
```bash
npm run build:electron:test
```
4. **Production Build**
```bash
npm run build:electron:prod
```
@ -224,16 +247,19 @@ electron/
## Performance Considerations
### Memory Usage
- Monitor renderer process memory
- Implement proper cleanup in components
- Use efficient data structures
### Startup Time
- Lazy load non-critical modules
- Optimize database initialization
- Minimize synchronous operations
### Database Performance
- Use transactions for bulk operations
- Implement proper indexing
- Monitor query performance
@ -251,16 +277,19 @@ electron/
## Deployment
### Distribution
- Windows: `.exe` installer
- macOS: `.dmg` disk image
- Linux: `.AppImage` or `.deb` package
### Code Signing
- Windows: Authenticode certificate
- macOS: Developer ID certificate
- Linux: GPG signing (optional)
### Auto-Updates
- Configured for production builds
- Disabled for development and AppImage
- Handles update failures gracefully

32
electron/README.md
View File

@ -56,21 +56,25 @@ npm run build:electron:dmg:prod
```
**Stage 1: Web Build**
- Vite builds web assets with Electron configuration
- Environment variables loaded based on build mode
- Assets optimized for desktop application
**Stage 2: Capacitor Sync**
- Copies web assets to Electron app directory
- Syncs Capacitor configuration and plugins
- Prepares native module bindings
**Stage 3: TypeScript Compile**
- Compiles Electron main process TypeScript
- Rebuilds native modules for target platform
- Generates production-ready JavaScript
**Stage 4: Package Creation**
- Creates platform-specific installers
- Generates distribution packages
- Signs applications (when configured)
@ -82,6 +86,7 @@ npm run build:electron:dmg:prod
**Purpose**: Local development and testing
**Command**: `npm run build:electron:dev`
**Features**:
- Hot reload enabled
- Debug tools available
- Development logging
@ -92,6 +97,7 @@ npm run build:electron:dmg:prod
**Purpose**: Staging and testing environments
**Command**: `npm run build:electron -- --mode test`
**Features**:
- Test API endpoints
- Staging configurations
- Optimized for testing
@ -102,6 +108,7 @@ npm run build:electron:dmg:prod
**Purpose**: Production deployment
**Command**: `npm run build:electron -- --mode production`
**Features**:
- Production optimizations
- Code minification
- Security hardening
@ -116,6 +123,7 @@ npm run build:electron:dmg:prod
**Command**: `npm run build:electron:windows:prod`
**Features**:
- NSIS installer with custom options
- Desktop and Start Menu shortcuts
- Elevation permissions for installation
@ -128,6 +136,7 @@ npm run build:electron:dmg:prod
**Command**: `npm run build:electron:mac:prod`
**Features**:
- Universal binary (x64 + arm64)
- DMG installer with custom branding
- App Store compliance (when configured)
@ -140,6 +149,7 @@ npm run build:electron:dmg:prod
**Command**: `npm run build:electron:linux:prod`
**Features**:
- AppImage for universal distribution
- DEB package for Debian-based systems
- RPM package for Red Hat-based systems
@ -152,6 +162,7 @@ npm run build:electron:dmg:prod
**Format**: Self-contained Linux executable
**Command**: `npm run build:electron:appimage:prod`
**Features**:
- Single file distribution
- No installation required
- Portable across Linux distributions
@ -162,6 +173,7 @@ npm run build:electron:dmg:prod
**Format**: Debian package installer
**Command**: `npm run build:electron:deb:prod`
**Features**:
- Native package management
- Dependency resolution
- System integration
@ -172,6 +184,7 @@ npm run build:electron:dmg:prod
**Format**: macOS disk image
**Command**: `npm run build:electron:dmg:prod`
**Features**:
- Native macOS installer
- Custom branding and layout
- Drag-and-drop installation
@ -293,6 +306,7 @@ Local Electron scripts for building:
### Environment Variables
**Development**:
```bash
VITE_API_URL=http://localhost:3000
VITE_DEBUG=true
@ -301,6 +315,7 @@ VITE_ENABLE_DEV_TOOLS=true
```
**Testing**:
```bash
VITE_API_URL=https://test-api.timesafari.com
VITE_DEBUG=false
@ -309,6 +324,7 @@ VITE_ENABLE_DEV_TOOLS=false
```
**Production**:
```bash
VITE_API_URL=https://api.timesafari.com
VITE_DEBUG=false
@ -347,6 +363,7 @@ electron/
### Common Issues
**TypeScript Compilation Errors**:
```bash
# Clean and rebuild
npm run clean:electron
@ -354,18 +371,21 @@ cd electron && npm run build
```
**Native Module Issues**:
```bash
# Rebuild native modules
cd electron && npm run build
```
**Asset Copy Issues**:
```bash
# Verify Capacitor sync
npx cap sync electron
```
**Package Creation Failures**:
```bash
# Check electron-builder configuration
# Verify platform-specific requirements
@ -375,16 +395,19 @@ npx cap sync electron
### Platform-Specific Issues
**Windows**:
- Ensure Windows Build Tools installed
- Check NSIS installation
- Verify code signing certificates
**macOS**:
- Install Xcode Command Line Tools
- Configure code signing certificates
- Check app notarization requirements
**Linux**:
- Install required packages (rpm-tools, etc.)
- Check AppImage dependencies
- Verify desktop integration
@ -394,11 +417,13 @@ npx cap sync electron
### Build Performance
**Parallel Builds**:
- Use concurrent TypeScript compilation
- Optimize asset copying
- Minimize file system operations
**Caching Strategies**:
- Cache node_modules between builds
- Cache compiled TypeScript
- Cache web assets when unchanged
@ -406,11 +431,13 @@ npx cap sync electron
### Runtime Performance
**Application Startup**:
- Optimize main process initialization
- Minimize startup dependencies
- Use lazy loading for features
**Memory Management**:
- Monitor memory usage
- Implement proper cleanup
- Optimize asset loading
@ -420,16 +447,19 @@ npx cap sync electron
### Code Signing
**Windows**:
- Authenticode code signing
- EV certificate for SmartScreen
- Timestamp server configuration
**macOS**:
- Developer ID code signing
- App notarization
- Hardened runtime
**Linux**:
- GPG signing for packages
- AppImage signing
- Package verification
@ -437,12 +467,14 @@ npx cap sync electron
### Security Hardening
**Production Builds**:
- Disable developer tools
- Remove debug information
- Enable security policies
- Implement sandboxing
**Update Security**:
- Secure update channels
- Package integrity verification
- Rollback capabilities

15
ios/App/app_privacy_manifest_fixer/CHANGELOG.md
View File

@ -1,30 +1,38 @@
## 1.4.1
- Fix macOS app re-signing issue.
- Automatically enable Hardened Runtime in macOS codesign.
- Add clean script.
## 1.4.0
- Support for macOS app ([#9](https://github.com/crasowas/app_privacy_manifest_fixer/issues/9)).
## 1.3.11
- Fix install issue by skipping `PBXAggregateTarget` ([#4](https://github.com/crasowas/app_privacy_manifest_fixer/issues/4)).
## 1.3.10
- Fix app re-signing issue.
- Enhance Build Phases script robustness.
## 1.3.9
- Add log file output.
## 1.3.8
- Add version info to privacy access report.
- Remove empty tables from privacy access report.
## 1.3.7
- Enhance API symbols analysis with strings tool.
- Improve performance of API usage analysis.
## 1.3.5
- Fix issue with inaccurate privacy manifest search.
- Disable dependency analysis to force the script to run on every build.
- Add placeholder for privacy access report.
@ -32,27 +40,34 @@
- Add examples for privacy access report.
## 1.3.0
- Add privacy access report generation.
## 1.2.3
- Fix issue with relative path parameter.
- Add support for all application targets.
## 1.2.1
- Fix backup issue with empty user templates directory.
## 1.2.0
- Add uninstall script.
## 1.1.2
- Remove `Templates/.gitignore` to track `UserTemplates`.
- Fix incorrect use of `App.xcprivacy` template in `App.framework`.
## 1.1.0
- Add logs for latest release fetch failure.
- Fix issue with converting published time to local time.
- Disable showing environment variables in the build log.
- Add `--install-builds-only` command line option.
## 1.0.0
- Initial version.

7
ios/App/app_privacy_manifest_fixer/README.md
View File

@ -150,6 +150,7 @@ The privacy manifest templates are stored in the [`Templates`](https://github.co
### Template Types
The templates are categorized as follows:
- **AppTemplate.xcprivacy**: A privacy manifest template for the app.
- **FrameworkTemplate.xcprivacy**: A generic privacy manifest template for frameworks.
- **FrameworkName.xcprivacy**: A privacy manifest template for a specific framework, available only in the `Templates/UserTemplates` directory.
@ -157,20 +158,24 @@ The templates are categorized as follows:
### Template Priority
For an app, the priority of privacy manifest templates is as follows:
- `Templates/UserTemplates/AppTemplate.xcprivacy` > `Templates/AppTemplate.xcprivacy`
For a specific framework, the priority of privacy manifest templates is as follows:
- `Templates/UserTemplates/FrameworkName.xcprivacy` > `Templates/UserTemplates/FrameworkTemplate.xcprivacy` > `Templates/FrameworkTemplate.xcprivacy`
### Default Templates
The default templates are located in the `Templates` root directory and currently include the following templates:
- `Templates/AppTemplate.xcprivacy`
- `Templates/FrameworkTemplate.xcprivacy`
These templates will be modified based on the API usage analysis results, especially the `NSPrivacyAccessedAPIType` entries, to generate new privacy manifests for fixes, ensuring compliance with App Store requirements.
**If adjustments to the privacy manifest template are needed, such as in the following scenarios, avoid directly modifying the default templates. Instead, use a custom template. If a custom template with the same name exists, it will take precedence over the default template for fixes.**
- Generating a non-compliant privacy manifest due to inaccurate API usage analysis.
- Modifying the reason declared in the template.
- Adding declarations for collected data.
@ -198,6 +203,7 @@ The privacy access API categories and their associated declared reasons in `Fram
### Custom Templates
To create custom templates, place them in the `Templates/UserTemplates` directory with the following structure:
- `Templates/UserTemplates/AppTemplate.xcprivacy`
- `Templates/UserTemplates/FrameworkTemplate.xcprivacy`
- `Templates/UserTemplates/FrameworkName.xcprivacy`
@ -205,6 +211,7 @@ To create custom templates, place them in the `Templates/UserTemplates` director
Among these templates, only `FrameworkTemplate.xcprivacy` will be modified based on the API usage analysis results to adjust the `NSPrivacyAccessedAPIType` entries, thereby generating a new privacy manifest for framework fixes. The other templates will remain unchanged and will be directly used for fixes.
**Important Notes:**
- The template for a specific framework must follow the naming convention `FrameworkName.xcprivacy`, where `FrameworkName` should match the name of the framework. For example, the template for `Flutter.framework` should be named `Flutter.xcprivacy`.
- For macOS frameworks, the naming convention should be `FrameworkName.Version.xcprivacy`, where the version name is added to distinguish different versions. For a single version macOS framework, the `Version` is typically `A`.
- The name of an SDK may not exactly match the name of the framework. To determine the correct framework name, check the `Frameworks` directory in the application bundle after building the project.

7
ios/App/app_privacy_manifest_fixer/README.zh-CN.md
View File

@ -150,6 +150,7 @@ sh clean.sh
### 模板类型
模板分为以下几类:
- **AppTemplate.xcprivacy**:App 的隐私清单模板。
- **FrameworkTemplate.xcprivacy**:通用的 Framework 隐私清单模板。
- **FrameworkName.xcprivacy**:特定的 Framework 隐私清单模板,仅在`Templates/UserTemplates`目录有效。
@ -157,20 +158,24 @@ sh clean.sh
### 模板优先级
对于 App,隐私清单模板的优先级如下:
- `Templates/UserTemplates/AppTemplate.xcprivacy` > `Templates/AppTemplate.xcprivacy`
对于特定的 Framework,隐私清单模板的优先级如下:
- `Templates/UserTemplates/FrameworkName.xcprivacy` > `Templates/UserTemplates/FrameworkTemplate.xcprivacy` > `Templates/FrameworkTemplate.xcprivacy`
### 默认模板
默认模板位于`Templates`根目录,目前包括以下模板:
- `Templates/AppTemplate.xcprivacy`
- `Templates/FrameworkTemplate.xcprivacy`
这些模板将根据 API 使用分析结果进行修改,特别是`NSPrivacyAccessedAPIType`条目将被调整,以生成新的隐私清单用于修复,确保符合 App Store 要求。
**如果需要调整隐私清单模板,例如以下场景,请避免直接修改默认模板,而是使用自定义模板。如果存在相同名称的自定义模板,它将优先于默认模板用于修复。**
- 由于 API 使用分析结果不准确,生成了不合规的隐私清单。
- 需要修改模板中声明的理由。
- 需要声明收集的数据。
@ -198,6 +203,7 @@ sh clean.sh
### 自定义模板
要创建自定义模板,请将其放在`Templates/UserTemplates`目录,结构如下:
- `Templates/UserTemplates/AppTemplate.xcprivacy`
- `Templates/UserTemplates/FrameworkTemplate.xcprivacy`
- `Templates/UserTemplates/FrameworkName.xcprivacy`
@ -205,6 +211,7 @@ sh clean.sh
在这些模板中,只有`FrameworkTemplate.xcprivacy`会根据 API 使用分析结果对`NSPrivacyAccessedAPIType`条目进行调整,以生成新的隐私清单用于 Framework 修复。其他模板保持不变,将直接用于修复。
**重要说明:**
- 特定的 Framework 模板必须遵循命名规范`FrameworkName.xcprivacy`,其中`FrameworkName`需与 Framework 的名称匹配。例如`Flutter.framework`的模板应命名为`Flutter.xcprivacy`。
- 对于 macOS Framework,应遵循命名规范`FrameworkName.Version.xcprivacy`,额外增加版本名称用于区分不同的版本。对于单一版本的 macOS Framework,`Version`通常为`A`。
- SDK 的名称可能与 Framework 的名称不完全一致。要确定正确的 Framework 名称,请在构建项目后检查 App 包中的`Frameworks`目录。

18
package.json
View File

@ -31,6 +31,7 @@
"build:native": "vite build && npx cap sync && npx capacitor-assets generate",
"assets:config": "npx tsx scripts/assets-config.ts",
"assets:validate": "npx tsx scripts/assets-validator.ts",
"assets:validate:android": "./scripts/build-android.sh --assets-only",
"assets:clean": "rimraf android/app/src/main/res/mipmap-* ios/App/App/Assets.xcassets/**/AppIcon*.png ios/App/App/Assets.xcassets/**/Splash*.png || true",
"build:ios": "./scripts/build-ios.sh",
"build:ios:dev": "./scripts/build-ios.sh --dev",
@ -98,6 +99,13 @@
"build:electron:dmg:dev": "./scripts/build-electron.sh --dev --dmg",
"build:electron:dmg:test": "./scripts/build-electron.sh --test --dmg",
"build:electron:dmg:prod": "./scripts/build-electron.sh --prod --dmg",
"markdown:fix": "./scripts/fix-markdown.sh",
"markdown:check": "./scripts/validate-markdown.sh",
"markdown:setup": "./scripts/setup-markdown-hooks.sh",
"prepare": "husky",
"guard": "bash ./scripts/build-arch-guard.sh",
"guard:test": "bash ./scripts/build-arch-guard.sh --staged",
"guard:setup": "npm run prepare && echo '✅ Build Architecture Guard is now active!'",
"clean:android": "./scripts/clean-android.sh",
"clean:ios": "rm -rf ios/App/build ios/App/Pods ios/App/output ios/App/App/public ios/DerivedData ios/capacitor-cordova-ios-plugins ios/App/App/capacitor.config.json ios/App/App/config.xml || true",
"clean:electron": "./scripts/build-electron.sh --clean",
@ -124,6 +132,12 @@
"build:android:dev:run:custom": "./scripts/build-android.sh --dev --api-ip --auto-run",
"build:android:test:run:custom": "./scripts/build-android.sh --test --api-ip --auto-run"
},
"lint-staged": {
"*.{js,ts,vue,css,md,json,yml,yaml}": "eslint --fix || true"
},
"commitlint": {
"extends": ["@commitlint/config-conventional"]
},
"dependencies": {
"@capacitor-community/electron": "^5.0.1",
"@capacitor-community/sqlite": "6.0.2",
@ -243,6 +257,10 @@
"jest": "^30.0.4",
"markdownlint": "^0.37.4",
"markdownlint-cli": "^0.44.0",
"husky": "^9.0.11",
"lint-staged": "^15.2.2",
"@commitlint/cli": "^18.6.1",
"@commitlint/config-conventional": "^18.6.2",
"npm-check-updates": "^17.1.13",
"path-browserify": "^1.0.1",
"postcss": "^8.4.38",

47
pull_request_template.md
View File

@ -0,0 +1,47 @@
# Build Architecture Guard PR Template
## Change Level
- [ ] Level: **L1** / **L2** / **L3** (pick one)
**Why:** …
## Scope & Impact
- [ ] Files & platforms touched: …
- [ ] Risk triggers (env / script flow / packaging / SW+WASM /
Docker / signing): …
- [ ] Mitigations/validation done: …
## Commands Run (paste exact logs/snips)
- [ ] Web: `npm run build:web` / `:prod`
- [ ] Electron: `npm run build:electron:dev` / package step
- [ ] Mobile: `npm run build:android:test` / iOS equivalent
- [ ] Clean/auto-run impacted scripts
## Artifacts
- [ ] Names + **sha256** of artifacts/installers:
Artifacts:
```text
<name-1> <sha256-1>
<name-2> <sha256-2>
```
## Docs
- [ ] **BUILDING.md** updated (sections): …
- [ ] Troubleshooting updated (if applicable)
## Rollback
- [ ] Verified steps (1–3 cmds) to restore previous behavior
## L3 only
- [ ] ADR link:
ADR: https://…

3
resources/README.md
View File

@ -27,12 +27,14 @@ resources/
## Asset Requirements
### Icon Requirements
- **Format**: PNG
- **Size**: 1024x1024 pixels minimum
- **Background**: Transparent or solid color
- **Content**: App logo/icon
### Splash Screen Requirements
- **Format**: PNG
- **Size**: 1242x2688 pixels (iPhone 11 Pro Max size)
- **Background**: Solid color or gradient
@ -70,6 +72,7 @@ Asset generation is configured in `capacitor-assets.config.json` at the project
## Build Integration
Assets are automatically generated as part of the build process:
- `npm run build:android` - Generates Android assets
- `npm run build:ios` - Generates iOS assets
- `npm run build:web` - Generates web assets

7
scripts/README.md
View File

@ -31,6 +31,7 @@ All scripts automatically handle environment variables for different build types
#### Automatic Environment Setup
Each script automatically:
1. **Sets platform-specific variables** based on build type
2. **Gets git hash** for versioning (`VITE_GIT_HASH`)
3. **Creates application directories** (`~/.local/share/TimeSafari/timesafari`)
@ -104,6 +105,7 @@ exit 0
## Benefits of Unification
### Before (Redundant)
```bash
# Each script had 50+ lines of duplicate code:
readonly RED='\033[0;31m'
@ -121,6 +123,7 @@ export VITE_PWA_ENABLED=false
```
### After (Unified)
```bash
# Each script is now ~20 lines of focused logic:
source "$(dirname "$0")/common.sh"
@ -133,6 +136,7 @@ print_footer "Script Title"
## Usage Examples
### Running Tests
```bash
# Run all tests
./scripts/test-all.sh
@ -189,6 +193,7 @@ export NODE_ENV=production
```
### .env File Support
Scripts automatically load variables from `.env` files if they exist:
```bash
@ -199,6 +204,7 @@ CUSTOM_VAR=value
```
### Environment Validation
Required environment variables can be validated:
```bash
@ -207,6 +213,7 @@ validate_env_vars "VITE_API_URL" "VITE_DEBUG" || exit 1
```
### Environment Inspection
View current environment variables with the `--env` flag:
```bash

121
scripts/build-android.sh
View File

@ -41,7 +41,7 @@
# 6 - Capacitor sync failed
# 7 - Asset generation failed
# 8 - Android Studio launch failed
# 9 - Resource check failed
# 9 - Android asset validation failed
# Exit on any error
set -e
@ -74,6 +74,117 @@ validate_dependencies() {
log_success "All critical dependencies validated successfully"
}
# Function to validate Android assets and resources
validate_android_assets() {
log_info "Validating Android assets and resources..."
# Check if source assets exist
local missing_assets=()
if [ ! -f "resources/icon.png" ]; then
missing_assets+=("resources/icon.png")
fi
if [ ! -f "resources/splash.png" ]; then
missing_assets+=("resources/splash.png")
fi
if [ ! -f "resources/splash_dark.png" ]; then
missing_assets+=("resources/splash_dark.png")
fi
if [ ${#missing_assets[@]} -gt 0 ]; then
log_error "Missing source assets:"
for asset in "${missing_assets[@]}"; do
log_error " - $asset"
done
log_error "Please ensure all required assets are present in the resources/ directory."
return 1
fi
# Check if Android drawable resources exist
local missing_drawables=()
if [ ! -f "android/app/src/main/res/drawable/splash.png" ]; then
missing_drawables+=("drawable/splash.png")
fi
# Check if mipmap resources exist
local missing_mipmaps=()
local mipmap_dirs=("mipmap-mdpi" "mipmap-hdpi" "mipmap-xhdpi" "mipmap-xxhdpi" "mipmap-xxxhdpi")
for dir in "${mipmap_dirs[@]}"; do
if [ ! -f "android/app/src/main/res/$dir/ic_launcher.png" ]; then
missing_mipmaps+=("$dir/ic_launcher.png")
fi
if [ ! -f "android/app/src/main/res/$dir/ic_launcher_round.png" ]; then
missing_mipmaps+=("$dir/ic_launcher_round.png")
fi
done
# If any resources are missing, regenerate them
if [ ${#missing_drawables[@]} -gt 0 ] || [ ${#missing_mipmaps[@]} -gt 0 ]; then
log_warn "Missing Android resources detected:"
for resource in "${missing_drawables[@]}" "${missing_mipmaps[@]}"; do
log_warn " - $resource"
done
log_info "Regenerating Android assets..."
# Create assets directory if it doesn't exist
mkdir -p assets
# Copy source assets to assets directory for capacitor-assets
cp resources/icon.png assets/ 2>/dev/null || log_warn "Could not copy icon.png"
cp resources/splash.png assets/ 2>/dev/null || log_warn "Could not copy splash.png"
cp resources/splash_dark.png assets/ 2>/dev/null || log_warn "Could not copy splash_dark.png"
# Generate assets
if npx @capacitor/assets generate >/dev/null 2>&1; then
log_success "Android assets regenerated successfully"
# Clean up temporary assets
rm -f assets/icon.png assets/splash.png assets/splash_dark.png
# Verify the resources were created
local verification_failed=false
if [ ! -f "android/app/src/main/res/drawable/splash.png" ]; then
log_error "Failed to generate drawable/splash.png"
verification_failed=true
fi
for dir in "${mipmap_dirs[@]}"; do
if [ ! -f "android/app/src/main/res/$dir/ic_launcher.png" ]; then
log_error "Failed to generate $dir/ic_launcher.png"
verification_failed=true
fi
if [ ! -f "android/app/src/main/res/$dir/ic_launcher_round.png" ]; then
log_error "Failed to generate $dir/ic_launcher_round.png"
verification_failed=true
fi
done
if [ "$verification_failed" = true ]; then
log_error "Asset generation completed but some resources are still missing."
log_info "You may need to manually create the missing resources or check the asset generation process."
return 1
fi
else
log_error "Failed to generate Android assets"
log_info "You may need to manually create the missing resources:"
for resource in "${missing_drawables[@]}" "${missing_mipmaps[@]}"; do
log_info " - android/app/src/main/res/$resource"
done
return 1
fi
else
log_success "All Android assets and resources validated successfully"
fi
return 0
}
# Default values
BUILD_MODE="development"
BUILD_TYPE="debug"
@ -126,7 +237,7 @@ parse_android_args() {
--sync)
SYNC_ONLY=true
;;
--assets)
--assets|--assets-only)
ASSETS_ONLY=true
;;
--deploy)
@ -208,6 +319,12 @@ print_header "TimeSafari Android Build Process"
# Validate dependencies before proceeding
validate_dependencies
# Validate Android assets and resources
validate_android_assets || {
log_error "Android asset validation failed. Please fix the issues above and try again."
exit 9
}
# Log build start
log_info "Starting Android build process at $(date)"
log_info "Build mode: $BUILD_MODE"

355
scripts/build-arch-guard.sh
View File

@ -0,0 +1,355 @@
#!/usr/bin/env bash
#
# Build Architecture Guard Script
#
# Author: Matthew Raymer
# Date: 2025-08-22
# Purpose: Protects build-critical files by requiring BUILDING.md updates
# Enhanced to protect Android build system including asset validation,
# API routing, and resource generation logic
#
# Usage:
# ./scripts/build-arch-guard.sh --staged # Check staged files (pre-commit)
# ./scripts/build-arch-guard.sh --range # Check range (pre-push)
# ./scripts/build-arch-guard.sh # Check working directory
#
set -euo pipefail
# Sensitive paths that require BUILDING.md updates when modified
SENSITIVE=(
"vite.config.*"
"scripts/**"
"electron/**"
"android/**"
"ios/**"
"sw_scripts/**"
"sw_combine.js"
"Dockerfile"
"docker/**"
"capacitor.config.ts"
"capacitor-assets.config.json" # Critical for Android assets
"package.json"
"package-lock.json"
"yarn.lock"
"pnpm-lock.yaml"
"resources/**" # Source assets for Android
)
# Documentation files that must be updated alongside sensitive changes
DOCS_REQUIRED=(
"BUILDING.md"
"doc/README-BUILD-GUARD.md" # Guard documentation
)
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
log_info() {
echo -e "${BLUE}[guard]${NC} $1"
}
log_warn() {
echo -e "${YELLOW}[guard]${NC} $1"
}
log_error() {
echo -e "${RED}[guard]${NC} $1"
}
log_success() {
echo -e "${GREEN}[guard]${NC} $1"
}
# Collect files based on mode
collect_files() {
if [[ "${1:-}" == "--staged" ]]; then
# Pre-commit: check staged files
git diff --name-only --cached
elif [[ "${1:-}" == "--range" ]]; then
# Pre-push: check commits being pushed
RANGE="${2:-HEAD~1..HEAD}"
git diff --name-only "$RANGE"
else
# Default: check working directory changes
git diff --name-only HEAD
fi
}
# Check if a file matches any sensitive pattern
matches_sensitive() {
local f="$1"
for pat in "${SENSITIVE[@]}"; do
# Convert glob pattern to regex
local rx="^${pat//\./\.}$"
rx="${rx//\*\*/.*}"
rx="${rx//\*/[^/]*}"
if [[ "$f" =~ $rx ]]; then
return 0
fi
done
return 1
}
# Check if documentation was updated
check_docs_updated() {
local changed_files=("$@")
for changed_file in "${changed_files[@]}"; do
for required_doc in "${DOCS_REQUIRED[@]}"; do
if [[ "$changed_file" == "$required_doc" ]]; then
return 0
fi
done
done
return 1
}
# Check if Android build system was modified
check_android_build_changes() {
local changed_files=("$@")
for file in "${changed_files[@]}"; do
if [[ "$file" =~ ^android/ ]] || [[ "$file" =~ ^scripts/build-android\.sh$ ]]; then
return 0
fi
done
return 1
}
# Check if asset configuration was modified
check_asset_config_changes() {
local changed_files=("$@")
for file in "${changed_files[@]}"; do
if [[ "$file" =~ ^capacitor-assets\.config\.json$ ]] || [[ "$file" =~ ^resources/ ]]; then
return 0
fi
done
return 1
}
# Enhanced validation for Android changes
validate_android_changes() {
local changed_files=("$@")
if check_android_build_changes "${changed_files[@]}"; then
log_warn "Android build system changes detected!"
echo
echo "Android build system changes require enhanced validation:"
echo " - Test asset generation: npm run build:android --assets"
echo " - Test API routing modes: --dev and --dev --api-ip <custom>"
echo " - Verify resource fallback mechanisms"
echo " - Test across development/test/production modes"
echo
echo "Please ensure BUILDING.md includes Android-specific testing procedures."
echo
fi
if check_asset_config_changes "${changed_files[@]}"; then
log_warn "Asset configuration changes detected!"
echo
echo "Asset configuration changes require validation:"
echo " - Test asset generation across all platforms"
echo " - Verify resource files are properly created"
echo " - Test asset validation scripts"
echo
fi
}
# Feedback collection for continuous improvement
collect_feedback_data() {
local mode="$1"
local sensitive_touched=("${@:2}")
local timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
# Create feedback log entry
local feedback_log=".guard-feedback.log"
echo "[$timestamp] Guard execution: $mode" >> "$feedback_log"
echo " Sensitive files: ${sensitive_touched[*]}" >> "$feedback_log"
# Log Android-specific changes for analysis
if check_android_build_changes "${sensitive_touched[@]}"; then
echo " Android changes detected" >> "$feedback_log"
fi
# Log asset configuration changes for analysis
if check_asset_config_changes "${sensitive_touched[@]}"; then
echo " Asset config changes detected" >> "$feedback_log"
fi
echo "" >> "$feedback_log"
}
# Enhanced error handling with Android-specific guidance
handle_documentation_error() {
local sensitive_touched=("$@")
log_error "Build-sensitive files changed but BUILDING.md was not updated!"
echo
echo "The following build-sensitive files were modified:"
for file in "${sensitive_touched[@]}"; do
echo " - $file"
done
echo
echo "When modifying build-critical files, you must also update BUILDING.md"
echo "to document any changes to the build process."
echo
# Add Android-specific guidance
if check_android_build_changes "${sensitive_touched[@]}"; then
echo "⚠️ ANDROID BUILD SYSTEM CHANGES DETECTED ⚠️"
echo "Android changes require enhanced documentation including:"
echo " - Asset validation procedures"
echo " - API routing configuration"
echo " - Resource generation testing"
echo " - Platform-specific build modes"
echo
fi
if check_asset_config_changes "${sensitive_touched[@]}"; then
echo "🎨 ASSET CONFIGURATION CHANGES DETECTED 🎨"
echo "Asset changes require documentation including:"
echo " - Asset generation procedures"
echo " - Resource validation steps"
echo " - Platform-specific asset requirements"
echo
fi
echo "Please:"
echo " 1. Update BUILDING.md with relevant changes"
echo " 2. Stage the BUILDING.md changes: git add BUILDING.md"
echo " 3. Retry your commit/push"
echo
echo "💡 Feedback: If this guard is too strict or missing patterns,"
echo " please report to the development team for continuous improvement."
echo
echo "📊 Feedback Categories:"
echo " - False positives (files flagged that shouldn't be)"
echo " - False negatives (sensitive files not caught)"
echo " - Missing patterns (new file types to protect)"
echo " - Overly strict (patterns too restrictive)"
echo " - Documentation gaps (missing guidance)"
echo " - Testing improvements (better procedures)"
echo
echo "📝 Report feedback to: Development team with specific examples"
echo
}
# Main guard logic
main() {
local mode="${1:-}"
local arg="${2:-}"
log_info "Running Build Architecture Guard..."
# Collect changed files
changed_files=()
while IFS= read -r line; do
[[ -n "$line" ]] && changed_files+=("$line")
done < <(collect_files "$mode" "$arg")
if [[ ${#changed_files[@]} -eq 0 ]]; then
log_info "No files changed, guard check passed"
exit 0
fi
log_info "Checking ${#changed_files[@]} changed files..."
# Find sensitive files that were touched
sensitive_touched=()
for file in "${changed_files[@]}"; do
if matches_sensitive "$file"; then
sensitive_touched+=("$file")
fi
done
# If no sensitive files were touched, allow the change
if [[ ${#sensitive_touched[@]} -eq 0 ]]; then
log_success "No build-sensitive files changed, guard check passed"
exit 0
fi
# Sensitive files were touched, log them
log_warn "Build-sensitive paths changed:"
for file in "${sensitive_touched[@]}"; do
echo " - $file"
done
# Enhanced validation for Android changes
validate_android_changes "${changed_files[@]}"
# Collect feedback data for continuous improvement
collect_feedback_data "$mode" "${sensitive_touched[@]}"
# Check if required documentation was updated
if check_docs_updated "${changed_files[@]}"; then
log_success "BUILDING.md updated alongside build changes, guard check passed"
exit 0
else
# Enhanced error handling with Android-specific guidance
handle_documentation_error "${sensitive_touched[@]}"
exit 2
fi
}
# Handle help flag
if [[ "${1:-}" =~ ^(-h|--help)$ ]]; then
echo "Build Architecture Guard Script"
echo
echo "Usage:"
echo " $0 [--staged|--range [RANGE]]"
echo
echo "Options:"
echo " --staged Check staged files (for pre-commit hook)"
echo " --range [RANGE] Check git range (for pre-push hook)"
echo " Default range: HEAD~1..HEAD"
echo " (no args) Check working directory changes"
echo " --feedback Show feedback analysis (for maintainers)"
echo
echo "Examples:"
echo " $0 --staged # Pre-commit check"
echo " $0 --range origin/main..HEAD # Pre-push check"
echo " $0 # Working directory check"
echo " $0 --feedback # Analyze guard effectiveness"
exit 0
fi
# Handle feedback analysis
if [[ "${1:-}" == "--feedback" ]]; then
if [[ -f ".guard-feedback.log" ]]; then
echo "Build Architecture Guard Feedback Analysis"
echo "=========================================="
echo
echo "Recent guard executions:"
echo
tail -20 ".guard-feedback.log" | while IFS= read -r line; do
if [[ "$line" =~ ^\[ ]]; then
echo "📅 $line"
elif [[ "$line" =~ ^\s*Sensitive\ files: ]]; then
echo "🔍 $line"
elif [[ "$line" =~ ^\s*Android\ changes ]]; then
echo "🤖 $line"
elif [[ "$line" =~ ^\s*Asset\ config ]]; then
echo "🎨 $line"
elif [[ "$line" =~ ^\s*$ ]]; then
echo ""
else
echo " $line"
fi
done
echo
echo "💡 Use this data to improve guard patterns and documentation"
echo "📊 Total executions: $(grep -c "Guard execution" .guard-feedback.log 2>/dev/null || echo "0")"
else
echo "No feedback data available yet. Run the guard to collect data."
fi
exit 0
fi
main "$@"

19
scripts/fix-markdown.sh
View File

@ -0,0 +1,19 @@
#!/usr/bin/env bash
set -euo pipefail
echo "🔧 Auto-fixing markdown formatting..."
# Check if markdownlint is available
if ! command -v npx &> /dev/null; then
echo "❌ npx not found. Please install Node.js and npm first."
exit 1
fi
# Run markdownlint with auto-fix on project markdown files (exclude node_modules)
echo "📝 Fixing project markdown files..."
npx markdownlint "*.md" "*.mdc" "scripts/**/*.md" "src/**/*.md" "test-playwright/**/*.md" "resources/**/*.md" --config .markdownlint.json --fix 2>/dev/null || {
echo "⚠️ Some issues could not be auto-fixed. Check manually."
}
echo "✅ Markdown auto-fix complete!"
echo "💡 Run 'npm run markdown:check' to verify all issues are resolved."

21
scripts/git-hooks/README.md
View File

@ -5,15 +5,18 @@ This directory contains custom Git hooks for the TimeSafari project.
## Debug Code Checker Hook
### Overview
The `pre-commit` hook automatically checks for debug code when committing to protected branches (master, main, production, release). This prevents debug statements from accidentally reaching production code.
### How It Works
1. **Branch Detection**: Only runs on protected branches (configurable)
2. **File Filtering**: Automatically skips test files, scripts, and documentation
3. **Pattern Matching**: Detects common debug patterns using regex
4. **Commit Prevention**: Blocks commits containing debug code
### Protected Branches (Default)
- `master`
- `main`
- `production`
@ -21,6 +24,7 @@ The `pre-commit` hook automatically checks for debug code when committing to pro
- `stable`
### Debug Patterns Detected
- **Console statements**: `console.log`, `console.debug`, `console.error`
- **Template debug**: `Debug:`, `debug:` in Vue templates
- **Debug constants**: `DEBUG_`, `debug_` variables
@ -30,6 +34,7 @@ The `pre-commit` hook automatically checks for debug code when committing to pro
- **Debug TODOs**: `TODO debug`, `FIXME debug`
### Files Automatically Skipped
- Test files: `*.test.js`, `*.spec.ts`, `*.test.vue`
- Scripts: `scripts/` directory
- Test directories: `test-*` directories
@ -38,49 +43,61 @@ The `pre-commit` hook automatically checks for debug code when committing to pro
- IDE files: `.cursor/` directory
### Configuration
Edit `.git/hooks/debug-checker.config` to customize:
- Protected branches
- Debug patterns
- Skip patterns
- Logging level
### Testing the Hook
Run the test script to verify the hook works:
```bash
./scripts/test-debug-hook.sh
```
### Manual Testing
1. Make changes to a file with debug code
2. Stage the file: `git add <filename>`
3. Try to commit: `git commit -m 'test'`
4. Hook should prevent commit if debug code is found
### Bypassing the Hook (Emergency)
If you absolutely need to commit debug code to a protected branch:
```bash
git commit --no-verify -m "emergency: debug code needed"
```
⚠️ **Warning**: This bypasses all pre-commit hooks. Use sparingly and only in emergencies.
### Troubleshooting
#### Hook not running
- Ensure the hook is executable: `chmod +x .git/hooks/pre-commit`
- Check if you're on a protected branch
- Verify the hook file exists and has correct permissions
#### False positives
- Add legitimate debug patterns to skip patterns in config
- Use proper logging levels (`logger.info`, `logger.debug`) instead of console
- Move debug code to feature branches first
#### Hook too strict
- Modify debug patterns in config file
- Add more file types to skip patterns
- Adjust protected branch list
### Best Practices
1. **Use feature branches** for development with debug code
2. **Use proper logging** instead of console statements
3. **Test thoroughly** before merging to protected branches
@ -88,14 +105,18 @@ git commit --no-verify -m "emergency: debug code needed"
5. **Keep config updated** as project needs change
### Integration with CI/CD
This hook works locally. For CI/CD pipelines, consider:
- Running the same checks in your build process
- Adding ESLint rules for console statements
- Using TypeScript strict mode
- Adding debug code detection to PR checks
### Support
If you encounter issues:
1. Check the hook output for specific error messages
2. Verify your branch is in the protected list
3. Review the configuration file

214
scripts/setup-markdown-hooks.sh
View File

@ -0,0 +1,214 @@
#!/bin/bash
# Setup Markdown Pre-commit Hooks
# This script installs pre-commit hooks that automatically fix markdown formatting
set -e
echo "🔧 Setting up Markdown Pre-commit Hooks..."
# Check if pre-commit is installed
if ! command -v pre-commit &> /dev/null; then
echo "📦 Installing pre-commit..."
pip install pre-commit
else
echo "✅ pre-commit already installed"
fi
# Create .pre-commit-config.yaml if it doesn't exist
if [ ! -f .pre-commit-config.yaml ]; then
echo "📝 Creating .pre-commit-config.yaml..."
cat > .pre-commit-config.yaml << 'EOF'
repos:
- repo: https://github.com/igorshubovych/markdownlint-cli
rev: v0.38.0
hooks:
- id: markdownlint
args: [--fix, --config, .markdownlint.json]
files: \.(md|mdc)$
description: "Auto-fix markdown formatting issues"
stages: [commit]
additional_dependencies: [markdownlint-cli]
- repo: local
hooks:
- id: markdown-format-check
name: Markdown Format Validation
entry: bash -c 'echo "Checking markdown files..." && npx markdownlint --config .markdownlint.json "$@"'
language: system
files: \.(md|mdc)$
stages: [commit]
description: "Validate markdown formatting"
pass_filenames: true
- repo: local
hooks:
- id: markdown-line-length
name: Markdown Line Length Check
entry: bash -c '
for file in "$@"; do
if [[ "$file" =~ \.(md|mdc)$ ]]; then
echo "Checking line length in $file..."
if grep -q ".\{81,\}" "$file"; then
echo "❌ Line length violations found in $file"
echo "Lines exceeding 80 characters:"
grep -n ".\{81,\}" "$file" | head -5
exit 1
fi
fi
done
'
language: system
files: \.(md|mdc)$
stages: [commit]
description: "Check markdown line length (80 chars max)"
pass_filenames: true
- repo: local
hooks:
- id: markdown-blank-lines
name: Markdown Blank Line Validation
entry: bash -c '
for file in "$@"; do
if [[ "$file" =~ \.(md|mdc)$ ]]; then
echo "Checking blank lines in $file..."
# Check for multiple consecutive blank lines
if grep -q "^$" "$file" && grep -A1 "^$" "$file" | grep -q "^$"; then
echo "❌ Multiple consecutive blank lines found in $file"
exit 1
fi
# Check for missing blank lines around headings
if grep -B1 "^##" "$file" | grep -v "^##" | grep -v "^$" | grep -v "^--"; then
echo "❌ Missing blank line before heading in $file"
exit 1
fi
fi
done
'
language: system
files: \.(md|mdc)$
stages: [commit]
description: "Validate markdown blank line formatting"
pass_filenames: true
EOF
echo "✅ Created .pre-commit-config.yaml"
else
echo "✅ .pre-commit-config.yaml already exists"
fi
# Install the pre-commit hooks
echo "🔗 Installing pre-commit hooks..."
pre-commit install
# Install markdownlint if not present
if ! command -v npx &> /dev/null; then
echo "📦 Installing Node.js dependencies..."
npm install --save-dev markdownlint-cli
else
if ! npx markdownlint --version &> /dev/null; then
echo "📦 Installing markdownlint-cli..."
npm install --save-dev markdownlint-cli
else
echo "✅ markdownlint-cli already available"
fi
fi
# Create a markdown auto-fix script
echo "📝 Creating markdown auto-fix script..."
cat > scripts/fix-markdown.sh << 'EOF'
#!/bin/bash
# Auto-fix markdown formatting issues
# Usage: ./scripts/fix-markdown.sh [file_or_directory]
set -e
FIX_MARKDOWN() {
local target="$1"
if [ -f "$target" ]; then
# Fix single file
if [[ "$target" =~ \.(md|mdc)$ ]]; then
echo "🔧 Fixing markdown formatting in $target..."
npx markdownlint --fix "$target" || true
fi
elif [ -d "$target" ]; then
# Fix all markdown files in directory
echo "🔧 Fixing markdown formatting in $target..."
find "$target" -name "*.md" -o -name "*.mdc" | while read -r file; do
echo " Processing $file..."
npx markdownlint --fix "$file" || true
done
else
echo "❌ Target $target not found"
exit 1
fi
}
# Default to current directory if no target specified
TARGET="${1:-.}"
FIX_MARKDOWN "$TARGET"
echo "✅ Markdown formatting fixes applied!"
echo "💡 Run 'git diff' to see what was changed"
EOF
chmod +x scripts/fix-markdown.sh
# Create a markdown validation script
echo "📝 Creating markdown validation script..."
cat > scripts/validate-markdown.sh << 'EOF'
#!/bin/bash
# Validate markdown formatting without auto-fixing
# Usage: ./scripts/validate-markdown.sh [file_or_directory]
set -e
VALIDATE_MARKDOWN() {
local target="$1"
if [ -f "$target" ]; then
# Validate single file
if [[ "$target" =~ \.(md|mdc)$ ]]; then
echo "🔍 Validating markdown formatting in $target..."
npx markdownlint "$target"
fi
elif [ -d "$target" ]; then
# Validate all markdown files in directory
echo "🔍 Validating markdown formatting in $target..."
find "$target" -name "*.md" -o -name "*.mdc" | while read -r file; do
echo " Checking $file..."
npx markdownlint "$file" || true
done
else
echo "❌ Target $target not found"
exit 1
fi
}
# Default to current directory if no target specified
TARGET="${1:-.}"
VALIDATE_MARKDOWN "$TARGET"
echo "✅ Markdown validation complete!"
EOF
chmod +x scripts/validate-markdown.sh
echo ""
echo "🎉 Markdown Pre-commit Hooks Setup Complete!"
echo ""
echo "📋 What was installed:"
echo " ✅ pre-commit hooks for automatic markdown formatting"
echo " ✅ .pre-commit-config.yaml with markdown rules"
echo " ✅ scripts/fix-markdown.sh for manual fixes"
echo " ✅ scripts/validate-markdown.sh for validation"
echo ""
echo "🚀 Usage:"
echo " • Hooks run automatically on commit"
echo " • Manual fix: ./scripts/fix-markdown.sh [file/dir]"
echo " • Manual check: ./scripts/validate-markdown.sh [file/dir]"
echo " • Test hooks: pre-commit run --all-files"
echo ""
echo "💡 The hooks will now automatically fix markdown issues before commits!"

19
scripts/validate-markdown.sh
View File

@ -0,0 +1,19 @@
#!/usr/bin/env bash
set -euo pipefail
echo "🔍 Validating markdown formatting..."
# Check if markdownlint is available
if ! command -v npx &> /dev/null; then
echo "❌ npx not found. Please install Node.js and npm first."
exit 1
fi
# Run markdownlint on project markdown files (exclude node_modules)
echo "📝 Checking project markdown files..."
npx markdownlint "*.md" "*.mdc" "scripts/**/*.md" "src/**/*.md" "test-playwright/**/*.md" "resources/**/*.md" --config .markdownlint.json 2>/dev/null || {
echo "❌ Markdown validation failed. Run 'npm run markdown:fix' to auto-fix issues."
exit 1
}
echo "✅ All markdown files pass validation!"

8
test-playwright/README.md
View File

@ -29,6 +29,7 @@ Tests are organized by feature area and numbered for execution order:
## Prerequisites
1. Endorser server running locally (see TESTING.md for setup)
```bash
git clone https://github.com/time-endorser/endorser-ch.git
cd endorser-ch
@ -37,10 +38,13 @@ Tests are organized by feature area and numbered for execution order:
cp .env.local .env
NODE_ENV=test-local npm run dev
```
2. Playwright browsers installed:
```bash
npx playwright install
```
3. For mobile testing:
- XCode (for iOS)
- Android Studio or connected Android device
@ -67,16 +71,19 @@ npx playwright test -c playwright.config-local.ts --trace on test-playwright/40-
### Test Environment Options
1. Local Endorser Server (default):
```bash
NODE_ENV=test-local npm run dev
```
2. Global Test Server:
```bash
VITE_DEFAULT_ENDORSER_API_SERVER=https://test-ledger.time.com npm run dev
```
3. Minimal Test Data:
```bash
rm ../endorser-ch-test-local.sqlite3
NODE_ENV=test-local npm run flyway migrate
@ -114,6 +121,7 @@ For more detailed troubleshooting, see TESTING.md.
## Contributing
When adding new tests:
1. Follow the existing naming convention
2. Use testUtils.ts for common operations
3. Add appropriate comments and documentation

4
test-playwright/TESTING.md
View File

@ -5,6 +5,7 @@ Start with [README.md](./README.md). This file has more details.
## Test User Setup
### Register New User on Test Server
On the test server, User #0 has rights to register others. Import User #0 with this seed phrase:
```bash
@ -18,6 +19,7 @@ This corresponds to: `did:ethr:0x0000694B58C2cC69658993A90D3840C560f2F51F`
## Manual Testing Steps
### Identity Management
1. Create multiple identifiers:
- Go to "Your Identity" screen
- Click "Advanced"
@ -96,10 +98,10 @@ npx playwright test -c playwright.config-local.ts test-playwright/60-new-activit
```
This command allows you to:
- **Run a specific test file**: `test-playwright/60-new-activity.spec.ts`
- **Filter to a specific test**: `--grep "New offers for another user"` runs only tests with that name
- **See the browser**: `--headed` opens the browser window so you can watch the test execute
- **Use local config**: `-c playwright.config-local.ts` uses the local configuration file
This is useful when you want to observe the testing process visually rather than running tests in headless mode. It's particularly helpful for debugging test failures or understanding how the application behaves during automated testing.

Write Preview
Loading…
Cancel
Save