Pin Node 24 via .node-version/.nvmrc and pnpm 9.15.0 via
package.json#packageManager. Regenerate lockfile as pnpm-lock.yaml.
Rewrite README setup + scripts table around pnpm, and add a
production deployment guide covering systemd, nginx, upgrades,
rollback, and backups.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- service monthlySeriesForProperty now accepts months: number | 'all';
'all' derives the span from min(incurred_at) for the matching kinds,
capped at 120 months so the SQL stays bounded
- page load reads ?range= query param (default 12; invalid values fall
back silently)
- chart header has a segmented control linking to ?range=6|12|24|all
with active state highlighting; title updates to match
- lib/server/csv-parse.ts: RFC 4180 parser (quoted fields, embedded commas
and quotes, CRLF/LF, BOM), no extra dep
- services/expenses.ts: importExpenses() is transactional + all-or-nothing —
if any row fails Zod-style validation, nothing is inserted
- /properties/[id]/expenses/import: upload page with per-line error list,
sample CSV download at /template.csv, 5 MB cap
- 'Import CSV' button wired on the expenses tab
Without min/max, native <input type="date"> lets you type arbitrarily-many
year digits (YYYYYY-MM-DD). Add min="2000-01-01" max="2099-12-31" to every
date input (and bounded range on the single datetime-local) across expenses,
projects, tasks, assets, decisions, and maintenance.
- expense_kind enum (utilities + maintenance/repair/cleaning/insurance/tax/rent/other)
- property_expenses table with optional link to a property_accounts row
(preserves history via ON DELETE SET NULL)
- services/expenses.ts: CRUD + 12-month monthly series aggregation +
year-to-date summary by kind
- /properties/[id]/expenses tab: inline SVG line chart for electricity +
water last 12 months (no chart library), summary card, add/edit/delete
inline with account linking when kind matches
If a previous run stored the company name with literal quotes
('B4L'), the current run's name-based select missed the row and
the insert collided on the unique slug. Looking up by slug is the
natural idempotency key here: slug is derived deterministically
from name, so a new run and the corrupted row produce the same
slug and therefore resolve to the same company row. If the stored
name differs from the new one, heal it with an UPDATE and log the
rename.
Also tightens the membership lookup to (user_id, company_id)
instead of first-match on user_id so re-running on a user with
multiple companies does the right thing.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
When npm run create-user is invoked from Windows Git Bash with
single-quoted values (--password 'foo' --name 'Berwn'), the quotes
survive into process.argv and end up stored in the DB. Login fails
silently because the stored hash is for 'foo' but the user types foo.
create-user and diag-user now strip a single set of matching surrounding
quotes from every --flag value. Real values that need literal leading
and trailing quotes can be escaped.
diag-user prints the full user row (email, normalized email, hash
prefix, isActive, memberships, session count) and optionally verifies a
password. Useful whenever a login mystery shows up.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Without dotenv/config the SvelteKit dev server SSR sees only the
ambient shell env, so the Zod validator rejected all four required
variables with Required. drizzle.config.ts already does this; match.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Stack matches sibling buildfor_life_* apps: SvelteKit 5 with adapter-node,
Svelte 5 runes, TypeScript, Tailwind v4 with @theme inline tokens,
PostgreSQL via Drizzle ORM, Argon2id sessions via @node-rs/argon2 and
@oslojs/crypto, EasyMDE ready for wiki/decision markdown, Sharp for
thumbnails.
Included in this commit:
- Config: package.json, svelte.config.js, vite.config.ts, tsconfig.json,
drizzle.config.ts, .gitignore, .env.example, .gitattributes, .npmrc
- Tenancy schema: companies, users, company_users, sessions
(10 enums pre-declared for the full domain so downstream migrations
don't re-diff them; decision_scope widened to include asset +
work_package per product decision)
- Auth: password hashing + SHA-256-hashed session cookies,
session lifetime 30d with sliding renewal at T-15d,
login + logout + session refresh in hooks
- Storage: StorageAdapter interface + LocalDiskStorage with HMAC-signed
URLs served by /api/files, S3 drop-in with zero schema change
- UI shell: dark-mode bootstrap in app.html identical to siblings,
sidebar (w-64, h-14 header, amber attention band pattern from repair),
topbar with breadcrumbs, theme toggle with cross-tab sync via
storage event, blue-600 primary, responsive drawer
- Routes: (app) authed group with auto-redirect to /login,
(auth) login group, dashboard placeholder, error page, signed-file API
- Scripts: create-user script for bootstrapping first admin user
- Drizzle: initial migration generated (0000_init.sql)
- Shared agents and skills committed under .claude/; per-user
permissions gitignored
Typecheck: 0 errors / 0 warnings across 555 files.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
grabowski