Phase 1 of the maintenance-reminders feature.
- notification_kind: + maintenance_due_soon, maintenance_overdue.
These are distinct from maintenance_event_recorded (service
performed) so the bell list can group/filter reminder vs service
cleanly.
- New maintenance_reminder_kind enum: due_soon | overdue.
- New maintenance_reminders_sent table with UNIQUE(schedule_id,
kind, due_at). The cron uses INSERT … ON CONFLICT DO NOTHING on
this composite to make the fire-once-per-window guarantee atomic
even under concurrent runs. Once the schedule's next_due_at
advances after a service event, the tuple is fresh and a new
reminder fires.
No service code yet — Phase 2 wires the readers and orchestrator.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The original table marked Phase 1 as "next" but Phases 1-5a have
all shipped. Replaces the single table with three sections:
Shipped (now includes RBAC, rooms/floors/accounts/expenses, the
sub-property hierarchy, and the fnm/pnpm tooling switch — none of
which were on the original roadmap), 5b-pending (reports,
cross-app APIs to budget/repair), and a Phase 6 quality-of-life
backlog covering maintenance-reminder cron, OIDC handlers,
self-service password reset, permission inheritance, bulk CSV
property import, audit log viewer, and project↔property linking.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Re-extracted 42 changed code files via AST and 3 changed docs
(README, DEPLOYMENT, drizzle/README) via one semantic subagent.
Merged into the existing graph: 453→555 nodes, 486→633 edges,
137 communities.
Top god nodes now reflect the new shape: load() at the center of
every page-server route, buildfor_life_ops as the doc-side anchor,
and Drizzle ORM + Zod as the bridge between expenses and the rest
of the service layer.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Phase 5 polish. Soft cap — properties still save, but a console.warn
fires so journalctl picks up a clear signal when a tree grows
pathologically deep. Triggered on create + on parent reassignment
via updateProperty. Justification for the warning: getDescendantIds
runs an unbounded recursive CTE, and deep hierarchies are also
painful to navigate in the existing list view.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The flat list ordered by updatedAt scattered apartments away from
their building. Server-side flatten now does a depth-first walk —
parents render immediately above their children, alphabetical at
each level — and tags each row with its depth. The UI indents the
name column by 1.5rem per level and prefixes children with "└" for
a visible parent/child line.
Orphan rows (parent_id pointing outside the live company set) fall
back to root depth so nothing is silently dropped, even though the
restrict-on-delete FK should prevent that case.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Phase 4 — wires the descendant readers from Phase 2 into the UI.
- Expenses tab: ?descendants=1 query param toggles between
"this property" and "include sub-properties". Affects the chart
series, the 12-month summary, the recent-expense list, and the
totals-by-kind chips.
- Assets tab: same toggle, expanded list across the property tree.
- New Maintenance tab on every property: schedules + recent events
for assets at this property (or descendants), with overdue/active
status badges. Scheduling itself stays at the asset level.
- New Todos tab: lists checklist instances scoped to this property
(now possible thanks to the 'property' value added to
checklist_scope in Phase 2). Open vs completed split.
Toggle only renders when childCount > 0 so leaf properties don't see
chrome they can't use. URL bookmarks without ?descendants stay on
the strict per-property view, preserving existing behavior.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Phase 3 of the sub-property hierarchy feature.
- New/edit forms grow a "Parent property" select. Edit-side options
exclude the current property and its descendants so the picker
itself can't create a cycle; service-layer assertNoCycle is the
belt-and-braces guard if a malicious form bypasses the dropdown.
- New form accepts ?parent=<id> as a preselect so "Add sub-property"
links from the parent's tab land in a pre-wired form.
- Property detail layout: breadcrumb (Parent › Child) when parent
is set, plus a new "Sub-properties (N)" tab.
- Dedicated Sub-properties tab lists direct children with a
+ New sub-property button.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Phase 2. Each service grows a `*ForProperties` (plural) variant that
takes a resolved property id array; the existing single-property
functions now delegate to them with `[propertyId]`. The route layer
will compute the descendant set via getDescendantIds when the user
toggles "include sub-properties" — this commit only adds the readers
behind the scenes.
Also extends the checklist_scope enum with 'property' so checklists
can attach directly to a property and the rollup query has a
well-typed scope to filter on.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Phase 1 of the parent/child rollup feature. Self-FK on properties
with ON DELETE RESTRICT, plus a CHECK that blocks self-reference at
the DB level. Service-layer helpers (getDescendantIds,
getAncestorIds, assertNoCycle) walk the tree via recursive CTEs and
guard against cycles and cross-company parents. softDeleteProperty
now refuses to delete a property with live children.
No UI yet — readers and roll-up routes land in Phase 2.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
`pnpm install --prod` skips devDependencies, so husky is not on
PATH when the prepare lifecycle script runs on the deploy host. Append
`|| true` so the script succeeds in both dev (hooks installed) and
prod (no-op).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
src/lib/server/env.ts validates DATABASE_URL, SESSION_SECRET,
STORAGE_SIGNING_SECRET, and PUBLIC_BASE_URL with Zod and throws
when missing. SvelteKit's analyse step imports it during build, so
CI needs values that satisfy the schema shape — they never connect
to anything.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Mirrors the buildfor_life_budget workflow pair: Gitea runs both
deploy and validate, GitHub mirrors validate only. Differences from
the sibling: pnpm + fnm instead of npm, Node pinned via .node-version,
and the repo is cloned over public HTTPS so no separate deploy key
is needed for git.b4l.co.th. Document required Gitea secrets in
DEPLOYMENT.md.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Pin Node 24 via .node-version/.nvmrc and pnpm 9.15.0 via
package.json#packageManager. Regenerate lockfile as pnpm-lock.yaml.
Rewrite README setup + scripts table around pnpm, and add a
production deployment guide covering systemd, nginx, upgrades,
rollback, and backups.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- service monthlySeriesForProperty now accepts months: number | 'all';
'all' derives the span from min(incurred_at) for the matching kinds,
capped at 120 months so the SQL stays bounded
- page load reads ?range= query param (default 12; invalid values fall
back silently)
- chart header has a segmented control linking to ?range=6|12|24|all
with active state highlighting; title updates to match
- lib/server/csv-parse.ts: RFC 4180 parser (quoted fields, embedded commas
and quotes, CRLF/LF, BOM), no extra dep
- services/expenses.ts: importExpenses() is transactional + all-or-nothing —
if any row fails Zod-style validation, nothing is inserted
- /properties/[id]/expenses/import: upload page with per-line error list,
sample CSV download at /template.csv, 5 MB cap
- 'Import CSV' button wired on the expenses tab
Without min/max, native <input type="date"> lets you type arbitrarily-many
year digits (YYYYYY-MM-DD). Add min="2000-01-01" max="2099-12-31" to every
date input (and bounded range on the single datetime-local) across expenses,
projects, tasks, assets, decisions, and maintenance.
- expense_kind enum (utilities + maintenance/repair/cleaning/insurance/tax/rent/other)
- property_expenses table with optional link to a property_accounts row
(preserves history via ON DELETE SET NULL)
- services/expenses.ts: CRUD + 12-month monthly series aggregation +
year-to-date summary by kind
- /properties/[id]/expenses tab: inline SVG line chart for electricity +
water last 12 months (no chart library), summary card, add/edit/delete
inline with account linking when kind matches
If a previous run stored the company name with literal quotes
('B4L'), the current run's name-based select missed the row and
the insert collided on the unique slug. Looking up by slug is the
natural idempotency key here: slug is derived deterministically
from name, so a new run and the corrupted row produce the same
slug and therefore resolve to the same company row. If the stored
name differs from the new one, heal it with an UPDATE and log the
rename.
Also tightens the membership lookup to (user_id, company_id)
instead of first-match on user_id so re-running on a user with
multiple companies does the right thing.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
When npm run create-user is invoked from Windows Git Bash with
single-quoted values (--password 'foo' --name 'Berwn'), the quotes
survive into process.argv and end up stored in the DB. Login fails
silently because the stored hash is for 'foo' but the user types foo.
create-user and diag-user now strip a single set of matching surrounding
quotes from every --flag value. Real values that need literal leading
and trailing quotes can be escaped.
diag-user prints the full user row (email, normalized email, hash
prefix, isActive, memberships, session count) and optionally verifies a
password. Useful whenever a login mystery shows up.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Without dotenv/config the SvelteKit dev server SSR sees only the
ambient shell env, so the Zod validator rejected all four required
variables with Required. drizzle.config.ts already does this; match.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Stack matches sibling buildfor_life_* apps: SvelteKit 5 with adapter-node,
Svelte 5 runes, TypeScript, Tailwind v4 with @theme inline tokens,
PostgreSQL via Drizzle ORM, Argon2id sessions via @node-rs/argon2 and
@oslojs/crypto, EasyMDE ready for wiki/decision markdown, Sharp for
thumbnails.
Included in this commit:
- Config: package.json, svelte.config.js, vite.config.ts, tsconfig.json,
drizzle.config.ts, .gitignore, .env.example, .gitattributes, .npmrc
- Tenancy schema: companies, users, company_users, sessions
(10 enums pre-declared for the full domain so downstream migrations
don't re-diff them; decision_scope widened to include asset +
work_package per product decision)
- Auth: password hashing + SHA-256-hashed session cookies,
session lifetime 30d with sliding renewal at T-15d,
login + logout + session refresh in hooks
- Storage: StorageAdapter interface + LocalDiskStorage with HMAC-signed
URLs served by /api/files, S3 drop-in with zero schema change
- UI shell: dark-mode bootstrap in app.html identical to siblings,
sidebar (w-64, h-14 header, amber attention band pattern from repair),
topbar with breadcrumbs, theme toggle with cross-tab sync via
storage event, blue-600 primary, responsive drawer
- Routes: (app) authed group with auto-redirect to /login,
(auth) login group, dashboard placeholder, error page, signed-file API
- Scripts: create-user script for bootstrapping first admin user
- Drizzle: initial migration generated (0000_init.sql)
- Shared agents and skills committed under .claude/; per-user
permissions gitignored
Typecheck: 0 errors / 0 warnings across 555 files.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
grabowski