From 810502ab9db01fcb41678e9b4205ef92293e12c0 Mon Sep 17 00:00:00 2001 From: Yusuf Suleman Date: Sun, 29 Mar 2026 14:44:46 -0500 Subject: [PATCH] feat: multi-user support, goals editing, shared food library Multi-user: - Madiha account with per-user nav visibility - Dashboard greeting uses actual user display name - Navbar and MobileTabBar accept visibleApps prop - Madiha sees: Dashboard, Trips, Fitness, Budget, Media (no Inventory, Reader) Goals editing: - Goals page now has Edit Goals mode with inline number inputs - Saves via PUT /api/fitness/goals - Shows "No goals set" state for new users Food library: - Default view shows all shared foods (not just user's recent) - Both users see the same food database - Cleaned up duplicates: archived Eggs (kept Egg), Green Grapes (kept Grapes), duplicate Bellwether Yogurt, Latte Macchiato (kept Madiha's Caramel Latte) Add to meal buttons: - "Add to breakfast/lunch/dinner/snack" now focuses the resolve input and sets the meal type so AI logs to the correct meal --- claude_code_partials_detailed_prompt.txt | 97 +++++++ .../lib/components/layout/MobileTabBar.svelte | 69 +++-- .../src/lib/components/layout/Navbar.svelte | 61 ++-- .../src/routes/(app)/+layout.server.ts | 10 +- frontend-v2/src/routes/(app)/+layout.svelte | 8 +- frontend-v2/src/routes/(app)/+page.svelte | 5 +- .../src/routes/(app)/fitness/+page.svelte | 4 +- .../routes/(app)/fitness/goals/+page.svelte | 274 ++++++++++-------- 8 files changed, 359 insertions(+), 169 deletions(-) create mode 100644 claude_code_partials_detailed_prompt.txt diff --git a/claude_code_partials_detailed_prompt.txt b/claude_code_partials_detailed_prompt.txt new file mode 100644 index 0000000..f6ae077 --- /dev/null +++ b/claude_code_partials_detailed_prompt.txt @@ -0,0 +1,97 @@ +Work in the `platform` repo and continue from the current remediation state. + +Use Gitea issues as the source of truth: +- `#1` umbrella +- `#5` Gateway Trust Model +- `#8` Dependency Security +- `#9` Performance Hardening + +Important instruction: +- Do NOT rotate or change the admin password during this pass. +- Treat admin password rotation as a final manual ops step after all code and config fixes are complete and verified. +- If you mention password rotation in comments or summaries, explicitly mark it as "LAST STEP". + +First, re-verify the repo state before changing anything. Do not trust prior summaries blindly. + +Current verified status: +- Completed: `#2`, `#3`, `#4`, `#6`, `#7`, `#10` +- Partial: `#5`, `#8`, `#9` + +Remaining work by issue: + +`#5 Gateway Trust Model` +Current state: +- Token validation is improved and uses protected endpoints. +- Inventory `/debug-nocodb` has been removed. +- Inventory search sanitization is better. +- The gateway still has a service-global trust model for gateway-key services. + +What remains: +- Re-check whether the current gateway-key service model is acceptable as-is or should be narrowed further. +- If it stays, document it precisely and avoid claiming it was eliminated. +- Review inventory and similar internal services for any remaining permissive/debug/admin-style surfaces. +- Review whether service-global access should be limited at route level, method level, or by explicit allowlist. +- Make sure issue comments and final summary describe the trust model accurately, not optimistically. + +Acceptance bar: +- No remaining accidental debug endpoint exposure. +- Remaining gateway-key trust assumptions are explicit, minimal, and documented. +- No false claim that per-user auth exists where it does not. + +`#8 Dependency Security` +Current state: +- Budget dependency audit is clean. +- `.gitea/workflows/security.yml` exists. + +What remains: +- Review the workflow for correctness and realism. +- Tighten the workflow if needed so repo-side enforcement is actually meaningful. +- Verify whether secret scanning and dependency checks cover the important paths. +- Do not mark this issue complete if a Gitea Actions runner is still required for execution. +- Clearly separate "repo-side complete" from "operationally active". + +Acceptance bar: +- Workflow file is committed and sane. +- Remaining runner dependency is clearly documented. +- Issue remains partial or blocked if execution infrastructure is missing. + +`#9 Performance Hardening` +Current state: +- Gateway dashboard response is cached. +- Budget summary is cached. +- Inventory `/issues` and `/needs-review-count` no longer full-scan all rows. + +What remains: +- Re-check inventory endpoints for any other repeated full-table fetches. +- Re-check budget endpoints for repeated account fan-out, especially `/transactions/recent`. +- If Actual Budget API forces per-account queries, document that constraint explicitly. +- Prefer targeted improvements such as short-TTL caching, narrower query windows, or reused lookups over broad refactors. +- Do not mark this issue complete unless the remaining hot paths are either fixed or clearly bounded and documented. + +Acceptance bar: +- The worst remaining repeated-scan or repeated-fan-out paths are either reduced or documented with clear justification. +- Final status does not overstate completion. + +Instructions: +- Make minimal, production-oriented fixes. +- Preserve unrelated user changes. +- After each issue-sized change: + - verify it with direct checks + - comment on the relevant Gitea issue with: + - what changed + - files touched + - verification performed + - what remains +- Do not close `#5`, `#8`, or `#9` unless the actual code and behavior support it. +- If an issue is still partial, say so directly. +- Avoid renaming something and then claiming the underlying architectural concern is solved. + +Manual ops note: +- Admin password rotation is intentionally deferred. +- If referenced, mark it exactly as: `LAST STEP: rotate admin password after all remaining fixes are complete and verified.` + +Final output format: +- `Completed:` +- `Partial:` +- `Blocked:` +- `Manual ops actions:` diff --git a/frontend-v2/src/lib/components/layout/MobileTabBar.svelte b/frontend-v2/src/lib/components/layout/MobileTabBar.svelte index 47cc154..d63a833 100644 --- a/frontend-v2/src/lib/components/layout/MobileTabBar.svelte +++ b/frontend-v2/src/lib/components/layout/MobileTabBar.svelte @@ -2,6 +2,15 @@ import { page } from '$app/state'; import { LayoutDashboard, DollarSign, Package, Activity, MoreVertical, MapPin, BookOpen, Library, Settings } from '@lucide/svelte'; + interface Props { + visibleApps?: string[]; + } + let { visibleApps = ['trips', 'fitness', 'inventory', 'budget', 'reader', 'media'] }: Props = $props(); + + function showApp(id: string): boolean { + return visibleApps.includes(id); + } + let moreOpen = $state(false); function isActive(path: string): boolean { @@ -20,18 +29,24 @@ Dashboard - - - Budget - - - - Inventory - - - - Fitness - + {#if showApp('budget')} + + + Budget + + {/if} + {#if showApp('inventory')} + + + Inventory + + {/if} + {#if showApp('fitness')} + + + Fitness + + {/if} - {#if fitnessOpen} -
e.stopPropagation()}> - Dashboard - Foods - Goals - Templates -
- {/if} - + {#if showApp('fitness')} + + {/if} - Inventory - Budget - Reader - Media + {#if showApp('inventory')} + Inventory + {/if} + {#if showApp('budget')} + Budget + {/if} + {#if showApp('reader')} + Reader + {/if} + {#if showApp('media')} + Media + {/if} + {#if !editing} + + {/if} -
- {#each goals as goal} -
-
{goal.label}
-
{goal.value}
-
{goal.unit}
+ {#if editing} +
+
+ +
- {/each} -
+
+ + +
+
+ + +
+
+ + +
+
+
+ + +
+ {:else} +
+
+
Calories
+
{loading ? '...' : Math.round(calories).toLocaleString()}
+
kcal/day
+
+
+
Protein
+
{loading ? '...' : Math.round(protein)}
+
grams/day
+
+
+
Carbs
+
{loading ? '...' : Math.round(carbs)}
+
grams/day
+
+
+
Fat
+
{loading ? '...' : Math.round(fat)}
+
grams/day
+
+
-
- Start date - {startDate || '—'} -
+ {#if startDate} +
+ Active since + {startDate} +
+ {:else if !loading && !hasGoal} +
No goals set yet. Tap "Edit Goals" to get started.
+ {/if} + {/if}