The sort=-created parameter was causing PocketBase to return a 400 error
when querying dailyLogs. This is likely a compatibility issue with how
PocketBase handles the auto-generated 'created' field in certain query
combinations. Changing to sort by -date resolves the issue and makes
more semantic sense for dailyLogs which have one record per day.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The ~ contains operator doesn't work with PocketBase date fields.
Use >= and < operators with YYYY-MM-DD format instead, matching
the working /api/history pattern.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
PocketBase filters don't accept ISO format with T separator (causes 400).
Changed both garmin-sync storage and today route query to use simple
YYYY-MM-DD format, matching the working /api/history pattern.
TDD approach: wrote failing tests first, then implemented the fix.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Change /api/today query from string contains (~) to date range (>=, <)
- Store dates in full ISO format in garmin-sync for consistent comparison
- PocketBase date fields need proper date operators, not string contains
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
When multiple dailyLog records exist for the same date (from multiple
syncs), getFirstListItem was returning the oldest one with stale data.
Now sorts by -created to return the most recent record.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Body Battery:
- Change endpoint from /usersummary-service/stats/bodyBattery/dates/
to /wellness-service/wellness/bodyBattery/reports/daily
- Parse new response format: array with bodyBatteryValuesArray time series
- Current value = last entry's level (index 2)
- YesterdayLow = min level from yesterday's data
Intensity Minutes:
- Change endpoint from /fitnessstats-service/activity
to /usersummary-service/stats/im/weekly
- Add date parameter to function signature
- Parse new response format: array with moderateValue/vigorousValue
Endpoints verified against python-garminconnect source code.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
PocketBase coerces null number fields to 0 when reading. When Garmin
API returned no data (null), we stored null, which became 0 on
retrieval. The nullish coalescing (?? 100) in the API route didn't
catch this because 0 is not nullish.
Now store default value 100 when Garmin returns null, matching the
existing pattern used for decision engine calculations.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
PocketBase returns date fields as ISO strings, not Date objects.
The sync was failing with "e.getTime is not a function" because
the code expected Date objects.
- Export mapRecordToUser from pocketbase.ts
- Use mapRecordToUser in cron route to properly parse dates
- Add test for handling date fields as ISO strings
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The cron job needs to list all users, but the users collection
doesn't have a public listRule (for security). Added admin
authentication so the job can access user records.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fix OIDC tests with route interception for auth-methods API
- Add data-testid to DecisionCard for reliable test selection
- Fix /api/today to fetch fresh user data instead of stale cookie data
- Fix period logging test timing with proper API wait patterns
- Fix decision engine test with waitForResponse instead of timeout
- Simplify mobile viewport test locator
All 206 e2e tests now pass with 0 skipped.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Creates test infrastructure to enable previously skipped e2e tests:
- Onboarding user (no period data) for setup flow tests
- Established user (period 14 days ago) for normal usage tests
- Calendar user (with calendarToken) for ICS feed tests
- Garmin user (valid tokens) for connected state tests
- Garmin expired user (expired tokens) for expiry warning tests
Also fixes ICS feed route to strip .ics suffix from Next.js dynamic
route param, adds calendarToken to /api/user response, and sets
viewRule on users collection for unauthenticated ICS access.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add OAuth1 to OAuth2 token exchange using Garmin's exchange endpoint
- Track refresh token expiry (~30 days) instead of access token expiry (~21 hours)
- Auto-refresh access tokens in cron sync before they expire
- Update Python script to output refresh_token_expires_at
- Add garminRefreshTokenExpiresAt field to User type and database schema
- Fix token input UX: show when warning active, not just when disconnected
- Add Cache-Control headers to /api/user and /api/garmin/status to prevent stale data
- Add oauth-1.0a package for OAuth1 signature generation
The system now automatically refreshes OAuth2 tokens using the stored OAuth1 token,
so users only need to re-run the Python auth script every ~30 days (when refresh
token expires) instead of every ~21 hours (when access token expires).
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fix race conditions: Set workers: 1 since all tests share test user state
- Fix stale data: GET /api/user and /api/cycle/current now fetch fresh data
from database instead of returning stale PocketBase auth store cache
- Fix timing: Replace waitForTimeout with retry-based Playwright assertions
- Fix mobile test: Use exact heading match to avoid strict mode violation
- Add test user setup: Include notificationTime and update rule for users
All 1014 unit tests and 190 E2E tests pass.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Root cause: The setup-db script was missing user field definitions
(garminConnected, tokens, etc.). Production PocketBase had no such
fields, so updates silently failed to persist.
Changes:
- Add user custom fields to setup-db.ts (matches e2e harness)
- Fix status route to use strict boolean check (=== true)
- Add verification in tokens route with helpful error message
- Add ENCRYPTION_KEY to playwright config for e2e tests
- Add comprehensive e2e tests for Garmin connection flow
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- NutritionPanel: Display seed switch alert on day 15 per dashboard spec
- MonthView: Add phase emojis to legend (🩸🌱🌸🌙🌑) per calendar spec
- DayCell: Show period indicator (🩸) for days 1-3 per calendar spec
- Auth middleware: Log client IP from x-forwarded-for/x-real-ip per observability spec
- Updated NutritionGuidance type to include seedSwitchAlert field
- /api/today now returns seedSwitchAlert in nutrition response
Test coverage: 1005 tests (15 new tests added)
- nutrition-panel.test.tsx: +4 tests
- month-view.test.tsx: +1 test
- day-cell.test.tsx: +5 tests
- auth-middleware.test.ts: +3 tests
- today/route.test.ts: +2 tests
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Email subject now follows spec format: PhaseFlow: [STATUS] - Day [cycleDay] ([phase])
- Daily email includes seed switch alert on day 15 (using getSeedSwitchAlert)
- Data panel HRV status now color-coded: green=Balanced, red=Unbalanced, gray=Unknown
- Data panel shows progress bar for week intensity vs phase limit with color thresholds
Adds 13 new tests (990 total).
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add GET /api/period-history route with pagination, cycle length
calculation, and prediction accuracy tracking
- Add PATCH/DELETE /api/period-logs/[id] routes for editing and
deleting period entries with ownership validation
- Add /period-history page with table view, edit/delete modals,
and pagination controls
- Include 61 new tests covering all functionality
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Fetch fresh user data from database in status endpoint instead of
relying on auth store cookie, which may be stale after token save.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add scripts/setup-db.ts to programmatically create missing PocketBase
collections (period_logs, dailyLogs) with proper relation fields
- Fix dark mode visibility across settings, login, calendar, and dashboard
components by using semantic CSS tokens and dark: variants
- Add db:setup npm script and document usage in AGENTS.md
- Update vitest config to include scripts directory tests
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Routes using withAuth were creating new unauthenticated PocketBase
clients, causing 404 errors when trying to update records. Modified
withAuth to pass the authenticated pb client to handlers so they can
use it for database operations.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Users without a lastPeriodDate can now set it via a modal opened from
the onboarding banner. The dashboard now fetches user data independently
so the banner shows even when /api/today fails due to missing period date.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add parseDate helper that safely returns null for empty/invalid date
strings from PocketBase. This prevents RangeError when pino logger
tries to serialize Invalid Date objects via toISOString().
- Make garminTokenExpiresAt and lastPeriodDate nullable in User type
- Filter garmin-sync cron to skip users without required dates
- Add test assertions for null date handling
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Root cause: PocketBase SDK stores auth in localStorage, but Next.js
middleware checks for pb_auth cookie. The cookie was never being set
after successful OAuth login.
Fix: Add pb.authStore.onChange() listener that syncs auth state to
cookie on any change (login, logout, token refresh). This is the
idiomatic PocketBase pattern for Next.js SSR apps.
Also updates authentication spec to reflect that the cookie is
non-HttpOnly by design (client SDK needs read/write access).
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Temporary debugging to diagnose why authWithOAuth2 promise
doesn't resolve after successful code exchange.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Implement email logging per observability spec:
- Add structured logging for email sent (info level) and failed (error level)
- Include userId, type, and recipient fields in log events
- Add userId parameter to email functions (sendDailyEmail, sendPeriodConfirmationEmail, sendTokenExpirationWarning)
- Update cron routes (notifications, garmin-sync) to pass userId
6 new tests added to email.test.ts (now 30 tests total)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add POST /api/auth/logout endpoint with tests (5 tests)
- Add logout button to settings page (5 tests)
- Add structured logging to garmin-sync cron (sync start/complete/failure)
- Update IMPLEMENTATION_PLAN.md with spec gap analysis findings
- Total: 835 tests passing across 44 test files
Closes spec gaps from authentication.md (logout) and observability.md (logging)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
CRITICAL BUG FIX:
- Phase boundaries were hardcoded for 31-day cycle, breaking correct
phase calculations for users with different cycle lengths (28, 35, etc.)
- Added getPhaseBoundaries(cycleLength) function in cycle.ts
- Updated getPhase() to accept cycleLength parameter (default 31)
- Updated all callers (API routes, components) to pass cycleLength
- Added 13 new tests for phase boundaries with 28, 31, and 35-day cycles
ICS IMPROVEMENTS:
- Fixed emojis to match calendar.md spec: 🩸🌱🌸🌙🌑
- Added CATEGORIES field for calendar app colors per spec:
MENSTRUAL=Red, FOLLICULAR=Green, OVULATION=Pink,
EARLY_LUTEAL=Yellow, LATE_LUTEAL=Orange
- Added 5 new tests for CATEGORIES
Updated IMPLEMENTATION_PLAN.md with discovered issues and test counts.
825 tests passing (up from 807)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Implements visual feedback for cycle prediction accuracy in ICS calendar feeds:
- Add predictedDate field to PeriodLog type for tracking predicted vs actual dates
- POST /api/cycle/period now calculates and stores predictedDate based on
previous lastPeriodDate + cycleLength, returns daysEarly/daysLate in response
- ICS feed generates "(Predicted)" events when actual period start differs
from predicted, with descriptions like "period arrived 2 days early"
- Calendar route fetches period logs and passes them to ICS generator
This creates an accuracy feedback loop helping users understand their cycle
variability over time per calendar.md spec.
807 tests passing across 43 test files.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Implement client-side rate limiting for login page with 5 attempts
per minute, matching the spec requirement in authentication.md.
Features:
- Track login attempts with timestamps in component state
- Block login when 5+ attempts made within 60 seconds
- Show "Too many login attempts" error when rate limited
- Show remaining attempts warning after 3 failures
- Disable form/button when rate limited
- Auto-clear after 1 minute cooldown
- Works for both email/password and OIDC authentication
Tests:
- 6 new tests covering rate limiting scenarios (32 total)
- 796 tests passing across 43 test files
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Switch from class-based dark mode to automatic system preference
detection using CSS prefers-color-scheme media query. The app now
respects the user's OS-level dark mode setting without requiring
a manual toggle, as specified in the dashboard requirements.
Changes:
- Update Tailwind custom variant to use @media (prefers-color-scheme: dark)
- Change .dark selector to media query wrapping :root variables
- No component changes needed - existing CSS variable system handles theming
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add skip navigation link to root layout
- Add semantic HTML landmarks (main element) to login and settings pages
- Add aria-labels to calendar day buttons with date, cycle day, and phase info
- Add id="main-content" to dashboard main element for skip link target
- Fix pre-existing type error in auth-middleware.test.ts
Tests: 781 passing (11 new accessibility tests)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Implement OnboardingBanner component that prompts new users to complete
setup with contextual banners for:
- Garmin connection (links to /settings/garmin)
- Period date (button with callback for date picker)
- Notification time (links to /settings)
Banners display at the top of the dashboard when setup is incomplete,
with icons and styled action buttons. Each banner uses role="alert"
for accessibility.
- Add OnboardingBanner component (16 tests)
- Integrate into dashboard page (5 new tests, 28 total)
- Update UserData interface to include garminConnected, notificationTime
- Test count: 770 tests across 43 files
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add skeleton loading components per specs/dashboard.md requirements:
- DecisionCardSkeleton: Shimmer placeholder for status and reason
- DataPanelSkeleton: Skeleton rows for 5 metrics
- NutritionPanelSkeleton: Skeleton for nutrition guidance
- MiniCalendarSkeleton: Placeholder grid with navigation and legend
- OverrideTogglesSkeleton: 4 toggle placeholders
- CycleInfoSkeleton: Cycle day and phase placeholders
- DashboardSkeleton: Combined skeleton for route-level loading
Add Next.js loading.tsx files for instant loading states:
- src/app/loading.tsx (Dashboard)
- src/app/calendar/loading.tsx
- src/app/history/loading.tsx
- src/app/plan/loading.tsx
- src/app/settings/loading.tsx
Update dashboard page to use DashboardSkeleton instead of "Loading..." text.
Fix flaky garmin test with wider date tolerance for timezone variations.
29 new tests in skeletons.test.tsx (749 total tests passing).
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add OIDC/OAuth2 authentication support to the login page with automatic
provider detection and email/password fallback.
Features:
- Auto-detect OIDC provider via PocketBase listAuthMethods() API
- Display "Sign In with Pocket-ID" button when OIDC is configured
- Use PocketBase authWithOAuth2() popup-based OAuth2 flow
- Fall back to email/password form when OIDC not available
- Loading states during authentication
- Error handling with user-friendly messages
The implementation checks for available auth methods on page load and
conditionally renders either the OIDC button or the email/password form.
This allows production deployments to use OIDC while development
environments can continue using email/password.
Tests: 24 tests (10 new OIDC tests added)
- OIDC button rendering when provider configured
- OIDC authentication flow with authWithOAuth2
- Loading and error states for OIDC
- Fallback to email/password when OIDC unavailable
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add comprehensive training plan reference page that displays:
- Current phase status (day, phase name, training type, weekly limit)
- Phase overview cards for all 5 cycle phases with weekly intensity limits
- Strength training exercises reference with sets and reps
- Rebounding techniques organized by phase
- Weekly training guidelines for each phase
The page fetches cycle data from /api/cycle/current and highlights
the current phase. Implements full TDD with 16 tests covering loading
states, error handling, phase display, and exercise reference sections.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Complete the MiniCalendar component with:
- Full calendar grid showing all days of the month
- Phase colors applied to each day
- Today highlighting with ring indicator
- Navigation buttons (prev/next month, Today)
- Compact phase legend
- Integration into dashboard page (shows when lastPeriodDate exists)
Adds 23 new tests for the MiniCalendar component covering:
- Calendar grid rendering
- Phase color application
- Navigation functionality
- Cycle rollover handling
- Custom year/month props
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add comprehensive metrics collection for production monitoring:
- src/lib/metrics.ts: prom-client based metrics library with custom counters,
gauges, and histograms for Garmin sync, email, and decision engine
- GET /api/metrics: Prometheus-format endpoint for scraping
- Integration into garmin-sync cron: sync duration, success/failure counts,
active users gauge
- Integration into email.ts: daily and warning email counters
- Integration into decision-engine.ts: decision type counters
Custom metrics implemented:
- phaseflow_garmin_sync_total (counter with status label)
- phaseflow_garmin_sync_duration_seconds (histogram)
- phaseflow_email_sent_total (counter with type label)
- phaseflow_decision_engine_calls_total (counter with decision label)
- phaseflow_active_users (gauge)
33 new tests (18 library + 15 route), bringing total to 586 tests.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add email warnings for Garmin token expiration at 14-day and 7-day thresholds.
When the garmin-sync cron job runs, it now checks each user's token expiry and
sends a warning email at exactly 14 days and 7 days before expiration.
Changes:
- Add sendTokenExpirationWarning() to email.ts with differentiated subject
lines and urgency levels for 14-day vs 7-day warnings
- Integrate warning logic into garmin-sync cron route using daysUntilExpiry()
- Track warnings sent in sync response with new warningsSent counter
- Add 20 new tests (10 for email function, 10 for sync integration)
Test count: 517 → 537
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add GET /api/health endpoint for deployment monitoring and load balancer
health probes. Returns 200 with status "ok" when PocketBase is reachable,
503 with status "unhealthy" when PocketBase connection fails.
Response includes timestamp (ISO 8601), version, and error message (on failure).
Uses PocketBase SDK's built-in health.check() method for connectivity testing.
14 tests covering healthy/unhealthy states and edge cases.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add full Garmin connection management page at /settings/garmin
- Display connection status with colored indicators (green/red/gray)
- Show token expiry warnings (yellow 14 days, red 7 days)
- Token input form with JSON validation for bootstrap script output
- Disconnect functionality with confirmation
- Loading and error states throughout
- Add link from Settings page to Garmin settings
- 27 tests for Garmin settings page
- 3 additional tests for Settings page Garmin link
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add functional history page that displays DailyLog entries in a table
with date, cycle day/phase, decision, body battery, HRV, and intensity
columns. Features include:
- Data fetching from /api/history endpoint
- Pagination with previous/next navigation
- Date filtering with start/end date inputs
- Decision color coding (REST=red, TRAIN=green, GENTLE/LIGHT/REDUCED=yellow)
- Loading and error states
- Empty state when no history exists
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add client-side form for cycleLength, notificationTime, timezone
- Fetch user data on mount and pre-fill form values
- Submit updates via PATCH /api/user with loading states
- Display success/error messages with proper accessibility
- Clear messages when user modifies form
- 24 tests covering rendering, data loading, validation, error handling
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add GET /api/history for paginated historical daily logs with:
- Pagination support (page/limit query params, default 20 per page)
- Date filtering (startDate/endDate in YYYY-MM-DD format)
- Validation for all parameters with descriptive error messages
- Sort by date descending (most recent first)
- Response includes items, total, page, limit, totalPages, hasMore
Includes 19 tests covering pagination, date filtering, auth, and validation.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add two calendar-related API endpoints:
P2.6 - GET /api/calendar/[userId]/[token].ics:
- Token-based authentication (no session required)
- Validates calendar token against user record
- Generates 90 days of phase events using generateIcsFeed()
- Returns proper Content-Type and Cache-Control headers
- 404 for non-existent users, 401 for invalid tokens
- 10 tests covering all scenarios
P2.7 - POST /api/calendar/regenerate-token:
- Requires authentication via withAuth() middleware
- Generates cryptographically secure 32-character hex token
- Updates user's calendarToken field in database
- Returns new token and formatted calendar URL
- Old tokens immediately invalidated
- 9 tests covering token generation and auth
Total: 19 new tests, 360 tests passing
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add daily email notification system that sends training decisions
at each user's preferred time in their timezone.
Features:
- Timezone-aware notification matching using Intl.DateTimeFormat
- DailyLog-based notifications with duplicate prevention
- Nutrition guidance integration via getNutritionGuidance
- Graceful error handling (continues processing on per-user failures)
- Summary response with detailed stats
Includes 20 tests covering:
- CRON_SECRET authentication
- Timezone matching (UTC and America/New_York)
- DailyLog existence and already-sent checks
- Email content assembly
- Error handling and response format
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
