dudi/CLAUDE.md

# Dudi – Claude Context

## What this is
Habit & goal tracking PWA. Users set goals (e.g. "50 push-ups/day for 30 days"), log sets daily, and see progress. Invite-only registration. Multilingual UI (DE/EN/PL).

## Stack
- Symfony 8 + Doctrine ORM (src/)
- Vanilla JS SPA — no build step, no npm (public/app.js)
- HTML `<template>` elements in templates/app.html.twig (rendered once, JS clones them)
- MariaDB, session auth + remember-me 24h

## Local dev
- URL: http://dudi.local/
- DB: zieltracker / zieltracker (see .env.local, gitignored)
- `php bin/console cache:clear` after config changes
- `public/app.js` is the authoritative JS file

## Server
- `ssh -p 30183 root@miniweb.kuehn.home`
- App: /var/www/tracker/, DB: dd/dd
- Deploy: `bash deploy.sh` (rsync + remote composer install + cache:clear)
- Remember-me table must exist: `rememberme_token` (already created)

## Key files
- `src/Controller/AuthController.php` — login, register, password reset, name/locale change
- `src/Controller/GoalController.php` — goals CRUD
- `src/Controller/InviteController.php` — invite creation + listing
- `src/Controller/AdminController.php` — admin-only user list (guarded by ADMIN_EMAIL env var)
- `src/Security/JsonLoginAuthenticator.php` — JSON POST /api/login
- `config/packages/security.yaml` — firewall, remember-me, access control
- `templates/app.html.twig` — SPA shell + all tpl-* templates
- `public/app.js` — all frontend logic

## Data model
- `goals.sets` is a JSON object: `{"2026-04-01": [20, 30], "2026-04-02": [50]}` — keys are dates, values are arrays of logged amounts per session
- Users table schema is compatible with the old delight-im/auth library (bcrypt hashes work unchanged)
- Password resets use `users_resets` table directly (raw SQL) — Symfony doesn't manage this table

## Conventions
- API responses: `{ ok: true, ... }` on success, `{ error: "message" }` on failure
- All API routes prefixed `/api/`, catch-all route in AppController renders SPA
- No Twig cache in dev (handled by Symfony kernel; disabled in dev env)
- JS uses `tpl(id)` helper to clone `<template>` elements, fills via querySelector with semantic class names
- No comments in JS unless non-obvious; no trailing summaries in responses

## Pending cleanup
- Legacy DB tables that can be dropped: `users_throttling`, `users_confirmations`, `schema_migrations`
-												Initial commit: Dudi habit tracker

Symfony 8 SPA with Doctrine ORM, Symfony Security, vanilla JS frontend.
Migrated from plain PHP (delight-im/auth + raw SQL) to full Symfony stack.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-04-29 13:40:57 +00:00
+								# Dudi – Claude Context
 								## What this is
-												Remove legacy root app.js, update docs

- Delete root app.js (pre-Symfony legacy copy, no longer served anywhere)
- CLAUDE.md: remove sync instruction, drop outdated pending-cleanup items,
  add AdminController to key files, fix i18n note (DE/EN/PL), fix Twig cache note
- docs/api.md: document locale/is_admin in /api/me, PATCH locale, new
  GET /api/admin/users endpoint
- docs/structure.md: add AdminController, clean up legacy table descriptions

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-01 08:09:17 +00:00
+								Habit & goal tracking PWA. Users set goals (e.g. "50 push-ups/day for 30 days"), log sets daily, and see progress. Invite-only registration. Multilingual UI (DE/EN/PL).
-												Initial commit: Dudi habit tracker

Symfony 8 SPA with Doctrine ORM, Symfony Security, vanilla JS frontend.
Migrated from plain PHP (delight-im/auth + raw SQL) to full Symfony stack.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-04-29 13:40:57 +00:00
 								## Stack
 								- Symfony 8 + Doctrine ORM (src/)
 								- Vanilla JS SPA — no build step, no npm (public/app.js)
 								- HTML `<template>` elements in templates/app.html.twig (rendered once, JS clones them)
 								- MariaDB, session auth + remember-me 24h
 								## Local dev
 								- URL: http://dudi.local/
 								- DB: zieltracker / zieltracker (see .env.local, gitignored)
 								- `php bin/console cache:clear` after config changes
-												Remove legacy root app.js, update docs

- Delete root app.js (pre-Symfony legacy copy, no longer served anywhere)
- CLAUDE.md: remove sync instruction, drop outdated pending-cleanup items,
  add AdminController to key files, fix i18n note (DE/EN/PL), fix Twig cache note
- docs/api.md: document locale/is_admin in /api/me, PATCH locale, new
  GET /api/admin/users endpoint
- docs/structure.md: add AdminController, clean up legacy table descriptions

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-01 08:09:17 +00:00
+								- `public/app.js` is the authoritative JS file
-												Initial commit: Dudi habit tracker

Symfony 8 SPA with Doctrine ORM, Symfony Security, vanilla JS frontend.
Migrated from plain PHP (delight-im/auth + raw SQL) to full Symfony stack.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-04-29 13:40:57 +00:00
 								## Server
 								- `ssh -p 30183 root@miniweb.kuehn.home`
 								- App: /var/www/tracker/, DB: dd/dd
 								- Deploy: `bash deploy.sh` (rsync + remote composer install + cache:clear)
 								- Remember-me table must exist: `rememberme_token` (already created)
 								## Key files
-												Remove legacy root app.js, update docs

- Delete root app.js (pre-Symfony legacy copy, no longer served anywhere)
- CLAUDE.md: remove sync instruction, drop outdated pending-cleanup items,
  add AdminController to key files, fix i18n note (DE/EN/PL), fix Twig cache note
- docs/api.md: document locale/is_admin in /api/me, PATCH locale, new
  GET /api/admin/users endpoint
- docs/structure.md: add AdminController, clean up legacy table descriptions

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-01 08:09:17 +00:00
+								- `src/Controller/AuthController.php` — login, register, password reset, name/locale change
-												Initial commit: Dudi habit tracker

Symfony 8 SPA with Doctrine ORM, Symfony Security, vanilla JS frontend.
Migrated from plain PHP (delight-im/auth + raw SQL) to full Symfony stack.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-04-29 13:40:57 +00:00
+								- `src/Controller/GoalController.php` — goals CRUD
 								- `src/Controller/InviteController.php` — invite creation + listing
-												Remove legacy root app.js, update docs

- Delete root app.js (pre-Symfony legacy copy, no longer served anywhere)
- CLAUDE.md: remove sync instruction, drop outdated pending-cleanup items,
  add AdminController to key files, fix i18n note (DE/EN/PL), fix Twig cache note
- docs/api.md: document locale/is_admin in /api/me, PATCH locale, new
  GET /api/admin/users endpoint
- docs/structure.md: add AdminController, clean up legacy table descriptions

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-01 08:09:17 +00:00
+								- `src/Controller/AdminController.php` — admin-only user list (guarded by ADMIN_EMAIL env var)
-												Initial commit: Dudi habit tracker

Symfony 8 SPA with Doctrine ORM, Symfony Security, vanilla JS frontend.
Migrated from plain PHP (delight-im/auth + raw SQL) to full Symfony stack.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-04-29 13:40:57 +00:00
+								- `src/Security/JsonLoginAuthenticator.php` — JSON POST /api/login
 								- `config/packages/security.yaml` — firewall, remember-me, access control
 								- `templates/app.html.twig` — SPA shell + all tpl-* templates
 								- `public/app.js` — all frontend logic
 								## Data model
 								- `goals.sets` is a JSON object: `{"2026-04-01": [20, 30], "2026-04-02": [50]}` — keys are dates, values are arrays of logged amounts per session
 								- Users table schema is compatible with the old delight-im/auth library (bcrypt hashes work unchanged)
 								- Password resets use `users_resets` table directly (raw SQL) — Symfony doesn't manage this table
 								## Conventions
 								- API responses: `{ ok: true, ... }` on success, `{ error: "message" }` on failure
 								- All API routes prefixed `/api/`, catch-all route in AppController renders SPA
-												Remove legacy root app.js, update docs

- Delete root app.js (pre-Symfony legacy copy, no longer served anywhere)
- CLAUDE.md: remove sync instruction, drop outdated pending-cleanup items,
  add AdminController to key files, fix i18n note (DE/EN/PL), fix Twig cache note
- docs/api.md: document locale/is_admin in /api/me, PATCH locale, new
  GET /api/admin/users endpoint
- docs/structure.md: add AdminController, clean up legacy table descriptions

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-01 08:09:17 +00:00
+								- No Twig cache in dev (handled by Symfony kernel; disabled in dev env)
-												Initial commit: Dudi habit tracker

Symfony 8 SPA with Doctrine ORM, Symfony Security, vanilla JS frontend.
Migrated from plain PHP (delight-im/auth + raw SQL) to full Symfony stack.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-04-29 13:40:57 +00:00
+								- JS uses `tpl(id)` helper to clone `<template>` elements, fills via querySelector with semantic class names
 								- No comments in JS unless non-obvious; no trailing summaries in responses
 								## Pending cleanup
 								- Legacy DB tables that can be dropped: `users_throttling`, `users_confirmations`, `schema_migrations`