- protection.ts: setCooldownTestMode/getCooldownTestMode (AsyncStorage 'dev:cooldown-testmode');
requestDeactivation sends testMode:true when on (__DEV__ only)
- debug.tsx: CooldownTestModeToggle (Switch) — '40s instead of 24h, staging only'
- useProtectionState.ts: wire applyCooldownDisableIfElapsed() — fires on cooldown
active→false transition (guarded so no extra fetch per poll) + on AppState 'active';
protection actually turns off when the (test-)cooldown elapses (the 'Step 5b' auto-disable)
- DeactivationExplainerSheet.tsx: useSafeAreaInsets — header paddingTop insets.top+14,
ScrollView paddingBottom max(insets.bottom,12)+24; back btn Pressable→TouchableOpacity
- ProtectionDetailsSheet.tsx: ScrollView paddingBottom max(insets.bottom,16)+24 (was 40);
backdrop + 'Fertig' Pressable→TouchableOpacity
tsc clean. (Note: 'sheet doesn't scroll' — the bottom content was being clipped under the
home indicator; the paddingBottom fix should resolve it. Broader UI polish deferred to a
separate session — Task #10.)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- components/plan/PlanChangeSheet.tsx — upgrade/downgrade briefing per pricing-tiers.md §4
(fetches GET /api/plan/change-preview; gains/keeps/changes; recovery-safety line;
billing hint w/o purchase button; CTA row, no 'are you sure?' interstitial)
- debug.tsx: PlanOverrideToggle routes every flip through PlanChangeSheet first
- devices.tsx + protectedDevices.ts: 'degraded' status (red, inline 'protection expired —
remove the profile yourself' hint, no green checkmark); maxProtectedDevices limit hint
- mail.tsx + MailAccountCard.tsx + useMailStatus.ts: over-limit banner + paused-account
greyed-out + PausedBadge (all defensive — only shows if backend sends the field)
- blocker.tsx: free-tier transparency hint ('Grundschutz aktiv — voller Schutz: Pro/Legend')
+ custom-domain over-limit banner
- locales: plan.change.* + plan_limit.* (de + en)
tsc clean. Backend side (GET /api/plan/change-preview, paused/degraded fields) in progress
in parallel — UI built defensively to work before it lands.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
debug.tsx: removed admin-403 special-case, calls /api/dev/set-plan directly.
settings.tsx: new PlanPickerSheetContent (TrueSheet, DEV-only) in debug section
with three plan options; uses same endpoint + invalidateMe().
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Picker now uses allowsEditing:false + quality:1; picked URI routes through
AvatarCropSheet (Pinch+Pan via RNGH+Reanimated, square crop frame with
corner markers). manipulateAsync crop left as TODO — expo-image-manipulator
not yet installed; sheet passes URI through unchanged until then.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
free: 5 custom domains (non-refillable), no global blocklist, 1 mail account,
basic coach. pro: global blocklist (the headline), 5 refillable domains, 3 mail
accounts (cron choice, no daemon), better coach. legend: + IMAP-IDLE daemon
(real-time mail scan — app highlight), 10 refillable domains with ≤24h ReBreak
validation, much better coach, +2 device DNS profiles. Marketing critique (§7)
pending from strategist.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
POST /api/dev/set-plan { plan: 'free'|'pro'|'legend' } — requireUser, sets the
caller's own profile.plan via Prisma. Refuses on production URL (same guard as
the cooldown testMode: appUrl includes rebreak.org && !includes staging). Lets
the __DEV__ tier-toggle work without admin rights. Does NOT weaken updateProfile.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Alle <Pressable style={({pressed}) => ({...})}> ersetzt — style-Funktion
droppt auf Android (New Arch) intermittierend width/height, führt zu 0×0
unsichtbaren Elementen. TouchableOpacity mit activeOpacity ist stabil.
Außerdem übrige Pressables (plain style) aus components/ und app/
migriert sowie zwei überschüssige </View>-Tags in chat.tsx + RoomCard.tsx
entfernt die TS-Fehler verursacht haben.
64 Dateien, typecheck sauber.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Infisical staging holds the bot user IDs as NUXT_LYRA_BOT_USER_ID /
NUXT_REBREAK_BOT_USER_ID, but nitro.config.ts reads process.env.LYRA_BOT_USER_ID
(no NUXT_ fallback) and start-staging.sh had no alias for them → config.lyraBotUserId
was empty → POST /api/admin/lyra-post threw 500 "LYRA_BOT_USER_ID nicht
konfiguriert" (surfaced via the admin app proxy). Adds the alias + NITRO_ override
exports, same pattern as the other keys.
Also: ops/strategy/pricing-tiers.md — strategist's tier-pricing analysis,
stress-test, downgrade-policy matrix, plan-change briefing-screen content +
scenario test matrix (Task #8 Phase 1).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
useUserPlan had its own module-level cache + fetch-once-on-mount, separate
from useMe's invalidateMe(). So the __DEV__ tier-override toggle (which calls
invalidateMe()) never reached useUserPlan consumers → the app didn't react to
a plan switch. Now useUserPlan just reads me.plan from useMe → inherits its
live-invalidation, the toggle propagates everywhere.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The pages/lyra.vue page (create community posts as Lyra/ReBreak, AI-generated
or manual) existed but wasn't linked anywhere. Adds it to the sidebar +
mobile bottom-tab (grid-cols-5→6) and the dashboard quick-links grid
(lg:grid-cols-4→5). Admin app stays team-internal (stats / users / domain
approval / social posts / moderation) — no relation to the RN app.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Old adaptiveIcon was a full-bleed dark logo on a #0a0a0a background → the
launcher mask cropped it ("zoomed in" look). Now: white background (matches
the Play Store listing icon look) + the same logo at ~62% on a transparent
canvas → mask has nothing to clip.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Fixes the metro-symbolicate version skew (nested 0.82.5 copies under
metro@/metro-source-map@) that broke the release JS bundle step
("SourceMetadataMapConsumer is not a constructor" in composeSourceMaps).
Required a clean reinstall (rm -rf node_modules && pnpm install) to drop
the stale nested dirs.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- protection.ts: normalize Android device-state keys (vpn/accessibility/
tamperLock) to the iOS-shaped names the UI reads (urlFilter/familyControls/
appDeletionLock) — on Android the layers came back under different keys, so
blocker.tsx saw all toggles as undefined → always off → optimistic toggle
flipped back to off after enabling
- AppHeader.tsx: avatar/bell/back Pressable-with-style-fn → TouchableOpacity
with plain style — style-fn was swallowing width/height on Android → 0×0
+ overflow:hidden → avatar invisible (same pattern as Mac-CTA fix 7d04e42)
- app.config.ts: adaptiveIcon.foregroundImage → padded adaptive-foreground.png
(logo in ~66% safe zone, was full-bleed → clipped by launcher mask);
icon → icon.png (clean 1024 opaque, was the 512px alpha variant)
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- settings.tsx: real "Abo" row showing current plan (Free/Pro/Legend badge),
taps open a sheet explaining subscriptions are managed on rebreak.org
(Linking.openURL → /account; TODO: gate for iOS App-Store submission per
Apple 3.1.1 — no in-app purchase flow)
- debug.tsx: __DEV__-only plan-override toggle (free/pro/legend) via
PATCH /api/admin/users/:id + invalidateMe(); shows admin-only hint on 403
- locales: settings.subscription_* keys (de + en)
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Fixes [notifRealtime] CHANNEL_ERROR — table was not in supabase_realtime
publication, so postgres_changes events never arrived. Added by backyard.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Memory feedback_known_ui_layout_bugs.md Pattern 5: Pressable with
style={({pressed}) => ({...})} is layout-poison in some RN-render-paths,
button collapses to 0-height and renders invisible. Windows-button right
below worked because it uses static style={{...}}.
TouchableOpacity gets same press-feedback via activeOpacity prop.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Plugin referenced @string/accessibility_service_summary +
@xml/accessibility_service_config in AndroidManifest but never created the
underlying resource files. EAS Cloud prebuild --clean exposed this — local
dev worked because resources were sometimes already there from previous builds.
- withStringsXml: adds accessibility_service_summary string (DE)
- withDangerousMod: writes res/xml/accessibility_service_config.xml at prebuild
- Config flags match native service (TYPE_WINDOW_CONTENT_CHANGED + STATE_CHANGED,
canRetrieveWindowContent for URL-bar reading)
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
EAS Cloud prebuild ignores local android/build.gradle pins (android/ is gitignored).
Plugin compileSdk 35 → 36 satisfies new androidx.core dependency requirements.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Backend:
- ProtectedDevice prisma model + migration add_protected_devices
- DB helpers: list/count/get/create/confirm/revoke
- mobileconfig.ts utility — XML-escape, unique UUIDs per request
- 5 endpoints under /api/devices/* (avoid /api/devices conflict with existing
Capacitor UserDevice route by using /api/devices/protected for list)
Phase 1: backend ready. DoH-server token-routing comes in phase 2.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
metro-cache 0.82.5 (nested under metro 0.82.5) imports metro-core/src/canonicalize
directly. Top-level metro-core 0.83.3 has restrictive exports map that blocks this.
Pnpm patch adds ./src/* to exports while preserving the existing ./private/* path.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Wenn User App-Passwort aktualisiert via /api/mail/connect (upsert), waren bisher
lastConnectError + lastConnectErrorAt von der vorherigen Auth-Failure noch in
DB → /api/mail/status returned weiter Auth-Fehler-Status bis zum nächsten
IDLE-Heartbeat oder Cron-Scan diese überschrieb.
Jetzt: bei erfolgreichem Update räumt upsertMailConnection beide Felder, UI
zeigt sofort "Live" nach Passwort-Update.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- upsertMailConnection: bei Update lastConnectError + lastConnectErrorAt auf
null — User aktualisiert App-Passwort → UI zeigt sofort wieder Live (statt
stale Auth-Fehler-Status bis nächstem IDLE/Scan-Cycle)
- /api/mail/status: liefert lastConnectError, lastConnectErrorAt,
lastIdleHeartbeatAt mit (waren bisher nicht im Response → Frontend hat den
Status nie korrekt rendern können)
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
AdGuard Home auf rebreak-mdm pullt diese Liste alle 1h für DoH-DNS-NXDOMAIN.
Single source of truth mit dem URL-Filter (NEFilter) — gleicher
getActiveBlocklistDomains() backend-call.
Public (no auth) — Casino-Domains sind keine PII, andere DNS-Blocklisten
(HaGeZi, OISD) sind genauso public.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
AdGuard Home auf rebreak-mdm pullt diese Liste alle 1h für DoH-DNS-NXDOMAIN.
Single source of truth mit dem URL-Filter (NEFilter) — gleicher
getActiveBlocklistDomains() backend-call.
Public (no auth) — Casino-Domains sind keine PII, andere DNS-Blocklisten
(HaGeZi, OISD) sind genauso public.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Adds 3 fields to mail_connections so UI can distinguish between
"connection alive but no new mail" vs "connection dead" vs "auth-failed":
- last_connect_error — text of last IMAP error (auth-fail, connect-fail)
- last_connect_error_at — timestamp of error
- last_idle_heartbeat_at — updated every 2min by NOOP-success in daemon
Daemon (backend/imap-idle/index.mjs):
- updateConnectionError() / clearConnectionError() / updateIdleHeartbeat()
SQL helpers
- logError now uses err.responseText (shows "AUTHENTICATIONFAILED" instead
of generic "Command failed")
- clearError on connect() success
- updateError on connect() catch
- updateHeartbeat in NOOP-success-path (every 2min)
API (status.get.ts): returns the 3 new fields per account.
Migration: ALTER TABLE rebreak.mail_connections ADD COLUMN ... (idempotent).
UI-side (in flight, separate task): MailAccountCard renders auth-error
banner when lastConnectError != null + heartbeat-based "live" indicator.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
User-test: Casino-mail an Chahine@gmx.net wurde nicht geblockt obwohl
daemon "connected" zeigte. Mo's diagnose: GMX dropped IDLE-connection
silent (kein TCP-error, kein logout). ImapFlow.idle() hängt unbegrenzt
ohne reject — exists-events kommen nie an, daemon ist faktisch tot.
2 Fixes:
1) IDLE_RENEW_INTERVAL_MS: 25 min → 10 min. GMX timeout-window ist
~10-15min, 25min war zu lang. Trade-off: alle 10min full reconnect.
2) NOOP-heartbeat alle 2min während IDLE-loop. Wenn NOOP fail
(= silent-drop detected) → close → reconnect-loop. Early-detection.
Andere provider (Gmail/iCloud/Outlook) sind unaffected — die haben
~29min IDLE-timeout, also passt 10min auch dort safe.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Adds optional `gameName` column to community_posts so game-share posts
can render with the game-banner above the post-content (Snake/Tetris/
Memory/TTT visual indicator).
- prisma/schema.prisma: CommunityPost.gameName String? @map("game_name")
- migration: ALTER TABLE rebreak.community_posts ADD COLUMN game_name
- db/community.ts: createPost() accepts gameName param
- api/community/post.post.ts: extracts gameName from body
- api/community/posts.get.ts: returns gameName, prefers DB over content-parse
Frontend (already in flight on upgrade/sdk-54): PostCard.tsx renders
GameShareBanner when post.category === 'game_share' && post.gameName.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Daemon SQL used PascalCase "MailConnection" + camelCase column-names
that match the Prisma model field-names — but actual DB has snake_case
table "mail_connections" with snake_case columns (per @map decorators).
Result: daemon was online but ALL queries failed with
relation "rebreak.MailConnection" does not exist
→ no mailboxes loaded → no IDLE-sessions established.
Fix: query "rebreak.mail_connections" with snake_case columns, alias
back to camelCase via SQL AS so rest of the daemon code works unchanged.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
scp -r imap-idle/ target/ erstellt imap-idle/imap-idle/ wenn target existiert.
Fix: imap-idle/. kopiert Inhalt direkt in target ohne extra Subdir.
Plus: rm -rf + mkdir vor scp fuer idempotente Deploys.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
scp -r imap-idle/ target/ erstellt imap-idle/imap-idle/ wenn target existiert.
Fix: imap-idle/. kopiert Inhalt direkt in target ohne extra Subdir.
Plus: rm -rf + mkdir vor scp fuer idempotente Deploys.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
scp -r schlaegt fehl wenn Zielverzeichnis nicht existiert.
Loest den GH-Actions-Fehler "realpath /srv/rebreak/backend/imap-idle/: No such file".
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
