Fixed two critical GraphQL schema issues preventing dashboard data loading:
**Backend Changes:**
- Changed child.birthDate from DATE to TIMESTAMP type in entity and database
- Updated TypeORM entity (child.entity.ts:23)
- Migrated database column: ALTER TABLE children ALTER COLUMN birth_date TYPE TIMESTAMP
- Added JSON scalar support for activity metadata field
- Installed graphql-type-json package
- Created JSONScalar (src/graphql/scalars/json.scalar.ts)
- Updated Activity.metadata from String to GraphQLJSON type
- Auto-generated schema.gql with JSON scalar definition
**Frontend Changes:**
- Fixed Apollo Client token storage key mismatch
- Changed from 'access_token' to 'accessToken' to match tokenStorage utility
- Enhanced dashboard logging for debugging GraphQL queries
**Database Migration:**
- Converted children.birth_date: DATE → TIMESTAMP
- Preserves existing data (2023-06-01 → 2023-06-01 00:00:00)
Resolves errors:
- "Expected DateTime.serialize() to return non-nullable value, returned: null"
- "String cannot represent value: { ... }" for activity metadata
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Frontend Compliance Features:
- Created compliance API client (data export, account deletion, deletion status)
- Added DataExport component with download functionality
- Added AccountDeletion component with 30-day grace period UI
- Updated Settings page with Privacy & Compliance sections
COPPA Age Verification:
- Added date of birth field to registration
- Age calculation with COPPA compliance (under 13 blocked)
- Parental email and consent for users 13-17
- Dynamic form validation based on age
Privacy & Terms:
- Separate checkboxes for Terms of Service and Privacy Policy
- Required acceptance for registration
- Links to policy pages
Completes GDPR Right to Data Portability and Right to Erasure.
Completes COPPA parental consent requirements.
## Backend Changes
- Update tracking.service.ts getDailySummary to calculate actual counts
- Import ActivityType enum for proper type comparisons
- Calculate feedingCount, sleepTotalMinutes, diaperCount, medicationCount
- Sleep duration now correctly calculated from startedAt/endedAt timestamps
## Frontend API Changes
- Add medicationCount to DailySummary interface
- Extract endTime from metadata and send as endedAt to backend
- Enables proper sleep duration tracking with start/end times
## Homepage Updates
- Add Medicine and Activities quick action buttons
- Update summary grid from 3 to 4 columns (responsive layout)
- Add medication count display with MedicalServices icon
- Improve grid responsiveness (xs=6, sm=3)
- Replace Analytics button with Activities button
## New Activities Page
- Create /activities page to show recent activity history
- Display last 7 days of activities with color-coded icons
- Show smart timestamps (Today/Yesterday/date format)
- Activity-specific descriptions (feeding amount, sleep duration, etc.)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Implemented complete review/edit workflow for voice commands with ML feedback collection:
**Backend:**
- Created V012 migration for voice_feedback table with user action tracking
- Added VoiceFeedback entity with approval/edit/reject actions
- Implemented voice feedback API endpoint (POST /api/v1/voice/feedback)
- Fixed user ID extraction bug (req.user.userId vs req.user.sub)
**Frontend:**
- Built VoiceActivityReview component with field-specific editors
- Integrated review dialog into voice command workflow
- Added approve/edit/reject handlers with feedback submission
- Fixed infinite loop by tracking processed classification IDs
**Features:**
- Users can review AI-extracted data before saving
- Quick-edit capabilities for all activity fields
- Feedback data stored for ML model improvement
- Activity creation only happens after user approval/edit
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add LOGIN_BIOMETRIC to AuditAction enum
- Import AuditAction and EntityType in AuthService
- Fix loginWithExternalAuth return type to match AuthResponse interface
- Update biometric API client to use correct response structure
- Update login page to access tokens from nested data structure
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Create biometric API client with WebAuthn methods
- Add BiometricSettings component for credential management
- Support Face ID, Touch ID, Windows Hello enrollment
- Display list of enrolled credentials with metadata
- Add/remove/rename biometric credentials
- Check browser and platform authenticator support
- Integrate into settings page with animations
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Implements user interface for viewing and managing active sessions:
Session Management Features:
- SessionsManagement component with full session management UI
- List all active sessions with device information
- Platform-specific icons (Computer, Phone, Tablet)
- Current session indicator with green chip
- Session details: device fingerprint, platform, last used, created date
- Revoke individual sessions with confirmation dialog
- Revoke all sessions except current with bulk action
- Real-time session count display
User Experience:
- Visual device type indicators
- Human-readable time formatting (e.g., "2 hours ago")
- Current session clearly marked and protected from removal
- Warning dialogs before revoking sessions
- Success/error feedback with alerts
- Loading states for all operations
- Empty state handling
API Integration:
- Sessions API client in lib/api/sessions.ts
- Get all sessions
- Get session count
- Revoke specific session
- Revoke all sessions except current
- Proper error handling and user feedback
Settings Page Integration:
- Added Sessions Management section
- Placed after Security/MFA settings
- Animated transitions with staggered delays
- Maintains consistent settings page layout
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Implemented comprehensive rate limiting for API security:
- Created custom Next.js-native rate limiter using in-memory store
- Added 5 rate limit configurations:
- authLimiter: 5 requests/15min for login/register/password-reset
- aiLimiter: 10 requests/hour for AI assistant queries
- trackingLimiter: 30 requests/min for activity tracking
- readLimiter: 100 requests/min for read-only endpoints
- sensitiveLimiter: 3 requests/hour for sensitive operations
- Applied rate limiting to endpoints:
- /api/auth/login, /api/auth/register, /api/auth/password-reset
- /api/ai/chat
- /api/tracking/feeding (GET and POST)
- Rate limit responses include standard headers:
- RateLimit-Limit, RateLimit-Remaining, RateLimit-Reset
- Retry-After header with seconds until reset
- Tested with 7 sequential requests - first 5 passed, last 2 blocked with 429
Note: Current implementation uses in-memory store. For production with
multiple instances, migrate to Redis-backed storage for distributed
rate limiting.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Implemented React error boundaries to catch and handle errors gracefully:
**Core Error Handling Components:**
- Created ErrorBoundary class component with error catching and logging
- Created specialized fallback UIs (MinimalErrorFallback, DataErrorFallback,
ComponentErrorFallback, FormErrorFallback, ChartErrorFallback, ImageErrorFallback)
- Added withErrorBoundary HOC for easy component wrapping
- Created errorLogger service with Sentry integration placeholder
**Error Logging Service (errorLogger.ts):**
- Centralized error logging with severity levels (FATAL, ERROR, WARNING, INFO, DEBUG)
- Context enrichment (URL, userAgent, timestamp, environment)
- Local storage of last 10 errors in sessionStorage for debugging
- User context management (setUser, clearUser)
- Breadcrumb support for debugging trails
**App Integration:**
- Wrapped root layout with top-level ErrorBoundary for catastrophic errors
- Added NetworkStatusIndicator to main page for offline sync visibility
- Wrapped daily summary section with isolated DataErrorFallback
- Added error boundary to AI assistant page with ComponentErrorFallback
- Wrapped feeding tracking form with FormErrorFallback using withErrorBoundary HOC
- Protected analytics charts with isolated ChartErrorFallback boundaries
**Error Recovery Features:**
- Isolated error boundaries prevent cascade failures
- Retry buttons on all fallback UIs
- Error count tracking with user warnings
- Development-mode error details display
- Automatic error logging to service (when Sentry integrated)
Next: Integration with Sentry for production error tracking
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
