Fixed multiple issues with voice command workflow:
**Status Transition Fixes:**
- Fixed infinite loop in status update useEffect by checking if status actually needs to change
- Status now properly transitions: listening → understanding → review/close
- Added debug logging to track status changes
**UI Bug Fixes:**
- Fixed crash in diaper tracker when conditions field is undefined (voice-created activities)
- Auto-close dialog when classification returns "unknown" type
- Added optional chaining for conditions.join() in getDiaperDetails
**Changes:**
- VoiceFloatingButton: Prevent setting same status repeatedly
- VoiceFloatingButton: Close dialog on unknown classification
- Diaper page: Handle missing conditions field gracefully
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Implemented complete review/edit workflow for voice commands with ML feedback collection:
**Backend:**
- Created V012 migration for voice_feedback table with user action tracking
- Added VoiceFeedback entity with approval/edit/reject actions
- Implemented voice feedback API endpoint (POST /api/v1/voice/feedback)
- Fixed user ID extraction bug (req.user.userId vs req.user.sub)
**Frontend:**
- Built VoiceActivityReview component with field-specific editors
- Integrated review dialog into voice command workflow
- Added approve/edit/reject handlers with feedback submission
- Fixed infinite loop by tracking processed classification IDs
**Features:**
- Users can review AI-extracted data before saving
- Quick-edit capabilities for all activity fields
- Feedback data stored for ML model improvement
- Activity creation only happens after user approval/edit
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Backend changes:
- Update LLM prompt to use correct field names matching frontend interfaces
- Use 'diaperType' instead of 'type' for diaper activities
- Use 'feedingType' instead of 'method' for feeding activities
- Simplify sleep structure (duration, quality, location only)
Frontend changes:
- Add processedClassificationId tracking to prevent infinite loop
- Create unique ID for each classification to avoid duplicate processing
- Reset processed ID when dialog opens/closes or new recording starts
This fixes the issue where voice commands created multiple duplicate
activities and had mismatched data structures causing tracker warnings.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Fix login endpoint to return families as array of objects instead of strings
- Update auth interface to match /auth/me endpoint structure
- Add silence detection to voice input (auto-stop after 1.5s)
- Add comprehensive status messages to voice modal (Listening, Understanding, Saving)
- Unify voice input flow to use MediaRecorder + backend for all platforms
- Add null checks to prevent tracking page crashes from invalid data
- Wait for auth completion before loading family data in HomePage
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Replace navigation to pre-filled forms with direct API activity creation
- Fetch children from family and use first child (can be enhanced for name matching)
- Show success/error messages with proper feedback
- Auto-close dialog after successful save
- Add test endpoint /api/v1/voice/test-classify for easy testing
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add URL parameter reading to diaper tracking page for voice-extracted data
- Add comprehensive server-side logging in voice controller and service
- Log request type (Web Speech API vs MediaRecorder), input text/audio, GPT calls, and classification results
- Enable automatic form pre-filling when voice commands navigate to tracking pages
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Set continuous=true to keep listening through pauses
- Only process final results, ignore interim transcripts
- Add usesFallback check to route Web Speech API transcripts through classification
- Desktop now captures complete phrases before classification
- Add detailed logging for debugging recognition flow
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Remove temperature parameter from GPT-5-mini activity extraction (not supported)
- Add classification state to useVoiceInput hook to avoid duplicate API calls
- Prevent infinite loop in VoiceFloatingButton by tracking lastClassifiedTranscript
- Use classification from backend directly instead of making second request
- iOS Safari now successfully transcribes with Azure Whisper and classifies with GPT-5-mini
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add support for Azure OpenAI Whisper API for audio transcription
- Separate Whisper client for transcription and Chat client for activity extraction
- Auto-detect Azure vs standard OpenAI based on AZURE_OPENAI_ENABLED flag
- Use configured Azure deployments (whisper and gpt-5-mini)
- Add proper logging for service initialization
This fixes the "Audio transcription not yet implemented" error on iOS Safari
by enabling the already-configured Azure Whisper service.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Force MediaRecorder fallback for all iOS Safari devices
- Add iOS device detection to avoid Web Speech API on iOS
- Support multiple audio formats (webm, mp4, default) for compatibility
- Add comprehensive error logging throughout the flow
- Improve error messages with specific guidance for each error type
- Add console logging to track microphone permissions and recording state
- Better handling of getUserMedia permissions
This should help diagnose and fix the "Failed to recognize speech" error
by ensuring iOS Safari uses the MediaRecorder path with proper permissions.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Frontend changes:
- Add MediaRecorder fallback for iOS Safari (no Web Speech API support)
- Automatically detect browser capabilities and use appropriate method
- Add usesFallback flag to track which method is being used
- Update UI to show "Recording..." vs "Listening..." based on method
- Add iOS-specific indicator text
- Handle microphone permissions and errors properly
Backend changes:
- Update /api/v1/voice/transcribe to accept both audio files and text
- Support text-based classification (from Web Speech API)
- Support audio file transcription + classification (from MediaRecorder)
- Return unified response format with transcript and classification
How it works:
- Chrome/Edge: Uses Web Speech API for realtime transcription
- iOS Safari: Records audio with MediaRecorder, sends to server for transcription
- Fallback is transparent to the user with appropriate UI feedback
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add LOGIN_BIOMETRIC to AuditAction enum
- Import AuditAction and EntityType in AuthService
- Fix loginWithExternalAuth return type to match AuthResponse interface
- Update biometric API client to use correct response structure
- Update login page to access tokens from nested data structure
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add biometric authentication button with Face ID/Touch ID/Windows Hello support
- Check WebAuthn support and platform authenticator availability on mount
- Handle biometric login flow with proper error handling
- Show biometric button only when device supports it
- Add loading states and user-friendly error messages
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Create biometric API client with WebAuthn methods
- Add BiometricSettings component for credential management
- Support Face ID, Touch ID, Windows Hello enrollment
- Display list of enrolled credentials with metadata
- Add/remove/rename biometric credentials
- Check browser and platform authenticator support
- Integrate into settings page with animations
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Create webauthn_credentials table migration (V011)
- Add WebAuthnCredential entity for storing biometric credentials
- Implement BiometricAuthService with SimpleWebAuthn v13 API
- Add 8 biometric auth endpoints (register/verify/credentials/manage)
- Add loginWithExternalAuth method to AuthService for biometric login
- Support Face ID, Touch ID, Windows Hello, and Android biometrics
- Store challenges in-memory (can be moved to Redis in production)
- Include credential management (list, delete, rename)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Implements user interface for viewing and managing active sessions:
Session Management Features:
- SessionsManagement component with full session management UI
- List all active sessions with device information
- Platform-specific icons (Computer, Phone, Tablet)
- Current session indicator with green chip
- Session details: device fingerprint, platform, last used, created date
- Revoke individual sessions with confirmation dialog
- Revoke all sessions except current with bulk action
- Real-time session count display
User Experience:
- Visual device type indicators
- Human-readable time formatting (e.g., "2 hours ago")
- Current session clearly marked and protected from removal
- Warning dialogs before revoking sessions
- Success/error feedback with alerts
- Loading states for all operations
- Empty state handling
API Integration:
- Sessions API client in lib/api/sessions.ts
- Get all sessions
- Get session count
- Revoke specific session
- Revoke all sessions except current
- Proper error handling and user feedback
Settings Page Integration:
- Added Sessions Management section
- Placed after Security/MFA settings
- Animated transitions with staggered delays
- Maintains consistent settings page layout
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Implements MFA verification dialog for login flow:
MFA Verification Features:
- MFAVerificationDialog component for code entry
- TOTP code input (6-digit authenticator app code)
- Email code input with auto-send on dialog open
- Backup code support mentioned in help text
- Resend email code functionality
- Auto-focus on code input field
- Large, centered code input for easy entry
- Real-time validation (6-digit code required)
Login Flow Integration:
- Detect MFA requirement from login API error
- Show MFA dialog when MFA is enabled for user
- Handle MFA verification success with token storage
- Allow cancellation to retry login
- Seamless transition after successful verification
User Experience:
- Email codes sent automatically
- Visual feedback for code sending/verification
- Error alerts for invalid codes
- Loading states for all async operations
- Clean, focused dialog design
- Tip about backup codes
Implementation Details:
- Integrated with existing login page
- Error handling for MFA-required responses
- Token storage after MFA verification
- Navigation after successful MFA
- Support for both TOTP and Email MFA methods
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Implements device trust management with ability to view, trust, and remove devices:
Device Trust Features:
- DeviceTrustService for managing DeviceRegistry entries
- List all user devices with trust status
- List trusted devices only
- Trust/untrust specific devices
- Remove devices completely
- Remove all devices except current one
- Get device counts (total, trusted, untrusted)
- Device information includes fingerprint, platform, last seen, trust status
API Endpoints:
- GET /api/v1/auth/devices - List all user devices
- GET /api/v1/auth/devices/trusted - List trusted devices only
- GET /api/v1/auth/devices/count - Get device counts
- POST /api/v1/auth/devices/:deviceId/trust - Mark device as trusted
- DELETE /api/v1/auth/devices/:deviceId/trust - Revoke device trust
- DELETE /api/v1/auth/devices/:deviceId - Remove device completely
- DELETE /api/v1/auth/devices - Remove all devices except current
Implementation Details:
- Prevents removing current device (security)
- Warns when revoking trust from current device
- Cascade deletes refresh tokens when device is removed
- Marks current device for UI indication
- Orders devices by last seen (most recent first)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Implements user session management with ability to view and revoke active sessions:
Session Management Features:
- SessionService for managing refresh tokens as sessions
- List all active sessions with device information
- Revoke specific session by ID
- Revoke all sessions except current one
- Get active session count
- Session information includes device fingerprint, platform, last used, IP
API Endpoints:
- GET /api/v1/auth/sessions - List all user sessions
- DELETE /api/v1/auth/sessions/:sessionId - Revoke specific session
- DELETE /api/v1/auth/sessions - Revoke all sessions except current
- GET /api/v1/auth/sessions/count - Get active session count
Implementation Details:
- Joins RefreshToken with DeviceRegistry for device info
- Prevents revoking current session (use logout instead)
- Marks sessions as current for UI indication
- Orders sessions by creation date (newest first)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Implements TOTP (Google Authenticator) and Email-based MFA:
Backend Features:
- MFA database fields (mfa_enabled, mfa_method, totp_secret, backup_codes)
- V010 migration for MFA support
- MFAService with TOTP and Email MFA support
- QR code generation for Google Authenticator setup
- 10 backup codes per user (hashed storage)
- Email verification codes (6-digit, 5min expiry)
- MFA verification with backup code support
API Endpoints:
- GET /api/v1/auth/mfa/status
- POST /api/v1/auth/mfa/totp/setup
- POST /api/v1/auth/mfa/totp/enable
- POST /api/v1/auth/mfa/email/setup
- POST /api/v1/auth/mfa/email/send-code
- POST /api/v1/auth/mfa/verify
- DELETE /api/v1/auth/mfa
- POST /api/v1/auth/mfa/backup-codes/regenerate
Dependencies: otplib, qrcode
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Implemented comprehensive rate limiting for API security:
- Created custom Next.js-native rate limiter using in-memory store
- Added 5 rate limit configurations:
- authLimiter: 5 requests/15min for login/register/password-reset
- aiLimiter: 10 requests/hour for AI assistant queries
- trackingLimiter: 30 requests/min for activity tracking
- readLimiter: 100 requests/min for read-only endpoints
- sensitiveLimiter: 3 requests/hour for sensitive operations
- Applied rate limiting to endpoints:
- /api/auth/login, /api/auth/register, /api/auth/password-reset
- /api/ai/chat
- /api/tracking/feeding (GET and POST)
- Rate limit responses include standard headers:
- RateLimit-Limit, RateLimit-Remaining, RateLimit-Reset
- Retry-After header with seconds until reset
- Tested with 7 sequential requests - first 5 passed, last 2 blocked with 429
Note: Current implementation uses in-memory store. For production with
multiple instances, migrate to Redis-backed storage for distributed
rate limiting.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Changed network detection to only mark as offline on actual network errors,
not on HTTP errors like 404. This fixes the issue where the app shows
'You are offline' even when connected, which happens when accessing through
a reverse proxy where the /api/health endpoint might not be properly routed.
Now the app will show as online as long as it can reach the server
(any HTTP response), and only show offline on true connection failures.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Created /api/health endpoint that returns 200 OK to allow Redux
network detection middleware to properly check connectivity status.
Without this endpoint, the app was showing as offline even when
connected to the internet.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added Redux Provider to app layout and simplified Redux store to work
properly with Next.js SSR.
**Changes:**
- Added ReduxProvider wrapper to root layout (app/layout.tsx)
- Fixed ReduxProvider TypeScript type (React.ReactNode)
- Simplified store configuration by removing @redux-offline package
- Removed packages incompatible with SSR:
- @redux-offline/redux-offline
- redux-persist
- localforage
- Re-added NetworkStatusIndicator to main page (now works with Redux)
- Kept custom offline middleware and sync middleware for offline-first functionality
**Why:**
The @redux-offline package and localforage try to access browser APIs (IndexedDB,
localStorage) during SSR, causing "No available storage method found" errors.
Our custom offline middleware provides the same functionality without SSR issues.
**Result:**
Redux store now works correctly with:
- Network status detection
- Offline action queuing
- Custom sync middleware
- Activities and children slices with optimistic updates
Next step: Can add redux-persist back with proper SSR guards if needed.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
The NetworkStatusIndicator component requires Redux Provider to be set up,
which is not yet integrated in the app. Removed it from the main page to
prevent "could not find react-redux context value" errors.
NetworkStatusIndicator will be added back once Redux Provider is properly
configured in the app root.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Implemented React error boundaries to catch and handle errors gracefully:
**Core Error Handling Components:**
- Created ErrorBoundary class component with error catching and logging
- Created specialized fallback UIs (MinimalErrorFallback, DataErrorFallback,
ComponentErrorFallback, FormErrorFallback, ChartErrorFallback, ImageErrorFallback)
- Added withErrorBoundary HOC for easy component wrapping
- Created errorLogger service with Sentry integration placeholder
**Error Logging Service (errorLogger.ts):**
- Centralized error logging with severity levels (FATAL, ERROR, WARNING, INFO, DEBUG)
- Context enrichment (URL, userAgent, timestamp, environment)
- Local storage of last 10 errors in sessionStorage for debugging
- User context management (setUser, clearUser)
- Breadcrumb support for debugging trails
**App Integration:**
- Wrapped root layout with top-level ErrorBoundary for catastrophic errors
- Added NetworkStatusIndicator to main page for offline sync visibility
- Wrapped daily summary section with isolated DataErrorFallback
- Added error boundary to AI assistant page with ComponentErrorFallback
- Wrapped feeding tracking form with FormErrorFallback using withErrorBoundary HOC
- Protected analytics charts with isolated ChartErrorFallback boundaries
**Error Recovery Features:**
- Isolated error boundaries prevent cascade failures
- Retry buttons on all fallback UIs
- Error count tracking with user warnings
- Development-mode error details display
- Automatic error logging to service (when Sentry integrated)
Next: Integration with Sentry for production error tracking
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Backend changes:
- Add password reset token database migration (V011)
- Create email service with Mailgun integration (EU/US regions)
- Implement password reset flow with secure token generation
- Add email verification endpoints and logic
- Create beautiful HTML email templates for reset and verification
- Add password reset DTOs with validation
- Update User entity with email verification fields
Frontend changes:
- Create forgot password page with email submission
- Create reset password page with token validation
- Add email verification banner component
- Integrate verification banner into main dashboard
- Add password requirements and validation UI
Features:
- Mailgun API ready for EU and US regions
- Secure token expiration (1h for reset, 24h for verification)
- Rate limiting on resend (2min interval)
- Protection against email enumeration
- IP address and user agent tracking
- Token reuse prevention
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Fixed AI chat response display (response.data.data.message)
- Fixed onboarding to save children to database with validation
- Fixed AI conversation ID length (VARCHAR 30, nanoid 12)
- Added gender selection to onboarding
- All database migrations V001-V010 completed
- Backend: NestJS with Azure OpenAI integration
- Frontend: Next.js with Material-UI
- Docker: PostgreSQL, Redis, MongoDB, MinIO
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
