Implements full regulatory compliance for data privacy and child protection:
**GDPR Compliance (Right to Data Portability & Right to Erasure):**
- Data export API endpoint (GET /compliance/data-export)
- Exports all user data across 7 entities in JSON format
- Account deletion with 30-day grace period
- POST /compliance/request-deletion
- POST /compliance/cancel-deletion
- GET /compliance/deletion-status
- Scheduled job runs daily at 2 AM to process expired deletion requests
- Audit logging for all compliance actions
**COPPA Compliance (Children's Online Privacy Protection):**
- Age verification during signup (blocks users under 13)
- Parental consent requirement for users 13-17
- Database fields: date_of_birth, coppa_consent_given, parental_email
- Audit logging for consent events
**Technical Implementation:**
- Created ComplianceModule with service, controller, scheduler
- V015 migration: deletion_requests table
- V016 migration: COPPA fields in users table
- Updated User entity and RegisterDto
- Age calculation helper in AuthService
- Installed @nestjs/schedule for cron jobs
All endpoints secured with JwtAuthGuard. Backend compiles with 0 errors.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
## Backend Changes
- Update tracking.service.ts getDailySummary to calculate actual counts
- Import ActivityType enum for proper type comparisons
- Calculate feedingCount, sleepTotalMinutes, diaperCount, medicationCount
- Sleep duration now correctly calculated from startedAt/endedAt timestamps
## Frontend API Changes
- Add medicationCount to DailySummary interface
- Extract endTime from metadata and send as endedAt to backend
- Enables proper sleep duration tracking with start/end times
## Homepage Updates
- Add Medicine and Activities quick action buttons
- Update summary grid from 3 to 4 columns (responsive layout)
- Add medication count display with MedicalServices icon
- Improve grid responsiveness (xs=6, sm=3)
- Replace Analytics button with Activities button
## New Activities Page
- Create /activities page to show recent activity history
- Display last 7 days of activities with color-coded icons
- Show smart timestamps (Today/Yesterday/date format)
- Activity-specific descriptions (feeding amount, sleep duration, etc.)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Fixed environment variable names in embeddings.service.ts to match .env configuration
(AZURE_OPENAI_EMBEDDINGS_API_KEY, AZURE_OPENAI_EMBEDDINGS_ENDPOINT, etc.)
- Applied V014 database migration for conversation_embeddings table with pgvector support
- Fixed test script to remove unsupported language parameter from chat requests
- Created test user in database to satisfy foreign key constraints
- All 6 embeddings tests now passing (100% success rate)
Test results:
✅ Health check and embedding generation (1536 dimensions)
✅ Conversation creation with automatic embedding storage
✅ Semantic search with 72-90% similarity matching
✅ User statistics and semantic memory integration
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Voice command improvements:
- Auto-start listening when voice dialog opens (removes extra tap/click)
- Added Activity option to unknown intent dialog
- Users can now speak immediately after clicking the mic button
Desktop navigation:
- Added Home icon button in top bar/header for quick navigation to main page
- Positioned between app title and user avatar
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added new tracking pages:
- Medicine tracker: track medication name, dosage, unit, route, and reason
- Activity tracker: track play, exercise, walks, music, reading, tummy time, etc.
- Both pages follow existing tracker patterns with recent activities list
Voice command improvements:
- Updated voice classification to support medicine and activity types
- Added detailed extraction fields for medicine (medicineName, dosage, unit, route, reason)
- Added detailed extraction fields for activity (activityType, duration, description)
- Enhanced unknown intent dialog with manual tracker selection
- Updated tracker options to match implemented pages (removed milestone)
Backend changes:
- Added MEDICINE and ACTIVITY to ActivityType enum
- Created migration V013 to add medicine/activity to database CHECK constraint
- Updated voice service prompts to include medicine and activity extraction
Frontend changes:
- Created /track/medicine page with full CRUD operations
- Created /track/activity page with full CRUD operations
- Added Medicine card to /track page with MedicalServices icon
- Updated VoiceFloatingButton unknown dialog with 4 tracker options
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Implemented complete review/edit workflow for voice commands with ML feedback collection:
**Backend:**
- Created V012 migration for voice_feedback table with user action tracking
- Added VoiceFeedback entity with approval/edit/reject actions
- Implemented voice feedback API endpoint (POST /api/v1/voice/feedback)
- Fixed user ID extraction bug (req.user.userId vs req.user.sub)
**Frontend:**
- Built VoiceActivityReview component with field-specific editors
- Integrated review dialog into voice command workflow
- Added approve/edit/reject handlers with feedback submission
- Fixed infinite loop by tracking processed classification IDs
**Features:**
- Users can review AI-extracted data before saving
- Quick-edit capabilities for all activity fields
- Feedback data stored for ML model improvement
- Activity creation only happens after user approval/edit
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Backend changes:
- Update LLM prompt to use correct field names matching frontend interfaces
- Use 'diaperType' instead of 'type' for diaper activities
- Use 'feedingType' instead of 'method' for feeding activities
- Simplify sleep structure (duration, quality, location only)
Frontend changes:
- Add processedClassificationId tracking to prevent infinite loop
- Create unique ID for each classification to avoid duplicate processing
- Reset processed ID when dialog opens/closes or new recording starts
This fixes the issue where voice commands created multiple duplicate
activities and had mismatched data structures causing tracker warnings.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Fix login endpoint to return families as array of objects instead of strings
- Update auth interface to match /auth/me endpoint structure
- Add silence detection to voice input (auto-stop after 1.5s)
- Add comprehensive status messages to voice modal (Listening, Understanding, Saving)
- Unify voice input flow to use MediaRecorder + backend for all platforms
- Add null checks to prevent tracking page crashes from invalid data
- Wait for auth completion before loading family data in HomePage
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Replace navigation to pre-filled forms with direct API activity creation
- Fetch children from family and use first child (can be enhanced for name matching)
- Show success/error messages with proper feedback
- Auto-close dialog after successful save
- Add test endpoint /api/v1/voice/test-classify for easy testing
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add URL parameter reading to diaper tracking page for voice-extracted data
- Add comprehensive server-side logging in voice controller and service
- Log request type (Web Speech API vs MediaRecorder), input text/audio, GPT calls, and classification results
- Enable automatic form pre-filling when voice commands navigate to tracking pages
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Remove temperature parameter from GPT-5-mini activity extraction (not supported)
- Add classification state to useVoiceInput hook to avoid duplicate API calls
- Prevent infinite loop in VoiceFloatingButton by tracking lastClassifiedTranscript
- Use classification from backend directly instead of making second request
- iOS Safari now successfully transcribes with Azure Whisper and classifies with GPT-5-mini
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add support for Azure OpenAI Whisper API for audio transcription
- Separate Whisper client for transcription and Chat client for activity extraction
- Auto-detect Azure vs standard OpenAI based on AZURE_OPENAI_ENABLED flag
- Use configured Azure deployments (whisper and gpt-5-mini)
- Add proper logging for service initialization
This fixes the "Audio transcription not yet implemented" error on iOS Safari
by enabling the already-configured Azure Whisper service.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Frontend changes:
- Add MediaRecorder fallback for iOS Safari (no Web Speech API support)
- Automatically detect browser capabilities and use appropriate method
- Add usesFallback flag to track which method is being used
- Update UI to show "Recording..." vs "Listening..." based on method
- Add iOS-specific indicator text
- Handle microphone permissions and errors properly
Backend changes:
- Update /api/v1/voice/transcribe to accept both audio files and text
- Support text-based classification (from Web Speech API)
- Support audio file transcription + classification (from MediaRecorder)
- Return unified response format with transcript and classification
How it works:
- Chrome/Edge: Uses Web Speech API for realtime transcription
- iOS Safari: Records audio with MediaRecorder, sends to server for transcription
- Fallback is transparent to the user with appropriate UI feedback
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add LOGIN_BIOMETRIC to AuditAction enum
- Import AuditAction and EntityType in AuthService
- Fix loginWithExternalAuth return type to match AuthResponse interface
- Update biometric API client to use correct response structure
- Update login page to access tokens from nested data structure
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Create webauthn_credentials table migration (V011)
- Add WebAuthnCredential entity for storing biometric credentials
- Implement BiometricAuthService with SimpleWebAuthn v13 API
- Add 8 biometric auth endpoints (register/verify/credentials/manage)
- Add loginWithExternalAuth method to AuthService for biometric login
- Support Face ID, Touch ID, Windows Hello, and Android biometrics
- Store challenges in-memory (can be moved to Redis in production)
- Include credential management (list, delete, rename)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Implements device trust management with ability to view, trust, and remove devices:
Device Trust Features:
- DeviceTrustService for managing DeviceRegistry entries
- List all user devices with trust status
- List trusted devices only
- Trust/untrust specific devices
- Remove devices completely
- Remove all devices except current one
- Get device counts (total, trusted, untrusted)
- Device information includes fingerprint, platform, last seen, trust status
API Endpoints:
- GET /api/v1/auth/devices - List all user devices
- GET /api/v1/auth/devices/trusted - List trusted devices only
- GET /api/v1/auth/devices/count - Get device counts
- POST /api/v1/auth/devices/:deviceId/trust - Mark device as trusted
- DELETE /api/v1/auth/devices/:deviceId/trust - Revoke device trust
- DELETE /api/v1/auth/devices/:deviceId - Remove device completely
- DELETE /api/v1/auth/devices - Remove all devices except current
Implementation Details:
- Prevents removing current device (security)
- Warns when revoking trust from current device
- Cascade deletes refresh tokens when device is removed
- Marks current device for UI indication
- Orders devices by last seen (most recent first)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Implements user session management with ability to view and revoke active sessions:
Session Management Features:
- SessionService for managing refresh tokens as sessions
- List all active sessions with device information
- Revoke specific session by ID
- Revoke all sessions except current one
- Get active session count
- Session information includes device fingerprint, platform, last used, IP
API Endpoints:
- GET /api/v1/auth/sessions - List all user sessions
- DELETE /api/v1/auth/sessions/:sessionId - Revoke specific session
- DELETE /api/v1/auth/sessions - Revoke all sessions except current
- GET /api/v1/auth/sessions/count - Get active session count
Implementation Details:
- Joins RefreshToken with DeviceRegistry for device info
- Prevents revoking current session (use logout instead)
- Marks sessions as current for UI indication
- Orders sessions by creation date (newest first)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Implements TOTP (Google Authenticator) and Email-based MFA:
Backend Features:
- MFA database fields (mfa_enabled, mfa_method, totp_secret, backup_codes)
- V010 migration for MFA support
- MFAService with TOTP and Email MFA support
- QR code generation for Google Authenticator setup
- 10 backup codes per user (hashed storage)
- Email verification codes (6-digit, 5min expiry)
- MFA verification with backup code support
API Endpoints:
- GET /api/v1/auth/mfa/status
- POST /api/v1/auth/mfa/totp/setup
- POST /api/v1/auth/mfa/totp/enable
- POST /api/v1/auth/mfa/email/setup
- POST /api/v1/auth/mfa/email/send-code
- POST /api/v1/auth/mfa/verify
- DELETE /api/v1/auth/mfa
- POST /api/v1/auth/mfa/backup-codes/regenerate
Dependencies: otplib, qrcode
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Backend changes:
- Add password reset token database migration (V011)
- Create email service with Mailgun integration (EU/US regions)
- Implement password reset flow with secure token generation
- Add email verification endpoints and logic
- Create beautiful HTML email templates for reset and verification
- Add password reset DTOs with validation
- Update User entity with email verification fields
Frontend changes:
- Create forgot password page with email submission
- Create reset password page with token validation
- Add email verification banner component
- Integrate verification banner into main dashboard
- Add password requirements and validation UI
Features:
- Mailgun API ready for EU and US regions
- Secure token expiration (1h for reset, 24h for verification)
- Rate limiting on resend (2min interval)
- Protection against email enumeration
- IP address and user agent tracking
- Token reuse prevention
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
