Replace the old float-right Show/Hide toggle button + separate collapsible
div with an inline caret-button heading inside a consistent section card
(bg-surface-100-900, border-error-400) — matching the recovery meetings v2
form style. All four forms updated: Post, Post Comment, Archive, Archive
Content. Existing class:hidden behaviour preserved so FormData is unaffected.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Admin Options are rarely changed; collapsing by default reduces visual
noise on the long edit form. Hidden inputs preserve status/enable/hide/
priority/sort/group values when the section is collapsed so a save never
silently resets admin fields.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add Save Changes button at top of form so users don't scroll to the
bottom to save; existing meetings only (mirrors v1 behaviour)
- Collapse Contact 2 subsection behind a toggle; auto-expands when the
meeting already has Contact 2 data saved
- Add hidden inputs when Contact 2 is collapsed so FormData preserves
existing contact info rather than overwriting with nulls on save
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- [post_id]/+page.ts: remove await on post load (same pattern as archives);
liveQuery renders immediately, replace error(404) with console.warn.
- ae_idaa_comp__post_options: add in-flight creating guard + spinner on Create
New Post button to prevent double-submit; remove ~15 lines of dead commented
code left over from previous refactors.
- ae_idaa_comp__post_obj_id_view: remove confirm() dialog before opening the
Add Comment form — no need to confirm an intent to type a comment.
- ae_idaa_comp__post_comment_obj_id_edit: remove redundant block that manually
injected post_id into the payload for new comments; post_id is already
handled correctly by the form payload builder.
- +page.ts: remove await on archive load so navigation is not blocked;
liveQuery renders from Dexie cache immediately, API result updates reactively.
Replace error(404) with console.warn — soft failure is correct for IDAA.
- ae_idaa_comp__archive_obj_li: add Create New Archive button (trusted+edit_mode
only) with in-flight spinner and creating guard to prevent double-submit.
Layout adjusted to justify-between to accommodate the new button.
- ae_idaa_comp__archive_content_obj_li: add Create New Archive Content button
with same spinner/guard pattern; pre-populates original_timezone from parent
archive so staff do not need to re-select it for every content item.
Two bugs fixed:
1. scroll_to handler scrolled to page top (0,0) instead of the iframe's
position in the Novi page. The iframe sits below Novi's own header/nav,
so the user ended up looking at the Novi header instead of the iframe
content after navigation. Fixed to use getBoundingClientRect() to scroll
to 20px above the iframe's actual document position. Also added the
missing scroll_to handler to idaa_novi_iframe_archives.html (it had none).
2. Parent URL not updating with event_id/post_id/archive_id on navigation.
Detail pages sent postMessage using $idaa_slct.<id> (the store), which
is still null at synchronous init time — the $effect that populates it
runs later. Fixed to read from data[data.account_id].slct.<id> directly
(set by the +page.ts load function from URL params before render).
Also added afterNavigate to idaa/+layout.svelte to send scroll_to on all
client-side navigations, covering cases the per-page blocks miss (e.g.
navigating back to the list view).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Previously, IDAA iframe access relied on trusting URL params (uuid, email,
full_name) passed from Novi — any 36-char string granted authenticated access
with no actual verification.
The (idaa)/+layout.svelte now performs an async Novi API call on every UUID
load to verify the UUID exists, fetches name/email directly from Novi (cannot
be spoofed via URL), and sets $idaa_loc.novi_verified on success.
All-or-nothing: if novi_idaa_api_key is absent or the call fails, access denied.
- ae_idaa_stores.ts: add novi_verified boolean field to idaa_loc
- (idaa)/+layout.svelte: async UUID verification with spinner to prevent
Access Denied flash; permission upgrade-only strategy preserved
- video_conferences/+page.svelte: skip duplicate Novi member details call if
layout already verified ($idaa_loc.novi_verified check)
- iframe HTML files: remove browser-side Novi API fetch and email/full_name
params; pass only uuid; add README/START/STOP/WARNING comments for client
staff; fix iframe-before-script DOM ordering bug
- documentation: CLIENT__IDAA_and_customized_mods.md updated with full
verification flow, site_cfg_json fields, permission table, access gate
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- ae_idaa_stores.ts: update default novi_admin_li UUID; add staff UUID to
novi_trusted_li hardcoded defaults.
- +layout.svelte (idaa): only overwrite admin/trusted lists from site_cfg_json
when the list is non-empty, so hardcoded defaults are never silently cleared.
Remove $ae_loc.iframe requirement for 'authenticated' access level — the
presence of a valid Novi UUID in the URL is sufficient proof regardless of
whether the iframe flag is set yet.
Disabled items are treated as functionally deleted for all end clients
(including Trusted Access staff). Only Manager + Edit Mode should see
Show/Hide Disabled controls — previously using administrator_access and
missing edit_mode gate in BB and archives.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add keyed {#each} to recovery meeting list and exhibit tracking list
to satisfy Svelte's each-block-key lint rule and ensure correct DOM
reconciliation on list updates
- Gate Zoom/Jitsi copy-to-clipboard buttons behind manager_access in
both the recovery meeting list view and single meeting detail view
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Updated V3 lookup API and core timezone loader to support the 'only_priority' flag.
- Enabled high-priority timezone filtering in IDAA Recovery Meeting and Archive editors to streamline selection lists.
Standardized access level hierarchy (super > manager > administrator > trusted) and added hierarchical comparison utilities to 'ae_util'.
Refactored IDAA layout to use an 'Upgrade-Only' permission strategy, preventing context-specific identifications from downgrading global Manager privileges.
Implemented strict gated filtering in the Journal Entry list: hidden and disabled items now correctly require both the appropriate hierarchical role (Trusted/Admin) AND active Edit Mode.
Implemented 'Meeting Name (A-Z)' and 'Meeting Name (Z-A)' sorting for Recovery Meetings, including UI dropdown updates and client-side re-sorting logic.
Updated documentation/GUIDE__DEVELOPMENT.md to v1.1 with clarified verification steps and inter-agent coordination protocols.
Minor label cleanup in Journal editor.
Updated '_process_generic_props' in multiple libraries to ensure 'updated' timestamp always falls back to 'created_on' or epoch start, preventing null values from breaking newest-first ordering in IndexedDB.
Aligned Recovery Meetings and Archives list views to use these pre-computed sort keys for consistent UI behavior even when 'updated_on' is null.
Aligned the Events Badges, Templates, and IDAA Bulletin Board modules with
Aether UI/UX v3 standards by prioritizing semantic String IDs (e.g., event_id,
badge_id) over legacy '_random' variants in API helpers, Dexie processors,
and UI components.
- Refactored badge and template loaders to use clean ID field names.
- Updated search and LiveQuery logic in badge management views.
- Cleaned up unused imports and legacy code in +layout and +page components.
- Standardized ID mapping in generic object processors.
- Improved IDAA post creation UX with autofocus and empty title defaults.
- Disabled redundant comment loading in BB Post list to eliminate '1+N' API request overhead.
- Fixed missing 'untrack' import in BB Post page.
- Refactored IDAA Archive and BB pages to use 'page.params' for robust Svelte 5 reactivity.
- Finalized root layout hydration guards to prevent infinite store synchronization loops.
- Forced priority archives to the top of the list.
- Implemented descending (DESC) sort by the 'sort' field within groups.
- Added a sort selector to the archive list component.
- Centralized sorting logic in-memory within LiveQuery for immediate reactivity.
- Resolved 'untrack is not defined' ReferenceError in Badge Detail page.
- Transitioned Badge, IDAA Archive, and Journal Entry pages to use page.params for robust reactivity.
- Implemented fallback semantic ID lookup for Badges to handle mixed ID formats in URLs.
- Added proper loading states to detail views to prevent 'No IDB record' flashes during hydration.
- Systematically audited and cleaned up duplicate 'untrack' imports across all Svelte files.
- Refactored layouts to derive account data from stable props instead of reactive stores.
- Wrapped store updates in untrack() with deep equality guards to prevent infinite re-renders.
- Resolved duplicate untrack declarations and missing imports across the project.
- Added fetch safeguards to Element_data_store to prevent redundant API calls.
- Standardized hydration patterns to break circular dependencies during initial load.
- Fixed 'Captured initial value' warnings in 65+ components by implementing
proper sync effects with 'untrack' and derived states.
- Hardened Event Settings JSON editors using a temporary string-buffer pattern
to safely decouple object-based data from CodeMirror's string requirements.
- Resolved strict TypeScript mismatches across core routes (Accounts, Sites, etc.)
and improved property indexing safety in views.
- Patched Flowbite-Svelte Drawer transitions for Svelte 5 compatibility using
prop spreading.
- Added comprehensive safety comments to high-risk reactivity blocks.
- Synchronized 'ae_types.ts' with V3 backend models.
- Updated 'create_event_file_obj_from_hosted_file_async' to use the modern V3 action endpoint.
- Standardized 'prevent_default' helper names in root Event and Archive components.
- Applied batch formatting (printWidth: 80) across the settings and events modules.
- Batch formatted all Recovery Meetings module files using Prettier with printWidth: 80.
- Refactored preventDefault to prevent_default in editor and search components.
- Standardized line breaks for long attribute lists and Svelte tags for better readability.
- Ensured consistent snake_case naming for internal identifiers.
- Systematically migrated from *_id_random to clean *_id fields in BB, People, and Posts modules.
- Synchronized Post_Comment interface with account_id for multi-tenant isolation.
- Applied optional chaining and local reactive state to harden async UI initialization.
- Refactored common helpers to follow snake_case naming conventions.
- Resolved various minor stability and logic issues across IDAA Bulletin Board.
- Refactored lq__post_obj_li to perform in-memory descending sort by updated_on/created_on.
- Ensured newest and recently modified posts appear at the top of the list.
- Hardened reactivity for Svelte 5 stability.
- Fixed 'post_id' missing error in comment creation by mapping to 'post_id_random'.
- Resolved infinite request loop in post view via untrack() optimization.
- Hardened all property accesses with optional chaining to prevent TypeErrors.
- Migrated comment editor to local reactive state for Svelte 5 stability.
- Refactored post visibility layer to use derived reactive filtering.
- Standardized ID mapping patterns across all BB components.
- Added optional chaining to 'Cancel Edit' button title attributes.
- Resolved persistent TypeError: can't access property 'full_name' on null.
- Ensured total UI stability during new comment initialization.
- Added optional chaining to all post_comment_obj property accesses.
- Resolved TypeError when clicking 'New Comment' button.
- Hardened UI stability for asynchronous data loading.
- Added optional chaining to all post_comment_obj property accesses.
- Resolved TypeError when clicking 'New Comment' button.
- Hardened UI stability for asynchronous data loading.
- Deleted redundant reactive trigger in post view component.
- Removed state-syncing side-effects from liveQuery derivation.
- Standardized log_lvl prop to resolve initialization crash.
- Optimized performance for single post loading.
- Added 'account_id_random' to persistent property list to fix local search isolation.
- Standardized search body and helpers to support mandatory x-account-id headers.
- Refactored LiveQuery to use synchronous dependency tracking ($derived.by) for reliable search updates.
- Broadened server-side search to handle inclusive OR logic on the client, preventing disappearing results.
- Updated task list with IDAA Recovery Meeting testing status.
- Resolved 400 Bad Request by whitelisting 'physical', 'virtual', and 'external_person_id' fields in backend searchable_fields.
- Broadened server-side search by removing restrictive AND filters for location types, moving the inclusive OR logic to the client-side filter layer.
- Hardened handle_search_refresh error handling to clear results on category filter changes (Type, Physical, Virtual) while maintaining flicker protection strictly for text search typing.
- Restored permissive visibility for Trusted users, allowing them to see hidden/disabled items regardless of Edit Mode.
- Optimized plural object loading in Archives and Events modules using concurrent Promise.all.
- Standardized ID handling across the search flow to prevent Dexie lookup failures.
- Finalized well-commented code across IDAA modules to document search strategies and workarounds.
