- Fix download button to use hosted_file_id instead of id (which resolved
to event_file_id via _process_generic_props, hitting the wrong endpoint)
- Fix Dexie file table query in event_file_obj_tbl_wrapper to use _id
fields (the indexed ones) instead of _id_random variants
- Remove _random fields from properties_to_save in event, event_session
- Drop _id_random fallbacks from launcher device ID resolution and
background sync heartbeat
- Clean up dead comments and old FA anchor in post edit component
- Update TODO__Agents.md: BGH section removed, CMSC/Axonius shows added,
download button fix marked complete
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Add anonymous/auth/trusted search constraints to BadgesRemoteCfg with
conservative defaults (anon: 15 results / 3 chars, auth: 25 / 2,
trusted+: 150 / 1). Configurable per event via mod_badges_json.
- BadgesRemoteCfg + BadgesLocState: 6 new fields with defaults
- sync_config__event_badges: mirrors new fields from mod_badges_json
- +page.svelte: effective_search_limits derived by tier using $ae_loc
cumulative flags; enforces min_chars guard and result cap on both
local IDB path and API call
- ae_comp__badge_search: effective_min_chars derived same way; blocks
search trigger below threshold; shows dynamic hint text
- Fallback broad search (SCENARIO 2) suppressed for non-trusted users
so no results show on page load without a query
- config/+page.svelte: Search Limits section with 3-column number
inputs (Anonymous / Auth / Trusted+) for result limit and min chars
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Remove show__launcher_link_legacy from PressMgmtRemoteCfg, PresMgmtLocState, and
pres_mgmt_loc_defaults — the Flask/legacy launcher is retired
- Sync function now hardcodes hide__launcher_link_legacy=true (always hidden)
- Config page: back button to pres_mgmt, save buttons disabled until changes made
- Fix {#each} key expressions in config page
- Migrate e_app_access_type and element_manage_event_file_li to pres_mgmt_loc store
- Add temporary svelte type augments file (src/types/)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Replaces untyped $events_loc.pres_mgmt (svelte-persisted-store) with a
dedicated pres_mgmt_loc (runed PersistedState) backed by a fully typed
PresMgmtLocState interface and PressMgmtRemoteCfg for the server-side JSON.
Key changes:
- ae_events_stores__pres_mgmt_defaults.ts: canonical interfaces + defaults
covering all hide__/show__ fields, labels, report prefs, query filters,
and lock_config sync fields; qry_enabled uses 'not_enabled' (matches API)
- ae_events_stores__pres_mgmt.svelte.ts: new PersistedState store
- ae_events__event.ts: sync_config__event_pres_mgmt() rewired to write
directly to pres_mgmt_loc.current; launcher link inversion preserved
- All 26+ pres_mgmt templates migrated from $events_loc.pres_mgmt.* to
pres_mgmt_loc.current.*
- New config UI at (pres_mgmt)/pres_mgmt/config/ — manager + edit mode only
- Event settings page: removed embedded pres_mgmt form, links to config page
- event_page_menu: Config button visible only when manager_access + edit_mode
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Backend updated (2026-03-31) to return default_qry_str in event API responses.
Frontend now stores it via properties_to_save and searches it in both the local
Dexie fast-path filter and the secondary post-API client filter. Previously, the
server searched default_qry_str (e.g. day-of-week, recurring_text) while the
client only checked name/description/location_text -- causing local results to
drop valid matches on revalidation (e.g. searching 'Thursday').
Also adds TODO note to audit other event search pages for the same mismatch.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
ae_events__event.ts: Add legacy flat address fields (address_name,
address_line_1, address_city, etc.) to properties_to_save. Events
predating location_address_json still return these flat fields from
the API; they must survive an IDB round-trip without being stripped
by _process_generic_props, or the edit form's fallback reads return
undefined.
launcher_background_sync.svelte:
- Move file_sync interval into loop_info $state alongside other
intervals; load from cfg/device config with fallback (30 s). Keeps
all intervals in one place for UI display consistency.
- Align onMount fallback values to match loop_info defaults.
- Add sync_paused mid-loop break: long sync cycles now honour a pause
request per-iteration rather than waiting for the entire batch.
Implemented explicit 'enabled' and 'hidden' parameter support in the Event data layer ('load_ae_obj_id__event').
Updated the Events Launcher layout and background sync engine to proactively fetch all enabled locations (including hidden ones), ensuring the room select list is complete and stays updated.
Refined 'launcher_file_cont.svelte' to only display native-specific file opening instructions when 'app_mode' is 'native'.
Updated AGENT_TODO.md to reflect task completion and new priorities.
- Added 'account_id_random' to persistent property list to fix local search isolation.
- Standardized search body and helpers to support mandatory x-account-id headers.
- Refactored LiveQuery to use synchronous dependency tracking ($derived.by) for reliable search updates.
- Broadened server-side search to handle inclusive OR logic on the client, preventing disappearing results.
- Updated task list with IDAA Recovery Meeting testing status.
- Resolved 400 Bad Request by whitelisting 'physical', 'virtual', and 'external_person_id' fields in backend searchable_fields.
- Broadened server-side search by removing restrictive AND filters for location types, moving the inclusive OR logic to the client-side filter layer.
- Hardened handle_search_refresh error handling to clear results on category filter changes (Type, Physical, Virtual) while maintaining flicker protection strictly for text search typing.
- Restored permissive visibility for Trusted users, allowing them to see hidden/disabled items regardless of Edit Mode.
- Optimized plural object loading in Archives and Events modules using concurrent Promise.all.
- Standardized ID handling across the search flow to prevent Dexie lookup failures.
- Finalized well-commented code across IDAA modules to document search strategies and workarounds.
- Standardized Event module logic files to strictly use random string IDs, ensuring frontend consistency and avoiding 'Integer Trap' 404s.
- Refactored 'ae_comp__event_session_alert.svelte' to accept a plain object instead of a store/observable, resolving the 'store_invalid_shape' error in list loops.
- Updated all callers of the alert component to pass unwrapped session objects.
- Cleaned up event-related UI components to remove redundant '_random' field lookups and align with V3 CRUD patterns.
- Updated project metadata (GEMINI.md, TODO.md) to reflect the new memory structure and latest hardened state.
- Refactored lookup_site_domain_v3 to be cache-first, unblocking root layout.
- Implemented Stale-While-Revalidate (SWR) pattern for load_ae_obj_id__event.
- Added global hydration overlay and loading spinner to +layout.svelte.
- Updated site domain whitelist to persist critical account/styling metadata in Dexie.
- Refactored root load function to return immediately if cached site data is found.
- Hardened 'find_object_id' in Dexie to support 'event_' prefixed IDs.
- Implemented singleton 'LauncherBackgroundSync' in root launcher layout.
- Added V3-compliant heartbeat and room refresh cycles.
- Fixed redundant component imports and Skeleton UI prop errors.
- Added 'inc_file_li' support to event API loader.
- Implemented aggressive room-wide background caching engine in LauncherBackgroundSync.svelte.
- Added inc_file_li and inc_all_file_li support to Event and Event Location object loaders for total room coverage.
- Switched to proven V1 download path (/hosted_file/) to resolve V3 CRUD binary delivery issues.
- Optimized Electron bridge with download locking and flat-hash storage matching legacy 'perfect' logic.
- Standardized all Electron IPC methods and parameters to snake_case.
- Added visual sync progress indicator for room caching status.
- Simplified limit logic in search__event and qry_ae_obj_li__event_v2 to use the passed value directly.
- Added .slice(0, limit) to filtered results in Event module to handle over-fetching correctly.
- Explicitly passed the qry__limit from idaa_loc to the meeting list components.
- Applied .limit() to the Dexie liveQuery in the meeting list wrapper.
- Updated the UI result count and loop to strictly adhere to the requested limit.
- Restored legacy query aliases (qry_ae_obj_li__event, qry__event_file, etc.) across Event modules to fix build errors.
- Fixed Hosted File deletion logic in core__hosted_files.ts to use specialized /hosted_file/{id} endpoint with fake_delete support.
- Standardized ID field usage (hosted_file_id vs hosted_file_id_random) in Archive Content and Event File upload components.
- Updated TODO.md to reflect completed search restoration tasks.
- Backend: Updated `search__event` in `ae_events__event.ts` to populate `params['lk_qry']`.
- Logic: Used `like` operator with wildcards for `default_qry_str` in `search_query` to match `event_session` pattern.
- Context: This fixes the text search in IDAA Recovery Meetings by ensuring the backend receives the expected V3 search parameters.
- Backend: Added V3-compliant `search__event` to `ae_events__event.ts` with support for `default_qry_str`.
- Backend: Removed accidental duplicate `qry_ae_obj_li__event_v2` implementation.
- API: Exported `search__event` from `ae_events_functions.ts`.
- Frontend: Updated `recovery_meetings/+page.svelte` to use the new `search__event` function.
- Search Hardening: Implemented 'Inclusive OR' logic for physical/virtual filters and restored robust full-text search using 'default_qry_str' with wildcards.
- Crash Fix: Added null checks for 'contact_li_json' in meeting detail view to prevent TypeError.
- ID Stability: Enhanced 'core__idb_dexie.ts' to support 'id_random' mapping and fixed misleading save logging.
- Reliability: Both V2 and V3 search paths now consistently return processed objects with standardized IDs.
- IDAA Isolation: Created using legacy V2 endpoints and for Recovery Meetings stability.
- V3 Refinement: Implemented 'Body + Header' injection in to fix 'Integer Trap' while maintaining Auth scope.
- API Upgrade: Enhanced to support custom headers.
- Docs: Updated migration guide and development history with final isolation strategy.
Restored the use of 'for_obj_type' and 'for_obj_id' URL parameters for the 'event/search' endpoint. The backend permission middleware requires these URL parameters to validate the API Key scope for the Event object, whereas body-only injection (used in Archives/Posts) was causing a 403 Forbidden error for Events.
- Implemented Structured Error Handling across GET/POST/PATCH helpers to extract rich V3 error metadata.
- Added direct localStorage fallback for JWT detection to resolve race conditions during initial page load.
- Fixed async race condition in Archives leading to 'archive_content_li is undefined' crash.
- Hardened generic object processor to handle non-array API responses gracefully.
- Resolved zero-result bug in Event Search by using raw 'account_id_random' to bypass backend mapping conflicts.
- Isolated bootstrap headers in +layout.ts and removed invalid response headers from request config.
- Enhanced /testing dashboard with live header inspection and V3 hardening audits.
- Resolved 'Ghost Account' warning by updating layout hydration to align with V3 ID Vision (account_id vs account_id_random).
- Improved site lookup reliability using Agent API Key and structured EQ filters for exact FQDN matching (including ports).
- Modernized PWA manifest with maskable icons (PNG/WebP), app shortcuts, and unique installation IDs.
- Implemented automatic Electron 'Native' mode detection in root layout.
- Fixed stale API URLs in Launcher native file download logic.
- Added V3 migration documentation and JWT verification test scripts.
- Added /manifest.webmanifest server-side route.
- Implemented hostname-based branding lookup using Agent API Key.
- Updated app.html to use the dynamic manifest route.
- Added manifest verification tool to the System Testing dashboard.
- Core: Use FormData in video clip components to fix EventTarget errors.
- DB: Rename 'File' to 'ae_LocalFile' in db_core to prevent DOM type shadowing.
- API: Strictly type 'order_by_li' across archives, events, and journals to match API definition.
- API: Fix 'enabled'/'hidden' parameter types in search functions.
- Generics: Add 'any' cast to 'processed_obj' in generic processors to fix indexing errors.
- Journals: Update journal_entry creation to return null on failure, fix missing ID fields in DB save.
- Update ae_types.ts with joined fields for deep layout loading
- Fix OrderBy vs OrderBy[] type mismatch in API v2/v3 and generic CRUD
- Apply 'as const' to order_by_li defaults in core/event libraries
- Resolve type errors in reports_presenters and reports_files Svelte components
- Implement new Svelte 5 Person, Address, and Contact form components with surgical payload logic.
- Refactor core routes (People, Addresses, Contacts) to support unified Create/Edit workflows.
- Update ae_types.ts, db_core.ts, and db_journals.ts to align with V3 backend object models.
- Fix type safety issues in Journal history views and refine metadata display.
- Migrate person core functions to the newer ae_core__person module.
- Restored sync_config__event_pres_mgmt in ae_events__event.ts to resolve import errors.
- Removed unused OpenAI import in journal entry view.
- Removed unused Html5QrcodeScannerState import in QR scanner component.
- Improved build consistency for staging and production environments.
- Updated ae_types.ts with ae_Event, ae_EventBadge, and ae_EventBadgeTemplate interfaces.
- Standardized return types (Promise<ae_Event[]>, etc.) for all core loading and CRUD functions in Events module.
- Integrated triple-ID patterns for Dexie and V3 API parity in event-related objects.
- Cleaned up local interface redundancies in favor of unified imports.
- Resolved Svelte 5 / SvelteKit SSR errors by adding browser checks for window.postMessage and Dexie database operations
- Prevented side effects on global state during detail page preloading by refactoring people/[person_id]/+page.ts to use shallow copies
- Implemented full V3 CRUD support, detail pages, and editable_fields for Address and Contact modules
- Enhanced Event and Post search to support filtering by person_id, enabling real related data in the Person detail view
- Fixed missing onMount import in Person detail component
- Restored 'conference' search filter in ae_events__event.ts (now supported by backend)
- Maintained local filtering as a safety fallback
- Finalized Bulletin Board (Posts) V3 migration
- Added editable_fields for all remaining IDAA-related core objects
- Implemented workaround for 'conference' field search restriction in V3 by using local filtering
- Optimized post_object to stop retrying on 4xx client errors (400, 401, 403)
- Migrated Archives and Event/Recovery Meeting modules to Aether API CRUD V3
- Added editable_fields definitions for Archive and Archive Content objects
- Implemented a whitelist for editable fields for the 'event' object type to prevent sending read-only fields in POST/PATCH requests.
- Created a new file to define the editable fields.
- Modified and to use this whitelist.
- Removed the temporary cleaning logic from the event settings page.
- Corrected Svelte 5 to in event settings components.
- Updated Dexie interfaces for badge, badge_template, and device to use string IDs.
Migrated the ESLint configuration to the new flat config format ()
and addressed several initial linting errors.
Key changes include:
- Updated ESLint configuration to treat as warnings instead of errors.
- Fixed errors in by declaring and .
- Corrected error in by using instead of an out-of-scope .
- Resolved error in by replacing the undefined directive with the component.
- Addressed errors in by replacing with and with .
- Fixed errors in by importing necessary modules (, , ) and adding missing props (, , , , ).
