- Custom server (server.ts) wrapping Next.js + ws on same port
- Ticket-based auth: validates ephemeral nonce from /api/ws-ticket
- Origin validation against allowlist
- Session revalidation every 15 min (sends auth_expired, closes)
- Heartbeat every 30s (ping/pong, terminates dead connections)
- broadcastToUser() for API routes to notify connected clients
- Shared ticket store between API route and WS server via globalThis
- Health endpoint now reports active WS connections
- Dockerfile updated to use custom server
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Lists, Tasks, Tags CRUD endpoints with soft-delete
- Sync endpoints (GET since + POST batch with idempotency keys)
- WS ticket endpoint (ephemeral nonce, 30s TTL, single use)
- Auth middleware on all endpoints via getAuthenticatedUser()
- BOLA prevention: userId check on every entity operation
- Zod strict schemas for input validation
- Filters and sorting on task listing
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Logto config matching la-compagnie-maximus pattern
- API routes: sign-in, callback, sign-out
- Next.js middleware protecting all routes except /auth and /api
- Auth helper to extract userId (sub) from Logto context
- Login page with Compte Maximus branding
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Create src/shared/ with platform-agnostic types and helpers for
mobile/web code sharing. Add updatedAt to tags schema for sync.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Merge widget:tasks, widget:isDark, and widget:expandedTaskIds into a
single widget:state key to reduce AsyncStorage I/O from 3 reads to 1.
Add 2s debounce on TOGGLE_EXPAND to prevent double-tap from collapsing
the subtask list. Legacy keys are migrated on first read.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Long-press a subtask to edit its title inline. Tap X to delete
with confirmation. Tap still toggles completion.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace aggressive >=major overrides (picomatch>=4, brace-expansion>=2, etc.)
with npm audit fix which patches each dependency within its compatible semver
range: picomatch 2.3.2/3.0.2/4.0.4, brace-expansion 1.1.13/2.0.3/5.0.5,
undici 6.24.1, node-forge 1.4.0, tar 7.5.13, yaml 1.10.3/2.8.3.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Previous preview build (v1.2.5) used versionCode 5 via production
autoIncrement, but app.json was still at 4. Android refuses to install
an APK with a lower versionCode than the currently installed one.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add safety limit of 30 rendered tasks in the widget to avoid Android
memory constraints. Also add cross-reference comment for the implicit
AsyncStorage coupling with useSettingsStore.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Change default widgetPeriodWeeks from 2 to 0 (all tasks) so that the
issue is resolved out of the box without requiring the user to discover
the new setting.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Instead of removing the time filter entirely, let users choose the
widget display period (1 week, 2 weeks, 4 weeks, or all tasks) from
Settings. Default remains 2 weeks for backward compatibility.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Remove the 2-week date filter from widget task query so tasks with
distant due dates are included. Remove the maxItems truncation from
the scrollable ListWidget so the displayed list matches the counter.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Replace `finally` with `catch` in [id].tsx handleSave so goBack is
not called when updateTask/setTagsForTask fails
- Extract shared goBack helper into src/lib/navigation.ts
- Both [id].tsx and new.tsx now import goBack from the shared module
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace all router.back() calls with a goBack() helper that checks
router.canGoBack() first and falls back to router.replace('/') when
there is no screen to return to. In the task edit screen, change
catch to finally so the save button always resets its disabled state
even if updateTask/setTagsForTask throws.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The ListWidget (Android ListView) introduced for scrolling takes all
available vertical space, pushing the footer add button off-screen.
Move the + button into the header row where it remains always visible
regardless of the task list scroll state.
Related to #19
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add asc(tasks.completed) as the primary sort key in getOrderClauses()
so completed tasks always appear after active ones regardless of the
chosen sort mode (position, priority, dueDate, title, createdAt).
Also apply the same completed-first ordering to:
- getSubtasks() in tasks.ts
- noDateTasks query in widgetSync.ts
- subtasks query in widgetSync.ts
Ref: simpl-liste#15
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The transitive dependency chain drizzle-kit -> @esbuild-kit/esm-loader ->
@esbuild-kit/core-utils pulled in esbuild@0.18.20 which is vulnerable to
GHSA-67mh-4wv8-2f99. Adding an npm override forces all nested esbuild
instances to use ^0.25.0, resolving all 4 moderate audit findings.
Ref: simpl-liste#16
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace FlexWidget with ListWidget for the task list in medium and
large home screen widgets, enabling scroll when items exceed the
widget display area.
Fixes#11
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Buttons (X, back, save, delete, export) had ~28px hit areas,
causing missed taps. Increased padding to p-2.5 + hitSlop for
~44px touch targets. Bump version to 1.2.4.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace manual keyboard listeners and RN KeyboardAvoidingView with
react-native-keyboard-controller which handles edge-to-edge correctly.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
KeyboardAvoidingView does not work with edgeToEdgeEnabled on Android.
New approach: listen to Keyboard events, dynamically set spacer height
to actual keyboard height, and scrollToEnd when subtask input is focused.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
edge-to-edge mode disables classic adjustResize, so behavior must be
"padding" on both platforms to push content above the keyboard.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
