Add ability to replace a FeedSourceProvider at runtime and propagate
the new source to all active (and pending) user sessions, invalidating
their feed caches.
Co-authored-by: Ona <no-reply@ona.com>
* feat(backend): add admin plugin and create-admin script
Add Better Auth admin plugin for role-based user management.
Includes a CLI script to create admin accounts.
Co-authored-by: Ona <no-reply@ona.com>
* fix(backend): guard against missing BETTER_AUTH_SECRET
Co-authored-by: Ona <no-reply@ona.com>
---------
Co-authored-by: Ona <no-reply@ona.com>
* feat(backend): add DB persistence layer
Replace raw pg Pool with Drizzle ORM backed by Bun.sql.
Add per-user source configuration table (user_sources).
Migrate Better Auth to drizzle-adapter.
Add AES-256-GCM credential encryption.
Co-authored-by: Ona <no-reply@ona.com>
* fix(backend): set updatedAt explicitly in all mutations
onConflictDoUpdate bypasses Drizzle's $onUpdate hook.
Set updatedAt explicitly in all mutation methods.
Co-authored-by: Ona <no-reply@ona.com>
* fix(backend): add composite index on user_sources
Add (user_id, enabled) index for the enabled() query path.
Co-authored-by: Ona <no-reply@ona.com>
---------
Co-authored-by: Ona <no-reply@ona.com>
* feat(backend): make FeedSourceProvider async
Make feedSourceForUser and FeedSourceProviderFn return promises.
Use Promise.allSettled to tolerate partial provider failures.
Guard concurrent getOrCreate calls with in-flight promise dedup.
Return 503 from HTTP handlers when session creation fails.
Co-authored-by: Ona <no-reply@ona.com>
* fix(backend): handle remove() during in-flight session creation
Cancel pending getOrCreate when remove() is called mid-flight.
Destroy the resulting session to prevent it from leaking.
Co-authored-by: Ona <no-reply@ona.com>
---------
Co-authored-by: Ona <no-reply@ona.com>
* feat(client): wire up API client and react-query
Add ApiClient class, auth middleware placeholder, feed query,
and wrap the app in QueryClientProvider.
Co-authored-by: Ona <no-reply@ona.com>
* fix(client): append base url on api client req
Co-authored-by: Ona <no-reply@ona.com>
* fix(client): allow req middlewares to run on empty init
* fix(client): rm unused private route declr
* fix(client): handle empty url in client.request
Co-authored-by: ona-patrol <ona@nym.sh>
---------
Co-authored-by: Ona <no-reply@ona.com>
Co-authored-by: ona-patrol <ona@nym.sh>
Each FeedSource implementation now sets sourceId on items
it produces, allowing consumers to trace items back to
their originating source.
Co-authored-by: Ona <no-reply@ona.com>
Introduce Button.Icon to enforce consistent icon styling
(size, theme-aware color) instead of hardcoding Feather
props at each call site. Update showcase and json-render
registry to use it.
Co-authored-by: Ona <no-reply@ona.com>
* feat(client): add component library and simplify routing
Remove tab layout, explore page, modal, and unused template
components. Replace with single-page layout and a dev component
showcase with per-component detail pages.
- Add Button with label prop, leading/trailing icon support
- Add FeedCard, SerifText, SansSerifText, MonospaceText
- Add colocated *.showcase.tsx files for each component
- Use Stack navigator with themed headers
Co-authored-by: Ona <no-reply@ona.com>
* fix(client): render showcase as JSX component
Co-authored-by: Ona <no-reply@ona.com>
* chore(client): remove dead code chain
Remove ThemedText, useThemeColor, useColorScheme hook,
Colors, and Fonts — none referenced by current screens.
Co-authored-by: Ona <no-reply@ona.com>
---------
Co-authored-by: Ona <no-reply@ona.com>
* feat(backend): add GET /api/context endpoint
Query context values by key with exact/prefix match
support. Default mode tries exact first, falls back
to prefix.
Co-authored-by: Ona <no-reply@ona.com>
* fix(backend): validate context key element types
Reject booleans, nulls, and nested arrays in the key
param. Only string, number, and plain objects with
primitive values are accepted.
Co-authored-by: Ona <no-reply@ona.com>
---------
Co-authored-by: Ona <no-reply@ona.com>
Use mockAuthSessionMiddleware with a fully populated dev
user when NODE_ENV is not production. Auth handlers are
only registered in production.
Co-authored-by: Ona <no-reply@ona.com>
Rename all references across the codebase: package names,
imports, source IDs, directory names, docs, and configs.
Co-authored-by: Ona <no-reply@ona.com>
* feat(backend): add LLM-powered feed enhancement
Add enhancement harness that fills feed item slots and
generates synthetic items via OpenRouter.
- LLM client with 30s timeout, reusable SDK instance
- Prompt builder with mini calendar and week overview
- arktype schema validation + JSON Schema for structured output
- Pure merge function with clock injection
- Defensive fallback in feed endpoint on enhancement failure
- Skips LLM call when no unfilled slots or no API key
Co-authored-by: Ona <no-reply@ona.com>
* refactor: move feed enhancement into UserSession
Move enhancement logic from HTTP handler into UserSession so the
transport layer has no knowledge of enhancement. UserSession.feed()
handles refresh, enhancement, and caching in one place.
- UserSession subscribes to engine updates and re-enhances eagerly
- Enhancement cache tracks source identity to prevent stale results
- UserSessionManager accepts config object with optional enhancer
- HTTP handler simplified to just call session.feed()
Co-authored-by: Ona <no-reply@ona.com>
* test: add schema sync tests for arktype/JSON Schema drift
Validates reference payloads against both the arktype schema
(parseEnhancementResult) and the OpenRouter JSON Schema structure.
Catches field additions/removals or type changes in either schema.
Co-authored-by: Ona <no-reply@ona.com>
* refactor: rename arktype schemas to match types
Co-authored-by: Ona <no-reply@ona.com>
---------
Co-authored-by: Ona <no-reply@ona.com>
Context keys are now tuples instead of strings, inspired by
React Query's query keys. This prevents context collisions
when multiple instances of the same source type are registered.
Sources write to structured keys like
["aris.google-calendar", "nextEvent", { account: "work" }]
and consumers can query by prefix via context.find().
Co-authored-by: Ona <no-reply@ona.com>
Expose the user's current feed via GET /api/feed. Returns
cached feed from engine.lastFeed(), falling back to
engine.refresh() when no cache exists.
Auth middleware is injected as a dependency to allow test
substitution via mockAuthSessionMiddleware.
Co-authored-by: Ona <no-reply@ona.com>
Replace tRPC location.update mutation with POST /api/location
using Hono route + requireSession middleware. Extract auth
types (AuthUser, AuthToken) into auth/session.ts. Inject
sessionManager via Hono context local to location handlers.
Co-authored-by: Ona <no-reply@ona.com>
Use 'Source Serif 4' (with spaces) as the Android fontFamily
to match the iOS font metadata, avoiding Platform.select.
Co-authored-by: Ona <no-reply@ona.com>
Use the object syntax with fontFamily, weight, and style
for Android. iOS uses flat paths and reads metadata from
the font files directly.
Co-authored-by: Ona <no-reply@ona.com>
Bun symlinks in node_modules don't resolve on EAS builds.
Copy font files to assets/fonts/ and reference them directly.
Co-authored-by: Ona <no-reply@ona.com>
- Expo SDK 54 / React Native 0.81 with expo-router
- Tailscale devcontainer feature for direct device connectivity
- Dev proxy for React Native DevTools access over Tailscale
- EAS build configuration for development/preview/production
- Ona automation for Expo dev server
Co-authored-by: Ona <no-reply@ona.com>
Replace per-source services (LocationService, WeatherService,
TflService, FeedEngineService) with a single UserSessionManager
that owns all per-user state. Source creation is delegated to
thin FeedSourceProvider implementations per source type.
Co-authored-by: Ona <no-reply@ona.com>
Add listActions() and executeAction() to FeedSource for write
operations back to external services. Actions use arktype schemas
for input validation via StandardSchemaV1.
- ActionDefinition type with optional input schema
- FeedEngine routes actions with existence and ID validation
- Source IDs use reverse-domain format (aris.location, aris.tfl)
- LocationSource: update-location action with schema validation
- TflSource: set-lines-of-interest action with lineId validation
- No-op implementations for sources without actions
Co-authored-by: Ona <no-reply@ona.com>
Manage per-user WeatherSource instances via FeedSourceProvider,
following the same pattern as LocationService. Wire into
FeedEngineService so weather data is included in the feed.
Co-authored-by: Ona <no-reply@ona.com>
Manages per-user TflSource instances with individual line
configuration. Implements FeedSourceProvider so it can be
wired into FeedEngineService.
Adds TflSource.setLines() so line config can be mutated
in place, keeping engine references valid.
Also exports ITflApi from @aris/source-tfl for testability.
Co-authored-by: Ona <no-reply@ona.com>
Manages FeedEngine instances per user with auto-registration of
sources from FeedSourceProvider implementations.
- Add FeedSourceProvider interface
- Add FeedEngineService with providers array injection
- Update LocationService to implement FeedSourceProvider
Co-authored-by: Ona <no-reply@ona.com>
- Add @trpc/server, @hono/trpc-server, zod dependencies
- Create tRPC context with BetterAuth session
- Create router with publicProcedure and protectedProcedure
- Mount tRPC at /trpc/* via Hono adapter
Co-authored-by: Ona <no-reply@ona.com>
- Add LocationService to manage LocationSource per user
- Add UserNotFoundError for generic user-related errors
- updateUserLocation throws if source not initialized
Co-authored-by: Ona <no-reply@ona.com>
- Add apps/aris-backend package with Hono server
- Add /health endpoint
- Add backend-spec.md with design decisions
Co-authored-by: Ona <no-reply@ona.com>
