feat: runtime provider hotswap

Add ability to replace a FeedSourceProvider at runtime and propagate
the new source to all active (and pending) user sessions, invalidating
their feed caches.

Co-authored-by: Ona <no-reply@ona.com>

.claude/skills/gpg-commit-signing/SKILL.md

@@ -0,0 +1,43 @@
+---
+name: gpg-commit-signing
+description: Sign git commits with GPG in non-interactive environments. Use when committing code and the `GPG_PRIVATE_KEY_PASSPHRASE` environment variable is available. Triggers on "commit", "sign commit", "GPG", "git commit -S", or any git operation requiring signed commits.
+---
+
+# GPG Commit Signing
+
+Sign commits in headless/non-interactive environments where `/dev/tty` is unavailable.
+
+## Workflow
+
+1. Check whether `GPG_PRIVATE_KEY_PASSPHRASE` is set:
+
+   ```bash
+   test -n "$GPG_PRIVATE_KEY_PASSPHRASE" && echo "available" || echo "not set"
+   ```
+
+   If not set, skip signing — commit without `-S`.
+
+2. Try a direct signed commit first — the environment may already have loopback pinentry configured:
+
+   ```bash
+   git commit -S -m "message"
+   ```
+
+   If this succeeds, no further steps are needed.
+
+3. If step 2 fails with a `/dev/tty` error, use `--pinentry-mode loopback` via a wrapper script:
+
+   ```bash
+   printf '#!/bin/sh\ngpg --batch --pinentry-mode loopback --passphrase "$GPG_PRIVATE_KEY_PASSPHRASE" "$@"\n' > /tmp/gpg-sign.sh
+   chmod +x /tmp/gpg-sign.sh
+   git -c gpg.program=/tmp/gpg-sign.sh commit -S -m "message"
+   rm /tmp/gpg-sign.sh
+   ```
+
+   This passes the passphrase directly to gpg on each signing invocation, bypassing the need for a configured gpg-agent.
+
+## Anti-patterns
+
+- Do not echo or log `GPG_PRIVATE_KEY_PASSPHRASE`.
+- Do not commit without `-S` when the passphrase is available — the project expects signed commits.
+- Do not leave wrapper scripts on disk after committing.

.claude/skills/vercel-react-best-practices/AGENTS.md

@@ -0,0 +1,807 @@
+# React Best Practices
+
+**Version 1.0.0**
+
+> **Note:**
+> This document is for agents and LLMs to follow when maintaining,
+> generating, or refactoring React codebases. Humans may also find it useful.
+
+---
+
+## Abstract
+
+Performance optimization guide for React applications, designed for AI agents and LLMs. Contains rules across 7 categories, prioritized by impact from critical (eliminating waterfalls, reducing bundle size) to incremental (advanced patterns).
+
+---
+
+## Table of Contents
+
+1. [Eliminating Waterfalls](#1-eliminating-waterfalls) — **CRITICAL**
+2. [Bundle Size Optimization](#2-bundle-size-optimization) — **CRITICAL**
+3. [Client-Side Data Fetching](#3-client-side-data-fetching) — **MEDIUM-HIGH**
+4. [Re-render Optimization](#4-re-render-optimization) — **MEDIUM**
+5. [Rendering Performance](#5-rendering-performance) — **MEDIUM**
+6. [JavaScript Performance](#6-javascript-performance) — **LOW-MEDIUM**
+7. [Advanced Patterns](#7-advanced-patterns) — **LOW**
+
+---
+
+## 1. Eliminating Waterfalls
+
+**Impact: CRITICAL**
+
+Waterfalls are the #1 performance killer. Each sequential await adds full network latency.
+
+### 1.1 Defer Await Until Needed
+
+**Impact: HIGH (avoids blocking unused code paths)**
+
+Move `await` operations into the branches where they're actually used.
+
+**Incorrect: blocks both branches**
+
+```typescript
+async function handleRequest(userId: string, skipProcessing: boolean) {
+  const userData = await fetchUserData(userId)
+  
+  if (skipProcessing) {
+    return { skipped: true }
+  }
+  
+  return processUserData(userData)
+}
+```
+
+**Correct: only blocks when needed**
+
+```typescript
+async function handleRequest(userId: string, skipProcessing: boolean) {
+  if (skipProcessing) {
+    return { skipped: true }
+  }
+  
+  const userData = await fetchUserData(userId)
+  return processUserData(userData)
+}
+```
+
+### 1.2 Dependency-Based Parallelization
+
+**Impact: CRITICAL (2-10× improvement)**
+
+For operations with partial dependencies, use `better-all` to maximize parallelism.
+
+**Incorrect: profile waits for config unnecessarily**
+
+```typescript
+const [user, config] = await Promise.all([
+  fetchUser(),
+  fetchConfig()
+])
+const profile = await fetchProfile(user.id)
+```
+
+**Correct: config and profile run in parallel**
+
+```typescript
+import { all } from 'better-all'
+
+const { user, config, profile } = await all({
+  async user() { return fetchUser() },
+  async config() { return fetchConfig() },
+  async profile() {
+    return fetchProfile((await this.$.user).id)
+  }
+})
+```
+
+### 1.3 Promise.all() for Independent Operations
+
+**Impact: CRITICAL (2-10× improvement)**
+
+When async operations have no interdependencies, execute them concurrently.
+
+**Incorrect: sequential execution, 3 round trips**
+
+```typescript
+const user = await fetchUser()
+const posts = await fetchPosts()
+const comments = await fetchComments()
+```
+
+**Correct: parallel execution, 1 round trip**
+
+```typescript
+const [user, posts, comments] = await Promise.all([
+  fetchUser(),
+  fetchPosts(),
+  fetchComments()
+])
+```
+
+---
+
+## 2. Bundle Size Optimization
+
+**Impact: CRITICAL**
+
+Reducing initial bundle size improves Time to Interactive and Largest Contentful Paint.
+
+### 2.1 Avoid Barrel File Imports
+
+**Impact: CRITICAL (200-800ms import cost, slow builds)**
+
+Import directly from source files instead of barrel files.
+
+**Incorrect: imports entire library**
+
+```tsx
+import { Check, X, Menu } from 'lucide-react'
+// Loads 1,583 modules
+```
+
+**Correct: imports only what you need**
+
+```tsx
+import Check from 'lucide-react/dist/esm/icons/check'
+import X from 'lucide-react/dist/esm/icons/x'
+import Menu from 'lucide-react/dist/esm/icons/menu'
+// Loads only 3 modules
+```
+
+Libraries commonly affected: `lucide-react`, `@mui/material`, `@mui/icons-material`, `@tabler/icons-react`, `react-icons`, `@headlessui/react`, `@radix-ui/react-*`, `lodash`, `ramda`, `date-fns`, `rxjs`, `react-use`.
+
+### 2.2 Conditional Module Loading
+
+**Impact: HIGH (loads large data only when needed)**
+
+Load large data or modules only when a feature is activated.
+
+```tsx
+function AnimationPlayer({ enabled, setEnabled }) {
+  const [frames, setFrames] = useState(null)
+
+  useEffect(() => {
+    if (enabled && !frames) {
+      import('./animation-frames.js')
+        .then(mod => setFrames(mod.frames))
+        .catch(() => setEnabled(false))
+    }
+  }, [enabled, frames, setEnabled])
+
+  if (!frames) return <Skeleton />
+  return <Canvas frames={frames} />
+}
+```
+
+### 2.3 Preload Based on User Intent
+
+**Impact: MEDIUM (reduces perceived latency)**
+
+Preload heavy bundles before they're needed.
+
+```tsx
+function EditorButton({ onClick }) {
+  const preload = () => {
+    void import('./monaco-editor')
+  }
+
+  return (
+    <button
+      onMouseEnter={preload}
+      onFocus={preload}
+      onClick={onClick}
+    >
+      Open Editor
+    </button>
+  )
+}
+```
+
+---
+
+## 3. Client-Side Data Fetching
+
+**Impact: MEDIUM-HIGH**
+
+### 3.1 Deduplicate Global Event Listeners
+
+**Impact: MEDIUM (prevents memory leaks and duplicate handlers)**
+
+Use a singleton pattern for global event listeners.
+
+**Incorrect: multiple listeners**
+
+```tsx
+function useWindowResize(callback) {
+  useEffect(() => {
+    window.addEventListener('resize', callback)
+    return () => window.removeEventListener('resize', callback)
+  }, [callback])
+}
+```
+
+**Correct: shared listener**
+
+```tsx
+const listeners = new Set()
+let isListening = false
+
+function useWindowResize(callback) {
+  useEffect(() => {
+    listeners.add(callback)
+    
+    if (!isListening) {
+      isListening = true
+      window.addEventListener('resize', (e) => {
+        listeners.forEach(fn => fn(e))
+      })
+    }
+    
+    return () => listeners.delete(callback)
+  }, [callback])
+}
+```
+
+### 3.2 Use Passive Event Listeners
+
+**Impact: MEDIUM (improves scroll performance)**
+
+Use passive listeners for scroll and touch events.
+
+```tsx
+useEffect(() => {
+  const handler = (e) => { /* handle scroll */ }
+  window.addEventListener('scroll', handler, { passive: true })
+  return () => window.removeEventListener('scroll', handler)
+}, [])
+```
+
+### 3.3 Use SWR for Automatic Deduplication
+
+**Impact: HIGH (eliminates duplicate requests)**
+
+SWR automatically deduplicates requests to the same key.
+
+```tsx
+import useSWR from 'swr'
+
+function UserProfile({ userId }) {
+  const { data } = useSWR(`/api/users/${userId}`, fetcher)
+  return <div>{data?.name}</div>
+}
+
+// Multiple components using the same key = single request
+```
+
+### 3.4 Version and Minimize localStorage Data
+
+**Impact: MEDIUM (prevents data corruption)**
+
+Use schema versioning for localStorage.
+
+```typescript
+const STORAGE_VERSION = 2
+
+interface StoredData {
+  version: number
+  data: UserPreferences
+}
+
+function loadPreferences(): UserPreferences {
+  const raw = localStorage.getItem('prefs')
+  if (!raw) return defaultPreferences
+  
+  const stored: StoredData = JSON.parse(raw)
+  if (stored.version !== STORAGE_VERSION) {
+    return migrate(stored)
+  }
+  return stored.data
+}
+```
+
+---
+
+## 4. Re-render Optimization
+
+**Impact: MEDIUM**
+
+### 4.1 Defer State Reads to Usage Point
+
+**Impact: MEDIUM (avoids unnecessary re-renders)**
+
+Don't subscribe to state that's only used in callbacks.
+
+**Incorrect: re-renders on every count change**
+
+```tsx
+function Counter() {
+  const count = useStore(state => state.count)
+  const increment = useStore(state => state.increment)
+  
+  return <button onClick={() => increment()}>+</button>
+}
+```
+
+**Correct: no re-renders from count changes**
+
+```tsx
+function Counter() {
+  const increment = useStore(state => state.increment)
+  
+  return <button onClick={() => increment()}>+</button>
+}
+```
+
+### 4.2 Extract to Memoized Components
+
+**Impact: MEDIUM (isolates expensive renders)**
+
+Extract expensive computations into memoized child components.
+
+```tsx
+const ExpensiveList = memo(function ExpensiveList({ items }) {
+  return items.map(item => <ExpensiveItem key={item.id} item={item} />)
+})
+
+function Parent() {
+  const [filter, setFilter] = useState('')
+  const items = useItems()
+  
+  return (
+    <>
+      <input value={filter} onChange={e => setFilter(e.target.value)} />
+      <ExpensiveList items={items} />
+    </>
+  )
+}
+```
+
+### 4.3 Narrow Effect Dependencies
+
+**Impact: MEDIUM (reduces effect runs)**
+
+Use primitive dependencies instead of objects.
+
+**Incorrect: runs on every render**
+
+```tsx
+useEffect(() => {
+  fetchData(options)
+}, [options]) // Object reference changes every render
+```
+
+**Correct: runs only when values change**
+
+```tsx
+useEffect(() => {
+  fetchData({ page, limit })
+}, [page, limit])
+```
+
+### 4.4 Subscribe to Derived State
+
+**Impact: MEDIUM (reduces re-renders)**
+
+Subscribe to derived booleans instead of raw values.
+
+**Incorrect: re-renders on every count change**
+
+```tsx
+function Badge() {
+  const count = useStore(state => state.notifications.length)
+  return count > 0 ? <span>New</span> : null
+}
+```
+
+**Correct: re-renders only when visibility changes**
+
+```tsx
+function Badge() {
+  const hasNotifications = useStore(state => state.notifications.length > 0)
+  return hasNotifications ? <span>New</span> : null
+}
+```
+
+### 4.5 Use Functional setState Updates
+
+**Impact: MEDIUM (stable callback references)**
+
+Use functional updates to avoid dependency on current state.
+
+```tsx
+// Incorrect: callback changes when count changes
+const increment = useCallback(() => {
+  setCount(count + 1)
+}, [count])
+
+// Correct: stable callback reference
+const increment = useCallback(() => {
+  setCount(c => c + 1)
+}, [])
+```
+
+### 4.6 Use Lazy State Initialization
+
+**Impact: LOW-MEDIUM (avoids expensive initial computation)**
+
+Pass a function to useState for expensive initial values.
+
+```tsx
+// Incorrect: parses on every render
+const [data, setData] = useState(JSON.parse(localStorage.getItem('data')))
+
+// Correct: parses only once
+const [data, setData] = useState(() => JSON.parse(localStorage.getItem('data')))
+```
+
+### 4.7 Use Transitions for Non-Urgent Updates
+
+**Impact: MEDIUM (keeps UI responsive)**
+
+Use startTransition for updates that can be deferred.
+
+```tsx
+import { startTransition } from 'react'
+
+function SearchResults() {
+  const [query, setQuery] = useState('')
+  const [results, setResults] = useState([])
+  
+  const handleChange = (e) => {
+    setQuery(e.target.value) // Urgent: update input immediately
+    
+    startTransition(() => {
+      setResults(search(e.target.value)) // Non-urgent: can be interrupted
+    })
+  }
+  
+  return (
+    <>
+      <input value={query} onChange={handleChange} />
+      <ResultsList results={results} />
+    </>
+  )
+}
+```
+
+---
+
+## 5. Rendering Performance
+
+**Impact: MEDIUM**
+
+### 5.1 Animate SVG Wrapper Instead of SVG Element
+
+**Impact: MEDIUM (avoids SVG re-parsing)**
+
+Wrap SVGs in a div and animate the wrapper.
+
+```tsx
+// Incorrect: triggers SVG re-parsing
+<motion.svg animate={{ scale: 1.2 }}>...</motion.svg>
+
+// Correct: animates wrapper only
+<motion.div animate={{ scale: 1.2 }}>
+  <svg>...</svg>
+</motion.div>
+```
+
+### 5.2 CSS content-visibility for Long Lists
+
+**Impact: HIGH (skips off-screen rendering)**
+
+Use content-visibility to skip rendering off-screen items.
+
+```css
+.list-item {
+  content-visibility: auto;
+  contain-intrinsic-size: 0 50px;
+}
+```
+
+### 5.3 Hoist Static JSX Elements
+
+**Impact: LOW-MEDIUM (avoids recreation)**
+
+Extract static JSX outside components.
+
+```tsx
+const staticIcon = <Icon name="check" />
+
+function ListItem({ label }) {
+  return (
+    <div>
+      {staticIcon}
+      <span>{label}</span>
+    </div>
+  )
+}
+```
+
+### 5.4 Optimize SVG Precision
+
+**Impact: LOW (reduces SVG size)**
+
+Reduce coordinate precision in SVGs.
+
+```tsx
+// Before: 847 bytes
+<path d="M12.7071067811865 5.29289321881345..." />
+
+// After: 324 bytes
+<path d="M12.71 5.29..." />
+```
+
+### 5.5 Use Explicit Conditional Rendering
+
+**Impact: LOW (prevents rendering bugs)**
+
+Use ternary instead of && for conditionals.
+
+```tsx
+// Incorrect: renders "0" when count is 0
+{count && <Badge count={count} />}
+
+// Correct: renders nothing when count is 0
+{count > 0 ? <Badge count={count} /> : null}
+```
+
+---
+
+## 6. JavaScript Performance
+
+**Impact: LOW-MEDIUM**
+
+### 6.1 Batch DOM CSS Changes
+
+**Impact: MEDIUM (reduces reflows)**
+
+Group CSS changes via classes or cssText.
+
+```typescript
+// Incorrect: 3 reflows
+element.style.width = '100px'
+element.style.height = '100px'
+element.style.margin = '10px'
+
+// Correct: 1 reflow
+element.style.cssText = 'width: 100px; height: 100px; margin: 10px;'
+```
+
+### 6.2 Build Index Maps for Repeated Lookups
+
+**Impact: HIGH for large datasets**
+
+Build a Map for O(1) lookups instead of O(n) array searches.
+
+```typescript
+// Incorrect: O(n) for each lookup
+users.find(u => u.id === targetId)
+
+// Correct: O(1) lookup
+const userMap = new Map(users.map(u => [u.id, u]))
+userMap.get(targetId)
+```
+
+### 6.3 Cache Property Access in Loops
+
+**Impact: LOW-MEDIUM**
+
+Cache object properties accessed in loops.
+
+```typescript
+// Incorrect
+for (let i = 0; i < items.length; i++) {
+  process(items[i])
+}
+
+// Correct
+const len = items.length
+for (let i = 0; i < len; i++) {
+  process(items[i])
+}
+```
+
+### 6.4 Cache Repeated Function Calls
+
+**Impact: MEDIUM**
+
+Cache expensive function results.
+
+```typescript
+const cache = new Map()
+
+function expensiveComputation(input) {
+  if (cache.has(input)) return cache.get(input)
+  const result = /* expensive work */
+  cache.set(input, result)
+  return result
+}
+```
+
+### 6.5 Cache Storage API Calls
+
+**Impact: MEDIUM**
+
+Cache localStorage/sessionStorage reads.
+
+```typescript
+let cachedTheme = null
+
+function getTheme() {
+  if (cachedTheme === null) {
+    cachedTheme = localStorage.getItem('theme') || 'light'
+  }
+  return cachedTheme
+}
+```
+
+### 6.6 Combine Multiple Array Iterations
+
+**Impact: LOW-MEDIUM**
+
+Combine filter/map into a single loop.
+
+```typescript
+// Incorrect: 2 iterations
+const result = items
+  .filter(item => item.active)
+  .map(item => item.value)
+
+// Correct: 1 iteration
+const result = []
+for (const item of items) {
+  if (item.active) result.push(item.value)
+}
+```
+
+### 6.7 Early Length Check for Array Comparisons
+
+**Impact: LOW**
+
+Check array length before expensive comparisons.
+
+```typescript
+function arraysEqual(a, b) {
+  if (a.length !== b.length) return false
+  return a.every((val, i) => val === b[i])
+}
+```
+
+### 6.8 Early Return from Functions
+
+**Impact: LOW**
+
+Return early to avoid unnecessary work.
+
+```typescript
+function processUser(user) {
+  if (!user) return null
+  if (!user.active) return null
+  
+  // Process active user
+}
+```
+
+### 6.9 Hoist RegExp Creation
+
+**Impact: LOW-MEDIUM**
+
+Create RegExp outside loops.
+
+```typescript
+// Incorrect: creates regex on each iteration
+items.forEach(item => {
+  if (/pattern/.test(item)) { /* ... */ }
+})
+
+// Correct: reuses regex
+const pattern = /pattern/
+items.forEach(item => {
+  if (pattern.test(item)) { /* ... */ }
+})
+```
+
+### 6.10 Use Loop for Min/Max Instead of Sort
+
+**Impact: MEDIUM for large arrays**
+
+Use a loop instead of sorting to find min/max.
+
+```typescript
+// Incorrect: O(n log n)
+const max = items.sort((a, b) => b - a)[0]
+
+// Correct: O(n)
+const max = Math.max(...items)
+// Or for very large arrays:
+let max = items[0]
+for (let i = 1; i < items.length; i++) {
+  if (items[i] > max) max = items[i]
+}
+```
+
+### 6.11 Use Set/Map for O(1) Lookups
+
+**Impact: HIGH for repeated lookups**
+
+Use Set for membership checks, Map for key-value lookups.
+
+```typescript
+// Incorrect: O(n)
+const isValid = validIds.includes(id)
+
+// Correct: O(1)
+const validIdSet = new Set(validIds)
+const isValid = validIdSet.has(id)
+```
+
+### 6.12 Use toSorted() for Immutability
+
+**Impact: LOW**
+
+Use toSorted() instead of sort() to avoid mutation.
+
+```typescript
+// Mutates original
+const sorted = items.sort((a, b) => a - b)
+
+// Returns new array
+const sorted = items.toSorted((a, b) => a - b)
+```
+
+---
+
+## 7. Advanced Patterns
+
+**Impact: LOW**
+
+### 7.1 Store Event Handlers in Refs
+
+**Impact: LOW (avoids effect re-runs)**
+
+Store handlers in refs to avoid effect dependencies.
+
+```tsx
+function useEventListener(event, handler) {
+  const handlerRef = useRef(handler)
+  handlerRef.current = handler
+  
+  useEffect(() => {
+    const listener = (e) => handlerRef.current(e)
+    window.addEventListener(event, listener)
+    return () => window.removeEventListener(event, listener)
+  }, [event]) // handler not in deps
+}
+```
+
+### 7.2 useLatest for Stable Callback Refs
+
+**Impact: LOW**
+
+Create a useLatest hook for stable references.
+
+```tsx
+function useLatest(value) {
+  const ref = useRef(value)
+  ref.current = value
+  return ref
+}
+
+function useInterval(callback, delay) {
+  const callbackRef = useLatest(callback)
+  
+  useEffect(() => {
+    const id = setInterval(() => callbackRef.current(), delay)
+    return () => clearInterval(id)
+  }, [delay])
+}
+```
+
+---
+
+## References
+
+1. [https://github.com/shuding/better-all](https://github.com/shuding/better-all)
+2. [https://vercel.com/blog/how-we-optimized-package-imports-in-next-js](https://vercel.com/blog/how-we-optimized-package-imports-in-next-js)

.claude/skills/vercel-react-best-practices/SKILL.md

@@ -0,0 +1,111 @@
+---
+name: react-best-practices
+description: React performance optimization guidelines. Use when writing, reviewing, or refactoring React code to ensure optimal performance patterns. Triggers on tasks involving React components, data fetching, bundle optimization, or performance improvements.
+license: MIT
+metadata:
+  author: vercel
+  version: "1.0.0"
+---
+
+# React Best Practices
+
+Performance optimization guide for React applications. Contains rules across 6 categories, prioritized by impact.
+
+## When to Apply
+
+Reference these guidelines when:
+- Writing new React components
+- Implementing data fetching
+- Reviewing code for performance issues
+- Refactoring existing React code
+- Optimizing bundle size or load times
+
+## Rule Categories by Priority
+
+| Priority | Category | Impact | Prefix |
+|----------|----------|--------|--------|
+| 1 | Eliminating Waterfalls | CRITICAL | `async-` |
+| 2 | Bundle Size Optimization | CRITICAL | `bundle-` |
+| 3 | Client-Side Data Fetching | MEDIUM-HIGH | `client-` |
+| 4 | Re-render Optimization | MEDIUM | `rerender-` |
+| 5 | Rendering Performance | MEDIUM | `rendering-` |
+| 6 | JavaScript Performance | LOW-MEDIUM | `js-` |
+| 7 | Advanced Patterns | LOW | `advanced-` |
+
+## Quick Reference
+
+### 1. Eliminating Waterfalls (CRITICAL)
+
+- `async-defer-await` - Move await into branches where actually used
+- `async-parallel` - Use Promise.all() for independent operations
+- `async-dependencies` - Use better-all for partial dependencies
+
+### 2. Bundle Size Optimization (CRITICAL)
+
+- `bundle-barrel-imports` - Import directly, avoid barrel files
+- `bundle-conditional` - Load modules only when feature is activated
+- `bundle-preload` - Preload on hover/focus for perceived speed
+
+### 3. Client-Side Data Fetching (MEDIUM-HIGH)
+
+- `client-swr-dedup` - Use SWR for automatic request deduplication
+- `client-event-listeners` - Deduplicate global event listeners
+- `client-localstorage-schema` - Schema validation for localStorage
+- `client-passive-event-listeners` - Use passive listeners for scroll/touch
+
+### 4. Re-render Optimization (MEDIUM)
+
+- `rerender-defer-reads` - Don't subscribe to state only used in callbacks
+- `rerender-memo` - Extract expensive work into memoized components
+- `rerender-dependencies` - Use primitive dependencies in effects
+- `rerender-derived-state` - Subscribe to derived booleans, not raw values
+- `rerender-functional-setstate` - Use functional setState for stable callbacks
+- `rerender-lazy-state-init` - Pass function to useState for expensive values
+- `rerender-transitions` - Use startTransition for non-urgent updates
+
+### 5. Rendering Performance (MEDIUM)
+
+- `rendering-animate-svg-wrapper` - Animate div wrapper, not SVG element
+- `rendering-content-visibility` - Use content-visibility for long lists
+- `rendering-hoist-jsx` - Extract static JSX outside components
+- `rendering-svg-precision` - Reduce SVG coordinate precision
+- `rendering-conditional-render` - Use ternary, not && for conditionals
+
+### 6. JavaScript Performance (LOW-MEDIUM)
+
+- `js-batch-dom-css` - Group CSS changes via classes or cssText
+- `js-index-maps` - Build Map for repeated lookups
+- `js-cache-property-access` - Cache object properties in loops
+- `js-cache-function-results` - Cache function results in module-level Map
+- `js-cache-storage` - Cache localStorage/sessionStorage reads
+- `js-combine-iterations` - Combine multiple filter/map into one loop
+- `js-length-check-first` - Check array length before expensive comparison
+- `js-early-exit` - Return early from functions
+- `js-hoist-regexp` - Hoist RegExp creation outside loops
+- `js-min-max-loop` - Use loop for min/max instead of sort
+- `js-set-map-lookups` - Use Set/Map for O(1) lookups
+- `js-tosorted-immutable` - Use toSorted() for immutability
+
+### 7. Advanced Patterns (LOW)
+
+- `advanced-event-handler-refs` - Store event handlers in refs
+- `advanced-use-latest` - useLatest for stable callback refs
+
+## How to Use
+
+Read individual rule files for detailed explanations and code examples:
+
+```
+rules/async-parallel.md
+rules/bundle-barrel-imports.md
+```
+
+Each rule file contains:
+- Brief explanation of why it matters
+- Incorrect code example with explanation
+- Correct code example with explanation
+- Additional context and references
+
+## Full Compiled Document
+
+For the complete guide with all rules expanded: `AGENTS.md`

.claude/skills/vercel-react-best-practices/rules/advanced-event-handler-refs.md

@@ -0,0 +1,55 @@
+---
+title: Store Event Handlers in Refs
+impact: LOW
+impactDescription: stable subscriptions
+tags: advanced, hooks, refs, event-handlers, optimization
+---
+
+## Store Event Handlers in Refs
+
+Store callbacks in refs when used in effects that shouldn't re-subscribe on callback changes.
+
+**Incorrect (re-subscribes on every render):**
+
+```tsx
+function useWindowEvent(event: string, handler: () => void) {
+  useEffect(() => {
+    window.addEventListener(event, handler)
+    return () => window.removeEventListener(event, handler)
+  }, [event, handler])
+}
+```
+
+**Correct (stable subscription):**
+
+```tsx
+function useWindowEvent(event: string, handler: () => void) {
+  const handlerRef = useRef(handler)
+  useEffect(() => {
+    handlerRef.current = handler
+  }, [handler])
+
+  useEffect(() => {
+    const listener = () => handlerRef.current()
+    window.addEventListener(event, listener)
+    return () => window.removeEventListener(event, listener)
+  }, [event])
+}
+```
+
+**Alternative: use `useEffectEvent` if you're on latest React:**
+
+```tsx
+import { useEffectEvent } from 'react'
+
+function useWindowEvent(event: string, handler: () => void) {
+  const onEvent = useEffectEvent(handler)
+
+  useEffect(() => {
+    window.addEventListener(event, onEvent)
+    return () => window.removeEventListener(event, onEvent)
+  }, [event])
+}
+```
+
+`useEffectEvent` provides a cleaner API for the same pattern: it creates a stable function reference that always calls the latest version of the handler.

.claude/skills/vercel-react-best-practices/rules/advanced-use-latest.md

@@ -0,0 +1,49 @@
+---
+title: useLatest for Stable Callback Refs
+impact: LOW
+impactDescription: prevents effect re-runs
+tags: advanced, hooks, useLatest, refs, optimization
+---
+
+## useLatest for Stable Callback Refs
+
+Access latest values in callbacks without adding them to dependency arrays. Prevents effect re-runs while avoiding stale closures.
+
+**Implementation:**
+
+```typescript
+function useLatest<T>(value: T) {
+  const ref = useRef(value)
+  useEffect(() => {
+    ref.current = value
+  }, [value])
+  return ref
+}
+```
+
+**Incorrect (effect re-runs on every callback change):**
+
+```tsx
+function SearchInput({ onSearch }: { onSearch: (q: string) => void }) {
+  const [query, setQuery] = useState('')
+
+  useEffect(() => {
+    const timeout = setTimeout(() => onSearch(query), 300)
+    return () => clearTimeout(timeout)
+  }, [query, onSearch])
+}
+```
+
+**Correct (stable effect, fresh callback):**
+
+```tsx
+function SearchInput({ onSearch }: { onSearch: (q: string) => void }) {
+  const [query, setQuery] = useState('')
+  const onSearchRef = useLatest(onSearch)
+
+  useEffect(() => {
+    const timeout = setTimeout(() => onSearchRef.current(query), 300)
+    return () => clearTimeout(timeout)
+  }, [query])
+}
+```

.claude/skills/vercel-react-best-practices/rules/async-defer-await.md

@@ -0,0 +1,80 @@
+---
+title: Defer Await Until Needed
+impact: HIGH
+impactDescription: avoids blocking unused code paths
+tags: async, await, conditional, optimization
+---
+
+## Defer Await Until Needed
+
+Move `await` operations into the branches where they're actually used to avoid blocking code paths that don't need them.
+
+**Incorrect (blocks both branches):**
+
+```typescript
+async function handleRequest(userId: string, skipProcessing: boolean) {
+  const userData = await fetchUserData(userId)
+  
+  if (skipProcessing) {
+    // Returns immediately but still waited for userData
+    return { skipped: true }
+  }
+  
+  // Only this branch uses userData
+  return processUserData(userData)
+}
+```
+
+**Correct (only blocks when needed):**
+
+```typescript
+async function handleRequest(userId: string, skipProcessing: boolean) {
+  if (skipProcessing) {
+    // Returns immediately without waiting
+    return { skipped: true }
+  }
+  
+  // Fetch only when needed
+  const userData = await fetchUserData(userId)
+  return processUserData(userData)
+}
+```
+
+**Another example (early return optimization):**
+
+```typescript
+// Incorrect: always fetches permissions
+async function updateResource(resourceId: string, userId: string) {
+  const permissions = await fetchPermissions(userId)
+  const resource = await getResource(resourceId)
+  
+  if (!resource) {
+    return { error: 'Not found' }
+  }
+  
+  if (!permissions.canEdit) {
+    return { error: 'Forbidden' }
+  }
+  
+  return await updateResourceData(resource, permissions)
+}
+
+// Correct: fetches only when needed
+async function updateResource(resourceId: string, userId: string) {
+  const resource = await getResource(resourceId)
+  
+  if (!resource) {
+    return { error: 'Not found' }
+  }
+  
+  const permissions = await fetchPermissions(userId)
+  
+  if (!permissions.canEdit) {
+    return { error: 'Forbidden' }
+  }
+  
+  return await updateResourceData(resource, permissions)
+}
+```
+
+This optimization is especially valuable when the skipped branch is frequently taken, or when the deferred operation is expensive.

.claude/skills/vercel-react-best-practices/rules/async-dependencies.md

@@ -0,0 +1,36 @@
+---
+title: Dependency-Based Parallelization
+impact: CRITICAL
+impactDescription: 2-10× improvement
+tags: async, parallelization, dependencies, better-all
+---
+
+## Dependency-Based Parallelization
+
+For operations with partial dependencies, use `better-all` to maximize parallelism. It automatically starts each task at the earliest possible moment.
+
+**Incorrect (profile waits for config unnecessarily):**
+
+```typescript
+const [user, config] = await Promise.all([
+  fetchUser(),
+  fetchConfig()
+])
+const profile = await fetchProfile(user.id)
+```
+
+**Correct (config and profile run in parallel):**
+
+```typescript
+import { all } from 'better-all'
+
+const { user, config, profile } = await all({
+  async user() { return fetchUser() },
+  async config() { return fetchConfig() },
+  async profile() {
+    return fetchProfile((await this.$.user).id)
+  }
+})
+```
+
+Reference: [https://github.com/shuding/better-all](https://github.com/shuding/better-all)

.claude/skills/vercel-react-best-practices/rules/async-parallel.md

@@ -0,0 +1,28 @@
+---
+title: Promise.all() for Independent Operations
+impact: CRITICAL
+impactDescription: 2-10× improvement
+tags: async, parallelization, promises, waterfalls
+---
+
+## Promise.all() for Independent Operations
+
+When async operations have no interdependencies, execute them concurrently using `Promise.all()`.
+
+**Incorrect (sequential execution, 3 round trips):**
+
+```typescript
+const user = await fetchUser()
+const posts = await fetchPosts()
+const comments = await fetchComments()
+```
+
+**Correct (parallel execution, 1 round trip):**
+
+```typescript
+const [user, posts, comments] = await Promise.all([
+  fetchUser(),
+  fetchPosts(),
+  fetchComments()
+])
+```

.claude/skills/vercel-react-best-practices/rules/bundle-barrel-imports.md

@@ -0,0 +1,59 @@
+---
+title: Avoid Barrel File Imports
+impact: CRITICAL
+impactDescription: 200-800ms import cost, slow builds
+tags: bundle, imports, tree-shaking, barrel-files, performance
+---
+
+## Avoid Barrel File Imports
+
+Import directly from source files instead of barrel files to avoid loading thousands of unused modules. **Barrel files** are entry points that re-export multiple modules (e.g., `index.js` that does `export * from './module'`).
+
+Popular icon and component libraries can have **up to 10,000 re-exports** in their entry file. For many React packages, **it takes 200-800ms just to import them**, affecting both development speed and production cold starts.
+
+**Why tree-shaking doesn't help:** When a library is marked as external (not bundled), the bundler can't optimize it. If you bundle it to enable tree-shaking, builds become substantially slower analyzing the entire module graph.
+
+**Incorrect (imports entire library):**
+
+```tsx
+import { Check, X, Menu } from 'lucide-react'
+// Loads 1,583 modules, takes ~2.8s extra in dev
+// Runtime cost: 200-800ms on every cold start
+
+import { Button, TextField } from '@mui/material'
+// Loads 2,225 modules, takes ~4.2s extra in dev
+```
+
+**Correct (imports only what you need):**
+
+```tsx
+import Check from 'lucide-react/dist/esm/icons/check'
+import X from 'lucide-react/dist/esm/icons/x'
+import Menu from 'lucide-react/dist/esm/icons/menu'
+// Loads only 3 modules (~2KB vs ~1MB)
+
+import Button from '@mui/material/Button'
+import TextField from '@mui/material/TextField'
+// Loads only what you use
+```
+
+**Alternative (Next.js 13.5+):**
+
+```js
+// next.config.js - use optimizePackageImports
+module.exports = {
+  experimental: {
+    optimizePackageImports: ['lucide-react', '@mui/material']
+  }
+}
+
+// Then you can keep the ergonomic barrel imports:
+import { Check, X, Menu } from 'lucide-react'
+// Automatically transformed to direct imports at build time
+```
+
+Direct imports provide 15-70% faster dev boot, 28% faster builds, 40% faster cold starts, and significantly faster HMR.
+
+Libraries commonly affected: `lucide-react`, `@mui/material`, `@mui/icons-material`, `@tabler/icons-react`, `react-icons`, `@headlessui/react`, `@radix-ui/react-*`, `lodash`, `ramda`, `date-fns`, `rxjs`, `react-use`.
+
+Reference: [How we optimized package imports in Next.js](https://vercel.com/blog/how-we-optimized-package-imports-in-next-js)

.claude/skills/vercel-react-best-practices/rules/bundle-conditional.md

@@ -0,0 +1,31 @@
+---
+title: Conditional Module Loading
+impact: HIGH
+impactDescription: loads large data only when needed
+tags: bundle, conditional-loading, lazy-loading
+---
+
+## Conditional Module Loading
+
+Load large data or modules only when a feature is activated.
+
+**Example (lazy-load animation frames):**
+
+```tsx
+function AnimationPlayer({ enabled, setEnabled }: { enabled: boolean; setEnabled: React.Dispatch<React.SetStateAction<boolean>> }) {
+  const [frames, setFrames] = useState<Frame[] | null>(null)
+
+  useEffect(() => {
+    if (enabled && !frames && typeof window !== 'undefined') {
+      import('./animation-frames.js')
+        .then(mod => setFrames(mod.frames))
+        .catch(() => setEnabled(false))
+    }
+  }, [enabled, frames, setEnabled])
+
+  if (!frames) return <Skeleton />
+  return <Canvas frames={frames} />
+}
+```
+
+The `typeof window !== 'undefined'` check prevents bundling this module for SSR, optimizing server bundle size and build speed.

.claude/skills/vercel-react-best-practices/rules/bundle-preload.md

@@ -0,0 +1,50 @@
+---
+title: Preload Based on User Intent
+impact: MEDIUM
+impactDescription: reduces perceived latency
+tags: bundle, preload, user-intent, hover
+---
+
+## Preload Based on User Intent
+
+Preload heavy bundles before they're needed to reduce perceived latency.
+
+**Example (preload on hover/focus):**
+
+```tsx
+function EditorButton({ onClick }: { onClick: () => void }) {
+  const preload = () => {
+    if (typeof window !== 'undefined') {
+      void import('./monaco-editor')
+    }
+  }
+
+  return (
+    <button
+      onMouseEnter={preload}
+      onFocus={preload}
+      onClick={onClick}
+    >
+      Open Editor
+    </button>
+  )
+}
+```
+
+**Example (preload when feature flag is enabled):**
+
+```tsx
+function FlagsProvider({ children, flags }: Props) {
+  useEffect(() => {
+    if (flags.editorEnabled && typeof window !== 'undefined') {
+      void import('./monaco-editor').then(mod => mod.init())
+    }
+  }, [flags.editorEnabled])
+
+  return <FlagsContext.Provider value={flags}>
+    {children}
+  </FlagsContext.Provider>
+}
+```
+
+The `typeof window !== 'undefined'` check prevents bundling preloaded modules for SSR, optimizing server bundle size and build speed.

.claude/skills/vercel-react-best-practices/rules/client-event-listeners.md

@@ -0,0 +1,74 @@
+---
+title: Deduplicate Global Event Listeners
+impact: LOW
+impactDescription: single listener for N components
+tags: client, swr, event-listeners, subscription
+---
+
+## Deduplicate Global Event Listeners
+
+Use `useSWRSubscription()` to share global event listeners across component instances.
+
+**Incorrect (N instances = N listeners):**
+
+```tsx
+function useKeyboardShortcut(key: string, callback: () => void) {
+  useEffect(() => {
+    const handler = (e: KeyboardEvent) => {
+      if (e.metaKey && e.key === key) {
+        callback()
+      }
+    }
+    window.addEventListener('keydown', handler)
+    return () => window.removeEventListener('keydown', handler)
+  }, [key, callback])
+}
+```
+
+When using the `useKeyboardShortcut` hook multiple times, each instance will register a new listener.
+
+**Correct (N instances = 1 listener):**
+
+```tsx
+import useSWRSubscription from 'swr/subscription'
+
+// Module-level Map to track callbacks per key
+const keyCallbacks = new Map<string, Set<() => void>>()
+
+function useKeyboardShortcut(key: string, callback: () => void) {
+  // Register this callback in the Map
+  useEffect(() => {
+    if (!keyCallbacks.has(key)) {
+      keyCallbacks.set(key, new Set())
+    }
+    keyCallbacks.get(key)!.add(callback)
+
+    return () => {
+      const set = keyCallbacks.get(key)
+      if (set) {
+        set.delete(callback)
+        if (set.size === 0) {
+          keyCallbacks.delete(key)
+        }
+      }
+    }
+  }, [key, callback])
+
+  useSWRSubscription('global-keydown', () => {
+    const handler = (e: KeyboardEvent) => {
+      if (e.metaKey && keyCallbacks.has(e.key)) {
+        keyCallbacks.get(e.key)!.forEach(cb => cb())
+      }
+    }
+    window.addEventListener('keydown', handler)
+    return () => window.removeEventListener('keydown', handler)
+  })
+}
+
+function Profile() {
+  // Multiple shortcuts will share the same listener
+  useKeyboardShortcut('p', () => { /* ... */ }) 
+  useKeyboardShortcut('k', () => { /* ... */ })
+  // ...
+}
+```

.claude/skills/vercel-react-best-practices/rules/client-localstorage-schema.md

@@ -0,0 +1,71 @@
+---
+title: Version and Minimize localStorage Data
+impact: MEDIUM
+impactDescription: prevents schema conflicts, reduces storage size
+tags: client, localStorage, storage, versioning, data-minimization
+---
+
+## Version and Minimize localStorage Data
+
+Add version prefix to keys and store only needed fields. Prevents schema conflicts and accidental storage of sensitive data.
+
+**Incorrect:**
+
+```typescript
+// No version, stores everything, no error handling
+localStorage.setItem('userConfig', JSON.stringify(fullUserObject))
+const data = localStorage.getItem('userConfig')
+```
+
+**Correct:**
+
+```typescript
+const VERSION = 'v2'
+
+function saveConfig(config: { theme: string; language: string }) {
+  try {
+    localStorage.setItem(`userConfig:${VERSION}`, JSON.stringify(config))
+  } catch {
+    // Throws in incognito/private browsing, quota exceeded, or disabled
+  }
+}
+
+function loadConfig() {
+  try {
+    const data = localStorage.getItem(`userConfig:${VERSION}`)
+    return data ? JSON.parse(data) : null
+  } catch {
+    return null
+  }
+}
+
+// Migration from v1 to v2
+function migrate() {
+  try {
+    const v1 = localStorage.getItem('userConfig:v1')
+    if (v1) {
+      const old = JSON.parse(v1)
+      saveConfig({ theme: old.darkMode ? 'dark' : 'light', language: old.lang })
+      localStorage.removeItem('userConfig:v1')
+    }
+  } catch {}
+}
+```
+
+**Store minimal fields from server responses:**
+
+```typescript
+// User object has 20+ fields, only store what UI needs
+function cachePrefs(user: FullUser) {
+  try {
+    localStorage.setItem('prefs:v1', JSON.stringify({
+      theme: user.preferences.theme,
+      notifications: user.preferences.notifications
+    }))
+  } catch {}
+}
+```
+
+**Always wrap in try-catch:** `getItem()` and `setItem()` throw in incognito/private browsing (Safari, Firefox), when quota exceeded, or when disabled.
+
+**Benefits:** Schema evolution via versioning, reduced storage size, prevents storing tokens/PII/internal flags.

.claude/skills/vercel-react-best-practices/rules/client-passive-event-listeners.md

@@ -0,0 +1,48 @@
+---
+title: Use Passive Event Listeners for Scrolling Performance
+impact: MEDIUM
+impactDescription: eliminates scroll delay caused by event listeners
+tags: client, event-listeners, scrolling, performance, touch, wheel
+---
+
+## Use Passive Event Listeners for Scrolling Performance
+
+Add `{ passive: true }` to touch and wheel event listeners to enable immediate scrolling. Browsers normally wait for listeners to finish to check if `preventDefault()` is called, causing scroll delay.
+
+**Incorrect:**
+
+```typescript
+useEffect(() => {
+  const handleTouch = (e: TouchEvent) => console.log(e.touches[0].clientX)
+  const handleWheel = (e: WheelEvent) => console.log(e.deltaY)
+  
+  document.addEventListener('touchstart', handleTouch)
+  document.addEventListener('wheel', handleWheel)
+  
+  return () => {
+    document.removeEventListener('touchstart', handleTouch)
+    document.removeEventListener('wheel', handleWheel)
+  }
+}, [])
+```
+
+**Correct:**
+
+```typescript
+useEffect(() => {
+  const handleTouch = (e: TouchEvent) => console.log(e.touches[0].clientX)
+  const handleWheel = (e: WheelEvent) => console.log(e.deltaY)
+  
+  document.addEventListener('touchstart', handleTouch, { passive: true })
+  document.addEventListener('wheel', handleWheel, { passive: true })
+  
+  return () => {
+    document.removeEventListener('touchstart', handleTouch)
+    document.removeEventListener('wheel', handleWheel)
+  }
+}, [])
+```
+
+**Use passive when:** tracking/analytics, logging, any listener that doesn't call `preventDefault()`.
+
+**Don't use passive when:** implementing custom swipe gestures, custom zoom controls, or any listener that needs `preventDefault()`.

.claude/skills/vercel-react-best-practices/rules/client-swr-dedup.md

@@ -0,0 +1,56 @@
+---
+title: Use SWR for Automatic Deduplication
+impact: MEDIUM-HIGH
+impactDescription: automatic deduplication
+tags: client, swr, deduplication, data-fetching
+---
+
+## Use SWR for Automatic Deduplication
+
+SWR enables request deduplication, caching, and revalidation across component instances.
+
+**Incorrect (no deduplication, each instance fetches):**
+
+```tsx
+function UserList() {
+  const [users, setUsers] = useState([])
+  useEffect(() => {
+    fetch('/api/users')
+      .then(r => r.json())
+      .then(setUsers)
+  }, [])
+}
+```
+
+**Correct (multiple instances share one request):**
+
+```tsx
+import useSWR from 'swr'
+
+function UserList() {
+  const { data: users } = useSWR('/api/users', fetcher)
+}
+```
+
+**For immutable data:**
+
+```tsx
+import { useImmutableSWR } from '@/lib/swr'
+
+function StaticContent() {
+  const { data } = useImmutableSWR('/api/config', fetcher)
+}
+```
+
+**For mutations:**
+
+```tsx
+import { useSWRMutation } from 'swr/mutation'
+
+function UpdateButton() {
+  const { trigger } = useSWRMutation('/api/user', updateUser)
+  return <button onClick={() => trigger()}>Update</button>
+}
+```
+
+Reference: [https://swr.vercel.app](https://swr.vercel.app)

.claude/skills/vercel-react-best-practices/rules/js-batch-dom-css.md

@@ -0,0 +1,82 @@
+---
+title: Batch DOM CSS Changes
+impact: MEDIUM
+impactDescription: reduces reflows/repaints
+tags: javascript, dom, css, performance, reflow
+---
+
+## Batch DOM CSS Changes
+
+Avoid changing styles one property at a time. Group multiple CSS changes together via classes or `cssText` to minimize browser reflows.
+
+**Incorrect (multiple reflows):**
+
+```typescript
+function updateElementStyles(element: HTMLElement) {
+  // Each line triggers a reflow
+  element.style.width = '100px'
+  element.style.height = '200px'
+  element.style.backgroundColor = 'blue'
+  element.style.border = '1px solid black'
+}
+```
+
+**Correct (add class - single reflow):**
+
+```typescript
+// CSS file
+.highlighted-box {
+  width: 100px;
+  height: 200px;
+  background-color: blue;
+  border: 1px solid black;
+}
+
+// JavaScript
+function updateElementStyles(element: HTMLElement) {
+  element.classList.add('highlighted-box')
+}
+```
+
+**Correct (change cssText - single reflow):**
+
+```typescript
+function updateElementStyles(element: HTMLElement) {
+  element.style.cssText = `
+    width: 100px;
+    height: 200px;
+    background-color: blue;
+    border: 1px solid black;
+  `
+}
+```
+
+**React example:**
+
+```tsx
+// Incorrect: changing styles one by one
+function Box({ isHighlighted }: { isHighlighted: boolean }) {
+  const ref = useRef<HTMLDivElement>(null)
+  
+  useEffect(() => {
+    if (ref.current && isHighlighted) {
+      ref.current.style.width = '100px'
+      ref.current.style.height = '200px'
+      ref.current.style.backgroundColor = 'blue'
+    }
+  }, [isHighlighted])
+  
+  return <div ref={ref}>Content</div>
+}
+
+// Correct: toggle class
+function Box({ isHighlighted }: { isHighlighted: boolean }) {
+  return (
+    <div className={isHighlighted ? 'highlighted-box' : ''}>
+      Content
+    </div>
+  )
+}
+```
+
+Prefer CSS classes over inline styles when possible. Classes are cached by the browser and provide better separation of concerns.

.claude/skills/vercel-react-best-practices/rules/js-cache-function-results.md

@@ -0,0 +1,80 @@
+---
+title: Cache Repeated Function Calls
+impact: MEDIUM
+impactDescription: avoid redundant computation
+tags: javascript, cache, memoization, performance
+---
+
+## Cache Repeated Function Calls
+
+Use a module-level Map to cache function results when the same function is called repeatedly with the same inputs during render.
+
+**Incorrect (redundant computation):**
+
+```typescript
+function ProjectList({ projects }: { projects: Project[] }) {
+  return (
+    <div>
+      {projects.map(project => {
+        // slugify() called 100+ times for same project names
+        const slug = slugify(project.name)
+        
+        return <ProjectCard key={project.id} slug={slug} />
+      })}
+    </div>
+  )
+}
+```
+
+**Correct (cached results):**
+
+```typescript
+// Module-level cache
+const slugifyCache = new Map<string, string>()
+
+function cachedSlugify(text: string): string {
+  if (slugifyCache.has(text)) {
+    return slugifyCache.get(text)!
+  }
+  const result = slugify(text)
+  slugifyCache.set(text, result)
+  return result
+}
+
+function ProjectList({ projects }: { projects: Project[] }) {
+  return (
+    <div>
+      {projects.map(project => {
+        // Computed only once per unique project name
+        const slug = cachedSlugify(project.name)
+        
+        return <ProjectCard key={project.id} slug={slug} />
+      })}
+    </div>
+  )
+}
+```
+
+**Simpler pattern for single-value functions:**
+
+```typescript
+let isLoggedInCache: boolean | null = null
+
+function isLoggedIn(): boolean {
+  if (isLoggedInCache !== null) {
+    return isLoggedInCache
+  }
+  
+  isLoggedInCache = document.cookie.includes('auth=')
+  return isLoggedInCache
+}
+
+// Clear cache when auth changes
+function onAuthChange() {
+  isLoggedInCache = null
+}
+```
+
+Use a Map (not a hook) so it works everywhere: utilities, event handlers, not just React components.
+
+Reference: [How we made the Vercel Dashboard twice as fast](https://vercel.com/blog/how-we-made-the-vercel-dashboard-twice-as-fast)

.claude/skills/vercel-react-best-practices/rules/js-cache-property-access.md

@@ -0,0 +1,28 @@
+---
+title: Cache Property Access in Loops
+impact: LOW-MEDIUM
+impactDescription: reduces lookups
+tags: javascript, loops, optimization, caching
+---
+
+## Cache Property Access in Loops
+
+Cache object property lookups in hot paths.
+
+**Incorrect (3 lookups × N iterations):**
+
+```typescript
+for (let i = 0; i < arr.length; i++) {
+  process(obj.config.settings.value)
+}
+```
+
+**Correct (1 lookup total):**
+
+```typescript
+const value = obj.config.settings.value
+const len = arr.length
+for (let i = 0; i < len; i++) {
+  process(value)
+}
+```

.claude/skills/vercel-react-best-practices/rules/js-cache-storage.md

@@ -0,0 +1,70 @@
+---
+title: Cache Storage API Calls
+impact: LOW-MEDIUM
+impactDescription: reduces expensive I/O
+tags: javascript, localStorage, storage, caching, performance
+---
+
+## Cache Storage API Calls
+
+`localStorage`, `sessionStorage`, and `document.cookie` are synchronous and expensive. Cache reads in memory.
+
+**Incorrect (reads storage on every call):**
+
+```typescript
+function getTheme() {
+  return localStorage.getItem('theme') ?? 'light'
+}
+// Called 10 times = 10 storage reads
+```
+
+**Correct (Map cache):**
+
+```typescript
+const storageCache = new Map<string, string | null>()
+
+function getLocalStorage(key: string) {
+  if (!storageCache.has(key)) {
+    storageCache.set(key, localStorage.getItem(key))
+  }
+  return storageCache.get(key)
+}
+
+function setLocalStorage(key: string, value: string) {
+  localStorage.setItem(key, value)
+  storageCache.set(key, value)  // keep cache in sync
+}
+```
+
+Use a Map (not a hook) so it works everywhere: utilities, event handlers, not just React components.
+
+**Cookie caching:**
+
+```typescript
+let cookieCache: Record<string, string> | null = null
+
+function getCookie(name: string) {
+  if (!cookieCache) {
+    cookieCache = Object.fromEntries(
+      document.cookie.split('; ').map(c => c.split('='))
+    )
+  }
+  return cookieCache[name]
+}
+```
+
+**Important (invalidate on external changes):**
+
+If storage can change externally (another tab, server-set cookies), invalidate cache:
+
+```typescript
+window.addEventListener('storage', (e) => {
+  if (e.key) storageCache.delete(e.key)
+})
+
+document.addEventListener('visibilitychange', () => {
+  if (document.visibilityState === 'visible') {
+    storageCache.clear()
+  }
+})
+```

.claude/skills/vercel-react-best-practices/rules/js-combine-iterations.md

@@ -0,0 +1,32 @@
+---
+title: Combine Multiple Array Iterations
+impact: LOW-MEDIUM
+impactDescription: reduces iterations
+tags: javascript, arrays, loops, performance
+---
+
+## Combine Multiple Array Iterations
+
+Multiple `.filter()` or `.map()` calls iterate the array multiple times. Combine into one loop.
+
+**Incorrect (3 iterations):**
+
+```typescript
+const admins = users.filter(u => u.isAdmin)
+const testers = users.filter(u => u.isTester)
+const inactive = users.filter(u => !u.isActive)
+```
+
+**Correct (1 iteration):**
+
+```typescript
+const admins: User[] = []
+const testers: User[] = []
+const inactive: User[] = []
+
+for (const user of users) {
+  if (user.isAdmin) admins.push(user)
+  if (user.isTester) testers.push(user)
+  if (!user.isActive) inactive.push(user)
+}
+```

.claude/skills/vercel-react-best-practices/rules/js-early-exit.md

@@ -0,0 +1,50 @@
+---
+title: Early Return from Functions
+impact: LOW-MEDIUM
+impactDescription: avoids unnecessary computation
+tags: javascript, functions, optimization, early-return
+---
+
+## Early Return from Functions
+
+Return early when result is determined to skip unnecessary processing.
+
+**Incorrect (processes all items even after finding answer):**
+
+```typescript
+function validateUsers(users: User[]) {
+  let hasError = false
+  let errorMessage = ''
+  
+  for (const user of users) {
+    if (!user.email) {
+      hasError = true
+      errorMessage = 'Email required'
+    }
+    if (!user.name) {
+      hasError = true
+      errorMessage = 'Name required'
+    }
+    // Continues checking all users even after error found
+  }
+  
+  return hasError ? { valid: false, error: errorMessage } : { valid: true }
+}
+```
+
+**Correct (returns immediately on first error):**
+
+```typescript
+function validateUsers(users: User[]) {
+  for (const user of users) {
+    if (!user.email) {
+      return { valid: false, error: 'Email required' }
+    }
+    if (!user.name) {
+      return { valid: false, error: 'Name required' }
+    }
+  }
+
+  return { valid: true }
+}
+```

.claude/skills/vercel-react-best-practices/rules/js-hoist-regexp.md

@@ -0,0 +1,45 @@
+---
+title: Hoist RegExp Creation
+impact: LOW-MEDIUM
+impactDescription: avoids recreation
+tags: javascript, regexp, optimization, memoization
+---
+
+## Hoist RegExp Creation
+
+Don't create RegExp inside render. Hoist to module scope or memoize with `useMemo()`.
+
+**Incorrect (new RegExp every render):**
+
+```tsx
+function Highlighter({ text, query }: Props) {
+  const regex = new RegExp(`(${query})`, 'gi')
+  const parts = text.split(regex)
+  return <>{parts.map((part, i) => ...)}</>
+}
+```
+
+**Correct (memoize or hoist):**
+
+```tsx
+const EMAIL_REGEX = /^[^\s@]+@[^\s@]+\.[^\s@]+$/
+
+function Highlighter({ text, query }: Props) {
+  const regex = useMemo(
+    () => new RegExp(`(${escapeRegex(query)})`, 'gi'),
+    [query]
+  )
+  const parts = text.split(regex)
+  return <>{parts.map((part, i) => ...)}</>
+}
+```
+
+**Warning (global regex has mutable state):**
+
+Global regex (`/g`) has mutable `lastIndex` state:
+
+```typescript
+const regex = /foo/g
+regex.test('foo')  // true, lastIndex = 3
+regex.test('foo')  // false, lastIndex = 0
+```

.claude/skills/vercel-react-best-practices/rules/js-index-maps.md

@@ -0,0 +1,37 @@
+---
+title: Build Index Maps for Repeated Lookups
+impact: LOW-MEDIUM
+impactDescription: 1M ops to 2K ops
+tags: javascript, map, indexing, optimization, performance
+---
+
+## Build Index Maps for Repeated Lookups
+
+Multiple `.find()` calls by the same key should use a Map.
+
+**Incorrect (O(n) per lookup):**
+
+```typescript
+function processOrders(orders: Order[], users: User[]) {
+  return orders.map(order => ({
+    ...order,
+    user: users.find(u => u.id === order.userId)
+  }))
+}
+```
+
+**Correct (O(1) per lookup):**
+
+```typescript
+function processOrders(orders: Order[], users: User[]) {
+  const userById = new Map(users.map(u => [u.id, u]))
+
+  return orders.map(order => ({
+    ...order,
+    user: userById.get(order.userId)
+  }))
+}
+```
+
+Build map once (O(n)), then all lookups are O(1).
+For 1000 orders × 1000 users: 1M ops → 2K ops.

.claude/skills/vercel-react-best-practices/rules/js-length-check-first.md

@@ -0,0 +1,49 @@
+---
+title: Early Length Check for Array Comparisons
+impact: MEDIUM-HIGH
+impactDescription: avoids expensive operations when lengths differ
+tags: javascript, arrays, performance, optimization, comparison
+---
+
+## Early Length Check for Array Comparisons
+
+When comparing arrays with expensive operations (sorting, deep equality, serialization), check lengths first. If lengths differ, the arrays cannot be equal.
+
+In real-world applications, this optimization is especially valuable when the comparison runs in hot paths (event handlers, render loops).
+
+**Incorrect (always runs expensive comparison):**
+
+```typescript
+function hasChanges(current: string[], original: string[]) {
+  // Always sorts and joins, even when lengths differ
+  return current.sort().join() !== original.sort().join()
+}
+```
+
+Two O(n log n) sorts run even when `current.length` is 5 and `original.length` is 100. There is also overhead of joining the arrays and comparing the strings.
+
+**Correct (O(1) length check first):**
+
+```typescript
+function hasChanges(current: string[], original: string[]) {
+  // Early return if lengths differ
+  if (current.length !== original.length) {
+    return true
+  }
+  // Only sort/join when lengths match
+  const currentSorted = current.toSorted()
+  const originalSorted = original.toSorted()
+  for (let i = 0; i < currentSorted.length; i++) {
+    if (currentSorted[i] !== originalSorted[i]) {
+      return true
+    }
+  }
+  return false
+}
+```
+
+This new approach is more efficient because:
+- It avoids the overhead of sorting and joining the arrays when lengths differ
+- It avoids consuming memory for the joined strings (especially important for large arrays)
+- It avoids mutating the original arrays
+- It returns early when a difference is found

.claude/skills/vercel-react-best-practices/rules/js-min-max-loop.md

@@ -0,0 +1,82 @@
+---
+title: Use Loop for Min/Max Instead of Sort
+impact: LOW
+impactDescription: O(n) instead of O(n log n)
+tags: javascript, arrays, performance, sorting, algorithms
+---
+
+## Use Loop for Min/Max Instead of Sort
+
+Finding the smallest or largest element only requires a single pass through the array. Sorting is wasteful and slower.
+
+**Incorrect (O(n log n) - sort to find latest):**
+
+```typescript
+interface Project {
+  id: string
+  name: string
+  updatedAt: number
+}
+
+function getLatestProject(projects: Project[]) {
+  const sorted = [...projects].sort((a, b) => b.updatedAt - a.updatedAt)
+  return sorted[0]
+}
+```
+
+Sorts the entire array just to find the maximum value.
+
+**Incorrect (O(n log n) - sort for oldest and newest):**
+
+```typescript
+function getOldestAndNewest(projects: Project[]) {
+  const sorted = [...projects].sort((a, b) => a.updatedAt - b.updatedAt)
+  return { oldest: sorted[0], newest: sorted[sorted.length - 1] }
+}
+```
+
+Still sorts unnecessarily when only min/max are needed.
+
+**Correct (O(n) - single loop):**
+
+```typescript
+function getLatestProject(projects: Project[]) {
+  if (projects.length === 0) return null
+  
+  let latest = projects[0]
+  
+  for (let i = 1; i < projects.length; i++) {
+    if (projects[i].updatedAt > latest.updatedAt) {
+      latest = projects[i]
+    }
+  }
+  
+  return latest
+}
+
+function getOldestAndNewest(projects: Project[]) {
+  if (projects.length === 0) return { oldest: null, newest: null }
+  
+  let oldest = projects[0]
+  let newest = projects[0]
+  
+  for (let i = 1; i < projects.length; i++) {
+    if (projects[i].updatedAt < oldest.updatedAt) oldest = projects[i]
+    if (projects[i].updatedAt > newest.updatedAt) newest = projects[i]
+  }
+  
+  return { oldest, newest }
+}
+```
+
+Single pass through the array, no copying, no sorting.
+
+**Alternative (Math.min/Math.max for small arrays):**
+
+```typescript
+const numbers = [5, 2, 8, 1, 9]
+const min = Math.min(...numbers)
+const max = Math.max(...numbers)
+```
+
+This works for small arrays but can be slower for very large arrays due to spread operator limitations. Use the loop approach for reliability.

.claude/skills/vercel-react-best-practices/rules/js-set-map-lookups.md

@@ -0,0 +1,24 @@
+---
+title: Use Set/Map for O(1) Lookups
+impact: LOW-MEDIUM
+impactDescription: O(n) to O(1)
+tags: javascript, set, map, data-structures, performance
+---
+
+## Use Set/Map for O(1) Lookups
+
+Convert arrays to Set/Map for repeated membership checks.
+
+**Incorrect (O(n) per check):**
+
+```typescript
+const allowedIds = ['a', 'b', 'c', ...]
+items.filter(item => allowedIds.includes(item.id))
+```
+
+**Correct (O(1) per check):**
+
+```typescript
+const allowedIds = new Set(['a', 'b', 'c', ...])
+items.filter(item => allowedIds.has(item.id))
+```

.claude/skills/vercel-react-best-practices/rules/js-tosorted-immutable.md

@@ -0,0 +1,57 @@
+---
+title: Use toSorted() Instead of sort() for Immutability
+impact: MEDIUM-HIGH
+impactDescription: prevents mutation bugs in React state
+tags: javascript, arrays, immutability, react, state, mutation
+---
+
+## Use toSorted() Instead of sort() for Immutability
+
+`.sort()` mutates the array in place, which can cause bugs with React state and props. Use `.toSorted()` to create a new sorted array without mutation.
+
+**Incorrect (mutates original array):**
+
+```typescript
+function UserList({ users }: { users: User[] }) {
+  // Mutates the users prop array!
+  const sorted = useMemo(
+    () => users.sort((a, b) => a.name.localeCompare(b.name)),
+    [users]
+  )
+  return <div>{sorted.map(renderUser)}</div>
+}
+```
+
+**Correct (creates new array):**
+
+```typescript
+function UserList({ users }: { users: User[] }) {
+  // Creates new sorted array, original unchanged
+  const sorted = useMemo(
+    () => users.toSorted((a, b) => a.name.localeCompare(b.name)),
+    [users]
+  )
+  return <div>{sorted.map(renderUser)}</div>
+}
+```
+
+**Why this matters in React:**
+
+1. Props/state mutations break React's immutability model - React expects props and state to be treated as read-only
+2. Causes stale closure bugs - Mutating arrays inside closures (callbacks, effects) can lead to unexpected behavior
+
+**Browser support (fallback for older browsers):**
+
+`.toSorted()` is available in all modern browsers (Chrome 110+, Safari 16+, Firefox 115+, Node.js 20+). For older environments, use spread operator:
+
+```typescript
+// Fallback for older browsers
+const sorted = [...items].sort((a, b) => a.value - b.value)
+```
+
+**Other immutable array methods:**
+
+- `.toSorted()` - immutable sort
+- `.toReversed()` - immutable reverse
+- `.toSpliced()` - immutable splice
+- `.with()` - immutable element replacement

.claude/skills/vercel-react-best-practices/rules/rendering-animate-svg-wrapper.md

@@ -0,0 +1,47 @@
+---
+title: Animate SVG Wrapper Instead of SVG Element
+impact: LOW
+impactDescription: enables hardware acceleration
+tags: rendering, svg, css, animation, performance
+---
+
+## Animate SVG Wrapper Instead of SVG Element
+
+Many browsers don't have hardware acceleration for CSS3 animations on SVG elements. Wrap SVG in a `<div>` and animate the wrapper instead.
+
+**Incorrect (animating SVG directly - no hardware acceleration):**
+
+```tsx
+function LoadingSpinner() {
+  return (
+    <svg 
+      className="animate-spin"
+      width="24" 
+      height="24" 
+      viewBox="0 0 24 24"
+    >
+      <circle cx="12" cy="12" r="10" stroke="currentColor" />
+    </svg>
+  )
+}
+```
+
+**Correct (animating wrapper div - hardware accelerated):**
+
+```tsx
+function LoadingSpinner() {
+  return (
+    <div className="animate-spin">
+      <svg 
+        width="24" 
+        height="24" 
+        viewBox="0 0 24 24"
+      >
+        <circle cx="12" cy="12" r="10" stroke="currentColor" />
+      </svg>
+    </div>
+  )
+}
+```
+
+This applies to all CSS transforms and transitions (`transform`, `opacity`, `translate`, `scale`, `rotate`). The wrapper div allows browsers to use GPU acceleration for smoother animations.

.claude/skills/vercel-react-best-practices/rules/rendering-conditional-render.md

@@ -0,0 +1,40 @@
+---
+title: Use Explicit Conditional Rendering
+impact: LOW
+impactDescription: prevents rendering 0 or NaN
+tags: rendering, conditional, jsx, falsy-values
+---
+
+## Use Explicit Conditional Rendering
+
+Use explicit ternary operators (`? :`) instead of `&&` for conditional rendering when the condition can be `0`, `NaN`, or other falsy values that render.
+
+**Incorrect (renders "0" when count is 0):**
+
+```tsx
+function Badge({ count }: { count: number }) {
+  return (
+    <div>
+      {count && <span className="badge">{count}</span>}
+    </div>
+  )
+}
+
+// When count = 0, renders: <div>0</div>
+// When count = 5, renders: <div><span class="badge">5</span></div>
+```
+
+**Correct (renders nothing when count is 0):**
+
+```tsx
+function Badge({ count }: { count: number }) {
+  return (
+    <div>
+      {count > 0 ? <span className="badge">{count}</span> : null}
+    </div>
+  )
+}
+
+// When count = 0, renders: <div></div>
+// When count = 5, renders: <div><span class="badge">5</span></div>
+```

.claude/skills/vercel-react-best-practices/rules/rendering-content-visibility.md

@@ -0,0 +1,38 @@
+---
+title: CSS content-visibility for Long Lists
+impact: HIGH
+impactDescription: faster initial render
+tags: rendering, css, content-visibility, long-lists
+---
+
+## CSS content-visibility for Long Lists
+
+Apply `content-visibility: auto` to defer off-screen rendering.
+
+**CSS:**
+
+```css
+.message-item {
+  content-visibility: auto;
+  contain-intrinsic-size: 0 80px;
+}
+```
+
+**Example:**
+
+```tsx
+function MessageList({ messages }: { messages: Message[] }) {
+  return (
+    <div className="overflow-y-auto h-screen">
+      {messages.map(msg => (
+        <div key={msg.id} className="message-item">
+          <Avatar user={msg.author} />
+          <div>{msg.content}</div>
+        </div>
+      ))}
+    </div>
+  )
+}
+```
+
+For 1000 messages, browser skips layout/paint for ~990 off-screen items (10× faster initial render).

.claude/skills/vercel-react-best-practices/rules/rendering-hoist-jsx.md

@@ -0,0 +1,46 @@
+---
+title: Hoist Static JSX Elements
+impact: LOW
+impactDescription: avoids re-creation
+tags: rendering, jsx, static, optimization
+---
+
+## Hoist Static JSX Elements
+
+Extract static JSX outside components to avoid re-creation.
+
+**Incorrect (recreates element every render):**
+
+```tsx
+function LoadingSkeleton() {
+  return <div className="animate-pulse h-20 bg-gray-200" />
+}
+
+function Container() {
+  return (
+    <div>
+      {loading && <LoadingSkeleton />}
+    </div>
+  )
+}
+```
+
+**Correct (reuses same element):**
+
+```tsx
+const loadingSkeleton = (
+  <div className="animate-pulse h-20 bg-gray-200" />
+)
+
+function Container() {
+  return (
+    <div>
+      {loading && loadingSkeleton}
+    </div>
+  )
+}
+```
+
+This is especially helpful for large and static SVG nodes, which can be expensive to recreate on every render.
+
+**Note:** If your project has [React Compiler](https://react.dev/learn/react-compiler) enabled, the compiler automatically hoists static JSX elements and optimizes component re-renders, making manual hoisting unnecessary.

.claude/skills/vercel-react-best-practices/rules/rendering-svg-precision.md

@@ -0,0 +1,28 @@
+---
+title: Optimize SVG Precision
+impact: LOW
+impactDescription: reduces file size
+tags: rendering, svg, optimization, svgo
+---
+
+## Optimize SVG Precision
+
+Reduce SVG coordinate precision to decrease file size. The optimal precision depends on the viewBox size, but in general reducing precision should be considered.
+
+**Incorrect (excessive precision):**
+
+```svg
+<path d="M 10.293847 20.847362 L 30.938472 40.192837" />
+```
+
+**Correct (1 decimal place):**
+
+```svg
+<path d="M 10.3 20.8 L 30.9 40.2" />
+```
+
+**Automate with SVGO:**
+
+```bash
+npx svgo --precision=1 --multipass icon.svg
+```

.claude/skills/vercel-react-best-practices/rules/rerender-defer-reads.md

@@ -0,0 +1,39 @@
+---
+title: Defer State Reads to Usage Point
+impact: MEDIUM
+impactDescription: avoids unnecessary subscriptions
+tags: rerender, searchParams, localStorage, optimization
+---
+
+## Defer State Reads to Usage Point
+
+Don't subscribe to dynamic state (searchParams, localStorage) if you only read it inside callbacks.
+
+**Incorrect (subscribes to all searchParams changes):**
+
+```tsx
+function ShareButton({ chatId }: { chatId: string }) {
+  const searchParams = useSearchParams()
+
+  const handleShare = () => {
+    const ref = searchParams.get('ref')
+    shareChat(chatId, { ref })
+  }
+
+  return <button onClick={handleShare}>Share</button>
+}
+```
+
+**Correct (reads on demand, no subscription):**
+
+```tsx
+function ShareButton({ chatId }: { chatId: string }) {
+  const handleShare = () => {
+    const params = new URLSearchParams(window.location.search)
+    const ref = params.get('ref')
+    shareChat(chatId, { ref })
+  }
+
+  return <button onClick={handleShare}>Share</button>
+}
+```

.claude/skills/vercel-react-best-practices/rules/rerender-dependencies.md

@@ -0,0 +1,45 @@
+---
+title: Narrow Effect Dependencies
+impact: LOW
+impactDescription: minimizes effect re-runs
+tags: rerender, useEffect, dependencies, optimization
+---
+
+## Narrow Effect Dependencies
+
+Specify primitive dependencies instead of objects to minimize effect re-runs.
+
+**Incorrect (re-runs on any user field change):**
+
+```tsx
+useEffect(() => {
+  console.log(user.id)
+}, [user])
+```
+
+**Correct (re-runs only when id changes):**
+
+```tsx
+useEffect(() => {
+  console.log(user.id)
+}, [user.id])
+```
+
+**For derived state, compute outside effect:**
+
+```tsx
+// Incorrect: runs on width=767, 766, 765...
+useEffect(() => {
+  if (width < 768) {
+    enableMobileMode()
+  }
+}, [width])
+
+// Correct: runs only on boolean transition
+const isMobile = width < 768
+useEffect(() => {
+  if (isMobile) {
+    enableMobileMode()
+  }
+}, [isMobile])
+```

.claude/skills/vercel-react-best-practices/rules/rerender-derived-state.md

@@ -0,0 +1,29 @@
+---
+title: Subscribe to Derived State
+impact: MEDIUM
+impactDescription: reduces re-render frequency
+tags: rerender, derived-state, media-query, optimization
+---
+
+## Subscribe to Derived State
+
+Subscribe to derived boolean state instead of continuous values to reduce re-render frequency.
+
+**Incorrect (re-renders on every pixel change):**
+
+```tsx
+function Sidebar() {
+  const width = useWindowWidth()  // updates continuously
+  const isMobile = width < 768
+  return <nav className={isMobile ? 'mobile' : 'desktop'} />
+}
+```
+
+**Correct (re-renders only when boolean changes):**
+
+```tsx
+function Sidebar() {
+  const isMobile = useMediaQuery('(max-width: 767px)')
+  return <nav className={isMobile ? 'mobile' : 'desktop'} />
+}
+```

.claude/skills/vercel-react-best-practices/rules/rerender-functional-setstate.md

@@ -0,0 +1,74 @@
+---
+title: Use Functional setState Updates
+impact: MEDIUM
+impactDescription: prevents stale closures and unnecessary callback recreations
+tags: react, hooks, useState, useCallback, callbacks, closures
+---
+
+## Use Functional setState Updates
+
+When updating state based on the current state value, use the functional update form of setState instead of directly referencing the state variable. This prevents stale closures, eliminates unnecessary dependencies, and creates stable callback references.
+
+**Incorrect (requires state as dependency):**
+
+```tsx
+function TodoList() {
+  const [items, setItems] = useState(initialItems)
+  
+  // Callback must depend on items, recreated on every items change
+  const addItems = useCallback((newItems: Item[]) => {
+    setItems([...items, ...newItems])
+  }, [items])  // ❌ items dependency causes recreations
+  
+  // Risk of stale closure if dependency is forgotten
+  const removeItem = useCallback((id: string) => {
+    setItems(items.filter(item => item.id !== id))
+  }, [])  // ❌ Missing items dependency - will use stale items!
+  
+  return <ItemsEditor items={items} onAdd={addItems} onRemove={removeItem} />
+}
+```
+
+The first callback is recreated every time `items` changes, which can cause child components to re-render unnecessarily. The second callback has a stale closure bug—it will always reference the initial `items` value.
+
+**Correct (stable callbacks, no stale closures):**
+
+```tsx
+function TodoList() {
+  const [items, setItems] = useState(initialItems)
+  
+  // Stable callback, never recreated
+  const addItems = useCallback((newItems: Item[]) => {
+    setItems(curr => [...curr, ...newItems])
+  }, [])  // ✅ No dependencies needed
+  
+  // Always uses latest state, no stale closure risk
+  const removeItem = useCallback((id: string) => {
+    setItems(curr => curr.filter(item => item.id !== id))
+  }, [])  // ✅ Safe and stable
+  
+  return <ItemsEditor items={items} onAdd={addItems} onRemove={removeItem} />
+}
+```
+
+**Benefits:**
+
+1. **Stable callback references** - Callbacks don't need to be recreated when state changes
+2. **No stale closures** - Always operates on the latest state value
+3. **Fewer dependencies** - Simplifies dependency arrays and reduces memory leaks
+4. **Prevents bugs** - Eliminates the most common source of React closure bugs
+
+**When to use functional updates:**
+
+- Any setState that depends on the current state value
+- Inside useCallback/useMemo when state is needed
+- Event handlers that reference state
+- Async operations that update state
+
+**When direct updates are fine:**
+
+- Setting state to a static value: `setCount(0)`
+- Setting state from props/arguments only: `setName(newName)`
+- State doesn't depend on previous value
+
+**Note:** If your project has [React Compiler](https://react.dev/learn/react-compiler) enabled, the compiler can automatically optimize some cases, but functional updates are still recommended for correctness and to prevent stale closure bugs.

.claude/skills/vercel-react-best-practices/rules/rerender-lazy-state-init.md

@@ -0,0 +1,58 @@
+---
+title: Use Lazy State Initialization
+impact: MEDIUM
+impactDescription: wasted computation on every render
+tags: react, hooks, useState, performance, initialization
+---
+
+## Use Lazy State Initialization
+
+Pass a function to `useState` for expensive initial values. Without the function form, the initializer runs on every render even though the value is only used once.
+
+**Incorrect (runs on every render):**
+
+```tsx
+function FilteredList({ items }: { items: Item[] }) {
+  // buildSearchIndex() runs on EVERY render, even after initialization
+  const [searchIndex, setSearchIndex] = useState(buildSearchIndex(items))
+  const [query, setQuery] = useState('')
+  
+  // When query changes, buildSearchIndex runs again unnecessarily
+  return <SearchResults index={searchIndex} query={query} />
+}
+
+function UserProfile() {
+  // JSON.parse runs on every render
+  const [settings, setSettings] = useState(
+    JSON.parse(localStorage.getItem('settings') || '{}')
+  )
+  
+  return <SettingsForm settings={settings} onChange={setSettings} />
+}
+```
+
+**Correct (runs only once):**
+
+```tsx
+function FilteredList({ items }: { items: Item[] }) {
+  // buildSearchIndex() runs ONLY on initial render
+  const [searchIndex, setSearchIndex] = useState(() => buildSearchIndex(items))
+  const [query, setQuery] = useState('')
+  
+  return <SearchResults index={searchIndex} query={query} />
+}
+
+function UserProfile() {
+  // JSON.parse runs only on initial render
+  const [settings, setSettings] = useState(() => {
+    const stored = localStorage.getItem('settings')
+    return stored ? JSON.parse(stored) : {}
+  })
+  
+  return <SettingsForm settings={settings} onChange={setSettings} />
+}
+```
+
+Use lazy initialization when computing initial values from localStorage/sessionStorage, building data structures (indexes, maps), reading from the DOM, or performing heavy transformations.
+
+For simple primitives (`useState(0)`), direct references (`useState(props.value)`), or cheap literals (`useState({})`), the function form is unnecessary.

.claude/skills/vercel-react-best-practices/rules/rerender-memo.md

@@ -0,0 +1,44 @@
+---
+title: Extract to Memoized Components
+impact: MEDIUM
+impactDescription: enables early returns
+tags: rerender, memo, useMemo, optimization
+---
+
+## Extract to Memoized Components
+
+Extract expensive work into memoized components to enable early returns before computation.
+
+**Incorrect (computes avatar even when loading):**
+
+```tsx
+function Profile({ user, loading }: Props) {
+  const avatar = useMemo(() => {
+    const id = computeAvatarId(user)
+    return <Avatar id={id} />
+  }, [user])
+
+  if (loading) return <Skeleton />
+  return <div>{avatar}</div>
+}
+```
+
+**Correct (skips computation when loading):**
+
+```tsx
+const UserAvatar = memo(function UserAvatar({ user }: { user: User }) {
+  const id = useMemo(() => computeAvatarId(user), [user])
+  return <Avatar id={id} />
+})
+
+function Profile({ user, loading }: Props) {
+  if (loading) return <Skeleton />
+  return (
+    <div>
+      <UserAvatar user={user} />
+    </div>
+  )
+}
+```
+
+**Note:** If your project has [React Compiler](https://react.dev/learn/react-compiler) enabled, manual memoization with `memo()` and `useMemo()` is not necessary. The compiler automatically optimizes re-renders.

.claude/skills/vercel-react-best-practices/rules/rerender-transitions.md

@@ -0,0 +1,40 @@
+---
+title: Use Transitions for Non-Urgent Updates
+impact: MEDIUM
+impactDescription: maintains UI responsiveness
+tags: rerender, transitions, startTransition, performance
+---
+
+## Use Transitions for Non-Urgent Updates
+
+Mark frequent, non-urgent state updates as transitions to maintain UI responsiveness.
+
+**Incorrect (blocks UI on every scroll):**
+
+```tsx
+function ScrollTracker() {
+  const [scrollY, setScrollY] = useState(0)
+  useEffect(() => {
+    const handler = () => setScrollY(window.scrollY)
+    window.addEventListener('scroll', handler, { passive: true })
+    return () => window.removeEventListener('scroll', handler)
+  }, [])
+}
+```
+
+**Correct (non-blocking updates):**
+
+```tsx
+import { startTransition } from 'react'
+
+function ScrollTracker() {
+  const [scrollY, setScrollY] = useState(0)
+  useEffect(() => {
+    const handler = () => {
+      startTransition(() => setScrollY(window.scrollY))
+    }
+    window.addEventListener('scroll', handler, { passive: true })
+    return () => window.removeEventListener('scroll', handler)
+  }, [])
+}
+```

.claude/skills/web-design-guidelines/SKILL.md

@@ -0,0 +1,39 @@
+---
+name: web-design-guidelines
+description: Review UI code for Web Interface Guidelines compliance. Use when asked to "review my UI", "check accessibility", "audit design", "review UX", or "check my site against best practices".
+metadata:
+  author: vercel
+  version: "1.0.0"
+  argument-hint: <file-or-pattern>
+---
+
+# Web Interface Guidelines
+
+Review files for compliance with Web Interface Guidelines.
+
+## How It Works
+
+1. Fetch the latest guidelines from the source URL below
+2. Read the specified files (or prompt user for files/pattern)
+3. Check against all rules in the fetched guidelines
+4. Output findings in the terse `file:line` format
+
+## Guidelines Source
+
+Fetch fresh guidelines before each review:
+
+```
+https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md
+```
+
+Use WebFetch to retrieve the latest rules. The fetched content contains all the rules and output format instructions.
+
+## Usage
+
+When a user provides a file or pattern argument:
+1. Fetch guidelines from the source URL above
+2. Read the specified files
+3. Apply all rules from the fetched guidelines
+4. Output findings using the format specified in the guidelines
+
+If no files specified, ask the user which files to review.

.devcontainer/devcontainer.json

@@ -10,12 +10,13 @@
 		"context": ".",
 		"dockerfile": "Dockerfile"
 	},
-	"postStartCommand": "./scripts/setup-git.sh && ./scripts/setup-nvim.sh"
+	"postCreateCommand": "bun install",
+	"postStartCommand": "./scripts/setup-git.sh && ./scripts/setup-nvim.sh",
 	// Features add additional features to your environment. See https://containers.dev/features
 	// Beware: features are not supported on all platforms and may have unintended side-effects.
-	// "features": {
-	//   "ghcr.io/devcontainers/features/docker-in-docker": {
-	//     "moby": false
-	//   }
-	// }
+	"features": {
+		"ghcr.io/tailscale/codespace/tailscale": {
+			"version": "latest"
+		}
+	}
 }

.github/workflows/build-waitlist-website.yml

@@ -0,0 +1,42 @@
+name: Build waitlist website
+
+on:
+  push:
+    branches: [master]
+    paths:
+      - apps/waitlist-website/**
+      - .github/workflows/build-waitlist-website.yml
+
+  workflow_dispatch:
+
+env:
+  REGISTRY: cr.nym.sh
+  IMAGE_NAME: aelis-waitlist-website
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Log in to container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ secrets.REGISTRY_USERNAME }}
+          password: ${{ secrets.REGISTRY_PASSWORD }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          context: apps/waitlist-website
+          push: true
+          tags: |
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max

.github/workflows/test.yml

@@ -21,4 +21,4 @@ jobs:
         run: bun install --frozen-lockfile
 
       - name: Run tests
-        run: bun test
+        run: bun run test

.gitignore

@@ -32,3 +32,4 @@ report.[0-9]_.[0-9]_.[0-9]_.[0-9]_.json
 
 # Finder (MacOS) folder config
 .DS_Store
+core

.ona/automations.yaml

@@ -0,0 +1,19 @@
+services:
+  expo:
+    name: Expo Dev Server
+    description: Expo development server for aelis-client
+    triggeredBy:
+      - postDevcontainerStart
+    commands:
+      start: cd apps/aelis-client && ./scripts/run-dev-server.sh
+
+  drizzle-studio:
+    name: Drizzle Studio
+    description: Drizzle Studio database browser for aelis-backend
+    triggeredBy:
+      - manual
+    commands:
+      start: |
+        FORWARD_URL=$(gitpod environment port open 4983 --name drizzle-studio-server | sed 's|https://||')
+        echo "Drizzle Studio: https://local.drizzle.studio/?host=${FORWARD_URL}&port=443"
+        cd apps/aelis-backend && bunx drizzle-kit studio --host 0.0.0.0 --port 4983

.oxfmtrc.json

@@ -8,5 +8,5 @@
 		"ignoreCase": true,
 		"newlinesBetween": true
 	},
-	"ignorePatterns": []
+	"ignorePatterns": [".claude", "fixtures"]
 }

AGENTS.md

@@ -0,0 +1,42 @@
+# AGENTS.md
+
+## Project
+
+AELIS is an AI-powered personal assistant that aggregates data from various sources into a contextual feed. Monorepo with `packages/` (shared libraries) and `apps/` (applications).
+
+## Commands
+
+- Install: `bun install`
+- Test: `bun test` (run in the specific package directory)
+- Lint: `bun run lint`
+- Format: `bun run format`
+- Type check: `bun tsc --noEmit`
+
+Use Bun exclusively. Do not use npm or yarn.
+
+## Code Style
+
+- File names: kebab-case (`data-source.ts`)
+- Prefer function declarations over arrow functions
+- Never use `any` - use `unknown` and narrow types
+- Enums: use const objects with corresponding types:
+  ```typescript
+  const Priority = {
+  	Low: "Low",
+  	High: "High",
+  } as const
+  type Priority = (typeof Priority)[keyof typeof Priority]
+  ```
+- File organization: types first, then primary functions, then helpers
+
+## Before Committing
+
+1. Format: `bun run format`
+2. Test the modified package: `cd packages/<package> && bun test`
+3. Fix all type errors related to your changes
+
+## Git
+
+- Branch: `feat/<task>`, `fix/<task>`, `ci/<task>`, etc.
+- Commits: conventional commit format, title <= 50 chars
+- Signing: If `GPG_PRIVATE_KEY_PASSPHRASE` env var is available, use it to sign commits with `git commit -S`

README.md

@@ -1,4 +1,4 @@
-# aris
+# aelis
 
 To install dependencies:
 
@@ -6,10 +6,25 @@ To install dependencies:
 bun install
 ```
 
-To run:
+## Packages
+
+### @aelis/source-tfl
+
+TfL (Transport for London) feed source for tube, overground, and Elizabeth line alerts.
+
+#### Testing
 
 ```bash
-bun run index.ts
+cd packages/aelis-source-tfl
+bun run test
 ```
 
-This project was created using `bun init` in bun v1.3.6. [Bun](https://bun.com) is a fast all-in-one JavaScript runtime.
+#### Fixtures
+
+Tests use fixture data from real TfL API responses stored in `fixtures/tfl-responses.json`.
+
+To refresh fixtures:
+
+```bash
+bun run fetch-fixtures
+```

apps/aelis-backend/.env.example

@@ -0,0 +1,22 @@
+# PostgreSQL connection string
+DATABASE_URL=postgresql://user:password@localhost:5432/aris
+
+# BetterAuth secret (min 32 chars, generate with: openssl rand -base64 32)
+BETTER_AUTH_SECRET=
+
+# Encryption key for source credentials at rest (32 bytes, generate with: openssl rand -base64 32)
+CREDENTIALS_ENCRYPTION_KEY=
+
+# Base URL of the backend
+BETTER_AUTH_URL=http://localhost:3000
+
+# OpenRouter (LLM feed enhancement)
+OPENROUTER_API_KEY=
+# Optional: override the default model (default: openai/gpt-4.1-mini)
+# OPENROUTER_MODEL=openai/gpt-4.1-mini
+
+# Apple WeatherKit credentials
+WEATHERKIT_PRIVATE_KEY=
+WEATHERKIT_KEY_ID=
+WEATHERKIT_TEAM_ID=
+WEATHERKIT_SERVICE_ID=

apps/aelis-backend/auth.ts

@@ -0,0 +1,20 @@
+// Used by Better Auth CLI for schema generation.
+// Run: bunx --bun auth@latest generate --config auth.ts --output src/db/auth-schema.ts
+import { betterAuth } from "better-auth"
+import { drizzleAdapter } from "better-auth/adapters/drizzle"
+import { admin } from "better-auth/plugins"
+import { SQL } from "bun"
+import { drizzle } from "drizzle-orm/bun-sql"
+
+const client = new SQL({ url: process.env.DATABASE_URL })
+const db = drizzle({ client })
+
+export const auth = betterAuth({
+	database: drizzleAdapter(db, { provider: "pg" }),
+	emailAndPassword: {
+		enabled: true,
+	},
+	plugins: [admin()],
+})
+
+export default auth

apps/aelis-backend/drizzle.config.ts

@@ -0,0 +1,10 @@
+import { defineConfig } from "drizzle-kit"
+
+export default defineConfig({
+	out: "./drizzle",
+	schema: "./src/db/schema.ts",
+	dialect: "postgresql",
+	dbCredentials: {
+		url: process.env.DATABASE_URL!,
+	},
+})

apps/aelis-backend/drizzle/0000_wakeful_scorpion.sql

@@ -0,0 +1,66 @@
+CREATE TABLE "account" (
+	"id" text PRIMARY KEY NOT NULL,
+	"account_id" text NOT NULL,
+	"provider_id" text NOT NULL,
+	"user_id" text NOT NULL,
+	"access_token" text,
+	"refresh_token" text,
+	"id_token" text,
+	"access_token_expires_at" timestamp,
+	"refresh_token_expires_at" timestamp,
+	"scope" text,
+	"password" text,
+	"created_at" timestamp NOT NULL,
+	"updated_at" timestamp NOT NULL
+);
+--> statement-breakpoint
+CREATE TABLE "session" (
+	"id" text PRIMARY KEY NOT NULL,
+	"expires_at" timestamp NOT NULL,
+	"token" text NOT NULL,
+	"created_at" timestamp NOT NULL,
+	"updated_at" timestamp NOT NULL,
+	"ip_address" text,
+	"user_agent" text,
+	"user_id" text NOT NULL,
+	CONSTRAINT "session_token_unique" UNIQUE("token")
+);
+--> statement-breakpoint
+CREATE TABLE "user" (
+	"id" text PRIMARY KEY NOT NULL,
+	"name" text NOT NULL,
+	"email" text NOT NULL,
+	"email_verified" boolean DEFAULT false NOT NULL,
+	"image" text,
+	"created_at" timestamp NOT NULL,
+	"updated_at" timestamp NOT NULL,
+	CONSTRAINT "user_email_unique" UNIQUE("email")
+);
+--> statement-breakpoint
+CREATE TABLE "user_sources" (
+	"id" uuid PRIMARY KEY DEFAULT gen_random_uuid() NOT NULL,
+	"user_id" text NOT NULL,
+	"source_id" text NOT NULL,
+	"enabled" boolean DEFAULT true NOT NULL,
+	"config" jsonb DEFAULT '{}'::jsonb,
+	"credentials" "bytea",
+	"created_at" timestamp DEFAULT now() NOT NULL,
+	"updated_at" timestamp DEFAULT now() NOT NULL,
+	CONSTRAINT "user_sources_user_id_source_id_unique" UNIQUE("user_id","source_id")
+);
+--> statement-breakpoint
+CREATE TABLE "verification" (
+	"id" text PRIMARY KEY NOT NULL,
+	"identifier" text NOT NULL,
+	"value" text NOT NULL,
+	"expires_at" timestamp NOT NULL,
+	"created_at" timestamp NOT NULL,
+	"updated_at" timestamp NOT NULL
+);
+--> statement-breakpoint
+ALTER TABLE "account" ADD CONSTRAINT "account_user_id_user_id_fk" FOREIGN KEY ("user_id") REFERENCES "public"."user"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "session" ADD CONSTRAINT "session_user_id_user_id_fk" FOREIGN KEY ("user_id") REFERENCES "public"."user"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "user_sources" ADD CONSTRAINT "user_sources_user_id_user_id_fk" FOREIGN KEY ("user_id") REFERENCES "public"."user"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
+CREATE INDEX "account_userId_idx" ON "account" USING btree ("user_id");--> statement-breakpoint
+CREATE INDEX "session_userId_idx" ON "session" USING btree ("user_id");--> statement-breakpoint
+CREATE INDEX "verification_identifier_idx" ON "verification" USING btree ("identifier");

apps/aelis-backend/drizzle/0001_misty_white_tiger.sql

@@ -0,0 +1 @@
+CREATE INDEX "user_sources_user_id_enabled_idx" ON "user_sources" USING btree ("user_id","enabled");

apps/aelis-backend/drizzle/meta/0000_snapshot.json

@@ -0,0 +1,457 @@
+{
+  "id": "d8c59ec7-b686-41a7-a472-da29f3ab6727",
+  "prevId": "00000000-0000-0000-0000-000000000000",
+  "version": "7",
+  "dialect": "postgresql",
+  "tables": {
+    "public.account": {
+      "name": "account",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "account_id": {
+          "name": "account_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "provider_id": {
+          "name": "provider_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "access_token": {
+          "name": "access_token",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "refresh_token": {
+          "name": "refresh_token",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "id_token": {
+          "name": "id_token",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "access_token_expires_at": {
+          "name": "access_token_expires_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "refresh_token_expires_at": {
+          "name": "refresh_token_expires_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "scope": {
+          "name": "scope",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "password": {
+          "name": "password",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        }
+      },
+      "indexes": {
+        "account_userId_idx": {
+          "name": "account_userId_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "account_user_id_user_id_fk": {
+          "name": "account_user_id_user_id_fk",
+          "tableFrom": "account",
+          "tableTo": "user",
+          "columnsFrom": [
+            "user_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.session": {
+      "name": "session",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "expires_at": {
+          "name": "expires_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "token": {
+          "name": "token",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "ip_address": {
+          "name": "ip_address",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "user_agent": {
+          "name": "user_agent",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        }
+      },
+      "indexes": {
+        "session_userId_idx": {
+          "name": "session_userId_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "session_user_id_user_id_fk": {
+          "name": "session_user_id_user_id_fk",
+          "tableFrom": "session",
+          "tableTo": "user",
+          "columnsFrom": [
+            "user_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "session_token_unique": {
+          "name": "session_token_unique",
+          "nullsNotDistinct": false,
+          "columns": [
+            "token"
+          ]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.user": {
+      "name": "user",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "email": {
+          "name": "email",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "email_verified": {
+          "name": "email_verified",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "image": {
+          "name": "image",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "user_email_unique": {
+          "name": "user_email_unique",
+          "nullsNotDistinct": false,
+          "columns": [
+            "email"
+          ]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.user_sources": {
+      "name": "user_sources",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true,
+          "default": "gen_random_uuid()"
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "source_id": {
+          "name": "source_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "enabled": {
+          "name": "enabled",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": true
+        },
+        "config": {
+          "name": "config",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": false,
+          "default": "'{}'::jsonb"
+        },
+        "credentials": {
+          "name": "credentials",
+          "type": "bytea",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "user_sources_user_id_user_id_fk": {
+          "name": "user_sources_user_id_user_id_fk",
+          "tableFrom": "user_sources",
+          "tableTo": "user",
+          "columnsFrom": [
+            "user_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "user_sources_user_id_source_id_unique": {
+          "name": "user_sources_user_id_source_id_unique",
+          "nullsNotDistinct": false,
+          "columns": [
+            "user_id",
+            "source_id"
+          ]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.verification": {
+      "name": "verification",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "identifier": {
+          "name": "identifier",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "value": {
+          "name": "value",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "expires_at": {
+          "name": "expires_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        }
+      },
+      "indexes": {
+        "verification_identifier_idx": {
+          "name": "verification_identifier_idx",
+          "columns": [
+            {
+              "expression": "identifier",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    }
+  },
+  "enums": {},
+  "schemas": {},
+  "sequences": {},
+  "roles": {},
+  "policies": {},
+  "views": {},
+  "_meta": {
+    "columns": {},
+    "schemas": {},
+    "tables": {}
+  }
+}

apps/aelis-backend/drizzle/meta/0001_snapshot.json

@@ -0,0 +1,479 @@
+{
+  "id": "d963322c-77e2-4ac9-bd3c-ca544c85ae35",
+  "prevId": "d8c59ec7-b686-41a7-a472-da29f3ab6727",
+  "version": "7",
+  "dialect": "postgresql",
+  "tables": {
+    "public.account": {
+      "name": "account",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "account_id": {
+          "name": "account_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "provider_id": {
+          "name": "provider_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "access_token": {
+          "name": "access_token",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "refresh_token": {
+          "name": "refresh_token",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "id_token": {
+          "name": "id_token",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "access_token_expires_at": {
+          "name": "access_token_expires_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "refresh_token_expires_at": {
+          "name": "refresh_token_expires_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "scope": {
+          "name": "scope",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "password": {
+          "name": "password",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        }
+      },
+      "indexes": {
+        "account_userId_idx": {
+          "name": "account_userId_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "account_user_id_user_id_fk": {
+          "name": "account_user_id_user_id_fk",
+          "tableFrom": "account",
+          "tableTo": "user",
+          "columnsFrom": [
+            "user_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.session": {
+      "name": "session",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "expires_at": {
+          "name": "expires_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "token": {
+          "name": "token",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "ip_address": {
+          "name": "ip_address",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "user_agent": {
+          "name": "user_agent",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        }
+      },
+      "indexes": {
+        "session_userId_idx": {
+          "name": "session_userId_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "session_user_id_user_id_fk": {
+          "name": "session_user_id_user_id_fk",
+          "tableFrom": "session",
+          "tableTo": "user",
+          "columnsFrom": [
+            "user_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "session_token_unique": {
+          "name": "session_token_unique",
+          "nullsNotDistinct": false,
+          "columns": [
+            "token"
+          ]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.user": {
+      "name": "user",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "email": {
+          "name": "email",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "email_verified": {
+          "name": "email_verified",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": false
+        },
+        "image": {
+          "name": "image",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "user_email_unique": {
+          "name": "user_email_unique",
+          "nullsNotDistinct": false,
+          "columns": [
+            "email"
+          ]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.user_sources": {
+      "name": "user_sources",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "uuid",
+          "primaryKey": true,
+          "notNull": true,
+          "default": "gen_random_uuid()"
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "source_id": {
+          "name": "source_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "enabled": {
+          "name": "enabled",
+          "type": "boolean",
+          "primaryKey": false,
+          "notNull": true,
+          "default": true
+        },
+        "config": {
+          "name": "config",
+          "type": "jsonb",
+          "primaryKey": false,
+          "notNull": false,
+          "default": "'{}'::jsonb"
+        },
+        "credentials": {
+          "name": "credentials",
+          "type": "bytea",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {
+        "user_sources_user_id_enabled_idx": {
+          "name": "user_sources_user_id_enabled_idx",
+          "columns": [
+            {
+              "expression": "user_id",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            },
+            {
+              "expression": "enabled",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {
+        "user_sources_user_id_user_id_fk": {
+          "name": "user_sources_user_id_user_id_fk",
+          "tableFrom": "user_sources",
+          "tableTo": "user",
+          "columnsFrom": [
+            "user_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {
+        "user_sources_user_id_source_id_unique": {
+          "name": "user_sources_user_id_source_id_unique",
+          "nullsNotDistinct": false,
+          "columns": [
+            "user_id",
+            "source_id"
+          ]
+        }
+      },
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.verification": {
+      "name": "verification",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "identifier": {
+          "name": "identifier",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "value": {
+          "name": "value",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "expires_at": {
+          "name": "expires_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true
+        }
+      },
+      "indexes": {
+        "verification_identifier_idx": {
+          "name": "verification_identifier_idx",
+          "columns": [
+            {
+              "expression": "identifier",
+              "isExpression": false,
+              "asc": true,
+              "nulls": "last"
+            }
+          ],
+          "isUnique": false,
+          "concurrently": false,
+          "method": "btree",
+          "with": {}
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    }
+  },
+  "enums": {},
+  "schemas": {},
+  "sequences": {},
+  "roles": {},
+  "policies": {},
+  "views": {},
+  "_meta": {
+    "columns": {},
+    "schemas": {},
+    "tables": {}
+  }
+}

apps/aelis-backend/drizzle/meta/_journal.json

@@ -0,0 +1,20 @@
+{
+  "version": "7",
+  "dialect": "postgresql",
+  "entries": [
+    {
+      "idx": 0,
+      "version": "7",
+      "when": 1773620066366,
+      "tag": "0000_wakeful_scorpion",
+      "breakpoints": true
+    },
+    {
+      "idx": 1,
+      "version": "7",
+      "when": 1773624297794,
+      "tag": "0001_misty_white_tiger",
+      "breakpoints": true
+    }
+  ]
+}

apps/aelis-backend/package.json

@@ -0,0 +1,33 @@
+{
+	"name": "@aelis/backend",
+	"version": "0.0.0",
+	"type": "module",
+	"main": "src/server.ts",
+	"scripts": {
+		"dev": "bun run --watch src/server.ts",
+		"start": "bun run src/server.ts",
+		"test": "bun test src/",
+		"db:generate": "bunx drizzle-kit generate",
+		"db:generate-auth": "bunx --bun auth@latest generate --config auth.ts --output src/db/auth-schema.ts -y",
+		"db:push": "bunx drizzle-kit push",
+		"db:migrate": "bunx drizzle-kit migrate",
+		"db:studio": "bunx drizzle-kit studio",
+		"create-admin": "bun run src/scripts/create-admin.ts"
+	},
+	"dependencies": {
+		"@aelis/core": "workspace:*",
+		"@aelis/source-caldav": "workspace:*",
+		"@aelis/source-google-calendar": "workspace:*",
+		"@aelis/source-location": "workspace:*",
+		"@aelis/source-tfl": "workspace:*",
+		"@aelis/source-weatherkit": "workspace:*",
+		"@openrouter/sdk": "^0.9.11",
+		"arktype": "^2.1.29",
+		"better-auth": "^1",
+		"drizzle-orm": "^0.45.1",
+		"hono": "^4"
+	},
+	"devDependencies": {
+		"drizzle-kit": "^0.31.9"
+	}
+}

apps/aelis-backend/src/auth/http.ts

@@ -0,0 +1,7 @@
+import type { Hono } from "hono"
+
+import type { Auth } from "./index.ts"
+
+export function registerAuthHandlers(app: Hono, auth: Auth): void {
+	app.on(["POST", "GET"], "/api/auth/*", (c) => auth.handler(c.req.raw))
+}

apps/aelis-backend/src/auth/index.ts

@@ -0,0 +1,26 @@
+import { betterAuth } from "better-auth"
+import { drizzleAdapter } from "better-auth/adapters/drizzle"
+import { admin } from "better-auth/plugins"
+
+import type { Database } from "../db/index.ts"
+
+import * as schema from "../db/schema.ts"
+
+export function createAuth(db: Database) {
+	if (!process.env.BETTER_AUTH_SECRET) {
+		throw new Error("BETTER_AUTH_SECRET is not set")
+	}
+
+	return betterAuth({
+		database: drizzleAdapter(db, {
+			provider: "pg",
+			schema,
+		}),
+		emailAndPassword: {
+			enabled: true,
+		},
+		plugins: [admin()],
+	})
+}
+
+export type Auth = ReturnType<typeof createAuth>

apps/aelis-backend/src/auth/session-middleware.ts

@@ -0,0 +1,109 @@
+import type { Context, MiddlewareHandler, Next } from "hono"
+
+import type { Auth } from "./index.ts"
+import type { AuthSession, AuthUser } from "./session.ts"
+
+export interface SessionVariables {
+	user: AuthUser | null
+	session: AuthSession | null
+}
+
+export type AuthSessionEnv = { Variables: SessionVariables }
+
+export type AuthSessionMiddleware = MiddlewareHandler<AuthSessionEnv>
+
+declare module "hono" {
+	interface ContextVariableMap extends SessionVariables {}
+}
+
+/**
+ * Creates a middleware that attaches session and user to the context.
+ * Does not reject unauthenticated requests - use createRequireSession for that.
+ */
+export function createSessionMiddleware(auth: Auth): AuthSessionMiddleware {
+	return async (c: Context, next: Next): Promise<void> => {
+		const session = await auth.api.getSession({ headers: c.req.raw.headers })
+
+		if (session) {
+			c.set("user", session.user)
+			c.set("session", session.session)
+		} else {
+			c.set("user", null)
+			c.set("session", null)
+		}
+
+		await next()
+	}
+}
+
+/**
+ * Creates a middleware that requires a valid session. Returns 401 if not authenticated.
+ */
+export function createRequireSession(auth: Auth): AuthSessionMiddleware {
+	return async (c: Context, next: Next): Promise<Response | void> => {
+		const session = await auth.api.getSession({ headers: c.req.raw.headers })
+
+		if (!session) {
+			return c.json({ error: "Unauthorized" }, 401)
+		}
+
+		c.set("user", session.user)
+		c.set("session", session.session)
+		await next()
+	}
+}
+
+/**
+ * Creates a function to get session from headers. Useful for WebSocket upgrade validation.
+ */
+export function createGetSessionFromHeaders(auth: Auth) {
+	return async (headers: Headers): Promise<{ user: AuthUser; session: AuthSession } | null> => {
+		const session = await auth.api.getSession({ headers })
+		return session
+	}
+}
+
+/**
+ * Dev/test middleware that injects a fake user and session.
+ * Pass userId to simulate an authenticated request, or omit to get 401.
+ */
+export function mockAuthSessionMiddleware(userId?: string): AuthSessionMiddleware {
+	return async (c: Context, next: Next): Promise<Response | void> => {
+		if (!userId) {
+			return c.json({ error: "Unauthorized" }, 401)
+		}
+
+		const now = new Date()
+		const expiresAt = new Date(now.getTime() + 7 * 24 * 60 * 60 * 1000)
+
+		const user: AuthUser = {
+			id: "k7Gx2mPqRvNwYs9TdLfA4bHcJeUo1iZn",
+			name: "Dev User",
+			email: "dev@aelis.local",
+			emailVerified: true,
+			image: null,
+			createdAt: now,
+			updatedAt: now,
+			role: "admin",
+			banned: false,
+			banReason: null,
+			banExpires: null,
+		}
+
+		const session: AuthSession = {
+			id: "Wt3FvBpXaQrMhD8sKjE6LcYn0gUz5iRo",
+			userId: "k7Gx2mPqRvNwYs9TdLfA4bHcJeUo1iZn",
+			token: "Vb9CxNfRm2KwQs7TjPeA5dLhYg0UoZi4",
+			expiresAt,
+			ipAddress: "127.0.0.1",
+			userAgent: "aelis-dev",
+			createdAt: now,
+			updatedAt: now,
+		}
+
+		c.set("user", user)
+		c.set("session", session)
+
+		await next()
+	}
+}

apps/aelis-backend/src/auth/session.ts

@@ -0,0 +1,4 @@
+import type { Auth } from "./index.ts"
+
+export type AuthUser = Auth["$Infer"]["Session"]["user"]
+export type AuthSession = Auth["$Infer"]["Session"]["session"]

apps/aelis-backend/src/db/auth-schema.ts

@@ -0,0 +1,96 @@
+import { relations } from "drizzle-orm"
+import { pgTable, text, timestamp, boolean, index } from "drizzle-orm/pg-core"
+
+export const user = pgTable("user", {
+	id: text("id").primaryKey(),
+	name: text("name").notNull(),
+	email: text("email").notNull().unique(),
+	emailVerified: boolean("email_verified").default(false).notNull(),
+	image: text("image"),
+	createdAt: timestamp("created_at").notNull(),
+	updatedAt: timestamp("updated_at")
+		.$onUpdate(() => new Date())
+		.notNull(),
+	role: text("role"),
+	banned: boolean("banned").default(false),
+	banReason: text("ban_reason"),
+	banExpires: timestamp("ban_expires"),
+})
+
+export const session = pgTable(
+	"session",
+	{
+		id: text("id").primaryKey(),
+		expiresAt: timestamp("expires_at").notNull(),
+		token: text("token").notNull().unique(),
+		createdAt: timestamp("created_at").notNull(),
+		updatedAt: timestamp("updated_at")
+			.$onUpdate(() => new Date())
+			.notNull(),
+		ipAddress: text("ip_address"),
+		userAgent: text("user_agent"),
+		userId: text("user_id")
+			.notNull()
+			.references(() => user.id, { onDelete: "cascade" }),
+		impersonatedBy: text("impersonated_by"),
+	},
+	(table) => [index("session_userId_idx").on(table.userId)],
+)
+
+export const account = pgTable(
+	"account",
+	{
+		id: text("id").primaryKey(),
+		accountId: text("account_id").notNull(),
+		providerId: text("provider_id").notNull(),
+		userId: text("user_id")
+			.notNull()
+			.references(() => user.id, { onDelete: "cascade" }),
+		accessToken: text("access_token"),
+		refreshToken: text("refresh_token"),
+		idToken: text("id_token"),
+		accessTokenExpiresAt: timestamp("access_token_expires_at"),
+		refreshTokenExpiresAt: timestamp("refresh_token_expires_at"),
+		scope: text("scope"),
+		password: text("password"),
+		createdAt: timestamp("created_at").notNull(),
+		updatedAt: timestamp("updated_at")
+			.$onUpdate(() => new Date())
+			.notNull(),
+	},
+	(table) => [index("account_userId_idx").on(table.userId)],
+)
+
+export const verification = pgTable(
+	"verification",
+	{
+		id: text("id").primaryKey(),
+		identifier: text("identifier").notNull(),
+		value: text("value").notNull(),
+		expiresAt: timestamp("expires_at").notNull(),
+		createdAt: timestamp("created_at").notNull(),
+		updatedAt: timestamp("updated_at")
+			.$onUpdate(() => new Date())
+			.notNull(),
+	},
+	(table) => [index("verification_identifier_idx").on(table.identifier)],
+)
+
+export const userRelations = relations(user, ({ many }) => ({
+	sessions: many(session),
+	accounts: many(account),
+}))
+
+export const sessionRelations = relations(session, ({ one }) => ({
+	user: one(user, {
+		fields: [session.userId],
+		references: [user.id],
+	}),
+}))
+
+export const accountRelations = relations(account, ({ one }) => ({
+	user: one(user, {
+		fields: [account.userId],
+		references: [user.id],
+	}),
+}))

apps/aelis-backend/src/db/index.ts

@@ -0,0 +1,23 @@
+import { SQL } from "bun"
+import { drizzle, type BunSQLDatabase } from "drizzle-orm/bun-sql"
+
+import * as schema from "./schema.ts"
+
+export type Database = BunSQLDatabase<typeof schema>
+
+export interface DatabaseConnection {
+	db: Database
+	close: () => Promise<void>
+}
+
+export function createDatabase(url: string): DatabaseConnection {
+	if (!url) {
+		throw new Error("DATABASE_URL is required")
+	}
+
+	const client = new SQL({ url })
+	return {
+		db: drizzle({ client, schema }),
+		close: () => client.close(),
+	}
+}

apps/aelis-backend/src/db/schema.ts

@@ -0,0 +1,62 @@
+import {
+	boolean,
+	customType,
+	index,
+	jsonb,
+	pgTable,
+	text,
+	timestamp,
+	unique,
+	uuid,
+} from "drizzle-orm/pg-core"
+
+// ---------------------------------------------------------------------------
+// Better Auth core tables
+// Re-exported from CLI-generated schema.
+// Regenerate with: bunx --bun auth@latest generate --config auth.ts --output src/db/auth-schema.ts
+// ---------------------------------------------------------------------------
+
+export {
+	user,
+	session,
+	account,
+	verification,
+	userRelations,
+	sessionRelations,
+	accountRelations,
+} from "./auth-schema.ts"
+
+import { user } from "./auth-schema.ts"
+
+// ---------------------------------------------------------------------------
+// AELIS — per-user source configuration
+// ---------------------------------------------------------------------------
+
+const bytea = customType<{ data: Buffer }>({
+	dataType() {
+		return "bytea"
+	},
+})
+
+export const userSources = pgTable(
+	"user_sources",
+	{
+		id: uuid("id").primaryKey().defaultRandom(),
+		userId: text("user_id")
+			.notNull()
+			.references(() => user.id, { onDelete: "cascade" }),
+		sourceId: text("source_id").notNull(),
+		enabled: boolean("enabled").notNull().default(true),
+		config: jsonb("config").default({}),
+		credentials: bytea("credentials"),
+		createdAt: timestamp("created_at").notNull().defaultNow(),
+		updatedAt: timestamp("updated_at")
+			.notNull()
+			.defaultNow()
+			.$onUpdate(() => new Date()),
+	},
+	(t) => [
+		unique("user_sources_user_id_source_id_unique").on(t.userId, t.sourceId),
+		index("user_sources_user_id_enabled_idx").on(t.userId, t.enabled),
+	],
+)

apps/aelis-backend/src/engine/http.test.ts

@@ -0,0 +1,369 @@
+import type { ActionDefinition, ContextEntry, FeedItem, FeedSource } from "@aelis/core"
+
+import { contextKey } from "@aelis/core"
+import { describe, expect, spyOn, test } from "bun:test"
+import { Hono } from "hono"
+
+import { mockAuthSessionMiddleware } from "../auth/session-middleware.ts"
+import { UserSessionManager } from "../session/index.ts"
+import { registerFeedHttpHandlers } from "./http.ts"
+
+interface FeedResponse {
+	items: Array<{
+		id: string
+		type: string
+		priority: number
+		timestamp: string
+		data: Record<string, unknown>
+	}>
+	errors: Array<{ sourceId: string; error: string }>
+}
+
+function createStubSource(
+	id: string,
+	items: FeedItem[] = [],
+	contextEntries: readonly ContextEntry[] | null = null,
+): FeedSource {
+	return {
+		id,
+		async listActions(): Promise<Record<string, ActionDefinition>> {
+			return {}
+		},
+		async executeAction(): Promise<unknown> {
+			return undefined
+		},
+		async fetchContext(): Promise<readonly ContextEntry[] | null> {
+			return contextEntries
+		},
+		async fetchItems() {
+			return items
+		},
+	}
+}
+
+function buildTestApp(sessionManager: UserSessionManager, userId?: string) {
+	const app = new Hono()
+	registerFeedHttpHandlers(app, {
+		sessionManager,
+		authSessionMiddleware: mockAuthSessionMiddleware(userId),
+	})
+	return app
+}
+
+describe("GET /api/feed", () => {
+	test("returns 401 without auth", async () => {
+		const manager = new UserSessionManager({ providers: [] })
+		const app = buildTestApp(manager)
+
+		const res = await app.request("/api/feed")
+
+		expect(res.status).toBe(401)
+	})
+
+	test("returns cached feed when available", async () => {
+		const items: FeedItem[] = [
+			{
+				id: "item-1",
+				sourceId: "test",
+				type: "test",
+				priority: 0.8,
+				timestamp: new Date("2025-01-01T00:00:00.000Z"),
+				data: { value: 42 },
+			},
+		]
+		const manager = new UserSessionManager({
+			providers: [
+				{
+					sourceId: "test",
+					async feedSourceForUser() {
+						return createStubSource("test", items)
+					},
+				},
+			],
+		})
+		const app = buildTestApp(manager, "user-1")
+
+		// Prime the cache
+		const session = await manager.getOrCreate("user-1")
+		await session.engine.refresh()
+		expect(session.engine.lastFeed()).not.toBeNull()
+
+		const res = await app.request("/api/feed")
+
+		expect(res.status).toBe(200)
+		const body = (await res.json()) as FeedResponse
+		expect(body.items).toHaveLength(1)
+		expect(body.items[0]!.id).toBe("item-1")
+		expect(body.items[0]!.type).toBe("test")
+		expect(body.items[0]!.priority).toBe(0.8)
+		expect(body.items[0]!.timestamp).toBe("2025-01-01T00:00:00.000Z")
+		expect(body.errors).toHaveLength(0)
+	})
+
+	test("forces refresh when no cached feed", async () => {
+		const items: FeedItem[] = [
+			{
+				id: "fresh-1",
+				sourceId: "test",
+				type: "test",
+				priority: 0.5,
+				timestamp: new Date("2025-06-01T12:00:00.000Z"),
+				data: { fresh: true },
+			},
+		]
+		const manager = new UserSessionManager({
+			providers: [
+				{
+					sourceId: "test",
+					async feedSourceForUser() {
+						return createStubSource("test", items)
+					},
+				},
+			],
+		})
+		const app = buildTestApp(manager, "user-1")
+
+		// No prior refresh — lastFeed() returns null, handler should call refresh()
+		const res = await app.request("/api/feed")
+
+		expect(res.status).toBe(200)
+		const body = (await res.json()) as FeedResponse
+		expect(body.items).toHaveLength(1)
+		expect(body.items[0]!.id).toBe("fresh-1")
+		expect(body.items[0]!.data.fresh).toBe(true)
+		expect(body.errors).toHaveLength(0)
+	})
+
+	test("serializes source errors as message strings", async () => {
+		const failingSource: FeedSource = {
+			id: "failing",
+			async listActions() {
+				return {}
+			},
+			async executeAction() {
+				return undefined
+			},
+			async fetchContext() {
+				return null
+			},
+			async fetchItems() {
+				throw new Error("connection timeout")
+			},
+		}
+		const manager = new UserSessionManager({
+			providers: [
+				{
+					sourceId: "failing",
+					async feedSourceForUser() {
+						return failingSource
+					},
+				},
+			],
+		})
+		const app = buildTestApp(manager, "user-1")
+
+		const res = await app.request("/api/feed")
+
+		expect(res.status).toBe(200)
+		const body = (await res.json()) as FeedResponse
+		expect(body.items).toHaveLength(0)
+		expect(body.errors).toHaveLength(1)
+		expect(body.errors[0]!.sourceId).toBe("failing")
+		expect(body.errors[0]!.error).toBe("connection timeout")
+	})
+
+	test("returns 503 when all providers fail", async () => {
+		const manager = new UserSessionManager({
+			providers: [
+				{
+					sourceId: "test",
+					async feedSourceForUser() {
+						throw new Error("provider down")
+					},
+				},
+			],
+		})
+		const app = buildTestApp(manager, "user-1")
+
+		const spy = spyOn(console, "error").mockImplementation(() => {})
+
+		const res = await app.request("/api/feed")
+
+		expect(res.status).toBe(503)
+		const body = (await res.json()) as { error: string }
+		expect(body.error).toBe("Service unavailable")
+
+		spy.mockRestore()
+	})
+})
+
+describe("GET /api/context", () => {
+	const weatherKey = contextKey("aelis.weather", "weather")
+	const weatherData = { temperature: 20, condition: "Clear" }
+	const contextEntries: readonly ContextEntry[] = [[weatherKey, weatherData]]
+
+	// The mock auth middleware always injects this hardcoded user ID
+	const mockUserId = "k7Gx2mPqRvNwYs9TdLfA4bHcJeUo1iZn"
+
+	async function buildContextApp(userId?: string) {
+		const manager = new UserSessionManager({
+			providers: [
+				{
+					sourceId: "weather",
+					async feedSourceForUser() {
+						return createStubSource("weather", [], contextEntries)
+					},
+				},
+			],
+		})
+		const app = buildTestApp(manager, userId)
+		const session = await manager.getOrCreate(mockUserId)
+		return { app, session }
+	}
+
+	test("returns 401 without auth", async () => {
+		const manager = new UserSessionManager({ providers: [] })
+		const app = buildTestApp(manager)
+
+		const res = await app.request('/api/context?key=["aelis.weather","weather"]')
+
+		expect(res.status).toBe(401)
+	})
+
+	test("returns 400 when key param is missing", async () => {
+		const { app } = await buildContextApp("user-1")
+
+		const res = await app.request("/api/context")
+
+		expect(res.status).toBe(400)
+		const body = (await res.json()) as { error: string }
+		expect(body.error).toContain("key")
+	})
+
+	test("returns 400 when key is invalid JSON", async () => {
+		const { app } = await buildContextApp("user-1")
+
+		const res = await app.request("/api/context?key=notjson")
+
+		expect(res.status).toBe(400)
+		const body = (await res.json()) as { error: string }
+		expect(body.error).toContain("key")
+	})
+
+	test("returns 400 when key is not an array", async () => {
+		const { app } = await buildContextApp("user-1")
+
+		const res = await app.request('/api/context?key="string"')
+
+		expect(res.status).toBe(400)
+		const body = (await res.json()) as { error: string }
+		expect(body.error).toContain("key")
+	})
+
+	test("returns 400 when key contains invalid element types", async () => {
+		const { app } = await buildContextApp("user-1")
+
+		const res = await app.request("/api/context?key=[true,null,[1,2]]")
+
+		expect(res.status).toBe(400)
+		const body = (await res.json()) as { error: string }
+		expect(body.error).toContain("key")
+	})
+
+	test("returns 400 when key is an empty array", async () => {
+		const { app } = await buildContextApp("user-1")
+
+		const res = await app.request("/api/context?key=[]")
+
+		expect(res.status).toBe(400)
+		const body = (await res.json()) as { error: string }
+		expect(body.error).toContain("key")
+	})
+
+	test("returns 400 when match param is invalid", async () => {
+		const { app } = await buildContextApp("user-1")
+
+		const res = await app.request('/api/context?key=["aelis.weather"]&match=invalid')
+
+		expect(res.status).toBe(400)
+		const body = (await res.json()) as { error: string }
+		expect(body.error).toContain("match")
+	})
+
+	test("returns exact match with match=exact", async () => {
+		const { app, session } = await buildContextApp("user-1")
+		await session.engine.refresh()
+
+		const res = await app.request('/api/context?key=["aelis.weather","weather"]&match=exact')
+
+		expect(res.status).toBe(200)
+		const body = (await res.json()) as { match: string; value: unknown }
+		expect(body.match).toBe("exact")
+		expect(body.value).toEqual(weatherData)
+	})
+
+	test("returns 404 with match=exact when only prefix would match", async () => {
+		const { app, session } = await buildContextApp("user-1")
+		await session.engine.refresh()
+
+		const res = await app.request('/api/context?key=["aelis.weather"]&match=exact')
+
+		expect(res.status).toBe(404)
+	})
+
+	test("returns prefix match with match=prefix", async () => {
+		const { app, session } = await buildContextApp("user-1")
+		await session.engine.refresh()
+
+		const res = await app.request('/api/context?key=["aelis.weather"]&match=prefix')
+
+		expect(res.status).toBe(200)
+		const body = (await res.json()) as {
+			match: string
+			entries: Array<{ key: unknown[]; value: unknown }>
+		}
+		expect(body.match).toBe("prefix")
+		expect(body.entries).toHaveLength(1)
+		expect(body.entries[0]!.key).toEqual(["aelis.weather", "weather"])
+		expect(body.entries[0]!.value).toEqual(weatherData)
+	})
+
+	test("default mode returns exact match when available", async () => {
+		const { app, session } = await buildContextApp("user-1")
+		await session.engine.refresh()
+
+		const res = await app.request('/api/context?key=["aelis.weather","weather"]')
+
+		expect(res.status).toBe(200)
+		const body = (await res.json()) as { match: string; value: unknown }
+		expect(body.match).toBe("exact")
+		expect(body.value).toEqual(weatherData)
+	})
+
+	test("default mode falls back to prefix when no exact match", async () => {
+		const { app, session } = await buildContextApp("user-1")
+		await session.engine.refresh()
+
+		const res = await app.request('/api/context?key=["aelis.weather"]')
+
+		expect(res.status).toBe(200)
+		const body = (await res.json()) as {
+			match: string
+			entries: Array<{ key: unknown[]; value: unknown }>
+		}
+		expect(body.match).toBe("prefix")
+		expect(body.entries).toHaveLength(1)
+		expect(body.entries[0]!.value).toEqual(weatherData)
+	})
+
+	test("returns 404 when neither exact nor prefix matches", async () => {
+		const { app, session } = await buildContextApp("user-1")
+		await session.engine.refresh()
+
+		const res = await app.request('/api/context?key=["nonexistent"]')
+
+		expect(res.status).toBe(404)
+		const body = (await res.json()) as { error: string }
+		expect(body.error).toBe("Context key not found")
+	})
+})

apps/aelis-backend/src/engine/http.ts

@@ -0,0 +1,133 @@
+import type { Context, Hono } from "hono"
+
+import { contextKey } from "@aelis/core"
+import { createMiddleware } from "hono/factory"
+
+import type { AuthSessionMiddleware } from "../auth/session-middleware.ts"
+import type { UserSessionManager } from "../session/index.ts"
+
+type Env = {
+	Variables: {
+		sessionManager: UserSessionManager
+	}
+}
+
+interface FeedHttpHandlersDeps {
+	sessionManager: UserSessionManager
+	authSessionMiddleware: AuthSessionMiddleware
+}
+
+export function registerFeedHttpHandlers(
+	app: Hono,
+	{ sessionManager, authSessionMiddleware }: FeedHttpHandlersDeps,
+) {
+	const inject = createMiddleware<Env>(async (c, next) => {
+		c.set("sessionManager", sessionManager)
+		await next()
+	})
+
+	app.get("/api/feed", inject, authSessionMiddleware, handleGetFeed)
+	app.get("/api/context", inject, authSessionMiddleware, handleGetContext)
+}
+
+async function handleGetFeed(c: Context<Env>) {
+	const user = c.get("user")!
+	const sessionManager = c.get("sessionManager")
+
+	let session
+	try {
+		session = await sessionManager.getOrCreate(user.id)
+	} catch (err) {
+		console.error("[handleGetFeed] Failed to create session:", err)
+		return c.json({ error: "Service unavailable" }, 503)
+	}
+
+	const feed = await session.feed()
+
+	return c.json({
+		items: feed.items,
+		errors: feed.errors.map((e) => ({
+			sourceId: e.sourceId,
+			error: e.error.message,
+		})),
+	})
+}
+
+async function handleGetContext(c: Context<Env>) {
+	const keyParam = c.req.query("key")
+	if (!keyParam) {
+		return c.json({ error: 'Invalid or missing "key" parameter: must be a JSON array' }, 400)
+	}
+
+	let parsed: unknown
+	try {
+		parsed = JSON.parse(keyParam)
+	} catch {
+		return c.json({ error: 'Invalid or missing "key" parameter: must be a JSON array' }, 400)
+	}
+
+	if (!Array.isArray(parsed) || parsed.length === 0 || !parsed.every(isContextKeyPart)) {
+		return c.json({ error: 'Invalid or missing "key" parameter: must be a JSON array' }, 400)
+	}
+
+	const matchParam = c.req.query("match")
+	if (matchParam !== undefined && matchParam !== "exact" && matchParam !== "prefix") {
+		return c.json({ error: 'Invalid "match" parameter: must be "exact" or "prefix"' }, 400)
+	}
+
+	const user = c.get("user")!
+	const sessionManager = c.get("sessionManager")
+
+	let session
+	try {
+		session = await sessionManager.getOrCreate(user.id)
+	} catch (err) {
+		console.error("[handleGetContext] Failed to create session:", err)
+		return c.json({ error: "Service unavailable" }, 503)
+	}
+
+	const context = session.engine.currentContext()
+	const key = contextKey(...parsed)
+
+	if (matchParam === "exact") {
+		const value = context.get(key)
+		if (value === undefined) {
+			return c.json({ error: "Context key not found" }, 404)
+		}
+		return c.json({ match: "exact", value })
+	}
+
+	if (matchParam === "prefix") {
+		const entries = context.find(key)
+		if (entries.length === 0) {
+			return c.json({ error: "Context key not found" }, 404)
+		}
+		return c.json({ match: "prefix", entries })
+	}
+
+	// Default: single find() covers both exact and prefix matches
+	const entries = context.find(key)
+	if (entries.length === 0) {
+		return c.json({ error: "Context key not found" }, 404)
+	}
+
+	// If exactly one result with the same key length, treat as exact match
+	if (entries.length === 1 && entries[0]!.key.length === parsed.length) {
+		return c.json({ match: "exact", value: entries[0]!.value })
+	}
+
+	return c.json({ match: "prefix", entries })
+}
+
+/** Validates that a value is a valid ContextKeyPart (string, number, or plain object of primitives). */
+function isContextKeyPart(value: unknown): boolean {
+	if (typeof value === "string" || typeof value === "number") {
+		return true
+	}
+	if (typeof value === "object" && value !== null && !Array.isArray(value)) {
+		return Object.values(value).every(
+			(v) => typeof v === "string" || typeof v === "number" || typeof v === "boolean",
+		)
+	}
+	return false
+}

apps/aelis-backend/src/enhancement/enhance-feed.ts

@@ -0,0 +1,51 @@
+import type { FeedItem } from "@aelis/core"
+
+import type { LlmClient } from "./llm-client.ts"
+
+import { mergeEnhancement } from "./merge.ts"
+import { buildPrompt, hasUnfilledSlots } from "./prompt-builder.ts"
+
+/** Takes feed items, returns enhanced feed items. */
+export type FeedEnhancer = (items: FeedItem[]) => Promise<FeedItem[]>
+
+export interface FeedEnhancerConfig {
+	client: LlmClient
+	/** Defaults to Date.now — override for testing */
+	clock?: () => Date
+}
+
+/**
+ * Creates a FeedEnhancer that uses the provided LlmClient.
+ *
+ * Skips the LLM call when no items have unfilled slots.
+ * Returns items unchanged on LLM failure.
+ */
+export function createFeedEnhancer(config: FeedEnhancerConfig): FeedEnhancer {
+	const { client } = config
+	const clock = config.clock ?? (() => new Date())
+
+	return async function enhanceFeed(items) {
+		if (!hasUnfilledSlots(items)) {
+			return items
+		}
+
+		const currentTime = clock()
+		const { systemPrompt, userMessage } = buildPrompt(items, currentTime)
+
+		let result
+		try {
+			result = await client.enhance({ systemPrompt, userMessage })
+		} catch (err) {
+			console.error("[enhancement] LLM call failed:", err)
+			result = null
+		}
+
+		if (!result) {
+			return items
+		}
+
+		return mergeEnhancement(items, result, currentTime)
+	}
+}
+
+

apps/aelis-backend/src/enhancement/llm-client.ts

@@ -0,0 +1,71 @@
+import { OpenRouter } from "@openrouter/sdk"
+
+import type { EnhancementResult } from "./schema.ts"
+
+import { enhancementResultJsonSchema, parseEnhancementResult } from "./schema.ts"
+
+const DEFAULT_MODEL = "openai/gpt-4.1-mini"
+const DEFAULT_TIMEOUT_MS = 30_000
+
+export interface LlmClientConfig {
+	apiKey: string
+	model?: string
+	timeoutMs?: number
+}
+
+export interface LlmClientRequest {
+	systemPrompt: string
+	userMessage: string
+}
+
+export interface LlmClient {
+	enhance(request: LlmClientRequest): Promise<EnhancementResult | null>
+}
+
+/**
+ * Creates a reusable LLM client backed by OpenRouter.
+ * The OpenRouter SDK instance is created once and reused across calls.
+ */
+export function createLlmClient(config: LlmClientConfig): LlmClient {
+	const client = new OpenRouter({
+		apiKey: config.apiKey,
+		timeoutMs: config.timeoutMs ?? DEFAULT_TIMEOUT_MS,
+	})
+	const model = config.model ?? DEFAULT_MODEL
+
+	return {
+		async enhance(request) {
+			const response = await client.chat.send({
+				chatGenerationParams: {
+					model,
+					messages: [
+						{ role: "system" as const, content: request.systemPrompt },
+						{ role: "user" as const, content: request.userMessage },
+					],
+					responseFormat: {
+						type: "json_schema" as const,
+						jsonSchema: {
+							name: "enhancement_result",
+							strict: true,
+							schema: enhancementResultJsonSchema,
+						},
+					},
+					stream: false,
+				},
+			})
+
+			const content = response.choices?.[0]?.message?.content
+			if (typeof content !== "string") {
+				console.warn("[enhancement] LLM returned no content in response")
+				return null
+			}
+
+			const result = parseEnhancementResult(content)
+			if (!result) {
+				console.warn("[enhancement] Failed to parse LLM response:", content)
+			}
+
+			return result
+		},
+	}
+}

apps/aelis-backend/src/enhancement/merge.test.ts

@@ -0,0 +1,151 @@
+import type { FeedItem } from "@aelis/core"
+
+import { describe, expect, test } from "bun:test"
+
+import type { EnhancementResult } from "./schema.ts"
+
+import { mergeEnhancement } from "./merge.ts"
+
+function makeItem(overrides: Partial<FeedItem> = {}): FeedItem {
+	return {
+		id: "item-1",
+		sourceId: "test",
+		type: "test",
+		timestamp: new Date("2025-01-01T00:00:00Z"),
+		data: { value: 42 },
+		...overrides,
+	}
+}
+
+const now = new Date("2025-06-01T12:00:00Z")
+
+describe("mergeEnhancement", () => {
+	test("fills matching slots", () => {
+		const item = makeItem({
+			slots: {
+				insight: { description: "Weather insight", content: null },
+			},
+		})
+		const result: EnhancementResult = {
+			slotFills: {
+				"item-1": { insight: "Rain after 3pm" },
+			},
+			syntheticItems: [],
+		}
+
+		const merged = mergeEnhancement([item], result, now)
+
+		expect(merged).toHaveLength(1)
+		expect(merged[0]!.slots!.insight!.content).toBe("Rain after 3pm")
+		// Description preserved
+		expect(merged[0]!.slots!.insight!.description).toBe("Weather insight")
+	})
+
+	test("does not mutate original items", () => {
+		const item = makeItem({
+			slots: {
+				insight: { description: "test", content: null },
+			},
+		})
+		const result: EnhancementResult = {
+			slotFills: { "item-1": { insight: "filled" } },
+			syntheticItems: [],
+		}
+
+		mergeEnhancement([item], result, now)
+
+		expect(item.slots!.insight!.content).toBeNull()
+	})
+
+	test("ignores fills for non-existent items", () => {
+		const item = makeItem()
+		const result: EnhancementResult = {
+			slotFills: { "non-existent": { insight: "text" } },
+			syntheticItems: [],
+		}
+
+		const merged = mergeEnhancement([item], result, now)
+
+		expect(merged).toHaveLength(1)
+		expect(merged[0]!.id).toBe("item-1")
+	})
+
+	test("ignores fills for non-existent slots", () => {
+		const item = makeItem({
+			slots: {
+				insight: { description: "test", content: null },
+			},
+		})
+		const result: EnhancementResult = {
+			slotFills: { "item-1": { "non-existent-slot": "text" } },
+			syntheticItems: [],
+		}
+
+		const merged = mergeEnhancement([item], result, now)
+
+		expect(merged[0]!.slots!.insight!.content).toBeNull()
+	})
+
+	test("skips null fills", () => {
+		const item = makeItem({
+			slots: {
+				insight: { description: "test", content: null },
+			},
+		})
+		const result: EnhancementResult = {
+			slotFills: { "item-1": { insight: null } },
+			syntheticItems: [],
+		}
+
+		const merged = mergeEnhancement([item], result, now)
+
+		expect(merged[0]!.slots!.insight!.content).toBeNull()
+	})
+
+	test("passes through items without slots unchanged", () => {
+		const item = makeItem()
+		const result: EnhancementResult = {
+			slotFills: {},
+			syntheticItems: [],
+		}
+
+		const merged = mergeEnhancement([item], result, now)
+
+		expect(merged[0]).toBe(item)
+	})
+
+	test("appends synthetic items with backfilled fields", () => {
+		const item = makeItem()
+		const result: EnhancementResult = {
+			slotFills: {},
+			syntheticItems: [
+				{
+					id: "briefing-morning",
+					type: "briefing",
+					text: "Light afternoon ahead.",
+				},
+			],
+		}
+
+		const merged = mergeEnhancement([item], result, now)
+
+		expect(merged).toHaveLength(2)
+		expect(merged[1]!.id).toBe("briefing-morning")
+		expect(merged[1]!.type).toBe("briefing")
+		expect(merged[1]!.timestamp).toEqual(now)
+		expect(merged[1]!.data).toEqual({ text: "Light afternoon ahead." })
+	})
+
+	test("handles empty enhancement result", () => {
+		const item = makeItem()
+		const result: EnhancementResult = {
+			slotFills: {},
+			syntheticItems: [],
+		}
+
+		const merged = mergeEnhancement([item], result, now)
+
+		expect(merged).toHaveLength(1)
+		expect(merged[0]).toBe(item)
+	})
+})

apps/aelis-backend/src/enhancement/merge.ts

@@ -0,0 +1,48 @@
+import type { FeedItem } from "@aelis/core"
+
+import type { EnhancementResult } from "./schema.ts"
+
+const ENHANCEMENT_SOURCE_ID = "aelis.enhancement"
+
+/**
+ * Merges an EnhancementResult into feed items.
+ *
+ * - Writes slot content from slotFills into matching items
+ * - Appends synthetic items to the list
+ * - Returns a new array (no mutation)
+ * - Ignores fills for items/slots that don't exist
+ */
+export function mergeEnhancement(
+	items: FeedItem[],
+	result: EnhancementResult,
+	currentTime: Date,
+): FeedItem[] {
+	const merged = items.map((item) => {
+		const fills = result.slotFills[item.id]
+		if (!fills || !item.slots) return item
+
+		const mergedSlots = { ...item.slots }
+		let changed = false
+
+		for (const [slotName, content] of Object.entries(fills)) {
+			if (slotName in mergedSlots && content !== null) {
+				mergedSlots[slotName] = { ...mergedSlots[slotName]!, content }
+				changed = true
+			}
+		}
+
+		return changed ? { ...item, slots: mergedSlots } : item
+	})
+
+	for (const synthetic of result.syntheticItems) {
+		merged.push({
+			id: synthetic.id,
+			sourceId: ENHANCEMENT_SOURCE_ID,
+			type: synthetic.type,
+			timestamp: currentTime,
+			data: { text: synthetic.text },
+		})
+	}
+
+	return merged
+}

apps/aelis-backend/src/enhancement/prompt-builder.test.ts

@@ -0,0 +1,170 @@
+import type { FeedItem } from "@aelis/core"
+
+import { describe, expect, test } from "bun:test"
+
+import { buildPrompt, hasUnfilledSlots } from "./prompt-builder.ts"
+
+function makeItem(overrides: Partial<FeedItem> = {}): FeedItem {
+	return {
+		id: "item-1",
+		sourceId: "test",
+		type: "test",
+		timestamp: new Date("2025-01-01T00:00:00Z"),
+		data: { value: 42 },
+		...overrides,
+	}
+}
+
+function parseUserMessage(userMessage: string): Record<string, unknown> {
+	return JSON.parse(userMessage)
+}
+
+describe("hasUnfilledSlots", () => {
+	test("returns false for items without slots", () => {
+		expect(hasUnfilledSlots([makeItem()])).toBe(false)
+	})
+
+	test("returns false for items with all slots filled", () => {
+		const item = makeItem({
+			slots: {
+				insight: { description: "test", content: "filled" },
+			},
+		})
+		expect(hasUnfilledSlots([item])).toBe(false)
+	})
+
+	test("returns true when at least one slot is unfilled", () => {
+		const item = makeItem({
+			slots: {
+				insight: { description: "test", content: null },
+			},
+		})
+		expect(hasUnfilledSlots([item])).toBe(true)
+	})
+
+	test("returns false for empty array", () => {
+		expect(hasUnfilledSlots([])).toBe(false)
+	})
+})
+
+describe("buildPrompt", () => {
+	test("puts items with unfilled slots in items", () => {
+		const item = makeItem({
+			slots: {
+				insight: { description: "Weather insight", content: null },
+				filled: { description: "Already done", content: "done" },
+			},
+		})
+
+		const { userMessage } = buildPrompt([item], new Date("2025-06-01T12:00:00Z"))
+		const parsed = parseUserMessage(userMessage)
+
+		expect(parsed.items).toHaveLength(1)
+		expect((parsed.items as Array<Record<string, unknown>>)[0]!.id).toBe("item-1")
+		expect((parsed.items as Array<Record<string, unknown>>)[0]!.slots).toEqual({
+			insight: "Weather insight",
+		})
+		expect((parsed.items as Array<Record<string, unknown>>)[0]!.type).toBeUndefined()
+		expect(parsed.context).toHaveLength(0)
+	})
+
+	test("puts slotless items in context", () => {
+		const withSlots = makeItem({
+			id: "with-slots",
+			slots: { insight: { description: "test", content: null } },
+		})
+		const withoutSlots = makeItem({ id: "no-slots" })
+
+		const { userMessage } = buildPrompt([withSlots, withoutSlots], new Date("2025-06-01T12:00:00Z"))
+		const parsed = parseUserMessage(userMessage)
+
+		expect(parsed.items).toHaveLength(1)
+		expect((parsed.items as Array<Record<string, unknown>>)[0]!.id).toBe("with-slots")
+		expect(parsed.context).toHaveLength(1)
+		expect((parsed.context as Array<Record<string, unknown>>)[0]!.id).toBe("no-slots")
+	})
+
+	test("includes time in ISO format", () => {
+		const { userMessage } = buildPrompt([], new Date("2025-06-01T12:00:00Z"))
+		const parsed = parseUserMessage(userMessage)
+
+		expect(parsed.time).toBe("2025-06-01T12:00:00.000Z")
+	})
+
+	test("system prompt is non-empty", () => {
+		const { systemPrompt } = buildPrompt([], new Date())
+		expect(systemPrompt.length).toBeGreaterThan(0)
+	})
+
+	test("includes schedule in system prompt", () => {
+		const calEvent = makeItem({
+			id: "cal-1",
+			type: "caldav-event",
+			data: {
+				title: "Team standup",
+				startDate: "2025-06-01T10:00:00Z",
+				endDate: "2025-06-01T10:30:00Z",
+				isAllDay: false,
+				location: null,
+			},
+			slots: {
+				insight: { description: "test", content: null },
+			},
+		})
+
+		const { systemPrompt } = buildPrompt([calEvent], new Date("2025-06-01T12:00:00Z"))
+
+		expect(systemPrompt).toContain("Schedule:\n")
+		expect(systemPrompt).toContain("Team standup")
+		expect(systemPrompt).toContain("10:00")
+	})
+
+	test("includes location in schedule", () => {
+		const calEvent = makeItem({
+			id: "cal-1",
+			type: "caldav-event",
+			data: {
+				title: "Therapy",
+				startDate: "2025-06-02T18:00:00Z",
+				endDate: "2025-06-02T19:00:00Z",
+				isAllDay: false,
+				location: "92 Tooley Street, London",
+			},
+		})
+
+		const { systemPrompt } = buildPrompt([calEvent], new Date("2025-06-01T12:00:00Z"))
+
+		expect(systemPrompt).toContain("Therapy @ 92 Tooley Street, London")
+	})
+
+	test("includes week calendar but omits schedule when no calendar items", () => {
+		const weatherItem = makeItem({
+			type: "weather-current",
+			data: { temperature: 14 },
+		})
+
+		const { systemPrompt } = buildPrompt([weatherItem], new Date("2025-06-01T12:00:00Z"))
+
+		expect(systemPrompt).toContain("Week:")
+		expect(systemPrompt).not.toContain("Schedule:")
+	})
+
+	test("user message is pure JSON", () => {
+		const calEvent = makeItem({
+			id: "cal-1",
+			type: "caldav-event",
+			data: {
+				title: "Budget Review",
+				startTime: "2025-06-01T14:00:00Z",
+				endTime: "2025-06-01T15:00:00Z",
+				isAllDay: false,
+				location: "https://meet.google.com/abc",
+			},
+		})
+
+		const { userMessage } = buildPrompt([calEvent], new Date("2025-06-01T12:00:00Z"))
+
+		expect(userMessage.startsWith("{")).toBe(true)
+		expect(() => JSON.parse(userMessage)).not.toThrow()
+	})
+})

apps/aelis-backend/src/enhancement/prompt-builder.ts

@@ -0,0 +1,218 @@
+import type { FeedItem } from "@aelis/core"
+
+import { CalDavFeedItemType } from "@aelis/source-caldav"
+import { CalendarFeedItemType } from "@aelis/source-google-calendar"
+
+import systemPromptBase from "./prompts/system.txt"
+
+const CALENDAR_ITEM_TYPES = new Set<string>([
+	CalDavFeedItemType.Event,
+	CalendarFeedItemType.Event,
+	CalendarFeedItemType.AllDay,
+])
+
+/**
+ * Builds the system prompt and user message for the enhancement harness.
+ *
+ * Includes a pre-computed mini calendar so the LLM doesn't have to
+ * parse timestamps to understand the user's schedule.
+ */
+export function buildPrompt(
+	items: FeedItem[],
+	currentTime: Date,
+): { systemPrompt: string; userMessage: string } {
+	const schedule = buildSchedule(items, currentTime)
+
+	const enhanceItems: Array<{
+		id: string
+		data: Record<string, unknown>
+		slots: Record<string, string>
+	}> = []
+	const contextItems: Array<{
+		id: string
+		type: string
+		data: Record<string, unknown>
+	}> = []
+
+	for (const item of items) {
+		const hasUnfilledSlots =
+			item.slots &&
+			Object.values(item.slots).some((slot) => slot.content === null)
+
+		if (hasUnfilledSlots) {
+			enhanceItems.push({
+				id: item.id,
+				data: item.data,
+				slots: Object.fromEntries(
+					Object.entries(item.slots!)
+						.filter(([, slot]) => slot.content === null)
+						.map(([name, slot]) => [name, slot.description]),
+				),
+			})
+		} else {
+			contextItems.push({
+				id: item.id,
+				type: item.type,
+				data: item.data,
+			})
+		}
+	}
+
+	const userMessage = JSON.stringify({
+		time: currentTime.toISOString(),
+		items: enhanceItems,
+		context: contextItems,
+	})
+
+	const weekCalendar = buildWeekCalendar(currentTime)
+	let systemPrompt = systemPromptBase
+	systemPrompt += `\n\nWeek:\n${weekCalendar}`
+	if (schedule) {
+		systemPrompt += `\n\nSchedule:\n${schedule}`
+	}
+
+	return { systemPrompt, userMessage }
+}
+
+/**
+ * Returns true if any item has at least one unfilled slot.
+ */
+export function hasUnfilledSlots(items: FeedItem[]): boolean {
+	return items.some(
+		(item) =>
+			item.slots &&
+			Object.values(item.slots).some((slot) => slot.content === null),
+	)
+}
+
+// -- Helpers --
+
+interface CalendarEntry {
+	date: Date
+	title: string
+	location: string | null
+	isAllDay: boolean
+	startTime: Date
+	endTime: Date
+}
+
+function toValidDate(value: unknown): Date | null {
+	if (value instanceof Date) return Number.isNaN(value.getTime()) ? null : value
+	if (typeof value === "string" || typeof value === "number") {
+		const date = new Date(value)
+		return Number.isNaN(date.getTime()) ? null : date
+	}
+	return null
+}
+
+function extractCalendarEntry(item: FeedItem): CalendarEntry | null {
+	if (!CALENDAR_ITEM_TYPES.has(item.type)) return null
+
+	const d = item.data
+	const title = d.title
+	if (typeof title !== "string" || !title) return null
+
+	// CalDAV uses startDate/endDate, Google Calendar uses startTime/endTime
+	const startTime = toValidDate(d.startDate ?? d.startTime)
+	if (!startTime) return null
+
+	const endTime = toValidDate(d.endDate ?? d.endTime) ?? startTime
+
+	return {
+		date: startTime,
+		title,
+		location: typeof d.location === "string" ? d.location : null,
+		isAllDay: typeof d.isAllDay === "boolean" ? d.isAllDay : false,
+		startTime,
+		endTime,
+	}
+}
+
+const DAYS = ["Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"] as const
+const MONTHS = ["Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"] as const
+
+function pad2(n: number): string {
+	return n.toString().padStart(2, "0")
+}
+
+function formatTime(date: Date): string {
+	return `${pad2(date.getUTCHours())}:${pad2(date.getUTCMinutes())}`
+}
+
+function formatDayShort(date: Date): string {
+	return `${DAYS[date.getUTCDay()]}, ${date.getUTCDate()} ${MONTHS[date.getUTCMonth()]}`
+}
+
+function formatDayLabel(date: Date, currentTime: Date): string {
+	const currentDay = Date.UTC(currentTime.getUTCFullYear(), currentTime.getUTCMonth(), currentTime.getUTCDate())
+	const targetDay = Date.UTC(date.getUTCFullYear(), date.getUTCMonth(), date.getUTCDate())
+	const diffDays = Math.round((targetDay - currentDay) / (1000 * 60 * 60 * 24))
+
+	const dayName = formatDayShort(date)
+
+	if (diffDays === 0) return `Today: ${dayName}`
+	if (diffDays === 1) return `Tomorrow: ${dayName}`
+	return dayName
+}
+
+/**
+ * Builds a week overview mapping day names to dates,
+ * so the LLM can easily match ISO timestamps to days.
+ */
+function buildWeekCalendar(currentTime: Date): string {
+	const lines: string[] = []
+	for (let i = 0; i < 7; i++) {
+		const date = new Date(currentTime)
+		date.setUTCDate(date.getUTCDate() + i)
+		const label = i === 0 ? "Today" : i === 1 ? "Tomorrow" : ""
+		const dayStr = formatDayShort(date)
+		const iso = date.toISOString().slice(0, 10)
+		const prefix = label ? `${label}: ` : ""
+		lines.push(`${prefix}${dayStr} = ${iso}`)
+	}
+	return lines.join("\n")
+}
+
+/**
+ * Builds a compact text calendar from all calendar-type items.
+ * Groups events by day relative to currentTime.
+ */
+function buildSchedule(items: FeedItem[], currentTime: Date): string {
+	const entries: CalendarEntry[] = []
+	for (const item of items) {
+		const entry = extractCalendarEntry(item)
+		if (entry) entries.push(entry)
+	}
+
+	if (entries.length === 0) return ""
+
+	entries.sort((a, b) => a.startTime.getTime() - b.startTime.getTime())
+
+	const byDay = new Map<string, CalendarEntry[]>()
+	for (const entry of entries) {
+		const key = entry.date.toISOString().slice(0, 10)
+		const group = byDay.get(key)
+		if (group) {
+			group.push(entry)
+		} else {
+			byDay.set(key, [entry])
+		}
+	}
+
+	const lines: string[] = []
+	for (const [, dayEntries] of byDay) {
+		lines.push(formatDayLabel(dayEntries[0]!.startTime, currentTime))
+		for (const entry of dayEntries) {
+			if (entry.isAllDay) {
+				const loc = entry.location ? ` @ ${entry.location}` : ""
+				lines.push(`  all day  ${entry.title}${loc}`)
+			} else {
+				const timeRange = `${formatTime(entry.startTime)}–${formatTime(entry.endTime)}`
+				const loc = entry.location ? ` @ ${entry.location}` : ""
+				lines.push(`  ${timeRange}  ${entry.title}${loc}`)
+			}
+		}
+	}
+
+	return lines.join("\n")
+}

apps/aelis-backend/src/enhancement/prompts/system.txt

@@ -0,0 +1,21 @@
+You are AELIS, a personal assistant. You enhance a user's feed by filling slots and optionally generating synthetic items.
+
+The user message is a JSON object with:
+- "items": feed items with data and named slots to fill. Each slot has a description of what to write.
+- "context": other feed items (no slots) for cross-source reasoning.
+- "time": current ISO timestamp.
+
+Your output has two fields:
+- "slotFills": map of item ID → slot name → short text (or null if you can't fill it or cannot provide answer). Each item ID appears ONCE with ALL its slots in a single object.
+- "syntheticItems": array of { id, type, text } for new items (briefings, nudges, insights). Only when genuinely useful and when not redundant.
+
+Rules:
+- DO NOT USE EMDASH OR DASH OR ATTEMPT TO USE SYMBOLS TO CIRCUMVENT THIS RULE.
+- One sentence per slot. Two max if absolutely necessary. Be direct.
+- Say "I" not "we."
+- Hedge when inferring. Don't state guesses as facts.
+- Use the week and schedule below to understand when events happen. Match weather data to the correct date.
+- Look for connections across items.
+- Don't pad — return null for slots you can't meaningfully fill, and skip synthetic items if there's nothing useful to add.
+- Never fabricate information not present in the feed. If you don't have data to support a fill, return null.
+- Read each slot's description carefully — it defines when to return null.

apps/aelis-backend/src/enhancement/schema.test.ts

@@ -0,0 +1,176 @@
+import { describe, expect, test } from "bun:test"
+
+import {
+	emptyEnhancementResult,
+	enhancementResultJsonSchema,
+	parseEnhancementResult,
+} from "./schema.ts"
+
+describe("parseEnhancementResult", () => {
+	test("parses valid result", () => {
+		const input = JSON.stringify({
+			slotFills: {
+				"weather-1": {
+					insight: "Rain after 3pm",
+					"cross-source": null,
+				},
+			},
+			syntheticItems: [
+				{
+					id: "briefing-morning",
+					type: "briefing",
+					text: "Light afternoon ahead.",
+				},
+			],
+		})
+
+		const result = parseEnhancementResult(input)
+
+		expect(result).not.toBeNull()
+		expect(result!.slotFills["weather-1"]!.insight).toBe("Rain after 3pm")
+		expect(result!.slotFills["weather-1"]!["cross-source"]).toBeNull()
+		expect(result!.syntheticItems).toHaveLength(1)
+		expect(result!.syntheticItems[0]!.id).toBe("briefing-morning")
+		expect(result!.syntheticItems[0]!.text).toBe("Light afternoon ahead.")
+	})
+
+	test("parses empty result", () => {
+		const input = JSON.stringify({
+			slotFills: {},
+			syntheticItems: [],
+		})
+
+		const result = parseEnhancementResult(input)
+
+		expect(result).not.toBeNull()
+		expect(Object.keys(result!.slotFills)).toHaveLength(0)
+		expect(result!.syntheticItems).toHaveLength(0)
+	})
+
+	test("returns null for invalid JSON", () => {
+		expect(parseEnhancementResult("not json")).toBeNull()
+	})
+
+	test("returns null for non-object", () => {
+		expect(parseEnhancementResult('"hello"')).toBeNull()
+		expect(parseEnhancementResult("42")).toBeNull()
+		expect(parseEnhancementResult("null")).toBeNull()
+	})
+
+	test("returns null when slotFills is missing", () => {
+		const input = JSON.stringify({ syntheticItems: [] })
+		expect(parseEnhancementResult(input)).toBeNull()
+	})
+
+	test("returns null when syntheticItems is missing", () => {
+		const input = JSON.stringify({ slotFills: {} })
+		expect(parseEnhancementResult(input)).toBeNull()
+	})
+
+	test("returns null when slotFills has non-string values", () => {
+		const input = JSON.stringify({
+			slotFills: { "item-1": { slot: 42 } },
+			syntheticItems: [],
+		})
+		expect(parseEnhancementResult(input)).toBeNull()
+	})
+
+	test("returns null when syntheticItem is missing required fields", () => {
+		const input = JSON.stringify({
+			slotFills: {},
+			syntheticItems: [{ id: "x" }],
+		})
+		expect(parseEnhancementResult(input)).toBeNull()
+	})
+})
+
+describe("emptyEnhancementResult", () => {
+	test("returns empty slotFills and syntheticItems", () => {
+		const result = emptyEnhancementResult()
+		expect(result.slotFills).toEqual({})
+		expect(result.syntheticItems).toEqual([])
+	})
+})
+
+describe("schema sync", () => {
+	const referencePayloads = [
+		{
+			name: "full payload with null slot fill",
+			payload: {
+				slotFills: {
+					"weather-1": { insight: "Rain after 3pm", crossSource: null },
+					"cal-2": { summary: "Busy morning" },
+				},
+				syntheticItems: [
+					{ id: "briefing-morning", type: "briefing", text: "Light day ahead." },
+					{ id: "nudge-umbrella", type: "nudge", text: "Bring an umbrella." },
+				],
+			},
+		},
+		{
+			name: "empty collections",
+			payload: { slotFills: {}, syntheticItems: [] },
+		},
+		{
+			name: "slot fills only",
+			payload: {
+				slotFills: { "item-1": { slot: "filled" } },
+				syntheticItems: [],
+			},
+		},
+		{
+			name: "synthetic items only",
+			payload: {
+				slotFills: {},
+				syntheticItems: [{ id: "insight-1", type: "insight", text: "Something." }],
+			},
+		},
+	]
+
+	for (const { name, payload } of referencePayloads) {
+		test(`arktype and JSON Schema agree on: ${name}`, () => {
+			// arktype accepts it
+			const parsed = parseEnhancementResult(JSON.stringify(payload))
+			expect(parsed).not.toBeNull()
+
+			// JSON Schema structure matches
+			const jsonSchema = enhancementResultJsonSchema
+			expect(Object.keys(jsonSchema.properties).sort()).toEqual(
+				Object.keys(payload).sort(),
+			)
+			expect([...jsonSchema.required].sort()).toEqual(Object.keys(payload).sort())
+
+			// syntheticItems item schema has the right required fields
+			const itemSchema = jsonSchema.properties.syntheticItems.items
+			expect([...itemSchema.required].sort()).toEqual(["id", "text", "type"])
+
+			// Verify each synthetic item has exactly the fields the JSON Schema expects
+			for (const item of payload.syntheticItems) {
+				expect(Object.keys(item).sort()).toEqual([...itemSchema.required].sort())
+			}
+		})
+	}
+
+	test("JSON Schema rejects what arktype rejects: missing required field", () => {
+		// Missing syntheticItems
+		expect(parseEnhancementResult(JSON.stringify({ slotFills: {} }))).toBeNull()
+
+		// JSON Schema also requires it
+		expect(enhancementResultJsonSchema.required).toContain("syntheticItems")
+	})
+
+	test("JSON Schema rejects what arktype rejects: wrong slot fill value type", () => {
+		const bad = { slotFills: { "item-1": { slot: 42 } }, syntheticItems: [] }
+
+		// arktype rejects it
+		expect(parseEnhancementResult(JSON.stringify(bad))).toBeNull()
+
+		// JSON Schema only allows string or null for slot values
+		const slotValueTypes =
+			enhancementResultJsonSchema.properties.slotFills.additionalProperties
+				.additionalProperties.type
+		expect(slotValueTypes).toContain("string")
+		expect(slotValueTypes).toContain("null")
+		expect(slotValueTypes).not.toContain("number")
+	})
+})

apps/aelis-backend/src/enhancement/schema.ts

@@ -0,0 +1,89 @@
+import { type } from "arktype"
+
+const SyntheticItem = type({
+	id: "string",
+	type: "string",
+	text: "string",
+})
+
+const EnhancementResult = type({
+	slotFills: "Record<string, Record<string, string | null>>",
+	syntheticItems: SyntheticItem.array(),
+})
+
+export type SyntheticItem = typeof SyntheticItem.infer
+export type EnhancementResult = typeof EnhancementResult.infer
+
+/**
+ * JSON Schema passed to OpenRouter's structured output.
+ * OpenRouter doesn't support arktype, so this is maintained separately.
+ *
+ * ⚠️  Must stay in sync with EnhancementResult above.
+ * If you add/remove fields, update both schemas.
+ */
+export const enhancementResultJsonSchema = {
+	type: "object",
+	properties: {
+		slotFills: {
+			type: "object",
+			description:
+				"Map of feed item ID to an object of slot name to filled text content. Use null for slots that cannot be meaningfully filled.",
+			additionalProperties: {
+				type: "object",
+				additionalProperties: {
+					type: ["string", "null"],
+				},
+			},
+		},
+		syntheticItems: {
+			type: "array",
+			description:
+				"New feed items to inject (briefings, nudges, cross-source insights). Keep these short and actionable.",
+			items: {
+				type: "object",
+				properties: {
+					id: {
+						type: "string",
+						description: "Unique ID, e.g. 'briefing-morning'",
+					},
+					type: {
+						type: "string",
+						description: "One of: 'briefing', 'nudge', 'insight'",
+					},
+					text: {
+						type: "string",
+						description: "Display text, 1-3 sentences",
+					},
+				},
+				required: ["id", "type", "text"],
+				additionalProperties: false,
+			},
+		},
+	},
+	required: ["slotFills", "syntheticItems"],
+	additionalProperties: false,
+} as const
+
+/**
+ * Parses a JSON string into an EnhancementResult.
+ * Returns null if the input is malformed.
+ */
+export function parseEnhancementResult(json: string): EnhancementResult | null {
+	let parsed: unknown
+	try {
+		parsed = JSON.parse(json)
+	} catch {
+		return null
+	}
+
+	const result = EnhancementResult(parsed)
+	if (result instanceof type.errors) {
+		return null
+	}
+
+	return result
+}
+
+export function emptyEnhancementResult(): EnhancementResult {
+	return { slotFills: {}, syntheticItems: [] }
+}

apps/aelis-backend/src/lib/crypto.test.ts

@@ -0,0 +1,62 @@
+import { randomBytes } from "node:crypto"
+import { describe, expect, test } from "bun:test"
+
+import { CredentialEncryptor } from "./crypto.ts"
+
+const TEST_KEY = randomBytes(32).toString("base64")
+
+describe("CredentialEncryptor", () => {
+	const encryptor = new CredentialEncryptor(TEST_KEY)
+
+	test("round-trip with simple string", () => {
+		const plaintext = "hello world"
+		const encrypted = encryptor.encrypt(plaintext)
+		expect(encryptor.decrypt(encrypted)).toBe(plaintext)
+	})
+
+	test("round-trip with JSON credentials", () => {
+		const credentials = JSON.stringify({
+			accessToken: "ya29.a0AfH6SMB...",
+			refreshToken: "1//0dx...",
+			expiresAt: "2025-12-01T00:00:00Z",
+		})
+		const encrypted = encryptor.encrypt(credentials)
+		expect(encryptor.decrypt(encrypted)).toBe(credentials)
+	})
+
+	test("round-trip with empty string", () => {
+		const encrypted = encryptor.encrypt("")
+		expect(encryptor.decrypt(encrypted)).toBe("")
+	})
+
+	test("round-trip with unicode", () => {
+		const plaintext = "日本語テスト 🔐"
+		const encrypted = encryptor.encrypt(plaintext)
+		expect(encryptor.decrypt(encrypted)).toBe(plaintext)
+	})
+
+	test("each encryption produces different ciphertext (unique IV)", () => {
+		const plaintext = "same input"
+		const a = encryptor.encrypt(plaintext)
+		const b = encryptor.encrypt(plaintext)
+		expect(a).not.toEqual(b)
+		expect(encryptor.decrypt(a)).toBe(plaintext)
+		expect(encryptor.decrypt(b)).toBe(plaintext)
+	})
+
+	test("tampered ciphertext throws", () => {
+		const encrypted = encryptor.encrypt("secret")
+		encrypted[13]! ^= 0xff
+		expect(() => encryptor.decrypt(encrypted)).toThrow()
+	})
+
+	test("truncated data throws", () => {
+		expect(() => encryptor.decrypt(Buffer.alloc(10))).toThrow("Encrypted data is too short")
+	})
+
+	test("throws when key is wrong length", () => {
+		expect(() => new CredentialEncryptor(Buffer.from("too-short").toString("base64"))).toThrow(
+			"must be 32 bytes",
+		)
+	})
+})

apps/aelis-backend/src/lib/crypto.ts

@@ -0,0 +1,60 @@
+import { createCipheriv, createDecipheriv, randomBytes } from "node:crypto"
+
+const ALGORITHM = "aes-256-gcm"
+const IV_LENGTH = 12
+const AUTH_TAG_LENGTH = 16
+
+/**
+ * AES-256-GCM encryption for credential storage.
+ *
+ * Caches the parsed key on construction to avoid repeated
+ * env reads and Buffer allocations.
+ */
+export class CredentialEncryptor {
+	private readonly key: Buffer
+
+	constructor(base64Key: string) {
+		const key = Buffer.from(base64Key, "base64")
+		if (key.length !== 32) {
+			throw new Error(
+				`Encryption key must be 32 bytes (got ${key.length}). Generate with: openssl rand -base64 32`,
+			)
+		}
+		this.key = key
+	}
+
+	/**
+	 * Encrypts plaintext using AES-256-GCM.
+	 *
+	 * Output format: [12-byte IV][ciphertext][16-byte auth tag]
+	 */
+	encrypt(plaintext: string): Buffer {
+		const iv = randomBytes(IV_LENGTH)
+		const cipher = createCipheriv(ALGORITHM, this.key, iv)
+
+		const encrypted = Buffer.concat([cipher.update(plaintext, "utf8"), cipher.final()])
+		const authTag = cipher.getAuthTag()
+
+		return Buffer.concat([iv, encrypted, authTag])
+	}
+
+	/**
+	 * Decrypts a buffer produced by `encrypt`.
+	 *
+	 * Expects format: [12-byte IV][ciphertext][16-byte auth tag]
+	 */
+	decrypt(data: Buffer): string {
+		if (data.length < IV_LENGTH + AUTH_TAG_LENGTH) {
+			throw new Error("Encrypted data is too short")
+		}
+
+		const iv = data.subarray(0, IV_LENGTH)
+		const authTag = data.subarray(data.length - AUTH_TAG_LENGTH)
+		const ciphertext = data.subarray(IV_LENGTH, data.length - AUTH_TAG_LENGTH)
+
+		const decipher = createDecipheriv(ALGORITHM, this.key, iv)
+		decipher.setAuthTag(authTag)
+
+		return Buffer.concat([decipher.update(ciphertext), decipher.final()]).toString("utf8")
+	}
+}

apps/aelis-backend/src/lib/error.ts

@@ -0,0 +1,8 @@
+export class UserNotFoundError extends Error {
+	constructor(
+		public readonly userId: string,
+		message?: string,
+	) {
+		super(message ? `${message}: user not found: ${userId}` : `User not found: ${userId}`)
+	}
+}

apps/aelis-backend/src/location/http.ts

@@ -0,0 +1,68 @@
+import type { Context, Hono } from "hono"
+
+import { type } from "arktype"
+import { createMiddleware } from "hono/factory"
+
+import type { AuthSessionMiddleware } from "../auth/session-middleware.ts"
+import type { UserSessionManager } from "../session/index.ts"
+
+type Env = { Variables: { sessionManager: UserSessionManager } }
+
+const locationInput = type({
+	lat: "number",
+	lng: "number",
+	accuracy: "number",
+	timestamp: "string.date.iso",
+})
+
+interface LocationHttpHandlersDeps {
+	sessionManager: UserSessionManager
+	authSessionMiddleware: AuthSessionMiddleware
+}
+
+export function registerLocationHttpHandlers(
+	app: Hono,
+	{ sessionManager, authSessionMiddleware }: LocationHttpHandlersDeps,
+) {
+	const inject = createMiddleware<Env>(async (c, next) => {
+		c.set("sessionManager", sessionManager)
+		await next()
+	})
+
+	app.post("/api/location", inject, authSessionMiddleware, handleUpdateLocation)
+}
+
+async function handleUpdateLocation(c: Context<Env>) {
+	let body: unknown
+	try {
+		body = await c.req.json()
+	} catch {
+		return c.json({ error: "Invalid JSON" }, 400)
+	}
+
+	const result = locationInput(body)
+
+	if (result instanceof type.errors) {
+		return c.json({ error: result.summary }, 400)
+	}
+
+	const user = c.get("user")!
+	const sessionManager = c.get("sessionManager")
+
+	let session
+	try {
+		session = await sessionManager.getOrCreate(user.id)
+	} catch (err) {
+		console.error("[handleUpdateLocation] Failed to create session:", err)
+		return c.json({ error: "Service unavailable" }, 503)
+	}
+
+	await session.engine.executeAction("aelis.location", "update-location", {
+		lat: result.lat,
+		lng: result.lng,
+		accuracy: result.accuracy,
+		timestamp: new Date(result.timestamp),
+	})
+
+	return c.body(null, 204)
+}

apps/aelis-backend/src/location/provider.ts

@@ -0,0 +1,26 @@
+import { LocationSource } from "@aelis/source-location"
+
+import type { Database } from "../db/index.ts"
+import type { FeedSourceProvider } from "../session/feed-source-provider.ts"
+
+import { SourceDisabledError } from "../sources/errors.ts"
+import { sources } from "../sources/user-sources.ts"
+
+export class LocationSourceProvider implements FeedSourceProvider {
+	readonly sourceId = "aelis.location"
+	private readonly db: Database
+
+	constructor(db: Database) {
+		this.db = db
+	}
+
+	async feedSourceForUser(userId: string): Promise<LocationSource> {
+		const row = await sources(this.db, userId).find("aelis.location")
+
+		if (!row || !row.enabled) {
+			throw new SourceDisabledError("aelis.location", userId)
+		}
+
+		return new LocationSource()
+	}
+}

apps/aelis-backend/src/scripts/create-admin.ts

@@ -0,0 +1,63 @@
+/**
+ * Creates an admin user account via Better Auth's server-side API.
+ *
+ * Usage:
+ *   bun run src/scripts/create-admin.ts --name "Admin" --email admin@example.com --password secret123
+ *
+ * Requires DATABASE_URL and BETTER_AUTH_SECRET to be set (reads .env automatically).
+ */
+
+import { parseArgs } from "util"
+
+import { createAuth } from "../auth/index.ts"
+import { createDatabase } from "../db/index.ts"
+
+function parseCliArgs(): { name: string; email: string; password: string } {
+	const { values } = parseArgs({
+		args: Bun.argv.slice(2),
+		options: {
+			name: { type: "string" },
+			email: { type: "string" },
+			password: { type: "string" },
+		},
+		strict: true,
+	})
+
+	if (!values.name || !values.email || !values.password) {
+		console.error(
+			"Usage: bun run src/scripts/create-admin.ts --name <name> --email <email> --password <password>",
+		)
+		process.exit(1)
+	}
+
+	return { name: values.name, email: values.email, password: values.password }
+}
+
+async function main() {
+	const { name, email, password } = parseCliArgs()
+
+	const databaseUrl = process.env.DATABASE_URL
+	if (!databaseUrl) {
+		console.error("DATABASE_URL is not set")
+		process.exit(1)
+	}
+
+	const { db, close } = createDatabase(databaseUrl)
+
+	try {
+		const auth = createAuth(db)
+
+		const result = await auth.api.createUser({
+			body: { name, email, password, role: "admin" },
+		})
+
+		console.log(`Admin account created: ${result.user.id} (${result.user.email})`)
+	} finally {
+		await close()
+	}
+}
+
+main().catch((err) => {
+	console.error("Failed to create admin account:", err)
+	process.exit(1)
+})

apps/aelis-backend/src/server.ts

@@ -0,0 +1,75 @@
+import { Hono } from "hono"
+
+import { registerAuthHandlers } from "./auth/http.ts"
+import { createAuth } from "./auth/index.ts"
+import { createRequireSession } from "./auth/session-middleware.ts"
+import { createDatabase } from "./db/index.ts"
+import { registerFeedHttpHandlers } from "./engine/http.ts"
+import { createFeedEnhancer } from "./enhancement/enhance-feed.ts"
+import { createLlmClient } from "./enhancement/llm-client.ts"
+import { registerLocationHttpHandlers } from "./location/http.ts"
+import { LocationSourceProvider } from "./location/provider.ts"
+import { UserSessionManager } from "./session/index.ts"
+import { WeatherSourceProvider } from "./weather/provider.ts"
+
+function main() {
+	const { db, close: closeDb } = createDatabase(process.env.DATABASE_URL!)
+	const auth = createAuth(db)
+
+	const openrouterApiKey = process.env.OPENROUTER_API_KEY
+	const feedEnhancer = openrouterApiKey
+		? createFeedEnhancer({
+				client: createLlmClient({
+					apiKey: openrouterApiKey,
+					model: process.env.OPENROUTER_MODEL || undefined,
+				}),
+			})
+		: null
+	if (!feedEnhancer) {
+		console.warn("[enhancement] OPENROUTER_API_KEY not set — feed enhancement disabled")
+	}
+
+	const sessionManager = new UserSessionManager({
+		providers: [
+			new LocationSourceProvider(db),
+			new WeatherSourceProvider({
+				db,
+				credentials: {
+					privateKey: process.env.WEATHERKIT_PRIVATE_KEY!,
+					keyId: process.env.WEATHERKIT_KEY_ID!,
+					teamId: process.env.WEATHERKIT_TEAM_ID!,
+					serviceId: process.env.WEATHERKIT_SERVICE_ID!,
+				},
+			}),
+		],
+		feedEnhancer,
+	})
+
+	const app = new Hono()
+
+	app.get("/health", (c) => c.json({ status: "ok" }))
+
+	const authSessionMiddleware = createRequireSession(auth)
+
+	registerAuthHandlers(app, auth)
+
+	registerFeedHttpHandlers(app, {
+		sessionManager,
+		authSessionMiddleware,
+	})
+	registerLocationHttpHandlers(app, { sessionManager, authSessionMiddleware })
+
+	process.on("SIGTERM", async () => {
+		await closeDb()
+		process.exit(0)
+	})
+
+	return app
+}
+
+const app = main()
+
+export default {
+	port: 3000,
+	fetch: app.fetch,
+}

apps/aelis-backend/src/session/feed-source-provider.ts

@@ -0,0 +1,7 @@
+import type { FeedSource } from "@aelis/core"
+
+export interface FeedSourceProvider {
+	/** The source ID this provider is responsible for (e.g., "aelis.location"). */
+	readonly sourceId: string
+	feedSourceForUser(userId: string): Promise<FeedSource>
+}

apps/aelis-backend/src/session/index.ts

@@ -0,0 +1,3 @@
+export type { FeedSourceProvider } from "./feed-source-provider.ts"
+export { UserSession } from "./user-session.ts"
+export { UserSessionManager } from "./user-session-manager.ts"

apps/aelis-backend/src/session/user-session-manager.test.ts

@@ -0,0 +1,490 @@
+import type { ActionDefinition, ContextEntry, FeedItem, FeedSource } from "@aelis/core"
+
+import { LocationSource } from "@aelis/source-location"
+import { WeatherSource } from "@aelis/source-weatherkit"
+import { describe, expect, mock, spyOn, test } from "bun:test"
+
+import type { FeedSourceProvider } from "./feed-source-provider.ts"
+
+import { UserSessionManager } from "./user-session-manager.ts"
+
+function createStubSource(id: string, items: FeedItem[] = []): FeedSource {
+	return {
+		id,
+		async listActions(): Promise<Record<string, ActionDefinition>> {
+			return {}
+		},
+		async executeAction(): Promise<unknown> {
+			return undefined
+		},
+		async fetchContext(): Promise<readonly ContextEntry[] | null> {
+			return null
+		},
+		async fetchItems() {
+			return items
+		},
+	}
+}
+
+function createStubProvider(
+	sourceId: string,
+	factory: (userId: string) => Promise<FeedSource> = async () => createStubSource(sourceId),
+): FeedSourceProvider {
+	return { sourceId, feedSourceForUser: factory }
+}
+
+const locationProvider: FeedSourceProvider = {
+	sourceId: "aelis.location",
+	async feedSourceForUser() {
+		return new LocationSource()
+	},
+}
+
+const weatherProvider: FeedSourceProvider = {
+	sourceId: "aelis.weather",
+	async feedSourceForUser() {
+		return new WeatherSource({ client: { fetch: async () => ({}) as never } })
+	},
+}
+
+describe("UserSessionManager", () => {
+	test("getOrCreate creates session on first call", async () => {
+		const manager = new UserSessionManager({ providers: [locationProvider] })
+
+		const session = await manager.getOrCreate("user-1")
+
+		expect(session).toBeDefined()
+		expect(session.engine).toBeDefined()
+	})
+
+	test("getOrCreate returns same session for same user", async () => {
+		const manager = new UserSessionManager({ providers: [locationProvider] })
+
+		const session1 = await manager.getOrCreate("user-1")
+		const session2 = await manager.getOrCreate("user-1")
+
+		expect(session1).toBe(session2)
+	})
+
+	test("getOrCreate returns different sessions for different users", async () => {
+		const manager = new UserSessionManager({ providers: [locationProvider] })
+
+		const session1 = await manager.getOrCreate("user-1")
+		const session2 = await manager.getOrCreate("user-2")
+
+		expect(session1).not.toBe(session2)
+	})
+
+	test("each user gets independent source instances", async () => {
+		const manager = new UserSessionManager({ providers: [locationProvider] })
+
+		const session1 = await manager.getOrCreate("user-1")
+		const session2 = await manager.getOrCreate("user-2")
+
+		const source1 = session1.getSource<LocationSource>("aelis.location")
+		const source2 = session2.getSource<LocationSource>("aelis.location")
+
+		expect(source1).not.toBe(source2)
+	})
+
+	test("remove destroys session and allows re-creation", async () => {
+		const manager = new UserSessionManager({ providers: [locationProvider] })
+
+		const session1 = await manager.getOrCreate("user-1")
+		manager.remove("user-1")
+		const session2 = await manager.getOrCreate("user-1")
+
+		expect(session1).not.toBe(session2)
+	})
+
+	test("remove is no-op for unknown user", () => {
+		const manager = new UserSessionManager({ providers: [locationProvider] })
+
+		expect(() => manager.remove("unknown")).not.toThrow()
+	})
+
+	test("registers multiple providers", async () => {
+		const manager = new UserSessionManager({
+			providers: [locationProvider, weatherProvider],
+		})
+
+		const session = await manager.getOrCreate("user-1")
+
+		expect(session.getSource("aelis.location")).toBeDefined()
+		expect(session.getSource("aelis.weather")).toBeDefined()
+	})
+
+	test("refresh returns feed result through session", async () => {
+		const manager = new UserSessionManager({ providers: [locationProvider] })
+
+		const session = await manager.getOrCreate("user-1")
+		const result = await session.engine.refresh()
+
+		expect(result).toHaveProperty("context")
+		expect(result).toHaveProperty("items")
+		expect(result).toHaveProperty("errors")
+		expect(result.context.time).toBeInstanceOf(Date)
+	})
+
+	test("location update via executeAction works", async () => {
+		const manager = new UserSessionManager({ providers: [locationProvider] })
+
+		const session = await manager.getOrCreate("user-1")
+		await session.engine.executeAction("aelis.location", "update-location", {
+			lat: 51.5074,
+			lng: -0.1278,
+			accuracy: 10,
+			timestamp: new Date(),
+		})
+
+		const source = session.getSource<LocationSource>("aelis.location")
+		expect(source?.lastLocation?.lat).toBe(51.5074)
+	})
+
+	test("subscribe receives updates after location push", async () => {
+		const manager = new UserSessionManager({ providers: [locationProvider] })
+		const callback = mock()
+
+		const session = await manager.getOrCreate("user-1")
+		session.engine.subscribe(callback)
+
+		await session.engine.executeAction("aelis.location", "update-location", {
+			lat: 51.5074,
+			lng: -0.1278,
+			accuracy: 10,
+			timestamp: new Date(),
+		})
+
+		// Wait for async update propagation
+		await new Promise((resolve) => setTimeout(resolve, 10))
+
+		expect(callback).toHaveBeenCalled()
+	})
+
+	test("remove stops reactive updates", async () => {
+		const manager = new UserSessionManager({ providers: [locationProvider] })
+		const callback = mock()
+
+		const session = await manager.getOrCreate("user-1")
+		session.engine.subscribe(callback)
+
+		manager.remove("user-1")
+
+		// Create new session and push location — old callback should not fire
+		const session2 = await manager.getOrCreate("user-1")
+		await session2.engine.executeAction("aelis.location", "update-location", {
+			lat: 51.5074,
+			lng: -0.1278,
+			accuracy: 10,
+			timestamp: new Date(),
+		})
+
+		await new Promise((resolve) => setTimeout(resolve, 10))
+
+		expect(callback).not.toHaveBeenCalled()
+	})
+
+	test("creates session with successful providers when some fail", async () => {
+		const failingProvider: FeedSourceProvider = {
+			sourceId: "aelis.failing",
+			async feedSourceForUser() {
+				throw new Error("provider failed")
+			},
+		}
+
+		const manager = new UserSessionManager({
+			providers: [locationProvider, failingProvider],
+		})
+
+		const spy = spyOn(console, "error").mockImplementation(() => {})
+
+		const session = await manager.getOrCreate("user-1")
+
+		expect(session).toBeDefined()
+		expect(session.getSource("aelis.location")).toBeDefined()
+		expect(spy).toHaveBeenCalled()
+
+		spy.mockRestore()
+	})
+
+	test("throws AggregateError when all providers fail", async () => {
+		const manager = new UserSessionManager({
+			providers: [
+				{
+					sourceId: "aelis.fail-1",
+					async feedSourceForUser() {
+						throw new Error("first failed")
+					},
+				},
+				{
+					sourceId: "aelis.fail-2",
+					async feedSourceForUser() {
+						throw new Error("second failed")
+					},
+				},
+			],
+		})
+
+		await expect(manager.getOrCreate("user-1")).rejects.toBeInstanceOf(AggregateError)
+	})
+
+	test("concurrent getOrCreate for same user returns same session", async () => {
+		let callCount = 0
+		const manager = new UserSessionManager({
+			providers: [
+				{
+					sourceId: "aelis.location",
+					async feedSourceForUser() {
+						callCount++
+						await new Promise((resolve) => setTimeout(resolve, 10))
+						return new LocationSource()
+					},
+				},
+			],
+		})
+
+		const [session1, session2] = await Promise.all([
+			manager.getOrCreate("user-1"),
+			manager.getOrCreate("user-1"),
+		])
+
+		expect(session1).toBe(session2)
+		expect(callCount).toBe(1)
+	})
+
+	test("remove during in-flight getOrCreate prevents session from being stored", async () => {
+		let resolveProvider: () => void
+		const providerGate = new Promise<void>((r) => {
+			resolveProvider = r
+		})
+
+		const manager = new UserSessionManager({
+			providers: [
+				{
+					sourceId: "aelis.location",
+					async feedSourceForUser() {
+						await providerGate
+						return new LocationSource()
+					},
+				},
+			],
+		})
+
+		const sessionPromise = manager.getOrCreate("user-1")
+
+		// remove() while provider is still resolving
+		manager.remove("user-1")
+
+		// Let the provider finish
+		resolveProvider!()
+
+		await expect(sessionPromise).rejects.toThrow("removed during creation")
+
+		// A fresh getOrCreate should produce a new session, not the cancelled one
+		const freshSession = await manager.getOrCreate("user-1")
+		expect(freshSession).toBeDefined()
+		expect(freshSession.engine).toBeDefined()
+	})
+})
+
+describe("UserSessionManager.replaceProvider", () => {
+	test("replaces source in all active sessions", async () => {
+		const itemsV1: FeedItem[] = [
+			{
+				id: "v1",
+				sourceId: "test",
+				type: "test",
+				timestamp: new Date(),
+				data: { version: 1 },
+			},
+		]
+		const itemsV2: FeedItem[] = [
+			{
+				id: "v2",
+				sourceId: "test",
+				type: "test",
+				timestamp: new Date(),
+				data: { version: 2 },
+			},
+		]
+
+		const providerV1 = createStubProvider("test", async () => createStubSource("test", itemsV1))
+		const manager = new UserSessionManager({ providers: [providerV1] })
+
+		const session1 = await manager.getOrCreate("user-1")
+		const session2 = await manager.getOrCreate("user-2")
+
+		// Verify v1 items
+		const feed1 = await session1.feed()
+		expect(feed1.items[0]!.data.version).toBe(1)
+
+		// Replace provider
+		const providerV2 = createStubProvider("test", async () => createStubSource("test", itemsV2))
+		await manager.replaceProvider(providerV2)
+
+		// Both sessions should now serve v2 items
+		const feed1After = await session1.feed()
+		const feed2After = await session2.feed()
+		expect(feed1After.items[0]!.data.version).toBe(2)
+		expect(feed2After.items[0]!.data.version).toBe(2)
+	})
+
+	test("throws for unknown provider sourceId", async () => {
+		const manager = new UserSessionManager({ providers: [locationProvider] })
+
+		const unknownProvider = createStubProvider("aelis.unknown")
+
+		await expect(manager.replaceProvider(unknownProvider)).rejects.toThrow(
+			"no existing provider with that sourceId",
+		)
+	})
+
+	test("removes source from session when new provider fails for a user", async () => {
+		const providerV1 = createStubProvider("test", async () => createStubSource("test"))
+		const manager = new UserSessionManager({ providers: [providerV1] })
+
+		const session = await manager.getOrCreate("user-1")
+		expect(session.getSource("test")).toBeDefined()
+
+		const spy = spyOn(console, "error").mockImplementation(() => {})
+
+		const failingProvider = createStubProvider("test", async () => {
+			throw new Error("source disabled")
+		})
+		await manager.replaceProvider(failingProvider)
+
+		expect(session.getSource("test")).toBeUndefined()
+		expect(spy).toHaveBeenCalled()
+
+		spy.mockRestore()
+	})
+
+	test("new sessions use the replaced provider", async () => {
+		const itemsV1: FeedItem[] = [
+			{
+				id: "v1",
+				sourceId: "test",
+				type: "test",
+				timestamp: new Date(),
+				data: { version: 1 },
+			},
+		]
+		const itemsV2: FeedItem[] = [
+			{
+				id: "v2",
+				sourceId: "test",
+				type: "test",
+				timestamp: new Date(),
+				data: { version: 2 },
+			},
+		]
+
+		const providerV1 = createStubProvider("test", async () => createStubSource("test", itemsV1))
+		const manager = new UserSessionManager({ providers: [providerV1] })
+
+		const providerV2 = createStubProvider("test", async () => createStubSource("test", itemsV2))
+		await manager.replaceProvider(providerV2)
+
+		// New session should use v2
+		const session = await manager.getOrCreate("user-new")
+		const feed = await session.feed()
+		expect(feed.items[0]!.data.version).toBe(2)
+	})
+
+	test("does not affect other providers' sources", async () => {
+		const providerA = createStubProvider("source-a", async () =>
+			createStubSource("source-a", [
+				{
+					id: "a-1",
+					sourceId: "source-a",
+					type: "test",
+					timestamp: new Date(),
+					data: { from: "a" },
+				},
+			]),
+		)
+		const providerB = createStubProvider("source-b", async () =>
+			createStubSource("source-b", [
+				{
+					id: "b-1",
+					sourceId: "source-b",
+					type: "test",
+					timestamp: new Date(),
+					data: { from: "b" },
+				},
+			]),
+		)
+
+		const manager = new UserSessionManager({ providers: [providerA, providerB] })
+		const session = await manager.getOrCreate("user-1")
+
+		// Replace only source-a
+		const providerA2 = createStubProvider("source-a", async () =>
+			createStubSource("source-a", [
+				{
+					id: "a-2",
+					sourceId: "source-a",
+					type: "test",
+					timestamp: new Date(),
+					data: { from: "a-new" },
+				},
+			]),
+		)
+		await manager.replaceProvider(providerA2)
+
+		// source-b should be unaffected
+		expect(session.getSource("source-b")).toBeDefined()
+		const feed = await session.feed()
+		const ids = feed.items.map((i) => i.id).sort()
+		expect(ids).toEqual(["a-2", "b-1"])
+	})
+
+	test("updates sessions that are still being created", async () => {
+		const itemsV1: FeedItem[] = [
+			{
+				id: "v1",
+				sourceId: "test",
+				type: "test",
+				timestamp: new Date(),
+				data: { version: 1 },
+			},
+		]
+		const itemsV2: FeedItem[] = [
+			{
+				id: "v2",
+				sourceId: "test",
+				type: "test",
+				timestamp: new Date(),
+				data: { version: 2 },
+			},
+		]
+
+		let resolveCreation: () => void
+		const creationGate = new Promise<void>((r) => {
+			resolveCreation = r
+		})
+
+		const providerV1 = createStubProvider("test", async () => {
+			await creationGate
+			return createStubSource("test", itemsV1)
+		})
+		const manager = new UserSessionManager({ providers: [providerV1] })
+
+		// Start session creation but don't let it finish yet
+		const sessionPromise = manager.getOrCreate("user-1")
+
+		// Replace provider while session is still pending
+		const providerV2 = createStubProvider("test", async () => createStubSource("test", itemsV2))
+		const replacePromise = manager.replaceProvider(providerV2)
+
+		// Let the original creation finish
+		resolveCreation!()
+
+		const session = await sessionPromise
+		await replacePromise
+
+		// Session should have been updated to v2
+		const feed = await session.feed()
+		expect(feed.items[0]!.data.version).toBe(2)
+	})
+})

apps/aelis-backend/src/session/user-session-manager.ts

@@ -0,0 +1,139 @@
+import type { FeedSource } from "@aelis/core"
+
+import type { FeedEnhancer } from "../enhancement/enhance-feed.ts"
+import type { FeedSourceProvider } from "./feed-source-provider.ts"
+
+import { UserSession } from "./user-session.ts"
+
+export interface UserSessionManagerConfig {
+	providers: FeedSourceProvider[]
+	feedEnhancer?: FeedEnhancer | null
+}
+
+export class UserSessionManager {
+	private sessions = new Map<string, { userId: string; session: UserSession }>()
+	private pending = new Map<string, Promise<UserSession>>()
+	private readonly providers = new Map<string, FeedSourceProvider>()
+	private readonly feedEnhancer: FeedEnhancer | null
+
+	constructor(config: UserSessionManagerConfig) {
+		for (const provider of config.providers) {
+			this.providers.set(provider.sourceId, provider)
+		}
+		this.feedEnhancer = config.feedEnhancer ?? null
+	}
+
+	async getOrCreate(userId: string): Promise<UserSession> {
+		const existing = this.sessions.get(userId)
+		if (existing) return existing.session
+
+		const inflight = this.pending.get(userId)
+		if (inflight) return inflight
+
+		const promise = this.createSession(userId)
+		this.pending.set(userId, promise)
+		try {
+			const session = await promise
+			// If remove() was called while we were awaiting, it clears the
+			// pending entry. Detect that and destroy the session immediately.
+			if (!this.pending.has(userId)) {
+				session.destroy()
+				throw new Error(`Session for user ${userId} was removed during creation`)
+			}
+			this.sessions.set(userId, { userId, session })
+			return session
+		} finally {
+			this.pending.delete(userId)
+		}
+	}
+
+	remove(userId: string): void {
+		const entry = this.sessions.get(userId)
+		if (entry) {
+			entry.session.destroy()
+			this.sessions.delete(userId)
+		}
+		// Cancel any in-flight creation so getOrCreate won't store the session
+		this.pending.delete(userId)
+	}
+
+	/**
+	 * Replaces a provider and updates all active sessions.
+	 * The new provider must have the same sourceId as an existing one.
+	 * For each active session, resolves a new source from the provider.
+	 * If the provider fails for a user, the old source is removed from that session.
+	 */
+	async replaceProvider(provider: FeedSourceProvider): Promise<void> {
+		if (!this.providers.has(provider.sourceId)) {
+			throw new Error(
+				`Cannot replace provider "${provider.sourceId}": no existing provider with that sourceId`,
+			)
+		}
+
+		this.providers.set(provider.sourceId, provider)
+
+		const updates: Promise<void>[] = []
+
+		for (const [, { userId, session }] of this.sessions) {
+			updates.push(this.updateSessionSource(provider, userId, session))
+		}
+
+		// Also update sessions that are currently being created so they
+		// don't land in this.sessions with a stale source.
+		for (const [userId, pendingPromise] of this.pending) {
+			updates.push(
+				pendingPromise
+					.then((session) => this.updateSessionSource(provider, userId, session))
+					.catch(() => {
+						// Session creation itself failed — nothing to update.
+					}),
+			)
+		}
+
+		await Promise.all(updates)
+	}
+
+	private async updateSessionSource(
+		provider: FeedSourceProvider,
+		userId: string,
+		session: UserSession,
+	): Promise<void> {
+		try {
+			const newSource = await provider.feedSourceForUser(userId)
+			session.replaceSource(provider.sourceId, newSource)
+		} catch (err) {
+			console.error(
+				`[UserSessionManager] replaceProvider("${provider.sourceId}") failed for user ${userId}:`,
+				err,
+			)
+			session.removeSource(provider.sourceId)
+		}
+	}
+
+	private async createSession(userId: string): Promise<UserSession> {
+		const results = await Promise.allSettled(
+			Array.from(this.providers.values()).map((p) => p.feedSourceForUser(userId)),
+		)
+
+		const sources: FeedSource[] = []
+		const errors: unknown[] = []
+
+		for (const result of results) {
+			if (result.status === "fulfilled") {
+				sources.push(result.value)
+			} else {
+				errors.push(result.reason)
+			}
+		}
+
+		if (sources.length === 0 && errors.length > 0) {
+			throw new AggregateError(errors, "All feed source providers failed")
+		}
+
+		for (const error of errors) {
+			console.error("[UserSessionManager] Feed source provider failed:", error)
+		}
+
+		return new UserSession(sources, this.feedEnhancer)
+	}
+}

apps/aelis-backend/src/session/user-session.test.ts

@@ -0,0 +1,388 @@
+import type { ActionDefinition, ContextEntry, FeedItem, FeedSource } from "@aelis/core"
+
+import { LocationSource } from "@aelis/source-location"
+import { describe, expect, test } from "bun:test"
+
+import { UserSession } from "./user-session.ts"
+
+function createStubSource(id: string, items: FeedItem[] = []): FeedSource {
+	return {
+		id,
+		async listActions(): Promise<Record<string, ActionDefinition>> {
+			return {}
+		},
+		async executeAction(): Promise<unknown> {
+			return undefined
+		},
+		async fetchContext(): Promise<readonly ContextEntry[] | null> {
+			return null
+		},
+		async fetchItems() {
+			return items
+		},
+	}
+}
+
+describe("UserSession", () => {
+	test("registers sources and starts engine", async () => {
+		const session = new UserSession([createStubSource("test-a"), createStubSource("test-b")])
+
+		const result = await session.engine.refresh()
+
+		expect(result.errors).toHaveLength(0)
+	})
+
+	test("getSource returns registered source", () => {
+		const location = new LocationSource()
+		const session = new UserSession([location])
+
+		const result = session.getSource<LocationSource>("aelis.location")
+
+		expect(result).toBe(location)
+	})
+
+	test("getSource returns undefined for unknown source", () => {
+		const session = new UserSession([createStubSource("test")])
+
+		expect(session.getSource("unknown")).toBeUndefined()
+	})
+
+	test("destroy stops engine and clears sources", () => {
+		const session = new UserSession([createStubSource("test")])
+
+		session.destroy()
+
+		expect(session.getSource("test")).toBeUndefined()
+	})
+
+	test("engine.executeAction routes to correct source", async () => {
+		const location = new LocationSource()
+		const session = new UserSession([location])
+
+		await session.engine.executeAction("aelis.location", "update-location", {
+			lat: 51.5,
+			lng: -0.1,
+			accuracy: 10,
+			timestamp: new Date(),
+		})
+
+		expect(location.lastLocation).toBeDefined()
+		expect(location.lastLocation!.lat).toBe(51.5)
+	})
+})
+
+describe("UserSession.feed", () => {
+	test("returns feed items without enhancer", async () => {
+		const items: FeedItem[] = [
+			{
+				id: "item-1",
+				sourceId: "test",
+				type: "test",
+				timestamp: new Date("2025-01-01T00:00:00.000Z"),
+				data: { value: 42 },
+			},
+		]
+		const session = new UserSession([createStubSource("test", items)])
+
+		const result = await session.feed()
+
+		expect(result.items).toHaveLength(1)
+		expect(result.items[0]!.id).toBe("item-1")
+	})
+
+	test("returns enhanced items when enhancer is provided", async () => {
+		const items: FeedItem[] = [
+			{
+				id: "item-1",
+				sourceId: "test",
+				type: "test",
+				timestamp: new Date("2025-01-01T00:00:00.000Z"),
+				data: { value: 42 },
+			},
+		]
+		const enhancer = async (feedItems: FeedItem[]) =>
+			feedItems.map((item) => ({ ...item, data: { ...item.data, enhanced: true } }))
+
+		const session = new UserSession([createStubSource("test", items)], enhancer)
+
+		const result = await session.feed()
+
+		expect(result.items).toHaveLength(1)
+		expect(result.items[0]!.data.enhanced).toBe(true)
+	})
+
+	test("caches enhanced items on subsequent calls", async () => {
+		const items: FeedItem[] = [
+			{
+				id: "item-1",
+				sourceId: "test",
+				type: "test",
+				timestamp: new Date("2025-01-01T00:00:00.000Z"),
+				data: { value: 42 },
+			},
+		]
+		let enhancerCallCount = 0
+		const enhancer = async (feedItems: FeedItem[]) => {
+			enhancerCallCount++
+			return feedItems.map((item) => ({ ...item, data: { ...item.data, enhanced: true } }))
+		}
+
+		const session = new UserSession([createStubSource("test", items)], enhancer)
+
+		const result1 = await session.feed()
+		expect(result1.items[0]!.data.enhanced).toBe(true)
+		expect(enhancerCallCount).toBe(1)
+
+		const result2 = await session.feed()
+		expect(result2.items[0]!.data.enhanced).toBe(true)
+		expect(enhancerCallCount).toBe(1)
+	})
+
+	test("re-enhances after engine refresh with new data", async () => {
+		let currentItems: FeedItem[] = [
+			{
+				id: "item-1",
+				sourceId: "test",
+				type: "test",
+				timestamp: new Date("2025-01-01T00:00:00.000Z"),
+				data: { version: 1 },
+			},
+		]
+		const source = createStubSource("test", currentItems)
+		// Make fetchItems dynamic so refresh returns new data
+		source.fetchItems = async () => currentItems
+
+		const enhancedVersions: number[] = []
+		const enhancer = async (feedItems: FeedItem[]) => {
+			const version = feedItems[0]!.data.version as number
+			enhancedVersions.push(version)
+			return feedItems.map((item) => ({
+				...item,
+				data: { ...item.data, enhanced: true },
+			}))
+		}
+
+		const session = new UserSession([source], enhancer)
+
+		// First feed triggers refresh + enhancement
+		const result1 = await session.feed()
+		expect(result1.items[0]!.data.version).toBe(1)
+		expect(result1.items[0]!.data.enhanced).toBe(true)
+
+		// Update source data and trigger engine refresh
+		currentItems = [
+			{
+				id: "item-1",
+				sourceId: "test",
+				type: "test",
+				timestamp: new Date("2025-01-02T00:00:00.000Z"),
+				data: { version: 2 },
+			},
+		]
+		await session.engine.refresh()
+
+		// Wait for subscriber-triggered background enhancement
+		await new Promise((resolve) => setTimeout(resolve, 10))
+
+		// feed() should now serve re-enhanced items with version 2
+		const result2 = await session.feed()
+		expect(result2.items[0]!.data.version).toBe(2)
+		expect(result2.items[0]!.data.enhanced).toBe(true)
+		expect(enhancedVersions).toEqual([1, 2])
+	})
+
+	test("falls back to unenhanced items when enhancer throws", async () => {
+		const items: FeedItem[] = [
+			{
+				id: "item-1",
+				sourceId: "test",
+				type: "test",
+				timestamp: new Date("2025-01-01T00:00:00.000Z"),
+				data: { value: 42 },
+			},
+		]
+		const enhancer = async () => {
+			throw new Error("enhancement exploded")
+		}
+
+		const session = new UserSession([createStubSource("test", items)], enhancer)
+
+		const result = await session.feed()
+
+		expect(result.items).toHaveLength(1)
+		expect(result.items[0]!.id).toBe("item-1")
+		expect(result.items[0]!.data.value).toBe(42)
+	})
+})
+
+describe("UserSession.replaceSource", () => {
+	test("replaces source and invalidates feed cache", async () => {
+		const itemsA: FeedItem[] = [
+			{
+				id: "a-1",
+				sourceId: "test",
+				type: "test",
+				timestamp: new Date("2025-01-01T00:00:00.000Z"),
+				data: { from: "a" },
+			},
+		]
+		const itemsB: FeedItem[] = [
+			{
+				id: "b-1",
+				sourceId: "test",
+				type: "test",
+				timestamp: new Date("2025-01-01T00:00:00.000Z"),
+				data: { from: "b" },
+			},
+		]
+
+		const sourceA = createStubSource("test", itemsA)
+		const session = new UserSession([sourceA])
+
+		const result1 = await session.feed()
+		expect(result1.items).toHaveLength(1)
+		expect(result1.items[0]!.data.from).toBe("a")
+
+		const sourceB = createStubSource("test", itemsB)
+		session.replaceSource("test", sourceB)
+
+		const result2 = await session.feed()
+		expect(result2.items).toHaveLength(1)
+		expect(result2.items[0]!.data.from).toBe("b")
+	})
+
+	test("getSource returns new source after replace", () => {
+		const sourceA = createStubSource("test")
+		const session = new UserSession([sourceA])
+
+		const sourceB = createStubSource("test")
+		session.replaceSource("test", sourceB)
+
+		expect(session.getSource("test")).toBe(sourceB)
+		expect(session.getSource("test")).not.toBe(sourceA)
+	})
+
+	test("throws when replacing a source that is not registered", () => {
+		const session = new UserSession([createStubSource("test")])
+
+		expect(() => session.replaceSource("nonexistent", createStubSource("other"))).toThrow(
+			'Cannot replace source "nonexistent": not registered',
+		)
+	})
+
+	test("other sources are unaffected by replace", async () => {
+		const sourceA = createStubSource("source-a", [
+			{
+				id: "a-1",
+				sourceId: "source-a",
+				type: "test",
+				timestamp: new Date(),
+				data: { from: "a" },
+			},
+		])
+		const sourceB = createStubSource("source-b", [
+			{
+				id: "b-1",
+				sourceId: "source-b",
+				type: "test",
+				timestamp: new Date(),
+				data: { from: "b" },
+			},
+		])
+		const session = new UserSession([sourceA, sourceB])
+
+		const replacement = createStubSource("source-a", [
+			{
+				id: "a-2",
+				sourceId: "source-a",
+				type: "test",
+				timestamp: new Date(),
+				data: { from: "a-new" },
+			},
+		])
+		session.replaceSource("source-a", replacement)
+
+		const result = await session.feed()
+		expect(result.items).toHaveLength(2)
+
+		const ids = result.items.map((i) => i.id).sort()
+		expect(ids).toEqual(["a-2", "b-1"])
+	})
+
+	test("invalidates enhancement cache on replace", async () => {
+		const items: FeedItem[] = [
+			{
+				id: "item-1",
+				sourceId: "test",
+				type: "test",
+				timestamp: new Date(),
+				data: { version: 1 },
+			},
+		]
+		let enhanceCount = 0
+		const enhancer = async (feedItems: FeedItem[]) => {
+			enhanceCount++
+			return feedItems.map((item) => ({ ...item, data: { ...item.data, enhanced: true } }))
+		}
+
+		const session = new UserSession([createStubSource("test", items)], enhancer)
+
+		await session.feed()
+		expect(enhanceCount).toBe(1)
+
+		const newItems: FeedItem[] = [
+			{
+				id: "item-2",
+				sourceId: "test",
+				type: "test",
+				timestamp: new Date(),
+				data: { version: 2 },
+			},
+		]
+		session.replaceSource("test", createStubSource("test", newItems))
+
+		const result = await session.feed()
+		expect(enhanceCount).toBe(2)
+		expect(result.items[0]!.id).toBe("item-2")
+		expect(result.items[0]!.data.enhanced).toBe(true)
+	})
+})
+
+describe("UserSession.removeSource", () => {
+	test("removes source from engine and sources map", () => {
+		const session = new UserSession([createStubSource("test-a"), createStubSource("test-b")])
+
+		session.removeSource("test-a")
+
+		expect(session.getSource("test-a")).toBeUndefined()
+		expect(session.getSource("test-b")).toBeDefined()
+	})
+
+	test("invalidates feed cache on remove", async () => {
+		const items: FeedItem[] = [
+			{
+				id: "item-1",
+				sourceId: "test",
+				type: "test",
+				timestamp: new Date(),
+				data: {},
+			},
+		]
+		const session = new UserSession([createStubSource("test", items)])
+
+		const result1 = await session.feed()
+		expect(result1.items).toHaveLength(1)
+
+		session.removeSource("test")
+
+		const result2 = await session.feed()
+		expect(result2.items).toHaveLength(0)
+	})
+
+	test("is a no-op for unknown source", () => {
+		const session = new UserSession([createStubSource("test")])
+
+		expect(() => session.removeSource("unknown")).not.toThrow()
+		expect(session.getSource("test")).toBeDefined()
+	})
+})

apps/aelis-backend/src/session/user-session.ts

@@ -0,0 +1,157 @@
+import { FeedEngine, type FeedItem, type FeedResult, type FeedSource } from "@aelis/core"
+
+import type { FeedEnhancer } from "../enhancement/enhance-feed.ts"
+
+export class UserSession {
+	readonly engine: FeedEngine
+	private sources = new Map<string, FeedSource>()
+	private readonly enhancer: FeedEnhancer | null
+	private enhancedItems: FeedItem[] | null = null
+	/** The FeedResult that enhancedItems was derived from. */
+	private enhancedSource: FeedResult | null = null
+	private enhancingPromise: Promise<void> | null = null
+	private unsubscribe: (() => void) | null = null
+
+	constructor(sources: FeedSource[], enhancer?: FeedEnhancer | null) {
+		this.engine = new FeedEngine()
+		this.enhancer = enhancer ?? null
+		for (const source of sources) {
+			this.sources.set(source.id, source)
+			this.engine.register(source)
+		}
+
+		if (this.enhancer) {
+			this.unsubscribe = this.engine.subscribe((result) => {
+				this.invalidateEnhancement()
+				this.runEnhancement(result)
+			})
+		}
+
+		this.engine.start()
+	}
+
+	/**
+	 * Returns the current feed, refreshing if the engine cache expired.
+	 * Enhancement runs eagerly on engine updates; this method awaits
+	 * any in-flight enhancement or triggers one if needed.
+	 */
+	async feed(): Promise<FeedResult> {
+		const cached = this.engine.lastFeed()
+		const result = cached ?? (await this.engine.refresh())
+
+		if (!this.enhancer) {
+			return result
+		}
+
+		// Wait for any in-flight background enhancement to finish
+		if (this.enhancingPromise) {
+			await this.enhancingPromise
+		}
+
+		// Serve cached enhancement only if it matches the current engine result
+		if (this.enhancedItems && this.enhancedSource === result) {
+			return { ...result, items: this.enhancedItems }
+		}
+
+		// Stale or missing — re-enhance
+		await this.runEnhancement(result)
+
+		if (this.enhancedItems) {
+			return { ...result, items: this.enhancedItems }
+		}
+
+		return result
+	}
+
+	getSource<T extends FeedSource>(sourceId: string): T | undefined {
+		return this.sources.get(sourceId) as T | undefined
+	}
+
+	/**
+	 * Replaces a source in the engine and invalidates all caches.
+	 * Stops and restarts the engine to re-establish reactive subscriptions.
+	 */
+	replaceSource(oldSourceId: string, newSource: FeedSource): void {
+		if (!this.sources.has(oldSourceId)) {
+			throw new Error(`Cannot replace source "${oldSourceId}": not registered`)
+		}
+
+		const wasStarted = this.engine.isStarted()
+
+		if (wasStarted) {
+			this.engine.stop()
+		}
+
+		this.engine.unregister(oldSourceId)
+		this.sources.delete(oldSourceId)
+
+		this.engine.register(newSource)
+		this.sources.set(newSource.id, newSource)
+
+		this.invalidateEnhancement()
+		this.enhancingPromise = null
+
+		if (wasStarted) {
+			this.engine.start()
+		}
+	}
+
+	/**
+	 * Removes a source from the engine and invalidates all caches.
+	 * Stops and restarts the engine to clean up reactive subscriptions.
+	 */
+	removeSource(sourceId: string): void {
+		if (!this.sources.has(sourceId)) return
+
+		const wasStarted = this.engine.isStarted()
+
+		if (wasStarted) {
+			this.engine.stop()
+		}
+
+		this.engine.unregister(sourceId)
+		this.sources.delete(sourceId)
+
+		this.invalidateEnhancement()
+		this.enhancingPromise = null
+
+		if (wasStarted) {
+			this.engine.start()
+		}
+	}
+
+	destroy(): void {
+		this.unsubscribe?.()
+		this.unsubscribe = null
+		this.engine.stop()
+		this.sources.clear()
+		this.invalidateEnhancement()
+		this.enhancingPromise = null
+	}
+
+	private invalidateEnhancement(): void {
+		this.enhancedItems = null
+		this.enhancedSource = null
+	}
+
+	private runEnhancement(result: FeedResult): Promise<void> {
+		const promise = this.enhance(result)
+		this.enhancingPromise = promise
+		promise.finally(() => {
+			if (this.enhancingPromise === promise) {
+				this.enhancingPromise = null
+			}
+		})
+		return promise
+	}
+
+	private async enhance(result: FeedResult): Promise<void> {
+		try {
+			this.enhancedItems = await this.enhancer!(result.items)
+			this.enhancedSource = result
+		} catch (err) {
+			console.error("[enhancement] Unexpected error:", err)
+			this.invalidateEnhancement()
+		}
+	}
+}

apps/aelis-backend/src/sources/errors.ts

@@ -0,0 +1,32 @@
+/**
+ * Thrown by a FeedSourceProvider when the source is not enabled for a user.
+ *
+ * UserSessionManager's Promise.allSettled handles this gracefully —
+ * the source is excluded from the session without crashing.
+ */
+export class SourceDisabledError extends Error {
+	readonly sourceId: string
+	readonly userId: string
+
+	constructor(sourceId: string, userId: string) {
+		super(`Source "${sourceId}" is not enabled for user "${userId}"`)
+		this.name = "SourceDisabledError"
+		this.sourceId = sourceId
+		this.userId = userId
+	}
+}
+
+/**
+ * Thrown when an operation targets a user source that doesn't exist.
+ */
+export class SourceNotFoundError extends Error {
+	readonly sourceId: string
+	readonly userId: string
+
+	constructor(sourceId: string, userId: string) {
+		super(`Source "${sourceId}" not found for user "${userId}"`)
+		this.name = "SourceNotFoundError"
+		this.sourceId = sourceId
+		this.userId = userId
+	}
+}

apps/aelis-backend/src/sources/user-sources.ts

@@ -0,0 +1,79 @@
+import { and, eq } from "drizzle-orm"
+
+import type { Database } from "../db/index.ts"
+
+import { userSources } from "../db/schema.ts"
+import { SourceNotFoundError } from "./errors.ts"
+
+export function sources(db: Database, userId: string) {
+	return {
+		/** Returns all enabled sources for the user. */
+		async enabled() {
+			return db
+				.select()
+				.from(userSources)
+				.where(and(eq(userSources.userId, userId), eq(userSources.enabled, true)))
+		},
+
+		/** Returns a specific source by ID, or undefined. */
+		async find(sourceId: string) {
+			const rows = await db
+				.select()
+				.from(userSources)
+				.where(and(eq(userSources.userId, userId), eq(userSources.sourceId, sourceId)))
+				.limit(1)
+
+			return rows[0]
+		},
+
+		/** Enables a source for the user. Throws if the source row doesn't exist. */
+		async enableSource(sourceId: string) {
+			const rows = await db
+				.update(userSources)
+				.set({ enabled: true, updatedAt: new Date() })
+				.where(and(eq(userSources.userId, userId), eq(userSources.sourceId, sourceId)))
+				.returning({ id: userSources.id })
+
+			if (rows.length === 0) {
+				throw new SourceNotFoundError(sourceId, userId)
+			}
+		},
+
+		/** Disables a source for the user. Throws if the source row doesn't exist. */
+		async disableSource(sourceId: string) {
+			const rows = await db
+				.update(userSources)
+				.set({ enabled: false, updatedAt: new Date() })
+				.where(and(eq(userSources.userId, userId), eq(userSources.sourceId, sourceId)))
+				.returning({ id: userSources.id })
+
+			if (rows.length === 0) {
+				throw new SourceNotFoundError(sourceId, userId)
+			}
+		},
+
+		/** Creates or updates the config for a source. */
+		async upsertConfig(sourceId: string, config: Record<string, unknown>) {
+			await db
+				.insert(userSources)
+				.values({ userId, sourceId, config })
+				.onConflictDoUpdate({
+					target: [userSources.userId, userSources.sourceId],
+					set: { config, updatedAt: new Date() },
+				})
+		},
+
+		/** Updates the encrypted credentials for a source. Throws if the source row doesn't exist. */
+		async updateCredentials(sourceId: string, credentials: Buffer) {
+			const rows = await db
+				.update(userSources)
+				.set({ credentials, updatedAt: new Date() })
+				.where(and(eq(userSources.userId, userId), eq(userSources.sourceId, sourceId)))
+				.returning({ id: userSources.id })
+
+			if (rows.length === 0) {
+				throw new SourceNotFoundError(sourceId, userId)
+			}
+		},
+	}
+}

apps/aelis-backend/src/tfl/provider.ts

@@ -0,0 +1,48 @@
+import { TflSource, type ITflApi, type TflLineId } from "@aelis/source-tfl"
+import { type } from "arktype"
+
+import type { Database } from "../db/index.ts"
+import type { FeedSourceProvider } from "../session/feed-source-provider.ts"
+
+import { SourceDisabledError } from "../sources/errors.ts"
+import { sources } from "../sources/user-sources.ts"
+
+export type TflSourceProviderOptions =
+	| { db: Database; apiKey: string; client?: never }
+	| { db: Database; apiKey?: never; client: ITflApi }
+
+const tflConfig = type({
+	"lines?": "string[]",
+})
+
+export class TflSourceProvider implements FeedSourceProvider {
+	readonly sourceId = "aelis.tfl"
+	private readonly db: Database
+	private readonly apiKey: string | undefined
+	private readonly client: ITflApi | undefined
+
+	constructor(options: TflSourceProviderOptions) {
+		this.db = options.db
+		this.apiKey = "apiKey" in options ? options.apiKey : undefined
+		this.client = "client" in options ? options.client : undefined
+	}
+
+	async feedSourceForUser(userId: string): Promise<TflSource> {
+		const row = await sources(this.db, userId).find("aelis.tfl")
+
+		if (!row || !row.enabled) {
+			throw new SourceDisabledError("aelis.tfl", userId)
+		}
+
+		const parsed = tflConfig(row.config ?? {})
+		if (parsed instanceof type.errors) {
+			throw new Error(`Invalid TFL config for user ${userId}: ${parsed.summary}`)
+		}
+
+		return new TflSource({
+			apiKey: this.apiKey,
+			client: this.client,
+			lines: parsed.lines as TflLineId[] | undefined,
+		})
+	}
+}

apps/aelis-backend/src/weather/provider.ts

@@ -0,0 +1,54 @@
+import { WeatherSource, type WeatherSourceOptions } from "@aelis/source-weatherkit"
+import { type } from "arktype"
+
+import type { Database } from "../db/index.ts"
+import type { FeedSourceProvider } from "../session/feed-source-provider.ts"
+
+import { SourceDisabledError } from "../sources/errors.ts"
+import { sources } from "../sources/user-sources.ts"
+
+export interface WeatherSourceProviderOptions {
+	db: Database
+	credentials: WeatherSourceOptions["credentials"]
+	client?: WeatherSourceOptions["client"]
+}
+
+const weatherConfig = type({
+	"units?": "'metric' | 'imperial'",
+	"hourlyLimit?": "number",
+	"dailyLimit?": "number",
+})
+
+export class WeatherSourceProvider implements FeedSourceProvider {
+	readonly sourceId = "aelis.weather"
+	private readonly db: Database
+	private readonly credentials: WeatherSourceOptions["credentials"]
+	private readonly client: WeatherSourceOptions["client"]
+
+	constructor(options: WeatherSourceProviderOptions) {
+		this.db = options.db
+		this.credentials = options.credentials
+		this.client = options.client
+	}
+
+	async feedSourceForUser(userId: string): Promise<WeatherSource> {
+		const row = await sources(this.db, userId).find("aelis.weather")
+
+		if (!row || !row.enabled) {
+			throw new SourceDisabledError("aelis.weather", userId)
+		}
+
+		const parsed = weatherConfig(row.config ?? {})
+		if (parsed instanceof type.errors) {
+			throw new Error(`Invalid weather config for user ${userId}: ${parsed.summary}`)
+		}
+
+		return new WeatherSource({
+			credentials: this.credentials,
+			client: this.client,
+			units: parsed.units,
+			hourlyLimit: parsed.hourlyLimit,
+			dailyLimit: parsed.dailyLimit,
+		})
+	}
+}

apps/aelis-backend/tsconfig.json

@@ -0,0 +1,4 @@
+{
+	"extends": "../../tsconfig.json",
+	"include": ["src"]
+}

apps/aelis-client/.gitignore

@@ -0,0 +1,43 @@
+# Learn more https://docs.github.com/en/get-started/getting-started-with-git/ignoring-files
+
+# dependencies
+node_modules/
+
+# Expo
+.expo/
+dist/
+web-build/
+expo-env.d.ts
+
+# Native
+.kotlin/
+*.orig.*
+*.jks
+*.p8
+*.p12
+*.key
+*.mobileprovision
+
+# Metro
+.metro-health-check*
+
+# debug
+npm-debug.*
+yarn-debug.*
+yarn-error.*
+
+# macOS
+.DS_Store
+*.pem
+
+# local env files
+.env*.local
+
+# typescript
+*.tsbuildinfo
+
+app-example
+
+# generated native folders
+/ios
+/android

apps/aelis-client/.vscode/extensions.json

@@ -0,0 +1 @@
+{ "recommendations": ["expo.vscode-expo-tools"] }

apps/aelis-client/.vscode/settings.json

@@ -0,0 +1,7 @@
+{
+	"editor.codeActionsOnSave": {
+		"source.fixAll": "explicit",
+		"source.organizeImports": "explicit",
+		"source.sortMembers": "explicit"
+	}
+}

apps/aelis-client/README.md

@@ -0,0 +1,50 @@
+# Welcome to your Expo app 👋
+
+This is an [Expo](https://expo.dev) project created with [`create-expo-app`](https://www.npmjs.com/package/create-expo-app).
+
+## Get started
+
+1. Install dependencies
+
+   ```bash
+   npm install
+   ```
+
+2. Start the app
+
+   ```bash
+   npx expo start
+   ```
+
+In the output, you'll find options to open the app in a
+
+- [development build](https://docs.expo.dev/develop/development-builds/introduction/)
+- [Android emulator](https://docs.expo.dev/workflow/android-studio-emulator/)
+- [iOS simulator](https://docs.expo.dev/workflow/ios-simulator/)
+- [Expo Go](https://expo.dev/go), a limited sandbox for trying out app development with Expo
+
+You can start developing by editing the files inside the **app** directory. This project uses [file-based routing](https://docs.expo.dev/router/introduction).
+
+## Get a fresh project
+
+When you're ready, run:
+
+```bash
+npm run reset-project
+```
+
+This command will move the starter code to the **app-example** directory and create a blank **app** directory where you can start developing.
+
+## Learn more
+
+To learn more about developing your project with Expo, look at the following resources:
+
+- [Expo documentation](https://docs.expo.dev/): Learn fundamentals, or go into advanced topics with our [guides](https://docs.expo.dev/guides).
+- [Learn Expo tutorial](https://docs.expo.dev/tutorial/introduction/): Follow a step-by-step tutorial where you'll create a project that runs on Android, iOS, and the web.
+
+## Join the community
+
+Join our community of developers creating universal apps.
+
+- [Expo on GitHub](https://github.com/expo/expo): View our open source platform and contribute.
+- [Discord community](https://chat.expo.dev): Chat with Expo users and ask questions.

apps/aelis-client/app.json

@@ -0,0 +1,152 @@
+{
+	"expo": {
+		"name": "Aelis",
+		"slug": "aelis-client",
+		"version": "1.0.0",
+		"orientation": "portrait",
+		"icon": "./assets/images/icon.png",
+		"scheme": "aelis",
+		"userInterfaceStyle": "automatic",
+		"newArchEnabled": true,
+		"ios": {
+			"infoPlist": {
+				"NSAppTransportSecurity": {
+					"NSAllowsArbitraryLoads": true
+				},
+				"ITSAppUsesNonExemptEncryption": false
+			},
+			"bundleIdentifier": "sh.nym.aelis"
+		},
+		"android": {
+			"adaptiveIcon": {
+				"backgroundColor": "#E6F4FE",
+				"foregroundImage": "./assets/images/android-icon-foreground.png",
+				"backgroundImage": "./assets/images/android-icon-background.png",
+				"monochromeImage": "./assets/images/android-icon-monochrome.png"
+			},
+			"edgeToEdgeEnabled": true,
+			"predictiveBackGestureEnabled": false,
+			"package": "sh.nym.aelis"
+		},
+		"web": {
+			"output": "static",
+			"favicon": "./assets/images/favicon.png"
+		},
+		"plugins": [
+			"expo-router",
+			[
+				"expo-splash-screen",
+				{
+					"image": "./assets/images/splash-icon.png",
+					"imageWidth": 200,
+					"resizeMode": "contain",
+					"backgroundColor": "#ffffff",
+					"dark": {
+						"backgroundColor": "#000000"
+					}
+				}
+			],
+			[
+				"expo-font",
+				{
+					"android": {
+						"fonts": [
+							{
+								"fontFamily": "Inter",
+								"fontDefinitions": [
+									{ "path": "./assets/fonts/Inter_100Thin.ttf", "weight": 100 },
+									{ "path": "./assets/fonts/Inter_100Thin_Italic.ttf", "weight": 100, "style": "italic" },
+									{ "path": "./assets/fonts/Inter_200ExtraLight.ttf", "weight": 200 },
+									{ "path": "./assets/fonts/Inter_200ExtraLight_Italic.ttf", "weight": 200, "style": "italic" },
+									{ "path": "./assets/fonts/Inter_300Light.ttf", "weight": 300 },
+									{ "path": "./assets/fonts/Inter_300Light_Italic.ttf", "weight": 300, "style": "italic" },
+									{ "path": "./assets/fonts/Inter_400Regular.ttf", "weight": 400 },
+									{ "path": "./assets/fonts/Inter_400Regular_Italic.ttf", "weight": 400, "style": "italic" },
+									{ "path": "./assets/fonts/Inter_500Medium.ttf", "weight": 500 },
+									{ "path": "./assets/fonts/Inter_500Medium_Italic.ttf", "weight": 500, "style": "italic" },
+									{ "path": "./assets/fonts/Inter_600SemiBold.ttf", "weight": 600 },
+									{ "path": "./assets/fonts/Inter_600SemiBold_Italic.ttf", "weight": 600, "style": "italic" },
+									{ "path": "./assets/fonts/Inter_700Bold.ttf", "weight": 700 },
+									{ "path": "./assets/fonts/Inter_700Bold_Italic.ttf", "weight": 700, "style": "italic" },
+									{ "path": "./assets/fonts/Inter_800ExtraBold.ttf", "weight": 800 },
+									{ "path": "./assets/fonts/Inter_800ExtraBold_Italic.ttf", "weight": 800, "style": "italic" },
+									{ "path": "./assets/fonts/Inter_900Black.ttf", "weight": 900 },
+									{ "path": "./assets/fonts/Inter_900Black_Italic.ttf", "weight": 900, "style": "italic" }
+								]
+							},
+							{
+								"fontFamily": "Source Serif 4",
+								"fontDefinitions": [
+									{ "path": "./assets/fonts/SourceSerif4_200ExtraLight.ttf", "weight": 200 },
+									{ "path": "./assets/fonts/SourceSerif4_200ExtraLight_Italic.ttf", "weight": 200, "style": "italic" },
+									{ "path": "./assets/fonts/SourceSerif4_300Light.ttf", "weight": 300 },
+									{ "path": "./assets/fonts/SourceSerif4_300Light_Italic.ttf", "weight": 300, "style": "italic" },
+									{ "path": "./assets/fonts/SourceSerif4_400Regular.ttf", "weight": 400 },
+									{ "path": "./assets/fonts/SourceSerif4_400Regular_Italic.ttf", "weight": 400, "style": "italic" },
+									{ "path": "./assets/fonts/SourceSerif4_500Medium.ttf", "weight": 500 },
+									{ "path": "./assets/fonts/SourceSerif4_500Medium_Italic.ttf", "weight": 500, "style": "italic" },
+									{ "path": "./assets/fonts/SourceSerif4_600SemiBold.ttf", "weight": 600 },
+									{ "path": "./assets/fonts/SourceSerif4_600SemiBold_Italic.ttf", "weight": 600, "style": "italic" },
+									{ "path": "./assets/fonts/SourceSerif4_700Bold.ttf", "weight": 700 },
+									{ "path": "./assets/fonts/SourceSerif4_700Bold_Italic.ttf", "weight": 700, "style": "italic" },
+									{ "path": "./assets/fonts/SourceSerif4_800ExtraBold.ttf", "weight": 800 },
+									{ "path": "./assets/fonts/SourceSerif4_800ExtraBold_Italic.ttf", "weight": 800, "style": "italic" },
+									{ "path": "./assets/fonts/SourceSerif4_900Black.ttf", "weight": 900 },
+									{ "path": "./assets/fonts/SourceSerif4_900Black_Italic.ttf", "weight": 900, "style": "italic" }
+								]
+							}
+						]
+					},
+					"ios": {
+						"fonts": [
+							"./assets/fonts/Inter_100Thin.ttf",
+							"./assets/fonts/Inter_100Thin_Italic.ttf",
+							"./assets/fonts/Inter_200ExtraLight.ttf",
+							"./assets/fonts/Inter_200ExtraLight_Italic.ttf",
+							"./assets/fonts/Inter_300Light.ttf",
+							"./assets/fonts/Inter_300Light_Italic.ttf",
+							"./assets/fonts/Inter_400Regular.ttf",
+							"./assets/fonts/Inter_400Regular_Italic.ttf",
+							"./assets/fonts/Inter_500Medium.ttf",
+							"./assets/fonts/Inter_500Medium_Italic.ttf",
+							"./assets/fonts/Inter_600SemiBold.ttf",
+							"./assets/fonts/Inter_600SemiBold_Italic.ttf",
+							"./assets/fonts/Inter_700Bold.ttf",
+							"./assets/fonts/Inter_700Bold_Italic.ttf",
+							"./assets/fonts/Inter_800ExtraBold.ttf",
+							"./assets/fonts/Inter_800ExtraBold_Italic.ttf",
+							"./assets/fonts/Inter_900Black.ttf",
+							"./assets/fonts/Inter_900Black_Italic.ttf",
+							"./assets/fonts/SourceSerif4_200ExtraLight.ttf",
+							"./assets/fonts/SourceSerif4_200ExtraLight_Italic.ttf",
+							"./assets/fonts/SourceSerif4_300Light.ttf",
+							"./assets/fonts/SourceSerif4_300Light_Italic.ttf",
+							"./assets/fonts/SourceSerif4_400Regular.ttf",
+							"./assets/fonts/SourceSerif4_400Regular_Italic.ttf",
+							"./assets/fonts/SourceSerif4_500Medium.ttf",
+							"./assets/fonts/SourceSerif4_500Medium_Italic.ttf",
+							"./assets/fonts/SourceSerif4_600SemiBold.ttf",
+							"./assets/fonts/SourceSerif4_600SemiBold_Italic.ttf",
+							"./assets/fonts/SourceSerif4_700Bold.ttf",
+							"./assets/fonts/SourceSerif4_700Bold_Italic.ttf",
+							"./assets/fonts/SourceSerif4_800ExtraBold.ttf",
+							"./assets/fonts/SourceSerif4_800ExtraBold_Italic.ttf",
+							"./assets/fonts/SourceSerif4_900Black.ttf",
+							"./assets/fonts/SourceSerif4_900Black_Italic.ttf"
+						]
+					}
+				}
+			]
+		],
+		"experiments": {
+			"typedRoutes": true,
+			"reactCompiler": true
+		},
+		"extra": {
+			"router": {},
+			"eas": {
+				"projectId": "61092d23-36aa-418e-929d-ea40dc912e8f"
+			}
+		}
+	}
+}