diff --git a/CLAUDE.md b/CLAUDE.md
index 06669e2..98017e5 100644
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -83,6 +83,7 @@ for det vi har full kontroll over.
### Native (systemd)
| Tjeneste | Beskrivelse | Deploy |
|----------|-------------|--------|
+| **Caddy** | Reverse proxy + TLS | `sudo systemctl reload caddy` (config: `/srv/synops/config/caddy/Caddyfile`) |
| **maskinrommet** | Rust API + jobbkø | `cargo build --release` → `sudo systemctl restart maskinrommet` |
| **SvelteKit** | Frontend (når klar) | `npm run build` → systemd |
@@ -96,13 +97,14 @@ med Docker container-IPs.
| **PostgreSQL** | Versjonsstyring, enkel oppgradering |
| **SpacetimeDB** | Eksperimentelt, offisielt image |
| **Authentik** | Kompleks stack (server + worker + Redis) |
-| **Caddy** | Enkel TLS-terminering, kan tas native senere |
| **LiteLLM** | Ferdig image, sjelden oppdatering |
| **faster-whisper** | Modellhåndtering, ferdig image |
### Kommunikasjon mellom lagene
-- Caddy (Docker) → maskinrommet (host): via `host.docker.internal:3100`
- (`extra_hosts: host-gateway` i docker-compose + iptables-regel)
+- Caddy (native) → Docker-tjenester: via localhost-porter
+ (Authentik:9000, Forgejo:3000, SpacetimeDB:9080)
+- Caddy (native) → native tjenester: direkte localhost
+ (maskinrommet:3100, SvelteKit:3200)
- Maskinrommet (host) → Docker-tjenester: via container-IP
(løses dynamisk i `maskinrommet-env.sh`)
diff --git a/frontend/package-lock.json b/frontend/package-lock.json
index c3c2093..9c1bdcd 100644
--- a/frontend/package-lock.json
+++ b/frontend/package-lock.json
@@ -8,7 +8,7 @@
"name": "frontend",
"version": "0.0.1",
"dependencies": {
- "@auth/core": "^0.34.3",
+ "@auth/core": "^0.41.1",
"@auth/sveltekit": "^1.11.1",
"@tiptap/core": "^3.20.4",
"@tiptap/extension-image": "^3.20.4",
@@ -32,23 +32,21 @@
}
},
"node_modules/@auth/core": {
- "version": "0.34.3",
- "resolved": "https://registry.npmjs.org/@auth/core/-/core-0.34.3.tgz",
- "integrity": "sha512-jMjY/S0doZnWYNV90x0jmU3B+UcrsfGYnukxYrRbj0CVvGI/MX3JbHsxSrx2d4mbnXaUsqJmAcDfoQWA6r0lOw==",
+ "version": "0.41.1",
+ "resolved": "https://registry.npmjs.org/@auth/core/-/core-0.41.1.tgz",
+ "integrity": "sha512-t9cJ2zNYAdWMacGRMT6+r4xr1uybIdmYa49calBPeTqwgAFPV/88ac9TEvCR85pvATiSPt8VaNf+Gt24JIT/uw==",
"license": "ISC",
"dependencies": {
- "@panva/hkdf": "^1.1.1",
- "@types/cookie": "0.6.0",
- "cookie": "0.6.0",
- "jose": "^5.1.3",
- "oauth4webapi": "^2.10.4",
- "preact": "10.11.3",
- "preact-render-to-string": "5.2.3"
+ "@panva/hkdf": "^1.2.1",
+ "jose": "^6.0.6",
+ "oauth4webapi": "^3.3.0",
+ "preact": "10.24.3",
+ "preact-render-to-string": "6.5.11"
},
"peerDependencies": {
"@simplewebauthn/browser": "^9.0.1",
"@simplewebauthn/server": "^9.0.2",
- "nodemailer": "^7"
+ "nodemailer": "^7.0.7"
},
"peerDependenciesMeta": {
"@simplewebauthn/browser": {
@@ -90,72 +88,6 @@
}
}
},
- "node_modules/@auth/sveltekit/node_modules/@auth/core": {
- "version": "0.41.1",
- "resolved": "https://registry.npmjs.org/@auth/core/-/core-0.41.1.tgz",
- "integrity": "sha512-t9cJ2zNYAdWMacGRMT6+r4xr1uybIdmYa49calBPeTqwgAFPV/88ac9TEvCR85pvATiSPt8VaNf+Gt24JIT/uw==",
- "license": "ISC",
- "dependencies": {
- "@panva/hkdf": "^1.2.1",
- "jose": "^6.0.6",
- "oauth4webapi": "^3.3.0",
- "preact": "10.24.3",
- "preact-render-to-string": "6.5.11"
- },
- "peerDependencies": {
- "@simplewebauthn/browser": "^9.0.1",
- "@simplewebauthn/server": "^9.0.2",
- "nodemailer": "^7.0.7"
- },
- "peerDependenciesMeta": {
- "@simplewebauthn/browser": {
- "optional": true
- },
- "@simplewebauthn/server": {
- "optional": true
- },
- "nodemailer": {
- "optional": true
- }
- }
- },
- "node_modules/@auth/sveltekit/node_modules/jose": {
- "version": "6.2.1",
- "resolved": "https://registry.npmjs.org/jose/-/jose-6.2.1.tgz",
- "integrity": "sha512-jUaKr1yrbfaImV7R2TN/b3IcZzsw38/chqMpo2XJ7i2F8AfM/lA4G1goC3JVEwg0H7UldTmSt3P68nt31W7/mw==",
- "license": "MIT",
- "funding": {
- "url": "https://github.com/sponsors/panva"
- }
- },
- "node_modules/@auth/sveltekit/node_modules/oauth4webapi": {
- "version": "3.8.5",
- "resolved": "https://registry.npmjs.org/oauth4webapi/-/oauth4webapi-3.8.5.tgz",
- "integrity": "sha512-A8jmyUckVhRJj5lspguklcl90Ydqk61H3dcU0oLhH3Yv13KpAliKTt5hknpGGPZSSfOwGyraNEFmofDYH+1kSg==",
- "license": "MIT",
- "funding": {
- "url": "https://github.com/sponsors/panva"
- }
- },
- "node_modules/@auth/sveltekit/node_modules/preact": {
- "version": "10.24.3",
- "resolved": "https://registry.npmjs.org/preact/-/preact-10.24.3.tgz",
- "integrity": "sha512-Z2dPnBnMUfyQfSQ+GBdsGa16hz35YmLmtTLhM169uW944hYL6xzTYkJjC07j+Wosz733pMWx0fgON3JNw1jJQA==",
- "license": "MIT",
- "funding": {
- "type": "opencollective",
- "url": "https://opencollective.com/preact"
- }
- },
- "node_modules/@auth/sveltekit/node_modules/preact-render-to-string": {
- "version": "6.5.11",
- "resolved": "https://registry.npmjs.org/preact-render-to-string/-/preact-render-to-string-6.5.11.tgz",
- "integrity": "sha512-ubnauqoGczeGISiOh6RjX0/cdaF8v/oDXIjO85XALCQjwQP+SB4RDXXtvZ6yTYSjG+PC1QRP2AhPgCEsM2EvUw==",
- "license": "MIT",
- "peerDependencies": {
- "preact": ">=10"
- }
- },
"node_modules/@auth/sveltekit/node_modules/set-cookie-parser": {
"version": "2.7.2",
"resolved": "https://registry.npmjs.org/set-cookie-parser/-/set-cookie-parser-2.7.2.tgz",
@@ -2255,9 +2187,9 @@
}
},
"node_modules/jose": {
- "version": "5.10.0",
- "resolved": "https://registry.npmjs.org/jose/-/jose-5.10.0.tgz",
- "integrity": "sha512-s+3Al/p9g32Iq+oqXxkW//7jk2Vig6FF1CFqzVXoTUXt2qz89YWbL+OwS17NFYEvxC35n0FKeGO2LGYSxeM2Gg==",
+ "version": "6.2.1",
+ "resolved": "https://registry.npmjs.org/jose/-/jose-6.2.1.tgz",
+ "integrity": "sha512-jUaKr1yrbfaImV7R2TN/b3IcZzsw38/chqMpo2XJ7i2F8AfM/lA4G1goC3JVEwg0H7UldTmSt3P68nt31W7/mw==",
"license": "MIT",
"funding": {
"url": "https://github.com/sponsors/panva"
@@ -2613,9 +2545,9 @@
}
},
"node_modules/oauth4webapi": {
- "version": "2.17.0",
- "resolved": "https://registry.npmjs.org/oauth4webapi/-/oauth4webapi-2.17.0.tgz",
- "integrity": "sha512-lbC0Z7uzAFNFyzEYRIC+pkSVvDHJTbEW+dYlSBAlCYDe6RxUkJ26bClhk8ocBZip1wfI9uKTe0fm4Ib4RHn6uQ==",
+ "version": "3.8.5",
+ "resolved": "https://registry.npmjs.org/oauth4webapi/-/oauth4webapi-3.8.5.tgz",
+ "integrity": "sha512-A8jmyUckVhRJj5lspguklcl90Ydqk61H3dcU0oLhH3Yv13KpAliKTt5hknpGGPZSSfOwGyraNEFmofDYH+1kSg==",
"license": "MIT",
"funding": {
"url": "https://github.com/sponsors/panva"
@@ -2703,9 +2635,9 @@
}
},
"node_modules/preact": {
- "version": "10.11.3",
- "resolved": "https://registry.npmjs.org/preact/-/preact-10.11.3.tgz",
- "integrity": "sha512-eY93IVpod/zG3uMF22Unl8h9KkrcKIRs2EGar8hwLZZDU1lkjph303V9HZBwufh2s736U6VXuhD109LYqPoffg==",
+ "version": "10.24.3",
+ "resolved": "https://registry.npmjs.org/preact/-/preact-10.24.3.tgz",
+ "integrity": "sha512-Z2dPnBnMUfyQfSQ+GBdsGa16hz35YmLmtTLhM169uW944hYL6xzTYkJjC07j+Wosz733pMWx0fgON3JNw1jJQA==",
"license": "MIT",
"funding": {
"type": "opencollective",
@@ -2713,13 +2645,10 @@
}
},
"node_modules/preact-render-to-string": {
- "version": "5.2.3",
- "resolved": "https://registry.npmjs.org/preact-render-to-string/-/preact-render-to-string-5.2.3.tgz",
- "integrity": "sha512-aPDxUn5o3GhWdtJtW0svRC2SS/l8D9MAgo2+AWml+BhDImb27ALf04Q2d+AHqUUOc6RdSXFIBVa2gxzgMKgtZA==",
+ "version": "6.5.11",
+ "resolved": "https://registry.npmjs.org/preact-render-to-string/-/preact-render-to-string-6.5.11.tgz",
+ "integrity": "sha512-ubnauqoGczeGISiOh6RjX0/cdaF8v/oDXIjO85XALCQjwQP+SB4RDXXtvZ6yTYSjG+PC1QRP2AhPgCEsM2EvUw==",
"license": "MIT",
- "dependencies": {
- "pretty-format": "^3.8.0"
- },
"peerDependencies": {
"preact": ">=10"
}
@@ -2739,12 +2668,6 @@
"url": "https://github.com/prettier/prettier?sponsor=1"
}
},
- "node_modules/pretty-format": {
- "version": "3.8.0",
- "resolved": "https://registry.npmjs.org/pretty-format/-/pretty-format-3.8.0.tgz",
- "integrity": "sha512-WuxUnVtlWL1OfZFQFuqvnvs6MiAGk9UNsBostyBOB0Is9wb5uRESevA6rnl/rkksXaGX3GzZhPup5d6Vp1nFew==",
- "license": "MIT"
- },
"node_modules/prosemirror-changeset": {
"version": "2.4.0",
"resolved": "https://registry.npmjs.org/prosemirror-changeset/-/prosemirror-changeset-2.4.0.tgz",
diff --git a/frontend/package.json b/frontend/package.json
index b28926f..af0ff9d 100644
--- a/frontend/package.json
+++ b/frontend/package.json
@@ -23,7 +23,7 @@
"vite": "^7.3.1"
},
"dependencies": {
- "@auth/core": "^0.34.3",
+ "@auth/core": "^0.41.1",
"@auth/sveltekit": "^1.11.1",
"@tiptap/core": "^3.20.4",
"@tiptap/extension-image": "^3.20.4",
diff --git a/frontend/src/lib/spacetime/stores.svelte.ts b/frontend/src/lib/spacetime/stores.svelte.ts
index 4d3f26b..2602ab3 100644
--- a/frontend/src/lib/spacetime/stores.svelte.ts
+++ b/frontend/src/lib/spacetime/stores.svelte.ts
@@ -301,6 +301,17 @@ export function nodeVisibility(
// Explicit access via node_access
if (nodeAccessStore.hasAccess(userId, node.id)) return 'full';
+ // Inherited access: if this node belongs_to a node the user has access to
+ // (e.g. messages in a communication node)
+ for (const edge of edgeStore.bySource(node.id)) {
+ if (edge.edgeType === 'belongs_to') {
+ const parent = nodeStore.get(edge.targetId);
+ if (parent && (parent.createdBy === userId || nodeAccessStore.hasAccess(userId, parent.id))) {
+ return 'full';
+ }
+ }
+ }
+
// Public visibility
if (node.visibility === 'readable' || node.visibility === 'open') return 'full';
if (node.visibility === 'discoverable') return 'discoverable';
diff --git a/frontend/src/routes/claude/+page.server.ts b/frontend/src/routes/claude/+page.server.ts
new file mode 100644
index 0000000..1969d0a
--- /dev/null
+++ b/frontend/src/routes/claude/+page.server.ts
@@ -0,0 +1,6 @@
+import { redirect } from '@sveltejs/kit';
+import type { PageServerLoad } from './$types';
+
+export const load: PageServerLoad = async () => {
+ redirect(302, '/chat/e4eebc99-9c0b-4ef8-bb6d-6bb9bd380a55');
+};
diff --git a/frontend/src/routes/signin/+page.svelte b/frontend/src/routes/signin/+page.svelte
index 9b1bb42..ff178fe 100644
--- a/frontend/src/routes/signin/+page.svelte
+++ b/frontend/src/routes/signin/+page.svelte
@@ -1,18 +1,14 @@
-
-
Synops
Logg inn for å fortsette
-
+