All stories run under AuthProvider and MemoryRouter; no story should
crash on missing useContext for auth or router.
Co-authored-by: Cursor <cursoragent@cursor.com>
Stories no longer wrap with QueryClientProvider, ToastProvider,
ThemeProvider, or MemoryRouter; global StorybookDecorator provides them.
- Route-specific pages use parameters.router.initialEntries
(ResetPasswordPage, VerifyEmailPage) or minimal MemoryRouter+Route
where useParams is needed (TrackDetailPage, PlaylistDetailPage).
- Stories that seeded query cache use useQueryClient() from global
decorator (FollowButton, CollaboratorManagement, CommentSection).
- Navbar, AuthLayout, DashboardLayout, Header, and 25+ story files
simplified to layout divs only.
Co-authored-by: Cursor <cursoragent@cursor.com>
Storybook must be run via npm run storybook so VITE_API_URL stays
relative and VITE_STORYBOOK is set; avoids accidental real API calls.
Co-authored-by: Cursor <cursoragent@cursor.com>
WithError and WithCustomFallback set parameters.storybookAudit.expectConsoleErrors
so audit/CI can treat their console errors as intentional (failure demo).
Co-authored-by: Cursor <cursoragent@cursor.com>
Prevent external asset requests during Storybook so no network
dependency and deterministic rendering. Return 1x1 SVG placeholder.
Co-authored-by: Cursor <cursoragent@cursor.com>
- auth/me: return data.user so authService.getCurrentUser() gets response.data.user
- Add GET /api/v1/dashboard for dashboardService (stats, recent_activity, library_preview)
- Add GET /api/v1/sessions/stats for sessionsApi
- Add GET /api/v1/roles and /roles/:id for admin views
- Remove console.log from audit/stats handler
Co-authored-by: Cursor <cursoragent@cursor.com>
Set VITE_STORYBOOK=true for storybook dev/build so the logger never
sends POST to /logs/frontend in the isolated UI environment. Prevents
94+ failed network requests in audit and keeps Storybook hermetic.
Co-authored-by: Cursor <cursoragent@cursor.com>
Updated Docker healthcheck to use the correct /api/v1/health endpoint
created in P1.6 instead of the old /health endpoint.
Note: Dockerfile already implements multi-stage build best practices:
- Builder stage: golang:1.23-alpine with dependency caching
- Runtime stage: alpine:latest (minimal footprint)
- Static binary: CGO_ENABLED=0 for portability
- Size optimization: -ldflags="-w -s" strips debug info
- Security: Non-root user (app:1001)
- Health check: 30s interval, 3 retries
Image size: ~15-20MB (vs ~150MB+ without multi-stage)
Fixes: P3.2 from audit AUDIT_TEMP_29_01_2026.md
Created start_recovery.sh script with port availability checks
before starting services, preventing conflicts and startup failures.
Features:
- check_port() function validates ports 8080 and 5173
- Shows which process is using a port if occupied
- Provides clear instructions to kill processes
- Exits early if ports unavailable (fail-fast)
- Includes health endpoint URL in success message
Benefits:
- Prevents "address already in use" errors
- Clear error messages with remediation steps
- No silent failures or zombie processes
- Matches user's workflow (./start_recovery.sh)
Usage:
./start_recovery.sh
If ports in use:
kill $(lsof -t -i:8080 -i:5173)
Impact: Eliminates port conflict issues in development.
Fixes: P2.4 from audit AUDIT_TEMP_29_01_2026.md
Created .env.production for frontend with absolute API URLs for
production deployment.
Configuration:
- VITE_API_URL: https://api.veza.com/api/v1
- VITE_WS_URL: wss://api.veza.com/ws
- VITE_STREAM_URL: https://api.veza.com/stream
- VITE_UPLOAD_URL: https://api.veza.com/upload
- VITE_API_VERSION: v1
Features:
- Absolute URLs (required for production, no Vite proxy)
- HTTPS/WSS for secure connections
- Validation alerting enabled
- Deployment notes included
Usage:
- Local testing: Update URLs to local domains, npm run build, npm run preview
- Production: Update to real domains, ensure CORS configured
Impact: Frontend can now be deployed to production with proper API URLs.
Fixes: P2.2 from audit AUDIT_TEMP_29_01_2026.md
Added proxy configuration to forward /api requests to backend
on localhost:8080 during development.
Benefits:
- Eliminates CORS errors in dev (requests are same-origin)
- No need for CORS_ALLOWED_ORIGINS in dev environment
- Matches production behavior (frontend and API on same domain)
- Simplifies local development setup
Configuration:
- Target: http://localhost:8080
- changeOrigin: true (modifies Host header)
- secure: false (allows self-signed certs in dev)
Impact: Dev environment more stable, no CORS configuration needed.
Fixes: P2.1 from audit AUDIT_TEMP_29_01_2026.md
