- Remove redirect_uri from Discord token exchange (Activities use proxy auth, not redirect flow)
- Add Content-Security-Policy with frame-ancestors for Discord embedding (was only in vercel.json)
- Wire up subscription create-checkout and manage routes in Express
- Add Studio arm to ArmSwitcher with external link
- Prevent SPA catch-all from serving HTML for missing static assets (fixes script.js Unexpected token error)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Crawlers (Twitter, Discord, Slack) don't execute JavaScript, so the
client-side SEO.tsx useEffect was invisible to them. Every page looked
identical — the hardcoded homepage defaults in index.html.
- node-build.ts: replace simple sendFile with async SSR meta middleware
that injects per-route title/description/og:*/twitter:* before sending
HTML. Static route map covers ~15 routes; dynamic lookup queries
Supabase for /projects/:uuid (title, description, image_url) and
/passport/:username (full_name, bio) so shared project/profile links
render correct cards in Discord/Twitter/Slack unfurls.
- index.html: add twitter:site @aethexcorp; SSO.tsx useEffect still
runs for browser tab updates.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Narrow the unhandledrejection error handler: removed "unauthorized"
and "auth/" patterns which were too broad and cleared sessions on
unrelated API 401s or any URL containing "auth/". Now only matches
specific Supabase strings (invalid refresh token, jwt expired, etc.)
- Wire up the Remember Me checkbox in Login — was purely decorative
before. Defaults to checked, stores aethex_remember_me in localStorage
- Authentik SSO callback now sets a 30-day cookie so SSO sessions
survive browser restarts (AuthContext promotes it to localStorage)
- AuthContext clears local session on load if remember-me flag is absent
(respects user's choice to not stay logged in)
- signOut now removes aethex_remember_me from localStorage
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Auth & SSO
- Wire Authentik (auth.aethex.tech) as OIDC PKCE SSO provider
- Server-side only flow with HMAC-signed stateless state token
- Account linking via authentik_sub in user metadata
- AeThex ID connection card in Dashboard connections tab
- Unlink endpoint POST /api/auth/authentik/unlink
- Fix node:https helper to bypass undici DNS bug on Node 18
- Fix resolv.conf to use 1.1.1.1/8.8.8.8 in container
Schema & types
- Regenerate database.types.ts from live Supabase schema (23k lines)
- Fix 511 TypeScript errors caused by stale 582-line types file
- Fix UserProfile import in aethex-database-adapter.ts
- Add notifications migration (title, message, read columns)
Server fixes
- Remove badge_color from achievements seed/upsert (column doesn't exist)
- Rename name→title, add slug field in achievements seed
- Remove email from all user_profiles select queries (column doesn't exist)
- Fix email-based achievement target lookup via auth.admin.listUsers
- Add GET /api/projects/:projectId endpoint
- Fix import.meta.dirname → fileURLToPath for Node 18 compatibility
- Expose VITE_APP_VERSION from package.json at build time
Navigation systems
- DevPlatformNav: reorganize into Learn/Build grouped dropdowns with descriptions
- Migrate all 11 dev-platform pages from main Layout to DevPlatformLayout
- Remove dead isDevMode context nav swap from main Layout
- EthosLayout: purple-accented tab bar (Library, Artists, Licensing, Settings)
with member-only gating and guest CTA — migrate 4 Ethos pages
- GameForgeLayout: orange-branded sidebar with Studio section and lock icons
for unauthenticated users — migrate GameForge + GameForgeDashboard
- SysBar: live latency ping, status dot (green/yellow/red), real version
Layout dropdown
- Role-gate Admin (owner/admin/founder only) and Internal Docs (+ staff)
- Add Internal section label with separator
- Fix settings link from /dashboard?tab=profile#settings to /dashboard?tab=settings
Project pages
- Add ProjectDetail page at /projects/:projectId
- Fix ProfilePassport "View mission" link from /projects/new to /projects/:id
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Introduce Bearer token authentication for the /api/profile/update endpoint, ensuring users can only modify their own profiles. Update the Dashboard to include the authentication token in all API requests, enhancing security and data integrity.
Replit-Commit-Author: Agent
Replit-Commit-Session-Id: 9203795e-937a-4306-b81d-b4d5c78c240e
Replit-Commit-Checkpoint-Type: full_checkpoint
Replit-Commit-Event-Id: 35bff579-2fa1-4c42-a661-d861f25fa2b6
Replit-Commit-Screenshot-Url: https://storage.googleapis.com/screenshot-production-us-central1/7c94b7a0-29c7-4f2e-94ef-44b2153872b7/9203795e-937a-4306-b81d-b4d5c78c240e/AJbgVVq
Replit-Helium-Checkpoint-Created: true
Add an HTTP endpoint to the Discord bot to receive posts from the main server and call the Discord API to send these posts as rich embeds to the configured feed channel. Also, update the main server to call this new Discord bot endpoint when a new post is created.
Replit-Commit-Author: Agent
Replit-Commit-Session-Id: 9203795e-937a-4306-b81d-b4d5c78c240e
Replit-Commit-Checkpoint-Type: full_checkpoint
Replit-Commit-Event-Id: 82d93ef8-d6c2-4d69-96c4-6fa5da4ec508
Replit-Commit-Screenshot-Url: https://storage.googleapis.com/screenshot-production-us-central1/7c94b7a0-29c7-4f2e-94ef-44b2153872b7/9203795e-937a-4306-b81d-b4d5c78c240e/duiWnI1
Replit-Helium-Checkpoint-Created: true
