diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..ab93c0b --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,54 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +We as members, contributors, and leaders pledge to make participation in our +community a harassment-free experience for everyone, regardless of age, body +size, visible or invisible disability, ethnicity, sex characteristics, gender +identity and expression, level of experience, education, socio-economic status, +nationality, personal appearance, race, caste, color, religion, or sexual +identity and orientation. + +We pledge to act and interact in ways that contribute to an open, welcoming, +diverse, inclusive, and healthy community. + +## Our Standards + +Examples of behavior that contributes to a positive environment: + +* Demonstrating empathy and kindness toward other people +* Being respectful of differing opinions, viewpoints, and experiences +* Giving and gracefully accepting constructive feedback +* Accepting responsibility and apologizing to those affected by our mistakes +* Focusing on what is best not just for us as individuals, but for the overall community + +Examples of unacceptable behavior: + +* The use of sexualized language or imagery, and sexual attention or advances of any kind +* Trolling, insulting or derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information without their explicit permission +* Other conduct which could reasonably be considered inappropriate in a professional setting + +## Enforcement Responsibilities + +Community leaders are responsible for clarifying and enforcing our standards of +acceptable behavior and will take appropriate and fair corrective action in +response to any behavior that they deem inappropriate, threatening, offensive, +or harmful. + +## Scope + +This Code of Conduct applies within all community spaces, and also applies when +an individual is officially representing the community in public spaces. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be +reported to the community leaders responsible for enforcement. All complaints +will be reviewed and investigated promptly and fairly. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant](https://www.contributor-covenant.org), +version 2.1, available at https://www.contributor-covenant.org/version/2/1/code_of_conduct.html. diff --git a/README.md b/README.md index c1a5791..b07fa69 100644 --- a/README.md +++ b/README.md @@ -72,7 +72,7 @@ docker compose up -d --build docker compose exec oikos node setup.js ``` -Then open `http://localhost:3000` and log in. Add family members from Settings. +Then open `http://localhost:3000` and log in with the admin credentials you set in the previous step. Add family members from Settings. > **New to Docker?** The **[Installation Guide](docs/installation.md)** walks you through every step: From installing Docker to HTTPS setup, backups, and troubleshooting. diff --git a/docs/claude-md-migration.md b/docs/claude-md-migration.md deleted file mode 100644 index 2f56b59..0000000 --- a/docs/claude-md-migration.md +++ /dev/null @@ -1,48 +0,0 @@ -# CLAUDE.md Migration Summary - -## Result - -| | Lines | -|---|---| -| Before | 82 | -| After | 50 | -| Reduction | -39% (-32 lines) | - -## What was removed and why - -| Removed | Reason | -|---|---| -| `## Quick Reference` commands block (6 lines) | `npm start`, `npm run dev`, `npm test` are all in `package.json scripts`. Claude reads `package.json` on demand. `docker compose up -d` is a deployment detail, not a development constraint. | -| "These are non-negotiable. Every violation is a bug." intro | Moved to tighter one-liner before the list. | -| Full directory tree (21 lines) | Claude navigates the filesystem directly. Listing every file adds no behavioral value. Only non-obvious locations were kept. | -| "Pages are ES modules" standalone paragraph | Merged into Conventions. | -| Semicolons | Inferrable from reading any source file. | -| Header comment convention | Already documented in `CONTRIBUTING.md`. | -| DB table column pattern (`id`, `created_at`, `updated_at`) | Already in `CONTRIBUTING.md`. | -| Commit format and Changelog instructions (2 lines) | Already in `CONTRIBUTING.md`. Claude can read it when committing. | -| `## Current State` paragraph | Describes finished features - zero behavioral value. Becomes stale immediately. | -| "When to consult" column from Reference table | Padding. Claude decides when to read reference docs based on task context. | - -## What moved to rules files - -None. The remaining content is either universal (applies to every file) or a short pointer. No subsystem-specific rules justify a separate file at this project size. - -## What was kept and why - -| Kept | Why | -|---|---| -| All 8 Hard Constraints | Each prevents a class of wrong code that Claude would otherwise produce. The no-frameworks rule in particular would be violated without an explicit reminder. | -| API response shape `{data}` / `{error, code}` | Not inferrable without reading multiple route files. Applies to every new route. | -| `formatDate()`/`formatTime()` | Without this, Claude formats dates manually (e.g. `new Date().toLocaleDateString()`), producing inconsistent output. | -| `pages/*.js` → `render()`, no side effects | Structural contract not obvious from reading one page file. | -| `oikos-` prefix | Web Component naming convention. | -| Non-obvious file locations (`i18n.js`, `api.js`, `router.js`) | These live at `public/` root, not in a subdirectory. Easy to miss when navigating. | -| Request flow one-liner | Architectural orientation for new tasks. | -| Reference table (trimmed) | On-demand pointers replace inline content for spec details. | - -## Token delta estimate - -At ~4 chars/token average for this content: -- Before: ~1,800 tokens loaded every session -- After: ~1,100 tokens loaded every session -- Savings: ~700 tokens per session diff --git a/server/auth.js b/server/auth.js index 520e56b..e2edbe7 100644 --- a/server/auth.js +++ b/server/auth.js @@ -93,10 +93,10 @@ const sessionStore = new BetterSQLiteStore(); */ if (!process.env.SESSION_SECRET) { if (process.env.NODE_ENV === 'production') { - throw new Error('[Auth] SESSION_SECRET muss in der .env gesetzt sein (Produktion).'); + throw new Error('[Auth] SESSION_SECRET must be set in .env (production).'); } process.env.SESSION_SECRET = randomBytes(32).toString('hex'); - log.warn('SESSION_SECRET nicht gesetzt - zufaelliges Einmal-Secret generiert (Sessions ueberleben keinen Neustart).'); + log.warn('SESSION_SECRET not set - generated ephemeral random secret (sessions will not survive restarts).'); } const sessionMiddleware = session({