- Connect MiniPlayer play/pause buttons to audioService
- Improve audio context management with fallback creation
- Fix state synchronization with interval-based readiness checks
- Add error handling and user feedback for playback issues
- Enhance mobile browser support with better audio context handling
Fixes playback issues in SongView where controls were not working and
state synchronization between UI and player was unreliable.
- Center media control buttons horizontally
- Remove tempo button (playspeed always 1x)
- Display time above button group for better UX
- Clean up unused SpeedSelector component
- Removed 'Up next in Session' queue section to declutter mobile view
- Added responsive layout that stacks waveform and comments vertically on mobile
- Centered comment panel on mobile with max-width constraint
- Removed unused queueSongs variable
Generated by Mistral Vibe.
Co-Authored-By: Mistral Vibe <vibe@mistral.ai>
The Player icon was removed from the BottomNavBar component since
player functionality stops when switching screens, making the navigation
item non-functional and confusing for users.
Changes:
- Removed IconPlay component
- Removed Player NavItem from BottomNavBar
- Removed isPlayer state calculation
- Updated component to only show Library, Members, and Settings icons
This improves UX by removing a non-functional navigation option.
This commit implements a comprehensive mobile menu solution that:
1. **Mobile Menu Components**:
- Created TopBar.tsx with circular band switcher (mobile only)
- Enhanced BottomNavBar.tsx with band-context-aware navigation
- Updated ResponsiveLayout.tsx to integrate TopBar for mobile views
2. **Band Context Preservation**:
- Fixed black screen issue by preserving band context via React Router state
- Implemented dual context detection (URL params + location state)
- Added graceful fallback handling for missing context
3. **Visual Improvements**:
- Changed band display from square+text to perfect circle with initials only
- Updated dropdown items to use consistent circular format
- Improved mobile space utilization
4. **Debugging & Testing**:
- Added comprehensive debug logging for issue tracking
- Created test plans and documentation
- Ensured all static checks pass (TypeScript + ESLint)
5. **Shared Utilities**:
- Created utils.ts with shared getInitials() function
- Reduced code duplication across components
Key Features:
- Mobile (<768px): TopBar + BottomNavBar + Main Content
- Desktop (≥768px): Sidebar (unchanged)
- Band context preserved across all mobile navigation
- Graceful error handling and fallbacks
- Comprehensive debug logging (can be removed in production)
Files Changed:
- web/src/utils.ts (new)
- web/src/components/TopBar.tsx (new)
- web/src/components/BottomNavBar.tsx (modified)
- web/src/components/ResponsiveLayout.tsx (modified)
- web/src/components/Sidebar.tsx (modified)
Documentation Added:
- implementation_summary.md
- refinement_summary.md
- black_screen_fix_summary.md
- test_plan_mobile_menu_fix.md
- test_plan_refinement.md
- testing_guide.md
- black_screen_debug.md
Resolves:
- Mobile menu band context loss
- Black screen on Library navigation
- Inconsistent band display format
- Missing mobile band switching capability
Breaking Changes: None
Backward Compatibility: Fully maintained
Generated by Mistral Vibe.
Co-Authored-By: Mistral Vibe <vibe@mistral.ai>
- New split layout: waveform/transport/queue left, comment panel right
- Avatar pins above waveform positioned by timestamp with hover tooltips
- Transport bar: speed selector, ±30s skip, 46px amber play/pause, volume
- Comment compose: live timestamp pill, suggestion/issue/keeper tag buttons
- Comment list: per-author colour avatars, amber timestamp seek chips,
playhead-proximity highlight, delete only shown on own comments
- Queue panel showing other songs in the same session
- Waveform colours updated to amber/dim palette (104px height)
- Add GET /songs/{song_id} endpoint for song metadata
- Add tag field to SongComment (model, schema, router, migration 0005)
- Fix migration 0005 down_revision to use short ID "0004"
- Fix ESLint no-unused-expressions in keyboard shortcut handler
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
uv run spawns uvicorn, which uses multiprocessing.spawn for hot reload.
The spawned subprocess starts a fresh Python interpreter that bypasses
uv's venv activation — so it never sees the venv's packages.
Fix: use a standalone python:3.12-slim dev stage with pip install -e .
directly into the system Python. No venv means the spawn subprocess uses
the same interpreter with the same packages. The editable install creates
a .pth file pointing to /app/src, so the mounted host source is live.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
uvicorn's path check for --reload-dir fails in Podman rootless even
though uv sync can read the same path. Drop the flag — the editable
install already points uvicorn's watcher at /app/src implicitly.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
API:
- Add python symlink (python3-slim has no bare 'python') so uv doesn't
invalidate the baked venv on every container start
- Copy src/ before uv sync so hatchling installs rehearsalhub as a
proper editable install (.pth pointing to /app/src) — previously
sync ran with no source present, producing a broken empty wheel
- Remove ENV PYTHONPATH workaround (no longer needed with correct install)
- Add --reload-dir /app/src to scope uvicorn's file watcher to the
mounted source directory
Web:
- Add COPY . . after npm install so index.html and vite.config.ts are
baked into the image — without them Vite ignored port config and fell
back to 5173 with no entry point
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
API: bake ENV PYTHONPATH=/app/src into the development Dockerfile stage
so it's available to uvicorn's WatchFiles reloader subprocess — relying
on compose env vars isn't reliable across process forks.
Web: replace ./web:/app bind mount (caused EACCES in Podman rootless due
to UID mismatch) with ./web/src:/app/src — this preserves the container's
package.json and node_modules while still giving Vite live access to
source files for HMR.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
uv sync runs before the source is present in the image, so the local
package install is broken. Set PYTHONPATH=/app/src so Python finds
rehearsalhub directly from the mounted source volume — same approach
the worker Dockerfile already uses.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- web/Dockerfile: add `development` stage that installs deps and runs
`vite dev --host 0.0.0.0`; source is mounted at runtime so edits
reflect immediately without rebuilding the image
- web/vite.config.ts: read proxy target from API_URL env var
(falls back to localhost:8000 for outside-compose usage)
- docker-compose.dev.yml: lightweight compose for development
- api uses existing `development` target (uvicorn --reload)
- web uses new `development` target with ./web mounted as volume
and an anonymous volume to preserve container node_modules
- worker and nc-watcher omitted (not needed for UI work)
- separate pg_data_dev volume keeps dev DB isolated from prod
Usage:
podman-compose -f docker-compose.dev.yml up --build
Frontend hot-reloads at http://localhost:3000
API auto-reloads at http://localhost:8000
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Library view redesigned to match mockup: unified view with search
input, filter pills, date-group headers, and recording-row style
- Mini waveform bars moved to SessionPage individual recording rows
- Play buttons removed from Library session rows
- Fixed Invalid Date for API datetime strings (slice to date part)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Play buttons don't make sense at the session level since sessions
group multiple recordings. Removed from both session rows and
unattributed song rows.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The API returns dates as "2024-12-11T00:00:00" (datetime, no timezone),
not bare "2024-12-11". Appending T12:00:00 directly produced an invalid
string. Use .slice(0, 10) to extract the date part first before parsing.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Replace band-name header + tab structure (By Date / Search) with a
unified Library view: title, inline search input, filter pills
(All / instrument / Commented), and date-group headers
- Session rows now use the recording-row card style (play circle,
mono filename, recording count)
- Move mini waveform bars from session list to individual recording
rows in SessionPage, where they correspond to a single track
- Fix Invalid Date by appending T12:00:00 when parsing date-only
ISO strings in both BandPage and SessionPage
- Update tests: drop tab assertions (TC-07), add Library heading
(TC-08) and filter pill (TC-09) checks, update upload button label
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add BandSettingsPage (/bands/:id/settings/:panel) with Members,
Storage, and Band Settings panels matching the mockup design
- Strip members list, invite controls, and NC folder config from
BandPage — library view now focuses purely on recordings workflow
- Add band-scoped nav section to AppShell sidebar (Members, Storage,
Band Settings) with correct per-panel active states
- Fix amAdmin bug: was checking if any member is admin; now correctly
checks if the current user holds the admin role
- Add 31 vitest tests covering BandPage cleanliness, routing, access
control (admin vs member), and per-panel mutation behaviour
- Add test:web, test:api:unit, test:feature (post-feature pipeline),
and ci tasks to Taskfile; frontend tests run via podman node:20-alpine
- Add README with architecture overview, setup guide, and test docs
- Add @testing-library/dom and @testing-library/jest-dom to package.json
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Invited members have no Nextcloud credentials of their own — stream and
waveform endpoints now use the file uploader's NC credentials instead of
the current member's. Falls back to the current member if uploaded_by is
null.
The invite listing/info endpoints were comparing timezone-aware
expires_at values against naive datetime.now(), causing a TypeError (500).
Fixed by using datetime.now(timezone.utc) throughout bands.py and
invites.py.
Also removes leftover debug logging from versions.py.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Added import for BandRepository in stream_version function
- Import at function level to avoid circular import issues
- Now debug logging will work correctly
Generated by Mistral Vibe.
Co-Authored-By: Mistral Vibe <vibe@mistral.ai>
- Fixed undefined 'song' and 'role' variables in stream_version
- Now properly gets song and role from _get_version_and_assert_band_membership
- Debug logging will now work correctly
Generated by Mistral Vibe.
Co-Authored-By: Mistral Vibe <vibe@mistral.ai>
- bands.py: Change permission from admin-only to member-only
- Line 33: Changed 'role != "admin"' to 'role is None'
- Now regular band members can list invites
- versions.py: Add debug logging for audio stream access
- Added logging to track user access and membership status
- Helps diagnose why users get 403 on /versions/{id}/stream
These changes should resolve:
- 403 on /bands/{id}/invites (invited users)
- 403 on /versions/{id}/stream (audio playback)
Generated by Mistral Vibe.
Co-Authored-By: Mistral Vibe <vibe@mistral.ai>
- Identified root cause: list_invites endpoint requires admin role
- Should allow regular members to see invites
- Found bug in bands.py line 33
- Includes recommended fixes and action plan
Generated by Mistral Vibe.
Co-Authored-By: Mistral Vibe <vibe@mistral.ai>
- Complete summary of band invitation system implementation
- Captures all phases: analysis, backend, frontend, testing
- Documents technical decisions, file changes, and current state
- Includes unresolved issues and next steps
Generated by Mistral Vibe.
Co-Authored-By: Mistral Vibe <vibe@mistral.ai>
Components created:
- InviteManagement.tsx: List pending invites, revoke functionality, copy links
- UserSearch.tsx: Search users to invite, role selection
- web/src/api/invites.ts: API wrappers for new endpoints
- web/src/types/invites.ts: TypeScript interfaces
UI enhancements:
- BandPage.tsx: Integrated new components, admin-only sections
- Members section now includes invite management for admins
- Search component for finding users to invite
Features:
- Admin can list, view, and revoke pending invites
- Copy invite links to clipboard
- Search existing users to invite (excluding current members)
- Real-time invite status (pending/expired/used)
Generated by Mistral Vibe.
Co-Authored-By: Mistral Vibe <vibe@mistral.ai>
- Summary of all changes made
- Syntax verification results
- Test coverage details
- API endpoint documentation
- Security considerations
- Metrics and checklist
Generated by Mistral Vibe.
Co-Authored-By: Mistral Vibe <vibe@mistral.ai>
Implements core invite management features for band admins:
- GET /bands/{band_id}/invites - List all invites for a band (admin only)
- DELETE /invites/{invite_id} - Revoke pending invite (admin only)
- GET /invites/{token}/info - Get invite details (public)
Backend changes:
- Add invites router with 3 endpoints
- Update BandRepository with get_invites_for_band and get_invite_by_id methods
- Add new schemas for invite listing and info
- Register invites router in main.py
Tests:
- Integration tests for all 3 endpoints
- Permission tests (admin vs non-admin)
- Edge cases (not found, expired, etc.)
This addresses the core requirements:
- Admins can see pending invites
- Admins can revoke pending invites
- Users can view invite details before accepting
Generated by Mistral Vibe.
Co-Authored-By: Mistral Vibe <vibe@mistral.ai>
- Deep dive into existing band invitation implementation
- Identified gaps in current system (invite listing, revocation, user search)
- Created detailed architecture analysis and design options
- Documented comprehensive implementation plan with phases
- Includes backend endpoints, frontend components, and testing strategy
Generated by Mistral Vibe.
Co-Authored-By: Mistral Vibe <vibe@mistral.ai>
UI:
- Add persistent sidebar (210px) with band switcher dropdown, Library/Player/Settings nav, user avatar row, and sign-out button
- Align design system CSS vars to CLAUDE.md spec (#0f0f12 bg, #e8a22a amber accent, rgba borders/text)
- Remove light mode toggle (no light mode in v1)
- Homepage auto-redirects to first band; shows create-band form only when no bands exist
- Strip full-page wrappers from all pages (shell owns layout)
- Remove debug console.log statements from SongPage
Bug fixes:
- nginx: trailing slash on `location ^~ /api/v1/bands/` caused 301 redirect on POST, dropping the request body — removed trailing slash
- API: _member_from_request (used by nc-scan stream) only accepted Bearer token, not httpOnly cookie — add rh_token cookie fallback
- API: internal_secret config field now has a dev default so the service starts without INTERNAL_SECRET env var set
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Added INTERNAL_SECRET environment variable to the api service in docker-compose.yml.
This fixes the pydantic validation error that was causing the API to fail to start.
The INTERNAL_SECRET is required for internal service-to-service communication
(nc-watcher → API) and was missing from the container environment.
Auth / token storage:
- JWT is now set as an httpOnly Secure SameSite=Lax cookie on login
- Add POST /auth/logout endpoint that clears the cookie
- get_current_member falls back to rh_token cookie when no Authorization header
- WebSocket auth now accepts cookie (rh_token) or optional ?token= query param
- Frontend removes all localStorage JWT access; uses credentials:"include" on
every fetch so the httpOnly cookie is sent automatically
- Replace clearToken() with logout() that calls the server logout endpoint
- Non-sensitive rh_session flag in localStorage used only for client-side routing
Rate limiting:
- Add slowapi>=0.1.9 dependency
- /auth/login limited to 10 req/min per IP
- /auth/register limited to 5 req/min per IP
Nginx security headers:
- Add X-Frame-Options, X-Content-Type-Options, Referrer-Policy,
X-XSS-Protection, Permissions-Policy to all responses
SSE error leakage:
- songs.py nc-scan/stream no longer leaks str(exc) to clients
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Frontend (SettingsPage):
- Sync avatarUrl state via useEffect when me.avatar_url changes after
background refetch, so profile section never shows stale avatar
- Invalidate ["comments"] after upload/generate/remove so SongPage
comment avatars update immediately instead of waiting for staleTime
- Fix Remove button: was sending avatar_url: undefined which JSON.stringify
drops entirely, so the server never cleared it; now sends ""
nginx:
- Change /api/ and /ws/ locations to use ^~ prefix so the static-asset
regex rule (~* \.(png|svg|ico)$) cannot intercept API paths; PNG/SVG
avatar uploads were returning 404 from nginx in production
- Merge nc-scan 300s timeout into ^~ /api/v1/bands/ block
- Add client_max_body_size 10m (default 1MB was silently rejecting
uploads before they reached FastAPI)
Dev tooling:
- Add docker-compose.dev.yml for hot-reload development workflow
- Add Taskfile.yml with dev, test, lint, migrate, and shell tasks
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
