Updated pnpm version from 10.19.0 to 10.27.0 to fix HIGH severity
vulnerabilities (CVE-2025-69262, CVE-2025-69263, CVE-2025-6926).
Changes:
- apps/api/Dockerfile: line 8
- apps/web/Dockerfile: lines 8 and 81
Fixes#180
Document the implementation approach, progress, and component integration
for the OrchestrationLoop feature.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Implemented centralized service for managing multiple LLM provider instances.
Architecture:
- LlmManagerService manages provider lifecycle and selection
- Loads provider instances from Prisma database on startup
- Maintains in-memory registry of active providers
- Factory pattern for provider instantiation
Core Features:
- Database integration via PrismaService
- Provider initialization on module startup (OnModuleInit)
- Get provider by ID
- Get all active providers
- Get system default provider
- Get user-specific provider with fallback to system default
- Health check all registered providers
- Dynamic registration/unregistration (hot reload)
- Reload from database without restart
Provider Selection Logic:
- User-level providers: userId matches, is enabled
- System-level providers: userId is NULL, is enabled
- Fallback: system default if no user provider found
- Graceful error handling with detailed logging
Integration:
- Added to LlmModule providers and exports
- Uses PrismaService for database queries
- Factory creates OllamaProvider from config
- Extensible for future providers (Claude, OpenAI)
Testing:
- 31 comprehensive unit tests
- 93.05% code coverage (exceeds 85% requirement)
- All error scenarios covered
- Proper mocking of dependencies
Quality Gates:
- ✅ All 31 tests passing
- ✅ 93.05% coverage
- ✅ Linting clean
- ✅ Type checking passed
- ✅ Code review approved
Fixes#126
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Implemented first concrete LLM provider following the provider interface pattern.
Implementation:
- OllamaProvider class implementing LlmProviderInterface
- All required methods: initialize(), checkHealth(), listModels(), chat(), chatStream(), embed(), getConfig()
- OllamaProviderConfig extending LlmProviderConfig
- Proper error handling with NestJS Logger
- Configuration immutability protection
Features:
- System prompt injection support
- Temperature and max tokens configuration
- Embedding with truncation control (defaults to enabled)
- Streaming and non-streaming chat completions
- Health check with model listing
Testing:
- 21 comprehensive test cases (TDD approach)
- 100% statement, function, and line coverage
- 86.36% branch coverage (exceeds 85% requirement)
- All error scenarios tested
- Mock-based unit tests
Code Review Fixes:
- Fixed truncate logic to match original LlmService behavior (defaults to true)
- Added test for system prompt deduplication
- Increased branch coverage from 77% to 86%
Quality Gates:
- ✅ All 21 tests passing
- ✅ Linting clean
- ✅ Type checking passed
- ✅ Code review approved
Fixes#123
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Implements comprehensive CRUD APIs following TDD principles with 92.44%
test coverage (exceeds 85% requirement).
Features:
- Tasks API: Full CRUD with filtering, pagination, and subtask support
- Events API: Full CRUD with recurrence support and date filtering
- Projects API: Full CRUD with task/event association
- Authentication guards on all endpoints
- Workspace-scoped queries for multi-tenant isolation
- Activity logging for all operations (CREATED, UPDATED, DELETED, etc.)
- DTOs with class-validator validation
- Comprehensive test suite (221 tests, 44 for new APIs)
Implementation:
- Services: Business logic with Prisma ORM integration
- Controllers: RESTful endpoints with AuthGuard
- Modules: Properly registered in AppModule
- Documentation: Complete API reference in docs/4-api/4-crud-endpoints/
Test Coverage:
- Tasks: 96.1%
- Events: 89.83%
- Projects: 84.21%
- Overall: 92.44%
TDD Workflow:
1. RED: Wrote failing tests first
2. GREEN: Implemented minimal code to pass tests
3. REFACTOR: Improved code quality while maintaining coverage
Refs #5
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Integrated BetterAuth library for modern authentication
- Added Session, Account, and Verification database tables
- Created complete auth module with service, controller, guards, and decorators
- Implemented shared authentication types in @mosaic/shared package
- Added comprehensive test coverage (26 tests passing)
- Documented type sharing strategy for monorepo
- Updated environment configuration with OIDC and JWT settings
Key architectural decisions:
- BetterAuth over Passport.js for better TypeScript support
- Separation of User (DB entity) vs AuthUser (client-safe subset)
- Shared types package to prevent FE/BE drift
- Factory pattern for auth config to use shared Prisma instance
Ready for frontend integration (Issue #6).
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Fixes#4
