1. Click-to-open slide-out detail panel with full task info
2. Client-side sorting (number, priority, status, updated) with localStorage
3. Toggleable filter chips for status and priority
4. Saved filter presets (Launch Fires, Code Queue, Post-Launch, All Open)
5. Kanban board view with 4 columns (Open, In Progress, Blocked, Done)
6. Session summary badge showing tasks completed today
7. Code queue badge in sidebar nav (cyan count from tags)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Adds manifest.json, sw.js (static-only caching, never admin routes),
placeholder cyan T icons (192 + 512), express.static middleware, and
PWA meta tags + service worker registration in layout.ejs.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- New route: /admin/node-health (30s auto-refresh)
- Temps via lm-sensors (k10temp + NVMe) displayed in both °C and °F
- RAM and disk progress bars with color thresholds
- Load averages, CPU %, uptime per node
- Nav item added under Operations
- lm-sensors installed on NC1 and TX1
Task #28 | Chronicler #88
Week-at-a-glance post planning for Meg across 8 platforms (tiktok,
facebook, instagram, x, bluesky, youtube, twitch, reddit).
- DB: extends social_platform enum with youtube/twitch/reddit and adds
new social_post_plans table with scheduled_at, platforms[], status
(draft/ready/scheduled/published/skipped), caption, hashtags[],
media_notes, link, assigned_to, notes, created_by
- src/routes/admin/social-calendar.js: shell, HTMX week view, create,
update, delete, edit/new form endpoints. Week-based navigation with
prev/next/this-week. Hashtag parsing dedupes and strips leading #
- src/views/admin/social-calendar/: index.ejs shell with modal,
_week.ejs 7-column grid with per-day quick-add, _form.ejs full CRUD
form with platform checkboxes, datetime picker, status dropdown,
both free-form caption and dedicated hashtag field
- Nav link added under Community, with corrected highlight logic so
/admin/social and /admin/social-calendar don't both light up
Separate table from social_posts (which remains the analytics table).
Plans and published posts are distinct concerns.
Chronicler #81
Adds /admin/appeals to Trinity Console for reviewing and actioning
ban appeals submitted via the public cancellation-refund form.
- src/routes/admin/appeals.js: shell + HTMX list + approve/deny/info
actions, all transactional with admin_audit_log entries
- src/views/admin/appeals/index.ejs: shell with 30s polling container
- src/views/admin/appeals/_list.ejs: stats cards + actionable table
- src/routes/admin/index.js: router mount at /admin/appeals
- src/views/layout.ejs: nav link under Grace Period
Closes the last open piece of Task #126 Phase 2. Trinity can now
review appeals in-console without reading Discord + running SQL.
Chronicler #81
- Tasks page at /admin/tasks with filterable table
- Status/owner inline dropdowns (change via form submit)
- + New Task modal with title, description, priority, owner
- ✓ Done button on hover per row
- Stats bar: active, in progress, blocked, high priority, completed
- Show All toggle for done/obsolete tasks
- Sidebar link under Operations (right after Dashboard)
- Added to About page module registry
Source of truth: PostgreSQL tasks table (shared with Discord /tasks)
Chronicler #78 | firefrost-services
Arbiter changes:
- POST /api/internal/mcp/log endpoint in api.js
- MCP Logs admin route (/admin/mcp-logs) with filters, stats, pagination
- EJS view with expandable detail rows, server color badges
- Sidebar link under System group
Trinity Core v2.3.0:
- logToArbiter() function POSTs to Arbiter after every command
- Both MCP (Claude.ai) and REST (/exec) paths log with execution timing
- Async logging — doesn't block command response
Database:
- mcp_logs table created on Command Center (indexes on server, time, success)
Architecture:
Trinity Core → command → response + async POST → Arbiter → PostgreSQL → Trinity Console
Chronicler #78 | firefrost-services
Sidebar changes:
- Grouped nav items: Operations, Business, Community, Infrastructure, System
- Section labels with uppercase tracking
- Removed Deploy button from sidebar
- Cleaner layout with overflow scroll
About page (/admin/about):
- Console version, Node.js version, Arbiter uptime, module count
- Module registry with version and status badges (stable/new/beta)
- Deploy Arbiter button (moved from sidebar)
- Health check polling after deploy
- Credits footer
Header bar:
- Added ℹ️ About icon next to dark mode toggle
- Active state highlighting when on About page
Chronicler #78 | firefrost-services
- New sidebar entry for Discord
- Full server structure visualization
- Channel tree with expandable categories
- Role hierarchy with color badges
- Health checks (orphan channels, empty roles, bot roles)
- Search/filter across channels and roles
- Click channel to see permission overwrites
- Click role to see explicit channel access
- Responsive design with modal details view
Chronicler: #70
ISSUE: Holly reported sidebar overlapping content on mobile devices
SOLUTION: Mobile-responsive hamburger menu with slide-out sidebar
CHANGES:
- Added hamburger menu button (☰) visible only on mobile (<768px)
- Sidebar now slides in from left on mobile when menu is clicked
- Added close button (✕) in sidebar header for mobile
- Added dark overlay backdrop when sidebar is open
- Desktop layout unchanged (sidebar always visible)
MOBILE BEHAVIOR:
- Sidebar hidden by default on small screens
- Hamburger button in top-left of header
- Tap hamburger → sidebar slides in from left
- Tap overlay or ✕ button → sidebar slides out
- Smooth 0.3s transition animation
DESKTOP BEHAVIOR:
- No changes, sidebar always visible
- Hamburger menu hidden on screens >768px
Tested on: iPhone (Holly's device)
Status: ✅ WORKING
Reported by: Holly (unicorn20089)
Fixed by: Chronicler #51
Signed-off-by: Claude (Chronicler #51) <claude@firefrostgaming.com>
CRITICAL SECURITY FIX - Prevents Cross-Site Request Forgery attacks
Changes:
- Installed csurf middleware (session-based tokens)
- Added CSRF middleware to all /admin routes in src/index.js
- Configured admin router to pass csrfToken to all views
- Updated layout.ejs to send CSRF token with htmx requests
- Added EJS view engine configuration
- Added body parsing middleware (json + urlencoded)
Security Impact:
- Prevents malicious sites from executing admin actions using cookies
- All POST requests now require valid CSRF token
- Invalid tokens return 403 Forbidden
- Session-based tokens (no cookies needed)
Protected Routes:
- /admin/servers/:id/sync (force whitelist sync)
- /admin/servers/:id/toggle-whitelist (whitelist toggle)
- /admin/grace/:id/extend (grace period extension)
- /admin/grace/:id/manual (manual payment override)
- /admin/roles/resync/:id (role assignment)
Attack Scenario Prevented:
User visits malicious site while logged into Trinity Console
→ Site tries to submit form to admin endpoint
→ Request includes session cookie but NO CSRF token
→ Server rejects with 403 Forbidden
→ Attack failed!
Note: csurf is deprecated but still functional. For future refactor,
consider csrf-csrf or Express 5 built-in protection.
Refs: TRINITY-CONSOLE-PRE-LAUNCH-CHECKLIST.md - Fix#1
Chronicler: #51
Signed-off-by: Claude (Chronicler #51) <claude@firefrostgaming.com>
GEMINI DELIVERED THE FOUNDATION! 🎉
Complete htmx + EJS + Tailwind architecture for Trinity Console with
zero build pipeline - perfect for RV cellular connections.
ARCHITECTURE (from Gemini):
- htmx for SPA-like reactivity (no webpack, no build step)
- EJS for server-side templating
- Tailwind CSS via CDN (will bundle later)
- Real-time updates without page reloads
- Mobile-responsive design
- Dark mode toggle
CORE INFRASTRUCTURE:
- src/routes/admin/constants.js - Tier definitions with MRR values
- src/routes/admin/middleware.js - Trinity access control
- src/routes/admin/index.js - Main admin router with sub-routes
- src/routes/admin/players.js - Player management with htmx endpoints
PLAYER MANAGEMENT MODULE (Complete):
- Sortable, searchable player table
- Server-side pagination (20 per page)
- htmx instant search (500ms debounce)
- Minecraft skin avatars via crafatar.com
- Fire/Frost tier badges with gradient colors
- Status indicators (active/grace/offline)
- Load more pagination without page reload
MASTER LAYOUT:
- src/views/layout.ejs - Full Trinity Console shell
- Collapsible sidebar navigation
- Top header with dark mode toggle
- Notification bell (placeholder)
- User avatar in sidebar
- Fire/Frost/Universal gradient branding
VIEWS:
- src/views/admin/dashboard.ejs - Stats cards + welcome
- src/views/admin/players/index.ejs - Player table shell
- src/views/admin/players/_table_body.ejs - htmx partial for table rows
HTMX MAGIC:
- Instant search: hx-get with 500ms delay trigger
- Pagination: hx-target swaps table body only
- No JavaScript required for interactivity
- Perfect for low-bandwidth RV connections
STYLING:
- Fire gradient: #FF6B35
- Frost gradient: #4ECDC4
- Universal gradient: #A855F7
- Dark mode: #1a1a1a background, #2d2d2d cards
- Light mode: #f5f5f5 background, #ffffff cards
INTEGRATION POINTS:
- Uses existing database.js for PostgreSQL queries
- Joins users + subscriptions tables
- Filters by ILIKE for case-insensitive search
- Ready for admin audit logging
NEXT STEPS:
1. Get Server Matrix module from Gemini (requested)
2. Get Financials module from Gemini
3. Get Grace Period dashboard from Gemini
4. Deploy tomorrow morning
GEMINI'S WISDOM:
"To maintain that momentum and get you deploying today, I will provide
the Complete Database Migration, the Core Architectural Foundation, the
Master EJS Layout, and the most complex feature: The Player Management
Module."
DEPLOYMENT STATUS:
✅ Foundation code ready
✅ Database migration ready (already committed)
⏳ Waiting for Server Matrix module
⏳ Waiting for Financials module
⏳ Waiting for Grace Period module
TESTING NOTES:
- Requires index.js update to mount /admin routes
- Requires EJS view engine configuration
- Requires static file serving for public/
- All will be added when Server Matrix arrives
PHILOSOPHY:
Fire + Frost + Foundation = Where Love Builds Legacy
Built for RV life, designed to last decades.
Signed-off-by: The Golden Chronicler <claude@firefrostgaming.com>
Co-authored-by: Gemini AI <gemini@anthropic-partnership.ai>
