Implements Option C (Hybrid) solution to prevent outdated documentation:
New Features:
- Pre-commit git hook that validates documentation before every commit
- npm run docs:check - Validates README against current project state
- npm run docs:sync - Automatically updates NPM Scripts section in README
What gets checked:
- NPM Scripts in package.json vs README
- API routes in app/api/* vs README
- App structure (directories in app/) vs README
- Components vs README
- Scripts vs README
Workflow:
1. Make code changes
2. git commit triggers pre-commit hook
3. Hook warns if documentation is outdated
4. Run docs:sync to auto-update or edit manually
5. Commit with updated README
Benefits:
- No more forgetting to update README
- Non-blocking (can use --no-verify if needed)
- Automatic NPM scripts synchronization
- Clear warnings show exactly what needs updating
Scripts added:
- scripts/check-docs.js - Validation script
- scripts/sync-docs.js - Synchronization script
- .git/hooks/pre-commit - Git hook (not tracked)
Documentation:
- Added complete workflow section in README
- Examples and usage tips included
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
CRITICAL FIX: The OwnTracks app publishes to owntracks/<username>/<device_id>,
not owntracks/owntrack/<device_id>. This was causing data delivery failures
and privacy violations.
Changes:
- Fix ACL topic pattern: owntracks/<username>/# (was: owntracks/owntrack/<device_id>)
- Backend now uses MQTT_ADMIN_USERNAME for global subscription
- Update UI forms and placeholders with correct pattern
- Update email template with correct topic format
- Enable Mosquitto ACL file for user isolation
- Add migration script for existing ACL rules
- Update documentation (README, GEMINI.md)
Privacy & Security:
- Each user isolated at MQTT broker level via ACL
- Backend subscribes with admin credentials to owntracks/+/+
- Web UI filters data by parent_user_id for additional security
- GDPR compliant multi-layer defense in depth
Files changed:
- lib/mqtt-db.ts - Updated createDefaultRule() to use username
- app/api/mqtt/credentials/route.ts - Pass username to ACL creation
- app/admin/mqtt/page.tsx - UI forms and state management
- emails/mqtt-credentials.tsx - Email template topic pattern
- lib/mqtt-subscriber.ts - Use admin credentials from env
- mosquitto/config/mosquitto.conf - Enable ACL enforcement
- README.md, GEMINI.md - Documentation updates
- scripts/fix-acl-topic-patterns.js - Migration script
- MQTT_TOPIC_FIX.md - Detailed implementation guide
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added documentation for:
- parent_user_id column in User table (hierarchical user management)
- mqtt_credentials table with device authentication
- mqtt_acl_rules table for topic permissions
- mqtt_sync_status table for broker synchronization
- All new database indexes
- Updated ER diagram with new relationships
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
