initial commit

Author: ThomasLohner

.dockerignore

@@ -0,0 +1,26 @@
+node_modules
+.nuxt
+.output
+.cache
+.data
+dist
+
+*.db
+*.db-wal
+*.db-shm
+
+.env
+.env.*
+
+*.log
+data/
+
+.DS_Store
+.fleet
+.idea
+.vscode
+
+.claude
+.playwright
+.playwright-mcp
+.git

.github/workflows/ci.yml

@@ -0,0 +1,34 @@
+name: ci
+
+on: push
+
+jobs:
+  ci:
+    runs-on: ${{ matrix.os }}
+
+    strategy:
+      matrix:
+        os: [ubuntu-latest]
+        node: [22]
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+
+      - name: Install pnpm
+        uses: pnpm/action-setup@v4
+
+      - name: Install node
+        uses: actions/setup-node@v6
+        with:
+          node-version: ${{ matrix.node }}
+          cache: pnpm
+
+      - name: Install dependencies
+        run: pnpm install
+
+      - name: Lint
+        run: pnpm run lint
+
+      - name: Typecheck
+        run: pnpm run typecheck

.gitignore

@@ -0,0 +1,43 @@
+# Build outputs
+.output
+.nuxt
+.nitro
+.cache
+.data
+dist
+
+# Dependencies
+node_modules
+
+# Environment
+.env
+.env.*
+
+# Database
+*.db
+*.db-wal
+*.db-shm
+
+# Logs
+*.log
+
+# Uploads
+data/
+
+# IDE / Editor
+.DS_Store
+.fleet
+.idea
+.vscode
+.editorconfig
+
+# Claude Code
+.claude
+
+# Playwright
+.playwright
+.playwright-mcp
+
+# Session Stuff
+TODO/
+prompts/

CLAUDE.md

@@ -0,0 +1,116 @@
+# Completo - All the Toppings. None of the Mess.
+
+> **About this file:** CLAUDE.md is for agent guidance — architectural decisions, rules, conventions, and gotchas that can't be inferred from reading code. Don't bloat it with code-level details (file listings, prop docs, full API specs) that agents can discover by reading the source. Focus on the "why", not the "what".
+
+Kanban board app. Nuxt 4 + Nuxt UI 4 + Tailwind 4 + Drizzle ORM + SQLite. Plus Jakarta Sans + JetBrains Mono. Lucide icons (`i-lucide-*`). pnpm.
+
+```bash
+pnpm install && npx drizzle-kit push && pnpm db:seed && pnpm dev  # http://localhost:3000
+```
+
+Demo: `demo@example.com` / `demo1234` | Admin: `admin@example.com` / `admin1234`
+
+## Architecture
+
+### The Core Model
+
+**Statuses and cards belong to projects, not views.** Boards and lists are *views* — they don't own data. Cards have a `projectId` + `statusId`; boards see cards through `boardColumns` (junction table). Removing a column from a board just unlinks it — cards survive. Deleting a status cascades everywhere.
+
+**Don't confuse the two kinds of "column":**
+
+| Concept | What it is | DB table |
+|---------|-----------|----------|
+| **Board column** | How a status appears on a board (position) | `boardColumns` |
+| **Field column** | Which card field shows in a list table | `listColumns` |
+
+### Key Design Decisions
+
+- **Done status & retention:** `doneStatusId` + `doneRetentionDays` on projects. Views **filter out** (not delete) old done cards. Card counts exclude done status. `null` retention = keep forever.
+- **Primary keys:** UUIDs everywhere. **Exception:** cards use INTEGER AUTOINCREMENT (for `TK-42` style IDs). Always parse card IDs with `Number()`.
+- **Positions:** Integer `position` field. New items = `max(existing) + 1` (not `.length`).
+- **Password sentinels:** `'!oauth'` = OAuth-only user, `'!invited'` = admin-created pending setup. Both are unhashable.
+- **Synthetic admin role:** API returns `role: 'admin'` for non-member admins viewing projects — don't display it as a real project role.
+
+### Auth & Permissions
+
+- `isAdmin=1` bypasses membership checks via synthetic `{ role: 'owner' }`. My Tasks is NOT admin-elevated.
+- **404 not 403** for non-member access (don't leak resource existence).
+- **IDOR prevention:** Every card/tag/board endpoint validates resources belong to the correct project.
+- **No email in search results** — user search returns name only.
+- Domain allowlist restricts self-registration only — invitations and admin-created users bypass it.
+- Login requires verified email. `isEmailEnabled()` checks `SMTP_HOST`.
+
+### Email Templates (Gotchas)
+
+- Table-based layout only (no flexbox/grid)
+- Solid hex colors only (no `rgba()` — breaks in 21% of clients)
+- No `border-radius` on buttons (use VML `v:roundrect` for Outlook)
+
+## Conventions
+
+### Do
+
+- **Fetch:** Pages use `useFetch()`, composables use `$fetch()`. Refresh after mutations.
+- **Composables:** `useKanban()`/`useListView()` accept slug-or-ID + optional `{ projectSlug }` to prevent cross-project slug collisions.
+- **Transactions:** `db.transaction()` for multi-step DB operations.
+- **SSR:** `ssr: true` with `routeRules`. Auth routes `ssr: false`. vuedraggable via `defineAsyncComponent` + `<ClientOnly>`.
+- **DB access:** `db` + `schema` auto-imported. `server/utils/` is auto-imported — don't use `~/server/utils/...` (Nuxt 4: `~` = `app/`).
+- **Database schema:** `server/database/schema.ts` — all tables, columns, relations. Migrations in `server/database/migrations/`.
+- **OpenAPI spec** (`server/api/openapi.get.ts`) must stay in sync with endpoints. Only covers headless API usage — frontend-internal endpoints (slug/key validation, UI column config, notifications, OAuth redirects, registration flows) are intentionally omitted.
+- **Write tests** for new features. Run `pnpm test` after changes.
+
+### Don't
+
+- **Don't use `theme()` in scoped CSS** — Tailwind v4 uses `var(--color-*)`.
+- **Don't use CSS `ring-*` for tag pills** — they use `box-shadow` inset borders.
+- **Don't use native `<input type="date">`** — use `UPopover` + `UCalendar` + `CalendarDate`.
+- **Don't use `document.createElement('input')` for file pickers** — use a persistent hidden `<input>` ref.
+- **Don't use `@keydown` on forms for Cmd+Enter** — portals break it. Use global `document` listener with `capture: true`.
+- **Don't close the browser** during Playwright MCP sessions. Screenshots go in `.playwright/`, clean up after.
+
+### Styling
+
+- **Aesthetic:** "Trello meets Linear" — indigo-violet primary, zinc neutrals.
+- **Priority icons:** `alert-circle`=urgent, `chevron-up`=high, `grip-horizontal`=medium, `chevron-down`=low. Colors: red/orange/indigo/slate. Helpers in `app/utils/constants.ts`.
+- **Due date colors:** red=overdue, orange=due-soon (today/tomorrow), slate=future.
+- **Ticket IDs:** `{projectKey}-{cardId}`, sits above card title (not in footer).
+- **Destructive actions:** Wrapped in `<UTooltip>`. Views/projects use type-name-to-confirm; cards use simple confirm.
+- **ESLint:** No comma dangles, 1tbs brace style.
+
+## Testing
+
+Two vitest projects: `unit` (fast) + `integration` (sequential, 30s timeout). Test DB on `:43210`.
+
+**Gotchas:**
+- `fetch(url('/path'))` for raw responses (ofetch throws on non-2xx)
+- `randomKey()` in fixtures to avoid 409 conflicts
+- `process.env.NODE_ENV` inlined at build — use custom env vars for runtime gating
+- Kill stale test server: `lsof -ti:43210 | xargs kill -9`
+
+## Environment & Commands
+
+`NUXT_SESSION_PASSWORD` is the only required env var (min 32 chars). See `.env.example` for the rest. Key vars: `DATABASE_URL` (default `sqlite.db`), `AI_PROVIDER` (`anthropic`/`openai`/`openrouter`, empty=disabled), `SMTP_HOST` (empty=email disabled), `UPLOAD_DIR` (default `data/uploads`), `NUXT_OAUTH_*_CLIENT_ID/SECRET` (empty=provider disabled).
+
+```bash
+pnpm dev / build / test / lint / typecheck
+pnpm db:migrate / db:seed / db:cleanup
+pnpm user:create <email> <password> [name] [admin]
+pnpm user:set-role <email> <admin|user>
+pnpm user:verify-email <email>
+npx drizzle-kit push          # Dev only — diffs schema against DB
+npx drizzle-kit generate      # Generate migration SQL from schema changes
+```
+
+### Schema Changes & Migrations
+
+`drizzle-kit push` = dev (no migration files). `pnpm db:migrate` = production (applies SQL from `server/database/migrations/`).
+
+**After every schema change:** edit `schema.ts` → `npx drizzle-kit generate` → commit the migration. If you skip generating, production deploys will fail.
+
+**`scripts/package.json`** is a deploy manifest for CLI tools. When changing imports in scripts, update it to keep deps in sync.
+
+## Documentation
+
+- Nuxt: https://nuxt.com/llms.txt
+- Nuxt UI: https://ui.nuxt.com/llms.txt
+- Nuxt Auth Utils: https://raw.githubusercontent.com/atinux/nuxt-auth-utils/refs/heads/main/README.md

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Completo
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,49 @@
+# Completo
+
+**All the toppings. None of the mess.**
+
+---
+
+Completo is a self-hosted project board for teams who just want to get things done. Named after the legendary Chilean hot dog, piled high with everything: avocado, tomato, mayo, sauerkraut. Your project starts the same way. Tasks stacked, ideas overflowing, endless opinions - too much of everything. Completo's boards help you make sense of the chaos. No setup marathons, no learning curve — just open a board and go. Get your stuff done. Drag. Drop. Completo.
+
+### Free. Open Source. One command.
+
+Completo costs nothing. Zero. Nil. `undefined`. It's MIT licensed — fork it, break it, fix it, ship it. No hosted plans. No premium tier. No "let's schedule a call to discuss pricing."
+
+Install it with one command:
+
+```bash
+git clone https://github.com/ScaleCommerce-dev/completo.git
+cd completo
+npm install
+```
+
+That's it. No Docker compose files. No Kubernetes manifests. No 14-step setup guide written by someone who clearly hates you. SQLite is baked in — there's no database to provision, no connection string to fumble. Start it. Open your browser. Drag. Drop. Completo.
+
+### Why it exists
+
+Because every ticket system starts as "we just need something simple" and ends as a mass of gantt charts, resource leveling matrices, and a 200-page admin guide that nobody reads, maintained by nobody, understood by nobody.
+
+You didn't want that. You wanted a board with columns and cards. So that's what we built. And then we stopped.
+
+### What it does
+
+- **Boards** — Create as many as you need. Configure the columns yourself. Done.
+- **Cards** — Title. Description. Assignee. Priority. Drag it. That's the feature list.
+- **Projects** — Separate your work. Invite your team. Keep things tidy.
+- **My Tasks** — One checklist. Everything assigned to you. Across all projects. Check it off. Go home.
+- **SSO** — Sign in with your existing identity provider. No new password to forget and then reset and then forget again.
+
+### What it doesn't do
+
+Gantt charts. Time tracking. Burndown charts. Sprint velocity. Story points. Epics. Dependencies. Custom fields. Webhooks. Integrations. Blockchain-based task verification.
+
+You're welcome.
+
+### The philosophy
+
+Your board should be empty at the end of the week. That's it. That's the philosophy. Every feature in Completo exists to help you get there faster. Everything that doesn't was never added in the first place.
+
+All the toppings. None of the mess.
+
+

app/app.config.ts

@@ -0,0 +1,8 @@
+export default defineAppConfig({
+  ui: {
+    colors: {
+      primary: 'blue',
+      neutral: 'slate'
+    }
+  }
+})

app/app.vue

@@ -0,0 +1,30 @@
+<script setup>
+useHead({
+  meta: [
+    { name: 'viewport', content: 'width=device-width, initial-scale=1' }
+  ],
+  link: [
+    { rel: 'icon', type: 'image/svg+xml', href: '/favicon.svg' },
+    { rel: 'icon', type: 'image/png', sizes: '32x32', href: '/favicon-32x32.png' },
+    { rel: 'icon', type: 'image/png', sizes: '16x16', href: '/favicon-16x16.png' },
+    { rel: 'icon', sizes: '48x48', href: '/favicon.ico' },
+    { rel: 'apple-touch-icon', sizes: '180x180', href: '/apple-touch-icon.png' }
+  ],
+  htmlAttrs: {
+    lang: 'en'
+  }
+})
+
+useSeoMeta({
+  title: 'Completo — All the Toppings. None of the Mess.',
+  description: 'Drag. Drop. Completo.'
+})
+</script>
+
+<template>
+  <UApp>
+    <NuxtLayout>
+      <NuxtPage />
+    </NuxtLayout>
+  </UApp>
+</template>