Changelog

Recent updates and changes to the Sanctum platform.

February 21, 2026

🌍 Blizzard API Localization

Multi-locale support for journal game data (expansions, instances, encounters).

Backend

• ✅ Added JournalExpansionLocale, JournalInstanceLocale, JournalEncounterLocale Prisma models with composite (entityId, locale) keys
• ✅ Prisma migration: add_journal_locale_tables
• ✅ BattleNetAdapter — added locale parameter to journal methods + text-only fetch methods (getJournalInstanceText, getJournalEncounterText)
• ✅ JournalInstanceSyncService — fetches all 6 Blizzard locales during sync (5 non-English locales fetched in parallel via Promise.all, ~70s for locale phase)
• ✅ GameDataService — locale-aware queries with English fallback; cache keys include locale
• ✅ GameDataController — optional ?locale= query parameter on all endpoints
• ✅ JournalInstanceSyncProcessor — cache invalidation clears all locale-scoped keys
• ✅ Shared locale utilities (apps/api/src/common/locale.ts)

Frontend

• ✅ useBlizzardLocale() hook — maps i18next language to Blizzard locale code
• ✅ appLocaleToBlizzard() utility (shared between API and web)
• ✅ RTK Query endpoints (gameDataApi) accept and pass locale parameter
• ✅ All call sites updated: EventCard, EventDetail, EventActivityDetailsSection, useEventFormState

Tests

• ✅ locale.spec.ts — backend locale utilities
• ✅ game-data.service.spec.ts — locale-aware data retrieval and cache keys
• ✅ locale.test.ts — frontend locale mapping

🌐 Mobile Nav i18n

• ✅ DrawerGuildSection — replaced 14 hardcoded strings with t() calls using existing guild:nav.*, guild:settingsNav.*, and guild:members keys
• ✅ MobileNavDrawer — replaced "Menu", "Admin", and aria-label strings with t() calls
• ✅ Added navigation.menu and navigation.mainNavigation keys to all 7 locale files

📦 Dependency Updates

• dotenv v17 — bumped from v16. Only behavioral change: startup log now shows by default ([dotenv] injecting env (N) from .env). Suppress with DOTENV_CONFIG_QUIET=true if needed.
• ESLint v10 — bumped from v9. Already on flat config so migration was minimal. Wrapped eslint-plugin-react with @eslint/compat's fixupPluginRules() to bridge the removed context.getFilename() API. Added @eslint/compat to root devDependencies.
• cache-manager-redis-yet → @keyv/redis — replaced the old Redis store adapter with @keyv/redis (Keyv-native). CacheModule factory is now synchronous; uses stores: [createKeyv(options)] instead of the old store + async redisStore(). Cache invalidation handler updated to access stores[0].store.client for pattern-based key deletion.
• Tailwind CSS v4 — upgraded from v3. Switched from PostCSS plugin to @tailwindcss/vite (faster Vite-native processing). Removed autoprefixer (v4 handles vendor prefixes natively). index.css updated from @tailwind directives to @import "tailwindcss" + @config to keep the existing HeroUI theme config in place.

---

February 20, 2026

⚡ Session Check Performance Fix

Fixed redundant GET /api/v1/auth/get-session calls on every client-side navigation.

• Problem: requireAuth() in TanStack Router beforeLoad guards called authClient.getSession() (a direct fetch) on every navigation to a protected route (~15 routes). This was independent of the authClient.useSession() nanostores atom used in components, resulting in unnecessary server round-trips on every page change.
• Fix: Added a 60-second TTL cache and request deduplication to auth.getSession() in apps/web/src/lib/auth.ts. Subsequent navigations within the window return the cached session. signOut() and invalidateSession() clear the cache immediately.

---

February 16, 2026

📅 Events Calendar UI Improvements

Event Card Layout

• ✅ Two-row layout — Event cards restructured for better readability
  • Row 1: Status icons + Title + Time
  • Row 2: Event type icon + Recurring icon + Signup count
• ✅ Accessibility — Changed raid event color from red to primary blue for better contrast
• ✅ Today button — Moved between month navigation arrows for better UX (< Today >)

Week Overview on Guild Overview Page

• ✅ Next 7 Days grid — Shows upcoming events in 7-day grid view
• ✅ Responsive layout — Single column on mobile, single row on desktop
• ✅ Quick navigation — "View calendar" button links to full events page
• ✅ Event details — Each day shows up to 3 events with time, "+X more" indicator

📅 Events UI Enhancements

View Modes & Filters

• ✅ Month / Week / List — ButtonGroup to switch between calendar month, week (current week grid), and list views
• ✅ Search — Filter events by title or creator name (client-side on loaded data)
• ✅ Event type filters — Toggle raid, dungeon, social, pvp chips to show/hide types
• ✅ Date range — Calendar and week views use startDate/endDate on GET /guilds/:guildId/events for efficient loading; list view uses pagination

Calendar UX

• ✅ Week view — Current week grid with day cells; same event cards and date selection as month
• ✅ Today — "Today" button resets month/year and clears selected date
• ✅ Prev/Next month — Icon buttons with aria-label="Previous month" / "Next month"
• ✅ Date selection — Click day to filter events to that date; click again to clear

Event Cards & Navigation

• ✅ Prefetch — Event detail route prefetched on card hover/focus for faster navigation
• ✅ Child route — Events page renders <Outlet /> when on /events/$eventId so list/calendar don’t flash during navigation

Accessibility

• ✅ EventSlotsSection — Select (role) and Input (max count) have aria-label per slot (e.g. "Role for slot 1", "Max count for slot 1") for screen readers

🔧 Organization Detail API Fixes

Roster Members in Organization Detail Response

• ✅ GET /organizations/:id now accepts page, pageSize, sortBy, sortOrder query params
• ✅ Returns rosterMembers (full guild roster from Blizzard sync) with claimedByCharacter relations
• ✅ Returns rosterPagination (page, pageSize, total, totalPages) for infinite scroll
• ✅ Previously only returned memberships (user's own synced characters), now returns the full guild roster

CASL Ability Rules & Permission Fix

• ✅ GetOrganizationDetailUseCase now generates real CASL ability rules via AbilityFactory
• ✅ Membership lookup uses orderBy: { role: { wowRank: 'asc' } } to pick highest-ranked character
• ✅ Fixed "Guild Roster is Private" showing for guild masters due to empty abilityRules: []

WowGuild Data in Organization Responses

• ✅ Organization detail and list endpoints now include WowGuild fields (realm, faction, emblemData, logoUrl, etc.)
• ✅ currentLogoUrl computed from useCustomLogo preference
• ✅ roles array included in organization detail response

Guild Text Content Endpoints

• ✅ GET /organizations/:id/text-content — fetch all text content types (motd, rules, loot_rules, etc.)
• ✅ PATCH /organizations/:id/text-content — update text content with version history tracking

🕐 Last Login & Character Sync UX

Last Login Persistence

• ✅ Character.lastLoginAt — when character was last played (from Blizzard profile)
• ✅ GuildMember.lastLoginAt — persisted during roster sync avatar fetch
• ✅ Character enrichment processor persists lastLoginAt from last_login_timestamp
• ✅ Avatar fetch processor parses and persists lastLoginAt for roster members
• ✅ When claimed, roster sync also updates linked Character's lastLoginAt

Display & Sort

• ✅ Guild roster "Last seen" — uses lastLoginAt when available, else N/A
• ✅ Character cards show both "Last synced" and "Last login"
• ✅ Characters page sort by "Last login" (most recent first, nulls last)
• ✅ Guild detail sort by last seen uses lastLoginAt with fallback to lastSeenInRoster

Role & Cache Fixes

• ✅ Role endpoints resolve guild by ID or alias (fixes 404 when using alias in URL)
• ✅ Role updates (create, update, delete, permissions) bust guild cache
• ✅ Guild cache invalidation by both ID and alias

Character Sync UX

• ✅ Dismiss button on sync progress when complete or failed (desktop + mobile)
• ✅ HeroUI onPress replaces deprecated onClick on Button components

📅 Recurring Events & Event Scope

Recurring Event Series

• ✅ Create multiple events at once with recurringDates array
• ✅ Events share recurringSeriesId for batch operations
• ✅ POST /events/:id/cancel-series — cancel all events in series
• ✅ DELETE /events/:id/delete-series — delete all events in series
• ✅ Use cases: CancelRecurringSeriesUseCase, DeleteRecurringSeriesUseCase

Event Scope (guild vs group)

• ✅ scope: guild — full guild event, officers only can create
• ✅ scope: group — member event, any guild member can create
• ✅ Default: group
• ✅ CASL ability checks enforce scope on create

Event Enhancements

• ✅ imageUrl — custom or journal instance image
• ✅ POST /events/:id/image — upload event image (5MB max, moderation)
• ✅ journalInstanceId — link to Blizzard instance for auto metadata/image
• ✅ status — draft, published, cancelled, completed

🛡️ Admin Panel

• ✅ Admin-only routes (/admin) — requires isAdmin (Manage All)
• ✅ User.isAdmin — platform admin flag
• ✅ GET /admin/admins — list admins
• ✅ GET /admin/users?q= — search users for promotion
• ✅ POST /admin/admins/:userId — promote/demote admin
• ✅ GET /admin/stats — platform usage (guilds, users, events, etc.)
• ✅ POST /admin/sync-instances — trigger journal sync
• ✅ GET /admin/sync-instances/active — active sync session
• ✅ GET /admin/sync-status — recent roster + instance syncs
• ✅ GET /admin/jobs — queue health

📖 Game Data (Journal Instances)

• ✅ JournalExpansion, JournalInstance, JournalEncounter — Blizzard-synced raid/dungeon metadata
• ✅ GET /game-data/expansions — WoW expansions
• ✅ GET /game-data/instances?category=raid|dungeon — raids and dungeons
• ✅ GET /game-data/encounters?journalInstanceId= — bosses per instance
• ✅ Public endpoints (no auth)

🔄 Journal Instance Sync

• ✅ BullMQ queue: journal-instance-sync
• ✅ Processor: JournalInstanceSyncProcessor
• ✅ WebSocket: InstanceSyncGateway — real-time progress
• ✅ JournalSyncSession — tracks expansions, instances, encounters progress
• ✅ useInstanceSync hook + InstanceSyncProgress component
• ✅ Admin panel: trigger sync, view progress

📦 Storage & Image Moderation

• ✅ StorageService — S3 or local filesystem for event images
• ✅ ImageModerationService — moderation on upload
• ✅ Event image upload with validation (5MB, JPEG/PNG/GIF/WebP)

📝 Participation Updates

• ✅ characterId — which character user brings
• ✅ roleKey — links to EventSlot
• ✅ Status: waitlist, declined added

📚 Documentation

• ✅ Domain Schema — updated Event, User, Participation, Journal entities
• ✅ API Endpoints — admin, events, game-data, recurring series
• ✅ Background Jobs — journal-instance-sync
• ✅ WebSocket Pattern — instance sync example

---

February 15, 2026

📝 Guild Posts Visibility Fix

Fixed guild posts with visibility: guild not appearing for authenticated members.

• Cache: Added Cache-Control: no-store and Vary: Authorization to posts endpoints so responses are not cached by auth state (was causing 304 with stale unauthenticated data)
• Facade: Added canManageGuild to getGuildPosts options type so it is passed correctly to the use case
• Frontend: skip: !guild ensures posts are fetched only after guild (and auth) loads

📱 Characters Mobile UX & API Fixes

Mobile

• ✅ Floating bottom action bar (iOS-style island) for characters page
• ✅ Sync progress shown inline in floating bar when syncing
• ✅ CharactersFilterSheet (bottom sheet) for mobile filters
• ✅ CharactersMobileBar with Create, Sync, Filters

API

• ✅ GET /characters/templates – Fixed to return templates (was returning [])
• ✅ POST /characters – Added endpoint for manual character creation (was 404)
• ✅ DTO validation for create (uses dto/create-manual-character.dto.ts)

🔗 Guild Alias Support

Guilds can now be accessed by UUID or URL-friendly alias.

Backend

• ✅ Added alias field to Guild model (optional, unique)
• ✅ findGuildByIdOrAlias resolves both UUID and alias across all guild endpoints
• ✅ Alias lookup for guild detail, logo, roster, and abilities guard
• ✅ alias included in guild detail API responses

Frontend

• ✅ Guild alias editor in settings page
• ✅ URL navigation supports /guilds/:alias for clean URLs
• ✅ Auto-generated aliases for Blizzard-synced guilds
• ✅ Cache invalidation for guild updates

🚀 CI/CD Workflow Refactor

GitHub Actions test workflow updated for full E2E support.

• ✅ Postgres 16 service for E2E tests
• ✅ Redis 7 service for E2E tests (cache, BullMQ)
• ✅ JWT_SECRET and OAuth env vars in CI
• ✅ Separate jobs: unit tests (fast), E2E tests (Postgres + Redis), coverage

🔐 OAuth Support in CI

• ✅ Battle.net and Discord OAuth client IDs/secrets/callbacks configured for test environment
• ✅ Enables E2E tests that require auth flows

🧪 E2E Test Improvements

• ✅ Clean up e2e test configuration and data isolation
• ✅ Fix membership test data isolation
• ✅ Fix tests after findGuildByIdOrAlias implementation

⚡ Frontend UX

• ✅ Suspense boundaries and loading states on guild routes
• ✅ Fix guild alias input validation

---

February 1, 2026

🌍 Internationalization (i18n) System (3 pts)

Implemented comprehensive i18n system using i18next for multi-language support.

i18n Infrastructure

• ✅ Installed i18next, react-i18next, i18next-browser-languagedetector
• ✅ Created namespaced translation structure (common, guild, character, roster)
• ✅ TypeScript integration with type-safe translation keys
• ✅ Auto language detection (localStorage → browser → fallback to English)

Translation Files (English)

• ✅ common.json - Shared translations (actions, errors, validation, status)
• ✅ guild.json - Guild management with confirmations and messages
• ✅ character.json - Character operations
• ✅ roster.json - Roster management and sync

i18n Features

• ✅ Zero latency (translations bundled with app, no network requests)
• ✅ Type-safe keys with IDE autocomplete
• ✅ Interpolation for dynamic values ({{name}}, {{count}})
• ✅ Built-in pluralization (member vs members)
• ✅ Language persistence in localStorage
• ✅ Git-based workflow (translations versioned with code)

i18n Documentation

• ✅ Complete guide in docs/guides/internationalization.md
• ✅ Usage examples and best practices
• ✅ Migration strategy from hard-coded strings
• ✅ Guide for adding new languages
• ✅ Example component with all patterns

i18n Benefits

• Frontend-only (no backend dependency)
• Reliable offline development
• Industry-standard approach (same as GitHub, Linear, Vercel)
• Ready to integrate with Lokalise/Crowdin when needed
• Follows "boring solutions" philosophy

Next Step: Gradually extract hard-coded strings to translation keys

🔔 Toast Notification System (3 pts)

Implemented comprehensive UI toast notification system for user feedback.

Toast Infrastructure

• ✅ Installed @heroui/toast package (v2.0.20)
• ✅ Added ToastProvider to app root with portal-based rendering
• ✅ Created useToast() hook for simple toast API
• ✅ Created useToastMutations() for RTK Query integration

Toast Features

• ✅ Success, error, info, warning, and loading toast variants
• ✅ Promise-based toasts that auto-update on resolve/reject
• ✅ Rich descriptions and custom timeouts
• ✅ Perfect integration with HeroUI theme (light/dark mode)
• ✅ Top-right placement with close buttons
• ✅ Max 3 visible toasts, 4s auto-dismiss

Toast Documentation

• ✅ Complete guide in docs/guides/toast-notifications.md
• ✅ Example component with usage patterns
• ✅ API reference and best practices

Toast Benefits

• Native HeroUI component (no external dependencies like Sonner)
• Automatic theme integration
• Ready for mutation feedback across the app
• Accessible and mobile-friendly

Next Step: Integrate toasts into existing mutations (guild create/update/delete, etc.)

🗑️ Archive & Delete Feature (21 pts)

Complete archive and delete functionality for guilds and characters with smart business rules.

Backend Changes

• ✅ Added active and archivedAt fields to Guild model
• ✅ Archive/restore/delete endpoints for guilds (PATCH /archive, PATCH /restore, DELETE /:id)
• ✅ Archive/restore/delete endpoints for characters
• ✅ Business rules: only standalone guilds and manual characters can be hard-deleted
• ✅ Proper cache invalidation on all operations

Frontend Changes

• ✅ New ConfirmDialog reusable component for destructive actions
• ✅ Archive/restore/delete actions in character cards (dropdown menu)
• ✅ Danger Zone in guild settings with archive/delete options
• ✅ "Show Archived" toggle on guild list (persisted in localStorage)
• ✅ Archived count always visible regardless of toggle state
• ✅ Restore UI for archived guilds with prominent notice
• ✅ Visual indicators for archived items (opacity + chip badges)

Permissions & Security

• ✅ Fixed CASL permissions to grant Delete action to users with canManageGuild
• ✅ Ownership verification for character operations
• ✅ Only standalone guilds can be permanently deleted (not Blizzard-synced)
• ✅ Only manual characters can be permanently deleted (not Blizzard-synced)

Cache Management

• ✅ Frontend: Proper query key invalidation for all guild queries
• ✅ Backend: Redis pattern-based cache clearing for guild lists
• ✅ Immediate UI updates after operations

UX Improvements

• ✅ Persistent toggle state in localStorage
• ✅ Confirmation dialogs for all destructive actions (archive/restore/delete)
• ✅ Clear messaging about reversibility and data preservation
• ✅ Color-coded dialogs (warning for archive, danger for delete, primary for restore)

See Archive & Delete Documentation for full details.

🔐 OAuth & Authentication Fixes

OpenID Connect Compliance

• ✅ Added openid scope to Battle.net OAuth configuration
• ✅ Battle.net authentication now follows OIDC standards
• ✅ Receives signed ID token with verified user claims
• ✅ Enhanced security with cryptographic token verification
• ✅ Updated documentation with OIDC implementation details

Benefits:

• Standardized authentication flow
• Cryptographically verified identity tokens
• Interoperability with OIDC-compliant systems
• Security best practices for identity verification

Fixed OAuth callback URLs and login flow

• ✅ Corrected backend OAuth callback URLs from port 3000 to 3001
  • DISCORD_CALLBACK_URL: http://localhost:3001/api/v1/auth/discord/callback
  • BATTLENET_CALLBACK_URL: http://localhost:3001/api/v1/auth/battlenet/callback
• ✅ Fixed frontend login page to use correct API URL (VITE_API_URL)
• ✅ Updated settings page OAuth links to use correct port
• ✅ Modernized login page UI with HeroUI components

Action Required

• Update OAuth app callback URLs in Discord Developer Portal
• Update OAuth app callback URLs in Battle.net Developer Portal

🎭 Role System Updates

Added founder role protection

• ✅ Added isFounder field to Role model
• ✅ Founder role (initial guild master) cannot be deleted
• ✅ Still allows editing name and permissions
• ✅ Frontend shows warning message for founder roles
• ✅ Backend enforces deletion protection

Guild creation improvements

• ✅ Added Step 5 to guild creation: "Master Role"
• ✅ Users can customize the guild master role name
• ✅ Default: "Guild Master" (customizable to "Leader", "Admin", etc.)
• ✅ Shows full permissions info card
• ✅ Simplified standalone guild creation (one custom role instead of 5 WoW ranks)

Custom role refinements

• ✅ Custom roles always have wowRank = null
• ✅ WoW ranks (0-9) only used for Blizzard-synced guilds
• ✅ Removed WoW rank field from custom role creation
• ✅ Improved modal validation and error messages

📋 Role Management Modal Refactor

Component modularization

• ✅ Split large modal component into smaller files
  • index.tsx - Main container
  • types.ts - Shared interfaces
  • RoleFormFields.tsx - Form inputs
  • PermissionsSection.tsx - Permissions toggles
  • InfoCards.tsx - Reusable info/warning cards
  • useRoleMutations.ts - API mutations hook
• ✅ Replaced emojis with Heroicons throughout
• ✅ Improved type safety and maintainability

📚 Documentation (1 pt)

Updated guides

• ✅ Authentication System - OAuth flows with correct ports
• ✅ Network Configuration - Port reference guide
• ✅ Role System - Custom roles vs WoW-synced roles
• ✅ API Reference - Role CRUD endpoints with business rules

Development Notes

Port Configuration Summary

Service	Port	URL
API	3001	http://localhost:3001
Web	5173	http://localhost:5173
Docs	3002	http://localhost:3002
PostgreSQL	5432	localhost:5432
Redis	6379	localhost:6379

OAuth Flow

flowchart LR
    A[User] --> B["Frontend (5173)"]
    B --> C["API (3001)"]
    C --> D[OAuth Provider]
    D --> E["Callback (3001)"]
    E --> F["Frontend (5173)"]

Role Types

Type	wowRank	isFounder	Deletable?
WoW-synced	0-9	false	❌ No (synced)
Founder role	null	true	❌ No (founder)
Custom role	null	false	✅ Yes (if no members)

Testing

All changes include:

• ✅ Unit tests (guild service: 6/6, role service: 17/17)
• ✅ Zero linting errors
• ✅ Migration tested on dev database
• ✅ OAuth flow tested with actual providers

Future Improvements

Planned

• Token refresh for longer sessions
• Multi-factor authentication
• Session management (view/revoke)

Role System

• Bulk role assignment
• Role templates
• Permission presets
• Role hierarchy visualization

UI/UX

• Dark mode improvements
• Mobile responsive design
• Loading states
• Error boundaries