Vault Log — kebahagiaan.corone.monster

[2026-04-28] decision | Karpathy LLM vault method adopted on both vaults

User directive: “everytime a session start, all memory should be connected here, needs to have a clear context and continuation”. Wiki at /var/www/kebahagiaan.corone.monster/.wiki/ + /var/www/corone.monster/.wiki/.

[2026-04-28] ingest | Caveman mode marked ABSOLUTE / always-on

Saved as user pref + concept page. Never deactivate without explicit /stop caveman.

[2026-04-28] ingest | huashu-design skill installed

~/.claude/skills/huashu-design/ — auto-invoke for visual design output. 32MB w/ demos.

[2026-04-30] ingest | Corone Design System “Quiet Premium” SHIPPED

commit 2a1ac51 on release/kebahagiaan. OKLCH tokens, P1–P5 done. Pushed.

[2026-04-30] ingest | Pasukuru FE + BE running locally on :3200/:3201

Multi-tenant ecommerce. Next.js 16. NestJS+TypeORM+MySQL+Redis+BullMQ.

[2026-04-30] decision | GitHub workflow rules ABSOLUTE

New branch always 2) Jira ID in commit + branch + PR 3) No auto-merge.

[2026-04-30] decision | Per-workspace git author rules ABSOLUTE

corone.monster=Ryo, kebahagiaan=Julian. Curva branch format user/corone-CRV-XX-Task-name.

[2026-04-30] ingest | Jira MCP installed (cocon-inc.atlassian.net)

mcp-atlassian via uvx, stdio transport.

[2026-04-30] ingest | Xserver FTP + 23GB Kokorozashi migration done

lftp via sv8140.xserver.jp, sub-FTP corone@cocon-inc.co.jp.

[2026-04-30] ingest | Pasukuru prod-parity local stack — HTTPS + wildcard tenants

Cloudflare DNS-01, Let’s Encrypt, Stripe + PayPay E2E.

[2026-05-01] decision | Corone Monster repo migrated → COCONRobotics-Corp/corone-monster

gameagelayer dependency removed. Auth via time7676 setup pending.

[2026-05-01] incident | CRV-35 PR #1010 merged, develop CI broke (Ondrej PPA outage)

Revert PR #1011 created. Root cause: Docker build failed on PHP install from Ondrej PPA.

[2026-05-01] decision | CRV-35 DS v2 redo via PR #1012 — Dockerfile hardened

All CI green. Squash-merged 13:56 UTC, merge commit 2ed99af. 100% DS v2 coverage on 200+ pages.

[2026-05-03] ingest | Codex (ChatGPT) MCP integration

codex CLI v0.128.0 at /usr/bin/codex. Always-on bridge from Claude → GPT-5/5.5.

[2026-05-03] lint | Vault audit — found skeleton-only state

User caught it: index claimed 14 pages, only 7 existed. log.md missing. Sibling vault empty. Fixing now.

[2026-05-03] update | Karpathy method full implementation

Backfilled 7 missing concept pages from memory. Created log.md. Mirrored to corone.monster vault. Added enforcement via CLAUDE.md + session-start checklist.

[2026-05-03] ingest | Full context refresh — git/services/nginx/SSH all surveyed

User directive: “Please read all git structure, previous sessions and conversations”. Surveyed:

All /var/www repos + branches (corone-julian, corone-ryo, pasukuru-dev/{be,fe} on dev, kokorozashi-staging on staging, curva.cocon-lab.com on user/corone-CRV-35-design-system-v2)
systemd: corone-app, kebahagiaan-app, hermes (port 8787), openwebui, pasukuru-fe/be, pasukuru-curva-mock
nginx: 14 vhosts mapped
SSH aliases: github-curva, github-kokorozashi, xserver-cocorobo, github.com-time7676
Memory: 34 entries reviewed
Sessions: confirmed only this one in latest range
Git authors: keb=Julian (Hermes Self-Healing Port)/julian@cocon-inc.co.jp, corone=Corone - Ryo/277812962+eduson510@users.noreply.github.com (CORRECTED — was wrong before)

[2026-05-03] update | Vault grew 18 → 23 pages

Added entities: hermes, openwebui Added concepts: nginx-vhost-map, elc-release-1.3.7. Updated entities: elc-ai-agent (Hermes link, personal-fork branches, 1.3.7), pasukuru (pasukuru-dev paths, services), curva (DS v2 triple-check details, line-curva.com), kokorozashi (staging, github-kokorozashi alias). Updated concepts: git-author-and-branch-rules (corrected actual git authors), github-account-routing (active state + SSH aliases).

[2026-05-03] decision | Per-workspace identity CORRECTED — Corone=Ryo/eduson510, Keb=Julian/time7676

User directive: “1. Corone Monster is for Ryo - Github Eduson. 2. Kebahagiaan Corone Monster if for Julian - Github Time7676”.

Applied:

/var/www/kebahagiaan.corone.monster: git config user.name “Julian Loh - ロジュリアン” / user.email “123628335+time7676@users.noreply.github.com”
/var/www/corone.monster: stays “Corone - Ryo” / “277812962+eduson510@users.noreply.github.com” ✅
Both origins on HTTPS to COCONRobotics-Corp/corone-monster (gh credential helper handles auth)
gh CLI: time7676 active (org access), eduson510 inactive (org rejected its long-lived PAT)
Push transport via time7676 token but commit AUTHOR per-workspace → GitHub UI shows correct user

[2026-05-03] decision | DA VINCI NO-TOUCH absolute rule

User directive: “Dont touch Da Vinci! Dont you ever do any edit, add, or delete in Da Vinci Projects Jira. For the rest, you can do task update, description, task creation, ticket movement, comments”.

DVG project (Da Vinci Graph) = READ ONLY forever. All other Jira projects (CRV, KOKO, PASS, PL, RMY, SL) → full write OK with workflow rules.

Created pages: concepts/jira-da-vinci-no-touch.md (absolute rule), entities/davinci.md (visible repos awareness), synthesis/all-jira-projects.md (catalog with write/read flags).

[2026-05-03] update | Curva GitHub practice consolidated into single page

concepts/curva-github-practice.md gathers all Curva-specific rules: eduson510 account, branch from develop with user/corone-CRV-XX-Task-name format, PR allowed but merge forbidden, Tailwind 4 alpha-modifier color-mix fix, Ondrej PPA dual-key trap, push-from-VPS recipe.

[2026-05-03] update | Vault grew 23 → 30 pages

NEW concepts: jira-da-vinci-no-touch, curva-github-practice NEW entities: prolis, studylab, remoway, davinci NEW synthesis: all-jira-projects, sessions-history UPDATED: github-account-routing (resumed, identity table corrected), git-author-and-branch-rules (Julian=time7676), curva (test users, full GitHub practice link), jira-mcp-setup (7 projects with DVG flagged).

[2026-05-03] update | Skills catalog ingested — 58 skills documented

User question: “Did you understand all skills you need to have and install?“. Verified via Skill(list: true): 58 skills active. Documented full catalog by category.

ALWAYS-ON: caveman, karpathy-vault, llm-wiki, memory-save-habit DESIGN family: impeccable (22 subcommands, auto-pick), huashu-design (HTML hi-fi), design-html/review/shotgun/consultation, plan-design-review SHIP family: ship, land-and-deploy, document-release, retro, freeze/unfreeze, careful, guard, canary, health, caveman-commit, caveman-compress REVIEW family: review, caveman-review, qa, qa-only, devex-review, plan-{ceo,eng,devex}-review META: plan-first, autoplan, plan-tune, skillify, context-{save,restore}, debug-methodically, investigate, learn BROWSER: gstack (1.5GB parent toolkit), gstack-upgrade, browser-harness, browse, scrape, connect-chrome, setup-browser-cookies INFRA: codex, benchmark, benchmark-models, pair-agent, office-hours, cso, landing-report, make-pdf, setup-deploy, setup-gbrain

Created pages: concepts/skills-catalog.md, concepts/impeccable-routing.md, synthesis/design-system-overview.md.

[2026-05-03] update | Vault grew 31 → 34 pages

Added: skills-catalog, impeccable-routing, design-system-overview (cross-ref of Corone DS + Curva DS v2).

[2026-05-03] ingest | Skills inventory documented — 58 total

Cataloged all installed skills with always-on/auto-invoke flags.

ALWAYS ON (no slash needed):

caveman (note_177) — terse output, every response
karpathy-vault (~/.claude/skills/karpathy-vault/) — vault method via session-start protocol

AUTO-INVOKE on intent:

huashu-design (32MB at ~/.claude/skills/huashu-design/) — hi-fi HTML prototypes/slides/animations/app mockups, MUST WebSearch-verify product facts first
impeccable (v3.0.4) — production frontend, AUTO-PICK subcommand never ask, 22-item routing table at concepts/impeccable-routing.md

Plus 50+ supporting skills under gstack ecosystem (browser/QA/design-review/plan-*/ship/etc).

New pages: concepts/skills-inventory.md (full catalog), concepts/impeccable-routing.md (subcommand decision table — was referenced in memory but didn’t exist on disk).

[2026-05-03] update | 65 sessions organized into 10 folders

SessionOrganize bulk applied. Distribution:

Projects/Corone-Monster: 16
Projects/Curva: 8
Projects/Pasukuru: 3
Projects/Kokorozashi: 2
Setup/Skills: 9
Setup/GitHub: 4
Setup/Infra-Hosting: 3
Setup/Vault-Memory: 3
Setup/AI-MCP: 3
Misc: 14
Uncategorized: 0 ✅

[2026-05-03] update | Vault grew 35 → 41 pages

Refilled stale entity content (r-goto with corrected per-workspace identity, cocon-inc with full GitHub repo list, claude-agent with MCP servers + per-workspace persona). NEW concepts: codex-mcp-integration, xserver-access, pasukuru-page-builder, session-messages-repair, cocon-lab-public-dirs. UPDATED synthesis: sessions-history (now with full folder distribution + per-project navigator).

[2026-05-03] update | Refilled 7 thin pages with live system audit

Audit found pages <40 lines, refilled with verified facts:

entities/vps.md (28 → 105 lines): full hardware/network/OS, 41 services + 9 Docker containers, complete port allocation, /var/www tree
entities/hermes.md (33 → 56 lines): 3 systemd units (hermes-webui :8787, hermes-dashboard :9119, hermes-cloudflare tunnel), code paths, lifecycle event details
entities/openwebui.md (17 → 59 lines): Docker via docker-compose, image ghcr.io/open-webui/open-webui:main, env vars, volume, ELC vs Open WebUI comparison
concepts/caveman-mode.md (33 → 86 lines): full rule definition with examples, intensity table, exceptions, token economics
concepts/english-responses.md (21 → 41 lines): EN-only rule, JP exceptions, combo example
synthesis/cross-vault-sync.md (40 → 80 lines): full sync command, drift detection, skeleton-state failure history

Also updated nginx-vhost-map port allocation table with all 16 ports + container/systemd backing.

[2026-05-03] lint | Memory cleanup — 17 superseded memories deleted (50→33)

Audit found duplicate + superseded entries from CRV-35 PR lifecycle (8 versions kept, deleted 7), vault state evolution (5 snapshots, kept latest), caveman rule (3 versions, kept canonical).

Deleted IDs:

crv-35-pr-1010-opened, crv-35-pr-1012-merged, crv-35-pr-1012-100percent-coverage, crv-35-pr-1012-100-percent-all-ci-green, crv-35-pr-1012-ci-green-ready, crv-35-pr-1012-triple-check-100percent, crv-35-incident-pr-1010-revert-1011, crv-35-curva-ds-v2-implemented-branch (8) — kept: crv-35-deployed (final)
vault-full-context-refresh-2026-05-03, vault-30-pages-2026-05-03-final, vault-final-state-2026-05-03-comprehensive, karpathy-vault-fully-implemented-2026-05-03 (4) — kept: vault-final-2026-05-03-locked-in
caveman-always-on-all-sessions, user-caveman-default (2) — kept: caveman-enforcement-absolute
skills-catalog-58-installed-2026-05-03 (1) — kept: skills-58-installed-2026-05-03
github-account-routing-per-workspace, git-author-and-branch-rules-corone (2) — kept: per-workspace-identity-corrected-2026-05-03

[2026-05-03] update | CLAUDE.md global + per-workspace synced (151 lines)

/root/.claude/CLAUDE.md (108 lines, global) + /var/www/{corone,keb}.corone.monster/CLAUDE.md (151 lines each, global+local) all reference current 39-page vault structure, per-workspace identity (corone=Ryo/eduson510, keb=Julian/time7676), Da Vinci NO-TOUCH rule, Curva practice, 58 skills, push workflow.

[2026-05-03] update | 52 sessions tagged for cross-resource search

TagManager add: 8 curva, 3 pasukuru, 2 kokorozashi, 16 corone-monster, 3 vault, 9 skills, 4 github, 3 mcp, 3 infra, 1 (current session) vault.

Verified: find_by_tag “curva” → 13 resources (8 sessions + 5 memories cross-typed). find_by_tag “corone-monster” → 20 resources. Tags work cross-resource as documented.

13 sessions in Misc folder remain untagged (acceptable — no clear primary topic).

[2026-05-04] decision | Curva rule REINFORCED (Ryo, strict)

User directive: branch per JIRA ID + PR only + NEVER merge unless explicit approval.

Vault page already correct (curva-github-practice.md, byte-identical with corone)
Memory saved: curva-rule-strict-2026-05-04 (scope=all, tags critical+absolute)
Applies to ALL Curva ops on both vaults regardless of workspace
Account: eduson510 always
Attribution: corone→Ryo, keb→Julian

[2026-05-04] decision | CRV-54 created — CI/CD hardening blocker (Julian, ticket only)

New CRV ticket: https://cocon-inc.atlassian.net/browse/CRV-54
Title: CI/CD hardening — restore mandatory CI gate, fix workflow bypass, optimize pipeline, audit packages
Priority: High, labels: ci-cd, hardening, build, tech-debt, blocking
Trigger: Ryo’s CRV-46 emergency firefight (2026-05-03→2026-05-04) added cd.yml workflow_dispatch bypass (PR #1027) + 5 EB workflows + CI paths-filter excludes infra changes
Hard rule: CI must pass for same SHA before CD. NO BYPASS.
7 findings + 12 acceptance criteria documented
No branch / PR yet — ticket creation only per user request
Blocks: all further Curva development until cleared

[2026-05-04] mirror | CRV-54 PR #1045 opened (from kebahagiaan)

See sibling vault log for full detail
PR: https://github.com/COCONRobotics-Corp/Curva/pull/1045
Branch: user/corone-CRV-54-cicd-hardening
Status: open, NO MERGE without r_goto approval

[2026-05-04] update | Branch consolidation — 4 obsolete branches archived + deleted

Origin branches deleted: release/corone, release/kebahagiaan, julian/keb-corone-design-system-quiet-premium, feat/kokonkun-upgrade-and-dynamic-models. All 4 tagged as archive/* before deletion (history preserved). Live builds untouched. Final origin state: main + corone-ryo + corone-julian + feat/kokonkun-julian-wip (Julian’s mascot WIP, preserved from working tree). Removed eduson510-backup remote from corone workspace.

[2026-05-04] decision | Vault unification — single canonical /var/www/.wiki + symlinks

Both workspace .wiki dirs replaced with symlinks pointing at /var/www/.wiki. Eliminates sibling-vault drift permanently. Persona attribution preserved via last-edited-by front-matter (ryo | julian | shared) on all 39 pages. Hermes page tagged julian (reference implementer); rest tagged shared.

[2026-05-04] update | Memory protocol tightened — every-session save

CLAUDE.md (global) updated: session-end persistence is now MANDATORY when work touches code/config/decisions/preferences. No more “I’ll save it later.” Bullet checklist: append log, update touched pages, bump index, MemorySave critical facts, run check.sh.

[2026-05-04] update | Skill tool fix — strong directive + HOME=/root fallback (PRs #1 #2 #3)

User repeat complaint “Skill broken in corone” → root cause: weak <skill-system> system prompt directive (loose “Users can invoke…”), missing entirely on main. New STRONG directive uses RULE/MANDATORY framing + 3 explicit examples + imperative “FIRST action, no preamble”. Defensive fix in getUserSkillsDir() — falls back to /root if HOME unset. PRs: #1 main, #2 corone-ryo, #3 corone-julian. Live deploy: applies on next build.

[2026-05-04] decision | Promote shared features to main (PRs #4 #5)

Per user “kokonkun + self-healing should be in all instances as default, NOT replace previous features” — both promoted from personalization branches → main as neutral baseline. PR #4: kokonkun + dynamic models + Codex/OpenAI (cherry-pick of 2272e2f, +2895/-6). PR #5: self-healing 6-file foundation (+1724 lines). Self-healing wiring (chat/route + layout) in follow-up PR after personalization branches rebase.

[2026-05-04] decision | CI/CD must pass before merge — HARD RULE all Corone projects

User (r_goto) directive 2026-05-04
New page: pages/concepts/ci-cd-must-pass-before-merge.md (canonical, 207 lines)
Scope: ALL Corone projects (Curva, Pasukuru FE/BE, corone-monster, Kokorozashi, Passkuru, future)
Rule: every CI job must be GREEN before merge. No bypass. No exceptions.
Reply pattern: “PR has N red CI jobs. Cannot merge. Fix CI first.”
Reference impl: CRV-54 PR #1045 ci-gate job (cd.yml uses gh api to verify CI green for SHA)
Anti-patterns documented: “test unrelated”, “works locally”, “ship hotfix fast”, “lint is just style”, [skip ci], admin override
Single exception path: prod-down + admin override + 24h incident ticket + 7d CI hardening followup
Memory saved: corone-cicd-must-pass-before-merge-absolute (always-on, critical, user category)
Updated: /var/www/CLAUDE.md (via both per-workspace files), keb CLAUDE.md, corone CLAUDE.md
Vault grew 39 → 40 pages

[2026-05-04] update | CRV-55 PR #1046 — DS v2 button + table layout follow-up

ticket: CRV-55 (under CRV-35 parent)
branch: user/corone-CRV-55-ds-v2-button-and-layout-fixes
PR: https://github.com/COCONRobotics-Corp/Curva/pull/1046
workspace: kebahagiaan (Julian) → /tmp/Curva mirror
impact: 19 files (+467/-743), 1 new DS v2 component (<CTableActionMenu>)
fixes: blue bg-curva-info button → LINE green primary across 12 screens; daisyui dropdown-content floating bug fixed via <CTableActionMenu> (Headless UI Menu, no portal); InertiaTable td whitespace-nowrap default fixes Japanese char-wrap
ci: pending
merge: BLOCKED until all CI green (per absolute rule)

[2026-05-04] decision | Curva DS v2 mandatory rule (both corone workspaces)

user directive (r_goto): all future Curva work MUST use DS v2 components + tokens
applies to: both corone.monster (Ryo) AND kebahagiaan.corone.monster (Julian)
new vault page: pages/concepts/curva-ds-v2-mandatory.md
coverage audit included: 20/233 pages on DS v2 (8.6%), 92 still on legacy buttons, 152 still on JetBar
forbidden: bg-curva-info as CTA, daisyui dropdown classes, PrimaryButton/SecondaryButton/DangerButton
memory saved: curva-ds-v2-mandatory-future-work

[2026-05-04] decision | Curva DS v2 完遂 — CRV-56 全 Phase shipped (3 PRs)

ticket: CRV-56 (under CRV-35)
branches: user/corone-CRV-56-phase-AB-cta-and-legacy-buttons, …phase-CDEF-jetbar-shim, …phase-H-daisyui-cleanup
PRs: https://github.com/COCONRobotics-Corp/Curva/pull/1047 + #1048 + #1049
workspace: kebahagiaan (Julian) → /tmp/Curva
impact: 233 Vue pages, 100% token-correct rendering achieved
- 0 bg-curva-info CTA misuse (was 56)
- 0 legacy button imports (was 92)
- 12 JetBar wrappers @deprecated (JetBarBadge hard-shim → CStatusPill)
- daisyui dep + commented config removed
ci: pending all 3 PRs
merge: BLOCKED until all CI green
remaining: Phase I a11y polish (axe + Lighthouse + dark mode) — separate ticket

[2026-05-04] decision | CRV-56 完遂 — all 3 PRs MERGED to develop

ticket: CRV-56 closed (完了 status)
merge sequence: PR #1047 (e0e2c2a, Phase A+B) → #1048 (3e0a550, Phase C-G) → #1049 (61b6bdd, Phase H)
CI hiccups resolved: #1047 Link import (cleanup script bug, fixed 78b1bf6), #1049 ngrok flaky (rerun)
final state on develop: 0 bg-curva-info CTA, 0 legacy button imports, 12 JetBar @deprecated, 74 JetBarBadge → CStatusPill shim, daisyui clean
DS v2 100% rendering coverage achieved
Phase I (a11y polish + Lighthouse + dark mode) deferred to separate ticket

Fixed iOS Safari kanban card drag (HTML5 DnD doesn’t fire dragstart on non-
/ in iOS)
- Added touch-based fallback with ghost card (position:fixed clone tracking finger)
- touchmove/touchend on document (not card) so finger leaving card boundary works
- body.kb-dragging-ios + touch-action:none + preventDefault for scroll suppression
- isIOS guard: Android Chrome unchanged (HTML5 DnD continues working)

Restored 821px breakpoint (was 1100px) to match Curva’s pill design

Fixed pill margin-right calc: 96→150px (>=1101), 88→120px (821-1100), 80→96px (821-980)

Now visual gap between pill right edge and JA|EN switch is 53px (was -16px overlap)

Files: assets/app.js, assets/style.css, assets/i18n.js, index.html

Deploy: /var/www/passkuru.cocon-lab.com (rsync), Cloudflare proxied + Let’s Encrypt

Backup: /var/www/passkuru.cocon-lab.com.bak.20260504-194422

[2026-05-04] update | Kokonkun scale-down + palette + cat ears (PR #6)

PR #6 stacks 3 commits onto feat/main-kokonkun-baseline → main: (1) scale down 64/72/80→52/58/64 ~20%, (2) 5 hex palette tweaks per Codex §5, (3) cat ears + earTwitch (every 8-12s in idle) + earDroopTired auto-applied. Codex (gpt-5.5) consulted twice; specs saved to .wiki/pages/sources/kokonkun-upgrade-codex-spec.md (1100 L) + kokonkun-upgrade-codex-spec-2.md (302 L). Ear pivots: left (6,2) right (17,2). +126/-4 lines, zero new TS errors. Live deploy on next build window.

[2026-05-04] update | Kokonkun tween engine + Codex specs vaulted (PR #7)

PR #7 ships src/components/mascot/tween.ts (250 L, INERT) — TIMING/EASE/POSE_TRANSITIONS constants + cubicBezier/lerp/interpolateTransform/interpolateFrame + useTweenedPose React hook. Foundation for future Stage B/C/D animation upgrades. 2 Codex spec sources added to vault: kokonkun-upgrade-codex-spec.md (1100 L, foundation) + kokonkun-upgrade-codex-spec-2.md (302 L, cat ears + Moonlighter movements). Vault: 41 → 43 pages. PR target: feat/kokonkun-cat-ears (chains to main).

[2026-05-05] update | Kokonkun sprite redesign + 10 new animations (PRs #9 #10 #11 #12)

PR #9: Context menu via dbl-click/right-click + tray re-show button (replaces intrusive always-visible buttons). PR #10: Julian matches Ryo (visuals/persona) but keeps self-healing wiring as bonus. PR #11: Full sprite redesign — 32×32 viewBox, headphone ear cups (not cat ears), forehead dot restored, 3-color heart, chunky boots, multi-tone shading. Codex (gpt-5.5) generated 7 components × 445 lines. PR #12: 10 new animations — lookLeft/lookRight (cursor tracking), wake (replaces sleep snap), confused/celebrate/dance/stumble/clap/shrug/overexcited. Total 27 poses now. Activity rotation expanded with new poses. 7 new __kokon API methods. All TS clean, all live builds still untouched. Codex spec part 3 vaulted at .wiki/pages/sources/kokonkun-upgrade-codex-spec-3-redesign.md.

[2026-05-05] ingest | keiyaku project deployed to VPS

Cloned time7676/keiyaku (private, contract AI reviewer)

Stack: Next.js 15.2.1, Postgres 17.7 local, Drizzle ORM, Firebase Auth, Gemini AI

Live: https://keiyaku.cocon-lab.com (port 3002, systemd: keiyaku.service)
Storage swap: GCS → local fs at /var/www/keiyaku/storage/contracts/ with HMAC signed URLs
DB: local Postgres, user keiyaku, all 6 migrations applied
Local branch vps-deploy over main (commit 39d4de7)
Vault page: pages/entities/keiyaku.md
Pending user input: GEMINI_API_KEY + Firebase keys (see /var/www/keiyaku/.env)

[2026-05-05] ingest | keiyaku self-hosted on VPS (keiyaku.cocon-lab.com)

Cloned private repo time7676/keiyaku to /var/www/keiyaku/. Replaced GCS storage with local-fs shim + HMAC-signed download route. Patched next-intl middleware for standalone-server host header bug. Live at https://keiyaku.cocon-lab.com (HTTP/2 200 via Cloudflare → nginx → Next.js :3002).

Stack: Next 15.2.1 + Drizzle + Postgres 17 (local) + Firebase Auth (cloud, keys TBD) + Gemini (TBD)
systemd: keiyaku-app.service
TLS: LE ECDSA via CF DNS-01
Vault page: pages/entities/keiyaku.md

[2026-05-05] update | keiyaku Next standalone host fix + Firebase + Gemini wired

Live keiyaku.cocon-lab.com HTTP 200 after fixing Next.js standalone host bug:

Root cause

Next 15.2.1 standalone server uses HOSTNAME env for both binding AND fetchHostname (URL construction). Set HOSTNAME=keiyaku.cocon-lab.com → tries to bind public IP (fails). Set HOSTNAME=127.0.0.1 → middleware emits x-middleware-rewrite: https://127.0.0.1:3002/... which Next then tries to proxy via SSL → EPROTO.

Fix

Patch .next/standalone/server.js: hardcode hostname='127.0.0.1'
Patch .next/standalone/server.js: flip "trustHostHeader":false → true in inlined config JSON
Patch node_modules/next/dist/server/lib/start-server.js: pass hostname:undefined to routerserver.initialize (so fetchHostname stays unset → trustHostHeader code path engages)
Wrapper keiyaku-server.js: intercept res.setHeader to convert absolute x-middleware-rewrite → pathname-only, fix Location localhost→public

All 3 patches in rebuild.sh (idempotent).

Wired services

Firebase Web config (auto-fetched via Firebase Mgmt REST API)
Firebase Admin SA key (gcloud iam service-accounts keys create)
Gemini API key (apikeys.googleapis.com — restricted to generativelanguage)

Cron

systemd timers active:

keiyaku-cron-cleanup.timer (hourly)
keiyaku-cron-nudge.timer (daily 10am JST)
keiyaku-cron-metrics.timer (every 6h)

Pending for revenue

Stripe + Resend keys (user-supplied) — see /var/www/keiyaku/STATUS.md

Pages OK: /ja /en /pricing /guides /privacy /terms /auth/login /auth/register /account Auth-gated (correct 307): /upload /history

[2026-05-07] update | tron-cms mock deployed at cocon-lab.com/toron

Cloned COCONRobotics-Corp/tron-cms (staging branch, commit 23a1794) → /var/www/tron-mock.corone.monster
DB: PostgreSQL 17 + PostGIS 3.5, db=tron_mock, user=tron_mock
Prisma migrate deploy + seed (1500 devices, 12 zones)
API: tron-mock-api.service on :4001 (tsx, no build needed for shared TS imports)
Web: tron-mock-web.service on :3300 (next start, NOT standalone — basePath/i18n bug with standalone)
nginx: /toron + /toron/api/ proxy injected into cocon-lab.com vhost
Demo accounts: admin@tron.jp / operator@tron.jp / advertiser@example.jp (pw: password123)
Live: https://cocon-lab.com/toron/ja/dashboard
Iteration loop: edit code → rebuild web → systemctl restart tron-mock-web (no GitHub push needed for mock)

[2026-05-07] query | Curva ✕ Pasukuru LINE-native ecommerce review (NO-CODE)

Reviewed both repos from git: Curva (Laravel 13 + line-bot-sdk 11.2 + Inertia/Vue) and Pasukuru FE (Next.js 16) + BE (NestJS 10 + MySQL/Redis/BullMQ/Stripe).
Discovered integration scaffold ~30% built on BOTH sides:
- Curva: PartnerConnection model (PARTNER_KURU), IntegrationKey/Service, IntegrationController (ping/register-kuru/unregister-kuru/connectKuru/testKuru), settings UI with kuru_shop_id field.
- Pasukuru BE: app/integration/ module, controller (my-key, connect/curva, ping, register-curva-webhook), KuruApiKeyGuard, WebhookQueueService (BullMQ curva-webhook), WebhookEventEmitter (product., shop.), payload builders (product, shop), DTOs.
Vault page: pages/synthesis/curva-pasukuru-line-native-ecommerce.md (full review + sequenced phase plan + possibility matrix).
Key gaps: LIFF wrapper on Pasukuru FE, line_user_id ↔ member identity mapping, Curva inbound webhook receiver (only outbound exists today), order.* events, LINE Pay, multi-tenant LIFF routing.
No code changes per user directive.

[2026-05-07] update | Curva ✕ Pasukuru detailed phase plan + framework (10 docs)

Created vault folder pages/synthesis/curva-pasukuru-plan/ with 11 docs (README + 00-10).
Master plan (00) + planning framework (01) + 5 phase docs (02-06) + cross-cutting (07) + test strategy (08) + risk register (09) + Jira drafts (10).
Framework defines: item ID scheme {PHASE.TRACK-N}, item template (DoR/DoD), CC session sizing rubric, parallelization plan (3 worktrees), versioned communication contracts (v1 HMAC), feature flag inventory (8 flags), risk classification.
Phase 0 (foundation): 10 items, 6 CC sessions, 1 day parallel — webhook v1 + member.line_user_id + Curva inbound receiver.
Phase 1 (LIFF wrap): 12 items, 9 CC sessions, 1-2 days — Pasukuru FE inside LINE + identify endpoint + multi-tenant LIFF.
Phase 2 (UX glue): 8 items, 8 CC sessions, 1-2 days — FlexMsg picker + RichMenu + receipt push + Scenarios.
Phase 3 (payment+agent): 7 items, 9 CC sessions, 2 days — LINE Pay + agent QR + LIFF polish.
Phase 4 (multi-shop): OPTIONAL, deferred until customer asks.
Cross-cutting: 8 items including 6 LIFF apps to register manually in LINE Console.
Risk register: 16 risks tracked, all with mitigations + kill switches (8 feature flags).
10 open decisions need user sign-off before Phase 0 starts (see README approval gates).
Estimates: MVP 4-5 days parallel (Phase 0+1+partial 2). Full 8-10 days parallel. NO CODE per user directive.

Corone Vault

Explorer

log