- Add Buddy linking via QR code/handshake (buddy_invites table)
- Add Bulk Scanner for rapid-fire bottle scanning in sessions
- Add processing_status to bottles for background AI analysis
- Fix offline OCR with proper tessdata caching in Service Worker
- Fix Supabase GoTrueClient singleton warning
- Add collection refresh after offline sync completes
New components:
- BuddyHandshake.tsx - QR code display and code entry
- BulkScanSheet.tsx - Camera UI with capture queue
- BottleSkeletonCard.tsx - Pending bottle display
- useBulkScanner.ts - Queue management hook
- buddy-link.ts - Server actions for buddy linking
- bulk-scan.ts - Server actions for batch processing
- Applied strict RLS and auth validation to tracking/credit services
- Set Service Worker to Network First to fix mobile session/loading issues
- Expanded Gemini analysis summary to show distilled/bottled/batch info
- Updated SQL schema document with hardening policies
- Database schema:
* subscription_plans table - stores plan tiers (Starter, Bronze, Silver, Gold)
* user_subscriptions table - assigns users to plans
* Default plans created (10, 50, 100, 250 credits/month)
* All existing users assigned to Starter plan
- Subscription service (subscription-service.ts):
* getAllPlans() - fetch all plans
* getActivePlans() - fetch active plans for users
* createPlan() - admin creates new plan
* updatePlan() - admin edits plan
* deletePlan() - admin removes plan
* getUserSubscription() - get user's current plan
* setUserPlan() - admin assigns user to plan
* grantMonthlyCredits() - distribute credits to all users
- Plan management interface (/admin/plans):
* Visual plan cards with credits, price, description
* Create/Edit/Delete plans
* Toggle active/inactive status
* Sort order management
* Grant monthly credits button (manual trigger)
- Features:
* Monthly credit allocation based on plan
* Prevents duplicate credit grants (tracks last_credit_grant_at)
* Admin can manually trigger monthly credit distribution
* Plans can be activated/deactivated
* Custom pricing and credit amounts per plan
- UI:
* Beautiful plan cards with color coding
* Modal for create/edit with validation
* Success/error messages
* Manage Plans button in admin dashboard
Ready for future automation (cron job for monthly credits)
and payment integration (Stripe/PayPal).
- Database schema:
* Extended user_credits table with daily_limit, API costs, last_reset_at
* Created credit_transactions table for full audit trail
* Added RLS policies for secure access control
- Core services:
* credit-service.ts - balance checking, deduction, addition, transaction history
* admin-credit-service.ts - admin controls for managing users and credits
- API integration:
* Integrated credit checking into discover-whiskybase.ts
* Credits deducted after successful API calls
* Insufficient credits error handling
- Admin interface:
* /admin/users page with user management
* Statistics dashboard (total users, credits in circulation, usage)
* Interactive user table with search
* Edit modal for credit adjustment and settings
* Per-user daily limits and API cost configuration
- Features:
* Automatic credit initialization (100 credits for new users)
* Credit transaction logging with balance_after tracking
* Admin can add/remove credits with reason
* Admin can set custom daily limits per user
* Admin can set custom API costs per user
* Low credit warnings (< 10 credits)
* Full transaction history
- User experience:
* Credits checked before API calls
* Clear error messages for insufficient credits
* Graceful handling of credit deduction failures
System is ready for future enhancements like credit packages,
auto-recharge, and payment integration.
The admin_users policy was checking if user is admin by querying
the same table, causing infinite recursion. Changed to allow users
to view their own admin record directly using auth.uid() = user_id.
This fixes the error: 'infinite recursion detected in policy for
relation admin_users'
PostgreSQL requires functions in indexes to be marked IMMUTABLE.
Removed idx_api_usage_user_date composite index that used DATE().
Remaining indexes (user_id, api_type, created_at) still provide
good query performance for daily limit checks.
- Added database schema for API tracking system:
* api_usage table - tracks all Google Search and Gemini AI calls
* user_credits table - prepared for future credits system
* admin_users table - controls admin dashboard access
- Created comprehensive tracking service (track-api-usage.ts):
* trackApiUsage() - records API calls with success/failure
* checkDailyLimit() - enforces 80 Google Search calls/day limit
* getUserApiStats() - per-user statistics
* getGlobalApiStats() - app-wide statistics (admin only)
* checkIsAdmin() - server-side authorization
- Integrated tracking into discover-whiskybase.ts:
* Pre-call limit checking with friendly error messages
* Post-call usage tracking for success and failures
* User authentication verification
- Built admin dashboard at /admin:
* Global statistics cards (total, today, by API type)
* Top 10 users by API usage
* Recent activity log with 50 latest calls
* Color-coded status indicators
* Secure access with RLS policies
- Features:
* Daily limit resets at midnight Europe/Berlin timezone
* Graceful error handling (allows on tracking failure)
* Comprehensive indexes for fast queries
* Ready for future credits/monetization system
