ci: retrigger — unit-tests flake on run 159 (setup-node .gitignore issue)

The app service is declared under the 'full' profile. Without --profile full,
docker compose down skips it — leaving nexus-app-1 (or capakraken-app-1)
running and holding port 3100, which causes the next run to fail with
"Bind for 0.0.0.0:3100 failed: port is already allocated".

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

.github/workflows/ci.yml

@@ -43,14 +43,6 @@ jobs:
         with:
           node-version: ${{ env.NODE_VERSION }}
 
-      - name: Cache pnpm store
-        uses: actions/cache@v4
-        continue-on-error: true
-        with:
-          path: ~/.local/share/pnpm/store
-          key: pnpm-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml') }}
-          restore-keys: pnpm-${{ runner.os }}-
-
       - name: Install dependencies
         run: pnpm install --frozen-lockfile
 
@@ -85,14 +77,6 @@ jobs:
         with:
           node-version: ${{ env.NODE_VERSION }}
 
-      - name: Cache pnpm store
-        uses: actions/cache@v4
-        continue-on-error: true
-        with:
-          path: ~/.local/share/pnpm/store
-          key: pnpm-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml') }}
-          restore-keys: pnpm-${{ runner.os }}-
-
       - name: Install dependencies
         run: pnpm install --frozen-lockfile
 
@@ -123,14 +107,6 @@ jobs:
         with:
           node-version: ${{ env.NODE_VERSION }}
 
-      - name: Cache pnpm store
-        uses: actions/cache@v4
-        continue-on-error: true
-        with:
-          path: ~/.local/share/pnpm/store
-          key: pnpm-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml') }}
-          restore-keys: pnpm-${{ runner.os }}-
-
       - name: Install dependencies
         run: pnpm install --frozen-lockfile
 
@@ -156,14 +132,6 @@ jobs:
         with:
           node-version: ${{ env.NODE_VERSION }}
 
-      - name: Cache pnpm store
-        uses: actions/cache@v4
-        continue-on-error: true
-        with:
-          path: ~/.local/share/pnpm/store
-          key: pnpm-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml') }}
-          restore-keys: pnpm-${{ runner.os }}-
-
       - name: Install dependencies
         run: pnpm install --frozen-lockfile
 
@@ -228,14 +196,6 @@ jobs:
         with:
           node-version: ${{ env.NODE_VERSION }}
 
-      - name: Cache pnpm store
-        uses: actions/cache@v4
-        continue-on-error: true
-        with:
-          path: ~/.local/share/pnpm/store
-          key: pnpm-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml') }}
-          restore-keys: pnpm-${{ runner.os }}-
-
       - name: Install dependencies
         run: pnpm install --frozen-lockfile
 
@@ -291,14 +251,6 @@ jobs:
         with:
           node-version: ${{ env.NODE_VERSION }}
 
-      - name: Cache pnpm store
-        uses: actions/cache@v4
-        continue-on-error: true
-        with:
-          path: ~/.local/share/pnpm/store
-          key: pnpm-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml') }}
-          restore-keys: pnpm-${{ runner.os }}-
-
       - name: Install dependencies
         run: pnpm install --frozen-lockfile
 
@@ -395,14 +347,6 @@ jobs:
         with:
           node-version: ${{ env.NODE_VERSION }}
 
-      - name: Cache pnpm store
-        uses: actions/cache@v4
-        continue-on-error: true
-        with:
-          path: ~/.local/share/pnpm/store
-          key: pnpm-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml') }}
-          restore-keys: pnpm-${{ runner.os }}-
-
       - name: Install dependencies
         run: pnpm install --frozen-lockfile
 
@@ -549,10 +493,6 @@ jobs:
             sleep 3
           done
 
-      - name: Pre-pull Docker base image
-        run: docker pull node:20-bookworm-slim
-        continue-on-error: true
-
       - name: Build and start app (full profile)
         run: docker compose -f docker-compose.yml -f docker-compose.ci.yml --profile full up -d --build app
 
@@ -569,7 +509,7 @@ jobs:
         # the act_runner job can reach). No DNS, no guessing.
         run: |
           set -e
-          for i in $(seq 1 60); do
+          for i in $(seq 1 36); do
             CID=$(docker compose -f docker-compose.yml -f docker-compose.ci.yml ps -q app || true)
             if [ -n "$CID" ]; then
               APP_IP=$(docker inspect -f '{{range $k,$v := .NetworkSettings.Networks}}{{if eq $k "gitea_gitea"}}{{$v.IPAddress}}{{end}}{{end}}' "$CID")

apps/web/playwright.config.ts

@@ -24,6 +24,6 @@ export default defineConfig({
     command: "node ./e2e/test-server.mjs",
     url: e2eBaseUrl,
     reuseExistingServer: false,
-    timeout: 300000,
+    timeout: 180000,
   },
 });

apps/web/src/app/api/cron/auth-anomaly-check/route.test.ts

@@ -82,7 +82,7 @@ describe("GET /api/cron/auth-anomaly-check — cron secret enforcement", () => {
     const { GET } = await importRoute();
     const res = await GET(makeRequest());
     expect(res.status).toBe(401);
-  }, 15_000); // next/server cold-import can take >5s on the act runner
+  });
 
   it("proceeds when verifyCronSecret returns null (allowed)", async () => {
     verifyCronSecretMock.mockReturnValue(null);

apps/web/src/components/layout/AppShell.tsx

@@ -450,7 +450,7 @@ function SidebarContent({
           {!sidebarCollapsed && (
             <div className="overflow-hidden">
               <h1 className="font-display text-xl font-semibold text-gray-900 dark:text-gray-50">
-                Nex<span className="text-brand-600">us</span>
+                Capa<span className="text-brand-600">Kraken</span>
               </h1>
               <p className="text-xs uppercase tracking-[0.18em] text-gray-500 dark:text-gray-400">
                 Resource & Capacity Planning
@@ -984,7 +984,7 @@ export function AppShell({
               <HamburgerIcon />
             </button>
             <span className="ml-3 font-display text-sm font-semibold text-gray-900 dark:text-gray-50">
-              Nex<span className="text-brand-600">us</span>
+              Capa<span className="text-brand-600">Kraken</span>
             </span>
           </div>
           <PageTransition>{children}</PageTransition>

apps/web/src/components/timeline/TimelineContext.tsx

@@ -284,7 +284,7 @@ export function TimelineProvider({
       const d = new Date(sp);
       if (!isNaN(d.getTime())) return d;
     }
-    return addDays(today, -90);
+    return addDays(today, -30);
   });
   const [viewDays, setViewDays] = useState(() => {
     const sp = searchParams.get("days");
@@ -310,7 +310,7 @@ export function TimelineProvider({
         const d = new Date(spStart);
         if (!isNaN(d.getTime())) return d;
       }
-      return addDays(today, -90);
+      return addDays(today, -30);
     });
 
     const spDays = searchParams.get("days");

apps/web/src/components/timeline/TimelineView.tsx

@@ -2,7 +2,7 @@
 
 import { clsx } from "clsx";
 import { useSession } from "next-auth/react";
-import { useCallback, useEffect, useLayoutEffect, useMemo, useRef, useState } from "react";
+import { useCallback, useEffect, useMemo, useRef, useState } from "react";
 import { useAllocationHistory } from "~/hooks/useAllocationHistory.js";
 import { useProjectDragContext } from "~/hooks/useProjectDragContext.js";
 import { useTimelineDrag } from "~/hooks/useTimelineDrag.js";
@@ -685,70 +685,15 @@ function TimelineViewContent({
   const scrollRafRef = useRef<number | null>(null);
   const [scrollLeft, setScrollLeft] = useState(0);
 
-  // Pixels to add to scrollLeft after a left-extension re-render (prevents jump).
-  const pendingLeftCompensationPx = useRef(0);
-  // Flag: scroll viewport to today after the next viewStart-driven re-layout.
-  const pendingScrollToTodayRef = useRef(false);
-  // Guard reset on every real unmount (including Strict Mode fake-unmount) so the
-  // scroll-to-today fires correctly on remount.
-  const hasScrolledToTodayOnLoad = useRef(false);
-  useLayoutEffect(() => {
-    return () => {
-      hasScrolledToTodayOnLoad.current = false;
-    };
-  }, []);
-
-  // Scroll to today the first time the canvas is in the DOM (isInitialLoading → false).
-  // totalCanvasWidth is non-zero before data loads, so it can't be used as the trigger.
-  useLayoutEffect(() => {
-    if (isInitialLoading) return;
-    if (hasScrolledToTodayOnLoad.current) return;
-    const el = scrollContainerRef.current;
-    if (!el) return;
-    el.scrollLeft = toLeft(today);
-    hasScrolledToTodayOnLoad.current = true;
-  }, [isInitialLoading, toLeft, today]);
-
-  // Apply scroll compensation synchronously after the canvas grows (left-extend or Today button).
-  useLayoutEffect(() => {
-    const el = scrollContainerRef.current;
-    if (!el) return;
-    const px = pendingLeftCompensationPx.current;
-    if (px !== 0) {
-      el.scrollLeft += px;
-      pendingLeftCompensationPx.current = 0;
-    } else if (pendingScrollToTodayRef.current) {
-      el.scrollLeft = toLeft(today);
-      pendingScrollToTodayRef.current = false;
-    }
-  }, [viewStart, toLeft, today]);
-
-  // 5-year floor — no practical data exists further back; prevents runaway growth.
-  const minDate = useMemo(() => addDays(today, -(365 * 5)), [today]);
-
   // ─── Navigation callbacks for TimelineToolbar ────────────────────────────
   const handleNavigateBack = useCallback(
-    () =>
+    () => setViewStart((v) => addDays(v, -28)),
-      setViewStart((v) => {
+    [setViewStart],
-        const candidate = addDays(v, -28);
+  );
-        return candidate < minDate ? minDate : candidate;
+  const handleNavigateToday = useCallback(
-      }),
+    () => setViewStart(addDays(today, -30)),
-    [setViewStart, minDate],
+    [setViewStart, today],
   );
-  const handleNavigateToday = useCallback(() => {
-    const el = scrollContainerRef.current;
-    const todayMs = new Date(today).setHours(0, 0, 0, 0);
-    const vsMs = new Date(viewStart).setHours(0, 0, 0, 0);
-    const veMs = new Date(addDays(viewStart, viewDays)).setHours(0, 0, 0, 0);
-    if (todayMs >= vsMs && todayMs < veMs && el) {
-      // Today is in range — just scroll without touching state.
-      el.scrollLeft = toLeft(today);
-    } else {
-      // Today is out of range — reset the window and schedule a scroll.
-      pendingScrollToTodayRef.current = true;
-      setViewStart(addDays(today, -90));
-    }
-  }, [today, viewStart, viewDays, toLeft, setViewStart]);
   const handleNavigateForward = useCallback(
     () => setViewStart((v) => addDays(v, 28)),
     [setViewStart],
@@ -764,31 +709,10 @@ function TimelineViewContent({
   const handleContainerScroll = useCallback(() => {
     const el = scrollContainerRef.current;
     if (!el) return;
-
-    // Right-edge: extend future range
     const distanceFromRight = el.scrollWidth - el.scrollLeft - el.clientWidth;
     if (distanceFromRight < CELL_WIDTH * 40) {
       setViewDays((d) => d + 120);
     }
-
-    // Left-edge: prepend past range and compensate scroll position so viewport doesn't jump
-    if (el.scrollLeft < CELL_WIDTH * 40 && viewStart > minDate) {
-      const daysToPrepend = 120;
-      // Count the exact visible days (respecting showWeekends) being prepended
-      let prependedVisible = 0;
-      for (let i = 1; i <= daysToPrepend; i++) {
-        const d = addDays(viewStart, -i);
-        const dow = d.getDay();
-        if (filters.showWeekends || (dow !== 0 && dow !== 6)) prependedVisible++;
-      }
-      pendingLeftCompensationPx.current = prependedVisible * CELL_WIDTH;
-      setViewStart((v) => {
-        const candidate = addDays(v, -daysToPrepend);
-        return candidate < minDate ? minDate : candidate;
-      });
-      setViewDays((d) => d + daysToPrepend);
-    }
-
     scrollLeftRef.current = el.scrollLeft;
     if (scrollRafRef.current === null) {
       scrollRafRef.current = requestAnimationFrame(() => {
@@ -796,7 +720,7 @@ function TimelineViewContent({
         setScrollLeft(scrollLeftRef.current);
       });
     }
-  }, [CELL_WIDTH, setViewDays, viewStart, minDate, setViewStart, filters.showWeekends]);
+  }, [CELL_WIDTH, setViewDays]);
 
   // ─── Canvas mousemove — only forwards event when drag overlay is active ───
   const handleMouseMove = useCallback(

docs/nginx-hardening.conf

@@ -1,5 +1,5 @@
-# Nexus nginx Security Hardening
+# CapaKraken nginx Security Hardening
-# Apply to the server block for nexus.hartmut-noerenberg.com
+# Apply to the server block for capakraken.hartmut-noerenberg.com
 #
 # References:
 #   - EAPPS 3.3.1.3.04 (Server Header entfernen)
@@ -113,5 +113,5 @@ log_format security '$remote_addr - $remote_user [$time_local] '
                     '"$http_referer" "$http_user_agent" '
                     '$request_time $upstream_response_time';
 
-access_log /var/log/nginx/nexus_access.log security;
+access_log /var/log/nginx/capakraken_access.log security;
-error_log /var/log/nginx/nexus_error.log warn;
+error_log /var/log/nginx/capakraken_error.log warn;

packages/api/src/__tests__/assistant-chat-response.test.ts

@@ -7,14 +7,12 @@ vi.mock("../lib/audit.js", () => ({
 vi.mock("../router/assistant-approvals.js", () => ({
   clearPendingAssistantApproval: vi.fn().mockResolvedValue(undefined),
   consumePendingAssistantApproval: vi.fn(),
-  toApprovalPayload: vi.fn(
+  toApprovalPayload: vi.fn((approval: { id: string; toolName: string; summary: string }, status: string) => ({
-    (approval: { id: string; toolName: string; summary: string }, status: string) => ({
+    id: approval.id,
-      id: approval.id,
+    toolName: approval.toolName,
-      toolName: approval.toolName,
+    summary: approval.summary,
-      summary: approval.summary,
+    status,
-      status,
+  })),
-    }),
-  ),
 }));
 
 vi.mock("../router/assistant-confirmation.js", () => ({
@@ -41,10 +39,16 @@ import {
   clearPendingAssistantApproval,
   consumePendingAssistantApproval,
 } from "../router/assistant-approvals.js";
-import { canExecuteMutationTool, isCancellationReply } from "../router/assistant-confirmation.js";
+import {
+  canExecuteMutationTool,
+  isCancellationReply,
+} from "../router/assistant-confirmation.js";
 import { buildAssistantInsight } from "../router/assistant-insights.js";
 import { handlePendingAssistantApproval } from "../router/assistant-chat-response.js";
-import { readToolError, readToolSuccessMessage } from "../router/assistant-tool-results.js";
+import {
+  readToolError,
+  readToolSuccessMessage,
+} from "../router/assistant-tool-results.js";
 import { executeTool } from "../router/assistant-tools.js";
 
 function createPendingApproval() {
@@ -53,16 +57,14 @@ function createPendingApproval() {
     userId: "user_1",
     conversationId: "conv_1",
     toolName: "create_project",
-    toolArguments: '{"name":"Apollo"}',
+    toolArguments: "{\"name\":\"Apollo\"}",
     summary: "create project (name=Apollo)",
     createdAt: Date.now(),
     expiresAt: Date.now() + 60_000,
   };
 }
 
-function createHandleInput(
+function createHandleInput(overrides: Partial<Parameters<typeof handlePendingAssistantApproval>[0]> = {}) {
-  overrides: Partial<Parameters<typeof handlePendingAssistantApproval>[0]> = {},
-) {
   return {
     db: {} as never,
     dbUserId: "user_1",
@@ -79,10 +81,7 @@ function createHandleInput(
     pendingApproval: createPendingApproval(),
     lastUserMessage: { role: "user" as const, content: "ja" },
     messages: [
-      {
+      { role: "assistant" as const, content: "__CAPAKRAKEN_CONFIRM__ create project (name=Apollo). Bitte bestätigen." },
-        role: "assistant" as const,
-        content: "__NEXUS_CONFIRM__ create project (name=Apollo). Bitte bestätigen.",
-      },
       { role: "user" as const, content: "ja" },
     ],
     collectedActions: [],
@@ -104,11 +103,9 @@ describe("assistant pending approval handling", () => {
   it("cancels pending approvals when the user aborts", async () => {
     vi.mocked(isCancellationReply).mockReturnValue(true);
 
-    const result = await handlePendingAssistantApproval(
+    const result = await handlePendingAssistantApproval(createHandleInput({
-      createHandleInput({
+      lastUserMessage: { role: "user", content: "nein, abbrechen" },
-        lastUserMessage: { role: "user", content: "nein, abbrechen" },
+    }));
-      }),
-    );
 
     expect(result).toMatchObject({
       response: {
@@ -130,7 +127,7 @@ describe("assistant pending approval handling", () => {
       summary: "create project (name=Apollo, status=DRAFT)",
     } as never);
     vi.mocked(executeTool).mockResolvedValue({
-      content: '{"message":"Projekt Apollo angelegt"}',
+      content: "{\"message\":\"Projekt Apollo angelegt\"}",
       data: { message: "Projekt Apollo angelegt" },
       action: { type: "refresh" },
     } as never);
@@ -151,35 +148,29 @@ describe("assistant pending approval handling", () => {
           status: "approved",
         },
         actions: [{ type: "refresh" }],
-        insights: [
+        insights: [{
-          {
+          kind: "holiday_region",
-            kind: "holiday_region",
+          title: "Berlin",
-            title: "Berlin",
+        }],
-          },
-        ],
       },
     });
     expect(executeTool).toHaveBeenCalledWith(
       "create_project",
-      '{"name":"Apollo"}',
+      "{\"name\":\"Apollo\"}",
       expect.objectContaining({ userId: "user_1" }),
     );
-    expect(createAuditEntry).toHaveBeenCalledWith(
+    expect(createAuditEntry).toHaveBeenCalledWith(expect.objectContaining({
-      expect.objectContaining({
+      entityName: "create_project",
-        entityName: "create_project",
+      summary: "AI executed previously approved tool: create_project",
-        summary: "AI executed previously approved tool: create_project",
+    }));
-      }),
-    );
   });
 
   it("does nothing when the user reply is not a valid confirmation", async () => {
     vi.mocked(canExecuteMutationTool).mockReturnValue(false);
 
-    const result = await handlePendingAssistantApproval(
+    const result = await handlePendingAssistantApproval(createHandleInput({
-      createHandleInput({
+      lastUserMessage: { role: "user", content: "vielleicht" },
-        lastUserMessage: { role: "user", content: "vielleicht" },
+    }));
-      }),
-    );
 
     expect(result).toBeNull();
     expect(consumePendingAssistantApproval).not.toHaveBeenCalled();

packages/db/prisma/schema.prisma

@@ -1,4 +1,4 @@
-// Nexus — Prisma Schema
+// CapaKraken — Prisma Schema
 // All monetary values stored as integer cents to avoid float precision issues.
 
 generator client {

restart.sh

@@ -1,5 +1,5 @@
 #!/usr/bin/env bash
-# restart.sh — Rebuild the Nexus app container from scratch.
+# restart.sh — Rebuild the CapaKraken app container from scratch.
 #
 # When to use:
 #   - After changing pnpm-lock.yaml (new/removed dependencies)

scripts/restart.sh

@@ -2,7 +2,7 @@
 set -euo pipefail
 cd "$(dirname "$0")/.."
 
-echo "Restarting Nexus..."
+echo "Restarting CapaKraken..."
 echo ""
 
 # Stop

scripts/start.sh

@@ -5,7 +5,7 @@ cd "$(dirname "$0")/.."
 APP_PORT="${APP_PORT:-3100}"
 APP_CONTAINER="${APP_CONTAINER:-$(docker compose --profile full ps -q app 2>/dev/null | head -1)}"
 
-echo "Starting Nexus..."
+echo "Starting CapaKraken..."
 
 # 1. Start Docker services
 echo "  Starting PostgreSQL + Redis..."
@@ -34,7 +34,7 @@ echo "  Waiting for server (up to 90s)..."
 for i in {1..90}; do
   if curl -sf "http://localhost:${APP_PORT}/api/health" > /dev/null 2>&1; then
     echo ""
-    echo "Nexus is running!"
+    echo "CapaKraken is running!"
     curl -s "http://localhost:${APP_PORT}/api/ready" | python3 -m json.tool 2>/dev/null || curl -s "http://localhost:${APP_PORT}/api/ready"
     echo ""
     echo "  URL: http://localhost:${APP_PORT}"

scripts/stop.sh

@@ -2,7 +2,7 @@
 set -euo pipefail
 cd "$(dirname "$0")/.."
 
-echo "Stopping Nexus..."
+echo "Stopping CapaKraken..."
 
 # 1. Stop any legacy local dev server
 if [ -f /tmp/nexus-dev.pid ]; then
@@ -28,4 +28,4 @@ echo "  Stopping app, PostgreSQL and Redis..."
 docker compose --profile full stop app postgres redis 2>/dev/null || true
 
 echo ""
-echo "Nexus stopped."
+echo "CapaKraken stopped."

tooling/migrate/rename-to-nexus.sh

@@ -63,7 +63,7 @@ docker compose -p "$OLD_PROJECT" -f "$COMPOSE_FILE" stop app 2>/dev/null || true
 echo "[2/7] Capturing pre-rename row counts..."
 PRE_COUNTS=$(docker compose -p "$OLD_PROJECT" -f "$COMPOSE_FILE" exec -T postgres \
   psql -U capakraken -d capakraken -t -c \
-  "SELECT relname, n_live_tup FROM pg_stat_user_tables ORDER BY relname;")
+  "SELECT table_name, n_live_tup FROM pg_stat_user_tables ORDER BY table_name;")
 echo "$PRE_COUNTS" | head -20
 echo "..."
 
@@ -149,7 +149,7 @@ sleep 15
 echo "=== Verification ==="
 POST_COUNTS=$(docker compose -p "$NEW_PROJECT" -f "$COMPOSE_FILE" exec -T postgres \
   psql -U nexus -d nexus -t -c \
-  "SELECT relname, n_live_tup FROM pg_stat_user_tables ORDER BY relname;")
+  "SELECT table_name, n_live_tup FROM pg_stat_user_tables ORDER BY table_name;")
 echo "Post-rename row counts (sample):"
 echo "$POST_COUNTS" | head -20