AI Handoff
Bloomify β AI Session Handoff
Everything an AI assistant needs to pick up this project cold
For AI Assistants
Read this page before touching any code. It contains the critical rules that prevent corrupted commits and wasted time.
Repo & Stack
| Item | Value |
|---|---|
| Repo | https://github.com/sonantechai/bloomify-portal |
| Latest commit | d30778ce |
| Frontend | React 18, TypeScript, Vite, Cloudflare Pages |
| Backend | Cloudflare Worker (bloomify-api, env: bloomify) |
| Database | D1 β bloomify_db (ID: 65ce920d-2760-4918-a32a-e4aef9a58a83) |
| Auth | JWT signed with JWT_SECRET Cloudflare secret |
| Currency | PKR stored as paisa (Γ100); display as Rs. X |
Running Locally
# Install dependencies
npm install
# Start Vite dev server (frontend)
npm run dev
# Start Worker locally with D1 (separate terminal)
npx wrangler dev --env bloomify --local
The frontend proxies API calls to localhost:8787 in dev mode (configured in vite.config.ts). Ensure your local wrangler.toml has the correct D1 binding.
Known Gotchas
| Gotcha | Fix |
|---|---|
| CORS error after deploy | Permanent fix applied (commit d30778ce): origin is now hardcoded in worker.ts as const origin = 'https://bloomifyofficial.sonandigital.com' β no longer read from env var. Do NOT change this back to env.ALLOWED_ORIGIN. Root cause was: Pages project is named bloomifyofficial but original wrangler.toml had bloomify.sonandigital.com; FUSE-safe commits update git but not the disk file wrangler reads, so the wrong value kept being deployed. |
| Worker crashes with 500 + no CORS headers | Caused by JWT_SECRET Cloudflare secret not being set for the bloomify environment. The error from crypto.subtle.importKey is: "DataError: Imported HMAC key length (0) must be a non-zero valueβ¦" Fix: npx wrangler secret put JWT_SECRET --env bloomify. A global try-catch is now in place in worker.ts so future crashes return proper JSON with CORS headers instead of a silent 500. |
| Admin login fails after manual DB reset | Password hash format is saltHex:hashHex β NOT the pbkdf2:sha256:... prefix format. Use the Worker's /api/admin/password endpoint or seed script to generate correct hashes |
git push fails with "does not appear to be a git repository" | FUSE-mounted workspace corrupts .git/config. User must fix from Windows terminal: del .git\config.lock, rebuild config lines with echo, then git remote add origin and push |
| Large file writes silently truncated on FUSE | Always write large files to /tmp via Python, hash from /tmp, never from the FUSE mount path. See CLAUDE.md for the full FUSE-safe commit pattern |
| FUSE-safe commits update git but NOT disk | Wrangler reads from the disk path, not from git. After a FUSE-safe commit, the disk file still has the old content. Use the Edit tool to update the disk file separately before deploying. |
Deployment Checklist
- D1 database created and migrations applied
- Seed script run (creates admin user with correct password hash)
JWT_SECRETset as Cloudflare secretALLOWED_ORIGINinwrangler.toml [env.bloomify]=https://bloomifyofficial.sonandigital.com- Worker deployed:
npx wrangler deploy --env bloomify - Custom domain
bloomify-api.sonandigital.comset in Cloudflare Worker settings - Cloudflare Pages project
bloomify-portalconnected to GitHub repo - Pages custom domain
bloomifyofficial.sonandigital.comconfigured - Admin logi