changed doc title

Merge pull request 'changed hibernate schema creation for test db' (#37 ) from enhancement/reorganize-databases into main
Reviewed-on: #37
2026-05-20 04:43:51 +02:00 · 2026-05-20 04:40:45 +02:00 · 2026-05-20 04:39:29 +02:00 · 2026-05-20 04:38:46 +02:00 · 2026-05-13 17:33:08 +02:00 · 2026-05-13 16:44:45 +02:00
78 changed files with 7672 additions and 43 deletions
@@ -0,0 +1 @@
+.vscode/
@@ -0,0 +1,89 @@
+# CLAUDE.md
+
+This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
+
+## Project Overview
+
+Vaessl is an AI-powered integration bridge that accepts user text/image inputs, processes them through an LLM pipeline (via LiteLLM), and exports structured data to management systems (Homebox, WikiJS). The backend uses a provider pattern for extensibility. The frontend has a working connection management dashboard.
+
+## Commands
+
+### Backend (Spring Boot + Gradle, inside `backend/`)
+
+```bash
+./gradlew build           # compile and package
+./gradlew test            # run all tests
+./gradlew test --tests com.vaessl.app.connection.ConnectionServiceTest  # single test class
+```
+
+### Frontend (React + Vite, inside `frontend/`)
+
+```bash
+npm run dev       # start dev server
+npm run build     # TypeScript check + Vite build
+npm run lint      # ESLint
+npm run test      # Vitest watch mode
+npm run test:ui   # Vitest visual dashboard
+```
+
+## Environment
+
+Copy `.env.local` (not committed) into `backend/` with:
+
+- `DB_URL`, `DB_TEST_URL`, `DB_USERNAME`, `DB_PASSWORD` — PostgreSQL (test container on port 5434)
+- `PG_DRIVER_CLASS_NAME` — PostgreSQL JDBC driver class
+- `OPENAI_KEY`, `OPENAI_BASE_URL` — LiteLLM gateway (provider-agnostic, configured for gpt-4o-mini)
+- `FRONTEND_LOCAL_URL`, `FRONTEND_PUBLIC_URL` — allowed CORS origins for the backend
+
+Frontend (optional, defaults to `/api`):
+
+- `VITE_API_URL` — backend base URL used by `api/client.ts`
+
+## Architecture
+
+### Backend (`backend/src/main/java/com/vaessl/app/`)
+
+Server context path is `/api`. Main endpoints:
+
+- `POST /api/login` — authenticates a service, stores connection ID in session
+- `GET /api/connections/status` — lists connected services for the current session
+- `DELETE /api/connections/{serviceType}` — removes a service from the session; invalidates the session if no connections remain
+
+Four main modules:
+
+**`config/`**
+
+- `CorsConfig`: env-driven allowed origins (`FRONTEND_LOCAL_URL`, `FRONTEND_PUBLIC_URL`); `allowCredentials(true)` is required for session cookies to work cross-origin
+- `SessionConfig`: JDBC-backed Spring Session with a persistent cookie (`SameSite=Lax`, `HttpOnly`)
+
+**`connection/`** — core business logic
+
+- `ConnectionProvider` interface: each integrated app (Homebox, WikiJS) implements `login()` and declares its `ServiceType`
+- `ConnectionService`: auto-discovers providers via Spring injection, dispatches login by `ServiceType`
+- `ConnectionController`: stores `{serviceType}_CONNECTION_ID` in `HttpSession` after login; reads session attributes to build status responses
+- Entity (`Connection`) uses **Single Table Inheritance** — one `connections` table with app-specific nullable columns
+
+**`dto/`** — `ConnectionRequest`, `LoginResult`, `AuthResponse`, `ConnectionStatusResponse`
+
+**`exception/`** — `GlobalExceptionHandler` via `@ControllerAdvice`
+
+### Frontend (`frontend/src/`)
+
+React 19 + TypeScript + SCSS, Vite 8 build.
+
+- `api/client.ts` — typed `apiFetch` wrapper; always sends `credentials: 'include'` for session cookies; base URL from `VITE_API_URL` (defaults to `/api`)
+- `api/connections.ts` — connection-specific API calls
+- `types/connection.ts` — shared types: `LoginRequest`, `AuthResponse`, `ConnectionStatus`
+- `components/Dashboard` — main view listing connected services
+- `components/ConnectModal` — login form for adding a service connection
+- `components/ServiceCard` — per-service status display
+
+### Data & AI
+
+- PostgreSQL + pgvector (semantic search via embeddings); also used as the Spring Session store (JDBC)
+- LiteLLM as a unified AI proxy; Spring AI OpenAI starter wired to it
+- Processing pipeline (Phase 2): stage in DB → LLM inference → refine via UI → export to target app
+
+### Testing Strategy
+
+Integration tests spin up a **mirrored PostgreSQL container** on port 5434 (same schema as production). WireMock mocks external HTTP APIs (Homebox, WikiJS). Do not mock the database in integration tests — the mirrored container strategy exists specifically to catch schema/migration divergence.
@@ -0,0 +1,89 @@
+## Project Intent
+Vaessl is a **technical playground** and proof-of-concept designed to showcase a complete, professional-grade software lifecycle. The primary goal is not just to build a functional utility, but to demonstrate a multi-experience approach to full-stack engineering, DevOps, and AI integration.
+
+This project serves as a transparent portfolio of my take on:
+* **Infrastructure:** Moving from local-machine to browser-based development environment hosted on my Proxmox server.
+* **Modern AI Orchestration:** Building a system that actually uses AI to do heavy lifting, like identifying objects and understanding natural language using Spring AI and LiteLLM.
+* **Architectural Foresight:** Designing with abstraction layers early to ensure the system can scale from a single-target tool to a multi-app bridge without significant refactoring.
+
+---
+
+## What is Vaessl?
+Vaessl acts as translator between user inputs via text or image and digital management systems. It performs image and semantic search analysis before serving results from applications (e.g., Homebox, WikiJS) via REST API.
+
+### Core Functionality
+* **Staging:** Raw images and metadata are stored in a PostgreSQL staging table.
+* **AI-Powered Analysis:** The system utilizes **LiteLLM** as a unified gateway to process inputs via LLM of choice.
+* **Semantic Discovery:** By utilizing **Spring AI** and **pgvector**, Vaessl stores description embeddings. This allows for intent-based search (e.g., finding a "Wrench" by searching for "tool to fix a leaky pipe").
+
+---
+
+## Technical Stack
+
+| Layer | Technology |
+| :--- | :--- |
+| **Backend** | Spring Boot 4.0.x, Java 25 (LTS), Spring AI |
+| **Frontend** | React (Vite), Tailwind CSS, SCSS |
+| **Database** | PostgreSQL + `pgvector` |
+| **AI Gateway** | LiteLLM (Unified API proxy) |
+| **DevOps** | Docker, Portainer, Hoppscotch (API testing), Gitea Actions, Jenkins |
+
+&nbsp;
+![Vaessl stack illustration](assets/images/vaessl-stack-illustration.png)
+
+---
+
+## Infrastructure & Methodology
+
+### 1. Centralized Development (Code-Server)
+To maintain a zero-footprint local setup, I develop within a custom **code-server** Docker instance.
+* **Custom Image:** The environment is baked with a specific toolchain (OpenJDK 25, Node.js 24) to ensure absolute environment parity.
+* **Remote Access:** Secured via Pangolin tunnel, allowing for secure, remote development without exposing ports to the public internet.
+
+### 2. Abstraction & Scalability
+A core requirement was to prevent vendor or application lock-in:
+* **API Abstraction:** While the initial integration targets **Homebox**, the export logic is decoupled. This allows the bridge to support other platforms like **WikiJS** by simply implementing new mapping profiles.
+* **AI Agnostic:** LiteLLM abstracts the AI provider, allowing the backend to switch between cloud APIs and local inference engines (Ollama) without code changes.
+
+### 3. Testing Strategy
+* **Database Parity:** I utilize mirrored containers for development and testing (`vaessl-db` vs `vassal-test-db`). This ensures that JPA operations are tested against the real PostgreSQL engine and `pgvector` extensions rather than mocks.
+* **Frontend TDD:** A Vitest-based stack provides a fast feedback loop for the UI, ensuring component reliability before integration with the Spring Boot backend.
+
+---
+
+## Roadmap
+
+### Phase 1: Foundation
+* [x] Deployment of core infrastructure (PostgreSQL, LiteLLM, Hoppscotch via Docker).
+* [x] Custom Code-Server image build and deployment.
+* [x] Spring Boot skeleton with Java 25 and Gradle Kotlin DSL.
+
+### Phase 2: The Processing Pipeline (Current)
+* [ ] Implementation of Image/Semantic Search $\rightarrow$ AI $\rightarrow$ Staging Table workflow.
+* [ ] Development of the data refinement UI in React.
+* [ ] Initial API connector for Homebox.
+
+### Phase 3: Semantic Search & Expansion
+* [ ] Integration of Spring AI vector embeddings.
+* [ ] Implementation of additional API targets (WikiJS).
+* [ ] Launch of a public-facing demo.
+
+---
+
+## Setup & Deployment
+The project is orchestrated via Docker Compose for high portability.
+
+1.  Clone the Repository.
+2.  Environment Setup: Configure `.env.local` with your database credentials and AI API keys.
+
+```
+DB_URL=jdbc:postgresql://192.168.1.{subnet}:{port}/vaessl
+DB_TEST_URL=jdbc:postgresql://192.168.1.{subnet}:{port}/vaessl_test
+DB_USERNAME={username}
+DB_PASSWORD={password}
+OPENAI_KEY={api-key} # or LLM provider of choice
+OPENAI_BASE_URL=https://api.openai.com/v1
+PG_DRIVER_CLASS_NAME=org.postgresql.Driver
+```
+3. Setup both production and test pgvector databases using the official pgvector docker image or installing the pgvector extension to you existing PostGreSQL database.
+4. Execute "npm i" and build gradle.
@@ -37,4 +37,4 @@ out/
 .vscode/

 ### Misc ###
-.env_dev
+*.local
@@ -1,6 +1,6 @@
 plugins {
 	java
-	id("org.springframework.boot") version "4.0.4"
+	id("org.springframework.boot") version "4.0.6"
 	id("io.spring.dependency-management") version "1.1.7"
 }

@@ -27,22 +27,22 @@ extra["springAiVersion"] = "2.0.0-M3"

 dependencies {
 	implementation("org.springframework.boot:spring-boot-starter-data-jpa")
-	implementation("org.springframework.boot:spring-boot-starter-security")
+	implementation("org.springframework.boot:spring-boot-starter-session-jdbc")
+	// implementation("org.springframework.boot:spring-boot-starter-security")
 	implementation("org.springframework.boot:spring-boot-starter-validation")
 	implementation("org.springframework.boot:spring-boot-starter-webmvc")
 	implementation("org.springframework.ai:spring-ai-starter-model-openai")
 	compileOnly("org.projectlombok:lombok")
 	developmentOnly("org.springframework.boot:spring-boot-devtools")
-	// developmentOnly("org.springframework.boot:spring-boot-docker-compose")
 	runtimeOnly("org.postgresql:postgresql")
-	// developmentOnly("org.springframework.ai:spring-ai-spring-boot-docker-compose")
 	annotationProcessor("org.projectlombok:lombok")
 	testImplementation("org.springframework.boot:spring-boot-starter-data-jpa-test")
-	testImplementation("org.springframework.boot:spring-boot-starter-security-test")
+	// testImplementation("org.springframework.boot:spring-boot-starter-security-test")
 	testImplementation("org.springframework.boot:spring-boot-starter-validation-test")
 	testImplementation("org.springframework.boot:spring-boot-starter-webmvc-test")
 	testRuntimeOnly("org.junit.platform:junit-platform-launcher")
-}
+	testImplementation("org.wiremock:wiremock-standalone:3.12.0")
+	testImplementation("org.springframework.boot:spring-boot-starter-session-jdbc-test")}

 dependencyManagement {
 	imports {
@@ -50,6 +50,10 @@ dependencyManagement {
 	}
 }

+tasks.withType<JavaCompile> {
+	options.compilerArgs.add("-parameters")
+}
+
 tasks.withType<Test> {
 	useJUnitPlatform()
 }
@@ -1,9 +0,0 @@
-services:
-  postgres:
-    image: 'postgres:latest'
-    environment:
-      - 'POSTGRES_DB=mydatabase'
-      - 'POSTGRES_PASSWORD=secret'
-      - 'POSTGRES_USER=myuser'
-    ports:
-      - '5432'
@@ -9,5 +9,4 @@ public class Application {
 	public static void main(String[] args) {
 		SpringApplication.run(Application.class, args);
 	}
-
 }
@@ -0,0 +1,25 @@
+package com.vaessl.app.config;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.CorsRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+@Configuration
+public class CorsConfig implements WebMvcConfigurer {
+
+    @Value("${vaessl.frontend-local-url}")
+    private String frontendLocalUrl;
+
+    @Value("${vaessl.frontend-public-url}")
+    private String frontendPublicUrl;
+
+    @Override
+    public void addCorsMappings(CorsRegistry registry) {
+        registry.addMapping("/**")
+                .allowedOrigins(frontendLocalUrl, frontendPublicUrl)
+                .allowedMethods("GET", "POST", "DELETE", "OPTIONS")
+                .allowedHeaders("Content-Type", "Accept")
+                .allowCredentials(true);
+    }
+}
@@ -0,0 +1,19 @@
+package com.vaessl.app.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.session.web.http.CookieSerializer;
+import org.springframework.session.web.http.DefaultCookieSerializer;
+
+@Configuration
+public class SessionConfig {
+
+    @Bean
+    public CookieSerializer cookieSerializer() {
+        DefaultCookieSerializer serializer = new DefaultCookieSerializer();
+        serializer.setCookieMaxAge(Integer.MAX_VALUE);
+        serializer.setUseHttpOnlyCookie(true);
+        serializer.setSameSite("Lax");
+        return serializer;
+    }
+}
@@ -0,0 +1,90 @@
+package com.vaessl.app.connection;
+
+import java.time.Instant;
+import java.time.temporal.ChronoUnit;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.DeleteMapping;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RestController;
+
+import com.vaessl.app.dto.AuthResponse;
+import com.vaessl.app.dto.ConnectionRequest;
+import com.vaessl.app.dto.ConnectionStatusResponse;
+import com.vaessl.app.dto.LoginResult;
+
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpSession;
+import jakarta.validation.Valid;
+import lombok.RequiredArgsConstructor;
+
+@RestController
+@RequiredArgsConstructor
+public class ConnectionController {
+
+    private static final String SUFFIX = "_CONNECTION_ID";
+
+    private final ConnectionService connectionService;
+
+    @PostMapping("/login")
+    public ResponseEntity<AuthResponse> login(
+            @Valid @RequestBody ConnectionRequest request,
+            HttpServletRequest httpReq) {
+
+        LoginResult result = connectionService.login(request);
+
+        HttpSession session = httpReq.getSession(true);
+        session.setAttribute(request.serviceType() + SUFFIX, result.connectionId());
+
+        if (result.expiresAt() != null) {
+            long secs = Instant.now().until(result.expiresAt(), ChronoUnit.SECONDS);
+            session.setMaxInactiveInterval((int) Math.max(secs, 300));
+        }
+
+        return ResponseEntity.ok(new AuthResponse(request.serviceType(), result.expiresAt()));
+    }
+
+    @GetMapping("/connections/status")
+    public ResponseEntity<List<ConnectionStatusResponse>> getStatus(HttpServletRequest httpReq) {
+        HttpSession session = httpReq.getSession(false);
+        if (session == null) {
+            return ResponseEntity.ok(List.of());
+        }
+
+        List<ConnectionStatusResponse> statuses = new ArrayList<>();
+        Collections.list(session.getAttributeNames()).stream()
+                .filter(k -> k.endsWith(SUFFIX))
+                .forEach(k -> {
+                    String serviceType = k.replace(SUFFIX, "");
+                    Long id = (Long) session.getAttribute(k);
+                    ConnectionStatusResponse status = connectionService.getConnectionStatus(serviceType, id);
+                    if (status != null) statuses.add(status);
+                });
+
+        return ResponseEntity.ok(statuses);
+    }
+
+    @DeleteMapping("/connections/{serviceType}")
+    public ResponseEntity<Void> logout(
+            @PathVariable("serviceType") String serviceType,
+            HttpServletRequest httpReq) {
+
+        HttpSession session = httpReq.getSession(false);
+        if (session != null) {
+            session.removeAttribute(serviceType + SUFFIX);
+            boolean hasMore = Collections.list(session.getAttributeNames()).stream()
+                    .anyMatch(k -> k.endsWith(SUFFIX));
+            if (!hasMore) {
+                session.invalidate();
+            }
+        }
+
+        return ResponseEntity.noContent().build();
+    }
+}
@@ -0,0 +1,30 @@
+package com.vaessl.app.connection;
+
+import jakarta.persistence.DiscriminatorColumn;
+import jakarta.persistence.Entity;
+import jakarta.persistence.GeneratedValue;
+import jakarta.persistence.GenerationType;
+import jakarta.persistence.Id;
+import jakarta.persistence.Inheritance;
+import jakarta.persistence.InheritanceType;
+import jakarta.persistence.Table;
+import jakarta.persistence.UniqueConstraint;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import lombok.Setter;
+
+@Entity
+@Table(name = "connections", uniqueConstraints = { @UniqueConstraint(columnNames = { "appUrl", "username" }) })
+@Inheritance(strategy = InheritanceType.SINGLE_TABLE)
+@DiscriminatorColumn(name = "service_type")
+@Getter
+@Setter
+@NoArgsConstructor
+public abstract class ConnectionEntity {
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    private Long id;
+
+    private String appUrl;
+    private String username;
+}
@@ -0,0 +1,25 @@
+package com.vaessl.app.connection;
+
+import java.time.Instant;
+
+import com.vaessl.app.dto.ConnectionRequest;
+import com.vaessl.app.dto.ConnectionResponse;
+
+public interface ConnectionProvider {
+
+    void checkCredentials(ConnectionRequest request);
+
+    String getServiceType();
+
+    ConnectionResponse authenticate(ConnectionRequest request);
+
+    ConnectionEntity findUniqueConnectionEntry(ConnectionRequest request);
+
+    ConnectionEntity connectionToEntity(ConnectionRequest request, ConnectionResponse response);
+
+    void updateToRepository(ConnectionEntity existing, ConnectionResponse response);
+
+    default Instant getTokenExpiry(ConnectionEntity entity) {
+        return null;
+    }
+}
@@ -0,0 +1,10 @@
+package com.vaessl.app.connection;
+
+import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.stereotype.Repository;
+
+@Repository
+public interface ConnectionRepository extends JpaRepository<ConnectionEntity, Long> {
+
+    ConnectionEntity findByAppUrlAndUsername(String appUrl, String username);
+}
@@ -0,0 +1,66 @@
+package com.vaessl.app.connection;
+
+import java.time.Instant;
+import java.util.List;
+import java.util.Map;
+import java.util.stream.Collectors;
+
+import org.springframework.stereotype.Service;
+
+import com.vaessl.app.dto.ConnectionRequest;
+import com.vaessl.app.dto.ConnectionResponse;
+import com.vaessl.app.dto.ConnectionStatusResponse;
+import com.vaessl.app.dto.LoginResult;
+import com.vaessl.app.exception.WrongServiceTypeException;
+
+@Service
+public class ConnectionService {
+
+    private final Map<String, ConnectionProvider> providerRegistry;
+
+    private final ConnectionRepository cRepository;
+
+    public ConnectionService(List<ConnectionProvider> providers, ConnectionRepository cRepository) {
+        this.providerRegistry = providers.stream()
+                .collect(Collectors.toMap(ConnectionProvider::getServiceType, p -> p));
+        this.cRepository = cRepository;
+    }
+
+    public LoginResult login(ConnectionRequest request) {
+
+        ConnectionProvider provider = providerRegistry.get(request.serviceType());
+
+        if (provider == null) {
+            throw new WrongServiceTypeException();
+        }
+
+        provider.checkCredentials(request);
+
+        ConnectionResponse response = provider.authenticate(request);
+
+        ConnectionEntity existing = provider.findUniqueConnectionEntry(request);
+
+        ConnectionEntity saved;
+        if (existing != null) {
+            provider.updateToRepository(existing, response);
+            saved = existing;
+        } else {
+            ConnectionEntity newEntity = provider.connectionToEntity(request, response);
+            saved = cRepository.save(newEntity);
+        }
+
+        return new LoginResult(saved.getId(), response.expiresAt());
+    }
+
+    public ConnectionStatusResponse getConnectionStatus(String serviceType, Long connectionId) {
+        ConnectionEntity entity = cRepository.findById(connectionId).orElse(null);
+        if (entity == null) return null;
+
+        ConnectionProvider provider = providerRegistry.get(serviceType);
+        Instant expiresAt = (provider != null) ? provider.getTokenExpiry(entity) : null;
+        boolean connected = expiresAt == null || expiresAt.isAfter(Instant.now());
+
+        return new ConnectionStatusResponse(serviceType, entity.getAppUrl(),
+                entity.getUsername(), expiresAt, connected);
+    }
+}
@@ -0,0 +1,17 @@
+package com.vaessl.app.connection;
+
+public enum Endpoint {
+    HOMEBOX_LOGIN("/api/v1/users/login"),
+    LOGIN("/login"),
+    CONNECTION_STATUS("/connections/status");
+
+    private final String value;
+
+    private Endpoint(String value) {
+        this.value = value;
+    }
+
+    public String getValue() {
+        return value;
+    }
+}
@@ -0,0 +1,108 @@
+package com.vaessl.app.connection;
+
+import java.time.Instant;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.springframework.stereotype.Component;
+import org.springframework.web.client.RestClient;
+
+import com.vaessl.app.dto.ConnectionRequest;
+import com.vaessl.app.dto.ConnectionResponse;
+import com.vaessl.app.exception.EmptyCredentialsException;
+
+import static com.vaessl.app.connection.Endpoint.*;
+
+@Component
+public class HomeBoxConnectionProvider implements ConnectionProvider {
+
+    private final RestClient.Builder restClientBuilder;
+
+    private final ConnectionRepository cRepository;
+
+    public HomeBoxConnectionProvider(RestClient.Builder restClientBuilder, ConnectionRepository cRepository) {
+        this.restClientBuilder = restClientBuilder;
+        this.cRepository = cRepository;
+    }
+
+    @Override
+    public void checkCredentials(ConnectionRequest request) {
+        if (request.username() == null || request.password() == null) {
+            List<String> missingFields = new ArrayList<>();
+
+            if (request.username() == null) {
+                missingFields.add("username");
+            }
+            if (request.password() == null) {
+                missingFields.add("password");
+
+            }
+            throw new EmptyCredentialsException(List.copyOf(missingFields));
+        }
+    }
+
+    @Override
+    public String getServiceType() {
+        return "HOMEBOX";
+    }
+
+    @Override
+    public ConnectionResponse authenticate(ConnectionRequest request) {
+        Map<String, Object> homeboxPayload = Map.of("username", request.username(),
+                "password", request.password(), "stayLoggedIn",
+                request.stayLoggedIn());
+
+        HomeboxLoginResponse hbResponse = restClientBuilder.baseUrl(request.appUrl())
+                .build()
+                .post()
+                .uri(HOMEBOX_LOGIN.getValue())
+                .body(homeboxPayload)
+                .retrieve()
+                .body(HomeboxLoginResponse.class);
+
+        if (hbResponse == null) {
+            throw new IllegalStateException("Remote API returned an empty body for " + request.appUrl());
+        }
+
+        Map<String, Object> attachmentToken = new HashMap<>();
+
+        attachmentToken.put("attachmentToken", hbResponse.attachmentToken());
+
+        return new ConnectionResponse(hbResponse.token(), hbResponse.expiresAt(), attachmentToken);
+    }
+
+    @Override
+    public ConnectionEntity findUniqueConnectionEntry(ConnectionRequest request) {
+
+        return cRepository.findByAppUrlAndUsername(request.appUrl(), request.username());
+    }
+
+    @Override
+    public ConnectionEntity connectionToEntity(ConnectionRequest request, ConnectionResponse response) {
+        return HomeboxEntity.from(request, response);
+    }
+
+    @Override
+    public void updateToRepository(ConnectionEntity existing, ConnectionResponse response) {
+
+        if (existing instanceof HomeboxEntity hbE) {
+
+            hbE.setToken(response.token());
+            hbE.setExpiresAt(response.expiresAt());
+            hbE.setAttachmentToken(response.getExtraVar("attachmentToken"));
+
+            cRepository.save(hbE);
+        }
+    }
+
+    @Override
+    public Instant getTokenExpiry(ConnectionEntity entity) {
+        return (entity instanceof HomeboxEntity he) ? he.getExpiresAt() : null;
+    }
+
+    private record HomeboxLoginResponse(String token, String attachmentToken, Instant expiresAt) {
+    }
+
+}
@@ -0,0 +1,35 @@
+package com.vaessl.app.connection;
+
+import java.time.Instant;
+
+import com.vaessl.app.dto.ConnectionRequest;
+import com.vaessl.app.dto.ConnectionResponse;
+
+import jakarta.persistence.DiscriminatorValue;
+import jakarta.persistence.Entity;
+import lombok.Getter;
+import lombok.Setter;
+
+@Entity
+@DiscriminatorValue("HOMEBOX")
+@Getter
+@Setter
+public class HomeboxEntity extends ConnectionEntity {
+
+    private String token;
+    private String attachmentToken;
+    private Instant expiresAt;
+
+    public static HomeboxEntity from(ConnectionRequest request, ConnectionResponse response) {
+
+        HomeboxEntity he = new HomeboxEntity();
+
+        he.setAppUrl(request.appUrl());
+        he.setUsername(request.username());
+        he.setToken(response.token());
+        he.setAttachmentToken(response.getExtraVar("attachmentToken"));
+        he.setExpiresAt(response.expiresAt());
+
+        return he;
+    }
+}
@@ -0,0 +1,14 @@
+package com.vaessl.app.connection;
+
+import lombok.Getter;
+
+@Getter
+public enum ServiceType {
+    HOMEBOX("HOMEBOX");
+
+    private final String value;
+
+    private ServiceType(String value){
+        this.value = value;
+    }
+}
@@ -0,0 +1,5 @@
+package com.vaessl.app.dto;
+
+import java.time.Instant;
+
+public record AuthResponse(String serviceType, Instant expiresAt) {}
@@ -0,0 +1,25 @@
+package com.vaessl.app.dto;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+import jakarta.validation.constraints.NotBlank;
+
+public record ConnectionRequest(
+                @NotBlank(message = "App URL is mandatory") String appUrl,
+                @NotBlank(message = "Service type is mandatory") String serviceType,
+                String username,
+                String password,
+                String apiKey,
+                @JsonProperty(defaultValue = "false") Boolean stayLoggedIn) {
+
+        public ConnectionRequest {
+                if (stayLoggedIn == null) {
+                        stayLoggedIn = false;
+                }
+        }
+
+        public ConnectionRequest(String appUrl, String serviceType, String username, String password,
+                        Boolean stayLoggedIn) {
+                this(appUrl, serviceType, username, password, null, stayLoggedIn);
+        }
+}
@@ -0,0 +1,17 @@
+package com.vaessl.app.dto;
+
+import java.time.Instant;
+import java.util.Map;
+
+public record ConnectionResponse(String token, Instant expiresAt, Map<String, Object> extraResponseData) {
+    
+    public String getExtraVar(String key) {
+        if(extraResponseData == null) {
+            return null;
+        } else {
+            Object value = extraResponseData.get(key);
+
+            return value != null ? String.valueOf(value) : null;
+        }
+    }
+}
@@ -0,0 +1,10 @@
+package com.vaessl.app.dto;
+
+import java.time.Instant;
+
+public record ConnectionStatusResponse(
+        String serviceType,
+        String appUrl,
+        String username,
+        Instant expiresAt,
+        boolean connected) {}
@@ -0,0 +1,5 @@
+package com.vaessl.app.dto;
+
+import java.time.Instant;
+
+public record LoginResult(Long connectionId, Instant expiresAt) {}
@@ -0,0 +1,13 @@
+package com.vaessl.app.exception;
+
+import java.util.List;
+
+import lombok.Getter;
+import lombok.RequiredArgsConstructor;
+
+@Getter
+@RequiredArgsConstructor
+public class EmptyCredentialsException extends RuntimeException {
+
+    private final List<String> missingFields;
+}
@@ -0,0 +1,35 @@
+package com.vaessl.app.exception;
+
+import org.springframework.http.HttpStatus;
+
+import com.fasterxml.jackson.annotation.JsonValue;
+
+public enum ErrorMessage {
+    BAD_REQUEST_EMPTY_FIELDS(HttpStatus.BAD_REQUEST, "Fields must not be empty."), UNAUTHORIZED_WRONG_LOGIN(
+            HttpStatus.UNAUTHORIZED, "Invalid username or password."), SERVICE_UNAVAILABLE_UNREACHABLE_URL(
+                    HttpStatus.SERVICE_UNAVAILABLE, "The target URL is unreachable."), SERVER_ERROR_GENERAL(
+                            "The external app returned a server error: "), WRONG_SERVICE_TYPE(HttpStatus.NOT_FOUND,
+                                    "No such service type.");
+
+    private final HttpStatus status;
+    private final String message;
+
+    private ErrorMessage(HttpStatus status, String message) {
+        this.status = status;
+        this.message = message;
+    }
+
+    private ErrorMessage(String message) {
+        this.status = null;
+        this.message = message;
+    }
+
+    public HttpStatus getStatus() {
+        return status;
+    }
+
+    @JsonValue
+    public String getMessage() {
+        return message;
+    }
+}
@@ -0,0 +1,61 @@
+package com.vaessl.app.exception;
+
+import org.springframework.http.ProblemDetail;
+import org.springframework.validation.FieldError;
+import org.springframework.web.bind.MethodArgumentNotValidException;
+import org.springframework.web.bind.annotation.ExceptionHandler;
+import org.springframework.web.bind.annotation.RestControllerAdvice;
+import org.springframework.web.client.HttpClientErrorException;
+import org.springframework.web.client.HttpServerErrorException;
+import org.springframework.web.client.ResourceAccessException;
+
+import static com.vaessl.app.exception.ErrorMessage.*;
+
+import java.util.stream.Collectors;
+
+@RestControllerAdvice
+public class GlobalExceptionHandler {
+
+    @ExceptionHandler(MethodArgumentNotValidException.class)
+    public ProblemDetail handleEmptyCredentialInput(MethodArgumentNotValidException e) {
+
+        String defaultMessages = e.getBindingResult().getFieldErrors().stream().map(FieldError::getDefaultMessage)
+                .collect(Collectors.joining(", "));
+
+        return ProblemDetail.forStatusAndDetail(BAD_REQUEST_EMPTY_FIELDS.getStatus(),
+                BAD_REQUEST_EMPTY_FIELDS.getMessage() + " [" + defaultMessages + "]");
+    }
+
+    @ExceptionHandler(HttpClientErrorException.Unauthorized.class)
+    public ProblemDetail handleUnauthorizedAccess(HttpClientErrorException e) {
+
+        return ProblemDetail.forStatusAndDetail(UNAUTHORIZED_WRONG_LOGIN.getStatus(),
+                UNAUTHORIZED_WRONG_LOGIN.getMessage());
+    }
+
+    @ExceptionHandler(ResourceAccessException.class)
+    public ProblemDetail handleNoConnection(ResourceAccessException e) {
+
+        return ProblemDetail.forStatusAndDetail(SERVICE_UNAVAILABLE_UNREACHABLE_URL.getStatus(),
+                SERVICE_UNAVAILABLE_UNREACHABLE_URL.getMessage());
+    }
+
+    @ExceptionHandler(HttpServerErrorException.class)
+    public ProblemDetail handleTimeoutOrNotFound(HttpServerErrorException e) {
+
+        return ProblemDetail
+                .forStatusAndDetail(e.getStatusCode(),
+                        SERVER_ERROR_GENERAL.getMessage() + e.getStatusText());
+    }
+
+    @ExceptionHandler(WrongServiceTypeException.class)
+    public ProblemDetail handleWrongServiceType(WrongServiceTypeException e) {
+        return ProblemDetail.forStatusAndDetail(WRONG_SERVICE_TYPE.getStatus(), WRONG_SERVICE_TYPE.getMessage());
+    }
+
+    @ExceptionHandler(EmptyCredentialsException.class)
+    public ProblemDetail handleEmptyCredentials(EmptyCredentialsException e) {
+        return ProblemDetail.forStatusAndDetail(BAD_REQUEST_EMPTY_FIELDS.getStatus(),
+                BAD_REQUEST_EMPTY_FIELDS.getMessage() + " " + e.getMissingFields());
+    }
+}
@@ -0,0 +1,4 @@
+package com.vaessl.app.exception;
+
+public class WrongServiceTypeException extends RuntimeException {
+}
@@ -0,0 +1,17 @@
+{"properties": [
+  {
+    "name": "spring.session.store-type",
+    "type": "java.lang.String",
+    "description": "A description for 'spring.session.store-type'"
+  },
+  {
+    "name": "vaessl.frontend-local-url",
+    "type": "java.lang.String",
+    "description": "A description for 'vaessl.frontend-local-url'"
+  },
+  {
+    "name": "vaessl.frontend-public-url",
+    "type": "java.lang.String",
+    "description": "A description for 'vaessl.frontend-public-url'"
+  }
+]}
@@ -2,18 +2,19 @@ spring:
  application:
    name: vaessl
  config:
-    import: "optional:file:.env_dev[.properties]"
+    import:
+      - "optional:file:.env.local[.properties]"
+      - "optional:file:backend/.env.local[.properties]"
+      - "optional:file:vaessl/backend/.env.local[.properties]"
  datasource:
-    url : ${DB_URL}
+    url: ${DB_URL}
    username: ${DB_USERNAME}
    password: ${DB_PASSWORD}
    driver-class-name: ${PG_DRIVER_CLASS_NAME}
-
  jpa:
    hibernate:
-      ddl-auto: update
+      ddl-auto: create-drop
    show-sql: true
-
  ai:
    openai:
      base-url: ${OPENAI_BASE_URL}
@@ -21,7 +22,13 @@ spring:
      chat:
        options:
          model: gpt-4o-mini
-
-  logging:
-    level:
-      org.springframework.boot.context.config: TRACE
+  session:
+    store-type: jdbc
+    jdbc:
+      initialize-schema: always
+server:
+  servlet:
+    context-path: /api
+vaessl:
+  frontend-local-url: ${FRONTEND_LOCAL_URL}
+  frontend-public-url: ${FRONTEND_PUBLIC_URL}
@@ -1,13 +1,32 @@
 package com.vaessl.app;

+import java.sql.Connection;
+import java.sql.SQLException;
+
+import javax.sql.DataSource;
+
 import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.test.context.ActiveProfiles;
+
+import static org.assertj.core.api.Assertions.assertThat;

@SpringBootTest
+@ActiveProfiles("test")
 class ApplicationTests {

-	@Test
-	void contextLoads() {
-	}
+    @Autowired
+    private DataSource dataSource;

+    @Test
+    void contextLoads() {
+    }
+
+    @Test
+    void connectionToTestDbWorks() throws SQLException {
+        try (Connection connection = dataSource.getConnection()) {
+            assertThat(connection.getMetaData().getURL()).contains("vaessl_test");
+        }
+    }
 }
@@ -0,0 +1,157 @@
+package com.vaessl.app.connection;
+
+import static com.vaessl.app.connection.Endpoint.*;
+import static com.vaessl.app.connection.ServiceType.*;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;
+
+import com.github.tomakehurst.wiremock.client.WireMock;
+import com.github.tomakehurst.wiremock.junit5.WireMockRuntimeInfo;
+import com.github.tomakehurst.wiremock.junit5.WireMockTest;
+
+import jakarta.servlet.http.Cookie;
+
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.webmvc.test.autoconfigure.AutoConfigureMockMvc;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.http.MediaType;
+import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.MvcResult;
+
+@SpringBootTest
+@AutoConfigureMockMvc
+@WireMockTest
+class ConnectionControllerTest {
+
+    @Autowired
+    MockMvc mockMvc;
+
+    private static final String TEST_USER = "admin";
+    private static final String TEST_PASS = "pw";
+    private static final String LOGIN_PATH = LOGIN.getValue();
+    private static final String STATUS_PATH = CONNECTION_STATUS.getValue();
+    private static final String LOGOUT_PATH = "/connections/HOMEBOX";
+
+    private static final String VALID_HOMEBOX_RESPONSE = """
+            {
+                "token": "fake-jwt-token",
+                "attachmentToken": "fake-attach",
+                "expiresAt": "2099-01-01T00:00:00Z"
+            }
+            """;
+
+    private static final String EXPIRED_HOMEBOX_RESPONSE = """
+            {
+                "token": "expired-token",
+                "attachmentToken": "fake-attach",
+                "expiresAt": "2000-01-01T00:00:00Z"
+            }
+            """;
+
+    @Test
+    void shouldReturnEmptyListWhenNoActiveSession() throws Exception {
+        mockMvc.perform(get(STATUS_PATH))
+                .andExpect(status().isOk())
+                .andExpect(content().json("[]"));
+    }
+
+    @Test
+    void shouldReturnConnectionStatusWithConnectedTrueAfterLogin(WireMockRuntimeInfo wm) throws Exception {
+        WireMock.stubFor(WireMock.post(HOMEBOX_LOGIN.getValue()).willReturn(WireMock.okJson(VALID_HOMEBOX_RESPONSE)));
+
+        MvcResult loginResult = mockMvc.perform(post(LOGIN_PATH)
+                .contentType(MediaType.APPLICATION_JSON)
+                .content(connectionRequestBody(wm)))
+                .andExpect(status().isOk())
+                .andReturn();
+
+        Cookie sessionCookie = loginResult.getResponse().getCookie("SESSION");
+
+        mockMvc.perform(get(STATUS_PATH).cookie(sessionCookie))
+                .andExpect(status().isOk())
+                .andExpect(jsonPath("$.length()").value(1))
+                .andExpect(jsonPath("$[0].serviceType").value(HOMEBOX.getValue()))
+                .andExpect(jsonPath("$[0].username").value(TEST_USER))
+                .andExpect(jsonPath("$[0].appUrl").value(wm.getHttpBaseUrl()))
+                .andExpect(jsonPath("$[0].connected").value(true));
+    }
+
+    @Test
+    void shouldReturnConnectedFalseWhenStoredTokenIsExpired(WireMockRuntimeInfo wm) throws Exception {
+        WireMock.stubFor(WireMock.post(HOMEBOX_LOGIN.getValue()).willReturn(WireMock.okJson(EXPIRED_HOMEBOX_RESPONSE)));
+
+        MvcResult loginResult = mockMvc.perform(post(LOGIN_PATH)
+                .contentType(MediaType.APPLICATION_JSON)
+                .content(connectionRequestBody(wm)))
+                .andExpect(status().isOk())
+                .andReturn();
+
+        Cookie sessionCookie = loginResult.getResponse().getCookie("SESSION");
+
+        mockMvc.perform(get(STATUS_PATH).cookie(sessionCookie))
+                .andExpect(status().isOk())
+                .andExpect(jsonPath("$[0].serviceType").value(HOMEBOX.getValue()))
+                .andExpect(jsonPath("$[0].connected").value(false))
+                .andExpect(jsonPath("$[0].expiresAt").value("2000-01-01T00:00:00Z"));
+    }
+
+    @Test
+    void shouldReturn204NoContentOnLogout(WireMockRuntimeInfo wm) throws Exception {
+        WireMock.stubFor(WireMock.post(HOMEBOX_LOGIN.getValue()).willReturn(WireMock.okJson(VALID_HOMEBOX_RESPONSE)));
+
+        MvcResult loginResult = mockMvc.perform(post(LOGIN_PATH)
+                .contentType(MediaType.APPLICATION_JSON)
+                .content(connectionRequestBody(wm)))
+                .andExpect(status().isOk())
+                .andReturn();
+
+        Cookie sessionCookie = loginResult.getResponse().getCookie("SESSION");
+
+        mockMvc.perform(delete(LOGOUT_PATH).cookie(sessionCookie))
+                .andExpect(status().isNoContent());
+    }
+
+    @Test
+    void shouldReturnEmptyStatusListAfterLogout(WireMockRuntimeInfo wm) throws Exception {
+        WireMock.stubFor(WireMock.post(HOMEBOX_LOGIN.getValue()).willReturn(WireMock.okJson(VALID_HOMEBOX_RESPONSE)));
+
+        MvcResult loginResult = mockMvc.perform(post(LOGIN_PATH)
+                .contentType(MediaType.APPLICATION_JSON)
+                .content(connectionRequestBody(wm)))
+                .andExpect(status().isOk())
+                .andReturn();
+
+        Cookie sessionCookie = loginResult.getResponse().getCookie("SESSION");
+
+        // Verify connected before logout
+        mockMvc.perform(get(STATUS_PATH).cookie(sessionCookie))
+                .andExpect(status().isOk())
+                .andExpect(jsonPath("$.length()").value(1));
+
+        mockMvc.perform(delete(LOGOUT_PATH).cookie(sessionCookie))
+                .andExpect(status().isNoContent());
+
+        // A new request (no session cookie, as in a fresh browser) returns no connections
+        mockMvc.perform(get(STATUS_PATH))
+                .andExpect(status().isOk())
+                .andExpect(content().json("[]"));
+    }
+
+    @Test
+    void shouldReturn204WhenLogoutCalledWithNoActiveSession() throws Exception {
+        mockMvc.perform(delete(LOGOUT_PATH))
+                .andExpect(status().isNoContent());
+    }
+
+    private String connectionRequestBody(WireMockRuntimeInfo wm) {
+        return """
+                {
+                    "appUrl": "%s",
+                    "serviceType": "HOMEBOX",
+                    "username": "%s",
+                    "password": "%s"
+                }
+                """.formatted(wm.getHttpBaseUrl(), TEST_USER, TEST_PASS);
+    }
+}
@@ -0,0 +1,50 @@
+package com.vaessl.app.connection;
+
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.doThrow;
+import static org.mockito.Mockito.never;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+import java.util.List;
+
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.Mock;
+import org.mockito.junit.jupiter.MockitoExtension;
+
+import com.vaessl.app.dto.ConnectionRequest;
+import com.vaessl.app.exception.EmptyCredentialsException;
+
+import static com.vaessl.app.connection.Mockdata.*;
+
+@ExtendWith(MockitoExtension.class)
+class ConnectionServiceTest {
+
+    @Mock
+    private ConnectionProvider mockProvider;
+    @Mock
+    private ConnectionRepository mockRepo;
+
+    private ConnectionService connectionService;
+
+    @BeforeEach
+    void setup() {
+        when(mockProvider.getServiceType()).thenReturn(MOCK_SERVICE_TYPE);
+        connectionService = new ConnectionService(List.of(mockProvider), mockRepo);
+    }
+
+    @Test
+    void login_ShouldAbort_WhenCheckCredentialsThrowsException() {
+        ConnectionRequest request = new ConnectionRequest(MOCK_URL, MOCK_SERVICE_TYPE, null, null, false);
+
+        doThrow(new EmptyCredentialsException(List.of("username")))
+            .when(mockProvider).checkCredentials(request);
+
+        assertThrows(EmptyCredentialsException.class, () -> connectionService.login(request));
+
+        verify(mockProvider, never()).authenticate(any());
+    }
+}
@@ -0,0 +1,27 @@
+package com.vaessl.app.connection;
+
+import static org.junit.jupiter.api.Assertions.assertThrows;
+
+import org.junit.jupiter.api.Test;
+
+import com.vaessl.app.dto.ConnectionRequest;
+import com.vaessl.app.exception.EmptyCredentialsException;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static com.vaessl.app.connection.Mockdata.*;
+
+class HomeBoxConnectionProviderTest {
+
+    private final HomeBoxConnectionProvider provider = new HomeBoxConnectionProvider(null, null);
+
+    @Test
+    void checkCredentials_ShouldThrowException_WhenFieldsAreMissing() {
+        ConnectionRequest request = new ConnectionRequest(MOCK_URL, "HOMEBOX", null, null, false);
+
+        EmptyCredentialsException exception = assertThrows(EmptyCredentialsException.class, () -> {
+            provider.checkCredentials(request);
+        });
+
+        assertThat(exception.getMissingFields()).containsExactly("username", "password");
+    }
+}
@@ -0,0 +1,209 @@
+package com.vaessl.app.connection;
+
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.resttestclient.TestRestTemplate;
+import org.springframework.boot.resttestclient.autoconfigure.AutoConfigureTestRestTemplate;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+
+import com.github.tomakehurst.wiremock.http.Fault;
+import com.github.tomakehurst.wiremock.junit5.WireMockRuntimeInfo;
+import com.github.tomakehurst.wiremock.junit5.WireMockTest;
+
+import com.jayway.jsonpath.DocumentContext;
+import com.jayway.jsonpath.JsonPath;
+import com.vaessl.app.dto.ConnectionRequest;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+import static com.github.tomakehurst.wiremock.client.WireMock.*;
+import static com.vaessl.app.connection.Endpoint.*;
+import static com.vaessl.app.exception.ErrorMessage.*;
+import static com.vaessl.app.connection.ServiceType.*;
+
+@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
+@AutoConfigureTestRestTemplate
+@WireMockTest
+class HomeboxIntegrationTest {
+
+    @Autowired
+    TestRestTemplate restTemplate;
+
+    @Autowired
+    ConnectionRepository cRepository;
+
+    String okJsonHomeboxResponse = """
+            {
+                "token": "fake-jwt-token",
+                "attachmentToken": "fake-attach",
+                "expiresAt": "2026-04-26T02:23:13Z"
+            }
+                """;
+
+    private static final String TEST_USER = "admin";
+    private static final String TEST_PASS = "pw";
+
+    /**
+     * Returns Token and status code OK when login is successful.
+     * 
+     * @param wm the WiremockRuntimeInfo object
+     */
+    @Test
+    void shouldReturnStatusOkWhenHomeboxCredentialsAreValid(WireMockRuntimeInfo wm) {
+
+        stubFor(post(HOMEBOX_LOGIN.getValue())
+                .willReturn(okJson(okJsonHomeboxResponse)));
+
+        ResponseEntity<String> response = restTemplate.postForEntity(LOGIN.getValue(), connectionRequest(wm),
+                String.class);
+
+        DocumentContext documentContext = JsonPath.parse(response.getBody());
+
+        String serviceType = documentContext.read("$.serviceType");
+        assertThat(serviceType).isEqualTo("HOMEBOX");
+
+        String expiresAt = documentContext.read("$.expiresAt", String.class);
+        assertThat(expiresAt).isEqualTo("2026-04-26T02:23:13Z");
+        assertThat(response.getStatusCode()).isEqualTo(HttpStatus.OK);
+    }
+
+    /**
+     * Tests the Unauthorized custom exception.
+     * 
+     * @param wm the WiremockRuntimeInfo object
+     */
+    @Test
+    void shouldFailToConnectWhenHomeboxReturnsUnauthorized(WireMockRuntimeInfo wm) {
+
+        stubFor(post(HOMEBOX_LOGIN.getValue()).willReturn(unauthorized()));
+
+        ResponseEntity<String> response = restTemplate.postForEntity(LOGIN.getValue(), connectionRequest(wm),
+                String.class);
+
+        assertThat(response.getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED);
+        assertThat(response.getBody()).contains(UNAUTHORIZED_WRONG_LOGIN.getMessage());
+    }
+
+    /**
+     * Tests a server error from the external api.
+     * 
+     * @param wm the WiremockRuntimeInfo object
+     */
+    @Test
+    void shouldFailToConnectWhenHomeboxReturnsServiceUnavailable(WireMockRuntimeInfo wm) {
+
+        stubFor(post(HOMEBOX_LOGIN.getValue()).willReturn(serviceUnavailable()));
+
+        ResponseEntity<String> response = restTemplate.postForEntity(LOGIN.getValue(), connectionRequest(wm),
+                String.class);
+
+        assertThat(response.getStatusCode()).isEqualTo(HttpStatus.SERVICE_UNAVAILABLE);
+        assertThat(response.getBody()).contains(SERVER_ERROR_GENERAL.getMessage());
+    }
+
+    /**
+     * Checks when the service is unavailable or the app URL is wrong.
+     */
+    @Test
+    void shouldReturnServiceUnavailableWhenHomeboxUrlIsWrong(WireMockRuntimeInfo wm) {
+
+        stubFor(post(HOMEBOX_LOGIN.getValue())
+                .willReturn(aResponse().withFault(Fault.CONNECTION_RESET_BY_PEER)));
+
+        ConnectionRequest badRequest = connectionRequest(wm);
+        ResponseEntity<String> response = restTemplate.postForEntity(LOGIN.getValue(), badRequest, String.class);
+
+        assertThat(response.getStatusCode()).isEqualTo(HttpStatus.SERVICE_UNAVAILABLE);
+        assertThat(response.getBody()).contains(SERVICE_UNAVAILABLE_UNREACHABLE_URL.getMessage());
+    }
+
+    /**
+     * Checks if any login fields are empty since all of them are mandatory.
+     */
+    @Test
+    void shouldReturnBadRequestWhenHomeboxFieldsAreEmpty() {
+
+        ConnectionRequest emtpyRequest = new ConnectionRequest("", "", "", "", false);
+
+        ResponseEntity<String> response = restTemplate.postForEntity(LOGIN.getValue(), emtpyRequest, String.class);
+
+        assertThat(response.getStatusCode()).isEqualTo(HttpStatus.BAD_REQUEST);
+        assertThat(response.getBody()).contains(BAD_REQUEST_EMPTY_FIELDS.getMessage());
+    }
+
+    /**
+     * Test the exception when there is an input for serviceType but it's
+     * unsupported.
+     */
+    @Test
+    void shouldReturnWrongServiceTypeException(WireMockRuntimeInfo wm) {
+        ConnectionRequest wrongServiceTypeReq = new ConnectionRequest(
+                wm.getHttpBaseUrl(),
+                "wrong-service-type",
+                TEST_USER, TEST_PASS,
+                false);
+
+        ResponseEntity<String> response = restTemplate.postForEntity(LOGIN.getValue(), wrongServiceTypeReq,
+                String.class);
+
+        assertThat(response.getStatusCode()).isEqualTo(HttpStatus.NOT_FOUND);
+        assertThat(response.getBody()).contains(WRONG_SERVICE_TYPE.getMessage());
+    }
+
+    /**
+     * Tests the succesfull persistance of Homebox credential response to the
+     * database.
+     * 
+     * @param wm the WiremockRuntimeInfo object
+     */
+    @Test
+    void shouldSaveHomeboxConnectionResponseToDb(WireMockRuntimeInfo wm) {
+
+        stubFor(post(urlEqualTo(HOMEBOX_LOGIN.getValue()))
+                .willReturn(okJson(okJsonHomeboxResponse)));
+
+        ConnectionRequest request = connectionRequest(wm);
+
+        ResponseEntity<String> response = restTemplate.postForEntity(LOGIN.getValue(), request, String.class);
+        assertThat(response.getStatusCode()).isEqualTo(HttpStatus.OK);
+
+        ConnectionEntity dbEntry = cRepository.findByAppUrlAndUsername(request.appUrl(), request.username());
+
+        assertThat(dbEntry).isNotNull();
+        assertThat(dbEntry.getAppUrl()).isEqualTo(request.appUrl());
+        assertThat(dbEntry.getUsername()).isEqualTo(request.username());
+
+        if (dbEntry instanceof HomeboxEntity hbE) {
+            assertThat(hbE.getToken()).isEqualTo("fake-jwt-token");
+            assertThat(hbE.getAttachmentToken()).isEqualTo("fake-attach");
+            assertThat(hbE.getExpiresAt().toString()).hasToString("2026-04-26T02:23:13Z");
+        }
+    }
+
+    @Test
+    void shouldReturnEmptyCredentialsExceptionWhenCredsAreMissing(WireMockRuntimeInfo wm) {
+        ConnectionRequest missingCredentials = new ConnectionRequest(wm.getHttpBaseUrl(), HOMEBOX.getValue(), TEST_USER,
+                null,
+                false);
+
+        ResponseEntity<String> response = restTemplate.postForEntity(LOGIN.getValue(), missingCredentials,
+                String.class);
+
+        assertThat(response.getStatusCode()).isEqualTo(HttpStatus.BAD_REQUEST);
+        assertThat(response.getBody()).contains(BAD_REQUEST_EMPTY_FIELDS.getMessage());
+    }
+
+    /**
+     * Creates a valid connection request with a mock Api through
+     * WireMockRuntimeInfo.
+     * 
+     * @param wm the WiremockRuntimeInfo object
+     * @return a mock api connection request.
+     */
+    private ConnectionRequest connectionRequest(WireMockRuntimeInfo wm) {
+        return new ConnectionRequest(wm.getHttpBaseUrl(), HOMEBOX.getValue(), TEST_USER, TEST_PASS,
+                null);
+    }
+}
@@ -0,0 +1,9 @@
+package com.vaessl.app.connection;
+
+public final class Mockdata {
+
+    private Mockdata() {}
+
+    public static final String MOCK_URL = "http://localhost:1234";
+    public static final String MOCK_SERVICE_TYPE = "SERVICE_TYPE";
+}
@@ -0,0 +1,9 @@
+spring:
+  datasource:
+    url: ${DB_TEST_URL}
+    username: ${DB_USERNAME}
+    password: ${DB_PASSWORD}
+    driver-class-name: ${PG_DRIVER_CLASS_NAME}
+  jpa:
+    hibernate:
+      ddl-auto: update
@@ -25,14 +25,14 @@ services:
 #      - HASHED_PASSWORD= #optional
 #      - SUDO_PASSWORD=password #optional
 #      - SUDO_PASSWORD_HASH= #optional
-      - PROXY_DOMAIN=code-server.my.domain #this is important to generate a proper forward address for ports 8080 and 3000
+      - PROXY_DOMAIN=code-server.my.domain #this is important to generate a proper forward address for ports 8080 and 5173
      - DEFAULT_WORKSPACE=/config/workspace #optional
    volumes:
      - /home/pi/docker/vscode:/config
    ports:
      - 8443:8443
-      - 8124:8080 #spring port 
-      - 3124:3000 #react port
+      - 8124:8080 # spring port 
+      - 5173:5173 # vite port
    restart: unless-stopped
 ```

@@ -6,7 +6,7 @@ Vaessl is an AI-powered bridge designed to connect physical reality to digital m
 # Technical requirements & stack

 ## Frontend
- Framework: Next.js (React)
+- Framework: Vite (React)

 - Styling: Tailwind CSS + SCSS

@@ -52,7 +52,7 @@ The image processing is the heart of Vaessl's "bridge" functionality. It ensures
 ## Deployment
 Vaessl is deployed via Docker Compose for high portability.

- Container 1: Next.js (Web UI)
+- Container 1: Vite (Web UI)
 - Container 2: Spring Boot
 - Container 3: PostgreSQL + pgvector
 - Container 4: LiteLLM
@@ -29,12 +29,12 @@ Vaessl is intended to be a useful tool for the public, specifically those utiliz
 # Short-Term Roadmap & Milestones

 - Phase 1: Foundation (Current)
-  * Deploy the core infrastructure (PostgreSQL + pgvector, LiteLLM, Spring Boot Skeleton, Next.Js frontend).
+  * Deploy the core infrastructure (PostgreSQL + pgvector, LiteLLM, Spring Boot Skeleton, Vite frontend).
  * Establish the bridge between the Vaessl backend and a demo Homebox instance.

 - Phase 2: The Processing Pipeline
  * Implement the image processing workflow: Upload $\rightarrow$ AI analysis $\rightarrow$ staging Table.
-  * Develop the Next.js interface for data refinement and verification.
+  * Develop the Vite interface for data refinement and verification.

 - Phase 3: Semantic Search & Demo
  * Integrate Spring AI for embedding generation.
@@ -1,6 +1,10 @@
 **Vaessl: code-server adjustments**

-Before developing on code-server I configure a Dockerfile to install all packages needed for Spring Boot, Java and Next.js. I install openjdk, npm, nodejs and yarn and set the environment variables for Java. Since the linuxserver code-server image doesn't come with root access for its default user abc out of the box every privileged action will be baked in here:
+Before developing on code-server I configure a Dockerfile to install all packages needed for Spring Boot, Java and Vite. 
+
+I install openjdk 25, nodejs 24.x and yarn and set the environment variables for Java (and the /config/.local/bin folder that gets used for tools like Claude Code). 
+
+Since the linuxserver code-server image doesn't come with root access for its default user abc out of the box every privileged action will be baked in here:

 ```
 FROM lscr.io/linuxserver/code-server:latest
@@ -8,17 +12,19 @@ FROM lscr.io/linuxserver/code-server:latest
 USER root

 RUN apt update && apt install -y \
-    openjdk-25-jdk maven \
-    nodejs npm \
- && npm install -g yarn \
- && rm -rf /var/lib/apt/lists/*
+    curl ca-certificates openjdk-25-jdk \
+    # Add nodejs for React/Vite
+    && curl -fsSL https://deb.nodesource.com/setup_24.x | bash - \
+    && apt install -y nodejs \
+    && rm -rf /var/lib/apt/lists/*

+# Set Java Environment
 ENV JAVA_HOME=/usr/lib/jvm/java-25-openjdk-amd64
-ENV PATH="$JAVA_HOME/bin:${PATH}"
+ENV PATH="/config/.local/bin:$JAVA_HOME/bin:${PATH}"

 ```

-Build the custom image and name it name it something like code-server-dev:
+Build the custom image and name it something like code-server-dev:

 ```
 docker build -t code-server-dev .
@@ -0,0 +1,231 @@
+**Vaessl: Spring Boot and database setup**
+
+This app will use the current latest version 4.0.4 of Spring Boot and the latest OpenJDK 25 LTS. 
+ 
+ The dependencies are chosen to specifically work with Spring AI and PostgreSQL/pgvector. For the AI function OpenAI is chosen since it is known to work with LiteLLM. The PostgreSQL dependency makes sure to include PostGreSQL support for self hosted databases.
+
+# Spring Initializr settings
+
+**Build System: Gradle - Kotlin**
+
+Gradel Kotlin is chosen to make mobile/Android app development easier.
+
+**Spring Boot: 4.0.4**
+
+**Packaging: Jar**
+
+**Configuration: YAML**
+
+**Java: 25**
+
+**Dependencies**
+
+- Lombok 
+- Spring Boot DevTools
+- Spring Web
+- Spring Security
+- Spring Data JPA
+- OpenAI AI
+- PostgreSQL Driver
+- Validation
+
+# Project Settings
+
+PostGreSQL and OpenAI need an initial setup so that the local instance is able to start. I will comment out Spring Security since user management is an issue for a later iteration of the app.
+
+The build.gradle.kts will look something like this:
+
+```
+plugins {
+	java
+	id("org.springframework.boot") version "4.0.4"
+	id("io.spring.dependency-management") version "1.1.7"
+}
+
+group = "com.vaessl"
+version = "0.0.1-SNAPSHOT"
+
+java {
+	toolchain {
+		languageVersion = JavaLanguageVersion.of(25)
+	}
+}
+
+configurations {
+	compileOnly {
+		extendsFrom(configurations.annotationProcessor.get())
+	}
+}
+
+repositories {
+	mavenCentral()
+}
+
+extra["springAiVersion"] = "2.0.0-M3"
+
+dependencies {
+	implementation("org.springframework.boot:spring-boot-starter-data-jpa")
+	// implementation("org.springframework.boot:spring-boot-starter-security")
+	implementation("org.springframework.boot:spring-boot-starter-validation")
+	implementation("org.springframework.boot:spring-boot-starter-webmvc")
+	implementation("org.springframework.ai:spring-ai-starter-model-openai")
+	compileOnly("org.projectlombok:lombok")
+	developmentOnly("org.springframework.boot:spring-boot-devtools")
+	runtimeOnly("org.postgresql:postgresql")
+	annotationProcessor("org.projectlombok:lombok")
+	testImplementation("org.springframework.boot:spring-boot-starter-data-jpa-test")
+	// testImplementation("org.springframework.boot:spring-boot-starter-security-test")
+	testImplementation("org.springframework.boot:spring-boot-starter-validation-test")
+	testImplementation("org.springframework.boot:spring-boot-starter-webmvc-test")
+	testRuntimeOnly("org.junit.platform:junit-platform-launcher")
+	testImplementation("org.springframework.boot:spring-boot-starter-test")
+}
+
+dependencyManagement {
+	imports {
+		mavenBom("org.springframework.ai:spring-ai-bom:${property("springAiVersion")}")
+	}
+}
+
+tasks.withType<Test> {
+	useJUnitPlatform()
+}
+
+```
+
+To configure OpenAI (which I will use instead of LiteLLM initially since I have an OpenAI Api key and can get going quickly) and PostGreSQL I will create a .env.local file in the root dir, fill all credentials and add it to .gitignore
+
+```
+DB_URL=jdbc:postgresql://192.168.1.208:5433/vaessl
+DB_TEST_URL=jdbc:postgresql://192.168.1.208:5434/vaessl_test
+DB_USERNAME=myusername
+DB_PASSWORD=mypw
+OPENAI_KEY=myapikey
+OPENAI_BASE_URL=https://api.openai.com
+PG_DRIVER_CLASS_NAME=org.postgresql.Driver
+```
+
+The initial application.yaml in the resources folder will look like this:
+
+```
+spring:
+  application:
+    name: vaessl
+  config:
+    import: "optional:file:.env.local[.properties]"
+  datasource:
+    url : ${DB_URL}
+    username: ${DB_USERNAME}
+    password: ${DB_PASSWORD}
+    driver-class-name: ${PG_DRIVER_CLASS_NAME}
+
+  jpa:
+    hibernate:
+      ddl-auto: update
+    show-sql: true
+
+  ai:
+    openai:
+      base-url: ${OPENAI_BASE_URL}
+      api-key: ${OPENAI_KEY}
+      chat:
+        options:
+          model: gpt-4o-mini
+
+  logging:
+    level:
+      org.springframework.boot.context.config: TRACE
+
+```
+
+The Docker Compose file for code-server will look something like this:
+
+```
+---
+services:
+  code-server:
+    image: code-server-dev:latest
+    container_name: code-server
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Vienna
+#      - PASSWORD= #optional
+      - HASHED_PASSWORD=hashedpw
+#      - SUDO_PASSWORD_HASH= #optional
+      - PROXY_DOMAIN=code-server.your.website
+      - DEFAULT_WORKSPACE=/config/workspace
+    volumes:
+      - /home/pi/docker/vscode:/config
+      - /home/pi/docker/vscode/workspace:/workspace
+    ports:
+      - 8443:8443
+      - 8124:8080
+      - 5173:5173
+    restart: unless-stopped
+```
+
+Note that I'm using my own locally hosted PostgreSQL instances for the main and test database. Just add databases via SQL or PgAdmin and install the pgvector extension to each database manually. There is an offical ready-made pgvector docker image but if you already host a PostGreSQL database you need to add the extension yourself.
+
+Check the name of your PostGreSQL container:
+```
+docker ps
+```
+
+Enter your container via bash:
+
+```
+docker exec -it 876fb382969f bash
+```
+Before working on your database backup your databases:
+```
+su - postgres -c "pg_dumpall > /tmp/backup200526.sql"
+
+#exit the container and copy the backup file to local file system 
+docker cp 876fb382969f:/tmp/backup200526.sql .
+```
+
+Install dependencies, build and install pgvector:
+apt-get update
+apt-get install -y build-essential git postgresql-server-dev-all
+```
+git clone https://github.com/pgvector/pgvector.git
+cd pgvector
+make
+make install
+docker restart 876fb382969f 
+```
+Enter PostGreSQL container and create pgvector extension for each databse:
+```
+docker exec -it <container-name> psql -h localhost -U <db-user> -d <db-name>
+
+CREATE EXTENSION vector;
+```
+
+# Appendix: Additional config for developing in Code-Server
+
+When using the code-server container there are additional config steps to mind:
+
+- Assign the 8080 port to a different port if it is used by another docker container by adding a port variable in the docker-compose.yaml. I assigned it to 8124.
+
+	```
+	ports:
+		- 8443:8443
+		- 8124:8080
+	```
+
+- define a proxy domain for automatic Url generations when starting localhost 
+
+	```
+	environment:
+		- PROXY_DOMAIN=code-server.your.website
+	```
+
+	This makes sure port 8080 is reachable via https://8080.code-server.your.website as per code-server documentation for using subdomains: https://coder.com/docs/code-server/guide#using-a-subdomain
+
+- make sure to add the subdomain in your proxy platform like Cloudflare Zero Trust Tunnel or Pangolin and point it to the local ip in my case http://192.168.208:8124
+
+
+
+
+
@@ -0,0 +1,26 @@
+**Vaessl: Frontend setup**
+
+Vite will act as development server for the React app. The necessary packages especially the correct NodeJs version are baked into the Docker image documented in [code-server adjustments](https://gitea.kasuns.website/kasun/Vaessl/src/branch/main/docs/02-Preparation/01-code-server-adjustments.md) 
+
+Port 5173 needs to be exposed in the code-server container via port variable.
+
+To ensure proper localhost Url generation the following server parameters need to be added to the vite.config.ts.
+
+```
+import { defineConfig } from 'vite'
+import react from '@vitejs/plugin-react'
+
+// https://vite.dev/config/
+export default defineConfig({
+  plugins: [react()],
+  server: {
+    host: '0.0.0.0',
+    port: 5173,
+    allowedHosts: ['5173.code-server.your.website'],
+  },
+})
+
+```
+
+Don't forget to add the host to your proxy service.
+
@@ -0,0 +1,49 @@
+**vaessl: Test strategy**
+
+# Spring Boot Test Environment
+1. Environment Parity
+
+    Instead of testing against a mocked database or the development database, I created a mirrored test container. This allows the application to perform JPA operations against a real PostgreSQL instance that matches the production engine but uses a different port (5434) and database name (vaessl_test).
+
+2. Profile-Driven Configuration
+
+    I utilized the Spring Profiles mechanism. By tagging the test class with @ActiveProfiles("test"), Spring Boot ignores the standard application.yaml for specific keys and prioritizes src/test/resources/application-test.yaml.
+
+    The configuration is moved out of the Java code and into YAML. This follows the "Separation of Concerns" principle.
+
+    The file is placed in src/test/resources (a sibling to src/test/java). This is the standard Gradle "SourceSet" layout, ensuring the build tool automatically packages these settings only during the test phase.
+
+3. Gradle Test Lifecycle
+
+    I corrected the dependency graph in build.gradle.kts. While the Initializr provides "test slices" (like data-jpa-test), a full integration test requires the Spring Boot Starter Test core.
+
+    This starter provides the YAML parsing engine and the SpringBootContextLoader.
+
+# Frontend Test environment
+
+1. The Vitest Stack
+
+    - Vitest: providing a unified configuration for both the development server and the test runner.
+
+    - jsdom: Provides a lightweight browser environment in Node.js.
+
+    - React Testing Library: Ensures tests are written from the user's perspective (DOM-based) rather than implementation details.
+
+2. Dynamic Environment Configuration
+
+    The vitest.config.ts is configured to be environment-aware. By using loadEnv, the test runner can access variables from .env files, allowing us to:
+
+    - Dynamically set the Server Port (51204).
+
+    - Handle Allowed Hosts (crucial for code-server or LXC environments where the public URL might change).
+
+    - Inject environment-specific keys into the test.env context.
+
+3. TDD Workflow (Red-Green-Refactor)
+    
+    The environment is optimized for a fast feedback loop.
+
+    - npm run test: Runs Vitest in "Watch Mode," re-triggering tests instantly upon file changes.
+
+    - npm run test:ui: Launches the Vitest UI, providing a visual graph of test suites and real-time failure reports.
+
@@ -0,0 +1,92 @@
+**vaessl: Setup LiteLLM**
+
+# LiteLLM Docker Compose setup
+
+I chose to use my existing Docker and PostgreSQL instance to spin up a LiteLLM container. I use Portainer stacks to write the docker-compose.yaml. Instead of creating a .env file I just wrote all environment variables into the yaml. The official docker-compose.yaml may vary.
+
+Before deploying the container create a config.yaml and prometheus.yml in the root folder:
+
+*config.yaml*
+```
+general_settings:
+  master_key: sk-key # 🔑 your proxy admin key (must start with sk-)
+  database_url: "postgresql://pgUser:pgUserPw@192.168.1.208:5432/litellm" 
+```
+
+*prometheus.yml*
+
+```
+global:
+  scrape_interval: 15s
+  evaluation_interval: 15s
+
+scrape_configs:
+  - job_name: "litellm"
+    static_configs:
+      - targets: ["litellm:4000"]
+```
+
+*Portainer stack*
+```
+services:
+  litellm:
+    #build:
+    #  context: .
+    #  args:
+    #    target: runtime
+    image: docker.litellm.ai/berriai/litellm:main-stable
+    volumes:
+      - /home/pi/docker/litellm/config.yaml:/app/config.yaml
+    command:
+      - "--config=/app/config.yaml"
+    ports:
+      - "4000:4000" # Map the container port to the host, change the host port if necessary
+    environment:
+      DATABASE_URL: "postgresql://pgUser:pgUserPw@192.168.1.208:5432/litellm"
+      STORE_MODEL_IN_DB: "True" # allows adding models to proxy via UI
+      OPENAI_API_KEY: "sk-key"
+      OPENAI_BASE_URL: "https://api.openai.com/v1"
+      LITELLM_MASTER_KEY: "sk-key"
+      LITELLM_SALT_KEY: "sk-saltkey"
+      PUID: 1000
+      PGID: 1000
+    #env_file:
+    #  - /home/pi/docker/litellm/.env
+    healthcheck:
+      test:
+        - CMD-SHELL
+        - python3 -c "import urllib.request; urllib.request.urlopen('http://localhost:4000/health/liveliness')"  # Command to execute for health check
+      interval: 30s  # Perform health check every 30 seconds
+      timeout: 10s   # Health check command times out after 10 seconds
+      retries: 3     # Retry up to 3 times if health check fails
+      start_period: 40s  # Wait 40 seconds after container start before beginning health checks
+    networks:
+      - postgres_pg_network
+  
+  prometheus:
+    image: prom/prometheus
+    volumes:
+      - /home/pi/docker/litellm/prometheus_data:/prometheus
+      - /home/pi/docker/litellm/prometheus.yml:/etc/prometheus/prometheus.yml
+    ports:
+      - "9090:9090"
+    command:
+      - "--config.file=/etc/prometheus/prometheus.yml"
+      - "--storage.tsdb.path=/prometheus"
+      - "--storage.tsdb.retention.time=15d"
+    restart: always
+
+volumes:
+  prometheus_data:
+    driver: local
+  postgres_data:
+    name: litellm_postgres_data # Named volume for Postgres data persistence
+
+networks:
+  postgres_pg_network:
+    external: true
+```
+
+
+
+Models can be added in the UI under localhost:4000 and will be saved into the database. No need to define them in the config.yaml
@@ -0,0 +1,57 @@
+**vaessl: Setup API client**
+
+# Locally hosted API client
+
+I chose [Hoppscotch ](https://docs.hoppscotch.io/) as API client since it is free, open-source, has a Docker support and can be locally hosted. Together with its browser extension it can be run in the browser supporting my goal of a flexible, browser-based development environment where I can securely access and interact with my entire stack remotely.
+
+```
+services:
+    hoppscotch:
+        image: hoppscotch/hoppscotch
+        container_name: hoppscotch
+        restart: unless-stopped
+        # ATTENTION: Run command and entrypoint for the first time and then comment it out
+        #command: '-c "pnpx prisma migrate deploy"'
+        #entrypoint: sh
+        environment:
+          PUID: 1000
+          PGID: 1000
+          # Prisma Config
+          DATABASE_URL: postgresql://user:pw@192.168.1.208:5432/hoppscotch
+          # (Optional) By default, the AIO container (when in subpath access mode) exposes the endpoint on port 80. Use this setting to specify a different port if needed.
+          HOPP_AIO_ALTERNATE_PORT: 80
+          # Sensitive Data Encryption Key while storing in Database (32 character)
+          DATA_ENCRYPTION_KEY: 'key'
+          # Whitelisted origins for the Hoppscotch App.
+          # This list controls which origins can interact with the app through cross-origin comms.
+          # - localhost ports (3170, 3000, 3100): app, backend, development servers and services
+          # - app://localhost_3200: Bundle server origin identifier
+          #   NOTE: `3200` here refers to the bundle server (port 3200) that provides the bundles,
+          #   NOT where the app runs. The app itself uses the `app://` protocol with dynamic
+          #   bundle names like `app://{bundle-name}/`
+          WHITELISTED_ORIGINS: http://localhost:3170,http://localhost:3009,http://localhost:3101,app://localhost_3200,app://hoppscotch
+          # Base URLs
+          VITE_BASE_URL: http://localhost:3009
+          VITE_SHORTCODE_BASE_URL: http://localhost:3009
+          VITE_ADMIN_URL: http://localhost:3101
+          # Backend URLs
+          VITE_BACKEND_GQL_URL: http://localhost:3170/graphql
+          VITE_BACKEND_WS_URL: wss://localhost:3170/graphql
+          VITE_BACKEND_API_URL: http://localhost:3170/v1
+          # Terms Of Service And Privacy Policy Links (Optional)
+          VITE_APP_TOS_LINK: https://docs.hoppscotch.io/support/terms
+          VITE_APP_PRIVACY_POLICY_LINK: https://docs.hoppscotch.io/support/privacy
+          # Set to `true` for subpath based access
+          ENABLE_SUBPATH_BASED_ACCESS: false
+        ports:
+          - '3170:3170'
+          - '3101:3100'
+          - '3009:3000'
+        networks:
+          - postgres_pg_network
+
+networks:
+  postgres_pg_network:
+    external: true
+
+```
@@ -0,0 +1,172 @@
+**vaessl: Claude Code feasability**
+
+This is a showcase of how useful Claude Code can be for an app such as Vaessl. There were very little steps to do to achieve an entire feature. This was achieved with a standard paid plan over 2 days. I never hit the limits and I must have used around 300k tokens likely a little more. Not only was I able to setup Java classes and React components. Claude Code pretty much nailed the CSS for the app. After minor adjustments for styling, CORS configurations, solving SonarQube warnings and generating additional integration tests I was good to commit the changes. The following documentation was also generated via CC. 
+
+The entire commit can be reviewed under following hash 43bbcece7a901e94021e10bca8b227c8ba285ac2.
+
+
+# What the feature achieves
+  
+  Users can connect Vaessl to external services (starting with Homebox) by entering their credentials in a UI. The backend authenticates against the remote service, persists the
+  connection in the database, and issues an HTTP session cookie. The frontend dashboard reflects live connection status and lets users disconnect.
+
+  ---
+  ## Backend
+
+  **build.gradle.kts**
+
+  Added spring-boot-starter-session-jdbc (and its test counterpart). This enables Spring Session to store HTTP sessions in the PostgreSQL database rather than in-memory, so
+  sessions survive server restarts and work correctly in multi-instance deployments.
+
+  ---
+  **application.yaml**
+
+  Two additions:
+  - spring.session.store-type: jdbc activates the JDBC session store added above.
+  - server.servlet.context-path: /api prefixes all endpoints with /api, keeping the API cleanly separated from the frontend when served from the same host.
+  - vaessl.frontend-url externalizes the frontend origin so CORS can be configured without hardcoding.
+
+  ---
+  **config/CorsConfig.java (new)**
+  
+  Spring MVC CORS configuration. The frontend runs on a different port/domain than the backend, so without this every browser request would be blocked. Key detail:
+  allowCredentials(true) is required for the session cookie to be sent cross-origin — this is why the allowed origins are explicit (wildcards are forbidden when credentials are
+  allowed). The three origins cover local dev, a LAN IP, and a tunnelled code-server URL.
+
+  ---
+  **config/SessionConfig.java (new)**
+
+  Customises the session cookie that Spring Session issues. HttpOnly prevents JavaScript from reading it (XSS mitigation). SameSite=Lax allows the cookie to travel with
+  cross-site navigations (needed for the separate frontend origin) while blocking CSRF from third-party sites. CookieMaxAge = Integer.MAX_VALUE keeps the cookie persistent in the
+   browser across tabs/restarts; the actual session lifetime is controlled per-login in the controller.
+
+  ---
+  **META-INF/additional-spring-configuration-metadata.json (new)**
+  
+  Registers the custom vaessl.frontend-url and spring.session.store-type properties with the IDE. This gives autocomplete and documentation hints in application.yaml — it has no
+  runtime effect.
+
+  ---
+  **dto/LoginResult.java (new)**
+  
+  An internal record (connectionId, expiresAt) used as the return type of ConnectionService.login(). It carries back the database ID of the saved connection and the token expiry
+  so the controller can use both without coupling to the entity layer.
+
+  ---
+  **dto/AuthResponse.java (new)**
+
+  The JSON body returned to the client after a successful login. It intentionally contains only serviceType and expiresAt — no tokens, no internal IDs — because all sensitive
+  state lives server-side in the session and the database.
+
+  ---
+  **dto/ConnectionStatusResponse.java (new)**
+
+  The JSON body returned by the status endpoint for each active connection. Includes enough for the UI to show: which service, the URL it's connected to, the logged-in username,
+  when the token expires, and whether it is currently considered connected (expiry has not passed).
+
+  ---
+  **connection/ConnectionProvider.java (modified)**
+
+  The provider interface gained five new methods:
+  - checkCredentials — validates the request before any network call is made.
+  - findUniqueConnectionEntry — looks up an existing database row for this user+URL combination.
+  - connectionToEntity / updateToRepository — split "create new row" from "refresh token on existing row", so re-logging in updates the token rather than creating a duplicate.
+  - getTokenExpiry — lets each provider expose its token lifetime (defaults to null meaning no expiry check).
+
+  This keeps all provider-specific logic inside the provider, not scattered across the service.
+
+  ---
+  **connection/ConnectionService.java (modified)**
+
+  login() was refactored to use the new provider methods and now returns LoginResult instead of void. The upsert logic (find existing → update or create new) lives here. A new
+  method getConnectionStatus() was added: it loads the entity by ID, asks the provider for its expiry, and returns the status DTO. The ID-based lookup is safe here because the
+  controller already resolved the ID from the session.
+
+  ---
+  **connection/ConnectionController.java (modified)**
+
+  Three endpoints now exist:
+
+  - POST /login — calls ConnectionService.login(), stores the returned connectionId in the HTTP session under a key like HOMEBOX_CONNECTION_ID, sets the session timeout to match
+  the token expiry (minimum 5 minutes), and responds with AuthResponse.
+  - GET /connections/status — reads all *_CONNECTION_ID keys from the session and calls getConnectionStatus for each, returning a list. Returns an empty list if no session exists
+   (not an error).
+  - DELETE /connections/{serviceType} — removes the specific key from the session. If no connections remain, the session is invalidated entirely.
+
+  ---
+  **connection/HomeBoxConnectionProvider.java (modified)**
+
+  Implements the new interface methods:
+  - checkCredentials validates that username and password are present before touching the network.
+  - findUniqueConnectionEntry queries the repository by appUrl + username.
+  - connectionToEntity delegates to HomeboxEntity.from(...).
+  - updateToRepository pattern-matches on HomeboxEntity and refreshes token, expiresAt, and attachmentToken.
+  - getTokenExpiry returns the stored expiresAt from the HomeboxEntity.
+
+  ---
+  **connection/Endpoint.java (modified)**
+  
+  Added CONNECTION_STATUS("/connections/status") to the enum, alongside the existing constants, so the integration test can reference the status endpoint without a magic string.
+
+  ---
+  ##Frontend
+
+  types/connection.ts (new)
+
+  TypeScript interfaces that mirror the backend DTOs exactly: LoginRequest, AuthResponse, ConnectionStatus. This is the single source of truth for shapes shared across the
+  frontend — the API layer and UI components both import from here.
+
+  ---
+  **api/client.ts (new)**
+
+  A thin apiFetch<T> wrapper around the native fetch API. Two important behaviours:
+  - credentials: 'include' — sends the session cookie on every request (required for cross-origin session auth).
+  - Error normalisation — on non-2xx responses it tries to extract a detail or title field from the JSON body (standard Spring error format) and throws it as an Error with a
+  human-readable message.
+  - 204 No Content is returned as undefined cast to T, avoiding a JSON parse error on empty bodies (used by the DELETE endpoint).
+
+  ---
+  **api/connections.ts (new)**
+  
+  Three typed API call functions — login, getStatuses, logout — each wrapping the corresponding endpoint via apiFetch. The component layer calls these directly; they are not
+  aware of the session cookie mechanism.
+
+  ---
+  **components/Dashboard.tsx (new)**
+
+  The top-level page component. It:
+  - Defines the static SERVICES registry (currently just Homebox) — adding a new service means adding one entry here.
+  - Fetches connection statuses on mount via useEffect.
+  - Manages which connect-modal is open via openModal state.
+  - Passes connect/disconnect callbacks down to ServiceCard and on success calls refresh() to re-fetch statuses.
+
+  ---
+  **components/ServiceCard.tsx (new)**
+  
+  A presentational card for a single service. Displays the service icon, name, a coloured connected/disconnected badge, the logged-in username, and token expiry date. Shows a
+  "Connect" or "Disconnect" button depending on state. It receives everything as props — no API calls inside.
+
+  ---
+  **components/ConnectModal.tsx (new)**
+
+  A modal dialog with a login form (App URL, username, password). On submit it calls login() from the API layer and calls onSuccess if it succeeds, or renders the error message
+  if it fails. Auto-focuses the first field on open and closes on Escape key — both accessibility practices. Clicking the overlay also closes it.
+
+  ---
+  **App.tsx (modified)**
+
+  Replaced the previous placeholder content with a single <Dashboard /> render. The app entry point is now minimal by design — all layout and state live inside Dashboard.
+
+  ---
+  ## Summary flow
+
+  User clicks "Connect" → ConnectModal form submitted
+    → POST /api/login (with credentials)
+      → backend authenticates against Homebox
+      → saves/updates connection row in DB
+      → stores connection ID in HTTP session (JDBC-backed)
+      → returns AuthResponse with expiry
+    → Dashboard calls getStatuses()
+      → GET /api/connections/status (session cookie sent)
+      → backend reads session, looks up DB rows, returns status list
+    → ServiceCard shows "Connected" with username + expiry
@@ -0,0 +1,177 @@
+**vaessl: Login Architecture**
+
+# Backend
+
+The login architecture is designed to make future additions to this bridging app as frictionless as possible. Abstraction and inheritance are used to keep refactorings to a minimum. The first app to bridge is Homebox, which uses a classic username/password and Bearer token login process. The second hypothetical app, WikiJS, uses a user-generated API key. The abstractions cater to both authentication methods.
+
+## API Endpoints
+
+The server context path is `/api`. The three endpoints that drive the connection flow:
+
+| Method | Path | Description |
+|--------|------|-------------|
+| `POST` | `/api/login` | Authenticate a service; stores connection ID in session |
+| `GET` | `/api/connections/status` | List connected services for the current session |
+| `DELETE` | `/api/connections/{serviceType}` | Remove a service from the session; invalidates the session if no connections remain |
+
+## Session Management
+
+Authentication state is held server-side in a JDBC-backed Spring Session (stored in the same PostgreSQL database). After a successful login the controller stores `{serviceType}_CONNECTION_ID` in the `HttpSession`. The session cookie is `HttpOnly`, `SameSite=Lax`, and set to max age.
+
+`CorsConfig` allows credentials from the two configured origins (`FRONTEND_LOCAL_URL`, `FRONTEND_PUBLIC_URL`). `allowCredentials(true)` is required for the session cookie to travel cross-origin.
+
+## Single Table Inheritance
+
+Database entities use Single Table Inheritance — one `connections` table with a `service_type` discriminator column and all app-specific nullable columns. A unique constraint on `(appUrl, username)` prevents duplicate entries per user per instance.
+
+***ConnectionEntity.java***
+
+```java
+@Entity
+@Table(name = "connections", uniqueConstraints = { @UniqueConstraint(columnNames = { "appUrl", "username" }) })
+@Inheritance(strategy = InheritanceType.SINGLE_TABLE)
+@DiscriminatorColumn(name = "service_type")
+public abstract class ConnectionEntity {
+    @Id @GeneratedValue(strategy = GenerationType.IDENTITY)
+    private Long id;
+
+    private String appUrl;
+    private String username;
+}
+```
+
+***HomeboxEntity.java***
+
+```java
+@Entity
+@DiscriminatorValue("HOMEBOX")
+public class HomeboxEntity extends ConnectionEntity {
+
+    private String token;
+    private String attachmentToken;
+    private Instant expiresAt;
+
+    public static HomeboxEntity from(ConnectionRequest request, ConnectionResponse response) {
+        HomeboxEntity he = new HomeboxEntity();
+        he.setAppUrl(request.appUrl());
+        he.setUsername(request.username());
+        he.setToken(response.token());
+        he.setAttachmentToken(response.getExtraVar("attachmentToken"));
+        he.setExpiresAt(response.expiresAt());
+        return he;
+    }
+}
+```
+
+## The Provider Pattern (Logic Layer)
+
+Each integrated app implements `ConnectionProvider`. This separates how an app authenticates (the specific) from what the system does with that result (the general).
+
+***ConnectionProvider.java***
+
+```java
+public interface ConnectionProvider {
+
+    String getServiceType();
+
+    void checkCredentials(ConnectionRequest request);
+
+    ConnectionResponse authenticate(ConnectionRequest request);
+
+    ConnectionEntity findUniqueConnectionEntry(ConnectionRequest request);
+
+    ConnectionEntity connectionToEntity(ConnectionRequest request, ConnectionResponse response);
+
+    void updateToRepository(ConnectionEntity existing, ConnectionResponse response);
+
+    default Instant getTokenExpiry(ConnectionEntity entity) {
+        return null;
+    }
+}
+```
+
+- `checkCredentials` — validates that required fields are present before attempting the remote call (throws `EmptyCredentialsException` with a list of missing fields)
+- `findUniqueConnectionEntry` — looks up an existing record to decide insert vs. update
+- `getTokenExpiry` — default returns `null` (no expiry); token-based providers override this so `ConnectionService` can compute the `connected` flag
+
+***HomeBoxConnectionProvider.java***
+
+```java
+@Component
+public class HomeBoxConnectionProvider implements ConnectionProvider {
+
+    @Override
+    public String getServiceType() { return "HOMEBOX"; }
+
+    @Override
+    public void checkCredentials(ConnectionRequest request) {
+        // throws EmptyCredentialsException if username or password is null
+    }
+
+    @Override
+    public ConnectionResponse authenticate(ConnectionRequest request) {
+        // POST to Homebox /api/v1/users/login, returns token + attachmentToken + expiresAt
+    }
+
+    @Override
+    public ConnectionEntity findUniqueConnectionEntry(ConnectionRequest request) {
+        return cRepository.findByAppUrlAndUsername(request.appUrl(), request.username());
+    }
+
+    @Override
+    public ConnectionEntity connectionToEntity(ConnectionRequest request, ConnectionResponse response) {
+        return HomeboxEntity.from(request, response);
+    }
+
+    @Override
+    public void updateToRepository(ConnectionEntity existing, ConnectionResponse response) {
+        // casts to HomeboxEntity and updates token, attachmentToken, expiresAt
+    }
+
+    @Override
+    public Instant getTokenExpiry(ConnectionEntity entity) {
+        return (entity instanceof HomeboxEntity he) ? he.getExpiresAt() : null;
+    }
+}
+```
+
+***ConnectionService.java***
+
+```java
+@Service
+public class ConnectionService {
+
+    // auto-discovers all ConnectionProvider beans into a serviceType → provider map
+
+    public LoginResult login(ConnectionRequest request) {
+        provider.checkCredentials(request);
+        ConnectionResponse response = provider.authenticate(request);
+        ConnectionEntity existing = provider.findUniqueConnectionEntry(request);
+        // insert or update, then return LoginResult(connectionId, expiresAt)
+    }
+
+    public ConnectionStatusResponse getConnectionStatus(String serviceType, Long connectionId) {
+        // looks up entity by id, calls provider.getTokenExpiry() to compute connected flag
+    }
+}
+```
+
+## DTOs
+
+### Request / Internal
+
+- **`ConnectionRequest`** — fields: `appUrl`, `serviceType`, `username`, `password`, `apiKey`, `stayLoggedIn`. Typed fields (not a credentials map) let providers validate exactly what they need via `checkCredentials()`. `apiKey` covers future API-key-only providers (e.g. WikiJS).
+
+- **`ConnectionResponse`** — internal DTO between provider and service: `token`, `expiresAt`, `Map<String, Object> extraResponseData`. The `getExtraVar(key)` helper safely extracts app-specific values (e.g. Homebox's `attachmentToken`).
+
+### Response (returned to frontend)
+
+- **`LoginResult`** — `connectionId`, `expiresAt`. Returned by `ConnectionService.login()` and used by the controller to populate the session.
+
+- **`AuthResponse`** — `serviceType`, `expiresAt`. Returned by `POST /api/login` to the frontend.
+
+- **`ConnectionStatusResponse`** — `serviceType`, `appUrl`, `username`, `expiresAt`, `connected`. Returned by `GET /api/connections/status`.
+
+## Supported Service Types
+
+Registered in the `ServiceType` enum. Currently: `HOMEBOX`. Adding a new service means implementing `ConnectionProvider` and adding the discriminator value — no changes to `ConnectionService` or `ConnectionController` required.
@@ -0,0 +1,25 @@
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+pnpm-debug.log*
+lerna-debug.log*
+
+node_modules
+dist
+dist-ssr
+*.local
+
+# Editor directories and files
+.vscode/*
+!.vscode/extensions.json
+.idea
+.DS_Store
+*.suo
+*.ntvs*
+*.njsproj
+*.sln
+*.sw?
+.vite
@@ -0,0 +1,73 @@
+# React + TypeScript + Vite
+
+This template provides a minimal setup to get React working in Vite with HMR and some ESLint rules.
+
+Currently, two official plugins are available:
+
+- [@vitejs/plugin-react](https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react) uses [Oxc](https://oxc.rs)
+- [@vitejs/plugin-react-swc](https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react-swc) uses [SWC](https://swc.rs/)
+
+## React Compiler
+
+The React Compiler is not enabled on this template because of its impact on dev & build performances. To add it, see [this documentation](https://react.dev/learn/react-compiler/installation).
+
+## Expanding the ESLint configuration
+
+If you are developing a production application, we recommend updating the configuration to enable type-aware lint rules:
+
+```js
+export default defineConfig([
+  globalIgnores(['dist']),
+  {
+    files: ['**/*.{ts,tsx}'],
+    extends: [
+      // Other configs...
+
+      // Remove tseslint.configs.recommended and replace with this
+      tseslint.configs.recommendedTypeChecked,
+      // Alternatively, use this for stricter rules
+      tseslint.configs.strictTypeChecked,
+      // Optionally, add this for stylistic rules
+      tseslint.configs.stylisticTypeChecked,
+
+      // Other configs...
+    ],
+    languageOptions: {
+      parserOptions: {
+        project: ['./tsconfig.node.json', './tsconfig.app.json'],
+        tsconfigRootDir: import.meta.dirname,
+      },
+      // other options...
+    },
+  },
+])
+```
+
+You can also install [eslint-plugin-react-x](https://github.com/Rel1cx/eslint-react/tree/main/packages/plugins/eslint-plugin-react-x) and [eslint-plugin-react-dom](https://github.com/Rel1cx/eslint-react/tree/main/packages/plugins/eslint-plugin-react-dom) for React-specific lint rules:
+
+```js
+// eslint.config.js
+import reactX from 'eslint-plugin-react-x'
+import reactDom from 'eslint-plugin-react-dom'
+
+export default defineConfig([
+  globalIgnores(['dist']),
+  {
+    files: ['**/*.{ts,tsx}'],
+    extends: [
+      // Other configs...
+      // Enable lint rules for React
+      reactX.configs['recommended-typescript'],
+      // Enable lint rules for React DOM
+      reactDom.configs.recommended,
+    ],
+    languageOptions: {
+      parserOptions: {
+        project: ['./tsconfig.node.json', './tsconfig.app.json'],
+        tsconfigRootDir: import.meta.dirname,
+      },
+      // other options...
+    },
+  },
+])
+```
@@ -0,0 +1,23 @@
+import js from '@eslint/js'
+import globals from 'globals'
+import reactHooks from 'eslint-plugin-react-hooks'
+import reactRefresh from 'eslint-plugin-react-refresh'
+import tseslint from 'typescript-eslint'
+import { defineConfig, globalIgnores } from 'eslint/config'
+
+export default defineConfig([
+  globalIgnores(['dist']),
+  {
+    files: ['**/*.{ts,tsx}'],
+    extends: [
+      js.configs.recommended,
+      tseslint.configs.recommended,
+      reactHooks.configs.flat.recommended,
+      reactRefresh.configs.vite,
+    ],
+    languageOptions: {
+      ecmaVersion: 2020,
+      globals: globals.browser,
+    },
+  },
+])
@@ -0,0 +1,13 @@
+<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <link rel="icon" type="image/svg+xml" href="/favicon.svg" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <title>frontend</title>
+  </head>
+  <body>
+    <div id="root"></div>
+    <script type="module" src="/src/main.tsx"></script>
+  </body>
+</html>
@@ -0,0 +1,38 @@
+{
+  "name": "frontend",
+  "private": true,
+  "version": "0.0.0",
+  "type": "module",
+  "scripts": {
+    "dev": "vite",
+    "build": "tsc -b && vite build",
+    "lint": "eslint .",
+    "preview": "vite preview",
+    "test": "vitest",
+    "test:ui": "vitest --ui"
+  },
+  "dependencies": {
+    "react": "^19.2.4",
+    "react-dom": "^19.2.4"
+  },
+  "devDependencies": {
+    "@eslint/js": "^9.39.4",
+    "@testing-library/jest-dom": "^6.9.1",
+    "@testing-library/react": "^16.3.2",
+    "@types/node": "^24.12.0",
+    "@types/react": "^19.2.14",
+    "@types/react-dom": "^19.2.3",
+    "@vitejs/plugin-react": "^6.0.1",
+    "@vitest/ui": "^4.1.2",
+    "eslint": "^9.39.4",
+    "eslint-plugin-react-hooks": "^7.0.1",
+    "eslint-plugin-react-refresh": "^0.5.2",
+    "globals": "^17.4.0",
+    "jsdom": "^29.0.1",
+    "sass": "^1.99.0",
+    "typescript": "~5.9.3",
+    "typescript-eslint": "^8.57.0",
+    "vite": "^8.0.1",
+    "vitest": "^4.1.2"
+  }
+}
@@ -0,0 +1,24 @@
+<svg xmlns="http://www.w3.org/2000/svg">
+  <symbol id="bluesky-icon" viewBox="0 0 16 17">
+    <g clip-path="url(#bluesky-clip)"><path fill="#08060d" d="M7.75 7.735c-.693-1.348-2.58-3.86-4.334-5.097-1.68-1.187-2.32-.981-2.74-.79C.188 2.065.1 2.812.1 3.251s.241 3.602.398 4.13c.52 1.744 2.367 2.333 4.07 2.145-2.495.37-4.71 1.278-1.805 4.512 3.196 3.309 4.38-.71 4.987-2.746.608 2.036 1.307 5.91 4.93 2.746 2.72-2.746.747-4.143-1.747-4.512 1.702.189 3.55-.4 4.07-2.145.156-.528.397-3.691.397-4.13s-.088-1.186-.575-1.406c-.42-.19-1.06-.395-2.741.79-1.755 1.24-3.64 3.752-4.334 5.099"/></g>
+    <defs><clipPath id="bluesky-clip"><path fill="#fff" d="M.1.85h15.3v15.3H.1z"/></clipPath></defs>
+  </symbol>
+  <symbol id="discord-icon" viewBox="0 0 20 19">
+    <path fill="#08060d" d="M16.224 3.768a14.5 14.5 0 0 0-3.67-1.153c-.158.286-.343.67-.47.976a13.5 13.5 0 0 0-4.067 0c-.128-.306-.317-.69-.476-.976A14.4 14.4 0 0 0 3.868 3.77C1.546 7.28.916 10.703 1.231 14.077a14.7 14.7 0 0 0 4.5 2.306q.545-.748.965-1.587a9.5 9.5 0 0 1-1.518-.74q.191-.14.372-.293c2.927 1.369 6.107 1.369 8.999 0q.183.152.372.294-.723.437-1.52.74.418.838.963 1.588a14.6 14.6 0 0 0 4.504-2.308c.37-3.911-.63-7.302-2.644-10.309m-9.13 8.234c-.878 0-1.599-.82-1.599-1.82 0-.998.705-1.82 1.6-1.82.894 0 1.614.82 1.599 1.82.001 1-.705 1.82-1.6 1.82m5.91 0c-.878 0-1.599-.82-1.599-1.82 0-.998.705-1.82 1.6-1.82.893 0 1.614.82 1.599 1.82 0 1-.706 1.82-1.6 1.82"/>
+  </symbol>
+  <symbol id="documentation-icon" viewBox="0 0 21 20">
+    <path fill="none" stroke="#aa3bff" stroke-linecap="round" stroke-linejoin="round" stroke-width="1.35" d="m15.5 13.333 1.533 1.322c.645.555.967.833.967 1.178s-.322.623-.967 1.179L15.5 18.333m-3.333-5-1.534 1.322c-.644.555-.966.833-.966 1.178s.322.623.966 1.179l1.534 1.321"/>
+    <path fill="none" stroke="#aa3bff" stroke-linecap="round" stroke-linejoin="round" stroke-width="1.35" d="M17.167 10.836v-4.32c0-1.41 0-2.117-.224-2.68-.359-.906-1.118-1.621-2.08-1.96-.599-.21-1.349-.21-2.848-.21-2.623 0-3.935 0-4.983.369-1.684.591-3.013 1.842-3.641 3.428C3 6.449 3 7.684 3 10.154v2.122c0 2.558 0 3.838.706 4.726q.306.383.713.671c.76.536 1.79.64 3.581.66"/>
+    <path fill="none" stroke="#aa3bff" stroke-linecap="round" stroke-linejoin="round" stroke-width="1.35" d="M3 10a2.78 2.78 0 0 1 2.778-2.778c.555 0 1.209.097 1.748-.047.48-.129.854-.503.982-.982.145-.54.048-1.194.048-1.749a2.78 2.78 0 0 1 2.777-2.777"/>
+  </symbol>
+  <symbol id="github-icon" viewBox="0 0 19 19">
+    <path fill="#08060d" fill-rule="evenodd" d="M9.356 1.85C5.05 1.85 1.57 5.356 1.57 9.694a7.84 7.84 0 0 0 5.324 7.44c.387.079.528-.168.528-.376 0-.182-.013-.805-.013-1.454-2.165.467-2.616-.935-2.616-.935-.349-.91-.864-1.143-.864-1.143-.71-.48.051-.48.051-.48.787.051 1.2.805 1.2.805.695 1.194 1.817.857 2.268.649.064-.507.27-.857.49-1.052-1.728-.182-3.545-.857-3.545-3.87 0-.857.31-1.558.8-2.104-.078-.195-.349-1 .077-2.078 0 0 .657-.208 2.14.805a7.5 7.5 0 0 1 1.946-.26c.657 0 1.328.092 1.946.26 1.483-1.013 2.14-.805 2.14-.805.426 1.078.155 1.883.078 2.078.502.546.799 1.247.799 2.104 0 3.013-1.818 3.675-3.558 3.87.284.247.528.714.528 1.454 0 1.052-.012 1.896-.012 2.156 0 .208.142.455.528.377a7.84 7.84 0 0 0 5.324-7.441c.013-4.338-3.48-7.844-7.773-7.844" clip-rule="evenodd"/>
+  </symbol>
+  <symbol id="social-icon" viewBox="0 0 20 20">
+    <path fill="none" stroke="#aa3bff" stroke-linecap="round" stroke-linejoin="round" stroke-width="1.35" d="M12.5 6.667a4.167 4.167 0 1 0-8.334 0 4.167 4.167 0 0 0 8.334 0"/>
+    <path fill="none" stroke="#aa3bff" stroke-linecap="round" stroke-linejoin="round" stroke-width="1.35" d="M2.5 16.667a5.833 5.833 0 0 1 8.75-5.053m3.837.474.513 1.035c.07.144.257.282.414.309l.93.155c.596.1.736.536.307.965l-.723.73a.64.64 0 0 0-.152.531l.207.903c.164.715-.213.991-.84.618l-.872-.52a.63.63 0 0 0-.577 0l-.872.52c-.624.373-1.003.094-.84-.618l.207-.903a.64.64 0 0 0-.152-.532l-.723-.729c-.426-.43-.289-.864.306-.964l.93-.156a.64.64 0 0 0 .412-.31l.513-1.034c.28-.562.735-.562 1.012 0"/>
+  </symbol>
+  <symbol id="x-icon" viewBox="0 0 19 19">
+    <path fill="#08060d" fill-rule="evenodd" d="M1.893 1.98c.052.072 1.245 1.769 2.653 3.77l2.892 4.114c.183.261.333.48.333.486s-.068.089-.152.183l-.522.593-.765.867-3.597 4.087c-.375.426-.734.834-.798.905a1 1 0 0 0-.118.148c0 .01.236.017.664.017h.663l.729-.83c.4-.457.796-.906.879-.999a692 692 0 0 0 1.794-2.038c.034-.037.301-.34.594-.675l.551-.624.345-.392a7 7 0 0 1 .34-.374c.006 0 .93 1.306 2.052 2.903l2.084 2.965.045.063h2.275c1.87 0 2.273-.003 2.266-.021-.008-.02-1.098-1.572-3.894-5.547-2.013-2.862-2.28-3.246-2.273-3.266.008-.019.282-.332 2.085-2.38l2-2.274 1.567-1.782c.022-.028-.016-.03-.65-.03h-.674l-.3.342a871 871 0 0 1-1.782 2.025c-.067.075-.405.458-.75.852a100 100 0 0 1-.803.91c-.148.172-.299.344-.99 1.127-.304.343-.32.358-.345.327-.015-.019-.904-1.282-1.976-2.808L6.365 1.85H1.8zm1.782.91 8.078 11.294c.772 1.08 1.413 1.973 1.425 1.984.016.017.241.02 1.05.017l1.03-.004-2.694-3.766L7.796 5.75 5.722 2.852l-1.039-.004-1.039-.004z" clip-rule="evenodd"/>
+  </symbol>
+</svg>
@@ -0,0 +1,10 @@
+
+import { Dashboard } from './components/Dashboard'
+
+function App() {
+  return (
+    <Dashboard/>
+  )
+}
+
+export default App
@@ -0,0 +1,21 @@
+const BASE = import.meta.env.VITE_API_URL ?? '/api'
+
+export async function apiFetch<T>(path: string, init?: RequestInit): Promise<T> {
+  const res = await fetch(`${BASE}${path}`, {
+    ...init,
+    credentials: 'include',
+    headers: { 'Content-Type': 'application/json', ...init?.headers },
+  })
+  if (!res.ok) {
+    let message = `Request failed (${res.status})`
+    try {
+      const body = await res.json()
+      if (body?.detail) message = body.detail
+      else if (body?.title) message = body.title
+    } catch {
+      // ignore parse errors
+    }
+    throw new Error(message)
+  }
+  return res.status === 204 ? (undefined as T) : res.json()
+}
@@ -0,0 +1,11 @@
+import { apiFetch } from './client'
+import type { AuthResponse, ConnectionStatus, LoginRequest } from '../types/connection'
+
+export const login = (req: LoginRequest) =>
+  apiFetch<AuthResponse>('/login', { method: 'POST', body: JSON.stringify(req) })
+
+export const getStatuses = () =>
+  apiFetch<ConnectionStatus[]>('/connections/status')
+
+export const logout = (serviceType: string) =>
+  apiFetch<void>(`/connections/${serviceType}`, { method: 'DELETE' })
@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" aria-hidden="true" role="img" class="iconify iconify--logos" width="35.93" height="32" preserveAspectRatio="xMidYMid meet" viewBox="0 0 256 228"><path fill="#00D8FF" d="M210.483 73.824a171.49 171.49 0 0 0-8.24-2.597c.465-1.9.893-3.777 1.273-5.621c6.238-30.281 2.16-54.676-11.769-62.708c-13.355-7.7-35.196.329-57.254 19.526a171.23 171.23 0 0 0-6.375 5.848a155.866 155.866 0 0 0-4.241-3.917C100.759 3.829 77.587-4.822 63.673 3.233C50.33 10.957 46.379 33.89 51.995 62.588a170.974 170.974 0 0 0 1.892 8.48c-3.28.932-6.445 1.924-9.474 2.98C17.309 83.498 0 98.307 0 113.668c0 15.865 18.582 31.778 46.812 41.427a145.52 145.52 0 0 0 6.921 2.165a167.467 167.467 0 0 0-2.01 9.138c-5.354 28.2-1.173 50.591 12.134 58.266c13.744 7.926 36.812-.22 59.273-19.855a145.567 145.567 0 0 0 5.342-4.923a168.064 168.064 0 0 0 6.92 6.314c21.758 18.722 43.246 26.282 56.54 18.586c13.731-7.949 18.194-32.003 12.4-61.268a145.016 145.016 0 0 0-1.535-6.842c1.62-.48 3.21-.974 4.76-1.488c29.348-9.723 48.443-25.443 48.443-41.52c0-15.417-17.868-30.326-45.517-39.844Zm-6.365 70.984c-1.4.463-2.836.91-4.3 1.345c-3.24-10.257-7.612-21.163-12.963-32.432c5.106-11 9.31-21.767 12.459-31.957c2.619.758 5.16 1.557 7.61 2.4c23.69 8.156 38.14 20.213 38.14 29.504c0 9.896-15.606 22.743-40.946 31.14Zm-10.514 20.834c2.562 12.94 2.927 24.64 1.23 33.787c-1.524 8.219-4.59 13.698-8.382 15.893c-8.067 4.67-25.32-1.4-43.927-17.412a156.726 156.726 0 0 1-6.437-5.87c7.214-7.889 14.423-17.06 21.459-27.246c12.376-1.098 24.068-2.894 34.671-5.345a134.17 134.17 0 0 1 1.386 6.193ZM87.276 214.515c-7.882 2.783-14.16 2.863-17.955.675c-8.075-4.657-11.432-22.636-6.853-46.752a156.923 156.923 0 0 1 1.869-8.499c10.486 2.32 22.093 3.988 34.498 4.994c7.084 9.967 14.501 19.128 21.976 27.15a134.668 134.668 0 0 1-4.877 4.492c-9.933 8.682-19.886 14.842-28.658 17.94ZM50.35 144.747c-12.483-4.267-22.792-9.812-29.858-15.863c-6.35-5.437-9.555-10.836-9.555-15.216c0-9.322 13.897-21.212 37.076-29.293c2.813-.98 5.757-1.905 8.812-2.773c3.204 10.42 7.406 21.315 12.477 32.332c-5.137 11.18-9.399 22.249-12.634 32.792a134.718 134.718 0 0 1-6.318-1.979Zm12.378-84.26c-4.811-24.587-1.616-43.134 6.425-47.789c8.564-4.958 27.502 2.111 47.463 19.835a144.318 144.318 0 0 1 3.841 3.545c-7.438 7.987-14.787 17.08-21.808 26.988c-12.04 1.116-23.565 2.908-34.161 5.309a160.342 160.342 0 0 1-1.76-7.887Zm110.427 27.268a347.8 347.8 0 0 0-7.785-12.803c8.168 1.033 15.994 2.404 23.343 4.08c-2.206 7.072-4.956 14.465-8.193 22.045a381.151 381.151 0 0 0-7.365-13.322Zm-45.032-43.861c5.044 5.465 10.096 11.566 15.065 18.186a322.04 322.04 0 0 0-30.257-.006c4.974-6.559 10.069-12.652 15.192-18.18ZM82.802 87.83a323.167 323.167 0 0 0-7.227 13.238c-3.184-7.553-5.909-14.98-8.134-22.152c7.304-1.634 15.093-2.97 23.209-3.984a321.524 321.524 0 0 0-7.848 12.897Zm8.081 65.352c-8.385-.936-16.291-2.203-23.593-3.793c2.26-7.3 5.045-14.885 8.298-22.6a321.187 321.187 0 0 0 7.257 13.246c2.594 4.48 5.28 8.868 8.038 13.147Zm37.542 31.03c-5.184-5.592-10.354-11.779-15.403-18.433c4.902.192 9.899.29 14.978.29c5.218 0 10.376-.117 15.453-.343c-4.985 6.774-10.018 12.97-15.028 18.486Zm52.198-57.817c3.422 7.8 6.306 15.345 8.596 22.52c-7.422 1.694-15.436 3.058-23.88 4.071a382.417 382.417 0 0 0 7.859-13.026a347.403 347.403 0 0 0 7.425-13.565Zm-16.898 8.101a358.557 358.557 0 0 1-12.281 19.815a329.4 329.4 0 0 1-23.444.823c-7.967 0-15.716-.248-23.178-.732a310.202 310.202 0 0 1-12.513-19.846h.001a307.41 307.41 0 0 1-10.923-20.627a310.278 310.278 0 0 1 10.89-20.637l-.001.001a307.318 307.318 0 0 1 12.413-19.761c7.613-.576 15.42-.876 23.31-.876H128c7.926 0 15.743.303 23.354.883a329.357 329.357 0 0 1 12.335 19.695a358.489 358.489 0 0 1 11.036 20.54a329.472 329.472 0 0 1-11 20.722Zm22.56-122.124c8.572 4.944 11.906 24.881 6.52 51.026c-.344 1.668-.73 3.367-1.15 5.09c-10.622-2.452-22.155-4.275-34.23-5.408c-7.034-10.017-14.323-19.124-21.64-27.008a160.789 160.789 0 0 1 5.888-5.4c18.9-16.447 36.564-22.941 44.612-18.3ZM128 90.808c12.625 0 22.86 10.235 22.86 22.86s-10.235 22.86-22.86 22.86s-22.86-10.235-22.86-22.86s10.235-22.86 22.86-22.86Z"></path></svg>
@@ -0,0 +1,113 @@
+.modal-overlay {
+  position: fixed;
+  inset: 0;
+  background: rgba(0, 0, 0, 0.45);
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  z-index: 100;
+  padding: 16px;
+}
+
+.modal {
+  background: var(--bg);
+  border: 1px solid var(--border);
+  border-radius: 12px;
+  padding: 28px 32px;
+  width: 100%;
+  max-width: 420px;
+  box-shadow: var(--shadow);
+
+  &__header {
+    display: flex;
+    align-items: center;
+    justify-content: space-between;
+    margin-bottom: 24px;
+  }
+
+  &__title {
+    font-family: var(--heading);
+    font-size: 20px;
+    font-weight: 500;
+    color: var(--text-h);
+    margin: 0;
+  }
+
+  &__close {
+    background: none;
+    border: none;
+    cursor: pointer;
+    color: var(--text);
+    font-size: 20px;
+    line-height: 1;
+    padding: 4px;
+    border-radius: 4px;
+    &:hover { color: var(--text-h); }
+    &:focus-visible { outline: 2px solid var(--accent); outline-offset: 2px; }
+  }
+
+  &__form {
+    display: flex;
+    flex-direction: column;
+    gap: 16px;
+  }
+
+  &__field {
+    display: flex;
+    flex-direction: column;
+    gap: 5px;
+  }
+
+  &__label {
+    font-size: 13px;
+    font-weight: 500;
+    color: var(--text-h);
+  }
+
+  &__input {
+    font-size: 15px;
+    padding: 9px 12px;
+    border: 1px solid var(--border);
+    border-radius: 6px;
+    background: var(--bg);
+    color: var(--text-h);
+    font-family: var(--sans);
+    transition: border-color 0.2s;
+    width: 100%;
+    box-sizing: border-box;
+
+    &:focus {
+      outline: none;
+      border-color: var(--accent);
+      box-shadow: 0 0 0 3px var(--accent-bg);
+    }
+  }
+
+  &__error {
+    font-size: 13px;
+    color: #ef4444;
+    padding: 8px 12px;
+    background: rgba(239, 68, 68, 0.08);
+    border-radius: 6px;
+    border: 1px solid rgba(239, 68, 68, 0.2);
+  }
+
+  &__submit {
+    margin-top: 4px;
+    padding: 10px 20px;
+    font-size: 15px;
+    font-weight: 500;
+    border-radius: 6px;
+    border: none;
+    background: var(--accent);
+    color: #fff;
+    cursor: pointer;
+    transition: opacity 0.2s;
+    align-self: flex-end;
+    min-width: 100px;
+
+    &:hover:not(:disabled) { opacity: 0.85; }
+    &:disabled { opacity: 0.6; cursor: not-allowed; }
+    &:focus-visible { outline: 2px solid var(--accent); outline-offset: 2px; }
+  }
+}
@@ -0,0 +1,85 @@
+import { useEffect, useRef, useState, type SyntheticEvent } from 'react'
+import { login } from '../api/connections'
+import type { LoginRequest } from '../types/connection'
+import './ConnectModal.scss'
+
+interface Props {
+  serviceType: string
+  label: string
+  onClose: () => void
+  onSuccess: () => void
+}
+
+export function ConnectModal({ serviceType, label, onClose, onSuccess }: Readonly<Props>) {
+  const [appUrl, setAppUrl] = useState('')
+  const [username, setUsername] = useState('')
+  const [password, setPassword] = useState('')
+  const [loading, setLoading] = useState(false)
+  const [error, setError] = useState<string | null>(null)
+  const firstInputRef = useRef<HTMLInputElement>(null)
+
+  const dialogRef = useRef<HTMLDialogElement>(null)
+
+  useEffect(() => {
+    const dialog = dialogRef.current
+    if (!dialog) return
+
+    dialog.showModal()
+    firstInputRef.current?.focus()
+
+    const handleCancel = (e: Event) => {
+      e.preventDefault()
+      onClose()
+    }
+    dialog.addEventListener('cancel', handleCancel)
+    return () => dialog.removeEventListener('cancel', handleCancel)
+  }, [onClose])
+
+  const handleSubmit = async (e: SyntheticEvent<HTMLFormElement>) => {
+    e.preventDefault()
+    setError(null)
+    setLoading(true)
+    try {
+      const req: LoginRequest = { appUrl, serviceType, username, password, stayLoggedIn: true }
+      await login(req)
+      onSuccess()
+    } catch (err) {
+      setError(err instanceof Error ? err.message : 'Login failed')
+    } finally {
+      setLoading(false)
+    }
+  }
+
+  return (
+    <dialog className="modal" ref={dialogRef}>
+      <div className="modal__header">
+        <h2 className="modal__title" id="modal-title">Connect to {label}</h2>
+        <button className="modal__close" onClick={onClose} aria-label="Close">×</button>
+      </div>
+      <form className="modal__form" onSubmit={handleSubmit}>
+        <div className="modal__field">
+          <label className="modal__label" htmlFor="appUrl">App URL</label>
+          <input id="appUrl" ref={firstInputRef} className="modal__input" type="url"
+                  placeholder="https://homebox.example.com"
+                  value={appUrl} onChange={e => setAppUrl(e.target.value)} required />
+        </div>
+        <div className="modal__field">
+          <label className="modal__label" htmlFor="username">Username</label>
+          <input id="username" className="modal__input" type="text"
+                  autoComplete="username"
+                  value={username} onChange={e => setUsername(e.target.value)} required />
+        </div>
+        <div className="modal__field">
+          <label className="modal__label" htmlFor="password">Password</label>
+          <input id="password" className="modal__input" type="password"
+                  autoComplete="current-password"
+                  value={password} onChange={e => setPassword(e.target.value)} required />
+        </div>
+        {error && <p className="modal__error">{error}</p>}
+        <button className="modal__submit" type="submit" disabled={loading}>
+          {loading ? 'Connecting…' : 'Connect'}
+        </button>
+      </form>
+    </dialog>
+  )
+}
@@ -0,0 +1,40 @@
+.dashboard {
+  padding: 40px 40px 60px;
+  display: flex;
+  flex-direction: column;
+  align-items: stretch;
+  flex: 1;
+
+  @media (max-width: 768px) {
+    padding: 24px 20px 40px;
+  }
+
+  &__header {
+    margin-bottom: 32px;
+  }
+
+  &__title {
+    font-size: 32px;
+    letter-spacing: -0.5px;
+    margin: 0 0 4px;
+
+    @media (max-width: 768px) {
+      font-size: 24px;
+    }
+  }
+
+  &__section-label {
+    font-size: 12px;
+    font-weight: 600;
+    letter-spacing: 0.08em;
+    text-transform: uppercase;
+    color: var(--text);
+    margin: 0 0 12px;
+  }
+
+  &__cards {
+    display: flex;
+    flex-direction: column;
+    gap: 12px;
+  }
+}
@@ -0,0 +1,59 @@
+import { useState, useEffect } from "react"
+import { getStatuses, logout } from "../api/connections"
+import type { ConnectionStatus } from "../types/connection"
+import { ServiceCard } from "./ServiceCard"
+import { ConnectModal } from "./ConnectModal"
+import "./Dashboard.scss"
+
+const SERVICES = [
+    { serviceType: 'HOMEBOX', label: 'Homebox', icon: '📦' },
+] as const
+
+export function Dashboard() {
+    const [statuses, setStatuses] = useState<ConnectionStatus[]>([])
+    const [openModal, setOpenModal] = useState<string | null>(null)
+
+    const refresh = () => {
+        getStatuses().then(setStatuses).catch(() => { })
+    }
+
+    useEffect(() => { refresh() }, [])
+
+    const handleDisconnect = (serviceType: string) => {
+        logout(serviceType).then(refresh).catch(() => { })
+    }
+
+    const activeModal = SERVICES.find(s => s.serviceType === openModal)
+
+    return (
+        <div className="dashboard">
+            <div className="dashboard__header">
+                <h1 className="dashboard__title">Vaessl Dashboard</h1>
+            </div>
+
+            <p className="dashboard__section-label">Services</p>
+            <div className="dashboard__cards">
+                {SERVICES.map(({ serviceType, label, icon }) => (
+                    <ServiceCard
+                        key={serviceType}
+                        serviceType={serviceType}
+                        label={label}
+                        icon={icon}
+                        status={statuses.find(s => s.serviceType === serviceType) ?? null}
+                        onConnect={() => setOpenModal(serviceType)}
+                        onDisconnect={() => handleDisconnect(serviceType)}
+                    />
+                ))}
+            </div>
+
+            {activeModal && (
+                <ConnectModal
+                    serviceType={activeModal.serviceType}
+                    label={activeModal.label}
+                    onClose={() => setOpenModal(null)}
+                    onSuccess={() => { setOpenModal(null); refresh() }}
+                />
+            )}
+        </div>
+    )
+}
@@ -0,0 +1,119 @@
+.service-card {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  padding: 20px 24px;
+  border: 1px solid var(--border);
+  border-radius: 10px;
+  background: var(--bg);
+  box-shadow: 0 1px 4px rgba(0, 0, 0, 0.04);
+
+  &__info {
+    display: flex;
+    align-items: center;
+    gap: 16px;
+  }
+
+  &__icon {
+    width: 40px;
+    height: 40px;
+    border-radius: 8px;
+    background: var(--accent-bg);
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    font-size: 20px;
+  }
+
+  &__name {
+    font-family: var(--heading);
+    font-size: 17px;
+    font-weight: 500;
+    color: var(--text-h);
+    margin: 0 0 10px;
+    text-align: left;
+
+  }
+
+  &__meta {
+    font-size: 13px;
+    color: var(--text);
+    margin: 0;
+    display: flex;
+    align-items: center;
+    gap: 8px;
+  }
+
+  &__badge {
+    display: inline-flex;
+    align-items: center;
+    gap: 4px;
+    font-size: 12px;
+    font-weight: 500;
+    padding: 2px 8px;
+    border-radius: 999px;
+
+    &::before {
+      content: '';
+      width: 6px;
+      height: 6px;
+      border-radius: 50%;
+    }
+
+    &--connected {
+      color: #16a34a;
+
+      &::before {
+        background: #16a34a;
+      }
+    }
+
+    &--disconnected {
+      color: var(--text);
+
+      &::before {
+        background: var(--border);
+      }
+    }
+  }
+
+  &__actions {
+    display: flex;
+    gap: 8px;
+  }
+
+  &__btn {
+    font-size: 14px;
+    font-weight: 500;
+    padding: 7px 16px;
+    border-radius: 6px;
+    border: 1px solid transparent;
+    cursor: pointer;
+    transition: box-shadow 0.2s, opacity 0.2s;
+
+    &:hover {
+      opacity: 0.85;
+    }
+
+    &:focus-visible {
+      outline: 2px solid var(--accent);
+      outline-offset: 2px;
+    }
+
+    &--connect {
+      background: var(--accent);
+      color: #fff;
+    }
+
+    &--disconnect {
+      background: transparent;
+      color: var(--text);
+      border-color: var(--border);
+
+      &:hover {
+        border-color: #ef4444;
+        color: #ef4444;
+      }
+    }
+  }
+}
@@ -0,0 +1,52 @@
+import type { ConnectionStatus } from '../types/connection'
+import './ServiceCard.scss'
+
+interface Props {
+  serviceType: string
+  label: string
+  icon: string
+  status: ConnectionStatus | null
+  onConnect: () => void
+  onDisconnect: () => void
+}
+
+export function ServiceCard({ serviceType: _serviceType, label, icon, status, onConnect, onDisconnect }: Readonly<Props>) {
+  const connected = status?.connected ?? false
+
+  const formatExpiry = (iso: string | null) => {
+    if (!iso) return null
+    const d = new Date(iso)
+    return d.toLocaleDateString(undefined, { dateStyle: 'medium' })
+  }
+
+  return (
+    <div className="service-card">
+      <div className="service-card__info">
+        <div className="service-card__icon">{icon}</div>
+        <div>
+          <p className="service-card__name">{label}</p>
+          <p className="service-card__meta">
+            <span className={`service-card__badge service-card__badge--${connected ? 'connected' : 'disconnected'}`}>
+              {connected ? 'Connected' : 'Not connected'}
+            </span>
+            {connected && status?.username && <span>{status.username}</span>}
+            {connected && status?.expiresAt && (
+              <span>· expires {formatExpiry(status.expiresAt)}</span>
+            )}
+          </p>
+        </div>
+      </div>
+      <div className="service-card__actions">
+        {connected ? (
+          <button className="service-card__btn service-card__btn--disconnect" onClick={onDisconnect}>
+            Disconnect
+          </button>
+        ) : (
+          <button className="service-card__btn service-card__btn--connect" onClick={onConnect}>
+            Connect
+          </button>
+        )}
+      </div>
+    </div>
+  )
+}
@@ -0,0 +1,111 @@
+:root {
+  --text: #6b6375;
+  --text-h: #08060d;
+  --bg: #fff;
+  --border: #e5e4e7;
+  --code-bg: #f4f3ec;
+  --accent: #aa3bff;
+  --accent-bg: rgba(170, 59, 255, 0.1);
+  --accent-border: rgba(170, 59, 255, 0.5);
+  --social-bg: rgba(244, 243, 236, 0.5);
+  --shadow:
+    rgba(0, 0, 0, 0.1) 0 10px 15px -3px, rgba(0, 0, 0, 0.05) 0 4px 6px -2px;
+
+  --sans: system-ui, 'Segoe UI', Roboto, sans-serif;
+  --heading: system-ui, 'Segoe UI', Roboto, sans-serif;
+  --mono: ui-monospace, Consolas, monospace;
+
+  font: 18px/145% var(--sans);
+  letter-spacing: 0.18px;
+  color-scheme: light dark;
+  color: var(--text);
+  background: var(--bg);
+  font-synthesis: none;
+  text-rendering: optimizeLegibility;
+  -webkit-font-smoothing: antialiased;
+  -moz-osx-font-smoothing: grayscale;
+
+  @media (max-width: 1024px) {
+    font-size: 16px;
+  }
+}
+
+@media (prefers-color-scheme: dark) {
+  :root {
+    --text: #9ca3af;
+    --text-h: #f3f4f6;
+    --bg: #16171d;
+    --border: #2e303a;
+    --code-bg: #1f2028;
+    --accent: #c084fc;
+    --accent-bg: rgba(192, 132, 252, 0.15);
+    --accent-border: rgba(192, 132, 252, 0.5);
+    --social-bg: rgba(47, 48, 58, 0.5);
+    --shadow:
+      rgba(0, 0, 0, 0.4) 0 10px 15px -3px, rgba(0, 0, 0, 0.25) 0 4px 6px -2px;
+  }
+
+  #social .button-icon {
+    filter: invert(1) brightness(2);
+  }
+}
+
+#root {
+  width: 1126px;
+  max-width: 100%;
+  margin: 0 auto;
+  text-align: center;
+  border-inline: 1px solid var(--border);
+  min-height: 100svh;
+  display: flex;
+  flex-direction: column;
+  box-sizing: border-box;
+}
+
+body {
+  margin: 0;
+}
+
+h1,
+h2 {
+  font-family: var(--heading);
+  font-weight: 500;
+  color: var(--text-h);
+}
+
+h1 {
+  font-size: 56px;
+  letter-spacing: -1.68px;
+  margin: 32px 0;
+  @media (max-width: 1024px) {
+    font-size: 36px;
+    margin: 20px 0;
+  }
+}
+h2 {
+  font-size: 24px;
+  line-height: 118%;
+  letter-spacing: -0.24px;
+  margin: 0 0 8px;
+  @media (max-width: 1024px) {
+    font-size: 20px;
+  }
+}
+p {
+  margin: 0;
+}
+
+code,
+.counter {
+  font-family: var(--mono);
+  display: inline-flex;
+  border-radius: 4px;
+  color: var(--text-h);
+}
+
+code {
+  font-size: 15px;
+  line-height: 135%;
+  padding: 4px 8px;
+  background: var(--code-bg);
+}
@@ -0,0 +1,10 @@
+import { StrictMode } from 'react'
+import { createRoot } from 'react-dom/client'
+import './index.css'
+import App from './App.tsx'
+
+createRoot(document.getElementById('root')!).render(
+  <StrictMode>
+    <App />
+  </StrictMode>,
+)
@@ -0,0 +1,20 @@
+export interface LoginRequest {
+  appUrl: string
+  serviceType: string
+  username: string
+  password: string
+  stayLoggedIn: boolean
+}
+
+export interface AuthResponse {
+  serviceType: string
+  expiresAt: string
+}
+
+export interface ConnectionStatus {
+  serviceType: string
+  appUrl: string
+  username: string
+  expiresAt: string | null
+  connected: boolean
+}
@@ -0,0 +1,7 @@
+import { it, expect, describe } from 'vitest'
+
+describe('group', () => {
+    it('should', () => {
+        expect(1).toBeTruthy();
+    })
+})
@@ -0,0 +1,28 @@
+{
+  "compilerOptions": {
+    "tsBuildInfoFile": "./node_modules/.tmp/tsconfig.app.tsbuildinfo",
+    "target": "ES2023",
+    "useDefineForClassFields": true,
+    "lib": ["ES2023", "DOM", "DOM.Iterable"],
+    "module": "ESNext",
+    "types": ["vite/client"],
+    "skipLibCheck": true,
+
+    /* Bundler mode */
+    "moduleResolution": "bundler",
+    "allowImportingTsExtensions": true,
+    "verbatimModuleSyntax": true,
+    "moduleDetection": "force",
+    "noEmit": true,
+    "jsx": "react-jsx",
+
+    /* Linting */
+    "strict": true,
+    "noUnusedLocals": true,
+    "noUnusedParameters": true,
+    "erasableSyntaxOnly": true,
+    "noFallthroughCasesInSwitch": true,
+    "noUncheckedSideEffectImports": true
+  },
+  "include": ["src"]
+}
@@ -0,0 +1,7 @@
+{
+  "files": [],
+  "references": [
+    { "path": "./tsconfig.app.json" },
+    { "path": "./tsconfig.node.json" }
+  ]
+}
@@ -0,0 +1,26 @@
+{
+  "compilerOptions": {
+    "tsBuildInfoFile": "./node_modules/.tmp/tsconfig.node.tsbuildinfo",
+    "target": "ES2023",
+    "lib": ["ES2023"],
+    "module": "ESNext",
+    "types": ["node"],
+    "skipLibCheck": true,
+
+    /* Bundler mode */
+    "moduleResolution": "bundler",
+    "allowImportingTsExtensions": true,
+    "verbatimModuleSyntax": true,
+    "moduleDetection": "force",
+    "noEmit": true,
+
+    /* Linting */
+    "strict": true,
+    "noUnusedLocals": true,
+    "noUnusedParameters": true,
+    "erasableSyntaxOnly": true,
+    "noFallthroughCasesInSwitch": true,
+    "noUncheckedSideEffectImports": true
+  },
+  "include": ["vite.config.ts"]
+}
@@ -0,0 +1,21 @@
+import { defineConfig, loadEnv } from 'vite'
+import react from '@vitejs/plugin-react'
+
+export default defineConfig(({ mode }) => {
+  const env = loadEnv(mode, process.cwd(), '');
+
+  return {
+    plugins: [react()],
+    server: {
+      host: '0.0.0.0',
+      port: 5173,
+      allowedHosts: env.FRONTEND_URL ? [env.FRONTEND_URL] : [],
+      proxy: {
+        '/api': {
+          target: 'http://localhost:8080',
+          changeOrigin: true,
+        },
+      },
+    },
+  }
+})
@@ -0,0 +1,18 @@
+import { defineConfig } from 'vitest/config'
+import { loadEnv } from 'vite'
+
+export default defineConfig(({mode}) => {
+    const env = loadEnv(mode, process.cwd(), '')
+
+    return {
+        server: {
+            port: 51204,
+            host: '0.0.0.0',
+            allowedHosts: env.VITEST_PUBLIC_URL ? [env.VITEST_PUBLIC_URL] : [],
+        },
+        test: {
+            environment: 'jsdom',
+            env: loadEnv(mode, process.cwd(), '')
+        }
+    }
+});
Author	SHA1	Message	Date
kasun	f3fe9901c5	changed doc title	2026-05-20 04:43:51 +02:00
kasun	c461aa81cc	Merge pull request 'changed hibernate schema creation for test db' (#37 ) from enhancement/reorganize-databases into main Reviewed-on: #37	2026-05-20 04:40:45 +02:00
kasun	856fa9e166	updated local postgresql database and updated doc for pgvector db creation	2026-05-20 04:39:29 +02:00
kasun	7ce01dff0b	changed hibernate schema creation for test db	2026-05-20 04:38:46 +02:00
kasun	463fbd8332	added focus to first input field of modal	2026-05-13 17:33:08 +02:00
kasun	0cce4727e5	fixed indentation	2026-05-13 16:44:45 +02:00
kasun	83427b4f6b	revsied documentation according to progress made	2026-05-12 20:23:39 +02:00
kasun	4aa3d0134c	revised CLAUDE.md	2026-05-12 20:23:20 +02:00
kasun	0eb135249e	fixed typos	2026-05-12 18:27:46 +02:00
kasun	1bada8d83e	upgraded Spring Boot version from 4.0.5 to 4.0.6	2026-05-12 18:22:10 +02:00
kasun	b55fcf19f2	Merge pull request 'add feature with claude code' (#34 ) from infrastructure/Evaluate-feasibility-of-a-paid-code-assistant into main Reviewed-on: #34	2026-05-10 03:50:50 +02:00
kasun	a8e39d8f09	changed cors config to use env variables	2026-05-10 03:49:41 +02:00
kasun	2c766b10a3	added doc for claude code implementation	2026-05-10 03:32:16 +02:00
kasun	43bbcece7a	add session-based connection management and React dashboard Backend: adds JDBC session support, login/status/logout endpoints, and new DTOs (AuthResponse, ConnectionStatusResponse, LoginResult). Frontend replaces the Vite boilerplate with a Dashboard, ServiceCard, and ConnectModal backed by a typed API client. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-10 03:30:36 +02:00
kasun	0127706262	added doc for adding claude code to path	2026-04-22 19:03:06 +02:00
kasun	2cbb8b7467	add CLAUDE.md with architecture and development guidance Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-22 18:58:12 +02:00
kasun	4a256c8086	added stack illustration to Readme.md	2026-04-11 21:51:41 +02:00
kasun	ae3e699938	Merge branch 'doc/Update-the-cover-Readme.md'	2026-04-11 14:55:17 +02:00
kasun	7b21011f5a	updated README.MD	2026-04-11 14:49:22 +02:00
kasun	750dda897d	Merge pull request 'feature/implement-external-login-api' (#30 ) from feature/implement-external-login-api into main Reviewed-on: #30	2026-04-09 21:21:58 +02:00
kasun	01fa3e4267	added integration test for missing creds	2026-04-09 21:18:52 +02:00
kasun	a1ebb1be21	format	2026-04-09 21:18:40 +02:00
kasun	7de38afec2	added ConnectionService and HomeboxProvider tests	2026-04-09 21:11:17 +02:00
kasun	a5c1931a2a	removed apikey variable from homebox test	2026-04-09 21:09:27 +02:00
kasun	3e80b81e07	added comment	2026-04-08 22:35:59 +02:00
kasun	ef4ee70aac	added WrongServiceTypeException	2026-04-08 22:33:04 +02:00
kasun	00bb929f22	format	2026-04-08 22:32:06 +02:00
kasun	c553735653	removed main test	2026-04-08 22:31:36 +02:00
kasun	680e5f0abd	revised exception handling for empty fields.	2026-04-08 20:57:27 +02:00
kasun	2000278f1a	got rid if Map and added username, password and apikey to request body	2026-04-08 20:51:14 +02:00
kasun	702e6bb973	revised HBTest to match new request body	2026-04-08 20:49:28 +02:00
kasun	8a5f7c2bf8	added username to ConnectionEntity	2026-04-08 20:48:21 +02:00
kasun	3e4a1f92b1	added username for uniqueness of connection db entry	2026-04-08 17:38:42 +02:00
kasun	c59f2598b0	added final fileds	2026-04-08 02:22:07 +02:00
kasun	30784fa756	format	2026-04-08 02:21:55 +02:00
kasun	da0411f5d1	corrected typo	2026-04-06 11:51:03 +02:00
kasun	240a366ce8	added login logic excl refresh call	2026-04-06 05:02:46 +02:00
kasun	9c3e1469c7	added ApplicationTests	2026-04-06 03:51:36 +02:00
kasun	ba7887f6b2	updated spring boot version	2026-04-06 02:09:58 +02:00
kasun	8b1a604dc2	renamed enum classes	2026-04-06 01:28:31 +02:00
kasun	be0821b0be	replaced constructor with requiredArgsConstructor annotation	2026-04-04 23:15:38 +02:00
kasun	913f3c75f1	made improvements	2026-04-03 21:28:00 +02:00
kasun	0169cf04b6	refactored connection classes to be more generic and accept credentials of different apps.	2026-04-03 02:58:34 +02:00
kasun	ab1d7e68f5	added rest path	2026-04-02 20:28:34 +02:00
kasun	2387d41ebb	changed format	2026-03-30 22:43:07 +02:00
kasun	c15c7a0d61	added ErrorMessages enum	2026-03-30 22:41:41 +02:00
kasun	bda9391c75	changed format	2026-03-30 21:30:19 +02:00
kasun	6267e18478	changed format	2026-03-30 20:42:48 +02:00
kasun	79379b238a	changes test name added comment	2026-03-30 20:42:39 +02:00
kasun	75b6995b94	added post request to achieve login response with tokens	2026-03-30 05:07:51 +02:00
kasun	8128ab829f	added additional .env.local file import pathes	2026-03-30 05:05:57 +02:00
kasun	8da3b14e40	added wiremock dependency for remote api testing	2026-03-30 05:05:24 +02:00
kasun	55508a27bb	Merge pull request 'added api client setup doc' (#28 ) from setup-Hoppscotch-instance into main Reviewed-on: #28	2026-03-27 13:21:22 +01:00
kasun	892cbdacd2	added api client setup doc	2026-03-27 13:21:01 +01:00
kasun	c311e26a77	Merge pull request 'added litellm setup doc' (#26 ) from setup-litell-instance into main Reviewed-on: #26	2026-03-27 03:32:37 +01:00
kasun	ae10480ed5	added litellm setup doc	2026-03-27 03:31:55 +01:00
kasun	0c13b134ab	renamed env file	2026-03-26 21:25:51 +01:00
kasun	84fe628656	Merge pull request 'establish-testing-strategy' (#25 ) from establish-testing-strategy into main Reviewed-on: #25	2026-03-26 21:14:16 +01:00
kasun	f7cf4360c0	added frontend test environment	2026-03-26 21:13:04 +01:00
kasun	9228e335e4	updated vite gitignore	2026-03-25 02:42:36 +01:00
kasun	e0739cf89a	revised spring boot docs to match testing strategy	2026-03-25 02:37:37 +01:00
kasun	8e48941870	made gradlew executable	2026-03-25 02:03:00 +01:00
kasun	f20221fd8d	changed ddl-auto of main db	2026-03-25 01:54:26 +01:00
kasun	3f579799af	setup testing environment with test-db, added test	2026-03-25 01:53:42 +01:00
kasun	dae8b21c77	revised code-server config dock	2026-03-25 00:33:23 +01:00
kasun	2b93165395	replaced frontend port with vite port	2026-03-25 00:31:14 +01:00
kasun	dfcb6cc2c1	remove compose.yaml	2026-03-25 00:30:42 +01:00
kasun	99fe65fb57	removed docker compose dependency and added dedicated pgvector db	2026-03-25 00:30:21 +01:00
kasun	dd7d468063	fixed format	2026-03-24 04:27:21 +01:00
kasun	94d77e8843	Merge pull request 'setup-frontend-environment' (#21 ) from setup-frontend-environment into main Reviewed-on: #21	2026-03-24 04:21:46 +01:00
kasun	89b4a297fe	added frontend config doc	2026-03-24 04:20:55 +01:00
kasun	1aa413022f	revised necessary packages for vite	2026-03-24 04:08:01 +01:00
kasun	fd91198315	added server config for local development	2026-03-24 03:57:24 +01:00
kasun	6df798c403	added initial vite project	2026-03-24 03:56:47 +01:00
kasun	6d9942d532	changed frontend framework from next.js to vite	2026-03-24 03:25:55 +01:00
kasun	0c88e3fd5a	Merge pull request 'setup-spring-boot' (#20 ) from setup-spring-boot into main Reviewed-on: #20	2026-03-23 23:49:10 +01:00
kasun	fcdc1d0b50	added doc for spring boot setup	2026-03-23 23:46:33 +01:00
kasun	95c3362f0f	commented out spring security dependency for now	2026-03-23 23:46:17 +01:00
kasun	66e1a32ade	fixed typo	2026-03-20 13:54:29 +01:00
				`@@ -0,0 +1 @@`
				<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" aria-hidden="true" role="img" class="iconify iconify--logos" width="35.93" height="32" preserveAspectRatio="xMidYMid meet" viewBox="0 0 256 228"><path fill="#00D8FF" d="M210.483 73.824a171.49 171.49 0 0 0-8.24-2.597c.465-1.9.893-3.777 1.273-5.621c6.238-30.281 2.16-54.676-11.769-62.708c-13.355-7.7-35.196.329-57.254 19.526a171.23 171.23 0 0 0-6.375 5.848a155.866 155.866 0 0 0-4.241-3.917C100.759 3.829 77.587-4.822 63.673 3.233C50.33 10.957 46.379 33.89 51.995 62.588a170.974 170.974 0 0 0 1.892 8.48c-3.28.932-6.445 1.924-9.474 2.98C17.309 83.498 0 98.307 0 113.668c0 15.865 18.582 31.778 46.812 41.427a145.52 145.52 0 0 0 6.921 2.165a167.467 167.467 0 0 0-2.01 9.138c-5.354 28.2-1.173 50.591 12.134 58.266c13.744 7.926 36.812-.22 59.273-19.855a145.567 145.567 0 0 0 5.342-4.923a168.064 168.064 0 0 0 6.92 6.314c21.758 18.722 43.246 26.282 56.54 18.586c13.731-7.949 18.194-32.003 12.4-61.268a145.016 145.016 0 0 0-1.535-6.842c1.62-.48 3.21-.974 4.76-1.488c29.348-9.723 48.443-25.443 48.443-41.52c0-15.417-17.868-30.326-45.517-39.844Zm-6.365 70.984c-1.4.463-2.836.91-4.3 1.345c-3.24-10.257-7.612-21.163-12.963-32.432c5.106-11 9.31-21.767 12.459-31.957c2.619.758 5.16 1.557 7.61 2.4c23.69 8.156 38.14 20.213 38.14 29.504c0 9.896-15.606 22.743-40.946 31.14Zm-10.514 20.834c2.562 12.94 2.927 24.64 1.23 33.787c-1.524 8.219-4.59 13.698-8.382 15.893c-8.067 4.67-25.32-1.4-43.927-17.412a156.726 156.726 0 0 1-6.437-5.87c7.214-7.889 14.423-17.06 21.459-27.246c12.376-1.098 24.068-2.894 34.671-5.345a134.17 134.17 0 0 1 1.386 6.193ZM87.276 214.515c-7.882 2.783-14.16 2.863-17.955.675c-8.075-4.657-11.432-22.636-6.853-46.752a156.923 156.923 0 0 1 1.869-8.499c10.486 2.32 22.093 3.988 34.498 4.994c7.084 9.967 14.501 19.128 21.976 27.15a134.668 134.668 0 0 1-4.877 4.492c-9.933 8.682-19.886 14.842-28.658 17.94ZM50.35 144.747c-12.483-4.267-22.792-9.812-29.858-15.863c-6.35-5.437-9.555-10.836-9.555-15.216c0-9.322 13.897-21.212 37.076-29.293c2.813-.98 5.757-1.905 8.812-2.773c3.204 10.42 7.406 21.315 12.477 32.332c-5.137 11.18-9.399 22.249-12.634 32.792a134.718 134.718 0 0 1-6.318-1.979Zm12.378-84.26c-4.811-24.587-1.616-43.134 6.425-47.789c8.564-4.958 27.502 2.111 47.463 19.835a144.318 144.318 0 0 1 3.841 3.545c-7.438 7.987-14.787 17.08-21.808 26.988c-12.04 1.116-23.565 2.908-34.161 5.309a160.342 160.342 0 0 1-1.76-7.887Zm110.427 27.268a347.8 347.8 0 0 0-7.785-12.803c8.168 1.033 15.994 2.404 23.343 4.08c-2.206 7.072-4.956 14.465-8.193 22.045a381.151 381.151 0 0 0-7.365-13.322Zm-45.032-43.861c5.044 5.465 10.096 11.566 15.065 18.186a322.04 322.04 0 0 0-30.257-.006c4.974-6.559 10.069-12.652 15.192-18.18ZM82.802 87.83a323.167 323.167 0 0 0-7.227 13.238c-3.184-7.553-5.909-14.98-8.134-22.152c7.304-1.634 15.093-2.97 23.209-3.984a321.524 321.524 0 0 0-7.848 12.897Zm8.081 65.352c-8.385-.936-16.291-2.203-23.593-3.793c2.26-7.3 5.045-14.885 8.298-22.6a321.187 321.187 0 0 0 7.257 13.246c2.594 4.48 5.28 8.868 8.038 13.147Zm37.542 31.03c-5.184-5.592-10.354-11.779-15.403-18.433c4.902.192 9.899.29 14.978.29c5.218 0 10.376-.117 15.453-.343c-4.985 6.774-10.018 12.97-15.028 18.486Zm52.198-57.817c3.422 7.8 6.306 15.345 8.596 22.52c-7.422 1.694-15.436 3.058-23.88 4.071a382.417 382.417 0 0 0 7.859-13.026a347.403 347.403 0 0 0 7.425-13.565Zm-16.898 8.101a358.557 358.557 0 0 1-12.281 19.815a329.4 329.4 0 0 1-23.444.823c-7.967 0-15.716-.248-23.178-.732a310.202 310.202 0 0 1-12.513-19.846h.001a307.41 307.41 0 0 1-10.923-20.627a310.278 310.278 0 0 1 10.89-20.637l-.001.001a307.318 307.318 0 0 1 12.413-19.761c7.613-.576 15.42-.876 23.31-.876H128c7.926 0 15.743.303 23.354.883a329.357 329.357 0 0 1 12.335 19.695a358.489 358.489 0 0 1 11.036 20.54a329.472 329.472 0 0 1-11 20.722Zm22.56-122.124c8.572 4.944 11.906 24.881 6.52 51.026c-.344 1.668-.73 3.367-1.15 5.09c-10.622-2.452-22.155-4.275-34.23-5.408c-7.034-10.017-14.323-19.124-21.64-27.008a160.789 160.789 0 0 1 5.888-5.4c18.9-16.447 36.564-22.941 44.612-18.3ZM128 90.808c12.625 0 22.86 10.235 22.86 22.86s-10.235 22.86-22.86 22.86s-22.86-10.235-22.86-22.86s10.235-22.86 22.86-22.86Z"></path></svg>