|
1 | | -# AutiSense — Deployment Reference |
| 1 | +# AutiSense — Setup Guide |
2 | 2 |
|
3 | | -> Quick reference for the deployed AWS infrastructure. No secrets stored here. |
| 3 | +## Quick Start |
4 | 4 |
|
5 | | ---- |
6 | | - |
7 | | -## Live Application |
8 | | - |
9 | | -| | | |
10 | | -|---|---| |
11 | | -| **URL** | https://main.d2n7pu2vtgi8yc.amplifyapp.com | |
12 | | -| **Amplify App ID** | `d2n7pu2vtgi8yc` | |
13 | | -| **Region** | ap-south-1 (Mumbai) | |
14 | | -| **GitHub** | https://github.com/Partha-dev01/AutiSense_2 | |
15 | | -| **Auto-deploy** | Pushes to `main` trigger automatic builds | |
16 | | - |
17 | | ---- |
18 | | - |
19 | | -## AWS Resources |
20 | | - |
21 | | -| Service | Resource | Region | |
22 | | -|---------|----------|--------| |
23 | | -| DynamoDB | 7 tables (`autisense-*`) | ap-south-1 | |
24 | | -| S3 | `autisense-models-762099405044` (4 ONNX models) | ap-south-1 | |
25 | | -| Bedrock | Nova Lite + Nova Pro | us-east-1 | |
26 | | -| Polly | Joanna (Neural voice) | ap-south-1 | |
27 | | -| Amplify | WEB_COMPUTE (Next.js SSR) | ap-south-1 | |
28 | | -| IAM | `autisense-app` user + `AutiSenseAmplifyRole` | Global | |
29 | | -| Budgets | $10/month alarm | Global | |
30 | | - |
31 | | ---- |
| 5 | +```bash |
| 6 | +git clone https://github.com/Partha-dev01/AutiSense_2.git |
| 7 | +cd AutiSense_2 |
| 8 | +npm install |
| 9 | +cp .env.local.example .env.local |
| 10 | +# Fill in .env.local with your values |
| 11 | +npm run dev |
| 12 | +``` |
32 | 13 |
|
33 | 14 | ## Environment Variables |
34 | 15 |
|
35 | | -### CRITICAL: Amplify SSR Env Var Behavior |
| 16 | +See [`.env.local.example`](../.env.local.example) for the full list of required variables. |
36 | 17 |
|
37 | | -> **Amplify WEB_COMPUTE injects environment variables into the BUILD container but NOT into the SSR Lambda runtime.** |
| 18 | +The app works **without AWS credentials** — all API routes have template/fallback responses. |
38 | 19 |
|
39 | | -This means `process.env.MY_VAR` will be `undefined` at request time in API routes and server components unless you handle it explicitly. |
| 20 | +### Local Development |
40 | 21 |
|
41 | | -**How we solve this:** All non-AWS env vars are listed in `next.config.ts` under the `env` property. This tells Next.js to inline them at **build time** into the server bundle, so they're available when the Lambda handles requests. |
42 | | - |
43 | | -```ts |
44 | | -// next.config.ts |
45 | | -env: { |
46 | | - GOOGLE_CLIENT_ID: process.env.GOOGLE_CLIENT_ID ?? "", |
47 | | - GOOGLE_CLIENT_SECRET: process.env.GOOGLE_CLIENT_SECRET ?? "", |
48 | | - // ... all 13 vars listed here |
49 | | -}, |
| 22 | +For local AWS access, configure the AWS CLI profile or set these in `.env.local`: |
50 | 23 | ``` |
51 | | - |
52 | | -**AWS credentials (`AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `AWS_REGION`)** are NOT listed in `env` — Lambda provides these automatically via the IAM execution role (`AutiSenseAmplifyRole`). |
53 | | - |
54 | | -### Adding a New Environment Variable |
55 | | - |
56 | | -When you add a new env var to the app: |
57 | | - |
58 | | -1. **Set it in Amplify Console** → App settings → Environment variables |
59 | | -2. **Add it to `next.config.ts` `env` block** (unless it starts with `AWS_` or `NEXT_PUBLIC_`) |
60 | | -3. **Add it to `.env.local`** for local development |
61 | | -4. **Push and redeploy** — the build step will inline the value |
62 | | - |
63 | | -If you skip step 2, the variable will be available during `npm run build` but **undefined** when handling requests. |
64 | | - |
65 | | -### Current Environment Variables |
66 | | - |
67 | | -| Variable | Set In | Purpose | |
68 | | -|----------|--------|---------| |
69 | | -| `GOOGLE_CLIENT_ID` | Amplify + next.config.ts | Google OAuth app ID | |
70 | | -| `GOOGLE_CLIENT_SECRET` | Amplify + next.config.ts | Google OAuth secret | |
71 | | -| `NEXT_PUBLIC_APP_URL` | Amplify + next.config.ts | App base URL (for OAuth redirects) | |
72 | | -| `BEDROCK_REGION` | Amplify + next.config.ts | Bedrock model region (us-east-1) | |
73 | | -| `POLLY_REGION` | Amplify + next.config.ts | Polly voice region (ap-south-1) | |
74 | | -| `S3_MODELS_BUCKET` | Amplify + next.config.ts | S3 bucket for ONNX models | |
75 | | -| `DYNAMODB_*` (7 tables) | Amplify + next.config.ts | DynamoDB table names | |
76 | | -| `APP_ACCESS_KEY_ID` | Amplify + next.config.ts | IAM user access key (Amplify blocks `AWS_*`) | |
77 | | -| `APP_SECRET_ACCESS_KEY` | Amplify + next.config.ts | IAM user secret key | |
78 | | -| `APP_REGION` | Amplify + next.config.ts | AWS region for SDK clients | |
79 | | - |
80 | | -### Google OAuth Setup |
81 | | - |
82 | | -| Setting | Value | |
83 | | -|---------|-------| |
84 | | -| **Google Cloud Console** | APIs & Services → Credentials → OAuth 2.0 Client IDs | |
85 | | -| **Authorized redirect URI** | `https://main.d2n7pu2vtgi8yc.amplifyapp.com/api/auth/callback/google` | |
86 | | -| **Scopes** | `openid email profile` | |
87 | | - |
88 | | -The redirect URI is constructed from `NEXT_PUBLIC_APP_URL` + `/api/auth/callback/google`. No separate `GOOGLE_REDIRECT_URI` env var is needed. |
89 | | - |
90 | | ---- |
91 | | - |
92 | | -## AWS SDK Credential Handling |
93 | | - |
94 | | -Amplify WEB_COMPUTE does **not** expose IAM role credentials to the SSR Lambda runtime. We use custom-named env vars (`APP_ACCESS_KEY_ID`, `APP_SECRET_ACCESS_KEY`, `APP_REGION`) because Amplify reserves the `AWS_*` prefix. |
95 | | - |
96 | | -All SDK clients use the shared helper in `app/lib/aws/credentials.ts`: |
97 | | - |
98 | | -```ts |
99 | | -import { getAppCredentials, getAppRegion } from "@/app/lib/aws/credentials"; |
100 | | - |
101 | | -const credentials = getAppCredentials(); |
102 | | -new DynamoDBClient({ |
103 | | - region: getAppRegion("ap-south-1"), |
104 | | - ...(credentials && { credentials }), |
105 | | -}); |
| 24 | +AWS_REGION=ap-south-1 |
| 25 | +AWS_ACCESS_KEY_ID=<your-key> |
| 26 | +AWS_SECRET_ACCESS_KEY=<your-secret> |
106 | 27 | ``` |
107 | 28 |
|
108 | | -This falls back to the SDK default provider chain when `APP_*` vars are not set (e.g., local dev with `AWS_*` in `.env.local`). |
| 29 | +### Production (AWS Amplify) |
109 | 30 |
|
110 | | ---- |
| 31 | +Environment variables are configured in the Amplify Console: |
| 32 | +- **App-level**: AWS credentials (`APP_*` prefix — Amplify blocks `AWS_*`) |
| 33 | +- **Branch-level**: Google OAuth, DynamoDB table names, Bedrock/Polly regions |
111 | 34 |
|
112 | | -## How to Redeploy |
| 35 | +> **Warning**: `aws amplify update-app --environment-variables` REPLACES the entire map. Always pass ALL vars when using the CLI. Use the Amplify Console UI for safer edits. |
113 | 36 |
|
114 | | -Push to `main` or run: |
| 37 | +## Testing |
115 | 38 |
|
116 | 39 | ```bash |
117 | | -aws amplify start-job --app-id d2n7pu2vtgi8yc --branch-name main --job-type RELEASE --region ap-south-1 |
| 40 | +npm run test:unit # Vitest unit tests (68 tests) |
| 41 | +npx playwright test # Playwright E2E tests (97 tests) |
| 42 | +npm run lint # ESLint |
| 43 | +npm run type-check # TypeScript |
118 | 44 | ``` |
119 | 45 |
|
120 | | ---- |
121 | | - |
122 | | -## Troubleshooting |
123 | | - |
124 | | -### "Google OAuth is not configured" on deployed site |
125 | | - |
126 | | -**Cause:** `process.env.GOOGLE_CLIENT_ID` is undefined in the Lambda runtime. |
127 | | - |
128 | | -**Fix:** Ensure the variable is listed in both: |
129 | | -1. Amplify Console → Environment variables |
130 | | -2. `next.config.ts` → `env` block |
131 | | - |
132 | | -Then redeploy. |
133 | | - |
134 | | -### AWS API calls failing with "AccessDenied" or "InvalidIdentityToken" |
135 | | - |
136 | | -**Cause:** Explicit credentials passed to SDK client without session token. |
137 | | - |
138 | | -**Fix:** Remove `credentials: { accessKeyId, secretAccessKey }` from SDK client constructors. Let the SDK auto-detect credentials. |
139 | | - |
140 | | -### Tests fail with "ERR_CONNECTION_REFUSED" |
141 | | - |
142 | | -**Cause:** Another `next dev` process holds `.next/dev/lock`. |
143 | | - |
144 | | -**Fix:** Kill all Node processes (`taskkill /f /im node.exe` on Windows) or delete `.next/dev/lock`. |
145 | | - |
146 | | -### ESLint CI check fails |
| 46 | +## Deployment |
147 | 47 |
|
148 | | -**Cause:** React 19 strict lint rules (`react-hooks/*`) introduced in `eslint-config-next`. |
| 48 | +Pushes to `main` auto-deploy via GitHub webhook to AWS Amplify. |
149 | 49 |
|
150 | | -**Fix:** Rules are configured in `eslint.config.mjs`. If new violations appear after updating Next.js, check if hooks ordering or ref patterns need adjustment. |
151 | | - |
152 | | -### Google sign-in enters a redirect loop |
153 | | - |
154 | | -**Cause:** DynamoDB auth tables have wrong primary key names, or env vars were wiped. |
155 | | - |
156 | | -**Fix:** Verify table schemas match what the code expects: |
157 | | -- `autisense-users`: PK = `id` (string), GSI = `email-index` on `email` |
158 | | -- `autisense-auth-sessions`: PK = `token` (string), TTL on `expiresAt` |
159 | | - |
160 | | -Also verify all 16 Amplify env vars are set (see below). |
161 | | - |
162 | | ---- |
163 | | - |
164 | | -## Critical Warnings |
165 | | - |
166 | | -### `aws amplify update-app --environment-variables` REPLACES ALL vars |
167 | | - |
168 | | -**The `--environment-variables` flag REPLACES the entire env var map.** It does not append. |
169 | | - |
170 | | -If you run: |
171 | 50 | ```bash |
172 | | -aws amplify update-app --environment-variables NEW_VAR=value |
173 | | -``` |
174 | | -This **deletes every other env var** and sets only `NEW_VAR`. Always include ALL existing vars when updating. |
175 | | - |
176 | | -**Safe pattern:** |
177 | | -```bash |
178 | | -aws amplify get-app --app-id d2n7pu2vtgi8yc --region ap-south-1 \ |
179 | | - --query "app.environmentVariables" |
180 | | -# Copy all existing vars, add your new one, then update with the full list |
181 | | -``` |
182 | | - |
183 | | -### DynamoDB Table Key Schema Must Match Code |
184 | | - |
185 | | -The auth code in `app/lib/auth/dynamodb.ts` uses these exact key names: |
186 | | -- `autisense-users` table: PK must be `id` (NOT `userId`) |
187 | | -- `autisense-auth-sessions` table: PK must be `token` (NOT `sessionToken`) |
188 | | - |
189 | | -If tables are created with different key names, all DynamoDB operations fail silently and auth falls back to in-memory (which doesn't persist across Lambda instances). |
190 | | - |
191 | | -### All 16 Required Amplify Environment Variables |
192 | | - |
| 51 | +# Manual redeploy |
| 52 | +aws amplify start-job --app-id <APP_ID> --branch-name main --job-type RELEASE --region ap-south-1 |
193 | 53 | ``` |
194 | | -GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET, NEXT_PUBLIC_APP_URL, |
195 | | -BEDROCK_REGION, POLLY_REGION, S3_MODELS_BUCKET, |
196 | | -DYNAMODB_SESSIONS_TABLE, DYNAMODB_BIOMARKERS_TABLE, |
197 | | -DYNAMODB_USERS_TABLE, DYNAMODB_AUTH_SESSIONS_TABLE, |
198 | | -DYNAMODB_CHILD_PROFILES_TABLE, DYNAMODB_SESSION_SUMMARIES_TABLE, |
199 | | -DYNAMODB_FEED_POSTS_TABLE, |
200 | | -APP_ACCESS_KEY_ID, APP_SECRET_ACCESS_KEY, APP_REGION |
201 | | -``` |
202 | | - |
203 | | ---- |
204 | | - |
205 | | -## Changelog |
206 | | - |
207 | | -### 2026-03-06 — Mobile UI Fixes, Emotion Quiz, Feed Redesign |
208 | | - |
209 | | -**Issues fixed (8 items from mobile testing):** |
210 | | - |
211 | | -1. **UserMenu dropdown overlap** — Added semi-transparent backdrop overlay behind dropdown for visual separation on mobile. Clicking backdrop closes menu. |
212 | | - - `app/components/UserMenu.tsx` |
213 | | - |
214 | | -2. **Emotion Match → Emotion Quiz** — Replaced card-flip matching game (identical to Memory game) with scenario-based Emotion Quiz. 20 scenarios, 5 emotion choices, adaptive difficulty, sound feedback. Now correctly saves game activity + updates streak. |
215 | | - - `app/games/emotion-match/page.tsx` (full rewrite) |
216 | | - - `app/kid-dashboard/games/page.tsx` (updated description) |
217 | | - - `app/kid-dashboard/page.tsx` (updated card emoji/title) |
218 | | - |
219 | | -3. **Streak not updating** — Fixed childId mismatch: dashboard used `""` fallback but games used `"default"`. Changed dashboard fallback to `"default"`. |
220 | | - - `app/kid-dashboard/page.tsx` |
221 | | - |
222 | | -4. **Chat mic + viewport + input reorder**: |
223 | | - - Added `viewport` export in layout.tsx to prevent mobile zoom on input focus |
224 | | - - Fixed SpeechRecognition: cleanup old instance before new one, 120ms delay for mic release, nullify ref on callbacks, cleanup on unmount |
225 | | - - Reordered input bar: mic button first (64px, primary green), text input secondary |
226 | | - - `app/kid-dashboard/chat/page.tsx`, `app/layout.tsx` |
227 | | - |
228 | | -5. **Progress page** — Verified childId already uses `"default"` fallback; no change needed. |
229 | | - |
230 | | -6. **BottomNav/navbar overlap** — Resolved by Fix 1 (backdrop overlay). |
231 | | - |
232 | | -7. **Community Feed redesign**: |
233 | | - - Posts displayed first, compose form behind "New Post" button + floating action button |
234 | | - - Per-user reaction tracking via new `feedReactions` IndexedDB table (schema v5) |
235 | | - - Reactions toggle on/off per user (filled/unfilled state) |
236 | | - - Delete own posts with reaction cleanup |
237 | | - - Cleaner card layout, category pills, empty state |
238 | | - - `app/feed/page.tsx` (full rewrite), `app/lib/db/feed.repository.ts`, `app/lib/db/schema.ts`, `app/types/feedPost.ts` |
239 | | - |
240 | | -**Files modified:** 10 files across components, games, pages, DB layer, and types. |
241 | | - |
242 | | -### 2026-03-06 — Fix Google sign-in loop |
243 | | - |
244 | | -**Root causes found:** |
245 | | -1. `aws amplify update-app --environment-variables` replaced ALL env vars (wiped `GOOGLE_CLIENT_ID`, `GOOGLE_CLIENT_SECRET`, `NEXT_PUBLIC_APP_URL`, etc.) |
246 | | -2. DynamoDB `autisense-users` table had PK `userId` but code uses `id` |
247 | | -3. DynamoDB `autisense-auth-sessions` table had PK `sessionToken` but code uses `token` |
248 | | -4. `dynamoFailed` flag was permanent — one transient error disabled DynamoDB forever |
249 | | - |
250 | | -**Fixes applied:** |
251 | | -- Restored all 16 Amplify env vars |
252 | | -- Recreated `autisense-users` table (PK=`id`, GSI=`email-index`) |
253 | | -- Recreated `autisense-auth-sessions` table (PK=`token`, TTL on `expiresAt`) |
254 | | -- Changed `dynamoFailed` from permanent boolean to 30-second cooldown timer |
255 | | - |
256 | | -### 2026-03-05 — Fix AWS SDK credentials for Amplify |
257 | | - |
258 | | -- Created shared credential helper (`app/lib/aws/credentials.ts`) |
259 | | -- Updated all 8 SDK client locations to use `APP_*` env vars |
260 | | -- Added `APP_ACCESS_KEY_ID`, `APP_SECRET_ACCESS_KEY`, `APP_REGION` to Amplify |
261 | | -- Polly TTS confirmed working on deployed site |
262 | 54 |
|
263 | | -### 2026-03-05 — Fix COEP header for map tiles |
| 55 | +## Architecture |
264 | 56 |
|
265 | | -- Changed `Cross-Origin-Embedder-Policy` from `require-corp` to `credentialless` |
266 | | -- Updated both `next.config.ts` and Amplify custom headers |
| 57 | +See [`DOCS.md`](DOCS.md) for the full architecture reference, and [`Amazon_usage.md`](Amazon_usage.md) for AWS service details. |
0 commit comments