--- name: pocketbase-development description: "PocketBase patterns: collection schemas, API quirks, sort-field traps, useToast provider, auth flow." version: 1.2.0 metadata: hermes: tags: [pocketbase, backend, collections, debugging] related_skills: [] --- # PocketBase Development ## Overview Common patterns, pitfalls, and fixes when building React apps backed by PocketBase. Covers collection creation, API query patterns, auth integration, SPQ legacy data model, and runtime debugging. > **Reference:** `references/customer-db-integration.md` documents the SPQ Customer DB integration pattern: name splitting (firstName/middleName/lastName with backward-compat auto-compose), customer record auto-creation from quote/appointment/RO saves (`ensureCustomerRecord`), client-side duplicate detection, customerId pass-through across quotes → ROs → appointments, and multi-source data population (vehicles → quotes → ROs) when selecting a customer. > > **Reference:** `references/spq-legacy-data-model.md` documents the actual PocketBase schema for the ShopProQuote project — collection field names, vehicle data storage (no separate `vehicles` collection), the combine-and-deduplicate pattern across repairOrders/quotes, `customerName` vs `customerId` linkage (ALL existing ROs and quotes have empty `customerId`), quote services JSON display patterns (expandable rows with service line items), and migration patterns from legacy flat-text fields. > > **See also:** `pocketbase-react-apps/references/spq-pb-field-mapping.md` for the critical frontend-to-PB field name translation table (estimatedDuration → estimatedTime, customerType → financial JSON). Saves to wrong field names are silently dropped by PocketBase. > > **Reference:** `references/glitchtip-sentry-dsn-path-prefix.md` — Sentry SDK v10 DSN parser rejects multi-segment paths (`/glitchtip/1`). Fix: change DSN to bare project ID (`/1`) and add nginx regex location. > > **Reference:** `references/cross-origin-debugging.md` — Debugging the same React+PB app behaving differently on two domains (e.g., `shopproquote.graj-media.com` vs `grajmedia.duckdns.org`). Nginx config check → identical code → same backend → client-side localStorage stale state. Covers Zod validation failure tracing and the `spq-quote` localStorage key. > > **Reference:** `references/quote-to-ro-approved-services-sync.md` — Syncing approved quote services back to the originating repair order when saving a quote generated from an RO (`?fromRO=RO_ID`). Covers the merge logic (same-name update vs append), status preservation, and the two save paths (`handleSave` and `ensureShareToken`). ## Pitfalls ### Filter `~` (contains) operator can return 400 on some collections PocketBase 0.39.1 may return `400 Bad Request` for the `~` (contains) filter operator on text fields in certain collections — even when the field and syntax are valid. The error message is the generic `"Something went wrong while processing your request."` with no field-level detail. This was observed on the `customers` collection's `name` and `phone` fields while the same SDK version handles `=` on `userId` without issue. **Fix:** For collections with small record counts (single-shop data: customers, settings, etc.), skip server-side filters entirely and filter client-side: ```typescript // ❌ Server-side filter — may return 400 for unknown reasons const result = await pb.collection('customers').getList(1, 10, { filter: `name ~ '${query}'`, // may 400 on some collections fields: 'id,name,phone', }); // ✅ Client-side filter — fetch all + filter in JS const result = await pb.collection('customers').getList(1, 500, { fields: 'id,name,phone', batch: 500, }); const matched = (result.items as any[]).filter((c: any) => (c.name || '').toLowerCase().includes(query.toLowerCase()) ); ``` The `batch: 500` parameter fetches all records in a single request (PocketBase's default max batch is 500). For single-shop deployments this is always fast. Client-side filtering also avoids issues with escaping, case sensitivity, and operator support across PB versions. **Key insight:** PocketBase's access rules (`userId = @request.auth.id`) are applied server-side automatically even without a `filter` parameter, so fetching all records and filtering client-side is a safe and reliable pattern for user-scoped data. ### sort `-created` fails with 400 on collections created via JS migrations PocketBase v0.23+ does NOT auto-add system `created`/`updated` AutodateFields when a collection is created via `new Collection()` in a JS migration. Collections created through the admin UI DO get them. Using `sort: '-created'`, `sort: '-updated'`, or requesting `fields: '...,created,...'` in `getList()` queries on these collections returns a 400 error: "Something went wrong while processing your request." **Workaround:** Use `sort: '-id'` instead. PocketBase IDs are time-sortable KSUIDs, so sorting by `-id` gives most-recent-first behavior. **Proper fix (migration):** Add `AutodateField` instances to the affected collections: ```javascript col.fields.add(new AutodateField({ name: 'created', system: true, onCreate: true, onUpdate: false, })); col.fields.add(new AutodateField({ name: 'updated', system: true, onCreate: true, onUpdate: true, })); app.save(col); ``` **Diagnosis steps when you see generic 400 errors on PB getList/getFullList:** When PocketBase returns the generic `{"data":{},"message":"Something went wrong while processing your request.","status":400}`, the cause can be any query parameter (filter, sort, fields) referencing a non-existent field. Isolate the culprit systematically: 1. **Test without sort and fields first:** ``` GET /api/collections/{name}/records?perPage=1 ``` If this works, the collection exists and is accessible. 2. **Add filter only:** ``` GET /api/collections/{name}/records?filter=customerId='test'&perPage=1 ``` If this fails, the filter references a non-existent field. 3. **Add sort only:** ``` GET /api/collections/{name}/records?sort=-created&perPage=1 ``` If this fails, the sort column doesn't exist on the collection. 4. **Add fields only:** ``` GET /api/collections/{name}/records?fields=year,make,model&perPage=1 ``` If this fails, one of the requested fields doesn't exist. 5. **Check the actual SQLite schema:** ```bash # Host path — use docker inspect if unsure where the volume is sqlite3 /path/to/pb_data/data.db "PRAGMA table_info(collectionName);" # Or find the volume mount path via docker inspect (faster than find on large filesystems) docker inspect pocketbase | python3 -c " import json, sys data = json.load(sys.stdin) for mount in data[0].get('Mounts', []): if 'pb_data' in mount.get('Destination', ''): print(mount['Source']) break " ``` Or check the `_collections` table's `fields` JSON: ```bash sqlite3 /path/to/pb_data/data.db "SELECT fields FROM _collections WHERE name='collectionName';" | python3 -c "import json, sys; [print(f['name']) for f in json.load(sys.stdin)]" ``` Note: the `_collections` table has a `fields` column (not `schema`) that contains the full JSON array of field definitions. 6. **Verify with a `sort: '-id'` test** — PocketBase IDs are time-sortable KSUIDs, so `-id` sort is always available: ``` GET /api/collections/{name}/records?sort=-id&perPage=1 ``` If this works but `sort=-created` doesn't, the collection is missing the system `created`/`updated` fields. **Real-world affected collections (SPQ v2 project — all confirmed missing `created`/`updated` via PRAGMA table_info):** | Collection | Created via | Missing fields? | |---|---|---| | `vehicles` | M16 JS migration (`new Collection()`) | Missing `created` and `updated` | | `technicianInvites` | JS migration | Missing `created` and `updated` | | `reminders` | JS migration (M26) | Missing `created` and `updated` | | `quotes` | Admin UI | Has `createdAt`/`updatedAt` user fields but NO system `created`/`updated` | | `repairOrders` | Admin UI | Has `createdAt`/`updatedAt` user fields but NO system `created`/`updated` | All five were fixed in M28 by adding `AutodateField({ name: 'created', system: true, onCreate: true })` and `AutodateField({ name: 'updated', system: true, onCreate: true, onUpdate: true })`. **Defensive fallback pattern when `created` is missing:** If the collection has a user-defined timestamp field like `createdAt`, sort by that instead: ```typescript // ✅ Works even before M28 — createdAt is a user-defined text field sort: '-createdAt' // ❌ Fails on collections missing system created field sort: '-created' ``` This pattern is used in `CustomerInfoPanel.tsx` for the quotes and repairOrders fallback queries. The `vehicles` query keeps `-created` because its try/catch wrapper handles failures gracefully while the migration is pending. ### Collection naming: camelCase not snake_case PocketBase SDK auto-creates collections with camelCase names. A Firebase-based app may use snake_case (`repair_orders`) while the actual PB collection is `repairOrders`. Always verify collection names against the live PB instance before writing queries. ### useToast requires ToastProvider The `useToast()` hook from `../components/ui/Toast` throws at runtime if `` is not wrapping the component tree. Always wrap `` in `` in `App.tsx`: ```tsx ... ``` ### Vite build exit code 1 is often a false positive Rolldown can emit non-fatal chunk-size warnings that cause exit code 1 even when the build succeeded. Check `dist/index.html` exists instead of trusting the exit code: ```bash ls -la dist/index.html # if it exists, build succeeded ``` ### Creating collections without admin access Non-admin PocketBase users cannot create collections via the REST API (returns 403). Collections must be created by an admin through the PocketBase dashboard at `http://host:8091/_/` or via admin-authenticated API calls. ### Filtering by userId on non-relational fields When using `userId` as a plain text field (not a relation), the filter must use exact match: ```typescript pb.collection('quotes').getList(1, 50, { filter: `userId = '${userId}'`, sort: '-id', }); ``` ### Restrictive `fields` parameter can break queries Using a `fields` parameter on `getList()` that lists fields not present on the collection will cause a 400 error (not just omit them). When in doubt, omit `fields` entirely and let PB return all fields: ```typescript // ❌ Breaks if any field in the list doesn't exist pb.collection('appointments').getList(1, 200, { fields: 'id,customerName,date,time,status,created,updated', }); // ✅ Safe — returns whatever fields exist pb.collection('appointments').getList(1, 200, { sort: '-id', }); ``` Same applies to `sort`: using `sort: 'date,time'` (two bare field names) may fail. Use the `+` or `-` prefix syntax: `sort: '-date,+time'` or just `sort: '-id'`. ### getFullList — load ALL records in one call (no pagination) Use `getFullList()` to bypass the paged `getList()` pattern when you always want every matching record: ```typescript // ❌ Paginated — requires "Load more" button + hasMore state const records = await pb.collection('repairOrders').getList(page, perPage, { filter: `userId = '${userId}'`, sort: '-id', }); // items in records.items, check records.totalPages for hasMore // ✅ Un-paginated — returns ALL matching records in one array const records = await pb.collection('repairOrders').getFullList({ filter: `userId = '${userId}'`, sort: '-id', }); // items returned directly as an array (no .items wrapper) ``` **When to use each:** | Pattern | Use case | Return shape | |---------|----------|-------------| | `getList(page, perPage)` | Data you **want** paginated (big collections, server-side pages, "Load more" UX) | `{ items, page, perPage, totalItems, totalPages }` — items in `.items` | | `getFullList({...})` | Small-to-medium collections you always want entirely in memory (typical single-shop data: ROs, customers, quotes) | Plain `T[]` — items returned directly from the SDK | **Teardown the `usePagedList` hook when going un-paginated:** If your app uses a `usePagedList(fetchPage, perPage)` hook (like SPQ v2's `src/hooks/usePagedList.ts`), switching `fetchPage` from `getList` to `getFullList` means you can: 1. Change `fetchPage` to return a single-page result: ```typescript const fetchAll = useCallback(async () => { const records = await pb.collection('repairOrders').getFullList({ filter: `userId = '${userId}'` }); return { items: records, page: 1, perPage: 999999, totalItems: records.length, totalPages: 1 }; }, [userId]); ``` 2. `hasMore` becomes always `false` (page 1 of 1 total pages) 3. The "Load more" button never renders 4. `refresh` re-fetches the full list — no accumulator state to manage ### JSON text fields: PocketBase may auto-parse or return raw strings PocketBase stores JSON data as TEXT in the SQLite database. When the API returns these fields, **they may arrive as either a parsed JavaScript object/array OR as a raw JSON string**, depending on how the SDK serializes them. Always normalize: ```typescript let items = raw; if (typeof raw === 'string') { try { items = JSON.parse(raw); } catch { items = []; } } if (!Array.isArray(items)) items = []; ``` This applies to the `services` field on both `quotes` and `repairOrders` collections. A `parseQuoteServices` function that only handles strings will silently return empty for pre-parsed arrays. ### Row-level security blocks cross-user data access All SPQ collections use the access rule: ``` listRule: userId = @request.auth.id viewRule: userId = @request.auth.id ``` This means **a user can only see records where `userId` matches their own auth ID**. If `demo@shop.com` logs in, they see zero customers/quotes/ROs because the data belongs to `mani8994@gmail.com`. The query filter doesn't matter — PocketBase applies the access rule first. **Implications:** - You cannot query across users with a user-level auth token - To work around this for admin-style views, you need an admin/superuser token that bypasses the rules - Or modify the collection rules to allow broader access (e.g., remove the userId restriction, or add an OR condition) - The legacy site worked because it was deployed in the same PocketBase instance with the data owner's credentials **To verify access:** Always test API calls directly with the authenticated user's token before assuming data exists. A 404 `"not found"` or empty result set often means the userId rule is blocking access. ### Detecting missing collections gracefully ```typescript try { const records = await pb.collection('name').getList(1, 1); } catch (err) { const msg = err instanceof Error ? err.message : ''; if (msg.includes('not found') || msg.includes('Missing collection')) { setCollectionMissing(true); // show setup banner } } ``` ### PocketBase SDK `import` keyword breaks Vite/esbuild The PocketBase JS SDK (v0.27.0) uses `import` as a method name in `CollectionService.import()`. Both Vite's esbuild pre-bundler and the browser's native parser treat `import(` as a dynamic import expression and throw `Uncaught SyntaxError: Unexpected token '('`. **Fix:** Patch `node_modules/pocketbase/dist/pocketbase.es.mjs` to rename the method: ```bash sed -i 's/async import(/async _import(/g' node_modules/pocketbase/dist/pocketbase.es.mjs ``` Then add to `vite.config.ts` to serve the raw ESM file (skip pre-bundling): ```typescript export default defineConfig({ optimizeDeps: { exclude: ['pocketbase'], }, // ... }); ``` ### Creating NEW collections via JS migrations (v0.39+) The `new Collection({...})` constructor works in v0.39 JS migrations, but field-based API rules **cannot be set at all via JS migrations** — the rule validator runs against a schema snapshot that never catches up to include the new fields, even in a separate migration file with `findCollectionByNameOrId()`. **✅ Working pattern — save with empty rules, skip field-based rules:** ```javascript migrate( (app) => { var col = new Collection({ name: 'myNewCollection', type: 'base', schema: [ new TextField({ name: 'fieldName', required: true }), new JSONField({ name: 'jsonField', required: false }), new BoolField({ name: 'active', required: false }), ], listRule: '', // empty string = unrestricted (no filter) viewRule: '', // empty = unrestricted createRule: null, // null = no public API creates updateRule: null, deleteRule: null, }); app.save(col); console.log('[MX] created collection'); }, function(app) { var col = app.findCollectionByNameOrId('myNewCollection'); if (col) { app.deleteCollection(col); } } ); ``` **❌ Do NOT attempt to set field-referencing rules** (`shopUserId = @request.auth.id`, `roId = @request.query.roId`) in any migration file — it fails with `listRule: Invalid rule. Raw error: invalid left operand "fieldName" - unknown field "fieldName"`. This affects: - `app.save(col)` with rules set on the constructor object - `app.save(col)` with `.listRule = '...'` on the same collection object after a prior save - `app.save(col)` after `findCollectionByNameOrId()` in a completely separate migration file (M25+1) - Every technique tested on PB 0.39.1 with `app.save()` on collections created via JS migration **Workaround for single-shop deployments:** The collections are usable without field-based rules — the frontend API queries filter by userId/shopUserId client-side, and `createRule: null` / `updateRule: null` / `deleteRule: null` prevents public API writes on write-protected collections (like the audit log). Accept that the collection's list/view rules are unrestricted at the API level and scope in the frontend. **⚠️ REST API workaround:** If field-based rules are genuinely required, create the collection AND set rules via the REST API (admin auth token), not JS migrations: ```python # Step 1: POST the collection with rules directly (works via REST API!) result = api("POST", "/api/collections", { "name": "myCollection", "type": "base", "listRule": "shopUserId = @request.auth.id", "fields": [ {"name": "shopUserId", "type": "text", "required": True}, {"name": "customerName", "type": "text"}, ], }, token=admin_token) ``` The REST API's schema validator works correctly because it validates against the full collection body before committing. Only the Goja JS migration runtime has this schema-snapshot limitation. **Available field constructors (PB 0.39):** - `new TextField({ name, required })` — text values, also used for ISO date strings - `new JSONField({ name, required })` — JSON blobs (stored as TEXT in SQLite) - `new BoolField({ name, required })` — boolean - `new NumberField({ name, required })` — numeric - `new EmailField({ name, required })` — email - `new SelectField({ name, values, required })` — dropdown - `new FileField({ name, maxSize, allowedMimeTypes })` — file upload **`DateTimeField` does NOT exist** — use `new TextField({ name: 'at', required: true })` and store ISO 8601 strings. **Field names must be unique within a collection's schema.** The `find()` check `!col.fields.find(f => f.name === 'existingField')` guards against duplicate field attempts during re-migration. ### Creating records in migration hooks (v0.39+) ```javascript app.onRecordUpdateRequest(function(e) { if (e.collection.name !== 'sourceCollection') return; if (!e.oldRecord) return; var col = app.findCollectionByNameOrId('targetCollection'); var data = { sourceId: e.record.id, value: e.record.get('someField'), at: new Date().toISOString(), }; try { var rec = new Record(col, data); e.dao.saveRecord(rec); } catch (err) { console.error('[MX] save error: ' + String(err)); } }); ``` The `new Record(col, data)` constructor accepts a collection object and a plain data object. The record is persisted via `e.dao.saveRecord(rec)` (not `app.save()` or `rec.save()`). ### Hook API names (v0.39+) | Hook name | Fires | Use case | |---|---|---| | `app.onRecordCreateRequest(e)` | Before create | Modify/validate new records | | `app.onRecordUpdateRequest(e)` | Before update | Check changes, send emails, write audit logs. **NOT** `onRecordBeforeUpdateRequest` or `onRecordAfterUpdateRequest` — those names don't exist. | | `app.onRecordDeleteRequest(e)` | Before delete | Prevent deletion, cleanup references | `onRecordUpdateRequest` has access to `e.oldRecord` for diffing changes. This is the only hook needed for both pre-update validation and post-update notification — since it fires before the DB write, throw an `ApiError(code, message)` to reject the update, or add side-effects (email, audit records) that are best-effort. The `e.httpContext` object exists on update hooks for accessing request data: ```javascript var shareToken = ''; try { shareToken = String(e.httpContext.request.query.get('shareToken') || ''); } catch (_) { return; } ``` ### Throwing errors in hooks ```javascript if (new Date() > expiryDate) { throw new ApiError(410, 'Quote expired'); } ``` `throw new ApiError(statusCode, message)` rejects the request with the given HTTP status code and message. Valid in `onRecordCreateRequest`, `onRecordUpdateRequest`, and `onRecordDeleteRequest`. The frontend receives the status code in `err.status`. ### Sending emails from hooks (PB 0.39 mailer) PB 0.39 SMTP must be configured via env vars (`PB_SMTP_ENABLED`, `PB_SMTP_HOST`, etc.). The mailer API: ```javascript try { app.getMailer().send({ to: [{ address: 'user@example.com' }], subject: 'Quote Approved', html: '

Quote approved

Details...

', }); } catch (err) { console.error('[MX] email failed: ' + String(err)); } ``` The `to` field is an array of `{ address, name }` objects. `name` is optional. The mailer is fire-and-forget in hook context — if it fails, log and proceed. ### JS migration API: v0.22 vs v0.39+ incompatibility PocketBase v0.23+ completely changed the embedded JS migration API. Old v0.22-style migration files silently skip on v0.39+. **❌ OLD syntax (v0.22, does NOT work on v0.39+):** ```javascript migrate((db) => { const col = db.findCollectionByNameOrId('users'); const f = new CollectionField({ name: 'role', type: 'select', values: ['advisor', 'technician', 'mobile'] }); col.fields.add(f); db.save(col); }); ``` **Error on v0.39+:** `ReferenceError: CollectionField is not defined` **✅ REST API alternative (works on all versions >v0.23):** When a JS migration file fails due to API incompatibility, use the REST API to PATCH the collection schema directly. This avoids writing Go-compatible JS migrations altogether. ```python import subprocess, json # 1. Auth as superuser auth = subprocess.run([ "curl", "-s", "-X", "POST", "http://127.0.0.1:8091/api/collections/_superusers/auth-with-password", "-H", "Content-Type: application/json", "-d", '{"identity":"admin@shop.com","password":"..."}' ], capture_output=True, text=True, timeout=10) token = json.loads(auth.stdout)["token"] # 2. GET current schema (must include ALL existing fields in PATCH payload) get_req = subprocess.run([ "curl", "-s", "http://127.0.0.1:8091/api/collections/users", "-H", f"Authorization: Bearer *** ], capture_output=True, text=True, timeout=10) collection = json.loads(get_req.stdout) new_fields = list(collection["fields"]) # 3. Append new fields new_fields.append({"name": "role", "type": "select", "values": ["advisor","technician","mobile"]}) new_fields.append({"name": "shopUserId", "type": "text"}) new_fields.append({"name": "displayName", "type": "text"}) # 4. PATCH with full fields array (replace entire field list) subprocess.run([ "curl", "-s", "-X", "PATCH", "http://127.0.0.1:8091/api/collections/users", "-H", f"Authorization: Bearer *** "-H", "Content-Type: application/json", "-d", json.dumps({"fields": new_fields}) ], capture_output=True, text=True, timeout=10) ``` **CRITICAL:** The PATCH payload must include ALL existing fields, not just the new ones — the `fields` array replaces the entire schema. Omitting existing fields drops them. **Detection:** Run the migration explicitly to surface errors: ```bash docker exec pocketbase /usr/local/bin/pocketbase --dir=/pb_data --migrationsDir=/pb_data/migrations migrate ``` If this passes cleanly, the migration will also apply on container restart. If it errors, use the REST API fallback above. **Cleanup failed JS files after REST API workaround:** After applying the schema changes via REST API (PATCH fields or POST new collections), you MUST remove the failing JS migration file from `pb_data/migrations/`. PocketBase keeps trying it on every restart and logs a silent error each time — it won't crash but it's noise and may mask real problems. ```bash rm /home/ray/docker/pocketbase/pb_data/migrations/1740000000001_*.js # Then restart so the container starts clean docker restart pocketbase ``` **REST API fallback also applies to creating NEW collections** — not just adding fields. The same two-step pattern works for full collection creation: ```python # Step 1: POST the collection (with null rules to avoid constraint issues) result = api("POST", "/api/collections", { "name": "technicianAssignments", "type": "base", "fields": [ {"name": "shopUserId", "type": "text", "required": True}, {"name": "status", "type": "select", "values": ["pending", "in_progress", "waiting_parts", "completed"]}, # ... more fields ] }) cid = result["id"] # Step 2: PATCH the rules separately (cleaner separation of concerns) result = api("PATCH", f"/api/collections/{cid}", { "listRule": "shopUserId = @request.auth.id || technicianUserId = @request.auth.id", "createRule": "shopUserId = @request.auth.id", }) ``` ### PocketBase v0.39.x superuser auth Superuser authentication is at the collections endpoint, NOT the legacy `/api/admins/` path: ```bash # ✅ Correct (v0.39.x) POST /api/collections/_superusers/auth-with-password body: {"identity": "admin@example.com", "password": "..."} # ❌ Wrong (legacy — returns 404) POST /api/admins/auth-with-password ``` Create a superuser via CLI if none exists: ```bash docker exec pocketbase /usr/local/bin/pocketbase superuser upsert admin@shop.com PASSWORD --dir /pb_data ``` ### Creating collections via API (v0.39.x) Use `fields` not `schema` in the payload. Match existing collection patterns — most SPQ collections use `text` for `userId` (not `relation`): ```python api("POST", "/api/collections", { "name": "collection_name", "type": "base", "listRule": "userId = @request.auth.id", "viewRule": "userId = @request.auth.id", "createRule": "@request.auth.id != ''", "updateRule": "userId = @request.auth.id", "deleteRule": "userId = @request.auth.id", "fields": [ {"name": "name", "type": "text", "required": True}, {"name": "userId", "type": "text", "required": True}, ], }, token=admin_token) ``` The API returns 400 with specific field-level errors if the schema is wrong — inspect `resp["data"]["fields"]` for detail. ### Vite dev proxy for PocketBase needs explicit `rewrite` When proxying `/pb` to PocketBase in Vite dev, add an explicit `rewrite` rule to strip the prefix: ```typescript server: { proxy: { '/pb': { target: 'http://127.0.0.1:8091', changeOrigin: true, rewrite: (path) => path.replace(/^\/pb/, ''), }, }, } ``` Without `rewrite`, some PocketBase versions serve the admin UI HTML for proxied paths instead of the API JSON. ## PocketBase API Quick Reference - Auth: `POST /api/collections/users/auth-with-password` with `{identity, password}` - List: `GET /api/collections/{name}/records?page=1&perPage=50&filter=...&sort=-id` - Create: `POST /api/collections/{name}/records` - Update: `PATCH /api/collections/{name}/records/{id}` - Delete: `DELETE /api/collections/{name}/records/{id}` - Health: `GET /api/health` - Admin dashboard: `http://host:8091/_/` ## SDK Patterns ```typescript import PocketBase from 'pocketbase'; export const pb = new PocketBase('/pb'); pb.autoCancellation(false); // Auth const auth = await pb.collection('users').authWithPassword(email, password); const userId = pb.authStore.model?.id; pb.authStore.clear(); // logout // CRUD const result = await pb.collection('name').getList(page, perPage, { filter, sort }); const record = await pb.collection('name').create({ field: value }); await pb.collection('name').update(id, { field: newValue }); await pb.collection('name').delete(id); ``` ## React Integration ```tsx import { pb } from '../lib/pocketbase'; import { useToast } from '../components/ui/Toast'; // Must be wrapped in ``` ### Settings merge: always use spread, never explicit field lists When loading settings from a PocketBase JSON field into local state, use `{ ...DEFAULT_SETTINGS, ...data }` spread pattern. An explicit field-by-field merge silently drops any fields that exist in `DEFAULT_SETTINGS` but were not added to the merge logic — a recurring bug when new settings are added later. ```typescript // ❌ Brittle — every new field must be manually added here const merged: ShopSettings = { ...DEFAULT_SETTINGS, businessName: (d.businessName as string) || '', taxRate: Number(d.taxRate ?? 0), // ... 10+ more fields — easy to miss new ones }; // ✅ Future-proof — spread includes all fields automatically const merged: ShopSettings = { ...DEFAULT_SETTINGS, ...d } as ShopSettings; ``` This also means DEFAULT_SETTINGS must be the single source of truth for all fields and their defaults. When adding new settings fields, add them to DEFAULT_SETTINGS first, then the spread handles the rest. ### Nested component input focus loss When an input inside a nested function component loses focus on every keystroke, the component is being recreated on every render. React treats a nested function as a new component type, destroying and recreating the DOM. **Fix:** Extract the component to a file-level `memo`'d component so its identity is stable across renders. Never define components (functions that return JSX) inside other components — always at module scope. ```tsx const ServiceRow = memo(function ServiceRow({ service, onUpdate, ... }: Props) { return ; }); ``` ### JSON fields from PocketBase PB `json` type fields may arrive as serialized JSON strings instead of parsed objects/arrays, depending on how the record was created. Always normalize: ```typescript // Fetch time normalization (safe) let services = item.services || []; if (typeof services === 'string' && services.trim()) { try { services = JSON.parse(services); } catch { services = []; } } if (!Array.isArray(services)) services = []; ``` And when consuming a possibly-string field: ```typescript function calcROTotals(services: ROService[]) { const arr = Array.isArray(services) ? services : []; const total = arr.reduce(...); } ``` ### Date formatting crashes (Invalid time value) `new Date(undefined)` produces `Invalid Date`, and calling `.toLocaleDateString()` or `Intl.DateTimeFormat().format()` on it throws `RangeError: Invalid time value`. Always guard: ```typescript function formatDate(iso: string | undefined | null) { if (!iso) return '—'; const d = new Date(iso); if (isNaN(d.getTime())) return '—'; return new Intl.DateTimeFormat('en-US', {...}).format(d); } ``` ### Tesseract.js in Vite Dynamic CDN imports like `import('https://cdn.jsdelivr.net/...')` don't work in Vite production builds. Use a static npm import instead: ```typescript // ✅ Correct — Vite bundles it import Tesseract from 'tesseract.js'; // ❌ Wrong — fails in prod const Tesseract = (await import('https://cdn.jsdelivr.net/...')).default; ``` ### PB sign-up (user registration) PocketBase user creation requires `passwordConfirm` at the top level of the create payload. Without it, the API returns 400: ```typescript await pb.collection('users').create({ email: email.trim(), password, passwordConfirm: confirmPassword, // ← REQUIRED, not a real field name: name.trim() || '', emailVisibility: true, }); ``` Common failure causes: - **Email already exists** → PB returns 400 `"Failed to create record."` with `data.email.code === 'validation_not_unique'` - **Password < 8 chars** → PB returns `"Must be at least 8 character(s)."` - **Missing passwordConfirm** → 400 with validation error The SDK throws `ClientResponseError` (extends Error). `.message` gives "Failed to create record."; field details are in `.response.data`. ### Custom service / dynamic item add: always wire onClick When a button that creates a dynamic item (e.g., "Add as custom service") has no `onClick` handler, it silently does nothing. Subagents frequently leave buttons with label text but no action. Always verify that every "Add X" button in generated code has a wired click handler that creates the item and updates state: ```tsx // ❌ Silent — no action // ✅ Wired ``` ### Appointments page: avoid restrictive PB query params The `fields` and `sort` parameters in `pb.collection().getList()` will 400-error if any referenced field doesn't exist on the collection. Prefer minimal params: ```typescript // ❌ Breaks if fields or sort column doesn't exist pb.collection('appointments').getList(1, 200, { filter: `userId = '${userId}'`, sort: 'date,time', // wrong syntax for PB fields: 'id,name,date,status,created', // any missing = 400 }); // ✅ Safe pb.collection('appointments').getList(1, 200, { filter: `userId = '${userId}'`, sort: '-id', }); ``` ## Repair Order Domain Patterns ### Promised Completion Time (Due Date Display) Auto repair management apps show a "promised completion time" on active repair orders. The display format adapts to how close the date is: ```typescript function formatDueDate(promisedTime: string | undefined | null) { if (!promisedTime) return '—'; const d = new Date(promisedTime); if (isNaN(d.getTime())) return '—'; const now = new Date(); const today = new Date(now.getFullYear(), now.getMonth(), now.getDate()); const tomorrow = new Date(today.getTime() + 86400000); const nextWeek = new Date(today.getTime() + 7 * 86400000); const dateOnly = new Date(d.getFullYear(), d.getMonth(), d.getDate()); const timeStr = d.toLocaleTimeString([], { hour: 'numeric', minute: '2-digit' }); if (dateOnly.getTime() === today.getTime()) return `Today ${timeStr}`; if (dateOnly.getTime() === tomorrow.getTime()) return `Tomorrow ${timeStr}`; if (dateOnly.getTime() < nextWeek.getTime()) { const days = ['Sun', 'Mon', 'Tue', 'Wed', 'Thu', 'Fri', 'Sat']; return `${days[d.getDay()]} ${timeStr}`; } const months = ['Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', 'Sep', 'Oct', 'Nov', 'Dec']; return `${months[d.getMonth()]} ${d.getDate()} ${timeStr}`; } ``` Outputs: `"Today 3:00 PM"`, `"Tomorrow 10:30 AM"`, `"Wed 2:00 PM"`, `"Jun 27 1:00 PM"`, `"—"`. Store as ISO datetime string in the PB collection (`promisedTime` field). Use `` in forms. ### Fetching Repair Orders by Customer (Two Patterns) Repair orders link to customers in two ways, each used for different purposes: **1. Forward-link by `customerId` (detail view)** — The RO has a `customerId` field referencing the customer record. Use this when viewing one customer's details: > **⚠ SPQ data reality:** In the current SPQ database, ALL 55 repair orders and ALL 47 quotes have an **empty `customerId` field**. The only reliable link is by `customerName`. Use pattern #2 (`customerName` filter) for detail views in SPQ. If `customerId` is ever populated in the future this pattern will work, but for now it returns zero results. ```typescript const result = await pb.collection('repairOrders').getList(1, 100, { filter: `customerId = '${customerId}'`, sort: '-createdAt', fields: 'id,roNumber,customerId,customerName,vehicleInfo,vin,mileage,status,workStatus,createdAt,completedTime,writeupTime,technician,notes,services', }); ``` **2. Backward-link by `customerName` (vehicle discovery)** — Used when the customer has no `customerId` on the RO (legacy data pattern). Search all ROs by customer name to discover associated vehicles: ```typescript const nameFilter = customerNames .map((n) => `customerName ~ '${n.replace(/'/g, "\\'")}'`) .join(' || '); const result = await pb.collection('repairOrders').getList(1, 500, { filter: nameFilter, fields: 'vehicleInfo,vin,customerName', }); ``` The first pattern is for the Customer Detail view (that customer's ROs). The second is for the Customer List view (discovering vehicles across all customers). ### RO Status Values and Display The DB uses these `workStatus` values (stored in `status` or `workStatus` field): | DB value | Display label | Badge color | |---|---|---| | `active` / `open` | Open | Blue | | `in-progress` / `in_progress` | In Progress | Yellow/Amber | | `waiter` / `waiting_parts` | Waiting Parts | Orange | | `completed` | Completed | Green | | `delivered` | Delivered | Green | | `cancelled` | Cancelled | Red | Status label/color helpers: ```typescript function getRoStatusLabel(ro: RepairOrderRecord): string { const s = ro.workStatus || ro.status || ''; switch (s) { case 'active': case 'open': return 'Open'; case 'in-progress': case 'in_progress': return 'In Progress'; case 'waiter': case 'waiting_parts': return 'Waiting Parts'; case 'completed': return 'Completed'; case 'delivered': return 'Delivered'; case 'cancelled': return 'Cancelled'; default: return s || 'Unknown'; } } function getRoStatusColor(ro: RepairOrderRecord): string { const s = ro.workStatus || ro.status || ''; switch (s) { case 'active': case 'open': return 'bg-blue-50 text-blue-700 dark:bg-blue-900/30 dark:text-blue-400'; case 'in-progress': case 'in_progress': return 'bg-yellow-50 text-yellow-700 dark:bg-yellow-900/30 dark:text-yellow-400'; case 'waiter': case 'waiting_parts': return 'bg-orange-50 text-orange-700 dark:bg-orange-900/30 dark:text-orange-400'; case 'completed': case 'delivered': return 'bg-green-50 text-green-700 dark:bg-green-900/30 dark:text-green-400'; case 'cancelled': return 'bg-red-50 text-red-700 dark:bg-red-900/30 dark:text-red-400'; default: return 'bg-gray-50 text-gray-700 dark:bg-gray-900/30 dark:text-gray-400'; } } ``` ### Status Transition Buttons (Reversible) Repair orders need reversible status changes — once marked "Completed", the user must be able to "Reopen" back to "Active". Always show context-appropriate buttons: ``` Active → In Progress, Waiting Parts, Complete In Progress → Active, Waiting Parts, Complete Waiting Pts → Active, In Progress, Complete Completed → Reopen (→Active), Mark Delivered Delivered → Reopen (→Active) ``` ## Local Dev Server For local development with PocketBase on a different port, use the SPA+PB proxy server in `references/spa-pb-proxy.py`. It serves the Vite build output and proxies `/pb/*` API calls to PocketBase, with CORS headers. Set `SPQ_DIST` and `PB_URL` env vars, or edit the defaults.