Website is the public site and portal for Memact.

Memact helps people see what apps know about them and control it.

• Landing page and SEO assets.
• Sign in and account settings.
• App registration.
• API keys.
• Consent screens.
• Yourself: the user memory page.
• Context UI.
• Developer integration docs.
• Help and Learn pages.

• Access checks, API key verification, or database RPC internals.
• Context proposal formation.
• Durable memory storage.

Website manages
-> Access checks
-> Context organizes
-> Memory stores
-> Apps and users use results

Website is the console for users and developers. It is not part of the core Access, Context, or Memory pipeline.

The Website should explain Memact simply for users, then give developers exact SDK/API steps. It should not pretend to run backend work in the browser.

The current UI is a minimal dark console built around #00011B, IBM Plex Sans, compact cards, rounded controls, and consistent button hierarchy.

Authenticated dashboard:

• Dashboard shows apps, permissions, API keys, usage statistics, and Wiki links for active keys.
• /Yourself shows what apps know about the user and lets the user add, edit, reject, delete, or share selected memory.
• Settings shows profile, connected apps, privacy, sharing, and account controls.
• Help uses short FAQs for users and developers.

Keep the UI direct and calm. Avoid generic SaaS filler and decorative copy that does not help someone complete the task.

The site includes crawlable public discovery assets:

• /
• /Learn
• /robots.txt
• /sitemap.xml
• /llms.txt
• Open Graph and Twitter preview metadata
• JSON-LD for the web app
• PWA manifest basics

npm install
npm run dev

Open:

http://localhost:3000/

Build:

npm run build

Create .env:

VITE_SUPABASE_URL=https://your-project.supabase.co
VITE_SUPABASE_ANON_KEY=your-public-anon-key
# Optional override for non-standard deploy domains. Defaults to the current origin.
# VITE_AUTH_REDIRECT_URL=http://localhost:3000/Dashboard

Only use the Supabase anon key in Website. Never put a service role key, GitHub OAuth client secret, or private database secret in frontend code.

Before the portal works, apply the access-layer SQL migration from Access.

After creating an API key, Website shows:

• a one-time API key
• copy and test controls
• a Connect Memact URL
• a Yourself URL
• a server-side SDK example

Normal app flow:

developer creates app
-> chooses scopes and categories
-> user clicks "Connect Memact" inside the third-party app
-> Memact shows consent plus the user's memory controls
-> user approves or cancels
-> approved apps receive a connection_id
-> app verifies API key + connection_id + scopes before proposing or reading allowed memory

API keys identify the app. connection_id identifies the specific user consent. Verification must pass both.

Customer apps should use the Memact SDK/API from their backend. They should not call Supabase RPCs or configure Supabase keys.

The consent page must show what the app is asking to use and a Yourself link for the same app.

Yourself explains:

• what the app can send
• what Memact may create or organize
• why the app wants it
• how long access lasts
• how the user can stop future access

Categories and permissions are boundaries, not the full story. If an app cannot explain what it uses in plain language, the consent flow is not ready.

See LICENSE.