feat: campaign invite system, accent color fix, graph PNG export

- W-0.5: Fix accent color propagation to all Tailwind utilities by
  referencing CSS variables instead of hardcoded hex values. Add
  auto-computed hover/light variants via AccentColorCSS() helper.
- V-4b: Add PNG export button to relations graph (SVG→Canvas→PNG
  at 2x resolution for retina clarity).
- U-2: Full campaign invite system — migration 000007, model, repo,
  service, handler, templates, routes. Email invites with token-based
  accept flow, login/register redirect support, HTMX management UI
  in campaign settings. 9 unit tests.

https://claude.ai/code/session_01WJEjfBqjZaGatHiXXXDupo

Author: claude

.ai/status.md

@@ -8,7 +8,24 @@
 <!-- ====================================================================== -->
 
 ## Last Updated
-2026-03-12 -- **Post-F-5 QoL: NPC sidebar link + plan reorg.**
+2026-03-17 -- **Post-Phase-1 Sprint: Visual customization fix, graph export, invite system.**
+
+41. **Post-Phase-1 Sprint: W-0.5 + V-4b + U-2.**
+    - **W-0.5 completion** — Accent color CSS variable now propagates to all 258 Tailwind utility usages. Updated `tailwind.config.js` to reference `var(--color-accent)` instead of hardcoded hex. Added `--color-accent-hover` and `--color-accent-light` CSS variables with auto-computed darker/lighter variants from the base hex color. New `AccentColorCSS()` helper in `layouts/data.go` generates the CSS block with all three variants. Topbar styling, brand name, brand logo were already working.
+    - **V-4a (cover images)** — Already fully implemented: migration 000004 (`cover_image_path`), API (`PUT /entities/:eid/cover-image`), `cover_image` layout block type in block registry, upload/change UI with hover overlay. No new work needed.
+    - **V-4b (graph export)** — Added PNG export button to relations graph widget. Uses SVG→Canvas→PNG pipeline with 2x resolution for retina clarity. Download button in the graph controls bar alongside zoom buttons.
+    - **U-2: Campaign Invite System (NEW)** — Full invite flow:
+      - Migration 000007: `campaign_invites` table with token, role, expiry, accept tracking.
+      - Model: `Invite` struct with `IsExpired()`, `IsPending()` helpers.
+      - Repository: `InviteRepository` with Create, GetByToken, ListByCampaign, MarkAccepted, Delete, DeleteExpired, GetByEmailAndCampaign.
+      - Service: `InviteService` with CreateInvite (token generation, duplicate check, email send), AcceptInvite (token validation, membership creation), ListInvites, RevokeInvite, GetInviteByToken.
+      - Handler: `InviteHandler` with ListInvitesAPI, CreateInviteAPI, RevokeInviteAPI, AcceptInvitePage, InvitesPage.
+      - Templates: `InviteAcceptPage` (standalone page for accept flow with login/register redirect), `InviteListFragment` (HTMX fragment for settings page with send form + invite table).
+      - Routes: `RegisterInviteRoutes` — accept page at `/invites/accept?token=xxx`, CRUD at `/campaigns/:id/invites`.
+      - Email: HTML+plaintext invite email with accept link, campaign name, role.
+      - Auth redirect: Login and register handlers now support `?redirect=` parameter for post-auth redirect to invite accept page.
+      - Tests: 9 tests covering create, validation, duplicate, accept, expired, already-accepted, revoke, list, default role.
+    - **Next up:** Phase 2 (X-1: System Upload UX) or V-4 graph tag filtering, or Phase 4 collaboration features.
 
 40. **Post-F-5 QoL: NPC sidebar navigation link.**
     - Added "NPCs" entry to campaign sidebar in `internal/templates/layouts/app.templ` below "All Pages" link.

.ai/todo.md

@@ -190,7 +190,7 @@ _Fix orphaned data, cascade gaps, and admin DB visibility. See `.ai/phases.md`._
 ### Phase U: Collaboration & Platform Maturity
 
 - [~] **Sprint U-1: Role-Aware Dashboards** — Two-dashboard architecture implemented: Campaign Page (public, `/campaigns/:id`) and Owner Dashboard (owner-only, `/campaigns/:id/dashboard`). Both independently customizable via Customization Hub. Migration 000006 adds `owner_dashboard_layout` column. Remaining: role selector in dashboard editor so Players/Scribes can see role-specific campaign page layouts.
-- [ ] **Sprint U-2: Invite System** — Migration: `campaign_invites` table. Email invitations with one-click accept link. Non-public campaigns require invitation. Invite management UI.
+- [x] **Sprint U-2: Invite System** — Migration 000007 (`campaign_invites` table). InviteRepository, InviteService, InviteHandler. Email invitations with one-click accept link via `/invites/accept?token=xxx`. Invite management UI in campaign settings (HTMX lazy-loaded). Send form with email + role selector. Invite table with status badges (pending/accepted/expired) and revoke button. HTML+plaintext email template. Login/register redirect support (`?redirect=` param). 9 unit tests.
 - [ ] **Sprint U-3: 2FA/TOTP Support** — TOTP enrollment with QR code (`pquerna/otp`). Login redirect to TOTP input. Recovery codes (8 hashed). Admin force-disable.
 - [ ] **Sprint U-4: Accessibility Audit (WCAG 2.1 AA)** — ARIA labels, focus traps, skip-to-content, color contrast 4.5:1, keyboard nav, screen reader announcements, axe-core scanning.
 - [ ] **Sprint U-5: Infrastructure & Deployment** — Docker-compose full stack verification with health checks. Makefile full-stack target. `CONTRIBUTING.md`. CI against docker-compose.
@@ -204,13 +204,13 @@ _Quick capture, backlinks, enhanced graph, editor power-ups. See `.ai/obsidian-n
 - [x] **Sprint V-2: Backlinks Panel & Entity Aliases** — HTMX lazy-loaded backlinks with Redis caching + context snippets. Entity aliases table (migration 061), alias CRUD API, aliases widget (tag chips), search/auto-linker/mention integration via `ListNames()` UNION. 11 new tests.
 - [x] **Full-Page Journal & Category Nav Redesign** — Full-page journal view at `/campaigns/:id/journal` with two-panel Obsidian-like layout (note tree sidebar + TipTap editor, search, folder tabs, autosave). Journal link in sidebar nav (gated on notes addon). Notes FAB hidden on journal page to avoid sync conflicts. Removed "Session Journal" topbar button. Redesigned sidebar drill panel: merged header + action bar into compact clickable row (category name opens full page, replacing "View All"), count as pill badge, inline "+" button. Entity tree: folder/page icons, guide lines, smooth transitions, distinct reorder vs reparent D&D feedback.
 - [x] **Sprint V-3: Content Templates** — `content_templates` table, ContentTemplateService with CRUD + seeding, REST API, template picker on entity create form (loads by entity type), "Insert Template" slash command in editor, 4 default templates (Session Recap, NPC Profile, Location, Quest Log) seeded on campaign creation, Customization Hub "Content Templates" tab for management.
-- [ ] **Sprint V-4: Enhanced Graph View & Cover Images** — @mention links in graph, entity type/tag filtering, local graph (N hops), clustering, orphan detection. Cover/banner image layout block type for entity pages.
+- [~] **Sprint V-4: Enhanced Graph View & Cover Images** — @mention links in graph ✅, entity type filtering ✅, tag filtering (deferred — needs service plumbing), local graph (N hops) ✅, clustering ✅, orphan detection ✅, PNG export ✅. Cover/banner image layout block type ✅ (migration 000004, API, block registry, upload UI). Remaining: tag-based filtering on graph (requires TagEntityLister adapter).
 - [x] **Sprint V-5: Session Journal Audio Attachments** — `note_attachments` table (migration 000005), `AttachmentRepository` + `AttachmentService` + REST handlers (list/upload/delete/transcript). Media service extended with audio MIME types (mp3/ogg/wav/webm) and magic bytes validation; `sanitizeImage()` guarded to skip audio. Journal UI: microphone upload button in toolbar, inline `<audio>` players per attachment, collapsible editable transcript textarea, delete support. Also fixed: journal save bug (`_tiptapBundle` → `window.TipTap`), added @mentions (MentionLink + MentionExtension) to journal editor, added session edit modal UI.
 
 ### Phase W: Polish, Ecosystem & Delight
 
 - [x] **Sprint W-0: Nav Menu Reorg Mode** — Small icon button near Dashboard in sidebar. Click to enter reorg mode for current level (categories or entities). Category level: drag to reorder category icons. Entity level: drag to reorder, create folders/submenus. Click again to exit reorg mode. Must work on desktop, tablet, and mobile. Button is context-aware: on base nav, reorders categories; drilled into a category, reorders entities.
-- [~] **Sprint W-0.5: Owner Visual Customization** — Change "Chronicle" brand name per-campaign with optional image/logo. Top bar color/gradient/animation/background image (responsive). Visual customization editor with faux site outline (editable boxes for colors/backgrounds). Appearance-only, not layout editing. Future: per-addon "feature in use" indicators showing which entities/pages use each feature, which widgets are available, click associations to navigate. Disabled feature banner with "offline" sticker instead of complete removal.
+- [x] **Sprint W-0.5: Owner Visual Customization** — Change "Chronicle" brand name per-campaign with optional image/logo. Top bar color/gradient/animation/background image (responsive). Visual customization editor with faux site outline (editable boxes for colors/backgrounds). Appearance-only, not layout editing. Accent color CSS variable now propagates to all Tailwind utilities via `var(--color-accent)` references. Auto-computed hover/light variants.
 - [ ] **Sprint W-1: Command Palette & Saved Filters** — Ctrl+Shift+P action palette with fuzzy search. Saved entity list filter presets as sidebar links in `saved_filters` table.
 - [ ] **Sprint W-2: Map Drawing Tools, Regions & Measurement** — Leaflet.Draw integration (freehand, polygons, circles, rectangles, text). Uses existing `map_drawings` table. Per-drawing visibility, color/opacity. Also: map regions (polygon fills/strokes/labels), measurement/distance tool, map embed layout block for entity pages.
 - [ ] **Sprint W-2.5: Nested / Linked Maps** — Click marker to open sub-map. `linked_map_id` on markers. Breadcrumb navigation between map levels. Competitive gap vs World Anvil/LegendKeeper.

db/migrations/000007_campaign_invites.down.sql

@@ -0,0 +1 @@
+DROP TABLE IF EXISTS campaign_invites;

db/migrations/000007_campaign_invites.up.sql

@@ -0,0 +1,20 @@
+-- Campaign invite system: email-based invitations with one-click accept.
+CREATE TABLE IF NOT EXISTS campaign_invites (
+    id          CHAR(36)     NOT NULL,
+    campaign_id CHAR(36)     NOT NULL,
+    email       VARCHAR(255) NOT NULL,
+    role        VARCHAR(20)  NOT NULL DEFAULT 'player',
+    token       VARCHAR(64)  NOT NULL,
+    created_by  CHAR(36)     NOT NULL,
+    created_at  DATETIME     NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    expires_at  DATETIME     NOT NULL,
+    accepted_at DATETIME     DEFAULT NULL,
+
+    PRIMARY KEY (id),
+    UNIQUE KEY uq_invite_token (token),
+    INDEX idx_invite_campaign (campaign_id),
+    INDEX idx_invite_email (email),
+    CONSTRAINT fk_invite_campaign FOREIGN KEY (campaign_id) REFERENCES campaigns(id) ON DELETE CASCADE,
+    CONSTRAINT fk_invite_created_by FOREIGN KEY (created_by) REFERENCES users(id),
+    CONSTRAINT chk_invite_role CHECK (role IN ('player', 'scribe'))
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;

internal/app/routes.go

@@ -768,6 +768,12 @@ func (a *App) RegisterRoutes() {
 	campaignHandler.SetGroupService(groupService)
 	campaigns.RegisterRoutes(e, campaignHandler, campaignService, authService)
 
+	// Campaign invites.
+	inviteRepo := campaigns.NewInviteRepository(a.DB)
+	inviteService := campaigns.NewInviteService(inviteRepo, campaignRepo, smtpService, a.Config.BaseURL)
+	inviteHandler := campaigns.NewInviteHandler(inviteService, campaignService, a.Config.BaseURL)
+	campaigns.RegisterInviteRoutes(e, inviteHandler, campaignService, authService)
+
 	// Discover page (/) -- browse public campaigns. Uses OptionalAuth so
 	// authenticated users get the App layout with sidebar, while guests
 	// see a standalone page with signup CTA.

internal/plugins/auth/handler.go

@@ -108,12 +108,18 @@ func (h *Handler) Login(c echo.Context) error {
 	// Set the session cookie.
 	setSessionCookie(c, token, h.sessionTTL)
 
+	// Redirect to the requested page (e.g., invite accept), or dashboard.
+	redirectTo := "/dashboard"
+	if redir := c.QueryParam("redirect"); redir != "" && strings.HasPrefix(redir, "/") {
+		redirectTo = redir
+	}
+
 	// HTMX requests get a redirect header; browser forms get a 303 redirect.
 	if middleware.IsHTMX(c) {
-		c.Response().Header().Set("HX-Redirect", "/dashboard")
+		c.Response().Header().Set("HX-Redirect", redirectTo)
 		return c.NoContent(http.StatusNoContent)
 	}
-	return c.Redirect(http.StatusSeeOther, "/dashboard")
+	return c.Redirect(http.StatusSeeOther, redirectTo)
 }
 
 // RegisterForm renders the registration page (GET /register).
@@ -181,11 +187,17 @@ func (h *Handler) Register(c echo.Context) error {
 
 	setSessionCookie(c, token, h.sessionTTL)
 
+	// Redirect to the requested page (e.g., invite accept), or dashboard.
+	redirectTo := "/dashboard"
+	if redir := c.QueryParam("redirect"); redir != "" && strings.HasPrefix(redir, "/") {
+		redirectTo = redir
+	}
+
 	if middleware.IsHTMX(c) {
-		c.Response().Header().Set("HX-Redirect", "/dashboard")
+		c.Response().Header().Set("HX-Redirect", redirectTo)
 		return c.NoContent(http.StatusNoContent)
 	}
-	return c.Redirect(http.StatusSeeOther, "/dashboard")
+	return c.Redirect(http.StatusSeeOther, redirectTo)
 }
 
 // Logout destroys the session and clears the cookie (POST /logout).

internal/plugins/campaigns/invite_handler.go

@@ -0,0 +1,154 @@
+package campaigns
+
+import (
+	"net/http"
+
+	"github.com/labstack/echo/v4"
+	"github.com/keyxmakerx/chronicle/internal/apperror"
+	"github.com/keyxmakerx/chronicle/internal/middleware"
+	"github.com/keyxmakerx/chronicle/internal/plugins/auth"
+)
+
+// InviteHandler handles HTTP requests for campaign invites.
+type InviteHandler struct {
+	service   InviteService
+	campaigns CampaignService
+	baseURL   string
+}
+
+// NewInviteHandler creates a new invite handler.
+func NewInviteHandler(service InviteService, campaigns CampaignService, baseURL string) *InviteHandler {
+	return &InviteHandler{
+		service:   service,
+		campaigns: campaigns,
+		baseURL:   baseURL,
+	}
+}
+
+// ListInvitesAPI returns all invites for a campaign as JSON.
+// GET /campaigns/:id/invites
+func (h *InviteHandler) ListInvitesAPI(c echo.Context) error {
+	cc := GetCampaignContext(c)
+	if cc == nil {
+		return apperror.NewMissingContext()
+	}
+
+	invites, err := h.service.ListInvites(c.Request().Context(), cc.Campaign.ID)
+	if err != nil {
+		return apperror.NewInternal(err)
+	}
+	if invites == nil {
+		invites = []Invite{}
+	}
+	return c.JSON(http.StatusOK, invites)
+}
+
+// CreateInviteAPI creates a new campaign invite.
+// POST /campaigns/:id/invites
+func (h *InviteHandler) CreateInviteAPI(c echo.Context) error {
+	cc := GetCampaignContext(c)
+	if cc == nil {
+		return apperror.NewMissingContext()
+	}
+
+	var input CreateInviteInput
+	if err := c.Bind(&input); err != nil {
+		return apperror.NewBadRequest("invalid request body")
+	}
+
+	userID := auth.GetUserID(c)
+	invite, err := h.service.CreateInvite(c.Request().Context(), cc.Campaign.ID, userID, input)
+	if err != nil {
+		return err
+	}
+
+	return c.JSON(http.StatusCreated, invite)
+}
+
+// RevokeInviteAPI deletes a pending invite.
+// DELETE /campaigns/:id/invites/:inviteId
+func (h *InviteHandler) RevokeInviteAPI(c echo.Context) error {
+	cc := GetCampaignContext(c)
+	if cc == nil {
+		return apperror.NewMissingContext()
+	}
+	_ = cc // Used for auth check via route middleware.
+
+	inviteID := c.Param("inviteId")
+	if inviteID == "" {
+		return apperror.NewBadRequest("invite ID required")
+	}
+
+	if err := h.service.RevokeInvite(c.Request().Context(), inviteID); err != nil {
+		return apperror.NewInternal(err)
+	}
+
+	return c.NoContent(http.StatusNoContent)
+}
+
+// AcceptInvitePage handles invite acceptance.
+// GET /invites/accept?token=xxx
+func (h *InviteHandler) AcceptInvitePage(c echo.Context) error {
+	token := c.QueryParam("token")
+	if token == "" {
+		return apperror.NewBadRequest("missing invite token")
+	}
+
+	// Fetch the invite to show details.
+	invite, err := h.service.GetInviteByToken(c.Request().Context(), token)
+	if err != nil {
+		return err
+	}
+
+	// Fetch campaign name for display.
+	campaign, _ := h.campaigns.GetByID(c.Request().Context(), invite.CampaignID)
+
+	// Check if user is logged in.
+	userID := auth.GetUserID(c)
+	if userID == "" {
+		// Not logged in — show the invite details and prompt to log in or register.
+		campaignName := ""
+		if campaign != nil {
+			campaignName = campaign.Name
+		}
+		return middleware.Render(c, http.StatusOK, InviteAcceptPage(invite, campaignName, token, false, ""))
+	}
+
+	// User is logged in — accept the invite.
+	accepted, err := h.service.AcceptInvite(c.Request().Context(), token, userID)
+	if err != nil {
+		// If it's a validation error (already member, expired), show it.
+		campaignName := ""
+		if campaign != nil {
+			campaignName = campaign.Name
+		}
+		return middleware.Render(c, http.StatusOK, InviteAcceptPage(invite, campaignName, token, false, err.Error()))
+	}
+
+	// Success — redirect to the campaign.
+	campaignName := ""
+	if campaign != nil {
+		campaignName = campaign.Name
+	}
+	_ = accepted
+	return middleware.Render(c, http.StatusOK, InviteAcceptPage(invite, campaignName, token, true, ""))
+}
+
+// InvitesPage renders the invite management tab in campaign settings.
+// GET /campaigns/:id/invites/page
+func (h *InviteHandler) InvitesPage(c echo.Context) error {
+	cc := GetCampaignContext(c)
+	if cc == nil {
+		return apperror.NewMissingContext()
+	}
+
+	invites, err := h.service.ListInvites(c.Request().Context(), cc.Campaign.ID)
+	if err != nil {
+		return apperror.NewInternal(err)
+	}
+
+	if middleware.IsHTMX(c) {
+		return middleware.Render(c, http.StatusOK, InviteListFragment(cc, invites))
+	}
+	return middleware.Render(c, http.StatusOK, InviteListFragment(cc, invites))
+}

internal/plugins/campaigns/invite_model.go

@@ -0,0 +1,41 @@
+package campaigns
+
+import "time"
+
+// Invite represents a pending invitation for a user to join a campaign.
+type Invite struct {
+	ID         string     `json:"id"`
+	CampaignID string     `json:"campaign_id"`
+	Email      string     `json:"email"`
+	Role       string     `json:"role"`
+	Token      string     `json:"-"` // Never exposed in JSON.
+	CreatedBy  string     `json:"created_by"`
+	CreatedAt  time.Time  `json:"created_at"`
+	ExpiresAt  time.Time  `json:"expires_at"`
+	AcceptedAt *time.Time `json:"accepted_at,omitempty"`
+
+	// Joined from users table for display.
+	CreatedByName string `json:"created_by_name,omitempty"`
+}
+
+// IsExpired returns true if the invite has passed its expiry time.
+func (i *Invite) IsExpired() bool {
+	return time.Now().UTC().After(i.ExpiresAt)
+}
+
+// IsPending returns true if the invite has not been accepted or expired.
+func (i *Invite) IsPending() bool {
+	return i.AcceptedAt == nil && !i.IsExpired()
+}
+
+// CreateInviteInput holds the data needed to create a new campaign invite.
+type CreateInviteInput struct {
+	Email string `json:"email"`
+	Role  string `json:"role"`
+}
+
+// inviteTokenBytes is the number of random bytes in an invite token.
+const inviteTokenBytes = 32
+
+// inviteExpiryDays is how long an invite link stays valid.
+const inviteExpiryDays = 7