phil/Gondulf
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
11ecd953d8e9ab0d49323e47db9e751e61700975
Gondulf/CLAUDE.md
Phil Skentelbery bebd47955f feat(core): implement Phase 1 foundation infrastructure 
Implements Phase 1 Foundation with all core services:

Core Components:
- Configuration management with GONDULF_ environment variables
- Database layer with SQLAlchemy and migration system
- In-memory code storage with TTL support
- Email service with SMTP and TLS support (STARTTLS + implicit TLS)
- DNS service with TXT record verification
- Structured logging with Python standard logging
- FastAPI application with health check endpoint

Database Schema:
- authorization_codes table for OAuth 2.0 authorization codes
- domains table for domain verification
- migrations table for tracking schema versions
- Simple sequential migration system (001_initial_schema.sql)

Configuration:
- Environment-based configuration with validation
- .env.example template with all GONDULF_ variables
- Fail-fast validation on startup
- Sensible defaults for optional settings

Testing:
- 96 comprehensive tests (77 unit, 5 integration)
- 94.16% code coverage (exceeds 80% requirement)
- All tests passing
- Test coverage includes:
  - Configuration loading and validation
  - Database migrations and health checks
  - In-memory storage with expiration
  - Email service (STARTTLS, implicit TLS, authentication)
  - DNS service (TXT records, domain verification)
  - Health check endpoint integration

Documentation:
- Implementation report with test results
- Phase 1 clarifications document
- ADRs for key decisions (config, database, email, logging)

Technical Details:
- Python 3.10+ with type hints
- SQLite with configurable database URL
- System DNS with public DNS fallback
- Port-based TLS detection (465=SSL, 587=STARTTLS)
- Lazy configuration loading for testability

Exit Criteria Met:
✓ All foundation services implemented
✓ Application starts without errors
✓ Health check endpoint operational
✓ Database migrations working
✓ Test coverage exceeds 80%
✓ All tests passing

Ready for Architect review and Phase 2 development.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-20 12:21:42 -07:00

215 lines
9.2 KiB
Markdown
Raw Blame History

# IndieAuth Server Project - Main Coordination
## Project Overview
**Project Name**: gondulf
This project implements a self-hosted IndieAuth server following the W3C IndieAuth specification. IndieAuth is a decentralized authentication protocol built on OAuth 2.0 that enables users to use their own domain as their identity when signing into third-party applications.
### Project Goals
- **Specification Compliance**: Full adherence to the W3C IndieAuth specification (https://www.w3.org/TR/indieauth/)
- **Simplicity**: Favor straightforward solutions over complex architectures
- **Control**: Enable operators to maintain full control over their authentication infrastructure
- **Self-Service**: Allow clients to self-register (unlike IndieLogin which requires manual approval)
### Key Differentiators
This implementation prioritizes client self-registration capability, providing a more flexible alternative to existing solutions like IndieLogin that require manual client_id additions by the maintainer.
### Reference Materials
- **Primary Specification**: W3C IndieAuth (https://www.w3.org/TR/indieauth/)
- **Reference Implementation**: Aaron Parecki's IndieLogin (https://github.com/aaronpk/indielogin.com) in PHP
- **Local Reference Copy**: `/home/phil/Projects/indielogin.com` - **READ ONLY** - No agent or subagent may modify this directory
**IMPORTANT**: The `/home/phil/Projects/indielogin.com` directory contains a PHP reference implementation for study purposes only. This directory is STRICTLY READ-ONLY. No modifications, writes, or changes of any kind are permitted by any agent or subagent.
### Architecture
- **Admin Model**: Single administrator
- **Client Model**: Multiple clients with self-registration capability
- **Compliance Target**: Any IndieAuth client must be able to successfully authenticate
## Team Structure
This project operates with two specialized agents coordinated by you:
### The Architect
- **Role**: System design, architecture decisions, standards definition, feature planning
- **Never writes**: Implementation code
- **Always creates**: Comprehensive design documentation before any implementation begins
- **Values**: Simplicity above all other considerations
### The Developer
- **Role**: Implementation according to Architect's designs
- **Never decides**: Architecture or design patterns independently
- **Always creates**: Tests and implementation reports
- **Values**: Clarity through asking questions before coding
## Documentation Structure
All project documentation lives in `/docs/` with the following hierarchy:
```
/docs/
├── standards/ # Project-wide standards and conventions
│ ├── versioning.md # Semantic versioning approach (v2)
│ ├── git.md # Git workflow (trunk-based preferred)
│ ├── testing.md # Testing strategy and requirements
│ └── coding.md # Language-specific coding standards
├── architecture/ # System-level architectural documentation
│ ├── overview.md # High-level system architecture
│ ├── indieauth-protocol.md # IndieAuth protocol implementation approach
│ └── security.md # Security model and threat mitigation
├── designs/ # Detailed technical designs for features
│ └── [feature-name].md
├── decisions/ # Architecture Decision Records (ADRs)
│ └── ADR-###-title.md # Using Michael Nygard's ADR format
├── roadmap/ # Version planning and feature tracking
│ ├── backlog.md # Feature backlog with t-shirt sizing
│ └── vX.Y.Z.md # Per-version feature plans
└── reports/ # Implementation reports from Developer
└── YYYY-MM-DD-feature-name.md
```
## Workflow Phases
### Phase 1: Architecture & Standards (Architect)
1. Review W3C IndieAuth specification thoroughly
2. Study reference implementation for patterns and approaches
3. Create `/docs/standards/` documentation
4. Create `/docs/architecture/overview.md`
5. Create initial `/docs/roadmap/backlog.md` with t-shirt sized features
6. Create first version plan in `/docs/roadmap/`
**Gate**: You review and approve the architectural foundation before implementation begins.
### Phase 2: Feature Design (Architect)
For each feature selected from the roadmap:
1. Create detailed design in `/docs/designs/[feature-name].md`
2. Document any architectural decisions in `/docs/decisions/`
3. Define acceptance criteria
4. Define test requirements
5. Signal readiness to Developer
**Gate**: Developer reviews design and asks clarification questions before starting.
### Phase 3: Implementation (Developer)
For each feature:
1. Review design document
2. Ask "CLARIFICATION NEEDED:" questions if anything is ambiguous
3. Implement according to design
4. Write unit tests (minimum requirement)
5. Create implementation report in `/docs/reports/`
6. Signal completion to Architect
**Gate**: Architect reviews implementation report and code before feature is considered complete.
### Phase 4: Iteration
1. Architect reviews report and may request changes or adjustments
2. Architect updates backlog and selects next feature
3. Return to Phase 2
## Communication Protocols
### When Developer Needs Clarification
Developer writes: **"CLARIFICATION NEEDED: [specific question about design]"**
- Must be specific and reference the design document
- Must happen BEFORE implementation begins if anything is unclear
### When Developer Completes Work
Developer creates report in `/docs/reports/YYYY-MM-DD-feature-name.md` containing:
- What was implemented
- How it was implemented (key decisions made)
- Issues encountered and resolutions
- Test results and coverage metrics
- Any deviations from the design and why
Developer writes: **"IMPLEMENTATION COMPLETE: [feature name] - Report ready for review"**
### When Architect Provides Design
Architect writes: **"DESIGN READY: [feature name] - Please review /docs/designs/[feature-name].md"**
### When Architect Reviews Implementation
Architect writes one of:
- **"APPROVED: [feature name] - Ready for integration"**
- **"CHANGES REQUESTED: [specific changes needed]"**
## Quality Requirements
### Code Quality
- All code must have unit tests at minimum
- Test coverage metrics must be included in implementation reports
- Code must follow standards defined in `/docs/standards/coding.md`
### Documentation Quality
- All designs must be complete before implementation begins
- All architectural decisions must be documented as ADRs
- All implementation reports must be thorough and honest
### IndieAuth Compliance
- Implementation must allow any compliant IndieAuth client to authenticate
- Protocol deviations must be explicitly documented and justified
- Reference implementation should be consulted for ambiguous specification points
## Technical Debt Management
The Architect maintains the feature backlog with the following rule:
- **10% allocation for technical debt per release**
- Technical debt items are tracked in `/docs/roadmap/backlog.md` with a "DEBT:" prefix
- Each release plan must include at least 10% of effort dedicated to technical debt reduction
## Project-Specific Considerations
### Simplicity as a Core Value
When faced with design decisions, always prefer:
- Fewer components over more components
- Standard patterns over novel approaches
- Explicit code over clever abstractions
- Direct solutions over framework magic
The Architect must actively guard against over-engineering.
### IndieAuth Protocol Compliance
The W3C specification is the source of truth. When the specification is ambiguous:
1. Consult the reference implementation for guidance
2. Document the interpretation as an ADR
3. Ensure the choice maintains interoperability
### Client Self-Registration
This is the key differentiator from IndieLogin. The Architect must design a self-registration flow that:
- Maintains security (prevents abuse)
- Requires minimal admin intervention
- Provides operators with visibility and control
- Follows OAuth 2.0 best practices for dynamic client registration
### Single Admin Model
The system has one administrator who:
- Controls the server configuration
- Manages the user identity (domain ownership)
- Has visibility into registered clients
- Can revoke or suspend clients if needed
## Version Strategy
This project follows semantic versioning (v2):
- **MAJOR**: Breaking changes to IndieAuth protocol implementation or API
- **MINOR**: New features, backward-compatible functionality
- **PATCH**: Bug fixes, documentation improvements
Initial target: **v1.0.0** - A compliant IndieAuth server with basic client self-registration.
## Your Role as Coordinator
You orchestrate the collaboration between Architect and Developer:
1. Ensure the Architect completes architectural work before implementation begins
2. Verify Developer asks clarification questions when designs are unclear
3. Enforce the gate system - no skipping phases
4. Maintain focus on simplicity and specification compliance
5. Make final decisions when Architect and Developer disagree
6. Keep the project moving forward through the workflow phases
Remember: The goal is a working, compliant, maintainable IndieAuth server that prioritizes simplicity and enables client self-registration. Everything else is secondary.
Reference in New Issue View Git Blame Copy Permalink