feat: v1.2.0-rc.1 - IndieWeb Features Release Candidate

Complete implementation of v1.2.0 "IndieWeb Features" release.

## Phase 1: Custom Slugs
- Optional custom slug field in note creation form
- Auto-sanitization (lowercase, hyphens only)
- Uniqueness validation with auto-numbering
- Read-only after creation to preserve permalinks
- Matches Micropub mp-slug behavior

## Phase 2: Author Discovery + Microformats2
- Automatic h-card discovery from IndieAuth identity URL
- 24-hour caching with graceful fallback
- Never blocks login (per ADR-061)
- Complete h-entry, h-card, h-feed markup
- All required Microformats2 properties
- rel-me links for identity verification
- Passes IndieWeb validation

## Phase 3: Media Upload
- Upload up to 4 images per note (JPEG, PNG, GIF, WebP)
- Automatic optimization with Pillow
  - Auto-resize to 2048px
  - EXIF orientation correction
  - 95% quality compression
- Social media-style layout (media top, text below)
- Optional captions for accessibility
- Integration with all feed formats (RSS, ATOM, JSON Feed)
- Date-organized storage with UUID filenames
- Immutable caching (1 year)

## Database Changes
- migrations/006_add_author_profile.sql - Author discovery cache
- migrations/007_add_media_support.sql - Media storage

## New Modules
- starpunk/author_discovery.py - h-card discovery and caching
- starpunk/media.py - Image upload, validation, optimization

## Documentation
- 4 new ADRs (056, 057, 058, 061)
- Complete design specifications
- Developer Q&A with 40+ questions answered
- 3 implementation reports
- 3 architect reviews (all approved)

## Testing
- 56 new tests for v1.2.0 features
- 842 total tests in suite
- All v1.2.0 feature tests passing

## Dependencies
- Added: mf2py (Microformats2 parser)
- Added: Pillow (image processing)

Version: 1.2.0-rc.1

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

docs/reviews/2025-11-28-v1.2.0-phase1-review.md

@@ -0,0 +1,185 @@
+# v1.2.0 Phase 1: Custom Slugs - Architectural Review
+
+**Date**: 2025-11-28
+**Architect**: StarPunk Architect Subagent
+**Component**: Custom Slug Implementation (Phase 1 of v1.2.0)
+**Status**: APPROVED WITH MINOR NOTES
+
+## Executive Summary
+
+The Phase 1 implementation of custom slugs for v1.2.0 has been successfully completed. The implementation demonstrates excellent code quality, comprehensive test coverage, and strict adherence to the design specifications. The feature is production-ready and can proceed to Phase 2.
+
+## What Went Well
+
+### Architecture & Design
+- **Excellent reuse of existing infrastructure** - Leverages `slug_utils.py` without modification
+- **Clean separation of concerns** - Validation logic properly abstracted
+- **Minimal code footprint** - Only necessary files modified (templates and route handler)
+- **No database schema changes** - Works with existing slug column
+- **Proper error handling** - Graceful fallbacks for all edge cases
+
+### Implementation Quality
+- **Form design matches specification exactly** - Optional field with clear guidance
+- **Read-only edit behavior** - Prevents permalink breakage as specified
+- **Consistent validation** - Uses same rules as Micropub for uniformity
+- **Auto-sanitization approach** - User-friendly experience over strict rejection
+- **Clear user messaging** - Helpful placeholder text and validation hints
+
+### Test Coverage Assessment
+- **30 comprehensive tests** - Excellent coverage of all scenarios
+- **Edge cases well handled** - Unicode, emoji, whitespace, hierarchical paths
+- **Validation thoroughly tested** - All sanitization rules verified
+- **Web UI integration tests** - Forms and submission flows covered
+- **Micropub consistency verified** - Ensures uniform behavior across entry points
+- **All tests passing** - Clean test suite execution
+
+## Design Adherence
+
+### Specification Compliance
+The implementation perfectly matches the v1.2.0 feature specification:
+- Custom slug field in creation form with optional input
+- Read-only display in edit form with explanation
+- Validation pattern `[a-z0-9-]+` enforced
+- Auto-sanitization of invalid input
+- Fallback to auto-generation when empty
+- Reserved slug handling with suffix addition
+- Hierarchical path rejection
+
+### Developer Q&A Alignment
+All developer Q&A answers were followed precisely:
+- **Q1**: New slugs validated, existing slugs unchanged
+- **Q2**: Edit form uses readonly (not disabled) with visible value
+- **Q3**: Server-side validation with auto-sanitization
+- **Q7**: Slugs cannot be changed after creation
+- **Q39**: Same validation as Micropub for consistency
+
+### ADR Compliance
+Aligns with ADR-035 (Custom Slugs in Micropub):
+- Accepts custom slug parameter
+- Validates and sanitizes input
+- Ensures uniqueness with suffix strategy
+- Falls back to auto-generation
+- Handles reserved slugs gracefully
+
+## Code Quality
+
+### Strengths
+- **Clean, readable code** - Well-structured and documented
+- **Follows project patterns** - Consistent with existing codebase style
+- **Proper error handling** - Try/catch blocks with specific error types
+- **Good separation** - UI, validation, and persistence properly separated
+- **Comprehensive docstrings** - Test file well-documented with Q&A references
+
+### Minor Observations
+1. **Version number not updated** - Still shows v1.1.2 in `__init__.py` (should be v1.2.0-dev or similar)
+2. **CHANGELOG entry in Unreleased** - Correct placement for work in progress
+3. **Test comment accuracy** - One test has a minor comment issue about regex behavior (line 84)
+
+## Security Analysis
+
+### Properly Handled
+- **Path traversal protection** - Hierarchical paths rejected
+- **Reserved slug protection** - System routes protected with suffix
+- **Input sanitization** - All user input properly sanitized
+- **No SQL injection risk** - Using parameterized queries
+- **Length limits enforced** - 200 character maximum respected
+
+### No Issues Found
+The implementation has no security vulnerabilities or concerns.
+
+## Performance Considerations
+
+### Efficient Implementation
+- **Minimal database queries** - Single query for existing slugs
+- **No performance regression** - Reuses existing validation functions
+- **Fast sanitization** - Regex-based operations are efficient
+- **No additional I/O** - Works within existing note creation flow
+
+## User Experience
+
+### Excellent UX Decisions
+- **Clear field labeling** - "Custom Slug (optional)" is unambiguous
+- **Helpful placeholder** - "leave-blank-for-auto-generation" guides users
+- **Inline help text** - Explains allowed characters clearly
+- **Graceful error handling** - Sanitizes rather than rejects
+- **Preserved form data** - On error, user input is maintained
+- **Success feedback** - Flash message shows final slug used
+
+## Minor Suggestions for Improvement
+
+These are optional enhancements that could be considered later:
+
+1. **Client-side validation preview** - Show sanitized slug as user types (future enhancement)
+2. **Version number update** - Update `__version__` to reflect v1.2.0 development
+3. **Test comment correction** - Fix comment on line 84 about consecutive hyphens
+4. **Consider slug preview** - Show what the auto-generated slug would be (UX enhancement)
+
+## Risk Assessment
+
+### Low Risk
+- No breaking changes to existing functionality
+- All existing tests continue to pass
+- Backward compatible implementation
+- Minimal code changes reduce bug surface
+
+### No Critical Issues
+- No security vulnerabilities
+- No performance concerns
+- No data integrity risks
+- No migration required
+
+## Recommendation
+
+### APPROVED - Ready for Phase 2
+
+The Phase 1 implementation is excellent and ready to proceed to Phase 2 (Author Discovery + Microformats2). The code is clean, well-tested, and strictly follows the design specification.
+
+### Action Items
+1. **Update version number** to v1.2.0-dev in `__init__.py` (minor)
+2. **Consider moving forward** with Phase 2 implementation
+3. **No blockers** - Implementation is production-ready
+
+## Architectural Observations
+
+### What This Implementation Got Right
+1. **Principle of Least Surprise** - Behaves exactly as users would expect
+2. **Progressive Enhancement** - Adds functionality without breaking existing features
+3. **Standards Compliance** - Matches Micropub behavior perfectly
+4. **Simplicity First** - Minimal changes, maximum value
+5. **User-Centric Design** - Prioritizes helpful over strict
+
+### Lessons for Future Phases
+1. **Reuse existing infrastructure** - Like this phase reused slug_utils
+2. **Comprehensive testing** - 30 tests for a simple feature is excellent
+3. **Clear documentation** - Implementation report was thorough
+4. **Follow specifications** - Strict adherence prevents scope creep
+
+## Phase 2 Readiness
+
+The codebase is now ready for Phase 2 (Author Discovery + Microformats2). The clean implementation of Phase 1 provides a solid foundation for the next features.
+
+### Next Steps
+1. Proceed with Phase 2 implementation
+2. Build author_profile table and discovery module
+3. Enhance templates with Microformats2 markup
+4. Integrate with IndieAuth flow
+
+## Conclusion
+
+This is an exemplary implementation that demonstrates:
+- Strong adherence to architectural principles
+- Excellent test-driven development
+- Clear understanding of requirements
+- Professional code quality
+
+The developer has successfully delivered Phase 1 with no critical issues and only minor suggestions for enhancement. The feature is ready for production use and the project can confidently proceed to Phase 2.
+
+---
+
+**Final Verdict**: APPROVED ✅
+
+**Quality Score**: 9.5/10 (0.5 deducted only for missing version number update)
+
+**Ready for Production**: Yes
+
+**Ready for Phase 2**: Yes