Root cause: Template expects flat structure (metrics.database.count) but
monitoring module provides nested structure (metrics.by_type.database.count)
with different field names (avg_duration_ms vs avg).
Solution: Route Adapter Pattern - transformer function maps data structure
at presentation layer.
Changes:
- Add transform_metrics_for_template() function to admin.py
- Update metrics_dashboard() route to use transformer
- Provide safe defaults for missing/empty metrics data
- Handle all operation types: database, http, render
Testing: All 32 admin route tests passing
Documentation:
- Updated implementation report with actual fix details
- Created consolidated hotfix design documentation
- Architectural review by architect (approved with minor concerns)
Technical debt: Adapter layer should be replaced with proper data
contracts in v1.2.0
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
CRITICAL production hotfix for v1.1.1-rc.2 addressing route conflict
that caused 500 errors on /admin/dashboard.
Changes:
- Renamed metrics dashboard route from /admin/dashboard to /admin/metrics-dashboard
- Added defensive imports for missing monitoring module with graceful fallback
- Updated version to 1.1.1-rc.2
- Updated CHANGELOG with hotfix details
- Created implementation report in docs/reports/
Testing:
- All 32 admin route tests pass (100%)
- 593/600 total tests pass (7 pre-existing failures unrelated to hotfix)
- Verified backward compatibility maintained
Design:
- Follows ADR-022 architecture decision
- Implements design from docs/design/hotfix-v1.1.1-rc2-route-conflict.md
- No breaking changes - all existing url_for() calls work correctly
Production Impact:
- Resolves 500 error at /admin/dashboard
- Notes dashboard remains at /admin/ (unchanged)
- Metrics dashboard now at /admin/metrics-dashboard
- Graceful degradation when monitoring module unavailable
Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Phase 1 of v1.1.1 "Polish" release focusing on production readiness.
Implements logging, connection pooling, validation, and error handling.
Following specs in docs/design/v1.1.1/developer-qa.md and ADRs 052-055.
**Structured Logging** (Q3, ADR-054)
- RotatingFileHandler (10MB files, keep 10)
- Correlation IDs for request tracing
- All print statements replaced with logging
- Context-aware correlation IDs (init/request)
- Logs written to data/logs/starpunk.log
**Database Connection Pooling** (Q2, ADR-053)
- Connection pool with configurable size (default: 5)
- Request-scoped connections via Flask g object
- Pool statistics for monitoring
- WAL mode enabled for concurrency
- Backward compatible get_db() signature
**Configuration Validation** (Q14, ADR-052)
- Validates presence and type of all config values
- Fail-fast startup with clear error messages
- LOG_LEVEL enum validation
- Type checking for strings, integers, paths
- Non-zero exit status on errors
**Centralized Error Handling** (Q4, ADR-055)
- Moved handlers to starpunk/errors.py
- Micropub spec-compliant JSON errors
- HTML templates for browser requests
- All errors logged with correlation IDs
- MicropubError exception class
**Database Module Reorganization**
- Moved database.py to database/ package
- Separated init.py, pool.py, schema.py
- Maintains backward compatibility
- Cleaner separation of concerns
**Testing**
- 580 tests passing
- 1 pre-existing flaky test noted
- No breaking changes to public API
**Documentation**
- CHANGELOG.md updated with v1.1.1 entry
- Version bumped to 1.1.1
- Implementation report in docs/reports/
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Fix bug where custom slugs (mp-slug) were being ignored because they
were extracted from normalized properties after being filtered out.
The root cause: normalize_properties() filters out all mp-* parameters
(line 139) because they're Micropub server extensions, not properties.
The old code tried to extract mp-slug from the normalized properties
dict, but it had already been removed.
The fix: Extract mp-slug directly from raw request data BEFORE calling
normalize_properties(). This preserves the custom slug through to
create_note().
Changes:
- Move mp-slug extraction to before property normalization (line 290-299)
- Handle both form-encoded (list) and JSON (string or list) formats
- Add comprehensive tests for custom slug with both request formats
- All 13 Micropub tests pass
Fixes the issue reported in production where Quill-specified slugs
were being replaced with auto-generated ones.
References:
- docs/reports/custom-slug-bug-diagnosis.md (architect's analysis)
- Micropub spec: mp-slug is a server extension parameter
Generated with Claude Code
Co-Authored-By: Claude <noreply@anthropic.com>
Implements full search functionality for StarPunk v1.1.0.
Search API Endpoint (/api/search):
- GET endpoint with query parameter (q) validation
- Pagination via limit (default 20, max 100) and offset parameters
- JSON response with results count and formatted search results
- Authentication-aware: anonymous users see published notes only
- Graceful handling of FTS5 unavailability (503 error)
- Proper error responses for missing/empty queries
Search Web Interface (/search):
- HTML search results page with Bootstrap-inspired styling
- Search form with HTML5 validation (minlength=2, maxlength=100)
- Results display with title, excerpt, date, and links
- Empty state for no results
- Error state for FTS5 unavailability
- Simple pagination (Next/Previous navigation)
Navigation Integration:
- Added search box to site navigation in base.html
- Preserves query parameter on results page
- Responsive design with emoji search icon
- Accessible with proper ARIA labels
FTS Index Population:
- Added startup check in __init__.py for empty FTS index
- Automatic rebuild from existing notes on first run
- Graceful degradation if population fails
- Logging for troubleshooting
Security Features:
- XSS prevention: HTML in search results properly escaped
- Safe highlighting: FTS5 <mark> tags preserved, user content escaped
- Query validation: empty queries rejected, length limits enforced
- SQL injection prevention via FTS5 query parser
- Authentication filtering: unpublished notes hidden from anonymous users
Testing:
- Added 41 comprehensive tests across 3 test files
- test_search_api.py: 12 tests for API endpoint validation
- test_search_integration.py: 17 tests for UI rendering and integration
- test_search_security.py: 12 tests for XSS, SQL injection, auth filtering
- All tests passing with no regressions
Implementation follows architect specifications from:
- docs/architecture/v1.1.0-validation-report.md
- docs/architecture/v1.1.0-feature-architecture.md
- docs/decisions/ADR-034-full-text-search.md
Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Release v1.1.0 "Searchlight" with search, custom slugs, and RSS fix.
Changes:
- Updated version to 1.1.0 in starpunk/__init__.py
- Updated CHANGELOG.md with v1.1.0 release notes
- Created implementation report in docs/reports/
Release highlights:
- Full-text search with FTS5 (core functionality complete)
- Custom slugs via Micropub mp-slug property
- RSS feed ordering fix (newest first)
- Migration system redesign (INITIAL_SCHEMA_SQL)
All features implemented and tested. Search UI to be completed
in immediate follow-up work.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Implements FTS5-based full-text search for notes as specified in ADR-034.
Changes:
- Created migration 005_add_fts5_search.sql with FTS5 virtual table
- Created starpunk/search.py module with search functions
- Integrated FTS index updates into create_note() and update_note()
- DELETE trigger automatically removes notes from FTS index
- INSERT/UPDATE handled by application code (files not in DB)
Features:
- Porter stemming for better English search
- Unicode normalization for international characters
- Relevance ranking with snippets
- Graceful degradation if FTS5 unavailable
- Helper function to rebuild index if needed
Note: Initial FTS index population needs to be added to app startup.
Part of v1.1.0 (Phase 3).
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
This aligns with ADR-033's migration system redesign. The initial schema
represents the v1.0.0 baseline and should not be modified. All schema
changes after v1.0.0 must go in migration files.
Changes:
- Renamed SCHEMA_SQL → INITIAL_SCHEMA_SQL in database.py
- Updated all references in migrations.py comments
- Added comment: "DO NOT MODIFY - This represents the v1.0.0 schema state"
- No functional changes, purely documentation improvement
Part of v1.1.0 migration system redesign (Phase 2).
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Fixed bug where feedgen library was reversing the order of feed items.
Database returns notes in DESC order (newest first), but feedgen was
displaying them oldest-first in the RSS XML. Added reversed() wrapper
to maintain correct chronological order in the feed.
Added regression test to verify feed order matches database order.
Bug confirmed by testing:
- Database: [Note 2, Note 1, Note 0] (newest first)
- Old feed: [Note 0, Note 1, Note 2] (oldest first) ❌
- New feed: [Note 2, Note 1, Note 0] (newest first) ✅🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Remove leading slash when constructing URLs with SITE_URL
- SITE_URL already includes trailing slash per IndieAuth spec
- Fixes malformed Location header in Micropub responses
- Fixes malformed URLs in Microformats2 query responses
Changes:
- starpunk/micropub.py line 312: f"{site_url}notes/{note.slug}"
- starpunk/micropub.py line 383: f"{site_url}notes/{note.slug}"
- Added comments explaining SITE_URL trailing slash convention
- Updated version to 1.0.1 in starpunk/__init__.py
- Updated CHANGELOG.md with v1.0.1 release notes
Fixes double slash issue reported after v1.0.0 release.
Per ADR-039 and docs/releases/v1.0.1-hotfix-plan.md
Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
First production-ready release of StarPunk - a minimal, self-hosted
IndieWeb CMS with full IndieAuth and Micropub compliance.
Changes:
- Update version to 1.0.0 in starpunk/__init__.py
- Update README.md version references and feature descriptions
- Finalize CHANGELOG.md with comprehensive v1.0.0 release notes
This milestone completes all V1 features:
- W3C IndieAuth specification compliance with endpoint discovery
- W3C Micropub specification implementation
- Robust database migrations with race condition protection
- Production-ready containerized deployment
- 536 tests passing with 87% code coverage
StarPunk is now ready for production use as a personal IndieWeb
publishing platform.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
CRITICAL HOTFIX for production deployment failure
Problem:
- Production database had migration 001 applied but not migration 002
- Migration 002's tables (tokens, authorization_codes) already existed from SCHEMA_SQL
- Smart detection only checked when migration_count == 0 (fresh database)
- For partially migrated databases (count > 0), tried to run full migration
- This failed with "table already exists" error
Solution:
- Always check migration 002's state, regardless of migration_count
- If tables exist with correct structure, skip table creation
- Create missing indexes only
- Mark migration as applied
Testing:
- Manual verification with production scenario: SUCCESS
- 561 automated tests passing
- test_run_migrations_partial_applied confirms fix works
Impact:
- Fixes deployment on partially migrated production databases
- No impact on fresh or fully migrated databases
- Backwards compatible with all database states
Version: 1.0.0-rc.2 → 1.0.0-rc.3
Generated with Claude Code
Co-Authored-By: Claude <noreply@anthropic.com>
Fixes critical issue where migration 002 indexes already existed in SCHEMA_SQL,
causing 'index already exists' errors on databases created before v1.0.0-rc.1.
Changes:
- Removed duplicate index definitions from SCHEMA_SQL (database.py)
- Enhanced migration system to detect and handle indexes properly
- Added comprehensive documentation of the fix
Version bumped to 1.0.0-rc.2 with full changelog entry.
Refs: docs/reports/2025-11-24-migration-fix-v1.0.0-rc.2.md
Implements token security and management as specified in ADR-029:
Database Changes (BREAKING):
- Add secure tokens table with SHA256 hashed storage
- Add authorization_codes table for IndieAuth token exchange
- Drop old insecure tokens table (invalidates existing tokens)
- Update SCHEMA_SQL to match post-migration state
Token Management (starpunk/tokens.py):
- Generate cryptographically secure tokens
- Hash tokens with SHA256 for secure storage
- Create and verify access tokens
- Create and exchange authorization codes
- PKCE support (optional but recommended)
- Scope validation (V1: only 'create' scope)
- Token expiry and revocation support
Testing:
- Comprehensive test suite for all token operations
- Test authorization code replay protection
- Test PKCE validation
- Test parameter validation
- Test token expiry
Security:
- Tokens never stored in plain text
- Authorization codes single-use with replay protection
- Optional PKCE for enhanced security
- Proper UTC datetime handling for expiry
Related:
- ADR-029: Micropub IndieAuth Integration Strategy
- Migration 002: Secure tokens and authorization codes
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
os.getenv() returns empty string instead of using default when env var
is set but empty. This caused SECRET_KEY to be empty when FLASK_SECRET_KEY=""
was in .env, breaking Flask sessions/flash messages.
Now treats empty string same as unset, properly falling back to SESSION_SECRET.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
IndieAuth authentication-only flows should redeem the code at the
authorization endpoint, not the token endpoint. The token endpoint
is only for authorization flows that need access tokens.
- Remove grant_type parameter (only needed for token flows)
- Change endpoint from /token to /authorize
- Update debug logging to reflect code verification flow
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
The token exchange request was missing the required grant_type parameter
per OAuth 2.0 RFC 6749. IndieAuth providers that properly validate this
were rejecting the request with a 422 error.
- Add grant_type=authorization_code to token exchange data
- Add ADR-022 documenting the spec compliance requirement
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
The auth routes were registered under /admin/* but the IndieAuth
redirect_uri was configured as /auth/callback, causing 404 errors
when providers redirected back after authentication.
- Change auth blueprint url_prefix from "/admin" to "/auth"
- Update test expectations for new auth route paths
- Add ADR-022 documenting the architectural decision
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Shows the exact GET request URL being sent to IndieLogin.com's
/authorize endpoint, including all query parameters in their
encoded form. This helps debug authentication flow issues.
- Added debug log after auth_url construction in initiate_login()
- Logs complete URL with all parameters before redirect
- Version remains 0.9.1 (debugging enhancement only)
This fixes critical IndieAuth authentication by implementing PKCE (Proof Key
for Code Exchange) as required by IndieLogin.com API specification.
Added:
- PKCE code_verifier and code_challenge generation (RFC 7636)
- Database column: auth_state.code_verifier for PKCE support
- Issuer validation for authentication callbacks
- Comprehensive PKCE unit tests (6 tests, all passing)
- Database migration script for code_verifier column
Changed:
- Corrected IndieLogin.com API endpoints (/authorize and /token)
- State token validation now returns code_verifier for token exchange
- Authentication flow follows IndieLogin.com API specification exactly
- Enhanced logging with code_verifier redaction
Removed:
- OAuth metadata endpoint (/.well-known/oauth-authorization-server)
Added in v0.7.0 but not required by IndieLogin.com
- h-app microformats markup from templates
Modified in v0.7.1 but not used by IndieLogin.com
- indieauth-metadata link from HTML head
Security:
- PKCE prevents authorization code interception attacks
- Issuer validation prevents token substitution attacks
- Code verifier securely stored, redacted in logs, and single-use
Documentation:
- Version: 0.8.0
- CHANGELOG updated with v0.8.0 entry and v0.7.x notes
- ADR-016 and ADR-017 marked as superseded by ADR-019
- Implementation report created in docs/reports/
- Test update guide created in TODO_TEST_UPDATES.md
Breaking Changes:
- Users mid-authentication will need to restart login after upgrade
- Database migration required before deployment
Related: ADR-019
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
h-app was invisible to IndieAuth parsers due to hidden and
aria-hidden attributes, preventing proper client discovery.
- Remove hidden and aria-hidden="true" from h-app div
- Update version to 0.7.1
- Update CHANGELOG with fix details
This provides backward compatibility for IndieAuth services
that rely on h-app microformat parsing.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add logging helper functions with automatic token redaction
- Implement comprehensive logging throughout auth flow
- Add production warning for DEBUG logging
- Add 14 new tests for logging functionality
- Update version to v0.7.0
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Fixes critical IndieAuth authentication failure by implementing modern
JSON-based client discovery mechanism per IndieAuth spec section 4.2.
Added /.well-known/oauth-authorization-server endpoint returning JSON
metadata with client_id, redirect_uris, and OAuth capabilities.
Added <link rel="indieauth-metadata"> discovery hint in HTML head.
Maintained h-app microformats for backward compatibility with legacy
IndieAuth servers.
This resolves "client_id is not registered" error from IndieLogin.com
by providing the metadata document modern IndieAuth servers expect.
Changes:
- Added oauth_client_metadata() endpoint in public routes
- Returns JSON with client info (24-hour cache)
- Uses config values (SITE_URL, SITE_NAME) not hardcoded URLs
- Added indieauth-metadata link in base.html
- Comprehensive test suite (15 new tests, all passing)
- Updated version to v0.6.2 (PATCH increment)
- Updated CHANGELOG.md with detailed fix documentation
Standards Compliance:
- IndieAuth specification section 4.2
- OAuth Client ID Metadata Document format
- IANA well-known URI registry
- RFC 7591 OAuth 2.0 Dynamic Client Registration
Testing:
- 467/468 tests passing (99.79%)
- 15 new tests for OAuth metadata and discovery
- Zero regressions in existing tests
- Test coverage maintained at 88%
Related Documentation:
- ADR-017: OAuth Client ID Metadata Document Implementation
- IndieAuth Fix Summary report
- Implementation report in docs/reports/
Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
The config.py was defaulting to hardcoded '0.6.0' instead of using
the package __version__ variable. This caused the footer to show the
wrong version number even after updating to 0.6.1.
Now config.py imports and uses __version__ as the default, ensuring
version consistency across the codebase.
Fixes version display bug in v0.6.1.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Add h-app microformats markup to base.html to enable IndieLogin.com
to verify StarPunk as a legitimate OAuth client. Without this markup,
IndieLogin returns "client_id is not registered" error, blocking all
production authentication.
The h-app markup provides client identification per IndieAuth legacy
standard, which is widely supported by authorization servers including
IndieLogin.com.
Changes:
- Add h-app microformats div to base.html footer (hidden)
- Update version to v0.6.1 (patch release per ADR-008)
- Update CHANGELOG.md with v0.6.1 release notes
- Add 6 comprehensive tests for h-app markup (all passing)
- Create ADR-016 documenting client discovery decision
- Create architecture analysis report
- Create implementation report
Tests: 456 total, 455 passing (99.78%)
New tests: 6 for h-app microformats (100% passing)
Fixes critical bug preventing production authentication.
Related: Phase 3 Authentication implementation, ADR-016
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Implements Phase 5 containerization specification:
- Add /health endpoint for container monitoring
- Create multi-stage Containerfile (Podman/Docker compatible)
- Add compose.yaml for orchestration
- Add Caddyfile.example for reverse proxy (auto-HTTPS)
- Add nginx.conf.example as alternative
- Update .env.example with container and RSS feed variables
- Add gunicorn WSGI server to requirements.txt
Container features:
- Multi-stage build for smaller image size
- Non-root user (starpunk:1000)
- Health check with database connectivity test
- Volume mount for data persistence
- Resource limits and logging configuration
- Security headers and HTTPS configuration examples
Health check endpoint:
- Tests database connectivity
- Verifies filesystem access
- Returns JSON with status, version, and environment
Following Phase 5 design in docs/designs/phase-5-rss-and-container.md
Implements RSS 2.0 feed generation using feedgen library.
Features:
- generate_feed() creates standards-compliant RSS 2.0 XML
- RFC-822 date formatting for pubDate elements
- Title extraction from note content (first line or timestamp)
- CDATA safety for HTML content
- Configurable feed item limits
Follows ADR-014 RSS implementation strategy.
Related: docs/decisions/ADR-014-rss-feed-implementation.md
Phase 5 adds RSS feed generation and production containerization.
This is a minor version bump per semantic versioning.
Related: docs/decisions/ADR-015-phase-5-implementation-approach.md
