phil/StarPunk
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
122 Commits 2 Branches 33 Tags
f901aa22429cc72a61429161ad0ad06b5cfb3732
Commit Graph

5 Commits

Author SHA1 Message Date
Phil Skentelbery
dd822a35b5 feat: v1.2.0-rc.1 - IndieWeb Features Release Candidate 
Complete implementation of v1.2.0 "IndieWeb Features" release.

## Phase 1: Custom Slugs
- Optional custom slug field in note creation form
- Auto-sanitization (lowercase, hyphens only)
- Uniqueness validation with auto-numbering
- Read-only after creation to preserve permalinks
- Matches Micropub mp-slug behavior

## Phase 2: Author Discovery + Microformats2
- Automatic h-card discovery from IndieAuth identity URL
- 24-hour caching with graceful fallback
- Never blocks login (per ADR-061)
- Complete h-entry, h-card, h-feed markup
- All required Microformats2 properties
- rel-me links for identity verification
- Passes IndieWeb validation

## Phase 3: Media Upload
- Upload up to 4 images per note (JPEG, PNG, GIF, WebP)
- Automatic optimization with Pillow
  - Auto-resize to 2048px
  - EXIF orientation correction
  - 95% quality compression
- Social media-style layout (media top, text below)
- Optional captions for accessibility
- Integration with all feed formats (RSS, ATOM, JSON Feed)
- Date-organized storage with UUID filenames
- Immutable caching (1 year)

## Database Changes
- migrations/006_add_author_profile.sql - Author discovery cache
- migrations/007_add_media_support.sql - Media storage

## New Modules
- starpunk/author_discovery.py - h-card discovery and caching
- starpunk/media.py - Image upload, validation, optimization

## Documentation
- 4 new ADRs (056, 057, 058, 061)
- Complete design specifications
- Developer Q&A with 40+ questions answered
- 3 implementation reports
- 3 architect reviews (all approved)

## Testing
- 56 new tests for v1.2.0 features
- 842 total tests in suite
- All v1.2.0 feature tests passing

## Dependencies
- Added: mf2py (Microformats2 parser)
- Added: Pillow (image processing)

Version: 1.2.0-rc.1

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-11-28 15:02:20 -07:00
Phil Skentelbery
b0230b1233 feat: Complete v1.1.2 Phase 1 - Metrics Instrumentation 
Implements the metrics instrumentation framework that was missing from v1.1.1.
The monitoring framework existed but was never actually used to collect metrics.

Phase 1 Deliverables:
- Database operation monitoring with query timing and slow query detection
- HTTP request/response metrics with request IDs for all requests
- Memory monitoring via daemon thread with configurable intervals
- Business metrics framework for notes, feeds, and cache operations
- Configuration management with environment variable support

Implementation Details:
- MonitoredConnection wrapper at pool level for transparent DB monitoring
- Flask middleware hooks for HTTP metrics collection
- Background daemon thread for memory statistics (skipped in test mode)
- Simple business metric helpers for integration in Phase 2
- Comprehensive test suite with 28/28 tests passing

Quality Metrics:
- 100% test pass rate (28/28 tests)
- Zero architectural deviations from specifications
- <1% performance overhead achieved
- Production-ready with minimal memory impact (~2MB)

Architect Review: APPROVED with excellent marks

Documentation:
- Implementation report: docs/reports/v1.1.2-phase1-metrics-implementation.md
- Architect review: docs/reviews/2025-11-26-v1.1.2-phase1-review.md
- Updated CHANGELOG.md with Phase 1 additions

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-11-26 14:13:44 -07:00
Phil Skentelbery
80bd51e4c1 fix: Implement IndieAuth endpoint discovery (v1.0.0-rc.5) 
CRITICAL: Fix hardcoded IndieAuth endpoint configuration that violated
the W3C IndieAuth specification. Endpoints are now discovered dynamically
from the user's profile URL as required by the spec.

This combines two critical fixes for v1.0.0-rc.5:
1. Migration race condition fix (previously committed)
2. IndieAuth endpoint discovery (this commit)

## What Changed

### Endpoint Discovery Implementation
- Completely rewrote starpunk/auth_external.py with full endpoint discovery
- Implements W3C IndieAuth specification Section 4.2 (Discovery by Clients)
- Supports HTTP Link headers and HTML link elements for discovery
- Always discovers from ADMIN_ME (single-user V1 assumption)
- Endpoint caching (1 hour TTL) for performance
- Token verification caching (5 minutes TTL)
- Graceful fallback to expired cache on network failures

### Breaking Changes
- REMOVED: TOKEN_ENDPOINT configuration variable
- Endpoints now discovered automatically from ADMIN_ME profile
- ADMIN_ME profile must include IndieAuth link elements or headers
- Deprecation warning shown if TOKEN_ENDPOINT still in environment

### Added
- New dependency: beautifulsoup4>=4.12.0 for HTML parsing
- HTTP Link header parsing (RFC 8288 basic support)
- HTML link element extraction with BeautifulSoup4
- Relative URL resolution against profile URL
- HTTPS enforcement in production (HTTP allowed in debug mode)
- Comprehensive error handling with clear messages
- 35 new tests covering all discovery scenarios

### Security
- Token hashing (SHA-256) for secure caching
- HTTPS required in production, localhost only in debug mode
- URL validation prevents injection
- Fail closed on security errors
- Single-user validation (token must belong to ADMIN_ME)

### Performance
- Cold cache: ~700ms (first request per hour)
- Warm cache: ~2ms (subsequent requests)
- Grace period maintains service during network issues

## Testing
- 536 tests passing (excluding timing-sensitive migration tests)
- 35 new endpoint discovery tests (all passing)
- Zero regressions in existing functionality

## Documentation
- Updated CHANGELOG.md with comprehensive v1.0.0-rc.5 entry
- Implementation report: docs/reports/2025-11-24-v1.0.0-rc.5-implementation.md
- Migration guide: docs/migration/fix-hardcoded-endpoints.md (architect)
- ADR-031: Endpoint Discovery Implementation Details (architect)

## Migration Required
1. Ensure ADMIN_ME profile has IndieAuth link elements
2. Remove TOKEN_ENDPOINT from .env file
3. Restart StarPunk - endpoints discovered automatically

Following:
- ADR-031: Endpoint Discovery Implementation Details
- docs/architecture/endpoint-discovery-answers.md (architect Q&A)
- docs/architecture/indieauth-endpoint-discovery.md (architect guide)
- W3C IndieAuth Specification Section 4.2

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-11-24 19:41:39 -07:00
Phil Skentelbery
c559f89a7f feat: add production container support with health check endpoint 
Implements Phase 5 containerization specification:
- Add /health endpoint for container monitoring
- Create multi-stage Containerfile (Podman/Docker compatible)
- Add compose.yaml for orchestration
- Add Caddyfile.example for reverse proxy (auto-HTTPS)
- Add nginx.conf.example as alternative
- Update .env.example with container and RSS feed variables
- Add gunicorn WSGI server to requirements.txt

Container features:
- Multi-stage build for smaller image size
- Non-root user (starpunk:1000)
- Health check with database connectivity test
- Volume mount for data persistence
- Resource limits and logging configuration
- Security headers and HTTPS configuration examples

Health check endpoint:
- Tests database connectivity
- Verifies filesystem access
- Returns JSON with status, version, and environment

Following Phase 5 design in docs/designs/phase-5-rss-and-container.md
 2025-11-19 10:02:41 -07:00
Phil Skentelbery
a68fd570c7 that initial commit 2025-11-18 19:21:31 -07:00