# StarPunk Next Release Options After v1.1.2 "Syndicate" (Metrics + Multi-Format Feeds + Statistics Dashboard) ## Option A: v1.2.0 "Discover" - Discoverability & SEO Enhancement **Focus:** Make your content findable by search engines and discoverable by IndieWeb tools, improving organic reach and community integration. **User Benefit:** Your notes become easier to find through Google, properly parsed by IndieWeb tools, and better integrated with the broader web ecosystem. Solves the "I'm publishing but nobody can find me" problem. **Key Features:** - **Microformats2 Enhancement** - Full h-entry, h-card, h-feed validation and enrichment with author info, categories, and reply contexts - **Structured Data Implementation** - Schema.org JSON-LD for articles, breadcrumbs, and person markup for rich snippets - **XML Sitemap Generation** - Dynamic sitemap.xml with lastmod dates, priority scores, and change frequencies - **OpenGraph & Twitter Cards** - Social media preview optimization with proper meta tags and image handling - **Webmention Discovery** - Add webmention endpoint discovery links (preparation for future receiving) - **Archive Pages** - Year/month archive pages with proper pagination and navigation - **Category/Tag System** - Simple tagging with category pages and tag clouds (backward compatible with existing notes) **Technical Highlights:** - Microformats2 spec compliance validation with indiewebify.me - JSON-LD structured data for Google Rich Results - Sitemap protocol compliance with optional ping to search engines - Minimal implementation - tags stored in note metadata, no new tables - Progressive enhancement - existing notes work unchanged **Scope:** Medium **Dependencies:** - Existing RSS/ATOM/JSON Feed infrastructure for sitemap generation - Current URL routing for archive pages - Metrics instrumentation helps track search traffic **Strategic Value:** Essential for growth - if people can't find your content, the best CMS is worthless. This positions StarPunk as SEO-friendly out of the box, competing with static site generators while maintaining IndieWeb principles. --- ## Option B: v1.2.0 "Control" - Publishing Workflow & Content Management **Focus:** Professional publishing workflows with scheduling, drafts management, and bulk operations - treating your notes as a serious publishing platform. **User Benefit:** Write when inspired, publish when strategic. Queue up content for consistent publishing, manage drafts effectively, and perform bulk operations efficiently. Solves the "I want to write now but publish later" problem. **Key Features:** - **Scheduled Publishing** - Set future publish dates/times with automatic publishing via background worker - **Draft Versioning** - Save multiple draft versions with comparison view and restore capability - **Bulk Operations** - Select multiple notes for publish/unpublish/delete with confirmation - **Publishing Calendar** - Visual calendar showing scheduled posts, published posts, and gaps - **Auto-Save Drafts** - JavaScript-based auto-save every 30 seconds while editing - **Note Templates** - Create reusable templates for common post types (weekly update, link post, etc.) - **Quick Notes** - Minimal UI for rapid note creation (just a text box, like Twitter) - **Markdown Shortcuts** - Toolbar with common formatting buttons and keyboard shortcuts **Technical Highlights:** - Background task runner (simple Python threading, no Celery needed) - Draft versions stored as JSON in a single column (no complex versioning tables) - Calendar view using existing metrics dashboard infrastructure - LocalStorage for auto-save (works offline) - Template system uses simple markdown files in data/templates/ **Scope:** Large **Dependencies:** - Existing admin interface for UI components - Current note creation flow for templates - Metrics system helps track publishing patterns **Strategic Value:** Transforms StarPunk from a simple notes publisher to a professional content management system. Appeals to serious bloggers and content creators who need workflow features but want IndieWeb simplicity. --- ## Option C: v1.1.3 "Shield" - Security Hardening & Privacy Controls **Focus:** Enterprise-grade security hardening and privacy features, making StarPunk suitable for security-conscious users and sensitive content. **User Benefit:** Peace of mind knowing your content is protected with multiple layers of security, comprehensive audit trails, and privacy controls. Solves the "I need to know my site is secure" problem. **Key Features:** - **Two-Factor Authentication (2FA)** - TOTP support via authenticator apps with backup codes - **Comprehensive Audit Logging** - Track all actions: login attempts, note changes, settings modifications with who/what/when/where - **Rate Limiting** - Application-level rate limiting for auth endpoints, API calls, and feed access - **Content Security Policy (CSP) Level 2** - Strict CSP with nonces, report-uri, and upgrade-insecure-requests - **Session Security Hardening** - Fingerprinting, concurrent session limits, geographic anomaly detection - **Private Notes** - Password-protected notes with separate authentication (not in feeds) - **Automated Security Headers** - HSTS preload, X-Frame-Options, X-Content-Type-Options, Referrer-Policy - **Failed Login Tracking** - Lock accounts after N failed attempts with email notification **Technical Highlights:** - PyOTP library for TOTP implementation (minimal dependency) - Audit logs in separate SQLite database for performance isolation - Rate limiting using in-memory token bucket algorithm - CSP nonce generation per request for inline scripts - GeoIP lite for geographic anomaly detection - bcrypt for private note passwords **Scope:** Medium **Dependencies:** - Existing auth system for 2FA integration - Current session management for hardening - Metrics buffer pattern reused for rate limiting **Strategic Value:** Positions StarPunk as the security-first IndieWeb CMS. Critical differentiator for users who prioritize security and privacy. Many IndieWeb tools lack proper security features - this would make StarPunk stand out. --- ## Decision Matrix | Aspect | Option A: "Discover" | Option B: "Control" | Option C: "Shield" | |--------|---------------------|--------------------|--------------------| | **User Appeal** | Bloggers wanting traffic | Power users, professionals | Security-conscious users | | **Complexity** | Medium - mostly templates | High - new UI patterns | Medium - mostly backend | | **Dependencies** | Few - builds on feeds | Some - needs background tasks | Minimal - largely independent | | **IndieWeb Value** | High - improves ecosystem | Medium - individual benefit | Low - not IndieWeb specific | | **Market Differentiation** | Medium - expected feature | High - rare in minimal CMSs | Very High - unique position | | **Implementation Risk** | Low - well understood | Medium - UI complexity | Low - standard patterns | | **Performance Impact** | Minimal | Medium (background tasks) | Minimal | | **Maintenance Burden** | Low | High (more features) | Medium (security updates) | ## Architectural Recommendations ### If Choosing Option A: "Discover" - Implement microformats2 validation as a separate module - Use template inheritance to minimize code duplication - Cache generated sitemaps using existing feed cache pattern - Consider making categories a simple JSON field initially ### If Choosing Option B: "Control" - Start with simple cron-like scheduler, not full job queue - Use existing MetricsBuffer pattern for background task tracking - Implement templates as markdown files with frontmatter - Consider feature flags to ship incrementally ### If Choosing Option C: "Shield" - Audit log must be in separate database for performance - Rate limiting should use existing metrics infrastructure - 2FA should be optional and backward compatible - Consider security.txt file for disclosure ## Recommendation **Architect's Choice: Option A "Discover"** Rationale: 1. **Natural progression** - After feeds (syndication), discovery is the logical next step 2. **Broad appeal** - Every user benefits from better SEO and discoverability 3. **Standards-focused** - Aligns with StarPunk's commitment to web standards 4. **Low risk** - Well-understood requirements with clear success metrics 5. **Foundation for growth** - Enables future features like webmentions, reply contexts Option B is compelling but introduces significant complexity that conflicts with StarPunk's minimalist philosophy. Option C, while valuable, serves a narrower audience and doesn't advance core IndieWeb goals. --- *Generated: 2025-11-28*