arthur/xtablo-source
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions 5
1123 commits 4 branches 0 tags 23 MiB
Commit graph

1123 commits

This branch
This branch
All branches
Author SHA1 Message Date
Arthur Belleville
df741e43ee
docs(09): research etapes implementation 2026-05-15 22:21:27 +02:00
Arthur Belleville
a7d77c607c
docs(state): set phase 9 ready for planning 2026-05-15 22:06:24 +02:00
Arthur Belleville
37016cfd7b
docs(state): record phase 9 context session 2026-05-15 22:05:50 +02:00
Arthur Belleville
ebc209ebd9
docs(09): capture phase context 2026-05-15 22:05:46 +02:00
Arthur Belleville
981d2a0174
docs(08): verify Nyquist validation coverage 2026-05-15 21:52:33 +02:00
Arthur Belleville
4101138f15
docs(08): verify social sign-in threat mitigations 2026-05-15 21:49:09 +02:00
Arthur Belleville
bc617f4632
test(08): complete UAT - 7 passed, 0 issues 2026-05-15 21:46:30 +02:00
Arthur Belleville
90af9bdaef
feat(08): disable apple sign-in 2026-05-15 21:41:22 +02:00
Arthur Belleville
85b8c7bce1
chore(dev): load backend env in just recipes 2026-05-15 21:26:55 +02:00
Arthur Belleville
f9f528544d
docs(08): complete social sign-in execution 2026-05-15 21:13:59 +02:00
Arthur Belleville
6e6583636f
feat(08-05): add linked providers view and provider docs 2026-05-15 21:10:45 +02:00
Arthur Belleville
59fd6b15b5
feat(08-04): show social sign-in controls on auth pages 2026-05-15 21:09:14 +02:00
Arthur Belleville
a8b6a03eac
feat(08-03): add apple social sign-in flow 2026-05-15 21:06:08 +02:00
Arthur Belleville
6779663c8a
feat(08-02): add google social sign-in flow 2026-05-15 21:03:30 +02:00
Arthur Belleville
2d004cd251
feat(08-01): add social identity schema foundation 2026-05-15 20:59:34 +02:00
Arthur Belleville
2f4a4f9ebb
docs(08): create social sign-in phase plans 2026-05-15 20:50:59 +02:00
Arthur Belleville
25e07a7f44
docs(state): record phase 8 UI-SPEC session 2026-05-15 20:45:47 +02:00
Arthur Belleville
3dfe054fcc
docs(08): UI design contract 2026-05-15 20:45:27 +02:00
Arthur Belleville
6ac1dbd8fc
docs(phase-8): add validation strategy 2026-05-15 20:41:58 +02:00
Arthur Belleville
23a69272b9
docs(state): record phase 8 context session 2026-05-15 20:36:24 +02:00
Arthur Belleville
40fa25fd5f
docs(08): capture phase context 2026-05-15 20:35:41 +02:00
Arthur Belleville
cd8034f33b
docs: create milestone v2.0 roadmap (5 phases) 2026-05-15 20:16:20 +02:00
Arthur Belleville
39a1e4d21d
docs: define milestone v2.0 requirements 2026-05-15 20:15:26 +02:00
Arthur Belleville
367364e9f8
docs: research milestone v2.0 collaboration planning social sign-in 2026-05-15 20:11:23 +02:00
Arthur Belleville
0d23d94700
docs: start milestone v2.0 collaboration planning social sign-in 2026-05-15 20:09:23 +02:00
Arthur Belleville
6e49771788
Add pattern file to background worker 2026-05-15 19:58:05 +02:00
Arthur Belleville
3998a5ab92
Made various improvements to the file management 2026-05-15 19:57:46 +02:00
Arthur Belleville
03387ed6a7
docs(05): fix UI-SPEC typography and copywriting per checker block 
- Collapse 5-size type scale to 4 by removing 12px from page scale;
  annotate text-xs as badge-system token scoped to .ui-badge only
- Metadata (file size, date) stays at 14px, differentiated by slate-500
- Update CTAs to verb+noun: Upload File, Delete File, Download File

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
 2026-05-15 19:30:36 +02:00
Arthur Belleville
e939563a49
docs(05): UI design contract for files phase 
Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
 2026-05-15 19:27:53 +02:00
Arthur Belleville
7d65cb4d94
docs(07): mark review findings fixed 
Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
 2026-05-15 18:57:05 +02:00
Arthur Belleville
4ea4d28e6e
fix(07): WR-05 sanitize upload filename with filepath.Base and length cap 
Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
 2026-05-15 18:56:11 +02:00
Arthur Belleville
e7a66c44cf
fix(07): WR-03 add SetMaxOpenConns(2) on migration sql.DB pool 
Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
 2026-05-15 18:55:40 +02:00
Arthur Belleville
ab12bf0962
fix(07): WR-02 move rate limit check before validation in LoginPostHandler 
Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
 2026-05-15 18:55:27 +02:00
Arthur Belleville
b61f36f17e
fix(07): WR-01 NewRouter returns error instead of panicking on bad static FS 
Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
 2026-05-15 18:54:49 +02:00
Arthur Belleville
fbda7cbe5e
fix(07): CR-02 call cancel() explicitly after S3 Delete, not via defer 
Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
 2026-05-15 18:53:04 +02:00
Arthur Belleville
62edbca44e
docs(phase-07): evolve PROJECT.md after phase completion 2026-05-15 18:48:20 +02:00
Arthur Belleville
2a73bba4e1
docs(phase-07): complete phase execution 2026-05-15 18:47:58 +02:00
Arthur Belleville
5fc4705bd3
fix(07): replace minioadmin placeholder creds and add worker->web migration gate 2026-05-15 18:46:30 +02:00
Arthur Belleville
c8bce7669f
test(07): persist human verification items as UAT 2026-05-15 18:33:14 +02:00
Arthur Belleville
087a933fe7
test(07): add phase verification report 2026-05-15 18:33:02 +02:00
Arthur Belleville
9ff40ac821
docs(07): add code review report 2026-05-15 18:29:46 +02:00
Arthur Belleville
7bca961bb0
docs(07-03): complete production compose stack and runbook plan 
- SUMMARY for 07-03: docker-compose.prod.yaml, deploy/Caddyfile, README runbook
 2026-05-15 18:26:01 +02:00
Arthur Belleville
f261fb39b8
docs(07-03): extend README with Deploy, Rollback, and Incident Runbook sections 
- Deploy section: prerequisites, first-time setup, deploying new versions (DEPLOY-05)
- First-time setup documents DATABASE_URL internal URL, SESSION_SECRET generation,
  full S3/R2 var list, chmod 600 .env.prod reminder (T-07-10), TLS staging note
- Rollback section: image tag redeployment + break-glass schema rollback via goose CLI
- Incident Runbook: /readyz 503, Caddy TLS rate limits, log viewing, distroless debug
  (ephemeral busybox container technique for shell-less runtime image, RESEARCH Pitfall 7)
 2026-05-15 18:25:03 +02:00
Arthur Belleville
273f0632be
feat(07-03): add docker-compose.prod.yaml and deploy/Caddyfile 
- Production compose stack with postgres, web, worker, caddy services (D-01..D-04, D-08)
- postgres service has no host ports binding (internal network only, T-07-09 mitigated)
- web and worker use same image with different command: values (/app/web, /app/worker)
- Both web and worker depend_on postgres with service_healthy condition (T-07-12 mitigated)
- Caddy handles TLS via Let's Encrypt with persistent caddy_data and caddy_config volumes (D-04)
- Caddyfile uses {$DOMAIN} env var interpolation for the site block (RESEARCH Pattern 6)
- Caddyfile includes Let's Encrypt staging note to avoid rate limits (RESEARCH Pitfall 4)
 2026-05-15 18:23:13 +02:00
Arthur Belleville
45701bf8aa
chore: merge executor worktree (worktree-agent-ad2dff45f7520558c) 2026-05-15 18:20:51 +02:00
Arthur Belleville
2329e19e75
docs(07-02): complete plan summary — Dockerfile and .env.example S3/R2 vars 2026-05-15 18:20:38 +02:00
Arthur Belleville
0781403f5c
feat(07-02): add S3/R2, DOMAIN, and MAX_UPLOAD_SIZE_MB vars to .env.example 
- Add S3_ENDPOINT, S3_BUCKET, S3_REGION, S3_ACCESS_KEY, S3_SECRET_KEY with MinIO dev defaults
- Add S3_USE_PATH_STYLE (true for MinIO, false for R2 virtual-hosted)
- Add MAX_UPLOAD_SIZE_MB=25 with default note
- Add commented DOMAIN=app.yourdomain.com for Caddy TLS in docker-compose.prod.yaml (D-04)
- Clarify TEST_DATABASE_URL is dev/test only and must not appear in .env.prod
- All original vars (DATABASE_URL, SESSION_SECRET, PORT, ENV) preserved
 2026-05-15 18:19:58 +02:00
Arthur Belleville
f29bf0c765
feat(07-02): multi-stage Dockerfile for web + worker binaries 
- Stage 1 (assets): downloads Tailwind v4.0.0 CLI, HTMX@2, Sortable.js 1.15.7; compiles minified CSS
- Stage 2 (builder): runs templ generate @v0.3.1020; CGO_ENABLED=0 go build for /app/web and /app/worker
- Stage 3 (runtime): gcr.io/distroless/static-debian12:nonroot; no CMD per D-08
- No .env files COPY'd into any layer (T-07-05 mitigated)
 2026-05-15 18:19:32 +02:00
Arthur Belleville
5550befffc
chore: merge executor worktree (worktree-agent-a1df44c5ba4be47de) 2026-05-15 18:17:11 +02:00
Arthur Belleville
735106f797
docs(07-01): complete plan summary — embed anchor, RunMigrations, health endpoint split 
Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
 2026-05-15 18:16:05 +02:00