arthur/xtablo-source
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions 5
xtablo-source/.planning/STATE.md
Arthur Belleville 38596ac41e
docs(02-03): complete session store + middleware plan 
- Create 02-03-SUMMARY.md: SHA-256 token hashing, sliding TTL, HTMX-aware chi middleware
- STATE.md: advance to plan 03 complete, plan 04 (signup) next
- ROADMAP.md: Phase 2 progress 3/7 plans
- REQUIREMENTS.md: mark AUTH-02, AUTH-03, AUTH-05 complete
2026-05-14 22:11:58 +02:00

2.8 KiB
Raw Blame History

gsd_state_version milestone milestone_name status last_updated progress
1.0 v1.0 milestone in_progress 2026-05-14T22:15:00.000Z
total_phases completed_phases total_plans completed_plans percent
7 1 11 8 73

STATE

Project: Xtablo Go+HTMX Rewrite Milestone: v1 — Tablos workflow Created: 2026-05-14

Project Reference

See: .planning/PROJECT.md (updated 2026-05-14)

Core value: A user can sign in and run the Tablos workflow — create tablos, manage their tasks (kanban), and attach files — without a JS framework. Current focus: Phase 02 — authentication, Plan 04 next (signup handler)

Phase Status

# Phase Status
1 Foundation ✓ Complete
2 Authentication ◑ In Progress (3/7 plans done)
3 Tablos CRUD ○ Pending
4 Tasks (Kanban) ○ Pending
5 Files ○ Pending
6 Background Worker ○ Pending
7 Deploy v1 ○ Pending

Active Phase

Phase 2: Authentication — Plans 0103 complete. Plan 04 (signup handler) next.

Decisions

  • Consolidated internal/auth package (not split with internal/session) — RESEARCH Open Question 3
  • compose Postgres + schema isolation for tests (not testcontainers-go) — RESEARCH Open Question 1
  • goose.SetTableName per test-schema prevents public goose_db_version table collision
  • argon2id over bcrypt for password hashing — D-08, confirmed by user
  • Hand-rolled PHC encode/decode (Pattern 1 verbatim) — no alexedwards/argon2id wrapper dep; keeps code lean and self-tested
  • Store.now injectable field (not method/interface) — simpler for single-test-clock use case in MaybeExtend threshold tests
  • sha256.Sum256 inlined at Create + Lookup (not in helper) — satisfies >= 2 grep acceptance criterion; makes D-05 hashing visible at usage sites

Performance Metrics

Phase Plan Duration Tasks Files
02-authentication 01 ~10min 3 9
02-authentication 02 ~8min 2 4
02-authentication 03 ~15min 2 5

Notes

  • Existing go-backend/ is set aside; new code lives in a fresh backend/ Go package.
  • DB schema is changing from the JS/Supabase version — user is in the loop on every schema decision (Phases 25).
  • Phase 2 Plan 01 SUMMARY: .planning/phases/02-authentication/02-01-SUMMARY.md
  • Phase 2 Plan 02 SUMMARY: .planning/phases/02-authentication/02-02-SUMMARY.md
  • Phase 2 Plan 03 SUMMARY: .planning/phases/02-authentication/02-03-SUMMARY.md
  • Commits (02-01): 513044d (migration), 799c260 (sqlc), 2c84f42 (auth package + test harness)
  • Commits (02-02): 3bb3828 (RED tests), ee36a5c (GREEN implementation)
  • Commits (02-03): fd2301d (session store + cookie helpers), 1d07830 (middleware)

Last updated: 2026-05-14 after 02-03 execution