arthur/xtablo-source
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions 5
xtablo-source/.planning/STATE.md
Arthur Belleville f53b54637b
docs(03): plan phase 3 — Tablos CRUD (3 plans, 3 waves) 
Plans cover TABLO-01..06 via MVP vertical slices: foundation (migration
+ sqlc + test scaffold + button CSS), list+create (dashboard, inline
form, OOB swap), and detail+edit+delete (ownership 404, inline edit
fragments, inline confirm delete). Includes Nyquist VALIDATION.md and
PATTERNS.md with real analog excerpts.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-15 00:08:08 +02:00

5.3 KiB
Raw Blame History

gsd_state_version milestone milestone_name status last_updated progress
1.0 v1.0 milestone in_progress 2026-05-15T00:00:00.000Z
total_phases completed_phases total_plans completed_plans percent
7 2 14 11 79

STATE

Project: Xtablo Go+HTMX Rewrite Milestone: v1 — Tablos workflow Created: 2026-05-14

Project Reference

See: .planning/PROJECT.md (updated 2026-05-14)

Core value: A user can sign in and run the Tablos workflow — create tablos, manage their tasks (kanban), and attach files — without a JS framework. Current focus: Phase 03 — Tablos CRUD (phase 2 verification passed)

Phase Status

# Phase Status
1 Foundation ✓ Complete
2 Authentication ✓ Complete — VERIFIED PASS (2026-05-14)
3 Tablos CRUD ◆ Ready to execute — 3 plans (3 waves)
4 Tasks (Kanban) ○ Pending
5 Files ○ Pending
6 Background Worker ○ Pending
7 Deploy v1 ○ Pending

Active Phase

Phase 3: Tablos CRUD — Planned. 3 plans in 3 sequential waves. Ready to execute. Requirements: TABLO-01..06 covered. Planned 2026-05-15.

Verification Record

Phase Status Score Report
2 PASS 6/6 .planning/phases/02-authentication/02-VERIFICATION.md

Decisions

  • Consolidated internal/auth package (not split with internal/session) — RESEARCH Open Question 3
  • compose Postgres + schema isolation for tests (not testcontainers-go) — RESEARCH Open Question 1
  • goose.SetTableName per test-schema prevents public goose_db_version table collision
  • argon2id over bcrypt for password hashing — D-08, confirmed by user
  • Hand-rolled PHC encode/decode (Pattern 1 verbatim) — no alexedwards/argon2id wrapper dep; keeps code lean and self-tested
  • Store.now injectable field (not method/interface) — simpler for single-test-clock use case in MaybeExtend threshold tests
  • sha256.Sum256 inlined at Create + Lookup (not in helper) — satisfies >= 2 grep acceptance criterion; makes D-05 hashing visible at usage sites
  • SignupForm/SignupErrors in templates package (not handlers or separate forms pkg) — avoids import cycle between templates and internal/web
  • setupTestDB duplicated into web package test file — Go prohibits importing _test.go files across packages; duplication chosen over non-test shared infra
  • nil-Store guard in auth.ResolveSession — enables Phase 1 unit tests to pass AuthDeps{} zero value without panic
  • errInvalidCreds const (not inline string) — satisfies D-20 single-source-of-truth grep gate; both credential failure paths use the constant
  • NewLimiterStoreWithClock exported — cross-package integration tests inject a frozen clock without a test-helper shim
  • Status 401 for non-HTMX credential failures — consistent with HTTP semantics; HTMX path returns 200+fragment
  • *Layout takes auth.User explicitly (not thread-through-ctx) — easier to test templates in isolation; no magic context values
  • TestIndex_RendersHxGet rewritten to TestIndex_UnauthRedirects — GET / is now protected; Phase 1 test was a false positive after this plan
  • csrf.PlaintextHTTPRequest(r) in dev mode — skips TLS Referer check in plain-HTTP local dev/httptest; production unaffected
  • trustedOrigins variadic arg in auth.Mount + NewRouter — test routers pass "localhost"; production passes none

Performance Metrics

Phase Plan Duration Tasks Files
02-authentication 01 ~10min 3 9
02-authentication 02 ~8min 2 4
02-authentication 03 ~15min 2 5
02-authentication 04 ~25min 2 11
02-authentication 05 ~7min 2 9
02-authentication 06 ~12min 1 9
02-authentication 07 ~25min 1 18

Notes

  • Existing go-backend/ is set aside; new code lives in a fresh backend/ Go package.
  • DB schema is changing from the JS/Supabase version — user is in the loop on every schema decision (Phases 25).
  • Phase 2 Plan 01 SUMMARY: .planning/phases/02-authentication/02-01-SUMMARY.md
  • Phase 2 Plan 02 SUMMARY: .planning/phases/02-authentication/02-02-SUMMARY.md
  • Phase 2 Plan 03 SUMMARY: .planning/phases/02-authentication/02-03-SUMMARY.md
  • Commits (02-01): 513044d (migration), 799c260 (sqlc), 2c84f42 (auth package + test harness)
  • Commits (02-02): 3bb3828 (RED tests), ee36a5c (GREEN implementation)
  • Commits (02-03): fd2301d (session store + cookie helpers), 1d07830 (middleware)
  • Commits (02-04): 73935ed (signup templates + smoke tests), efdc16b (handler + router + integration tests)
  • Phase 2 Plan 04 SUMMARY: .planning/phases/02-authentication/02-04-SUMMARY.md
  • Commits (02-05): b5c20c7 (LimiterStore + tests), 7d8c498 (login handler + integration tests)
  • Phase 2 Plan 05 SUMMARY: .planning/phases/02-authentication/02-05-SUMMARY.md
  • Commits (02-06): b5c3fc4 (RED tests), 8b54ff4 (logout + protected routes + layout)
  • Phase 2 Plan 06 SUMMARY: .planning/phases/02-authentication/02-06-SUMMARY.md
  • Commits (02-07): ae2d356 (RED tests), 389e1bc (GREEN csrf implementation)
  • Phase 2 Plan 07 SUMMARY: .planning/phases/02-authentication/02-07-SUMMARY.md

Last updated: 2026-05-14 after Phase 2 verification (PASS)