bretton.dev
code
Clone this repository
https://tangled.org/bretton.dev/coves
git@knot.bretton.dev:bretton.dev/coves
For self-hosted knots, clone URLs may differ based on your setup.
Added comprehensive PRD for implementing Lemmy-style federation in Beta:
**Overview:**
- Enable users on any Coves instance to post to communities on other instances
- Maintain community ownership (posts live in community repos)
- Use atProto-native service authentication pattern
**Key Features:**
- Cross-instance posting: user@instance-a posts to !community@instance-b
- atProto service auth via com.atproto.server.getServiceAuth
- Community moderation control maintained
- Allowlist-based federation (manual for Beta)
**Technical Approach:**
- Service-to-service JWT authentication
- Community credentials delegation to user's instance
- Proper record ownership in community repos
- Security: signature verification, rate limiting, moderation
**Deferred to Future:**
- Automatic instance discovery (Beta uses manual allowlist)
- Cross-instance moderation delegation
- Content mirroring/replication
- User migration between instances
**Target:** Beta Release
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Updated PRD to show all 6 E2E test suites are complete:
**Status Change:**
- From: "Pre-Alpha"
- To: "Pre-Alpha → **E2E Testing Complete** 🎉"
**Updates:**
- Added major progress update section at top
- Marked all E2E test sections (lines 211-312) as ✅ COMPLETE
- Added actual implementation times and test file locations
- Updated timeline estimate: 65-80 hours → 50-65 hours remaining
- Updated success criteria to show E2E test milestones achieved
- Updated next steps to show E2E tests moved to completed status
- Added celebration message for major milestone
**Test Suite Completion:**
✅ Full User Journey (40 min)
✅ Blob Upload (35 min)
✅ Multi-Community Timeline (30 min)
✅ Concurrent Scenarios (45 min - with race detection)
✅ Rate Limiting (25 min)
✅ Error Recovery (30 min)
Total: ~3 hours of E2E test implementation
**Next Phase:** P0 blockers (JWT verification, DPoP fix, did:web verification)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Implemented all 6 critical E2E test suites required for Alpha launch:
1. **User Journey E2E Test** (user_journey_e2e_test.go)
- Tests complete user flow: signup → create community → post → comment → vote
- Uses real PDS accounts and Jetstream WebSocket subscription
- Validates full atProto write-forward architecture
- Fixed silent fallback: now fails by default if Jetstream times out
- Use ALLOW_SIMULATION_FALLBACK=true env var to enable fallback in CI
2. **Blob Upload E2E Test** (blob_upload_e2e_test.go)
- Tests image upload to PDS via com.atproto.repo.uploadBlob
- Fixed to use REAL PDS credentials instead of fake tokens
- Tests PNG, JPEG, and WebP (MIME only) format validation
- Validates blob references in post records
- Tests multiple images and external embed thumbnails
3. **Concurrent Scenarios Test** (concurrent_scenarios_test.go)
- Tests race conditions with 20-30 simultaneous users
- Added database record verification to detect duplicates/lost records
- Uses COUNT(*) and COUNT(DISTINCT) queries to catch race conditions
- Tests concurrent: voting, mixed voting, commenting, subscriptions
4. **Multi-Community Timeline Test** (timeline_test.go)
- Tests feed aggregation across multiple communities
- Validates sorting (hot, new, top) and pagination
- Tests cross-community post interleaving
5. **Rate Limiting E2E Test** (ratelimit_e2e_test.go)
- Tests 100 req/min general limit
- Tests 20 req/min comment endpoint limit
- Tests 10 posts/hour aggregator limit
- Removed fake summary test, converted to documentation
6. **Error Recovery Test** (error_recovery_test.go)
- Tests Jetstream connection retry logic
- Tests PDS unavailability handling
- Tests malformed event handling
- Renamed reconnection test to be honest about scope
- Improved SQL cleanup patterns to be more specific
**Architecture Validated:**
- atProto write-forward: writes to PDS, AppView indexes from Jetstream
- Real Docker infrastructure: PDS (port 3001), Jetstream (6008), PostgreSQL (5434)
- Graceful degradation: tests skip if infrastructure unavailable (CI-friendly)
**Security Tested:**
- Input validation at handler level
- Parameterized queries (no SQL injection)
- Authorization checks before operations
- Rate limiting enforcement
**Time Saved:** ~7-12 hours through parallel sub-agent implementation
**Test Quality:** Enhanced with database verification to catch race conditions
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Add comprehensive Alpha launch readiness documentation and production
JWT verification testing infrastructure.
**Alpha Go-Live PRD** (docs/PRD_ALPHA_GO_LIVE.md):
- Track remaining work for alpha launch with real users
- P0 blockers: DPoP architecture fix, JWT verification (2 items)
- ✅ Validated handle resolution already implemented
- ✅ Validated comment_count reconciliation already implemented
- P1 infrastructure: Monitoring, logging, backups, load testing
- E2E testing recommendations (7 critical gaps identified)
- Timeline: 65-80 hours (~2-3 weeks)
- Go/no-go decision criteria and risk assessment
**JWT Verification Test** (tests/integration/jwt_verification_test.go):
- E2E test for JWT signature verification with real PDS
- Tests JWT parsing, JWKS fetching, and auth middleware
- Validates AUTH_SKIP_VERIFY=false production mode
- Handles both dev PDS (symmetric) and production PDS (JWKS)
- Tests tampered token rejection
Changes support alpha launch planning and production security validation.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Fixes two backlog issues:
1. Post comment_count reconciliation - Added tests proving it works
2. Handle resolution for block/unblock endpoints - Full implementation
Changes include:
- 15 new integration tests (all passing)
- Handle resolution with proper error handling (400/404/500)
- Updated documentation in PRD_BACKLOG.md
- Code formatting compliance with gofumpt
Auto-formatting comment blocks to comply with gofumpt standards.
No functional changes.
Mark the following backlog items as complete:
1. Post comment_count reconciliation (2025-11-16)
- Added comprehensive test coverage (4 test cases)
- Updated misleading FIXME comment to accurate documentation
- Verified existing reconciliation logic works correctly
2. Handle resolution for block endpoints (2025-11-16)
- Phase 3: Block/unblock endpoints now accept handles
- Added 11 test cases covering all identifier formats
- Proper error handling (400 for validation, 404 for not found)
- Phase 1 (post creation) was already complete
Both issues estimated at 2-3 hours each, completed with full test
coverage and documentation updates.