mikkel/debate
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
25 commits 1 branch 0 tags 325 KiB
Commit graph

25 commits

This branch
This branch
All branches
Author SHA1 Message Date
Mikkel Georgsen
683a1efcf5 docs(01-04): complete HTTPS and backup plan 
Tasks completed: 2/2
- Task 1: Configure Caddy reverse proxy with HTTPS
- Task 2: Create PostgreSQL backup script with retention

SUMMARY: .planning/phases/01-core-infrastructure-security/01-04-SUMMARY.md
 2026-01-25 20:20:41 +00:00
Mikkel Georgsen
c49aee7b0a feat(01-05): add deterministic build configuration service 
- Implement DeterministicBuildConfig class for reproducible builds
- Compute config hash with normalized JSON and sorted inputs
- Derive SOURCE_DATE_EPOCH from config hash (no wall clock dependency)
- Create archiso profile with fixed locale, timezone, compression settings
- Add tests verifying hash determinism and order independence
 2026-01-25 20:20:11 +00:00
Mikkel Georgsen
0d1a008d2f feat(01-03): apply security middleware stack and database health check 
- Add TrustedHostMiddleware for Host header validation
- Add CORSMiddleware with configurable origins
- Add rate limiting with RateLimitExceeded handler
- Add custom middleware for security headers (HSTS, X-Frame-Options, etc.)
- Add /health/db endpoint that checks database connectivity
- Mark health endpoints as rate limit exempt
- Fix linting issues in migration file (Rule 3 - Blocking)
 2026-01-25 20:20:00 +00:00
Mikkel Georgsen
09f89617e7 feat(01-04): create PostgreSQL backup script with 30-day retention 
- Add backup-postgres.sh with pg_dump custom format (-Fc)
- Verify backup integrity via pg_restore --list
- Compress backups with gzip for storage efficiency
- Delete backups older than 30 days (configurable via RETENTION_DAYS)
- Weekly restore test on Mondays to validate backup usability
- Add cron configuration for daily 2 AM backups
- Add .gitignore for pycache, env files, and backup files
 2026-01-25 20:19:17 +00:00
Mikkel Georgsen
cd94d99c62 feat(01-05): add systemd-nspawn sandbox for isolated ISO builds 
- Create scripts/setup-sandbox.sh to bootstrap Arch base environment
- Add BuildSandbox class for container management and build execution
- Configure sandbox with network isolation, read-only root, 8GB/4core limits
- Add sandbox_root and iso_output_root settings to config
 2026-01-25 20:19:02 +00:00
Mikkel Georgsen
3c09e27287 feat(01-04): configure Caddy reverse proxy with HTTPS 
- Add Caddyfile with self-signed TLS for local development
- Configure reverse_proxy to FastAPI on localhost:8000
- Add security headers (HSTS, X-Content-Type-Options, X-Frame-Options)
- Enable HTTP to HTTPS redirect on port 80
- Add Caddy service to docker-compose.yml with host networking
- Configure admin API on localhost:2019 for future route management
 2026-01-25 20:18:02 +00:00
Mikkel Georgsen
81486fc4f8 feat(01-03): configure rate limiting and CSRF protection 
- Add slowapi limiter with 100/minute default limit
- Create CsrfSettings Pydantic model for fastapi-csrf-protect
- Add deps.py with get_db re-export and validate_csrf dependency
- Configure secure cookie settings (httponly, samesite=lax)
 2026-01-25 20:17:49 +00:00
Mikkel Georgsen
389fae97f8 docs(01-02): complete PostgreSQL database setup plan 
Tasks completed: 2/2
- Set up PostgreSQL with Docker and async session factory
- Configure Alembic and create Build model

SUMMARY: .planning/phases/01-core-infrastructure-security/01-02-SUMMARY.md
 2026-01-25 20:13:14 +00:00
Mikkel Georgsen
c261664784 feat(01-02): configure Alembic and create Build model 
- Configure Alembic for async migrations with SQLAlchemy 2.0
- Create Build model with UUID primary key, config_hash, status enum
- Add indexes on status (queue queries) and config_hash (cache lookups)
- Generate and apply initial migration creating builds table

Build model fields: id, config_hash, status, iso_path, error_message,
build_log, started_at, completed_at, created_at, updated_at.
 2026-01-25 20:11:55 +00:00
Mikkel Georgsen
11fb568354 docs(01-01): complete FastAPI backend foundation plan 
Tasks completed: 2/2
- Initialize Python project with uv and dependencies
- Create FastAPI application structure with health endpoint

SUMMARY: .planning/phases/01-core-infrastructure-security/01-01-SUMMARY.md
 2026-01-25 20:10:51 +00:00
Mikkel Georgsen
fbcd2bbb8e feat(01-02): set up PostgreSQL with Docker and async session factory 
- Add docker-compose.yml with PostgreSQL 16 container (port 5433)
- Create async database session factory with connection pooling
- Configure SQLAlchemy 2.0 DeclarativeBase for models
- Update .env.example with correct database URL

Connection pool settings from research: pool_size=10, max_overflow=20,
pool_recycle=1800 (30 min), pool_pre_ping=True for validation.
 2026-01-25 20:10:18 +00:00
Mikkel Georgsen
519333e598 feat(01-01): create FastAPI application structure with health endpoint 
- Add FastAPI app with title 'Debate API' v1.0.0
- Configure pydantic-settings for environment-based configuration
- Create /health endpoint at root level
- Create /api/v1/health and /api/v1/health/ready endpoints
- Disable docs/redoc in production environment
 2026-01-25 20:09:21 +00:00
Mikkel Georgsen
300b3ddb0a feat(01-01): initialize Python project with uv and dependencies 
- Add pyproject.toml with FastAPI, SQLAlchemy, Pydantic dependencies
- Configure ruff linter with Python 3.12 target
- Create .env.example with documented environment variables
- Add README.md with development setup instructions
 2026-01-25 20:08:14 +00:00
Mikkel Georgsen
262a32673b docs(01): create phase plan 
Phase 01: Core Infrastructure & Security
- 5 plans in 3 waves
- 3 parallel (Wave 1-2), 1 sequential (Wave 3)
- Ready for execution

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-25 19:59:49 +00:00
Mikkel Georgsen
d07a204cd5 docs(01): research phase domain 
Phase 01: Core Infrastructure & Security
- Standard stack identified (FastAPI, PostgreSQL, Caddy, systemd-nspawn)
- Architecture patterns documented (async DB, sandboxing, deterministic builds)
- Pitfalls catalogued (unsandboxed builds, non-determinism, connection pooling)
- Security-first approach with production-grade examples
 2026-01-25 19:53:43 +00:00
Mikkel Georgsen
a958beeac5 docs(01): capture phase context 
Phase 01: Core Infrastructure & Security
- Implementation decisions documented
- Phase boundary established

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-25 19:46:57 +00:00
Mikkel Georgsen
6175c45399 docs: add constraint to verify actual package versions 
Never trust AI training data for versions - always check PyPI/npm registries

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-25 19:34:10 +00:00
Mikkel Georgsen
52aaf9e365 docs: add ruff as Python tooling constraint 
Use ruff for linting and formatting (replaces flake8, black, isort)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-25 19:33:13 +00:00
Mikkel Georgsen
16b17ca2cf docs: create roadmap (9 phases) 
Phases:
1. Core Infrastructure & Security: INFR-*, ISO-04
2. Overlay System Foundation: OVLY-01 to OVLY-07, OVLY-10
3. Build Queue & Workers: ISO-01 to ISO-07 (except ISO-04)
4. User Accounts: USER-01 to USER-15
5. Builder Interface (2D): BUILD-04 to BUILD-06, BUILD-09 to BUILD-11
6. Speeches & Community: SPCH-*, OVLY-11 to OVLY-14
7. 3D Visualization: BUILD-01 to BUILD-03, BUILD-07, BUILD-08
8. Advanced Dependency Resolution: OVLY-08, OVLY-09
9. Distribution Content: DIST-01 to DIST-10

All 70 v1 requirements mapped to phases.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-25 19:32:27 +00:00
Mikkel Georgsen
f4d2185a56 docs: define v1 requirements 
70 requirements across 7 categories:
- Builder Interface: 11
- ISO Generation: 7
- Speeches: 12
- User Accounts: 15
- Overlay System: 14
- Distribution Support: 10
- Infrastructure: 7

11 requirements deferred to v2

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-25 19:27:47 +00:00
Mikkel Georgsen
c0ff95951e docs: add project research 
Files:
- STACK.md: Technology stack recommendations (Python 3.12+, FastAPI, React 19+, Vite, Celery, PostgreSQL 18+)
- FEATURES.md: Feature landscape analysis (table stakes vs differentiators)
- ARCHITECTURE.md: Layered web-queue-worker architecture with SAT-based dependency resolution
- PITFALLS.md: Critical pitfalls and prevention strategies
- SUMMARY.md: Research synthesis with roadmap implications

Key findings:
- Stack: Modern 2026 async Python (FastAPI/Celery) + React/Three.js 3D frontend
- Architecture: Web-queue-worker pattern with sandboxed archiso builds
- Critical pitfall: Build sandboxing required from day one (CHAOS RAT AUR incident July 2025)

Recommended 9-phase roadmap: Infrastructure → Config → Dependency → Overlay → Build Queue → Frontend → Advanced SAT → 3D Viz → Optimization

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-25 02:07:11 +00:00
Mikkel Georgsen
87116b1f56 chore: add project config 
Mode: yolo
Depth: comprehensive
Parallelization: enabled
Workflow agents: research=on, plan_check=on, verifier=on

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-25 01:56:09 +00:00
Mikkel Georgsen
6e033762ad docs: initialize project 
Visual Linux distribution customization platform with 3D builder interface, starting with Omarchy/CachyOS.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-25 01:54:28 +00:00
mikkel
85a91794e2 Upload files to "docs" 2026-01-25 01:32:49 +00:00
mikkel
5078dd2b22 Upload files to "docs" 2026-01-25 01:31:57 +00:00