fdbck

3 Commits 2 Branches 0 Tags

Author	SHA1	Message	Date
mAi	f5992ebc5b	schemas + rate-limit + feedback helpers + tests - src/lib/server/schemas.ts: feedback Zod schemas (Question discriminated union + FormDefinition + Instance create/update + Submission/Post/Hide + SignIn). - src/lib/server/rate-limit.ts (+ test): in-memory token bucket — direct port from flexsiebels. - src/lib/server/feedback.ts: generateSlug (32-char base62), getInstanceBySlug/ById via fdb(), RATE_LIMIT constants, clampUserAgent. - src/lib/server/public-scope.test.ts: gate behaviour tests (allowlist coverage + 6 evaluatePolicy cases). Adapted for fdbck's allowlist (no /api/share, no /api/gotify-public). - @types/bun added so svelte-check resolves bun:test imports — clean baseline (no 'Cannot find bun:test' tech debt that the flexsiebels project carries). bun run check: 0 errors, 0 warnings. bun run test: 20/20 pass.	2026-05-05 11:32:23 +02:00
mAi	fa1ad92517	auth + supabase + public-scope hook (mirrors flexsiebels gate, no API keys) - src/lib/server/supabase.ts: getSupabaseAdmin/Anon (lazy singletons, env-driven URL) - src/lib/server/fdb.ts: schema accessor for the fdbck Postgres schema - src/lib/server/auth.ts: cookie-based JWT auth (access+refresh), Supabase getUser/refreshSession. NO API key path — fdbck has no api_keys table; if needed later, add a separate module. - src/lib/server/request-context.ts + public-scope.ts: public-scope policy gate ported from flexsiebels#59. Allowlist /api/auth/* and /api/public/* by default. - src/lib/server/response.ts + errors.ts: json/requireAuth + parseBody/handleApiError - src/hooks.server.ts: validate cookies, set locals.userId, refresh tokens, run handler inside RequestState scope, evaluatePolicy after. - src/routes/+layout.svelte: minimal naked shell (only loads feedback.css). NO sidebar/footer/bottom-nav per spec. - src/routes/+page.svelte: brief landing page + admin-login link. - src/lib/styles/feedback.css: copied verbatim from flexsiebels worktree. bun run check: 0 errors, 0 warnings.	2026-05-05 11:30:13 +02:00
mAi	ae2984088a	skeleton: SvelteKit fullstack app (msbls.de pattern, fdbck variant) Bootstrap from /home/m/dev/web/msbls.de template: - SvelteKit 2.15 + Svelte 5 + adapter-node + bun + vite 6 - Deps trimmed: @supabase/supabase-js, postgres, zod (+ dev: kit, vite-plugin-svelte, svelte-check, typescript) - No mbrian-core submodule (irrelevant for fdbck) - src/app.html minimal (no fonts, no theme toggler) - src/app.d.ts declares App.Locals { userId: string \| null } - robots.txt Disallow: / (whole app is naked, per-link or auth-only) - .env.example: Supabase + PUBLIC_SITE_URL + optional COOKIE_DOMAIN Initial mai init scaffolding (.claude, .m, .mcp.json, AGENTS.md) bundled in this first commit since the repo was empty before bootstrap. Spawned from m/flexsiebels.de#63 pivot — see docs/plans/feedback-feature.md for the full spec (copied in next commit).	2026-05-05 11:27:59 +02:00

Author

SHA1

Message

Date

mAi

f5992ebc5b

schemas + rate-limit + feedback helpers + tests

- src/lib/server/schemas.ts: feedback Zod schemas (Question discriminated union + FormDefinition + Instance create/update + Submission/Post/Hide + SignIn).
- src/lib/server/rate-limit.ts (+ test): in-memory token bucket — direct port from flexsiebels.
- src/lib/server/feedback.ts: generateSlug (32-char base62), getInstanceBySlug/ById via fdb(), RATE_LIMIT constants, clampUserAgent.
- src/lib/server/public-scope.test.ts: gate behaviour tests (allowlist coverage + 6 evaluatePolicy cases). Adapted for fdbck's allowlist (no /api/share, no /api/gotify-public).
- @types/bun added so svelte-check resolves bun:test imports — clean baseline (no 'Cannot find bun:test' tech debt that the flexsiebels project carries).

bun run check: 0 errors, 0 warnings.
bun run test: 20/20 pass.

2026-05-05 11:32:23 +02:00

mAi

fa1ad92517

auth + supabase + public-scope hook (mirrors flexsiebels gate, no API keys)

- src/lib/server/supabase.ts: getSupabaseAdmin/Anon (lazy singletons, env-driven URL)
- src/lib/server/fdb.ts: schema accessor for the fdbck Postgres schema
- src/lib/server/auth.ts: cookie-based JWT auth (access+refresh), Supabase getUser/refreshSession. NO API key path — fdbck has no api_keys table; if needed later, add a separate module.
- src/lib/server/request-context.ts + public-scope.ts: public-scope policy gate ported from flexsiebels#59. Allowlist /api/auth/* and /api/public/* by default.
- src/lib/server/response.ts + errors.ts: json/requireAuth + parseBody/handleApiError
- src/hooks.server.ts: validate cookies, set locals.userId, refresh tokens, run handler inside RequestState scope, evaluatePolicy after.
- src/routes/+layout.svelte: minimal naked shell (only loads feedback.css). NO sidebar/footer/bottom-nav per spec.
- src/routes/+page.svelte: brief landing page + admin-login link.
- src/lib/styles/feedback.css: copied verbatim from flexsiebels worktree.

bun run check: 0 errors, 0 warnings.

2026-05-05 11:30:13 +02:00

mAi

ae2984088a

skeleton: SvelteKit fullstack app (msbls.de pattern, fdbck variant)

Bootstrap from /home/m/dev/web/msbls.de template:
- SvelteKit 2.15 + Svelte 5 + adapter-node + bun + vite 6
- Deps trimmed: @supabase/supabase-js, postgres, zod (+ dev: kit, vite-plugin-svelte, svelte-check, typescript)
- No mbrian-core submodule (irrelevant for fdbck)
- src/app.html minimal (no fonts, no theme toggler)
- src/app.d.ts declares App.Locals { userId: string | null }
- robots.txt Disallow: / (whole app is naked, per-link or auth-only)
- .env.example: Supabase + PUBLIC_SITE_URL + optional COOKIE_DOMAIN

Initial mai init scaffolding (.claude, .m, .mcp.json, AGENTS.md) bundled in
this first commit since the repo was empty before bootstrap.

Spawned from m/flexsiebels.de#63 pivot — see docs/plans/feedback-feature.md
for the full spec (copied in next commit).

2026-05-05 11:27:59 +02:00