projax

m/projax

Fork 0

Commit Graph

Author	SHA1	Message	Date
mAi	41c1eaadaa	feat(phase 1.5): tags + management + DAG + mai.projects sync Big task. Five migrations, full store + web rewrite, and a model upgrade that turns the parent_id tree into a parent_ids[] DAG. Schema (db/migrations) - 0006_tags_management_unify: adds tags + management text[] (GIN-indexed), collapses the area/project distinction (kind keeps the slot but 'area' is no longer a special value), drops the structural rules from the path trigger so root projects + non-root projects are both legal. - 0007_backfill_mai_projects: one-shot, idempotent — for every row in mai.projects without a 'mai-project' item_link, create a projax.items row under a heuristic-chosen area (mhealth→health, msports/manjin→ sports, kanzlai/hlckm/work/mworkrepo/paliad or HL/* repo→work, mhome→home, default→dev), insert the item_link, and tag the row management=['mai']. Also flips management='mai' on any already-linked pre-Phase-1.5 promotions. - 0008_mai_projects_sync: bidirectional triggers. sync_to_mai runs as projax_admin and writes mai.projects directly (after the operator-run grant + RLS policy widening — documented in the migration header). sync_from_mai is SECURITY DEFINER so writes by the mai role fan out into projax.items. pg_trigger_depth() + projax.in_sync GUC keep the cycle suppressed. Slug stays the join key for new rows; the item_link pointer survives renames. - 0009_items_unified_simplify: view collapses to a thin projection over projax.items now that mai.projects is a derived projection. - 0010_multi_parent: parent_id → parent_ids uuid[], path → paths text[]. compute_item_paths walks via parents' precomputed paths (no recursive CTE in the hot path; cycle detection uses one). New triggers: items_check_slug_collision (multi-parent uniqueness), items_after_delete (manual cascade since arrays don't carry FK). Trigger refresh_item_paths_recursive does parent-first DFS over descendants, guarded by projax.refreshing_paths GUC. Go store + handlers - Item gains ParentIDs []string + Paths []string. PrimaryPath / OtherPaths helpers feed the detail breadcrumb. Source always 'projax' now; SourceRefDeref still surfaces the mai-id pointer. - Update / Reparent / Create take ParentIDs []string. AddParent helper for the multi-parent UI's "also list under" action. - GetByPath uses '$1 = any(paths)' so /i/work.paliad and /i/dev.paliad resolve to the same row. - buildForest renders a multi-parent item under each of its parents (duplicated nodes in distinct branches). Tag-filter prune is branch-preserving. Templates - detail.tmpl: multi-select parents, tags + management chip inputs, "Also at: …" breadcrumb for multi-parent items. - new.tmpl: same multi-select + chip inputs. - tree.tmpl: tag-filter chip bar, "×N" badge on multi-parent rows, management chips visible on every row. - classify.tmpl: re-parent workflow (no more promote-to-projax — the bidirectional sync removed the dichotomy). Tests (DB + HTTP, all skip without env) - TestMultiParentResolvesBothPaths inserts an item with two parents, asserts both inherited paths. - TestSlugCollisionUnderCommonParent refuses a sibling clash. - TestMultiParentBothPathsRouteToSameRow HTTP-level: /i/dev.X and /i/work.X both 200, same row. - TestReparentRoundTrip rewritten for parent_ids[] semantics. - TestPathTriggerNestAndRename / Reparent rewritten to query paths[]. Docs (docs/design.md) - §2 rewritten: items in a DAG, no area/project distinction. - §3 schema: parent_ids + paths + tags + management + indices. - §3.1 path-trigger overhaul incl. cycle detection via recursive CTE and slug-collision-under-common-parent guard. - §3.2 view simplified. - §3.4 NEW: mai.projects bidirectional sync, including the manual prereq. - §4.1 + §4.2: classify becomes re-parent, tags+management UI section. mai head start / mai hire / mai status / mai instruct keep working because mai.projects retains its FK-target shape; the projax sync just mirrors the row in lock-step.	2026-05-15 16:33:52 +02:00
mAi	840c1760c9	feat(auth): federate with mgmt.msbls.de via Supabase cookies projax was deployed publicly through Dokploy/Traefik with a Let's Encrypt cert; the earlier "Tailscale-only" claim was never true. Gate every request at the application layer using the same Supabase JWT cookie pair that mgmt.msbls.de issues, so projax inherits SSO without running its own login. Middleware (web/auth.go): - GET <SUPABASE_URL>/auth/v1/user with the access_token cookie or a Bearer header. On 2xx → pass through. - On expiry, swap the refresh_token via /auth/v1/token?grant_type= refresh_token and rotate both cookies (Domain=msbls.de, HttpOnly, Secure, SameSite=Lax, Path=/, Max-Age=1y). Cookie attributes match mgmt/auth.ts verbatim — refreshed sessions stay drop-in compatible with the rest of the .msbls.de fleet. - Anything still invalid → 302 to <PROJAX_LOGIN_URL>?redirectTo= <original-absolute-url>. mgmt's safeRedirect() rejects absolute URLs and falls back to /, so after login the user lands on mgmt; manual click back to projax then succeeds with the fresh cookie. UX is rough but functional; broadening mgmt's safeRedirect is parked for a separate PR. - /healthz remains ungated so Dokploy/Traefik probes don't hit the redirect. main.go: enable the middleware only when SUPABASE_URL is set; require SUPABASE_ANON_KEY when it is (refuse to start otherwise). New env overrides: PROJAX_LOGIN_URL (default https://mgmt.msbls.de/login), PROJAX_COOKIE_DOMAIN (default msbls.de). Local dev with no env stays fully anonymous. Tests (7 cases, no DB needed): stub Supabase via httptest covers healthz-open, anonymous-redirect, bad-cookie-redirect, good-cookie pass-through, Bearer-pass-through, stale-but-refreshable rotation (verifies cookie Domain/HttpOnly/Secure/SameSite), final fail redirect. DB-backed integration tests now honour PROJAX_SKIP_MIGRATE=1 so they don't deadlock against the live container's auto-migrate during a deploy window. README + dokploy.yaml: kill the Tailscale-only claim, document the federated-auth trust model and the new SUPABASE_* env contract.	2026-05-15 14:58:43 +02:00
mAi	9f905de461	feat: Go HTTP server with tree / detail / new / classify cmd/projax/main.go boots a pgxpool against PROJAX_DB_URL (falls back to SUPABASE_DATABASE_URL), auto-applies embedded migrations on start (disable with PROJAX_AUTO_MIGRATE=off), and serves on PROJAX_LISTEN_ADDR (default :8080). store package wraps the unified view + projax.items writes. Item has helper methods for templates: IsArea, Editable, SourceRefDeref. The Promote() flow runs the insert + item_links link inside a single transaction so the source row drops out of items_unified atomically. web package: per-page html/template instances parsed against a shared layout.tmpl, embedded static/style.css, HTMX from CDN. Pages: GET / tree of items_unified GET /i/{path} detail (editable for projax, read-only + promote form for mai.projects) POST /i/{path} update projax-native item POST /i/{path}/promote one-page promote (HTMX-aware fragment for inline classify) GET /new?parent={path} create form POST /new create projax-native item GET /admin/classify orphan list with inline HTMX promote GET /healthz DB ping GET /static/* embedded assets Auth is intentionally out of scope for v1 — service binds to whatever PROJAX_LISTEN_ADDR points at, deploy guidance pins it to the Tailscale interface (covered in 1d README). Tests (skip when DB env is unset): TestTreeRenders, TestHealthz, TestDetailProjaxNativeEditable, TestDetailMaiProjectsReadOnly, TestClassifyListsOrphans, TestPromoteRoundTrip.	2026-05-15 13:24:44 +02:00

Author

SHA1

Message

Date

mAi

41c1eaadaa

feat(phase 1.5): tags + management + DAG + mai.projects sync

Big task. Five migrations, full store + web rewrite, and a model upgrade
that turns the parent_id tree into a parent_ids[] DAG.

Schema (db/migrations)
- 0006_tags_management_unify: adds tags + management text[] (GIN-indexed),
  collapses the area/project distinction (kind keeps the slot but 'area'
  is no longer a special value), drops the structural rules from the
  path trigger so root projects + non-root projects are both legal.
- 0007_backfill_mai_projects: one-shot, idempotent — for every row in
  mai.projects without a 'mai-project' item_link, create a projax.items
  row under a heuristic-chosen area (mhealth→health, msports/manjin→
  sports, kanzlai/hlckm/work/mworkrepo/paliad or HL/* repo→work,
  mhome→home, default→dev), insert the item_link, and tag the row
  management=['mai']. Also flips management='mai' on any already-linked
  pre-Phase-1.5 promotions.
- 0008_mai_projects_sync: bidirectional triggers. sync_to_mai runs as
  projax_admin and writes mai.projects directly (after the operator-run
  grant + RLS policy widening — documented in the migration header).
  sync_from_mai is SECURITY DEFINER so writes by the mai role fan out
  into projax.items. pg_trigger_depth() + projax.in_sync GUC keep the
  cycle suppressed. Slug stays the join key for new rows; the
  item_link pointer survives renames.
- 0009_items_unified_simplify: view collapses to a thin projection over
  projax.items now that mai.projects is a derived projection.
- 0010_multi_parent: parent_id → parent_ids uuid[], path → paths text[].
  compute_item_paths walks via parents' precomputed paths (no recursive
  CTE in the hot path; cycle detection uses one). New triggers:
  items_check_slug_collision (multi-parent uniqueness),
  items_after_delete (manual cascade since arrays don't carry FK).
  Trigger refresh_item_paths_recursive does parent-first DFS over
  descendants, guarded by projax.refreshing_paths GUC.

Go store + handlers
- Item gains ParentIDs []string + Paths []string. PrimaryPath /
  OtherPaths helpers feed the detail breadcrumb. Source always
  'projax' now; SourceRefDeref still surfaces the mai-id pointer.
- Update / Reparent / Create take ParentIDs []string. AddParent helper
  for the multi-parent UI's "also list under" action.
- GetByPath uses '$1 = any(paths)' so /i/work.paliad and /i/dev.paliad
  resolve to the same row.
- buildForest renders a multi-parent item under each of its parents
  (duplicated nodes in distinct branches). Tag-filter prune is
  branch-preserving.

Templates
- detail.tmpl: multi-select parents, tags + management chip inputs,
  "Also at: …" breadcrumb for multi-parent items.
- new.tmpl: same multi-select + chip inputs.
- tree.tmpl: tag-filter chip bar, "×N" badge on multi-parent rows,
  management chips visible on every row.
- classify.tmpl: re-parent workflow (no more promote-to-projax — the
  bidirectional sync removed the dichotomy).

Tests (DB + HTTP, all skip without env)
- TestMultiParentResolvesBothPaths   inserts an item with two parents,
                                     asserts both inherited paths.
- TestSlugCollisionUnderCommonParent  refuses a sibling clash.
- TestMultiParentBothPathsRouteToSameRow  HTTP-level: /i/dev.X and
                                          /i/work.X both 200, same row.
- TestReparentRoundTrip rewritten for parent_ids[] semantics.
- TestPathTriggerNestAndRename / Reparent rewritten to query paths[].

Docs (docs/design.md)
- §2 rewritten: items in a DAG, no area/project distinction.
- §3 schema: parent_ids + paths + tags + management + indices.
- §3.1 path-trigger overhaul incl. cycle detection via recursive CTE
  and slug-collision-under-common-parent guard.
- §3.2 view simplified.
- §3.4 NEW: mai.projects bidirectional sync, including the manual
  prereq.
- §4.1 + §4.2: classify becomes re-parent, tags+management UI section.

mai head start / mai hire / mai status / mai instruct keep working
because mai.projects retains its FK-target shape; the projax sync just
mirrors the row in lock-step.

2026-05-15 16:33:52 +02:00

mAi

840c1760c9

feat(auth): federate with mgmt.msbls.de via Supabase cookies

projax was deployed publicly through Dokploy/Traefik with a Let's
Encrypt cert; the earlier "Tailscale-only" claim was never true. Gate
every request at the application layer using the same Supabase JWT
cookie pair that mgmt.msbls.de issues, so projax inherits SSO without
running its own login.

Middleware (web/auth.go):
- GET <SUPABASE_URL>/auth/v1/user with the access_token cookie or a
  Bearer header. On 2xx → pass through.
- On expiry, swap the refresh_token via /auth/v1/token?grant_type=
  refresh_token and rotate both cookies (Domain=msbls.de, HttpOnly,
  Secure, SameSite=Lax, Path=/, Max-Age=1y). Cookie attributes match
  mgmt/auth.ts verbatim — refreshed sessions stay drop-in compatible
  with the rest of the .msbls.de fleet.
- Anything still invalid → 302 to <PROJAX_LOGIN_URL>?redirectTo=
  <original-absolute-url>. mgmt's safeRedirect() rejects absolute URLs
  and falls back to /, so after login the user lands on mgmt; manual
  click back to projax then succeeds with the fresh cookie. UX is
  rough but functional; broadening mgmt's safeRedirect is parked for a
  separate PR.
- /healthz remains ungated so Dokploy/Traefik probes don't hit the
  redirect.

main.go: enable the middleware only when SUPABASE_URL is set; require
SUPABASE_ANON_KEY when it is (refuse to start otherwise). New env
overrides: PROJAX_LOGIN_URL (default https://mgmt.msbls.de/login),
PROJAX_COOKIE_DOMAIN (default msbls.de). Local dev with no env stays
fully anonymous.

Tests (7 cases, no DB needed): stub Supabase via httptest covers
healthz-open, anonymous-redirect, bad-cookie-redirect, good-cookie
pass-through, Bearer-pass-through, stale-but-refreshable rotation
(verifies cookie Domain/HttpOnly/Secure/SameSite), final fail
redirect.

DB-backed integration tests now honour PROJAX_SKIP_MIGRATE=1 so they
don't deadlock against the live container's auto-migrate during a
deploy window.

README + dokploy.yaml: kill the Tailscale-only claim, document the
federated-auth trust model and the new SUPABASE_* env contract.

2026-05-15 14:58:43 +02:00

mAi

9f905de461

feat: Go HTTP server with tree / detail / new / classify

cmd/projax/main.go boots a pgxpool against PROJAX_DB_URL (falls back to
SUPABASE_DATABASE_URL), auto-applies embedded migrations on start
(disable with PROJAX_AUTO_MIGRATE=off), and serves on PROJAX_LISTEN_ADDR
(default :8080).

store package wraps the unified view + projax.items writes. Item has
helper methods for templates: IsArea, Editable, SourceRefDeref. The
Promote() flow runs the insert + item_links link inside a single
transaction so the source row drops out of items_unified atomically.

web package: per-page html/template instances parsed against a shared
layout.tmpl, embedded static/style.css, HTMX from CDN. Pages:
  GET  /                   tree of items_unified
  GET  /i/{path}           detail (editable for projax, read-only +
                           promote form for mai.projects)
  POST /i/{path}           update projax-native item
  POST /i/{path}/promote   one-page promote (HTMX-aware fragment for
                           inline classify)
  GET  /new?parent={path}  create form
  POST /new                create projax-native item
  GET  /admin/classify     orphan list with inline HTMX promote
  GET  /healthz            DB ping
  GET  /static/*           embedded assets

Auth is intentionally out of scope for v1 — service binds to whatever
PROJAX_LISTEN_ADDR points at, deploy guidance pins it to the Tailscale
interface (covered in 1d README).

Tests (skip when DB env is unset):
  TestTreeRenders, TestHealthz,
  TestDetailProjaxNativeEditable, TestDetailMaiProjectsReadOnly,
  TestClassifyListsOrphans, TestPromoteRoundTrip.

2026-05-15 13:24:44 +02:00

3 Commits