proof-of-work

grant/proof-of-work

Fork 0

Commit Graph

Author	SHA1	Message	Date
Keysat	97ed07fd07	v1.0.0:3 — post-cutover seed strip Removes the one-time `/data` snapshot from the deployed Docker image now that the cutover from the legacy `workout-log` package is verified done (v1.0.0:1 + :2 in production). Dockerfile - Drops `COPY start9/0.4/seed/data /app/seed/data`. - Drops the `WORKOUT_BAKED_SEED_DB_PATH` env var. - Comment block explains the rationale + how to re-seed if ever needed. docker_entrypoint.sh - Step 1 collapses to single-branch fallback: if /data is empty AND /app/prisma/data/app.db exists, copy the empty-schema fallback. The baked-seed branch is gone. - Comment cross-references v1.0.0:3 for the rationale. start9/0.4/seed/README.md rewritten to reflect historical-only status + how to re-seed for the rare "spin up another instance with this history" case. Version graph - Adds startos/versions/v1.0.0.3.ts with empty up/down migrations and release notes. - Promotes v1.0.0:3 to `current`; v1.0.0:1 and :2 move to `other` so hosts on either upgrade in place. No schema changes, no data migration. /data on existing installs is left exactly as-is. Image size drops by ~1.7MB (the snapshot size).	2026-05-09 13:40:58 -05:00
Keysat	990f5582b8	Typed Prisma queries, bcrypt native, CSP nonces, /api/me/import, more tests Typed Prisma queries - where: any in app/api/workouts/route.ts (GET + POST) and lib/db/workouts.ts replaced with Prisma.WorkoutWhereInput + Prisma.WorkoutCreateInput + Prisma.DateTimeFilter. Catches typos at compile time and surfaces query shape directly in tooltips. Workout import endpoint tests (tests/routes-import.test.ts) - 7 tests covering /api/workouts/import/save: 401 unauthenticated, empty workouts rejected, case-insensitive name matching against existing exercises, new-exercise creation with isCustom=true and type='other' default, explicit existingExerciseId honored over name lookup, multiple workouts per call, sequential setNumber per exercise per workout. bcryptjs -> bcrypt (native) - Roughly 10x faster than the pure-JS implementation under load — login latency drops from ~250ms to ~25ms. Hash format is fully cross-compatible with bcryptjs ($2a$ / $2b$ both verify), so existing user passwords keep working without migration. - Dockerfile builder stage adds python3 + make + g++ as a safety net for native node-gyp compilation on alpine when prebuilt binaries aren't available. - Runner stage explicitly COPYs node_modules/bcrypt so the .node binding is unambiguously present even if Next.js standalone tracing somehow misses it. - StartOS package's changeAdminCredentials.ts keeps bcryptjs (it's bundled by ncc into a single JS file and runs only on the rare admin action; native bcrypt would require shipping the .node binding through ncc which it doesn't handle gracefully). CSP nonces (middleware.ts + next.config.js) - Per-request nonce generated in middleware. Forwarded to Next via the x-nonce request header, which Next 13.4+ automatically stamps onto its inline bootstrap scripts. CSP response header includes `'nonce-${nonce}' 'strict-dynamic'`, dropping the previous `'unsafe-inline'` from script-src. - Static CSP removed from next.config.js (middleware-set headers override static ones, so keeping both was redundant). - Middleware matcher widened to all paths except static assets so the CSP applies to every page response. Existing /main + /api auth gating preserved. - style-src keeps 'unsafe-inline' — Next/Tailwind still inject critical inline <style>; tightening that requires hash-based style-src or per-style nonce stamping (Next doesn't auto-do either). Worth a follow-up if you want the cleanest possible CSP. /api/me/import (mirror of /api/me/export) - Accepts the same JSON shape /api/me/export emits (schema string validated: only `proof-of-work-export@1` accepted today). - mode: 'merge' (default) — adds imported rows; existing exercises with matching names are NOT overwritten (the user's custom version wins). All workout sets with a known exercise get rebound to the user's actual exercise id via name lookup. - mode: 'replace' — wipes the user's exercises/workouts/sets first, then imports. Requires `confirm: "REPLACE"` in the body. - Always scoped to the actor — never touches other users' data. - Profile/admin flag/sessions/InstanceSettings deliberately not imported (account identity stays put). - 7 tests cover: 401, schema rejection, merge create+skip, replace confirmation gate, replace wipes-then-imports, isolation across users. - ExportMyData component grew Import (merge) + Import (replace) buttons with native browser confirm() before the destructive replace. Test suite now 81 tests across 9 files in ~2.6s.	2026-05-09 11:05:03 -05:00
Keysat	aa407b5f67	Rebrand to Proof of Work; multi-user 0.4 package with curated library sync Repo cleanup - Add top-level .gitignore (was missing; node_modules, .next, .s9pk, image.tar, seed/data/.db, log files, etc.) and a root README. - Delete legacy start9/0.3.5/ package (StartOS 0.3.5 wrapper, no longer the deploy target). - Delete start9-example-packaging/ (template from another project). - Delete planning docs (START9_PACKAGING_LOG.md, VERSIONING.md, STARTOS_0.4_UPGRADE_PROMPT.md, ICON_FILES_INDEX.md, etc.) — info now lives in the deploy guide and code comments. - Drop the standalone Dockerfile, docker-compose.yml, ICON_*, and dev log/build artifacts from the app dir. - Drop the v0.1.0:18/19/20 version files (they belonged to the legacy workout-log package and don't apply to the new id). Rename + new package - Rename app dir workout-planner/ -> proof-of-work/. - Rename StartOS package id workout-log -> proof-of-work; the new id makes this a brand new StartOS service (clean cutover from the old one rather than in-place upgrade). - Reset version graph; v1.0.0:1 is the seeded cutover release. The Dockerfile bakes a one-time /data snapshot and docker_entrypoint.sh copies it into the new volume on truly-fresh first boot only (both /data/app.db missing AND /data/.seeded absent). - Move start9/0.4-migration/ -> start9/0.4/; the old start9/0.4/ stub is gone. Curated exercise library (multi-user-aware) - proof-of-work/prisma/exercises.seed.json is the canonical library shipped to every install (164 exercises today, dumped from the live snapshot). - proof-of-work/scripts/sync-library.cjs (npm run sync-library) refreshes the JSON from start9/0.4/seed/data/app.db after refresh_seed.sh. - proof-of-work/prisma/seed.ts now reads from the JSON instead of a hardcoded 52-exercise array; runs at Docker build time to seed the fallback DB and on first boot for fresh installs. - proof-of-work/prisma/ensureExerciseLibrary.cjs runs on every container boot (from docker_entrypoint.sh) and INSERT OR IGNOREs every library entry for every user, keyed on (userId, name). Library updates flow to existing installs on package upgrade; user-custom exercises (isCustom=true) and any colliding names are never overwritten; removed exercises stay on existing installs (additive-only). Deploy guide (start9/0.4/DEPLOY_040.md) - Rewritten end-to-end for the workout-log -> proof-of-work cutover: refresh_seed, sync-library, build, sideload, verify, rotate creds, stop the old service, then post-cutover cleanup release v1.0.0:2.	2026-05-08 20:12:25 -05:00

Author

SHA1

Message

Date

Keysat

97ed07fd07

v1.0.0:3 — post-cutover seed strip

Removes the one-time `/data` snapshot from the deployed Docker image now
that the cutover from the legacy `workout-log` package is verified done
(v1.0.0:1 + :2 in production).

Dockerfile
- Drops `COPY start9/0.4/seed/data /app/seed/data`.
- Drops the `WORKOUT_BAKED_SEED_DB_PATH` env var.
- Comment block explains the rationale + how to re-seed if ever needed.

docker_entrypoint.sh
- Step 1 collapses to single-branch fallback: if /data is empty AND
  /app/prisma/data/app.db exists, copy the empty-schema fallback. The
  baked-seed branch is gone.
- Comment cross-references v1.0.0:3 for the rationale.

start9/0.4/seed/README.md rewritten to reflect historical-only status
+ how to re-seed for the rare "spin up another instance with this
history" case.

Version graph
- Adds startos/versions/v1.0.0.3.ts with empty up/down migrations and
  release notes.
- Promotes v1.0.0:3 to `current`; v1.0.0:1 and :2 move to `other` so
  hosts on either upgrade in place.

No schema changes, no data migration. /data on existing installs is
left exactly as-is. Image size drops by ~1.7MB (the snapshot size).

2026-05-09 13:40:58 -05:00

Keysat

990f5582b8

Typed Prisma queries, bcrypt native, CSP nonces, /api/me/import, more tests

Typed Prisma queries
- where: any in app/api/workouts/route.ts (GET + POST) and
  lib/db/workouts.ts replaced with Prisma.WorkoutWhereInput +
  Prisma.WorkoutCreateInput + Prisma.DateTimeFilter. Catches typos
  at compile time and surfaces query shape directly in tooltips.

Workout import endpoint tests (tests/routes-import.test.ts)
- 7 tests covering /api/workouts/import/save: 401 unauthenticated,
  empty workouts rejected, case-insensitive name matching against
  existing exercises, new-exercise creation with isCustom=true and
  type='other' default, explicit existingExerciseId honored over
  name lookup, multiple workouts per call, sequential setNumber
  per exercise per workout.

bcryptjs -> bcrypt (native)
- Roughly 10x faster than the pure-JS implementation under load —
  login latency drops from ~250ms to ~25ms. Hash format is fully
  cross-compatible with bcryptjs ($2a$ / $2b$ both verify), so
  existing user passwords keep working without migration.
- Dockerfile builder stage adds python3 + make + g++ as a safety net
  for native node-gyp compilation on alpine when prebuilt binaries
  aren't available.
- Runner stage explicitly COPYs node_modules/bcrypt so the .node
  binding is unambiguously present even if Next.js standalone
  tracing somehow misses it.
- StartOS package's changeAdminCredentials.ts keeps bcryptjs (it's
  bundled by ncc into a single JS file and runs only on the rare
  admin action; native bcrypt would require shipping the .node
  binding through ncc which it doesn't handle gracefully).

CSP nonces (middleware.ts + next.config.js)
- Per-request nonce generated in middleware. Forwarded to Next via
  the x-nonce request header, which Next 13.4+ automatically stamps
  onto its inline bootstrap scripts. CSP response header includes
  `'nonce-${nonce}' 'strict-dynamic'`, dropping the previous
  `'unsafe-inline'` from script-src.
- Static CSP removed from next.config.js (middleware-set headers
  override static ones, so keeping both was redundant).
- Middleware matcher widened to all paths except static assets so
  the CSP applies to every page response. Existing /main + /api
  auth gating preserved.
- style-src keeps 'unsafe-inline' — Next/Tailwind still inject
  critical inline <style>; tightening that requires hash-based
  style-src or per-style nonce stamping (Next doesn't auto-do
  either). Worth a follow-up if you want the cleanest possible CSP.

/api/me/import (mirror of /api/me/export)
- Accepts the same JSON shape /api/me/export emits (schema string
  validated: only `proof-of-work-export@1` accepted today).
- mode: 'merge' (default) — adds imported rows; existing exercises
  with matching names are NOT overwritten (the user's custom version
  wins). All workout sets with a known exercise get rebound to the
  user's actual exercise id via name lookup.
- mode: 'replace' — wipes the user's exercises/workouts/sets first,
  then imports. Requires `confirm: "REPLACE"` in the body.
- Always scoped to the actor — never touches other users' data.
- Profile/admin flag/sessions/InstanceSettings deliberately not
  imported (account identity stays put).
- 7 tests cover: 401, schema rejection, merge create+skip, replace
  confirmation gate, replace wipes-then-imports, isolation across
  users.
- ExportMyData component grew Import (merge) + Import (replace)
  buttons with native browser confirm() before the destructive
  replace.

Test suite now 81 tests across 9 files in ~2.6s.

2026-05-09 11:05:03 -05:00

Keysat

aa407b5f67

Rebrand to Proof of Work; multi-user 0.4 package with curated library sync

Repo cleanup
- Add top-level .gitignore (was missing; node_modules, .next, *.s9pk,
  image.tar, seed/data/*.db, log files, etc.) and a root README.
- Delete legacy start9/0.3.5/ package (StartOS 0.3.5 wrapper, no longer
  the deploy target).
- Delete start9-example-packaging/ (template from another project).
- Delete planning docs (START9_PACKAGING_LOG.md, VERSIONING.md,
  STARTOS_0.4_UPGRADE_PROMPT.md, ICON_FILES_INDEX.md, etc.) — info now
  lives in the deploy guide and code comments.
- Drop the standalone Dockerfile, docker-compose.yml, ICON_*, and dev
  log/build artifacts from the app dir.
- Drop the v0.1.0:18/19/20 version files (they belonged to the legacy
  workout-log package and don't apply to the new id).

Rename + new package
- Rename app dir workout-planner/ -> proof-of-work/.
- Rename StartOS package id workout-log -> proof-of-work; the new id
  makes this a brand new StartOS service (clean cutover from the old
  one rather than in-place upgrade).
- Reset version graph; v1.0.0:1 is the seeded cutover release. The
  Dockerfile bakes a one-time /data snapshot and docker_entrypoint.sh
  copies it into the new volume on truly-fresh first boot only (both
  /data/app.db missing AND /data/.seeded absent).
- Move start9/0.4-migration/ -> start9/0.4/; the old start9/0.4/ stub
  is gone.

Curated exercise library (multi-user-aware)
- proof-of-work/prisma/exercises.seed.json is the canonical library
  shipped to every install (164 exercises today, dumped from the live
  snapshot).
- proof-of-work/scripts/sync-library.cjs (npm run sync-library) refreshes
  the JSON from start9/0.4/seed/data/app.db after refresh_seed.sh.
- proof-of-work/prisma/seed.ts now reads from the JSON instead of a
  hardcoded 52-exercise array; runs at Docker build time to seed the
  fallback DB and on first boot for fresh installs.
- proof-of-work/prisma/ensureExerciseLibrary.cjs runs on every container
  boot (from docker_entrypoint.sh) and INSERT OR IGNOREs every library
  entry for every user, keyed on (userId, name). Library updates flow
  to existing installs on package upgrade; user-custom exercises
  (isCustom=true) and any colliding names are never overwritten;
  removed exercises stay on existing installs (additive-only).

Deploy guide (start9/0.4/DEPLOY_040.md)
- Rewritten end-to-end for the workout-log -> proof-of-work cutover:
  refresh_seed, sync-library, build, sideload, verify, rotate creds,
  stop the old service, then post-cutover cleanup release v1.0.0:2.

2026-05-08 20:12:25 -05:00

3 Commits