Keysat
990f5582b8
Typed Prisma queries
- where: any in app/api/workouts/route.ts (GET + POST) and
lib/db/workouts.ts replaced with Prisma.WorkoutWhereInput +
Prisma.WorkoutCreateInput + Prisma.DateTimeFilter. Catches typos
at compile time and surfaces query shape directly in tooltips.
Workout import endpoint tests (tests/routes-import.test.ts)
- 7 tests covering /api/workouts/import/save: 401 unauthenticated,
empty workouts rejected, case-insensitive name matching against
existing exercises, new-exercise creation with isCustom=true and
type='other' default, explicit existingExerciseId honored over
name lookup, multiple workouts per call, sequential setNumber
per exercise per workout.
bcryptjs -> bcrypt (native)
- Roughly 10x faster than the pure-JS implementation under load —
login latency drops from ~250ms to ~25ms. Hash format is fully
cross-compatible with bcryptjs ($2a$ / $2b$ both verify), so
existing user passwords keep working without migration.
- Dockerfile builder stage adds python3 + make + g++ as a safety net
for native node-gyp compilation on alpine when prebuilt binaries
aren't available.
- Runner stage explicitly COPYs node_modules/bcrypt so the .node
binding is unambiguously present even if Next.js standalone
tracing somehow misses it.
- StartOS package's changeAdminCredentials.ts keeps bcryptjs (it's
bundled by ncc into a single JS file and runs only on the rare
admin action; native bcrypt would require shipping the .node
binding through ncc which it doesn't handle gracefully).
CSP nonces (middleware.ts + next.config.js)
- Per-request nonce generated in middleware. Forwarded to Next via
the x-nonce request header, which Next 13.4+ automatically stamps
onto its inline bootstrap scripts. CSP response header includes
`'nonce-${nonce}' 'strict-dynamic'`, dropping the previous
`'unsafe-inline'` from script-src.
- Static CSP removed from next.config.js (middleware-set headers
override static ones, so keeping both was redundant).
- Middleware matcher widened to all paths except static assets so
the CSP applies to every page response. Existing /main + /api
auth gating preserved.
- style-src keeps 'unsafe-inline' — Next/Tailwind still inject
critical inline <style>; tightening that requires hash-based
style-src or per-style nonce stamping (Next doesn't auto-do
either). Worth a follow-up if you want the cleanest possible CSP.
/api/me/import (mirror of /api/me/export)
- Accepts the same JSON shape /api/me/export emits (schema string
validated: only `proof-of-work-export@1` accepted today).
- mode: 'merge' (default) — adds imported rows; existing exercises
with matching names are NOT overwritten (the user's custom version
wins). All workout sets with a known exercise get rebound to the
user's actual exercise id via name lookup.
- mode: 'replace' — wipes the user's exercises/workouts/sets first,
then imports. Requires `confirm: "REPLACE"` in the body.
- Always scoped to the actor — never touches other users' data.
- Profile/admin flag/sessions/InstanceSettings deliberately not
imported (account identity stays put).
- 7 tests cover: 401, schema rejection, merge create+skip, replace
confirmation gate, replace wipes-then-imports, isolation across
users.
- ExportMyData component grew Import (merge) + Import (replace)
buttons with native browser confirm() before the destructive
replace.
Test suite now 81 tests across 9 files in ~2.6s.
Proof of Work on StartOS 0.4 (migration package)
This directory packages Proof of Work (proof-of-work) for StartOS 0.4
beta. It is the cutover package that carries your 0.3.5 data across to a new
x86_64 StartOS 0.4 host.
Upstream app lives at
../../proof-of-work/in this repo. Legacy 0.3.5 package lives at../0.3.5/(kept intact; do not modify). Codex's WIP 0.4 scaffold lives at../0.4/(kept intact; superseded by this folder).
Goals
- Keep the package id
proof-of-workso StartOS recognizes it as the same service. - Keep the persistent data volume
mainmounted at/data. - Keep the SQLite database at
/data/app.db. - Preserve every existing workout, set, exercise, and preference.
- Ship x86_64 only for 0.4 beta (sideload target).
How data preservation works
seed/data/app.dbholds a one-time snapshot of/datafrom the live 0.3.5 host (currently 1 user, 348 workouts, 164 exercises, 5720 set logs).- The
Dockerfilebakes that snapshot into the image at/app/seed/data/. - On first boot only —
/data/app.dbmissing AND/data/.seededabsent —docker_entrypoint.shcopies the seed into/data/and writes a.seededmarker. - On every subsequent boot,
/data/is the sole source of truth; the seed in the image is ignored.
See seed/README.md for the snapshot provenance and row counts.
Image runtime
| Property | Value |
|---|---|
| Base image | node:20-alpine (multi-stage build) |
| App runtime | Next.js standalone + Prisma + SQLite |
| Entrypoint | /usr/local/bin/docker_entrypoint.sh (dumb-init wrapped) |
| Internal port | 3000 |
| Architectures | x86_64 (beta) |
Build and sideload
cd start9/0.4
npm ci
make clean
make x86 # outputs proof-of-work_x86_64.s9pk
Sideload via StartOS web UI or make install (requires ~/.startos/config.yaml).
Step-by-step instructions are in DEPLOY_040.md.
What is unchanged from 0.3.5
- Package id:
proof-of-work - Volume id:
main - Mount path:
/data - DB path:
/data/app.db - Health endpoint:
/api/health - Compat
ALTER TABLEblock (idempotent; no-op on a current DB)
What is new in 0.4
- TypeScript SDK manifest under
startos/ - ExVer version (
0.1.0:18) replaces the 0.3.5 4-part0.1.0.17 - Seed-on-first-boot with a
.seededmarker and stderr logging alertUpdatewarning users not to Uninstall to troubleshoot- Self-contained Dockerfile — no references to
../0.3.5/or../0.4/
Follow-up releases (planned, do not ship yet)
- v0.1.0:19 — remove the
COPY seed/data \u2026line and the seed block from the entrypoint once the cutover is confirmed. Leavesseed/on disk unreferenced. - v0.1.0:19 or v0.1.0:20 — add a StartOS Package Action
change-admin-credentialsthat updates the User row in/data/app.db(bcryptjs, salt rounds 10) so you can rename/rotate the admin from the StartOS UI.