Keysat
d51400c2a9
SQLite WAL mode (start9/0.4/docker_entrypoint.sh) - Switches journal_mode to WAL on every boot. WAL persists in the DB header so this is effectively a one-shot but rerunning is harmless. - Crucial for the "background StartOS Backup while users are using the app" case: under the default rollback journal, a long backup can capture an inconsistent snapshot. WAL keeps readers and the writer from blocking each other. - synchronous=NORMAL paired with WAL: still crash-consistent at every checkpoint, ~10x faster than FULL. Security headers (proof-of-work/next.config.js) - Content-Security-Policy with frame-ancestors 'none', base-uri 'self', form-action 'self', object-src 'none'. Keeps 'unsafe-inline' for script/style because Next.js emits inline bootstrap; tightening to nonce-based CSP is a follow-up. - Strict-Transport-Security: max-age=31536000; includeSubDomains. - Referrer-Policy: strict-origin-when-cross-origin (don't leak workout IDs etc. to third-party sites). - Permissions-Policy: deny camera, mic, geolocation, USB, etc. across the board (none of those APIs are used today; explicit deny means vulnerability scanners have one less thing to flag). Last-login tracking - New User.lastLoginAt column. createSession stamps it inside the same transaction as the new Session row. - Compat ALTER in entrypoint adds the column to legacy snapshots. - Admin Users table now shows a relative-age cell (today / Nd ago / Nmo ago / Ny ago / "never" if the user hasn't signed in since the column was added). Hover reveals the exact ISO timestamp. Self-serve delete-my-account (Settings -> Danger Zone) - Requires both the user's current password AND typing the literal phrase "delete my account" (defense against a stolen-session attacker nuking the account in one click). - Refused for the last admin (instance can't be left with no admin — the user is told to promote someone first). - Cascades through Prisma onDelete: Cascade on every relation owned by User, so workouts, exercises, sessions, preferences all go in one shot. Session cookie cleared, redirected to /auth/login.
Proof of Work on StartOS 0.4 (migration package)
This directory packages Proof of Work (proof-of-work) for StartOS 0.4
beta. It is the cutover package that carries your 0.3.5 data across to a new
x86_64 StartOS 0.4 host.
Upstream app lives at
../../proof-of-work/in this repo. Legacy 0.3.5 package lives at../0.3.5/(kept intact; do not modify). Codex's WIP 0.4 scaffold lives at../0.4/(kept intact; superseded by this folder).
Goals
- Keep the package id
proof-of-workso StartOS recognizes it as the same service. - Keep the persistent data volume
mainmounted at/data. - Keep the SQLite database at
/data/app.db. - Preserve every existing workout, set, exercise, and preference.
- Ship x86_64 only for 0.4 beta (sideload target).
How data preservation works
seed/data/app.dbholds a one-time snapshot of/datafrom the live 0.3.5 host (currently 1 user, 348 workouts, 164 exercises, 5720 set logs).- The
Dockerfilebakes that snapshot into the image at/app/seed/data/. - On first boot only —
/data/app.dbmissing AND/data/.seededabsent —docker_entrypoint.shcopies the seed into/data/and writes a.seededmarker. - On every subsequent boot,
/data/is the sole source of truth; the seed in the image is ignored.
See seed/README.md for the snapshot provenance and row counts.
Image runtime
| Property | Value |
|---|---|
| Base image | node:20-alpine (multi-stage build) |
| App runtime | Next.js standalone + Prisma + SQLite |
| Entrypoint | /usr/local/bin/docker_entrypoint.sh (dumb-init wrapped) |
| Internal port | 3000 |
| Architectures | x86_64 (beta) |
Build and sideload
cd start9/0.4
npm ci
make clean
make x86 # outputs proof-of-work_x86_64.s9pk
Sideload via StartOS web UI or make install (requires ~/.startos/config.yaml).
Step-by-step instructions are in DEPLOY_040.md.
What is unchanged from 0.3.5
- Package id:
proof-of-work - Volume id:
main - Mount path:
/data - DB path:
/data/app.db - Health endpoint:
/api/health - Compat
ALTER TABLEblock (idempotent; no-op on a current DB)
What is new in 0.4
- TypeScript SDK manifest under
startos/ - ExVer version (
0.1.0:18) replaces the 0.3.5 4-part0.1.0.17 - Seed-on-first-boot with a
.seededmarker and stderr logging alertUpdatewarning users not to Uninstall to troubleshoot- Self-contained Dockerfile — no references to
../0.3.5/or../0.4/
Follow-up releases (planned, do not ship yet)
- v0.1.0:19 — remove the
COPY seed/data \u2026line and the seed block from the entrypoint once the cutover is confirmed. Leavesseed/on disk unreferenced. - v0.1.0:19 or v0.1.0:20 — add a StartOS Package Action
change-admin-credentialsthat updates the User row in/data/app.db(bcryptjs, salt rounds 10) so you can rename/rotate the admin from the StartOS UI.