Files
moteva/progress.md
T
root 869e2bb75b chore: update planning notes
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-11 01:02:12 +08:00

7.4 KiB

Progress Log

Session: 2026-07-10

Phase 1: Architecture Discovery

  • Status: in_progress
  • Read repository instructions and the applicable Go, frontend, planning, and browser verification skills.
  • Captured the missing backend ownership, project binding, selector, and chat-context requirements.
  • Confirmed the existing go-zero API, SQLC/PostgreSQL, memory-store, and code-generation toolchain.
  • Located the project domain/repository and established the project object as the server-side Brand Kit context boundary for chat and generation.
  • Traced Agent Chat through planning, research, conversation, and asynchronous generation; identified one project-hydration point plus shared prompt builders for complete coverage.
  • Added the Home composer Brand Kit picker and empty create action to the implementation scope.
  • Mapped the Home composer action row and frontend project hydration paths for brandKitId integration.
  • Re-read the active plan after session recovery and confirmed the existing frontend edits are limited to the Brand Kit feature surface.
  • Loaded the project go-zero workflow plus the applicable planning, Go, and frontend implementation guidance.
  • Completed architecture discovery, including authentication enforcement, SQLC persistence, async job reloads, direct image prompts, and frontend project hydration.
  • Chose a versioned JSON document API with server-side schema validation and prompt compilation; project responses expose only brandKitId, never compiled context.
  • Added and validated the API-first contract for Brand Kit list/upsert/delete, project binding, optional project-creation selection, and project response hydration.
  • Generated go-zero handlers, logic shells, routes, and types through the local mcp-zero stdio server.
  • Added SQLC schema and queries for user-owned versioned Brand Kits and optional project bindings, then regenerated SQLC code.
  • Implemented memory/PostgreSQL stores, document validation, single-default enforcement, server-side context compilation, project binding cleanup, and API logic.
  • Hydrated the active Brand Kit for synchronous chat, asynchronous create/follow-up jobs, conversations, planner memory, creative prompts, and direct/fallback image prompts.
  • Added focused ownership/default/binding/context-injection tests.
  • Replaced browser-local Brand Kit persistence with authenticated APIs, including a one-time per-user migration.
  • Added reusable Brand Kit selectors to the Home composer and canvas title bar; project creation and binding now send only the selected ID.
  • Added server-side Brand Kit asset resolution so uploaded logos, covers, and references reach image generation after user references.
  • Added Brand Kit API documentation and ownership/default/binding semantics to the server docs.

Test Results

Test Result Status
goctl api validate -api img_infinite_canvas.api api format ok pass
Targeted Go tests: application, PostgreSQL/memory repositories, logic, service context, error mapping, and prompt agents all pass pass
go test ./... all packages pass pass
go build ./... build succeeds pass
npx tsc -b typecheck succeeds pass
npm run build Next.js and Vite production builds succeed; existing large-chunk warning only pass

Session: 2026-07-11

Phase 7: Device Management Discovery and Design

  • Status: in_progress
  • Loaded repository instructions, go-zero workflow rules, frontend design guidance, and the existing planning state.
  • Confirmed a clean worktree before starting the device management task.
  • Located an existing account-management component and server device list/removal logic for focused inspection.
  • Confirmed the current device endpoints are placeholder implementations over stateless user-only tokens; selective revocation is not yet real.
  • Completed the session-registry design, including token sid, legacy-token migration, request metadata context, throttled last-seen updates, expiry filtering, and atomic revoke semantics.

Phase 8: Device Management Implementation

  • Status: in_progress
  • Added the maintained github.com/mileusna/useragent dependency for normalized, display-only device metadata.
  • Implemented token sid claims, session context, UA normalization, memory/PostgreSQL session persistence, active-session authentication, last-seen throttling, listing, revoke-others, and logout revocation.
  • First targeted test run compiled successfully; the legacy placeholder test failed because removal now correctly requires a current authenticated session context. The test is being upgraded to the production contract.
  • Replaced the placeholder test with multi-device lifecycle coverage and added UA parsing, legacy migration, revocation, logout, and middleware metadata/session-context tests.
  • Targeted Go tests now pass: go test ./internal/modules/auth ./internal/handler.
  • Rebuilt the account device section with explicit async states, semantic rows, normalized metadata, responsive stacking, duplicate-submit protection, optimistic post-removal reconciliation, and aligned Chinese/English copy.
  • Frontend TypeScript validation passes: npx tsc -b.
  • Added the follow-up requirement for server-configurable desktop/mobile web-session limits; implementation will extend the API response spec before regeneration.
  • Updated and validated img_infinite_canvas.api, then regenerated go-zero types with the documented goctl fallback; the device list response now includes limits.desktop and limits.mobile.
  • Added Auth.DeviceLimits.Desktop/Mobile defaults to local and deployment config, wired them through the auth service, and replaced hard-coded UI counts with API-driven interpolation.
  • Documented the configuration and effective API policy in server/README.md and server/API.md.
  • Focused Go tests and frontend TypeScript validation pass after the configurable-limit change.
  • Full verification passes: go mod tidy, API validation, go test ./..., go build ./..., and npm run build (only the existing Vite large-chunk warning remains).
  • Initial alternate-port preview starts exposed two environment constraints: go-zero requires a config filename extension and Next permits one dev server per repo. Switched to a .yaml stdin symlink for the backend and the production Next server for the second frontend port.
  • The isolated preview is live at http://localhost:5174 with the new backend on http://localhost:8889; the frontend page, auth-options proxy, and protected-device 401 boundary respond correctly.
  • The in-app browser runtime has no available browser backend in this environment, so authenticated screenshot inspection could not be completed there.
  • Race-enabled auth/middleware tests pass, frontend typecheck and diff checks pass, and the preview proxy still enforces a 401 on unauthenticated device access.
  • Reproduced the reported limit bug with a deterministic failing service test: two desktop tokens remained valid with Desktop: 1.
  • Implemented atomic same-type enforcement in memory and PostgreSQL stores; new logins keep the newest session and revoke oldest overflow sessions.
  • Added device-list reconciliation for sessions created before enforcement and verified current-session preservation.
  • Changed the device API timestamp contract to RFC3339 UTC and formatted it with the browser's local timezone via Intl.DateTimeFormat.
  • Regression tests now pass for configured desktop limit 1, pre-enforcement reconciliation, concurrent PostgreSQL logins, and timezone-neutral API timestamps.