Release v0.4.0 #27

Merged

Mike Bros merged 34 commits from release/v0.4.0 into main 2026-02-18 22:56:40 +00:00

Conversation 0 Commits 34 Files changed 100 +8167 -1932

Gravity Bot commented 2026-02-18 18:46:00 +00:00

Contributor

Copy link

Release v0.4.0 — Phase 4: Polish & Refinements

Changes

Code Quality & Architecture (20 tasks)

• OP#182–#186, #234, #236–#238, #241: Comprehensive test coverage (auth, services, handlers, security, validation, transactions)
• OP#187: Transaction boundaries for complex operations
• OP#188: Refactored oversized service & handler files
• OP#189: Structured error handling & consistent HTTP responses
• OP#190: Structured logging with slog
• OP#191: Session secret enforcement & security hardening
• OP#192: Dead code cleanup
• OP#193: CI pipeline hardening
• OP#194: Service layer interface extraction
• OP#195: Querier interface for database layer
• OP#197: Input validation layer

Features & Enhancements (6 tasks)

• OP#147: Styled error pages (404, 403, 500, 401, 400)
• OP#148: Toast notifications & confirmation modals
• OP#150: 9 additional builtin themes
• OP#168: Configurable navbar & footer settings
• OP#386: Ordering support in dashboard diff detection
• OP#387: Dismissed items redesign (array → join table)

Documentation (3 tasks)

• OP#146: Mobile responsiveness audit & standards
• OP#196: Git branch hygiene & conventions
• OP#198: Project standards wiki

Checklist

• All 39 version tasks closed in Gravity PM
• Tests passing (go test -race -count=1 ./...)
• Vet passing (go vet ./...)
• Version file matches Gravity PM version (manifest.json → 0.4.0)

References

Version: v0.4.0 — Phase 4: Polish (Gravity PM ID: 13)
Release task: OP#1054

## Release v0.4.0 — Phase 4: Polish & Refinements ### Changes **Code Quality & Architecture (20 tasks)** - OP#182–#186, #234, #236–#238, #241: Comprehensive test coverage (auth, services, handlers, security, validation, transactions) - OP#187: Transaction boundaries for complex operations - OP#188: Refactored oversized service & handler files - OP#189: Structured error handling & consistent HTTP responses - OP#190: Structured logging with slog - OP#191: Session secret enforcement & security hardening - OP#192: Dead code cleanup - OP#193: CI pipeline hardening - OP#194: Service layer interface extraction - OP#195: Querier interface for database layer - OP#197: Input validation layer **Features & Enhancements (6 tasks)** - OP#147: Styled error pages (404, 403, 500, 401, 400) - OP#148: Toast notifications & confirmation modals - OP#150: 9 additional builtin themes - OP#168: Configurable navbar & footer settings - OP#386: Ordering support in dashboard diff detection - OP#387: Dismissed items redesign (array → join table) **Documentation (3 tasks)** - OP#146: Mobile responsiveness audit & standards - OP#196: Git branch hygiene & conventions - OP#198: Project standards wiki ### Checklist - [x] All 39 version tasks closed in Gravity PM - [x] Tests passing (`go test -race -count=1 ./...`) - [x] Vet passing (`go vet ./...`) - [x] Version file matches Gravity PM version (manifest.json → 0.4.0) ### References Version: v0.4.0 — Phase 4: Polish (Gravity PM ID: 13) Release task: OP#1054

Gravity Bot added 33 commits 2026-02-18 18:46:05 +00:00

test(infra): establish test infrastructure and patterns ... 4e9e770b9d

Add testify and pgxmock/v4 as test dependencies. Create internal/testutil
package with context builders, HTTP test helpers, and database mock setup.
Includes 8 demonstration tests validating the helper functions.

- testutil.TestUser() / TestAdmin() — create users with sensible defaults
- testutil.NewRequest() / PostForm() — HTTP test request builders
- testutil.RequestWithUser() / ContextWithUser() — context injection
- testutil.NewMockPool() — pgxmock pool with automatic cleanup
- testutil.DefaultSettings() — AppSettings with common test defaults
- testutil.HTMXRequest() — mark requests as HTMX

Closes GP#182

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

refactor(handlers): extract service interfaces for testability ... 50fd85f302

Replace concrete service types in handler structs with interfaces
(DashboardServicer, ThemeServicer, ImportServicer, EmailServicer,
StatusChecker). Services are now injected via constructors and wired
in main.go. Includes compile-time interface satisfaction checks and
updated existing tests to use mock implementations.

Closes GP#194

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

refactor(database): add Querier interface and decouple services from pgxpool ... 5ee8bbd0c8

Create database.Querier and database.DB interfaces that abstract the
pgx query and transaction surface. Refactor all services to accept these
interfaces instead of *pgxpool.Pool directly, enabling transparent
transaction support and easier testing.

- DashboardService, ImportService, EmailService accept database.DB
- ThemeService accepts database.Querier (no transactions needed)
- SeedThemes accepts database.Querier
- handlers.DBTX aliased to database.Querier
- SQL audit: all queries use parameterized placeholders
- N+1 patterns documented (assembleDashboard)
- sqlc evaluation: defer adoption (current scale doesn't warrant it)

Closes GP#195

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

feat(logging): replace log.Printf with structured slog across codebase ... 6b3e07129f

Configure slog with JSON handler in main.go, add RequestLogger middleware
for HTTP request logging, and convert all log.Printf/Println/Fatalf calls
to structured slog.Error/Warn/Info with key-value pairs across 22 files.

Closes GP#190

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

feat(handlers): add structured error helpers with htmx-aware responses ... 17ce06151a

Introduces serverError, badRequest, notFound, forbidden, and unauthorized
helpers that handle both htmx (toast) and standard (http.Error) paths.
Replaces all raw http.Error calls across 11 handler files.

Closes GP#189

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

feat(security): enforce session secret, add CSRF and rate limiting ... 212db918e5

- Require SESSION_SECRET at startup (fail-fast unless DEV_AUTH=true)
- Add double-submit cookie CSRF protection on all state-changing requests
- Add per-IP rate limiting on auth endpoints (login, callback, setup)
- Add startup warnings for insecure configuration (short secret, dev auth)
- Auto-inject CSRF tokens via JS for both htmx and regular forms

Closes GP#191

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

feat(database): add WithTx helper and fix SoftDeleteDashboard transaction ... 6146f948b7

- Add WithTx and WithTxResult[T] helpers for consistent transaction handling
- Wrap SoftDeleteDashboard in transaction (was 3 separate queries without tx)
- Add pgxmock-based tests for commit and rollback paths
- Core operations (Clone, Import, Reorder, Move) already transactional from #195

Closes GP#187

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

feat(handlers): add input validation layer with reusable helpers ... 84b9fd203b

- Add requireField, parseFormUUID, validateURL, validateEnum helpers
- Validate section name required on create/update
- Validate item title required, URL format on create/update
- Validate OIDC fields required when enabled (admin auth)
- Validate SMTP host required when enabled (admin SMTP)
- Validate theme display name required on update
- Add ParseForm to ProfileUpdate for consistency
- 14 validation tests covering all helpers and htmx paths

Closes GP#197

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

refactor: split oversized handler and service files ... da4493c0ab

Split user_dashboards.go (1108 lines) into 3 files:
- user_dashboards.go (682) — CRUD, management, settings
- user_sharing.go (250) — shares, notifications, email
- user_diff.go (200) — diff/merge operations

Split crud.go (892 lines) into 5 entity files:
- crud.go (67) — shared helpers, settings
- crud_pages.go (62) — pages CRUD
- crud_sections.go (95) — sections CRUD
- crud_items.go (235) — items CRUD
- crud_dashboards.go (463) — dashboards CRUD

Pure reorganization — no functional changes.

Closes GP#188

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

chore(cleanup): remove dead code, fix tailwind safelist, document group visibility ... af33c570a9

- Remove empty placeholder dirs (components/dashboard/, components/sharing/)
- Remove dead assets/ package (embed lives in root embed.go)
- Add Tailwind safelist for Go-returned CSS classes (NotifIconColor)
- Document group visibility filtering design in loadSections

Closes GP#192

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

ci: add coverage reporting, templ freshness check, and test dependency on lint ... d285c9736e

- Test job now depends on lint (needs: lint)
- Coverage profile generated and summary displayed in CI log
- Minimum coverage threshold enforced (15%, configurable via env)
- templ generate freshness check catches stale generated files

Closes GP#193

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

test(auth): add session signing, OIDC admin detection, and manager tests ... 942d4011d6

- Session: sign/verify round-trip, tamper detection, wrong secret rejection,
  session ID format/uniqueness, cookie format validation
- OIDC: isAdmin group/role matching, parseStringArray edge cases
- Manager: nil-provider fallback handlers (login→/setup, callback→503, logout→/)
- Middleware: isPublicPath coverage for all route categories

Closes GP#183

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

test(services): add diff logic, theme CSSVarsMap, and seed theme tests ... adb93f0c7e

- Diff: tagsStr, field-level item comparison, new/changed/removed/dismissed
  item collection logic tested with in-memory data structures
- Theme: CSSVarsMap with valid/nil/empty/invalid JSON, all builtin themes
  verified for 19 CSS vars and JSON round-trip
- Seed: builtin themes validated for light/dark mix and unique names

Closes GP#184

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

test(handlers): add dashboard handler, status refresh, and CRUD tests ... fbab855a43

- Dashboard Index: redirects to /setup when not configured, 404 for non-root
- StatusRefresh: valid/invalid UUID, wrong method
- UserSectionDelete: happy path end-to-end, auth guard
- LoginPage: OIDC delegation vs login page render

Closes GP#185

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

test(statuscheck): add comprehensive status check tests ... 8721f9fca6

Table-driven tests for isAcceptedStatus covering defaults, explicit
ranges, case insensitivity, whitespace, and edge cases. HTTP check
tests via httptest for success, errors, custom accepted codes,
connection refused, and redirects. Per-item interval enforcement.

Closes GP#186

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

test(security): expand security hardening test coverage ... 31562c589f

Add session secret enforcement tests (valid secret succeeds, error
message includes DEV_AUTH hint). Expand CSRF tests with PUT method
coverage, unique token generation, cross-session rejection, and
empty context fallback. Completes coverage for GP#191 security work.

Closes GP#234

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

test(validation): expand input validation helper test coverage ... 5c68497801

Add whitespace-only field rejection, SQL injection attempt on UUID
parser, javascript: scheme rejection, enum error message content
check, and handler integration test proving validation failures
return 400 not 500.

Closes GP#236

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

test(services): add transaction boundary tests with pgxmock ... b206e75160

Proves atomicity for ReorderSections, ReorderItems, MoveItemToSection,
CloneDashboard, and ImportDashyConfigTo. Each operation has success
(commit verified) and rollback (mid-failure proves zero partial state)
tests. Uses pgxmock to simulate failures at specific query points.

Closes GP#237

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

test(handlers): expand error helper test coverage ... d148310cd5

Add serverError with extra attrs, htmx body leak prevention,
and badRequest message preservation tests. Verifies internal
error details never reach the client in either standard or htmx paths.

Closes GP#238

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

refactor(db): replace dismissed_source_items array with join table ... 31305a1f70

Migrate from UUID[] column on dashboards to a
dashboard_dismissed_items join table with proper foreign keys and
CASCADE deletes. Update all SELECT/RETURNING queries, diff logic,
dismiss/clear operations, and test mocks.

Migration 00016 creates the table, migrates data, drops the column.

Closes GP#387

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

feat(diff): add ordering change detection to dashboard diffs ... 6ffddc8e98

Detect sort_order changes at page, section, and item levels between
cloned dashboards and their sources. Reorder operations now bump
dashboard version to trigger diff detection. Adds OrderChange model,
detectOrderChanges logic, and DiffPage template section.

Closes GP#386

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

feat(settings): add modular navbar and footer configuration ... 988b1107fd

Replace simple footer_text field with rich JSONB-backed navbar and
footer configuration. Navbar supports show/hide for logo, title, search,
notifications, and user menu. Footer supports modular components (text,
links, icon links) with optional branding toggle. Null config = full
defaults for backward compatibility.

Closes GP#168

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

test(settings): add navbar and footer config unit tests ... 8ee198c720

Model tests for NavbarConfig/FooterConfig nil defaults, explicit values,
element filtering, and AppSettings JSON round-trip. Template tests for
footer component rendering (text, link, icon), branding toggle, and
header navbar config visibility controls.

Closes GP#241

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

feat(ui): add styled error pages for 404, 403, and 500 ... 2ceb34418b

Self-contained error page template with gradient code display, themed
fallback colors, navigation actions. Replace all http.NotFound calls
with custom notFound that renders styled pages for standard requests
while preserving HTMX toast behavior. Adds forbidden and unauthorized
HTMX handling.

Closes GP#147

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

feat(themes): add 9 additional builtin themes ... da0cd4a5fb

Add Dracula, Nord, Gruvbox Dark, Gruvbox Light, Solarized Dark,
Solarized Light, Tokyo Night, One Dark, and Rosé Pine theme
definitions to the builtin themes list for seeding on startup.

Closes GP#150

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Merge feature/150-additional-themes into develop f56fc66de4

docs(responsive): add audit and mobile standards ... 314e8993ac

- Responsive audit covering all 26 templ components with ratings
- Mobile standards document with breakpoint strategy, layout patterns,
  and component checklist
- Created follow-up epic GP#1059 with 5 implementation tasks in v0.4.1

Closes GP#146

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Merge feature/146-mobile-responsiveness into develop aae47f9246

docs: establish project standards wiki ... 686221917d

Create index page and 8 standards documents covering testing, error
handling, database patterns, service layer, handler patterns, logging,
security, and git/branch conventions. All patterns extracted from the
actual codebase.

Closes GP#198

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Merge feature/198-project-standards-wiki into develop ae69f5f094

chore(git): clean up stale branches and document conventions ... 79a42bb142

- Deleted 27 merged feature branches from remote
- Deleted 28 merged local branches (features + release/v0.3.1)
- Updated branch naming conventions with all prefix types

Closes GP#196

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Merge feature/196-branch-hygiene into develop 7d61ac8c6f

chore(release): bump version to 0.4.0 ... 54d3e5a66e

Refs GP#1054

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Mike Bros added 1 commit 2026-02-18 19:01:25 +00:00

fix(release): apply gofumpt and goimports formatting ... ef51216b3d

Fix import ordering, column alignment, and naked returns flagged by
CI formatting checks.

Refs GP#1054

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Mike Bros merged commit 766baab4fe into main 2026-02-18 22:56:40 +00:00

Mike Bros deleted branch release/v0.4.0 2026-02-18 22:56:40 +00:00

Mike Bros referenced this pull request from a commit 2026-02-18 22:56:42 +00:00

Merge pull request 'Release v0.4.0' (!27) from release/v0.4.0 into main

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

2 participants

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

mike/gashy!27

No description provided.