Use errors.As instead of direct type assertion for proper wrapped error
handling, and handle additional close error codes (CloseGoingAway,
CloseAbnormalClosure) and EOF conditions to prevent gorilla/websocket
from panicking on subsequent reads.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Change OAuth client_id from /oauth/client-metadata.json to
/oauth-client-metadata.json to match atproto's "conventional" pattern.

This causes the PDS OAuth authorization screen to display just
"coves.social" instead of the full URL path, providing a cleaner
user experience.

Per atproto spec, a "conventional" client_id must be:
- https:// protocol
- pathname exactly /oauth-client-metadata.json
- no port or query string

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

The listCommunities endpoint was missing OptionalAuth middleware, which
meant GetUserDID() always returned empty string even for authenticated
requests. This caused viewer.subscribed to never be populated.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Fixes the issue where authenticated users couldn't see their subscription
status in the community list response, causing "My Communities" tab to show
no results and all community tiles to show "Join" instead of "Joined".

Changes:
- Add CommunityViewerState struct with tri-state *bool semantics
- Add GetSubscribedCommunityDIDs batch query to repository
- Add PopulateCommunityViewerState helper for viewer enrichment
- Update ListHandler to inject repo and populate viewer state
- Update route registration to pass repository through

The endpoint remains public but now enriches responses with viewer.subscribed
when the request is authenticated.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

- Add block_test.go with comprehensive unit tests for BlockHandler
- Add TestUnsubscribeHandler_RequiresOAuthSession test
- Add debugging context to ResumeSession errors (DID, sessionID)
- Add PDS error type detection in handleServiceError (ErrBadRequest,
ErrNotFound, ErrConflict, ErrUnauthorized, ErrForbidden)
- Add OAuth misconfiguration logging in getPDSClient
- Remove unused deleteRecordOnPDSAs method
- Remove unused oauthStore field from communityService
- Wrap identifier resolution errors with operation context
(subscribe:, unsubscribe:, block:, unblock:)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Replace plain Bearer token authentication with proper DPoP-authenticated
OAuth sessions for subscribe, unsubscribe, block, and unblock operations.

The issue was that atProto OAuth tokens are DPoP-bound and require both
an access token AND a DPoP proof header. The community service was using
plain Bearer authentication which caused "Malformed token" errors.

Changes:
- Update Service interface to use *oauth.ClientSessionData
- Add PDSClientFactory pattern for testability
- Update handlers to get OAuth session from middleware
- Update unit tests to inject OAuth session into context

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Add user comment history endpoint for profile pages with:
- Lexicon definition following AT Protocol conventions
- Handler with proper error handling (400/404/500 distinction)
- Cursor-based pagination with composite key (createdAt|uri)
- Optional community filtering
- Viewer vote state population for authenticated users
- Comprehensive handler tests (15 tests)
- Comprehensive service tests (13 tests)

Key fixes from PR review:
- resolutionFailedError now returns 500 (not 400)
- Added warning log for missing votes table
- Improved SQL parameter documentation for cursor filters

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Add aggregated user statistics to the social.coves.actor.getProfile response:
- postCount, commentCount, communityCount, membershipCount, reputation
- Efficient single-query with scalar subqueries
- Flat response structure matching lexicon specification

PR review fixes:
- Log database errors in ResolveHandleToDID before fallback (silent-failure-hunter)
- Marshal JSON to bytes before writing to prevent partial responses
- Wrap GetByDID errors with context for debugging
- Document intentional reputation counting for banned users

Tests: comprehensive coverage for all stat types including soft-delete
filtering, subscription counting, and non-existent DID handling.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

The Jetstream identity event consumer was intentionally changed to only
UPDATE existing users, not create new ones. This prevents indexing
millions of Bluesky users who never interact with Coves. Users are now
indexed during:
- OAuth login
- Signup (via RegisterAccount.IndexUser())

Test fixes:
- integration/jetstream_consumer_test.go: Pre-create users before
testing identity event handling; renamed tests to reflect behavior
- integration/community_e2e_test.go: Add test data cleanup to prevent
cross-test pollution affecting alphabetical sort test
- integration/user_test.go: Add comprehensive test data cleanup
(subscriptions, posts, communities) in setupTestDB
- e2e/error_recovery_test.go: Pre-create users in all identity event
tests (reconnection, malformed events, PDS unavailability, etc.)
- e2e/user_signup_test.go: Query AppView API instead of test database
to verify user creation; removed unused Jetstream consumer setup

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

- Add test-all target that runs all tests with live infrastructure
- Check dev stack, AppView, and test database before running tests
- Add LOG_ENABLED=false support to silence app logs during tests
- Add TestMain to integration, e2e, unit, and tests packages
- Fail fast on first test failure for quick feedback

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Add complete implementation for retrieving a user's posts by DID or handle:

- New XRPC endpoint: GET /xrpc/social.coves.actor.getPosts
- Handle resolution with local DB fallback (faster for indexed users)
- Filters: posts_with_replies, posts_no_replies, posts_with_media
- Community-scoped filtering
- Cursor-based pagination with proper duplicate prevention
- Viewer vote state population (when authenticated)
- Bluesky post embed resolution

Key improvements:
- ResolveHandleToDID now checks local DB first before external DNS/HTTPS
- Proper error distinction: actorNotFoundError vs resolutionFailedError
- Infrastructure failures (DB down, DNS errors) return 500, not 404

Includes comprehensive E2E tests against live PDS infrastructure.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

- Add UserIndexer interface and IndexUser method to index users after
successful OAuth authentication
- Change Jetstream consumer to only UPDATE existing users, not create new
ones (prevents indexing millions of unrelated Bluesky users)
- Add sentinel errors ErrUserNotFound and ErrHandleAlreadyTaken for
proper error handling instead of string matching
- Fix silent failure: Jetstream now propagates database errors instead
of silently dropping events during outages
- Remove redundant DID lookup in OAuth callback by reusing verifiedIdent
- Remove bsky.social fallback - not all users are on Bluesky
- Add compile-time interface satisfaction check for UserIndexer

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

The hot_rank cursor was using NOW() for comparison, but time passes between
page requests. This caused posts to drift across cursor boundaries, resulting
in duplicates appearing on subsequent pages.

Fix: Store cursor creation timestamp in the cursor and use it for hot_rank
computation in subsequent queries, ensuring stable comparisons.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Aggregator thumbnail uploads were failing for larger images. Increased
the blob size limit to 6MB to match Bluesky's standard blob limits.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Cron runs in a separate environment that doesn't inherit the container's
environment variables. This caused the COVES_API_KEY to be unavailable
when the cron job executed, resulting in failed runs.

Fix:
- Export COVES_* and PATH to /etc/environment at container startup
- Source /etc/environment in crontab before running the aggregator

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Creates a test aggregator account on the local PDS for development.
Inserts directly into users/aggregators tables to simulate the full
aggregator registration flow locally.

Usage: go run scripts/setup_dev_aggregator.go

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

- Add 5-create-api-key.sh for generating aggregator API keys
- Update aggregator-setup README with step 5 documentation
- Clarify that domain verification (.well-known) is optional
- Document both PDS handle and custom domain options
- Update kagi-news README for API key authentication flow
- Replace old password-based auth references with API key auth

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

The env var was in .env.prod but not passed through to the container,
causing the trusted aggregator check to always fail.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

- Check for COVES_API_KEY instead of AGGREGATOR_HANDLE/PASSWORD
- Display API key prefix on startup for debugging

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

- Switch from OAuth to simpler API key auth
- Add retry logic with exponential backoff
- Update examples and test coverage
- Remove httpx dependency (use requests)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Replace single KAGI_AGGREGATOR_DID with comma-separated
TRUSTED_AGGREGATOR_DIDS env var. Allows multiple aggregators
to bypass community authorization checks.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

- Register API key management routes in main.go (was missing)
- Add metrics handler for monitoring API key service health
- Improve error handling and validation in handlers
- Refactor apikey_service for better token refresh flow
- Update aggregator repo with credential persistence

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Deleted 41 spam bot accounts that were created between Dec 26-28.
All accounts used rotating residential proxies and followed the same
pattern: Brazilian-style names, no profiles, only follows/likes/reposts.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Add API key-based authentication allowing aggregators to post to communities
via bot-like behavior. This complements OAuth for programmatic access.

Key components:
- API key generation, validation, and revocation endpoints
- Encrypted OAuth token storage for session persistence
- DualAuthMiddleware supporting API keys alongside OAuth
- Database migrations for key storage with encryption at rest

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

- Extract external link embeds (title, description, thumb) from quoted posts
- Handle blocked quoted posts (#viewBlocked) with "This post is from a blocked account"
- Handle deleted quoted posts (#viewNotFound) with "This post has been deleted"
- Handle detached quoted posts (#viewDetached) with "This post is unavailable"
- Add Detached boolean field for consistency with Blocked/NotFound pattern
- Add logging for JSON unmarshal failures and timestamp parsing errors
- Improve doc comments for embed extraction functions

Also adds beads issue Coves-327 for Phase 3: image/video extraction

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

The Indigo xrpc client always sends Auth.AccessJwt as the Authorization
header, but com.atproto.server.refreshSession requires the refresh token
in that header. This was causing "InvalidToken: Invalid token type" errors
when community tokens needed refreshing.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

When embedding Bluesky posts that contain external links (link cards),
the external link metadata (URI, title, description, thumbnail) is now
extracted and stored in the BlueskyPostResult.

Changes:
- Add ExternalEmbed type to capture link card data
- Add Embed field to BlueskyPostResult
- Parse app.bsky.embed.external#view from Bluesky API responses
- Add unit tests for external embed extraction
- Fix productionPLCIdentityResolver to require db parameter

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Server was using local PLC directory (localhost:3002) for resolving real
Bluesky handles like "bretton.dev", which failed with 404 errors. Now uses
a dedicated production PLC resolver (https://plc.directory) that is READ-ONLY
for looking up existing Bluesky identities.

- Add productionPLCResolver in main.go for Bluesky handle resolution
- Update tests to use production PLC helper function
- Clean up debug logging in post service

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Address PR review feedback:
- Add debug logging when URI is not a string type
- Differentiate timeout errors from other parse errors
- Include unavailable post message in log output
- Add test case for wrong URI type (int instead of string)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

When a user pastes a Bluesky URL (bsky.app) as an external embed,
convert it to a social.coves.embed.post with proper strongRef
containing both URI and CID. This enables rich embedded quote posts
instead of plain external links.

Key changes:
- Implement tryConvertBlueskyURLToPostEmbed in service.go
- Detect Bluesky URLs and resolve them via blueskyService
- Parse URL to AT-URI (resolves handle to DID if needed)
- Fetch CID from Bluesky API for strongRef
- Fall back to external embed on errors (graceful degradation)
- Differentiated logging for circuit breaker vs other errors
- Keep unavailable posts as external embeds (no fake CIDs)

Test coverage:
- Unit tests for all error cases and success path
- Integration test for URL to strongRef conversion

Closes: Coves-p44

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Hot ranking formula now uses (score + 1) instead of score to prevent
new posts with 0 votes from sinking to the bottom. Previously,
0 / time_decay = 0 caused all unvoted posts to have rank 0.

Affects discover, timeline, and community feed repos.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Update community handles to use c-{name}.{instance} pattern and
enable additional feeds (US News, Science).

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Extend auth middleware to accept both OAuth sealed tokens (users) and
PDS service JWTs (aggregators). Uses Indigo's ServiceAuthValidator for
JWT signature verification against DID document public keys.

Security model:
- Detect token format upfront (detect-and-route, not fallback)
- JWT auth restricted to DIDs in aggregators table
- Aggregators self-register via social.coves.aggregator.service record

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Phase 1 is text-only, so skip converting Bluesky URLs to post embeds.
The social.coves.embed.post lexicon requires a valid CID in strongRef,
which we don't have without calling ResolvePost. This caused P1 bug
where empty CID violated lexicon validation.

Changes:
- Disable tryConvertBlueskyURLToPostEmbed (return false, remove dead code)
- Add TestBlueskyPostCrossPosting_E2E_LivePDS integration test that
writes posts with Bluesky URLs directly to dev PDS to catch lexicon
validation errors
- Create beads for Phase 2 embed conversion (Coves-p44) and functional
options refactoring (Coves-8k1, Coves-jdf, etc.)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

- Fix quoted post mapping for recordWithMedia#view embeds
- Handle nested viewRecord structure where content is in embed.record.record
- Add mapViewRecordToResult and mapNestedViewRecordToResult functions
- Properly extract text and author from value field (not record field)

- Implement age-based cache TTL decay for scalability
- Fresh posts (< 24h): 15 min TTL (engagement changing rapidly)
- Recent posts (1-7 days): 1 hour TTL
- Old posts (7+ days): 24 hour TTL
- Unavailable posts: 15 min TTL (allow re-checking)

- Add comprehensive unit tests for TTL calculation
- Add integration tests for live Bluesky API interaction
- Update integration tests for new blueskyService parameter

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Enable users to embed Bluesky posts by pasting bsky.app URLs. Posts are
resolved at response time with text, author info, and engagement stats.

## New Package: internal/core/blueskypost/

Core service following the unfurl package pattern:
- types.go: BlueskyPostResult, Author structs with ErrCircuitOpen sentinel
- interfaces.go: Service and Repository interfaces
- repository.go: PostgreSQL cache with TTL (1 hour) and AT-URI validation
- url_parser.go: bsky.app URL → AT-URI conversion with rkey validation
- fetcher.go: Bluesky public API client using SSRF-safe HTTP client
- circuit_breaker.go: Failure protection (3 failures, 5min open)
- service.go: Cache-first resolution with circuit breaker integration

## Features

- Detect bsky.app URLs in post creation, convert to social.coves.embed.post
- Resolve Bluesky posts at feed response time via TransformPostEmbeds()
- Support for quoted posts (1 level deep)
- Media indicators (hasMedia, mediaCount) without rendering (Phase 2)
- Typed error handling with retryable flag for transient failures
- Debug logging for embed processing traceability

## Integration

- Updated discover, timeline, communityFeed handlers
- Wired blueskypost service in cmd/server/main.go
- Database migration for bluesky_post_cache table

## Test Coverage: 73.1%

- url_parser_test.go: URL parsing, validation, edge cases
- circuit_breaker_test.go: State transitions, thread safety
- service_test.go: Cache hit/miss, circuit breaker integration
- fetcher_test.go: Post mapping, media detection, quotes
- repository_test.go: AT-URI validation

## Out of Scope (Phase 2)

- Rendering embedded images/videos
- Moderation labels (NSFW handling)
- Deep quote chains (>1 level nesting)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

- Update GetCommunity() to accept DIDs, canonical handles (c-name.domain),
scoped identifiers (!name@domain), and at-identifiers (@handle)
- Fix subscribe/unsubscribe handlers to let service handle identifier resolution
(removes redundant ResolveCommunityIdentifier calls)
- Add community error handling to aggregator handlers to properly return
404/400 instead of 500 for community errors
- Add communityService dependency to listForCommunity handler for identifier
resolution
- Preserve original identifier in error messages for better debugging
- Add comprehensive unit tests for subscribe/unsubscribe handlers
- Add GetCommunity identifier resolution integration tests
- Add handle format tests for listForCommunity E2E tests

Fixes issue where endpoints only accepted DIDs and rejected valid handles
like c-worldnews.coves.social

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

The test was using AddUser() which creates a mock token, but subscription
and other write operations need the real PDS access token. Using
AddUserWithPDSToken() stores the actual PDS token so write-forward works.

All tests now pass without --short flag.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

- Fix concurrent modification test to accept either ErrConflict (409)
or CID mismatch error (400 "Record was at")
- Shorten e2epost community name to stay under handle length limit

Remaining: TestFullUserJourney_E2E fails due to PDS token validation
issue ("InvalidToken") - this is a test infrastructure issue where the
community's stored access token is no longer valid with the PDS.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Fixes:
- Exclude deleted top-level comments from ListByParentWithHotRank query
(nested deleted comments still preserved via ListByParentsBatch)
- Fix OAuth E2E tests: unwrap MobileAwareStoreWrapper for cleanup methods
- Fix hostedby security tests: conditionally skip DID verification
- Fix concurrent_scenarios_test: use correct column name (commenter_did)
- Fix user_journey_e2e_test: use correct column name (commenter_did)
- Fix handle length issues: use shorter prefixes with 6-digit timestamps
to stay under ATProto's 32-character handle limit

Pre-commit hook:
- Add go vet check that rejects commits with static analysis issues

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

- Fix TestHandleClientMetadata to expect full metadata URL per atproto OAuth spec
- Fix TestVoteRepo_Delete to match GetByURI behavior (excludes soft-deleted votes)
- Fix TestPostgresOAuthStore_CleanupExpiredSessions test isolation
- Fix lexicon IDs to use lowerCamelCase (getProfile, updateProfile) per atproto spec

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Change community handle format to simplify DNS/Caddy configuration:
- Old: gaming.community.coves.social
- New: c-gaming.coves.social

This works with single-level wildcard certificates (*.coves.social)
while keeping the same user-facing display format (!gaming@coves.social).

Changes:
- Add migration 022 to update existing handles in database
- Update handle generation in pds_provisioning.go
- Update GetDisplayHandle() parsing in community.go
- Update scoped identifier resolution in service.go
- Update PDS_SERVICE_HANDLE_DOMAINS in docker-compose.dev.yml

Also addresses PR review feedback:
- Fix LRU cache error handling (panic on critical failure)
- Add logging for JSON marshal failures in facets
- Add DEBUG logging for domain extraction fallbacks
- Add DEBUG logging for GetDisplayHandle parse failures
- Add WARNING log for non-did:web hostedBy
- Add edge case tests for malformed handle inputs

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Add true E2E integration tests that verify the full write-forward flow
through real PDS and Jetstream infrastructure:

- Comment E2E tests: create, update, delete with real Jetstream indexing
- Comment authorization tests: verify users cannot modify others' comments
- Comment validation tests: verify proper error handling
- Community update E2E tests: single and multiple updates via Jetstream

These tests require dev infrastructure (make dev-up) and are skipped
in short mode. Fixed race condition where Jetstream subscription started
after create event was emitted.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Add optional sources array to create_external_embed() for including
article source citations in post embeds. Sources are passed through
from parsed Kagi news stories to the embed structure.

- Add sources parameter to CovesClient.create_external_embed()
- Pass story sources to embed in Aggregator.run()
- Add comprehensive unit tests for create_external_embed()
- Add integration tests for posting with/without sources

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

When a user changes their handle on their PDS, all active OAuth sessions
are now updated to reflect the new handle. This ensures mobile/web apps
display the correct handle without requiring re-authentication.

Implementation:
- Add UpdateHandleByDID method to PostgresOAuthStore
- Add SessionHandleUpdater interface for dependency injection
- Use functional options pattern for consumer configuration
- Pass verified handle through mobile callback flow

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Add --remove-orphans flag and network cleanup to prevent stale
containers from accumulating during development.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

- Add missing mock methods to vote handler tests (EnsureCachePopulated,
GetViewerVote, GetViewerVotesForSubjects)
- Add //go:build ignore to standalone scripts to exclude from package lint
- Remove deprecated skip-dirs from golangci config

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

- Add Claude hook (.claude/settings.json) to run gofumpt after editing .go files
- Fix .golangci.yml Go version to 1.24 to match golangci-lint build version
- Pre-commit hook updated to use full path for golangci-lint

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Use ON CONFLICT DO NOTHING for comment indexing to handle race
conditions from duplicate Jetstream events (at-least-once delivery).
This eliminates duplicate key constraint errors when the same event
is delivered multiple times.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

Add optional authentication support to the Discover feed endpoint so
authenticated users can see their existing likes/votes on posts.

Changes:
- Add voteService and OptionalAuth middleware to Discover handler
- Extract shared PopulateViewerVoteState helper to reduce duplication
- Add FeedPostProvider interface with GetPost() method to all feed types
- Add comprehensive integration tests for viewer vote state

The Discover feed remains public (unauthenticated users can still view it),
but authenticated users now receive their vote state (vote direction and URI)
on each post, matching the behavior of Timeline and Community Feed handlers.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

Implement PutRecord in PDS client with swapRecord CID validation:
- Add ErrConflict error type for HTTP 409 responses
- Add PutRecord method to Client interface with optimistic locking
- Map 409 status to ErrConflict in wrapAPIError

Migrate UpdateComment to use PutRecord:
- Use existingRecord.CID as swapRecord for concurrent modification detection
- Add ErrConcurrentModification error type in comments package
- Return proper error when PDS detects CID mismatch

Testing:
- Add PutRecord unit tests (success, conflict, typed errors)
- Add PutRecord to mockPDSClient for unit test compatibility
- Add integration test for concurrent modification detection

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

Implement comment deletion that preserves thread structure by keeping
tombstone records with blanked content instead of hiding comments entirely.

Features:
- Add deletion_reason enum (author, moderator) and deleted_by column
- Blank content on delete but preserve threading references
- Include deleted comments in thread queries as "[deleted]" placeholders
- Add RepositoryTx interface for atomic delete + count updates
- Add validation for deletion reason constants

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

Add SoftDeleteWithReasonTx to mockCommentRepo implementing RepositoryTx.
Update SoftDeleteWithReason to validate deletion reason and delegate
to the Tx method.

Update test for deleted comments to verify they appear as placeholders
with IsDeleted=true instead of being filtered out.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>