pdewey.com
commits
Signed-off-by: Seongmin Lee <git@boltless.me>
Signed-off-by: Seongmin Lee <git@boltless.me>
Signed-off-by: Seongmin Lee <git@boltless.me>
Signed-off-by: Seongmin Lee <git@boltless.me>
Signed-off-by: Seongmin Lee <git@boltless.me>
monospace font for textarea in dev app is so common that we can just
apply it as an opt-out style for all textareas
Signed-off-by: Seongmin Lee <git@boltless.me>
Add sandboxed atmosphere environment for local testing. This new vm
contains everything required to run local test appview including PLC,
PDS, Jetstream (listening to single PDS), knot and spindle.
I'm using my custom `tngl.boltless.dev` domain which resolves to
`127.0.0.1` without any proxy.
PLC: plc.tngl.boltless.dev
PDS: pds.tngl.boltless.dev
Relay: relay.tngl.boltless.dev
Jetstream: jetstream.tngl.boltless.dev
Knot: knot.tngl.boltless.dev
Spindle: spindle.tngl.boltless.dev
TLS is supported with caddy service running inside the vm.
note: `pds.env` file here is hard copy to be used for contrib/scripts.
note: upgraded pds package in order to set email settings
Signed-off-by: Seongmin Lee <git@boltless.me>
Implemented tangled link extension. This can be extended for other link
types like issue/pull references in future.
The `tangled.org` host is hardcoded right now.
Close: <https://tangled.org/tangled.org/core/issues/382>
Signed-off-by: Seongmin Lee <git@boltless.me>
we should really upgrade to tailwind 4.x at some point!
Signed-off-by: oppiliappan <me@oppi.li>
- transparent blue caused text ovelaps
- mobile view hide the split/unified buttons
- transparent topbar caused text overlaps
Signed-off-by: oppiliappan <me@oppi.li>
Signed-off-by: oppiliappan <me@oppi.li>
also fixes a subtle bug: when timeline commits are populated from the
punchcard, only the current year's commits are available, however the
timeline can span across two years (as it does today: Jan 2026, Dec
2025, Nov 2025 ...).
Signed-off-by: oppiliappan <me@oppi.li>
Signed-off-by: oppiliappan <me@oppi.li>
the lockable http tarball protocol is meant to serve tarball flakes, by
emitting a stable `Link` header:
Link: <flakeref>; rel="immutable"
this patch now supports the new header in two places, on the appview, at
the `/archive/<ref>.tar.gz` endpoint:
λ nix flake metadata -v --refresh --no-write-lock-file 'http://127.0.0.1:3000/oppi.li/repo-19-01-26-08-04-14/archive/main.tar.gz'
unpacking 'http://127.0.0.1:3000/oppi.li/repo-19-01-26-08-04-14/archive/main.tar.gz' into the Git cache...
warning: not writing modified lock file of flake 'http://127.0.0.1:3000/oppi.li/repo-19-01-26-08-04-14/archive/main.tar.gz':
• Added input 'nixpkgs':
'github:nixos/nixpkgs/bde09022887110deb780067364a0818e89258968?narHash=sha256-tLj4KcRDLakrlpvboTJDKsrp6z2XLwyQ4Zmo%2Bw8KsY4%3D' (2026-01-19)
Resolved URL: http://127.0.0.1:3000/oppi.li/repo-19-01-26-08-04-14/archive/main.tar.gz
Locked URL: http://127.0.0.1:3000/did:plc:qfpnj4og54vl56wngdriaxug/repo-19-01-26-08-04-14/archive/a63d945ae97b84812e394207f3cc80f6525c2082.tar.gz?narHash=sha256-IdKT88RIWvWrgQFx6c%2BX3cC7JFene%2BQI9yo2rKSGoA4%3D
Path: /nix/store/0k9pv83f0qn5cm0qy82j51plryk7szx7-source
Fingerprint: 9512ee4857b31a76c1112f05161bda5280d8596b866c4f78986c6c01c1d2f419
Inputs:
└───nixpkgs: github:nixos/nixpkgs/bde09022887110deb780067364a0818e89258968?narHash=sha256-tLj4KcRDLakrlpvboTJDKsrp6z2XLwyQ4Zmo%2Bw8KsY4%3D (2026-01-19 00:39:23)
and on the knotserver, when using the `/xrpc/sh.tangled.repo.archive`
endpoint:
λ nix flake metadata -v --refresh --no-write-lock-file "http://localhost:5555/xrpc/sh.tangled.repo.archive?format=tar.gz&prefix=&ref=main&repo=did%3Aplc%3Aqfpnj4og54vl56wngdriaxug%2Frepo-19-01-26-08-04-14"
unpacking 'http://localhost:5555/xrpc/sh.tangled.repo.archive?format=tar.gz&prefix=&ref=main&repo=did:plc:qfpnj4og54vl56wngdriaxug/repo-19-01-26-08-04-14' into the Git cache...
warning: not writing modified lock file of flake 'http://localhost:5555/xrpc/sh.tangled.repo.archive?format=tar.gz&prefix=&ref=main&repo=did:plc:qfpnj4og54vl56wngdriaxug/repo-19-01-26-08-04-14':
• Added input 'nixpkgs':
'github:nixos/nixpkgs/bde09022887110deb780067364a0818e89258968?narHash=sha256-tLj4KcRDLakrlpvboTJDKsrp6z2XLwyQ4Zmo%2Bw8KsY4%3D' (2026-01-19)
Resolved URL: http://localhost:5555/xrpc/sh.tangled.repo.archive?format=tar.gz&prefix=&ref=main&repo=did:plc:qfpnj4og54vl56wngdriaxug/repo-19-01-26-08-04-14
Locked URL: http://localhost:5555/xrpc/sh.tangled.repo.archive?format=tar.gz&narHash=sha256-IdKT88RIWvWrgQFx6c%2BX3cC7JFene%2BQI9yo2rKSGoA4%3D&prefix=&ref=a63d945ae97b84812e394207f3cc80f6525c2082&repo=did:plc:qfpnj4og54vl56wngdriaxug/repo-19-01-26-08-04-14
Path: /nix/store/0k9pv83f0qn5cm0qy82j51plryk7szx7-source
Fingerprint: 9512ee4857b31a76c1112f05161bda5280d8596b866c4f78986c6c01c1d2f419
Inputs:
└───nixpkgs: github:nixos/nixpkgs/bde09022887110deb780067364a0818e89258968?narHash=sha256-tLj4KcRDLakrlpvboTJDKsrp6z2XLwyQ4Zmo%2Bw8KsY4%3D (2026-01-19 00:39:23)
note that the "Resolved URL" includes a hash of the commit.
Co-authored-by: Seongmin Lee <git@boltless.me>
Signed-off-by: oppiliappan <me@oppi.li>
After refactoring record deletion logic, we only need
`db.GetReactionStatus`
Signed-off-by: Seongmin Lee <git@boltless.me>
- upsert public key to handle record update event
- don't delete by pair of name and key. delete by name or rkey instead.
Signed-off-by: Seongmin Lee <git@boltless.me>
Most service flow will be:
1. start db transaction
2. run db operation
3. run PDS operation
4. rollback db if anything above failed
5. commit transaction
If PDS operation succeed, don't try rollback anymore. The ingester will
backfill the missed db operations.
Signed-off-by: Seongmin Lee <git@boltless.me>
Signed-off-by: Seongmin Lee <git@boltless.me>
migrate tables: `stars`, `reactions`, `follows`, `public_keys`
Two major changes:
1. Remove autoincrement id for these tables.
AUTOINCREMENT primary key does not help much for these tables and only
introduces slice performance overhead. Use default `rowid` with
non-autoincrement integer instead.
2. Remove unique constraints other than `(did, rkey)`
We cannot block users creating non-unique atproto records. Appview needs
to handle those properly. For example, if user unstar a repo, appview
should delete all existing star records pointing to that repo.
To allow this, remove all constraints other than `(did, rkey)`.
Minor changes done while migrating tables:
- rename `thread_at` in `reactions` to `subject_at` to match with other
tables
- follow common column names like `did` and `created`
- allow self-follow (similar reason to 2nd major change. we should block
it from service layer instead)
Signed-off-by: Seongmin Lee <git@boltless.me>
Appview cannot modify the user-owned record on repository deletion
Signed-off-by: Seongmin Lee <git@boltless.me>
Signed-off-by: Seongmin Lee <git@boltless.me>
- RBAC should be enforced on service logic.
- We should not check for referenced records existence from db due to
the nature of atproto.
- Comment depth validation is not necessary. We can accept them and just
don't render replies with deeper depth.
Move markdown sanitizer to dedicated package to avoid import cycle
Signed-off-by: Seongmin Lee <git@boltless.me>
Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>
Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>
Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>
Some more conditional styling for rounding. Makes it look more cohesive.
Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>
Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>
this greatly improves build speed of derivations that depend on the
dolly derivation, because it no longer rebuilds everytime there is a
change to appview.
Signed-off-by: oppiliappan <me@oppi.li>
adding text-inherit overrides the `<a>` styling.
Signed-off-by: oppiliappan <me@oppi.li>
Tiny avatar, description and paddings are now uniform across repo and
string pages.
Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>
Signed-off-by: Seongmin Lee <git@boltless.me>
`sh.tangled.pipeline` events are now completely generated & streamed
from spindle
Signed-off-by: Seongmin Lee <git@boltless.me>
spindle will emit `sh.tangled.pipeline` event on:
- `sh.tangled.git.refUpdate` events from knot stream
- live create/update events of `sh.tangled.repo.pull` records
Signed-off-by: Seongmin Lee <git@boltless.me>
Spindle will sync git repo when new repo is registered
Spindle will listen to `sh.tangled.git.refUpdate` event from knot
stream and sync its local git repo instead. Spindle's git repo will
sparse-checkout only `/.tangled/workflows` directory.
Spindle now requires git version >=2.49 for `--revision` flag in `git
clone` command.
References:
- <https://stackoverflow.com/q/47541033/13150270>
- <https://stackoverflow.com/q/600079/13150270>
Signed-off-by: Seongmin Lee <git@boltless.me>
This single persistent directory can be used for storing general spindle
data like db, motd file and upcoming sparse-clone git repos.
db path will be `${DATA_DIR}/spindle.db`
Signed-off-by: Seongmin Lee <git@boltless.me>
spindle-tap will collect/stream record events from:
- users dynamically added by spindle (spindle members | collaborators of
repos using spindle)
- any users with `sh.tangled.repo.pull` collection
It might be bit inefficient considering it will also stream repo
creation events from PR authors due to second rule, but at least we now
have backfill logic and Sync 1.1 based syncing.
This inefficiency can be fixed later by modifying upstream tap cli or
embedding tap into spindle.
```
+--------- all tangled users --------+
| |
| +-- users known to spindle-tap --+ |
| | (PR author / manually added) | |
| | | |
| | +----------------------------+ | |
| | | users known to spindle | | |
| | | (members / collaborators) | | |
| | +----------------------------+ | |
| +--------------------------------+ |
+------------------------------------+
```
Close: <https://tangled.org/tangled.org/core/issues/341>
Signed-off-by: Seongmin Lee <git@boltless.me>
This new db migration won't migrate existing records in repos table.
Instead, it will simply rename the legacy table to `repos_old` and
create a new one with same name.
repo backfill will be done with tap
Signed-off-by: Seongmin Lee <git@boltless.me>
create new one if it's missing
Signed-off-by: Seongmin Lee <git@boltless.me>
This commit includes bare minimum tap client to use tap from spindle.
Signed-off-by: Seongmin Lee <git@boltless.me>
This commit won't work without following spindle rewrite to use tap and
introduce backfill because repos table is empty yet.
Signed-off-by: Seongmin Lee <git@boltless.me>
1. Use repo AT-URI as identifier.
2. Use `dom` field rather than `obj` to filter by repository. So now
it's "user with role A in repo B can do action D to field C" where
`A,B,C,D` are `sub,dom,obj,act`.
3. Manage app-logic rules in embedded csv file which won't be saved in
db and load to memory on start. This makes app's global rbac rule
change easier as we just need to edit the csv file.
Many permission check methods are missing, but should be enough to test
this new RBAC enforcer package in spindle.
Related issue: <https://tangled.org/tangled.org/core/issues/282>
Signed-off-by: Seongmin Lee <git@boltless.me>
- did-method-plc
- bluesky-jetstream
- bluesky-relay
- tap
Signed-off-by: Seongmin Lee <git@boltless.me>
the new 3-panel layout puts the diff upfront, and the review panel off
to the right. on mobile devices, the review panel is a collapsible
bottom-sheet, and on desktop, it is a collapsible side-panel. it is now
possible to comment on a PR while viewing its diff.
all the JS on the page is entirely optional and simply added for
quality-of-life (such as auto-collapsing the bottomsheet on mobile
etc.).
in the review panel, submissions are listed with a top-level entry, and
comments on each submission are "reply" entries. the top-level
submission header includes the following information:
- commit messages and bodies (if available, on patch PRs this is
omitted)
- pipeline status (if avaiable, only for PRs that have triggered CI)
- mergability (if available, this is calculated only for the
latest submission)
the actual merge status (merged/closed/deleted) of the PR is listed
above the pull-action bar. previous designs combined the mergability
check and the merge-status into one component.
Signed-off-by: oppiliappan <me@oppi.li>
all 3 pages are presented in one page now.
Signed-off-by: oppiliappan <me@oppi.li>
the component is almost identical to the new-comment component on issues
now.
the loader icon now replaces the existing button icon when a request is
inflight. this is much cleverer because it avoids the increase in button
width when a request is inflight.
Signed-off-by: oppiliappan <me@oppi.li>
Signed-off-by: oppiliappan <me@oppi.li>
also removes unused functions such as filetree.
any object that adheres to the DiffRenderer interface can now be
presented as html using the repo/fragments/diff template.
types.NiceDiff and patchutil.Interdiff now implement the new interface.
this allows us to remove the differing rendering logic necessary to
present each kind of diff.
any {split,unified} {diff,interdiff} can be rendered by adhering to this
interface.
move most of the logic from the html template into golang. this is just
much more predictable. also add a short and long form summary.
Signed-off-by: Seongmin Lee <git@boltless.me>
Add sandboxed atmosphere environment for local testing. This new vm
contains everything required to run local test appview including PLC,
PDS, Jetstream (listening to single PDS), knot and spindle.
I'm using my custom `tngl.boltless.dev` domain which resolves to
`127.0.0.1` without any proxy.
PLC: plc.tngl.boltless.dev
PDS: pds.tngl.boltless.dev
Relay: relay.tngl.boltless.dev
Jetstream: jetstream.tngl.boltless.dev
Knot: knot.tngl.boltless.dev
Spindle: spindle.tngl.boltless.dev
TLS is supported with caddy service running inside the vm.
note: `pds.env` file here is hard copy to be used for contrib/scripts.
note: upgraded pds package in order to set email settings
Signed-off-by: Seongmin Lee <git@boltless.me>
the lockable http tarball protocol is meant to serve tarball flakes, by
emitting a stable `Link` header:
Link: <flakeref>; rel="immutable"
this patch now supports the new header in two places, on the appview, at
the `/archive/<ref>.tar.gz` endpoint:
λ nix flake metadata -v --refresh --no-write-lock-file 'http://127.0.0.1:3000/oppi.li/repo-19-01-26-08-04-14/archive/main.tar.gz'
unpacking 'http://127.0.0.1:3000/oppi.li/repo-19-01-26-08-04-14/archive/main.tar.gz' into the Git cache...
warning: not writing modified lock file of flake 'http://127.0.0.1:3000/oppi.li/repo-19-01-26-08-04-14/archive/main.tar.gz':
• Added input 'nixpkgs':
'github:nixos/nixpkgs/bde09022887110deb780067364a0818e89258968?narHash=sha256-tLj4KcRDLakrlpvboTJDKsrp6z2XLwyQ4Zmo%2Bw8KsY4%3D' (2026-01-19)
Resolved URL: http://127.0.0.1:3000/oppi.li/repo-19-01-26-08-04-14/archive/main.tar.gz
Locked URL: http://127.0.0.1:3000/did:plc:qfpnj4og54vl56wngdriaxug/repo-19-01-26-08-04-14/archive/a63d945ae97b84812e394207f3cc80f6525c2082.tar.gz?narHash=sha256-IdKT88RIWvWrgQFx6c%2BX3cC7JFene%2BQI9yo2rKSGoA4%3D
Path: /nix/store/0k9pv83f0qn5cm0qy82j51plryk7szx7-source
Fingerprint: 9512ee4857b31a76c1112f05161bda5280d8596b866c4f78986c6c01c1d2f419
Inputs:
└───nixpkgs: github:nixos/nixpkgs/bde09022887110deb780067364a0818e89258968?narHash=sha256-tLj4KcRDLakrlpvboTJDKsrp6z2XLwyQ4Zmo%2Bw8KsY4%3D (2026-01-19 00:39:23)
and on the knotserver, when using the `/xrpc/sh.tangled.repo.archive`
endpoint:
λ nix flake metadata -v --refresh --no-write-lock-file "http://localhost:5555/xrpc/sh.tangled.repo.archive?format=tar.gz&prefix=&ref=main&repo=did%3Aplc%3Aqfpnj4og54vl56wngdriaxug%2Frepo-19-01-26-08-04-14"
unpacking 'http://localhost:5555/xrpc/sh.tangled.repo.archive?format=tar.gz&prefix=&ref=main&repo=did:plc:qfpnj4og54vl56wngdriaxug/repo-19-01-26-08-04-14' into the Git cache...
warning: not writing modified lock file of flake 'http://localhost:5555/xrpc/sh.tangled.repo.archive?format=tar.gz&prefix=&ref=main&repo=did:plc:qfpnj4og54vl56wngdriaxug/repo-19-01-26-08-04-14':
• Added input 'nixpkgs':
'github:nixos/nixpkgs/bde09022887110deb780067364a0818e89258968?narHash=sha256-tLj4KcRDLakrlpvboTJDKsrp6z2XLwyQ4Zmo%2Bw8KsY4%3D' (2026-01-19)
Resolved URL: http://localhost:5555/xrpc/sh.tangled.repo.archive?format=tar.gz&prefix=&ref=main&repo=did:plc:qfpnj4og54vl56wngdriaxug/repo-19-01-26-08-04-14
Locked URL: http://localhost:5555/xrpc/sh.tangled.repo.archive?format=tar.gz&narHash=sha256-IdKT88RIWvWrgQFx6c%2BX3cC7JFene%2BQI9yo2rKSGoA4%3D&prefix=&ref=a63d945ae97b84812e394207f3cc80f6525c2082&repo=did:plc:qfpnj4og54vl56wngdriaxug/repo-19-01-26-08-04-14
Path: /nix/store/0k9pv83f0qn5cm0qy82j51plryk7szx7-source
Fingerprint: 9512ee4857b31a76c1112f05161bda5280d8596b866c4f78986c6c01c1d2f419
Inputs:
└───nixpkgs: github:nixos/nixpkgs/bde09022887110deb780067364a0818e89258968?narHash=sha256-tLj4KcRDLakrlpvboTJDKsrp6z2XLwyQ4Zmo%2Bw8KsY4%3D (2026-01-19 00:39:23)
note that the "Resolved URL" includes a hash of the commit.
Co-authored-by: Seongmin Lee <git@boltless.me>
Signed-off-by: oppiliappan <me@oppi.li>
migrate tables: `stars`, `reactions`, `follows`, `public_keys`
Two major changes:
1. Remove autoincrement id for these tables.
AUTOINCREMENT primary key does not help much for these tables and only
introduces slice performance overhead. Use default `rowid` with
non-autoincrement integer instead.
2. Remove unique constraints other than `(did, rkey)`
We cannot block users creating non-unique atproto records. Appview needs
to handle those properly. For example, if user unstar a repo, appview
should delete all existing star records pointing to that repo.
To allow this, remove all constraints other than `(did, rkey)`.
Minor changes done while migrating tables:
- rename `thread_at` in `reactions` to `subject_at` to match with other
tables
- follow common column names like `did` and `created`
- allow self-follow (similar reason to 2nd major change. we should block
it from service layer instead)
Signed-off-by: Seongmin Lee <git@boltless.me>
- RBAC should be enforced on service logic.
- We should not check for referenced records existence from db due to
the nature of atproto.
- Comment depth validation is not necessary. We can accept them and just
don't render replies with deeper depth.
Move markdown sanitizer to dedicated package to avoid import cycle
Signed-off-by: Seongmin Lee <git@boltless.me>
Spindle will sync git repo when new repo is registered
Spindle will listen to `sh.tangled.git.refUpdate` event from knot
stream and sync its local git repo instead. Spindle's git repo will
sparse-checkout only `/.tangled/workflows` directory.
Spindle now requires git version >=2.49 for `--revision` flag in `git
clone` command.
References:
- <https://stackoverflow.com/q/47541033/13150270>
- <https://stackoverflow.com/q/600079/13150270>
Signed-off-by: Seongmin Lee <git@boltless.me>
spindle-tap will collect/stream record events from:
- users dynamically added by spindle (spindle members | collaborators of
repos using spindle)
- any users with `sh.tangled.repo.pull` collection
It might be bit inefficient considering it will also stream repo
creation events from PR authors due to second rule, but at least we now
have backfill logic and Sync 1.1 based syncing.
This inefficiency can be fixed later by modifying upstream tap cli or
embedding tap into spindle.
```
+--------- all tangled users --------+
| |
| +-- users known to spindle-tap --+ |
| | (PR author / manually added) | |
| | | |
| | +----------------------------+ | |
| | | users known to spindle | | |
| | | (members / collaborators) | | |
| | +----------------------------+ | |
| +--------------------------------+ |
+------------------------------------+
```
Close: <https://tangled.org/tangled.org/core/issues/341>
Signed-off-by: Seongmin Lee <git@boltless.me>
1. Use repo AT-URI as identifier.
2. Use `dom` field rather than `obj` to filter by repository. So now
it's "user with role A in repo B can do action D to field C" where
`A,B,C,D` are `sub,dom,obj,act`.
3. Manage app-logic rules in embedded csv file which won't be saved in
db and load to memory on start. This makes app's global rbac rule
change easier as we just need to edit the csv file.
Many permission check methods are missing, but should be enough to test
this new RBAC enforcer package in spindle.
Related issue: <https://tangled.org/tangled.org/core/issues/282>
Signed-off-by: Seongmin Lee <git@boltless.me>
the new 3-panel layout puts the diff upfront, and the review panel off
to the right. on mobile devices, the review panel is a collapsible
bottom-sheet, and on desktop, it is a collapsible side-panel. it is now
possible to comment on a PR while viewing its diff.
all the JS on the page is entirely optional and simply added for
quality-of-life (such as auto-collapsing the bottomsheet on mobile
etc.).
in the review panel, submissions are listed with a top-level entry, and
comments on each submission are "reply" entries. the top-level
submission header includes the following information:
- commit messages and bodies (if available, on patch PRs this is
omitted)
- pipeline status (if avaiable, only for PRs that have triggered CI)
- mergability (if available, this is calculated only for the
latest submission)
the actual merge status (merged/closed/deleted) of the PR is listed
above the pull-action bar. previous designs combined the mergability
check and the merge-status into one component.
Signed-off-by: oppiliappan <me@oppi.li>