tangled.org
commits
Signed-off-by: Seongmin Lee <git@boltless.me>
`sh.tangled.pipeline` events are now completely generated & streamed
from spindle
Signed-off-by: Seongmin Lee <git@boltless.me>
spindle will emit `sh.tangled.pipeline` event on:
- `sh.tangled.git.refUpdate` events from knot stream
- live create/update events of `sh.tangled.repo.pull` records
Signed-off-by: Seongmin Lee <git@boltless.me>
Spindle will sync git repo when new repo is registered
Spindle will listen to `sh.tangled.git.refUpdate` event from knot
stream and sync its local git repo instead. Spindle's git repo will
sparse-checkout only `/.tangled/workflows` directory.
Spindle now requires git version >=2.49 for `--revision` flag in `git
clone` command.
References:
- <https://stackoverflow.com/q/47541033/13150270>
- <https://stackoverflow.com/q/600079/13150270>
Signed-off-by: Seongmin Lee <git@boltless.me>
This single persistent directory can be used for storing general spindle
data like db, motd file and upcoming sparse-clone git repos.
db path will be `${DATA_DIR}/spindle.db`
Signed-off-by: Seongmin Lee <git@boltless.me>
spindle-tap will collect/stream record events from:
- users dynamically added by spindle (spindle members | collaborators of
repos using spindle)
- any users with `sh.tangled.repo.pull` collection
It might be bit inefficient considering it will also stream repo
creation events from PR authors due to second rule, but at least we now
have backfill logic and Sync 1.1 based syncing.
This inefficiency can be fixed later by modifying upstream tap cli or
embedding tap into spindle.
```
+--------- all tangled users --------+
| |
| +-- users known to spindle-tap --+ |
| | (PR author / manually added) | |
| | | |
| | +----------------------------+ | |
| | | users known to spindle | | |
| | | (members / collaborators) | | |
| | +----------------------------+ | |
| +--------------------------------+ |
+------------------------------------+
```
Close: <https://tangled.org/tangled.org/core/issues/341>
Signed-off-by: Seongmin Lee <git@boltless.me>
This new db migration won't migrate existing records in repos table.
Instead, it will simply rename the legacy table to `repos_old` and
create a new one with same name.
repo backfill will be done with tap
Signed-off-by: Seongmin Lee <git@boltless.me>
create new one if it's missing
Signed-off-by: Seongmin Lee <git@boltless.me>
This commit includes bare minimum tap client to use tap from spindle.
Signed-off-by: Seongmin Lee <git@boltless.me>
This commit won't work without following spindle rewrite to use tap and
introduce backfill because repos table is empty yet.
Signed-off-by: Seongmin Lee <git@boltless.me>
1. Use repo AT-URI as identifier.
2. Use `dom` field rather than `obj` to filter by repository. So now
it's "user with role A in repo B can do action D to field C" where
`A,B,C,D` are `sub,dom,obj,act`.
3. Manage app-logic rules in embedded csv file which won't be saved in
db and load to memory on start. This makes app's global rbac rule
change easier as we just need to edit the csv file.
Many permission check methods are missing, but should be enough to test
this new RBAC enforcer package in spindle.
Related issue: <https://tangled.org/tangled.org/core/issues/282>
Signed-off-by: Seongmin Lee <git@boltless.me>
- did-method-plc
- bluesky-jetstream
- bluesky-relay
- tap
Signed-off-by: Seongmin Lee <git@boltless.me>
we already have picHandle and picHandle link, this change adds pic and
picLink.
Signed-off-by: oppiliappan <me@oppi.li>
Signed-off-by: oppiliappan <me@oppi.li>
Signed-off-by: oppiliappan <me@oppi.li>
this is no longer necessary, we use BaseUrl where scheme is required.
Signed-off-by: oppiliappan <me@oppi.li>
Signed-off-by: Seongmin Lee <git@boltless.me>
Implemented tangled link extension. This can be extended for other link
types like issue/pull references in future.
The `tangled.org` host is hardcoded right now.
Close: <https://tangled.org/tangled.org/core/issues/382>
Signed-off-by: Seongmin Lee <git@boltless.me>
/pull/ID is redirected to /pull/ID/round/N. this makes links to lines in
a diff stable.
Signed-off-by: oppiliappan <me@oppi.li>
Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>
Creates an empty sh.tangled.actor.profile on first login. This should
prevent profile picture uploads from breaking due to profile record
existing beforehand.
This should also allow for us to estimate total users better globally.
Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>
Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>
Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>
Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>
Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>
Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>
Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>
Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>
with the introduction of `const` function in funcmap, we can make
reusable template for all reaction UI.
Signed-off-by: Seongmin Lee <git@boltless.me>
Signed-off-by: Seongmin Lee <git@boltless.me>
Constants those are mainly used to define a template shouldn't be
managed from http handlers. Define constant values in `const` funcmap so
we can easily access them without depending on template params.
This change will make more sense with following change `rusppvkn`
Signed-off-by: Seongmin Lee <git@boltless.me>
Signed-off-by: Seongmin Lee <git@boltless.me>
in mobile view, when the bottom sheet is open, overscrolling the sheet
would cause the underlying page to start scrolling. this adds a bit of
js to the page to avoid this behavior.
Signed-off-by: oppiliappan <me@oppi.li>
Signed-off-by: oppiliappan <me@oppi.li>
Signed-off-by: oppiliappan <me@oppi.li>
Signed-off-by: oppiliappan <me@oppi.li>
Signed-off-by: oppiliappan <me@oppi.li>
when constructing a url using url.Values.Encode, we need to avoid
escaping the `=` symbol, which is performed by the default urlescaper
behavior in href contexts; so we wrap the call with safeUrl.
Signed-off-by: oppiliappan <me@oppi.li>
queryParams is like dict: constructs a url.Values map.
Signed-off-by: oppiliappan <me@oppi.li>
works like reddit threads: you click on the vertical line connecting
each comment and it collapses the thread.
Signed-off-by: oppiliappan <me@oppi.li>
we have several nested details tags here and i can't seem to figure it
out using plain css.
Signed-off-by: oppiliappan <me@oppi.li>
Signed-off-by: oppiliappan <me@oppi.li>
Signed-off-by: oppiliappan <me@oppi.li>
Signed-off-by: Will Andrews <will7989@hotmail.com>
pull page can be rendered fine without reaction map
Signed-off-by: Seongmin Lee <git@boltless.me>
Signed-off-by: Seongmin Lee <git@boltless.me>
the file-diff icon was incorrectly linked.
Signed-off-by: oppiliappan <me@oppi.li>
we should really upgrade to tailwind 4.x at some point!
Signed-off-by: oppiliappan <me@oppi.li>
- transparent blue caused text ovelaps
- mobile view hide the split/unified buttons
- transparent topbar caused text overlaps
Signed-off-by: oppiliappan <me@oppi.li>
Signed-off-by: oppiliappan <me@oppi.li>
also fixes a subtle bug: when timeline commits are populated from the
punchcard, only the current year's commits are available, however the
timeline can span across two years (as it does today: Jan 2026, Dec
2025, Nov 2025 ...).
Signed-off-by: oppiliappan <me@oppi.li>
Signed-off-by: oppiliappan <me@oppi.li>
the lockable http tarball protocol is meant to serve tarball flakes, by
emitting a stable `Link` header:
Link: <flakeref>; rel="immutable"
this patch now supports the new header in two places, on the appview, at
the `/archive/<ref>.tar.gz` endpoint:
λ nix flake metadata -v --refresh --no-write-lock-file 'http://127.0.0.1:3000/oppi.li/repo-19-01-26-08-04-14/archive/main.tar.gz'
unpacking 'http://127.0.0.1:3000/oppi.li/repo-19-01-26-08-04-14/archive/main.tar.gz' into the Git cache...
warning: not writing modified lock file of flake 'http://127.0.0.1:3000/oppi.li/repo-19-01-26-08-04-14/archive/main.tar.gz':
• Added input 'nixpkgs':
'github:nixos/nixpkgs/bde09022887110deb780067364a0818e89258968?narHash=sha256-tLj4KcRDLakrlpvboTJDKsrp6z2XLwyQ4Zmo%2Bw8KsY4%3D' (2026-01-19)
Resolved URL: http://127.0.0.1:3000/oppi.li/repo-19-01-26-08-04-14/archive/main.tar.gz
Locked URL: http://127.0.0.1:3000/did:plc:qfpnj4og54vl56wngdriaxug/repo-19-01-26-08-04-14/archive/a63d945ae97b84812e394207f3cc80f6525c2082.tar.gz?narHash=sha256-IdKT88RIWvWrgQFx6c%2BX3cC7JFene%2BQI9yo2rKSGoA4%3D
Path: /nix/store/0k9pv83f0qn5cm0qy82j51plryk7szx7-source
Fingerprint: 9512ee4857b31a76c1112f05161bda5280d8596b866c4f78986c6c01c1d2f419
Inputs:
└───nixpkgs: github:nixos/nixpkgs/bde09022887110deb780067364a0818e89258968?narHash=sha256-tLj4KcRDLakrlpvboTJDKsrp6z2XLwyQ4Zmo%2Bw8KsY4%3D (2026-01-19 00:39:23)
and on the knotserver, when using the `/xrpc/sh.tangled.repo.archive`
endpoint:
λ nix flake metadata -v --refresh --no-write-lock-file "http://localhost:5555/xrpc/sh.tangled.repo.archive?format=tar.gz&prefix=&ref=main&repo=did%3Aplc%3Aqfpnj4og54vl56wngdriaxug%2Frepo-19-01-26-08-04-14"
unpacking 'http://localhost:5555/xrpc/sh.tangled.repo.archive?format=tar.gz&prefix=&ref=main&repo=did:plc:qfpnj4og54vl56wngdriaxug/repo-19-01-26-08-04-14' into the Git cache...
warning: not writing modified lock file of flake 'http://localhost:5555/xrpc/sh.tangled.repo.archive?format=tar.gz&prefix=&ref=main&repo=did:plc:qfpnj4og54vl56wngdriaxug/repo-19-01-26-08-04-14':
• Added input 'nixpkgs':
'github:nixos/nixpkgs/bde09022887110deb780067364a0818e89258968?narHash=sha256-tLj4KcRDLakrlpvboTJDKsrp6z2XLwyQ4Zmo%2Bw8KsY4%3D' (2026-01-19)
Resolved URL: http://localhost:5555/xrpc/sh.tangled.repo.archive?format=tar.gz&prefix=&ref=main&repo=did:plc:qfpnj4og54vl56wngdriaxug/repo-19-01-26-08-04-14
Locked URL: http://localhost:5555/xrpc/sh.tangled.repo.archive?format=tar.gz&narHash=sha256-IdKT88RIWvWrgQFx6c%2BX3cC7JFene%2BQI9yo2rKSGoA4%3D&prefix=&ref=a63d945ae97b84812e394207f3cc80f6525c2082&repo=did:plc:qfpnj4og54vl56wngdriaxug/repo-19-01-26-08-04-14
Path: /nix/store/0k9pv83f0qn5cm0qy82j51plryk7szx7-source
Fingerprint: 9512ee4857b31a76c1112f05161bda5280d8596b866c4f78986c6c01c1d2f419
Inputs:
└───nixpkgs: github:nixos/nixpkgs/bde09022887110deb780067364a0818e89258968?narHash=sha256-tLj4KcRDLakrlpvboTJDKsrp6z2XLwyQ4Zmo%2Bw8KsY4%3D (2026-01-19 00:39:23)
note that the "Resolved URL" includes a hash of the commit.
Co-authored-by: Seongmin Lee <git@boltless.me>
Signed-off-by: oppiliappan <me@oppi.li>
Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>
Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>
Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>
Some more conditional styling for rounding. Makes it look more cohesive.
Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>
Signed-off-by: Seongmin Lee <git@boltless.me>
Spindle will sync git repo when new repo is registered
Spindle will listen to `sh.tangled.git.refUpdate` event from knot
stream and sync its local git repo instead. Spindle's git repo will
sparse-checkout only `/.tangled/workflows` directory.
Spindle now requires git version >=2.49 for `--revision` flag in `git
clone` command.
References:
- <https://stackoverflow.com/q/47541033/13150270>
- <https://stackoverflow.com/q/600079/13150270>
Signed-off-by: Seongmin Lee <git@boltless.me>
spindle-tap will collect/stream record events from:
- users dynamically added by spindle (spindle members | collaborators of
repos using spindle)
- any users with `sh.tangled.repo.pull` collection
It might be bit inefficient considering it will also stream repo
creation events from PR authors due to second rule, but at least we now
have backfill logic and Sync 1.1 based syncing.
This inefficiency can be fixed later by modifying upstream tap cli or
embedding tap into spindle.
```
+--------- all tangled users --------+
| |
| +-- users known to spindle-tap --+ |
| | (PR author / manually added) | |
| | | |
| | +----------------------------+ | |
| | | users known to spindle | | |
| | | (members / collaborators) | | |
| | +----------------------------+ | |
| +--------------------------------+ |
+------------------------------------+
```
Close: <https://tangled.org/tangled.org/core/issues/341>
Signed-off-by: Seongmin Lee <git@boltless.me>
1. Use repo AT-URI as identifier.
2. Use `dom` field rather than `obj` to filter by repository. So now
it's "user with role A in repo B can do action D to field C" where
`A,B,C,D` are `sub,dom,obj,act`.
3. Manage app-logic rules in embedded csv file which won't be saved in
db and load to memory on start. This makes app's global rbac rule
change easier as we just need to edit the csv file.
Many permission check methods are missing, but should be enough to test
this new RBAC enforcer package in spindle.
Related issue: <https://tangled.org/tangled.org/core/issues/282>
Signed-off-by: Seongmin Lee <git@boltless.me>
Constants those are mainly used to define a template shouldn't be
managed from http handlers. Define constant values in `const` funcmap so
we can easily access them without depending on template params.
This change will make more sense with following change `rusppvkn`
Signed-off-by: Seongmin Lee <git@boltless.me>
the lockable http tarball protocol is meant to serve tarball flakes, by
emitting a stable `Link` header:
Link: <flakeref>; rel="immutable"
this patch now supports the new header in two places, on the appview, at
the `/archive/<ref>.tar.gz` endpoint:
λ nix flake metadata -v --refresh --no-write-lock-file 'http://127.0.0.1:3000/oppi.li/repo-19-01-26-08-04-14/archive/main.tar.gz'
unpacking 'http://127.0.0.1:3000/oppi.li/repo-19-01-26-08-04-14/archive/main.tar.gz' into the Git cache...
warning: not writing modified lock file of flake 'http://127.0.0.1:3000/oppi.li/repo-19-01-26-08-04-14/archive/main.tar.gz':
• Added input 'nixpkgs':
'github:nixos/nixpkgs/bde09022887110deb780067364a0818e89258968?narHash=sha256-tLj4KcRDLakrlpvboTJDKsrp6z2XLwyQ4Zmo%2Bw8KsY4%3D' (2026-01-19)
Resolved URL: http://127.0.0.1:3000/oppi.li/repo-19-01-26-08-04-14/archive/main.tar.gz
Locked URL: http://127.0.0.1:3000/did:plc:qfpnj4og54vl56wngdriaxug/repo-19-01-26-08-04-14/archive/a63d945ae97b84812e394207f3cc80f6525c2082.tar.gz?narHash=sha256-IdKT88RIWvWrgQFx6c%2BX3cC7JFene%2BQI9yo2rKSGoA4%3D
Path: /nix/store/0k9pv83f0qn5cm0qy82j51plryk7szx7-source
Fingerprint: 9512ee4857b31a76c1112f05161bda5280d8596b866c4f78986c6c01c1d2f419
Inputs:
└───nixpkgs: github:nixos/nixpkgs/bde09022887110deb780067364a0818e89258968?narHash=sha256-tLj4KcRDLakrlpvboTJDKsrp6z2XLwyQ4Zmo%2Bw8KsY4%3D (2026-01-19 00:39:23)
and on the knotserver, when using the `/xrpc/sh.tangled.repo.archive`
endpoint:
λ nix flake metadata -v --refresh --no-write-lock-file "http://localhost:5555/xrpc/sh.tangled.repo.archive?format=tar.gz&prefix=&ref=main&repo=did%3Aplc%3Aqfpnj4og54vl56wngdriaxug%2Frepo-19-01-26-08-04-14"
unpacking 'http://localhost:5555/xrpc/sh.tangled.repo.archive?format=tar.gz&prefix=&ref=main&repo=did:plc:qfpnj4og54vl56wngdriaxug/repo-19-01-26-08-04-14' into the Git cache...
warning: not writing modified lock file of flake 'http://localhost:5555/xrpc/sh.tangled.repo.archive?format=tar.gz&prefix=&ref=main&repo=did:plc:qfpnj4og54vl56wngdriaxug/repo-19-01-26-08-04-14':
• Added input 'nixpkgs':
'github:nixos/nixpkgs/bde09022887110deb780067364a0818e89258968?narHash=sha256-tLj4KcRDLakrlpvboTJDKsrp6z2XLwyQ4Zmo%2Bw8KsY4%3D' (2026-01-19)
Resolved URL: http://localhost:5555/xrpc/sh.tangled.repo.archive?format=tar.gz&prefix=&ref=main&repo=did:plc:qfpnj4og54vl56wngdriaxug/repo-19-01-26-08-04-14
Locked URL: http://localhost:5555/xrpc/sh.tangled.repo.archive?format=tar.gz&narHash=sha256-IdKT88RIWvWrgQFx6c%2BX3cC7JFene%2BQI9yo2rKSGoA4%3D&prefix=&ref=a63d945ae97b84812e394207f3cc80f6525c2082&repo=did:plc:qfpnj4og54vl56wngdriaxug/repo-19-01-26-08-04-14
Path: /nix/store/0k9pv83f0qn5cm0qy82j51plryk7szx7-source
Fingerprint: 9512ee4857b31a76c1112f05161bda5280d8596b866c4f78986c6c01c1d2f419
Inputs:
└───nixpkgs: github:nixos/nixpkgs/bde09022887110deb780067364a0818e89258968?narHash=sha256-tLj4KcRDLakrlpvboTJDKsrp6z2XLwyQ4Zmo%2Bw8KsY4%3D (2026-01-19 00:39:23)
note that the "Resolved URL" includes a hash of the commit.
Co-authored-by: Seongmin Lee <git@boltless.me>
Signed-off-by: oppiliappan <me@oppi.li>