zzstoatzz.io
commits
- increase docket heartbeat interval from 2s to 30s
- reduces redis commands by ~15x (heartbeat tracks 12 tasks)
- dead worker detection: 10s → 2.5min (acceptable for 5-min perpetual task)
- add upstash to /costs dashboard
- track redis usage in cost breakdown
- currently free tier (256MB, 500K commands/month)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
- core cleanup shipped (PR #617)
- sensitive images moved to moderation service (PR #644)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
consolidates sensitive image management in the rust moderation service:
- adds sensitive_images table to moderation db with migration
- adds GET /sensitive-images (public), POST /admin/sensitive-images,
POST /admin/sensitive-images/remove endpoints to moderation service
- adds get_sensitive_images() method to ModerationClient
- updates backend /moderation/sensitive-images to proxy to moderation service
- adds migration script for existing data
closes #544
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
"gate tracks for supporters" → "offer exclusive tracks to supporters"
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
the handle-row uses flexbox which ignores text-align from the parent.
added justify-content: center in the mobile media query.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
The liked state wasn't loading on the track detail page because of a
race condition with auth initialization:
1. Page loads, navigation effect runs immediately
2. Effect sets loadedForTrackId = currentId
3. BUT auth.isAuthenticated is still false (async auth not resolved)
4. loadLikedState() is skipped
5. Auth resolves, isAuthenticated becomes true
6. Effect runs again, but loadedForTrackId === currentId, so nothing happens
7. Liked state is never fetched
Fix: Split into two separate effects:
- One for general track data (comments, etc.) - runs immediately
- One for liked state - runs when auth.isAuthenticated becomes true
This ensures the liked heart shows correctly even when auth loads after
the initial page render.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
- use slice-based filtering for time ranges (shows last N days)
- fix chart overflow with flex shrink and min-width: 0
- add font-family: inherit to toggle buttons
- reduce label font size and add overflow handling
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
- export script now queries 30 days of daily data (independent of billing cycle)
- frontend adds toggle buttons (24h / 7d / 30d) to filter the chart
- billing period stats (free remaining, billable) still use AudD cycle for cost accuracy
- defaults to 30d view
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
* fix: lower header mobile breakpoint from 1599px to 1100px
the header was switching to mobile layout at 1599px, way too high.
at 1512px viewport width, users were seeing mobile header (no stats,
no icons) even on desktop.
changes:
- lower header breakpoint to 1100px (800px content + margin space)
- add breakpoints.ts as single source of truth for breakpoint values
- add comments referencing breakpoints.ts in Header.svelte
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: hide search in margin at 1300px to prevent crowding stats
adds intermediate breakpoint - search hides from margin before stats,
giving stats more breathing room as viewport narrows.
breakpoints now:
- >1300px: full desktop (stats + search in margin)
- 1100-1300px: stats only in margin (search hidden)
- <1100px: mobile layout (margin elements hidden)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: switch to mobile layout at 1300px instead of intermediate state
simpler approach: just switch to mobile layout when margin space gets
tight, rather than hiding individual elements.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
the `gated` field is viewer-resolved (true = no access, false = has access).
previously, auto-download would attempt for all tracks then fail silently.
now we pass `gated` through the like flow and only skip when gated === true.
- supporters (gated === false): download proceeds normally
- non-supporters (gated === true): download skipped client-side
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
- shows lock icon next to title when track.gated is true
- guards addToQueue with gated check + toast
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
* fix: resolve gated status server-side, show lock icon for inaccessible content
- add `gated: bool` field to TrackResponse that resolves access at serialization
- backend checks if viewer is owner or supporter before returning tracks
- add `get_supported_artists()` helper for batch atprotofans API checks
- change frontend icon from heart to lock for gated content
- lock only shows when content is actually inaccessible to the viewer
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* docs: add R2_PRIVATE_BUCKET to configuration docs
* fix: update portal page to use lock icon for gated tracks
* feat: show toast when non-supporter tries to queue gated track
adds sync guard function that uses server-resolved gated status
to show toast without network call when adding to queue.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
* feat: add supporter-gated content infrastructure
backend support for atprotofans content gating:
- create private R2 buckets (audio-private-dev/staging/prod)
- add R2_PRIVATE_BUCKET and PRESIGNED_URL_EXPIRY_SECONDS settings
- implement save_gated() and generate_presigned_url() in R2Storage
- add supportGate field to fm.plyr.track lexicon
- add support_gate JSONB column to tracks table
- add atprotofans validation helper (_internal/atprotofans.py)
- update audio endpoint to check supporter status for gated tracks
- 401 if not authenticated
- 402 if not a supporter
- presigned URL redirect if valid supporter
the supportGate object starts with type: "any" (any support unlocks),
with room to grow for tiers (recurring, minimum amounts, etc.)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat: add support_gate parameter to upload flow
enable artists to upload supporter-gated tracks:
- add support_gate form parameter to upload endpoint
- validate support_gate JSON structure (must have type: "any")
- require atprotofans to be enabled in settings to use gating
- use save_gated() for gated tracks (private R2 bucket)
- store support_gate in Track model and ATProto record
- gated tracks use API endpoint URL instead of direct R2 URL
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(frontend): add UI for supporter-gated tracks
- TrackItem: show heart badge overlay on gated tracks with dimmed image
- Player: detect 401/402 on gated content, show toast with supporter CTA
- Upload: add "supporters only" toggle when artist has atprotofans enabled
- Types: add SupportGate interface and support_gate field to Track
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: complete supporter-gated content implementation
- fix presigned URL generation with SigV4 signature (was returning 401)
- add playback helper to check gated access BEFORE modifying queue state
(clicking locked track no longer interrupts current playback)
- add support_gate toggle to track edit UI in portal
- centralize atprotofans support URL generation in config.ts
- add 7 regression tests for gated content access control
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: migrate audio to private bucket when enabling support_gate
when enabling support_gate on an existing track, the audio file must be
migrated from the public bucket to the private bucket. otherwise the
original public r2_url remains accessible, bypassing the paywall.
- add R2Storage.migrate_to_private_bucket() - copies file then deletes original
- add migrate_track_to_private_bucket background task
- schedule migration in PATCH endpoint when support_gate is enabled on
a track that has an r2_url (indicating it's in the public bucket)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* refactor: unify audio bucket migration to single move_audio method
- R2Storage.move_audio(file_id, extension, to_private) handles both directions
- move_track_audio background task replaces separate migrate_to_private/public
- PATCH endpoint schedules move when toggling support_gate in either direction:
- enabling gate on public track → move to private
- disabling gate on private track → move to public
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: sync ATProto record when toggling support_gate
- include support_gate changes in metadata_changed check
- pass support_gate to build_track_record
- use backend API URL for gated tracks (r2_url is None)
- fix upload page: link to /portal not /settings for atprotofans setup
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
direct atprotofans contributions use the artist's DID as the signer,
not the broker DID. the broker DID is only used when plyr.fm is a
registered platform that created the support template.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
beartype runtime type checking requires exact type matches.
`progress_pct=0` (int) fails validation against `float | None`.
fixes upload failure: "BeartypeCallHintParamViolation: parameter
progress_pct=0 violates type hint float | None"
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
most users are listeners first, uploaders second - landing on the library
(liked tracks, playlists) is a better default than the portal (artist management).
- change backend OAuth callback to redirect to /library
- add exchange_token handling to library page (same pattern as portal)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
- add SupporterBadge component with heart icon styling
- add validateSupporter API call to artist page when viewer is logged in
- call atprotofans API directly from frontend (public endpoint)
- use broker DID for signer parameter
- only show badge when:
- viewer is authenticated
- artist has support_url: 'atprotofans'
- viewer is not the artist themselves
- validation returns valid: true
- update research doc with implementation status and correct API usage
- add new research doc for supporter-gated content architecture (R2 presigned URLs)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
- documented PR #629 rate limiting fix for moderation endpoint
- added tip to status-update command suggesting use after /deploy
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Detected suspicious activity: 72 requests in 17 seconds from a single IP
with no user agent, targeting only this endpoint. Added 10/minute rate
limit to prevent abuse.
Investigation details:
- Single IP (172.16.17.202 via Fly proxy) hitting endpoint repeatedly
- Requests spaced ~230ms apart (too consistent for human browsing)
- No corresponding user activity (page loads, audio streams)
- All requests had no User-Agent header
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
- STATUS.md: add sprint section (Dec 20-31) with two tracks:
- moderation architecture overhaul (Osprey/Ozone patterns)
- atprotofans paywall integration (supporter gating)
- research docs for both tracks with implementation phases
- updated immediate priorities to reflect sprint focus
tracking: #625
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude <noreply@anthropic.com>
- LikeButton: use overridable $derived instead of $state + $effect for
optimistic UI, add aria-label for accessibility
- TrackItem: use $derived for likeCount/commentCount that sync with props,
use $effect.pre for resetting local UI state on track change
- docs: document overridable $derived pattern in state-management.md
reviewed against Svelte MCP autofixer recommendations
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
- beartype runtime type checking (PR #619)
- moderation cleanup consolidation (PRs #617-618)
- login UX improvements (PRs #604, #613)
- artist page pagination + mobile fixes (PR #615)
- Open Graph tags for tag pages (PRs #605-607)
- misc: upload button, background settings, atprotofans link, AudD billing
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Buttons don't inherit font from parent by default in CSS.
Co-authored-by: Claude <noreply@anthropic.com>
* fix: enable beartype runtime type checking and fix type violations
enables beartype for runtime type checking across the backend package.
this catches type violations at function call time, improving reliability.
**type fixes:**
- `_get_existing_track_order`: accept `str | None` for album_atproto_uri
- `_emit_copyright_label`: use `int` for highest_score (matches db model)
- `ModerationClient.__init__`: accept `int | float` for timeout_seconds
- `UploadProgressTracker`: accept `int | float` for min_time_between_updates
- `hash_file_chunked`: use `BinaryIO | IOBase` (works with BytesIO and file handles)
- `build_track_record` callers: guard against None r2_url before calling
**test fixes:**
- `MockStorage`: inherit from `R2Storage` for proper type compatibility
- `test_update_album_title`: add `r2_url` to track fixture
**refactors:**
- `storage/__init__.py`: import `R2Storage` directly (no lazy forward ref)
- `image.py`, `audio.py`: use `typing.Self` for classmethod return types
- `auth.py`: import `EllipticCurvePrivateKey` directly
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* chore: add beartype as explicit dependency
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: disable automatic perpetual task scheduling in tests
The docket worker's automatic perpetual task scheduling was causing
event loop issues during test teardown. The Worker creates async
connections that get attached to one event loop, but TestClient
teardown runs on a different loop.
Added DOCKET_SCHEDULE_AUTOMATIC_TASKS setting (default: true) and
set it to false in test environment to prevent this issue.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* perf: session-scope TestClient fixture for 5x faster tests
The client fixture was function-scoped, causing the full FastAPI
lifespan (database init, services, docket worker) to run for each
test. Switching to session-scope reduces test_stats.py from 26s to 5s.
Full test suite now runs in ~17s instead of potentially much longer.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* refactor: remove init_db() from lifespan
init_db() called Base.metadata.create_all on every server start.
This was a no-op since all tables already exist in dev/staging/prod.
Tests handle their own table creation via conftest.py.
Dead code removed. Database schema is managed by alembic migrations.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
The task was registered but never scheduled periodically. Adding
Perpetual(every=timedelta(minutes=5), automatic=True) makes it run
automatically every 5 minutes after worker startup.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
* refactor: moderation cleanup (#541, #542, #543)
this PR consolidates moderation architecture across three related issues:
**#541: extract ModerationClient class**
- new `moderation_client.py` with centralized client for all moderation service calls
- replaces scattered httpx.AsyncClient instantiation with singleton pattern
- consistent timeout, auth, and caching behavior
**#542: move lazy resolution to background task**
- add `sync_copyright_resolutions()` background task
- removes lazy reconciliation from read paths
- runs periodically to sync labeler negation status
**#543: simplify get_copyright_info to pure read**
- remove write-on-read pattern from aggregations
- `is_flagged` is now the source of truth (synced by background task)
- labeler remains authoritative; we just don't query it on every read
**breaking: removes resolution columns from copyright_scans**
- `resolution`, `reviewed_at`, `reviewed_by`, `review_notes` removed
- labeler is now the single source of truth for resolution status
- migration included to drop columns
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat: add research/plan/implement workflow commands
inspired by HumanLayer patterns, adds a three-phase workflow for complex tasks:
- `/research [topic]` - deep dive on a topic, persist to docs/research/
- `/plan [issue or description]` - create implementation plan, persist to docs/plans/
- `/implement [plan path]` - execute a plan phase by phase
also improves `/consider-review` to properly fetch and process PR feedback.
the workflow encourages:
- exploring before implementing
- persisting knowledge for future reference
- no open questions in plans
- systematic verification during implementation
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
- pass hasMoreTracks and nextCursor from API response to frontend
- add "load more tracks" button when there are more tracks to load
- display total track count in section header (from analytics)
- fix album cards running off screen on mobile:
- smaller cover images (56px vs 72px)
- tighter padding and gaps
- smaller text sizes
- ensure overflow:hidden on cards
closes pyxorium.com visibility issue (252 tracks, only 50 shown)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude <noreply@anthropic.com>
strips common prefixes from user input on the login page:
- `@user.bsky.social` → `user.bsky.social`
- `at://user.bsky.social` → `user.bsky.social`
- `at://did:plc:abc123` → `did:plc:abc123`
the more complex URL handling and .bsky.social auto-append
need backend support and are deferred for now.
inspired by https://ngerakines.leaflet.pub/3ma7hed2kdk2x
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
* feat: add offline mode foundation with auto-download liked tracks
- add storage.ts with Cache API + IndexedDB for offline audio storage
- add GET /audio/{file_id}/url endpoint returning direct R2 URLs for caching
- add auto_download_liked preference (stored in localStorage, device-specific)
- add settings toggle that bulk-downloads all liked tracks when enabled
- auto-download new tracks when liking (if preference enabled)
- Player component checks for cached audio before streaming
- fix TLFM reauth notice to show correct message
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: require auth for audio URL endpoint
adds authentication to GET /audio/{file_id}/url to prevent
unauthenticated enumeration of audio URLs.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: improve IndexedDB robustness
- close database connections after each operation (fixes connection leak)
- deduplicate concurrent downloads using in-flight promise map
- verify cache entry exists in isDownloaded() and clean up stale metadata
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* refactor: move auto-download toggle to experimental section
keeps the feature available but clearly marked as experimental
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
* feat: add offline mode foundation with auto-download liked tracks
- add storage.ts with Cache API + IndexedDB for offline audio storage
- add GET /audio/{file_id}/url endpoint returning direct R2 URLs for caching
- add auto_download_liked preference (stored in localStorage, device-specific)
- add settings toggle that bulk-downloads all liked tracks when enabled
- auto-download new tracks when liking (if preference enabled)
- Player component checks for cached audio before streaming
- fix TLFM reauth notice to show correct message
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: require auth for audio URL endpoint
adds authentication to GET /audio/{file_id}/url to prevent
unauthenticated enumeration of audio URLs.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: improve IndexedDB robustness
- close database connections after each operation (fixes connection leak)
- deduplicate concurrent downloads using in-flight promise map
- verify cache entry exists in isDownloaded() and clean up stale metadata
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
* fix: mobile modal positioning to use full screen
On mobile, modals were getting cut off due to Safari sticky+fixed
positioning issues. Changed from center-based positioning to inset-based
(top/left/right/bottom) to use the full available screen space.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: use svelte-portal for modal positioning
the header's backdrop-filter creates a CSS containing block, which
causes position:fixed modals to be positioned relative to the header
instead of the viewport. use svelte-portal to render modals directly
on document.body, preserving proper centering.
- add svelte-portal dependency
- apply use:portal={'body'} to LinksMenu and ProfileMenu modals
- add docs/frontend/portals.md documenting this pattern
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
The layout was rendering default OG tags even for tag pages because
/tag/ wasn't in the hasPageMetadata list, causing crawlers to use
the first (default) tags instead of the page-specific ones.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
- add +page.server.ts for SSR tag metadata (name, track count)
- add og:title, og:description, twitter:card meta tags
- keep tracks fetched client-side to preserve auth state
- link previews now show "X tracks tagged #tagname"
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
- use "internet handle" label with link to internethandle.org
- collapsible FAQ sections for explanation
- simpler "sign in" button
- cleaner spacing
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude <noreply@anthropic.com>
Audio update covering Dec 8-17:
- Glass effects and custom background images
- Accurate AudD cost tracking from track duration
- Moderation agent with audit trails
- Performance improvements (removed slow moderation calls)
- iOS Safari fixes, sticky header, album track order preservation
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
reverts PR #529. the letta account has been discontinued, so reverting
to the original claude-code-action workflow.
changes:
- restore .github/workflows/status-maintenance.yml to use anthropics/claude-code-action@v1
- delete scripts/status_maintenance.py (letta-backed script)
- delete scripts/letta_status_agent.py (local testing script)
- update STATUS.md to remove letta references
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
- calculate API requests from track duration (1 request = 12s audio)
- remove hardcoded Nov 24 fallback - now fully dynamic from DB
- add new fields: requests_this_period, base_cost, overage_cost, billable_requests
- update daily chart to show requests instead of scan count
- change GHA workflow from daily to hourly for near real-time visibility
- update frontend to display request-based metrics with explainer text
AudD billing: $5/mo base + $5/1k requests over 6000 free tier
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
- adds upload link between library and @handle in desktop nav
- styled with accent border/color as primary CTA
- hover fills with accent background
- hidden when already on /upload page
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
- add pointer-events: none to body::before (fixes input blocking)
- remove disabled state from background URL input (can set fallback)
- fix toast message when toggling playing artwork off
- update descriptions to clarify fallback behavior
- always show tile checkbox when background URL is set
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
- visual customization section (PRs #595-596): custom backgrounds, glass effects
- added #557 to album management (slug sync fix)
- added #549 to costs dashboard (dedicated R2 bucket)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
the translateZ transform was causing tracks to overlap each other
in 3D space, blocking click events on like/share buttons for all
tracks below the first one. the queue button worked because it was
positioned differently in the layout.
removed the wheel effect entirely - the visual effect wasn't worth
the broken interactivity.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
* feat: add glass effects and track item styling
- add CSS variables for glass effects (--glass-bg, --glass-blur, --glass-border)
- apply backdrop-filter blur to Player, Header, and Queue sidebar
- add translucent backgrounds to TrackItem without blur (performance safe)
- add subtle border-radius (6px) and box-shadow to track items
- support both dark and light themes with appropriate glass values
- remove conflicting light theme overrides in favor of CSS variables
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat: add ui_settings JSONB column for extensible preferences
- add ui_settings JSONB column to user_preferences table
- update preferences API to expose ui_settings field
- merge ui_settings on partial updates to support incremental changes
- add migration for new column
- add tests for ui_settings CRUD and persistence
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat: add background image settings UI
- add UiSettings interface with background_image_url and background_tile
- add background image URL input and tile toggle in settings page
- apply background image via CSS custom properties in layout
- update preferences manager with updateUiSettings method
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat: refine track item hover behavior and glass styling
- remove chunky left border, use uniform subtle border
- add tactile hover: 0.5px lift with accent-tinted glow
- smooth cubic-bezier easing for polished feel
- active state settles back down on click
- adjust track background opacity (88%) for better balance
- fix background image input reactivity bug
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat: add subtle 3D wheel scroll effect to track items
tracks now appear on a convex cylinder surface:
- items at viewport center are closest
- items above/below rotate away slightly (2° max)
- uses passive scroll listener for performance
- transform-style: preserve-3d for proper layering
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat: glass button styling for background image visibility
icon buttons now have translucent backgrounds when a
background image is set, ensuring they remain visible
against any background:
- ShareButton gets glass background
- playlist page icon-btn (edit, delete) gets glass bg
- HiddenTagsFilter eyeball toggle gets glass bg
- glass button CSS variables set dynamically in layout
when background image is present
- respects light/dark theme with appropriate opacity
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: consistent glass button styling and preserve bg image on refresh
- unified queue/action buttons across tag, liked, playlist, and album pages
to use glass button CSS variables (--glass-btn-bg, --glass-btn-border)
- only apply background image changes when preferences are actually loaded
to prevent clearing the background image on refresh/hydration
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat: use playing track artwork as background option
adds a new toggle in settings to use the currently playing
track's artwork as the background image:
- new ui_settings.use_playing_artwork_as_background option
- when enabled, overrides custom background image URL
- background changes dynamically as tracks change
- disables the custom URL input when enabled
- playing artwork never tiles (always cover)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat: blur and tile playing artwork background
- playing artwork now tiles in a 4x4 grid (25% size)
- applies 40px blur for smooth, ambient effect
- uses body::before pseudo-element with scale(1.1) to prevent blur edge artifacts
- custom background images remain unblurred
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: fall back to custom bg when playing track has no artwork
when "use playing artwork as background" is enabled but the
current track has no artwork, now falls back to the custom
background URL if one is set (instead of showing nothing)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat: add subtle text glow for readability against backgrounds
adds a --text-shadow CSS variable that provides a soft glow effect
around gray metadata text when a background image is set. this improves
readability without being visually heavy like a drop shadow.
applied to:
- album page metadata (type, title, meta, artist link)
- tag page track count subtitle
- settings page section headers
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: use proper fallbacks for glass button styling
when no background image is set, buttons should fall back to
transparent backgrounds and standard border colors rather than
hardcoded dark theme glass values.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
STATUS.md:
- added missing section for Dec 10-12 work (PRs #558-572)
- documents background task expansion (like/comment PDS writes, album sync)
- documents Redis cache for copyright labels (PR #566)
- documents mobile UX improvements and misc fixes
background-tasks.md:
- added new tasks: album list sync, PDS like/unlike, PDS comment CRUD
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
* fix: make header sticky on scroll
- change overflow-x from hidden to clip on .app-layout to preserve
position: sticky on descendants
- add position: sticky and background to header so it sticks to top
when scrolling through long lists
previously, scrolling down a long track list required scrolling all the
way back up to access search or navigation. now the header stays visible.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* docs: update STATUS.md with Dec 14-15 work
- performance improvements (PRs #590-591)
- moderation agent (PRs #586, #588)
- bug fixes (PRs #589, #592, #593)
- iOS Safari fixes (PRs #573-576)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
* fix: preserve album track order during ATProto sync (#587)
when syncing album list records to ATProto, the background sync was
always ordering tracks by created_at, overwriting any custom order
the user had set via the frontend reorder feature.
now the sync:
1. fetches the existing ATProto list record order (if any)
2. preserves that order for existing tracks
3. appends any new tracks at the end (sorted by created_at)
this prevents user-reordered albums from reverting on login.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: use unique DID and cleanup in test to avoid CI conflicts
the test was sharing fixtures with fixed DIDs causing foreign key
constraint violations during teardown when running in parallel with xdist.
now uses:
- unique DID with uuid suffix for test isolation
- explicit cleanup in finally block (tracks → albums → artists order)
- properly typed capture function for lint compliance
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
same issue as /tracks/ - copyright info is only displayed in artist
portal, not public tag browse pages.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
the copyright check was making an HTTP call to moderation.plyr.fm on
every /tracks/ request, adding ~1 second latency. this info is only
displayed in /tracks/me (artist portal), not the main feed.
- remove get_copyright_info from main listing endpoint
- keep it in /tracks/me and /tracks/me/broken where it's needed
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
the playlist endpoint wasn't checking for authenticated users, so
tracks always showed is_liked: false even when the user had liked them.
backend:
- add session cookie check to GET /lists/playlists/{id}
- query user's liked tracks when authenticated
- pass liked_track_ids to TrackResponse.from_track()
frontend:
- add client-side liked state hydration (matching artist page pattern)
- prime from localStorage cache, then fetch fresh data
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
- update prompt to de-emphasize unreliable match scores
- focus analysis on title/artist name matching instead
- remove 200 char truncation on reasoning notes
- make resolution notes use full card width in admin UI
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
- add AI-powered moderation agent (scripts/moderation_agent.py) that:
- fetches pending copyright flags from moderation service
- uses Claude to categorize as violation/false positive/needs review
- shows reasoning for each decision in scannable table format
- bulk resolves false positives with human approval
- fix JSON API endpoint to store resolution reason and notes
(previously only the htmx endpoint saved this data)
- update admin UI to display resolution notes prominently
for resolved items instead of hiding in tooltip
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
documents the confidential OAuth client implementation:
- PR #578: initial confidential client support
- PRs #580-582: bug fixes for aud claim and kid header
- fork updates for issuer and kid parameters
- outcome: 180-day refresh tokens, remember-me working
- links to #583 for future account switching work
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
the ATProto OAuth spec requires client assertions to include the kid
in the JWT header so the PDS knows which public key to use for
verification.
changes:
- rename _load_client_secret_key() to _load_client_secret()
- return tuple of (key, kid) instead of just key
- validate that OAUTH_JWK includes kid field
- pass client_secret_kid to OAuthClient
- update atproto fork to v0.0.1.dev470 with kid support
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
python-jose's to_dict() doesn't include the kid field from the
original JWK. this fix explicitly copies the kid from the input
JWK to the public key output.
the kid is required by ATProto OAuth for key identification when
validating client assertions.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
- increase docket heartbeat interval from 2s to 30s
- reduces redis commands by ~15x (heartbeat tracks 12 tasks)
- dead worker detection: 10s → 2.5min (acceptable for 5-min perpetual task)
- add upstash to /costs dashboard
- track redis usage in cost breakdown
- currently free tier (256MB, 500K commands/month)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
consolidates sensitive image management in the rust moderation service:
- adds sensitive_images table to moderation db with migration
- adds GET /sensitive-images (public), POST /admin/sensitive-images,
POST /admin/sensitive-images/remove endpoints to moderation service
- adds get_sensitive_images() method to ModerationClient
- updates backend /moderation/sensitive-images to proxy to moderation service
- adds migration script for existing data
closes #544
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
The liked state wasn't loading on the track detail page because of a
race condition with auth initialization:
1. Page loads, navigation effect runs immediately
2. Effect sets loadedForTrackId = currentId
3. BUT auth.isAuthenticated is still false (async auth not resolved)
4. loadLikedState() is skipped
5. Auth resolves, isAuthenticated becomes true
6. Effect runs again, but loadedForTrackId === currentId, so nothing happens
7. Liked state is never fetched
Fix: Split into two separate effects:
- One for general track data (comments, etc.) - runs immediately
- One for liked state - runs when auth.isAuthenticated becomes true
This ensures the liked heart shows correctly even when auth loads after
the initial page render.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
- use slice-based filtering for time ranges (shows last N days)
- fix chart overflow with flex shrink and min-width: 0
- add font-family: inherit to toggle buttons
- reduce label font size and add overflow handling
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
- export script now queries 30 days of daily data (independent of billing cycle)
- frontend adds toggle buttons (24h / 7d / 30d) to filter the chart
- billing period stats (free remaining, billable) still use AudD cycle for cost accuracy
- defaults to 30d view
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
* fix: lower header mobile breakpoint from 1599px to 1100px
the header was switching to mobile layout at 1599px, way too high.
at 1512px viewport width, users were seeing mobile header (no stats,
no icons) even on desktop.
changes:
- lower header breakpoint to 1100px (800px content + margin space)
- add breakpoints.ts as single source of truth for breakpoint values
- add comments referencing breakpoints.ts in Header.svelte
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: hide search in margin at 1300px to prevent crowding stats
adds intermediate breakpoint - search hides from margin before stats,
giving stats more breathing room as viewport narrows.
breakpoints now:
- >1300px: full desktop (stats + search in margin)
- 1100-1300px: stats only in margin (search hidden)
- <1100px: mobile layout (margin elements hidden)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: switch to mobile layout at 1300px instead of intermediate state
simpler approach: just switch to mobile layout when margin space gets
tight, rather than hiding individual elements.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
the `gated` field is viewer-resolved (true = no access, false = has access).
previously, auto-download would attempt for all tracks then fail silently.
now we pass `gated` through the like flow and only skip when gated === true.
- supporters (gated === false): download proceeds normally
- non-supporters (gated === true): download skipped client-side
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
* fix: resolve gated status server-side, show lock icon for inaccessible content
- add `gated: bool` field to TrackResponse that resolves access at serialization
- backend checks if viewer is owner or supporter before returning tracks
- add `get_supported_artists()` helper for batch atprotofans API checks
- change frontend icon from heart to lock for gated content
- lock only shows when content is actually inaccessible to the viewer
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* docs: add R2_PRIVATE_BUCKET to configuration docs
* fix: update portal page to use lock icon for gated tracks
* feat: show toast when non-supporter tries to queue gated track
adds sync guard function that uses server-resolved gated status
to show toast without network call when adding to queue.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
* feat: add supporter-gated content infrastructure
backend support for atprotofans content gating:
- create private R2 buckets (audio-private-dev/staging/prod)
- add R2_PRIVATE_BUCKET and PRESIGNED_URL_EXPIRY_SECONDS settings
- implement save_gated() and generate_presigned_url() in R2Storage
- add supportGate field to fm.plyr.track lexicon
- add support_gate JSONB column to tracks table
- add atprotofans validation helper (_internal/atprotofans.py)
- update audio endpoint to check supporter status for gated tracks
- 401 if not authenticated
- 402 if not a supporter
- presigned URL redirect if valid supporter
the supportGate object starts with type: "any" (any support unlocks),
with room to grow for tiers (recurring, minimum amounts, etc.)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat: add support_gate parameter to upload flow
enable artists to upload supporter-gated tracks:
- add support_gate form parameter to upload endpoint
- validate support_gate JSON structure (must have type: "any")
- require atprotofans to be enabled in settings to use gating
- use save_gated() for gated tracks (private R2 bucket)
- store support_gate in Track model and ATProto record
- gated tracks use API endpoint URL instead of direct R2 URL
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(frontend): add UI for supporter-gated tracks
- TrackItem: show heart badge overlay on gated tracks with dimmed image
- Player: detect 401/402 on gated content, show toast with supporter CTA
- Upload: add "supporters only" toggle when artist has atprotofans enabled
- Types: add SupportGate interface and support_gate field to Track
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: complete supporter-gated content implementation
- fix presigned URL generation with SigV4 signature (was returning 401)
- add playback helper to check gated access BEFORE modifying queue state
(clicking locked track no longer interrupts current playback)
- add support_gate toggle to track edit UI in portal
- centralize atprotofans support URL generation in config.ts
- add 7 regression tests for gated content access control
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: migrate audio to private bucket when enabling support_gate
when enabling support_gate on an existing track, the audio file must be
migrated from the public bucket to the private bucket. otherwise the
original public r2_url remains accessible, bypassing the paywall.
- add R2Storage.migrate_to_private_bucket() - copies file then deletes original
- add migrate_track_to_private_bucket background task
- schedule migration in PATCH endpoint when support_gate is enabled on
a track that has an r2_url (indicating it's in the public bucket)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* refactor: unify audio bucket migration to single move_audio method
- R2Storage.move_audio(file_id, extension, to_private) handles both directions
- move_track_audio background task replaces separate migrate_to_private/public
- PATCH endpoint schedules move when toggling support_gate in either direction:
- enabling gate on public track → move to private
- disabling gate on private track → move to public
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: sync ATProto record when toggling support_gate
- include support_gate changes in metadata_changed check
- pass support_gate to build_track_record
- use backend API URL for gated tracks (r2_url is None)
- fix upload page: link to /portal not /settings for atprotofans setup
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
direct atprotofans contributions use the artist's DID as the signer,
not the broker DID. the broker DID is only used when plyr.fm is a
registered platform that created the support template.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
beartype runtime type checking requires exact type matches.
`progress_pct=0` (int) fails validation against `float | None`.
fixes upload failure: "BeartypeCallHintParamViolation: parameter
progress_pct=0 violates type hint float | None"
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
most users are listeners first, uploaders second - landing on the library
(liked tracks, playlists) is a better default than the portal (artist management).
- change backend OAuth callback to redirect to /library
- add exchange_token handling to library page (same pattern as portal)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
- add SupporterBadge component with heart icon styling
- add validateSupporter API call to artist page when viewer is logged in
- call atprotofans API directly from frontend (public endpoint)
- use broker DID for signer parameter
- only show badge when:
- viewer is authenticated
- artist has support_url: 'atprotofans'
- viewer is not the artist themselves
- validation returns valid: true
- update research doc with implementation status and correct API usage
- add new research doc for supporter-gated content architecture (R2 presigned URLs)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Detected suspicious activity: 72 requests in 17 seconds from a single IP
with no user agent, targeting only this endpoint. Added 10/minute rate
limit to prevent abuse.
Investigation details:
- Single IP (172.16.17.202 via Fly proxy) hitting endpoint repeatedly
- Requests spaced ~230ms apart (too consistent for human browsing)
- No corresponding user activity (page loads, audio streams)
- All requests had no User-Agent header
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
- STATUS.md: add sprint section (Dec 20-31) with two tracks:
- moderation architecture overhaul (Osprey/Ozone patterns)
- atprotofans paywall integration (supporter gating)
- research docs for both tracks with implementation phases
- updated immediate priorities to reflect sprint focus
tracking: #625
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude <noreply@anthropic.com>
- LikeButton: use overridable $derived instead of $state + $effect for
optimistic UI, add aria-label for accessibility
- TrackItem: use $derived for likeCount/commentCount that sync with props,
use $effect.pre for resetting local UI state on track change
- docs: document overridable $derived pattern in state-management.md
reviewed against Svelte MCP autofixer recommendations
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
- beartype runtime type checking (PR #619)
- moderation cleanup consolidation (PRs #617-618)
- login UX improvements (PRs #604, #613)
- artist page pagination + mobile fixes (PR #615)
- Open Graph tags for tag pages (PRs #605-607)
- misc: upload button, background settings, atprotofans link, AudD billing
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
* fix: enable beartype runtime type checking and fix type violations
enables beartype for runtime type checking across the backend package.
this catches type violations at function call time, improving reliability.
**type fixes:**
- `_get_existing_track_order`: accept `str | None` for album_atproto_uri
- `_emit_copyright_label`: use `int` for highest_score (matches db model)
- `ModerationClient.__init__`: accept `int | float` for timeout_seconds
- `UploadProgressTracker`: accept `int | float` for min_time_between_updates
- `hash_file_chunked`: use `BinaryIO | IOBase` (works with BytesIO and file handles)
- `build_track_record` callers: guard against None r2_url before calling
**test fixes:**
- `MockStorage`: inherit from `R2Storage` for proper type compatibility
- `test_update_album_title`: add `r2_url` to track fixture
**refactors:**
- `storage/__init__.py`: import `R2Storage` directly (no lazy forward ref)
- `image.py`, `audio.py`: use `typing.Self` for classmethod return types
- `auth.py`: import `EllipticCurvePrivateKey` directly
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* chore: add beartype as explicit dependency
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: disable automatic perpetual task scheduling in tests
The docket worker's automatic perpetual task scheduling was causing
event loop issues during test teardown. The Worker creates async
connections that get attached to one event loop, but TestClient
teardown runs on a different loop.
Added DOCKET_SCHEDULE_AUTOMATIC_TASKS setting (default: true) and
set it to false in test environment to prevent this issue.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* perf: session-scope TestClient fixture for 5x faster tests
The client fixture was function-scoped, causing the full FastAPI
lifespan (database init, services, docket worker) to run for each
test. Switching to session-scope reduces test_stats.py from 26s to 5s.
Full test suite now runs in ~17s instead of potentially much longer.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* refactor: remove init_db() from lifespan
init_db() called Base.metadata.create_all on every server start.
This was a no-op since all tables already exist in dev/staging/prod.
Tests handle their own table creation via conftest.py.
Dead code removed. Database schema is managed by alembic migrations.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
* refactor: moderation cleanup (#541, #542, #543)
this PR consolidates moderation architecture across three related issues:
**#541: extract ModerationClient class**
- new `moderation_client.py` with centralized client for all moderation service calls
- replaces scattered httpx.AsyncClient instantiation with singleton pattern
- consistent timeout, auth, and caching behavior
**#542: move lazy resolution to background task**
- add `sync_copyright_resolutions()` background task
- removes lazy reconciliation from read paths
- runs periodically to sync labeler negation status
**#543: simplify get_copyright_info to pure read**
- remove write-on-read pattern from aggregations
- `is_flagged` is now the source of truth (synced by background task)
- labeler remains authoritative; we just don't query it on every read
**breaking: removes resolution columns from copyright_scans**
- `resolution`, `reviewed_at`, `reviewed_by`, `review_notes` removed
- labeler is now the single source of truth for resolution status
- migration included to drop columns
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat: add research/plan/implement workflow commands
inspired by HumanLayer patterns, adds a three-phase workflow for complex tasks:
- `/research [topic]` - deep dive on a topic, persist to docs/research/
- `/plan [issue or description]` - create implementation plan, persist to docs/plans/
- `/implement [plan path]` - execute a plan phase by phase
also improves `/consider-review` to properly fetch and process PR feedback.
the workflow encourages:
- exploring before implementing
- persisting knowledge for future reference
- no open questions in plans
- systematic verification during implementation
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
- pass hasMoreTracks and nextCursor from API response to frontend
- add "load more tracks" button when there are more tracks to load
- display total track count in section header (from analytics)
- fix album cards running off screen on mobile:
- smaller cover images (56px vs 72px)
- tighter padding and gaps
- smaller text sizes
- ensure overflow:hidden on cards
closes pyxorium.com visibility issue (252 tracks, only 50 shown)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude <noreply@anthropic.com>
strips common prefixes from user input on the login page:
- `@user.bsky.social` → `user.bsky.social`
- `at://user.bsky.social` → `user.bsky.social`
- `at://did:plc:abc123` → `did:plc:abc123`
the more complex URL handling and .bsky.social auto-append
need backend support and are deferred for now.
inspired by https://ngerakines.leaflet.pub/3ma7hed2kdk2x
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
* feat: add offline mode foundation with auto-download liked tracks
- add storage.ts with Cache API + IndexedDB for offline audio storage
- add GET /audio/{file_id}/url endpoint returning direct R2 URLs for caching
- add auto_download_liked preference (stored in localStorage, device-specific)
- add settings toggle that bulk-downloads all liked tracks when enabled
- auto-download new tracks when liking (if preference enabled)
- Player component checks for cached audio before streaming
- fix TLFM reauth notice to show correct message
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: require auth for audio URL endpoint
adds authentication to GET /audio/{file_id}/url to prevent
unauthenticated enumeration of audio URLs.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: improve IndexedDB robustness
- close database connections after each operation (fixes connection leak)
- deduplicate concurrent downloads using in-flight promise map
- verify cache entry exists in isDownloaded() and clean up stale metadata
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* refactor: move auto-download toggle to experimental section
keeps the feature available but clearly marked as experimental
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
* feat: add offline mode foundation with auto-download liked tracks
- add storage.ts with Cache API + IndexedDB for offline audio storage
- add GET /audio/{file_id}/url endpoint returning direct R2 URLs for caching
- add auto_download_liked preference (stored in localStorage, device-specific)
- add settings toggle that bulk-downloads all liked tracks when enabled
- auto-download new tracks when liking (if preference enabled)
- Player component checks for cached audio before streaming
- fix TLFM reauth notice to show correct message
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: require auth for audio URL endpoint
adds authentication to GET /audio/{file_id}/url to prevent
unauthenticated enumeration of audio URLs.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: improve IndexedDB robustness
- close database connections after each operation (fixes connection leak)
- deduplicate concurrent downloads using in-flight promise map
- verify cache entry exists in isDownloaded() and clean up stale metadata
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
* fix: mobile modal positioning to use full screen
On mobile, modals were getting cut off due to Safari sticky+fixed
positioning issues. Changed from center-based positioning to inset-based
(top/left/right/bottom) to use the full available screen space.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: use svelte-portal for modal positioning
the header's backdrop-filter creates a CSS containing block, which
causes position:fixed modals to be positioned relative to the header
instead of the viewport. use svelte-portal to render modals directly
on document.body, preserving proper centering.
- add svelte-portal dependency
- apply use:portal={'body'} to LinksMenu and ProfileMenu modals
- add docs/frontend/portals.md documenting this pattern
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
The layout was rendering default OG tags even for tag pages because
/tag/ wasn't in the hasPageMetadata list, causing crawlers to use
the first (default) tags instead of the page-specific ones.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
- add +page.server.ts for SSR tag metadata (name, track count)
- add og:title, og:description, twitter:card meta tags
- keep tracks fetched client-side to preserve auth state
- link previews now show "X tracks tagged #tagname"
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Audio update covering Dec 8-17:
- Glass effects and custom background images
- Accurate AudD cost tracking from track duration
- Moderation agent with audit trails
- Performance improvements (removed slow moderation calls)
- iOS Safari fixes, sticky header, album track order preservation
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
reverts PR #529. the letta account has been discontinued, so reverting
to the original claude-code-action workflow.
changes:
- restore .github/workflows/status-maintenance.yml to use anthropics/claude-code-action@v1
- delete scripts/status_maintenance.py (letta-backed script)
- delete scripts/letta_status_agent.py (local testing script)
- update STATUS.md to remove letta references
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
- calculate API requests from track duration (1 request = 12s audio)
- remove hardcoded Nov 24 fallback - now fully dynamic from DB
- add new fields: requests_this_period, base_cost, overage_cost, billable_requests
- update daily chart to show requests instead of scan count
- change GHA workflow from daily to hourly for near real-time visibility
- update frontend to display request-based metrics with explainer text
AudD billing: $5/mo base + $5/1k requests over 6000 free tier
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
- add pointer-events: none to body::before (fixes input blocking)
- remove disabled state from background URL input (can set fallback)
- fix toast message when toggling playing artwork off
- update descriptions to clarify fallback behavior
- always show tile checkbox when background URL is set
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
the translateZ transform was causing tracks to overlap each other
in 3D space, blocking click events on like/share buttons for all
tracks below the first one. the queue button worked because it was
positioned differently in the layout.
removed the wheel effect entirely - the visual effect wasn't worth
the broken interactivity.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
* feat: add glass effects and track item styling
- add CSS variables for glass effects (--glass-bg, --glass-blur, --glass-border)
- apply backdrop-filter blur to Player, Header, and Queue sidebar
- add translucent backgrounds to TrackItem without blur (performance safe)
- add subtle border-radius (6px) and box-shadow to track items
- support both dark and light themes with appropriate glass values
- remove conflicting light theme overrides in favor of CSS variables
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat: add ui_settings JSONB column for extensible preferences
- add ui_settings JSONB column to user_preferences table
- update preferences API to expose ui_settings field
- merge ui_settings on partial updates to support incremental changes
- add migration for new column
- add tests for ui_settings CRUD and persistence
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat: add background image settings UI
- add UiSettings interface with background_image_url and background_tile
- add background image URL input and tile toggle in settings page
- apply background image via CSS custom properties in layout
- update preferences manager with updateUiSettings method
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat: refine track item hover behavior and glass styling
- remove chunky left border, use uniform subtle border
- add tactile hover: 0.5px lift with accent-tinted glow
- smooth cubic-bezier easing for polished feel
- active state settles back down on click
- adjust track background opacity (88%) for better balance
- fix background image input reactivity bug
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat: add subtle 3D wheel scroll effect to track items
tracks now appear on a convex cylinder surface:
- items at viewport center are closest
- items above/below rotate away slightly (2° max)
- uses passive scroll listener for performance
- transform-style: preserve-3d for proper layering
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat: glass button styling for background image visibility
icon buttons now have translucent backgrounds when a
background image is set, ensuring they remain visible
against any background:
- ShareButton gets glass background
- playlist page icon-btn (edit, delete) gets glass bg
- HiddenTagsFilter eyeball toggle gets glass bg
- glass button CSS variables set dynamically in layout
when background image is present
- respects light/dark theme with appropriate opacity
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: consistent glass button styling and preserve bg image on refresh
- unified queue/action buttons across tag, liked, playlist, and album pages
to use glass button CSS variables (--glass-btn-bg, --glass-btn-border)
- only apply background image changes when preferences are actually loaded
to prevent clearing the background image on refresh/hydration
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat: use playing track artwork as background option
adds a new toggle in settings to use the currently playing
track's artwork as the background image:
- new ui_settings.use_playing_artwork_as_background option
- when enabled, overrides custom background image URL
- background changes dynamically as tracks change
- disables the custom URL input when enabled
- playing artwork never tiles (always cover)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat: blur and tile playing artwork background
- playing artwork now tiles in a 4x4 grid (25% size)
- applies 40px blur for smooth, ambient effect
- uses body::before pseudo-element with scale(1.1) to prevent blur edge artifacts
- custom background images remain unblurred
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: fall back to custom bg when playing track has no artwork
when "use playing artwork as background" is enabled but the
current track has no artwork, now falls back to the custom
background URL if one is set (instead of showing nothing)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat: add subtle text glow for readability against backgrounds
adds a --text-shadow CSS variable that provides a soft glow effect
around gray metadata text when a background image is set. this improves
readability without being visually heavy like a drop shadow.
applied to:
- album page metadata (type, title, meta, artist link)
- tag page track count subtitle
- settings page section headers
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: use proper fallbacks for glass button styling
when no background image is set, buttons should fall back to
transparent backgrounds and standard border colors rather than
hardcoded dark theme glass values.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
STATUS.md:
- added missing section for Dec 10-12 work (PRs #558-572)
- documents background task expansion (like/comment PDS writes, album sync)
- documents Redis cache for copyright labels (PR #566)
- documents mobile UX improvements and misc fixes
background-tasks.md:
- added new tasks: album list sync, PDS like/unlike, PDS comment CRUD
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
* fix: make header sticky on scroll
- change overflow-x from hidden to clip on .app-layout to preserve
position: sticky on descendants
- add position: sticky and background to header so it sticks to top
when scrolling through long lists
previously, scrolling down a long track list required scrolling all the
way back up to access search or navigation. now the header stays visible.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* docs: update STATUS.md with Dec 14-15 work
- performance improvements (PRs #590-591)
- moderation agent (PRs #586, #588)
- bug fixes (PRs #589, #592, #593)
- iOS Safari fixes (PRs #573-576)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
* fix: preserve album track order during ATProto sync (#587)
when syncing album list records to ATProto, the background sync was
always ordering tracks by created_at, overwriting any custom order
the user had set via the frontend reorder feature.
now the sync:
1. fetches the existing ATProto list record order (if any)
2. preserves that order for existing tracks
3. appends any new tracks at the end (sorted by created_at)
this prevents user-reordered albums from reverting on login.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: use unique DID and cleanup in test to avoid CI conflicts
the test was sharing fixtures with fixed DIDs causing foreign key
constraint violations during teardown when running in parallel with xdist.
now uses:
- unique DID with uuid suffix for test isolation
- explicit cleanup in finally block (tracks → albums → artists order)
- properly typed capture function for lint compliance
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
same issue as /tracks/ - copyright info is only displayed in artist
portal, not public tag browse pages.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
the copyright check was making an HTTP call to moderation.plyr.fm on
every /tracks/ request, adding ~1 second latency. this info is only
displayed in /tracks/me (artist portal), not the main feed.
- remove get_copyright_info from main listing endpoint
- keep it in /tracks/me and /tracks/me/broken where it's needed
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
the playlist endpoint wasn't checking for authenticated users, so
tracks always showed is_liked: false even when the user had liked them.
backend:
- add session cookie check to GET /lists/playlists/{id}
- query user's liked tracks when authenticated
- pass liked_track_ids to TrackResponse.from_track()
frontend:
- add client-side liked state hydration (matching artist page pattern)
- prime from localStorage cache, then fetch fresh data
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
- update prompt to de-emphasize unreliable match scores
- focus analysis on title/artist name matching instead
- remove 200 char truncation on reasoning notes
- make resolution notes use full card width in admin UI
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
- add AI-powered moderation agent (scripts/moderation_agent.py) that:
- fetches pending copyright flags from moderation service
- uses Claude to categorize as violation/false positive/needs review
- shows reasoning for each decision in scannable table format
- bulk resolves false positives with human approval
- fix JSON API endpoint to store resolution reason and notes
(previously only the htmx endpoint saved this data)
- update admin UI to display resolution notes prominently
for resolved items instead of hiding in tooltip
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
documents the confidential OAuth client implementation:
- PR #578: initial confidential client support
- PRs #580-582: bug fixes for aud claim and kid header
- fork updates for issuer and kid parameters
- outcome: 180-day refresh tokens, remember-me working
- links to #583 for future account switching work
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
the ATProto OAuth spec requires client assertions to include the kid
in the JWT header so the PDS knows which public key to use for
verification.
changes:
- rename _load_client_secret_key() to _load_client_secret()
- return tuple of (key, kid) instead of just key
- validate that OAUTH_JWK includes kid field
- pass client_secret_kid to OAuthClient
- update atproto fork to v0.0.1.dev470 with kid support
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
python-jose's to_dict() doesn't include the kid field from the
original JWK. this fix explicitly copies the kid from the input
JWK to the public key output.
the kid is required by ATProto OAuth for key identification when
validating client assertions.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>