displays count matching current filter (e.g., "27 pending", "5 resolved")
right-aligned in the filter row for quick visibility

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

- add PlyrClient to check track existence via plyr.fm API
- before LLM analysis, check each flagged track still exists
- auto-resolve with reason "content_deleted" if track returns 404
- add ContentDeleted variant to ResolutionReason enum in Rust

prevents labels from persisting in the ether for deleted content

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

- move review to /admin/review/:id (proper admin namespace)
- use admin.css for consistent styling with dashboard
- add "← back to dashboard" navigation link
- add three action types:
- clear: false positive, emit negation label
- defer: acknowledge but take no action (flag stays active)
- confirm: mark as real violation (flag stays active)
- toggle decisions by clicking same button again

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

* fix: add auth flow to review page like admin

- make /review/:id HTML page public (keep data/submit protected)
- add auth input, localStorage token check/save
- send X-Moderation-Key header with submit request
- handle 401 by showing auth prompt again

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* ci: only check rust services that actually changed

use dorny/paths-filter to detect which service changed,
skip cargo check and docker build for unchanged services.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

batch['url'] returns relative path, prepend base_url for clickable link.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

* feat(moderation): add batch review system with mobile-friendly UI

- Add review batch tables (review_batches, batch_flags) with migrations
- Add /admin/batches POST endpoint to create review batches
- Add /review/:id endpoints for auth-protected review UI
- Review page renders server-side HTML with embedded JS
- Same auth middleware as admin endpoints (X-Moderation-Key header)
- Update moderation_loop.py to create batches and send DM links
- Simplify loop: DM is now just a notification channel, not for parsing

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* feat(ci): add workflow dispatch for moderation loop

Allows triggering the moderation loop from GitHub Actions UI with:
- dry_run toggle (default: true for safety)
- limit input for testing with subset of flags
- env selector (prod/staging/dev)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

- environments.md: update redis column to show fly.io apps
- background-tasks.md: update production/staging section with fly URLs and pricing
- docket_runs.py: update hints to show flyctl proxy commands
- fly.toml/fly.staging.toml: update DOCKET_URL comments

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

- redis/fly.staging.toml: staging Redis config
- redis/fly.toml: fix services to reference processes
- .github/workflows/deploy-redis.yml: deploy on changes to redis/

Requires FLY_API_TOKEN_REDIS secret to be set in GitHub.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

* infra: add self-hosted redis config, remove upstash

Upstash was costing ~$75/month at 37M commands. Self-hosted Redis on
Fly will cost ~$2/month.

Changes:
- redis/fly.toml: Redis 7 Alpine with AOF persistence, 256MB VM
- redis/README.md: deployment and switchover instructions
- Remove upstash from costs script and frontend (redis cost is
included in fly_io since it's a Fly VM)

Deployment steps:
1. fly apps create plyr-redis
2. fly volumes create redis_data --region iad --size 1 -a plyr-redis
3. fly deploy -a plyr-redis (from redis/ dir)
4. fly secrets set DOCKET_URL=redis://plyr-redis.internal:6379 -a relay-api
5. Verify docket tasks work
6. fly redis destroy plyr-redis-prd

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* docs: update README costs and project structure for redis

---------

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

The portal page was making 4 API calls sequentially during mount:
- loadMyTracks()
- loadArtistProfile()
- loadMyAlbums()
- loadMyPlaylists()

Each waited for the previous to complete before starting. Since these
are independent, run them in parallel with Promise.all() to reduce
time-to-interactive.

Expected improvement: ~300-800ms reduction in LCP depending on network
conditions (from sequential to parallel latency).

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

adopts the track detail page pattern for playlist and album pages:
- show "play" / "pause" text (not "play now" / icon-only)
- consistent pause icon path across all pages
- add ethereal-glow animation to track page for consistency

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

adds warning about modifying Docket/Worker constructor args after the
heartbeat_interval=30s change broke all task execution. documents:
- which settings not to change
- the incident timeline
- testing requirements if settings must be changed

also filed issue on pydocket: https://github.com/chrisguidry/docket/issues/267

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

The 30s heartbeat_interval added in #653 broke background task execution.
Likes scheduled since Dec 29 deploy have null atproto_like_uri.

Reverts the Docket heartbeat_interval back to default (2s).

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

the play button on playlist and album pages wasn't resuming playback
after pausing. the issue was in the `isPlaylistPlaying` derived state
which included `!player.paused` - when paused, this became false,
causing the button to call `playNow()` instead of `togglePlayPause()`.

since the queue already had the same track at index 0, `setQueue` did
nothing and playback didn't resume.

fix: separate "is this playlist/album active" (track is from here) from
"is it playing" (active AND not paused). button now uses `isActive` to
decide toggle vs start fresh, while `isPlaying` controls the visual state.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

- Play button toggles between play/pause when collection is playing
- Shows pause icon (no text) when active, "play now" when inactive
- Subtle breathing glow animation indicates playback state
- Shared keyframes in layout for consistent behavior across pages

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

- consolidate input/textarea styles in portal page (-12 lines)
- add docs/frontend/design-tokens.md documenting all CSS tokens
- update frontend/CLAUDE.md with design tokens guidance

closes #661

* refactor(css): add typography scale tokens

adds a typography scale to the design system and replaces hardcoded
font-size values across the frontend.

tokens added:
- --text-xs: 0.75rem
- --text-sm: 0.85rem
- --text-base: 0.9rem
- --text-lg: 1rem
- --text-xl: 1.1rem
- --text-2xl: 1.25rem
- --text-3xl: 1.5rem

semantic aliases updated to use scale:
- --text-page-heading: var(--text-3xl)
- --text-body: var(--text-lg)
- --text-small: var(--text-base)

397/471 occurrences tokenized (84%). remaining 74 are edge cases
(large display text, very small text, pixel values).

normalizations:
- 0.7rem → --text-xs (0.75rem)
- 0.8rem → --text-sm (0.85rem)
- 0.95rem → --text-base (0.9rem)

closes #658

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* chore: add digest slash command for external resource analysis

---------

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

* refactor(css): add border-radius design tokens

adds a border-radius scale to the design system and replaces hardcoded
values across 46 frontend files.

tokens added:
- --radius-sm: 4px
- --radius-base: 6px
- --radius-md: 8px
- --radius-lg: 12px
- --radius-xl: 16px
- --radius-2xl: 24px
- --radius-full: 9999px

285/296 occurrences tokenized (96%). remaining 11 are intentional edge
cases (partial radii, calc(), 2px slider tracks).

normalizations:
- 5px, 3px → --radius-sm (4px)
- 10px → --radius-md (8px)
- 20px → --radius-xl (16px)

closes #657

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* chore: update STATUS.md for end-of-year QoL mode

- sprint #625 complete, moved to quality of life mode
- documented what shipped (moderation consolidation, atprotofans)
- deferred rules engine and time-release gating to aspirational

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

restored original styling that was accidentally replaced:
- chart bars now use margin-top: auto (bars grow upward)
- heart icon in support section restored
- time range toggle uses font-family: inherit
- correct CSS variables (--bg-tertiary, --border-subtle)

kept the minimal upstash additions from previous commit.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

- show upload progress percentage in error messages (e.g. "failed at 45%")
- detect mobile devices and show targeted guidance for large file failures
- warn mobile users proactively when uploading files >50MB
- provide actionable suggestions (WiFi, desktop browser) instead of generic errors

context: user reported upload failures on mobile with unhelpful error messages

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

- increase docket heartbeat interval from 2s to 30s
- reduces redis commands by ~15x (heartbeat tracks 12 tasks)
- dead worker detection: 10s → 2.5min (acceptable for 5-min perpetual task)

- add upstash to /costs dashboard
- track redis usage in cost breakdown
- currently free tier (256MB, 500K commands/month)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

- core cleanup shipped (PR #617)
- sensitive images moved to moderation service (PR #644)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

consolidates sensitive image management in the rust moderation service:

- adds sensitive_images table to moderation db with migration
- adds GET /sensitive-images (public), POST /admin/sensitive-images,
POST /admin/sensitive-images/remove endpoints to moderation service
- adds get_sensitive_images() method to ModerationClient
- updates backend /moderation/sensitive-images to proxy to moderation service
- adds migration script for existing data

closes #544

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

"gate tracks for supporters" → "offer exclusive tracks to supporters"

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

the handle-row uses flexbox which ignores text-align from the parent.
added justify-content: center in the mobile media query.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

The liked state wasn't loading on the track detail page because of a
race condition with auth initialization:

1. Page loads, navigation effect runs immediately
2. Effect sets loadedForTrackId = currentId
3. BUT auth.isAuthenticated is still false (async auth not resolved)
4. loadLikedState() is skipped
5. Auth resolves, isAuthenticated becomes true
6. Effect runs again, but loadedForTrackId === currentId, so nothing happens
7. Liked state is never fetched

Fix: Split into two separate effects:
- One for general track data (comments, etc.) - runs immediately
- One for liked state - runs when auth.isAuthenticated becomes true

This ensures the liked heart shows correctly even when auth loads after
the initial page render.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

- use slice-based filtering for time ranges (shows last N days)
- fix chart overflow with flex shrink and min-width: 0
- add font-family: inherit to toggle buttons
- reduce label font size and add overflow handling

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

- export script now queries 30 days of daily data (independent of billing cycle)
- frontend adds toggle buttons (24h / 7d / 30d) to filter the chart
- billing period stats (free remaining, billable) still use AudD cycle for cost accuracy
- defaults to 30d view

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

* fix: lower header mobile breakpoint from 1599px to 1100px

the header was switching to mobile layout at 1599px, way too high.
at 1512px viewport width, users were seeing mobile header (no stats,
no icons) even on desktop.

changes:
- lower header breakpoint to 1100px (800px content + margin space)
- add breakpoints.ts as single source of truth for breakpoint values
- add comments referencing breakpoints.ts in Header.svelte

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* fix: hide search in margin at 1300px to prevent crowding stats

adds intermediate breakpoint - search hides from margin before stats,
giving stats more breathing room as viewport narrows.

breakpoints now:
- >1300px: full desktop (stats + search in margin)
- 1100-1300px: stats only in margin (search hidden)
- <1100px: mobile layout (margin elements hidden)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* fix: switch to mobile layout at 1300px instead of intermediate state

simpler approach: just switch to mobile layout when margin space gets
tight, rather than hiding individual elements.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

the `gated` field is viewer-resolved (true = no access, false = has access).
previously, auto-download would attempt for all tracks then fail silently.
now we pass `gated` through the like flow and only skip when gated === true.

- supporters (gated === false): download proceeds normally
- non-supporters (gated === true): download skipped client-side

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

- shows lock icon next to title when track.gated is true
- guards addToQueue with gated check + toast

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

* fix: resolve gated status server-side, show lock icon for inaccessible content

- add `gated: bool` field to TrackResponse that resolves access at serialization
- backend checks if viewer is owner or supporter before returning tracks
- add `get_supported_artists()` helper for batch atprotofans API checks
- change frontend icon from heart to lock for gated content
- lock only shows when content is actually inaccessible to the viewer

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* docs: add R2_PRIVATE_BUCKET to configuration docs

* fix: update portal page to use lock icon for gated tracks

* feat: show toast when non-supporter tries to queue gated track

adds sync guard function that uses server-resolved gated status
to show toast without network call when adding to queue.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

* feat: add supporter-gated content infrastructure

backend support for atprotofans content gating:

- create private R2 buckets (audio-private-dev/staging/prod)
- add R2_PRIVATE_BUCKET and PRESIGNED_URL_EXPIRY_SECONDS settings
- implement save_gated() and generate_presigned_url() in R2Storage
- add supportGate field to fm.plyr.track lexicon
- add support_gate JSONB column to tracks table
- add atprotofans validation helper (_internal/atprotofans.py)
- update audio endpoint to check supporter status for gated tracks
- 401 if not authenticated
- 402 if not a supporter
- presigned URL redirect if valid supporter

the supportGate object starts with type: "any" (any support unlocks),
with room to grow for tiers (recurring, minimum amounts, etc.)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* feat: add support_gate parameter to upload flow

enable artists to upload supporter-gated tracks:

- add support_gate form parameter to upload endpoint
- validate support_gate JSON structure (must have type: "any")
- require atprotofans to be enabled in settings to use gating
- use save_gated() for gated tracks (private R2 bucket)
- store support_gate in Track model and ATProto record
- gated tracks use API endpoint URL instead of direct R2 URL

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* feat(frontend): add UI for supporter-gated tracks

- TrackItem: show heart badge overlay on gated tracks with dimmed image
- Player: detect 401/402 on gated content, show toast with supporter CTA
- Upload: add "supporters only" toggle when artist has atprotofans enabled
- Types: add SupportGate interface and support_gate field to Track

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* fix: complete supporter-gated content implementation

- fix presigned URL generation with SigV4 signature (was returning 401)
- add playback helper to check gated access BEFORE modifying queue state
(clicking locked track no longer interrupts current playback)
- add support_gate toggle to track edit UI in portal
- centralize atprotofans support URL generation in config.ts
- add 7 regression tests for gated content access control

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* fix: migrate audio to private bucket when enabling support_gate

when enabling support_gate on an existing track, the audio file must be
migrated from the public bucket to the private bucket. otherwise the
original public r2_url remains accessible, bypassing the paywall.

- add R2Storage.migrate_to_private_bucket() - copies file then deletes original
- add migrate_track_to_private_bucket background task
- schedule migration in PATCH endpoint when support_gate is enabled on
a track that has an r2_url (indicating it's in the public bucket)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* refactor: unify audio bucket migration to single move_audio method

- R2Storage.move_audio(file_id, extension, to_private) handles both directions
- move_track_audio background task replaces separate migrate_to_private/public
- PATCH endpoint schedules move when toggling support_gate in either direction:
- enabling gate on public track → move to private
- disabling gate on private track → move to public

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* fix: sync ATProto record when toggling support_gate

- include support_gate changes in metadata_changed check
- pass support_gate to build_track_record
- use backend API URL for gated tracks (r2_url is None)
- fix upload page: link to /portal not /settings for atprotofans setup

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

direct atprotofans contributions use the artist's DID as the signer,
not the broker DID. the broker DID is only used when plyr.fm is a
registered platform that created the support template.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

beartype runtime type checking requires exact type matches.
`progress_pct=0` (int) fails validation against `float | None`.

fixes upload failure: "BeartypeCallHintParamViolation: parameter
progress_pct=0 violates type hint float | None"

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

most users are listeners first, uploaders second - landing on the library
(liked tracks, playlists) is a better default than the portal (artist management).

- change backend OAuth callback to redirect to /library
- add exchange_token handling to library page (same pattern as portal)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

- add SupporterBadge component with heart icon styling
- add validateSupporter API call to artist page when viewer is logged in
- call atprotofans API directly from frontend (public endpoint)
- use broker DID for signer parameter
- only show badge when:
- viewer is authenticated
- artist has support_url: 'atprotofans'
- viewer is not the artist themselves
- validation returns valid: true
- update research doc with implementation status and correct API usage
- add new research doc for supporter-gated content architecture (R2 presigned URLs)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

- documented PR #629 rate limiting fix for moderation endpoint
- added tip to status-update command suggesting use after /deploy

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

Detected suspicious activity: 72 requests in 17 seconds from a single IP
with no user agent, targeting only this endpoint. Added 10/minute rate
limit to prevent abuse.

Investigation details:
- Single IP (172.16.17.202 via Fly proxy) hitting endpoint repeatedly
- Requests spaced ~230ms apart (too consistent for human browsing)
- No corresponding user activity (page loads, audio streams)
- All requests had no User-Agent header

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

- STATUS.md: add sprint section (Dec 20-31) with two tracks:
- moderation architecture overhaul (Osprey/Ozone patterns)
- atprotofans paywall integration (supporter gating)
- research docs for both tracks with implementation phases
- updated immediate priorities to reflect sprint focus

tracking: #625

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude <noreply@anthropic.com>

- LikeButton: use overridable $derived instead of $state + $effect for
optimistic UI, add aria-label for accessibility
- TrackItem: use $derived for likeCount/commentCount that sync with props,
use $effect.pre for resetting local UI state on track change
- docs: document overridable $derived pattern in state-management.md

reviewed against Svelte MCP autofixer recommendations

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

- beartype runtime type checking (PR #619)
- moderation cleanup consolidation (PRs #617-618)
- login UX improvements (PRs #604, #613)
- artist page pagination + mobile fixes (PR #615)
- Open Graph tags for tag pages (PRs #605-607)
- misc: upload button, background settings, atprotofans link, AudD billing

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

Buttons don't inherit font from parent by default in CSS.

Co-authored-by: Claude <noreply@anthropic.com>

* fix: enable beartype runtime type checking and fix type violations

enables beartype for runtime type checking across the backend package.
this catches type violations at function call time, improving reliability.

**type fixes:**
- `_get_existing_track_order`: accept `str | None` for album_atproto_uri
- `_emit_copyright_label`: use `int` for highest_score (matches db model)
- `ModerationClient.__init__`: accept `int | float` for timeout_seconds
- `UploadProgressTracker`: accept `int | float` for min_time_between_updates
- `hash_file_chunked`: use `BinaryIO | IOBase` (works with BytesIO and file handles)
- `build_track_record` callers: guard against None r2_url before calling

**test fixes:**
- `MockStorage`: inherit from `R2Storage` for proper type compatibility
- `test_update_album_title`: add `r2_url` to track fixture

**refactors:**
- `storage/__init__.py`: import `R2Storage` directly (no lazy forward ref)
- `image.py`, `audio.py`: use `typing.Self` for classmethod return types
- `auth.py`: import `EllipticCurvePrivateKey` directly

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* chore: add beartype as explicit dependency

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* fix: disable automatic perpetual task scheduling in tests

The docket worker's automatic perpetual task scheduling was causing
event loop issues during test teardown. The Worker creates async
connections that get attached to one event loop, but TestClient
teardown runs on a different loop.

Added DOCKET_SCHEDULE_AUTOMATIC_TASKS setting (default: true) and
set it to false in test environment to prevent this issue.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* perf: session-scope TestClient fixture for 5x faster tests

The client fixture was function-scoped, causing the full FastAPI
lifespan (database init, services, docket worker) to run for each
test. Switching to session-scope reduces test_stats.py from 26s to 5s.

Full test suite now runs in ~17s instead of potentially much longer.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* refactor: remove init_db() from lifespan

init_db() called Base.metadata.create_all on every server start.
This was a no-op since all tables already exist in dev/staging/prod.
Tests handle their own table creation via conftest.py.

Dead code removed. Database schema is managed by alembic migrations.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

The task was registered but never scheduled periodically. Adding
Perpetual(every=timedelta(minutes=5), automatic=True) makes it run
automatically every 5 minutes after worker startup.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

* refactor: moderation cleanup (#541, #542, #543)

this PR consolidates moderation architecture across three related issues:

**#541: extract ModerationClient class**
- new `moderation_client.py` with centralized client for all moderation service calls
- replaces scattered httpx.AsyncClient instantiation with singleton pattern
- consistent timeout, auth, and caching behavior

**#542: move lazy resolution to background task**
- add `sync_copyright_resolutions()` background task
- removes lazy reconciliation from read paths
- runs periodically to sync labeler negation status

**#543: simplify get_copyright_info to pure read**
- remove write-on-read pattern from aggregations
- `is_flagged` is now the source of truth (synced by background task)
- labeler remains authoritative; we just don't query it on every read

**breaking: removes resolution columns from copyright_scans**
- `resolution`, `reviewed_at`, `reviewed_by`, `review_notes` removed
- labeler is now the single source of truth for resolution status
- migration included to drop columns

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* feat: add research/plan/implement workflow commands

inspired by HumanLayer patterns, adds a three-phase workflow for complex tasks:

- `/research [topic]` - deep dive on a topic, persist to docs/research/
- `/plan [issue or description]` - create implementation plan, persist to docs/plans/
- `/implement [plan path]` - execute a plan phase by phase

also improves `/consider-review` to properly fetch and process PR feedback.

the workflow encourages:
- exploring before implementing
- persisting knowledge for future reference
- no open questions in plans
- systematic verification during implementation

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

- pass hasMoreTracks and nextCursor from API response to frontend
- add "load more tracks" button when there are more tracks to load
- display total track count in section header (from analytics)
- fix album cards running off screen on mobile:
- smaller cover images (56px vs 72px)
- tighter padding and gaps
- smaller text sizes
- ensure overflow:hidden on cards

closes pyxorium.com visibility issue (252 tracks, only 50 shown)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude <noreply@anthropic.com>

strips common prefixes from user input on the login page:
- `@user.bsky.social` → `user.bsky.social`
- `at://user.bsky.social` → `user.bsky.social`
- `at://did:plc:abc123` → `did:plc:abc123`

the more complex URL handling and .bsky.social auto-append
need backend support and are deferred for now.

inspired by https://ngerakines.leaflet.pub/3ma7hed2kdk2x

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

* feat: add offline mode foundation with auto-download liked tracks

- add storage.ts with Cache API + IndexedDB for offline audio storage
- add GET /audio/{file_id}/url endpoint returning direct R2 URLs for caching
- add auto_download_liked preference (stored in localStorage, device-specific)
- add settings toggle that bulk-downloads all liked tracks when enabled
- auto-download new tracks when liking (if preference enabled)
- Player component checks for cached audio before streaming
- fix TLFM reauth notice to show correct message

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* fix: require auth for audio URL endpoint

adds authentication to GET /audio/{file_id}/url to prevent
unauthenticated enumeration of audio URLs.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* fix: improve IndexedDB robustness

- close database connections after each operation (fixes connection leak)
- deduplicate concurrent downloads using in-flight promise map
- verify cache entry exists in isDownloaded() and clean up stale metadata

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* refactor: move auto-download toggle to experimental section

keeps the feature available but clearly marked as experimental

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

* feat: add offline mode foundation with auto-download liked tracks

- add storage.ts with Cache API + IndexedDB for offline audio storage
- add GET /audio/{file_id}/url endpoint returning direct R2 URLs for caching
- add auto_download_liked preference (stored in localStorage, device-specific)
- add settings toggle that bulk-downloads all liked tracks when enabled
- auto-download new tracks when liking (if preference enabled)
- Player component checks for cached audio before streaming
- fix TLFM reauth notice to show correct message

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* fix: require auth for audio URL endpoint

adds authentication to GET /audio/{file_id}/url to prevent
unauthenticated enumeration of audio URLs.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* fix: improve IndexedDB robustness

- close database connections after each operation (fixes connection leak)
- deduplicate concurrent downloads using in-flight promise map
- verify cache entry exists in isDownloaded() and clean up stale metadata

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

* fix: mobile modal positioning to use full screen

On mobile, modals were getting cut off due to Safari sticky+fixed
positioning issues. Changed from center-based positioning to inset-based
(top/left/right/bottom) to use the full available screen space.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* fix: use svelte-portal for modal positioning

the header's backdrop-filter creates a CSS containing block, which
causes position:fixed modals to be positioned relative to the header
instead of the viewport. use svelte-portal to render modals directly
on document.body, preserving proper centering.

- add svelte-portal dependency
- apply use:portal={'body'} to LinksMenu and ProfileMenu modals
- add docs/frontend/portals.md documenting this pattern

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

The layout was rendering default OG tags even for tag pages because
/tag/ wasn't in the hasPageMetadata list, causing crawlers to use
the first (default) tags instead of the page-specific ones.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

- add +page.server.ts for SSR tag metadata (name, track count)
- add og:title, og:description, twitter:card meta tags
- keep tracks fetched client-side to preserve auth state
- link previews now show "X tracks tagged #tagname"

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>