Fix logout to clear both legacy and shared domain cookies

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

README.md

@@ -19,7 +19,7 @@ pip install -r requirements.txt
 export ARTDAG_DOMAIN=artdag.rose-ash.com
 export ARTDAG_USER=giles
 export ARTDAG_DATA=~/.artdag/l2
-export ARTDAG_L1=http://localhost:8100
+export DATABASE_URL=postgresql://artdag:artdag@localhost:5432/artdag
 
 # Generate signing keys (required for federation)
 python setup_keys.py
@@ -96,12 +96,53 @@ Keys are stored in `$ARTDAG_DATA/keys/`:
 
 **Important**: Private keys are gitignored. Back them up securely. Losing them invalidates all your signatures.
 
+## Client Commands
+
+### Upload Media
+
+Register a media asset (image, video, audio) with a content hash:
+
+```bash
+curl -X POST http://localhost:8200/assets \
+  -H "Content-Type: application/json" \
+  -H "Authorization: Bearer <token>" \
+  -d '{
+    "name": "my-video",
+    "content_hash": "abc123...",
+    "asset_type": "video",
+    "tags": ["art", "generated"]
+  }'
+```
+
+### Upload Recipe
+
+Record an L1 run as an owned asset. This fetches the run details from the L1 server and registers the output:
+
+```bash
+curl -X POST http://localhost:8200/assets/record-run \
+  -H "Content-Type: application/json" \
+  -H "Authorization: Bearer <token>" \
+  -d '{
+    "run_id": "uuid-from-l1",
+    "l1_server": "https://celery-artdag.rose-ash.com",
+    "output_name": "my-rendered-video"
+  }'
+```
+
 ## API Endpoints
 
 ### Server Info
 | Method | Path | Description |
 |--------|------|-------------|
-| GET | `/` | Server info |
+| GET | `/` | Home page with stats |
+
+### Assets
+| Method | Path | Description |
+|--------|------|-------------|
+| GET | `/assets` | List all assets |
+| GET | `/assets/{name}` | Get asset by name |
+| POST | `/assets` | Upload media - register new asset |
+| POST | `/assets/record-run` | Upload recipe - record L1 run |
 
 ### ActivityPub
 | Method | Path | Description |
@@ -112,65 +153,33 @@ Keys are stored in `$ARTDAG_DATA/keys/`:
 | POST | `/users/{username}/inbox` | Receive activities |
 | GET | `/users/{username}/followers` | Followers list |
 | GET | `/objects/{content_hash}` | Get object by hash |
+| GET | `/activities/{index}` | Get activity by index |
 
-### Registry
+### Authentication
 | Method | Path | Description |
 |--------|------|-------------|
-| GET | `/registry` | Full registry |
+| POST | `/auth/register` | Register new user |
-| GET | `/registry/{name}` | Get asset by name |
+| POST | `/auth/login` | Login, get JWT token |
-| POST | `/registry` | Register new asset |
+| GET | `/auth/me` | Get current user |
-| POST | `/registry/record-run` | Record L1 run as owned asset |
-
-## Example Usage
-
-### Register an asset
-```bash
-curl -X POST http://localhost:8200/registry \
-  -H "Content-Type: application/json" \
-  -d '{
-    "name": "my-video",
-    "content_hash": "abc123...",
-    "asset_type": "video",
-    "tags": ["art", "generated"]
-  }'
-```
-
-### Record an L1 run
-```bash
-curl -X POST http://localhost:8200/registry/record-run \
-  -H "Content-Type: application/json" \
-  -d '{
-    "run_id": "uuid-from-l1",
-    "output_name": "my-rendered-video"
-  }'
-```
-
-### Discover actor (WebFinger)
-```bash
-curl "http://localhost:8200/.well-known/webfinger?resource=acct:giles@artdag.rose-ash.com"
-```
-
-### Get actor profile
-```bash
-curl -H "Accept: application/activity+json" http://localhost:8200/users/giles
-```
 
 ## Data Storage
 
-Data stored in `~/.artdag/l2/`:
+Data stored in PostgreSQL:
-- `registry.json` - Asset registry
+- `users` - Registered users
-- `activities.json` - Signed activities
+- `assets` - Asset registry
-- `actor.json` - Actor profile
+- `activities` - Signed activities
-- `followers.json` - Followers list
+- `followers` - Followers list
+
+RSA keys stored in `$ARTDAG_DATA/keys/` (files, not database).
 
 ## Architecture
 
 ```
 L2 Server (port 8200)
     │
-    ├── POST /registry → Register asset → Create activity → Sign
+    ├── POST /assets (upload media) → Register asset → Create activity → Sign
     │
-    ├── POST /registry/record-run → Fetch L1 run → Register output
+    ├── POST /assets/record-run (upload recipe) → Fetch L1 run → Register output
     │       │
     │       └── GET L1_SERVER/runs/{id}
     │

docker-compose.yml

@@ -24,7 +24,7 @@ services:
     environment:
       - ARTDAG_DATA=/data/l2
       - DATABASE_URL=postgresql://artdag:${POSTGRES_PASSWORD:-artdag}@postgres:5432/artdag
-      # ARTDAG_DOMAIN, ARTDAG_USER, ARTDAG_L1, JWT_SECRET from .env file
+      # ARTDAG_DOMAIN, ARTDAG_USER, JWT_SECRET from .env file
     volumes:
       - l2_data:/data/l2  # Still needed for RSA keys
     networks:

server.py

@@ -451,7 +451,10 @@ async def ui_register_submit(request: Request):
 async def logout():
     """Handle logout - clear cookie and redirect to home."""
     response = RedirectResponse(url="/", status_code=302)
-    response.delete_cookie("auth_token", domain=COOKIE_DOMAIN)
+    # Delete both legacy (no domain) and new (shared domain) cookies
+    response.delete_cookie("auth_token")
+    if COOKIE_DOMAIN:
+        response.delete_cookie("auth_token", domain=COOKIE_DOMAIN)
     return response