Add middleware to fetch nav-tree, auth-menu, and cart-mini fragments
from coop apps. Update base.html to render coop nav with fallback.
Add internal URL env vars for Docker networking.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Fragment and oEmbed endpoints must be accessible without authentication.
The silent auth middleware was returning 302 redirects, causing fragment
fetches from coop apps to silently fail.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- nav-item fragment handler with template
- link-card fragment handler with CID-based lookup, friendly names, batch mode
- oEmbed router at GET /oembed for media/recipe/effect/run content
- Fragment templates in app/templates/fragments/
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Check did_auth:{device_id} in Redis — if absent while user has
a session cookie, account has logged out. Clear the cookie so
next request triggers prompt=none which won't re-auth.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add /health endpoint, update healthcheck to use it
- Use configured base URL instead of internal Docker URL
- Add /health to skip prefixes for silent auth
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
FastAPI runs the last-registered middleware first on request.
device_id_middleware was inner, so silent_auth_check's early
redirect bypassed it — cookie never set.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- POST /inbox with HTTP Signature verification
- Device ID cookie tracking + adoption from account
- Silent auth checks local Redis for did_auth signals
- Replaces shared-Redis coupling with AP activity delivery
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Middleware on every GET checks if user is logged in. If not, does a
silent prompt=none redirect to account. If account has an active
session, login completes invisibly. Otherwise sets a 5-minute cooldown
cookie to avoid redirect loops.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- New /effects/upload endpoint for uploading effect files
- Parses PEP 723 dependencies and @-tag metadata
- Lists, gets, and deletes effects by content hash
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Removed /run/{id} and /recipe/{id} redirect routes
- Updated templates to use /runs/ and /recipes/ paths
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The /run/{id} and /recipe/{id} redirects were calling route handlers
directly without passing the required service dependencies.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Full implementation of runs, recipes, cache routers with templates
- Auth and storage routers fully migrated
- Jinja2 templates for all L1 pages
- Service layer for auth and storage
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Phase 2 of the full modernization:
- App factory pattern with create_app()
- Settings via dataclass with env vars
- Dependency injection container
- Router stubs for auth, storage, api, recipes, cache, runs
- Service layer stubs for run, recipe, cache
- Repository layer placeholder
Routes are stubs that import from legacy server.py during migration.
Next: Migrate each router fully with templates.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
