Files

giles 22802bd36b Send all responses as sexp wire format with client-side rendering

- Server sends sexp source text, client (sexp.js) renders everything
- SexpExpr marker class for nested sexp composition in serialize()
- sexp_page() HTML shell with data-mount="body" for full page loads
- sexp_response() returns text/sexp for OOB/partial responses
- ~app-body layout component replaces ~app-layout (no raw!)
- ~rich-text is the only component using raw! (for CMS HTML content)
- Fragment endpoints return text/sexp, auto-wrapped in SexpExpr
- All _*_html() helpers converted to _*_sexp() returning sexp source
- Head auto-hoist: sexp.js moves meta/title/link/script[ld+json]
  from rendered body to document.head automatically
- Unknown components render warning box instead of crashing page
- Component kwargs preserve AST for lazy rendering (fixes <> in kwargs)
- Fix unterminated paren in events/sexp/tickets.sexpr

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-01 09:45:07 +00:00

alembic

Security audit: fix IDOR, add rate limiting, HMAC auth, token hashing, XSS sanitization

2026-02-26 13:30:27 +00:00

Send all responses as sexp wire format with client-side rendering

2026-03-01 09:45:07 +00:00

models

Monorepo: consolidate 7 repos into one

2026-02-24 19:44:17 +00:00

services

Decouple cross-domain DB queries for per-app database split

2026-02-25 11:32:14 +00:00

sexp

Send all responses as sexp wire format with client-side rendering

2026-03-01 09:45:07 +00:00

templates

Send all responses as sexp wire format with client-side rendering

2026-03-01 09:45:07 +00:00

tests

Test dashboard: full menu system, all-service tests, filtering

2026-02-28 22:54:25 +00:00

__init__.py

Monorepo: consolidate 7 repos into one

2026-02-24 19:44:17 +00:00

alembic.ini

Decouple per-service Alembic migrations and fix cross-DB queries

2026-02-26 12:07:24 +00:00

app.py

Send all responses as sexp wire format with client-side rendering

2026-03-01 09:45:07 +00:00

Dockerfile

Split cart into 4 microservices: relations, likes, orders, page-config→blog

2026-02-27 09:03:33 +00:00

entrypoint.sh

Fix alembic path in entrypoints for both Docker and dev

2026-02-26 12:13:03 +00:00

path_setup.py

Monorepo: consolidate 7 repos into one

2026-02-24 19:44:17 +00:00

README.md

Update app READMEs for monorepo

2026-02-24 20:13:00 +00:00

README.md

Account App

User dashboard for the Rose Ash cooperative. Provides account management, newsletter preferences, and widget pages for tickets and bookings.

Structure

app.py                  # Application factory (create_base_app + blueprints)
path_setup.py           # Adds project root + app dir to sys.path
entrypoint.sh           # Container entrypoint (Redis flush, start)
bp/
  account/              #   Dashboard, newsletters, widget pages (tickets, bookings)
  auth/                 #   OAuth client routes + HTTP token exchange for non-coop clients
  fragments/            #   auth-menu fragment (sign-in button / user menu)
models/                 # Re-export stubs pointing to shared/models/
services/               # register_domain_services() — wires all domains
templates/              # Account-specific templates (override shared/)

Account serves the auth-menu fragment consumed by all other apps' headers. It renders either a sign-in button (anonymous) or the user's email with a dropdown (authenticated), for both desktop and mobile layouts.

OAuth token exchange

POST /auth/oauth/token provides HTTP-based token exchange for non-coop OAuth clients (e.g., Artdag).

Cross-domain communication

services.blog.* — post queries for page context
services.calendar.* — calendar/entry queries for bookings panel
services.cart.* — cart summary + orders for tickets panel

Fragments served

auth-menu — sign-in button or user email menu (desktop + mobile)

README.md

Account App

Structure

Auth menu

OAuth token exchange

Cross-domain communication

Fragments served