~bigbes/lethe

ref: 96e95ab9e44d2234ab036319836a5087eb4c2a2f lethe/README.md -rw-r--r-- 12.2 KiB
7b17e7c1 — Eugene Blikh 23 days ago 
docs: refresh README and TODO after search+opencode merge

README: add search, projects, stats, saved-searches to API surface table;
remove stale reference to unshipped search task
TODO: mark #3 reviewed, unblock #7
4abe63ea — Eugene Blikh 24 days ago 
docs: conclude lethe collector task
3ae44b28 — Eugene Blikh a month ago 
tooling: adopt go tool directives; rename air→dev; bundle fmt drift

- Justfile: rename `air:` to `dev:`, body uses `go tool air`; the three
  migrate recipes use `go tool migrate`; `fmt` adds `go fix ./...`.
  Stale `brew install golang-migrate` comment block replaced with the
  one-line `go get -tool` bootstrap hint.
- README.md: quickstart says `just dev`.
- go.mod: declare github.com/air-verse/air and golang-migrate's cmd
  in the `tool` block (Go 1.24+) so contributors never need a separate
  install step. Updates go.sum accordingly.
- internal/domain/stats/repository.go: pre-existing `HostSplit` indent
  drift + trailing newline, surfaced by goimports inside the new fmt
  recipe.
53221c91 — Eugene Blikh a month ago 
feat(cmd): wire server with /healthz /readyz /metrics + authed /api/v1

Phase 9 of lethe-server: thin main.go that loads config, registers every
steward asset, and orchestrates Inject -> Init -> Start -> wait -> Stop ->
Destroy. Compensates for the Phase 4 finding (steward.Manager does not
unwind on Init failure) by tracking destroyer-implementing assets in a
parallel slice and invoking Destroy in reverse registration order with a
per-call timeout when Init or Start fails.

Server.Start now opens its TCP listener synchronously and exposes the
bound address via Addr(), so the e2e smoke can bind to 127.0.0.1:0 and
discover the kernel-assigned port.

Adds an end-to-end smoke test that drives the real steward graph
(in-memory SQLite, real loopback listener, forward-auth) through ingest +
sessions list/detail for two users with the same composite session key,
proving owner isolation reaches all the way through the trust boundary.

Deletes internal/platform/health/steward_unwind_test.go: the canary's
purpose was to surface the unwind gap so Phase 9 could compensate, which
it now does.

README updated with consolidated curl quickstart (forward-auth + OIDC
bearer variants), trust-chain diagram and the proxy-must-strip-Remote-*
spoofing note, response-shape documentation for the API surface, and an
operational notes section covering health, metrics, lifecycle and logs.
4ca03bea — Eugene Blikh a month ago 
feat: bootstrap lethe server skeleton + wire contract