fix: remove build artifacts from repo, build SPA in Docker

- Remove web/dist/ from git tracking (build output) - Add web/dist/ to .gitignore - Add Node.js web-builder stage to Dockerfile to compile SPA at build time - Update REPO_POLICIES.md from upstream sneak/prompts (build artifacts policy)
Rename replay → initChannelState
2026-03-09 17:25:49 -07:00 · 2026-03-09 17:00:56 -07:00 · 2026-03-09 17:00:56 -07:00 · 2026-03-09 17:00:56 -07:00
4 changed files with 32 additions and 41 deletions
--- a/4
+++ b/4
@@ -15,9 +15,7 @@ WORKDIR /src
 COPY go.mod go.sum ./
 RUN go mod download
 COPY . .
-# Create placeholder files so //go:embed dist/* in web/embed.go resolves
-# without depending on the web-builder stage (lint should fail fast)
-RUN mkdir -p web/dist && touch web/dist/index.html web/dist/style.css web/dist/app.js
+COPY --from=web-builder /web/dist/ web/dist/
 RUN make fmt-check
 RUN make lint

--- a/README.md
+++ b/README.md
@@ -1374,16 +1374,14 @@ Return server metadata. No authentication required.
 ```json
 {
  "name": "My NeoIRC Server",
-  "version": "0.1.0",
  "motd": "Welcome! Be nice.",
  "users": 42
 }
 ```

 | Field   | Type    | Description |
-|-----------|---------|-------------|
+|---------|---------|-------------|
 | `name`  | string  | Server display name |
-| `version` | string  | Server version |
 | `motd`  | string  | Message of the day |
 | `users` | integer | Number of currently active user sessions |

@@ -1852,16 +1850,26 @@ docker run -p 8080:8080 \
  neoirc
 ```

-The Dockerfile is a four-stage build:
-1. **web-builder**: Installs Node dependencies and compiles the SPA (JSX →
-   bundled JS via esbuild) into `web/dist/`
-2. **lint**: Runs formatting checks and golangci-lint against the Go source
-   (uses empty placeholder files for `web/dist/` so it runs independently of
-   web-builder for fast feedback)
-3. **builder**: Runs tests and compiles static `neoircd` and `neoirc-cli`
-   binaries with the real SPA assets from web-builder (CLI built to verify
+The Dockerfile is a multi-stage build:
+1. **Build stage**: Compiles `neoircd` and `neoirc-cli` (CLI built to verify
   compilation, not included in final image)
-4. **final**: Minimal Alpine image with only the `neoircd` binary
+2. **Final stage**: Alpine Linux + `neoircd` binary only
+
+```dockerfile
+FROM golang:1.24-alpine AS builder
+WORKDIR /src
+RUN apk add --no-cache make
+COPY go.mod go.sum ./
+RUN go mod download
+COPY . .
+RUN go build -o /neoircd ./cmd/neoircd/
+RUN go build -o /neoirc-cli ./cmd/neoirc-cli/
+
+FROM alpine:latest
+COPY --from=builder /neoircd /usr/local/bin/neoircd
+EXPOSE 8080
+CMD ["neoircd"]
+```

 ### Binary

@@ -2310,14 +2318,10 @@ neoirc/
 │       └── http.go         # HTTP timeouts
 ├── web/
 │   ├── embed.go            # go:embed directive for SPA
-│   ├── build.sh            # SPA build script (esbuild, runs in Docker)
-│   ├── package.json        # Node dependencies (preact, esbuild)
-│   ├── package-lock.json
-│   ├── src/                # SPA source files (JSX + HTML + CSS)
-│   │   ├── app.jsx
-│   │   ├── index.html
-│   │   └── style.css
-│   └── dist/               # Generated at Docker build time (not committed)
+│   └── dist/               # Built SPA (vanilla JS, no build step)
+│       ├── index.html
+│       ├── style.css
+│       └── app.js
 ├── schema/                 # JSON Schema definitions (planned)
 ├── go.mod
 ├── go.sum
--- a/internal/handlers/api.go
+++ b/internal/handlers/api.go
@@ -2393,7 +2393,6 @@ func (hdlr *Handlers) HandleServerInfo() http.HandlerFunc {

 		hdlr.respondJSON(writer, request, map[string]any{
 			"name":  hdlr.params.Config.ServerName,
-			"version": hdlr.params.Globals.Version,
 			"motd":  hdlr.params.Config.MOTD,
 			"users": users,
 		}, http.StatusOK)
--- a/internal/server/routes.go
+++ b/internal/server/routes.go
@@ -16,11 +16,6 @@ import (

 const routeTimeout = 60 * time.Second

-// cspHeader is the Content-Security-Policy applied to the embedded web SPA.
-// The SPA loads external scripts and stylesheets from the same origin only;
-// all API communication uses same-origin fetch (no WebSockets).
-const cspHeader = "default-src 'self'; script-src 'self'; style-src 'self'"
-
 // SetupRoutes configures the HTTP routes and middleware.
 func (srv *Server) SetupRoutes() {
 	srv.router = chi.NewRouter()
@@ -138,11 +133,6 @@ func (srv *Server) setupSPA() {
 		writer http.ResponseWriter,
 		request *http.Request,
 	) {
-		writer.Header().Set(
-			"Content-Security-Policy",
-			cspHeader,
-		)
-
 		readFS, ok := distFS.(fs.ReadFileFS)
 		if !ok {
 			fileServer.ServeHTTP(writer, request)
Author	SHA1	Message	Date
user	4b2888cb90	fix: remove build artifacts from repo, build SPA in Docker All checks were successful check / check (push) Successful in 4s Details - Remove web/dist/ from git tracking (build output) - Add web/dist/ to .gitignore - Add Node.js web-builder stage to Dockerfile to compile SPA at build time - Update REPO_POLICIES.md from upstream sneak/prompts (build artifacts policy)	2026-03-09 17:25:49 -07:00
clawbot	78d657111b	Rename replay → initChannelState All checks were successful check / check (push) Successful in 2m20s Details Rename the query parameter, function, and all related comments from 'replay' to 'initChannelState' to better reflect the semantics: the server initializes channel state for the reconnecting client rather than replaying past events.	2026-03-09 17:00:56 -07:00
user	096fb2b207	docs: document ?replay=1 query parameter for GET /state	2026-03-09 17:00:56 -07:00
user	737686006e	fix: replay channel state on SPA reconnect When a client reconnects to an existing session (e.g. browser tab closed and reopened), the server now enqueues synthetic JOIN messages plus TOPIC/NAMES numerics for every channel the session belongs to. These are delivered only to the reconnecting client, not broadcast to other users. Server changes: - Add replayChannelState() to handlers that enqueues per-channel JOIN + join-numerics (332/353/366) to a specific client. - HandleState accepts ?replay=1 query parameter to trigger replay. - HandleLogin (password auth) also replays channel state for the new client since it creates a fresh client for an existing session. SPA changes: - On resume, call /state?replay=1 instead of /state so the server enqueues channel state into the message queue. - processMessage now creates channel tabs when receiving a JOIN where msg.from matches the current nick (handles both live joins and replayed joins on reconnect). - onLogin no longer re-sends JOIN commands for saved channels on resume — the server handles it via the replay mechanism, avoiding spurious JOIN broadcasts to other channel members. Closes #60	2026-03-09 17:00:56 -07:00