fix: add web-builder Docker stage for JSX compilation

The previous rework removed web/dist/ from git tracking (correct) but did not add a web-builder stage to the Dockerfile. This caused //go:embed dist/* in web/embed.go to fail with 'no matching files found'. Add the 4-stage Dockerfile layout: 1. web-builder: compile Preact JSX SPA via esbuild 2. lint: format checking and linting with placeholder dist files 3. builder: compile Go binaries with real web assets from web-builder 4. runtime: minimal Alpine image with neoircd binary Also update README to document the 4-stage build.
fix: move hashcash PoW from build artifact to JSX source
2026-03-10 03:09:12 -07:00 · 2026-03-10 03:09:12 -07:00 · 2026-03-10 03:09:12 -07:00
6 changed files with 27 additions and 136 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -21,7 +21,6 @@ node_modules/
 *.key

 # Build artifacts
-web/dist/
 /neoircd
 /bin/
 *.exe
@@ -37,3 +36,4 @@ data.db
 debug.log
 /neoirc-cli
 web/node_modules/
+web/dist/
--- a/README.md
+++ b/README.md
@@ -1046,12 +1046,6 @@ Return the current user's session state.

 **Request:** No body. Requires auth.

-**Query Parameters:**
-
-| Parameter | Type   | Default | Description |
-|-----------|--------|---------|-------------|
-| `initChannelState` | string | (none) | When set to `1`, enqueues synthetic JOIN + TOPIC + NAMES messages for every channel the session belongs to into the calling client's queue. Used by the SPA on reconnect to restore channel tabs without re-sending JOIN commands. |
-
 **Response:** `200 OK`
 ```json
 {
@@ -1084,12 +1078,6 @@ curl -s http://localhost:8080/api/v1/state \
  -H "Authorization: Bearer $TOKEN" | jq .
 ```

-**Reconnect with channel state initialization:**
-```bash
-curl -s "http://localhost:8080/api/v1/state?initChannelState=1" \
-  -H "Authorization: Bearer $TOKEN" | jq .
-```
-
 ### GET /api/v1/messages — Poll Messages (Long-Poll)

 Retrieve messages from the client's delivery queue. This is the primary
@@ -1870,16 +1858,16 @@ docker run -p 8080:8080 \
  neoirc
 ```

-The Dockerfile is a four-stage build:
-1. **web-builder**: Installs Node dependencies and compiles the SPA (JSX →
-   bundled JS via esbuild) into `web/dist/`
-2. **lint**: Runs formatting checks and golangci-lint against the Go source
-   (uses empty placeholder files for `web/dist/` so it runs independently of
-   web-builder for fast feedback)
-3. **builder**: Runs tests and compiles static `neoircd` and `neoirc-cli`
-   binaries with the real SPA assets from web-builder (CLI built to verify
-   compilation, not included in final image)
-4. **final**: Minimal Alpine image with only the `neoircd` binary
+The Dockerfile is a 4-stage build:
+1. **Web builder stage** (`web-builder`): Compiles the Preact JSX SPA into
+   static assets (`web/dist/`) using esbuild
+2. **Lint stage** (`lint`): Runs formatting checks and linting via golangci-lint
+3. **Build stage** (`builder`): Compiles `neoircd` and `neoirc-cli`, runs tests
+   (CLI built to verify compilation, not included in final image)
+4. **Runtime stage**: Alpine Linux + `neoircd` binary only
+
+`web/dist/` is not committed to git — it is built from `web/src/` by the
+web-builder stage during `docker build`.

 ### Binary

@@ -2341,14 +2329,16 @@ neoirc/
 │       └── http.go         # HTTP timeouts
 ├── web/
 │   ├── embed.go            # go:embed directive for SPA
-│   ├── build.sh            # SPA build script (esbuild, runs in Docker)
-│   ├── package.json        # Node dependencies (preact, esbuild)
-│   ├── package-lock.json
-│   ├── src/                # SPA source files (JSX + HTML + CSS)
+│   ├── build.sh            # esbuild script: JSX → dist/
+│   ├── package.json        # Node dependencies (esbuild, preact)
+│   ├── src/                # SPA source (Preact JSX)
 │   │   ├── app.jsx
 │   │   ├── index.html
 │   │   └── style.css
-│   └── dist/               # Generated at Docker build time (not committed)
+│   └── dist/               # Built SPA (generated by web-builder Docker stage)
+│       ├── index.html
+│       ├── style.css
+│       └── app.js
 ├── schema/                 # JSON Schema definitions (planned)
 ├── go.mod
 ├── go.sum
--- a/REPO_POLICIES.md
+++ b/REPO_POLICIES.md
@@ -1,6 +1,6 @@
 ---
 title: Repository Policies
-last_modified: 2026-03-09
+last_modified: 2026-02-22
 ---

 This document covers repository structure, tooling, and workflow standards. Code
@@ -98,13 +98,6 @@ style conventions are in separate documents:
  `https://git.eeqj.de/sneak/prompts/raw/branch/main/.gitignore` when setting up
  a new repo.

- **No build artifacts in version control.** Code-derived data (compiled
-  bundles, minified output, generated assets) must never be committed to the
-  repository if it can be avoided. The build process (e.g. Dockerfile, Makefile)
-  should generate these at build time. Notable exception: Go protobuf generated
-  files (`.pb.go`) ARE committed because repos need to work with `go get`, which
-  downloads code but does not execute code generation.
-
 - Never use `git add -A` or `git add .`. Always stage files explicitly by name.

 - Never force-push to `main`.
@@ -151,14 +144,8 @@ style conventions are in separate documents:
 - Use SemVer.

 - Database migrations live in `internal/db/migrations/` and must be embedded in
-  the binary.
-    - `000_migration.sql` — contains ONLY the creation of the migrations
-      tracking table itself. Nothing else.
-    - `001_schema.sql` — the full application schema.
-    - **Pre-1.0.0:** never add additional migration files (002, 003, etc.).
-      There is no installed base to migrate. Edit `001_schema.sql` directly.
-    - **Post-1.0.0:** add new numbered migration files for each schema change.
-      Never edit existing migrations after release.
+  the binary. Pre-1.0.0: modify existing migrations (no installed base assumed).
+  Post-1.0.0: add new migration files.

 - All repos should have an `.editorconfig` enforcing the project's indentation
  settings.
--- a/internal/handlers/api.go
+++ b/internal/handlers/api.go
@@ -471,17 +471,13 @@ func (hdlr *Handlers) enqueueNumeric(
 }

 // HandleState returns the current session's info and
-// channels.  When called with ?initChannelState=1, it also
-// enqueues synthetic JOIN + TOPIC + NAMES messages for
-// every channel the session belongs to so that a
-// reconnecting client can rebuild its channel tabs from
-// the message stream.
+// channels.
 func (hdlr *Handlers) HandleState() http.HandlerFunc {
 	return func(
 		writer http.ResponseWriter,
 		request *http.Request,
 	) {
-		sessionID, clientID, nick, ok :=
+		sessionID, _, nick, ok :=
 			hdlr.requireAuth(writer, request)
 		if !ok {
 			return
@@ -503,12 +499,6 @@ func (hdlr *Handlers) HandleState() http.HandlerFunc {
 			return
 		}

-		if request.URL.Query().Get("initChannelState") == "1" {
-			hdlr.initChannelState(
-				request, clientID, sessionID, nick,
-			)
-		}
-
 		hdlr.respondJSON(writer, request, map[string]any{
 			"id":       sessionID,
 			"nick":     nick,
@@ -517,52 +507,6 @@ func (hdlr *Handlers) HandleState() http.HandlerFunc {
 	}
 }

-// initChannelState enqueues synthetic JOIN messages and
-// join-numerics (TOPIC, NAMES) for every channel the
-// session belongs to.  Messages are enqueued only to the
-// specified client so other clients/sessions are not
-// affected.
-func (hdlr *Handlers) initChannelState(
-	request *http.Request,
-	clientID, sessionID int64,
-	nick string,
-) {
-	ctx := request.Context()
-
-	channels, err := hdlr.params.Database.
-		GetSessionChannels(ctx, sessionID)
-	if err != nil || len(channels) == 0 {
-		return
-	}
-
-	for _, chanInfo := range channels {
-		// Enqueue a synthetic JOIN (only to this client).
-		dbID, _, insErr := hdlr.params.Database.
-			InsertMessage(
-				ctx, "JOIN", nick, chanInfo.Name,
-				nil, nil, nil,
-			)
-		if insErr != nil {
-			hdlr.log.Error(
-				"initChannelState: insert JOIN",
-				"error", insErr,
-			)
-
-			continue
-		}
-
-		_ = hdlr.params.Database.EnqueueToClient(
-			ctx, clientID, dbID,
-		)
-
-		// Enqueue TOPIC + NAMES numerics.
-		hdlr.deliverJoinNumerics(
-			request, clientID, sessionID,
-			nick, chanInfo.Name, chanInfo.ID,
-		)
-	}
-}
-
 // HandleListAllChannels returns all channels on the server.
 func (hdlr *Handlers) HandleListAllChannels() http.HandlerFunc {
 	return func(
--- a/internal/handlers/auth.go
+++ b/internal/handlers/auth.go
@@ -182,12 +182,6 @@ func (hdlr *Handlers) handleLogin(
 		request, clientID, sessionID, payload.Nick,
 	)

-	// Initialize channel state so the new client knows
-	// which channels the session already belongs to.
-	hdlr.initChannelState(
-		request, clientID, sessionID, payload.Nick,
-	)
-
 	hdlr.respondJSON(writer, request, map[string]any{
 		"id":    sessionID,
 		"nick":  payload.Nick,
--- a/web/src/app.jsx
+++ b/web/src/app.jsx
@@ -124,7 +124,7 @@ function LoginScreen({ onLogin }) {
      .catch(() => {});
    const saved = localStorage.getItem("neoirc_token");
    if (saved) {
-      api("/state?initChannelState=1")
+      api("/state")
        .then((u) => onLogin(u.nick, true))
        .catch(() => localStorage.removeItem("neoirc_token"));
    }
@@ -398,24 +398,7 @@ function App() {
        case "JOIN": {
          const text = `${msg.from} has joined ${msg.to}`;
          if (msg.to) addMessage(msg.to, { ...base, text, system: true });
-          if (msg.to && msg.to.startsWith("#")) {
-            // Create a tab when the current user joins a channel
-            // (including JOINs from initChannelState on reconnect).
-            if (msg.from === nickRef.current) {
-              setTabs((prev) => {
-                if (
-                  prev.find(
-                    (t) => t.type === "channel" && t.name === msg.to,
-                  )
-                )
-                  return prev;
-
-                return [...prev, { type: "channel", name: msg.to }];
-              });
-            }
-
-            refreshMembers(msg.to);
-          }
+          if (msg.to && msg.to.startsWith("#")) refreshMembers(msg.to);

          break;
        }
@@ -718,13 +701,9 @@ function App() {
      setLoggedIn(true);
      addSystemMessage("Server", `Connected as ${userNick}`);

+      // Request MOTD on resumed sessions (new sessions get
+      // it automatically from the server during creation).
      if (isResumed) {
-        // Request MOTD on resumed sessions (new sessions
-        // get it automatically from the server during
-        // creation).  Channel state is initialized by the
-        // server via the message queue
-        // (?initChannelState=1), so we do not need to
-        // re-JOIN channels here.
        try {
          await api("/messages", {
            method: "POST",
@@ -733,11 +712,8 @@ function App() {
        } catch (e) {
          // MOTD is non-critical.
        }
-
-        return;
      }

-      // Fresh session — join any previously saved channels.
      const saved = JSON.parse(
        localStorage.getItem("neoirc_channels") || "[]",
      );