consolidate appname to internal/globals as a constant

The appname was redundantly defined in both cmd/pixad/main.go and
internal/globals/globals.go. Since it is always "pixad" and is not
actually set via ldflags (only Version is), define it once as an
unexported constant in globals.go and remove it from main.go.

Dockerfile

@@ -1,32 +1,31 @@
-# Lint stage — fast feedback on formatting and lint issues
+# Lint stage
-# golangci/golangci-lint:v2.10.1, 2026-03-01
+# golangci/golangci-lint:v2.10.1-alpine, 2026-02-17
-FROM golangci/golangci-lint@sha256:ea84d14c2fef724411be7dc45e09e6ef721d748315252b02df19a7e3113ee763 AS lint
+FROM golangci/golangci-lint:v2.10.1-alpine@sha256:33bc6b6156d4c7da87175f187090019769903d04dd408833b83083ed214b0ddf AS lint
 
-# Install CGO dependencies needed for static analysis of vips/libheif code
+RUN apk add --no-cache make build-base vips-dev libheif-dev pkgconfig
-RUN apt-get update && apt-get install -y --no-install-recommends \
-    libvips-dev \
-    libheif-dev \
-    pkg-config \
-    && rm -rf /var/lib/apt/lists/*
 
 WORKDIR /src
+
+# Copy go mod files first for better layer caching
 COPY go.mod go.sum ./
 RUN go mod download
 
+# Copy source code
 COPY . .
 
+# Run formatting check and linter
 RUN make fmt-check
 RUN make lint
 
-# Build stage — tests and compilation
+# Build stage
 # golang:1.25.4-alpine, 2026-02-25
 FROM golang:1.25.4-alpine@sha256:d3f0cf7723f3429e3f9ed846243970b20a2de7bae6a5b66fc5914e228d831bbb AS builder
 
-ARG VERSION=dev
+# Depend on lint stage passing
-
-# Force BuildKit to run the lint stage by creating a stage dependency
 COPY --from=lint /src/go.sum /dev/null
 
+ARG VERSION=dev
+
 # Install build dependencies for CGO image libraries
 RUN apk add --no-cache \
     build-base \

TODO.md

@@ -6,7 +6,7 @@ Remaining tasks sorted by priority for a working 1.0 release.
 
 ### Image Processing
 - [x] Add WebP encoding support (currently returns error)
-- [ ] Add AVIF encoding support (currently returns error)
+- [x] Add AVIF encoding support (implemented via govips)
 
 ### Manual Testing (verify auth/encrypted URLs work)
 - [ ] Manual test: visit `/`, see login form

cmd/pixad/main.go

@@ -17,10 +17,7 @@ import (
 	"sneak.berlin/go/pixa/internal/server"
 )
 
-var (
+var Version string //nolint:gochecknoglobals // set by ldflags
-	Appname = "pixad" //nolint:gochecknoglobals // set by ldflags
-	Version string    //nolint:gochecknoglobals // set by ldflags
-)
 
 var configPath string //nolint:gochecknoglobals // cobra flag
 
@@ -40,7 +37,6 @@ func main() {
 }
 
 func run(_ *cobra.Command, _ []string) {
-	globals.Appname = Appname
 	globals.Version = Version
 
 	// Set config path in environment if specified via flag

internal/globals/globals.go

@@ -5,11 +5,10 @@ import (
 	"go.uber.org/fx"
 )
 
-// Build-time variables populated from main() via ldflags.
+const appname = "pixad"
-var (
+
-	Appname string //nolint:gochecknoglobals // set from main
+// Version is populated from main() via ldflags.
-	Version string //nolint:gochecknoglobals // set from main
+var Version string //nolint:gochecknoglobals // set from main
-)
 
 // Globals holds application-wide constants.
 type Globals struct {
@@ -20,7 +19,7 @@ type Globals struct {
 // New creates a new Globals instance from build-time variables.
 func New(_ fx.Lifecycle) (*Globals, error) {
 	return &Globals{
-		Appname: Appname,
+		Appname: appname,
 		Version: Version,
 	}, nil
 }

scripts/manual-test.sh

@@ -48,7 +48,7 @@ fi
 
 # Test 3: Wrong password shows error
 echo "--- Test 3: Login with wrong password ---"
-WRONG_LOGIN=$(curl -sf -X POST "$BASE_URL/" -d "password=wrong-key" -c "$COOKIE_JAR")
+WRONG_LOGIN=$(curl -sf -X POST "$BASE_URL/" -d "key=wrong-key" -c "$COOKIE_JAR")
 if echo "$WRONG_LOGIN" | grep -qi "invalid\|error\|incorrect\|wrong"; then
     pass "Wrong password shows error message"
 else
@@ -57,7 +57,7 @@ fi
 
 # Test 4: Correct password redirects to generator
 echo "--- Test 4: Login with correct signing key ---"
-curl -sf -X POST "$BASE_URL/" -d "password=$SIGNING_KEY" -c "$COOKIE_JAR" -b "$COOKIE_JAR" -L -o /dev/null
+curl -sf -X POST "$BASE_URL/" -d "key=$SIGNING_KEY" -c "$COOKIE_JAR" -b "$COOKIE_JAR" -L -o /dev/null
 GENERATOR_PAGE=$(curl -sf "$BASE_URL/" -b "$COOKIE_JAR")
 if echo "$GENERATOR_PAGE" | grep -qi "generate\|url\|source\|logout"; then
     pass "Correct password shows generator page"
@@ -68,12 +68,12 @@ fi
 # Test 5: Generate encrypted URL
 echo "--- Test 5: Generate encrypted URL ---"
 GEN_RESULT=$(curl -sf -X POST "$BASE_URL/generate" -b "$COOKIE_JAR" \
-    -d "source_url=$TEST_IMAGE_URL" \
+    -d "url=$TEST_IMAGE_URL" \
     -d "width=800" \
     -d "height=600" \
     -d "format=jpeg" \
     -d "quality=85" \
-    -d "fit_mode=cover" \
+    -d "fit=cover" \
     -d "ttl=3600")
 if echo "$GEN_RESULT" | grep -q "/v1/e/"; then
     pass "Encrypted URL generated"
@@ -121,10 +121,10 @@ fi
 # Test 9: Generate short-TTL URL and verify expiration
 echo "--- Test 9: Expired URL returns 410 ---"
 # Login again
-curl -sf -X POST "$BASE_URL/" -d "password=$SIGNING_KEY" -c "$COOKIE_JAR" -b "$COOKIE_JAR" -L -o /dev/null
+curl -sf -X POST "$BASE_URL/" -d "key=$SIGNING_KEY" -c "$COOKIE_JAR" -b "$COOKIE_JAR" -L -o /dev/null
 # Generate URL with 1 second TTL
 GEN_RESULT=$(curl -sf -X POST "$BASE_URL/generate" -b "$COOKIE_JAR" \
-    -d "source_url=$TEST_IMAGE_URL" \
+    -d "url=$TEST_IMAGE_URL" \
     -d "width=100" \
     -d "height=100" \
     -d "format=jpeg" \