+137

CLAUDE.md

··· 488 488 489 489 **Why this matters:** The plan document and Linear can drift from reality as code evolves. Regular synchronization prevents rediscovering completed work and ensures accurate project status. 490 490 491 491 + ## Bruno API Collections 492 492 + 493 493 + **CRITICAL: Keep Bruno collections synchronized with API changes.** 494 494 + 495 495 + The `bruno/` directory contains [Bruno](https://www.usebruno.com/) collections that serve dual purpose: 496 496 + 1. **Interactive API testing** during development 497 497 + 2. **Version-controlled API documentation** that stays in sync with code 498 498 + 499 499 + ### When to Update Bruno Collections 500 500 + 501 501 + **When adding a new API endpoint:** 502 502 + 1. Create a new `.bru` file in the appropriate `bruno/AppView API/` subdirectory 503 503 + 2. Follow the naming pattern: use descriptive names like `Create Topic.bru`, `Get Forum Metadata.bru` 504 504 + 3. Include all request details: method, URL with variables, headers, body (if POST/PUT) 505 505 + 4. Add comprehensive documentation in the `docs` block explaining: 506 506 + - Required/optional parameters 507 507 + - Expected response format with example 508 508 + - All possible error codes (400, 401, 404, 500, 503) 509 509 + - Authentication requirements 510 510 + - Validation rules 511 511 + 5. Add assertions to validate responses automatically 512 512 + 513 513 + **When modifying an existing endpoint:** 514 514 + 1. Update the corresponding `.bru` file in `bruno/AppView API/` 515 515 + 2. Update parameter descriptions if inputs changed 516 516 + 3. Update response documentation if output format changed 517 517 + 4. Update error documentation if new error cases added 518 518 + 5. Update assertions if validation logic changed 519 519 + 520 520 + **When removing an endpoint:** 521 521 + 1. Delete the corresponding `.bru` file 522 522 + 2. Update `bruno/README.md` if it referenced the removed endpoint 523 523 + 524 524 + **When adding new environment variables:** 525 525 + 1. Update `bruno/environments/local.bru` with local development values 526 526 + 2. Update `bruno/environments/dev.bru` with deployment values 527 527 + 3. Document the variable in `bruno/README.md` under "Environment Variables Reference" 528 528 + 529 529 + ### Bruno File Template 530 530 + 531 531 + When creating new `.bru` files, follow this template: 532 532 + 533 533 + ```bru 534 534 + meta { 535 535 + name: Endpoint Name 536 536 + type: http 537 537 + seq: 1 538 538 + } 539 539 + 540 540 + get { 541 541 + url: {{appview_url}}/api/path 542 542 + } 543 543 + 544 544 + params:query { 545 545 + param1: {{variable}} 546 546 + } 547 547 + 548 548 + headers { 549 549 + Content-Type: application/json 550 550 + } 551 551 + 552 552 + body:json { 553 553 + { 554 554 + "field": "value" 555 555 + } 556 556 + } 557 557 + 558 558 + assert { 559 559 + res.status: eq 200 560 560 + res.body.field: isDefined 561 561 + } 562 562 + 563 563 + docs { 564 564 + Brief description of what this endpoint does. 565 565 + 566 566 + Path/query/body params: 567 567 + - param1: Description (type, required/optional) 568 568 + 569 569 + Returns: 570 570 + { 571 571 + "field": "value" 572 572 + } 573 573 + 574 574 + Error codes: 575 575 + - 400: Bad request (invalid input) 576 576 + - 401: Unauthorized (requires auth) 577 577 + - 404: Not found 578 578 + - 500: Server error 579 579 + 580 580 + Notes: 581 581 + - Any special considerations or validation rules 582 582 + } 583 583 + ``` 584 584 + 585 585 + ### Workflow Integration 586 586 + 587 587 + **When committing API changes, update Bruno collections in the SAME commit:** 588 588 + 589 589 + ```sh 590 590 + # Example: Adding a new endpoint 591 591 + git add apps/appview/src/routes/my-route.ts 592 592 + git add apps/appview/src/routes/__tests__/my-route.test.ts 593 593 + git add bruno/AppView\ API/MyRoute/New\ Endpoint.bru 594 594 + git commit -m "feat: add new endpoint for X 595 595 + 596 596 + - Implements POST /api/my-endpoint 597 597 + - Adds validation for Y 598 598 + - Updates Bruno collection with request documentation" 599 599 + ``` 600 600 + 601 601 + **Why commit together:** Bruno collections are API documentation. Keeping them in the same commit ensures the documentation is never out of sync with the implementation. 602 602 + 603 603 + ### Testing Bruno Collections 604 604 + 605 605 + Before committing: 606 606 + 1. Open the collection in Bruno 607 607 + 2. Test each modified request against your local dev server (`pnpm dev`) 608 608 + 3. Verify assertions pass (green checkmarks) 609 609 + 4. Verify documentation is accurate and complete 610 610 + 5. Check that error scenarios are documented (not just happy path) 611 611 + 612 612 + ### Common Mistakes 613 613 + 614 614 + **DON'T:** 615 615 + - Commit API changes without updating Bruno collections 616 616 + - Use hardcoded URLs instead of environment variables (`{{appview_url}}`) 617 617 + - Skip documenting error cases (only document 200 responses) 618 618 + - Leave placeholder/example data that doesn't match actual API behavior 619 619 + - Forget to update assertions when response format changes 620 620 + 621 621 + **DO:** 622 622 + - Update Bruno files in the same commit as route implementation 623 623 + - Use environment variables for all URLs and test data 624 624 + - Document all HTTP status codes the endpoint can return 625 625 + - Include example request/response bodies that match actual behavior 626 626 + - Test requests locally before committing 627 627 + 491 628 ## Git Conventions 492 629 493 630 - Do not include `Co-Authored-By` lines in commit messages.

+5

bruno/.gitignore

··· 1 1 + # Bruno local state 2 2 + .bruno/ 3 3 + 4 4 + # Environment files with secrets (if needed) 5 5 + # environments/local.bru

+23

bruno/AppView API/Auth/Check Session.bru

··· 1 1 + meta { 2 2 + name: Check Session 3 3 + type: http 4 4 + seq: 2 5 5 + } 6 6 + 7 7 + get { 8 8 + url: {{appview_url}}/api/auth/session 9 9 + } 10 10 + 11 11 + docs { 12 12 + Check current authentication status. 13 13 + 14 14 + Returns 401 if not authenticated. 15 15 + Returns 200 with session info if authenticated: 16 16 + { 17 17 + "authenticated": true, 18 18 + "did": "did:plc:...", 19 19 + "sub": "..." 20 20 + } 21 21 + 22 22 + Requires valid session cookie (atbb_session). 23 23 + }

+28

bruno/AppView API/Auth/Login.bru

··· 1 1 + meta { 2 2 + name: Login 3 3 + type: http 4 4 + seq: 1 5 5 + } 6 6 + 7 7 + get { 8 8 + url: {{appview_url}}/api/auth/login?handle={{user_handle}} 9 9 + } 10 10 + 11 11 + params:query { 12 12 + handle: {{user_handle}} 13 13 + } 14 14 + 15 15 + docs { 16 16 + Initiate OAuth login flow. 17 17 + 18 18 + The server will: 19 19 + 1. Resolve the handle to a DID and PDS 20 20 + 2. Generate PKCE challenge 21 21 + 3. Redirect to the user's PDS for authorization 22 22 + 23 23 + Required query param: 24 24 + - handle: User's AT Protocol handle (e.g., user.bsky.social) 25 25 + 26 26 + Note: This will redirect to the PDS, so you'll need to follow the OAuth flow 27 27 + in a browser to complete authentication. 28 28 + }

+21

bruno/AppView API/Auth/Logout.bru

··· 1 1 + meta { 2 2 + name: Logout 3 3 + type: http 4 4 + seq: 3 5 5 + } 6 6 + 7 7 + get { 8 8 + url: {{appview_url}}/api/auth/logout 9 9 + } 10 10 + 11 11 + docs { 12 12 + Clear session and revoke OAuth tokens. 13 13 + 14 14 + This will: 15 15 + 1. Revoke tokens at the user's PDS 16 16 + 2. Delete the server-side session 17 17 + 3. Clear the session cookie 18 18 + 19 19 + Optional query param: 20 20 + - redirect: Relative path to redirect to after logout (e.g., /) 21 21 + }

+37

bruno/AppView API/Categories/List Categories.bru

··· 1 1 + meta { 2 2 + name: List Categories 3 3 + type: http 4 4 + seq: 1 5 5 + } 6 6 + 7 7 + get { 8 8 + url: {{appview_url}}/api/categories 9 9 + } 10 10 + 11 11 + assert { 12 12 + res.status: eq 200 13 13 + res.body.categories: isArray 14 14 + } 15 15 + 16 16 + docs { 17 17 + List all forum categories, ordered by sortOrder. 18 18 + 19 19 + Returns: 20 20 + { 21 21 + "categories": [ 22 22 + { 23 23 + "id": "1", 24 24 + "did": "did:plc:...", 25 25 + "name": "General", 26 26 + "description": "General discussion", 27 27 + "slug": "general", 28 28 + "sortOrder": 0, 29 29 + "forumId": "1", 30 30 + "createdAt": "2024-01-01T00:00:00.000Z", 31 31 + "indexedAt": "2024-01-01T00:00:00.000Z" 32 32 + } 33 33 + ] 34 34 + } 35 35 + 36 36 + Maximum 1000 categories returned (defensive limit). 37 37 + }

+30

bruno/AppView API/Forum/Get Forum Metadata.bru

··· 1 1 + meta { 2 2 + name: Get Forum Metadata 3 3 + type: http 4 4 + seq: 1 5 5 + } 6 6 + 7 7 + get { 8 8 + url: {{appview_url}}/api/forum 9 9 + } 10 10 + 11 11 + assert { 12 12 + res.status: eq 200 13 13 + res.body.did: isDefined 14 14 + res.body.name: isDefined 15 15 + } 16 16 + 17 17 + docs { 18 18 + Retrieve forum metadata (singleton record). 19 19 + 20 20 + Returns: 21 21 + { 22 22 + "id": "1", 23 23 + "did": "did:plc:...", 24 24 + "name": "Forum Name", 25 25 + "description": "Forum description", 26 26 + "indexedAt": "2024-01-01T00:00:00.000Z" 27 27 + } 28 28 + 29 29 + Returns 404 if forum has not been initialized. 30 30 + }

+14

bruno/AppView API/Health/Check Health.bru

··· 1 1 + meta { 2 2 + name: Check Health 3 3 + type: http 4 4 + seq: 1 5 5 + } 6 6 + 7 7 + get { 8 8 + url: {{appview_url}}/api/healthz 9 9 + } 10 10 + 11 11 + docs { 12 12 + Simple health check endpoint for monitoring. 13 13 + Returns 200 OK if the service is running. 14 14 + }

+59

bruno/AppView API/Posts/Create Reply.bru

··· 1 1 + meta { 2 2 + name: Create Reply 3 3 + type: http 4 4 + seq: 1 5 5 + } 6 6 + 7 7 + post { 8 8 + url: {{appview_url}}/api/posts 9 9 + } 10 10 + 11 11 + headers { 12 12 + Content-Type: application/json 13 13 + } 14 14 + 15 15 + body:json { 16 16 + { 17 17 + "text": "This is a reply", 18 18 + "rootPostId": "1", 19 19 + "parentPostId": "1" 20 20 + } 21 21 + } 22 22 + 23 23 + assert { 24 24 + res.status: eq 201 25 25 + res.body.uri: isDefined 26 26 + res.body.cid: isDefined 27 27 + res.body.rkey: isDefined 28 28 + } 29 29 + 30 30 + docs { 31 31 + Create a reply to an existing post. 32 32 + 33 33 + Required body: 34 34 + { 35 35 + "text": "Reply text (1-10000 chars, trimmed)", 36 36 + "rootPostId": "1", // Topic (thread starter) ID 37 37 + "parentPostId": "1" // Direct parent post ID (can be same as rootPostId) 38 38 + } 39 39 + 40 40 + Returns: 41 41 + { 42 42 + "uri": "at://did:plc:.../space.atbb.post/...", 43 43 + "cid": "...", 44 44 + "rkey": "..." 45 45 + } 46 46 + 47 47 + Requires authentication (valid session cookie). 48 48 + 49 49 + Validation: 50 50 + - Both rootPostId and parentPostId must exist 51 51 + - Parent must belong to the same thread (parent.rootPostId == rootPostId OR parent is root) 52 52 + - Root post must have a forum reference 53 53 + 54 54 + Returns 400 for invalid input or validation failures. 55 55 + Returns 401 if not authenticated. 56 56 + Returns 404 if root or parent post not found. 57 57 + Returns 503 if PDS unreachable (network error). 58 58 + Returns 500 for server errors. 59 59 + }

+52

bruno/AppView API/Topics/Create Topic.bru

··· 1 1 + meta { 2 2 + name: Create Topic 3 3 + type: http 4 4 + seq: 2 5 5 + } 6 6 + 7 7 + post { 8 8 + url: {{appview_url}}/api/topics 9 9 + } 10 10 + 11 11 + headers { 12 12 + Content-Type: application/json 13 13 + } 14 14 + 15 15 + body:json { 16 16 + { 17 17 + "text": "This is a new topic", 18 18 + "forumUri": "at://{{forum_did}}/space.atbb.forum.forum/self" 19 19 + } 20 20 + } 21 21 + 22 22 + assert { 23 23 + res.status: eq 201 24 24 + res.body.uri: isDefined 25 25 + res.body.cid: isDefined 26 26 + res.body.rkey: isDefined 27 27 + } 28 28 + 29 29 + docs { 30 30 + Create a new topic (thread starter post). 31 31 + 32 32 + Required body: 33 33 + { 34 34 + "text": "Post text (1-10000 chars, trimmed)", 35 35 + "forumUri": "at://did:plc:.../space.atbb.forum.forum/self" (optional, defaults to singleton forum) 36 36 + } 37 37 + 38 38 + Returns: 39 39 + { 40 40 + "uri": "at://did:plc:.../space.atbb.post/...", 41 41 + "cid": "...", 42 42 + "rkey": "..." 43 43 + } 44 44 + 45 45 + Requires authentication (valid session cookie). 46 46 + 47 47 + Returns 400 for invalid text. 48 48 + Returns 401 if not authenticated. 49 49 + Returns 404 if forum not found. 50 50 + Returns 503 if PDS unreachable (network error). 51 51 + Returns 500 for server errors. 52 52 + }

+62

bruno/AppView API/Topics/Get Topic.bru

··· 1 1 + meta { 2 2 + name: Get Topic 3 3 + type: http 4 4 + seq: 1 5 5 + } 6 6 + 7 7 + get { 8 8 + url: {{appview_url}}/api/topics/{{topic_id}} 9 9 + } 10 10 + 11 11 + params:path { 12 12 + topic_id: 1 13 13 + } 14 14 + 15 15 + assert { 16 16 + res.status: eq 200 17 17 + res.body.topicId: isDefined 18 18 + res.body.post: isDefined 19 19 + res.body.replies: isArray 20 20 + } 21 21 + 22 22 + docs { 23 23 + Get a topic (thread starter post) with all replies. 24 24 + 25 25 + Path params: 26 26 + - id: Topic post ID (bigint as string) 27 27 + 28 28 + Returns: 29 29 + { 30 30 + "topicId": "1", 31 31 + "post": { 32 32 + "id": "1", 33 33 + "did": "did:plc:...", 34 34 + "rkey": "...", 35 35 + "text": "Topic text", 36 36 + "forumUri": "at://did:plc:.../space.atbb.forum.forum/self", 37 37 + "createdAt": "2024-01-01T00:00:00.000Z", 38 38 + "author": { 39 39 + "did": "did:plc:...", 40 40 + "handle": "user.bsky.social" 41 41 + } 42 42 + }, 43 43 + "replies": [ 44 44 + { 45 45 + "id": "2", 46 46 + "did": "did:plc:...", 47 47 + "rkey": "...", 48 48 + "text": "Reply text", 49 49 + "parentPostId": "1", 50 50 + "createdAt": "2024-01-01T00:00:00.000Z", 51 51 + "author": { 52 52 + "did": "did:plc:...", 53 53 + "handle": "user.bsky.social" 54 54 + } 55 55 + } 56 56 + ] 57 57 + } 58 58 + 59 59 + Returns 400 if ID is invalid. 60 60 + Returns 404 if topic not found. 61 61 + Maximum 1000 replies returned (defensive limit). 62 62 + }

+145

bruno/README.md

··· 1 1 + # atBB Bruno API Collections 2 2 + 3 3 + This directory contains [Bruno](https://www.usebruno.com/) API collections for testing and documenting the atBB forum API. 4 4 + 5 5 + ## Structure 6 6 + 7 7 + ``` 8 8 + bruno/ 9 9 + ├── environments/ # Environment configurations 10 10 + │ ├── local.bru # Local development (default) 11 11 + │ └── dev.bru # Development server 12 12 + └── AppView API/ # AppView API endpoints 13 13 + ├── Health/ # Health check 14 14 + ├── Auth/ # OAuth authentication flow 15 15 + ├── Forum/ # Forum metadata 16 16 + ├── Categories/ # Category management 17 17 + ├── Topics/ # Topic (thread) operations 18 18 + └── Posts/ # Post (reply) operations 19 19 + ``` 20 20 + 21 21 + ## Getting Started 22 22 + 23 23 + ### 1. Install Bruno 24 24 + 25 25 + Download and install Bruno from [usebruno.com](https://www.usebruno.com/) or via package manager: 26 26 + 27 27 + ```sh 28 28 + # macOS (Homebrew) 29 29 + brew install bruno 30 30 + 31 31 + # Arch Linux 32 32 + yay -S bruno-bin 33 33 + 34 34 + # Or download from GitHub releases 35 35 + ``` 36 36 + 37 37 + ### 2. Open the Collection 38 38 + 39 39 + 1. Launch Bruno 40 40 + 2. Click "Open Collection" 41 41 + 3. Navigate to `/path/to/atbb-monorepo/bruno` 42 42 + 4. Select the `bruno` folder 43 43 + 44 44 + ### 3. Start Your Local Servers 45 45 + 46 46 + ```sh 47 47 + # In the monorepo root 48 48 + pnpm dev 49 49 + ``` 50 50 + 51 51 + This will start: 52 52 + - AppView API at `http://localhost:3000` 53 53 + - Web UI at `http://localhost:3001` 54 54 + 55 55 + ### 4. Configure Environment Variables 56 56 + 57 57 + The `local` environment is pre-configured for local development. Update these variables in `environments/local.bru` as needed: 58 58 + 59 59 + - `appview_url` - AppView API base URL (default: `http://localhost:3000`) 60 60 + - `web_url` - Web UI base URL (default: `http://localhost:3001`) 61 61 + - `forum_did` - Forum DID from your `.env` file 62 62 + - `user_handle` - Your AT Protocol handle for testing auth (e.g., `user.bsky.social`) 63 63 + - `topic_id` - A valid topic ID for testing topic retrieval 64 64 + 65 65 + ## API Overview 66 66 + 67 67 + ### Health Check 68 68 + 69 69 + - **GET /api/healthz** - Service health status 70 70 + 71 71 + ### Authentication 72 72 + 73 73 + OAuth flow using `@atproto/oauth-client-node`: 74 74 + 75 75 + 1. **GET /api/auth/login?handle=user.bsky.social** - Initiate login 76 76 + 2. **GET /api/auth/callback** - OAuth callback (handled by PDS redirect) 77 77 + 3. **GET /api/auth/session** - Check current session 78 78 + 4. **GET /api/auth/logout** - Logout and revoke tokens 79 79 + 80 80 + **Note:** OAuth login requires a browser flow. Use the Web UI for interactive testing. 81 81 + 82 82 + ### Forum Data 83 83 + 84 84 + - **GET /api/forum** - Get forum metadata 85 85 + - **GET /api/categories** - List all categories 86 86 + - **GET /api/topics/:id** - Get topic with replies 87 87 + - **POST /api/topics** - Create new topic (requires auth) 88 88 + - **POST /api/posts** - Create reply (requires auth) 89 89 + 90 90 + ## Testing Authenticated Endpoints 91 91 + 92 92 + Authenticated endpoints (`POST /api/topics`, `POST /api/posts`) require a valid session cookie (`atbb_session`). Bruno's cookie jar will automatically store and send cookies. 93 93 + 94 94 + **To test authenticated endpoints:** 95 95 + 96 96 + 1. Use your browser to log in via the Web UI at `http://localhost:3001` 97 97 + 2. Use browser dev tools to copy the `atbb_session` cookie value 98 98 + 3. In Bruno, go to the collection settings and add a header: 99 99 + ``` 100 100 + Cookie: atbb_session=<your-cookie-value> 101 101 + ``` 102 102 + 103 103 + Or use Bruno's cookie management to manually set the cookie. 104 104 + 105 105 + ## Environment Variables Reference 106 106 + 107 107 + | Variable | Description | Example | 108 108 + |----------|-------------|---------| 109 109 + | `appview_url` | AppView API base URL | `http://localhost:3000` | 110 110 + | `web_url` | Web UI base URL | `http://localhost:3001` | 111 111 + | `forum_did` | Forum DID | `did:plc:abc123...` | 112 112 + | `user_handle` | Your AT Protocol handle | `user.bsky.social` | 113 113 + | `topic_id` | Valid topic ID for testing | `1` | 114 114 + 115 115 + ## Bruno Features Used 116 116 + 117 117 + - **Environments** - Switch between local/dev with one click 118 118 + - **Variables** - `{{variable}}` syntax for reusable values 119 119 + - **Assertions** - Automated response validation 120 120 + - **Documentation** - Inline docs for each endpoint 121 121 + - **Request chaining** - Variables can be set from responses (not used yet, but available) 122 122 + 123 123 + ## Tips 124 124 + 125 125 + - Use the **Environments dropdown** in Bruno to switch between local and dev 126 126 + - Each request includes a **Docs** tab explaining the endpoint 127 127 + - **Assertions** will automatically validate responses (green checkmark = passed) 128 128 + - Browse requests by category in the left sidebar 129 129 + - Requests are plain text files — they're versioned in git! 130 130 + 131 131 + ## Adding New Endpoints 132 132 + 133 133 + When you add new API routes: 134 134 + 135 135 + 1. Create a new `.bru` file in the appropriate folder 136 136 + 2. Follow the existing format (meta, get/post, headers, body, docs) 137 137 + 3. Use environment variables (`{{appview_url}}`) for URLs 138 138 + 4. Add assertions to validate responses 139 139 + 5. Commit the file — it's part of your API documentation! 140 140 + 141 141 + ## Resources 142 142 + 143 143 + - [Bruno Documentation](https://docs.usebruno.com/) 144 144 + - [AT Protocol Docs](https://atproto.com/) 145 145 + - [atBB Project Plan](../docs/atproto-forum-plan.md)

+5

bruno/bruno.json

··· 1 1 + { 2 2 + "version": "1", 3 3 + "name": "atBB", 4 4 + "type": "collection" 5 5 + }

+7

bruno/environments/dev.bru

··· 1 1 + vars { 2 2 + appview_url: https://api-dev.atbb.space 3 3 + web_url: https://dev.atbb.space 4 4 + forum_did: did:plc:example 5 5 + user_handle: user.bsky.social 6 6 + topic_id: 1 7 7 + }

+7

bruno/environments/local.bru

··· 1 1 + vars { 2 2 + appview_url: http://localhost:3000 3 3 + web_url: http://localhost:3001 4 4 + forum_did: did:plc:example 5 5 + user_handle: user.bsky.social 6 6 + topic_id: 1 7 7 + }