- Add project_media table with image/video variants, ordering, and metadata
- Implement multipart upload handlers with 50MB limit
- Generate blurhash placeholders and resize images to thumb/medium/full variants
- Update ProjectCard to use media carousel instead of mock gradients
- Add MediaManager component for drag-drop upload and reordering
- Binary renamed from 'api' to 'xevion' with full CLI command structure
- Authentication: login/logout with session persistence to .xevion-session
- API commands: projects, tags, settings CRUD operations with JSON/table output
- Serve command: run production server with configurable listen addresses
- Seed command: moved from bin/ to CLI subcommand for database initialization
- HTTP client abstraction supporting both TCP and Unix socket connections
- Forward x-request-id header through proxy and API calls
- Store RequestId in request extensions for downstream access
- Add AsyncLocalStorage context to correlate logs across async boundaries
- Improve migration logging to show pending changes before applying
- Reduce noise in logs (common OG images, health checks)
Convert string interpolation to structured fields in tracing/LogTape calls. Add target prefixes (rust::, bun:) to differentiate processes in combined logs.
Implements in-memory caching for SSR pages using moka with:
- Configurable fresh/stale TTLs (60s/300s defaults)
- Background refresh for stale entries
- Cache invalidation on project/tag mutations
- Pre-cached icon collections on startup
- Skips cache for authenticated requests
Extract reqwest client creation into dedicated HttpClient abstraction that handles both TCP and Unix socket connections transparently. Simplifies proxy logic by removing duplicate URL construction and client selection throughout the codebase.
- Split monolithic src/db.rs (1122 lines) into domain modules: projects, tags, settings
- Extract API handlers from main.rs into separate handler modules by domain
- Add proxy module for ISR/SSR coordination with Bun process
- Introduce AppState for shared application context
- Add utility functions for asset serving and request classification
- Remove obsolete middleware/auth.rs in favor of session checks in handlers
- Add dedicated /pgp page with key viewer and download options
- Support CLI-friendly endpoints (/publickey.asc, /pgp.asc, /.well-known/pgpkey.asc)
- Detect user-agent to serve raw key to curl/wget or HTML to browsers
- Add modal component for quick key access from homepage
- Embed static key file in Rust assets for efficient serving
- Remove priority field and sorting, switch to updated_at DESC
- Add icon field to tags table
- Split project description into name and short_description
- Implement full CRUD for projects (create, update, delete)
- Add admin stats endpoint (project counts by status)
- Add nullable color column to tags table with hex validation
- Build ColorPicker component with preset palette and custom hex input
- Apply tag colors to project cards via border styling
- Update all tag API endpoints to handle color field
- Add admin user management with Argon2 password hashing
- Implement session management with ULID-based tokens and 7-day expiry
- Add authentication middleware for protected routes and API endpoints
- Forward validated session to SvelteKit via trusted X-Session-User header
- Refactor admin panel to use server-side authentication checks
- Add tags, project_tags, and tag_cooccurrence tables with proper indexes
- Implement full CRUD API endpoints for tag management
- Add tag association endpoints for projects with automatic cooccurrence updates
- Include related tags and project filtering by tag functionality
- Add SQLx with Postgres support and migration system
- Create projects table with status enum and auto-updated timestamps
- Implement database queries and API response conversion layer
- Add Justfile commands for database management and seeding
- Integrate health checks for both Bun and database connectivity
- Prerender 20+ HTTP error codes (4xx/5xx) at build time
- Embed error pages in binary and serve via Axum
- Intercept error responses for HTML requests
- Add transient flag for retry-worthy errors (502/503/504)
Implements slow-drip response handler for known bot paths (wp-admin, phpmyadmin, etc.) to waste attacker resources. Includes per-IP and global connection limits, configurable delays, and random chunking. Also applies clippy lint fixes across codebase.
- Implement health check system with caching and singleflight pattern
- Add OG image generation via Satori with R2 storage backend
- Configure Railway deployment with health check endpoint
- Add connection pooling and Unix socket support for Bun SSR
- Block external access to internal routes (/internal/*)
Includes .dockerignore, Dockerfile with cargo-chef caching, and Justfile commands for building/running containerized app. Updates console-logger to support both JSON and pretty-printed logs based on LOG_JSON env var.
- Validate Content-Type for API requests (application/json only)
- Add HEAD method handlers for all routes
- Add 1MB request body limit
- Improve method not allowed responses with Allow header
- Add include_dir for serving /_app static bundles from binary
- Add console-logger.js for structured JSON logs from Bun
- Fix API routing edge cases and add method restrictions
- Axum-based API server with Unix socket and TCP support
- Custom tracing formatters for Railway-compatible JSON logs
- SvelteKit hooks and Vite plugin for unified logging
- Justfile updated for concurrent dev workflow with hl log viewer
