Initialize eng-pad-server with project documentation

- README.md: project overview, quick start, build commands - CLAUDE.md: AI dev context, source tree, key conventions - ARCHITECTURE.md: full system spec covering data model, auth (password + FIDO2/U2F), gRPC sync API, REST API, SVG/JPG/PDF rendering, web UI, configuration, deployment, security - PROJECT_PLAN.md: 11 phases with discrete checkboxable steps - PROGRESS.md: decision log and completion tracking Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-24 19:42:38 -07:00
commit 0cce04b5b8
5 changed files with 672 additions and 0 deletions
--- a/PROJECT_PLAN.md
+++ b/PROJECT_PLAN.md
@@ -0,0 +1,148 @@
+# PROJECT_PLAN.md — eng-pad-server Implementation Steps
+
+This file tracks all implementation steps. Check off steps as they are
+completed and log them in PROGRESS.md.
+
+## Phase 0: Project Setup
+
+- [ ] 0.1: Initialize Go module (`git.wntrmute.dev/kyle/eng-pad-server`)
+- [ ] 0.2: Create Makefile with standard targets
+- [ ] 0.3: Configure `.golangci.yaml`
+- [ ] 0.4: Create `.gitignore`
+- [ ] 0.5: Create example config `deploy/examples/eng-pad-server.toml`
+- **Verify:** `make build`
+
+## Phase 1: Database + Config
+
+- [ ] 1.1: TOML config loading
+  - `internal/config/config.go`
+- [ ] 1.2: SQLite database setup (WAL, foreign keys, busy timeout)
+  - `internal/db/db.go`
+- [ ] 1.3: Schema migrations (users, notebooks, pages, strokes, share_links, webauthn_credentials)
+  - `internal/db/migrations.go`
+- [ ] 1.4: Unit tests for migrations
+- **Verify:** `make test`
+
+## Phase 2: Auth — Password
+
+- [ ] 2.1: Argon2id password hashing + verification
+  - `internal/auth/argon2.go`
+- [ ] 2.2: Bearer token generation, storage, validation
+  - `internal/auth/tokens.go`
+- [ ] 2.3: User creation (for `init` command)
+- [ ] 2.4: Unit tests for auth
+- **Verify:** `make test`
+
+## Phase 3: CLI
+
+- [ ] 3.1: Cobra CLI scaffold
+  - `cmd/eng-pad-server/main.go`
+- [ ] 3.2: `init` command — create DB, prompt for admin user
+  - `cmd/eng-pad-server/init.go`
+- [ ] 3.3: `server` command — start gRPC + REST + web servers
+  - `cmd/eng-pad-server/server.go`
+- [ ] 3.4: `snapshot` command — VACUUM INTO backup
+- [ ] 3.5: `status` command — health check
+- **Verify:** `make all && ./eng-pad-server init`
+
+## Phase 4: gRPC Sync Service
+
+- [ ] 4.1: Proto definitions
+  - `proto/engpad/v1/sync.proto`
+- [ ] 4.2: Generate Go code
+  - `make proto`
+- [ ] 4.3: gRPC server setup with TLS
+  - `internal/grpcserver/server.go`
+- [ ] 4.4: Auth interceptor (username/password from metadata)
+  - `internal/grpcserver/interceptors.go`
+- [ ] 4.5: SyncNotebook handler (upsert: delete + re-insert)
+  - `internal/grpcserver/sync.go`
+- [ ] 4.6: DeleteNotebook handler
+- [ ] 4.7: ListNotebooks handler
+- [ ] 4.8: Unit tests for sync
+- **Verify:** `make test` + manual gRPC test with `grpcurl`
+
+## Phase 5: Rendering
+
+- [ ] 5.1: SVG rendering — strokes to SVG path elements
+  - `internal/render/svg.go`
+- [ ] 5.2: JPG rendering — rasterize page at 300 DPI
+  - `internal/render/jpg.go`
+- [ ] 5.3: PDF rendering — notebook to multi-page PDF
+  - `internal/render/pdf.go`
+- [ ] 5.4: Unit tests — verify SVG output, JPG dimensions, PDF page count
+- **Verify:** `make test`
+
+## Phase 6: REST API
+
+- [ ] 6.1: chi router setup with TLS
+  - `internal/server/server.go`, `routes.go`
+- [ ] 6.2: Auth middleware (bearer token validation)
+  - `internal/server/middleware.go`
+- [ ] 6.3: Login endpoint
+  - `internal/server/auth.go`
+- [ ] 6.4: Notebook/page endpoints (JSON metadata)
+  - `internal/server/notebooks.go`
+- [ ] 6.5: Rendering endpoints (SVG, JPG, PDF)
+- [ ] 6.6: Unit tests for API
+- **Verify:** `make test` + manual curl
+
+## Phase 7: Share Links
+
+- [ ] 7.1: Token generation + storage
+  - `internal/share/share.go`
+- [ ] 7.2: gRPC RPCs — CreateShareLink, RevokeShareLink, ListShareLinks
+  - `internal/grpcserver/share.go`
+- [ ] 7.3: REST endpoints — /s/:token routes
+- [ ] 7.4: Expiry enforcement (check on access, periodic cleanup)
+- [ ] 7.5: Unit tests
+- **Verify:** `make test`
+
+## Phase 8: Web UI
+
+- [ ] 8.1: Template skeleton — layout.html, navigation
+  - `web/templates/layout.html`
+- [ ] 8.2: Login page (password + WebAuthn)
+  - `web/templates/login.html`
+- [ ] 8.3: Notebook list page
+  - `web/templates/notebooks.html`
+- [ ] 8.4: Notebook view page (page grid with SVG thumbnails)
+  - `web/templates/notebook.html`
+- [ ] 8.5: Page viewer (embedded SVG, export buttons)
+  - `web/templates/page.html`
+- [ ] 8.6: Shared notebook/page views (same templates, no auth chrome)
+- [ ] 8.7: Web server setup + embed
+  - `internal/webserver/`, `web/embed.go`
+- **Verify:** manual browser test
+
+## Phase 9: FIDO2/U2F (WebAuthn)
+
+- [ ] 9.1: WebAuthn integration with `go-webauthn/webauthn`
+  - `internal/auth/webauthn.go`
+- [ ] 9.2: Registration endpoints (begin/finish)
+- [ ] 9.3: Login endpoints (begin/finish)
+- [ ] 9.4: Key management UI (list keys, add key, remove key)
+- [ ] 9.5: Unit tests
+- **Verify:** manual test with security key
+
+## Phase 10: Deployment
+
+- [ ] 10.1: Dockerfile (multi-stage, non-root)
+- [ ] 10.2: systemd units (service, backup timer)
+  - `deploy/systemd/`
+- [ ] 10.3: Install script
+  - `deploy/scripts/install.sh`
+- [ ] 10.4: Graceful shutdown (SIGINT/SIGTERM)
+- **Verify:** `make docker && docker run`
+
+## Phase 11: Android App Sync Integration
+
+_(Implemented in the eng-pad repo, not here)_
+
+- [ ] 11.1: gRPC client dependency (protobuf-lite)
+- [ ] 11.2: SyncClient.kt — gRPC channel + stub
+- [ ] 11.3: SyncManager.kt — serialize notebook to proto, call sync
+- [ ] 11.4: Sync settings screen (server URL, username, password)
+- [ ] 11.5: Notebook overflow menu — "Sync to server"
+- [ ] 11.6: Library — "Sync all" button
+- [ ] 11.7: Sync status indicator on notebook cards