Skip to content

feat: gist-to-repo identity shift with philosophy-first agent experience#21

Open
simonbc wants to merge 72 commits into
mainfrom
gist-to-repo
Open

feat: gist-to-repo identity shift with philosophy-first agent experience#21
simonbc wants to merge 72 commits into
mainfrom
gist-to-repo

Conversation

@simonbc

@simonbc simonbc commented Apr 13, 2026

Copy link
Copy Markdown
Contributor

Summary

Transforms Jottit from a markdown publisher into a capture-and-publish tool, with a focus on the developer agent experience.

Profile & Identity

  • Unified signin/signup flow (removed user_exists gate)
  • Profile setup flow with avatar upload, username selection
  • Redirect signed-in users to their profile
  • Empty-state profile with getting-started checklist
  • INDEX.md support for profile landing pages
  • Visibility badges and private/unlisted/listed/pinned states

Connect Agent Experience

  • Connect Agent settings page with copy-paste setup prompt
  • Philosophy-first agent-setup endpoint: teaches AI when to capture and how to write, not just API endpoints
  • MCP+OAuth integration for Claude Code
  • AGENTS special page support in conventions
  • API token management

Homepage & Landing

  • Below-fold sections: how it works, agent angle, bottom CTA
  • Landing page redesign with email signup form

Security Fixes

  • Block non-owner access to private page revision history (regression fix)
  • Rotate agent tokens on regeneration instead of creating duplicates

Test Coverage

Tests: 328 → 354 (+26 new). All pass.

Coverage audit: 7/7 code paths tested (100%) for the philosophy changes.

Pre-Landing Review

No issues found in the philosophy implementation (3 files, 73 lines).

Adversarial Review

Claude + Codex adversarial review found pre-existing branch issues:

  • [FIXED] Private revision history accessible to non-owners
  • [FIXED] Unbounded duplicate token creation on setup prompt
  • [NOTED] Rate limiter uses in-memory storage (per-process)
  • [NOTED] MCP defaults to unlisted vs API defaults to private (intentional: MCP is for anonymous/unclaimed pages)

TODOS

  • Created TODOS.md with follow-up: add philosophy/workflow guidance to MCP tool descriptions

Test plan

  • All pytest tests pass (354 tests, 0 failures)
  • New tests: agent-setup philosophy/workflow/conventions fields
  • Regression test: private page revision access blocked

🤖 Generated with Claude Code

simonbc added 30 commits April 13, 2026 10:34
simonbc added 30 commits April 13, 2026 13:04
Add check_page_visibility to view_revision endpoint to prevent
non-owners from accessing revision history of private pages.

Rotate mcp-default token on regeneration instead of creating
duplicates, preventing unbounded token accumulation.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant