Yves Gugger
bb7ce97330
Some checks failed
CI / Frontend Lint & Type Check (push) Has been cancelled
CI / Frontend Build (push) Has been cancelled
CI / Backend Lint (push) Has been cancelled
CI / Backend Tests (push) Has been cancelled
CI / Docker Build (push) Has been cancelled
CI / Security Scan (push) Has been cancelled
Deploy / Build & Push Images (push) Has been cancelled
Deploy / Deploy to Server (push) Has been cancelled
Deploy / Notify (push) Has been cancelled
5.3 KiB
5.3 KiB
Pounce - Active Context
Current Status
Pounce Terminal fully functional with complete monitoring & notification system.
Completed
- Backend structure with FastAPI
- Database models (User, Domain, DomainCheck, Subscription, TLDPrice, DomainHealthCache)
- Domain checker service (WHOIS + RDAP + DNS)
- Domain health checker (DNS, HTTP, SSL layers)
- Authentication system (HttpOnly cookies + OAuth)
- API endpoints for domain management
- Tiered scheduler for domain checks (Scout=daily, Trader=hourly, Tycoon=10min)
- Next.js frontend with dark terminal theme
- Pounce Terminal with all modules (Radar, Market, Intel, Watchlist, Listing)
- Intel page with tier-gated features
- TLD price scraping from 5 registrars (Porkbun, Namecheap, Cloudflare, GoDaddy, Dynadot)
- Watchlist with automatic monitoring & alerts
- Health check overlays with complete DNS/HTTP/SSL details
- Instant alert toggle (no refresh needed)
- Performance Phase 0–2 applied (scheduler split, DB/index fixes, cached health, dashboard summary, metrics, job queue scaffolding)
Recent Changes (Dec 2025)
Security hardening
- HttpOnly cookie auth (no JWT in URLs / no token in
localStorage) - OAuth redirect hardening (state + redirect validation)
- Blog HTML sanitization on backend
- Secrets removed from repo history +
.gitignorehardened
Performance & architecture phases (0 → 2)
- Scheduler split: API runs with
ENABLE_SCHEDULER=false, scheduler runs as separate process/container - Market feed: bounded DB queries + pagination (no full table loads)
- Health: bulk cached endpoint (
/domains/health-cache) + cache-first per-domain health - Radar: single-call dashboard payload (
/dashboard/summary) → fewer frontend round-trips - DB migrations: idempotent indexes + optional columns for existing DBs
- Auction scoring: persisted
pounce_scorepopulated by scraper - Admin: removed N+1 patterns in user listing/export
- Observability: Prometheus metrics (
/metrics) + optional DB query timing - Job queue: Redis + ARQ worker scaffolding + admin scraping enqueue
Ops & Deliverability (4B)
- DB backups: server-side backups (SQLite copy + integrity_check / Postgres pg_dump + pg_restore --list) + Admin UI trigger
- Ops alerting without Docker: hourly scheduler job checks backup freshness + 24h funnel signals and emails ops alerts (with cooldown)
- Business KPIs in /metrics: cached gauges derived from
telemetry_events(1d + Nd windows) - Newsletter deliverability: List-Unsubscribe (one-click) + one-click unsubscribe endpoint
Watchlist & Monitoring
- Automatic domain checks: Runs based on subscription tier
- Email alerts when domain becomes available: Sends immediately
- Expiry warnings: Weekly check for domains expiring in <30 days
- Health status monitoring: Daily health checks with caching
- Weekly digest emails: Summary every Sunday
Email Notifications Implemented
| Alert Type | Trigger |
|---|---|
| Domain Available | Domain becomes free |
| Expiry Warning | <30 days until expiry |
| Health Critical | Domain goes offline |
| Price Change | TLD price changes >5% |
| Sniper Match | Auction matches criteria |
| Weekly Digest | Every Sunday |
UI Improvements
- Instant alert toggle: Uses Zustand store for optimistic updates
- Less prominent check frequency: Subtle footer instead of prominent banner
- Health modals: Show complete DNS, HTTP, SSL details
- "Not public" for private registries: .ch/.de show lock icon with tooltip
Next Steps
- Enable email verification in production: set
REQUIRE_EMAIL_VERIFICATION=true(forces verify before login) - Enable ops alerts: set
OPS_ALERTS_ENABLED=true+OPS_ALERT_RECIPIENTS=...(and keep SMTP configured) - Continue Unicorn focus: 3A Programmatic SEO (indexation + template pages + sitemap) + 3C Viral Loop (invite codes + attribution + powered-by surfaces + referral KPIs + referral rewards/badges)
- Run load test (
loadtest/k6/api-smoke.js) after each deployment
Server Deployment Checklist
- Set
SMTP_*environment variables (seeenv.example) - Set
STRIPE_*for payments - Set
GOOGLE_*andGITHUB_*for OAuth - Set
REQUIRE_EMAIL_VERIFICATION=true - (optional) Set
OPS_ALERTS_ENABLED=true+OPS_ALERT_RECIPIENTS=ops@... - Run
python scripts/init_db.py - Run
python scripts/seed_tld_prices.py - Start with PM2:
pm2 start "uvicorn app.main:app --host 0.0.0.0 --port 8000"
Design Decisions
- Dark terminal theme with emerald accent (#10b981)
- Tier-gated features: Scout (free), Trader ($9), Tycoon ($29)
- Real data priority: Always prefer DB data over simulations
- Multiple registrar sources: For accurate price comparison
- Optimistic UI updates: Instant feedback without API round-trip
Known Considerations
- Email alerts require SMTP configuration
- Ops alert cooldown is in-memory (resets on process restart); consider persisting if needed
- Some TLDs (.ch, .de) don't publish expiration dates publicly
- SSL checks may fail on local dev (certificate chain issues)
- Scheduler should not run in the API process in production (avoid duplicate jobs with multiple API workers)