yvg/pounce
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
pounce/memory-bank/activeContext.md

4.4 KiB
Raw Blame History

Pounce - Active Context

Current Status

Pounce Terminal fully functional with complete monitoring & notification system.

Completed

  • Backend structure with FastAPI
  • Database models (User, Domain, DomainCheck, Subscription, TLDPrice, DomainHealthCache)
  • Domain checker service (WHOIS + RDAP + DNS)
  • Domain health checker (DNS, HTTP, SSL layers)
  • Authentication system (HttpOnly cookies + OAuth)
  • API endpoints for domain management
  • Tiered scheduler for domain checks (Scout=daily, Trader=hourly, Tycoon=10min)
  • Next.js frontend with dark terminal theme
  • Pounce Terminal with all modules (Radar, Market, Intel, Watchlist, Listing)
  • Intel page with tier-gated features
  • TLD price scraping from 5 registrars (Porkbun, Namecheap, Cloudflare, GoDaddy, Dynadot)
  • Watchlist with automatic monitoring & alerts
  • Health check overlays with complete DNS/HTTP/SSL details
  • Instant alert toggle (no refresh needed)
  • Performance Phase 02 applied (scheduler split, DB/index fixes, cached health, dashboard summary, metrics, job queue scaffolding)

Recent Changes (Dec 2025)

Security hardening

  • HttpOnly cookie auth (no JWT in URLs / no token in localStorage)
  • OAuth redirect hardening (state + redirect validation)
  • Blog HTML sanitization on backend
  • Secrets removed from repo history + .gitignore hardened

Performance & architecture phases (0 → 2)

  • Scheduler split: API runs with ENABLE_SCHEDULER=false, scheduler runs as separate process/container
  • Market feed: bounded DB queries + pagination (no full table loads)
  • Health: bulk cached endpoint (/domains/health-cache) + cache-first per-domain health
  • Radar: single-call dashboard payload (/dashboard/summary) → fewer frontend round-trips
  • DB migrations: idempotent indexes + optional columns for existing DBs
  • Auction scoring: persisted pounce_score populated by scraper
  • Admin: removed N+1 patterns in user listing/export
  • Observability: Prometheus metrics (/metrics) + optional DB query timing
  • Job queue: Redis + ARQ worker scaffolding + admin scraping enqueue

Watchlist & Monitoring

  1. Automatic domain checks: Runs based on subscription tier
  2. Email alerts when domain becomes available: Sends immediately
  3. Expiry warnings: Weekly check for domains expiring in <30 days
  4. Health status monitoring: Daily health checks with caching
  5. Weekly digest emails: Summary every Sunday

Email Notifications Implemented

Alert Type Trigger
Domain Available Domain becomes free
Expiry Warning <30 days until expiry
Health Critical Domain goes offline
Price Change TLD price changes >5%
Sniper Match Auction matches criteria
Weekly Digest Every Sunday

UI Improvements

  1. Instant alert toggle: Uses Zustand store for optimistic updates
  2. Less prominent check frequency: Subtle footer instead of prominent banner
  3. Health modals: Show complete DNS, HTTP, SSL details
  4. "Not public" for private registries: .ch/.de show lock icon with tooltip

Next Steps

  1. Configure SMTP on server - Required for email alerts to work
  2. Run production stack with scheduler + worker (Docker Compose includes scheduler, worker, redis)
  3. Monitor /metrics and set alerts (p95 latency, DB query time, job failures)
  4. Run load test (loadtest/k6/api-smoke.js) after each deployment

Server Deployment Checklist

  • Set SMTP_* environment variables (see env.example)
  • Set STRIPE_* for payments
  • Set GOOGLE_* and GITHUB_* for OAuth
  • Run python scripts/init_db.py
  • Run python scripts/seed_tld_prices.py
  • Start with PM2: pm2 start "uvicorn app.main:app --host 0.0.0.0 --port 8000"

Design Decisions

  • Dark terminal theme with emerald accent (#10b981)
  • Tier-gated features: Scout (free), Trader ($9), Tycoon ($29)
  • Real data priority: Always prefer DB data over simulations
  • Multiple registrar sources: For accurate price comparison
  • Optimistic UI updates: Instant feedback without API round-trip

Known Considerations

  • Email alerts require SMTP configuration
  • Some TLDs (.ch, .de) don't publish expiration dates publicly
  • SSL checks may fail on local dev (certificate chain issues)
  • Scheduler should not run in the API process in production (avoid duplicate jobs with multiple API workers)