yvg/pounce
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
pounce/memory-bank/activeContext.md

91 lines
4.4 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Pounce - Active Context
## Current Status
Pounce Terminal fully functional with complete monitoring & notification system.
## Completed
- [x] Backend structure with FastAPI
- [x] Database models (User, Domain, DomainCheck, Subscription, TLDPrice, DomainHealthCache)
- [x] Domain checker service (WHOIS + RDAP + DNS)
- [x] Domain health checker (DNS, HTTP, SSL layers)
- [x] Authentication system (HttpOnly cookies + OAuth)
- [x] API endpoints for domain management
- [x] Tiered scheduler for domain checks (Scout=daily, Trader=hourly, Tycoon=10min)
- [x] Next.js frontend with dark terminal theme
- [x] Pounce Terminal with all modules (Radar, Market, Intel, Watchlist, Listing)
- [x] Intel page with tier-gated features
- [x] TLD price scraping from 5 registrars (Porkbun, Namecheap, Cloudflare, GoDaddy, Dynadot)
- [x] **Watchlist with automatic monitoring & alerts**
- [x] **Health check overlays with complete DNS/HTTP/SSL details**
- [x] **Instant alert toggle (no refresh needed)**
- [x] **Performance Phase 02 applied (scheduler split, DB/index fixes, cached health, dashboard summary, metrics, job queue scaffolding)**
## Recent Changes (Dec 2025)
### Security hardening
- **HttpOnly cookie auth** (no JWT in URLs / no token in `localStorage`)
- **OAuth redirect hardening** (state + redirect validation)
- **Blog HTML sanitization** on backend
- **Secrets removed from repo history** + `.gitignore` hardened
### Performance & architecture phases (0 → 2)
- **Scheduler split**: API runs with `ENABLE_SCHEDULER=false`, scheduler runs as separate process/container
- **Market feed**: bounded DB queries + pagination (no full table loads)
- **Health**: bulk cached endpoint (`/domains/health-cache`) + cache-first per-domain health
- **Radar**: single-call dashboard payload (`/dashboard/summary`) → fewer frontend round-trips
- **DB migrations**: idempotent indexes + optional columns for existing DBs
- **Auction scoring**: persisted `pounce_score` populated by scraper
- **Admin**: removed N+1 patterns in user listing/export
- **Observability**: Prometheus metrics (`/metrics`) + optional DB query timing
- **Job queue**: Redis + ARQ worker scaffolding + admin scraping enqueue
### Watchlist & Monitoring
1. **Automatic domain checks**: Runs based on subscription tier
2. **Email alerts when domain becomes available**: Sends immediately
3. **Expiry warnings**: Weekly check for domains expiring in <30 days
4. **Health status monitoring**: Daily health checks with caching
5. **Weekly digest emails**: Summary every Sunday
### Email Notifications Implemented
| Alert Type | Trigger |
|------------|---------|
| Domain Available | Domain becomes free |
| Expiry Warning | <30 days until expiry |
| Health Critical | Domain goes offline |
| Price Change | TLD price changes >5% |
| Sniper Match | Auction matches criteria |
| Weekly Digest | Every Sunday |
### UI Improvements
1. **Instant alert toggle**: Uses Zustand store for optimistic updates
2. **Less prominent check frequency**: Subtle footer instead of prominent banner
3. **Health modals**: Show complete DNS, HTTP, SSL details
4. **"Not public" for private registries**: .ch/.de show lock icon with tooltip
## Next Steps
1. **Configure SMTP on server** - Required for email alerts to work
2. **Run production stack with scheduler + worker** (Docker Compose includes `scheduler`, `worker`, `redis`)
3. **Monitor `/metrics`** and set alerts (p95 latency, DB query time, job failures)
4. **Run load test** (`loadtest/k6/api-smoke.js`) after each deployment
## Server Deployment Checklist
- [ ] Set `SMTP_*` environment variables (see `env.example`)
- [ ] Set `STRIPE_*` for payments
- [ ] Set `GOOGLE_*` and `GITHUB_*` for OAuth
- [ ] Run `python scripts/init_db.py`
- [ ] Run `python scripts/seed_tld_prices.py`
- [ ] Start with PM2: `pm2 start "uvicorn app.main:app --host 0.0.0.0 --port 8000"`
## Design Decisions
- **Dark terminal theme** with emerald accent (#10b981)
- **Tier-gated features**: Scout (free), Trader ($9), Tycoon ($29)
- **Real data priority**: Always prefer DB data over simulations
- **Multiple registrar sources**: For accurate price comparison
- **Optimistic UI updates**: Instant feedback without API round-trip
## Known Considerations
- Email alerts require SMTP configuration
- Some TLDs (.ch, .de) don't publish expiration dates publicly
- SSL checks may fail on local dev (certificate chain issues)
- Scheduler should not run in the API process in production (avoid duplicate jobs with multiple API workers)
Reference in New Issue View Git Blame Copy Permalink