Skip to content

feat: reviews integration + Cloudflare Worker scaffold#1

Open
aaf2tbz wants to merge 1 commit intomainfrom
feat/reviews-integration
Open

feat: reviews integration + Cloudflare Worker scaffold#1
aaf2tbz wants to merge 1 commit intomainfrom
feat/reviews-integration

Conversation

@aaf2tbz
Copy link
Copy Markdown
Collaborator

@aaf2tbz aaf2tbz commented Mar 23, 2026

Summary

  • src/lib/reviews.ts — typed fetch helpers for the reviews API; safe DOM card builder (no innerHTML anywhere); star renderer + relative timestamp formatter
  • src/pages/index.astro — Recent Reviews section on the homepage; fetches from local Signet daemon in dev (localhost:3850), Cloudflare Worker in prod via PUBLIC_REVIEWS_ENDPOINT
  • worker/ — production-ready Cloudflare Worker (signet-reviews), ready to deploy

Worker details

Route Description
GET / Health check
GET /api/reviews Public paginated read, 30s cache header
POST /api/reviews/sync Batch upsert from signetai daemon

Security:

  • Rate limiting: 5 syncs/IP/60s (CF ratelimit binding)
  • CORS: restricted to CORS_ORIGIN env var (set to marketplace domain in prod)
  • Sync gate: X-Signet-Sync: 1 header required on POST
  • Input validation: UUID format, ISO timestamp range, field length caps, rating bounds
  • Body size cap: 512KB max request
  • Idempotent: upsert by review UUID — re-syncing is safe
  • No PII stored — only user-chosen displayName, no IPs or account IDs

Nicholai's finishing steps

See worker/DEPLOY.md — complete step-by-step guide:

  1. wrangler d1 create signet-reviews → paste ID into wrangler.toml
  2. wrangler d1 migrations apply signet-reviews --remote
  3. Set CORS_ORIGIN to marketplace domain in wrangler.toml
  4. wrangler deploy --env production
  5. Set PUBLIC_REVIEWS_ENDPOINT in Cloudflare Pages env vars
  6. Done — reviews flow automatically from user daemons

Test plan

  • Marketplace dev server (bun run dev) shows "Recent Reviews" section
  • Empty state renders correctly when no reviews exist
  • Review card renders: stars, name, target badge, title, body (3-line clamp)
  • Worker GET /api/reviews returns paginated results with summary
  • Worker POST /api/reviews/sync accepts valid daemon payload
  • Worker rejects oversized body (>512KB)
  • Worker rejects missing X-Signet-Sync header
  • Worker returns 429 after 5 rapid syncs from same IP
  • Worker returns 403 for cross-origin non-GET requests

🤖 Generated with Claude Code

@aaf2tbz @claude
feat: add reviews integration and Cloudflare Worker scaffold
e39a9fa 
- src/lib/reviews.ts — typed fetch helpers, star renderer, relative
  time formatter, safe DOM card builder (no innerHTML)
- src/pages/index.astro — Recent Reviews section on homepage; fetches
  from local daemon in dev (localhost:3850), Worker in prod via
  PUBLIC_REVIEWS_ENDPOINT env var
- worker/ — production Cloudflare Worker (signet-reviews):
  - D1 schema with target + updated_at indexes
  - GET /api/reviews — paginated public read, 30s cache
  - POST /api/reviews/sync — batch upsert from signetai daemon
  - Rate limiting (5 reqs/IP/60s), CORS origin guard, UUID + timestamp
    validation, body size cap (512KB), X-Signet-Sync header gate,
    idempotent upsert by review UUID
  - wrangler.toml with D1 + rate_limit bindings, prod CORS var
  - DEPLOY.md — step-by-step guide for Nicholai to finish setup

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@aaf2tbz aaf2tbz requested a review from NicholaiVogel March 23, 2026 07:09
@aaf2tbz aaf2tbz mentioned this pull request Mar 23, 2026
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@NicholaiVogel NicholaiVogel Awaiting requested review from NicholaiVogel

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@aaf2tbz