From 5ffc782584db60750f8d696793d771e380ced192 Mon Sep 17 00:00:00 2001 From: Grayson Adams <51373669+GraysonCAdams@users.noreply.github.com> Date: Mon, 2 Mar 2026 22:37:00 -0600 Subject: [PATCH 1/2] docs: update data model, API, and architecture for v1.11.0 Add creatorName/creatorUrl to clips table and API response docs, document favorite-reaction sync behavior, and update ViewersSheet component description. --- docs/api.md | 6 +++--- docs/architecture.md | 2 +- docs/data-model.md | 2 ++ 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/docs/api.md b/docs/api.md index f394c40..2ddd7ac 100644 --- a/docs/api.md +++ b/docs/api.md @@ -73,7 +73,7 @@ Response: { "clips": [...], "hasMore": true } ``` Only returns clips with `status: 'ready'`. Default sort is `oldest` (chronological). `round-robin` interleaves clips across members so no single poster dominates the feed. The `watched` filter sorts by most-recently-watched instead. -Each clip includes: id, originalUrl, title, addedByUsername, addedByAvatar, status, durationSeconds, platform, contentType, createdAt, watched, favorited, reactions, commentCount, unreadCommentCount, viewCount, seenByOthers. +Each clip includes: id, originalUrl, title, addedByUsername, addedByAvatar, status, durationSeconds, platform, contentType, creatorName, creatorUrl, createdAt, watched, favorited, reactions, commentCount, unreadCommentCount, viewCount, seenByOthers. ### POST /api/clips ``` @@ -92,7 +92,7 @@ Response: { "ok": true, "clipId": "...", "status": "downloading" } (201 Create ### GET /api/clips/[id] Returns full clip detail with user context, interaction state, and metadata. ``` -Response: { id, originalUrl, videoPath, audioPath, thumbnailPath, title, artist, albumArt, spotifyUrl, appleMusicUrl, youtubeMusicUrl, addedBy, addedByUsername, addedByAvatar, platform, status, contentType, durationSeconds, watched, favorited, reactions, commentCount, unreadCommentCount, viewCount, seenByOthers, createdAt, canEditCaption } +Response: { id, originalUrl, videoPath, audioPath, thumbnailPath, title, artist, albumArt, spotifyUrl, appleMusicUrl, youtubeMusicUrl, addedBy, addedByUsername, addedByAvatar, platform, status, contentType, durationSeconds, creatorName, creatorUrl, watched, favorited, reactions, commentCount, unreadCommentCount, viewCount, seenByOthers, createdAt, canEditCaption } ``` ### PATCH /api/clips/[id] @@ -134,7 +134,7 @@ Response: { "watched": true } ``` ### POST /api/clips/[id]/favorite -Toggles favorite on/off. +Toggles favorite on/off. Also syncs with reactions: favoriting creates a ❤️ reaction (with notification), unfavoriting removes the paired ❤️ reaction and its notification. ``` Response: { "favorited": true } ``` diff --git a/docs/architecture.md b/docs/architecture.md index 2672859..a88fc02 100644 --- a/docs/architecture.md +++ b/docs/architecture.md @@ -84,7 +84,7 @@ scrolly/ │ │ │ ├── BaseSheet.svelte # Shared drag-to-dismiss bottom sheet base │ │ │ ├── ClipOverlay.svelte # Full-screen single-clip overlay view │ │ │ ├── CommentsSheet.svelte # Bottom sheet for comments -│ │ │ ├── ViewersSheet.svelte # Bottom sheet for view list +│ │ │ ├── ViewersSheet.svelte # Floating panel for view list │ │ │ ├── ActivitySheet.svelte # Bottom sheet for in-app notifications │ │ │ ├── GifPicker.svelte # GIPHY search/picker (full or compact carousel mode) │ │ │ ├── AddVideo.svelte # Add video form diff --git a/docs/data-model.md b/docs/data-model.md index ba24314..4f06664 100644 --- a/docs/data-model.md +++ b/docs/data-model.md @@ -61,6 +61,8 @@ SQLite database via Drizzle ORM. All IDs are UUIDs stored as text. Timestamps ar | apple_music_url | text | Nullable. Cross-platform Apple Music link (music clips). | | youtube_music_url | text | Nullable. Cross-platform YouTube Music link (music clips). | | file_size_bytes | integer | Nullable. File size for storage tracking. | +| creator_name | text | Nullable. Original content creator name (from yt-dlp metadata). | +| creator_url | text | Nullable. Original content creator profile URL. | | created_at | integer | Unix timestamp | Unique index on `(group_id, original_url)` — prevents duplicate URLs within a group. From ca32b318c65baa0898bfcb76c81dd18b0a171d64 Mon Sep 17 00:00:00 2001 From: Grayson Adams <51373669+GraysonCAdams@users.noreply.github.com> Date: Mon, 2 Mar 2026 22:42:50 -0600 Subject: [PATCH 2/2] fix(ci): always run CodeQL on PRs for code scanning ruleset The Code Scanning Security ruleset requires CodeQL results on every PR. Only skip CodeQL on push events when no security-relevant files changed. --- .github/workflows/security.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index e47a68b..56e8ae4 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -55,11 +55,11 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 15 needs: [changes] - # Only run when security-relevant files changed (not a required check — - # branch protection only requires "security-status" which handles skips). + # Always run on PRs (Code Scanning Security ruleset requires CodeQL results). + # On push/schedule, only run when security-relevant files changed. if: | !inputs.skip_codeql && - (needs.changes.outputs.security_relevant == 'true' || github.event_name == 'schedule' || github.event_name == 'workflow_dispatch') + (github.event_name == 'pull_request' || needs.changes.outputs.security_relevant == 'true' || github.event_name == 'schedule' || github.event_name == 'workflow_dispatch') permissions: security-events: write steps: