398ja · tcheeric · Dec 31, 2025 · Dec 31, 2025 · Dec 31, 2025 · Dec 31, 2025
diff --git a/.commitlintrc.yml b/.commitlintrc.yml
@@ -0,0 +1,54 @@
+---
+extends: '@commitlint/config-conventional'
+
+rules:
+  # See: https://commitlint.js.org/reference/rules.html
+  #
+  # Rules are made up by a name and a configuration array. The configuration
+  # array contains:
+  #
+  # * Severity [0..2]: 0 disable rule, 1 warning if violated, or 2 error if
+  #   violated
+  # * Applicability [always|never]: never inverts the rule
+  # * Value: value to use for this rule (if applicable)
+  #
+  # Run `npx commitlint --print-config` to see the current setting for all rules.
+
+  header-max-length:      [2, always, 100]        # Header can not exceed 100 chars
+
+  type-case:              [2, always, lower-case] # Type must be lower case
+  type-empty:             [2, never]              # Type must not be empty
+
+  # Supported conventional commit types
+  type-enum:              [2, always, [build, ci, chore, docs, feat, fix, perf, refactor, revert, style, test]]
+
+  scope-case:             [2, always, lower-case] # Scope must be lower case
+
+  # Error if subject is one of these cases (encourages lower-case)
+  subject-case:           [2, never, [sentence-case, start-case, pascal-case, upper-case]]
+  subject-empty:          [2, never]              # Subject must not be empty
+  subject-full-stop:      [2, never, "."]         # Subject must not end with a period
+
+  body-leading-blank:     [2, always]             # Body must have a blank line before it
+  body-max-line-length:   [2, always, 100]        # Body lines can not exceed 100 chars
+
+  footer-leading-blank:   [2, always]             # Footer must have a blank line before it
+  footer-max-line-length: [2, always, 100]        # Footer lines can not exceed 100 chars
+
+  # ------------------------------------------------------------
+  # BREAKING CHANGES — guidance (informational; not enforced):
+  #
+  # How to mark a breaking change (either or both):
+  # 1) Put "!" in the header after the type or scope, e.g.:
+  #      feat!: drop support for node 14
+  #      refactor(auth)!: remove legacy token flow
+  #
+  # 2) Add a footer that starts with:
+  #      BREAKING CHANGE: <short summary>
+  #    Follow with impact/migration details, each line ≤ 100 chars.
+  #
+  # This config already allows both patterns via @commitlint/config-conventional.
+  # Note: commitlint cannot (in YAML) *require* a BREAKING CHANGE footer only
+  # when "!" is used. If you need that kind of conditional enforcement, use a
+  # JS config (*.cjs) with a custom rule.
+  # ------------------------------------------------------------
diff --git a/.github/copilot-instructions.md b/.github/copilot-instructions.md
@@ -0,0 +1,30 @@
+# GitHub Copilot Instructions
+
+This repository implements Bottin, a NIP-05 registry service for Nostr. When using GitHub Copilot, keep the following guidelines in mind:
+
+## Commit Messages
+
+- Use Conventional Commits as defined in [.commitlintrc.yml](../.commitlintrc.yml).
+- Allowed types: `build`, `ci`, `chore`, `docs`, `feat`, `fix`, `perf`, `refactor`, `revert`, `style`, `test`.
+- Header max 100 characters, lowercase type and scope.
+- Example: `feat(api): add domain verification endpoint`
+
+## Code Guidelines
+
+- Maintain Java 21 compatibility and update `pom.xml` for new dependencies.
+- Use Spring Boot conventions for controllers, services, and repositories.
+- Remove unused imports.
+- Run `mvn -q verify` before committing code.
+
+## Protocol
+
+- Follow the [NIP-05 specification](https://github.com/nostr-protocol/nips/blob/master/05.md) for identity verification endpoints.
+- The `/.well-known/nostr.json` endpoint must return valid NIP-05 responses.
+
+## Pull Requests
+
+- Ensure pull requests include a clear description and test results.
+- Reference related issues using `Closes #123` when applicable.
+- Document new features in the README or related docs.
+
+These instructions help Copilot produce code that respects the repository's conventions and Nostr protocol requirements.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,28 @@
+version: 2
+
+# Private registries used by Dependabot
+registries:
+  maven-releases:
+    type: maven-repository
+    url: https://maven.398ja.xyz/releases
+    username: ${{secrets.MVN_USER}}
+    password: ${{secrets.MVN_PASSWORD}}
+  maven-snapshots:
+    type: maven-repository
+    url: https://maven.398ja.xyz/snapshots
+    username: ${{secrets.MVN_USER}}
+    password: ${{secrets.MVN_PASSWORD}}
+
+updates:
+  - package-ecosystem: "maven"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 5
+    target-branch: "develop"
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 5
+    target-branch: "develop"
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
@@ -0,0 +1,17 @@
+## Summary
+<!-- What motivated this change? -->
+
+## What changed?
+<!-- Provide a concise summary of the changes. -->
+
+## Breaking changes
+- [ ] BREAKING: this change introduces breaking API or behavior
+
+## Review focus
+<!-- Highlight areas that need the most attention from reviewers. -->
+
+## Checklist
+- [ ] Tests added or updated
+- [ ] `mvn -q verify` passes
+- [ ] Documentation updated (README, docs, etc.)
+- [ ] No unused imports
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -0,0 +1,45 @@
+name: CI
+
+on:
+  push:
+    branches: [main, develop]
+  pull_request:
+    branches: [main, develop]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v5
+      - uses: actions/setup-java@v5
+        with:
+          java-version: '21'
+          distribution: 'temurin'
+          cache: 'maven'
+      - name: Build with Maven
+        run: mvn -q verify
+      - name: Upload surefire reports
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: surefire-reports
+          path: '**/target/surefire-reports'
+          if-no-files-found: ignore
+      - name: Upload JaCoCo coverage
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: jacoco-exec
+          path: '**/target/jacoco.exec'
+          if-no-files-found: ignore
+      - name: Upload coverage to Codecov
+        uses: codecov/codecov-action@v5
+        with:
+          files: '**/target/site/jacoco/jacoco.xml'
+          token: ${{ secrets.CODECOV_TOKEN }}
+      - name: Upload test results to Codecov
+        if: ${{ !cancelled() }}
+        uses: codecov/test-results-action@v1
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+          files: '**/target/surefire-reports/*.xml'
diff --git a/.github/workflows/enforce_conventional_commits.yml b/.github/workflows/enforce_conventional_commits.yml
@@ -0,0 +1,29 @@
+name: Conventional Commits
+
+permissions:
+  contents: read
+  pull-requests: read
+
+on:
+  pull_request:
+    branches:
+      - main
+      - develop
+
+jobs:
+  commit-lint:
+    name: Verify Conventional Commits
+    if: (github.event_name == 'pull_request' && !startsWith(github.event.pull_request.head.ref, 'release-please--'))
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+        with:
+          fetch-depth: 0
+
+      - name: Check Commit Messages
+        uses: wagoid/commitlint-github-action@v6
+        with:
+          configFile: .commitlintrc.yml
+          token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/google-java-format.yml b/.github/workflows/google-java-format.yml
@@ -0,0 +1,25 @@
+name: Format
+
+on:
+  pull_request:
+    branches:
+      - main
+
+permissions:
+  contents: write
+
+jobs:
+
+  formatting:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v5
+      - name: Set up JDK 21
+        uses: actions/setup-java@v5
+        with:
+          distribution: 'temurin'
+          java-version: '21'
+      - uses: axel-op/googlejavaformat-action@v4
+        with:
+          args: "--replace"
+          github-token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/qodana.yml b/.github/workflows/qodana.yml
@@ -0,0 +1,28 @@
+name: Qodana
+on:
+  workflow_dispatch:
+  pull_request:
+  push:
+    branches:
+      - main
+      - develop
+
+jobs:
+  qodana:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+      checks: write
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}  # to check out the actual pull request commit, not the merge commit
+          fetch-depth: 0  # a full history is required for pull request analysis
+      - name: 'Qodana Scan'
+        uses: JetBrains/qodana-action@v2025.2
+        with:
+          pr-mode: false
+        env:
+          QODANA_TOKEN: ${{ secrets.QODANA_TOKEN }}
+          QODANA_ENDPOINT: 'https://qodana.cloud'
diff --git a/Dockerfile.admin b/Dockerfile.admin
@@ -34,8 +34,8 @@ WORKDIR /app
 RUN addgroup -g 1000 bottin && \
     adduser -u 1000 -G bottin -s /bin/sh -D bottin
 
-# Copy the built JAR
-COPY --from=builder /app/bottin-admin-ui/target/bottin-admin-ui-*.jar app.jar
+# Copy the built JAR (use the exec jar which is the repackaged Spring Boot jar)
+COPY --from=builder /app/bottin-admin-ui/target/bottin-admin-ui-*-exec.jar app.jar
 
 # Set ownership
 RUN chown -R bottin:bottin /app

diff --git a/Dockerfile.web b/Dockerfile.web
@@ -34,8 +34,8 @@ WORKDIR /app
 RUN addgroup -g 1000 bottin && \
     adduser -u 1000 -G bottin -s /bin/sh -D bottin
 
-# Copy the built JAR
-COPY --from=builder /app/bottin-web/target/bottin-web-*.jar app.jar
+# Copy the built JAR (use the exec jar which is the repackaged Spring Boot jar)
+COPY --from=builder /app/bottin-web/target/bottin-web-*-exec.jar app.jar
 
 # Set ownership
 RUN chown -R bottin:bottin /app

diff --git a/README.md b/README.md
@@ -53,35 +53,15 @@ mvn spring-boot:run -pl bottin-web
 
 3. Access H2 Console at http://localhost:8080/h2-console
 
-## API Endpoints
+## API
 
-### Public Endpoints
+The REST API provides:
+- **NIP-05 Resolution**: Public `/.well-known/nostr.json` endpoint
+- **Records Management**: CRUD operations for NIP-05 identities
+- **Domain Management**: Register and verify domains
+- **External Verification**: Verify third-party NIP-05 identifiers
 
-| Method | Path | Description |
-|--------|------|-------------|
-| GET | `/.well-known/nostr.json?name={username}` | NIP-05 lookup |
-| GET | `/api/v1/verify?nip05={identifier}` | External NIP-05 verification |
-
-### REST API (Authenticated)
-
-**NIP-05 Records:**
-
-| Method | Path | Description |
-|--------|------|-------------|
-| GET | `/api/v1/records` | List records (paginated) |
-| GET | `/api/v1/records/{id}` | Get by ID |
-| POST | `/api/v1/records` | Create record |
-| PUT | `/api/v1/records/{id}` | Update record |
-| DELETE | `/api/v1/records/{id}` | Delete record |
-
-**Domains:**
-
-| Method | Path | Description |
-|--------|------|-------------|
-| GET | `/api/v1/domains` | List domains |
-| POST | `/api/v1/domains` | Register domain |
-| DELETE | `/api/v1/domains/{id}` | Remove domain |
-| POST | `/api/v1/domains/{id}/verify` | Initiate verification |
+See the [REST API Reference](docs/reference/rest-api.md) for complete endpoint documentation.
 
 ## Configuration
 
@@ -120,17 +100,17 @@ bottin:
 ### Method 1: DNS TXT Record
 
 1. Register domain via API or admin dashboard
-2. Add TXT record to `_bottin.yourdomain.com`:
+2. Add TXT record to `_bottin-verification.yourdomain.com`:
    ```
-   bottin-verify=<your-verification-token>
+   bottin-verification=<your-verification-token>
    ```
-3. Trigger verification check
+3. Trigger verification check (DNS propagation may take up to 24 hours)
 
 ### Method 2: Well-Known File
 
 1. Register domain via API or admin dashboard
 2. Create file at `https://yourdomain.com/.well-known/bottin-verification.txt`
-3. Add the verification token as file contents
+3. Add the exact verification token as file contents
 4. Trigger verification check
 
 ## Integration with nsecbunker-java
@@ -141,7 +121,7 @@ Add the Spring Boot starter to your project:
 <dependency>
     <groupId>xyz.tcheeric</groupId>
     <artifactId>bottin-spring-boot-starter</artifactId>
-    <version>0.1.0-SNAPSHOT</version>
+    <version>0.1.0</version>
 </dependency>
 ```
 
@@ -203,8 +183,8 @@ mvn package
 E2E and integration tests are skipped by default and require explicit activation:
 
 ```bash
-# Run E2E tests
-mvn -Pe2e -pl bottin-tests/bottin-e2e test
+# Run E2E tests (requires Docker for Testcontainers)
+mvn -Pe2e -DskipE2ETests=false -pl bottin-tests/bottin-e2e test
 
 # Run integration tests
 mvn -Pit -pl bottin-tests/bottin-it test
@@ -216,15 +196,18 @@ Build Docker images using [Jib](https://github.com/GoogleContainerTools/jib):
 
 ```bash
 # Build to local Docker daemon
-mvn -Pdocker jib:dockerBuild -pl bottin-web,bottin-admin-ui
+mvn jib:dockerBuild -pl bottin-web,bottin-admin-ui
+
+# Deploy to Maven repo and push Docker images to registry
+mvn deploy
 
-# Push to docker.398ja.xyz registry
-mvn -Pdocker jib:build -pl bottin-web,bottin-admin-ui
+# Push to registry without deploying Maven artifacts
+mvn jib:build -pl bottin-web,bottin-admin-ui
 ```
 
-Images are published as:
-- `docker.398ja.xyz/bottin-web:latest`
-- `docker.398ja.xyz/bottin-admin-ui:latest`
+Images are published to `docker.398ja.xyz`:
+- `docker.398ja.xyz/bottin-web:0.1.0` / `latest`
+- `docker.398ja.xyz/bottin-admin-ui:0.1.0` / `latest`
 
 ## License