Skip to content

Comments

Sovereign Sandbox v2: Stateless server with IndexedDB storage#59

Merged
fatherlinux merged 3 commits intomainfrom
feature/sovereign-sandbox-v2-security
Jan 26, 2026
Merged

Sovereign Sandbox v2: Stateless server with IndexedDB storage#59
fatherlinux merged 3 commits intomainfrom
feature/sovereign-sandbox-v2-security

Conversation

@fatherlinux
Copy link
Owner

@fatherlinux fatherlinux commented Jan 26, 2026

Summary

Implements a complete architectural overhaul for privacy-first data storage:

  • Stateless server: Server stores NO user data - acts only as OAuth handler and Google Sheets API proxy
  • IndexedDB storage: All user data lives in browser's IndexedDB (more robust than localStorage)
  • Bidirectional sync: Pomodoros merge by unique ID, settings pull from Google Sheet
  • Offline-first: Full functionality without internet, changes sync when online

Key Changes

  • Add static/js/storage.js - IndexedDB storage layer (1354 lines)
  • Add docs/DATA_ARCHITECTURE.md - Architecture documentation for users, architects, developers, sysadmins
  • Update app.py - Remove SQLite, add stateless proxy endpoints
  • Update sheets_storage.py - Add deduplication function
  • Update templates/privacy.html - Reflect stateless architecture
  • Update tests for stateless architecture

New API Endpoints

  • GET /api/sheets/pomodoros/count - Efficient count (fetches IDs only)
  • POST /api/sheets/deduplicate - Remove duplicate rows from Sheet

Privacy Improvements

  • Server literally cannot store user data (no database)
  • OAuth credentials stored in browser IndexedDB, not server
  • No analytics, no telemetry, no tracking

Test Plan

  • Demo mode: Create pomodoros, refresh, verify persistence in IndexedDB
  • Login flow: Login → data syncs from Sheets → appears in IndexedDB
  • Offline write: Go offline → create pomodoro → go online → syncs to Sheets
  • Sheet ID persistence: Logout → login → Sheet ID auto-fills
  • Duplicate prevention: Import same data twice → no duplicates
  • Count display: Create/delete pomodoros → count updates in real-time

Closes #52

🤖 Generated with Claude Code

fatherlinux and others added 3 commits January 26, 2026 00:16
@fatherlinux @claude
Implement Sovereign Sandbox v2: Stateless server with IndexedDB storage
342acff 
- Add IndexedDB storage layer (static/js/storage.js) for browser-side data
- Remove SQLite dependency - server is now completely stateless
- Store OAuth credentials in browser IndexedDB, not server session
- Add bidirectional sync with Google Sheets (pomodoros by ID, settings from Sheet)
- Add duplicate prevention with promise-based sync lock
- Add /api/sheets/pomodoros/count endpoint for efficient counting
- Add /api/sheets/deduplicate endpoint to clean up duplicate rows
- Add docs/DATA_ARCHITECTURE.md explaining the architecture
- Update privacy policy for stateless architecture and CSV import/export
- Update tests for stateless server architecture

Privacy improvements:
- Server never stores user data
- Credentials stored only in browser
- No analytics, no telemetry, no tracking

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@fatherlinux @claude
Add batch operations and fix Overwrite Google functionality
bda664e 
- Add /api/sheets/pomodoros/batch endpoint for bulk uploads
- Add replace_all mode to save_settings() for full replacement
- Update migrateLocalToBackend() to use batch endpoint
- Update migrateLocalSettingsToBackend() with replaceAll parameter
- Fix overwriteGoogle() to properly push local settings to Sheets
- Add .gitignore entries for node_modules, package.json, Screenshot.png
- Add PLR0915 exception for auth_callback (complex OAuth flow)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@fatherlinux @claude
Fix Gourmand generic_names violations
916dca6 
- Rename 'data' to 'batch_request' in proxy_create_pomodoros_batch
- Rename 'data' to 'settings_payload' in proxy_save_settings
- Remove debug print statement

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@fatherlinux fatherlinux merged commit b0c0fbf into main Jan 26, 2026
3 checks passed
@fatherlinux fatherlinux deleted the feature/sovereign-sandbox-v2-security branch January 26, 2026 07:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Enhancement: Sovereign Sandbox Mode

1 participant

@fatherlinux