| Age | Commit message (Collapse) | Author |
|
A standalone MCP server (no Django import) exposing 7 tools over
Streamable HTTP, backed by the Django REST API via the caine token.
- mcp_server/: client.py (httpx wrapper over /api/), server.py (the
tools + FastMCP app + main), __main__.py, tests.py.
- Tools: get_pantry, set_item_state, add_to_pantry, what_can_i_cook,
get_recipes, log_cook (suggests, never mutates), create_meta_recipe
(brainstorm -> commit). Each description says when to call it.
- deploy/food-mcp.service: systemd unit (own process, runs .venv python
-m mcp_server, loads /var/lib/food/.env).
- deploy/food.tomflux.xyz.nginx: current config + an authless
/mcp/<secret>/ location proxying to 127.0.0.1:8765 (the URL secret is
the credential; SSE-friendly buffering/timeout).
- pyproject: [dependency-groups] mcp = [fastmcp, httpx]; deploy with
`uv sync --group mcp`.
Verified: 7 tools register on fastmcp 3.x, run() accepts transport/
host/port/path, 6 FoodClient unit tests pass (httpx MockTransport).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
|
|
Require login for /app/, with a long sliding session so you log in
once per device and effectively stay in.
- AppLoginRequiredMiddleware gates only /app/; /api/ keeps DRF token
auth and /admin/ keeps its own login (a blanket LoginRequired would
break token requests, whose user isn't resolved until the view runs).
- Login page (styled to the dark palette) via django.contrib.auth.urls;
logout control in the nav.
- Session: ~1 year cookie, sliding (saved every request), survives
browser close.
- Dropped every @csrf_exempt now that a real session + CSRF token are
in place (HTMX already sends X-CSRFToken).
- SECRET_KEY and DEBUG now read from the environment (prod-safe
defaults); systemd loads an optional /var/lib/food/.env.
- Tests authenticate, plus new coverage: /app/ redirects when logged
out, login grants access, /api/ is not caught by the app gate.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
|
|
Replace requirements.txt with pyproject.toml (direct deps only; uv
resolves the rest into uv.lock). Point the systemd unit at the
uv-managed .venv, and gitignore it.
Run `uv lock` to generate the lockfile and commit it.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
|
|
- 4 pages: Pantry, Recipes, Shopping List, Cook Log
- HTMX-powered: add/delete pantry items, toggle shopping, generate smart list
- Custom 13-colour palette from Lospec (dark bg, yellow accent)
- Mobile-responsive
- Whitenoise for static files in production
- All routes under /app/
- API (/api/) stays internal, frontend (/app/) for browser use
|