2026-03-18

What shipped today

Big hardening and test coverage session. Started with a scout sweep that found five improvement areas across the engine and web app, then executed the full pipeline — triage, prep, implement, merge — on all of them in a single session.

The engine got meaningful reliability improvements: JSON parsing in the Raindrop and Readwise push handlers is now guarded against malformed integrations fields (#290), the RSS scan handler batches its feed update queries instead of issuing per-feed UPDATEs (#291), and the scheduler now respects briefing_frequency preferences so users on “weekly” only get Monday briefings and “off” users get none (#293). The web app picked up keyboard accessibility for the user menu dropdown — Escape to close, proper ARIA attributes (#292) — and the admin nav now shows in the mobile hamburger menu (#284).

The second half focused on test coverage for the engine’s core handlers. Decomposed #294 into three focused issues covering article_fetch, rss_scan, and article_score helpers. All three shipped: 18 tests for article_fetch (#299), 14 tests for rss_scan helpers (#300), and 8 async tests for article_score (#301, using pytest-asyncio). The test suite went from ~116 to 156 passing tests.

Session ended with a comprehensive launch readiness audit. The verdict: Eclectis is feature-complete for MVP. All core pipeline handlers work end-to-end, all delivery channels are functional (email briefings, RSS output, Raindrop, Readwise), billing/Stripe works, admin tooling is solid. The only visible gap is the podcast feed output (marked “Coming soon” in the UI, intentionally descoped). Paul confirmed interest in a Product Hunt launch — next session needs to focus on launch prep.

Completed

• #290 — Guard JSON.loads in Raindrop and Readwise push handlers
• #291 — Batch feed update queries in rss_scan handler
• #292 — Add keyboard support to user menu dropdown
• #293 — Enforce briefing_frequency preference in scheduler
• #294 — Add unit tests for core engine handlers (decomposed)
• #299 — Add tests for article_fetch helper functions
• #300 — Add tests for rss_scan helper functions
• #301 — Add tests for article_score handler
• #280 — Fix timing-unsafe webhook secret comparison
• #281 — Add aria-labels to icon-only buttons across web app
• #282 — Add URL normalization to onboarding feed addition
• #283 — Add rate limiting to search term server actions
• #284 — Add admin navigation to mobile menu

Carry-over

• Product Hunt launch prep — Paul wants to launch, needs to nail down any remaining functionality first
• Podcast feed output — “Coming soon” in UI, decision needed on whether to ship before launch or keep descoped
• Brevo webhook receiver — newsletter ingestion endpoint may not be deployed, needs verification
• Daily pipeline scheduling — confirm scheduler is running on Railway
• #264 — Encrypt integration tokens at rest (needs-clarification, waiting on Paul’s decision)
• Verify PostHog and Sentry are configured correctly end-to-end

Risks

• Integration tokens (Raindrop, Readwise) are stored in plaintext in user_profiles.integrations JSON. For launch this is a security concern that could come up in reviews. #264 is blocked on a decision about approach.

Flags and watch-outs

• pytest-asyncio was installed during this session but may not be in the deployed engine’s dependencies. Confirm it’s in pyproject.toml optional deps and installed in CI/Railway.
• The audit found no TODO/FIXME/HACK comments in the codebase — clean.
• Only 3 open issues remain: #264 (needs-clarification), #77 (backlog), #64 (backlog/discussion).

Next session

1. Product Hunt launch planning — Paul said “I want to launch this on Product Hunt.” Start with /feature to scope launch prep: landing page copy, tagline, screenshots, maker comment draft, launch day checklist.
2. Verify production pipeline — Run daily.pipeline end-to-end for a test user. Confirm scheduler triggers, articles flow through scoring, briefing generates and sends.
3. Decide on #264 — Encryption at rest for integration tokens. Ask Paul: encrypt in DB with app-level key, or rely on Supabase RLS + column-level access? This affects launch security posture.
4. Decide on podcast feed — Ship before launch or keep “Coming soon”? It’s the one visible feature gap.
5. Verify Brevo webhook — Confirm newsletter inbound processing is live.