- fix: wrap errors from sessionRepo.Delete, credentialRepo operations
with internal error context in Logout, ListPasskeys, and RevokePasskey
- fix: remove Hash field from fileInfoResponse DTO (unused)
- refactor: move HTTP status and DTO concerns out of model and service
layers into API and handler code.
- feat: add admin service boundary and route auth through services
instead of direct repository access.
- test: add architecture and error tests covering package boundaries,
redaction, and service behavior.
- docs: record the protocol-neutral boundary decision and update
architecture and roadmap notes.
- refactor: replace inline AppError literals with model.New*Error
constructors in service and handler layers
- feat: PromoteStaged falls back to copy/delete when os.Rename returns
EXDEV (cross-device link)
- fix: upload error messages no longer leak internal multipart field
names or parser implementation details
- fix: upload size violations are converted to domain error
ErrUploadTooLarge at the handler boundary
- fix: download logs error and size mismatch when io.Copy fails or
writes fewer bytes than expected
- test: add tests for field name leak prevention, parser error
sanitization, read errors after response start, and EXDEV fallback
- fix: replace multipart form parsing with streaming multipart reads and
apply request body limits when max_upload_size is configured.
- refactor: route uploads through staging paths before promotion to
long-term data paths, keeping incomplete uploads out of durable
storage records.
- test: cover oversized uploads, unlimited uploads, staged cleanup, and
local storage promotion boundaries.
- docs: document the staged upload model and multipart parent_id query
parameter.
- Initialize slog in the serve command with terminal/file support
- Introduce `AppError` with HTTP status for unified service-layer errors
- Replace ad-hoc `api.Error` calls with `api.RespondError`
- Wrap internal errors with `model.NewInternalError` and add reference
IDs
- Add `RequestID` middleware and switch router from `gin.Default` to
`gin.New`
- Fix: replace repeated authorization checks in handlers with the new
MustGetUserID helper, which panics if the user ID is missing. This
simplifies handler code by eliminating redundant error handling.
- Tests: update auth tests to verify the panic behavior in unprotected
routes.
- Implement FileHandler with CRUD operations for files/directories
- Add FileService with business logic and SHA-256 hashing
- Create LocalStorage backend for filesystem persistence
- Add database repository with pagination and name uniqueness
constraints
- Configure max upload size in storage settings
- Include comprehensive tests for all layers
Add application container, Gin router, graceful shutdown handler,
and version endpoint. This establishes the skeleton for the WebDisk
HTTP API as described in the architecture.
- Add internal/app/WebApp for runtime dependencies and version
- Add internal/server/router with GET /api/v1/version route
- Add graceful shutdown runner with signal handling in cmd/serve
- Add internal/api/ErrorResponse for standard HTTP error body
- Update roadmap, architecture, and decisions documentation