Skip to content

refactor: remove unused capability kernel#288

Merged
chhoumann merged 1 commit into
masterfrom
refactor/remove-capability-kernel
Jul 11, 2026
Merged

refactor: remove unused capability kernel#288
chhoumann merged 1 commit into
masterfrom
refactor/remove-capability-kernel

Conversation

@chhoumann

Copy link
Copy Markdown
Owner

Remove the unshipped schema-v3 and capability-network architecture before any user data can migrate into it.

The capability aggregate was constructed and disposed by the plugin lifecycle but had no production feed, download, playback, or transcription consumer. This deletes that complete dependency closure and removes the now-dead lifecycle wiring.

The review boundary intentionally preserves:

  • the refactor: separate feed retrieval from parsing #278 retrieval/parsing split and injected FeedDocumentSource
  • LiteralTargetClassifier and its tests for the follow-up assertFetchableUrl fold-in
  • schema-v2 persistence and its hostile-input handling
  • SecretStorage-backed OpenAI and Deepgram credentials

requestUrl's concrete host limitations remain documented in capability-neutral language so the next network-boundary PR does not overstate redirect, DNS, peer, or cancellation guarantees.

Review focus:

  • deletion-closure completeness
  • preservation of the parser/retrieval seam and URL classifier
  • absence of any surviving import into the removed modules

Validation:

  • npm run lint
  • npm run format:check
  • npm run typecheck
  • npm run build
  • npm run test - 75 files, 1,121 tests, zero Svelte warnings
  • MkDocs 1.6.1 / Material 9.7.6 build
  • real Obsidian 1.13.0 isolated-vault load, plugin enabled, no captured errors
  • required capability grep over src returns no matches
  • detect-secrets scan over every surviving modified file found no credential values

Bundle impact:

  • raw: 491,646 -> 438,266 bytes (-53,380, -10.9%)
  • gzip: 143,223 -> 128,618 bytes (-14,605, -10.2%)

Release impact: none. This is a behavior-neutral refactor and should not cut a release.

@cloudflare-workers-and-pages

Copy link
Copy Markdown

Deploying podnotes with  Cloudflare Pages  Cloudflare Pages

Latest commit: 340d9c0
Status: ✅  Deploy successful!
Preview URL: https://71da4cce.podnotes.pages.dev
Branch Preview URL: https://refactor-remove-capability-k.podnotes.pages.dev

View logs

@chhoumann chhoumann marked this pull request as ready for review July 11, 2026 00:12
@chhoumann chhoumann merged commit 6ac0187 into master Jul 11, 2026
6 checks passed
@chhoumann chhoumann deleted the refactor/remove-capability-kernel branch July 11, 2026 00:12
chhoumann added a commit that referenced this pull request Jul 11, 2026
…gate

Route every fetch call site (episode download, streaming, chapters, iTunes
search, Deepgram diarization, feed documents, universal links) through a
single requestWithTimeout gate that classifies the target, bounds request
and response sizes, applies timeouts, and returns redacted typed errors.

Fold LiteralTargetClassifier's stricter address classification into
assertFetchableUrl (full IANA special-purpose IPv4/IPv6 registries,
canonical-form-only literal parsing) and delete the module - the last
remnant of the removed capability architecture.

Replace ad hoc per-site guards with one chokepoint so new call sites
cannot bypass classification. requestUrl's documented limitations (no
per-hop redirect inspection, no native cancellation, buffered bodies)
remain the accepted design ceiling per #288.

Concurrent downloads to the same destination now dedupe on the normalized
destination path with ownership validation instead of racing.
chhoumann added a commit that referenced this pull request Jul 11, 2026
…gate (#290)

* fix(security): consolidate all outbound requests behind one hardened gate

Route every fetch call site (episode download, streaming, chapters, iTunes
search, Deepgram diarization, feed documents, universal links) through a
single requestWithTimeout gate that classifies the target, bounds request
and response sizes, applies timeouts, and returns redacted typed errors.

Fold LiteralTargetClassifier's stricter address classification into
assertFetchableUrl (full IANA special-purpose IPv4/IPv6 registries,
canonical-form-only literal parsing) and delete the module - the last
remnant of the removed capability architecture.

Replace ad hoc per-site guards with one chokepoint so new call sites
cannot bypass classification. requestUrl's documented limitations (no
per-hop redirect inspection, no native cancellation, buffered bodies)
remain the accepted design ceiling per #288.

Concurrent downloads to the same destination now dedupe on the normalized
destination path with ownership validation instead of racing.

* fix(download): defer destination-collision check to the sniffed final path

The fast path threw a destination collision when a foreign file occupied
the provisional URL-extension path, but that path is only a guess - the
probe can resolve a different final extension whose destination is free.
The fast path now returns early only for the registered owner and
otherwise falls through; the collision check runs on the resolved final
path, where it already existed. Costs one Range probe before the error
in the true-collision case. (Codex review finding on #290.)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant