8 Commits

Author SHA1 Message Date
bvandeusen bd2807cdd1 feat(external): mega.nz via megatools in the runtime image (Phase 4c)
CI / lint (push) Successful in 3s
CI / frontend-build (push) Successful in 17s
CI / backend-lint-and-test (push) Successful in 33s
CI / integration (push) Successful in 3m17s
Use `megatools dl` (Debian-native apt package) for mega.nz public links rather
than MEGAcmd — no external MEGA apt repo/key to add, one apt line. Adds
`megatools` to the runtime Dockerfile; the fetcher's mega backend now shells
`megatools dl --path <dir> <url>` (key in the #fragment is preserved by the
extractor). gdown (gdrive) is already a pip dep in the runtime image.

NOTE: build.yml builds the image on main/tags only (not dev), so this Dockerfile
change is verified on the next dev→main merge, not by this dev push. The fetcher
code path is unit-tested via the mocked _run_mega_get seam.

With this, all 5 hosts download end-to-end once a celery download-worker runs.
Refs FC #830 (Phase 4c).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-14 15:41:18 -04:00
bvandeusen 13253b18d1 feat(external): file-host fetcher subsystem (Phase 4a)
CI / lint (push) Successful in 2s
CI / frontend-build (push) Successful in 18s
CI / backend-lint-and-test (push) Successful in 37s
CI / integration (push) Successful in 3m21s
Shared, reusable fetchers for the 5 off-platform hosts behind one signature
(fetch_external(host, url, dest_dir, ...) -> FetchResult):
- dropbox    : force dl=1 + stream GET
- pixeldrain : GET /api/file/{id}
- mediafire  : scrape the download page for the direct link + stream GET
- gdrive     : gdown (confirm-token + virus-scan interstitial); added to reqs
- mega       : MEGAcmd `mega-get` subprocess (public link incl. #key)

HTTP/gdown/subprocess go through module seams so unit tests run without
network/gdown/MEGAcmd. fetch_external never raises — every backend failure
(transport, non-200, scrape miss, subprocess error, stop) is captured on
.error so the worker (next slice) records it and moves on. mega's binary lands
in the runtime image in a later slice; the code is complete + tested now.

Refs FC #830 (Phase 4a).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-14 13:29:20 -04:00
bvandeusen 66f19d67f5 fix(download): tier-gated = warning, race subprocess timeout, install yt-dlp
CI / lint (push) Successful in 3s
CI / frontend-build (push) Successful in 20s
CI / backend-lint-and-test (push) Successful in 24s
CI / intimp (push) Successful in 3m44s
CI / intapi (push) Successful in 6m56s
CI / intcore (push) Successful in 7m35s
Three coupled operator-reported pains from the 2026-05-31 download
event audit:

1. `[patreon][warning] Not allowed to view post N` was bubbling up as
   an error event, bumping consecutive_failures and parking the source
   in "needs attention." The classifier's tier-gated branch was gated
   on `return_code in (1, 4)`. Gallery-dl returns a different exit
   code for mixed-failure runs (e.g. paywall warnings + a missing
   yt-dlp dep flipping the exit bits), so the branch never fired and
   the path fell through to UNKNOWN_ERROR. Widen the gate: when no
   source-level error fired AND tier-gated warnings are present,
   classify as TIER_LIMITED regardless of return code.

2. Knuxy event #38275 (2026-05-31) ran 30 min and finalized with
   "stranded by recovery sweep (no terminal status after time_limit)"
   + empty stdout/stderr. Root cause: subprocess.run timeout (900s)
   and Celery soft_time_limit (900s) raced; when Celery won, SIGKILL
   wiped the in-memory captured output and the DownloadEvent ended up
   empty-logged 18 minutes later when the sweep finalized it. Drop
   gallery-dl's default subprocess timeout to 870s — a 30s margin
   shy of Celery's soft limit — so subprocess.TimeoutExpired always
   wins the race and captures the partial stdout/stderr via the
   existing handler.

3. `[downloader.ytdl][error] Cannot import yt-dlp or youtube-dl` was
   firing on every video attachment, causing per-item download
   failures that masked legitimate tier-gated classification.
   Add yt-dlp>=2025.1 to requirements.txt. Once it's in the image,
   video posts download normally and the per-item failure noise
   disappears.

Tests added:
- pure tier-gated stderr with exit code 128 → TIER_LIMITED + success
- mixed tier-gated + yt-dlp + per-item failures → still TIER_LIMITED
2026-05-31 23:30:39 -04:00
bvandeusen df76fd75d8 feat(attachments): fail-soft archive_extractor (zip/cbz/rar/7z)
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-19 11:11:37 -04:00
bvandeusen 3b5f894435 feat(provenance): nh3 HTML sanitizer for scraped post descriptions
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-18 18:05:45 -04:00
bvandeusen 0f47c7485b chore(fc2a): catch up on stale dep pins — current versions across the board
Audit against PyPI revealed almost every pin in requirements.txt and
requirements-ml.txt was significantly behind. Most bumps are minor-major
catch-up; a handful are major-version jumps.

requirements.txt:
- quart       0.19  -> 0.20
- hypercorn   0.16  -> 0.18  (now declares 3.14 support)
- asyncpg     0.30  -> 0.31
- psycopg     3.2   -> 3.3
- alembic     1.13  -> 1.18  (5 minors stale)
- pgvector    0.2   -> 0.4   (2 minors stale)
- celery      5.4   -> 5.6
- redis       5.0   -> 7.4   (major jump)
- cryptography 44   -> 48
- pillow      11.1  -> 12    (major jump; 12.x has 3.14 wheels)
- gallery-dl  1.27  -> 1.32  (5 minors stale)
- python-dotenv 1.0 -> 1.2
- structlog   24.1  -> 25.5  (major jump)

(sqlalchemy 2.0 line is current. imagehash 4.3.2 was already in range.)

requirements-ml.txt (not exercised by CI yet; FC-2b territory):
- torch                 2.2  -> 2.12   (10 minors stale)
- torchvision           0.17 -> 0.27   (CAVEAT: excludes Python 3.14.1
                                        specifically — inline comment added)
- transformers          4.40 -> 5.8    (major)
- onnxruntime           1.17 -> 1.26
- huggingface-hub       0.22 -> 1.14   (major)
- opencv-python-headless 4.9 -> 4.13

The torchvision 3.14.1 exclusion is a real footgun — the python-ci
runner pulls python:3.14-bookworm (latest patch); if that ever resolves
to 3.14.1, the ml-worker image build will fail. FC-2b will exercise this
path for the first time, so the constraint is documented inline rather
than worked around now.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-14 13:26:37 -04:00
bvandeusen 8988423c95 fix(fc2a): bump Pillow, asyncpg, psycopg, cryptography for Python 3.14 wheel coverage
CI failed at 'pip install -r requirements.txt' with Pillow 10.4.0 sdist
building from source under Python 3.14 and exiting with KeyError: '__version__'
(no 3.14 wheel exists for the 10.x line). The same risk applied to
asyncpg 0.29 (also no 3.14 wheel) and to psycopg 3.1.x (dep resolver was
backtracking through every minor trying to find a 3.14-compatible combo).

Bumps:
- pillow:       10.2-10.x -> 11.1-11.x   (11.x has 3.13+ wheels)
- asyncpg:      0.29       -> 0.30       (0.30 added 3.13/3.14 wheels)
- psycopg:      3.1.x      -> 3.2.x      (current line, stable resolver)
- cryptography: 42         -> 44-45      (current abi3 wheels; the 42 line
                                          worked via abi3 but bumping aligns
                                          with the newer cffi-on-3.14 path)

This is the operator-flagged risk from FC-1 ("scientific stack may still be
catching up on 3.14 wheels — worth confirming before locking in"), realized.
The fix is to pin newer minimums, not to back off to 3.13.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-14 13:02:47 -04:00
bvandeusen 13eaa35f1c feat: scaffold backend Python project (Quart + SQLAlchemy + Celery deps)
Pins runtime and ML deps separately so the regular web image stays lean.
Configures ruff for py312 with bugbear, async, and pyupgrade lints enabled.
psycopg sync driver included up-front for alembic.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-14 07:31:39 -04:00