GitHub/kill-the-news
1
0
Fork 0
mirror of https://github.com/juherr/kill-the-news.git synced 2026-06-20 22:03:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: decouple read FeedId from inbound MailboxId

Browse Source 
Separate the two feed identities so the public read URL never reveals the
inbound address and vice-versa:

- FeedId becomes an opaque high-entropy token (read id + KV key); MailboxId
  (noun.noun.NN) owns the inbound address and the untrusted-input boundary
  via MailboxId.parse. They map only through the inbound:<mailbox> secondary
  index, resolved solely at reception.
- inbound index lifecycle is owned by FeedRepository: written by save/saveConfig,
  dropped by removeFromList(Bulk) — symmetric, never mirrored by hand (removes the
  manual delete in feed-service + the cron loop, and a silent empty-catch).
- Feed.mailboxId exposes a MailboxId VO (symmetry with Feed.id); the
  mailbox@domain shape lives on MailboxId.emailAddress(domain).
- Distinguish mailbox_unknown (no feed claims the address) from feed_not_found
  (dangling index) for observability; both forwardable, both 404.
- Drop the redundant EmailParser.extractMailbox pass-through so MailboxId.parse
  is the single parse boundary.

Docs (README/INSTALL/CLAUDE.md/landing) and tests updated; 439 tests green,
tsc clean, build dry-run OK.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Julien Herr
2026-05-24 22:46:37 +02:00
parent f7f10779bc
commit 1a4a479190
43 changed files with 649 additions and 149 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/domain/feed.aggregate.ts
+10 -1
View File
@@ -1,6 +1,7 @@
import { FeedMetadata, EmailMetadata } from "../types";
import { FeedState } from "./feed-state";
import { FeedId } from "./value-objects/feed-id";
import { MailboxId } from "./value-objects/mailbox-id";
import { Lifetime } from "./value-objects/lifetime";
import { SenderPolicy, SenderDecision } from "./value-objects/sender-policy";
import { Clock, systemClock } from "./clock";
@@ -32,6 +33,8 @@ export interface UpdateFeedInput {
* applying any server-side `FEED_TTL_HOURS` override — and hands the VO in.
*/
export interface CreateFeedDeps {
/** The feed's inbound mailbox, minted by the application alongside its FeedId. */
mailboxId: MailboxId;
clock?: Clock;
/** Effective lifetime, already resolved by the application. */
lifetime?: Lifetime;
@@ -82,7 +85,7 @@ export class Feed {
static create(
id: FeedId,
input: CreateFeedInput,
deps: CreateFeedDeps = {},
deps: CreateFeedDeps,
): Feed {
const clock = deps.clock ?? systemClock;
const now = clock.now();
@@ -91,6 +94,7 @@ export class Feed {
title: input.title,
description: input.description,
language: input.language,
mailboxId: deps.mailboxId.value,
allowedSenders: input.allowedSenders,
blockedSenders: input.blockedSenders,
createdAt: now,
@@ -130,6 +134,11 @@ export class Feed {
return this._state.language;
}
/** The inbound mailbox (`noun.noun.NN`) — the feed's email address is `mailboxId@domain`. */
get mailboxId(): MailboxId {
return MailboxId.unchecked(this._state.mailboxId);
}
get createdAt(): number {
return this._state.createdAt;
}