From ac1cf8fec70125de55627cdfe5e1aea9d700928d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Br=C3=BCckner?= Date: Tue, 9 Jun 2026 13:09:01 +0200 Subject: [PATCH] docs(architecture): sync Caddy manager gate in first-start + ownership invariant --- ARCHITECTURE.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ARCHITECTURE.md b/ARCHITECTURE.md index 4709e86..39e3b75 100644 --- a/ARCHITECTURE.md +++ b/ARCHITECTURE.md @@ -501,8 +501,8 @@ Default admin user (only on a blank database): INSERT user (name='admin', role='admin', email='admin@ghostgrid.local', password=bcrypt('admin')) → log "[Init] Default admin user created" -Caddy route import (re-deploy safety net): - if caddy_enabled === 'true' AND caddy table is empty: +Caddy route import (re-deploy safety net, Caddy manager only): + if CADDY_MANAGER === 'true' AND caddy_enabled === 'true' AND caddy table is empty: importCaddyfileRoutes() → seed routes from /etc/caddy/Caddyfile (also runs in PUT /api/settings on the disabled → enabled transition) @@ -841,6 +841,7 @@ Express (server.ts) ──► better-sqlite3 (ghostgrid.db, WAL) - A new settings key must be: **seeded** in `server-db.ts`, **allow-listed** in `PUT /api/settings`, and (if secret) added to `SECRET_KEYS`. - Schema changes go straight into the `CREATE TABLE` block in `server-db.ts` — fresh-install model, no migration helper. - The SPA catch-all (`app.get('*')`) + static serving are registered **last** in `startServer()`, after every `/api` route — otherwise GET `/api/*` falls through to `index.html`. All `/api` responses carry `Cache-Control: no-store`. +- One Caddy per container; `POST /load` replaces the whole config. Only the `CADDY_MANAGER=true` instance may push/seed/edit routes — never let the non-manager push. - All user-facing strings are in **English**. ---