Conversation
Implements modular worker structure plus multi-host keys/domains, editable links, inactive/soft-delete states, folder directory listings, and audit logging with scheduled purge. Co-authored-by: Cursor <cursoragent@cursor.com>
Remove manual deletion, require inactive before scheduling purge, preserve ports in host allowlist, and add missing folder/audit management in /admin. Co-authored-by: Cursor <cursoragent@cursor.com>
When Host includes a port (e.g. localhost:8787), fall back to no-port keys for links/folders and migrate them to the ported host key. Co-authored-by: Cursor <cursoragent@cursor.com>
If a host-scoped key miss occurs, fall back to legacy and a scoped scan by {host,slug}, then migrate to the canonical key.
Co-authored-by: Cursor <cursoragent@cursor.com>
Use request URL host as fallback when Host header is missing to ensure host-scoped KV lookups work in wrangler dev and proxies. Co-authored-by: Cursor <cursoragent@cursor.com>
Adds GET /api/debug/link for diagnosing host/slug KV key mismatches in local dev. Co-authored-by: Cursor <cursoragent@cursor.com>
When x-plummer-debug: 1 is present, include computed host/key in 404 responses to diagnose KV mismatches. Co-authored-by: Cursor <cursoragent@cursor.com>
Comment out the share.sillylittle.tech route to keep Host/origin consistent in wrangler dev, preventing host-scoped KV mismatches. Co-authored-by: Cursor <cursoragent@cursor.com>
Redesign folders UI with a sidebar list (Default + per-domain folders) and a + button that opens a create-folder modal. Active folder filters the links table and persists per domain. Co-authored-by: Cursor <cursoragent@cursor.com>
feat: v2.1 domains, edit, folders, audit
Deploying with
|
| Status | Name | Latest Commit | Preview URL | Updated (UTC) |
|---|---|---|---|---|
| ✅ Deployment successful! View logs |
plummer | d76d32b | Commit Preview URL Branch Preview URL |
May 08 2026, 07:24 AM |
Member
Author
|
bugbot run |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 2 potential issues.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 4c5fa03. Configure here.
Contributor
There was a problem hiding this comment.
Pull request overview
This PR refactors Plummer into a more modular Worker with host-scoped KV keys to support multi-domain usage, adds folders and audit logging, expands the admin UI, and introduces new shared HTML page primitives plus improved home/error pages.
Changes:
- Migrate link/folder storage to host-scoped KV keys with compatibility/migration logic for legacy keys.
- Add folders + public folder listing pages, and an audit log (KV-backed) surfaced in the admin UI.
- Split routing/security/utilities into dedicated modules and add a scheduled purge for tombstoned links.
Reviewed changes
Copilot reviewed 16 out of 16 changed files in this pull request and generated 15 comments.
Show a summary per file
| File | Description |
|---|---|
| wrangler.toml.local.bac | Adds a local template including ALLOWED_HOSTS_JSON and cron trigger. |
| wrangler.toml.cloud.bac | Adds a production template including routing, ALLOWED_HOSTS_JSON and cron trigger. |
| wrangler.toml | Updates base Wrangler config with ALLOWED_HOSTS_JSON and cron trigger. |
| src/util.js | Introduces shared helpers (HTML escaping, sha256, timing-safe compare, URL validation). |
| src/security.js | Adds Basic Auth verification and a security-header wrapper. |
| src/router.js | New router implementing admin UI, REST API, redirects, folders, debug endpoints, and audits. |
| src/pages/shared.js | Shared HTML wrapper, theme toggle, and global styling primitives. |
| src/pages/home.js | Redesigned home page and adds version footer. |
| src/pages/folders.js | Public folder listing page. |
| src/pages/errors.js | New/expanded error/status pages (password, expired, inactive, deleted, not found, misconfigured). |
| src/pages/admin.js | Major admin UI expansion: host selector, folders UI, audit table, edit modal, soft-delete scheduling. |
| src/kv.js | New KV layer: host normalization, host-scoped keys, legacy compatibility/migration, listing helpers. |
| src/index.js | Worker entrypoint now delegates to router, adds scheduled purge, applies security headers. |
| src/constants.js | Centralizes reserved slugs, security headers, version, and realm. |
| src/audit.js | Adds audit event storage + listing in KV, and actor extraction from request headers. |
| README.md | Updates storage docs and adds ALLOWED_HOSTS_JSON configuration guidance. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
- Require admin auth for debug routes. - Fix tombstone purge scheduling, rename action buttons, and /admin setup UX. Co-authored-by: Cursor <cursoragent@cursor.com>
github-project-automation
Bot
moved this from In progress
to Archived
in Product Launchpad
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request introduces major improvements to Plummer, focusing on multi-domain support, enhanced data storage and migration, and a significant expansion of the user-facing HTML pages. The changes include a new host-scoped key format for links and folders, robust compatibility and migration logic for legacy data, and new or improved UI pages for errors, folders, and the home screen. Several utility and constants modules have also been added to centralize shared logic and configuration.
Multi-domain support and storage changes:
link:{host}:{slug}andfolder:{host}:{folderSlug}), with automatic migration and compatibility logic for legacy keys and local development environments. This enables true multi-domain/subdomain support and ensures smooth upgrades for existing installations. [1] [2]ALLOWED_HOSTS_JSONvariable and admin UI dropdown for host selection.New utility and constants modules:
src/constants.jsto centralize reserved slugs, admin realm, app version, and security headers for consistent use across the codebase.src/audit.jsfor audit logging, including actor extraction, audit key generation, and listing audit events with lexicographically sortable timestamps.New and improved HTML pages:
src/pages/errors.js) for password protection, expired/inactive/deleted links, not found, and misconfiguration, each with clear messaging and consistent styling.src/pages/folders.js) that displays all links in a folder, with status and expiry columns, and improved UI/UX.src/pages/home.js) with a new hero section, feature cards, and a footer displaying the app version, providing a more engaging landing experience.Note
Medium Risk
Moderate risk due to a large refactor of routing/KV persistence (new host-scoped keys with migration), plus new link lifecycle states and scheduled purging that could impact redirects or data retention if misconfigured.
Overview
Adds multi-host support by changing KV storage to host-scoped keys (
link:{host}:{slug}andfolder:{host}:{folderSlug}) with automatic migration/fallback logic, and enforces an allowlist viaALLOWED_HOSTS_JSON.Overhauls the worker into modular routing/pages and expands link management: folders with optional password-protected listings, link edit/rename, active/inactive/deleted states with soft-delete + 3‑day purge (cron
scheduledhandler), plus an audit log stored in KV and exposed via/api/auditand shown in the admin UI.Updates
wrangler.toml/README for the new config and adds a few debug endpoints (including aFORCE_DELETE_KEY-gated hard delete) to diagnose KV key/migration issues.Reviewed by Cursor Bugbot for commit 4c5fa03. Bugbot is set up for automated code reviews on this repo. Configure here.