Resolve merge conflicts in pyproject.toml and uv.lock

Keep both modal and psycopg2-binary dependencies, regenerate lockfile.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: chriscarrollsmith

.claude/settings.local.json

@@ -0,0 +1,16 @@
+{
+  "permissions": {
+    "allow": [
+      "Bash(*)",
+      "Read",
+      "Edit",
+      "Write",
+      "Task",
+      "Agent",
+      "Explore",
+      "Find",
+      "Search",
+      "WebSearch"
+    ]
+  }
+}

.cursor/rules/general.mdc

@@ -11,8 +11,8 @@ When building out features, always keep changes atomic and make sure to write an
 uv run pytest tests   # or the path to a specific test file
 ```
 
-All code should be rigorously type hinted so as to pass a static type check with `mypy`. To run a `mypy` check, use:
+All code should be rigorously type hinted so as to pass a static type check with `ty`. To run a `ty` check, use:
 
 ```bash
-uv run mypy .
+uv run ty check .
 ```

.devcontainer/devcontainer.json

@@ -0,0 +1,37 @@
+{
+  "name": "FastAPI Jinja2 Postgres WebApp",
+  "image": "mcr.microsoft.com/devcontainers/python:3.13-bookworm",
+  "workspaceFolder": "/workspaces/${localWorkspaceFolderBasename}",
+
+  "features": {
+    "ghcr.io/devcontainers/features/docker-outside-of-docker:1": {},
+    "ghcr.io/devcontainers/features/github-cli:1": {},
+    "ghcr.io/devcontainers-extra/features/uv:1": {}
+  },
+
+  "runArgs": [
+    "--add-host=host.docker.internal:host-gateway"
+  ],
+
+  "remoteEnv": {
+    "DOCKER_API_VERSION": "1.43"
+  },
+
+  "forwardPorts": [8000, 5432],
+  "portsAttributes": {
+    "8000": { "label": "FastAPI", "onAutoForward": "openBrowser" },
+    "5432": { "label": "PostgreSQL" }
+  },
+  "initializeCommand": "bash \"${localWorkspaceFolder}/.devcontainer/ensure-env.sh\"",
+  "postStartCommand": "bash .devcontainer/post-start.sh",
+  "postCreateCommand": "bash .devcontainer/init-env.sh && { curl -LsSf https://astral.sh/uv/install.sh | sh && ~/.local/bin/uv sync && curl -sSLO https://github.com/hetznercloud/cli/releases/latest/download/hcloud-linux-amd64.tar.gz && sudo tar -C /usr/local/bin --no-same-owner -xzf hcloud-linux-amd64.tar.gz hcloud && rm hcloud-linux-amd64.tar.gz; } >> /tmp/devcontainer-postcreate.log 2>&1",
+  "customizations": {
+    "vscode": {
+      "extensions": [
+        "ms-python.python",
+        "ms-python.vscode-pylance",
+        "anthropic.claude-code"
+      ]
+    }
+  }
+}

.devcontainer/docker-compose.yml

@@ -0,0 +1,15 @@
+services:
+  db:
+    image: postgres:16
+    restart: unless-stopped
+    ports:
+      - "5432:5432"
+    environment:
+      POSTGRES_USER: ${DB_USER:-postgres}
+      POSTGRES_PASSWORD: ${DB_PASSWORD:-postgres}
+      POSTGRES_DB: ${DB_NAME:-fastapi-jinja2-postgres-webapp}
+    volumes:
+      - pgdata:/var/lib/postgresql/data
+
+volumes:
+  pgdata:

.devcontainer/ensure-env.sh

@@ -0,0 +1,17 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Run from repo root
+cd "$(dirname "${BASH_SOURCE[0]}")/.."
+
+# Ensure a .env exists BEFORE docker compose evaluates env_file
+if [ ! -f ".env" ]; then
+  if [ -f ".env.example" ]; then
+    cp .env.example .env || true
+  else
+    touch .env
+  fi
+fi
+
+echo ".env ensured for compose evaluation."
+

.devcontainer/init-env.sh

@@ -0,0 +1,46 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Run from repo root
+cd "$(dirname "${BASH_SOURCE[0]}")/.."
+
+# Ensure a working .env exists
+if [ ! -f ".env" ]; then
+  if [ -f ".env.example" ]; then
+    cp .env.example .env || true
+  else
+    touch .env
+  fi
+fi
+
+# Ensure DB_HOST points to host.docker.internal for DooD sibling container access
+if grep -q '^DB_HOST=' .env; then
+  sed -i 's/^DB_HOST=.*/DB_HOST=host.docker.internal/' .env
+else
+  echo 'DB_HOST=host.docker.internal' >> .env
+fi
+
+generate_secret() {
+  if command -v openssl >/dev/null 2>&1; then
+    openssl rand -base64 32
+  else
+    python - <<'PY'
+import base64, os
+print(base64.b64encode(os.urandom(32)).decode('ascii'))
+PY
+  fi
+}
+
+# Ensure SECRET_KEY exists and is non-empty/non-placeholder
+if grep -q '^SECRET_KEY=' .env; then
+  current_secret="$(grep '^SECRET_KEY=' .env | cut -d= -f2-)"
+  if [ -z "${current_secret}" ] || [ "${current_secret}" = "changeme" ] || [ "${current_secret}" = "REPLACE_ME" ]; then
+    new_secret="$(generate_secret)"
+    sed -i "s|^SECRET_KEY=.*|SECRET_KEY=${new_secret}|" .env
+  fi
+else
+  echo "SECRET_KEY=$(generate_secret)" >> .env
+fi
+
+echo "Environment prepared. DB_HOST set to 'host.docker.internal' and SECRET_KEY ensured."
+

.devcontainer/post-start.sh

@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Tee all output to a log file for post-hoc debugging
+exec > >(tee -a /tmp/devcontainer-poststart.log) 2>&1
+
+cd "$(dirname "${BASH_SOURCE[0]}")/.."
+
+docker compose -f .devcontainer/docker-compose.yml up -d

.env.example

@@ -4,13 +4,28 @@ SECRET_KEY=
 # Base URL
 BASE_URL=http://localhost:8000
 
-# Database
-DB_USER=
-DB_PASSWORD=
-DB_HOST=localhost
+# Database connection mode (0 = direct, 1 = pooled)
+USE_POOL=0
+
+# Shared database settings
+DB_HOST=127.0.0.1
+DB_SSLMODE=prefer
+
+# Direct connection settings (when USE_POOL=0)
+DB_USER=postgres
+DB_PASSWORD=postgres
 DB_PORT=5432
 DB_NAME=
 
+# Pooled connection settings (when USE_POOL=1)
+# DB_APPUSER=
+# DB_APPUSER_PASSWORD=
+# DB_POOL_PORT=6543
+# DB_POOL_NAME=
+
+# Domain for production (used by Caddy for TLS)
+DOMAIN=
+
 # Resend
 RESEND_API_KEY=
 EMAIL_FROM=

.github/workflows/release.yml

@@ -0,0 +1,82 @@
+name: release
+
+on:
+  push:
+    branches: [main]
+
+permissions:
+  contents: write
+
+jobs:
+  release:
+    if: "!contains(github.event.head_commit.message, '[skip ci]')"
+    runs-on: ubuntu-latest
+    steps:
+      - name: Generate token for version incrementer app
+        id: create_token
+        uses: tibdex/github-app-token@v2
+        with:
+          app_id: ${{ secrets.APP_ID }}
+          private_key: ${{ secrets.PRIVATE_KEY }}
+
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          ref: ${{ github.sha }}
+          token: ${{ steps.create_token.outputs.token }}
+
+      - name: Force correct branch on workflow sha
+        run: git checkout -B ${{ github.ref_name }} ${{ github.sha }}
+
+      - name: Bump patch version
+        id: bump
+        run: |
+          CURRENT_VERSION=$(grep -oP '^version = "\K[^"]+' pyproject.toml)
+          IFS='.' read -r MAJOR MINOR PATCH <<< "$CURRENT_VERSION"
+          NEW_PATCH=$((PATCH + 1))
+          NEW_VERSION="$MAJOR.$MINOR.$NEW_PATCH"
+          sed -i "s/^version = \"$CURRENT_VERSION\"/version = \"$NEW_VERSION\"/" pyproject.toml
+          echo "version=$NEW_VERSION" >> "$GITHUB_OUTPUT"
+          echo "tag=v$NEW_VERSION" >> "$GITHUB_OUTPUT"
+          echo "Bumped version: $CURRENT_VERSION -> $NEW_VERSION"
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v5
+
+      - name: Sync uv lockfile
+        run: uv lock
+
+      - name: Get merged PR info
+        id: pr_info
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          PR_NUMBER=$(gh pr list --state merged --search "${{ github.sha }}" --json number --jq '.[0].number' 2>/dev/null || echo "")
+          if [ -n "$PR_NUMBER" ]; then
+            PR_BODY=$(gh pr view "$PR_NUMBER" --json body --jq '.body')
+            echo "pr_number=$PR_NUMBER" >> "$GITHUB_OUTPUT"
+            {
+              echo "notes<<EOF"
+              echo "$PR_BODY"
+              echo "EOF"
+            } >> "$GITHUB_OUTPUT"
+          else
+            echo "notes=Release ${{ steps.bump.outputs.tag }}" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Create GitHub release
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          RELEASE_NOTES: ${{ steps.pr_info.outputs.notes }}
+        run: |
+          gh release create "${{ steps.bump.outputs.tag }}" \
+            --title "${{ steps.bump.outputs.tag }}" \
+            --notes "$RELEASE_NOTES"
+
+      - name: Commit version bump
+        uses: stefanzweifel/git-auto-commit-action@v5
+        with:
+          commit_message: "chore: release ${{ steps.bump.outputs.tag }} [skip ci]"
+          branch: ${{ github.ref_name }}
+          file_pattern: "pyproject.toml uv.lock"

.github/workflows/test.yml

@@ -11,7 +11,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        python-version: ["3.12"]
+        python-version: ["3.13"]
         os: [ubuntu-latest]
 
     runs-on: ${{ matrix.os }}
@@ -20,7 +20,7 @@ jobs:
       postgres:
         image: postgres:latest
         env:
-          POSTGRES_DB: test_db
+          POSTGRES_DB: db
           POSTGRES_USER: postgres
           POSTGRES_PASSWORD: postgres
         ports:
@@ -45,31 +45,11 @@ jobs:
       - name: Install project
         run: uv sync --all-extras --dev
 
-      - name: Set env variables for pytest
-        run: |
-          echo "DB_USER=postgres" >> $GITHUB_ENV
-          echo "DB_PASSWORD=postgres" >> $GITHUB_ENV
-          echo "DB_HOST=127.0.0.1" >> $GITHUB_ENV
-          echo "DB_PORT=5432" >> $GITHUB_ENV
-          echo "DB_NAME=test_db" >> $GITHUB_ENV
-          echo "SECRET_KEY=$(openssl rand -base64 32)" >> $GITHUB_ENV
-          echo "BASE_URL=http://localhost:8000" >> $GITHUB_ENV
-          echo "RESEND_API_KEY=resend_api_key" >> $GITHUB_ENV
-          echo "EMAIL_FROM=noreply@promptlytechnologies.com" >> $GITHUB_ENV
-        
-      - name: Verify environment variables
-        run: |
-          echo "Checking if required environment variables are set..."
-          [ -n "$DB_USER" ] && \
-          [ -n "$DB_PASSWORD" ] && \
-          [ -n "$DB_HOST" ] && \
-          [ -n "$DB_PORT" ] && \
-          [ -n "$DB_NAME" ] && \
-          [ -n "$SECRET_KEY" ] && \
-          [ -n "$RESEND_API_KEY" ]
+      - name: Run linting with ruff
+        run: uv run ruff check .
 
-      - name: Run type checking with mypy
-        run: uv run mypy .
+      - name: Run type checking with ty
+        run: uv run ty check .
 
       - name: Run tests with pytest
         run: uv run pytest tests/