v1: first dump (new improved backend, schema + deploy)

Author: iliane5

.github/workflows/deploy-services.yaml

@@ -11,7 +11,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: pnpm/action-setup@v4
         with:
-          version: 9.15.4
+          version: 10.9.0
 
       - uses: actions/setup-node@v4
         with:
@@ -62,20 +62,26 @@ jobs:
           workingDirectory: 'apps/scrapers'
           environment: production
           secrets: |
-            GOOGLE_BASE_URL
-            GOOGLE_API_KEY
+            API_TOKEN
+            CLOUDFLARE_API_TOKEN
+            CLOUDFLARE_ACCOUNT_ID
             DATABASE_URL
-            MERIDIAN_SECRET_KEY
+            GEMINI_BASE_URL
+            GEMINI_API_KEY
         env:
-          GOOGLE_BASE_URL: ${{ secrets.GOOGLE_BASE_URL }}
-          GOOGLE_API_KEY: ${{ secrets.GOOGLE_API_KEY }}
+          API_TOKEN: ${{ secrets.API_TOKEN }}
           DATABASE_URL: ${{ secrets.DATABASE_URL }}
-          MERIDIAN_SECRET_KEY: ${{ secrets.MERIDIAN_SECRET_KEY }}
+          CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
+          CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
+          GEMINI_BASE_URL: ${{ secrets.GEMINI_BASE_URL }}
+          GEMINI_API_KEY: ${{ secrets.GEMINI_API_KEY }}
+          MERIDIAN_ML_SERVICE_URL: ${{ secrets.MERIDIAN_ML_SERVICE_URL }}
+          MERIDIAN_ML_SERVICE_API_KEY: ${{ secrets.MERIDIAN_ML_SERVICE_API_KEY }}
 
-      - name: Build Nuxt Application
-        run: pnpm build --filter=@meridian/frontend # Or 'yarn generate', ensure this matches your static build script in package.json (npx nuxi generate)
-        env:
-          NUXT_DATABASE_URL: ${{ secrets.DATABASE_URL }}
+      # - name: Build Nuxt Application
+      #   run: pnpm build --filter=@meridian/frontend # Or 'yarn generate', ensure this matches your static build script in package.json (npx nuxi generate)
+      #   env:
+      #     NUXT_DATABASE_URL: ${{ secrets.DATABASE_URL }}
 
       # - name: Publish to Cloudflare Pages
       #   uses: cloudflare/wrangler-action@v3 # Use the official Cloudflare Wrangler action

.gitignore

@@ -190,4 +190,9 @@ apps/scrapers/feeds.json
 
 __pycache__
 
-apps/briefs
+apps/briefs
+
+# python stuff
+.mypy_cache
+.ruff_cache
+*.egg-info

.vscode/settings.json

@@ -16,9 +16,14 @@
     "**/node_modules": true,
     "**/.nuxt": true,
     "**/.output": true,
-    "**/dist": true
+    "**/dist": true,
+    "**/.wrangler": true,
+    "**/.mypy_cache": true,
+    "**/.ruff_cache": true,
+    "**/*.egg-info": true,
+    "**/__pycache__": true
   },
   "[python]": {
-    "editor.defaultFormatter": "ms-python.black-formatter"
+    "editor.defaultFormatter": "charliermarsh.ruff"
   }
 }

apps/backend/README.MD

@@ -0,0 +1,162 @@
+# Meridian Backend Worker (`@meridian/backend`)
+
+This Cloudflare Worker application forms the core data ingestion, processing, and API layer for the Meridian project. It handles fetching news sources, orchestrating article content scraping, performing AI analysis, managing data persistence, and providing API endpoints.
+
+It leverages several Cloudflare platform features for resilience and scalability:
+
+- **Workers:** Runs the Hono API server, queue consumer logic, Workflow triggers, and Durable Object interactions.
+- **Durable Objects (`SourceScraperDO`):** Manages the state and scheduled fetching for individual news sources via Alarms.
+- **Queues (`article-processing-queue`):** Decouples the initial lightweight source check from the more intensive article processing.
+- **Workflows (`ProcessArticles`):** Provides durable, multi-step execution for scraping, analyzing, and storing article content, handling retries automatically.
+- **R2:** Stores full article text content.
+
+## Key Components
+
+1.  **Hono API Server (`app.ts`):**
+
+    - Provides HTTP endpoints for:
+      - Managing reports (`/reports`).
+      - Managing sources (`/sources` - e.g., deletion).
+      - Generating OpenGraph images (`/openGraph`).
+      - Internal/Admin operations (DO initialization `POST /do/admin/initialize-dos`).
+      - Health check (`/ping`).
+    - Handles routing requests to specific `SourceScraperDO` instances (`GET /do/source/:sourceId/*`).
+    - Uses Bearer Token authentication (`API_TOKEN`) for protected routes (`hasValidAuthToken`).
+
+2.  **Source Scraper Durable Object (`SourceScraperDO`):**
+
+    - One instance per news source URL (`idFromName(url)`).
+    - Uses Cloudflare Alarms (`ctx.storage.setAlarm`) for scheduled, periodic RSS feed checks based on frequency tiers.
+    - Fetches and parses RSS feeds (`parseRSSFeed`), handling various formats and cleaning URLs/content.
+    - Uses `ON CONFLICT DO NOTHING` to efficiently insert only new article metadata (URL, title, source ID, publish date) into the database.
+    - Sends batches of newly inserted article database IDs to the `ARTICLE_PROCESSING_QUEUE`.
+    - Implements robust retries with exponential backoff (`attemptWithRetries`) for fetching, parsing, and DB insertion.
+    - Validates and stores its state (`SourceState`: sourceId, url, frequency, lastChecked) in Durable Object storage, protecting against corruption.
+    - Includes a `destroy` method for cleanup.
+
+3.  **Article Processing Queue (`article-processing-queue`):**
+
+    - Receives messages containing batches of article IDs needing full processing.
+    - The queue consumer (`queue` handler in `index.ts`) aggregates IDs from the batch.
+    - Triggers the `ProcessArticles` Workflow to handle the actual processing for the aggregated IDs.
+    - Configured with settings like `max_batch_size`, `max_retries`, and a Dead Letter Queue (`article-processing-dlq`).
+
+4.  **Process Articles Workflow (`ProcessArticles`):**
+
+    - Receives a list of article IDs from the queue consumer trigger.
+    - Fetches necessary article details (URL, title, publish date) from the database, filtering for recent, unprocessed, non-failed articles.
+    - Uses a `DomainRateLimiter` to manage scraping politeness and concurrency across different source domains.
+    - Scrapes full article content using `step.do` for durable, retried execution:
+      - Attempts direct `fetch` (`getArticleWithFetch`) first.
+      - Falls back to the Cloudflare Browser Rendering API (`getArticleWithBrowser`) for tricky domains (`TRICKY_DOMAINS`) or initial fetch failures. This involves executing JavaScript snippets via `addScriptTag` to bypass cookie consents, paywalls, and clean the DOM before extraction.
+      - Uses `@mozilla/readability` (`parseArticle`) to extract the core article text from the scraped HTML.
+    - Handles PDF links by marking them as `SKIPPED_PDF` in the database.
+    - Sends the extracted title and text to Google Gemini (`gemini-2.0-flash`) via `@ai-sdk/google` (`generateObject`) for structured analysis based on `articleAnalysis.prompt.ts` and `articleAnalysisSchema`.
+    - Generates embeddings for the processed content using an external ML service (`createEmbeddings`).
+    - Uploads the extracted article text to R2 (`ARTICLES_BUCKET`).
+    - Updates the corresponding articles in the database with the analysis results (language, keywords, entities, summary, etc.), embedding vector, R2 key, and final status (`PROCESSED`), or marks them with a specific failure status (`FETCH_FAILED`, `RENDER_FAILED`, `AI_ANALYSIS_FAILED`, `EMBEDDING_FAILED`, `R2_UPLOAD_FAILED`) and `failReason`.
+    - Leverages Workflow steps (`step.do`, `step.sleep`) for automatic retries, durability, and managing execution state.
+
+5.  **Core Libraries & Utilities (`src/lib`):**
+
+    - `articleFetchers.ts`: Contains logic for `getArticleWithFetch` and `getArticleWithBrowser`, including the browser rendering script definitions.
+    - `embeddings.ts`: Interface for generating embeddings via the external ML service.
+    - `logger.ts`: Simple structured JSON logger class for Cloudflare Logs.
+    - `parsers.ts`: Includes `parseRSSFeed` and `parseArticle` (using `Readability` and `linkedom`).
+    - `rateLimiter.ts`: Implements the `DomainRateLimiter`.
+    - `tryCatchAsync.ts`: Utility for converting promise rejections to `neverthrow` Results.
+    - `utils.ts`: Helper functions like `getDb` (with `prepare: false`), `hasValidAuthToken`, `generateSearchText`.
+
+6.  **Integrations:**
+    - **Database (`@meridian/database`):** Uses Drizzle ORM and `postgres.js` to interact with the PostgreSQL database. Configured with `prepare: false` for pooler compatibility.
+    - **Cloudflare Browser Rendering API:** Used as a fallback mechanism for robust scraping.
+    - **Google AI (Gemini):** Used for core article analysis.
+    - **External ML Service:** Used via `ML_SERVICE_URL` for generating embeddings.
+
+## How It Works (High-Level Flow)
+
+1.  **Initialization:** (If needed) The `/do/admin/initialize-dos` endpoint is called to create/update `SourceScraperDO` instances based on sources in the database.
+2.  **Scheduled Fetch:** A `SourceScraperDO` instance's alarm triggers.
+3.  **RSS Processing:** The DO fetches its RSS feed, parses it, and inserts basic metadata for new articles using `ON CONFLICT DO NOTHING`.
+4.  **Queueing:** The DO sends the database IDs of newly inserted articles to the `ARTICLE_PROCESSING_QUEUE`.
+5.  **Queue Consumption:** The Worker's `queue` handler receives a batch of article IDs.
+6.  **Workflow Trigger:** The `queue` handler triggers the `ProcessArticles` Workflow with the batch of IDs.
+7.  **Content Scraping & Parsing:** The Workflow fetches article details, scrapes the full content using the rate limiter and appropriate method (fetch/browser), and parses it using Readability.
+8.  **AI Analysis & Embeddings:** The Workflow sends content to Gemini for analysis and generates embeddings via the ML service.
+9.  **Storage:** The Workflow uploads article text to R2.
+10. **DB Update:** The Workflow updates the articles in the database with the analysis results, R2 key, embedding, and final status.
+11. **API Access:** The Hono API server allows querying processed data or performing management actions.
+
+## Configuration
+
+Configuration relies on `wrangler.jsonc` for infrastructure bindings and environment variables/secrets for credentials and runtime parameters.
+
+### `wrangler.jsonc` Highlights
+
+Ensure the following bindings and configurations are correctly set up:
+
+- **`durable_objects`:** Binding `SOURCE_SCRAPER` to `SourceScraperDO` class, plus `migrations` definition.
+- **`queues`:** Producer binding `ARTICLE_PROCESSING_QUEUE` and Consumer config for `article-processing-queue` (pointing to the Worker).
+- **`r2_buckets`:** Binding `ARTICLES_BUCKET` to your R2 bucket name.
+- **`workflows`:** Binding `PROCESS_ARTICLES` to `ProcessArticles` class.
+- **`compatibility_date` / `compatibility_flags`:** Set appropriately (e.g., `nodejs_compat`).
+- **`observability`:** Enabled for better monitoring.
+
+### Environment Variables & Secrets
+
+The following are required (use `.dev.vars` locally, Cloudflare Secrets in production):
+
+- `DATABASE_URL`: PostgreSQL connection string.
+- `API_TOKEN`: Secret Bearer token for protecting API endpoints.
+- `CLOUDFLARE_ACCOUNT_ID`: Your Cloudflare account ID.
+- `CLOUDFLARE_BROWSER_RENDERING_API_TOKEN`: API token with Browser Rendering permissions.
+- `GEMINI_API_KEY`: API key for Google AI (Gemini).
+- `GEMINI_BASE_URL`: (Optional) Custom base URL for Google AI API.
+- `ML_SERVICE_URL`: URL for the external embeddings service.
+- `ML_SERVICE_API_TOKEN`: API token for the external embeddings service.
+
+## Running Locally
+
+1.  Ensure Node.js (v22+), pnpm (v9.15+), Docker (for Postgres+pgvector), and Wrangler are installed.
+2.  Navigate to the monorepo root (`meridian/`).
+3.  Install dependencies: `pnpm install`.
+4.  Start a local PostgreSQL database with the pgvector extension (see `@meridian/database/README.MD` or use Supabase local dev).
+5.  Configure and run database migrations:
+    - Set `DATABASE_URL` in `packages/database/.env`.
+    - Run `pnpm --filter @meridian/database migrate`.
+    - (Optional) Seed initial sources: `pnpm --filter @meridian/database seed`.
+6.  Create a `.dev.vars` file in `apps/backend/` and populate the required environment variables listed above.
+7.  Start the local development server: `pnpm --filter @meridian/backend run dev`.
+    - This uses `wrangler dev` with local emulation.
+    - Local emulation for DOs, Queues, and Workflows has limitations.
+8.  **Initialize Durable Objects:** Manually trigger the DO initialization endpoint once after starting the server and seeding sources:
+    ```bash
+    curl -X POST -H "Authorization: Bearer YOUR_API_TOKEN" http://localhost:8787/do/admin/initialize-dos
+    ```
+    Replace `YOUR_API_TOKEN` with the value from your `.dev.vars`.
+
+## Testing
+
+Unit tests for core utilities and parsers are located in the `test/` directory and can be run with `pnpm --filter @meridian/backend run test`. Integration or end-to-end testing involving Workers, DOs, and Workflows locally can be complex but may be valuable future additions.
+
+## Deployment
+
+Deployment is handled via Cloudflare Wrangler:
+
+1.  Ensure `wrangler.jsonc` is correct for the target environment.
+2.  Set production secrets using `npx wrangler secret put <SECRET_NAME>`.
+3.  Deploy using `npx wrangler deploy` from within the `apps/backend` directory or via configured CI/CD.
+
+## Key Libraries & Technologies
+
+- **Hono:** Web framework for the API server.
+- **Drizzle ORM:** TypeScript ORM for database interactions.
+- **postgres.js:** PostgreSQL client library.
+- **Neverthrow:** Functional error handling.
+- **Zod:** Schema validation.
+- **@ai-sdk/google:** SDK for interacting with Google Gemini.
+- **@mozilla/readability:** Core library for article content extraction.
+- **linkedom:** DOM parser used with Readability.
+- **fast-xml-parser:** For parsing RSS feeds.
+- **Vitest:** Unit testing framework.
+- **Cloudflare Workers, Durable Objects, Queues, Workflows, R2**

apps/scrapers/package.json renamed to apps/backend/package.json

@@ -1,5 +1,5 @@
 {
-  "name": "@meridian/scrapers",
+  "name": "@meridian/backend",
   "version": "0.0.0",
   "private": true,
   "license": "MIT",
@@ -9,30 +9,31 @@
     "url": "https://iliane.xyz"
   },
   "scripts": {
-    "dev": "wrangler dev --local",
-    "test": "vitest",
+    "dev": "wrangler dev",
+    "test": "vitest run",
     "cf-typegen": "wrangler types",
     "typecheck": "tsc --noEmit"
   },
   "devDependencies": {
-    "@cloudflare/vitest-pool-workers": "^0.8.17",
-    "@cloudflare/workers-types": "^4.20250416.0",
+    "@cloudflare/vitest-pool-workers": "^0.8.19",
+    "@cloudflare/workers-types": "^4.20250423.0",
+    "@types/node": "^22.14.1",
     "typescript": "^5.8.2",
-    "vitest": "~3.0.9",
-    "wrangler": "^4.11.1"
+    "vitest": "^3.1.2",
+    "wrangler": "^4.12.1"
   },
   "dependencies": {
-    "@ai-sdk/google": "^1.2.11",
-    "@cloudflare/puppeteer": "^1.0.1",
+    "@ai-sdk/google": "^1.2.13",
+    "@cloudflare/puppeteer": "^1.0.2",
     "@hono/zod-validator": "^0.4.3",
     "@meridian/database": "workspace:*",
     "@mozilla/readability": "^0.6.0",
     "ai": "^4.3.9",
-    "fast-xml-parser": "^5.2.0",
-    "hono": "^4.7.4",
+    "fast-xml-parser": "^5.2.1",
+    "hono": "^4.7.7",
     "linkedom": "^0.18.9",
     "neverthrow": "^8.2.0",
     "workers-og": "^0.0.25",
-    "zod": "^3.24.2"
+    "zod": "^3.24.3"
   }
 }

apps/backend/src/app.ts

@@ -0,0 +1,20 @@
+import openGraph from './routers/openGraph.router';
+import reportsRouter from './routers/reports.router';
+import sourcesRouter from './routers/sources.router';
+import durableObjectsRouter from './routers/durableObjects.router';
+import { Env } from './index';
+import { Hono } from 'hono';
+import { trimTrailingSlash } from 'hono/trailing-slash';
+
+export type HonoEnv = { Bindings: Env };
+
+const app = new Hono<HonoEnv>()
+  .use(trimTrailingSlash())
+  .get('/favicon.ico', async c => c.notFound()) // disable favicon
+  .route('/reports', reportsRouter)
+  .route('/sources', sourcesRouter)
+  .route('/openGraph', openGraph)
+  .route('/do', durableObjectsRouter)
+  .get('/ping', async c => c.json({ pong: true }));
+
+export default app;