.

1 files changed, 0 insertions, 198 deletions

diff --git a/docs/superpowers/specs/2026-04-03-gin-migration-design.md b/docs/superpowers/specs/2026-04-03-gin-migration-design.md
deleted file mode 100644
index 41163a3..0000000
--- a/docs/superpowers/specs/2026-04-03-gin-migration-design.md
+++ /dev/null
@@ -1,198 +0,0 @@
----
-name: Gin Migration Design
-description: Migrate admin server from net/http to Gin framework with RESTful routes and middleware-based auth
-type: implementation
-date: 2026-04-03
----
-
-# Gin Migration Design
-
-## Overview
-
-Migrate the nebbet admin server from Go's `net/http` package to the Gin web framework. The migration will:
-- Replace manual route handling with Gin's declarative routing
-- Reorganize routes to follow RESTful conventions
-- Extract auth into reusable middleware
-- Preserve all existing functionality (auth, template rendering, post management)
-- Keep UI behavior identical from the user's perspective
-
-## Goals
-
-1. **Cleaner routing:** Replace manual `ServeHTTP` switch with Gin's route declarations
-2. **Better framework:** Leverage Gin for middleware, error handling, and future extensibility
-3. **RESTful design:** Modernize route structure while keeping templates server-rendered
-
-## Non-Goals
-
-- Rewriting the frontend to a JS framework
-- Adding new features beyond the migration
-- Changing auth format or password file structure
-- Changing how posts are stored or built
-
-## Architecture
-
-### Current State
-
-The `admin.Server` implements `http.Handler` with manual routing in `ServeHTTP()`:
-```
-GET/POST /admin          → list posts
-GET/POST /admin/new      → create form / create post
-GET/POST /admin/{slug}/edit   → edit form / update post
-POST /admin/{slug}/delete     → delete post
-```
-
-Auth is checked manually via `checkAuth()` for every request.
-
-### Target State
-
-Replace with Gin routing and middleware:
-- `Server` struct holds a `*gin.Engine`
-- `NewServer()` initializes Gin with routes and middleware
-- Auth middleware wraps all admin routes
-- Handlers call `gin.Context` instead of `http.ResponseWriter`
-
-**New route structure (RESTful, under `/admin` namespace):**
-```
-GET  /admin/             → list posts
-GET  /admin/new          → create form
-POST /admin/             → create post
-GET  /admin/:slug        → edit form
-POST /admin/:slug        → update post
-DELETE /admin/:slug      → delete post
-```
-
-## Implementation Details
-
-### File: `internal/admin/server.go`
-
-#### Server Struct
-- Add field: `engine *gin.Engine`
-- Keep existing fields: `PostsDir`, `AuthFile`, `Builder`, `tmpl`
-
-#### Constructor: `NewServer(postsDir, authFile string, builder *builder.Builder) *Server`
-- Create and configure Gin engine
-- Register middleware (auth)
-- Register all routes
-- Return `*Server`
-
-#### Auth Middleware
-- Extracted from `checkAuth()` into a middleware function
-- Signature: `func (s *Server) authMiddleware() gin.HandlerFunc`
-- Logic:
-  - Skip auth if `AuthFile` is empty or doesn't exist
-  - Extract Basic Auth credentials
-  - Call `auth.Verify(username, password)`
-  - Send 401 + `WWW-Authenticate` header on failure
-  - Call `c.Next()` to proceed on success
-
-#### Route Handlers
-Keep existing handler functions, update signatures:
-- `handleList(c *gin.Context)` — render post list
-- `handleNew(c *gin.Context)` — GET shows form, POST creates post
-- `handleNewPost(c *gin.Context)` — handle POST /new (merge with `handleNew` or keep separate)
-- `handleEdit(c *gin.Context)` — GET shows form, POST updates post
-- `handleDelete(c *gin.Context)` — DELETE removes post
-
-For GET requests that show forms, continue using `c.HTML()` with the template and data map.
-For POST requests, validate form data, write to disk, rebuild, and redirect to `/`.
-
-#### Helper Functions
-Keep existing:
-- `listPosts()` — read `.md` files from PostsDir
-- `render(c *gin.Context, name string, data map[string]any)` — render template (adapt to use `c.HTML()`)
-- `renderError(c *gin.Context, msg string)` — render error template
-- `postFromForm(c *gin.Context) Post` — extract form values from `c.PostForm()`
-- `readPostFile()`, `writePostFile()`, `slugify()` — unchanged
-- `mustParseTemplates()` — unchanged
-
-### File: `cmd/nebbet/main.go`
-
-#### Changes in `cmdServe()`
-Instead of:
-```go
-adminSrv := &admin.Server{...}
-mux := http.NewServeMux()
-mux.Handle("/admin/", http.StripPrefix("/admin", adminSrv))
-mux.Handle("/lib/", ...)
-mux.Handle("/", ...)
-http.ListenAndServe(addr, mux)
-```
-
-Change to:
-```go
-adminSrv := admin.NewServer(postsDir, passwordFile, b)
-engine := adminSrv.Engine()  // or keep internal, add to main router
-
-// Either:
-// 1. Use adminSrv.Engine directly (if it handles all routes)
-// 2. Create a main Gin router and nest adminSrv's routes
-
-// Handle /lib/ and static files as Gin routes or separate handlers
-```
-
-Exact approach depends on whether we keep `/lib` and public site serving separate or consolidate into one Gin router. **Recommended:** single Gin router for consistency.
-
-## Route Mapping
-
-| Old Route | New Route | Method | Action |
-|-----------|-----------|--------|--------|
-| `/admin/` | `/admin/` | GET | List posts |
-| `/admin/new` | `/admin/new` | GET | Show create form |
-| `/admin/new` | `/admin/` | POST | Create post |
-| `/admin/{slug}/edit` | `/admin/{slug}` | GET | Show edit form |
-| `/admin/{slug}/edit` | `/admin/{slug}` | POST | Update post |
-| `/admin/{slug}/delete` | `/admin/{slug}` | DELETE | Delete post |
-
-**HTML Form Handling:** Standard HTML forms only support GET/POST. For DELETE:
-- **Option A:** Keep POST with custom handling (check method override or hidden field)
-- **Option B:** Use POST `/admin/{slug}?method=delete` and parse in handler
-
-Recommended: keep as POST for form compatibility, or use POST with Gin's `c.PostForm("_method")` check.
-
-## Dependencies
-
-- Add `github.com/gin-gonic/gin` to `go.mod`
-- No changes to other dependencies
-
-## Backwards Compatibility
-
-- **URLs:** Admin routes change (listed above). Bookmarks will break, but it's an internal admin interface.
-- **Auth:** No changes. Password file format and Basic Auth remain the same.
-- **Posts:** No changes. Markdown files, frontmatter, build process unchanged.
-- **Public site:** No changes. Static files served the same way.
-
-## Testing Strategy
-
-- **Manual:** Create/edit/delete posts via the admin UI, verify rebuilds work
-- **Auth:** Test Basic Auth with valid/invalid credentials
-- **Forms:** Verify all form fields (title, date, tags, content) are captured and saved correctly
-- **Errors:** Verify error handling for missing posts, invalid input, file write failures
-
-## Implementation Order
-
-1. Add Gin dependency to `go.mod`
-2. Create `NewServer()` constructor and auth middleware in `server.go`
-3. Register routes in `NewServer()`
-4. Convert handler signatures to `*gin.Context`
-5. Update `render()` and helper functions to work with Gin
-6. Update `cmd/nebbet/main.go` to use `NewServer()`
-7. Verify all routes work locally
-8. Test admin UI end-to-end
-
-## Risks & Mitigation
-
-| Risk | Mitigation |
-|------|-----------|
-| Breaking the admin UI during migration | Test each route in a browser after updating |
-| Form submission issues (e.g., multipart/form-data) | Use `c.PostForm()` and test file uploads if used |
-| Auth middleware interfering with static files | Apply middleware only to admin routes, not `/lib` or `/` |
-| Template rendering errors | Keep template loading and execution the same |
-
-## Success Criteria
-
-- ✓ All admin routes work with Gin
-- ✓ Auth middleware blocks unauthorized access
-- ✓ Create/edit/delete posts works end-to-end
-- ✓ Posts rebuild after create/edit/delete
-- ✓ No changes to password file format or post storage
-- ✓ Static file serving (`/lib`, public site) unchanged