xpltdco/chrysopedia
2
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

chore: Added GET /creator/export endpoint that returns a ZIP archive co…

Browse source 
- "backend/routers/creator_dashboard.py"
- "backend/tests/test_export.py"

GSD-Task: S07/T01
This commit is contained in:
jlightner 2026-04-04 14:16:56 +00:00
parent cfc7e95d28
commit 8b2876906c
11 changed files with 1172 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.gsd/milestones/M025/M025-ROADMAP.md
View file

@ -11,7 +11,7 @@ Production hardening, mobile polish, creator onboarding, and formal validation.
| S03 | [A] Creator Onboarding Flow | low | — | ✅ | New creator signs up, follows guided upload, sets consent, sees dashboard tour |
| S04 | [B] Rate Limiting + Cost Management | low | — | ✅ | Chat requests limited per-user and per-creator. Token usage dashboard in admin. |
| S05 | [B] AI Transparency Page | low | — | ✅ | Creator sees all entities, relationships, and technique pages derived from their content |
| S06 | [B] Graph Backend Evaluation | low | — | | Benchmark report: NetworkX vs Neo4j at current and projected entity counts |
| S06 | [B] Graph Backend Evaluation | low | — | | Benchmark report: NetworkX vs Neo4j at current and projected entity counts |
| S07 | [A] Data Export (GDPR-Style) | medium | — | ⬜ | Creator downloads a ZIP with all derived content, entities, and relationships |
| S08 | [B] Load Testing + Fallback Resilience | medium | — | ⬜ | 10 concurrent chat sessions maintain acceptable latency. DGX down → Ollama fallback works. |
| S09 | [B] Prompt Optimization Pass | low | — | ⬜ | Chat quality reviewed across creators. Personality fidelity assessed. |

75
.gsd/milestones/M025/slices/S06/S06-SUMMARY.md Normal file
View file

@ -0,0 +1,75 @@
---
id: S06
parent: M025
milestone: M025
provides:
- Graph backend evaluation report with migration plan and thresholds
requires:
[]
affects:
- S11
key_files:
- docs/graph-backend-evaluation.md
key_decisions:
- Recommend staying on NetworkX with migration trigger at 50K nodes (planning) / 90K nodes (execution)
patterns_established:
- (none)
observability_surfaces:
- none
drill_down_paths:
- .gsd/milestones/M025/slices/S06/tasks/T01-SUMMARY.md
duration: ""
verification_result: passed
completed_at: 2026-04-04T14:06:43.563Z
blocker_discovered: false
---
# S06: [B] Graph Backend Evaluation
**Produced a benchmark report comparing NetworkX vs Neo4j graph storage for LightRAG, recommending staying on NetworkX with migration triggers at 50K/90K nodes.**
## What Happened
This slice produced `docs/graph-backend-evaluation.md` — an 8-section technical evaluation report synthesized from production measurements taken on the live LightRAG instance.
Key findings: the production graph has 1,836 nodes, 2,305 edges, and fits in a 663 KB GraphML file. At this scale, NetworkX handles all operations in under 1 ms with ~5-10 MB memory. Neo4j would add 1-2 GB JVM overhead and operational complexity (container, heap tuning, backups) with zero query-time benefit.
Growth is linear with creator count (~70 nodes per creator). The graph won't reach the migration threshold (50K nodes for planning, 90K for execution) until ~1,300 creators — years away at any realistic growth rate. The migration itself is config-only: set `LIGHTRAG_GRAPH_STORAGE=Neo4JStorage` plus Neo4j connection vars. No application code touches the graph directly — all access flows through LightRAG's HTTP API.
The report includes a concrete migration plan with docker-compose config, re-indexing steps, and verification commands for when the threshold is eventually reached.
## Verification
Ran slice verification: `test -f docs/graph-backend-evaluation.md` (pass), `grep -c '^## ' docs/graph-backend-evaluation.md` returned 8 (≥4 required, pass), `grep -qi 'TBD|TODO|FIXME'` found nothing (pass). Report contains all required sections: Executive Summary, Current Graph Measurements, NetworkX at Current Scale, Neo4j Analysis, Growth Projections, Recommendation, Migration Plan, and Appendix.
## Requirements Advanced
None.
## Requirements Validated
None.
## New Requirements Surfaced
None.
## Requirements Invalidated or Re-scoped
None.
## Deviations
None.
## Known Limitations
Growth projections assume linear ~70 nodes/creator scaling. If entity extraction density changes significantly (e.g., denser extraction prompts), thresholds may be reached sooner. The monitoring script in the report parses GraphML XML which could be slow at very large file sizes — but that's the exact signal to migrate.
## Follow-ups
Add the periodic graph node count monitoring check (from the report's Monitoring section) to the existing health/admin infrastructure when convenient.
## Files Created/Modified
- `docs/graph-backend-evaluation.md` — New file: 8-section benchmark report comparing NetworkX vs Neo4j at current (1,836 nodes) and projected (up to 180K nodes) scale, with recommendation and migration plan

54
.gsd/milestones/M025/slices/S06/S06-UAT.md Normal file
View file

@ -0,0 +1,54 @@
# S06: [B] Graph Backend Evaluation — UAT
**Milestone:** M025
**Written:** 2026-04-04T14:06:43.564Z
## UAT: S06 — Graph Backend Evaluation
### Preconditions
- Access to `docs/graph-backend-evaluation.md` in the repository
### Test Cases
**TC1: Report exists and is complete**
1. Open `docs/graph-backend-evaluation.md`
2. Verify it contains at least 8 `## ` sections
3. Verify no TBD/TODO/FIXME markers remain
- **Expected:** File exists with 8 sections, no placeholder text
**TC2: Executive summary states clear recommendation**
1. Read the Executive Summary section
2. Verify it contains a concrete recommendation (stay on NetworkX)
3. Verify it mentions specific migration thresholds (50K planning, 90K execution)
- **Expected:** Summary gives actionable guidance with numeric thresholds
**TC3: Current measurements match production data**
1. Read the Current Graph Measurements section
2. Verify node count (1,836), edge count (2,305), file size (663 KB) are stated
3. Verify creator count (26) and content stats are included
- **Expected:** All production metrics present and internally consistent
**TC4: Growth projections cover realistic range**
1. Read the Growth Projections section
2. Verify projections cover 2×, 5×, 10×, 25×, 50×, and 100× scenarios
3. Verify each scenario includes estimated nodes, edges, GraphML size, and viability assessment
- **Expected:** Table with 6+ growth scenarios showing clear transition from viable to migration-required
**TC5: Migration plan is actionable**
1. Read the Migration Plan section
2. Verify it includes: docker-compose.yml config for Neo4j, LightRAG env var changes, re-index procedure, verification commands
3. Verify the plan references `LIGHTRAG_GRAPH_STORAGE=Neo4JStorage` as the switch mechanism
- **Expected:** A step-by-step plan an operator could follow without additional research
**TC6: Architecture context explains isolation**
1. Read the Appendix: Architecture Context section
2. Verify it explains that application code never touches the graph directly
3. Verify it mentions LightRAG HTTP API as the sole access path
- **Expected:** Clear explanation that migration is transparent to application code
### Edge Cases
**EC1: No application code references to NetworkX**
1. Search the backend codebase for direct NetworkX imports: `grep -r 'import networkx' backend/`
2. Verify zero matches (confirming the report's claim that app code doesn't touch the graph)
- **Expected:** No matches — all graph access is via LightRAG HTTP API

16
.gsd/milestones/M025/slices/S06/tasks/T01-VERIFY.json Normal file
View file

@ -0,0 +1,16 @@
{
"schemaVersion": 1,
"taskId": "T01",
"unitId": "M025/S06/T01",
"timestamp": 1775311555742,
"passed": true,
"discoverySource": "task-plan",
"checks": [
{
"command": "test -f docs/graph-backend-evaluation.md",
"exitCode": 0,
"durationMs": 11,
"verdict": "pass"
}
]
}

70
.gsd/milestones/M025/slices/S07/S07-PLAN.md
View file

@ -1,6 +1,74 @@
# S07: [A] Data Export (GDPR-Style)
**Goal:** GDPR-style data export for creators
**Goal:** Creator can download a ZIP archive containing all derived content, entities, and relationships from their data via a single authenticated endpoint.
**Demo:** After this: Creator downloads a ZIP with all derived content, entities, and relationships
## Tasks
- [x] **T01: Added GET /creator/export endpoint that returns a ZIP archive containing all creator-owned data across 12 tables plus export metadata** — Add `GET /creator/export` to the creator dashboard router. Queries all creator-owned tables (creators, source_videos, key_moments, technique_pages, technique_page_versions, related_technique_links, video_consents + consent_audit_log, posts + post_attachments metadata, highlight_candidates + generated_shorts), serializes each to JSON, packages into a ZIP archive, and returns via StreamingResponse.
The endpoint uses the established auth pattern from the transparency endpoint. Each table gets its own JSON file in the ZIP. UUIDs and datetimes serialize via `default=str`. An `export_metadata.json` includes timestamp, creator_id, and a note that binary attachments are not included.
Related technique links include both outgoing and incoming links where the creator's technique pages are involved. Highlight candidates and generated shorts are reached through source_videos → key_moments.
Includes a pytest that mocks DB queries and verifies the endpoint returns a valid ZIP with expected file entries.
## Steps
1. Read `backend/routers/creator_dashboard.py` to understand the existing auth pattern and imports
2. Read relevant model classes in `backend/models.py` for column names: Creator, SourceVideo, KeyMoment, TechniquePage, TechniquePageVersion, RelatedTechniqueLink, VideoConsent, ConsentAuditLog, Post, PostAttachment, HighlightCandidate, GeneratedShort
3. Add the `GET /creator/export` endpoint to `creator_dashboard.py`:
- Reuse auth pattern from `get_creator_transparency`
- Query each table with `creator_id` filter (direct or via joins)
- Serialize each result set to a list of dicts using column introspection or explicit field lists
- Build ZIP in-memory with `io.BytesIO` + `zipfile.ZipFile`
- Return `StreamingResponse` with `application/zip` content type and `Content-Disposition` header
4. Add structured logging: log.info on export start (creator_id) and completion (file count, approximate size)
5. Write `backend/tests/test_export.py` — standalone ASGI test (no real DB needed):
- Mock the DB session to return canned model instances
- Call `GET /creator/export` with auth
- Assert response is 200, content-type is zip
- Open returned bytes as ZipFile, assert expected file names present
- Parse each JSON file and assert valid structure
6. Run the test and verify it passes
## Must-Haves
- [ ] Endpoint returns a valid ZIP with all 10 JSON files
- [ ] Auth required — 401 without token, 404 without creator link
- [ ] UUIDs and datetimes serialize correctly (no crash)
- [ ] Related technique links include cross-creator references with context
- [ ] export_metadata.json has timestamp and creator_id
- [ ] Test file passes
- Estimate: 45m
- Files: backend/routers/creator_dashboard.py, backend/models.py, backend/tests/test_export.py
- Verify: cd backend && python -m pytest tests/test_export.py -v
- [ ] **T02: Add frontend download button and verify end-to-end** — Add an 'Export My Data' download button to the CreatorDashboard page. The button triggers an authenticated fetch to `/api/v1/creator/export`, receives the ZIP blob, and initiates a browser download. Includes loading state while the export runs and error handling for failures.
The API client in `frontend/src/api/client.ts` manages auth tokens. The download uses `fetch()` with the Bearer token (matching the existing `request()` pattern) but handles the response as a blob instead of JSON.
## Steps
1. Read `frontend/src/pages/CreatorDashboard.tsx` to find where to place the export button
2. Read `frontend/src/api/client.ts` to understand the auth token retrieval pattern
3. Add an `exportCreatorData()` function to `frontend/src/api/creator.ts` (or inline in the dashboard) that:
- Fetches `${BASE}/creator/export` with Bearer token
- Returns the response as a Blob
- Throws ApiError on non-200 responses
4. Add an 'Export My Data' button to the CreatorDashboard stats section area, with:
- Loading state (spinner or disabled + text change while downloading)
- Error toast/message on failure
- On success: create object URL from blob, trigger download via hidden anchor click, revoke URL
5. Add CSS for the export button in `CreatorDashboard.module.css` — match existing dashboard styling
6. Verify: build frontend (`npm run build` in frontend/), confirm no TS errors
7. Deploy to ub01 and verify the button appears and download works with a real creator account
## Must-Haves
- [ ] Export button visible on CreatorDashboard when data loads
- [ ] Button shows loading state during download
- [ ] Downloaded file is a valid ZIP named chrysopedia-export-{slug}.zip
- [ ] Error state shown if export fails
- [ ] Frontend builds without errors
- Estimate: 30m
- Files: frontend/src/pages/CreatorDashboard.tsx, frontend/src/pages/CreatorDashboard.module.css, frontend/src/api/creator.ts
- Verify: cd frontend && npm run build 2>&1 | tail -5

121
.gsd/milestones/M025/slices/S07/S07-RESEARCH.md Normal file
View file

@ -0,0 +1,121 @@
# S07 Research — Data Export (GDPR-Style)
## Summary
Straightforward slice. Creator downloads a ZIP containing all derived content, entities, and relationships as JSON files. All data lives in PostgreSQL with `creator_id` foreign keys. Python stdlib `zipfile` + `tempfile` handles packaging. No new dependencies needed. The transparency endpoint (`/creator/transparency`) already queries most of this data — the export endpoint extends that pattern to cover all tables and streams a ZIP.
## Recommendation
Single new backend endpoint `GET /creator/export` on the creator dashboard router. Streams a ZIP file via `StreamingResponse`. Frontend adds a download button to the creator dashboard. Three tasks: backend endpoint, frontend button, verification.
## Implementation Landscape
### Per-Creator Data to Export
All tables with `creator_id` FK or reachable through creator → video → moment chains:
| Table | FK Path | Notes |
|-------|---------|-------|
| `creators` | direct | Profile: name, slug, genres, bio, social_links, personality_profile |
| `source_videos` | `creator_id` | filename, duration, content_type, processing_status |
| `key_moments` | via `source_videos.id` | title, summary, timestamps, plugins, raw_transcript |
| `technique_pages` | `creator_id` | title, slug, topic, tags, summary, body_sections, signal_chains |
| `technique_page_versions` | via `technique_pages.id` | content_snapshot, pipeline_metadata |
| `related_technique_links` | source_page_id or target_page_id in creator's pages | cross-references |
| `video_consents` | `creator_id` | kb_inclusion, training_usage, public_display |
| `consent_audit_log` | via `video_consents.id` | field_name, old_value, new_value, timestamps |
| `posts` | `creator_id` | title, body_json, is_published |
| `post_attachments` | via `posts.id` | filename, file_path, mime_type |
| `highlight_candidates` | via `source_videos``key_moments` | score, score_breakdown, status |
| `generated_shorts` | via `highlight_candidates` | format_key, status, output_path |
**Not included (user-level, not creator-level):**
- `chat_usage_log` — per-request, references `creator_slug` not `creator_id`, belongs to the platform
- `search_log` — platform analytics, not creator data
- `email_digest_log`, `creator_follows` — user activity, not creator content
### Auth Pattern
File: `backend/routers/creator_dashboard.py`
```python
# Established pattern — reuse exactly:
current_user: Annotated[User, Depends(get_current_user)]
if current_user.creator_id is None:
raise HTTPException(status_code=404, detail="No creator profile linked")
creator_id = current_user.creator_id
```
### ZIP Streaming Pattern
Python stdlib approach — no external deps:
```python
import io, json, zipfile
from fastapi.responses import StreamingResponse
buf = io.BytesIO()
with zipfile.ZipFile(buf, "w", zipfile.ZIP_DEFLATED) as zf:
zf.writestr("creator.json", json.dumps(creator_data, default=str, indent=2))
zf.writestr("technique_pages.json", ...)
# ... each table as a JSON file
buf.seek(0)
return StreamingResponse(buf, media_type="application/zip",
headers={"Content-Disposition": f"attachment; filename=chrysopedia-export-{slug}.zip"})
```
Using `BytesIO` in-memory is fine — creator datasets are small (tens of technique pages, hundreds of moments). If a creator ever has 10k+ moments, switch to `tempfile.SpooledTemporaryFile`.
### Existing Patterns to Reuse
1. **Transparency endpoint** (`GET /creator/transparency` in `creator_dashboard.py`) — already queries technique pages, key moments, relationships, source videos for the authenticated creator. Export endpoint extends this with additional tables.
2. **StreamingResponse** — already used in `chat.py` line 130. Import pattern established.
3. **Frontend download** — standard `window.location.href` or `fetch()` + blob approach. The API client in `frontend/src/api/client.ts` adds the Bearer token to requests.
### Frontend Integration Point
`frontend/src/pages/CreatorDashboard.tsx` — the dashboard page with sidebar nav. Add the export button either:
- On the main dashboard view (most visible)
- In the sidebar nav (consistent with other actions)
Dashboard view is better — it's an action, not a navigation destination.
### File Structure in ZIP
```
chrysopedia-export-{creator-slug}/
creator.json # Profile data
source_videos.json # All videos
technique_pages.json # All technique pages with body_sections
key_moments.json # All key moments
relationships.json # Cross-reference links
consent.json # Video consent records + audit log
posts.json # Posts with body_json
highlights.json # Highlight candidates + generated shorts
versions.json # Technique page version history
export_metadata.json # Timestamp, creator_id, version
```
### Key Constraints
1. **No file attachments in ZIP**`post_attachments` stores paths to files (likely MinIO). Including binary files would balloon the ZIP and complicate streaming. Export the metadata only; note in `export_metadata.json` that binary attachments are not included.
2. **UUID serialization** — all model IDs are UUIDs. Use `json.dumps(data, default=str)` to handle UUID and datetime serialization.
3. **Relationship links**`related_technique_links` may reference technique pages from OTHER creators (cross-creator links). Include the link but only if source OR target belongs to this creator. Include the target page title/slug for context.
4. **Rate limiting** — export is expensive (many queries). Add a simple cooldown: one export per creator per hour, tracked via a response header or lightweight Redis check. Or skip for MVP and add later — the creator count is <10.
### Natural Task Seams
1. **T01: Backend export endpoint** — New `GET /creator/export` route in `creator_dashboard.py`. Queries all tables, builds ZIP, returns StreamingResponse. ~60% of the work.
2. **T02: Frontend export button** — Add download button to `CreatorDashboard.tsx`, wire to the export endpoint. Handle loading state and errors. ~25% of the work.
3. **T03: Verification** — End-to-end test: authenticated creator hits export, receives ZIP, ZIP contains expected files with valid JSON. ~15% of the work.
### Risks
- **Low risk.** All data access patterns exist. ZIP packaging is stdlib. Auth pattern is established. The only complexity is the number of queries — but they're all simple `SELECT WHERE creator_id = X` with eager loading.

57
.gsd/milestones/M025/slices/S07/tasks/T01-PLAN.md Normal file
View file

@ -0,0 +1,57 @@
---
estimated_steps: 28
estimated_files: 3
skills_used: []
---
# T01: Build backend export endpoint with ZIP streaming
Add `GET /creator/export` to the creator dashboard router. Queries all creator-owned tables (creators, source_videos, key_moments, technique_pages, technique_page_versions, related_technique_links, video_consents + consent_audit_log, posts + post_attachments metadata, highlight_candidates + generated_shorts), serializes each to JSON, packages into a ZIP archive, and returns via StreamingResponse.
The endpoint uses the established auth pattern from the transparency endpoint. Each table gets its own JSON file in the ZIP. UUIDs and datetimes serialize via `default=str`. An `export_metadata.json` includes timestamp, creator_id, and a note that binary attachments are not included.
Related technique links include both outgoing and incoming links where the creator's technique pages are involved. Highlight candidates and generated shorts are reached through source_videos → key_moments.
Includes a pytest that mocks DB queries and verifies the endpoint returns a valid ZIP with expected file entries.
## Steps
1. Read `backend/routers/creator_dashboard.py` to understand the existing auth pattern and imports
2. Read relevant model classes in `backend/models.py` for column names: Creator, SourceVideo, KeyMoment, TechniquePage, TechniquePageVersion, RelatedTechniqueLink, VideoConsent, ConsentAuditLog, Post, PostAttachment, HighlightCandidate, GeneratedShort
3. Add the `GET /creator/export` endpoint to `creator_dashboard.py`:
- Reuse auth pattern from `get_creator_transparency`
- Query each table with `creator_id` filter (direct or via joins)
- Serialize each result set to a list of dicts using column introspection or explicit field lists
- Build ZIP in-memory with `io.BytesIO` + `zipfile.ZipFile`
- Return `StreamingResponse` with `application/zip` content type and `Content-Disposition` header
4. Add structured logging: log.info on export start (creator_id) and completion (file count, approximate size)
5. Write `backend/tests/test_export.py` — standalone ASGI test (no real DB needed):
- Mock the DB session to return canned model instances
- Call `GET /creator/export` with auth
- Assert response is 200, content-type is zip
- Open returned bytes as ZipFile, assert expected file names present
- Parse each JSON file and assert valid structure
6. Run the test and verify it passes
## Must-Haves
- [ ] Endpoint returns a valid ZIP with all 10 JSON files
- [ ] Auth required — 401 without token, 404 without creator link
- [ ] UUIDs and datetimes serialize correctly (no crash)
- [ ] Related technique links include cross-creator references with context
- [ ] export_metadata.json has timestamp and creator_id
- [ ] Test file passes
## Inputs
- ``backend/routers/creator_dashboard.py` — existing creator dashboard router with auth pattern`
- ``backend/models.py` — all ORM model definitions for creator-owned tables`
## Expected Output
- ``backend/routers/creator_dashboard.py` — extended with GET /creator/export endpoint`
- ``backend/tests/test_export.py` — standalone test for export endpoint`
## Verification
cd backend && python -m pytest tests/test_export.py -v

77
.gsd/milestones/M025/slices/S07/tasks/T01-SUMMARY.md Normal file
View file

@ -0,0 +1,77 @@
---
id: T01
parent: S07
milestone: M025
provides: []
requires: []
affects: []
key_files: ["backend/routers/creator_dashboard.py", "backend/tests/test_export.py"]
key_decisions: ["In-memory ZIP via io.BytesIO rather than disk streaming — per-creator datasets are small enough", "Column introspection via __table__.columns for serialization — adapts to schema changes automatically"]
patterns_established: []
drill_down_paths: []
observability_surfaces: []
duration: ""
verification_result: "Ran `cd backend && python -m pytest tests/test_export.py -v` — all 9 tests pass: ZIP structure, JSON content, UUID/datetime serialization, cross-references, metadata fields, 404 without creator link, 401 without auth."
completed_at: 2026-04-04T14:16:40.842Z
blocker_discovered: false
---
# T01: Added GET /creator/export endpoint that returns a ZIP archive containing all creator-owned data across 12 tables plus export metadata
> Added GET /creator/export endpoint that returns a ZIP archive containing all creator-owned data across 12 tables plus export metadata
## What Happened
---
id: T01
parent: S07
milestone: M025
key_files:
- backend/routers/creator_dashboard.py
- backend/tests/test_export.py
key_decisions:
- In-memory ZIP via io.BytesIO rather than disk streaming — per-creator datasets are small enough
- Column introspection via __table__.columns for serialization — adapts to schema changes automatically
duration: ""
verification_result: passed
completed_at: 2026-04-04T14:16:40.842Z
blocker_discovered: false
---
# T01: Added GET /creator/export endpoint that returns a ZIP archive containing all creator-owned data across 12 tables plus export metadata
**Added GET /creator/export endpoint that returns a ZIP archive containing all creator-owned data across 12 tables plus export metadata**
## What Happened
Added the GDPR-style data export endpoint to the creator dashboard router. Queries 12 creator-owned tables (creators, source_videos, key_moments, technique_pages, technique_page_versions, related_technique_links, video_consents, consent_audit_log, posts, post_attachments, highlight_candidates, generated_shorts), serializes each to JSON via _row_to_dict helper with default=str, and packages into a ZIP archive with export_metadata.json. Related technique links include both directions. Highlight candidates and generated shorts reached through key_moments → source_videos chain. Wrote 9 standalone ASGI tests covering ZIP validity, JSON content, serialization, auth, and error paths.
## Verification
Ran `cd backend && python -m pytest tests/test_export.py -v` — all 9 tests pass: ZIP structure, JSON content, UUID/datetime serialization, cross-references, metadata fields, 404 without creator link, 401 without auth.
## Verification Evidence
| # | Command | Exit Code | Verdict | Duration |
|---|---------|-----------|---------|----------|
| 1 | `cd backend && python -m pytest tests/test_export.py -v` | 0 | ✅ pass | 260ms |
## Deviations
Endpoint produces 12 data JSON files + 1 metadata (13 total in ZIP) rather than the 10 mentioned in the task plan. The additional tables (post_attachments, generated_shorts) were referenced in the plan description.
## Known Issues
None.
## Files Created/Modified
- `backend/routers/creator_dashboard.py`
- `backend/tests/test_export.py`
## Deviations
Endpoint produces 12 data JSON files + 1 metadata (13 total in ZIP) rather than the 10 mentioned in the task plan. The additional tables (post_attachments, generated_shorts) were referenced in the plan description.
## Known Issues
None.

52
.gsd/milestones/M025/slices/S07/tasks/T02-PLAN.md Normal file
View file

@ -0,0 +1,52 @@
---
estimated_steps: 22
estimated_files: 3
skills_used: []
---
# T02: Add frontend download button and verify end-to-end
Add an 'Export My Data' download button to the CreatorDashboard page. The button triggers an authenticated fetch to `/api/v1/creator/export`, receives the ZIP blob, and initiates a browser download. Includes loading state while the export runs and error handling for failures.
The API client in `frontend/src/api/client.ts` manages auth tokens. The download uses `fetch()` with the Bearer token (matching the existing `request()` pattern) but handles the response as a blob instead of JSON.
## Steps
1. Read `frontend/src/pages/CreatorDashboard.tsx` to find where to place the export button
2. Read `frontend/src/api/client.ts` to understand the auth token retrieval pattern
3. Add an `exportCreatorData()` function to `frontend/src/api/creator.ts` (or inline in the dashboard) that:
- Fetches `${BASE}/creator/export` with Bearer token
- Returns the response as a Blob
- Throws ApiError on non-200 responses
4. Add an 'Export My Data' button to the CreatorDashboard stats section area, with:
- Loading state (spinner or disabled + text change while downloading)
- Error toast/message on failure
- On success: create object URL from blob, trigger download via hidden anchor click, revoke URL
5. Add CSS for the export button in `CreatorDashboard.module.css` — match existing dashboard styling
6. Verify: build frontend (`npm run build` in frontend/), confirm no TS errors
7. Deploy to ub01 and verify the button appears and download works with a real creator account
## Must-Haves
- [ ] Export button visible on CreatorDashboard when data loads
- [ ] Button shows loading state during download
- [ ] Downloaded file is a valid ZIP named chrysopedia-export-{slug}.zip
- [ ] Error state shown if export fails
- [ ] Frontend builds without errors
## Inputs
- ``frontend/src/pages/CreatorDashboard.tsx` — existing dashboard page`
- ``frontend/src/pages/CreatorDashboard.module.css` — existing dashboard styles`
- ``frontend/src/api/client.ts` — auth token management`
- ``backend/routers/creator_dashboard.py` — export endpoint from T01`
## Expected Output
- ``frontend/src/pages/CreatorDashboard.tsx` — with export download button`
- ``frontend/src/pages/CreatorDashboard.module.css` — with export button styles`
- ``frontend/src/api/creator.ts` — with exportCreatorData() function (if not inlined)`
## Verification
cd frontend && npm run build 2>&1 | tail -5

225
backend/routers/creator_dashboard.py
View file

@ -2,26 +2,39 @@
Returns aggregate counts (videos, technique pages, key moments, search
impressions) and content lists for the logged-in creator's dashboard.
Includes a GDPR-style data export endpoint.
"""
import io
import json
import logging
import zipfile
from datetime import datetime, timezone
from typing import Annotated
from fastapi import APIRouter, Depends, HTTPException
from sqlalchemy import func, select
from fastapi.responses import StreamingResponse
from sqlalchemy import func, or_, select
from sqlalchemy.ext.asyncio import AsyncSession
from sqlalchemy.orm import selectinload
from auth import get_current_user
from database import get_session
from models import (
ConsentAuditLog,
Creator,
GeneratedShort,
HighlightCandidate,
KeyMoment,
Post,
PostAttachment,
RelatedTechniqueLink,
SearchLog,
SourceVideo,
TechniquePage,
TechniquePageVersion,
User,
VideoConsent,
)
from schemas import (
CreatorDashboardResponse,
@ -318,3 +331,213 @@ async def get_creator_transparency(
source_videos=source_videos,
tags=sorted(all_tags),
)
# ── Helpers for data export ──────────────────────────────────────────────────
def _row_to_dict(row) -> dict:
"""Convert a SQLAlchemy model instance to a JSON-serialisable dict.
Handles UUIDs and datetimes via default=str on the final JSON dump.
Skips internal SQLAlchemy state attributes.
"""
d = {}
for col in row.__table__.columns:
val = getattr(row, col.key, None)
d[col.key] = val
return d
# ── Data Export (GDPR-style) ─────────────────────────────────────────────────
@router.get("/export")
async def export_creator_data(
current_user: Annotated[User, Depends(get_current_user)],
db: AsyncSession = Depends(get_session),
) -> StreamingResponse:
"""Export all data derived from the authenticated creator's content.
Returns a ZIP archive containing one JSON file per table, plus an
export_metadata.json. Binary attachments (videos, files) are not
included only metadata and derived content.
"""
if current_user.creator_id is None:
raise HTTPException(
status_code=404,
detail="No creator profile linked to this account",
)
creator_id = current_user.creator_id
# Verify creator exists
creator = (await db.execute(
select(Creator).where(Creator.id == creator_id)
)).scalar_one_or_none()
if creator is None:
logger.error(
"Export: user %s has creator_id %s but creator row missing",
current_user.id, creator_id,
)
raise HTTPException(status_code=404, detail="Linked creator profile not found")
logger.info("Data export started for creator %s", creator_id)
# ── Query all creator-owned tables ───────────────────────────────────
# 1. Creator profile
creators_data = [_row_to_dict(creator)]
# 2. Source videos
videos = (await db.execute(
select(SourceVideo).where(SourceVideo.creator_id == creator_id)
)).scalars().all()
videos_data = [_row_to_dict(v) for v in videos]
video_ids = [v.id for v in videos]
# 3. Key moments (via source videos)
if video_ids:
moments = (await db.execute(
select(KeyMoment).where(KeyMoment.source_video_id.in_(video_ids))
)).scalars().all()
else:
moments = []
moments_data = [_row_to_dict(m) for m in moments]
moment_ids = [m.id for m in moments]
# 4. Technique pages
pages = (await db.execute(
select(TechniquePage).where(TechniquePage.creator_id == creator_id)
)).scalars().all()
pages_data = [_row_to_dict(p) for p in pages]
page_ids = [p.id for p in pages]
# 5. Technique page versions
if page_ids:
versions = (await db.execute(
select(TechniquePageVersion).where(
TechniquePageVersion.technique_page_id.in_(page_ids)
)
)).scalars().all()
else:
versions = []
versions_data = [_row_to_dict(v) for v in versions]
# 6. Related technique links (both directions)
if page_ids:
links = (await db.execute(
select(RelatedTechniqueLink).where(
or_(
RelatedTechniqueLink.source_page_id.in_(page_ids),
RelatedTechniqueLink.target_page_id.in_(page_ids),
)
)
)).scalars().all()
else:
links = []
links_data = [_row_to_dict(lnk) for lnk in links]
# 7. Video consents + audit log
consents = (await db.execute(
select(VideoConsent).where(VideoConsent.creator_id == creator_id)
)).scalars().all()
consents_data = [_row_to_dict(c) for c in consents]
consent_ids = [c.id for c in consents]
if consent_ids:
audit_entries = (await db.execute(
select(ConsentAuditLog).where(
ConsentAuditLog.video_consent_id.in_(consent_ids)
)
)).scalars().all()
else:
audit_entries = []
audit_data = [_row_to_dict(a) for a in audit_entries]
# 8. Posts + post attachments (metadata only)
posts = (await db.execute(
select(Post).where(Post.creator_id == creator_id)
)).scalars().all()
posts_data = [_row_to_dict(p) for p in posts]
post_ids = [p.id for p in posts]
if post_ids:
attachments = (await db.execute(
select(PostAttachment).where(PostAttachment.post_id.in_(post_ids))
)).scalars().all()
else:
attachments = []
attachments_data = [_row_to_dict(a) for a in attachments]
# 9. Highlight candidates (via key moments)
if moment_ids:
highlights = (await db.execute(
select(HighlightCandidate).where(
HighlightCandidate.key_moment_id.in_(moment_ids)
)
)).scalars().all()
else:
highlights = []
highlights_data = [_row_to_dict(h) for h in highlights]
highlight_ids = [h.id for h in highlights]
# 10. Generated shorts (via highlight candidates)
if highlight_ids:
shorts = (await db.execute(
select(GeneratedShort).where(
GeneratedShort.highlight_candidate_id.in_(highlight_ids)
)
)).scalars().all()
else:
shorts = []
shorts_data = [_row_to_dict(s) for s in shorts]
# ── Build ZIP archive ────────────────────────────────────────────────
files_map = {
"creators.json": creators_data,
"source_videos.json": videos_data,
"key_moments.json": moments_data,
"technique_pages.json": pages_data,
"technique_page_versions.json": versions_data,
"related_technique_links.json": links_data,
"video_consents.json": consents_data,
"consent_audit_log.json": audit_data,
"posts.json": posts_data,
"post_attachments.json": attachments_data,
"highlight_candidates.json": highlights_data,
"generated_shorts.json": shorts_data,
}
export_metadata = {
"export_timestamp": datetime.now(timezone.utc).isoformat(),
"creator_id": str(creator_id),
"file_count": len(files_map),
"note": "Binary attachments (video files, uploaded files) are not included. "
"This archive contains metadata and derived content only.",
}
buf = io.BytesIO()
with zipfile.ZipFile(buf, "w", zipfile.ZIP_DEFLATED) as zf:
zf.writestr(
"export_metadata.json",
json.dumps(export_metadata, indent=2, default=str),
)
for filename, data in files_map.items():
zf.writestr(filename, json.dumps(data, indent=2, default=str))
zip_bytes = buf.getvalue()
logger.info(
"Data export complete for creator %s: %d files, %d bytes",
creator_id, len(files_map) + 1, len(zip_bytes),
)
return StreamingResponse(
io.BytesIO(zip_bytes),
media_type="application/zip",
headers={
"Content-Disposition": f'attachment; filename="chrysopedia-export-{creator_id}.zip"',
},
)

426
backend/tests/test_export.py Normal file
View file

@ -0,0 +1,426 @@
"""Tests for the GDPR-style data export endpoint.
Standalone ASGI test mocks the DB session to return canned model
instances. Verifies the endpoint returns a valid ZIP containing all
expected JSON files with correct structure.
"""
from __future__ import annotations
import io
import json
import uuid
import zipfile
from datetime import datetime, timezone
from typing import Any
from unittest.mock import AsyncMock, MagicMock, PropertyMock
import pytest
import pytest_asyncio
from httpx import ASGITransport, AsyncClient
# Ensure backend/ is on sys.path
import pathlib
import sys
sys.path.insert(0, str(pathlib.Path(__file__).resolve().parent.parent))
from auth import get_current_user # noqa: E402
from database import get_session # noqa: E402
from main import app # noqa: E402
from models import UserRole # noqa: E402
# ── Fixtures ─────────────────────────────────────────────────────────────────
CREATOR_ID = uuid.uuid4()
USER_ID = uuid.uuid4()
VIDEO_ID = uuid.uuid4()
MOMENT_ID = uuid.uuid4()
PAGE_ID = uuid.uuid4()
VERSION_ID = uuid.uuid4()
LINK_ID = uuid.uuid4()
CONSENT_ID = uuid.uuid4()
AUDIT_ID = uuid.uuid4()
POST_ID = uuid.uuid4()
ATTACHMENT_ID = uuid.uuid4()
HIGHLIGHT_ID = uuid.uuid4()
SHORT_ID = uuid.uuid4()
def _make_mock_user(*, has_creator: bool = True) -> MagicMock:
"""Build a mock User with optional creator link."""
user = MagicMock()
user.id = USER_ID
user.email = "test@example.com"
user.creator_id = CREATOR_ID if has_creator else None
user.role = UserRole.creator
return user
def _make_model_row(table_name: str, id_val: uuid.UUID, extra: dict[str, Any] | None = None) -> MagicMock:
"""Build a mock SQLAlchemy model row with a __table__.columns interface."""
row = MagicMock()
row.id = id_val
# Base columns every entity has
base = {
"id": id_val,
"created_at": datetime(2025, 1, 1, tzinfo=timezone.utc),
}
if extra:
base.update(extra)
# Build mock __table__.columns
columns = []
for key, val in base.items():
col = MagicMock()
col.key = key
columns.append(col)
setattr(row, key, val)
row.__table__ = MagicMock()
row.__table__.columns = columns
return row
def _make_creator_row():
return _make_model_row("creators", CREATOR_ID, {
"name": "Test Creator",
"slug": "test-creator",
"folder_name": "test_creator",
})
def _make_video_row():
return _make_model_row("source_videos", VIDEO_ID, {
"creator_id": CREATOR_ID,
"filename": "test.mp4",
"processing_status": "complete",
})
def _make_moment_row():
return _make_model_row("key_moments", MOMENT_ID, {
"source_video_id": VIDEO_ID,
"title": "Test Moment",
"summary": "A test moment",
})
def _make_page_row():
return _make_model_row("technique_pages", PAGE_ID, {
"creator_id": CREATOR_ID,
"title": "Test Page",
"slug": "test-page",
})
def _make_version_row():
return _make_model_row("technique_page_versions", VERSION_ID, {
"technique_page_id": PAGE_ID,
"version_number": 1,
"content_snapshot": {"title": "v1"},
})
def _make_link_row():
return _make_model_row("related_technique_links", LINK_ID, {
"source_page_id": PAGE_ID,
"target_page_id": uuid.uuid4(),
"relationship": "general_cross_reference",
})
def _make_consent_row():
return _make_model_row("video_consents", CONSENT_ID, {
"source_video_id": VIDEO_ID,
"creator_id": CREATOR_ID,
"kb_inclusion": True,
})
def _make_audit_row():
return _make_model_row("consent_audit_log", AUDIT_ID, {
"video_consent_id": CONSENT_ID,
"version": 1,
"field_name": "kb_inclusion",
"old_value": False,
"new_value": True,
})
def _make_post_row():
return _make_model_row("posts", POST_ID, {
"creator_id": CREATOR_ID,
"title": "Test Post",
"body_json": {"blocks": []},
})
def _make_attachment_row():
return _make_model_row("post_attachments", ATTACHMENT_ID, {
"post_id": POST_ID,
"filename": "file.pdf",
"object_key": "posts/file.pdf",
"content_type": "application/pdf",
"size_bytes": 1024,
})
def _make_highlight_row():
return _make_model_row("highlight_candidates", HIGHLIGHT_ID, {
"key_moment_id": MOMENT_ID,
"source_video_id": VIDEO_ID,
"score": 0.85,
"duration_secs": 30.0,
"status": "candidate",
})
def _make_short_row():
return _make_model_row("generated_shorts", SHORT_ID, {
"highlight_candidate_id": HIGHLIGHT_ID,
"format_preset": "vertical",
"width": 1080,
"height": 1920,
"status": "complete",
})
def _setup_db_responses(mock_session: AsyncMock) -> None:
"""Configure the mock DB session to return canned data for each query."""
creator_row = _make_creator_row()
video_row = _make_video_row()
moment_row = _make_moment_row()
page_row = _make_page_row()
version_row = _make_version_row()
link_row = _make_link_row()
consent_row = _make_consent_row()
audit_row = _make_audit_row()
post_row = _make_post_row()
attachment_row = _make_attachment_row()
highlight_row = _make_highlight_row()
short_row = _make_short_row()
call_count = 0
def _make_execute_result(scalar_one=None, scalars_all=None):
result = MagicMock()
if scalar_one is not None:
result.scalar_one_or_none.return_value = scalar_one
if scalars_all is not None:
result.scalars.return_value.all.return_value = scalars_all
return result
# The export endpoint issues queries in order:
# 1. Creator (scalar_one_or_none)
# 2. SourceVideo (scalars.all)
# 3. KeyMoment (scalars.all)
# 4. TechniquePage (scalars.all)
# 5. TechniquePageVersion (scalars.all)
# 6. RelatedTechniqueLink (scalars.all)
# 7. VideoConsent (scalars.all)
# 8. ConsentAuditLog (scalars.all)
# 9. Post (scalars.all)
# 10. PostAttachment (scalars.all)
# 11. HighlightCandidate (scalars.all)
# 12. GeneratedShort (scalars.all)
responses = [
_make_execute_result(scalar_one=creator_row), # Creator
_make_execute_result(scalars_all=[video_row]), # SourceVideo
_make_execute_result(scalars_all=[moment_row]), # KeyMoment
_make_execute_result(scalars_all=[page_row]), # TechniquePage
_make_execute_result(scalars_all=[version_row]), # TechniquePageVersion
_make_execute_result(scalars_all=[link_row]), # RelatedTechniqueLink
_make_execute_result(scalars_all=[consent_row]), # VideoConsent
_make_execute_result(scalars_all=[audit_row]), # ConsentAuditLog
_make_execute_result(scalars_all=[post_row]), # Post
_make_execute_result(scalars_all=[attachment_row]), # PostAttachment
_make_execute_result(scalars_all=[highlight_row]), # HighlightCandidate
_make_execute_result(scalars_all=[short_row]), # GeneratedShort
]
async def _execute_side_effect(*args, **kwargs):
nonlocal call_count
idx = min(call_count, len(responses) - 1)
call_count += 1
return responses[idx]
mock_session.execute = AsyncMock(side_effect=_execute_side_effect)
@pytest_asyncio.fixture()
async def export_client():
"""Async HTTP test client with mocked auth and DB session."""
mock_user = _make_mock_user(has_creator=True)
mock_session = AsyncMock()
_setup_db_responses(mock_session)
async def _mock_get_session():
yield mock_session
app.dependency_overrides[get_session] = _mock_get_session
app.dependency_overrides[get_current_user] = lambda: mock_user
transport = ASGITransport(app=app)
async with AsyncClient(transport=transport, base_url="http://testserver/api/v1") as ac:
yield ac
app.dependency_overrides.pop(get_session, None)
app.dependency_overrides.pop(get_current_user, None)
@pytest_asyncio.fixture()
async def no_creator_client():
"""Client where the user has no linked creator profile."""
mock_user = _make_mock_user(has_creator=False)
async def _mock_get_session():
yield AsyncMock()
app.dependency_overrides[get_session] = _mock_get_session
app.dependency_overrides[get_current_user] = lambda: mock_user
transport = ASGITransport(app=app)
async with AsyncClient(transport=transport, base_url="http://testserver/api/v1") as ac:
yield ac
app.dependency_overrides.pop(get_session, None)
app.dependency_overrides.pop(get_current_user, None)
# ── Tests ────────────────────────────────────────────────────────────────────
EXPECTED_JSON_FILES = {
"export_metadata.json",
"creators.json",
"source_videos.json",
"key_moments.json",
"technique_pages.json",
"technique_page_versions.json",
"related_technique_links.json",
"video_consents.json",
"consent_audit_log.json",
"posts.json",
"post_attachments.json",
"highlight_candidates.json",
"generated_shorts.json",
}
@pytest.mark.asyncio
async def test_export_returns_valid_zip(export_client: AsyncClient):
"""Endpoint returns a ZIP containing all expected JSON files."""
resp = await export_client.get("/creator/export")
assert resp.status_code == 200
assert resp.headers["content-type"] == "application/zip"
assert "content-disposition" in resp.headers
assert "chrysopedia-export-" in resp.headers["content-disposition"]
zf = zipfile.ZipFile(io.BytesIO(resp.content))
names = set(zf.namelist())
assert names == EXPECTED_JSON_FILES
@pytest.mark.asyncio
async def test_export_json_files_are_valid(export_client: AsyncClient):
"""Each JSON file in the ZIP is valid JSON with a list at the top level."""
resp = await export_client.get("/creator/export")
zf = zipfile.ZipFile(io.BytesIO(resp.content))
for name in zf.namelist():
data = json.loads(zf.read(name))
if name == "export_metadata.json":
# Metadata is a dict, not a list
assert isinstance(data, dict)
assert "export_timestamp" in data
assert "creator_id" in data
assert data["creator_id"] == str(CREATOR_ID)
else:
assert isinstance(data, list), f"{name} should be a list"
assert len(data) >= 1, f"{name} should have at least one entry"
@pytest.mark.asyncio
async def test_export_creators_json_content(export_client: AsyncClient):
"""Creators JSON file contains the expected creator data."""
resp = await export_client.get("/creator/export")
zf = zipfile.ZipFile(io.BytesIO(resp.content))
creators = json.loads(zf.read("creators.json"))
assert len(creators) == 1
assert creators[0]["name"] == "Test Creator"
assert creators[0]["slug"] == "test-creator"
@pytest.mark.asyncio
async def test_export_uuids_serialize_as_strings(export_client: AsyncClient):
"""UUIDs in the JSON output are serialized as strings, not crashing."""
resp = await export_client.get("/creator/export")
zf = zipfile.ZipFile(io.BytesIO(resp.content))
creators = json.loads(zf.read("creators.json"))
# ID should be a string representation of UUID
creator_id_str = creators[0]["id"]
assert isinstance(creator_id_str, str)
uuid.UUID(creator_id_str) # Should not raise
@pytest.mark.asyncio
async def test_export_datetimes_serialize(export_client: AsyncClient):
"""Datetimes serialize correctly as ISO strings."""
resp = await export_client.get("/creator/export")
zf = zipfile.ZipFile(io.BytesIO(resp.content))
creators = json.loads(zf.read("creators.json"))
created_at = creators[0]["created_at"]
assert isinstance(created_at, str)
assert "2025" in created_at
@pytest.mark.asyncio
async def test_export_related_links_include_cross_references(export_client: AsyncClient):
"""Related technique links file includes cross-creator references."""
resp = await export_client.get("/creator/export")
zf = zipfile.ZipFile(io.BytesIO(resp.content))
links = json.loads(zf.read("related_technique_links.json"))
assert len(links) >= 1
link = links[0]
assert "source_page_id" in link
assert "target_page_id" in link
assert "relationship" in link
@pytest.mark.asyncio
async def test_export_metadata_has_required_fields(export_client: AsyncClient):
"""export_metadata.json has timestamp, creator_id, and note."""
resp = await export_client.get("/creator/export")
zf = zipfile.ZipFile(io.BytesIO(resp.content))
meta = json.loads(zf.read("export_metadata.json"))
assert "export_timestamp" in meta
assert "creator_id" in meta
assert "note" in meta
assert "file_count" in meta
assert meta["file_count"] == 12 # 12 data files
@pytest.mark.asyncio
async def test_export_requires_creator_link(no_creator_client: AsyncClient):
"""404 when the user has no linked creator profile."""
resp = await no_creator_client.get("/creator/export")
assert resp.status_code == 404
assert "No creator profile" in resp.json()["detail"]
@pytest.mark.asyncio
async def test_export_requires_auth():
"""401 when no auth token is provided (default dependency, no override)."""
# Use a fresh app without dependency overrides
transport = ASGITransport(app=app)
async with AsyncClient(transport=transport, base_url="http://testserver") as ac:
resp = await ac.get("/api/v1/creator/export")
assert resp.status_code in (401, 403)