Two prior deploy failures came from transitive deps drifting on every
fresh build (gleam_httpc 4.1.1 calling result.then, then glisten 8.0.3
calling list.range). The root cause is no manifest.toml — every build
re-resolved deps from scratch and tripped on broken combinations within
the allowed ranges.
- Bump wisp 1.x → 2.x and mist 4.x → 6.x so the resolver picks
modern, mutually compatible versions of the whole tree
(stdlib 1.0.3, glisten 9.0.1, httpc 5.0.0).
- Commit manifest.toml so deps are pinned by checksum.
- Adapt to wisp 2.x: json_response now takes String, not StringTree.
- Drop unused gleam/http/response import.
- Add signup/build/ to .gitignore.
gleam_httpc 4.1.1 still calls result.then, which was removed from
gleam_stdlib 0.71.0. Bumping the lower bound forces the resolver to
pick 4.2.x or later, which uses result.try. The < 5.0.0 cap is also
widened to < 6.0.0; the public API is unchanged between 4.2 and 5.0.
Long term: committing a manifest.toml lockfile would stop transitive
deps from drifting on every fresh build.
gleam_stdlib now requires >= 1.14.0, breaking the v1.7.0 pin during
build. Bump to v1.16.0 — a stable release with several weeks of bake
time rather than today's v1.17.0.
A small Gleam HTTP server in signup/ exposes POST /signup that validates
a shared INVITE_CODE env var, then PUTs a user document to CouchDB's
_users database using the existing admin credentials. The frontend gets
back 201 + the username and is expected to call /_session itself to
obtain the AuthSession cookie (chosen over server-side cookie forwarding
because vaquant.at and couch.apoena.dev are different sites and the
cross-site cookie path is fragile under modern browser privacy modes).
Wired into docker-compose as a second service, reachable on
signup-couch.apoena.dev with its own Traefik labels and the same
hardcoded UUID network attachment as couchdb. Reuses COUCHDB_USER /
COUCHDB_PASSWORD for the admin call. INVITE_CODE must be set in Coolify
env vars.