feat(polls): implement MSC3381 polls

.devcontainer/devcontainer.json

@@ -0,0 +1,152 @@
+// Codespace configuration — lives on personal/config (not ephemeral dev/feat branches).
+// This file intentionally targets browser-based use on iPad.
+{
+  "name": "Sable",
+  // Using base + node feature instead of javascript-node:<tag> to avoid
+  // tag availability issues on newer Node versions.
+  "image": "mcr.microsoft.com/devcontainers/base:bookworm",
+
+  "features": {
+    "ghcr.io/devcontainers/features/node:1": { "version": "24" },
+    // Keep git up-to-date for SSH signing support (git ≥ 2.34).
+    "ghcr.io/devcontainers/features/git:1": {},
+    "ghcr.io/devcontainers/features/github-cli:1": {}
+  },
+
+  // ── Codespace user secrets ──────────────────────────────────────────────────
+  // Configure these at: github.com/settings/codespaces > Secrets
+  //
+  //   GIT_SIGNING_KEY  — passphrase-free SSH private key (ed25519 recommended).
+  //                      Add the matching public key to your GitHub account as a
+  //                      "signing key": github.com/settings/keys
+  //                      postCreate.sh will wire up git automatically if set.
+  //
+  //   SSH_AUTH_KEY     — passphrase-free SSH private key (ed25519 recommended).
+  //                      Add the matching public key to ~/.ssh/authorized_keys on
+  //                      any server you want to SSH into from the Codespace.
+  //
+  //   GIT_USER_NAME    — e.g. "Evie"
+  //   GIT_USER_EMAIL   — e.g. "evie@gauthier.id"
+  // ───────────────────────────────────────────────────────────────────────────
+
+  "remoteEnv": {
+    // Pin the pnpm store to a known path so the volume mount works across rebuilds.
+    "PNPM_STORE_DIR": "/home/vscode/.pnpm-store"
+  },
+
+  "customizations": {
+    "vscode": {
+      "settings": {
+        // ── Layout — tuned for iPad browser (vscode.dev / Codespaces web) ─────
+        // Move the activity bar to the top so it isn't hidden by the iOS Safari
+        // toolbar or the browser's combined title/status bar.
+        "workbench.activityBar.location": "top",
+        // Use a menu for the layout control — fewer tiny hit targets on touch.
+        "workbench.layoutControl.type": "menu",
+        // Place the panel (Terminal, Problems, Copilot Chat history) on the
+        // right so it doesn't fight with the keyboard on small screens.
+        "workbench.panel.defaultLocation": "right",
+        // Keep editor tabs visible and wrap them so none are hidden off-screen.
+        "workbench.editor.showTabs": "multiple",
+        "workbench.editor.wrapTabs": true,
+        // Disable minimap — saves horizontal space, improves touch accuracy.
+        "editor.minimap.enabled": false,
+        "editor.scrollBeyondLastLine": false,
+        // Larger default fonts for retina/HiDPI iPad displays.
+        // Fira Code is loaded as a web font by the tonsky.font-fira-code extension.
+        // This works for the Monaco *editor* (HTML/CSS rendered), but xterm.js uses
+        // canvas drawing — it does NOT reliably inherit CSS @font-face on iOS Safari.
+        // MesloLGS NF / Monaco / Meslo are not iOS system fonts either.
+        // → Editor: Fira Code via extension is fine.
+        // → Terminal: use Menlo only (ships with iOS since iOS 7, always available).
+        "editor.fontSize": 14,
+        "editor.fontFamily": "'MesloLGS NF', 'Fira Code', Menlo, 'Courier New', monospace",
+        "editor.fontLigatures": true,
+        "terminal.integrated.fontSize": 14,
+        "terminal.integrated.fontFamily": "Menlo, 'Courier New', monospace",
+        "terminal.integrated.fontLigatures.enabled": false,
+        "terminal.integrated.gpuAcceleration": "off",
+
+        // Use zsh (installed in onCreate) as the default terminal shell.
+        // Explicit profile with -l (login shell) ensures nvm / PATH additions
+        // from the devcontainer node feature are loaded inside the terminal.
+        "terminal.integrated.defaultProfile.linux": "zsh",
+        "terminal.integrated.profiles.linux": {
+          "zsh": { "path": "/bin/zsh", "args": ["-l"] }
+        },
+
+        // Shell integration MUST be enabled for Copilot Chat to run terminal
+        // commands.  We set it explicitly because Powerlevel10k instant prompt
+        // can fire before VS Code injects its integration script and suppress
+        // the markers — postCreate.sh patches .zshrc to guard against this.
+        "terminal.integrated.shellIntegration.enabled": true,
+
+        // ── Git signing ───────────────────────────────────────────────────────
+        // postCreate.sh configures gpg.format and user.signingkey if
+        // GIT_SIGNING_KEY secret is present.  This just keeps VS Code's git
+        // UI in sync.
+        "git.enableCommitSigning": true,
+        "git.confirmSync": false,
+
+        // ── Copilot Chat ──────────────────────────────────────────────────────
+        // Always show follow-ups and keep chat history accessible.
+        "github.copilot.chat.followUps": "always",
+        // Disable auto-discovery of extension-provided MCP servers (e.g. the
+        // io.github.github/github-mcp-server registered by vscode-pull-request-github).
+        // Our explicit HTTP server in .vscode/mcp.json is unaffected and handles all
+        // GitHub MCP calls without requiring a token prompt.
+        "chat.mcp.discovery.enabled": false
+      },
+      "extensions": [
+        // ── Copilot ───────────────────────────────────────────────────────────
+        "GitHub.copilot",
+        "GitHub.copilot-chat",
+        "GitHub.vscode-pull-request-github",
+        // ── Font (web font — required for terminal in browser/iPad) ───────────
+        "tonsky.font-fira-code",
+        // ── Theme ─────────────────────────────────────────────────────────────
+        "GitHub.github-vscode-theme",
+        // ── Formatting & linting ──────────────────────────────────────────────
+        "esbenp.prettier-vscode",
+        "dbaeumer.vscode-eslint",
+        "streetsidesoftware.code-spell-checker",
+        "davidanson.vscode-markdownlint",
+        // ── Testing ───────────────────────────────────────────────────────────
+        "vitest.explorer",
+        // ── TypeScript / React ────────────────────────────────────────────────
+        "bradlc.vscode-tailwindcss",
+        "styled-components.vscode-styled-components",
+        "dsznajder.es7-react-js-snippets",
+        "formulahendry.auto-rename-tag",
+        "wix.vscode-import-cost",
+        // ── Utilities ─────────────────────────────────────────────────────────
+        "christian-kohler.path-intellisense",
+        "usernamehw.errorlens",
+        "gruntfuggly.todo-tree",
+        "wayou.vscode-todo-highlight",
+        "webpro.vscode-knip",
+        "lokalise.i18n-ally",
+        // ── Infrastructure ────────────────────────────────────────────────────
+        "hashicorp.terraform",
+        "zamerick.vscode-caddyfile-syntax"
+      ]
+    }
+  },
+
+  // ── Port forwarding ─────────────────────────────────────────────────────────
+  "forwardPorts": [5173, 4173],
+  "portsAttributes": {
+    "5173": { "label": "Vite dev", "onAutoForward": "notify" },
+    "4173": { "label": "Vite preview", "onAutoForward": "notify" }
+  },
+
+  // ── Persistence ─────────────────────────────────────────────────────────────
+  // Named volume keeps the pnpm content-addressable store across rebuilds.
+  // Combined with the PNPM_STORE_DIR env var above so postCreate can also
+  // point pnpm at the same path.
+  "mounts": ["source=sable-pnpm-store,target=/home/vscode/.pnpm-store,type=volume"],
+
+  "postCreateCommand": "bash .devcontainer/postCreate.sh",
+  "onCreateCommand": "bash .devcontainer/onCreate.sh",
+  "remoteUser": "vscode"
+}

.devcontainer/onCreate.sh

@@ -0,0 +1,60 @@
+#!/bin/bash
+# onCreate.sh — runs during prebuild AND on first Codespace creation.
+# No user secrets are available here — keep this purely about dependencies.
+# Everything here is cached in the prebuild snapshot.
+set -euo pipefail
+
+# ── Ensure the node feature's PATH additions are active ──────────────────────
+# The devcontainers node feature installs via nvm; source it so `node`/`pnpm`
+# resolve correctly even in non-login, non-interactive shells.
+export NVM_DIR="${NVM_DIR:-/usr/local/share/nvm}"
+# shellcheck source=/dev/null
+[ -s "${NVM_DIR}/nvm.sh" ] && source "${NVM_DIR}/nvm.sh" --no-use
+# Activate the version pinned in .nvmrc / package.json engines.
+nvm use 24 2>/dev/null || nvm use node
+
+# ── Fix named-volume ownership ────────────────────────────────────────────────
+# Docker mounts named volumes as root; fix ownership so the vscode user can write.
+if [ -d "${PNPM_STORE_DIR:-}" ]; then
+  sudo chown -R "$(id -u):$(id -g)" "${PNPM_STORE_DIR}"
+fi
+
+# ── pnpm ──────────────────────────────────────────────────────────────────────
+# Suppress corepack's interactive download-confirmation prompt in CI/prebuild.
+export COREPACK_ENABLE_DOWNLOAD_PROMPT=0
+
+# Enable corepack so the exact pnpm version from package.json#packageManager is used.
+corepack enable
+
+# Point pnpm at the persistent named-volume store so packages survive rebuilds.
+if [ -n "${PNPM_STORE_DIR:-}" ]; then
+  pnpm config set store-dir "${PNPM_STORE_DIR}"
+fi
+
+pnpm install
+
+# ── Zsh + Oh My Zsh + Powerlevel10k ──────────────────────────────────────────
+# Install these during prebuild so the first Codespace start is fast.
+# The dotfiles checkout in postCreate.sh will provide .zshrc / .p10k.zsh.
+
+# Install zsh and tmux if not already present (base:bookworm ships zsh, but be safe).
+if ! command -v zsh &>/dev/null || ! command -v tmux &>/dev/null; then
+  sudo apt-get update -qq && sudo apt-get install -y -qq zsh tmux
+fi
+
+# Install Oh My Zsh non-interactively (KEEP_ZSHRC=yes preserves any existing .zshrc).
+if [ ! -d "${HOME}/.oh-my-zsh" ]; then
+  KEEP_ZSHRC=yes CHSH=no RUNZSH=no \
+    sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"
+fi
+
+# Install Powerlevel10k as an OMZ custom theme.
+P10K_DIR="${ZSH_CUSTOM:-${HOME}/.oh-my-zsh/custom}/themes/powerlevel10k"
+if [ ! -d "${P10K_DIR}" ]; then
+  git clone --depth=1 https://github.com/romkatv/powerlevel10k.git "${P10K_DIR}"
+fi
+
+# Make zsh the default shell for this user.
+sudo chsh -s "$(command -v zsh)" "$(whoami)"
+
+echo "✓ onCreate complete"

.devcontainer/postCreate.sh

@@ -0,0 +1,157 @@
+#!/bin/bash
+# postCreate.sh — runs once after the Codespace container is created (NOT during prebuild).
+# Secrets (GIT_SIGNING_KEY, GIT_USER_NAME, GIT_USER_EMAIL) are available here.
+set -euo pipefail
+
+# ── Dotfiles (bare git repo, MacStudio branch) ────────────────────────────────
+# The dotfiles repo uses the "bare repo in $HOME" pattern.
+# We clone a specific branch so we get the VS Code / Codespace-aware config
+# (e.g. the P10k instant-prompt guard for $TERM_PROGRAM == "vscode").
+DOTFILES_REPO="https://github.com/Just-Insane/dotfiles.git"
+DOTFILES_BRANCH="codespaces"
+DOTFILES_DIR="${HOME}/.cfg"
+
+if [ ! -d "${DOTFILES_DIR}" ]; then
+  git clone --bare --branch "${DOTFILES_BRANCH}" "${DOTFILES_REPO}" "${DOTFILES_DIR}"
+
+  # Check out dotfiles to $HOME.  Use --force to overwrite any stub files
+  # created by the devcontainer (e.g. a default .bashrc).
+  git --git-dir="${DOTFILES_DIR}" --work-tree="${HOME}" checkout --force "${DOTFILES_BRANCH}"
+
+  # Don't show untracked files (the whole home dir) in status.
+  git --git-dir="${DOTFILES_DIR}" --work-tree="${HOME}" \
+    config --local status.showUntrackedFiles no
+
+  echo "✓ Dotfiles checked out from ${DOTFILES_BRANCH}"
+else
+  # Already exists (e.g. Codespace resumed) — just pull latest.
+  git --git-dir="${DOTFILES_DIR}" --work-tree="${HOME}" \
+    fetch origin "${DOTFILES_BRANCH}" && \
+  git --git-dir="${DOTFILES_DIR}" --work-tree="${HOME}" \
+    checkout --force "${DOTFILES_BRANCH}"
+  echo "✓ Dotfiles updated"
+fi
+
+# ── Powerlevel10k — browser-compatible glyph mode ────────────────────────────
+# MesloLGS NF / Nerd Font glyphs are unavailable in browser-based Codespaces.
+# Patch .p10k.zsh to use the 'compatible' Unicode symbol set instead, which
+# renders correctly with any modern monospace font (e.g. Fira Code via extension).
+# The POWERLEVEL9K_MODE line has no quotes: POWERLEVEL9K_MODE=nerdfont-complete
+if [ -f "${HOME}/.p10k.zsh" ]; then
+  sed -i "s/POWERLEVEL9K_MODE=.*/POWERLEVEL9K_MODE=compatible/" \
+    "${HOME}/.p10k.zsh"
+  echo "✓ p10k mode set to compatible"
+else
+  echo "⚠ ~/.p10k.zsh not found — skipping p10k patch (add it to your dotfiles repo)"
+fi
+
+# ── Powerlevel10k — disable instant prompt in Codespace terminal ──────────────
+# Instant prompt outputs to the terminal before VS Code injects its shell
+# integration script.  This breaks the integration markers that Copilot Chat
+# relies on to run commands.
+# We unconditionally disable it here because:
+#   - In a Codespace, VS Code shell integration is always needed for Copilot Chat.
+#   - $TERM_PROGRAM is NOT reliably set to "vscode" in browser-based Codespaces
+#     (e.g. iPad / vscode.dev), so a conditional guard can silently fail.
+# The check is idempotent — safe to run on Codespace resume.
+if [ -f "${HOME}/.zshrc" ]; then
+  if ! grep -q 'POWERLEVEL9K_INSTANT_PROMPT=off' "${HOME}/.zshrc"; then
+    tmp=$(mktemp)
+    {
+      printf '# Disable P10k instant prompt — it fires before VS Code shell\n'
+      printf '# integration is injected, breaking Copilot Chat terminal access.\n'
+      printf '# Unconditional: $TERM_PROGRAM is not reliable in browser Codespaces.\n'
+      printf 'typeset -g POWERLEVEL9K_INSTANT_PROMPT=off\n\n'
+      cat "${HOME}/.zshrc"
+    } > "$tmp"
+    mv "$tmp" "${HOME}/.zshrc"
+    echo "✓ P10k instant prompt unconditionally disabled"
+  else
+    echo "✓ P10k instant prompt already disabled"
+  fi
+else
+  echo "⚠ ~/.zshrc not found — skipping instant-prompt patch (dotfiles not checked out?)"
+fi
+
+# ── Git identity ──────────────────────────────────────────────────────────────
+# Populate from Codespace user secrets if they aren't already set by dotfiles.
+if [ -n "${GIT_USER_NAME:-}" ] && [ -z "$(git config --global user.name 2>/dev/null)" ]; then
+  git config --global user.name "${GIT_USER_NAME}"
+fi
+
+if [ -n "${GIT_USER_EMAIL:-}" ] && [ -z "$(git config --global user.email 2>/dev/null)" ]; then
+  git config --global user.email "${GIT_USER_EMAIL}"
+fi
+
+# ── Git SSH commit signing ────────────────────────────────────────────────────
+# Requires a Codespace user secret named GIT_SIGNING_KEY containing a
+# passphrase-free SSH private key (ed25519 recommended).
+#
+# To set up:
+#   1. Generate a key: ssh-keygen -t ed25519 -C "codespace signing" -N "" -f ~/.ssh/signing_key
+#   2. Copy the private key into a GitHub Codespace secret called GIT_SIGNING_KEY:
+#        github.com/settings/codespaces > Secrets > New secret
+#   3. Add the *public* key to your GitHub account as a signing key (not auth key):
+#        github.com/settings/keys > New signing key
+# ----------------------------------------------------------------------------
+if [ -n "${GIT_SIGNING_KEY:-}" ]; then
+  SSH_DIR="${HOME}/.ssh"
+  mkdir -p "${SSH_DIR}"
+  chmod 700 "${SSH_DIR}"
+
+  KEY_FILE="${SSH_DIR}/git_signing_key"
+  printf '%s\n' "${GIT_SIGNING_KEY}" > "${KEY_FILE}"
+  chmod 600 "${KEY_FILE}"
+
+  # Derive the public key from the private key so the user only stores one secret.
+  ssh-keygen -y -f "${KEY_FILE}" > "${KEY_FILE}.pub"
+  chmod 644 "${KEY_FILE}.pub"
+
+  # Configure git to use SSH signing.
+  git config --global gpg.format ssh
+  git config --global user.signingkey "${KEY_FILE}.pub"
+  git config --global commit.gpgsign true
+  git config --global tag.gpgsign true
+
+  # Allow this key when verifying signatures locally.
+  ALLOWED_SIGNERS="${SSH_DIR}/allowed_signers"
+  EMAIL="$(git config --global user.email 2>/dev/null || echo "evie@gauthier.id")"
+  echo "${EMAIL} $(cat "${KEY_FILE}.pub")" > "${ALLOWED_SIGNERS}"
+  git config --global gpg.ssh.allowedSignersFile "${ALLOWED_SIGNERS}"
+
+  # Load the key into the ssh-agent so it's available for signing and SSH auth.
+  eval "$(ssh-agent -s)" &>/dev/null || true
+  ssh-add "${KEY_FILE}"
+
+  echo "✓ Git SSH commit signing configured (${KEY_FILE}.pub)"
+fi
+
+# ── SSH auth key ──────────────────────────────────────────────────────────────
+# Requires a Codespace user secret named SSH_AUTH_KEY containing a
+# passphrase-free SSH private key (ed25519 recommended).
+#
+# To set up:
+#   1. Generate a key: ssh-keygen -t ed25519 -C "codespace auth" -N "" -f ~/.ssh/id_ed25519
+#   2. Copy the private key into a GitHub Codespace secret called SSH_AUTH_KEY:
+#        github.com/settings/codespaces > Secrets > New secret
+#   3. Add the *public* key to ~/.ssh/authorized_keys on your server.
+# ----------------------------------------------------------------------------
+if [ -n "${SSH_AUTH_KEY:-}" ]; then
+  SSH_DIR="${HOME}/.ssh"
+  mkdir -p "${SSH_DIR}"
+  chmod 700 "${SSH_DIR}"
+
+  AUTH_KEY_FILE="${SSH_DIR}/id_ed25519"
+  printf '%s\n' "${SSH_AUTH_KEY}" > "${AUTH_KEY_FILE}"
+  chmod 600 "${AUTH_KEY_FILE}"
+
+  ssh-keygen -y -f "${AUTH_KEY_FILE}" > "${AUTH_KEY_FILE}.pub"
+  chmod 644 "${AUTH_KEY_FILE}.pub"
+
+  eval "$(ssh-agent -s)" &>/dev/null || true
+  ssh-add "${AUTH_KEY_FILE}"
+
+  echo "✓ SSH auth key loaded (${AUTH_KEY_FILE}.pub)"
+fi
+
+echo "✓ postCreate complete"