feat: simplify feed creation flows

.devcontainer/Dockerfile

@@ -5,14 +5,18 @@ SHELL ["/bin/sh", "-o", "pipefail", "-c"]
 RUN apk add --no-cache \
     bash \
     build-base \
+    chromium \
     curl \
     git \
+    harfbuzz \
     libxml2-dev \
     libxslt-dev \
     nodejs \
+    nss \
     npm \
     openssl-dev \
     python3 \
+    ttf-freefont \
     yaml-dev \
     tzdata
 

AGENTS.md

@@ -15,6 +15,7 @@ This document defines execution constraints for AI agents. For general contribut
 ## Agent-Specific Verification Rules
 
 - Always run Dev Container smoke + `make ready` for changes.
+- For frontend changes or API contract/spec changes, run `make ci-ready` to mirror CI parity checks.
 - For frontend changes, also verify in `chrome-devtools` MCP at `http://127.0.0.1:4001/` while the Dev Container is running.
 - Capture a quick state check for all affected UI states (e.g., guest/member/result) to enforce state parity and avoid duplicate actions.
 

Gemfile

@@ -4,14 +4,15 @@ source 'https://rubygems.org'
 
 git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
 
-gem 'html2rss', '~> 0.18'
-# gem 'html2rss', github: 'html2rss/html2rss', branch: :master
+# gem 'html2rss', '~> 0.18'
+gem 'html2rss', github: 'html2rss/html2rss', branch: 'codex-pr-auto-fallback-pipeline'
 gem 'html2rss-configs', github: 'html2rss/html2rss-configs'
 
 # Use these instead of the two above (uncomment them) when developing locally:
 # gem 'html2rss', path: '../html2rss'
 # gem 'html2rss-configs', path: '../html2rss-configs'
 
+gem 'concurrent-ruby'
 gem 'parallel'
 gem 'rack-cache'
 gem 'rack-timeout'
@@ -21,7 +22,6 @@ gem 'zeitwerk'
 gem 'puma', require: false
 
 group :development do
-  gem 'byebug'
   gem 'irb', require: false
   gem 'rake', require: false
   gem 'rubocop', require: false

Makefile

@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
-.PHONY: help test lint lint-js lint-ruby lintfix lintfix-js lintfix-ruby setup dev clean frontend-setup check-frontend quick-check ready yard-verify-public-docs openapi openapi-verify openapi-client openapi-client-verify openapi-lint openapi-lint-redocly openapi-lint-spectral openai-lint-spectral test-frontend-e2e
+.PHONY: help test lint lint-js lint-ruby lintfix lintfix-js lintfix-ruby setup dev clean frontend-setup check-frontend quick-check ready ci-ready yard-verify-public-docs openapi openapi-verify openapi-client openapi-client-verify openapi-lint openapi-lint-redocly openapi-lint-spectral openai-lint-spectral test-frontend-e2e
+
+RUBOCOP_FLAGS ?= --cache false
 
 # Default target
 help: ## Show this help message
@@ -60,7 +62,7 @@ lint: lint-ruby lint-js ## Run all linters (Ruby + Frontend) - errors when issue
 
 lint-ruby: ## Run Ruby linter (RuboCop) - errors when issues found
 	@echo "Running RuboCop linting..."
-	bundle exec rubocop
+	bundle exec rubocop $(RUBOCOP_FLAGS)
 	@echo "Running Zeitwerk eager-load check..."
 	bundle exec rake zeitwerk:verify
 	@echo "Running YARD public-method docs check..."
@@ -105,6 +107,13 @@ ready: ## Pre-commit gate (quick checks + RSpec)
 	bundle exec rspec
 	@echo "Pre-commit checks complete!"
 
+ci-ready: ## CI parity gate (ready + OpenAPI verify + frontend e2e smoke)
+	@echo "Running CI parity checks..."
+	$(MAKE) ready
+	$(MAKE) openapi-verify
+	$(MAKE) test-frontend-e2e
+	@echo "CI parity checks complete!"
+
 yard-verify-public-docs: ## Verify essential YARD docs for all public methods in app/
 	bundle exec rake yard:verify_public_docs
 

app.rb

@@ -13,6 +13,21 @@
 
 module Html2rss
   module Web
+    DEFAULT_HEADERS = {
+      'X-Content-Type-Options' => 'nosniff',
+      'X-XSS-Protection' => '1; mode=block',
+      'X-Frame-Options' => 'SAMEORIGIN',
+      'X-Permitted-Cross-Domain-Policies' => 'none',
+      'Referrer-Policy' => 'strict-origin-when-cross-origin',
+      'Permissions-Policy' => 'geolocation=(), microphone=(), camera=()',
+      'Strict-Transport-Security' => 'max-age=31536000; includeSubDomains; preload',
+      'Cross-Origin-Embedder-Policy' => 'require-corp',
+      'Cross-Origin-Opener-Policy' => 'same-origin',
+      'Cross-Origin-Resource-Policy' => 'same-origin',
+      'X-DNS-Prefetch-Control' => 'off',
+      'X-Download-Options' => 'noopen'
+    }.freeze
+
     ##
     # Roda app serving RSS feeds via html2rss
     class App < Roda
@@ -32,7 +47,8 @@ class App < Roda
         </html>
       HTML
       FRONTEND_DIST_PATH = 'frontend/dist'
-      FRONTEND_INDEX_PATH = File.join(FRONTEND_DIST_PATH, 'index.html')
+      FRONTEND_DIST_INDEX_PATH = File.join(FRONTEND_DIST_PATH, 'index.html')
+      FRONTEND_SOURCE_INDEX_PATH = 'frontend/index.html'
       def self.development? = EnvironmentValidator.development?
 
       def development? = self.class.development?
@@ -43,7 +59,7 @@ def development? = self.class.development?
 
       plugin :content_security_policy do |csp|
         csp.default_src :none
-        csp.style_src :self, "'unsafe-inline'"
+        csp.style_src :self
         csp.script_src :self
         csp.connect_src :self
         csp.img_src :self
@@ -65,21 +81,7 @@ def development? = self.class.development?
         csp.block_all_mixed_content
         csp.upgrade_insecure_requests
       end
-
-      plugin :default_headers, {
-        'X-Content-Type-Options' => 'nosniff',
-        'X-XSS-Protection' => '1; mode=block',
-        'X-Frame-Options' => 'SAMEORIGIN',
-        'X-Permitted-Cross-Domain-Policies' => 'none',
-        'Referrer-Policy' => 'strict-origin-when-cross-origin',
-        'Permissions-Policy' => 'geolocation=(), microphone=(), camera=()',
-        'Strict-Transport-Security' => 'max-age=31536000; includeSubDomains; preload',
-        'Cross-Origin-Embedder-Policy' => 'require-corp',
-        'Cross-Origin-Opener-Policy' => 'same-origin',
-        'Cross-Origin-Resource-Policy' => 'same-origin',
-        'X-DNS-Prefetch-Control' => 'off',
-        'X-Download-Options' => 'noopen'
-      }
+      plugin :default_headers, DEFAULT_HEADERS
 
       plugin :json_parser
       plugin :static,
@@ -91,7 +93,7 @@ def development? = self.class.development?
       plugin :not_allowed
       plugin :exception_page
       plugin :error_handler do |error|
-        next exception_page(error) if development?
+        next exception_page(error) if development? && !error.is_a?(HttpError)
 
         ErrorResponder.respond(request: request, response: response, error: error)
       end
@@ -107,7 +109,16 @@ def development? = self.class.development?
 
       def render_index_page(router)
         router.response['Content-Type'] = 'text/html'
-        File.exist?(FRONTEND_INDEX_PATH) ? File.read(FRONTEND_INDEX_PATH) : FALLBACK_HTML
+        index_path = index_page_path
+        return File.read(index_path) if index_path
+
+        FALLBACK_HTML
+      end
+
+      def index_page_path
+        return FRONTEND_DIST_INDEX_PATH if File.exist?(FRONTEND_DIST_INDEX_PATH)
+
+        FRONTEND_SOURCE_INDEX_PATH if development? && File.exist?(FRONTEND_SOURCE_INDEX_PATH)
       end
     end
   end