Rewrite backend from FastAPI/Python to PocketBase/Go

[JimScope]

Summary

Complete rewrite of the Ender backend from Python/FastAPI to Go/PocketBase, eliminating PostgreSQL, QStash, and multiple external dependencies while adding new capabilities.

What changed

• Backend: ~9,300 lines of Python → ~3,000 lines of Go (-68%)
• Frontend: 20,941 → 13,856 LOC (-34%), removed auto-generated OpenAPI client in favor of PocketBase JS SDK
• Infrastructure: 5 Docker services → 1 single binary, 49 env vars → 20
• Dependencies: 23 direct Python packages → 5 Go modules, ~307 transitive → ~76

Eliminated

• PostgreSQL (replaced by embedded SQLite)
• Upstash QStash job queue (replaced by Go goroutines)
• Maileroo email provider (SMTP via PocketBase built-in)
• Tropipay payment provider
• Sentry SDK
• Alembic migrations (10 files → 1 PocketBase migration)
• Auto-generated OpenAPI client (replaced by PocketBase JS SDK)
• FastAPI template remnants (issue templates, CI workflows, SVG logos, social preview)

Added

• Real-time SSE subscriptions (PocketBase built-in)
• Litestream continuous SQLite backup to S3
• PocketBase Admin UI at /_/
• Webhook secret encryption (AES)
• PocketBase built-in rate limiting, auth, OAuth2
• Ender branding (:Ender: wordmark, favicon, Google Fonts)
• Design system reference in CLAUDE.md
• Outgoing SMS webhook events: sms_sent, sms_delivered, sms_failed
• USB modem support via standalone Go agent (modem-agent/)
• SMS templates — reusable saved message snippets with dedicated /templates page and template picker in Send SMS dialog
• Scheduled SMS — one-time and recurring message scheduling with /scheduled page, cron-based dispatch, pause/resume controls
• Multi-provider payments — Stripe integration alongside QvaPay, with billing history page

USB Modem Support (new)

• device_type field on sms_devices (android | modem) with migration + backfill
• SSE-based message dispatch for modem devices (no FCM dependency)
• OnRealtimeSubscribeRequest hook guards modem/* SSE topics with device API key auth
• GET /api/sms/pending returns device_id + pending messages (agent resolves its record ID from API key)
• Standalone modem-agent/ Go module using xlab/at for AT commands
• Multi-modem support (each modem runs as independent goroutine with own SSE connection)
• Incoming SMS monitoring and reporting via dev.IncomingSms() channel
• Frontend: device type selector in Add Device dialog, Type column with icons in device table
• Device ownership verification on POST /api/sms/report (IDOR fix)
• Status allowlist (sent/delivered/failed) on report endpoint
• Real-time modem status via SSE modem-status topic (no polling) — backend broadcasts on agent connect/disconnect, frontend subscribes via pb.realtime
• Docker support — modem-agent/Dockerfile (multi-stage, ~15MB image) + opt-in modem profile in docker-compose (docker compose --profile modem up -d)

SMS Templates & Scheduling (new)

• sms_templates collection — name, body, user-scoped CRUD via PocketBase collections API
• scheduled_sms collection — one-time (scheduled_at) or recurring (cron_expression + timezone), with next_run_at computed by record hooks
• POST /api/sms/validate-cron endpoint for frontend cron expression validation
• Cron job (*/1 * * * *) dispatches due schedules, updates status (completed for one-time, advances next_run_at for recurring)
• Frontend: template CRUD page, scheduled SMS CRUD page with pause/resume, template picker in Send SMS dialog, body field upgraded to textarea

Backend highlights

• PocketBase record hooks for business logic (quota, webhooks, subscriptions)
• FCM notifications via goroutines with timeout
• Atomic quota updates with optimistic locking
• Structured logging via PocketBase logger
• Multi-stage Docker build (Alpine, ~50MB image)
• Root .dockerignore for faster build context
• Webhook events for full SMS lifecycle (sms_received, sms_sent, sms_delivered, sms_failed) with event-specific payloads

Frontend highlights

• React 19 useActionState for forms
• TanStack Router loaders instead of useEffect on mount
• Real-time SSE via useRealtimeQuery hook
• Proper TypeScript types (zod-inferred FormData)
• Mint-tinted design system matching ender-homepage

CI/CD

• Removed 4 stale Python CI workflows
• Rewrote deploy workflows with current env vars
• Renamed SERVER_BASE_URL → APP_URL, FRONTEND_HOST → FRONTEND_URL

Test plan

• docker compose build — image builds successfully
• docker compose up — app starts, serves frontend + API on :8090
• PocketBase Admin accessible at /_/
• User signup, login, OAuth (Google/GitHub) flow works
• SMS send via API key + FCM notification to device
• Real-time SSE updates in dashboard
• Webhook delivery on incoming SMS (sms_received)
• Webhook delivery on outgoing SMS status (sms_sent, sms_delivered, sms_failed)
• Plan subscription via QvaPay
• Litestream backup (with S3 env vars set)
• go build ./... compiles cleanly
• npm run build in frontend passes
• Create modem device → device_type: "modem", QR code shown
• POST /api/sms/send targeting modem → status assigned, no FCM
• SSE subscriber on modem/<deviceId> receives message (with valid API key)
• Unauthenticated SSE subscription to modem/* is rejected
• GET /api/sms/pending returns device_id + assigned messages for authenticated device
• POST /api/sms/report rejects status values other than sent/delivered/failed
• POST /api/sms/report rejects message IDs not belonging to the authenticated device
• Multi-modem: two modems receive messages independently via own SSE topics
• Modem agent connects → frontend device table shows green dot instantly (SSE push)
• Modem agent disconnects → frontend device table shows gray dot instantly (SSE push)
• Modem agent resolves its device ID from API key on startup (no manual ID config)
• docker compose --profile modem build modem-agent — modem-agent image builds
• docker compose --profile modem up -d — modem-agent starts after app is healthy
• Modem agent container connects to backend via Docker internal DNS (http://app:8090)
• Create template → appears in templates table → select in Send SMS dialog → body fills
• Create one-time schedule (future time) → status active → cron dispatches → status completed
• Create recurring schedule (*/5 * * * *) → next_run_at computed → dispatches → next_run_at advances
• Pause/resume schedule → cron skips paused / resumes active
• POST /api/sms/validate-cron returns valid + next_run for good expressions, error for bad ones

🤖 Generated with Claude Code

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
ender	Ready	Preview, Comment	Feb 23, 2026 11:48pm