Initial commit: RSS platform phase 1 skeleton with code review fixes

Features:
- FastAPI + SQLAlchemy 2.0 async + PostgreSQL/pgvector + Redis backend
- Vue 3 + TypeScript + Element Plus frontend
- JWT auth with access/refresh tokens and revocation
- Admin/member RBAC
- RSS feed CRUD and article listing
- Settings management with Fernet encryption for sensitive values
- Redis distributed lock service
- Alembic initial migration
- Docker Compose development environment

Fixes from code review:
- Fix DB session leak in dependency injection
- Restrict registration to admin only
- Add default admin password warning
- Implement JWT refresh tokens and jti blacklist
- Strengthen password policy
- Use func.count for pagination totals
- Replace NullPool with AsyncAdaptedQueuePool
- Remove init_db from lifespan to enforce alembic migrations
- Add request_id middleware and logging filter
- Fix vite.config.ts env loading
- Add frontend token refresh interceptor
- Add Vue error handler

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

backend/app/schemas/article.py

@@ -0,0 +1,57 @@
+"""Article Pydantic schemas."""
+from pydantic import BaseModel, ConfigDict, Field
+
+
+class ArticleListParams(BaseModel):
+    """Article list query parameters."""
+
+    feed_id: str | None = None
+    category: str | None = None
+    tag: str | None = None
+    search: str | None = None
+    is_read: bool | None = None
+    skip: int = 0
+    limit: int = Field(default=50, le=200)
+
+
+class ArticleOut(BaseModel):
+    """Cleaned article output schema."""
+
+    model_config = ConfigDict(from_attributes=True)
+
+    id: str
+    raw_article_id: str | None = None
+    feed_id: str
+    title: str | None = None
+    link: str
+    author: str | None = None
+    feed_title: str | None = None
+    feed_category: str | None = None
+    published_at: str | None = None
+    fetched_at: str
+    content: str | None = None
+    original_summary: str | None = None
+    ai_summary: str | None = None
+    category: str | None = None
+    tags: list[str] = []
+    heat_score: float = 0.0
+    importance_score: float = 0.0
+    duplication_score: float = 0.0
+    composite_score: float = 0.0
+    is_representative: bool = True
+    reference_links: list[dict] = []
+    processing_status: str = "pending"
+    created_at: str
+    updated_at: str
+
+    @classmethod
+    def model_validate(cls, obj):
+        """Format datetime fields."""
+        data = {}
+        for key in obj.__dict__:
+            value = getattr(obj, key)
+            if key in ("created_at", "updated_at", "published_at", "fetched_at") and value is not None:
+                data[key] = value.isoformat()
+            else:
+                data[key] = value
+        return cls.model_construct(**data)

backend/app/schemas/common.py

@@ -0,0 +1,28 @@
+"""Common Pydantic schemas."""
+from pydantic import BaseModel, ConfigDict, Field
+
+
+class PaginationParams(BaseModel):
+    """Pagination query parameters."""
+
+    skip: int = Field(default=0, ge=0)
+    limit: int = Field(default=50, ge=1, le=200)
+
+
+class PaginatedResponse(BaseModel):
+    """Paginated response wrapper."""
+
+    total: int
+    items: list
+
+
+class MessageResponse(BaseModel):
+    """Simple message response."""
+
+    message: str
+
+
+class BaseSchema(BaseModel):
+    """Base schema with ORM mode."""
+
+    model_config = ConfigDict(from_attributes=True)

backend/app/schemas/feed.py

@@ -0,0 +1,66 @@
+"""Feed Pydantic schemas."""
+from pydantic import BaseModel, ConfigDict, Field, HttpUrl
+
+
+class FeedBase(BaseModel):
+    """Base feed schema."""
+
+    url: HttpUrl
+    title: str | None = Field(default="", max_length=512)
+    description: str | None = ""
+    category: str | None = Field(default="", max_length=128)
+    is_active: bool = True
+    fetch_interval_minutes: int = Field(default=60, ge=15)
+    priority: int = Field(default=5, ge=1, le=10)
+    parser_config: dict = {}
+    proxy_policy: str = "auto"
+
+
+class FeedCreate(FeedBase):
+    """Feed creation schema."""
+
+    pass
+
+
+class FeedUpdate(BaseModel):
+    """Feed update schema."""
+
+    title: str | None = Field(default=None, max_length=512)
+    description: str | None = None
+    category: str | None = Field(default=None, max_length=128)
+    is_active: bool | None = None
+    fetch_interval_minutes: int | None = Field(default=None, ge=15)
+    priority: int | None = Field(default=None, ge=1, le=10)
+    parser_config: dict | None = None
+    proxy_policy: str | None = None
+
+
+class FeedOut(FeedBase):
+    """Feed output schema."""
+
+    model_config = ConfigDict(from_attributes=True)
+
+    id: str
+    last_fetch_at: str | None = None
+    last_fetch_status: str | None = None
+    last_error: str | None = None
+    error_type: str | None = None
+    success_count: int = 0
+    fail_count: int = 0
+    article_count: int = 0
+    health_status: str = "unknown"
+    created_at: str
+    updated_at: str
+
+    @classmethod
+    def model_validate(cls, obj):
+        """Override to compute health_status and format datetimes."""
+        data = {}
+        for key in obj.__dict__:
+            value = getattr(obj, key)
+            if key in ("created_at", "updated_at", "last_fetch_at") and value is not None:
+                data[key] = value.isoformat()
+            else:
+                data[key] = value
+        data["health_status"] = obj.health_status()
+        return cls.model_construct(**data)

backend/app/schemas/user.py

@@ -0,0 +1,76 @@
+"""User Pydantic schemas."""
+import re
+
+from pydantic import BaseModel, ConfigDict, Field, field_validator
+
+_PASSWORD_RE = re.compile(r"^(?=.*[A-Za-z])(?=.*\d)[A-Za-z\d@$!%*?&_.-]{8,128}$")
+
+
+class UserBase(BaseModel):
+    """Base user schema."""
+
+    username: str = Field(..., min_length=3, max_length=64)
+    role: str = "member"
+    is_active: bool = True
+
+    @field_validator("role")
+    @classmethod
+    def _validate_role(cls, value: str) -> str:
+        allowed = {"admin", "member"}
+        if value not in allowed:
+            raise ValueError(f"role must be one of {allowed}")
+        return value
+
+
+class UserCreate(UserBase):
+    """User creation schema."""
+
+    password: str = Field(..., min_length=8, max_length=128)
+
+    @field_validator("password")
+    @classmethod
+    def _validate_password_strength(cls, value: str) -> str:
+        if not _PASSWORD_RE.match(value):
+            raise ValueError(
+                "password must be 8-128 characters and contain at least one letter and one number"
+            )
+        return value
+
+
+class UserOut(UserBase):
+    """User output schema."""
+
+    model_config = ConfigDict(from_attributes=True)
+
+    id: str
+
+
+class UserLogin(BaseModel):
+    """User login schema."""
+
+    username: str
+    password: str
+
+
+class TokenResponse(BaseModel):
+    """Token response schema."""
+
+    access_token: str
+    refresh_token: str
+    token_type: str = "bearer"
+
+
+class TokenPayload(BaseModel):
+    """JWT token payload."""
+
+    sub: str | None = None
+    role: str | None = None
+    jti: str | None = None
+    type: str | None = None
+    exp: int | None = None
+
+
+class RefreshTokenRequest(BaseModel):
+    """Refresh token request schema."""
+
+    refresh_token: str