feat(server): learn personalized ranking from served-page clicks (D2)#66
Merged
Conversation
…er-only) Add an owner-only `/click` redirect so searches run from the browser through the local server also train the personalization model, matching the native app. - server/app.py: a loopback-only `/click?rid=..&pos=..` route. The server remembers each owner render (a fresh unguessable id -> the displayed (url, host) order) in a small, bounded, in-memory map, and `/click` resolves the destination from that server state, never a caller-supplied URL. So it cannot be an open redirect, a network client gets 404 and cannot forge a rid, and a stale rid / bad pos falls back to home. - The owner's result links route through `/click` only when personalization is on; everyone else (and a disabled owner) gets the plain destination link via a new render_results_page `link_builder`. - server_controller wires personalization_saver so an owner click persists the update to the encrypted vault, and only when the feature is enabled. Gate green: ruff + ruff format + mypy + 552 pytest (5 new served-click tests: records + redirects, network 404 + no tracking links, forged/stale rid and bad pos fail safe, disabled renders plain links). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
ErikChevalier
force-pushed
the
feat/click-personalization-served
branch
from
49c55a0 to
99a8d92
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
PR D2 of the click-personalization feature: an owner-only
/clickredirector so searches run from the browser (through the local server) also train the model, matching the native app. Stacked on #65 (D1) — review/merge that first; this PR's base will retarget tomainonce D1 lands.How it stays safe
/click?rid=..&pos=..is loopback-only (a non-owner gets404).rid→ the displayed(url, host)order) in a small, bounded, in-memory map (never persisted)./clickresolves the destination from that server state, never a caller-supplied URL, so it cannot be an open redirect and a network client cannot forge arid.ridor badposfalls back to home (303 /) and learns nothing./clickonly when personalization is on; everyone else (and a disabled owner) gets the plain destination link. Network visitors get bare links and never train or see personalization.Tests
ruff+ruff format+mypyclean; 552 pytest passed (5 new served-click tests: records the skip-above update + redirects to the right URL; network visitor gets404and no tracking links; forged/staleridand badposfail safe; disabled feature renders plain links).🤖 Generated with Claude Code