#302

2026-06-07 02:50:04 +09:00 · 2026-06-07 02:40:05 +09:00 · 2026-06-07 02:13:40 +09:00 · 2026-06-07 02:01:16 +09:00 · 2026-06-07 01:24:44 +09:00 · 2026-06-07 00:41:35 +09:00
@@ -0,0 +1,35 @@
 ## 背景
 なぜ必要か。
 ## 対象範囲
 - backend:
 - frontend:
 - docs:
 - migration:
 ## やること
 - [ ] 
 ## 受け入れ条件
 - [ ] 
 ## 実行すべき確認
 - [ ] `cd backend && bundle exec rspec`
 - [ ] `cd frontend && npm run build`
 - [ ] `cd frontend && npm run lint`
 ## 禁止事項
 - unrelated refactor はしない
 - 既存 API response shape を壊さない
 - 認証・認可・BAN を弱めない
 ## Codex への指示
 この issue を読んで実装してください。
 不明点があれば、実装前に調査結果と選択肢を提示してください。
@@ -0,0 +1,228 @@
 # AGENTS.md
 ## Project overview
 BTRC Hub / タグ広場 is a split Rails API and React frontend repository.
 - Backend: Rails API under `backend/`.
 - Frontend: React + TypeScript + Vite under `frontend/`.
 - Docs: lightweight command notes under `docs/`.
 - There is no README or Makefile at the repository root as of this inspection.
 ## Stack
 - Backend: Ruby `3.2.2` from `backend/.ruby-version`, Rails `~> 8.0.2`.
 - Backend dependencies include `mysql2`, `sqlite3`, `rspec-rails`,
  `factory_bot_rails`, `rack-cors`, `jwt`, `discard`, `gollum`, `whenever`,
  `aws-sdk-s3`, `brakeman`, and `rubocop-rails-omakase`.
 - Frontend: React `^19.1.0`, TypeScript `~5.8.3`, Vite `^6.3.5`.
 - Frontend data/UI dependencies include Axios, TanStack Query, Tailwind CSS,
  Framer Motion, Radix UI components, lucide-react, MDX/Markdown tooling, and
  Zustand.
 ## Main directories
 - `backend/app/controllers`: Rails API controllers.
 - `backend/app/models`: Active Record models.
 - `backend/app/representations`: API response representation classes.
 - `backend/app/services`: domain services such as version recording,
  wiki commit, YouTube sync, and similarity calculation.
 - `backend/config/routes.rb`: API routes.
 - `backend/db/migrate`: migrations.
 - `backend/db/schema.rb`: current schema snapshot.
 - `backend/lib/tasks`: custom Rake tasks.
 - `backend/spec`: RSpec tests.
 - `backend/test`: Rails minitest files that still exist in the tree.
 - `frontend/src/App.tsx`: frontend route definitions and initial user setup.
 - `frontend/src/pages`: page-level React components.
 - `frontend/src/components`: shared and feature components.
 - `frontend/src/lib`: API client helpers, query keys, prefetchers, and domain helpers.
 - `frontend/src/stores`: Zustand stores.
 - `docs/commands.md`: command notes.
 ## Commands
 Only list commands that are backed by files inspected in this repository.
 ### Backend
 The following binstubs exist under `backend/bin`:
 ```sh
 cd backend
 bin/setup
 bin/dev
 bin/rails
 bin/rake
 bin/rubocop
 bin/brakeman
 bin/kamal
 bin/thrust
 ```
 Common Rails/Rake usage through existing binstubs:
 ```sh
 cd backend
 bin/rails db:prepare
 bin/rails db:migrate
 bin/rails routes
 bin/rails server
 bin/rake
 bin/rubocop
 bin/brakeman
 ```
 RSpec is present in `Gemfile` and `.rspec` exists:
 ```sh
 cd backend
 bundle exec rspec
 ```
 ### Frontend
 The following npm scripts exist in `frontend/package.json`:
 ```sh
 cd frontend
 npm run dev
 npm run build
 npm run lint
 npm run test
 npm run test:run
 npm run preview
 ```
 `npm run build` runs `tsc -b && vite build`, then `postbuild` runs
 `node scripts/generate-sitemap.js`.
 `npm run test` runs Vitest in watch mode. Use `npm run test:run` for a non-watch frontend test run.
 ## Coding style
 - Prefer precise, minimal changes.
 - Do not flatter or over-explain.
 - Explain risks directly.
 - Prefer single quotes for strings unless interpolation or escaping makes
  double quotes better.
 - Ruby: never put a space before method-call parentheses.
 - Ruby: never put a line break immediately before `)`.
 - Ruby: do not use `%w` or `%i`.
 - Ruby hashes are not blocks; keep `}` on the same line as the final pair.
 - Ruby hashes keep the first pair on the same line as `{` unless line length
  requires a break.
 - Ruby blocks use separate `{ ... }` rules from hashes, with 2-space body
  indentation.
 - For arrays, never put whitespace or a line break immediately before `]`.
 - Keep the first element on the same line as `[` by default.
 - If an array would exceed the line limit, break after `[` and indent
  elements by 4 spaces.
 - TypeScript and Python: use GNU-style spacing before parentheses where
  syntactically valid.
 - Never write Ruby, TypeScript, or TSX lines longer than 99 characters.
 - Aim to keep Ruby, TypeScript, and TSX lines within 79 characters where practical.
 - TypeScript and TSX use 4-space logical indentation.
 - In TypeScript and TSX only, replace every leading run of 8 spaces with a tab.
 - Tabs are only for leading indentation, never for spaces after non-space text.
 - Do not add production dependencies without explicit approval.
 ## Backend rules
 - Inspect existing routes, controllers, models, services, and specs before
  editing backend behavior.
 - For API behavior changes, add or update request specs under `backend/spec/requests`.
 - Prefer RSpec for new backend tests; existing minitest files under
  `backend/test` do not make minitest the default for new coverage.
 - Do not weaken authentication, BAN user checks, or IP BAN checks.
 - Preserve the `X-Transfer-Code` user identification flow unless the task
  explicitly changes authentication.
 - Be careful with version tables, `version_no`, optimistic concurrency,
  wiki revisions, and restore/diff behavior.
 - Be careful with tag names, tag normalization, implications, similarities, and discard behavior.
 - Be sensitive to N+1 queries; avoid introducing them and proactively fix
  existing N+1 issues in the code path being edited.
 - Keep migration files and `backend/db/schema.rb` consistent when changing schema.
 ## Frontend rules
 - Use `frontend/src/lib/api.ts` for API calls so headers and camelCase conversion stay consistent.
 - Add or reuse TanStack Query keys through `frontend/src/lib/queryKeys.ts`;
  avoid ad hoc query key arrays.
 - Encode URL path-segment values with `encodeURIComponent`.
 - React hooks must be called unconditionally.
 - Keep page-level code under `frontend/src/pages` and shared UI/feature code
  under `frontend/src/components` unless existing patterns point elsewhere.
 - Match existing Tailwind, component, and import alias conventions.
 ### Frontend TSX style
 - Preserve the local TSX formatting style.
 - Do not normalize TSX to common Prettier-style React formatting unless
  explicitly asked.
 - Prefer `const` arrow functions for TypeScript/TSX component and helper declarations.
 - Put two blank lines before and after top-level `const` function
  declarations, unless imports, exports, or file boundaries make that awkward.
 - In TSX, indent with 4-space logical indentation.
 - A leading tab is exactly equivalent to 8 leading spaces.
 - Keep a tag's closing marker on the same line as the final prop when the tag
  spans multiple lines.
 - Do not put `/>` or `>` on its own line unless the existing surrounding code
  does so.
 - Keep JSX closing parentheses in the existing compact style, for example
  `</div>)` rather than moving `)` onto a separate line.
 - Do not add braces around `if`, `else`, or `for` bodies when the body is a
  single physical line.
 - Always add braces around `if`, `else`, or `for` bodies when the body spans
  two or more physical lines, even if it is one statement.
 Preferred:
 ```tsx
 const PostFormTagsArea: FC<Props> = ({ tags, setTags, errors, ...rest }) => {
  return (
      <TextArea
 	  {...rest}
 	  ref={ref}
 	  value={tags}
 	  invalid={errors && errors.length > 0}
 	  onChange={ev => setTags (ev.target.value)}/>)
 }
 ```
 Avoid:
 ```tsx
 function PostFormTagsArea ({ tags, setTags }: Props) {
  return (
    <TextArea
      value={tags}
      onChange={ev => setTags (ev.target.value)}
    />
  )
 }
 ```
 ## Codex workflow
 - First inspect existing patterns; do not invent new architecture when a local convention exists.
 - Keep changes scoped to the requested issue.
 - Do not scan or summarize dependency/generated/runtime directories such as
  `node_modules`, `dist`, `tmp`, `log`, and `storage` unless explicitly needed.
 - Before touching wiki, tag, versioning, BAN, IP BAN, or authentication
  behavior, inspect the related request specs and service objects.
 - If frontend code changes, run the existing frontend verification commands
  that apply: `npm run build`, `npm run lint`, and `npm run test:run`.
 - If backend code changes, run the relevant RSpec command; for broad backend
  changes, run `bundle exec rspec`.
 - If a verification command cannot be run or fails, report the exact command and failure.
 ## Completion criteria
 A task is complete only when:
 - implementation is complete,
 - relevant verification commands pass, or failures are clearly explained,
 - unrelated files are not changed,
 - migrations and schema are consistent when schema changes are made,
 - user-facing behavior is documented when needed.
@@ -0,0 +1,212 @@
 # backend/AGENTS.md
 ## Scope
 These rules apply to work under `backend/`.
 This is a Rails API app using Active Record, RSpec, request specs,
 service objects, representation classes, and version tables for post/tag/wiki
 history.
 ## Commands
 Use commands backed by files and dependencies in this directory:
 ```sh
 bin/setup
 bin/dev
 bin/rails
 bin/rake
 bin/rubocop
 bin/brakeman
 bundle exec rspec
 ```
 Common checks:
 ```sh
 bundle exec rspec
 bin/rubocop
 bin/brakeman
 ```
 Common Rails commands:
 ```sh
 bin/rails db:prepare
 bin/rails db:migrate
 bin/rails routes
 bin/rails server
 ```
 After backend behavior changes, run the relevant RSpec files. For broad backend changes, run:
 ```sh
 bundle exec rspec
 ```
 If a command cannot be run or fails, report the exact command and failure.
 ## Rails structure
 - `app/controllers`: API controllers.
 - `app/models`: Active Record models and concerns.
 - `app/representations`: JSON response shaping.
 - `app/services`: domain services such as version recorders, wiki commit,
  YouTube sync, and similarity calculation.
 - `config/routes.rb`: public API routes.
 - `db/migrate`: migrations.
 - `db/schema.rb`: schema snapshot.
 - `lib/tasks`: custom Rake tasks.
 - `spec`: RSpec tests.
 Before changing behavior, inspect the matching route, controller, model,
 service, representation, and spec.
 ## Ruby style
 - Prefer precise, minimal changes.
 - Use single quotes unless interpolation or escaping makes double quotes better.
 - Do not put a space before Ruby method-call parentheses.
 - Never put a line break immediately before `)` in Ruby.
 - Do not use `%w` or `%i` in new Ruby code.
 - Never write a Ruby line longer than 99 characters.
 - Aim to keep Ruby lines within 79 characters where practical.
 - For small Ruby method definitions that take keyword arguments, match the
  local no-parentheses style when nearby code uses it.
 - Treat Ruby hash `{ ... }` style and Ruby block `{ ... }` style as separate
  rules.
 - Do not format Ruby hashes like Ruby blocks.
 - For Ruby hashes, keep the closing `}` on the same line as the final pair.
 - Keep the first pair on the same line as `{` by default.
 - If the hash would exceed the line limit, break after `{` and indent pairs
  by 4 spaces.
 - Put one logical pair per line when the expression would otherwise become
  dense.
 - For Ruby arrays, never put whitespace or a line break immediately before `]`.
 - Keep the first element on the same line as `[` by default.
 - If an array would exceed the line limit, break after `[` and indent
  elements by 4 spaces.
 - For Ruby blocks, use 2-space indentation for the block body.
 - Keep comments short and useful; avoid narrating obvious code.
 - Do not add production dependencies without approval.
 ## Authentication and authorization
 - Authentication is handled through the `X-Transfer-Code` header in
  `ApplicationController#authenticate_user`.
 - `current_user` is set by looking up `User.inheritance_code`.
 - Do not bypass or weaken the `X-Transfer-Code` flow unless the task
  explicitly changes authentication.
 - Unauthenticated write actions should return `:unauthorized` consistently
  with existing controllers.
 - Role checks use `User` enum roles: `guest`, `member`, and `admin`.
 - Use `current_user.gte_member?` for member-or-admin write permissions where
  existing controllers do so.
 - Use `current_user.admin?` only for admin-only paths, such as tag child relationship changes.
 - Do not replace role checks with looser presence checks.
 ## BAN and IP BAN
 - `ApplicationController` runs these before actions in order:
  - `reject_banned_ip_address!`
  - `authenticate_user`
  - `reject_banned_user!`
 - User and IP bans use `banned_at`, not a boolean `banned` column.
 - `User#banned?` and `IpAddress#banned?` check `banned_at.present?`.
 - Do not weaken BAN or IP BAN behavior.
 - If changing request authentication or controller before actions, add or
  update request specs covering banned users and banned IP addresses.
 ## RSpec
 - Prefer RSpec for new backend tests.
 - Put API behavior coverage under `spec/requests`.
 - Put model behavior under `spec/models`.
 - Put service behavior under `spec/services`.
 - Put Rake task coverage under `spec/tasks`.
 - `spec/rails_helper.rb` loads `spec/support/**/*.rb`.
 - Request specs include `AuthHelper` and `JsonHelper`.
 - `AuthHelper#sign_in_as(user)` stubs
  `ApplicationController#current_user`; use it when matching existing
  request spec style.
 - Add or update request specs for API behavior changes, especially status
  codes, permissions, response shape, and version conflict behavior.
 ## Migrations
 - Keep migrations and `db/schema.rb` consistent.
 - Use reversible migrations where practical; otherwise define explicit `up` and `down`.
 - For data backfills inside migrations, follow the existing pattern of
  defining migration-local `ActiveRecord::Base` classes with
  `self.table_name`.
 - Preserve existing indexes, foreign keys, check constraints, and null constraints.
 - Be careful with MySQL-specific options already present in migrations, such as `after:`.
 - Do not edit old migrations just to change current behavior unless
  explicitly requested; add a new migration.
 ## Version tables
 - Versioned records include posts, tags, nico tags, and wiki pages.
 - Current records have `version_no`; version tables have positive
  `version_no` with unique indexes scoped to the parent record.
 - Version event types are `create`, `update`, `discard`, and `restore`.
 - Version rows are readonly through the `VersionRecord` concern.
 - Use the existing recorder services instead of manually inserting version
  rows in application code:
  - `PostVersionRecorder`
  - `TagVersionRecorder`
  - `NicoTagVersionRecorder`
  - `WikiVersionRecorder`
  - `TagVersioning`
 - `VersionRecorder` locks the current record, validates sequence consistency,
  skips unchanged update snapshots, creates the next version row, and updates
  the record `version_no`.
 - Do not update versioned records without considering whether a version snapshot must be created.
 - For optimistic concurrency paths, preserve `base_version_no`, `force`, and
  `merge` semantics and cover conflicts in request specs.
 ## Domain cautions
 - Posts have tag snapshots, parent post implications, original-created ranges,
  viewed state, and version conflict behavior.
 - Tags have canonical names, aliases through `TagName`, categories, parent
  implications, discard behavior, and version snapshots.
 - Nico tags have separate relation/version behavior; do not treat them like
  normal editable tags without checking existing code.
 - Wiki pages involve page content, revisions/history, version rows,
  title/tag-name behavior, and diff/restore paths.
 - Materials, theatres, and comments have user and permission checks; inspect
  the controller before changing them.
 ## API responses
 - Use representation classes under `app/representations` when existing endpoints do.
 - Keep response keys consistent with existing JSON contracts.
 - Frontend code expects camelCase conversion client-side, while Rails params
  and JSON keys are generally snake_case.
 - Preserve existing HTTP status conventions:
  `:unauthorized` for no user, `:forbidden` for insufficient role or banned
  user, `:not_found` for missing records, and `:unprocessable_entity` for
  validation failures.
 - For diagnostic or internal helper JSON, prefer a deliberately light response
  shape over full representation classes when callers only need identifiers,
  labels, URLs, or weights.
 ## Active Record performance
 - When a controller action serializes nested associations, preload the
  associations it will touch instead of allowing N+1 queries.
 - Be sensitive to N+1 queries in all backend work.
 - Avoid introducing N+1 queries, and proactively fix existing N+1 issues when
  you find them in the code path you are editing.
 - When an association may already be preloaded, prefer loaded-association
  checks that reuse the preloaded data without losing the efficient database
  path.
 ## Files to avoid in routine work
 - Do not inspect or edit `tmp/`, `log/`, `storage/`, `vendor/`, or dependency
  directories unless explicitly needed.
 - Do not modify generated schema or migration output without the corresponding
  migration when schema changes are made.
@@ -69,3 +69,5 @@ gem 'discard'
 gem "rspec-rails", "~> 8.0", :groups => [:development, :test]
 gem 'aws-sdk-s3', require: false
 gem 'rails-i18n', '~> 8.0.0'
@@ -306,6 +306,9 @@ GEM
    rails-html-sanitizer (1.6.2)
      loofah (~> 2.21)
      nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0)
    rails-i18n (8.0.2)
      i18n (>= 0.7, < 2)
      railties (>= 8.0.0, < 9)
    railties (8.0.2)
      actionpack (= 8.0.2)
      activesupport (= 8.0.2)
@@ -477,6 +480,7 @@ DEPENDENCIES
  puma (>= 5.0)
  rack-cors
  rails (~> 8.0.2)
  rails-i18n (~> 8.0.0)
  rspec-rails (~> 8.0)
  rubocop-rails-omakase
  sprockets-rails
@@ -1,14 +1,19 @@
 class ApplicationController < ActionController::API
-  before_action :authenticate_user
+  rescue_from ActiveRecord::RecordInvalid, with: :render_record_invalid
  rescue_from ActiveRecord::RecordNotUnique, with: :render_record_not_unique
-  def current_user
+  before_action :reject_banned_ip_address!
-    @current_user
+  before_action :authenticate_user
-  end
+  before_action :reject_banned_user!
  def current_user = @current_user
  private
  def authenticate_user
    code = request.headers['X-Transfer-Code'] || request.headers['HTTP_X_TRANSFER_CODE']
    return if code.blank?
    @current_user = User.find_by(inheritance_code: code)
  end
@@ -22,4 +27,62 @@ class ApplicationController < ActionController::API
      s.in?(['', '1', 'true', 'on', 'yes'])
    end
  end
  def render_bad_request message = 'リクエストが不正です．'
    render json: { type: 'bad_request',
                   message:,
                   errors: { },
                   base_errors: [message] },
           status: :bad_request
  end
  def render_unprocessable_entity message = '入力を確認してください．', field: nil
    render_validation_error(fields: field ? { field => [message] } : { },
                            base: field ? [] : [message])
  end
  def render_record_invalid error
    render_validation_error error.record
  end
  def render_record_not_unique _error = nil
    render_validation_error base: ['すでに存在してゐます．']
  end
  def reject_banned_ip_address!
    ip_address = IpAddress.find_by(ip_address: IPAddr.new(request.remote_ip).hton)
    return unless ip_address&.banned?
    head :forbidden
  end
  def reject_banned_user!
    return unless current_user&.banned?
    head :forbidden
  end
  def render_validation_error record = nil, fields: { }, base: [], status: :unprocessable_entity
    errors = { }
    if record
      record.errors.each do |error|
        errors[error.attribute] ||= []
        errors[error.attribute] << error.message
      end
    end
    fields.each do |attr, messages|
      errors[attr.to_sym] ||= []
      errors[attr.to_sym].concat(Array(messages))
    end
    base_errors = Array(base) + Array(errors.delete(:base))
    render json: { type: 'validation_error',
                   message: '入力内容を確認してください．',
                   errors:,
                   base_errors: },
           status:
  end
 end
@@ -2,7 +2,8 @@ class DeerjikistsController < ApplicationController
  def show
    platform = params[:platform].to_s.strip
    code = params[:code].to_s.strip
-    return head :bad_request if platform.blank? || code.blank?
+    return render_bad_request('platform は必須です．') if platform.blank?
    return render_bad_request('code は必須です．') if code.blank?
    deerjikist = Deerjikist
                 .joins(:tag)
@@ -22,7 +23,9 @@ class DeerjikistsController < ApplicationController
    platform = params[:platform].to_s.strip
    code = params[:code].to_s.strip
    tag_id = params[:tag_id].to_i
-    return head :bad_request if platform.blank? || code.blank? || tag_id <= 0
+    return render_bad_request('platform は必須です．') if platform.blank?
    return render_bad_request('code は必須です．') if code.blank?
    return render_bad_request('tag_id が不正です．') if tag_id <= 0
    deerjikist = Deerjikist.find_or_initialize_by(platform:, code:).tap do |d|
      d.tag_id = tag_id
@@ -38,7 +41,8 @@ class DeerjikistsController < ApplicationController
    platform = params[:platform].to_s.strip
    code = params[:code].to_s.strip
-    return head :bad_request if platform.blank? || code.blank?
+    return render_bad_request('platform は必須です．') if platform.blank?
    return render_bad_request('code は必須です．') if code.blank?
    Deerjikist.find([platform, code]).destroy!
@@ -40,7 +40,11 @@ class MaterialsController < ApplicationController
    tag_name_raw = params[:tag].to_s.strip
    file = params[:file]
    url = params[:url].to_s.strip.presence
-    return head :bad_request if tag_name_raw.blank? || (file.blank? && url.blank?)
+    return render_unprocessable_entity('タグは必須です．', field: :tag) if tag_name_raw.blank?
    if file.blank? && url.blank?
      return render_validation_error fields: { file: ['ファイルまたは URL は必須です．'],
                                               url: ['ファイルまたは URL は必須です．'] }
    end
    tag_name = TagName.find_undiscard_or_create_by!(name: tag_name_raw)
    tag = tag_name.tag
@@ -54,7 +58,7 @@ class MaterialsController < ApplicationController
    if material.save
      render json: MaterialRepr.base(material, host: request.base_url), status: :created
    else
-      render json: { errors: material.errors.full_messages }, status: :unprocessable_entity
+      render_validation_error material
    end
  end
@@ -68,7 +72,11 @@ class MaterialsController < ApplicationController
    tag_name_raw = params[:tag].to_s.strip
    file = params[:file]
    url = params[:url].to_s.strip.presence
-    return head :bad_request if tag_name_raw.blank? || (file.blank? && url.blank?)
+    return render_unprocessable_entity('タグは必須です．', field: :tag) if tag_name_raw.blank?
    if file.blank? && url.blank?
      return render_validation_error fields: { file: ['ファイルまたは URL は必須です．'],
                                               url: ['ファイルまたは URL は必須です．'] }
    end
    tag_name = TagName.find_undiscard_or_create_by!(name: tag_name_raw)
    tag = tag_name.tag
@@ -84,7 +92,7 @@ class MaterialsController < ApplicationController
    if material.save
      render json: MaterialRepr.base(material, host: request.base_url)
    else
-      render json: { errors: material.errors.full_messages }, status: :unprocessable_entity
+      render_validation_error material
    end
  end
@@ -1,26 +1,69 @@
 class NicoTagsController < ApplicationController
  def index
-    limit = (params[:limit] || 20).to_i
+    name = params[:name].presence
-    cursor = params[:cursor].presence
+    linked_tag = params[:linked_tag].presence
    link_status = params[:link_status].presence
    order = params[:order].to_s.split(':', 2).map(&:strip)
    order[0] = 'updated_at' unless order[0].in?(['name', 'created_at', 'updated_at'])
    unless order[1].in?(['asc', 'desc'])
      order[1] = order[0] == 'name' ? 'asc' : 'desc'
    end
    page = (params[:page].presence || 1).to_i
    limit = (params[:limit].presence || 20).to_i
    page = 1 if page < 1
    limit = 1 if limit < 1
    post_tag_max_sql =
        PostTag
        .select('tag_id, MAX(created_at) AS max_created_at')
        .group('tag_id')
        .to_sql
    q = Tag.nico_tags
           .joins(:tag_name)
           .joins("LEFT JOIN (#{ post_tag_max_sql }) post_tag_max " \
                  'ON post_tag_max.tag_id = tags.id')
           .includes(:tag_name, tag_name: :wiki_page, linked_tags: { tag_name: :wiki_page })
-           .order(updated_at: :desc)
+    q = q.where('tag_names.name LIKE ?', "%#{ name }%") if name
-    q = q.where('tags.updated_at < ?', Time.iso8601(cursor)) if cursor
+    if linked_tag
-
+      linked_tag_ids =
-    tags = q.limit(limit + 1).to_a
+        Tag
-
+        .joins(:tag_name)
-    next_cursor = nil
+        .where('tag_names.name LIKE ?', "%#{ linked_tag }%")
-    if tags.size > limit
+        .pluck(:id)
-      next_cursor = tags.last.updated_at.iso8601(6)
+      linked_nico_tag_ids = NicoTagRelation.where(tag_id: linked_tag_ids).pluck(:nico_tag_id)
-      tags = tags.first(limit)
+      q = q.where(id: linked_nico_tag_ids)
    end
    if link_status.in?(['linked', 'unlinked'])
      exists_sql =
          'EXISTS (SELECT 1 FROM nico_tag_relations ' \
          'WHERE nico_tag_relations.nico_tag_id = tags.id)'
      q = link_status == 'linked' ? q.where(exists_sql) : q.where("NOT #{ exists_sql }")
    end
    count = q.count
    sort_sql =
        case order[0]
        when 'name'
          'tag_names.name'
        when 'updated_at'
          'post_tag_max.max_created_at'
        else
          "tags.#{ order[0] }"
        end
    tags = q.reselect('tags.*',
                      Arel.sql('post_tag_max.max_created_at AS recent_post_tag_created_at'))
            .order(Arel.sql("#{ sort_sql } #{ order[1] }, tags.id #{ order[1] }"))
            .limit(limit)
            .offset((page - 1) * limit)
            .to_a
    render json: { tags: tags.map { |tag|
-      TagRepr.base(tag).merge(linked_tags: tag.linked_tags.map { |lt|
+      TagRepr.base(tag).merge(
-        TagRepr.base(lt)
+          recent_post_tag_created_at: tag.recent_post_tag_created_at,
-      })
+          linked_tags: tag.linked_tags.map { |lt| TagRepr.base(lt) })
-    }, next_cursor: }
+    }, count: }
  end
  def update
@@ -30,14 +73,18 @@ class NicoTagsController < ApplicationController
    id = params[:id].to_i
    tag = Tag.find(id)
-    return head :bad_request unless tag.nico?
+    return render_bad_request('ニコニコ・タグを指定してください．') unless tag.nico?
    linked_tag_names = params[:tags].to_s.split
-    linked_tags = Tag.normalise_tags(linked_tag_names, with_tagme: false,
+    linked_tags = nil
                                                       with_no_deerjikist: false)
    return head :bad_request if linked_tags.any? { |t| t.nico? }
    ApplicationRecord.transaction do
      linked_tags = Tag.normalise_tags!(linked_tag_names, with_tagme: false,
                                                          with_no_deerjikist: false)
      if linked_tags.any? { |t| t.nico? }
        raise Tag::NicoTagNormalisationError
      end
      TagVersioning.record_tag_snapshots!(linked_tags, created_by_user: current_user)
      tag.linked_tags = linked_tags
@@ -47,5 +94,21 @@ class NicoTagsController < ApplicationController
    end
    render json: tag.linked_tags.map { |t| TagRepr.base(t) }, status: :ok
  rescue Tag::NicoTagNormalisationError
    render_validation_error fields: { tags: ['ニコニコ・タグ同士は連携できません．'] }
  rescue ActiveRecord::RecordInvalid => e
    render_nico_tag_form_record_invalid e.record
  end
  private
  def render_nico_tag_form_record_invalid record
    if record.is_a?(TagName) || record.is_a?(Tag)
      render_validation_error fields: { tags: record.errors.full_messages.map { |message|
        "タグ名 “#{ record.name }”: #{ message }"
      } }
    else
      render_validation_error record
    end
  end
 end
@@ -44,7 +44,8 @@ class PostsController < ApplicationController
        filtered_posts
        .joins("LEFT JOIN (#{ pt_max_sql }) pt_max ON pt_max.post_id = posts.id")
        .reselect('posts.*', Arel.sql("#{ updated_at_all_sql } AS updated_at_all"))
-        .preload(tags: [:materials, { tag_name: :wiki_page }])
+        .preload(:uploaded_user, :parents, :children,
                 tags: [:deerjikists, :materials, { tag_name: :wiki_page }])
        .with_attached_thumbnail
    q = q.where('posts.url LIKE ?', "%#{ url }%") if url
@@ -95,7 +96,9 @@ class PostsController < ApplicationController
  end
  def random
-    post = filtered_posts.preload(tags: [:materials, { tag_name: :wiki_page }])
+    post = filtered_posts.preload(:uploaded_user, :parents, :children,
                                  tags: [:deerjikists, :materials, { tag_name: :wiki_page }])
                         .with_attached_thumbnail
                         .order('RAND()')
                         .first
    return head :not_found unless post
@@ -104,12 +107,25 @@ class PostsController < ApplicationController
  end
  def show
-    post = Post.includes(tags: [:materials, { tag_name: :wiki_page }]).find_by(id: params[:id])
+    post =
        Post
        .includes(:uploaded_user, :parents, :children,
                  tags: [:deerjikists, :materials, { tag_name: :wiki_page }])
        .with_attached_thumbnail
        .find_by(id: params[:id])
    return head :not_found unless post
-    render json: PostRepr.base(post, current_user)
+    parent_posts = post.parents.with_attached_thumbnail.order(:id).to_a
-                         .merge(tags: build_tag_tree_for(post.tags),
+    child_posts = post.children.with_attached_thumbnail.order(:id).to_a
-                                related: post.related(limit: 20))
+    sibling_posts = sibling_posts_by_parent(parent_posts.map(&:id))
    related = post.related(limit: 20).to_a
    render json: PostRepr.detail(post, current_user,
                                 parent_posts:,
                                 child_posts:,
                                 sibling_posts:,
                                 related:)
                         .merge(tags: build_tag_tree_for(post.tags))
  end
  def create
@@ -123,28 +139,36 @@ class PostsController < ApplicationController
    tag_names = params[:tags].to_s.split
    original_created_from = params[:original_created_from]
    original_created_before = params[:original_created_before]
    parent_post_ids = parse_parent_post_ids
    post = Post.new(title:, url:, thumbnail_base: nil, uploaded_user: current_user,
                    original_created_from:, original_created_before:)
-    post.thumbnail.attach(thumbnail)
+    post.thumbnail.attach(thumbnail) if thumbnail.present?
    ApplicationRecord.transaction do
      post.save!
-      tags = Tag.normalise_tags(tag_names)
+
      tags = Tag.normalise_tags!(tag_names)
      TagVersioning.record_tag_snapshots!(tags, created_by_user: current_user)
      tags = Tag.expand_parent_tags(tags)
      sync_post_tags!(post, tags)
      sync_parent_posts!(post, parent_post_ids)
      post.resized_thumbnail!
      PostVersionRecorder.record!(post:, event_type: :create, created_by_user: current_user)
    end
    post.reload
    render json: PostRepr.base(post), status: :created
  rescue ActiveRecord::RecordInvalid
    render json: { errors: post.errors.full_messages }, status: :unprocessable_entity
  rescue Tag::NicoTagNormalisationError
-    head :bad_request
+    render_validation_error fields: { tags: 'ニコニコ・タグは直接指定できません．' }
  rescue ArgumentError => e
    render_validation_error fields: { parent_post_ids: [e.message] }
  rescue ActiveRecord::RecordInvalid => e
    render_post_form_record_invalid e.record
  end
  def viewed
@@ -165,35 +189,76 @@ class PostsController < ApplicationController
    return head :unauthorized unless current_user
    return head :forbidden unless current_user.gte_member?
    force = bool?(:force)
    merge = bool?(:merge)
    return render_bad_request('force と merge は同時に指定できません．') if force && merge
    base_version_no = parse_base_version_no
    return render_bad_request('base_version_no は必須です．') if !(force) && !(base_version_no)
    title = params[:title].presence
    tag_names = params[:tags].to_s.split
    original_created_from = params[:original_created_from]
    original_created_before = params[:original_created_before]
    parent_post_ids = parse_parent_post_ids
-    post = Post.find(params[:id].to_i)
+    post = nil
    conflict_json = nil
    ApplicationRecord.transaction do
-      PostVersionRecorder.ensure_snapshot!(post, created_by_user: current_user)
+      post = Post.lock.find(params[:id].to_i)
-      post.update!(title:, original_created_from:, original_created_before:)
+      base_version = nil
      base_snapshot = nil
      current_snapshot = nil
      unless force
        base_version = post.post_versions.find_by!(version_no: base_version_no)
-      normalised_tags = Tag.normalise_tags(tag_names, with_tagme: false)
+        base_snapshot = post_snapshot_from_version(base_version)
-      TagVersioning.record_tag_snapshots!(normalised_tags, created_by_user: current_user)
+        current_snapshot = post_snapshot_from_record(post)
      end
      incoming_snapshot = post_incoming_snapshot(title:,
                                                 original_created_from:,
                                                 original_created_before:,
                                                 tag_names:,
                                                 parent_post_ids:)
-      tags = post.tags.nico.to_a + normalised_tags
+      snapshot_to_apply =
-      tags = Tag.expand_parent_tags(tags)
+          if force || post.version_no == base_version_no || current_snapshot == base_snapshot
-      sync_post_tags!(post, tags)
+            incoming_snapshot
-      PostVersionRecorder.record!(post:, event_type: :update, created_by_user: current_user)
+          else
            changes = post_snapshot_changes(base_snapshot, current_snapshot, incoming_snapshot)
            conflicts = changes.select { |change| change[:conflict] }
            if merge && conflicts.empty?
              merge_post_snapshots(base_snapshot, current_snapshot, incoming_snapshot)
            else
              conflict_json = post_conflict_json(post:,
                                                 base_version_no:,
                                                 base_snapshot:,
                                                 current_snapshot:,
                                                 incoming_snapshot:,
                                                 changes:,
                                                 conflicts:)
              raise ActiveRecord::Rollback
            end
          end
      apply_post_snapshot!(post, snapshot_to_apply)
    end
    return render json: conflict_json, status: :conflict if conflict_json
    post.reload
-    json = post.as_json
+    json = PostRepr.base(post, current_user)
    json['tags'] = build_tag_tree_for(post.tags)
    render json:, status: :ok
  rescue ActiveRecord::RecordInvalid
    render json: post.errors, status: :unprocessable_entity
  rescue Tag::NicoTagNormalisationError
-    head :bad_request
+    render_validation_error fields: { tags: ['ニコニコ・タグは直接指定できません．'] }
  rescue ArgumentError => e
    render_validation_error fields: { parent_post_ids: [e.message] }
  rescue ActiveRecord::RecordInvalid => e
    render_post_form_record_invalid e.record
  end
  def changes
@@ -211,7 +276,7 @@ class PostsController < ApplicationController
    pts = pts.where(post_id: id) if id.present?
    pts = pts.where(tag_id:) if tag_id.present?
    pts = pts.includes(:post, :created_user, :deleted_user,
-                       tag: [:materials, { tag_name: :wiki_page }])
+                       tag: [:deerjikists, :materials, { tag_name: :wiki_page }])
    events = []
    pts.each do |pt|
@@ -336,7 +401,7 @@ class PostsController < ApplicationController
      return nil unless tag
      if path.include?(tag_id)
-        return TagRepr.base(tag).merge(children: [])
+        return TagRepr.inline(tag).merge(children: [])
      end
      if memo.key?(tag_id)
@@ -348,9 +413,272 @@ class PostsController < ApplicationController
      children = child_ids.filter_map { |cid| build_node.(cid, new_path) }
-      memo[tag_id] = TagRepr.base(tag).merge(children:)
+      memo[tag_id] = TagRepr.inline(tag).merge(children:)
    end
    root_ids.filter_map { |id| build_node.call(id, []) }
  end
  def sibling_posts_by_parent parent_post_ids
    return { } if parent_post_ids.blank?
    implications =
        PostImplication
        .where(parent_post_id: parent_post_ids)
        .includes(post: { thumbnail_attachment: :blob })
        .order(:parent_post_id, :post_id)
    implications.group_by(&:parent_post_id).transform_values { |items|
      items.map(&:post)
    }
  end
  def parse_parent_post_ids
    raise ArgumentError, 'parent_post_ids は必須です．' unless params.key?(:parent_post_ids)
    params[:parent_post_ids].to_s.split.map { |token|
      id = Integer(token, exception: false)
      raise ArgumentError, "親投稿 Id. が不正です: #{ token }" if id.nil? || id <= 0
      id
    }.uniq
  end
  def sync_parent_posts! post, parent_post_ids
    if parent_post_ids.include?(post.id)
      post.errors.add :parent_post_ids, '自分自身を親投稿にはできません．'
      raise ActiveRecord::RecordInvalid, post
    end
    existing_ids = Post.where(id: parent_post_ids).pluck(:id)
    missing_ids = parent_post_ids - existing_ids
    if missing_ids.present?
      post.errors.add :parent_post_ids,
                      "存在しない親投稿 Id. があります: #{ missing_ids.join(' ') }"
      raise ActiveRecord::RecordInvalid, post
    end
    current_ids = post.parent_posts.pluck(:id)
    ids_to_add = parent_post_ids - current_ids
    ids_to_remove = current_ids - parent_post_ids
    PostImplication.where(post_id: post.id, parent_post_id: ids_to_remove).delete_all
    ids_to_add.each do |parent_post_id|
      PostImplication.create_or_find_by!(post_id: post.id, parent_post_id:)
    end
  end
  def parse_base_version_no
    version_no = Integer(params[:base_version_no], exception: false)
    if version_no&.positive?
      version_no
    else
      nil
    end
  end
  def post_snapshot_from_version version
    { title: version.title,
      original_created_from: snapshot_time(version.original_created_from),
      original_created_before: snapshot_time(version.original_created_before),
      tag_names: editable_tag_names_from_version(version),
      parent_post_ids: snapshot_parent_post_ids_from_version(version) }
  end
  def editable_tag_names_from_version version
    version.tags.to_s.split.reject { |name| name.downcase.start_with?('nico:') }.sort
  end
  def post_snapshot_from_record post
    { title: post.title,
      original_created_from: snapshot_time(post.original_created_from),
      original_created_before: snapshot_time(post.original_created_before),
      tag_names: editable_tag_names_from_post(post),
      parent_post_ids: post.parent_posts.order(:id).pluck(:id) }
  end
  def editable_tag_names_from_post post
    post.tags.not_nico.joins(:tag_name).order('tag_names.name').pluck('tag_names.name')
  end
  def post_incoming_snapshot title:, original_created_from:, original_created_before:,
                             tag_names:, parent_post_ids:
    { title:,
      original_created_from: snapshot_time(original_created_from),
      original_created_before: snapshot_time(original_created_before),
      tag_names: incoming_tag_names_for_snapshot(tag_names),
      parent_post_ids: parent_post_ids.sort }
  end
  def snapshot_parent_post_ids_from_version version
    if version.respond_to?(:parent_post_ids)
      version.parent_post_ids.to_s.split.map { |id| id.to_i }.sort
    elsif version.respond_to?(:parent_id) && version.parent_id
      [version.parent_id]
    else
      []
    end
  end
  def snapshot_time value
    return nil if value.blank?
    value = Time.zone.parse(value.to_s) if value in String
    value&.in_time_zone&.iso8601(6)
  rescue ArgumentError, TypeError
    value.to_s
  end
  def incoming_tag_names_for_snapshot raw_tag_names
    tags = Tag.normalise_tags!(raw_tag_names, with_tagme: false)
    Tag.expand_parent_tags(tags).map(&:name).uniq.sort
  end
  def post_conflict_json post:, base_version_no:, base_snapshot:,
                         current_snapshot:, incoming_snapshot:, changes:, conflicts:
    { error: 'conflict',
      message: '競合が発生しました．',
      post_id: post.id,
      base_version_no:,
      current_version_no: post.version_no,
      base: base_snapshot,
      current: current_snapshot,
      mine: incoming_snapshot,
      changes:,
      conflicts:,
      mergeable: conflicts.empty? }
  end
  def post_snapshot_changes base_snapshot, current_snapshot, incoming_snapshot
    [scalar_snapshot_change(:title, 'タイトル',
                            base_snapshot, current_snapshot, incoming_snapshot),
     scalar_snapshot_change(:original_created_from, 'オリジナルの作成日時（以降）',
                            base_snapshot, current_snapshot, incoming_snapshot),
     scalar_snapshot_change(:original_created_before, 'オリジナルの作成日時（より前）',
                            base_snapshot, current_snapshot, incoming_snapshot),
     set_snapshot_change(:tag_names, 'タグ',
                         base_snapshot, current_snapshot, incoming_snapshot),
     set_snapshot_change(:parent_post_ids, '親投稿',
                         base_snapshot, current_snapshot, incoming_snapshot)].compact
  end
  def scalar_snapshot_change field, label, base_snapshot, current_snapshot, incoming_snapshot
    base = base_snapshot[field]
    current = current_snapshot[field]
    mine = incoming_snapshot[field]
    return nil if current == base && mine == base
    { field:, label:, base:, current:, mine:,
      changed_by_current: current != base,
      changed_by_me: mine != base,
      conflict: scalar_snapshot_conflict?(base, current, mine) }
  end
  def scalar_snapshot_conflict? base, current, mine
    current != base && mine != base && current != mine
  end
  def set_snapshot_change field, label, base_snapshot, current_snapshot, incoming_snapshot
    base = base_snapshot[field].to_a
    current = current_snapshot[field].to_a
    mine = incoming_snapshot[field].to_a
    added_by_current = current - base
    removed_by_current = base - current
    added_by_me = mine - base
    removed_by_me = base - mine
    if (added_by_current.empty? &&
        removed_by_current.empty? &&
        added_by_me.empty? &&
        removed_by_me.empty?)
      return nil
    end
    { field:, label:, base:, current:, mine:, added_by_current:, removed_by_current:,
      added_by_me:, removed_by_me:,
      changed_by_current: added_by_current.present? || removed_by_current.present?,
      changed_by_me: added_by_me.present? || removed_by_me.present?,
      conflict: set_snapshot_conflict?(added_by_current:,
                                       removed_by_current:,
                                       added_by_me:,
                                       removed_by_me:) }
  end
  def set_snapshot_conflict? added_by_current:, removed_by_current:,
                             added_by_me:, removed_by_me:
    (added_by_current & removed_by_me).present? || (removed_by_current & added_by_me).present?
  end
  def apply_post_snapshot! post, snapshot
    PostVersionRecorder.ensure_snapshot!(post, created_by_user: current_user)
    post.update!(title: snapshot[:title],
                 original_created_from: snapshot[:original_created_from],
                 original_created_before: snapshot[:original_created_before])
    editable_tags = Tag.normalise_tags!(snapshot[:tag_names], with_tagme: false)
    TagVersioning.record_tag_snapshots!(editable_tags, created_by_user: current_user)
    readonly_tags = post.tags.nico.to_a
    tags = readonly_tags + editable_tags
    tags = Tag.expand_parent_tags(tags)
    sync_post_tags!(post, tags)
    sync_parent_posts!(post, snapshot[:parent_post_ids])
    PostVersionRecorder.record!(post:, event_type: :update, created_by_user: current_user)
  end
  def merge_post_snapshots base_snapshot, current_snapshot, incoming_snapshot
    [:title, :original_created_from, :original_created_before].map {
      [_1, merge_scalar_snapshot_value(base_snapshot[_1],
                                       current_snapshot[_1],
                                       incoming_snapshot[_1])]
    }.to_h.merge([:tag_names, :parent_post_ids].map {
      [_1, merge_set_snapshot_value(base_snapshot[_1],
                                    current_snapshot[_1],
                                    incoming_snapshot[_1])]
    }.to_h)
  end
  def merge_scalar_snapshot_value base, current, mine
    return mine if current == base
    return current if mine == base || current == mine
    raise ArgumentError, '競合してゐる項目はマージできません．'
  end
  def merge_set_snapshot_value base, current, mine
    base = base.to_a
    current = current.to_a
    mine = mine.to_a
    added_by_current = current - base
    removed_by_current = base - current
    added_by_me = mine - base
    removed_by_me = base - mine
    merged = base + added_by_current + added_by_me
    merged -= removed_by_current
    merged -= removed_by_me
    merged.uniq.sort
  end
  def render_post_form_record_invalid record
    if record.is_a?(TagName) || record.is_a?(Tag)
      render_validation_error fields: { tags: record.errors.full_messages.map { |message|
        "タグ名 “#{ record.name }”: #{ message }"
      } }
    else
      render_validation_error record
    end
  end
 end
@@ -4,7 +4,7 @@ class PreviewController < ApplicationController
    return head :unauthorized unless current_user
    url = params[:url]
-    return head :bad_request unless url.present?
+    return render_bad_request('URL は必須です．') unless url.present?
    unless url.start_with?(/http(s)?:\/\//)
      url = 'http://' + url
@@ -16,7 +16,7 @@ class PreviewController < ApplicationController
    render json: { title: title }
  rescue => e
-    render json: { error: e.message }, status: :bad_request
+    render_bad_request(e.message)
  end
  def thumbnail
@@ -25,7 +25,7 @@ class PreviewController < ApplicationController
    return head :unauthorized unless current_user
    url = params[:url]
-    return head :bad_request if url.blank?
+    return render_bad_request('URL は必須です．') if url.blank?
    unless url.start_with?(/http(s)?:\/\//)
      url = 'http://' + url
@@ -40,7 +40,11 @@ class PreviewController < ApplicationController
      File.delete(path) rescue nil
      send_file image.path, type: 'image/png', disposition: 'inline'
    else
-      render json: { error: 'Failed to generate thumbnail' }, status: :internal_server_error
+      render json: { type: 'internal_server_error',
                     message: 'サムネールを生成できませんでした．',
                     errors: { },
                     base_errors: ['サムネールを生成できませんでした．'] },
             status: :internal_server_error
    end
  end
 end
@@ -5,11 +5,12 @@ class TagChildrenController < ApplicationController
    parent_id = params[:parent_id]
    child_id = params[:child_id]
-    return head :bad_request if parent_id.blank? || child_id.blank?
+    return render_bad_request('parent_id は必須です．') if parent_id.blank?
    return render_bad_request('child_id は必須です．') if child_id.blank?
    parent = Tag.find(parent_id)
    child = Tag.find(child_id)
-    return head :bad_request if parent.nico? || child.nico?
+    return render_bad_request('ニコニコ・タグの階層は変更できません．') if parent.nico? || child.nico?
    ApplicationRecord.transaction do
      TagVersioning.ensure_snapshot!(child, created_by_user: current_user)
@@ -27,11 +28,12 @@ class TagChildrenController < ApplicationController
    parent_id = params[:parent_id]
    child_id = params[:child_id]
-    return head :bad_request if parent_id.blank? || child_id.blank?
+    return render_bad_request('parent_id は必須です．') if parent_id.blank?
    return render_bad_request('child_id は必須です．') if child_id.blank?
    parent = Tag.find(parent_id)
    child = Tag.find(child_id)
-    return head :bad_request if parent.nico? || child.nico?
+    return render_bad_request('ニコニコ・タグの階層は変更できません．') if parent.nico? || child.nico?
    ApplicationRecord.transaction do
      TagVersioning.ensure_snapshot!(child, created_by_user: current_user)
@@ -1,3 +1,7 @@
 require 'net/http'
 require 'uri'
 class TagsController < ApplicationController
  def index
    post_id = params[:post]
@@ -164,7 +168,7 @@ class TagsController < ApplicationController
  def show_by_name
    name = params[:name].to_s.strip
-    return head :bad_request if name.blank?
+    return render_bad_request('name は必須です．') if name.blank?
    tag = Tag.joins(:tag_name)
             .includes(:tag_name, :materials, tag_name: :wiki_page)
@@ -182,24 +186,52 @@ class TagsController < ApplicationController
             .find_by(id: params[:id])
    return head :not_found unless tag
-    render json: DeerjikistRepr.many(tag.deerjikists)
+    render json: { tag: TagRepr.base(tag),
                   deerjikists: DeerjikistRepr.many(tag.deerjikists) }
  end
  def deerjikists_by_name
    name = params[:name].to_s.strip
-    return head :bad_request if name.blank?
+    return render_bad_request('name は必須です．') if name.blank?
    tag = Tag.joins(:tag_name)
             .includes(:tag_name, tag_name: :wiki_page)
             .find_by(tag_names: { name: })
    return head :not_found unless tag
-    render json: DeerjikistRepr.many(tag.deerjikists)
+    render json: { tag: TagRepr.base(tag),
                   deerjikists: DeerjikistRepr.many(tag.deerjikists) }
  end
  def update_deerjikists
    return head :unauthorized unless current_user
    return head :forbidden unless current_user.gte_member?
    tag = Tag.joins(:tag_name)
             .includes(:tag_name, tag_name: :wiki_page)
             .find_by(id: params[:id])
    return head :not_found unless tag
    ApplicationRecord.transaction do
      tag.deerjikists = []
      params[:_json].each.with_index do |item, i|
        platform = item[:platform]
        code = normalise_deerjikist_code(platform, item[:code])
        deerjikist = Deerjikist.find_or_initialize_by(platform:, code:)
        deerjikist.tag = tag
        render_deerjikist_form_record_invalid(deerjikist, i) unless deerjikist.save
        raise ActiveRecord::Rollback if performed?
      end
    end
    return if performed?
    render json: DeerjikistRepr.many(tag.reload.deerjikists)
  end
  def materials_by_name
    name = params[:name].to_s.strip
-    return head :bad_request if name.blank?
+    return render_bad_request('name は必須です．') if name.blank?
    tag = Tag.joins(:tag_name)
             .includes(:tag_name, :materials, tag_name: :wiki_page)
@@ -218,17 +250,16 @@ class TagsController < ApplicationController
    name = params[:name].to_s.strip
    category = params[:category].to_s.strip
-    return head :unprocessable_entity if name.blank? || category.blank?
+    return render_unprocessable_entity('名前は必須です．', field: :name) if name.blank?
    return render_unprocessable_entity('カテゴリは必須です．', field: :category) if category.blank?
    if name != tag.name &&
        tag.in?([Tag.tagme, Tag.bot, Tag.no_deerjikist, Tag.video, Tag.niconico])
-      return render json: { error: 'システム・タグの名称は変更できません．' },
+      return render_unprocessable_entity('システム・タグの名称は変更できません．', field: :name)
                    status: :unprocessable_entity
    end
    if tag.nico? || category == 'nico'
-      return render json: { error: 'ニコタグは変更できません．' },
+      return render_unprocessable_entity('ニコタグは変更できません．', field: :category)
                    status: :unprocessable_entity
    end
    alias_names = params[:aliases].to_s.split.uniq
@@ -238,18 +269,26 @@ class TagsController < ApplicationController
      TagVersioning.ensure_snapshot!(tag, created_by_user: current_user)
      old_name = tag.name
      name_changed = name != old_name
      wiki_page = tag.tag_name.wiki_page if name_changed
      tag.update!(category:)
      tag.tag_name.update!(name:)
-      alias_names << old_name if name != old_name
+      alias_names << old_name if name_changed
      alias_names.delete(name)
      update_aliases!(tag, alias_names)
      update_parent_tags!(tag, parent_names)
      tag.reload
-      record_tag_version!(tag, event_type: :update, created_by_user: current_user)
+
      record_tag_version!(
          tag,
          event_type: :update,
          created_by_user: current_user,
          name_changed:,
          wiki_page:)
    end
    render json: TagRepr.base(tag.reload)
@@ -265,17 +304,27 @@ class TagsController < ApplicationController
    tag = Tag.find(params[:id])
    if tag.nico? || (category.present? && category == 'nico')
-      return render json: { error: 'ニコタグは変更できません．' },
+      return render_unprocessable_entity('ニコタグは変更できません．', field: :category)
                    status: :unprocessable_entity
    end
    ApplicationRecord.transaction do
      TagVersioning.ensure_snapshot!(tag, created_by_user: current_user)
      old_name = tag.name
      name_changed = name.present? && name != old_name
      wiki_page = tag.tag_name.wiki_page if name_changed
      tag.tag_name.update!(name:) if name.present?
      tag.update!(category:) if category.present?
-      record_tag_version!(tag, event_type: :update, created_by_user: current_user)
+      tag.reload
      record_tag_version!(
          tag,
          event_type: :update,
          created_by_user: current_user,
          name_changed:,
          wiki_page:)
    end
    render json: TagRepr.base(tag.reload)
@@ -297,17 +346,47 @@ class TagsController < ApplicationController
        material: material.as_json&.merge(file:, content_type:))
  end
-  def record_tag_version! tag, event_type:, created_by_user:
+  def record_tag_version! tag, event_type:, created_by_user:, name_changed: false, wiki_page: nil
    if tag.nico?
      NicoTagVersionRecorder.record!(tag:, event_type:, created_by_user:)
-    else
+      return
      TagVersionRecorder.record!(tag:, event_type:, created_by_user:)
    end
    TagVersionRecorder.record!(tag:, event_type:, created_by_user:)
    return unless name_changed
    wiki_page ||= tag.tag_name.wiki_page
    return unless wiki_page&.wiki_versions&.exists?
    WikiVersionRecorder.record!(
        page: wiki_page,
        event_type: :update,
        created_by_user:)
  end
  def update_aliases! tag, alias_names
    alias_names = alias_names.uniq
    affected_tags = [tag]
    current_aliases = tag.tag_name.aliases.to_a
    current_aliases.each do |alias_tag_name|
      next if alias_names.include?(alias_tag_name.name)
      affected_tags << alias_tag_name.canonical&.tag
    end
    alias_names.each do |alias_name|
      alias_tag_name = TagName.find_undiscard_or_create_by!(name: alias_name)
      affected_tags << alias_tag_name.canonical&.tag
    end
    affected_tags.compact.uniq.each do |affected_tag|
      TagVersioning.ensure_snapshot!(affected_tag, created_by_user: current_user)
    end
    current_aliases.each do |alias_tag_name|
      next if alias_names.include?(alias_tag_name.name)
@@ -318,12 +397,16 @@ class TagsController < ApplicationController
      alias_tag_name = TagName.find_undiscard_or_create_by!(name: alias_name)
      alias_tag_name.update!(canonical: tag.tag_name)
    end
    affected_tags.compact.uniq.each do |affected_tag|
      record_tag_version!(affected_tag, event_type: :update, created_by_user: current_user)
    end
  end
  def update_parent_tags! tag, parent_names
-    parent_tags = Tag.normalise_tags(parent_names, with_tagme: false,
+    parent_tags = Tag.normalise_tags!(parent_names, with_tagme: false,
-                                                   with_no_deerjikist: false,
+                                                    with_no_deerjikist: false,
-                                                   deny_nico: true)
+                                                    deny_nico: true)
    old_parent_tags = tag.parents.to_a
@@ -338,4 +421,40 @@ class TagsController < ApplicationController
      TagImplication.create!(tag:, parent_tag:)
    end
  end
  def normalise_deerjikist_code platform, code
    return code if platform != 'youtube' || code[0] != '@'
    url = "https://www.youtube.com/#{ code }"
    html = Net::HTTP.get(URI(url))
    canonical = html[
        /<link rel="canonical" href="https:\/\/www\.youtube\.com\/channel\/(UC[a-zA-Z0-9_-]{22})"/,
        1]
    return canonical if canonical
    html[/"channelId":"(UC[a-zA-Z0-9_-]{22})"/, 1] || html[/\bUC[a-zA-Z0-9_-]{22}\b/]
  rescue
    nil
  end
  def render_deerjikist_form_record_invalid deerjikist, index
    fields = { }
    deerjikist.errors.each do |error|
      field =
          case error.attribute
          when :platform, :code
            "deerjikists.#{ index }.#{ error.attribute }"
          else
            :deerjikists
          end
      fields[field] ||= []
      fields[field] << error.full_message
    end
    render_validation_error fields:
  end
 end
@@ -1,21 +1,28 @@
 class TheatreCommentsController < ApplicationController
  def index
    limit = params[:limit].to_i
    limit = 20 if limit <= 0
    no_gt = params[:no_gt].to_i
-    no_gt = 0 if no_gt.negative?
+    no_gt = 0 if no_gt < 0
    comments = TheatreComment
               .where(theatre_id: params[:theatre_id])
               .where('no > ?', no_gt)
               .order(no: :desc)
               .limit(limit)
-    render json: comments.as_json(include: { user: { only: [:id, :name] } })
+    render json: comments.map {
      _1.as_json(include: { user: { only: [:id, :name] } })
          .merge(content: _1.discarded? ? nil : _1.content, deleted: _1.discarded?)
    }
  end
  def create
    return head :unauthorized unless current_user
    content = params[:content]
-    return head :unprocessable_entity if content.blank?
+    return render_unprocessable_entity('本文は必須です．', field: :content) if content.blank?
    theatre = Theatre.find_by(id: params[:theatre_id])
    return head :not_found unless theatre
@@ -29,4 +36,19 @@ class TheatreCommentsController < ApplicationController
    render json: comment, status: :created
  end
  def destroy
    return head :unauthorized unless current_user
    theatre_id = params[:theatre_id].to_i
    no = params[:id].to_i
    comment = TheatreComment.find_by(theatre_id:, no:)
    return head :not_found unless comment
    return head :forbidden unless comment.user == current_user
    comment.discard!
    head :no_content
  end
 end
@@ -0,0 +1,22 @@
 class TheatreProgrammesController < ApplicationController
  def index
    limit = params[:limit].to_i
    limit = 100 if limit <= 0
    position_gt = params[:position_gt].to_i
    position_gt = 0 if position_gt < 0
    programmes = TheatreProgramme
                 .where(theatre_id: params[:theatre_id])
                 .where('position > ?', position_gt)
                 .includes(:post)
                 .order(position: :desc).limit(100)
                 .limit(limit)
    render json: programmes.map { |programme|
      programme.as_json.merge(post: { id: programme.post.id,
                                      title: programme.post.title,
                                      url: programme.post.url })
    }
  end
 end
@@ -0,0 +1,22 @@
 class TheatreSkipEventsController < ApplicationController
  def index
    limit = params[:limit].to_i
    limit = 50 if limit <= 0
    events =
        TheatreSkipEvent
        .where(theatre_id: params[:theatre_id])
        .includes(:post, tags: :tag_name)
        .order(created_at: :desc)
        .limit(limit)
    render json: events.map { |event|
      { id: event.id,
        theatre_id: event.theatre_id,
        post: { id: event.post.id, title: event.post.title, url: event.post.url },
        tags: event.tags.map { |tag| { id: tag.id, name: tag.name } },
        programme_position: event.programme_position,
        created_at: event.created_at }
    }
  end
 end
@@ -31,9 +31,7 @@ class TheatresController < ApplicationController
      post_started_at = theatre.current_post_started_at
    end
-    render json: {
+    render json: theatre_info_json(theatre, host_flg:, post_id:, post_started_at:)
        host_flg:, post_id:, post_started_at:,
        watching_users: theatre.watching_users.as_json(only: [:id, :name]) }
  end
  def next_post
@@ -43,12 +41,119 @@ class TheatresController < ApplicationController
    return head :not_found unless theatre
    return head :forbidden if theatre.host_user != current_user
-    post = Post.where("url LIKE '%nicovideo.jp%'")
+    ApplicationRecord.transaction do
-           .or(Post.where("url LIKE '%youtube.com%'"))
+      theatre.lock!
-           .order('RAND()')
+      TheatrePostAdvancer.call(theatre:)
-           .first
+    end
    theatre.update!(current_post: post, current_post_started_at: Time.current)
    head :no_content
  end
  def skip_vote
    return head :unauthorized unless current_user
    theatre = Theatre.find_by(id: params[:id])
    return head :not_found unless theatre
    requested_post_id = params[:post_id].to_i
    return head :unprocessable_entity if requested_post_id <= 0
    skipped = false
    conflicted = false
    ApplicationRecord.transaction do
      theatre.lock!
      if theatre.current_post
        TheatreWatchingUser.find_or_initialize_by(theatre:, user: current_user).tap {
          _1.expires_at = 30.seconds.from_now
        }.save!
        if theatre.current_post_id != requested_post_id
          conflicted = true
          next
        end
        TheatreSkipVote.find_or_create_by!(theatre:, post_id: requested_post_id, user: current_user)
        vote_status = skip_vote_status(theatre)
        if vote_status[:votes_count] >= vote_status[:required_count]
          TheatreSkipFinalizer.call(theatre:, user: current_user)
          TheatrePostAdvancer.call(theatre:)
          skipped = true
        end
      end
    end
    theatre.reload
    return render json: theatre_info_json(theatre, skipped: false), status: :conflict if conflicted
    render json: theatre_info_json(theatre, skipped:)
  end
  def unskip_vote
    return head :unauthorized unless current_user
    theatre = Theatre.find_by(id: params[:id])
    return head :not_found unless theatre
    requested_post_id = params[:post_id].to_i
    return head :unprocessable_entity if requested_post_id <= 0
    conflicted = false
    theatre.with_lock do
      if theatre.current_post
        if theatre.current_post_id != requested_post_id
          conflicted = true
        else
          TheatreSkipVote.where(theatre:, post_id: requested_post_id, user: current_user).delete_all
        end
      end
    end
    theatre.reload
    return render json: theatre_info_json(theatre, skipped: false), status: :conflict if conflicted
    render json: theatre_info_json(theatre, skipped: false)
  end
  def post_selection_weights
    theatre = Theatre.find_by(id: params[:id])
    return head :not_found unless theatre
    render json: TheatrePostSelector.new(theatre:).weight_json
  end
  private
  def theatre_info_json(theatre, host_flg: nil, post_id: nil, post_started_at: nil, skipped: nil)
    host_flg = theatre.host_user_id == current_user&.id if host_flg.nil?
    post_id = theatre.current_post_id if post_id.nil?
    post_started_at = theatre.current_post_started_at if post_started_at.nil?
    json = { host_flg:,
             post_id:,
             post_started_at:,
             post_elapsed_ms: post_started_at ? ((Time.current - post_started_at) * 1000).floor : nil,
             watching_users: theatre.watching_users.as_json(only: [:id, :name]),
             skip_vote: skip_vote_status(theatre) }
    json[:skipped] = skipped unless skipped.nil?
    json
  end
  def skip_vote_status(theatre)
    watching_user_ids = theatre.watching_users.ids
    watching_users_count = watching_user_ids.size
    required_count = (watching_users_count / 2) + 1
    post = theatre.current_post
    votes =
        if post
          TheatreSkipVote.where(theatre:, post:, user_id: watching_user_ids)
        else
          TheatreSkipVote.none
        end
    { votes_count: post ? votes.count : 0,
      required_count:,
      watching_users_count:,
      voted: post && current_user ? votes.exists?(user_id: current_user.id) : false }
  end
 end
@@ -1,18 +1,22 @@
 class UsersController < ApplicationController
  def create
-    user = User.create!(inheritance_code: SecureRandom.uuid, role: 'guest')
+    user = nil
    User.transaction do
      user = User.create!(inheritance_code: SecureRandom.uuid, role: :guest)
      attach_ip_address!(user)
    end
    render json: { code: user.inheritance_code,
-                   user: user.slice(:id, :name, :inheritance_code, :role) }
+                   user: user.slice(:id, :name, :inheritance_code, :role) },
           status: :created
  end
  def verify
    ip_bin = IPAddr.new(request.remote_ip).hton
    ip_address = IpAddress.find_or_create_by!(ip_address: ip_bin)
    user = User.find_by(inheritance_code: params[:code])
    return render json: { valid: false } unless user
    return head :forbidden if user.banned?
-    UserIp.find_or_create_by!(user:, ip_address:)
+    attach_ip_address!(user)
    render json: { valid: true, user: user.slice(:id, :name, :inheritance_code, :role) }
  end
@@ -38,12 +42,21 @@ class UsersController < ApplicationController
    return head :unauthorized if user&.id != params[:id].to_i
    name = params[:name]
-    return head :bad_request if name.blank?
+    return render_unprocessable_entity('名前は必須です．', field: :name) if name.blank?
    if user.update(name:)
-      render json: user.slice(:id, :name, :inheritance_code, :role), status: :created
+      render json: user.slice(:id, :name, :inheritance_code, :role), status: :ok
    else
-      render json: user.errors, status: :unprocessable_entity
+      render_validation_error user
    end
  end
  private
  def attach_ip_address! user
    ip_bin = IPAddr.new(request.remote_ip).hton
    ip_address = IpAddress.create_or_find_by!(ip_address: ip_bin)
    UserIp.create_or_find_by!(user:, ip_address:)
  end
 end
@@ -46,7 +46,7 @@ class WikiPagesController < ApplicationController
  def diff
    id = params[:id]
-    return head :bad_request if id.blank?
+    return render_bad_request('id は必須です．') if id.blank?
    from = params[:from].presence
    to = params[:to].presence
@@ -56,7 +56,7 @@ class WikiPagesController < ApplicationController
    from_rev = from && page.wiki_revisions.find(from)
    to_rev = to ? page.wiki_revisions.find(to) : page.current_revision
    if ((from_rev && !(from_rev.content?)) || !(to_rev&.content?))
-      return head :unprocessable_entity
+      return render_unprocessable_entity('差分を表示できない版です．')
    end
    diffs = Diff::LCS.sdiff(from_rev&.body&.lines || [], to_rev.body.lines)
@@ -85,22 +85,27 @@ class WikiPagesController < ApplicationController
    return head :unauthorized unless current_user
    return head :forbidden unless current_user.gte_member?
-    name = params[:title]&.strip
+    title = params[:title].to_s.strip
    body = params[:body].to_s
    message = params[:message].presence
-    return head :unprocessable_entity if name.blank? || body.blank?
+    return render_unprocessable_entity('タイトルは必須です．', field: :title) if title.blank?
    return render_unprocessable_entity('本文は必須です．', field: :body) if body.blank?
-    tag_name = TagName.find_undiscard_or_create_by!(name:)
+    tag_name = TagName.find_undiscard_or_create_by!(name: title)
    page = WikiPage.new(tag_name:, created_user: current_user, updated_user: current_user)
    if page.save
      message = params[:message].presence
      Wiki::Commit.content!(page:, body:, created_user: current_user, message:)
-      render json: WikiPageRepr.base(page), status: :created
+    page =
-    else
+        Wiki::Commit.create_content!(
-      render json: { errors: page.errors.full_messages },
+            tag_name:,
-             status: :unprocessable_entity
+            body:,
-    end
+            created_by_user: current_user,
            message:)
    render json: WikiPageRepr.base(page), status: :created
  rescue ActiveRecord::RecordInvalid => e
    render_validation_error e.record
  rescue ActiveRecord::RecordNotUnique
    render_record_not_unique
  end
  def update
@@ -110,22 +115,38 @@ class WikiPagesController < ApplicationController
    title = params[:title]&.strip
    body = params[:body].to_s
-    return head :unprocessable_entity if title.blank? || body.blank?
+    return render_unprocessable_entity('タイトルは必須です．', field: :title) if title.blank?
    return render_unprocessable_entity('本文は必須です．', field: :body) if body.blank?
    page = WikiPage.find(params[:id])
-    base_revision_id = page.current_revision.id
+    base_revision_id = params[:base_revision_id].presence
-    if params[:title].present? && params[:title].strip != page.title
+    ApplicationRecord.transaction do
-      return head :unprocessable_entity
+      page.lock!
      old_title = page.title
      tag = Tag.find_by(tag_name_id: page.tag_name_id)
      if tag && title != old_title
        TagVersioning.ensure_snapshot!(tag, created_by_user: current_user)
      end
      page.tag_name.update!(name: title) if title != old_title
      message = params[:message].presence
      Wiki::Commit.content!(page:,
                            body:,
                            created_user: current_user,
                            message:,
                            base_revision_id:)
      if tag && title != old_title
        tag.reload
        TagVersionRecorder.record!(tag:, event_type: :update, created_by_user: current_user)
      end
    end
    message = params[:message].presence
    Wiki::Commit.content!(page:,
                          body:,
                          created_user: current_user,
                          message:,
                          base_revision_id:)
    head :ok
  end
@@ -1,6 +1,10 @@
 class IpAddress < ApplicationRecord
  validates :ip_address, presence: true, length: { maximum: 16 }
  validates :banned, inclusion: { in: [true, false] }
-  has_many :users
+  has_many :user_ips, dependent: :destroy
  has_many :users, through: :user_ips
  def banned? = banned_at.present?
  def ban! = banned? || update!(banned_at: Time.current)
  def unban! = update!(banned_at: nil)
 end
@@ -1,7 +1,6 @@
 class Post < ApplicationRecord
  require 'mini_magick'
  belongs_to :parent, class_name: 'Post', optional: true, foreign_key: 'parent_id'
  belongs_to :uploaded_user, class_name: 'User', optional: true
  has_many :post_tags, dependent: :destroy, inverse_of: :post
@@ -13,8 +12,24 @@ class Post < ApplicationRecord
  has_many :post_similarities, dependent: :delete_all
  has_many :post_versions
  has_many :parent_post_implications,
           class_name: 'PostImplication',
           foreign_key: :post_id,
           dependent: :destroy,
           inverse_of: :post
  has_many :parents, through: :parent_post_implications, source: :parent_post
  has_many :child_post_implications,
           class_name: 'PostImplication',
           foreign_key: :parent_post_id,
           dependent: :destroy,
           inverse_of: :parent_post
  has_many :children, through: :child_post_implications, source: :post
  has_one_attached :thumbnail
  attribute :version_no, :integer, default: 1
  before_validation :normalise_url
  validates :url, presence: true, uniqueness: true
@@ -22,17 +37,29 @@ class Post < ApplicationRecord
  validate :validate_original_created_range
  validate :url_must_be_http_url
  def parent_posts = parents
  def child_posts = children
  def sibling_posts
    parent_post_ids = parent_posts.order(:id).pluck(:id)
    parent_post_ids.to_h { [_1, PostImplication.where(parent_post: _1).map(&:post)] }
  end
  def as_json options = { }
-    super(options).merge({ thumbnail: thumbnail.attached? ?
+    super(options).merge(thumbnail: thumbnail.attached? ?
-                                      Rails.application.routes.url_helpers.rails_blob_url(
+                                    Rails.application.routes.url_helpers.rails_blob_url(
-                                          thumbnail, only_path: false) :
+                                        thumbnail, only_path: false) :
-                                      nil })
+                                    nil)
  rescue
    super(options).merge(thumbnail: nil)
  end
  def snapshot_tag_names = tags.joins(:tag_name).order('tag_names.name').pluck('tag_names.name')
  def snapshot_parent_post_ids = parents.order(:id).pluck(:id)
  def related limit: nil
    ids = post_similarities.order(cos: :desc)
    ids = ids.limit(limit) if limit
@@ -67,7 +94,7 @@ class Post < ApplicationRecord
    return if !(f) || !(b)
    if f >= b
-      errors.add :original_created_before, 'オリジナルの作成日時の順番がをかしぃです．'
+      errors.add :original_created_at, 'オリジナルの作成日時の順番がをかしぃです．'
    end
  end
@@ -0,0 +1,19 @@
 class PostImplication < ApplicationRecord
  self.primary_key = :post_id, :parent_post_id
  belongs_to :post, inverse_of: :parent_post_implications
  belongs_to :parent_post, class_name: 'Post', inverse_of: :child_post_implications
  validates :post_id, presence: true, uniqueness: { scope: :parent_post_id }
  validates :parent_post_id, presence: true
  validate :parent_post_mustnt_be_itself
  private
  def parent_post_mustnt_be_itself
    if parent_post_id == post_id
      errors.add :parent_post_id, '親投稿に同じ投稿を設定することはできません．'
    end
  end
 end
@@ -40,6 +40,8 @@ class Tag < ApplicationRecord
  belongs_to :tag_name
  delegate :wiki_page, to: :tag_name
  attribute :version_no, :integer, default: 1
  delegate :name, to: :tag_name, allow_nil: true
  validates :tag_name, presence: true
@@ -79,15 +81,18 @@ class Tag < ApplicationRecord
  def material_id = materials.first&.id
  def has_deerjikists = deerjikists.loaded? ? deerjikists.any? : deerjikists.exists?
  def self.tagme = find_or_create_by_tag_name!('タグ希望', category: :meta)
  def self.bot = find_or_create_by_tag_name!('bot操作', category: :meta)
  def self.no_deerjikist = find_or_create_by_tag_name!('ニジラー情報不詳', category: :meta)
  def self.video = find_or_create_by_tag_name!('動画', category: :meta)
  def self.niconico = find_or_create_by_tag_name!('ニコニコ', category: :meta)
  def self.youtube = find_or_create_by_tag_name!('YouTube', category: :meta)
-  def self.normalise_tags tag_names, with_tagme: true,
+  def self.normalise_tags! tag_names, with_tagme: true,
-                                     with_no_deerjikist: true,
+                                      with_no_deerjikist: true,
-                                     deny_nico: true
+                                      deny_nico: true
    if deny_nico && tag_names.any? { |n| n.downcase.start_with?('nico:') }
      raise NicoTagNormalisationError
    end
@@ -7,6 +7,10 @@ class Theatre < ApplicationRecord
           class_name: 'TheatreWatchingUser', inverse_of: :theatre
  has_many :watching_users, through: :active_theatre_watching_users, source: :user
  has_many :programmes, class_name: 'TheatreProgramme'
  has_many :skip_votes, class_name: 'TheatreSkipVote', dependent: :delete_all
  has_many :skip_events, class_name: 'TheatreSkipEvent', dependent: :delete_all
  belongs_to :host_user, class_name: 'User', optional: true
  belongs_to :current_post, class_name: 'Post', optional: true
  belongs_to :created_by_user, class_name: 'User'
@@ -0,0 +1,6 @@
 class TheatreProgramme < ApplicationRecord
  self.primary_key = :theatre_id, :position
  belongs_to :theatre
  belongs_to :post
 end
@@ -0,0 +1,10 @@
 class TheatreSkipEvent < ApplicationRecord
  belongs_to :theatre
  belongs_to :post
  belongs_to :skipped_by_user, class_name: 'User'
  has_many :voters, class_name: 'TheatreSkipEventVoter', dependent: :delete_all
  has_many :event_tags, class_name: 'TheatreSkipEventTag', dependent: :delete_all
  has_many :users, through: :voters
  has_many :tags, through: :event_tags
 end
@@ -0,0 +1,6 @@
 class TheatreSkipEventTag < ApplicationRecord
  self.primary_key = :theatre_skip_event_id, :tag_id
  belongs_to :theatre_skip_event
  belongs_to :tag
 end
@@ -0,0 +1,6 @@
 class TheatreSkipEventVoter < ApplicationRecord
  self.primary_key = :theatre_skip_event_id, :user_id
  belongs_to :theatre_skip_event
  belongs_to :user
 end
@@ -0,0 +1,7 @@
 class TheatreSkipVote < ApplicationRecord
  self.primary_key = :theatre_id, :post_id, :user_id
  belongs_to :theatre
  belongs_to :post
  belongs_to :user
 end
@@ -4,7 +4,6 @@ class User < ApplicationRecord
  validates :name, length: { maximum: 255 }
  validates :inheritance_code, presence: true, length: { maximum: 64 }
  validates :role, presence: true, inclusion: { in: roles.keys }
  validates :banned, inclusion: { in: [true, false] }
  has_many :created_posts,
           class_name: 'Post', foreign_key: :uploaded_user_id, dependent: :nullify
@@ -19,5 +18,10 @@ class User < ApplicationRecord
           class_name: 'WikiPage', foreign_key: :updated_user_id, dependent: :nullify
  def viewed?(post) = user_post_views.exists?(post_id: post.id)
  def gte_member? = member? || admin?
  def banned? = banned_at.present?
  def ban! = banned? || update!(banned_at: Time.current)
  def unban! = update!(banned_at: nil)
 end
@@ -13,8 +13,13 @@ class WikiPage < ApplicationRecord
           foreign_key: :redirect_page_id,
           dependent: :nullify
  has_many :wiki_versions
  attribute :version_no, :integer, default: 1
  belongs_to :tag_name
  validates :tag_name, presence: true
  validates :body, presence: true
  def title = tag_name.name
@@ -24,11 +29,6 @@ class WikiPage < ApplicationRecord
  def current_revision = wiki_revisions.order(id: :desc).first
  def body
    rev = current_revision
    rev.body if rev&.content?
  end
  def resolve_redirect limit: 10
    page = self
    visited = Set.new
@@ -0,0 +1,8 @@
 class WikiVersion < ApplicationRecord
  include VersionRecord
  belongs_to :wiki_page
  validates :title, presence: true
  validates :body, presence: true
 end
@@ -2,19 +2,65 @@
 module PostRepr
-  BASE = { include: { tags: TagRepr::BASE, uploaded_user: UserRepr::BASE } }.freeze
+  BASE_FIELDS = [
      :id,
      :version_no,
      :url,
      :title,
      :thumbnail_base,
      :original_created_from,
      :original_created_before,
      :created_at,
      :updated_at
  ].freeze
  module_function
  def base post, current_user = nil
-    json = post.as_json(BASE)
+    json = common(post)
-    return json.merge(viewed: false) unless current_user
+    json['tags'] = tag_json(post.tags)
    json['uploaded_user'] = post.uploaded_user && UserRepr.base(post.uploaded_user)
    json['viewed'] = current_user ? current_user.viewed?(post) : false
    json
  end
-    viewed = current_user.viewed?(post)
+  def detail post, current_user = nil, parent_posts: [], child_posts: [],
-    json.merge(viewed:)
+             sibling_posts: { }, related: []
    base(post, current_user).merge(
        'parent_posts' => cards(parent_posts),
        'child_posts' => cards(child_posts),
        'sibling_posts' => sibling_posts.transform_keys(&:to_s).transform_values { |posts|
          cards(posts)
        },
        'related' => cards(related))
  end
  def card post
    common(post).merge('parent_posts' => [], 'child_posts' => [])
  end
  def cards posts
    posts.map { |post| card(post) }
  end
  def many posts, current_user = nil
    posts.map { |p| base(p, current_user) }
  end
  def common post
    BASE_FIELDS.to_h { |field| [field.to_s, post.public_send(field)] }
               .merge('thumbnail' => thumbnail_url(post))
  end
  def tag_json tags
    tags.map { |tag| TagRepr.inline(tag) }
  end
  def thumbnail_url post
    return nil unless post.thumbnail.attached?
    Rails.application.routes.url_helpers.rails_blob_url(post.thumbnail, only_path: false)
  rescue
    nil
  end
 end
@@ -3,7 +3,7 @@
 module TagRepr
  BASE = { only: [:id, :category, :post_count, :created_at, :updated_at],
-           methods: [:name, :has_wiki, :material_id] }.freeze
+           methods: [:name, :has_wiki, :material_id, :has_deerjikists] }.freeze
  module_function
@@ -12,5 +12,9 @@ module TagRepr
                            parents: tag.parents.map { _1.as_json(BASE) })
  end
  def inline tag
    tag.as_json(BASE).merge(aliases: [], parents: [])
  end
  def many(tags) = tags.map { |t| base(t) }
 end
@@ -24,7 +24,7 @@ class PostVersionRecorder < VersionRecorder
      url: @record.url,
      thumbnail_base: @record.thumbnail_base,
      tags: @record.snapshot_tag_names.join(' '),
-      parent_id: @record.parent_id,
+      parent_post_ids: @record.snapshot_parent_post_ids.join(' '),
      original_created_from: @record.original_created_from,
      original_created_before: @record.original_created_before }
  end
@@ -0,0 +1,29 @@
 class TheatrePostAdvancer
  def self.call(theatre:)
    new(theatre:).call
  end
  def initialize(theatre:)
    @theatre = theatre
  end
  def call
    previous_post = theatre.current_post
    post = TheatrePostSelector.new(theatre:).select
    TheatreSkipVote.where(theatre:, post: previous_post).delete_all if previous_post
    theatre.update!(current_post: post, current_post_started_at: post ? Time.current : nil)
    if post
      position = (theatre.programmes.maximum(:position) || 0) + 1
      theatre.programmes.create!(position:, post:)
    end
    post
  end
  private
  attr_reader :theatre
 end
@@ -0,0 +1,119 @@
 class TheatrePostSelector
  Candidate = Struct.new(:post, :weight, :penalty, :tags, keyword_init: true)
  ELIGIBLE_POST_URL_CONDITION =
      ["url LIKE '%nicovideo.jp%'",
       "url LIKE '%youtube.com/watch%'",
       "url LIKE '%youtu.be/%'"]
      .join(' OR ')
  def initialize theatre:
    @theatre = theatre
  end
  def select
    candidates = weighted_candidates
    return nil if candidates.empty?
    total = candidates.sum(&:weight)
    target = rand * total
    candidates.each do |candidate|
      target -= candidate.weight
      return candidate.post if target <= 0
    end
    candidates.last.post
  end
  def weight_json limit: 20
    candidates = weighted_candidates
    sorted = candidates.sort_by { |candidate| [candidate.weight, candidate.post.id] }
    { tag_penalties: tag_penalty_json,
      lightest_posts: post_weight_json(sorted.first(limit)),
      heaviest_posts: post_weight_json(sorted.reverse.first(limit)) }
  end
  private
  attr_reader :theatre
  def weighted_candidates
    @weighted_candidates ||= begin
      penalties = tag_penalties
      posts = eligible_posts.includes(tags: :tag_name).to_a
      posts.map do |post|
        post_tags = post.tags.to_a
        penalty = post_tags.sum { |tag| penalties[tag.id].to_i }
        Candidate.new(
            post:,
            penalty:,
            tags: post_tags,
            weight: 1.0 / (1.0 + penalty))
      end
    end
  end
  def eligible_posts
    posts = Post.where(ELIGIBLE_POST_URL_CONDITION)
    posts = posts.where.not(id: theatre.current_post_id) if theatre.current_post_id
    posts
  end
  def active_user_ids
    @active_user_ids ||= theatre.watching_users.ids
  end
  def tag_penalties
    @tag_penalties ||=
      if active_user_ids.empty?
        {}
      else
        TheatreSkipEventVoter
          .joins(theatre_skip_event: :event_tags)
          .where(user_id: active_user_ids)
          .group('theatre_skip_event_tags.tag_id')
          .count
      end
  end
  def tag_penalty_json
    return [] if tag_penalties.empty?
    tags = Tag.where(id: tag_penalties.keys).includes(:tag_name).index_by(&:id)
    tag_penalties
      .map { |tag_id, penalty|
        tag = tags[tag_id]
        next unless tag
        { tag: light_tag_json(tag),
          penalty: }
      }
      .compact
      .sort_by { |row| [-row[:penalty], row[:tag][:name].to_s] }
  end
  def post_weight_json candidates
    candidates.map { |candidate|
      { post: light_post_json(candidate.post),
        weight: candidate.weight,
        penalty: candidate.penalty,
        tags: candidate.tags.map { |tag| light_tag_json(tag) } }
    }
  end
  def light_post_json post
    { id: post.id,
      title: post.title,
      url: post.url }
  end
  def light_tag_json tag
    { id: tag.id,
      name: tag.name,
      category: tag.category }
  end
 end
@@ -0,0 +1,40 @@
 class TheatreSkipFinalizer
  def self.call(theatre:, user:)
    new(theatre:, user:).call
  end
  def initialize(theatre:, user:)
    @theatre = theatre
    @user = user
  end
  def call
    return unless theatre.current_post
    post = theatre.current_post
    voters = TheatreSkipVote.where(theatre:, post:).includes(:user).map(&:user)
    return if voters.empty?
    event = TheatreSkipEvent.create!(
        theatre:,
        post:,
        skipped_by_user: user,
        programme_position: theatre.programmes.maximum(:position))
    voters.uniq(&:id).each do |voter|
      TheatreSkipEventVoter.create!(theatre_skip_event: event, user: voter)
    end
    post.tags.find_each do |tag|
      TheatreSkipEventTag.create!(theatre_skip_event: event, tag:)
    end
    TheatreSkipVote.where(theatre:, post:).delete_all
    event
  end
  private
  attr_reader :theatre, :user
 end
@@ -16,19 +16,20 @@ class VersionRecorder
      @record = record_class.unscoped.lock.find(@record.id)
      latest = latest_version
-      if !(latest) && @event_type != 'create'
+      validate_version_sequence!(latest)
        raise "#{ version_class.name } first event must be create"
      end
      if @event_type == 'create' && latest
        raise "#{ version_class.name } create event already exists"
      end
      attrs = snapshot_attributes
-      return latest if @event_type == 'update' && latest && same_snapshot?(latest, attrs)
+      if @event_type == 'update' && latest && same_snapshot?(latest, attrs)
        return latest
      end
-      version_class.create!(base_attributes(latest).merge(record_key => @record).merge(attrs))
+      version = version_class.create!(
          base_attributes(latest).merge(record_key => @record).merge(attrs))
      update_record_version_no!(version.version_no)
      version
    end
  end
@@ -45,7 +46,31 @@ class VersionRecorder
      created_by_user: @created_by_user }
  end
-  def same_snapshot?(version, attrs) = attrs.all? { |k, v| version.public_send(k) == v }
+  def update_record_version_no! version_no
    @record.update_columns(version_no:)
    @record.version_no = version_no
  end
  def validate_version_sequence! latest
    if !(latest) && @event_type != 'create'
      raise "#{ version_class.name } first event must be create"
    end
    if @event_type == 'create' && latest
      raise "#{ version_class.name } create event already exists"
    end
    return unless latest
    if @record.version_no != latest.version_no
      raise ("#{ record_class.name }##{ @record.id } version_no is #{ @record.version_no }, " +
             "but latest #{ version_class.name } version_no is #{ latest.version_no }")
    end
  end
  def same_snapshot? version, attrs
    attrs.all? { |k, v| version.public_send(k) == v }
  end
  def validate_event_type!
    return if EVENT_TYPES.include?(@event_type)
@@ -7,6 +7,31 @@ module Wiki
      ;
    end
    def self.create_content! tag_name:, body:, created_by_user:, message: nil
      normalised = normalise_body(body)
      page = WikiPage.new(tag_name:,
                          body: normalised,
                          created_user: created_by_user,
                          updated_user: created_by_user)
      if normalised.blank?
        page.errors.add(:body, :blank)
        raise ActiveRecord::RecordInvalid, page
      end
      ActiveRecord::Base.transaction do
        page.save!
        new(page:, created_user: created_by_user).content!(
            body: normalised,
            message:,
            base_revision_id: nil)
        page
      end
    end
    def self.content! page:, body:, created_user:, message: nil, base_revision_id: nil
      new(page:, created_user:).content!(body:, message:, base_revision_id:)
    end
@@ -21,7 +46,12 @@ module Wiki
    end
    def content! body:, message:, base_revision_id:
-      normalised = normalise_body(body)
+      normalised = self.class.normalise_body(body)
      if normalised.blank?
        @page.errors.add(:body, :blank)
        raise ActiveRecord::RecordInvalid, @page
      end
      lines = split_lines(normalised)
      line_shas = lines.map { |line| Digest::SHA256.hexdigest(line) }
@@ -37,10 +67,19 @@ module Wiki
          current_id = @page.wiki_revisions.maximum(:id)
          if current_id && current_id != base_revision_id.to_i
            raise Conflict,
-                "競合が発生してゐます（現在の Id.：#{ current_id }，ベース Id.：#{ base_revision_id }）．"
+                "競合が発生してゐます" +
                "（現在の Id.：#{ current_id }，ベース Id.：#{ base_revision_id }）．"
          end
        end
        @page.update!(body: normalised)
        WikiVersionRecorder.record!(
            page: @page,
            event_type: @page.wiki_versions.exists? ? :update : :create,
            reason: message,
            created_by_user: @created_user)
        rev = WikiRevision.create!(
            wiki_page:        @page,
            base_revision_id:,
@@ -54,65 +93,45 @@ module Wiki
        rows = line_ids.each_with_index.map do |line_id, pos|
          { wiki_revision_id: rev.id, wiki_line_id: line_id, position: pos }
        end
-        WikiRevisionLine.insert_all!(rows)
+        WikiRevisionLine.insert_all!(rows) if rows.any?
        rev
      end
    end
-    def redirect! redirect_page:, message:, base_revision_id:
+    def redirect!(redirect_page:, message:, base_revision_id:) = raise '廃止しました．'
      ActiveRecord::Base.transaction do
        @page.lock!
-        if base_revision_id.present?
+    def self.normalise_body body
-          current_id = @page.wiki_revisions.maximum(:id)
+      s = body.to_s
-          if current_id && current_id != base_revision_id.to_i
+      s.gsub!(/\r\n?/, "\n")
-            raise Conflict,
+      s.encode('UTF-8', invalid: :replace, undef: :replace, replace: '🖕')
-                "競合が発生してゐます（現在の Id.：#{ current_id }，ベース Id.：#{ base_revision_id }）．"
+      s.gsub(/\n+$/, '')
          end
        end
        WikiRevision.create!(
            wiki_page:        @page,
            base_revision_id:,
            created_user:     @created_user,
            kind:             :redirect,
            redirect_page:,
            message:,
            lines_count:      0,
            tree_sha256:      nil)
      end
    end
    private
-    def normalise_body body
+    def split_lines(body) = body.split("\n")
      s = body.to_s
      s.gsub!("\r\n", "\n")
      s.encode('UTF-8', invalid: :replace, undef: :replace, replace: '🖕')
    end
    def split_lines body
      body.split("\n")
    end
    def upsert_lines! lines, line_shas
      now = Time.current
      id_by_sha = WikiLine.where(sha256: line_shas).pluck(:sha256, :id).to_h
-      missing_rows = []
+      missing_by_sha = { }
      line_shas.each_with_index do |sha, i|
        next if id_by_sha.key?(sha)
        next if missing_by_sha.key?(sha)
-        missing_rows << { sha256:     sha,
+        missing_by_sha[sha] = {
-                          body:       lines[i],
+            sha256:     sha,
-                          created_at: now,
+            body:       lines[i],
-                          updated_at: now }
+            created_at: now,
            updated_at: now }
      end
-      if missing_rows.any?
+      if missing_by_sha.any?
-        WikiLine.upsert_all(missing_rows)
+        WikiLine.upsert_all(missing_by_sha.values)
        id_by_sha = WikiLine.where(sha256: line_shas).pluck(:sha256, :id).to_h
      end
@@ -0,0 +1,21 @@
 class WikiVersionRecorder < VersionRecorder
  def self.record! page:, event_type:, reason: nil, created_by_user:
    new(page:, event_type:, reason:, created_by_user:).record!
  end
  def initialize page:, event_type:, reason: nil, created_by_user:
    @reason = reason
    super(record: page, event_type:, created_by_user:)
  end
  private
  def version_class = WikiVersion
  def version_association = :wiki_versions
  def record_key = :wiki_page
  def snapshot_attributes = {
      title: @record.title,
      body: @record.body,
      reason: @reason }
 end
@@ -0,0 +1,73 @@
 require 'json'
 require 'net/http'
 require 'uri'
 module Youtube
  class ApiClient
    ENDPOINT = 'https://www.googleapis.com/youtube/v3'
    def initialize api_key: ENV.fetch('YOUTUBE_API_KEY')
      @api_key = api_key
    end
    def search_videos q:, published_after: nil, published_before: nil, page_token: nil
      get_json('/search', {
          part:           'snippet',
          type:           'video',
          q:,
          order:          'date',
          maxResults:     50,
          regionCode:     'JP',
          relevanceLanguage: 'ja',
          publishedAfter: published_after&.iso8601,
          publishedBefore: published_before&.iso8601,
          pageToken:      page_token }.compact)
    end
    def videos ids
      return { 'items' => [] } if ids.empty?
      get_json('/videos', part: 'snippet,status,contentDetails', id: ids.join(','))
    end
    def playlist_items playlist_id:, page_token: nil
      get_json('/playlistItems', {
          part:       'snippet,contentDetails,status',
          playlistId: playlist_id,
          maxResults: 50,
          pageToken:  page_token }.compact)
    end
    def channel id: nil, handle: nil
      raise ArgumentError, 'id or handle is required' if id.present? == handle.present?
      params = { part: 'snippet,contentDetails' }
      params[:id] = id if id.present?
      params[:forHandle] = handle if handle.present?
      get_json('/channels', params)
    end
    private
    def get_json path, params
      uri = URI(ENDPOINT + path)
      uri.query = URI.encode_www_form(params.merge(key: @api_key))
      response = Net::HTTP.start(uri.host,
                                 uri.port,
                                 use_ssl: true,
                                 open_timeout: 10,
                                 read_timeout: 30) do |http|
        http.get(uri)
      end
      unless response.is_a?(Net::HTTPSuccess)
        raise "YouTube API error: #{ response.code } #{ response.body }"
      end
      JSON.parse(response.body)
    end
  end
 end
@@ -0,0 +1,168 @@
 require 'open-uri'
 require 'set'
 require 'time'
 module Youtube
  class Sync
    def initialize client: ApiClient.new
      @client = client
    end
    def sync!
      video_ids = discover_video_ids
      return if video_ids.empty?
      video_ids.each_slice(50) do |ids|
        @client.videos(ids).fetch('items', []).each do |item|
          sync_video!(VideoItem.new(item))
        end
      end
    end
    private
    def discover_video_ids
      ids = Set.new
      query_terms.each do |q|
        response = @client.search_videos(q:, published_after: sync_since)
        response.fetch('items', []).each do |item|
          video_id = item.dig('id', 'videoId')
          ids << video_id if video_id.present?
        end
      end
      playlist_ids.each do |playlist_id|
        each_playlist_item(playlist_id) do |item|
          video_id = item.dig('contentDetails', 'videoId')
          video_id ||= item.dig('snippet', 'resourceId', 'videoId')
          ids << video_id if video_id.present?
        end
      end
      ids.to_a
    end
    def sync_video! video
      post = Post.where('url REGEXP ?', youtube_url_regexp(video.id)).first
      original_created_from = video.published_at.change(sec: 0)
      original_created_before = original_created_from + 1.minute
      post_created = false
      post_changed = false
      if post
        post.assign_attributes(title: video.title,
                               original_created_from:,
                               original_created_before:,
                               thumbnail_base: video.thumbnail_url)
        post_changed = post.changed?
        post.save! if post_changed
        attach_thumbnail_if_needed!(post, video.thumbnail_url)
      else
        post_created = true
        post = Post.create!(
            title: video.title,
            url: video.url,
            thumbnail_base: video.thumbnail_url,
            uploaded_user_id: nil,
            original_created_from:,
            original_created_before:)
        attach_thumbnail_if_needed!(post, video.thumbnail_url)
        sync_post_tags!(post, [Tag.tagme.id, Tag.bot.id, Tag.youtube.id, Tag.video.id])
      end
      kept_tag_ids = post.tags.pluck(:id).to_set
      desired_tag_ids = kept_tag_ids.to_a
      deerjikist = Deerjikist.find_by(platform: :youtube, code: video.channel_id)
      if deerjikist
        desired_tag_ids.delete(Tag.no_deerjikist.id)
        desired_tag_ids << deerjikist.tag_id
      elsif post.tags.where(category: :deerjikist).none?
        desired_tag_ids << Tag.no_deerjikist.id
      end
      desired_tag_ids.uniq!
      sync_post_tags!(post, desired_tag_ids, current_tag_ids: kept_tag_ids)
      if post_created
        PostVersionRecorder.record!(post:, event_type: :create, created_by_user: nil)
      elsif post_changed || kept_tag_ids != desired_tag_ids.to_set
        PostVersionRecorder.ensure_snapshot!(post, created_by_user: nil)
        PostVersionRecorder.record!(post:, event_type: :update, created_by_user: nil)
      end
    end
    def sync_post_tags! post, desired_tag_ids, current_tag_ids: nil
      current_tag_ids ||= PostTag.kept.where(post_id: post.id).pluck(:tag_id).to_set
      desired_tag_ids = desired_tag_ids.compact.to_set
      to_add = desired_tag_ids - current_tag_ids
      to_remove = current_tag_ids - desired_tag_ids
      Tag.where(id: to_add.to_a).find_each do |tag|
        begin
          PostTag.create!(post:, tag:)
        rescue ActiveRecord::RecordNotUnique
          ;
        end
      end
      PostTag.where(post_id: post.id, tag_id: to_remove.to_a).kept.find_each do |pt|
        pt.discard_by!(nil)
      end
    end
    def attach_thumbnail_if_needed! post, thumbnail_url
      return if post.thumbnail.attached?
      return if thumbnail_url.blank?
      post.thumbnail.attach(
          io:           URI.open(thumbnail_url),
          filename:     File.basename(URI.parse(thumbnail_url).path),
          content_type: 'image/jpeg')
      post.resized_thumbnail!
    end
    def youtube_url_regexp id
      escaped = Regexp.escape(id)
      "(youtube\\.com/watch\\?v=#{ escaped }|youtu\\.be/#{ escaped })([^A-Za-z0-9_-]|$)"
    end
    def query_terms = ['ぼざろクリーチャーシリーズ', '伊地知ニジカ', '伊地知虹鹿']
    def playlist_ids
      ['PLrOch4zHkI5vu29b-f9umUQQ4tQkuWLPX',
       'PLrOch4zHkI5vOK0RaytQq6PbucxQkkL0K',
       'PLrOch4zHkI5tdwm9vSegiDQJOM-hgpcOC']
    end
    def sync_since = 14.days.ago
    def each_playlist_item playlist_id
      page_token = nil
      loop do
        response = @client.playlist_items(playlist_id:, page_token:)
        response.fetch('items', []).each do |item|
          yield item
        end
        page_token = response['nextPageToken']
        break if page_token.blank?
      end
    end
  end
 end
@@ -0,0 +1,32 @@
 require 'time'
 module Youtube
  class VideoItem
    attr_reader :id, :title, :channel_id, :published_at, :thumbnail_url, :raw_tags
    def initialize item
      snippet = item.fetch('snippet')
      @id = item.fetch('id')
      @title = snippet['title']
      @channel_id = snippet['channelId']
      @published_at = Time.iso8601(snippet['publishedAt'])
      @thumbnail_url = pick_thumbnail(snippet['thumbnails'] || { })
      @raw_tags = snippet['tags'] || []
    end
    def url = "https://www.youtube.com/watch?v=#{ @id }"
    private
    def pick_thumbnail thumbnails
      ['maxres', 'standard', 'high', 'medium', 'default'].each do |key|
        url = thumbnails.dig(key, 'url')
        return url if url.present?
      end
      nil
    end
  end
 end
@@ -24,6 +24,7 @@ Rails.application.routes.draw do
      patch '', action: :update
      get :deerjikists
      put :deerjikists, action: :update_deerjikists
    end
  end
@@ -84,9 +85,14 @@ Rails.application.routes.draw do
    member do
      put :watching
      patch :next_post
      put :skip_vote
      delete :skip_vote, action: :unskip_vote
      get :post_selection_weights
    end
-    resources :comments, controller: :theatre_comments, only: [:index, :create]
+    resources :comments, controller: :theatre_comments, only: [:index, :create, :destroy]
    resources :programmes, controller: :theatre_programmes, only: [:index]
    resources :skip_events, controller: :theatre_skip_events, only: [:index]
  end
  resources :materials, only: [:index, :show, :create, :update, :destroy]
@@ -17,3 +17,11 @@ every 1.day, at: '0:00 am' do
  rake 'post_similarity:calc', environment: 'production'
  rake 'tag_similarity:calc', environment: 'production'
 end
 every 1.day, at: '7:50 am' do
  rake 'nico:export', environment: 'production'
 end
 every :hour do
  rake 'post:sync', environment: 'production'
 end
@@ -0,0 +1,91 @@
 class CreateWikiVersions < ActiveRecord::Migration[8.0]
  class WikiPage < ActiveRecord::Base
    self.table_name = 'wiki_pages'
  end
  class WikiRevision < ActiveRecord::Base
    self.table_name = 'wiki_revisions'
  end
  class WikiRevisionLine < ActiveRecord::Base
    self.table_name = 'wiki_revision_lines'
  end
  class WikiLine < ActiveRecord::Base
    self.table_name = 'wiki_lines'
  end
  class WikiVersion < ActiveRecord::Base
    self.table_name = 'wiki_versions'
  end
  class TagName < ActiveRecord::Base
    self.table_name = 'tag_names'
  end
  def up
    add_column :wiki_pages, :body, :text, after: :tag_name_id
    create_table :wiki_versions do |t|
      t.references :wiki_page, null: false, foreign_key: true
      t.integer :version_no, null: false
      t.string :event_type, null: false
      t.string :title, null: false
      t.text :body, null: false
      t.text :reason
      t.datetime :created_at, null: false
      t.references :created_by_user, foreign_key: { to_table: :users }
      t.index [:wiki_page_id, :version_no], unique: true
      t.check_constraint 'version_no > 0',
                         name: 'wiki_versions_version_no_positive'
      t.check_constraint "event_type IN ('create', 'update', 'discard', 'restore')",
                         name: 'wiki_versions_event_type_valid'
    end
    WikiPage.reset_column_information
    WikiVersion.reset_column_information
    say_with_time 'Backfilling wiki_versions' do
      WikiPage.find_each do |page|
        base_revision_id = nil
        version_no = 1
        title = TagName.find(page.tag_name_id).name
        body = nil
        loop do
          rev = WikiRevision.where(wiki_page_id: page.id).find_by(base_revision_id:)
          break unless rev
          body = WikiRevisionLine.where(wiki_revision_id: rev.id).order(:position).map { |wrl|
            WikiLine.find(wrl.wiki_line_id).body
          }.join("\n")
          WikiVersion.create!(
              wiki_page_id: page.id,
              version_no:,
              event_type: version_no == 1 ? 'create' : 'update',
              title:,
              body:,
              reason: rev.message,
              created_at: rev.created_at,
              created_by_user_id: rev.created_user_id)
          version_no += 1
          base_revision_id = rev.id
        end
        if body
          page.update!(body:)
        else
          page.destroy!
        end
      end
    end
    change_column_null :wiki_pages, :body, false
  end
  def down
    drop_table :wiki_versions
    remove_column :wiki_pages, :body
  end
 end
@@ -0,0 +1,24 @@
 class CreatePostImplications < ActiveRecord::Migration[8.0]
  def up
    create_table :post_implications, primary_key: [:post_id, :parent_post_id] do |t|
      t.references :post, null: false, foreign_key: true, index: false
      t.references :parent_post, null: false, foreign_key: { to_table: :posts }
      t.timestamps
      t.check_constraint 'post_id <> parent_post_id',
                         name: 'chk_post_implications_no_self'
    end
    add_column :post_versions, :parent_post_ids, :text, null: false, after: :parent_id
    remove_column :post_versions, :parent_id, :bigint
    remove_reference :posts, :parent, foreign_key: { to_table: :posts }
  end
  def down
    add_reference :posts, :parent, foreign_key: { to_table: :posts }, after: :thumbnail_base
    add_column :post_versions, :parent_id, :bigint, after: :post_id
    remove_column :post_versions, :parent_post_ids, :text
    drop_table :post_implications
  end
 end
@@ -0,0 +1,16 @@
 class RenameBannedToBannedAtInUsersAndIpAddresses < ActiveRecord::Migration[8.0]
  def up
    [:users, :ip_addresses].each do
      add_column _1, :banned_at, :datetime, after: :banned
      add_index _1, :banned_at
      remove_column _1, :banned
    end
  end
  def down
    [:ip_addresses, :users].each do
      add_column _1, :banned, :boolean, null: false, default: false, after: :banned_at
      remove_column _1, :banned_at
    end
  end
 end
@@ -0,0 +1,27 @@
 class AddVersionNoToPosts < ActiveRecord::Migration[8.0]
  def up
    add_column :posts, :version_no, :integer
    execute <<~SQL
      UPDATE
        posts
      SET
        version_no = (
          SELECT
            MAX(version_no)
          FROM
            post_versions
          WHERE
            post_id = posts.id)
    SQL
    change_column_null :posts, :version_no, false
    add_check_constraint :posts, 'version_no > 0', name: 'chk_posts_version_no_positive'
  end
  def down
    remove_check_constraint :posts, name: 'chk_posts_version_no_positive'
    remove_column :posts, :version_no
  end
 end
@@ -0,0 +1,37 @@
 class AddVersionNoToTags < ActiveRecord::Migration[8.0]
  def up
    add_column :tags, :version_no, :integer
    execute <<~SQL
      UPDATE
        tags
      SET
        version_no = (
          CASE category
          WHEN 'nico' THEN
            (SELECT
               MAX(version_no)
             FROM
               nico_tag_versions
             WHERE
               tag_id = tags.id)
          ELSE
            (SELECT
               MAX(version_no)
             FROM
               tag_versions
             WHERE
               tag_id = tags.id)
          END)
    SQL
    change_column_null :tags, :version_no, false
    add_check_constraint :tags, 'version_no > 0', name: 'chk_tags_version_no_positive'
  end
  def down
    remove_check_constraint :tags, name: 'chk_tags_version_no_positive'
    remove_column :tags, :version_no
  end
 end
@@ -0,0 +1,27 @@
 class AddVersionNoToWikiPages < ActiveRecord::Migration[8.0]
  def up
    add_column :wiki_pages, :version_no, :integer
    execute <<~SQL
      UPDATE
        wiki_pages
      SET
        version_no = (
          SELECT
            MAX(version_no)
          FROM
            wiki_versions
          WHERE
            wiki_page_id = wiki_pages.id)
    SQL
    change_column_null :wiki_pages, :version_no, false
    add_check_constraint :wiki_pages, 'version_no > 0', name: 'chk_wiki_pages_version_no_positive'
  end
  def down
    remove_check_constraint :wiki_pages, name: 'chk_wiki_pages_version_no_positive'
    remove_column :wiki_pages, :version_no
  end
 end
@@ -0,0 +1,10 @@
 class CreateTheatreProgrammes < ActiveRecord::Migration[8.0]
  def change
    create_table :theatre_programmes, primary_key: [:theatre_id, :position] do |t|
      t.references :theatre, null: false, foreign_key: true
      t.integer :position, null: false
      t.references :post, null: false, foreign_key: true
      t.datetime :created_at, null: false
    end
  end
 end
@@ -0,0 +1,36 @@
 class CreateTheatreSkipVotesAndEvents < ActiveRecord::Migration[8.0]
  def change
    create_table :theatre_skip_votes, primary_key: [:theatre_id, :post_id, :user_id] do |t|
      t.references :theatre, null: false, foreign_key: true
      t.references :post, null: false, foreign_key: true
      t.references :user, null: false, foreign_key: true
      t.timestamps
    end
    create_table :theatre_skip_events do |t|
      t.references :theatre, null: false, foreign_key: true
      t.references :post, null: false, foreign_key: true
      t.references :skipped_by_user, null: false, foreign_key: { to_table: :users }
      t.integer :programme_position
      t.datetime :created_at, null: false
    end
    create_table :theatre_skip_event_voters, primary_key: [:theatre_skip_event_id, :user_id] do |t|
      t.references :theatre_skip_event, null: false, foreign_key: true
      t.references :user, null: false, foreign_key: true
    end
    create_table :theatre_skip_event_tags, primary_key: [:theatre_skip_event_id, :tag_id] do |t|
      t.references :theatre_skip_event, null: false, foreign_key: true
      t.references :tag, null: false, foreign_key: true
    end
    add_index :theatre_skip_events, [:theatre_id, :created_at]
    add_index :theatre_skip_votes, [:theatre_id, :post_id, :created_at],
              name: 'idx_theatre_skip_votes_theatre_post_created'
    add_index :theatre_skip_event_voters, [:user_id, :theatre_skip_event_id],
              name: 'idx_theatre_skip_event_voters_user_event'
    add_index :theatre_skip_event_tags, [:tag_id, :theatre_skip_event_id],
              name: 'idx_theatre_skip_event_tags_tag_event'
  end
 end
@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
-ActiveRecord::Schema[8.0].define(version: 2026_04_19_035400) do
+ActiveRecord::Schema[8.0].define(version: 2026_06_06_000000) do
  create_table "active_storage_attachments", charset: "utf8mb4", collation: "utf8mb4_0900_ai_ci", force: :cascade do |t|
    t.string "name", null: false
    t.string "record_type", null: false
@@ -50,9 +50,10 @@ ActiveRecord::Schema[8.0].define(version: 2026_04_19_035400) do
  create_table "ip_addresses", charset: "utf8mb4", collation: "utf8mb4_0900_ai_ci", force: :cascade do |t|
    t.binary "ip_address", limit: 16, null: false
-    t.boolean "banned", default: false, null: false
+    t.datetime "banned_at"
    t.datetime "created_at", null: false
    t.datetime "updated_at", null: false
    t.index ["banned_at"], name: "index_ip_addresses_on_banned_at"
    t.index ["ip_address"], name: "index_ip_addresses_on_ip_address", unique: true
  end
@@ -119,6 +120,15 @@ ActiveRecord::Schema[8.0].define(version: 2026_04_19_035400) do
    t.check_constraint "`version_no` > 0", name: "nico_tag_versions_version_no_positive"
  end
  create_table "post_implications", primary_key: ["post_id", "parent_post_id"], charset: "utf8mb4", collation: "utf8mb4_0900_ai_ci", force: :cascade do |t|
    t.bigint "post_id", null: false
    t.bigint "parent_post_id", null: false
    t.datetime "created_at", null: false
    t.datetime "updated_at", null: false
    t.index ["parent_post_id"], name: "index_post_implications_on_parent_post_id"
    t.check_constraint "`post_id` <> `parent_post_id`", name: "chk_post_implications_no_self"
  end
  create_table "post_similarities", primary_key: ["post_id", "target_post_id"], charset: "utf8mb4", collation: "utf8mb4_0900_ai_ci", force: :cascade do |t|
    t.bigint "post_id", null: false
    t.bigint "target_post_id", null: false
@@ -155,13 +165,12 @@ ActiveRecord::Schema[8.0].define(version: 2026_04_19_035400) do
    t.string "url", limit: 768, null: false
    t.string "thumbnail_base", limit: 2000
    t.text "tags", null: false
-    t.bigint "parent_id"
+    t.text "parent_post_ids", null: false
    t.datetime "original_created_from"
    t.datetime "original_created_before"
    t.datetime "created_at", null: false
    t.bigint "created_by_user_id"
    t.index ["created_by_user_id"], name: "index_post_versions_on_created_by_user_id"
    t.index ["parent_id"], name: "index_post_versions_on_parent_id"
    t.index ["post_id", "version_no"], name: "index_post_versions_on_post_id_and_version_no", unique: true
    t.index ["post_id"], name: "index_post_versions_on_post_id"
    t.check_constraint "`event_type` in (_utf8mb4'create',_utf8mb4'update',_utf8mb4'discard',_utf8mb4'restore')", name: "post_versions_event_type_valid"
@@ -172,15 +181,15 @@ ActiveRecord::Schema[8.0].define(version: 2026_04_19_035400) do
    t.string "title"
    t.string "url", limit: 768, null: false
    t.string "thumbnail_base", limit: 2000
    t.bigint "parent_id"
    t.bigint "uploaded_user_id"
    t.datetime "created_at", null: false
    t.datetime "original_created_from"
    t.datetime "original_created_before"
    t.datetime "updated_at", null: false
-    t.index ["parent_id"], name: "index_posts_on_parent_id"
+    t.integer "version_no", null: false
    t.index ["uploaded_user_id"], name: "index_posts_on_uploaded_user_id"
    t.index ["url"], name: "index_posts_on_url", unique: true
    t.check_constraint "`version_no` > 0", name: "chk_posts_version_no_positive"
  end
  create_table "settings", charset: "utf8mb4", collation: "utf8mb4_0900_ai_ci", force: :cascade do |t|
@@ -255,8 +264,10 @@ ActiveRecord::Schema[8.0].define(version: 2026_04_19_035400) do
    t.datetime "updated_at", null: false
    t.integer "post_count", default: 0, null: false
    t.datetime "discarded_at"
    t.integer "version_no", null: false
    t.index ["discarded_at"], name: "index_tags_on_discarded_at"
    t.index ["tag_name_id"], name: "index_tags_on_tag_name_id", unique: true
    t.check_constraint "`version_no` > 0", name: "chk_tags_version_no_positive"
  end
  create_table "theatre_comments", primary_key: ["theatre_id", "no"], charset: "utf8mb4", collation: "utf8mb4_0900_ai_ci", force: :cascade do |t|
@@ -272,6 +283,55 @@ ActiveRecord::Schema[8.0].define(version: 2026_04_19_035400) do
    t.index ["user_id"], name: "index_theatre_comments_on_user_id"
  end
  create_table "theatre_programmes", primary_key: ["theatre_id", "position"], charset: "utf8mb4", collation: "utf8mb4_0900_ai_ci", force: :cascade do |t|
    t.bigint "theatre_id", null: false
    t.integer "position", null: false
    t.bigint "post_id", null: false
    t.datetime "created_at", null: false
    t.index ["post_id"], name: "index_theatre_programmes_on_post_id"
    t.index ["theatre_id"], name: "index_theatre_programmes_on_theatre_id"
  end
  create_table "theatre_skip_event_tags", primary_key: ["theatre_skip_event_id", "tag_id"], charset: "utf8mb4", collation: "utf8mb4_0900_ai_ci", force: :cascade do |t|
    t.bigint "theatre_skip_event_id", null: false
    t.bigint "tag_id", null: false
    t.index ["tag_id", "theatre_skip_event_id"], name: "idx_theatre_skip_event_tags_tag_event"
    t.index ["tag_id"], name: "index_theatre_skip_event_tags_on_tag_id"
    t.index ["theatre_skip_event_id"], name: "index_theatre_skip_event_tags_on_theatre_skip_event_id"
  end
  create_table "theatre_skip_event_voters", primary_key: ["theatre_skip_event_id", "user_id"], charset: "utf8mb4", collation: "utf8mb4_0900_ai_ci", force: :cascade do |t|
    t.bigint "theatre_skip_event_id", null: false
    t.bigint "user_id", null: false
    t.index ["theatre_skip_event_id"], name: "index_theatre_skip_event_voters_on_theatre_skip_event_id"
    t.index ["user_id", "theatre_skip_event_id"], name: "idx_theatre_skip_event_voters_user_event"
    t.index ["user_id"], name: "index_theatre_skip_event_voters_on_user_id"
  end
  create_table "theatre_skip_events", charset: "utf8mb4", collation: "utf8mb4_0900_ai_ci", force: :cascade do |t|
    t.bigint "theatre_id", null: false
    t.bigint "post_id", null: false
    t.bigint "skipped_by_user_id", null: false
    t.integer "programme_position"
    t.datetime "created_at", null: false
    t.index ["post_id"], name: "index_theatre_skip_events_on_post_id"
    t.index ["skipped_by_user_id"], name: "index_theatre_skip_events_on_skipped_by_user_id"
    t.index ["theatre_id", "created_at"], name: "index_theatre_skip_events_on_theatre_id_and_created_at"
    t.index ["theatre_id"], name: "index_theatre_skip_events_on_theatre_id"
  end
  create_table "theatre_skip_votes", primary_key: ["theatre_id", "post_id", "user_id"], charset: "utf8mb4", collation: "utf8mb4_0900_ai_ci", force: :cascade do |t|
    t.bigint "theatre_id", null: false
    t.bigint "post_id", null: false
    t.bigint "user_id", null: false
    t.datetime "created_at", null: false
    t.datetime "updated_at", null: false
    t.index ["post_id"], name: "index_theatre_skip_votes_on_post_id"
    t.index ["theatre_id", "post_id", "created_at"], name: "idx_theatre_skip_votes_theatre_post_created"
    t.index ["theatre_id"], name: "index_theatre_skip_votes_on_theatre_id"
    t.index ["user_id"], name: "index_theatre_skip_votes_on_user_id"
  end
  create_table "theatre_watching_users", primary_key: ["theatre_id", "user_id"], charset: "utf8mb4", collation: "utf8mb4_0900_ai_ci", force: :cascade do |t|
    t.bigint "theatre_id", null: false
    t.bigint "user_id", null: false
@@ -326,9 +386,10 @@ ActiveRecord::Schema[8.0].define(version: 2026_04_19_035400) do
    t.string "name"
    t.string "inheritance_code", limit: 64, null: false
    t.string "role", null: false
-    t.boolean "banned", default: false, null: false
+    t.datetime "banned_at"
    t.datetime "created_at", null: false
    t.datetime "updated_at", null: false
    t.index ["banned_at"], name: "index_users_on_banned_at"
  end
  create_table "wiki_assets", charset: "utf8mb4", collation: "utf8mb4_0900_ai_ci", force: :cascade do |t|
@@ -354,16 +415,19 @@ ActiveRecord::Schema[8.0].define(version: 2026_04_19_035400) do
  create_table "wiki_pages", charset: "utf8mb4", collation: "utf8mb4_0900_ai_ci", force: :cascade do |t|
    t.bigint "tag_name_id", null: false
    t.text "body", null: false
    t.bigint "created_user_id", null: false
    t.bigint "updated_user_id", null: false
    t.datetime "created_at", null: false
    t.datetime "updated_at", null: false
    t.datetime "discarded_at"
    t.integer "next_asset_no", default: 1, null: false
    t.integer "version_no", null: false
    t.index ["created_user_id"], name: "index_wiki_pages_on_created_user_id"
    t.index ["discarded_at"], name: "index_wiki_pages_on_discarded_at"
    t.index ["tag_name_id"], name: "index_wiki_pages_on_tag_name_id", unique: true
    t.index ["updated_user_id"], name: "index_wiki_pages_on_updated_user_id"
    t.check_constraint "`version_no` > 0", name: "chk_wiki_pages_version_no_positive"
  end
  create_table "wiki_revision_lines", charset: "utf8mb4", collation: "utf8mb4_0900_ai_ci", force: :cascade do |t|
@@ -396,6 +460,22 @@ ActiveRecord::Schema[8.0].define(version: 2026_04_19_035400) do
    t.index ["wiki_page_id"], name: "index_wiki_revisions_on_wiki_page_id"
  end
  create_table "wiki_versions", charset: "utf8mb4", collation: "utf8mb4_0900_ai_ci", force: :cascade do |t|
    t.bigint "wiki_page_id", null: false
    t.integer "version_no", null: false
    t.string "event_type", null: false
    t.string "title", null: false
    t.text "body", null: false
    t.text "reason"
    t.datetime "created_at", null: false
    t.bigint "created_by_user_id"
    t.index ["created_by_user_id"], name: "index_wiki_versions_on_created_by_user_id"
    t.index ["wiki_page_id", "version_no"], name: "index_wiki_versions_on_wiki_page_id_and_version_no", unique: true
    t.index ["wiki_page_id"], name: "index_wiki_versions_on_wiki_page_id"
    t.check_constraint "`event_type` in (_utf8mb4'create',_utf8mb4'update',_utf8mb4'discard',_utf8mb4'restore')", name: "wiki_versions_event_type_valid"
    t.check_constraint "`version_no` > 0", name: "wiki_versions_version_no_positive"
  end
  add_foreign_key "active_storage_attachments", "active_storage_blobs", column: "blob_id"
  add_foreign_key "active_storage_variant_records", "active_storage_blobs", column: "blob_id"
  add_foreign_key "material_versions", "materials"
@@ -411,6 +491,8 @@ ActiveRecord::Schema[8.0].define(version: 2026_04_19_035400) do
  add_foreign_key "nico_tag_relations", "tags", column: "nico_tag_id"
  add_foreign_key "nico_tag_versions", "tags"
  add_foreign_key "nico_tag_versions", "users", column: "created_by_user_id"
  add_foreign_key "post_implications", "posts"
  add_foreign_key "post_implications", "posts", column: "parent_post_id"
  add_foreign_key "post_similarities", "posts"
  add_foreign_key "post_similarities", "posts", column: "target_post_id"
  add_foreign_key "post_tags", "posts"
@@ -418,9 +500,7 @@ ActiveRecord::Schema[8.0].define(version: 2026_04_19_035400) do
  add_foreign_key "post_tags", "users", column: "created_user_id"
  add_foreign_key "post_tags", "users", column: "deleted_user_id"
  add_foreign_key "post_versions", "posts"
  add_foreign_key "post_versions", "posts", column: "parent_id"
  add_foreign_key "post_versions", "users", column: "created_by_user_id"
  add_foreign_key "posts", "posts", column: "parent_id"
  add_foreign_key "posts", "users", column: "uploaded_user_id"
  add_foreign_key "settings", "users"
  add_foreign_key "tag_implications", "tags"
@@ -433,6 +513,18 @@ ActiveRecord::Schema[8.0].define(version: 2026_04_19_035400) do
  add_foreign_key "tags", "tag_names"
  add_foreign_key "theatre_comments", "theatres"
  add_foreign_key "theatre_comments", "users"
  add_foreign_key "theatre_programmes", "posts"
  add_foreign_key "theatre_programmes", "theatres"
  add_foreign_key "theatre_skip_event_tags", "tags"
  add_foreign_key "theatre_skip_event_tags", "theatre_skip_events"
  add_foreign_key "theatre_skip_event_voters", "theatre_skip_events"
  add_foreign_key "theatre_skip_event_voters", "users"
  add_foreign_key "theatre_skip_events", "posts"
  add_foreign_key "theatre_skip_events", "theatres"
  add_foreign_key "theatre_skip_events", "users", column: "skipped_by_user_id"
  add_foreign_key "theatre_skip_votes", "posts"
  add_foreign_key "theatre_skip_votes", "theatres"
  add_foreign_key "theatre_skip_votes", "users"
  add_foreign_key "theatre_watching_users", "theatres"
  add_foreign_key "theatre_watching_users", "users"
  add_foreign_key "theatres", "posts", column: "current_post_id"
@@ -453,4 +545,6 @@ ActiveRecord::Schema[8.0].define(version: 2026_04_19_035400) do
  add_foreign_key "wiki_revisions", "wiki_pages"
  add_foreign_key "wiki_revisions", "wiki_pages", column: "redirect_page_id"
  add_foreign_key "wiki_revisions", "wiki_revisions", column: "base_revision_id"
  add_foreign_key "wiki_versions", "users", column: "created_by_user_id"
  add_foreign_key "wiki_versions", "wiki_pages"
 end
@@ -0,0 +1,6 @@
 namespace :post do
  desc '投稿同期（ニコニコ以外）'
  task sync: :environment do
    Youtube::Sync.new.sync!
  end
 end
@@ -0,0 +1,10 @@
 FactoryBot.define do
  factory :ip_address do
    ip_address { IPAddr.new('203.0.113.10').hton }
    banned_at { nil }
    trait :banned do
      banned_at { Time.current }
    end
  end
 end
@@ -1,15 +1,24 @@
 FactoryBot.define do
  factory :user do
-    name { "test-user" }
+    name { nil }
    inheritance_code { SecureRandom.uuid }
-    role { "guest" }
+    role { 'guest' }
    banned_at { nil }
    trait :guest do
      role { 'guest' }
    end
    trait :member do
-      role { "member" }
+      role { 'member' }
    end
    trait :admin do
      role { 'admin' }
    end
    trait :banned do
      banned_at { Time.current }
    end
  end
 end
@@ -3,5 +3,7 @@ FactoryBot.define do
    title { "TestPage" }
    association :created_user, factory: :user
    association :updated_user, factory: :user
    body { ' ' }
  end
 end
@@ -0,0 +1,51 @@
 require 'rails_helper'
 RSpec.describe PostImplication, type: :model do
  let!(:post_record) do
    Post.create!(
      title: 'post',
      url: 'https://example.com/post-implication-post'
    )
  end
  let!(:parent_post) do
    Post.create!(
      title: 'parent post',
      url: 'https://example.com/post-implication-parent'
    )
  end
  it 'is valid with post and parent_post' do
    implication = described_class.new(
      post: post_record,
      parent_post:
    )
    expect(implication).to be_valid
  end
  it 'does not allow same post as parent_post' do
    implication = described_class.new(
      post: post_record,
      parent_post: post_record
    )
    expect(implication).not_to be_valid
    expect(implication.errors[:parent_post_id]).to be_present
  end
  it 'does not allow duplicate pair' do
    described_class.create!(
      post: post_record,
      parent_post:
    )
    duplicate = described_class.new(
      post: post_record,
      parent_post:
    )
    expect(duplicate).not_to be_valid
    expect(duplicate.errors[:post_id]).to be_present
  end
 end
@@ -19,7 +19,7 @@ RSpec.describe PostVersion, type: :model do
      url: post_record.url,
      thumbnail_base: post_record.thumbnail_base,
      tags: post_record.snapshot_tag_names.join(' '),
-      parent: post_record.parent,
+      parent_post_ids: post_record.snapshot_parent_post_ids.join(' '),
      original_created_from: post_record.original_created_from,
      original_created_before: post_record.original_created_before,
      created_at: Time.current,
@@ -107,11 +107,13 @@ RSpec.describe Tag, type: :model do
    context 'when the source tag_name has a wiki_page' do
      let!(:source_post_tag) { PostTag.create!(post: post_record, tag: source_tag) }
      let!(:wiki_page) do
-        WikiPage.create!(
+        admin = create_admin_user!
-          tag_name: source_tag_name,
+
-          created_user: create_admin_user!,
+        Wiki::Commit.create_content!(
-          updated_user: create_admin_user!
+            tag_name: source_tag_name,
-        )
+            body: 'source wiki body',
            created_by_user: admin,
            message: 'init')
      end
      it 'rolls back the transaction' do
@@ -159,7 +161,7 @@ RSpec.describe Tag, type: :model do
        url: post.url,
        thumbnail_base: post.thumbnail_base,
        tags: snapshot_tags(post),
-        parent: post.parent,
+        parent_post_ids: post.snapshot_parent_post_ids.join(' '),
        original_created_from: post.original_created_from,
        original_created_before: post.original_created_before,
        created_at: Time.current,
@@ -0,0 +1,47 @@
 require 'rails_helper'
 RSpec.describe 'error responses', type: :request do
  describe 'manual input errors' do
    it 'returns a stable payload for bad requests' do
      get '/tags/name/%20/deerjikists'
      expect(response).to have_http_status(:bad_request)
      expect(json).to include(
          'type' => 'bad_request',
          'message' => be_present,
          'errors' => {},
          'base_errors' => [be_present])
    end
    it 'returns a stable field-error payload for unprocessable requests' do
      member = create(:user, :member)
      tag = create(:tag, :general, name: 'error_response_tag')
      sign_in_as(member)
      patch "/tags/#{ tag.id }", params: { category: 'nico' }
      expect(response).to have_http_status(:unprocessable_entity)
      expect(json).to include(
          'type' => 'validation_error',
          'message' => '入力内容を確認してください．',
          'base_errors' => [])
      expect(json.fetch('errors')).to include(
          'category' => ['ニコタグは変更できません．'])
    end
  end
  describe 'model validation errors' do
    it 'returns field messages for model errors' do
      user = create(:user)
      sign_in_as(user)
      put "/users/#{ user.id }", params: { name: 'a' * 256 }
      expect(response).to have_http_status(:unprocessable_entity)
      expect(json).to include(
          'type' => 'validation_error',
          'message' => '入力内容を確認してください．')
      expect(json.fetch('errors').fetch('name')).to include(be_present)
    end
  end
 end
@@ -141,16 +141,21 @@ RSpec.describe 'Materials API', type: :request do
    context 'when logged in' do
      before { sign_in_as(guest_user) }
-      it 'returns 400 when tag is blank' do
+      it 'returns 422 when tag is blank' do
        post '/materials', params: { tag: '   ', file: dummy_upload }
-        expect(response).to have_http_status(:bad_request)
+        expect(response).to have_http_status(:unprocessable_entity)
        expect(json.fetch('errors')).to include(
            'tag' => ['タグは必須です．'])
      end
-      it 'returns 400 when both file and url are blank' do
+      it 'returns 422 when both file and url are blank' do
        post '/materials', params: { tag: 'material_create_blank' }
-        expect(response).to have_http_status(:bad_request)
+        expect(response).to have_http_status(:unprocessable_entity)
        expect(json.fetch('errors')).to include(
            'file' => ['ファイルまたは URL は必須です．'],
            'url' => ['ファイルまたは URL は必須です．'])
      end
      it 'creates a material with an attached file' do
@@ -261,21 +266,26 @@ RSpec.describe 'Materials API', type: :request do
        expect(response).to have_http_status(:not_found)
      end
-      it 'returns 400 when tag is blank' do
+      it 'returns 422 when tag is blank' do
        put "/materials/#{ material.id }", params: {
          tag: '   ',
          file: dummy_upload
        }
-        expect(response).to have_http_status(:bad_request)
+        expect(response).to have_http_status(:unprocessable_entity)
        expect(json.fetch('errors')).to include(
            'tag' => ['タグは必須です．'])
      end
-      it 'returns 400 when both file and url are blank' do
+      it 'returns 422 when both file and url are blank' do
        put "/materials/#{ material.id }", params: {
          tag: 'material_update_no_payload'
        }
-        expect(response).to have_http_status(:bad_request)
+        expect(response).to have_http_status(:unprocessable_entity)
        expect(json.fetch('errors')).to include(
            'file' => ['ファイルまたは URL は必須です．'],
            'url' => ['ファイルまたは URL は必須です．'])
      end
      it 'updates tag, url, file, and updated_by_user' do
@@ -3,12 +3,68 @@ require 'rails_helper'
 RSpec.describe 'NicoTags', type: :request do
  describe 'GET /tags/nico' do
-    it 'returns tags and next_cursor when overflowing limit' do
+    it 'returns paginated tags and total count' do
-      create_list(:tag, 21, :nico)
+      create_list(:tag, 3, :nico)
-      get '/tags/nico', params: { limit: 20 }
+
      get '/tags/nico', params: { page: 2, limit: 2 }
      expect(response).to have_http_status(:ok)
-      expect(json['tags'].size).to eq(20)
+      expect(json['tags'].size).to eq(1)
-      expect(json['next_cursor']).to be_present
+      expect(json['count']).to eq(3)
    end
    it 'filters by nico tag name, linked tag name, and link status' do
      linked = create(:tag, :nico)
      linked.tag_name.update!(name: 'nico:search_linked')
      unlinked = create(:tag, :nico)
      unlinked.tag_name.update!(name: 'nico:search_unlinked')
      other = create(:tag, :nico)
      other.tag_name.update!(name: 'nico:other')
      destination = create(:tag, :general)
      destination.tag_name.update!(name: 'destination_search')
      NicoTagRelation.create!(nico_tag: linked, tag: destination)
      NicoTagRelation.create!(nico_tag: other, tag: create(:tag, :general))
      get '/tags/nico', params: {
        name: 'search_',
        linked_tag: 'destination_',
        link_status: 'linked'
      }
      expect(response).to have_http_status(:ok)
      expect(json['count']).to eq(1)
      expect(json.fetch('tags').map { |tag| tag['id'] }).to eq([linked.id])
      get '/tags/nico', params: { name: 'search_', link_status: 'unlinked' }
      expect(json['count']).to eq(1)
      expect(json.fetch('tags').map { |tag| tag['id'] }).to eq([unlinked.id])
    end
    it 'sorts by name and timestamps' do
      older = create(:tag, :nico)
      older.tag_name.update!(name: 'nico:a')
      older.update_columns(created_at: 2.days.ago)
      newer = create(:tag, :nico)
      newer.tag_name.update!(name: 'nico:b')
      newer.update_columns(created_at: 1.day.ago)
      older_post_tag =
        PostTag.create!(post: Post.create!(url: 'https://example.com/nico-older'), tag: older)
      older_post_tag.update_columns(created_at: 1.hour.ago)
      newer_post_tag =
        PostTag.create!(post: Post.create!(url: 'https://example.com/nico-newer'), tag: newer)
      newer_post_tag.update_columns(created_at: 2.hours.ago)
      get '/tags/nico', params: { order: 'name:desc' }
      expect(json.fetch('tags').map { |tag| tag['id'] }).to eq([newer.id, older.id])
      get '/tags/nico', params: { order: 'created_at:asc' }
      expect(json.fetch('tags').map { |tag| tag['id'] }).to eq([older.id, newer.id])
      get '/tags/nico', params: { order: 'updated_at:desc' }
      expect(json.fetch('tags').map { |tag| tag['id'] }).to eq([older.id, newer.id])
      expect(Time.zone.parse(json.fetch('tags').first.fetch('recent_post_tag_created_at')))
        .to be_within(1.second).of(older_post_tag.created_at)
    end
  end
@@ -75,7 +131,7 @@ RSpec.describe 'NicoTags', type: :request do
      expect(versions.last.created_by_user_id).to eq(admin.id)
    end
-    it '400 when linked tag normalises to nico tag' do
+    it 'returns 422 when linked tag normalises to nico tag' do
      sign_in_as(member)
      other_nico = create(:tag, :nico, name: 'nico:linked_ng')
@@ -87,7 +143,37 @@ RSpec.describe 'NicoTags', type: :request do
        patch "/tags/nico/#{nico_tag.id}", params: { tags: 'linked_ng_alias' }
      }.not_to change(NicoTagVersion, :count)
-      expect(response).to have_http_status(:bad_request)
+      expect(response).to have_http_status(:unprocessable_entity)
      expect(json.fetch('errors')).to include(
          'tags' => ['ニコニコ・タグ同士は連携できません．'])
    end
    it 'returns the tags field error when a nico tag is specified directly' do
      sign_in_as(member)
      patch "/tags/nico/#{nico_tag.id}", params: { tags: 'nico:linked_ng' }
      expect(response).to have_http_status(:unprocessable_entity)
      expect(json.fetch('errors')).to include(
          'tags' => ['ニコニコ・タグ同士は連携できません．'])
    end
    it 'returns tag name validation errors on the tags field and rolls back created tags' do
      sign_in_as(member)
      TagNameSanitisationRule.create!(
        priority: 1,
        source_pattern: 'invalid',
        replacement: 'valid'
      )
      nico_tag
      expect {
        patch "/tags/nico/#{nico_tag.id}", params: { tags: 'created_first invalid' }
      }.not_to change(TagName, :count)
      expect(response).to have_http_status(:unprocessable_entity)
      expect(json.fetch('errors').fetch('tags')).to include(
          a_string_including('タグ名 “invalid”:', '名前に使用できない文字が含まれてゐます．'))
    end
  end
 end
@@ -26,17 +26,22 @@ RSpec.describe 'TagVersions API', type: :request do
    created_by_user:,
    created_at:
  )
-    TagVersion.create!(
+    version =
-      tag: tag,
+        TagVersion.create!(
-      version_no: version_no,
+            tag: tag,
-      event_type: event_type,
+            version_no: version_no,
-      name: name,
+            event_type: event_type,
-      category: category,
+            name: name,
-      aliases: Array(aliases).join(' '),
+            category: category,
-      parent_tag_ids: Array(parent_tags).map(&:id).join(' '),
+            aliases: Array(aliases).join(' '),
-      created_by_user: created_by_user,
+            parent_tag_ids: Array(parent_tags).map(&:id).join(' '),
-      created_at: created_at
+            created_by_user: created_by_user,
-    )
+            created_at: created_at)
    tag.update_columns(version_no: version_no) if tag.has_attribute?(:version_no)
    tag.version_no = version_no if tag.respond_to?(:version_no=)
    version
  end
  let!(:v1) do
@@ -214,5 +219,30 @@ RSpec.describe 'TagVersions API', type: :request do
      expect(versions.size).to eq(1)
      expect(versions.first['version_no']).to eq(2)
    end
    it 'does not create tag versions by wiki updates when tag has no versions yet' do
      wiki_tag_name = TagName.create!(name: 'tag_versions_from_wiki')
      wiki_tag = Tag.create!(tag_name: wiki_tag_name, category: :general)
      wiki_page =
          Wiki::Commit.create_content!(
              tag_name: wiki_tag_name,
              body: 'before',
              created_by_user: member,
              message: 'init')
      Wiki::Commit.content!(
          page: wiki_page,
          body: 'after',
          created_user: member,
          message: 'edit',
          base_revision_id: wiki_page.current_revision.id)
      get '/tags/versions', params: { id: wiki_tag.id }
      expect(response).to have_http_status(:ok)
      expect(json.fetch('versions')).to eq([])
      expect(json.fetch('count')).to eq(0)
    end
  end
 end
@@ -0,0 +1,160 @@
 require 'rails_helper'
 RSpec.describe 'Tag and wiki history integrity', type: :request do
  let(:member_user) { create(:user, role: 'member') }
  def stub_current_user user
    allow_any_instance_of(ApplicationController).to receive(:current_user).and_return(user)
  end
  def create_tag! name:, category: :general
    tag_name = TagName.create!(name:)
    Tag.create!(tag_name:, category:)
  end
  def create_wiki_for_tag! tag:, body: 'wiki body', user: member_user
    Wiki::Commit.create_content!(
        tag_name: tag.tag_name,
        body:,
        created_by_user: user,
        message: 'init')
  end
  before do
    stub_current_user(member_user)
  end
  describe 'PATCH /tags/:id' do
    it 'records wiki_version when tag name changes and tag has wiki' do
      tag = create_tag!(name: 'patch_tag_wiki_before')
      wiki_page = create_wiki_for_tag!(tag:, body: 'wiki body before')
      expect {
        patch "/tags/#{ tag.id }", params: {
          name: 'patch_tag_wiki_after',
        }
      }
          .to change(TagVersion, :count).by(2)
          .and change(WikiVersion, :count).by(1)
      expect(response).to have_http_status(:ok)
      tag.reload
      wiki_page.reload
      version = wiki_page.wiki_versions.order(:version_no).last
      expect(tag.name).to eq('patch_tag_wiki_after')
      expect(wiki_page.title).to eq('patch_tag_wiki_after')
      expect(version).to have_attributes(
        event_type: 'update',
        title: 'patch_tag_wiki_after',
        body: 'wiki body before',
        created_by_user_id: member_user.id
      )
    end
    it 'does not record wiki_version when only category changes' do
      tag = create_tag!(name: 'patch_tag_category_only')
      wiki_page = create_wiki_for_tag!(tag:, body: 'wiki body before')
      before_wiki_versions = wiki_page.wiki_versions.count
      expect {
        patch "/tags/#{ tag.id }", params: {
          category: 'meme',
        }
      }
          .to change(TagVersion, :count).by(2)
      expect(response).to have_http_status(:ok)
      tag.reload
      wiki_page.reload
      expect(tag.name).to eq('patch_tag_category_only')
      expect(tag.category).to eq('meme')
      expect(wiki_page.wiki_versions.count).to eq(before_wiki_versions)
    end
  end
  describe 'PUT /tags/:id' do
    it 'records wiki_version when tag name changes and tag has wiki' do
      tag = create_tag!(name: 'put_tag_wiki_before')
      wiki_page = create_wiki_for_tag!(tag:, body: 'wiki body before')
      expect {
        put "/tags/#{ tag.id }", params: {
          name: 'put_tag_wiki_after',
          category: 'general',
          aliases: '',
          parent_tags: '',
        }
      }
          .to change(TagVersion, :count).by(2)
          .and change(WikiVersion, :count).by(1)
      expect(response).to have_http_status(:ok)
      tag.reload
      wiki_page.reload
      version = wiki_page.wiki_versions.order(:version_no).last
      expect(tag.name).to eq('put_tag_wiki_after')
      expect(wiki_page.title).to eq('put_tag_wiki_after')
      expect(version).to have_attributes(
        event_type: 'update',
        title: 'put_tag_wiki_after',
        body: 'wiki body before',
        created_by_user_id: member_user.id
      )
    end
    it 'does not record wiki_version when only category changes' do
      tag = create_tag!(name: 'put_tag_category_only')
      wiki_page = create_wiki_for_tag!(tag:, body: 'wiki body before')
      before_wiki_versions = wiki_page.wiki_versions.count
      expect {
        put "/tags/#{ tag.id }", params: {
          name: 'put_tag_category_only',
          category: 'meme',
          aliases: '',
          parent_tags: '',
        }
      }
          .to change(TagVersion, :count).by(2)
      expect(response).to have_http_status(:ok)
      tag.reload
      wiki_page.reload
      expect(tag.name).to eq('put_tag_category_only')
      expect(tag.category).to eq('meme')
      expect(wiki_page.wiki_versions.count).to eq(before_wiki_versions)
    end
    it 'does not record wiki_version when only aliases change' do
      tag = create_tag!(name: 'put_tag_alias_only')
      wiki_page = create_wiki_for_tag!(tag:, body: 'wiki body before')
      before_wiki_versions = wiki_page.wiki_versions.count
      expect {
        put "/tags/#{ tag.id }", params: {
          name: 'put_tag_alias_only',
          category: 'general',
          aliases: 'put_tag_alias_only_alias',
          parent_tags: '',
        }
      }
          .to change(TagVersion, :count).by(2)
      expect(response).to have_http_status(:ok)
      expect(wiki_page.reload.wiki_versions.count).to eq(before_wiki_versions)
    end
  end
 end
@@ -8,23 +8,35 @@ RSpec.describe 'Tags deerjikists API', type: :request do
  let!(:tag) { create(:tag, category: :deerjikist) }
  let(:member) { create(:user, :member) }
  let(:guest) { create(:user, role: :guest) }
  before do
    # show_by_name / deerjikists_by_name 用に名前を固定
    tag.tag_name.update!(name: 'deerjika')
  end
  describe 'GET /tags/:id/deerjikists' do
    subject(:do_request) do
-      get "/tags/#{ tag_id }/deerjikists"
+      get "/tags/#{tag_id}/deerjikists"
    end
    let(:tag_id) { tag.id }
    context 'when tag exists and has no deerjikists' do
-      it 'returns 200 and empty array' do
+      it 'returns 200 with tag and empty deerjikists array' do
        do_request
        expect(response).to have_http_status(:ok)
-        expect(json).to eq([])
+
        expect(json).to be_a(Hash)
        expect(json['tag']).to be_a(Hash)
        expect(json['tag']['id']).to eq(tag.id)
        expect(json['tag']['name']).to eq('deerjika')
        expect(json['tag']['category']).to eq('deerjikist')
        expect(json['tag']['has_deerjikists']).to eq(false)
        expect(json['deerjikists']).to eq([])
      end
    end
@@ -34,17 +46,27 @@ RSpec.describe 'Tags deerjikists API', type: :request do
        Deerjikist.create!(platform: platform2, code: code2, tag: tag)
      end
-      it 'returns 200 and deerjikists array' do
+      it 'returns 200 with tag and deerjikists array' do
        do_request
        expect(response).to have_http_status(:ok)
-        expect(json).to be_a(Array)
+        expect(json).to be_a(Hash)
        expect(json.size).to eq(2)
-        expect(json.map { |h| [h['platform'], h['code']] }).to contain_exactly(
+        expect(json['tag']).to be_a(Hash)
-          [platform1, code1],
+        expect(json['tag']['id']).to eq(tag.id)
-          [platform2, code2],
+        expect(json['tag']['name']).to eq('deerjika')
-        )
+        expect(json['tag']['category']).to eq('deerjikist')
        expect(json['tag']['has_deerjikists']).to eq(true)
        expect(json['deerjikists']).to be_a(Array)
        expect(json['deerjikists'].size).to eq(2)
        expect(json['deerjikists'].map { |h| [h['platform'], h['code']] })
          .to contain_exactly(
            [platform1, code1],
            [platform2, code2],
          )
      end
    end
@@ -53,6 +75,7 @@ RSpec.describe 'Tags deerjikists API', type: :request do
      it 'returns 404' do
        do_request
        expect(response).to have_http_status(:not_found)
      end
    end
@@ -60,7 +83,7 @@ RSpec.describe 'Tags deerjikists API', type: :request do
  describe 'GET /tags/name/:name/deerjikists' do
    subject(:do_request) do
-      get "/tags/name/#{ name }/deerjikists"
+      get "/tags/name/#{name}/deerjikists"
    end
    let(:name) { 'deerjika' }
@@ -70,6 +93,7 @@ RSpec.describe 'Tags deerjikists API', type: :request do
      it 'returns 400' do
        do_request
        expect(response).to have_http_status(:bad_request)
      end
    end
@@ -79,23 +103,233 @@ RSpec.describe 'Tags deerjikists API', type: :request do
      it 'returns 404' do
        do_request
        expect(response).to have_http_status(:not_found)
      end
    end
    context 'when tag exists and has no deerjikists' do
      it 'returns 200 with tag and empty deerjikists array' do
        do_request
        expect(response).to have_http_status(:ok)
        expect(json).to be_a(Hash)
        expect(json['tag']).to be_a(Hash)
        expect(json['tag']['id']).to eq(tag.id)
        expect(json['tag']['name']).to eq('deerjika')
        expect(json['tag']['category']).to eq('deerjikist')
        expect(json['tag']['has_deerjikists']).to eq(false)
        expect(json['deerjikists']).to eq([])
      end
    end
    context 'when tag exists and has deerjikists' do
      before do
        Deerjikist.create!(platform: platform1, code: code1, tag: tag)
      end
-      it 'returns 200 and deerjikists array' do
+      it 'returns 200 with tag and deerjikists array' do
        do_request
        expect(response).to have_http_status(:ok)
-        expect(json).to be_a(Array)
+        expect(json).to be_a(Hash)
-        expect(json.size).to eq(1)
+
-        expect(json[0]['platform']).to eq(platform1)
+        expect(json['tag']).to be_a(Hash)
-        expect(json[0]['code']).to eq(code1)
+        expect(json['tag']['id']).to eq(tag.id)
        expect(json['tag']['name']).to eq('deerjika')
        expect(json['tag']['category']).to eq('deerjikist')
        expect(json['tag']['has_deerjikists']).to eq(true)
        expect(json['deerjikists']).to be_a(Array)
        expect(json['deerjikists'].size).to eq(1)
        expect(json['deerjikists'][0]['platform']).to eq(platform1)
        expect(json['deerjikists'][0]['code']).to eq(code1)
      end
    end
  end
  describe 'PUT /tags/:id/deerjikists' do
    subject(:do_request) do
      put "/tags/#{tag_id}/deerjikists", params: payload, as: :json
    end
    let(:tag_id) { tag.id }
    let(:payload) do
      [
        { platform: platform1, code: code1 },
        { platform: platform2, code: code2 },
      ]
    end
    context 'when not logged in' do
      it 'returns 401' do
        do_request
        expect(response).to have_http_status(:unauthorized)
      end
    end
    context 'when logged in but not member' do
      before do
        sign_in_as guest
      end
      it 'returns 403' do
        do_request
        expect(response).to have_http_status(:forbidden)
      end
    end
    context 'when tag does not exist' do
      let(:tag_id) { 9_999_999 }
      before do
        sign_in_as member
      end
      it 'returns 404' do
        do_request
        expect(response).to have_http_status(:not_found)
      end
    end
    context 'when logged in as member' do
      before do
        sign_in_as member
      end
      context 'when tag has no deerjikists' do
        it 'creates deerjikists and returns deerjikists array' do
          expect {
            do_request
          }.to change { Deerjikist.where(tag: tag).count }.from(0).to(2)
          expect(response).to have_http_status(:ok)
          expect(json).to be_a(Array)
          expect(json.map { |h| [h['platform'], h['code']] })
            .to contain_exactly(
              [platform1, code1],
              [platform2, code2],
            )
          expect(Deerjikist.where(tag: tag).map { |d| [d.platform, d.code] })
            .to contain_exactly(
              [platform1, code1],
              [platform2, code2],
            )
        end
      end
      context 'when tag already has deerjikists' do
        before do
          Deerjikist.create!(platform: platform1, code: 'old-code-1', tag: tag)
          Deerjikist.create!(platform: platform2, code: 'old-code-2', tag: tag)
        end
        it 'replaces deerjikists and returns deerjikists array' do
          do_request
          expect(response).to have_http_status(:ok)
          expect(Deerjikist.where(tag: tag).map { |d| [d.platform, d.code] })
            .to contain_exactly(
              [platform1, code1],
              [platform2, code2],
            )
          expect(Deerjikist.exists?(platform: platform1, code: 'old-code-1')).to eq(false)
          expect(Deerjikist.exists?(platform: platform2, code: 'old-code-2')).to eq(false)
          expect(json).to be_a(Array)
          expect(json.map { |h| [h['platform'], h['code']] })
            .to contain_exactly(
              [platform1, code1],
              [platform2, code2],
            )
        end
      end
      context 'when payload is empty array' do
        let(:payload) { [] }
        before do
          Deerjikist.create!(platform: platform1, code: code1, tag: tag)
          Deerjikist.create!(platform: platform2, code: code2, tag: tag)
        end
        it 'clears deerjikists and returns empty array' do
          expect {
            do_request
          }.to change { Deerjikist.where(tag: tag).count }.from(2).to(0)
          expect(response).to have_http_status(:ok)
          expect(json).to eq([])
        end
      end
      context 'when a row is invalid' do
        let(:payload) do
          [
            { platform: '', code: code1 },
          ]
        end
        it 'returns 422 with indexed field errors and does not replace existing deerjikists' do
          Deerjikist.create!(platform: platform1, code: code1, tag: tag)
          expect {
            do_request
          }.not_to change { Deerjikist.where(tag: tag).map { |d| [d.platform, d.code] } }
          expect(response).to have_http_status(:unprocessable_entity)
          expect(json).to include(
              'type' => 'validation_error',
              'message' => '入力内容を確認してください．',
              'base_errors' => [])
          expect(json.fetch('errors')).to include(
              'deerjikists.0.platform' => [be_present])
        end
      end
      context 'when youtube code is handle' do
        let(:channel_id) { 'UCabcdefghijklmnopqrstuv' }
        let(:payload) do
          [
            { platform: 'youtube', code: '@deerjika' },
          ]
        end
        before do
          allow(Net::HTTP).to receive(:get).and_return(
            %(<link rel="canonical" href="https://www.youtube.com/channel/#{channel_id}">),
          )
        end
        it 'normalises youtube handle to channel id' do
          expect {
            do_request
          }.to change { Deerjikist.where(tag: tag).count }.from(0).to(1)
          expect(response).to have_http_status(:ok)
          expect(Net::HTTP).to have_received(:get)
          expect(Deerjikist.exists?(platform: 'youtube', code: channel_id, tag: tag))
            .to eq(true)
          expect(json).to be_a(Array)
          expect(json.size).to eq(1)
          expect(json[0]['platform']).to eq('youtube')
          expect(json[0]['code']).to eq(channel_id)
        end
      end
    end
  end
@@ -471,6 +471,54 @@ RSpec.describe 'Tags API', type: :request do
        expect(response).to have_http_status(:unprocessable_entity)
        expect(nico_tag.reload.category).to eq('nico')
      end
      it 'PATCH で tag の name を変更すると対応する wiki version を作成する' do
        wiki_page =
            Wiki::Commit.create_content!(
                tag_name: tag.tag_name,
                body: 'wiki body before',
                created_by_user: member_user,
                message: 'init')
        expect {
          patch "/tags/#{ tag.id }", params: {
            name: 'patch_wiki_renamed_tag',
          }
        }
            .to change(TagVersion, :count).by(2)
            .and change(WikiVersion, :count).by(1)
        expect(response).to have_http_status(:ok)
        version = wiki_page.reload.wiki_versions.order(:version_no).last
        expect(version).to have_attributes(
          event_type: 'update',
          title: 'patch_wiki_renamed_tag',
          body: 'wiki body before',
          created_by_user_id: member_user.id
        )
      end
      it 'tag の category だけを変更しても wiki version は作成しない' do
        wiki_page =
            Wiki::Commit.create_content!(
                tag_name: tag.tag_name,
                body: 'wiki body before',
                created_by_user: member_user,
                message: 'init')
        before_wiki_version_count = wiki_page.reload.wiki_versions.count
        expect {
          patch "/tags/#{ tag.id }", params: {
            category: 'meme',
          }
        }.to change(TagVersion, :count).by(2)
        expect(response).to have_http_status(:ok)
        expect(wiki_page.reload.wiki_versions.count).to eq(before_wiki_version_count)
      end
    end
  end
@@ -876,6 +924,134 @@ RSpec.describe 'Tags API', type: :request do
        expect(system_tag.reload.name).to eq(old_name)
        expect(system_tag.category).to eq(old_category)
      end
      it 'wiki を持つ tag を更新すると wiki version も作成する' do
        wiki_page =
            Wiki::Commit.create_content!(
                tag_name: tag.tag_name,
                body: 'wiki body before',
                created_by_user: member_user,
                message: 'init')
        Wiki::Commit.content!(
          page: wiki_page,
          body: 'wiki body before',
          created_user: member_user,
          message: 'init'
        )
        expect {
          put "/tags/#{ tag.id }", params: {
            name: 'put_wiki_version_tag',
            category: 'meme',
            aliases: 'unko',
            parent_tags: '',
          }
        }
            .to change(TagVersion, :count).by(2)
            .and change(WikiVersion, :count).by(1)
        expect(response).to have_http_status(:ok)
        version = wiki_page.reload.wiki_versions.order(:version_no).last
        expect(version).to have_attributes(
          event_type: 'update',
          title: 'put_wiki_version_tag',
          body: 'wiki body before',
          created_by_user_id: member_user.id
        )
      end
      it '別名を他 tag から奪った場合、奪はれた側の tag version も作成する' do
        old_owner = Tag.create!(
          tag_name: TagName.create!(name: 'put_alias_old_owner'),
          category: :general
        )
        stolen_alias = TagName.create!(
          name: 'put_stolen_alias',
          canonical: old_owner.tag_name
        )
        expect(old_owner.tag_name.aliases.map(&:name)).to include('put_stolen_alias')
        expect {
          put "/tags/#{ tag.id }", params: {
            name: 'spec_tag',
            category: 'general',
            aliases: 'unko put_stolen_alias',
            parent_tags: '',
          }
        }
            .to change { tag.reload.tag_versions.count }.by(2)
            .and change { old_owner.reload.tag_versions.count }.by(2)
        expect(response).to have_http_status(:ok)
        expect(stolen_alias.reload.canonical).to eq(tag.tag_name)
        expect(old_owner.reload.tag_name.aliases.map(&:name)).not_to include('put_stolen_alias')
        old_owner_versions = old_owner.tag_versions.order(:version_no)
        expect(old_owner_versions.first.event_type).to eq('create')
        expect(old_owner_versions.first.aliases.split).to include('put_stolen_alias')
        expect(old_owner_versions.second.event_type).to eq('update')
        expect(old_owner_versions.second.aliases.split).not_to include('put_stolen_alias')
      end
      it 'parent_tags に指定すると循環する tag は 422 にする' do
        pending '#332 で対応予定'
        child = Tag.create!(
          tag_name: TagName.create!(name: 'put_cycle_child'),
          category: :general
        )
        TagImplication.create!(tag: child, parent_tag: tag)
        put "/tags/#{ tag.id }", params: {
          name: 'spec_tag',
          category: 'general',
          aliases: 'unko',
          parent_tags: child.name,
        }
        expect(response).to have_http_status(:unprocessable_entity)
        expect(TagImplication.where(tag:, parent_tag: child)).not_to exist
      end
      it 'tag の name を変更すると対応する wiki version を作成する' do
        wiki_page =
            Wiki::Commit.create_content!(
                tag_name: tag.tag_name,
                body: 'wiki body before',
                created_by_user: member_user,
                message: 'init')
        expect {
          put "/tags/#{ tag.id }", params: {
            name: 'put_wiki_renamed_tag',
            category: 'general',
            aliases: 'unko',
            parent_tags: '',
          }
        }
            .to change(TagVersion, :count).by(2)
            .and change(WikiVersion, :count).by(1)
        expect(response).to have_http_status(:ok)
        version = wiki_page.reload.wiki_versions.order(:version_no).last
        expect(version).to have_attributes(
          event_type: 'update',
          title: 'put_wiki_renamed_tag',
          body: 'wiki body before',
          created_by_user_id: member_user.id
        )
      end
    end
  end
 end
@@ -80,6 +80,26 @@ RSpec.describe 'TheatreComments', type: :request do
      expect(response).to have_http_status(:ok)
      expect(response.parsed_body.map { |row| row['no'] }).to eq([3, 2, 1])
    end
    it '削除済みコメントは deleted として返し、本文を隠す' do
      comment_2.discard!
      get "/theatres/#{theatre.id}/comments", params: { no_gt: 1 }
      expect(response).to have_http_status(:ok)
      deleted_comment = response.parsed_body.find { _1['no'] == 2 }
      expect(deleted_comment).to include(
        'deleted' => true,
        'content' => nil
      )
      visible_comment = response.parsed_body.find { _1['no'] == 3 }
      expect(visible_comment).to include(
        'deleted' => false,
        'content' => 'third comment'
      )
    end
  end
  describe 'POST /theatres/:theatre_id/comments' do
@@ -147,4 +167,44 @@ RSpec.describe 'TheatreComments', type: :request do
      })
    end
  end
  describe 'DELETE /theatres/:theatre_id/comments/:id' do
    let(:theatre) { create(:theatre) }
    let(:alice) { create(:user, name: 'Alice') }
    let(:bob) { create(:user, name: 'Bob') }
    let!(:comment) do
      create(
        :theatre_comment,
        theatre: theatre,
        no: 1,
        user: alice,
        content: 'delete target'
      )
    end
    it 'returns 401 when not logged in' do
      delete "/theatres/#{theatre.id}/comments/#{comment.no}"
      expect(response).to have_http_status(:unauthorized)
      expect(comment.reload.discarded?).to eq(false)
    end
    it 'allows the comment owner to delete it' do
      sign_in_as(alice)
      delete "/theatres/#{theatre.id}/comments/#{comment.no}"
      expect(response).to have_http_status(:no_content)
      expect(comment.reload.discarded?).to eq(true)
    end
    it 'returns 403 when another user tries to delete it' do
      sign_in_as(bob)
      delete "/theatres/#{theatre.id}/comments/#{comment.no}"
      expect(response).to have_http_status(:forbidden)
      expect(comment.reload.discarded?).to eq(false)
    end
  end
 end
@@ -0,0 +1,38 @@
 require 'rails_helper'
 RSpec.describe 'TheatreProgrammes', type: :request do
  describe 'GET /theatres/:theatre_id/programmes' do
    let(:theatre) { create(:theatre) }
    let(:other_theatre) { create(:theatre) }
    let(:post_1) { Post.create!(title: 'first', url: 'https://www.nicovideo.jp/watch/sm1') }
    let(:post_2) { Post.create!(title: 'second', url: 'https://www.nicovideo.jp/watch/sm2') }
    let(:other_post) { Post.create!(title: 'other', url: 'https://www.nicovideo.jp/watch/sm3') }
    before do
      TheatreProgramme.create!(theatre:, position: 1, post: post_1, created_at: 2.minutes.ago)
      TheatreProgramme.create!(theatre:, position: 2, post: post_2, created_at: 1.minute.ago)
      TheatreProgramme.create!(
        theatre: other_theatre,
        position: 1,
        post: other_post,
        created_at: 1.minute.ago
      )
    end
    it 'returns programmes for the theatre in descending position with post json' do
      get "/theatres/#{theatre.id}/programmes"
      expect(response).to have_http_status(:ok)
      expect(json.map { _1['position'] }).to eq([2, 1])
      expect(json.map { _1.dig('post', 'title') }).to eq(['second', 'first'])
      expect(json.first['post']).to include('id' => post_2.id, 'url' => post_2.url)
    end
    it 'filters programmes by position_gt' do
      get "/theatres/#{theatre.id}/programmes", params: { position_gt: 1 }
      expect(response).to have_http_status(:ok)
      expect(json.map { _1['position'] }).to eq([2])
    end
  end
 end
@@ -14,10 +14,24 @@ RSpec.describe 'Theatres API', type: :request do
  let(:member) { create(:user, :member, name: 'member user') }
  let(:other_user) { create(:user, :member, name: 'other user') }
  let!(:niconico_post) do
    Post.create!(
      title: 'niconico post',
      url: 'https://www.nicovideo.jp/watch/sm123'
    )
  end
  let!(:second_niconico_post) do
    Post.create!(
      title: 'second niconico post',
      url: 'https://www.nicovideo.jp/watch/sm456'
    )
  end
  let!(:youtube_post) do
    Post.create!(
      title: 'youtube post',
-      url: 'https://www.youtube.com/watch?v=spec123'
+      url: 'https://www.youtube.com/watch?v=yt123'
    )
  end
@@ -120,7 +134,8 @@ RSpec.describe 'Theatres API', type: :request do
        expect(json).to include(
          'host_flg' => true,
          'post_id' => nil,
-          'post_started_at' => nil
+          'post_started_at' => nil,
          'post_elapsed_ms' => nil
        )
        expect(json.fetch('watching_users')).to contain_exactly(
@@ -177,7 +192,8 @@ RSpec.describe 'Theatres API', type: :request do
        expect(json).to include(
          'host_flg' => false,
          'post_id' => nil,
-          'post_started_at' => nil
+          'post_started_at' => nil,
          'post_elapsed_ms' => nil
        )
        expect(json.fetch('watching_users')).to contain_exactly(
@@ -204,7 +220,7 @@ RSpec.describe 'Theatres API', type: :request do
        )
        theatre.update!(
          host_user: other_user,
-          current_post: youtube_post,
+          current_post: niconico_post,
          current_post_started_at: started_at
        )
        sign_in_as(member)
@@ -220,9 +236,11 @@ RSpec.describe 'Theatres API', type: :request do
        expect(theatre.host_user_id).to eq(member.id)
        expect(json['host_flg']).to eq(true)
-        expect(json['post_id']).to eq(youtube_post.id)
+        expect(json['post_id']).to eq(niconico_post.id)
        expect(Time.zone.parse(json['post_started_at']))
          .to be_within(1.second).of(started_at)
        expect(json['post_elapsed_ms'])
          .to be_within(1_000).of(120_000)
      end
    end
  end
@@ -273,16 +291,36 @@ RSpec.describe 'Theatres API', type: :request do
      it 'sets current_post to an eligible post and updates current_post_started_at' do
        expect { do_request }
          .to change { theatre.reload.current_post_id }
          .from(nil).to(youtube_post.id)
        expect(response).to have_http_status(:no_content)
        expect([niconico_post.id, second_niconico_post.id, youtube_post.id])
          .to include(theatre.reload.current_post_id)
        expect(theatre.reload.current_post_started_at)
          .to be_within(1.second).of(Time.current)
        expect(theatre.programmes.count).to eq(1)
      end
    end
    context 'when only a YouTube post is eligible' do
      before do
        niconico_post.destroy!
        second_niconico_post.destroy!
        theatre.update!(host_user: member)
        sign_in_as(member)
      end
      it 'sets current_post to the YouTube post' do
        do_request
        expect(response).to have_http_status(:no_content)
        expect(theatre.reload.current_post_id).to eq(youtube_post.id)
      end
    end
    context 'when current user is host and no eligible post exists' do
      before do
        niconico_post.destroy!
        second_niconico_post.destroy!
        youtube_post.destroy!
        theatre.update!(
          host_user: member,
@@ -299,9 +337,189 @@ RSpec.describe 'Theatres API', type: :request do
        theatre.reload
        expect(theatre.current_post_id).to be_nil
-        expect(theatre.current_post_started_at)
+        expect(theatre.current_post_started_at).to be_nil
          .to be_within(1.second).of(Time.current)
      end
    end
  end
  describe 'PUT /theatres/:id/skip_vote' do
    subject(:do_request) do
      put "/theatres/#{theatre.id}/skip_vote", params: { post_id: requested_post_id }
    end
    let(:third_user) { create(:user, :member, name: 'third user') }
    let(:requested_post_id) { niconico_post.id }
    before do
      theatre.update!(current_post: niconico_post, current_post_started_at: 10.seconds.ago)
      [member, other_user, third_user].each do |user|
        TheatreWatchingUser.create!(
          theatre:,
          user:,
          expires_at: 10.seconds.from_now
        )
      end
    end
    it 'returns 401 when not logged in' do
      sign_out
      expect { do_request }.not_to change(TheatreSkipVote, :count)
      expect(response).to have_http_status(:unauthorized)
    end
    it 'returns 422 when post_id is invalid' do
      sign_in_as(member)
      expect {
        put "/theatres/#{theatre.id}/skip_vote", params: { post_id: 'invalid' }
      }.not_to change(TheatreSkipVote, :count)
      expect(response).to have_http_status(:unprocessable_entity)
    end
    it 'records a vote and returns the current vote status before majority' do
      sign_in_as(member)
      expect { do_request }.to change(TheatreSkipVote, :count).by(1)
      expect(response).to have_http_status(:ok)
      expect(json['skipped']).to eq(false)
      expect(json['post_id']).to eq(niconico_post.id)
      expect(json['skip_vote']).to include(
        'votes_count' => 1,
        'required_count' => 2,
        'watching_users_count' => 3,
        'voted' => true
      )
    end
    it 'finalizes skip when votes reach majority and stores voters and tag snapshots' do
      tag = create(:tag, name: 'skip-target')
      PostTag.create!(post: niconico_post, tag:)
      TheatreSkipVote.create!(theatre:, post: niconico_post, user: member)
      sign_in_as(other_user)
      expect { do_request }
        .to change(TheatreSkipEvent, :count).by(1)
        .and change(TheatreSkipEventVoter, :count).by(2)
        .and change(TheatreSkipEventTag, :count).by(1)
      expect(response).to have_http_status(:ok)
      expect(json['skipped']).to eq(true)
      expect([second_niconico_post.id, youtube_post.id]).to include(json['post_id'])
      event = TheatreSkipEvent.last
      expect(event.post).to eq(niconico_post)
      expect(event.users).to contain_exactly(member, other_user)
      expect(event.tags).to contain_exactly(tag)
      expect(TheatreSkipVote.where(theatre:, post: niconico_post)).to be_empty
    end
    it 'does not record a vote when requested post is no longer current' do
      theatre.update!(current_post: second_niconico_post)
      sign_in_as(member)
      expect { do_request }.not_to change(TheatreSkipVote, :count)
      expect(response).to have_http_status(:conflict)
      expect(json['post_id']).to eq(second_niconico_post.id)
      expect(json['skip_vote']).to include(
        'votes_count' => 0,
        'voted' => false
      )
    end
  end
  describe 'DELETE /theatres/:id/skip_vote' do
    let(:requested_post_id) { niconico_post.id }
    before do
      theatre.update!(current_post: niconico_post, current_post_started_at: 10.seconds.ago)
      TheatreWatchingUser.create!(theatre:, user: member, expires_at: 10.seconds.from_now)
      TheatreSkipVote.create!(theatre:, post: niconico_post, user: member)
      sign_in_as(member)
    end
    it 'removes the current user vote' do
      expect {
        delete "/theatres/#{theatre.id}/skip_vote", params: { post_id: requested_post_id }
      }.to change(TheatreSkipVote, :count).by(-1)
      expect(response).to have_http_status(:ok)
      expect(json['skip_vote']).to include(
        'votes_count' => 0,
        'required_count' => 1,
        'watching_users_count' => 1,
        'voted' => false
      )
    end
    it 'does not remove a vote when requested post is no longer current' do
      theatre.update!(current_post: second_niconico_post)
      expect {
        delete "/theatres/#{theatre.id}/skip_vote", params: { post_id: requested_post_id }
      }.not_to change(TheatreSkipVote, :count)
      expect(response).to have_http_status(:conflict)
      expect(json['post_id']).to eq(second_niconico_post.id)
    end
  end
  describe 'GET /theatres/:id/skip_events' do
    before do
      sign_in_as(member)
    end
    it 'does not expose skip voters' do
      event = TheatreSkipEvent.create!(
        theatre:,
        post: niconico_post,
        skipped_by_user: member,
        created_at: Time.current
      )
      TheatreSkipEventVoter.create!(theatre_skip_event: event, user: member)
      get "/theatres/#{theatre.id}/skip_events"
      expect(response).to have_http_status(:ok)
      expect(json.first).to include(
        'id' => event.id,
        'theatre_id' => theatre.id
      )
      expect(json.first).not_to have_key('voters')
      expect(json.first).not_to have_key('skipped_by_user')
    end
  end
  describe 'GET /theatres/:id/post_selection_weights' do
    before do
      theatre.update!(current_post: niconico_post)
      TheatreWatchingUser.create!(theatre:, user: member, expires_at: 10.seconds.from_now)
      sign_in_as(member)
    end
    it 'returns tag penalties and candidate weights for the current watchers' do
      tag = create(:tag, name: 'heavy-tag')
      PostTag.create!(post: second_niconico_post, tag:)
      event = TheatreSkipEvent.create!(
        theatre:,
        post: niconico_post,
        skipped_by_user: member,
        created_at: Time.current
      )
      TheatreSkipEventVoter.create!(theatre_skip_event: event, user: member)
      TheatreSkipEventTag.create!(theatre_skip_event: event, tag:)
      get "/theatres/#{theatre.id}/post_selection_weights"
      expect(response).to have_http_status(:ok)
      expect(json['tag_penalties'].first['penalty']).to eq(1)
      expect(json['lightest_posts'].first['post']['id']).to eq(second_niconico_post.id)
      expect(json['lightest_posts'].first['penalty']).to eq(1)
    end
  end
 end
@@ -1,110 +1,268 @@
-require "rails_helper"
+require 'rails_helper'
 RSpec.describe 'Users', type: :request do
  let(:remote_ip) { '203.0.113.10' }
-RSpec.describe "Users", type: :request do
+  before do
-  describe "POST /users" do
+    allow_any_instance_of(ActionDispatch::Request)
-    it "creates guest user and returns code" do
+      .to receive(:remote_ip)
-      post "/users"
+      .and_return(remote_ip)
      expect(response).to have_http_status(:ok)
      expect(json["code"]).to be_present
      expect(json["user"]["role"]).to eq("guest")
    end
  end
-  describe "POST /users/code/renew" do
+  def auth_headers(user)
-    it "returns 401 when not logged in" do
+    { 'X-Transfer-Code' => user.inheritance_code }
      sign_out
      post "/users/code/renew"
      expect(response).to have_http_status(:unauthorized)
    end
  end
-  describe "PUT /users/:id" do
+  describe 'POST /users' do
-    let(:user) { create(:user, name: "old-name", role: "guest") }
+    it 'creates guest user, IpAddress and UserIp, and returns code' do
-
+      expect {
-    it "returns 401 when current_user id mismatch" do
+        post '/users'
-      sign_in_as(create(:user))
+      }.to change(User, :count).by(1)
-      put "/users/#{user.id}", params: { name: "new-name" }
+        .and change(IpAddress, :count).by(1)
-      expect(response).to have_http_status(:unauthorized)
+        .and change(UserIp, :count).by(1)
    end
    it "returns 400 when name is blank" do
      sign_in_as(user)
      put "/users/#{user.id}", params: { name: "   " }
      expect(response).to have_http_status(:bad_request)
    end
    it "updates name and returns 201 with user slice" do
      sign_in_as(user)
      put "/users/#{user.id}", params: { name: "new-name" }
      expect(response).to have_http_status(:created)
-      expect(json["id"]).to eq(user.id)
+      expect(json['code']).to be_present
-      expect(json["name"]).to eq("new-name")
+      expect(json['user']['role']).to eq('guest')
-      user.reload
+      user = User.last
-      expect(user.name).to eq("new-name")
+      ip_address = IpAddress.find_by(ip_address: IPAddr.new(remote_ip).hton)
      expect(user.role).to eq('guest')
      expect(ip_address).to be_present
      expect(UserIp.exists?(user:, ip_address:)).to eq(true)
    end
    it 'returns 403 and does not create user when current IP address is banned' do
      IpAddress.create!(
        ip_address: IPAddr.new(remote_ip).hton,
        banned_at: Time.current
      )
      expect {
        post '/users'
      }.not_to change(User, :count)
      expect(response).to have_http_status(:forbidden)
      expect(UserIp.count).to eq(0)
    end
  end
-  describe "POST /users/verify" do
+  describe 'POST /users/code/renew' do
-    it "returns valid:false when code not found" do
+    it 'returns 401 when not logged in' do
-      post "/users/verify", params: { code: "nope" }
+      post '/users/code/renew'
-      expect(response).to have_http_status(:ok)
+
-      expect(json["valid"]).to eq(false)
+      expect(response).to have_http_status(:unauthorized)
    end
-    it "creates IpAddress and UserIp, and returns valid:true with user slice" do
+    it 'returns 403 when current user is banned' do
-      user = create(:user, inheritance_code: SecureRandom.uuid, role: "guest")
+      user = create(:user, :banned)
-      # request.remote_ip を固定
+      post '/users/code/renew', headers: auth_headers(user)
-      allow_any_instance_of(ActionDispatch::Request).to receive(:remote_ip).and_return("203.0.113.10")
+
      expect(response).to have_http_status(:forbidden)
    end
    it 'returns 403 when current IP address is banned' do
      user = create(:user)
      IpAddress.create!(
        ip_address: IPAddr.new(remote_ip).hton,
        banned_at: Time.current
      )
      post '/users/code/renew', headers: auth_headers(user)
      expect(response).to have_http_status(:forbidden)
    end
  end
  describe 'PUT /users/:id' do
    let(:user) { create(:user, name: 'old-name', role: 'guest') }
    it 'returns 401 when current_user id mismatch' do
      other_user = create(:user)
      put "/users/#{user.id}",
          params: { name: 'new-name' },
          headers: auth_headers(other_user)
      expect(response).to have_http_status(:unauthorized)
    end
    it 'returns 422 when name is blank' do
      put "/users/#{user.id}",
          params: { name: '   ' },
          headers: auth_headers(user)
      expect(response).to have_http_status(:unprocessable_entity)
      expect(json.fetch('errors')).to include(
          'name' => ['名前は必須です．'])
    end
    it 'updates name and returns user slice' do
      put "/users/#{user.id}",
          params: { name: 'new-name' },
          headers: auth_headers(user)
      expect(response).to have_http_status(:ok)
      expect(json['id']).to eq(user.id)
      expect(json['name']).to eq('new-name')
      user.reload
      expect(user.name).to eq('new-name')
    end
    it 'returns 403 when current user is banned' do
      user.update!(banned_at: Time.current)
      put "/users/#{user.id}",
          params: { name: 'new-name' },
          headers: auth_headers(user)
      expect(response).to have_http_status(:forbidden)
      user.reload
      expect(user.name).to eq('old-name')
    end
    it 'returns 403 when current IP address is banned' do
      IpAddress.create!(
        ip_address: IPAddr.new(remote_ip).hton,
        banned_at: Time.current
      )
      put "/users/#{user.id}",
          params: { name: 'new-name' },
          headers: auth_headers(user)
      expect(response).to have_http_status(:forbidden)
      user.reload
      expect(user.name).to eq('old-name')
    end
  end
  describe 'POST /users/verify' do
    it 'returns valid:false when code not found' do
      post '/users/verify', params: { code: 'nope' }
      expect(response).to have_http_status(:ok)
      expect(json['valid']).to eq(false)
    end
    it 'returns 403 when current IP address is banned' do
      user = create(:user, inheritance_code: SecureRandom.uuid, role: 'guest')
      IpAddress.create!(
        ip_address: IPAddr.new(remote_ip).hton,
        banned_at: Time.current
      )
      expect {
-        post "/users/verify", params: { code: user.inheritance_code }
+        post '/users/verify', params: { code: user.inheritance_code }
      }.not_to change(UserIp, :count)
      expect(response).to have_http_status(:forbidden)
    end
    it 'returns 403 when verified user is banned' do
      user = create(
        :user,
        :banned,
        inheritance_code: SecureRandom.uuid,
        role: 'guest'
      )
      expect {
        post '/users/verify', params: { code: user.inheritance_code }
      }.not_to change(UserIp, :count)
      expect(response).to have_http_status(:forbidden)
    end
    it 'creates IpAddress and UserIp, and returns valid:true with user slice' do
      user = create(:user, inheritance_code: SecureRandom.uuid, role: 'guest')
      expect {
        post '/users/verify', params: { code: user.inheritance_code }
      }.to change(UserIp, :count).by(1)
        .and change(IpAddress, :count).by(1)
      expect(response).to have_http_status(:ok)
-      expect(json["valid"]).to eq(true)
+      expect(json['valid']).to eq(true)
-      expect(json["user"]["id"]).to eq(user.id)
+      expect(json['user']['id']).to eq(user.id)
-      expect(json["user"]["inheritance_code"]).to eq(user.inheritance_code)
+      expect(json['user']['inheritance_code']).to eq(user.inheritance_code)
-      expect(json["user"]["role"]).to eq("guest")
+      expect(json['user']['role']).to eq('guest')
-      # ついでに IpAddress もできてることを確認（ipの保存形式がバイナリでも count で見れる）
+      ip_address = IpAddress.find_by(ip_address: IPAddr.new(remote_ip).hton)
-      expect(IpAddress.count).to be >= 1
+      expect(ip_address).to be_present
      expect(UserIp.exists?(user:, ip_address:)).to eq(true)
    end
-    it "is idempotent for same user+ip (does not create duplicate UserIp)" do
+    it 'is idempotent for same user and same IP address' do
-      user = create(:user, inheritance_code: SecureRandom.uuid, role: "guest")
+      user = create(:user, inheritance_code: SecureRandom.uuid, role: 'guest')
      allow_any_instance_of(ActionDispatch::Request).to receive(:remote_ip).and_return("203.0.113.10")
-      post "/users/verify", params: { code: user.inheritance_code }
+      post '/users/verify', params: { code: user.inheritance_code }
      expect(response).to have_http_status(:ok)
      expect {
-        post "/users/verify", params: { code: user.inheritance_code }
+        post '/users/verify', params: { code: user.inheritance_code }
      }.not_to change(UserIp, :count)
      expect(response).to have_http_status(:ok)
-      expect(json["valid"]).to eq(true)
+      expect(json['valid']).to eq(true)
    end
    it 'creates another UserIp for same user and different IP address' do
      user = create(:user, inheritance_code: SecureRandom.uuid, role: 'guest')
      post '/users/verify', params: { code: user.inheritance_code }
      expect(response).to have_http_status(:ok)
      allow_any_instance_of(ActionDispatch::Request)
        .to receive(:remote_ip)
        .and_return('203.0.113.11')
      expect {
        post '/users/verify', params: { code: user.inheritance_code }
      }.to change(UserIp, :count).by(1)
      expect(response).to have_http_status(:ok)
      expect(json['valid']).to eq(true)
    end
  end
-  describe "GET /users/me" do
+  describe 'GET /users/me' do
-    it "returns 404 when code not found" do
+    it 'returns 404 when code not found' do
-      get "/users/me", params: { code: "nope" }
+      get '/users/me', params: { code: 'nope' }
      expect(response).to have_http_status(:not_found)
    end
-    it "returns user slice when found" do
+    it 'returns user slice when found' do
-      user = create(:user, inheritance_code: SecureRandom.uuid, name: "me", role: "guest")
+      user = create(:user, inheritance_code: SecureRandom.uuid, name: 'me', role: 'guest')
-      get "/users/me", params: { code: user.inheritance_code }
+
      get '/users/me', params: { code: user.inheritance_code }
      expect(response).to have_http_status(:ok)
-      expect(json["id"]).to eq(user.id)
+      expect(json['id']).to eq(user.id)
-      expect(json["name"]).to eq("me")
+      expect(json['name']).to eq('me')
-      expect(json["inheritance_code"]).to eq(user.inheritance_code)
+      expect(json['inheritance_code']).to eq(user.inheritance_code)
-      expect(json["role"]).to eq("guest")
+      expect(json['role']).to eq('guest')
    end
    it 'returns 403 when current IP address is banned' do
      user = create(:user, inheritance_code: SecureRandom.uuid)
      IpAddress.create!(
        ip_address: IPAddr.new(remote_ip).hton,
        banned_at: Time.current
      )
      get '/users/me', params: { code: user.inheritance_code }
      expect(response).to have_http_status(:forbidden)
    end
  end
 end
@@ -0,0 +1,27 @@
 require 'rails_helper'
 RSpec.describe 'Wiki body search', type: :request do
  let!(:user) { create_member_user! }
  it 'searches wiki pages by body text' do
    pending '#336 で対応予定'
    Wiki::Commit.create_content!(
        tag_name: TagName.create!(name: 'wiki_body_search_hit'),
        body: 'unique body keyword for wiki search',
        created_by_user: user,
        message: 'init')
    Wiki::Commit.create_content!(
        tag_name: TagName.create!(name: 'wiki_body_search_miss'),
        body: 'ordinary body',
        created_by_user: user,
        message: 'init')
    get '/wiki/search', params: { body: 'unique body keyword' }
    expect(response).to have_http_status(:ok)
    expect(json.map { |page| page['title'] }).to include('wiki_body_search_hit')
    expect(json.map { |page| page['title'] }).not_to include('wiki_body_search_miss')
  end
 end
@@ -0,0 +1,42 @@
 require 'rails_helper'
 RSpec.describe 'Wiki conflict handling', type: :request do
  let!(:user) { create_member_user! }
  def auth_headers user
    { 'X-Transfer-Code' => user.inheritance_code }
  end
  it 'returns 409 when base_revision_id is stale' do
    page =
        Wiki::Commit.create_content!(
            tag_name: TagName.create!(name: 'wiki_conflict_request'),
            body: 'first',
            created_by_user: user,
            message: 'init')
    stale_id = page.current_revision.id
    Wiki::Commit.content!(
        page:,
        body: 'second',
        created_user: user,
        message: 'other edit',
        base_revision_id: stale_id)
    put "/wiki/#{ page.id }",
        params: {
          title: 'wiki_conflict_request',
          body: 'third',
          message: 'stale',
          base_revision_id: stale_id,
        },
        headers: auth_headers(user)
    expect(response).to have_http_status(:conflict)
    page.reload
    expect(page.body).to eq('second')
    expect(page.current_revision.message).to eq('other edit')
  end
 end
@@ -0,0 +1,196 @@
 require 'cgi'
 require 'rails_helper'
 RSpec.describe 'Wiki history integrity', type: :request do
  let!(:user) { create_member_user! }
  def auth_headers user
    { 'X-Transfer-Code' => user.inheritance_code }
  end
  def create_wiki_page title:, body: 'body', message: 'init', user: self.user
    Wiki::Commit.create_content!(
        tag_name: TagName.create!(name: title),
        body:,
        created_by_user: user,
        message:)
  end
  describe 'POST /wiki' do
    it 'creates wiki_page, wiki_revision, and wiki_version atomically' do
      expect {
        post '/wiki',
             params: {
               title: 'wiki_history_create_atomic',
               body: "a\nb\nc",
               message: 'initial commit',
             },
             headers: auth_headers(user)
      }
          .to change(WikiPage, :count).by(1)
          .and change(WikiRevision, :count).by(1)
          .and change(WikiVersion, :count).by(1)
      expect(response).to have_http_status(:created)
      page = WikiPage.find(json.fetch('id'))
      revision = page.current_revision
      version = page.wiki_versions.order(:version_no).last
      expect(page.title).to eq('wiki_history_create_atomic')
      expect(page.body).to eq("a\nb\nc")
      expect(revision).to be_content
      expect(revision.message).to eq('initial commit')
      expect(revision.lines_count).to eq(3)
      expect(version).to have_attributes(
        version_no: 1,
        event_type: 'create',
        title: 'wiki_history_create_atomic',
        body: "a\nb\nc",
        reason: 'initial commit',
        created_by_user_id: user.id
      )
    end
    it 'returns 422 and creates nothing when normalised body is blank' do
      expect {
        post '/wiki',
             params: {
               title: 'wiki_history_blank_body',
               body: "\r\n\r\n",
               message: 'blank',
             },
             headers: auth_headers(user)
      }
          .not_to change(WikiPage, :count)
      expect(response).to have_http_status(:unprocessable_entity)
      expect(WikiPage.joins(:tag_name).where(tag_names: { name: 'wiki_history_blank_body' })).not_to exist
    end
    it 'returns 422 and creates no partial page when title already exists' do
      create_wiki_page(title: 'wiki_history_duplicate_title', body: 'first')
      expect {
        post '/wiki',
             params: {
               title: 'wiki_history_duplicate_title',
               body: 'second',
               message: 'duplicate',
             },
             headers: auth_headers(user)
      }
          .not_to change(WikiPage, :count)
      expect(response).to have_http_status(:unprocessable_entity)
      expect(WikiPage.joins(:tag_name).where(tag_names: { name: 'wiki_history_duplicate_title' }).count).to eq(1)
    end
  end
  describe 'PUT /wiki/:id' do
    it 'updates body and records wiki_revision and wiki_version' do
      page = create_wiki_page(title: 'wiki_history_update_body', body: 'before')
      current_id = page.current_revision.id
      expect {
        put "/wiki/#{ page.id }",
            params: {
              title: 'wiki_history_update_body',
              body: 'after',
              message: 'edit body',
              base_revision_id: current_id,
            },
            headers: auth_headers(user)
      }
          .to change(WikiRevision, :count).by(1)
          .and change(WikiVersion, :count).by(1)
      expect(response).to have_http_status(:ok)
      page.reload
      version = page.wiki_versions.order(:version_no).last
      expect(page.title).to eq('wiki_history_update_body')
      expect(page.body).to eq('after')
      expect(version).to have_attributes(
        event_type: 'update',
        title: 'wiki_history_update_body',
        body: 'after',
        reason: 'edit body',
        created_by_user_id: user.id
      )
    end
    it 'renames title and records wiki_version with new title' do
      page = create_wiki_page(title: 'wiki_history_rename_before', body: 'before')
      current_id = page.current_revision.id
      expect {
        put "/wiki/#{ page.id }",
            params: {
              title: 'wiki_history_rename_after',
              body: 'after',
              message: 'rename',
              base_revision_id: current_id,
            },
            headers: auth_headers(user)
      }
          .to change(WikiRevision, :count).by(1)
          .and change(WikiVersion, :count).by(1)
      expect(response).to have_http_status(:ok)
      page.reload
      version = page.wiki_versions.order(:version_no).last
      expect(page.title).to eq('wiki_history_rename_after')
      expect(page.body).to eq('after')
      expect(version).to have_attributes(
        event_type: 'update',
        title: 'wiki_history_rename_after',
        body: 'after',
        reason: 'rename',
        created_by_user_id: user.id
      )
    end
    it 'does not change title, body, revision, or version on stale base_revision_id' do
      page = create_wiki_page(title: 'wiki_history_conflict_page', body: 'first')
      stale_id = page.current_revision.id
      Wiki::Commit.content!(
          page:,
          body: 'second',
          created_user: user,
          message: 'other edit',
          base_revision_id: stale_id)
      page.reload
      current_title = page.title
      current_body = page.body
      revision_count = page.wiki_revisions.count
      version_count = page.wiki_versions.count
      put "/wiki/#{ page.id }",
          params: {
            title: 'wiki_history_conflict_renamed',
            body: 'third',
            message: 'stale edit',
            base_revision_id: stale_id,
          },
          headers: auth_headers(user)
      expect(response).to have_http_status(:conflict)
      page.reload
      expect(page.title).to eq(current_title)
      expect(page.body).to eq(current_body)
      expect(page.wiki_revisions.count).to eq(revision_count)
      expect(page.wiki_versions.count).to eq(version_count)
    end
  end
 end
@@ -0,0 +1,37 @@
 require 'rails_helper'
 RSpec.describe 'Wiki restore', type: :request do
  let!(:user) { create_member_user! }
  def auth_headers user
    { 'X-Transfer-Code' => user.inheritance_code }
  end
  it 'restores wiki page to previous version' do
    pending '#337 で対応予定'
    page =
        Wiki::Commit.create_content!(
            tag_name: TagName.create!(name: 'wiki_restore_page'),
            body: 'v1',
            created_by_user: user,
            message: 'init')
    v1 = page.wiki_versions.order(:version_no).last
    Wiki::Commit.content!(
        page:,
        body: 'v2',
        created_user: user,
        message: 'edit',
        base_revision_id: page.current_revision.id)
    post "/wiki/#{ page.id }/restore",
         params: { version_no: v1.version_no },
         headers: auth_headers(user)
    expect(response).to have_http_status(:ok)
    expect(page.reload.body).to eq('v1')
    expect(page.wiki_versions.order(:version_no).last.event_type).to eq('restore')
  end
 end
@@ -4,13 +4,19 @@ require 'securerandom'
 RSpec.describe 'Wiki API', type: :request do
  def auth_headers(user)
    { 'X-Transfer-Code' => user.inheritance_code }
  end
  let!(:user) { create_member_user! }
  let!(:tn) { TagName.create!(name: 'spec_wiki_title') }
  let!(:page) do
-    WikiPage.create!(tag_name: tn, created_user: user, updated_user: user).tap do |p|
+    Wiki::Commit.create_content!(
-      Wiki::Commit.content!(page: p, body: 'init', created_user: user, message: 'init')
+        tag_name: tn,
-    end
+        body: 'init',
        created_by_user: user,
        message: 'init')
  end
  describe 'GET /wiki' do
@@ -37,11 +43,12 @@ RSpec.describe 'Wiki API', type: :request do
    context 'when wiki page exists' do
      it 'returns wiki page with title' do
        request
        expect(response).to have_http_status(:ok)
        expect(json).to include(
-            'id'        => page.id,
+            'id' => page.id,
-            'title'     => 'spec_wiki_title')
+            'title' => 'spec_wiki_title')
      end
    end
@@ -50,6 +57,7 @@ RSpec.describe 'Wiki API', type: :request do
      it 'returns 404' do
        request
        expect(response).to have_http_status(:not_found)
      end
    end
@@ -99,25 +107,34 @@ RSpec.describe 'Wiki API', type: :request do
        end
            .to change(WikiPage, :count).by(1)
            .and change(WikiRevision, :count).by(1)
            .and change(WikiVersion, :count).by(1)
        expect(response).to have_http_status(:created)
        page_id = json.fetch('id')
        expect(json.fetch('title')).to eq('TestPage')
-        page = WikiPage.find(page_id)
+        created_page = WikiPage.find(page_id)
-        rev = page.current_revision
+        version = created_page.wiki_versions.order(:version_no).last
        expect(version).to have_attributes(
          version_no: 1,
          event_type: 'create',
          title: 'TestPage',
          body: "a\nb\nc",
          created_by_user_id: member.id
        )
        rev = created_page.current_revision
        expect(rev).to be_present
        expect(rev).to be_content
        expect(rev.message).to eq('init')
-        # body が復元できること
+        expect(created_page.body).to eq("a\nb\nc")
        expect(page.body).to eq("a\nb\nc")
        # 行数とリレーションの整合
        expect(rev.lines_count).to eq(3)
        expect(rev.wiki_revision_lines.order(:position).pluck(:position)).to eq([0, 1, 2])
-        expect(rev.wiki_lines.pluck(:body)).to match_array(%w[a b c])
+        expect(rev.wiki_lines.pluck(:body)).to match_array(['a', 'b', 'c'])
      end
      it 'reuses existing WikiLine rows by sha256' do
@@ -135,6 +152,41 @@ RSpec.describe 'Wiki API', type: :request do
        # "a" の WikiLine が増殖しない（1行のはず）
        expect(WikiLine.where(body: 'a').count).to eq(1)
      end
      it 'deduplicates duplicated new lines before upsert' do
        duplicated = 'duplicated_line_for_wiki_line_upsert_spec'
        post endpoint,
             params: { title: 'DuplicateNewLine', body: "#{ duplicated }\n#{ duplicated }" },
             headers: auth_headers(member)
        expect(response).to have_http_status(:created)
        page = WikiPage.find(json.fetch('id'))
        rev = page.current_revision
        expect(rev.lines_count).to eq(2)
        expect(WikiLine.where(body: duplicated).count).to eq(1)
        expect(rev.wiki_revision_lines.count).to eq(2)
        expect(rev.wiki_revision_lines.pluck(:wiki_line_id).uniq.size).to eq(1)
      end
      it 'normalises CRLF and strips trailing newlines' do
        post endpoint,
             params: { title: 'NormalisedBody', body: "a\r\nb\r\n\r\n", message: 'normalise' },
             headers: auth_headers(member)
        expect(response).to have_http_status(:created)
        page = WikiPage.find(json.fetch('id'))
        rev = page.current_revision
        version = page.wiki_versions.order(:version_no).last
        expect(page.body).to eq("a\nb")
        expect(version.body).to eq("a\nb")
        expect(rev.lines_count).to eq(2)
        expect(rev.wiki_lines.order('wiki_revision_lines.position').map(&:body)).to eq(['a', 'b'])
      end
    end
  end
@@ -146,17 +198,14 @@ RSpec.describe 'Wiki API', type: :request do
      { 'X-Transfer-Code' => user.inheritance_code }
    end
-    #let!(:page) { create(:wiki_page, title: 'TestPage') }
+    let!(:test_tag_name) { TagName.create!(name: 'TestPage') }
    let!(:page) do
      build(:wiki_page, title: 'TestPage').tap do |p|
        puts p.errors.full_messages unless p.valid?
        p.save!
      end
    end
-    before do
+    let!(:page) do
-      # 初期版を 1 つ作っておく（更新が“2版目”になるように）
+      Wiki::Commit.create_content!(
-      Wiki::Commit.content!(page: page, body: "a\nb", created_user: member, message: 'init')
+          tag_name: test_tag_name,
          body: "a\nb",
          created_by_user: member,
          message: 'init')
    end
    context 'when not logged in' do
@@ -182,14 +231,6 @@ RSpec.describe 'Wiki API', type: :request do
            headers: auth_headers(member)
        expect(response).to have_http_status(:unprocessable_entity)
      end
      it 'returns 422 when title mismatched (if you forbid rename here)' do
        put "/wiki/#{page.id}",
            params: { title: 'OtherTitle', body: 'x' },
            headers: auth_headers(member)
        # 君の controller 例だと title 変更は 422 にしてた
        expect(response).to have_http_status(:unprocessable_entity)
      end
    end
    context 'when success' do
@@ -200,7 +241,18 @@ RSpec.describe 'Wiki API', type: :request do
          put "/wiki/#{page.id}",
              params: { title: 'TestPage', body: "x\ny", message: 'edit', base_revision_id: current_id },
              headers: auth_headers(member)
-        end.to change(WikiRevision, :count).by(1)
+        end
            .to change(WikiRevision, :count).by(1)
            .and change(WikiVersion, :count).by(1)
        version = page.wiki_versions.order(:version_no).last
        expect(version).to have_attributes(
          event_type: 'update',
          title: 'TestPage',
          body: "x\ny",
          created_by_user_id: member.id
        )
        expect(response).to have_http_status(:ok)
@@ -211,25 +263,60 @@ RSpec.describe 'Wiki API', type: :request do
        expect(page.body).to eq("x\ny")
        expect(rev.base_revision_id).to eq(current_id)
      end
      it 'wiki body だけを変更しても tag version は作成しない' do
        linked_tag_name = TagName.create!(name: 'wiki_body_only_tag')
        linked_tag = Tag.create!(tag_name: linked_tag_name, category: :general)
        TagVersionRecorder.record!(
            tag: linked_tag,
            event_type: :create,
            created_by_user: member)
        linked_page =
            Wiki::Commit.create_content!(
                tag_name: linked_tag_name,
                body: 'before',
                created_by_user: member,
                message: 'init')
        current_id = linked_page.current_revision.id
        before_count = linked_tag.reload.tag_versions.count
        expect {
          put "/wiki/#{ linked_page.id }",
              params: {
                title: 'wiki_body_only_tag',
                body: 'after',
                message: 'edit',
                base_revision_id: current_id,
              },
              headers: auth_headers(member)
        }
            .to change(WikiRevision, :count).by(1)
            .and change(WikiVersion, :count).by(1)
        expect(response).to have_http_status(:ok)
        expect(linked_tag.reload.tag_versions.count).to eq(before_count)
      end
    end
-    # TODO: コンフリクト未実装のため，実装したらコメント外す．
+    context 'when conflict' do
-    # context 'when conflict' do
+      it 'returns 409 when base_revision_id mismatches' do
-    #   it 'returns 409 when base_revision_id mismatches' do
+        # 先に別ユーザ（同じ member でもOK）が 1 回更新して先頭を進める
-    #     # 先に別ユーザ（同じ member でもOK）が 1 回更新して先頭を進める
+        Wiki::Commit.content!(page: page, body: "zzz", created_user: member, message: 'other edit')
-    #     Wiki::Commit.content!(page: page, body: "zzz", created_user: member, message: 'other edit')
+        page.reload
    #     page.reload
-    #     stale_id = page.wiki_revisions.order(:id).first.id # わざと古い id
+        stale_id = page.wiki_revisions.order(:id).first.id # わざと古い id
-    #     put "/wiki/#{page.id}",
+        put "/wiki/#{page.id}",
-    #         params: { title: 'TestPage', body: 'x', base_revision_id: stale_id },
+            params: { title: 'TestPage', body: 'x', base_revision_id: stale_id },
-    #         headers: auth_headers(member)
+            headers: auth_headers(member)
-    #     expect(response).to have_http_status(:conflict)
+        expect(response).to have_http_status(:conflict)
-    #     json = JSON.parse(response.body)
+        json = JSON.parse(response.body)
-    #     expect(json['error']).to eq('conflict')
+        expect(json['error']).to eq('conflict')
-    #   end
+      end
-    # end
+    end
    context 'when page not found' do
      it 'returns 404' do
@@ -261,14 +348,17 @@ RSpec.describe 'Wiki API', type: :request do
  describe 'GET /wiki/search' do
    before do
-      # 追加で検索ヒット用
+      Wiki::Commit.create_content!(
-      TagName.create!(name: 'spec_wiki_title_2')
+          tag_name: TagName.create!(name: 'spec_wiki_title_2'),
-      WikiPage.create!(tag_name: TagName.find_by!(name: 'spec_wiki_title_2'),
+          body: 'search body 2',
-                       created_user: user, updated_user: user)
+          created_by_user: user,
          message: 'init')
-      TagName.create!(name: 'unrelated_title')
+      Wiki::Commit.create_content!(
-      WikiPage.create!(tag_name: TagName.find_by!(name: 'unrelated_title'),
+          tag_name: TagName.create!(name: 'unrelated_title'),
-                       created_user: user, updated_user: user)
+          body: 'unrelated body',
          created_by_user: user,
          message: 'init')
    end
    it 'returns up to 20 pages filtered by title like' do
@@ -278,7 +368,9 @@ RSpec.describe 'Wiki API', type: :request do
      expect(json).to be_an(Array)
      titles = json.map { |p| p['title'] }
-      expect(titles).to include('spec_wiki_title', 'spec_wiki_title_2')
+
      expect(titles).to include('spec_wiki_title')
      expect(titles).to include('spec_wiki_title_2')
      expect(titles).not_to include('unrelated_title')
    end
@@ -329,7 +421,12 @@ RSpec.describe 'Wiki API', type: :request do
    it 'returns empty array when page has no revisions and filtered by id' do
      # 別ページを作って revision 無し
      tn2 = TagName.create!(name: 'spec_no_rev')
-      p2 = WikiPage.create!(tag_name: tn2, created_user: user, updated_user: user)
+      # 異常データ: revision 無し WikiPage を直接作る
      p2 = WikiPage.create!(
          tag_name: tn2,
          body: 'init',
          created_user: user,
          updated_user: user)
      get "/wiki/changes?id=#{p2.id}"
      expect(response).to have_http_status(:ok)
@@ -398,29 +495,68 @@ RSpec.describe 'Wiki API', type: :request do
      expect(json['older_revision_id']).to eq(rev_a.id)
      expect(json['newer_revision_id']).to eq(page.current_revision.id)
    end
  end
-    it 'returns 422 when "to" is redirect revision' do
+  describe 'Wiki::Commit.redirect!' do
-      # redirect revision を作る
+    it 'raises because redirect revisions are deprecated' do
-      tn2 = TagName.create!(name: 'redirect_target')
+      target_tag_name = TagName.create!(name: 'redirect_deprecated_target')
-      target = WikiPage.create!(tag_name: tn2, created_user: user, updated_user: user)
+      target =
          Wiki::Commit.create_content!(
              tag_name: target_tag_name,
              body: 'target',
              created_by_user: user,
              message: 'init')
-      Wiki::Commit.redirect!(page: page, redirect_page: target, created_user: user, message: 'redir')
+      expect {
-      redirect_rev = page.current_revision
+        Wiki::Commit.redirect!(
-      expect(redirect_rev).to be_redirect
+          page: page,
-
+          redirect_page: target,
-      get "/wiki/#{page.id}/diff?from=#{rev_a.id}&to=#{redirect_rev.id}"
+          created_user: user,
-      expect(response).to have_http_status(:unprocessable_entity)
+          message: 'redirect',
-    end
+          base_revision_id: page.current_revision.id
-
+        )
-    it 'returns 422 when "from" is redirect revision' do
+      }.to raise_error(RuntimeError, '廃止しました．')
      tn2 = TagName.create!(name: 'redirect_target2')
      target = WikiPage.create!(tag_name: tn2, created_user: user, updated_user: user)
      Wiki::Commit.redirect!(page: page, redirect_page: target, created_user: user, message: 'redir2')
      redirect_rev = page.current_revision
      get "/wiki/#{page.id}/diff?from=#{redirect_rev.id}&to=#{rev_b.id}"
      expect(response).to have_http_status(:unprocessable_entity)
    end
  end
  it 'wiki title を変更すると対応する tag の version を作成する' do
    linked_tag_name = TagName.create!(name: 'wiki_linked_tag_for_version')
    linked_tag = Tag.create!(tag_name: linked_tag_name, category: :general)
    linked_page =
        Wiki::Commit.create_content!(
            tag_name: linked_tag_name,
            body: 'before',
            created_by_user: user,
            message: 'init')
    current_id = linked_page.current_revision.id
    expect {
      put "/wiki/#{ linked_page.id }",
          params: {
            title: 'wiki_linked_tag_for_version_renamed',
            body: 'after',
            message: 'rename',
            base_revision_id: current_id,
          },
          headers: auth_headers(user)
    }
        .to change(WikiRevision, :count).by(1)
        .and change(WikiVersion, :count).by(1)
        .and change { linked_tag.reload.tag_versions.count }.by(2)
    expect(response).to have_http_status(:ok)
    linked_tag.reload
    expect(linked_tag.name).to eq('wiki_linked_tag_for_version_renamed')
    versions = linked_tag.tag_versions.order(:version_no)
    expect(versions.first.event_type).to eq('create')
    expect(versions.first.name).to eq('wiki_linked_tag_for_version')
    expect(versions.second.event_type).to eq('update')
    expect(versions.second.name).to eq('wiki_linked_tag_for_version_renamed')
  end
 end
@@ -0,0 +1,62 @@
 require 'rails_helper'
 RSpec.describe 'Wiki title collision', type: :request do
  let!(:user) { create_member_user! }
  def auth_headers user
    { 'X-Transfer-Code' => user.inheritance_code }
  end
  def create_wiki_page title:, body:
    Wiki::Commit.create_content!(
        tag_name: TagName.create!(name: title),
        body:,
        created_by_user: user,
        message: 'init')
  end
  it 'returns 422 when renaming wiki title to existing title' do
    source = create_wiki_page(title: 'wiki_collision_source', body: 'source body')
    create_wiki_page(title: 'wiki_collision_target', body: 'target body')
    source_revision_count = source.wiki_revisions.count
    source_version_count = source.wiki_versions.count
    old_title = source.title
    old_body = source.body
    put "/wiki/#{ source.id }",
        params: {
          title: 'wiki_collision_target',
          body: 'new body',
          message: 'rename collision',
          base_revision_id: source.current_revision.id,
        },
        headers: auth_headers(user)
    expect(response).to have_http_status(:unprocessable_entity)
    source.reload
    expect(source.title).to eq(old_title)
    expect(source.body).to eq(old_body)
    expect(source.wiki_revisions.count).to eq(source_revision_count)
    expect(source.wiki_versions.count).to eq(source_version_count)
  end
  it 'returns 422 when creating wiki with existing title' do
    create_wiki_page(title: 'wiki_collision_create', body: 'already exists')
    expect {
      post '/wiki',
           params: {
             title: 'wiki_collision_create',
             body: 'new body',
             message: 'duplicate create',
           },
           headers: auth_headers(user)
    }
        .not_to change(WikiPage, :count)
    expect(response).to have_http_status(:unprocessable_entity)
  end
 end
@@ -0,0 +1,85 @@
 require 'rails_helper'
 RSpec.describe VersionRecorder do
  let(:member) { create(:user, :member) }
  let(:post_record) do
    Post.create!(
        title: 'version recorder post',
        url: 'https://example.com/version-recorder-post')
  end
  it 'updates record version_no when creating the first version' do
    version =
        PostVersionRecorder.record!(
            post: post_record,
            event_type: :create,
            created_by_user: member)
    expect(version.version_no).to eq(1)
    expect(post_record.reload.version_no).to eq(1)
  end
  it 'updates record version_no when creating the next version' do
    PostVersionRecorder.record!(
        post: post_record,
        event_type: :create,
        created_by_user: member)
    post_record.update!(title: 'updated version recorder post')
    version =
        PostVersionRecorder.record!(
            post: post_record.reload,
            event_type: :update,
            created_by_user: member)
    expect(version.version_no).to eq(2)
    expect(post_record.reload.version_no).to eq(2)
  end
  it 'does not create a new version or advance version_no when snapshot is unchanged' do
    first =
        PostVersionRecorder.record!(
            post: post_record,
            event_type: :create,
            created_by_user: member)
    expect {
      version =
          PostVersionRecorder.record!(
              post: post_record.reload,
              event_type: :update,
              created_by_user: member)
      expect(version).to eq(first)
    }.not_to change(PostVersion, :count)
    expect(post_record.reload.version_no).to eq(1)
  end
  it 'raises when record version_no is older than the latest version' do
    PostVersionRecorder.record!(
        post: post_record,
        event_type: :create,
        created_by_user: member)
    post_record.update!(title: 'updated once')
    PostVersionRecorder.record!(
        post: post_record.reload,
        event_type: :update,
        created_by_user: member)
    post_record.update_columns(version_no: 1)
    post_record.update!(title: 'updated with stale version_no')
    expect {
      PostVersionRecorder.record!(
          post: post_record.reload,
          event_type: :update,
          created_by_user: member)
    }.to raise_error(RuntimeError, /version_no/)
  end
 end
@@ -0,0 +1,173 @@
 require 'digest'
 require 'rails_helper'
 RSpec.describe Wiki::Commit do
  let(:user) { create_member_user! }
  def create_page title:, body: 'initial body'
    described_class.create_content!(
        tag_name: TagName.create!(name: title),
        body:,
        created_by_user: user,
        message: 'init')
  end
  describe '.create_content!' do
    it 'creates page, revision, and version with normalised body' do
      expect {
        described_class.create_content!(
            tag_name: TagName.create!(name: 'commit_integrity_create'),
            body: "a\r\nb\r\n\r\n",
            created_by_user: user,
            message: 'init')
      }
          .to change(WikiPage, :count).by(1)
          .and change(WikiRevision, :count).by(1)
          .and change(WikiVersion, :count).by(1)
      page = WikiPage.joins(:tag_name).find_by!(tag_names: { name: 'commit_integrity_create' })
      revision = page.current_revision
      version = page.wiki_versions.order(:version_no).last
      expect(page.body).to eq("a\nb")
      expect(revision.lines_count).to eq(2)
      expect(version.body).to eq("a\nb")
      expect(version.reason).to eq('init')
    end
    it 'rejects body that becomes blank after normalisation' do
      tag_name = TagName.create!(name: 'commit_integrity_blank')
      expect {
        described_class.create_content!(
            tag_name:,
            body: "\r\n\r\n",
            created_by_user: user,
            message: 'blank')
      }
          .to raise_error(ActiveRecord::RecordInvalid)
      expect(WikiPage.where(tag_name:)).not_to exist
    end
  end
  describe '.content!' do
    it 'updates page body, revision, and version' do
      page = create_page(title: 'commit_integrity_update', body: 'before')
      current_id = page.current_revision.id
      expect {
        described_class.content!(
            page:,
            body: 'after',
            created_user: user,
            message: 'edit',
            base_revision_id: current_id)
      }
          .to change(WikiRevision, :count).by(1)
          .and change(WikiVersion, :count).by(1)
      page.reload
      version = page.wiki_versions.order(:version_no).last
      expect(page.body).to eq('after')
      expect(version.body).to eq('after')
      expect(version.reason).to eq('edit')
    end
    it 'does not record tag_version on body-only wiki update' do
      tag_name = TagName.create!(name: 'commit_integrity_linked_tag')
      tag = Tag.create!(tag_name:, category: :general)
      page =
          described_class.create_content!(
              tag_name:,
              body: 'before',
              created_by_user: user,
              message: 'init')
      TagVersionRecorder.record!(
          tag:,
          event_type: :create,
          created_by_user: user)
      before_count = tag.reload.tag_versions.count
      described_class.content!(
          page:,
          body: 'after',
          created_user: user,
          message: 'edit',
          base_revision_id: page.current_revision.id)
      expect(tag.reload.tag_versions.count).to eq(before_count)
    end
    it 'raises conflict and leaves page, revision, and version unchanged' do
      page = create_page(title: 'commit_integrity_conflict', body: 'first')
      stale_id = page.current_revision.id
      described_class.content!(
          page:,
          body: 'second',
          created_user: user,
          message: 'second',
          base_revision_id: stale_id)
      page.reload
      before_body = page.body
      before_revision_count = page.wiki_revisions.count
      before_version_count = page.wiki_versions.count
      expect {
        described_class.content!(
            page:,
            body: 'third',
            created_user: user,
            message: 'stale',
            base_revision_id: stale_id)
      }
          .to raise_error(Wiki::Commit::Conflict)
      page.reload
      expect(page.body).to eq(before_body)
      expect(page.wiki_revisions.count).to eq(before_revision_count)
      expect(page.wiki_versions.count).to eq(before_version_count)
    end
    it 'deduplicates duplicated missing wiki lines' do
      page = create_page(title: 'commit_integrity_dedup', body: 'before')
      duplicated = 'commit_integrity_duplicate_line'
      described_class.content!(
          page:,
          body: "#{ duplicated }\n#{ duplicated }",
          created_user: user,
          message: 'dedup',
          base_revision_id: page.current_revision.id)
      revision = page.reload.current_revision
      expect(WikiLine.where(body: duplicated).count).to eq(1)
      expect(revision.wiki_revision_lines.count).to eq(2)
      expect(revision.wiki_revision_lines.pluck(:wiki_line_id).uniq.size).to eq(1)
    end
  end
  describe '.redirect!' do
    it 'raises because redirect revisions are deprecated' do
      page = create_page(title: 'commit_integrity_redirect_source', body: 'source')
      target = create_page(title: 'commit_integrity_redirect_target', body: 'target')
      expect {
        described_class.redirect!(
            page:,
            redirect_page: target,
            created_user: user,
            message: 'redirect',
            base_revision_id: page.current_revision.id)
      }
          .to raise_error(RuntimeError, '廃止しました．')
    end
  end
 end
@@ -0,0 +1,150 @@
 require 'rails_helper'
 RSpec.describe Wiki::Commit do
  let(:user) { create_member_user! }
  def create_page(title: 'commit_spec_page', body: 'initial body')
    tag_name = TagName.create!(name: title)
    Wiki::Commit.create_content!(
        tag_name:,
        body:,
        created_by_user: user,
        message: 'init')
  end
  describe '.content!' do
    it 'stores normalised body in wiki_pages and wiki_versions' do
      page = create_page(title: 'commit_normalised_page')
      described_class.content!(
        page:,
        body: "a\r\nb\r\n\r\n",
        created_user: user,
        message: 'init'
      )
      page.reload
      version = page.wiki_versions.order(:version_no).last
      expect(page.body).to eq("a\nb")
      expect(version.body).to eq("a\nb")
      expect(page.current_revision.lines_count).to eq(2)
    end
    it 'deduplicates duplicated missing wiki lines before upsert' do
      page = create_page(title: 'commit_duplicate_line_page')
      duplicated = 'commit_duplicate_line'
      described_class.content!(
        page:,
        body: "#{ duplicated }\n#{ duplicated }",
        created_user: user,
        message: 'init'
      )
      page.reload
      expect(WikiLine.where(body: duplicated).count).to eq(1)
      expect(page.current_revision.lines_count).to eq(2)
      expect(page.current_revision.wiki_revision_lines.count).to eq(2)
    end
    it 'raises conflict when base_revision_id is stale' do
      page = create_page(title: 'commit_conflict_page')
      first = described_class.content!(
        page:,
        body: 'first',
        created_user: user,
        message: 'first'
      )
      described_class.content!(
        page:,
        body: 'second',
        created_user: user,
        message: 'second',
        base_revision_id: first.id
      )
      expect {
        described_class.content!(
          page:,
          body: 'third',
          created_user: user,
          message: 'third',
          base_revision_id: first.id
        )
      }.to raise_error(Wiki::Commit::Conflict)
    end
    it 'does not record tag version when corresponding tag has no versions' do
      tag_name = TagName.create!(name: 'commit_linked_tag_without_versions')
      tag = Tag.create!(tag_name:, category: :general)
      page =
          described_class.create_content!(
              tag_name:,
              body: 'before',
              created_by_user: user,
              message: 'init')
      expect(tag.reload.tag_versions.count).to eq(0)
      current_revision_id = page.current_revision.id
      expect {
        described_class.content!(
            page:,
            body: 'after',
            created_user: user,
            message: 'edit',
            base_revision_id: current_revision_id)
      }.to change(WikiVersion, :count).by(1)
      expect(tag.reload.tag_versions.count).to eq(0)
    end
    it 'does not record tag version when corresponding tag has no versions' do
      tag_name = TagName.create!(name: 'commit_linked_tag_without_versions')
      tag = Tag.create!(tag_name:, category: :general)
      page =
          described_class.create_content!(
              tag_name:,
              body: 'before',
              created_by_user: user,
              message: 'init')
      current_revision_id = page.current_revision.id
      expect {
        described_class.content!(
            page:,
            body: 'after',
            created_user: user,
            message: 'edit',
            base_revision_id: current_revision_id)
      }.to change(WikiVersion, :count).by(1)
      expect(tag.reload.tag_versions.count).to eq(0)
    end
  end
  describe '.redirect!' do
    it 'raises because redirect revisions are deprecated' do
      page = create_page(title: 'commit_redirect_source')
      target = create_page(title: 'commit_redirect_target')
      expect {
        described_class.redirect!(
          page:,
          redirect_page: target,
          created_user: user,
          message: 'redirect'
        )
      }.to raise_error(RuntimeError, '廃止しました．')
    end
  end
 end
@@ -0,0 +1,99 @@
 require 'rails_helper'
 RSpec.describe WikiVersionRecorder do
  let(:user) { create_member_user! }
  def create_page title:, body: 'body'
    Wiki::Commit.create_content!(
        tag_name: TagName.create!(name: title),
        body:,
        created_by_user: user,
        message: 'init')
  end
  describe '.record!' do
    it 'records title, body, reason, user, and version number' do
      page = create_page(title: 'wiki_version_recorder_basic', body: 'body')
      expect {
        described_class.record!(
            page:,
            event_type: :update,
            reason: 'manual reason',
            created_by_user: user)
      }
          .to change { page.reload.wiki_versions.count }.by(1)
      version = page.wiki_versions.order(:version_no).last
      expect(version).to have_attributes(
        version_no: 2,
        event_type: 'update',
        title: 'wiki_version_recorder_basic',
        body: 'body',
        reason: 'manual reason',
        created_by_user_id: user.id
      )
    end
    it 'does not create duplicated update version for identical snapshot' do
      page = create_page(title: 'wiki_version_recorder_duplicate', body: 'body')
      described_class.record!(
          page:,
          event_type: :update,
          reason: nil,
          created_by_user: user)
      before_count = page.reload.wiki_versions.count
      described_class.record!(
          page:,
          event_type: :update,
          reason: nil,
          created_by_user: user)
      expect(page.reload.wiki_versions.count).to eq(before_count)
    end
    it 'creates update version when title changes' do
      page = create_page(title: 'wiki_version_recorder_title_before', body: 'body')
      page.tag_name.update!(name: 'wiki_version_recorder_title_after')
      expect {
        described_class.record!(
            page:,
            event_type: :update,
            reason: 'rename',
            created_by_user: user)
      }
          .to change { page.reload.wiki_versions.count }.by(1)
      version = page.wiki_versions.order(:version_no).last
      expect(version.title).to eq('wiki_version_recorder_title_after')
      expect(version.body).to eq('body')
      expect(version.reason).to eq('rename')
    end
    it 'creates update version when body changes' do
      page = create_page(title: 'wiki_version_recorder_body', body: 'before')
      page.update!(body: 'after')
      expect {
        described_class.record!(
            page:,
            event_type: :update,
            reason: 'body',
            created_by_user: user)
      }
          .to change { page.reload.wiki_versions.count }.by(1)
      version = page.wiki_versions.order(:version_no).last
      expect(version.title).to eq('wiki_version_recorder_body')
      expect(version.body).to eq('after')
      expect(version.reason).to eq('body')
    end
  end
 end
@@ -0,0 +1,130 @@
 require 'rails_helper'
 RSpec.describe Youtube::ApiClient do
  let(:api_key) { 'test-api-key' }
  let(:client) { described_class.new(api_key:) }
  describe '#search_videos' do
    it 'calls YouTube search API with expected params' do
      published_after = Time.zone.parse('2026-05-01 00:00:00')
      published_before = Time.zone.parse('2026-05-02 00:00:00')
      expect(client).to receive(:get_json).with(
        '/search',
        {
          part: 'snippet',
          type: 'video',
          q: 'ぼざろクリーチャー',
          order: 'date',
          maxResults: 50,
          regionCode: 'JP',
          relevanceLanguage: 'ja',
          publishedAfter: published_after.iso8601,
          publishedBefore: published_before.iso8601,
          pageToken: 'NEXT'
        }
      ).and_return({ 'items' => [] })
      client.search_videos(
        q: 'ぼざろクリーチャー',
        published_after:,
        published_before:,
        page_token: 'NEXT'
      )
    end
    it 'omits nil optional params' do
      expect(client).to receive(:get_json).with(
        '/search',
        hash_excluding(:publishedAfter, :publishedBefore, :pageToken)
      ).and_return({ 'items' => [] })
      client.search_videos(q: 'ぼざろクリーチャー')
    end
  end
  describe '#videos' do
    it 'returns empty items when ids are empty' do
      expect(client).not_to receive(:get_json)
      expect(client.videos([])).to eq({ 'items' => [] })
    end
    it 'calls videos API with comma separated ids' do
      expect(client).to receive(:get_json).with(
        '/videos',
        {
          part: 'snippet,status,contentDetails',
          id: 'video-1,video-2'
        }
      ).and_return({ 'items' => [] })
      client.videos(['video-1', 'video-2'])
    end
  end
  describe '#playlist_items' do
    it 'calls playlistItems API with page token' do
      expect(client).to receive(:get_json).with(
        '/playlistItems',
        {
          part: 'snippet,contentDetails,status',
          playlistId: 'PL123',
          maxResults: 50,
          pageToken: 'NEXT'
        }
      ).and_return({ 'items' => [] })
      client.playlist_items(playlist_id: 'PL123', page_token: 'NEXT')
    end
    it 'omits page token when nil' do
      expect(client).to receive(:get_json).with(
        '/playlistItems',
        {
          part: 'snippet,contentDetails,status',
          playlistId: 'PL123',
          maxResults: 50
        }
      ).and_return({ 'items' => [] })
      client.playlist_items(playlist_id: 'PL123')
    end
  end
  describe '#channel' do
    it 'calls channels API by id' do
      expect(client).to receive(:get_json).with(
        '/channels',
        {
          part: 'snippet,contentDetails',
          id: 'UC123'
        }
      ).and_return({ 'items' => [] })
      client.channel(id: 'UC123')
    end
    it 'calls channels API by handle' do
      expect(client).to receive(:get_json).with(
        '/channels',
        {
          part: 'snippet,contentDetails',
          forHandle: '@some_handle'
        }
      ).and_return({ 'items' => [] })
      client.channel(handle: '@some_handle')
    end
    it 'raises when neither id nor handle is given' do
      expect { client.channel }.to raise_error(ArgumentError, 'id or handle is required')
    end
    it 'raises when both id and handle are given' do
      expect do
        client.channel(id: 'UC123', handle: '@some_handle')
      end.to raise_error(ArgumentError, 'id or handle is required')
    end
  end
 end
@@ -0,0 +1,310 @@
 require 'rails_helper'
 RSpec.describe Youtube::Sync do
  let(:client) { instance_double(Youtube::ApiClient) }
  let(:sync) { described_class.new(client:) }
  before do
    allow(PostVersionRecorder).to receive(:record!)
    allow(PostVersionRecorder).to receive(:ensure_snapshot!)
    allow(sync).to receive(:attach_thumbnail_if_needed!)
  end
  describe '#sync!' do
    it 'returns without fetching video details when no video ids are discovered' do
      allow(sync).to receive(:query_terms).and_return([])
      allow(sync).to receive(:playlist_ids).and_return([])
      expect(client).not_to receive(:videos)
      sync.sync!
    end
    it 'discovers ids from search and all playlist pages' do
      allow(sync).to receive(:query_terms).and_return(['ぼざろクリーチャー'])
      allow(sync).to receive(:playlist_ids).and_return(['PL123'])
      allow(sync).to receive(:sync_since).and_return(Time.zone.parse('2026-05-01 00:00:00'))
      allow(client).to receive(:search_videos).with(
        q: 'ぼざろクリーチャー',
        published_after: Time.zone.parse('2026-05-01 00:00:00')
      ).and_return({
        'items' => [
          {
            'id' => {
              'videoId' => 'search-video-1'
            }
          }
        ]
      })
      allow(client).to receive(:playlist_items).with(
        playlist_id: 'PL123',
        page_token: nil
      ).and_return({
        'items' => [
          {
            'contentDetails' => {
              'videoId' => 'playlist-video-1'
            }
          }
        ],
        'nextPageToken' => 'NEXT'
      })
      allow(client).to receive(:playlist_items).with(
        playlist_id: 'PL123',
        page_token: 'NEXT'
      ).and_return({
        'items' => [
          {
            'snippet' => {
              'resourceId' => {
                'videoId' => 'playlist-video-2'
              }
            }
          }
        ]
      })
      expect(client).to receive(:videos).with(
        satisfy do |ids|
          ids.sort == ['playlist-video-1', 'playlist-video-2', 'search-video-1']
        end
      ).and_return({ 'items' => [] })
      sync.sync!
    end
    it 'creates a YouTube post with default tags and no_deerjikist when no deerjikist mapping exists' do
      Tag.tagme
      Tag.bot
      Tag.youtube
      Tag.video
      Tag.no_deerjikist
      allow(sync).to receive(:query_terms).and_return([])
      allow(sync).to receive(:playlist_ids).and_return(['PL123'])
      allow(client).to receive(:playlist_items).with(
        playlist_id: 'PL123',
        page_token: nil
      ).and_return({
        'items' => [
          {
            'contentDetails' => {
              'videoId' => 'video-1'
            }
          }
        ]
      })
      allow(client).to receive(:videos).with(['video-1']).and_return({
        'items' => [
          youtube_video_item(
            id: 'video-1',
            title: 'YouTube テスト動画',
            channel_id: 'UC_NO_MAPPING'
          )
        ]
      })
      expect do
        sync.sync!
      end.to change(Post, :count).by(1)
      post = Post.find_by!(url: 'https://www.youtube.com/watch?v=video-1')
      tag_ids = post.tags.pluck(:id)
      expect(post.title).to eq('YouTube テスト動画')
      expect(post.uploaded_user_id).to be_nil
      expect(post.original_created_from).to eq(Time.zone.parse('2026-05-01 12:34:00'))
      expect(post.original_created_before).to eq(Time.zone.parse('2026-05-01 12:35:00'))
      expect(tag_ids).to include(Tag.tagme.id)
      expect(tag_ids).to include(Tag.bot.id)
      expect(tag_ids).to include(Tag.youtube.id)
      expect(tag_ids).to include(Tag.video.id)
      expect(tag_ids).to include(Tag.no_deerjikist.id)
      expect(PostVersionRecorder).to have_received(:record!).with(
        post:,
        event_type: :create,
        created_by_user: nil
      )
    end
    it 'uses deerjikist tag when channel id is mapped' do
      Tag.tagme
      Tag.bot
      Tag.youtube
      Tag.video
      Tag.no_deerjikist
      deerjikist_tag = Tag.find_or_create_by_tag_name!('テスト投稿者', category: :deerjikist)
      Deerjikist.create!(
        platform: 'youtube',
        code: 'UC_MAPPED',
        tag: deerjikist_tag
      )
      allow(sync).to receive(:query_terms).and_return([])
      allow(sync).to receive(:playlist_ids).and_return(['PL123'])
      allow(client).to receive(:playlist_items).with(
        playlist_id: 'PL123',
        page_token: nil
      ).and_return({
        'items' => [
          {
            'contentDetails' => {
              'videoId' => 'video-1'
            }
          }
        ]
      })
      allow(client).to receive(:videos).with(['video-1']).and_return({
        'items' => [
          youtube_video_item(
            id: 'video-1',
            title: 'YouTube テスト動画',
            channel_id: 'UC_MAPPED'
          )
        ]
      })
      sync.sync!
      post = Post.find_by!(url: 'https://www.youtube.com/watch?v=video-1')
      tag_ids = post.tags.pluck(:id)
      expect(tag_ids).to include(deerjikist_tag.id)
      expect(tag_ids).not_to include(Tag.no_deerjikist.id)
    end
    it 'removes no_deerjikist when deerjikist mapping is added later' do
      Tag.no_deerjikist
      post = Post.create!(
        title: '旧タイトル',
        url: 'https://www.youtube.com/watch?v=video-1',
        uploaded_user_id: nil,
        original_created_from: Time.zone.parse('2026-05-01 00:00:00'),
        original_created_before: Time.zone.parse('2026-05-01 00:01:00')
      )
      PostTag.create!(post:, tag: Tag.no_deerjikist)
      deerjikist_tag = Tag.find_or_create_by_tag_name!('後から判明した投稿者', category: :deerjikist)
      Deerjikist.create!(
        platform: 'youtube',
        code: 'UC_MAPPED_LATER',
        tag: deerjikist_tag
      )
      allow(sync).to receive(:query_terms).and_return([])
      allow(sync).to receive(:playlist_ids).and_return(['PL123'])
      allow(client).to receive(:playlist_items).with(
        playlist_id: 'PL123',
        page_token: nil
      ).and_return({
        'items' => [
          {
            'contentDetails' => {
              'videoId' => 'video-1'
            }
          }
        ]
      })
      allow(client).to receive(:videos).with(['video-1']).and_return({
        'items' => [
          youtube_video_item(
            id: 'video-1',
            title: '新タイトル',
            channel_id: 'UC_MAPPED_LATER'
          )
        ]
      })
      sync.sync!
      post.reload
      tag_ids = post.tags.pluck(:id)
      expect(post.title).to eq('新タイトル')
      expect(tag_ids).to include(deerjikist_tag.id)
      expect(tag_ids).not_to include(Tag.no_deerjikist.id)
      expect(PostVersionRecorder).to have_received(:ensure_snapshot!).with(
        post,
        created_by_user: nil
      )
      expect(PostVersionRecorder).to have_received(:record!).with(
        post:,
        event_type: :update,
        created_by_user: nil
      )
    end
    it 'matches existing youtu.be URL and does not create duplicate post' do
      post = Post.create!(
        title: '旧タイトル',
        url: 'https://youtu.be/video-1',
        uploaded_user_id: nil,
        original_created_from: Time.zone.parse('2026-05-01 00:00:00'),
        original_created_before: Time.zone.parse('2026-05-01 00:01:00')
      )
      allow(sync).to receive(:query_terms).and_return([])
      allow(sync).to receive(:playlist_ids).and_return(['PL123'])
      allow(client).to receive(:playlist_items).with(
        playlist_id: 'PL123',
        page_token: nil
      ).and_return({
        'items' => [
          {
            'contentDetails' => {
              'videoId' => 'video-1'
            }
          }
        ]
      })
      allow(client).to receive(:videos).with(['video-1']).and_return({
        'items' => [
          youtube_video_item(
            id: 'video-1',
            title: '新タイトル',
            channel_id: 'UC_NO_MAPPING'
          )
        ]
      })
      expect do
        sync.sync!
      end.not_to change(Post, :count)
      expect(post.reload.title).to eq('新タイトル')
    end
  end
  def youtube_video_item(id:, title:, channel_id:)
    {
      'id' => id,
      'snippet' => {
        'title' => title,
        'channelId' => channel_id,
        'publishedAt' => '2026-05-01T12:34:56Z',
        'thumbnails' => {
          'high' => {
            'url' => "https://img.youtube.com/#{id}.jpg"
          }
        },
        'tags' => ['tag-a', 'tag-b']
      }
    }
  end
 end
@@ -0,0 +1,93 @@
 require 'rails_helper'
 RSpec.describe Youtube::VideoItem do
  describe '#initialize' do
    it 'extracts fields from YouTube video API item' do
      item = {
        'id' => 'video-1',
        'snippet' => {
          'title' => 'テスト動画',
          'channelId' => 'UC123',
          'publishedAt' => '2026-05-01T12:34:56Z',
          'tags' => ['tag-a', 'tag-b'],
          'thumbnails' => {
            'high' => {
              'url' => 'https://img.youtube.com/high.jpg'
            },
            'medium' => {
              'url' => 'https://img.youtube.com/medium.jpg'
            }
          }
        }
      }
      video = described_class.new(item)
      expect(video.id).to eq('video-1')
      expect(video.title).to eq('テスト動画')
      expect(video.channel_id).to eq('UC123')
      expect(video.published_at).to eq(Time.iso8601('2026-05-01T12:34:56Z'))
      expect(video.thumbnail_url).to eq('https://img.youtube.com/high.jpg')
      expect(video.raw_tags).to eq(['tag-a', 'tag-b'])
      expect(video.url).to eq('https://www.youtube.com/watch?v=video-1')
    end
    it 'uses highest priority thumbnail' do
      item = {
        'id' => 'video-1',
        'snippet' => {
          'title' => 'テスト動画',
          'channelId' => 'UC123',
          'publishedAt' => '2026-05-01T12:34:56Z',
          'thumbnails' => {
            'default' => {
              'url' => 'https://img.youtube.com/default.jpg'
            },
            'standard' => {
              'url' => 'https://img.youtube.com/standard.jpg'
            },
            'maxres' => {
              'url' => 'https://img.youtube.com/maxres.jpg'
            }
          }
        }
      }
      video = described_class.new(item)
      expect(video.thumbnail_url).to eq('https://img.youtube.com/maxres.jpg')
    end
    it 'falls back to empty raw tags' do
      item = {
        'id' => 'video-1',
        'snippet' => {
          'title' => 'テスト動画',
          'channelId' => 'UC123',
          'publishedAt' => '2026-05-01T12:34:56Z',
          'thumbnails' => {}
        }
      }
      video = described_class.new(item)
      expect(video.raw_tags).to eq([])
    end
    it 'returns nil thumbnail when no thumbnail exists' do
      item = {
        'id' => 'video-1',
        'snippet' => {
          'title' => 'テスト動画',
          'channelId' => 'UC123',
          'publishedAt' => '2026-05-01T12:34:56Z',
          'thumbnails' => {}
        }
      }
      video = described_class.new(item)
      expect(video.thumbnail_url).to be_nil
    end
  end
 end
@@ -2,14 +2,12 @@ module TestRecords
  def create_member_user!
    User.create!(name: 'spec user',
                 inheritance_code: SecureRandom.hex(16),
-                 role: 'member',
+                 role: 'member')
                 banned: false)
  end
  def create_admin_user!
    User.create!(name: 'spec admin',
                 inheritance_code: SecureRandom.hex(16),
-                 role: 'admin',
+                 role: 'admin')
                 banned: false)
  end
 end
@@ -104,7 +104,7 @@ RSpec.describe "nico:sync" do
      url: post.url,
      thumbnail_base: post.thumbnail_base,
      tags: snapshot_tags(post),
-      parent: post.parent,
+      parent_post_ids: post.snapshot_parent_post_ids.join(' '),
      original_created_from: post.original_created_from,
      original_created_before: post.original_created_before,
      created_at: Time.current,
@@ -0,0 +1,25 @@
 require 'rails_helper'
 require 'rake'
 RSpec.describe 'post:sync' do
  around do |example|
    original_application = Rake.application
    Rake.application = Rake::Application.new
    Rake::Task.define_task(:environment)
    load Rails.root.join('lib/tasks/sync_posts.rake')
    example.run
  ensure
    Rake.application = original_application
  end
  it 'runs Youtube::Sync' do
    sync = instance_double(Youtube::Sync)
    expect(Youtube::Sync).to receive(:new).once.and_return(sync)
    expect(sync).to receive(:sync!).once
    Rake::Task['post:sync'].invoke
  end
 end
@@ -0,0 +1,646 @@
 # Codex handoff for BTRC Hub / タグ広場
 This document transfers project-specific context from prior ChatGPT-assisted design and review work to Codex.
 Use this file as project background.
 Use `AGENTS.md`, `backend/AGENTS.md`, and `frontend/AGENTS.md` for concrete coding rules and verification commands.
 ## Project identity
 BTRC Hub / タグ広場 is a collaborative knowledge base for collecting, tagging, explaining, and rediscovering Bocchi the Rock creature-related works.
 It is not a generic SNS.
 It is not a comment board.
 It is not a service for rehosting external content.
 It is primarily a structured link, tag, wiki, material, and viewing-party system.
 Core domains:
 1. Posts
 2. Tags
 3. Wiki pages
 4. Materials
 5. Theatre / watch-party features
 The project is already publicly accessible and indexed by search engines, but it has not been broadly announced. Treat it as a small public production system, not a private prototype.
 ## Current stack
 Backend:
 - Ruby 3.2.2
 - Rails 8.0.2 API
 - MySQL 8
 - Active Storage
 - Cloudflare R2 / S3-compatible storage is expected for uploaded files
 - RSpec
 Frontend:
 - React 19.1
 - Vite 6.3
 - TypeScript 5.8
 - Axios
 - TanStack Query
 - Tailwind CSS
 - Framer Motion
 - shadcn-like local components
 - react-markdown
 - react-markdown-editor-lite
 - remark-wiki-autolink
 Batch / background-like tasks:
 - Rake tasks
 - Nico sync
 - YouTube sync
 - Similarity calculation tasks
 ## Repository working principle
 Before editing, inspect the existing implementation.
 Do not invent a new architecture when the current repo already has an established convention.
 Keep changes scoped to the requested issue.
 Prefer small, reviewable changes over broad rewrites.
 Do not perform unrelated cleanup in the same patch.
 When a task has design ambiguity, first produce a short investigation and recommended plan. Do not silently choose a risky design.
 ## User coding preferences
 General:
 - Prefer single quotes for strings unless interpolation, escaping, or framework convention makes double quotes better.
 - Do not add production dependencies without explicit approval.
 - Do not perform broad formatting churn.
 - Do not convert unrelated files to a different style.
 Ruby:
 - Do not put a space before method-call parentheses.
 - Do not use `%w`.
 - Do not use `%i`.
 - Keep Rails code idiomatic, but preserve the user's style where the repo already uses it.
 TypeScript / Python:
 - The user prefers GNU-style spacing before parentheses where syntactically valid.
 - Preserve existing project formatting if a formatter or nearby code dictates otherwise.
 ## Current authentication model
 The system does not use normal email/password authentication.
 Users are authenticated by inheritance code.
 Frontend:
 - Stores the code in `localStorage.user_code`.
 - Sends it as the `X-Transfer-Code` header.
 Backend:
 - Looks up `users.inheritance_code`.
 - Sets `current_user`.
 Roles:
 - `guest`
 - `member`
 - `admin`
 Important helper:
 - `User#gte_member?` returns true for `member` and `admin`.
 Never introduce a conventional login assumption unless the issue explicitly asks for it.
 ## BAN / abuse-control model
 The backend currently enforces BAN at API level.
 The relevant before_action order is conceptually:
 1. Reject banned IP address.
 2. Authenticate user if transfer code exists.
 3. Reject banned user.
 Entities:
 - `users.banned_at`
 - `ip_addresses.banned_at`
 - `user_ips`
 IP addresses are stored as binary values using `IPAddr#hton`.
 Do not weaken BAN behavior.
 Do not move BAN checks behind optional authentication.
 Do not make preview, theatre, verify, user creation, or public-looking endpoints bypass BAN without an explicit design decision.
 ## Public-operation assumptions
 Current practical operation:
 - A few editor accounts exist.
 - Meaningful editing is mostly done by the owner.
 - Read access is already public.
 - Search engines have indexed the site.
 - Future editor applications are expected through Discord.
 - Prospective editors are likely people known in the Bocchi creature community.
 This means security and moderation issues matter even if traffic is still small.
 ## Core domain summary
 ### Posts
 Posts are external URL-based link records.
 Important properties:
 - `url` is required and unique.
 - URLs are normalized.
 - Only HTTP / HTTPS are allowed.
 - Posts can have thumbnails through Active Storage.
 - `uploaded_user_id` may be NULL for synced or bot-created posts.
 - `original_created_from` and `original_created_before` represent a time range for original content creation.
 - When both original time bounds exist, `from < before` is required.
 Parent/child posts:
 - Current implementation uses `post_implications`.
 - It is many-to-many.
 - Do not assume `posts.parent_id`.
 - Frontend/API clients must send `parent_post_ids`, even when empty.
 - `parent_post_ids` is parsed as a space-separated ID string.
 - Self-parenting is invalid.
 - Missing parent IDs are invalid.
 Versions:
 - `post_versions` stores snapshots.
 - `version_no` is a per-post sequence.
 - Snapshot includes title, URL, thumbnail base, tags, parent post IDs, original time bounds, event type, and actor.
 - Optimistic locking for posts is planned / important, but do not assume it is fully implemented unless the code proves it.
 ### Tags
 Tags are central.
 There is separation between tag names and tag entities:
 - `tag_names`
 - `tags`
 Categories:
 - `deerjikist`
 - `meme`
 - `character`
 - `general`
 - `material`
 - `nico`
 - `meta`
 Alias model:
 - `tag_names.canonical_id` expresses aliases.
 - `canonical_id = NULL` means canonical name.
 - `canonical_id != NULL` means alias.
 - An alias must not point to another alias.
 - A tag name that already has a tag or wiki page generally must not be aliasified.
 Tag normalization:
 - User-entered tags are normalized through existing backend logic.
 - Known aliases are canonicalized.
 - Parent tags are expanded recursively.
 - `nico:` is normally rejected for manual entry.
 - Special tags such as tag-request / bot / unknown-deerjikist / video / niconico / youtube must be protected.
 Do not casually change tag normalization, alias resolution, or parent expansion. These affect search, wiki, sync, and historical data.
 ### Nico tags
 Nico tags use the `nico` category and have separate versioning.
 Important relation:
 - `nico_tag_relations` maps external Nico tags to internal tags.
 - `nico_tag_id` must be a Nico category tag.
 - `tag_id` must not be Nico category.
 Do not allow ordinary manual tag editing to create or corrupt Nico tags.
 ### Deerjikists
 Deerjikists map external platform identities to internal `deerjikist` tags.
 Known platforms include:
 - `nico`
 - `youtube`
 YouTube handles may be normalized to `UC...` channel IDs.
 Do not treat user-facing handles and canonical channel IDs as interchangeable without checking existing code.
 ### Wiki
 Wiki pages are a major knowledge layer.
 Important points:
 - Wiki pages are tied to tag-like titles.
 - Title handling, aliases, and canonical tag names matter.
 - There is line-level storage / revision-oriented behavior in the current implementation.
 - There has been design tension between wiki revisions and wiki versions.
 - Wiki conflict detection using `base_revision_id` exists on the backend side.
 - Frontend support for conflict detection must be verified before assuming it is complete.
 Do not redesign Wiki storage casually.
 Do not add a second competing history system.
 Do not break existing wiki URLs.
 ### Materials
 Materials connect files or reference URLs to `material` or `character` tags.
 Important properties:
 - A material has a `tag_id`.
 - The tag must be `material` or `character`.
 - A material requires either `url` or attached `file`.
 - Active Storage is involved.
 - Upload/security policy matters more than plain link posting.
 Important unresolved/risky area:
 - Material creation permissions have historically been risky because upload endpoints can be abused.
 - Prefer `member` or higher for material creation unless the issue explicitly says otherwise.
 ### Theatre
 Theatre is an experimental watch-party style feature.
 Known pieces include:
 - Display
 - Presence
 - Next post
 - Comments
 - Host-like control
 Do not assume theatre has complete CRUD/admin support unless the code proves it.
 Theatre may become expensive if next-item selection uses random DB ordering.
 ## Current high-risk areas
 Treat these areas with extra care.
 ### Security
 - Preview API SSRF protection.
 - External iframe / embed CSP.
 - Markdown link safety.
 - BAN / IP BAN bypass.
 - Transfer-code leakage.
 - Guest write access.
 - Upload endpoints.
 - Admin-only tag operations.
 - System tag mutation.
 ### Data integrity
 - Tag alias canonicalization.
 - Tag parent expansion.
 - Post parent many-to-many relationships.
 - Version tables.
 - `version_no` synchronization.
 - Schema drift from branch migration contamination.
 - Wiki revision/version split.
 - Material version recording.
 ### Frontend correctness
 - React Hooks must not be called conditionally.
 - Role guards are currently spread across components/pages.
 - TanStack Query keys must not collide between ID/name or ID/title variants.
 - URL path segments containing tag names or wiki titles must use `encodeURIComponent`.
 - API response types may allow `null` users for bot or migration data.
 - Tag autocomplete has had duplicated logic and stale state hazards.
 ### Performance
 - Avoid unbounded `limit`.
 - Avoid `order('RAND()')` for growing tables.
 - Avoid loading full relations just to count.
 - Avoid Ruby-side sorting/paging for large histories.
 - Tag sidebar client-side aggregation can become expensive.
 - Wiki full-text search needs deliberate indexing/design.
 ## Current priority order
 Use this as the default priority unless an issue says otherwise.
 ### P0: Safety before broad announcement
 1. Preview API SSRF hardening.
 2. Material creation permission tightening.
 3. System tag mutation holes.
 4. `GET /users/me` transfer-code leakage through query params.
 5. Limit caps for index/history/comment APIs.
 6. CSP / iframe sandbox policy.
 7. Confirm BAN enforcement remains global.
 ### P1: Core correctness
 1. Post optimistic locking with `version_no`.
 2. Wiki edit conflict handling.
 3. Wiki history/revision model clarification.
 4. Wiki search truthfulness: implement body search or remove false UI.
 5. Tag alias/canonical/wiki interaction.
 6. Tag URL encoding.
 7. TanStack Query key separation.
 8. Frontend null-user handling.
 9. React Hooks rule fixes.
 10. Material version policy.
 ### P2: Operational/admin usability
 1. Admin screens for users, IPs, bans, aliases, and settings.
 2. Settings table and user settings usage.
 3. Better tag sidebar.
 4. Better role guard helpers.
 5. Better frontend tests.
 6. Better issue triage and closure of already-implemented issues.
 ### P3: Future features
 1. Theatre list/create/edit/admin flow.
 2. Muted/hidden tags.
 3. Tag category custom colors.
 4. Responsive refinements.
 5. Watch-party improvements.
 6. Broader embed support.
 ## Known issue triage notes
 Some existing issues may already be partially or mostly implemented.
 Before implementing an issue, check code first.
 Examples:
 - Tag search and OR/NOT search may already be mostly implemented.
 - BAN enforcement may have been implemented after earlier issue drafts.
 - YouTube sync exists and should not be treated as purely planned.
 - Parent posts are many-to-many in current schema, even if older issues mention one-to-many.
 - Some issues may reflect old schema or old branch state.
 When in doubt:
 1. Inspect current code.
 2. Inspect schema.
 3. Inspect routes.
 4. Inspect frontend usage.
 5. Report whether the issue is implemented, partially implemented, not implemented, or obsolete.
 6. Only then edit.
 ## Verification expectations
 Backend changes:
 - Run RSpec when possible.
 - Add request specs for API behavior changes.
 - Add model specs for validation / normalization changes.
 - Check migrations and schema consistency.
 - Do not silently ignore pending migrations.
 Frontend changes:
 - Run build.
 - Run lint if configured.
 - Run tests if configured.
 - Add tests for important behavior when the test framework exists.
 - If frontend tests are not yet installed, state that clearly.
 Full-stack changes:
 - Verify both backend and frontend compile/test paths where possible.
 - Confirm API response shapes match TypeScript types.
 - Confirm authorization behavior on both server and UI.
 If commands cannot be run because dependencies are missing, report that explicitly. Do not pretend verification passed.
 ## Branch / migration caution
 The project has previously suffered from schema contamination caused by running migrations from another branch.
 Be careful when touching:
 - `db/schema.rb`
 - migration files
 - parent post schema
 - banned / banned_at schema
 - version_no migrations
 - wiki asset schema
 Before changing migrations:
 1. Inspect current schema.
 2. Inspect existing migrations.
 3. Confirm whether the intended branch already includes related migrations.
 4. Prefer additive migrations for shared branches.
 5. Do not edit already-applied production migrations unless explicitly instructed.
 ## API design principles
 Prefer explicit server-side authorization.
 Do not rely only on frontend hiding.
 Do not return sensitive codes unnecessarily.
 Use 403 for authorization failures.
 Use 422 for validation failures.
 Use 409 for edit conflicts.
 Do not expose internal exception messages to users.
 Clamp or reject abusive limits consistently.
 Keep response shape stable unless the issue explicitly includes a breaking API change.
 ## Frontend design principles
 Use existing route and query-key conventions.
 Use TanStack Query `enabled` rather than conditional hook calls.
 Do not let role-based early returns change hook order.
 Centralize repeated tag autocomplete logic when touching it.
 Use `encodeURIComponent` for tag names and wiki titles in URL path segments.
 Prefer graceful fallback for nullable actors:
 - bot operation
 - deleted user
 - migration-created data
 - external sync
 Do not assume all API user fields are non-null.
 ## Testing priorities to add over time
 Frontend tests are especially important because the backend already has more mature RSpec coverage.
 Suggested first frontend tests:
 1. Tag autocomplete.
 2. Post form tag editing.
 3. Tag URL encoding.
 4. Wiki edit conflict UI.
 5. Role guard behavior.
 6. Null-user history rendering.
 7. Dialog behavior.
 8. Top navigation responsive behavior.
 Backend test priorities:
 1. BAN enforcement across public-looking endpoints.
 2. Material permissions.
 3. Preview SSRF rejection.
 4. System tag protection.
 5. Post optimistic locking.
 6. Wiki conflict detection.
 7. Tag alias/canonical behavior.
 8. Limit caps.
 9. Parent post parsing.
 10. Version recorder behavior.
 ## What Codex should not do without explicit approval
 Do not:
 - Replace Rails.
 - Replace React.
 - Replace TanStack Query.
 - Redesign the database.
 - Rewrite Wiki storage.
 - Remove version tables.
 - Change authentication model.
 - Change role names.
 - Change tag category names.
 - Add background job infrastructure.
 - Add a new UI framework.
 - Add a new test framework if one already exists.
 - Add major dependencies.
 - Change public URL design.
 - Change production storage configuration.
 - Remove historical data behavior.
 - Simplify BAN/security checks.
 - Treat the site as private-only.
 ## Good first Codex tasks
 Start with investigation-only tasks.
 Example:
 ```txt
 Inspect the repository and summarize the Rails, React, TypeScript, and test setup.
 Do not modify files.
 List commands that actually exist in this repository.
 List risks Codex should know before editing.
 ```
 Then small safe patches:
 ```txt
 Fix a React Hooks rule violation in one file.
 Keep behavior unchanged.
 Run the relevant frontend verification commands.
 ```
 ```txt
 Add encodeURIComponent around one tag-name URL path segment.
 Add or update a test if the project has a frontend test setup.
 Run build/lint.
 ```
 ```txt
 Add a request spec for a known authorization rule.
 Do not change implementation unless the spec fails for the expected reason.
 ```
 Avoid starting with:
 - Wiki history redesign.
 - Post versioning redesign.
 - Full admin screen suite.
 - Broad frontend refactor.
 - Database cleanup.
 - Authentication rewrite.
 ## Relationship with ChatGPT
 ChatGPT has been used for:
 - Design review.
 - Risk analysis.
 - Prioritization.
 - Specification reconstruction.
 - Migration/locking discussions.
 - Codex migration planning.
 Codex should be used mainly for:
 - Repository inspection.
 - Localized implementation.
 - Test addition.
 - Running verification commands.
 - Producing small reviewable diffs.
 For ambiguous architecture, Codex should stop and present options rather than implement a guessed design.
 ## Current strategic stance
 The project should not be rewritten from scratch.
 The current Rails + React system is acceptable.
 The immediate goal is not elegance.
 The immediate goal is safe public operation, data integrity, and maintainable incremental improvement.
 Priority is:
 1. Prevent abuse/security incidents.
 2. Preserve data correctness.
 3. Make editing safe for multiple users.
 4. Add tests around fragile frontend behavior.
 5. Improve admin/operation workflows.
 6. Optimize performance after obvious dangerous patterns are removed.
 ## Final rule
 When current code, old specs, issue drafts, and memory disagree, current code wins.
 When current code is unsafe, write that explicitly and propose a small safe fix.
 When the task is too broad, split it.
 When verification cannot be performed, say exactly what was not verified.
@@ -0,0 +1,30 @@
 # Commands
 ## Backend
 ```sh
 cd backend
 bundle install
 bundle exec rails db:migrate
 bundle exec rspec
 bundle exec rails routes
 ```
 ## Frontend
 ```sh
 cd frontend
 npm install
 npm run dev
 npm run build
 npm run lint
 npm run test
 npm run test:run
 ```
 ### Full verification
 ```sh
 cd backend && bundle exec rspec
 cd ../frontend && npm run test:run && npm run build && npm run lint
 ```
@@ -0,0 +1,80 @@
 # Issue workflow
 ## Source of truth
 Gitea Issues are the source of truth for tasks, discussions, labels, milestones, and status.
 Do not copy the full backlog into git.
 Repository documents may define:
 - issue templates
 - triage rules
 - Codex task format
 - verification rules
 - release checklist
 ## Labels
 Recommended labels:
 - `P0`
 - `P1`
 - `P2`
 - `P3`
 - `security`
 - `data-integrity`
 - `backend`
 - `frontend`
 - `wiki`
 - `tags`
 - `materials`
 - `theatre`
 - `codex-ready`
 - `needs-design`
 - `blocked`
 - `good-first-codex-task`
 ## Codex-ready criteria
 An issue can be labeled `codex-ready` only when it has:
 - clear background
 - target area
 - concrete tasks
 - acceptance criteria
 - verification commands
 - explicit non-goals
 - no unresolved architecture decision
 ## Workflow
 1. Create or refine the issue in Gitea.
 2. Add labels and milestone.
 3. If design is unclear, label `needs-design`.
 4. Discuss design before implementation.
 5. When scoped enough, label `codex-ready`.
 6. Give Codex the issue URL or copied issue body.
 7. Codex creates a branch.
 8. Codex implements a small patch.
 9. Codex runs verification commands.
 10. Human reviews the diff.
 11. Merge.
 12. Close the issue from the PR/commit message.
 ## Commit message
 Use issue references when possible:
 ```txt
 fix: prevent preview SSRF
 Refs: #123
 ```
 or
 ```
 fix: prevent preview SSRF
 Closes: #123
 ```
 depending on whether the change fully resolves the issue.
@@ -0,0 +1,8 @@
 # Release checklist
 - [ ] Backend specs pass
 - [ ] Frontend build passes
 - [ ] No pending migrations
 - [ ] Preview API SSRF checked
 - [ ] BAN behavior checked
 - [ ] CSP checked
@@ -0,0 +1,8 @@
 # Roadmap
 ## Public announcement readiness
 - Harden preview API
 - Tighten material creation permission
 - Add admin MVP
 - Improve frontend tests
@@ -0,0 +1,147 @@
 # frontend/AGENTS.md
 ## Scope
 These rules apply to work under `frontend/`.
 This is a Vite + React + TypeScript app using TanStack Query, Tailwind CSS,
 Framer Motion, Radix UI-style components, MDX, and Zustand.
 ## Commands
 Use only scripts that exist in `package.json`:
 ```sh
 npm run dev
 npm run build
 npm run lint
 npm run preview
 ```
 `npm run build` runs `tsc -b && vite build`, and `postbuild` runs
 `node scripts/generate-sitemap.js`.
 There is currently no `test` script in `package.json`. Do not run or report
 `npm test` unless a test script is added.
 After frontend changes, run:
 ```sh
 npm run build
 npm run lint
 ```
 If either command cannot be run or fails, report the exact command and failure.
 ## TypeScript
 - TypeScript is strict. `tsconfig.app.json` enables `strict`,
  `noUnusedLocals`, `noUnusedParameters`, `erasableSyntaxOnly`,
  `noFallthroughCasesInSwitch`, and `noUncheckedSideEffectImports`.
 - Keep types explicit at module boundaries, API helpers, and exported utilities.
 - Use `import type` for type-only imports.
 - Prefer existing shared types from `src/types.ts` before adding local duplicate types.
 - Preserve the repository's existing spacing style in TypeScript, including
  GNU-style spacing before call parentheses where it is already used.
 - Prefer single quotes for strings unless interpolation or escaping makes double quotes better.
 - Never write a TypeScript or TSX line longer than 99 characters.
 - Aim to keep TypeScript and TSX lines within 79 characters where practical.
 - Use 4-space logical indentation in TypeScript and TSX.
 - For arrays, never put whitespace or a line break immediately before `]`.
 - Keep the first element on the same line as `[` by default.
 - If an array would exceed the line limit, break after `[` and indent
  elements by 4 spaces.
 - In TypeScript and TSX only, replace every leading run of 8 spaces with a tab
  to reduce bytes.
 - Treat one leading tab as exactly equivalent to 8 leading spaces.
 - Use tabs only for leading indentation. Never replace spaces that occur after
  a non-space character on the same line.
 ## React
 - Use function components.
 - Existing page components commonly export an anonymous function satisfying
  `FC`; match nearby file style when editing.
 - React hooks must be called unconditionally and at the top level of components or custom hooks.
 - Gate editing and other privileged controls with shared permission helpers
  such as `canEditContent`, instead of showing controls and relying only on a
  later API failure.
 - Keep page-level components under `src/pages`.
 - Keep shared and feature components under `src/components`.
 - Use `react-router-dom` route params and navigation patterns already present in `src/App.tsx`.
 - Encode URL path-segment values with `encodeURIComponent`.
 ## TanStack Query
 - Use `@tanstack/react-query` for server state.
 - Query keys should come from `src/lib/queryKeys.ts`; add key builders there
  instead of using ad hoc arrays in components.
 - Fetch functions should live in domain helpers under `src/lib`, such as
  `posts.ts`, `tags.ts`, or `wiki.ts`.
 - Use `useQueryClient().invalidateQueries` with the shared root keys when
  mutations affect cached lists or detail views.
 - The app-wide `QueryClient` is configured in `src/main.tsx`; do not create
  additional clients in feature code.
 ## API calls
 - Use `src/lib/api.ts` for HTTP calls.
 - The API wrapper attaches `X-Transfer-Code` from `localStorage` and converts
  non-blob responses to camelCase.
 - Send Rails snake_case params and request body keys where the backend expects them.
 - Do not bypass the API wrapper unless there is a specific reason, such as a
  third-party request outside the Rails API.
 - For blob responses, pass `responseType: 'blob'` so the wrapper does not camelCase the body.
 ## Imports and aliases
 - The `@` alias points to `frontend/src`.
 - Prefer `@/...` imports for app code instead of long relative paths.
 - Keep type imports separate with `import type`.
 - Match existing import grouping: external packages, app modules, then type imports.
 ## Tailwind and UI
 - Tailwind scans `src/**/*.{html,js,ts,jsx,tsx,mdx}`.
 - Use `cn` from `src/lib/utils.ts` for conditional class names and class merging.
 - Reuse components from `src/components/common`, `src/components/layout`, and
  `src/components/ui` before adding new primitives.
 - Keep Tailwind classes consistent with nearby components.
 - Prefer restrained, content-first UI chrome: avoid adding card backgrounds,
  heavy borders, or nested panel decoration unless the surrounding screen
  already uses them.
 - Keep operational screens dense and direct; trim explanatory copy and use
  short Japanese labels that fit the control.
 - Preserve existing Japanese tone and orthography in nearby UI text, including
  old-kana wording where the file already uses it.
 - When adding dynamic tag color classes, update `tailwind.config.js` safelist
  if the class cannot be statically detected.
 - Do not introduce new UI libraries or production dependencies without approval.
 ## TSX formatting
 - Preserve compact TSX expression shapes such as inline ternary branches and
  closing `</div>)` forms when nearby code uses them.
 - For long Tailwind `className` strings, wrap across lines only when needed.
 - Keep continuation indentation aligned with the 4-space logical indentation
  rule, using tabs only as leading 8-space compression.
 - Do not add braces around `if`, `else`, or `for` bodies when the body is a
  single physical line.
 - Always add braces around `if`, `else`, or `for` bodies when the body spans
  two or more physical lines, even if it is one statement.
 - Avoid reformatting unrelated JSX.
 ## Lint and build constraints
 - ESLint uses `@eslint/js`, `typescript-eslint`, `eslint-plugin-react-hooks`,
  and `eslint-plugin-react-refresh`.
 - The hooks rules are enforced; fix hook ordering instead of disabling the rule.
 - `react-refresh/only-export-components` is enabled as a warning with `allowConstantExport`.
 - Build failures from unused locals or unused parameters are TypeScript
  errors, not lint-only issues.
 ## Files to avoid in routine work
 - Do not edit `dist/` output directly.
 - Do not inspect or modify `node_modules/` unless explicitly needed.
 - Keep generated build artifacts out of source changes unless the user asks for them.
@@ -5,7 +5,7 @@ import reactRefresh from 'eslint-plugin-react-refresh'
 import tseslint from 'typescript-eslint'
 export default tseslint.config(
-  { ignores: ['dist'] },
+  { ignores: ['dist', 'tailwind.config.js'] },
  {
    extends: [js.configs.recommended, ...tseslint.configs.recommended],
    files: ['**/*.{ts,tsx}'],
@@ -8,6 +8,8 @@
    "build": "tsc -b && vite build",
    "postbuild": "node scripts/generate-sitemap.js",
    "lint": "eslint .",
    "test": "vitest",
    "test:run": "vitest run",
    "preview": "vite preview"
  },
  "dependencies": {
@@ -45,6 +47,10 @@
  "devDependencies": {
    "@eslint/js": "^9.25.0",
    "@tailwindcss/typography": "^0.5.19",
    "@testing-library/dom": "^10.4.1",
    "@testing-library/jest-dom": "^6.9.1",
    "@testing-library/react": "^16.3.2",
    "@testing-library/user-event": "^14.6.1",
    "@types/axios": "^0.14.4",
    "@types/markdown-it": "^14.1.2",
    "@types/mdx": "^2.0.13",
@@ -58,11 +64,13 @@
    "eslint-plugin-react-hooks": "^5.2.0",
    "eslint-plugin-react-refresh": "^0.4.19",
    "globals": "^16.0.0",
    "jsdom": "^26.1.0",
    "postcss": "^8.5.3",
    "tailwindcss": "^3.4.13",
    "typescript": "~5.8.3",
    "typescript-eslint": "^8.30.1",
-    "vite": "^6.3.5"
+    "vite": "^6.3.5",
    "vitest": "^4.1.5"
  },
  "description": "This template provides a minimal setup to get React working in Vite with HMR and some ESLint rules.",
  "main": "eslint.config.js",
@@ -8,8 +8,10 @@ import { BrowserRouter,
 import RouteBlockerOverlay from '@/components/RouteBlockerOverlay'
 import TopNav from '@/components/TopNav'
 import DialogueProvider from '@/components/dialogues/DialogueProvider'
 import { Toaster } from '@/components/ui/toaster'
 import { apiPost, isApiError } from '@/lib/api'
 import DeerjikistDetailPage from '@/pages/deerjikists/DeerjikistDetailPage'
 import MaterialBasePage from '@/pages/materials/MaterialBasePage'
 import MaterialDetailPage from '@/pages/materials/MaterialDetailPage'
 import MaterialListPage from '@/pages/materials/MaterialListPage'
@@ -58,9 +60,11 @@ const RouteTransitionWrapper = ({ user, setUser }: {
 	  <Route path="/posts/changes" element={<PostHistoryPage/>}/>
 	  <Route path="/tags" element={<TagListPage/>}/>
 	  <Route path="/tags/:id" element={<TagDetailPage/>}/>
 	  <Route path="/tags/:id/deerjikists" element={<DeerjikistDetailPage/>}/>
 	  <Route path="/tags/nico" element={<NicoTagListPage user={user}/>}/>
 	  <Route path="/nico/tags" element={<NicoTagListPage user={user}/>}/>
 	  <Route path="/tags/changes" element={<TagHistoryPage/>}/>
-	  <Route path="/theatres/:id" element={<TheatreDetailPage/>}/>
+	  <Route path="/theatres/:id" element={<TheatreDetailPage user={user}/>}/>
 	  <Route path="/materials" element={<MaterialBasePage/>}>
 	    <Route index element={<MaterialListPage/>}/>
 	    <Route path="new" element={<MaterialNewPage/>}/>
@@ -90,7 +94,7 @@ const PostDetailRoute = ({ user }: { user: User | null }) => {
 }
-export default (() => {
+const App: FC = () => {
  const [user, setUser] = useState<User | null> (null)
  const [status, setStatus] = useState (200)
@@ -136,17 +140,23 @@ export default (() => {
  return (
      <>
 	<RouteBlockerOverlay/>
 	<BrowserRouter>
-	  <LayoutGroup>
+	  <DialogueProvider>
-	    <motion.div
+	    <LayoutGroup>
-		layout="position"
+	      <motion.div
-		transition={{ layout: { duration: .2, ease: 'easeOut' } }}
+		  layout="position"
-		className="flex flex-col h-dvh w-full overflow-y-hidden">
+		  transition={{ layout: { duration: .2, ease: 'easeOut' } }}
-	      <TopNav user={user}/>
+		  className="flex flex-col h-dvh w-full overflow-y-hidden">
-	      <RouteTransitionWrapper user={user} setUser={setUser}/>
+		<TopNav user={user}/>
-	    </motion.div>
+		<RouteTransitionWrapper user={user} setUser={setUser}/>
-	  </LayoutGroup>
+	      </motion.div>
-	  <Toaster/>
+	    </LayoutGroup>
 	    <Toaster/>
 	  </DialogueProvider>
 	</BrowserRouter>
      </>)
-}) satisfies FC
+}
 export default App
--- a/さらに表示
+++ b/さらに表示
作成者	SHA1	メッセージ	日付
みてるぞ	546a212e74	#302	2026-06-07 02:50:04 +09:00
みてるぞ	201fe72e5a	#302	2026-06-07 02:40:05 +09:00
みてるぞ	6e338c8616	#302	2026-06-07 02:13:40 +09:00
みてるぞ	be2df723fe	#302	2026-06-07 02:01:16 +09:00
みてるぞ	39d86f4778	#302	2026-06-07 01:24:44 +09:00
みてるぞ	69820265fd	#302	2026-06-07 00:41:35 +09:00
みてるぞ	4b26f017b4	#302	2026-06-07 00:26:18 +09:00
みてるぞ	a50c29cc35	#302	2026-06-07 00:14:36 +09:00
みてるぞ	364d154b6a	#302	2026-06-07 00:05:18 +09:00
みてるぞ	b1362d327c	#302	2026-06-06 20:29:34 +09:00
みてるぞ	81e620c33a	#302	2026-06-06 19:49:21 +09:00
みてるぞ	62857adb87	Merge remote-tracking branch 'origin/main' into feature/302	2026-06-06 13:11:36 +09:00
みてるぞ	750aa40e8e	フォームのバリデーションとニコ連携の画面変更 (#090 ) (#355 ) Reviewed-on: #355 Co-authored-by: miteruzo <miteruzo@naver.com> Co-committed-by: miteruzo <miteruzo@naver.com>	2026-06-05 01:59:46 +09:00
みてるぞ	09763982b5	#302	2026-05-17 21:09:43 +09:00
みてるぞ	dc54f9cbb5	Merge pull request 'フロントのテスト追加 (#155 )' (#350 ) from feature/155 into main Reviewed-on: #350	2026-05-13 22:03:05 +09:00
みてるぞ	78143363c9	#155	2026-05-13 21:49:40 +09:00
みてるぞ	0a13c00f37	#155	2026-05-13 20:42:25 +09:00
みてるぞ	add60cb413	#155	2026-05-11 03:32:47 +09:00
みてるぞ	fb761b199d	さらに修正 (#346 ) (#349 ) Merge remote-tracking branch 'origin/main' into feature/346 #346 #346 Merge remote-tracking branch 'origin/main' into feature/346 #346 #346 Co-authored-by: miteruzo <miteruzo@naver.com> Reviewed-on: #349	2026-05-11 02:46:08 +09:00
みてるぞ	73152f2934	ちょっと修正 (#346 ) (#348 ) #346 Merge remote-tracking branch 'origin/main' into feature/346 #346 #346 Co-authored-by: miteruzo <miteruzo@naver.com> Reviewed-on: #348	2026-05-11 02:43:08 +09:00
みてるぞ	2de7e13a8a	Codex 用ファイル追加 (#346 ) (#347 ) #346 Co-authored-by: miteruzo <miteruzo@naver.com> Reviewed-on: #347	2026-05-11 02:30:55 +09:00
みてるぞ	e03cc01109	投稿排他 (#171 ) (#345 ) #171 #171 #171 #171 #171 #171 #171 Co-authored-by: miteruzo <miteruzo@naver.com> Reviewed-on: #345	2026-05-10 11:16:49 +09:00
みてるぞ	b47cdc7ad7	BAN の実装 (#327 ) (#342 ) #327 #327 #327 #327 Merge remote-tracking branch 'origin/main' into feature/327 #327 Co-authored-by: miteruzo <miteruzo@naver.com> Reviewed-on: #342	2026-05-04 16:22:13 +09:00
みてるぞ	52aa1615b6	ニジラー詳細ページ作成 (#63 ) (#341 ) #63 #63 #63 #63 Co-authored-by: miteruzo <miteruzo@naver.com> Reviewed-on: #341	2026-05-04 03:37:12 +09:00
みてるぞ	dceed1caa1	親投稿機能 (#46 ) (#339 ) Merge remote-tracking branch 'origin/main' into feature/046 #46 #46 #46 #46 #46 #46 Co-authored-by: miteruzo <miteruzo@naver.com> Reviewed-on: #339	2026-05-03 03:21:35 +09:00
みてるぞ	5002859fc8	YouTube の自動同期 (#314 ) (#340 ) #314 #314 #314 #314 #314 Co-authored-by: miteruzo <miteruzo@naver.com> Reviewed-on: #340	2026-05-02 17:56:14 +09:00
みてるぞ	fcd3b87b2a	奪はれた別名の履歴追加 (#329 ) (#338 ) #329 Co-authored-by: miteruzo <miteruzo@naver.com> Reviewed-on: #338	2026-04-27 12:45:06 +09:00
みてるぞ	0ff7fdf78a	Wiki のバージョン管理 (#317 ) (#333 ) #317 #317 #317 #317 #317 #317 Co-authored-by: miteruzo <miteruzo@naver.com> Reviewed-on: #333	2026-04-26 22:17:25 +09:00
みてるぞ	b2c3e02ccc	ユーザ作成時に IP アドレス連携するやぅに (#323 ) (#326 ) Merge branch 'main' into feature/323 Merge branch 'main' into feature/323 Merge branch 'main' into feature/323 #323 #323 Co-authored-by: miteruzo <miteruzo@naver.com> Reviewed-on: #326	2026-04-25 21:00:22 +09:00
みてるぞ	c112576b11	ニコニコ DB 逆連携 (#200 ) (#331 ) #200 Co-authored-by: miteruzo <miteruzo@naver.com> Reviewed-on: #331	2026-04-25 20:46:49 +09:00