source_monitor 0.7.1 → 0.8.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 135499910675f0d424b88ec25e1503f3068fdbd78ffa553942438efd886b72bd
-  data.tar.gz: a6b03ef217569a206d7521f2d8b42f3c300ab6ddf41e144cabaf24535f92b8dc
+  metadata.gz: 16d5152ca0edc61e1d7f67878516e93769dd43c34daa757c554d36355b998fec
+  data.tar.gz: f93013eedf10c9af8b758b302993f701531b51170a399ea1e09c0f53efb4498d
 SHA512:
-  metadata.gz: b4e0ebe10a0211760f42d6a131cbf61eb09bf3f268006fbefe51636137c10ba0afc0413e2c39a46a8d3ff39037db07ba680a6f059599d7751b56a79d5deef1a3
-  data.tar.gz: 7bdfa9ca0995bb91757be78271ca171a14ec83cc54aef8d13b083446e3c23a96d4568718b40a944c83c802173124823609a36c405a68b8a0c81bb138891aa65b
+  metadata.gz: d06eedf5dd22a3cf5c96a252883870b7f416c53f41da5121100b3a66564e7c3021a963512c6355f3aa52be6e30aba23d74b135e47bc1e6fbc17401fc929d5865
+  data.tar.gz: 70655afb16134fecaa25f6547ed8ef05e2fcb7c61fbf3d2b46c7c9b1199eb8f14503db99eb8e165b71927bc9ba4301c3e035e6973eb3fbec85fc3f5be17b1eeb

data/.claude/commands/release.md

@@ -17,8 +17,15 @@ These are real issues encountered in previous releases. Each step below accounts
 5. **Single squashed commit**: Always create ONE commit on the release branch with ALL changes (version bump, changelog, Gemfile.lock, any fixes). Multiple commits cause pre-push hook issues.
 6. **Diff coverage CI gate**: The `test` CI job enforces diff coverage. Any changed lines in source code (not just test files) must have test coverage. **This applies to ALL changes in the PR diff vs main, including unpushed commits made before the release started.** If the release includes source code changes (bug fixes, features), every changed source line must be covered.
 7. **Local main divergence after merge**: After the PR merges, `gh pr merge --merge --delete-branch` will attempt to fast-forward local main. This usually succeeds automatically. If it doesn't (divergent history), you must `git reset --hard origin/main` to sync -- this requires user approval since the sandbox blocks it.
-8. **Run local checks BEFORE pushing**: Always run `bin/rubocop` and `PARALLEL_WORKERS=1 bin/rails test` locally before the first push to the release branch. Each CI roundtrip (fail → fix → amend → force-push → re-run) costs ~5 minutes. In v0.7.0, skipping local checks caused two wasted CI cycles: first for uncovered diff lines, then for a RuboCop violation in the fix.
-9. **Zsh glob nomatch**: Commands like `rm -f *.gem` fail in zsh when no files match. Always use `rm -f *.gem 2>/dev/null || true` or check existence first with `ls`.
+8. **Run FULL local CI suite BEFORE pushing**: Always run ALL of these locally before the first push to the release branch:
+   - `bin/rubocop` -- Ruby lint
+   - `PARALLEL_WORKERS=1 bin/rails test` -- tests + diff coverage readiness
+   - `bin/brakeman --no-pager` -- security scan
+   - `yarn build` -- rebuild JS assets (catches ESLint issues; CI runs ESLint separately on JS files)
+   Each CI roundtrip (fail → fix → amend → force-push → re-run) costs ~5 minutes. In v0.7.0, skipping local checks caused two wasted CI cycles. In v0.8.0, skipping ESLint (`yarn build`) and diff coverage pre-checks caused another two wasted cycles: first for ESLint `no-undef` on browser globals (MutationObserver, requestAnimationFrame), then for 13 uncovered rescue/error path lines across 3 files.
+9. **ESLint browser globals**: Any JS file using browser APIs (MutationObserver, requestAnimationFrame, cancelAnimationFrame, IntersectionObserver, etc.) MUST declare them with a `/* global ... */` comment at the top. ESLint's `no-undef` rule in CI will reject them otherwise.
+10. **Diff coverage rescue paths**: Every `rescue`/fallback/error handling branch in changed source code needs test coverage. Common blind spots: `rescue StandardError => e` logging, `rescue URI::InvalidURIError` returning nil, fallback `false` returns. Write targeted tests for these BEFORE creating the release commit.
+11. **Zsh glob nomatch**: Commands like `rm -f *.gem` fail in zsh when no files match. Always use `rm -f *.gem 2>/dev/null || true` or check existence first with `ls`.
 
 ## Step 1: Git Hygiene
 
@@ -116,21 +123,26 @@ The changelog follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/) f
 
 ## Step 5: Local Pre-flight Checks
 
-**CRITICAL**: Run these checks BEFORE creating the release branch and pushing. Each CI failure → fix → amend → force-push cycle wastes ~5 minutes. In v0.7.0, skipping this step caused two wasted CI roundtrips.
+**CRITICAL**: Run the FULL local CI equivalent BEFORE creating the release branch and pushing. Each CI failure → fix → amend → force-push cycle wastes ~5 minutes. In v0.7.0, skipping this step caused two wasted CI roundtrips. In v0.8.0, skipping ESLint and diff coverage pre-checks caused another two wasted cycles.
 
 1. **RuboCop**: Run `bin/rubocop` and fix any violations. Auto-fix with `bin/rubocop -a` if needed. This catches lint issues (like `SpaceInsideArrayLiteralBrackets`) that would fail the CI lint job.
 
 2. **Tests**: Run `PARALLEL_WORKERS=1 bin/rails test` and ensure all tests pass.
 
 3. **Diff coverage pre-check**: If the release includes source code changes beyond version/changelog/lockfile (check with `git diff --name-only origin/main`), review those files for uncovered branches. The CI diff coverage gate will reject any changed source lines without test coverage. Common blind spots:
+   - `rescue StandardError` logging/fallback paths
+   - `rescue URI::InvalidURIError` nil returns
+   - Guard clauses returning early (e.g., `return if blank?`)
    - Fallback/else branches in new methods
-   - Error handling paths
-   - Guard clauses
    If you find uncovered source lines, write tests for them NOW before creating the release commit — it's far cheaper than a CI roundtrip.
 
 4. **Brakeman**: Run `bin/brakeman --no-pager` and ensure zero warnings.
 
-Only proceed to Step 6 when all local checks pass.
+5. **ESLint / JS build**: If any `.js` files were changed, run `yarn build` to rebuild assets. CI runs ESLint separately on JS files and will catch issues RuboCop doesn't:
+   - Browser globals (MutationObserver, requestAnimationFrame, cancelAnimationFrame, IntersectionObserver, etc.) must be declared with `/* global ... */` comments at the top of the file.
+   - Missing `/* global */` declarations cause ESLint `no-undef` failures.
+
+Only proceed to Step 6 when ALL five checks pass.
 
 ## Step 6: Create Release Branch with Single Squashed Commit
 

data/.claude/skills/sm-configure/SKILL.md

@@ -29,7 +29,7 @@ After the block executes, `ModelExtensions.reload!` runs automatically to apply
 
 ## Configuration Sections
 
-The `config` object (`SourceMonitor::Configuration`) has 11 sub-sections plus top-level queue/job settings:
+The `config` object (`SourceMonitor::Configuration`) has 13 sub-sections plus top-level queue/job settings:
 
 | Section | Accessor | Class |
 |---|---|---|
@@ -45,6 +45,7 @@ The `config` object (`SourceMonitor::Configuration`) has 11 sub-sections plus to
 | Realtime | `config.realtime` | `RealtimeSettings` |
 | Authentication | `config.authentication` | `AuthenticationSettings` |
 | Images | `config.images` | `ImagesSettings` |
+| Favicons | `config.favicons` | `FaviconsSettings` |
 
 See `reference/configuration-reference.md` for every setting with types, defaults, and examples.
 
@@ -91,6 +92,14 @@ config.models.source.include_concern "MyApp::SourceExtension"
 config.models.item.validate :custom_check
 ```
 
+### Favicons (Active Storage)
+```ruby
+config.favicons.enabled = true
+config.favicons.fetch_timeout = 10
+config.favicons.max_download_size = 512 * 1024  # 512 KB
+config.favicons.retry_cooldown_days = 14
+```
+
 ### Realtime
 ```ruby
 config.realtime.adapter = :redis

data/.claude/skills/sm-configure/reference/configuration-reference.md

@@ -342,6 +342,50 @@ When enabled, `DownloadContentImagesJob` is automatically enqueued after new ite
 
 ---
 
+## Favicons Settings (`config.favicons`)
+
+Class: `SourceMonitor::Configuration::FaviconsSettings`
+
+Controls automatic favicon fetching and storage for sources via Active Storage.
+
+**Prerequisite:** The host app must have Active Storage installed (`rails active_storage:install` + migrations). Without Active Storage, favicons are silently disabled and colored initials placeholders are shown instead.
+
+| Setting | Type | Default | Description |
+|---|---|---|---|
+| `enabled` | Boolean | `true` | Enable automatic favicon fetching |
+| `fetch_timeout` | Integer | `5` | HTTP timeout for favicon requests (seconds) |
+| `max_download_size` | Integer | `1048576` (1 MB) | Maximum favicon file size in bytes; larger files are skipped |
+| `retry_cooldown_days` | Integer | `7` | Days to wait before retrying a failed favicon fetch |
+| `allowed_content_types` | Array | `["image/x-icon", "image/vnd.microsoft.icon", "image/png", "image/jpeg", "image/gif", "image/svg+xml", "image/webp"]` | Permitted MIME types for downloaded favicons |
+
+### Helper Method
+
+| Method | Returns | Description |
+|---|---|---|
+| `enabled?` | Boolean | Returns `true` when `enabled` is truthy AND `ActiveStorage` is defined |
+
+```ruby
+# Customize favicon settings
+config.favicons.enabled = true
+config.favicons.fetch_timeout = 10
+config.favicons.max_download_size = 512 * 1024  # 512 KB
+config.favicons.retry_cooldown_days = 14
+config.favicons.allowed_content_types = %w[image/png image/x-icon image/svg+xml]
+```
+
+When enabled, `FaviconFetchJob` is automatically enqueued:
+1. After a new source is created (via UI or OPML import) with a `website_url`
+2. After a successful feed fetch when the source has no favicon attached and is outside the retry cooldown
+
+The job uses `Favicons::Discoverer` which tries three strategies in order:
+1. Direct `/favicon.ico` fetch from the source's domain
+2. HTML page parsing for `<link rel="icon">`, `<link rel="apple-touch-icon">`, and similar tags (prefers largest by `sizes` attribute)
+3. Google Favicon API as a last resort
+
+Failed attempts are tracked in the source's `metadata` JSONB column (`favicon_last_attempted_at`) to respect the cooldown period.
+
+---
+
 ## Environment Variables
 
 | Variable | Purpose |

data/.claude/skills/sm-host-setup/reference/initializer-template.md

@@ -176,6 +176,23 @@ SourceMonitor.configure do |config|
   #   record.errors.add(:base, "custom error") unless record.valid_for_my_app?
   # }
 
+  # ===========================================================================
+  # Favicons (Active Storage)
+  # ===========================================================================
+  # Automatically fetch and store source favicons via Active Storage.
+  # Requires Active Storage in the host app (rails active_storage:install).
+  # Without Active Storage, favicons are silently disabled -- colored
+  # initials placeholders are shown instead.
+
+  # config.favicons.enabled = true                    # default: true
+  # config.favicons.fetch_timeout = 5                 # seconds
+  # config.favicons.max_download_size = 1_048_576     # 1 MB
+  # config.favicons.retry_cooldown_days = 7
+  # config.favicons.allowed_content_types = %w[
+  #   image/x-icon image/vnd.microsoft.icon image/png
+  #   image/jpeg image/gif image/svg+xml image/webp
+  # ]
+
   # ===========================================================================
   # Realtime (Action Cable) Adapter
   # ===========================================================================

data/.claude/skills/sm-host-setup/reference/setup-checklist.md

@@ -155,6 +155,8 @@ bin/source_monitor verify
 - [ ] Event callbacks wired for host integration
 - [ ] Realtime adapter confirmed (Solid Cable or Redis)
 - [ ] Mission Control integration enabled (if desired)
+- [ ] Active Storage installed (required for favicons and image downloads)
+- [ ] Favicon settings configured (`config.favicons.*`) if customization needed
 
 ## Troubleshooting
 

data/.claude/skills/sm-job/reference/job-conventions.md

@@ -164,6 +164,32 @@ class ScheduleFetchesJob < ApplicationJob
 end
 ```
 
+### Lightweight Fetch Job (FaviconFetchJob)
+
+Demonstrates multi-strategy cascade with guard clauses:
+
+```ruby
+class FaviconFetchJob < ApplicationJob
+  source_monitor_queue :fetch
+  discard_on ActiveJob::DeserializationError
+
+  def perform(source_id)
+    source = Source.find_by(id: source_id)
+    return unless source
+    return unless should_fetch?(source)
+
+    result = Favicons::Discoverer.new(source: source).call
+    attach_favicon(source, result) if result.success?
+  end
+end
+```
+
+Notable patterns:
+- Multiple guard clauses: source exists, Active Storage defined, no existing favicon, outside cooldown period
+- Uses `Favicons::Discoverer` service with 3-strategy cascade (direct `/favicon.ico`, HTML parsing, Google API)
+- Failed attempts tracked in source `metadata` JSONB (`favicon_last_attempted_at`) for retry cooldown
+- Graceful degradation: host apps without Active Storage never enqueue this job
+
 ### Broadcast Job (SourceHealthCheckJob)
 
 Demonstrates result broadcasting:

data/.claude/skills/sm-upgrade/reference/version-history.md

@@ -2,6 +2,28 @@
 
 Version-specific migration notes for each major/minor version transition. Agents should reference this file when guiding users through multi-version upgrades.
 
+## 0.7.x to 0.8.0
+
+**Key changes:**
+- Default HTTP User-Agent changed from `SourceMonitor/<version>` to `Mozilla/5.0 (compatible; SourceMonitor/<version>)` with browser-like headers (Accept-Language, DNT, Referer). Prevents bot-blocking by feed servers.
+- Default `max_in_flight_per_source` changed from `25` to `nil` (unlimited). If you relied on the previous default for per-source rate limiting, set it explicitly.
+- Successful manual health checks on degraded sources now trigger a feed fetch for faster recovery.
+- Automatic source favicons via Active Storage with multi-strategy discovery (direct `/favicon.ico`, HTML `<link>` parsing, Google Favicon API fallback)
+- New configuration section: `config.favicons` with `enabled`, `fetch_timeout`, `max_download_size`, `retry_cooldown_days`, and `allowed_content_types` settings
+- Colored initials placeholder shown when no favicon is available or Active Storage is not installed
+- OPML imports trigger favicon fetches for each imported source with a `website_url`
+- Toast notifications capped at 3 visible with "+N more" badge, click-to-expand, and "Clear all" button
+- Error-level toasts auto-dismiss after 10 seconds (vs 5 seconds for info/success)
+
+**Action items:**
+1. Re-run `bin/rails source_monitor:upgrade` to get updated initializer template
+2. If you explicitly set `config.http.user_agent`, your value is preserved. Otherwise the new browser-like default applies automatically.
+3. If you need per-source scrape rate limiting, add `config.scraping.max_in_flight_per_source = 25` (or your preferred value) to your initializer
+4. If using Active Storage, favicons are enabled by default -- no action needed
+5. If NOT using Active Storage, favicons are silently disabled -- no action needed
+6. Toast stacking is automatic -- no configuration needed
+7. No breaking changes -- all existing configuration remains valid
+
 ## 0.3.x to 0.4.0
 
 **Released:** 2026-02-12

data/.gitignore

@@ -27,5 +27,15 @@
 .vbw-planning/.active-agent
 .vbw-planning/.active-agent-count
 .vbw-planning/.todo-flat-migrated
+.vbw-planning/.agent-worktrees/
+.vbw-planning/.cache/
+.vbw-planning/.context-usage
+.vbw-planning/.contracts/
+.vbw-planning/.events/
+.vbw-planning/.execution-state.json
 /codebase_analysis.md
+/VERIFICATION.md
+/test/dummy/public/assets/
+/test/lib/tmp/
 *.gem
+.vbw-worktrees/

data/AGENTS.md

@@ -83,7 +83,7 @@ Store secrets (API keys, webhook tokens) in `config/credentials/` and never comm
 
 ## Claude Code Skills
 
-SourceMonitor ships 14 engine-specific Claude Code skills (`sm-*` prefix) covering the domain model, configuration DSL, pipeline stages, testing conventions, and more. Skills are distributed with the gem and installed into `.claude/skills/` via rake tasks:
+SourceMonitor ships 15 engine-specific Claude Code skills (`sm-*` prefix) covering the domain model, configuration DSL, pipeline stages, testing conventions, and more. Skills are distributed with the gem and installed into `.claude/skills/` via rake tasks:
 
 ```bash
 bin/rails source_monitor:skills:install        # Consumer skills (host app integration)

data/CHANGELOG.md

@@ -15,6 +15,51 @@ All notable changes to this project are documented below. The format follows [Ke
 
 - No unreleased changes yet.
 
+## [0.8.1] - 2026-02-21
+
+### Fixed
+
+- **OPML import now imports all selected feeds across pages.** Previously, only the 25 feeds visible on the current preview page were imported. Pagination links inside the preview form triggered full-page navigation (bypassing Turbo Frames), which caused a "leave site?" warning and lost selections from other pages. Hidden fields now preserve selections across pages, and pagination uses Turbo Frame navigation.
+
+### Changed
+
+- Removed deprecated `rails/tasks/statistics.rake` from Rakefile (Rails 8.2 compatibility).
+
+## [0.8.0] - 2026-02-21
+
+### Added
+
+- **Automatic source favicons.** Sources now display favicons next to their names in list and detail views. Favicons are fetched automatically via background job on source creation and successful feed fetches using a multi-strategy cascade: `/favicon.ico` direct fetch, HTML `<link>` tag parsing (preferring largest available), and Google Favicon API fallback. Requires Active Storage in the host app.
+  - New configuration section: `config.favicons` with `enabled` (default: `true`), `fetch_timeout` (5s), `max_download_size` (1MB), `retry_cooldown_days` (7), and `allowed_content_types` settings.
+  - Colored initials placeholder shown when no favicon is available (consistent HSL color derived from source name).
+  - Graceful degradation: host apps without Active Storage see placeholders only, no errors.
+  - OPML imports also trigger favicon fetches for each imported source with a `website_url`.
+  - Manual "Fetch Favicon" button on source detail pages; favicon fetch also triggered on 304 Not Modified responses when missing.
+  - Redirect-following in favicon discoverer for domains that redirect (e.g., `reddit.com` -> `www.reddit.com`).
+- **Toast notification stacking.** Bulk operations no longer flood the screen with overlapping toasts. At most 3 toasts are visible at a time; overflow is shown as a "+N more" badge that expands the full stack on click. "Clear all" button dismisses every toast at once.
+  - Error-level toasts persist for 10 seconds (vs 5 seconds for info/success).
+  - Hidden toasts promote into visible slots as earlier toasts auto-dismiss.
+  - Container controller tracks DOM changes via MutationObserver and properly cleans up event listeners on disconnect.
+
+### Changed
+
+- **Browser-like default User-Agent.** Default HTTP User-Agent changed from `SourceMonitor/<version>` to `Mozilla/5.0 (compatible; SourceMonitor/<version>)` with full browser-like headers (Accept, Accept-Language, DNT, Referer from source `website_url`). This prevents bot-blocking by feed servers.
+- **Smarter scrape rate limiting.** Default `max_in_flight_per_source` changed from `25` to `nil` (unlimited). The previous default unnecessarily throttled scraping for sources with many items. Set an explicit value in your initializer if you need per-source caps.
+- **Health check triggers status re-evaluation.** A successful manual health check on a degraded (declining/critical/warning) source now triggers a feed fetch, allowing the health monitor to transition the source back to "improving" status instead of requiring the source to recover on its own schedule.
+
+### Fixed
+
+- Favicon discoverer properly follows HTTP redirects (e.g., `reddit.com` -> `www.reddit.com`).
+- Favicon fetch uses `rails_blob_path` for correct routing within the engine context.
+- Favicon display prefers PNG format (via Google Favicon API) over raw ICO for better browser compatibility.
+- Gemspec excludes `.vbw-planning/` from gem package to reduce gem size.
+
+### Testing
+
+- 1,125 tests, 0 failures.
+- RuboCop: 0 offenses.
+- Brakeman: 0 warnings.
+
 ## [0.7.1] - 2026-02-18
 
 ### Changed

data/CLAUDE.md

@@ -5,8 +5,8 @@
 ## Active Context
 
 **Milestone:** (none active)
-**Last shipped:** upgrade-assurance (2026-02-13) -- 3 phases, 14 tasks, 12 commits
-**Previous:** generator-enhancements (2026-02-12) -- v0.4.0
+**Last shipped:** polish-and-reliability (2026-02-21) -- v0.8.0, 3 phases, 1134 tests
+**Previous:** aia-ssl-fix (2026-02-20), upgrade-assurance (2026-02-13)
 **Next action:** /vbw:vibe to start a new milestone
 
 ## Key Decisions
@@ -14,7 +14,7 @@
 - Keep PostgreSQL-only for now
 - Keep host-app auth model
 - Ruby autoload for lib/ modules (not Zeitwerk)
-- PG parallel fork segfault when running single test files; use PARALLEL_WORKERS=1 or full suite
+- PG parallel fork segfault resolved: switched to thread-based parallelism in aia-ssl-fix milestone
 
 ## Installed Skills
 
@@ -97,9 +97,30 @@ Run /vbw:help for all commands.
 - `bin/rubocop` -- zero offenses before commit.
 - `bin/brakeman --no-pager` -- zero warnings before merge.
 - `bin/rails test` -- all tests pass.
+- `yarn build` -- rebuild JS assets if any `.js` files changed (ESLint runs in CI).
 - No N+1 queries (use `includes`/`preload`).
 - No hardcoded credentials (use Rails credentials or ENV).
 
+### Pre-Push CI Checklist (run ALL before pushing to GitHub)
+
+Before pushing any branch (especially release branches), run the full CI equivalent locally:
+
+1. `bin/rubocop` -- catches Ruby lint issues
+2. `PARALLEL_WORKERS=1 bin/rails test` -- catches test failures AND diff coverage gaps
+3. `bin/brakeman --no-pager` -- catches security issues
+4. `yarn build` -- rebuilds JS and catches ESLint issues (CI runs ESLint separately)
+
+**Why:** CI failures cost ~5 min per round-trip. In v0.8.0, skipping ESLint and diff coverage checks locally caused 2 wasted CI cycles. Common blind spots:
+- JS files need `/* global */` declarations for browser APIs (MutationObserver, requestAnimationFrame, etc.)
+- Every `rescue` / fallback / error path in new source code needs test coverage (CI diff coverage gate rejects uncovered lines)
+- `yarn build` must run after JS changes to sync sourcemaps
+
+## QA and UAT Rules
+
+- **Browser-first verification:** During VBW QA (`/vbw:qa`) and UAT (`/vbw:verify`), ALWAYS start by using `agent-browser` to test UI scenarios yourself before presenting checkpoints to the user. Navigate to the dummy app (port 3002), take snapshots/screenshots, and verify visual and functional behavior with agents first.
+- **Automate what you can:** Any test that can be verified programmatically (config defaults, job enqueue behavior, controller responses) should be automated -- only present truly visual/interactive tests to the user.
+- **Dummy app port:** The SourceMonitor dummy app runs on port 3002 (`cd test/dummy && bin/rails server -p 3002`).
+
 ## Security Rules
 
 ### Protected Files (NEVER read or output)

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    source_monitor (0.7.1)
+    source_monitor (0.8.1)
       cssbundling-rails (~> 1.4)
       faraday (~> 2.9)
       faraday-follow_redirects (~> 0.4)

data/README.md

@@ -9,8 +9,8 @@ SourceMonitor is a production-ready Rails 8 mountable engine for ingesting, norm
 In your host Rails app:
 
 ```bash
-bundle add source_monitor --version "~> 0.3.1"
-# or add `gem "source_monitor", "~> 0.3.1"` manually, then run:
+bundle add source_monitor --version "~> 0.7.1"
+# or add `gem "source_monitor", "~> 0.7.1"` manually, then run:
 bundle install
 ```
 
@@ -19,7 +19,9 @@ This exposes `bin/source_monitor` (via Bundler binstubs) so you can run the guid
 ## Highlights
 - Full-featured source and item administration backed by Turbo Streams and Tailwind UI components
 - Adaptive fetch pipeline (Feedjira + Faraday) with conditional GETs, retention pruning, and scrape orchestration
+- Automatic source favicons via Active Storage with multi-strategy discovery and graceful fallback
 - Realtime dashboard metrics, batching/caching query layer, and Mission Control integration hooks
+- Smart toast notification stacking (max 3 visible, "+N more" overflow badge, click-to-expand)
 - Extensible scraper adapters (Readability included) with per-source settings and structured result metadata
 - Declarative configuration DSL covering queues, HTTP, retention, events, model extensions, authentication, and realtime transports
 - First-class observability through ActiveSupport notifications and `SourceMonitor::Metrics` counters/gauges
@@ -41,7 +43,7 @@ This exposes `bin/source_monitor` (via Bundler binstubs) so you can run the guid
 Before running any SourceMonitor commands inside your host app, add the gem and install dependencies:
 
 ```bash
-bundle add source_monitor --version "~> 0.3.1"
+bundle add source_monitor --version "~> 0.7.1"
 # or edit your Gemfile, then run
 bundle install
 ```
@@ -113,7 +115,7 @@ See [docs/configuration.md](docs/configuration.md) for exhaustive coverage and e
 
 ## Claude Code Skills
 
-SourceMonitor ships 14 engine-specific Claude Code skills (`sm-*` prefix) that give AI agents deep context about the engine's domain model, configuration DSL, pipeline stages, and testing conventions. Skills are bundled with the gem and installed into your host app's `.claude/skills/` directory.
+SourceMonitor ships 15 engine-specific Claude Code skills (`sm-*` prefix) that give AI agents deep context about the engine's domain model, configuration DSL, pipeline stages, and testing conventions. Skills are bundled with the gem and installed into your host app's `.claude/skills/` directory.
 
 ```bash
 bin/rails source_monitor:skills:install        # Consumer skills (host app integration)

data/Rakefile

@@ -5,6 +5,4 @@ require "bundler/setup"
 APP_RAKEFILE = File.expand_path("test/dummy/Rakefile", __dir__)
 load "rails/tasks/engine.rake"
 
-load "rails/tasks/statistics.rake"
-
 require "bundler/gem_tasks"

data/VERSION

@@ -1 +1 @@
-0.7.1
+0.8.1

data/app/assets/builds/source_monitor/application.css

@@ -651,6 +651,14 @@ video {
   right: 0px;
 }
 
+.fm-admin .-bottom-1 {
+  bottom: -0.25rem;
+}
+
+.fm-admin .-right-1 {
+  right: -0.25rem;
+}
+
 .fm-admin .left-4 {
   left: 1rem;
 }
@@ -957,6 +965,10 @@ video {
   align-items: flex-start;
 }
 
+.fm-admin .items-end {
+  align-items: flex-end;
+}
+
 .fm-admin .items-center {
   align-items: center;
 }
@@ -977,6 +989,10 @@ video {
   gap: 0.25rem;
 }
 
+.fm-admin .gap-1\.5 {
+  gap: 0.375rem;
+}
+
 .fm-admin .gap-2 {
   gap: 0.5rem;
 }
@@ -1348,6 +1364,11 @@ video {
   background-color: rgb(248 250 252 / var(--tw-bg-opacity, 1));
 }
 
+.fm-admin .bg-slate-700 {
+  --tw-bg-opacity: 1;
+  background-color: rgb(51 65 85 / var(--tw-bg-opacity, 1));
+}
+
 .fm-admin .bg-slate-800 {
   --tw-bg-opacity: 1;
   background-color: rgb(30 41 59 / var(--tw-bg-opacity, 1));
@@ -1367,6 +1388,15 @@ video {
   background-color: rgb(255 255 255 / var(--tw-bg-opacity, 1));
 }
 
+.fm-admin .object-contain {
+  -o-object-fit: contain;
+     object-fit: contain;
+}
+
+.fm-admin .p-0\.5 {
+  padding: 0.125rem;
+}
+
 .fm-admin .p-3 {
   padding: 0.75rem;
 }
@@ -1726,6 +1756,10 @@ video {
   color: rgb(255 255 255 / var(--tw-text-opacity, 1));
 }
 
+.fm-admin .underline {
+  text-decoration-line: underline;
+}
+
 .fm-admin .opacity-0 {
   opacity: 0;
 }
@@ -1848,6 +1882,11 @@ video {
   background-color: rgb(248 250 252 / var(--tw-bg-opacity, 1));
 }
 
+.fm-admin .hover\:bg-slate-600:hover {
+  --tw-bg-opacity: 1;
+  background-color: rgb(71 85 105 / var(--tw-bg-opacity, 1));
+}
+
 .fm-admin .hover\:bg-slate-700:hover {
   --tw-bg-opacity: 1;
   background-color: rgb(51 65 85 / var(--tw-bg-opacity, 1));
@@ -1962,6 +2001,10 @@ video {
   background-color: rgb(241 245 249 / var(--tw-bg-opacity, 1));
 }
 
+.fm-admin :is(.group:hover .group-hover\:inline-flex) {
+  display: inline-flex;
+}
+
 .fm-admin :is(.peer:checked ~ .peer-checked\:border-blue-500) {
   --tw-border-opacity: 1;
   border-color: rgb(59 130 246 / var(--tw-border-opacity, 1));