feat: Initial release - PostgreSQL-backed health analytics server

Core Features:
- Multi-user architecture with user_id on all tables
- REST API scoped by user_id for self-hosted and SaaS
- Polar Flow SDK integration for data sync
- PostgreSQL database with async SQLAlchemy 2.0
- Litestar async web framework
- Docker and docker-compose deployment

Data Models:
- Sleep (score, stages, HRV, heart rate, breathing, temperature)
- Nightly Recharge (ANS charge, recovery metrics)
- Daily Activity (steps, calories, zones)
- Exercises (workouts with detailed metrics)

API Endpoints:
- GET /users/{user_id}/sleep
- GET /users/{user_id}/sleep/{date}
- POST /users/{user_id}/sync/trigger

Infrastructure:
- CI/CD: tests, lint, security, docs, publish
- Dependabot with auto-merge for minor/patch
- MkDocs Material documentation
- Strict type checking with mypy
- Ruff for linting and formatting

Tech Stack:
- Python 3.12+
- PostgreSQL 17
- Litestar 2.14+
- SQLAlchemy 2.0 (async)
- polar-flow-api 1.1.0
- Polars for data processing

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

Author: StuMason

.env.example

@@ -0,0 +1,28 @@
+# Deployment mode: self_hosted or saas
+DEPLOYMENT_MODE=self_hosted
+
+# API configuration
+API_HOST=0.0.0.0
+API_PORT=8000
+
+# Database URL (PostgreSQL)
+# Self-hosted (docker-compose): postgres service
+DATABASE_URL=postgresql+asyncpg://polar:polar@postgres:5432/polar
+
+# SaaS (Laravel shared database)
+# DATABASE_URL=postgresql+asyncpg://user:pass@host:5432/dbname
+
+# Security (required for SaaS mode, generates default for self-hosted)
+# ENCRYPTION_KEY=<base64-encoded-32-byte-key>
+# JWT_SECRET=<secret-key>
+
+# Sync settings
+SYNC_INTERVAL_HOURS=1
+SYNC_ON_STARTUP=true
+SYNC_DAYS_LOOKBACK=30
+
+# Logging
+LOG_LEVEL=INFO
+
+# Self-hosted mode: path to Polar token file
+POLAR_TOKEN_PATH=/root/.polar-flow/token

.github/dependabot.yml

@@ -0,0 +1,38 @@
+version: 2
+updates:
+  # Python dependencies
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "06:00"
+      timezone: "Europe/London"
+    open-pull-requests-limit: 10
+    assignees:
+      - "StuMason"
+    commit-message:
+      prefix: "chore(deps)"
+      include: "scope"
+    groups:
+      minor-and-patch:
+        patterns:
+          - "*"
+        update-types:
+          - "minor"
+          - "patch"
+
+  # GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "06:00"
+      timezone: "Europe/London"
+    open-pull-requests-limit: 5
+    assignees:
+      - "StuMason"
+    commit-message:
+      prefix: "ci(deps)"
+      include: "scope"

.github/workflows/dependabot-automerge.yml

@@ -0,0 +1,45 @@
+name: Dependabot Auto-Merge
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  auto-merge:
+    name: Auto-merge Dependabot PRs
+    runs-on: ubuntu-latest
+    if: github.actor == 'dependabot[bot]'
+
+    steps:
+      - name: Fetch Dependabot metadata
+        id: metadata
+        uses: dependabot/fetch-metadata@v2
+        with:
+          github-token: "${{ secrets.GITHUB_TOKEN }}"
+
+      - name: Auto-merge minor and patch updates
+        if: |
+          steps.metadata.outputs.update-type == 'version-update:semver-patch' ||
+          steps.metadata.outputs.update-type == 'version-update:semver-minor'
+        run: gh pr merge --auto --squash "$PR_URL"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Comment on major updates
+        if: steps.metadata.outputs.update-type == 'version-update:semver-major'
+        run: |
+          gh pr comment "$PR_URL" --body "**Major version update** - requires manual review and approval.
+
+          Please review:
+          - [ ] Breaking changes in changelog
+          - [ ] Update required in our code
+          - [ ] Tests still pass
+          - [ ] Documentation updated if needed"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/docs.yml

@@ -0,0 +1,30 @@
+name: Deploy Documentation
+
+on:
+  push:
+    branches: [main]
+  workflow_dispatch:
+
+permissions:
+  contents: write
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+
+      - uses: astral-sh/setup-uv@v7
+        with:
+          enable-cache: true
+
+      - name: Set up Python
+        run: uv python install 3.12
+
+      - name: Install dependencies
+        run: |
+          uv sync
+          uv pip install mkdocs-material mkdocstrings[python]
+
+      - name: Build and deploy docs
+        run: uv run mkdocs gh-deploy --force

.github/workflows/lint.yml

@@ -0,0 +1,35 @@
+name: Lint
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  lint:
+    name: Lint and Type Check
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v6
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v7
+        with:
+          enable-cache: true
+
+      - name: Set up Python
+        run: uv python install 3.12
+
+      - name: Install dependencies
+        run: uv sync --all-extras
+
+      - name: Check formatting with Ruff
+        run: uv run ruff format --check .
+
+      - name: Lint with Ruff
+        run: uv run ruff check .
+
+      - name: Type check with mypy
+        run: uv run mypy src/polar_flow_server

.github/workflows/security.yml

@@ -0,0 +1,43 @@
+name: Security Check
+
+on:
+  schedule:
+    - cron: '0 3 * * *' # 3am UTC daily
+  workflow_dispatch:
+
+jobs:
+  security-audit:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+
+    steps:
+      - uses: actions/checkout@v6
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v7
+        with:
+          enable-cache: true
+
+      - name: Set up Python
+        run: uv python install 3.12
+
+      - name: Install dependencies
+        run: uv sync --all-extras
+
+      - name: Install pip-audit
+        run: uv pip install pip-audit
+
+      - name: Check for security vulnerabilities
+        id: security
+        run: |
+          uv run pip-audit --format json > audit.json 2>&1 || true
+          if [ -s audit.json ] && [ "$(cat audit.json | jq '.vulnerabilities | length')" -gt 0 ]; then
+            echo "vulnerable=true" >> $GITHUB_OUTPUT
+            echo "::warning::Security vulnerabilities found"
+            cat audit.json | jq '.vulnerabilities'
+          else
+            echo "vulnerable=false" >> $GITHUB_OUTPUT
+            echo "No security vulnerabilities found"
+          fi

.github/workflows/tests.yml

@@ -0,0 +1,41 @@
+name: Tests
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  test:
+    name: Test Python ${{ matrix.python-version }}
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ["3.12", "3.13"]
+
+    steps:
+      - uses: actions/checkout@v6
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v7
+        with:
+          enable-cache: true
+
+      - name: Set up Python ${{ matrix.python-version }}
+        run: uv python install ${{ matrix.python-version }}
+
+      - name: Install dependencies
+        run: uv sync --all-extras
+
+      - name: Run tests with coverage
+        run: uv run pytest --cov --cov-report=xml --cov-report=term
+
+      - name: Upload coverage to Codecov
+        if: matrix.python-version == '3.12'
+        uses: codecov/codecov-action@v5
+        continue-on-error: true
+        with:
+          files: ./coverage.xml
+          fail_ci_if_error: false
+          token: ${{ secrets.CODECOV_TOKEN }}

.gitignore

@@ -0,0 +1,78 @@
+# Python
+__pycache__/
+*.py[cod]
+*$py.class
+*.so
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# Virtual environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# IDEs
+.vscode/
+.idea/
+*.swp
+*.swo
+*~
+.DS_Store
+
+# Testing
+.pytest_cache/
+.coverage
+coverage.xml
+*.cover
+.hypothesis/
+.tox/
+htmlcov/
+
+# Type checking
+.mypy_cache/
+.dmypy.json
+dmypy.json
+.pytype/
+.ruff_cache/
+
+# Database
+*.db
+*.db-shm
+*.db-wal
+*.duckdb
+*.duckdb.wal
+data/
+
+# Logs
+*.log
+logs/
+
+# Documentation
+site/
+.mkdocs_cache/
+
+# Environment
+.env.local
+.env.*.local
+
+# Polar tokens
+.polar-flow/

.python-version

@@ -0,0 +1 @@
+3.12

CHANGELOG.md

@@ -0,0 +1,30 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+### Added
+- Initial release of polar-flow-server
+- REST API with user-scoped endpoints
+- Database models with multi-user support
+- Polar Flow SDK integration for data sync
+- Support for Sleep, Nightly Recharge, Activity, and Exercise data
+- DuckDB support for self-hosted deployments
+- PostgreSQL support for SaaS deployments
+- Litestar async web framework
+- Structured logging with structlog
+- Comprehensive test suite
+- Type safety with mypy strict mode
+- CI/CD workflows (tests, lint, security, publish, docs)
+- Dependabot with auto-merge for minor/patch updates
+- MkDocs Material documentation
+- Docker support (planned)
+- HTMX admin panel (planned)
+- MCP server for Claude Desktop (planned)
+- Analytics engine for HRV baselines and recovery scores (planned)
+
+[Unreleased]: https://github.com/StuMason/polar-flow-server/commits/main