Instead of calling fputc for each non-special character, track runs of safe characters and emit them in a single fwrite call. Reduces function call overhead for typical alphanumeric inputs. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

The existing UNIQUE indexes have (desk, day) and (user, day) as their column order, so queries that filter by day alone cannot seek directly. This index lets the day bookings and LEFT JOIN queries use an index scan instead of a full table scan. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

The booking form page previously ran separate queries for day bookings and available desks, each requiring its own prepare/bind/step/finalize cycle. A single LEFT JOIN query returns all desks with their booking status in one pass, halving the SQLite overhead for this route. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

CGI request URIs are short (the longest valid path is /book/YYYY-MM-DD at 16 characters). A 256-byte stack buffer avoids one heap allocation per request. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

MAX_BODY is 4096, well within stack limits. The content_length check already ensures the read will not overflow. This avoids a malloc/free pair on every POST request. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

deskd is single-threaded. On macOS the shared SQLite library resolves pthread symbols through its own linkage. On OpenBSD with static linking the linker pulls in only the symbols that SQLite actually references; if the static build fails, restore -lpthread via the LDFLAGS override. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

No application code uses math.h functions. On a static build the linker would only pull in referenced symbols, but removing the flag avoids unnecessary library scanning during the link step. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Replace 16 snprintf("%02x") calls with direct table lookups. snprintf parses the format string on every iteration; the lookup table converts each byte to two hex characters with simple shifts and masks. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

The default optimization level (-O0) leaves dead code and misses size-reducing transformations. -Os is preferred over -O2 as it avoids aggressive inlining and loop unrolling that inflate the binary, which matters for a statically linked CGI deployment. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

CGI route handlers make dozens of small printf/fputs calls. Under the CGI model stdout is piped to the web server and line-buffered by default, so each newline triggers a separate write(2) syscall. Switching to full buffering batches the entire response into one or two writes that flush when the process exits. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Users with old bookmarks or shortcuts were getting a plain-text 404 error after d3b734c. Use a 302 temporary redirect to / so they land on the bookings page instead, without permanently caching the redirect. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

SQLite internally opens /dev/urandom to seed its PRNG and searches /var/tmp, /usr/tmp, /tmp for temporary files. Both are blocked by the unveil sandbox, producing spurious accounting log entries. Unveil /dev/urandom unconditionally so SQLite gets proper entropy instead of falling back to time()+getpid(). For temp files, unveil the path in SQLITE_TMPDIR when set, letting deployers point it at the database directory already inside the chroot. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Move variable declarations from top-of-block to point of first use (C99/C23 style), add const qualifiers to locals and value parameters where appropriate, and remove #include directives made redundant by transitive includes through project headers. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

vmactions/openbsd-vm has a known reliability issue (vmactions/openbsd-vm#11) where the SSH connection to the VM drops mid-test, causing SIGPIPE failures. cross-platform-actions/action is faster and more stable. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

The flat if/else chain checked (method, path) pairs and required a separate block that re-enumerated every known path for the 405 case. Restructure as nested branches: outer level matches path, inner level matches method with a per-path else → 405 fallback. This makes each route self-contained so new paths cannot accidentally miss the 405 case. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

The catch-all in the request router previously returned 400 for both unknown paths and unsupported methods. Split it into two branches: known paths with the wrong method now return 405 Method Not Allowed, and unrecognised paths return 404 Not Found. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Change route-unknown to expect 404 Not Found instead of 400, and route-wrong-method to expect 405 Method Not Allowed instead of 400. These tests will fail until the routing logic in deskd.c is updated to distinguish unknown paths from unsupported methods. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Cover previously untested code paths: routing catch-all (unknown routes, wrong methods), missing CSRF cookie (vs mismatch), missing day parameter in cancel form, empty request body on book, cancel of non-existent booking, past-booking filtering on the bookings page, empty day query parameter on dateform, no-desks-configured edge case on bookingform, and HTML escaping of desk names and usernames to guard against XSS regressions. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

The binary runs inside an OpenBSD httpd chroot with no access to shared libraries. Add -static to the default link flags via a LDFLAGS_STATIC variable that can be overridden (e.g. LDFLAGS_STATIC= on macOS where static linking is not supported). SQLite's static library depends on pthread and math, so add -lpthread and -lm to the link flags. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Add a test target that depends on the deskd binary and runs the integration test suite. Simplify the CI workflow to just make test. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

v4 uses Node.js 20 which is deprecated on GitHub Actions runners and will be forced to Node.js 24 starting June 2026. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Expand comments to explain why the database parent directory is unveiled rather than the file itself, why unveil(NULL, NULL) locks the path list, and why fattr is included in the pledge promises. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>