When start_all() detects Vault init.json is missing (unseal fails),
it now:
1. Kills all stack processes
2. Cleans the stack directory
3. Runs full bootstrap()
4. Returns (bootstrap starts all services)
Also made SecretsManager init failure in start_all() a hard error
instead of a warning - if Vault is supposed to be working but
SecretsManager can't connect, that's a fatal error.
The core issue was that .env was written at the END of setup_vault(),
but other components needed Vault credentials BEFORE that.
Now:
1. Unseal Vault
2. Write .env with VAULT_ADDR and VAULT_TOKEN immediately
3. Re-initialize SecretsManager so it connects to Vault
4. THEN store secrets in Vault
This ensures SecretsManager is properly configured before any
code tries to use create_conn() or other Vault-dependent functions.
System Logs:
- Add scroll_offset tracking with auto-scroll to bottom on new logs
- Up/Down/j/k keys to scroll line by line
- PageUp/PageDown for page scrolling
- Home/End to jump to top/bottom
- Show scroll indicators in title: [^v], [SCROLL] when not auto-scrolling
- Display log count in title
Editor:
- Fix scroll_offset to follow cursor when moving up/down
- Add PageUp/PageDown for faster navigation
- Add Ctrl+Home/Ctrl+End to jump to start/end of file
- ensure_cursor_visible() keeps cursor in view
Tab Navigation:
- FileTree -> Editor (if open) or Logs -> Chat -> back to start
- Consistent cycling through all panels
When services are already configured (bootstrap completed), the code
calls start_all() or ensure_services_running() which starts Vault
but didn't initialize SecretsManager. This caused create_conn() to
fail with 'Vault not configured' even though Vault was running.
Now both functions initialize SecretsManager after Vault is unsealed,
ensuring database connections can retrieve credentials from Vault.
Replace emoji icons with plain text/ASCII equivalents to prevent
encoding issues and improve console compatibility:
- Replace checkmarks with *
- Replace x marks with x
- Replace status indicators with text [OK], [ERR], etc.
- Remove decorative emojis from info/debug log messages
- Keep functional emojis in user-facing chat/sentiment features
The bootstrap order is vault -> tables -> directory. When tables
component was processed, it tried to call establish_pg_connection()
which requires Vault, but Vault setup only happens when processing
the vault component (which is earlier in the loop but the if-block
for tables runs for the tables component, not vault).
Fix: Run migrations directly with the generated password during the
tables component setup, before Vault is configured. This avoids the
dependency on Vault being set up.
- Redirect Vault exec_cmd output to logs/vault.log
- Add stdout/stderr null pipes to component spawn in installer.rs
- Suppress output in run_commands() in facade.rs
- All component output now goes to respective log files in logs/
When llm-server=false in bot_configuration, the code now skips
attempting to start local llama-server processes. This prevents
the 60-attempt timeout error when using external LLM endpoints
or when local LLM serving is intentionally disabled.
- Add state_channel field to XtreeUI for receiving AppState updates
- Add set_state_channel() method to enable async state communication
- Poll for AppState in event loop to initialize panels when ready
- UI now shows loading state instantly, logs stream in real-time
- Transitions to full interactive mode when AppState is received
- Don't delete archive files from cache after tar/zip extraction
- Copy binaries from cache instead of moving them
- Cached files are now preserved for offline installation reuse
- Disable TLS on Vault for local development (HTTP instead of HTTPS)
- Fix bot_configuration id column type mismatch (TEXT -> UUID)
- Add migration 6.1.1 to convert config table id columns to UUID
- Fix sync_config_csv_to_db to use UUID binding for id column
- Make start_all async with proper Vault startup sequence
- Sync default.gbai config.csv to existing 'Default Bot' from migrations
- Add diagnostic logging for config loading
- Change default LLM/embedding URLs from https to http for local dev
- Rename service names to component names:
- postgres -> tables
- minio -> drive
- redis -> cache
- qdrant -> vectordb
- mail -> email
- Update bootstrap certificate generation with new hostnames
- Update CoreDNS zone file with component-based DNS entries
- Update CA service certificates to use component names
- Update CA directory creation to use component names
All certificates include 127.0.0.1 as SAN for IP-based mTLS access
- Add create_vault_config() function to generate config.hcl with mTLS settings
- Configure Vault to require client certificate verification
- Generate client certificate for botserver in bootstrap
- Update .env to include mTLS paths (VAULT_CACERT, VAULT_CLIENT_CERT, VAULT_CLIENT_KEY)
- Remove unused import in tls.rs
- Add Default impl for AppState with mock services for testing
- Add MockLLMProvider for tests that need LLM without real API
- Add create_mock_auth_service() for Zitadel testing
- Add test_utils.rs with TestAppStateBuilder, MockChannelAdapter
- Enable rhai 'sync' feature to fix Send+Sync for Dynamic types
- Fix attendance.rs tests to use pure functions (no DB required)
- Fix on_error.rs tests to use String instead of i32
- Remove unused imports in attendance.rs
All tests pass, 0 warnings, 0 errors.
- Add email, teams, google columns to attendant.csv
- Add find_attendant_by_identifier() for multi-channel lookup
- Add find_attendants_by_channel() and find_attendants_by_department()
- Implement handle_status_command with database persistence
- Implement handle_transfer_command with actual transfer logic
- Update AttendantCSV struct with all new fields
- /files/sync/status now returns is_desktop=false for web users
- /files/sync/start|stop return helpful message about desktop app requirement
- Add detailed docstrings pointing to botapp/src/desktop/sync.rs
- SyncStatus struct extended with is_desktop and message fields
- Create core/oauth module with OAuthProvider enum and shared types
- Implement providers.rs with auth URLs, token exchange, user info endpoints
- Add routes for /auth/oauth/providers, /auth/oauth/{provider}, and callbacks
- Update login.html with OAuth button grid and dynamic provider loading
- Add OAuth config settings to config.csv with setup documentation and links
- Uses HTMX for login form, minimal JS for OAuth provider visibility
- Add email-read-pixel config parameter to enable/disable tracking
- Implement tracking pixel injection in HTML emails
- Add sent_email_tracking table with migration
- Create 4 new API endpoints:
- GET /api/email/tracking/pixel/{id} - serve pixel & record read
- GET /api/email/tracking/status/{id} - get email read status
- GET /api/email/tracking/list - list all tracked emails
- GET /api/email/tracking/stats - get aggregate statistics
- Store tracking data: read_at, read_count, IP, user_agent
- Integrate with send_email() to auto-inject pixel when enabled
New rules added:
- Two LLM work modes: Execution (fazer) vs Review (conferir)
- Rust code only in architecture.md (gbapp chapter)
- Scan and delete misplaced ALL_CAPS.md files
- HTMX-first: minimize JS, delegate to server
- Local assets only: no CDN references
- Documentation validation process for chapters
- No dead code: implement real code, never use _ prefix
- cargo audit must pass with 0 warnings
- diesel only, remove sqlx references
- Library consolidation guidance
- CRM Lead Scoring: Implement get_lead_score_from_db and update_lead_score_in_db
using bot_memories table with diesel queries
- Bot Manager: Implement real org lookup from database and template loading from filesystem
- KB Manager: Implement get_collection_info to query Qdrant for real statistics
- Analytics: Replace placeholder metrics with actual database queries for users,
sessions, and storage stats
- Email Setup: Implement Stalwart admin account creation via management API
- Add CollectionInfo struct for Qdrant collection metadata
All implementations use diesel for database operations, no sqlx.
modules
Add detailed README documentation for 15+ bot templates including:
- Platform analytics, BI reporting, and web crawler templates
- CRM, contacts, and marketing automation templates
- Legal document processing and office productivity templates
- LLM tools, LLM server, and API client integration templates
- Reminder management and meta-template for creating new templates
Add new Rust configuration modules:
- BM25 config for Tantivy-based sparse
Drop image (with ravif/paste), sqlx, zitadel, and related dependencies
that were causing compilation issues. Replace image processing with
direct png crate usage. Update rcgen to 0.14 with new API changes.
Refactor CA certificate generation to use Issuer pattern.
Introduce an interactive SVG-based monitoring dashboard that displays:
- Central BotServer node with animated status indicators
- Service nodes for PostgreSQL, Qdrant, MinIO, BotModels, Cache, and
Vault
- Animated data flow connections between services
- Real-time metrics panels (sessions, messages, response time)
- Resource utilization bars (CPU, memory, GPU, disk)
- Live activity ticker
The HTML version includes
Replace static grid layout with interactive live system view featuring:
- Animated data packets flowing between service nodes
- Real-time metrics panels with HTMX polling
- Service status dots with pulse animations
- Resource utilization bars
- Live activity ticker
- Toggle between Live and Grid views (V key)
Documentation updated to reflect new visualization and API endpoints.
- Add template-samples.md with ready-to-use bot examples and sample
conversations for CRM, FAQ, calendar, HR, sales, IT helpdesk,
compliance, broadcast, and analytics templates
- Add compliance-api.md with full REST API reference for data subject
requests, consent management, scanning
- Add comprehensive user manual covering all Suite applications
- Document HTMX architecture patterns used throughout the UI
- Complete designer.html JavaScript implementation
- Complete sources/index.html with remaining UI and event handlers
- Update SUMMARY.md with new documentation entries
