From 334bb9239b18918a601a21c6e66d0cd5793e1a73 Mon Sep 17 00:00:00 2001 From: "Rodrigo Rodriguez (Pragmatismo)" Date: Tue, 3 Mar 2026 08:42:30 -0300 Subject: [PATCH] chore: Update botui submodule - Fix desktop title branding Update botui to latest commit which changes desktop title from 'Agent Farm' to 'General Bots' for brand consistency. --- AGENTS.md | 4 +- Cargo.lock | 56 + TASK_V2.md | 1202 ----------------- VIBE.md | 1068 --------------- botui | 2 +- inspect.js | 10 - package-lock.json | 344 +---- package.json | 14 +- playwright.config.ts | 79 -- .../BOTCODER_ANALYSIS.md | 0 .../BOTCODER_HYBRID_ARCHITECTURE.md | 0 prompts/PENDING.md | 113 ++ .../SECURITY_CHECKLIST.md | 0 prompts/SECURITY_REVIEW.md | 30 + UNIFIED_PLAN.md => prompts/UNIFIED_PLAN.md | 0 vibe.md => prompts/vib.md | 806 +++++++---- reset.sh | 105 +- sec.md | 740 ---------- yarn.lock | 175 --- zit.md | 440 ------ 20 files changed, 761 insertions(+), 4427 deletions(-) delete mode 100644 TASK_V2.md delete mode 100644 VIBE.md delete mode 100644 inspect.js delete mode 100644 playwright.config.ts rename BOTCODER_ANALYSIS.md => prompts/BOTCODER_ANALYSIS.md (100%) rename BOTCODER_HYBRID_ARCHITECTURE.md => prompts/BOTCODER_HYBRID_ARCHITECTURE.md (100%) create mode 100644 prompts/PENDING.md rename SECURITY_CHECKLIST.md => prompts/SECURITY_CHECKLIST.md (100%) create mode 100644 prompts/SECURITY_REVIEW.md rename UNIFIED_PLAN.md => prompts/UNIFIED_PLAN.md (100%) rename vibe.md => prompts/vib.md (75%) delete mode 100644 sec.md delete mode 100644 yarn.lock delete mode 100644 zit.md diff --git a/AGENTS.md b/AGENTS.md index 57301cf..6dbc23a 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -1,7 +1,9 @@ # General Bots AI Agent Guidelines 8080 is server 3000 is client ui +if you are in trouble with some tool, please go to the ofiical website to get proper install or instructions To test web is http://localhost:3000 (botui!) -Use apenas a lingua culta. +Use apenas a lingua culta ao falar . +test login here http://localhost:3000/suite/auth/login.html > **⚠️ CRITICAL SECURITY WARNING** I AM IN DEV ENV, but sometimes, pasting from PROD, do not treat my env as prod! Just fix, to me and push to CI. So I can test in PROD, for a while. >Use Playwrigth MCP to start localhost:3000/ now. diff --git a/Cargo.lock b/Cargo.lock index 57cfca4..0f3eab7 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1361,6 +1361,7 @@ dependencies = [ "flate2", "futures", "futures-util", + "git2", "governor", "hex", "hmac", @@ -3763,6 +3764,21 @@ dependencies = [ "winapi", ] +[[package]] +name = "git2" +version = "0.19.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b903b73e45dc0c6c596f2d37eccece7c1c8bb6e4407b001096387c63d0d93724" +dependencies = [ + "bitflags 2.10.0", + "libc", + "libgit2-sys", + "log", + "openssl-probe 0.1.6", + "openssl-sys", + "url", +] + [[package]] name = "glib" version = "0.18.5" @@ -4950,6 +4966,20 @@ dependencies = [ "cc", ] +[[package]] +name = "libgit2-sys" +version = "0.17.0+1.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "10472326a8a6477c3c20a64547b0059e4b0d086869eee31e6d7da728a8eb7224" +dependencies = [ + "cc", + "libc", + "libssh2-sys", + "libz-sys", + "openssl-sys", + "pkg-config", +] + [[package]] name = "libloading" version = "0.7.4" @@ -4977,6 +5007,32 @@ dependencies = [ "redox_syscall 0.7.0", ] +[[package]] +name = "libssh2-sys" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "220e4f05ad4a218192533b300327f5150e809b54c4ec83b5a1d91833601811b9" +dependencies = [ + "cc", + "libc", + "libz-sys", + "openssl-sys", + "pkg-config", + "vcpkg", +] + +[[package]] +name = "libz-sys" +version = "1.1.24" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4735e9cbde5aac84a5ce588f6b23a90b9b0b528f6c5a8db8a4aff300463a0839" +dependencies = [ + "cc", + "libc", + "pkg-config", + "vcpkg", +] + [[package]] name = "line-clipping" version = "0.3.5" diff --git a/TASK_V2.md b/TASK_V2.md deleted file mode 100644 index 06fcf52..0000000 --- a/TASK_V2.md +++ /dev/null @@ -1,1202 +0,0 @@ -# VibeCode Complete Implementation Roadmap v2.0 -## Dual Deployment: Internal GB Apps + External Forgejo ALM Projects - -## Executive Summary - -**Current Status:** BotUI's backend is **80% complete** with powerful LLM-driven code generation. The frontend needs professional tools, AND the platform must support **two deployment models**: - -1. **Internal GB Apps** - Apps served directly from the GB platform using API endpoints -2. **External Forgejo ALM Projects** - Apps deployed to external Forgejo repositories with CI/CD - -**What Works (Backend):** -- ✅ LLM-powered app generation (AppGenerator: 3400+ lines) -- ✅ Multi-agent pipeline (Orchestrator: Plan → Build → Review → Deploy → Monitor) -- ✅ Real-time WebSocket progress -- ✅ Database schema generation -- ✅ File generation (HTML, CSS, JS, BAS) -- ✅ Designer AI (runtime modifications with undo/redo) -- ✅ chromiumoxide dependency ready for browser automation -- ✅ **Forgejo ALM integration** (mTLS, runners, web server on port 3000) -- ✅ **App deployment** (`/apps/{name}` routes, Drive storage) - -**What's Missing (Critical Gaps):** -- ❌ Deployment routing logic (internal vs external) -- ❌ Forgejo project initialization & git push -- ❌ CI/CD pipeline generation for Forgejo projects -- ❌ Monaco/CodeMirror editor (just textarea now) -- ❌ Database UI (no schema visualizer) -- ❌ Git operations UI -- ❌ Browser automation engine UI -- ❌ Multi-file editing workspace -- ❌ Enhanced terminal - ---- - -## Architecture: Dual Deployment Model - -``` -┌──────────────────────────────────────────────────────────────────┐ -│ USER REQUEST │ -│ "I want a full CRM system" │ -└────────────────────────────┬─────────────────────────────────────┘ - │ - ▼ -┌──────────────────────────────────────────────────────────────────┐ -│ VIBE BUILDER UI │ -│ ┌──────────────────┐ ┌──────────────────┐ │ -│ │ Agent Sidebar │ │ Canvas Area │ │ -│ │ (Mantis #1-4) │ │ - Task Nodes │ │ -│ │ - Status cards │ │ - Preview │ │ -│ │ - Workspaces │ │ - Chat Overlay │ │ -│ └──────────────────┘ └──────────────────┘ │ -│ │ -│ ⚠️ DEPLOYMENT CHOICE (NEW): │ -│ ┌─────────────────────────────────────────────────────┐ │ -│ │ 📱 Deploy to GB Platform 🌐 Deploy to Forgejo │ │ -│ │ - Serve from /apps/{name} - Push to repo │ │ -│ │ - Use GB API - CI/CD pipeline │ │ -│ │ - Fast iteration - Custom domain │ │ -│ │ - Shared resources - Independent │ │ -│ └─────────────────────────────────────────────────────┘ │ -└────────────────────────────┬─────────────────────────────────────┘ - │ - ┌────────────┴────────────┐ - │ │ - ▼ ▼ -┌───────────────────────┐ ┌──────────────────────────────────┐ -│ INTERNAL GB APPS │ │ EXTERNAL FORGEJO PROJECTS │ -│ │ │ │ -│ Deployment Flow: │ │ Deployment Flow: │ -│ 1. Generate files │ │ 1. Generate files │ -│ 2. Store in Drive │ │ 2. Init git repo │ -│ 3. Serve from /apps/ │ │ 3. Push to Forgejo │ -│ 4. Use GB APIs │ │ 4. Create CI/CD (.forgejo/*) │ -│ 5. Shared DB │ │ 5. Runner builds & deploys │ -│ 6. Shared auth │ │ 6. Independent deployment │ -│ │ │ 7. Custom domain │ -│ ┌─────────────────┐ │ │ │ -│ │ App Router │ │ │ ┌──────────────────────────────┐ │ -│ │ /apps/{name} │ │ │ │ Forgejo ALM (port 3000) │ │ -│ │ - HTMX routes │ │ │ │ - Git server │ │ -│ │ - API proxy │ │ │ │ - CI/CD (.forgejo/workflows) │ │ -│ │ - Auth wrapper │ │ │ │ - Packages (npm, cargo) │ │ -│ └─────────────────┘ │ │ │ - Actions runner │ │ -│ │ │ └──────────────────────────────┘ │ -└───────────────────────┘ └──────────────────────────────────┘ -``` - ---- - -## Part I: Deployment Infrastructure (CRITICAL - Phase 0) - -### Current State Analysis - -**Existing Infrastructure:** -```rust -// Forgejo ALM is already configured: -botserver/src/security/mutual_tls.rs:150 - - configure_forgejo_mtls() - mTLS setup for Forgejo - -botserver/src/core/package_manager/installer.rs - - forgejo binary installer - - forgejo-runner integration - - ALM_URL environment variable - - Port 3000 for Forgejo web UI - -botserver/src/basic/keywords/create_site.rs - - CREATE SITE keyword for app generation - - Stores to Drive: apps/{alias} - - Serves from: /apps/{alias} - -botserver/src/basic/keywords/app_server.rs - - Suite JS file serving - - Vendor file routing -``` - -**Missing Components:** -1. ❌ Deployment routing logic (internal vs external choice) -2. ❌ Forgejo repository initialization API -3. ❌ Git push to Forgejo repositories -4. ❌ CI/CD pipeline template generation -5. ❌ Forgejo Actions workflow builder -6. ❌ Custom domain configuration for external projects - ---- - -### Phase 0.1: Deployment Router (P0 - CRITICAL) - -**Goal:** Create routing logic to deploy apps internally or to Forgejo - -**File:** `botserver/src/deployment/mod.rs` - -```rust -use serde::{Deserialize, Serialize}; -use std::path::PathBuf; - -#[derive(Debug, Clone, Serialize, Deserialize)] -pub enum DeploymentTarget { - /// Serve from GB platform (/apps/{name}) - Internal { - route: String, - shared_resources: bool, - }, - /// Deploy to external Forgejo repository - External { - repo_url: String, - custom_domain: Option, - ci_cd_enabled: bool, - }, -} - -#[derive(Debug, Clone, Serialize, Deserialize)] -pub struct DeploymentConfig { - pub app_name: String, - pub target: DeploymentTarget, - pub environment: DeploymentEnvironment, -} - -#[derive(Debug, Clone, Serialize, Deserialize)] -pub enum DeploymentEnvironment { - Development, - Staging, - Production, -} - -pub struct DeploymentRouter { - forgejo_url: String, - forgejo_token: Option, - internal_base_path: PathBuf, -} - -impl DeploymentRouter { - pub fn new( - forgejo_url: String, - forgejo_token: Option, - internal_base_path: PathBuf, - ) -> Self { - Self { - forgejo_url, - forgejo_token, - internal_base_path, - } - } - - /// Route deployment based on target type - pub async fn deploy( - &self, - config: DeploymentConfig, - generated_app: GeneratedApp, - ) -> Result { - match config.target { - DeploymentTarget::Internal { route, .. } => { - self.deploy_internal(route, generated_app).await - } - DeploymentTarget::External { ref repo_url, .. } => { - self.deploy_external(repo_url, generated_app).await - } - } - } - - /// Deploy internally to GB platform - async fn deploy_internal( - &self, - route: String, - app: GeneratedApp, - ) -> Result { - // 1. Store files in Drive - // 2. Register route in app router - // 3. Create API endpoints - // 4. Return deployment URL - todo!() - } - - /// Deploy externally to Forgejo - async fn deploy_external( - &self, - repo_url: &str, - app: GeneratedApp, - ) -> Result { - // 1. Initialize git repo - // 2. Add Forgejo remote - // 3. Push generated files - // 4. Create CI/CD workflow - // 5. Trigger build - todo!() - } -} - -#[derive(Debug, Clone, Serialize, Deserialize)] -pub struct DeploymentResult { - pub url: String, - pub deployment_type: String, - pub status: DeploymentStatus, - pub metadata: serde_json::Value, -} - -#[derive(Debug, Clone, Serialize, Deserialize)] -pub enum DeploymentStatus { - Pending, - Building, - Deployed, - Failed, -} - -#[derive(Debug)] -pub enum DeploymentError { - InternalDeploymentError(String), - ForgejoError(String), - GitError(String), - CiCdError(String), -} -``` - -**Estimated Effort:** 12-16 hours - ---- - -### Phase 0.2: Forgejo Integration (P0 - CRITICAL) - -**Goal:** Initialize repositories and push code to Forgejo - -**File:** `botserver/src/deployment/forgejo.rs` - -```rust -use git2::{Repository, Oid}; -use serde::{Deserialize, Serialize}; - -pub struct ForgejoClient { - base_url: String, - token: String, - client: reqwest::Client, -} - -impl ForgejoClient { - pub fn new(base_url: String, token: String) -> Self { - Self { - base_url, - token, - client: reqwest::Client::new(), - } - } - - /// Create a new repository in Forgejo - pub async fn create_repository( - &self, - name: &str, - description: &str, - private: bool, - ) -> Result { - let url = format!("{}/api/v1/user/repos", self.base_url); - - let payload = CreateRepoRequest { - name: name.to_string(), - description: description.to_string(), - private, - auto_init: true, - gitignores: Some("Node,React,Vite".to_string()), - license: Some("MIT".to_string()), - readme: Some("Default".to_string()), - }; - - let response = self - .client - .post(&url) - .header("Authorization", format!("token {}", self.token)) - .json(&payload) - .send() - .await - .map_err(|e| ForgejoError::HttpError(e.to_string()))?; - - if response.status().is_success() { - let repo: ForgejoRepo = response - .json() - .await - .map_err(|e| ForgejoError::JsonError(e.to_string()))?; - Ok(repo) - } else { - Err(ForgejoError::ApiError( - response.status().to_string(), - )) - } - } - - /// Push generated app to Forgejo repository - pub async fn push_app( - &self, - repo_url: &str, - app: &GeneratedApp, - branch: &str, - ) -> Result { - // 1. Initialize local git repo - let repo = Repository::init(app.temp_dir()?)?; - - // 2. Add all files - let mut index = repo.index()?; - for file in &app.files { - index.add_path(PathBuf::from(&file.path))?; - } - index.write()?; - - // 3. Create commit - let tree_id = index.write_tree()?; - let tree = repo.find_tree(tree_id)?; - - let sig = repo.signature()?; - let oid = repo.commit( - Some(&format!("refs/heads/{}", branch)), - &sig, - &sig, - &format!("Initial commit: {}", app.description), - &tree, - &[], - )?; - - // 4. Add Forgejo remote - let mut remote = repo.remote( - "origin", - &format!( - "{}", - repo_url.replace("https://", &format!("https://{}@", self.token)) - ), - )?; - - // 5. Push to Forgejo - remote.push(&[format!("refs/heads/{}", branch)], None)?; - - Ok(oid.to_string()) - } - - /// Create CI/CD workflow for the app - pub async fn create_cicd_workflow( - &self, - repo_url: &str, - app_type: AppType, - build_config: BuildConfig, - ) -> Result<(), ForgejoError> { - let workflow = match app_type { - AppType::Htmx => self.generate_htmx_workflow(build_config), - AppType::React => self.generate_react_workflow(build_config), - AppType::Vue => self.generate_vue_workflow(build_config), - }; - - // Create .forgejo/workflows/deploy.yml - // Commit and push - todo!() - } - - fn generate_htmx_workflow(&self, config: BuildConfig) -> String { - r#" -name: Deploy HTMX App - -on: - push: - branches: [main, develop] - -jobs: - deploy: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - - name: Setup Node.js - uses: actions/setup-node@v3 - with: - node-version: '20' - - - name: Install dependencies - run: npm ci - - - name: Build - run: npm run build - - - name: Deploy to server - run: | - # Add deployment commands here - echo "Deploying to production..." -"# - .to_string() - } - - fn generate_react_workflow(&self, config: BuildConfig) -> String { - // Generate React/Vite CI/CD workflow - todo!() - } - - fn generate_vue_workflow(&self, config: BuildConfig) -> String { - // Generate Vue CI/CD workflow - todo!() - } -} - -#[derive(Debug, Clone, Serialize, Deserialize)] -pub struct ForgejoRepo { - pub id: u64, - pub name: String, - pub full_name: String, - pub clone_url: String, - pub html_url: String, -} - -#[derive(Debug, Serialize)] -struct CreateRepoRequest { - name: String, - description: String, - private: bool, - auto_init: bool, - #[serde(skip_serializing_if = "Option::is_none")] - gitignores: Option, - #[serde(skip_serializing_if = "Option::is_none")] - license: Option, - #[serde(skip_serializing_if = "Option::is_none")] - readme: Option, -} - -#[derive(Debug, Clone, Copy)] -pub enum AppType { - Htmx, - React, - Vue, -} - -#[derive(Debug, Clone)] -pub struct BuildConfig { - pub node_version: String, - pub build_command: String, - pub output_directory: String, -} - -#[derive(Debug)] -pub enum ForgejoError { - HttpError(String), - JsonError(String), - ApiError(String), - GitError(String), -} -``` - -**API Endpoints:** -```rust -// botserver/src/deployment/api.rs - -use axum::{ - extract::State, - response::Json, - routing::{get, post}, - Router, Json as ResponseJson, -}; - -use crate::core::shared::state::AppState; - -pub fn configure_deployment_routes() -> Router> { - Router::new() - // Get deployment targets (internal vs external) - .route("/api/deployment/targets", get(get_deployment_targets)) - - // Deploy app - .route("/api/deployment/deploy", post(deploy_app)) - - // Get deployment status - .route("/api/deployment/status/:id", get(get_deployment_status)) - - // Forgejo repositories - .route("/api/deployment/forgejo/repos", get(list_forgejo_repos)) - .route("/api/deployment/forgejo/create-repo", post(create_forgejo_repo)) - - // CI/CD workflows - .route("/api/deployment/forgejo/workflows", get(list_workflows)) - .route("/api/deployment/forgejo/workflows/create", post(create_workflow)) -} - -pub async fn get_deployment_targets( - State(_state): State>, -) -> Json { - Json(serde_json::json!({ - "targets": [ - { - "id": "internal", - "name": "GB Platform", - "description": "Deploy to the GB platform with shared resources", - "features": [ - "Fast deployment", - "Shared authentication", - "Shared database", - "API integration", - "Instant scaling" - ], - "icon": "📱" - }, - { - "id": "external", - "name": "Forgejo ALM", - "description": "Deploy to an external Forgejo repository with CI/CD", - "features": [ - "Independent deployment", - "Custom domain", - "Version control", - "CI/CD pipelines", - "Separate infrastructure" - ], - "icon": "🌐" - } - ] - })) -} - -pub async fn deploy_app( - State(state): State>, - ResponseJson(payload): ResponseJson, -) -> Result, DeploymentError> { - let router = state.deployment_router.clone(); - - let config = DeploymentConfig { - app_name: payload.app_name, - target: payload.target, - environment: payload.environment.unwrap_or(DeploymentEnvironment::Production), - }; - - let generated_app = generate_app_from_manifest(&payload.manifest).await?; - - let result = router.deploy(config, generated_app).await?; - - Ok(Json(result)) -} - -#[derive(Debug, Deserialize)] -pub struct DeploymentRequest { - pub app_name: String, - pub target: DeploymentTarget, - pub environment: Option, - pub manifest: serde_json::Value, -} -``` - -**Estimated Effort:** 20-24 hours - ---- - -### Phase 0.3: Deployment UI in Vibe (P0 - CRITICAL) - -**Goal:** Add deployment choice UI to Vibe Builder - -**File:** `botui/ui/suite/partials/vibe-deployment.html` - -```html - - - - - - -``` - -**Integration into Vibe:** -```javascript -// In vibe.html, add deployment button to the canvas header: - -
- // DASHBOARD > // ${currentProject} - -
-``` - -**Estimated Effort:** 8-10 hours - ---- - -## Part II: Remaining Feature Implementation (Phases 1-7) - -After deployment infrastructure is in place, continue with the original plan: - -### Phase 1: Code Editor Integration (P0 - Critical) -*(Same as original TASK.md - Monaco Editor)* - -### Phase 2: Database UI & Schema Visualization (P0 - Critical) -*(Same as original TASK.md)* - -### Phase 3: Git Operations UI (P1 - High Priority) -**UPDATED:** Add Forgejo-specific git operations -- View Forgejo repository status -- Sync with Forgejo remote -- View CI/CD pipeline status -- Trigger manual builds - -### Phase 4: Browser Automation Engine (P1 - High Priority) -*(Same as original TASK.md)* - -### Phase 5: Multi-File Editing Workspace (P2 - Medium Priority) -*(Same as original TASK.md)* - -### Phase 6: Enhanced Terminal (P2 - Medium Priority) -*(Same as original TASK.md)* - -### Phase 7: Advanced CRM Templates (P2 - Medium Priority) -**UPDATED:** Templates should support both deployment models -- Internal deployment templates (use GB APIs) -- External deployment templates (standalone with CI/CD) - ---- - -## Part III: Updated Rollout Plan - -### Milestone 0: Deployment Infrastructure (Week 0) -- **Day 1-3:** Phase 0.1 - Deployment Router -- **Day 4-5:** Phase 0.2 - Forgejo Integration -- **Day 6-7:** Phase 0.3 - Deployment UI - -**Success Criteria:** -- ✅ Can deploy app internally to /apps/{name} -- ✅ Can deploy app externally to Forgejo -- ✅ CI/CD pipeline auto-generated -- ✅ Deployment choice works in Vibe UI - -### Milestone 1-7: (Weeks 1-4) -*(Same as original TASK.md)* - ---- - -## Part IV: Technical Implementation Notes - -### File Organization (UPDATED) - -**Botserver (Backend):** -``` -botserver/src/ - deployment/ # NEW - Deployment infrastructure - mod.rs # DeploymentRouter - forgejo.rs # ForgejoClient - api.rs # Deployment API endpoints - templates.rs # CI/CD workflow templates - api/ - editor.rs - database.rs - git.rs # UPDATED - Add Forgejo git operations - browser/ - mod.rs - recorder.rs - validator.rs - api.rs - test_generator.rs - templates/ - crm/ - sales.json - real_estate.json - healthcare.json - mod.rs - sources/ # EXISTING - MCP integration - mod.rs - mcp.rs - ui.rs - knowledge_base.rs -``` - -**Botui (Frontend):** -``` -botui/ui/suite/ - partials/ - vibe.html # UPDATED - Add deploy button - vibe-deployment.html # NEW - Deployment modal - editor.html - database.html - git-status.html # UPDATED - Add Forgejo status - git-diff.html - browser-controls.html - terminal.html - template-gallery.html - js/ - deployment.js # NEW - Deployment logic - editor.js - database.js - git.js # UPDATED - Add Forgejo operations - browser.js - terminal.js - templates.js - css/ - deployment.css # NEW - Deployment styles - editor.css - database.css - git.css - browser.css - terminal.css - templates.css -``` - -### Dependencies (UPDATED) - -**Already in Workspace:** -```toml -[dependencies] -chromiumoxide = "0.7" # Browser automation -tokio = "1.41" # Async runtime -axum = "0.7" # HTTP framework -diesel = "2.1" # Database -git2 = "0.18" # Git operations -reqwest = { version = "0.11", features = ["json"] } # HTTP client -``` - -**Frontend:** -``` -monaco-editor@0.45.0 # Code editor -xterm.js@5.3.0 # Terminal (already vendor file) -``` - ---- - -## Part V: Success Metrics (UPDATED) - -### Deployment Infrastructure -- ✅ Internal deployment succeeds in < 30 seconds -- ✅ External Forgejo deployment succeeds in < 2 minutes -- ✅ CI/CD pipeline auto-generates correctly -- ✅ Both deployment models accessible from Vibe UI -- ✅ Can switch between internal/external deployment - -### Phases 1-7 -*(Same as original TASK.md)* - ---- - -## Conclusion - -The **critical gap** in the original TASK.md was the **deployment routing logic**. The platform must support: - -1. **Internal GB Apps** - Quick prototypes using GB APIs and shared resources -2. **External Forgejo Projects** - Production apps with independent infrastructure and CI/CD - -**Updated Priority:** -1. ⚠️ **Phase 0** - Deployment Infrastructure (CRITICAL - Week 0) - - Phase 0.1: Deployment Router - - Phase 0.2: Forgejo Integration - - Phase 0.3: Deployment UI - -2. 📝 **Phase 1** - Code Editor (Week 1) - -3. 🗄️ **Phase 2** - Database UI (Week 2) - -4. 🐙 **Phase 3** - Git Operations + Forgejo (Week 2) - -5. 🌐 **Phase 4** - Browser Automation (Week 3) - -6. 📂 **Phase 5** - Multi-File Workspace (Week 3) - -7. 🖥️ **Phase 6** - Terminal (Week 4) - -8. 📇 **Phase 7** - CRM Templates (Week 4) - -Once Phase 0 is complete, VibeCode will be able to **deploy apps both internally and externally**, giving users the flexibility to choose the right deployment model for their use case. - -**Total Estimated Effort:** 125-155 hours (~3-4 weeks with 1 developer) -**Including Phase 0:** +40-50 hours - -**Final Total:** 165-205 hours (~4-5 weeks with 1 developer) diff --git a/VIBE.md b/VIBE.md deleted file mode 100644 index cb6fb40..0000000 --- a/VIBE.md +++ /dev/null @@ -1,1068 +0,0 @@ -# VibeCode Platform - Complete Implementation Roadmap - -## Executive Summary - -**Current Status:** BotUI's backend is **80% complete** with powerful LLM-driven code generation. The platform needs professional frontend tools AND must support **two deployment models**: - -1. **Internal GB Apps** - Apps served from GB platform using shared APIs -2. **External Forgejo ALM Projects** - Apps deployed to Forgejo repositories with CI/CD - -**What Works (Backend):** -- ✅ LLM-powered app generation (AppGenerator: 3400+ lines) -- ✅ Multi-agent pipeline (Orchestrator: Plan → Build → Review → Deploy → Monitor) -- ✅ Real-time WebSocket progress -- ✅ Database schema generation -- ✅ File generation (HTML, CSS, JS, BAS) -- ✅ Designer AI (runtime modifications with undo/redo) -- ✅ chromiumoxide dependency for browser automation -- ✅ **Forgejo ALM integration** (mTLS, runners, port 3000) -- ✅ **MCP servers integration** (`botserver/src/sources/`) -- ✅ **App deployment** (`/apps/{name}` routes, Drive storage) - -**What's Missing (Critical Gaps):** -- ❌ **Security fixes** - Unsafe unwraps, dependency vulnerabilities -- ❌ **Deployment routing** - Logic to choose internal vs external -- ❌ **Forgejo git push** - Repository initialization & CI/CD generation -- ❌ **MCP UI panel** - Integration into Vibe sidebar -- ❌ **Monaco editor** - Currently just textarea -- ❌ **Database UI** - No schema visualizer -- ❌ **Git operations UI** - No version control interface -- ❌ **Browser automation UI** - Engine exists, no frontend -- ❌ **Multi-file workspace** - Single file editing only -- ❌ **Enhanced terminal** - Basic implementation only - ---- - -## Table of Contents - -1. [Part I: Security & Stability (IMMEDIATE)](#part-i-security--stability) -2. [Part II: Dual Deployment Infrastructure](#part-ii-dual-deployment-infrastructure) -3. [Part III: MCP Integration](#part-iii-mcp-integration) -4. [Part IV: Professional Development Tools](#part-iv-professional-development-tools) -5. [Part V: Architecture Diagrams](#part-v-architecture-diagrams) -6. [Part VI: Implementation Phases](#part-vi-implementation-phases) -7. [Part VII: File Organization](#part-vii-file-organization) -8. [Part VIII: Testing Strategy](#part-viii-testing-strategy) -9. [Part IX: Rollout Plan](#part-ix-rollout-plan) -10. [Part X: Success Metrics](#part-x-success-metrics) - ---- - -## Part I: Security & Stability - -**Priority:** ⚠️ **CRITICAL** - Must complete before any feature work - -### 1. Unsafe Unwraps in Production - -**Issue:** Codebase uses `.unwrap()`, `.expect()`, `panic!()` in production, violating AGENTS.md rules. - -**Vulnerable Locations:** -``` -botserver/src/drive/drive_handlers.rs:269 - Response::builder() unwrap -botserver/src/basic/compiler/mod.rs - Multiple unwrap() calls -botserver/src/llm/llm_models/deepseek_r3.rs - unwrap() outside tests -botserver/src/botmodels/opencv.rs - Test scope unwrap() leaks -``` - -**Action Items:** -- [ ] Replace ALL `.unwrap()` with safe alternatives: - - Use `?` operator with proper error propagation - - Use `unwrap_or_default()` for defaults - - Use pattern matching with early returns - - Apply `ErrorSanitizer` to avoid panics -- [ ] Run `cargo clippy -- -W clippy::unwrap_used -W clippy::expect_used` -- [ ] Add unit tests verifying error paths work correctly - -**Estimated Effort:** 4-6 hours - ---- - -### 2. Dependency Vulnerabilities - -**Vulnerable Component:** -- **Crate:** `glib 0.18.5` -- **Advisory:** `RUSTSEC-2024-0429` -- **Issue:** Unsoundness in `Iterator` and `DoubleEndedIterator` impls -- **Context:** Pulled through `botdevice`/`botapp` via Tauri/GTK - -**Action Items:** -- [ ] Review exact usage of glib in codebase -- [ ] Check if patches are available in newer versions -- [ ] Evaluate risk given desktop GUI context -- [ ] If critical: upgrade GTK/Glib dependencies -- [ ] If acceptable: document risk assessment - -**Estimated Effort:** 2-4 hours - ---- - -### 3. General Security Posture - -**CSRF Protection:** -- ✅ Custom CSRF store exists: `redis_csrf_store.rs` -- ⚠️ **Verify:** ALL state-changing endpoints use it (standard `tower-csrf` is absent) - -**Security Headers:** -- ✅ `headers.rs` provides CSP, HSTS, X-Frame-Options -- ⚠️ **Verify:** Headers are attached UNIVERSALLY, not selectively omitted - -**Action Items:** -- [ ] Audit all POST/PUT/DELETE endpoints for CSRF validation -- [ ] Create middleware test to ensure security headers on all responses -- [ ] Document security checklist for new endpoints - -**Estimated Effort:** 3-4 hours - ---- - -## Part II: Dual Deployment Infrastructure - -**Priority:** 🔴 **CRITICAL** - Core feature missing - -### Current State - -**Existing Infrastructure:** -```rust -// Forgejo ALM already configured: -botserver/src/security/mutual_tls.rs:150 - - configure_forgejo_mtls() - mTLS for Forgejo - -botserver/src/core/package_manager/installer.rs - - forgejo binary installer - - forgejo-runner integration - - ALM_URL environment variable - - Port 3000 for Forgejo web UI - -botserver/src/basic/keywords/create_site.rs - - CREATE SITE keyword - - Stores to Drive: apps/{alias} - - Serves from: /apps/{alias} -``` - -### Architecture: Dual Deployment Model - -``` -┌──────────────────────────────────────────────────────────────────┐ -│ USER REQUEST │ -│ "I want a full CRM system" │ -└────────────────────────────┬─────────────────────────────────────┘ - │ - ▼ -┌──────────────────────────────────────────────────────────────────┐ -│ VIBE BUILDER UI │ -│ ┌──────────────────┐ ┌──────────────────┐ │ -│ │ Agent Sidebar │ │ Canvas Area │ │ -│ │ (Mantis #1-4) │ │ - Task Nodes │ │ -│ │ - Status cards │ │ - Preview │ │ -│ │ - Workspaces │ │ - Chat Overlay │ │ -│ └──────────────────┘ └──────────────────┘ │ -│ │ -│ ⚠️ DEPLOYMENT CHOICE: │ -│ ┌─────────────────────────────────────────────────────┐ │ -│ │ 📱 Deploy to GB Platform 🌐 Deploy to Forgejo │ │ -│ │ - Serve from /apps/ - Push to repo │ │ -│ │ - Use GB API - CI/CD pipeline │ │ -│ │ - Fast iteration - Custom domain │ │ -│ │ - Shared resources - Independent │ │ -│ └─────────────────────────────────────────────────────┘ │ -└────────────────────────────┬─────────────────────────────────────┘ - │ - ┌────────────┴────────────┐ - │ │ - ▼ ▼ -┌───────────────────────┐ ┌──────────────────────────────────┐ -│ INTERNAL GB APPS │ │ EXTERNAL FORGEJO PROJECTS │ -│ │ │ │ -│ Deployment Flow: │ │ Deployment Flow: │ -│ 1. Generate files │ │ 1. Generate files │ -│ 2. Store in Drive │ │ 2. Init git repo │ -│ 3. Serve from /apps/ │ │ 3. Push to Forgejo │ -│ 4. Use GB APIs │ │ 4. Create CI/CD (.forgejo/*) │ -│ 5. Shared DB │ │ 5. Runner builds & deploys │ -│ 6. Shared auth │ │ 6. Independent deployment │ -│ │ │ 7. Custom domain │ -│ ┌─────────────────┐ │ │ │ -│ │ App Router │ │ │ ┌──────────────────────────────┐ │ -│ │ /apps/{name} │ │ │ │ Forgejo ALM (port 3000) │ │ -│ │ - HTMX routes │ │ │ │ - Git server │ │ -│ │ - API proxy │ │ │ │ - CI/CD (.forgejo/workflows) │ │ -│ │ - Auth wrapper │ │ │ │ - Packages (npm, cargo) │ │ -│ └─────────────────┘ │ │ │ - Actions runner │ │ -│ │ │ └──────────────────────────────┘ │ -└───────────────────────┘ └──────────────────────────────────┘ -``` - -### Phase 0.1: Deployment Router - -**File:** `botserver/src/deployment/mod.rs` - -```rust -use serde::{Deserialize, Serialize}; -use std::path::PathBuf; - -#[derive(Debug, Clone, Serialize, Deserialize)] -pub enum DeploymentTarget { - /// Serve from GB platform (/apps/{name}) - Internal { - route: String, - shared_resources: bool, - }, - /// Deploy to external Forgejo repository - External { - repo_url: String, - custom_domain: Option, - ci_cd_enabled: bool, - }, -} - -#[derive(Debug, Clone, Serialize, Deserialize)] -pub struct DeploymentConfig { - pub app_name: String, - pub target: DeploymentTarget, - pub environment: DeploymentEnvironment, -} - -#[derive(Debug, Clone, Serialize, Deserialize)] -pub enum DeploymentEnvironment { - Development, - Staging, - Production, -} - -pub struct DeploymentRouter { - forgejo_url: String, - forgejo_token: Option, - internal_base_path: PathBuf, -} - -impl DeploymentRouter { - pub async fn deploy( - &self, - config: DeploymentConfig, - generated_app: GeneratedApp, - ) -> Result { - match config.target { - DeploymentTarget::Internal { route, .. } => { - self.deploy_internal(route, generated_app).await - } - DeploymentTarget::External { ref repo_url, .. } => { - self.deploy_external(repo_url, generated_app).await - } - } - } -} -``` - -**Estimated Effort:** 12-16 hours - ---- - -### Phase 0.2: Forgejo Integration - -**File:** `botserver/src/deployment/forgejo.rs` - -```rust -use git2::{Repository}; -use reqwest::Client; - -pub struct ForgejoClient { - base_url: String, - token: String, - client: Client, -} - -impl ForgejoClient { - /// Create a new repository in Forgejo - pub async fn create_repository( - &self, - name: &str, - description: &str, - private: bool, - ) -> Result { - // API call to create repo - todo!() - } - - /// Push generated app to Forgejo repository - pub async fn push_app( - &self, - repo_url: &str, - app: &GeneratedApp, - branch: &str, - ) -> Result { - // 1. Initialize local git repo - // 2. Add all files - // 3. Create commit - // 4. Add Forgejo remote - // 5. Push to Forgejo - todo!() - } - - /// Create CI/CD workflow for the app - pub async fn create_cicd_workflow( - &self, - repo_url: &str, - app_type: AppType, - build_config: BuildConfig, - ) -> Result<(), ForgejoError> { - // Create .forgejo/workflows/deploy.yml - todo!() - } -} -``` - -**Estimated Effort:** 20-24 hours - ---- - -### Phase 0.3: Deployment UI - -**File:** `botui/ui/suite/partials/vibe-deployment.html` - -```html - -
-
-

Choose Deployment Target

- -
- -
-
📱
-

GB Platform

-

Deploy directly to the GB platform with shared resources

-
    -
  • ✓ Fast deployment
    • -
  • ✓ Shared authentication
    • -
  • ✓ Shared database
    • -
  • ✓ API integration
    • -
-
- - -
-
🌐
-

Forgejo ALM

-

Deploy to an external Forgejo repository with full CI/CD

-
    -
  • ✓ Independent deployment
    • -
  • ✓ Custom domain
    • -
  • ✓ Version control
    • -
  • ✓ CI/CD pipelines
    • -
-
-
- -
- -
-
-
-``` - -**Estimated Effort:** 8-10 hours - ---- - -## Part III: MCP Integration - -**Priority:** 🟡 **HIGH** - Leverage existing infrastructure - -### What Already Exists - -**Backend Implementation:** -``` -botserver/src/sources/ -├── mod.rs # Module exports -├── mcp.rs # MCP client, connection, server types -├── ui.rs # HTML pages for /suite/sources/* -├── knowledge_base.rs # Knowledge base upload/query -└── sources_api # API endpoints -``` - -**API Endpoints (40+ endpoints):** -``` -/suite/sources: - - Main sources list page - - MCP server catalog - - Add MCP server form - -/api/ui/sources/*: - - /api/ui/sources/mcp - List MCP servers - - /api/ui/sources/mcp/:name/enable - Enable server - - /api/ui/sources/mcp/:name/tools - List tools - - /api/ui/sources/kb/query - Query knowledge base - - /api/ui/sources/repositories - List repos - - /api/ui/sources/apps - List apps -``` - -### Integration Task: Add MCP Panel to Vibe - -**Goal:** Show connected MCP servers in Vibe sidebar - -**Files to Create:** -1. `botui/ui/suite/partials/vibe-mcp-panel.html` - MCP panel UI -2. `botui/ui/suite/js/vibe-mcp.js` - Server management JavaScript -3. `botui/ui/suite/vibe/mcp-panel.css` - Styling - -**Features:** -- List connected MCP servers -- Show server status (active/inactive) -- Display available tools per server -- Quick enable/disable toggles -- "Add Server" button (opens `/suite/sources/mcp/add`) - -**Estimated Effort:** 6-8 hours - ---- - -## Part IV: Professional Development Tools - -### Phase 1: Code Editor Integration (P0 - Critical) - -**Goal:** Replace textarea with Monaco Editor - -**Tasks:** -1. Download Monaco Editor - ```bash - cd botui - npm install monaco-editor@0.45.0 - cp -r node_modules/monaco-editor min/vs ui/suite/js/vendor/ - ``` - -2. Create Editor Component - - `botui/ui/suite/partials/editor.html` - - Monaco container with tab bar - - File tree sidebar - - Save/Publish buttons - -3. Editor JavaScript - - `botui/ui/suite/js/editor.js` - - Monaco initialization - - Language detection (.html, .css, .js, .bas, .json) - - Tab management (open, close, switch) - - Auto-save with WebSocket sync - -4. API Endpoints - - `botserver/src/api/editor.rs` - - GET `/api/editor/file/{path}` - Read file - - POST `/api/editor/file/{path}` - Save file - - GET `/api/editor/files` - List files - -**Estimated Effort:** 8-12 hours - ---- - -### Phase 2: Database UI & Schema Visualization (P0 - Critical) - -**Goal:** Visual database management and query builder - -**Tasks:** -1. Schema Visualizer Component - - `botui/ui/suite/partials/database.html` - - Canvas-based ER diagram - - Table cards with fields - - Relationship lines (foreign keys) - -2. Database JavaScript - - `botui/ui/suite/js/database.js` - - Fetch schema: `/api/database/schema` - - Render tables using Canvas API - -3. Backend API - - `botserver/src/api/database.rs` - - GET `/api/database/schema` - Tables, fields, relationships - - GET `/api/database/table/{name}/data` - Paginated data - - POST `/api/database/query` - Execute SQL - -**Estimated Effort:** 16-20 hours - ---- - -### Phase 3: Git Operations UI (P1 - High Priority) - -**Goal:** Version control interface in Vibe - -**Tasks:** -1. Git Status Panel - - `botui/ui/suite/partials/git-status.html` - - File list with status icons - - Stage/unstage checkboxes - -2. Diff Viewer - - `botui/ui/suite/partials/git-diff.html` - - Side-by-side comparison - -3. Backend API - - `botserver/src/api/git.rs` - - GET `/api/git/status` - Git status - - GET `/api/git/diff/{file}` - File diff - - POST `/api/git/commit` - Create commit - - GET `/api/git/branches` - List branches - -**Forgejo-Specific Features:** -- View Forgejo repository status -- Sync with Forgejo remote -- View CI/CD pipeline status -- Trigger manual builds - -**Estimated Effort:** 12-16 hours - ---- - -### Phase 4: Browser Automation Engine (P1 - High Priority) - -**Goal:** Pure Rust browser automation for testing & recording - -**Why Rust + Chromiumoxide:** -- ✅ Already in workspace: `chromiumoxide = "0.7"` -- ✅ No Node.js dependency -- ✅ Reference implementation: `bottest/src/web/browser.rs` - -**Tasks:** -1. Core Browser Module - - `botserver/src/browser/mod.rs` - - `BrowserSession`, `BrowserManager` - - Methods: `navigate()`, `click()`, `fill()`, `screenshot()` - -2. Action Recorder - - `botserver/src/browser/recorder.rs` - - `RecordedAction` - Navigate, Click, Fill, Wait, Assert - - Export as Playwright test - -3. Browser API - - `botserver/src/browser/api.rs` - - POST `/api/browser/session` - Create session - - POST `/api/browser/session/:id/execute` - Run action - - POST `/api/browser/session/:id/record/start` - Start recording - -4. Vibe UI - Browser Panel - - `botui/ui/suite/partials/browser-controls.html` - - `botui/ui/suite/js/browser.js` - -**Estimated Effort:** 20-24 hours - ---- - -### Phase 5: Multi-File Editing Workspace (P2 - Medium Priority) - -**Goal:** Professional multi-file editing - -**Tasks:** -1. Tab Management - - File tabs with close buttons - - Active tab highlighting - - Drag to reorder - -2. Split-Pane Layout - - Split horizontal/vertical buttons - - Resize handles - - 2x2 grid max - -3. File Tree Sidebar - - Nested folders - - File type icons - - Double-click to open - -4. Quick Open - - Ctrl+P → Search files - - Fuzzy matching - -**Estimated Effort:** 12-16 hours - ---- - -### Phase 6: Enhanced Terminal (P2 - Medium Priority) - -**Goal:** Interactive shell in Vibe - -**Tasks:** -1. Terminal Container - - xterm.js integration (already vendor file) - - Multiple terminal tabs - -2. WebSocket Terminal - - Bi-directional WebSocket: `/ws/terminal/{session_id}` - - Handle ANSI escape codes - -3. Backend Terminal Server - - Spawn PTY per session - - WebSocket handler - -**Estimated Effort:** 10-14 hours - ---- - -### Phase 7: Advanced CRM Templates (P2 - Medium Priority) - -**Goal:** Pre-built CRM accelerators - -**Tasks:** -1. Template System - - `botserver/src/templates/crm/` - - Template JSON definitions - -2. CRM Templates - - **Sales CRM** - contacts, leads, opportunities - - **Real Estate CRM** - properties, clients, showings - - **Healthcare CRM** - patients, appointments, treatments - -3. Template Gallery UI - - `botui/ui/suite/partials/template-gallery.html` - -4. Template Generator - - Load template JSON - - Generate all files - - Deploy to target (internal/external) - -**Estimated Effort:** 20-24 hours - ---- - -## Part V: Architecture Diagrams - -### Overall System Architecture - -``` -┌─────────────────────────────────────────────────────────────┐ -│ USER REQUEST │ -│ "I want a full CRM system" │ -└────────────────────────┬────────────────────────────────────┘ - │ - ▼ -┌─────────────────────────────────────────────────────────────┐ -│ VIBE BUILDER UI │ -│ ┌────────────┐ ┌────────────┐ ┌────────────┐ │ -│ │ Orchestrator│ │AppGenerator│ │Designer AI │ │ -│ │ (5 agents) │ │(LLM-driven)│ │(modifications)│ │ -│ └────────────┘ └────────────┘ └────────────┘ │ -│ ┌────────────┐ ┌────────────┐ ┌────────────┐ │ -│ │ Browser │ │ Git │ │ Terminal │ │ -│ │ Automation │ │ Operations │ │ Service │ │ -│ │(chromiumoxide)│ │(git2) │ │(xterm.js) │ │ -│ └────────────┘ └────────────┘ └────────────┘ │ -│ ┌────────────────────────────────────────────┐ │ -│ │ MCP & Sources Integration ← ALREADY EXISTS │ │ -│ │ - botserver/src/sources/mcp.rs │ │ -│ │ - /api/ui/sources/* endpoints │ │ -│ └────────────────────────────────────────────┘ │ -└────────────────────────┬────────────────────────────────────┘ - │ - ▼ -┌─────────────────────────────────────────────────────────────┐ -│ DEPLOYMENT CHOICE │ -│ ┌──────────────────┐ ┌──────────────────┐ │ -│ │ INTERNAL GB APPS │ │ FORGEJO ALM │ │ -│ │ - /apps/{name} │ │ - Git repo │ │ -│ │ - GB APIs │ │ - CI/CD │ │ -│ │ - Shared DB │ │ - Custom domain │ │ -│ └──────────────────┘ └──────────────────┘ │ -└────────────────────────┬────────────────────────────────────┘ - │ - ▼ -┌─────────────────────────────────────────────────────────────┐ -│ GENERATED OUTPUT │ -│ - PostgreSQL tables │ -│ - HTML pages with HTMX │ -│ - CSS styling │ -│ - JavaScript │ -│ - BASIC tools/schedulers │ -│ - E2E tests (Playwright) │ -└─────────────────────────────────────────────────────────────┘ -``` - -### Vibe UI Layout - -``` -┌──────────────────────────────────────────────────────────────┐ -│ VIBE BUILDER │ -├──────────────┬───────────────────────────────────────────────┤ -│ │ PIPELINE TABS │ -│ AGENTS │ [PLAN] [BUILD] [REVIEW] [DEPLOY] [MONITOR] │ -│ SIDEBAR ├───────────────────────────────────────────────┤ -│ │ │ -│ ┌──────────┐ │ CANVAS AREA │ -│ │Mantis #1│ │ - Task nodes (horizontal flow) │ -│ │ EVOLVED │ │ - Preview panel │ -│ └──────────┘ │ - Chat overlay │ -│ ┌──────────┐ │ │ -│ │Mantis #2│ │ [DEPLOYMENT BUTTON] │ -│ │ BRED │ │ │ -│ └──────────┘ │ │ -│ ┌──────────┐ │ │ -│ │Mantis #3│ │ │ -│ │ WILD │ │ │ -│ └──────────┘ │ │ -│ │ │ -│ [+ NEW AGENT] │ │ -├──────────────┤ │ -│ WORKSPACES │ │ -│ ┌──────────┐ │ │ -│ │E-Commerce│ │ │ -│ │ App │ │ │ -│ └──────────┘ │ │ -│ │ │ -│ [+ PROJECT] │ │ -├──────────────┤ │ -│ SOURCES │ [NEW - MCP Integration] │ -│ ┌──────────┐ │ │ -│ │🔌 GitHub │ │ │ -│ │ MCP │ │ │ -│ └──────────┘ │ │ -│ ┌──────────┐ │ │ -│ │🗄️ Postgres│ │ │ -│ │ MCP │ │ │ -│ └──────────┘ │ │ -│ │ │ -│ [+ ADD MCP] │ │ -└──────────────┴───────────────────────────────────────────────┘ -``` - ---- - -## Part VI: Implementation Phases - -### Milestone 0: Security & Deployment Infrastructure (Week 0) - -**Day 1-2:** Security Fixes -- Fix all unsafe `unwrap()` calls -- Address dependency vulnerabilities -- Verify CSRF & security headers - -**Day 3-4:** Deployment Router -- `botserver/src/deployment/mod.rs` -- DeploymentTarget enum -- DeploymentRouter implementation - -**Day 5-6:** Forgejo Integration -- `botserver/src/deployment/forgejo.rs` -- ForgejoClient implementation -- CI/CD workflow generation - -**Day 7:** Deployment UI -- `botui/ui/suite/partials/vibe-deployment.html` -- Deployment modal -- Integration into Vibe - -**Success Criteria:** -- ✅ Zero `unwrap()` in production code -- ✅ `cargo audit` passes -- ✅ Can deploy internally to /apps/{name} -- ✅ Can deploy externally to Forgejo -- ✅ CI/CD pipeline auto-generates - ---- - -### Milestone 1: Core Editor (Week 1) - -- Phase 1 complete (Monaco integration) - -**Success Criteria:** -- Monaco loads < 2 seconds -- 5+ syntax highlighters work -- Multi-file tabs functional - ---- - -### Milestone 2: Database & Git (Week 2) - -- Phase 2 complete (Database UI) -- Phase 3 complete (Git Operations + Forgejo) - -**Success Criteria:** -- Schema visualizer displays all tables -- Query builder generates valid SQL -- Git status shows changed files -- Forgejo sync works - ---- - -### Milestone 3: Browser & Workspace (Week 3) - -- Phase 4 complete (Browser Automation) -- Phase 5 complete (Multi-File Editing) - -**Success Criteria:** -- Can navigate to any URL -- Recording generates valid tests -- 10+ files open in tabs -- Split view supports 2-4 panes - ---- - -### Milestone 4: Terminal & Templates (Week 4) - -- Phase 6 complete (Enhanced Terminal) -- Phase 7 complete (CRM Templates) - -**Success Criteria:** -- Interactive shell works -- Multiple terminals run simultaneously -- 3+ CRM templates available -- Generation takes < 30 seconds - ---- - -## Part VII: File Organization - -### Botserver (Backend) - -``` -botserver/src/ - deployment/ # NEW - Deployment infrastructure - mod.rs # DeploymentRouter - forgejo.rs # ForgejoClient - api.rs # Deployment API endpoints - templates.rs # CI/CD workflow templates - api/ - editor.rs # NEW - Code editor API - database.rs # NEW - Database UI API - git.rs # NEW - Git operations API - browser/ - mod.rs # NEW - BrowserSession, BrowserManager - recorder.rs # NEW - ActionRecorder - validator.rs # NEW - TestValidator - api.rs # NEW - HTTP endpoints - test_generator.rs # NEW - Test script generator - templates/ # NEW - CRM templates - crm/ - sales.json - real_estate.json - healthcare.json - mod.rs - sources/ # EXISTING - MCP integration - mod.rs - mcp.rs - ui.rs - knowledge_base.rs -``` - -### Botui (Frontend) - -``` -botui/ui/suite/ - partials/ - vibe.html # EXISTING - Main Vibe UI - vibe-deployment.html # NEW - Deployment modal - vibe-mcp-panel.html # NEW - MCP panel - editor.html # NEW - Code editor - database.html # NEW - Database UI - git-status.html # NEW - Git status - git-diff.html # NEW - Diff viewer - browser-controls.html # NEW - Browser automation - terminal.html # NEW - Terminal - template-gallery.html # NEW - Template gallery - js/ - deployment.js # NEW - Deployment logic - editor.js # NEW - Monaco integration - database.js # NEW - Database UI - git.js # NEW - Git operations - browser.js # NEW - Browser automation - terminal.js # NEW - Terminal - templates.js # NEW - Templates - css/ - deployment.css # NEW - Deployment styles - editor.css # NEW - Editor styles - database.css # NEW - Database styles - git.css # NEW - Git styles - browser.css # NEW - Browser styles - terminal.css # NEW - Terminal styles - templates.css # NEW - Template styles - vibe/ - agents-sidebar.css # EXISTING - mcp-panel.css # NEW - MCP panel styles -``` - ---- - -## Part VIII: Testing Strategy - -### Unit Tests -- All new modules need unit tests -- Test coverage > 80% -- Location: `botserver/src//tests.rs` - -### Integration Tests -- End-to-end workflows -- Location: `bottest/tests/integration/` - -### E2E Tests -- Use chromiumoxide (bottest infrastructure) -- Location: `bottest/tests/e2e/` -- Test scenarios: - - Generate CRM from template - - Deploy internally to /apps/{name} - - Deploy externally to Forgejo - - Edit in Monaco editor - - View database schema - - Create git commit - - Record browser test - ---- - -## Part IX: Rollout Plan - -### Week 0: Security & Deployment (CRITICAL) -- **Day 1-2:** Security fixes -- **Day 3-4:** Deployment Router -- **Day 5-6:** Forgejo Integration -- **Day 7:** Deployment UI - -### Week 1: Code Editor -- Monaco integration -- File tree -- Tab management - -### Week 2: Database & Git -- Schema visualizer -- Query builder -- Git operations -- Forgejo sync - -### Week 3: Browser & Workspace -- Browser automation UI -- Multi-file editing -- Split-pane layout - -### Week 4: Terminal & Templates -- Enhanced terminal -- CRM templates -- Template gallery - ---- - -## Part X: Success Metrics - -### Security Milestones -- ✅ Zero `unwrap()` in production code -- ✅ `cargo audit` passes -- ✅ All endpoints have CSRF + security headers - -### Deployment Infrastructure -- ✅ Internal deployment < 30 seconds -- ✅ External Forgejo deployment < 2 minutes -- ✅ CI/CD pipeline auto-generates -- ✅ Both models accessible from Vibe UI - -### MCP Integration -- ✅ MCP panel visible in Vibe sidebar -- ✅ Can enable/disable servers -- ✅ Can view available tools -- ✅ Can add new servers - -### Code Editor -- Monaco loads < 2 seconds -- 5+ syntax highlighters work -- Multi-file tabs functional -- Auto-save succeeds - -### Database UI -- Schema visualizer displays all tables -- Query builder generates valid SQL -- Data grid supports inline edits -- Export works correctly - -### Git Operations -- Git status shows changed files -- Diff viewer shows side-by-side -- Commit workflow works end-to-end -- Forgejo sync succeeds - -### Browser Automation -- Can navigate to any URL -- Element picker captures selectors -- Recording generates valid tests -- Screenshots capture correctly - -### Multi-File Workspace -- 10+ files open in tabs -- Split view supports 2-4 panes -- File comparison works -- Project search is fast (< 1s for 100 files) - -### Terminal -- Interactive shell works -- Can run vim, top, etc. -- Multiple terminals run simultaneously -- File transfer works - -### CRM Templates -- 3+ CRM templates available -- Generation takes < 30 seconds -- Generated CRMs are fully functional -- Industry-specific features work - ---- - -## Conclusion - -The VibeCode platform has a **powerful backend** capable of generating full applications via LLM. The main gaps are in **frontend user experience**, **security hardening**, and **deployment routing**. - -**Critical Path:** -1. ⚠️ **Week 0:** Security fixes + Deployment infrastructure -2. 🔌 **Week 0.5:** MCP integration in Vibe -3. 📝 **Week 1:** Monaco code editor -4. 🗄️ **Week 2:** Database UI + Git operations -5. 🌐 **Week 3:** Browser automation + Multi-file workspace -6. 🖥️ **Week 4:** Terminal + CRM templates - -Once these phases are complete, VibeCode will match or exceed Claude Code's capabilities while offering: - -✅ **Dual deployment model** (Internal GB Apps + External Forgejo Projects) -✅ **Multi-user SaaS deployment** -✅ **Visual app building** (Vibe Builder) -✅ **Enterprise-grade multi-agent orchestration** -✅ **Pure Rust backend** (no Node.js dependency) -✅ **Integrated MCP servers** (extensible tools) -✅ **Integrated browser automation** (chromiumoxide) -✅ **Professional development environment** - -**Total Estimated Effort:** 165-205 hours (~4-5 weeks with 1 developer) - ---- - -## Appendix: Code Quality Standards - -**MUST Follow (per AGENTS.md):** -1. ✅ **Error Handling** - NO panics, use `?` operator -2. ✅ **Safe Commands** - Use `SafeCommand` wrapper -3. ✅ **Error Sanitization** - Use `ErrorSanitizer` -4. ✅ **SQL Safety** - Use `sql_guard` -5. ✅ **Rate Limiting** - Per-IP and per-User limits -6. ✅ **CSRF Protection** - CSRF tokens on state-changing endpoints -7. ✅ **Security Headers** - CSP, HSTS, X-Frame-Options -8. ✅ **No CDNs** - All assets local -9. ✅ **File Size** - Max 450 lines per file -10. ✅ **Clippy Clean** - 0 warnings, no `#[allow()]` - ---- - -## Appendix: Dependencies - -### Backend (Already in Workspace) - -```toml -[dependencies] -chromiumoxide = "0.7" # Browser automation -tokio = "1.41" # Async runtime -axum = "0.7" # HTTP framework -diesel = "2.1" # Database -git2 = "0.18" # Git operations -reqwest = { version = "0.11", features = ["json"] } # HTTP client -``` - -### Frontend (Download & Serve Locally) - -```bash -# Code editor -npm install monaco-editor@0.45.0 - -# Terminal (already vendor file exists) -# xterm.js@5.3.0 -``` - ---- - -**Document Version:** 2.0 -**Last Updated:** 2025-02-28 -**Status:** Ready for Implementation diff --git a/botui b/botui index 3e81991..84b7cb6 160000 --- a/botui +++ b/botui @@ -1 +1 @@ -Subproject commit 3e81991e8baab8da3b8dfbf3ef5f0c50a2a467e0 +Subproject commit 84b7cb63f971099d16597922820101b07270c383 diff --git a/inspect.js b/inspect.js deleted file mode 100644 index 5b0f312..0000000 --- a/inspect.js +++ /dev/null @@ -1,10 +0,0 @@ -const { chromium } = require('playwright'); -(async () => { - const browser = await chromium.launch(); - const page = await browser.newPage(); - page.on('console', msg => console.log('PAGE LOG:', msg.text())); - await page.goto('http://localhost:3000/cristo', { waitUntil: 'networkidle' }); - const html = await page.content(); - console.log(html.substring(0, 1500)); - await browser.close(); -})(); diff --git a/package-lock.json b/package-lock.json index 3f0e90f..4b9751b 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,352 +1,18 @@ { "name": "gb", - "version": "1.0.0", "lockfileVersion": 3, "requires": true, "packages": { "": { - "name": "gb", - "version": "1.0.0", - "license": "MIT", "dependencies": { - "jsonwebtoken": "^9.0.3", - "node-fetch": "^3.3.2", - "ws": "^8.19.0" - }, - "devDependencies": { - "@playwright/test": "^1.58.2", - "@types/node": "^25.2.0" + "monaco-editor": "^0.45.0" } }, - "node_modules/@playwright/test": { - "version": "1.58.2", - "resolved": "https://registry.npmjs.org/@playwright/test/-/test-1.58.2.tgz", - "integrity": "sha512-akea+6bHYBBfA9uQqSYmlJXn61cTa+jbO87xVLCWbTqbWadRVmhxlXATaOjOgcBaWU4ePo0wB41KMFv3o35IXA==", - "dev": true, - "license": "Apache-2.0", - "dependencies": { - "playwright": "1.58.2" - }, - "bin": { - "playwright": "cli.js" - }, - "engines": { - "node": ">=18" - } - }, - "node_modules/@types/node": { - "version": "25.2.0", - "resolved": "https://registry.npmjs.org/@types/node/-/node-25.2.0.tgz", - "integrity": "sha512-DZ8VwRFUNzuqJ5khrvwMXHmvPe+zGayJhr2CDNiKB1WBE1ST8Djl00D0IC4vvNmHMdj6DlbYRIaFE7WHjlDl5w==", - "dev": true, - "license": "MIT", - "dependencies": { - "undici-types": "~7.16.0" - } - }, - "node_modules/buffer-equal-constant-time": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/buffer-equal-constant-time/-/buffer-equal-constant-time-1.0.1.tgz", - "integrity": "sha512-zRpUiDwd/xk6ADqPMATG8vc9VPrkck7T07OIx0gnjmJAnHnTVXNQG3vfvWNuiZIkwu9KrKdA1iJKfsfTVxE6NA==", - "license": "BSD-3-Clause" - }, - "node_modules/data-uri-to-buffer": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/data-uri-to-buffer/-/data-uri-to-buffer-4.0.1.tgz", - "integrity": "sha512-0R9ikRb668HB7QDxT1vkpuUBtqc53YyAwMwGeUFKRojY/NWKvdZ+9UYtRfGmhqNbRkTSVpMbmyhXipFFv2cb/A==", - "license": "MIT", - "engines": { - "node": ">= 12" - } - }, - "node_modules/ecdsa-sig-formatter": { - "version": "1.0.11", - "resolved": "https://registry.npmjs.org/ecdsa-sig-formatter/-/ecdsa-sig-formatter-1.0.11.tgz", - "integrity": "sha512-nagl3RYrbNv6kQkeJIpt6NJZy8twLB/2vtz6yN9Z4vRKHN4/QZJIEbqohALSgwKdnksuY3k5Addp5lg8sVoVcQ==", - "license": "Apache-2.0", - "dependencies": { - "safe-buffer": "^5.0.1" - } - }, - "node_modules/fetch-blob": { - "version": "3.2.0", - "resolved": "https://registry.npmjs.org/fetch-blob/-/fetch-blob-3.2.0.tgz", - "integrity": "sha512-7yAQpD2UMJzLi1Dqv7qFYnPbaPx7ZfFK6PiIxQ4PfkGPyNyl2Ugx+a/umUonmKqjhM4DnfbMvdX6otXq83soQQ==", - "funding": [ - { - "type": "github", - "url": "https://github.com/sponsors/jimmywarting" - }, - { - "type": "paypal", - "url": "https://paypal.me/jimmywarting" - } - ], - "license": "MIT", - "dependencies": { - "node-domexception": "^1.0.0", - "web-streams-polyfill": "^3.0.3" - }, - "engines": { - "node": "^12.20 || >= 14.13" - } - }, - "node_modules/formdata-polyfill": { - "version": "4.0.10", - "resolved": "https://registry.npmjs.org/formdata-polyfill/-/formdata-polyfill-4.0.10.tgz", - "integrity": "sha512-buewHzMvYL29jdeQTVILecSaZKnt/RJWjoZCF5OW60Z67/GmSLBkOFM7qh1PI3zFNtJbaZL5eQu1vLfazOwj4g==", - "license": "MIT", - "dependencies": { - "fetch-blob": "^3.1.2" - }, - "engines": { - "node": ">=12.20.0" - } - }, - "node_modules/fsevents": { - "version": "2.3.2", - "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz", - "integrity": "sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==", - "dev": true, - "hasInstallScript": true, - "license": "MIT", - "optional": true, - "os": [ - "darwin" - ], - "engines": { - "node": "^8.16.0 || ^10.6.0 || >=11.0.0" - } - }, - "node_modules/jsonwebtoken": { - "version": "9.0.3", - "resolved": "https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-9.0.3.tgz", - "integrity": "sha512-MT/xP0CrubFRNLNKvxJ2BYfy53Zkm++5bX9dtuPbqAeQpTVe0MQTFhao8+Cp//EmJp244xt6Drw/GVEGCUj40g==", - "license": "MIT", - "dependencies": { - "jws": "^4.0.1", - "lodash.includes": "^4.3.0", - "lodash.isboolean": "^3.0.3", - "lodash.isinteger": "^4.0.4", - "lodash.isnumber": "^3.0.3", - "lodash.isplainobject": "^4.0.6", - "lodash.isstring": "^4.0.1", - "lodash.once": "^4.0.0", - "ms": "^2.1.1", - "semver": "^7.5.4" - }, - "engines": { - "node": ">=12", - "npm": ">=6" - } - }, - "node_modules/jwa": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/jwa/-/jwa-2.0.1.tgz", - "integrity": "sha512-hRF04fqJIP8Abbkq5NKGN0Bbr3JxlQ+qhZufXVr0DvujKy93ZCbXZMHDL4EOtodSbCWxOqR8MS1tXA5hwqCXDg==", - "license": "MIT", - "dependencies": { - "buffer-equal-constant-time": "^1.0.1", - "ecdsa-sig-formatter": "1.0.11", - "safe-buffer": "^5.0.1" - } - }, - "node_modules/jws": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/jws/-/jws-4.0.1.tgz", - "integrity": "sha512-EKI/M/yqPncGUUh44xz0PxSidXFr/+r0pA70+gIYhjv+et7yxM+s29Y+VGDkovRofQem0fs7Uvf4+YmAdyRduA==", - "license": "MIT", - "dependencies": { - "jwa": "^2.0.1", - "safe-buffer": "^5.0.1" - } - }, - "node_modules/lodash.includes": { - "version": "4.3.0", - "resolved": "https://registry.npmjs.org/lodash.includes/-/lodash.includes-4.3.0.tgz", - "integrity": "sha512-W3Bx6mdkRTGtlJISOvVD/lbqjTlPPUDTMnlXZFnVwi9NKJ6tiAk6LVdlhZMm17VZisqhKcgzpO5Wz91PCt5b0w==", + "node_modules/monaco-editor": { + "version": "0.45.0", + "resolved": "https://registry.npmjs.org/monaco-editor/-/monaco-editor-0.45.0.tgz", + "integrity": "sha512-mjv1G1ZzfEE3k9HZN0dQ2olMdwIfaeAAjFiwNprLfYNRSz7ctv9XuCT7gPtBGrMUeV1/iZzYKj17Khu1hxoHOA==", "license": "MIT" - }, - "node_modules/lodash.isboolean": { - "version": "3.0.3", - "resolved": "https://registry.npmjs.org/lodash.isboolean/-/lodash.isboolean-3.0.3.tgz", - "integrity": "sha512-Bz5mupy2SVbPHURB98VAcw+aHh4vRV5IPNhILUCsOzRmsTmSQ17jIuqopAentWoehktxGd9e/hbIXq980/1QJg==", - "license": "MIT" - }, - "node_modules/lodash.isinteger": { - "version": "4.0.4", - "resolved": "https://registry.npmjs.org/lodash.isinteger/-/lodash.isinteger-4.0.4.tgz", - "integrity": "sha512-DBwtEWN2caHQ9/imiNeEA5ys1JoRtRfY3d7V9wkqtbycnAmTvRRmbHKDV4a0EYc678/dia0jrte4tjYwVBaZUA==", - "license": "MIT" - }, - "node_modules/lodash.isnumber": { - "version": "3.0.3", - "resolved": "https://registry.npmjs.org/lodash.isnumber/-/lodash.isnumber-3.0.3.tgz", - "integrity": "sha512-QYqzpfwO3/CWf3XP+Z+tkQsfaLL/EnUlXWVkIk5FUPc4sBdTehEqZONuyRt2P67PXAk+NXmTBcc97zw9t1FQrw==", - "license": "MIT" - }, - "node_modules/lodash.isplainobject": { - "version": "4.0.6", - "resolved": "https://registry.npmjs.org/lodash.isplainobject/-/lodash.isplainobject-4.0.6.tgz", - "integrity": "sha512-oSXzaWypCMHkPC3NvBEaPHf0KsA5mvPrOPgQWDsbg8n7orZ290M0BmC/jgRZ4vcJ6DTAhjrsSYgdsW/F+MFOBA==", - "license": "MIT" - }, - "node_modules/lodash.isstring": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/lodash.isstring/-/lodash.isstring-4.0.1.tgz", - "integrity": "sha512-0wJxfxH1wgO3GrbuP+dTTk7op+6L41QCXbGINEmD+ny/G/eCqGzxyCsh7159S+mgDDcoarnBw6PC1PS5+wUGgw==", - "license": "MIT" - }, - "node_modules/lodash.once": { - "version": "4.1.1", - "resolved": "https://registry.npmjs.org/lodash.once/-/lodash.once-4.1.1.tgz", - "integrity": "sha512-Sb487aTOCr9drQVL8pIxOzVhafOjZN9UU54hiN8PU3uAiSV7lx1yYNpbNmex2PK6dSJoNTSJUUswT651yww3Mg==", - "license": "MIT" - }, - "node_modules/ms": { - "version": "2.1.3", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", - "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==", - "license": "MIT" - }, - "node_modules/node-domexception": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/node-domexception/-/node-domexception-1.0.0.tgz", - "integrity": "sha512-/jKZoMpw0F8GRwl4/eLROPA3cfcXtLApP0QzLmUT/HuPCZWyB7IY9ZrMeKw2O/nFIqPQB3PVM9aYm0F312AXDQ==", - "deprecated": "Use your platform's native DOMException instead", - "funding": [ - { - "type": "github", - "url": "https://github.com/sponsors/jimmywarting" - }, - { - "type": "github", - "url": "https://paypal.me/jimmywarting" - } - ], - "license": "MIT", - "engines": { - "node": ">=10.5.0" - } - }, - "node_modules/node-fetch": { - "version": "3.3.2", - "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-3.3.2.tgz", - "integrity": "sha512-dRB78srN/l6gqWulah9SrxeYnxeddIG30+GOqK/9OlLVyLg3HPnr6SqOWTWOXKRwC2eGYCkZ59NNuSgvSrpgOA==", - "license": "MIT", - "dependencies": { - "data-uri-to-buffer": "^4.0.0", - "fetch-blob": "^3.1.4", - "formdata-polyfill": "^4.0.10" - }, - "engines": { - "node": "^12.20.0 || ^14.13.1 || >=16.0.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/node-fetch" - } - }, - "node_modules/playwright": { - "version": "1.58.2", - "resolved": "https://registry.npmjs.org/playwright/-/playwright-1.58.2.tgz", - "integrity": "sha512-vA30H8Nvkq/cPBnNw4Q8TWz1EJyqgpuinBcHET0YVJVFldr8JDNiU9LaWAE1KqSkRYazuaBhTpB5ZzShOezQ6A==", - "dev": true, - "license": "Apache-2.0", - "dependencies": { - "playwright-core": "1.58.2" - }, - "bin": { - "playwright": "cli.js" - }, - "engines": { - "node": ">=18" - }, - "optionalDependencies": { - "fsevents": "2.3.2" - } - }, - "node_modules/playwright-core": { - "version": "1.58.2", - "resolved": "https://registry.npmjs.org/playwright-core/-/playwright-core-1.58.2.tgz", - "integrity": "sha512-yZkEtftgwS8CsfYo7nm0KE8jsvm6i/PTgVtB8DL726wNf6H2IMsDuxCpJj59KDaxCtSnrWan2AeDqM7JBaultg==", - "dev": true, - "license": "Apache-2.0", - "bin": { - "playwright-core": "cli.js" - }, - "engines": { - "node": ">=18" - } - }, - "node_modules/safe-buffer": { - "version": "5.2.1", - "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", - "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==", - "funding": [ - { - "type": "github", - "url": "https://github.com/sponsors/feross" - }, - { - "type": "patreon", - "url": "https://www.patreon.com/feross" - }, - { - "type": "consulting", - "url": "https://feross.org/support" - } - ], - "license": "MIT" - }, - "node_modules/semver": { - "version": "7.7.4", - "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.4.tgz", - "integrity": "sha512-vFKC2IEtQnVhpT78h1Yp8wzwrf8CM+MzKMHGJZfBtzhZNycRFnXsHk6E5TxIkkMsgNS7mdX3AGB7x2QM2di4lA==", - "license": "ISC", - "bin": { - "semver": "bin/semver.js" - }, - "engines": { - "node": ">=10" - } - }, - "node_modules/undici-types": { - "version": "7.16.0", - "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.16.0.tgz", - "integrity": "sha512-Zz+aZWSj8LE6zoxD+xrjh4VfkIG8Ya6LvYkZqtUQGJPZjYl53ypCaUwWqo7eI0x66KBGeRo+mlBEkMSeSZ38Nw==", - "dev": true, - "license": "MIT" - }, - "node_modules/web-streams-polyfill": { - "version": "3.3.3", - "resolved": "https://registry.npmjs.org/web-streams-polyfill/-/web-streams-polyfill-3.3.3.tgz", - "integrity": "sha512-d2JWLCivmZYTSIoge9MsgFCZrt571BikcWGYkjC1khllbTeDlGqZ2D8vD8E/lJa8WGWbb7Plm8/XJYV7IJHZZw==", - "license": "MIT", - "engines": { - "node": ">= 8" - } - }, - "node_modules/ws": { - "version": "8.19.0", - "resolved": "https://registry.npmjs.org/ws/-/ws-8.19.0.tgz", - "integrity": "sha512-blAT2mjOEIi0ZzruJfIhb3nps74PRWTCz1IjglWEEpQl5XS/UNama6u2/rjFkDDouqr4L67ry+1aGIALViWjDg==", - "license": "MIT", - "engines": { - "node": ">=10.0.0" - }, - "peerDependencies": { - "bufferutil": "^4.0.1", - "utf-8-validate": ">=5.0.2" - }, - "peerDependenciesMeta": { - "bufferutil": { - "optional": true - }, - "utf-8-validate": { - "optional": true - } - } } } } diff --git a/package.json b/package.json index a2d207a..fbf8d41 100644 --- a/package.json +++ b/package.json @@ -1,17 +1,5 @@ { - "name": "gb", - "version": "1.0.0", - "main": "index.js", - "author": "Rodrigo Rodriguez (Pragmatismo) ", - "license": "MIT", - "devDependencies": { - "@playwright/test": "^1.58.2", - "@types/node": "^25.2.0" - }, - "scripts": {}, "dependencies": { - "jsonwebtoken": "^9.0.3", - "node-fetch": "^3.3.2", - "ws": "^8.19.0" + "monaco-editor": "^0.45.0" } } diff --git a/playwright.config.ts b/playwright.config.ts deleted file mode 100644 index 6dfc0d9..0000000 --- a/playwright.config.ts +++ /dev/null @@ -1,79 +0,0 @@ -import { defineConfig, devices } from '@playwright/test'; - -/** - * Read environment variables from file. - * https://github.com/motdotla/dotenv - */ -// import dotenv from 'dotenv'; -// import path from 'path'; -// dotenv.config({ path: path.resolve(__dirname, '.env') }); - -/** - * See https://playwright.dev/docs/test-configuration. - */ -export default defineConfig({ - testDir: './tests', - /* Run tests in files in parallel */ - fullyParallel: true, - /* Fail the build on CI if you accidentally left test.only in the source code. */ - forbidOnly: !!process.env.CI, - /* Retry on CI only */ - retries: process.env.CI ? 2 : 0, - /* Opt out of parallel tests on CI. */ - workers: process.env.CI ? 1 : undefined, - /* Reporter to use. See https://playwright.dev/docs/test-reporters */ - reporter: 'html', - /* Shared settings for all the projects below. See https://playwright.dev/docs/api/class-testoptions. */ - use: { - /* Base URL to use in actions like `await page.goto('')`. */ - // baseURL: 'http://localhost:3000', - - /* Collect trace when retrying the failed test. See https://playwright.dev/docs/trace-viewer */ - trace: 'on-first-retry', - }, - - /* Configure projects for major browsers */ - projects: [ - { - name: 'chromium', - use: { ...devices['Desktop Chrome'] }, - }, - - { - name: 'firefox', - use: { ...devices['Desktop Firefox'] }, - }, - - { - name: 'webkit', - use: { ...devices['Desktop Safari'] }, - }, - - /* Test against mobile viewports. */ - // { - // name: 'Mobile Chrome', - // use: { ...devices['Pixel 5'] }, - // }, - // { - // name: 'Mobile Safari', - // use: { ...devices['iPhone 12'] }, - // }, - - /* Test against branded browsers. */ - // { - // name: 'Microsoft Edge', - // use: { ...devices['Desktop Edge'], channel: 'msedge' }, - // }, - // { - // name: 'Google Chrome', - // use: { ...devices['Desktop Chrome'], channel: 'chrome' }, - // }, - ], - - /* Run your local dev server before starting the tests */ - // webServer: { - // command: 'npm run start', - // url: 'http://localhost:3000', - // reuseExistingServer: !process.env.CI, - // }, -}); diff --git a/BOTCODER_ANALYSIS.md b/prompts/BOTCODER_ANALYSIS.md similarity index 100% rename from BOTCODER_ANALYSIS.md rename to prompts/BOTCODER_ANALYSIS.md diff --git a/BOTCODER_HYBRID_ARCHITECTURE.md b/prompts/BOTCODER_HYBRID_ARCHITECTURE.md similarity index 100% rename from BOTCODER_HYBRID_ARCHITECTURE.md rename to prompts/BOTCODER_HYBRID_ARCHITECTURE.md diff --git a/prompts/PENDING.md b/prompts/PENDING.md new file mode 100644 index 0000000..eb9186f --- /dev/null +++ b/prompts/PENDING.md @@ -0,0 +1,113 @@ +# Pending Tasks - General Bots Platform + +> **Last Updated:** 2025-02-28 +> **Purpose:** Track actionable tasks and improvements for the GB platform + +--- + +## 🔐 Authentication & Identity (Zitadel) + +- [ ] **Fix Zitadel setup issues** + - Check v4 configuration + - Update `zit.md` documentation + - Test login at `http://localhost:3000/login` + - Run `reset.sh` to verify clean setup + +--- + +## 📚 Documentation Consolidation + +- [ ] **Aggregate all PROMPT.md files into AGENTS.md** + - Search git history for all PROMPT.md files + - Consolidate into root AGENTS.md + - Remove duplicate/ghost lines + - Keep only AGENTS.md at project root + +- [ ] **Update all README.md files** + - Add requirement: Only commit when warnings AND errors are 0 + - Add requirement: Run `cargo check` after editing multiple `.rs` files + - Include Qdrant collection access instructions + - Document Vault usage for retrieving secrets + +--- + +## 🔒 Security & Configuration (Vault) + +- [ ] **Review all service configurations** + - Ensure Gmail and other service configs go to Vault + - Store per `botid + setting` or `userid` for individual settings + +- [ ] **Remove all environment variables** + - Keep ONLY Vault-related env vars + - Migrate all other configs to Vault + +- [ ] **Database password management** + - Generate custom passwords for all databases + - Store in Vault + - Update README with Vault retrieval instructions + +--- + +## 🎯 Code Quality & Standards + +- [ ] **Clean gbai directory** + - Remove all `.ast` files (work artifacts) + - Remove all `.json` files (work artifacts) + - Add `.gitignore` rules to prevent future commits + +- [ ] **Fix logging prefixes** + - Remove duplicate prefixes in `.rs` files + - Example: Change `auth: [AUTH]` to `auth:` + - Ensure botname and GUID appear in all bot logs + +- [ ] **Review bot logs format** + - Always include `botname` and `guid` + - Example: `drive_monitor:Error during sync for bot MyBot (a818fb29-9991-4e24-bdee-ed4da2c51f6d): dispatch failure` + +--- + +## 🗄️ Database Management + +- [ ] **Qdrant collection management** + - Add collection viewing instructions to README + - Document collection access methods + - Add debugging examples + +- [ ] **BASIC table migration** + - Implement table migration in BASIC language + - Document migration process + +--- + +## 🧹 Cleanup Tasks + +- [ ] **Remove outdated documentation snippets** + - Remove: "Tools with C++ support, then:# Install PostgreSQL (for libpq)choco install postgresql" + +--- + +## 📝 Notes + + +--- + +## 🚀 Priority Order + +1. **High Priority:** Security & Configuration (Vault integration) +2. **High Priority:** Authentication & Identity (Zitadel setup) +3. **Medium Priority:** Code Quality & Standards +4. **Medium Priority:** Documentation Consolidation +5. **Low Priority:** Cleanup Tasks + +--- + +## 📋 Task Template + +When adding new tasks, use this format: + +```markdown +- [ ] **Task Title** + - Detail 1 + - Detail 2 + - Related file: `path/to/file.ext` +``` diff --git a/SECURITY_CHECKLIST.md b/prompts/SECURITY_CHECKLIST.md similarity index 100% rename from SECURITY_CHECKLIST.md rename to prompts/SECURITY_CHECKLIST.md diff --git a/prompts/SECURITY_REVIEW.md b/prompts/SECURITY_REVIEW.md new file mode 100644 index 0000000..dcba256 --- /dev/null +++ b/prompts/SECURITY_REVIEW.md @@ -0,0 +1,30 @@ +# Security Review Task List + +## 1. Unsafe Unwraps in Production (Violates AGENTS.md Error Handling Rules) +The `AGENTS.md` explicitly forbids the use of `.unwrap()`, `.expect()`, `panic!()`, `todo!()`, and `unimplemented!()` in production code. A search of the codebase revealed several instances of `unwrap()` being used in non-test contexts. + +**Vulnerable Locations:** +- `botserver/src/drive/drive_handlers.rs:269` - Contains a `.unwrap()` call during `Response::builder()` generation, which could panic in production. +- `botserver/src/basic/compiler/mod.rs` - Contains `unwrap()` usages outside test boundaries. +- `botserver/src/llm/llm_models/deepseek_r3.rs` - Contains `unwrap()` usages outside test boundaries. +- `botserver/src/botmodels/opencv.rs` - Test scopes use `unwrap()`, but please audit carefully for any leaks to production scope. + +**Action:** +- Replace all `.unwrap()` occurrences with safe alternatives (`?`, `unwrap_or_default()`, or pattern matching with early returns) and use `ErrorSanitizer` to avoid panics. + +## 2. Dependency Vulnerabilities (Found by cargo audit) +Running `cargo audit` uncovered a reported vulnerability inside the dependency tree. + +**Vulnerable Component:** +- **Crate:** `glib` +- **Version:** `0.18.5` +- **Advisory ID:** `RUSTSEC-2024-0429` +- **Title:** Unsoundness in `Iterator` and `DoubleEndedIterator` impls for `glib::VariantStrIter` +- **Dependency Tree context:** It's pulled through `botdevice` and `botapp` via Tauri plugins and GTK dependencies. + +**Action:** +- Review dependencies and upgrade the GTK/Glib ecosystem dependencies if patches are available, or evaluate the exact usage to assess the direct risk given the desktop GUI context. + +## 3. General Posture Alignment +- Ensure all new state-changing endpoints are correctly shielded by the custom CSRF store (`redis_csrf_store.rs`). Verification is recommended as standard `tower-csrf` is absent from `Cargo.toml`. +- Confirm security headers (`Content-Security-Policy` via `headers.rs`) are indeed attached universally in `botserver` and not selectively omitted in new modules. diff --git a/UNIFIED_PLAN.md b/prompts/UNIFIED_PLAN.md similarity index 100% rename from UNIFIED_PLAN.md rename to prompts/UNIFIED_PLAN.md diff --git a/vibe.md b/prompts/vib.md similarity index 75% rename from vibe.md rename to prompts/vib.md index b54daea..a2f0072 100644 --- a/vibe.md +++ b/prompts/vib.md @@ -1,5 +1,4 @@ -# VibeCode Complete Implementation Roadmap v3.0 -## Dual Deployment: Internal GB Apps + External Forgejo ALM Projects +# VibeCode Platform - Unified Implementation Roadmap ## Executive Summary @@ -18,10 +17,16 @@ - ✅ Designer AI (runtime modifications with undo/redo) - ✅ chromiumoxide dependency ready for browser automation - ✅ **Forgejo ALM integration** (mTLS, runners, web server on port 3000) +- ✅ **MCP servers integration** (`botserver/src/sources/`) - ✅ **App deployment** (`/apps/{name}` routes, Drive storage) **What's Missing (Critical Gaps):** +**Security (IMMEDIATE):** +- ❌ Unsafe unwraps in production code +- ❌ Dependency vulnerabilities (glib 0.18.5) +- ❌ CSRF validation audit needed + **Deployment Infrastructure (Phase 0 - CRITICAL):** - ❌ Deployment routing logic (internal vs external) - ❌ Forgejo project initialization & git push @@ -35,10 +40,135 @@ - ❌ Browser automation engine UI - ❌ Multi-file editing workspace - ❌ Enhanced terminal +- ❌ MCP panel integration --- -## Architecture: Dual Deployment Model +## Table of Contents + +1. [Part I: Security & Stability](#part-i-security--stability) +2. [Part II: Dual Deployment Infrastructure](#part-ii-dual-deployment-infrastructure) +3. [Part III: MCP Integration](#part-iii-mcp-integration) +4. [Part IV: Professional Development Tools](#part-iv-professional-development-tools) +5. [Part V: Architecture Diagrams](#part-v-architecture-diagrams) +6. [Part VI: Implementation Phases](#part-vi-implementation-phases) +7. [Part VII: File Organization](#part-vii-file-organization) +8. [Part VIII: Testing Strategy](#part-viii-testing-strategy) +9. [Part IX: Rollout Plan](#part-ix-rollout-plan) +10. [Part X: Success Metrics](#part-x-success-metrics) + +--- + +## Part I: Security & Stability + +**Priority:** ⚠️ **CRITICAL** - Must complete before any feature work + +### 1. Unsafe Unwraps in Production + +**Issue:** Codebase uses `.unwrap()`, `.expect()`, `panic!()` in production, violating AGENTS.md rules. + +**Vulnerable Locations:** +``` +botserver/src/drive/drive_handlers.rs:269 - Response::builder() unwrap +botserver/src/basic/compiler/mod.rs - Multiple unwrap() calls +botserver/src/llm/llm_models/deepseek_r3.rs - unwrap() outside tests +botserver/src/botmodels/opencv.rs - Test scope unwrap() leaks +``` + +**Action Items:** +- [ ] Replace ALL `.unwrap()` with safe alternatives: + - Use `?` operator with proper error propagation + - Use `unwrap_or_default()` for defaults + - Use pattern matching with early returns + - Apply `ErrorSanitizer` to avoid panics +- [ ] Run `cargo clippy -- -W clippy::unwrap_used -W clippy::expect_used` +- [ ] Add unit tests verifying error paths work correctly + +**Estimated Effort:** 4-6 hours + +--- + +### 2. Dependency Vulnerabilities + +**Vulnerable Component:** +- **Crate:** `glib 0.18.5` +- **Advisory:** `RUSTSEC-2024-0429` +- **Issue:** Unsoundness in `Iterator` and `DoubleEndedIterator` impls +- **Context:** Pulled through `botdevice`/`botapp` via Tauri/GTK + +**Action Items:** +- [ ] Review exact usage of glib in codebase +- [ ] Check if patches are available in newer versions +- [ ] Evaluate risk given desktop GUI context +- [ ] If critical: upgrade GTK/Glib dependencies +- [ ] If acceptable: document risk assessment + +**Estimated Effort:** 2-4 hours + +--- + +### 3. General Security Posture + +**CSRF Protection:** +- ✅ Custom CSRF store exists: `redis_csrf_store.rs` +- ⚠️ **Verify:** ALL state-changing endpoints use it + +**Security Headers:** +- ✅ `headers.rs` provides CSP, HSTS, X-Frame-Options +- ⚠️ **Verify:** Headers are attached UNIVERSALLY + +**Action Items:** +- [ ] Audit all POST/PUT/DELETE endpoints for CSRF validation +- [ ] Create middleware test to ensure security headers on all responses +- [ ] Document security checklist for new endpoints + +**Estimated Effort:** 3-4 hours + +--- + +## Part II: Dual Deployment Infrastructure + +**Priority:** 🔴 **CRITICAL** - Core feature missing + +### Current State Analysis + +**Existing Infrastructure:** +```rust +// Forgejo ALM is already configured: +botserver/src/security/mutual_tls.rs:150 + - configure_forgejo_mtls() - mTLS setup for Forgejo + +botserver/src/core/package_manager/installer.rs + - forgejo binary installer + - forgejo-runner integration + - ALM_URL environment variable + - Port 3000 for Forgejo web UI + +botserver/src/basic/keywords/create_site.rs + - CREATE SITE keyword for app generation + - Stores to Drive: apps/{alias} + - Serves from: /apps/{alias} + +botserver/src/basic/keywords/app_server.rs + - Suite JS file serving + - Vendor file routing + +botserver/src/sources/ + - MCP integration already exists + - 40+ API endpoints available +``` + +**Missing Components:** +1. ❌ Deployment routing logic (internal vs external choice) +2. ❌ Forgejo repository initialization API +3. ❌ Git push to Forgejo repositories +4. ❌ CI/CD pipeline template generation +5. ❌ Forgejo Actions workflow builder +6. ❌ Custom domain configuration for external projects + +--- + +### Architecture: Dual Deployment Model ``` ┌──────────────────────────────────────────────────────────────────┐ @@ -71,6 +201,7 @@ │ 🌐 Browser Automation Panel ← Phase 4 │ │ 📂 Multi-File Workspace ← Phase 5 │ │ 🖥️ Enhanced Terminal ← Phase 6 │ +│ 🔌 MCP Panel Integration ← Existing │ └────────────────────────────┬─────────────────────────────────────┘ │ ┌────────────┴────────────┐ @@ -109,6 +240,11 @@ │ │ Automation │ │ Operations │ │ Service │ │ │ │(chromiumoxide)│ │(git2) │ │(xterm.js) │ │ │ └────────────┘ └────────────┘ └────────────┘ │ +│ ┌────────────────────────────────────────────┐ │ +│ │ MCP & Sources Integration ← ALREADY EXISTS │ │ +│ │ - botserver/src/sources/mcp.rs │ │ +│ │ - /api/ui/sources/* endpoints │ │ +│ └────────────────────────────────────────────┘ │ └────────────────────────┬────────────────────────────────────┘ │ ▼ @@ -125,43 +261,7 @@ --- -# PART I: Deployment Infrastructure (Phase 0 - CRITICAL) - -## Current State Analysis - -**Existing Infrastructure:** -```rust -// Forgejo ALM is already configured: -botserver/src/security/mutual_tls.rs:150 - - configure_forgejo_mtls() - mTLS setup for Forgejo - -botserver/src/core/package_manager/installer.rs - - forgejo binary installer - - forgejo-runner integration - - ALM_URL environment variable - - Port 3000 for Forgejo web UI - -botserver/src/basic/keywords/create_site.rs - - CREATE SITE keyword for app generation - - Stores to Drive: apps/{alias} - - Serves from: /apps/{alias} - -botserver/src/basic/keywords/app_server.rs - - Suite JS file serving - - Vendor file routing -``` - -**Missing Components:** -1. ❌ Deployment routing logic (internal vs external choice) -2. ❌ Forgejo repository initialization API -3. ❌ Git push to Forgejo repositories -4. ❌ CI/CD pipeline template generation -5. ❌ Forgejo Actions workflow builder -6. ❌ Custom domain configuration for external projects - ---- - -## Phase 0.1: Deployment Router (P0 - CRITICAL) +### Phase 0.1: Deployment Router (P0 - CRITICAL) **Goal:** Create routing logic to deploy apps internally or to Forgejo @@ -292,7 +392,7 @@ pub enum DeploymentError { --- -## Phase 0.2: Forgejo Integration (P0 - CRITICAL) +### Phase 0.2: Forgejo Integration (P0 - CRITICAL) **Goal:** Initialize repositories and push code to Forgejo @@ -612,7 +712,7 @@ pub struct DeploymentRequest { --- -## Phase 0.3: Deployment UI in Vibe (P0 - CRITICAL) +### Phase 0.3: Deployment UI in Vibe (P0 - CRITICAL) **Goal:** Add deployment choice UI to Vibe Builder @@ -1053,13 +1153,63 @@ function showDeploymentSuccess(result) { --- -# PART II: Frontend Feature Implementation (Phases 1-7) +## Part III: MCP Integration -After deployment infrastructure is in place, continue with the frontend tools: +**Priority:** 🟡 **HIGH** - Leverage existing infrastructure -## Phase 1: Code Editor Integration (P0 - Critical) +### What Already Exists -**Goal:** Replace textarea with professional code editor +**Backend Implementation:** +``` +botserver/src/sources/ +├── mod.rs # Module exports +├── mcp.rs # MCP client, connection, server types +├── ui.rs # HTML pages for /suite/sources/* +├── knowledge_base.rs # Knowledge base upload/query +└── sources_api # API endpoints +``` + +**API Endpoints (40+ endpoints):** +``` +/suite/sources: + - Main sources list page + - MCP server catalog + - Add MCP server form + +/api/ui/sources/*: + - /api/ui/sources/mcp - List MCP servers + - /api/ui/sources/mcp/:name/enable - Enable server + - /api/ui/sources/mcp/:name/tools - List tools + - /api/ui/sources/kb/query - Query knowledge base + - /api/ui/sources/repositories - List repos + - /api/ui/sources/apps - List apps +``` + +### Integration Task: Add MCP Panel to Vibe + +**Goal:** Show connected MCP servers in Vibe sidebar + +**Files to Create:** +1. `botui/ui/suite/partials/vibe-mcp-panel.html` - MCP panel UI +2. `botui/ui/suite/js/vibe-mcp.js` - Server management JavaScript +3. `botui/ui/suite/vibe/mcp-panel.css` - Styling + +**Features:** +- List connected MCP servers +- Show server status (active/inactive) +- Display available tools per server +- Quick enable/disable toggles +- "Add Server" button (opens `/suite/sources/mcp/add`) + +**Estimated Effort:** 6-8 hours + +--- + +## Part IV: Professional Development Tools + +### Phase 1: Code Editor Integration (P0 - Critical) + +**Goal:** Replace textarea with Monaco Editor **Tasks:** @@ -1104,7 +1254,7 @@ After deployment infrastructure is in place, continue with the frontend tools: --- -## Phase 2: Database UI & Schema Visualization (P0 - Critical) +### Phase 2: Database UI & Schema Visualization (P0 - Critical) **Goal:** Visual database management and query builder @@ -1155,7 +1305,7 @@ After deployment infrastructure is in place, continue with the frontend tools: --- -## Phase 3: Git Operations UI (P1 - High Priority) +### Phase 3: Git Operations UI (P1 - High Priority) **Goal:** Version control interface in Vibe @@ -1214,7 +1364,7 @@ After deployment infrastructure is in place, continue with the frontend tools: --- -## Phase 4: Browser Automation Engine (P1 - High Priority) +### Phase 4: Browser Automation Engine (P1 - High Priority) **Goal:** Pure Rust browser automation for testing & recording @@ -1391,7 +1541,7 @@ test('Recorded test', async ({ page }) => { --- -## Phase 5: Multi-File Editing Workspace (P2 - Medium Priority) +### Phase 5: Multi-File Editing Workspace (P2 - Medium Priority) **Goal:** Professional multi-file editing @@ -1439,7 +1589,7 @@ test('Recorded test', async ({ page }) => { --- -## Phase 6: Enhanced Terminal (P2 - Medium Priority) +### Phase 6: Enhanced Terminal (P2 - Medium Priority) **Goal:** Interactive shell in Vibe @@ -1485,7 +1635,7 @@ test('Recorded test', async ({ page }) => { --- -## Phase 7: Advanced CRM Templates (P2 - Medium Priority) +### Phase 7: Advanced CRM Templates (P2 - Medium Priority) **Goal:** Pre-built CRM accelerators @@ -1542,25 +1692,144 @@ test('Recorded test', async ({ page }) => { --- -# PART III: Technical Implementation Notes +## Part V: Architecture Diagrams -## Code Quality Standards (per AGENTS.md) +### Vibe UI Layout -**MUST Follow:** -1. ✅ **Error Handling** - NO panics, use `?` operator -2. ✅ **Safe Commands** - Use `SafeCommand` wrapper -3. ✅ **Error Sanitization** - Use `ErrorSanitizer` -4. ✅ **SQL Safety** - Use `sql_guard` -5. ✅ **Rate Limiting** - Per-IP and per-User limits -6. ✅ **CSRF Protection** - CSRF tokens on state-changing endpoints -7. ✅ **Security Headers** - CSP, HSTS, X-Frame-Options, etc. -8. ✅ **No CDNs** - All assets local -9. ✅ **File Size** - Max 450 lines per file -10. ✅ **Clippy Clean** - 0 warnings, no `#[allow()]` +``` +┌──────────────────────────────────────────────────────────────┐ +│ VIBE BUILDER │ +├──────────────┬───────────────────────────────────────────────┤ +│ │ PIPELINE TABS │ +│ AGENTS │ [PLAN] [BUILD] [REVIEW] [DEPLOY] [MONITOR] │ +│ SIDEBAR ├───────────────────────────────────────────────┤ +│ │ │ +│ ┌──────────┐ │ CANVAS AREA │ +│ │Mantis #1│ │ - Task nodes (horizontal flow) │ +│ │ EVOLVED │ │ - Preview panel │ +│ └──────────┘ │ - Chat overlay │ +│ ┌──────────┐ │ │ +│ │Mantis #2│ │ [DEPLOYMENT BUTTON] │ +│ │ BRED │ │ │ +│ └──────────┘ │ │ +│ ┌──────────┐ │ │ +│ │Mantis #3│ │ │ +│ │ WILD │ │ │ +│ └──────────┘ │ │ +│ │ │ +│ [+ NEW AGENT] │ │ +├──────────────┤ │ +│ WORKSPACES │ │ +│ ┌──────────┐ │ │ +│ │E-Commerce│ │ │ +│ │ App │ │ │ +│ └──────────┘ │ │ +│ │ │ +│ [+ PROJECT] │ │ +├──────────────┤ │ +│ SOURCES │ [MCP Integration] │ +│ ┌──────────┐ │ │ +│ │🔌 GitHub │ │ │ +│ │ MCP │ │ │ +│ └──────────┘ │ │ +│ ┌──────────┐ │ │ +│ │🗄️ Postgres│ │ │ +│ │ MCP │ │ │ +│ └──────────┘ │ │ +│ │ │ +│ [+ ADD MCP] │ │ +└──────────────┴───────────────────────────────────────────────┘ +``` -## File Organization +--- + +## Part VI: Implementation Phases + +### Milestone 0: Security & Deployment Infrastructure (Week 0) + +**Day 1-2:** Security Fixes +- Fix all unsafe `unwrap()` calls +- Address dependency vulnerabilities +- Verify CSRF & security headers + +**Day 3-4:** Deployment Router +- `botserver/src/deployment/mod.rs` +- DeploymentTarget enum +- DeploymentRouter implementation + +**Day 5-6:** Forgejo Integration +- `botserver/src/deployment/forgejo.rs` +- ForgejoClient implementation +- CI/CD workflow generation + +**Day 7:** Deployment UI +- `botui/ui/suite/partials/vibe-deployment.html` +- Deployment modal +- Integration into Vibe + +**Success Criteria:** +- ✅ Zero `unwrap()` in production code +- ✅ `cargo audit` passes +- ✅ Can deploy internally to /apps/{name} +- ✅ Can deploy externally to Forgejo +- ✅ CI/CD pipeline auto-generates + +--- + +### Milestone 1: Core Editor (Week 1) + +- Phase 1 complete (Monaco integration) + +**Success Criteria:** +- Monaco loads < 2 seconds +- 5+ syntax highlighters work +- Multi-file tabs functional + +--- + +### Milestone 2: Database & Git (Week 2) + +- Phase 2 complete (Database UI) +- Phase 3 complete (Git Operations + Forgejo) + +**Success Criteria:** +- Schema visualizer displays all tables +- Query builder generates valid SQL +- Git status shows changed files +- Forgejo sync works + +--- + +### Milestone 3: Browser & Workspace (Week 3) + +- Phase 4 complete (Browser Automation) +- Phase 5 complete (Multi-File Editing) + +**Success Criteria:** +- Can navigate to any URL +- Recording generates valid tests +- 10+ files open in tabs +- Split view supports 2-4 panes + +--- + +### Milestone 4: Terminal & Templates (Week 4) + +- Phase 6 complete (Enhanced Terminal) +- Phase 7 complete (CRM Templates) + +**Success Criteria:** +- Interactive shell works +- Multiple terminals run simultaneously +- 3+ CRM templates available +- Generation takes < 30 seconds + +--- + +## Part VII: File Organization + +### Botserver (Backend) -**Botserver (Backend):** ``` botserver/src/ deployment/ # NEW - Deployment infrastructure @@ -1569,16 +1838,16 @@ botserver/src/ api.rs # Deployment API endpoints templates.rs # CI/CD workflow templates api/ - editor.rs - database.rs - git.rs # UPDATED - Add Forgejo git operations + editor.rs # NEW - Code editor API + database.rs # NEW - Database UI API + git.rs # NEW - Git operations API browser/ - mod.rs # BrowserSession, BrowserManager - recorder.rs # ActionRecorder - validator.rs # TestValidator - api.rs # HTTP endpoints - test_generator.rs - templates/ + mod.rs # NEW - BrowserSession, BrowserManager + recorder.rs # NEW - ActionRecorder + validator.rs # NEW - TestValidator + api.rs # NEW - HTTP endpoints + test_generator.rs # NEW - Test script generator + templates/ # NEW - CRM templates crm/ sales.json real_estate.json @@ -1591,40 +1860,210 @@ botserver/src/ knowledge_base.rs ``` -**Botui (Frontend):** +### Botui (Frontend) + ``` botui/ui/suite/ partials/ - vibe.html # UPDATED - Add deploy button + vibe.html # EXISTING - Main Vibe UI vibe-deployment.html # NEW - Deployment modal - editor.html - database.html - git-status.html # UPDATED - Add Forgejo status - git-diff.html - browser-controls.html - terminal.html - template-gallery.html + vibe-mcp-panel.html # NEW - MCP panel + editor.html # NEW - Code editor + database.html # NEW - Database UI + git-status.html # NEW - Git status + git-diff.html # NEW - Diff viewer + browser-controls.html # NEW - Browser automation + terminal.html # NEW - Terminal + template-gallery.html # NEW - Template gallery js/ deployment.js # NEW - Deployment logic - editor.js - database.js - git.js # UPDATED - Add Forgejo operations - browser.js - terminal.js - templates.js + editor.js # NEW - Monaco integration + database.js # NEW - Database UI + git.js # NEW - Git operations + browser.js # NEW - Browser automation + terminal.js # NEW - Terminal + templates.js # NEW - Templates css/ deployment.css # NEW - Deployment styles - editor.css - database.css - git.css - browser.css - terminal.css - templates.css + editor.css # NEW - Editor styles + database.css # NEW - Database styles + git.css # NEW - Git styles + browser.css # NEW - Browser styles + terminal.css # NEW - Terminal styles + templates.css # NEW - Template styles + vibe/ + agents-sidebar.css # EXISTING + mcp-panel.css # NEW - MCP panel styles ``` -## Dependencies +--- + +## Part VIII: Testing Strategy + +### Unit Tests +- All new modules need unit tests +- Test coverage > 80% +- Location: `botserver/src//tests.rs` + +### Integration Tests +- End-to-end workflows +- Location: `bottest/tests/integration/` + +### E2E Tests +- Use chromiumoxide (bottest infrastructure) +- Location: `bottest/tests/e2e/` +- Test scenarios: + - Generate CRM from template + - Deploy internally to /apps/{name} + - Deploy externally to Forgejo + - Edit in Monaco editor + - View database schema + - Create git commit + - Record browser test + +--- + +## Part IX: Rollout Plan + +### Week 0: Security & Deployment (CRITICAL) +- **Day 1-2:** Security fixes +- **Day 3-4:** Deployment Router +- **Day 5-6:** Forgejo Integration +- **Day 7:** Deployment UI + +### Week 1: Code Editor +- Monaco integration +- File tree +- Tab management + +### Week 2: Database & Git +- Schema visualizer +- Query builder +- Git operations +- Forgejo sync + +### Week 3: Browser & Workspace +- Browser automation UI +- Multi-file editing +- Split-pane layout + +### Week 4: Terminal & Templates +- Enhanced terminal +- CRM templates +- Template gallery + +--- + +## Part X: Success Metrics + +### Security Milestones +- ✅ Zero `unwrap()` in production code +- ✅ `cargo audit` passes +- ✅ All endpoints have CSRF + security headers + +### Deployment Infrastructure +- ✅ Internal deployment < 30 seconds +- ✅ External Forgejo deployment < 2 minutes +- ✅ CI/CD pipeline auto-generates +- ✅ Both models accessible from Vibe UI + +### MCP Integration +- ✅ MCP panel visible in Vibe sidebar +- ✅ Can enable/disable servers +- ✅ Can view available tools +- ✅ Can add new servers + +### Code Editor +- Monaco loads < 2 seconds +- 5+ syntax highlighters work +- Multi-file tabs functional +- Auto-save succeeds + +### Database UI +- Schema visualizer displays all tables +- Query builder generates valid SQL +- Data grid supports inline edits +- Export works correctly + +### Git Operations +- Git status shows changed files +- Diff viewer shows side-by-side +- Commit workflow works end-to-end +- Forgejo sync succeeds + +### Browser Automation +- Can navigate to any URL +- Element picker captures selectors +- Recording generates valid tests +- Screenshots capture correctly + +### Multi-File Workspace +- 10+ files open in tabs +- Split view supports 2-4 panes +- File comparison works +- Project search is fast (< 1s for 100 files) + +### Terminal +- Interactive shell works +- Can run vim, top, etc. +- Multiple terminals run simultaneously +- File transfer works + +### CRM Templates +- 3+ CRM templates available +- Generation takes < 30 seconds +- Generated CRMs are fully functional +- Industry-specific features work + +--- + +## Conclusion + +The VibeCode platform has a **powerful backend** capable of generating full applications via LLM. The main gaps are in **frontend user experience**, **security hardening**, and **deployment routing**. + +**Critical Path:** +1. ⚠️ **Week 0:** Security fixes + Deployment infrastructure +2. 🔌 **Week 0.5:** MCP integration in Vibe +3. 📝 **Week 1:** Monaco code editor +4. 🗄️ **Week 2:** Database UI + Git operations +5. 🌐 **Week 3:** Browser automation + Multi-file workspace +6. 🖥️ **Week 4:** Terminal + CRM templates + +Once these phases are complete, VibeCode will match or exceed Claude Code's capabilities while offering: + +✅ **Dual deployment model** (Internal GB Apps + External Forgejo Projects) +✅ **Multi-user SaaS deployment** +✅ **Visual app building** (Vibe Builder) +✅ **Enterprise-grade multi-agent orchestration** +✅ **Pure Rust backend** (no Node.js dependency) +✅ **Integrated MCP servers** (extensible tools) +✅ **Integrated browser automation** (chromiumoxide) +✅ **Professional development environment** + +**Total Estimated Effort:** 165-205 hours (~4-5 weeks with 1 developer) + +--- + +## Appendix: Code Quality Standards + +**MUST Follow (per AGENTS.md):** +1. ✅ **Error Handling** - NO panics, use `?` operator +2. ✅ **Safe Commands** - Use `SafeCommand` wrapper +3. ✅ **Error Sanitization** - Use `ErrorSanitizer` +4. ✅ **SQL Safety** - Use `sql_guard` +5. ✅ **Rate Limiting** - Per-IP and per-User limits +6. ✅ **CSRF Protection** - CSRF tokens on state-changing endpoints +7. ✅ **Security Headers** - CSP, HSTS, X-Frame-Options +8. ✅ **No CDNs** - All assets local +9. ✅ **File Size** - Max 450 lines per file +10. ✅ **Clippy Clean** - 0 warnings, no `#[allow()]` + +--- + +## Appendix: Dependencies + +### Backend (Already in Workspace) -**Already in Workspace:** ```toml [dependencies] chromiumoxide = "0.7" # Browser automation @@ -1635,165 +2074,18 @@ git2 = "0.18" # Git operations reqwest = { version = "0.11", features = ["json"] } # HTTP client ``` -**Frontend:** -``` -monaco-editor@0.45.0 # Code editor -xterm.js@5.3.0 # Terminal (already vendor file) +### Frontend (Download & Serve Locally) + +```bash +# Code editor +npm install monaco-editor@0.45.0 + +# Terminal (already vendor file exists) +# xterm.js@5.3.0 ``` --- -# PART IV: Testing Strategy - -## Unit Tests -- All new modules need unit tests -- Test coverage > 80% -- Location: `botserver/src//tests.rs` - -## Integration Tests -- End-to-end workflows -- Location: `bottest/tests/integration/` - -## E2E Tests -- Use chromiumoxide (bottest infrastructure) -- Location: `bottest/tests/e2e/` -- Test scenarios: - - Generate CRM from template - - Deploy to internal GB Platform - - Deploy to external Forgejo - - Edit in Monaco editor - - View database schema - - Create git commit - - Record browser test - ---- - -# PART V: Rollout Plan - -## Milestone 0: Deployment Infrastructure (Week 0) -- **Day 1-3:** Phase 0.1 - Deployment Router -- **Day 4-5:** Phase 0.2 - Forgejo Integration -- **Day 6-7:** Phase 0.3 - Deployment UI - -**Success Criteria:** -- ✅ Can deploy app internally to /apps/{name} -- ✅ Can deploy app externally to Forgejo -- ✅ CI/CD pipeline auto-generated -- ✅ Deployment choice works in Vibe UI - -## Milestone 1: Core Editor (Week 1) -- Phase 1 complete (Monaco integration) - -## Milestone 2: Database & Git (Week 2) -- Phase 2 complete (Database UI) -- Phase 3 complete (Git Operations + Forgejo) - -## Milestone 3: Browser & Workspace (Week 3) -- Phase 4 complete (Browser Automation) -- Phase 5 complete (Multi-File Editing) - -## Milestone 4: Terminal & Templates (Week 4) -- Phase 6 complete (Enhanced Terminal) -- Phase 7 complete (CRM Templates with dual deployment) - ---- - -# PART VI: Success Metrics - -## Deployment Infrastructure (Phase 0) -- Internal deployment succeeds in < 30 seconds -- External Forgejo deployment succeeds in < 2 minutes -- CI/CD pipeline auto-generates correctly -- Both deployment models accessible from Vibe UI -- Can switch between internal/external deployment - -## Phase 1: Code Editor -- Monaco loads < 2 seconds -- 5+ syntax highlighters work -- Multi-file tabs functional -- Auto-save succeeds - -## Phase 2: Database UI -- Schema visualizer displays all tables -- Query builder generates valid SQL -- Data grid supports inline edits -- Export functionality works - -## Phase 3: Git Operations -- Git status shows changed files -- Diff viewer shows side-by-side -- Commit workflow works -- Branch switching succeeds - -## Phase 4: Browser Automation -- Can navigate to any URL -- Element picker captures selectors -- Recording generates valid tests -- Screenshots capture correctly - -## Phase 5: Multi-File Workspace -- 10+ files open in tabs -- Split view supports 2-4 panes -- File comparison works -- Project search is fast (< 1s for 100 files) - -## Phase 6: Terminal -- Interactive shell works -- Can run vim, top, etc. -- Multiple terminals run simultaneously -- File transfer works - -## Phase 7: CRM Templates -- 3+ CRM templates available -- Generation takes < 30 seconds -- Generated CRMs are fully functional -- Industry-specific features work -- Templates support both deployment models - ---- - -# Conclusion - -The **critical foundation** is the **deployment infrastructure (Phase 0)**. The platform must support: - -1. **Internal GB Apps** - Quick prototypes using GB APIs and shared resources -2. **External Forgejo Projects** - Production apps with independent infrastructure and CI/CD - -**Implementation Priority:** -1. ⚠️ **Phase 0** - Deployment Infrastructure (CRITICAL - Week 0) - - Phase 0.1: Deployment Router - - Phase 0.2: Forgejo Integration - - Phase 0.3: Deployment UI - -2. 📝 **Phase 1** - Code Editor (Week 1) - -3. 🗄️ **Phase 2** - Database UI (Week 2) - -4. 🐙 **Phase 3** - Git Operations + Forgejo (Week 2) - -5. 🌐 **Phase 4** - Browser Automation (Week 3) - -6. 📂 **Phase 5** - Multi-File Workspace (Week 3) - -7. 🖥️ **Phase 6** - Terminal (Week 4) - -8. 📇 **Phase 7** - CRM Templates (Week 4) - -Once Phase 0 is complete, VibeCode will be able to **deploy apps both internally and externally**, giving users the flexibility to choose the right deployment model for their use case. - -**Total Estimated Effort:** -- Phases 1-7: 125-155 hours (~3-4 weeks with 1 developer) -- Phase 0: +40-50 hours -- **Final Total:** 165-205 hours (~4-5 weeks with 1 developer) - -The BotUI platform already has a **powerful backend** capable of generating full applications via LLM. These phases add the **deployment infrastructure** and **professional UI tools** to make it a complete development environment with dual deployment capabilities. - -Once complete, VibeCode will match or exceed Claude Code's capabilities while offering: - -✅ **Multi-user SaaS deployment** -✅ **Visual app building** (Vibe Builder) -✅ **Enterprise-grade multi-agent orchestration** -✅ **Pure Rust backend** (no Node.js dependency) -✅ **Integrated browser automation** (chromiumoxide) -✅ **Dual deployment model** (Internal GB Platform + External Forgejo ALM) -✅ **Professional development environment** +**Document Version:** 3.0 +**Last Updated:** 2025-02-28 +**Status:** Ready for Implementation \ No newline at end of file diff --git a/reset.sh b/reset.sh index 35c3c9e..5c034d7 100755 --- a/reset.sh +++ b/reset.sh @@ -1,109 +1,10 @@ #!/bin/bash set -e -####################################### -# General Bots Development Environment Reset Script -# Description: Cleans and restarts the development environment -# Usage: ./reset.sh -####################################### - -# Color codes for output -readonly GREEN='\033[0;32m' -readonly YELLOW='\033[1;33m' -readonly BLUE='\033[0;34m' -readonly NC='\033[0m' # No Color - -# Log function -log_info() { - echo -e "${BLUE}[INFO]${NC} $1" -} - -log_success() { - echo -e "${GREEN}[SUCCESS]${NC} $1" -} - -log_warning() { - echo -e "${YELLOW}[WARNING]${NC} $1" -} - -# Trap errors and cleanup -cleanup_on_error() { - log_warning "Script encountered an error" - exit 1 -} - -trap cleanup_on_error ERR - -log_info "Starting environment reset..." -echo "" - -# Step 1: Clean up existing installations -log_info "Step 1/4: Cleaning up existing installation..." +echo "Cleaning up..." rm -rf botserver-stack/ ./work/ .env -log_success "Cleanup complete" -echo "" -# Step 2: Build and restart services -log_info "Step 2/4: Building and restarting services..." +echo "Starting services..." ./restart.sh -log_success "Services restarted" -echo "" -# Step 3: Wait for bootstrap -log_info "Step 3/4: Waiting for BotServer to bootstrap (this may take a minute)..." - -# Tail the log starting from now, so we only see the new run -tail -n 0 -f botserver.log | while read line; do - # Show bootstrap-related messages - if [[ "$line" == *"GENERAL BOTS - INITIAL SETUP"* ]]; then - SHOW=1 - log_info "Bootstrap process started..." - fi - - if [[ "$SHOW" == "1" ]]; then - echo "$line" - elif [[ "$line" == *"Checking if bootstrap is needed"* ]] || \ - [[ "$line" == *"No admin user found"* ]] || \ - [[ "$line" == *"Created admin user"* ]] || \ - [[ "$line" == *"Created default organization"* ]] || \ - [[ "$line" == *"Starting"* ]] || \ - [[ "$line" == *"Installing"* ]]; then - echo "$line" - fi - - # Stop tracking when bootstrap completes - if [[ "$line" == *"Bootstrap complete: admin user"* ]] || \ - [[ "$line" == *"Skipping bootstrap"* ]]; then - pkill -P $$ tail || true - break - fi -done - -log_success "Bootstrap complete" -echo "" - -# Step 4: Final confirmation -log_info "Step 4/4: Verifying services..." -sleep 2 - -if pgrep -f "botserver" > /dev/null; then - log_success "BotServer is running" -else - log_warning "BotServer may not be running properly" -fi - -if pgrep -f "botui" > /dev/null; then - log_success "BotUI is running" -else - log_warning "BotUI may not be running properly" -fi - -echo "" -echo "==========================================" -log_success "✅ Reset complete!" -echo "==========================================" -echo "" -echo "You can now access:" -echo " - BotUI Desktop: Check the BotUI window or logs" -echo " - Logs: tail -f botserver.log botui.log" -echo "" +echo "Reset complete!" diff --git a/sec.md b/sec.md deleted file mode 100644 index 7f69b46..0000000 --- a/sec.md +++ /dev/null @@ -1,740 +0,0 @@ -# VibeCode Complete Implementation Roadmap - -## Executive Summary - -**Current Status:** BotUI's backend is **80% complete** with powerful LLM-driven code generation. The frontend needs professional tools to match Claude Code's capabilities. - -**What Works (Backend):** -- ✅ LLM-powered app generation (AppGenerator: 3400+ lines) -- ✅ Multi-agent pipeline (Orchestrator: Plan → Build → Review → Deploy → Monitor) -- ✅ Real-time WebSocket progress -- ✅ Database schema generation -- ✅ File generation (HTML, CSS, JS, BAS) -- ✅ Designer AI (runtime modifications with undo/redo) -- ✅ chromiumoxide dependency ready for browser automation - -**What's Missing (Frontend):** -- ❌ Monaco/CodeMirror editor (just textarea now) -- ❌ Database UI (no schema visualizer) -- ❌ Git operations UI -- ❌ Browser automation engine (using Rust + chromiumoxide) -- ❌ Multi-file editing workspace -- ❌ Enhanced terminal - ---- - -## Architecture - -``` -┌─────────────────────────────────────────────────────────────┐ -│ USER REQUEST │ -│ "I want a full CRM system" │ -└────────────────────────┬────────────────────────────────────┘ - │ - ▼ -┌─────────────────────────────────────────────────────────────┐ -│ VIBE BUILDER UI │ -│ - Agent cards (Mantis #1-4) │ -│ - Task nodes visualization │ -│ - WebSocket real-time updates │ -│ - Live chat overlay │ -│ - Code editor (Monaco) ← Phase 1 │ -│ - Browser automation panel ← Phase 4 │ -│ - Database schema visualizer ← Phase 2 │ -│ - Git operations UI ← Phase 3 │ -└────────────────────────┬────────────────────────────────────┘ - │ - ▼ -┌─────────────────────────────────────────────────────────────┐ -│ BOTSERVER (Rust Backend) │ -│ ┌────────────┐ ┌────────────┐ ┌────────────┐ │ -│ │ Orchestrator│ │AppGenerator│ │Designer AI │ │ -│ │ (5 agents) │ │(LLM-driven)│ │(modifications)│ │ -│ └────────────┘ └────────────┘ └────────────┘ │ -│ ┌────────────┐ ┌────────────┐ ┌────────────┐ │ -│ │ Browser │ │ Git │ │ Terminal │ │ -│ │ Automation │ │ Operations │ │ Service │ │ -│ │(chromiumoxide)│ │(git2) │ │(xterm.js) │ │ -│ └────────────┘ └────────────┘ └────────────┘ │ -└────────────────────────┬────────────────────────────────────┘ - │ - ▼ -┌─────────────────────────────────────────────────────────────┐ -│ GENERATED OUTPUT │ -│ - PostgreSQL tables │ -│ - HTML pages with HTMX │ -│ - CSS styling │ -│ - JavaScript │ -│ - BASIC tools/schedulers │ -│ - E2E tests (Playwright) │ -└─────────────────────────────────────────────────────────────┘ -``` - ---- - -## Implementation Phases - -### Phase 1: Code Editor Integration (P0 - Critical) - -**Goal:** Replace textarea with professional code editor - -**Tasks:** - -1. **Download Monaco Editor** - ```bash - cd botui - npm install monaco-editor@0.45.0 - cp -r node_modules/monaco-editor min/vs ui/suite/js/vendor/ - ``` - -2. **Create Editor Component** - - `botui/ui/suite/partials/editor.html` - - Monaco container with tab bar - - File tree sidebar - - Save/Publish buttons - -3. **Editor JavaScript** - - `botui/ui/suite/js/editor.js` - - Monaco initialization - - Language detection (.html, .css, .js, .bas, .json) - - Tab management (open, close, switch) - - Auto-save with WebSocket sync - -4. **API Endpoints** - - `botserver/src/api/editor.rs` - - GET `/api/editor/file/{path}` - Read file - - POST `/api/editor/file/{path}` - Save file - - GET `/api/editor/files` - List files - -5. **Integration** - - Update `chat-agent-mode.html` - replace textarea with Monaco - - Update `vibe.html` - add editor panel - - Add keyboard shortcuts (Ctrl+S, Ctrl+P, Ctrl+Shift+F) - -**Success Criteria:** -- Monaco loads in < 2 seconds -- Syntax highlighting for 5+ languages -- Multi-file tabs work -- Auto-save completes successfully - -**Estimated Effort:** 8-12 hours - ---- - -### Phase 2: Database UI & Schema Visualization (P0 - Critical) - -**Goal:** Visual database management and query builder - -**Tasks:** - -1. **Schema Visualizer Component** - - `botui/ui/suite/partials/database.html` - - Canvas-based ER diagram - - Table cards with fields - - Relationship lines (foreign keys) - - Zoom/pan controls - -2. **Database JavaScript** - - `botui/ui/suite/js/database.js` - - Fetch schema: `/api/database/schema` - - Render tables using Canvas API - - Click table → show field details - - Drag to rearrange - -3. **Query Builder UI** - - Visual SELECT builder - - Table selection dropdown - - Join interface - - Filter conditions - - SQL preview pane - -4. **Data Grid** - - Sortable columns - - Inline editing - - Pagination - - Export (CSV/JSON) - -5. **Backend API** - - `botserver/src/api/database.rs` - - GET `/api/database/schema` - Tables, fields, relationships - - GET `/api/database/table/{name}/data` - Paginated data - - POST `/api/database/query` - Execute SQL - - POST `/api/database/table/{name}/row` - Insert/update - - DELETE `/api/database/table/{name}/row/{id}` - Delete - -**Success Criteria:** -- ER diagram shows all tables -- Query builder generates valid SQL -- Data grid supports inline edits -- Export works correctly - -**Estimated Effort:** 16-20 hours - ---- - -### Phase 3: Git Operations UI (P1 - High Priority) - -**Goal:** Version control interface in Vibe - -**Tasks:** - -1. **Git Status Panel** - - `botui/ui/suite/partials/git-status.html` - - File list with status icons - - Stage/unstage checkboxes - - "Commit" button - -2. **Diff Viewer** - - `botui/ui/suite/partials/git-diff.html` - - Side-by-side comparison - - Line highlighting (green/red) - - Syntax highlighting - -3. **Commit Interface** - - Message input - - "Commit & Push" button - - Progress indicator - -4. **Branch Manager** - - Branch dropdown - - "New Branch" dialog - - Switch/delete actions - -5. **Commit Timeline** - - Vertical timeline - - Author, date, message - - Click → view diff - -6. **Backend API** - - `botserver/src/api/git.rs` - - GET `/api/git/status` - Git status - - GET `/api/git/diff/{file}` - File diff - - POST `/api/git/commit` - Create commit - - POST `/api/git/push` - Push to remote - - GET `/api/git/branches` - List branches - - POST `/api/git/branch/{name}` - Create/switch - - GET `/api/git/log` - Commit history - -**Success Criteria:** -- Git status displays correctly -- Diff viewer shows side-by-side -- Commit workflow works end-to-end -- Branch switching succeeds - -**Estimated Effort:** 12-16 hours - ---- - -### Phase 4: Browser Automation Engine (P1 - High Priority) - -**Goal:** Pure Rust browser automation for testing & recording - -**Why Rust + Chromiumoxide:** -- ✅ Already in workspace: `chromiumoxide = "0.7"` -- ✅ No Node.js dependency -- ✅ Feature flag exists: `browser` in botserver/Cargo.toml -- ✅ Reference implementation: bottest/src/web/browser.rs (1000+ lines) - -**Tasks:** - -1. **Core Browser Module** - - `botserver/src/browser/mod.rs` - - `BrowserSession` - Manage browser instance - - `BrowserManager` - Session lifecycle - - Methods: `navigate()`, `click()`, `fill()`, `screenshot()`, `execute()` - - ```rust - pub struct BrowserSession { - id: String, - browser: Arc, - page: Arc>, - created_at: DateTime, - } - - impl BrowserSession { - pub async fn new(headless: bool) -> Result; - pub async fn navigate(&self, url: &str) -> Result<()>; - pub async fn click(&self, selector: &str) -> Result<()>; - pub async fn fill(&self, selector: &str, text: &str) -> Result<()>; - pub async fn screenshot(&self) -> Result>; - pub async fn execute(&self, script: &str) -> Result; - } - ``` - -2. **Action Recorder** - - `botserver/src/browser/recorder.rs` - - `RecordedAction` - Navigate, Click, Fill, Wait, Assert - - `ActionRecorder` - Record/stop/export - - Export as Playwright test - - ```rust - #[derive(Serialize, Deserialize)] - pub struct RecordedAction { - pub timestamp: i64, - pub action_type: ActionType, - pub selector: Option, - pub value: Option, - } - - impl ActionRecorder { - pub fn start(&mut self); - pub fn stop(&mut self) -> Vec; - pub fn export_test_script(&self) -> String; - } - ``` - -3. **Test Validator** - - `botserver/src/browser/validator.rs` - - Check for flaky selectors - - Validate wait conditions - - Suggest improvements via Designer AI - -4. **Browser API** - - `botserver/src/browser/api.rs` - - POST `/api/browser/session` - Create session - - POST `/api/browser/session/:id/execute` - Run action - - GET `/api/browser/session/:id/screenshot` - Capture - - POST `/api/browser/session/:id/record/start` - Start recording - - POST `/api/browser/session/:id/record/stop` - Stop & get actions - - GET `/api/browser/session/:id/record/export` - Export test - -5. **Vibe UI - Browser Panel** - - `botui/ui/suite/partials/browser-controls.html` - - URL bar with navigation buttons - - Record/Stop/Export buttons - - Actions timeline - - Browser preview iframe - - Screenshot gallery - - - `botui/ui/suite/js/browser.js` - ```javascript - let currentSessionId = null; - let isRecording = false; - let recordedActions = []; - - async function initBrowser() { - const resp = await fetch('/api/browser/session', { - method: 'POST', - body: JSON.stringify({ headless: false }) - }); - currentSessionId = (await resp.json()).id; - } - - async function browserNavigate(url) { - if (isRecording) { - recordedActions.push({ - type: 'navigate', - value: url, - timestamp: Date.now() - }); - } - await executeAction('navigate', { url }); - } - - async function browserClick(selector) { - if (isRecording) { - recordedActions.push({ - type: 'click', - selector: selector, - timestamp: Date.now() - }); - } - await executeAction('click', { selector }); - } - - async function exportTest() { - const resp = await fetch(`/api/browser/session/${currentSessionId}/record/export`); - const data = await resp.json(); - - // Download test file - const blob = new Blob([data.script], { type: 'text/javascript' }); - const a = document.createElement('a'); - a.href = URL.createObjectURL(blob); - a.download = `test-${Date.now()}.spec.js`; - a.click(); - } - ``` - - - `botui/ui/suite/css/browser.css` - - Browser panel styling - - Recording indicator animation - - Actions timeline - - Screenshot gallery grid - -6. **Integration with Vibe** - - Add "Browser Automation" button to Vibe toolbar - - Load browser-controls.html in panel - - Element picker for selector capture - - Screenshot capture & gallery - -**Usage Example:** -```javascript -// In Vibe UI -openBrowserPanel(); -toggleRecording(); // Start recording -browserNavigate('http://localhost:3000/my-crm'); -browserClick('#create-btn'); -browserFill('#name', 'Test'); -browserClick('#save-btn'); -toggleRecording(); // Stop recording -exportTest(); // Download test-123.spec.js -``` - -**Generated Test Output:** -```javascript -import { test, expect } from '@playwright/test'; - -test('Recorded test', async ({ page }) => { - await page.goto('http://localhost:3000/my-crm'); - await page.click('#create-btn'); - await page.fill('#name', 'Test'); - await page.click('#save-btn'); -}); -``` - -**Success Criteria:** -- Can navigate to any URL -- Element picker captures selectors -- Recording generates valid Playwright tests -- Screenshots capture correctly - -**Estimated Effort:** 20-24 hours - ---- - -### Phase 5: Multi-File Editing Workspace (P2 - Medium Priority) - -**Goal:** Professional multi-file editing - -**Tasks:** - -1. **Tab Management** - - File tabs with close buttons - - Active tab highlighting - - Tab overflow scrolling - - Drag to reorder - -2. **Split-Pane Layout** - - Split horizontal/vertical buttons - - Resize handles - - 2x2 grid max - -3. **File Comparison** - - Side-by-side diff - - Line-by-line navigation - - Copy changes (L→R) - -4. **File Tree Sidebar** - - Nested folders - - File type icons - - Expand/collapse - - Double-click to open - -5. **Quick Open** - - Ctrl+P → Search files - - Fuzzy matching - - Arrow navigation - -6. **Project Search** - - Ctrl+Shift+F → Search all files - - Results with line numbers - - Click to open file - -**Success Criteria:** -- 10+ files open in tabs -- Split view works (2-4 panes) -- File comparison displays diffs -- Quick open searches files - -**Estimated Effort:** 12-16 hours - ---- - -### Phase 6: Enhanced Terminal (P2 - Medium Priority) - -**Goal:** Interactive shell in Vibe - -**Tasks:** - -1. **Terminal Container** - - xterm.js integration (already vendor file) - - Multiple terminal tabs - - Fit addon for auto-resize - -2. **WebSocket Terminal** - - Bi-directional WebSocket: `/ws/terminal/{session_id}` - - Protocol: `{"type": "input", "data": "command\n"}` - - Handle ANSI escape codes - -3. **Command History** - - Up/Down arrows - - Ctrl+R search - - Persist in localStorage - -4. **Command Completion** - - Tab completion - - File path completion - - Command flags - -5. **Backend Terminal Server** - - Spawn PTY per session - - WebSocket handler - - Clean up on disconnect - -6. **File Transfer** - - Drag file to upload - - `upload` / `download` commands - - Progress bars - -**Success Criteria:** -- Can type commands & see output -- Arrow keys navigate history -- Can run vim, top, etc. -- Multiple terminals work - -**Estimated Effort:** 10-14 hours - ---- - -### Phase 7: Advanced CRM Templates (P2 - Medium Priority) - -**Goal:** Pre-built CRM accelerators - -**Tasks:** - -1. **Template System** - - `botserver/src/templates/crm/` - - Template JSON definitions - - Prompt templates - - Field libraries - -2. **CRM Templates** - - **Sales CRM** - - Tables: contacts, leads, opportunities, accounts, activities - - Pages: dashboard, pipeline, contacts list - - Tools: lead_scoring, email_automation - - Schedulers: daily_summary, weekly_review - - - **Real Estate CRM** - - Tables: properties, clients, showings, offers - - Pages: property gallery, client portal - - Tools: mls_sync, showing_scheduler - - Schedulers: showing_reminders, market_update - - - **Healthcare CRM** - - Tables: patients, appointments, treatments, insurance - - Pages: patient portal, appointment scheduler - - Tools: insurance_verification, appointment_reminders - - Schedulers: daily_appointments, insurance_alerts - -3. **Template Gallery UI** - - `botui/ui/suite/partials/template-gallery.html` - - Template cards with descriptions - - Preview screenshots - - "Use Template" button - -4. **Template Generator** - - Load template JSON - - Customize with user details - - Generate all files - - Deploy to /apps/{name} - -**Success Criteria:** -- Can select template from gallery -- Template generates full CRM -- Customization works -- Generated CRM is functional - -**Estimated Effort:** 20-24 hours - ---- - -## Technical Implementation Notes - -### Code Quality Standards (per AGENTS.md) - -**MUST Follow:** -1. ✅ **Error Handling** - NO panics, use `?` operator -2. ✅ **Safe Commands** - Use `SafeCommand` wrapper -3. ✅ **Error Sanitization** - Use `ErrorSanitizer` -4. ✅ **SQL Safety** - Use `sql_guard` -5. ✅ **Rate Limiting** - Per-IP and per-User limits -6. ✅ **CSRF Protection** - CSRF tokens on state-changing endpoints -7. ✅ **Security Headers** - CSP, HSTS, X-Frame-Options, etc. -8. ✅ **No CDNs** - All assets local -9. ✅ **File Size** - Max 450 lines per file -10. ✅ **Clippy Clean** - 0 warnings, no `#[allow()]` - -### File Organization - -**Botui (Frontend):** -``` -botui/ui/suite/ - partials/ - editor.html - database.html - git-status.html - git-diff.html - browser-controls.html - terminal.html - template-gallery.html - js/ - editor.js - database.js - git.js - browser.js - terminal.js - templates.js - css/ - editor.css - database.css - git.css - browser.css - terminal.css - templates.css -``` - -**Botserver (Backend):** -``` -botserver/src/ - api/ - editor.rs - database.rs - git.rs - browser/ - mod.rs # BrowserSession, BrowserManager - recorder.rs # ActionRecorder - validator.rs # TestValidator - api.rs # HTTP endpoints - test_generator.rs - templates/ - crm/ - sales.json - real_estate.json - healthcare.json - mod.rs -``` - -### Dependencies - -**Already in Workspace:** -```toml -chromiumoxide = "0.7" # Browser automation -tokio = "1.41" # Async runtime -axum = "0.7" # HTTP framework -diesel = "2.1" # Database -git2 = "0.18" # Git operations (add if needed) -``` - -**Frontend (download & serve locally):** -``` -monaco-editor@0.45.0 # Code editor -xterm.js@5.3.0 # Terminal (already vendor file) -``` - ---- - -## Testing Strategy - -### Unit Tests -- All new modules need unit tests -- Test coverage > 80% -- Location: `botserver/src//tests.rs` - -### Integration Tests -- End-to-end workflows -- Location: `bottest/tests/integration/` - -### E2E Tests -- Use chromiumoxide (bottest infrastructure) -- Location: `bottest/tests/e2e/` -- Test scenarios: - - Generate CRM from template - - Edit in Monaco editor - - View database schema - - Create git commit - - Record browser test - ---- - -## Rollout Plan - -### Milestone 1: Core Editor (Week 1) -- Phase 1 complete (Monaco integration) - -### Milestone 2: Database & Git (Week 2) -- Phase 2 complete (Database UI) -- Phase 3 complete (Git Operations) - -### Milestone 3: Browser & Workspace (Week 3) -- Phase 4 complete (Browser Automation) -- Phase 5 complete (Multi-File Editing) - -### Milestone 4: Terminal & Templates (Week 4) -- Phase 6 complete (Enhanced Terminal) -- Phase 7 complete (CRM Templates) - ---- - -## Success Metrics - -### Phase 1: Code Editor -- Monaco loads < 2 seconds -- 5+ syntax highlighters work -- Multi-file tabs functional -- Auto-save succeeds - -### Phase 2: Database UI -- Schema visualizer displays all tables -- Query builder generates valid SQL -- Data grid supports inline edits -- Export functionality works - -### Phase 3: Git Operations -- Git status shows changed files -- Diff viewer shows side-by-side -- Commit workflow works -- Branch switching succeeds - -### Phase 4: Browser Automation -- Can navigate to any URL -- Element picker captures selectors -- Recording generates valid tests -- Screenshots capture correctly - -### Phase 5: Multi-File Workspace -- 10+ files open in tabs -- Split view supports 2-4 panes -- File comparison works -- Project search is fast (< 1s for 100 files) - -### Phase 6: Terminal -- Interactive shell works -- Can run vim, top, etc. -- Multiple terminals run simultaneously -- File transfer works - -### Phase 7: CRM Templates -- 3+ CRM templates available -- Generation takes < 30 seconds -- Generated CRMs are fully functional -- Industry-specific features work - ---- - -## Conclusion - -The BotUI platform already has a **powerful backend** capable of generating full applications via LLM. The main gaps are in the **frontend user experience**. - -Once these 7 phases are complete, VibeCode will match or exceed Claude Code's capabilities while offering: - -✅ **Multi-user SaaS deployment** -✅ **Visual app building** (Vibe Builder) -✅ **Enterprise-grade multi-agent orchestration** -✅ **Pure Rust backend** (no Node.js dependency) -✅ **Integrated browser automation** (chromiumoxide) -✅ **Professional development environment** - -The biggest advantage: VibeCode can already **generate working CRMs** via the LLM pipeline. These phases add the **professional UI tools** to make it a complete development environment. - -**Total Estimated Effort:** 98-126 hours (~3-4 weeks with 1 developer) diff --git a/yarn.lock b/yarn.lock deleted file mode 100644 index 8f40338..0000000 --- a/yarn.lock +++ /dev/null @@ -1,175 +0,0 @@ -# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY. -# yarn lockfile v1 - - -"@playwright/test@^1.58.2": - version "1.58.2" - resolved "https://registry.npmjs.org/@playwright/test/-/test-1.58.2.tgz" - integrity sha512-akea+6bHYBBfA9uQqSYmlJXn61cTa+jbO87xVLCWbTqbWadRVmhxlXATaOjOgcBaWU4ePo0wB41KMFv3o35IXA== - dependencies: - playwright "1.58.2" - -"@types/node@^25.2.0": - version "25.2.0" - resolved "https://registry.npmjs.org/@types/node/-/node-25.2.0.tgz" - integrity sha512-DZ8VwRFUNzuqJ5khrvwMXHmvPe+zGayJhr2CDNiKB1WBE1ST8Djl00D0IC4vvNmHMdj6DlbYRIaFE7WHjlDl5w== - dependencies: - undici-types "~7.16.0" - -buffer-equal-constant-time@^1.0.1: - version "1.0.1" - resolved "https://registry.npmjs.org/buffer-equal-constant-time/-/buffer-equal-constant-time-1.0.1.tgz" - integrity sha512-zRpUiDwd/xk6ADqPMATG8vc9VPrkck7T07OIx0gnjmJAnHnTVXNQG3vfvWNuiZIkwu9KrKdA1iJKfsfTVxE6NA== - -data-uri-to-buffer@^4.0.0: - version "4.0.1" - resolved "https://registry.npmjs.org/data-uri-to-buffer/-/data-uri-to-buffer-4.0.1.tgz" - integrity sha512-0R9ikRb668HB7QDxT1vkpuUBtqc53YyAwMwGeUFKRojY/NWKvdZ+9UYtRfGmhqNbRkTSVpMbmyhXipFFv2cb/A== - -ecdsa-sig-formatter@1.0.11: - version "1.0.11" - resolved "https://registry.npmjs.org/ecdsa-sig-formatter/-/ecdsa-sig-formatter-1.0.11.tgz" - integrity sha512-nagl3RYrbNv6kQkeJIpt6NJZy8twLB/2vtz6yN9Z4vRKHN4/QZJIEbqohALSgwKdnksuY3k5Addp5lg8sVoVcQ== - dependencies: - safe-buffer "^5.0.1" - -fetch-blob@^3.1.2, fetch-blob@^3.1.4: - version "3.2.0" - resolved "https://registry.npmjs.org/fetch-blob/-/fetch-blob-3.2.0.tgz" - integrity sha512-7yAQpD2UMJzLi1Dqv7qFYnPbaPx7ZfFK6PiIxQ4PfkGPyNyl2Ugx+a/umUonmKqjhM4DnfbMvdX6otXq83soQQ== - dependencies: - node-domexception "^1.0.0" - web-streams-polyfill "^3.0.3" - -formdata-polyfill@^4.0.10: - version "4.0.10" - resolved "https://registry.npmjs.org/formdata-polyfill/-/formdata-polyfill-4.0.10.tgz" - integrity sha512-buewHzMvYL29jdeQTVILecSaZKnt/RJWjoZCF5OW60Z67/GmSLBkOFM7qh1PI3zFNtJbaZL5eQu1vLfazOwj4g== - dependencies: - fetch-blob "^3.1.2" - -jsonwebtoken@^9.0.3: - version "9.0.3" - resolved "https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-9.0.3.tgz" - integrity sha512-MT/xP0CrubFRNLNKvxJ2BYfy53Zkm++5bX9dtuPbqAeQpTVe0MQTFhao8+Cp//EmJp244xt6Drw/GVEGCUj40g== - dependencies: - jws "^4.0.1" - lodash.includes "^4.3.0" - lodash.isboolean "^3.0.3" - lodash.isinteger "^4.0.4" - lodash.isnumber "^3.0.3" - lodash.isplainobject "^4.0.6" - lodash.isstring "^4.0.1" - lodash.once "^4.0.0" - ms "^2.1.1" - semver "^7.5.4" - -jwa@^2.0.1: - version "2.0.1" - resolved "https://registry.npmjs.org/jwa/-/jwa-2.0.1.tgz" - integrity sha512-hRF04fqJIP8Abbkq5NKGN0Bbr3JxlQ+qhZufXVr0DvujKy93ZCbXZMHDL4EOtodSbCWxOqR8MS1tXA5hwqCXDg== - dependencies: - buffer-equal-constant-time "^1.0.1" - ecdsa-sig-formatter "1.0.11" - safe-buffer "^5.0.1" - -jws@^4.0.1: - version "4.0.1" - resolved "https://registry.npmjs.org/jws/-/jws-4.0.1.tgz" - integrity sha512-EKI/M/yqPncGUUh44xz0PxSidXFr/+r0pA70+gIYhjv+et7yxM+s29Y+VGDkovRofQem0fs7Uvf4+YmAdyRduA== - dependencies: - jwa "^2.0.1" - safe-buffer "^5.0.1" - -lodash.includes@^4.3.0: - version "4.3.0" - resolved "https://registry.npmjs.org/lodash.includes/-/lodash.includes-4.3.0.tgz" - integrity sha512-W3Bx6mdkRTGtlJISOvVD/lbqjTlPPUDTMnlXZFnVwi9NKJ6tiAk6LVdlhZMm17VZisqhKcgzpO5Wz91PCt5b0w== - -lodash.isboolean@^3.0.3: - version "3.0.3" - resolved "https://registry.npmjs.org/lodash.isboolean/-/lodash.isboolean-3.0.3.tgz" - integrity sha512-Bz5mupy2SVbPHURB98VAcw+aHh4vRV5IPNhILUCsOzRmsTmSQ17jIuqopAentWoehktxGd9e/hbIXq980/1QJg== - -lodash.isinteger@^4.0.4: - version "4.0.4" - resolved "https://registry.npmjs.org/lodash.isinteger/-/lodash.isinteger-4.0.4.tgz" - integrity sha512-DBwtEWN2caHQ9/imiNeEA5ys1JoRtRfY3d7V9wkqtbycnAmTvRRmbHKDV4a0EYc678/dia0jrte4tjYwVBaZUA== - -lodash.isnumber@^3.0.3: - version "3.0.3" - resolved "https://registry.npmjs.org/lodash.isnumber/-/lodash.isnumber-3.0.3.tgz" - integrity sha512-QYqzpfwO3/CWf3XP+Z+tkQsfaLL/EnUlXWVkIk5FUPc4sBdTehEqZONuyRt2P67PXAk+NXmTBcc97zw9t1FQrw== - -lodash.isplainobject@^4.0.6: - version "4.0.6" - resolved "https://registry.npmjs.org/lodash.isplainobject/-/lodash.isplainobject-4.0.6.tgz" - integrity sha512-oSXzaWypCMHkPC3NvBEaPHf0KsA5mvPrOPgQWDsbg8n7orZ290M0BmC/jgRZ4vcJ6DTAhjrsSYgdsW/F+MFOBA== - -lodash.isstring@^4.0.1: - version "4.0.1" - resolved "https://registry.npmjs.org/lodash.isstring/-/lodash.isstring-4.0.1.tgz" - integrity sha512-0wJxfxH1wgO3GrbuP+dTTk7op+6L41QCXbGINEmD+ny/G/eCqGzxyCsh7159S+mgDDcoarnBw6PC1PS5+wUGgw== - -lodash.once@^4.0.0: - version "4.1.1" - resolved "https://registry.npmjs.org/lodash.once/-/lodash.once-4.1.1.tgz" - integrity sha512-Sb487aTOCr9drQVL8pIxOzVhafOjZN9UU54hiN8PU3uAiSV7lx1yYNpbNmex2PK6dSJoNTSJUUswT651yww3Mg== - -ms@^2.1.1: - version "2.1.3" - resolved "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz" - integrity sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA== - -node-domexception@^1.0.0: - version "1.0.0" - resolved "https://registry.npmjs.org/node-domexception/-/node-domexception-1.0.0.tgz" - integrity sha512-/jKZoMpw0F8GRwl4/eLROPA3cfcXtLApP0QzLmUT/HuPCZWyB7IY9ZrMeKw2O/nFIqPQB3PVM9aYm0F312AXDQ== - -node-fetch@^3.3.2: - version "3.3.2" - resolved "https://registry.npmjs.org/node-fetch/-/node-fetch-3.3.2.tgz" - integrity sha512-dRB78srN/l6gqWulah9SrxeYnxeddIG30+GOqK/9OlLVyLg3HPnr6SqOWTWOXKRwC2eGYCkZ59NNuSgvSrpgOA== - dependencies: - data-uri-to-buffer "^4.0.0" - fetch-blob "^3.1.4" - formdata-polyfill "^4.0.10" - -playwright-core@1.58.2: - version "1.58.2" - resolved "https://registry.npmjs.org/playwright-core/-/playwright-core-1.58.2.tgz" - integrity sha512-yZkEtftgwS8CsfYo7nm0KE8jsvm6i/PTgVtB8DL726wNf6H2IMsDuxCpJj59KDaxCtSnrWan2AeDqM7JBaultg== - -playwright@1.58.2: - version "1.58.2" - resolved "https://registry.npmjs.org/playwright/-/playwright-1.58.2.tgz" - integrity sha512-vA30H8Nvkq/cPBnNw4Q8TWz1EJyqgpuinBcHET0YVJVFldr8JDNiU9LaWAE1KqSkRYazuaBhTpB5ZzShOezQ6A== - dependencies: - playwright-core "1.58.2" - optionalDependencies: - fsevents "2.3.2" - -safe-buffer@^5.0.1: - version "5.2.1" - resolved "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz" - integrity sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ== - -semver@^7.5.4: - version "7.7.4" - resolved "https://registry.npmjs.org/semver/-/semver-7.7.4.tgz" - integrity sha512-vFKC2IEtQnVhpT78h1Yp8wzwrf8CM+MzKMHGJZfBtzhZNycRFnXsHk6E5TxIkkMsgNS7mdX3AGB7x2QM2di4lA== - -undici-types@~7.16.0: - version "7.16.0" - resolved "https://registry.npmjs.org/undici-types/-/undici-types-7.16.0.tgz" - integrity sha512-Zz+aZWSj8LE6zoxD+xrjh4VfkIG8Ya6LvYkZqtUQGJPZjYl53ypCaUwWqo7eI0x66KBGeRo+mlBEkMSeSZ38Nw== - -web-streams-polyfill@^3.0.3: - version "3.3.3" - resolved "https://registry.npmjs.org/web-streams-polyfill/-/web-streams-polyfill-3.3.3.tgz" - integrity sha512-d2JWLCivmZYTSIoge9MsgFCZrt571BikcWGYkjC1khllbTeDlGqZ2D8vD8E/lJa8WGWbb7Plm8/XJYV7IJHZZw== - -ws@^8.19.0: - version "8.19.0" - resolved "https://registry.npmjs.org/ws/-/ws-8.19.0.tgz" - integrity sha512-blAT2mjOEIi0ZzruJfIhb3nps74PRWTCz1IjglWEEpQl5XS/UNama6u2/rjFkDDouqr4L67ry+1aGIALViWjDg== diff --git a/zit.md b/zit.md deleted file mode 100644 index 40e10ba..0000000 --- a/zit.md +++ /dev/null @@ -1,440 +0,0 @@ -# Zitadel OAuth Client Automatic Creation - Action Plan - -## Current Status (March 1, 2026) - -### ✅ FIXED: Health Check & Proxy Issues - -**Problems Fixed:** -1. Zitadel health checks used port **9000** but Zitadel runs on port **8300** -2. BotUI proxy used `https://localhost:9000` but BotServer runs on `http://localhost:8080` -3. Directory base URL used port 9000 instead of 8300 - -**Files Fixed:** -1. `botserver/src/core/bootstrap/bootstrap_utils.rs` - Health check port 9000 → 8300 -2. `botserver/src/core/package_manager/installer.rs` - ZITADEL_EXTERNALPORT and check_cmd 9000 → 8300 -3. `botserver/src/core/directory/api.rs` - Health check URL to port 8300 -4. `botlib/src/http_client.rs` - DEFAULT_BOTSERVER_URL to http://localhost:8080 -5. `botserver/src/core/urls.rs` - DIRECTORY_BASE to port 8300 - -**Results:** -- ✅ Zitadel health check: 2 seconds (was 300 seconds) -- ✅ BotUI proxy: correct routing to BotServer -- ✅ Bootstrap completes successfully -- ✅ No more 502 Bad Gateway errors - -### ❌ REMAINING: OAuth Client Not Created - -**Problem:** -```json -{ - "error": "Authentication service not configured", - "details": "OAuth client credentials not available" -} -``` - -**Root Cause:** -- File `botserver-stack/conf/system/directory_config.json` is **MISSING** -- Bootstrap cannot extract Zitadel credentials from logs -- OAuth client creation fails -- Login fails - -## Root Cause Analysis - -### Why the Previous Fix Failed - -The commit `86cfccc2` (Jan 6, 2026) added: -- `extract_initial_admin_from_log()` to parse Zitadel logs -- Password grant authentication support -- Directory config saving - -**But it doesn't work because:** -1. **Zitadel doesn't log credentials** in the expected format -2. Log parsing returns `None` -3. Without credentials, OAuth client creation fails -4. Config file is never created -5. **Chicken-and-egg problem persists** - -### The Real Solution - -**Instead of parsing logs, the bootstrap should:** -1. **Generate admin credentials** using `generate_secure_password()` -2. **Create admin user in Zitadel** using Zitadel's Management API -3. **Use those exact credentials** to create OAuth client -4. **Save config** to `botserver-stack/conf/system/directory_config.json` -5. **Display credentials** to user via console and `~/.gb-setup-credentials` - -## Automatic Solution Design - -### Architecture - -``` -Bootstrap Flow (First Run): -1. Start Zitadel service -2. Wait for Zitadel to be ready (health check) -3. Check if directory_config.json exists - - If YES: Load config, skip creation - - If NO: Proceed to step 4 -4. Generate admin credentials (username, email, password) -5. Create admin user in Zitadel via Management API -6. Create OAuth application via Management API -7. Save directory_config.json to botserver-stack/conf/system/ -8. Display credentials to user -9. Continue bootstrap - -Bootstrap Flow (Subsequent Runs): -1. Start Zitadel service -2. Wait for Zitadel to be ready -3. Check if directory_config.json exists - - If YES: Load config, verify OAuth client - - If NO: Run first-run flow -4. Continue bootstrap -``` - -### Key Changes Required - -#### 1. Fix `setup_directory()` in `mod.rs` - -**Current approach (broken):** -```rust -// Try to extract credentials from log -let credentials = extract_initial_admin_from_log(&log_path); -if let Some((email, password)) = credentials { - // Use credentials -} -``` - -**New approach:** -```rust -// Check if config exists -let config_path = PathBuf::from("botserver-stack/conf/system/directory_config.json"); -if config_path.exists() { - // Load existing config - return load_config(&config_path); -} - -// Generate new credentials -let username = "admin"; -let email = "admin@localhost"; -let password = generate_secure_password(); - -// Create admin user in Zitadel -let setup = DirectorySetup::new_with_credentials( - base_url, - Some((email.clone(), password.clone())) -); - -let admin_user = setup.create_admin_user(username, email, &password).await?; - -// Create OAuth client -let oauth_client = setup.create_oauth_application().await?; - -// Save config -let config = DirectoryConfig { - base_url, - admin_token: admin_user.pat_token, - client_id: oauth_client.client_id, - client_secret: oauth_client.client_secret, - // ... other fields -}; - -save_config(&config_path, &config)?; - -// Display credentials to user -print_bootstrap_credentials(&config, &password); - -Ok(config) -``` - -#### 2. Add `create_admin_user()` to `DirectorySetup` - -```rust -impl DirectorySetup { - pub async fn create_admin_user( - &self, - username: &str, - email: &str, - password: &str, - ) -> Result { - // Use Zitadel Management API to create user - // Endpoint: POST /management/v1/users/human - - let user_payload = json!({ - "userName": username, - "profile": { - "firstName": "Admin", - "lastName": "User" - }, - "email": { - "email": email, - "isEmailVerified": true - }, - "password": password, - "passwordChangeRequired": false - }); - - let response = self.client - .post(format!("{}/management/v1/users/human", self.base_url)) - .json(&user_payload) - .send() - .await?; - - // Extract user ID and create PAT token - // ... - } -} -``` - -#### 3. Ensure Directory Creation in `save_config()` - -```rust -fn save_config(path: &Path, config: &DirectoryConfig) -> Result<()> { - // Create parent directory if it doesn't exist - if let Some(parent) = path.parent() { - fs::create_dir_all(parent) - .map_err(|e| anyhow!("Failed to create config directory: {}", e))?; - } - - // Write config - let json = serde_json::to_string_pretty(config)?; - fs::write(path, json) - .map_err(|e| anyhow!("Failed to write config file: {}", e))?; - - info!("Saved Directory configuration to {}", path.display()); - Ok(()) -} -``` - -#### 4. Update Config File Path - -**Old path:** `config/directory_config.json` -**New path:** `botserver-stack/conf/system/directory_config.json` - -Update all references in: -- `botserver/src/core/package_manager/mod.rs` -- `botserver/src/core/bootstrap/bootstrap_manager.rs` -- `botserver/src/main_module/bootstrap.rs` - -## Implementation Steps - -### Step 1: Create Admin User via API - -**File:** `botserver/src/core/package_manager/setup/directory_setup.rs` - -Add method to create admin user: -```rust -pub async fn create_admin_user( - &self, - username: &str, - email: &str, - password: &str, -) -> Result { - // Implementation using Zitadel Management API -} -``` - -### Step 2: Update setup_directory() - -**File:** `botserver/src/core/package_manager/mod.rs` - -Replace log parsing with direct user creation: -```rust -pub async fn setup_directory() -> Result { - let config_path = PathBuf::from("botserver-stack/conf/system/directory_config.json"); - - // Check existing config - if config_path.exists() { - return load_config(&config_path); - } - - // Generate credentials - let password = generate_secure_password(); - let email = "admin@localhost"; - let username = "admin"; - - // Create admin and OAuth client - let setup = DirectorySetup::new(base_url); - let admin = setup.create_admin_user(username, email, &password).await?; - let oauth = setup.create_oauth_application(&admin.token).await?; - - // Save config - let config = DirectoryConfig { /* ... */ }; - save_config(&config_path, &config)?; - - // Display credentials - print_credentials(username, email, &password); - - Ok(config) -} -``` - -### Step 3: Fix save_config() - -**File:** `botserver/src/core/package_manager/setup/directory_setup.rs` - -Ensure parent directory exists: -```rust -async fn save_config_internal(&self, config: &DirectoryConfig) -> Result<()> { - let path = PathBuf::from("botserver-stack/conf/system/directory_config.json"); - - if let Some(parent) = path.parent() { - fs::create_dir_all(parent)?; - } - - let json = serde_json::to_string_pretty(config)?; - fs::write(&path, json)?; - - Ok(()) -} -``` - -### Step 4: Remove Log Parsing - -**File:** `botserver/src/core/package_manager/mod.rs` - -Delete or deprecate `extract_initial_admin_from_log()` function - it's not reliable. - -## Config File Structure - -**Location:** `botserver-stack/conf/system/directory_config.json` - -```json -{ - "base_url": "http://localhost:8300", - "default_org": { - "id": "", - "name": "General Bots", - "domain": "localhost" - }, - "default_user": { - "id": "", - "username": "admin", - "email": "admin@localhost", - "password": "", - "first_name": "Admin", - "last_name": "User" - }, - "admin_token": "", - "project_id": "", - "client_id": "", - "client_secret": "" -} -``` - -## Expected Bootstrap Flow - -### First Run (No Config) - -``` -[Bootstrap] Starting Zitadel/Directory service... -[Bootstrap] Directory service started, waiting for readiness... -[Bootstrap] Zitadel/Directory service is responding -[Bootstrap] No directory_config.json found, initializing new setup -[Bootstrap] Generated admin password: Xk9#mP2$vL5@nQ8& -[Bootstrap] Creating admin user in Zitadel... -[Bootstrap] Admin user created: admin@localhost -[Bootstrap] Creating OAuth application... -[Bootstrap] OAuth client created: client_id=123456789 -[Bootstrap] Saved Directory configuration to botserver-stack/conf/system/directory_config.json - -╔════════════════════════════════════════════════════════════╗ -║ 🔐 ADMIN LOGIN - READY TO USE ║ -╠════════════════════════════════════════════════════════════╣ -║ ║ -║ Username: admin ║ -║ Password: Xk9#mP2$vL5@nQ8& ║ -║ Email: admin@localhost ║ -║ ║ -║ 🌐 LOGIN NOW: http://localhost:3000/suite/login ║ -║ ║ -╚════════════════════════════════════════════════════════════╝ - -[Bootstrap] OAuth client created successfully -[Bootstrap] Bootstrap process completed! -``` - -### Subsequent Runs (Config Exists) - -``` -[Bootstrap] Starting Zitadel/Directory service... -[Bootstrap] Directory service started, waiting for readiness... -[Bootstrap] Zitadel/Directory service is responding -[Bootstrap] Loading existing Directory configuration -[Bootstrap] OAuth client verified: client_id=123456789 -[Bootstrap] Bootstrap process completed! -``` - -## Testing Checklist - -- [ ] Delete existing `botserver-stack/conf/system/directory_config.json` -- [ ] Run `./reset.sh` or restart botserver -- [ ] Verify admin user created in Zitadel -- [ ] Verify OAuth application created in Zitadel -- [ ] Verify `directory_config.json` exists with valid credentials -- [ ] Verify credentials displayed in console -- [ ] Verify `~/.gb-setup-credentials` file created -- [ ] Test login with displayed credentials -- [ ] Verify login returns valid token -- [ ] Restart botserver again -- [ ] Verify config is loaded (not recreated) -- [ ] Verify login still works - -## Files to Modify - -1. **`botserver/src/core/package_manager/mod.rs`** - - Update `setup_directory()` to generate credentials - - Remove `extract_initial_admin_from_log()` or mark deprecated - - Update config path to `botserver-stack/conf/system/directory_config.json` - -2. **`botserver/src/core/package_manager/setup/directory_setup.rs`** - - Add `create_admin_user()` method - - Update `save_config_internal()` to create parent directories - - Update config path - -3. **`botserver/src/core/bootstrap/bootstrap_manager.rs`** - - Update config path reference - - Ensure proper error handling - -4. **`botserver/src/main_module/bootstrap.rs`** - - Update `init_directory_service()` to use new path - -## Benefits of This Approach - -1. **Fully Automatic** - No manual steps required -2. **Reliable** - Doesn't depend on log parsing -3. **Secure** - Generates strong passwords -4. **Repeatable** - Works on every fresh install -5. **User-Friendly** - Displays credentials clearly -6. **Persistent** - Config saved in version-controlled location -7. **Fast** - No waiting for log file parsing - -## Migration from Old Setup - -If `~/.gb-setup-credentials` exists but `directory_config.json` doesn't: - -1. **Option A:** Use existing credentials - - Read credentials from `~/.gb-setup-credentials` - - Create OAuth client with those credentials - - Save to `directory_config.json` - -2. **Option B:** Create new setup - - Ignore old credentials - - Generate new admin password - - Update or replace old credentials file - - Save to `directory_config.json` - -**Recommendation:** Option A (use existing credentials if available) - -## Summary - -**Problem:** OAuth client not created because bootstrap can't extract Zitadel credentials from logs. - -**Solution:** Generate credentials programmatically, create admin user via API, create OAuth client, save config automatically. - -**Result:** Fully automatic, reliable bootstrap that creates all necessary credentials and configuration without manual intervention. - -**Timeline:** -- Implementation: 2-4 hours -- Testing: 1 hour -- Total: 3-5 hours - -**Priority:** HIGH - Blocking login functionality \ No newline at end of file