GeneralBots/gb
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: GeneralBots:main
Branches Tags
GeneralBots:master
GeneralBots:main
GeneralBots:pragmatismo
..
compare: GeneralBots:master
Branches Tags
GeneralBots:main
GeneralBots:master
GeneralBots:pragmatismo

2 commits
main ... master

Author SHA1 Message Date
Rodrigo Rodriguez
aaba2976b4
Update .gitmodules 2026-02-06 17:11:32 -03:00
Rodrigo Rodriguez (Pragmatismo)
116f11cb42 Update all submodules to latest commits 
Includes botui fix for 404 errors with bot name prefixes:
- Removed root-level static routes that conflicted with bot prefixes
- All static assets now properly served under /suite/ path
- Fixes /edu/suite/js/api-client.js and related assets
 2026-02-06 16:30:42 -03:00
53 changed files with 814 additions and 19814 deletions
Show stats Expand all files Collapse all files

1
.bashrc
View file

@ -1 +0,0 @@
export NGROK_AUTHTOKEN=2f3uA0WXL3aDxjABuSWpYTWjjh5_2pqnDyrc7CU4o92UzocEt

8
.env.example
View file

@ -1,8 +0,0 @@
# General Bots Environment Configuration
# Copy this file to .env and fill in values
# NEVER commit .env to version control
# Vault connection
VAULT_ADDR=https://127.0.0.1:8200
VAULT_TOKEN=<your-vault-token-here>
VAULT_CACERT=./botserver-stack/vault/certs/ca.crt

106
.forgejo/workflows/botserver.yaml
View file

@ -1,106 +0,0 @@
name: BotServer CI
on:
push:
branches: ["main"]
pull_request:
branches: ["main"]
env:
CARGO_BUILD_JOBS: 4
CARGO_NET_RETRY: 10
jobs:
build:
runs-on: gbo
steps:
- name: Disable SSL verification
run: git config --global http.sslVerify false
- name: Checkout BotServer Code
uses: actions/checkout@v4
with:
path: botserver
- name: Setup Workspace
run: |
git clone --depth 1 --branch main https://alm.pragmatismo.com.br/GeneralBots/gb.git workspace
cd workspace
git submodule update --init --depth 1 botlib
git submodule update --init --depth 1 botui
# Remove all members except botserver and botlib from workspace
sed -i '/"botapp",/d' Cargo.toml
sed -i '/"botdevice",/d' Cargo.toml
sed -i '/"bottest",/d' Cargo.toml
sed -i '/"botui",/d' Cargo.toml
sed -i '/"botbook",/d' Cargo.toml
sed -i '/"botmodels",/d' Cargo.toml
sed -i '/"botplugin",/d' Cargo.toml
sed -i '/"bottemplates",/d' Cargo.toml
cd ..
rm -rf workspace/botserver
mv botserver workspace/botserver
- name: Cache Busting
run: |
TS=$(date +%s)
cd workspace/botui/ui/suite/chat
mv chat.css chat.$TS.css
mv chat.js chat.$TS.js
sed -i "s/chat.css/chat.$TS.css/g" chat.html
sed -i "s/chat.js/chat.$TS.js/g" chat.html
- name: Install system dependencies
run: |
sudo apt-get update
sudo apt-get install -y libpq-dev libssl-dev liblzma-dev pkg-config
- name: Install Rust
run: |
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain stable --profile minimal
echo "$HOME/.cargo/bin" >> $GITHUB_PATH
- name: Install sccache
run: |
wget https://github.com/mozilla/sccache/releases/download/v0.8.2/sccache-v0.8.2-x86_64-unknown-linux-musl.tar.gz
tar xzf sccache-v0.8.2-x86_64-unknown-linux-musl.tar.gz
mv sccache-v0.8.2-x86_64-unknown-linux-musl/sccache $HOME/.cargo/bin/sccache
chmod +x $HOME/.cargo/bin/sccache
echo "RUSTC_WRAPPER=sccache" >> $GITHUB_ENV
$HOME/.cargo/bin/sccache --start-server || true
- name: Setup environment
run: sudo cp /opt/gbo/bin/system/.env . 2>/dev/null || true
- name: Build BotServer
working-directory: workspace
run: |
cargo build -p botserver -j 8 2>&1 | tee /tmp/build.log
ls -lh target/debug/botserver
sccache --show-stats || true
- name: Save build log
if: always()
run: |
sudo mkdir -p /opt/gbo/logs
sudo cp /tmp/build.log /opt/gbo/logs/botserver-$(date +%Y%m%d-%H%M%S).log || true
- name: Deploy
working-directory: workspace
run: |
lxc exec bot:pragmatismo-system -- systemctl stop system || true
# Deploy Binary
sudo cp target/debug/botserver /opt/gbo/bin/system/
sudo chmod +x /opt/gbo/bin/system/botserver
# Deploy UI Assets (botui)
sudo mkdir -p /opt/gbo/bin/system/botui/ui
sudo cp -r botui/ui/suite /opt/gbo/bin/system/botui/ui/
sudo cp -r botui/ui/themes /opt/gbo/bin/system/botui/ui/ || true
lxc exec bot:pragmatismo-system -- systemctl start system || true

931
.gemini/tasks/multiagent-task-ui-plan.md
View file

@ -1,931 +0,0 @@
# Multi-Agent Task Management UI — Implementation Plan
> **Unifying `auto_task`, `tasks`, `designer` → Draggable Multi-Agent Windows**
---
## 1. High-Level Vision (from Screenshots)
The user wants a **desktop-like environment** with these elements:
### Layout Components
```
┌──────┬──────────────────────────────────────────────────────┐
│ │ [Tasks ⚙ 👤] ← Top Left Mini Bar (fixed) │
│ SIDE │ │
│ BAR │ ┌─────────────────────┐ ┌────────────────────────┐ │
│ │ │ PRIMARY WINDOW │ │ SECONDARY WINDOW │ │
│ (far │ │ "Tasks" │ │ "Agents & Workspaces" │ │
│ left)│ │ Tabs: │ │ (can be minimized) │ │
│ │ │ - // DASHBOARD │ │ │ │
│ /chat│ │ - // TASK #N │ │ Agent cards, quota │ │
│/drive│ │ │ │ monitors, workspace │ │
│ etc. │ │ PLAN|BUILD|REVIEW| │ │ assignment │ │
│ │ │ DEPLOY|MONITOR tabs │ │ │ │
│ │ │ │ │ │ │
│ │ │ Draggable task cards│ │ │ │
│ │ │ with sub-tasks, │ │ │ │
│ │ │ logs, output, chat │ │ │ │
│ │ └─────────────────────┘ └────────────────────────┘ │
│ │ │
│ │ ┌───────────────────────────────────────────────┐ │
│ │ │ // Chat (shared chat at bottom) │ │
│ │ │ TIP: Describe your project... │ │
│ │ └───────────────────────────────────────────────┘ │
│ ├──────────────────────────────────────────────────────┤
│ │ [Taskbar: open windows] [Clock] [Date] │
└──────┴──────────────────────────────────────────────────────┘
```
### Key Rules from User Request
1. **Sidebar** → Far left (already exists in `desktop.html`, keep it)
2. **Top-left mini bar** → Fixed bar with "Tasks" label, ⚙ Settings icon, 👤 Account icon. **Remove Mantis logo**.
3. **Where it reads "Mantis" → read "Tasks"** (generic rename throughout)
4. **Primary Window: "Tasks"** → Two tabs:
- **// DASHBOARD** — Overview with Task #N agent card, DNA info, tokens, activity
- **// TASK #N** (project view) — PLAN | BUILD | REVIEW | DEPLOY | MONITOR pipeline tabs, with draggable task cards showing sub-tasks, logs, output
5. **Secondary Window: "Agents & Workspaces"** → Shows agent roster, quota monitors, workspace assignments. Can be minimized.
6. **Chat panel** → Shared at bottom of task view, project-scoped
7. **All windows** → Draggable, resizable, use existing `WindowManager`
8. **VibCode integration** → Multi-draggable agents like the designer canvas
---
## 2. Codebase Inventory & Current State
### Frontend (botui/ui/suite)
| File/Dir | Purpose | Lines | Status |
|----------|---------|-------|--------|
| `desktop.html` | Main desktop shell, sidebar, tabs, workspace | 281 | ✅ Keep as shell |
| `js/window-manager.js` | Window open/close/drag/minimize/maximize | 296 | 🔧 Extend |
| `tasks/tasks.html` | Current task list + detail panel | 318 | 🔄 Refactor into new primary window |
| `tasks/tasks.js` | Task JS (3297 lines) | 3297 | 🔄 Refactor (heavy) |
| `tasks/tasks.css` | Task styles (70k+) | ~2400 | 🔄 Refactor/extend |
| `tasks/autotask.html` | AutoTask standalone UI | 484 | 🔄 Merge into primary window |
| `tasks/autotask.js` | AutoTask JS (2201 lines) | 2201 | 🔄 Merge |
| `tasks/autotask.css` | AutoTask styles | ~1200 | 🔄 Merge |
| `tasks/progress-panel.html` | Floating progress panel | 133 | 🔄 Keep as sub-component |
| `tasks/progress-panel.js` | Progress panel JS | ~550 | ✅ Keep |
| `tasks/intents.html` | Intents listing | ~400 | 🔄 Merge |
| `designer.html` | Visual .bas designer (node canvas) | 2718 | 📎 Reference for drag patterns |
| `designer.js` | Designer JS (nodes, connections, drag) | 921 | 📎 Reference for drag |
| `designer.css` | Designer styles | 500 | 📎 Reference |
| `partials/tasks.html` | Alternative tasks partial | 318 | 🔄 Will be replaced by new entry |
### Backend (botserver/src)
| File/Dir | Purpose | Lines | Status |
|----------|---------|-------|--------|
| `auto_task/autotask_api.rs` | AutoTask CRUD + execution API | 2302 | ✅ Keep (API stable) |
| `auto_task/task_types.rs` | AutoTask data types | 423 | ✅ Keep |
| `auto_task/task_manifest.rs` | Manifest tracking (progress tree) | 977 | ✅ Keep |
| `auto_task/app_generator.rs` | App generation from LLM | 3587 | ✅ Keep |
| `auto_task/intent_classifier.rs` | Intent classification | 1200+ | ✅ Keep |
| `auto_task/intent_compiler.rs` | Intent → plan compilation | 900+ | ✅ Keep |
| `auto_task/mod.rs` | Routes + WebSocket handlers | 293 | 🔧 Add new agent/workspace endpoints |
| `tasks/task_api/handlers.rs` | Task CRUD handlers | 393 | 🔧 Extend with agent-aware responses |
| `tasks/task_api/html_renderers.rs` | HTML card rendering | 700+ | 🔧 Update HTML to new design |
| `tasks/types.rs` | Task data types | 223 | 🔧 Add agent fields |
| `tasks/scheduler.rs` | Task scheduler (cron etc.) | 503 | ✅ Keep |
| `designer/workflow_canvas.rs` | Workflow design types | 421 | 📎 Reference |
| `designer/designer_api/` | Designer API handlers | ~200 | 📎 Reference |
---
## 3. Implementation Phases
### Phase 0: Terminology Rename (Mantis → Tasks/Agent)
**Scope**: All UI references
**Effort**: ~30 min
| What | Where | Change |
|------|-------|--------|
| "Mantis #1" | All HTML templates | → "Agent #1" |
| "MANTIS MANAGER" | Task cards | → "AGENT MANAGER" |
| Mantis logo/icon | Top bar, cards | → Remove, use ⚡ or 🤖 icon |
| "mantis" CSS classes | tasks CSS | → Rename to `agent-*` |
| Variable names | tasks.js, autotask.js | → `agent*` where needed |
**Files to modify**:
- `botui/ui/suite/tasks/tasks.html` — template references
- `botui/ui/suite/tasks/tasks.js` — variable names
- `botui/ui/suite/tasks/tasks.css` — class names
- `botui/ui/suite/tasks/autotask.html` — template references
- `botui/ui/suite/tasks/autotask.js` — variable names
- `botserver/src/tasks/task_api/html_renderers.rs` — server-rendered HTML
---
### Phase 1: Top-Left Mini Bar (Fixed)
**Scope**: New component added to `desktop.html`
**Effort**: ~45 min
Create a fixed top-left panel (anchored above sidebar) matching screenshot:
```
┌──────────────────────┐
│ Tasks ⚙️ 👤 │
└──────────────────────┘
```
#### 1.1 New file: `botui/ui/suite/partials/minibar.html`
```html
<div class="gb-minibar" id="gb-minibar">
<span class="minibar-title">Tasks</span>
<div class="minibar-actions">
<button class="minibar-btn" id="btn-open-settings"
title="Settings" onclick="openSettingsWindow()">
<!-- SVG gear icon -->
</button>
<button class="minibar-btn" id="btn-open-account"
title="Account" onclick="openAccountWindow()">
<!-- SVG user icon -->
</button>
</div>
</div>
```
#### 1.2 CSS additions in `desktop.html <style>` or new `css/minibar.css`
```css
.gb-minibar {
position: fixed;
top: 0;
left: 51px; /* right of sidebar */
height: 34px;
display: flex;
align-items: center;
padding: 0 12px;
gap: 8px;
background: var(--bg-secondary);
border-bottom: 1px solid var(--border-color);
z-index: 200;
font-family: 'Fira Code', monospace;
font-size: 13px;
font-weight: 600;
}
.minibar-title { color: var(--text); }
.minibar-actions { display: flex; gap: 6px; }
.minibar-btn {
width: 28px; height: 28px;
border: none; background: transparent;
cursor: pointer; border-radius: 6px;
display: flex; align-items: center; justify-content: center;
transition: background 0.15s;
}
.minibar-btn:hover { background: var(--bg-hover); }
.minibar-btn svg { width: 16px; height: 16px; stroke: var(--text-secondary); }
```
#### 1.3 Integration in `desktop.html`
- Add minibar HTML after sidebar, before main-wrapper
- Adjust `.main-wrapper` top padding to account for minibar height
---
### Phase 2: Primary Window — "Tasks" (Dashboard + Project Tabs)
**Scope**: Major refactor of `tasks/` directory
**Effort**: ~4-6 hours
This is the central window. It unifies the old `tasks.html` and `autotask.html` into one coherent window with two tab modes:
#### 2.1 New file: `botui/ui/suite/tasks/task-window.html`
Main entry point loaded by `WindowManager.open('tasks', 'Tasks', html)`.
Structure:
```html
<link rel="stylesheet" href="/suite/tasks/task-window.css" />
<div class="task-window" id="task-window">
<!-- Tab Bar: DASHBOARD | TASK #N -->
<div class="task-window-tabs" id="task-window-tabs">
<button class="tw-tab active" data-tab="dashboard"
onclick="switchTaskTab('dashboard')">
// DASHBOARD
</button>
<!-- Dynamic task tabs appear here -->
</div>
<!-- Tab Content -->
<div class="task-window-content" id="task-window-content">
<!-- Dashboard tab (default) -->
<div class="tw-panel active" id="tw-panel-dashboard">
<!-- Agent overview cards, stats, recent activity -->
</div>
</div>
</div>
<script src="/suite/tasks/task-window.js"></script>
```
#### 2.2 Dashboard Tab Content (`tw-panel-dashboard`)
Based on "Agent #1" screenshot:
```html
<div class="tw-dashboard">
<!-- Overview section -->
<section class="agent-overview">
<div class="agent-card">
<div class="agent-header">
<span class="agent-icon"></span>
<h2 class="agent-name">Agent #1</h2>
<button class="agent-edit-btn">✏️</button>
</div>
<div class="agent-meta">
<div class="meta-row">
<span class="meta-label">Status</span>
<span class="meta-value status-active">● Active</span>
</div>
<div class="meta-row">
<span class="meta-label">DNA</span>
<span class="meta-value">
<a href="#" class="meta-link">Manage Subscription</a>
</span>
</div>
<div class="meta-stats">
<div class="stat-item">
<span class="stat-label">Renewal</span>
<span class="stat-value" id="agent-renewal"></span>
</div>
<div class="stat-item">
<span class="stat-label">Created</span>
<span class="stat-value" id="agent-created"></span>
</div>
<div class="stat-item">
<span class="stat-label">Tokens Used</span>
<span class="stat-value" id="agent-tokens"></span>
</div>
<div class="stat-item">
<span class="stat-label">Tasks Completed</span>
<span class="stat-value" id="agent-tasks-done"></span>
</div>
</div>
</div>
</div>
<!-- Action buttons -->
<div class="agent-actions">
<button class="action-btn" onclick="parkAgent()">// PARK</button>
<button class="action-btn" onclick="cloneAgent()">// CLONE</button>
<button class="action-btn" onclick="exportAgent()">// EXPORT</button>
<button class="action-btn disabled">// DELETE</button>
</div>
</section>
<!-- Assigned Job section -->
<section class="assigned-job" id="assigned-job">
<h3>Assigned Job</h3>
<div class="job-card" hx-get="/api/ui/tasks/current-job"
hx-trigger="load" hx-swap="innerHTML">
<!-- Loaded dynamically -->
</div>
</section>
<!-- Recent Activity -->
<section class="recent-activity" id="recent-activity">
<h3>Recent Activity</h3>
<div class="activity-list" hx-get="/api/ui/tasks/activity"
hx-trigger="load, every 15s" hx-swap="innerHTML">
<!-- Activity items loaded dynamically -->
</div>
</section>
</div>
```
#### 2.3 Project Tab Content (Opens when clicking "Open Project")
Based on the multi-agent task cards screenshot with PLAN|BUILD|REVIEW|DEPLOY|MONITOR:
```html
<div class="tw-project" id="tw-project-{project_id}">
<!-- Top breadcrumb -->
<div class="project-breadcrumb">
<span>// DASHBOARD</span> <span>></span>
<span class="project-name">// {PROJECT_NAME}</span>
</div>
<!-- Pipeline Tabs -->
<div class="pipeline-tabs">
<button class="pipeline-tab" data-phase="plan">// PLAN</button>
<button class="pipeline-tab active" data-phase="build">// BUILD</button>
<button class="pipeline-tab" data-phase="review">// REVIEW</button>
<button class="pipeline-tab" data-phase="deploy">// DEPLOY</button>
<button class="pipeline-tab" data-phase="monitor">// MONITOR</button>
</div>
<!-- Zoomable Canvas with draggable task cards -->
<div class="task-canvas" id="task-canvas-{project_id}">
<div class="canvas-controls">
<button onclick="zoomIn()">🔍+</button>
<span class="zoom-level">100%</span>
<button onclick="zoomOut()">🔍-</button>
</div>
<div class="canvas-inner" id="canvas-inner-{project_id}">
<!-- Draggable task cards rendered here -->
</div>
</div>
<!-- Shared Chat Panel (bottom) -->
<div class="project-chat" id="project-chat">
<div class="chat-header">// Chat <button class="chat-download"></button></div>
<div class="chat-body" id="project-chat-body">
<div class="chat-tip">
💚 TIP: Describe your project. The more detail, the better the plan.
</div>
<!-- Chat messages -->
</div>
<div class="chat-input-area">
<input type="text" placeholder="Describe what you need..."
id="project-chat-input" />
<button class="chat-send" onclick="sendProjectChat()">Send</button>
</div>
</div>
</div>
```
#### 2.4 Draggable Task Cards on Canvas
Each task card (matching the screenshot) is a draggable element:
```html
<div class="task-card draggable" data-task-id="{id}"
style="left: {x}px; top: {y}px;">
<div class="task-card-drag-handle"></div>
<div class="task-card-badge">// TASK</div>
<h3 class="task-card-title">{title}</h3>
<div class="task-card-stats">
<span>{file_count} files</span>
<span>{duration}</span>
<span>~{token_count} tokens</span>
</div>
<p class="task-card-desc">{description}</p>
<div class="task-card-status">
<span class="status-label">Status</span>
<span class="status-value">● {status}</span>
</div>
<!-- Agent Manager section -->
<div class="task-agent-section">
<div class="agent-label">// AGENT MANAGER</div>
<div class="agent-row">
<span class="agent-dot"></span>
<span class="agent-name">Agent #1</span>
<div class="agent-capabilities">
<!-- capability icons -->
</div>
<span class="agent-level">EVOLVED</span>
</div>
</div>
<!-- Collapsible sections -->
<details class="task-detail-section">
<summary>// SUB-TASKS</summary>
<div class="sub-tasks-content" hx-get="/api/ui/tasks/{id}/subtasks"
hx-trigger="toggle" hx-swap="innerHTML"></div>
</details>
<details class="task-detail-section">
<summary>// LOGS</summary>
<div class="logs-content"></div>
</details>
<details class="task-detail-section">
<summary>// OUTPUT</summary>
<div class="output-content"></div>
</details>
</div>
```
#### 2.5 New file: `botui/ui/suite/tasks/task-window.js`
Core logic consolidated from `tasks.js` and `autotask.js`:
```javascript
// task-window.js
// Unified Task Window Manager
const TaskWindow = {
activeTab: 'dashboard',
openProjects: new Map(), // projectId -> project data
wsConnection: null,
init() { ... },
switchTab(tabId) { ... },
openProject(projectId, projectName) { ... },
closeProject(projectId) { ... },
// Dashboard
loadDashboard() { ... },
loadAgentOverview() { ... },
loadRecentActivity() { ... },
// Project Canvas
initCanvas(projectId) { ... },
loadTaskCards(projectId) { ... },
makeCardsDraggable(canvasEl) { ... }, // Uses designer.js patterns
switchPipelinePhase(phase) { ... },
// WebSocket
initWebSocket() { ... }, // Reuses existing WS from tasks.js
handleProgressMessage(data) { ... },
// Chat
initProjectChat(projectId) { ... },
sendProjectChat() { ... },
};
```
Key functions to port from existing files:
- From `tasks.js`: `initWebSocket()`, `handleWebSocketMessage()`, `renderManifestProgress()`, `buildProgressTreeHTML()`, `startTaskPolling()`
- From `autotask.js`: `handleTaskProgressMessage()`, `onTaskStarted()`, `onTaskProgress()`, `selectIntent()`, `loadIntentDetail()`
- From `designer.js`: `initDragAndDrop()`, `startNodeDrag()`, canvas pan/zoom
#### 2.6 New file: `botui/ui/suite/tasks/task-window.css`
Consolidated and pixel-perfect styles. Key sections:
```css
/* Task Window Container */
.task-window { ... }
/* Tab Bar (DASHBOARD / TASK #N) */
.task-window-tabs { ... }
.tw-tab { ... }
.tw-tab.active { ... }
/* Dashboard */
.tw-dashboard { ... }
.agent-overview { ... }
.agent-card { ... }
.agent-actions { ... }
.assigned-job { ... }
.recent-activity { ... }
/* Project View */
.tw-project { ... }
.project-breadcrumb { ... }
.pipeline-tabs { ... }
.pipeline-tab { ... }
/* Task Canvas (zoomable, pannable) */
.task-canvas { ... }
.canvas-inner { ... }
/* Draggable Task Cards */
.task-card { ... }
.task-card.dragging { ... }
.task-card-badge { ... }
.task-agent-section { ... }
/* Shared Chat */
.project-chat { ... }
```
---
### Phase 3: Secondary Window — "Agents & Workspaces"
**Scope**: New component
**Effort**: ~2-3 hours
Auto-opens alongside the primary Tasks window. Can be minimized.
#### 3.1 New file: `botui/ui/suite/tasks/agents-window.html`
```html
<link rel="stylesheet" href="/suite/tasks/agents-window.css" />
<div class="agents-window" id="agents-window">
<!-- Header -->
<div class="aw-header">
<h3>Agents & Workspaces</h3>
</div>
<!-- Agent Cards -->
<section class="aw-agents" id="aw-agents"
hx-get="/api/ui/agents/list" hx-trigger="load, every 30s"
hx-swap="innerHTML">
<!-- Agent cards loaded dynamically -->
</section>
<!-- Workspace List -->
<section class="aw-workspaces" id="aw-workspaces">
<h4>Active Workspaces</h4>
<div class="workspace-list" hx-get="/api/ui/workspaces/list"
hx-trigger="load" hx-swap="innerHTML">
<!-- Workspace items -->
</div>
</section>
<!-- Quota Monitor -->
<section class="aw-quota" id="aw-quota">
<h4>Quota Monitor</h4>
<div class="quota-details">
<div class="quota-row">
<span>All Models</span>
<span class="quota-value">90%</span>
<div class="quota-bar">
<div class="quota-fill" style="width: 90%"></div>
</div>
</div>
<div class="quota-stats">
<span>Runtime: <strong id="aw-runtime">10m 15s</strong></span>
<span>Token Consumption: <strong id="aw-tokens">13k</strong></span>
</div>
<div class="quota-changes">
<span class="change added">Added <strong>+510</strong></span>
<span class="change removed">Removed <strong>+510</strong></span>
</div>
</div>
</section>
</div>
<script src="/suite/tasks/agents-window.js"></script>
```
#### 3.2 New file: `botui/ui/suite/tasks/agents-window.js`
```javascript
const AgentsWindow = {
init() { ... },
loadAgents() { ... },
loadWorkspaces() { ... },
updateQuotaMonitor(data) { ... },
assignAgentToTask(agentId, taskId) { ... },
};
```
#### 3.3 New file: `botui/ui/suite/tasks/agents-window.css`
Styles matching the secondary window screenshot with agent cards, quota bars, etc.
---
### Phase 4: Window Manager Enhancements
**Scope**: `js/window-manager.js`
**Effort**: ~2 hours
#### 4.1 Add `openPair()` method
Opens primary + secondary windows side by side when Tasks is launched:
```javascript
openPair(primaryId, primaryTitle, primaryHtml,
secondaryId, secondaryTitle, secondaryHtml) {
// Open primary window (left, 60% width)
this.open(primaryId, primaryTitle, primaryHtml);
const primaryEl = document.getElementById(`window-${primaryId}`);
primaryEl.style.left = '0px';
primaryEl.style.top = '0px';
primaryEl.style.width = '60%';
primaryEl.style.height = 'calc(100% - 50px)';
// Open secondary window (right, 40% width, minimizable)
this.open(secondaryId, secondaryTitle, secondaryHtml);
const secondaryEl = document.getElementById(`window-${secondaryId}`);
secondaryEl.style.left = '60%';
secondaryEl.style.top = '0px';
secondaryEl.style.width = '40%';
secondaryEl.style.height = 'calc(100% - 50px)';
}
```
#### 4.2 Improve `makeResizable()`
Replace CSS `resize: both` with proper resize handles (8-directional):
```javascript
makeResizable(windowEl) {
const handles = ['n','e','s','w','ne','nw','se','sw'];
handles.forEach(dir => {
const handle = document.createElement('div');
handle.className = `resize-handle resize-${dir}`;
windowEl.appendChild(handle);
// Add mousedown handler for each direction
});
}
```
#### 4.3 Add snap-to-edge behavior
When a window is dragged to the screen edge, snap to fill half:
```javascript
// In onMouseUp:
if (newLeft < 10) snapToLeft(windowEl);
if (newLeft + windowEl.offsetWidth > workspace.offsetWidth - 10) snapToRight(windowEl);
```
#### 4.4 Add `openAsSecondary()` method
Opens a window in minimized-ready state:
```javascript
openAsSecondary(id, title, htmlContent) {
this.open(id, title, htmlContent);
// Mark as secondary (can be auto-minimized)
const windowObj = this.openWindows.find(w => w.id === id);
windowObj.isSecondary = true;
}
```
---
### Phase 5: Backend API Extensions
**Scope**: `botserver/src/auto_task/` and `botserver/src/tasks/`
**Effort**: ~3 hours
#### 5.1 New Agent Management Endpoints
Add to `botserver/src/auto_task/mod.rs` route configuration:
```rust
// New routes
.route("/api/ui/agents/list", get(list_agents_handler))
.route("/api/ui/agents/:id", get(get_agent_handler))
.route("/api/ui/agents/:id/park", post(park_agent_handler))
.route("/api/ui/agents/:id/clone", post(clone_agent_handler))
.route("/api/ui/agents/:id/export", get(export_agent_handler))
.route("/api/ui/workspaces/list", get(list_workspaces_handler))
.route("/api/ui/tasks/current-job", get(current_job_handler))
.route("/api/ui/tasks/activity", get(recent_activity_handler))
.route("/api/ui/tasks/:id/subtasks", get(task_subtasks_handler))
```
#### 5.2 New file: `botserver/src/auto_task/agent_api.rs`
Agent management handlers:
```rust
pub async fn list_agents_handler(...) -> impl IntoResponse { ... }
pub async fn get_agent_handler(...) -> impl IntoResponse { ... }
pub async fn park_agent_handler(...) -> impl IntoResponse { ... }
pub async fn clone_agent_handler(...) -> impl IntoResponse { ... }
// Returns HTML fragments (HTMX pattern)
```
#### 5.3 Extend `task_types.rs` with Agent concept
```rust
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct Agent {
pub id: Uuid,
pub name: String,
pub status: AgentStatus,
pub capabilities: Vec<AgentCapability>,
pub level: AgentLevel, // Evolved, etc.
pub quota: QuotaInfo,
pub assigned_tasks: Vec<Uuid>,
pub created_at: DateTime<Utc>,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub enum AgentStatus { Active, Parked, Cloning }
#[derive(Debug, Clone, Serialize, Deserialize)]
pub enum AgentCapability { Code, Design, Data, Web, API, ML }
#[derive(Debug, Clone, Serialize, Deserialize)]
pub enum AgentLevel { Basic, Standard, Evolved, Superior }
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct QuotaInfo {
pub model_usage_percent: f64,
pub runtime_seconds: u64,
pub tokens_consumed: u64,
pub items_added: i64,
pub items_removed: i64,
}
```
#### 5.4 Extend WebSocket for multi-agent updates
In `handle_task_progress_websocket()`, add agent status broadcasts:
```rust
// New message types:
"agent_status_update" -> { agent_id, status, quota }
"workspace_update" -> { workspace_id, agents, tasks }
"project_canvas_update" -> { project_id, task_positions }
```
---
### Phase 6: Desktop Integration
**Scope**: `desktop.html` and auto-open logic
**Effort**: ~1.5 hours
#### 6.1 Modify `desktop.html` Tasks icon click
Instead of loading `tasks.html` into a single window, load the pair:
```javascript
// In desktop.html htmx:afterRequest handler
if (appId === 'tasks') {
// Fetch both HTML files
Promise.all([
fetch('/suite/tasks/task-window.html').then(r => r.text()),
fetch('/suite/tasks/agents-window.html').then(r => r.text())
]).then(([taskHtml, agentsHtml]) => {
window.wm.openPair(
'tasks', 'Tasks', taskHtml,
'agents', 'Agents & Workspaces', agentsHtml
);
});
evt.detail.isError = true; // prevent default HTMX swap
}
```
#### 6.2 Add minibar to desktop.html
Insert `minibar.html` partial via HTMX or inline.
#### 6.3 Remove old breadcrumb row
The `tabs-container` in `desktop.html` with "E-COMMERCE APP DEVELOPMENT" breadcrumb was hardcoded for demo; replace with dynamic content managed by the active window.
---
### Phase 7: Polish & Pixel-Perfect Styling
**Scope**: CSS refinement
**Effort**: ~3 hours
#### 7.1 Design System Tokens
Add to `css/theme-sentient.css`:
```css
:root {
/* Task Card Colors */
--task-badge-bg: rgba(132, 214, 105, 0.15);
--task-badge-border: #84d669;
--task-badge-text: #84d669;
/* Agent Status Colors */
--agent-active: #84d669;
--agent-parked: #f9e2af;
--agent-evolved: #84d669;
/* Pipeline Tab Colors */
--pipeline-active: var(--primary);
--pipeline-inactive: var(--text-secondary);
/* Canvas */
--canvas-grid: rgba(0,0,0,0.03);
--canvas-card-shadow: 0 2px 12px rgba(0,0,0,0.08);
}
```
#### 7.2 Pixel-Perfect Card Styling
Task cards must match screenshots exactly:
- Monospace font (`Fira Code`) for labels
- `//` prefix on section labels (e.g., `// TASK`, `// SUB-TASKS`)
- Green dot for active status
- Collapsible sections with `▸`/`▾` toggles
- Agent capability icons row (🔧 📝 ↗ ⚙ 🛡 📊)
#### 7.3 Animations
```css
/* Card drag feedback */
.task-card.dragging {
opacity: 0.85;
transform: rotate(1deg) scale(1.02);
box-shadow: 0 8px 30px rgba(0,0,0,0.15);
z-index: 9999;
}
/* Tab switch */
.tw-panel { transition: opacity 0.2s ease; }
.tw-panel:not(.active) { opacity: 0; position: absolute; pointer-events: none; }
/* Window open */
@keyframes window-open {
from { transform: scale(0.95); opacity: 0; }
to { transform: scale(1); opacity: 1; }
}
.window-element { animation: window-open 0.15s ease-out; }
```
---
## 4. File Creation & Modification Summary
### New Files to Create
| # | File | Purpose |
|---|------|---------|
| 1 | `botui/ui/suite/tasks/task-window.html` | Primary unified task window |
| 2 | `botui/ui/suite/tasks/task-window.js` | Primary window logic |
| 3 | `botui/ui/suite/tasks/task-window.css` | Primary window styles |
| 4 | `botui/ui/suite/tasks/agents-window.html` | Secondary agents/workspaces window |
| 5 | `botui/ui/suite/tasks/agents-window.js` | Secondary window logic |
| 6 | `botui/ui/suite/tasks/agents-window.css` | Secondary window styles |
| 7 | `botui/ui/suite/partials/minibar.html` | Top-left mini bar |
| 8 | `botui/ui/suite/css/minibar.css` | Mini bar styles |
| 9 | `botserver/src/auto_task/agent_api.rs` | Agent management API |
### Existing Files to Modify
| # | File | Changes |
|---|------|---------|
| 1 | `botui/ui/suite/desktop.html` | Add minibar, modify Tasks launch logic |
| 2 | `botui/ui/suite/js/window-manager.js` | Add `openPair()`, improve resize, snap |
| 3 | `botui/ui/suite/css/desktop.css` | Minibar layout adjustments |
| 4 | `botserver/src/auto_task/mod.rs` | Add agent routes, export new module |
| 5 | `botserver/src/auto_task/task_types.rs` | Add Agent, QuotaInfo types |
| 6 | `botserver/src/tasks/task_api/html_renderers.rs` | Update rendered HTML (Mantis→Agent) |
| 7 | `botui/ui/suite/css/theme-sentient.css` | Add new design tokens |
### Files to Keep (No Changes)
- `tasks/progress-panel.html` + `.js` + `.css` — reused as sub-component
- `botserver/src/auto_task/autotask_api.rs` — API stable
- `botserver/src/auto_task/app_generator.rs` — No changes needed
- `botserver/src/auto_task/task_manifest.rs` — No changes needed
- `botserver/src/tasks/scheduler.rs` — No changes needed
### Files Eventually Deprecated (Phase 8 cleanup)
- `tasks/autotask.html` → merged into `task-window.html`
- `tasks/autotask.js` → merged into `task-window.js`
- `tasks/autotask.css` → merged into `task-window.css`
- `tasks/tasks.html` → merged into `task-window.html` (keep as partial fallback)
- Original `partials/tasks.html` → replaced by `task-window.html`
---
## 5. Execution Order
```
Phase 0: Terminology Rename (Mantis → Agent/Tasks) ~30 min
Phase 1: Top-Left Mini Bar ~45 min
Phase 2: Primary Window (task-window.html/js/css) ~4-6 hrs
├─ 2.1: HTML structure
├─ 2.2: Dashboard tab
├─ 2.3: Project tab with pipeline tabs
├─ 2.4: Draggable task cards
├─ 2.5: JavaScript consolidation
└─ 2.6: CSS pixel-perfect styling
Phase 3: Secondary Window (agents-window.html/js/css) ~2-3 hrs
Phase 4: Window Manager Enhancements ~2 hrs
Phase 5: Backend API Extensions ~3 hrs
Phase 6: Desktop Integration ~1.5 hrs
Phase 7: Polish & Pixel-Perfect ~3 hrs
Total estimated: ~17-20 hours
```
---
## 6. Key Design Decisions
1. **Single-window with tabs** vs multi-window for tasks → Using **tabs within a single primary window** (Dashboard / Task #N) matching the screenshots, plus a separate secondary window for agents.
2. **Reuse WindowManager** — All windows still go through the existing WM for consistency with chat/drive/etc.
3. **Drag system from Designer** — Port the `startNodeDrag()` and canvas pan/zoom patterns from `designer.js` for the task card canvas.
4. **HTMX-first** — All data loading uses HTMX fragments from the backend, matching existing patterns in `tasks.html` and `autotask.html`.
5. **WebSocket reuse** — The existing `task_progress_websocket_handler` in `auto_task/mod.rs` is extended with new message types for agent status, not replaced.
6. **Progressive enhancement** — Old `tasks.html` remains functional as a fallback. The new `task-window.html` is the primary entry.
7. **Scoped CSS** — Each new component gets its own CSS file to avoid conflicts with existing 70k+ lines of task styles.
---
## 7. Verification Checklist
- [ ] Sidebar stays on far left
- [ ] Mini bar shows "Tasks ⚙ 👤" at top-left (no Mantis logo)
- [ ] Tasks window opens with Dashboard tab by default
- [ ] Dashboard shows Agent #1 overview (status, tokens, tasks completed)
- [ ] "Open Project" opens project tab with PLAN|BUILD|REVIEW|DEPLOY|MONITOR
- [ ] Task cards are draggable on the canvas
- [ ] Each task card has collapsible SUB-TASKS, LOGS, OUTPUT sections
- [ ] Agent Manager section shows on each task card
- [ ] Secondary "Agents & Workspaces" window opens alongside
- [ ] Secondary window can be minimized
- [ ] Chat panel at bottom of project view
- [ ] All terminology says "Tasks" / "Agent" instead of "Mantis"
- [ ] Monospace `Fira Code` font with `//` prefix styling throughout
- [ ] WebSocket progress updates work in new UI
- [ ] Window drag, resize, minimize, maximize all functional
- [ ] Theme-aware (respects sentient/dark/light themes)

32
.gitignore vendored
View file

@ -2,8 +2,7 @@
target/ target/
*.out *.out
bin/ bin/
*.png
*.jpg
# Logs # Logs
*.log *.log
*logfile* *logfile*
@ -31,32 +30,7 @@ botserver-installers/*
!botserver-installers/.gitkeep !botserver-installers/.gitkeep
botserver-stack botserver-stack
TODO* TODO*
work
.swp
# Lock file
# Cargo.lock (should be tracked)
.kiro
config
# Data directory (contains bot configs and API keys)
data/
# Playwright # Lock file (regenerated from Cargo.toml)
node_modules/ Cargo.lock
/test-results/
/playwright-report/
/blob-report/
/playwright/.cache/
/playwright/.auth/
config/directory_config.json
# CI cache bust: Fri Feb 13 22:33:51 UTC 2026
# Secrets - NEVER commit these files
vault-unseal-keys
start-and-unseal.sh
vault-token-*
init.json
*.pem
*.key
*.crt
*.cert

23
.gitmodules vendored
View file

@ -1,43 +1,42 @@
[submodule "botapp"] [submodule "botapp"]
path = botapp path = botapp
url = ../botapp.git url = https://github.com/GeneralBots/botapp.git
[submodule "botserver"] [submodule "botserver"]
path = botserver path = botserver
url = ../BotServer.git url = https://github.com/GeneralBots/botserver.git
[submodule "botlib"] [submodule "botlib"]
path = botlib path = botlib
url = ../botlib.git url = https://github.com/GeneralBots/botlib.git
[submodule "botui"] [submodule "botui"]
path = botui path = botui
url = ../botui.git url = https://github.com/GeneralBots/botui.git
[submodule "botbook"] [submodule "botbook"]
path = botbook path = botbook
url = ../botbook.git url = https://github.com/GeneralBots/botbook.git
[submodule "bottest"] [submodule "bottest"]
path = bottest path = bottest
url = ../bottest.git url = https://github.com/GeneralBots/bottest.git
[submodule "botdevice"] [submodule "botdevice"]
path = botdevice path = botdevice
url = ../botdevice.git url = https://github.com/GeneralBots/botdevice.git
[submodule "botmodels"] [submodule "botmodels"]
path = botmodels path = botmodels
url = ../botmodels.git url = https://github.com/GeneralBots/botmodels.git
[submodule "botplugin"] [submodule "botplugin"]
path = botplugin path = botplugin
url = ../botplugin.git url = https://github.com/GeneralBots/botplugin.git
[submodule "bottemplates"] [submodule "bottemplates"]
path = bottemplates path = bottemplates
url = ../bottemplates.git url = https://github.com/GeneralBots/bottemplates.git
[submodule ".github"] [submodule ".github"]
path = .github path = .github
url = ../.github.git url = https://github.com/GeneralBots/.github.git

9
.idea/gb.iml generated
View file

@ -1,9 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<module type="JAVA_MODULE" version="4">
<component name="NewModuleRootManager" inherit-compiler-output="true">
<exclude-output />
<content url="file://$MODULE_DIR$" />
<orderEntry type="inheritedJdk" />
<orderEntry type="sourceFolder" forTests="false" />
</component>
</module>

10
.idea/libraries/botserver_installers.xml generated
View file

@ -1,10 +0,0 @@
<component name="libraryTable">
<library name="botserver-installers">
<CLASSES>
<root url="jar://$PROJECT_DIR$/botserver/botserver-installers/llama-b7345-bin-ubuntu-x64.zip!/" />
<root url="jar://$PROJECT_DIR$/botserver/botserver-installers/vault_1.15.4_linux_amd64.zip!/" />
</CLASSES>
<JAVADOC />
<SOURCES />
</library>
</component>

6
.idea/misc.xml generated
View file

@ -1,6 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="ProjectRootManager" version="2">
<output url="file://$PROJECT_DIR$/out" />
</component>
</project>

8
.idea/modules.xml generated
View file

@ -1,8 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="ProjectModuleManager">
<modules>
<module fileurl="file://$PROJECT_DIR$/.idea/gb.iml" filepath="$PROJECT_DIR$/.idea/gb.iml" />
</modules>
</component>
</project>

6
.idea/vcs.xml generated
View file

@ -1,6 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="VcsDirectoryMappings">
<mapping directory="" vcs="Git" />
</component>
</project>

52
.idea/workspace.xml generated
View file

@ -1,52 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="ChangeListManager">
<list default="true" id="32fd08b0-7933-467d-9a46-1a53fd2da15c" name="Changes" comment="">
<change beforePath="$PROJECT_DIR$/botserver" beforeDir="false" afterPath="$PROJECT_DIR$/botserver" afterDir="false" />
</list>
<option name="SHOW_DIALOG" value="false" />
<option name="HIGHLIGHT_CONFLICTS" value="true" />
<option name="HIGHLIGHT_NON_ACTIVE_CHANGELIST" value="false" />
<option name="LAST_RESOLUTION" value="IGNORE" />
</component>
<component name="Git.Settings">
<option name="RECENT_GIT_ROOT_PATH" value="$PROJECT_DIR$" />
</component>
<component name="ProjectColorInfo"><![CDATA[{
"associatedIndex": 1
}]]></component>
<component name="ProjectId" id="38qdWTFkX8Nem4LzgigXpAycSN7" />
<component name="ProjectViewState">
<option name="hideEmptyMiddlePackages" value="true" />
<option name="showLibraryContents" value="true" />
</component>
<component name="PropertiesComponent"><![CDATA[{
"keyToString": {
"ModuleVcsDetector.initialDetectionPerformed": "true",
"RunOnceActivity.ShowReadmeOnStart": "true",
"RunOnceActivity.git.unshallow": "true",
"RunOnceActivity.typescript.service.memoryLimit.init": "true",
"git-widget-placeholder": "main",
"last_opened_file_path": "/home/rodriguez/src/gb",
"vue.rearranger.settings.migration": "true"
}
}]]></component>
<component name="SharedIndexes">
<attachedChunks>
<set>
<option value="bundled-jdk-30f59d01ecdd-2fc7cc6b9a17-intellij.indexing.shared.core-IU-253.30387.90" />
</set>
</attachedChunks>
</component>
<component name="TaskManager">
<task active="true" id="Default" summary="Default task">
<changelist id="32fd08b0-7933-467d-9a46-1a53fd2da15c" name="Changes" comment="" />
<created>1769531070022</created>
<option name="number" value="Default" />
<option name="presentableId" value="Default" />
<updated>1769531070022</updated>
<workItem from="1769531115917" duration="176000" />
</task>
<servers />
</component>
</project>

198
.kiro/settings/lsp.json
View file

@ -1,198 +0,0 @@
{
"languages": {
"typescript": {
"name": "typescript-language-server",
"command": "typescript-language-server",
"args": [
"--stdio"
],
"file_extensions": [
"ts",
"js",
"tsx",
"jsx"
],
"project_patterns": [
"package.json",
"tsconfig.json"
],
"exclude_patterns": [
"**/node_modules/**",
"**/dist/**"
],
"multi_workspace": false,
"initialization_options": {
"preferences": {
"disableSuggestions": false
}
},
"request_timeout_secs": 60
},
"python": {
"name": "pyright",
"command": "pyright-langserver",
"args": [
"--stdio"
],
"file_extensions": [
"py"
],
"project_patterns": [
"pyproject.toml",
"setup.py",
"requirements.txt",
"pyrightconfig.json"
],
"exclude_patterns": [
"**/__pycache__/**",
"**/venv/**",
"**/.venv/**",
"**/.pytest_cache/**"
],
"multi_workspace": false,
"initialization_options": {},
"request_timeout_secs": 60
},
"rust": {
"name": "rust-analyzer",
"command": "rust-analyzer",
"args": [],
"file_extensions": [
"rs"
],
"project_patterns": [
"Cargo.toml"
],
"exclude_patterns": [
"**/target/**"
],
"multi_workspace": false,
"initialization_options": {
"cargo": {
"buildScripts": {
"enable": true
}
},
"diagnostics": {
"enable": true,
"enableExperimental": true
},
"workspace": {
"symbol": {
"search": {
"scope": "workspace"
}
}
}
},
"request_timeout_secs": 60
},
"java": {
"name": "jdtls",
"command": "jdtls",
"args": [],
"file_extensions": [
"java"
],
"project_patterns": [
"pom.xml",
"build.gradle",
"build.gradle.kts",
".project"
],
"exclude_patterns": [
"**/target/**",
"**/build/**",
"**/.gradle/**"
],
"multi_workspace": false,
"initialization_options": {
"settings": {
"java": {
"compile": {
"nullAnalysis": {
"mode": "automatic"
}
},
"configuration": {
"annotationProcessing": {
"enabled": true
}
}
}
}
},
"request_timeout_secs": 60
},
"ruby": {
"name": "solargraph",
"command": "solargraph",
"args": [
"stdio"
],
"file_extensions": [
"rb"
],
"project_patterns": [
"Gemfile",
"Rakefile"
],
"exclude_patterns": [
"**/vendor/**",
"**/tmp/**"
],
"multi_workspace": false,
"initialization_options": {},
"request_timeout_secs": 60
},
"go": {
"name": "gopls",
"command": "gopls",
"args": [],
"file_extensions": [
"go"
],
"project_patterns": [
"go.mod",
"go.sum"
],
"exclude_patterns": [
"**/vendor/**"
],
"multi_workspace": false,
"initialization_options": {
"usePlaceholders": true,
"completeUnimported": true
},
"request_timeout_secs": 60
},
"cpp": {
"name": "clangd",
"command": "clangd",
"args": [
"--background-index"
],
"file_extensions": [
"cpp",
"cc",
"cxx",
"c",
"h",
"hpp",
"hxx"
],
"project_patterns": [
"CMakeLists.txt",
"compile_commands.json",
"Makefile"
],
"exclude_patterns": [
"**/build/**",
"**/cmake-build-**/**"
],
"multi_workspace": false,
"initialization_options": {},
"request_timeout_secs": 60
}
}
}

7
.zed/settings.json
View file

@ -1,7 +0,0 @@
{
"languages": {
"Rust": {
"enable_language_server": false,
},
},
}

433
AGENTS.md
View file

@ -1,433 +0,0 @@
# General Bots AI Agent Guidelines
- stop saving .png on root! Use /tmp. never allow new files on root.
- never push to alm without asking first - pbecause it is production!
8080 is server 3000 is client ui
if you are in trouble with some tool, please go to the ofiical website to get proper install or instructions
To test web is http://localhost:3000 (botui!)
Use apenas a lingua culta ao falar .
test login here http://localhost:3000/suite/auth/login.html
> **⚠️ CRITICAL SECURITY WARNING**
I AM IN DEV ENV, but sometimes, pasting from PROD, do not treat my env as prod! Just fix, to me and push to CI. So I can test in PROD, for a while.
>Use Playwrigth MCP to start localhost:3000/<bot> now.
> **NEVER CREATE FILES WITH SECRETS IN THE REPOSITORY ROOT**
See botserver/src/drive/local_file_monitor.rs to see how to load from /opt/gbo/data the list of development bots.
- ❌ **NEVER** use `cargo clean` - causes 30min rebuilds, use `./reset.sh` for database issues
>
> Secret files MUST be placed in `/tmp/` only:
> - ✅ `/tmp/vault-token-gb` - Vault root token
> - ✅ `/tmp/vault-unseal-key-gb` - Vault unseal key
> - ❌ `vault-unseal-keys` - FORBIDDEN (tracked by git)
> - ❌ `start-and-unseal.sh` - FORBIDDEN (contains secrets)
>
> **Why `/tmp/`?**
> - Cleared on reboot (ephemeral)
> - Not tracked by git
> - Standard Unix security practice
> - Prevents accidental commits
---
## 🧭 LLM Navigation Guide
### Reading This Workspace
/opt/gbo/data is a place also for bots.
**For LLMs analyzing this codebase:**
0. Bots are in /opt/gbo/data primary
1. Start with **[Component Dependency Graph](../README.md#-component-dependency-graph)** in README to understand relationships
2. Review **[Module Responsibility Matrix](../README.md#-module-responsibility-matrix)** for what each module does
3. Study **[Data Flow Patterns](../README.md#-data-flow-patterns)** to understand execution flow
4. Reference **[Common Architectural Patterns](../README.md#-common-architectural-patterns)** before making changes
5. Check **[Security Rules](#-security-directives---mandatory)** below - violations are blocking issues
6. Follow **[Code Patterns](#-mandatory-code-patterns)** below - consistency is mandatory
---
## 🔄 Reset Process Notes
### reset.sh Behavior
- **Purpose**: Cleans and restarts the development environment
- **Timeouts**: The script can timeout during "Step 3/4: Waiting for BotServer to bootstrap"
- **Bootstrap Process**: Takes 3-5 minutes to install all components (Vault, PostgreSQL, Valkey, MinIO, Zitadel, LLM)
### Common Issues
1. **Script Timeout**: reset.sh waits for "Bootstrap complete: admin user" message
- If Zitadel isn't ready within 60s, admin user creation fails
- Script continues waiting indefinitely
- **Solution**: Check botserver.log for "Bootstrap process completed!" message
2. **Zitadel Not Ready**: "Bootstrap check failed (Zitadel may not be ready)"
- Directory service may need more than 60 seconds to start
- Admin user creation deferred
- Services still start successfully
3. **Services Exit After Start**:
- botserver/botui may exit after initial startup
- Check logs for "dispatch failure" errors
- Check Vault certificate errors: "tls: failed to verify certificate: x509"
### Manual Service Management
```bash
# If reset.sh times out, manually verify services:
ps aux | grep -E "(botserver|botui)" | grep -v grep
curl http://localhost:8080/health
tail -f botserver.log botui.log
# Restart services manually:
./restart.sh
```
### Reset Verification
After reset completes, verify:
- ✅ PostgreSQL running (port 5432)
- ✅ Valkey cache running (port 6379)
- ✅ BotServer listening on port 8080
- ✅ BotUI listening on port 3000
- ✅ No errors in botserver.log
---
## 🔐 Security Directives - MANDATORY
### 1. Error Handling - NO PANICS IN PRODUCTION
```rust
// ❌ FORBIDDEN
value.unwrap()
value.expect("message")
panic!("error")
todo!()
unimplemented!()
// ✅ REQUIRED
value?
value.ok_or_else(|| Error::NotFound)?
value.unwrap_or_default()
value.unwrap_or_else(|e| { log::error!("{}", e); default })
if let Some(v) = value { ... }
match value { Ok(v) => v, Err(e) => return Err(e.into()) }
```
### 2. Command Execution - USE SafeCommand
```rust
// ❌ FORBIDDEN
Command::new("some_command").arg(user_input).output()
// ✅ REQUIRED
use crate::security::command_guard::SafeCommand;
SafeCommand::new("allowed_command")?
.arg("safe_arg")?
.execute()
```
### 3. Error Responses - USE ErrorSanitizer
```rust
// ❌ FORBIDDEN
Json(json!({ "error": e.to_string() }))
format!("Database error: {}", e)
// ✅ REQUIRED
use crate::security::error_sanitizer::log_and_sanitize;
let sanitized = log_and_sanitize(&e, "context", None);
(StatusCode::INTERNAL_SERVER_ERROR, sanitized)
```
### 4. SQL - USE sql_guard
```rust
// ❌ FORBIDDEN
format!("SELECT * FROM {}", user_table)
// ✅ REQUIRED
use crate::security::sql_guard::{sanitize_identifier, validate_table_name};
let safe_table = sanitize_identifier(&user_table);
validate_table_name(&safe_table)?;
```
### 5. Rate Limiting Strategy (IMP-07)
- **Default Limits:**
- General: 100 req/s (global)
- Auth: 10 req/s (login endpoints)
- API: 50 req/s (per token)
- **Implementation:**
- MUST use `governor` crate
- MUST implement per-IP and per-User tracking
- WebSocket connections MUST have message rate limits (e.g., 10 msgs/s)
### 6. CSRF Protection (IMP-08)
- **Requirement:** ALL state-changing endpoints (POST, PUT, DELETE, PATCH) MUST require a CSRF token.
- **Implementation:**
- Use `tower_csrf` or similar middleware
- Token MUST be bound to user session
- Double-Submit Cookie pattern or Header-based token verification
- **Exemptions:** API endpoints using Bearer Token authentication (stateless)
### 7. Security Headers (IMP-09)
- **Mandatory Headers on ALL Responses:**
- `Content-Security-Policy`: "default-src 'self'; script-src 'self'; object-src 'none';"
- `Strict-Transport-Security`: "max-age=63072000; includeSubDomains; preload"
- `X-Frame-Options`: "DENY" or "SAMEORIGIN"
- `X-Content-Type-Options`: "nosniff"
- `Referrer-Policy`: "strict-origin-when-cross-origin"
- `Permissions-Policy`: "geolocation=(), microphone=(), camera=()"
### 8. Dependency Management (IMP-10)
- **Pinning:**
- Application crates (`botserver`, `botui`) MUST track `Cargo.lock`
- Library crates (`botlib`) MUST NOT track `Cargo.lock`
- **Versions:**
- Critical dependencies (crypto, security) MUST use exact versions (e.g., `=1.0.1`)
- Regular dependencies MAY use caret (e.g., `1.0`)
- **Auditing:**
- Run `cargo audit` weekly
- Update dependencies only via PR with testing
---
## ✅ Mandatory Code Patterns
### Use Self in Impl Blocks
```rust
impl MyStruct {
fn new() -> Self { Self { } } // ✅ Not MyStruct
}
```
### Derive Eq with PartialEq
```rust
#[derive(PartialEq, Eq)] // ✅ Always both
struct MyStruct { }
```
### Inline Format Args
```rust
format!("Hello {name}") // ✅ Not format!("{}", name)
```
### Combine Match Arms
```rust
match x {
A | B => do_thing(), // ✅ Combine identical arms
C => other(),
}
```
---
## ❌ Absolute Prohibitions
- NEVER search /target folder! It is binary compiled.
- ❌ **NEVER** build in release mode - ONLY debug builds allowed
- ❌ **NEVER** use `--release` flag on ANY cargo command
- ❌ **NEVER** use `--all-targets` with clippy - too slow (1m 44s without vs 10min+ with)
- ❌ **NEVER** use `--all-features` unless testing specific feature gates
- ❌ **ALWAYS** use: `cargo clippy --workspace` (DEBUG mode, lib + bin only)
- ❌ **NEVER** run `cargo build` - use `cargo check` for syntax verification
**Current Status:** ✅ **0 clippy warnings** (down from 61 - PERFECT SCORE in YOLO mode)
- ❌ **NEVER** use `panic!()`, `todo!()`, `unimplemented!()`
- ❌ **NEVER** use `Command::new()` directly - use `SafeCommand`
- ❌ **NEVER** return raw error strings to HTTP clients
- ❌ **NEVER** use `#[allow()]` in source code - FIX the code instead
- ❌ **NEVER** add lint exceptions to `Cargo.toml` - FIX the code instead
- ❌ **NEVER** use `_` prefix for unused variables - DELETE or USE them
- ❌ **NEVER** leave unused imports or dead code
- ❌ **NEVER** use CDN links - all assets must be local
- ❌ **NEVER** create `.md` documentation files without checking `botbook/` first
- ❌ **NEVER** comment out code - FIX it or DELETE it entirely
---
## 📏 File Size Limits - MANDATORY
### Maximum 450 Lines Per File
When a file grows beyond this limit:
1. **Identify logical groups** - Find related functions
2. **Create subdirectory module** - e.g., `handlers/`
3. **Split by responsibility:**
- `types.rs` - Structs, enums, type definitions
- `handlers.rs` - HTTP handlers and routes
- `operations.rs` - Core business logic
- `utils.rs` - Helper functions
- `mod.rs` - Re-exports and configuration
4. **Keep files focused** - Single responsibility
5. **Update mod.rs** - Re-export all public items
**NEVER let a single file exceed 450 lines - split proactively at 350 lines**
---
## 🔥 Error Fixing Workflow
### Mode 1: OFFLINE Batch Fix (PREFERRED)
When given error output:
1. **Read ENTIRE error list first**
2. **Group errors by file**
3. **For EACH file with errors:**
a. View file → understand context
b. Fix ALL errors in that file
c. Write once with all fixes
4. **Move to next file**
5. **REPEAT until ALL errors addressed**
6. **ONLY THEN → verify with build/diagnostics**
**NEVER run cargo build/check/clippy DURING fixing**
**Fix ALL errors OFFLINE first, verify ONCE at the end**
### Mode 2: Interactive Loop
```
LOOP UNTIL (0 warnings AND 0 errors):
1. Run diagnostics → pick file with issues
2. Read entire file
3. Fix ALL issues in that file
4. Write file once with all fixes
5. Verify with diagnostics
6. CONTINUE LOOP
END LOOP
```
---
## 🎭 Playwright Browser Testing - YOLO Mode
**When user requests to start YOLO mode with Playwright:**
1. **Start the browser** - Use `mcp__playwright__browser_navigate` to open http://localhost:3000/{botname}
2. **Take snapshot** - Use `mcp__playwright__browser_snapshot` to see current page state
3. **Test user flows** - Use click, type, fill_form, etc.
4. **Verify results** - Check for expected content, errors in console, network requests
5. **Validate backend** - Check database and services to confirm process completion
6. **Report findings** - Always include screenshot evidence with `browser_take_screenshot`
**Bot-Specific Testing URL Pattern:**
`http://localhost:3000/<botname>`
**Backend Validation Checks:**
After UI interactions, validate backend state via `psql` or `tail` logs.
---
## 🧪 Testing Strategy
### Unit Tests
- **Location**: Each crate has `tests/` directory or inline `#[cfg(test)]` modules
- **Naming**: Test functions use `test_` prefix or describe what they test
- **Running**: `cargo test -p <crate_name>` or `cargo test` for all
### Integration Tests
- **Location**: `bottest/` crate contains integration tests
- **Scope**: Tests full workflows across multiple crates
- **Running**: `cargo test -p bottest`
### Coverage Goals
- **Critical paths**: 80%+ coverage required
- **Error handling**: ALL error paths must have tests
- **Security**: All security guards must have tests
### WhatsApp Integration Testing
#### Prerequisites
1. **Enable WhatsApp Feature**: Build botserver with whatsapp feature enabled:
```bash
cargo build -p botserver --bin botserver --features whatsapp
```
2. **Bot Configuration**: Ensure the bot has WhatsApp credentials configured in `config.csv`:
- `whatsapp-api-key` - API key from Meta Business Suite
- `whatsapp-verify-token` - Custom token for webhook verification
- `whatsapp-phone-number-id` - Phone Number ID from Meta
- `whatsapp-business-account-id` - Business Account ID from Meta
#### Using Localtunnel (lt) as Reverse Proxy
# Check database for message storage
psql -h localhost -U postgres -d botserver -c "SELECT * FROM messages WHERE bot_id = '<bot_id>' ORDER BY created_at DESC LIMIT 5;"
---
## 🐛 Debugging Rules
### 🚨 CRITICAL ERROR HANDLING RULE
**STOP EVERYTHING WHEN ERRORS APPEAR**
When ANY error appears in logs during startup or operation:
1. **IMMEDIATELY STOP** - Do not continue with other tasks
2. **IDENTIFY THE ERROR** - Read the full error message and context
3. **FIX THE ERROR** - Address the root cause, not symptoms
4. **VERIFY THE FIX** - Ensure error is completely resolved
5. **ONLY THEN CONTINUE** - Never ignore or work around errors
**NEVER restart servers to "fix" errors - FIX THE ACTUAL PROBLEM**
### Log Locations
| Component | Log File | What's Logged |
|-----------|----------|---------------|
| **botserver** | `botserver.log` | API requests, errors, script execution, **client navigation events** |
| **botui** | `botui.log` | UI rendering, WebSocket connections |
| **drive_monitor** | In botserver logs with `[drive_monitor]` prefix | File sync, compilation |
| **client errors** | In botserver logs with `CLIENT:` prefix | JavaScript errors, navigation events |
---
## 🎨 Frontend Standards
### HTMX-First Approach
- Use HTMX to minimize JavaScript
- Server returns HTML fragments, not JSON
- Use `hx-get`, `hx-post`, `hx-target`, `hx-swap`
- WebSocket via htmx-ws extension
### Local Assets Only - NO CDN
```html
<!-- ✅ CORRECT -->
<script src="js/vendor/htmx.min.js"></script>
<!-- ❌ WRONG -->
<script src="https://unpkg.com/htmx.org@1.9.10"></script>
```
---
## 🚀 Performance & Size Standards
### Binary Size Optimization
- **Release Profile**: Always maintain `opt-level = "z"`, `lto = true`, `codegen-units = 1`, `strip = true`, `panic = "abort"`.
- **Dependencies**:
- Run `cargo tree --duplicates` weekly
- Run `cargo machete` to remove unused dependencies
- Use `default-features = false` and explicitly opt-in to needed features
### Linting & Code Quality
- **Clippy**: Code MUST pass `cargo clippy --workspace` with **0 warnings**.
- **No Allow**: NEVER use `#[allow(clippy::...)]` in source code - FIX the code instead.
---
## 🔑 Memory & Main Directives
**LOOP AND COMPACT UNTIL 0 WARNINGS - MAXIMUM PRECISION**
- 0 warnings
- 0 errors
- Trust project diagnostics
- Respect all rules
- No `#[allow()]` in source code
- Real code fixes only
**Remember:**
- **OFFLINE FIRST** - Fix all errors from list before compiling
- **BATCH BY FILE** - Fix ALL errors in a file at once
- **WRITE ONCE** - Single edit per file with all fixes
- **VERIFY LAST** - Only compile/diagnostics after ALL fixes
- **DELETE DEAD CODE** - Don't keep unused code around
- **GIT WORKFLOW** - ALWAYS push to ALL repositories (github, pragmatismo)

11651
Cargo.lock generated
View file

File diff suppressed because it is too large Load diff

5
Cargo.toml
View file

@ -109,7 +109,6 @@ url = "2.5"
dirs = "5.0" dirs = "5.0"
tempfile = "3" tempfile = "3"
walkdir = "2.5.0" walkdir = "2.5.0"
notify = "8.0"
# ─── COMPRESSION / ARCHIVES ─── # ─── COMPRESSION / ARCHIVES ───
flate2 = "1.0" flate2 = "1.0"
@ -175,7 +174,7 @@ indicatif = "0.18.0"
# ─── MEMORY ALLOCATOR ─── # ─── MEMORY ALLOCATOR ───
tikv-jemallocator = "0.6" tikv-jemallocator = "0.6"
tikv-jemalloc-ctl = { version = "0.6", default-features = false, features = ["stats"] } tikv-jemalloc-ctl = { version = "0.6", default-features = false }
# ─── SECRETS / VAULT ─── # ─── SECRETS / VAULT ───
vaultrs = "0.7" vaultrs = "0.7"
@ -197,7 +196,7 @@ csv = "1.3"
tonic = { version = "0.14.2", default-features = false } tonic = { version = "0.14.2", default-features = false }
# ─── STATIC FILES ─── # ─── STATIC FILES ───
rust-embed = { version = "8.5", features = ["interpolate-folder-path"] } rust-embed = "8.5"
mime_guess = "2.0" mime_guess = "2.0"
# ─── TAURI (Desktop/Mobile) ─── # ─── TAURI (Desktop/Mobile) ───

204
DEPENDENCIES-DEV.sh Normal file
View file

@ -0,0 +1,204 @@
#!/bin/bash
#
# DEPENDENCIES-DEV.sh - Development Dependencies for General Bots
#
# This script installs additional packages needed for BUILDING botserver from source.
# Only install these if you plan to compile the code yourself.
#
# Usage: sudo ./DEPENDENCIES-DEV.sh
#
set -e
# Colors
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m'
echo -e "${GREEN}========================================${NC}"
echo -e "${GREEN} General Bots Development Dependencies${NC}"
echo -e "${GREEN}========================================${NC}"
# Check root
if [ "$EUID" -ne 0 ]; then
echo -e "${RED}Error: Run as root (use sudo)${NC}"
exit 1
fi
# Detect OS
if [ -f /etc/os-release ]; then
. /etc/os-release
OS=$ID
else
echo -e "${RED}Error: Cannot detect OS${NC}"
exit 1
fi
echo -e "${YELLOW}OS: $OS${NC}"
install_debian_ubuntu() {
apt-get update
apt-get install -y \
build-essential \
gcc \
g++ \
clang \
llvm-dev \
libclang-dev \
cmake \
make \
git \
pkg-config \
libssl-dev \
libpq-dev \
liblzma-dev \
zlib1g-dev \
libabseil-dev \
protobuf-compiler \
libprotobuf-dev \
automake \
bison \
flex \
gperf \
libtool \
m4 \
nasm \
python3 \
python3-pip \
nodejs \
npm
# Cross-compilation toolchains
apt-get install -y \
gcc-aarch64-linux-gnu \
gcc-arm-linux-gnueabihf \
gcc-x86-64-linux-gnu || true
}
install_fedora_rhel() {
dnf groupinstall -y "Development Tools"
dnf install -y \
gcc \
gcc-c++ \
clang \
llvm-devel \
clang-devel \
cmake \
make \
git \
pkgconf-devel \
openssl-devel \
libpq-devel \
xz-devel \
zlib-devel \
abseil-cpp-devel \
protobuf-compiler \
protobuf-devel \
automake \
bison \
flex \
gperf \
libtool \
m4 \
nasm \
python3 \
python3-pip \
nodejs \
npm
}
install_arch() {
pacman -Sy --noconfirm \
base-devel \
gcc \
clang \
llvm \
cmake \
make \
git \
pkgconf \
openssl \
postgresql-libs \
xz \
zlib \
abseil-cpp \
protobuf \
automake \
bison \
flex \
gperf \
libtool \
m4 \
nasm \
python \
python-pip \
nodejs \
npm
}
install_alpine() {
apk add --no-cache \
build-base \
gcc \
g++ \
clang \
llvm-dev \
clang-dev \
cmake \
make \
git \
pkgconf-dev \
openssl-dev \
postgresql-dev \
xz-dev \
zlib-dev \
abseil-cpp-dev \
protobuf-dev \
protoc \
automake \
bison \
flex \
gperf \
libtool \
m4 \
nasm \
python3 \
py3-pip \
nodejs \
npm
}
case $OS in
ubuntu|debian|linuxmint|pop)
install_debian_ubuntu
;;
fedora|rhel|centos|rocky|almalinux)
install_fedora_rhel
;;
arch|manjaro)
install_arch
;;
alpine)
install_alpine
;;
*)
echo -e "${RED}Unsupported OS: $OS${NC}"
echo "Required development packages:"
echo " - build-essential/base-devel"
echo " - gcc, g++, clang"
echo " - cmake, make, git"
echo " - Development headers for:"
echo " - OpenSSL, PostgreSQL, XZ, zlib"
echo " - Abseil, Protobuf, LLVM"
exit 1
;;
esac
echo -e "${GREEN}Development dependencies installed!${NC}"
echo ""
echo "Install Rust if not already installed:"
echo " curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh"
echo ""
echo "Then build with:"
echo " cargo build --release"

249
DEPENDENCIES.sh
View file

@ -1,133 +1,140 @@
#!/bin/bash #!/bin/bash
# #
# DEPENDENCIES.sh - Runtime Dependencies for General Bots # DEPENDENCIES.sh - Runtime Dependencies for General Bots
# #
# This script installs all system packages required to RUN botserver binary. # This script installs all system packages required to RUN botserver binary.
# These are the minimal dependencies needed for production deployment. # These are the minimal dependencies needed for production deployment.
# #
# Usage: sudo ./DEPENDENCIES.sh # Usage: sudo ./DEPENDENCIES.sh
# #
set -e set -e
# Colors # Colors
RED='\033[0;31m' RED='\033[0;31m'
GREEN='\033[0;32m' GREEN='\033[0;32m'
YELLOW='\033[1;33m' YELLOW='\033[1;33m'
NC='\033[0m' NC='\033[0m'
echo -e "${GREEN}========================================${NC}" echo -e "${GREEN}========================================${NC}"
echo -e "${GREEN} General Bots Runtime Dependencies${NC}" echo -e "${GREEN} General Bots Runtime Dependencies${NC}"
echo -e "${GREEN}========================================${NC}" echo -e "${GREEN}========================================${NC}"
# Check root # Check root
if [ "$EUID" -ne 0 ]; then if [ "$EUID" -ne 0 ]; then
echo -e "${RED}Error: Run as root (use sudo)${NC}" echo -e "${RED}Error: Run as root (use sudo)${NC}"
exit 1 exit 1
fi fi
# Detect OS # Detect OS
if [ -f /etc/os-release ]; then if [ -f /etc/os-release ]; then
. /etc/os-release . /etc/os-release
OS=$ID OS=$ID
else else
echo -e "${RED}Error: Cannot detect OS${NC}" echo -e "${RED}Error: Cannot detect OS${NC}"
exit 1 exit 1
fi fi
echo -e "${YELLOW}OS: $OS${NC}" echo -e "${YELLOW}OS: $OS${NC}"
install_debian_ubuntu() { install_debian_ubuntu() {
apt-get update
apt-get install -y \ apt-get install -y \
libpq5 \ libpq5 \
libssl3 \ libssl3 \
liblzma5 \ liblzma5 \
zlib1g \ zlib1g \
ca-certificates \ ca-certificates \
curl \ curl \
wget \ wget \
libclang1 \ libabseil20210324 \
pkg-config \ libclang1 \
snapd pkg-config \
snapd
# LXC for containers
snap install lxd || apt-get install -y lxd || true
# Initialize LXD
if command -v lxd &> /dev/null && ! lxc list &> /dev/null 2>&1; then
lxd init --auto || true
fi
}
install_fedora_rhel() {
dnf install -y \
libpq \
openssl-libs \
xz-libs \
zlib \
ca-certificates \
curl \
wget \
abseil-cpp \
clang-libs \
pkgconf-pkg-config \
lxc \
lxc-templates
}
} install_arch() {
pacman -Sy --noconfirm \
postgresql-libs \
openssl \
xz \
zlib \
ca-certificates \
curl \
wget \
abseil-cpp \
clang \
pkgconf \
lxc
}
install_fedora_rhel() { install_alpine() {
dnf install -y \ apk add --no-cache \
libpq \ libpq \
openssl-libs \ openssl \
xz-libs \ xz-libs \
zlib \ zlib \
ca-certificates \ ca-certificates \
curl \ curl \
wget \ wget \
abseil-cpp \ abseil-cpp \
clang-libs \ clang \
pkgconf-pkg-config \ pkgconf \
lxc \ lxc
lxc-templates }
}
install_arch() { case $OS in
pacman -Sy --noconfirm \ ubuntu|debian|linuxmint|pop)
postgresql-libs \ install_debian_ubuntu
openssl \ ;;
xz \ fedora|rhel|centos|rocky|almalinux)
zlib \ install_fedora_rhel
ca-certificates \ ;;
curl \ arch|manjaro)
wget \ install_arch
abseil-cpp \ ;;
clang \ alpine)
pkgconf \ install_alpine
lxc ;;
} *)
echo -e "${RED}Unsupported OS: $OS${NC}"
echo "Required libraries:"
echo " - libpq (PostgreSQL client)"
echo " - libssl (OpenSSL)"
echo " - liblzma (XZ compression)"
echo " - zlib (compression)"
echo " - abseil-cpp (Google Abseil)"
echo " - clang (LLVM runtime)"
echo " - LXC (containers)"
exit 1
;;
esac
install_alpine() { echo -e "${GREEN}Runtime dependencies installed!${NC}"
apk add --no-cache \ echo ""
libpq \ echo "You can now run:"
openssl \ echo " ./botserver"
xz-libs \
zlib \
ca-certificates \
curl \
wget \
abseil-cpp \
clang \
pkgconf \
lxc
}
case $OS in
ubuntu|debian|linuxmint|pop)
install_debian_ubuntu
;;
fedora|rhel|centos|rocky|almalinux)
install_fedora_rhel
;;
arch|manjaro)
install_arch
;;
alpine)
install_alpine
;;
*)
echo -e "${RED}Unsupported OS: $OS${NC}"
echo "Required libraries:"
echo " - libpq (PostgreSQL client)"
echo " - libssl (OpenSSL)"
echo " - liblzma (XZ compression)"
echo " - zlib (compression)"
echo " - abseil-cpp (Google Abseil)"
echo " - clang (LLVM runtime)"
echo " - LXC (containers)"
exit 1
;;
esac
echo -e "${GREEN}Runtime dependencies installed!${NC}"
echo ""
echo "You can now run:"
echo " ./botserver"

383
PROMPT.md Normal file
View file

@ -0,0 +1,383 @@
# General Bots Workspace - Master Development Guide
**Version:** 6.2.0 - DO NOT CHANGE
**Project:** General Bots Workspace (Rust Monorepo)
---
## 📁 WORKSPACE STRUCTURE
| Crate | Purpose | Port | Tech Stack |
|-------|---------|------|------------|
| **botserver** | Main API server, business logic | 8088 | Axum, Diesel, Rhai BASIC |
| **botui** | Web UI server (dev) + proxy | 3000 | Axum, HTML/HTMX/CSS |
| **botapp** | Desktop app wrapper | - | Tauri 2 |
| **botlib** | Shared library | - | Core types, errors |
| **botbook** | Documentation | - | mdBook |
| **bottest** | Integration tests | - | tokio-test |
| **botdevice** | IoT/Device support | - | Rust |
| **botmodels** | Data models visualization | - | - |
| **botplugin** | Browser extension | - | JS |
### Key Paths
- **Binary:** `target/debug/botserver`
- **Run from:** `botserver/` directory
- **Env file:** `botserver/.env`
- **Stack:** `botserver/botserver-stack/`
- **UI Files:** `botui/ui/suite/`
---
## 🔥 ERROR FIXING WORKFLOW
### Mode 1: OFFLINE Batch Fix (PREFERRED)
When given error output:
```
1. Read ENTIRE error list first
2. Group errors by file
3. For EACH file with errors:
a. View file → understand context
b. Fix ALL errors in that file
c. Write once with all fixes
4. Move to next file
5. REPEAT until ALL errors addressed
6. ONLY THEN → verify with build/diagnostics
```
**NEVER run cargo build/check/clippy DURING fixing**
**Fix ALL errors OFFLINE first, verify ONCE at the end**
### Mode 2: Interactive Loop
```
LOOP UNTIL (0 warnings AND 0 errors):
1. Run diagnostics → pick file with issues
2. Read entire file
3. Fix ALL issues in that file
4. Write file once with all fixes
5. Verify with diagnostics
6. CONTINUE LOOP
END LOOP
```
### Common Error Patterns
| Error | Fix |
|-------|-----|
| `expected i64, found u64` | `value as i64` |
| `expected Option<T>, found T` | `Some(value)` |
| `expected T, found Option<T>` | `value.unwrap_or(default)` |
| `cannot multiply f32 by f64` | `f64::from(f32_val) * f64_val` |
| `no field X on type Y` | Check struct definition |
| `no variant X found` | Check enum definition |
| `function takes N arguments` | Match function signature |
| `cannot find function` | Add missing function or fix import |
| `unused variable` | Delete or use with `..` in patterns |
| `unused import` | Delete the import line |
| `cannot move out of X because borrowed` | Use scoping `{ }` to limit borrow |
---
## 🧠 MEMORY MANAGEMENT
When compilation fails due to memory issues (process "Killed"):
```bash
pkill -9 cargo; pkill -9 rustc; pkill -9 botserver
CARGO_BUILD_JOBS=1 cargo check -p botserver 2>&1 | tail -200
```
---
## 📏 FILE SIZE LIMITS - MANDATORY
### Maximum 1000 Lines Per File
When a file grows beyond this limit:
1. **Identify logical groups** - Find related functions
2. **Create subdirectory module** - e.g., `handlers/`
3. **Split by responsibility:**
- `crud.rs` - Create, Read, Update, Delete
- `ai.rs` - AI/ML handlers
- `export.rs` - Export/import
- `validation.rs` - Validation
- `mod.rs` - Re-exports
4. **Keep files focused** - Single responsibility
5. **Update mod.rs** - Re-export all public items
**NEVER let a single file exceed 1000 lines - split proactively at 800 lines**
---
## 🚀 PERFORMANCE & SIZE STANDARDS
### Binary Size Optimization
- **Release Profile**: Always maintain `opt-level = "z"`, `lto = true`, `codegen-units = 1`, `strip = true`, `panic = "abort"`.
- **Dependencies**:
- Run `cargo tree --duplicates` weekly to find and resolve duplicate versions.
- Run `cargo machete` to remove unused dependencies.
- Use `default-features = false` and explicitly opt-in to needed features.
### Memory Optimization
- **Strings**: Prefer `&str` over `String` where possible. Use `Cow<str>` for conditional ownership.
- **Collections**: Use `Vec::with_capacity` when size is known. Consider `SmallVec` for hot paths.
- **Allocations**: Minimize heap allocations in hot paths.
### Linting & Code Quality
- **Clippy**: Code MUST pass `cargo clippy --all-targets --all-features` with **0 warnings**.
- **No Allow**: Do not use `#[allow(clippy::...)]` unless absolutely necessary and documented. Fix the underlying issue.
---
## 🔐 SECURITY DIRECTIVES - MANDATORY
### Error Handling - NO PANICS IN PRODUCTION
```rust
// ❌ FORBIDDEN
value.unwrap()
value.expect("message")
panic!("error")
todo!()
unimplemented!()
// ✅ REQUIRED
value?
value.ok_or_else(|| Error::NotFound)?
value.unwrap_or_default()
value.unwrap_or_else(|e| { log::error!("{}", e); default })
if let Some(v) = value { ... }
match value { Ok(v) => v, Err(e) => return Err(e.into()) }
```
### Command Execution - USE SafeCommand
```rust
// ❌ FORBIDDEN
Command::new("some_command").arg(user_input).output()
// ✅ REQUIRED
use crate::security::command_guard::SafeCommand;
SafeCommand::new("allowed_command")?
.arg("safe_arg")?
.execute()
```
### Error Responses - USE ErrorSanitizer
```rust
// ❌ FORBIDDEN
Json(json!({ "error": e.to_string() }))
format!("Database error: {}", e)
// ✅ REQUIRED
use crate::security::error_sanitizer::log_and_sanitize;
let sanitized = log_and_sanitize(&e, "context", None);
(StatusCode::INTERNAL_SERVER_ERROR, sanitized)
```
### SQL - USE sql_guard
```rust
// ❌ FORBIDDEN
format!("SELECT * FROM {}", user_table)
// ✅ REQUIRED
use crate::security::sql_guard::{sanitize_identifier, validate_table_name};
let safe_table = sanitize_identifier(&user_table);
validate_table_name(&safe_table)?;
```
---
## ❌ ABSOLUTE PROHIBITIONS
```
❌ NEVER use .unwrap() or .expect() in production code (tests OK)
❌ NEVER use panic!(), todo!(), unimplemented!()
❌ NEVER use Command::new() directly - use SafeCommand
❌ NEVER return raw error strings to HTTP clients
❌ NEVER use #[allow()] in source code - FIX the code instead
❌ NEVER add lint exceptions to Cargo.toml - FIX the code instead
❌ NEVER use _ prefix for unused variables - DELETE or USE them
❌ NEVER leave unused imports or dead code
❌ NEVER add comments - code must be self-documenting
❌ NEVER modify Cargo.toml lints section!
❌ NEVER use CDN links - all assets must be local
```
---
## ✅ MANDATORY CODE PATTERNS
### Use Self in Impl Blocks
```rust
impl MyStruct {
fn new() -> Self { Self { } } // ✅ Not MyStruct
}
```
### Derive Eq with PartialEq
```rust
#[derive(PartialEq, Eq)] // ✅ Always both
struct MyStruct { }
```
### Inline Format Args
```rust
format!("Hello {name}") // ✅ Not format!("{}", name)
```
### Combine Match Arms
```rust
match x {
A | B => do_thing(), // ✅ Combine identical arms
C => other(),
}
```
---
## 🖥️ UI Architecture (botui + botserver)
### Two Servers During Development
| Server | Port | Purpose |
|--------|------|---------|
| **botui** | 3000 | Serves UI files + proxies API to botserver |
| **botserver** | 8088 | Backend API + embedded UI fallback |
### How It Works
```
Browser → localhost:3000 → botui (serves HTML/CSS/JS)
→ /api/* proxied to botserver:8088
→ /suite/* served from botui/ui/suite/
```
### Adding New Suite Apps
1. Create folder: `botui/ui/suite/<appname>/`
2. Add to `SUITE_DIRS` in `botui/src/ui_server/mod.rs`
3. Rebuild botui: `cargo build -p botui`
4. Add menu entry in `botui/ui/suite/index.html`
### Hot Reload
- **UI files (HTML/CSS/JS)**: Edit & refresh browser (no restart)
- **botui Rust code**: Rebuild + restart botui
- **botserver Rust code**: Rebuild + restart botserver
### Production (Single Binary)
When `botui/ui/suite/` folder not found, botserver uses **embedded UI** compiled into binary via `rust-embed`.
---
## 🎨 FRONTEND STANDARDS
### HTMX-First Approach
- Use HTMX to minimize JavaScript
- Server returns HTML fragments, not JSON
- Use `hx-get`, `hx-post`, `hx-target`, `hx-swap`
- WebSocket via htmx-ws extension
### Local Assets Only - NO CDN
```html
<!-- ✅ CORRECT -->
<script src="js/vendor/htmx.min.js"></script>
<!-- ❌ WRONG -->
<script src="https://unpkg.com/htmx.org@1.9.10"></script>
```
### Vendor Libraries Location
```
ui/suite/js/vendor/
├── htmx.min.js
├── htmx-ws.js
├── marked.min.js
└── gsap.min.js
```
---
## 📋 PROJECT-SPECIFIC PROMPTS
Each crate has its own PROMPT.md with specific guidelines:
| Crate | PROMPT.md Location | Focus |
|-------|-------------------|-------|
| botserver | `botserver/PROMPT.md` | API, security, Rhai BASIC |
| botui | `botui/PROMPT.md` | UI, HTMX, CSS design system |
| botapp | `botapp/PROMPT.md` | Tauri, desktop features |
| botlib | `botlib/PROMPT.md` | Shared types, errors |
| botbook | `botbook/PROMPT.md` | Documentation, mdBook |
| bottest | `bottest/PROMPT.md` | Test infrastructure |
### Special Prompts
| File | Purpose |
|------|---------|
| `botserver/src/tasks/PROMPT.md` | AutoTask LLM executor |
| `botserver/src/auto_task/APP_GENERATOR_PROMPT.md` | App generation |
---
## 🚀 STARTING DEVELOPMENT
### Start Both Servers
```bash
# Terminal 1: botserver
cd botserver && cargo run -- --noconsole
# Terminal 2: botui
cd botui && BOTSERVER_URL="http://localhost:8088" cargo run
```
### Build Commands
```bash
# Check single crate
cargo check -p botserver
# Build workspace
cargo build
# Run tests
cargo test -p bottest
```
---
## 📋 CONTINUATION PROMPT
When starting a new session or continuing work:
```
Continue on gb/ workspace. Follow PROMPT.md strictly:
1. Check current state with build/diagnostics
2. Fix ALL warnings and errors - NO #[allow()] attributes
3. Delete unused code, don't suppress warnings
4. Remove unused parameters, don't prefix with _
5. Verify after each fix batch
6. Loop until 0 warnings, 0 errors
```
---
## 🔑 REMEMBER
- **OFFLINE FIRST** - Fix all errors from list before compiling
- **ZERO WARNINGS, ZERO ERRORS** - The only acceptable state
- **FIX, DON'T SUPPRESS** - No #[allow()], no Cargo.toml lint exceptions
- **SECURITY FIRST** - No unwrap, no raw errors, no direct commands
- **READ BEFORE FIX** - Always understand context first
- **BATCH BY FILE** - Fix ALL errors in a file at once
- **WRITE ONCE** - Single edit per file with all fixes
- **VERIFY LAST** - Only compile/diagnostics after ALL fixes
- **DELETE DEAD CODE** - Don't keep unused code around
- **Version 6.2.0** - Do not change without approval
- **GIT WORKFLOW** - ALWAYS push to ALL repositories (github, pragmatismo)

719
README.md
View file

@ -1,644 +1,85 @@
# General Bots Workspace # General Bots Workspace
## ⚠️ CRITICAL SECURITY WARNING **Version:** 6.1.0
**NEVER CREATE FILES WITH SECRETS IN THE REPOSITORY ROOT**
Secret files MUST be placed in `/tmp/` only:
- ✅ `/tmp/vault-token-gb` - Vault root token
- ✅ `/tmp/vault-unseal-key-gb` - Vault unseal key
- ❌ `vault-unseal-keys` - FORBIDDEN (tracked by git)
- ❌ `start-and-unseal.sh` - FORBIDDEN (contains secrets)
**Files added to .gitignore:** `vault-unseal-keys`, `start-and-unseal.sh`, `vault-token-*`
**Why `/tmp/`?**
- Cleared on reboot (ephemeral)
- Not tracked by git
- Standard Unix security practice
- Prevents accidental commits
---
**Version:** 6.2.0
**Type:** Rust Workspace (Monorepo with Independent Subproject Repos) **Type:** Rust Workspace (Monorepo with Independent Subproject Repos)
--- ---
## Overview ## Structure
General Bots is a comprehensive automation platform built with Rust, providing a unified workspace for building AI-powered bots, web interfaces, desktop applications, and integration tools. The workspace follows a modular architecture with independent subprojects that can be developed and deployed separately while sharing common libraries and standards. This workspace contains multiple General Bots projects:
For comprehensive documentation, see **[docs.pragmatismo.com.br](https://docs.pragmatismo.com.br)** or the **[BotBook](./botbook)** for detailed guides, API references, and tutorials.
---
## 📁 Workspace Structure
| Crate | Purpose | Port | Tech Stack |
|-------|---------|------|------------|
| **botserver** | Main API server, business logic | 9000 | Axum, Diesel, Rhai BASIC |
| **botui** | Web UI server (dev) + proxy | 3000 | Axum, HTML/HTMX/CSS |
| **botapp** | Desktop app wrapper | - | Tauri 2 |
| **botlib** | Shared library | - | Core types, errors |
| **botbook** | Documentation | - | mdBook |
| **bottest** | Integration tests | - | tokio-test |
| **botdevice** | IoT/Device support | - | Rust |
| **botmodels** | Data models visualization | - | - |
| **botplugin** | Browser extension | - | JS |
### Key Paths
- **Binary:** `target/debug/botserver`
- **Run from:** `botserver/` directory
- **Env file:** `botserver/.env`
- **Stack:** `botserver-stack/`
- **UI Files:** `botui/ui/suite/`
- **Local Bot Data:** `/opt/gbo/data/` (place `.gbai` packages here)
### Local Bot Data Directory
Place local bot packages in `/opt/gbo/data/` for automatic loading and monitoring:
**Directory Structure:**
``` ```
/opt/gbo/data/ gb/
└── mybot.gbai/ ├── PROMPT.md ← Workspace-level development guide (READ THIS FIRST)
├── mybot.gbdialog/ ├── Cargo.toml ← Workspace configuration
│ ├── start.bas ├── README.md ← This file
│ └── main.bas
└── mybot.gbot/ ├── botapp/ ← Desktop application (Tauri)
└── config.csv ├── botserver/ ← Main server (API + business logic)
``` ├── botlib/ ← Shared library (types, utilities)
├── botui/ ← Web UI (HTML/CSS/JS)
**Features:** ├── botbook/ ← Documentation
- **Auto-loading:** Bots automatically mounted on server startup ├── bottest/ ← Integration tests
- **Auto-compilation:** `.bas` files compiled to `.ast` on change ├── botdevice/ ← Device integration
- **Auto-creation:** New bots automatically added to database ├── botmodels/ ← AI models
- **Hot-reload:** Changes trigger immediate recompilation ├── botplugin/ ← Plugin system
- **Monitored by:** LocalFileMonitor and ConfigWatcher services ├── bottemplates/ ← Templates
└── target/ ← Build artifacts
**Usage:**
1. Create bot directory structure in `/opt/gbo/data/`
2. Add `.bas` files to `<bot_name>.gbai/<bot_name>.gbdialog/`
3. Server automatically detects and loads the bot
4. Optional: Add `config.csv` for bot configuration
---
## 🏗️ BotServer Component Architecture
### 🔧 Infrastructure Components (Auto-Managed)
BotServer automatically installs, configures, and manages all infrastructure components on first run. **DO NOT manually start these services** - BotServer handles everything.
**Automatic Service Lifecycle:**
1. **Start**: When botserver starts, it automatically launches all infrastructure components (PostgreSQL, Vault, MinIO, Valkey, Qdrant, etc.)
2. **Credentials**: BotServer retrieves all service credentials (passwords, tokens, API keys) from Vault
3. **Connection**: BotServer uses these credentials to establish secure connections to each service
4. **Query**: All database queries, cache operations, and storage requests are authenticated using Vault-managed credentials
**Credential Flow:**
```
botserver starts
Launch PostgreSQL, MinIO, Valkey, Qdrant
Connect to Vault
Retrieve service credentials (from database)
Authenticate with each service using retrieved credentials
Ready to handle requests
```
| Component | Purpose | Port | Binary Location | Credentials From |
|-----------|---------|------|-----------------|------------------|
| **Vault** | Secrets management | 8200 | `botserver-stack/bin/vault/vault` | Auto-unsealed |
| **PostgreSQL** | Primary database | 5432 | `botserver-stack/bin/tables/bin/postgres` | Vault → database |
| **MinIO** | Object storage (S3-compatible) | 9000/9001 | `botserver-stack/bin/drive/minio` | Vault → database |
| **Zitadel** | Identity/Authentication | 8300 | `botserver-stack/bin/directory/zitadel` | Vault → database |
| **Qdrant** | Vector database (embeddings) | 6333 | `botserver-stack/bin/vector_db/qdrant` | Vault → database |
| **Valkey** | Cache/Queue (Redis-compatible) | 6379 | `botserver-stack/bin/cache/valkey-server` | Vault → database |
| **Llama.cpp** | Local LLM server | 8081 | `botserver-stack/bin/llm/build/bin/llama-server` | Vault → database |
### 📦 Component Installation System
Components are defined in `botserver/3rdparty.toml` and managed by the `PackageManager` (`botserver/src/core/package_manager/`):
```toml
[components.cache]
name = "Valkey Cache (Redis-compatible)"
url = "https://github.com/valkey-io/valkey/archive/refs/tags/8.0.2.tar.gz"
filename = "valkey-8.0.2.tar.gz"
[components.llm]
name = "Llama.cpp Server"
url = "https://github.com/ggml-org/llama.cpp/releases/download/b7345/llama-b7345-bin-ubuntu-x64.zip"
filename = "llama-b7345-bin-ubuntu-x64.zip"
```
**Installation Flow:**
1. **Download:** Components downloaded to `botserver-installers/` (cached)
2. **Extract/Build:** Binaries placed in `botserver-stack/bin/<component>/`
3. **Configure:** Config files generated in `botserver-stack/conf/<component>/`
4. **Start:** Components started with proper TLS certificates
5. **Monitor:** Components monitored and auto-restarted if needed
**Bootstrap Process:**
- First run: Full bootstrap (downloads, installs, configures all components)
- Subsequent runs: Only starts existing components (uses cached binaries)
- Config stored in: `botserver-stack/conf/system/bootstrap.json`
### 🚀 PROPER STARTUP PROCEDURES
**❌ FORBIDDEN:**
- NEVER manually start infrastructure components (Vault, PostgreSQL, MinIO, etc.)
- NEVER run `cargo run` or `cargo build` for botserver directly without ./restart.sh
- NEVER modify botserver-stack/ files manually (use botserver API)
**✅ REQUIRED:**
**Option 1: Development (Recommended)**
```bash
./restart.sh
```
This script:
1. Kills existing processes cleanly
2. Builds botserver and botui sequentially (no race conditions)
3. Starts botserver in background with logging to `botserver.log`
4. Starts botui in background with logging to `botui.log`
5. Shows process IDs and access URLs
**Option 2: Production/Release**
```bash
# Build release binary first
cargo build --release -p botserver
# Start with release binary
RUST_LOG=info ./target/release/botserver --noconsole 2>&1 | tee botserver.log &
```
**Option 3: Using Exec (Systemd/Supervisord)**
```bash
# In systemd service or similar
ExecStart=/home/rodriguez/src/gb/target/release/botserver --noconsole
```
### 🔒 Component Communication
All components communicate through internal networks with mTLS:
- **Vault**: mTLS for secrets access
- **PostgreSQL**: TLS encrypted connections
- **MinIO**: TLS with client certificates
- **Zitadel**: mTLS for user authentication
Certificates auto-generated in: `botserver-stack/conf/system/certificates/`
### 📊 Component Status
Check component status anytime:
```bash
# Check if all components are running
ps aux | grep -E "vault|postgres|minio|zitadel|qdrant|valkey" | grep -v grep
# View component logs
tail -f botserver-stack/logs/vault/vault.log
tail -f botserver-stack/logs/tables/postgres.log
tail -f botserver-stack/logs/drive/minio.log
# Test component connectivity
cd botserver-stack/bin/vault && ./vault status
cd botserver-stack/bin/cache && ./valkey-cli ping
``` ```
--- ---
## 🏗️ Component Dependency Graph ## CRITICAL: PROMPT.md Files
``` **Each project has a PROMPT.md that defines its development rules.**
┌─────────────────────────────────────────────────────────────────┐
│ Client Layer │
├─────────────────────────────────────────────────────────────────┤
│ botui (Web UI) │ botapp (Desktop) │ botplugin (Ext) │
│ HTMX + Axum │ Tauri 2 Wrapper │ Browser Extension │
└─────────┬───────────────────┬──────────────────┬─────────────────┘
│ │ │
└───────────────────┼──────────────────┘
┌─────────▼─────────┐
│ botlib │
│ (Shared Types) │
└─────────┬─────────┘
┌───────────────────┼───────────────────┐
│ │ │
┌─────▼─────┐ ┌─────▼─────┐ ┌─────▼─────┐
│ botserver │ │ bottest │ │ botdevice │
│ API Core │ │ Tests │ │ IoT/Device │
└───────────┘ └───────────┘ └───────────┘
```
### Dependency Rules The diagnostics tool reads and respects these PROMPT.md files.
| Crate | Depends On | Why | ### Hierarchy
|-------|-----------|-----|
| **botserver** | botlib | Shared types, error handling, models |
| **botui** | botlib | Common data structures, API client |
| **botapp** | botlib | Shared types, desktop-specific utilities |
| **bottest** | botserver, botlib | Integration testing with real components |
| **botdevice** | botlib | Device types, communication protocols |
| **botplugin** | - | Standalone browser extension (JS) |
**Key Principle:** `botlib` contains ONLY shared types and utilities. No business logic. All business logic lives in botserver or specialized crates. 1. **`PROMPT.md`** (this directory) - Workspace-wide rules
2. **`botapp/PROMPT.md`** - Desktop app specifics
3. **`botserver/PROMPT.md`** - Server specifics
4. **`botlib/PROMPT.md`** - Library specifics
5. **`botui/PROMPT.md`** - UI specifics
6. **`botbook/PROMPT.md`** - Documentation specifics
7. **`bottest/PROMPT.md`** - Test specifics
## 📦 Module Responsibility Matrix **ALWAYS read the relevant PROMPT.md before working on a project.**
### botserver/src/ Module Structure ---
| Module | Responsibility | Key Types | Dependencies | ## Main Directive
|--------|---------------|-----------|--------------|
| **core/bot/** | WebSocket handling, bot orchestration | BotOrchestrator, UserMessage | basic, shared |
| **core/session/** | Session management, conversation history | SessionManager, UserSession | shared, database |
| **basic/** | Rhai BASIC scripting engine | ScriptService, Engine | rhai, keywords |
| **basic/keywords/** | BASIC keyword implementations (TALK, HEAR, etc.) | Keyword functions | basic, state |
| **llm/** | Multi-vendor LLM API integration | LLMClient, ModelConfig | reqwest, shared |
| **drive/** | S3 file storage and monitoring | DriveMonitor, compile_tool | s3, basic |
| **security/** | Security guards (command, SQL, error) | SafeCommand, ErrorSanitizer | state |
| **shared/** | Database models, schema definitions | Bot, Session, Message | diesel |
| **tasks/** | AutoTask execution system | TaskRunner, TaskScheduler | core/basic |
| **auto_task/** | LLM-powered app generation | AppGenerator, template engine | llm, tasks |
| **learn/** | Knowledge base management | KBManager, vector storage | database, drive |
| **attendance/** | LLM-assisted customer service | AttendantManager, queue | core/bot |
### Data Flow Patterns **LOOP AND COMPACT UNTIL 0 WARNINGS - MAXIMUM YOLO**
``` - 0 warnings
1. User Request Flow: - 0 errors
Client → WebSocket → botserver/src/core/bot/mod.rs - Trust project diagnostics
- Respect all rules
BotOrchestrator::stream_response() - No `#[allow()]` in source code
- Real code fixes only
┌───────────┴───────────┐
│ │
LLM API Call Script Execution
(llm/mod.rs) (basic/mod.rs)
│ │
└───────────┬───────────┘
Response → WebSocket → Client
2. File Sync Flow:
S3 Drive → drive_monitor/src/drive_monitor/mod.rs
Download .bas files
compile_file() → Generate .ast
Store in ./work/{bot_name}.gbai/
3. Script Execution Flow:
.bas file → ScriptService::compile()
preprocess_basic_script()
engine.compile() → AST
ScriptService::run() → Execute
TALK commands → WebSocket messages
```
### Common Architectural Patterns
| Pattern | Where Used | Purpose |
|---------|-----------|---------|
| **State via Arc<AppState>** | All handlers | Shared async state (DB, cache, config) |
| **Extension(state) extractor** | Axum handlers | Inject Arc<AppState> into route handlers |
| **tokio::spawn_blocking** | CPU-intensive tasks | Offload blocking work from async runtime |
| **WebSocket with split()** | Real-time comms | Separate sender/receiver for WS streams |
| **ErrorSanitizer for responses** | All HTTP errors | Prevent leaking sensitive info in errors |
| **SafeCommand for execution** | Command running | Whitelist-based command validation |
| **Rhai for scripting** | BASIC interpreter | Embeddable scripting language |
| **Diesel ORM** | Database access | Type-safe SQL queries |
| **Redis for cache** | Session data | Fast key-value storage |
| **S3 for storage** | File system | Scalable object storage |
--- ---
## Quick Start ## Quick Start
### 🚀 Simple Startup (ALWAYS USE restart.sh)
```bash ```bash
./restart.sh
```
**⚠️ CRITICAL: ALWAYS use restart.sh - NEVER start servers individually!**
The script handles BOTH servers properly:
1. Stop existing processes cleanly
2. Build botserver and botui sequentially (no race conditions)
3. Start botserver in background → **automatically starts all infrastructure services (PostgreSQL, Vault, MinIO, Valkey, Qdrant)**
4. BotServer retrieves credentials from Vault and authenticates with all services
5. Start botui in background → proxy to botserver
6. Show process IDs and monitoring commands
**Infrastructure services are fully automated - no manual configuration required!**
**Monitor startup:**
```bash
tail -f botserver.log botui.log
```
**Access:**
- Web UI: http://localhost:3000
- API: http://localhost:9000
### 📊 Monitor & Debug
```bash
tail -f botserver.log botui.log
```
**Quick status check:**
```bash
ps aux | grep -E "botserver|botui" | grep -v grep
```
**Quick error scan:**
```bash
grep -E " E |W |CLIENT:" botserver.log | tail -20
```
### 🔧 Manual Startup (If needed)
**⚠️ WARNING: Only use if restart.sh fails. Always prefer restart.sh!**
```bash
cd botserver && cargo run -- --noconsole > ../botserver.log 2>&1 &
cd botui && BOTSERVER_URL="http://localhost:9000" cargo run > ../botui.log 2>&1 &
```
### 🛑 Stop Servers
```bash
pkill -f botserver; pkill -f botui
```
### ⚠️ Common Issues
**Vault init error?** Delete stale state:
```bash
rm -rf botserver-stack/data/vault botserver-stack/conf/vault/init.json && ./restart.sh
```
**Port in use?** Find and kill:
```bash
lsof -ti:9000 | xargs kill -9
lsof -ti:3000 | xargs kill -9
```
**⚠️ IMPORTANT: Stack Services Management**
All infrastructure services (PostgreSQL, Vault, Redis, Qdrant, MinIO, etc.) are **automatically started by botserver** and managed through `botserver-stack/` directory, NOT global system installations. The system uses:
- **Local binaries:** `botserver-stack/bin/` (PostgreSQL, Vault, Redis, etc.)
- **Configurations:** `botserver-stack/conf/`
- **Data storage:** `botserver-stack/data/`
- **Service logs:** `botserver-stack/logs/` (check here for troubleshooting)
- **Credentials:** Stored in Vault, retrieved by botserver at startup
**Do NOT install or reference global PostgreSQL, Redis, or other services.** When botserver starts, it automatically:
1. Launches all required stack services
2. Connects to Vault
3. Retrieves credentials from the `bot_configuration` database table
4. Authenticates with each service using retrieved credentials
5. Begins handling requests with authenticated connections
If you encounter service errors, check the individual service logs in `./botserver-stack/logs/[service]/` directories.
### UI File Deployment - Production Options
**Option 1: Embedded UI (Recommended for Production)**
The `embed-ui` feature compiles UI files directly into the botui binary, eliminating the need for separate file deployment:
```bash
# Build with embedded UI files
cargo build --release -p botui --features embed-ui
# The binary now contains all UI files - no additional deployment needed!
# The botui binary is self-contained and production-ready
```
**Benefits of embed-ui:**
- ✅ Single binary deployment (no separate UI files)
- ✅ Faster startup (no filesystem access)
- ✅ Smaller attack surface
- ✅ Simpler deployment process
**Option 2: Filesystem Deployment (Development Only)**
For development, UI files are served from the filesystem:
```bash
# UI files must exist at botui/ui/suite/
# This is automatically available in development builds
```
**Option 3: Manual File Deployment (Legacy)**
If you need to deploy UI files separately (not recommended):
```bash
# Deploy UI files to production location
./botserver/deploy/deploy-ui.sh /opt/gbo
# Verify deployment
ls -la /opt/gbo/bin/ui/suite/index.html
```
See `botserver/deploy/README.md` for deployment scripts.
### Start Both Servers (Automated)
```bash
# Use restart script (RECOMMENDED)
./restart.sh
```
### Start Both Servers (Manual)
```bash
# Terminal 1: botserver
cd botserver && cargo run -- --noconsole
# Terminal 2: botui
cd botui && BOTSERVER_URL="http://localhost:9000" cargo run
```
### Build Commands
```bash
# Check single crate
cargo check -p botserver
# Build workspace
cargo build cargo build
cargo test
# Run tests
cargo test -p bottest
``` ```
--- ---
## 🤖 AI Agent Guidelines ## Development Workflow
> **For LLM instructions, coding rules, security directives, testing workflows, and error handling patterns, see [AGENTS.md](./AGENTS.md).** 1. Read `PROMPT.md` (workspace-level rules)
2. Read `<project>/PROMPT.md` (project-specific rules)
--- 3. Use diagnostics tool to check warnings
4. Fix all warnings with full file rewrites
## 📖 Glossary 5. Verify with diagnostics after each file
6. Never suppress warnings with `#[allow()]`
| Term | Definition | Usage |
|------|-----------|-------|
| **Bot** | AI agent with configuration, scripts, and knowledge bases | Primary entity in system |
| **Session** | Single conversation instance between user and bot | Stored in `sessions` table |
| **Dialog** | Collection of BASIC scripts (.bas files) for bot logic | Stored in `{bot_name}.gbdialog/` |
| **Tool** | Reusable function callable by LLM | Defined in .bas files, compiled to .ast |
| **Knowledge Base (KB)** | Vector database of documents for semantic search | Managed in `learn/` module |
| **Scheduler** | Time-triggered task execution | Cron-like scheduling in BASIC scripts |
| **Drive** | S3-compatible storage for files | Abstracted in `drive/` module |
| **Rhai** | Embedded scripting language for BASIC dialect | Rhai engine in `basic/` module |
| **WebSocket Adapter** | Component that sends messages to connected clients | `web_adapter` in state |
| **AutoTask** | LLM-generated task automation system | In `auto_task/` and `tasks/` modules |
| **Orchestrator** | Coordinates LLM, tools, KBs, and user input | `BotOrchestrator` in `core/bot/` |
---
## 🖥️ UI Architecture (botui + botserver)
### Two Servers During Development
| Server | Port | Purpose |
|--------|------|---------|
| **botui** | 3000 | Serves UI files + proxies API to botserver |
| **botserver** | 9000 | Backend API + embedded UI fallback |
### How It Works
```
Browser → localhost:3000 → botui (serves HTML/CSS/JS)
→ /api/* proxied to botserver:9000
→ /suite/* served from botui/ui/suite/
```
### Adding New Suite Apps
1. Create folder: `botui/ui/suite/<appname>/`
2. Add to `SUITE_DIRS` in `botui/src/ui_server/mod.rs`
3. Rebuild botui: `cargo build -p botui`
4. Add menu entry in `botui/ui/suite/index.html`
### Hot Reload
- **UI files (HTML/CSS/JS)**: Edit & refresh browser (no restart)
- **botui Rust code**: Rebuild + restart botui
- **botserver Rust code**: Rebuild + restart botserver
### Production (Single Binary)
When `botui/ui/suite/` folder not found, botserver uses **embedded UI** compiled into binary via `rust-embed`.
---
## 🎨 Frontend Standards
### HTMX-First Approach
- Use HTMX to minimize JavaScript
- Server returns HTML fragments, not JSON
- Use `hx-get`, `hx-post`, `hx-target`, `hx-swap`
- WebSocket via htmx-ws extension
### Local Assets Only - NO CDN
```html
<!-- ✅ CORRECT -->
<script src="js/vendor/htmx.min.js"></script>
<!-- ❌ WRONG -->
<script src="https://unpkg.com/htmx.org@1.9.10"></script>
```
### Vendor Libraries Location
```
ui/suite/js/vendor/
├── htmx.min.js
├── htmx-ws.js
├── marked.min.js
└── gsap.min.js
```
---
## 📋 Project-Specific Guidelines
Each crate has its own README.md with specific guidelines:
| Crate | README.md Location | Focus |
|-------|-------------------|-------|
| botserver | `botserver/README.md` | API, security, Rhai BASIC |
| botui | `botui/README.md` | UI, HTMX, CSS design system |
| botapp | `botapp/README.md` | Tauri, desktop features |
| botlib | `botlib/README.md` | Shared types, errors |
| botbook | `botbook/README.md` | Documentation, mdBook |
| bottest | `bottest/README.md` | Test infrastructure |
### Special Prompts
| File | Purpose |
|------|---------|
| `botserver/src/tasks/README.md` | AutoTask LLM executor |
| `botserver/src/auto_task/APP_GENERATOR_PROMPT.md` | App generation |
---
## 📚 Documentation
For complete documentation, guides, and API references:
- **[docs.pragmatismo.com.br](https://docs.pragmatismo.com.br)** - Full online documentation
- **[BotBook](./botbook)** - Local comprehensive guide with tutorials and examples
- **[General Bots Repository](https://github.com/GeneralBots/BotServer)** - Main project repository
---
## 🔧 Immediate Technical Debt
### Critical Issues to Address
1. **Error Handling Debt**: 955 instances of `unwrap()`/`expect()` in production code
2. **Performance Debt**: 12,973 excessive `clone()`/`to_string()` calls
3. **File Size Debt**: 7 files exceed 450 lines (largest: 3220 lines)
4. **Test Coverage**: Missing integration tests for critical paths
5. **Documentation**: Missing inline documentation for complex algorithms
### Weekly Maintenance Tasks
```bash
# Check for duplicate dependencies
cargo tree --duplicates
# Remove unused dependencies
cargo machete
# Check binary size
cargo build --release && ls -lh target/release/botserver
# Performance profiling
cargo bench
# Security audit
cargo audit
```
--- ---
@ -646,57 +87,43 @@ cargo audit
**Note:** Each subproject has its own git repository. This root repository only tracks workspace-level files: **Note:** Each subproject has its own git repository. This root repository only tracks workspace-level files:
- `PROMPT.md` - Development guide
- `Cargo.toml` - Workspace configuration - `Cargo.toml` - Workspace configuration
- `README.md` - This file - `README.md` - This file
- `.gitignore` - Ignore patterns - `.gitignore` - Ignore patterns
- `ADDITIONAL-SUGGESTIONS.md` - Enhancement ideas
- `TODO-*.md` - Task tracking files
Subprojects (botapp, botserver, botui, etc.) are **independent repositories referenced as git submodules**. Subprojects (botapp, botserver, etc.) are **not** git submodules - they are independent repositories.
### ⚠️ CRITICAL: Submodule Push Workflow
When making changes to any submodule (botserver, botui, botlib, etc.):
1. **Commit and push changes within the submodule directory:**
```bash
cd botserver
git add .
git commit -m "Your changes"
git push pragmatismo main
git push github main
```
2. **Update the global gb repository submodule reference:**
```bash
cd .. # Back to gb root
git add botserver
git commit -m "Update botserver submodule to latest commit"
git push pragmatismo main
git push github main
```
**Failure to push the global gb repository will cause submodule changes to not trigger CI/CD pipelines.**
Both repositories must be pushed for changes to take effect in production.
--- ---
## Development Workflow ## Rules Summary
1. Read this README.md (workspace structure) ```
2. Read **[AGENTS.md](./AGENTS.md)** (coding rules & workflows) ✅ FULL FILE REWRITES ONLY
3. **BEFORE creating any .md file, search botbook/ for existing documentation** ✅ BATCH ALL FIXES BEFORE WRITING
4. Read `<project>/README.md` (project-specific rules) ✅ VERIFY WITH DIAGNOSTICS AFTER EACH FILE
5. Use diagnostics tool to check warnings ✅ TRUST PROJECT DIAGNOSTICS
6. Fix all warnings with full file rewrites ✅ RESPECT ALL RULES
7. Verify with diagnostics after each file
8. Never suppress warnings with `#[allow()]` ❌ NEVER use #[allow()] in source code
❌ NEVER use partial edits
❌ NEVER run cargo check/clippy manually
❌ NEVER leave unused code
❌ NEVER use .unwrap()/.expect()
❌ NEVER use panic!/todo!/unimplemented!()
❌ NEVER add comments
```
--- ---
## Links
- Main Server: http://localhost:8081
- Desktop App: Uses Tauri to wrap botui
- Documentation: See botbook/
---
## License ## License
See individual project repositories for license information. See individual project repositories for license information.

2
botapp

@ -1 +1 @@
Subproject commit 66ea6cffbc98b4c10449104806a80d368e3460d4 Subproject commit 1a1e17fa1012e4db10a0f716c9b63a03b4863c9f

2
botbook

@ -1 +1 @@
Subproject commit c312a30461841e7116be7c5fbb20d304ef9f6700 Subproject commit 827e011ac05084396aaf2c3098409bf5e02b5cf9

2
botdevice

@ -1 +1 @@
Subproject commit f8e52bacd2c197ce14e5814f284d34432c71aef2 Subproject commit 97778e06dd804be55ff761c7fe2788af0ef50626

2
botlib

@ -1 +1 @@
Subproject commit 4ce639331bdbe1feafb22a0a5667d36dd9ef2ca3 Subproject commit bfaa68dc35e96ced2915d43ffe6fca8267a9a598

2
botmodels

@ -1 +1 @@
Subproject commit e37554087e8ead3ced2a95847a1fa8e2a1bb4448 Subproject commit 462a6dfa51b12f22e87712e613a559f66f9013cb

2
botplugin

@ -1 +1 @@
Subproject commit 1727e48307fdb7b54c726af8cd6b12669764e908 Subproject commit 17a3caebabddbe843c2b7fd93f624b0ccd9c44fb

2
botserver

@ -1 +1 @@
Subproject commit ad4aca21ffec3de5db510317aa1e366a15c50499 Subproject commit 84458b2a6905af7db72b15f5e833bb7942ccdaa9

2
bottemplates

@ -1 +1 @@
Subproject commit 5db33107da0572ce844a5af3cd83093f10dbce0d Subproject commit dd3d8c74dd58a1cc6d6b18d22108819519aaf9c3

2
bottest

@ -1 +1 @@
Subproject commit d03e13d2eb77ed0343509e0b55f50d17d511c612 Subproject commit 706391b272e0fb7c5b2646cc4cc72180195e07f4

2
botui

@ -1 +1 @@
Subproject commit b01a02d396b941151000126a708b5e886b3b36da Subproject commit 661edc09fa1063673e84b63d2dcb5cfbe0f91232

8
out.txt
View file

@ -1,8 +0,0 @@
data: {"candidates": [{"content": {"role": "model","parts": [{"text": "Hello!"}]}}],"usageMetadata": {"trafficType": "ON_DEMAND"},"modelVersion": "gemini-3.1-flash-lite-preview","createTime": "2026-03-10T14:54:45.066123Z","responseId": "tTCwacuEBMvnitYP06qsgQY"}
data: {"candidates": [{"content": {"role": "model","parts": [{"text": " How can I help you today"}]}}],"usageMetadata": {"trafficType": "ON_DEMAND"},"modelVersion": "gemini-3.1-flash-lite-preview","createTime": "2026-03-10T14:54:45.066123Z","responseId": "tTCwacuEBMvnitYP06qsgQY"}
data: {"candidates": [{"content": {"role": "model","parts": [{"text": "?"}]}}],"usageMetadata": {"trafficType": "ON_DEMAND"},"modelVersion": "gemini-3.1-flash-lite-preview","createTime": "2026-03-10T14:54:45.066123Z","responseId": "tTCwacuEBMvnitYP06qsgQY"}
data: {"candidates": [{"content": {"role": "model","parts": [{"text": "","thoughtSignature": "AY89a18iOcFus5wr5bW5xN6zZ4aUiCyhgmg6HE2YjtYDV/dwZ5oZlZHeTmiUKv34qq0="}]},"finishReason": "STOP"}],"usageMetadata": {"promptTokenCount": 1,"candidatesTokenCount": 9,"totalTokenCount": 10,"trafficType": "ON_DEMAND","promptTokensDetails": [{"modality": "TEXT","tokenCount": 1}],"candidatesTokensDetails": [{"modality": "TEXT","tokenCount": 9}]},"modelVersion": "gemini-3.1-flash-lite-preview","createTime": "2026-03-10T14:54:45.066123Z","responseId": "tTCwacuEBMvnitYP06qsgQY"}

18
package-lock.json generated
View file

@ -1,18 +0,0 @@
{
"name": "gb",
"lockfileVersion": 3,
"requires": true,
"packages": {
"": {
"dependencies": {
"monaco-editor": "^0.45.0"
}
},
"node_modules/monaco-editor": {
"version": "0.45.0",
"resolved": "https://registry.npmjs.org/monaco-editor/-/monaco-editor-0.45.0.tgz",
"integrity": "sha512-mjv1G1ZzfEE3k9HZN0dQ2olMdwIfaeAAjFiwNprLfYNRSz7ctv9XuCT7gPtBGrMUeV1/iZzYKj17Khu1hxoHOA==",
"license": "MIT"
}
}
}

5
package.json
View file

@ -1,5 +0,0 @@
{
"dependencies": {
"monaco-editor": "^0.45.0"
}
}

737
prompts/BOTCODER_ANALYSIS.md
View file

@ -1,737 +0,0 @@
# BotCoder Multi-Agent OS - Architecture Analysis
## Executive Summary
Based on analysis of **botserver** (Rust backend), **botui** (Web UI), and **botapp** (Tauri Desktop), we can architect **BotCoder** as a unified multi-agent operating system that leverages the existing Mantis Farm infrastructure while adding code-specific capabilities similar to Claude Code.
---
## Current Architecture Analysis
### 1. BotServer (Rust Backend) - `botserver/src/auto_task/`
#### Multi-Agent Pipeline (The "Mantis Farm")
**File:** `orchestrator.rs` (1147 lines)
The orchestrator implements a **5-stage multi-agent pipeline**:
```
┌─────────────────────────────────────────────────────────────┐
│ ORCHESTRATOR PIPELINE │
├─────────────────────────────────────────────────────────────┤
│ │
│ Stage 1: PLAN ────────► Mantis #1 (Planner) │
│ - Analyze user request │
│ - Break down into sub-tasks │
│ - Identify tables, pages, tools, schedulers │
│ - Derive enterprise-grade work breakdown │
│ │
│ Stage 2: BUILD ───────► Mantis #2 (Builder) │
│ - Generate application code │
│ - Create HTML/CSS/JS files │
│ - Define database schema │
│ - Build tools & schedulers │
│ │
│ Stage 3: REVIEW ───────► Mantis #3 (Reviewer) │
│ - Validate code quality │
│ - Check HTMX patterns │
│ - Verify security │
│ - Ensure no hardcoded data │
│ │
│ Stage 4: DEPLOY ───────► Mantis #4 (Deployer) │
│ - Deploy application │
│ - Verify accessibility │
│ - Confirm static assets loading │
│ │
│ Stage 5: MONITOR ───────► Mantis #1 (Planner) │
│ - Setup health monitoring │
│ - Track error rates │
│ - Monitor response times │
│ │
└─────────────────────────────────────────────────────────────┘
```
#### Agent Status System
**Agent States:**
- **WILD** - Uninitialized agent
- **BRED** - Agent created and ready
- **EVOLVED** - Agent has completed work successfully
- **WORKING** - Agent actively processing
- **DONE** - Agent finished
- **FAILED** - Agent encountered error
**Agent Roles:**
```rust
pub enum AgentRole {
Planner, // Mantis #1 - Architect & Analyst
Builder, // Mantis #2 - Code Generator
Reviewer, // Mantis #3 - QA & Validation
Deployer, // Mantis #4 - Deployment
Monitor, // Mantis #1 (reused) - Health checks
}
```
#### Agent Executor (Container-Based)
**File:** `agent_executor.rs` (115 lines)
Provides **containerized execution environment** for agents:
```rust
pub struct AgentExecutor {
pub state: Arc<AppState>,
pub session_id: String,
pub task_id: String,
container: Option<ContainerSession>,
}
```
**Capabilities:**
- ✅ Spawn containerized terminal sessions
- ✅ Execute shell commands
- ✅ Broadcast terminal output via WebSocket
- ✅ Browser automation integration (chromiumoxide)
- ✅ Real-time progress updates
**WebSocket Events:**
- `terminal_output` - stdout/stderr from agent
- `thought_process` - agent reasoning/thinking
- `step_progress` - pipeline stage progress (1/5, 2/5...)
- `browser_ready` - browser automation available
- `agent_thought` - agent-specific thoughts
- `agent_activity` - structured activity logs
- `task_node` - task breakdown visualization
#### Intent Classification
**File:** `intent_classifier.rs`
Classifies user requests into types:
- **APP_CREATE** - Generate new application
- **APP_MODIFY** - Modify existing app
- **CODE_REVIEW** - Review code
- **DEBUG** - Debug issues
- **DEPLOY** - Deploy application
- **ANALYZE** - Analyze codebase
**Entity Extraction:**
- Tables (database schema)
- Features (UI components)
- Pages (routes/views)
- Tools (business logic)
- Schedulers (background jobs)
#### App Generator
**File:** `app_generator.rs` (3400+ lines)
**LLM-powered code generation:**
- Generates HTMX applications
- Creates database schemas
- Builds REST API endpoints
- Generates BASIC tools
- Creates scheduled jobs
- Produces E2E tests
**Output:**
```rust
pub struct GeneratedApp {
pub name: String,
pub description: String,
pub tables: Vec<TableDefinition>,
pub pages: Vec<GeneratedPage>,
pub tools: Vec<GeneratedTool>,
pub schedulers: Vec<SchedulerDefinition>,
}
```
#### Designer AI
**File:** `designer_ai.rs`
Runtime code modifications with:
- Undo/redo support
- Real-time UI editing
- Visual layout changes
- Style modifications
#### Safety Layer
**File:** `safety_layer.rs`
- Constraint checking
- Simulation before execution
- Audit trail
- Approval workflows
---
### 2. BotUI (Web Interface) - `botui/ui/suite/`
#### Vibe Builder UI
**File:** `partials/vibe.html` (47KB)
**Components:**
1. **Pipeline Tabs** - Plan/Build/Review/Deploy/Monitor stages
2. **Agents Sidebar** - Mantis #1-4 status cards
3. **Workspaces List** - Project management
4. **Canvas Area** - Task node visualization
5. **Chat Overlay** - Real-time communication with agents
**Agent Cards Display:**
```html
<div class="as-agent-card" data-agent-id="1">
<div class="as-agent-header">
<span class="as-status-dot green"></span>
<span class="as-agent-name">Mantis #1</span>
</div>
<div class="as-agent-body">
<span class="as-agent-icons">👀 ⚙️ ⚡</span>
<span class="as-badge badge-evolved">EVOLVED</span>
</div>
</div>
```
**WebSocket Integration:**
```javascript
// Connect to task progress stream
const ws = new WebSocket(`ws://localhost:8080/ws/task-progress/${taskId}`);
ws.onmessage = (event) => {
const data = JSON.parse(event.data);
handleTaskProgress(data);
};
// Event types handled:
// - pipeline_start
// - pipeline_complete
// - step_progress (1/5, 2/5, ...)
// - agent_thought
// - agent_activity
// - task_node
// - terminal_output
// - manifest_update
```
**Real-time Updates:**
- Agent status changes (WILD → BRED → WORKING → EVOLVED)
- Task node visualization (plan breakdown)
- Terminal output streaming
- Progress indicators
- File generation notifications
#### Other UI Components
- `chat.html` - Chat interface for agent interaction
- `editor-inner.html` - Code editor (currently textarea, needs Monaco)
- `explorer-inner.html` - File browser
- `settings.html` - Configuration
- `tasks.html` - Task management
- `desktop-inner.html` - Desktop integration
---
### 3. BotApp (Desktop) - `botapp/src/`
**Tauri-based desktop application** with:
- System tray integration
- Service monitoring
- File system access
- Desktop sync (rclone)
- Native notifications
**Main Features:**
```rust
// Desktop service monitoring
pub struct ServiceMonitor {
services: HashMap<String, ServiceStatus>,
}
// Tray management
pub struct TrayManager {
mode: RunningMode, // Server | Desktop | Client
}
// Drive integration
mod drive {
list_files()
upload_file()
create_folder()
}
// Sync integration
mod sync {
get_sync_status()
start_sync()
configure_remote()
}
```
---
## BotCoder Multi-Agent OS Architecture
### Vision
**BotCoder** = **Vibe Builder** + **Code-Specific Agents** + **Professional Tools**
Create a complete development environment that:
1. Uses the existing Mantis Farm infrastructure
2. Adds specialized coding agents (similar to Claude Code)
3. Provides professional editor experience (Monaco, terminal, git, etc.)
4. Supports both internal (GB Platform) and external (Forgejo) deployment
---
## Proposed BotCoder Agent Ecosystem
### Core Mantis Farm (Keep Existing)
```
Mantis #1: Planner & Orchestrator ───► Already exists in botserver
Mantis #2: Code Generator ───► Already exists (AppGenerator)
Mantis #3: Reviewer & Validator ───► Already exists
Mantis #4: Deployer ───► Already exists
```
### New Specialized Agents (Add to BotCoder)
```
┌─────────────────────────────────────────────────────────────────┐
│ BOTCODER AGENTS │
├─────────────────────────────────────────────────────────────────┤
│ │
│ Mantis #5: Editor Agent ───► File operations │
│ - Multi-file editing │
│ - Syntax awareness │
│ - Refactoring support │
│ - Code completion │
│ │
│ Mantis #6: Database Agent ───► Schema operations │
│ - Query optimization │
│ - Migration management │
│ - Data visualization │
│ - Index suggestions │
│ │
│ Mantis #7: Git Agent ───► Version control │
│ - Commit analysis │
│ - Branch management │
│ - Conflict resolution │
│ - Code archaeology │
│ │
│ Mantis #8: Test Agent ───► Quality assurance │
│ - Test generation │
│ - Coverage analysis │
│ - E2E testing (chromiumoxide) │
│ - Performance profiling │
│ │
│ Mantis #9: Browser Agent ───► Web automation │
│ - Page recording │
│ - Element inspection │
│ - Performance monitoring │
│ - SEO checking │
│ │
│ Mantis #10: Terminal Agent ───► Command execution │
│ - Shell command execution │
│ - Build system integration │
│ - Package management │
│ - Docker orchestration │
│ │
│ Mantis #11: Documentation Agent ───► Docs & comments │
│ - Auto-generate docs │
│ - Comment quality check │
│ - README generation │
│ - API documentation │
│ │
│ Mantis #12: Security Agent ───► Security auditing │
│ - Vulnerability scanning │
│ - Dependency analysis │
│ - Secret detection │
│ - OWASP compliance │
│ │
└─────────────────────────────────────────────────────────────────┘
```
---
## BotCoder Architecture
### Backend (Rust)
```
botserver/src/
├── auto_task/ # EXISTING - Mantis Farm
│ ├── orchestrator.rs # Keep - Multi-agent pipeline
│ ├── agent_executor.rs # Keep - Container execution
│ ├── app_generator.rs # Keep - LLM code gen
│ ├── designer_ai.rs # Keep - Runtime edits
│ ├── intent_classifier.rs # Keep - Request classification
│ └── safety_layer.rs # Keep - Constraint checking
├── botcoder/ # NEW - BotCoder-specific agents
│ ├── mod.rs
│ ├── editor_agent.rs # Mantis #5 - File operations
│ ├── database_agent.rs # Mantis #6 - Schema ops
│ ├── git_agent.rs # Mantis #7 - Version control
│ ├── test_agent.rs # Mantis #8 - Testing
│ ├── browser_agent.rs # Mantis #9 - Web automation
│ ├── terminal_agent.rs # Mantis #10 - Command exec
│ ├── docs_agent.rs # Mantis #11 - Documentation
│ └── security_agent.rs # Mantis #12 - Security
├── deployment/ # NEW - From vibe.md Phase 0
│ ├── mod.rs # DeploymentRouter
│ ├── forgejo.rs # ForgejoClient
│ ├── api.rs # Deployment endpoints
│ └── templates.rs # CI/CD workflows
├── api/ # EXTEND - Add BotCoder APIs
│ ├── editor.rs # Monaco integration
│ ├── database.rs # DB UI backend
│ ├── git.rs # Git operations
│ ├── browser.rs # Browser automation
│ └── terminal.rs # WebSocket terminals
└── browser/ # NEW - From vibe.md Phase 4
├── mod.rs # BrowserSession
├── recorder.rs # ActionRecorder
├── validator.rs # TestValidator
└── api.rs # HTTP endpoints
```
### Frontend (Web + Desktop)
```
botui/ui/suite/
├── partials/
│ ├── vibe.html # EXISTING - Agent sidebar
│ ├── vibe-deployment.html # NEW - Deployment modal
│ ├── editor.html # NEW - Monaco editor
│ ├── database.html # NEW - Schema visualizer
│ ├── git-status.html # NEW - Git operations
│ ├── git-diff.html # NEW - Diff viewer
│ ├── browser-controls.html # NEW - Browser automation
│ └── terminal.html # NEW - Enhanced terminal
├── js/
│ ├── vibe.js # EXISTING - Vibe logic
│ ├── deployment.js # NEW - Deployment handler
│ ├── editor.js # NEW - Monaco integration
│ ├── database.js # NEW - DB visualization
│ ├── git.js # NEW - Git operations
│ ├── browser.js # NEW - Browser automation
│ └── terminal.js # NEW - Terminal (xterm.js)
└── css/
├── agents-sidebar.css # EXISTING - Mantis cards
├── deployment.css # NEW - Deployment styles
├── editor.css # NEW - Editor styles
├── database.css # NEW - DB UI styles
└── terminal.css # NEW - Terminal styles
```
---
## Integration Strategy
### Option 1: BotCoder as Separate Repository (Recommended)
```
gb/
├── botserver/ # Existing - Backend services
├── botui/ # Existing - Web UI
├── botapp/ # Existing - Desktop app
└── botcoder/ # NEW - Multi-agent IDE
├── Cargo.toml
├── src/
│ ├── main.rs
│ ├── agents/ # BotCoder agents
│ ├── editor/ # Editor integration
│ └── workspace/ # Workspace management
└── ui/
├── src/
│ ├── components/ # React/Vue components
│ ├── pages/ # IDE pages
│ └── lib/
└── index.html
```
**Pros:**
- Clean separation of concerns
- Independent release cycle
- Can be deployed standalone
- Easier to maintain
**Cons:**
- Duplicate some botserver code
- Need to share common libs
### Option 2: BotCoder as Module in BotServer
```
botserver/src/
├── auto_task/ # Existing Mantis Farm
└── botcoder/ # New BotCoder module
├── mod.rs
├── agents/
├── editor/
└── workspace/
```
**Pros:**
- Share existing infrastructure
- Single deployment
- Unified WebSocket channels
**Cons:**
- Tighter coupling
- Larger monolith
### Recommendation: **Option 1 (Separate Repo)**
But share common libraries via a `botlib` crate:
```
gb/
├── botlib/ # Shared utilities
│ ├── src/
│ │ ├── agents/ # Agent traits
│ │ ├── llm/ # LLM clients
│ │ └── websocket/ # WebSocket utils
│ └── Cargo.toml
├── botserver/ # Uses botlib
├── botui/ # Uses botlib
├── botapp/ # Uses botlib
└── botcoder/ # Uses botlib ← NEW
```
---
## BotCoder Features vs Vibe Builder
### Vibe Builder (Existing)
- ✅ Multi-agent pipeline (Mantis #1-4)
- ✅ App generation (HTMX apps)
- ✅ WebSocket real-time updates
- ✅ Agent status visualization
- ✅ Task breakdown
- ✅ Deployment (internal GB platform)
### BotCoder (Add)
- 📝 **Monaco Editor** - Professional code editing
- 🗄️ **Database UI** - Schema visualization
- 🐙 **Git Operations** - Version control UI
- 🌐 **Browser Automation** - Testing & recording
- 📂 **Multi-File Workspace** - Tab management
- 🖥️ **Enhanced Terminal** - xterm.js integration
- 🚀 **Dual Deployment** - Internal + Forgejo
- 🔒 **Security Scanning** - Vulnerability detection
- 📚 **Auto-Documentation** - Generate docs
- 🧪 **E2E Testing** - chromiumoxide integration
---
## BotCoder Multi-Agent Workflow Example
### User Request: "Create a CRM with contacts and deals"
```
1. CLASSIFY
└─ Intent: APP_CREATE
└─ Entities: { tables: [contacts, deals], features: [Contact Manager, Deal Pipeline] }
2. PLAN (Mantis #1 - Planner)
├─ Break down into 12 sub-tasks
├─ Create task nodes
└─ Estimate: 45 files, 98k tokens, 2.5 hours
3. BUILD (Mantis #2 - Builder)
├─ Generate HTML/CSS/JS files
├─ Create database schema
├─ Build REST API endpoints
└─ Output: /apps/my-crm/
4. CODE REVIEW (Mantis #3 - Reviewer)
├─ Check HTMX patterns
├─ Verify security
├─ Validate error handling
└─ Status: PASSED
5. OPTIMIZE (Mantis #5 - Editor Agent) ← NEW
├─ Analyze code structure
├─ Suggest refactorings
├─ Apply safe optimizations
└─ Generate PR
6. TEST (Mantis #8 - Test Agent) ← NEW
├─ Generate unit tests
├─ Create E2E tests (chromiumoxide)
├─ Measure coverage
└─ Status: 87% coverage
7. SECURITY CHECK (Mantis #12 - Security Agent) ← NEW
├─ Scan vulnerabilities
├─ Check dependencies
├─ Detect secrets
└─ Status: 0 issues found
8. DEPLOY (Mantis #4 - Deployer)
├─ Choose deployment target
│ ├─ Internal GB Platform ← Selected
│ └─ External Forgejo (optional)
├─ Deploy to /apps/my-crm/
└─ Verify accessibility
9. DOCUMENT (Mantis #11 - Documentation Agent) ← NEW
├─ Generate README.md
├─ Create API docs
├─ Add code comments
└─ Output: /docs/
10. MONITOR (Mantis #1 - Planner)
├─ Setup uptime monitoring
├─ Track error rates
├─ Monitor response times
└─ Status: ACTIVE
```
---
## Technical Implementation Plan
### Phase 1: Core BotCoder Infrastructure (Week 1)
**Tasks:**
1. Create `botcoder/` repository structure
2. Implement `botlib` shared crate
3. Add Mantis #5-12 agent stubs
4. Extend WebSocket protocol for new agents
5. Update orchestrator to support 12 agents
**Deliverables:**
- ✅ BotCoder repo initialized
- ✅ Agent trait system defined
- ✅ WebSocket events extended
- ✅ Orchestrator handles 12-agent pipeline
### Phase 2: Editor & Database UI (Week 2)
**Tasks:**
1. Integrate Monaco Editor (replace textarea)
2. Build database schema visualizer
3. Add query builder UI
4. Implement Mantis #5 (Editor Agent)
5. Implement Mantis #6 (Database Agent)
**Deliverables:**
- ✅ Monaco loads with syntax highlighting
- ✅ ER diagram shows tables/relationships
- ✅ Query builder generates SQL
- ✅ Editor agent can refactor code
- ✅ Database agent optimizes queries
### Phase 3: Git & Browser Automation (Week 3)
**Tasks:**
1. Build git operations UI
2. Implement diff viewer
3. Add browser automation panel (chromiumoxide)
4. Implement Mantis #7 (Git Agent)
5. Implement Mantis #9 (Browser Agent)
**Deliverables:**
- ✅ Git status shows changes
- ✅ Diff viewer displays side-by-side
- ✅ Browser automation records actions
- ✅ Git agent manages branches
- ✅ Browser agent generates Playwright tests
### Phase 4: Testing, Security & Docs (Week 4)
**Tasks:**
1. Implement test generation
2. Add security scanning
3. Build documentation generator
4. Implement Mantis #8 (Test Agent)
5. Implement Mantis #12 (Security Agent)
6. Implement Mantis #11 (Docs Agent)
**Deliverables:**
- ✅ Test agent generates coverage reports
- ✅ Security agent scans vulnerabilities
- ✅ Docs agent generates README
- ✅ E2E tests run via chromiumoxide
### Phase 5: Deployment Integration (Week 5)
**Tasks:**
1. Implement deployment router (from vibe.md Phase 0)
2. Add Forgejo integration
3. Build deployment UI
4. Integrate with existing Mantis #4 (Deployer)
**Deliverables:**
- ✅ Can deploy internally to /apps/
- ✅ Can deploy externally to Forgejo
- ✅ CI/CD pipelines auto-generated
- ✅ Deployment choice in UI
---
## Success Metrics
### Agent Performance
- ⚡ Pipeline completes in < 2 minutes
- 🎯 95%+ task success rate
- 🔄 < 5% agent failures requiring retry
- 📊 Real-time progress updates < 100ms latency
### Code Quality
- ✅ 80%+ test coverage
- 🔒 0 critical vulnerabilities
- 📝 100% documented public APIs
- 🚀 < 30s deployment time
### User Experience
- 💬 Natural language → working app
- 🎨 Beautiful UI by default
- 🔧 Professional tools (Monaco, terminal, git)
- 📱 Works on desktop + web
---
## Comparison: BotCoder vs Claude Code
| Feature | BotCoder | Claude Code |
|---------|----------|-------------|
| Multi-agent pipeline | ✅ 12 specialized agents | ❌ Single agent |
| Visual agent status | ✅ Real-time Mantis cards | ❌ No agent visibility |
| App generation | ✅ Full-stack (HTMX + DB) | ✅ Code generation only |
| Database UI | ✅ Schema visualizer | ❌ No DB tools |
| Git operations | ✅ Dedicated agent (Mantis #7) | ✅ Git integration |
| Browser automation | ✅ chromiumoxide + Mantis #9 | ✅ Playwright support |
| Deployment options | ✅ Dual (Internal + Forgejo) | ❌ No deployment |
| Desktop app | ✅ Tauri (botapp) | ❌ CLI only |
| Multi-user | ✅ SaaS platform | ❌ Single user |
| Visual workspace | ✅ Vibe Builder | ❌ Terminal only |
| Agent reasoning | ✅ Transparent thoughts | ❌ Black box |
---
## Conclusion
**BotCoder** can leverage the existing **Mantis Farm** infrastructure in `botserver` while adding specialized coding agents and professional tools. The architecture is:
1. **Foundation:** Existing orchestrator.rs (1147 lines) - 5-stage pipeline
2. **Extension:** Add 7 new specialized agents (Mantis #5-12)
3. **UI:** Extend vibe.html with editor, database, git, browser panels
4. **Desktop:** Integrate with botapp for native experience
5. **Deployment:** Dual deployment (internal GB Platform + external Forgejo)
**Estimated Effort:** 5 weeks (following vibe.md roadmap)
**Result:** A complete multi-agent development environment that exceeds Claude Code's capabilities while offering visual agent management, dual deployment, and multi-user SaaS architecture.

955
prompts/BOTCODER_HYBRID_ARCHITECTURE.md
View file

@ -1,955 +0,0 @@
# BotCoder Hybrid Architecture v2.0
## CLI + Optional Multi-Agent Facade (BYOK vs BotServer)
## Executive Summary
**BotCoder** exists as a **terminal-based AI coding agent** with real-time streaming and tool execution. This document outlines how to extend it into a **hybrid CLI/multi-agent OS** that can:
1. **Work standalone (BYOK)** - Direct LLM access, local execution
2. **Use botserver facade** - Leverage Mantis Farm agents when available
3. **Switch dynamically** - Fall back to local if botserver unavailable
---
## Current BotCoder Architecture
### Existing CLI Implementation (`/home/rodriguez/src/pgm/botcoder`)
**Dependencies:**
```toml
tokio = "1.42" # Async runtime
reqwest = "0.12" # HTTP client
ratatui = "0.29" # TUI framework
crossterm = "0.29" # Terminal handling
futures = "0.3" # Async utilities
regex = "1.10" # Pattern matching
```
**Core Features:**
- ✅ Real-time streaming LLM responses
- ✅ Tool execution (read_file, execute_command, write_file)
- ✅ Delta format parsing (git-style diffs)
- ✅ TPM rate limiting
- ✅ Conversation history management
- ✅ Animated TUI with ratatui
**Tool Support:**
```rust
// Currently supported tools
fn execute_tool(tool: &str, param: &str, project_root: &str) -> String {
match tool {
"read_file" => read_file(param),
"execute_command" => execute_command(param, project_root),
"write_file" => write_file(param),
"list_files" => list_files(param, project_root),
_ => format!("Unknown tool: {}", tool),
}
}
```
**LLM Integration:**
```rust
// Direct Azure OpenAI client
mod llm {
pub struct AzureOpenAIClient {
endpoint: String,
api_key: String,
deployment: String,
}
impl LLMProvider for AzureOpenAIClient {
async fn generate(&self, prompt: &str, params: &serde_json::Value)
-> Result<String, Box<dyn std::error::Error>>;
}
}
```
---
## Proposed Hybrid Architecture
```
┌─────────────────────────────────────────────────────────────────┐
│ BOTCODER HYBRID MODE │
├─────────────────────────────────────────────────────────────────┤
│ │
│ ┌──────────────────────────────────────────────────────────┐ │
│ │ BOTCODER CLI (main.rs) │ │
│ │ - TUI interface (ratatui) │ │
│ │ - Tool execution │ │
│ │ - Delta parsing │ │
│ │ - Rate limiting │ │
│ └──────────────────────────────────────────────────────────┘ │
│ │ │
│ ▼ │
│ ┌──────────────────────────────────────────────────────────┐ │
│ │ LLM PROVIDER TRAIT (abstraction) │ │
│ └──────────────────────────────────────────────────────────┘ │
│ │ │
│ ┌───────────────┴───────────────┐ │
│ ▼ ▼ │
│ ┌─────────────────────┐ ┌─────────────────────┐ │
│ │ DIRECT LLM │ │ BOTSERVER FACADE │ │
│ │ (BYOK Mode) │ │ (Multi-Agent Mode) │ │
│ │ │ │ │ │
│ │ - Azure OpenAI │ │ - Mantis #1-4 │ │
│ │ - Anthropic │ │ - Mantis #5-12 │ │
│ │ - OpenAI │ │ - Orchestrator │ │
│ │ - Local LLM │ │ - WebSocket │ │
│ └─────────────────────┘ └─────────────────────┘ │
│ │ │ │
│ │ (Optional) │
│ ▼ ▼ │
│ ┌─────────────────────┐ ┌─────────────────────┐ │
│ │ LOCAL EXECUTION │ │ AGENT EXECUTION │ │
│ │ │ │ │ │
│ │ - File operations │ │ - Containerized │ │
│ │ - Command execution │ │ - AgentExecutor │ │
│ │ - Git operations │ │ - Browser automation│ │
│ │ - Docker control │ │ - Test generation │ │
│ └─────────────────────┘ └─────────────────────┘ │
│ │
└─────────────────────────────────────────────────────────────────┘
```
---
## Implementation Plan
### Phase 1: LLM Provider Abstraction (Week 1)
**Goal:** Create trait-based system for multiple LLM backends
**File:** `src/llm/mod.rs`
```rust
use async_trait::async_trait;
/// Unified LLM provider trait
#[async_trait]
pub trait LLMProvider: Send + Sync {
/// Generate completion with streaming support
async fn generate_stream(
&self,
prompt: &str,
params: &GenerationParams,
) -> Result<StreamResponse, LLMError>;
/// Generate completion (non-streaming)
async fn generate(
&self,
prompt: &str,
params: &GenerationParams,
) -> Result<String, LLMError>;
/// Get provider capabilities
fn capabilities(&self) -> ProviderCapabilities;
/// Get provider name
fn name(&self) -> &str;
}
pub struct GenerationParams {
pub temperature: f32,
pub max_tokens: u32,
pub top_p: f32,
pub tools: Vec<ToolDefinition>,
pub system_prompt: Option<String>,
}
pub struct StreamResponse {
pub content_stream: tokio_stream::wrappers::ReceiverStream<String>,
pub tool_calls: Vec<ToolCall>,
pub usage: TokenUsage,
}
pub struct ProviderCapabilities {
pub streaming: bool,
pub tools: bool,
pub max_tokens: u32,
pub supports_vision: bool,
}
```
**Implementations:**
```rust
// src/llm/azure_openai.rs
pub struct AzureOpenAIClient {
endpoint: String,
api_key: String,
deployment: String,
client: reqwest::Client,
}
#[async_trait]
impl LLMProvider for AzureOpenAIClient {
async fn generate(&self, prompt: &str, params: &GenerationParams)
-> Result<String, LLMError> {
// Existing implementation
}
fn capabilities(&self) -> ProviderCapabilities {
ProviderCapabilities {
streaming: true,
tools: true,
max_tokens: 4096,
supports_vision: false,
}
}
fn name(&self) -> &str {
"azure-openai"
}
}
// src/llm/anthropic.rs
pub struct AnthropicClient {
api_key: String,
client: reqwest::Client,
}
#[async_trait]
impl LLMProvider for AnthropicClient {
async fn generate(&self, prompt: &str, params: &GenerationParams)
-> Result<String, LLMError> {
// Anthropic API implementation
}
fn capabilities(&self) -> ProviderCapabilities {
ProviderCapabilities {
streaming: true,
tools: true,
max_tokens: 8192,
supports_vision: true,
}
}
fn name(&self) -> &str {
"anthropic"
}
}
// src/llm/botserver_facade.rs
pub struct BotServerFacade {
base_url: String,
api_key: Option<String>,
client: reqwest::Client,
}
#[async_trait]
impl LLMProvider for BotServerFacade {
async fn generate(&self, prompt: &str, params: &GenerationParams)
-> Result<String, LLMError> {
// Instead of direct LLM call, use botserver's orchestrator
// 1. Classify intent
// 2. Execute multi-agent pipeline
// 3. Return aggregated result
}
fn capabilities(&self) -> ProviderCapabilities {
ProviderCapabilities {
streaming: true, // Via WebSocket
tools: true, // Via AgentExecutor
max_tokens: 128000, // Multi-agent consensus
supports_vision: true, // Via Browser Agent
}
}
fn name(&self) -> &str {
"botserver-mantis-farm"
}
}
```
**Configuration:**
```rust
// src/config.rs
#[derive(Debug, Clone)]
pub struct BotCoderConfig {
pub llm_provider: LLMProviderType,
pub botserver_url: Option<String>,
pub project_path: PathBuf,
pub enable_facade: bool,
pub fallback_to_local: bool,
}
#[derive(Debug, Clone)]
pub enum LLMProviderType {
AzureOpenAI,
Anthropic,
OpenAI,
LocalLLM,
BotServerFacade, // Use Mantis Farm
}
impl BotCoderConfig {
pub fn from_env() -> Result<Self, ConfigError> {
let llm_provider = match env::var("LLM_PROVIDER").as_deref() {
Ok("azure") => LLMProviderType::AzureOpenAI,
Ok("anthropic") => LLMProviderType::Anthropic,
Ok("botserver") => LLMProviderType::BotServerFacade,
_ => LLMProviderType::AzureOpenAI, // Default
};
let botserver_url = env::var("BOTSERVER_URL").ok();
let enable_facade = env::var("ENABLE_BOTSERVER_FACADE")
.unwrap_or_else(|_| "false".to_string()) == "true";
Ok(Self {
llm_provider,
botserver_url,
project_path: env::var("PROJECT_PATH")?.into(),
enable_facade,
fallback_to_local: true,
})
}
}
```
---
### Phase 2: Multi-Agent Facade Integration (Week 2)
**Goal:** Connect to botserver's Mantis Farm when available
**File:** `src/botserver_client.rs`
```rust
use reqwest::Client;
use serde::{Deserialize, Serialize};
pub struct BotServerClient {
base_url: String,
api_key: Option<String>,
client: Client,
}
impl BotServerClient {
pub fn new(base_url: String, api_key: Option<String>) -> Self {
Self {
base_url,
api_key,
client: Client::new(),
}
}
/// Classify intent using botserver's intent classifier
pub async fn classify_intent(&self, text: &str)
-> Result<ClassifiedIntent, BotServerError> {
let url = format!("{}/api/autotask/classify", self.base_url);
let response = self.client
.post(&url)
.json(&serde_json::json!({ "text": text }))
.header("Authorization", self.api_key.as_ref().map(|k| format!("Bearer {}", k)).unwrap_or_default())
.send()
.await?;
if response.status().is_success() {
Ok(response.json().await?)
} else {
Err(BotServerError::ClassificationFailed(response.text().await?))
}
}
/// Execute multi-agent pipeline
pub async fn execute_pipeline(&self, classification: &ClassifiedIntent)
-> Result<OrchestrationResult, BotServerError> {
let url = format!("{}/api/autotask/execute", self.base_url);
let response = self.client
.post(&url)
.json(classification)
.header("Authorization", self.api_key.as_ref().map(|k| format!("Bearer {}", k)).unwrap_or_default())
.send()
.await?;
if response.status().is_success() {
Ok(response.json().await?)
} else {
Err(BotServerError::PipelineFailed(response.text().await?))
}
}
/// Subscribe to WebSocket progress updates
pub async fn subscribe_progress(&self, task_id: &str)
-> Result<tokio_tungstenite::WebSocketStream<tokio_tungstenite::MaybeTlsStream<tokio::net::TcpStream>>, BotServerError> {
let ws_url = format!(
"{}/ws/task-progress/{}",
self.base_url.replace("http", "ws"),
task_id
);
tokio_tungstenite::connect_async(&ws_url).await
.map_err(BotServerError::WebSocketError)
}
/// Use specialized agents directly
pub async fn query_agent(&self, agent_id: u8, query: &str)
-> Result<AgentResponse, BotServerError> {
match agent_id {
5 => self.query_editor_agent(query).await,
6 => self.query_database_agent(query).await,
7 => self.query_git_agent(query).await,
8 => self.query_test_agent(query).await,
9 => self.query_browser_agent(query).await,
10 => self.query_terminal_agent(query).await,
11 => self.query_docs_agent(query).await,
12 => self.query_security_agent(query).await,
_ => Err(BotServerError::InvalidAgent(agent_id)),
}
}
// Specific agent methods
async fn query_editor_agent(&self, query: &str)
-> Result<AgentResponse, BotServerError> {
// POST /api/botcoder/editor/query
let url = format!("{}/api/botcoder/editor/query", self.base_url);
let response = self.client
.post(&url)
.json(&serde_json::json!({ "query": query }))
.send()
.await?;
Ok(response.json().await?)
}
async fn query_database_agent(&self, query: &str)
-> Result<AgentResponse, BotServerError> {
// Query database schema, optimize queries
let url = format!("{}/api/botcoder/database/query", self.base_url);
let response = self.client
.post(&url)
.json(&serde_json::json!({ "query": query }))
.send()
.await?;
Ok(response.json().await?)
}
// ... other agent methods
}
#[derive(Debug, Deserialize)]
pub struct ClassifiedIntent {
pub intent_type: String,
pub entities: IntentEntities,
pub original_text: String,
}
#[derive(Debug, Deserialize)]
pub struct OrchestrationResult {
pub success: bool,
pub task_id: String,
pub stages_completed: u8,
pub app_url: Option<String>,
pub message: String,
pub created_resources: Vec<CreatedResource>,
}
#[derive(Debug, thiserror::Error)]
pub enum BotServerError {
#[error("Classification failed: {0}")]
ClassificationFailed(String),
#[error("Pipeline execution failed: {0}")]
PipelineFailed(String),
#[error("WebSocket error: {0}")]
WebSocketError(#[from] tokio_tungstenite::tungstenite::Error),
#[error("Invalid agent ID: {0}")]
InvalidAgent(u8),
#[error("HTTP error: {0}")]
HttpError(#[from] reqwest::Error),
#[error("JSON error: {0}")]
JsonError(#[from] serde_json::Error),
}
```
---
### Phase 3: Unified Tool Execution (Week 2-3)
**Goal:** Abstract tool execution to work locally or via agents
**File:** `src/tools/mod.rs`
```rust
use async_trait::async_trait;
/// Unified tool execution trait
#[async_trait]
pub trait ToolExecutor: Send + Sync {
async fn execute(&self, tool: &ToolCall, context: &ExecutionContext)
-> Result<ToolResult, ToolError>;
fn supports_tool(&self, tool_name: &str) -> bool;
}
pub struct ToolCall {
pub name: String,
pub parameters: serde_json::Value,
pub agent_id: Option<u8>, // Which agent should execute
}
pub struct ToolResult {
pub output: String,
pub exit_code: i32,
pub metadata: serde_json::Value,
}
pub struct ExecutionContext {
pub project_path: PathBuf,
pub botserver_client: Option<BotServerClient>,
pub use_local_fallback: bool,
}
/// Local tool executor (existing implementation)
pub struct LocalToolExecutor {
project_root: PathBuf,
}
#[async_trait]
impl ToolExecutor for LocalToolExecutor {
async fn execute(&self, tool: &ToolCall, context: &ExecutionContext)
-> Result<ToolResult, ToolError> {
match tool.name.as_str() {
"read_file" => self.read_file(tool.parameters).await,
"write_file" => self.write_file(tool.parameters).await,
"execute_command" => self.execute_command(tool.parameters).await,
"list_files" => self.list_files(tool.parameters).await,
"git_operation" => self.git_operation(tool.parameters).await,
_ => Err(ToolError::UnknownTool(tool.name.clone())),
}
}
fn supports_tool(&self, tool_name: &str) -> bool {
matches!(tool_name,
"read_file" | "write_file" | "execute_command" |
"list_files" | "git_operation"
)
}
}
/// Agent-based tool executor (via botserver)
pub struct AgentToolExecutor {
botserver_client: BotServerClient,
}
#[async_trait]
impl ToolExecutor for AgentToolExecutor {
async fn execute(&self, tool: &ToolCall, context: &ExecutionContext)
-> Result<ToolResult, ToolError> {
// Route to appropriate agent
let agent_id = tool.agent_id.unwrap_or_else(|| {
self.infer_agent_for_tool(&tool.name)
});
match self.botserver_client.query_agent(agent_id, &tool.parameters.to_string()).await {
Ok(response) => Ok(ToolResult {
output: response.output,
exit_code: response.exit_code,
metadata: response.metadata,
}),
Err(e) => {
// Fallback to local if enabled
if context.use_local_fallback {
warn!("Agent execution failed, falling back to local: {}", e);
LocalToolExecutor::new(context.project_path.clone()).execute(tool, context).await?
} else {
Err(ToolError::AgentError(e.to_string()))
}
}
}
}
fn supports_tool(&self, tool_name: &str) -> bool {
matches!(tool_name,
"database_query" | "schema_visualize" | "git_commit" |
"test_generate" | "browser_record" | "docs_generate" |
"security_scan" | "code_refactor" | "optimize_query"
)
}
fn infer_agent_for_tool(&self, tool_name: &str) -> u8 {
match tool_name {
"code_refactor" | "syntax_check" => 5, // Editor Agent
"database_query" | "schema_visualize" | "optimize_query" => 6, // Database Agent
"git_commit" | "git_branch" | "git_merge" => 7, // Git Agent
"test_generate" | "coverage_report" => 8, // Test Agent
"browser_record" | "page_test" => 9, // Browser Agent
"shell_execute" | "docker_build" => 10, // Terminal Agent
"docs_generate" | "api_docs" => 11, // Docs Agent
"security_scan" | "vulnerability_check" => 12, // Security Agent
_ => 2, // Default to Builder Agent
}
}
}
```
---
### Phase 4: Hybrid Execution Loop (Week 3)
**Goal:** Main loop that seamlessly switches between local and agent execution
**File:** `src/main.rs` (modified)
```rust
use llm::LLMProvider;
use tools::{LocalToolExecutor, AgentToolExecutor, ToolExecutor};
struct BotCoder {
config: BotCoderConfig,
llm_provider: Box<dyn LLMProvider>,
local_executor: LocalToolExecutor,
agent_executor: Option<AgentToolExecutor>,
botserver_client: Option<BotServerClient>,
}
impl BotCoder {
pub async fn new(config: BotCoderConfig) -> Result<Self, Box<dyn std::error::Error>> {
// Initialize LLM provider based on config
let llm_provider: Box<dyn LLMProvider> = match config.llm_provider {
LLMProviderType::AzureOpenAI => {
Box::new(llm::AzureOpenAIClient::new()?)
}
LLMProviderType::Anthropic => {
Box::new(llm::AnthropicClient::new()?)
}
LLMProviderType::BotServerFacade => {
// Will use botserver client
Box::new(llm::BotServerFacade::new(
config.botserver_url.clone().unwrap()
)?)
}
_ => Box::new(llm::AzureOpenAIClient::new()?),
};
// Initialize tool executors
let local_executor = LocalToolExecutor::new(config.project_path.clone());
let mut agent_executor = None;
let mut botserver_client = None;
// Try to connect to botserver if enabled
if config.enable_facade {
if let Some(url) = &config.botserver_url {
match BotServerClient::new(url.clone(), None).health_check().await {
Ok(()) => {
println!("✓ Connected to botserver at {}", url);
let client = BotServerClient::new(url.clone(), None);
botserver_client = Some(client.clone());
agent_executor = Some(AgentToolExecutor::new(client));
}
Err(e) => {
warn!("Failed to connect to botserver: {}", e);
if config.fallback_to_local {
println!("⚠ Falling back to local execution");
}
}
}
}
}
Ok(Self {
config,
llm_provider,
local_executor,
agent_executor,
botserver_client,
})
}
pub async fn run(&mut self) -> Result<(), Box<dyn std::error::Error>> {
let mut iteration = 0;
let mut conversation_history: Vec<String> = Vec::new();
loop {
iteration += 1;
println!("=== ITERATION {} ===", iteration);
// Display execution mode
if self.agent_executor.is_some() {
println!("Mode: Multi-Agent (BotServer Facade)");
println!("Agents Available: Mantis #1-12");
} else {
println!("Mode: Local (BYOK)");
}
println!();
// Build context
let context = self.build_context(&conversation_history);
// Generate response (streaming)
let response = match self.llm_provider.generate_stream(&context, &Default::default()).await {
Ok(r) => r,
Err(e) => {
// Try fallback to local if botserver fails
if self.agent_executor.is_some() && self.config.fallback_to_local {
warn!("LLM provider failed, trying fallback: {}", e);
// Switch to local provider
continue;
} else {
return Err(e.into());
}
}
};
// Stream response to TUI
self.display_streaming_response(response).await?;
// Extract tools from response
let tools = self.extract_tools(&full_response);
// Execute tools (local or agent-based)
for tool in tools {
let result = self.execute_tool_hybrid(tool).await?;
conversation_history.push(format!("Tool: {}\nResult: {}", tool.name, result));
}
conversation_history.push(format!("Assistant: {}", full_response));
// Trim history
if conversation_history.len() > 20 {
conversation_history.drain(0..10);
}
}
}
async fn execute_tool_hybrid(&self, tool: ToolCall) -> Result<ToolResult, ToolError> {
let context = ExecutionContext {
project_path: self.config.project_path.clone(),
botserver_client: self.botserver_client.clone(),
use_local_fallback: self.config.fallback_to_local,
};
// Try agent executor first if available
if let Some(agent_executor) = &self.agent_executor {
if agent_executor.supports_tool(&tool.name) {
println!("🤖 Executing via Mantis Agent: {}", tool.name);
return agent_executor.execute(&tool, &context).await;
}
}
// Fall back to local executor
if self.local_executor.supports_tool(&tool.name) {
println!("🔧 Executing locally: {}", tool.name);
return self.local_executor.execute(&tool, &context).await;
}
Err(ToolError::UnknownTool(tool.name))
}
}
```
---
## Usage Examples
### Example 1: Local Mode (BYOK)
```bash
# .env configuration
LLM_PROVIDER=azure
PROJECT_PATH=/home/user/myproject
ENABLE_BOTSERVER_FACADE=false
```
```bash
$ botcoder
=== ITERATION 1 ===
Mode: Local (BYOK)
✓ Azure OpenAI connected
> Add authentication to this Rust project
[AI Reasoning...]
I'll add JWT authentication using the `jsonwebtoken` crate.
CHANGE: Cargo.toml
<<<<<<< CURRENT
[dependencies]
tokio = "1.0"
=======
[dependencies]
tokio = "1.0"
jsonwebtoken = "9.0"
=======
[EXECUTE] Tool 1/3: write_file -> Cargo.toml
✓ File updated
```
### Example 2: Multi-Agent Mode (BotServer Facade)
```bash
# .env configuration
LLM_PROVIDER=botserver
BOTSERVER_URL=http://localhost:8080
PROJECT_PATH=/home/user/myproject
ENABLE_BOTSERVER_FACADE=true
FALLBACK_TO_LOCAL=true
```
```bash
$ botcoder
=== ITERATION 1 ===
✓ Connected to botserver at http://localhost:8080
Mode: Multi-Agent (BotServer Facade)
Agents Available: Mantis #1-12
> Create a CRM system with contacts and deals
[CLASSIFY] Intent: APP_CREATE
[PLAN] Mantis #1 breaking down request...
✓ 12 sub-tasks identified
✓ Estimated: 45 files, 98k tokens, 2.5 hours
[BUILD] Mantis #2 generating code...
✓ contacts table schema created
✓ deals table schema created
✓ Contact Manager page generated
✓ Deal Pipeline page generated
[REVIEW] Mantis #3 validating code...
✓ HTMX patterns verified
✓ Security checks passed
✓ 0 vulnerabilities found
[OPTIMIZE] Mantis #5 refactoring...
✓ Extracted duplicate code to utils.rs
✓ Added error handling wrappers
[TEST] Mantis #8 generating tests...
✓ 87% code coverage achieved
✓ E2E tests created (chromiumoxide)
[SECURITY] Mantis #12 scanning...
✓ 0 critical vulnerabilities
✓ All dependencies up to date
[DEPLOY] Mantis #4 deploying...
Target: Internal GB Platform
✓ App deployed to /apps/my-crm/
✓ Verify at http://localhost:8080/apps/my-crm/
[DOCUMENT] Mantis #11 generating docs...
✓ README.md created
✓ API documentation generated
✓ Pipeline complete in 1m 47s
```
### Example 3: Hybrid Mode (Automatic Fallback)
```bash
$ botcoder
=== ITERATION 1 ===
Mode: Multi-Agent (BotServer Facade)
✓ Connected to botserver
> Refactor this function for better performance
[EDITOR] Mantis #5 analyzing code...
⚠ BotServer connection lost
[FALLBACK] Switching to local mode...
[LOCAL] Analyzing with Azure OpenAI...
✓ Refactoring complete
```
---
## Benefits of Hybrid Architecture
### For Users (BYOK)
- ✅ **Privacy** - Code never leaves local machine
- ✅ **Speed** - Direct LLM access, no intermediate hops
- ✅ **Cost Control** - Use your own API keys
- ✅ **Offline Capable** - Works with local LLMs (llama.cpp, Ollama)
### For Users (BotServer Facade)
- ✅ **Multi-Agent Consensus** - 12 specialized agents collaborate
- ✅ **Advanced Capabilities** - Browser automation, security scanning, test generation
- ✅ **Visual Debugging** - Watch agent reasoning in Vibe Builder UI
- ✅ **Enterprise Features** - Team sharing, approval workflows, audit trails
### Seamless Switching
- ✅ **Automatic Fallback** - If botserver unavailable, use local
- ✅ **Tool Routing** - Use agent for complex tasks, local for simple ones
- ✅ **Cost Optimization** - Reserve expensive agents for hard problems
- ✅ **Progressive Enhancement** - Start local, upgrade to multi-agent as needed
---
## Configuration Matrix
| Scenario | LLM Provider | Tools | When to Use |
|----------|--------------|-------|-------------|
| **Local Development** | Azure/Anthropic (Direct) | Local file ops | Privacy-critical code |
| **Enterprise Project** | BotServer Facade | Agent-based | Complex refactoring |
| **Open Source** | Local LLM (Ollama) | Local | No API budget |
| **Learning** | BotServer Facade | Agent-based | Study agent reasoning |
| **CI/CD** | BotServer Facade | Agent-based | Automated testing |
| **Quick Fix** | Azure/Anthropic (Direct) | Local | Fast iteration |
| **Security Audit** | BotServer Facade | Mantis #12 | Comprehensive scan |
---
## Implementation Roadmap
### Week 1: Foundation
- [x] Extract existing LLM client to trait
- [ ] Implement Azure OpenAI provider
- [ ] Implement Anthropic provider
- [ ] Add BotServerFacade provider (stub)
### Week 2: BotServer Integration
- [ ] Implement BotServerClient
- [ ] Add WebSocket progress streaming
- [ ] Implement agent query methods
- [ ] Add health check & fallback logic
### Week 3: Tool Execution
- [ ] Refactor existing tools to trait
- [ ] Implement LocalToolExecutor
- [ ] Implement AgentToolExecutor
- [ ] Add tool routing logic
### Week 4: Hybrid Loop
- [ ] Modify main loop for provider switching
- [ ] Add streaming TUI updates
- [ ] Implement automatic fallback
- [ ] Add mode indicator to UI
### Week 5: Testing & Docs
- [ ] Test all three modes (local, agent, hybrid)
- [ ] Add configuration examples
- [ ] Write migration guide
- [ ] Update README
---
## Conclusion
The **hybrid BotCoder** gives users the best of both worlds:
1. **CLI First** - Fast, local, privacy-focused development
2. **Multi-Agent Power** - On-demand access to 12 specialized agents
3. **Seamless Switching** - Automatic fallback between modes
4. **Progressive Enhancement** - Start simple, scale when needed
**Result:** A coding agent that works offline for quick fixes but can call in a full multi-agent orchestra when facing complex challenges.
**Estimated Effort:** 5 weeks (1 developer)
**Lines of Code:** ~2000 new lines (modular, trait-based)
The BotCoder CLI becomes the **control plane** for the Mantis Farm, offering both direct terminal access and a gateway to the full multi-agent OS when needed.

113
prompts/PENDING.md
View file

@ -1,113 +0,0 @@
# Pending Tasks - General Bots Platform
> **Last Updated:** 2025-02-28
> **Purpose:** Track actionable tasks and improvements for the GB platform
---
## 🔐 Authentication & Identity (Zitadel)
- [ ] **Fix Zitadel setup issues**
- Check v4 configuration
- Update `zit.md` documentation
- Test login at `http://localhost:3000/login`
- Run `reset.sh` to verify clean setup
---
## 📚 Documentation Consolidation
- [ ] **Aggregate all PROMPT.md files into AGENTS.md**
- Search git history for all PROMPT.md files
- Consolidate into root AGENTS.md
- Remove duplicate/ghost lines
- Keep only AGENTS.md at project root
- [ ] **Update all README.md files**
- Add requirement: Only commit when warnings AND errors are 0
- Add requirement: Run `cargo check` after editing multiple `.rs` files
- Include Qdrant collection access instructions
- Document Vault usage for retrieving secrets
---
## 🔒 Security & Configuration (Vault)
- [ ] **Review all service configurations**
- Ensure Gmail and other service configs go to Vault
- Store per `botid + setting` or `userid` for individual settings
- [ ] **Remove all environment variables**
- Keep ONLY Vault-related env vars
- Migrate all other configs to Vault
- [ ] **Database password management**
- Generate custom passwords for all databases
- Store in Vault
- Update README with Vault retrieval instructions
---
## 🎯 Code Quality & Standards
- [ ] **Clean gbai directory**
- Remove all `.ast` files (work artifacts)
- Remove all `.json` files (work artifacts)
- Add `.gitignore` rules to prevent future commits
- [ ] **Fix logging prefixes**
- Remove duplicate prefixes in `.rs` files
- Example: Change `auth: [AUTH]` to `auth:`
- Ensure botname and GUID appear in all bot logs
- [ ] **Review bot logs format**
- Always include `botname` and `guid`
- Example: `drive_monitor:Error during sync for bot MyBot (a818fb29-9991-4e24-bdee-ed4da2c51f6d): dispatch failure`
---
## 🗄️ Database Management
- [ ] **Qdrant collection management**
- Add collection viewing instructions to README
- Document collection access methods
- Add debugging examples
- [ ] **BASIC table migration**
- Implement table migration in BASIC language
- Document migration process
---
## 🧹 Cleanup Tasks
- [ ] **Remove outdated documentation snippets**
- Remove: "Tools with C++ support, then:# Install PostgreSQL (for libpq)choco install postgresql"
---
## 📝 Notes
---
## 🚀 Priority Order
1. **High Priority:** Security & Configuration (Vault integration)
2. **High Priority:** Authentication & Identity (Zitadel setup)
3. **Medium Priority:** Code Quality & Standards
4. **Medium Priority:** Documentation Consolidation
5. **Low Priority:** Cleanup Tasks
---
## 📋 Task Template
When adding new tasks, use this format:
```markdown
- [ ] **Task Title**
- Detail 1
- Detail 2
- Related file: `path/to/file.ext`
```

156
prompts/SECURITY_CHECKLIST.md
View file

@ -1,156 +0,0 @@
# General Bots Security Checklist
## Critical (P1) - Must Fix Immediately
### Authentication & Authorization
- [ ] **SecurityManager Integration** - Initialize in bootstrap
- [ ] **CSRF Protection** - Enable for all state-changing endpoints
- [ ] **Error Handling** - Replace all `unwrap()`/`expect()` calls
- [ ] **Security Headers** - Apply to all HTTP routes
### Data Protection
- [ ] **TLS/MTLS** - Ensure certificates are generated and validated
- [ ] **SafeCommand Usage** - Replace all `Command::new()` calls
- [ ] **Error Sanitization** - Use `ErrorSanitizer` for all HTTP errors
## High Priority (P2) - Fix Within 2 Weeks
### Authentication
- [ ] **Passkey Support** - Complete WebAuthn implementation
- [ ] **MFA Enhancement** - Add backup codes and recovery flows
- [ ] **API Key Management** - Implement rotation and expiration
### Monitoring & Detection
- [ ] **Security Monitoring** - Integrate `SecurityMonitor` with app events
- [ ] **DLP Policies** - Configure default policies for PII/PCI/PHI
- [ ] **Rate Limiting** - Apply consistent limits across all endpoints
## Medium Priority (P3) - Fix Within 1 Month
### Infrastructure
- [ ] **Certificate Management** - Add expiration monitoring and auto-renewal
- [ ] **Audit Logging** - Ensure comprehensive coverage
- [ ] **Security Testing** - Create dedicated test suite
### Compliance
- [ ] **Security Documentation** - Update policies and procedures
- [ ] **Compliance Mapping** - Map controls to SOC2/GDPR/ISO27001
- [ ] **Evidence Collection** - Implement automated evidence gathering
## Quick Wins (Can be done today)
### Code Quality
- [ ] Run `cargo clippy --workspace` and fix all warnings
- [ ] Use `cargo audit` to check for vulnerable dependencies
- [ ] Replace 10 `unwrap()` calls with proper error handling
### Configuration
- [ ] Check `.env` files for hardcoded secrets (move to `/tmp/`)
- [ ] Verify `botserver-stack/conf/` permissions
- [ ] Review `Cargo.toml` for unnecessary dependencies
### Testing
- [ ] Test authentication flows with invalid credentials
- [ ] Verify CSRF tokens are required for POST/PUT/DELETE
- [ ] Check security headers on main endpoints
## Daily Security Tasks
### Morning Check
- [ ] Review `botserver.log` for security events
- [ ] Check `cargo audit` for new vulnerabilities
- [ ] Monitor failed login attempts
- [ ] Verify certificate expiration dates
### Ongoing Monitoring
- [ ] Watch for unusual access patterns
- [ ] Monitor DLP policy violations
- [ ] Track security metric trends
- [ ] Review audit logs for anomalies
### Weekly Tasks
- [ ] Run full security scan with protection tools
- [ ] Review and rotate any expiring credentials
- [ ] Update security dependencies
- [ ] Backup security configurations
## Emergency Response
### If you suspect a breach:
1. **Isolate** - Disconnect affected systems
2. **Preserve** - Don't delete logs or evidence
3. **Document** - Record all actions and observations
4. **Escalate** - Contact security team immediately
5. **Contain** - Implement temporary security measures
6. **Investigate** - Determine scope and impact
7. **Remediate** - Fix vulnerabilities and restore services
8. **Learn** - Update procedures to prevent recurrence
## Security Tools Commands
### Dependency Scanning
```bash
cargo audit
cargo deny check
cargo geiger
```
### Code Analysis
```bash
cargo clippy --workspace -- -D warnings
cargo fmt --check
```
### Security Testing
```bash
# Run security tests
cargo test -p bottest --test security
# Check for unsafe code
cargo geiger --forbid
# Audit dependencies
cargo audit --deny warnings
```
### Protection Tools
```bash
# Security scanning
curl -X POST http://localhost:9000/api/security/protection/scan
# Get security report
curl http://localhost:9000/api/security/protection/report
# Check tool status
curl http://localhost:9000/api/security/protection/status
```
## Common Security Issues to Watch For
### 1. Hardcoded Secrets
**Bad:** `password = "secret123"` in code
**Good:** `password = env::var("DB_PASSWORD")?` from `/tmp/`
### 2. Unsafe Command Execution
**Bad:** `Command::new("rm").arg("-rf").arg(user_input)`
**Good:** `SafeCommand::new("rm")?.arg("-rf")?.arg(sanitized_input)?`
### 3. Missing Input Validation
**Bad:** `format!("SELECT * FROM {}", user_table)`
**Good:** `validate_table_name(&user_table)?; format!("SELECT * FROM {}", safe_table)`
### 4. Information Disclosure
**Bad:** `Json(json!({ "error": e.to_string() }))`
**Good:** `let sanitized = log_and_sanitize(&e, "context", None); (StatusCode::INTERNAL_SERVER_ERROR, sanitized)`
## Security Contact Information
**Primary Contact:** security@pragmatismo.com.br
**Backup Contact:** Check `security.txt` at `/.well-known/security.txt`
**Emergency Response:** Follow procedures in `botbook/src/12-auth/security-policy.md`
---
*Last Updated: 2026-02-22*
*Review Frequency: Weekly*
*Next Review: 2026-03-01*

30
prompts/SECURITY_REVIEW.md
View file

@ -1,30 +0,0 @@
# Security Review Task List
## 1. Unsafe Unwraps in Production (Violates AGENTS.md Error Handling Rules)
The `AGENTS.md` explicitly forbids the use of `.unwrap()`, `.expect()`, `panic!()`, `todo!()`, and `unimplemented!()` in production code. A search of the codebase revealed several instances of `unwrap()` being used in non-test contexts.
**Vulnerable Locations:**
- `botserver/src/drive/drive_handlers.rs:269` - Contains a `.unwrap()` call during `Response::builder()` generation, which could panic in production.
- `botserver/src/basic/compiler/mod.rs` - Contains `unwrap()` usages outside test boundaries.
- `botserver/src/llm/llm_models/deepseek_r3.rs` - Contains `unwrap()` usages outside test boundaries.
- `botserver/src/botmodels/opencv.rs` - Test scopes use `unwrap()`, but please audit carefully for any leaks to production scope.
**Action:**
- Replace all `.unwrap()` occurrences with safe alternatives (`?`, `unwrap_or_default()`, or pattern matching with early returns) and use `ErrorSanitizer` to avoid panics.
## 2. Dependency Vulnerabilities (Found by cargo audit)
Running `cargo audit` uncovered a reported vulnerability inside the dependency tree.
**Vulnerable Component:**
- **Crate:** `glib`
- **Version:** `0.18.5`
- **Advisory ID:** `RUSTSEC-2024-0429`
- **Title:** Unsoundness in `Iterator` and `DoubleEndedIterator` impls for `glib::VariantStrIter`
- **Dependency Tree context:** It's pulled through `botdevice` and `botapp` via Tauri plugins and GTK dependencies.
**Action:**
- Review dependencies and upgrade the GTK/Glib ecosystem dependencies if patches are available, or evaluate the exact usage to assess the direct risk given the desktop GUI context.
## 3. General Posture Alignment
- Ensure all new state-changing endpoints are correctly shielded by the custom CSRF store (`redis_csrf_store.rs`). Verification is recommended as standard `tower-csrf` is absent from `Cargo.toml`.
- Confirm security headers (`Content-Security-Policy` via `headers.rs`) are indeed attached universally in `botserver` and not selectively omitted in new modules.

877
prompts/UNIFIED_PLAN.md
View file

@ -1,877 +0,0 @@
# Unified Implementation Plan: VibeCode Platform
## Executive Summary
This document **unifies** two separate task lists into a cohesive roadmap:
- **task.md**: Security & stability fixes (immediate priority)
- **TASK.md**: Feature implementation roadmap (development pipeline)
**Current Status:**
- 🎯 Backend: **80% complete** - LLM-powered app generation, multi-agent orchestration, browser automation ready
- 🎨 Frontend: **40% complete** - Vibe UI exists, missing professional tools (Monaco, Database UI, Git, Browser)
- 🔐 Security: **Needs attention** - Unsafe unwraps, dependency vulnerabilities (see Security Priorities below)
---
## Part I: Security & Stability (FROM task.md) - IMMEDIATE PRIORITY ⚠️
### 1. Unsafe Unwraps in Production (Violates AGENTS.md Error Handling)
**Issue:** The codebase uses `.unwrap()`, `.expect()`, `panic!()` in production code, which is explicitly forbidden by AGENTS.md.
**Vulnerable Locations:**
```
botserver/src/drive/drive_handlers.rs:269 - Response::builder() unwrap
botserver/src/basic/compiler/mod.rs - Multiple unwrap() calls
botserver/src/llm/llm_models/deepseek_r3.rs - unwrap() outside tests
botserver/src/botmodels/opencv.rs - Test scope unwrap() leaks
```
**Action Items:**
- [ ] Replace ALL `.unwrap()` with safe alternatives:
- Use `?` operator with proper error propagation
- Use `unwrap_or_default()` for defaults
- Use pattern matching with early returns
- Apply `ErrorSanitizer` to avoid panics
- [ ] Run `cargo clippy -- -W clippy::unwrap_used -W clippy::expect_used`
- [ ] Add unit tests verifying error paths work correctly
**Estimated Effort:** 4-6 hours
---
### 2. Dependency Vulnerabilities (Found by `cargo audit`)
**Vulnerable Component:**
- **Crate:** `glib 0.18.5`
- **Advisory:** `RUSTSEC-2024-0429`
- **Issue:** Unsoundness in `Iterator` and `DoubleEndedIterator` impls for `glib::VariantStrIter`
- **Context:** Pulled through `botdevice` and `botapp` via Tauri plugins/GTK dependencies
**Action Items:**
- [ ] Review exact usage of glib in the codebase
- [ ] Check if patches are available in newer versions
- [ ] Evaluate risk given desktop GUI context
- [ ] If critical: upgrade GTK/Glib ecosystem dependencies
- [ ] If acceptable: document risk assessment and add to security review checklist
**Estimated Effort:** 2-4 hours
---
### 3. General Security Posture Alignment
**CSRF Protection:**
- ✅ Custom CSRF store exists: `redis_csrf_store.rs`
- ⚠️ Verify: ALL state-changing endpoints use it (standard `tower-csrf` is absent from Cargo.toml)
**Security Headers:**
- ✅ `headers.rs` provides CSP, HSTS, X-Frame-Options
- ⚠️ Verify: Headers are attached UNIVERSALLY in botserver, not selectively omitted
**Action Items:**
- [ ] Audit all POST/PUT/DELETE endpoints for CSRF token validation
- [ ] Create middleware test to ensure security headers on all responses
- [ ] Document security checklist for new endpoints
**Estimated Effort:** 3-4 hours
---
## Part II: Feature Implementation Roadmap (FROM TASK.md) - DEVELOPMENT PIPELINE
### Architecture Overview
```
┌──────────────────────────────────────────────────────────────┐
│ USER REQUEST │
│ "I want a full CRM system" │
└────────────────────────┬─────────────────────────────────────┘
┌──────────────────────────────────────────────────────────────┐
│ VIBE BUILDER UI │
│ ┌──────────────────┐ ┌──────────────────┐ │
│ │ Agent Sidebar │ │ Canvas Area │ │
│ │ (Mantis #1-4) │ │ - Task Nodes │ │
│ │ - Status cards │ │ - Preview │ │
│ │ - Workspaces │ │ - Chat Overlay │ │
│ └──────────────────┘ └──────────────────┘ │
│ │
│ NEW TOOLS TO ADD: │
│ 🔌 MCP Sources Panel ← botserver/src/sources/ui.rs │
│ 📝 Monaco Editor ← Phase 1 (Critical) │
│ 🗄️ Database Visualizer ← Phase 2 (Critical) │
│ 🐙 Git Operations ← Phase 3 (High) │
│ 🌐 Browser Automation ← Phase 4 (High) │
│ 📂 Multi-File Workspace ← Phase 5 (Medium) │
│ 🖥️ Enhanced Terminal ← Phase 6 (Medium) │
└────────────────────────┬─────────────────────────────────────┘
┌──────────────────────────────────────────────────────────────┐
│ BOTSERVER (Rust Backend) │
│ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │
│ │ Orchestrator │ │ AppGenerator │ │ Designer AI │ │
│ │ (5 agents) │ │(LLM-driven) │ │(modifications)│ │
│ └──────────────┘ └──────────────┘ └──────────────┘ │
│ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │
│ │ Browser │ │ Git │ │ Terminal │ │
│ │ Automation │ │ Operations │ │ Service │ │
│ │(chromiumoxide)│ │(git2) │ │(xterm.js) │ │
│ └──────────────┘ └──────────────┘ └──────────────┘ │
│ ┌──────────────────────────────────────────────────┐ │
│ │ MCP & Sources Integration ← ALREADY IMPLEMENTED │ │
│ │ - botserver/src/sources/mcp.rs │ │
│ │ - botserver/src/sources/ui.rs │ │
│ │ - /api/ui/sources/* endpoints │ │
│ └──────────────────────────────────────────────────┘ │
└────────────────────────┬─────────────────────────────────────┘
┌──────────────────────────────────────────────────────────────┐
│ GENERATED OUTPUT │
│ - PostgreSQL tables │
│ - HTML pages with HTMX │
│ - CSS styling │
│ - JavaScript │
│ - BASIC tools/schedulers │
│ - E2E tests (Playwright) │
└──────────────────────────────────────────────────────────────┘
```
---
## Part III: MCP & Sources Integration - EXISTING INFRASTRUCTURE ✅
### What Already Exists
**Backend Implementation (botserver/src/sources/):**
```
sources/
├── mod.rs # Module exports
├── mcp.rs # MCP client, connection, server types
├── ui.rs # HTML pages for /suite/sources/*
├── knowledge_base.rs # Knowledge base upload/query
└── sources_api # API endpoints
```
**API Endpoints (defined in botserver/src/core/urls.rs):**
```
/sources/*:
/suite/sources - Main sources list page
/suite/sources/mcp/add - Add MCP server form
/suite/sources/mcp/catalog - MCP server catalog
/api/ui/sources/*:
/api/ui/sources/mcp - List MCP servers
/api/ui/sources/mcp/:name - Get server details
/api/ui/sources/mcp/:name/enable - Enable server
/api/ui/sources/mcp/:name/disable - Disable server
/api/ui/sources/mcp/:name/tools - List server tools
/api/ui/sources/mcp/:name/test - Test server connection
/api/ui/sources/mcp/scan - Scan for MCP servers
/api/ui/sources/mcp-servers - Get server catalog
/api/ui/sources/kb/upload - Upload to knowledge base
/api/ui/sources/kb/list - List knowledge base docs
/api/ui/sources/kb/query - Query knowledge base
/api/ui/sources/repositories - List repositories
/api/ui/sources/apps - List connected apps
```
**Vibe UI Integration (botui/ui/suite/):**
```
botui/ui/suite/
├── partials/
│ └── vibe.html # Main Vibe Builder UI
│ # - Agent sidebar (Mantis #1-4)
│ # - Canvas area with task nodes
│ # - Chat overlay
│ # - Preview panel
├── vibe/
│ └── agents-sidebar.css # Styles for agent sidebar
├── js/
│ └── chat-agent-mode.js # Agent-mode JavaScript
└── css/
└── chat-agent-mode.css # Agent-mode styles
```
### Integration Task: Add MCP Panel to Vibe UI
**Goal:** Add a "Sources" panel to Vibe that shows connected MCP servers and allows management.
**Action Items:**
1. **Create MCP Panel Component:**
- File: `botui/ui/suite/partials/vibe-mcp-panel.html`
- Features:
- List connected MCP servers
- Show server status (active/inactive)
- Display available tools per server
- Quick enable/disable toggles
- "Add Server" button (opens `/suite/sources/mcp/add`)
2. **Add JavaScript:**
- File: `botui/ui/suite/js/vibe-mcp.js`
- Fetch servers from `/api/ui/sources/mcp`
- Handle enable/disable actions
- Update server status in real-time
- Display tool risk levels
3. **Add Styles:**
- File: `botui/ui/suite/vibe/mcp-panel.css`
- Match existing agents-sidebar.css aesthetic
- Server cards with status indicators
- Tool badges with risk levels
4. **Integrate into Vibe:**
- Add "Sources" tab to Vibe sidebar
- Load MCP panel when tab clicked
- Show server count badge
**Estimated Effort:** 6-8 hours
---
## Part IV: Implementation Phases (UPDATED WITH MCP INTEGRATION)
### Phase 0: Security & Stability ⚠️ - IMMEDIATE (Week 0)
**Priority: CRITICAL - Must complete before any feature work**
**Tasks:**
1. [ ] Fix all unsafe `unwrap()` calls
2. [ ] Address dependency vulnerabilities
3. [ ] Verify CSRF & security headers coverage
**Estimated Effort:** 9-14 hours
**Success Criteria:**
- ✅ Zero `unwrap()` in production code
- ✅ `cargo audit` passes cleanly
- ✅ All state-changing endpoints use CSRF tokens
- ✅ All responses include security headers
---
### Phase 0.5: MCP Integration in Vibe (Week 0.5)
**Priority: HIGH - Leverage existing infrastructure**
**Tasks:**
1. [ ] Create MCP panel component
2. [ ] Add JavaScript for server management
3. [ ] Style panel to match Vibe aesthetic
4. [ ] Integrate into Vibe sidebar
**Estimated Effort:** 6-8 hours
**Success Criteria:**
- ✅ MCP servers visible in Vibe UI
- ✅ Can enable/disable servers
- ✅ Can see available tools
- ✅ Can add new servers
---
### Phase 1: Code Editor Integration (P0 - Critical)
**Goal:** Replace textarea with professional code editor
**Tasks:**
1. **Download Monaco Editor**
```bash
cd botui
npm install monaco-editor@0.45.0
cp -r node_modules/monaco-editor min/vs ui/suite/js/vendor/
```
2. **Create Editor Component**
- `botui/ui/suite/partials/editor.html`
- Monaco container with tab bar
- File tree sidebar
- Save/Publish buttons
3. **Editor JavaScript**
- `botui/ui/suite/js/editor.js`
- Monaco initialization
- Language detection (.html, .css, .js, .bas, .json)
- Tab management (open, close, switch)
- Auto-save with WebSocket sync
4. **API Endpoints**
- `botserver/src/api/editor.rs`
- GET `/api/editor/file/{path}` - Read file
- POST `/api/editor/file/{path}` - Save file
- GET `/api/editor/files` - List files
5. **Integration**
- Update `chat-agent-mode.html` - replace textarea with Monaco
- Update `vibe.html` - add editor panel
- Add keyboard shortcuts (Ctrl+S, Ctrl+P, Ctrl+Shift+F)
**Success Criteria:**
- Monaco loads in < 2 seconds
- Syntax highlighting for 5+ languages
- Multi-file tabs work
- Auto-save completes successfully
**Estimated Effort:** 8-12 hours
---
### Phase 2: Database UI & Schema Visualization (P0 - Critical)
**Goal:** Visual database management and query builder
**Tasks:**
1. **Schema Visualizer Component**
- `botui/ui/suite/partials/database.html`
- Canvas-based ER diagram
- Table cards with fields
- Relationship lines (foreign keys)
- Zoom/pan controls
2. **Database JavaScript**
- `botui/ui/suite/js/database.js`
- Fetch schema: `/api/database/schema`
- Render tables using Canvas API
- Click table → show field details
- Drag to rearrange
3. **Query Builder UI**
- Visual SELECT builder
- Table selection dropdown
- Join interface
- Filter conditions
- SQL preview pane
4. **Data Grid**
- Sortable columns
- Inline editing
- Pagination
- Export (CSV/JSON)
5. **Backend API**
- `botserver/src/api/database.rs`
- GET `/api/database/schema` - Tables, fields, relationships
- GET `/api/database/table/{name}/data` - Paginated data
- POST `/api/database/query` - Execute SQL
- POST `/api/database/table/{name}/row` - Insert/update
- DELETE `/api/database/table/{name}/row/{id}` - Delete
**Success Criteria:**
- ER diagram shows all tables
- Query builder generates valid SQL
- Data grid supports inline edits
- Export works correctly
**Estimated Effort:** 16-20 hours
---
### Phase 3: Git Operations UI (P1 - High Priority)
**Goal:** Version control interface in Vibe
**Tasks:**
1. **Git Status Panel**
- `botui/ui/suite/partials/git-status.html`
- File list with status icons
- Stage/unstage checkboxes
- "Commit" button
2. **Diff Viewer**
- `botui/ui/suite/partials/git-diff.html`
- Side-by-side comparison
- Line highlighting (green/red)
- Syntax highlighting
3. **Commit Interface**
- Message input
- "Commit & Push" button
- Progress indicator
4. **Branch Manager**
- Branch dropdown
- "New Branch" dialog
- Switch/delete actions
5. **Commit Timeline**
- Vertical timeline
- Author, date, message
- Click → view diff
6. **Backend API**
- `botserver/src/api/git.rs`
- GET `/api/git/status` - Git status
- GET `/api/git/diff/{file}` - File diff
- POST `/api/git/commit` - Create commit
- POST `/api/git/push` - Push to remote
- GET `/api/git/branches` - List branches
- POST `/api/git/branch/{name}` - Create/switch
- GET `/api/git/log` - Commit history
**Success Criteria:**
- Git status displays correctly
- Diff viewer shows side-by-side
- Commit workflow works end-to-end
- Branch switching succeeds
**Estimated Effort:** 12-16 hours
---
### Phase 4: Browser Automation Engine (P1 - High Priority)
**Goal:** Pure Rust browser automation for testing & recording
**Why Rust + Chromiumoxide:**
- ✅ Already in workspace: `chromiumoxide = "0.7"`
- ✅ No Node.js dependency
- ✅ Feature flag exists: `browser` in botserver/Cargo.toml
- ✅ Reference implementation: bottest/src/web/browser.rs (1000+ lines)
**Tasks:**
1. **Core Browser Module**
- `botserver/src/browser/mod.rs`
- `BrowserSession` - Manage browser instance
- `BrowserManager` - Session lifecycle
- Methods: `navigate()`, `click()`, `fill()`, `screenshot()`, `execute()`
2. **Action Recorder**
- `botserver/src/browser/recorder.rs`
- `RecordedAction` - Navigate, Click, Fill, Wait, Assert
- `ActionRecorder` - Record/stop/export
- Export as Playwright test
3. **Test Validator**
- `botserver/src/browser/validator.rs`
- Check for flaky selectors
- Validate wait conditions
- Suggest improvements via Designer AI
4. **Browser API**
- `botserver/src/browser/api.rs`
- POST `/api/browser/session` - Create session
- POST `/api/browser/session/:id/execute` - Run action
- GET `/api/browser/session/:id/screenshot` - Capture
- POST `/api/browser/session/:id/record/start` - Start recording
- POST `/api/browser/session/:id/record/stop` - Stop & get actions
- GET `/api/browser/session/:id/record/export` - Export test
5. **Vibe UI - Browser Panel**
- `botui/ui/suite/partials/browser-controls.html`
- URL bar with navigation buttons
- Record/Stop/Export buttons
- Actions timeline
- Browser preview iframe
- Screenshot gallery
- `botui/ui/suite/js/browser.js`
- Session management
- Action recording
- Test export
- `botui/ui/suite/css/browser.css`
- Browser panel styling
- Recording indicator animation
- Actions timeline
- Screenshot gallery grid
6. **Integration with Vibe**
- Add "Browser Automation" button to Vibe toolbar
- Load browser-controls.html in panel
- Element picker for selector capture
- Screenshot capture & gallery
**Success Criteria:**
- Can navigate to any URL
- Element picker captures selectors
- Recording generates valid Playwright tests
- Screenshots capture correctly
**Estimated Effort:** 20-24 hours
---
### Phase 5: Multi-File Editing Workspace (P2 - Medium Priority)
**Goal:** Professional multi-file editing
**Tasks:**
1. **Tab Management**
- File tabs with close buttons
- Active tab highlighting
- Tab overflow scrolling
- Drag to reorder
2. **Split-Pane Layout**
- Split horizontal/vertical buttons
- Resize handles
- 2x2 grid max
3. **File Comparison**
- Side-by-side diff
- Line-by-line navigation
- Copy changes (L→R)
4. **File Tree Sidebar**
- Nested folders
- File type icons
- Expand/collapse
- Double-click to open
5. **Quick Open**
- Ctrl+P → Search files
- Fuzzy matching
- Arrow navigation
6. **Project Search**
- Ctrl+Shift+F → Search all files
- Results with line numbers
- Click to open file
**Success Criteria:**
- 10+ files open in tabs
- Split view works (2-4 panes)
- File comparison displays diffs
- Quick open searches files
**Estimated Effort:** 12-16 hours
---
### Phase 6: Enhanced Terminal (P2 - Medium Priority)
**Goal:** Interactive shell in Vibe
**Tasks:**
1. **Terminal Container**
- xterm.js integration (already vendor file)
- Multiple terminal tabs
- Fit addon for auto-resize
2. **WebSocket Terminal**
- Bi-directional WebSocket: `/ws/terminal/{session_id}`
- Protocol: `{"type": "input", "data": "command\n"}`
- Handle ANSI escape codes
3. **Command History**
- Up/Down arrows
- Ctrl+R search
- Persist in localStorage
4. **Command Completion**
- Tab completion
- File path completion
- Command flags
5. **Backend Terminal Server**
- Spawn PTY per session
- WebSocket handler
- Clean up on disconnect
6. **File Transfer**
- Drag file to upload
- `upload` / `download` commands
- Progress bars
**Success Criteria:**
- Can type commands & see output
- Arrow keys navigate history
- Can run vim, top, etc.
- Multiple terminals work
**Estimated Effort:** 10-14 hours
---
### Phase 7: Advanced CRM Templates (P2 - Medium Priority)
**Goal:** Pre-built CRM accelerators
**Tasks:**
1. **Template System**
- `botserver/src/templates/crm/`
- Template JSON definitions
- Prompt templates
- Field libraries
2. **CRM Templates**
- **Sales CRM**
- Tables: contacts, leads, opportunities, accounts, activities
- Pages: dashboard, pipeline, contacts list
- Tools: lead_scoring, email_automation
- Schedulers: daily_summary, weekly_review
- **Real Estate CRM**
- Tables: properties, clients, showings, offers
- Pages: property gallery, client portal
- Tools: mls_sync, showing_scheduler
- Schedulers: showing_reminders, market_update
- **Healthcare CRM**
- Tables: patients, appointments, treatments, insurance
- Pages: patient portal, appointment scheduler
- Tools: insurance_verification, appointment_reminders
- Schedulers: daily_appointments, insurance_alerts
3. **Template Gallery UI**
- `botui/ui/suite/partials/template-gallery.html`
- Template cards with descriptions
- Preview screenshots
- "Use Template" button
4. **Template Generator**
- Load template JSON
- Customize with user details
- Generate all files
- Deploy to /apps/{name}
**Success Criteria:**
- Can select template from gallery
- Template generates full CRM
- Customization works
- Generated CRM is functional
**Estimated Effort:** 20-24 hours
---
## Part V: Technical Implementation Notes
### Code Quality Standards (per AGENTS.md)
**MUST Follow:**
1. ✅ **Error Handling** - NO panics, use `?` operator
2. ✅ **Safe Commands** - Use `SafeCommand` wrapper
3. ✅ **Error Sanitization** - Use `ErrorSanitizer`
4. ✅ **SQL Safety** - Use `sql_guard`
5. ✅ **Rate Limiting** - Per-IP and per-User limits
6. ✅ **CSRF Protection** - CSRF tokens on state-changing endpoints
7. ✅ **Security Headers** - CSP, HSTS, X-Frame-Options, etc.
8. ✅ **No CDNs** - All assets local
9. ✅ **File Size** - Max 450 lines per file
10. ✅ **Clippy Clean** - 0 warnings, no `#[allow()]`
### File Organization
**Botui (Frontend):**
```
botui/ui/suite/
partials/
editor.html
database.html
git-status.html
git-diff.html
browser-controls.html
terminal.html
template-gallery.html
vibe-mcp-panel.html # NEW - MCP integration
js/
editor.js
database.js
git.js
browser.js
terminal.js
templates.js
vibe-mcp.js # NEW - MCP integration
css/
editor.css
database.css
git.css
browser.css
terminal.css
templates.css
vibe/
mcp-panel.css # NEW - MCP integration
```
**Botserver (Backend):**
```
botserver/src/
api/
editor.rs
database.rs
git.rs
browser/
mod.rs # BrowserSession, BrowserManager
recorder.rs # ActionRecorder
validator.rs # TestValidator
api.rs # HTTP endpoints
test_generator.rs
templates/
crm/
sales.json
real_estate.json
healthcare.json
mod.rs
sources/ # ALREADY EXISTS
mod.rs
mcp.rs
ui.rs
knowledge_base.rs
```
### Dependencies
**Already in Workspace:**
```toml
chromiumoxide = "0.7" # Browser automation
tokio = "1.41" # Async runtime
axum = "0.7" # HTTP framework
diesel = "2.1" # Database
git2 = "0.18" # Git operations (add if needed)
```
**Frontend (download & serve locally):**
```
monaco-editor@0.45.0 # Code editor
xterm.js@5.3.0 # Terminal (already vendor file)
```
---
## Part VI: Testing Strategy
### Unit Tests
- All new modules need unit tests
- Test coverage > 80%
- Location: `botserver/src/<module>/tests.rs`
### Integration Tests
- End-to-end workflows
- Location: `bottest/tests/integration/`
### E2E Tests
- Use chromiumoxide (bottest infrastructure)
- Location: `bottest/tests/e2e/`
- Test scenarios:
- Generate CRM from template
- Edit in Monaco editor
- View database schema
- Create git commit
- Record browser test
---
## Part VII: Rollout Plan (UPDATED)
### Milestone 0: Security & MCP (Week 0)
- **Day 1-2:** Fix all unsafe `unwrap()` calls
- **Day 3:** Address dependency vulnerabilities
- **Day 4:** Verify CSRF & security headers
- **Day 5:** Integrate MCP panel into Vibe UI
### Milestone 1: Core Editor (Week 1)
- Phase 1 complete (Monaco integration)
### Milestone 2: Database & Git (Week 2)
- Phase 2 complete (Database UI)
- Phase 3 complete (Git Operations)
### Milestone 3: Browser & Workspace (Week 3)
- Phase 4 complete (Browser Automation)
- Phase 5 complete (Multi-File Editing)
### Milestone 4: Terminal & Templates (Week 4)
- Phase 6 complete (Enhanced Terminal)
- Phase 7 complete (CRM Templates)
---
## Part VIII: Success Metrics
### Security Milestones
- ✅ Zero `unwrap()` in production code
- ✅ `cargo audit` passes
- ✅ All endpoints have CSRF + security headers
### Phase 0.5: MCP Integration
- ✅ MCP panel visible in Vibe sidebar
- ✅ Can enable/disable servers
- ✅ Can view available tools
- ✅ Can add new servers
### Phase 1: Code Editor
- Monaco loads < 2 seconds
- 5+ syntax highlighters work
- Multi-file tabs functional
- Auto-save succeeds
### Phase 2: Database UI
- Schema visualizer displays all tables
- Query builder generates valid SQL
- Data grid supports inline edits
- Export functionality works
### Phase 3: Git Operations
- Git status shows changed files
- Diff viewer shows side-by-side
- Commit workflow works
- Branch switching succeeds
### Phase 4: Browser Automation
- Can navigate to any URL
- Element picker captures selectors
- Recording generates valid tests
- Screenshots capture correctly
### Phase 5: Multi-File Workspace
- 10+ files open in tabs
- Split view supports 2-4 panes
- File comparison works
- Project search is fast (< 1s for 100 files)
### Phase 6: Terminal
- Interactive shell works
- Can run vim, top, etc.
- Multiple terminals run simultaneously
- File transfer works
### Phase 7: CRM Templates
- 3+ CRM templates available
- Generation takes < 30 seconds
- Generated CRMs are fully functional
- Industry-specific features work
---
## Conclusion
The BotUI platform has a **powerful backend** capable of generating full applications via LLM. The main gaps are in the **frontend user experience** and **security hardening**.
**Key Insight:**
- The `botserver/src/sources/` infrastructure for MCP is **already complete**
- The Vibe UI exists and is functional
- We need to **connect** them: add an MCP panel to the Vibe sidebar
**Updated Priority Order:**
1. ⚠️ **Security fixes** (Week 0) - Unblock development risk
2. 🔌 **MCP integration** (Week 0.5) - Quick win, leverage existing code
3. 📝 **Code editor** (Week 1) - Core developer tool
4. 🗄️ **Database UI** (Week 2) - Visual data management
5. 🐙 **Git operations** (Week 2) - Version control
6. 🌐 **Browser automation** (Week 3) - Testing & recording
7. 📂 **Multi-file workspace** (Week 3) - Professional editing
8. 🖥️ **Terminal** (Week 4) - Interactive shell
9. 📇 **CRM templates** (Week 4) - Accelerators
Once these phases are complete, VibeCode will match or exceed Claude Code's capabilities while offering:
✅ **Multi-user SaaS deployment**
**Visual app building** (Vibe Builder)
✅ **Enterprise-grade multi-agent orchestration**
**Pure Rust backend** (no Node.js dependency)
**Integrated MCP servers** (extensible tools)
**Integrated browser automation** (chromiumoxide)
✅ **Professional development environment**
**Total Estimated Effort:** 113-141 hours (~3-4 weeks with 1 developer)

2091
prompts/vib.md
View file

File diff suppressed because it is too large Load diff

3
req_gemini.json
View file

@ -1,3 +0,0 @@
{
"contents": [{"role":"user","parts":[{"text":"hello"}]}]
}

9
req_openai.json
View file

@ -1,9 +0,0 @@
{
"model": "gemini-1.5-flash",
"messages": [
{
"role": "user",
"content": "hello"
}
]
}

8
request.json
View file

@ -1,8 +0,0 @@
{
"contents": [
{
"role": "user",
"parts": [{"text":"hello"}]
}
]
}

10
reset.sh
View file

@ -1,10 +0,0 @@
#!/bin/bash
set -e
echo "Cleaning up..."
rm -rf botserver-stack/ ./work/ .env
echo "Starting services..."
./restart.sh
echo "Reset complete!"

24
restart.sh
View file

@ -1,24 +0,0 @@
#!/bin/bash
set -e
echo "Stopping..."
pkill -f botserver || true
pkill -f botui || true
pkill -f rustc || true
echo "Cleaning..."
rm -f botserver.log botui.log
echo "Building..."
cargo build -p botserver
cargo build -p botui
echo "Starting botserver..."
RUST_LOG=debug ./target/debug/botserver --noconsole > botserver.log 2>&1 &
echo " PID: $!"
echo "Starting botui..."
BOTSERVER_URL="http://localhost:8080" ./target/debug/botui > botui.log 2>&1 &
echo " PID: $!"
echo "Done. Logs: tail -f botserver.log botui.log"

BIN
rust_out
View file

Binary file not shown.

129
security_audit.sh
View file

@ -1,129 +0,0 @@
#!/bin/bash
# General Bots Security Audit Script
# This script helps identify critical security issues in the codebase
set -e
echo "🔒 General Bots Security Audit"
echo "=============================="
echo ""
# Check for hardcoded secrets
echo "1. Checking for hardcoded secrets..."
if grep -r "password\s*=\s*\"" --include="*.rs" --include="*.toml" --include="*.json" . 2>/dev/null | grep -v "test" | grep -v "example" | head -10; then
echo "⚠️ WARNING: Found potential hardcoded passwords"
else
echo "✅ No obvious hardcoded passwords found"
fi
echo ""
# Check for unwrap/expect calls
echo "2. Checking for unwrap/expect calls..."
UNWRAP_COUNT=$(grep -r "\.unwrap()\|\.expect(" --include="*.rs" . 2>/dev/null | wc -l)
if [ "$UNWRAP_COUNT" -gt 0 ]; then
echo "⚠️ WARNING: Found $UNWRAP_COUNT unwrap/expect calls"
echo " Sample locations:"
grep -r "\.unwrap()\|\.expect(" --include="*.rs" . 2>/dev/null | head -5
else
echo "✅ No unwrap/expect calls found"
fi
echo ""
# Check for Command::new usage
echo "3. Checking for unsafe command execution..."
if grep -r "Command::new" --include="*.rs" . 2>/dev/null | grep -v "SafeCommand" | head -5; then
echo "⚠️ WARNING: Found potential unsafe command execution"
echo " Should use SafeCommand instead"
else
echo "✅ No unsafe Command::new calls found"
fi
echo ""
# Check for SQL injection patterns
echo "4. Checking for SQL injection patterns..."
if grep -r "format!.*SELECT\|format!.*INSERT\|format!.*UPDATE\|format!.*DELETE" --include="*.rs" . 2>/dev/null | grep -v "sanitize" | head -5; then
echo "⚠️ WARNING: Found potential SQL injection patterns"
echo " Should use sql_guard functions"
else
echo "✅ No obvious SQL injection patterns found"
fi
echo ""
# Check security headers in routes
echo "5. Checking for security middleware usage..."
if grep -r "security_headers_middleware\|csrf_middleware\|rate_limit_middleware" --include="*.rs" . 2>/dev/null | head -5; then
echo "✅ Security middleware found"
else
echo "⚠️ WARNING: No security middleware found in routes"
fi
echo ""
# Check for SecurityManager usage
echo "6. Checking for SecurityManager initialization..."
if grep -r "SecurityManager::new\|SecurityManager::initialize" --include="*.rs" . 2>/dev/null; then
echo "✅ SecurityManager usage found"
else
echo "⚠️ WARNING: SecurityManager not initialized"
fi
echo ""
# Check dependencies
echo "7. Checking dependencies..."
if command -v cargo-audit &> /dev/null; then
echo "Running cargo audit..."
cargo audit
else
echo "⚠️ Install cargo-audit: cargo install cargo-audit"
fi
echo ""
# Check for .env files in git
echo "8. Checking for secrets in git..."
if find . -name ".env" -type f | grep -v node_modules | grep -v target; then
echo "⚠️ WARNING: .env files found in repository"
echo " Secrets should be in /tmp/ only"
else
echo "✅ No .env files in repository"
fi
echo ""
# Check file permissions
echo "9. Checking critical file permissions..."
if [ -f "botserver-stack/conf/vault/init.json" ]; then
PERMS=$(stat -c "%a" "botserver-stack/conf/vault/init.json")
if [ "$PERMS" -gt 600 ]; then
echo "⚠️ WARNING: Vault init file permissions too open: $PERMS"
echo " Should be 600 or 400"
else
echo "✅ Vault init file permissions OK: $PERMS"
fi
fi
echo ""
# Summary
echo "📊 Security Audit Summary"
echo "========================"
echo ""
echo "Critical Issues to Address:"
echo "1. $UNWRAP_COUNT unwrap/expect calls need replacement"
echo "2. SecurityManager initialization missing"
echo "3. Security middleware may not be applied to all routes"
echo ""
echo "Next Steps:"
echo "1. Review TASKS.md for detailed remediation plan"
echo "2. Fix P1 issues first (SecurityManager, error handling)"
echo "3. Run cargo clippy and fix all warnings"
echo "4. Implement security testing"
echo ""
echo "For detailed tasks, see: TASKS.md"
echo "For quick checklist, see: SECURITY_CHECKLIST.md"

43
sim_wa.sh
View file

@ -1,43 +0,0 @@
#!/bin/bash
curl -X POST http://localhost:8080/webhook/whatsapp/default \
-H "Content-Type: application/json" \
-H "X-Hub-Signature-256: sha256=dummy" \
-d '{
"object": "whatsapp_business_account",
"entry": [
{
"id": "1234567890",
"changes": [
{
"value": {
"messaging_product": "whatsapp",
"metadata": {
"display_phone_number": "552140402160",
"phone_number_id": "323250907549153"
},
"contacts": [
{
"profile": {
"name": "Test User"
},
"wa_id": "5511999999999"
}
],
"messages": [
{
"from": "5511999999999",
"id": "wamid.simulated_1",
"timestamp": "1625688536",
"text": {
"body": "cristo"
},
"type": "text"
}
]
},
"field": "messages"
}
]
}
]
}'

4
stop.sh
View file

@ -1,4 +0,0 @@
pkill botui
pkill botserver -9

30
task.md
View file

@ -1,30 +0,0 @@
# Security Review Task List
## 1. Unsafe Unwraps in Production (Violates AGENTS.md Error Handling Rules)
The `AGENTS.md` explicitly forbids the use of `.unwrap()`, `.expect()`, `panic!()`, `todo!()`, and `unimplemented!()` in production code. A search of the codebase revealed several instances of `unwrap()` being used in non-test contexts.
**Vulnerable Locations:**
- `botserver/src/drive/drive_handlers.rs:269` - Contains a `.unwrap()` call during `Response::builder()` generation, which could panic in production.
- `botserver/src/basic/compiler/mod.rs` - Contains `unwrap()` usages outside test boundaries.
- `botserver/src/llm/llm_models/deepseek_r3.rs` - Contains `unwrap()` usages outside test boundaries.
- `botserver/src/botmodels/opencv.rs` - Test scopes use `unwrap()`, but please audit carefully for any leaks to production scope.
**Action:**
- Replace all `.unwrap()` occurrences with safe alternatives (`?`, `unwrap_or_default()`, or pattern matching with early returns) and use `ErrorSanitizer` to avoid panics.
## 2. Dependency Vulnerabilities (Found by cargo audit)
Running `cargo audit` uncovered a reported vulnerability inside the dependency tree.
**Vulnerable Component:**
- **Crate:** `glib`
- **Version:** `0.18.5`
- **Advisory ID:** `RUSTSEC-2024-0429`
- **Title:** Unsoundness in `Iterator` and `DoubleEndedIterator` impls for `glib::VariantStrIter`
- **Dependency Tree context:** It's pulled through `botdevice` and `botapp` via Tauri plugins and GTK dependencies.
**Action:**
- Review dependencies and upgrade the GTK/Glib ecosystem dependencies if patches are available, or evaluate the exact usage to assess the direct risk given the desktop GUI context.
## 3. General Posture Alignment
- Ensure all new state-changing endpoints are correctly shielded by the custom CSRF store (`redis_csrf_store.rs`). Verification is recommended as standard `tower-csrf` is absent from `Cargo.toml`.
- Confirm security headers (`Content-Security-Policy` via `headers.rs`) are indeed attached universally in `botserver` and not selectively omitted in new modules.

18
tests/example.spec.ts
View file

@ -1,18 +0,0 @@
import { test, expect } from '@playwright/test';
test('has title', async ({ page }) => {
await page.goto('https://playwright.dev/');
// Expect a title "to contain" a substring.
await expect(page).toHaveTitle(/Playwright/);
});
test('get started link', async ({ page }) => {
await page.goto('https://playwright.dev/');
// Click the get started link.
await page.getByRole('link', { name: 'Get started' }).click();
// Expects page to have a heading with the name of Installation.
await expect(page.getByRole('heading', { name: 'Installation' })).toBeVisible();
});

299
zap.md
View file

@ -1,299 +0,0 @@
# WhatsApp - Bot Salesianos
respeitar AGENTS.md
## Status: Operacional
| Campo | Valor |
|-------|-------|
| Bot ID | `32c579e5-609b-4a07-8599-4e0fccc4d764` |
| Phone | +15558293147 |
| Phone ID | 323250907549153 |
| Business ID | 1261667644771701 |
---
## Comandos
- `/clear` - Limpa histórico da conversa
---
## Streaming
1. Mensagens sem lista: enviar a cada 3 parágrafos
2. Mensagens com lista: **ISOLAR como mensagem única** (sem texto antes ou depois)
3. Limite máximo: 4000 caracteres por mensagem
### Exemplo de Agrupamento Correto
**Resposta completa do bot:**
```
Olá! 😊
Infelizmente, não tenho a informação específica sobre o horário de funcionamento da Escola Salesiana no momento.
Para obter essa informação, você pode:
1. *Entrar em contato com a secretaria* - Posso te ajudar a enviar uma mensagem perguntando sobre os horários
2. *Agendar uma visita* - Assim você conhece a escola pessoalmente e obtém todas as informações necessárias
Gostaria que eu te ajudasse com alguma dessas opções? Se quiser entrar em contato com a secretaria, preciso apenas de:
- Seu nome
- Telefone
- Email
- Sua pergunta sobre os horários
Ou, se preferir, posso agendar uma visita para você conhecer a escola! 🏫
O que prefere?
```
**Deve ser enviado como 5 mensagens separadas:**
**Mensagem 1:**
```
Olá! 😊
Infelizmente, não tenho a informação específica sobre o horário de funcionamento da Escola Salesiana no momento.
Para obter essa informação, você pode:
```
**Mensagem 2 (LISTA ISOLADA):**
```
1. *Entrar em contato com a secretaria* - Posso te ajudar a enviar uma mensagem perguntando sobre os horários
2. *Agendar uma visita* - Assim você conhece a escola pessoalmente e obtém todas as informações necessárias
```
**Mensagem 3:**
```
Gostaria que eu te ajudasse com alguma dessas opções? Se quiser entrar em contato com a secretaria, preciso apenas de:
```
**Mensagem 4 (LISTA ISOLADA):**
```
- Seu nome
- Telefone
- Email
- Sua pergunta sobre os horários
```
**Mensagem 5:**
```
Ou, se preferir, posso agendar uma visita para você conhecer a escola! 🏫
O que prefere?
```
**Regras:**
- ✅ Cada lista = **1 mensagem ISOLADA** (nunca misturar com texto)
- ✅ Texto antes da lista = mensagem separada
- ✅ Texto depois da lista = mensagem separada
- ✅ Listas nunca são quebradas no meio
---
## Testar Webhook (Simular Callback)
Script de teste em `/tmp/test_whatsapp.sh`:
```bash
#!/bin/bash
# Testa o webhook do WhatsApp simulando uma mensagem
BOT_ID="32c579e5-609b-4a07-8599-4e0fccc4d764"
FROM="5521972102162" # Número de teste
curl -X POST "http://localhost:8080/webhook/whatsapp/${BOT_ID}" \
-H "Content-Type: application/json" \
-d '{
"object": "whatsapp_business_account",
"entry": [{
"id": "1261667644771701",
"changes": [{
"field": "messages",
"value": {
"messaging_product": "whatsapp",
"metadata": {
"display_phone_number": "15558293147",
"phone_number_id": "323250907549153"
},
"contacts": [{
"wa_id": "'${FROM}'",
"profile": { "name": "Teste Usuario" }
}],
"messages": [{
"id": "test_msg_'$(date +%s)'",
"from": "'${FROM}'",
"timestamp": "'$(date +%s)'",
"type": "text",
"text": { "body": "Olá, como posso ajudar?" }
}]
}
}]
}]
}'
```
Executar teste:
```bash
bash /tmp/test_whatsapp.sh
```
---
## Testar Comando /clear
```bash
BOT_ID="32c579e5-609b-4a07-8599-4e0fccc4d764"
FROM="5521972102162"
curl -X POST "http://localhost:8080/webhook/whatsapp/${BOT_ID}" \
-H "Content-Type: application/json" \
-d '{
"object": "whatsapp_business_account",
"entry": [{
"id": "1261667644771701",
"changes": [{
"field": "messages",
"value": {
"messaging_product": "whatsapp",
"metadata": {
"display_phone_number": "15558293147",
"phone_number_id": "323250907549153"
},
"contacts": [{
"wa_id": "'${FROM}'",
"profile": { "name": "Teste Usuario" }
}],
"messages": [{
"id": "test_clear_'$(date +%s)'",
"from": "'${FROM}'",
"timestamp": "'$(date +%s)'",
"type": "text",
"text": { "body": "/clear" }
}]
}
}]
}]
}'
```
---
## Debug
```bash
# Verificar servidor
curl http://localhost:8080/health
# Monitorar logs
tail -f botserver.log | grep -iE "(whatsapp|Embedding)"
# Verificar sessões ativas (requer acesso ao banco)
# SELECT * FROM user_sessions WHERE bot_id = '32c579e5-609b-4a07-8599-4e0fccc4d764';
```
---
## Arquivos Relacionados
- Config: `/opt/gbo/data/salesianos.gbai/salesianos.gbot/config.csv`
- Handler: `botserver/src/whatsapp/mod.rs`
- Adapter: `botserver/src/core/bot/channels/whatsapp.rs`
- Cache: `botserver/src/llm/cache.rs`
---
## Pendências
1. **Implementar suporte a `/webhook/whatsapp/default`** (ver TODO abaixo)
2. Configurar webhook na Meta Business Suite para produção
3. Configurar SSL/TLS no servidor de produção
---
## 📋 TODO: Default Bot Routing
### Objetivo
Permitir que a URL `/webhook/whatsapp/default` funcione como roteador dinâmico de bots baseado em comandos de usuário.
### Comportamento Atual
- ✅ `/webhook/whatsapp/{uuid}` → Rota direta para bot específico
- ❌ `/webhook/whatsapp/default`**FALHA** (espera UUID, não aceita "default")
### Comportamento Desejado
1. `/webhook/whatsapp/default` → Rota para o bot default (`/opt/gbo/data/default.gbai/default.gbot`)
2. Quando usuário digita um `whatsapp-id` (ex: "cristo", "salesianos"):
- Sistema busca bot com essa propriedade no `config.csv`
- Mapeia `phone_number``bot_id` na sessão/cache
- Troca de bot para aquela sessão
3. Mensagens subsequentes daquele `phone_number` são roteadas para o bot mapeado
4. Se usuário digitar outro `whatsapp-id`, encerra sessão anterior e abre nova para o novo bot
### Arquivos a Modificar
#### 1. `botserver/src/whatsapp/mod.rs`
- **Linha ~178**: Modificar `verify_webhook` e `handle_webhook`
- Mudar `Path(bot_id): Path<Uuid>``Path(bot_id): Path<String>`
- Adicionar parsing: `"default"` → buscar UUID do bot default
- Manter parsing UUID para compatibilidade
#### 2. `botserver/src/whatsapp/mod.rs`
- **Nova função**: `resolve_bot_id(bot_id_str: &str, state: &AppState) -> Result<Uuid, Error>`
- Se `"default"` → retorna UUID do bot default via `get_default_bot()`
- Se UUID válido → retorna UUID
- Caso contrário → erro
#### 3. `botserver/src/whatsapp/mod.rs`
- **Nova função**: `check_whatsapp_id_routing(message_text: &str, state: &AppState) -> Option<Uuid>`
- Verifica se texto é um comando de troca de bot
- Busca em todos os bots por `whatsapp-id` no `config.csv`
- Retorna bot_id se encontrar match
#### 4. `botserver/src/whatsapp/mod.rs`
- **Modificar** `process_incoming_message`
- Antes de processar, verificar se mensagem é comando de roteamento
- Se for, atualizar mapeamento `phone``bot_id` no cache
- Se não for, usar mapeamento existente do cache
### Bots com whatsapp-id Configurado
- ✅ **cristo.gbot**: `whatsapp-id,cristo`
- ❓ **salesianos.gbot**: verificar se tem whatsapp-id
- ✅ **default.gbot**: não tem whatsapp-id (é o roteador)
### Implementação em Passos
**Passo 1**: Modificar handlers para aceitar "default"
```rust
// Antes
Path(bot_id): Path<Uuid>
// Depois
Path(bot_id_str): Path<String>
let bot_id = resolve_bot_id(&bot_id_str, &state)?;
```
**Passo 2**: Implementar `resolve_bot_id`
- Buscar `get_default_bot()` quando `bot_id_str == "default"`
- Parse UUID caso contrário
**Passo 3**: Implementar roteamento dinâmico
- Verificar cache: `phone_number``bot_id`
- Se não existir, usar bot_id do webhook
- Se mensagem for comando (whatsapp-id), atualizar cache
**Passo 4**: Testar
```bash
# Teste 1: URL com default
curl -X POST "http://localhost:8080/webhook/whatsapp/default" ...
# Teste 2: URL com UUID (deve continuar funcionando)
curl -X POST "http://localhost:8080/webhook/whatsapp/32c579e5-609b-4a07-8599-4e0fccc4d764" ...
# Teste 3: Roteamento por comando
# Enviar mensagem "cristo" → deve rotear para bot cristo
# Enviar mensagem "salesianos" → deve trocar para bot salesianos
```
### URLs de Teste
- Localtunnel: `https://bright-bananas-deny.loca.lt/webhook/whatsapp/default`
- Local: `http://localhost:8080/webhook/whatsapp/default`