git/metabuilder
1
0
Fork 0
mirror of https://github.com/johndoe6345789/metabuilder.git synced 2026-04-24 13:54:57 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
metabuilder/CLAUDE.md
rw 9d4244891e fix(ci,deps): correct action versions and patch security vulnerabilities 
GitHub Actions:
- checkout@v4 → @v6 (v6 is current, v4 was wrong downgrade)
- upload-artifact@v4 → @v7 (latest), @v6 → @v7 in dbal-tests.yml
- download-artifact@v4 → @v8 (latest)
- cache@v6 → @v5 (v6 does not exist, v5 is latest)
- codeql-action@v4 confirmed correct

Security (Dependabot):
- next 16.1.5 → 16.1.7 (dockerterminal): HTTP smuggling, CSRF, DoS fixes
- PyJWT 2.10.1 → 2.12.0 (5 requirements.txt): unknown crit header bypass
- CairoSVG 2.8.2 → 2.9.0 (pcbgenerator): recursive <use> ReDoS
- postgres overrides: add hono >=4.12.4, @hono/node-server >=1.19.10,
  rollup >=4.59.0, serialize-javascript >=7.0.3 for transitive vulns

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-20 20:13:54 +00:00

396 lines
17 KiB
Markdown
Raw Permalink Blame History

# MetaBuilder - AI Assistant Guide
**Last Updated**: 2026-03-04 | **Status**: Phase 2 & 3 Complete, Universal Platform in Progress
**Scale**: 27,826+ files across 34 directories | **Philosophy**: 95% JSON config, 5% TS/C++ infrastructure
**Documentation**: Code = Doc (self-documenting Python scripts with argparse)
---
## Code = Doc Principle
All documentation is executable code. No separate markdown docs.
```bash
# Entry points (each with --help)
./metabuilder.py --help # Root project manager
./codegen/codegen.py --help # CodeForge IDE
./pastebin/pastebin.py --help # Pastebin
./gameengine/gameengine.py --help # Game engine
./postgres/postgres.py --help # PostgreSQL dashboard
./mojo/mojo.py --help # Mojo compiler
cd deployment && python3 deployment.py build base --list # Docker base images
# Documentation (SQLite3 + FTS5 full-text search)
cd txt && python3 reports.py search "query" # 212 reports
cd docs && python3 docs.py search "query" # 217 docs, 13 categories
python3 docs.py list --category guides
```
---
## Completed Milestones (All ✅)
- **Mar 4**: DBAL C++ event-driven workflow engine (`pastebin.User.created` → 15-node JSON workflow → seeded namespaces + snippets), full YAML→JSON migration (63 files, yaml-cpp removed), JWT auth + JSON ACL, declarative seed data (`dbal/shared/seeds/database/`), i18n (EN/ES) across all pastebin components, dark/light theme switcher
- **Feb 7**: Game engine CLI args (`--bootstrap`, `--game`), 27/27 tests passing (100%)
- **Feb 6**: 6 new DB backends (total 14), SQLite3 doc migration, Docker dev container, WorkflowUI E2E (92.6%)
- **Feb 5**: WorkflowUI mock DBAL testing, Settings/Help pages, DBAL env var config
- **Feb 4**: SQLiteAdapter generic refactoring, YAML Schema Spec 2.0, Dynamic entity loading (TS+C++), DBAL hooks integration, FakeMUI migration
- **Feb 3**: Visual workflow editor (n8n-style), Dynamic plugin registry (152 nodes)
- **Feb 2**: WorkflowUI migration to root packages (77% file reduction)
- **Feb 1**: CodeQL search, FakeMUI organization, Email components (22)
- **Jan 24**: Dependency fixes, testing library standardization
- **Jan 23**: Email client (Phases 1-5), Mojo compiler, FakeMUI restructuring, dependency remediation
**Details**: Search `cd txt && python3 reports.py search "topic"` for full completion reports.
---
## Directory Index
| Directory | Files | Description |
|-----------|-------|-------------|
| `dbal/` | 495 | Database Abstraction Layer (C++ daemon + shared schemas) |
| `workflow/` | 765 | DAG workflow engine, multi-language plugins |
| `frontends/` | 495 | CLI (C++), Qt6 (QML), Next.js (React) |
| `packages/` | 550 | 62 modular feature packages |
| `fakemui/` | 758 | Material UI clone (145 React + 421 icons) |
| `gameengine/` | 2,737 | SDL3/bgfx 2D/3D game engine |
| `codegen/` | 1,926 | CodeForge IDE (React+Monaco) |
| `pastebin/` | 1,114 | Code snippet sharing (Next.js) |
| `exploded-diagrams/` | 17,565 | Interactive 3D exploded diagrams |
| `schemas/` | 105 | JSON Schema validation |
| `services/` | 29 | Media daemon (FFmpeg/ImageMagick) |
| `postgres/` | 212 | PostgreSQL admin dashboard |
| `mojo/` | 82 | Mojo compiler + language examples |
| `docs/` | 1 DB | SQLite3 (217 docs, 13 categories, FTS5) |
| `txt/` | 1 DB | SQLite3 (212 reports, FTS5, archives) |
| `old/` | 149 | Legacy Spark implementation |
| `.github/` | 52 | GitHub Actions, templates |
*Other standalone: pcbgenerator, packagerepo, cadquerywrapper, sparkos, storybook, dockerterminal, smtprelay, caproverforge, repoforge, emailclient, prisma, deployment, spec, scripts, config, e2e*
---
## Core Principles
### 1. 95% Data, 5% Code
- UI, workflows, pages, business logic = **JSON**
- Entities NEVER hardcoded - loaded from JSON schemas
- Adapters NEVER hardcoded - discovered dynamically
### 2. Schema-First Development
```
dbal/shared/api/schema/entities/ # JSON entities (SOURCE OF TRUTH)
schemas/package-schemas/ # JSON validation schemas (27 total)
dbal/shared/seeds/database/ # Declarative JSON seed data
```
### 3. Multi-Tenant by Default
Every query MUST filter by `tenantId` - no exceptions.
### 4. Data Access Hierarchy
```
1. Redux + redux-persist - Client-side state (IndexedDB)
2. DBAL hooks (fetch) - Server data via C++ DBAL REST API
3. Raw SQL - NEVER
```
### 5. One Lambda Per File
`src/lib/users/createUser.ts` - one function per file.
### 6. JSON Script for Business Logic
Workflows defined in JSON with version 2.2.0 format.
---
## Key Subsystems
### DBAL (`dbal/`)
C++ REST API daemon. Client-side persistence handled by `@metabuilder/redux-persist` (IndexedDB).
```
dbal/
├── production/ # C++ daemon - SQLite, PostgreSQL, MySQL, Drogon HTTP
│ ├── src/config/ # EnvConfig (env vars, NO hardcoded paths)
│ ├── src/workflow/ # Event-driven workflow engine (WfEngine, WfExecutor, 7 step types)
│ ├── src/auth/ # JWT validation + JSON ACL config
│ ├── build-config/# Dockerfile, CMakeLists, conanfile (no yaml-cpp — JSON only)
│ ├── templates/sql/# Jinja2 SQL templates (Inja library)
│ └── .env.example # ~30 config options documented
├── shared/api/schema/
│ ├── entities/ # JSON entity definitions (39 entities, SOURCE OF TRUTH)
│ ├── events/ # event_config.json → workflow mappings
│ ├── workflows/ # on_user_created.json etc.
│ └── auth/ # auth.json (JWT + ACL rules)
└── shared/seeds/database/ # Declarative JSON seed data (auto-loaded at startup)
```
**Workflow Engine**: `pastebin.User.created` → detached thread → `on_user_created.json` → Default + Examples namespaces + 5 snippet templates. Event dispatch wraps `send_success` callback in entity route handler.
**Auto-Seed**: `DBAL_SEED_ON_STARTUP=true``SeedLoaderAction::loadSeeds()` in `registerRoutes()`. Seed files are idempotent (skip if records exist). Must call `ensureClient()` before seeding — `dbal_client_` is null during route registration.
**JWT Auth**: `DBAL_AUTH_CONFIG=/app/schemas/auth/auth.json` — defines which endpoints require auth and what roles can access them.
**Entity Categories**: Core (user, session, workflow, package, ui_page), Access (credential, component_node, page_config), Packages (forum, notification, audit_log, media, irc, streaming), Domain (product, game, artist, video)
**14 Database Backends**:
| Adapter | Backend | Notes |
|---------|---------|-------|
| memory | In-memory | Testing/development |
| sqlite | SQLite | Embedded, generic CRUD via templates |
| postgres | PostgreSQL | Direct connection, no ORM |
| mysql | MySQL | Direct connection |
| mariadb | MariaDB | Reuses mysql adapter |
| cockroachdb | CockroachDB | Reuses postgres adapter |
| mongodb | MongoDB | mongo-cxx-driver, JSON↔BSON |
| redis | Redis | Cache layer (L1/L2 with primary DB) |
| elasticsearch | Elasticsearch | Search layer (full-text, analytics) |
| cassandra | Cassandra | Wide-column store |
| surrealdb | SurrealDB | Multi-model (docs/graphs/KV) |
| supabase | Supabase REST/Direct | PostgreSQL + REST + Realtime + RLS |
| prisma | Prisma | ORM, HTTP bridge |
**Config**: `DBAL_SCHEMA_DIR`, `DBAL_TEMPLATE_DIR`, `DATABASE_URL` (adapter options as query strings)
**Endpoints**: `/health`, `/version`, `/status`, `/{tenant}/{package}/{entity}` (RESTful CRUD)
**Multi-Adapter Patterns**:
- **Redis caching**: `DBAL_CACHE_URL=redis://localhost:6379/0?ttl=300&pattern=read-through`
- **Elasticsearch search**: `DBAL_SEARCH_URL=http://localhost:9200?index=dbal_search&refresh=true`
- Patterns: read-through, write-through, cache-aside, dual-write, CDC, search-first
### Workflow Engine (`workflow/`)
Multi-language: executors (TS, Python, C++), plugins (C++/16 categories, Python, TS, Go, Rust, Mojo), 19 example workflows. Dynamic plugin registry at `/api/plugins` (152 nodes).
### Game Engine (`gameengine/`)
SDL 3.2.20, bgfx 1.129, MaterialX 1.39.1, Assimp, Bullet3, Box2D, EnTT 3.16.0, FFmpeg 8.0.1. 36 service interfaces. CLI: `--bootstrap bootstrap_mac --game seed`.
### CodeForge IDE (`codegen/`)
~420 TSX files (legacy) → 338 JSON definitions (target). See `codegen/CLAUDE.md`.
### FakeMUI (`fakemui/`)
167 components (145 core + 22 email) across 11 categories. Import from `@metabuilder/fakemui`. React/TS, QML (104+), Python (15), 421 icons, 78 SCSS modules.
### React Hooks (`hooks/`)
`@metabuilder/hooks` (30 hooks), `@metabuilder/hooks-utils` (useTableState, useAsyncOperation, useDebounced, useThrottled), `@metabuilder/hooks-forms` (useFormBuilder). Multi-version peer deps (React 18/19, Redux 8/9).
### Redux
12 packages: hooks, hooks-utils, hooks-forms, core-hooks, api-clients, hooks-*, redux-slices, service-adapters, timing-utils. Active in: workflowui, frontends/nextjs, codegen, pastebin.
### Email Client
Phases 1-5 complete (frontend). 4 DBAL schemas, 22 FakeMUI components, 4 Redux slices, 6 hooks, API endpoints. Phases 6-8 TODO: workflow plugins, Flask backend, Docker.
---
## Package System (`packages/`)
62 packages: Admin (7), UI Core (8), Dev Tools (7), Features (6), Testing (4).
```
packages/{packageId}/
├── package.json, components/ui.json, page-config/
├── permissions/roles.json, workflow/*.jsonscript
├── styles/tokens.json, tests/
```
---
## API Routing
```
/api/v1/{tenant}/{package}/{entity}[/{id}[/{action}]]
```
Rate limits: Login 5/min, Register 3/min, List 100/min, Mutations 50/min.
---
## Architecture
```
Frontends (CLI C++ | Qt6 QML | Next.js React)
→ Redux + redux-persist (IndexedDB, client-side state)
→ DBAL C++ daemon (REST API, 14 backends)
→ Database (SQLite dev | PostgreSQL prod)
```
---
## Common Commands
```bash
npm run dev / build / typecheck / lint / test:e2e
npm run build --workspaces
cd deployment && python3 deployment.py build base # Build Docker base images
# Deploy full stack
cd deployment && docker compose -f compose.yml up -d
# Build & deploy specific apps
python3 deployment.py build apps --force dbal pastebin # Next.js frontend only
docker compose -f compose.yml build pastebin-backend # Flask backend
# DBAL logs / seed verification
docker logs -f metabuilder-dbal
docker logs metabuilder-dbal 2>&1 | grep -i "workflow\|seed"
# Force re-seed
curl -X POST http://localhost:8080/admin/seed \
-H "Authorization: Bearer $DBAL_ADMIN_TOKEN" -d '{"force": true}'
```
Pre-commit: `npm run build && npm run typecheck && npm run lint && npm run test:e2e`
---
## Coding Standards
### Code Quality Rules
- One lambda per file, no @ts-ignore, no implicit any, no dead code
- JSDoc on public APIs, self-documenting names
- FULL implementations only - no WIP code on main
- No disabled tests (DISABLED_, @skip)
### No Work-In-Progress Code
- No `-wip`, `-todo`, `-temp` directories
- All code is 100% complete OR not included
- Incomplete work on feature branches only
### UI/Styling
- **workflowui + new projects**: FakeMUI only (`@metabuilder/fakemui`)
- **Legacy projects**: Radix UI + Tailwind acceptable
- **Never**: Direct @mui/material imports in workflowui
### WorkflowUI Components
- Atomic components <100 LOC, SCSS modules, no sx prop
- Categories: layout/, cards/, forms/, navigation/, feedback/
- Import pattern: `@/components/{domain}/{Component}`
### Security Checklist
- Input validation, no XSS (no innerHTML with user data), no SQL injection
- Passwords hashed SHA-512, no secrets committed, multi-tenant tenantId filtering
### Declarative-First
Ask: Could this be JSON config? Could a generic renderer handle this? Is it filtering by tenantId?
---
## Dependency Management
### Conan (C++)
Updated: cpr, lua, sol2, cmake, qt, ninja, sqlite3, fmt, spdlog, shaderc. Run `conan install . --build=missing`.
### npm
Multi-version peer deps. React 18/19, TypeScript 5.9.3, Next.js 14-16, @reduxjs/toolkit 1.9/2.5. Run `npm install` at root.
### Workflow Plugins
- Python: `requirements.txt` (Python 3.9+)
- Go: `go.mod` + `go.work` (Go 1.21+, stdlib only)
- TypeScript: `@metabuilder/workflow: ^3.0.0`
### Known Issues
- postgres dashboard uses @mui/material directly (should migrate to FakeMUI)
- 7 moderate npm vulnerabilities (lodash in @prisma/dev, LOW production risk)
- eslint/vite version conflicts in some workspaces (partially fixed)
---
## AI Assistant Directives
**Must-Follow** (No Exceptions):
1. Read CLAUDE.md first before any work
2. IMPLEMENT, don't delete - fix compilation errors properly
3. Use Explore agent for feasibility checks and planning
4. Plan before coding - list affected files, determine scope
5. CHECK before DELETE - `git show HEAD:path` first
6. Use subagents for complex work
7. Update CLAUDE.md with new gotchas/patterns
8. Reports → `reports.db`, Docs → `docs.db` (SQLite, not markdown files)
9. Git: `git add` on project root first, then commit
10. Use `mv` not `cp` (prevents duplicates)
11. Log long commands: `| tee txt/command-$(date +%Y%m%d-%H%M%S).log`
12. Search SQLite before browsing files
### Gotchas & Lessons Learned
| Gotcha | Prevention |
|--------|-----------|
| Conan profile in Docker mount | Run `conan profile detect` INSIDE cache-mounted RUN |
| Missing types after refactor | Verify all referenced types exist before committing |
| Headers in src/ not include/ | Use relative paths or fix build include dirs |
| No logs for long commands | ALWAYS pipe to txt/*.log |
| Dockerfile `build/` conflict | Use `_build/` |
| Drogon wildcard routes | Check docs for path param syntax |
| `cp` instead of `mv` | ALWAYS use `mv` to relocate |
| Deleting without checking | ALWAYS `git show HEAD:path` first |
| Skipping Explore agent | Always Explore before implementation |
| Version conflicts (eslint, vite) | Check ALL workspaces upfront |
| nlohmann/json includes | Link to ALL targets, not just transitive |
| Docker Compose YAML special chars | Quote env vars: `"DATABASE_URL=:memory:"` |
| nlohmann/json iterators | Use `it.value()` not `it->second` (std::map syntax fails) |
| dbal-init volume stale | Rebuild with `docker compose build dbal-init` when schema file extensions change |
| `.dockerignore` excludes `dbal/` | Whitelist specific subdirs: `!dbal/shared/seeds/database` |
| `deployment.py build apps pastebin` ≠ Flask backend | Use `docker compose build pastebin-backend` for Flask |
| `ensureClient()` before startup DB ops | `dbal_client_` is null in `registerRoutes()` — must call `ensureClient()` first |
| Seed data in Flask Python | NEVER — declarative seed data belongs in `dbal/shared/seeds/database/*.json` |
| Werkzeug scrypt on macOS Python | Generate hashes inside running container: `docker exec metabuilder-pastebin-backend python3 -c "..."` |
| `loadFromDirectory` vs `loadFromFile` | Both must stay in sync — `loadFromDirectory` is used in production; check both when adding schema parsing features |
| New DBAL entity missing from frontend | Add JSON schema in `dbal/shared/api/schema/entities/{package}/`, seed in `dbal/shared/seeds/database/`, rebuild `dbal-init` + DBAL image |
| ComponentNode schema vs C++ struct | JSON schema must match C++ struct in `types.generated.hpp` (pageId, parentId, childIds, order), NOT the Redux slice shape |
| GitHub Actions version assumptions | NEVER assume an action version is invalid — use `WebFetch` on `https://github.com/actions/{name}/releases` to verify before changing |
### Critical Folders to Check Before Any Task
`/redux/`, `/components/`, `/scss/`, `/hooks/`, `/types/`, `/interfaces/`, `/icons/`, `/workflow/`, `/schemas/`, `/packages/`, `/deployment/`, `/docs/docs.db`, `/txt/reports.db`
### Task Workflow
1. Read relevant CLAUDE.md
2. Search SQLite docs: `docs.py search` / `reports.py search`
3. Check if functionality already exists in critical folders
4. Use Explore agent for codebase questions
5. Plan affected files before coding
6. Verify multi-tenant filtering + rate limiting
---
## Definition of Done
A task is complete when:
- **Builds**: Compiles, core functionality works, type safety reasonable
- **Tests**: All pass, new tests added, edge cases covered, multi-tenant verified
- **Deploy**: Docker builds, services healthy, env vars documented, deps install
- **Docs**: CLAUDE.md updated, reports in SQLite, architecture docs updated
- **Security**: Input validation, no XSS/SQLi, passwords hashed, no secrets, rate limited
- **Git**: Clear commit message, co-authored tag, no merge conflicts
**Standards**: IMPLEMENT don't disable. Real solutions over workarounds. TODOs acceptable for future work. Pragmatic over perfect.
**Unacceptable**: Deleting code instead of fixing. Fake implementations. Claiming done when broken.
**Task-Specific**:
- Refactoring: ~100 LOC classes, original functionality preserved, tests pass
- New Adapters: CRUD + bulk + query + metadata ops, connection management, Result<T> errors
- Docker: Multi-stage, BuildKit cache, <500MB runtime, non-root user, health check
- Documentation: Imported to SQLite, categorized, searchable via FTS5
---
## Project Organization
- **Root**: Minimal - config, CI/CD, build, package files only
- **Reports**: `txt/reports.db` - create via `python3 reports.py create "Title" "Content..."`
- **Docs**: `docs/docs.db` - create via `python3 docs.py create "Title" "Content..." --category guides`
- **Rule**: Create directly in SQLite, do NOT create markdown files first
- **File org**: Implementation type first (react/, python/, qml/), component categorization, preserve legacy in archived folders
---
**Status**: Production Ready (Phase 2 Complete)
**Next**: Universal Platform - Core Infrastructure (State Machine, Command Bus, Event Stream, VFS, Frontend Bus)
Reference in New Issue View Git Blame Copy Permalink