docs: update docs with new autonomous tasks and security

2026-03-14 16:35:40 -03:00 · 2026-03-14 16:35:40 -03:00 · 2cbe5ecc88
commit 2cbe5ecc88
parent c312a30461
13 changed files with 3440 additions and 6 deletions
--- a/src/06-gbdialog/templates/sales-pipeline.md
+++ b/src/06-gbdialog/templates/sales-pipeline.md
@ -307,12 +307,30 @@ These conversations show how the sales pipeline template works in real-world sce
 | Stage | Win Probability | Description |
 |-------|-----------------|-------------|
-| Lead | 20% | Initial contact, not yet qualified |
+| new | 10% | Initial contact, not qualified |
-| Qualified | 40% | BANT criteria confirmed |
+| qualified | 30% | BANT criteria confirmed |
-| Proposal | 50% | Quote or proposal sent |
+| proposal | 50% | Quote or proposal sent |
-| Negotiation | 80% | Active deal discussions |
+| negotiation | 70% | Active deal discussions |
-| Closed Won | 100% | Deal successfully closed |
+| won | 100% | Deal successfully closed |
-| Closed Lost | 0% | Deal lost or abandoned |
+| lost | 0% | Deal lost or abandoned |
 > **Note**: The new unified CRM uses `crm_deals` table with stages: `new`, `qualified`, `proposal`, `negotiation`, `won`, `lost`. Use `department_id` to filter by business unit (e.g., Comercial SP, Inside Sales, Enterprise).
 ## Department Filtering
 Filter deals by business unit using `department_id`:
 ```basic
 ' Filter deals by department
 deals = FIND "crm_deals", "department_id = '" + departmentId + "' AND stage != 'won' AND stage != 'lost'"
 ' Get department stats
 SELECT pd.name, COUNT(cd.id) AS total_deals, COALESCE(SUM(cd.value), 0) AS total_value
 FROM people_departments pd
 LEFT JOIN crm_deals cd ON cd.department_id = pd.id
 WHERE pd.org_id = $1
 GROUP BY pd.id, pd.name
 ```
 ## Template Structure
@ -336,15 +354,23 @@ sales-pipeline.gbai/
 ## Create Deal Tool: create-deal.bas
 > **Updated for CRM v2.5**: Uses unified `crm_deals` table. Include `department_id` to assign to business unit.
 ```basic
 PARAM company AS STRING LIKE "Acme Corp" DESCRIPTION "Company or account name"
 PARAM value AS NUMBER LIKE 50000 DESCRIPTION "Deal value in dollars"
 PARAM close_date AS DATE LIKE "2025-03-31" DESCRIPTION "Expected close date"
 PARAM department_id AS STRING DESCRIPTION "Business unit ID (e.g., Comercial SP)" OPTIONAL
 PARAM contact AS STRING DESCRIPTION "Primary contact name" OPTIONAL
 PARAM notes AS STRING DESCRIPTION "Deal notes" OPTIONAL
 DESCRIPTION "Create a new deal in the sales pipeline"
 ' Get department if not provided
 IF NOT department_id THEN
    department_id = GET USER MEMORY("default_department")
 END IF
 ' Generate deal ID
 dealId = "DEAL-" + FORMAT(NOW(), "YYYY") + "-" + FORMAT(RANDOM(1000, 9999))
--- a/src/08-config/multimodal.md
+++ b/src/08-config/multimodal.md
@ -17,6 +17,7 @@ General Bots integrates with botmodels—a Python service for multimodal AI task
      │ - VIDEO                      │ - Zeroscope
      │ - AUDIO                      │ - TTS/Whisper
      │ - SEE                        │ - BLIP2
      │                              │ - Real-time Audio (S2S)
 ```
 When a BASIC script calls a multimodal keyword, botserver forwards the request to botmodels, which runs the appropriate AI model and returns the generated content.
@ -58,6 +59,13 @@ Add these settings to your bot's `config.csv` file to enable multimodal capabili
 | `video-generator-gpu-layers` | `15` | Layers to offload to GPU |
 | `video-generator-batch-size` | `1` | Batch size for generation |
 ### Real-time Audio (S2S)
 | Key | Default | Description |
 |-----|---------|-------------|
 | `realtime-audio-model` | — | Path to Real-time S2S model |
 | `realtime-audio-enabled` | `false` | Enable real-time audio processing |
 ## Example Configuration
 ```csv
@ -160,6 +168,7 @@ The botmodels service exposes these REST endpoints:
 | `/api/vision/describe` | POST | Describe an image |
 | `/api/vision/describe_video` | POST | Describe a video |
 | `/api/vision/vqa` | POST | Visual question answering |
 | `/api/speech/realtime` | POST | Real-time speech-to-speech interaction |
 | `/api/health` | GET | Health check |
 All endpoints except `/api/health` require the `X-API-Key` header for authentication.
--- a/src/08-config/parameters.md
+++ b/src/08-config/parameters.md
@ -195,6 +195,13 @@ These parameters configure external database connections for use with BASIC keyw
 | `video-generator-gpu-layers` | GPU offload layers | `15` | Number |
 | `video-generator-batch-size` | Batch size | `1` | Number |
 ## Real-time Audio Parameters
 | Parameter | Description | Default | Type |
 |-----------|-------------|---------|------|
 | `realtime-audio-model` | Real-time S2S audio model path | Not set | Path |
 | `realtime-audio-enabled` | Enable real-time audio processing | `false` | Boolean |
 ## BotModels Service Parameters
 | Parameter | Description | Default | Type |
--- a/src/17-autonomous-tasks/README.md
+++ b/src/17-autonomous-tasks/README.md
@ -8,6 +8,20 @@ The AutoTask system uses an LLM-powered intent classifier to understand your req
 ---
 ## Vibe Mode
 For a complete AI-powered development environment, use **Vibe** - the visual interface with multi-agent orchestration.
 ### Vibe Documentation
 - [Vibe Guide](./vibe.md) - Main documentation
 - [Vibe Terminal](./vibe-terminal.md) - Isolated container terminal
 - [Vibe Editor](./vibe-editor.md) - Monaco editor
 - [Vibe Database](./vibe-database.md) - PostgreSQL browser
 - [Vibe Git](./vibe-git.md) - Git operations
 - [Vibe MCP](./vibe-mcp.md) - MCP integrations
 ---
 ## Intent Types
 | Type | Example | What Gets Created |
--- a/src/17-autonomous-tasks/vibe-database.md
+++ b/src/17-autonomous-tasks/vibe-database.md
@ -0,0 +1,164 @@
 # Vibe Database
 Visual PostgreSQL schema browser and SQL editor.
 ![Vibe Database](./assets/vibe/database.png)
 ---
 ## Overview
 Vibe Database provides a visual interface for exploring your bot's PostgreSQL database. View tables, relationships, run queries, and manage data.
 ---
 ## Quick Start
 1. Click **Database** button in Vibe window
 2. Browse tables in left panel
 3. Click table to see schema
 4. Run SQL queries in editor
 ---
 ## Features
 ### Schema Browser
 - List all tables in database
 - View column definitions
 - See data types and constraints
 - View indexes and foreign keys
 ### Table Viewer
 - Browse table data
 - Filter and sort
 - Pagination controls
 - Export to CSV
 ### SQL Editor
 - Write and execute queries
 - Syntax highlighting
 - Query history
 - Results visualization
 ### Relationship Viewer
 - Visual foreign key relationships
 - ER diagram view
 - Click to navigate related tables
 ---
 ## Interface
 ### Left Panel - Tables List
 ```
 📦 customers
  ├─ id (UUID, PK)
  ├─ name (VARCHAR)
  ├─ email (VARCHAR, UNIQUE)
  ├─ created_at (TIMESTAMP)
  └─ updated_at (TIMESTAMP)
 📦 orders
  ├─ id (UUID, PK)
  ├─ customer_id (UUID, FK → customers)
  ├─ total (DECIMAL)
  ├─ status (VARCHAR)
  └─ created_at (TIMESTAMP)
 ```
 ### Main Panel - Table Data
 | id | name | email | created_at |
 |----|------|-------|------------|
 | xxx | John | john@... | 2024-01-01 |
 | xxx | Jane | jane@... | 2024-01-02 |
 ---
 ## SQL Query Examples
 ### Select All
 ```sql
 SELECT * FROM customers;
 ```
 ### Join Tables
 ```sql
 SELECT o.id, c.name, o.total 
 FROM orders o 
 JOIN customers c ON o.customer_id = c.id;
 ```
 ### Insert
 ```sql
 INSERT INTO customers (name, email) 
 VALUES ('New Customer', 'new@example.com');
 ```
 ### Update
 ```sql
 UPDATE customers 
 SET name = 'Updated Name' 
 WHERE id = 'xxx';
 ```
 ### Delete
 ```sql
 DELETE FROM customers 
 WHERE id = 'xxx';
 ```
 ---
 ## Keyboard Shortcuts
 | Shortcut | Action |
 |----------|--------|
 | `Ctrl+Enter` | Execute query |
 | `Ctrl+S` | Save query |
 | `Ctrl+L` | Clear editor |
 | `Ctrl+H` | Toggle history |
 ---
 ## Configuration
 ### Connection Settings
 The database connects using bot configuration:
 - Host: PostgreSQL server
 - Port: 5432
 - Database: `{bot_id}_botserver`
 - User: Configured in bot settings
 ### Query Limits
 - Default: 100 rows
 - Configurable: 10 - 10000 rows
 - Export: Unlimited
 ---
 ## Security
 - Read-only mode available
 - SQL injection protection
 - Query logging for audit
 - Row-level access control
 ---
 ## Troubleshooting
 ### Connection Failed
 - Check PostgreSQL is running
 - Verify bot has database credentials
 - Check network connectivity
 ### Query Error
 - Check SQL syntax
 - Verify table/column names
 - Review error message details
 ### No Tables Visible
 - Bot may have no tables yet
 - AI hasn't generated database schema
 - Try creating app first
--- a/src/17-autonomous-tasks/vibe-editor.md
+++ b/src/17-autonomous-tasks/vibe-editor.md
@ -0,0 +1,147 @@
 # Vibe Editor
 Monaco-powered code editor with full IDE features.
 ![Vibe Editor](./assets/vibe/editor.png)
 ---
 ## Overview
 The Vibe Editor is based on Monaco (the same editor that powers VS Code). It provides a full IDE experience with syntax highlighting, IntelliSense, multi-file editing, and more.
 ---
 ## Features
 ### Syntax Highlighting
 Supports 70+ languages including:
 - JavaScript/TypeScript
 - Python
 - Rust
 - Go
 - HTML/CSS
 - SQL
 - JSON/YAML
 - And many more
 ### IntelliSense
 - Auto-completion
 - Parameter hints
 - Signature help
 - Quick fixes
 ### Multi-Cursor Editing
 - `Ctrl+D` - Select next occurrence
 - `Alt+Click` - Add cursor
 - `Ctrl+Alt+Down` - Add line below
 ### Search & Replace
 - `Ctrl+F` - Find
 - `Ctrl+H` - Replace
 - `Ctrl+Shift+F` - Find in files
 - Regex support enabled
 ### Minimap
 - Code overview on right side
 - Click to navigate
 - Draggable viewport
 ---
 ## Keyboard Shortcuts
 | Shortcut | Action |
 |----------|--------|
 | `Ctrl+S` | Save file |
 | `Ctrl+P` | Quick open file |
 | `Ctrl+Shift+P` | Command palette |
 | `Ctrl+F` | Find |
 | `Ctrl+H` | Replace |
 | `Ctrl+Shift+F` | Find in files |
 | `Ctrl+D` | Select next occurrence |
 | `Alt+Up/Down` | Move line up/down |
 | `Ctrl+/` | Toggle comment |
 | `Ctrl+Shift+K` | Delete line |
 | `Ctrl+Enter` | Insert line below |
 | `Ctrl+Shift+Enter` | Insert line above |
 | `F12` | Go to definition |
 | `Ctrl+Space` | Trigger IntelliSense |
 ---
 ## File Operations
 ### Opening Files
 - Click file in file tree
 - `Ctrl+P` for quick open
 - Drag and drop files
 ### Saving Files
 - `Ctrl+S` to save
 - Auto-save on focus loss
 - Shows unsaved indicator (dot on tab)
 ### Creating Files
 - Right-click in file tree
 - New file button in toolbar
 ---
 ## Workspace
 ### File Tree
 Located on the left side:
 - Expand/collapse folders
 - File icons by type
 - Right-click context menu
 ### Supported File Types
 | Icon | Type |
 |------|------|
 | 📄 | Generic file |
 | 📜 | Script (js, ts, py) |
 | 🎨 | Style (css, scss) |
 | 📦 | Config (json, yaml, toml) |
 | 🔷 | Component (vue, svelte) |
 ---
 ## Configuration
 ### Theme
 - Dark (default)
 - Light
 - High contrast
 ### Font
 - Fira Code (with ligatures)
 - Customizable size
 - Line height control
 ### Editor Settings
 ```json
 {
  "editor.fontSize": 14,
  "editor.fontFamily": "Fira Code",
  "editor.tabSize": 4,
  "editor.minimap.enabled": true,
  "editor.formatOnSave": true
 }
 ```
 ---
 ## Integration
 ### With Vibe Pipeline
 The editor integrates with the Vibe AI pipeline:
 1. AI generates code in editor
 2. Review agent checks code
 3. You can edit manually
 4. Changes tracked in Git
 ### With Terminal
 - `Ctrl+`` - Toggle terminal panel
 - Run code directly from editor
 - See output in terminal
--- a/src/17-autonomous-tasks/vibe-git.md
+++ b/src/17-autonomous-tasks/vibe-git.md
@ -0,0 +1,183 @@
 # Vibe Git
 Git operations integrated with Forgejo ALM.
 ![Vibe Git](./assets/vibe/git.png)
 ---
 ## Overview
 Vibe Git provides visual Git operations for version control of your generated applications. Connect to Forgejo for remote operations.
 ---
 ## Features
 ### Local Operations
 - Initialize repository
 - Stage/unstage files
 - Commit changes
 - View diff
 - Branch management
 ### Remote Operations
 - Push to Forgejo
 - Pull from remote
 - Fetch updates
 - Create pull requests
 ### History
 - Commit log viewer
 - Author and date display
 - Message search
 - File change history
 ---
 ## Interface
 ### Changes Panel
 ```
 Changes:
 M  index.html
 A  styles.css
 D  old-file.js
 Staged (2):
 + styles.css
 M index.html
 ```
 ### Commit History
 ```
 abc1234 (main) Add user authentication - John, 2h ago
 def5678 Fix login validation      - Jane, 5h ago
 ghi9012 Initial commit            - John, 1d ago
 ```
 ---
 ## Quick Start
 ### 1. Initialize Repository
 ```bash
 git init
 ```
 ### 2. Add Files
 ```bash
 git add .
 ```
 ### 3. Commit
 ```bash
 git commit -m "Initial commit"
 ```
 ### 4. Connect to Remote
 ```bash
 git remote add origin https://forgejo.example/user/repo.git
 git push -u origin main
 ```
 ---
 ## Git Commands
 ### Status
 ```bash
 git status
 ```
 ### Add Files
 ```bash
 # Add specific file
 git add file.txt
 # Add all changes
 git add -A
 ```
 ### Commit
 ```bash
 git commit -m "Your message"
 ```
 ### Push
 ```bash
 git push origin main
 ```
 ### Pull
 ```bash
 git pull origin main
 ```
 ### Branch
 ```bash
 # List branches
 git branch
 # Create branch
 git branch feature-name
 # Switch branch
 git checkout feature-name
 # Create and switch
 git checkout -b feature-name
 ```
 ### Merge
 ```bash
 git merge feature-name
 ```
 ---
 ## Forgejo Integration
 ### Configure Remote
 ```
 Remote URL: https://forgejo.example/owner/repo.git
 Username:   Your Forgejo username
 Token:      Your API token
 ```
 ### Create Pull Request
 1. Push branch to Forgejo
 2. Click "Create PR" button
 3. Fill title and description
 4. Submit
 ---
 ## Keyboard Shortcuts
 | Shortcut | Action |
 |----------|--------|
 | `Ctrl+S` | Stage current file |
 | `Ctrl+Shift+S` | Stage all |
 | `Ctrl+C` | Commit |
 | `Ctrl+P` | Push |
 | `Ctrl+U` | Pull |
 ---
 ## Troubleshooting
 ### Push Failed
 - Check remote URL is correct
 - Verify Forgejo credentials
 - Check network connectivity
 ### Merge Conflicts
 - View conflicting files
 - Edit to resolve
 - Stage and commit
 ### Empty History
 - Repository may be new
 - Check correct directory
 - Verify .git exists
--- a/src/17-autonomous-tasks/vibe-mcp.md
+++ b/src/17-autonomous-tasks/vibe-mcp.md
@ -0,0 +1,181 @@
 # Vibe MCP
 Model Context Protocol integrations for extended AI capabilities.
 ![Vibe MCP](./assets/vibe/mcp.png)
 ---
 ## Overview
 MCP (Model Context Protocol) allows Vibe to connect to external tools and services. Extend AI capabilities with databases, APIs, and custom tools.
 ---
 ## What is MCP?
 MCP is a protocol that lets AI models interact with external systems:
 - **Filesystem** - Read/write local files
 - **Database** - Query databases directly
 - **HTTP** - Make API requests
 - **Custom** - Your own tools
 ---
 ## Supported Integrations
 ### Filesystem
 ```json
 {
  "name": "filesystem",
  "type": "stdio",
  "command": "npx",
  "args": ["-y", "@modelcontextprotocol/server-filesystem", "/path/to/dir"]
 }
 ```
 ### PostgreSQL
 ```json
 {
  "name": "postgres",
  "type": "stdio", 
  "command": "npx",
  "args": ["-y", "@modelcontextprotocol/server-postgres", "postgres://user:pass@localhost/db"]
 }
 ```
 ### Browser Automation
 ```json
 {
  "name": "browser",
  "type": "stdio",
  "command": "npx",
  "args": ["-y", "@modelcontextprotocol/server-puppeteer"]
 }
 ```
 ---
 ## Configuration
 ### Add MCP Server
 1. Go to **Sources → MCP**
 2. Click **Add Server**
 3. Select server type or enter custom
 4. Configure connection
 5. Save and connect
 ### Server Types
 | Type | Description |
 |------|-------------|
 | `stdio` | Local command-line tool |
 | `sse` | Server-Sent Events endpoint |
 | `websocket` | WebSocket connection |
 ---
 ## Using MCP Tools
 ### In Vibe Chat
 ```
 User: Show me all orders from the database
 AI: (uses postgres MCP to query)
 Orders:
 | id | customer | total |
 |----|----------|-------|
 | 1  | John     | 99.00 |
 ```
 ### Available Actions
 - **Read** - Query data
 - **Write** - Insert/Update/Delete
 - **Search** - Full-text search
 - **Analyze** - Run computations
 ---
 ## MCP Panel
 Access MCP panel in Vibe:
 1. Click **MCP** button in toolbar
 2. View connected servers
 3. Test tools
 4. View logs
 ---
 ## Creating Custom MCP Server
 ### 1. Create Server Script
 ```javascript
 // my-server.js
 const { Server } = require('@modelcontextprotocol/sdk/server');
 const { StdioServerTransport } = require('@modelcontextprotocol/sdk/server/stdio');
 const server = new Server({
  name: 'my-custom-server',
  version: '1.0.0'
 }, {
  capabilities: {
    tools: {}
  }
 });
 server.setRequestHandler('tools/list', async () => {
  return {
    tools: [{
      name: 'my_tool',
      description: 'Does something useful',
      inputSchema: {
        type: 'object',
        properties: {
          param: { type: 'string' }
        }
      }
    }]
  };
 });
 server.setRequestHandler('tools/call', async (request) => {
  const { name, arguments: args } = request.params;
  if (name === 'my_tool') {
    return { content: [{ type: 'text', text: 'Result' }] };
  }
 });
 const transport = new StdioServerTransport();
 await server.connect(transport);
 ```
 ### 2. Register in Vibe
 ```json
 {
  "name": "my-server",
  "type": "stdio",
  "command": "node",
  "args": ["/path/to/my-server.js"]
 }
 ```
 ---
 ## Troubleshooting
 ### Connection Failed
 - Check server is installed
 - Verify command/path
 - Check logs for errors
 ### Tool Not Working
 - Verify input format
 - Check server logs
 - Test with simpler parameters
 ### Server Not Listed
 - Restart Vibe
 - Check configuration
 - Review server status
--- a/src/17-autonomous-tasks/vibe-terminal.md
+++ b/src/17-autonomous-tasks/vibe-terminal.md
@ -0,0 +1,113 @@
 # Vibe Terminal
 Full-featured terminal with isolated LXC containers for each session.
 ![Vibe Terminal](./assets/vibe/terminal.png)
 ---
 ## Overview
 The Vibe terminal provides an isolated Ubuntu 22.04 container for each session. Your commands run in a secure, sandboxed environment that is automatically created on connect and destroyed on disconnect.
 ---
 ## Quick Start
 1. Click **Terminal** icon on desktop or in Vibe window
 2. Terminal connects to a new LXC container
 3. Type commands as normal bash shell
 ```bash
 $ pwd
 /root
 $ whoami
 root
 $ uname -a
 Linux term-abc123 5.15.0 #1 SMP x86_64 GNU/Linux
 ```
 ---
 ## Features
 ### Isolated Containers
 - Each terminal session gets its own Ubuntu 22.04 container
 - Containers are ephemeral - destroyed on disconnect
 - Full root access within container
 ### 256-Color Support
 - Full xterm-256color support
 - Works with vim, tmux, htop, etc.
 ### WebSocket Protocol
 - Connects via WebSocket for real-time I/O
 - Automatic reconnection on disconnect
 - Session persistence during network issues
 ---
 ## API Endpoints
 | Method | Endpoint | Description |
 |--------|----------|-------------|
 | `WS` | `/api/terminal/ws?session_id=xxx` | Terminal WebSocket |
 | `GET` | `/api/terminal/list` | List active terminals |
 | `POST` | `/api/terminal/create` | Create new terminal |
 | `POST` | `/api/terminal/kill` | Kill terminal session |
 ### WebSocket Commands
 Send text to execute commands:
 ```
 ls -la
 ```
 Special commands:
 - `resize COLS ROWS` - Resize terminal
 - `exit` - Close terminal session
 ---
 ## Configuration
 ### Container Settings
 The terminal uses these LXC commands:
 - `lxc launch ubuntu:22.04 {name}` - Create container
 - `lxc exec {name} -- bash` - Execute shell
 - `lxc stop {name} -f` - Stop container
 - `lxc delete {name} -f` - Delete container
 ### Environment Variables
 | Variable | Default | Description |
 |----------|---------|-------------|
 | `TERM` | `xterm-256color` | Terminal type |
 ---
 ## Troubleshooting
 ### Connection Failed
 - Check that LXC is installed and running
 - Verify network connectivity
 - Check botserver logs for errors
 ### Container Won't Start
 - Ensure LXC daemon is running: `systemctl status lxc`
 - Check LXC configuration: `lxc list`
 - Review container logs: `lxc info {name}`
 ### Commands Not Working
 - Container may have been destroyed - reconnect
 - Check WebSocket connection status
 ---
 ## Security
 - Container names are sanitized (alphanumeric + dash only)
 - Containers are isolated from host network by default
 - Sessions are cleaned up on disconnect
 - No persistent storage between sessions
--- a/src/17-autonomous-tasks/vibe.md
+++ b/src/17-autonomous-tasks/vibe.md
@ -0,0 +1,148 @@
 # Vibe - AI-Powered Development Environment
 Vibe is the autonomous coding mode that transforms your development workflow. Describe what you want to build, and AI agents create it automatically.
 ![Vibe Architecture](./assets/vibe/vibe-architecture.png)
 ---
 ## Quick Start
 1. Click **Vibe** icon on desktop
 2. Describe your project in the chat
 3. Watch agents build, review, and deploy
 ```bash
 # Example: Create an e-commerce app
 "Build an e-commerce app for handmade crafts with shopping cart"
 ```
 ---
 ## Pipeline Stages
 | Stage | Agent | Description |
 |-------|-------|-------------|
 | **PLAN** | Architect | Analyzes requirements, creates spec |
 | **BUILD** | Developer | Generates code, creates database |
 | **REVIEW** | Reviewer | Security scan, quality checks |
 | **DEPLOY** | DevOps | Pushes to Forgejo, deploys |
 | **MONITOR** | QA | Runs tests, validates |
 ---
 ## Features
 ### Monaco Editor
 - Full IDE editing with syntax highlighting
 - Multi-file workspace support
 - File tree navigation
 ### Database UI
 - Visual PostgreSQL schema browser
 - SQL query editor
 - Table relationship viewer
 ### Git Operations
 - Branch management
 - Commit history
 - Pull/push to Forgejo
 ### Terminal
 - Isolated LXC container per session
 - Full shell access
 - Persistent workspace
 ### Browser Automation
 - Chromiumoxide integration
 - Visual test runner
 - Screenshot capture
 ### MCP Integration
 - Connect external tools
 - AI model integration
 - Custom tool definitions
 ---
 ## BYOK (Bring Your Own Key)
 Configure your own LLM API keys in **Sources → API Keys**:
 - OpenAI
 - Anthropic (Claude)
 - Google Gemini
 - Azure OpenAI
 - OpenAI Compatible
 ---
 ## Use Cases
 ### 1. Rapid Prototyping
 ```bash
 "Create a CRM with contacts, leads, and deal pipeline"
 ```
 ### 2. Full-Stack Apps
 ```bash
 "Build an e-commerce store with cart, checkout, and Stripe payments"
 ```
 ### 3. Internal Tools
 ```bash
 "Make an employee onboarding checklist app with approvals"
 ```
 ### 4. Data Dashboards
 ```bash
 "Create a sales analytics dashboard with charts and exports"
 ```
 ---
 ## Architecture
 ```
 ┌─────────────────────────────────────────────────────────┐
 │                     Vibe UI                              │
 │  ┌─────────┐  ┌─────────┐  ┌─────────┐  ┌─────────┐    │
 │  │  PLAN   │→ │  BUILD  │→ │ REVIEW  │→ │ DEPLOY  │    │
 │  └─────────┘  └─────────┘  └─────────┘  └─────────┘    │
 └─────────────────────────────────────────────────────────┘
                           ↓
 ┌─────────────────────────────────────────────────────────┐
 │               Orchestrator (5 Agents)                    │
 │  Architect → Developer → Reviewer → QA → DevOps          │
 └─────────────────────────────────────────────────────────┘
                           ↓
 ┌─────────────────────────────────────────────────────────┐
 │                    BotServer                             │
 │  - AppGenerator (code gen)                             │
 │  - Database Manager                                    │
 │  - File System                                         │
 └─────────────────────────────────────────────────────────┘
 ```
 ---
 ## Keyboard Shortcuts
 | Shortcut | Action |
 |----------|--------|
 | `Ctrl+S` | Save file |
 | `Ctrl+P` | Quick open |
 | `Ctrl+Shift+P` | Command palette |
 | `Ctrl+`` | Toggle terminal |
 ---
 ## Related Documentation
 - [Vibe Terminal](./vibe-terminal.md) - Isolated container terminal
 - [Vibe Editor](./vibe-editor.md) - Monaco editor guide
 - [Vibe Database](./vibe-database.md) - Database UI
 - [Vibe Git](./vibe-git.md) - Git operations
 - [Vibe MCP](./vibe-mcp.md) - MCP integrations
 - [Designer](./designer.md) - Visual app editor
 - [App Generation](./app-generation.md) - Code generation
--- a/src/23-security/endpoint-checklist.md
+++ b/src/23-security/endpoint-checklist.md
@ -0,0 +1,65 @@
 # Endpoint Security Checklist
 When adding new endpoints to the `.gbai` and BotServer APIs, ensure you adhere to this standard security checklist. All state-changing endpoints (those using `POST`, `PUT`, `PATCH`, or `DELETE` methods) must be protected against common Web vulnerabilities, including CSRF.
 ## 1. CSRF Protection for State-Changing Endpoints
 Cross-Site Request Forgery (CSRF) protection must be applied to any endpoint that alters system state. Evaluate if the endpoint falls under one of the following exemptions:
 *   **Exemptions:**
    *   API endpoints exclusively utilizing **Bearer Token** authentication (stateless requests that do not rely on cookies).
    *   Webhooks from external systems that provide their own authentication mechanisms (e.g., HMAC signatures like WhatsApp/Meta).
    *   Publicly fully accessible endpoints that do not affect any user data or system state.
 *   **Requirements:**
    *   All web-facing or cookie-authenticated endpoints must enforce CSRF checks.
    *   Tokens must be bound to the user session.
    *   Utilize double-submit cookie pattern or header-based token verification via the `CsrfManager`.
 ## 2. Authentication & Authorization (RBAC) Requirements
 Do not expose new endpoints without explicitly defining their necessary permissions.
 *   Ensure the endpoint is behind the `require_authentication_middleware` or similar authentication flow unless it is strictly intended to be public (e.g., `/api/auth/login`).
 *   Assign appropriate RBAC (Role-Based Access Control) permissions and ensure `require_role_middleware` is validated.
 *   Validate resource ownership. If a user tries to edit or delete an entity (e.g., a Bot, Document, or File), the backend must confirm they own the entity or possess tenant/admin privileges.
 ## 3. Strict Security Headers
 All HTTP responses returning HTML content must include standard security headers.
 *   Ensure the router uses `security_headers_middleware`.
 *   Mandatory Headers:
    *   `Content-Security-Policy`: Must clearly restrict `script-src`, `connect-src`, and `frame-ancestors`.
    *   `X-Frame-Options: DENY` (or `SAMEORIGIN` if absolutely necessary for the suite).
    *   `X-Content-Type-Options: nosniff`.
    *   `Strict-Transport-Security` (HSTS).
    *   `Referrer-Policy: strict-origin-when-cross-origin`.
 ## 4. Input Validation & Sanitization
 Do not rely exclusively on client-side validation.
 *   Validate the schema, length, and format of all incoming request payloads (`JSON`, `Query`, `Form`).
 *   Sanitize inputs that might be used inside SQL queries, though using ORMs (like Diesel) or parameterized queries safely mitigates straightforward SQL injection. Avoid dynamic SQL string formatting.
 *   Sanitize any output bound for HTML parsing to prevent Stored or Reflected XSS.
 ## 5. Rate Limiting
 Endpoints must prevent brute force and DDoS abuse.
 *   Apply or ensure that globally the `rate_limit_middleware` covers the new route.
 *   Authentication endpoints (like login forms) should have significantly stricter rate limits.
 *   Consider adding secondary quotas per underlying resource if dealing with expensive generation tasks (like LLM interactions).
 ## 6. Secure Error Handling
 Never leak internal traces or paths.
 *   Do not `unwrap()`, `expect()`, or `panic!()`. Use Rust's `?` operator.
 *   Use `ErrorSanitizer` logic, or return generalized application errors like `(StatusCode::INTERNAL_SERVER_ERROR, "An internal error occurred")` instead of specific database schema details.
 ---
 ### Process for Review
 When submitting a PR incorporating new endpoints, mention that you have completed this checklist in your PR description.
--- a/src/SUMMARY.md
+++ b/src/SUMMARY.md
@ -324,6 +324,7 @@
  - [Hybrid RAG Search](./11-features/hybrid-search.md)
  - [Transfer to Human](./11-features/transfer-to-human.md)
  - [LLM-Assisted Attendant](./11-features/attendant-llm-assist.md)
  - [Attendance Suite](./attendance.md)
 # Part XI - Security
@ -352,6 +353,7 @@
  - [Protection Tools](./23-security/protection-tools.md)
  - [SOC 2 Compliance](./23-security/soc2-compliance.md)
  - [Security Matrix Reference](./23-security/security-matrix.md)
  - [Endpoint Security Checklist](./23-security/endpoint-checklist.md)
 # Part XII - Device & Offline Deployment
--- a/src/attendance.md
+++ b/src/attendance.md