diff --git a/botserver b/botserver index ad4aca2..13892b3 160000 --- a/botserver +++ b/botserver @@ -1 +1 @@ -Subproject commit ad4aca21ffec3de5db510317aa1e366a15c50499 +Subproject commit 13892b315722e958c063cf8e92bb69c38b1c23a9 diff --git a/botui b/botui index b01a02d..97d2a93 160000 --- a/botui +++ b/botui @@ -1 +1 @@ -Subproject commit b01a02d396b941151000126a708b5e886b3b36da +Subproject commit 97d2a934a9fa372285f5dbf64e3bb0cec67f660c diff --git a/crm2_setup.sql b/crm2_setup.sql new file mode 100644 index 0000000..249cb2a --- /dev/null +++ b/crm2_setup.sql @@ -0,0 +1,93 @@ +-- ============================================ +-- CRM v2 - Unified Deals Table +-- Execute: psql -h localhost -U gbuser -d botserver -f crm2_setup.sql +-- ============================================ + +-- 1. Drop old tables (never used in production) +DROP TABLE IF EXISTS crm_leads CASCADE; +DROP TABLE IF EXISTS crm_opportunities CASCADE; + +-- 2. Create domain: segments +CREATE TABLE crm_deal_segments ( + id uuid PRIMARY KEY DEFAULT gen_random_uuid(), + org_id uuid NOT NULL, + bot_id uuid NOT NULL, + name varchar(50) NOT NULL, + description varchar(255), + created_at timestamptz DEFAULT now() +); + +-- Insert default segments +INSERT INTO crm_deal_segments (org_id, bot_id, name) +SELECT org_id, bot_id, name FROM crm_pipeline_stages LIMIT 1; + +-- 3. Create main deals table +CREATE TABLE crm_deals ( + -- πŸ†” Key + id uuid PRIMARY KEY DEFAULT gen_random_uuid(), + org_id uuid NOT NULL, + bot_id uuid NOT NULL, + + -- πŸ”— Links to Contact/Account (NO DUPLICATE!) + contact_id uuid REFERENCES crm_contacts(id), + account_id uuid REFERENCES crm_accounts(id), + + -- πŸ”— Owner/Team (FK to users) + owner_id uuid REFERENCES users(id), + assignedto_id uuid REFERENCES users(id), + am_id uuid REFERENCES users(id), + + -- πŸ’° Deal + description text, + value numeric(15,2), + + -- πŸ“Š Pipeline (use existing crm_pipeline_stages!) + stage_id uuid REFERENCES crm_pipeline_stages(id), + probability integer DEFAULT 0, + + -- 🎯 Classification + source varchar(50), -- EMAIL, CALL, WEBSITE, REFERAL + segment_id uuid REFERENCES crm_deal_segments(id), + territory varchar(30), + + -- πŸ“… Dates + expected_close_date date, + period integer, -- 1=manhΓ£, 2=tarde, 3=noite (or hour 1-24) + deal_date date, + created_at timestamptz DEFAULT now(), + updated_at timestamptz, + + -- 🌐 Social + linkedin varchar(100), + facebook varchar(80), + twitter varchar(30), + instagram varchar(50), + + -- πŸ“ Notes (only current, history goes to crm_activities) + notes text, + + -- 🏷️ Tags + tags text[], + + -- πŸ” Flags + hard_to_find boolean DEFAULT false, + + -- πŸ“¦ Custom Fields (remaining ~50 fields from gb.rob) + custom_fields jsonb DEFAULT '{}' +); + +-- 4. Add deal_id to crm_activities (for history migration) +ALTER TABLE crm_activities ADD COLUMN IF NOT EXISTS deal_id uuid REFERENCES crm_deals(id); + +-- 5. Create indexes +CREATE INDEX idx_crm_deals_org_bot ON crm_deals(org_id, bot_id); +CREATE INDEX idx_crm_deals_contact ON crm_deals(contact_id); +CREATE INDEX idx_crm_deals_account ON crm_deals(account_id); +CREATE INDEX idx_crm_deals_stage ON crm_deals(stage_id); +CREATE INDEX idx_crm_deals_owner ON crm_deals(owner_id); +CREATE INDEX idx_crm_deals_source ON crm_deals(source); +CREATE INDEX idx_crm_deals_company ON crm_deals(company); + +-- 6. Grant permissions +GRANT ALL ON crm_deals TO gbuser; +GRANT ALL ON crm_deal_segments TO gbuser; diff --git a/import_csv.py b/import_csv.py new file mode 100644 index 0000000..90f11e9 --- /dev/null +++ b/import_csv.py @@ -0,0 +1,112 @@ +import os +import sys +import csv +import json +import urllib.request +import urllib.parse + +# Config +BOT_NAME = "pragmatismogb" +API_URL = "http://localhost:8080" +LOGIN_USER = os.getenv("CRM_USER", "admin") +LOGIN_PASS = os.getenv("CRM_PASS", "admin") + +def login(): + print(f"Logging in to {API_URL} as {LOGIN_USER}...") + req = urllib.request.Request(f"{API_URL}/api/auth/login", + data=json.dumps({"email": LOGIN_USER, "password": LOGIN_PASS}).encode("utf-8"), + headers={"Content-Type": "application/json"}) + try: + with urllib.request.urlopen(req) as response: + if response.status == 200: + body = json.loads(response.read().decode('utf-8')) + token = body.get("token") or body.get("access_token") + # Alternatively check for Set-Cookie header + cookie = response.getheader("Set-Cookie") + if token: + print("Login successful (Got Token)") + return {"type": "bearer", "value": token} + elif cookie: + print("Login successful (Got Cookie)") + return {"type": "cookie", "value": cookie.split(';')[0]} + else: + return {"type": "bearer", "value": ""} # Unknown state + else: + print(f"Login failed: {response.status}") + sys.exit(1) + except Exception as e: + print(f"Login failed: {e}") + return None + +def import_csv(auth, leads_file, opps_file): + headers = {"bot-name": BOT_NAME, "Content-Type": "application/json"} + if auth: + if auth["type"] == "bearer": + headers["Authorization"] = f"Bearer {auth['value']}" + elif auth["type"] == "cookie": + headers["Cookie"] = auth["value"] + + # Import leads + try: + with open(leads_file, "r") as f: + reader = csv.DictReader(f) + for row in reader: + val_str = row.get("value", "").strip() + val = float(val_str) if val_str else 0.0 + payload = { + "title": row.get("title", ""), + "description": row.get("description", ""), + "value": val, + "currency": row.get("currency", "USD"), + "source": row.get("source", "") + } + + req = urllib.request.Request(f"{API_URL}/api/crm/leads", + data=json.dumps(payload).encode("utf-8"), + headers=headers, + method="POST") + try: + with urllib.request.urlopen(req) as response: + print(f"[+] Created lead: {payload['title']} -> {response.status}") + except Exception as e: + print(f"[-] Failed lead: {payload['title']} -> {e}") + except FileNotFoundError: + print(f"Could not find {leads_file}") + + # Import opps + try: + with open(opps_file, "r") as f: + reader = csv.DictReader(f) + for row in reader: + val_str = row.get("value", "").strip() + val = float(val_str) if val_str else 0.0 + pr_str = row.get("probability", "").strip() + pr = int(pr_str) if pr_str else 25 + payload = { + "name": row.get("name", ""), + "description": row.get("description", ""), + "value": val, + "currency": row.get("currency", "USD"), + "stage": row.get("stage", "qualification"), + "probability": pr + } + + req = urllib.request.Request(f"{API_URL}/api/crm/opportunities", + data=json.dumps(payload).encode("utf-8"), + headers=headers, + method="POST") + try: + with urllib.request.urlopen(req) as response: + print(f"[+] Created opportunity: {payload['name']} -> {response.status}") + except Exception as e: + print(f"[-] Failed opportunity: {payload['name']} -> {e}") + except FileNotFoundError: + print(f"Could not find {opps_file}") + +if __name__ == "__main__": + if len(sys.argv) < 3: + print("Usage: python3 import_csv.py ") + sys.exit(1) + + auth_data = login() + import_csv(auth_data, sys.argv[1], sys.argv[2]) diff --git a/migrate_gb_rob.py b/migrate_gb_rob.py new file mode 100644 index 0000000..a539cc1 --- /dev/null +++ b/migrate_gb_rob.py @@ -0,0 +1,422 @@ +#!/usr/bin/env python3 +""" +Migration script: gb.rob -> crm_deals + crm_activities +Execute: python3 migrate_gb_rob.py +""" +import os +import re +import json +from datetime import datetime +from decimal import Decimal + +import psycopg2 +from psycopg2 import extras + +# Database connection +conn = psycopg2.connect( + host="localhost", + database="botserver", + user="gbuser" +) +conn.autocommit = False +cur = conn.cursor() + +def parse_history_to_activities(history_text, deal_id, org_id, bot_id, owner_id): + """Parse history field into crm_activities""" + if not history_text: + return [] + + activities = [] + # Pattern: "DD/MM/YYYY: description" or "DD/MM/YYYY - description" + pattern = r'(\d{2}/\d{2}/\d{4})[;:]?\s*(.+?)(?=\d{2}/\d{2}/\d{4}|$)' + + for match in re.finditer(pattern, str(history_text), re.DOTALL): + date_str = match.group(1) + description = match.group(2).strip() + + try: + due_date = datetime.strptime(date_str, '%d/%m/%Y') + except: + due_date = None + + # Determine activity type from description + activity_type = 'call' + if 'email' in description.lower() or 'mail' in description.lower(): + activity_type = 'email' + elif 'wpp' in description.lower() or 'whatsapp' in description.lower(): + activity_type = 'whatsapp' + elif 'reuniΓ£o' in description.lower() or 'reuniao' in description.lower() or 'meeting' in description.lower(): + activity_type = 'meeting' + + # Determine outcome + outcome = None + desc_lower = description.lower() + if 'enviad' in desc_lower or 'enviado' in desc_lower: + outcome = 'sent' + elif 'recebid' in desc_lower: + outcome = 'received' + elif 'interesse' in desc_lower and 'nΓ£o' in desc_lower: + outcome = 'not_interested' + elif 'agend' in desc_lower: + outcome = 'scheduled' + + activities.append({ + 'org_id': org_id, + 'bot_id': bot_id, + 'deal_id': deal_id, + 'activity_type': activity_type, + 'subject': f"Follow-up: {description[:50]}", + 'description': description, + 'due_date': due_date, + 'outcome': outcome, + 'owner_id': owner_id, + 'created_at': datetime.now() + }) + + return activities + + +def get_stage_id(stage_name): + """Get stage_id from crm_pipeline_stages""" + cur.execute( + "SELECT id FROM crm_pipeline_stages WHERE LOWER(name) = %s", + (stage_name.lower(),) + ) + result = cur.fetchone() + return result[0] if result else None + + +def get_user_id(username): + """Get user_id from username""" + if not username: + return None + cur.execute( + "SELECT id FROM users WHERE username = %s", + (str(username).strip(),) + ) + result = cur.fetchone() + return result[0] if result else None + + +def get_segment_id(segment_name, org_id, bot_id): + """Get or create segment_id""" + if not segment_name: + return None + + # Try to find existing + cur.execute( + "SELECT id FROM crm_deal_segments WHERE LOWER(name) = %s", + (str(segment_name).lower(),) + ) + result = cur.fetchone() + if result: + return result[0] + + # Create new + cur.execute(""" + INSERT INTO crm_deal_segments (org_id, bot_id, name) + VALUES (%s, %s, %s) + RETURNING id + """, (org_id, bot_id, str(segment_name).strip())) + return cur.fetchone()[0] + + +def migrate_rob_to_deals(): + """Main migration function""" + print("πŸ”„ Starting migration...") + + # Get default org_id and bot_id + cur.execute("SELECT org_id, id FROM bots LIMIT 1") + bot_row = cur.fetchone() + bot_id = bot_row[1] + + cur.execute("SELECT org_id FROM organizations LIMIT 1") + org_id = cur.fetchone()[0] + + # Check if gb.rob exists + cur.execute(""" + SELECT table_name FROM information_schema.tables + WHERE table_schema = 'gb' AND table_name = 'rob' + """) + if not cur.fetchone(): + print("⚠️ Table gb.rob not found!") + print(" Checking if it's in public schema...") + + cur.execute(""" + SELECT table_name FROM information_schema.tables + WHERE table_name = 'rob' + """) + result = cur.fetchone() + if not result: + print("❌ Table rob not found in any schema") + return + + schema = 'public' + print(f"βœ… Found table in schema: {schema}") + else: + schema = 'gb' + + table_name = f"{schema}.rob" if schema != 'public' else 'rob' + + print(f"πŸ“‹ Reading from table: {table_name}") + + # Get column names + cur.execute(f""" + SELECT column_name FROM information_schema.columns + WHERE table_name = 'rob' AND table_schema = '{schema}' + ORDER BY ordinal_position + """) + columns = [row[0] for row in cur.fetchall()] + print(f" Columns: {len(columns)}") + + # Fetch all rows + cur.execute(f"SELECT * FROM {table_name}") + rows = cur.fetchall() + print(f" Rows to migrate: {len(rows)}") + + # Create column index map + col_map = {col: i for i, col in enumerate(columns)} + + migrated = 0 + activities_created = 0 + + for row in rows: + try: + # Extract fields using column map + company = row[col_map.get('company')] + contact = row[col_map.get('contact')] + email = row[col_map.get('email')] + phone = row[col_map.get('phone')] + mobile = row[col_map.get('mobile')] + website = row[col_map.get('website')] + address = row[col_map.get('address')] + city = row[col_map.get('city')] + state = row[col_map.get('state')] + country = row[col_map.get('country')] + notes = row[col_map.get('notes')] + history = row[col_map.get('history')] + action = row[col_map.get('action')] + segment = row[col_map.get('segment')] + segment1 = row[col_map.get('segment1')] + territory = row[col_map.get('territory')] + linkedin = row[col_map.get('linkedin')] + facebook = row[col_map.get('facebook')] + twitter = row[col_map.get('twitter')] + hard_to_find = row[col_map.get('hard_to_find')] + value = row[col_map.get('value')] + chance = row[col_map.get('chance')] + period = row[col_map.get('period')] + assignedto = row[col_map.get('assignedto')] + am = row[col_map.get('am')] + robid = row[col_map.get('robid')] + created = row[col_map.get('created')) + updated_at = row[col_map.get('updated_at')) + + # Parse name from contact + first_name = None + last_name = None + if contact: + contact_str = str(contact).strip() + if ' ' in contact_str: + parts = contact_str.split(None, 1) + first_name = parts[0] + last_name = parts[1] if len(parts) > 1 else None + else: + first_name = contact_str + + # Map action to stage + action_map = { + 'lead': 'new', + 'desqualified': 'lost', + 'qualified': 'qualified', + 'email': 'new', + 'call': 'new', + 'schedule': 'qualified', + 'poc': 'proposal', + 'win': 'won', + 'recover': 'qualified', + 'wait': 'negotiation', + 'find': 'new', + 'emul_asked': 'new', + 'emul': 'new', + 'close': 'won', + 'recovered': 'qualified' + } + stage_name = action_map.get(str(action).lower().strip(), 'new') + stage_id = get_stage_id(stage_name) + + # Get owner_id from assignedto + owner_id = get_user_id(assignedto) + + # Get am_id + am_id = get_user_id(am) + + # Get segment_id + segment_id = get_segment_id(segment1, org_id, bot_id) + + # Parse period (hour or morning/afternoon) + period_val = None + if period: + period_str = str(period).lower().strip() + if period_str.isdigit(): + period_val = int(period_str) + elif 'manhΓ£' in period_str or 'manha' in period_str: + period_val = 1 + elif 'tarde' in period_str: + period_val = 2 + elif 'noite' in period_str: + period_val = 3 + + # Parse value + deal_value = None + if value: + try: + deal_value = Decimal(str(value)) + except: + pass + + # Parse chance to probability + probability = 0 + if chance: + chance_str = str(chance).lower() + if 'alta' in chance_str: + probability = 80 + elif 'mΓ©dia' in chance_str or 'media' in chance_str: + probability = 50 + elif 'baixa' in chance_str: + probability = 20 + + # Parse created timestamp + created_at = datetime.now() + if created: + try: + created_at = datetime.fromtimestamp(int(created)) + except: + try: + created_at = datetime.strptime(str(created), '%Y-%m-%d') + except: + pass + + # Updated at + updated_at_val = updated_at if updated_at else datetime.now() + + # Generate deal_id + deal_id = extras.uuid.uuid4() + + # Build custom_fields with remaining columns + custom_fields = {} + remaining_cols = [ + 'segment', 'segment1', 'segment2', 'networking', + 'tech', 'bot', 'template', 'legalname', + 'questions', 'features', + 'partner', 'partnercontact', + 'revenue', 'once', 'recurrence', + 'employees', 'poc', + 'talk', 'mail', + 'mkt7', 'mkt8', 'mkt9', + 'video_sent', 'prp_sent', 'emulator', + 'CTOFound', 'priority', 'llm_notes', + 'detailedsegment', 'assessment', + 'address1', 'address2', 'address3', 'state_1', 'cep', + 'fax', 'video_1', 'specialistazureappsinfra', + 'specialistazuredataai', 'azurecloudacqspecialist', + 'cloudsolutionmw', 'cloudacqspecialistmw', + 'cloudsolutionbizapps', 'cloudacqspecialistbizapps', + 'cloudsolutionarchitectsappsinfra', 'cloudsolutionarchitectsdataai' + ] + + for col in remaining_cols: + if col in col_map: + val = row[col_map[col]] + if val is not None: + custom_fields[col] = val + + # Insert deal + cur.execute(""" + INSERT INTO crm_deals ( + id, org_id, bot_id, + contact_id, account_id, + owner_id, assignedto_id, am_id, + description, value, + stage_id, probability, + source, segment_id, territory, + linkedin, facebook, twitter, + notes, + hard_to_find, period, + custom_fields, + created_at, updated_at + ) VALUES ( + %s, %s, %s, + NULL, NULL, + %s, %s, %s, + %s, %s, + %s, %s, + %s, %s, %s, + %s, %s, %s, + %s, + %s, %s, + %s, + %s, %s + ) + """, ( + deal_id, org_id, bot_id, + None, None, + owner_id, owner_id, am_id, + notes, deal_value, + stage_id, probability, + action, segment_id, territory, + linkedin, facebook, twitter, + notes, + hard_to_find if hard_to_find else False, + period_val, + json.dumps(custom_fields) if custom_fields else '{}', + created_at, updated_at_val + )) + + # Migrate history to activities + activities = parse_history_to_activities(history, deal_id, org_id, bot_id, owner_id) + + for activity in activities: + cur.execute(""" + INSERT INTO crm_activities ( + id, org_id, bot_id, deal_id, + activity_type, subject, description, + due_date, outcome, owner_id, created_at + ) VALUES ( + %s, %s, %s, %s, + %s, %s, %s, + %s, %s, %s, %s + ) + """, ( + extras.uuid.uuid4(), + activity['org_id'], activity['bot_id'], deal_id, + activity['activity_type'], activity['subject'], activity['description'], + activity['due_date'], activity['outcome'], activity['owner_id'], + activity['created_at'] + )) + activities_created += 1 + + migrated += 1 + + if migrated % 10 == 0: + print(f" Migrated {migrated} deals...") + + except Exception as e: + print(f" ⚠️ Error on row {migrated}: {e}") + continue + + conn.commit() + print(f"βœ… Migration complete!") + print(f" Deals migrated: {migrated}") + print(f" Activities created: {activities_created}") + + +if __name__ == "__main__": + try: + migrate_rob_to_deals() + except Exception as e: + print(f"❌ Migration failed: {e}") + conn.rollback() + finally: + cur.close() + conn.close() diff --git a/out.txt b/out.txt deleted file mode 100644 index 6ff9eec..0000000 --- a/out.txt +++ /dev/null @@ -1,8 +0,0 @@ -data: {"candidates": [{"content": {"role": "model","parts": [{"text": "Hello!"}]}}],"usageMetadata": {"trafficType": "ON_DEMAND"},"modelVersion": "gemini-3.1-flash-lite-preview","createTime": "2026-03-10T14:54:45.066123Z","responseId": "tTCwacuEBMvnitYP06qsgQY"} - -data: {"candidates": [{"content": {"role": "model","parts": [{"text": " How can I help you today"}]}}],"usageMetadata": {"trafficType": "ON_DEMAND"},"modelVersion": "gemini-3.1-flash-lite-preview","createTime": "2026-03-10T14:54:45.066123Z","responseId": "tTCwacuEBMvnitYP06qsgQY"} - -data: {"candidates": [{"content": {"role": "model","parts": [{"text": "?"}]}}],"usageMetadata": {"trafficType": "ON_DEMAND"},"modelVersion": "gemini-3.1-flash-lite-preview","createTime": "2026-03-10T14:54:45.066123Z","responseId": "tTCwacuEBMvnitYP06qsgQY"} - -data: {"candidates": [{"content": {"role": "model","parts": [{"text": "","thoughtSignature": "AY89a18iOcFus5wr5bW5xN6zZ4aUiCyhgmg6HE2YjtYDV/dwZ5oZlZHeTmiUKv34qq0="}]},"finishReason": "STOP"}],"usageMetadata": {"promptTokenCount": 1,"candidatesTokenCount": 9,"totalTokenCount": 10,"trafficType": "ON_DEMAND","promptTokensDetails": [{"modality": "TEXT","tokenCount": 1}],"candidatesTokensDetails": [{"modality": "TEXT","tokenCount": 9}]},"modelVersion": "gemini-3.1-flash-lite-preview","createTime": "2026-03-10T14:54:45.066123Z","responseId": "tTCwacuEBMvnitYP06qsgQY"} - diff --git a/prompts/BOTCODER_ANALYSIS.md b/prompts/BOTCODER_ANALYSIS.md deleted file mode 100644 index c4da20e..0000000 --- a/prompts/BOTCODER_ANALYSIS.md +++ /dev/null @@ -1,737 +0,0 @@ -# BotCoder Multi-Agent OS - Architecture Analysis - -## Executive Summary - -Based on analysis of **botserver** (Rust backend), **botui** (Web UI), and **botapp** (Tauri Desktop), we can architect **BotCoder** as a unified multi-agent operating system that leverages the existing Mantis Farm infrastructure while adding code-specific capabilities similar to Claude Code. - ---- - -## Current Architecture Analysis - -### 1. BotServer (Rust Backend) - `botserver/src/auto_task/` - -#### Multi-Agent Pipeline (The "Mantis Farm") - -**File:** `orchestrator.rs` (1147 lines) - -The orchestrator implements a **5-stage multi-agent pipeline**: - -``` -β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” -β”‚ ORCHESTRATOR PIPELINE β”‚ -β”œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€ -β”‚ β”‚ -β”‚ Stage 1: PLAN ────────► Mantis #1 (Planner) β”‚ -β”‚ - Analyze user request β”‚ -β”‚ - Break down into sub-tasks β”‚ -β”‚ - Identify tables, pages, tools, schedulers β”‚ -β”‚ - Derive enterprise-grade work breakdown β”‚ -β”‚ β”‚ -β”‚ Stage 2: BUILD ───────► Mantis #2 (Builder) β”‚ -β”‚ - Generate application code β”‚ -β”‚ - Create HTML/CSS/JS files β”‚ -β”‚ - Define database schema β”‚ -β”‚ - Build tools & schedulers β”‚ -β”‚ β”‚ -β”‚ Stage 3: REVIEW ───────► Mantis #3 (Reviewer) β”‚ -β”‚ - Validate code quality β”‚ -β”‚ - Check HTMX patterns β”‚ -β”‚ - Verify security β”‚ -β”‚ - Ensure no hardcoded data β”‚ -β”‚ β”‚ -β”‚ Stage 4: DEPLOY ───────► Mantis #4 (Deployer) β”‚ -β”‚ - Deploy application β”‚ -β”‚ - Verify accessibility β”‚ -β”‚ - Confirm static assets loading β”‚ -β”‚ β”‚ -β”‚ Stage 5: MONITOR ───────► Mantis #1 (Planner) β”‚ -β”‚ - Setup health monitoring β”‚ -β”‚ - Track error rates β”‚ -β”‚ - Monitor response times β”‚ -β”‚ β”‚ -β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ -``` - -#### Agent Status System - -**Agent States:** -- **WILD** - Uninitialized agent -- **BRED** - Agent created and ready -- **EVOLVED** - Agent has completed work successfully -- **WORKING** - Agent actively processing -- **DONE** - Agent finished -- **FAILED** - Agent encountered error - -**Agent Roles:** -```rust -pub enum AgentRole { - Planner, // Mantis #1 - Architect & Analyst - Builder, // Mantis #2 - Code Generator - Reviewer, // Mantis #3 - QA & Validation - Deployer, // Mantis #4 - Deployment - Monitor, // Mantis #1 (reused) - Health checks -} -``` - -#### Agent Executor (Container-Based) - -**File:** `agent_executor.rs` (115 lines) - -Provides **containerized execution environment** for agents: - -```rust -pub struct AgentExecutor { - pub state: Arc, - pub session_id: String, - pub task_id: String, - container: Option, -} -``` - -**Capabilities:** -- βœ… Spawn containerized terminal sessions -- βœ… Execute shell commands -- βœ… Broadcast terminal output via WebSocket -- βœ… Browser automation integration (chromiumoxide) -- βœ… Real-time progress updates - -**WebSocket Events:** -- `terminal_output` - stdout/stderr from agent -- `thought_process` - agent reasoning/thinking -- `step_progress` - pipeline stage progress (1/5, 2/5...) -- `browser_ready` - browser automation available -- `agent_thought` - agent-specific thoughts -- `agent_activity` - structured activity logs -- `task_node` - task breakdown visualization - -#### Intent Classification - -**File:** `intent_classifier.rs` - -Classifies user requests into types: -- **APP_CREATE** - Generate new application -- **APP_MODIFY** - Modify existing app -- **CODE_REVIEW** - Review code -- **DEBUG** - Debug issues -- **DEPLOY** - Deploy application -- **ANALYZE** - Analyze codebase - -**Entity Extraction:** -- Tables (database schema) -- Features (UI components) -- Pages (routes/views) -- Tools (business logic) -- Schedulers (background jobs) - -#### App Generator - -**File:** `app_generator.rs` (3400+ lines) - -**LLM-powered code generation:** -- Generates HTMX applications -- Creates database schemas -- Builds REST API endpoints -- Generates BASIC tools -- Creates scheduled jobs -- Produces E2E tests - -**Output:** -```rust -pub struct GeneratedApp { - pub name: String, - pub description: String, - pub tables: Vec, - pub pages: Vec, - pub tools: Vec, - pub schedulers: Vec, -} -``` - -#### Designer AI - -**File:** `designer_ai.rs` - -Runtime code modifications with: -- Undo/redo support -- Real-time UI editing -- Visual layout changes -- Style modifications - -#### Safety Layer - -**File:** `safety_layer.rs` - -- Constraint checking -- Simulation before execution -- Audit trail -- Approval workflows - ---- - -### 2. BotUI (Web Interface) - `botui/ui/suite/` - -#### Vibe Builder UI - -**File:** `partials/vibe.html` (47KB) - -**Components:** -1. **Pipeline Tabs** - Plan/Build/Review/Deploy/Monitor stages -2. **Agents Sidebar** - Mantis #1-4 status cards -3. **Workspaces List** - Project management -4. **Canvas Area** - Task node visualization -5. **Chat Overlay** - Real-time communication with agents - -**Agent Cards Display:** -```html -
-
- - Mantis #1 -
-
- πŸ‘€ βš™οΈ ⚑ - EVOLVED -
-
-``` - -**WebSocket Integration:** -```javascript -// Connect to task progress stream -const ws = new WebSocket(`ws://localhost:8080/ws/task-progress/${taskId}`); - -ws.onmessage = (event) => { - const data = JSON.parse(event.data); - handleTaskProgress(data); -}; - -// Event types handled: -// - pipeline_start -// - pipeline_complete -// - step_progress (1/5, 2/5, ...) -// - agent_thought -// - agent_activity -// - task_node -// - terminal_output -// - manifest_update -``` - -**Real-time Updates:** -- Agent status changes (WILD β†’ BRED β†’ WORKING β†’ EVOLVED) -- Task node visualization (plan breakdown) -- Terminal output streaming -- Progress indicators -- File generation notifications - -#### Other UI Components - -- `chat.html` - Chat interface for agent interaction -- `editor-inner.html` - Code editor (currently textarea, needs Monaco) -- `explorer-inner.html` - File browser -- `settings.html` - Configuration -- `tasks.html` - Task management -- `desktop-inner.html` - Desktop integration - ---- - -### 3. BotApp (Desktop) - `botapp/src/` - -**Tauri-based desktop application** with: -- System tray integration -- Service monitoring -- File system access -- Desktop sync (rclone) -- Native notifications - -**Main Features:** -```rust -// Desktop service monitoring -pub struct ServiceMonitor { - services: HashMap, -} - -// Tray management -pub struct TrayManager { - mode: RunningMode, // Server | Desktop | Client -} - -// Drive integration -mod drive { - list_files() - upload_file() - create_folder() -} - -// Sync integration -mod sync { - get_sync_status() - start_sync() - configure_remote() -} -``` - ---- - -## BotCoder Multi-Agent OS Architecture - -### Vision - -**BotCoder** = **Vibe Builder** + **Code-Specific Agents** + **Professional Tools** - -Create a complete development environment that: -1. Uses the existing Mantis Farm infrastructure -2. Adds specialized coding agents (similar to Claude Code) -3. Provides professional editor experience (Monaco, terminal, git, etc.) -4. Supports both internal (GB Platform) and external (Forgejo) deployment - ---- - -## Proposed BotCoder Agent Ecosystem - -### Core Mantis Farm (Keep Existing) - -``` -Mantis #1: Planner & Orchestrator ───► Already exists in botserver -Mantis #2: Code Generator ───► Already exists (AppGenerator) -Mantis #3: Reviewer & Validator ───► Already exists -Mantis #4: Deployer ───► Already exists -``` - -### New Specialized Agents (Add to BotCoder) - -``` -β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” -β”‚ BOTCODER AGENTS β”‚ -β”œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€ -β”‚ β”‚ -β”‚ Mantis #5: Editor Agent ───► File operations β”‚ -β”‚ - Multi-file editing β”‚ -β”‚ - Syntax awareness β”‚ -β”‚ - Refactoring support β”‚ -β”‚ - Code completion β”‚ -β”‚ β”‚ -β”‚ Mantis #6: Database Agent ───► Schema operations β”‚ -β”‚ - Query optimization β”‚ -β”‚ - Migration management β”‚ -β”‚ - Data visualization β”‚ -β”‚ - Index suggestions β”‚ -β”‚ β”‚ -β”‚ Mantis #7: Git Agent ───► Version control β”‚ -β”‚ - Commit analysis β”‚ -β”‚ - Branch management β”‚ -β”‚ - Conflict resolution β”‚ -β”‚ - Code archaeology β”‚ -β”‚ β”‚ -β”‚ Mantis #8: Test Agent ───► Quality assurance β”‚ -β”‚ - Test generation β”‚ -β”‚ - Coverage analysis β”‚ -β”‚ - E2E testing (chromiumoxide) β”‚ -β”‚ - Performance profiling β”‚ -β”‚ β”‚ -β”‚ Mantis #9: Browser Agent ───► Web automation β”‚ -β”‚ - Page recording β”‚ -β”‚ - Element inspection β”‚ -β”‚ - Performance monitoring β”‚ -β”‚ - SEO checking β”‚ -β”‚ β”‚ -β”‚ Mantis #10: Terminal Agent ───► Command execution β”‚ -β”‚ - Shell command execution β”‚ -β”‚ - Build system integration β”‚ -β”‚ - Package management β”‚ -β”‚ - Docker orchestration β”‚ -β”‚ β”‚ -β”‚ Mantis #11: Documentation Agent ───► Docs & comments β”‚ -β”‚ - Auto-generate docs β”‚ -β”‚ - Comment quality check β”‚ -β”‚ - README generation β”‚ -β”‚ - API documentation β”‚ -β”‚ β”‚ -β”‚ Mantis #12: Security Agent ───► Security auditing β”‚ -β”‚ - Vulnerability scanning β”‚ -β”‚ - Dependency analysis β”‚ -β”‚ - Secret detection β”‚ -β”‚ - OWASP compliance β”‚ -β”‚ β”‚ -β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ -``` - ---- - -## BotCoder Architecture - -### Backend (Rust) - -``` -botserver/src/ -β”œβ”€β”€ auto_task/ # EXISTING - Mantis Farm -β”‚ β”œβ”€β”€ orchestrator.rs # Keep - Multi-agent pipeline -β”‚ β”œβ”€β”€ agent_executor.rs # Keep - Container execution -β”‚ β”œβ”€β”€ app_generator.rs # Keep - LLM code gen -β”‚ β”œβ”€β”€ designer_ai.rs # Keep - Runtime edits -β”‚ β”œβ”€β”€ intent_classifier.rs # Keep - Request classification -β”‚ └── safety_layer.rs # Keep - Constraint checking -β”‚ -β”œβ”€β”€ botcoder/ # NEW - BotCoder-specific agents -β”‚ β”œβ”€β”€ mod.rs -β”‚ β”œβ”€β”€ editor_agent.rs # Mantis #5 - File operations -β”‚ β”œβ”€β”€ database_agent.rs # Mantis #6 - Schema ops -β”‚ β”œβ”€β”€ git_agent.rs # Mantis #7 - Version control -β”‚ β”œβ”€β”€ test_agent.rs # Mantis #8 - Testing -β”‚ β”œβ”€β”€ browser_agent.rs # Mantis #9 - Web automation -β”‚ β”œβ”€β”€ terminal_agent.rs # Mantis #10 - Command exec -β”‚ β”œβ”€β”€ docs_agent.rs # Mantis #11 - Documentation -β”‚ └── security_agent.rs # Mantis #12 - Security -β”‚ -β”œβ”€β”€ deployment/ # NEW - From vibe.md Phase 0 -β”‚ β”œβ”€β”€ mod.rs # DeploymentRouter -β”‚ β”œβ”€β”€ forgejo.rs # ForgejoClient -β”‚ β”œβ”€β”€ api.rs # Deployment endpoints -β”‚ └── templates.rs # CI/CD workflows -β”‚ -β”œβ”€β”€ api/ # EXTEND - Add BotCoder APIs -β”‚ β”œβ”€β”€ editor.rs # Monaco integration -β”‚ β”œβ”€β”€ database.rs # DB UI backend -β”‚ β”œβ”€β”€ git.rs # Git operations -β”‚ β”œβ”€β”€ browser.rs # Browser automation -β”‚ └── terminal.rs # WebSocket terminals -β”‚ -└── browser/ # NEW - From vibe.md Phase 4 - β”œβ”€β”€ mod.rs # BrowserSession - β”œβ”€β”€ recorder.rs # ActionRecorder - β”œβ”€β”€ validator.rs # TestValidator - └── api.rs # HTTP endpoints -``` - -### Frontend (Web + Desktop) - -``` -botui/ui/suite/ -β”œβ”€β”€ partials/ -β”‚ β”œβ”€β”€ vibe.html # EXISTING - Agent sidebar -β”‚ β”œβ”€β”€ vibe-deployment.html # NEW - Deployment modal -β”‚ β”œβ”€β”€ editor.html # NEW - Monaco editor -β”‚ β”œβ”€β”€ database.html # NEW - Schema visualizer -β”‚ β”œβ”€β”€ git-status.html # NEW - Git operations -β”‚ β”œβ”€β”€ git-diff.html # NEW - Diff viewer -β”‚ β”œβ”€β”€ browser-controls.html # NEW - Browser automation -β”‚ └── terminal.html # NEW - Enhanced terminal -β”‚ -β”œβ”€β”€ js/ -β”‚ β”œβ”€β”€ vibe.js # EXISTING - Vibe logic -β”‚ β”œβ”€β”€ deployment.js # NEW - Deployment handler -β”‚ β”œβ”€β”€ editor.js # NEW - Monaco integration -β”‚ β”œβ”€β”€ database.js # NEW - DB visualization -β”‚ β”œβ”€β”€ git.js # NEW - Git operations -β”‚ β”œβ”€β”€ browser.js # NEW - Browser automation -β”‚ └── terminal.js # NEW - Terminal (xterm.js) -β”‚ -└── css/ - β”œβ”€β”€ agents-sidebar.css # EXISTING - Mantis cards - β”œβ”€β”€ deployment.css # NEW - Deployment styles - β”œβ”€β”€ editor.css # NEW - Editor styles - β”œβ”€β”€ database.css # NEW - DB UI styles - └── terminal.css # NEW - Terminal styles -``` - ---- - -## Integration Strategy - -### Option 1: BotCoder as Separate Repository (Recommended) - -``` -gb/ -β”œβ”€β”€ botserver/ # Existing - Backend services -β”œβ”€β”€ botui/ # Existing - Web UI -β”œβ”€β”€ botapp/ # Existing - Desktop app -└── botcoder/ # NEW - Multi-agent IDE - β”œβ”€β”€ Cargo.toml - β”œβ”€β”€ src/ - β”‚ β”œβ”€β”€ main.rs - β”‚ β”œβ”€β”€ agents/ # BotCoder agents - β”‚ β”œβ”€β”€ editor/ # Editor integration - β”‚ └── workspace/ # Workspace management - └── ui/ - β”œβ”€β”€ src/ - β”‚ β”œβ”€β”€ components/ # React/Vue components - β”‚ β”œβ”€β”€ pages/ # IDE pages - β”‚ └── lib/ - └── index.html -``` - -**Pros:** -- Clean separation of concerns -- Independent release cycle -- Can be deployed standalone -- Easier to maintain - -**Cons:** -- Duplicate some botserver code -- Need to share common libs - -### Option 2: BotCoder as Module in BotServer - -``` -botserver/src/ -β”œβ”€β”€ auto_task/ # Existing Mantis Farm -└── botcoder/ # New BotCoder module - β”œβ”€β”€ mod.rs - β”œβ”€β”€ agents/ - β”œβ”€β”€ editor/ - └── workspace/ -``` - -**Pros:** -- Share existing infrastructure -- Single deployment -- Unified WebSocket channels - -**Cons:** -- Tighter coupling -- Larger monolith - -### Recommendation: **Option 1 (Separate Repo)** - -But share common libraries via a `botlib` crate: - -``` -gb/ -β”œβ”€β”€ botlib/ # Shared utilities -β”‚ β”œβ”€β”€ src/ -β”‚ β”‚ β”œβ”€β”€ agents/ # Agent traits -β”‚ β”‚ β”œβ”€β”€ llm/ # LLM clients -β”‚ β”‚ └── websocket/ # WebSocket utils -β”‚ └── Cargo.toml -β”‚ -β”œβ”€β”€ botserver/ # Uses botlib -β”œβ”€β”€ botui/ # Uses botlib -β”œβ”€β”€ botapp/ # Uses botlib -└── botcoder/ # Uses botlib ← NEW -``` - ---- - -## BotCoder Features vs Vibe Builder - -### Vibe Builder (Existing) -- βœ… Multi-agent pipeline (Mantis #1-4) -- βœ… App generation (HTMX apps) -- βœ… WebSocket real-time updates -- βœ… Agent status visualization -- βœ… Task breakdown -- βœ… Deployment (internal GB platform) - -### BotCoder (Add) -- πŸ“ **Monaco Editor** - Professional code editing -- πŸ—„οΈ **Database UI** - Schema visualization -- πŸ™ **Git Operations** - Version control UI -- 🌐 **Browser Automation** - Testing & recording -- πŸ“‚ **Multi-File Workspace** - Tab management -- πŸ–₯️ **Enhanced Terminal** - xterm.js integration -- πŸš€ **Dual Deployment** - Internal + Forgejo -- πŸ”’ **Security Scanning** - Vulnerability detection -- πŸ“š **Auto-Documentation** - Generate docs -- πŸ§ͺ **E2E Testing** - chromiumoxide integration - ---- - -## BotCoder Multi-Agent Workflow Example - -### User Request: "Create a CRM with contacts and deals" - -``` -1. CLASSIFY - └─ Intent: APP_CREATE - └─ Entities: { tables: [contacts, deals], features: [Contact Manager, Deal Pipeline] } - -2. PLAN (Mantis #1 - Planner) - β”œβ”€ Break down into 12 sub-tasks - β”œβ”€ Create task nodes - └─ Estimate: 45 files, 98k tokens, 2.5 hours - -3. BUILD (Mantis #2 - Builder) - β”œβ”€ Generate HTML/CSS/JS files - β”œβ”€ Create database schema - β”œβ”€ Build REST API endpoints - └─ Output: /apps/my-crm/ - -4. CODE REVIEW (Mantis #3 - Reviewer) - β”œβ”€ Check HTMX patterns - β”œβ”€ Verify security - β”œβ”€ Validate error handling - └─ Status: PASSED - -5. OPTIMIZE (Mantis #5 - Editor Agent) ← NEW - β”œβ”€ Analyze code structure - β”œβ”€ Suggest refactorings - β”œβ”€ Apply safe optimizations - └─ Generate PR - -6. TEST (Mantis #8 - Test Agent) ← NEW - β”œβ”€ Generate unit tests - β”œβ”€ Create E2E tests (chromiumoxide) - β”œβ”€ Measure coverage - └─ Status: 87% coverage - -7. SECURITY CHECK (Mantis #12 - Security Agent) ← NEW - β”œβ”€ Scan vulnerabilities - β”œβ”€ Check dependencies - β”œβ”€ Detect secrets - └─ Status: 0 issues found - -8. DEPLOY (Mantis #4 - Deployer) - β”œβ”€ Choose deployment target - β”‚ β”œβ”€ Internal GB Platform ← Selected - β”‚ └─ External Forgejo (optional) - β”œβ”€ Deploy to /apps/my-crm/ - └─ Verify accessibility - -9. DOCUMENT (Mantis #11 - Documentation Agent) ← NEW - β”œβ”€ Generate README.md - β”œβ”€ Create API docs - β”œβ”€ Add code comments - └─ Output: /docs/ - -10. MONITOR (Mantis #1 - Planner) - β”œβ”€ Setup uptime monitoring - β”œβ”€ Track error rates - β”œβ”€ Monitor response times - └─ Status: ACTIVE -``` - ---- - -## Technical Implementation Plan - -### Phase 1: Core BotCoder Infrastructure (Week 1) - -**Tasks:** -1. Create `botcoder/` repository structure -2. Implement `botlib` shared crate -3. Add Mantis #5-12 agent stubs -4. Extend WebSocket protocol for new agents -5. Update orchestrator to support 12 agents - -**Deliverables:** -- βœ… BotCoder repo initialized -- βœ… Agent trait system defined -- βœ… WebSocket events extended -- βœ… Orchestrator handles 12-agent pipeline - -### Phase 2: Editor & Database UI (Week 2) - -**Tasks:** -1. Integrate Monaco Editor (replace textarea) -2. Build database schema visualizer -3. Add query builder UI -4. Implement Mantis #5 (Editor Agent) -5. Implement Mantis #6 (Database Agent) - -**Deliverables:** -- βœ… Monaco loads with syntax highlighting -- βœ… ER diagram shows tables/relationships -- βœ… Query builder generates SQL -- βœ… Editor agent can refactor code -- βœ… Database agent optimizes queries - -### Phase 3: Git & Browser Automation (Week 3) - -**Tasks:** -1. Build git operations UI -2. Implement diff viewer -3. Add browser automation panel (chromiumoxide) -4. Implement Mantis #7 (Git Agent) -5. Implement Mantis #9 (Browser Agent) - -**Deliverables:** -- βœ… Git status shows changes -- βœ… Diff viewer displays side-by-side -- βœ… Browser automation records actions -- βœ… Git agent manages branches -- βœ… Browser agent generates Playwright tests - -### Phase 4: Testing, Security & Docs (Week 4) - -**Tasks:** -1. Implement test generation -2. Add security scanning -3. Build documentation generator -4. Implement Mantis #8 (Test Agent) -5. Implement Mantis #12 (Security Agent) -6. Implement Mantis #11 (Docs Agent) - -**Deliverables:** -- βœ… Test agent generates coverage reports -- βœ… Security agent scans vulnerabilities -- βœ… Docs agent generates README -- βœ… E2E tests run via chromiumoxide - -### Phase 5: Deployment Integration (Week 5) - -**Tasks:** -1. Implement deployment router (from vibe.md Phase 0) -2. Add Forgejo integration -3. Build deployment UI -4. Integrate with existing Mantis #4 (Deployer) - -**Deliverables:** -- βœ… Can deploy internally to /apps/ -- βœ… Can deploy externally to Forgejo -- βœ… CI/CD pipelines auto-generated -- βœ… Deployment choice in UI - ---- - -## Success Metrics - -### Agent Performance -- ⚑ Pipeline completes in < 2 minutes -- 🎯 95%+ task success rate -- πŸ”„ < 5% agent failures requiring retry -- πŸ“Š Real-time progress updates < 100ms latency - -### Code Quality -- βœ… 80%+ test coverage -- πŸ”’ 0 critical vulnerabilities -- πŸ“ 100% documented public APIs -- πŸš€ < 30s deployment time - -### User Experience -- πŸ’¬ Natural language β†’ working app -- 🎨 Beautiful UI by default -- πŸ”§ Professional tools (Monaco, terminal, git) -- πŸ“± Works on desktop + web - ---- - -## Comparison: BotCoder vs Claude Code - -| Feature | BotCoder | Claude Code | -|---------|----------|-------------| -| Multi-agent pipeline | βœ… 12 specialized agents | ❌ Single agent | -| Visual agent status | βœ… Real-time Mantis cards | ❌ No agent visibility | -| App generation | βœ… Full-stack (HTMX + DB) | βœ… Code generation only | -| Database UI | βœ… Schema visualizer | ❌ No DB tools | -| Git operations | βœ… Dedicated agent (Mantis #7) | βœ… Git integration | -| Browser automation | βœ… chromiumoxide + Mantis #9 | βœ… Playwright support | -| Deployment options | βœ… Dual (Internal + Forgejo) | ❌ No deployment | -| Desktop app | βœ… Tauri (botapp) | ❌ CLI only | -| Multi-user | βœ… SaaS platform | ❌ Single user | -| Visual workspace | βœ… Vibe Builder | ❌ Terminal only | -| Agent reasoning | βœ… Transparent thoughts | ❌ Black box | - ---- - -## Conclusion - -**BotCoder** can leverage the existing **Mantis Farm** infrastructure in `botserver` while adding specialized coding agents and professional tools. The architecture is: - -1. **Foundation:** Existing orchestrator.rs (1147 lines) - 5-stage pipeline -2. **Extension:** Add 7 new specialized agents (Mantis #5-12) -3. **UI:** Extend vibe.html with editor, database, git, browser panels -4. **Desktop:** Integrate with botapp for native experience -5. **Deployment:** Dual deployment (internal GB Platform + external Forgejo) - -**Estimated Effort:** 5 weeks (following vibe.md roadmap) - -**Result:** A complete multi-agent development environment that exceeds Claude Code's capabilities while offering visual agent management, dual deployment, and multi-user SaaS architecture. diff --git a/prompts/BOTCODER_HYBRID_ARCHITECTURE.md b/prompts/BOTCODER_HYBRID_ARCHITECTURE.md deleted file mode 100644 index c7021ff..0000000 --- a/prompts/BOTCODER_HYBRID_ARCHITECTURE.md +++ /dev/null @@ -1,955 +0,0 @@ -# BotCoder Hybrid Architecture v2.0 -## CLI + Optional Multi-Agent Facade (BYOK vs BotServer) - -## Executive Summary - -**BotCoder** exists as a **terminal-based AI coding agent** with real-time streaming and tool execution. This document outlines how to extend it into a **hybrid CLI/multi-agent OS** that can: - -1. **Work standalone (BYOK)** - Direct LLM access, local execution -2. **Use botserver facade** - Leverage Mantis Farm agents when available -3. **Switch dynamically** - Fall back to local if botserver unavailable - ---- - -## Current BotCoder Architecture - -### Existing CLI Implementation (`/home/rodriguez/src/pgm/botcoder`) - -**Dependencies:** -```toml -tokio = "1.42" # Async runtime -reqwest = "0.12" # HTTP client -ratatui = "0.29" # TUI framework -crossterm = "0.29" # Terminal handling -futures = "0.3" # Async utilities -regex = "1.10" # Pattern matching -``` - -**Core Features:** -- βœ… Real-time streaming LLM responses -- βœ… Tool execution (read_file, execute_command, write_file) -- βœ… Delta format parsing (git-style diffs) -- βœ… TPM rate limiting -- βœ… Conversation history management -- βœ… Animated TUI with ratatui - -**Tool Support:** -```rust -// Currently supported tools -fn execute_tool(tool: &str, param: &str, project_root: &str) -> String { - match tool { - "read_file" => read_file(param), - "execute_command" => execute_command(param, project_root), - "write_file" => write_file(param), - "list_files" => list_files(param, project_root), - _ => format!("Unknown tool: {}", tool), - } -} -``` - -**LLM Integration:** -```rust -// Direct Azure OpenAI client -mod llm { - pub struct AzureOpenAIClient { - endpoint: String, - api_key: String, - deployment: String, - } - - impl LLMProvider for AzureOpenAIClient { - async fn generate(&self, prompt: &str, params: &serde_json::Value) - -> Result>; - } -} -``` - ---- - -## Proposed Hybrid Architecture - -``` -β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” -β”‚ BOTCODER HYBRID MODE β”‚ -β”œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€ -β”‚ β”‚ -β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚ -β”‚ β”‚ BOTCODER CLI (main.rs) β”‚ β”‚ -β”‚ β”‚ - TUI interface (ratatui) β”‚ β”‚ -β”‚ β”‚ - Tool execution β”‚ β”‚ -β”‚ β”‚ - Delta parsing β”‚ β”‚ -β”‚ β”‚ - Rate limiting β”‚ β”‚ -β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚ -β”‚ β”‚ β”‚ -β”‚ β–Ό β”‚ -β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚ -β”‚ β”‚ LLM PROVIDER TRAIT (abstraction) β”‚ β”‚ -β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚ -β”‚ β”‚ β”‚ -β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚ -β”‚ β–Ό β–Ό β”‚ -β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚ -β”‚ β”‚ DIRECT LLM β”‚ β”‚ BOTSERVER FACADE β”‚ β”‚ -β”‚ β”‚ (BYOK Mode) β”‚ β”‚ (Multi-Agent Mode) β”‚ β”‚ -β”‚ β”‚ β”‚ β”‚ β”‚ β”‚ -β”‚ β”‚ - Azure OpenAI β”‚ β”‚ - Mantis #1-4 β”‚ β”‚ -β”‚ β”‚ - Anthropic β”‚ β”‚ - Mantis #5-12 β”‚ β”‚ -β”‚ β”‚ - OpenAI β”‚ β”‚ - Orchestrator β”‚ β”‚ -β”‚ β”‚ - Local LLM β”‚ β”‚ - WebSocket β”‚ β”‚ -β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚ -β”‚ β”‚ β”‚ β”‚ -β”‚ β”‚ (Optional) β”‚ -β”‚ β–Ό β–Ό β”‚ -β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚ -β”‚ β”‚ LOCAL EXECUTION β”‚ β”‚ AGENT EXECUTION β”‚ β”‚ -β”‚ β”‚ β”‚ β”‚ β”‚ β”‚ -β”‚ β”‚ - File operations β”‚ β”‚ - Containerized β”‚ β”‚ -β”‚ β”‚ - Command execution β”‚ β”‚ - AgentExecutor β”‚ β”‚ -β”‚ β”‚ - Git operations β”‚ β”‚ - Browser automationβ”‚ β”‚ -β”‚ β”‚ - Docker control β”‚ β”‚ - Test generation β”‚ β”‚ -β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚ -β”‚ β”‚ -β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ -``` - ---- - -## Implementation Plan - -### Phase 1: LLM Provider Abstraction (Week 1) - -**Goal:** Create trait-based system for multiple LLM backends - -**File:** `src/llm/mod.rs` - -```rust -use async_trait::async_trait; - -/// Unified LLM provider trait -#[async_trait] -pub trait LLMProvider: Send + Sync { - /// Generate completion with streaming support - async fn generate_stream( - &self, - prompt: &str, - params: &GenerationParams, - ) -> Result; - - /// Generate completion (non-streaming) - async fn generate( - &self, - prompt: &str, - params: &GenerationParams, - ) -> Result; - - /// Get provider capabilities - fn capabilities(&self) -> ProviderCapabilities; - - /// Get provider name - fn name(&self) -> &str; -} - -pub struct GenerationParams { - pub temperature: f32, - pub max_tokens: u32, - pub top_p: f32, - pub tools: Vec, - pub system_prompt: Option, -} - -pub struct StreamResponse { - pub content_stream: tokio_stream::wrappers::ReceiverStream, - pub tool_calls: Vec, - pub usage: TokenUsage, -} - -pub struct ProviderCapabilities { - pub streaming: bool, - pub tools: bool, - pub max_tokens: u32, - pub supports_vision: bool, -} -``` - -**Implementations:** - -```rust -// src/llm/azure_openai.rs -pub struct AzureOpenAIClient { - endpoint: String, - api_key: String, - deployment: String, - client: reqwest::Client, -} - -#[async_trait] -impl LLMProvider for AzureOpenAIClient { - async fn generate(&self, prompt: &str, params: &GenerationParams) - -> Result { - // Existing implementation - } - - fn capabilities(&self) -> ProviderCapabilities { - ProviderCapabilities { - streaming: true, - tools: true, - max_tokens: 4096, - supports_vision: false, - } - } - - fn name(&self) -> &str { - "azure-openai" - } -} - -// src/llm/anthropic.rs -pub struct AnthropicClient { - api_key: String, - client: reqwest::Client, -} - -#[async_trait] -impl LLMProvider for AnthropicClient { - async fn generate(&self, prompt: &str, params: &GenerationParams) - -> Result { - // Anthropic API implementation - } - - fn capabilities(&self) -> ProviderCapabilities { - ProviderCapabilities { - streaming: true, - tools: true, - max_tokens: 8192, - supports_vision: true, - } - } - - fn name(&self) -> &str { - "anthropic" - } -} - -// src/llm/botserver_facade.rs -pub struct BotServerFacade { - base_url: String, - api_key: Option, - client: reqwest::Client, -} - -#[async_trait] -impl LLMProvider for BotServerFacade { - async fn generate(&self, prompt: &str, params: &GenerationParams) - -> Result { - // Instead of direct LLM call, use botserver's orchestrator - // 1. Classify intent - // 2. Execute multi-agent pipeline - // 3. Return aggregated result - } - - fn capabilities(&self) -> ProviderCapabilities { - ProviderCapabilities { - streaming: true, // Via WebSocket - tools: true, // Via AgentExecutor - max_tokens: 128000, // Multi-agent consensus - supports_vision: true, // Via Browser Agent - } - } - - fn name(&self) -> &str { - "botserver-mantis-farm" - } -} -``` - -**Configuration:** - -```rust -// src/config.rs -#[derive(Debug, Clone)] -pub struct BotCoderConfig { - pub llm_provider: LLMProviderType, - pub botserver_url: Option, - pub project_path: PathBuf, - pub enable_facade: bool, - pub fallback_to_local: bool, -} - -#[derive(Debug, Clone)] -pub enum LLMProviderType { - AzureOpenAI, - Anthropic, - OpenAI, - LocalLLM, - BotServerFacade, // Use Mantis Farm -} - -impl BotCoderConfig { - pub fn from_env() -> Result { - let llm_provider = match env::var("LLM_PROVIDER").as_deref() { - Ok("azure") => LLMProviderType::AzureOpenAI, - Ok("anthropic") => LLMProviderType::Anthropic, - Ok("botserver") => LLMProviderType::BotServerFacade, - _ => LLMProviderType::AzureOpenAI, // Default - }; - - let botserver_url = env::var("BOTSERVER_URL").ok(); - let enable_facade = env::var("ENABLE_BOTSERVER_FACADE") - .unwrap_or_else(|_| "false".to_string()) == "true"; - - Ok(Self { - llm_provider, - botserver_url, - project_path: env::var("PROJECT_PATH")?.into(), - enable_facade, - fallback_to_local: true, - }) - } -} -``` - ---- - -### Phase 2: Multi-Agent Facade Integration (Week 2) - -**Goal:** Connect to botserver's Mantis Farm when available - -**File:** `src/botserver_client.rs` - -```rust -use reqwest::Client; -use serde::{Deserialize, Serialize}; - -pub struct BotServerClient { - base_url: String, - api_key: Option, - client: Client, -} - -impl BotServerClient { - pub fn new(base_url: String, api_key: Option) -> Self { - Self { - base_url, - api_key, - client: Client::new(), - } - } - - /// Classify intent using botserver's intent classifier - pub async fn classify_intent(&self, text: &str) - -> Result { - let url = format!("{}/api/autotask/classify", self.base_url); - - let response = self.client - .post(&url) - .json(&serde_json::json!({ "text": text })) - .header("Authorization", self.api_key.as_ref().map(|k| format!("Bearer {}", k)).unwrap_or_default()) - .send() - .await?; - - if response.status().is_success() { - Ok(response.json().await?) - } else { - Err(BotServerError::ClassificationFailed(response.text().await?)) - } - } - - /// Execute multi-agent pipeline - pub async fn execute_pipeline(&self, classification: &ClassifiedIntent) - -> Result { - let url = format!("{}/api/autotask/execute", self.base_url); - - let response = self.client - .post(&url) - .json(classification) - .header("Authorization", self.api_key.as_ref().map(|k| format!("Bearer {}", k)).unwrap_or_default()) - .send() - .await?; - - if response.status().is_success() { - Ok(response.json().await?) - } else { - Err(BotServerError::PipelineFailed(response.text().await?)) - } - } - - /// Subscribe to WebSocket progress updates - pub async fn subscribe_progress(&self, task_id: &str) - -> Result>, BotServerError> { - let ws_url = format!( - "{}/ws/task-progress/{}", - self.base_url.replace("http", "ws"), - task_id - ); - - tokio_tungstenite::connect_async(&ws_url).await - .map_err(BotServerError::WebSocketError) - } - - /// Use specialized agents directly - pub async fn query_agent(&self, agent_id: u8, query: &str) - -> Result { - match agent_id { - 5 => self.query_editor_agent(query).await, - 6 => self.query_database_agent(query).await, - 7 => self.query_git_agent(query).await, - 8 => self.query_test_agent(query).await, - 9 => self.query_browser_agent(query).await, - 10 => self.query_terminal_agent(query).await, - 11 => self.query_docs_agent(query).await, - 12 => self.query_security_agent(query).await, - _ => Err(BotServerError::InvalidAgent(agent_id)), - } - } - - // Specific agent methods - async fn query_editor_agent(&self, query: &str) - -> Result { - // POST /api/botcoder/editor/query - let url = format!("{}/api/botcoder/editor/query", self.base_url); - - let response = self.client - .post(&url) - .json(&serde_json::json!({ "query": query })) - .send() - .await?; - - Ok(response.json().await?) - } - - async fn query_database_agent(&self, query: &str) - -> Result { - // Query database schema, optimize queries - let url = format!("{}/api/botcoder/database/query", self.base_url); - - let response = self.client - .post(&url) - .json(&serde_json::json!({ "query": query })) - .send() - .await?; - - Ok(response.json().await?) - } - - // ... other agent methods -} - -#[derive(Debug, Deserialize)] -pub struct ClassifiedIntent { - pub intent_type: String, - pub entities: IntentEntities, - pub original_text: String, -} - -#[derive(Debug, Deserialize)] -pub struct OrchestrationResult { - pub success: bool, - pub task_id: String, - pub stages_completed: u8, - pub app_url: Option, - pub message: String, - pub created_resources: Vec, -} - -#[derive(Debug, thiserror::Error)] -pub enum BotServerError { - #[error("Classification failed: {0}")] - ClassificationFailed(String), - - #[error("Pipeline execution failed: {0}")] - PipelineFailed(String), - - #[error("WebSocket error: {0}")] - WebSocketError(#[from] tokio_tungstenite::tungstenite::Error), - - #[error("Invalid agent ID: {0}")] - InvalidAgent(u8), - - #[error("HTTP error: {0}")] - HttpError(#[from] reqwest::Error), - - #[error("JSON error: {0}")] - JsonError(#[from] serde_json::Error), -} -``` - ---- - -### Phase 3: Unified Tool Execution (Week 2-3) - -**Goal:** Abstract tool execution to work locally or via agents - -**File:** `src/tools/mod.rs` - -```rust -use async_trait::async_trait; - -/// Unified tool execution trait -#[async_trait] -pub trait ToolExecutor: Send + Sync { - async fn execute(&self, tool: &ToolCall, context: &ExecutionContext) - -> Result; - - fn supports_tool(&self, tool_name: &str) -> bool; -} - -pub struct ToolCall { - pub name: String, - pub parameters: serde_json::Value, - pub agent_id: Option, // Which agent should execute -} - -pub struct ToolResult { - pub output: String, - pub exit_code: i32, - pub metadata: serde_json::Value, -} - -pub struct ExecutionContext { - pub project_path: PathBuf, - pub botserver_client: Option, - pub use_local_fallback: bool, -} - -/// Local tool executor (existing implementation) -pub struct LocalToolExecutor { - project_root: PathBuf, -} - -#[async_trait] -impl ToolExecutor for LocalToolExecutor { - async fn execute(&self, tool: &ToolCall, context: &ExecutionContext) - -> Result { - match tool.name.as_str() { - "read_file" => self.read_file(tool.parameters).await, - "write_file" => self.write_file(tool.parameters).await, - "execute_command" => self.execute_command(tool.parameters).await, - "list_files" => self.list_files(tool.parameters).await, - "git_operation" => self.git_operation(tool.parameters).await, - _ => Err(ToolError::UnknownTool(tool.name.clone())), - } - } - - fn supports_tool(&self, tool_name: &str) -> bool { - matches!(tool_name, - "read_file" | "write_file" | "execute_command" | - "list_files" | "git_operation" - ) - } -} - -/// Agent-based tool executor (via botserver) -pub struct AgentToolExecutor { - botserver_client: BotServerClient, -} - -#[async_trait] -impl ToolExecutor for AgentToolExecutor { - async fn execute(&self, tool: &ToolCall, context: &ExecutionContext) - -> Result { - // Route to appropriate agent - let agent_id = tool.agent_id.unwrap_or_else(|| { - self.infer_agent_for_tool(&tool.name) - }); - - match self.botserver_client.query_agent(agent_id, &tool.parameters.to_string()).await { - Ok(response) => Ok(ToolResult { - output: response.output, - exit_code: response.exit_code, - metadata: response.metadata, - }), - Err(e) => { - // Fallback to local if enabled - if context.use_local_fallback { - warn!("Agent execution failed, falling back to local: {}", e); - LocalToolExecutor::new(context.project_path.clone()).execute(tool, context).await? - } else { - Err(ToolError::AgentError(e.to_string())) - } - } - } - } - - fn supports_tool(&self, tool_name: &str) -> bool { - matches!(tool_name, - "database_query" | "schema_visualize" | "git_commit" | - "test_generate" | "browser_record" | "docs_generate" | - "security_scan" | "code_refactor" | "optimize_query" - ) - } - - fn infer_agent_for_tool(&self, tool_name: &str) -> u8 { - match tool_name { - "code_refactor" | "syntax_check" => 5, // Editor Agent - "database_query" | "schema_visualize" | "optimize_query" => 6, // Database Agent - "git_commit" | "git_branch" | "git_merge" => 7, // Git Agent - "test_generate" | "coverage_report" => 8, // Test Agent - "browser_record" | "page_test" => 9, // Browser Agent - "shell_execute" | "docker_build" => 10, // Terminal Agent - "docs_generate" | "api_docs" => 11, // Docs Agent - "security_scan" | "vulnerability_check" => 12, // Security Agent - _ => 2, // Default to Builder Agent - } - } -} -``` - ---- - -### Phase 4: Hybrid Execution Loop (Week 3) - -**Goal:** Main loop that seamlessly switches between local and agent execution - -**File:** `src/main.rs` (modified) - -```rust -use llm::LLMProvider; -use tools::{LocalToolExecutor, AgentToolExecutor, ToolExecutor}; - -struct BotCoder { - config: BotCoderConfig, - llm_provider: Box, - local_executor: LocalToolExecutor, - agent_executor: Option, - botserver_client: Option, -} - -impl BotCoder { - pub async fn new(config: BotCoderConfig) -> Result> { - // Initialize LLM provider based on config - let llm_provider: Box = match config.llm_provider { - LLMProviderType::AzureOpenAI => { - Box::new(llm::AzureOpenAIClient::new()?) - } - LLMProviderType::Anthropic => { - Box::new(llm::AnthropicClient::new()?) - } - LLMProviderType::BotServerFacade => { - // Will use botserver client - Box::new(llm::BotServerFacade::new( - config.botserver_url.clone().unwrap() - )?) - } - _ => Box::new(llm::AzureOpenAIClient::new()?), - }; - - // Initialize tool executors - let local_executor = LocalToolExecutor::new(config.project_path.clone()); - - let mut agent_executor = None; - let mut botserver_client = None; - - // Try to connect to botserver if enabled - if config.enable_facade { - if let Some(url) = &config.botserver_url { - match BotServerClient::new(url.clone(), None).health_check().await { - Ok(()) => { - println!("βœ“ Connected to botserver at {}", url); - let client = BotServerClient::new(url.clone(), None); - botserver_client = Some(client.clone()); - agent_executor = Some(AgentToolExecutor::new(client)); - } - Err(e) => { - warn!("Failed to connect to botserver: {}", e); - if config.fallback_to_local { - println!("⚠ Falling back to local execution"); - } - } - } - } - } - - Ok(Self { - config, - llm_provider, - local_executor, - agent_executor, - botserver_client, - }) - } - - pub async fn run(&mut self) -> Result<(), Box> { - let mut iteration = 0; - let mut conversation_history: Vec = Vec::new(); - - loop { - iteration += 1; - println!("=== ITERATION {} ===", iteration); - - // Display execution mode - if self.agent_executor.is_some() { - println!("Mode: Multi-Agent (BotServer Facade)"); - println!("Agents Available: Mantis #1-12"); - } else { - println!("Mode: Local (BYOK)"); - } - println!(); - - // Build context - let context = self.build_context(&conversation_history); - - // Generate response (streaming) - let response = match self.llm_provider.generate_stream(&context, &Default::default()).await { - Ok(r) => r, - Err(e) => { - // Try fallback to local if botserver fails - if self.agent_executor.is_some() && self.config.fallback_to_local { - warn!("LLM provider failed, trying fallback: {}", e); - // Switch to local provider - continue; - } else { - return Err(e.into()); - } - } - }; - - // Stream response to TUI - self.display_streaming_response(response).await?; - - // Extract tools from response - let tools = self.extract_tools(&full_response); - - // Execute tools (local or agent-based) - for tool in tools { - let result = self.execute_tool_hybrid(tool).await?; - conversation_history.push(format!("Tool: {}\nResult: {}", tool.name, result)); - } - - conversation_history.push(format!("Assistant: {}", full_response)); - - // Trim history - if conversation_history.len() > 20 { - conversation_history.drain(0..10); - } - } - } - - async fn execute_tool_hybrid(&self, tool: ToolCall) -> Result { - let context = ExecutionContext { - project_path: self.config.project_path.clone(), - botserver_client: self.botserver_client.clone(), - use_local_fallback: self.config.fallback_to_local, - }; - - // Try agent executor first if available - if let Some(agent_executor) = &self.agent_executor { - if agent_executor.supports_tool(&tool.name) { - println!("πŸ€– Executing via Mantis Agent: {}", tool.name); - return agent_executor.execute(&tool, &context).await; - } - } - - // Fall back to local executor - if self.local_executor.supports_tool(&tool.name) { - println!("πŸ”§ Executing locally: {}", tool.name); - return self.local_executor.execute(&tool, &context).await; - } - - Err(ToolError::UnknownTool(tool.name)) - } -} -``` - ---- - -## Usage Examples - -### Example 1: Local Mode (BYOK) - -```bash -# .env configuration -LLM_PROVIDER=azure -PROJECT_PATH=/home/user/myproject -ENABLE_BOTSERVER_FACADE=false -``` - -```bash -$ botcoder -=== ITERATION 1 === -Mode: Local (BYOK) -βœ“ Azure OpenAI connected - -> Add authentication to this Rust project - -[AI Reasoning...] -I'll add JWT authentication using the `jsonwebtoken` crate. - -CHANGE: Cargo.toml -<<<<<<< CURRENT -[dependencies] -tokio = "1.0" -======= -[dependencies] -tokio = "1.0" -jsonwebtoken = "9.0" -======= - -[EXECUTE] Tool 1/3: write_file -> Cargo.toml -βœ“ File updated -``` - -### Example 2: Multi-Agent Mode (BotServer Facade) - -```bash -# .env configuration -LLM_PROVIDER=botserver -BOTSERVER_URL=http://localhost:8080 -PROJECT_PATH=/home/user/myproject -ENABLE_BOTSERVER_FACADE=true -FALLBACK_TO_LOCAL=true -``` - -```bash -$ botcoder -=== ITERATION 1 === -βœ“ Connected to botserver at http://localhost:8080 -Mode: Multi-Agent (BotServer Facade) -Agents Available: Mantis #1-12 - -> Create a CRM system with contacts and deals - -[CLASSIFY] Intent: APP_CREATE -[PLAN] Mantis #1 breaking down request... - βœ“ 12 sub-tasks identified - βœ“ Estimated: 45 files, 98k tokens, 2.5 hours - -[BUILD] Mantis #2 generating code... - βœ“ contacts table schema created - βœ“ deals table schema created - βœ“ Contact Manager page generated - βœ“ Deal Pipeline page generated - -[REVIEW] Mantis #3 validating code... - βœ“ HTMX patterns verified - βœ“ Security checks passed - βœ“ 0 vulnerabilities found - -[OPTIMIZE] Mantis #5 refactoring... - βœ“ Extracted duplicate code to utils.rs - βœ“ Added error handling wrappers - -[TEST] Mantis #8 generating tests... - βœ“ 87% code coverage achieved - βœ“ E2E tests created (chromiumoxide) - -[SECURITY] Mantis #12 scanning... - βœ“ 0 critical vulnerabilities - βœ“ All dependencies up to date - -[DEPLOY] Mantis #4 deploying... - Target: Internal GB Platform - βœ“ App deployed to /apps/my-crm/ - βœ“ Verify at http://localhost:8080/apps/my-crm/ - -[DOCUMENT] Mantis #11 generating docs... - βœ“ README.md created - βœ“ API documentation generated - -βœ“ Pipeline complete in 1m 47s -``` - -### Example 3: Hybrid Mode (Automatic Fallback) - -```bash -$ botcoder -=== ITERATION 1 === -Mode: Multi-Agent (BotServer Facade) -βœ“ Connected to botserver - -> Refactor this function for better performance - -[EDITOR] Mantis #5 analyzing code... -⚠ BotServer connection lost - -[FALLBACK] Switching to local mode... -[LOCAL] Analyzing with Azure OpenAI... -βœ“ Refactoring complete -``` - ---- - -## Benefits of Hybrid Architecture - -### For Users (BYOK) -- βœ… **Privacy** - Code never leaves local machine -- βœ… **Speed** - Direct LLM access, no intermediate hops -- βœ… **Cost Control** - Use your own API keys -- βœ… **Offline Capable** - Works with local LLMs (llama.cpp, Ollama) - -### For Users (BotServer Facade) -- βœ… **Multi-Agent Consensus** - 12 specialized agents collaborate -- βœ… **Advanced Capabilities** - Browser automation, security scanning, test generation -- βœ… **Visual Debugging** - Watch agent reasoning in Vibe Builder UI -- βœ… **Enterprise Features** - Team sharing, approval workflows, audit trails - -### Seamless Switching -- βœ… **Automatic Fallback** - If botserver unavailable, use local -- βœ… **Tool Routing** - Use agent for complex tasks, local for simple ones -- βœ… **Cost Optimization** - Reserve expensive agents for hard problems -- βœ… **Progressive Enhancement** - Start local, upgrade to multi-agent as needed - ---- - -## Configuration Matrix - -| Scenario | LLM Provider | Tools | When to Use | -|----------|--------------|-------|-------------| -| **Local Development** | Azure/Anthropic (Direct) | Local file ops | Privacy-critical code | -| **Enterprise Project** | BotServer Facade | Agent-based | Complex refactoring | -| **Open Source** | Local LLM (Ollama) | Local | No API budget | -| **Learning** | BotServer Facade | Agent-based | Study agent reasoning | -| **CI/CD** | BotServer Facade | Agent-based | Automated testing | -| **Quick Fix** | Azure/Anthropic (Direct) | Local | Fast iteration | -| **Security Audit** | BotServer Facade | Mantis #12 | Comprehensive scan | - ---- - -## Implementation Roadmap - -### Week 1: Foundation -- [x] Extract existing LLM client to trait -- [ ] Implement Azure OpenAI provider -- [ ] Implement Anthropic provider -- [ ] Add BotServerFacade provider (stub) - -### Week 2: BotServer Integration -- [ ] Implement BotServerClient -- [ ] Add WebSocket progress streaming -- [ ] Implement agent query methods -- [ ] Add health check & fallback logic - -### Week 3: Tool Execution -- [ ] Refactor existing tools to trait -- [ ] Implement LocalToolExecutor -- [ ] Implement AgentToolExecutor -- [ ] Add tool routing logic - -### Week 4: Hybrid Loop -- [ ] Modify main loop for provider switching -- [ ] Add streaming TUI updates -- [ ] Implement automatic fallback -- [ ] Add mode indicator to UI - -### Week 5: Testing & Docs -- [ ] Test all three modes (local, agent, hybrid) -- [ ] Add configuration examples -- [ ] Write migration guide -- [ ] Update README - ---- - -## Conclusion - -The **hybrid BotCoder** gives users the best of both worlds: - -1. **CLI First** - Fast, local, privacy-focused development -2. **Multi-Agent Power** - On-demand access to 12 specialized agents -3. **Seamless Switching** - Automatic fallback between modes -4. **Progressive Enhancement** - Start simple, scale when needed - -**Result:** A coding agent that works offline for quick fixes but can call in a full multi-agent orchestra when facing complex challenges. - -**Estimated Effort:** 5 weeks (1 developer) -**Lines of Code:** ~2000 new lines (modular, trait-based) - -The BotCoder CLI becomes the **control plane** for the Mantis Farm, offering both direct terminal access and a gateway to the full multi-agent OS when needed. diff --git a/prompts/PLAN.md b/prompts/PLAN.md new file mode 100644 index 0000000..0c5460b --- /dev/null +++ b/prompts/PLAN.md @@ -0,0 +1,38 @@ +# Refactoring Progress & Plan + +## βœ… Completed Tasks (v6.2.5) + +### CRM v2.5 Implementation +- **Migration 6.2.5**: Added `department_id` to `crm_deals`, SLA tables +- **Schema**: Added `attendance_sla_policies` and `attendance_sla_events` tables +- **Structs**: Added `department_id` to `CrmDeal`, updated `ListQuery` with filters +- **API**: Department filtering on `list_leads` and `list_opportunities` +- **SLA Module**: Created `attendance/sla.rs` with breach detection background task +- **Tests**: Unit tests for CRM and SLA modules +- **Documentation**: Updated `sales-pipeline.md` with new stages and department filtering +- **Consolidation**: Merged `crm-marketing.md`, `crm-sales.md`, `crm-service.md` β†’ `crm.md` + +### Previous Fixes +- WhatsApp Adapter Error Handling +- Third-Party Config Robustness +- BASIC Script Preprocessing + +## ❌ Pending (Full Implementation) + +1. **Unified `/api/crm/deals` routes** - Add CRUD handlers +2. **Marketing campaign execution** - `send_campaign` in triggers.rs +3. **Marketing dynamic lists refresh** - Query-based list resolution +4. **Email tracking endpoints** - Open/click pixel tracking +5. **Marketing AI content generation** - LLM prompt integration +6. **Attendance skills-based routing** - Filter by attendant preferences +7. **Attendance webhooks** - HMAC-signed POST events +8. **Attendance kanban endpoint** - Sessions grouped by status +9. **WhatsApp attendant commands** - /queue, /take, /tips, etc. + +## πŸ“‹ Current Status + +- `cargo check -p botserver`: βœ… +- `cargo clippy -p botserver`: βœ… (0 warnings) +- Migration ready: βœ… + +See `prompts/crm.md` for detailed implementation guide. diff --git a/prompts/UNIFIED_PLAN.md b/prompts/UNIFIED_PLAN.md deleted file mode 100644 index 546d72f..0000000 --- a/prompts/UNIFIED_PLAN.md +++ /dev/null @@ -1,877 +0,0 @@ -# Unified Implementation Plan: VibeCode Platform - -## Executive Summary - -This document **unifies** two separate task lists into a cohesive roadmap: -- **task.md**: Security & stability fixes (immediate priority) -- **TASK.md**: Feature implementation roadmap (development pipeline) - -**Current Status:** -- 🎯 Backend: **80% complete** - LLM-powered app generation, multi-agent orchestration, browser automation ready -- 🎨 Frontend: **40% complete** - Vibe UI exists, missing professional tools (Monaco, Database UI, Git, Browser) -- πŸ” Security: **Needs attention** - Unsafe unwraps, dependency vulnerabilities (see Security Priorities below) - ---- - -## Part I: Security & Stability (FROM task.md) - IMMEDIATE PRIORITY ⚠️ - -### 1. Unsafe Unwraps in Production (Violates AGENTS.md Error Handling) - -**Issue:** The codebase uses `.unwrap()`, `.expect()`, `panic!()` in production code, which is explicitly forbidden by AGENTS.md. - -**Vulnerable Locations:** -``` -botserver/src/drive/drive_handlers.rs:269 - Response::builder() unwrap -botserver/src/basic/compiler/mod.rs - Multiple unwrap() calls -botserver/src/llm/llm_models/deepseek_r3.rs - unwrap() outside tests -botserver/src/botmodels/opencv.rs - Test scope unwrap() leaks -``` - -**Action Items:** -- [ ] Replace ALL `.unwrap()` with safe alternatives: - - Use `?` operator with proper error propagation - - Use `unwrap_or_default()` for defaults - - Use pattern matching with early returns - - Apply `ErrorSanitizer` to avoid panics -- [ ] Run `cargo clippy -- -W clippy::unwrap_used -W clippy::expect_used` -- [ ] Add unit tests verifying error paths work correctly - -**Estimated Effort:** 4-6 hours - ---- - -### 2. Dependency Vulnerabilities (Found by `cargo audit`) - -**Vulnerable Component:** -- **Crate:** `glib 0.18.5` -- **Advisory:** `RUSTSEC-2024-0429` -- **Issue:** Unsoundness in `Iterator` and `DoubleEndedIterator` impls for `glib::VariantStrIter` -- **Context:** Pulled through `botdevice` and `botapp` via Tauri plugins/GTK dependencies - -**Action Items:** -- [ ] Review exact usage of glib in the codebase -- [ ] Check if patches are available in newer versions -- [ ] Evaluate risk given desktop GUI context -- [ ] If critical: upgrade GTK/Glib ecosystem dependencies -- [ ] If acceptable: document risk assessment and add to security review checklist - -**Estimated Effort:** 2-4 hours - ---- - -### 3. General Security Posture Alignment - -**CSRF Protection:** -- βœ… Custom CSRF store exists: `redis_csrf_store.rs` -- ⚠️ Verify: ALL state-changing endpoints use it (standard `tower-csrf` is absent from Cargo.toml) - -**Security Headers:** -- βœ… `headers.rs` provides CSP, HSTS, X-Frame-Options -- ⚠️ Verify: Headers are attached UNIVERSALLY in botserver, not selectively omitted - -**Action Items:** -- [ ] Audit all POST/PUT/DELETE endpoints for CSRF token validation -- [ ] Create middleware test to ensure security headers on all responses -- [ ] Document security checklist for new endpoints - -**Estimated Effort:** 3-4 hours - ---- - -## Part II: Feature Implementation Roadmap (FROM TASK.md) - DEVELOPMENT PIPELINE - -### Architecture Overview - -``` -β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” -β”‚ USER REQUEST β”‚ -β”‚ "I want a full CRM system" β”‚ -β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ - β”‚ - β–Ό -β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” -β”‚ VIBE BUILDER UI β”‚ -β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚ -β”‚ β”‚ Agent Sidebar β”‚ β”‚ Canvas Area β”‚ β”‚ -β”‚ β”‚ (Mantis #1-4) β”‚ β”‚ - Task Nodes β”‚ β”‚ -β”‚ β”‚ - Status cards β”‚ β”‚ - Preview β”‚ β”‚ -β”‚ β”‚ - Workspaces β”‚ β”‚ - Chat Overlay β”‚ β”‚ -β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚ -β”‚ β”‚ -β”‚ NEW TOOLS TO ADD: β”‚ -β”‚ πŸ”Œ MCP Sources Panel ← botserver/src/sources/ui.rs β”‚ -β”‚ πŸ“ Monaco Editor ← Phase 1 (Critical) β”‚ -β”‚ πŸ—„οΈ Database Visualizer ← Phase 2 (Critical) β”‚ -β”‚ πŸ™ Git Operations ← Phase 3 (High) β”‚ -β”‚ 🌐 Browser Automation ← Phase 4 (High) β”‚ -β”‚ πŸ“‚ Multi-File Workspace ← Phase 5 (Medium) β”‚ -β”‚ πŸ–₯️ Enhanced Terminal ← Phase 6 (Medium) β”‚ -β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ - β”‚ - β–Ό -β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” -β”‚ BOTSERVER (Rust Backend) β”‚ -β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚ -β”‚ β”‚ Orchestrator β”‚ β”‚ AppGenerator β”‚ β”‚ Designer AI β”‚ β”‚ -β”‚ β”‚ (5 agents) β”‚ β”‚(LLM-driven) β”‚ β”‚(modifications)β”‚ β”‚ -β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚ -β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚ -β”‚ β”‚ Browser β”‚ β”‚ Git β”‚ β”‚ Terminal β”‚ β”‚ -β”‚ β”‚ Automation β”‚ β”‚ Operations β”‚ β”‚ Service β”‚ β”‚ -β”‚ β”‚(chromiumoxide)β”‚ β”‚(git2) β”‚ β”‚(xterm.js) β”‚ β”‚ -β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚ -β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚ -β”‚ β”‚ MCP & Sources Integration ← ALREADY IMPLEMENTED β”‚ β”‚ -β”‚ β”‚ - botserver/src/sources/mcp.rs β”‚ β”‚ -β”‚ β”‚ - botserver/src/sources/ui.rs β”‚ β”‚ -β”‚ β”‚ - /api/ui/sources/* endpoints β”‚ β”‚ -β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚ -β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ - β”‚ - β–Ό -β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” -β”‚ GENERATED OUTPUT β”‚ -β”‚ - PostgreSQL tables β”‚ -β”‚ - HTML pages with HTMX β”‚ -β”‚ - CSS styling β”‚ -β”‚ - JavaScript β”‚ -β”‚ - BASIC tools/schedulers β”‚ -β”‚ - E2E tests (Playwright) β”‚ -β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ -``` - ---- - -## Part III: MCP & Sources Integration - EXISTING INFRASTRUCTURE βœ… - -### What Already Exists - -**Backend Implementation (botserver/src/sources/):** -``` -sources/ -β”œβ”€β”€ mod.rs # Module exports -β”œβ”€β”€ mcp.rs # MCP client, connection, server types -β”œβ”€β”€ ui.rs # HTML pages for /suite/sources/* -β”œβ”€β”€ knowledge_base.rs # Knowledge base upload/query -└── sources_api # API endpoints -``` - -**API Endpoints (defined in botserver/src/core/urls.rs):** -``` -/sources/*: - /suite/sources - Main sources list page - /suite/sources/mcp/add - Add MCP server form - /suite/sources/mcp/catalog - MCP server catalog - -/api/ui/sources/*: - /api/ui/sources/mcp - List MCP servers - /api/ui/sources/mcp/:name - Get server details - /api/ui/sources/mcp/:name/enable - Enable server - /api/ui/sources/mcp/:name/disable - Disable server - /api/ui/sources/mcp/:name/tools - List server tools - /api/ui/sources/mcp/:name/test - Test server connection - /api/ui/sources/mcp/scan - Scan for MCP servers - /api/ui/sources/mcp-servers - Get server catalog - /api/ui/sources/kb/upload - Upload to knowledge base - /api/ui/sources/kb/list - List knowledge base docs - /api/ui/sources/kb/query - Query knowledge base - /api/ui/sources/repositories - List repositories - /api/ui/sources/apps - List connected apps -``` - -**Vibe UI Integration (botui/ui/suite/):** -``` -botui/ui/suite/ -β”œβ”€β”€ partials/ -β”‚ └── vibe.html # Main Vibe Builder UI -β”‚ # - Agent sidebar (Mantis #1-4) -β”‚ # - Canvas area with task nodes -β”‚ # - Chat overlay -β”‚ # - Preview panel -β”œβ”€β”€ vibe/ -β”‚ └── agents-sidebar.css # Styles for agent sidebar -β”œβ”€β”€ js/ -β”‚ └── chat-agent-mode.js # Agent-mode JavaScript -└── css/ - └── chat-agent-mode.css # Agent-mode styles -``` - -### Integration Task: Add MCP Panel to Vibe UI - -**Goal:** Add a "Sources" panel to Vibe that shows connected MCP servers and allows management. - -**Action Items:** -1. **Create MCP Panel Component:** - - File: `botui/ui/suite/partials/vibe-mcp-panel.html` - - Features: - - List connected MCP servers - - Show server status (active/inactive) - - Display available tools per server - - Quick enable/disable toggles - - "Add Server" button (opens `/suite/sources/mcp/add`) - -2. **Add JavaScript:** - - File: `botui/ui/suite/js/vibe-mcp.js` - - Fetch servers from `/api/ui/sources/mcp` - - Handle enable/disable actions - - Update server status in real-time - - Display tool risk levels - -3. **Add Styles:** - - File: `botui/ui/suite/vibe/mcp-panel.css` - - Match existing agents-sidebar.css aesthetic - - Server cards with status indicators - - Tool badges with risk levels - -4. **Integrate into Vibe:** - - Add "Sources" tab to Vibe sidebar - - Load MCP panel when tab clicked - - Show server count badge - -**Estimated Effort:** 6-8 hours - ---- - -## Part IV: Implementation Phases (UPDATED WITH MCP INTEGRATION) - -### Phase 0: Security & Stability ⚠️ - IMMEDIATE (Week 0) - -**Priority: CRITICAL - Must complete before any feature work** - -**Tasks:** -1. [ ] Fix all unsafe `unwrap()` calls -2. [ ] Address dependency vulnerabilities -3. [ ] Verify CSRF & security headers coverage - -**Estimated Effort:** 9-14 hours - -**Success Criteria:** -- βœ… Zero `unwrap()` in production code -- βœ… `cargo audit` passes cleanly -- βœ… All state-changing endpoints use CSRF tokens -- βœ… All responses include security headers - ---- - -### Phase 0.5: MCP Integration in Vibe (Week 0.5) - -**Priority: HIGH - Leverage existing infrastructure** - -**Tasks:** -1. [ ] Create MCP panel component -2. [ ] Add JavaScript for server management -3. [ ] Style panel to match Vibe aesthetic -4. [ ] Integrate into Vibe sidebar - -**Estimated Effort:** 6-8 hours - -**Success Criteria:** -- βœ… MCP servers visible in Vibe UI -- βœ… Can enable/disable servers -- βœ… Can see available tools -- βœ… Can add new servers - ---- - -### Phase 1: Code Editor Integration (P0 - Critical) - -**Goal:** Replace textarea with professional code editor - -**Tasks:** - -1. **Download Monaco Editor** - ```bash - cd botui - npm install monaco-editor@0.45.0 - cp -r node_modules/monaco-editor min/vs ui/suite/js/vendor/ - ``` - -2. **Create Editor Component** - - `botui/ui/suite/partials/editor.html` - - Monaco container with tab bar - - File tree sidebar - - Save/Publish buttons - -3. **Editor JavaScript** - - `botui/ui/suite/js/editor.js` - - Monaco initialization - - Language detection (.html, .css, .js, .bas, .json) - - Tab management (open, close, switch) - - Auto-save with WebSocket sync - -4. **API Endpoints** - - `botserver/src/api/editor.rs` - - GET `/api/editor/file/{path}` - Read file - - POST `/api/editor/file/{path}` - Save file - - GET `/api/editor/files` - List files - -5. **Integration** - - Update `chat-agent-mode.html` - replace textarea with Monaco - - Update `vibe.html` - add editor panel - - Add keyboard shortcuts (Ctrl+S, Ctrl+P, Ctrl+Shift+F) - -**Success Criteria:** -- Monaco loads in < 2 seconds -- Syntax highlighting for 5+ languages -- Multi-file tabs work -- Auto-save completes successfully - -**Estimated Effort:** 8-12 hours - ---- - -### Phase 2: Database UI & Schema Visualization (P0 - Critical) - -**Goal:** Visual database management and query builder - -**Tasks:** - -1. **Schema Visualizer Component** - - `botui/ui/suite/partials/database.html` - - Canvas-based ER diagram - - Table cards with fields - - Relationship lines (foreign keys) - - Zoom/pan controls - -2. **Database JavaScript** - - `botui/ui/suite/js/database.js` - - Fetch schema: `/api/database/schema` - - Render tables using Canvas API - - Click table β†’ show field details - - Drag to rearrange - -3. **Query Builder UI** - - Visual SELECT builder - - Table selection dropdown - - Join interface - - Filter conditions - - SQL preview pane - -4. **Data Grid** - - Sortable columns - - Inline editing - - Pagination - - Export (CSV/JSON) - -5. **Backend API** - - `botserver/src/api/database.rs` - - GET `/api/database/schema` - Tables, fields, relationships - - GET `/api/database/table/{name}/data` - Paginated data - - POST `/api/database/query` - Execute SQL - - POST `/api/database/table/{name}/row` - Insert/update - - DELETE `/api/database/table/{name}/row/{id}` - Delete - -**Success Criteria:** -- ER diagram shows all tables -- Query builder generates valid SQL -- Data grid supports inline edits -- Export works correctly - -**Estimated Effort:** 16-20 hours - ---- - -### Phase 3: Git Operations UI (P1 - High Priority) - -**Goal:** Version control interface in Vibe - -**Tasks:** - -1. **Git Status Panel** - - `botui/ui/suite/partials/git-status.html` - - File list with status icons - - Stage/unstage checkboxes - - "Commit" button - -2. **Diff Viewer** - - `botui/ui/suite/partials/git-diff.html` - - Side-by-side comparison - - Line highlighting (green/red) - - Syntax highlighting - -3. **Commit Interface** - - Message input - - "Commit & Push" button - - Progress indicator - -4. **Branch Manager** - - Branch dropdown - - "New Branch" dialog - - Switch/delete actions - -5. **Commit Timeline** - - Vertical timeline - - Author, date, message - - Click β†’ view diff - -6. **Backend API** - - `botserver/src/api/git.rs` - - GET `/api/git/status` - Git status - - GET `/api/git/diff/{file}` - File diff - - POST `/api/git/commit` - Create commit - - POST `/api/git/push` - Push to remote - - GET `/api/git/branches` - List branches - - POST `/api/git/branch/{name}` - Create/switch - - GET `/api/git/log` - Commit history - -**Success Criteria:** -- Git status displays correctly -- Diff viewer shows side-by-side -- Commit workflow works end-to-end -- Branch switching succeeds - -**Estimated Effort:** 12-16 hours - ---- - -### Phase 4: Browser Automation Engine (P1 - High Priority) - -**Goal:** Pure Rust browser automation for testing & recording - -**Why Rust + Chromiumoxide:** -- βœ… Already in workspace: `chromiumoxide = "0.7"` -- βœ… No Node.js dependency -- βœ… Feature flag exists: `browser` in botserver/Cargo.toml -- βœ… Reference implementation: bottest/src/web/browser.rs (1000+ lines) - -**Tasks:** - -1. **Core Browser Module** - - `botserver/src/browser/mod.rs` - - `BrowserSession` - Manage browser instance - - `BrowserManager` - Session lifecycle - - Methods: `navigate()`, `click()`, `fill()`, `screenshot()`, `execute()` - -2. **Action Recorder** - - `botserver/src/browser/recorder.rs` - - `RecordedAction` - Navigate, Click, Fill, Wait, Assert - - `ActionRecorder` - Record/stop/export - - Export as Playwright test - -3. **Test Validator** - - `botserver/src/browser/validator.rs` - - Check for flaky selectors - - Validate wait conditions - - Suggest improvements via Designer AI - -4. **Browser API** - - `botserver/src/browser/api.rs` - - POST `/api/browser/session` - Create session - - POST `/api/browser/session/:id/execute` - Run action - - GET `/api/browser/session/:id/screenshot` - Capture - - POST `/api/browser/session/:id/record/start` - Start recording - - POST `/api/browser/session/:id/record/stop` - Stop & get actions - - GET `/api/browser/session/:id/record/export` - Export test - -5. **Vibe UI - Browser Panel** - - `botui/ui/suite/partials/browser-controls.html` - - URL bar with navigation buttons - - Record/Stop/Export buttons - - Actions timeline - - Browser preview iframe - - Screenshot gallery - - - `botui/ui/suite/js/browser.js` - - Session management - - Action recording - - Test export - - - `botui/ui/suite/css/browser.css` - - Browser panel styling - - Recording indicator animation - - Actions timeline - - Screenshot gallery grid - -6. **Integration with Vibe** - - Add "Browser Automation" button to Vibe toolbar - - Load browser-controls.html in panel - - Element picker for selector capture - - Screenshot capture & gallery - -**Success Criteria:** -- Can navigate to any URL -- Element picker captures selectors -- Recording generates valid Playwright tests -- Screenshots capture correctly - -**Estimated Effort:** 20-24 hours - ---- - -### Phase 5: Multi-File Editing Workspace (P2 - Medium Priority) - -**Goal:** Professional multi-file editing - -**Tasks:** - -1. **Tab Management** - - File tabs with close buttons - - Active tab highlighting - - Tab overflow scrolling - - Drag to reorder - -2. **Split-Pane Layout** - - Split horizontal/vertical buttons - - Resize handles - - 2x2 grid max - -3. **File Comparison** - - Side-by-side diff - - Line-by-line navigation - - Copy changes (Lβ†’R) - -4. **File Tree Sidebar** - - Nested folders - - File type icons - - Expand/collapse - - Double-click to open - -5. **Quick Open** - - Ctrl+P β†’ Search files - - Fuzzy matching - - Arrow navigation - -6. **Project Search** - - Ctrl+Shift+F β†’ Search all files - - Results with line numbers - - Click to open file - -**Success Criteria:** -- 10+ files open in tabs -- Split view works (2-4 panes) -- File comparison displays diffs -- Quick open searches files - -**Estimated Effort:** 12-16 hours - ---- - -### Phase 6: Enhanced Terminal (P2 - Medium Priority) - -**Goal:** Interactive shell in Vibe - -**Tasks:** - -1. **Terminal Container** - - xterm.js integration (already vendor file) - - Multiple terminal tabs - - Fit addon for auto-resize - -2. **WebSocket Terminal** - - Bi-directional WebSocket: `/ws/terminal/{session_id}` - - Protocol: `{"type": "input", "data": "command\n"}` - - Handle ANSI escape codes - -3. **Command History** - - Up/Down arrows - - Ctrl+R search - - Persist in localStorage - -4. **Command Completion** - - Tab completion - - File path completion - - Command flags - -5. **Backend Terminal Server** - - Spawn PTY per session - - WebSocket handler - - Clean up on disconnect - -6. **File Transfer** - - Drag file to upload - - `upload` / `download` commands - - Progress bars - -**Success Criteria:** -- Can type commands & see output -- Arrow keys navigate history -- Can run vim, top, etc. -- Multiple terminals work - -**Estimated Effort:** 10-14 hours - ---- - -### Phase 7: Advanced CRM Templates (P2 - Medium Priority) - -**Goal:** Pre-built CRM accelerators - -**Tasks:** - -1. **Template System** - - `botserver/src/templates/crm/` - - Template JSON definitions - - Prompt templates - - Field libraries - -2. **CRM Templates** - - **Sales CRM** - - Tables: contacts, leads, opportunities, accounts, activities - - Pages: dashboard, pipeline, contacts list - - Tools: lead_scoring, email_automation - - Schedulers: daily_summary, weekly_review - - - **Real Estate CRM** - - Tables: properties, clients, showings, offers - - Pages: property gallery, client portal - - Tools: mls_sync, showing_scheduler - - Schedulers: showing_reminders, market_update - - - **Healthcare CRM** - - Tables: patients, appointments, treatments, insurance - - Pages: patient portal, appointment scheduler - - Tools: insurance_verification, appointment_reminders - - Schedulers: daily_appointments, insurance_alerts - -3. **Template Gallery UI** - - `botui/ui/suite/partials/template-gallery.html` - - Template cards with descriptions - - Preview screenshots - - "Use Template" button - -4. **Template Generator** - - Load template JSON - - Customize with user details - - Generate all files - - Deploy to /apps/{name} - -**Success Criteria:** -- Can select template from gallery -- Template generates full CRM -- Customization works -- Generated CRM is functional - -**Estimated Effort:** 20-24 hours - ---- - -## Part V: Technical Implementation Notes - -### Code Quality Standards (per AGENTS.md) - -**MUST Follow:** -1. βœ… **Error Handling** - NO panics, use `?` operator -2. βœ… **Safe Commands** - Use `SafeCommand` wrapper -3. βœ… **Error Sanitization** - Use `ErrorSanitizer` -4. βœ… **SQL Safety** - Use `sql_guard` -5. βœ… **Rate Limiting** - Per-IP and per-User limits -6. βœ… **CSRF Protection** - CSRF tokens on state-changing endpoints -7. βœ… **Security Headers** - CSP, HSTS, X-Frame-Options, etc. -8. βœ… **No CDNs** - All assets local -9. βœ… **File Size** - Max 450 lines per file -10. βœ… **Clippy Clean** - 0 warnings, no `#[allow()]` - -### File Organization - -**Botui (Frontend):** -``` -botui/ui/suite/ - partials/ - editor.html - database.html - git-status.html - git-diff.html - browser-controls.html - terminal.html - template-gallery.html - vibe-mcp-panel.html # NEW - MCP integration - js/ - editor.js - database.js - git.js - browser.js - terminal.js - templates.js - vibe-mcp.js # NEW - MCP integration - css/ - editor.css - database.css - git.css - browser.css - terminal.css - templates.css - vibe/ - mcp-panel.css # NEW - MCP integration -``` - -**Botserver (Backend):** -``` -botserver/src/ - api/ - editor.rs - database.rs - git.rs - browser/ - mod.rs # BrowserSession, BrowserManager - recorder.rs # ActionRecorder - validator.rs # TestValidator - api.rs # HTTP endpoints - test_generator.rs - templates/ - crm/ - sales.json - real_estate.json - healthcare.json - mod.rs - sources/ # ALREADY EXISTS - mod.rs - mcp.rs - ui.rs - knowledge_base.rs -``` - -### Dependencies - -**Already in Workspace:** -```toml -chromiumoxide = "0.7" # Browser automation -tokio = "1.41" # Async runtime -axum = "0.7" # HTTP framework -diesel = "2.1" # Database -git2 = "0.18" # Git operations (add if needed) -``` - -**Frontend (download & serve locally):** -``` -monaco-editor@0.45.0 # Code editor -xterm.js@5.3.0 # Terminal (already vendor file) -``` - ---- - -## Part VI: Testing Strategy - -### Unit Tests -- All new modules need unit tests -- Test coverage > 80% -- Location: `botserver/src//tests.rs` - -### Integration Tests -- End-to-end workflows -- Location: `bottest/tests/integration/` - -### E2E Tests -- Use chromiumoxide (bottest infrastructure) -- Location: `bottest/tests/e2e/` -- Test scenarios: - - Generate CRM from template - - Edit in Monaco editor - - View database schema - - Create git commit - - Record browser test - ---- - -## Part VII: Rollout Plan (UPDATED) - -### Milestone 0: Security & MCP (Week 0) -- **Day 1-2:** Fix all unsafe `unwrap()` calls -- **Day 3:** Address dependency vulnerabilities -- **Day 4:** Verify CSRF & security headers -- **Day 5:** Integrate MCP panel into Vibe UI - -### Milestone 1: Core Editor (Week 1) -- Phase 1 complete (Monaco integration) - -### Milestone 2: Database & Git (Week 2) -- Phase 2 complete (Database UI) -- Phase 3 complete (Git Operations) - -### Milestone 3: Browser & Workspace (Week 3) -- Phase 4 complete (Browser Automation) -- Phase 5 complete (Multi-File Editing) - -### Milestone 4: Terminal & Templates (Week 4) -- Phase 6 complete (Enhanced Terminal) -- Phase 7 complete (CRM Templates) - ---- - -## Part VIII: Success Metrics - -### Security Milestones -- βœ… Zero `unwrap()` in production code -- βœ… `cargo audit` passes -- βœ… All endpoints have CSRF + security headers - -### Phase 0.5: MCP Integration -- βœ… MCP panel visible in Vibe sidebar -- βœ… Can enable/disable servers -- βœ… Can view available tools -- βœ… Can add new servers - -### Phase 1: Code Editor -- Monaco loads < 2 seconds -- 5+ syntax highlighters work -- Multi-file tabs functional -- Auto-save succeeds - -### Phase 2: Database UI -- Schema visualizer displays all tables -- Query builder generates valid SQL -- Data grid supports inline edits -- Export functionality works - -### Phase 3: Git Operations -- Git status shows changed files -- Diff viewer shows side-by-side -- Commit workflow works -- Branch switching succeeds - -### Phase 4: Browser Automation -- Can navigate to any URL -- Element picker captures selectors -- Recording generates valid tests -- Screenshots capture correctly - -### Phase 5: Multi-File Workspace -- 10+ files open in tabs -- Split view supports 2-4 panes -- File comparison works -- Project search is fast (< 1s for 100 files) - -### Phase 6: Terminal -- Interactive shell works -- Can run vim, top, etc. -- Multiple terminals run simultaneously -- File transfer works - -### Phase 7: CRM Templates -- 3+ CRM templates available -- Generation takes < 30 seconds -- Generated CRMs are fully functional -- Industry-specific features work - ---- - -## Conclusion - -The BotUI platform has a **powerful backend** capable of generating full applications via LLM. The main gaps are in the **frontend user experience** and **security hardening**. - -**Key Insight:** -- The `botserver/src/sources/` infrastructure for MCP is **already complete** -- The Vibe UI exists and is functional -- We need to **connect** them: add an MCP panel to the Vibe sidebar - -**Updated Priority Order:** -1. ⚠️ **Security fixes** (Week 0) - Unblock development risk -2. πŸ”Œ **MCP integration** (Week 0.5) - Quick win, leverage existing code -3. πŸ“ **Code editor** (Week 1) - Core developer tool -4. πŸ—„οΈ **Database UI** (Week 2) - Visual data management -5. πŸ™ **Git operations** (Week 2) - Version control -6. 🌐 **Browser automation** (Week 3) - Testing & recording -7. πŸ“‚ **Multi-file workspace** (Week 3) - Professional editing -8. πŸ–₯️ **Terminal** (Week 4) - Interactive shell -9. πŸ“‡ **CRM templates** (Week 4) - Accelerators - -Once these phases are complete, VibeCode will match or exceed Claude Code's capabilities while offering: - -βœ… **Multi-user SaaS deployment** -βœ… **Visual app building** (Vibe Builder) -βœ… **Enterprise-grade multi-agent orchestration** -βœ… **Pure Rust backend** (no Node.js dependency) -βœ… **Integrated MCP servers** (extensible tools) -βœ… **Integrated browser automation** (chromiumoxide) -βœ… **Professional development environment** - -**Total Estimated Effort:** 113-141 hours (~3-4 weeks with 1 developer) diff --git a/prompts/arch.md b/prompts/arch.md new file mode 100644 index 0000000..e0b420b --- /dev/null +++ b/prompts/arch.md @@ -0,0 +1,79 @@ +# Missing Areas in Documentation (botbook) + +### 1. Missing Testing Documentation +- No comprehensive testing guide +- Missing test strategy documentation +- No performance testing docs +- Missing security testing guide + +### 2. Missing Deployment Documentation +- No Docker/Kubernetes deployment guides +- Missing cloud provider specific docs (AWS, Azure, GCP) +- No CI/CD pipeline documentation +- Missing scaling/load balancing guides + +### 3. Missing Monitoring Documentation +- No comprehensive observability guide +- Missing alerting configuration docs +- No business metrics documentation +- Missing health check dashboard docs + +### 4. Missing Data Management Documentation +- No backup/restore procedures +- Missing data migration guides +- No data validation documentation +- Missing data anonymization for testing + +### 5. Missing Developer Experience Documentation +- No local development setup guide +- Missing debugging/troubleshooting guide +- No code review guidelines +- Missing contribution workflow docs + +## Missing Areas in Testing (bottest) + +### 1. Missing Security Tests +- No authentication/authorization tests +- Missing penetration testing scenarios +- No security vulnerability tests +- Missing DLP policy tests + +### 2. Missing Performance Tests +- No load testing infrastructure +- Missing stress testing +- No scalability tests +- Missing concurrency tests + +### 3. Missing Integration Tests +- Incomplete service integration tests +- Missing third-party service tests +- No end-to-end workflow tests +- Missing data consistency tests + +### 4. Missing Compliance Tests +- No SOC2 compliance tests +- Missing GDPR compliance tests +- No data retention tests +- Missing audit trail tests + +### 5. Missing User Experience Tests +- No accessibility (a11y) tests +- Missing internationalization tests +- No user journey tests +- Missing error handling tests + +## Most Critical Missing Documentation: + +1. Testing Strategy - Can't ensure quality without proper testing docs +2. Deployment Guides - Hard to deploy to production +3. Monitoring Setup - Can't maintain production systems +4. Security Testing - Critical for enterprise adoption +5. Developer Onboarding - Hard for new contributors + +## Most Critical Missing Tests: + +1. Security Tests - Critical vulnerabilities could go undetected +2. Performance Tests - Scaling issues won't be caught +3. Integration Tests - Service dependencies could break +4. Compliance Tests - Regulatory requirements not verified +5. End-to-End Tests - Complete workflows not validated diff --git a/prompts/campaigns.md b/prompts/campaigns.md new file mode 100644 index 0000000..74c6a16 --- /dev/null +++ b/prompts/campaigns.md @@ -0,0 +1,175 @@ +# Campaigns - Multichannel Marketing Platform + +## Overview +Unified campaign management system supporting email, WhatsApp, Instagram, and Facebook with AI-powered content generation and targeting. + +## Core Tables + +### 1. marketing_campaigns +Main campaign entity linking deals, contacts, and metrics. + +| Column | Type | Description | +|--------|------|-------------| +| id | uuid | Primary key | +| org_id | uuid | Organization | +| bot_id | uuid | Bot | +| name | varchar(100) | Campaign name | +| status | varchar(20) | draft, scheduled, running, paused, completed | +| channel | varchar(20) | email, whatsapp, instagram, facebook, multi | +| content_template | jsonb | AI-generated content per channel | +| scheduled_at | timestamptz | When to send | +| sent_at | timestamptz | When actually sent | +| metrics | jsonb | Opens, clicks, responses | +| budget | numeric | Campaign budget | +| created_at | timestamptz | | +| updated_at | timestamptz | | + +### 2. marketing_lists +Saved recipient lists (static or dynamic). + +| Column | Type | Description | +|--------|------|-------------| +| id | uuid | Primary key | +| org_id | uuid | Organization | +| bot_id | uuid | Bot | +| name | varchar(100) | List name | +| list_type | varchar(20) | static, dynamic | +| query_text | text | SQL-like filter or broadcast.bas path | +| contact_count | int | Cached count | +| created_at | timestamptz | | +| updated_at | timestamptz | | + +### 3. marketing_list_contacts +Junction table for static lists. + +| Column | Type | Description | +|--------|------|-------------| +| list_id | uuid | FK to marketing_lists | +| contact_id | uuid | FK to crm_contacts | +| added_at | timestamptz | | + +### 4. marketing_recipients +Track campaign delivery per contact. + +| Column | Type | Description | +|--------|------|-------------| +| id | uuid | Primary key | +| campaign_id | uuid | FK to marketing_campaigns | +| contact_id | uuid | FK to crm_contacts | +| deal_id | uuid | FK to crm_deals (nullable) | +| channel | varchar(20) | email, whatsapp, etc | +| status | varchar(20) | pending, sent, delivered, failed | +| sent_at | timestamptz | | +| delivered_at | timestamptz | | +| opened_at | timestamptz | Email open (pixel) | +| clicked_at | timestamptz | Link click | +| response | jsonb | WhatsApp status callback | + +### 5. marketing_templates +Content templates with AI prompts. + +| Column | Type | Description | +|--------|------|-------------| +| id | uuid | Primary key | +| org_id | uuid | Organization | +| name | varchar(100) | Template name | +| channel | varchar(20) | email, whatsapp, instagram, facebook | +| subject | varchar(200) | Email subject / WhatsApp text | +| media_url | varchar(500) | Image/video URL | +| ai_prompt | text | Instructions for LLM | +| variables | jsonb | Available placeholders | +| approved | boolean | Meta approval status | +| meta_template_id | varchar(100) | Meta template ID | +| created_at | timestamptz | | + +### 6. email_tracking +Email-specific metrics (invisible pixel + link tracking). + +| Column | Type | Description | +|--------|------|-------------| +| id | uuid | Primary key | +| recipient_id | uuid | FK to marketing_recipients | +| campaign_id | uuid | FK to marketing_campaigns | +| message_id | varchar(100) | SMTP message ID | +| open_token | uuid | Unique pixel token | +| opened | boolean | | +| opened_at | timestamptz | | +| clicked | boolean | | +| clicked_at | timestamptz | | +| ip_address | varchar(45) | | +| user_agent | varchar(500) | | + +### 7. whatsapp_business +WhatsApp Business API configuration. + +| Column | Type | Description | +|--------|------|-------------| +| id | uuid | Primary key | +| bot_id | uuid | Bot | +| phone_number_id | varchar(50) | Meta phone ID | +| business_account_id | varchar(50) | Meta business ID | +| access_token | varchar(500) | Encrypted | +| webhooks_verified | boolean | | + +## Flow + +### 1. Campaign Creation +1. User clicks "New Campaign" +2. Selects channel(s): email, whatsapp, instagram, facebook, multi +3. Chooses audience: + - **broadcast.bas**: If present in .gbdialog, execute and use returned contact list + - **Marketing List**: Select from saved lists + - **Dynamic Query**: Build SQL-like filter +4. AI generates content preview for each channel +5. User edits/approves content +6. Schedule or send immediately + +### 2. Audience Selection +``` +// broadcast.bas example (.gbdialog/scr/broadcast.bas) +SEND "SELECT id, name, phone, email FROM crm_contacts WHERE tags @> '{prospect}'" + +// Result: list of contact UUIDs +``` + +### 3. Content Generation +- LLM receives: contact data, deal info, campaign goal +- Generates: subject, body text, image suggestion +- User can edit before approval + +### 4. Multi-Channel Preview +Single UI showing: +- Email preview (desktop/mobile) +- WhatsApp preview (text + image) +- Instagram/Facebook post preview +- "Publish All" button triggers all channels + +### 5. Metrics Sync +- **Email**: Invisible 1x1 pixel for opens, tracked links for clicks +- **WhatsApp**: Webhook callbacks from Meta API +- **Instagram/Facebook**: Graph API for insights + +## Deal Integration +- Pipeline stage changes can trigger campaigns +- Deals link to campaigns via `marketing_recipients.deal_id` +- Campaign metrics visible in deal sidebar + +## File Structure +``` +botserver/src/ + marketing/ + mod.rs # Routes, handlers + campaigns.rs # CRUD operations + lists.rs # List management + templates.rs # Template management + email.rs # Email sending + tracking + whatsapp.rs # WhatsApp API integration + metrics.rs # Metrics aggregation + ai.rs # Content generation +``` + +## Dependencies +- WhatsApp: meta-whatsapp-business-webhook +- Email: lettre (SMTP) + tracking pixel +- Instagram/Facebook: facebook-graph-api +- AI: Already have LLM integration in designer diff --git a/prompts/PENDING.md b/prompts/finalize.md similarity index 96% rename from prompts/PENDING.md rename to prompts/finalize.md index eb9186f..a2af08b 100644 --- a/prompts/PENDING.md +++ b/prompts/finalize.md @@ -2,7 +2,7 @@ > **Last Updated:** 2025-02-28 > **Purpose:** Track actionable tasks and improvements for the GB platform - +how much can botserver be clustered if cache tables drive are containerzaed web balancer simple can be done --- ## πŸ” Authentication & Identity (Zitadel) diff --git a/prompts/SECURITY_CHECKLIST.md b/prompts/sec-01.md similarity index 100% rename from prompts/SECURITY_CHECKLIST.md rename to prompts/sec-01.md diff --git a/prompts/SECURITY_REVIEW.md b/prompts/sec-02.md similarity index 100% rename from prompts/SECURITY_REVIEW.md rename to prompts/sec-02.md diff --git a/prompts/sec-apis-botmodels.md b/prompts/sec-apis-botmodels.md new file mode 100644 index 0000000..2a87109 --- /dev/null +++ b/prompts/sec-apis-botmodels.md @@ -0,0 +1 @@ +secure communication between botmodels and botserver \ No newline at end of file diff --git a/prompts/sec-bigpickle.md b/prompts/sec-bigpickle.md new file mode 100644 index 0000000..15ff249 --- /dev/null +++ b/prompts/sec-bigpickle.md @@ -0,0 +1,210 @@ +# AnΓ‘lise de SeguranΓ§a - BigPickle/General Bots + +**Data:** 2026-03-11 +**Escopo:** botserver, botlib, bottest + +--- + +## 1. Resumo Executivo + +| Categoria | Status | Severidade | +|-----------|--------|------------| +| **Execução de Comandos** | ⚠️ PARCIAL | ALTA | +| **Rate Limiting** | βœ… IMPLEMENTADO | - | +| **CSRF Protection** | βœ… IMPLEMENTADO | - | +| **Security Headers** | βœ… IMPLEMENTADO | - | +| **Error Handling** | ⚠️ PARCIAL | MΓ‰DIA | +| **SQL Injection** | βœ… IMPLEMENTADO | - | + +--- + +## 2. Execução de Comandos (IMP-02) + +### 2.1 SafeCommand - Bom +O projeto implementa `SafeCommand` em `botserver/src/security/command_guard.rs`: +- Lista branca de comandos permitidos (ffmpeg, pdftotext, pandoc, etc.) +- Bloqueio de comandos perigosos (wget, nc, netcat, dd, mkfs) +- ~190 usos corretos no codebase + +### 2.2 Command::new Direto - PROBLEMA +Encontrados **8 arquivos** com `Command::new` direto (sem SafeCommand): + +| Arquivo | Linha | Comando | Risco | +|---------|-------|---------|-------| +| `core/bootstrap/bootstrap_utils.rs` | 39,53,76,99,112,126,133,161,176,211,231 | pkill, pgrep, sh, curl, nc, bash | ALTO | +| `auto_task/container_session.rs` | 27,52,117 | lxc | MΓ‰DIO | +| `core/bootstrap/bootstrap_manager.rs` | 255 | caddy | MΓ‰DIO | +| `llm/local.rs` | 434,530 | cmd_path (dinΓ’mico) | ALTO | +| `botmodels/python_bridge.rs` | 198 | python_path (config) | MΓ‰DIO | +| `monitoring/real_time.rs` | 595 | df | BAIXO | +| `core/package_manager/cli.rs` | 1136 | psql | MΓ‰DIO | + +**Recomendação:** Migrar todos para `SafeCommand` ou `AsyncCommand` (para async). + +--- + +## 3. Rate Limiting (IMP-07) + +### βœ… Implementado corretamente +- Usa crate `governor` com algoritmo token bucket +- Arquivos: + - `security/rate_limiter.rs` - Rate limiter HTTP global + - `core/rate_limit.rs` - Rate limiter combinado + - `llm/rate_limiter.rs` - Rate limiter LLM + - `core/bot/channels/whatsapp_rate_limiter.rs` - Rate limiter WhatsApp + +### Limites configurados +| Tipo | Limite | Burst | +|------|--------|-------| +| Default | 100 req/s | 200 | +| Strict | 50 req/s | 100 | +| Relaxed | 500 req/s | 1000 | +| API | 100 req/s | 150 | + +**Status:** βœ… CONFORME + +--- + +## 4. CSRF Protection (IMP-08) + +### βœ… Implementado corretamente +- Arquivo: `security/csrf.rs` +- Usa padrΓ£o Double-Submit Cookie +- Configuraçáes: + - Token expiry: 60 minutos + - Cookie secure: true + - SameSite: Strict + - Exempt paths: /api/health, /api/version + - Exempt methods: GET, HEAD, OPTIONS + +**Status:** βœ… CONFORME + +--- + +## 5. Security Headers (IMP-09) + +### βœ… Implementado corretamente +- Arquivo: `security/headers.rs` + +| Header | Valor PadrΓ£o | Valor Strict | +|--------|--------------|--------------| +| Content-Security-Policy | `self` + inline | `self` apenas | +| X-Frame-Options | DENY | DENY | +| X-Content-Type-Options | nosniff | nosniff | +| Strict-Transport-Security | 1 ano | 2 anos + preload | +| Referrer-Policy | strict-origin-when-cross-origin | no-referrer | +| Permissions-Policy | Bloqueado | Bloqueado | + +**Status:** βœ… CONFORME + +--- + +## 6. Error Handling (IMP-01) + +### 6.1 Error Sanitizer - Bom +Arquivo: `security/error_sanitizer.rs` +- 72 usos de `log_and_sanitize()` no codebase +- Remove informaçáes sensΓ­veis de logs + +### 6.2 unwrap()/expect() - PROBLEMA +Encontrados **945 usos** de `.unwrap()` e `.expect()`: +- Concentrados em: + - `whatsapp/mod.rs` (~20) + - `llm/mod.rs` (~15) + - `security/jwt.rs` (~15) + - `attendance/mod.rs` (~10) + +### 6.3 panic!/todo!/unimplemented! - BOM +Apenas **5 ocorrΓͺncias**: +- 2 panic! (1 em WhatsApp - crΓ­tico, 1 em installer) +- 2 todo! (em bottest - aceitΓ‘vel) +- 1 panic! em teste + +**Recomendação:** Substituir `.unwrap()` por tratamento adequado com `?`, `ok_or_else()`, ou `match`. + +--- + +## 7. SQL Injection (IMP-04) + +### βœ… Implementado corretamente +- Arquivo: `security/sql_guard.rs` +- 69 usos de `sanitize_identifier()` no codebase +- Previne SQL injection em operaçáes de tabela + +**Status:** βœ… CONFORME + +--- + +## 8. Autenticação e Autorização + +### 8.1 JWT +- Arquivo: `security/jwt.rs` +- Implementação robusta com tokens + +### 8.2 RBAC +- Arquivo: `security/rbac_middleware.rs` +- PermissΓ΅es baseadas em roles + +### 8.3 Zitadel +- Arquivo: `security/zitadel_auth.rs` +- Integração com IdP externo + +**Status:** βœ… CONFORME + +--- + +## 9. Outras Vulnerabilidades + +### 9.1 Secrets Management +- Arquivo: `security/secrets.rs` +- Integração com Vault + +### 9.2 Password Security +- Arquivo: `security/password.rs` +- Hashing adequado + +### 9.3 MFA/Passkey +- Arquivos: `security/mfa.rs`, `security/passkey.rs`, `security/passkey_service.rs` + +### 9.4 DLP (Data Loss Prevention) +- Arquivo: `security/dlp.rs` + +### 9.5 File Validation +- Arquivo: `security/file_validation.rs` + +--- + +## 10. Recomendaçáes PrioritΓ‘rias + +| # | Ação | Severidade | EsforΓ§o | +|---|------|------------|---------| +| 1 | Migrar Command::new de bootstrap_utils.rs para SafeCommand | ALTA | MΓ‰DIO | +| 2 | Migrar Command::new de container_session.rs para AsyncCommand | ALTA | MΓ‰DIO | +| 3 | Corrigir .unwrap() em whatsapp/mod.rs | ALTA | BAIXO | +| 4 | Migrar llm/local.rs (cmd_path dinΓ’mico) para SafeCommand | ALTA | ALTO | +| 5 | Remover panic! em core/bot/channels/whatsapp.rs:65 | CRÍTICA | BAIXO | + +--- + +## 11. MΓ©tricas + +- **Linhas de cΓ³digo Rust:** ~150,000 +- **Arquivos de seguranΓ§a:** 30+ +- **Testes de seguranΓ§a:** Presentes +- **Cobertura de linting:** 0 warnings (clippy) + +--- + +## 12. ConclusΓ£o + +O projeto tem uma **base de seguranΓ§a sΓ³lida** com: +- βœ… Rate limiting, CSRF, Headers implementados +- βœ… SQL guard implementado +- βœ… SafeCommand para maioria das execuçáes + +**Pontos de atenção:** +- ~8 locais ainda usam Command::new direto +- ~945 .unwrap() que podem causar panics +- 1 panic! crΓ­tico em produção + +**Recomendação:** Corrigir os itens de alta prioridade antes de push para produção. diff --git a/prompts/sec-kilo.md b/prompts/sec-kilo.md new file mode 100644 index 0000000..3bcc7aa --- /dev/null +++ b/prompts/sec-kilo.md @@ -0,0 +1,261 @@ +# Security Tasklist - Kilo Codebase + +## Comprehensive Security Assessment + +Based on a thorough analysis of the Kilo codebase, this document outlines the security posture, identifies vulnerabilities, and provides a prioritized tasklist for security improvements. + +--- + +## 1. Security Architecture Overview + +The codebase has a well-structured security module with multiple layers of protection: +- **Authentication**: JWT tokens, API keys, session management +- **Authorization**: RBAC (Role-Based Access Control) system +- **Input Validation**: SQL injection prevention, XSS protection, path traversal detection +- **Security Headers**: CSP, HSTS, XSS protection headers +- **Rate Limiting**: Governor-based rate limiting for API endpoints +- **Error Handling**: Error sanitization to prevent sensitive data exposure +- **Command Execution**: SafeCommand wrapper for command injection prevention +- **Audit Logging**: Comprehensive audit event tracking +- **Encryption**: Data encryption, TLS, mTLS support +- **Secrets Management**: Vault integration + +--- + +## 2. Current Security Posture + +### Strengths: +1. **Comprehensive security module** with 60+ security-related files +2. **Multiple authentication methods** (JWT, API keys, sessions) +3. **RBAC system** with fine-grained permissions +4. **SQL injection prevention** via SQL guard +5. **Command injection prevention** via SafeCommand +6. **XSS protection** via security headers and input sanitization +7. **Rate limiting** for API endpoints +8. **Error sanitization** to prevent sensitive data exposure +9. **Audit logging** for security events +10. **TLS/mTLS support** with certificate management + +### Weaknesses: +1. **Default CSP includes unsafe-inline and unsafe-eval** +2. **Passkey implementation is incomplete** (commented out) +3. **Some files still use Command::new directly** instead of SafeCommand +4. **Potential for path traversal vulnerabilities** in file operations +5. **JWT secret management** uses default secret if not configured +6. **CORS configuration** has permissive default origins in development +7. **Some endpoints have excessive anonymous access** +8. **Error handling could be more robust** in some areas + +--- + +## 3. Detailed Security Tasklist + +### High Priority Tasks: + +#### 1. CSP Hardening +- **Description**: Remove 'unsafe-inline' and 'unsafe-eval' from default CSP policy +- **Impact**: High - Prevents XSS attacks +- **Files to Modify**: `botserver/src/security/headers.rs` +- **Action Items**: + - Implement nonces or hashes for inline scripts + - Test CSP with all application features + - Update CSP configuration for different environments + +#### 2. Passkey Implementation +- **Description**: Complete the passkey module implementation +- **Impact**: High - Adds modern, phishing-resistant authentication +- **Files to Modify**: + - `botserver/src/security/auth_api/passkey.rs` + - Database schema files + - UI integration files +- **Action Items**: + - Add database schema for passkey storage + - Implement passkey authentication flow + - Add passkey UI integration + - Test passkey functionality + +#### 3. Command Execution Security +- **Description**: Replace all direct Command::new calls with SafeCommand +- **Impact**: High - Prevents command injection vulnerabilities +- **Files to Check**: + - `botserver/src/security/command_guard.rs` (usage) + - All files with command execution logic +- **Action Items**: + - Audit all places where commands are executed + - Replace direct Command::new calls with SafeCommand + - Add more strict validation for shell script arguments + +#### 4. JWT Security +- **Description**: Improve JWT token security +- **Impact**: High - Prevents token-related vulnerabilities +- **Files to Modify**: `botserver/src/security/jwt.rs` +- **Action Items**: + - Enforce minimum secret length requirements + - Implement JWT secret rotation + - Add JWT token validation improvements + - Remove default secret and enforce environment variable configuration + +--- + +### Medium Priority Tasks: + +#### 5. CORS Configuration +- **Description**: Restrict CORS configuration for production +- **Impact**: Medium - Prevents unauthorized cross-origin requests +- **Files to Modify**: `botserver/src/main_module/server.rs` +- **Action Items**: + - Restrict allowed origins in production + - Validate CORS configuration for all environments + - Add proper origin validation for API endpoints + +#### 6. RBAC and Permissions +- **Description**: Review and improve permission system +- **Impact**: Medium - Prevents unauthorized access to sensitive endpoints +- **Files to Check**: + - `botserver/src/security/auth_api/mod.rs` + - `botserver/src/main_module/server.rs` (route definitions) +- **Action Items**: + - Review and reduce anonymous paths + - Implement more granular permissions for sensitive endpoints + - Add permission validation for all API routes + +#### 7. Path Traversal Prevention +- **Description**: Audit file operations for path traversal vulnerabilities +- **Impact**: Medium - Prevents unauthorized file system access +- **Files to Check**: All file handling functions +- **Action Items**: + - Audit all file operations for path traversal vulnerabilities + - Improve path validation in file handling functions + - Add tests for path traversal scenarios + +#### 8. Error Handling Improvements +- **Description**: Replace unsafe unwrapping with proper error handling +- **Impact**: Medium - Prevents application crashes and sensitive data exposure +- **Files to Check**: All production code files +- **Action Items**: + - Audit all unwrap()/expect() calls in production code + - Replace with proper error handling + - Ensure all errors are properly sanitized before being returned to clients + +--- + +### Low Priority Tasks: + +#### 9. Security Headers +- **Description**: Review and update security headers configuration +- **Impact**: Low - Enhances overall security posture +- **Files to Modify**: `botserver/src/security/headers.rs` +- **Action Items**: + - Review and update security headers configuration + - Ensure all headers are properly set on all responses + - Add tests for security headers + +#### 10. Rate Limiting +- **Description**: Improve rate limiting for sensitive endpoints +- **Impact**: Low - Prevents brute force and denial of service attacks +- **Files to Modify**: `botserver/src/security/rate_limiter.rs` +- **Action Items**: + - Review rate limit configurations + - Implement per-user rate limiting for sensitive endpoints + - Add rate limit headers to responses + +#### 11. Audit Logging +- **Description**: Enhance audit event coverage +- **Impact**: Low - Improves security monitoring and incident response +- **Files to Modify**: `botserver/src/security/audit.rs` +- **Action Items**: + - Review audit event coverage + - Add more detailed audit events for sensitive operations + - Implement audit log retention and rotation + +#### 12. Secrets Management +- **Description**: Improve vault integration and secrets management +- **Impact**: Low - Enhances secret protection +- **Files to Check**: + - `botserver/src/config.rs` + - Vault integration files +- **Action Items**: + - Improve vault integration + - Add secrets rotation mechanisms + - Ensure all sensitive data is properly encrypted + +--- + +## 4. Vulnerability Summary + +| Vulnerability | Severity | Status | Description | +|---------------|----------|--------|-------------| +| CSP with unsafe-inline/unsafe-eval | High | Open | Default CSP allows unsafe inline scripts and eval | +| Incomplete passkey implementation | High | Open | Passkey module is commented out and incomplete | +| Direct Command::new usage | Medium | Open | Some files still use direct command execution | +| JWT default secret | Medium | Open | Uses weak default secret if not configured | +| Permissive CORS in dev | Medium | Open | Development CORS has overly permissive origins | +| Excessive anonymous access | Medium | Open | Too many endpoints allow anonymous access | +| Path traversal risks | Medium | Open | File operations may be vulnerable to path traversal | +| Unsafe unwrap() calls | Low | Open | Some production code uses unsafe unwrapping | + +--- + +## 5. Key Files and Directories + +### Security Module: `/home/rodriguez/src/gb/botserver/src/security/` +- **auth_api/** - Authentication and authorization APIs +- **jwt.rs** - JWT token management +- **csrf.rs** - CSRF protection +- **headers.rs** - Security headers configuration +- **sql_guard.rs** - SQL injection prevention +- **command_guard.rs** - Command injection prevention +- **error_sanitizer.rs** - Error handling and sanitization +- **rate_limiter.rs** - Rate limiting implementation +- **audit.rs** - Audit logging + +### Main Server Configuration: `/home/rodriguez/src/gb/botserver/src/main_module/server.rs` +- Server initialization +- CORS configuration +- Auth provider setup +- API routing + +### Input Validation: `/home/rodriguez/src/gb/botserver/src/security/validation.rs` +- Email, URL, phone validation +- XSS prevention +- HTML sanitization + +--- + +## 6. Recommendations + +### Process Improvements: +1. **Implement a security review process** for all new code +2. **Add security testing** to CI/CD pipeline +3. **Conduct regular security audits** of the codebase +4. **Update dependencies** to address known vulnerabilities +5. **Implement a bug bounty program** for external security researchers +6. **Add security training** for developers + +### Tooling Recommendations: +- **Dependency Scanning**: Use `cargo audit` for vulnerability detection +- **Code Quality**: Use `cargo clippy` with security lints +- **Security Testing**: Implement penetration testing and fuzzing +- **Monitoring**: Set up real-time security event monitoring and alerting + +--- + +## 7. Task Prioritization Strategy + +1. **High Priority (Fix within 2 weeks)**: CSP hardening, passkey implementation, command execution security, JWT security +2. **Medium Priority (Fix within 1 month)**: CORS configuration, RBAC/permissions, path traversal prevention, error handling +3. **Low Priority (Fix within 3 months)**: Security headers, rate limiting, audit logging, secrets management + +--- + +## 8. Success Metrics + +- 0 critical vulnerabilities +- 0 high severity vulnerabilities +- 95% test coverage for security-related code +- All security tasks completed within recommended timeframes +- No security incidents reported post-implementation + +--- + +*This document is a living security tasklist and should be updated regularly based on codebase changes, security assessments, and emerging threats.* \ No newline at end of file diff --git a/prompts/sec-minmax.md b/prompts/sec-minmax.md new file mode 100644 index 0000000..5000098 --- /dev/null +++ b/prompts/sec-minmax.md @@ -0,0 +1,189 @@ +# Security Tasklist - MinMax Analysis + +## Overview +Comprehensive security tasklist based on automated analysis of all source code modules: botserver, botui, botlib, botdevice, botapp, bottest. + +--- + +## CRITICAL (P0) - Fix Immediately + +### 1. Unsafe Command Execution +**Files with direct Command::new (64 remaining):** +- `botserver/src/core/bootstrap/bootstrap_utils.rs:39,53,76,99,112,126,133,161,176,211,231` +- `botserver/src/core/package_manager/installer.rs:1154` +- `botserver/src/botmodels/python_bridge.rs:198` +- `botserver/src/auto_task/container_session.rs:27,52,117` +- `botserver/src/llm/local.rs:434,530` +- `botserver/src/monitoring/real_time.rs:595` + +**Action:** Replace ALL `Command::new` with `SafeCommand::new` + +### 2. Panic Usage (4 instances) +- `botserver/src/core/bot/channels/whatsapp.rs:65` - `panic!("WhatsApp queue initialization failed")` +- `botserver/src/core/package_manager/installer.rs:28` - `panic!` for parsing error + +**Action:** Replace with proper error handling using `?` or `Result` + +### 3. Unsafe Unwrap/Expect (647 instances) +Major hotspots: +- `botserver/src/whatsapp/mod.rs` - 30+ unwrap() on JSON serialization +- `botserver/src/llm/mod.rs` - Multiple unwrap() on serialization +- `botserver/src/security/jwt.rs` - Multiple expect() on token operations + +**Action:** Systematic replacement with `ok_or_else()`, `match`, or `if let` + +--- + +## HIGH PRIORITY (P1) - Fix Within 1 Week + +### 4. SQL Query Construction (format! with SQL) +- `botserver/src/email/signatures.rs:306` - `diesel::sql_query(format!(...))` +- `botserver/src/contacts/contacts_api/service.rs:251` - `format!("SELECT COUNT(*)...")` +- `botserver/src/basic/keywords/db_api.rs:644` - `format!("DELETE FROM {}...")` +- `botserver/src/maintenance/mod.rs:458,479` - `diesel::sql_query(format!(...))` + +**Action:** Use sql_guard consistently, validate all table/column names + +### 5. CSP Configuration - unsafe-inline/unsafe-eval +- `botserver/src/security/headers.rs` - Default CSP includes unsafe directives + +**Action:** Implement nonce-based CSP, remove unsafe-inline/unsafe-eval + +### 6. JWT Secret Management +- `botserver/src/security/jwt.rs` - Default secret fallback if not configured +- Multiple `expect("Failed to generate")` in token operations + +**Action:** Enforce minimum secret length, fail startup if not configured + +--- + +## MEDIUM PRIORITY (P2) - Fix Within 2 Weeks + +### 7. Passkey Implementation - Incomplete +- `botserver/src/security/passkey.rs` - Implementation present but incomplete +- `botserver/src/security/passkey_service.rs` - Service layer incomplete + +**Action:** Complete passkey registration/authentication flow + +### 8. RBAC - Anonymous Access +- `botserver/src/main_module/server.rs` - Some routes may allow excessive anonymous access + +**Action:** Audit all route permissions, minimize anonymous endpoints + +### 9. Path Traversal Risks +- `botserver/src/security/path_guard.rs` exists but needs usage audit +- File operations in `botserver/src/basic/keywords/file_ops/` + +**Action:** Ensure all file operations use path_guard validation + +### 10. Rate Limiting Coverage +- Governor-based rate limiting exists but not applied uniformly +- WhatsApp-specific rate limiter at `botserver/src/core/bot/channels/whatsapp_rate_limiter.rs` + +**Action:** Apply consistent rate limiting to ALL API endpoints + +--- + +## LOW PRIORITY (P3) - Fix Within 1 Month + +### 11. Error Sanitization Coverage +- 67 instances using `log_and_sanitize` found +- Coverage good in security/rbac.rs, basic/keywords/db_api.rs +- Missing in some API handlers + +**Action:** Ensure ALL HTTP error responses use error_sanitizer + +### 12. Security Headers +- `botserver/src/security/headers.rs` - Comprehensive implementation exists +- Tests at lines 476-625 + +**Action:** Verify all responses include security headers + +### 13. Audit Logging +- `botserver/src/security/audit.rs` - Module exists +- Need coverage verification for all security events + +**Action:** Audit event coverage review + +### 14. Secrets Management +- Vault integration via `vaultrs` exists +- Ensure all secrets loaded from `/tmp/` not hardcoded + +**Action:** Verify secrets loading from `/tmp/vault-*` + +--- + +## VERIFICATION COMMANDS + +### Dependency Audit +```bash +cargo audit +cargo deny check +``` + +### Code Quality +```bash +cargo clippy --workspace # Target: 0 warnings +``` + +### Security Tests +```bash +cargo test -p botserver security +``` + +### Specific Pattern Search +```bash +# Find Command::new +grep -r "Command::new" botserver/src --include="*.rs" | grep -v SafeCommand | grep -v "// Safe" + +# Find unwrap/expect +grep -r "\.unwrap\(\)\|\.expect(" botserver/src --include="*.rs" | wc -l + +# Find format! with SQL +grep -r 'format!.*SELECT\|format!.*INSERT\|format!.*UPDATE\|format!.*DELETE' botserver/src --include="*.rs" +``` + +--- + +## SECURITY MODULES STATUS + +| Module | Status | Notes | +|--------|--------|-------| +| sql_guard | βœ… Good | Used in db_api, search, find | +| command_guard | βœ… Good | SafeCommand widely adopted | +| csrf | βœ… Good | Full implementation with Redis store | +| error_sanitizer | βœ… Good | 67 usage instances | +| jwt | ⚠️ Review | Default secret, unwrap usage | +| rate_limiter | βœ… Good | Governor-based | +| headers | ⚠️ Review | CSP needs hardening | +| passkey | ❌ Incomplete | Needs completion | +| audit | βœ… Good | Module exists | +| rbac | ⚠️ Review | Anonymous access audit needed | + +--- + +## TASK BATCH STRATEGY + +### Batch 1 - Command Execution (64 files) +1. Search all `Command::new` occurrences +2. Replace with `SafeCommand::new` +3. Verify with clippy + +### Batch 2 - Unwrap/Expect (647 instances) +1. Sort by file frequency +2. Fix highest-volume files first: + - whatsapp/mod.rs (30+) + - llm/mod.rs (15+) + - security/jwt.rs (20+) +3. Use offline fix approach + +### Batch 3 - SQL Queries (19 instances) +1. Verify sql_guard usage +2. Add validate_table_name calls +3. Test SQL injection resistance + +--- + +*Generated: 2026-03-11* +*Analysis: Automated grep + code review* +*Target: Zero critical/high security issues* diff --git a/task.md b/prompts/sec-x.md similarity index 100% rename from task.md rename to prompts/sec-x.md diff --git a/prompts/vib.md b/prompts/vib.md deleted file mode 100644 index a2f0072..0000000 --- a/prompts/vib.md +++ /dev/null @@ -1,2091 +0,0 @@ -# VibeCode Platform - Unified Implementation Roadmap - -## Executive Summary - -**Current Status:** BotUI's backend is **80% complete** with powerful LLM-driven code generation. The platform must support **two deployment models** and needs professional frontend tools to match Claude Code's capabilities. - -**Dual Deployment Strategy:** -1. **Internal GB Apps** - Apps served directly from the GB platform using API endpoints -2. **External Forgejo ALM Projects** - Apps deployed to external Forgejo repositories with CI/CD - -**What Works (Backend):** -- βœ… LLM-powered app generation (AppGenerator: 3400+ lines) -- βœ… Multi-agent pipeline (Orchestrator: Plan β†’ Build β†’ Review β†’ Deploy β†’ Monitor) -- βœ… Real-time WebSocket progress -- βœ… Database schema generation -- βœ… File generation (HTML, CSS, JS, BAS) -- βœ… Designer AI (runtime modifications with undo/redo) -- βœ… chromiumoxide dependency ready for browser automation -- βœ… **Forgejo ALM integration** (mTLS, runners, web server on port 3000) -- βœ… **MCP servers integration** (`botserver/src/sources/`) -- βœ… **App deployment** (`/apps/{name}` routes, Drive storage) - -**What's Missing (Critical Gaps):** - -**Security (IMMEDIATE):** -- ❌ Unsafe unwraps in production code -- ❌ Dependency vulnerabilities (glib 0.18.5) -- ❌ CSRF validation audit needed - -**Deployment Infrastructure (Phase 0 - CRITICAL):** -- ❌ Deployment routing logic (internal vs external) -- ❌ Forgejo project initialization & git push -- ❌ CI/CD pipeline generation for Forgejo projects -- ❌ Deployment UI in Vibe Builder - -**Frontend Tools (Phases 1-7):** -- ❌ Monaco/CodeMirror editor (just textarea now) -- ❌ Database UI (no schema visualizer) -- ❌ Git operations UI -- ❌ Browser automation engine UI -- ❌ Multi-file editing workspace -- ❌ Enhanced terminal -- ❌ MCP panel integration - ---- - -## Table of Contents - -1. [Part I: Security & Stability](#part-i-security--stability) -2. [Part II: Dual Deployment Infrastructure](#part-ii-dual-deployment-infrastructure) -3. [Part III: MCP Integration](#part-iii-mcp-integration) -4. [Part IV: Professional Development Tools](#part-iv-professional-development-tools) -5. [Part V: Architecture Diagrams](#part-v-architecture-diagrams) -6. [Part VI: Implementation Phases](#part-vi-implementation-phases) -7. [Part VII: File Organization](#part-vii-file-organization) -8. [Part VIII: Testing Strategy](#part-viii-testing-strategy) -9. [Part IX: Rollout Plan](#part-ix-rollout-plan) -10. [Part X: Success Metrics](#part-x-success-metrics) - ---- - -## Part I: Security & Stability - -**Priority:** ⚠️ **CRITICAL** - Must complete before any feature work - -### 1. Unsafe Unwraps in Production - -**Issue:** Codebase uses `.unwrap()`, `.expect()`, `panic!()` in production, violating AGENTS.md rules. - -**Vulnerable Locations:** -``` -botserver/src/drive/drive_handlers.rs:269 - Response::builder() unwrap -botserver/src/basic/compiler/mod.rs - Multiple unwrap() calls -botserver/src/llm/llm_models/deepseek_r3.rs - unwrap() outside tests -botserver/src/botmodels/opencv.rs - Test scope unwrap() leaks -``` - -**Action Items:** -- [ ] Replace ALL `.unwrap()` with safe alternatives: - - Use `?` operator with proper error propagation - - Use `unwrap_or_default()` for defaults - - Use pattern matching with early returns - - Apply `ErrorSanitizer` to avoid panics -- [ ] Run `cargo clippy -- -W clippy::unwrap_used -W clippy::expect_used` -- [ ] Add unit tests verifying error paths work correctly - -**Estimated Effort:** 4-6 hours - ---- - -### 2. Dependency Vulnerabilities - -**Vulnerable Component:** -- **Crate:** `glib 0.18.5` -- **Advisory:** `RUSTSEC-2024-0429` -- **Issue:** Unsoundness in `Iterator` and `DoubleEndedIterator` impls -- **Context:** Pulled through `botdevice`/`botapp` via Tauri/GTK - -**Action Items:** -- [ ] Review exact usage of glib in codebase -- [ ] Check if patches are available in newer versions -- [ ] Evaluate risk given desktop GUI context -- [ ] If critical: upgrade GTK/Glib dependencies -- [ ] If acceptable: document risk assessment - -**Estimated Effort:** 2-4 hours - ---- - -### 3. General Security Posture - -**CSRF Protection:** -- βœ… Custom CSRF store exists: `redis_csrf_store.rs` -- ⚠️ **Verify:** ALL state-changing endpoints use it - -**Security Headers:** -- βœ… `headers.rs` provides CSP, HSTS, X-Frame-Options -- ⚠️ **Verify:** Headers are attached UNIVERSALLY - -**Action Items:** -- [ ] Audit all POST/PUT/DELETE endpoints for CSRF validation -- [ ] Create middleware test to ensure security headers on all responses -- [ ] Document security checklist for new endpoints - -**Estimated Effort:** 3-4 hours - ---- - -## Part II: Dual Deployment Infrastructure - -**Priority:** πŸ”΄ **CRITICAL** - Core feature missing - -### Current State Analysis - -**Existing Infrastructure:** -```rust -// Forgejo ALM is already configured: -botserver/src/security/mutual_tls.rs:150 - - configure_forgejo_mtls() - mTLS setup for Forgejo - -botserver/src/core/package_manager/installer.rs - - forgejo binary installer - - forgejo-runner integration - - ALM_URL environment variable - - Port 3000 for Forgejo web UI - -botserver/src/basic/keywords/create_site.rs - - CREATE SITE keyword for app generation - - Stores to Drive: apps/{alias} - - Serves from: /apps/{alias} - -botserver/src/basic/keywords/app_server.rs - - Suite JS file serving - - Vendor file routing - -botserver/src/sources/ - - MCP integration already exists - - 40+ API endpoints available -``` - -**Missing Components:** -1. ❌ Deployment routing logic (internal vs external choice) -2. ❌ Forgejo repository initialization API -3. ❌ Git push to Forgejo repositories -4. ❌ CI/CD pipeline template generation -5. ❌ Forgejo Actions workflow builder -6. ❌ Custom domain configuration for external projects - ---- - -### Architecture: Dual Deployment Model - -``` -β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” -β”‚ USER REQUEST β”‚ -β”‚ "I want a full CRM system" β”‚ -β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ - β”‚ - β–Ό -β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” -β”‚ VIBE BUILDER UI β”‚ -β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚ -β”‚ β”‚ Agent Sidebar β”‚ β”‚ Canvas Area β”‚ β”‚ -β”‚ β”‚ (Mantis #1-4) β”‚ β”‚ - Task Nodes β”‚ β”‚ -β”‚ β”‚ - Status cards β”‚ β”‚ - Preview β”‚ β”‚ -β”‚ β”‚ - Workspaces β”‚ β”‚ - Chat Overlay β”‚ β”‚ -β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚ -β”‚ β”‚ -β”‚ ⚠️ DEPLOYMENT CHOICE (Phase 0): β”‚ -β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚ -β”‚ β”‚ πŸ“± Deploy to GB Platform 🌐 Deploy to Forgejo β”‚ β”‚ -β”‚ β”‚ - Serve from /apps/{name} - Push to repo β”‚ β”‚ -β”‚ β”‚ - Use GB API - CI/CD pipeline β”‚ β”‚ -β”‚ β”‚ - Fast iteration - Custom domain β”‚ β”‚ -β”‚ β”‚ - Shared resources - Independent β”‚ β”‚ -β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚ -β”‚ β”‚ -β”‚ πŸ“ Code Editor (Monaco) ← Phase 1 β”‚ -β”‚ πŸ—„οΈ Database Schema Visualizer ← Phase 2 β”‚ -β”‚ πŸ™ Git Operations UI ← Phase 3 β”‚ -β”‚ 🌐 Browser Automation Panel ← Phase 4 β”‚ -β”‚ πŸ“‚ Multi-File Workspace ← Phase 5 β”‚ -β”‚ πŸ–₯️ Enhanced Terminal ← Phase 6 β”‚ -β”‚ πŸ”Œ MCP Panel Integration ← Existing β”‚ -β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ - β”‚ - β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” - β”‚ β”‚ - β–Ό β–Ό -β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” -β”‚ INTERNAL GB APPS β”‚ β”‚ EXTERNAL FORGEJO PROJECTS β”‚ -β”‚ β”‚ β”‚ β”‚ -β”‚ Deployment Flow: β”‚ β”‚ Deployment Flow: β”‚ -β”‚ 1. Generate files β”‚ β”‚ 1. Generate files β”‚ -β”‚ 2. Store in Drive β”‚ β”‚ 2. Init git repo β”‚ -β”‚ 3. Serve from /apps/ β”‚ β”‚ 3. Push to Forgejo β”‚ -β”‚ 4. Use GB APIs β”‚ β”‚ 4. Create CI/CD (.forgejo/*) β”‚ -β”‚ 5. Shared DB β”‚ β”‚ 5. Runner builds & deploys β”‚ -β”‚ 6. Shared auth β”‚ β”‚ 6. Independent deployment β”‚ -β”‚ β”‚ β”‚ 7. Custom domain β”‚ -β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚ β”‚ β”‚ -β”‚ β”‚ App Router β”‚ β”‚ β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚ -β”‚ β”‚ /apps/{name} β”‚ β”‚ β”‚ β”‚ Forgejo ALM (port 3000) β”‚ β”‚ -β”‚ β”‚ - HTMX routes β”‚ β”‚ β”‚ β”‚ - Git server β”‚ β”‚ -β”‚ β”‚ - API proxy β”‚ β”‚ β”‚ β”‚ - CI/CD (.forgejo/workflows) β”‚ β”‚ -β”‚ β”‚ - Auth wrapper β”‚ β”‚ β”‚ β”‚ - Packages (npm, cargo) β”‚ β”‚ -β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚ β”‚ β”‚ - Actions runner β”‚ β”‚ -β”‚ β”‚ β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚ -β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ - β”‚ - β–Ό -β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” -β”‚ BOTSERVER (Rust Backend) β”‚ -β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚ -β”‚ β”‚ Orchestratorβ”‚ β”‚AppGeneratorβ”‚ β”‚Designer AI β”‚ β”‚ -β”‚ β”‚ (5 agents) β”‚ β”‚(LLM-driven)β”‚ β”‚(modifications)β”‚ β”‚ -β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚ -β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚ -β”‚ β”‚ Browser β”‚ β”‚ Git β”‚ β”‚ Terminal β”‚ β”‚ -β”‚ β”‚ Automation β”‚ β”‚ Operations β”‚ β”‚ Service β”‚ β”‚ -β”‚ β”‚(chromiumoxide)β”‚ β”‚(git2) β”‚ β”‚(xterm.js) β”‚ β”‚ -β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚ -β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚ -β”‚ β”‚ MCP & Sources Integration ← ALREADY EXISTS β”‚ β”‚ -β”‚ β”‚ - botserver/src/sources/mcp.rs β”‚ β”‚ -β”‚ β”‚ - /api/ui/sources/* endpoints β”‚ β”‚ -β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚ -β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ - β”‚ - β–Ό -β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” -β”‚ GENERATED OUTPUT β”‚ -β”‚ - PostgreSQL tables β”‚ -β”‚ - HTML pages with HTMX β”‚ -β”‚ - CSS styling β”‚ -β”‚ - JavaScript β”‚ -β”‚ - BASIC tools/schedulers β”‚ -β”‚ - E2E tests (Playwright) β”‚ -β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ -``` - ---- - -### Phase 0.1: Deployment Router (P0 - CRITICAL) - -**Goal:** Create routing logic to deploy apps internally or to Forgejo - -**File:** `botserver/src/deployment/mod.rs` - -```rust -use serde::{Deserialize, Serialize}; -use std::path::PathBuf; - -#[derive(Debug, Clone, Serialize, Deserialize)] -pub enum DeploymentTarget { - /// Serve from GB platform (/apps/{name}) - Internal { - route: String, - shared_resources: bool, - }, - /// Deploy to external Forgejo repository - External { - repo_url: String, - custom_domain: Option, - ci_cd_enabled: bool, - }, -} - -#[derive(Debug, Clone, Serialize, Deserialize)] -pub struct DeploymentConfig { - pub app_name: String, - pub target: DeploymentTarget, - pub environment: DeploymentEnvironment, -} - -#[derive(Debug, Clone, Serialize, Deserialize)] -pub enum DeploymentEnvironment { - Development, - Staging, - Production, -} - -pub struct DeploymentRouter { - forgejo_url: String, - forgejo_token: Option, - internal_base_path: PathBuf, -} - -impl DeploymentRouter { - pub fn new( - forgejo_url: String, - forgejo_token: Option, - internal_base_path: PathBuf, - ) -> Self { - Self { - forgejo_url, - forgejo_token, - internal_base_path, - } - } - - /// Route deployment based on target type - pub async fn deploy( - &self, - config: DeploymentConfig, - generated_app: GeneratedApp, - ) -> Result { - match config.target { - DeploymentTarget::Internal { route, .. } => { - self.deploy_internal(route, generated_app).await - } - DeploymentTarget::External { ref repo_url, .. } => { - self.deploy_external(repo_url, generated_app).await - } - } - } - - /// Deploy internally to GB platform - async fn deploy_internal( - &self, - route: String, - app: GeneratedApp, - ) -> Result { - // 1. Store files in Drive - // 2. Register route in app router - // 3. Create API endpoints - // 4. Return deployment URL - todo!() - } - - /// Deploy externally to Forgejo - async fn deploy_external( - &self, - repo_url: &str, - app: GeneratedApp, - ) -> Result { - // 1. Initialize git repo - // 2. Add Forgejo remote - // 3. Push generated files - // 4. Create CI/CD workflow - // 5. Trigger build - todo!() - } -} - -#[derive(Debug, Clone, Serialize, Deserialize)] -pub struct DeploymentResult { - pub url: String, - pub deployment_type: String, - pub status: DeploymentStatus, - pub metadata: serde_json::Value, -} - -#[derive(Debug, Clone, Serialize, Deserialize)] -pub enum DeploymentStatus { - Pending, - Building, - Deployed, - Failed, -} - -#[derive(Debug)] -pub enum DeploymentError { - InternalDeploymentError(String), - ForgejoError(String), - GitError(String), - CiCdError(String), -} -``` - -**Estimated Effort:** 12-16 hours - ---- - -### Phase 0.2: Forgejo Integration (P0 - CRITICAL) - -**Goal:** Initialize repositories and push code to Forgejo - -**File:** `botserver/src/deployment/forgejo.rs` - -```rust -use git2::{Repository, Oid}; -use serde::{Deserialize, Serialize}; - -pub struct ForgejoClient { - base_url: String, - token: String, - client: reqwest::Client, -} - -impl ForgejoClient { - pub fn new(base_url: String, token: String) -> Self { - Self { - base_url, - token, - client: reqwest::Client::new(), - } - } - - /// Create a new repository in Forgejo - pub async fn create_repository( - &self, - name: &str, - description: &str, - private: bool, - ) -> Result { - let url = format!("{}/api/v1/user/repos", self.base_url); - - let payload = CreateRepoRequest { - name: name.to_string(), - description: description.to_string(), - private, - auto_init: true, - gitignores: Some("Node,React,Vite".to_string()), - license: Some("MIT".to_string()), - readme: Some("Default".to_string()), - }; - - let response = self - .client - .post(&url) - .header("Authorization", format!("token {}", self.token)) - .json(&payload) - .send() - .await - .map_err(|e| ForgejoError::HttpError(e.to_string()))?; - - if response.status().is_success() { - let repo: ForgejoRepo = response - .json() - .await - .map_err(|e| ForgejoError::JsonError(e.to_string()))?; - Ok(repo) - } else { - Err(ForgejoError::ApiError( - response.status().to_string(), - )) - } - } - - /// Push generated app to Forgejo repository - pub async fn push_app( - &self, - repo_url: &str, - app: &GeneratedApp, - branch: &str, - ) -> Result { - // 1. Initialize local git repo - let repo = Repository::init(app.temp_dir()?)?; - - // 2. Add all files - let mut index = repo.index()?; - for file in &app.files { - index.add_path(PathBuf::from(&file.path))?; - } - index.write()?; - - // 3. Create commit - let tree_id = index.write_tree()?; - let tree = repo.find_tree(tree_id)?; - - let sig = repo.signature()?; - let oid = repo.commit( - Some(&format!("refs/heads/{}", branch)), - &sig, - &sig, - &format!("Initial commit: {}", app.description), - &tree, - &[], - )?; - - // 4. Add Forgejo remote - let mut remote = repo.remote( - "origin", - &format!( - "{}", - repo_url.replace("https://", &format!("https://{}@", self.token)) - ), - )?; - - // 5. Push to Forgejo - remote.push(&[format!("refs/heads/{}", branch)], None)?; - - Ok(oid.to_string()) - } - - /// Create CI/CD workflow for the app - pub async fn create_cicd_workflow( - &self, - repo_url: &str, - app_type: AppType, - build_config: BuildConfig, - ) -> Result<(), ForgejoError> { - let workflow = match app_type { - AppType::Htmx => self.generate_htmx_workflow(build_config), - AppType::React => self.generate_react_workflow(build_config), - AppType::Vue => self.generate_vue_workflow(build_config), - }; - - // Create .forgejo/workflows/deploy.yml - // Commit and push - todo!() - } - - fn generate_htmx_workflow(&self, config: BuildConfig) -> String { - r#" -name: Deploy HTMX App - -on: - push: - branches: [main, develop] - -jobs: - deploy: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - - name: Setup Node.js - uses: actions/setup-node@v3 - with: - node-version: '20' - - - name: Install dependencies - run: npm ci - - - name: Build - run: npm run build - - - name: Deploy to server - run: | - # Add deployment commands here - echo "Deploying to production..." -"# - .to_string() - } - - fn generate_react_workflow(&self, config: BuildConfig) -> String { - // Generate React/Vite CI/CD workflow - todo!() - } - - fn generate_vue_workflow(&self, config: BuildConfig) -> String { - // Generate Vue CI/CD workflow - todo!() - } -} - -#[derive(Debug, Clone, Serialize, Deserialize)] -pub struct ForgejoRepo { - pub id: u64, - pub name: String, - pub full_name: String, - pub clone_url: String, - pub html_url: String, -} - -#[derive(Debug, Serialize)] -struct CreateRepoRequest { - name: String, - description: String, - private: bool, - auto_init: bool, - #[serde(skip_serializing_if = "Option::is_none")] - gitignores: Option, - #[serde(skip_serializing_if = "Option::is_none")] - license: Option, - #[serde(skip_serializing_if = "Option::is_none")] - readme: Option, -} - -#[derive(Debug, Clone, Copy)] -pub enum AppType { - Htmx, - React, - Vue, -} - -#[derive(Debug, Clone)] -pub struct BuildConfig { - pub node_version: String, - pub build_command: String, - pub output_directory: String, -} - -#[derive(Debug)] -pub enum ForgejoError { - HttpError(String), - JsonError(String), - ApiError(String), - GitError(String), -} -``` - -**API Endpoints:** -```rust -// botserver/src/deployment/api.rs - -use axum::{ - extract::State, - response::Json, - routing::{get, post}, - Router, Json as ResponseJson, -}; - -use crate::core::shared::state::AppState; - -pub fn configure_deployment_routes() -> Router> { - Router::new() - // Get deployment targets (internal vs external) - .route("/api/deployment/targets", get(get_deployment_targets)) - - // Deploy app - .route("/api/deployment/deploy", post(deploy_app)) - - // Get deployment status - .route("/api/deployment/status/:id", get(get_deployment_status)) - - // Forgejo repositories - .route("/api/deployment/forgejo/repos", get(list_forgejo_repos)) - .route("/api/deployment/forgejo/create-repo", post(create_forgejo_repo)) - - // CI/CD workflows - .route("/api/deployment/forgejo/workflows", get(list_workflows)) - .route("/api/deployment/forgejo/workflows/create", post(create_workflow)) -} - -pub async fn get_deployment_targets( - State(_state): State>, -) -> Json { - Json(serde_json::json!({ - "targets": [ - { - "id": "internal", - "name": "GB Platform", - "description": "Deploy to the GB platform with shared resources", - "features": [ - "Fast deployment", - "Shared authentication", - "Shared database", - "API integration", - "Instant scaling" - ], - "icon": "πŸ“±" - }, - { - "id": "external", - "name": "Forgejo ALM", - "description": "Deploy to an external Forgejo repository with CI/CD", - "features": [ - "Independent deployment", - "Custom domain", - "Version control", - "CI/CD pipelines", - "Separate infrastructure" - ], - "icon": "🌐" - } - ] - })) -} - -pub async fn deploy_app( - State(state): State>, - ResponseJson(payload): ResponseJson, -) -> Result, DeploymentError> { - let router = state.deployment_router.clone(); - - let config = DeploymentConfig { - app_name: payload.app_name, - target: payload.target, - environment: payload.environment.unwrap_or(DeploymentEnvironment::Production), - }; - - let generated_app = generate_app_from_manifest(&payload.manifest).await?; - - let result = router.deploy(config, generated_app).await?; - - Ok(Json(result)) -} - -#[derive(Debug, Deserialize)] -pub struct DeploymentRequest { - pub app_name: String, - pub target: DeploymentTarget, - pub environment: Option, - pub manifest: serde_json::Value, -} -``` - -**Estimated Effort:** 20-24 hours - ---- - -### Phase 0.3: Deployment UI in Vibe (P0 - CRITICAL) - -**Goal:** Add deployment choice UI to Vibe Builder - -**File:** `botui/ui/suite/partials/vibe-deployment.html` - -```html - - - - - - -``` - -**Integration into Vibe:** -```javascript -// In vibe.html, add deployment button to the canvas header: - -
- // DASHBOARD > // ${currentProject} - -
-``` - -**Estimated Effort:** 8-10 hours - ---- - -## Part III: MCP Integration - -**Priority:** 🟑 **HIGH** - Leverage existing infrastructure - -### What Already Exists - -**Backend Implementation:** -``` -botserver/src/sources/ -β”œβ”€β”€ mod.rs # Module exports -β”œβ”€β”€ mcp.rs # MCP client, connection, server types -β”œβ”€β”€ ui.rs # HTML pages for /suite/sources/* -β”œβ”€β”€ knowledge_base.rs # Knowledge base upload/query -└── sources_api # API endpoints -``` - -**API Endpoints (40+ endpoints):** -``` -/suite/sources: - - Main sources list page - - MCP server catalog - - Add MCP server form - -/api/ui/sources/*: - - /api/ui/sources/mcp - List MCP servers - - /api/ui/sources/mcp/:name/enable - Enable server - - /api/ui/sources/mcp/:name/tools - List tools - - /api/ui/sources/kb/query - Query knowledge base - - /api/ui/sources/repositories - List repos - - /api/ui/sources/apps - List apps -``` - -### Integration Task: Add MCP Panel to Vibe - -**Goal:** Show connected MCP servers in Vibe sidebar - -**Files to Create:** -1. `botui/ui/suite/partials/vibe-mcp-panel.html` - MCP panel UI -2. `botui/ui/suite/js/vibe-mcp.js` - Server management JavaScript -3. `botui/ui/suite/vibe/mcp-panel.css` - Styling - -**Features:** -- List connected MCP servers -- Show server status (active/inactive) -- Display available tools per server -- Quick enable/disable toggles -- "Add Server" button (opens `/suite/sources/mcp/add`) - -**Estimated Effort:** 6-8 hours - ---- - -## Part IV: Professional Development Tools - -### Phase 1: Code Editor Integration (P0 - Critical) - -**Goal:** Replace textarea with Monaco Editor - -**Tasks:** - -1. **Download Monaco Editor** - ```bash - cd botui - npm install monaco-editor@0.45.0 - cp -r node_modules/monaco-editor min/vs ui/suite/js/vendor/ - ``` - -2. **Create Editor Component** - - `botui/ui/suite/partials/editor.html` - - Monaco container with tab bar - - File tree sidebar - - Save/Publish buttons - -3. **Editor JavaScript** - - `botui/ui/suite/js/editor.js` - - Monaco initialization - - Language detection (.html, .css, .js, .bas, .json) - - Tab management (open, close, switch) - - Auto-save with WebSocket sync - -4. **API Endpoints** - - `botserver/src/api/editor.rs` - - GET `/api/editor/file/{path}` - Read file - - POST `/api/editor/file/{path}` - Save file - - GET `/api/editor/files` - List files - -5. **Integration** - - Update `chat-agent-mode.html` - replace textarea with Monaco - - Update `vibe.html` - add editor panel - - Add keyboard shortcuts (Ctrl+S, Ctrl+P, Ctrl+Shift+F) - -**Success Criteria:** -- Monaco loads in < 2 seconds -- Syntax highlighting for 5+ languages -- Multi-file tabs work -- Auto-save completes successfully - -**Estimated Effort:** 8-12 hours - ---- - -### Phase 2: Database UI & Schema Visualization (P0 - Critical) - -**Goal:** Visual database management and query builder - -**Tasks:** - -1. **Schema Visualizer Component** - - `botui/ui/suite/partials/database.html` - - Canvas-based ER diagram - - Table cards with fields - - Relationship lines (foreign keys) - - Zoom/pan controls - -2. **Database JavaScript** - - `botui/ui/suite/js/database.js` - - Fetch schema: `/api/database/schema` - - Render tables using Canvas API - - Click table β†’ show field details - - Drag to rearrange - -3. **Query Builder UI** - - Visual SELECT builder - - Table selection dropdown - - Join interface - - Filter conditions - - SQL preview pane - -4. **Data Grid** - - Sortable columns - - Inline editing - - Pagination - - Export (CSV/JSON) - -5. **Backend API** - - `botserver/src/api/database.rs` - - GET `/api/database/schema` - Tables, fields, relationships - - GET `/api/database/table/{name}/data` - Paginated data - - POST `/api/database/query` - Execute SQL - - POST `/api/database/table/{name}/row` - Insert/update - - DELETE `/api/database/table/{name}/row/{id}` - Delete - -**Success Criteria:** -- ER diagram shows all tables -- Query builder generates valid SQL -- Data grid supports inline edits -- Export works correctly - -**Estimated Effort:** 16-20 hours - ---- - -### Phase 3: Git Operations UI (P1 - High Priority) - -**Goal:** Version control interface in Vibe - -**Tasks:** - -1. **Git Status Panel** - - `botui/ui/suite/partials/git-status.html` - - File list with status icons - - Stage/unstage checkboxes - - "Commit" button - -2. **Diff Viewer** - - `botui/ui/suite/partials/git-diff.html` - - Side-by-side comparison - - Line highlighting (green/red) - - Syntax highlighting - -3. **Commit Interface** - - Message input - - "Commit & Push" button - - Progress indicator - -4. **Branch Manager** - - Branch dropdown - - "New Branch" dialog - - Switch/delete actions - -5. **Commit Timeline** - - Vertical timeline - - Author, date, message - - Click β†’ view diff - -6. **Backend API** - - `botserver/src/api/git.rs` - - GET `/api/git/status` - Git status - - GET `/api/git/diff/{file}` - File diff - - POST `/api/git/commit` - Create commit - - POST `/api/git/push` - Push to remote - - GET `/api/git/branches` - List branches - - POST `/api/git/branch/{name}` - Create/switch - - GET `/api/git/log` - Commit history - -**NEW: Forgejo-Specific Operations** -- View Forgejo repository status -- Sync with Forgejo remote -- View CI/CD pipeline status -- Trigger manual builds - -**Success Criteria:** -- Git status displays correctly -- Diff viewer shows side-by-side -- Commit workflow works end-to-end -- Branch switching succeeds - -**Estimated Effort:** 12-16 hours - ---- - -### Phase 4: Browser Automation Engine (P1 - High Priority) - -**Goal:** Pure Rust browser automation for testing & recording - -**Why Rust + Chromiumoxide:** -- βœ… Already in workspace: `chromiumoxide = "0.7"` -- βœ… No Node.js dependency -- βœ… Feature flag exists: `browser` in botserver/Cargo.toml -- βœ… Reference implementation: bottest/src/web/browser.rs (1000+ lines) - -**Tasks:** - -1. **Core Browser Module** - - `botserver/src/browser/mod.rs` - - `BrowserSession` - Manage browser instance - - `BrowserManager` - Session lifecycle - - Methods: `navigate()`, `click()`, `fill()`, `screenshot()`, `execute()` - - ```rust - pub struct BrowserSession { - id: String, - browser: Arc, - page: Arc>, - created_at: DateTime, - } - - impl BrowserSession { - pub async fn new(headless: bool) -> Result; - pub async fn navigate(&self, url: &str) -> Result<()>; - pub async fn click(&self, selector: &str) -> Result<()>; - pub async fn fill(&self, selector: &str, text: &str) -> Result<()>; - pub async fn screenshot(&self) -> Result>; - pub async fn execute(&self, script: &str) -> Result; - } - ``` - -2. **Action Recorder** - - `botserver/src/browser/recorder.rs` - - `RecordedAction` - Navigate, Click, Fill, Wait, Assert - - `ActionRecorder` - Record/stop/export - - Export as Playwright test - - ```rust - #[derive(Serialize, Deserialize)] - pub struct RecordedAction { - pub timestamp: i64, - pub action_type: ActionType, - pub selector: Option, - pub value: Option, - } - - impl ActionRecorder { - pub fn start(&mut self); - pub fn stop(&mut self) -> Vec; - pub fn export_test_script(&self) -> String; - } - ``` - -3. **Test Validator** - - `botserver/src/browser/validator.rs` - - Check for flaky selectors - - Validate wait conditions - - Suggest improvements via Designer AI - -4. **Browser API** - - `botserver/src/browser/api.rs` - - POST `/api/browser/session` - Create session - - POST `/api/browser/session/:id/execute` - Run action - - GET `/api/browser/session/:id/screenshot` - Capture - - POST `/api/browser/session/:id/record/start` - Start recording - - POST `/api/browser/session/:id/record/stop` - Stop & get actions - - GET `/api/browser/session/:id/record/export` - Export test - -5. **Vibe UI - Browser Panel** - - `botui/ui/suite/partials/browser-controls.html` - - URL bar with navigation buttons - - Record/Stop/Export buttons - - Actions timeline - - Browser preview iframe - - Screenshot gallery - - - `botui/ui/suite/js/browser.js` - ```javascript - let currentSessionId = null; - let isRecording = false; - let recordedActions = []; - - async function initBrowser() { - const resp = await fetch('/api/browser/session', { - method: 'POST', - body: JSON.stringify({ headless: false }) - }); - currentSessionId = (await resp.json()).id; - } - - async function browserNavigate(url) { - if (isRecording) { - recordedActions.push({ - type: 'navigate', - value: url, - timestamp: Date.now() - }); - } - await executeAction('navigate', { url }); - } - - async function browserClick(selector) { - if (isRecording) { - recordedActions.push({ - type: 'click', - selector: selector, - timestamp: Date.now() - }); - } - await executeAction('click', { selector }); - } - - async function exportTest() { - const resp = await fetch(`/api/browser/session/${currentSessionId}/record/export`); - const data = await resp.json(); - - // Download test file - const blob = new Blob([data.script], { type: 'text/javascript' }); - const a = document.createElement('a'); - a.href = URL.createObjectURL(blob); - a.download = `test-${Date.now()}.spec.js`; - a.click(); - } - ``` - - - `botui/ui/suite/css/browser.css` - - Browser panel styling - - Recording indicator animation - - Actions timeline - - Screenshot gallery grid - -6. **Integration with Vibe** - - Add "Browser Automation" button to Vibe toolbar - - Load browser-controls.html in panel - - Element picker for selector capture - - Screenshot capture & gallery - -**Usage Example:** -```javascript -// In Vibe UI -openBrowserPanel(); -toggleRecording(); // Start recording -browserNavigate('http://localhost:3000/my-crm'); -browserClick('#create-btn'); -browserFill('#name', 'Test'); -browserClick('#save-btn'); -toggleRecording(); // Stop recording -exportTest(); // Download test-123.spec.js -``` - -**Generated Test Output:** -```javascript -import { test, expect } from '@playwright/test'; - -test('Recorded test', async ({ page }) => { - await page.goto('http://localhost:3000/my-crm'); - await page.click('#create-btn'); - await page.fill('#name', 'Test'); - await page.click('#save-btn'); -}); -``` - -**Success Criteria:** -- Can navigate to any URL -- Element picker captures selectors -- Recording generates valid Playwright tests -- Screenshots capture correctly - -**Estimated Effort:** 20-24 hours - ---- - -### Phase 5: Multi-File Editing Workspace (P2 - Medium Priority) - -**Goal:** Professional multi-file editing - -**Tasks:** - -1. **Tab Management** - - File tabs with close buttons - - Active tab highlighting - - Tab overflow scrolling - - Drag to reorder - -2. **Split-Pane Layout** - - Split horizontal/vertical buttons - - Resize handles - - 2x2 grid max - -3. **File Comparison** - - Side-by-side diff - - Line-by-line navigation - - Copy changes (Lβ†’R) - -4. **File Tree Sidebar** - - Nested folders - - File type icons - - Expand/collapse - - Double-click to open - -5. **Quick Open** - - Ctrl+P β†’ Search files - - Fuzzy matching - - Arrow navigation - -6. **Project Search** - - Ctrl+Shift+F β†’ Search all files - - Results with line numbers - - Click to open file - -**Success Criteria:** -- 10+ files open in tabs -- Split view works (2-4 panes) -- File comparison displays diffs -- Quick open searches files - -**Estimated Effort:** 12-16 hours - ---- - -### Phase 6: Enhanced Terminal (P2 - Medium Priority) - -**Goal:** Interactive shell in Vibe - -**Tasks:** - -1. **Terminal Container** - - xterm.js integration (already vendor file) - - Multiple terminal tabs - - Fit addon for auto-resize - -2. **WebSocket Terminal** - - Bi-directional WebSocket: `/ws/terminal/{session_id}` - - Protocol: `{"type": "input", "data": "command\n"}` - - Handle ANSI escape codes - -3. **Command History** - - Up/Down arrows - - Ctrl+R search - - Persist in localStorage - -4. **Command Completion** - - Tab completion - - File path completion - - Command flags - -5. **Backend Terminal Server** - - Spawn PTY per session - - WebSocket handler - - Clean up on disconnect - -6. **File Transfer** - - Drag file to upload - - `upload` / `download` commands - - Progress bars - -**Success Criteria:** -- Can type commands & see output -- Arrow keys navigate history -- Can run vim, top, etc. -- Multiple terminals work - -**Estimated Effort:** 10-14 hours - ---- - -### Phase 7: Advanced CRM Templates (P2 - Medium Priority) - -**Goal:** Pre-built CRM accelerators - -**Tasks:** - -1. **Template System** - - `botserver/src/templates/crm/` - - Template JSON definitions - - Prompt templates - - Field libraries - -2. **CRM Templates** - - **Sales CRM** - - Tables: contacts, leads, opportunities, accounts, activities - - Pages: dashboard, pipeline, contacts list - - Tools: lead_scoring, email_automation - - Schedulers: daily_summary, weekly_review - - - **Real Estate CRM** - - Tables: properties, clients, showings, offers - - Pages: property gallery, client portal - - Tools: mls_sync, showing_scheduler - - Schedulers: showing_reminders, market_update - - - **Healthcare CRM** - - Tables: patients, appointments, treatments, insurance - - Pages: patient portal, appointment scheduler - - Tools: insurance_verification, appointment_reminders - - Schedulers: daily_appointments, insurance_alerts - -3. **Template Gallery UI** - - `botui/ui/suite/partials/template-gallery.html` - - Template cards with descriptions - - Preview screenshots - - "Use Template" button - -4. **Template Generator** - - Load template JSON - - Customize with user details - - Generate all files - - Deploy to /apps/{name} (internal) OR Forgejo (external) - -**NEW: Dual Deployment Support** -- Internal deployment templates (use GB APIs) -- External deployment templates (standalone with CI/CD) - -**Success Criteria:** -- Can select template from gallery -- Template generates full CRM -- Customization works -- Generated CRM is functional - -**Estimated Effort:** 20-24 hours - ---- - -## Part V: Architecture Diagrams - -### Vibe UI Layout - -``` -β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” -β”‚ VIBE BUILDER β”‚ -β”œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€ -β”‚ β”‚ PIPELINE TABS β”‚ -β”‚ AGENTS β”‚ [PLAN] [BUILD] [REVIEW] [DEPLOY] [MONITOR] β”‚ -β”‚ SIDEBAR β”œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€ -β”‚ β”‚ β”‚ -β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚ CANVAS AREA β”‚ -β”‚ β”‚Mantis #1β”‚ β”‚ - Task nodes (horizontal flow) β”‚ -β”‚ β”‚ EVOLVED β”‚ β”‚ - Preview panel β”‚ -β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚ - Chat overlay β”‚ -β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚ β”‚ -β”‚ β”‚Mantis #2β”‚ β”‚ [DEPLOYMENT BUTTON] β”‚ -β”‚ β”‚ BRED β”‚ β”‚ β”‚ -β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚ β”‚ -β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚ β”‚ -β”‚ β”‚Mantis #3β”‚ β”‚ β”‚ -β”‚ β”‚ WILD β”‚ β”‚ β”‚ -β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚ β”‚ -β”‚ β”‚ β”‚ -β”‚ [+ NEW AGENT] β”‚ β”‚ -β”œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€ β”‚ -β”‚ WORKSPACES β”‚ β”‚ -β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚ β”‚ -β”‚ β”‚E-Commerceβ”‚ β”‚ β”‚ -β”‚ β”‚ App β”‚ β”‚ β”‚ -β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚ β”‚ -β”‚ β”‚ β”‚ -β”‚ [+ PROJECT] β”‚ β”‚ -β”œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€ β”‚ -β”‚ SOURCES β”‚ [MCP Integration] β”‚ -β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚ β”‚ -β”‚ β”‚πŸ”Œ GitHub β”‚ β”‚ β”‚ -β”‚ β”‚ MCP β”‚ β”‚ β”‚ -β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚ β”‚ -β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚ β”‚ -β”‚ β”‚πŸ—„οΈ Postgresβ”‚ β”‚ β”‚ -β”‚ β”‚ MCP β”‚ β”‚ β”‚ -β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚ β”‚ -β”‚ β”‚ β”‚ -β”‚ [+ ADD MCP] β”‚ β”‚ -β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ -``` - ---- - -## Part VI: Implementation Phases - -### Milestone 0: Security & Deployment Infrastructure (Week 0) - -**Day 1-2:** Security Fixes -- Fix all unsafe `unwrap()` calls -- Address dependency vulnerabilities -- Verify CSRF & security headers - -**Day 3-4:** Deployment Router -- `botserver/src/deployment/mod.rs` -- DeploymentTarget enum -- DeploymentRouter implementation - -**Day 5-6:** Forgejo Integration -- `botserver/src/deployment/forgejo.rs` -- ForgejoClient implementation -- CI/CD workflow generation - -**Day 7:** Deployment UI -- `botui/ui/suite/partials/vibe-deployment.html` -- Deployment modal -- Integration into Vibe - -**Success Criteria:** -- βœ… Zero `unwrap()` in production code -- βœ… `cargo audit` passes -- βœ… Can deploy internally to /apps/{name} -- βœ… Can deploy externally to Forgejo -- βœ… CI/CD pipeline auto-generates - ---- - -### Milestone 1: Core Editor (Week 1) - -- Phase 1 complete (Monaco integration) - -**Success Criteria:** -- Monaco loads < 2 seconds -- 5+ syntax highlighters work -- Multi-file tabs functional - ---- - -### Milestone 2: Database & Git (Week 2) - -- Phase 2 complete (Database UI) -- Phase 3 complete (Git Operations + Forgejo) - -**Success Criteria:** -- Schema visualizer displays all tables -- Query builder generates valid SQL -- Git status shows changed files -- Forgejo sync works - ---- - -### Milestone 3: Browser & Workspace (Week 3) - -- Phase 4 complete (Browser Automation) -- Phase 5 complete (Multi-File Editing) - -**Success Criteria:** -- Can navigate to any URL -- Recording generates valid tests -- 10+ files open in tabs -- Split view supports 2-4 panes - ---- - -### Milestone 4: Terminal & Templates (Week 4) - -- Phase 6 complete (Enhanced Terminal) -- Phase 7 complete (CRM Templates) - -**Success Criteria:** -- Interactive shell works -- Multiple terminals run simultaneously -- 3+ CRM templates available -- Generation takes < 30 seconds - ---- - -## Part VII: File Organization - -### Botserver (Backend) - -``` -botserver/src/ - deployment/ # NEW - Deployment infrastructure - mod.rs # DeploymentRouter - forgejo.rs # ForgejoClient - api.rs # Deployment API endpoints - templates.rs # CI/CD workflow templates - api/ - editor.rs # NEW - Code editor API - database.rs # NEW - Database UI API - git.rs # NEW - Git operations API - browser/ - mod.rs # NEW - BrowserSession, BrowserManager - recorder.rs # NEW - ActionRecorder - validator.rs # NEW - TestValidator - api.rs # NEW - HTTP endpoints - test_generator.rs # NEW - Test script generator - templates/ # NEW - CRM templates - crm/ - sales.json - real_estate.json - healthcare.json - mod.rs - sources/ # EXISTING - MCP integration - mod.rs - mcp.rs - ui.rs - knowledge_base.rs -``` - -### Botui (Frontend) - -``` -botui/ui/suite/ - partials/ - vibe.html # EXISTING - Main Vibe UI - vibe-deployment.html # NEW - Deployment modal - vibe-mcp-panel.html # NEW - MCP panel - editor.html # NEW - Code editor - database.html # NEW - Database UI - git-status.html # NEW - Git status - git-diff.html # NEW - Diff viewer - browser-controls.html # NEW - Browser automation - terminal.html # NEW - Terminal - template-gallery.html # NEW - Template gallery - js/ - deployment.js # NEW - Deployment logic - editor.js # NEW - Monaco integration - database.js # NEW - Database UI - git.js # NEW - Git operations - browser.js # NEW - Browser automation - terminal.js # NEW - Terminal - templates.js # NEW - Templates - css/ - deployment.css # NEW - Deployment styles - editor.css # NEW - Editor styles - database.css # NEW - Database styles - git.css # NEW - Git styles - browser.css # NEW - Browser styles - terminal.css # NEW - Terminal styles - templates.css # NEW - Template styles - vibe/ - agents-sidebar.css # EXISTING - mcp-panel.css # NEW - MCP panel styles -``` - ---- - -## Part VIII: Testing Strategy - -### Unit Tests -- All new modules need unit tests -- Test coverage > 80% -- Location: `botserver/src//tests.rs` - -### Integration Tests -- End-to-end workflows -- Location: `bottest/tests/integration/` - -### E2E Tests -- Use chromiumoxide (bottest infrastructure) -- Location: `bottest/tests/e2e/` -- Test scenarios: - - Generate CRM from template - - Deploy internally to /apps/{name} - - Deploy externally to Forgejo - - Edit in Monaco editor - - View database schema - - Create git commit - - Record browser test - ---- - -## Part IX: Rollout Plan - -### Week 0: Security & Deployment (CRITICAL) -- **Day 1-2:** Security fixes -- **Day 3-4:** Deployment Router -- **Day 5-6:** Forgejo Integration -- **Day 7:** Deployment UI - -### Week 1: Code Editor -- Monaco integration -- File tree -- Tab management - -### Week 2: Database & Git -- Schema visualizer -- Query builder -- Git operations -- Forgejo sync - -### Week 3: Browser & Workspace -- Browser automation UI -- Multi-file editing -- Split-pane layout - -### Week 4: Terminal & Templates -- Enhanced terminal -- CRM templates -- Template gallery - ---- - -## Part X: Success Metrics - -### Security Milestones -- βœ… Zero `unwrap()` in production code -- βœ… `cargo audit` passes -- βœ… All endpoints have CSRF + security headers - -### Deployment Infrastructure -- βœ… Internal deployment < 30 seconds -- βœ… External Forgejo deployment < 2 minutes -- βœ… CI/CD pipeline auto-generates -- βœ… Both models accessible from Vibe UI - -### MCP Integration -- βœ… MCP panel visible in Vibe sidebar -- βœ… Can enable/disable servers -- βœ… Can view available tools -- βœ… Can add new servers - -### Code Editor -- Monaco loads < 2 seconds -- 5+ syntax highlighters work -- Multi-file tabs functional -- Auto-save succeeds - -### Database UI -- Schema visualizer displays all tables -- Query builder generates valid SQL -- Data grid supports inline edits -- Export works correctly - -### Git Operations -- Git status shows changed files -- Diff viewer shows side-by-side -- Commit workflow works end-to-end -- Forgejo sync succeeds - -### Browser Automation -- Can navigate to any URL -- Element picker captures selectors -- Recording generates valid tests -- Screenshots capture correctly - -### Multi-File Workspace -- 10+ files open in tabs -- Split view supports 2-4 panes -- File comparison works -- Project search is fast (< 1s for 100 files) - -### Terminal -- Interactive shell works -- Can run vim, top, etc. -- Multiple terminals run simultaneously -- File transfer works - -### CRM Templates -- 3+ CRM templates available -- Generation takes < 30 seconds -- Generated CRMs are fully functional -- Industry-specific features work - ---- - -## Conclusion - -The VibeCode platform has a **powerful backend** capable of generating full applications via LLM. The main gaps are in **frontend user experience**, **security hardening**, and **deployment routing**. - -**Critical Path:** -1. ⚠️ **Week 0:** Security fixes + Deployment infrastructure -2. πŸ”Œ **Week 0.5:** MCP integration in Vibe -3. πŸ“ **Week 1:** Monaco code editor -4. πŸ—„οΈ **Week 2:** Database UI + Git operations -5. 🌐 **Week 3:** Browser automation + Multi-file workspace -6. πŸ–₯️ **Week 4:** Terminal + CRM templates - -Once these phases are complete, VibeCode will match or exceed Claude Code's capabilities while offering: - -βœ… **Dual deployment model** (Internal GB Apps + External Forgejo Projects) -βœ… **Multi-user SaaS deployment** -βœ… **Visual app building** (Vibe Builder) -βœ… **Enterprise-grade multi-agent orchestration** -βœ… **Pure Rust backend** (no Node.js dependency) -βœ… **Integrated MCP servers** (extensible tools) -βœ… **Integrated browser automation** (chromiumoxide) -βœ… **Professional development environment** - -**Total Estimated Effort:** 165-205 hours (~4-5 weeks with 1 developer) - ---- - -## Appendix: Code Quality Standards - -**MUST Follow (per AGENTS.md):** -1. βœ… **Error Handling** - NO panics, use `?` operator -2. βœ… **Safe Commands** - Use `SafeCommand` wrapper -3. βœ… **Error Sanitization** - Use `ErrorSanitizer` -4. βœ… **SQL Safety** - Use `sql_guard` -5. βœ… **Rate Limiting** - Per-IP and per-User limits -6. βœ… **CSRF Protection** - CSRF tokens on state-changing endpoints -7. βœ… **Security Headers** - CSP, HSTS, X-Frame-Options -8. βœ… **No CDNs** - All assets local -9. βœ… **File Size** - Max 450 lines per file -10. βœ… **Clippy Clean** - 0 warnings, no `#[allow()]` - ---- - -## Appendix: Dependencies - -### Backend (Already in Workspace) - -```toml -[dependencies] -chromiumoxide = "0.7" # Browser automation -tokio = "1.41" # Async runtime -axum = "0.7" # HTTP framework -diesel = "2.1" # Database -git2 = "0.18" # Git operations -reqwest = { version = "0.11", features = ["json"] } # HTTP client -``` - -### Frontend (Download & Serve Locally) - -```bash -# Code editor -npm install monaco-editor@0.45.0 - -# Terminal (already vendor file exists) -# xterm.js@5.3.0 -``` - ---- - -**Document Version:** 3.0 -**Last Updated:** 2025-02-28 -**Status:** Ready for Implementation \ No newline at end of file diff --git a/zap.md b/zap.md deleted file mode 100644 index e9b74b2..0000000 --- a/zap.md +++ /dev/null @@ -1,299 +0,0 @@ -# WhatsApp - Bot Salesianos -respeitar AGENTS.md -## Status: Operacional - -| Campo | Valor | -|-------|-------| -| Bot ID | `32c579e5-609b-4a07-8599-4e0fccc4d764` | -| Phone | +15558293147 | -| Phone ID | 323250907549153 | -| Business ID | 1261667644771701 | - ---- - -## Comandos - -- `/clear` - Limpa histΓ³rico da conversa - ---- - -## Streaming - -1. Mensagens sem lista: enviar a cada 3 parΓ‘grafos -2. Mensagens com lista: **ISOLAR como mensagem ΓΊnica** (sem texto antes ou depois) -3. Limite mΓ‘ximo: 4000 caracteres por mensagem - -### Exemplo de Agrupamento Correto - -**Resposta completa do bot:** -``` -OlΓ‘! 😊 - -Infelizmente, nΓ£o tenho a informação especΓ­fica sobre o horΓ‘rio de funcionamento da Escola Salesiana no momento. - -Para obter essa informação, vocΓͺ pode: -1. *Entrar em contato com a secretaria* - Posso te ajudar a enviar uma mensagem perguntando sobre os horΓ‘rios -2. *Agendar uma visita* - Assim vocΓͺ conhece a escola pessoalmente e obtΓ©m todas as informaçáes necessΓ‘rias - -Gostaria que eu te ajudasse com alguma dessas opçáes? Se quiser entrar em contato com a secretaria, preciso apenas de: -- Seu nome -- Telefone -- Email -- Sua pergunta sobre os horΓ‘rios - -Ou, se preferir, posso agendar uma visita para vocΓͺ conhecer a escola! 🏫 - -O que prefere? -``` - -**Deve ser enviado como 5 mensagens separadas:** - -**Mensagem 1:** -``` -OlΓ‘! 😊 - -Infelizmente, nΓ£o tenho a informação especΓ­fica sobre o horΓ‘rio de funcionamento da Escola Salesiana no momento. - -Para obter essa informação, vocΓͺ pode: -``` - -**Mensagem 2 (LISTA ISOLADA):** -``` -1. *Entrar em contato com a secretaria* - Posso te ajudar a enviar uma mensagem perguntando sobre os horΓ‘rios -2. *Agendar uma visita* - Assim vocΓͺ conhece a escola pessoalmente e obtΓ©m todas as informaçáes necessΓ‘rias -``` - -**Mensagem 3:** -``` -Gostaria que eu te ajudasse com alguma dessas opçáes? Se quiser entrar em contato com a secretaria, preciso apenas de: -``` - -**Mensagem 4 (LISTA ISOLADA):** -``` -- Seu nome -- Telefone -- Email -- Sua pergunta sobre os horΓ‘rios -``` - -**Mensagem 5:** -``` -Ou, se preferir, posso agendar uma visita para vocΓͺ conhecer a escola! 🏫 - -O que prefere? -``` - -**Regras:** -- βœ… Cada lista = **1 mensagem ISOLADA** (nunca misturar com texto) -- βœ… Texto antes da lista = mensagem separada -- βœ… Texto depois da lista = mensagem separada -- βœ… Listas nunca sΓ£o quebradas no meio - ---- - -## Testar Webhook (Simular Callback) - -Script de teste em `/tmp/test_whatsapp.sh`: - -```bash -#!/bin/bash -# Testa o webhook do WhatsApp simulando uma mensagem - -BOT_ID="32c579e5-609b-4a07-8599-4e0fccc4d764" -FROM="5521972102162" # NΓΊmero de teste - -curl -X POST "http://localhost:8080/webhook/whatsapp/${BOT_ID}" \ - -H "Content-Type: application/json" \ - -d '{ - "object": "whatsapp_business_account", - "entry": [{ - "id": "1261667644771701", - "changes": [{ - "field": "messages", - "value": { - "messaging_product": "whatsapp", - "metadata": { - "display_phone_number": "15558293147", - "phone_number_id": "323250907549153" - }, - "contacts": [{ - "wa_id": "'${FROM}'", - "profile": { "name": "Teste Usuario" } - }], - "messages": [{ - "id": "test_msg_'$(date +%s)'", - "from": "'${FROM}'", - "timestamp": "'$(date +%s)'", - "type": "text", - "text": { "body": "OlΓ‘, como posso ajudar?" } - }] - } - }] - }] - }' -``` - -Executar teste: -```bash -bash /tmp/test_whatsapp.sh -``` - ---- - -## Testar Comando /clear - -```bash -BOT_ID="32c579e5-609b-4a07-8599-4e0fccc4d764" -FROM="5521972102162" - -curl -X POST "http://localhost:8080/webhook/whatsapp/${BOT_ID}" \ - -H "Content-Type: application/json" \ - -d '{ - "object": "whatsapp_business_account", - "entry": [{ - "id": "1261667644771701", - "changes": [{ - "field": "messages", - "value": { - "messaging_product": "whatsapp", - "metadata": { - "display_phone_number": "15558293147", - "phone_number_id": "323250907549153" - }, - "contacts": [{ - "wa_id": "'${FROM}'", - "profile": { "name": "Teste Usuario" } - }], - "messages": [{ - "id": "test_clear_'$(date +%s)'", - "from": "'${FROM}'", - "timestamp": "'$(date +%s)'", - "type": "text", - "text": { "body": "/clear" } - }] - } - }] - }] - }' -``` - ---- - -## Debug - -```bash -# Verificar servidor -curl http://localhost:8080/health - -# Monitorar logs -tail -f botserver.log | grep -iE "(whatsapp|Embedding)" - -# Verificar sessΓ΅es ativas (requer acesso ao banco) -# SELECT * FROM user_sessions WHERE bot_id = '32c579e5-609b-4a07-8599-4e0fccc4d764'; -``` - ---- - -## Arquivos Relacionados - -- Config: `/opt/gbo/data/salesianos.gbai/salesianos.gbot/config.csv` -- Handler: `botserver/src/whatsapp/mod.rs` -- Adapter: `botserver/src/core/bot/channels/whatsapp.rs` -- Cache: `botserver/src/llm/cache.rs` - ---- - -## PendΓͺncias - -1. **Implementar suporte a `/webhook/whatsapp/default`** (ver TODO abaixo) -2. Configurar webhook na Meta Business Suite para produção -3. Configurar SSL/TLS no servidor de produção - ---- - -## πŸ“‹ TODO: Default Bot Routing - -### Objetivo -Permitir que a URL `/webhook/whatsapp/default` funcione como roteador dinΓ’mico de bots baseado em comandos de usuΓ‘rio. - -### Comportamento Atual -- βœ… `/webhook/whatsapp/{uuid}` β†’ Rota direta para bot especΓ­fico -- ❌ `/webhook/whatsapp/default` β†’ **FALHA** (espera UUID, nΓ£o aceita "default") - -### Comportamento Desejado -1. `/webhook/whatsapp/default` β†’ Rota para o bot default (`/opt/gbo/data/default.gbai/default.gbot`) -2. Quando usuΓ‘rio digita um `whatsapp-id` (ex: "cristo", "salesianos"): - - Sistema busca bot com essa propriedade no `config.csv` - - Mapeia `phone_number` β†’ `bot_id` na sessΓ£o/cache - - Troca de bot para aquela sessΓ£o -3. Mensagens subsequentes daquele `phone_number` sΓ£o roteadas para o bot mapeado -4. Se usuΓ‘rio digitar outro `whatsapp-id`, encerra sessΓ£o anterior e abre nova para o novo bot - -### Arquivos a Modificar - -#### 1. `botserver/src/whatsapp/mod.rs` -- **Linha ~178**: Modificar `verify_webhook` e `handle_webhook` - - Mudar `Path(bot_id): Path` β†’ `Path(bot_id): Path` - - Adicionar parsing: `"default"` β†’ buscar UUID do bot default - - Manter parsing UUID para compatibilidade - -#### 2. `botserver/src/whatsapp/mod.rs` -- **Nova função**: `resolve_bot_id(bot_id_str: &str, state: &AppState) -> Result` - - Se `"default"` β†’ retorna UUID do bot default via `get_default_bot()` - - Se UUID vΓ‘lido β†’ retorna UUID - - Caso contrΓ‘rio β†’ erro - -#### 3. `botserver/src/whatsapp/mod.rs` -- **Nova função**: `check_whatsapp_id_routing(message_text: &str, state: &AppState) -> Option` - - Verifica se texto Γ© um comando de troca de bot - - Busca em todos os bots por `whatsapp-id` no `config.csv` - - Retorna bot_id se encontrar match - -#### 4. `botserver/src/whatsapp/mod.rs` -- **Modificar** `process_incoming_message` - - Antes de processar, verificar se mensagem Γ© comando de roteamento - - Se for, atualizar mapeamento `phone` β†’ `bot_id` no cache - - Se nΓ£o for, usar mapeamento existente do cache - -### Bots com whatsapp-id Configurado -- βœ… **cristo.gbot**: `whatsapp-id,cristo` -- ❓ **salesianos.gbot**: verificar se tem whatsapp-id -- βœ… **default.gbot**: nΓ£o tem whatsapp-id (Γ© o roteador) - -### Implementação em Passos - -**Passo 1**: Modificar handlers para aceitar "default" -```rust -// Antes -Path(bot_id): Path - -// Depois -Path(bot_id_str): Path -let bot_id = resolve_bot_id(&bot_id_str, &state)?; -``` - -**Passo 2**: Implementar `resolve_bot_id` -- Buscar `get_default_bot()` quando `bot_id_str == "default"` -- Parse UUID caso contrΓ‘rio - -**Passo 3**: Implementar roteamento dinΓ’mico -- Verificar cache: `phone_number` β†’ `bot_id` -- Se nΓ£o existir, usar bot_id do webhook -- Se mensagem for comando (whatsapp-id), atualizar cache - -**Passo 4**: Testar -```bash -# Teste 1: URL com default -curl -X POST "http://localhost:8080/webhook/whatsapp/default" ... - -# Teste 2: URL com UUID (deve continuar funcionando) -curl -X POST "http://localhost:8080/webhook/whatsapp/32c579e5-609b-4a07-8599-4e0fccc4d764" ... - -# Teste 3: Roteamento por comando -# Enviar mensagem "cristo" β†’ deve rotear para bot cristo -# Enviar mensagem "salesianos" β†’ deve trocar para bot salesianos -``` - -### URLs de Teste -- Localtunnel: `https://bright-bananas-deny.loca.lt/webhook/whatsapp/default` -- Local: `http://localhost:8080/webhook/whatsapp/default`