ia_dev/projects/README.md

# Project-specific configuration

This repo (`ia_dev`) is a **standalone** depot. Project-specific parameters are stored in `projects/<id>/conf.json` (e.g. `projects/lecoffreio/conf.json`). The `<id>` is the project identifier (directory name under `projects/`).

**Paths in conf.json:**
The scripts in `deploy/` deploy and build the **configured projects** (lecoffreio, enso, algo, etc.) in their own directories; they do not deploy ia_dev.

- **Absolute** (required): `project_path`, `build_dirs`, `deploy.scripts_path`, `deploy.deploy_script_path`, `deploy.secrets_path`, `version.package_json_paths` — they point to each project repo.
- **Relative to ia_dev root** (this project): `mail.imap_bridge_env`, `git.token_file`. They point to files under ia_dev’s own `.secrets/`.

## Current project selection

The project **id** (directory name under `projects/`) is resolved by (first match wins):

**1. Explicit parameter**  
Scripts in `deploy/` accept an optional project id as first argument or via `--project <id>` (pousse.sh). When present and `projects/<id>/conf.json` exists, that id is used. Example: `./deploy/pousse.sh lecoffreio`, `./deploy/deploy-by-script-to.sh lecoffreio prod`.

**2. Mail ticketing — "to" address**  
From the **To** address of an email: search all `projects/*/conf.json` for `tickets.authorized_emails.to` equal to that address (case-insensitive). The config may have a single string or a list of env-keyed objects (e.g. `[{ "test": "AI.X.TEST@…", "pprod": "…", "prod": "…" }]`). The matching project directory name is the id.

**3. Request token**  
The token in the request (e.g. Bearer) is matched by scanning all projects and all envs: each `projects/<id>/.secrets/<env>/ia_token` is read and compared (content or content + env). The first match yields the project id and the environment (`test`, `pprod`, `prod`).

Scripts use **parameter** (or **`IA_PROJECT_ID`** env set by scripts), **`MAIL_TO`** (env) or **`AI_AGENT_TOKEN`** (env); they set `PROJECT_ID` and, for token, `PROJECT_ENV`. No other source (no `IA_PROJECT`, no `ai_project_id`, no `.ia_project`).

**Usage unique : standalone.** Tous les scripts sont lancés depuis la racine de ia_dev. Les chemins dans conf sont absolus (sauf `imap_bridge_env` et `token_file`, relatifs à la racine de ia_dev).

## Rule: conf.json is read-only for agents

**Les agents ne doivent pas modifier les fichiers `projects/<id>/conf.json`.** Si un changement de configuration est nécessaire, l’agent doit :

1. **Décrire** clairement la modification : fichier (`projects/<id>/conf.json`), section (ex. `tickets.authorized_emails.from`), ancienne et nouvelle valeur.
2. **Demander** à l’utilisateur soit d’appliquer lui-même la modification, soit de valider pour que l’agent la fasse exceptionnellement.

Exemple : pour autoriser une nouvelle adresse d’expéditeur, proposer « Fichier : `projects/lecoffreio/conf.json`. Modification : ajouter `"nouvelle@adresse.com"` dans le tableau `tickets.authorized_emails.from`. Valides-tu cette modification ? »

## Schema

One JSON file per project: `projects/<id>/conf.json` (e.g. `projects/lecoffreio/conf.json`). The `<id>` is the directory name; the config file is always named `conf.json`.

| Field | Required | Description |
|-------|----------|-------------|
| `id` | no | Project identifier (directory name under `projects/`); default: directory name. |
| `name` | no | Human-readable project name. |
| `project_path` | no | **Absolute** path to the project deploy root (e.g. `/home/desk/code/lecoffre_ng_test/deploy`). |
| `build_dirs` | no | **Absolute** paths to directories where `npm run build` is run. |
| `deploy.scripts_path` | no | **Absolute** path to deploy scripts (e.g. `…/deploy/scripts_v2`). |
| `deploy.deploy_script_path` | no | **Absolute** path to deploy.sh. |
| `deploy.secrets_path` | no | **Absolute** path to the project’s `.secrets` directory. |
| `version.package_json_paths` | no | **Absolute** paths to package.json files to bump. |
| `mail.imap_bridge_env` | no | **Relative to ia_dev root**: path to IMAP bridge env file (e.g. `.secrets/gitea-issues/imap-bridge.env`). |
| `git.token_file` | no | **Relative to ia_dev root**: path to Gitea token file (e.g. `.secrets/gitea-issues/token`). |

| `version` | no | Version/bump configuration; `version.splash_app_name` for splash message template |
| `mail` | no | Mail/imap bridge config; `mail.imap_bridge_env` relative to ia_dev root |
| `git` | no | Git hosting: `wiki_url`, `git.token_file` (relative to ia_dev root). Ticketing URL is under `tickets`, not `git`. |
| `tickets` | no | Ticketing: `ticketing_url` (Gitea issues URL), `authorized_emails` (`to`, `from`). **to** resolves the project id when processing mails; format: string (single address) or list of strings or list of objects keyed by env (e.g. `[{ "test": "AI.X.TEST@…", "pprod": "…", "prod": "…" }]`). **from**: list of allowed sender addresses. See projects/ia_dev/docs/TICKETS_SPOOL_FORMAT.md. |

**.secrets at ia_dev root** (this repo): contains `token` and `gitea-issues/agent-loop.env`, `gitea-issues/imap-bridge.env`. The paths `mail.imap_bridge_env` and `git.token_file` in conf are relative to ia_dev root and point to these files.

The API token for ai_working_help is **not** in conf.json. It is found by scanning all projects and all envs (as described above): each file `projects/<id>/.secrets/<env>/ia_token` is read and the Bearer is compared to the file content or to (file content + env). Token value is **base** + **env**; **env** is the environment name (test, pprod, prod), to be adapted per environment. The first match gives project id and env.

## Example (minimal)

```json
{
  "name": "My App",
  "project_path": "/path/to/project/deploy",
  "build_dirs": ["/path/to/project/deploy/backend", "/path/to/project/deploy/frontend"]
}
```

## Example (full)

See `projects/lecoffreio/conf.json`.