Initial state:
- HTTP proxy utilities (Bearer parsing, hop-by-hop headers, body limits, safe path validation) were duplicated between smart-ide-sso-gateway and smart-ide-global-api.
- IA_DEV_ROOT auto-resolution order differed between bash (ensure-ia-dev-project-link.sh) and TypeScript (ia-dev-gateway getIaDevRoot), and could fall back to non-existing paths.
Motivation:
- Reduce duplication and drift across proxy layers.
- Enforce consistent, explicit IA_DEV_ROOT behavior across scripts and services.
Resolution:
- Add package @4nk/smart-ide-http-utils and reuse it from smart-ide-sso-gateway and smart-ide-global-api.
- Align IA_DEV_ROOT resolution to prefer ./services/ia_dev then ./ia_dev; fail fast when missing/misconfigured.
Root cause:
- Cross-service utilities were implemented ad-hoc in each service.
- Historical layout transitions (ia_dev gitlink vs vendored services/ia_dev) left multiple resolvers with different priorities.
Impacted features:
- HTTP proxy chain (SSO gateway -> global API -> upstream services).
- ia-dev-gateway startup/operation when IA_DEV_ROOT is missing or invalid.
Code modified:
- packages/smart-ide-http-utils/**
- services/smart-ide-global-api/src/server.ts
- services/smart-ide-sso-gateway/src/server.ts
- services/ia-dev-gateway/src/paths.ts
- scripts/ensure-ia-dev-project-link.sh
Documentation modified:
- docs/system-architecture.md
- docs/ia_dev-module.md
- docs/repo/README.md
Configurations modified:
- services/smart-ide-global-api/package.json
- services/smart-ide-sso-gateway/package.json
Files in deploy modified:
- None
Files in logs impacted:
- None (runtime logs only)
Databases and other sources modified:
- None
Off-project modifications:
- None
Files in .smartIde modified:
- None
Files in .secrets modified:
- None
New patch version in VERSION:
- 0.0.6
CHANGELOG.md updated:
- yes
- Add packages/smart-ide-upstreams (versioned dist) for resolveUpstream + listUpstreamKeys
- Wire smart-ide-global-api and smart-ide-sso-gateway via file: dependency
- Add systemd user unit templates and install-smart-ide-gateway-systemd-user.sh (SSO After/Requires global API)
- Update docs and VERSION 0.0.3
- New smart-ide-global-api (127.0.0.1:37149): internal bearer, upstream proxy, X-OIDC forward
- SSO gateway calls global API with GLOBAL_API_INTERNAL_TOKEN; logs to .logs/sso-gateway/
- Aggregated config example, docs, VERSION 0.0.2, claw proxy local URL hint
- New service smart-ide-sso-gateway (port 37148): JWKS verify, /health,
/v1/token/verify, /v1/upstreams, /proxy/<key>/...
- CORS on JSON responses when SSO_CORS_ORIGIN is set; optional empty
bearer for langextract upstream
- Docs: feature, API, repo index; wire sso-docv-enso and services scope
- Extend config/services.local.env.example with OIDC and gateway vars
- Add services-functional-scope.md with consumption matrix and CLI tools
- Cross-link from services, API index, architecture, platform-target, ecosystem, docv-ai, overview
- New service: tools bridge (port 37147) registry + Carbonyl/PageIndex/Chandra POST jobs
- config/services.local.env.example and gitignore for services.local.env
- .env.example for repos-devtools, regex-search, ia-dev-gateway, orchestrator, claw proxy, langextract
- Orchestrator intents: tools.registry, tools.carbonyl.plan, tools.pageindex.run, tools.chandra.ocr
- Docs: API + repo service fiche, architecture index; do not commit dist/
**Motivations:**
- Keep ia_dev/projects/enso/conf.json in sync with projects/enso/conf.json.
**Correctifs:**
- Submodule ia_dev at commit aligning enso remote_data_access with enso-deploy conventions.
**Motivations:**
- Project conf remote_data_access should match deploy script variables (absolute paths on target hosts).
**Correctifs:**
- Replace /var/lib/enso/... placeholders with ENSO_REMOTE_ROOT and default docv dossiers-permanents path.
- Use ssh_host_alias values aligned with ENSO_SSH_HOST per env in enso-deploy.env.example.
**Evolutions:**
- Document optional remote_app_root and script references in remote-deployed-data-ssh.md and projects/README.md.
- Default PULL_SYNC_LOG to logs/git-pull-projects.log; add logs/README and gitignore
- Add services/ia_dev integration README and .env.example
- Replace docs/ia_dev-submodule.md with ia_dev-module.md; update ecosystem and README links
- Point ia_dev submodule to commit with smart_ide_logs.sh
- Copy enso/docs tree to services/docv/enso-docs (refresh via cp -a from enso repo)
- Document mirror and refresh command in services/docv/README.md
- Ignore services/docv/target for local Rust workspace
- Track docv-service-integration, API docv.md, and related doc index updates
**Motivations:**
- 403 No valid api key when users paste Ollama nginx secret into extension
**Root causes:**
- AnythingLLM validates keys only from its DB; nginx Bearer is unrelated
**Correctifs:**
- README and fixKnowledge doc; strip optional Bearer prefix in client
**Evolutions:**
- Extension version 0.1.1
**Pages affectées:**
- extensions/anythingllm-workspaces/*
- docs/fixKnowledge/anythingllm-extension-403-api-key.md
- docs/README.md
**Motivations:**
- Expose AnythingLLM API workspaces from the editor against ia.enso public URL
**Root causes:**
- N/A (new capability)
**Correctifs:**
- N/A
**Evolutions:**
- Extension folder with list/open UI commands and API client
- Docs index and feature note
**Pages affectées:**
- extensions/anythingllm-workspaces/*
- docs/README.md
- docs/features/anythingllm-vscode-extension.md
**Motivations:**
- Operators confuse nginx Bearer with Cursor user API key error.
**Root causes:**
- Cursor validates or routes chat through its backend; custom URL can still fail in-app.
**Correctifs:**
- N/A.
**Evolutions:**
- README Cursor subsection + forum link.
**Pages affectées:**
- deploy/nginx/README-ia-enso.md
**Motivations:**
- DEPLOY_SSH_PROXY_HOST= was overridden by default bastion due to ${VAR:-default}.
**Root causes:**
- Bash treats empty VAR as unset for :- expansion, reapplying 4nk.myftp.biz.
**Correctifs:**
- Use -v / empty check: unset bastion when explicitly empty; default only when unset.
**Evolutions:**
- README and failure hint for LAN direct deploy.
**Pages affectées:**
- deploy/nginx/deploy-ia-enso-to-proxy.sh
- deploy/nginx/README-ia-enso.md
**Motivations:**
- Ollama and AnythingLLM run on 192.168.1.164, not 192.168.1.173.
**Root causes:**
- Previous commit pointed upstreams at the ia host IP by mistake.
**Correctifs:**
- Upstreams back to 192.168.1.164:11434 and :3001; docs aligned.
**Evolutions:**
- N/A.
**Pages affectées:**
- deploy/nginx/sites/ia.enso.4nkweb.com.conf
- deploy/nginx/README-ia-enso.md
- docs/features/ia-enso-nginx-proxy-ollama-anythingllm.md
- docs/infrastructure.md
- docs/services.md
**Motivations:**
- Ollama and AnythingLLM moved from 192.168.1.164 to the ia LAN host.
**Root causes:**
- Upstreams still targeted 192.168.1.164.
**Correctifs:**
- Set upstream servers to 192.168.1.173:11434 and :3001.
**Evolutions:**
- Docs aligned with ia role IP; note to edit site conf if IP changes.
**Pages affectées:**
- deploy/nginx/sites/ia.enso.4nkweb.com.conf
- deploy/nginx/README-ia-enso.md
- docs/features/ia-enso-nginx-proxy-ollama-anythingllm.md
- docs/infrastructure.md
- docs/services.md
