Nicolas Cantu
58cc2493e5
Initial state: - ia_dev was historically referenced as ./ia_dev in docs and integrations, while the vendored module lives under services/ia_dev. - AnythingLLM sync and hook installation had error masking / weak exit signaling. - Proxy layers did not validate proxy path segments, allowing path normalization tricks. Motivation: - Make the IDE-oriented workflow usable (sync -> act -> deploy/preview) with explicit errors. - Reduce security footguns in proxying and script automation. Resolution: - Standardize IA_DEV_ROOT usage and documentation to services/ia_dev. - Add SSH remote data mirroring + optional AnythingLLM ingestion. - Extend AnythingLLM pull sync to support upload-all/prefix and fail on upload errors. - Harden smart-ide-sso-gateway and smart-ide-global-api proxying with safe-path checks and non-leaking error responses. - Improve ia-dev-gateway runner validation and reduce sensitive path leakage. - Add site scaffold tool (Vite/React) with OIDC + chat via sso-gateway -> orchestrator. Root cause: - Historical layout changes (submodule -> vendored tree) and missing central contracts for path resolution. - Missing validation for proxy path traversal patterns. - Overuse of silent fallbacks (|| true, exit 0 on partial failures) in automation scripts. Impacted features: - Project sync: git pull + AnythingLLM sync + remote data mirror ingestion. - Site frontends: SSO gateway proxy and orchestrator intents (rag.query, chat.local). - Agent execution: ia-dev-gateway script runner and SSE output. Code modified: - scripts/remote-data-ssh-sync.sh - scripts/anythingllm-pull-sync/sync.mjs - scripts/install-anythingllm-post-merge-hook.sh - cron/git-pull-project-clones.sh - services/smart-ide-sso-gateway/src/server.ts - services/smart-ide-global-api/src/server.ts - services/smart-ide-orchestrator/src/server.ts - services/ia-dev-gateway/src/server.ts - services/ia_dev/tools/site-generate.sh Documentation modified: - docs/** (architecture, API docs, ia_dev module + integration, scripts) Configurations modified: - config/services.local.env.example - services/*/.env.example Files in deploy modified: - services/ia_dev/deploy/* Files in logs impacted: - logs/ia_dev.log (runtime only) - .logs/* (runtime only) Databases and other sources modified: - None Off-project modifications: - None Files in .smartIde modified: - .smartIde/agents/*.md - services/ia_dev/.smartIde/** Files in .secrets modified: - None New patch version in VERSION: - 0.0.5 CHANGELOG.md updated: - yes
Documentation du dépôt (docs/repo/)
Toute la documentation opérationnelle qui vivait auparavant sous des README.md à la racine ou dans cron/, systemd/, projects/, logs/, services/*/, etc. est centralisée ici. Les fichiers README.md restants à ces emplacements ne font que renvoyer vers ces pages pour éviter les doublons.
Convention
- Canonique : fichiers sous
docs/(dontdocs/repo/,docs/features/,docs/API/). - Arbre de code :
README.mdcourts (souvent une ligne + lien) pour les outils qui ouvrent encore le dossier source. - Règles / agents IDE : répertoires
.smartIde/(voir smartide-config-directory.md). - Miroir doc Enso (docv) : l’arborescence volumineuse
services/docv/enso-docs/reste sur le disque sous ce chemin (copie depuis le dépôt enso) ; l’explication du flux de mise à jour est dans docv-enso-docs-mirror.md. Les fichiers enso-docs peuvent encore mentionner.cursor/(doc amont enso).
Index
| Document | Contenu |
|---|---|
| smartide-config-directory.md | Rôle de .smartIde/ (agents, règles, gateway) |
| smart-ide-overview.md | Vision produit, stack IA, monorepo, liens vers l’architecture |
| projects-directory.md | projects/<id>/conf.json, clones vs confs, active-project.json, cron |
| cron-git-pull.md | Pull planifié des clones, config.env, systemd user, alternative cron |
| systemd-units.md | Ollama, AnythingLLM, timer git-pull-project-clones |
| logs-directory.md | Fichiers journaux locaux, .gitignore, origine des logs |
| docv-services-directory.md | Répertoire services/docv/ : contrat d’intégration, chemins données |
| docv-enso-docs-mirror.md | Miroir enso-docs/, commande de resynchronisation |
| ia-dev-smart-ide-integration.md | Module ia_dev dans smart_ide, journaux, liens architecture |
| ia-dev-repository-overview.md | Dépôt ia_dev : agents, scripts deploy, usage standalone |
| ia-dev-project-conf-schema.md | Schéma projects/<id>/conf.json, résolution du projet, règles agents |
| ia-dev-deploy-lib.md | Bibliothèques partagées IA_DEV_ROOT/deploy/lib/ |
| ia-dev-shared-lib.md | IA_DEV_ROOT/lib/project_config.sh et résolution projet |
| Services HTTP (exploitation) | |
| service-repos-devtools.md | Clone / liste / load Git sous racine contrôlée |
| service-anythingllm-devtools.md | AnythingLLM + repos-devtools + RAG initial (HTTP) |
| service-local-office.md | API Office (docx, …) |
| service-smart-ide-orchestrator.md | Routeur d’intentions HTTP |
| service-ia-dev-gateway.md | Gateway ia_dev (agents, runs, SSE) |
| service-agent-regex-search.md | Recherche regex via ripgrep |
| service-claw-harness.md | claw-code, proxy local |
| service-langextract.md | Wrapper LangExtract |
| Scripts et extensions | |
| script-anythingllm-pull-sync.md | Hook post-merge → upload AnythingLLM |
| script-remote-data-ssh-sync.md | SSH pull deployed data → local mirror → optional AnythingLLM ingest |
| service-carbonyl.md | Carbonyl (navigateur terminal), sous-module amont |
| service-pageindex.md | PageIndex (index sémantique vectorless), sous-module amont |
| service-chandra.md | Chandra OCR, sous-module amont |
| service-smart-ide-tools-bridge.md | Pont HTTP IDE + outils sous-modules |
| service-smart-ide-global-api.md | API HTTP interne : proxy vers micro-services (Bearer partagé avec SSO) |
| service-smart-ide-sso-gateway.md | Passerelle OIDC utilisateur → API globale → micro-services |
| ../packages/smart-ide-upstreams/README.md | Paquet @4nk/smart-ide-upstreams : liste des clés et résolution des URL / jetons |
| extension-anythingllm-workspaces.md | Extension AnythingLLM IDE (supprimée ; anythingllm-devtools) |
Les spécifications détaillées (contrats HTTP, sécurité, orchestration) restent dans ../API/README.md et ../features/.