Nicolas Cantu
58cc2493e5
Initial state: - ia_dev was historically referenced as ./ia_dev in docs and integrations, while the vendored module lives under services/ia_dev. - AnythingLLM sync and hook installation had error masking / weak exit signaling. - Proxy layers did not validate proxy path segments, allowing path normalization tricks. Motivation: - Make the IDE-oriented workflow usable (sync -> act -> deploy/preview) with explicit errors. - Reduce security footguns in proxying and script automation. Resolution: - Standardize IA_DEV_ROOT usage and documentation to services/ia_dev. - Add SSH remote data mirroring + optional AnythingLLM ingestion. - Extend AnythingLLM pull sync to support upload-all/prefix and fail on upload errors. - Harden smart-ide-sso-gateway and smart-ide-global-api proxying with safe-path checks and non-leaking error responses. - Improve ia-dev-gateway runner validation and reduce sensitive path leakage. - Add site scaffold tool (Vite/React) with OIDC + chat via sso-gateway -> orchestrator. Root cause: - Historical layout changes (submodule -> vendored tree) and missing central contracts for path resolution. - Missing validation for proxy path traversal patterns. - Overuse of silent fallbacks (|| true, exit 0 on partial failures) in automation scripts. Impacted features: - Project sync: git pull + AnythingLLM sync + remote data mirror ingestion. - Site frontends: SSO gateway proxy and orchestrator intents (rag.query, chat.local). - Agent execution: ia-dev-gateway script runner and SSE output. Code modified: - scripts/remote-data-ssh-sync.sh - scripts/anythingllm-pull-sync/sync.mjs - scripts/install-anythingllm-post-merge-hook.sh - cron/git-pull-project-clones.sh - services/smart-ide-sso-gateway/src/server.ts - services/smart-ide-global-api/src/server.ts - services/smart-ide-orchestrator/src/server.ts - services/ia-dev-gateway/src/server.ts - services/ia_dev/tools/site-generate.sh Documentation modified: - docs/** (architecture, API docs, ia_dev module + integration, scripts) Configurations modified: - config/services.local.env.example - services/*/.env.example Files in deploy modified: - services/ia_dev/deploy/* Files in logs impacted: - logs/ia_dev.log (runtime only) - .logs/* (runtime only) Databases and other sources modified: - None Off-project modifications: - None Files in .smartIde modified: - .smartIde/agents/*.md - services/ia_dev/.smartIde/** Files in .secrets modified: - None New patch version in VERSION: - 0.0.5 CHANGELOG.md updated: - yes
1.4 KiB
1.4 KiB
E2E browser mode (current + next)
Current mode (manual / assisted)
Short-term E2E is manual and uses a terminal browser for fast feedback:
- Carbonyl for previewing the test URL without a GUI browser:
- script:
scripts/open-carbonyl-preview-test.sh - per project config:
projects/<id>/conf.json→smart_ide.preview_urls.test
- script:
Typical workflow:
- Deploy to
test(project workflow /ia_dev). - Open the
testURL in Carbonyl:
./scripts/open-carbonyl-preview-test.sh --project <id>
- Validate critical flows manually (login, navigation, chat proxy calls).
Optional next step (automation)
If manual Carbonyl + system browser is not sufficient, introduce a dedicated service browser-automation-api only when at least one criterion is met (see browser-automation-criteria.md):
- agent-driven reproducible E2E with timeouts + domain allowlist
- controlled scraping (pre-approved URLs)
- headless visual regression on infra without GUI
- rendering capture (PDF/images) for internal pages
Constraints for the future service:
- isolated process (
services/browser-automation-api/) - queue + concurrency limits + strict timeouts
- network allowlist (no arbitrary browsing)
- Bearer auth (service-to-service) + URL logging