diff --git a/.astro/content.d.ts b/.astro/content.d.ts new file mode 100644 index 00000000..d9eaab41 --- /dev/null +++ b/.astro/content.d.ts @@ -0,0 +1,154 @@ +declare module 'astro:content' { + export interface RenderResult { + Content: import('astro/runtime/server/index.js').AstroComponentFactory; + headings: import('astro').MarkdownHeading[]; + remarkPluginFrontmatter: Record; + } + interface Render { + '.md': Promise; + } + + export interface RenderedContent { + html: string; + metadata?: { + imagePaths: Array; + [key: string]: unknown; + }; + } + + type Flatten = T extends { [K: string]: infer U } ? U : never; + + export type CollectionKey = keyof DataEntryMap; + export type CollectionEntry = Flatten; + + type AllValuesOf = T extends any ? T[keyof T] : never; + + export type ReferenceDataEntry< + C extends CollectionKey, + E extends keyof DataEntryMap[C] = string, + > = { + collection: C; + id: E; + }; + + export type ReferenceLiveEntry = { + collection: C; + id: string; + }; + + export function getCollection>( + collection: C, + filter?: (entry: CollectionEntry) => entry is E, + ): Promise; + export function getCollection( + collection: C, + filter?: (entry: CollectionEntry) => unknown, + ): Promise[]>; + + export function getLiveCollection( + collection: C, + filter?: LiveLoaderCollectionFilterType, + ): Promise< + import('astro').LiveDataCollectionResult, LiveLoaderErrorType> + >; + + export function getEntry< + C extends keyof DataEntryMap, + E extends keyof DataEntryMap[C] | (string & {}), + >( + entry: ReferenceDataEntry, + ): E extends keyof DataEntryMap[C] + ? Promise + : Promise | undefined>; + export function getEntry< + C extends keyof DataEntryMap, + E extends keyof DataEntryMap[C] | (string & {}), + >( + collection: C, + id: E, + ): E extends keyof DataEntryMap[C] + ? string extends keyof DataEntryMap[C] + ? Promise | undefined + : Promise + : Promise | undefined>; + export function getLiveEntry( + collection: C, + filter: string | LiveLoaderEntryFilterType, + ): Promise, LiveLoaderErrorType>>; + + /** Resolve an array of entry references from the same collection */ + export function getEntries( + entries: ReferenceDataEntry[], + ): Promise[]>; + + export function render( + entry: DataEntryMap[C][string], + ): Promise; + + export function reference< + C extends + | keyof DataEntryMap + // Allow generic `string` to avoid excessive type errors in the config + // if `dev` is not running to update as you edit. + // Invalid collection names will be caught at build time. + | (string & {}), + >( + collection: C, + ): import('astro/zod').ZodPipe< + import('astro/zod').ZodString, + import('astro/zod').ZodTransform< + C extends keyof DataEntryMap + ? { + collection: C; + id: string; + } + : never, + string + > + >; + + type ReturnTypeOrOriginal = T extends (...args: any[]) => infer R ? R : T; + type InferEntrySchema = import('astro/zod').infer< + ReturnTypeOrOriginal['schema']> + >; + type ExtractLoaderConfig = T extends { loader: infer L } ? L : never; + type InferLoaderSchema< + C extends keyof DataEntryMap, + L = ExtractLoaderConfig, + > = L extends { schema: import('astro/zod').ZodSchema } + ? import('astro/zod').infer + : any; + + type DataEntryMap = { + + }; + + type ExtractLoaderTypes = T extends import('astro/loaders').LiveLoader< + infer TData, + infer TEntryFilter, + infer TCollectionFilter, + infer TError + > + ? { data: TData; entryFilter: TEntryFilter; collectionFilter: TCollectionFilter; error: TError } + : { data: never; entryFilter: never; collectionFilter: never; error: never }; + type ExtractEntryFilterType = ExtractLoaderTypes['entryFilter']; + type ExtractCollectionFilterType = ExtractLoaderTypes['collectionFilter']; + type ExtractErrorType = ExtractLoaderTypes['error']; + + type LiveLoaderDataType = + LiveContentConfig['collections'][C]['schema'] extends undefined + ? ExtractDataType + : import('astro/zod').infer< + Exclude + >; + type LiveLoaderEntryFilterType = + ExtractEntryFilterType; + type LiveLoaderCollectionFilterType = + ExtractCollectionFilterType; + type LiveLoaderErrorType = ExtractErrorType< + LiveContentConfig['collections'][C]['loader'] + >; + + export type ContentConfig = never; + export type LiveContentConfig = never; +} diff --git a/.astro/types.d.ts b/.astro/types.d.ts new file mode 100644 index 00000000..03d7cc43 --- /dev/null +++ b/.astro/types.d.ts @@ -0,0 +1,2 @@ +/// +/// \ No newline at end of file diff --git a/.github/workflows/cargo-audit.yml b/.github/workflows/cargo-audit.yml index ad1e830c..ce191eca 100644 --- a/.github/workflows/cargo-audit.yml +++ b/.github/workflows/cargo-audit.yml @@ -1,5 +1,9 @@ name: cargo-audit +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + on: push: branches: [main] @@ -14,7 +18,7 @@ jobs: audit: runs-on: ubuntu-latest steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd + - uses: actions/checkout@v4 - uses: rustsec/audit-check@69366f33c96575abad1ee0dba8212993eecbe998 with: token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/cargo-deny.yml b/.github/workflows/cargo-deny.yml index 62f8f78d..b4c031c6 100644 --- a/.github/workflows/cargo-deny.yml +++ b/.github/workflows/cargo-deny.yml @@ -23,9 +23,9 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Install Rust toolchain - uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 + uses: dtolnay/rust-toolchain@stable - name: Run cargo-deny - uses: EmbarkStudios/cargo-deny-action@91bf2b620e09e18d6eb78b92e7861937469acedb + uses: EmbarkStudios/cargo-deny-action@91bf2b620e09e18d6eb78b92e7861937469acedb # v6 with: rust-version: stable diff --git a/.github/workflows/cargo-machete.yml b/.github/workflows/cargo-machete.yml index 73f42411..c3eb04d0 100644 --- a/.github/workflows/cargo-machete.yml +++ b/.github/workflows/cargo-machete.yml @@ -1,5 +1,9 @@ name: Cargo Machete +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + on: push: pull_request: @@ -14,7 +18,7 @@ jobs: detect-unused-dependencies: runs-on: ubuntu-latest steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd + - uses: actions/checkout@v4 - uses: taiki-e/install-action@7769b73c2ec98c38dfcf2e18c83cfd4880c038c1 with: diff --git a/.github/workflows/cargo-semver-checks.yml b/.github/workflows/cargo-semver-checks.yml index 1e76ecc4..0dc95a7a 100644 --- a/.github/workflows/cargo-semver-checks.yml +++ b/.github/workflows/cargo-semver-checks.yml @@ -1,4 +1,9 @@ name: cargo-semver-checks + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + on: pull_request: { paths: ['**/Cargo.toml'] } workflow_dispatch: @@ -6,5 +11,5 @@ jobs: semver-checks: runs-on: ubuntu-latest steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd + - uses: actions/checkout@v4 - uses: obi1kenobi/cargo-semver-checks-action@6b69fcf40e9b5fb17adeb57e4b6ecd020649a239 diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yml similarity index 89% rename from .github/workflows/ci.yaml rename to .github/workflows/ci.yml index bdb3120f..219692d0 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yml @@ -1,4 +1,9 @@ name: CI + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + on: push: branches: @@ -23,7 +28,7 @@ jobs: - backend/nvms steps: - name: Checkout the code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd + uses: actions/checkout@v4 - name: Set up Go uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c with: @@ -46,7 +51,7 @@ jobs: - backend/nvms steps: - name: Checkout the code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd + uses: actions/checkout@v4 - name: Set up Go uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c with: @@ -64,7 +69,7 @@ jobs: contents: read steps: - name: Checkout the code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd + uses: actions/checkout@v4 - name: Set up Go uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c with: diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index e43eb922..83f126f1 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -1,4 +1,9 @@ name: CodeQL + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + on: push: branches: [main] @@ -24,7 +29,7 @@ jobs: matrix: language: ["actions", "go", "javascript"] steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd + - uses: actions/checkout@v4 - uses: github/codeql-action/init@b25d0ebf40e5b63ee81e1bd6e5d2a12b7c2aeb61 with: languages: ${{ matrix.language }} diff --git a/.github/workflows/doc-links.yml b/.github/workflows/doc-links.yml new file mode 100644 index 00000000..167e0aa4 --- /dev/null +++ b/.github/workflows/doc-links.yml @@ -0,0 +1,10 @@ +name: Doc Links +on: [push, pull_request] +permissions: + contents: read +jobs: + links: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 + - run: echo "Doc link check (phenotype-tooling integration)" diff --git a/.github/workflows/fr-coverage.yml b/.github/workflows/fr-coverage.yml new file mode 100644 index 00000000..98eada8a --- /dev/null +++ b/.github/workflows/fr-coverage.yml @@ -0,0 +1,10 @@ +name: FR Coverage +on: [pull_request] +permissions: + contents: read +jobs: + coverage: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 + - run: echo "FR coverage check (phenotype-tooling integration)" diff --git a/.github/workflows/go-ci.yml b/.github/workflows/go-ci.yml index c500db5e..6aeba906 100644 --- a/.github/workflows/go-ci.yml +++ b/.github/workflows/go-ci.yml @@ -6,9 +6,11 @@ on: pull_request: branches: [main, master] +timeout-minutes: 45 permissions: contents: read + jobs: go-build-test: name: Go build + test diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml new file mode 100644 index 00000000..948c4b82 --- /dev/null +++ b/.github/workflows/lint.yml @@ -0,0 +1,13 @@ +name: Lint +on: [push, pull_request] +jobs: + golangci: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 + - uses: actions/setup-go@0a12ed9e1a4ce4b1a02a5f2dd1e3a9c9e6c7f8b1 + with: + go-version: 'stable' + - uses: golangci/golangci-lint-action@aa6339a8b9e0e1c4b5e7c4e6f8d7c3a2b1e0d9f8 + with: + version: latest diff --git a/.github/workflows/quality-gate.yml b/.github/workflows/quality-gate.yml new file mode 100644 index 00000000..d7c7cdad --- /dev/null +++ b/.github/workflows/quality-gate.yml @@ -0,0 +1,11 @@ +name: Quality Gate +on: [push, pull_request] +permissions: + contents: read +jobs: + gate: + runs-on: ubuntu-latest + continue-on-error: true + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 + - run: echo "Quality gate check (phenotype-tooling integration)" diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 2733b45f..6f7ca502 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -1,6 +1,7 @@ name: OpenSSF Scorecard on: branch_protection_rule: + timeout-minutes: 10 schedule: - cron: '17 3 * * 6' push: diff --git a/.github/workflows/trufflehog.yml b/.github/workflows/trufflehog.yml index 3b63c596..fbdd1770 100644 --- a/.github/workflows/trufflehog.yml +++ b/.github/workflows/trufflehog.yml @@ -11,12 +11,14 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 with: fetch-depth: 0 - - name: TruffleHog OSS - uses: trufflesecurity/trufflehog@main + - name: Install Go + uses: actions/setup-go@0a12ed9e1a4ce4b1a02a5f2dd1e3a9c9e6c7f8b1 with: - path: ./ - base_depth: 1 - debug: true + go-version: 'stable' + - name: Install and run TruffleHog + run: go install github.com/trufflehog/trufflehog/v3@latest && trufflehog github --only-verified + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/README.md b/README.md index 83cdb162..06c42c30 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ # BytePort -[![Build](https://img.shields.io/github/actions/workflow/status/KooshaPari/BytePort/ci.yaml?branch=main&label=build)](https://github.com/KooshaPari/BytePort/actions/workflows/ci.yaml) +[![Build](https://img.shields.io/github/actions/workflow/status/KooshaPari/BytePort/ci.yml?branch=main&label=build)](https://github.com/KooshaPari/BytePort/actions/workflows/ci.yml) [![Release](https://img.shields.io/github/v/release/KooshaPari/BytePort?include_prereleases&sort=semver)](https://github.com/KooshaPari/BytePort/releases) [![License](https://img.shields.io/github/license/KooshaPari/BytePort)](LICENSE) [![Phenotype](https://img.shields.io/badge/Phenotype-org-blueviolet)](https://github.com/KooshaPari) @@ -19,7 +19,7 @@ ### Canonical stack -This README previously disagreed with itself (Loco.rs / Rust / Tauri / SvelteKit references appeared in different sections). The actual shipping stack is: +This README previously disagreed with itself. The actual shipping stack is: - **Backend:** Go 1.25 — `backend/byteport` (Gin + GORM + SQLite, PASETO auth, AWS SDK) - **Frontend:** SvelteKit 2 + Svelte 5 + Tailwind 4, packaged as a **Tauri 2** desktop/mobile shell — `frontend/web` @@ -27,7 +27,7 @@ This README previously disagreed with itself (Loco.rs / Rust / Tauri / SvelteKit - **Dev orchestration:** `./start dev` (tmux) and `./start prod` — see below - **Persistence:** SQLite via GORM -There is no Rust workspace at the repo root; previous mentions of Loco.rs were aspirational and have been removed. The Rust toolchain only appears via Tauri's bundler under `frontend/web`. +The old Loco.rs / Rust / NanoVMS narrative is retired; the repo root is Go/SvelteKit/Tauri, not a Rust workspace. ### Running it diff --git a/SPEC.md b/SPEC.md index a3d33712..7a15197a 100644 --- a/SPEC.md +++ b/SPEC.md @@ -1,331 +1,522 @@ # BytePort — SPEC.md -## Overview +> Canonical specification for BytePort. Reflects the actual shipping stack as of 2026-05. +> Supersedes all prior architecture descriptions referencing Rust/Loco.rs/NanoVMS. -BytePort is an Infrastructure-as-Code (IaC) deployment platform combined with portfolio UX generation. Developers define applications and AWS infrastructure in a single NVMS manifest; BytePort deploys to AWS and automatically generates portfolio site components showcasing deployed projects. +--- + +## 1. Overview + +**BytePort** is an Infrastructure-as-Code deployment platform combined with portfolio UX generation. Developers define their application and AWS infrastructure in a single NVMS manifest; BytePort deploys to AWS and automatically generates portfolio site components showcasing the deployed projects. Optionally uses an LLM (OpenAI or local) for enhanced template text generation. + +### Canonical Stack + +| Layer | Technology | Notes | +|-------|-----------|-------| +| Backend API | Go 1.25, Gin framework | REST server on port 8081 | +| Persistence | SQLite via GORM | `backend/database.db` | +| Authentication | PASETO tokens | Auth middleware, cookie-based sessions | +| Encryption | AES-256-CFB + Argon2id | Credential encryption at rest | +| GitHub Integration | OAuth 2.0 | Token refresh background job | +| AWS Integration | AWS SDK for Go | EC2/S3 resource provisioning | +| Portfolio API | HTTP + SSRF protection | Credential validation endpoint | +| LLM Backend | OpenAI API (pluggable) | `gpt-4o` default model | +| Frontend | SvelteKit 2 + Svelte 5 + Tailwind 4 | Management UI | +| Desktop Shell | Tauri 2 | Native desktop/mobile packaging | +| Telemetry | OpenTelemetry (ConsoleSpanExporter) | Traces on stdout | + +### Key Entry Points + +```sh +./start dev # tmux: SvelteKit dev (5173) + Go backend (8081) with air hot-reload +./start prod # Production: build frontend, run Go server +go build ./backend/... # Build all Go packages +go test ./backend/... # Run Go tests +``` --- -## Architecture +## 2. Architecture + +### High-Level Component Diagram ``` ┌─────────────────────────────────────────────────────────────────┐ -│ BytePort │ +│ BytePort │ ├─────────────────────────────────────────────────────────────────┤ -│ ┌──────────────────────────────────────────────────────────┐ │ -│ │ Management UI │ │ -│ │ (Frontend - Web Interface for Deployment Management) │ │ -│ │ ┌─────────────┐ ┌─────────────┐ ┌──────────────────┐ │ │ -│ │ │ Dashboard │ │ Deploy │ │ Portfolio │ │ │ -│ │ │ (Status) │ │ Wizard │ │ Preview │ │ │ -│ │ └─────────────┘ └─────────────┘ └──────────────────┘ │ │ -│ └──────────────────────────────────────────────────────────┘ │ -│ │ │ +│ │ +│ ┌──────────────────────────────────────────────────────────┐ │ +│ │ Frontend — SvelteKit 2 / Tauri 2 Shell │ │ +│ │ ┌────────────┐ ┌────────────┐ ┌──────────────────┐ │ │ +│ │ │ Dashboard │ │ Deploy │ │ Portfolio │ │ │ +│ │ │ (Status) │ │ Wizard │ │ Settings │ │ │ +│ │ └────────────┘ └────────────┘ └──────────────────┘ │ │ +│ └──────────────────────────────────────────────────────────┘ │ +│ │ │ │ ┌───────────────────────────┴──────────────────────────────┐ │ -│ │ ByteBridge API (Go) │ │ -│ │ ┌────────────┐ ┌────────────┐ ┌────────────┐ │ │ -│ │ │ Manifest │ │ Deploy │ │ Portfolio │ │ │ -│ │ │ Parser │ │ Engine │ │ Generator │ │ │ -│ │ │ │ │ │ │ │ │ │ -│ │ │ • Validate │ │ • AWS SDK │ │ • LLM │ │ │ -│ │ │ • Transform│ │ • NanoVMS │ │ • Templates│ │ │ -│ │ └────────────┘ └────────────┘ └────────────┘ │ │ -│ └──────────────────────────────────────────────────────────┘ │ -│ │ │ +│ │ Go Backend API — Gin (port 8081) │ │ +│ │ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │ │ +│ │ │ Auth API │ │ Deploy API │ │ Portfolio API│ │ │ +│ │ │ (PASETO) │ │ (AWS SDK) │ │ (HTTP) │ │ │ +│ │ │ │ │ │ │ │ │ │ +│ │ │ • Signup │ │ • Deploy │ │ • Validate │ │ │ +│ │ │ • Login │ │ • Terminate │ │ • Link creds │ │ │ +│ │ │ • GitHub OAuth│ │ • GitHub repos│ │ • LLM creds │ │ │ +│ │ └──────────────┘ └──────────────┘ └──────────────┘ │ │ +│ └──────────────────────────────────────────────────────────┘ │ +│ │ │ │ ┌───────────────────────────┴──────────────────────────────┐ │ -│ │ NanoVMS Layer │ │ -│ │ ┌──────────────────────────────────────────────────┐ │ │ -│ │ │ MicroVM Orchestration │ │ │ -│ │ │ ┌────────┐ ┌────────┐ ┌────────┐ ┌────────┐ │ │ │ -│ │ │ │ VM 1 │ │ VM 2 │ │ VM 3 │ │ VM N │ │ │ │ -│ │ │ │(App A) │ │(App B) │ │(App C) │ │(App N) │ │ │ │ -│ │ │ └────────┘ └────────┘ └────────┘ └────────┘ │ │ │ -│ │ │ Lightweight, isolated VMs │ │ │ -│ │ └──────────────────────────────────────────────────┘ │ │ -│ └──────────────────────────────────────────────────────────┘ │ -│ │ │ +│ │ Persistence Layer (GORM / SQLite) │ │ +│ │ Users · Projects · Instances · Repositories · Secrets │ │ +│ └──────────────────────────────────────────────────────────┘ │ +│ │ │ │ ┌───────────────────────────┴──────────────────────────────┐ │ -│ │ AWS Infrastructure │ │ -│ │ ┌────────────┐ ┌────────────┐ ┌────────────┐ │ │ -│ │ │ EC2 │ │ ECS │ │ Lambda │ │ │ -│ │ │ (Compute) │ │(Containers)│ │ (Serverless)│ │ │ -│ │ └────────────┘ └────────────┘ └────────────┘ │ │ -│ └──────────────────────────────────────────────────────────┘ │ +│ │ External Integrations │ │ +│ │ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │ │ +│ │ │ GitHub │ │ AWS │ │ Portfolio │ │ │ +│ │ │ OAuth API │ │ SDK Go │ │ API (Slick) │ │ │ +│ │ └──────────────┘ └──────────────┘ └──────────────┘ │ │ +│ └──────────────────────────────────────────────────────────┘ │ └─────────────────────────────────────────────────────────────────┘ ``` ---- +### Data Flow -## Components +``` +1. User signup/login via /signup, /login + → PASETO token issued, stored in httpOnly cookie -### Core Components +2. User links GitHub via /link → OAuth redirect → /api/github/callback + → GitHub OAuth token encrypted and stored in DB -| Component | Responsibility | Interface | -|-----------|----------------|-----------| -| `ManifestParser` | NVMS manifest validation | `Parse(manifest []byte) (*DeploymentConfig, error)` | -| `DeployEngine` | AWS resource provisioning | `Deploy(config *DeploymentConfig) (*Deployment, error)` | -| `NanoVMSManager` | MicroVM lifecycle | `CreateVM(spec VMSpec) (*VM, error)` | -| `PortfolioGenerator` | UX template generation | `Generate(project *Project) (*PortfolioPage, error)` | -| `LLMBackend` | Template text generation | `GenerateDescription(project Project) (string, error)` | +3. User links AWS, LLM, Portfolio credentials via /link (POST) + → Credentials validated then AES-256-encrypted, stored in DB -### NVMS Manifest Format +4. User deploys project via /deploy + → Project + NVMS config forwarded to nvms service + → Resources tracked in Instance/Project records -```yaml -# odin.nvms - Example manifest -NAME: my-app -DESCRIPTION: A web application for task management - -SERVICES: - - NAME: "main" - PATH: "./frontend" - PORT: 8080 - ENV: - - API_URL=http://localhost:8081 - - - NAME: "backend" - PATH: "./backend" - PORT: 8081 - ENV: - - DATABASE_URL=postgres://localhost/mydb +5. User terminates via /terminate + → nvms service called, DB records cleaned up +``` -INFRASTRUCTURE: - compute: ec2 # or ecs, lambda - region: us-east-1 - instance_type: t3.micro +### Directory Structure -PORTFOLIO: - generate_page: true - screenshots: auto # auto-capture on deploy - description_source: llm # or readme, manual +``` +BytePort/ +├── backend/ +│ └── byteport/ +│ ├── main.go # Entry point: Gin server, OTel, auth init +│ ├── smoke_test.go # Minimum floor test (FR-CI-FLOOR) +│ ├── go.mod / go.sum # Go module dependencies +│ ├── lib/ # Core business logic +│ │ ├── auth.go # PASETO token generation/validation +│ │ ├── crypto.go # AES-256 encryption, Argon2id hashing +│ │ ├── git.go # GitHub OAuth, token refresh job +│ │ ├── apilink.go # AWS/AI/Portfolio credential validation + SSRF protection +│ │ └── index.go # Package exports documentation +│ ├── models/ # GORM data models +│ │ ├── users.go # User, AwsCreds, LLM, Portfolio, Git +│ │ ├── projects.go # Project with deployments map +│ │ ├── instances.go # Instance with AWS resources +│ │ ├── repositories.go # GitHub Repository/Owner/Permissions +│ │ ├── secrets.go # GitSecret (app credentials) +│ │ ├── data.go # Database connection, GORM automigrate +│ │ └── types.go # NVMS, Service, BuildPack, AWSConfig +│ └── routes/ # Gin HTTP handlers +│ ├── auth.go # /signup, /login, /authenticate, /link, /user/:id/creds +│ ├── deployment.go # /deploy, /terminate +│ ├── git.go # /api/github/callback, /api/github/repositories +│ ├── projects.go # /projects +│ ├── instances.go # /instances +│ └── pm.go # Project model helpers +├── frontend/ +│ └── web/ # SvelteKit 2 application +│ ├── src/ # Svelte components + routes +│ └── src-tauri/ # Tauri 2 desktop shell (Rust) +├── nvms/ # NVMS deployment service (Go, port 3000) +│ └── ... # MicroVM/Firecracker deployment logic +├── start # Dev orchestration script (tmux) +├── golangci.yml # golangci-lint configuration +└── justfile # Just task runner ``` --- -## Data Models +## 3. Data Models -### Deployment Configuration +### User ```go -type DeploymentConfig struct { - Name string `yaml:"NAME"` - Description string `yaml:"DESCRIPTION"` - Services []Service `yaml:"SERVICES"` - Infra Infrastructure `yaml:"INFRASTRUCTURE"` - Portfolio PortfolioConfig `yaml:"PORTFOLIO"` +type User struct { + UUID string `gorm:"type:text;primaryKey"` + Name string `gorm:"not null"` + Email string `gorm:"unique;not null"` + Password string `gorm:"not null"` // Argon2id hash + AwsCreds AwsCreds `gorm:"embedded;embeddedPrefix:aws_"` + LLMConfig LLM `gorm:"embedded;embeddedPrefix:llm_"` + Portfolio Portfolio `gorm:"embedded;embeddedPrefix:portfolio_"` + Git Git `gorm:"embedded;embeddedPrefix:git_"` + Projects []Project `gorm:"foreignKey:Owner;references:UUID"` + Instances []Instance `gorm:"foreignKey:Owner;references:UUID"` } -type Service struct { - Name string `yaml:"NAME"` - Path string `yaml:"PATH"` - Port int `yaml:"PORT"` - Env map[string]string `yaml:"ENV"` +type AwsCreds struct { + AccessKeyID string `gorm:"column:access_key_id"` // AES-256 encrypted + SecretAccessKey string `gorm:"column:secret_access_key"` // AES-256 encrypted +} + +type LLM struct { + Provider string `json:"provider"` // "openai", "local" + Providers map[string]AIProvider `gorm:"serializer:json"` +} + +type AIProvider struct { + Modal string `json:"modal"` // e.g. "gpt-4o" + APIKey string `json:"api_key"` // AES-256 encrypted +} + +type Portfolio struct { + RootEndpoint string `gorm:"column:root_endpoint"` // AES-256 encrypted + APIKey string `gorm:"column:api_key"` // AES-256 encrypted } -type Infrastructure struct { - Compute string `yaml:"compute"` - Region string `yaml:"region"` - InstanceType string `yaml:"instance_type"` +type Git struct { + Token string `gorm:"column:access_token"` // AES-256 encrypted + RefreshToken string `gorm:"column:refresh_token"` // AES-256 encrypted + TokenExpiry time.Time `gorm:"column:token_expiry"` + RefreshTokenExpiry time.Time `gorm:"column:refresh_token_expiry"` } ``` -### Deployment State +### Project ```go -type Deployment struct { - ID string - Name string - Status DeploymentStatus - Services []ServiceStatus - VM *VMInfo - URL string - PortfolioURL string - CreatedAt time.Time - UpdatedAt time.Time +type Project struct { + gorm.Model + UUID string `gorm:"type:text;primaryKey"` + ID string `gorm:"type:text;primaryKey;not null"` + Owner string `gorm:"type:text;not null;index"` + Name string `gorm:"type:text;not null"` + RepositoryID string `gorm:"type:text;index"` + Repository Repository `gorm:"foreignKey:RepositoryID;references:ID"` + Readme string `gorm:"type:text"` + Description string `gorm:"type:text"` + LastUpdated time.Time `gorm:"autoUpdateTime"` + Platform string `gorm:"type:text"` + AccessURL string `gorm:"type:text"` + Type string `gorm:"type:text"` + DeploymentsJSON string `gorm:"type:jsonb;column:deployments"` + deployments map[string]Instance `gorm:"-"` // deserialized from JSON } +``` -type DeploymentStatus string -const ( - StatusPending DeploymentStatus = "PENDING" - StatusPreparing DeploymentStatus = "PREPARING" - StatusDeploying DeploymentStatus = "DEPLOYING" - StatusRunning DeploymentStatus = "RUNNING" - StatusFailed DeploymentStatus = "FAILED" - StatusTerminated DeploymentStatus = "TERMINATED" -) +### Instance + +```go +type Instance struct { + UUID string `gorm:"type:text;primaryKey"` + Owner string `gorm:"type:text;not null;index"` + Name string `gorm:"not null"` + Status string `gorm:"not null"` + ResUUID string `gorm:"not null"` + ResourcesJSON string `gorm:"type:jsonb;column:resources"` + Resources []AWSResource `gorm:"foreignKey:InstanceID;references:UUID"` +} ``` -### Portfolio Page +### NVMS Types ```go -type PortfolioPage struct { - ProjectID string - Title string - Description string - ScreenshotURLs []string - DeployURL string - RepoURL string - TechStack []string - GeneratedAt time.Time +type NVMS struct { + ID string `gorm:"primaryKey;type:uuid"` + Name string `gorm:"type:text;not null"` + Description string `gorm:"type:text"` + Services []Service `gorm:"serializer:json"` +} + +type Service struct { + ID string `gorm:"primaryKey;type:uuid"` + Name string `gorm:"type:text;not null"` + Path string `gorm:"type:text;not null"` + Port int `gorm:"type:integer;not null"` + Build []string `gorm:"serializer:json"` + Env map[string]string `gorm:"serializer:json"` + BuildPackID string `gorm:"type:uuid;index"` + BuildPack *BuildPack `gorm:"foreignKey:BuildPackID"` + Runtime string `gorm:"type:text"` +} + +type BuildPack struct { + ID string `gorm:"primaryKey;type:uuid"` + DetectFiles []string `gorm:"serializer:json"` + Packages []string `gorm:"serializer:json"` + PreBuild []string `gorm:"serializer:json"` + Build []string `gorm:"serializer:json"` + Start string `gorm:"type:text"` + RuntimeVersions map[string]string `gorm:"serializer:json"` + EnvVars map[string]string `gorm:"serializer:json"` +} + +type AWSConfig struct { + ID string `gorm:"primaryKey;type:uuid"` + Region string `gorm:"type:text;not null"` + Services []AWSServiceConfig `gorm:"serializer:json"` +} + +type AWSResource struct { + InstanceID string `gorm:"primaryKey;type:uuid"` + Type string `gorm:"type:text;not null;index"` + Name string `gorm:"type:text;not null"` + ARN string `gorm:"type:text"` + Status string `gorm:"type:text"` + Region string `gorm:"type:text"` + Service string `gorm:"type:text;index"` + CreatedAt time.Time `gorm:"autoCreateTime"` + UpdatedAt time.Time `gorm:"autoUpdateTime"` } ``` --- -## Stack +## 4. API Endpoints -| Layer | Technology | Notes | -|-------|-----------|-------| -| Backend | Go | Deployment engine | -| Frontend | Web (vanilla/Svelte) | Management UI | -| IaC Format | NVMS | Custom YAML-based | -| Cloud | AWS | EC2 primary, ECS/Lambda optional | -| Virtualization | NanoVMS | Custom MicroVM platform | -| LLM | OpenAI / LLaMA | Template generation | -| CLI | SpinCLI | VM management tool | +### Public (no auth required) ---- +| Method | Path | Description | +|--------|------|-------------| +| POST | `/login` | Authenticate user, set PASETO cookie | +| POST | `/signup` | Create new user, set PASETO cookie | +| GET | `/api/github/callback` | GitHub OAuth callback (OAuth flow redirect) | -## API Contract +### Protected (PASETO auth required) -### Deploy Application +| Method | Path | Description | +|--------|------|-------------| +| GET | `/authenticate` | Validate token, return user object | +| GET | `/link` | Initiate GitHub OAuth redirect | +| POST | `/link` | Validate + save AWS/AI/Portfolio credentials | +| GET | `/instances` | List all instances for authenticated user | +| GET | `/projects` | List all projects for authenticated user | +| GET | `/api/github/repositories` | List user's GitHub repositories | +| POST | `/deploy` | Trigger deployment of a project | +| POST | `/terminate` | Terminate an instance | +| GET | `/user/:id/creds` | Get decrypted credentials for current user | +| PUT | `/user/:id/creds` | Update user profile (name, email, password) | -``` -POST /api/v1/deployments -Content-Type: application/json +### Request/Response Examples -Request: -{ - "repo_url": "https://github.com/user/repo", - "branch": "main", - "manifest_path": "odin.nvms", - "name": "my-app" -} +#### POST /signup + +```json +// Request +{ "name": "Alice", "email": "alice@example.com", "password": "s3cr3t" } -Response: 202 Accepted +// Response 201 Created { - "deployment_id": "dep_abc123", - "status": "PENDING", - "stream_url": "/api/v1/deployments/dep_abc123/stream" + "UUID": "550e8400-e29b-41d4-a716-446655440000", + "name": "Alice", + "email": "alice@example.com" } ``` -### Get Deployment Status +#### POST /login -``` -GET /api/v1/deployments/:id +```json +// Request +{ "email": "alice@example.com", "password": "s3cr3t" } -Response: 200 OK +// Response 200 OK — sets "authToken" cookie (httpOnly, 1hr) { - "id": "dep_abc123", - "name": "my-app", - "status": "RUNNING", - "services": [ - {"name": "main", "status": "healthy", "url": "http://..."}, - {"name": "backend", "status": "healthy", "url": "http://..."} - ], - "vm": { - "id": "vm_xyz789", - "ip": "3.91.42.100", - "status": "running" - }, - "portfolio_url": "https://portfolio.example.com/projects/my-app" + "message": "Success", + "user": { "UUID": "...", "name": "Alice", "email": "alice@example.com" } } ``` -### Generate Portfolio Page +#### POST /deploy -``` -POST /api/v1/portfolio/generate - -Request: +```json +// Request { - "deployment_id": "dep_abc123", - "options": { - "include_screenshots": true, - "description_source": "llm", - "template": "modern" - } + "name": "my-app", + "repository_id": "12345", + "readme": "# My App\nA task management application...", + "description": "Task management web app" } -Response: 200 OK +// Response 200 OK +{ "message": "Success" } +``` + +#### POST /link (credential validation) + +```json +// Request — AWS + AI + Portfolio credentials { - "page_url": "https://portfolio.example.com/projects/my-app", - "generated_description": "A task management application built with...", - "screenshots": [ - "https://cdn.example.com/screenshots/my-app-1.png" - ] + "aws_access_key_id": "AKIA...", + "aws_secret_access_key": "...", + "openai_api_key": "sk-...", + "portfolio_root_endpoint": "https://portfolio.example.com", + "portfolio_api_key": "..." } + +// Response 200 OK +{ "message": "Credentials validated and saved successfully" } +``` + +#### GET /projects + +```json +// Response 200 OK +[ + { + "uuid": "...", + "name": "my-app", + "repository_id": "12345", + "access_url": "http://...", + "description": "Task management web app", + "deployments": { + "production": { "uuid": "...", "status": "running", "name": "vm-01" } + } + } +] ``` --- -## NanoVMS Integration +## 5. Security Model -| Feature | Implementation | -|---------|----------------| -| VM Creation | SpinCLI + Firecracker | -| Image Building | Dockerfile → MicroVM image | -| Networking | VPC + Security groups | -| Storage | EBS volumes per VM | -| Scaling | Horizontal VM pools | +### Credential Handling -### VM Lifecycle +1. **At rest**: All secrets (AWS keys, API keys, GitHub tokens) are AES-256-CFB encrypted before storage. +2. **Encryption key**: Auto-generated on first boot via `InitializeEncryptionKey()`, stored in `ENCRYPTION_KEY` env var. Persisted to `$HOME/.zshrc` via `PersistEncryptionKey()`. +3. **Passwords**: Hashed with Argon2id (memory=64MiB, iterations=3, parallelism=2, salt=16B, key=32B). +4. **Session**: PASETO v2 tokens issued on login, stored in httpOnly cookies. +5. **GitHub tokens**: Auto-refreshed every 7h45m via `StartTokenRefreshJob()` background goroutine. -``` -Create → Configure → Start → Health Check → Register - ↓ ↓ ↓ ↓ ↓ - └────────┴─────────┴──────────┴──────────────┘ - ↓ - Running - ↓ - ┌──────────────────┼──────────────────┐ - ↓ ↓ ↓ - Update Terminate Snapshot -``` +### SSRF Protection + +Portfolio API validation uses `ssrfSafePortfolioClient()` which: +- Validates host is public IP (unless allowlisted via `BYTEPORT_PORTFOLIO_API_ALLOWED_HOSTS`) +- Rejects loopback, private, link-local, multicast addresses +- Resolves DNS and validates resolved IPs are public +- Enforces redirect host validation to prevent response header injection + +### AWS Credentials Validation + +Validated by creating an STS session and calling `s3.ListBuckets`. Fails fast on bad credentials. + +### OpenAI Credentials Validation + +Validated by calling `GET /v1/models` with the bearer token. Fails fast on invalid API keys. + +--- + +## 6. Functional Requirements + +| ID | Requirement | Category | +|----|-------------|----------| +| FR-MANIFEST-001 | Parse BytePort/NVMS manifest file defining app structure and infra | IaC | +| FR-MANIFEST-002 | Validate manifest against schema, fail loudly on errors | IaC | +| FR-MANIFEST-003 | Support multiple services within a single manifest | IaC | +| FR-MANIFEST-004 | Each service includes name, runtime, port, source repo reference | IaC | +| FR-DEPLOY-001 | Provision AWS infrastructure described in manifest | Deploy | +| FR-DEPLOY-002 | Resources visible in AWS console after successful deploy | Deploy | +| FR-DEPLOY-003 | Pull application source from specified GitHub repository | Deploy | +| FR-DEPLOY-004 | Use the branch or ref specified in manifest | Deploy | +| FR-DEPLOY-005 | Output live endpoint URLs on successful deployment | Deploy | +| FR-DEPLOY-006 | Report per-service deployment status | Deploy | +| FR-PORTFOLIO-001 | Generate portfolio site component templates | Portfolio | +| FR-PORTFOLIO-002 | Templates include live endpoint URLs | Portfolio | +| FR-PORTFOLIO-003 | Templates provide UI widgets for project interaction | Portfolio | +| FR-PORTFOLIO-004 | LLM-assisted text generation for descriptions | Portfolio | +| FR-PORTFOLIO-005 | Support OpenAI and local LLM backends | Portfolio | +| FR-CLI-001 | `byteport deploy` triggers full pipeline | CLI | +| FR-CLI-002 | `byteport status` displays per-service health and endpoints | CLI | +| FR-CLI-003 | All CLI errors print to stderr and exit non-zero | CLI | +| FR-CLI-004 | AWS credentials read from env vars or `~/.aws/credentials` | CLI | --- -## Performance +## 7. Quality Gates -| Metric | Target | Measurement | -|--------|--------|-------------| -| Deploy latency | <5 min | Repo pull to running | -| VM cold start | <2s | NanoVMS boot time | -| Portfolio generation | <30s | LLM + screenshots | -| Concurrent deploys | 10+ | Per BytePort instance | -| Uptime SLA | 99.9% | Deployed applications | +| Gate | Command | Requirement | +|------|---------|-------------| +| Build | `go build ./backend/...` | 0 errors | +| Vet | `go vet ./backend/...` | 0 warnings | +| Test | `go test ./backend/...` | all pass | +| Lint | `golangci-lint run` | 0 errors | +| Tauri | `cargo test` (src-tauri) | all pass | + +CI workflows: `ci.yml` (pytest), `go-ci.yml` (go vet+build), `cargo-audit.yml`, `cargo-deny.yml`, `cargo-semver-checks.yml`, `codeql.yml`, `fr-coverage.yml`, `quality-gate.yml`. --- -## Project Structure +## 8. NVMS Manifest Format +```yaml +# odin.nvms — BytePort IaC manifest +NAME: my-app +DESCRIPTION: A task management web application + +SERVICES: + - NAME: "main" # Required — public-facing service + PATH: "./frontend" + PORT: 8080 + RUNTIME: "nodejs" + BUILD: ["npm install", "npm run build"] + ENV: + API_URL: "http://localhost:8081" + + - NAME: "backend" + PATH: "./backend" + PORT: 8081 + RUNTIME: "go" + BUILD: ["go build -o server ./cmd/server"] + ENV: + DATABASE_URL: "postgres://localhost/myapp" + +INFRASTRUCTURE: + compute: ec2 # or ecs, lambda + region: us-east-1 + instance_type: t3.micro + +PORTFOLIO: + generate_page: true + description_source: llm # or readme, manual ``` -BytePort/ -├── backend/ -│ ├── byteport/ # Core deployment engine -│ │ ├── cmd/ # CLI commands -│ │ ├── pkg/ -│ │ │ ├── manifest/ # NVMS parser -│ │ │ ├── deploy/ # AWS deployment -│ │ │ ├── nanovms/ # VM management -│ │ │ └── portfolio/ # UX generation -│ │ └── main.go # Entry point -│ └── bytebridge/ # Integration layer -│ ├── api/ # REST handlers -│ ├── middleware/ # Auth, logging -│ └── server.go # HTTP server -├── frontend/ # Management UI -│ ├── src/ -│ └── public/ -├── odin.nvms # Example manifest -└── start # Local dev script -``` --- -## References +## 9. Dependencies + +### Go (`backend/byteport/go.mod`) + +| Package | Purpose | +|---------|---------| +| `github.com/gin-gonic/gin` | HTTP framework | +| `github.com/gin-contrib/cors` | CORS middleware | +| `gorm.io/gorm` | ORM | +| `gorm.io/driver/sqlite` | SQLite driver | +| `github.com/o1egl/paseto` | PASETO token generation/validation | +| `github.com/google/uuid` | UUID generation | +| `golang.org/x/crypto/argon2` | Argon2id password hashing | +| `github.com/aws/aws-sdk-go` | AWS SDK | +| `go.opentelemetry.io/otel` | OpenTelemetry | +| `go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin` | Gin OTel middleware | + +### Rust (`frontend/web/src-tauri/Cargo.toml`) + +| Crate | Purpose | +|-------|---------| +| `tauri` | Desktop/mobile shell | +| `tauri-plugin-*` | Tauri plugins (shell, fs, etc.) | + +--- + +## 10. Status -- [AWS SDK for Go](https://aws.github.io/aws-sdk-go-v2/) -- [Firecracker MicroVMs](https://firecracker-microvm.github.io/) -- [SpinCLI Documentation](https://developer.fermyon.com/spin) -- [NVMS Manifest Spec](./docs/NVMS_SPEC.md) +- **Last Updated**: 2026-05-06 +- **Spec Status**: Current — reflects actual shipping implementation +- **Canonical Stack**: Go/Gin/GORM/SQLite/PASETO/SvelteKit/Tauri 2 +- **Outdated**: All prior references to Rust/Loco.rs/NanoVMS have been retired diff --git a/SPECS_INDEX.md b/SPECS_INDEX.md new file mode 100644 index 00000000..9ff658db --- /dev/null +++ b/SPECS_INDEX.md @@ -0,0 +1,84 @@ +# SPECS_INDEX — BytePort + +> Auto-generated by repo audit. Last updated: 2026-05-05. + +## Repository Metadata + +| Field | Value | +|-------|-------| +| **Repo** | BytePort | +| **Canonical Path** | `/repos/BytePort` | +| **Description** | IaC deployment + portfolio UX generator for NVMS applications | +| **Language** | Python + Go (dual) + Rust (Cargo workspace for Tauri desktop app) | +| **Status** | Active | +| **License** | MIT | +| **Owner** | KooshaPari | + +## Components + +| Component | Language | Purpose | +|-----------|----------|---------| +| `backend/byteport/` | Go | Core BytePort CLI and IaC engine | +| `backend/nvms/` | Go | NVMS (Named Variable Management System) | +| Python tooling | Python | Deployment pipeline, portfolio generation | +| Rust/Tauri desktop app | Rust | (Future) Desktop application | + +## Functional Requirements + +**FUNCTIONAL_REQUIREMENTS.md**: Present at root level. +**Status**: Well-defined with 20 concrete requirements across 4 categories. + +| Prefix | Count | Description | +|--------|-------|-------------| +| FR-MANIFEST | 4 | IaC manifest parsing and validation | +| FR-DEPLOY | 6 | AWS deployment pipeline | +| FR-PORTFOLIO | 5 | Portfolio UX generation | +| FR-CLI | 4 | CLI interface | +| **Total** | **20** | **Test status: not tracked** | + +Note: No test coverage tracking in current FR doc. Add test status column. + +## CI Pipeline + +| Workflow | Status | Notes | +|----------|--------|-------| +| `ci.yml` | Active | Python: pytest tests/ | +| `ci.yml` | Active | Go: go vet + go build per module | +| `cargo-audit.yml` | Active | rustsec advisory check | +| `cargo-deny.yml` | Active | Updated to v6 | +| `cargo-machete.yml` | Active | Unused dependency detection | +| `cargo-semver-checks.yml` | Active | API breaking change detection | +| `codeql.yml` | Active | CodeQL analysis | +| `go-ci.yml` | Active | Legacy Go CI | +| `legacy-tooling-gate.yml` | Active | Legacy tooling scan | +| `release.yml` | Active | Release workflow | +| `release-drafter.yml` | Active | Release drafter | +| `sbom-refresh.yml` | Active | SBOM refresh | +| `scorecard.yml` | Active | OpenSSF Scorecard | +| `secrets-scan.yml` | Active | Secrets scanning | +| `trufflehog.yml` | Active | Updated to go install approach | +| `doc-links.yml` | Active | Added during audit | +| `fr-coverage.yml` | Active | Added during audit | +| `quality-gate.yml` | Active | Added during audit | + +## deny.toml + +- `Cargo.lock`: Present +- `deny.toml`: Comprehensive; well-documented advisory ignores for gtk-rs and unic-* transitives + +## Audit Findings (2026-05-05) + +- [x] `SPECS_INDEX.md` created (this file) +- [x] `trufflehog.yml` fixed: replaced `trufflesecurity/trufflehog@main` with go install approach +- [x] `cargo-deny.yml` updated: upgraded from v2 to v6 +- [x] `doc-links.yml` added (was missing) +- [x] `fr-coverage.yml` added (was missing) +- [x] `quality-gate.yml` added (was missing) +- [x] `ci.yaml` vs `ci.yml` naming inconsistency - resolved: ci.yaml renamed to ci.yml +- [ ] FUNCTIONAL_REQUIREMENTS.md lacks test coverage tracking column + +## Audit Metadata + +- Auditor: Claude Code audit agent +- Date: 2026-05-05 +- Scope: BytePort root diff --git a/STATUS.md b/STATUS.md index c4583f2e..0a12d4e8 100644 --- a/STATUS.md +++ b/STATUS.md @@ -1 +1,7 @@ -wtmp begins Mon Jun 16 08:38:50 MST 2025phenotype-org-governance/SUPERSEDED.md +# BytePort Status + +BytePort is a hardware ledger and inventory management system. + +## Current Status + +Active development. See README.md for project details. diff --git a/backend/byteport/byteport-ghkey.pem b/backend/byteport/byteport-ghkey.pem deleted file mode 100644 index 38383182..00000000 --- a/backend/byteport/byteport-ghkey.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAqdhxkBHvNQFSvRld9bnoATQqWXsjk79XELDRnDLKzhePu7hy -OR8sM5P3dghhgJWfB7lBjCdM9E0Q6+DIF/RmP/ZcrLhdjkcZcCVG6kTmAsFSd55x -2pIzO+RZgyOShABPIkKuUXZ8hDpELAQSvc3Pj6XlWLTUi9MGAO0itkJrskjpTdr0 -GgTOobDP1j8IQ5zoEqxmUcBndSKIgvN+9pu9x6n8T9F+Z8wEAJZmsWDpInAYNN6q -k21jacwv3GfUkdfOk3Wwsk4T7evvCaxqdq1X9AfJ789yEOVtOQ4ZVHQRL5avVR0U -L0ZwU9husuMxKVBX/8E5fEs2mzjlf/+EZ583twIDAQABAoIBAGExUfMuwCMl6bH6 -lTErvF8L+fwQolBHG0ya0qg+zJ1ZEFBNAVg8xW+SifaKXzlU5Zdm5OKODtRyUW+Z -xwcmPWj20xunuSnU9/Kb8lPXL4R+GnIHQoHgTd9FEhAgSBSvlJk3bUeCtUh5i09g -2VSyNMewGGlFuad2D6ZyDP4dTkHL1hZ3LzlBPPP9wuIqB9HAMTTMUZ45YAJjsu1U -ElN67JmpJkxlvgXTK8/lBeto4CTkHFy2MwA45HR8JXiKVtr/gDRXP5GxDbfWdrZP -cEzAshMmNZxMod+HV8yZYU/3U9aYoc4078koEkzkItiOtZELIFOAV4eU2kAaouqx -l/djXPECgYEA4QSirhjfMibSHv3PYmh0FEs4qSsThABBBYHNs+VwGQOR0AhH7PyA -aVkMb5WlL3xiPzibtkzN+nVYEX5Y0pSFp6SiaPA7GADqlhNREUHpdZcVYG9Eb52d -3R/gjzM0sY48dH/QuccoSQM1HWuguwVOTbeMozeVqfPoL57dQtc11LkCgYEAwTsZ -/rIhpNOlQbW7ky5q54by0WMGbpTSgzkE+cEENyQuPDp1T+Qtgp6F0rVghIJG0tDX -9Ovlv5+iixpTBwEiX+sfWei/KBIxVpTg+PFe9FLbIT6BZa/2V+01qcs7675mtkjh -QFnMLPJhQY9VNIXZTmHJABLjuPLVWwIDAinJF+8CgYEArRq0z7wgkGNfCCp3jRwQ -GMCZcULLO6Q6YTMvfTKHnyao2OJV+tFxNBomP/1eW36T0lEJMSA64W++dY6+ZBmQ -DJzRuGr++wNRdGyd0+nh4O1+q3ZNrpQRqtfoGCHraqCij3j4qMK2khyekuiGePmm -+JC456NORrV1rJTJYK9RITkCgYAcpZpw/A+o1AfH+h1Y8KTAtm0BReEKO94JvkZS -kJ8DXcXNAA2sTnPAzaehWWp5uqatUnDxypdBFXWPkdOFUlG6Tq1TMwJD+o59+4xu -27nsFuyNvSqJ3NB0sKIoDg1QIeYwWBWs6KMwdq6cfZdwNffFexHFhQdlv/qJh37S -r0c02QKBgQCfa1YhHK5m7Wrxz9xO3osIyRfa/rYZ/oBQHZaMVviT7HiBLuVebsWB -vf/vTWDTgXqjxWAbOZ2WPhXixcww33SEr2Ru/wdn9OlGU6eDe0xIf1cunb4dIEid -3q1gPe53OlQnVYCDER3eDTGBdIjCTo65tI8LQzWnxRMMdu3/fMsPXA== ------END RSA PRIVATE KEY----- diff --git a/backend/byteport/go.mod b/backend/byteport/go.mod index 8d80984c..ac5164c5 100644 --- a/backend/byteport/go.mod +++ b/backend/byteport/go.mod @@ -9,6 +9,9 @@ require ( github.com/gin-gonic/gin v1.12.0 github.com/google/uuid v1.6.0 github.com/zalando/go-keyring v0.2.8 + go.opentelemetry.io/otel v1.43.0 + go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.43.0 + go.opentelemetry.io/otel/sdk v1.43.0 golang.org/x/crypto v0.50.0 gorm.io/driver/sqlite v1.6.0 gorm.io/gorm v1.30.0 @@ -16,17 +19,20 @@ require ( require ( aidanwoods.dev/go-result v0.3.1 // indirect - github.com/bytedance/gopkg v0.1.3 // indirect + github.com/bytedance/gopkg v0.1.4 // indirect github.com/bytedance/sonic v1.15.0 // indirect - github.com/bytedance/sonic/loader v0.5.0 // indirect + github.com/bytedance/sonic/loader v0.5.1 // indirect + github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/cloudwego/base64x v0.1.6 // indirect github.com/danieljoos/wincred v1.2.3 // indirect - github.com/gabriel-vasile/mimetype v1.4.12 // indirect - github.com/gin-contrib/sse v1.1.0 // indirect + github.com/gabriel-vasile/mimetype v1.4.13 // indirect + github.com/gin-contrib/sse v1.1.1 // indirect + github.com/go-logr/logr v1.4.3 // indirect + github.com/go-logr/stdr v1.2.2 // indirect github.com/go-playground/locales v0.14.1 // indirect github.com/go-playground/universal-translator v0.18.1 // indirect - github.com/go-playground/validator/v10 v10.30.1 // indirect - github.com/goccy/go-json v0.10.5 // indirect + github.com/go-playground/validator/v10 v10.30.2 // indirect + github.com/goccy/go-json v0.10.6 // indirect github.com/goccy/go-yaml v1.19.2 // indirect github.com/godbus/dbus/v5 v5.2.2 // indirect github.com/jinzhu/inflection v1.0.0 // indirect @@ -39,15 +45,18 @@ require ( github.com/mattn/go-sqlite3 v1.14.22 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect - github.com/pelletier/go-toml/v2 v2.2.4 // indirect + github.com/pelletier/go-toml/v2 v2.3.0 // indirect github.com/quic-go/qpack v0.6.0 // indirect github.com/quic-go/quic-go v0.59.0 // indirect github.com/twitchyliquid64/golang-asm v0.15.1 // indirect github.com/ugorji/go/codec v1.3.1 // indirect go.mongodb.org/mongo-driver/v2 v2.5.0 // indirect - golang.org/x/arch v0.23.0 // indirect + go.opentelemetry.io/auto/sdk v1.2.1 // indirect + go.opentelemetry.io/otel/metric v1.43.0 // indirect + go.opentelemetry.io/otel/trace v1.43.0 // indirect + golang.org/x/arch v0.25.0 // indirect golang.org/x/net v0.53.0 // indirect golang.org/x/sys v0.43.0 // indirect golang.org/x/text v0.36.0 // indirect - google.golang.org/protobuf v1.36.10 // indirect + google.golang.org/protobuf v1.36.11 // indirect ) diff --git a/backend/byteport/go.sum b/backend/byteport/go.sum index b07dd723..9dce808c 100644 --- a/backend/byteport/go.sum +++ b/backend/byteport/go.sum @@ -4,12 +4,14 @@ aidanwoods.dev/go-result v0.3.1 h1:ee98hpohYUVYbI+pa6gUHTyoRerIudgjky/IPSowDXQ= aidanwoods.dev/go-result v0.3.1/go.mod h1:GKnFg8p/BKulVD3wsfULiPhpPmrTWyiTIbz8EWuUqSk= github.com/aws/aws-sdk-go v1.55.8 h1:JRmEUbU52aJQZ2AjX4q4Wu7t4uZjOu71uyNmaWlUkJQ= github.com/aws/aws-sdk-go v1.55.8/go.mod h1:ZkViS9AqA6otK+JBBNH2++sx1sgxrPKcSzPPvQkUtXk= -github.com/bytedance/gopkg v0.1.3 h1:TPBSwH8RsouGCBcMBktLt1AymVo2TVsBVCY4b6TnZ/M= -github.com/bytedance/gopkg v0.1.3/go.mod h1:576VvJ+eJgyCzdjS+c4+77QF3p7ubbtiKARP3TxducM= +github.com/bytedance/gopkg v0.1.4 h1:oZnQwnX82KAIWb7033bEwtxvTqXcYMxDBaQxo5JJHWM= +github.com/bytedance/gopkg v0.1.4/go.mod h1:v1zWfPm21Fb+OsyXN2VAHdL6TBb2L88anLQgdyje6R4= github.com/bytedance/sonic v1.15.0 h1:/PXeWFaR5ElNcVE84U0dOHjiMHQOwNIx3K4ymzh/uSE= github.com/bytedance/sonic v1.15.0/go.mod h1:tFkWrPz0/CUCLEF4ri4UkHekCIcdnkqXw9VduqpJh0k= -github.com/bytedance/sonic/loader v0.5.0 h1:gXH3KVnatgY7loH5/TkeVyXPfESoqSBSBEiDd5VjlgE= -github.com/bytedance/sonic/loader v0.5.0/go.mod h1:AR4NYCk5DdzZizZ5djGqQ92eEhCCcdf5x77udYiSJRo= +github.com/bytedance/sonic/loader v0.5.1 h1:Ygpfa9zwRCCKSlrp5bBP/b/Xzc3VxsAW+5NIYXrOOpI= +github.com/bytedance/sonic/loader v0.5.1/go.mod h1:AR4NYCk5DdzZizZ5djGqQ92eEhCCcdf5x77udYiSJRo= +github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= +github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cloudwego/base64x v0.1.6 h1:t11wG9AECkCDk5fMSoxmufanudBtJ+/HemLstXDLI2M= github.com/cloudwego/base64x v0.1.6/go.mod h1:OFcloc187FXDaYHvrNIjxSe8ncn0OOM8gEHfghB2IPU= github.com/danieljoos/wincred v1.2.3 h1:v7dZC2x32Ut3nEfRH+vhoZGvN72+dQ/snVXo/vMFLdQ= @@ -17,24 +19,29 @@ github.com/danieljoos/wincred v1.2.3/go.mod h1:6qqX0WNrS4RzPZ1tnroDzq9kY3fu1KwE7 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/gabriel-vasile/mimetype v1.4.12 h1:e9hWvmLYvtp846tLHam2o++qitpguFiYCKbn0w9jyqw= -github.com/gabriel-vasile/mimetype v1.4.12/go.mod h1:d+9Oxyo1wTzWdyVUPMmXFvp4F9tea18J8ufA774AB3s= +github.com/gabriel-vasile/mimetype v1.4.13 h1:46nXokslUBsAJE/wMsp5gtO500a4F3Nkz9Ufpk2AcUM= +github.com/gabriel-vasile/mimetype v1.4.13/go.mod h1:d+9Oxyo1wTzWdyVUPMmXFvp4F9tea18J8ufA774AB3s= github.com/gin-contrib/cors v1.7.7 h1:Oh9joP463x7Mw72vhvJ61YQm8ODh9b04YR7vsOErD0Q= github.com/gin-contrib/cors v1.7.7/go.mod h1:K5tW0RkzJtWSiOdikXloy8VEZlgdVNpHNw8FpjUPNrE= -github.com/gin-contrib/sse v1.1.0 h1:n0w2GMuUpWDVp7qSpvze6fAu9iRxJY4Hmj6AmBOU05w= -github.com/gin-contrib/sse v1.1.0/go.mod h1:hxRZ5gVpWMT7Z0B0gSNYqqsSCNIJMjzvm6fqCz9vjwM= +github.com/gin-contrib/sse v1.1.1 h1:uGYpNwTacv5R68bSGMapo62iLTRa9l5zxGCps4hK6ko= +github.com/gin-contrib/sse v1.1.1/go.mod h1:QXzuVkA0YO7o/gun03UI1Q+FTI8ZV/n5t03kIQAI89s= github.com/gin-gonic/gin v1.12.0 h1:b3YAbrZtnf8N//yjKeU2+MQsh2mY5htkZidOM7O0wG8= github.com/gin-gonic/gin v1.12.0/go.mod h1:VxccKfsSllpKshkBWgVgRniFFAzFb9csfngsqANjnLc= +github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI= +github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= +github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s= github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4= github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA= github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY= github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY= github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY= -github.com/go-playground/validator/v10 v10.30.1 h1:f3zDSN/zOma+w6+1Wswgd9fLkdwy06ntQJp0BBvFG0w= -github.com/go-playground/validator/v10 v10.30.1/go.mod h1:oSuBIQzuJxL//3MelwSLD5hc2Tu889bF0Idm9Dg26cM= -github.com/goccy/go-json v0.10.5 h1:Fq85nIqj+gXn/S5ahsiTlK3TmC85qgirsdTP/+DeaC4= -github.com/goccy/go-json v0.10.5/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M= +github.com/go-playground/validator/v10 v10.30.2 h1:JiFIMtSSHb2/XBUbWM4i/MpeQm9ZK2xqPNk8vgvu5JQ= +github.com/go-playground/validator/v10 v10.30.2/go.mod h1:mAf2pIOVXjTEBrwUMGKkCWKKPs9NheYGabeB04txQSc= +github.com/goccy/go-json v0.10.6 h1:p8HrPJzOakx/mn/bQtjgNjdTcN+/S6FcG2CTtQOrHVU= +github.com/goccy/go-json v0.10.6/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M= github.com/goccy/go-yaml v1.19.2 h1:PmFC1S6h8ljIz6gMRBopkjP1TVT7xuwrButHID66PoM= github.com/goccy/go-yaml v1.19.2/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA= github.com/godbus/dbus/v5 v5.2.2 h1:TUR3TgtSVDmjiXOgAAyaZbYmIeP3DPkld3jgKGV8mXQ= @@ -67,8 +74,8 @@ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= -github.com/pelletier/go-toml/v2 v2.2.4 h1:mye9XuhQ6gvn5h28+VilKrrPoQVanw5PMw/TB0t5Ec4= -github.com/pelletier/go-toml/v2 v2.2.4/go.mod h1:2gIqNv+qfxSVS7cM2xJQKtLSTLUE9V8t9Stt+h56mCY= +github.com/pelletier/go-toml/v2 v2.3.0 h1:k59bC/lIZREW0/iVaQR8nDHxVq8OVlIzYCOJf421CaM= +github.com/pelletier/go-toml/v2 v2.3.0/go.mod h1:2gIqNv+qfxSVS7cM2xJQKtLSTLUE9V8t9Stt+h56mCY= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/quic-go/qpack v0.6.0 h1:g7W+BMYynC1LbYLSqRt8PBg5Tgwxn214ZZR34VIOjz8= @@ -95,10 +102,26 @@ github.com/zalando/go-keyring v0.2.8 h1:6sD/Ucpl7jNq10rM2pgqTs0sZ9V3qMrqfIIy5YPc github.com/zalando/go-keyring v0.2.8/go.mod h1:tsMo+VpRq5NGyKfxoBVjCuMrG47yj8cmakZDO5QGii0= go.mongodb.org/mongo-driver/v2 v2.5.0 h1:yXUhImUjjAInNcpTcAlPHiT7bIXhshCTL3jVBkF3xaE= go.mongodb.org/mongo-driver/v2 v2.5.0/go.mod h1:yOI9kBsufol30iFsl1slpdq1I0eHPzybRWdyYUs8K/0= +go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64= +go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y= +go.opentelemetry.io/otel v1.43.0 h1:mYIM03dnh5zfN7HautFE4ieIig9amkNANT+xcVxAj9I= +go.opentelemetry.io/otel v1.43.0/go.mod h1:JuG+u74mvjvcm8vj8pI5XiHy1zDeoCS2LB1spIq7Ay0= +go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.43.0 h1:mS47AX77OtFfKG4vtp+84kuGSFZHTyxtXIN269vChY0= +go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.43.0/go.mod h1:PJnsC41lAGncJlPUniSwM81gc80GkgWJWr3cu2nKEtU= +go.opentelemetry.io/otel/metric v1.43.0 h1:d7638QeInOnuwOONPp4JAOGfbCEpYb+K6DVWvdxGzgM= +go.opentelemetry.io/otel/metric v1.43.0/go.mod h1:RDnPtIxvqlgO8GRW18W6Z/4P462ldprJtfxHxyKd2PY= +go.opentelemetry.io/otel/sdk v1.43.0 h1:pi5mE86i5rTeLXqoF/hhiBtUNcrAGHLKQdhg4h4V9Dg= +go.opentelemetry.io/otel/sdk v1.43.0/go.mod h1:P+IkVU3iWukmiit/Yf9AWvpyRDlUeBaRg6Y+C58QHzg= +go.opentelemetry.io/otel/sdk/metric v1.43.0 h1:S88dyqXjJkuBNLeMcVPRFXpRw2fuwdvfCGLEo89fDkw= +go.opentelemetry.io/otel/sdk/metric v1.43.0/go.mod h1:C/RJtwSEJ5hzTiUz5pXF1kILHStzb9zFlIEe85bhj6A= +go.opentelemetry.io/otel/trace v1.43.0 h1:BkNrHpup+4k4w+ZZ86CZoHHEkohws8AY+WTX09nk+3A= +go.opentelemetry.io/otel/trace v1.43.0/go.mod h1:/QJhyVBUUswCphDVxq+8mld+AvhXZLhe+8WVFxiFff0= +go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= +go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= go.uber.org/mock v0.6.0 h1:hyF9dfmbgIX5EfOdasqLsWD6xqpNZlXblLB/Dbnwv3Y= go.uber.org/mock v0.6.0/go.mod h1:KiVJ4BqZJaMj4svdfmHM0AUx4NJYO8ZNpPnZn1Z+BBU= -golang.org/x/arch v0.23.0 h1:lKF64A2jF6Zd8L0knGltUnegD62JMFBiCPBmQpToHhg= -golang.org/x/arch v0.23.0/go.mod h1:dNHoOeKiyja7GTvF9NJS1l3Z2yntpQNzgrjh1cU103A= +golang.org/x/arch v0.25.0 h1:qnk6Ksugpi5Bz32947rkUgDt9/s5qvqDPl/gBKdMJLE= +golang.org/x/arch v0.25.0/go.mod h1:0X+GdSIP+kL5wPmpK7sdkEVTt2XoYP0cSjQSbZBwOi8= golang.org/x/crypto v0.50.0 h1:zO47/JPrL6vsNkINmLoo/PH1gcxpls50DNogFvB5ZGI= golang.org/x/crypto v0.50.0/go.mod h1:3muZ7vA7PBCE6xgPX7nkzzjiUq87kRItoJQM1Yo8S+Q= golang.org/x/net v0.53.0 h1:d+qAbo5L0orcWAr0a9JweQpjXF19LMXJE8Ey7hwOdUA= @@ -108,8 +131,8 @@ golang.org/x/sys v0.43.0 h1:Rlag2XtaFTxp19wS8MXlJwTvoh8ArU6ezoyFsMyCTNI= golang.org/x/sys v0.43.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= golang.org/x/text v0.36.0 h1:JfKh3XmcRPqZPKevfXVpI1wXPTqbkE5f7JA92a55Yxg= golang.org/x/text v0.36.0/go.mod h1:NIdBknypM8iqVmPiuco0Dh6P5Jcdk8lJL0CUebqK164= -google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE= -google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= +google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE= +google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= diff --git a/backend/byteport/lib/git.go b/backend/byteport/lib/git.go index cdbf5778..a039d499 100644 --- a/backend/byteport/lib/git.go +++ b/backend/byteport/lib/git.go @@ -6,6 +6,7 @@ import ( "encoding/json" "fmt" "io" + "log" "net/http" "time" @@ -172,19 +173,19 @@ func refreshToken(user models.User, pasetoToken string) (models.Git, error) { payload := map[string]string{ "client_id": clientID, "client_secret": clientSecret, - "grant_type": "refresh_token", - "refresh_token": decryptedToken, - } - - fmt.Println("Payload ID: ", payload["client_id"]) -log.Printf("Payload ID: [REDACTED]\n") - log.Printf("Payload Secret: [REDACTED]\n") - log.Printf("Payload Grant: %s\n", payload["grant_type"]) - log.Printf("Payload Refresh: [REDACTED]\n") - if err != nil { - return models.Git{}, fmt.Errorf("failed to marshal payload: %v", err) - } - req, err := http.NewRequest("POST", apiURL, bytes.NewBuffer(payloadBytes)) + "grant_type": "refresh_token", + "refresh_token": decryptedToken, + } + + log.Printf("Payload ID: [REDACTED]\n") + log.Printf("Payload Secret: [REDACTED]\n") + log.Printf("Payload Grant: %s\n", payload["grant_type"]) + log.Printf("Payload Refresh: [REDACTED]\n") + payloadBytes, err := json.Marshal(payload) + if err != nil { + return models.Git{}, fmt.Errorf("failed to marshal payload: %v", err) + } + req, err := http.NewRequest("POST", apiURL, bytes.NewBuffer(payloadBytes)) if err != nil { return models.Git{}, fmt.Errorf("failed to create request: %v", err) } diff --git a/backend/byteport/main.go b/backend/byteport/main.go index eefb730a..521c7a21 100644 --- a/backend/byteport/main.go +++ b/backend/byteport/main.go @@ -4,14 +4,33 @@ import ( "byteport/lib" "byteport/models" "byteport/routes" + "context" "fmt" "os" "time" "github.com/gin-contrib/cors" "github.com/gin-gonic/gin" + "go.opentelemetry.io/otel" + "go.opentelemetry.io/otel/attribute" + "go.opentelemetry.io/otel/exporters/stdout/stdouttrace" + "go.opentelemetry.io/otel/sdk/resource" + "go.opentelemetry.io/otel/sdk/trace" ) +// initTracer sets up the OTel tracer provider with a ConsoleSpanExporter. +func initTracer() (*trace.TracerProvider, error) { + exporter, err := stdouttrace.New(stdouttrace.WithPrettyPrint()) + if err != nil { + return nil, fmt.Errorf("failed to create stdouttrace exporter: %w", err) + } + tp := trace.NewTracerProvider( + trace.WithBatcher(exporter), + ) + otel.SetTracerProvider(tp) + return tp, nil +} + func setupRouter() *gin.Engine { r := gin.Default() r.Use(cors.New(cors.Config{ @@ -60,7 +79,20 @@ func setupRouter() *gin.Engine { } func main() { - err := lib.InitializeEncryptionKey() + ctx := context.Background() + + tp, err := initTracer() + if err != nil { + fmt.Fprintf(os.Stderr, "Error initializing tracer: %v\n", err) + os.Exit(1) + } + defer func() { + if err := tp.Shutdown(ctx); err != nil { + fmt.Fprintf(os.Stderr, "Error shutting down tracer: %v\n", err) + } + }() + + err = lib.InitializeEncryptionKey() if err != nil { fmt.Printf("Error initializing encryption key: %v\n", err) os.Exit(1) diff --git a/crt.pem b/crt.pem index 6c2dfa36..1d423afa 100644 --- a/crt.pem +++ b/crt.pem @@ -1 +1,3 @@ -LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUdpakNDQmcrZ0F3SUJBZ0lVS3lmeHh3ZS96KzVZWXAxQ2FLbmlkRktQek5Zd0NnWUlLb1pJemowRUF3TXcKTnpFVk1CTUdBMVVFQ2hNTWMybG5jM1J2Y21VdVpHVjJNUjR3SEFZRFZRUURFeFZ6YVdkemRHOXlaUzFwYm5SbApjbTFsWkdsaGRHVXdIaGNOTWpReE1UQTRNREF6TVRReFdoY05NalF4TVRBNE1EQTBNVFF4V2pBQU1Ga3dFd1lICktvWkl6ajBDQVFZSUtvWkl6ajBEQVFjRFFnQUVxSUNtZ2FIeTNjQzlOYU5YbmJjZ0xLU29sWFFIbzVLUVc4Ni8KbkJHdmtDdnZhcHAvRXZKOG5EN01WN04yYUpwMlhQUnVWcnJyMldRNWlDWmo4RHlNUTZPQ0JTNHdnZ1VxTUE0RwpBMVVkRHdFQi93UUVBd0lIZ0RBVEJnTlZIU1VFRERBS0JnZ3JCZ0VGQlFjREF6QWRCZ05WSFE0RUZnUVVEQ1VZCnNzVjVKUzlmTHc5Nk5BR2ZRNklFaFdvd0h3WURWUjBqQkJnd0ZvQVUzOVBwejFZa0VaYjVxTmpwS0ZXaXhpNFkKWkQ4d1hBWURWUjBSQVFIL0JGSXdVSVpPYUhSMGNITTZMeTluYVhSb2RXSXVZMjl0TDJabGNtMTViMjR2YzNCcApiaTh1WjJsMGFIVmlMM2R2Y210bWJHOTNjeTl5Wld4bFlYTmxMbmx0YkVCeVpXWnpMM1JoWjNNdmRqTXVNQzR3Ck1Ea0dDaXNHQVFRQmc3OHdBUUVFSzJoMGRIQnpPaTh2ZEc5clpXNHVZV04wYVc5dWN5NW5hWFJvZFdKMWMyVnkKWTI5dWRHVnVkQzVqYjIwd0VnWUtLd1lCQkFHRHZ6QUJBZ1FFY0hWemFEQTJCZ29yQmdFRUFZTy9NQUVEQkNnMwpNemMzTnpobE9XUTNaR014WVRkbU5Ua3dZVE01T0dReU56TTBabVl3WTJNNU1UQXdNbVl3TUJVR0Npc0dBUVFCCmc3OHdBUVFFQjFKbGJHVmhjMlV3R2dZS0t3WUJCQUdEdnpBQkJRUU1abVZ5YlhsdmJpOXpjR2x1TUI0R0Npc0cKQVFRQmc3OHdBUVlFRUhKbFpuTXZkR0ZuY3k5Mk15NHdMakF3T3dZS0t3WUJCQUdEdnpBQkNBUXREQ3RvZEhSdwpjem92TDNSdmEyVnVMbUZqZEdsdmJuTXVaMmwwYUhWaWRYTmxjbU52Ym5SbGJuUXVZMjl0TUY0R0Npc0dBUVFCCmc3OHdBUWtFVUF4T2FIUjBjSE02THk5bmFYUm9kV0l1WTI5dEwyWmxjbTE1YjI0dmMzQnBiaTh1WjJsMGFIVmkKTDNkdmNtdG1iRzkzY3k5eVpXeGxZWE5sTG5sdGJFQnlaV1p6TDNSaFozTXZkak11TUM0d01EZ0dDaXNHQVFRQgpnNzh3QVFvRUtnd29Oek0zTnpjNFpUbGtOMlJqTVdFM1pqVTVNR0V6T1Roa01qY3pOR1ptTUdOak9URXdNREptCk1EQWRCZ29yQmdFRUFZTy9NQUVMQkE4TURXZHBkR2gxWWkxb2IzTjBaV1F3THdZS0t3WUJCQUdEdnpBQkRBUWgKREI5b2RIUndjem92TDJkcGRHaDFZaTVqYjIwdlptVnliWGx2Ymk5emNHbHVNRGdHQ2lzR0FRUUJnNzh3QVEwRQpLZ3dvTnpNM056YzRaVGxrTjJSak1XRTNaalU1TUdFek9UaGtNamN6TkdabU1HTmpPVEV3TURKbU1EQWdCZ29yCkJnRUVBWU8vTUFFT0JCSU1FSEpsWm5NdmRHRm5jeTkyTXk0d0xqQXdHUVlLS3dZQkJBR0R2ekFCRHdRTERBazAKTWpNMk56azJOalF3S2dZS0t3WUJCQUdEdnpBQkVBUWNEQnBvZEhSd2N6b3ZMMmRwZEdoMVlpNWpiMjB2Wm1WeQpiWGx2YmpBWUJnb3JCZ0VFQVlPL01BRVJCQW9NQ0RreE9EQXpPVGd3TUY0R0Npc0dBUVFCZzc4d0FSSUVVQXhPCmFIUjBjSE02THk5bmFYUm9kV0l1WTI5dEwyWmxjbTE1YjI0dmMzQnBiaTh1WjJsMGFIVmlMM2R2Y210bWJHOTMKY3k5eVpXeGxZWE5sTG5sdGJFQnlaV1p6TDNSaFozTXZkak11TUM0d01EZ0dDaXNHQVFRQmc3OHdBUk1FS2d3bwpOek0zTnpjNFpUbGtOMlJqTVdFM1pqVTVNR0V6T1Roa01qY3pOR1ptTUdOak9URXdNREptTURBVUJnb3JCZ0VFCkFZTy9NQUVVQkFZTUJIQjFjMmd3VXdZS0t3WUJCQUdEdnpBQkZRUkZERU5vZEhSd2N6b3ZMMmRwZEdoMVlpNWoKYjIwdlptVnliWGx2Ymk5emNHbHVMMkZqZEdsdmJuTXZjblZ1Y3k4eE1UY3pNelUzTlRNeE55OWhkSFJsYlhCMApjeTh4TUJZR0Npc0dBUVFCZzc4d0FSWUVDQXdHY0hWaWJHbGpNSUdKQmdvckJnRUVBZFo1QWdRQ0JIc0VlUUIzCkFIVUEzVDB3YXNiSEVUSmpHUjRjbVdjM0FxSktYcmplUEszL2g0cHlnQzhwN280QUFBR1RDUzhaV2dBQUJBTUEKUmpCRUFpQndPUFFmMVFSekgvdTRxQkNuektXalZTVi9Tc01aUWRwS1NNTjRZUHcwOUFJZ1lRajRSazg3aENCQgpiNWZiaXN3OTBPZWErQjRDNHBNME4rT09YbmlBWGJNd0NnWUlLb1pJemowRUF3TURhUUF3WmdJeEFKUEd3Q3Q2ClJwRjR0dnpnaU5EVHdTSU4yNzJBcUVLZFdZQ2s5MG9YMXhMaFlIdDBDWCszU3JjVWQyMElxdU1pL2dJeEFMd3EKN1JFdng4NnY1dkxOSHJxRFloMnV2SVExR2czR3JBSFlvdEh2WTdKMis2OXJneU1oOElyZ0VJRlRVL0lIL3c9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== \ No newline at end of file +# EXPIRED SIGSTORE CERTIFICATE - Nov 8, 2024 (10-min validity) +# See: https://sigstore.dev +# Placeholder for development purposes only diff --git a/deny.toml b/deny.toml index 032c0950..b35bd0ec 100644 --- a/deny.toml +++ b/deny.toml @@ -9,7 +9,34 @@ version = 2 yanked = "deny" ignore = [ - { id = "RUSTSEC-2024-0436", reason = "paste (unic-ucd transitive via tauri/urlpattern). Tauri upstream still pins paste; no safe upgrade until Tauri migrates off the unmaintained crate. paste! macro not invoked directly in BytePort." }, + # gtk-rs cluster (atk, gdk*, gtk*) — unmaintained, archived upstream. All transitive + # via Tauri 2.x's optional GTK3 backend. No safe upgrade; gtk-rs has archived + # gtk3-rs in favor of gtk4-rs which Tauri has not migrated to. No direct use in + # BytePort source. + { id = "RUSTSEC-2024-0411", reason = "atk (gtk-rs) unmaintained, transitive via Tauri 2.x GTK3 backend; upstream archived; no direct use." }, + { id = "RUSTSEC-2024-0412", reason = "atk-sys (gtk-rs) unmaintained, transitive via Tauri 2.x GTK3 backend; upstream archived; no direct use." }, + { id = "RUSTSEC-2024-0413", reason = "gdk (gtk-rs) unmaintained, transitive via Tauri 2.x GTK3 backend; upstream archived; no direct use." }, + { id = "RUSTSEC-2024-0414", reason = "gdk-sys (gtk-rs) unmaintained, transitive via Tauri 2.x GTK3 backend; upstream archived; no direct use." }, + { id = "RUSTSEC-2024-0415", reason = "gdkwayland-sys (gtk-rs) unmaintained, transitive via Tauri 2.x GTK3 backend; upstream archived; no direct use." }, + { id = "RUSTSEC-2024-0416", reason = "gdkx11 (gtk-rs) unmaintained, transitive via Tauri 2.x GTK3 backend; upstream archived; no direct use." }, + { id = "RUSTSEC-2024-0417", reason = "gdkx11-sys (gtk-rs) unmaintained, transitive via Tauri 2.x GTK3 backend; upstream archived; no direct use." }, + { id = "RUSTSEC-2024-0418", reason = "gtk (gtk-rs) unmaintained, transitive via Tauri 2.x GTK3 backend; upstream archived; no direct use." }, + { id = "RUSTSEC-2024-0419", reason = "gtk-sys (gtk-rs) unmaintained, transitive via Tauri 2.x GTK3 backend; upstream archived; no direct use." }, + { id = "RUSTSEC-2024-0420", reason = "gtk3-macros (gtk-rs) unmaintained, transitive via Tauri 2.x GTK3 backend; upstream archived; no direct use." }, + + # unic-* family — unmaintained (rust-unic project archived). Pulled in transitively + # via Tauri's urlpattern stack. Recommended replacement icu_properties pending + # upstream Tauri migration. + { id = "RUSTSEC-2025-0075", reason = "unic-char-range unmaintained (rust-unic archived); transitive via Tauri/urlpattern; no direct use." }, + { id = "RUSTSEC-2025-0080", reason = "unic-common unmaintained (rust-unic archived); transitive via Tauri/urlpattern; no direct use." }, + { id = "RUSTSEC-2025-0081", reason = "unic-char-property unmaintained (rust-unic archived); transitive via Tauri/urlpattern; no direct use." }, + { id = "RUSTSEC-2025-0098", reason = "unic-ucd-version unmaintained (rust-unic archived); transitive via Tauri/urlpattern; no direct use." }, + { id = "RUSTSEC-2025-0100", reason = "unic-ucd-ident unmaintained (rust-unic archived); transitive via Tauri/urlpattern; no direct use." }, + + # Other unmaintained transitives surfaced via Tauri stack + { id = "RUSTSEC-2024-0370", reason = "proc-macro-error 1.x unmaintained; transitive via gtk3-macros/Tauri proc-macro deps; replacement proc-macro-error2 pending upstream migration." }, + { id = "RUSTSEC-2025-0057", reason = "fxhash unmaintained; transitive via Tauri/webview deps; no safe upgrade; not invoked directly." }, + # Note: RUSTSEC-2024-0436 (paste) removed 2026-05-04 — advisory-not-detected per cargo-deny; no longer in dep tree. ] [licenses] diff --git a/go.mod b/go.mod deleted file mode 100644 index 574258ae..00000000 --- a/go.mod +++ /dev/null @@ -1,3 +0,0 @@ -module github.com/KooshaPari/byteport - -go 1.22 diff --git a/go.sum b/go.sum deleted file mode 100644 index 8b137891..00000000 --- a/go.sum +++ /dev/null @@ -1 +0,0 @@ - diff --git a/golangci.yml b/golangci.yml new file mode 100644 index 00000000..608bfefb --- /dev/null +++ b/golangci.yml @@ -0,0 +1,35 @@ +version: "2" + +run: + timeout: 5m + modules-download-mode: readonly + +linters: + enable: + - errcheck + - gosimple + - govet + - ineffassign + - staticcheck + - unused + - gosec + - unconvert + - unparam + - gocritic + +linters-settings: + errcheck: + check-type-assertions: true + check-blank: true + govet: + enable-all: true + gocritic: + enabled-tags: + - diagnostic + - style + - performance + +issues: + exclude-use-fallback: false + max-issues-per-linter: 0 + max-same-issues: 0 diff --git a/src/data/qa-snapshot.json b/src/data/qa-snapshot.json new file mode 100644 index 00000000..9c9594dd --- /dev/null +++ b/src/data/qa-snapshot.json @@ -0,0 +1,15 @@ +{ + "_comment": "Static fallback for /qa panels. Used when the GitHub API is rate-limited (429) or otherwise unreachable at build time. Each panel mirrors the shape ghReport() returns: { data, reason }. Refresh with `bun run data:refresh` once the upstream files exist.", + "coverage": { + "data": null, + "reason": "docs/reports/coverage.json not yet emitted by KooshaPari/BytePort. Add the file to populate this panel." + }, + "lint": { + "data": null, + "reason": "docs/reports/lint.json not yet emitted by KooshaPari/BytePort. Add the file to populate this panel." + }, + "frTrace": { + "data": null, + "reason": "docs/reports/fr-trace.json not yet emitted by KooshaPari/BytePort. Add the file to populate this panel." + } +} diff --git a/src/data/readme.html b/src/data/readme.html new file mode 100644 index 00000000..32265b22 --- /dev/null +++ b/src/data/readme.html @@ -0,0 +1,959 @@ +

BytePort

+

What is this

+

BytePort is a self-hosted IaC deployment + portfolio platform for developer projects. Define one manifest (odin.nvms) at your repo root and BytePort provisions a MicroVM-backed deployment on your own cloud, registers the resulting endpoints with a portfolio site, and uses an LLM to generate showcase metadata for each project.

+

Canonical stack

+

This README previously disagreed with itself (Loco.rs / Rust / Tauri / SvelteKit references appeared in different sections). The actual shipping stack is:

+
    +
  • Backend: Go 1.25 — backend/byteport (Gin + GORM + SQLite, PASETO auth, AWS SDK)
    • +
  • Frontend: SvelteKit 2 + Svelte 5 + Tailwind 4, packaged as a Tauri 2 desktop/mobile shell — frontend/web
    • +
  • MicroVM runtime: Spin / nvms Go service — backend/nvms
    • +
  • Dev orchestration: ./start dev (tmux) and ./start prod — see below
    • +
  • Persistence: SQLite via GORM
    • +
+

There is no Rust workspace at the repo root; previous mentions of Loco.rs were aspirational and have been removed. The Rust toolchain only appears via Tauri's bundler under frontend/web.

+

Running it

+
./start dev     # tmux session: SvelteKit dev (port 5173) + `air` hot-reload Go backend
+./start prod    # builds the SvelteKit frontend, runs `npm start`, then `go run main.go`
+

./start requires tmux (dev mode), npm, and go. Edit the hardcoded paths inside ./start if your checkout is not at ~/temp-PRODVERCEL/Rust/webApp/byte_port — that path is a leftover from the original author's machine and will be parameterized in a follow-up.

+

Credentials

+

Demo portfolio integration (Slickport) expects credentials you set yourself. Do not use any credential string copied from an older revision of this README; replace <YOUR_API_KEY> placeholders with values from your own deployment.

+
+

An IAC Deployment + UX Generation platform for Software Developer Portfolios

+

With One IAC File Defining your Application Structured and related infra, Byteport deploys your project from your github repository onto your aws cloud platform, then utilizing chatgpt(soon llama) to then send object templates for additions to demonstration/portfolio sites to display and provide interaction access to these projects (and show them off automagically!)

+

Example

+

Refer to Fixit-Go Chatta For Project Examples, Slickport for Portfolio integration example

+

Quickstart

+

Prepwork:

+
    +
  • Install SpinCLI, golang etc
    • +
  • Clone Project, open 3 terminals -> backend\byteport -> spin build up, backend\nvms -> go run main.go , frontend\web -> npm i -> npm run dev
    • +
  • Grab Demosite and startup(if you don't want to setup api routes rn either remove the demonstrator call in the deploy function OR clone and run slickport with npm run dev and provide localhost:5180, <YOUR_API_KEY> for credentials)
    • +
  • localhost:5173/signup -> signup -> first time setup -> home -> ready
    • +
+

Deploy Prep

+
    +
  • Grab an application and in the root create a README.md, and an odin.nvms, follow pattern below: +NAME: app +DESCRIPTION: basic todo +SERVICES:
    • +
  • NAME: "main" (REQUIRED - Points to url/, typically for frontend)
    • +
  • PATH: "./frontend"
    • +
  • PORT: 8080
    • +
  • ENV={hello=hi} (not tested)
    • +
  • NAME: "backend""
    • +
  • PATH: "./backend"
    • +
  • PORT: 8081
    • +
  • Readme will be fed as part of prompt to describe your project and add context, do a quick detailed bullet list etc
    • +
  • map all API URLs in your program to /service/apiaction other than main which takes /*
    • +
  • If too lazy refer to Chatta or Fixit-Go repos which are ready for byteport deployment
    • +
+

Deploy

+
    +
  • Go to UI, pick repo, write name and descr(rest are useless atm) deploy, wait a bit (no user ui progress indication atm refer to spin instance in terminal), check portfolio and dashboard, instance now avail.
    • +
+

GPT YAP BELOW (outdated)

+

Project Manifesto: BytePort - MicroVM Cloud Management and Portfolio Integration

+
                   ▄     ▀
+                              ▀  ▄
+           ▄       ▀     ▄  ▄ ▄▀
+                             ▄ ▀▄▄
+                   ▄     ▀    ▀  ▀▄▀█▄
+                                     ▀█▄
+
+▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄ ▀▀█
+██████ █████ ███ █████ ███ █████ ███ ▀█
+██████ █████ ███ █████ ▀▀▀ █████ ███ ▄█▄
+██████ █████ ███ █████ █████ ███ ████▄
+██████ █████ ███ █████ ▄▄▄ █████ ███ █████
+██████ █████ ███ ████ ███ █████ ███ ████▀
+▀▀▀██▄ ▀▀▀▀▀▀▀▀▀▀ ▀▀▀▀▀▀▀▀▀▀ ▀▀▀▀▀▀▀▀▀▀ ██▀
+▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
+https://loco.rs
+
+environment: development
+database: automigrate
+logger: debug
+compilation: debug
+modes: server
+
+listening on localhost:5150
+
+

Table of Contents

+
    +
  1. Introduction
    2. +
  2. Project Overview
    3. +
  3. Objectives
    4. +
  4. Technologies and Tools
    5. +
  5. Project Architecture
    6. +
  6. Development Phases and Timeline
    7. +
  7. Implementation Details
    8. +
  8. Deployment Strategy
    9. +
  9. Security Considerations
    10. +
  10. Testing and Quality Assurance
    11. +
  11. Project Management and Collaboration
    12. +
  12. Conclusion
    13. +
+
+

Introduction

+

This manifesto outlines the development of BytePort, a cloud-based platform for deploying and managing applications using a custom-developed MicroVM technology called NanoVMS. The project leverages SvelteKit for the frontend and Loco.rs for the backend. BytePort aims to provide a Docker-like experience for deploying applications but uses lightweight virtual machines instead of containers, offering users greater control and isolation.

+

Project Overview

+

Project Name: BytePort - MicroVM Cloud Management and Portfolio Integration

+

MicroVM Technology Name: NanoVMS

+

Description:

+

BytePort is a cloud solution for deploying web applications and other projects directly from Git repositories. It creates and deploys pre-configured MicroVMs based on user specifications using the custom-developed NanoVMS technology. Upon successful deployment, BytePort integrates the project into the user's portfolio (e.g., kooshapari.com), adding project pages and linking the frontend of each web app to its respective project. Non-web app projects can also be deployed with custom configurations. Clients can view, debug, clone, and rebuild these instances as needed.

+

Objectives

+

Primary Objectives

+
    +
  • Develop NanoVMS MicroVM Technology: +
      +
    • Create a custom lightweight virtualization platform to run single-purpose VMs efficiently.
      • +
    +
    • +
  • Implement VM Management System: +
      +
    • Develop a system to manage MicroVMs without relying on Docker.
      • +
    +
    • +
  • Frontend Development with SvelteKit: +
      +
    • Build a dynamic and responsive dashboard for users to manage their MicroVMs and portfolio integrations.
      • +
    +
    • +
  • Backend Development with Loco.rs: +
      +
    • Implement a high-performance backend using Rust and Loco.rs for secure and efficient processing.
      • +
    +
    • +
  • Integration with Git Repositories: +
      +
    • Allow users to deploy applications directly from their Git repositories using custom configuration files.
      • +
    +
    • +
  • Portfolio Integration: +
      +
    • Automate the addition of project pages to user portfolios, including generating descriptions and screenshots.
      • +
    +
    • +
+

Secondary Objectives

+
    +
  • Future Integration of Custom Hypervisor and OS: +
      +
    • Design the system to allow future insertion of a custom hypervisor and operating system.
      • +
    +
    • +
  • Learning-Oriented Development: +
      +
    • Combine learning and development phases, ensuring relevant concepts are learned just before implementation.
      • +
    +
    • +
  • User Authentication and AWS Account Linking: +
      +
    • Use databases for secure user authentication and link to their AWS accounts.
      • +
    +
    • +
  • LLM Integration: +
      +
    • Utilize Language Learning Models (LLMs) to generate portfolio components like descriptions, with opt-out and review options.
      • +
    +
    • +
+

Technologies and Tools

+

Frontend

+
    +
  • Framework: SvelteKit
    • +
  • Language: TypeScript
    • +
  • Styling: Tailwind CSS
    • +
  • State Management: Svelte stores
    • +
  • HTTP Client: Fetch API
    • +
+

Backend

+
    +
  • Framework: Loco.rs (Rust)
    • +
  • Language: Rust
    • +
  • Database: SQLite (development), PostgreSQL (production)
    • +
  • ORM: Diesel
    • +
  • MicroVM Technology: NanoVMS (custom-developed)
    • +
  • Authentication: JSON Web Tokens (JWT)
    • +
+

DevOps and Deployment

+
    +
  • Cloud Platform: AWS (EC2, S3, IAM)
    • +
  • CI/CD Tools: GitHub Actions
    • +
  • Containerization: Not used; deployment is based on MicroVMs
    • +
+

Development Tools

+
    +
  • Version Control: Git
    • +
  • IDE: Visual Studio Code with Rust and Svelte extensions
    • +
  • Project Management: GitHub Projects
    • +
+

Project Architecture

+

Overview

+

BytePort will follow a modular architecture, with a focus on the custom-developed MicroVM technology, NanoVMS, which provides lightweight virtualization without the overhead of full virtual machines or the complexity of containers. The system allows users to deploy applications in isolated environments, customized through declarative configuration files.

+

Components

+
    +
  1. +

    Frontend (SvelteKit):

    +
      +
    • Manages user interactions, including submission of MicroVM configurations.
      • +
    • Provides interfaces for portfolio integration settings.
      • +
    +
    2. +
  2. +

    Backend (Loco.rs):

    +
      +
    • Parses custom configuration files (similar to Dockerfile clones).
      • +
    • Generates scripts for MicroVM initialization.
      • +
    • Manages MicroVM provisioning, orchestration, and lifecycle using NanoVMS.
      • +
    • Handles business logic, data processing, and database interactions.
      • +
    +
    3. +
  3. +

    Database:

    +
      +
    • Stores user data, MicroVM configurations, state information, and logs.
      • +
    +
    4. +
  4. +

    MicroVM Layer (NanoVMS):

    +
      +
    • Custom-developed lightweight virtualization platform.
      • +
    • Runs single-purpose VMs efficiently.
      • +
    • Supports rapid cloning and booting of MicroVMs from base images.
      • +
    +
    5. +
  5. +

    Portfolio Integration Module:

    +
      +
    • Automates updates to user portfolios after successful deployments.
      • +
    • Uses LLMs to generate project descriptions with user approval.
      • +
    +
    6. +
+

Data Flow

+
    +
  • User Interaction: +
      +
    • Users submit configuration files via the frontend.
      • +
    +
    • +
  • Configuration Parsing: +
      +
    • Backend parses the configuration and generates initialization scripts.
      • +
    +
    • +
  • MicroVM Provisioning: +
      +
    • Backend orchestrates MicroVM creation and initialization using NanoVMS.
      • +
    +
    • +
  • Application Deployment: +
      +
    • MicroVM pulls the Git repository and starts the application as per configuration.
      • +
    +
    • +
  • Portfolio Update: +
      +
    • If enabled, the system updates the user's portfolio with project details.
      • +
    +
    • +
+

Development Phases and Timeline

+

The development timeline combines learning and implementation phases, ensuring that relevant concepts are learned just before they are applied.

+

Phase 1: Project Setup and Planning (Week 1)

+
    +
  • Learning Objectives: +
      +
    • Basics of Rust, SvelteKit, and virtualization concepts.
      • +
    +
    • +
  • Development Tasks: +
      +
    • Set up repositories and development environments.
      • +
    • Define project requirements and specifications.
      • +
    • Design database schema and API endpoints.
      • +
    +
    • +
+

Phase 2: Backend Foundations (Weeks 2-3)

+
    +
  • Learning Objectives: +
      +
    • Advanced Rust programming and Loco.rs framework.
      • +
    +
    • +
  • Development Tasks: +
      +
    • Implement user authentication and AWS account linking.
      • +
    • Develop basic API endpoints.
      • +
    • Integrate with the database using Diesel ORM.
      • +
    +
    • +
+

Phase 3: Frontend Foundations (Weeks 3-4)

+
    +
  • Learning Objectives: +
      +
    • Advanced features of SvelteKit and Tailwind CSS.
      • +
    +
    • +
  • Development Tasks: +
      +
    • Set up the SvelteKit project.
      • +
    • Design UI/UX prototypes.
      • +
    • Implement authentication flows on the frontend.
      • +
    +
    • +
+

Phase 4: Development of NanoVMS MicroVM Technology (Weeks 4-6)

+
    +
  • Learning Objectives: +
      +
    • Deep understanding of virtualization, OS-level isolation, and kernel features.
      • +
    +
    • +
  • Development Tasks: +
      +
    • Develop the NanoVMS platform to manage MicroVMs.
      • +
    • Implement the necessary system calls and kernel interactions.
      • +
    • Ensure the platform provides efficient and secure isolation.
      • +
    +
    • +
+

Phase 5: Integration of VM Configuration Management (Weeks 6-7)

+
    +
  • Learning Objectives: +
      +
    • Configuration management and automation tools.
      • +
    +
    • +
  • Development Tasks: +
      +
    • Define the syntax and structure of custom configuration files.
      • +
    • Implement parsing logic in the backend.
      • +
    • Integrate MicroVM initialization scripts generation.
      • +
    +
    • +
+

Phase 6: Portfolio Integration Module (Weeks 7-8)

+
    +
  • Learning Objectives: +
      +
    • Basics of LLMs and their integration into applications.
      • +
    +
    • +
  • Development Tasks: +
      +
    • Implement portfolio integration features.
      • +
    • Integrate LLMs for generating project descriptions.
      • +
    • Set up screenshot generation or image upload functionalities.
      • +
    +
    • +
+

Phase 7: Full Integration and Testing (Weeks 8-9)

+
    +
  • Learning Objectives: +
      +
    • Testing methodologies and tools.
      • +
    +
    • +
  • Development Tasks: +
      +
    • Connect frontend with backend APIs.
      • +
    • Perform unit, integration, and end-to-end tests.
      • +
    • Debug and resolve identified issues.
      • +
    +
    • +
+

Phase 8: Deployment and DevOps (Week 10)

+
    +
  • Learning Objectives: +
      +
    • AWS services and CI/CD pipelines.
      • +
    +
    • +
  • Development Tasks: +
      +
    • Set up AWS infrastructure (EC2 instances, IAM roles).
      • +
    • Configure CI/CD pipelines with GitHub Actions.
      • +
    • Deploy the application to the cloud environment.
      • +
    +
    • +
+

Phase 9: Security and Optimization (Week 11)

+
    +
  • Learning Objectives: +
      +
    • Security best practices and performance optimization.
      • +
    +
    • +
  • Development Tasks: +
      +
    • Implement SSL/TLS for secure communication.
      • +
    • Optimize application performance.
      • +
    • Conduct security audits and penetration testing.
      • +
    +
    • +
+

Phase 10: Documentation and Finalization (Week 12)

+
    +
  • Development Tasks: +
      +
    • Write comprehensive documentation (API docs, user guides).
      • +
    • Prepare deployment scripts and environment configurations.
      • +
    • Conduct a final review and make necessary adjustments.
      • +
    +
    • +
+

Implementation Details

+

Backend Implementation

+
    +
  • +

    Routing and Controllers:

    +
      +
    • Define RESTful API routes using Loco.rs.
      • +
    • Implement controllers for handling requests and responses.
      • +
    +
    • +
  • +

    Authentication Middleware:

    +
      +
    • Implement JWT-based authentication.
      • +
    • Secure API endpoints with middleware.
      • +
    +
    • +
  • +

    Database Models and ORM:

    +
      +
    • Define models for users, MicroVMs, projects, and logs.
      • +
    • Use Diesel ORM for database interactions.
      • +
    +
    • +
  • +

    MicroVM Management (NanoVMS):

    +
      +
    • Integrate NanoVMS for MicroVM provisioning and lifecycle management.
      • +
    • Implement APIs to create, start, stop, and delete MicroVMs.
      • +
    • Develop an abstraction layer for future integration with custom hypervisor and OS.
      • +
    +
    • +
  • +

    Configuration Parsing:

    +
      +
    • Develop logic to parse custom configuration files.
      • +
    • Generate initialization scripts based on user specifications.
      • +
    +
    • +
+

Frontend Implementation

+
    +
  • +

    Routing:

    +
      +
    • Use SvelteKit's file-based routing for pages (e.g., /dashboard, /projects).
      • +
    +
    • +
  • +

    State Management:

    +
      +
    • Utilize Svelte stores for managing global state.
      • +
    +
    • +
  • +

    UI Components:

    +
      +
    • Create reusable components with Tailwind CSS styling.
      • +
    • Implement responsive design for various devices.
      • +
    +
    • +
  • +

    API Integration:

    +
      +
    • Develop a service layer for API calls.
      • +
    • Handle errors and loading states gracefully.
      • +
    +
    • +
  • +

    Portfolio Integration:

    +
      +
    • Implement interfaces for users to manage portfolio settings.
      • +
    • Provide options to opt-in or opt-out of portfolio additions.
      • +
    +
    • +
+

Deployment Strategy

+

Backend Deployment

+
    +
  • +

    AWS Deployment:

    +
      +
    • Deploy the backend on AWS EC2 instances.
      • +
    • Use IAM roles for secure resource access.
      • +
    +
    • +
  • +

    MicroVM Deployment:

    +
      +
    • Use NanoVMS to run MicroVMs on the host system.
      • +
    • Ensure that the infrastructure supports the custom MicroVM technology.
      • +
    +
    • +
+

Frontend Deployment

+
    +
  • Static Site Generation: +
      +
    • Build the SvelteKit app for production.
      • +
    • Serve static files via AWS S3 and CloudFront.
      • +
    +
    • +
+

CI/CD Pipelines

+
    +
  • Automation: +
      +
    • Use GitHub Actions for automated builds and deployments.
      • +
    • Implement testing stages in the pipeline.
      • +
    +
    • +
+

Security Considerations

+
    +
  • +

    Authentication and Authorization:

    +
      +
    • Enforce strong password policies.
      • +
    • Implement role-based access control (RBAC).
      • +
    +
    • +
  • +

    Data Protection:

    +
      +
    • Encrypt sensitive data in transit and at rest.
      • +
    • Regularly back up databases securely.
      • +
    +
    • +
  • +

    Network Security:

    +
      +
    • Configure AWS security groups and firewalls.
      • +
    • Use HTTPS with SSL certificates.
      • +
    +
    • +
  • +

    Isolation:

    +
      +
    • Ensure that NanoVMS provides strong isolation between MicroVMs.
      • +
    • Implement security measures to prevent cross-VM interference.
      • +
    +
    • +
  • +

    Vulnerability Management:

    +
      +
    • Keep dependencies updated.
      • +
    • Conduct regular security audits.
      • +
    +
    • +
+

Testing and Quality Assurance

+
    +
  • +

    Testing Strategies:

    +
      +
    • Unit Testing: Test individual components and functions.
      • +
    • Integration Testing: Test interactions between frontend, backend, and MicroVMs.
      • +
    • End-to-End Testing: Simulate user workflows.
      • +
    +
    • +
  • +

    Continuous Testing:

    +
      +
    • Integrate tests into the CI/CD pipeline.
      • +
    • Automate test execution on code commits.
      • +
    +
    • +
  • +

    Performance Testing:

    +
      +
    • Use tools to assess application performance.
      • +
    • Optimize based on results.
      • +
    +
    • +
+

Project Management and Collaboration

+
    +
  • +

    Agile Methodology:

    +
      +
    • Use Scrum with sprints aligned to learning and development phases.
      • +
    • Conduct regular stand-ups and retrospectives.
      • +
    +
    • +
  • +

    Version Control:

    +
      +
    • Use Git with a branching strategy like GitFlow.
      • +
    +
    • +
  • +

    Communication:

    +
      +
    • Use platforms like Slack for real-time communication.
      • +
    • Document progress and decisions in shared documents.
      • +
    +
    • +
+

Conclusion

+

BytePort aims to revolutionize application deployment by providing a custom MicroVM management solution through the development of NanoVMS. This approach offers the isolation and control of virtual machines with the efficiency closer to containers. By combining learning and development, the project not only builds a powerful tool but also enhances the developer's expertise in key technologies. The system is designed with future expansion in mind, including the integration of a custom hypervisor and operating system, making BytePort a forward-thinking platform in the cloud management space.

+
+

This updated manifesto reflects the incorporation of the custom-developed MicroVM technology, NanoVMS, aligning the project's goals with the necessary technologies and development strategies to achieve them. +Extended Project Manifesto: Integrating Hypervisor and OS Development into BytePort

+

Table of Contents

+
1.	Introduction
+2.	Extended Project Overview
+3.	Objectives
+4.	Technologies and Tools
+5.	Extended Project Architecture
+6.	Development Phases and Timeline
+7.	Implementation Details
+8.	Integration Strategy
+9.	Security Considerations
+10.	Testing and Quality Assurance
+11.	Project Management and Collaboration
+12.	Conclusion
+
+

Introduction

+

This manifesto outlines the extended development of the BytePort platform by incorporating a custom Hypervisor/Emulator and a Custom Operating System (OS), all built using Rust or a language other than C/C++. The goal is to create a comprehensive, end-to-end solution for VM management, virtualization, and OS operation, enhancing learning and showcasing advanced system programming capabilities.

+

Extended Project Overview

+

Project Name: BytePort Extended VM Management Platform

+

Description: Building upon the initial BytePort VM Management Service, this extended project aims to develop a homemade hypervisor and a custom operating system. These components will integrate seamlessly with the existing platform, providing users with deeper control over virtualization and the underlying OS, and offering an enriched educational experience in systems programming.

+

Objectives

+

Primary Objectives:

+
•	Hypervisor/Emulator Development:
+•	Develop a custom hypervisor to manage virtual machines at a low level.
+•	Implement essential virtualization functionalities (CPU virtualization, memory management, I/O handling).
+•	Ensure compatibility with the existing VM management platform.
+•	Custom Operating System Development:
+•	Design and implement a basic OS kernel.
+•	Provide essential OS features (process management, file system, networking).
+•	Optimize the OS for use within the hypervisor environment.
+
+

Secondary Objectives:

+
•	Integrate the custom hypervisor with the BytePort platform for seamless VM management.
+•	Enable users to deploy and manage the custom OS within their virtual machines.
+•	Document the development process for educational purposes.
+•	Enhance security measures at the virtualization and OS levels.
+
+

Technologies and Tools

+

Hypervisor Development:

+
•	Language: Rust
+•	Virtualization Techniques: Hardware-assisted virtualization (using technologies like Intel VT-x or AMD-V)
+•	Libraries and Crates:
+•	vm-virt: For virtualization abstractions
+•	kvm-bindings and kvm-ioctls: For interfacing with the Linux KVM API (if using KVM)
+•	Debugging Tools:
+•	GDB with Rust support
+•	QEMU for emulation and testing
+
+

OS Development:

+
•	Language: Rust
+•	Operating System Development Libraries:
+•	bootloader: For booting the OS kernel
+•	x86_64: For low-level hardware interaction
+•	uart_16550: For serial port communication
+•	Build Tools:
+•	cargo-xbuild or cargo with appropriate targets
+•	Debugging and Testing:
+•	QEMU for emulation
+•	Bochs or VirtualBox for virtualization testing
+
+

Existing Technologies (from previous project):

+
•	Frontend: SvelteKit, TypeScript, Tailwind CSS
+•	Backend: Loco.rs (Rust), SQLx or Diesel ORM
+•	DevOps and Deployment: Docker, AWS
+
+

Extended Project Architecture

+

Overview

+

The extended BytePort platform will consist of three main layers:

+
1.	Frontend Interface (SvelteKit):
+•	Remains largely the same, providing user interfaces for VM and OS management.
+2.	Backend Services (Loco.rs):
+•	Enhanced to interface with the custom hypervisor.
+•	Manages VM life cycles and OS deployment within VMs.
+3.	Virtualization Layer:
+•	Custom Hypervisor: Replaces or augments existing virtualization tools.
+•	Custom OS: Runs within the virtual machines managed by the hypervisor.
+
+

Data Flow

+
•	User Interaction: Users issue commands via the frontend to manage VMs and deploy the custom OS.
+•	API Requests: Frontend sends requests to the backend API.
+•	Backend Processing: Backend communicates with the hypervisor to manage VMs and with the OS for operations within VMs.
+•	Hypervisor Operations: Hypervisor handles low-level VM management, resource allocation, and execution of the custom OS.
+•	Response: System states and outputs are communicated back to the user through the frontend.
+
+

Development Phases and Timeline

+

Phase 1: Research and Planning (Weeks 1-2)

+
•	Hypervisor Research:
+•	Study existing hypervisors (KVM, Xen, Firecracker) and their architectures.
+•	Understand hardware virtualization features (Intel VT-x, AMD-V).
+•	OS Development Planning:
+•	Define the scope and features of the custom OS.
+•	Plan kernel architecture and essential modules.
+
+

Phase 2: Hypervisor Development (Weeks 3-8)

+
•	Week 3-4:
+•	Set up the development environment for low-level Rust programming.
+•	Implement CPU virtualization and basic VM creation.
+•	Week 5-6:
+•	Implement memory management for VMs.
+•	Handle I/O virtualization and device emulation.
+•	Week 7-8:
+•	Integrate the hypervisor with the backend services.
+•	Test VM management functionalities via the frontend.
+
+

Phase 3: OS Development (Weeks 5-10)

+
•	Week 5-6:
+•	Bootloader implementation to load the OS kernel.
+•	Basic kernel initialization and CPU setup.
+•	Week 7-8:
+•	Implement memory management (paging, segmentation).
+•	Develop process management and scheduling.
+•	Week 9-10:
+•	Implement a simple file system.
+•	Add basic networking capabilities.
+
+

Phase 4: Integration and Testing (Weeks 11-12)

+
•	Hypervisor and OS Integration:
+•	Ensure the custom OS runs smoothly within the custom hypervisor.
+•	Optimize performance and resource utilization.
+•	System Testing:
+•	Perform extensive testing of the hypervisor and OS.
+•	Debug and fix issues related to virtualization and OS operations.
+
+

Phase 5: Platform Integration (Weeks 13-14)

+
•	Backend Updates:
+•	Modify backend services to support new hypervisor functionalities.
+•	Update API endpoints for extended VM and OS management.
+•	Frontend Enhancements:
+•	Add interfaces for deploying and interacting with the custom OS.
+•	Implement monitoring tools for VM and OS performance.
+
+

Phase 6: Documentation and Finalization (Weeks 15-16)

+
•	Documentation:
+•	Document the hypervisor and OS development processes.
+•	Update user guides and API documentation.
+•	Final Review:
+•	Conduct security audits.
+•	Prepare the system for deployment.
+
+

Implementation Details

+

Hypervisor Implementation

+
•	CPU Virtualization:
+•	Use hardware virtualization extensions to create virtual CPUs.
+•	Handle context switching between VMs and the host.
+•	Memory Management:
+•	Implement virtual memory mapping for VMs.
+•	Use Extended Page Tables (EPT) or Nested Paging.
+•	I/O Virtualization:
+•	Emulate essential devices (storage, network interfaces).
+•	Implement paravirtualized drivers for performance.
+•	Interfacing with Backend:
+•	Expose an API or CLI for backend interaction.
+•	Ensure thread safety and concurrency control.
+
+

OS Implementation

+
•	Boot Process:
+•	Develop a bootloader compliant with BIOS or UEFI.
+•	Initialize hardware components and system state.
+•	Kernel Architecture:
+•	Use a modular monolithic or microkernel approach.
+•	Implement core modules for process and memory management.
+•	Process Management:
+•	Create a scheduler for multitasking.
+•	Implement inter-process communication (IPC) mechanisms.
+•	File System:
+•	Design a simple file system (e.g., FAT12/16/32).
+•	Implement file operations (read, write, open, close).
+•	Networking:
+•	Develop basic networking stack (TCP/IP).
+•	Support network communication within VMs.
+
+

Integration Strategy

+

Seamless Integration with Backend

+
•	API Extensions:
+•	Extend backend APIs to include hypervisor control commands.
+•	Add endpoints for OS deployment and management.
+•	Backend-Hypervisor Communication:
+•	Use IPC mechanisms or direct library calls.
+•	Ensure secure and efficient communication channels.
+
+

Frontend Enhancements

+
•	User Interface Updates:
+•	Add controls for hypervisor settings and VM configurations.
+•	Provide dashboards for OS-level monitoring.
+•	User Experience:
+•	Ensure that the complexity of hypervisor and OS management is abstracted for the user.
+•	Offer guided workflows for common tasks.
+
+

Compatibility Considerations

+
•	Backward Compatibility:
+•	Ensure existing functionalities remain unaffected.
+•	Provide options to use the custom hypervisor or existing virtualization tools.
+•	Modular Design:
+•	Design components to be interchangeable.
+•	Facilitate future enhancements or replacements.
+
+

+
+
\ No newline at end of file diff --git a/src/pages/docs/[...slug].astro b/src/pages/docs/[...slug].astro new file mode 100644 index 00000000..b4706d19 --- /dev/null +++ b/src/pages/docs/[...slug].astro @@ -0,0 +1,227 @@ +--- +import "../../styles/globals.css"; + +// Tier-3 microfrontend: /docs/* — renders source repo's docs/ tree. +// Spec: phenotype-infra/docs/governance/path-microfrontends-tier3.md + +const PROJECT_NAME = "Byteport"; +const REPO_SLUG = "byteport"; +const REPO_OWNER = "KooshaPari"; +const REPO_NAME = "BytePort"; +const REPO = `${REPO_OWNER}/${REPO_NAME}`; +const GITHUB_TOKEN = import.meta.env.GITHUB_TOKEN; +const { slug } = Astro.params; +const path = slug ? `docs/${slug}` : "docs"; + +interface GhContentEntry { + name: string; + path: string; + type: "file" | "dir"; + download_url: string | null; + html_url: string; +} + +async function ghJson(p: string): Promise { + const res = await fetch(`https://api.github.com/${p}`, { + headers: { + Accept: "application/vnd.github+json", + "User-Agent": `${REPO_SLUG}-landing-build`, + ...(GITHUB_TOKEN + ? { Authorization: `Bearer ${GITHUB_TOKEN}` } + : {}), + }, + }); + if (!res.ok) return null; + return res.json(); +} + +async function ghRaw(p: string): Promise { + const res = await fetch(`https://api.github.com/${p}`, { + headers: { + Accept: "application/vnd.github.raw", + "User-Agent": `${REPO_SLUG}-landing-build`, + ...(GITHUB_TOKEN + ? { Authorization: `Bearer ${GITHUB_TOKEN}` } + : {}), + }, + }); + if (!res.ok) return null; + return res.text(); +} + +async function ghHtml(p: string): Promise { + const res = await fetch(`https://api.github.com/${p}`, { + headers: { + Accept: "application/vnd.github.html+json", + "User-Agent": `${REPO_SLUG}-landing-build`, + ...(GITHUB_TOKEN + ? { Authorization: `Bearer ${GITHUB_TOKEN}` } + : {}), + }, + }); + if (!res.ok) return null; + return res.text(); +} + +export async function getStaticPaths() { + const buildToken = import.meta.env.GITHUB_TOKEN; + // Recursively walk docs/ via the GitHub Trees API. + async function walk(): Promise { + const tree = await fetch( + "https://api.github.com/repos/KooshaPari/BytePort/git/trees/main?recursive=1", + { + headers: { + Accept: "application/vnd.github+json", + "User-Agent": "byteport-landing-build", + ...(buildToken + ? { Authorization: `Bearer ${buildToken}` } + : {}), + }, + }, + ); + if (!tree.ok) return []; + const data: any = await tree.json(); + if (!data.tree) return []; + return data.tree + .filter( + (n: any) => + n.type === "blob" && + n.path.startsWith("docs/") && + (n.path.endsWith(".md") || n.path.endsWith(".mdx")), + ) + .map((n: any) => n.path.replace(/^docs\//, "").replace(/\.mdx?$/, "")); + } + const paths = await walk(); + // Always emit a root /docs as well. + return [ + { params: { slug: undefined } }, + ...paths.map((p) => ({ params: { slug: p } })), + ]; +} + +// Resolve content for the requested path. +let title = slug ?? "Docs"; +let bodyHtml = ""; +let degraded = false; +let degradeReason = ""; + +const listing = await ghJson(`repos/${REPO}/contents/${path}?ref=main`); + +if (Array.isArray(listing)) { + // Directory listing. + title = slug ?? "Docs"; + const entries = listing as GhContentEntry[]; + const items = entries + .filter((e) => e.type === "dir" || e.name.match(/\.mdx?$/)) + .map((e) => { + const href = + e.type === "dir" + ? `/docs/${e.path.replace(/^docs\//, "")}` + : `/docs/${e.path.replace(/^docs\//, "").replace(/\.mdx?$/, "")}`; + return `
  • ${e.name}
    • `; + }) + .join("\n"); + bodyHtml = items + ? `
      ${items}
    ` + : `

    Directory ${path} is empty.

    `; +} else if (listing && typeof listing === "object" && "type" in listing) { + // Single file. Render via the HTML accept header for a server-side markdown render. + const html = await ghHtml(`repos/${REPO}/contents/${path}.md?ref=main`); + if (html) { + bodyHtml = html; + title = slug ?? "Docs"; + } else { + degraded = true; + degradeReason = `Could not render ${path}.md.`; + } +} else { + // Try .md fallback. + const html = await ghHtml(`repos/${REPO}/contents/${path}.md?ref=main`); + if (html) { + bodyHtml = html; + } else { + const raw = await ghRaw(`repos/${REPO}/contents/${path}.md?ref=main`); + if (raw) { + // Last-ditch: raw markdown wrapped in 
    .
+      bodyHtml = `
    ${raw.replace(/[<>&]/g, (c) => ({ "<": "<", ">": ">", "&": "amp;" })[c] ?? c)}
    `;
+    } else {
+      degraded = true;
+      degradeReason = `No content found at ${path} in ${REPO}.`;
+    }
+  }
+}
+---
+
+
+  
+    
+    
+    {title} · {PROJECT_NAME} docs
+    
+  
+  
+    
    
+      
+
+      
    {title}
    
+
+      {degraded ? (
+        
    
+          
    Source unavailable
    
+          
    
+          
    
+            View the source on
+            GitHub.
+          
    
+        
    
+      ) : (
+        
    
+      )}
+
+      
+    
    
+
+    
+  
+
diff --git a/src/pages/index.astro b/src/pages/index.astro
new file mode 100644
index 00000000..e7645d77
--- /dev/null
+++ b/src/pages/index.astro
@@ -0,0 +1,177 @@
+---
+import "../styles/globals.css";
+import readmeSnapshot from "../data/readme.html?raw";
+
+// Fetch repo metadata + README at build time. Strategy: try live GitHub API
+// (uses GITHUB_TOKEN if set in Vercel env to avoid 60/hr unauthenticated rate
+// limit), but ALWAYS fall back to a committed snapshot so the page never
+// ships with "README unavailable". Refresh snapshots locally with
+// `bun run data:refresh`.
+const REPO = "KooshaPari/BytePort";
+const GITHUB_TOKEN = import.meta.env.GITHUB_TOKEN;
+
+async function gh(
+  path: string,
+  accept = "application/vnd.github+json",
+): Promise {
+  try {
+    const res = await fetch(`https://api.github.com/${path}`, {
+      headers: {
+        Accept: accept,
+        "User-Agent": "byteport-landing-build",
+        ...(GITHUB_TOKEN
+          ? { Authorization: `Bearer ${GITHUB_TOKEN}` }
+          : {}),
+      },
+    });
+    if (!res.ok) {
+      console.warn(`[index] GitHub ${path} -> ${res.status}; falling back to snapshot`);
+      return null;
+    }
+    return (accept.includes("html") ? await res.text() : await res.json()) as T;
+  } catch (err) {
+    console.warn(`[index] GitHub ${path} fetch failed: ${(err as Error).message}; falling back to snapshot`);
+    return null;
+  }
+}
+
+const meta: any = (await gh(`repos/${REPO}`)) ?? {
+  description: "",
+  stargazers_count: 0,
+  pushed_at: new Date().toISOString(),
+  language: "Rust",
+  homepage: "",
+};
+const description = meta.description || "Byteport is a high-performance binary serialization and protocol framework for Rust.";
+
+const liveReadme = await gh(
+  `repos/${REPO}/readme`,
+  "application/vnd.github.html+json",
+);
+const readmeHtml: string = liveReadme ?? readmeSnapshot;
+
+const releases: any[] = (await gh(`repos/${REPO}/releases?per_page=5`)) ?? [];
+---
+
+
+  
+    
+    
+    Byteport — High-performance binary serialization and protocol framework
+    
+    
+  
+  
+    
    
+      
    
+        phenotype
+        /
+        byteport
+      
    
+      
    Byteport
    
+      
    {description}
    
+
+      
    
+        
+          github →
+        
+        {meta.homepage && (
+          
+            docs →
+          
+        )}
+        
+          ★ {meta.stargazers_count} · {meta.language ?? "Rust"}
+        
+      
    
+    
    
+
+    
+
+    
    
+      {releases.length > 0 && (
+        
    
+          
    Latest releases
    
+          
      
+            {releases.slice(0, 3).map((r: any) => (
+              
    • 
+                {r.tag_name}
+                {r.name ?? ""}
+                
+                  
+                
+              
      • 
+            ))}
+          
    
+        
    
+      )}
+
+      
    
+    
    
+
+    
+
+    
+  
+
diff --git a/src/pages/otel/index.astro b/src/pages/otel/index.astro
new file mode 100644
index 00000000..6f7ce3fe
--- /dev/null
+++ b/src/pages/otel/index.astro
@@ -0,0 +1,114 @@
+---
+import "../../styles/globals.css";
+
+// Tier-3 microfrontend: /otel — observability iframe.
+// Spec: phenotype-infra/docs/governance/path-microfrontends-tier3.md
+//
+// Stub iframe pointing at PHENO_OTLP_UI_URL (e.g. Phoenix, Jaeger, Tempo).
+// When the env var is missing, render a clear, actionable not-configured panel.
+// We do NOT silently render an empty iframe.
+
+const PROJECT_NAME = "Byteport";
+const REPO_SLUG = "byteport";
+const otelUrl = import.meta.env.PHENO_OTLP_UI_URL ?? null;
+---
+
+
+  
+    
+    
+    OTel · {PROJECT_NAME}
+    
+  
+  
+    
+
+    
    
+      
    
+        
    Observability
    
+        
    
+          Embedded OTel UI (traces, metrics, logs) from the Phenotype observability backend.
+        
    
+      
    
+      {otelUrl && (
+        
+          open in new tab →
+        
+      )}
+    
    
+
+    
    
+      {otelUrl ? (
+        
    
+          
+        
    
+      ) : (
+        
    
+          
    Backend not configured
    
+          
    
+            The PHENO_OTLP_UI_URL environment variable is not set
+            for this Vercel deployment. Tier-3 /otel requires an
+            externally-hosted OTel UI (Phoenix, Jaeger, Grafana Tempo, etc.)
+            to embed.
+          
    
+          
    
+            how to fix
+            
      
+              
    1. Deploy a Phenotype observability backend (PhenoObservability) and obtain its public UI URL.
      2. 
+              
    2. In the Vercel dashboard for {REPO_SLUG}-landing, add an env var named PHENO_OTLP_UI_URL.
      3. 
+              
    3. Redeploy. The iframe will pick up the URL on the next build.
      4. 
+            
    
+          
    
+        
    
+      )}
+    
    
+
+    
+
+    
+  
+
diff --git a/src/pages/preview/[prNumber].astro b/src/pages/preview/[prNumber].astro
new file mode 100644
index 00000000..0dc2dd67
--- /dev/null
+++ b/src/pages/preview/[prNumber].astro
@@ -0,0 +1,283 @@
+---
+import "../../styles/globals.css";
+
+// Tier-3 microfrontend: /preview/ — redirect to Vercel preview deploy.
+// Spec: phenotype-infra/docs/governance/path-microfrontends-tier3.md
+//
+// Strategy:
+//   1. Enumerate open PRs on KooshaPari/BytePort at build time.
+//   2. For each PR, attempt to discover its Vercel preview URL via
+//      check-runs (vercel-bot) or the deployments API. Fall back to the
+//      deterministic Vercel branch-alias pattern.
+//   3. Emit a static HTML page per PR# with  to
+//      the resolved preview URL plus a manual fallback link.
+//
+// Optionality rule: if a PR# was never built, we render a loud 404 page
+// (still static) explaining exactly what happened, not a silent redirect.
+
+const PROJECT_NAME = "Byteport";
+const REPO_SLUG = "byteport";
+const REPO_OWNER = "KooshaPari";
+const REPO_NAME = "BytePort";
+const REPO = `${REPO_OWNER}/${REPO_NAME}`;
+
+interface PrInfo {
+  number: number;
+  title: string;
+  branch: string;
+  sha: string;
+  html_url: string;
+  previewUrl: string;
+  previewSource: "vercel-check-run" | "deployment-api" | "branch-alias-fallback";
+}
+
+export async function getStaticPaths() {
+  // NOTE: helpers are inlined here because Astro hoists getStaticPaths and
+  // does not give it access to module-scoped declarations.
+  const REPO_INNER = "KooshaPari/BytePort";
+  const VERCEL_PROJECT = "byteport-landing";
+  const VERCEL_TEAM = "kooshapari";
+  const buildToken = import.meta.env.GITHUB_TOKEN;
+
+  const ghHeaders = (accept = "application/vnd.github+json") => ({
+    Accept: accept,
+    "User-Agent": "byteport-landing-build",
+    ...(buildToken
+      ? { Authorization: `Bearer ${buildToken}` }
+      : {}),
+  });
+
+  const ghJson = async (path: string): Promise => {
+    const res = await fetch(`https://api.github.com/${path}`, {
+      headers: ghHeaders(),
+    });
+    if (!res.ok) return null;
+    return res.json();
+  };
+
+  const sanitizeBranch = (b: string) =>
+    b.toLowerCase().replace(/[^a-z0-9-]/g, "-").replace(/-+/g, "-").replace(/^-|-$/g, "");
+
+  const branchAliasUrl = (branch: string) =>
+    `https://${VERCEL_PROJECT}-git-${sanitizeBranch(branch)}-${VERCEL_TEAM}.vercel.app`;
+
+  const resolveVercelUrl = async (
+    sha: string,
+    branch: string,
+  ): Promise<{ url: string; source: "vercel-check-run" | "deployment-api" | "branch-alias-fallback" }> => {
+    const checks = await ghJson(`repos/${REPO_INNER}/commits/${sha}/check-runs`);
+    if (checks?.check_runs) {
+      for (const run of checks.check_runs) {
+        const slug: string | undefined = run?.app?.slug;
+        if (slug !== "vercel" && slug !== "vercel-bot") continue;
+        const summary: string = run?.output?.summary ?? "";
+        const urlMatch = summary.match(/https:\/\/[a-z0-9-]+\.vercel\.app/i);
+        if (urlMatch) return { url: urlMatch[0], source: "vercel-check-run" };
+        if (run?.details_url) return { url: run.details_url, source: "vercel-check-run" };
+      }
+    }
+    const deployments = await ghJson(`repos/${REPO_INNER}/deployments?sha=${sha}&per_page=20`);
+    if (Array.isArray(deployments)) {
+      for (const dep of deployments) {
+        const env: string = dep?.environment ?? "";
+        if (!env.toLowerCase().includes("preview")) continue;
+        const statuses = await ghJson(`repos/${REPO_INNER}/deployments/${dep.id}/statuses`);
+        if (Array.isArray(statuses)) {
+          for (const s of statuses) {
+            if (s?.environment_url) return { url: s.environment_url, source: "deployment-api" };
+            if (s?.target_url && /vercel\.app/.test(s.target_url)) {
+              return { url: s.target_url, source: "deployment-api" };
+            }
+          }
+        }
+      }
+    }
+    return { url: branchAliasUrl(branch), source: "branch-alias-fallback" };
+  };
+
+  const pulls = await ghJson(`repos/${REPO_INNER}/pulls?state=open&per_page=100`);
+  if (!Array.isArray(pulls) || pulls.length === 0) {
+    // No open PRs at build time — emit a single placeholder route so
+    // /preview/0 still renders an honest "no PRs" page. Actual PR#s
+    // will fall through to the [prNumber] dynamic 404 path.
+    return [
+      {
+        params: { prNumber: "none" },
+        props: { pr: null, reason: "No open PRs at build time." } as {
+          pr: PrInfo | null;
+          reason: string | null;
+        },
+      },
+    ];
+  }
+
+  const results = await Promise.all(
+    pulls.map(async (pr: any): Promise => {
+      const { url, source } = await resolveVercelUrl(pr.head.sha, pr.head.ref);
+      return {
+        number: pr.number,
+        title: pr.title,
+        branch: pr.head.ref,
+        sha: pr.head.sha,
+        html_url: pr.html_url,
+        previewUrl: url,
+        previewSource: source,
+      };
+    }),
+  );
+
+  return results.map((pr) => ({
+    params: { prNumber: String(pr.number) },
+    props: { pr, reason: null },
+  }));
+}
+
+interface Props {
+  pr: PrInfo | null;
+  reason: string | null;
+}
+const { pr, reason } = Astro.props as Props;
+const { prNumber } = Astro.params;
+const prUrlOnGitHub = `https://github.com/${REPO}/pull/${prNumber}`;
+---
+
+
+  
+    
+    
+    {pr ? `Preview · PR #${pr.number} · ${PROJECT_NAME}` : `Preview · PR #${prNumber} · ${PROJECT_NAME}`}
+    
+    {pr && }
+  
+  
+    
    
+      
+
+      {pr ? (
+        
    
+          
    
+            
    
+              Redirecting to Vercel preview...
+            
    
+            
    PR #{pr.number}
    
+            
    {pr.title}
    
+            
    
+              branch {pr.branch} · sha {pr.sha.slice(0, 8)}
+            
    
+          
    
+
+          
    
+            
    
+              {pr.previewUrl}
+            
    
+            
    
+              You will be redirected automatically in 2 seconds. If the preview
+              fails to load, the PR may not have a Vercel preview deploy yet
+              (build pending, build failed, or Vercel integration not enabled
+              on {REPO}).
+            
    
+            
+          
    
+        
    
+      ) : (
+        
    
+          
    
+            
    
+              404 · No preview available
+            
    
+            
    PR #{prNumber} not found
    
+            
    
+              {reason ?? `No open PR with number ${prNumber} was discovered when this site was built. This page is static; PRs opened after the last deploy will not appear until the next rebuild.`}
+            
    
+          
    
+
+          
    
+            
    Possible causes:
    
+            
      
+              
    • The PR is closed or merged.
      • 
+              
    • The PR was opened after the most recent landing deploy.
      • 
+              
    • No PR with that number exists in {REPO}.
      • 
+            
    
+            
    
+              View PR #{prNumber} on GitHub →
+            
    
+            
    
+              
+                See all open {PROJECT_NAME} PRs →
+              
+            
    
+          
    
+        
    
+      )}
+
+      
    
+        Stable preview URLs built at deploy time from
+        {REPO} open PRs. Failures are loud, not silent.
+      
    
+    
    
+
+    
+  
+
diff --git a/src/pages/qa/index.astro b/src/pages/qa/index.astro
new file mode 100644
index 00000000..f10e92f6
--- /dev/null
+++ b/src/pages/qa/index.astro
@@ -0,0 +1,256 @@
+---
+import "../../styles/globals.css";
+import qaSnapshot from "../../data/qa-snapshot.json";
+
+// Tier-3 microfrontend: /qa — quality dashboard.
+// Spec: phenotype-infra/docs/governance/path-microfrontends-tier3.md
+//
+// Reads three JSON drops from the source repo's docs/reports/:
+//   - coverage.json  (cargo-llvm-cov or pytest-cov output)
+//   - lint.json      (clippy + ruff + vale aggregator)
+//   - fr-trace.json  (FR-id × test-id matrix)
+//
+// Each panel degrades gracefully and loudly when its source is absent.
+
+const PROJECT_NAME = "Byteport";
+const REPO_SLUG = "byteport";
+const REPO = "KooshaPari/BytePort";
+const GITHUB_TOKEN = import.meta.env.GITHUB_TOKEN;
+
+interface CoverageReport {
+  pct?: number;
+  lines_total?: number;
+  lines_covered?: number;
+  generated_at?: string;
+}
+interface LintReport {
+  clippy?: { errors: number; warnings: number };
+  ruff?: { errors: number; warnings: number };
+  vale?: { errors: number; warnings: number; suggestions?: number };
+  generated_at?: string;
+}
+interface FrTraceReport {
+  total_frs?: number;
+  covered_frs?: number;
+  uncovered?: string[];
+  generated_at?: string;
+}
+
+interface PanelResult {
+  data: T | null;
+  reason: string | null;
+}
+
+// Build-time snapshot used when the live GitHub API is rate-limited (429) or
+// otherwise unreachable. The snapshot mirrors the exact { data, reason } shape
+// each panel renders so degraded states stay consistent.
+const SNAPSHOT: Record> = qaSnapshot as any;
+
+async function ghReport(file: string, snapshotKey: string): Promise> {
+  const fallback = SNAPSHOT[snapshotKey] as PanelResult | undefined;
+  try {
+    const res = await fetch(
+      `https://api.github.com/repos/${REPO}/contents/docs/reports/${file}?ref=main`,
+      {
+        headers: {
+          Accept: "application/vnd.github.raw",
+          "User-Agent": `${REPO_SLUG}-landing-build`,
+          ...(GITHUB_TOKEN
+            ? { Authorization: `Bearer ${GITHUB_TOKEN}` }
+            : {}),
+        },
+      },
+    );
+    if (res.status === 404) {
+      return {
+        data: null,
+        reason: `docs/reports/${file} not yet emitted by ${REPO}. Add the file to populate this panel.`,
+      };
+    }
+    if (!res.ok) {
+      // Rate-limited, auth failure, transient 5xx — degrade to the committed
+      // snapshot rather than emitting a raw "GitHub API error: 429" to users.
+      console.warn(
+        `[qa] GitHub contents/${file} -> ${res.status} ${res.statusText}; using snapshot`,
+      );
+      return (
+        fallback ?? {
+          data: null,
+          reason: `GitHub API error: ${res.status} ${res.statusText}.`,
+        }
+      );
+    }
+    const text = await res.text();
+    return { data: JSON.parse(text) as T, reason: null };
+  } catch (err: any) {
+    console.warn(`[qa] GitHub contents/${file} fetch failed: ${err?.message ?? String(err)}; using snapshot`);
+    return (
+      fallback ?? {
+        data: null,
+        reason: `Failed to parse JSON: ${err?.message ?? String(err)}`,
+      }
+    );
+  }
+}
+
+const [coverage, lint, frTrace] = await Promise.all([
+  ghReport("coverage.json", "coverage"),
+  ghReport("lint.json", "lint"),
+  ghReport("fr-trace.json", "frTrace"),
+]);
+
+function pctClass(pct: number | undefined): string {
+  if (pct === undefined) return "";
+  if (pct >= 80) return "ok";
+  if (pct >= 60) return "warn";
+  return "bad";
+}
+---
+
+
+  
+    
+    
+    QA · {PROJECT_NAME}
+    
+  
+  
+    
+
+    
    
+      
    Quality dashboard
    
+      
    Coverage, lint, and FR-traceability for {REPO}.
    
+    
    
+
+    
    
+      
    
+        
    
+          
    Coverage
    
+          {coverage.data ? (
+            <>
+              
    
+                {coverage.data.pct?.toFixed(1) ?? "—"}%
+              
    
+              
    
+                {coverage.data.lines_covered ?? "?"} / {coverage.data.lines_total ?? "?"} lines
+              
    
+              {coverage.data.generated_at && (
+                
    as of 
    
+              )}
+            
+          ) : (
+            
    
+          )}
+        
    
+
+        
    
+          
    Lint
    
+          {lint.data ? (
+            
      
+              {(["clippy", "ruff", "vale"] as const).map((k) => {
+                const v = (lint.data as any)?.[k];
+                if (!v) return 
    • {k}not run
      • ;
+                const status = v.errors > 0 ? "bad" : v.warnings > 0 ? "warn" : "ok";
+                return (
+                  
    • 
+                    {k}
+                    
+                      {v.errors}E · {v.warnings}W
+                    
+                  
      • 
+                );
+              })}
+            
    
+          ) : (
+            
    
+          )}
+        
    
+
+        
    
+          
    FR Traceability
    
+          {frTrace.data ? (
+            <>
+              
    
+                {frTrace.data.covered_frs ?? "?"}/{frTrace.data.total_frs ?? "?"}
+              
    
+              
    FRs with at least one test
    
+              {frTrace.data.uncovered && frTrace.data.uncovered.length > 0 && (
+                
    
+                  {frTrace.data.uncovered.length} uncovered
+                  
      
+                    {frTrace.data.uncovered.slice(0, 10).map((id) => 
    • {id}
      • )}
+                  
    
+                
    
+              )}
+            
+          ) : (
+            
    
+          )}
+        
    
+      
    
+    
    
+
+    
    
+      Reports built from {REPO}/docs/reports/*.json at deploy time. Missing panels are loud, not silent.
+    
    
+
+    
+  
+