mirror of
https://github.com/techforces-ai/Cial.git
synced 2026-05-15 19:14:11 +00:00
Upstream Cial — pull mirror of https://github.com/techforces-ai/Cial.git, syncs every 10m
9c1f551ed6
Adds POST /api/v1/self/deploy and /api/v1/self/restart on cial-core for agent-initiated builds and restarts. Introduces CIAL_UNRESTRICTED=1 (opt-in via `pnpm dev:tenant --unrestricted`) which widens the trust boundary so the agent can rebuild and restart core+sdk+protocol+edge in addition to platform. Trust boundary enforced at three layers: - BuildRunner pnpm filter (platform vs all) - Supervisor IPC RESTARTABLE_SERVICES set - localhost-only middleware on /api/v1/self/* Edge restart uses 50ms-deferred process.exit so Docker restart-policy bounces the container. Dev supervisor gained the IPC server it was silently missing. Ships docs/ tree (architecture, self-edit, ui, ops) and the cial:self-edit Claude skill, both copied into the dev+prod images so the in-container agent can read them before editing. |
||
|---|---|---|
| .claude/skills/cial:self-edit | ||
| cial-app | ||
| cial-core | ||
| cial-platform | ||
| docs | ||
| scripts | ||
| .editorconfig | ||
| .env.example | ||
| .gitignore | ||
| .nvmrc | ||
| .prettierignore | ||
| .prettierrc.json | ||
| docker-compose.yml | ||
| eslint.config.js | ||
| LICENSE | ||
| package.json | ||
| PHASE-5.md | ||
| PHASE-6.md | ||
| PLAN-LOCAL.md | ||
| PLAN.md | ||
| pnpm-lock.yaml | ||
| pnpm-workspace.yaml | ||
| README.md | ||
| tsconfig.base.json | ||
| turbo.json | ||
Cial
Closed Core. Editable Platform. One container per tenant. Multi-tenant App layer.
See
PLAN.mdfor the build plan and/app/data/cial-production-infrastructure.mdfor the architecture rationale.
Repository layout
cial/
├─ cial-core/ CLOSED — the harness shipped as a Docker image to every tenant
│ ├─ back/ Express + WS · AI sessions · auth · git engine · vault · DB proxy
│ ├─ front/ Next.js · the rescue UI served at /.cial/*
│ ├─ sdk/ @cial/sdk — Platform code talks to Core through this
│ ├─ protocol/ @cial/protocol — shared TS types + Zod schemas
│ └─ docker/ Multi-stage Dockerfile · two Linux users (cial + agent)
│
├─ cial-platform/ OPEN — starter cloned into /platform/ of every tenant container
│ ├─ front/ Next.js · the editable user-owned frontend
│ └─ back/ Node · the editable user-owned backend
│
└─ cial-app/ CLOSED — multi-tenant ops layer
├─ api/ Next.js · owner signup, billing, admin
├─ orchestrator/ Fly Machines provisioning
├─ router/ Subdomain → tenant Machine ID
├─ scheduler/ Central cron / trigger fabric
└─ docker/ Dockerfile for App itself
Stack
- Node 22 · pnpm 9 · turbo 2
- TypeScript 5.7 strict · NodeNext
- Express 4 (Core Back, Platform Back, App orchestrator)
- Next.js 16 with Turbopack (Core Front, Platform Front, App api)
- better-sqlite3 (per-tenant DB) · Postgres + Drizzle (App DB)
- Better-Auth · Zod · pino
- ESLint 9 (flat) · Prettier
Common commands
pnpm install # install all workspace deps
pnpm dev # run everything in parallel
pnpm build # build everything
pnpm typecheck # tsc --noEmit across packages
pnpm lint # eslint
pnpm format # prettier --write
pnpm smoke # boot all 5 services on isolated ports + probe
Per-package:
pnpm --filter @cial/back dev
pnpm --filter @cial/platform-front build
Architecture conventions (Express services)
- Modular layout:
src/modules/<feature>/{routes,service,repository,schemas,types}.ts - Routes never touch the database
- Services never touch Express (
req/res) - Repositories never touch services (data access only)
- Validation at the edge with Zod
- Dependency injection by hand at
src/index.ts - Centralized error middleware (last
app.use) - Structured logs via pino · no
console.log - Graceful shutdown on SIGTERM/SIGINT
Smoke harness
pnpm smoke boots every service on isolated high ports (18000–18100), polls
each one until it responds, runs an HTTP probe matrix (health + a 501-stub
envelope check on Core Back), then tears everything down. Exits 0 on success.
| Service | Port | Probe |
|---|---|---|
@cial/back |
18080 | /healthz → 200, /vault → 501 envelope |
@cial/platform-back |
18081 | /health → 200 |
@cial/app-api |
18100 | /api/health → 200 |
@cial/front |
18001 | /.cial → 200 |
@cial/platform-front |
18000 | / → 200 |
Status
Scaffolding only. See PLAN.md for the phased implementation plan.