mirror of
https://github.com/techforces-ai/Cial.git
synced 2026-05-15 21:14:12 +00:00
Upstream Cial — pull mirror of https://github.com/techforces-ai/Cial.git, syncs every 10m
bcf2d2b9c3
dev:tenant now runs a single Linux container that mirrors the prod
tenant container shape (5 processes, port 8080) but with hot reload,
single root user, and credentials injected from the host's macOS
Keychain on startup. Source is bind-mounted; Linux-built node_modules
live in named volumes so they don't collide with macOS-built ones.
New files:
cial-core/docker/Dockerfile.dev single-user dev image (claude binary baked in)
cial-core/docker/dev-entrypoint.sh creds → ~/.claude → pnpm install → pre-build → exec supervisor
cial-core/edge/src/supervisor.dev.ts container-side supervisor with watchers
Rewritten:
scripts/dev-tenant.mjs extracts host keychain + drives docker build/run
Volumes (survive Ctrl-C, wiped by `node scripts/dev-tenant.mjs --reset`):
cial-dev-tenant-state /var/lib/cial (sqlite db, claude home)
cial-dev-tenant-modules /workspace/node_modules + per-package shadows
cial-dev-tenant-pnpm-store /pnpm-store (install cache)
Trade-offs:
- First boot is slow (pnpm install in-container). Subsequent boots fast.
- protocol/sdk/edge dist files are written through the bind mount to the host.
- macOS Keychain stays the source of truth for credentials; the container's
OAuth refreshes don't propagate back.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
||
|---|---|---|
| cial-app | ||
| cial-core | ||
| cial-platform | ||
| scripts | ||
| .editorconfig | ||
| .env.example | ||
| .gitignore | ||
| .nvmrc | ||
| .prettierignore | ||
| .prettierrc.json | ||
| docker-compose.yml | ||
| eslint.config.js | ||
| LICENSE | ||
| package.json | ||
| PHASE-5.md | ||
| PLAN-LOCAL.md | ||
| PLAN.md | ||
| pnpm-lock.yaml | ||
| pnpm-workspace.yaml | ||
| README.md | ||
| tsconfig.base.json | ||
| turbo.json | ||
Cial
Closed Core. Editable Platform. One container per tenant. Multi-tenant App layer.
See
PLAN.mdfor the build plan and/app/data/cial-production-infrastructure.mdfor the architecture rationale.
Repository layout
cial/
├─ cial-core/ CLOSED — the harness shipped as a Docker image to every tenant
│ ├─ back/ Express + WS · AI sessions · auth · git engine · vault · DB proxy
│ ├─ front/ Next.js · the rescue UI served at /.cial/*
│ ├─ sdk/ @cial/sdk — Platform code talks to Core through this
│ ├─ protocol/ @cial/protocol — shared TS types + Zod schemas
│ └─ docker/ Multi-stage Dockerfile · two Linux users (cial + agent)
│
├─ cial-platform/ OPEN — starter cloned into /platform/ of every tenant container
│ ├─ front/ Next.js · the editable user-owned frontend
│ └─ back/ Node · the editable user-owned backend
│
└─ cial-app/ CLOSED — multi-tenant ops layer
├─ api/ Next.js · owner signup, billing, admin
├─ orchestrator/ Fly Machines provisioning
├─ router/ Subdomain → tenant Machine ID
├─ scheduler/ Central cron / trigger fabric
└─ docker/ Dockerfile for App itself
Stack
- Node 22 · pnpm 9 · turbo 2
- TypeScript 5.7 strict · NodeNext
- Express 4 (Core Back, Platform Back, App orchestrator)
- Next.js 16 with Turbopack (Core Front, Platform Front, App api)
- better-sqlite3 (per-tenant DB) · Postgres + Drizzle (App DB)
- Better-Auth · Zod · pino
- ESLint 9 (flat) · Prettier
Common commands
pnpm install # install all workspace deps
pnpm dev # run everything in parallel
pnpm build # build everything
pnpm typecheck # tsc --noEmit across packages
pnpm lint # eslint
pnpm format # prettier --write
pnpm smoke # boot all 5 services on isolated ports + probe
Per-package:
pnpm --filter @cial/back dev
pnpm --filter @cial/platform-front build
Architecture conventions (Express services)
- Modular layout:
src/modules/<feature>/{routes,service,repository,schemas,types}.ts - Routes never touch the database
- Services never touch Express (
req/res) - Repositories never touch services (data access only)
- Validation at the edge with Zod
- Dependency injection by hand at
src/index.ts - Centralized error middleware (last
app.use) - Structured logs via pino · no
console.log - Graceful shutdown on SIGTERM/SIGINT
Smoke harness
pnpm smoke boots every service on isolated high ports (18000–18100), polls
each one until it responds, runs an HTTP probe matrix (health + a 501-stub
envelope check on Core Back), then tears everything down. Exits 0 on success.
| Service | Port | Probe |
|---|---|---|
@cial/back |
18080 | /healthz → 200, /vault → 501 envelope |
@cial/platform-back |
18081 | /health → 200 |
@cial/app-api |
18100 | /api/health → 200 |
@cial/front |
18001 | /.cial → 200 |
@cial/platform-front |
18000 | / → 200 |
Status
Scaffolding only. See PLAN.md for the phased implementation plan.