Go to file

saravanakumardb1 0c982de7e6 feat(web/ui8): remove legacy global classes + tighten audit regex + lock CI gate UI8 closes the migration cycle started by UI0. The four legacy global classes (.surface-card, .surface-muted, .badge, .input-shell) are removed from web/src/app/globals.css and the CI ratchet now enforces zero new occurrences across three of the four drift categories. Changes: 1. Audit regex precision (scripts/ui-drift-audit.sh, scripts/ui-drift-ratchet.sh) The previous pattern 'className="[^"]*(badge\|surface-card\|surface-muted\|input-shell)' matched the literal token anywhere inside className, which caused 21 false positives against Tailwind arbitrary values like 'bg-[color:var(--nl-surface-muted)]' where the legacy name appears inside a 'var(--nl-...)' reference. New pattern requires the legacy class to be a whole class token — either at the start of className, or preceded by a space, and followed by a space or closing quote. Result: 21 false positives eliminated; the ratchet now reports an honest 0 for the legacy category. 2. globals.css cleanup (web/src/app/globals.css) Removed .surface-card, .surface-muted, .badge, .input-shell rules. Only truly global utilities remain (typography, focus-visible, sr-only, skip-link, motion preferences, layout grids). A header comment documents that re-introductions should be solved at the call-site with a primitive, not by restoring the global rule. 3. Ratchet baseline (scripts/ui-drift-baseline.json) Final counts after UI5–UI8 across the session: raw interactive controls 14 (was 38 at start) legacy global surface classes 0 (was 92 at start) hardcoded color literals 0 (no change, was already 0) direct @bytelyst/ui imports 0 (no change, was already 0) The 14 remaining raw controls are intentional and tracked: NoteEditor toolbar buttons (10) ArtifactPanel hidden file input (1) search/page radio inputs (2) NoteVersionsPanel disclosure button (1) 4. CI gate (.github/workflows/ci.yml release-guards job) Documented that the ratchet is the canonical gate post-UI8: because legacy/colors/imports baselines are 0, any new occurrence in those three categories now fails CI. The strict-audit script is kept as a local diagnostic tool but not wired as a gate (would fail on the 14 intentional raw controls). 5. Roadmap (docs/UI_UX_PLATFORM_CORE_ROADMAP.md) Marked UI5, UI6, UI7, UI8 all complete with per-phase commit hashes and explicit deliverables. Cumulative migration impact (from initial baseline): raw interactive controls 38 → 14 (-24, -63%) legacy global surface classes 92 → 0 (-92, -100%) Verified: - pnpm run verify: backend 380/380, web 96/96, mobile 97/97 - bash scripts/ui-drift-ratchet.sh: all four categories at baseline - bash scripts/ui-drift-audit.sh: only "Raw interactive controls" category has matches (intentional, tracked above) - Live Docker stack at http://localhost:3050 still serves 200, backend health 200		2026-05-23 01:55:36 -07:00
.gitea/workflows	ci: fix YAML formatting — normalize blank lines	2026-03-29 11:04:16 -07:00
.github	feat(web/ui8): remove legacy global classes + tighten audit regex + lock CI gate	2026-05-23 01:55:36 -07:00
.husky	chore: add Husky pre-commit hooks + secret-scan scripts	2026-03-27 23:07:30 -07:00
backend	test(e2e): docker compose E2E test + seed scripts + 9-step verification	2026-05-23 01:16:19 -07:00
docs	feat(web/ui8): remove legacy global classes + tighten audit regex + lock CI gate	2026-05-23 01:55:36 -07:00
mobile	test(mobile): verify platform lifecycle clients	2026-05-05 13:02:14 -07:00
scripts	feat(web/ui8): remove legacy global classes + tighten audit regex + lock CI gate	2026-05-23 01:55:36 -07:00
shared	fix: normalize product.json + replace --ml-* with --nl-* CSS namespace	2026-03-21 20:20:40 -07:00
web	feat(web/ui8): remove legacy global classes + tighten audit regex + lock CI gate	2026-05-23 01:55:36 -07:00
.aider.conf.yml	chore(docs): regenerate AI agent config files	2026-03-10 22:56:39 -07:00
.clinerules	chore(docs): regenerate AI agent config files	2026-03-10 22:56:39 -07:00
.cursorrules	chore(docs): regenerate AI agent config files	2026-03-10 22:56:39 -07:00
.dockerignore	feat(repo): migrate notelett workspace to pnpm	2026-03-22 15:50:54 -07:00
.editorconfig	chore(docs): regenerate AI agent config files	2026-03-10 22:56:39 -07:00
.gitignore	chore: gitignore .docker-deps/ directory	2026-04-13 14:36:43 -07:00
.npmrc	feat(ux): add UX testing setup guide and common platform integration	2026-05-09 22:09:43 +00:00
.npmrc.docker	fix: Update docker configuration for production deployment	2026-05-12 08:20:12 +00:00
.nvmrc	chore: add .nvmrc pinning Node 22	2026-03-29 10:48:30 -07:00
.pnpmfile.cjs	fix(workspace): canonicalize common-plat path to ../learning_ai_common_plat	2026-05-22 15:08:30 -07:00
.windsurfrules	chore(docs): regenerate AI agent config files	2026-03-10 22:56:39 -07:00
AGENTS.md	docs(cleanup): move historical roadmaps to docs/archive/ and update AGENTS.md	2026-05-22 23:23:50 -07:00
CLAUDE.md	feat(repo): migrate notelett workspace to pnpm	2026-03-22 15:50:54 -07:00
docker-compose.override.yml	test(e2e): docker compose E2E test + seed scripts + 9-step verification	2026-05-23 01:16:19 -07:00
docker-compose.yml	fix: Update docker configuration for production deployment	2026-05-12 08:20:12 +00:00
package.json	test(e2e): docker compose E2E test + seed scripts + 9-step verification	2026-05-23 01:16:19 -07:00
pnpm-lock.yaml	test(e2e): fix 4 pre-existing E2E failures and make port-conflict-proof	2026-05-23 00:50:29 -07:00
pnpm-workspace.yaml	fix(workspace): canonicalize common-plat path to ../learning_ai_common_plat	2026-05-22 15:08:30 -07:00
README.md	docs(sprint-a): record build restoration and refreshed sprint plan	2026-05-22 15:08:42 -07:00

README.md

NoteLett

Structured notes platform for humans and AI agents — part of the ByteLyst ecosystem.

Quick Start

Prerequisites:

pnpm 10.6.5
sibling common-platform checkout at ../learning_ai_common_plat (override with BYTELYST_COMMON_PLAT_ROOT if your layout differs)
optional local ByteLyst services from common platform:
- platform-service on port 4003 for auth, flags, telemetry, diagnostics, billing, and blob
- extraction-service on port 4005 for URL/task extraction
- mcp-server on port 4007 for agent tooling

# Install against the local common-platform workspace packages.
pnpm run install:common-plat --frozen-lockfile

# Registry fallback when explicitly needed.
source ~/.zshrc
pnpm run install:gitea --frozen-lockfile

# Backend in local memory mode (port 4016)
DB_PROVIDER=memory JWT_SECRET=dev-secret-do-not-use-in-prod \
pnpm --filter @notelett/backend run dev

# Web (port 3000)
pnpm --filter @notelett/web run dev

# Mobile
pnpm --filter @notelett/mobile run start

Auth is expected to come from platform-service. Local development can use the repo's dev/test helpers and memory datastore, but production must use real platform auth, Cosmos, and encryption configuration.

Docker path:

docker compose build
docker compose up -d
curl -sf http://localhost:4016/health
curl -sf http://localhost:4016/api/bootstrap

Local production-readiness smoke:

pnpm run smoke:local

# Use an already-running backend or skip shared service checks when isolating product behavior.
SMOKE_START_BACKEND=0 pnpm run smoke:local -- --no-start
pnpm run smoke:local -- --skip-platform

# Docker compose build/start/health smoke
pnpm run smoke:compose

Architecture

Surface	Stack	Port
Backend	Fastify 5 + TypeScript ESM	4016
Web	Next.js 16 + React 19	3000
Mobile	Expo + React Native	8081
Platform	platform-service (shared)	4003
Extraction	extraction-service (shared)	4005
MCP	mcp-server (shared)	4007

Architecture Boundaries

NoteLett keeps product-local domain behavior in this repo: note/workspace CRUD, relationships, tasks, artifacts, agent action audit trails, saved views, prompt templates/runners, intake rules/jobs, note sharing/collaboration, version history, Palace memory/KG UX, and all NoteLett-specific web/mobile workflows.

Common-platform responsibilities come from ../learning_ai/learning_ai_common_plat: auth/session primitives, API clients, datastore/Cosmos abstractions, shared error/config/logging conventions, telemetry, diagnostics, feature flags, kill switch, blob access, extraction-service clients, design tokens, shared UI primitives where appropriate, MCP server integration, webhook dispatch, encryption helpers, and cross-repo automation scripts.

Package resolution defaults to local common-platform packages through .pnpmfile.cjs (BYTELYST_PACKAGE_SOURCE=common-plat). Use pnpm run install:common-plat for local development and pnpm run install:gitea only when you intentionally want registry versions. Override the local checkout with BYTELYST_COMMON_PLAT_ROOT=/path/to/learning_ai_common_plat.

Do not move NoteLett-specific notes logic into common platform unless another product has a concrete reuse need. Do not create repo-local substitutes for platform concerns already covered by @bytelyst/* packages or platform services.

Key Features

Backend modules: notes, workspaces, relationships, tasks, artifacts, agent actions, saved views, Smart Actions, intake, collaborators, shares, versions, Palace, and ecosystem import routes
8 MCP tools: list, get, search, create_draft, update, link_notes, extract_tasks, attach_artifact
Smart Actions: 20 built-in prompt templates, copilot text transforms, scheduler, webhooks, URL extraction
Intake and Palace: URL/text intake jobs, intake rules, MemPalace memory/search/KG/wake-up routes
Agent audit trail: every write tool records agent action history
Datastore abstraction: Cosmos DB in production, in-memory for tests
Platform integrations: auth (JWT), telemetry, diagnostics, feature flags, kill-switch, blob storage
LLM integration: @bytelyst/llm with retry, timeout, and fallback heuristics

Environment

Copy backend/.env.example to backend/.env and web/.env.example to web/.env.local as needed.

Local memory mode:

NODE_ENV=development
DB_PROVIDER=memory
JWT_SECRET=dev-secret-do-not-use-in-prod
LLM_PROVIDER=mock
shared service URLs can point at local common-platform ports or remain disabled for isolated backend tests

Production requirements:

NODE_ENV=production
strong JWT_SECRET shared with platform-service or the production auth verification mechanism
DB_PROVIDER=cosmos
COSMOS_ENDPOINT, COSMOS_KEY, and COSMOS_DATABASE
FIELD_ENCRYPT_ENABLED=true with FIELD_ENCRYPT_KEY_PROVIDER=akv or a managed key provider and required key material
PLATFORM_SERVICE_URL, EXTRACTION_SERVICE_URL, and MCP_SERVER_URL
NEXT_PUBLIC_MCP_SERVER_URL=http://localhost:4007/api for local web settings/agent guidance
TELEMETRY_ENABLED=true and FEATURE_FLAGS_ENABLED=true when platform services are available
LLM_PROVIDER plus provider credentials (OPENAI_API_KEY or Azure OpenAI settings) for non-mock AI behavior

The May 5 production-readiness pass hardened production config to fail closed on unsafe defaults; see docs/PRODUCTION_READINESS_HANDOFF_ROADMAP.md.

Tests

pnpm --filter @notelett/backend run typecheck
pnpm --filter @notelett/backend run test
pnpm --filter @notelett/backend run lint
pnpm --filter @notelett/web run typecheck
pnpm --filter @notelett/web run test
pnpm --filter @notelett/web run lint
pnpm --filter @notelett/web run test:e2e
pnpm --filter @notelett/mobile run typecheck
pnpm --filter @notelett/mobile run test
pnpm --filter @notelett/mobile run lint
pnpm run verify

Current May 5 production-readiness status:

pnpm run verify passes backend/web/mobile typecheck and tests, plus backend/web production builds.
backend, web, and mobile lint commands exit 0 with tracked advisory warnings.
web Playwright release flows pass.
release-guard audits pass common-platform secret scan, hardcoded color/token checks, and active product/API drift checks.
Docker compose smoke and live shared-service smoke are explicit environment deferrals on this host because Docker is unavailable and platform-service/extraction-service/mcp-server are not running with Cosmos credentials.

See docs/PRODUCTION_READINESS_HANDOFF_ROADMAP.md Phase P10 for exact commands, commit hashes, warnings, and deferral notes.

Docs

AGENTS.md — AI agent onboarding guide
docs/PRD.md — Product requirements
docs/ROADMAP.md — Master execution tracker
docs/PRODUCTION_READINESS_HANDOFF_ROADMAP.md — Active production-readiness checklist
docs/PLATFORM_SMOKE_CHECKS.md — Shared platform and NoteLett smoke commands
docs/MOBILE_PRODUCTION_BUILD_AND_SMOKE.md — Expo build notes and iOS/Android smoke checklist
docs/RELEASE_CHECKLIST.md — Release notes template, deploy checklist, rollback, migrations, and monitoring placeholders
docs/COSMOS_DATA_OPERATIONS.md — Cosmos containers, indexes, retention, and backup/restore approach
docs/SEED_BOOTSTRAP_STRATEGY.md — Built-in prompt, intake rule, onboarding workspace, and feature-flag bootstrap strategy
docs/DATA_MIGRATION_AND_BACKFILL_PLAN.md — Encrypted-field, schema-change, and backfill migration plan
docs/TELEMETRY_AND_DIAGNOSTICS_TAXONOMY.md — Event taxonomy and diagnostic breadcrumb contract
docs/OPERATOR_RUNBOOK.md — Incident triage and recovery steps for dependencies, scheduler/webhooks, blob, LLM/extraction, reviews, and MCP
docs/UI_UX_PLATFORM_CORE_ROADMAP.md — UI/UX migration plan for moving reusable components into common-platform core UI while keeping a thin NoteLett adapter