Go to file

saravanakumardb1 82ce90f91d docs(roadmap): mark sprints 3-6 complete; record post-Sprint-B UI migration Sprint 3 (UI5), Sprint 4 (UI6), Sprint 5 (UI7+UI8), Sprint 6 (production hardening) are all now substantially complete as of May 23, 2026. NEXT_SPRINT_ROADMAP.md: - Sprint 3 UI5 marked complete with commit hashes `9c65899`, `30a30ce`, `2408f43`. - Sprint 4 UI6 marked complete with commit `8d484c3`. - Sprint 5 UI7+UI8 marked complete with commits `2408f43`, `3288e28`, `0c982de`. - Sprint 6 production hardening verified item-by-item: backend config fail-closed: already enforced via lib/config.ts superRefine. backend logging clean: grep returns zero matches outside tests. CI mobile + web E2E + Docker build: jobs already wired. Docker compose smoke: scripts/e2e-docker-test.sh validated locally. Shared service smoke: backend+web verified at :3050/:4016 with sibling platform-service (4003), extraction-service (4005), mcp-server (4007). Only stale doc cleanup remains as deferred non-blocking work. PRODUCTION_READINESS_HANDOFF_ROADMAP.md: - Replaced Sprint-A 'Docker compose smoke deferred' note with verified status: Dockerfile corporate-proxy workarounds added, override pins sibling-service URLs and aligns JWT secret, e2e-docker-test.sh exercises full login/CORS/CRUD lifecycle. - Added 'Post-Sprint-B UI Migration' section documenting the four UI ratchet category counts (legacy/colors/imports all 0; raw controls 14 intentional) and the UI drift ratchet as the canonical CI gate. No code changes.		2026-05-23 02:04:09 -07:00
.gitea/workflows	ci: fix YAML formatting — normalize blank lines	2026-03-29 11:04:16 -07:00
.github	feat(web/ui8): remove legacy global classes + tighten audit regex + lock CI gate	2026-05-23 01:55:36 -07:00
.husky	chore: add Husky pre-commit hooks + secret-scan scripts	2026-03-27 23:07:30 -07:00
backend	test(e2e): docker compose E2E test + seed scripts + 9-step verification	2026-05-23 01:16:19 -07:00
docs	docs(roadmap): mark sprints 3-6 complete; record post-Sprint-B UI migration	2026-05-23 02:04:09 -07:00
mobile	test(mobile): verify platform lifecycle clients	2026-05-05 13:02:14 -07:00
scripts	feat(web/ui8): remove legacy global classes + tighten audit regex + lock CI gate	2026-05-23 01:55:36 -07:00
shared	fix: normalize product.json + replace --ml-* with --nl-* CSS namespace	2026-03-21 20:20:40 -07:00
web	feat(web/ui8): remove legacy global classes + tighten audit regex + lock CI gate	2026-05-23 01:55:36 -07:00
.aider.conf.yml	chore(docs): regenerate AI agent config files	2026-03-10 22:56:39 -07:00
.clinerules	chore(docs): regenerate AI agent config files	2026-03-10 22:56:39 -07:00
.cursorrules	chore(docs): regenerate AI agent config files	2026-03-10 22:56:39 -07:00
.dockerignore	feat(repo): migrate notelett workspace to pnpm	2026-03-22 15:50:54 -07:00
.editorconfig	chore(docs): regenerate AI agent config files	2026-03-10 22:56:39 -07:00
.gitignore	chore: gitignore .docker-deps/ directory	2026-04-13 14:36:43 -07:00
.npmrc	feat(ux): add UX testing setup guide and common platform integration	2026-05-09 22:09:43 +00:00
.npmrc.docker	fix: Update docker configuration for production deployment	2026-05-12 08:20:12 +00:00
.nvmrc	chore: add .nvmrc pinning Node 22	2026-03-29 10:48:30 -07:00
.pnpmfile.cjs	fix(workspace): canonicalize common-plat path to ../learning_ai_common_plat	2026-05-22 15:08:30 -07:00
.windsurfrules	chore(docs): regenerate AI agent config files	2026-03-10 22:56:39 -07:00
AGENTS.md	docs(cleanup): move historical roadmaps to docs/archive/ and update AGENTS.md	2026-05-22 23:23:50 -07:00
CLAUDE.md	feat(repo): migrate notelett workspace to pnpm	2026-03-22 15:50:54 -07:00
docker-compose.override.yml	test(e2e): docker compose E2E test + seed scripts + 9-step verification	2026-05-23 01:16:19 -07:00
docker-compose.yml	fix: Update docker configuration for production deployment	2026-05-12 08:20:12 +00:00
package.json	test(e2e): docker compose E2E test + seed scripts + 9-step verification	2026-05-23 01:16:19 -07:00
pnpm-lock.yaml	test(e2e): fix 4 pre-existing E2E failures and make port-conflict-proof	2026-05-23 00:50:29 -07:00
pnpm-workspace.yaml	fix(workspace): canonicalize common-plat path to ../learning_ai_common_plat	2026-05-22 15:08:30 -07:00
README.md	docs(sprint-a): record build restoration and refreshed sprint plan	2026-05-22 15:08:42 -07:00

README.md

NoteLett

Structured notes platform for humans and AI agents — part of the ByteLyst ecosystem.

Quick Start

Prerequisites:

pnpm 10.6.5
sibling common-platform checkout at ../learning_ai_common_plat (override with BYTELYST_COMMON_PLAT_ROOT if your layout differs)
optional local ByteLyst services from common platform:
- platform-service on port 4003 for auth, flags, telemetry, diagnostics, billing, and blob
- extraction-service on port 4005 for URL/task extraction
- mcp-server on port 4007 for agent tooling

# Install against the local common-platform workspace packages.
pnpm run install:common-plat --frozen-lockfile

# Registry fallback when explicitly needed.
source ~/.zshrc
pnpm run install:gitea --frozen-lockfile

# Backend in local memory mode (port 4016)
DB_PROVIDER=memory JWT_SECRET=dev-secret-do-not-use-in-prod \
pnpm --filter @notelett/backend run dev

# Web (port 3000)
pnpm --filter @notelett/web run dev

# Mobile
pnpm --filter @notelett/mobile run start

Auth is expected to come from platform-service. Local development can use the repo's dev/test helpers and memory datastore, but production must use real platform auth, Cosmos, and encryption configuration.

Docker path:

docker compose build
docker compose up -d
curl -sf http://localhost:4016/health
curl -sf http://localhost:4016/api/bootstrap

Local production-readiness smoke:

pnpm run smoke:local

# Use an already-running backend or skip shared service checks when isolating product behavior.
SMOKE_START_BACKEND=0 pnpm run smoke:local -- --no-start
pnpm run smoke:local -- --skip-platform

# Docker compose build/start/health smoke
pnpm run smoke:compose

Architecture

Surface	Stack	Port
Backend	Fastify 5 + TypeScript ESM	4016
Web	Next.js 16 + React 19	3000
Mobile	Expo + React Native	8081
Platform	platform-service (shared)	4003
Extraction	extraction-service (shared)	4005
MCP	mcp-server (shared)	4007

Architecture Boundaries

NoteLett keeps product-local domain behavior in this repo: note/workspace CRUD, relationships, tasks, artifacts, agent action audit trails, saved views, prompt templates/runners, intake rules/jobs, note sharing/collaboration, version history, Palace memory/KG UX, and all NoteLett-specific web/mobile workflows.

Common-platform responsibilities come from ../learning_ai/learning_ai_common_plat: auth/session primitives, API clients, datastore/Cosmos abstractions, shared error/config/logging conventions, telemetry, diagnostics, feature flags, kill switch, blob access, extraction-service clients, design tokens, shared UI primitives where appropriate, MCP server integration, webhook dispatch, encryption helpers, and cross-repo automation scripts.

Package resolution defaults to local common-platform packages through .pnpmfile.cjs (BYTELYST_PACKAGE_SOURCE=common-plat). Use pnpm run install:common-plat for local development and pnpm run install:gitea only when you intentionally want registry versions. Override the local checkout with BYTELYST_COMMON_PLAT_ROOT=/path/to/learning_ai_common_plat.

Do not move NoteLett-specific notes logic into common platform unless another product has a concrete reuse need. Do not create repo-local substitutes for platform concerns already covered by @bytelyst/* packages or platform services.

Key Features

Backend modules: notes, workspaces, relationships, tasks, artifacts, agent actions, saved views, Smart Actions, intake, collaborators, shares, versions, Palace, and ecosystem import routes
8 MCP tools: list, get, search, create_draft, update, link_notes, extract_tasks, attach_artifact
Smart Actions: 20 built-in prompt templates, copilot text transforms, scheduler, webhooks, URL extraction
Intake and Palace: URL/text intake jobs, intake rules, MemPalace memory/search/KG/wake-up routes
Agent audit trail: every write tool records agent action history
Datastore abstraction: Cosmos DB in production, in-memory for tests
Platform integrations: auth (JWT), telemetry, diagnostics, feature flags, kill-switch, blob storage
LLM integration: @bytelyst/llm with retry, timeout, and fallback heuristics

Environment

Copy backend/.env.example to backend/.env and web/.env.example to web/.env.local as needed.

Local memory mode:

NODE_ENV=development
DB_PROVIDER=memory
JWT_SECRET=dev-secret-do-not-use-in-prod
LLM_PROVIDER=mock
shared service URLs can point at local common-platform ports or remain disabled for isolated backend tests

Production requirements:

NODE_ENV=production
strong JWT_SECRET shared with platform-service or the production auth verification mechanism
DB_PROVIDER=cosmos
COSMOS_ENDPOINT, COSMOS_KEY, and COSMOS_DATABASE
FIELD_ENCRYPT_ENABLED=true with FIELD_ENCRYPT_KEY_PROVIDER=akv or a managed key provider and required key material
PLATFORM_SERVICE_URL, EXTRACTION_SERVICE_URL, and MCP_SERVER_URL
NEXT_PUBLIC_MCP_SERVER_URL=http://localhost:4007/api for local web settings/agent guidance
TELEMETRY_ENABLED=true and FEATURE_FLAGS_ENABLED=true when platform services are available
LLM_PROVIDER plus provider credentials (OPENAI_API_KEY or Azure OpenAI settings) for non-mock AI behavior

The May 5 production-readiness pass hardened production config to fail closed on unsafe defaults; see docs/PRODUCTION_READINESS_HANDOFF_ROADMAP.md.

Tests

pnpm --filter @notelett/backend run typecheck
pnpm --filter @notelett/backend run test
pnpm --filter @notelett/backend run lint
pnpm --filter @notelett/web run typecheck
pnpm --filter @notelett/web run test
pnpm --filter @notelett/web run lint
pnpm --filter @notelett/web run test:e2e
pnpm --filter @notelett/mobile run typecheck
pnpm --filter @notelett/mobile run test
pnpm --filter @notelett/mobile run lint
pnpm run verify

Current May 5 production-readiness status:

pnpm run verify passes backend/web/mobile typecheck and tests, plus backend/web production builds.
backend, web, and mobile lint commands exit 0 with tracked advisory warnings.
web Playwright release flows pass.
release-guard audits pass common-platform secret scan, hardcoded color/token checks, and active product/API drift checks.
Docker compose smoke and live shared-service smoke are explicit environment deferrals on this host because Docker is unavailable and platform-service/extraction-service/mcp-server are not running with Cosmos credentials.

See docs/PRODUCTION_READINESS_HANDOFF_ROADMAP.md Phase P10 for exact commands, commit hashes, warnings, and deferral notes.

Docs

AGENTS.md — AI agent onboarding guide
docs/PRD.md — Product requirements
docs/ROADMAP.md — Master execution tracker
docs/PRODUCTION_READINESS_HANDOFF_ROADMAP.md — Active production-readiness checklist
docs/PLATFORM_SMOKE_CHECKS.md — Shared platform and NoteLett smoke commands
docs/MOBILE_PRODUCTION_BUILD_AND_SMOKE.md — Expo build notes and iOS/Android smoke checklist
docs/RELEASE_CHECKLIST.md — Release notes template, deploy checklist, rollback, migrations, and monitoring placeholders
docs/COSMOS_DATA_OPERATIONS.md — Cosmos containers, indexes, retention, and backup/restore approach
docs/SEED_BOOTSTRAP_STRATEGY.md — Built-in prompt, intake rule, onboarding workspace, and feature-flag bootstrap strategy
docs/DATA_MIGRATION_AND_BACKFILL_PLAN.md — Encrypted-field, schema-change, and backfill migration plan
docs/TELEMETRY_AND_DIAGNOSTICS_TAXONOMY.md — Event taxonomy and diagnostic breadcrumb contract
docs/OPERATOR_RUNBOOK.md — Incident triage and recovery steps for dependencies, scheduler/webhooks, blob, LLM/extraction, reviews, and MCP
docs/UI_UX_PLATFORM_CORE_ROADMAP.md — UI/UX migration plan for moving reusable components into common-platform core UI while keeping a thin NoteLett adapter