@jaimevalasek/aioson 1.30.0 → 1.30.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +18 -0
- package/docs/design-previews/cognitive-core-ui-auth.html +95 -0
- package/docs/design-previews/cognitive-core-ui-kanban.html +231 -0
- package/docs/design-previews/cognitive-core-ui-list-detail.html +174 -0
- package/docs/design-previews/cognitive-core-ui-preview.css +1315 -0
- package/docs/design-previews/cognitive-core-ui-settings.html +142 -0
- package/docs/design-previews/cognitive-core-ui-website.html +190 -1009
- package/docs/design-previews/cognitive-core-ui.html +281 -463
- package/docs/design-previews/index.html +83 -31
- package/package.json +1 -1
- package/src/constants.js +578 -514
- package/template/.aioson/docs/integrations/dashboard-app-form-publish-mapping.md +183 -0
- package/template/.aioson/docs/play/README.md +74 -0
- package/template/.aioson/docs/play/agent-usage-guide.md +112 -0
- package/template/.aioson/docs/play/app-compatibility-guide.md +117 -0
- package/template/.aioson/docs/play/auth-services-and-testing.md +235 -0
- package/template/.aioson/docs/play/llm-data-and-bindings.md +238 -0
- package/template/.aioson/docs/play/manifest-and-runtime.md +267 -0
- package/template/.aioson/docs/play/source-map.md +104 -0
- package/template/.aioson/skills/design/aurora-command-ui/SKILL.md +266 -243
- package/template/.aioson/skills/design/aurora-command-ui/references/art-direction.md +293 -293
- package/template/.aioson/skills/design/aurora-command-ui/references/components.md +827 -827
- package/template/.aioson/skills/design/aurora-command-ui/references/dashboards.md +250 -250
- package/template/.aioson/skills/design/aurora-command-ui/references/design-tokens.md +585 -585
- package/template/.aioson/skills/design/aurora-command-ui/references/motion.md +365 -365
- package/template/.aioson/skills/design/aurora-command-ui/references/patterns.md +485 -482
- package/template/.aioson/skills/design/aurora-command-ui/references/websites.md +386 -387
- package/template/.aioson/skills/design/bold-editorial-ui/SKILL.md +228 -205
- package/template/.aioson/skills/design/bold-editorial-ui/references/art-direction.md +338 -338
- package/template/.aioson/skills/design/bold-editorial-ui/references/components.md +977 -977
- package/template/.aioson/skills/design/bold-editorial-ui/references/dashboards.md +218 -218
- package/template/.aioson/skills/design/bold-editorial-ui/references/design-tokens.md +326 -326
- package/template/.aioson/skills/design/bold-editorial-ui/references/motion.md +461 -461
- package/template/.aioson/skills/design/bold-editorial-ui/references/patterns.md +293 -293
- package/template/.aioson/skills/design/bold-editorial-ui/references/websites.md +352 -352
- package/template/.aioson/skills/design/clean-saas-ui/SKILL.md +233 -210
- package/template/.aioson/skills/design/clean-saas-ui/references/art-direction.md +319 -319
- package/template/.aioson/skills/design/clean-saas-ui/references/components.md +365 -365
- package/template/.aioson/skills/design/clean-saas-ui/references/dashboards.md +196 -196
- package/template/.aioson/skills/design/clean-saas-ui/references/design-tokens.md +244 -244
- package/template/.aioson/skills/design/clean-saas-ui/references/motion.md +235 -235
- package/template/.aioson/skills/design/clean-saas-ui/references/patterns.md +215 -215
- package/template/.aioson/skills/design/clean-saas-ui/references/websites.md +295 -295
- package/template/.aioson/skills/design/cognitive-core-ui/SKILL.md +239 -203
- package/template/.aioson/skills/design/cognitive-core-ui/references/art-direction.md +339 -339
- package/template/.aioson/skills/design/cognitive-core-ui/references/components.md +417 -407
- package/template/.aioson/skills/design/cognitive-core-ui/references/dashboards.md +289 -272
- package/template/.aioson/skills/design/cognitive-core-ui/references/design-tokens.md +525 -524
- package/template/.aioson/skills/design/cognitive-core-ui/references/motion.md +279 -279
- package/template/.aioson/skills/design/cognitive-core-ui/references/patterns.md +355 -289
- package/template/.aioson/skills/design/cognitive-core-ui/references/websites.md +443 -437
- package/template/.aioson/skills/design/glassmorphism-ui/SKILL.md +245 -222
- package/template/.aioson/skills/design/glassmorphism-ui/references/art-direction.md +159 -159
- package/template/.aioson/skills/design/glassmorphism-ui/references/components.md +498 -498
- package/template/.aioson/skills/design/glassmorphism-ui/references/dashboards.md +236 -236
- package/template/.aioson/skills/design/glassmorphism-ui/references/design-tokens.md +274 -274
- package/template/.aioson/skills/design/glassmorphism-ui/references/motion.md +355 -355
- package/template/.aioson/skills/design/glassmorphism-ui/references/patterns.md +198 -198
- package/template/.aioson/skills/design/glassmorphism-ui/references/websites.md +307 -307
- package/template/.aioson/skills/design/interface-design/SKILL.md +68 -47
- package/template/.aioson/skills/design/interface-design/references/components-and-states.md +105 -105
- package/template/.aioson/skills/design/interface-design/references/design-directions.md +101 -101
- package/template/.aioson/skills/design/interface-design/references/handoff-and-quality.md +92 -71
- package/template/.aioson/skills/design/interface-design/references/intent-and-domain.md +74 -74
- package/template/.aioson/skills/design/interface-design/references/tokens-and-depth.md +173 -173
- package/template/.aioson/skills/design/neo-brutalist-ui/SKILL.md +236 -213
- package/template/.aioson/skills/design/neo-brutalist-ui/references/art-direction.md +228 -228
- package/template/.aioson/skills/design/neo-brutalist-ui/references/components.md +855 -855
- package/template/.aioson/skills/design/neo-brutalist-ui/references/dashboards.md +334 -334
- package/template/.aioson/skills/design/neo-brutalist-ui/references/design-tokens.md +342 -342
- package/template/.aioson/skills/design/neo-brutalist-ui/references/motion.md +286 -286
- package/template/.aioson/skills/design/neo-brutalist-ui/references/patterns.md +458 -458
- package/template/.aioson/skills/design/neo-brutalist-ui/references/websites.md +723 -723
- package/template/.aioson/skills/design/premium-command-center-ui/SKILL.md +83 -62
- package/template/.aioson/skills/design/premium-command-center-ui/references/operations.md +74 -74
- package/template/.aioson/skills/design/premium-command-center-ui/references/patterns.md +116 -116
- package/template/.aioson/skills/design/premium-command-center-ui/references/validation.md +47 -47
- package/template/.aioson/skills/design/premium-command-center-ui/references/visual-system.md +215 -215
- package/template/.aioson/skills/design/pt.squarespace.com/.skill-meta.json +31 -31
- package/template/.aioson/skills/design/pt.squarespace.com/SKILL.md +94 -66
- package/template/.aioson/skills/design/pt.squarespace.com/references/components.md +366 -366
- package/template/.aioson/skills/design/pt.squarespace.com/references/design-tokens.md +150 -150
- package/template/.aioson/skills/design/pt.squarespace.com/references/motion.md +270 -270
- package/template/.aioson/skills/design/pt.squarespace.com/references/patterns.md +189 -189
- package/template/.aioson/skills/design/pt.squarespace.com/references/websites.md +161 -161
- package/template/.aioson/skills/design/warm-craft-ui/SKILL.md +232 -209
- package/template/.aioson/skills/design/warm-craft-ui/references/art-direction.md +324 -324
- package/template/.aioson/skills/design/warm-craft-ui/references/components.md +508 -508
- package/template/.aioson/skills/design/warm-craft-ui/references/dashboards.md +223 -223
- package/template/.aioson/skills/design/warm-craft-ui/references/design-tokens.md +374 -374
- package/template/.aioson/skills/design/warm-craft-ui/references/motion.md +356 -356
- package/template/.aioson/skills/design/warm-craft-ui/references/patterns.md +288 -288
- package/template/.aioson/skills/design/warm-craft-ui/references/websites.md +289 -289
|
@@ -0,0 +1,235 @@
|
|
|
1
|
+
---
|
|
2
|
+
description: "AIOSON Play auth, cloud owner token, local operator auth, Play Services, requires_services, dev-link, symlink installs, and smoke testing."
|
|
3
|
+
scope: "global"
|
|
4
|
+
agents: [dev, deyvin, architect, qa, tester, pentester]
|
|
5
|
+
task_types: [aioson-play-app, auth, service-integration, testing]
|
|
6
|
+
triggers: [aioson-auth, AIOSON_COM_TOKEN, requires_services, service.json, dev-link, Play Services, smoke test]
|
|
7
|
+
---
|
|
8
|
+
|
|
9
|
+
# Auth, Services, And Testing
|
|
10
|
+
|
|
11
|
+
## Auth systems
|
|
12
|
+
|
|
13
|
+
AIOSON Play has two different auth surfaces:
|
|
14
|
+
|
|
15
|
+
| Surface | Purpose | App receives |
|
|
16
|
+
|---|---|---|
|
|
17
|
+
| `aioson.com` cloud auth | Owner identity, trial, billing, license/status | `AIOSON_COM_TOKEN` |
|
|
18
|
+
| `aioson-auth` Play Service | Local operators, login, RBAC, permissions | service URL and binding id |
|
|
19
|
+
|
|
20
|
+
Do not mix them.
|
|
21
|
+
|
|
22
|
+
Use `aioson.com` when the app needs subscription/trial/license state.
|
|
23
|
+
Use `aioson-auth` when the app needs operators, roles, permissions, 2FA, or local RBAC.
|
|
24
|
+
|
|
25
|
+
## Cloud owner/trial auth
|
|
26
|
+
|
|
27
|
+
When the owner is logged into AIOSON Play, Play can inject:
|
|
28
|
+
|
|
29
|
+
```text
|
|
30
|
+
AIOSON_COM_TOKEN=<bearer token>
|
|
31
|
+
```
|
|
32
|
+
|
|
33
|
+
The app should read it on backend startup and persist it in local settings if needed. If absent, the app should fall back to manual login or a disconnected state.
|
|
34
|
+
|
|
35
|
+
Do not call `https://aioson.com` directly from browser code with this token. Use backend proxy routes.
|
|
36
|
+
|
|
37
|
+
Recommended backend proxy routes:
|
|
38
|
+
|
|
39
|
+
| App route | Purpose |
|
|
40
|
+
|---|---|
|
|
41
|
+
| `GET /api/aioson/connection` | Check local token state |
|
|
42
|
+
| `GET /api/aioson/status?projectId={id}` | Proxy app subscription/trial status |
|
|
43
|
+
| `POST /api/aioson/login` | Manual cloud login fallback |
|
|
44
|
+
| `DELETE /api/aioson/logout` | Clear local token |
|
|
45
|
+
|
|
46
|
+
Cloud endpoints the backend may call:
|
|
47
|
+
|
|
48
|
+
| Endpoint | Purpose |
|
|
49
|
+
|---|---|
|
|
50
|
+
| `POST /api/app-auth/token` | Manual token acquisition |
|
|
51
|
+
| `POST /api/apps/{slug}/install` | Idempotent install/trial registration |
|
|
52
|
+
| `GET /api/apps/{slug}/status?projectId={id}` | Subscription/trial status |
|
|
53
|
+
|
|
54
|
+
## Local operator auth and RBAC
|
|
55
|
+
|
|
56
|
+
For operator login and RBAC, depend on `aioson-auth`:
|
|
57
|
+
|
|
58
|
+
```json
|
|
59
|
+
{
|
|
60
|
+
"requires_services": ["aioson-auth"],
|
|
61
|
+
"auth": {
|
|
62
|
+
"version": 1,
|
|
63
|
+
"permissions": ["orders:read", "orders:create"],
|
|
64
|
+
"policies": [
|
|
65
|
+
{ "id": "page:orders", "kind": "route", "path": "/orders", "requires": ["orders:read"] }
|
|
66
|
+
]
|
|
67
|
+
}
|
|
68
|
+
}
|
|
69
|
+
```
|
|
70
|
+
|
|
71
|
+
`auth.permissions[]` is the app-owned permission catalog. Play syncs it through
|
|
72
|
+
the owner-only app inventory; `aioson-auth` registers it on the existing binding
|
|
73
|
+
so the admin can assign permissions to global roles. Do not rely on Auth scanning
|
|
74
|
+
app source code.
|
|
75
|
+
|
|
76
|
+
Use `@aioson/auth-sdk` as the client layer when available. Avoid handwritten calls to auth endpoints unless the SDK cannot cover the specific case.
|
|
77
|
+
|
|
78
|
+
Env vars Play injects for auth (only these exist):
|
|
79
|
+
|
|
80
|
+
```text
|
|
81
|
+
VITE_AIOSON_AUTH_URL=http://localhost:3001
|
|
82
|
+
VITE_AIOSON_AUTH_BINDING_ID=<binding-id>
|
|
83
|
+
```
|
|
84
|
+
|
|
85
|
+
Play injects only the `VITE_`-prefixed auth vars. There is no `AIOSON_AUTH_URL` or `AIOSON_AUTH_BINDING_ID` without the prefix — do not read those, they will be `undefined`. Backend Node code reads the same injected vars through `process.env.VITE_AIOSON_AUTH_URL` and `process.env.VITE_AIOSON_AUTH_BINDING_ID`; the `VITE_` prefix does not stop Node from reading them at runtime. The app slug is the only auth-relevant value injected in both forms: `AIOSON_APP_SLUG` and `VITE_AIOSON_APP_SLUG`.
|
|
86
|
+
|
|
87
|
+
Bearer header is preferred for auth calls:
|
|
88
|
+
|
|
89
|
+
```http
|
|
90
|
+
Authorization: Bearer <jwt>
|
|
91
|
+
```
|
|
92
|
+
|
|
93
|
+
Legacy `?token=` may still work in older paths, but new app code should prefer Bearer.
|
|
94
|
+
|
|
95
|
+
Current implemented auth expectations from the Play docs:
|
|
96
|
+
|
|
97
|
+
- JWT can include `binding_id` and `permissions`.
|
|
98
|
+
- App permissions are declared in `manifest.json` `auth.permissions[]` and implemented by the app with SDK gates.
|
|
99
|
+
- `/me/permissions` exists in `aioson-auth`.
|
|
100
|
+
- `@aioson/auth-sdk` MVP exists.
|
|
101
|
+
- Operator SSO token injection from Play keyring is planned in docs, not safe to rely on unless the local code confirms it.
|
|
102
|
+
|
|
103
|
+
## Owner bypass
|
|
104
|
+
|
|
105
|
+
Some flows allow owner-implicit behavior through the owner cloud identity. Do not use that as a replacement for operator RBAC when the app has real multi-user operator roles.
|
|
106
|
+
|
|
107
|
+
## Play Services
|
|
108
|
+
|
|
109
|
+
A Play Service is infrastructure, not an app webview.
|
|
110
|
+
|
|
111
|
+
Service shape:
|
|
112
|
+
|
|
113
|
+
```text
|
|
114
|
+
service/
|
|
115
|
+
service.json
|
|
116
|
+
package.json
|
|
117
|
+
dist/
|
|
118
|
+
```
|
|
119
|
+
|
|
120
|
+
`service.json`:
|
|
121
|
+
|
|
122
|
+
```json
|
|
123
|
+
{
|
|
124
|
+
"slug": "aioson-auth",
|
|
125
|
+
"name": "AIOSON Auth",
|
|
126
|
+
"version": "1.0.0",
|
|
127
|
+
"description": "Servico de autenticacao para apps do AIOSON Play.",
|
|
128
|
+
"port": 3001,
|
|
129
|
+
"autostart": true,
|
|
130
|
+
"dev_command": "node dist/server.js",
|
|
131
|
+
"health_check": "/health"
|
|
132
|
+
}
|
|
133
|
+
```
|
|
134
|
+
|
|
135
|
+
Rules:
|
|
136
|
+
|
|
137
|
+
- Use ports in `3001-3099`.
|
|
138
|
+
- Read `process.env.PORT` in the service.
|
|
139
|
+
- Implement `GET /health`.
|
|
140
|
+
- Configure CORS for localhost app origins.
|
|
141
|
+
- Do not depend on Tauri APIs inside a Play Service.
|
|
142
|
+
- Build to `dist/` before publishing or local symlink service testing.
|
|
143
|
+
|
|
144
|
+
## Dev-link install
|
|
145
|
+
|
|
146
|
+
Use dev-link for active app development:
|
|
147
|
+
|
|
148
|
+
```text
|
|
149
|
+
AIOSON Play -> Instalar App -> Linkar pasta (dev) -> select app folder with manifest.json
|
|
150
|
+
```
|
|
151
|
+
|
|
152
|
+
Dev-link creates a symlink from Play's app data directory to the source folder. It allows fast iteration, but it is not a production publish validation.
|
|
153
|
+
|
|
154
|
+
Windows note: symlink creation normally needs Developer Mode enabled or elevated privileges.
|
|
155
|
+
|
|
156
|
+
When `manifest.json` changes during dev-link, stop and reopen the app in Play to force manifest reload.
|
|
157
|
+
|
|
158
|
+
## Local symlink layout
|
|
159
|
+
|
|
160
|
+
Common Play data locations:
|
|
161
|
+
|
|
162
|
+
```text
|
|
163
|
+
Windows: %LOCALAPPDATA%\com.aioson.play\
|
|
164
|
+
Linux: ~/.local/share/com.aioson.play/
|
|
165
|
+
```
|
|
166
|
+
|
|
167
|
+
Inside:
|
|
168
|
+
|
|
169
|
+
```text
|
|
170
|
+
apps/{slug}/
|
|
171
|
+
services/{slug}/
|
|
172
|
+
```
|
|
173
|
+
|
|
174
|
+
For manual local testing, symlink app or service folders there. Prefer the Play UI dev-link flow when available.
|
|
175
|
+
|
|
176
|
+
## Testing an app
|
|
177
|
+
|
|
178
|
+
Standalone smoke:
|
|
179
|
+
|
|
180
|
+
```bash
|
|
181
|
+
PORT=3399 pnpm dev
|
|
182
|
+
curl http://localhost:3399/api/health
|
|
183
|
+
curl http://localhost:3399/api/aioson-play
|
|
184
|
+
```
|
|
185
|
+
|
|
186
|
+
Play smoke:
|
|
187
|
+
|
|
188
|
+
```text
|
|
189
|
+
1. Start AIOSON Play.
|
|
190
|
+
2. Dev-link the app folder.
|
|
191
|
+
3. Open the app from the Play shell.
|
|
192
|
+
4. Confirm badge/running state.
|
|
193
|
+
5. Confirm webview renders.
|
|
194
|
+
6. Confirm ProductBridge calls to :5180 work.
|
|
195
|
+
7. Confirm missing auth/bindings show clear degraded states.
|
|
196
|
+
```
|
|
197
|
+
|
|
198
|
+
Data binding smoke:
|
|
199
|
+
|
|
200
|
+
```bash
|
|
201
|
+
curl http://localhost:5180/api/registry
|
|
202
|
+
curl http://localhost:5180/api/connectors
|
|
203
|
+
curl http://localhost:5180/api/bindings/meu-app
|
|
204
|
+
```
|
|
205
|
+
|
|
206
|
+
Service smoke:
|
|
207
|
+
|
|
208
|
+
```bash
|
|
209
|
+
curl http://localhost:3001/health
|
|
210
|
+
```
|
|
211
|
+
|
|
212
|
+
## QA checklist
|
|
213
|
+
|
|
214
|
+
- [ ] `requires_services` matches actual service use.
|
|
215
|
+
- [ ] Apps using `aioson-auth` declare `auth.permissions[]` in `manifest.json`.
|
|
216
|
+
- [ ] Frontend and backend gates use `@aioson/auth-sdk` or a Bearer-compatible server check for those permissions.
|
|
217
|
+
- [ ] Missing service does not produce a confusing crash.
|
|
218
|
+
- [ ] `AIOSON_COM_TOKEN` is never exposed to frontend code.
|
|
219
|
+
- [ ] Operator auth uses SDK or Bearer-compatible client.
|
|
220
|
+
- [ ] `VITE_AIOSON_AUTH_BINDING_ID` absence is handled.
|
|
221
|
+
- [ ] Service uses `process.env.PORT`.
|
|
222
|
+
- [ ] Service has `/health`.
|
|
223
|
+
- [ ] App dev-link reload was tested after manifest changes.
|
|
224
|
+
- [ ] ProductBridge `:5180` endpoints are called only when Play is running or with a fallback/degraded path.
|
|
225
|
+
|
|
226
|
+
## Source docs
|
|
227
|
+
|
|
228
|
+
Canonical sources:
|
|
229
|
+
|
|
230
|
+
- `app-cloud-auth.md`
|
|
231
|
+
- `auth-integration-gaps.md`
|
|
232
|
+
- `play-service-protocol.md`
|
|
233
|
+
- `dev-link-install.md`
|
|
234
|
+
- `local-dev-testing.md`
|
|
235
|
+
- `platform-architecture.md`
|
|
@@ -0,0 +1,238 @@
|
|
|
1
|
+
---
|
|
2
|
+
description: "How AIOSON Play apps should consume LLM connections, app-owned databases, Data Bindings, Global Connectors, MCPI, REST connectors, MCP tools, and ProductBridge."
|
|
3
|
+
scope: "global"
|
|
4
|
+
agents: [dev, deyvin, architect, analyst, qa, tester]
|
|
5
|
+
task_types: [aioson-play-app, data-integration, llm-integration]
|
|
6
|
+
triggers: [LLM connections, DATABASE_URL, data_bindings, Global Connectors, MCPI, MCP tools, ProductBridge]
|
|
7
|
+
---
|
|
8
|
+
|
|
9
|
+
# LLM, Data, And Bindings
|
|
10
|
+
|
|
11
|
+
## Three separate surfaces
|
|
12
|
+
|
|
13
|
+
Do not mix these:
|
|
14
|
+
|
|
15
|
+
| Surface | Owner | App does |
|
|
16
|
+
|---|---|---|
|
|
17
|
+
| LLM connections | AIOSON Play Settings | Reads injected env vars or metadata and lazy-inits clients |
|
|
18
|
+
| Operational app DB | The app | Reads `DATABASE_URL`, runs migrations, owns data |
|
|
19
|
+
| External/domain data | Play Global Connectors | Declares `data_bindings`, binds aliases, calls ProductBridge |
|
|
20
|
+
|
|
21
|
+
## LLM connections
|
|
22
|
+
|
|
23
|
+
Play manages global LLM connections in Settings:
|
|
24
|
+
|
|
25
|
+
- one API key per provider
|
|
26
|
+
- models validated by operation
|
|
27
|
+
- fallback order by operation
|
|
28
|
+
- capabilities such as vision/audio inferred from validated models
|
|
29
|
+
|
|
30
|
+
Apps should not store Play LLM secrets in repository files or frontend code.
|
|
31
|
+
|
|
32
|
+
Expected app behavior:
|
|
33
|
+
|
|
34
|
+
- Prefer app-local explicit config only when the app intentionally lets the user override provider settings.
|
|
35
|
+
- Otherwise read provider API keys injected by Play during spawn, such as `OPENAI_API_KEY`, `ANTHROPIC_API_KEY`, or `OPENROUTER_API_KEY`.
|
|
36
|
+
- Lazy-initialize LLM clients. Do not instantiate SDK clients at module load, because missing keys can crash the backend before the app can render a degraded state.
|
|
37
|
+
- Treat `llm-chain.json` as metadata/order only when present. It must not contain API keys.
|
|
38
|
+
- Treat `aioson-models.json` or `llm-chain.json` in the app cwd as optional/legacy for installed apps, not the primary credential contract.
|
|
39
|
+
|
|
40
|
+
Recommended lazy pattern:
|
|
41
|
+
|
|
42
|
+
```ts
|
|
43
|
+
let client: OpenAI | null = null;
|
|
44
|
+
|
|
45
|
+
function getOpenAiClient() {
|
|
46
|
+
const apiKey = process.env.OPENAI_API_KEY;
|
|
47
|
+
if (!apiKey) return null;
|
|
48
|
+
client ??= new OpenAI({ apiKey });
|
|
49
|
+
return client;
|
|
50
|
+
}
|
|
51
|
+
```
|
|
52
|
+
|
|
53
|
+
Supported operation names in current Play docs include:
|
|
54
|
+
|
|
55
|
+
- `text_generation`
|
|
56
|
+
- `code_generation`
|
|
57
|
+
- `image_understanding`
|
|
58
|
+
- `image_generation`
|
|
59
|
+
- `video_understanding`
|
|
60
|
+
- `video_generation`
|
|
61
|
+
- `speech_to_text`
|
|
62
|
+
- `text_to_speech`
|
|
63
|
+
- `audio_understanding`
|
|
64
|
+
- `realtime_voice`
|
|
65
|
+
|
|
66
|
+
## Operational database of the app
|
|
67
|
+
|
|
68
|
+
The app owns its own operational database. Play does not provide a shared app database.
|
|
69
|
+
|
|
70
|
+
Default recommendation:
|
|
71
|
+
|
|
72
|
+
- SQLite with WAL mode for most local-first apps.
|
|
73
|
+
- Read `DATABASE_URL` from env with fallback to `app-config.yaml`.
|
|
74
|
+
- Declare supported drivers from day 1 even if only SQLite is used.
|
|
75
|
+
|
|
76
|
+
`app-config.yaml` pattern:
|
|
77
|
+
|
|
78
|
+
```yaml
|
|
79
|
+
database:
|
|
80
|
+
default_url: "sqlite://./data/app.db?mode=rwc"
|
|
81
|
+
supported_drivers: ["sqlite", "postgres"]
|
|
82
|
+
sqlite_pragmas:
|
|
83
|
+
journal_mode: "WAL"
|
|
84
|
+
synchronous: "NORMAL"
|
|
85
|
+
busy_timeout: 5000
|
|
86
|
+
```
|
|
87
|
+
|
|
88
|
+
App code pattern:
|
|
89
|
+
|
|
90
|
+
```ts
|
|
91
|
+
const url = process.env.DATABASE_URL ?? config.database.default_url;
|
|
92
|
+
const driver = url.startsWith("postgres://") ? "postgres" : "sqlite";
|
|
93
|
+
const db = await connect(url, driver);
|
|
94
|
+
|
|
95
|
+
if (driver === "sqlite") {
|
|
96
|
+
await db.exec("PRAGMA journal_mode=WAL");
|
|
97
|
+
await db.exec("PRAGMA synchronous=NORMAL");
|
|
98
|
+
await db.exec("PRAGMA busy_timeout=5000");
|
|
99
|
+
}
|
|
100
|
+
```
|
|
101
|
+
|
|
102
|
+
Only move beyond SQLite when there is an objective need, such as:
|
|
103
|
+
|
|
104
|
+
- persistent `SQLITE_BUSY` after WAL and `busy_timeout`
|
|
105
|
+
- `pgvector`
|
|
106
|
+
- serious JSONB indexing
|
|
107
|
+
- full-text ranking beyond SQLite FTS5
|
|
108
|
+
- multiple app processes writing to the same database
|
|
109
|
+
- pre-existing customer Postgres infrastructure
|
|
110
|
+
- multi-device sync or online-first architecture
|
|
111
|
+
|
|
112
|
+
## External data through Data Bindings
|
|
113
|
+
|
|
114
|
+
External domain data belongs to Play Global Connectors, not to app-specific connection UIs.
|
|
115
|
+
|
|
116
|
+
The app declares slots in `app-config.yaml`:
|
|
117
|
+
|
|
118
|
+
```yaml
|
|
119
|
+
data_bindings:
|
|
120
|
+
- id: "busca-produtos"
|
|
121
|
+
description: "Busca produtos no catalogo por nome ou principio ativo"
|
|
122
|
+
accepted_types: ["mcpi", "api", "mcp"]
|
|
123
|
+
required_params:
|
|
124
|
+
- "search"
|
|
125
|
+
|
|
126
|
+
- id: "webhook-pedido"
|
|
127
|
+
description: "Notifica sistema externo quando um pedido e confirmado"
|
|
128
|
+
accepted_types: ["api"]
|
|
129
|
+
required_params:
|
|
130
|
+
- "pedido_json"
|
|
131
|
+
```
|
|
132
|
+
|
|
133
|
+
Fields:
|
|
134
|
+
|
|
135
|
+
| Field | Meaning |
|
|
136
|
+
|---|---|
|
|
137
|
+
| `id` | Slot slug. Also the binding alias. Prefer kebab-case. |
|
|
138
|
+
| `description` | Human-readable text for the app/admin UI. |
|
|
139
|
+
| `accepted_types` | Canonical array: `mcpi`, `api`, `mcp`. |
|
|
140
|
+
| `required_params` | Placeholder names expected by the connector. |
|
|
141
|
+
|
|
142
|
+
`expected_type` is legacy. Prefer `accepted_types` in new apps.
|
|
143
|
+
|
|
144
|
+
## What Play owns
|
|
145
|
+
|
|
146
|
+
Play Settings owns:
|
|
147
|
+
|
|
148
|
+
- Database Connections
|
|
149
|
+
- Data Connectors
|
|
150
|
+
- credential/keyring storage for connector auth
|
|
151
|
+
- connector validation status
|
|
152
|
+
- global admin view of App Data Sources
|
|
153
|
+
|
|
154
|
+
For MCPI connectors, only validated Database Connections should be selectable when the driver supports validation.
|
|
155
|
+
|
|
156
|
+
## What the app owns
|
|
157
|
+
|
|
158
|
+
The app should expose a "Fontes de Dados" or equivalent in-app view when it has `data_bindings`.
|
|
159
|
+
|
|
160
|
+
The app consumes ProductBridge:
|
|
161
|
+
|
|
162
|
+
```ts
|
|
163
|
+
const PLAY_BASE = import.meta.env.VITE_AIOSON_PLAY_URL || "http://localhost:5180";
|
|
164
|
+
const APP_SLUG = import.meta.env.VITE_AIOSON_APP_SLUG || "meu-app";
|
|
165
|
+
|
|
166
|
+
const connectors = await fetch(`${PLAY_BASE}/api/connectors?type=mcpi`).then(r => r.json());
|
|
167
|
+
const bindings = await fetch(`${PLAY_BASE}/api/bindings/${APP_SLUG}`).then(r => r.json());
|
|
168
|
+
|
|
169
|
+
await fetch(`${PLAY_BASE}/api/bindings/${APP_SLUG}`, {
|
|
170
|
+
method: "POST",
|
|
171
|
+
headers: { "Content-Type": "application/json" },
|
|
172
|
+
body: JSON.stringify({
|
|
173
|
+
connector_id: "<uuid-do-connector>",
|
|
174
|
+
alias: "busca-produtos"
|
|
175
|
+
})
|
|
176
|
+
});
|
|
177
|
+
```
|
|
178
|
+
|
|
179
|
+
## Executing connectors
|
|
180
|
+
|
|
181
|
+
After binding, execute through ProductBridge by alias:
|
|
182
|
+
|
|
183
|
+
```http
|
|
184
|
+
POST http://localhost:5180/api/mcp/execute
|
|
185
|
+
Content-Type: application/json
|
|
186
|
+
|
|
187
|
+
{
|
|
188
|
+
"alias": "busca-produtos",
|
|
189
|
+
"params": {
|
|
190
|
+
"search": "dipirona"
|
|
191
|
+
}
|
|
192
|
+
}
|
|
193
|
+
```
|
|
194
|
+
|
|
195
|
+
The alias must match both:
|
|
196
|
+
|
|
197
|
+
- `data_bindings[].id`
|
|
198
|
+
- the active binding alias
|
|
199
|
+
|
|
200
|
+
## Degraded state
|
|
201
|
+
|
|
202
|
+
If a declared binding is absent:
|
|
203
|
+
|
|
204
|
+
- Do not crash.
|
|
205
|
+
- Show a clear degraded state.
|
|
206
|
+
- Link the user to the app's data-source binding UI when possible.
|
|
207
|
+
- For non-optional connectors, block only the affected workflow, not the whole app unless the app cannot function.
|
|
208
|
+
|
|
209
|
+
Boot check:
|
|
210
|
+
|
|
211
|
+
```ts
|
|
212
|
+
async function getMissingBindings(appSlug: string) {
|
|
213
|
+
const playBase = import.meta.env.VITE_AIOSON_PLAY_URL || "http://localhost:5180";
|
|
214
|
+
const bindings = await fetch(`${playBase}/api/bindings/${appSlug}`).then(r => r.json());
|
|
215
|
+
const activeAliases = new Set(bindings.map((b: { alias: string }) => b.alias));
|
|
216
|
+
return declaredBindings.filter(binding => !activeAliases.has(binding.id));
|
|
217
|
+
}
|
|
218
|
+
```
|
|
219
|
+
|
|
220
|
+
## LLM tool injection
|
|
221
|
+
|
|
222
|
+
Global Connectors are only useful to the LLM after they are bound to the app. Play can generate tool metadata from bindings, and the sidecar/orchestrator can use it in LLM payloads.
|
|
223
|
+
|
|
224
|
+
Agent rule:
|
|
225
|
+
|
|
226
|
+
- Keep connector names and descriptions accurate.
|
|
227
|
+
- Do not advertise tools/endpoints that are not implemented.
|
|
228
|
+
- Use prepared statements or connector-side parameterization for MCPI. The LLM must not assemble raw SQL.
|
|
229
|
+
|
|
230
|
+
## Source docs
|
|
231
|
+
|
|
232
|
+
Canonical sources:
|
|
233
|
+
|
|
234
|
+
- `app-data-bindings.md`
|
|
235
|
+
- `app-database-choice.md`
|
|
236
|
+
- `integration-manual.md`
|
|
237
|
+
- `ai-app-integration.md`
|
|
238
|
+
- `platform-architecture.md`
|