lfg2025/archy
1
0
Fork 0
Code Issues 9 Pull Requests Actions Packages Projects Releases 44 Wiki Activity
archy/loop/prompt.md
Dorian 6623dbc4ab chore: add security pentest reports and remediation plan 
Overnight pentest run produced recon, analysis, exploitation reports,
and a full security assessment. Plan.md updated with 22 prioritized
fix items for auth, SSRF, injection, XSS, and hardening.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-06 03:08:14 +00:00

4.2 KiB
Raw Blame History

You are integrating AIUI (AI chat interface) into Archipelago (Archy) as its Chat mode. Read these files first:

  1. loop/plan.md — Your task checklist (mark items - [x] as you complete them)
  2. CLAUDE.md — Archy project conventions, architecture, coding standards
  3. /Users/dorian/Projects/AIUI/CLAUDE.md — AIUI conventions and Archy integration rules

Architecture Overview

AIUI runs in an iframe at /dashboard/chat. Communication happens via window.postMessage() through a ContextBroker (Archy side) and archyBridge (AIUI side). AIUI is quarantined — it never directly accesses Archy APIs.

AIUI (iframe)  ←→  postMessage  ←→  ContextBroker (Archy)  ←→  Pinia stores / RPC

Key Files — Archy Side

  • neode-ui/src/services/contextBroker.ts — Message handler, permission checks, data fetching/sanitization
  • neode-ui/src/types/aiui-protocol.ts — TypeScript types for postMessage protocol
  • neode-ui/src/stores/aiPermissions.ts — User permission toggles (what AIUI can access)
  • neode-ui/src/views/Chat.vue — Iframe container with close button
  • neode-ui/src/views/Settings.vue — AI permissions UI section
  • neode-ui/src/api/rpc-client.ts — Backend RPC endpoints
  • neode-ui/src/api/container-client.ts — Container operations
  • neode-ui/src/stores/app.ts — Main app state (packages, server info, metrics)

Key Files — AIUI Side (read-only reference, AIUI agent handles these)

  • /Users/dorian/Projects/AIUI/packages/app/src/services/archyBridge.ts — AIUI's postMessage client
  • /Users/dorian/Projects/AIUI/packages/app/src/composables/useArchy.ts — Vue composable wrapping archyBridge
  • /Users/dorian/Projects/AIUI/packages/app/src/composables/contentExtraction.ts — Content tag extraction pipeline
  • /Users/dorian/Projects/AIUI/packages/app/src/composables/useContentPanel.ts — Content panel state

Coordination with AIUI Agent

A separate Claude agent is working on the AIUI repo simultaneously. Your job is the Archy side only:

  • Expand the ContextBroker to serve real data for all categories
  • Add new context categories for media, search, and local AI
  • Wire up real store/RPC data instead of placeholders
  • Deploy and test on the live server at 192.168.1.228
  • DO NOT edit files in /Users/dorian/Projects/AIUI/ — the other agent handles that

Content Handshake Protocol

AIUI's content pipeline uses [[tag:data]] syntax in AI responses to surface content. The AI needs context about what's available on the node to generate these tags. The handshake works like this:

  1. AIUI sends context:request with category (e.g., media, apps, files)
  2. Archy's ContextBroker checks permissions, fetches from stores/RPC, sanitizes
  3. Returns data to AIUI which injects it into the AI's system prompt
  4. AI generates responses with appropriate [[film:id]], [[song:id]] tags referencing actual library content
  5. AIUI's content extraction pipeline renders the tagged content in panels

For each task in loop/plan.md:

  1. Find the first unchecked - [ ] item
  2. Read the task description carefully
  3. Read the relevant source files before making changes
  4. Implement following CLAUDE.md conventions (glass styling, TypeScript strict, etc.)
  5. Run cd neode-ui && npm run type-check — fix all errors before continuing
  6. Run cd neode-ui && npm run build — must succeed
  7. Deploy to live server: ./scripts/deploy-to-target.sh --live
  8. Commit: type: description (conventional commits)
  9. Mark it done - [x] in loop/plan.md
  10. Move to the next unchecked task immediately

Rules

  • Never skip a build/typecheck gate — if it fails, fix before moving on
  • If a task is proving difficult, make at least 30 genuine attempts before moving on
  • Always deploy after completing a task — changes must be live at 192.168.1.228
  • Do NOT edit AIUI files — only Archy files
  • Build AIUI when needed: cd /Users/dorian/Projects/AIUI && rm -rf .turbo packages/app/.turbo packages/core/.turbo packages/app/dist packages/core/dist && VITE_BASE_PATH=/aiui/ pnpm build
  • Deploy AIUI dist: sshpass -p 'EwPDR8q45l0Upx@' scp -o StrictHostKeyChecking=no -r /Users/dorian/Projects/AIUI/packages/app/dist/* archipelago@192.168.1.228:/opt/archipelago/aiui/
  • Do not stop until all tasks are checked or you are rate limited