diff --git a/ROADMAP.md b/ROADMAP.md index 2d930bb..cc730ca 100644 --- a/ROADMAP.md +++ b/ROADMAP.md @@ -1,7 +1,7 @@ # Silo Roadmap -**Version:** 1.0 -**Date:** January 2026 +**Version:** 1.1 +**Date:** February 2026 **Purpose:** Project inventory, SOLIDWORKS PDM gap analysis, and development roadmap --- @@ -18,7 +18,7 @@ ## Executive Summary -Silo is an R&D-oriented item database and part management system designed for FreeCAD integration. It provides configurable part number generation, revision tracking, BOM management, and file versioning through MinIO storage. +Silo is an R&D-oriented item database and part management system. It provides configurable part number generation, revision tracking, BOM management, and file versioning through MinIO storage. CAD integration (FreeCAD workbench, LibreOffice Calc extension) is maintained in separate repositories ([silo-mod](https://git.kindred-systems.com/kindred/silo-mod), [silo-calc](https://git.kindred-systems.com/kindred/silo-calc)). This document compares Silo's current capabilities against SOLIDWORKS PDM—the industry-leading product data management solution—to identify gaps and prioritize future development. @@ -39,7 +39,7 @@ This document compares Silo's current capabilities against SOLIDWORKS PDM—the ### Implemented Features (MVP Complete) #### Core Database System -- PostgreSQL schema with 7 migrations +- PostgreSQL schema with 10 migrations - UUID-based identifiers throughout - Soft delete support via `archived_at` timestamps - Atomic sequence generation for part numbers @@ -72,6 +72,9 @@ This document compares Silo's current capabilities against SOLIDWORKS PDM—the #### Bill of Materials (BOM) - Relationship types: component, alternate, reference +- Multi-level BOM (recursive expansion with configurable depth) +- Where-used queries (reverse parent lookup) +- BOM CSV and ODS export/import with cycle detection - Reference designators for electronics - Quantity tracking with units - Revision-specific child linking @@ -85,14 +88,27 @@ This document compares Silo's current capabilities against SOLIDWORKS PDM—the #### Data Import/Export - CSV export with configurable properties - CSV import with dry-run validation +- ODS spreadsheet import/export (items, BOMs, project sheets) - Template generation for import formatting #### API & Web Interface -- Comprehensive REST API (30+ endpoints) +- REST API with 74 endpoints +- Authentication: local (bcrypt), LDAP/FreeIPA, OIDC/Keycloak +- Role-based access control (admin > editor > viewer) +- API token management (SHA-256 hashed) +- Session management (PostgreSQL-backed, 24h lifetime) +- CSRF protection (nosurf on web forms) - Middleware: logging, CORS, recovery, request ID -- Web UI foundation with htmx +- Web UI for items, projects, schemas, audit (htmx) +- Fuzzy search - Health and readiness probes +#### Audit & Completeness +- Audit logging (database table with user/action/resource tracking) +- Item completeness scoring with weighted fields +- Category-specific property validation +- Tier classification (critical/low/partial/good/complete) + #### Configuration - YAML configuration with environment variable overrides - Multi-schema support @@ -102,12 +118,12 @@ This document compares Silo's current capabilities against SOLIDWORKS PDM—the | Feature | Status | Notes | |---------|--------|-------| -| FreeCAD Workbench | ~80% | 8 commands implemented (save, commit, pull, push, info, register, open, browse), needs end-to-end testing | +| Odoo ERP integration | Partial | Config and sync-log CRUD functional; push/pull sync operations are stubs | | Date segment type | Not started | Schema parser placeholder exists | | Part number validation | Not started | API accepts but doesn't validate format | | Location hierarchy CRUD | Schema only | Tables exist, no API endpoints | | Inventory tracking | Schema only | Tables exist, no API endpoints | -| Unit tests | Not started | Critical for production use | +| Unit tests | Minimal | 1 Go test file (`internal/ods/ods_test.go`) | ### Infrastructure Status @@ -170,16 +186,16 @@ Workflow management is the largest functional gap. SOLIDWORKS PDM offers sophist | Feature | SOLIDWORKS PDM | Silo Status | Priority | Complexity | |---------|---------------|-------------|----------|------------| -| User authentication | Windows AD, LDAP | None (single-user) | Critical | Moderate | -| Role-based permissions | Granular per folder/state | None | Critical | Complex | -| Group management | Full | None | Critical | Moderate | -| Folder permissions | Read/write/delete per folder | None | High | Moderate | +| User authentication | Windows AD, LDAP | Full (local, LDAP, OIDC) | - | - | +| Role-based permissions | Granular per folder/state | Partial (3-tier role model) | Medium | Moderate | +| Group management | Full | None | Medium | Moderate | +| Folder permissions | Read/write/delete per folder | None | Medium | Moderate | | State permissions | Actions allowed per state | None | High | Moderate | -| Audit trail | Complete action logging | None | High | Moderate | +| Audit trail | Complete action logging | Full | - | - | | Private files | Pre-check-in visibility control | None | Low | Simple | **Gap Analysis:** -Silo currently operates as single-user with no authentication. Multi-user deployment requires authentication (LDAP planned), authorization (role-based access), and audit logging. This is prerequisite for any team environment. +Authentication is implemented with three backends (local, LDAP/FreeIPA, OIDC/Keycloak) and a 3-tier role model (admin > editor > viewer). Audit logging captures user actions. Remaining gaps: group management, folder-level permissions, and state-based permission rules. --- @@ -187,16 +203,16 @@ Silo currently operates as single-user with no authentication. Multi-user deploy | Feature | SOLIDWORKS PDM | Silo Status | Priority | Complexity | |---------|---------------|-------------|----------|------------| -| Metadata search | Full with custom cards | Partial (API query params) | High | Moderate | +| Metadata search | Full with custom cards | Partial (API query params + fuzzy) | High | Moderate | | Full-text content search | iFilters for Office, CAD | None | Medium | Complex | -| Quick search | Toolbar with history | None (API only) | Medium | Simple | +| Quick search | Toolbar with history | Partial (fuzzy search API) | Medium | Simple | | Saved searches | User-defined favorites | None | Medium | Simple | | Advanced operators | AND, OR, NOT, wildcards | None | Medium | Simple | | Multi-variable search | Search across multiple fields | None | Medium | Simple | -| Where-used search | Find all assemblies using part | None | High | Moderate | +| Where-used search | Find all assemblies using part | Full | - | - | **Gap Analysis:** -Silo has basic API-level filtering but lacks a rich search interface. Content search (searching within CAD files) would require FreeCAD file parsing. "Where-used" queries are particularly valuable for impact analysis. +Silo has API-level filtering, fuzzy search, and where-used queries. Remaining gaps: saved searches, advanced search operators, and a richer search UI. Content search (searching within CAD files) is not planned for the server. --- @@ -205,15 +221,16 @@ Silo has basic API-level filtering but lacks a rich search interface. Content se | Feature | SOLIDWORKS PDM | Silo Status | Priority | Complexity | |---------|---------------|-------------|----------|------------| | Single-level BOM | Yes | Full | - | - | -| Multi-level BOM | Indented/exploded views | Schema only (no API) | High | Moderate | +| Multi-level BOM | Indented/exploded views | Full (recursive, configurable depth) | - | - | | BOM comparison | Between revisions | None | Medium | Moderate | -| BOM export | Excel, XML, ERP formats | None | High | Simple | +| BOM export | Excel, XML, ERP formats | Full (CSV, ODS) | - | - | +| BOM import | Bulk BOM loading | Full (CSV with upsert) | - | - | | Calculated BOMs | Quantities rolled up | None | Medium | Moderate | | Reference designators | Full support | Full | - | - | | Alternate parts | Substitute tracking | Full | - | - | **Gap Analysis:** -BOM structure exists in the database but API endpoints for multi-level BOM retrieval and export are missing. BOM comparison between revisions would be valuable for change impact analysis. +Multi-level BOM retrieval (recursive CTE with configurable depth) and BOM export (CSV, ODS) are implemented. BOM import supports CSV with upsert and cycle detection. Remaining gap: BOM comparison between revisions. --- @@ -221,15 +238,15 @@ BOM structure exists in the database but API endpoints for multi-level BOM retri | Feature | SOLIDWORKS PDM | Silo Status | Priority | Complexity | |---------|---------------|-------------|----------|------------| -| Native CAD add-in | Deep SOLIDWORKS integration | FreeCAD workbench (partial) | High | Complex | -| Property mapping | Bi-directional sync | Planned | High | Moderate | -| Task pane | Embedded in CAD UI | None | Medium | Complex | -| Lightweight components | Handle without full load | N/A for FreeCAD | - | - | +| Native CAD add-in | Deep SOLIDWORKS integration | FreeCAD workbench (silo-mod) | Medium | Complex | +| Property mapping | Bi-directional sync | Planned (silo-mod) | Medium | Moderate | +| Task pane | Embedded in CAD UI | Auth dock panel (silo-mod) | Medium | Complex | +| Lightweight components | Handle without full load | N/A | - | - | | Drawing/model linking | Automatic association | Manual | Medium | Moderate | | Multi-CAD support | Third-party formats | FreeCAD only | Low | - | **Gap Analysis:** -FreeCAD workbench commands exist but need thorough testing. Property synchronization between Silo database and FreeCAD document properties is planned but not implemented. +CAD integration is maintained in separate repositories ([silo-mod](https://git.kindred-systems.com/kindred/silo-mod), [silo-calc](https://git.kindred-systems.com/kindred/silo-calc)). The Silo server provides the REST API endpoints consumed by those clients. --- @@ -237,15 +254,15 @@ FreeCAD workbench commands exist but need thorough testing. Property synchroniza | Feature | SOLIDWORKS PDM | Silo Status | Priority | Complexity | |---------|---------------|-------------|----------|------------| -| ERP integration | SAP, Dynamics, etc. | None | Medium | Complex | -| API access | Full COM/REST API | Full REST API | - | - | +| ERP integration | SAP, Dynamics, etc. | Partial (Odoo stubs) | Medium | Complex | +| API access | Full COM/REST API | Full REST API (74 endpoints) | - | - | | Dispatch scripts | Automation without coding | None | Medium | Moderate | | Task scheduler | Background processing | None | Medium | Moderate | | Email system | SMTP integration | None | High | Simple | -| Web portal | Browser access | Partial (basic UI) | High | Moderate | +| Web portal | Browser access | Full (htmx + auth) | - | - | **Gap Analysis:** -Silo has a solid REST API foundation. ERP integration can be built on this API but would require specific adapters per target system. Email notifications and scheduled tasks would enhance workflow automation. +Silo has a comprehensive REST API (74 endpoints) and a full web UI with authentication. Odoo ERP integration has config/sync-log scaffolding but push/pull operations are stubs. Remaining gaps: email notifications, task scheduler, dispatch automation. --- @@ -256,7 +273,7 @@ Silo has a solid REST API foundation. ERP integration can be built on this API b | Standard reports | Inventory, usage, activity | None | Medium | Moderate | | Custom reports | User-defined queries | None | Medium | Moderate | | Dashboard | Visual KPIs | None | Low | Moderate | -| Export formats | PDF, Excel, CSV | CSV only | Medium | Simple | +| Export formats | PDF, Excel, CSV | CSV and ODS | Medium | Simple | **Gap Analysis:** Reporting capabilities are absent. Basic reports (item counts, revision activity, where-used) would provide immediate value. @@ -280,19 +297,22 @@ File storage works well. Thumbnail generation and file preview would significant ### Gap Summary by Priority +#### Completed (Previously Critical/High) +1. ~~**User authentication**~~ - Implemented: local, LDAP, OIDC +2. ~~**Role-based permissions**~~ - Implemented: 3-tier role model (admin/editor/viewer) +3. ~~**Audit trail**~~ - Implemented: audit_log table with completeness scoring +4. ~~**Where-used search**~~ - Implemented: reverse parent lookup API +5. ~~**Multi-level BOM API**~~ - Implemented: recursive expansion with configurable depth +6. ~~**BOM export**~~ - Implemented: CSV and ODS formats + #### Critical Gaps (Required for Team Use) -1. **User authentication** - LDAP/SSO integration -2. **Role-based permissions** - Folder and state-level access control -3. **Workflow engine** - State machines with transitions and approvals -4. **Check-out locking** - Pessimistic locking for CAD files +1. **Workflow engine** - State machines with transitions and approvals +2. **Check-out locking** - Pessimistic locking for CAD files #### High Priority Gaps (Significant Value) 1. **Email notifications** - Alert users on state changes -2. **Where-used search** - Impact analysis for changes -3. **Multi-level BOM API** - Retrieve full assembly structure -4. **BOM export** - Excel/CSV/XML for downstream systems -5. **Audit trail** - Log all user actions -6. **Web UI search** - User-friendly search interface +2. **Web UI search** - Advanced search interface with saved searches +3. **Folder/state permissions** - Granular access control beyond role model #### Medium Priority Gaps (Nice to Have) 1. **Saved searches** - Frequently used queries @@ -311,10 +331,13 @@ File storage works well. Thumbnail generation and file preview would significant | Feature | Description | Status | |---------|-------------|--------| | MinIO integration | File upload/download with versioning and checksums | Complete | -| FreeCAD workbench | 8 toolbar commands implemented | Needs Testing | | Revision control | Rollback, comparison, status/labels | Complete | | CSV import/export | Dry-run validation, template generation | Complete | +| ODS import/export | Items, BOMs, project sheets, templates | Complete | | Project management | CRUD, many-to-many item tagging | Complete | +| Multi-level BOM | Recursive expansion, where-used, export | Complete | +| Authentication | Local, LDAP, OIDC with role-based access | Complete | +| Audit logging | Action logging, completeness scoring | Complete | | Unit tests | Core API and database operations | Not Started | | Date segment type | Support date-based part number segments | Not Started | | Part number validation | Validate format on creation | Not Started | @@ -324,14 +347,15 @@ File storage works well. Thumbnail generation and file preview would significant ### Phase 2: Multi-User (Q2-Q3 2026) *Enable team collaboration* -| Feature | Description | Complexity | -|---------|-------------|------------| -| LDAP authentication | Integrate with FreeIPA/Active Directory | Moderate | -| User/group management | Create, assign, manage users and groups | Moderate | -| Folder permissions | Read/write/delete per folder hierarchy | Moderate | -| Check-out locking | Pessimistic locks with timeout | Moderate | -| Audit logging | Record all user actions with timestamps | Moderate | -| Session management | Token-based API authentication | Moderate | +| Feature | Description | Status | +|---------|-------------|--------| +| LDAP authentication | Integrate with FreeIPA/Active Directory | **Complete** | +| OIDC authentication | Keycloak / OpenID Connect | **Complete** | +| Audit logging | Record all user actions with timestamps | **Complete** | +| Session management | Token-based and session-based API authentication | **Complete** | +| User/group management | Create, assign, manage users and groups | Not Started | +| Folder permissions | Read/write/delete per folder hierarchy | Not Started | +| Check-out locking | Pessimistic locks with timeout | Not Started | ### Phase 3: Workflow Engine (Q3-Q4 2026) *Implement engineering change processes* @@ -350,26 +374,27 @@ File storage works well. Thumbnail generation and file preview would significant ### Phase 4: Search & Discovery (Q4 2026 - Q1 2027) *Improve findability and navigation* -| Feature | Description | Complexity | -|---------|-------------|------------| -| Advanced search UI | Web interface with filters | Moderate | -| Search operators | AND, OR, NOT, wildcards | Simple | -| Saved searches | User favorites | Simple | -| Where-used queries | Find parent assemblies | Moderate | -| Quick search | Toolbar search box | Simple | -| Content search | Search within file content | Complex | +| Feature | Description | Status | +|---------|-------------|--------| +| Where-used queries | Find parent assemblies | **Complete** | +| Fuzzy search | Quick search across items | **Complete** | +| Advanced search UI | Web interface with filters | Not Started | +| Search operators | AND, OR, NOT, wildcards | Not Started | +| Saved searches | User favorites | Not Started | +| Content search | Search within file content | Not Started | ### Phase 5: BOM & Reporting (Q1-Q2 2027) *Enhanced BOM management and analytics* -| Feature | Description | Complexity | -|---------|-------------|------------| -| Multi-level BOM API | Recursive assembly retrieval | Moderate | -| BOM export | Excel, CSV, XML formats | Simple | -| BOM comparison | Diff between revisions | Moderate | -| Standard reports | Activity, inventory, usage | Moderate | -| Custom queries | User-defined report builder | Moderate | -| Dashboard | Visual KPIs and metrics | Moderate | +| Feature | Description | Status | +|---------|-------------|--------| +| Multi-level BOM API | Recursive assembly retrieval | **Complete** | +| BOM export | CSV and ODS formats | **Complete** | +| BOM import | CSV with upsert and cycle detection | **Complete** | +| BOM comparison | Diff between revisions | Not Started | +| Standard reports | Activity, inventory, usage | Not Started | +| Custom queries | User-defined report builder | Not Started | +| Dashboard | Visual KPIs and metrics | Not Started | ### Phase 6: Advanced Features (Q2-Q4 2027) *Enterprise capabilities* @@ -395,13 +420,24 @@ File storage works well. Thumbnail generation and file preview would significant - [x] File download via REST API (latest and by revision) - [x] SHA256 checksums on upload -#### 1.2 FreeCAD Workbench -- Needs End-to-End Testing -- [x] Silo_Save, Silo_Commit, Silo_Pull, Silo_Push implemented -- [x] Silo_Info, Silo_Register, Silo_Open, Silo_Browse implemented -- [ ] End-to-end testing with running Silo instance -- [ ] Document workbench installation +#### 1.2 Authentication & Authorization -- COMPLETE +- [x] Local authentication (bcrypt) +- [x] LDAP/FreeIPA authentication +- [x] OIDC/Keycloak authentication +- [x] Role-based access control (admin/editor/viewer) +- [x] API token management (SHA-256 hashed) +- [x] Session management (PostgreSQL-backed) +- [x] CSRF protection (nosurf) +- [x] Audit logging (database table) -#### 1.3 Unit Test Suite +#### 1.3 Multi-level BOM & Export -- COMPLETE +- [x] Recursive BOM expansion with configurable depth +- [x] Where-used reverse lookup +- [x] BOM CSV export/import with cycle detection +- [x] BOM ODS export +- [x] ODS item export/import/template + +#### 1.4 Unit Test Suite - [ ] Database connection and transaction tests - [ ] Item CRUD operation tests - [ ] Revision creation and retrieval tests @@ -410,11 +446,11 @@ File storage works well. Thumbnail generation and file preview would significant - [ ] CSV import/export tests - [ ] API endpoint tests -#### 1.4 Missing Segment Types +#### 1.5 Missing Segment Types - [ ] Implement date segment type - [ ] Add strftime-style format support -#### 1.5 Location & Inventory APIs +#### 1.6 Location & Inventory APIs - [ ] `GET /api/locations` - List locations - [ ] `POST /api/locations` - Create location - [ ] `GET /api/locations/{path}` - Get location @@ -480,20 +516,21 @@ File storage works well. Thumbnail generation and file preview would significant | **Workflow** | Custom workflows | Limited | Yes | No | Phase 3 | | | Parallel approval | No | Yes | No | Phase 3 | | | Notifications | No | Yes | No | Phase 3 | -| **Security** | User auth | Windows | Windows/LDAP | No | Phase 2 | -| | Permissions | Basic | Granular | No | Phase 2 | -| | Audit trail | Basic | Full | No | Phase 2 | -| **Search** | Metadata search | Yes | Yes | Partial (API) | Phase 4 | +| **Security** | User auth | Windows | Windows/LDAP | Yes (local, LDAP, OIDC) | - | +| | Permissions | Basic | Granular | Partial (role-based) | Phase 2 | +| | Audit trail | Basic | Full | Yes | - | +| **Search** | Metadata search | Yes | Yes | Partial (API + fuzzy) | Phase 4 | | | Content search | No | Yes | No | Phase 4 | -| | Where-used | Yes | Yes | No | Phase 4 | +| | Where-used | Yes | Yes | Yes | - | | **BOM** | Single-level | Yes | Yes | Yes | - | -| | Multi-level | Yes | Yes | Schema only | Phase 5 | -| | BOM export | Yes | Yes | No | Phase 5 | +| | Multi-level | Yes | Yes | Yes (recursive) | - | +| | BOM export | Yes | Yes | Yes (CSV, ODS) | - | | **Data** | CSV import/export | Yes | Yes | Yes | - | +| | ODS import/export | No | No | Yes | - | | | Project management | Yes | Yes | Yes | - | -| **Integration** | API | Limited | Full | Full REST (35+) | - | -| | ERP connectors | No | Yes | No | Phase 6 | -| | Web access | No | Yes | Yes (htmx) | Phase 4 | +| **Integration** | API | Limited | Full | Full REST (74) | - | +| | ERP connectors | No | Yes | Partial (Odoo stubs) | Phase 6 | +| | Web access | No | Yes | Yes (htmx + auth) | - | | **Files** | Versioning | Yes | Yes | Yes | - | | | Preview | Yes | Yes | No | Phase 6 | | | Multi-site | No | Yes | No | Not Planned | diff --git a/docs/GAP_ANALYSIS.md b/docs/GAP_ANALYSIS.md index 971bced..e94c9cb 100644 --- a/docs/GAP_ANALYSIS.md +++ b/docs/GAP_ANALYSIS.md @@ -1,7 +1,7 @@ # Silo Gap Analysis and Revision Control Roadmap -**Date:** 2026-01-24 -**Status:** Analysis Complete +**Date:** 2026-02-06 +**Status:** Analysis Complete (Updated) --- @@ -41,7 +41,6 @@ This document analyzes the current state of the Silo project against its specifi | Gap | Impact | Effort | |-----|--------|--------| | **User Workflows** | Users lack step-by-step guidance | Medium | -| **FreeCAD Command Reference** | Addon features undiscoverable | Low | | **Troubleshooting Guide** | Support burden increases | Medium | | **Developer Setup Guide** | Onboarding friction | Low | @@ -112,15 +111,9 @@ CREATE TABLE revisions ( | `/api/items/{pn}/file` | GET | Implemented (latest) | | `/api/items/{pn}/file/{rev}` | GET | Implemented | -### 2.4 FreeCAD Integration +### 2.4 Client Integration -| Command | Function | Status | -|---------|----------|--------| -| `Silo_Save` | Auto-save + upload | Implemented | -| `Silo_Commit` | Save with comment | Implemented | -| `Silo_Pull` | Download/create | Implemented | -| `Silo_Push` | Batch upload | Implemented | -| `Silo_Info` | View revision history | Implemented | +FreeCAD workbench maintained in separate [silo-mod](https://git.kindred-systems.com/kindred/silo-mod) repository. The server provides the revision and file endpoints consumed by the workbench. --- @@ -141,7 +134,7 @@ CREATE TABLE revisions ( |-----|-------------|--------|--------| | **No branching** | Linear history only | No experimental variants | Open | | ~~**No tagging**~~ | ~~No named milestones~~ | ~~Release tracking manual~~ | **Implemented** (revision labels) | -| **No audit log** | Actions not logged separately | Compliance gap | Open | +| ~~**No audit log**~~ | ~~Actions not logged separately~~ | ~~Compliance gap~~ | **Implemented** (migration 009, `audit_log` table + completeness scoring) | | **Thumbnail missing** | Schema exists, not populated | No visual preview | Open | ### 3.3 Nice-to-Have Gaps @@ -175,7 +168,7 @@ All Phase 1 items have been implemented: #### 2.1 Pessimistic Locking ``` -Effort: High | Priority: High | Risk: Medium +Effort: High | Priority: High | Risk: Medium | Status: Not Started ``` **Database Migration:** @@ -201,56 +194,20 @@ DELETE /api/items/{pn}/lock # Release lock GET /api/items/{pn}/lock # Check lock status ``` -**FreeCAD Integration:** -- Auto-lock on `Silo_Pull` (configurable) -- Auto-unlock on `Silo_Save`/`Silo_Commit` -- Show lock status in `Silo_Info` +#### 2.2 Authentication -- COMPLETE -#### 2.2 Authentication (LDAP/FreeIPA) -``` -Effort: High | Priority: High | Risk: Medium -``` +Authentication is fully implemented with three backends (local/bcrypt, LDAP/FreeIPA, OIDC/Keycloak), role-based access control (admin > editor > viewer), API token management, and PostgreSQL-backed sessions. See `docs/AUTH.md` for full details. -**Changes Required:** -- Add `internal/auth/` package -- LDAP bind configuration in config.yaml -- Middleware for API authentication -- `created_by` populated from authenticated user +- Migration: `009_auth.sql` +- Code: `internal/auth/`, `internal/api/middleware.go` -**Configuration:** -```yaml -auth: - enabled: true - provider: ldap - ldap: - server: ldap://freeipa.example.com - base_dn: cn=users,cn=accounts,dc=example,dc=com - bind_dn: uid=silo-service,cn=users,... - bind_password_env: LDAP_BIND_PASSWORD -``` +#### 2.3 Audit Logging -- COMPLETE -#### 2.3 Audit Logging -``` -Effort: Medium | Priority: Medium | Risk: Low -``` +Audit logging is implemented via migration 009 with the `audit_log` table and completeness scoring system. Endpoints: +- `GET /api/audit/completeness` — summary of all items +- `GET /api/audit/completeness/{partNumber}` — per-item scoring with weighted fields and tier classification -**Database Migration:** -```sql -CREATE TABLE audit_log ( - id UUID PRIMARY KEY DEFAULT uuid_generate_v4(), - timestamp TIMESTAMPTZ NOT NULL DEFAULT now(), - user_id TEXT NOT NULL, - action TEXT NOT NULL, -- 'create', 'update', 'delete', 'lock', 'unlock' - resource_type TEXT NOT NULL, -- 'item', 'revision', 'project', 'relationship' - resource_id TEXT NOT NULL, - details JSONB, - ip_address TEXT -); - -CREATE INDEX idx_audit_timestamp ON audit_log(timestamp DESC); -CREATE INDEX idx_audit_user ON audit_log(user_id); -CREATE INDEX idx_audit_resource ON audit_log(resource_type, resource_id); -``` +Code: `internal/api/handlers_audit.go` --- @@ -334,11 +291,14 @@ Effort: Medium | Priority: Low | Risk: Low 2. ~~**Rollback Support**~~ - Implemented 3. ~~**Revision Labels/Status**~~ - Implemented (migration 007) +### Recently Completed + +4. ~~**Authentication**~~ - Implemented (3 backends: local, LDAP, OIDC; RBAC; API tokens; sessions) +5. ~~**Audit Logging**~~ - Implemented (audit_log table, completeness scoring) + ### Next (Short-term) -4. **Pessimistic Locking** - Required before multi-user -5. **Authentication** - Required before production deployment -6. **Audit Logging** - Compliance and debugging +6. **Pessimistic Locking** - Required before multi-user ### Medium-term (3-6 Months) @@ -389,26 +349,35 @@ These design decisions remain unresolved: --- -## Appendix A: File Structure for New Features +## Appendix A: File Structure -Revision endpoints, status, and labels are already implemented in the existing handler files. Future features would add: +Revision endpoints, status, labels, authentication, and audit logging are implemented. Current structure: + +``` +internal/ + api/ + handlers_audit.go # Audit/completeness endpoints (implemented) + middleware.go # Auth middleware (implemented) + auth/ + auth.go # Auth service: local, LDAP, OIDC (implemented) +migrations/ + 008_odoo_integration.sql # Odoo ERP tables (implemented) + 009_auth.sql # Auth + audit tables (implemented) + 010_item_extended_fields.sql # Extended item fields (implemented) +``` + +Future features would add: ``` internal/ api/ handlers_lock.go # Locking endpoints - handlers_audit.go # Audit log endpoints - auth/ - ldap.go # LDAP authentication - middleware.go # Auth middleware db/ locks.go # Lock repository - audit.go # Audit repository releases.go # Release repository migrations/ - 008_item_locks.sql # Locking table - 009_audit_log.sql # Audit logging - 010_releases.sql # Release management + 011_item_locks.sql # Locking table + 012_releases.sql # Release management ``` --- @@ -423,14 +392,29 @@ PATCH /api/items/{pn}/revisions/{rev} # Update status/labels ``` ### Phase 2 Endpoints + +**Authentication (Implemented):** +``` +GET /api/auth/me # Current user info +GET /api/auth/tokens # List API tokens +POST /api/auth/tokens # Create API token +DELETE /api/auth/tokens/{id} # Revoke API token +``` + +**Audit (Implemented):** +``` +GET /api/audit/completeness # All items completeness summary +GET /api/audit/completeness/{partNumber} # Per-item scoring +``` + +**Locking (Not Implemented):** ``` POST /api/items/{pn}/lock # Acquire lock DELETE /api/items/{pn}/lock # Release lock GET /api/items/{pn}/lock # Check lock status -GET /api/audit # Query audit log ``` -### Phase 3 Endpoints +### Phase 3 Endpoints (Not Implemented) ``` GET /api/releases # List releases POST /api/releases # Create release diff --git a/docs/REPOSITORY_STATUS.md b/docs/REPOSITORY_STATUS.md index 0f81564..6d43e4a 100644 --- a/docs/REPOSITORY_STATUS.md +++ b/docs/REPOSITORY_STATUS.md @@ -12,9 +12,8 @@ |----------|-------|-------| | Go source | ~6,644 | 20 | | HTML templates | ~4,923 | 4 | -| Python (FreeCAD) | ~2,499 | 7 | | SQL migrations | ~464 | 8 | -| **Total** | **~14,730** | **39** | +| **Total** | **~12,231** | **32** | --- @@ -33,7 +32,6 @@ internal/ partnum/ Part number generator (180 lines) schema/ YAML schema parser (235 lines) storage/ MinIO S3 client (121 lines) -pkg/freecad/ FreeCAD workbench plugin (2,499 Python) migrations/ Database DDL (8 files) ``` diff --git a/docs/SPECIFICATION.md b/docs/SPECIFICATION.md index cf1f7d4..f6eb369 100644 --- a/docs/SPECIFICATION.md +++ b/docs/SPECIFICATION.md @@ -1,14 +1,14 @@ -# Silo: Item Database and Part Management System for FreeCAD +# Silo: Item Database and Part Management System -**Version:** 0.1 Draft -**Date:** January 2026 +**Version:** 0.2 +**Date:** February 2026 **Author:** Kindred Systems LLC --- ## 1. Overview -Silo is an item database with configurable part number generation, designed for R&D-oriented workflows. It integrates with FreeCAD 1.0+ to provide git-like object management, revision tracking, and physical inventory location management. +Silo is an item database with configurable part number generation, designed for R&D-oriented workflows. It provides revision tracking, BOM management, file versioning, and physical inventory location management through a REST API and web UI. CAD integration (FreeCAD workbench, LibreOffice Calc extension) is maintained in separate repositories ([silo-mod](https://git.kindred-systems.com/kindred/silo-mod), [silo-calc](https://git.kindred-systems.com/kindred/silo-calc)). ### 1.1 Core Philosophy @@ -29,53 +29,45 @@ Silo treats **part numbering schemas as configuration, not code**. Multiple numb ``` ┌─────────────────────────────────────────────────────────────┐ -│ FreeCAD 1.0+ │ -│ ┌─────────────────────────────────────────────────────┐ │ -│ │ Silo Workbench (Python) │ │ -│ │ - silo checkout / commit / status / log │ │ -│ │ - Part number generation │ │ -│ │ - Property sync with FreeCAD objects │ │ -│ └─────────────────────────────────────────────────────┘ │ +│ CAD Clients (silo-mod, silo-calc) │ +│ FreeCAD Workbench · LibreOffice Calc Extension │ +│ (maintained in separate repositories) │ └─────────────────────────────────────────────────────────────┘ - │ + │ REST API ▼ ┌─────────────────────────────────────────────────────────────┐ -│ Silo Core (CLI/Library) │ +│ Silo Server (silod) │ +│ - REST API (74 endpoints) │ +│ - Authentication (local, LDAP, OIDC) │ │ - Schema parsing and validation │ │ - Part number generation engine │ │ - Revision management │ -│ - Relationship graph │ +│ - Relationship graph / BOM │ +│ - Web UI (htmx) │ └─────────────────────────────────────────────────────────────┘ │ ┌───────────────┴───────────────┐ ▼ ▼ ┌─────────────────────────┐ ┌─────────────────────────────┐ │ PostgreSQL │ │ MinIO │ -│ (psql.kindred.internal)│ │ - .FCStd file storage │ +│ (psql.kindred.internal)│ │ - File storage │ │ - Item metadata │ │ - Versioned objects │ │ - Relationships │ │ - Thumbnails │ │ - Revision history │ │ │ -│ - Location hierarchy │ │ │ +│ - Auth / Sessions │ │ │ +│ - Audit log │ │ │ └─────────────────────────┘ └─────────────────────────────┘ - │ - ▼ -┌─────────────────────────────────────────────────────────────┐ -│ Web UI (Browse/Search) │ -│ - Item browser with hierarchy navigation │ -│ - Search and filtering │ -│ - "Open in FreeCAD" links (freecad:// URI handler) │ -│ - BOM viewer │ -└─────────────────────────────────────────────────────────────┘ ``` ### 2.2 Technology Stack | Component | Technology | Notes | |-----------|------------|-------| -| Database | PostgreSQL | Existing instance at psql.kindred.internal | +| Database | PostgreSQL 16 | Existing instance at psql.kindred.internal | | File Storage | MinIO | S3-compatible, versioning enabled | -| FreeCAD Integration | Python workbench | Macro-style commands | -| CLI & API Server | Go (1.23) | chi/v5 router, pgx/v5 driver, zerolog | +| CLI & API Server | Go (1.24) | chi/v5 router, pgx/v5 driver, zerolog | +| Authentication | Multi-backend | Local (bcrypt), LDAP/FreeIPA, OIDC/Keycloak | +| Sessions | PostgreSQL pgxstore | alexedwards/scs, 24h lifetime | | Web UI | Go html/template + htmx | Lightweight, minimal JS | --- @@ -347,52 +339,24 @@ assembly_config: --- -## 5. FreeCAD Integration +## 5. Client Integration -### 5.1 Workbench Commands +CAD workbench and spreadsheet extension implementations are maintained in separate repositories ([silo-mod](https://git.kindred-systems.com/kindred/silo-mod), [silo-calc](https://git.kindred-systems.com/kindred/silo-calc)). The Silo server provides the REST API endpoints consumed by those clients. -The Silo workbench provides toolbar commands in FreeCAD: +### 5.1 File Storage Strategy -| Command | Description | Status | -|---------|-------------|--------| -| `Silo_Save` | Auto-save document and upload to MinIO | Implemented | -| `Silo_Commit` | Save with revision comment | Implemented | -| `Silo_Pull` | Download item by part number / create new | Implemented | -| `Silo_Push` | Batch upload modified files | Implemented | -| `Silo_Info` | View revision history for current item | Implemented | -| `Silo_Register` | Generate part number for current document | Implemented | -| `Silo_Open` | Open item from Silo by part number | Implemented | -| `Silo_Browse` | Browse items in a list dialog | Implemented | +Files are stored as whole objects in MinIO with versioning enabled. Storage path convention: `items/{partNumber}/rev{N}.ext`. SHA-256 checksums are captured on upload for integrity verification. -### 5.2 Property Synchronization +Future option: exploded storage (unpack ZIP-based CAD archives for better diffing). -Silo properties map to FreeCAD custom properties: +### 5.2 Checkout Locking (Future) -```python -# FreeCAD object properties (synced from Silo) -obj.addProperty("App::PropertyString", "SiloPartNumber", "Silo", "Part number") -obj.addProperty("App::PropertyString", "SiloRevision", "Silo", "Current revision") -obj.addProperty("App::PropertyString", "SiloDescription", "Silo", "Item description") -# ... additional properties as defined in schema -``` - -### 5.3 File Storage Strategy - -FreeCAD `.FCStd` files are ZIP archives. Storage options: - -1. **Whole file storage** (MVP): Store complete .FCStd in MinIO with versioning -2. **Exploded storage** (future): Unpack and store components separately for better diffing - -For MVP, whole file storage is simpler and MinIO versioning handles history. - -### 5.4 Checkout Locking (Future) - -MVP operates as single-user. Future multi-user support will need locking strategy: +Future multi-user support will need a server-side locking strategy: - **Pessimistic locking**: Checkout acquires exclusive lock - **Optimistic locking**: Allow concurrent edits, handle conflicts on commit -Recommendation for future: Pessimistic locking for CAD files (merge is impractical). +Recommendation: Pessimistic locking for CAD files (merge is impractical). --- @@ -533,34 +497,40 @@ All operations logged for audit trail (future consideration). --- -## 10. Authentication (Future) +## 10. Authentication -### 10.1 Current State (MVP) +Silo supports three authentication backends that can be enabled independently or combined. When authentication is disabled (`auth.enabled: false`), all routes are open and a synthetic dev user with the `admin` role is injected into every request. -Single-user, no authentication required. +### 10.1 Backends -### 10.2 Future: LDAPS Integration +| Backend | Use Case | Config Key | +|---------|----------|------------| +| **Local** | Username/password stored in database (bcrypt cost 12) | `auth.local` | +| **LDAP** | FreeIPA / Active Directory via LDAP bind | `auth.ldap` | +| **OIDC** | Keycloak or any OpenID Connect provider (redirect flow) | `auth.oidc` | -Plan for FreeIPA integration: +### 10.2 Role Model -```yaml -# /etc/silo/auth.yaml -auth: - provider: ldap - server: ldaps://ipa.kindred.internal - base_dn: "dc=kindred,dc=internal" - user_dn_template: "uid={username},cn=users,cn=accounts,dc=kindred,dc=internal" - group_base: "cn=groups,cn=accounts,dc=kindred,dc=internal" - - # Role mapping - roles: - admin: - groups: ["silo-admins"] - editor: - groups: ["silo-users", "engineers"] - viewer: - groups: ["silo-viewers"] -``` +Three roles with a strict hierarchy: `admin > editor > viewer` + +| Permission | viewer | editor | admin | +|-----------|--------|--------|-------| +| Read items, projects, schemas, BOMs | Yes | Yes | Yes | +| Create/update items and revisions | No | Yes | Yes | +| Upload files, manage BOMs | No | Yes | Yes | +| Import CSV/ODS | No | Yes | Yes | +| Manage own API tokens | Yes | Yes | Yes | +| User management (future) | No | No | Yes | + +### 10.3 API Tokens + +Raw token format: `silo_` + 64 hex characters (32 random bytes from `crypto/rand`). Only the SHA-256 hash is stored in the database. Tokens inherit the owning user's role. + +### 10.4 Sessions + +PostgreSQL-backed sessions via `alexedwards/scs` pgxstore. Cookie: `silo_session`, HttpOnly, SameSite=Lax, 24h lifetime. `Secure` flag is set when `auth.enabled` is true. + +See [AUTH.md](AUTH.md) for full architecture details and [AUTH_USER_GUIDE.md](AUTH_USER_GUIDE.md) for setup instructions. --- @@ -569,60 +539,111 @@ auth: ### 11.1 REST Endpoints (Implemented) ``` -# Health +# Health (no auth) GET /health # Basic health check GET /ready # Readiness (DB + MinIO) -# Web UI -GET / # Items page -GET /schemas # Schemas page +# Auth (no auth required) +GET /login # Login page +POST /login # Login form handler +POST /logout # Logout +GET /auth/oidc # OIDC login redirect +GET /auth/callback # OIDC callback -# Schemas +# Web UI (auth + CSRF) +GET / # Items page +GET /projects # Projects page +GET /schemas # Schemas page +GET /audit # Audit/completeness page +GET /settings # User settings / token management +POST /settings/tokens # Create API token (web) +POST /settings/tokens/{id}/revoke # Revoke API token (web) + +# Auth API +GET /api/auth/me # Current authenticated user +GET /api/auth/tokens # List user's API tokens +POST /api/auth/tokens # Create API token +DELETE /api/auth/tokens/{id} # Revoke API token + +# Schemas (read: viewer, write: editor) GET /api/schemas # List all schemas GET /api/schemas/{name} # Get schema details GET /api/schemas/{name}/properties # Get property schema for category -POST /api/schemas/{name}/segments/{segment}/values # Add enum value -PUT /api/schemas/{name}/segments/{segment}/values/{code} # Update enum value -DELETE /api/schemas/{name}/segments/{segment}/values/{code} # Delete enum value +POST /api/schemas/{name}/segments/{segment}/values # Add enum value [editor] +PUT /api/schemas/{name}/segments/{segment}/values/{code} # Update enum value [editor] +DELETE /api/schemas/{name}/segments/{segment}/values/{code} # Delete enum value [editor] -# Projects +# Projects (read: viewer, write: editor) GET /api/projects # List projects -POST /api/projects # Create project GET /api/projects/{code} # Get project -PUT /api/projects/{code} # Update project -DELETE /api/projects/{code} # Delete project GET /api/projects/{code}/items # Get project items +GET /api/projects/{code}/sheet.ods # Export project sheet as ODS +POST /api/projects # Create project [editor] +PUT /api/projects/{code} # Update project [editor] +DELETE /api/projects/{code} # Delete project [editor] -# Items -GET /api/items # List/search items -POST /api/items # Create item +# Items (read: viewer, write: editor) +GET /api/items # List/filter items +GET /api/items/search # Fuzzy search GET /api/items/export.csv # Export items to CSV -POST /api/items/import # Import items from CSV -GET /api/items/template.csv # Get CSV import template +GET /api/items/template.csv # CSV import template +GET /api/items/export.ods # Export items to ODS +GET /api/items/template.ods # ODS import template +POST /api/items # Create item [editor] +POST /api/items/import # Import items from CSV [editor] +POST /api/items/import.ods # Import items from ODS [editor] + +# Item Detail GET /api/items/{partNumber} # Get item details -PUT /api/items/{partNumber} # Update item -DELETE /api/items/{partNumber} # Archive item +PUT /api/items/{partNumber} # Update item [editor] +DELETE /api/items/{partNumber} # Archive item [editor] # Item-Project Tags GET /api/items/{partNumber}/projects # Get item's projects -POST /api/items/{partNumber}/projects # Add project tags -DELETE /api/items/{partNumber}/projects/{code} # Remove project tag +POST /api/items/{partNumber}/projects # Add project tags [editor] +DELETE /api/items/{partNumber}/projects/{code} # Remove project tag [editor] # Revisions GET /api/items/{partNumber}/revisions # List revisions -POST /api/items/{partNumber}/revisions # Create revision GET /api/items/{partNumber}/revisions/compare # Compare two revisions GET /api/items/{partNumber}/revisions/{revision} # Get specific revision -PATCH /api/items/{partNumber}/revisions/{revision} # Update status/labels -POST /api/items/{partNumber}/revisions/{revision}/rollback # Rollback to revision +POST /api/items/{partNumber}/revisions # Create revision [editor] +PATCH /api/items/{partNumber}/revisions/{revision} # Update status/labels [editor] +POST /api/items/{partNumber}/revisions/{revision}/rollback # Rollback to revision [editor] # Files -POST /api/items/{partNumber}/file # Upload file GET /api/items/{partNumber}/file # Download latest file GET /api/items/{partNumber}/file/{revision} # Download file at revision +POST /api/items/{partNumber}/file # Upload file [editor] -# Part Number Generation -POST /api/generate-part-number # Generate without creating item +# BOM +GET /api/items/{partNumber}/bom # List direct children +GET /api/items/{partNumber}/bom/expanded # Multi-level BOM (recursive) +GET /api/items/{partNumber}/bom/where-used # Where-used (parent lookup) +GET /api/items/{partNumber}/bom/export.csv # Export BOM as CSV +GET /api/items/{partNumber}/bom/export.ods # Export BOM as ODS +POST /api/items/{partNumber}/bom # Add BOM entry [editor] +POST /api/items/{partNumber}/bom/import # Import BOM from CSV [editor] +PUT /api/items/{partNumber}/bom/{childPartNumber} # Update BOM entry [editor] +DELETE /api/items/{partNumber}/bom/{childPartNumber} # Remove BOM entry [editor] + +# Audit (viewer) +GET /api/audit/completeness # Item completeness scores +GET /api/audit/completeness/{partNumber} # Item detail breakdown + +# Integrations — Odoo (read: viewer, write: editor) +GET /api/integrations/odoo/config # Get Odoo configuration +GET /api/integrations/odoo/sync-log # Get sync history +PUT /api/integrations/odoo/config # Update Odoo config [editor] +POST /api/integrations/odoo/test-connection # Test connection [editor] (stub) +POST /api/integrations/odoo/sync/push/{partNumber} # Push to Odoo [editor] (stub) +POST /api/integrations/odoo/sync/pull/{odooId} # Pull from Odoo [editor] (stub) + +# Sheets (editor) +POST /api/sheets/diff # Diff ODS sheet against DB [editor] + +# Part Number Generation (editor) +POST /api/generate-part-number # Generate without creating item [editor] ``` ### 11.2 Not Yet Implemented @@ -630,14 +651,16 @@ POST /api/generate-part-number # Generate without c The following endpoints from the original design are not yet implemented: ``` -# Locations (tables exist, no API) +# Locations (tables exist, no API handlers) GET /api/locations POST /api/locations GET /api/locations/{path} +DELETE /api/locations/{path} -# Inventory (tables exist, no API) +# Inventory (tables exist, no API handlers) GET /api/inventory/{partNumber} POST /api/inventory/{partNumber}/adjust +POST /api/inventory/{partNumber}/move ``` --- @@ -646,20 +669,29 @@ POST /api/inventory/{partNumber}/adjust ### 12.1 Implemented -- [x] PostgreSQL database schema (7 migrations) +- [x] PostgreSQL database schema (10 migrations) - [x] YAML schema parser for part numbering - [x] Part number generation engine - [x] CLI tool (`cmd/silo`) -- [x] API server (`cmd/silod`) with 35+ endpoints -- [x] FreeCAD workbench (save, commit, pull, push, info, register, open, browse) +- [x] API server (`cmd/silod`) with 74 endpoints - [x] MinIO integration for file storage with versioning - [x] BOM relationships (component, alternate, reference) +- [x] Multi-level BOM (recursive expansion with configurable depth) +- [x] Where-used queries (reverse parent lookup) +- [x] BOM CSV and ODS export/import - [x] Reference designator tracking - [x] Revision history (append-only) with rollback and comparison - [x] Revision status and labels - [x] Project management with many-to-many item tagging - [x] CSV import/export with dry-run validation -- [x] Web UI for items and schemas (htmx) +- [x] ODS spreadsheet import/export (items, BOMs, project sheets) +- [x] Web UI for items, projects, schemas, audit (htmx) +- [x] Authentication (local, LDAP, OIDC) with role-based access control +- [x] API token management (SHA-256 hashed) +- [x] Session management (PostgreSQL-backed) +- [x] Audit logging and completeness scoring +- [x] CSRF protection (nosurf) +- [x] Fuzzy search - [x] Property schema versioning framework - [x] Docker Compose deployment (dev and prod) - [x] systemd service and deployment scripts @@ -670,17 +702,15 @@ POST /api/inventory/{partNumber}/adjust - [ ] Inventory tracking (database tables exist, no API endpoints) - [ ] Date segment type (schema parser placeholder only) - [ ] Part number format validation on creation +- [ ] Odoo ERP integration (config and sync-log functional; push/pull are stubs) ### 12.3 Not Started -- [ ] Unit tests +- [ ] Unit tests (Go server — minimal coverage exists) - [ ] Schema migration tooling -- [ ] Multi-user authentication (FreeIPA/LDAP planned) - [ ] Checkout locking - [ ] Approval workflows -- [ ] External system integrations (ERP, purchasing) - [ ] Exploded file storage with diffing -- [ ] Audit logging - [ ] Notifications - [ ] Reporting/analytics @@ -688,15 +718,11 @@ POST /api/inventory/{partNumber}/adjust ## 13. Open Questions -1. ~~**CLI language**: Go for consistency with web UI, or Python for FreeCAD ecosystem alignment?~~ **Resolved:** Go was chosen for both CLI and API server. +1. **Thumbnail generation**: Generate thumbnails from CAD files on commit? Useful for web UI browsing. -2. **Property schema**: Should item properties be schema-defined (like part numbers) or freeform? Recommendation: Support both—schema defines expected properties, but allow ad-hoc additions. +2. **Search indexing**: PostgreSQL full-text search sufficient, or add dedicated search (Meilisearch, etc.)? -3. **Thumbnail generation**: Generate thumbnails from .FCStd on commit? Useful for web UI browsing. - -4. **Search indexing**: PostgreSQL full-text search sufficient, or add dedicated search (Meilisearch, etc.)? - -5. **Offline operation**: Should FreeCAD workbench support offline mode with sync? Adds significant complexity. +3. **Checkout locking**: Pessimistic vs optimistic locking strategy for multi-user CAD file editing. --- @@ -706,7 +732,6 @@ POST /api/inventory/{partNumber}/adjust - **CycloneDX BOM specification**: JSON/YAML schema patterns for component identification, relationships, and metadata (https://cyclonedx.org) - **OpenBOM data model**: Reference-instance separation, flexible property schemas -- **FreeCAD DynamicData workbench**: Custom property patterns in FreeCAD - **Ansible inventory YAML**: Hierarchical configuration patterns with variable inheritance ### 14.2 Related Standards diff --git a/docs/STATUS.md b/docs/STATUS.md index 3a38e0c..0db0033 100644 --- a/docs/STATUS.md +++ b/docs/STATUS.md @@ -1,6 +1,6 @@ # Silo Development Status -**Last Updated:** 2026-01-29 +**Last Updated:** 2026-02-06 --- @@ -10,34 +10,33 @@ | Component | Status | Notes | |-----------|--------|-------| -| PostgreSQL schema | Complete | 7 migrations applied | +| PostgreSQL schema | Complete | 10 migrations applied | | YAML schema parser | Complete | Supports enum, serial, constant, string segments | | Part number generator | Complete | Scoped sequences, category-based format | -| API server (`silod`) | Complete | 35+ REST endpoints via chi/v5 | +| API server (`silod`) | Complete | 74 REST endpoints via chi/v5 | | CLI tool (`silo`) | Complete | Item registration and management | | MinIO file storage | Complete | Upload, download, versioning, checksums | | Revision control | Complete | Append-only history, rollback, comparison, status/labels | | Project management | Complete | CRUD, many-to-many item tagging | | CSV import/export | Complete | Dry-run validation, template generation | -| Web UI | Complete | Items and schemas pages (htmx) | +| ODS import/export | Complete | Items, BOMs, project sheets, templates | +| Multi-level BOM | Complete | Recursive expansion, where-used, CSV/ODS export/import | +| Authentication | Complete | Local (bcrypt), LDAP/FreeIPA, OIDC/Keycloak | +| Role-based access control | Complete | admin > editor > viewer hierarchy | +| API token management | Complete | SHA-256 hashed, bearer auth | +| Session management | Complete | PostgreSQL-backed (pgxstore), 24h lifetime | +| Audit logging | Complete | audit_log table, completeness scoring | +| CSRF protection | Complete | nosurf on web forms | +| Fuzzy search | Complete | sahilm/fuzzy library | +| Web UI | Complete | Items, projects, schemas, audit pages (htmx) | +| Odoo ERP integration | Partial | Config and sync-log CRUD functional; push/pull are stubs | | Docker Compose | Complete | Dev and production configurations | | Deployment scripts | Complete | setup-host, deploy, init-db, setup-ipa-nginx | | systemd service | Complete | Unit file and environment template | -### FreeCAD Workbench +### Client Integrations -| Command | Status | Notes | -|---------|--------|-------| -| Silo_Save | Implemented | Auto-save + upload to MinIO | -| Silo_Commit | Implemented | Save with revision comment | -| Silo_Pull | Implemented | Download / create items | -| Silo_Push | Implemented | Batch upload modified files | -| Silo_Info | Implemented | View revision history | -| Silo_Register | Implemented | Generate part number for document | -| Silo_Open | Implemented | Open item by part number | -| Silo_Browse | Implemented | Browse items in list dialog | - -Workbench needs end-to-end testing with a running Silo instance. +FreeCAD workbench and LibreOffice Calc extension are maintained in separate repositories ([silo-mod](https://git.kindred-systems.com/kindred/silo-mod), [silo-calc](https://git.kindred-systems.com/kindred/silo-calc)). The server provides the REST API and ODS endpoints consumed by those clients. ### Not Yet Implemented @@ -47,7 +46,7 @@ Workbench needs end-to-end testing with a running Silo instance. | Inventory API endpoints | Database tables exist, no REST handlers | | Date segment type | Schema parser placeholder only | | Part number format validation | API accepts but does not validate format on creation | -| Unit tests | No test coverage | +| Unit tests | Minimal: 1 Go test file (`internal/ods/ods_test.go`) | --- @@ -65,7 +64,7 @@ Workbench needs end-to-end testing with a running Silo instance. The part numbering schema (`kindred-rd`) is at **version 3** using the `{category}-{sequence}` format (e.g., `F01-0001`). This replaced the earlier `{project}-{type}-{sequence}` format. Projects are now managed as many-to-many tags rather than being embedded in part numbers. -The schema defines 70+ categories across 10 groups: +The schema defines 170 category codes across 10 groups: - F01-F18: Fasteners - C01-C17: Fluid Fittings - R01-R44: Motion Components @@ -90,3 +89,6 @@ The schema defines 70+ categories across 10 groups: | 005_property_schema_version.sql | Property versioning framework | | 006_project_tags.sql | Many-to-many project-item relationships | | 007_revision_status.sql | Revision status and labels | +| 008_odoo_integration.sql | Odoo ERP integration tables (integrations, sync_log) | +| 009_auth.sql | Authentication system (users, api_tokens, sessions, audit_log, user tracking columns) | +| 010_item_extended_fields.sql | Extended item fields (sourcing_type, sourcing_link, standard_cost, long_description) |