bunny-lab/Borealis-Github-Replica
1
0
Fork 0
mirror of https://github.com/bunny-lab-io/Borealis.git synced 2025-12-16 15:25:48 -07:00
Code Issues Packages Projects Releases Wiki Activity
Files
a5c10718cadb077fe7ebfa30117ac0b614ebaa10
Borealis-Github-Replica/Docs/Codex/BOREALIS_ENGINE.md

2.7 KiB
Raw Blame History

Codex Guide: Borealis Engine

Use this doc for Engine work (successor to the legacy server). For shared guidance, see Docs/Codex/SHARED.md.

Scope & Runtime Paths

  • Bootstrap: Borealis.ps1 launches the Engine and/or Agent. The equivalant bootstrap script exists for Linux when running Borealis.sh.
  • Edit in Data/Engine; runtime copies live under /Engine and are discarded every time the engine is launched.

Architecture

  • Runtime: Data/Engine/server.py with NodeJS + Vite for live dev and Flask for production serving/API endpoints.

Development Guidelines

  • Every Python module under Data/Engine or Engine/Data/Engine starts with the standard commentary header (purpose + API endpoints). Add the header to any existing module before further edits.

Logging

  • Primary log: Engine/Logs/engine.log with daily rotation (engine.log.YYYY-MM-DD); do not auto-delete rotated files.
  • Subsystems: Engine/Logs/<service>.log; install output to Engine/Logs/install.log.
  • Keep Engine-specific artifacts within Engine/Logs/ to preserve the runtime boundary.

Security & API Parity

  • Mirrors legacy mutual trust: Ed25519 device identities, EdDSA-signed access tokens, pinned Borealis root CA, TLS 1.3-only serving, Authorization headers + service-context markers on every device API.
  • Implements DPoP validation, short-lived access tokens (~15 min), SHA-256hashed refresh tokens (30-day) with explicit reuse errors.
  • Enrollment: operator approvals, conflict detection, auditor recording, pruning of expired codes/refresh tokens.
  • Background jobs and service adapters maintain compatibility with legacy DB schemas while enabling gradual API takeover.

Reverse Tunnels

  • Full design and lifecycle are in Docs/Codex/REVERSE_TUNNELS.md (domains, limits, framing, APIs, stop path, UI hooks).
  • Engine orchestrator is Data/Engine/services/WebSocket/Agent/reverse_tunnel_orchestrator.py with domain handlers under Data/Engine/services/WebSocket/Agent/Reverse_Tunnels/.

WebUI & WebSocket Migration

  • Static/template handling: Data/Engine/services/WebUI; deployment copy paths are wired through Borealis.ps1 with TLS-aware URL generation.
  • Stage 6 tasks: migration switch in the legacy server for WebUI delegation and porting device/admin API endpoints into Engine services.
  • Stage 7 (queued): register_realtime hooks, Engine-side Socket.IO handlers, integration checks, legacy delegation updates.

Platform Parity

  • Windows is primary target. Keep Engine tooling aligned with the agent experience; Linux packaging must catch up before macOS work resumes.

Ansible Support (Shared State)

  • Mirrors the agents unfinished story: treat orchestration as experimental until packaging, connection management, and logging mature.
Reference in New Issue View Git Blame Copy Permalink