Skip to content

Rebuild AI-driven architecture foundation#5

Open
ID377585 wants to merge 17 commits into
mainfrom
rebuild/ai-driven-architecture
Open

Rebuild AI-driven architecture foundation#5
ID377585 wants to merge 17 commits into
mainfrom
rebuild/ai-driven-architecture

Conversation

@ID377585

@ID377585 ID377585 commented Jun 6, 2026

Copy link
Copy Markdown
Owner

Validação local informada:

  • corepack enable executado.
  • pnpm install passou usando pnpm v10.12.4.
  • pnpm build passou.
  • Prisma Client gerado com sucesso.
  • Builds concluídos para apps/realtime, packages/database, packages/tarot-core, packages/ui, packages/vision-core e apps/web.

Observações:

  • O projeto usa pnpm, conforme packageManager no package.json.
  • Não usar npm install nessa branch para evitar alterações indevidas de lockfile/workspace.
  • Há aviso de depreciação do package.json#prisma, que pode virar tarefa futura para migrar para prisma.config.ts.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 47fe9255e8

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment on lines +23 to +24
socket.on("room:join", ({ roomCode, role }) => {
socket.join(roomCode);

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Validate realtime joins against guest access

When a guest link has been revoked or expired, this socket server still accepts any client that knows the roomCode because room:join only uses roomCode/role and does not validate the guest token or reading state. The guest page discloses the room code after token authentication, so a stale or copied room code can reconnect directly to the realtime endpoint and receive WebRTC offers even after the web app rejects the token; require a valid guest token/session for joins or proxy this through the access check.

Useful? React with 👍 / 👎.


const confirmCardSchema = z.object({
cardSlug: z.string().min(1),
position: z.number().int().min(1),

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Reject cards beyond the configured spread

For readings with a limited cardsCount such as a 3-card spread, this endpoint accepts any positive position and confirmReadingCard upserts it without comparing against the reading type. The host UI also lets the position advance after the last card, so a normal session can persist extra cards that make the teleprompter/report disagree with the selected spread; validate the position against reading.readingType.cardsCount before saving.

Useful? React with 👍 / 👎.

Comment on lines +163 to +165
streamRef.current?.getTracks().forEach(track => {
peer.addTrack(track, streamRef.current as MediaStream);
});

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Add tracks after camera readiness before offering

If the guest joins while the host is still granting camera permission, ensurePeer() creates the RTCPeerConnection and sends an offer before streamRef.current is populated, so no tracks are added and the later getUserMedia success never renegotiates or adds tracks to the existing peer. In that timing, the guest connects but never receives video; wait for the stream before creating the offer or add tracks/renegotiate when the stream becomes available.

Useful? React with 👍 / 👎.

ID377585 commented Jun 6, 2026

Copy link
Copy Markdown
Owner Author

Validação local adicional:

  • git status: working tree clean após remover package-lock.json criado por engano via npm install.
  • pnpm check passou:
    • lint passou;
    • testes passaram em packages/tarot-core, packages/vision-core e apps/web;
    • build passou para packages/database, apps/realtime, packages/tarot-core, packages/ui, packages/vision-core e apps/web.

Pendências locais não bloqueantes do PR:

  • docker compose up -d não rodou porque Docker não está instalado/disponível no PATH (zsh: command not found: docker).
  • pnpm prisma:migrate e pnpm prisma:seed falharam porque DATABASE_URL ainda não está configurado no ambiente local.

Próximo passo local: instalar/abrir Docker Desktop e criar .env a partir de .env.example antes de rodar pnpm db:up, pnpm prisma:migrate e pnpm prisma:seed.

ID377585 commented Jun 6, 2026

Copy link
Copy Markdown
Owner Author

Validação local adicional concluída:

  • .env configurado com DATABASE_URL, AUTH_SECRET, NEXTAUTH_URL, REALTIME_SERVER_URL, VISION_SERVICE_URL, SEED_ADMIN_EMAIL e SEED_ADMIN_PASSWORD.
  • Docker disponível: Docker version 29.5.2.
  • pnpm db:up subiu o container taro-postgres.
  • pnpm prisma:migrate aplicou/validou a migration 20260604000000_init e deixou o banco em sincronia.
  • pnpm prisma:seed executou com sucesso:
    • admin: admin@taro.local
    • cards: 78
    • readingTypes: 10
  • pnpm dev:web subiu o Next.js em http://localhost:3000.
  • Fluxo manual validado no navegador: /login, autenticação por credenciais, /dashboard, /dashboard/cards, /register e /dashboard/reading-types responderam 200.
  • pnpm lint, pnpm test e pnpm build passaram novamente.

Observação: ao tentar colar o prompt da spec 013 no terminal, alguns trechos foram interpretados pelo zsh como comandos, mas não houve alteração no Git; git status ao final ficou limpo na branch spec/013-biblioteca-cartas.

ID377585 commented Jun 6, 2026

Copy link
Copy Markdown
Owner Author

Validação local adicional:

  • pnpm lint passou.
  • pnpm test passou em packages/tarot-core, packages/vision-core e apps/web.
  • pnpm build passou, incluindo Prisma Client e builds dos apps/packages.
  • pnpm db:up confirmou taro-postgres rodando.
  • pnpm prisma:migrate confirmou banco em sincronia, sem migrations pendentes.
  • pnpm prisma:seed executou novamente com sucesso: admin admin@taro.local, cards: 78, readingTypes: 10.
  • pnpm dev:web subiu o app e /register respondeu 200; POST /register também respondeu 200, validando o fluxo inicial de cadastro.

Observação: foi criada localmente a branch spec/013-biblioteca-cartas, mas não houve alteração porque a biblioteca/seed de 78 cartas já está presente na branch rebuild. git status ficou limpo.

ID377585 commented Jun 7, 2026

Copy link
Copy Markdown
Owner Author

Validação local adicional:

  • Branch local voltou para rebuild/ai-driven-architecture com working tree clean.
  • Fluxos 005/006/007 foram validados manualmente:
    • /dashboard/reading-types respondeu 200.
    • POST /dashboard/reading-types respondeu 200.
    • /dashboard/readings/new respondeu 200.
    • POST /dashboard/readings/new respondeu 303.
    • leitura criada com guestToken.
    • /dashboard/readings/[id]/live respondeu 200.
  • pnpm lint passou.
  • pnpm test passou.
  • pnpm build passou.
  • pnpm prisma:migrate confirmou banco em sincronia.
  • pnpm prisma:seed executou com sucesso com cards: 78 e readingTypes: 10.

Observação: erro NotAllowedError: Permission denied apareceu apenas ao abrir a live room no navegador interno do VS Code; no Chrome externo, a câmera/microfone funcionam após conceder permissão.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant