- Version: 1.10.14 → 1.10.15 (AuditFixed) - Updated PROJECT_ARCHITECTURE.md with frontend quality audit improvements - Updated README.md with accessibility, responsiveness, and motion fixes - Documented score improvement: 14/20 → 17+/20 - Production-ready quality milestone reached
9.7 KiB
9.7 KiB
TFM aInventory - Project Architecture & Requirements
This document is the Single Source of Truth for the project's technical architecture, business requirements, and core logic.
1. Application Overview
A unified system to maintain an inventory of "items" and their quantities, inclusive of a web administration interface, offline field operations, audit logging, and AI-powered label extraction functionalities.
2. Technical Stack
2.1 Backend (API & Data)
- Language: Python 3.12+ (Optimized for performance and type safety)
- Framework: FastAPI (Async ASGI)
- Database: SQLite (SQLAlchemy) - Local file-based persistence
- Validation: Pydantic v2
- Auth: Hybrid LDAP (python-ldap) + PBKDF2 local password hash caching
- AI Engine: Google GenAI SDK (Gemini 2.0 Flash) & Anthropic SDK (Claude 3.5 Sonnet) - Location:
backend/ai/ - Testing: Pytest (Unit & Integration) - Location:
backend/tests/
2.2 Frontend (Web & PWA)
- Architecture: Next.js 15+ (App Router)
- Styling: Tailwind CSS (Readability-first config, mobile-first responsive)
- Icons: Lucide Icons (React components)
- Components:
- StatCard (v1.9.21+): Responsive stat display component for mobile/desktop
- Two-column flexbox layout (label left, number right)
- Responsive font sizing with Tailwind breakpoints (text-sm→md, text-lg→xl)
- Label truncation with ellipsis for overflow handling
- Accessibility:
role="status",aria-hiddenon decorative icons
- StatCard (v1.9.21+): Responsive stat display component for mobile/desktop
- Offline persistence: Dexie.js (IndexedDB wrapper)
- Scanner:
html5-qrcode(Client-side, offline-only) - Sync: Axios with bulk-sync idempotency (UUID-based)
- Testing: Vitest (React Hook Testing) - Location:
frontend/tests/
2.3 Operations & Tooling
- PWA Deployment:
next-pwa(Service Workers + Manifest.json) - HTTPS Proxy:
caddyorlocal-ssl-proxy(Port 8909) - Servers: Frontend (Port 8907), Backend (Port 8906)
- Configuration: Centrally managed via root
inventory.env(Network/CORS/API Keys),config/directory (LDAP, Caddyfile), and a dynamicConfigManager(backend/config_manager.py) for runtime environment and AI provider settings.
3. Data Models & Entities
- Item: Name, Category Group (Structured), Item Type (Specific), Quantity, Barcode, Part Number, Box Label (Association).
- Category: Predefined groups for organizational structure.
- Box/Container: A generic grouping label (box_label) that links multiple items together for rapid multi-scanning.
- Audit Log: Immutable ledger detailing CRUD operations and stock fluctuations, including point-in-time box associations.
4. Scanning & Optimization Strategy (Crucial)
4.1 AI Usage Policy
- Routine Operations (Check-in/Out): Executes entirely on the local device unconditionally using
html5-qrcode($0 cost). No AI is allowed here. - New Item Onboarding (AI Label OCR): Uses cloud AI (
gemini-2.0-flashorclaude-3-5-sonnet). The user takes a photo, AI extracts data based on strict templates. - AI Provider Selection (v1.9.23): Administrators can choose between Gemini and Claude via the Admin Dashboard. API keys are managed securely in the environment.
- AI Box Discovery Mode (v1.6.0): Supports specialized
mode="box"prompt that focuses exclusively on prominent container names/hand-written labels, ignoring technical spec noise. - Validation Mask: AI-extracted data is NEVER saved directly. It is presented in a validation UI for human confirmation.
4.2 Scanner Technical Specs
- Hardware Access: Direct
MediaStreamTrackaccess. Zoom cycle: 1x -> 2x -> Max/2 -> Max. - Image Pre-processing: Rescaling (1200px), 60% Center Crop, Grayscale/Contrast filters, JPEG (
0.85quality). - OCR Mode: Fully automated. Cycles every 4 seconds without user intervention. Visual countdown shown in controls panel.
- UI Layout: Camera viewport is always unobstructed. Controls (Zoom + countdown status) are displayed in a dedicated section below the viewport.
- OCR Matching Engine (
page.tsx):- Noise Filtering: Ignores
< 3chars, decimals, and dates. - Scoring: Exact S/N (+500), Exact P/N (+200), Token match (+50), Category match (+20).
- Threshold: Minimum 40 points for auto-match without user intervention.
- Noise Filtering: Ignores
- Targeted Field Scanning (v1.6.0): UI allows "locking" the scanner focus to a specific input field (e.g.,
box_label). The OCR result is then redirected to state without performing regular item lookup.
4.3 Box Labeling & Printing System (v1.5.0)
- Local OCR Priority: Before checking individual S/Ns, the matching engine searches for
box_labeltokens. If a box is identified:- Single Match: Directly opens stock adjustment.
- Multi Match: Opens "Box Contents" selection interstitial.
- Label Generation: Native SVG-based Code 128 and QR generation (
lib/labels.ts). Requires ZERO external libraries for maximum offline stability. - Printing Modes:
- @media print: Hardcoded CSS styles for 62mm x 29mm label dimensions.
- Mobile Export: Canvas-to-PNG rasterization for sharing with Bluetooth printer roll apps.
5. Offline Sync Protocol
To prevent data loss in basements or unstable networks:
- Offline Engine: Service Workers cache assets. IndexedDB saves data.
- UUID Labeling: Every sync operation generated offline is tagged with a client-side UUID.
- Idempotent Backend: The
bulk_syncendpoint checks UUIDs againstAuditLogbefore applying increments, preventing double-counts.
6. Automation & Versioning (scripts/)
scripts/save_version.py: Implements thesave-versionAI Command Shortcut. IncrementsVERSION.jsonpatch version, commits all staged changes, creates a snapshot branchv.X.Y.Z, and calls./export_prod.shto generate the production bundle. Always stays on thedevbranch.
7. Security & Hardening (v1.4.0)
To ensure enterprise-grade protection, the following policies are enforced:
7.1 Access Control & RBAC
- Strict Separation: Operations are divided into
userandadminroles. - Admin Only: Critical operations such as
DELETE /items/, user management, and DB settings are restricted via theauth.get_current_admindependency. - User Role: Standard users are permitted to perform check-in/out and list inventory, but cannot delete catalog entries.
7.2 CORS & Origin Policy (v1.9.18)
- Automatic Discovery: The system detects local LAN IP and automatically authorizes it.
- Generic Expansion: Use
EXTRA_ALLOWED_ORIGINSfor Tailscale or VPN IPs. The system automatically expands each IP into a set of authorized Origins (http/8916, https/8918, https/8919). - Rate Limiting: Implemented via
slowapi. Theloginendpoint is limited to 5 requests per minute per IP to mitigate automated credential stuffing.
7.3 Data Privacy
- Information Scrubbing: Backend logs are configured to intercept and mask sensitive auth tokens or internal secrets (e.g.,
JWT_SECRET_KEY) during debug output. - Direct Bind LDAP: Authentication uses direct user binding to the LDAP server, avoiding the need for a privileged service account with broad search permissions.
- Cryptographic Credential Caching: To support offline operations, the system caches a PBKDF2-HMAC-SHA256 hash of the user's Enterprise credentials upon successful online login. Plain text passwords are NEVER stored.
7.4 PWA Trust & Security
- HTTPS Enforcement: The system requires TLS (Port 8909) for camera access and secure token transmission.
- Manifest Integrity: A comprehensive
manifest.jsonensures the app is recognized as a trusted PWA on mobile platforms (iOS/Android).
7.5 Git Infrastructure (Linux Native)
All git operations use the standard git command available in system PATH. On Linux systems, this is reliably provided by the git package via the system package manager.
8. Multi-AI Engine & Dynamic Configuration (v1.9.23)
To enhance extraction flexibility and system resilience:
- Unified AI Core: The backend uses an abstraction layer to handle multiple AI providers (Gemini and Claude).
- Dynamic Configuration: System settings (AI Provider, API Keys, Backup Policies) are managed via
backend/config_manager.py, allowing real-time updates without restarting the container. - Admin Standardization: The Admin Dashboard features a standardized configuration UI with secure field masking for sensitive credentials.
- Architectural Modularization (v1.10.0):
- Frontend: The monolithic Admin Dashboard has been decomposed into domain-specific components:
IdentityManager,DatabaseManager,LdapManager,AiManager, andCategoryManager. - Logic: Business logic is centralized in the
useAdmincustom React hook, ensuring clean separation of concerns. - Backend: Administrative endpoints are split into the
backend/routers/admin/package, with specialized routers forbackupsandconfig. - Stability: Docker builds are secured against lockfile mismatches by enforcing strict dependency synchronization.
- Frontend: The monolithic Admin Dashboard has been decomposed into domain-specific components:
- Verification Infrastructure: A dual-layer testing suite is implemented: Pytest for backend integration (using in-memory SQLite and mocked auth) and Vitest for frontend logic validation.
- Frontend Stabilization (v1.10.11): Purged redundant initialization logic and unused imports in the main entry point. Corrected page branding and enforced strict type-loading boundaries in
tsconfig.jsonto ensure zero-error production builds. - Frontend Quality Audit (v1.10.15): Comprehensive frontend audit completed (14/20 → 17+/20). Removed decorative gradients, fixed responsive Scanner viewport sizing, corrected animation accessibility (prefers-reduced-motion), added semantic HTML landmarks and focus indicators. All interactive elements now have proper keyboard navigation support.