1b8ac53dd8
Keeps operating essentials (template gate, ports, build/deploy, env, What's New,\nrepo-specific quirks); moves architecture/endpoints/tables/topics to the HiveIQ\nGuide (guide.bcos.dev) which is kept in sync with code. Part of the guide-KB rollout.\n\nCo-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
81 lines
3.9 KiB
Markdown
81 lines
3.9 KiB
Markdown
# hiveops-aria frontend — CLAUDE.md
|
|
|
|
> ## ⛔ STOP — before writing ANY `.svelte`, use the template
|
|
> 1. Read `hiveops-template/CLAUDE.md` (the design system).
|
|
> 2. **Copy, don't write from scratch** — start from `hiveops-template/frontend/src/components/TablePage.svelte` (list/table pages) or `TemplatePage.svelte` (pages with status/severity badges).
|
|
> 3. Header = **text only**. Action buttons (Add/Refresh/Compose) go in `.toolbar-right`, never in `.header`. *(hook-enforced)*
|
|
> 4. Copy the filter-sidebar + table CSS **verbatim** — never simplify.
|
|
> 5. Scoped `<style>` only — never `import './x.css'`. *(hook-enforced)*
|
|
|
|
ARIA — ATM threat intelligence & precursor-sequence detection (IOC catalog, threat events,
|
|
attack sequences, device posture). Svelte frontend + Spring Boot 3.4 backend.
|
|
Package `com.hiveops.aria`, DB `hiveiq_aria`.
|
|
|
|
| Sub-module | Port | Dev | Prod |
|
|
|---|---|---|---|
|
|
| `backend/` (repo root) | 8095 | `api.bcos.dev/aria/` | `api.bcos.cloud/aria/` |
|
|
| `frontend/` | 5187 | `aria.bcos.dev` | `aria.bcos.cloud` |
|
|
|
|
## 📖 Architecture, endpoints, tables, Kafka, gotchas, testing → the Guide
|
|
|
|
The deep, **code-grounded** knowledge for this service lives in the HiveIQ **Guide** — kept in
|
|
sync with code (unlike hand-written docs, which rot). Query it instead of duplicating here:
|
|
|
|
```bash
|
|
TOKEN=$(curl -s https://api.bcos.dev/auth/api/login -H 'Content-Type: application/json' \
|
|
-d '{"email":"<you>","password":"<pw>"}' | python3 -c 'import sys,json;print(json.load(sys.stdin)["token"])')
|
|
|
|
# service overview:
|
|
curl -s https://api.bcos.dev/guide/api/v1/guide/modules/technical.aria -H "Authorization: Bearer $TOKEN"
|
|
# per-module (Customer / Internal / Architect / Testing / Claude tabs) — read the "Claude" tab to act:
|
|
curl -s https://api.bcos.dev/guide/api/v1/guide/modules/aria.threat-events -H "Authorization: Bearer $TOKEN"
|
|
```
|
|
|
|
Modules: `aria.dashboard`, `aria.threat-events`, `aria.ioc-management`, `aria.ioc-feeds`,
|
|
`aria.precursor-alerts`, `aria.device-posture`. Browse: **https://guide.bcos.dev** (admin login
|
|
shows the internal tabs). The Guide is the source of truth for endpoints, DB tables, Kafka topics,
|
|
roles, gotchas, and how to test — **this file stays thin on purpose.** When you change ARIA
|
|
behaviour, update the Guide content, not this file.
|
|
|
|
## Before writing ANY new component
|
|
|
|
Read an existing sibling component first. Mandatory. Use `IocManagement.svelte` or
|
|
`DevicePosture.svelte` as the reference. Poll the STATUS endpoint only (never trigger a refresh
|
|
from `setInterval`), and always `onDestroy(() => clearInterval(interval))`.
|
|
|
|
## Dev / build
|
|
|
|
```bash
|
|
# backend (repo root)
|
|
./mvnw clean package -DskipTests
|
|
# frontend
|
|
cd frontend && npm install && npm run dev # http://localhost:5187
|
|
```
|
|
|
|
## Build & deploy
|
|
|
|
```bash
|
|
# backend image (hiveiq-aria) — root build.sh; frontend image (hiveiq-aria-frontend) built from frontend/Dockerfile
|
|
./build.sh --registry registry.bcos.dev --push # dev (:dev tag, bcos.dev / .251)
|
|
./build.sh --registry registry.bcos.cloud --push # prod (:latest; CI/CD on merge to main, manual only if CI broken)
|
|
|
|
# deploy dev: ssh .251 → ~/hiveiq/hiveops-openmetal/hiveops/instances/dev
|
|
docker compose pull hiveiq-aria hiveiq-aria-frontend && docker compose up -d hiveiq-aria hiveiq-aria-frontend
|
|
# prod: same on 173.231.195.250 with registry.bcos.cloud
|
|
```
|
|
CI: `.gitea/workflows/cd-develop.yml` (push → develop, deploys to bcos.dev), `cd-main.yml`.
|
|
|
|
## Env vars
|
|
|
|
```
|
|
# backend — hiveiq_aria on hiveiq-postgres
|
|
DB_URL DB_USERNAME DB_PASSWORD # ddl-auto=validate; Flyway owns schema (db/migration)
|
|
JWT_SECRET (shared w/ auth) KAFKA_BOOTSTRAP_SERVERS CORS_ALLOWED_ORIGINS
|
|
```
|
|
Frontend: `VITE_API_URL` = `https://api.bcos.dev/aria` (dev) / `https://api.bcos.cloud/aria` (prod).
|
|
Injected at container runtime into `dist/config.js` (`window.__APP_CONFIG__.apiUrl`) via `entrypoint.sh`.
|
|
|
|
## What's New
|
|
|
|
Edit `hiveops-release/releases.json` → `./deploy.sh` in that repo.
|