3.5 KiB
Scriberr Backend Rules
-
internal/apiis an HTTP adapter only: authenticate, validate, call one service method, map the response. -
Production API code must not import
internal/database, calldatabase.DB, construct repositories, or run GORM queries. -
Long-running work never runs inside handlers; transcription, import extraction, summaries, chat generation, recording finalization, and future automation go through durable services or workers.
-
State transitions have one owner. Queue and transcription status changes must use repository/service methods like enqueue, claim, renew, progress, complete, fail, cancel, and recover.
-
Repositories own persistence shape. Services ask for domain operations; GORM structs, raw rows, SQL details, and schema compatibility stay behind
internal/repositoryandinternal/models. -
ASR, LLMs, media extraction, storage, auth tokens, and webhooks stay behind narrow interfaces so tests can fake them and adapters can change.
-
File paths are internal. Handlers and public responses must not expose or construct local paths; use file, recording, media import, or transcript storage services.
-
Every user-owned operation is scoped by
user_id, including files, transcriptions, profiles, summaries, chat, recordings, API keys, queue stats, and automation. -
Cross-user operations are admin-only service use cases. Do not let normal product services accept target user IDs from request bodies; use the authenticated principal, and use separate admin commands for user management and global settings.
-
Authorization is explicit. Admin routes must require an authenticated user with an admin role, and background/system paths must not be reused as public authorization shortcuts.
-
Events are small notifications, not source of truth. Persist durable state first, publish after, filter subscriptions by authorized audience, and make clients able to recover by re-fetching REST resources.
-
Database design must use relational constraints for core state. Prefer typed columns, foreign keys, composite unique indexes, partial unique indexes for per-user defaults, and query-driven composite indexes over unindexed JSON blobs or ad hoc string conventions.
-
New durable tables with ownership must include
user_id NOT NULL, an index beginning withuser_idfor user-facing access paths, and foreign-key behavior that matches the lifecycle. New code must not rely onuser_id = 1defaults except in explicit legacy migration paths. -
Secrets are never stored raw. Passwords use password hashing, refresh tokens and API keys use one-way hashes, provider credentials are encrypted or otherwise protected before persistence, and public DTOs/logs never expose secret values.
-
The transcription queue is shared infrastructure. Scheduler policy is configured by admin-only settings, implemented behind a scheduler boundary, and must preserve user isolation in stats, events, cancellation, logs, and result reads.
-
Queue state transitions have one owner. Enqueue, claim, renew, progress, complete, fail, cancel, recover, and scheduler-policy selection must remain repository/service operations, not handler logic.
-
Configuration is loaded once, validated at startup, and injected. Runtime code must not read environment variables directly or silently create missing dependencies.
-
internal/appis the only backend composition root.cmd/serverowns process concerns only, and non-bootstrap packages must not importinternal/apiorinternal/database.