| 55e9501 | | | 1 | # Grove Audit — 2026-02-22 |
| 55e9501 | | | 2 | |
| 55e9501 | | | 3 | Full audit of codebase + production server. Working through items top to bottom. |
| 55e9501 | | | 4 | |
| 55e9501 | | | 5 | --- |
| 55e9501 | | | 6 | |
| 55e9501 | | | 7 | ## Critical Infrastructure |
| 55e9501 | | | 8 | |
| 55e9501 | | | 9 | - [x] **Disk cleanup** — Pruned 164GB Docker build cache. Server now at 16% (183GB free). |
| 55e9501 | | | 10 | - [x] **Backups** — Daily backup script at `/opt/grove/backup.sh`, cron at 4am UTC, 7-day retention. Covers SQLite DBs, blobstore, Mononoke config, TLS certs, compose config. |
| 55e9501 | | | 11 | - [x] **Firewall** — UFW enabled. SSH restricted to admin IP, HTTP/S and Mononoke ports open to all. |
| 55e9501 | | | 12 | |
| 55e9501 | | | 13 | ## Code Review (Diffs) |
| 55e9501 | | | 14 | |
| 55e9501 | | | 15 | - [x] **Test the diff workflow end-to-end** — Found: no "New Diff" button in UI, API queries broken for org-owned repos. |
| 55e9501 | | | 16 | - [x] **Fix whatever is blocking diff creation** — Added "New Diff" button + `/diffs/new` page with branch picker. Fixed all diffs.ts queries to use `repos_with_owner` view instead of broken `JOIN users o ON r.owner_id` pattern. |
| 55e9501 | | | 17 | |
| 55e9501 | | | 18 | ## Dead Code & Redundancy |
| 55e9501 | | | 19 | |
| 59985bb | | | 20 | - [x] **Hub-api tables audit** — No dead tables. `merge_requests` was renamed to `diffs` via migration. All tables actively used. |
| 55e9501 | | | 21 | - [ ] **Clarify repos ownership** — hub-api has `repos` table (1 row), grove-api has `repos` table (5 rows). Which is canonical? Probably grove-api — clean up hub-api's. |
| 55e9501 | | | 22 | - [ ] **Consolidate API clients** — Three separate implementations: `web/lib/api.ts`, CLI's client, VS Code extension's `client.ts`. Consider a shared package. |
| 59985bb | | | 23 | - [ ] **Finish Ring** — Planned feature, not dead code. Log ingestion API works, UI exists. Needs integration (Canopy → Ring logging, instance reporting). |
| 55e9501 | | | 24 | - [ ] **Remove or finish CLI CI stubs** — `ci runs`, `ci status`, `ci logs`, `ci trigger`, `ci cancel` are partially wired. |
| 59985bb | | | 25 | - [x] **api/src/routes/auth.ts** — Does not exist. Auth handled entirely by hub-api. No vestigial code. |
| 55e9501 | | | 26 | - [ ] **Audit addons/ directory** — ISL, isl-server, shared, components, vscode extension. ~44k files, mostly extracted from Sapling. Decide what's actually used. |
| 55e9501 | | | 27 | |
| 55e9501 | | | 28 | ## Documentation |
| 55e9501 | | | 29 | |
| 59985bb | | | 30 | - [x] **Update GROVE.md** — Rewritten to reflect current state: WebAuthn auth, Hub API + Grove API split, Canopy CI/CD, Ring, CLI, production deployment, database schemas. |
| 55e9501 | | | 31 | |
| 55e9501 | | | 32 | ## Quality & Reliability |
| 55e9501 | | | 33 | |
| 55e9501 | | | 34 | - [ ] **Add API tests** — Zero test files in api/, hub-api/, or cli/. At minimum: auth flow, repo CRUD, diff CRUD. |
| 55e9501 | | | 35 | - [ ] **Standardize error responses** — Inconsistent between hub-api and grove-api (mix of 401/404/500, different shapes). |
| 55e9501 | | | 36 | - [ ] **Type safety** — Many `any` types in route handlers. Fastify request decorators not fully typed. |
| 55e9501 | | | 37 | - [ ] **Database migration cleanup** — `api/src/services/database.ts` is 650 lines with complex table-rebuild migration logic and legacy table refs. |
| 55e9501 | | | 38 | |
| 55e9501 | | | 39 | ## Security |
| 55e9501 | | | 40 | |
| 55e9501 | | | 41 | - [ ] **JWT in localStorage** — XSS risk. Should migrate to HttpOnly cookies. |
| 55e9501 | | | 42 | - [ ] **Docker socket exposure** — grove-api has `/var/run/docker.sock` mounted for Canopy CI. Known risk, needs sandboxing strategy. |
| 55e9501 | | | 43 | - [ ] **Rate limiting** — No rate limiting on any API endpoint. |
| 55e9501 | | | 44 | |
| 55e9501 | | | 45 | ## Strategic Decisions (Deferred) |
| 55e9501 | | | 46 | |
| 55e9501 | | | 47 | - [ ] **Hub API vs Grove API merge** — With one instance running, the split adds complexity (separate DBs, JWT signing ceremony, user sync). May want to merge. |
| 55e9501 | | | 48 | - [ ] **ISL integration** — Embedding smartlog in web UI was planned in GROVE.md Phase 6. Addons directory is mostly ISL. Decide if still pursuing. |
| 55e9501 | | | 49 | - [ ] **VS Code extension** — Significant code in addons/vscode/. Decide priority. |
| 55e9501 | | | 50 | - [ ] **Code search** — Not started. Eventually needed for a GitHub-like experience. |
| 55e9501 | | | 51 | - [ ] **Monitoring** — No Prometheus, no health dashboards, no alerting. |
| 55e9501 | | | 52 | |
| 55e9501 | | | 53 | --- |
| 55e9501 | | | 54 | |
| 55e9501 | | | 55 | ## Production Server Reference |
| 55e9501 | | | 56 | |
| 55e9501 | | | 57 | | Property | Value | |
| 55e9501 | | | 58 | |----------|-------| |
| 55e9501 | | | 59 | | IP | 178.156.247.203 | |
| 55e9501 | | | 60 | | Domains | grove.host, canopy.grove.host, ring.grove.host | |
| 55e9501 | | | 61 | | OS | Ubuntu, Linux 6.8.0-52-generic | |
| 55e9501 | | | 62 | | CPU | 8-core AMD EPYC-Milan | |
| 55e9501 | | | 63 | | RAM | 30GB (2.1GB used) | |
| 59985bb | | | 64 | | Disk | 226GB total, 34GB used (16%) after cleanup | |
| 55e9501 | | | 65 | | Containers | 8 (Caddy, registry, hub-api, grove-api, grove-web, mononoke-slapi, mononoke-git, grove-bridge) | |
| 55e9501 | | | 66 | | Data | 2 users, 3 orgs, 5 repos, 191 CI runs | |
| 55e9501 | | | 67 | | Compose | /opt/grove/docker-compose.yml | |
| 55e9501 | | | 68 | | Data dir | /data/grove/ | |
| 55e9501 | | | 69 | | TLS | Let's Encrypt (Caddy) + self-signed CA (Mononoke mTLS) | |