feat: all-in-one secure Reva.exe (single self-contained .NET binary, no Node)#53
Merged
Conversation
Port the chat agent from the Next.js route to a native .NET streaming endpoint (POST /api/agent) so the app needs no Node runtime. The endpoint runs an Ollama tool-loop (list/get/reconcile/explain over the document workflow and review assembler) via Microsoft.Extensions.AI function invocation and reproduces the AI-SDK UI-message-stream SSE protocol, so the existing chat UI works unchanged. An unreachable model degrades to a graceful in-stream message instead of a failed request. Build the frontend as a static export (output: export): delete the Next.js agent route, drop the ollama-ai-provider-v2 and zod server-only deps, and point the chat transport at the API host so it is same-origin in the packaged build and CORS-bridged in dev. Refs #52
Host the static export from the .NET app: default-files + static-files serve the build, and a SPA fallback resolves client routes (e.g. /review) to their static HTML, otherwise to index.html, with a web-root containment guard. API routes and /health keep precedence. CORS stays dev-only in effect since the packaged build is single-origin. Add best-effort local-model management: start a local Ollama if one is installed but not running, and expose GET /api/agent/status reporting whether the model is reachable. The chat degrades gracefully when it is not; every other feature stays fully deterministic. Refs #52
…kage The Windows package now builds the static UI (same-origin) and stages it into wwwroot before the self-contained single-file publish, so one Reva.exe serves the UI, the API, OCR, and the chat with no Node runtime. The smoke test asserts the bundled UI is served and the chat endpoint streams a UI-message-stream response (degrading gracefully without a local model), and CI installs Node and pnpm so it can build and smoke-test the full package. Refs #52
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Reva now ships as one secure, self-contained Windows
Reva.exethat runs the entire product — UI, API, OCR, and the assistant chat — with no Node runtime and localhost-only. Previously the packaged exe was backend-only and the Next.js UI/Ollama were separate. Single self-contained .NET binary architecture (owner-approved).What shipped
POST /api/agent): ports the Vercel-AI-SDK tool-loop to .NET viaMicrosoft.Extensions.AIfunction invocation over Ollama (OpenAI-compat/v1), with 4 tools (list/get/reconcile/explain) over the existing document workflow + review assembler. Reproduces the AI-SDK UI-message-stream SSE protocol so the existing chat UI is unchanged. Bounded inputs; an unreachable model degrades to a graceful in-stream message.output: 'export'): deleted the Next.js agent route, dropped theollama-ai-provider-v2+zodserver-only deps, and repointed the chat transport so it is same-origin in the package and CORS-bridged in dev..NETserves the static export fromwwwroot(default-files + static-files + a SPA fallback that resolves/reviewetc. to their static HTML, with a web-root containment guard). API +/healthkeep precedence.GET /api/agent/status; localhost-only bind; no secrets.package-windows.ps1builds the static UI and stages it intowwwrootbefore the self-contained single-file publish;package-smoke.ps1asserts the bundled UI is served and the chat streams a UI-message-stream response (graceful without a model); CI installs Node + pnpm to build and smoke-test the full package.Proof
dotnet build -warnaserror0/0;dotnet testUnit 39 + Integration 17;dotnet format --verify-no-changesclean. Web:tsc/eslint/next build(export) all 0.curl -X POST /api/agentreturns the exact UI-message-stream SSE (start → tool-input/output-available → text deltas → finish → [DONE]); the real frontend chat runs the multi-tool loop and renders a grounded, source-cited answer (Premium USD 4,400,000 vs 5,550,000, etc.). Hard-load of/reviewresolves via the SPA fallback.package-windows.ps1producedReva.exe(self-contained, native OCR libs self-extracting) + bundledwwwroot. Running the published exe standalone: serves the UI at/,/reviewvia SPA fallback,/api/agent/statusreports the model reachable, seeds + OCRs the demo corpus, and shows the first-run tour — one binary handling everything.Acceptance
One
Reva.exe: serves UI + API same-origin on one localhost port; chat works with Ollama and degrades gracefully without it; all features work; package-smoke green in CI; no Node runtime; no secrets.Closes #52