cobb/cauldron
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Mealie-backed AI meal planner + shopping list for the family
59 commits 1 branch 0 tags 524 KiB
Find a file
Kayos 1c943ec2d8 audit: fix all critical + high findings before dogfood 
Six audit-driven fixes from 2026-05-02 punch list at memory/cauldron-codebase-audit.md.

CRITICAL
- F-1 routes: SSRF guard on /api/discover/scrape-start. Every URL is
  validated via discover_recipes.is_public_url() — parses host, rejects
  IP literals in private/loopback/link-local/multicast/reserved ranges,
  resolves hostnames via getaddrinfo and rejects if any A/AAAA is private.
  Defense-in-depth: _scrape_one re-validates before fetch in case any
  future caller bypasses the route. Rejected URLs are returned in the
  response payload so the user knows which were skipped.
- F-6 domain: prompt-injection mitigation on enrich_recipe + verify_allergens.
  New apply_allergen_safety_override() in forge.py runs regex pattern-
  matching against the raw ingredient text for the SIX anaphylaxis-class
  allergens (peanuts, nuts, shellfish, fish, eggs, sesame, dairy). On
  match, force contains.<allergen>=TRUE regardless of Sonnet output. False
  positives are recoverable; undetected anaphylaxis is not. Pork/soy/
  gluten not auto-overridden (religious/dietary or too-common).

HIGH
- F-2 routes: /api/discover/reject swapped from global status flip to
  per-household scope. New migration 039 cauldron_discover_skips
  (discover_id, household_id, skipped_by_sub, skipped_at) join table.
  list_discovered_recipes default view filters out caller-household
  skips; ?status=skipped surfaces them for unskip. Different households
  have different tastes.
- F-3a routes: /login?next= same-origin validation. Reject anything that
  doesn't start with `/`, AND reject `//evil.example` protocol-relative
  redirects. One-line fix.
- F-10 domain: Sterilizer.apply_recipe ingredient-count guard. Refuse to
  apply if Mealie's current recipeIngredient length differs from the
  preview's proposals length. Python's zip would silently truncate;
  user edits made during the 60-300s Sonnet window now raise
  RuntimeError instead of getting clobbered. Bulk runner already catches
  RuntimeError per-recipe, marks proposal stale.
- F-15 domain: aggregator qty=None safety net. Ingredients with no
  quantity now go to a separate no_qty_items list instead of being
  silently coerced to 0.0 (which then failed the `any(qty for ...)`
  truthiness check and dropped the food off the shopping list). If no
  other line was emitted, write a "qty unspecified" placeholder so the
  food APPEARS on the list. If a sized line WAS emitted, append a
  "+ N ingredient(s) with no quantity" note.

ALSO (one-liners called out in the punch list)
- Migration 029 DROP INDEX gets IF EXISTS — prevents boot-brick on
  partial-failure retry.
- Flavor B prefix prompt rule — Sonnet now told to keep `lib:`/`disc:`
  prefix verbatim; prevents intermittent 502s on the panel just shipped.
- list_discover_eligible_for_group switched from LEFT JOIN to NOT EXISTS
  subqueries — fixes F-5 data (LIMIT-shrink from cross-group import
  multiplication) and adds the per-household skip filter cleanly.

All edits AST-verified. Allergen regex tested with peanut/fish/clean
inputs — flips correctly, preserves Sonnet TRUEs, no over-broad coverage.

Mediums + lows from the audit are tracked in
memory/cauldron-codebase-audit.md and deferred until Cobb hits them
during dogfood.
2026-05-02 12:43:04 -07:00
cauldron audit: fix all critical + high findings before dogfood 2026-05-02 12:43:04 -07:00
scripts v0.3 step 5: lean shopping list — claude on-demand foods + game strip 2026-04-29 22:02:20 -07:00
tests v0.3 step 3+4: AI plan generator + /list shopping aggregation 2026-04-29 06:26:54 -07:00
.env.example v0.2 foundation — Authentik OIDC + sulkta-mariadb DB + Fernet crypto 2026-04-28 19:47:47 -07:00
.gitignore v0.1 — backend bones + ingredient sterilizer 2026-04-28 16:59:11 -07:00
compose.yml compose: also join sulkta-db-net so cauldron can reach sulkta-mariadb 2026-04-28 19:48:59 -07:00
Dockerfile v0.1 — backend bones + ingredient sterilizer 2026-04-28 16:59:11 -07:00
LICENSE Initial commit 2026-04-28 16:35:30 -07:00
README.md v0.1 — backend bones + ingredient sterilizer 2026-04-28 16:59:11 -07:00
requirements.txt discover v0.1: scrape + search + import 2026-05-01 07:38:27 -07:00

README.md

cauldron

Mealie-backed AI meal planner + shopping list for the family. LAN-only, internal tool. Mealie at recipes.sulkta.com is the source of truth for recipes / meal plans / shopping lists; cauldron is the AI layer + Abby's branded UI on top.

Status

v0.1 — backend bones (current). Ingredient sterilizer endpoint working. No UI yet; bearer-auth API only. Frontend + Authentik OIDC arrives in v0.2. Native Kotlin Android in v0.5.

Surface (v0.1)

GET  /healthz                              liveness + clawdforge upstream
GET  /api/recipes                          list Mealie recipes (paginated)
POST /api/sterilize/preview/<slug>         dry-run AI parse, return proposals
POST /api/sterilize/apply/<slug>           write parses back to Mealie

All routes except /healthz require Authorization: Bearer <ADMIN_BEARER>.

Architecture

Abby's phone (later: Kotlin app)
        │
        ▼
  cauldron (Flask, port 7790, LAN-only)
   ├─ Mealie API client  ─── recipes.sulkta.com  (source of truth)
   ├─ clawdforge client  ─── 192.168.0.5:8800   (claude -p runner)
   └─ Authentik OIDC (v0.2)

cauldron does NOT hold its own database in v0.1 — all state lives in Mealie. A small Postgres/MariaDB schema lands in v0.2 for Abby-specific prefs + chat history.

Ingredient sterilizer

Mealie's CRF parser is mediocre. Cobb's hand-typed recipes have lots of free-form quantity strings ("about 2 cups cooked white rice", "1 small handful kale", "a pinch of salt") that don't aggregate cleanly into a shopping list.

The sterilizer batches all ingredients of one recipe into a single Sonnet call (via clawdforge), gets back parallel structured parses, then on apply links each parse to existing Mealie food/unit records (creating any missing by name) and PUTs the recipe back.

Preview is non-destructive — review proposals before apply.

# Dry-run preview
curl -sS -X POST -H "Authorization: Bearer $ADMIN_BEARER" \
  http://192.168.0.5:7790/api/sterilize/preview/spaghetti-bolognese | jq .

# Apply (creates missing foods/units by default)
curl -sS -X POST -H "Authorization: Bearer $ADMIN_BEARER" \
  http://192.168.0.5:7790/api/sterilize/apply/spaghetti-bolognese | jq .

Deploy

  1. ssh lucy
  2. cd /mnt/user/appdata && git clone <gitea-url> cauldron && cd cauldron/build (or wherever the deploy convention lands)
  3. Drop .env at /mnt/cache/appdata/secrets/cauldron.env (chmod 600 root:root)
    • CLAWDFORGE_TOKEN is already populated by the bootstrap (see memory/2026-04-28.md)
    • MEALIE_API_TOKEN — mint at recipes.sulkta.com → user → API tokens
    • ADMIN_BEARER — pick 32 bytes of entropy
    • SECRET_KEY — 32 bytes for Flask sessions
  4. docker compose up -d --build
  5. Smoke: curl http://192.168.0.5:7790/healthz

Roadmap

  • v0.1 ✓ — sterilizer backend + Flask shell
  • v0.2 — Authentik OIDC, Abby-branded web UI, palette CSS, postgres for prefs
  • v0.3 — meal plan generator (week → Mealie meal plan write)
  • v0.4 — shopping list aggregator (read meal plan → consolidated grocery list)
  • v0.5 — native Kotlin + Compose Android app (read-only shopping list + plan view)

Repo layout

cauldron/
├─ cauldron/
│  ├─ config.py            env-driven config
│  ├─ forge.py             clawdforge HTTP client
│  ├─ mealie.py            Mealie API client
│  ├─ sterilizer.py        ingredient parse + apply pipeline
│  └─ server.py            Flask app
├─ Dockerfile
├─ compose.yml
├─ requirements.txt
└─ .env.example