Mealie-backed AI meal planner + shopping list for the family

Find a file

Kayos 213801ca70 v0.2 foundation — Authentik OIDC + sulkta-mariadb DB + Fernet crypto Adds the multi-user plumbing layer underneath v0.1's batch-only API: - DB module (db.py) — PyMySQL against sulkta-mariadb, in-process migrations. Tables: cauldron_users, cauldron_user_mealie_tokens, cauldron_chat_log, schema_migrations. - Crypto module (crypto.py) — thin Fernet wrapper. Master key in env, per-row encryption of stored Mealie tokens, decrypt only in-process. - OIDC module (oidc.py) — Authlib-based Authentik integration. Issuer https://auth.sulkta.com/application/o/cauldron/, sub_mode=user_email, scopes openid+email+profile. App gated to 'Sulkta Family' group. - Two-tier Mealie shape — system_mealie (env token, admin batch) + current_user_mealie() helper that loads + decrypts the calling user's token from DB. Per the v0.2 design (memory/spec-cauldron-v0.2.md). - Connect flow — /connect-mealie pages walk users through minting their own Mealie API token and pasting it back. Validated against /api/users/self before encryption + storage. - Routes — /, /login, /auth/callback, /logout, /me, /connect-mealie, /disconnect-mealie. v0.1 admin endpoints kept under bearer auth. - Mealie.who_am_i() helper added. - Auth flow uses Authentik subject (sub) as the canonical user key. UI is minimal — connect-mealie page uses the locked palette (forest #1f2d1f, panels #2d3a2a, meadow #6b8e5a/#88a87a, parchment text #f0e6cc/#ddd4ba) and Cormorant Garamond serif headers. Strict palette. The fuller dashboard / plan / list / recipes views land in subsequent commits. Authentik provider PK 24, client_id ZIwEugWWWZinR1KcVC9IT9hpGoTds9ps8XDDHPPN. Group 'Sulkta Family' (pk 6d0c75e9-...) created with cobb member. Foundation only — Abby's branded UI and the meal-plan / shopping-list features land in subsequent v0.2 commits.		2026-04-28 19:47:47 -07:00
cauldron	v0.2 foundation — Authentik OIDC + sulkta-mariadb DB + Fernet crypto	2026-04-28 19:47:47 -07:00
.env.example	v0.2 foundation — Authentik OIDC + sulkta-mariadb DB + Fernet crypto	2026-04-28 19:47:47 -07:00
.gitignore	v0.1 — backend bones + ingredient sterilizer	2026-04-28 16:59:11 -07:00
compose.yml	compose: pin project name to 'cauldron' so it doesn't bleed into clawdforge namespace	2026-04-28 17:10:38 -07:00
Dockerfile	v0.1 — backend bones + ingredient sterilizer	2026-04-28 16:59:11 -07:00
LICENSE	Initial commit	2026-04-28 16:35:30 -07:00
README.md	v0.1 — backend bones + ingredient sterilizer	2026-04-28 16:59:11 -07:00
requirements.txt	v0.2 foundation — Authentik OIDC + sulkta-mariadb DB + Fernet crypto	2026-04-28 19:47:47 -07:00

README.md

cauldron

Mealie-backed AI meal planner + shopping list for the family. LAN-only, internal tool. Mealie at recipes.sulkta.com is the source of truth for recipes / meal plans / shopping lists; cauldron is the AI layer + Abby's branded UI on top.

Status

v0.1 — backend bones (current). Ingredient sterilizer endpoint working. No UI yet; bearer-auth API only. Frontend + Authentik OIDC arrives in v0.2. Native Kotlin Android in v0.5.

Surface (v0.1)

GET  /healthz                              liveness + clawdforge upstream
GET  /api/recipes                          list Mealie recipes (paginated)
POST /api/sterilize/preview/<slug>         dry-run AI parse, return proposals
POST /api/sterilize/apply/<slug>           write parses back to Mealie

All routes except /healthz require Authorization: Bearer <ADMIN_BEARER>.

Architecture

Abby's phone (later: Kotlin app)
        │
        ▼
  cauldron (Flask, port 7790, LAN-only)
   ├─ Mealie API client  ─── recipes.sulkta.com  (source of truth)
   ├─ clawdforge client  ─── 192.168.0.5:8800   (claude -p runner)
   └─ Authentik OIDC (v0.2)

cauldron does NOT hold its own database in v0.1 — all state lives in Mealie. A small Postgres/MariaDB schema lands in v0.2 for Abby-specific prefs + chat history.

Ingredient sterilizer

Mealie's CRF parser is mediocre. Cobb's hand-typed recipes have lots of free-form quantity strings ("about 2 cups cooked white rice", "1 small handful kale", "a pinch of salt") that don't aggregate cleanly into a shopping list.

The sterilizer batches all ingredients of one recipe into a single Sonnet call (via clawdforge), gets back parallel structured parses, then on apply links each parse to existing Mealie food/unit records (creating any missing by name) and PUTs the recipe back.

Preview is non-destructive — review proposals before apply.

# Dry-run preview
curl -sS -X POST -H "Authorization: Bearer $ADMIN_BEARER" \
  http://192.168.0.5:7790/api/sterilize/preview/spaghetti-bolognese | jq .

# Apply (creates missing foods/units by default)
curl -sS -X POST -H "Authorization: Bearer $ADMIN_BEARER" \
  http://192.168.0.5:7790/api/sterilize/apply/spaghetti-bolognese | jq .

Deploy

ssh lucy
cd /mnt/user/appdata && git clone <gitea-url> cauldron && cd cauldron/build (or wherever the deploy convention lands)
Drop .env at /mnt/cache/appdata/secrets/cauldron.env (chmod 600 root:root)
- CLAWDFORGE_TOKEN is already populated by the bootstrap (see memory/2026-04-28.md)
- MEALIE_API_TOKEN — mint at recipes.sulkta.com → user → API tokens
- ADMIN_BEARER — pick 32 bytes of entropy
- SECRET_KEY — 32 bytes for Flask sessions
docker compose up -d --build
Smoke: curl http://192.168.0.5:7790/healthz

Roadmap

v0.1 ✓ — sterilizer backend + Flask shell
v0.2 — Authentik OIDC, Abby-branded web UI, palette CSS, postgres for prefs
v0.3 — meal plan generator (week → Mealie meal plan write)
v0.4 — shopping list aggregator (read meal plan → consolidated grocery list)
v0.5 — native Kotlin + Compose Android app (read-only shopping list + plan view)

Repo layout

cauldron/
├─ cauldron/
│  ├─ config.py            env-driven config
│  ├─ forge.py             clawdforge HTTP client
│  ├─ mealie.py            Mealie API client
│  ├─ sterilizer.py        ingredient parse + apply pipeline
│  └─ server.py            Flask app
├─ Dockerfile
├─ compose.yml
├─ requirements.txt
└─ .env.example