Mealie-backed AI meal planner + shopping list for the family

Find a file

Kayos 32a570b9d4 audit-fixes: 3rd-pass HIGH + 2 MEDs (dedupe stale-404, SSRF redirect, int parse) dedupe_recipes.py CODE3-1 (HIGH): mirror the consolidate apply path's stale-404 tolerance into dedupe. Pair-based clustering can emit overlapping pairs — (A,B) approved+deleted; later (A,C) tries to delete A again. Mealie returns 404; the prior code logged this as an error and bumped error_count for a desired-end-state-achieved operation. Now treats 404 as already-handled and continues. discover_recipes.py CVE-NEW3-1 (MED): added allow_redirects=False to the fallback _rq.get(url, ...) call. is_public_url validates the original host as public-IP-space, but requests' default redirect- following would chase a 30x to 127.0.0.1 / 169.254.x — letting a malicious recipe-page server redirect a scrape worker at internal LAN services or cloud metadata. The recipe_scrapers primary path has its own internal request chain that's a documented residual (per is_public_url's docstring). Closes the easier of the two paths. server.py CODE3-2 (MED): /api/discover/search ?limit / ?offset swap raw int() for the existing _opt_int helper that's defined 20 lines up. Mirrors the wave-2 fix on /api/recipes and /me-recipes that the prior pass installed everywhere except this endpoint. 3rd-pass audit (against HEAD `291fea0`) verdict: codebase is in a defensible production-deploy state. Remaining LOW/INFO items (Origin RFC normalization, CSS-injection in discover image_url, session.clear() on login, .env.example freshness) are robustness- class rather than security-class and don't gate deploy.		2026-05-02 17:53:51 -07:00
cauldron	audit-fixes: 3rd-pass HIGH + 2 MEDs (dedupe stale-404, SSRF redirect, int parse)	2026-05-02 17:53:51 -07:00
scripts	v0.3 step 5: lean shopping list — claude on-demand foods + game strip	2026-04-29 22:02:20 -07:00
tests	v0.3 step 3+4: AI plan generator + /list shopping aggregation	2026-04-29 06:26:54 -07:00
.env.example	v0.2 foundation — Authentik OIDC + sulkta-mariadb DB + Fernet crypto	2026-04-28 19:47:47 -07:00
.gitignore	v0.1 — backend bones + ingredient sterilizer	2026-04-28 16:59:11 -07:00
compose.yml	compose: also join sulkta-db-net so cauldron can reach sulkta-mariadb	2026-04-28 19:48:59 -07:00
Dockerfile	v0.1 — backend bones + ingredient sterilizer	2026-04-28 16:59:11 -07:00
LICENSE	Initial commit	2026-04-28 16:35:30 -07:00
README.md	v0.1 — backend bones + ingredient sterilizer	2026-04-28 16:59:11 -07:00
requirements.txt	deps: cryptography 46.0.6→46.0.7 (CVE-2026-39892, residual after first scan)	2026-05-02 13:34:39 -07:00

README.md

cauldron

Mealie-backed AI meal planner + shopping list for the family. LAN-only, internal tool. Mealie at recipes.sulkta.com is the source of truth for recipes / meal plans / shopping lists; cauldron is the AI layer + Abby's branded UI on top.

Status

v0.1 — backend bones (current). Ingredient sterilizer endpoint working. No UI yet; bearer-auth API only. Frontend + Authentik OIDC arrives in v0.2. Native Kotlin Android in v0.5.

Surface (v0.1)

GET  /healthz                              liveness + clawdforge upstream
GET  /api/recipes                          list Mealie recipes (paginated)
POST /api/sterilize/preview/<slug>         dry-run AI parse, return proposals
POST /api/sterilize/apply/<slug>           write parses back to Mealie

All routes except /healthz require Authorization: Bearer <ADMIN_BEARER>.

Architecture

Abby's phone (later: Kotlin app)
        │
        ▼
  cauldron (Flask, port 7790, LAN-only)
   ├─ Mealie API client  ─── recipes.sulkta.com  (source of truth)
   ├─ clawdforge client  ─── 192.168.0.5:8800   (claude -p runner)
   └─ Authentik OIDC (v0.2)

cauldron does NOT hold its own database in v0.1 — all state lives in Mealie. A small Postgres/MariaDB schema lands in v0.2 for Abby-specific prefs + chat history.

Ingredient sterilizer

Mealie's CRF parser is mediocre. Cobb's hand-typed recipes have lots of free-form quantity strings ("about 2 cups cooked white rice", "1 small handful kale", "a pinch of salt") that don't aggregate cleanly into a shopping list.

The sterilizer batches all ingredients of one recipe into a single Sonnet call (via clawdforge), gets back parallel structured parses, then on apply links each parse to existing Mealie food/unit records (creating any missing by name) and PUTs the recipe back.

Preview is non-destructive — review proposals before apply.

# Dry-run preview
curl -sS -X POST -H "Authorization: Bearer $ADMIN_BEARER" \
  http://192.168.0.5:7790/api/sterilize/preview/spaghetti-bolognese | jq .

# Apply (creates missing foods/units by default)
curl -sS -X POST -H "Authorization: Bearer $ADMIN_BEARER" \
  http://192.168.0.5:7790/api/sterilize/apply/spaghetti-bolognese | jq .

Deploy

ssh lucy
cd /mnt/user/appdata && git clone <gitea-url> cauldron && cd cauldron/build (or wherever the deploy convention lands)
Drop .env at /mnt/cache/appdata/secrets/cauldron.env (chmod 600 root:root)
- CLAWDFORGE_TOKEN is already populated by the bootstrap (see memory/2026-04-28.md)
- MEALIE_API_TOKEN — mint at recipes.sulkta.com → user → API tokens
- ADMIN_BEARER — pick 32 bytes of entropy
- SECRET_KEY — 32 bytes for Flask sessions
docker compose up -d --build
Smoke: curl http://192.168.0.5:7790/healthz

Roadmap

v0.1 ✓ — sterilizer backend + Flask shell
v0.2 — Authentik OIDC, Abby-branded web UI, palette CSS, postgres for prefs
v0.3 — meal plan generator (week → Mealie meal plan write)
v0.4 — shopping list aggregator (read meal plan → consolidated grocery list)
v0.5 — native Kotlin + Compose Android app (read-only shopping list + plan view)

Repo layout

cauldron/
├─ cauldron/
│  ├─ config.py            env-driven config
│  ├─ forge.py             clawdforge HTTP client
│  ├─ mealie.py            Mealie API client
│  ├─ sterilizer.py        ingredient parse + apply pipeline
│  └─ server.py            Flask app
├─ Dockerfile
├─ compose.yml
├─ requirements.txt
└─ .env.example