You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We keep reinventing utilities (HTTP routing, time parsing, config, retry, locking) that mature, well-maintained packages do better and more safely. Prefer modern, popular, actively-maintained, good-DX packages (the way got superseded request, or mtcute over traditional MTProto libs) over hand-rolled code or old "battle-tested but poor-DX" libs.
We're pre-MVP, so correctness + DX beat 0-dependency flexing — it's too early to optimize for minimal deps at the cost of reliability. Package selection per item via live npm research (see #39 for the template); pin versions; weigh supply-chain but don't fetishize 0-deps right now.
Known "bicycles" (checklist)
Raw http server — core/control-server.js (and the manual routing / JSON encode-decode in mcp-server.js) hand-roll method/url checks and body parsing. Adopt a minimal modern HTTP framework (candidates to evaluate: Hono, h3, Fastify). Bonus on a security-sensitive control endpoint: built-in body-size limits, robust parsing, real routing → fewer footguns (resolves the hardening notes flagged on PR feat(server): loopback control API + per-batch progress + idle-exit (#30, PR-2a) #38).
Hand-rolled duration parsing — core/duration.js reinvents time parsing (a classic minefield). For human strings like 30s / 5m use a maintained parser (ms, parse-duration). Note: Temporal.Duration parses ISO-8601 (PT30S) and is great for duration arithmetic, but does not parse 30s — so either pick a parser, or standardize on ISO-8601 duration strings. Research current readiness/fit.
Retry / backoff — core/send-utils.js hand-rolls retry, backoff strategies, and FLOOD_WAIT handling. Evaluate a maintained retry lib (e.g. p-retry, cockatiel) where it fits.
This is an umbrella/epic. Split items into their own issues when picked up. #39 (config) is the first concrete child.
Rename mcp-server.js → a clear name (e.g. server.js / backend.js) and consider collapsing the launcher. The file is a legacy misnomer: it's no longer "just the MCP server" — it's the whole warm backend (control API + realtime/queue worker + the MCP tools as one of several surfaces). Also tgcli server (runServer in cli.js) is a thin launcher that spawns node mcp-server.js as a child — a historical artifact from when this file was the standalone npm start entry; consider merging the launcher into the server (or at least renaming) so the structure reflects "one backend process".
Philosophy
We keep reinventing utilities (HTTP routing, time parsing, config, retry, locking) that mature, well-maintained packages do better and more safely. Prefer modern, popular, actively-maintained, good-DX packages (the way
gotsupersededrequest, ormtcuteover traditional MTProto libs) over hand-rolled code or old "battle-tested but poor-DX" libs.We're pre-MVP, so correctness + DX beat 0-dependency flexing — it's too early to optimize for minimal deps at the cost of reliability. Package selection per item via live npm research (see #39 for the template); pin versions; weigh supply-chain but don't fetishize 0-deps right now.
Known "bicycles" (checklist)
httpserver —core/control-server.js(and the manual routing / JSON encode-decode inmcp-server.js) hand-rollmethod/urlchecks and body parsing. Adopt a minimal modern HTTP framework (candidates to evaluate: Hono, h3, Fastify). Bonus on a security-sensitive control endpoint: built-in body-size limits, robust parsing, real routing → fewer footguns (resolves the hardening notes flagged on PR feat(server): loopback control API + per-batch progress + idle-exit (#30, PR-2a) #38).core/duration.jsreinvents time parsing (a classic minefield). For human strings like30s/5muse a maintained parser (ms,parse-duration). Note:Temporal.Durationparses ISO-8601 (PT30S) and is great for duration arithmetic, but does not parse30s— so either pick a parser, or standardize on ISO-8601 duration strings. Research current readiness/fit.core/send-utils.jshand-rolls retry, backoff strategies, and FLOOD_WAIT handling. Evaluate a maintained retry lib (e.g.p-retry,cockatiel) where it fits.store-lock.jshand-rolls PID-based lock files (read/write/stale-detection). Evaluateproper-lockfileor similar.0600patterns (control.json,service-state.json,feedback-last.json). At minimum a tiny shared helper; consider a small lib.Process
Note
This is an umbrella/epic. Split items into their own issues when picked up. #39 (config) is the first concrete child.
mcp-server.js→ a clear name (e.g.server.js/backend.js) and consider collapsing the launcher. The file is a legacy misnomer: it's no longer "just the MCP server" — it's the whole warm backend (control API + realtime/queue worker + the MCP tools as one of several surfaces). Alsotgcli server(runServerincli.js) is a thin launcher thatspawnsnode mcp-server.jsas a child — a historical artifact from when this file was the standalonenpm startentry; consider merging the launcher into the server (or at least renaming) so the structure reflects "one backend process".