Currently, Resource.prototype.patch only updates one record – it should be able to update many. There aren't any good tests around this yet, so they should be written.

Maki, as a framework, is unusably complex. Here is my proposal for how to re-architect and rethink the role of Maki without shrinking its scope or discarding the progress made.

https://slack-files.com/T09HF1HK9-F0PBUR2AG-78ac26b2dc

Fields on a Resource that are marked private should have some common mechanic for being converted into a Confidential Value or ZKP store. Examples might include an account balance or even a password hash.

Using the following source from the Quickstart section of docs,

var myApp = new require('maki');

myApp.define('Widget', {
  attributes: {
    name: String
  }
});

myApp.start();

I'm given the following error:

myApp.define('Widget', {
      ^
TypeError: Object #<Object> has no method 'define'
    at Object.<anonymous> ([REDACTED]/app.js:3:7)
    at Module._compile (module.js:456:26)
    at Object.Module._extensions..js (module.js:474:10)
    at Module.load (module.js:356:32)
    at Function.Module._load (module.js:312:12)
    at Function.Module.runMain (module.js:497:10)
    at startup (node.js:119:16)
    at node.js:906:3

These assets are missing from the bootstrapping process. Relevant code.

We're not using Express for much beyond routing. We should eliminate it in favor of some more tidy, faster microcode.

We should consider Resources to be serializable contracts to consumers of a Maki application; perhaps we should consider utilizing Protobufs as a high-performance way of exchanging these contracts.

Open to other ideas.

A common pattern is to utilize a job scheduler for operations that may take an extended period of time. Maki should have this built-in.

Views for a Maki application should compile to a composed UI; a la "Single Page App," updating only components that have changed dependent on state. Maki applications should target all clients (web, mobile, desktop), with the necessary abstraction being behaviors, not UI elements.

Behaviors, not UIs
When we spend time crafting how a menu works in the browser vs. how it works on a mobile browser, or even a different interaction model for an installed desktop application, and furthermore the more difficult mobile application – we're thinking carefully about the optimal experience for the current context of the content type they're interacting with.

Rather than repeating this process several times over for each individual component exposed by your application, we should describe composable interface elements that behave and extend one another differently based on those contexts. If we construct an application with these elements, we can categorically change behaviors across our application by simply changing their parent classes. With an appropriate inheritance model, we can make a convenient set of construction blocks that will form our composition library.

Likely choices:

• React to manage view updates
• Semantic UI to categorically describe behaviors (see also react-semantify)
• Jade to write composable interactions
• react-jade to tie the loop

An Example:
views/index.jade

extends layouts/default

block header
  menu
    item(href="/") Home
    item(href="/people") People

block content
  video(src="youtube.com?v=asdf1234")

compiles to...

html (loosely):

<!DOCTYPE html>
<html>
<body>
  <div>
    <a href="/">Home</a>
    <a href="/people">People</a>
  </div>
  <div>
    <iframe ...>
  <div>
</body>
</html>

Resources created in Maki should be exposed via an extensible Service framework, accessible over Protocols.

Authentication should be exposed as middlewares, pluggable to the application and the Resources.

• BitAuth
• Mnemonic

maki.use( require('bitauth') )

As per #117, we need an Application State layer in the Maki stack.

This is the state of the instanced application being run by an Identity. The state can be any arbitrary tree of values, all of which are observable and evented. You can bind any attribute or sub-tree to an addressable object from the Data Layer which then synchronizes two way using the events from either layer.

Discuss libraries and techniques to use, as well as the rigid interfaces in which it communicates.

When Resources fall back to their default view, they also use the default layout – the rendering lookup should again start from the top level directory before falling back to the internal Maki version.

./app/views/layouts before node_modules/maki/app/views/layouts. Only fall back if the layout does not exist.

Mongo, while a convenient choice for this first iteration of Maki, is not an appropriate datastore on its own. With the Datastore class we should move to implement some sane defaults, and perhaps even offer multiple options.

• Reheat, for RethinkDB.
• Osmos, for a common interface to several DB types.
• JugglingDB, common interface, very similar to Mongoose.

Using maki as a module should be straightforward: var maki = require('maki');

While maki is currently taken on npm, I am satisfied with npm install martindale/maki, which installs the package and makes it available as maki.

The current hurdles include the highly specific directory structure for looking up various components, specifically;

• app/views

The auto-generated API documentation located at /api (currently enabled by default) should have cURL examples for each resource.

Resources should be filterable, allow for aliases of these filters.

Proposal:

maki.define('Play', {
  attributes: {
    state: { type: String , enum: ['queued', 'playing', 'played', 'skipped'], default: 'queued' }
  },
  filters: {
    'playing': { state: 'playing' }
  }
}

...would add a new endpoint at /plays/playing that serves only documents with state "playing", identical to a query of /plays?state=playing.

Not sure if this is a good idea, as it doesn't "feel" pure. Feedback appreciated.

This probably relates to the express app static generation.

Currently, the name of requirements denotes the specific resource that must be queried to collect those components. Instead, if a special field (let's say resource) is provided, that should be the base Resource, and the name should be the supplied local.

Discovered through the creation of the ChainDB block explorer.

When a Resource has a particular attribute configured to be "populated" for specific methods, these rules are not respected when the parent resource emits update events:

For example, from Melody:

var PostSchema = {
  content: { type: String },
  created: { type: Date , default: Date.now },
  _identity: { type: melody.mongoose.SchemaTypes.ObjectId , ref: 'Identity', required: true },
  _author: {
    type: melody.mongoose.SchemaTypes.ObjectId,
    ref: 'Person',
    populate: ['query', 'get']
  }
};

Perhaps handlers for the populate option should be expanded to include the update or patch methods.

MongoDB by default uses MD5 hashes for GridFS uploads; #68 adds the ability to retrieve a file based on these hashes. MD5 is deprecated, as it has known collisions.

We should switch to SHA2 or SHA3, perhaps even make this change upstream.

When Resource definitions change, there should be a simple mechanism for timestamping the change (as deployed) and migrating to (and from) the new definitions.

If you attempt to git clone a Maki-powered server, it'd be nice if it served its own source code. This should probably be an optional feature, if not a plugin.

In some cases, it seems as if assets are not included / do not generate in inherited projects. See martindale/melody#5 for the specific case.

Need a working example of a Lookup / Search dropdown in Semantic, then bind it to the autogenerated creation form for lookup fields.

We need a dedicated list of /people who are members of the community. Perhaps this can also be a demonstration of using external applications to manage resources (snarl + maki?) as an agent.

It seems in some cases, the pipeline for a specific method might be executed twice. For example;

1. Install Converse, linked on top of the redirect-debug branch
2. Run Converse with NODE_ENV=debug
3. Create a post
4. Create a Comment
5. Observe two distinct calls to resource.create:

handlers instance: { html: { create: [Function] }, json: { create: [Function] } }
provide, handlers: { html: { create: [Function] }, json: { create: [Function] } }
Trace: specific handler create /comments { hashcash: '2:2:sha256:20150717:005400680069007300200063006f006d006d0065006e0074002000730068006f0075006c00640020006800610076006500200070006f00730074002000600035003500610032003000370062003900640037003300380031006400330036003200370063003900350066003600370060002000610073002000690074007300200060005f0070006f0073007400600020006600690065006c0064002e::mrmqi:64',
  _author: '55a04123a753f10357c45248',
  _post: '55a207b9d7381d3627c95f67',
  content: 'This comment should have post `55a207b9d7381d3627c95f67` as its `_post` field.',
  _id: 55a931b574dbd38708c05891 } function (req, res) {
        console.log('create handler')

        var comment = this;
        req.flash('info', 'Comment created successfully!');
        if (comment._parent) {
          res.status( 303 ).redirect('/comments/' + comment._parent + '#comments' + comment._id );
        } else {
          console.log('suppppp', comment._post);
          res.status( 303 ).redirect('/posts/' + comment._post );
        }

      }
    at /opt/maki/lib/Service/http.js:201:17
    at Array.forEach (native)
    at ServerResponse.res.provide (/opt/maki/lib/Service/http.js:200:31)
    at /opt/maki/lib/Service/http.js:687:28
    at /opt/maki/lib/Resource/index.js:455:12
    at /opt/maki/lib/Resource/index.js:492:14
    at /opt/maki/node_modules/async/lib/async.js:240:13
    at /opt/maki/node_modules/async/lib/async.js:150:25
    at /opt/maki/node_modules/async/lib/async.js:237:17
    at /opt/maki/node_modules/async/lib/async.js:600:34
Trace: specific handler create /comments { hashcash: '2:2:sha256:20150717:005400680069007300200063006f006d006d0065006e0074002000730068006f0075006c00640020006800610076006500200070006f00730074002000600035003500610032003000370062003900640037003300380031006400330036003200370063003900350066003600370060002000610073002000690074007300200060005f0070006f0073007400600020006600690065006c0064002e::mrmqi:64',
  _author: '55a04123a753f10357c45248',
  _post: '55a207b9d7381d3627c95f67',
  content: 'This comment should have post `55a207b9d7381d3627c95f67` as its `_post` field.',
  _id: 55a931b574dbd38708c05891 } function (req, res, next) {
        // send the correct status code to clients expecting HTML (usually browsers)
        res.redirect( 303 , '/' + maki.resources[ r ].collection + '/' + req.locals[ resource.fields.id ] );
      }
    at /opt/maki/lib/Service/http.js:201:17
    at Array.forEach (native)
    at ServerResponse.res.provide (/opt/maki/lib/Service/http.js:200:31)
    at /opt/maki/lib/Service/http.js:687:28
    at /opt/maki/lib/Resource/index.js:455:12
    at /opt/maki/lib/Resource/index.js:492:14
    at /opt/maki/node_modules/async/lib/async.js:240:13
    at /opt/maki/node_modules/async/lib/async.js:150:25
    at /opt/maki/node_modules/async/lib/async.js:237:17
    at /opt/maki/node_modules/async/lib/async.js:600:34

Validators for resources (and the input forms for those resources) should be shared between server and client.

For query requests, URI parameters should be passed into a "query builder" that constructs a query for the Resource's datastore.

This may lead to a Resource transformation pipeline, as requests come over a Protocol, access a Resource, and may be transformed along the way before being rendered to a View.

When Maki generates HTML-formatted documents, they should be completely valid HTML markup.

TODO:

• write tests for all pages
• fix markup
• merge #57

When a Maki application loses network connectivity, it should continue to function as completely as possible, then synchronize changes when it resumes connectivity.

See also #21 and #27.

Currently, mocha will successfully run the tests, _mocha will also successfully run the tests, but istanbul cover _mocha will fail with the following error:

$ istanbul cover _mocha


  1) "before all" hook

  0 passing (9ms)
  1 failing

  1)  "before all" hook:
     Uncaught Error: connect ECONNREFUSED
      at errnoException (net.js:905:11)
      at Object.afterConnect [as oncomplete] (net.js:896:19)

Generating a static build of a Maki application should be possible.

• Offline Resource Service (PouchDB?)
• Output bundled HTML + assets to render app locally

martindale/converse#16 implements a largely functional notification system; this should be isolated into a standalone plugin for Maki. This will likely force us to explore how plugin hooks work (event emitters, etc.).

Maki should offer an extensible system for authenticating individual operations (client certificates as a reasonable first option), and then authorizing those operations (a capability-based scheme as the first option). Restrictions should be made per resource, per method, and individually per logic within a resource and its methods.

Authentication should take place as the first item in the Resource pipeline, while Authorization should take place as the last item in the pre pipeline.

Building things on today's Web often requires cutting corners to meet objectives and reduce cost. Building a REST-compliant API might not be in the scope of a project, but without it your application is difficult to extend and grow. Gracefully responding to client capabilities might not be in the scope of a project, but adding this functionality later becomes increasingly expensive.

🍱 Maki should make it easy to start a project in a way that is simpler to manage over time.

Makers building applications with Maki should never be forced to concern themselves with the intricacies of the underlying systems, but should always be permitted to tinker and replace every single component. Once a Maki application has been defined, layering interactions on top of underlying resources should never require a change in the application definition.

Application Definitions are single-form representations of an entire interaction model. These can be deployed to an execution layer, like Fabric (see #21). Generally, they describe a list of Resources (read: "types") and their Behaviors; Validators, Events, Requirements. These behaviors are modeled in per-resource-method pipelines, which flow unidirectionally through the application into the user's view.

Resources can be represented in many ways. Maki is Resource-centric, and hopes to implement a common core for rendering applications to all digital mediums. Our first objective is a complete "edge node" implementation for Fabric, which will serve a compiled HyperText bundle to a standards-based Web browser that implements a pure HTML representation of the Application Definition.

This model will give applications made with Maki the ability to deploy to all platforms from a single definition; mobile, web, desktop, and autonomous agents.

Likely tightly co-mingled with #81. In the second call, the handler reverts to the default handler, instead of using the one provided by the Resource.

Maki-built applications should not request any external assets out of the box. We should internalize all assets to prevent external requests from being made.

See also martindale/converse#12.

Users shouldn't be required to understand atomicity; instead, the pipeline of behavior for a particular resource should be all-or-nothing.

The default views in Maki should present some reasonable form of pagination for large collections.

UI support: http://semantic-ui.com/collections/menu.html#pagination

Maki-defined Services should be independent of a centralized host or authority.

See also gordonwritescode/cointract.me#41 and martindale/shipyard#17.

Views should be transformable into various output formats, so that they can be written once.

Perhaps:

var string = fs.readfileSync('some-template.jade');
var formats = ['html', 'blessed'];

maki.render( string , {
  format: 'blessed'
} , function(err, interface) {
  // compiled blessed interface based on Jade's lexer and parser
});

Currently, the requires attribute on a Resource only climbs one level. There should be some mechanism for recursion, perhaps with a limit.

Specific use cases include hierarchical comment threads (see martindale/converse#18).

In particular, collections should serve either an RSS or Atom feed of the latest published items into that collection. This will require testing various RSS clients for their support of Content Negotiation – i.e., do they correctly send Accept: application/atom+xml in their requests? I can only hope so.

We may also consider feeds to be published for individual entities, perhaps using the Activity Streams specification.

When viewing a resource, users should not have to deal with the idea of an "edit mode". This is not something that they would be familiar with; it is not a concept in the real world. They just change the thing.

Instead, we should offer an inline-editing interface for all resources that the current user is able to edit. This may be restricted with a "locked" mode for each page to prevent inadvertent edits, but at no point should a URL be dedicated to presenting this view.

Occasionally [and in some view contexts], a resource will require others to be displayed in a relevant fashion. These dependencies should be managed without overhead, and details on how to retrieve them should be made available to the appropriate views.

We need to perform a package audit, including:

• cleanup of unused packages
• license inclusions