Altus 4 is an intelligent search-as-a-service platform that leverages MySQL's built-in full-text search capabilities while adding AI-powered optimizations and enhancements. Users can connect their existing MySQL databases to Altus 4, which then provides enhanced search capabilities with semantic understanding, query optimization, and trend analysis.
Instead of requiring users to migrate to specialized search solutions like Elasticsearch or Solr, Altus 4 enhances MySQL's native FULLTEXT search with:
- AI-powered query optimization and semantic search
src/
├── config/ # Configuration management and validation
├── controllers/ # Route controllers with business logic
├── middleware/ # Express middleware (auth, validation, rate limiting)
├── routes/ # API route definitions with Zod validation
├── services/ # Core business logic services
├── types/ # TypeScript interface and type definitions
├── utils/ # Utility functions (logging, encryption, etc.)
- Natural language query processing
- Intelligent result categorization and insights
- Performance monitoring and optimization suggestions
- Multi-database federation capabilities
- Backend: Node.js with TypeScript
- Framework: Express.js with comprehensive middleware stack
- Database: MySQL 8.0+ (for client databases and metadata storage)
- Cache: Redis (for performance optimization and analytics)
- AI Integration: OpenAI API (GPT models for semantic enhancement)
- Authentication: API key-based with SHA-256 hashing and bcrypt password hashing for user accounts
- Validation: Zod schemas for request/response validation
- Logging: Winston with structured logging
- Development: ESLint, Prettier, Jest for testing
- Database Integration Layer: Secure multi-tenant MySQL connection management
- Search Engine Core: MySQL FULLTEXT optimization and query execution
- AI Enhancement Layer: Semantic search, categorization, and optimization suggestions
- API Layer: RESTful endpoints with authentication and rate limiting
DatabaseService: Multi-tenant MySQL connection pooling with health monitoring, schema discovery, and secure credential managementSearchService: Core search orchestration with natural language processing, result ranking, and multi-database federationAIService: OpenAI GPT integration for semantic search, query optimization, and result categorizationCacheService: Redis-based caching for search results, user sessions, and analytics data storageUserService: User account management with bcrypt password hashing and role-based access controlApiKeyService: API key lifecycle management with tiered permissions (free/pro/enterprise)
- TypeScript: Strict mode enabled with comprehensive type definitions
- Naming: camelCase for variables/functions, PascalCase for classes/interfaces
- Async/Await: Preferred over Promises for better readability
- Error Handling: Custom AppError class with proper error codes
- Logging: Structured logging with appropriate levels (info, warn, error)
src/
├── config/ # Configuration management and validation
├── controllers/ # Route controllers with business logic
├── middleware/ # Express middleware (auth, validation, rate limiting)
├── routes/ # API route definitions with Zod validation
├── services/ # Core business logic services
├── types/ # TypeScript interface and type definitions
├── utils/ # Utility functions (logging, encryption, etc.)
└── index.ts # Application entry point
- Unit Tests: Jest for service and utility functions
- Integration Tests: API endpoint testing with test database
- Test Files: Co-located with source files using
.test.tssuffix - Coverage: Aim for 80%+ code coverage on core services
- Secure credential encryption for client database connections
- Connection pooling with configurable limits and timeouts
- Automatic schema discovery and FULLTEXT index detection
- Connection health monitoring and reconnection logic
- Natural language, boolean, and semantic search modes
- Multi-database and multi-table search federation
- Intelligent result ranking and relevance scoring
- Auto-generated search suggestions and query corrections
- Query optimization recommendations using AI analysis
- Semantic search using embeddings for concept matching
- Automatic result categorization and tagging
- Trend analysis and search pattern insights
- Redis caching for frequently accessed data and search results
- Rate limiting with IP-based throttling
- API key authentication with role-based access control and permission scoping
- SQL injection prevention and input sanitization
NODE_ENV=development
PORT=3000
DB_HOST=localhost
DB_USERNAME=altus4_user
DB_PASSWORD=secure_password
DB_DATABASE=altus4_metadata
JWT_SECRET=minimum_32_character_secret_key # For legacy endpoints only
REDIS_HOST=localhost
REDIS_PORT=6379
OPENAI_API_KEY=sk-your_openai_keynpm run dev- Start development server with hot reloadnpm run build- Compile TypeScript to JavaScriptnpm run start- Start production servernpm run test- Run test suite with Jestnpm run test:watch- Run tests in watch modenpm run lint- Run ESLintnpm run lint:fix- Auto-fix linting issues
- Connection Pooling: Configurable pool sizes with automatic reconnection and health checks
- Multi-tenant Support: Isolated connection pools per user database
- Schema Discovery: Automatic detection of FULLTEXT indexes and searchable columns
- Security: AES-256 encryption for stored database credentials
- Error Handling: Comprehensive connection failure recovery and circuit breaker patterns
- Search Modes: Natural language, boolean (
+word -word), and semantic search - Result Processing: Relevance scoring, deduplication, and pagination
- Multi-Database Federation: Parallel searches across multiple user databases
- Performance: Query caching and result optimization with Redis
- Analytics: Search pattern analysis and trend detection
- OpenAI Integration: GPT-4 for query understanding and result enhancement
- Semantic Search: Text embedding generation and similarity matching
- Query Optimization: AI-powered suggestions for improving search queries
- Result Categorization: Automatic tagging and classification of search results
- Fallback Handling: Graceful degradation when AI services are unavailable
- Search Result Caching: Configurable TTL for frequently accessed queries
- Session Management: User session storage and API key validation caching
- Analytics Storage: Real-time metrics and search trend data
- Performance Monitoring: Cache hit/miss ratios and optimization recommendations
- Data Consistency: Cache invalidation strategies for updated search results
- Account Management: Registration, login, profile updates with audit logging
- Password Security: bcrypt hashing with configurable salt rounds
- Role-Based Access: User roles with granular permissions
- Account Verification: Email verification and password reset workflows
- Security Features: Login attempt tracking and account lockout protection
- Key Generation: Cryptographically secure API key generation with SHA-256 hashing
- Tiered Permissions: Free (100 req/day), Pro (10k req/day), Enterprise (unlimited)
- Usage Tracking: Real-time monitoring of API key usage and quota enforcement
- Key Management: Create, update, revoke, and rotate API keys
- Security: Rate limiting, IP allowlists, and permission scoping
- API Key Validation: SHA-256 hash verification with database lookup
- Request Context: User and API key information injection into request objects
- Error Handling: Standardized authentication error responses
- Performance: Redis caching for API key validation
- Sliding Window: Redis-based sliding window rate limiting
- Tiered Limits: Different limits per API key tier (free/pro/enterprise)
- IP-based Limiting: Additional protection against abuse
- Custom Headers: Rate limit status in response headers
- Zod Integration: Runtime type validation for all API endpoints
- Request Sanitization: SQL injection prevention and input cleaning
- Response Validation: Ensures API responses match expected schemas
- Error Formatting: Consistent validation error responses
- Structured Logging: JSON format with Winston logger integration
- Request Tracing: Unique request IDs for distributed tracing
- Performance Metrics: Request duration and resource usage logging
- Error Context: Detailed error information with stack traces
- users: User accounts with encrypted credentials and role information
- api_keys: API key storage with hashed values and permission metadata
- databases: User database connection configurations (encrypted credentials)
- search_history: Search query logs with performance metrics
- analytics: Aggregated search trends and usage statistics
- FULLTEXT Indexes: Automatic detection and optimization of existing indexes
- Search Modes: NATURAL LANGUAGE, BOOLEAN, and QUERY EXPANSION support
- Performance Optimization: Query hint injection and index usage analysis
- Result Relevance: MySQL relevance scoring with custom ranking algorithms
- Structured Errors: Consistent error format with HTTP status codes
- Error Categories: Authentication, validation, database, and external service errors
- Error Logging: Automatic error logging with context and stack traces
- Client-Safe Messages: Sanitized error messages for API responses
- Centralized Handling: Single point for all application error processing
- Environment-Aware: Different error detail levels for development vs production
- Error Recovery: Automatic retry logic for transient failures
- Monitoring Integration: Error metrics collection for alerting systems
- Multi-Level Caching: Application-level (Redis) and database query caching
- Cache Keys: Structured naming convention for easy invalidation
- TTL Management: Intelligent expiration based on data volatility
- Cache Warming: Proactive caching of frequently accessed data
- Connection Pooling: Configurable pool sizes per database connection
- Query Optimization: EXPLAIN plan analysis and index recommendations
- Batch Operations: Bulk insert/update operations for analytics data
- Read Replicas: Support for read-only database replicas (future enhancement)
- Response Compression: Gzip compression for JSON responses
- Pagination: Cursor-based pagination for large result sets
- Field Selection: GraphQL-style field selection for reduced payload sizes
- Response Caching: HTTP cache headers for cacheable responses
POST /api/v1/auth/register- User registrationPOST /api/v1/auth/login- User login with JWT token (for API key creation only)POST /api/v1/management/setup- Create initial API key using JWT authenticationPOST /api/v1/api-keys- Create new API keysGET /api/v1/api-keys- List API keysPUT /api/v1/api-keys/:keyId- Update API keyDELETE /api/v1/api-keys/:keyId- Revoke API key
POST /api/v1/search- Execute search across databasesGET /api/v1/search/suggestions- Get search suggestionsPOST /api/v1/search/analyze- Analyze query performanceGET /api/v1/search/trends- Get user search trendsGET /api/v1/search/history- Get search history
POST /api/v1/databases- Add database connectionGET /api/v1/databases- List user's database connectionsPUT /api/v1/databases/:id- Update database connectionDELETE /api/v1/databases/:id- Remove database connectionGET /api/v1/databases/:id/schema- Discover database schema
-
Type Safety: Always use TypeScript types from
src/types/index.ts. Create new types when needed. -
Error Handling: Use the
AppErrorclass for application errors with appropriate HTTP status codes and error codes. -
Database Operations:
- Use connection pooling through
DatabaseService - Always release connections after use
- Handle connection failures gracefully
- Use connection pooling through
-
Authentication:
- Protect all routes except auth endpoints with
authenticatemiddleware - Use
AuthenticatedRequestinterface for authenticated routes - Include user context in all operations
- Protect all routes except auth endpoints with
-
Validation:
- Use Zod schemas for all API input validation
- Validate environment variables on startup
- Sanitize database inputs to prevent SQL injection
-
Logging:
- Use structured logging with relevant context
- Log errors with stack traces
- Include request IDs for traceability
-
Performance:
- Cache frequently accessed data in Redis
- Use database indexes effectively
- Implement proper pagination for large result sets
-
AI Integration:
- Handle OpenAI API failures gracefully
- Implement fallbacks when AI services are unavailable
- Cache AI responses when appropriate
- Write comprehensive JSDoc comments for public functions
- Include error handling in all async operations
- Use descriptive variable names and function names
- Follow the established patterns in existing code
- Write tests for new functionality
- Ensure all new code passes linting and type checking
- Update relevant TypeScript interfaces
- Add appropriate validation schemas
- Implement error handling and logging
- Update API documentation
- Add tests for the new functionality
- Consider caching implications
- Update this CLAUDE.md if architectural changes are made
POST /api/v1/analytics/dashboard- Get dashboard data with metricsGET /api/v1/analytics/trends- Get search trends and patternsGET /api/v1/analytics/performance- Get performance metricsGET /api/v1/analytics/insights- Get AI-generated insights
GET /health- Health check endpointGET /api/v1/status- Detailed system statusGET /api/v1/metrics- Prometheus-compatible metrics
- Unit Tests: Service layer testing with mocked dependencies
- Integration Tests: API endpoint testing with test database
- Performance Tests: Load testing for search operations
- Security Tests: Authentication and authorization testing
- Database Fixtures: Reusable test data and database setup
- Mock Services: Mocked external dependencies (OpenAI, Redis)
- API Helpers: Common request/response assertion utilities
- Performance Benchmarks: Baseline performance metrics for regression testing
- Separate Test Environment: Isolated test database and Redis instance
- Test Data Management: Automatic cleanup and data isolation
- Parallel Execution: Jest configuration for concurrent test execution
- Coverage Reporting: Comprehensive code coverage with threshold enforcement
- Multi-Environment Support: Development, staging, production configurations
- Secret Management: Environment variable validation and secure storage
- Configuration Validation: Zod schemas for environment variable validation
- Feature Flags: Environment-based feature toggles
- Multi-Stage Builds: Optimized production Docker images
- Health Checks: Container health monitoring
- Resource Limits: CPU and memory constraints for containers
- Security: Non-root user execution and minimal attack surface
- Prometheus Metrics: Custom metrics for business and system monitoring
- Structured Logging: JSON logs with request tracing
- Health Checks: Comprehensive system health monitoring
- Performance Monitoring: Response time and resource usage tracking
- API Key Management: Secure generation, storage, and validation
- Database Security: Connection encryption and credential protection
- Input Validation: Comprehensive input sanitization and validation
- Rate Limiting: Multi-tier rate limiting with abuse protection
- HTTPS Enforcement: TLS termination and secure communication
- Core Architecture: TypeScript setup, Express server, middleware stack
- Service Layer: All five core services implemented with comprehensive functionality
- Database Integration: MySQL connection pooling, schema discovery, health monitoring
- Authentication System: API key-based auth with tiered permissions
- Search Engine: Natural language, boolean, and semantic search capabilities
- AI Integration: OpenAI GPT integration for query optimization and result enhancement
- Caching Layer: Redis integration for performance optimization
- API Endpoints: Complete RESTful API with validation and error handling
- Security Features: Rate limiting, input validation, secure credential storage
- Documentation: Comprehensive VitePress documentation with API reference
- Deployment Guides: Production deployment, Docker containerization, monitoring setup
- Testing Suite: Expanding unit and integration test coverage
- Performance Optimization: Query optimization and caching enhancements
- Analytics Dashboard: Real-time metrics and insights visualization
- Documentation: Examples and tutorials for developers
- Complete Test Coverage: Achieve 90%+ test coverage across all services
- Performance Benchmarking: Establish baseline performance metrics
- Real-time Analytics: Implement WebSocket-based real-time dashboard
- Advanced AI Features: Query suggestion improvements and result categorization
- Horizontal Scaling: Database sharding and microservice architecture
- Enterprise Features: Advanced permissions, audit logging, compliance tools
- Branch Strategy: Feature branches with pull request reviews
- Commit Conventions: Conventional commits with semantic versioning
- Pre-commit Hooks: Automated linting, formatting, and testing
- Code Review: Required reviews for all changes to main branch
- Automated Testing: Full test suite execution on all pull requests
- Code Quality: ESLint, Prettier, and TypeScript checks
- Security Scanning: Dependency vulnerability scanning
- Deployment: Automated deployment to staging and production
- TypeScript: Strict mode with comprehensive type definitions
- ESLint: Airbnb configuration with custom rules
- Prettier: Consistent code formatting
- Jest: Testing framework with coverage reporting
- Docker: Containerization for development and production
- VS Code: Recommended extensions and settings
- Connection Timeouts: Database connection pool exhaustion
- Memory Leaks: Unclosed database connections or Redis clients
- API Rate Limiting: Exceeded rate limits for API keys
- Search Performance: Missing FULLTEXT indexes on client databases
- AI Service Failures: OpenAI API rate limiting or service unavailability
- Logging: Winston structured logging with request tracing
- Health Checks: Comprehensive system health monitoring
- Metrics: Prometheus metrics for system observability
- Database Monitoring: Connection pool status and query performance
- Redis Monitoring: Cache hit ratios and memory usage
- Response Times: P95 and P99 response time tracking
- Database Performance: Query execution time and connection usage
- Cache Performance: Hit/miss ratios and eviction patterns
- Memory Usage: Application memory consumption and garbage collection
- Error Rates: Application error frequency and categorization
- Credential Storage: Never commit API keys, database passwords, or secrets
- Environment Variables: Use
.envfiles for local development only - Database Access: Always use parameterized queries to prevent SQL injection
- API Security: Implement proper authentication and rate limiting
- Data Encryption: Encrypt sensitive data at rest and in transit
- Connection Pooling: Monitor database connection usage and implement circuit breakers
- Caching Strategy: Implement multi-level caching for frequently accessed data
- Query Optimization: Use EXPLAIN plans and database indexes effectively
- Resource Limits: Set appropriate memory and CPU limits for containers
- Horizontal Scaling: Design stateless services for horizontal scaling
- Type Safety: Use strict TypeScript with comprehensive type definitions
- Error Handling: Implement comprehensive error handling with proper logging
- Testing: Maintain high test coverage with unit and integration tests
- Documentation: Keep code documentation and API docs up to date
- Style Consistency: Follow established code patterns and conventions
- Health Checks: Implement comprehensive health monitoring
- Metrics Collection: Use Prometheus for system and business metrics
- Log Aggregation: Centralized logging with structured JSON format
- Error Tracking: Comprehensive error monitoring and alerting
- Performance Monitoring: Track response times and resource usage