feat: initial release of Protocol Droid v0.2.0

A tool for authoring, sharing, and curating social protocols.

Features:
- Protocol library with search, tag filtering, and sort by date/relevance
- Protocol authoring with structured fields (title, description, steps, outcome, practice, source, tags)
- Protocol forking with provenance tracking
- Collection creation with searchable protocol picker and ordering
- User accounts with roles (admin, member, viewer)
- YAML import/export for portability
- Self-hostable on LAMP/Cloudron, works in subdirectories
- Responsive design with hamburger menu on mobile
- About page

Security:
- CSRF protection via Origin/Referer validation
- Session regeneration on login/register
- Secure session cookie params (HttpOnly, SameSite, Secure)
- Visibility enforcement on private/unlisted items
- YAML object injection hardening
- Login rate limiting
- Path traversal protection
- Input validation and length clamping
- Vote value constraining

Stack: PHP 8.x + MySQL/MariaDB, vanilla JS frontend, no external dependencies.

Hippocratic License (HL3-CORE).
This commit is contained in:
Protocolbot
2026-07-06 13:18:08 -06:00
commit 02794e565e
23 changed files with 3346 additions and 0 deletions
+24
View File
@@ -0,0 +1,24 @@
# Docker
docker-compose.yml
# Design sketches (not part of the app)
sketches/
# Runtime data
data/
*.db
*.sqlite
# Environment
.env
# OS files
.DS_Store
Thumbs.db
# Editor files
*.swp
*.swo
*~
.vscode/
.idea/
Executable
+19
View File
@@ -0,0 +1,19 @@
# Protocol Droid — Apache rewrite rules
# Route /api/* to the PHP API and serve the frontend for everything else
RewriteEngine On
# Route API requests to api/index.php
RewriteRule ^api/?$ api/index.php [L]
RewriteRule ^api/(.*)$ api/index.php [L]
# Serve frontend for the root and non-api paths
# (Apache will serve index.html, style.css, app.js directly if they exist)
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^$ frontend/index.html [L]
# Fallback: serve frontend/index.html for SPA routes
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^ frontend/index.html [L]
+24
View File
@@ -0,0 +1,24 @@
FROM php:8.2-apache
# Install MySQL PDO extension and YAML extension
RUN docker-php-ext-install pdo pdo_mysql mysqli
# Install PECL yaml extension
RUN apt-get update && apt-get install -y libyaml-dev && \
pecl install yaml && docker-php-ext-enable yaml && \
rm -rf /var/lib/apt/lists/*
# Enable Apache rewrite module for .htaccess
RUN a2enmod rewrite
# Set document root to our app
ENV APACHE_DOCUMENT_ROOT /var/www/html
RUN sed -ri -e 's!/var/www/html!${APACHE_DOCUMENT_ROOT}!g' /etc/apache2/sites-available/000-default.conf
# Copy app files
COPY . /var/www/html/
# Ensure data directory is writable
RUN mkdir -p /var/www/html/data && chmod 777 /var/www/html/data
EXPOSE 80
+12
View File
@@ -0,0 +1,12 @@
Hippocratic License (HL3-CORE)
This project is licensed under the Hippocratic License v3.0 (HL3-CORE).
Full text available at: https://firstdonoharm.dev/version/3/0/core.html
Summary: Do no harm. This software may not be used by anyone or any
organization for any purpose that could cause harm — including but not
limited to physical harm, violations of human rights, environmental
damage, or surveillance.
This is not legal advice. See the full license text for the complete terms.
+169
View File
@@ -0,0 +1,169 @@
# Protocol Droid
A tool for authoring, sharing, and curating social protocols.
A project of the [Media Economies Design Lab at the University of Colorado Boulder](https://MEDLab.host).
## Overview
Protocol Droid is a web application where communities can document, share, and remix patterns of interaction — social protocols. It is self-hostable, whitelabel-able, and designed for organizations that want a trustful commons without external dependencies.
## Features
- **Protocol library**: browse protocols with structured fields (title, description, steps, outcome, practice, source)
- **Authoring**: create protocols through a form-based editor
- **Forking**: adapt an existing protocol to your context while linking back to the original
- **Collections**: curate sets of protocols and share them
- **Identity**: user accounts with optional SSO support
- **YAML import/export**: protocols are fully structured YAML — portable, git-diffable, human-readable
- **Whitelabel**: customize site name, tagline, and theme via `config.yaml`
## Architecture
```
protocol-droid/
├── api/ PHP backend (REST API)
│ ├── index.php API router (all /api/* requests)
│ ├── db.php Database connection + helpers (MySQL/MariaDB)
│ ├── auth.php Session-based authentication
│ ├── config.php Site configuration
│ └── yaml.php YAML import/export helpers
├── frontend/ Single-page frontend
│ ├── index.html HTML shell
│ ├── style.css R2-Rebel blend stylesheet
│ └── app.js Application logic (vanilla JS)
├── seeds/ Seed protocol YAML files
│ ├── round-robin-check-in.yaml
│ ├── consent-decision-making.yaml
│ ├── appreciative-apology.yaml
│ ├── temperature-reading.yaml
│ ├── dot-voting.yaml
│ └── fishbowl-discussion.yaml
├── cloudron/ Cloudron deployment files
│ └── CloudronManifest.json
├── schema.sql MySQL database schema
├── config.yaml Whitelabel configuration
├── .htaccess Apache rewrite rules
└── README.md This file
```
## Stack
- **Backend**: PHP 8.x with PDO (MySQL/MariaDB)
- **Database**: MySQL/MariaDB (Cloudron-native)
- **Frontend**: Vanilla HTML/CSS/JS — no frameworks, no build step, no external dependencies
- **Data format**: YAML for portability, MySQL for runtime
- **Auth**: Session-based with optional SSO
## Deployment
### On Cloudron
1. Create a LAMP app in Cloudron
2. Upload all files to the app's web root
3. The database schema auto-initializes on first API request
4. Visit the site and register — the **first user to register becomes admin**
5. Optionally load seed protocols: sign in as admin and `POST /api/seed` (or use the API endpoint with curl: `curl -b cookies.txt -X POST https://your-site/api/seed`)
**No default admin credentials exist.** A fresh deployment has an empty database. The first registration creates the admin account. Seed protocols are optional and must be explicitly loaded.
### On any LAMP server
1. Upload files to your web root (or a subdirectory like `/protocol-droid/`)
2. Create a MySQL database and user
3. Set environment variables (or edit `api/db.php`):
- `MYSQL_HOST`, `MYSQL_PORT`, `MYSQL_DATABASE`, `MYSQL_USER`, `MYSQL_PASSWORD`
4. Visit the site and register — first user becomes admin
**Subdirectory deployment:** Protocol Droid works in a subdirectory (e.g. `example.com/protocol-droid/`). The root `index.php` auto-detects the base path from the server's script name. No configuration needed — just upload the files to the subdirectory and ensure `index.php` is served as the directory index (most LAMP setups do this by default with `DirectoryIndex index.php` or `.htaccess`).
### Local development
```bash
# Start PHP built-in server
cd protocol-droid
php -S localhost:8000
# Or with a MySQL database:
MYSQL_HOST=localhost MYSQL_DATABASE=protocol_droid MYSQL_USER=root MYSQL_PASSWORD=secret php -S localhost:8000
```
The first registration creates the admin account. To load the 6 sample protocols (Round Robin Check-In, Consent Decision-Making, etc.):
```bash
# After registering as admin:
curl -c cookies.txt -X POST http://localhost:8000/api/auth/login \
-H 'Content-Type: application/json' \
-d '{"username":"your-username","password":"your-password"}'
curl -b cookies.txt -X POST http://localhost:8000/api/seed
```
To remove all seed protocols (or any protocols), delete them individually:
```bash
curl -b cookies.txt -X DELETE http://localhost:8000/api/protocols/round-robin-check-in
```
## API
| Endpoint | Method | Description | Auth |
|----------|--------|-------------|------|
| `/api` | GET | API info | none |
| `/api/config` | GET | Site configuration | none |
| `/api/protocols` | GET | List public protocols | none |
| `/api/protocols/:slug` | GET | Get protocol | none |
| `/api/protocols` | POST | Create protocol | member |
| `/api/protocols/:slug` | PUT | Update protocol | author/admin |
| `/api/protocols/:slug` | DELETE | Delete protocol | author/admin |
| `/api/protocols/:slug/yaml` | GET | Export as YAML | none |
| `/api/collections` | GET | List collections | none |
| `/api/collections/:slug` | GET | Get collection | none |
| `/api/collections` | POST | Create collection | member |
| `/api/collections/:slug` | PUT | Update collection | author/admin |
| `/api/collections/:slug` | DELETE | Delete collection | author/admin |
| `/api/auth/register` | POST | Register | none |
| `/api/auth/login` | POST | Login | none |
| `/api/auth/logout` | POST | Logout | none |
| `/api/auth/me` | GET | Current user | none |
| `/api/users/:username` | GET | Public profile | none |
| `/api/votes` | POST | Vote on protocol | member |
| `/api/export` | GET | Export all as YAML | admin |
| `/api/import` | POST | Import YAML | admin |
| `/api/seed` | POST | Load seed protocols | admin |
## Protocol YAML Format
```yaml
id: round-robin-check-in
title: Round Robin Check-In
description: >-
A structured way for each person in a group to share briefly.
source: Group Works Deck
source_url: https://groupworksdeck.org/deck
tags: [check-in, facilitation]
forked_from: null
image: null
steps:
- headline: Frame the round
description: >-
The facilitator explains that each person will have up to one minute.
- headline: Go around
description: >-
Each person speaks in turn. Passing is always an option.
outcome: >-
Everyone has been heard; the group has a shared sense of where things stand.
practice: >-
Use a talking object. Keep time gently. For large groups, break into smaller rounds.
```
## License
Hippocratic License (HL3-CORE) — do no harm. See https://firstdonoharm.dev/
## Roadmap
- **SSO / OIDC** — The database schema and user table include `sso_provider` and `sso_id` fields, and the auth API has a placeholder SSO endpoint. Full OIDC provider support (university SSO, Google Workspace, etc.) is planned but not yet implemented.
- **Bicorder integration** — Connecting Protocol Droid with the [Protocol Bicorder](https://git.medlab.host/ntnsndr/protocol-bicorder) diagnostic tool, so protocols can be evaluated along gradient dimensions.
- **Voting / evaluation** — The `votes` table exists in the schema but the UI for voting on protocols is not yet built.
- **Image support** — The protocol and collection schemas include an `image` field, but image upload and display are not yet implemented.
Executable
+223
View File
@@ -0,0 +1,223 @@
<?php
/**
* Simple session-based authentication.
* Supports registration, login, SSO callback, and role checks.
*/
// Set secure session cookie params before starting
session_set_cookie_params([
'lifetime' => 0,
'path' => '/',
'httponly' => true,
'samesite' => 'Lax',
'secure' => !empty($_SERVER['HTTPS']) || getenv('FORCE_HTTPS'),
]);
session_start();
function current_user(): ?array {
if (!isset($_SESSION['user_id'])) return null;
$user = db_one("SELECT id, username, display_name, bio, role, created_at FROM users WHERE id = ?", [$_SESSION['user_id']]);
return $user ?: null;
}
function require_auth(): array {
$user = current_user();
if (!$user) {
http_response_code(401);
echo json_encode(['error' => 'Authentication required']);
exit;
}
return $user;
}
function require_admin(): array {
$user = require_auth();
if ($user['role'] !== 'admin') {
http_response_code(403);
echo json_encode(['error' => 'Admin access required']);
exit;
}
return $user;
}
function require_member(): array {
$user = require_auth();
if ($user['role'] === 'viewer') {
http_response_code(403);
echo json_encode(['error' => 'Member access required']);
exit;
}
return $user;
}
// --- CSRF protection ---
function check_csrf(): void {
$method = $_SERVER['REQUEST_METHOD'] ?? 'GET';
if (!in_array($method, ['POST', 'PUT', 'DELETE'])) return;
$origin = $_SERVER['HTTP_ORIGIN'] ?? '';
$referer = $_SERVER['HTTP_REFERER'] ?? '';
$expected_host = $_SERVER['HTTP_HOST'] ?? '';
if ($origin) {
$origin_host = parse_url($origin, PHP_URL_HOST);
if ($origin_host !== $expected_host) {
http_response_code(403);
echo json_encode(['error' => 'Cross-origin requests are not allowed']);
exit;
}
} elseif ($referer) {
$referer_host = parse_url($referer, PHP_URL_HOST);
if ($referer_host !== $expected_host) {
http_response_code(403);
echo json_encode(['error' => 'Cross-origin requests are not allowed']);
exit;
}
}
}
// --- Rate limiting for login ---
function check_login_rate(string $username): void {
$ip = $_SERVER['REMOTE_ADDR'] ?? 'unknown';
$key = 'login_attempts_' . md5($ip . $username);
$file = sys_get_temp_dir() . '/' . $key;
$attempts = file_exists($file) ? (int)file_get_contents($file) : 0;
if ($attempts >= 10) {
http_response_code(429);
echo json_encode(['error' => 'Too many login attempts. Try again later.']);
exit;
}
}
function record_login_failure(string $username): void {
$ip = $_SERVER['REMOTE_ADDR'] ?? 'unknown';
$key = 'login_attempts_' . md5($ip . $username);
$file = sys_get_temp_dir() . '/' . $key;
$attempts = file_exists($file) ? (int)file_get_contents($file) : 0;
file_put_contents($file, ($attempts + 1));
touch($file, time() + 900);
}
function clear_login_rate(string $username): void {
$ip = $_SERVER['REMOTE_ADDR'] ?? 'unknown';
$key = 'login_attempts_' . md5($ip . $username);
$file = sys_get_temp_dir() . '/' . $key;
if (file_exists($file)) unlink($file);
}
function handle_register(): void {
$data = json_body();
$username = trim($data['username'] ?? '');
$password = $data['password'] ?? '';
$display_name = trim($data['display_name'] ?? '');
if (!preg_match('/^[a-zA-Z0-9_]{3,32}$/', $username)) {
respond(400, ['error' => 'Username must be 3-32 characters: letters, numbers, underscore']);
return;
}
if (strlen($password) < 8 || strlen($password) > 72) {
respond(400, ['error' => 'Password must be 8-72 characters']);
return;
}
if (db_one("SELECT id FROM users WHERE username = ?", [$username])) {
respond(409, ['error' => 'Username already taken']);
return;
}
$user_count = (int) db_one("SELECT COUNT(*) as c FROM users")['c'];
$role = 'member';
if ($user_count === 0) {
$bootstrap_token = getenv('ADMIN_BOOTSTRAP_TOKEN');
if ($bootstrap_token) {
$provided = $data['bootstrap_token'] ?? '';
if ($provided !== $bootstrap_token) {
respond(403, ['error' => 'First registration requires an admin bootstrap token. Set ADMIN_BOOTSTRAP_TOKEN env var and include it in the registration request.']);
return;
}
$role = 'admin';
} else {
error_log('Protocol Droid: First user registered as admin without bootstrap token. Set ADMIN_BOOTSTRAP_TOKEN for production.');
$role = 'admin';
}
}
if ($user_count > 0) {
$reg_enabled = db_one("SELECT value FROM config WHERE `key` = 'registration_enabled'");
if ($reg_enabled && $reg_enabled['value'] !== 'true') {
respond(403, ['error' => 'Registration is disabled on this instance']);
return;
}
$require_approval = config_get('require_approval', 'false') === 'true';
if ($require_approval) {
$role = 'viewer';
}
}
$id = db_insert('users', [
'username' => $username,
'display_name' => $display_name ?: $username,
'password_hash' => password_hash($password, PASSWORD_DEFAULT),
'role' => $role,
]);
session_regenerate_id(true);
$_SESSION['user_id'] = $id;
respond(201, [
'id' => $id,
'username' => $username,
'display_name' => $display_name ?: $username,
'role' => $role,
]);
}
function handle_login(): void {
$data = json_body();
$username = trim($data['username'] ?? '');
$password = $data['password'] ?? '';
check_login_rate($username);
$user = db_one("SELECT * FROM users WHERE username = ?", [$username]);
if (!$user || !password_verify($password, $user['password_hash'] ?? '')) {
record_login_failure($username);
respond(401, ['error' => 'Invalid username or password']);
return;
}
clear_login_rate($username);
session_regenerate_id(true);
$_SESSION['user_id'] = $user['id'];
respond(200, [
'id' => $user['id'],
'username' => $user['username'],
'display_name' => $user['display_name'],
'role' => $user['role'],
]);
}
function handle_logout(): void {
$_SESSION = [];
session_destroy();
if (ini_get('session.use_cookies')) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params['path'], $params['domain'],
$params['secure'], $params['httponly']
);
}
respond(200, ['ok' => true]);
}
function handle_me(): void {
$user = current_user();
if (!$user) {
respond(200, ['user' => null]);
return;
}
respond(200, ['user' => $user]);
}
function handle_sso_callback(): void {
respond(501, ['error' => 'SSO not configured on this instance. Configure SSO in api/auth.php']);
}
Executable
+51
View File
@@ -0,0 +1,51 @@
<?php
/**
* Config helpers — read/write site configuration from the config table.
*/
function config_get(string $key, $default = null) {
$row = db_one("SELECT value FROM config WHERE `key` = ?", [$key]);
return $row ? $row['value'] : $default;
}
function config_set(string $key, string $value): void {
db_query(
"INSERT INTO config (`key`, `value`) VALUES (?, ?) ON DUPLICATE KEY UPDATE `value` = VALUES(`value`)",
[$key, $value]
);
}
function config_all(): array {
$rows = db_all("SELECT `key`, `value` FROM config");
$cfg = [];
foreach ($rows as $row) {
$cfg[$row['key']] = $row['value'];
}
return $cfg;
}
function site_config(): array {
return [
'name' => config_get('site_name', 'Protocol Droid'),
'tagline' => config_get('site_tagline', 'A commons of social protocols'),
'registration_enabled' => config_get('registration_enabled', 'true') === 'true',
'require_approval' => config_get('require_approval', 'false') === 'true',
];
}
/**
* Load a config.yaml file if present (for whitelabel customization).
* Merges with database config (database takes precedence).
*/
function load_yaml_config(): array {
$path = __DIR__ . '/../config.yaml';
if (!file_exists($path)) return [];
$yaml_text = file_get_contents($path);
return yaml_parse($yaml_text) ?: [];
}
function merged_config(): array {
$yaml_cfg = load_yaml_config();
$db_cfg = site_config();
return array_merge($yaml_cfg, $db_cfg);
}
Executable
+98
View File
@@ -0,0 +1,98 @@
<?php
/**
* Database connection and helpers.
* Uses MySQL/MariaDB via PDO (Cloudron-compatible).
*/
function db(): PDO {
static $pdo = null;
if ($pdo === null) {
$host = getenv('MYSQL_HOST') ?: 'localhost';
$port = getenv('MYSQL_PORT') ?: '3306';
$name = getenv('MYSQL_DATABASE') ?: 'protocol_droid';
$user = getenv('MYSQL_USER') ?: 'root';
$pass = getenv('MYSQL_PASSWORD') ?: '';
$dsn = "mysql:host={$host};port={$port};dbname={$name};charset=utf8mb4";
try {
$pdo = new PDO($dsn, $user, $pass, [
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
PDO::ATTR_EMULATE_PREPARES => false,
]);
} catch (PDOException $e) {
http_response_code(500);
echo json_encode(['error' => 'Database connection failed']);
exit;
}
}
return $pdo;
}
function db_init(): void {
$sql = file_get_contents(__DIR__ . '/../schema.sql');
if (!$sql) return;
// Split on semicolons at end of statements (simple split — schema has no complex strings with semicolons)
$statements = array_filter(array_map('trim', preg_split('/;\s*(?=\n|$)/', $sql)));
foreach ($statements as $stmt) {
if (empty($stmt)) continue;
try {
db()->exec($stmt);
} catch (PDOException $e) {
// Ignore "already exists" errors
if (strpos($e->getMessage(), 'already exists') === false) {
error_log("Schema init: " . $e->getMessage());
}
}
}
}
function db_query(string $sql, array $params = []): PDOStatement {
$stmt = db()->prepare($sql);
$stmt->execute($params);
return $stmt;
}
function db_one(string $sql, array $params = []): ?array {
$stmt = db_query($sql, $params);
$row = $stmt->fetch();
return $row ?: null;
}
function db_all(string $sql, array $params = []): array {
$stmt = db_query($sql, $params);
return $stmt->fetchAll();
}
function db_insert(string $table, array $data): int {
$cols = implode(', ', array_map(fn($c) => "`$c`", array_keys($data)));
$placeholders = implode(', ', array_fill(0, count($data), '?'));
$sql = "INSERT INTO {$table} ({$cols}) VALUES ({$placeholders})";
db_query($sql, array_values($data));
return (int) db()->lastInsertId();
}
function db_update(string $table, array $data, string $where, array $whereParams): int {
$set = implode(', ', array_map(fn($c) => "`$c` = ?", array_keys($data)));
$sql = "UPDATE {$table} SET {$set} WHERE {$where}";
db_query($sql, array_merge(array_values($data), $whereParams));
return db_query("SELECT ROW_COUNT()")->fetchColumn();
}
function slugify(string $text): string {
$slug = strtolower($text);
$slug = preg_replace('/[^a-z0-9]+/', '-', $slug);
$slug = trim($slug, '-');
$slug = substr($slug, 0, 128);
return $slug ?: 'untitled';
}
function ensure_unique_slug(string $base): string {
$slug = $base;
$i = 1;
while (db_one("SELECT slug FROM protocols WHERE slug = ?", [$slug]) ||
db_one("SELECT slug FROM collections WHERE slug = ?", [$slug])) {
$slug = $base . '-' . $i++;
}
return $slug;
}
Executable
+515
View File
@@ -0,0 +1,515 @@
<?php
/**
* Protocol Droid API Router
* Handles all /api/* requests. Frontend is served from /frontend/.
*/
header('Content-Type: application/json');
header('X-Content-Type-Options: nosniff');
// CORS — same-origin only; do not reflect arbitrary origins
$origin = $_SERVER['HTTP_ORIGIN'] ?? '';
$expected_host = $_SERVER['HTTP_HOST'] ?? '';
if ($origin) {
$origin_host = parse_url($origin, PHP_URL_HOST);
if ($origin_host === $expected_host) {
header('Access-Control-Allow-Origin: ' . $origin);
header('Vary: Origin');
}
}
header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS');
header('Access-Control-Allow-Headers: Content-Type');
header('Access-Control-Allow-Credentials: true');
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
http_response_code(204);
exit;
}
require_once __DIR__ . '/db.php';
require_once __DIR__ . '/auth.php';
require_once __DIR__ . '/config.php';
require_once __DIR__ . '/yaml.php';
// Auto-init database on first request
if (!defined('DB_INITIALIZED')) {
db_init();
define('DB_INITIALIZED', true);
}
// CSRF protection on all state-changing requests
check_csrf();
// --- Helpers ---
function json_body(): array {
$raw = file_get_contents('php://input');
$data = json_decode($raw, true);
return is_array($data) ? $data : [];
}
function respond(int $code, array $data): void {
http_response_code($code);
echo json_encode($data);
exit;
}
function parse_path(): array {
$uri = $_SERVER['REQUEST_URI'] ?? '/';
$path = parse_url($uri, PHP_URL_PATH);
$path = preg_replace('#^/api#', '', $path);
$path = trim($path, '/');
return $path === '' ? [] : explode('/', $path);
}
function json_decode_field(?string $val): array {
if (!$val) return [];
$decoded = json_decode($val, true);
return is_array($decoded) ? $decoded : [];
}
function validate_visibility(?string $v): string {
if (!in_array($v, ['public', 'private', 'unlisted'], true)) return 'public';
return $v;
}
function sanitize_slug(string $s): string {
return preg_replace('/[^A-Za-z0-9._-]/', '', $s);
}
function format_protocol(array $row): array {
return [
'slug' => $row['slug'],
'title' => $row['title'],
'description' => $row['description'] ?? '',
'source' => $row['source'] ?? '',
'source_url' => $row['source_url'] ?? '',
'tags' => json_decode_field($row['tags'] ?? null),
'forked_from' => $row['forked_from'] ?? null,
'image' => $row['image'] ?? null,
'steps' => json_decode_field($row['steps'] ?? null),
'outcome' => $row['outcome'] ?? '',
'practice' => $row['practice'] ?? '',
'author' => $row['author_username'] ?? null,
'author_id' => $row['author_id'] ?? null,
'visibility' => $row['visibility'] ?? 'public',
'created_at' => $row['created_at'] ?? null,
'updated_at' => $row['updated_at'] ?? null,
];
}
function format_collection(array $row, array $items): array {
return [
'slug' => $row['slug'],
'title' => $row['title'],
'description' => $row['description'] ?? '',
'source' => $row['source'] ?? '',
'image' => $row['image'] ?? null,
'author' => $row['author_username'] ?? null,
'author_id' => $row['author_id'] ?? null,
'visibility' => $row['visibility'] ?? 'public',
'items' => array_map(fn($i) => [
'type' => $i['item_type'],
'slug' => $i['item_slug'],
], $items),
'created_at' => $row['created_at'] ?? null,
'updated_at' => $row['updated_at'] ?? null,
];
}
function format_collection_summary(array $row, int $item_count): array {
return [
'slug' => $row['slug'],
'title' => $row['title'],
'description' => $row['description'] ?? '',
'source' => $row['source'] ?? '',
'image' => $row['image'] ?? null,
'author' => $row['author_username'] ?? null,
'author_id' => $row['author_id'] ?? null,
'visibility' => $row['visibility'] ?? 'public',
'item_count' => $item_count,
'created_at' => $row['created_at'] ?? null,
'updated_at' => $row['updated_at'] ?? null,
];
}
// --- Routing ---
$parts = parse_path();
$method = $_SERVER['REQUEST_METHOD'];
// Empty path = API root
if (empty($parts)) {
respond(200, [
'name' => 'Protocol Droid API',
'version' => '0.2.0',
'endpoints' => '/api/protocols, /api/collections, /api/auth/*, /api/users/*',
]);
}
// --- Auth routes ---
if ($parts[0] === 'auth') {
$action = $parts[1] ?? '';
if ($action === 'register' && $method === 'POST') handle_register();
elseif ($action === 'login' && $method === 'POST') handle_login();
elseif ($action === 'logout' && $method === 'POST') handle_logout();
elseif ($action === 'me' && $method === 'GET') handle_me();
elseif ($action === 'sso' && $method === 'POST') handle_sso_callback();
else respond(404, ['error' => 'Unknown auth endpoint']);
}
// --- Config ---
if ($parts[0] === 'config' && $method === 'GET') {
respond(200, merged_config());
}
// --- Protocols ---
if ($parts[0] === 'protocols') {
$slug = $parts[1] ?? null;
if (!$slug) {
// List protocols
if ($method !== 'GET') respond(405, ['error' => 'Method not allowed']);
$where = "WHERE p.visibility = 'public'";
$params = [];
$tag = $_GET['tag'] ?? null;
if ($tag) {
// Use JSON_CONTAINS for accurate tag matching (MySQL 5.7+)
$where .= " AND JSON_CONTAINS(p.tags, JSON_QUOTE(?))";
$params[] = $tag;
}
$q = $_GET['q'] ?? null;
if ($q) {
$where .= " AND (p.title LIKE ? OR p.description LIKE ? OR p.source LIKE ?)";
$params = array_merge($params, ["%$q%", "%$q%", "%$q%"]);
}
$sql = "SELECT p.*, u.username AS author_username
FROM protocols p LEFT JOIN users u ON p.author_id = u.id
$where ORDER BY p.created_at DESC";
$rows = db_all($sql, $params);
respond(200, array_map('format_protocol', $rows));
}
// YAML export
if (($parts[2] ?? '') === 'yaml' && $method === 'GET') {
$row = db_one("SELECT * FROM protocols WHERE slug = ?", [$slug]);
if (!$row) respond(404, ['error' => 'Protocol not found']);
$safe_slug = sanitize_slug($slug);
header('Content-Type: text/yaml');
header('Content-Disposition: attachment; filename="' . $safe_slug . '.yaml"');
echo protocol_to_yaml($row);
exit;
}
// Votes for a protocol
if (($parts[2] ?? '') === 'votes' && $method === 'GET') {
// Check protocol exists and is public (or user is author/admin)
$row = db_one("SELECT * FROM protocols WHERE slug = ?", [$slug]);
if (!$row) respond(404, ['error' => 'Protocol not found']);
$user = current_user();
if ($row['visibility'] !== 'public' && (!$user || ($row['author_id'] != $user['id'] && $user['role'] !== 'admin'))) {
respond(404, ['error' => 'Protocol not found']);
}
$votes = db_all(
"SELECT v.value, v.comment, v.created_at, u.username FROM votes v LEFT JOIN users u ON v.user_id = u.id WHERE v.protocol_slug = ?",
[$slug]
);
$score = array_sum(array_column($votes, 'value'));
respond(200, ['score' => $score, 'votes' => $votes]);
}
// Single protocol — enforce visibility
if ($method === 'GET') {
$row = db_one(
"SELECT p.*, u.username AS author_username FROM protocols p LEFT JOIN users u ON p.author_id = u.id WHERE p.slug = ?",
[$slug]
);
if (!$row) respond(404, ['error' => 'Protocol not found']);
$user = current_user();
if ($row['visibility'] !== 'public' && (!$user || ($row['author_id'] != $user['id'] && $user['role'] !== 'admin'))) {
respond(404, ['error' => 'Protocol not found']);
}
respond(200, format_protocol($row));
}
// Create protocol
if ($method === 'POST') {
$user = require_member();
$data = json_body();
$new_slug = ensure_unique_slug($data['slug'] ?? slugify($data['title'] ?? 'untitled'));
$id = db_insert('protocols', [
'slug' => $new_slug,
'title' => substr($data['title'] ?? '', 0, 255),
'description' => $data['description'] ?? '',
'source' => $data['source'] ?? ('@' . $user['username']),
'source_url' => substr($data['source_url'] ?? '', 0, 500),
'tags' => json_encode(array_slice($data['tags'] ?? [], 0, 20)),
'forked_from' => $data['forked_from'] ?? null,
'image' => $data['image'] ?? null,
'steps' => json_encode(array_slice($data['steps'] ?? [], 0, 50)),
'outcome' => $data['outcome'] ?? '',
'practice' => $data['practice'] ?? '',
'author_id' => $user['id'],
'visibility' => validate_visibility($data['visibility'] ?? 'public'),
]);
$row = db_one("SELECT p.*, u.username AS author_username FROM protocols p LEFT JOIN users u ON p.author_id = u.id WHERE p.id = ?", [$id]);
respond(201, format_protocol($row));
}
// Update protocol — auth before existence check
if ($method === 'PUT') {
$user = require_auth();
$row = db_one("SELECT * FROM protocols WHERE slug = ?", [$slug]);
if (!$row) respond(404, ['error' => 'Protocol not found']);
if ($row['author_id'] != $user['id'] && $user['role'] !== 'admin') {
respond(403, ['error' => 'You can only edit your own protocols']);
}
$data = json_body();
$updates = [];
foreach (['title', 'description', 'source', 'source_url', 'forked_from', 'image', 'outcome', 'practice'] as $field) {
if (array_key_exists($field, $data)) $updates[$field] = $data[$field];
}
if (array_key_exists('tags', $data)) $updates['tags'] = json_encode(array_slice($data['tags'] ?? [], 0, 20));
if (array_key_exists('steps', $data)) $updates['steps'] = json_encode(array_slice($data['steps'] ?? [], 0, 50));
if (array_key_exists('visibility', $data)) $updates['visibility'] = validate_visibility($data['visibility']);
if ($updates) {
db_update('protocols', $updates, 'slug = ?', [$slug]);
}
$row = db_one("SELECT p.*, u.username AS author_username FROM protocols p LEFT JOIN users u ON p.author_id = u.id WHERE p.slug = ?", [$slug]);
respond(200, format_protocol($row));
}
// Delete protocol — auth before existence check
if ($method === 'DELETE') {
$user = require_auth();
$row = db_one("SELECT * FROM protocols WHERE slug = ?", [$slug]);
if (!$row) respond(404, ['error' => 'Protocol not found']);
if ($row['author_id'] != $user['id'] && $user['role'] !== 'admin') {
respond(403, ['error' => 'You can only delete your own protocols']);
}
// Clean up orphaned votes and collection items
db_query("DELETE FROM votes WHERE protocol_slug = ?", [$slug]);
db_query("DELETE FROM collection_items WHERE item_type = 'protocol' AND item_slug = ?", [$slug]);
db_query("DELETE FROM protocols WHERE slug = ?", [$slug]);
respond(200, ['ok' => true]);
}
respond(405, ['error' => 'Method not allowed']);
}
// --- Collections ---
if ($parts[0] === 'collections') {
$slug = $parts[1] ?? null;
if (!$slug) {
// List collections
if ($method === 'GET') {
$rows = db_all(
"SELECT c.*, u.username AS author_username FROM collections c LEFT JOIN users u ON c.author_id = u.id WHERE c.visibility = 'public' ORDER BY c.created_at DESC"
);
$result = [];
foreach ($rows as $row) {
$items = db_all("SELECT * FROM collection_items WHERE collection_id = ?", [$row['id']]);
$result[] = format_collection_summary($row, count($items));
}
respond(200, $result);
}
// Create collection
if ($method === 'POST') {
$user = require_member();
$data = json_body();
$new_slug = ensure_unique_slug($data['slug'] ?? slugify($data['title'] ?? 'untitled'));
$id = db_insert('collections', [
'slug' => $new_slug,
'title' => substr($data['title'] ?? '', 0, 255),
'description' => $data['description'] ?? '',
'source' => $data['source'] ?? ('@' . $user['username']),
'image' => $data['image'] ?? null,
'author_id' => $user['id'],
'visibility' => validate_visibility($data['visibility'] ?? 'public'),
]);
$position = 0;
foreach (($data['items'] ?? []) as $item) {
db_insert('collection_items', [
'collection_id' => $id,
'item_type' => $item['type'] ?? 'protocol',
'item_slug' => $item['slug'] ?? '',
'position' => $position++,
]);
}
$row = db_one("SELECT c.*, u.username AS author_username FROM collections c LEFT JOIN users u ON c.author_id = u.id WHERE c.id = ?", [$id]);
$items = db_all("SELECT * FROM collection_items WHERE collection_id = ? ORDER BY position", [$id]);
respond(201, format_collection($row, $items));
}
respond(405, ['error' => 'Method not allowed']);
}
// Single collection — enforce visibility
if ($method === 'GET') {
$row = db_one(
"SELECT c.*, u.username AS author_username FROM collections c LEFT JOIN users u ON c.author_id = u.id WHERE c.slug = ?",
[$slug]
);
if (!$row) respond(404, ['error' => 'Collection not found']);
$user = current_user();
if ($row['visibility'] !== 'public' && (!$user || ($row['author_id'] != $user['id'] && $user['role'] !== 'admin'))) {
respond(404, ['error' => 'Collection not found']);
}
$items = db_all("SELECT * FROM collection_items WHERE collection_id = ? ORDER BY position", [$row['id']]);
respond(200, format_collection($row, $items));
}
// Update collection — auth before existence check
if ($method === 'PUT') {
$user = require_auth();
$row = db_one("SELECT * FROM collections WHERE slug = ?", [$slug]);
if (!$row) respond(404, ['error' => 'Collection not found']);
if ($row['author_id'] != $user['id'] && $user['role'] !== 'admin') {
respond(403, ['error' => 'You can only edit your own collections']);
}
$data = json_body();
$updates = [];
foreach (['title', 'description', 'source', 'image'] as $field) {
if (array_key_exists($field, $data)) $updates[$field] = $data[$field];
}
if (array_key_exists('visibility', $data)) $updates['visibility'] = validate_visibility($data['visibility']);
if ($updates) db_update('collections', $updates, 'slug = ?', [$slug]);
// Update items if provided
if (isset($data['items'])) {
$col_id = $row['id'];
db_query("DELETE FROM collection_items WHERE collection_id = ?", [$col_id]);
$position = 0;
foreach ($data['items'] as $item) {
db_insert('collection_items', [
'collection_id' => $col_id,
'item_type' => $item['type'] ?? 'protocol',
'item_slug' => $item['slug'] ?? '',
'position' => $position++,
]);
}
}
$row = db_one("SELECT c.*, u.username AS author_username FROM collections c LEFT JOIN users u ON c.author_id = u.id WHERE c.slug = ?", [$slug]);
$items = db_all("SELECT * FROM collection_items WHERE collection_id = ? ORDER BY position", [$row['id']]);
respond(200, format_collection($row, $items));
}
// Delete collection — auth before existence check
if ($method === 'DELETE') {
$user = require_auth();
$row = db_one("SELECT * FROM collections WHERE slug = ?", [$slug]);
if (!$row) respond(404, ['error' => 'Collection not found']);
if ($row['author_id'] != $user['id'] && $user['role'] !== 'admin') {
respond(403, ['error' => 'You can only delete your own collections']);
}
db_query("DELETE FROM collection_items WHERE collection_id = ?", [$row['id']]);
db_query("DELETE FROM collections WHERE slug = ?", [$slug]);
respond(200, ['ok' => true]);
}
respond(405, ['error' => 'Method not allowed']);
}
// --- Users ---
if ($parts[0] === 'users') {
$username = $parts[1] ?? null;
if (!$username || $method !== 'GET') respond(404, ['error' => 'Unknown endpoint']);
$user = db_one("SELECT id, username, display_name, bio, created_at FROM users WHERE username = ?", [$username]);
if (!$user) respond(404, ['error' => 'User not found']);
// Fetch full protocol data for user's public protocols
$protocols = db_all(
"SELECT p.*, u.username AS author_username FROM protocols p LEFT JOIN users u ON p.author_id = u.id WHERE p.author_id = ? AND p.visibility = 'public' ORDER BY p.created_at DESC",
[$user['id']]
);
$collections = db_all("SELECT slug, title, description FROM collections WHERE author_id = ? AND visibility = 'public' ORDER BY created_at DESC", [$user['id']]);
respond(200, [
'user' => $user,
'protocols' => array_map('format_protocol', $protocols),
'collections' => $collections,
]);
}
// --- Votes ---
if ($parts[0] === 'votes' && $method === 'POST') {
$user = require_member();
$data = json_body();
$protocol_slug = $data['protocol_slug'] ?? '';
// Constrain value to -1, 0, or 1
$value = (int)($data['value'] ?? 1);
$value = $value > 0 ? 1 : ($value < 0 ? -1 : 0);
$comment = substr($data['comment'] ?? '', 0, 1000);
// Check protocol exists and is public
$proto = db_one("SELECT * FROM protocols WHERE slug = ?", [$protocol_slug]);
if (!$proto) respond(404, ['error' => 'Protocol not found']);
if ($proto['visibility'] !== 'public') respond(404, ['error' => 'Protocol not found']);
// Upsert vote
db_query(
"INSERT INTO votes (user_id, protocol_slug, value, comment) VALUES (?, ?, ?, ?)
ON DUPLICATE KEY UPDATE value = VALUES(value), comment = VALUES(comment)",
[$user['id'], $protocol_slug, $value, $comment]
);
respond(200, ['ok' => true]);
}
// --- Import / Export / Seed ---
if ($parts[0] === 'export' && $method === 'GET') {
require_admin();
$protocols = db_all("SELECT * FROM protocols WHERE visibility = 'public'");
$output = "# Protocol Droid Export\n\n";
foreach ($protocols as $p) {
$output .= "---\n\n" . protocol_to_yaml($p) . "\n";
}
header('Content-Type: text/yaml');
header('Content-Disposition: attachment; filename="protocol-droid-export.yaml"');
echo $output;
exit;
}
if ($parts[0] === 'import' && $method === 'POST') {
require_admin();
$data = json_body();
$yaml_text = $data['yaml'] ?? '';
$parsed = parse_protocol_yaml($yaml_text);
if (!$parsed) respond(400, ['error' => 'Could not parse YAML']);
$parsed['author_id'] = current_user()['id'];
$parsed['slug'] = ensure_unique_slug($parsed['slug']);
$parsed['visibility'] = validate_visibility($parsed['visibility'] ?? 'public');
$id = db_insert('protocols', $parsed);
respond(201, ['id' => $id, 'slug' => $parsed['slug']]);
}
if ($parts[0] === 'seed' && $method === 'POST') {
require_admin();
$seeds_dir = __DIR__ . '/../seeds';
if (!is_dir($seeds_dir)) respond(404, ['error' => 'No seeds directory']);
$count = 0;
foreach (glob($seeds_dir . '/*.yaml') as $file) {
$yaml_text = file_get_contents($file);
$parsed = parse_protocol_yaml($yaml_text);
if (!$parsed) continue;
if (db_one("SELECT slug FROM protocols WHERE slug = ?", [$parsed['slug']])) continue;
db_insert('protocols', $parsed);
$count++;
}
respond(200, ['imported' => $count]);
}
respond(404, ['error' => 'Unknown endpoint: /' . implode('/', $parts)]);
Executable
+203
View File
@@ -0,0 +1,203 @@
<?php
/**
* YAML import/export helpers.
* Uses the yaml extension if available, falls back to a minimal parser.
*/
function protocol_to_yaml(array $p): string {
$lines = [];
$lines[] = "id: " . ($p['slug'] ?? '');
$lines[] = "title: " . yaml_quote($p['title'] ?? '');
$lines[] = "description: " . yaml_multiline($p['description'] ?? '');
$lines[] = "source: " . yaml_quote($p['source'] ?? '');
if (!empty($p['source_url'])) $lines[] = "source_url: " . yaml_quote($p['source_url']);
$lines[] = "tags: " . yaml_array(json_decode($p['tags'] ?? '[]', true) ?: []);
if (!empty($p['forked_from'])) $lines[] = "forked_from: " . yaml_quote($p['forked_from']);
if (!empty($p['image'])) $lines[] = "image: " . yaml_quote($p['image']);
$lines[] = "steps:";
$steps = json_decode($p['steps'] ?? '[]', true) ?: [];
foreach ($steps as $step) {
$lines[] = " - headline: " . yaml_quote($step['headline'] ?? '');
$lines[] = " description: " . yaml_multiline($step['description'] ?? '', 6);
}
if (!empty($p['outcome'])) $lines[] = "outcome: " . yaml_multiline($p['outcome']);
if (!empty($p['practice'])) $lines[] = "practice: " . yaml_multiline($p['practice']);
return implode("\n", $lines) . "\n";
}
function collection_to_yaml(array $c, array $items): string {
$lines = [];
$lines[] = "id: " . ($c['slug'] ?? '');
$lines[] = "title: " . yaml_quote($c['title'] ?? '');
$lines[] = "description: " . yaml_multiline($c['description'] ?? '');
$lines[] = "source: " . yaml_quote($c['source'] ?? '');
if (!empty($c['image'])) $lines[] = "image: " . yaml_quote($c['image']);
$lines[] = "protocols:";
foreach ($items as $item) {
if ($item['item_type'] === 'protocol') {
$lines[] = " - " . $item['item_slug'];
}
}
$nested = array_filter($items, fn($i) => $i['item_type'] === 'collection');
if ($nested) {
$lines[] = "collections:";
foreach ($nested as $item) {
$lines[] = " - " . $item['item_slug'];
}
}
return implode("\n", $lines) . "\n";
}
function yaml_quote(string $s): string {
if ($s === '') return '""';
if (preg_match('/[:#{}&*!|>"\'\[\]]/', $s) || preg_match('/^\s/', $s)) {
$s = str_replace('"', '\\"', $s);
return '"' . $s . '"';
}
return $s;
}
function yaml_multiline(string $s, int $indent = 0): string {
if ($s === '') return '""';
$pad = str_repeat(' ', $indent);
// Use folded scalar for readability
$lines = explode("\n", trim($s));
if (count($lines) <= 1 && strlen($s) < 60) {
return yaml_quote($s);
}
$out = ">-";
foreach ($lines as $line) {
$out .= "\n" . $pad . " " . $line;
}
return $out;
}
function yaml_array(array $arr): string {
if (empty($arr)) return '[]';
return '[' . implode(', ', array_map('yaml_quote', $arr)) . ']';
}
/**
* Parse a YAML protocol file into a database-ready array.
* Uses yaml_parse if available, otherwise a simple parser for the protocol format.
*/
function parse_protocol_yaml(string $yaml_text): ?array {
if (function_exists('yaml_parse')) {
// Harden against PHP object injection via !php/object tags
$data = yaml_parse($yaml_text, -1, $ndocs, [
'!php/object' => false,
'!php/const' => false,
]);
if (!is_array($data)) return null;
} else {
$data = simple_yaml_parse($yaml_text);
if (!is_array($data)) return null;
}
$steps = [];
foreach (($data['steps'] ?? []) as $step) {
$steps[] = [
'headline' => $step['headline'] ?? '',
'description' => $step['description'] ?? '',
];
}
return [
'slug' => $data['id'] ?? slugify($data['title'] ?? 'untitled'),
'title' => $data['title'] ?? '',
'description' => $data['description'] ?? '',
'source' => $data['source'] ?? '',
'source_url' => $data['source_url'] ?? '',
'tags' => json_encode($data['tags'] ?? []),
'forked_from' => $data['forked_from'] ?? null,
'image' => $data['image'] ?? null,
'steps' => json_encode($steps),
'outcome' => $data['outcome'] ?? '',
'practice' => $data['practice'] ?? '',
];
}
/**
* Minimal YAML parser for simple protocol files.
* Handles: top-level key: value, nested lists with - headline:, folded scalars
* This is NOT a full YAML parser — it handles the protocol format only.
*/
function simple_yaml_parse(string $text): ?array {
$result = [];
$lines = explode("\n", $text);
$current_key = null;
$in_steps = false;
$in_folded = false;
$folded_buffer = '';
$folded_key = null;
$folded_indent = 0;
$flush_folded = function() use (&$result, &$folded_buffer, &$folded_key, &$in_folded) {
if ($in_folded && $folded_key !== null) {
$result[$folded_key] = trim($folded_buffer);
$folded_buffer = '';
$in_folded = false;
$folded_key = null;
}
};
foreach ($lines as $line) {
// Skip comments and empty lines
if (preg_match('/^\s*#/', $line) || trim($line) === '') continue;
// Folded scalar continuation
if ($in_folded) {
if (preg_match('/^(\s{' . ($folded_indent + 2) . ',})/', $line, $m)) {
$folded_buffer .= ' ' . trim($line);
continue;
} else {
$flush_folded();
}
}
// Steps list items
if (preg_match('/^(\s+) - headline:\s*(.*)$/', $line, $m)) {
$in_steps = true;
$result['steps'][] = ['headline' => trim($m[2], '"'), 'description' => ''];
$current_key = 'description';
continue;
}
if (preg_match('/^(\s+) description:\s*(.*)$/', $line, $m)) {
$val = trim($m[2], '"');
if (str_starts_with($val, '>-') || str_starts_with($val, '|-')) {
$in_folded = true;
$folded_key = null; // Will set on last step
$folded_buffer = '';
$folded_indent = strlen($m[1]);
} else {
if (!empty($result['steps'])) {
$result['steps'][count($result['steps']) - 1]['description'] = $val;
}
}
continue;
}
// Top-level key: value
if (preg_match('/^([a-z_]+):\s*(.*)$/', $line, $m)) {
$flush_folded();
$key = $m[1];
$val = trim($m[2]);
if ($val === '' ) {
$current_key = $key;
if ($key === 'steps') { $result['steps'] = []; $in_steps = true; }
continue;
}
// Parse inline array [a, b, c]
if (str_starts_with($val, '[') && str_ends_with($val, ']')) {
$inner = substr($val, 1, -1);
$result[$key] = array_map(fn($s) => trim($s, ' "'), array_filter(explode(',', $inner), fn($s) => trim($s) !== ''));
continue;
}
$result[$key] = trim($val, '"');
continue;
}
}
$flush_folded();
return $result;
}
+26
View File
@@ -0,0 +1,26 @@
{
"id": "org.medlab.protocoldroid",
"title": "Protocol Droid",
"author": "Media Economies Design Lab, CU Boulder",
"description": "A tool for authoring, sharing, and curating social protocols. Self-hostable and whitelabel-able.",
"tagline": "A commons of social protocols",
"version": "0.1.0",
"healthCheckPath": "/api",
"httpPort": 8000,
"manifestVersion": 2,
"website": "https://medlab.host",
"contactEmail": "medlab@colorado.edu",
"icon": "file://icon.png",
"addons": {
"mysql": {
"noDatabase": false
}
},
"tcpPorts": {},
"udpPorts": {},
"capabilities": [],
"minBoxVersion": "8.0.0",
"documentationUrl": "https://github.com/medlab/protocol-droid",
"tags": ["collaboration", "governance", "protocols", "commons"],
"mediaLinks": []
}
Executable
+21
View File
@@ -0,0 +1,21 @@
# Protocol Droid Configuration
# This file is for whitelabel customization.
# Database config (in the config table) takes precedence over values here.
site:
name: Protocol Droid # becomes the header logo text
tagline: A commons of social protocols
registration:
enabled: true # allow open registration
require_approval: false # admin must approve new accounts
sso:
enabled: false
provider: oidc # oidc, github, google, custom
client_id: ""
client_secret: ""
discover_url: ""
# Seed protocols are loaded from seeds/*.yaml on first setup
# or when an admin triggers /api/seed
+838
View File
@@ -0,0 +1,838 @@
/* Protocol Droid — Frontend Application */
const API = '/api';
let currentUser = null;
let siteConfig = {};
let allTags = [];
let activeFilter = 'ALL';
let editingSlug = null;
let editingCollectionSlug = null;
let collectionSelectedProtocols = [];
let pickerProtocolList = [];
let currentTags = [];
let allExistingTags = [];
// --- API helpers ---
async function api(path, options = {}) {
const res = await fetch(API + path, {
...options,
headers: { 'Content-Type': 'application/json', ...options.headers },
credentials: 'same-origin',
});
const data = await res.json().catch(() => ({}));
if (!res.ok) throw new Error(data.error || 'Request failed');
return data;
}
// --- Init ---
async function init() {
// Route immediately — don't wait for API calls
route();
window.addEventListener('hashchange', route);
try {
siteConfig = await api('/config');
var tagline = document.getElementById('libTagline');
if (tagline) tagline.textContent = siteConfig.tagline || '';
document.title = siteConfig.name || 'Protocol Droid';
} catch (e) {}
try {
const { user } = await api('/auth/me');
currentUser = user;
} catch (e) {}
renderAuth();
// Re-route after auth loads so auth-dependent UI renders correctly
if (location.hash && location.hash !== '#library') {
route();
}
}
function route() {
const hash = location.hash.slice(1) || 'library';
if (hash.startsWith('protocols/')) {
showDetail(hash.split('/')[1]);
} else if (hash.startsWith('users/') || hash.startsWith('user/')) {
showUser(hash.split('/')[1]);
} else if (hash.startsWith('collections/')) {
showCollectionDetail(hash.split('/')[1]);
} else if (hash === 'create') {
navigate('create');
} else if (hash === 'create-collection') {
navigate('create-collection');
} else if (hash === 'collections') {
navigate('collections');
} else if (hash === 'about') {
navigate('about');
} else {
navigate('library');
}
}
let searchTimer = null;
let currentRoute = '';
function navigate(view) {
// Prevent double navigation from hashchange
if (currentRoute === view) return;
currentRoute = view;
document.querySelectorAll('.view').forEach(v => v.style.display = 'none');
document.getElementById('view-' + view).style.display = 'block';
document.querySelectorAll('header nav a').forEach(a => a.classList.toggle('active', a.dataset.view === view));
document.querySelectorAll('.mobile-panel a').forEach(a => a.classList.toggle('active', a.dataset.view === view));
closeMenu();
updateBreadcrumb(view);
if (view === 'library') { location.hash = 'library'; loadProtocols(); }
if (view === 'collections') { location.hash = 'collections'; loadCollections(); }
if (view === 'create') { editingSlug = null; resetForm(); }
if (view === 'create-collection') { editingCollectionSlug = null; resetCollectionForm(); }
if (view === 'about') { location.hash = 'about'; }
window.scrollTo(0, 0);
}
// --- Mobile menu ---
function updateBreadcrumb(view) {
const path = document.getElementById('crumbPath');
const map = { library: '', create: 'create', collections: 'collections/', 'create-collection': 'collections/create', about: 'about' };
path.textContent = map[view] || '';
}
// --- Mobile menu ---
function toggleMenu() {
document.getElementById('mobilePanel').classList.toggle('open');
}
function closeMenu() {
document.getElementById('mobilePanel').classList.remove('open');
}
function mobileNav(view) {
navigate(view);
}
// --- Auth ---
function renderAuth() {
const area = document.getElementById('authArea');
const mobileAuth = document.getElementById('mobileAuth');
if (currentUser) {
area.innerHTML = '<a href="#user/' + currentUser.username + '" class="user-link">@' + currentUser.username + '</a>' +
'<button class="auth-btn" onclick="logout()">Sign Out</button>';
mobileAuth.innerHTML = '<a href="#user/' + currentUser.username + '" onclick="closeMenu()">@' + currentUser.username + '</a>' +
'<button class="auth-btn" onclick="logout()">Sign Out</button>';
} else {
area.innerHTML = '<button class="auth-btn" onclick="openAuthModal(\'login\')">Sign In</button>' +
'<button class="auth-btn" onclick="openAuthModal(\'register\')">Register</button>';
mobileAuth.innerHTML = '<button class="auth-btn" onclick="closeMenu(); openAuthModal(\'login\')">Sign In</button>' +
'<button class="auth-btn" onclick="closeMenu(); openAuthModal(\'register\')">Register</button>';
}
}
let authMode = 'login';
function openAuthModal(mode) {
authMode = mode;
document.getElementById('authModal').style.display = 'flex';
document.getElementById('authModalTitle').textContent = mode === 'register' ? 'Create Account' : 'Sign In';
document.getElementById('authSubmit').textContent = mode === 'register' ? 'Register' : 'Sign In';
document.getElementById('displayNameGroup').style.display = mode === 'register' ? 'block' : 'none';
document.getElementById('authToggle').innerHTML = mode === 'register'
? 'Already have an account? <a onclick="openAuthModal(\'login\')">Sign in</a>'
: 'No account? <a onclick="openAuthModal(\'register\')">Register</a>';
}
function closeAuthModal() { document.getElementById('authModal').style.display = 'none'; }
async function handleAuth(e) {
e.preventDefault();
const username = document.getElementById('authUsername').value;
const password = document.getElementById('authPassword').value;
const displayName = document.getElementById('authDisplayName').value;
try {
let data;
if (authMode === 'register') {
data = await api('/auth/register', { method: 'POST', body: JSON.stringify({ username, password, display_name: displayName }) });
} else {
data = await api('/auth/login', { method: 'POST', body: JSON.stringify({ username, password }) });
}
currentUser = data;
renderAuth();
closeAuthModal();
toast('Welcome, @' + data.username + '!');
} catch (err) {
toast(err.message, true);
}
}
async function logout() {
await api('/auth/logout', { method: 'POST' });
currentUser = null;
renderAuth();
toast('Signed out');
}
// --- Protocols ---
let allProtocols = [];
let sortBy = 'date';
function debouncedLoadProtocols() {
if (searchTimer) clearTimeout(searchTimer);
searchTimer = setTimeout(loadProtocols, 200);
}
async function loadProtocols() {
const q = document.getElementById('searchInput') ? document.getElementById('searchInput').value : '';
try {
// Fetch all protocols — we do priority-weighted search client-side
allProtocols = await api('/protocols');
const tagSet = new Set();
allProtocols.forEach(p => (p.tags || []).forEach(t => tagSet.add(t)));
allTags = [...tagSet].sort();
renderFilters();
// Filter by tag
let filtered = allProtocols;
if (activeFilter !== 'ALL') {
filtered = filtered.filter(p => (p.tags || []).some(t => t.toLowerCase() === activeFilter.toLowerCase()));
}
// Filter + score by search query
if (q.trim()) {
var query = q.toLowerCase().trim();
var scored = filtered.map(function(p) {
var score = 0;
if ((p.title || '').toLowerCase().includes(query)) score += 100;
if ((p.tags || []).some(function(t) { return t.toLowerCase().includes(query); })) score += 50;
if ((p.source || '').toLowerCase().includes(query)) score += 30;
if ((p.author || '').toLowerCase().includes(query)) score += 30;
if ((p.description || '').toLowerCase().includes(query)) score += 10;
if ((p.steps || []).some(function(s) {
return (s.headline || '').toLowerCase().includes(query) || (s.description || '').toLowerCase().includes(query);
})) score += 5;
if ((p.outcome || '').toLowerCase().includes(query)) score += 3;
if ((p.practice || '').toLowerCase().includes(query)) score += 3;
return { p: p, score: score };
}).filter(function(item) { return item.score > 0; });
if (sortBy === 'relevance') {
scored.sort(function(a, b) { return b.score - a.score; });
} else {
scored.sort(function(a, b) { return (b.p.created_at || '').localeCompare(a.p.created_at || ''); });
}
filtered = scored.map(function(item) { return item.p; });
} else {
// No search query — sort by date (newest first)
filtered = filtered.slice().sort(function(a, b) {
return (b.created_at || '').localeCompare(a.created_at || '');
});
}
renderProtocolGrid(filtered);
renderSortToggle();
} catch (e) {
document.getElementById('protocolGrid').innerHTML = '<div class="empty">No protocols found. ' + escapeHtml(e.message) + '</div>';
}
}
function setSort(mode) {
sortBy = mode;
document.querySelectorAll('.sort-option').forEach(function(el) {
el.classList.toggle('active', el.textContent.trim().startsWith(mode === 'date' ? 'date' : 'relevance'));
});
loadProtocols();
}
function renderSortToggle() {
// Update active state based on current sortBy
document.querySelectorAll('.sort-option').forEach(function(el) {
var isDate = el.textContent.trim().startsWith('date');
el.classList.toggle('active', (sortBy === 'date' && isDate) || (sortBy === 'relevance' && !isDate));
});
}
function renderFilters() {
const bar = document.getElementById('filterBar');
if (!bar) return;
var q = document.getElementById('tagSearch') ? document.getElementById('tagSearch').value.toLowerCase().trim() : '';
var tags = allTags.slice().sort();
if (q) {
tags = tags.filter(function(t) { return t.toLowerCase().includes(q); });
} else {
tags = tags.slice(0, 10); // Show top 10 tags by default
}
tags = ['all', ...tags];
bar.innerHTML = tags.map(function(t) {
var display = t === 'all' ? 'all' : t;
return '<span class="filter-pill ' + (t === activeFilter.toLowerCase() ? 'active' : '') + '" onclick="setFilter(\'' + t + '\')">' + escapeHtml(display) + '</span>';
}).join('');
}
function toggleFilterPanel() {
var panel = document.getElementById('filterPanel');
var toggle = document.querySelector('.filter-toggle');
panel.classList.toggle('open');
toggle.classList.toggle('active', panel.classList.contains('open'));
}
function renderFilteredTags() {
renderFilters();
}
function setFilter(tag) {
activeFilter = tag;
loadProtocols();
}
function renderProtocolGrid(protocols) {
const grid = document.getElementById('protocolGrid');
if (!protocols.length) {
grid.innerHTML = '<div class="empty">No protocols yet. <a href="#create" onclick="navigate(\'create\');return false">Create one</a></div>';
return;
}
grid.innerHTML = protocols.map(function(p) {
var sourceLabel = p.source || (p.author ? '@' + p.author : '');
var tags = (p.tags || []).map(function(t) { return '<span class="tag">' + escapeHtml(t) + '</span>'; }).join('');
return '<div class="protocol-pill" onclick="showDetail(\'' + p.slug + '\')">' +
'<div class="info"><h3>' + escapeHtml(p.title) + '</h3>' +
'<p>' + escapeHtml(p.description || '') + '</p>' +
(tags ? '<div class="tag-row">' + tags + '</div>' : '') + '</div>' +
'<div class="meta"><div class="steps">' + (p.steps || []).length + ' steps</div>' +
'<div>' + escapeHtml(sourceLabel) + '</div></div></div>';
}).join('');
}
// (iconFor removed — icons are no longer used)
// --- Detail ---
async function showDetail(slug) {
location.hash = 'protocols/' + slug;
document.querySelectorAll('.view').forEach(v => v.style.display = 'none');
document.getElementById('view-detail').style.display = 'block';
document.querySelectorAll('header nav a').forEach(a => a.classList.remove('active'));
document.querySelectorAll('.mobile-panel a').forEach(a => a.classList.remove('active'));
document.getElementById('crumbPath').textContent = 'protocols/' + slug;
closeMenu();
try {
const p = await api('/protocols/' + slug);
document.getElementById('detailContent').innerHTML = renderDetail(p);
renderDetailActions(p);
} catch (e) {
document.getElementById('detailContent').innerHTML = '<div class="empty">Protocol not found</div>';
document.getElementById('detailActions').innerHTML = '';
}
}
function renderDetail(p) {
const tags = (p.tags || []).map(t => '<span class="tag">' + escapeHtml(t) + '</span>').join('');
const steps = (p.steps || []).map(function(s, i) {
return '<div class="step"><div class="number">' + String(i+1).padStart(2,'0') + '</div>' +
'<div class="content"><h4>' + escapeHtml(s.headline) + '</h4><p>' + escapeHtml(s.description || '') + '</p></div></div>';
}).join('');
const forkNotice = p.forked_from ? '<div class="fork-notice">forked from: <a href="#protocol/' + p.forked_from + '" onclick="showDetail(\'' + p.forked_from + '\');return false">' + p.forked_from + '</a></div>' : '';
const sourceLine = p.source ? 'SOURCE: ' + escapeHtml(p.source) : '';
var sourceLink = p.source_url ? ' · <a href="' + escapeHtml(p.source_url) + '" target="_blank">view_original</a>' : '';
var authorLine = p.author ? ' · authored by <a href="#user/' + p.author + '" onclick="showUser(\'' + p.author + '\');return false">@' + escapeHtml(p.author) + '</a>' : '';
var dateLine = p.created_at ? ' · added ' + formatDate(p.created_at) : '';
return '<div class="detail-header"><div class="tag-row">' + tags + '</div>' +
'<h1>' + escapeHtml(p.title) + '</h1>' +
'<p class="description">' + escapeHtml(p.description || '') + '</p>' +
'<div class="source">' + sourceLine + sourceLink + authorLine + dateLine + '</div>' +
forkNotice + '</div>' +
(steps ? '<div class="detail-section"><h2>Steps</h2>' + steps + '</div>' : '') +
(p.outcome ? '<div class="detail-section"><h2>Outcome</h2><p class="outcome">' + escapeHtml(p.outcome) + '</p></div>' : '') +
(p.practice ? '<div class="detail-section"><h2>Practice</h2><p class="practice">' + escapeHtml(p.practice) + '</p></div>' : '');
}
function renderDetailActions(p) {
const actions = document.getElementById('detailActions');
const canEdit = currentUser && (p.author_id == currentUser.id || currentUser.role === 'admin');
let html = '<button class="btn primary" onclick="forkProtocol(\'' + p.slug + '\')">Fork Protocol</button>' +
'<button class="btn" onclick="exportYaml(\'' + p.slug + '\')">Export YAML</button>';
if (canEdit) {
html += '<button class="btn" onclick="editProtocol(\'' + p.slug + '\')">Edit</button>' +
'<button class="btn danger" onclick="deleteProtocol(\'' + p.slug + '\')">Delete</button>';
}
actions.innerHTML = html;
}
function forkProtocol(slug) {
if (!currentUser) { toast('Sign in to fork protocols', true); return; }
api('/protocols/' + slug).then(function(p) {
navigate('create');
editingSlug = null;
document.querySelector('[name=title]').value = p.title + ' (Fork)';
document.querySelector('[name=description]').value = p.description || '';
currentTags = [...(p.tags || [])];
renderTagChips();
loadExistingTags();
document.querySelector('[name=source]').value = '@' + currentUser.username;
document.querySelector('[name=source_url]').value = p.source_url || '';
document.querySelector('[name=outcome]').value = p.outcome || '';
document.querySelector('[name=practice]').value = p.practice || '';
editingSlug = '__fork__' + slug;
document.getElementById('stepsEditor').innerHTML = '';
(p.steps || []).forEach(function(s) { addStep(s.headline, s.description); });
toast('Forking protocol — edit and save to create your version');
});
}
function editProtocol(slug) {
api('/protocols/' + slug).then(function(p) {
navigate('create');
editingSlug = slug;
document.querySelector('[name=title]').value = p.title;
document.querySelector('[name=description]').value = p.description || '';
currentTags = [...(p.tags || [])];
renderTagChips();
loadExistingTags();
document.querySelector('[name=source]').value = p.source || '';
document.querySelector('[name=source_url]').value = p.source_url || '';
document.querySelector('[name=outcome]').value = p.outcome || '';
document.querySelector('[name=practice]').value = p.practice || '';
document.querySelector('[name=visibility]').value = p.visibility || 'public';
document.getElementById('stepsEditor').innerHTML = '';
(p.steps || []).forEach(function(s) { addStep(s.headline, s.description); });
});
}
async function deleteProtocol(slug) {
if (!confirm('Delete this protocol? This cannot be undone.')) return;
try {
await api('/protocols/' + slug, { method: 'DELETE' });
toast('Protocol deleted');
navigate('library');
} catch (e) { toast(e.message, true); }
}
function exportYaml(slug) {
window.open(API + '/protocols/' + slug + '/yaml', '_blank');
}
// --- Tag management ---
async function loadExistingTags() {
try {
var protocols = await api('/protocols');
var tagSet = new Set();
protocols.forEach(function(p) { (p.tags || []).forEach(function(t) { tagSet.add(t); }); });
allExistingTags = [...tagSet].sort();
} catch (e) { allExistingTags = []; }
}
function renderTagChips() {
var container = document.getElementById('tagChips');
container.innerHTML = currentTags.map(function(t, i) {
return '<span class="tag-chip">' + escapeHtml(t) + '<button type="button" class="tag-remove" onclick="removeTag(' + i + ')">×</button></span>';
}).join('');
}
function addTag(tag) {
tag = tag.trim().toLowerCase();
if (!tag || currentTags.includes(tag)) return;
currentTags.push(tag);
renderTagChips();
document.getElementById('tagInput').value = '';
hideTagSuggestions();
}
function removeTag(i) {
currentTags.splice(i, 1);
renderTagChips();
}
function handleTagKeydown(e) {
if (e.key === 'Enter' || e.key === ',') {
e.preventDefault();
var val = e.target.value.trim();
if (val) addTag(val);
} else if (e.key === 'Backspace' && !e.target.value && currentTags.length) {
removeTag(currentTags.length - 1);
}
}
function showTagSuggestions() {
var q = document.getElementById('tagInput').value.trim().toLowerCase();
if (!q) { hideTagSuggestions(); return; }
var matches = allExistingTags.filter(function(t) { return t.includes(q) && !currentTags.includes(t); }).slice(0, 6);
var el = document.getElementById('tagSuggestions');
if (!matches.length) { hideTagSuggestions(); return; }
el.innerHTML = matches.map(function(t) {
return '<div class="tag-suggestion" onclick="addTag(\'' + escapeHtml(t) + '\')">' + escapeHtml(t) + '</div>';
}).join('');
el.style.display = 'block';
}
function hideTagSuggestions() {
document.getElementById('tagSuggestions').style.display = 'none';
}
// --- Create/Edit ---
function resetForm() {
document.getElementById('protocolForm').reset();
document.getElementById('stepsEditor').innerHTML = '';
editingSlug = null;
currentTags = [];
renderTagChips();
loadExistingTags();
}
function addStep(headline, description) {
headline = headline || '';
description = description || '';
const editor = document.getElementById('stepsEditor');
const div = document.createElement('div');
div.className = 'step-editor';
const num = editor.children.length + 1;
div.innerHTML =
'<div class="step-num">&gt; step ' + String(num).padStart(2,'0') + '</div>' +
'<div class="step-field"><label>Headline</label>' +
'<input type="text" class="step-headline" value="' + escapeHtml(headline) + '" placeholder="Step headline"></div>' +
'<div class="step-field"><label>Description</label>' +
'<input type="text" class="step-desc" value="' + escapeHtml(description) + '" placeholder="One-sentence description"></div>' +
'<button class="remove-step" onclick="this.closest(\'.step-editor\').remove(); renumberSteps();">remove step</button>';
editor.appendChild(div);
renumberSteps();
}
function renumberSteps() {
document.querySelectorAll('#stepsEditor .step-editor').forEach(function(el, i) {
el.querySelector('.step-num').textContent = '> step ' + String(i+1).padStart(2,'0');
});
}
async function saveProtocol(e) {
e.preventDefault();
if (!currentUser) { toast('Sign in to create protocols', true); openAuthModal('login'); return; }
const form = e.target;
const forkedFrom = editingSlug && editingSlug.startsWith('__fork__') ? editingSlug.replace('__fork__', '') : null;
const isEdit = editingSlug && !forkedFrom;
const data = {
title: form.title.value,
description: form.description.value,
tags: currentTags.slice(),
source: form.source.value || '@' + currentUser.username,
source_url: form.source_url.value,
outcome: form.outcome.value,
practice: form.practice.value,
visibility: form.visibility.value,
forked_from: forkedFrom,
steps: [...document.querySelectorAll('#stepsEditor .step-editor')].map(function(el) {
return {
headline: el.querySelector('.step-headline').value,
description: el.querySelector('.step-desc').value,
};
}),
};
try {
if (isEdit) {
await api('/protocols/' + editingSlug, { method: 'PUT', body: JSON.stringify(data) });
toast('Protocol updated');
showDetail(editingSlug);
} else {
const created = await api('/protocols', { method: 'POST', body: JSON.stringify(data) });
toast('Protocol created');
showDetail(created.slug);
}
} catch (err) { toast(err.message, true); }
}
// --- Collections ---
async function loadCollections() {
try {
var collections = await api('/collections');
var q = document.getElementById('collectionSearch') ? document.getElementById('collectionSearch').value.toLowerCase().trim() : '';
if (q) {
collections = collections.filter(function(c) {
return (c.title || '').toLowerCase().includes(q) || (c.description || '').toLowerCase().includes(q) || (c.author || '').toLowerCase().includes(q);
});
}
var grid = document.getElementById('collectionsGrid');
if (!collections.length) {
grid.innerHTML = '<div class="empty">No collections yet. <a href="#" onclick="navigate(\'create-collection\');return false">Create one</a></div>';
return;
}
grid.innerHTML = collections.map(function(c) {
var sourceLabel = c.author ? '@' + c.author : (c.source || '');
return '<div class="protocol-pill collection" onclick="showCollectionDetail(\'' + c.slug + '\')">' +
'<div class="info"><h3>' + escapeHtml(c.title) + '</h3><p>' + escapeHtml(c.description || '') + '</p></div>' +
'<div class="meta"><div class="steps">' + (c.item_count || 0) + ' protocols</div><div>' + escapeHtml(sourceLabel) + '</div></div></div>';
}).join('');
} catch (e) {
document.getElementById('collectionsGrid').innerHTML = '<div class="empty">' + escapeHtml(e.message) + '</div>';
}
}
function resetCollectionForm() {
document.getElementById('collectionForm').reset();
collectionSelectedProtocols = [];
loadProtocolPicker();
}
async function loadProtocolPicker(selectedSlugs) {
selectedSlugs = selectedSlugs || [];
collectionSelectedProtocols = [...selectedSlugs];
const picker = document.getElementById('collProtocolPicker');
picker.innerHTML =
'<div class="selected-list" id="selectedList"></div>' +
'<div class="search-bar" style="margin-bottom:12px"><span class="prompt">&gt;</span><input type="text" id="pickerSearch" placeholder="search protocols to add..." oninput="filterPickerProtocols()"></div>' +
'<div id="pickerList"><div class="empty">Search for protocols above to add them.</div></div>';
try {
pickerProtocolList = await api('/protocols');
} catch (e) {
pickerProtocolList = [];
}
// Don't render the list — it starts empty, user searches to add
}
function renderPickerList(protocols) {
const list = document.getElementById('pickerList');
if (!protocols.length) {
list.innerHTML = '<div class="empty">No matching protocols found.</div>';
return;
}
list.innerHTML = '<div class="protocol-grid">' + protocols.map(function(p) {
var selected = collectionSelectedProtocols.includes(p.slug);
var sourceLabel = p.source || (p.author ? '@' + p.author : '');
var tags = (p.tags || []).map(function(t) { return '<span class="tag">' + escapeHtml(t) + '</span>'; }).join('');
return '<div class="protocol-pill picker-pill' + (selected ? ' selected' : '') + '" data-slug="' + escapeHtml(p.slug) + '" onclick="toggleProtocolSelectClick(\'' + escapeHtml(p.slug) + '\', this)">' +
'<div class="info"><h3>' + escapeHtml(p.title) + '</h3>' +
'<p>' + escapeHtml(p.description || '') + '</p>' +
(tags ? '<div class="tag-row">' + tags + '</div>' : '') + '</div>' +
'<div class="meta"><div class="steps">' + (p.steps || []).length + ' steps</div>' +
'<div>' + escapeHtml(sourceLabel) + '</div></div></div>';
}).join('') + '</div>';
}
function toggleProtocolSelectClick(slug, el) {
var i = collectionSelectedProtocols.indexOf(slug);
if (i >= 0) {
collectionSelectedProtocols.splice(i, 1);
el.classList.remove('selected');
} else {
collectionSelectedProtocols.push(slug);
el.classList.add('selected');
}
renderSelectedList();
}
function renderSelectedList() {
var container = document.getElementById('selectedList');
if (!container) return;
if (!collectionSelectedProtocols.length) {
container.innerHTML = '';
return;
}
container.innerHTML = '<div class="selected-list-header">Selected protocols (' + collectionSelectedProtocols.length + ')</div>' +
collectionSelectedProtocols.map(function(slug, i) {
// Find protocol in the cached list for display
var p = pickerProtocolList.find(function(proto) { return proto.slug === slug; });
var title = p ? escapeHtml(p.title) : escapeHtml(slug);
return '<div class="selected-item" data-slug="' + escapeHtml(slug) + '">' +
'<span class="selected-position">' + (i + 1) + '</span>' +
'<span class="selected-title">' + title + '</span>' +
'<button type="button" class="selected-move" onclick="moveSelected(' + i + ', -1)" title="move up">▲</button>' +
'<button type="button" class="selected-move" onclick="moveSelected(' + i + ', 1)" title="move down">▼</button>' +
'<button type="button" class="selected-remove" onclick="removeSelected(' + i + ')" title="remove">×</button>' +
'</div>';
}).join('');
}
function moveSelected(i, dir) {
var j = i + dir;
if (j < 0 || j >= collectionSelectedProtocols.length) return;
var tmp = collectionSelectedProtocols[i];
collectionSelectedProtocols[i] = collectionSelectedProtocols[j];
collectionSelectedProtocols[j] = tmp;
renderSelectedList();
// Update picker highlight if visible
refreshPickerHighlight();
}
function removeSelected(i) {
var slug = collectionSelectedProtocols[i];
collectionSelectedProtocols.splice(i, 1);
renderSelectedList();
refreshPickerHighlight();
}
function refreshPickerHighlight() {
document.querySelectorAll('.picker-pill').forEach(function(el) {
var slug = el.dataset.slug;
if (slug) {
el.classList.toggle('selected', collectionSelectedProtocols.includes(slug));
}
});
}
function filterPickerProtocols() {
var q = document.getElementById('pickerSearch').value.toLowerCase().trim();
var filtered = pickerProtocolList.filter(function(p) {
return !q || p.title.toLowerCase().includes(q) || (p.description || '').toLowerCase().includes(q) || (p.tags || []).some(function(t) { return t.toLowerCase().includes(q); });
});
renderPickerList(filtered);
}
// (checkbox-based toggle removed — now using toggleProtocolSelectClick)
async function saveCollection(e) {
e.preventDefault();
if (!currentUser) { toast('Sign in to create collections', true); openAuthModal('login'); return; }
const form = e.target;
var data = {
title: form['coll-title'].value,
description: form['coll-description'].value,
source: form['coll-source'].value || '@' + currentUser.username,
visibility: form['coll-visibility'].value,
items: collectionSelectedProtocols.map(function(slug) { return { type: 'protocol', slug: slug }; }),
};
try {
if (editingCollectionSlug) {
await api('/collections/' + editingCollectionSlug, { method: 'PUT', body: JSON.stringify(data) });
toast('Collection updated');
showCollectionDetail(editingCollectionSlug);
} else {
var created = await api('/collections', { method: 'POST', body: JSON.stringify(data) });
toast('Collection created');
showCollectionDetail(created.slug);
}
} catch (err) { toast(err.message, true); }
}
async function showCollectionDetail(slug) {
location.hash = 'collections/' + slug;
document.querySelectorAll('.view').forEach(v => v.style.display = 'none');
document.getElementById('view-collection-detail').style.display = 'block';
document.querySelectorAll('header nav a').forEach(a => a.classList.remove('active'));
document.querySelectorAll('.mobile-panel a').forEach(a => a.classList.remove('active'));
document.getElementById('crumbPath').textContent = 'collections/' + slug;
closeMenu();
try {
var c = await api('/collections/' + slug);
var itemsHtml = '';
for (var i = 0; i < (c.items || []).length; i++) {
var item = c.items[i];
if (item.type === 'protocol') {
try {
var p = await api('/protocols/' + item.slug);
itemsHtml += '<div class="protocol-pill" onclick="showDetail(\'' + p.slug + '\')">' +
'<div class="info"><h3>' + escapeHtml(p.title) + '</h3>' +
'<p>' + escapeHtml(p.description || '') + '</p>' +
(p.tags && p.tags.length ? '<div class="tag-row">' + p.tags.map(function(t) { return '<span class="tag">' + escapeHtml(t) + '</span>'; }).join('') + '</div>' : '') + '</div>' +
'<div class="meta"><div class="steps">' + (p.steps || []).length + ' steps</div></div></div>';
} catch (e2) {
itemsHtml += '<div class="protocol-pill"><div class="info"><h3>' + escapeHtml(item.slug) + '</h3><p>Protocol not found</p></div></div>';
}
}
}
var sourceLine = c.source ? 'SOURCE: ' + escapeHtml(c.source) : '';
var authorLine = c.author ? ' · authored by <a href="#user/' + c.author + '" onclick="showUser(\'' + c.author + '\');return false">@' + escapeHtml(c.author) + '</a>' : '';
var dateLine = c.created_at ? ' · added ' + formatDate(c.created_at) : '';
document.getElementById('collectionDetailContent').innerHTML =
'<div class="detail-header"><h1>' + escapeHtml(c.title) + '</h1>' +
'<p class="description">' + escapeHtml(c.description || '') + '</p>' +
'<div class="source">' + sourceLine + authorLine + dateLine + '</div></div>' +
(itemsHtml ? '<div class="detail-section"><h2>Protocols (' + (c.items || []).length + ')</h2><div class="protocol-grid">' + itemsHtml + '</div></div>' : '<div class="empty">No protocols in this collection yet.</div>');
var canEdit = currentUser && (c.author_id == currentUser.id || currentUser.role === 'admin');
var actionsHtml = '';
if (canEdit) {
actionsHtml += '<button class="btn" onclick="editCollection(\'' + c.slug + '\')">Edit</button>' +
'<button class="btn danger" onclick="deleteCollection(\'' + c.slug + '\')">Delete</button>';
}
document.getElementById('collectionDetailActions').innerHTML = actionsHtml;
} catch (e) {
document.getElementById('collectionDetailContent').innerHTML = '<div class="empty">Collection not found</div>';
document.getElementById('collectionDetailActions').innerHTML = '';
}
}
function editCollection(slug) {
api('/collections/' + slug).then(function(c) {
navigate('create-collection');
editingCollectionSlug = slug;
document.querySelector('[name=coll-title]').value = c.title;
document.querySelector('[name=coll-description]').value = c.description || '';
document.querySelector('[name=coll-source]').value = c.source || '';
document.querySelector('[name=coll-visibility]').value = c.visibility || 'public';
var selectedSlugs = (c.items || []).filter(function(i) { return i.type === 'protocol'; }).map(function(i) { return i.slug; });
loadProtocolPicker(selectedSlugs).then(function() { renderSelectedList(); });
});
}
async function deleteCollection(slug) {
if (!confirm('Delete this collection? This cannot be undone.')) return;
try {
await api('/collections/' + slug, { method: 'DELETE' });
toast('Collection deleted');
navigate('collections');
} catch (e) { toast(e.message, true); }
}
// --- User Profile ---
async function showUser(username) {
document.querySelectorAll('.view').forEach(v => v.style.display = 'none');
document.getElementById('view-detail').style.display = 'block';
document.querySelectorAll('header nav a').forEach(a => a.classList.remove('active'));
document.querySelectorAll('.mobile-panel a').forEach(a => a.classList.remove('active'));
document.getElementById('crumbPath').textContent = 'users/' + username;
closeMenu();
try {
const data = await api('/users/' + username);
const p = data.protocols || [];
const c = data.collections || [];
document.getElementById('detailContent').innerHTML =
'<div class="profile-card"><h2>@' + escapeHtml(data.user.username) + '</h2>' +
(data.user.display_name ? '<div class="bio">' + escapeHtml(data.user.display_name) + '</div>' : '') +
(data.user.bio ? '<div class="bio">' + escapeHtml(data.user.bio) + '</div>' : '') + '</div>' +
(p.length ? '<div class="detail-section"><h2>Protocols (' + p.length + ')</h2>' +
p.map(function(proto) {
return '<div class="protocol-pill" onclick="showDetail(\'' + proto.slug + '\')">' +
'<div class="info"><h3>' + escapeHtml(proto.title) + '</h3>' +
'<p>' + escapeHtml(proto.description||'') + '</p>' +
(proto.tags && proto.tags.length ? '<div class="tag-row">' + proto.tags.map(function(t) { return '<span class="tag">' + escapeHtml(t) + '</span>'; }).join('') + '</div>' : '') + '</div>' +
'<div class="meta"><div class="steps">' + (proto.steps || []).length + ' steps</div></div></div>';
}).join('') +
'</div>' : '') +
(c.length ? '<div class="detail-section"><h2>Collections (' + c.length + ')</h2>' +
c.map(function(col) {
return '<div class="protocol-pill collection" onclick="showCollectionDetail(\'' + col.slug + '\')"><div class="icon">[+]</div>' +
'<div class="info"><h3>' + escapeHtml(col.title) + '</h3><p>' + escapeHtml(col.description||'') + '</p></div></div>';
}).join('') +
'</div>' : '');
document.getElementById('detailActions').innerHTML = '';
} catch (e) {
document.getElementById('detailContent').innerHTML = '<div class="empty">User not found</div>';
}
}
// --- Toast ---
let toastTimer = null;
function toast(msg, isError) {
const el = document.getElementById('toast');
el.textContent = msg;
el.style.display = 'block';
el.style.borderColor = isError ? '#c0392b' : 'var(--accent-bright)';
if (toastTimer) clearTimeout(toastTimer);
toastTimer = setTimeout(function() { el.style.display = 'none'; }, 3000);
}
// --- Util ---
function escapeHtml(s) {
if (s === null || s === undefined) return '';
return String(s).replace(/&/g,'&amp;').replace(/</g,'&lt;').replace(/>/g,'&gt;').replace(/"/g,'&quot;').replace(/'/g,'&#39;');
}
function formatDate(s) {
if (!s) return '';
// Normalize MySQL DATETIME format (space-separated) to ISO
var d = new Date(String(s).replace(' ', 'T'));
if (isNaN(d)) return s;
var months = ['Jan','Feb','Mar','Apr','May','Jun','Jul','Aug','Sep','Oct','Nov','Dec'];
return months[d.getMonth()] + ' ' + d.getDate() + ', ' + d.getFullYear();
}
// --- Boot ---
init();
+237
View File
@@ -0,0 +1,237 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Protocol Droid</title>
<link rel="stylesheet" href="/frontend/style.css">
<meta name="theme-color" content="#0a1929">
</head>
<body>
<header>
<div class="breadcrumb" onclick="navigate('library')">
<span><span class="prompt">$</span> protocol-droid</span>
<span class="crumb-path" id="crumbPath"></span>
</div>
<nav id="navBar">
<a href="#library" class="active" data-view="library">PROTOCOLS</a>
<a href="#collections" data-view="collections">COLLECTIONS</a>
<a href="#about" data-view="about">ABOUT</a>
</nav>
<div class="auth-area" id="authArea"></div>
<button class="hamburger" id="hamburger" onclick="toggleMenu()">&#9776;</button>
</header>
<div class="mobile-panel" id="mobilePanel">
<a href="#library" data-view="library" class="active" onclick="mobileNav('library')">PROTOCOLS</a>
<a href="#collections" data-view="collections" onclick="mobileNav('collections')">COLLECTIONS</a>
<a href="#about" data-view="about" onclick="mobileNav('about')">ABOUT</a>
<div class="mobile-auth" id="mobileAuth"></div>
</div>
<main class="main">
<!-- LIBRARY VIEW -->
<section class="view" id="view-library" style="display:none">
<div class="toolbar">
<div class="search-bar">
<span class="prompt">&gt;</span>
<input type="text" id="searchInput" placeholder="search protocols..." oninput="debouncedLoadProtocols()">
</div>
<button class="btn create-btn" onclick="navigate('create')"><span class="create-text">+ Create</span><span class="create-plus">+</span></button>
</div>
<div class="sort-bar" id="sortBar">
<span class="sort-label">sort:</span>
<span class="sort-option active" onclick="setSort('date')">date added</span>
<span class="sort-option" onclick="setSort('relevance')">relevance</span>
<span class="filter-toggle" onclick="toggleFilterPanel()">&#9776; filter</span>
</div>
<div class="filter-panel" id="filterPanel">
<div class="search-bar" style="margin-bottom:10px">
<span class="prompt">&gt;</span>
<input type="text" id="tagSearch" placeholder="search tags..." oninput="renderFilteredTags()">
</div>
<div class="filters" id="filterBar"></div>
</div>
<div class="protocol-grid" id="protocolGrid"></div>
</section>
<!-- ABOUT VIEW -->
<section class="view" id="view-about" style="display:none">
<div class="detail-header">
<h1>About Protocol Droid</h1>
<p class="description">A tool for authoring, sharing, and curating social protocols.</p>
</div>
<div class="detail-section">
<p class="outcome">Protocol Droid is a project of the <a href="https://MEDLab.host" target="_blank">Media Economies Design Lab</a> at the University of Colorado Boulder. The name is inspired by the class of droids in Star Wars known as protocol droids, which help facilitate cross-cultural interactions.</p>
<p class="outcome" style="margin-top:12px">This project is inspired by RegenHub's <a href="https://library.regenhub.xyz/" target="_blank">Protocol Library</a>, developed by Kevin Owocki, and draws on the experience of MEDLab's <a href="https://communityrule.info" target="_blank">CommunityRule</a> platform.</p>
</div>
<div class="detail-section">
<h2>What is a protocol?</h2>
<p class="outcome">A protocol is a pattern of interaction among people, generally in the form of a particular sequence of actions. Protocols are micro-practices — more specific than patterns and more interaction-focused than rules. A rule says "decisions are made by consensus." A protocol says "here's the step-by-step process for reaching consensus in a meeting."</p>
</div>
<div class="detail-section">
<h2>Features</h2>
<p class="outcome">Browse a library of protocols contributed by the community. Author your own protocols with structured fields — steps, outcomes, practice tips. Fork existing protocols and adapt them to your context. Curate collections of protocols and share them. Tag protocols for discoverability. Export and import protocols as portable YAML files.</p>
</div>
<div class="detail-section">
<h2>Self-hosting</h2>
<p class="outcome">Protocol Droid is designed to be self-hostable and whitelabel-able. It runs on a standard LAMP stack with no external dependencies — no web fonts, no CDNs, no tracking. Deploy on Cloudron, any LAMP server, or your own infrastructure. Configure your site name, tagline, and theme through a simple config file.</p>
</div>
<div class="detail-section">
<h2>Sister project</h2>
<p class="outcome">Protocol Droid has a sister project: the <a href="https://git.medlab.host/ntnsndr/protocol-bicorder" target="_blank">Protocol Bicorder</a> — a diagnostic tool for evaluating protocols along a series of gradients between opposing terms. Where Protocol Droid is for documenting and sharing protocols, the Bicorder is for analyzing and comparing them.</p>
</div>
<div class="detail-section">
<h2>License</h2>
<p class="outcome">Hippocratic License (HL3-CORE) — do no harm. See <a href="https://firstdonoharm.dev/" target="_blank">firstdonoharm.dev</a>. Source code available on <a href="https://git.medlab.host/ntnsndr/protocol-droid" target="_blank">Gitea</a>.</p>
</div>
</section>
<!-- PROTOCOL DETAIL VIEW -->
<section class="view" id="view-detail" style="display:none">
<div id="detailContent"></div>
<div class="actions" id="detailActions"></div>
</section>
<!-- CREATE/EDIT PROTOCOL VIEW -->
<section class="view" id="view-create" style="display:none">
<form id="protocolForm" onsubmit="saveProtocol(event)">
<div class="form-group">
<label>Title</label>
<input type="text" name="title" required maxlength="255" placeholder="Round Robin Check-In">
</div>
<div class="form-group">
<label>Description</label>
<textarea name="description" rows="2" maxlength="280" placeholder="A sentence or two about its context and purpose"></textarea>
</div>
<div class="form-group">
<label>Tags</label>
<div class="tag-input-wrapper">
<div class="tag-chips" id="tagChips"></div>
<input type="text" id="tagInput" placeholder="type a tag and press enter..." onkeydown="handleTagKeydown(event)" oninput="showTagSuggestions()">
<div class="tag-suggestions" id="tagSuggestions"></div>
</div>
</div>
<div class="form-group">
<label>Source</label>
<input type="text" name="source" placeholder="Group Works Deck (or @username)">
</div>
<div class="form-group">
<label>Source URL</label>
<input type="text" name="source_url" placeholder="https://...">
</div>
<div id="stepsEditor"></div>
<button type="button" class="btn add-step" onclick="addStep()">+ Add Step</button>
<div class="form-group">
<label>Outcome</label>
<textarea name="outcome" rows="2" placeholder="What should happen if it is done right"></textarea>
</div>
<div class="form-group">
<label>Practice</label>
<textarea name="practice" rows="3" placeholder="Tips for learning to do it better"></textarea>
</div>
<div class="form-group">
<label>Visibility</label>
<select name="visibility">
<option value="public">Public — visible in the library</option>
<option value="unlisted">Unlisted — accessible by URL only</option>
<option value="private">Private — only visible to you</option>
</select>
</div>
<div class="actions">
<button type="submit" class="btn primary">Save Protocol</button>
<button type="button" class="btn" onclick="navigate('library')">Cancel</button>
</div>
</form>
</section>
<!-- COLLECTIONS VIEW -->
<section class="view" id="view-collections" style="display:none">
<div class="toolbar">
<div class="search-bar">
<span class="prompt">&gt;</span>
<input type="text" id="collectionSearch" placeholder="search collections..." oninput="loadCollections()">
</div>
<button class="btn create-btn" onclick="navigate('create-collection')"><span class="create-text">+ Create</span><span class="create-plus">+</span></button>
</div>
<div class="protocol-grid" id="collectionsGrid"></div>
</section>
<!-- CREATE/EDIT COLLECTION VIEW -->
<section class="view" id="view-create-collection" style="display:none">
<form id="collectionForm" onsubmit="saveCollection(event)">
<div class="form-group">
<label>Title</label>
<input type="text" name="coll-title" required maxlength="255" placeholder="Protocols for Mutual Aid Groups">
</div>
<div class="form-group">
<label>Description</label>
<textarea name="coll-description" rows="2" maxlength="280" placeholder="A sentence or two about the collection's context and purpose"></textarea>
</div>
<div class="form-group">
<label>Source</label>
<input type="text" name="coll-source" placeholder="Author or community (or @username)">
</div>
<div class="form-group">
<label>Visibility</label>
<select name="coll-visibility">
<option value="public">Public — visible in the library</option>
<option value="unlisted">Unlisted — accessible by URL only</option>
<option value="private">Private — only visible to you</option>
</select>
</div>
<div class="form-group">
<label>Add protocols to this collection</label>
<div id="collProtocolPicker"></div>
</div>
<div class="actions">
<button type="submit" class="btn primary">Save Collection</button>
<button type="button" class="btn" onclick="navigate('collections')">Cancel</button>
</div>
</form>
</section>
<!-- COLLECTION DETAIL VIEW -->
<section class="view" id="view-collection-detail" style="display:none">
<div id="collectionDetailContent"></div>
<div class="actions" id="collectionDetailActions"></div>
</section>
<!-- AUTH MODAL -->
<div class="modal-overlay" id="authModal" style="display:none">
<div class="modal">
<h2 id="authModalTitle">Sign In</h2>
<form onsubmit="handleAuth(event)">
<div id="authFormArea">
<div class="form-group">
<label>Username</label>
<input type="text" id="authUsername" required pattern="[a-zA-Z0-9_]{3,32}" placeholder="username">
</div>
<div class="form-group">
<label>Password</label>
<input type="password" id="authPassword" required minlength="6" placeholder="••••••••">
</div>
<div class="form-group" id="displayNameGroup">
<label>Display Name (optional)</label>
<input type="text" id="authDisplayName" placeholder="Jane Doe">
</div>
</div>
<div class="actions">
<button type="submit" class="btn primary" id="authSubmit">Sign In</button>
<button type="button" class="btn" onclick="closeAuthModal()">Cancel</button>
</div>
<div class="auth-toggle" id="authToggle"></div>
</form>
</div>
</div>
<!-- TOAST -->
<div class="toast" id="toast" style="display:none"></div>
</main>
<script src="/frontend/app.js"></script>
</body>
</html>
+530
View File
@@ -0,0 +1,530 @@
/* Protocol Droid — R2-Rebel Blend Stylesheet */
* { box-sizing: border-box; margin: 0; padding: 0; }
:root {
--bg: #f0f4f8;
--bg-grid: #e2e8f0;
--surface: #ffffff;
--panel: #e8edf2;
--ink: #0a1929;
--ink-soft: #4a5568;
--ink-dim: #8896a8;
--accent: #0066cc;
--accent-bright: #00aaff;
--accent-deep: #003d7a;
--green: #00875a;
--green-bright: #00cc88;
--border: #b0bec5;
--border-light: #d0d8e0;
--shadow: 0 2px 8px rgba(0,50,100,0.06);
--shadow-hover: 0 4px 16px rgba(0,102,204,0.10);
--mono: 'SF Mono', 'Courier New', 'Courier', monospace;
--sans: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif;
}
body {
font-family: var(--sans);
background: var(--bg);
background-image:
linear-gradient(var(--bg-grid) 1px, transparent 1px),
linear-gradient(90deg, var(--bg-grid) 1px, transparent 1px);
background-size: 32px 32px;
color: var(--ink);
line-height: 1.5;
-webkit-font-smoothing: antialiased;
}
/* Header */
header {
background: var(--ink);
color: #fff;
padding: 0 16px;
min-height: 52px;
display: flex;
align-items: center;
gap: 12px;
border-bottom: 2px solid var(--accent-bright);
position: relative;
flex-wrap: nowrap;
}
header::after {
content: '';
position: absolute;
bottom: -2px;
left: 0; right: 0;
height: 1px;
background: linear-gradient(90deg, var(--green-bright), var(--accent-bright), transparent);
}
/* Breadcrumb — two-line header: logo on top, location below */
header .breadcrumb {
font-family: var(--mono);
font-size: 14px;
letter-spacing: 0.5px;
display: flex;
flex-direction: column;
gap: 0;
color: var(--accent-bright);
cursor: pointer;
flex-shrink: 1;
min-width: 0;
overflow: hidden;
white-space: nowrap;
line-height: 1.2;
}
header .breadcrumb .prompt { color: var(--green-bright); font-weight: normal; }
header .breadcrumb:hover { text-decoration: none; }
header .crumb-path {
font-size: 11px;
color: var(--ink-dim);
overflow: hidden;
text-overflow: ellipsis;
max-width: 100%;
cursor: pointer;
}
/* Desktop nav — inline */
header nav {
margin-left: auto;
display: flex;
gap: 4px;
flex-shrink: 0;
align-items: center;
}
header nav a {
color: #8896a8;
text-decoration: none;
font-size: 12px;
font-family: var(--mono);
padding: 6px 12px;
border: 1px solid transparent;
transition: all 0.15s;
letter-spacing: 0.5px;
white-space: nowrap;
}
header nav a:hover { color: #fff; border-color: rgba(255,255,255,0.15); }
header nav a.active { color: var(--accent-bright); border-color: rgba(0,170,255,0.3); background: rgba(0,170,255,0.08); }
.auth-area { display: flex; align-items: center; gap: 8px; flex-shrink: 0; }
.auth-area .user-link {
color: var(--green-bright);
font-family: var(--mono);
font-size: 12px;
text-decoration: none;
white-space: nowrap;
}
.auth-area .auth-btn {
font-family: var(--mono);
font-size: 12px;
padding: 6px 12px;
border: 1px solid rgba(255,255,255,0.2);
background: transparent;
color: #fff;
cursor: pointer;
border-radius: 4px;
white-space: nowrap;
}
.auth-area .auth-btn:hover { background: rgba(255,255,255,0.1); }
/* Hamburger button — hidden on desktop */
.hamburger {
display: none;
background: none;
border: none;
color: #fff;
font-size: 22px;
cursor: pointer;
padding: 4px 8px;
margin-left: auto;
flex-shrink: 0;
}
/* Mobile dropdown panel */
.mobile-panel {
display: none;
position: absolute;
top: 52px;
left: 0;
right: 0;
background: var(--ink);
border-bottom: 2px solid var(--accent-bright);
padding: 12px 16px;
z-index: 50;
flex-direction: column;
gap: 6px;
}
.mobile-panel.open { display: flex; }
.mobile-panel a {
color: #8896a8;
text-decoration: none;
font-size: 14px;
font-family: var(--mono);
padding: 10px 14px;
border-radius: 4px;
letter-spacing: 0.5px;
}
.mobile-panel a:hover { color: #fff; background: rgba(255,255,255,0.08); }
.mobile-panel a.active { color: var(--accent-bright); background: rgba(0,170,255,0.08); }
.mobile-panel .mobile-auth { display: flex; gap: 8px; margin-top: 8px; padding-top: 8px; border-top: 1px solid rgba(255,255,255,0.1); }
.mobile-panel .mobile-auth .auth-btn {
font-family: var(--mono); font-size: 12px; padding: 6px 12px;
border: 1px solid rgba(255,255,255,0.2); background: transparent; color: #fff;
cursor: pointer; border-radius: 4px; white-space: nowrap;
}
.mobile-panel .mobile-auth .auth-btn:hover { background: rgba(255,255,255,0.1); }
.mobile-panel .mobile-auth .user-link {
color: var(--green-bright); font-family: var(--mono); font-size: 12px; text-decoration: none; white-space: nowrap;
}
/* Main */
.main { max-width: 920px; margin: 0 auto; padding: 24px 16px; }
/* Tagline under header */
.tagline { color: var(--ink-soft); font-size: 14px; margin-bottom: 20px; }
/* Search */
.search-bar {
display: flex; align-items: center; gap: 8px;
background: var(--surface); border: 1px solid var(--border-light);
border-radius: 8px; padding: 8px 14px; margin-bottom: 20px;
}
.search-bar .prompt { font-family: var(--mono); font-size: 13px; color: var(--green); flex-shrink: 0; }
.search-bar input {
border: none; outline: none; background: transparent;
font-family: var(--mono); font-size: 13px; color: var(--ink); flex: 1; min-width: 0;
}
.search-bar input::placeholder { color: var(--ink-dim); }
/* Sort bar */
.sort-bar {
display: flex; align-items: center; gap: 6px; margin-bottom: 16px;
font-family: var(--mono); font-size: 11px; color: var(--ink-dim);
}
.sort-label { letter-spacing: 0.5px; }
.sort-option {
padding: 3px 10px; border-radius: 3px; cursor: pointer;
border: 1px solid transparent; color: var(--ink-soft); transition: all 0.15s;
}
.sort-option:hover { border-color: var(--border-light); }
.sort-option.active { background: var(--panel); color: var(--ink); border-color: var(--border-light); }
.filter-toggle {
margin-left: auto; padding: 3px 10px; border-radius: 3px; cursor: pointer;
color: var(--ink-soft); border: 1px solid transparent; transition: all 0.15s;
}
.filter-toggle:hover { border-color: var(--border-light); }
.filter-toggle.active { background: var(--panel); color: var(--ink); border-color: var(--border-light); }
/* Filter panel — collapsed by default */
.filter-panel { display: none; margin-bottom: 16px; }
.filter-panel.open { display: block; }
/* Filters */
.filters { display: flex; gap: 6px; margin-bottom: 24px; flex-wrap: wrap; }
.filter-pill {
padding: 5px 12px; font-size: 11px; font-family: var(--mono);
background: var(--surface); border: 1px solid var(--border-light);
color: var(--ink-soft); cursor: pointer; transition: all 0.15s;
border-radius: 3px; letter-spacing: 0.5px; white-space: nowrap;
}
.filter-pill:hover { border-color: var(--accent); color: var(--accent); }
.filter-pill.active { background: var(--accent); color: #fff; border-color: var(--accent); }
/* Protocol grid */
.protocol-grid { display: flex; flex-direction: column; gap: 10px; }
.protocol-pill {
background: var(--surface); border: 1px solid var(--border-light);
border-radius: 16px; padding: 14px 20px; display: flex; align-items: flex-start;
gap: 14px; cursor: pointer; transition: all 0.15s; box-shadow: var(--shadow);
}
.protocol-pill:hover { border-color: var(--accent); box-shadow: var(--shadow-hover); transform: translateX(2px); }
.protocol-pill .icon {
width: 38px; height: 38px; border-radius: 10px; background: var(--panel);
display: flex; align-items: center; justify-content: center;
font-size: 18px; font-family: var(--mono); color: var(--accent);
flex-shrink: 0; border: 1px solid var(--border-light);
}
.protocol-pill .info { flex: 1; min-width: 0; }
.protocol-pill .info h3 { font-size: 14px; font-weight: bold; margin-bottom: 2px; font-family: var(--mono); word-break: break-word; }
.protocol-pill .info p {
font-size: 13px; color: var(--ink-soft); font-family: var(--sans);
word-break: break-word; line-height: 1.4;
}
.protocol-pill .meta { font-family: var(--mono); font-size: 11px; color: var(--ink-dim); text-align: right; flex-shrink: 0; white-space: nowrap; }
.protocol-pill .meta .steps { color: var(--accent); font-weight: bold; }
.protocol-pill.collection {
background: var(--ink); color: #fff; border-color: var(--accent-deep);
}
.protocol-pill.collection .icon { background: rgba(0,135,90,0.15); border-color: var(--green-bright); color: var(--green-bright); }
.protocol-pill.collection .info p { color: #8896a8; }
.protocol-pill.collection .meta { color: #8896a8; }
.protocol-pill.collection .meta .steps { color: var(--green-bright); }
/* Detail view */
.back-link { color: var(--accent); text-decoration: none; font-size: 12px; font-family: var(--mono); margin-bottom: 20px; display: inline-block; }
.back-link:hover { text-decoration: underline; }
.detail-header {
background: var(--surface); border-radius: 16px; padding: 24px 20px;
margin-bottom: 16px; border: 1px solid var(--border-light); box-shadow: var(--shadow);
}
.detail-header .tag-row { display: flex; gap: 6px; margin-bottom: 12px; flex-wrap: wrap; }
.detail-header .tag {
font-family: var(--mono); font-size: 10px; padding: 3px 10px; border-radius: 3px;
background: var(--panel); color: var(--ink-soft); letter-spacing: 0.5px;
}
.detail-header h1 {
font-size: 22px; font-weight: bold; margin-bottom: 8px; letter-spacing: -0.3px;
font-family: var(--mono); word-break: break-word;
}
.detail-header .description { font-size: 15px; color: var(--ink-soft); margin-bottom: 16px; font-family: var(--sans); }
.detail-header .source {
font-family: var(--mono); font-size: 11px; color: var(--ink-dim);
border-top: 1px solid var(--border-light); padding-top: 12px;
word-break: break-all;
}
.detail-header .source a { color: var(--accent); text-decoration: none; }
.detail-header .fork-notice {
font-family: var(--mono); font-size: 11px; color: var(--green);
background: rgba(0,135,90,0.06); border: 1px solid rgba(0,135,90,0.15);
border-radius: 4px; padding: 6px 12px; margin-top: 12px; display: inline-block;
}
.detail-section {
background: var(--surface); border-radius: 16px; padding: 20px;
margin-bottom: 12px; border: 1px solid var(--border-light); box-shadow: var(--shadow);
}
.detail-section h2 {
font-size: 12px; font-family: var(--mono); text-transform: uppercase;
letter-spacing: 1.5px; color: var(--accent); margin-bottom: 16px;
}
.detail-section h2::before { content: '// '; color: var(--ink-dim); }
.step { display: flex; gap: 14px; margin-bottom: 14px; padding-bottom: 14px; border-bottom: 1px solid var(--border-light); }
.step:last-child { border-bottom: none; margin-bottom: 0; padding-bottom: 0; }
.step .number { font-family: var(--mono); font-weight: bold; font-size: 13px; color: var(--green); flex-shrink: 0; min-width: 32px; padding-top: 1px; }
.step .number::before { content: '> '; color: var(--ink-dim); }
.step .content h4 { font-size: 14px; font-weight: bold; margin-bottom: 3px; font-family: var(--mono); word-break: break-word; }
.step .content p { font-size: 13px; color: var(--ink-soft); font-family: var(--sans); word-break: break-word; }
.outcome, .practice { font-size: 14px; line-height: 1.6; font-family: var(--sans); }
/* Buttons */
.actions { display: flex; gap: 10px; margin-top: 24px; flex-wrap: wrap; }
.btn {
padding: 9px 18px; border-radius: 8px; font-family: var(--mono); font-size: 12px;
border: 1px solid var(--border); background: var(--surface); color: var(--ink);
cursor: pointer; transition: all 0.15s; letter-spacing: 0.5px;
}
.btn:hover { border-color: var(--accent); color: var(--accent); }
.btn.primary { background: var(--accent); color: #fff; border-color: var(--accent); }
.btn.primary:hover { background: var(--accent-deep); }
.btn.danger { border-color: #c0392b; color: #c0392b; }
.btn.danger:hover { background: #c0392b; color: #fff; }
.btn.add-step { margin: 12px 0; font-size: 12px; color: var(--green); border-color: var(--green); }
.btn.add-step:hover { background: var(--green); color: #fff; }
/* Forms */
.form-group { margin-bottom: 16px; }
.form-group label { display: block; font-family: var(--mono); font-size: 12px; color: var(--ink-soft); margin-bottom: 4px; text-transform: uppercase; letter-spacing: 0.5px; }
.form-group input, .form-group textarea, .form-group select {
width: 100%; padding: 10px 14px; border: 1px solid var(--border-light); border-radius: 8px;
font-family: var(--sans); font-size: 14px; color: var(--ink); background: var(--surface);
}
.form-group input:focus, .form-group textarea:focus, .form-group select:focus {
outline: none; border-color: var(--accent); box-shadow: 0 0 0 2px rgba(0,102,204,0.1);
}
.form-group textarea { resize: vertical; }
/* Step editor */
.step-editor {
background: var(--surface); border: 1px solid var(--border-light);
border-radius: 8px; padding: 16px; margin-bottom: 12px;
}
.step-editor .step-num {
font-family: var(--mono); font-size: 12px; color: var(--green);
margin-bottom: 10px; font-weight: bold;
}
.step-editor .step-field { margin-bottom: 10px; }
.step-editor .step-field label {
display: block; font-family: var(--mono); font-size: 11px;
color: var(--ink-soft); margin-bottom: 3px; text-transform: uppercase; letter-spacing: 0.5px;
}
.step-editor .step-field input {
width: 100%; padding: 8px 12px; border: 1px solid var(--border-light);
border-radius: 6px; font-family: var(--sans); font-size: 14px; color: var(--ink);
background: var(--surface);
}
.step-editor .step-field input:focus {
outline: none; border-color: var(--accent); box-shadow: 0 0 0 2px rgba(0,102,204,0.1);
}
.step-editor .remove-step {
font-size: 11px; color: #c0392b; cursor: pointer; background: none;
border: none; font-family: var(--mono); margin-top: 4px;
}
.step-editor .remove-step:hover { text-decoration: underline; }
/* Modal */
.modal-overlay {
position: fixed; top: 0; left: 0; right: 0; bottom: 0;
background: rgba(0,0,0,0.5); display: flex; align-items: center; justify-content: center; z-index: 200;
padding: 20px;
}
.modal { background: var(--surface); border-radius: 16px; padding: 28px; max-width: 400px; width: 100%; box-shadow: 0 8px 32px rgba(0,0,0,0.2); }
.modal h2 { font-family: var(--mono); font-size: 18px; margin-bottom: 20px; }
.auth-toggle { margin-top: 16px; font-size: 12px; font-family: var(--mono); color: var(--ink-soft); }
.auth-toggle a { color: var(--accent); cursor: pointer; text-decoration: none; }
.auth-toggle a:hover { text-decoration: underline; }
/* Toast */
.toast {
position: fixed; bottom: 70px; left: 50%; transform: translateX(-50%);
background: var(--ink); color: #fff; padding: 12px 24px; border-radius: 8px;
font-family: var(--mono); font-size: 13px; z-index: 300;
border: 1px solid var(--accent-bright); max-width: 90vw; text-align: center;
animation: toast-in 0.3s ease;
}
@keyframes toast-in { from { opacity: 0; transform: translateX(-50%) translateY(10px); } to { opacity: 1; } }
/* Toolbar — search + create button on one line */
.toolbar {
display: flex; align-items: center; gap: 10px; margin-bottom: 20px;
}
.toolbar .search-bar { flex: 1; margin-bottom: 0; }
.create-btn {
font-family: var(--mono); font-size: 13px; padding: 8px 16px;
border: 1px solid var(--accent); color: var(--accent); background: var(--surface);
border-radius: 8px; cursor: pointer; transition: all 0.15s; letter-spacing: 0.5px;
white-space: nowrap; flex-shrink: 0;
}
.create-btn:hover { background: var(--accent); color: #fff; }
.create-plus { display: none; }
/* Profile */
.profile-card {
background: var(--surface); border-radius: 16px; padding: 24px 20px;
margin-bottom: 16px; border: 1px solid var(--border-light); box-shadow: var(--shadow);
}
.profile-card h2 { font-family: var(--mono); font-size: 20px; margin-bottom: 8px; }
.profile-card .bio { font-size: 14px; color: var(--ink-soft); margin-bottom: 12px; }
/* Collection detail — inverted header to match collection modules */
#view-collection-detail .detail-header {
background: var(--ink);
color: #fff;
border: 2px solid var(--accent-deep);
box-shadow: 0 4px 12px rgba(0,50,100,0.12);
}
#view-collection-detail .detail-header h1 { color: var(--accent-bright); }
#view-collection-detail .detail-header .description { color: #a0aec0; }
#view-collection-detail .detail-header .source { border-top-color: rgba(255,255,255,0.1); color: #8896a8; }
#view-collection-detail .detail-header .source a { color: var(--accent-bright); }
#view-collection-detail .detail-section {
border: 2px solid var(--border);
box-shadow: 0 3px 10px rgba(0,50,100,0.08);
}
#view-collection-detail .detail-section h2 { color: var(--ink); }
#view-collection-detail .detail-section h2::before { content: '// '; color: var(--ink-dim); }
/* Empty state */
.empty { color: var(--ink-dim); font-family: var(--mono); font-size: 13px; padding: 20px; text-align: center; }
.empty a { color: var(--accent); text-decoration: none; }
/* Tag input with chips */
.tag-input-wrapper { position: relative; }
.tag-chips {
display: flex; flex-wrap: wrap; gap: 6px; margin-bottom: 8px;
min-height: 0;
}
.tag-chips:empty { display: none; }
.tag-chip {
display: inline-flex; align-items: center; gap: 4px;
background: var(--panel); border: 1px solid var(--border-light);
border-radius: 4px; padding: 4px 10px;
font-family: var(--mono); font-size: 12px; color: var(--ink);
}
.tag-remove {
background: none; border: none; cursor: pointer;
font-size: 14px; color: var(--ink-dim); padding: 0; line-height: 1;
}
.tag-remove:hover { color: #c0392b; }
#tagInput {
width: 100%; padding: 8px 12px; border: 1px solid var(--border-light);
border-radius: 8px; font-family: var(--sans); font-size: 14px;
color: var(--ink); background: var(--surface);
}
#tagInput:focus { outline: none; border-color: var(--accent); box-shadow: 0 0 0 2px rgba(0,102,204,0.1); }
.tag-suggestions {
display: none; position: absolute; top: 100%; left: 0; right: 0;
background: var(--surface); border: 1px solid var(--border-light);
border-radius: 8px; box-shadow: 0 4px 12px rgba(0,0,0,0.1);
z-index: 10; max-height: 200px; overflow-y: auto;
}
.tag-suggestion {
padding: 8px 14px; font-family: var(--mono); font-size: 13px;
cursor: pointer; color: var(--ink-soft);
}
.tag-suggestion:hover { background: var(--panel); color: var(--accent); }
/* Tags on protocol pills */
.protocol-pill .tag-row { display: flex; gap: 4px; flex-wrap: wrap; margin-top: 6px; }
.protocol-pill .tag {
font-family: var(--mono); font-size: 10px; padding: 2px 8px;
border-radius: 3px; background: var(--panel); color: var(--ink-dim);
}
/* Selected protocols list in collection creator */
.selected-list { margin-bottom: 16px; }
.selected-list:empty { display: none; }
.selected-list-header {
font-family: var(--mono); font-size: 12px; color: var(--green);
margin-bottom: 8px; font-weight: bold;
}
.selected-item {
display: flex; align-items: center; gap: 8px;
padding: 8px 12px; border: 1px solid var(--border-light); border-radius: 8px;
margin-bottom: 6px; background: var(--surface); transition: all 0.15s;
}
.selected-item:hover { border-color: var(--green); }
.selected-position {
font-family: var(--mono); font-size: 12px; color: var(--ink-dim);
flex-shrink: 0; min-width: 20px; text-align: center;
}
.selected-title {
flex: 1; min-width: 0; font-size: 13px; color: var(--ink);
overflow: hidden; text-overflow: ellipsis; white-space: nowrap;
}
.selected-move {
background: none; border: 1px solid var(--border-light); border-radius: 4px;
cursor: pointer; font-size: 10px; color: var(--ink-dim); padding: 2px 6px; line-height: 1;
}
.selected-move:hover { border-color: var(--accent); color: var(--accent); }
.selected-remove {
background: none; border: none; cursor: pointer;
font-size: 16px; color: var(--ink-dim); padding: 0 4px; line-height: 1;
}
.selected-remove:hover { color: #c0392b; }
/* Protocol picker for collections — click to select, highlight when selected */
.picker-pill { cursor: pointer; transition: all 0.15s; }
.picker-pill:hover { border-color: var(--accent); transform: none; }
.picker-pill.selected { border-color: var(--green); background: rgba(0,135,90,0.06); }
.picker-pill.selected:hover { border-color: var(--green-bright); }
/* Mobile breakpoint */
@media (max-width: 640px) {
/* Hide desktop nav and auth, show hamburger */
header nav { display: none; }
.auth-area { display: none; }
.hamburger { display: block; }
/* Create button shows just + on mobile */
.create-text { display: none; }
.create-plus { display: inline; }
.main { padding: 16px 12px; }
/* Protocol pills: info takes full width, meta goes below */
.protocol-pill { flex-direction: column; align-items: stretch; padding: 12px 14px; gap: 6px; }
.protocol-pill .info { width: 100%; }
.protocol-pill .meta { text-align: left; display: flex; gap: 12px; align-items: center; }
.protocol-pill .meta .steps { }
.protocol-pill .meta > div:not(.steps) { font-size: 10px; }
.detail-header, .detail-section { padding: 16px 14px; border-radius: 12px; }
}
Executable
+67
View File
@@ -0,0 +1,67 @@
<?php
// Root router — serve frontend or API
// Works at web root or in a subdirectory (e.g. /protocol-droid/)
// Detect the base path (for subdirectory deployments)
$scriptName = $_SERVER['SCRIPT_NAME'] ?? '/index.php';
$basePath = rtrim(str_replace('\\', '/', dirname($scriptName)), '/');
// If basePath is just / or . , clear it
if ($basePath === '/' || $basePath === '.') $basePath = '';
$uri = parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH);
// Strip base path from URI for routing
if ($basePath && strpos($uri, $basePath) === 0) {
$uri = substr($uri, strlen($basePath));
}
if (preg_match('#^/api(/|$)#', $uri)) {
require __DIR__ . '/api/index.php';
exit;
}
// Everything else: serve frontend files
// Normalize the path to prevent traversal
$uri = preg_replace('#/+#', '/', $uri);
$file = __DIR__ . '/frontend' . $uri;
// Resolve real path and verify it's within the frontend directory
$real_file = realpath($file);
$frontend_dir = realpath(__DIR__ . '/frontend');
if ($real_file === false || strpos($real_file, $frontend_dir) !== 0) {
$index = __DIR__ . '/frontend/index.html';
if (file_exists($index)) {
header('Content-Type: text/html');
readfile($index);
exit;
}
http_response_code(404);
echo 'Frontend not found';
exit;
}
if (!is_file($real_file)) {
$index = __DIR__ . '/frontend/index.html';
if (file_exists($index)) {
header('Content-Type: text/html');
readfile($index);
exit;
}
http_response_code(404);
echo 'Frontend not found';
exit;
}
$ext = pathinfo($real_file, PATHINFO_EXTENSION);
$types = [
'css' => 'text/css',
'js' => 'application/javascript',
'html' => 'text/html',
'svg' => 'image/svg+xml',
'png' => 'image/png',
'jpg' => 'image/jpeg',
'json' => 'application/json',
];
if (isset($types[$ext])) header('Content-Type: ' . $types[$ext]);
readfile($real_file);
Executable
+81
View File
@@ -0,0 +1,81 @@
-- Protocol Droid — MySQL Schema
-- Works with MySQL 5.7+ / MariaDB 10.3+
CREATE TABLE IF NOT EXISTS users (
id INT AUTO_INCREMENT PRIMARY KEY,
username VARCHAR(32) UNIQUE NOT NULL,
display_name VARCHAR(128),
bio TEXT,
password_hash VARCHAR(255), -- bcrypt; NULL if SSO-only
sso_provider VARCHAR(64), -- 'oidc', 'github', 'google', etc.
sso_id VARCHAR(255), -- external identity id
role ENUM('admin','member','viewer') DEFAULT 'member',
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
CREATE TABLE IF NOT EXISTS protocols (
id INT AUTO_INCREMENT PRIMARY KEY,
slug VARCHAR(128) UNIQUE NOT NULL,
title VARCHAR(255) NOT NULL,
description TEXT,
source VARCHAR(255), -- free text or @username
source_url VARCHAR(500),
tags VARCHAR(500), -- JSON array string
forked_from VARCHAR(128), -- slug of parent protocol
image VARCHAR(500),
steps TEXT, -- JSON array of {headline, description}
outcome TEXT,
practice TEXT,
author_id INT REFERENCES users(id),
visibility ENUM('public','private','unlisted') DEFAULT 'public',
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
INDEX idx_visibility (visibility),
INDEX idx_author (author_id),
INDEX idx_forked (forked_from)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
CREATE TABLE IF NOT EXISTS collections (
id INT AUTO_INCREMENT PRIMARY KEY,
slug VARCHAR(128) UNIQUE NOT NULL,
title VARCHAR(255) NOT NULL,
description TEXT,
source VARCHAR(255),
image VARCHAR(500),
author_id INT REFERENCES users(id),
visibility ENUM('public','private','unlisted') DEFAULT 'public',
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
INDEX idx_visibility (visibility),
INDEX idx_author (author_id)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
CREATE TABLE IF NOT EXISTS collection_items (
collection_id INT NOT NULL REFERENCES collections(id) ON DELETE CASCADE,
item_type ENUM('protocol','collection') NOT NULL,
item_slug VARCHAR(128) NOT NULL,
position INT DEFAULT 0,
PRIMARY KEY (collection_id, item_type, item_slug)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
CREATE TABLE IF NOT EXISTS votes (
user_id INT NOT NULL REFERENCES users(id) ON DELETE CASCADE,
protocol_slug VARCHAR(128) NOT NULL,
value INT DEFAULT 1, -- +1 upvote, -1 downvote
comment TEXT, -- optional evaluation text
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
PRIMARY KEY (user_id, protocol_slug)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
CREATE TABLE IF NOT EXISTS config (
`key` VARCHAR(64) PRIMARY KEY,
`value` TEXT
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
-- Default config entries
INSERT INTO config (`key`, `value`) VALUES
('site_name', 'Protocol Droid'),
('site_tagline', 'A commons of social protocols'),
('registration_enabled', 'true'),
('require_approval', 'false')
ON DUPLICATE KEY UPDATE `value` = VALUES(`value`);
+33
View File
@@ -0,0 +1,33 @@
id: appreciative-apology
title: Appreciative Apology
description: >-
A protocol for repairing harm through structured acknowledgment, moving
beyond reflexive apologies toward genuine accountability.
source: Restorative Justice Project
source_url: https://restorativejustice.org/
tags: [conflict]
forked_from: null
image: null
steps:
- headline: Name the harm
description: >-
The person apologizing specifically describes what they did, without
minimization or justification.
- headline: Acknowledge the impact
description: >-
They describe the impact they understand their action had on the
other person or group.
- headline: Express commitment
description: >-
They state what they will do differently, concretely. No future
promises without specific actions.
- headline: Invite response
description: >-
They ask the other person if there is anything they have missed, and
listen without defending.
outcome: >-
The harmed party feels heard and acknowledged. The relationship has a
path forward with concrete commitments.
practice: >-
Avoid the word "but" — it negates everything before it. "I'm sorry, but..."
is not an apology. Practice pausing after each step.
+38
View File
@@ -0,0 +1,38 @@
id: consent-decision-making
title: Consent Decision-Making
description: >-
A process for making decisions that no one objects to, enabling rapid
group decisions without requiring full agreement.
source: Sociocracy for All
source_url: https://www.sociocracyforall.org/
tags: [decision, facilitation]
forked_from: null
image: null
steps:
- headline: Present the proposal
description: >-
The proposer reads the proposal aloud. Clarifying questions are
allowed, but no discussion yet.
- headline: Round of reactions
description: >-
Each person briefly shares their reaction. No cross-discussion —
just hearing all voices.
- headline: Amend the proposal
description: >-
The proposer may amend based on reactions. The group can suggest
changes by consent.
- headline: Test for consent
description: >-
The facilitator asks: "Does anyone have a reasoned, paramount
objection to this proposal?"
- headline: Declare the decision
description: >-
If no objections remain, the decision is adopted. Objections are
integrated and the process repeats from step 3.
outcome: >-
A decision is made that no one has a paramount objection to. The group
moves forward without blocking minority voices.
practice: >-
A "reasoned, paramount objection" is not a preference — it must explain
why the proposal would cause harm. Practice distinguishing preferences
from objections.
+34
View File
@@ -0,0 +1,34 @@
id: dot-voting
title: Dot Voting
description: >-
A quick visual method for a group to prioritize options together using
adhesive dots on a shared display.
source: Group Works Deck
source_url: https://groupworksdeck.org/deck
tags: [decision, facilitation]
forked_from: null
image: null
steps:
- headline: Post the options
description: >-
All options are written on a shared wall or board, spaced apart for
easy voting.
- headline: Distribute dots
description: >-
Each person receives a fixed number of adhesive dots (typically 3-5).
They may place multiple dots on one option.
- headline: Vote silently
description: >-
Everyone places their dots simultaneously. No discussion during
voting.
- headline: Review results
description: >-
The group reviews the dot distribution together. High-vote items
become priorities, but the pattern matters more than the count.
outcome: >-
The group has a visual map of collective priorities. Everyone
participated equally, and the result is transparent.
practice: >-
Use different colored dots for different categories of voter (e.g.,
staff vs. volunteers) to see patterns. Photograph the result before
taking it down.
+36
View File
@@ -0,0 +1,36 @@
id: fishbowl-discussion
title: Fishbowl Discussion
description: >-
A format for productive conversation in large groups, where a small
inner circle discusses while an outer circle observes.
source: Group Works Deck
source_url: https://groupworksdeck.org/deck
tags: [facilitation]
forked_from: null
image: null
steps:
- headline: Set up the circles
description: >-
Arrange 4-6 chairs in an inner circle for discussants. The rest of
the group sits in an outer circle around them.
- headline: Begin the discussion
description: >-
The inner circle discusses the topic. Only people in the inner
circle may speak.
- headline: Rotate seats
description: >-
One chair is left empty. Anyone from the outer circle can tap a
discussant and take their seat. The displaced person joins the
outer circle.
- headline: Debrief together
description: >-
After the discussion, the full group reflects on what was said and
what patterns they noticed in the conversation.
outcome: >-
A focused, in-depth discussion happens without the chaos of a
full-group free-for-all. More voices contribute than in a panel
format.
practice: >-
Set a minimum time before rotation (2-3 minutes) so discussants can
make a point before being tapped. Brief the outer circle to listen
for themes.
+30
View File
@@ -0,0 +1,30 @@
id: round-robin-check-in
title: Round Robin Check-In
description: >-
A structured way for each person in a group to share briefly,
ensuring everyone is heard before discussion begins.
source: Group Works Deck
source_url: https://groupworksdeck.org/deck
tags: [check-in, facilitation]
forked_from: null
image: null
steps:
- headline: Frame the round
description: >-
The facilitator explains that each person will have up to one minute
to share, with no cross-talk or responses.
- headline: Go around
description: >-
Each person speaks in turn, proceeding around the circle. Passing is
always an option.
- headline: Note themes
description: >-
The facilitator notes recurring themes without commenting. These
become the basis for the discussion that follows.
outcome: >-
Everyone has been heard; the group has a shared sense of where things
stand and what themes deserve further discussion.
practice: >-
Use a talking object to signal whose turn it is. Keep time gently — a
soft chime works better than a timer. If the group is large (12+),
consider breaking into smaller rounds.
+37
View File
@@ -0,0 +1,37 @@
id: temperature-reading
title: Temperature Reading
description: >-
A regular practice for surfacing group dynamics before they escalate,
developed by Diana Larsen at the Software Testing Support Center.
source: STSC / Diana Larsen
source_url: https://www.dianalarsen.com/
tags: [check-in, conflict]
forked_from: null
image: null
steps:
- headline: Appreciations
description: >-
Each person shares something they appreciate about another group
member or the group as a whole.
- headline: New information
description: >-
Each person shares any new information relevant to the group that
others may not know.
- headline: Puzzles
description: >-
Each person shares something they are confused or wondering about.
No responses needed yet.
- headline: Complaints with advice
description: >-
Each person may share a complaint — but must pair it with a
suggestion for improvement.
- headline: Wishes, hopes, and dreams
description: >-
Each person shares something they hope for the group's future.
End on an aspirational note.
outcome: >-
The group has a current snapshot of its emotional and informational
state. Unspoken tensions have a structured outlet.
practice: >-
Do this regularly (weekly or biweekly) so it becomes routine. Time-box
each section to 5 minutes. Model vulnerability as a facilitator.