-
Notifications
You must be signed in to change notification settings - Fork 21
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Standard Storage Solution #2
Comments
First step is to ensure that assumptions are accurate.
|
Having something self contained is a great idea, and would probably make plugin development easier if we didn't have to spin up a db instance for each plugin. However I think ideally plugins should not rely on the Kernel for reading their own content, but be responsible themselves for it. However we will always reach a limitations when it comes to user / wallet retrievals as this data should be shared for everything, otherwise we would end up with duplicate DBs which would be difficult to maintain and update. We still have one issue remaining which is the storage. Even by using JSON, SQLite or any file base system, we need to store / read / update the content. First, it might trigger security issues if the data becomes sensitive. Second, it would have atomic requirements since many runs could occur in parallel. |
On the fence about SQLite. It's nice that it handles so many catastrophic errors out of the box but I also would rather ensure that plugin development is as easy as possible for new developers. Auditing a plaintext json object is way easier than working with a database or having to find a database viewer. The files are stored as binary objects in SQLite. |
Yes that's a nice thing to consider. For me the advantage is also that it is easier to have:
With JSON, you would need to write a manual script for any schema change. Each plugin would have its own custom code for query which is very error prone and tedious to maintain, and way less performant. If two plugins access the data, or if the server crashes, very high chances to break and lose the whole content. All of these reason would be quite a trade-off just to be able to view data. For me, IntelliJ comes with a built-in viewer for my DB so I actually never leave my IDE. VsCode has a similar plugin to view them: |
Plain JSON storage is useful only for really simple and small plugins. It is not scalable at all compared to any RDBMS. Why don't we let plugin developers choose the storage they want (i.e. need for specific task) instead of forcing them to use a solution that is applicable to only a small part of storage use cases. |
Let's start with plain JSON files and then we can add more advanced support later if needed. None of our existing plugins have any sort of complex data querying needs. There is no need to over-engineer things "just in case" if we haven't gotten close to those hypothetical problems in a couple of years of r&d for the existing bot capabilities. |
My point is that we don't need to add storage support to the SDK at all since:
Exactly, there is no need to implement "save to JSON file SDK" from scratch when plugin developers can setup this feature in an hour using any npm package |
My question would be more "where do we store it"? Because my experience so far right now the major problem I encounter with plugins is where do I store the data. Currently I have access to Supabase, but other contributors don't. Letting the developer chose its own solution is ok, but say they chose Neo4j somehow to do their plugin, how do we handle this? Because we should not rely on that external contributor to have its own instance, so we should definitely be in control of the data. Also JSON would mean anything can read, and potentially write into it. |
Why do we need to handle it? Let the developer use Neo4j.
We should be in control of the data related only to the core plugins (conversation rewards, permit generations, etc...). We don't need access to 3rd party plugins data. |
It is attractive to DAOs especially to decentralize the storage and to allow them to own their own data. In addition, it makes plugin development simple and straightforward for debugging. That is why JSON storage in the utility repository that the bot already requires The implementation logic can be any existing framework, that's fine. But it needs to authenticate via the kernel to write to the repository. |
Is it possible for the kernel to restrict the fetching of repo contents down to a specific file? Or is the intention to pass the data via the payload? Via the payload makes custom handling difficult. If it's possible, the public & private repo approach with restrictions placed on what is shared only for private repo storage would be great. I think add support for JSON storage out of the box but from the SDK not the kernel as it'll be most common and is good DX. Allow custom solutions but the burden is on the developer to make it easy to integrate with other plugins. Two new flags:
The first determines if it's in the public storage repo accessible by all. The second determines if the kernel will allow it to be shared across plugins while in the privateRepo. This would be ideal if possible, in my opinion. These flags should make it possible for the org to configure the visibility of aspects of their storage as they see fit without affecting plugin usage. If |
We will continue to use the .ubiquibot-config repo. There's no point to making a separate storage repo. Not sure about the implementation details otherwise but I did see under the GitHub app settings that you can share a specific file. Maybe there are some other similar permissions settings that could be of use. |
I've implemented an approach for this here.
I think we should have a couple global storage objects that all plugins can use and I think we should have a partner create an app dedicated to their storage needs. Afaik currently partners need only create one app isn't that right? The bot itself and I don't think it's too much of an ask to create one more that'll remove DB dependency completely, plus we may need it for safer private access.
This here is the
In my mind I think it may become hard to work with if we keep all storage completely walled off from any plugin other than the one that created it. I feel we need a few globals that can make interoperability more feasible. We could expose DB shapes, locations etc via a plugin' manifest (the author decides) to make things really accessible. Additionally I think that "GitHub as a storage layer" should be documented entirely separate from within plugins in our official Ubiquity OS ecosystem docs and/or extensively in the README if it needs to be a plugin. |
Let's make it possible to read from other plugin values that's fine. The plugin developer simply must specifically request for it by ID like const data = storage.get(`ubiquity-os-marketplace/conversation-rewards`); In other news I realize that the simple solution for global storage can be that we create a dedicated organization with a special repo that is hard coded into the kernel to be able to fetch from or something. For example:
We can consider making a batch writing system when we have scaling problems1 Footnotes
|
I suppose this task can be closed in favor of ubiquity-os/plugin-sdk#30 |
Standardizing Plug-in Data Storage in Organization-Wide Configuration Repository
Objective
Establish a standardized method for storing plug-in data in the
.ubiquibot-config
repository, ensuring data integrity and security. An additional benefit is that this allows partners full control over their data and decentralizes the data storage.Specification
Storage Structure
JSON Database Format
Example
For a plug-in with ID
@ubiquibot/command-start-stop
, the JSON file will be namedubiquibot-command-start-stop.json
.Access Control
Implementation
Repository Setup
.ubiquibot-config
repository as the general-purpose utility repository per organization.Kernel Configuration
Security Considerations
GitHub App Permissions
Benefits
Summary
By standardizing the storage of plug-in data in separate JSON files named after the plug-in ID, we ensure data integrity and security. The kernel will manage access control, providing a robust framework for plug-in data management, and simplifying the development process for plugin developers.
The text was updated successfully, but these errors were encountered: