This file provides concise guidance to coding agents working with the tldw_server codebase.
tldw_server (Too Long; Didn't Watch Server) is an ambitious open-source project building a comprehensive research assistant and media analysis platform. It's designed to help users ingest, transcribe, analyze, and interact with various media formats through both a powerful API and a web interface.
The long-term goal is to create something akin to "The Young Lady's Illustrated Primer" from Neal Stephenson's "The Diamond Age" - a personal knowledge assistant that helps users learn and research at their own pace. While acknowledging the inherent difficulties in replicating such a device, this project serves as a practical step toward that vision.
The project is a FastAPI-first backend with a Next.js WebUI, mature AuthNZ (single-user API key and multi-user JWT modes), unified RAG and Evaluation modules, OpenAI-compatible Chat and Audio APIs (including real-time streaming transcription), and a production-grade MCP Unified module. The previous Gradio UI is deprecated.
<repo_root>/
├── tldw_Server_API/ # Main API server implementation
│ ├── app/
│ │ ├── api/v1/
│ │ │ ├── endpoints/ # All REST endpoints (media, chat, audio, rag, evals, etc.)
│ │ │ ├── schemas/ # Pydantic models
│ │ │ └── API_Deps/ # Shared dependencies (auth, DB, rate limits)
│ │ ├── core/ # Core business logic (AuthNZ, RAG, LLM, DB, TTS, MCP, etc.)
│ │ ├── services/ # Background services
│ │ └── main.py # FastAPI entry point
│ ├── Config_Files/ # config.txt, example YAMLs, migration helpers
│ ├── Databases/ # Default DBs (runtime data; some are gitignored)
│ └── tests/ # Pytest suite
├── Dockerfiles/ # Docker images and compose files
├── Docs/ # Documentation (API, Development, RAG, AuthNZ, TTS, etc.)
├── Helper_Scripts/ # Utilities (installers, prompt tools, doc generators)
├── mock_openai_server/ # Mock server for OpenAI-compatible API tests
├── apps/tldw-frontend/ # Next.js WebUI (primary web client)
├── Databases/ # DBs (AuthNZ defaults here; Media DB is per-user under user_databases/)
├── models/ # Optional model assets (if used)
├── pyproject.toml # Project configuration
├── README.md # Project README
└── Project_Guidelines.md # Development philosophy
-
Media Ingestion & Processing
- Supports: Video, Audio, PDF, EPUB, DOCX, HTML, Markdown, XML, MediaWiki dumps
- yt-dlp for video/audio downloads from 1000+ sites
- Automatic metadata extraction and storage
-
Audio STT, TTS & Analysis
- Transcription: faster_whisper, NVIDIA NeMo (Parakeet, Canary), Qwen2Audio
- Real-time streaming transcription over WebSocket
- Text-to-speech (OpenAI-compatible TTS + local Kokoro ONNX)
- Chunked processing for long-form content; optional diarization
-
Search & Retrieval (RAG)
- Full-text search using SQLite FTS5
- Vector embeddings with ChromaDB
- BM25 + vector search + re-ranking pipeline
- Contextual retrieval for improved accuracy
-
Chat & Interaction
- OpenAI-compatible Chat API (
/chat/completions) - 16+ LLM providers (commercial & local)
- Character cards (SillyTavern-compatible) + character chat sessions
- Chat history management and search
- OpenAI-compatible Chat API (
-
Knowledge Management
- Note-taking system (notebook-style)
- Prompt library with import/export
- Tagging and categorization
- Soft delete with recovery options
-
API Providers Supported
- Commercial: OpenAI, Anthropic, Cohere, DeepSeek, Google, Groq, HuggingFace, Mistral, OpenRouter, Qwen, Moonshot, Z.AI
- Local: Llama.cpp, Kobold.cpp, Oobabooga, TabbyAPI, vLLM, Ollama, Aphrodite, Custom OpenAI-compatible
-
MCP Unified
- Production-ready Model Context Protocol implementation with JWT/RBAC
- Status, metrics, tool execution endpoints; WebSocket support
-
Prompt Studio & Chatbooks
- Prompt Studio endpoints for projects, prompts, tests, and optimization
- Chatbooks for export/import and background job handling
- Browser extension for web content capture
- Selected writing assistance tools
- Additional research providers (beyond current arXiv/web scraping)
-
SQLite Databases (default):
- Content (Media DB v2): per-user
Databases/user_databases/<user_id>/Media_DB_v2.db(root-level path deprecated) - AuthNZ users:
Databases/users.db(SQLite by default; PostgreSQL supported) - Evaluations:
Databases/evaluations.db - Notes/Chats: per-user
Databases/user_databases/<user_id>/ChaChaNotes.db - Implements soft deletes, versioning, and sync logging
- Content (Media DB v2): per-user
-
Vector Storage:
- ChromaDB for embeddings (configurable providers/models)
- RESTful API following OpenAPI 3.0
- Consistent endpoint naming:
/api/v1/{resource}/{action} - Pydantic models for request/response validation
- Comprehensive error handling with meaningful messages
- Backend: FastAPI, SQLite/PostgreSQL, ChromaDB
- ML/AI: faster_whisper, NeMo (Parakeet/Canary), Qwen2Audio, sentence-transformers
- Audio/Video: ffmpeg, yt-dlp
- Document Processing: pymupdf, docling, ebooklib, pandoc
- Testing: pytest, httpx
- Logging: loguru
-
Media Processing
/app/core/Ingestion_Media_Processing/for ingestion, chunking, conversion
-
LLM Integration
/app/core/LLM_Calls/unified interface with streaming responses
-
Embeddings
/app/core/Embeddings/with ChromaDB integration and batching
-
Authentication (AuthNZ)
/app/core/AuthNZ/single-user (X-API-KEY) and multi-user (JWT) modes
-
RAG Service
/app/core/RAG/unified RAG pipeline (hybrid FTS5 + vector + rerank)
-
Audio & TTS
/app/api/v1/endpoints/audio.pyand/app/core/TTS/for STT/TTS and streaming
-
MCP Unified
/app/core/MCP_unified/production-ready MCP server + endpoints
Use Jobs when:
- The work is user-facing or needs admin controls like pause/resume/drain, retries, quotas, or RLS.
- You need stable API endpoints for status/summary and cross-domain queues.
- You want worker processes using the Jobs
WorkerSDK.
Use Scheduler when:
- The work is internal orchestration with task dependencies, idempotency keys, and handler registration.
- You want tasks registered via the
@taskdecorator and executed by the core Scheduler worker pool. - The feature fits the existing Workflows or Watchlists model.
Recurring schedules:
- Use APScheduler services to enqueue into whichever backend you chose.
- Workflows uses APScheduler → Scheduler; Reading Digest uses APScheduler → Jobs.
Default choice:
- Use Jobs for new user-visible features or anything that needs admin/ops visibility.
- Use Scheduler for internal system orchestration where dependency handling is central.
- Follow PEP 8 for Python code
- Use type hints for function parameters and returns
- Implement comprehensive docstrings for modules, classes, and functions
- Prefer async/await for I/O operations
- Design First: Create a design document in
/Docs/Design/ - Core Implementation: Add business logic to
/app/core/{feature}/ - API Endpoint: Create endpoint in
/app/api/v1/endpoints/ - Schemas: Define Pydantic models in
/app/api/v1/schemas/ - Tests: Write comprehensive tests in
/tests/{feature}/ - Documentation: Update relevant documentation
- Pydantic Models: Use for all API request/response validation
- Dependency Injection: For database connections and service instances
- Background Tasks: Use FastAPI's background tasks or services layer
- Streaming: Support streaming responses where applicable
- Error Responses: Follow consistent HTTP status codes and error formats
- Async/Await: Use async patterns for I/O operations
- Logging: Use Loguru throughout (
from loguru import logger) - Error Handling: Graceful errors with meaningful messages
- Rate Limiting: Present across modules (embeddings: slowapi; chat/evals: module rate limiters)
- Database Operations: Use
/app/core/DB_Management/abstractions (no raw SQL outside) - File Handling: Route uploads through ingestion pipeline
- Secrets: Prefer
.envfor API keys; config.txt still supported; never log secrets
- All new functionality must include unit, integration, and property-based tests where applicable
- Write unit tests for all new functions
- Include integration tests for API endpoints
- Use pytest fixtures for common test data
- Mock external services (LLMs, APIs)
- Aim for >80% code coverage
- Test Structure: Tests mirror source code structure
- Test Types:
- Unit tests for individual components
- Integration tests for API endpoints
- Property-based tests for complex logic
- (Property-based tests use frameworks like Hypothesis to validate invariants across many generated inputs; use for algorithms, parsers, and stateful systems.)
- Fixtures: Use pytest fixtures for database and dependency injection
- Mocking: Mock external services (LLMs, transcription services)
- Test Markers:
unit,integration,external_api,local_llm_service
- Use custom exceptions in
/app/core/exceptions.py - Return appropriate HTTP status codes
- Provide meaningful error messages
- Log errors with context using loguru
- Validate all user input
- Use parameterized queries for database operations
- Never log sensitive information (API keys, passwords)
- Implement rate limiting for API endpoints
- Validate file uploads (type, size, content)
- Configure CORS in
main.pyfor production deployments
tldw_Server_API/Config_Files/config.txt: Main configuration (provider settings).env: AuthNZ and sensitive keys (migrate helpers inConfig_Files/)mediawiki_import_config.yaml: MediaWiki import settings- Environment variables override file settings
- Database location configurable via
DATABASE_URL(AuthNZ) and config helpers
- Activate venv first:
source .venv/bin/activate(do this before runningpython,pip, orpytestcommands) - Dependencies:
pip install -e .(add extras as needed, e.g.,.[dev],.[multiplayer]) - FFmpeg: Required for audio/video processing
- Auth Setup:
cp tldw_Server_API/Config_Files/.env.example tldw_Server_API/Config_Files/.env && python -m tldw_Server_API.app.core.AuthNZ.initialize - Provider Keys: Add to
.envorConfig_Files/config.txt - Optional: CUDA for accelerated STT
python -m uvicorn tldw_Server_API.app.main:app --reload
# API docs: http://127.0.0.1:8000/docs
# Quickstart: http://127.0.0.1:8000/api/v1/config/quickstart
# Setup UI: http://127.0.0.1:8000/setup (if required)# Activate project virtual environment first
source .venv/bin/activate
# All tests (from repo root)
python -m pytest -v
# With coverage
python -m pytest --cov=tldw_Server_API --cov-report=term-missing
# Run tests with markers
python -m pytest -m "unit" -v
python -m pytest -m "integration" -vtldw_Server_API/tests/AuthNZ/conftest.pyprovisions a per-test Postgres database via theisolated_test_environmentfixture.- Tests auto-start a local Dockerized Postgres unless
TLDW_TEST_NO_DOCKER=1. - Provide
TEST_DATABASE_URL(or relatedTEST_DB_*vars) to reuse an existing cluster. - Skip Postgres-dependent tests only when the fixture reports Postgres unavailable; never roll your own database setup.
# Use the MediaDatabase class for all operations
from tldw_Server_API.app.core.DB_Management.Media_DB_v2 import MediaDatabase
db = MediaDatabase(db_path="path/to/media.db", client_id="api_client")
# Always use context managers for transactions- Add provider configuration to
Config_Files/config.txt(or.env) - Implement provider in
/app/core/LLM_Calls/ - Register in chat schemas and provider manager
- Add tests; update docs and examples
- Database: Use indexes, FTS5 for search
- Chunking: Process large files in chunks
- Caching: Implement caching for expensive operations
- Connection Pooling: For database connections
- Async Operations: For I/O-bound tasks
- Docker: See
Dockerfiles/ - Environment: Linux, macOS, Windows supported
- Auth Modes: Single-user (X-API-KEY) and multi-user (JWT)
- Backup: Built-in DB backup/exports (Chatbooks)
- CORS: Configured in
main.py; adjust for production
- Import Errors: Check PYTHONPATH and virtual environment
- Database Locks: Ensure proper connection management
- Transcription Failures: Verify ffmpeg installation and CUDA setup
- API Key Errors: Check config.txt formatting
- Loguru with color-coded output
- Startup displays auth mode and URLs; single-user prints API key
- Check logs for stack traces and rate-limit messages
The project follows these core principles (from Project_Guidelines.md):
- Keep the project actively developed with clear progress
- Be respectful to all contributors and users
- Remain open to criticism and new ideas
- Balance expertise with newcomer perspectives
- Be kind and answer questions
- Acknowledge contributions
- Compensate significant contributions when possible
- GNU General Public License v2.0 (see README)
- Designed for local/self-hosted deployment
- No telemetry or data collection
- Users own and control their data
- Follow the existing code patterns
- Write tests for new features
- Update documentation
- Be respectful in discussions
POST /api/v1/media/process- Ingest and process mediaGET /api/v1/media/search- Search ingested contentPOST /api/v1/chat/completions- OpenAI-compatible chatPOST /api/v1/embeddings- OpenAI-compatible embeddingsPOST /api/v1/rag/search- Unified RAG searchPOST /api/v1/research/websearch- Web search (multi-provider) with optional aggregationPOST /api/v1/evaluations/...- Unified evaluation API (geval, rag, batch, metrics)GET /api/v1/llm/providers- List configured LLM providersWS /api/v1/audio/stream/transcribe- Real-time audio transcriptionPOST /api/v1/audio/transcriptions- File-based transcription (OpenAI compatible)POST /api/v1/audio/speech- TTS (streaming and non-streaming)GET /api/v1/audio/voices/catalog- TTS voice catalog across providersGET /api/v1/mcp/status- MCP server statusPOST /api/v1/chatbooks/export- Export content to chatbookPOST /api/v1/chatbooks/import- Import chatbook
AUTH_MODE:single_userormulti_userSINGLE_USER_API_KEY: API key for single-user modeDATABASE_URL: AuthNZ DB URL (e.g.,sqlite:///./Databases/users.db)OPENAI_API_KEY: OpenAI API key (or in config.txt)ANTHROPIC_API_KEY: Anthropic API key (or in config.txt)- Provider-specific vars : As needed by your configured providers
# Activate project virtual environment first
source .venv/bin/activate
# Run specific test markers
python -m pytest -m "unit" -v
python -m pytest -m "integration" -v
# Check coverage
python -m pytest --cov=tldw_Server_API --cov-report=term-missing
# Optional formatting/type-checking
black tldw_Server_API/ # if black is installed
mypy tldw_Server_API/ # if mypy is installedThis guide is maintained to help coding agents understand the project structure, conventions, and best practices. When in doubt, look at existing code patterns, main.py, and tests for guidance.
- Incremental progress over big bangs - Small changes that compile and pass tests
- Learning from existing code - Study and plan before implementing
- Pragmatic over dogmatic - Adapt to project reality
- Clear intent over clever code - Be boring and obvious
- Single responsibility per function/class
- Avoid premature abstractions
- No clever tricks - choose the boring solution
- If you need to explain it, it's too complex
This repository uses Backlog.md for task tracking and historical work records. Any work that changes repository files must have an associated Backlog.md task before file edits begin. This includes code, tests, docs, config, scripts, tracked generated artifacts, cleanup edits, and agent-instruction changes.
Read-only investigation can proceed without a Backlog.md task. If investigation turns into edits, stop, find or create a Backlog.md task, and then continue. Creating or updating Backlog.md task records is the tracking mechanism itself and does not require a separate recursive task.
Use Backlog.md through the official MCP workflow when available. First read the workflow overview exposed by the installed MCP server, such as backlog://workflow/overview or backlog://docs/task-workflow; if MCP resources are unavailable, call backlog.get_backlog_instructions() if that tool exists. Use the instruction selector for task-creation, task-execution, or task-finalization when needed.
Search before creating tasks to avoid duplicates. Prefer one Backlog.md task per reviewable unit of work, and split work that grows too broad. Keep the task current with status, notes, plan links, touched files when useful, verification results, blockers, PR links, and final summary.
Backlog.md does not replace this repo's superpowers workflow. Use the existing brainstorming, spec, implementation-plan, test-driven development, review, verification, Bandit, and commit requirements whenever they apply; link those artifacts from the Backlog.md task instead of duplicating them.
If MCP is unavailable but the CLI works, use CLI fallback commands such as backlog search "query" --plain, backlog task list --plain, backlog task <id> --plain, backlog task create, backlog task edit, and backlog board. Do not manually edit Backlog.md task files unless MCP/CLI/Web paths are unavailable and the user explicitly approves the exception.
If neither MCP nor CLI is available, pause before making repo file changes unless the user explicitly approves a temporary exception. Commit Backlog.md task changes with the related work unless the user asks for different staging.
Break complex work into 3-5 stages. Document in a uniquely named plan file for the specific task (avoid generic names like IMPLEMENTATION.md or IMPLEMENTATION_PLAN.md), for example IMPLEMENTATION_PLAN_<short_task_slug>.md (e.g., IMPLEMENTATION_PLAN_feedback_system.md, IMPLEMENTATION_PLAN_auth_refactor.md):
## Stage N: [Name]
**Goal**: [Specific deliverable]
**Success Criteria**: [Testable outcomes]
**Tests**: [Specific test cases]
**Status**: [Not Started|In Progress|Complete]- Update status as you progress
- Remove only your own plan file when all stages are done; never delete other agents' plans
- Understand - Study existing patterns in codebase
- Test - Write test first (red)
- Implement - Minimal code to pass (green)
- Refactor - Clean up with tests passing
- Commit - With clear message linking to plan
CRITICAL: Maximum 3 attempts per issue, then STOP.
-
Document what failed:
- What you tried
- Specific error messages
- Why you think it failed
-
Research alternatives:
- Find 2-3 similar implementations
- Note different approaches used
-
Question fundamentals:
- Is this the right abstraction level?
- Can this be split into smaller problems?
- Is there a simpler approach entirely?
-
Try different angle:
- Different library/framework feature?
- Different architectural pattern?
- Remove abstraction instead of adding?
- Composition over inheritance - Use dependency injection
- Interfaces over singletons - Enable testing and flexibility
- Explicit over implicit - Clear data flow and dependencies
- Test-driven when possible - Never disable tests, fix them
-
Every commit must:
- Compile successfully
- Pass all existing tests
- Include tests for new functionality
- Follow project formatting/linting
-
Before committing:
- Run formatters/linters
- Self-review changes
- Ensure commit message explains "why"
- Fail fast with descriptive messages
- Include context for debugging
- Handle errors at appropriate level
- Never silently swallow exceptions
When multiple valid approaches exist, choose based on:
- Testability - Can I easily test this?
- Readability - Will someone understand this in 6 months?
- Consistency - Does this match project patterns?
- Simplicity - Is this the simplest solution that works?
- Reversibility - How hard to change later?
- Find 3 similar features/components
- Identify common patterns and conventions
- Use same libraries/utilities when possible
- Follow existing test patterns
- Use project's existing build system
- Use project's test framework
- Use project's formatter/linter settings
- Don't introduce new tools without strong justification
- Tests written and passing
- Code follows project conventions
- No linter/formatter warnings
- No new security findings introduced in touched code
- Commit messages are clear
- Implementation matches plan
- AI-generated PRs include a human-written
Change summarythat explains both what changed and why those implementation choices were made - No TODOs without issue numbers
- For PRs materially authored by AI, merge is blocked unless the human requester writes a
Change summary. - That summary must explain both what changed and why those specific implementation choices were made.
- A diff recap or pasted AI text without clear human ownership does not satisfy this gate.
- If the human requester cannot explain the rationale in their own words, the PR is not merge-ready.
- Canonical policy:
Docs/superpowers/AI_GENERATED_PR_CHANGE_SUMMARY_POLICY_2026_04_17.md
- Run Bandit on the touched scope before considering work complete.
- Use the project virtual environment when running Bandit.
- Fix new findings in changed code before finishing; do not defer silently.
- Recommended command pattern:
source .venv/bin/activate && python -m bandit -r <touched_paths> -f json -o /tmp/bandit_<task>.json
- Test behavior, not implementation
- One assertion per test when possible
- Clear test names describing scenario
- Use existing test utilities/helpers
- Tests should be deterministic
NEVER:
- Use
--no-verifyto bypass commit hooks - Disable tests instead of fixing them
- Commit code that doesn't compile
- Make assumptions - verify with existing code
ALWAYS:
- Commit working code incrementally
- Update plan documentation as you go
- Learn from existing implementations
- Stop after 3 failed attempts and reassess