System Improvements

.dockerignore

@@ -0,0 +1,54 @@
+# Git
+.git
+.gitignore
+
+# IDE
+.idea
+*.iml
+.vscode
+*.swp
+*.swo
+
+# Build artifacts
+build/
+*/build/
+*.war
+wartemp/
+out/
+
+# Gradle
+.gradle/
+gradle-app.setting
+
+# Runtime data (will be mounted as volumes)
+runtime/db/
+runtime/log/
+runtime/txlog/
+runtime/sessions/
+runtime/opensearch/
+runtime/elasticsearch/
+
+# Logs
+logs/
+*.log
+
+# Documentation
+docs/
+*.md
+!README.md
+
+# Docker
+docker/
+Dockerfile*
+docker-compose*.yml
+.dockerignore
+
+# CI/CD
+.github/
+.travis.yml
+
+# Testing
+ObjectStore/
+
+# macOS
+.DS_Store

.github/workflows/ci.yml

@@ -0,0 +1,94 @@
+name: CI
+
+on:
+  push:
+    branches: [ main, master, develop ]
+  pull_request:
+    branches: [ main, master, develop ]
+
+env:
+  GRADLE_OPTS: "-Dorg.gradle.daemon=false -Dorg.gradle.parallel=true"
+
+jobs:
+  build:
+    name: Build and Test
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up JDK 21
+        uses: actions/setup-java@v4
+        with:
+          java-version: '21'
+          distribution: 'temurin'
+
+      - name: Setup Gradle
+        uses: gradle/actions/setup-gradle@v4
+        with:
+          cache-read-only: ${{ github.ref != 'refs/heads/main' }}
+
+      - name: Grant execute permission for gradlew
+        run: chmod +x gradlew
+
+      - name: Build framework
+        run: ./gradlew framework:build -x test --no-daemon
+
+      - name: Run framework tests
+        run: ./gradlew framework:test --no-daemon
+        continue-on-error: true
+
+      - name: Upload test results
+        uses: actions/upload-artifact@v4
+        if: always()
+        with:
+          name: test-results
+          path: |
+            framework/build/reports/tests/
+            framework/build/test-results/
+          retention-days: 14
+
+      - name: Upload build artifacts
+        uses: actions/upload-artifact@v4
+        if: success()
+        with:
+          name: build-artifacts
+          path: |
+            framework/build/libs/
+          retention-days: 7
+
+  security-scan:
+    name: Security Scan
+    runs-on: ubuntu-latest
+    needs: build
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up JDK 21
+        uses: actions/setup-java@v4
+        with:
+          java-version: '21'
+          distribution: 'temurin'
+
+      - name: Setup Gradle
+        uses: gradle/actions/setup-gradle@v4
+
+      - name: Grant execute permission for gradlew
+        run: chmod +x gradlew
+
+      - name: Run OWASP Dependency Check
+        run: ./gradlew dependencyCheckAnalyze --no-daemon || true
+        continue-on-error: true
+
+      - name: Upload OWASP report
+        uses: actions/upload-artifact@v4
+        if: always()
+        with:
+          name: owasp-report
+          path: build/reports/dependency-check-report.html
+          retention-days: 14

.github/workflows/gradle-wrapper-validation.yml

@@ -6,5 +6,5 @@ jobs:
     name: "Validation"
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
-      - uses: gradle/wrapper-validation-action@v1
+      - uses: actions/checkout@v4
+      - uses: gradle/actions/wrapper-validation@v4

.gitignore

@@ -57,6 +57,13 @@ nb-configuration.xml
 # VSCode files
 .vscode
 
+# Emacs files
+.projectile
+
+# Version managers (sdkman, mise, asdf)
+mise.toml
+.tool-versions
+
 # OSX auto files
 .DS_Store
 .AppleDouble
@@ -70,3 +77,8 @@ Desktop.ini
 
 # Linux auto files
 *~
+
+logs/
+ObjectStore/
+
+.playwright-mcp/

CLAUDE.md

@@ -0,0 +1,123 @@
+# CLAUDE.md
+
+This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
+
+## Project Overview
+
+Moqui Framework is an enterprise application development framework based on Groovy and Java. It provides a complete runtime environment with built-in database management, service-oriented architecture, web framework, and business logic components.
+
+## Common Development Commands
+
+### Build and Run
+- `gradle build` - Build the framework and all components
+- `gradle run` - Run Moqui with development configuration
+- `gradle runProduction` - Run with production configuration
+- `gradle clean` - Clean build artifacts
+- `gradle cleanAll` - Clean everything including database, logs, and sessions
+
+### Data Management
+- `gradle load` - Load all data types (default)
+- `gradle load -Ptypes=seed` - Load only seed data
+- `gradle load -Ptypes=seed,seed-initial` - Load seed and seed-initial data
+- `gradle loadProduction` - Load production data (seed, seed-initial, install)
+- `gradle cleanDb` - Clean database files (Derby, H2, OrientDB, ElasticSearch/OpenSearch)
+
+### Testing
+- `gradle test` - Run all tests
+- `gradle framework:test` - Run framework tests only
+- To run a single test: Use standard JUnit/Spock test runners with system properties from MoquiDefaultConf.xml
+
+### Component Management
+- `gradle getComponent -Pcomponent=<name>` - Get a component and its dependencies
+- `gradle createComponent -Pcomponent=<name>` - Create new component from template
+- Components are located in `runtime/component/`
+
+### Deployment
+- `gradle addRuntime` - Create moqui-plus-runtime.war with embedded runtime
+- `gradle deployTomcat` - Deploy to Tomcat (requires tomcatHome configuration)
+
+### ElasticSearch/OpenSearch
+- `gradle downloadOpenSearch` - Download and install OpenSearch
+- `gradle downloadElasticSearch` - Download and install ElasticSearch
+- `gradle startElasticSearch` - Start search service
+- `gradle stopElasticSearch` - Stop search service
+
+## Architecture and Structure
+
+### Core Framework (`/framework`)
+The framework provides the foundational services and APIs:
+- **Entity Engine** (`/framework/entity/`) - ORM and database abstraction layer supporting multiple databases
+- **Service Engine** (`/framework/service/`) - Service-oriented architecture with synchronous/asynchronous execution
+- **Screen/Web** (`/framework/screen/`) - XML-based screen rendering with support for various output formats
+- **Resource Facade** - Unified resource access for files, classpath, URLs, and content repositories
+- **Security** - Built-in authentication, authorization, and artifact-based permissions
+- **L10n/I18n** - Localization and internationalization support
+- **Cache** - Distributed caching with Hazelcast support
+
+### Runtime Structure (`/runtime`)
+- **base-component/** - Core business logic components (webroot, tools, etc.)
+- **component/** - Add-on components (HiveMind, SimpleScreens, PopCommerce, Mantle)
+- **conf/** - Configuration files (MoquiDevConf.xml, MoquiProductionConf.xml)
+- **db/** - Database files for embedded databases
+- **elasticsearch/ or opensearch/** - Search engine installation
+- **lib/** - Additional JAR libraries
+- **log/** - Application logs
+- **sessions/** - Web session data
+
+### Component Architecture
+Components are modular units containing:
+- **entity/** - Data model definitions (XML)
+- **service/** - Service definitions and implementations (XML/Groovy/Java)
+- **screen/** - Screen definitions (XML)
+- **data/** - Seed and demo data (XML/JSON)
+- **template/** - FreeMarker templates
+- **build.gradle** - Component-specific build configuration
+
+### Key Design Patterns
+1. **Service Facade Pattern** - All business logic exposed through services
+2. **Entity-Control-Boundary** - Clear separation between data, logic, and presentation
+3. **Convention over Configuration** - Sensible defaults with override capability
+4. **Resource Abstraction** - Uniform access to different resource types
+5. **Context Management** - ExecutionContext provides access to all framework features
+
+### Configuration System
+- **MoquiDefaultConf.xml** - Default framework configuration
+- **MoquiDevConf.xml** - Development overrides
+- **MoquiProductionConf.xml** - Production settings
+- Configuration can be overridden via system properties, environment variables, or external config files
+
+### Transaction Management
+- Default: Bitronix Transaction Manager (BTM)
+- Alternative: JNDI/JTA from application server
+- Automatic transaction boundaries for services
+- Support for multiple datasources with XA transactions
+
+### Web Framework
+- RESTful service automation from service definitions
+- Screen rendering with transitions and actions
+- Support for multiple render modes (HTML, JSON, XML, PDF, etc.)
+- Built-in CSRF protection and security headers
+- WebSocket support for real-time features
+
+## Development Workflow
+
+### Setting Up IDE
+- `gradle setupIntellij` - Configure IntelliJ IDEA with XML catalogs for autocomplete
+
+### Database Selection
+Default is H2. To use PostgreSQL or MySQL:
+1. Configure datasource in Moqui configuration
+2. Add JDBC driver to runtime/lib
+3. Update entity definitions if needed for database-specific features
+
+### Component Development
+1. Create component: `gradle createComponent -Pcomponent=myapp`
+2. Define entities in `component/myapp/entity/`
+3. Implement services in `component/myapp/service/`
+4. Create screens in `component/myapp/screen/`
+5. Add seed data in `component/myapp/data/`
+
+### Hot Reload Support
+- Groovy scripts and services reload automatically in development mode
+- Screen definitions reload on change
+- Entity definitions require restart

Dockerfile

@@ -0,0 +1,86 @@
+# Moqui Framework Production Dockerfile
+# Multi-stage build for optimized image size
+# Uses Java 21 LTS with Eclipse Temurin
+
+# ============================================================================
+# Build Stage - Compiles the application and creates the WAR
+# ============================================================================
+FROM eclipse-temurin:21-jdk-alpine AS builder
+
+# Install build dependencies
+RUN apk add --no-cache bash git
+
+WORKDIR /build
+
+# Copy Gradle wrapper and build files first (for better caching)
+COPY gradlew gradlew.bat gradle.properties settings.gradle build.gradle ./
+COPY gradle/ gradle/
+
+# Copy source code
+COPY framework/ framework/
+COPY runtime/ runtime/
+
+# Build the WAR file with runtime included
+RUN chmod +x gradlew && \
+    ./gradlew --no-daemon addRuntime && \
+    # Unzip the WAR for faster startup
+    mkdir -p /app && \
+    cd /app && \
+    unzip /build/moqui-plus-runtime.war
+
+# ============================================================================
+# Runtime Stage - Minimal production image
+# ============================================================================
+FROM eclipse-temurin:21-jre-alpine
+
+LABEL maintainer="Moqui Framework <moqui@googlegroups.com>" \
+      version="3.0.0" \
+      description="Moqui Framework - Enterprise Application Development" \
+      org.opencontainers.image.source="https://github.com/moqui/moqui-framework"
+
+# Install runtime dependencies
+RUN apk add --no-cache \
+    curl \
+    tzdata \
+    && rm -rf /var/cache/apk/*
+
+# Create non-root user for security
+RUN addgroup -g 1000 -S moqui && \
+    adduser -u 1000 -S moqui -G moqui
+
+WORKDIR /opt/moqui
+
+# Copy application from builder
+COPY --from=builder --chown=moqui:moqui /app/ .
+
+# Create necessary directories with correct permissions
+RUN mkdir -p runtime/log runtime/txlog runtime/sessions runtime/db && \
+    chown -R moqui:moqui runtime/
+
+# Switch to non-root user
+USER moqui
+
+# Configuration volumes
+VOLUME ["/opt/moqui/runtime/conf", "/opt/moqui/runtime/lib", "/opt/moqui/runtime/classes", "/opt/moqui/runtime/ecomponent"]
+
+# Data persistence volumes
+VOLUME ["/opt/moqui/runtime/log", "/opt/moqui/runtime/txlog", "/opt/moqui/runtime/sessions", "/opt/moqui/runtime/db"]
+
+# Main application port
+EXPOSE 8080
+
+# Environment variables with sensible defaults
+ENV JAVA_TOOL_OPTIONS="-Xms512m -Xmx1024m -XX:+UseG1GC -XX:MaxGCPauseMillis=100" \
+    MOQUI_RUNTIME_CONF="conf/MoquiProductionConf.xml" \
+    TZ="UTC"
+
+# Health check using the /health/ready endpoint
+# start-period allows for slow startup (loading data, etc.)
+HEALTHCHECK --interval=30s --timeout=10s --start-period=120s --retries=3 \
+    CMD curl -f http://localhost:8080/health/ready || exit 1
+
+# Start Moqui using the MoquiStart class
+ENTRYPOINT ["java", "-cp", ".", "MoquiStart"]
+
+# Default command (can be overridden)
+CMD ["port=8080", "conf=conf/MoquiProductionConf.xml"]