albertonline.org docs
Packages

Domain services

Effect v4 domain models and services powering the portal's CVM clips, Juicy Shop challenges, and drone simulator features.

These five packages each split into a domain half (Schema-based types, IDs, errors, events — no I/O) and a services half (Effect services that operate on that domain), backing three features hosted by the portal app: CVM clip recording, the Juicy Shop security-training catalogue, and the 3D drone simulator.

@repo/cvm-domain

Shared domain types and RPC payload schemas for the CVM (clip recording, transcription, and rendering) feature, consumed by both the portal client and the cvm-server Effect HTTP service so they share one contract. Depends only on effect and nanoid. Everything is exported as namespaced modules from a single entry point:

  • CvmRpc — shared request/response payload schemas (UploadClipPayload, TranscribePayload, RenderClipPayload)
  • CvmId, CvmError, CvmEvent, CvmTypes — ids, tagged errors, domain events, and core types
  • CvmFractionalIndex — fractional indexing for ordering clips
  • CvmFormat, CvmDerived, CvmSeed — formatting helpers, derived values, and seed data

@repo/cvm-services

Effect services implementing the CVM clip pipeline on top of @repo/cvm-domain. Used by the portal app's /cvm feature; a fake-indexeddb dev dependency indicates the persistence layer is tested against an in-memory IndexedDB.

  • MediaStoreService, PersistenceService — clip/media storage
  • RecorderService, RenderService — capture and render pipeline
  • SilenceDetectorService, StateService — silence detection and shared state

@repo/juice-domain

Domain models, repos, and challenge-detection types for Juicy Shop, the intentionally vulnerable OWASP Juice-Shop-style training app. Ships an @effect/sql-sqlite-node dependency and a ./test entry (test-layer.ts) for exercising the repos in tests.

  • Models: challenge, challenge-progress, challenge-solved-event, coding-challenge, interaction-log, order, product, review, user-profile
  • Repos: challenge-progress-repo, challenges-repo, interaction-log-repo, orders-repo, products-repo, reviews-repo, user-profiles-repo
  • Types: challenge-key, detect-ctx

@repo/juice-services

Effect services for Juicy Shop's static catalogue, challenge write-ups, and security lessons, built on @repo/juice-domain.

  • ./catalogueCHALLENGES and PRODUCTS static data
  • ./challenge-docs — per-vulnerability write-ups (SQL injection, DOM/ reflected XSS, CSRF, JWT forgery, path traversal, mass assignment, SSRF, weak password hashing, forged reviews, login-as-admin)
  • ./lessons — OWASP Top 10-style lessons (access control, injection, authentication, cryptographic failures, SSRF, XSS, CSRF, secrets management, and more)
  • Root entry also exports ChallengeDetectorService, ChallengesService, CheatScorerService, EventBusService, MetricsService, ProductsService, SeedService, SseRegistry, WebhookDispatcherService

@repo/drone-services

Domain types and Effect services for the portal's 3D drone simulator (three.js / @react-three/fiber on the client). Depends on effect and @repo/utils.

  • DroneState, DroneControls, DroneError, DroneEvent, DroneId — namespaced domain modules (drone physics state uses Vec3/Attitude Schema structs, motor throttle, and an onGround/flying/crashed status)
  • ControlsService, PhysicsService, SessionService, TerrainService — input handling, flight physics, session lifecycle, and terrain
  • terrainHeight, terrainSlope — procedural terrain noise functions

None of these five packages ship a README; the summaries above are derived from package.json and the shape of each src/index.ts.

See the packages overview and the architecture guide.

On this page