Get Hive Running

From zero to a fully functional data server with REST API and web frontend. Estimated time: under 10 minutes on a prepared Linux system. Hive is built as a C++23 binary — no runtime interpreter, no container required.

What you need

⚙️

GCC 14 (C++23)

GCC 14 is the tested and recommended compiler. Clang with C++23 support (clang-18+) should also work but is not the primary target.

gcc --version
# gcc (GCC) 14.x.x

# Debian/Ubuntu install:
sudo apt install gcc-14 g++-14
🔒

OpenSSL (Required)

OpenSSL is a required dependency — used for SHA-256 in migration integrity checking (chain hash), and for token hashing. The development headers must be present.

# Debian/Ubuntu
sudo apt install libssl-dev

# Fedora/RHEL
sudo dnf install openssl-devel

# Verify
openssl version
pkg-config --modversion openssl
🔨

CMake 3.20+ & Ninja

CMake for the build system. Ninja is the recommended generator — it is significantly faster than Make for incremental builds of the ~44k LOC codebase.

cmake --version  # 3.20+
ninja --version  # any recent

# Debian/Ubuntu
sudo apt install cmake ninja-build
📦

Git (with submodules)

Required for cloning the repository. All C++ third-party libraries (Crow, SQLiteCpp, nlohmann/json, GoogleTest) are vendored as Git submodules in thirdparty/.

git --version  # any recent version

# Debian/Ubuntu
sudo apt install git

One-liner dependency install (Debian/Ubuntu)

sudo apt install build-essential gcc-14 g++-14 cmake ninja-build \
                 git libssl-dev

Vendored third-party libraries (no separate install needed)

LibraryPathPurpose
Crowthirdparty/CrowC++ HTTP/WebSocket server framework — all REST endpoints
SQLiteCppthirdparty/SQLiteCppC++ SQLite wrapper — all database operations
nlohmann/jsonthirdparty/nlohmann_jsonJSON serialisation/deserialisation
GoogleTestthirdparty/googletestUnit and integration testing framework

Step-by-step setup

1

Clone the repository and initialise submodules

Clone Hive and initialise all vendored dependencies. This will populate thirdparty/ with Crow, SQLiteCpp, nlohmann/json, and GoogleTest.

git clone https://github.com/openeggbert/hive.git
cd hive
git submodule update --init --recursive

The recursive flag is important — some submodules themselves have nested submodules (e.g., Crow's Asio dependency).

2

Configure with CMake

Configure the build directory. Hive uses Ninja for speed. The example below shows a production Release build with all performance flags enabled.

Minimal configuration (development)

cmake -S . -B build \
  -G Ninja \
  -DCMAKE_BUILD_TYPE=Debug

Production configuration (recommended)

cmake -S . -B build \
  -G Ninja \
  -DCMAKE_BUILD_TYPE=Release \
  -DCMAKE_CXX_FLAGS="-O3" \
  -DCMAKE_INTERPROCEDURAL_OPTIMIZATION=ON \
  -DCMAKE_UNITY_BUILD=ON

Key CMake flags reference

FlagValueEffect
CMAKE_BUILD_TYPERelease / DebugOptimisation level and debug symbols
CMAKE_CXX_FLAGS-O3Maximum optimisation — important for production performance
CMAKE_INTERPROCEDURAL_OPTIMIZATIONONLink-Time Optimisation (LTO) — enables cross-translation-unit inlining
CMAKE_UNITY_BUILDONUnity (jumbo) build — combines multiple .cpp files to reduce compilation time and improve LTO quality
ENABLE_TESTSON / OFFBuild the GoogleTest test suite (hive_tests target)

CMake detects OpenSSL automatically via find_package(OpenSSL REQUIRED). If OpenSSL is in a non-standard path, set -DOPENSSL_ROOT_DIR=/path/to/openssl.

3

Build the application binary

Compile the hive_app target. First build takes a few minutes (all vendored dependencies compile from source). Subsequent incremental builds are fast with Ninja.

cmake --build build --target hive_app

# Or with explicit parallelism (adjust to your CPU core count)
cmake --build build --target hive_app -- -j8

The compiled binary is placed at build/src/hive-app/hive_app.

Verify the binary

./build/src/hive-app/hive_app --help
4

Run the server

Start Hive with the frontend directory, port, and host settings. The -s flag points to the static frontend files.

./build/src/hive-app/hive_app start \
  --port 9000 \
  --frontend-port 9000 \
  --host http://localhost \
  -s ./frontend

Expected startup output:

[INFO] Loading configuration from configuration/hive.properties
[INFO] Plugin loaded: core
[INFO] Plugin loaded: slip_box
[INFO] Plugin loaded: dictionary
[INFO] Plugin loaded: repetition
[INFO] Applying migrations for plugin: core (3 pending)
[INFO] Applying migrations for plugin: slip_box (2 pending)
[INFO] Migration integrity verified: all chain hashes match
[INFO] Registered 42 model endpoints
[INFO] CronScheduler started (4 worker threads)
[INFO] Hive server listening on http://localhost:9000

After the server starts

Access the web frontend

http://localhost:9000/web/

The Hive web frontend loads, reads /api/v1/model_definition, and builds navigation from all registered plugin models.

Explore the API

# Full metadata contract (drives frontend)
http://localhost:9000/api/v1/model_definition

# Health probe
http://localhost:9000/health
# → { "status": "ok", "db": "ok" }

# Runtime info
http://localhost:9000/info
# → { "version": "...", "plugins": [...] }

Plugin-specific apps

http://localhost:9000/web/app_slip_box.html
http://localhost:9000/web/app_dictionary.html
http://localhost:9000/web/app_repetition.html

Initial administrator login

On the very first start, if no users exist in the database, Hive auto-generates a random administrator password and writes it to pw.txt in the working directory.

⚠️

Security checklist — first run

  1. Open pw.txt and copy the admin username and password securely (password manager).
  2. Delete pw.txt immediately — it contains plaintext credentials.
  3. Log in to the frontend with the saved credentials.
  4. Change the administrator password via POST /api/v1/auth/change_password or the auth UI.
  5. Review access_mode and registration_mode in configuration/hive.properties for your deployment needs.

Test authentication via cURL

# Login
curl -s -X POST http://localhost:9000/api/v1/auth/login \
  -H 'Content-Type: application/json' \
  -d '{"username":"admin","password":"YOUR_PW"}' | jq

# Use the returned access_token
TOKEN="eyJhbG..."
curl -s http://localhost:9000/api/v1/note \
  -H "Authorization: Bearer $TOKEN" | jq

Configuration File Reference

Hive reads configuration/hive.properties on startup. Command-line flags override configuration file values. The actual default configuration shipped with the repository:

# === configuration/hive.properties ===

# Server access mode (controls what requests are permitted globally)
# 0=MaintenanceMode  1=AdminFullAccess  2=AdminAndSuperUserFullAccess
# 3=AuthenticatedReadOnly  4=AuthenticatedFullAccess
# 5=PublicReadOnly  6=PublicCreateAndRead  7=PublicCreateReadUpdate
# 8=PublicFullAccess  (DEFAULT — open for development)
access_mode=PublicFullAccess

# Registration mode
# 0=Free  1=RequiresAdminApproval  2=AdminAddsUsers
registration_mode=Free

# Default role assigned to new registrations (UserRole enum)
# 0=Guest  1=Reader  2=Editor  3=Reviewer  4=Admin  5=SuperAdmin
default_user_role=Reader

# Logging level
# Levels: TRACE DEBUG INFO WARN ERROR FATAL
max_log_level=ERROR

# Enabled domain plugins (comma-separated, core is always loaded)
allowed_plugins=slip_box,repetition,dictionary

# Token expiry
access_token_expires_in=15           # minutes (15 = 15 min)
refresh_token_expires_in=43200       # minutes (43200 = 30 days)
refresh_token_rotation_threshold_in=10080  # minutes (10080 = 7 days)

Command-line flags reference

FlagDefaultDescription
--port <n>9000HTTP server port
--frontend-port <n>9000Port reported to the frontend for API calls (relevant when behind a proxy)
--host <url>http://localhostHost URL base (used for absolute URL generation)
-s <path>./frontendPath to frontend static files directory
--config <path>./configuration/hive.propertiesConfiguration file path
--db <path>./hive.dbSQLite database file path
--log-level <level>ERRORLog level override: TRACE DEBUG INFO WARN ERROR FATAL

Access mode recommendations by deployment type

DeploymentRecommended access_modeReasoning
Local developmentPublicFullAccess (8)No auth friction during development
Private personal serverAuthenticatedFullAccess (4)All users must log in; all operations allowed for authenticated
Small team / internalAuthenticatedFullAccess (4) or AuthenticatedReadOnly (3)Login required; control write access per role via validators
Public read / private writePublicReadOnly (5)Anyone can read; authenticated users can write
Maintenance windowMaintenanceMode (0)All requests rejected — migration or upgrade in progress

Running as a systemd Service

Hive ships with a hive.service systemd unit file for running as a Linux daemon. Edit paths to match your installation before enabling.

# hive.service — example content
[Unit]
Description=Hive Data Server
After=network.target
Wants=network-online.target

[Service]
Type=simple
User=hive
Group=hive
WorkingDirectory=/opt/hive
ExecStart=/opt/hive/hive_app start \
    --port 9000 \
    --frontend-port 9000 \
    --host http://localhost \
    -s /opt/hive/frontend
Restart=on-failure
RestartSec=5s
StandardOutput=journal
StandardError=journal

[Install]
WantedBy=multi-user.target
# Install and enable
sudo cp hive.service /etc/systemd/system/
sudo nano /etc/systemd/system/hive.service     # edit paths

# Enable and start
sudo systemctl daemon-reload
sudo systemctl enable hive
sudo systemctl start hive

# Status and logs
sudo systemctl status hive
sudo journalctl -u hive -f                     # live log tail
sudo journalctl -u hive --since "1 hour ago"   # last hour

Production security considerations


Running the Test Suite

Hive ships a GoogleTest-based test suite. Tests cover: utility functions, access mode logic, plugin registry (topological sort, cyclic dependency detection), and the cron scheduler. Integration tests run against a real SQLite in-memory database.

# Build tests (requires -DENABLE_TESTS=ON, or it may be ON by default)
cmake -S . -B build -G Ninja -DCMAKE_BUILD_TYPE=Debug -DENABLE_TESTS=ON
cmake --build build --target hive_tests

# Run all tests
cd build && ctest --output-on-failure

# Run a specific test filter
ctest -R "PluginRegistry" --output-on-failure

# Run directly with GoogleTest output
./build/tests/hive_tests --gtest_filter="CronScheduler*"

Test coverage areas

Test areaWhat is verified
Utility testsString manipulation, date/time parsing, configuration file parsing, token hashing
ModelDefinition testsFlag bitmask combinations, auto-inference rules, builder API correctness
AccessMode testsAll 9 access mode enum values, permission matrix for each UserRole × Crudl combination
PluginRegistry testsTopological sort correctness, CyclicDependencyException detection, MissingDependencyException detection
CronScheduler testsCron expression parsing, next-run calculation, run_once_when_missed logic
Migration testsMigration naming validation (V{n}__name.sql regex), SHA-256 chain hash computation, tamper detection
Repository testsCRUD operations against in-memory SQLite, list pagination, sort/filter correctness

Common Issues

SymptomLikely causeFix
CMake error: Could not find OpenSSL OpenSSL development headers not installed sudo apt install libssl-dev (Debian/Ubuntu) or set -DOPENSSL_ROOT_DIR=...
Compiler error: feature not supported with this compiler GCC version too old for C++23 Install GCC 14: sudo apt install gcc-14 g++-14; set -DCMAKE_CXX_COMPILER=g++-14
Server starts but /web/ returns 404 Wrong frontend path in -s flag Verify -s ./frontend points to the directory containing index.html
Migration integrity error on startup A migration SQL file was edited after being applied Revert the file to its original content, or delete hive.db and restart (data loss — dev only)
MissingDependencyException on startup A plugin listed in allowed_plugins does not exist or its dependency is not enabled Check allowed_plugins in hive.properties; ensure all dependency plugins are listed
Frontend shows no models / empty navigation /api/v1/model_definition returns empty or CORS issue Check server logs; verify allowed_plugins has correct plugin names; try curl http://localhost:9000/api/v1/model_definition
Login returns 403 even with correct credentials access_mode=MaintenanceMode or user status is Pending/Banned Check access_mode in config; check user record status in user table

Want to extend Hive?

Now that you have a running instance, explore the Developer Guide to understand how to add your own plugin with models, validators, triggers, and scheduled jobs.