From zero to a fully functional data server with REST API and web frontend. Estimated time: under 10 minutes on a prepared Linux system. Hive is built as a C++23 binary — no runtime interpreter, no container required.
GCC 14 is the tested and recommended compiler. Clang with C++23 support (clang-18+) should also work but is not the primary target.
gcc --version
# gcc (GCC) 14.x.x
# Debian/Ubuntu install:
sudo apt install gcc-14 g++-14
OpenSSL is a required dependency — used for SHA-256 in migration integrity checking (chain hash), and for token hashing. The development headers must be present.
# Debian/Ubuntu
sudo apt install libssl-dev
# Fedora/RHEL
sudo dnf install openssl-devel
# Verify
openssl version
pkg-config --modversion openssl
CMake for the build system. Ninja is the recommended generator — it is significantly faster than Make for incremental builds of the ~44k LOC codebase.
cmake --version # 3.20+
ninja --version # any recent
# Debian/Ubuntu
sudo apt install cmake ninja-build
Required for cloning the repository. All C++ third-party libraries (Crow, SQLiteCpp, nlohmann/json, GoogleTest) are vendored as Git submodules in thirdparty/.
git --version # any recent version
# Debian/Ubuntu
sudo apt install git
sudo apt install build-essential gcc-14 g++-14 cmake ninja-build \
git libssl-dev
| Library | Path | Purpose |
|---|---|---|
| Crow | thirdparty/Crow | C++ HTTP/WebSocket server framework — all REST endpoints |
| SQLiteCpp | thirdparty/SQLiteCpp | C++ SQLite wrapper — all database operations |
| nlohmann/json | thirdparty/nlohmann_json | JSON serialisation/deserialisation |
| GoogleTest | thirdparty/googletest | Unit and integration testing framework |
Clone Hive and initialise all vendored dependencies. This will populate thirdparty/ with Crow, SQLiteCpp, nlohmann/json, and GoogleTest.
git clone https://github.com/openeggbert/hive.git
cd hive
git submodule update --init --recursive
The recursive flag is important — some submodules themselves have nested submodules (e.g., Crow's Asio dependency).
Configure the build directory. Hive uses Ninja for speed. The example below shows a production Release build with all performance flags enabled.
cmake -S . -B build \
-G Ninja \
-DCMAKE_BUILD_TYPE=Debug
cmake -S . -B build \
-G Ninja \
-DCMAKE_BUILD_TYPE=Release \
-DCMAKE_CXX_FLAGS="-O3" \
-DCMAKE_INTERPROCEDURAL_OPTIMIZATION=ON \
-DCMAKE_UNITY_BUILD=ON
| Flag | Value | Effect |
|---|---|---|
CMAKE_BUILD_TYPE | Release / Debug | Optimisation level and debug symbols |
CMAKE_CXX_FLAGS | -O3 | Maximum optimisation — important for production performance |
CMAKE_INTERPROCEDURAL_OPTIMIZATION | ON | Link-Time Optimisation (LTO) — enables cross-translation-unit inlining |
CMAKE_UNITY_BUILD | ON | Unity (jumbo) build — combines multiple .cpp files to reduce compilation time and improve LTO quality |
ENABLE_TESTS | ON / OFF | Build the GoogleTest test suite (hive_tests target) |
CMake detects OpenSSL automatically via find_package(OpenSSL REQUIRED). If OpenSSL is in a non-standard path, set -DOPENSSL_ROOT_DIR=/path/to/openssl.
Compile the hive_app target. First build takes a few minutes (all vendored dependencies compile from source). Subsequent incremental builds are fast with Ninja.
cmake --build build --target hive_app
# Or with explicit parallelism (adjust to your CPU core count)
cmake --build build --target hive_app -- -j8
The compiled binary is placed at build/src/hive-app/hive_app.
./build/src/hive-app/hive_app --help
Start Hive with the frontend directory, port, and host settings. The -s flag points to the static frontend files.
./build/src/hive-app/hive_app start \
--port 9000 \
--frontend-port 9000 \
--host http://localhost \
-s ./frontend
Expected startup output:
[INFO] Loading configuration from configuration/hive.properties
[INFO] Plugin loaded: core
[INFO] Plugin loaded: slip_box
[INFO] Plugin loaded: dictionary
[INFO] Plugin loaded: repetition
[INFO] Applying migrations for plugin: core (3 pending)
[INFO] Applying migrations for plugin: slip_box (2 pending)
[INFO] Migration integrity verified: all chain hashes match
[INFO] Registered 42 model endpoints
[INFO] CronScheduler started (4 worker threads)
[INFO] Hive server listening on http://localhost:9000
http://localhost:9000/web/
The Hive web frontend loads, reads /api/v1/model_definition, and builds navigation from all registered plugin models.
# Full metadata contract (drives frontend)
http://localhost:9000/api/v1/model_definition
# Health probe
http://localhost:9000/health
# → { "status": "ok", "db": "ok" }
# Runtime info
http://localhost:9000/info
# → { "version": "...", "plugins": [...] }
http://localhost:9000/web/app_slip_box.html
http://localhost:9000/web/app_dictionary.html
http://localhost:9000/web/app_repetition.html
On the very first start, if no users exist in the database, Hive auto-generates a random administrator password and writes it to pw.txt in the working directory.
pw.txt and copy the admin username and password securely (password manager).pw.txt immediately — it contains plaintext credentials.POST /api/v1/auth/change_password or the auth UI.access_mode and registration_mode in configuration/hive.properties for your deployment needs.# Login
curl -s -X POST http://localhost:9000/api/v1/auth/login \
-H 'Content-Type: application/json' \
-d '{"username":"admin","password":"YOUR_PW"}' | jq
# Use the returned access_token
TOKEN="eyJhbG..."
curl -s http://localhost:9000/api/v1/note \
-H "Authorization: Bearer $TOKEN" | jq
Hive reads configuration/hive.properties on startup. Command-line flags override configuration file values. The actual default configuration shipped with the repository:
# === configuration/hive.properties ===
# Server access mode (controls what requests are permitted globally)
# 0=MaintenanceMode 1=AdminFullAccess 2=AdminAndSuperUserFullAccess
# 3=AuthenticatedReadOnly 4=AuthenticatedFullAccess
# 5=PublicReadOnly 6=PublicCreateAndRead 7=PublicCreateReadUpdate
# 8=PublicFullAccess (DEFAULT — open for development)
access_mode=PublicFullAccess
# Registration mode
# 0=Free 1=RequiresAdminApproval 2=AdminAddsUsers
registration_mode=Free
# Default role assigned to new registrations (UserRole enum)
# 0=Guest 1=Reader 2=Editor 3=Reviewer 4=Admin 5=SuperAdmin
default_user_role=Reader
# Logging level
# Levels: TRACE DEBUG INFO WARN ERROR FATAL
max_log_level=ERROR
# Enabled domain plugins (comma-separated, core is always loaded)
allowed_plugins=slip_box,repetition,dictionary
# Token expiry
access_token_expires_in=15 # minutes (15 = 15 min)
refresh_token_expires_in=43200 # minutes (43200 = 30 days)
refresh_token_rotation_threshold_in=10080 # minutes (10080 = 7 days)
| Flag | Default | Description |
|---|---|---|
--port <n> | 9000 | HTTP server port |
--frontend-port <n> | 9000 | Port reported to the frontend for API calls (relevant when behind a proxy) |
--host <url> | http://localhost | Host URL base (used for absolute URL generation) |
-s <path> | ./frontend | Path to frontend static files directory |
--config <path> | ./configuration/hive.properties | Configuration file path |
--db <path> | ./hive.db | SQLite database file path |
--log-level <level> | ERROR | Log level override: TRACE DEBUG INFO WARN ERROR FATAL |
| Deployment | Recommended access_mode | Reasoning |
|---|---|---|
| Local development | PublicFullAccess (8) | No auth friction during development |
| Private personal server | AuthenticatedFullAccess (4) | All users must log in; all operations allowed for authenticated |
| Small team / internal | AuthenticatedFullAccess (4) or AuthenticatedReadOnly (3) | Login required; control write access per role via validators |
| Public read / private write | PublicReadOnly (5) | Anyone can read; authenticated users can write |
| Maintenance window | MaintenanceMode (0) | All requests rejected — migration or upgrade in progress |
Hive ships with a hive.service systemd unit file for running as a Linux daemon. Edit paths to match your installation before enabling.
# hive.service — example content
[Unit]
Description=Hive Data Server
After=network.target
Wants=network-online.target
[Service]
Type=simple
User=hive
Group=hive
WorkingDirectory=/opt/hive
ExecStart=/opt/hive/hive_app start \
--port 9000 \
--frontend-port 9000 \
--host http://localhost \
-s /opt/hive/frontend
Restart=on-failure
RestartSec=5s
StandardOutput=journal
StandardError=journal
[Install]
WantedBy=multi-user.target
# Install and enable
sudo cp hive.service /etc/systemd/system/
sudo nano /etc/systemd/system/hive.service # edit paths
# Enable and start
sudo systemctl daemon-reload
sudo systemctl enable hive
sudo systemctl start hive
# Status and logs
sudo systemctl status hive
sudo journalctl -u hive -f # live log tail
sudo journalctl -u hive --since "1 hour ago" # last hour
hive user — no root required.access_mode=AuthenticatedFullAccess (or stricter) in hive.properties.registration_mode=AdminAddsUsers if the server is not intended for public registration.configuration/hive.properties and hive.db are readable only by the hive user.hive.db regularly — this SQLite file contains all your data.Hive ships a GoogleTest-based test suite. Tests cover: utility functions, access mode logic, plugin registry (topological sort, cyclic dependency detection), and the cron scheduler. Integration tests run against a real SQLite in-memory database.
# Build tests (requires -DENABLE_TESTS=ON, or it may be ON by default)
cmake -S . -B build -G Ninja -DCMAKE_BUILD_TYPE=Debug -DENABLE_TESTS=ON
cmake --build build --target hive_tests
# Run all tests
cd build && ctest --output-on-failure
# Run a specific test filter
ctest -R "PluginRegistry" --output-on-failure
# Run directly with GoogleTest output
./build/tests/hive_tests --gtest_filter="CronScheduler*"
| Test area | What is verified |
|---|---|
| Utility tests | String manipulation, date/time parsing, configuration file parsing, token hashing |
| ModelDefinition tests | Flag bitmask combinations, auto-inference rules, builder API correctness |
| AccessMode tests | All 9 access mode enum values, permission matrix for each UserRole × Crudl combination |
| PluginRegistry tests | Topological sort correctness, CyclicDependencyException detection, MissingDependencyException detection |
| CronScheduler tests | Cron expression parsing, next-run calculation, run_once_when_missed logic |
| Migration tests | Migration naming validation (V{n}__name.sql regex), SHA-256 chain hash computation, tamper detection |
| Repository tests | CRUD operations against in-memory SQLite, list pagination, sort/filter correctness |
| Symptom | Likely cause | Fix |
|---|---|---|
CMake error: Could not find OpenSSL |
OpenSSL development headers not installed | sudo apt install libssl-dev (Debian/Ubuntu) or set -DOPENSSL_ROOT_DIR=... |
Compiler error: feature not supported with this compiler |
GCC version too old for C++23 | Install GCC 14: sudo apt install gcc-14 g++-14; set -DCMAKE_CXX_COMPILER=g++-14 |
Server starts but /web/ returns 404 |
Wrong frontend path in -s flag |
Verify -s ./frontend points to the directory containing index.html |
| Migration integrity error on startup | A migration SQL file was edited after being applied | Revert the file to its original content, or delete hive.db and restart (data loss — dev only) |
MissingDependencyException on startup |
A plugin listed in allowed_plugins does not exist or its dependency is not enabled |
Check allowed_plugins in hive.properties; ensure all dependency plugins are listed |
| Frontend shows no models / empty navigation | /api/v1/model_definition returns empty or CORS issue |
Check server logs; verify allowed_plugins has correct plugin names; try curl http://localhost:9000/api/v1/model_definition |
| Login returns 403 even with correct credentials | access_mode=MaintenanceMode or user status is Pending/Banned |
Check access_mode in config; check user record status in user table |