⬡ C++23 · MIT License · ~44k LOC

The metadata-driven
data server

Hive is a modular C++23 universal data server. Define a ModelDefinition once — Hive generates the REST API, drives SQLite persistence, runs the validation and trigger pipeline, and renders a complete web frontend from the same metadata contract.

~44kLines of C++
4Plugins
7User Roles
9Access Modes
Hive — Node List
Hive node list
C++23 / GCC 14 Crow HTTP SQLite + SQLiteCpp nlohmann/json CMake + Ninja GoogleTest / GoogleMock Vanilla JS · No build chain OpenSSL (tokens)

One ModelDefinition, the entire stack

Every entity in Hive is described by a struct ModelDefinition. That single object drives all downstream layers — nothing is duplicated across controllers, DTOs, persistence, validation, and UI.

// Example: defining a model in a plugin
ModelDefinition md("note", "slip_box");
md.set_group("Slip Box", 100)
  .set_all_rest_operations()          // Crudl: Create Read Update Delete List
  .set_title_column("title")
  .set_columns({
      {"title",   MANDATORY | TEXT},
      {"content", TEXTAREA},
      {"map_id",  FOREIGN_KEY},       // auto-detects _id suffix → Integer
      {"is_public", BOOL | MUTABLE}
  });

               ┌──────────────────────────────────────┐
               │         ModelDefinition               │
               └──┬──────────┬──────────┬─────────────┘
                  │          │          │
             REST API    SQLite      Validator   Frontend
        /api/v1/note   repository    pipeline   CRUD screen
         (Crow route)  + LRU cache  (can_* methods) (auto-rendered)
01

Column flags (bitmask)

MANDATORY · UNIQUE · FOREIGN_KEY · AUTO · HIDDEN · READONLY · MUTABLE · INTERNAL · TEXT · TEXTAREA · INTEGER · BOOL · DATETIME · REAL · BLOB

02

REST operations

Crudl::{Create, Read, Update, Delete, List} — set per model. Shorthand: set_rest_operations("crudl") or set_all_rest_operations().

03

Plugin registration

Plugin::register_model(def, validator, repo_factory)PluginRegistry resolves topological dependency order before startup.

04

Routes + UI generated

Crow routes appear at /api/v1/<model>. Frontend reads /api/v1/model_definition (cached 3 h in localStorage) and renders CRUD screens.


Everything you need in one coherent system

From the IValidator security gate through the three-phase trigger pipeline, LRU model cache, and schema-driven frontend — every layer is explicitly connected by metadata.

🔄

Auto-generated REST API

Full CRUD endpoints under /api/v1/<model> generated from allowed_rest_operations. All five Crudl operations (Create, Read, Update, Delete, List) are available per model. Supports page_number, page_size, sort, order, and field-level filters.

🧩

Plugin Architecture

Class Plugin registers models, triggers, queries, jobs, and migration scripts as one unit. PluginRegistry::get_plugin_names_sorted_by_dependencies() performs topological sort. Throws CyclicDependencyException and MissingDependencyException on invalid graphs.

IValidator Security Gate

Pure-virtual interface with can_create / can_read / can_update / can_delete / can_list — each returning OperationResult{int status, string error}. Acts as authentication, authorisation, domain-integrity, and consistency guard in one place.

3-Phase Trigger Pipeline

TriggerPhase::{Before, After, InsteadOf, Around}. InsteadOf variants return std::optional to override default CRUD behaviour for virtual reads, fulltext search, or derived operations.

🗃️

SQLite + LRU Cache

IRepository with create / read / update / remove / list / list_in_ids / list_ids. ModelCache: LRU with TTL (default 1 week), capacity_size=10000, thread-safe via std::shared_mutex. Stats: hits, misses, evicted_lru, expired, shrinks.

⏱️

Cron Scheduler

Quartz-style cron via cronq. Each Job::run(JobConfig&) returns an error string or empty on success. Properties: cron_expression, enabled_by_default, run_once_when_missed. Config queried via JobConfig::get_string_or_default().

🔐

Auth + 9 Access Modes

AccessMode enum controls global API access: from MaintenanceMode (full lockdown) to PublicFullAccess. Token lifecycle: access token (default 15 min), refresh token (default 30 days), rotation threshold 7 days. Tokens SHA-256 hashed before storage.

🌐

Schema-Driven Frontend

Vanilla JS ESM modules — api.js, crud.js, auth.js, navigation.js, schemas.js, state.js, dom.js, explore.js. apiFetch() handles proactive token refresh (60 s before expiry). FK labels resolved via resolveForeignKeyValue() with 24 h localStorage cache.

📜

Migration Integrity

File format: V(\d+)__([a-zA-Z0-9_]+).sql. Each migration carries a SHA-256 checksum + chain hash over the whole sequence. Applied transactionally in plugin dependency order. Tampering with applied migrations fails startup.

All features in detail →

9 Access Modes × 6 User Roles

Fine-grained global access control. UserRole::{Guest=0, Reader=1, Editor=2, Reviewer=3, Admin=4, SuperAdmin=5, System=100} combined with AccessMode determines what each role can do at the platform level.

AccessMode Admin/SA Reviewer Editor Reader Guest
MaintenanceMode
AdminsReadOnlyR
AdminsReadWriteRCUD
AuthenticatedReadOnlyRCUDRRR
AuthenticatedReadWriteRCUDRCUDRCUDR
AuthenticatedFullAccessRCUDRCUDRCUDRCUD
PublicReadOnly…ReadOnlyRCUDRRRR
PublicReadOnly…ReadWriteRCUDRCUDRCUDRR
PublicFullAccessRCUDRCUDRCUDRCUDRCUD

R = Read/List only · RCUD = full Create/Read/Update/Delete. Validator can_* methods add per-model constraints on top.


Four production-quality domain plugins

Core provides the platform foundation. Three domain plugins ship complete vertical slices: models, migrations, triggers, queries, jobs, and frontend apps.

Core

Core Plugin

14 migrations. Platform-critical foundation for all other plugins.

  • Tables: user, team, team_member, access_token, refresh_token, login_session, auth_log, api_log, super_admin_log, history, job_entry, job_run, error
  • Jobs: CleanupJob (@daily), VacuumJob (@monthly, disabled by default), CleanupHistoryOrphansJob
  • Triggers: HistoryCommonTrigger (After CRUDL → history table)
  • Queries: CleanupSQLiteQuery, VacuumSQLiteQuery, CleanupHistoryOrphansSQLiteQuery
Domain

Slip Box Plugin

33 migrations. Zettelkasten-style knowledge management.

  • Tables: map, content (FTS), note, property, tag_type, tag, link, source, idea, wanted_note, flag, project, task, pinned_note, annotation, test, test_attempt…
  • Jobs: HtmlExportJob
  • Triggers: BeforeCreateNoteTrigger, AfterCreateUpdateNoteTrigger, UpdateNotePathAndDepthAfterTrigger, InsteadOfReadNoteNavigationTrigger, ContentLinkParser, LinkSynchronizer + many more
  • Queries: FindNotesInMapSQLiteQuery, FindPreviousAndNextNoteSQLiteQuery, GetQuestionIdsSQLiteQuery…
Domain

Dictionary Plugin

29 migrations. Full lexicon system with fulltext search and visit analytics.

  • Tables: dictionary_map, dictionary_term, dictionary_term_alias, dictionary_term_visit, dictionary_term_understanding, dictionary_link, dictionary_source, dictionary_url, dictionary_search…
  • Jobs: DictionaryHtmlExportJob
  • Triggers: InsteadOfListDictionaryTermFulltextTrigger, InsteadOfReadDictionaryNewerTermTrigger, InsteadOfReadDictionaryOlderTermTrigger, InsteadOfListDictionaryTermsForReviewTrigger + 10 more
  • Queries: FindDictionaryTermsSQLiteQuery, FindDictionaryTermMetricsSQLiteQuery, FindDictionaryTermsViaAdvancedSearchSQLiteQuery…
Domain

Repetition Plugin

23 migrations. Spaced repetition (SM-style) integrated with Slip Box and Dictionary.

  • Tables: r_global_setting, r_user_setting, r_session, r_review, r0_state, r2_state, r4_state, r18_state, r18_perf_agg, r18_prediction_log
  • Triggers: RSessionBeforeCreateTrigger, RReviewAfterCreateTrigger, AfterCreateDeleteFlagRepetitionTrigger, AfterUpdateContentSemanticVersionTrigger
  • Queries: GetRSessionSelectedItemsSQLiteQuery
Full plugin documentation →

Schema-driven CRUD — no per-entity frontend code

Every screen below is generated at runtime by reading /api/v1/model_definition. The frontend renders list, read, create, update, and delete views for any model without hand-written UI.

List nodes
renderEntityList() — auto-generated list with sort, filter, pagination
Read node
renderEntityRead() — FK labels resolved via resolveForeignKeyValue()
Create node
renderEntityForm() — form built from ColumnDefinition metadata
Delete node
DELETE /api/v1/<model>/:id — validator + trigger pipeline fires first
List properties
List view with column-selector UI (hidden columns in localStorage)
Graph demo
Slip Box graph exploration — InsteadOfReadNoteNavigationTrigger
API call
GET /api/v1/<model> — QueryParams with page_number, sort, order, filters

Pragmatic dependencies, full architectural control

Every dependency has a clear role. No framework imposes hidden constraints on the architecture. All layers are explicit C++23 code.

⚙️

C++23

GCC 14 tested · LTO · -O3 · CMAKE_UNITY_BUILD

🌐

Crow

Lightweight C++ HTTP microframework for route generation

🗃️

SQLite

via SQLiteCpp + custom IRepository abstraction layer

📄

nlohmann/json

JSON serialization for API payloads and trigger data

🔨

CMake + Ninja

Cross-platform build · feature flags per plugin

🔐

OpenSSL

SHA-256 token hashing and migration checksums

🧪

GoogleTest

Unit tests for utils, access modes, plugin registry, cron

🎨

Vanilla JS (ESM)

No build chain · api.js, crud.js, auth.js, schemas.js


Ready to build with Hive?

Clone, git submodule update --init --recursive, configure with CMake, and have a running data server with REST API and web frontend in minutes.