feat(cloud): introduce AxioDBCloud TCP remote access and update CI workflows

[AnkanSaha]

Summary

This PR introduces AxioDBCloud, a new TCP-based remote access layer for AxioDB, enabling Docker and Cloud deployments with a client-server architecture. It also includes documentation updates, UI enhancements, and CI/CD workflow maintenance.

Changes

• Core: Added TCP server support on port 27019 (enabled via constructor).
• Docs: Added a comprehensive AxioDBCloud documentation page and updated README with quick-start guides.
• UI: New promotional banners and sidebar links for Cloud access.
• Docker: Updated volume mapping and exposed Port 27019.
• CI/CD: Upgraded GitHub Actions (checkout, setup-node, login-action) to the latest versions (v4/v3).
• Version: Bumped package version to 7.33.230.

Verification

• Manual verification of the new documentation routes.
• Docker build and port exposure check.
• Workflow execution success on PR push.

[github-actions]

🤖 Review Buddy - General Code Review

👥 Attention: @AnkanSaha

Oho @AnkanSaha bhai! Kya kar rahe ho? 2024 chal raha hai aur tum abhi tak actions/checkout@v2 pe atke hue the? Sharam karo!

PR toh tumne aise likha hai jaise koi naya startup launch kar rahe ho—'AxioDBCloud', 'Zero Code Changes', 'Fast TCP Protocol'. Sunne mein toh bahut sexy lag raha hai, lekin reality mein tumne ek massive security hole khod diya hai. Bina kisi authentication ya encryption ke TCP port (27019) khol diya? Bhai, ye database hai ya dharamshala jahan koi bhi munh utha ke chala aaye?

Aur ye Docker volume ka path kyun badal diya? /app/AxioDB se /app? Purane users ka data kya tumhare padosi recover karenge? Breaking changes aise silently daalte ho jaise movie mein interval ke baad plot change ho jaata hai.

Overall, marketing 10/10 hai, lekin engineering mein 'Security' aur 'Backward Compatibility' naam ki cheez bhi hoti hai.

Code Quality Score: 4/10 (Documents ache hain, logic mein thoda 'loca' hai).

---

Generated by Review Buddy | Tone: roast | Language: hinglish

[github-actions]

⚡ Review Buddy - Performance Analysis

👥 Attention: @AnkanSaha

Arre bhai, performance ke naam pe tumne sirf adjectives chipka diye hain. Chalo, ab thoda technical gyaan lete hain:

1. The TCP Bottleneck (Node.js Event Loop):
   Tumne kaha 1000+ concurrent connections handle kar lega. Bhai, Node.js single-threaded hai. Agar tumhara 'Binary JSON' parser (jo ki basically JSON.stringify pe buffer wrapper lag raha hai) bada data parse karne baitha, toh event loop ki maut nishchit hai.
   Recommendation: Use a proper streaming parser or worker_threads for heavy serialization tasks.

2. Memory Leak Alert (Connection Pooling):
   README mein likha hai 'Connection pooling'. JS mein manual pooling ka matlab hai tum arrays ya maps mein sockets store kar rahe ho. Agar socket cleanup properly nahi hua (error handling missing lag rahi hai snippets mein), toh tumhari RAM aise gayab hogi jaise salary mahine ke pehle hafte mein.

   // Current potential mess:
   const connections = []; 
   server.on('connection', s => connections.push(s)); // Yeh leak karega beta

   Better Way: Use a robust pool manager and set hard limits on maxListeners and socket idle timeouts.

3. Binary Protocol overhead:
   '4-byte length prefix'—theek hai, standard hai. Lekin agar client 1GB ka length bhej de toh? Tumhara server utna buffer allocate karne ki koshish karega aur OOM (Out of Memory) crash ho jayega.
   Fix: Hamesha max frame size set karo.

4. Exponential Backoff in JS:
   Auto-reconnect mein 10 attempts daale hain. Har retry pe timer chalega. Agar 1000 clients ek saath reconnect karenge (Thundering Herd Problem), toh tumhara server restart hote hi phir se dum tod dega.
   Recommendation: Add 'jitter' (random delay) to your backoff logic.

5. Docker Volume Mapping Change:
   -v axiodb-data:/app instead of /app/AxioDB. Ab container ke andar har file scan hogi? System performance hit karega jab multiple DBs create honge. Root directory pe data rakhna is a bad idea for I/O performance.

6. GUI and TCP Overhead:
   Tum ek hi process mein HTTP server (Port 27018) aur TCP server (Port 27019) chala rahe ho. Dono same event loop share kar rahe hain. Agar koi GUI pe bada query chala raha hai, toh TCP clients ka response time (latency) skyrocket ho jayega.
   Strategy: Split them into different worker processes.

7. Buffer Allocation:
   Buffer.alloc vs Buffer.allocUnsafe. Use allocUnsafe only if you know what you are doing, otherwise, memory garbage leak ho jayega remote client ko.

8. Garbage Collection (GC):
   Bahut saare short-lived objects ban rahe hain query results ke liye. Remote access mein serialization ki wajah se pressure badhega. Look into Object Pooling for frequent response objects.

9. Network Latency:
   TCP protocol binary hai, sahi hai. Lekin Nagle's algorithm disable kiya kya? (socket.setNoDelay(true)). Agar nahi, toh small packets (heartbeats) delay honge aur timeout badh jayega.

10. JSON Serialization:
    Agar tum normal JSON.stringify use kar rahe ho, toh cyclic references crash kar dengen.

In short: Performance sirf 'fast' likhne se nahi aati, 'low-level optimization' se aati hai. Agli baar dhyan rakhna.

---

Generated by Review Buddy | Tone: roast | Language: hinglish

[github-actions]

🔐 Review Buddy - Security Audit

👥 Attention: @AnkanSaha

Bhai, security ke maamle mein tumne toh 'Welcome' ka board laga diya hai hackers ke liye.

1. Issue: Unauthenticated TCP Access (Critical)

   • Severity: Critical
   • Location: Port 27019 (TCP Server)
   • Exploit: Koi bhi axiodb://your-ip:27019 se connect karke db.dropDatabase() chala sakta hai. Zero authentication mechanism dikh raha hai README aur code setup mein.
   • Remediation: Implement a handshake protocol with a pre-shared key (PSK) or JWT-based auth.
   • Reference: OWASP A01:2021-Broken Access Control.

2. Issue: Cleartext Communication (High)

   • Severity: High
   • Location: TCP Network Traffic
   • Exploit: 'Man-in-the-middle' (MITM) attack. Packet sniffer laga ke koi bhi tumhara sensitive data padh sakta hai kyunki TLS/SSL ka koi zikr nahi hai.
   • Remediation: Use tls module instead of net module for encrypted communication.

3. Issue: Denial of Service (DoS) via Buffer Exhaustion (Medium)

   • Severity: Medium
   • Location: TCP Packet Handling
   • Exploit: Ek malicious client bahut bada length prefix bhej ke server ki memory exhaust kar sakta hai.
   • Remediation: Max payload size limit (e.g., 16MB) enforce karo.

4. Issue: Port Exposure in Docker (Medium)

   • Severity: Medium
   • Location: Dockerfile/README
   • Exploit: Default configuration mein 0.0.0.0 pe listen kar rahe ho. Agar user ne firewall set nahi kiya, toh database internet pe public ho jayega.
   • Remediation: Bind to 127.0.0.1 by default or add a HUGE warning in the docs.

5. Issue: Path Traversal (Low)

   • Severity: Low
   • Location: createDB method via TCP
   • Exploit: Agar database name sanitize nahi ho raha, toh koi ../../etc/passwd type ka naam bhej ke system files access karne ki koshish kar sakta hai.
   • Remediation: Use a strict regex for database and collection names.

---

Generated by Review Buddy | Tone: roast | Language: hinglish

[github-actions]

📊 Review Buddy - Code Quality & Maintainability Analysis

👥 Attention: @AnkanSaha

🎯 Overall Benchmark: 55/100 (Needs Improvement)

Code quality? Bhai, ye toh 'Documentation-Driven Development' ho gaya. Code se zyada toh tumne UI components aur README mein kahaniyaan likhi hain.

1. SOLID Principles ka Murder:

   • Single Responsibility: AxioDB constructor ab GUI, DB Path, aur ab TCP Server bhi handle kar raha hai? Char-char flags pass kar rahe ho?
   • Symptom: new AxioDB(false, 'MyDB', '.', true). Bhai, ye 'Boolean Trap' hai. Kal ko 5th parameter aayega toh kya karoge?
   • Refactor: Use an options object.

     new AxioDB({ gui: false, name: 'MyDB', path: '.', enableTcp: true });

2. Breaking Changes (UX Crime):

   • Docker volume path change kar diya /app/AxioDB se /app. Purane users upgrade karenge toh unka data 'gayab' ho jayega (actually hidden in old path). Yeh major version bump hona chahiye tha, minor nahi.

3. UI Component Bloat:

   • AxioDBCloud.tsx mein 493 lines? Aur usme mostly static text aur SVGs hain?
   • Category: Maintenance Debt.
   • Refactor: Icons aur static sections ko separate components mein todo. Itni badi file dekh ke browser bhi ro dega.

4. DRY (Don't Repeat Yourself):

   • README aur AxioDBCloud.tsx mein exact same text copy-pasted hai. Agar ek jagah update kiya aur doosri jagah bhool gaye, toh documentation inconsistent ho jayegi.

5. Naming Conventions:

   • createDB, createCollection... theek hai. Lekin AxioDBCloud as a class name for the client is confusing. Is it a cloud service or just a TCP client? Better name: AxioDBRemoteClient or AxioDBClient.

6. Error Handling:

   • Code snippets mein await client.connect() hai, lekin try-catch ka namo-nishan nahi. Client code crash hoga toh pooray app ko le doobega.

7. Hardcoded Ports:

   • Port 27018 aur 27019 hardcoded dikh rahe hain docs mein. Environment variables ka support hai, par default behaviour dangerous hai agar ports occupied hon.

8. Magic Strings:

   • TCP Protocol mein 'axiodb://' use kar rahe ho. Protocol parser mein magic strings avoid karo, use constants.

9. Missing Tests:

   • Is PR mein ek bhi test file nahi hai for the new TCP functionality. 'Production Ready' kaise bol diya bina tests ke?

10. Workflow Versioning:

    • v2 se v4 pe jump karna acha hai, par npm install use kar rahe ho ek workflow mein aur npm ci doosre mein. Consistency kidhar hai?

---

Generated by Review Buddy | Tone: roast | Language: hinglish

[github-actions]

💡 Review Buddy - Best Practices & Alternative Suggestions

👥 Attention: @AnkanSaha

Bhai, thoda 'Modern JavaScript' aur 'Clean Code' ka tadka lagao:

1. The Boolean Trap in Constructor

Current Code:

const db = new AxioDB(false, 'MyDatabase', './data', true);

Better Alternative:

const db = new AxioDB({
  enableGui: false,
  dbName: 'MyDatabase',
  storagePath: './data',
  enableTcp: true
});

Why: Readable hai bhai. true, false dekh ke samajh nahi aata kaunsa flag kya kar raha hai.

2. Manual Reconnection Logic

Current Code (Inferred):
Tumne exponential backoff likha hai, but make sure it handles the 'close' vs 'error' events properly.

// Ensure you are doing this:
socket.on('error', (err) => {
  console.error('Bhasad ho gayi:', err);
  this.reconnect();
});

3. Use Optional Chaining

Current Code (Inferred from UI):

if (results && results.data && results.data.documents)

Better Alternative:

const docs = results?.data?.documents ?? [];

Why: Code clean dikhta hai aur 'cannot read property of undefined' waale nakhre nahi jhelne padte.

4. Template Literals for Connection Strings

Current Code:
'axiodb://' + host + ':' + port
Better Alternative:
`axiodb://${host}:${port}`
Why: Concatenation purana ho gaya, template literals use karo modern bano.

5. Docker Volume Consistency

Current Code:
-v axiodb-data:/app (Breaking Change)
Better Alternative:
-v axiodb-data:/app/data aur internal code ko env var se path set karne do.
Why: Root /app ko mount karna risky hai, binaries overwrite ho sakti hain.

---

Generated by Review Buddy | Tone: roast | Language: hinglish

[github-actions]

⚠️ Review Buddy - Final Recommendation

👥 Attention: @AnkanSaha

Recommendation: REQUEST CHANGES

Changes chahiye, bhai! Abhi approve nahi kar sakte.

Reasoning:

• Critical Security Issue: No authentication or encryption (TLS) on the new TCP port 27019. Publicly accessible databases are a major risk.
• Breaking Change: Docker volume mapping changed from /app/AxioDB to /app without a migration plan or major version bump.
• Design Smell: The AxioDB constructor uses positional boolean arguments (Boolean Trap), making the API hard to use and maintain.
• Documentation Inconsistency: Huge documentation blocks are hardcoded in React components instead of using Markdown files or a CMS.
• Missing Implementation: The actual implementation of the TCP server and AxioDBCloud client isn't fully visible in this diff, suggesting it might be bundled or added elsewhere incorrectly.

---

📋 Review Checklist for Reviewers:

• Code changes align with the PR description
• No security vulnerabilities introduced
• Performance considerations addressed
• Code follows project conventions
• Tests are adequate (if applicable)
• Documentation updated (if needed)

🎯 Next Steps:

⚠️ Pehle suggestions address karo, phir approve karna.

Generated by Review Buddy | Tone: roast | Language: hinglish