BOL Integration Document

API specifications, external integrations, data formats, and deployment pipeline for the Beginning of Life simulator.

1. Integration Overview

1.1 Purpose

This document specifies every integration point in the BOL system: REST API endpoints, external service dependencies, data exchange formats, inter-module communication protocols, and the deployment pipeline. It serves as the definitive guide for integrating with, extending, or deploying BOL.

1.2 Integration Architecture

BOL follows a monolithic-with-clean-boundaries pattern. All components run in a single Python process, but communicate through well-defined interfaces:

Browser ↔ Server — REST API (JSON over HTTPS) + static asset serving.
Server ↔ Simulation — In-process Python calls with threading locks for concurrency safety.
Server ↔ Filesystem — JSON file I/O for profiles, projects, scenarios, training, and bugs.
Browser ↔ External CDNs — Chart.js, Three.js, Font Awesome loaded from CDN at runtime.
Browser ↔ Web Speech API — TTS for training lesson reader (browser-native, no external service).

2. REST API Specification

2.1 General Conventions

Base URL: https://bol.drel.us (production) or http://127.0.0.1:5000 (local)
Content-Type: All request/response bodies are application/json unless noted.
Authentication: Session cookie (session=...) set after POST /api/profile/login.
Error format: {"error": "Human-readable message"} with appropriate HTTP status code.
Rate limiting: Login endpoint is rate-limited to 10 requests per 5-minute window per IP.

2.2 Simulation Control Endpoints

Method	Endpoint	Auth	Request Body	Response
`POST`	`/api/start`	Optional	`{"scenario": "warm_little_pond", "steps": 500, "seed": 42, "project_id": "..."}`	`{"status": "started", "scenario": "...", "steps": 500}`
`POST`	`/api/stop`	No	None	`{"status": "stopped"}`
`POST`	`/api/pause`	No	None	`{"status": "paused"}` or `{"status": "resumed"}`
`GET`	`/api/state`	No	N/A	Current simulation state with molecule counts, complexity, fitness, etc.
`GET`	`/api/history`	No	N/A	Time series arrays for charting (molecules, complexity, diversity, fitness)
`GET`	`/api/events`	No	N/A	Recent event log entries (last 100)

2.3 Data Endpoints

Method	Endpoint	Description	Response Format
`GET`	`/api/scenarios`	List available scenarios	Array of scenario objects with name, description, config
`GET`	`/api/particles`	3D particle positions for viewers	`{"positions": [[x,y,z],...], "types": [...], "vesicle_ids": [...]}`
`GET`	`/api/molecules`	Molecule type catalogue	Array of molecule templates with mass, charge, hydrophobicity
`GET`	`/api/reactions`	Live reaction fire counts	`{"reactions": {"name": count}, "feed": [...]}`
`GET`	`/api/reaction_rules`	Reaction rule metadata	Array of rule objects with temp, pH, rate, ΔG
`GET`	`/api/lineage`	Protocell lineage tree	Tree structure with nodes, children, fitness values
`GET`	`/api/energy`	Energy depth profile	Arrays of thermal, redox, UV, lightning values per depth
`GET`	`/api/network`	Reaction network graph	`{"nodes": [...], "edges": [...]}`

2.4 AI Laboratory Endpoint

Method	Endpoint	Description
`POST`	`/api/ai/<module>/<action>`	Run one of 27 analysis functions. Module: prebiotic\|autocatalysis\|membrane\|replication\|metabolism\|selection\|environment\|synthesis. Returns structured JSON rendered by client-side visual components.

2.5 Project Management Endpoints

Method	Endpoint	Auth	Description
`GET`	`/api/projects`	Required	List projects owned by authenticated user
`POST`	`/api/projects`	Required	Create new project with name, description, config
`GET`	`/api/projects/<id>`	Required	Get project details (owner check enforced)
`PUT`	`/api/projects/<id>`	Required	Update project configuration
`DELETE`	`/api/projects/<id>`	Required	Delete project (owner check enforced)
`POST`	`/api/projects/<id>/run`	Required	Run simulation with project config, save results
`GET`	`/api/projects/<id>/download`	Required	Download project as JSON file
`POST`	`/api/projects/upload`	Required	Import project from JSON file upload
`GET`	`/api/projects/<id>/report`	Required	Generate and download PDF report

2.6 User Account Endpoints

Method	Endpoint	Auth	Description
`GET`	`/api/profile`	No	Current auth status and user info
`POST`	`/api/profile/register`	No	Register new account (username, password, display_name)
`POST`	`/api/profile/login`	No	Authenticate; sets session cookie. Rate-limited.
`POST`	`/api/profile/logout`	Required	End session and clear cookie
`POST`	`/api/profile/update`	Required	Update display name and bio
`POST`	`/api/profile/password`	Required	Change password (requires current password)
`GET`	`/api/users`	Admin	List all registered user profiles
`DELETE`	`/api/users/<username>`	Admin	Delete a user profile and their projects

2.7 Training & Bug Tracker Endpoints

Method	Endpoint	Description
`GET`	`/api/training/modules`	Full training curriculum (8 categories, 32 modules)
`GET`	`/api/training/progress`	User’s training progress
`POST`	`/api/training/progress`	Update lesson/quiz completion status
`GET/POST`	`/api/training/notes/<id>`	Get or save lesson notes
`POST`	`/api/training/quiz/<id>`	Submit quiz answers, receive graded results
`GET`	`/api/bugs`	List all bugs (filterable by status, severity)
`POST`	`/api/bugs`	Create a new bug report
`PATCH`	`/api/bugs/<id>`	Update bug fields (status, severity, etc.)
`DELETE`	`/api/bugs/<id>`	Delete a bug report
`POST`	`/api/bugs/<id>/test`	Run automated test for a specific bug
`POST`	`/api/bugs/test-all-open`	Run tests for all open bugs

3. External Dependencies

3.1 Python Packages

Package	Version	Purpose	Licence
Flask	≥3.0	Web framework, routing, templating, session management	BSD-3
NumPy	≥1.24	Vectorised array operations for simulation engine	BSD-3
SciPy	≥1.10	Statistical functions for metrics computation	BSD-3
Matplotlib	≥3.7	PNG chart generation for CLI mode	PSF
Vispy	≥0.14	GPU-accelerated 3D particle rendering (desktop mode)	BSD-3
Werkzeug	(Flask dep)	ProxyFix middleware for reverse proxy headers	BSD-3
Gunicorn	(production)	Production WSGI server with multi-worker support	MIT

3.2 Client-Side CDN Dependencies

Library	CDN	Purpose
Chart.js	cdn.jsdelivr.net	Dashboard charts (line, bar, pie)
Three.js	cdn.jsdelivr.net	WebGL 3D model viewer
Font Awesome 6	cdnjs.cloudflare.com	Icon library for UI
Google Fonts	fonts.googleapis.com	Web typography (optional)

3.3 Browser APIs

API	Usage	Fallback
Web Speech API	Text-to-speech for training lesson reader	Silent — TTS button hidden if unavailable
Service Worker	Offline caching of static assets (PWA)	Normal page loading without caching
Canvas 2D	Procedural microscope rendering	Not supported — microscope page requires Canvas
WebGL	Three.js 3D model viewer	Fallback message displayed if WebGL unavailable

4. Data Exchange Formats

4.1 Project JSON Schema

{
  "id": "username_timestamp_hex",
  "name": "Project Name",
  "owner": "username",
  "description": "...",
  "created": "2025-01-15T10:30:00",
  "updated": "2025-01-15T12:00:00",
  "config": {
    "initial_molecules": {"CO2": 50, "H2": 30, ...},
    "environment": {"temperature_min": 280, "temperature_max": 400, "ph_min": 5, "ph_max": 9, "pressure": 1},
    "energy_sources": {"thermal": true, "redox": true, "uv": false, "lightning": false},
    "reactions": {"reaction_radius": 2.5, "base_rate_constant": 0.008, "catalyst_multiplier": 50},
    "replication": {"error_rate": 0.02},
    "world_size": [20, 20, 20]
  },
  "runs": [
    {
      "timestamp": "2025-01-15T11:00:00",
      "steps": 500, "seed": 42,
      "results": {"complexity": 12.5, "total_molecules": 450, "vesicles": 3, "diversity": 0.82, "fitness": 0.15}
    }
  ]
}

4.2 Scenario JSON Schema

{
  "name": "Warm Little Pond",
  "description": "Wet-dry cycling in terrestrial hot springs...",
  "initial_molecules": {"CO2": 40, "H2O": 100, ...},
  "environment": {"temperature_min": 300, ...},
  "energy_sources": {"thermal": true, ...},
  "reactions": {"reaction_radius": 2.5, ...},
  "replication": {"error_rate": 0.05}
}

4.3 User Profile JSON Schema

{
  "username": "dave",
  "password_hash": "hex-encoded PBKDF2 hash",
  "salt": "hex-encoded 32-byte salt",
  "display_name": "Dave",
  "bio": "...",
  "role": "user",
  "created": "2025-01-15T10:00:00"
}

4.4 Metrics Export Formats

CSV — One row per simulation step with columns: step, total_molecules, vesicle_count, diversity_index, complexity_score, max_fitness. Exported to output/<scenario>/metrics.csv.
JSON — Final summary object with all metrics plus configuration. Exported to output/<scenario>/metrics.json.
PDF — Multi-page project report generated using stdlib-only PDF builder (no external dependencies).

5. Deployment Pipeline

5.1 Deployment Steps

Provision Server — setup_server.sh: Creates bol user, installs Python 3.12, Nginx, certbot; configures firewall (ufw allow 22,80,443).
Deploy Code — deploy_to_server.ps1: Rsync project to /opt/bol on server, create virtualenv, install requirements.
Configure Services — finish_setup.sh: Creates systemd unit (bol.service), generates secret key, configures Nginx virtual hosts, obtains SSL certificates.
Harden Headers — fix_nginx_headers.sh: Applies security headers (CSP, HSTS, X-Frame-Options, etc.) to Nginx config.
Verify — Check systemd status, test HTTPS endpoint, verify security headers with browser dev tools.

5.2 Environment Variables

Variable	Required	Description
`BOL_SECRET_KEY`	Production	Flask session signing key (auto-generated by deploy scripts)
`BOL_SECURE_COOKIES`	Production	Set to `1` to enable Secure flag on session cookies (HTTPS only)
`BOL_ADMIN_USERS`	Optional	Comma-separated list of admin usernames (e.g., `dave,admin`)

5.3 Infrastructure

Component	Specification
Cloud Provider	Google Cloud Platform (GCP)
Instance Type	e2-small (2 vCPU, 2 GB RAM)
OS	Ubuntu 24.04 LTS
Web Server	Nginx (reverse proxy, SSL termination, static files)
App Server	Gunicorn (3 workers, 120s timeout)
Process Manager	systemd (auto-restart on failure)
SSL	Let’s Encrypt with certbot auto-renewal
Domains	`drel.us` (landing), `bol.drel.us` (app)

6. Inter-Module Communication

6.1 Simulation Thread Model

The simulation runs in a background thread while Flask serves HTTP requests on the main thread. Communication uses shared Python objects with threading locks:

_sim_lock — Guards access to the Simulation instance, preventing concurrent reads during a step.
_project_lock — Guards access to project JSON files for atomic read/write operations.
_bug_lock — Guards access to the bug tracker JSON file.

6.2 Module Dependency Graph

config.py ──────────────────────────────────────────┐
    │                                                │
    ▼                                                │
world.py ───┬──► energy.py                          │
            │                                        │
            ├──► chemistry.py ──► Molecule           │
            │                                        │
            ├──► assembly.py ──► Vesicle, Micelle    │
            │                                        │
            └──► replication.py ──► RNA copying       │
                                                     │
simulation.py ◄── all core modules ◄─────────────────┘
    │
    ▼
metrics.py ──► CSV/JSON export
    │
    ▼
web/server.py ──► Flask routes + REST API
    │
    ▼
ai.py ──► 27 analysis functions

6.3 Data Flow: Browser to Simulation

User clicks “Start” on Dashboard → POST /api/start
Flask route creates Config + Simulation instance
Background thread starts calling sim._step() in a loop
Dashboard polls GET /api/state every 1s for live metrics
User clicks “Stop” → POST /api/stop sets a flag; thread exits cleanly