Skip to content

🧠 3. Core Systems

This section details the custom logic that powers TaskNexus.

🤖 3.1 The AI Engine (src/lib/ai.ts)

The AI engine is designed for Resilience and Reliability. It does not rely on a single provider; instead, it uses a waterfall fallback mechanism.

Multi-Provider Strategy

  1. Primary: Google Gemini (gemini-2.0-flash). Fast and cost-effective.
  2. Fallback 1: Groq (llama-3.3-70b). Used if Gemini returns a 429 (Rate Limit) or 5xx error.
  3. Fallback 2: Mistral (mistral-tiny). Emergency backup.

Retry Logic

The generateWithRetry() function wraps all AI calls. - It attempts the request up to 3 times. - It uses Exponential Backoff (waits 2s, 4s, 8s) for rate limit errors. - If all retries fail, it switches to the next provider.

Key Capabilities

  • validateRequirement(title, description):
    • Analyzes text for: ILLEGAL, UNETHICAL, INSECURE, or VAGUE content.
    • Returns a JSON object with isValid boolean and rejection reasons.
  • generateJobsFromRequirement(...):
    • Decomposes a functional requirement into technical jobs (e.g., "Create API", "Design Database").
    • Estimates effort in hours.
  • analyzeWorkloadAndAssign(...):
    • Looks at all developers, their current load, and their skills.
    • Smartly assigns orphan jobs to the best fit.
  • generateSprintSummary(sprintId):
    • Analyzes completed vs. incomplete tasks when a Sprint ends.
    • Generates a concise report highlighting achievements and bottlenecks.

🔐 3.2 Authentication (src/lib/auth.ts)

TaskNexus uses a lightweight, custom cookie-based authentication system.

  • Name: tasknexus_session
  • Content: The userId (string).
  • Attributes:
    • HttpOnly: Cannot be accessed by client-side JS (prevents XSS theft).
    • SameSite=Lax: Protects against CSRF.
    • Secure: True in production (HTTPS only), False in dev.

Usage in Code

import { requireUser, getCurrentUser } from "@/lib/auth";

// inside a Server Component
const user = await getCurrentUser();

// inside a Server Action (Protected)
export async function createProject() {
    const user = await requireUser(); // Redirects to /login if null
    // ... logic
}

🚩 3.3 Violation & Suspension System (src/lib/violations.ts)

To ensure the platform is not used for generating malware or unethical software, we track "Strikes" against users.

The Strike System

When a user submits a requirement that the AI flags as ILLEGAL or UNETHICAL:

  1. Log Violation: Record the incident in ViolationLog table.
  2. Increment Counter: user.violationCount increases.
  3. Apply Penalty:
    • Count = 1: 24-Hour Suspension. User cannot submit new requirements.
    • Count = 2: 1-Week Suspension.
    • Count >= 3: Indefinite Ban. Requires Manual Admin Review to lift.

Middleware Check

Critical actions check isUserSuspended(userId). If true, the action aborts and returns an error message indicating the remaining suspension time.

Next: Database & Schema ➡️