Odoo ERP ported to Go — complete backend + original OWL frontend

Full port of Odoo's ERP system from Python to Go, with the original
Odoo JavaScript frontend (OWL framework) running against the Go server.

Backend (10,691 LoC Go):
- Custom ORM: CRUD, domains→SQL with JOINs, computed fields, sequences
- 93 models across 14 modules (base, account, sale, stock, purchase, hr,
  project, crm, fleet, product, l10n_de, google_address/translate/calendar)
- Auth with bcrypt + session cookies
- Setup wizard (company, SKR03 chart, admin, demo data)
- Double-entry bookkeeping constraint
- Sale→Invoice workflow (confirm SO → generate invoice → post)
- SKR03 chart of accounts (110 accounts) + German taxes (USt/VSt)
- Record rules (multi-company filter)
- Google integrations as opt-in modules (Maps, Translate, Calendar)

Frontend:
- Odoo's original OWL webclient (503 JS modules, 378 XML templates)
- JS transpiled via Odoo's js_transpiler (ES modules → odoo.define)
- SCSS compiled to CSS (675KB) via dart-sass
- XML templates compiled to registerTemplate() JS calls
- Static file serving from Odoo source addons
- Login page, session management, menu navigation
- Contacts list view renders with real data from PostgreSQL

Infrastructure:
- 14MB single binary (CGO_ENABLED=0)
- Docker Compose (Go server + PostgreSQL 16)
- Zero phone-home (no outbound calls to odoo.com)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

pkg/tools/auth.go

@@ -0,0 +1,15 @@
+package tools
+
+import "golang.org/x/crypto/bcrypt"
+
+// HashPassword hashes a password using bcrypt.
+func HashPassword(password string) (string, error) {
+	bytes, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
+	return string(bytes), err
+}
+
+// CheckPassword verifies a password against a bcrypt hash.
+func CheckPassword(hashed, password string) bool {
+	err := bcrypt.CompareHashAndPassword([]byte(hashed), []byte(password))
+	return err == nil
+}

pkg/tools/config.go

@@ -0,0 +1,116 @@
+// Package tools provides configuration and utility functions.
+// Mirrors: odoo/tools/config.py
+package tools
+
+import (
+	"fmt"
+	"os"
+	"strconv"
+	"strings"
+)
+
+// Config holds the server configuration.
+// Mirrors: odoo/tools/config.py configmanager
+type Config struct {
+	// Database
+	DBHost     string
+	DBPort     int
+	DBUser     string
+	DBPassword string
+	DBName     string
+	DBSSLMode  string
+
+	// Server
+	HTTPInterface string
+	HTTPPort      int
+	Workers       int
+	DataDir       string
+
+	// Modules
+	AddonsPath     []string
+	OdooAddonsPath []string // Paths to Odoo source addon directories (for static files)
+	BuildDir       string   // Directory for compiled assets (SCSS→CSS)
+	WithoutDemo    bool
+
+	// Logging
+	LogLevel string
+
+	// Limits
+	LimitMemorySoft int64
+	LimitTimeReal   int
+}
+
+// DefaultConfig returns a configuration with default values.
+// Mirrors: odoo/tools/config.py _default_options
+func DefaultConfig() *Config {
+	return &Config{
+		DBHost:        "localhost",
+		DBPort:        5432,
+		DBUser:        "odoo",
+		DBPassword:    "odoo",
+		DBName:        "odoo",
+		DBSSLMode:     "disable",
+		HTTPInterface: "0.0.0.0",
+		HTTPPort:      8069,
+		Workers:       0,
+		DataDir:       "/var/lib/odoo",
+		LogLevel:      "info",
+	}
+}
+
+// LoadFromEnv overrides config values from environment variables.
+// Mirrors: odoo/tools/config.py _env_options (ODOO_* prefix)
+func (c *Config) LoadFromEnv() {
+	if v := os.Getenv("ODOO_DB_HOST"); v != "" {
+		c.DBHost = v
+	}
+	// Also support Docker-style env vars (HOST, USER, PASSWORD)
+	if v := os.Getenv("HOST"); v != "" {
+		c.DBHost = v
+	}
+	if v := os.Getenv("ODOO_DB_PORT"); v != "" {
+		if port, err := strconv.Atoi(v); err == nil {
+			c.DBPort = port
+		}
+	}
+	if v := os.Getenv("ODOO_DB_USER"); v != "" {
+		c.DBUser = v
+	}
+	if v := os.Getenv("USER"); v != "" && os.Getenv("ODOO_DB_USER") == "" {
+		c.DBUser = v
+	}
+	if v := os.Getenv("ODOO_DB_PASSWORD"); v != "" {
+		c.DBPassword = v
+	}
+	if v := os.Getenv("PASSWORD"); v != "" && os.Getenv("ODOO_DB_PASSWORD") == "" {
+		c.DBPassword = v
+	}
+	if v := os.Getenv("ODOO_DB_NAME"); v != "" {
+		c.DBName = v
+	}
+	if v := os.Getenv("ODOO_HTTP_PORT"); v != "" {
+		if port, err := strconv.Atoi(v); err == nil {
+			c.HTTPPort = port
+		}
+	}
+	if v := os.Getenv("ODOO_DATA_DIR"); v != "" {
+		c.DataDir = v
+	}
+	if v := os.Getenv("ODOO_LOG_LEVEL"); v != "" {
+		c.LogLevel = v
+	}
+	if v := os.Getenv("ODOO_ADDONS_PATH"); v != "" {
+		c.OdooAddonsPath = strings.Split(v, ",")
+	}
+	if v := os.Getenv("ODOO_BUILD_DIR"); v != "" {
+		c.BuildDir = v
+	}
+}
+
+// DSN returns the PostgreSQL connection string.
+func (c *Config) DSN() string {
+	return fmt.Sprintf(
+		"postgres://%s:%s@%s:%d/%s?sslmode=%s",
+		c.DBUser, c.DBPassword, c.DBHost, c.DBPort, c.DBName, c.DBSSLMode,
+	)
+}

pkg/tools/httpclient.go

@@ -0,0 +1,120 @@
+// Package tools provides a shared HTTP client for external API calls.
+package tools
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+)
+
+// APIClient is a reusable HTTP client for external APIs.
+// All outbound calls go through this — no hidden network access.
+type APIClient struct {
+	client  *http.Client
+	baseURL string
+	apiKey  string
+}
+
+// NewAPIClient creates a client for an external API.
+func NewAPIClient(baseURL, apiKey string) *APIClient {
+	return &APIClient{
+		client: &http.Client{
+			Timeout: 10 * time.Second,
+		},
+		baseURL: strings.TrimRight(baseURL, "/"),
+		apiKey:  apiKey,
+	}
+}
+
+// Get performs a GET request with query parameters.
+func (c *APIClient) Get(path string, params map[string]string) ([]byte, error) {
+	u, err := url.Parse(c.baseURL + path)
+	if err != nil {
+		return nil, err
+	}
+
+	q := u.Query()
+	for k, v := range params {
+		q.Set(k, v)
+	}
+	if c.apiKey != "" {
+		q.Set("key", c.apiKey)
+	}
+	u.RawQuery = q.Encode()
+
+	resp, err := c.client.Get(u.String())
+	if err != nil {
+		return nil, fmt.Errorf("api: GET %s: %w", path, err)
+	}
+	defer resp.Body.Close()
+
+	body, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return nil, err
+	}
+
+	if resp.StatusCode != http.StatusOK {
+		return nil, fmt.Errorf("api: GET %s returned %d: %s", path, resp.StatusCode, string(body[:min(200, len(body))]))
+	}
+
+	return body, nil
+}
+
+// GetJSON performs a GET and decodes the response as JSON.
+func (c *APIClient) GetJSON(path string, params map[string]string, result interface{}) error {
+	body, err := c.Get(path, params)
+	if err != nil {
+		return err
+	}
+	return json.Unmarshal(body, result)
+}
+
+// PostJSON performs a POST with JSON body and decodes the response.
+func (c *APIClient) PostJSON(path string, params map[string]string, reqBody, result interface{}) error {
+	u, err := url.Parse(c.baseURL + path)
+	if err != nil {
+		return err
+	}
+
+	q := u.Query()
+	for k, v := range params {
+		q.Set(k, v)
+	}
+	if c.apiKey != "" {
+		q.Set("key", c.apiKey)
+	}
+	u.RawQuery = q.Encode()
+
+	bodyBytes, err := json.Marshal(reqBody)
+	if err != nil {
+		return err
+	}
+
+	resp, err := c.client.Post(u.String(), "application/json", strings.NewReader(string(bodyBytes)))
+	if err != nil {
+		return fmt.Errorf("api: POST %s: %w", path, err)
+	}
+	defer resp.Body.Close()
+
+	respBody, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return err
+	}
+
+	if resp.StatusCode != http.StatusOK {
+		return fmt.Errorf("api: POST %s returned %d: %s", path, resp.StatusCode, string(respBody[:min(200, len(respBody))]))
+	}
+
+	return json.Unmarshal(respBody, result)
+}
+
+func min(a, b int) int {
+	if a < b {
+		return a
+	}
+	return b
+}