dd0c/products/README.md

# dd0c — DevOps Developer Tools

Six products. One platform. Built for teams that ship.

## Products

| Product | Port | Description | Stack |
|---------|------|-------------|-------|
| [route](products/01-llm-cost-router/) | 3001 | LLM Cost Router & Dashboard | Rust (proxy + API), React |
| [drift](products/02-iac-drift-detection/) | 3002 | IaC Drift Detection | Go (agent), TypeScript/Fastify |
| [alert](products/03-alert-intelligence/) | 3003 | Alert Intelligence | TypeScript/Fastify |
| [portal](products/04-lightweight-idp/) | 3004 | Lightweight Service Catalog | TypeScript/Fastify, Meilisearch |
| [cost](products/05-aws-cost-anomaly/) | 3007 | AWS Cost Anomaly Detection | TypeScript/Fastify |
| [run](products/06-runbook-automation/) | 3006 | Runbook Automation | Rust (agent), TypeScript/Fastify |

## Quick Start

```bash
cd products/

# 1. Start shared infra (Postgres, Redis, Meilisearch, Registry)
docker compose up -d postgres redis meilisearch registry

# 2. Build and push all images to local registry
./build-push.sh

# 3. Pull and start all services
docker compose pull && docker compose up -d
```

## Continuous Deployment (NAS)

Replace the old `watch` command with the smart watch loop:

```bash
watch -n300 'cd ~/services/dd0c/products && ./watch-loop.sh'
```

It detects which products changed, rebuilds only those, pushes to `localhost:5000`, and redeploys.

### Manual rebuild (single service)

```bash
./build-push.sh drift    # Build + push just drift
docker compose pull drift && docker compose up -d drift
```

## Testing

```bash
# Smoke tests (health + auth + basic API)
./smoke-test.sh --base-url 192.168.86.11 --skip-rust

# Integration tests (CRUD flows, webhooks, executions, API keys)
./integration-test.sh
```

## Architecture

```
┌─────────────┐  ┌─────────────┐  ┌─────────────┐
│  Cloudflare  │  │   Fly.io    │  │   Fly.io    │
│    Pages     │  │   (proxy)   │  │   (APIs)    │
│  React UIs   │  │  P1 route   │  │  P3-P6 SaaS │
└──────┬───────┘  └──────┬──────┘  └──────┬──────┘
       │                 │                │
       └────────────┬────┘────────────────┘
                    │
              ┌─────┴─────┐
              │   Neon PG  │  ← RLS per tenant
              │  + Upstash │  ← Redis cache
              └────────────┘
```

## Auth

All products share the same auth pattern:
- **JWT** (Bearer token) for browser/API access
- **API Key** (`dd0c_` prefix + 32 hex) for agents/CLI
- **HMAC** for webhook endpoints (per-provider secrets)
- **RBAC**: owner > admin > member > viewer

## Shared Patterns

- **RLS tenant isolation**: `withTenant()` wrapper on every DB call
- **Zod config validation**: Environment variables validated at startup
- **Fastify**: All Node services use Fastify with cors + helmet
- **Pino**: Structured JSON logging everywhere
- **Gitea Actions CI**: Test + typecheck + lint on every push

## Local Development

Each product can run standalone:

```bash
cd products/03-alert-intelligence
npm install
npm run dev  # tsx watch mode
```

Or run the full stack via Docker Compose (see Quick Start).

## Deployment

**V1 Target**: Fly.io (~$5/mo total)
- Each product has a `fly.toml` with scale-to-zero
- Shared Neon Postgres (free tier) + Upstash Redis (free tier)
- Cloudflare Pages for React dashboards
- Caddy for self-hosted TLS (optional)

**Scale Target**: AWS (ECS Fargate + RDS + ElastiCache)
- Same Docker images, only env vars change
- Migration path documented in each product's `INFRASTRUCTURE.md`

## CI/CD

All products use Gitea Actions with self-hosted runners:
- `.gitea/workflows/ci.yml` — test, typecheck, lint
- `.gitea/workflows/deploy.yml` — build + push to Fly.io (where applicable)

## License

Proprietary. © dd0c 2026.
# 2026-03-01T06:42:42Z