products/06-runbook-automation/saas/src/index.ts

import Fastify from 'fastify';
import cors from '@fastify/cors';
import helmet from '@fastify/helmet';
import pino from 'pino';
import { config } from './config/index.js';
import { pool } from './data/db.js';
import { registerAuth, registerAuthRoutes } from './auth/middleware.js';
import { registerRunbookRoutes } from './api/runbooks.js';
import { registerApprovalRoutes } from './api/approvals.js';
import { registerSlackRoutes } from './slackbot/handler.js';

const logger = pino({ name: 'dd0c-run', level: config.LOG_LEVEL });

const app = Fastify({ logger: true });

await app.register(cors, { origin: config.CORS_ORIGIN });
await app.register(helmet);

registerAuth(app, config.JWT_SECRET, pool);

app.get('/health', async () => ({ status: 'ok', service: 'dd0c-run' }));
app.get('/version', async () => ({ version: process.env.BUILD_SHA || 'dev', built: process.env.BUILD_TIME || 'unknown' }));

registerAuthRoutes(app, config.JWT_SECRET, pool);
registerRunbookRoutes(app);
registerApprovalRoutes(app);
registerSlackRoutes(app);

try {
  await app.listen({ port: config.PORT, host: '0.0.0.0' });
  logger.info({ port: config.PORT }, 'dd0c/run SaaS started');
} catch (err) {
  logger.fatal(err, 'Failed to start');
  process.exit(1);
}
// Build: 2026-03-01T06:43:58Z
// CI: 2026-03-01T06:52:14Z
// CI fix: 06:56
Scaffold dd0c/run: Rust agent (classifier, executor, audit) + TypeScript SaaS - Rust agent: clap CLI, command classifier (read-only/modifying/destructive), executor with approval gates, audit log entries - Classifier: pattern-based safety classification for shell, AWS, kubectl, terraform/tofu commands - 6 Rust tests: read-only, destructive, modifying, empty, terraform apply, tofu destroy - SaaS backend: Fastify server, runbook CRUD API, approval API, Slack interactive handler - Slack integration: signature verification, block_actions for approve/reject buttons - PostgreSQL schema with RLS: runbooks, executions, audit_entries (append-only), agents - Dual Dockerfiles: Rust multi-stage (agent), Node multi-stage (SaaS) - Gitea Actions CI: Rust test+clippy, Node typecheck+test - Fly.io config for SaaS 2026-03-01 03:03:29 +00:00			`import Fastify from 'fastify';`
			`import cors from '@fastify/cors';`
			`import helmet from '@fastify/helmet';`
			`import pino from 'pino';`
			`import { config } from './config/index.js';`
Wire auth middleware into all products, add docker-compose and init-db script - Auth middleware (JWT + API key + RBAC) copied into P3/P4/P5/P6 - All server entry points now register auth hooks + auth routes - Webhook and Slack endpoints skip JWT auth (use HMAC/signature) - docker-compose.yml: shared Postgres + Redis + Meilisearch, all 4 Node products as services - init-db.sh: creates per-product databases and runs migrations - P1 (Rust) and P2 (Go agent) run standalone, not in compose 2026-03-01 03:10:35 +00:00			`import { pool } from './data/db.js';`
			`import { registerAuth, registerAuthRoutes } from './auth/middleware.js';`
Scaffold dd0c/run: Rust agent (classifier, executor, audit) + TypeScript SaaS - Rust agent: clap CLI, command classifier (read-only/modifying/destructive), executor with approval gates, audit log entries - Classifier: pattern-based safety classification for shell, AWS, kubectl, terraform/tofu commands - 6 Rust tests: read-only, destructive, modifying, empty, terraform apply, tofu destroy - SaaS backend: Fastify server, runbook CRUD API, approval API, Slack interactive handler - Slack integration: signature verification, block_actions for approve/reject buttons - PostgreSQL schema with RLS: runbooks, executions, audit_entries (append-only), agents - Dual Dockerfiles: Rust multi-stage (agent), Node multi-stage (SaaS) - Gitea Actions CI: Rust test+clippy, Node typecheck+test - Fly.io config for SaaS 2026-03-01 03:03:29 +00:00			`import { registerRunbookRoutes } from './api/runbooks.js';`
			`import { registerApprovalRoutes } from './api/approvals.js';`
			`import { registerSlackRoutes } from './slackbot/handler.js';`

			`const logger = pino({ name: 'dd0c-run', level: config.LOG_LEVEL });`

			`const app = Fastify({ logger: true });`

			`await app.register(cors, { origin: config.CORS_ORIGIN });`
			`await app.register(helmet);`

Wire auth middleware into all products, add docker-compose and init-db script - Auth middleware (JWT + API key + RBAC) copied into P3/P4/P5/P6 - All server entry points now register auth hooks + auth routes - Webhook and Slack endpoints skip JWT auth (use HMAC/signature) - docker-compose.yml: shared Postgres + Redis + Meilisearch, all 4 Node products as services - init-db.sh: creates per-product databases and runs migrations - P1 (Rust) and P2 (Go agent) run standalone, not in compose 2026-03-01 03:10:35 +00:00			`registerAuth(app, config.JWT_SECRET, pool);`

Scaffold dd0c/run: Rust agent (classifier, executor, audit) + TypeScript SaaS - Rust agent: clap CLI, command classifier (read-only/modifying/destructive), executor with approval gates, audit log entries - Classifier: pattern-based safety classification for shell, AWS, kubectl, terraform/tofu commands - 6 Rust tests: read-only, destructive, modifying, empty, terraform apply, tofu destroy - SaaS backend: Fastify server, runbook CRUD API, approval API, Slack interactive handler - Slack integration: signature verification, block_actions for approve/reject buttons - PostgreSQL schema with RLS: runbooks, executions, audit_entries (append-only), agents - Dual Dockerfiles: Rust multi-stage (agent), Node multi-stage (SaaS) - Gitea Actions CI: Rust test+clippy, Node typecheck+test - Fly.io config for SaaS 2026-03-01 03:03:29 +00:00			`app.get('/health', async () => ({ status: 'ok', service: 'dd0c-run' }));`
Add /version endpoint to all products + BUILD_SHA/BUILD_TIME in Dockerfiles 2026-03-02 13:53:15 +00:00			`app.get('/version', async () => ({ version: process.env.BUILD_SHA \|\| 'dev', built: process.env.BUILD_TIME \|\| 'unknown' }));`
Scaffold dd0c/run: Rust agent (classifier, executor, audit) + TypeScript SaaS - Rust agent: clap CLI, command classifier (read-only/modifying/destructive), executor with approval gates, audit log entries - Classifier: pattern-based safety classification for shell, AWS, kubectl, terraform/tofu commands - 6 Rust tests: read-only, destructive, modifying, empty, terraform apply, tofu destroy - SaaS backend: Fastify server, runbook CRUD API, approval API, Slack interactive handler - Slack integration: signature verification, block_actions for approve/reject buttons - PostgreSQL schema with RLS: runbooks, executions, audit_entries (append-only), agents - Dual Dockerfiles: Rust multi-stage (agent), Node multi-stage (SaaS) - Gitea Actions CI: Rust test+clippy, Node typecheck+test - Fly.io config for SaaS 2026-03-01 03:03:29 +00:00
Wire auth middleware into all products, add docker-compose and init-db script - Auth middleware (JWT + API key + RBAC) copied into P3/P4/P5/P6 - All server entry points now register auth hooks + auth routes - Webhook and Slack endpoints skip JWT auth (use HMAC/signature) - docker-compose.yml: shared Postgres + Redis + Meilisearch, all 4 Node products as services - init-db.sh: creates per-product databases and runs migrations - P1 (Rust) and P2 (Go agent) run standalone, not in compose 2026-03-01 03:10:35 +00:00			`registerAuthRoutes(app, config.JWT_SECRET, pool);`
Scaffold dd0c/run: Rust agent (classifier, executor, audit) + TypeScript SaaS - Rust agent: clap CLI, command classifier (read-only/modifying/destructive), executor with approval gates, audit log entries - Classifier: pattern-based safety classification for shell, AWS, kubectl, terraform/tofu commands - 6 Rust tests: read-only, destructive, modifying, empty, terraform apply, tofu destroy - SaaS backend: Fastify server, runbook CRUD API, approval API, Slack interactive handler - Slack integration: signature verification, block_actions for approve/reject buttons - PostgreSQL schema with RLS: runbooks, executions, audit_entries (append-only), agents - Dual Dockerfiles: Rust multi-stage (agent), Node multi-stage (SaaS) - Gitea Actions CI: Rust test+clippy, Node typecheck+test - Fly.io config for SaaS 2026-03-01 03:03:29 +00:00			`registerRunbookRoutes(app);`
			`registerApprovalRoutes(app);`
			`registerSlackRoutes(app);`

			`try {`
			`await app.listen({ port: config.PORT, host: '0.0.0.0' });`
			`logger.info({ port: config.PORT }, 'dd0c/run SaaS started');`
			`} catch (err) {`
			`logger.fatal(err, 'Failed to start');`
			`process.exit(1);`
			`}`
Trigger CI for P3-P6 Node products 2026-03-01 06:43:58 +00:00			`// Build: 2026-03-01T06:43:58Z`
Trigger CI for P2-SaaS, P4, P5, P6 2026-03-01 06:52:14 +00:00			`// CI: 2026-03-01T06:52:14Z`
Trigger CI with tsc fix 2026-03-01 06:56:00 +00:00			`// CI fix: 06:56`