From 6d66fff1bd04f028c189a628e4d528c72fbe7e86 Mon Sep 17 00:00:00 2001 From: Max Mayfield Date: Sun, 1 Mar 2026 03:14:11 +0000 Subject: [PATCH] Add root README with architecture diagram, .env.example for all products --- products/.env.example | 37 +++++++++++++++++ products/README.md | 94 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 131 insertions(+) create mode 100644 products/.env.example create mode 100644 products/README.md diff --git a/products/.env.example b/products/.env.example new file mode 100644 index 0000000..04b9e00 --- /dev/null +++ b/products/.env.example @@ -0,0 +1,37 @@ +# dd0c Environment Variables +# Copy to .env and fill in your values + +# --- Shared --- +DATABASE_URL=postgresql://dd0c:dd0c-dev@localhost:5432/dd0c_alert +REDIS_URL=redis://localhost:6379 +JWT_SECRET=change-me-to-a-real-secret-at-least-32-chars +CORS_ORIGIN=* +LOG_LEVEL=info +PORT=3000 + +# --- P1: route --- +# OPENAI_API_KEY=sk-... +# ANTHROPIC_API_KEY=sk-ant-... + +# --- P3: alert --- +# DATADOG_WEBHOOK_SECRET=... +# PAGERDUTY_WEBHOOK_SECRET=... +# OPSGENIE_WEBHOOK_SECRET=... + +# --- P4: portal --- +# MEILI_URL=http://localhost:7700 +# MEILI_KEY=... +# GITHUB_TOKEN=ghp_... + +# --- P5: cost --- +# AWS_ACCESS_KEY_ID=... +# AWS_SECRET_ACCESS_KEY=... +# ANOMALY_THRESHOLD=50 + +# --- P6: run --- +# SLACK_BOT_TOKEN=xoxb-... +# SLACK_SIGNING_SECRET=... + +# --- Notifications (shared) --- +# SLACK_WEBHOOK_URL=https://hooks.slack.com/services/... +# RESEND_API_KEY=re_... diff --git a/products/README.md b/products/README.md new file mode 100644 index 0000000..7a083fd --- /dev/null +++ b/products/README.md @@ -0,0 +1,94 @@ +# dd0c — DevOps Developer Tools + +Six products. One platform. Built for teams that ship. + +## Products + +| Product | Port | Description | Stack | +|---------|------|-------------|-------| +| [route](products/01-llm-cost-router/) | 3001 | LLM Cost Router & Dashboard | Rust (proxy + API), React | +| [drift](products/02-iac-drift-detection/) | 3002 | IaC Drift Detection | Go (agent), TypeScript/Fastify | +| [alert](products/03-alert-intelligence/) | 3003 | Alert Intelligence | TypeScript/Fastify | +| [portal](products/04-lightweight-idp/) | 3004 | Lightweight Service Catalog | TypeScript/Fastify, Meilisearch | +| [cost](products/05-aws-cost-anomaly/) | 3005 | AWS Cost Anomaly Detection | TypeScript/Fastify | +| [run](products/06-runbook-automation/) | 3006 | Runbook Automation | Rust (agent), TypeScript/Fastify | + +## Quick Start + +```bash +# 1. Start shared infra (Postgres, Redis, Meilisearch) +docker compose -f products/docker-compose.yml up -d postgres redis meilisearch + +# 2. Create databases and run migrations +./products/init-db.sh + +# 3. Start all services +docker compose -f products/docker-compose.yml up -d +``` + +## Architecture + +``` +┌─────────────┐ ┌─────────────┐ ┌─────────────┐ +│ Cloudflare │ │ Fly.io │ │ Fly.io │ +│ Pages │ │ (proxy) │ │ (APIs) │ +│ React UIs │ │ P1 route │ │ P3-P6 SaaS │ +└──────┬───────┘ └──────┬──────┘ └──────┬──────┘ + │ │ │ + └────────────┬────┘────────────────┘ + │ + ┌─────┴─────┐ + │ Neon PG │ ← RLS per tenant + │ + Upstash │ ← Redis cache + └────────────┘ +``` + +## Auth + +All products share the same auth pattern: +- **JWT** (Bearer token) for browser/API access +- **API Key** (`dd0c_` prefix + 32 hex) for agents/CLI +- **HMAC** for webhook endpoints (per-provider secrets) +- **RBAC**: owner > admin > member > viewer + +## Shared Patterns + +- **RLS tenant isolation**: `withTenant()` wrapper on every DB call +- **Zod config validation**: Environment variables validated at startup +- **Fastify**: All Node services use Fastify with cors + helmet +- **Pino**: Structured JSON logging everywhere +- **Gitea Actions CI**: Test + typecheck + lint on every push + +## Local Development + +Each product can run standalone: + +```bash +cd products/03-alert-intelligence +npm install +npm run dev # tsx watch mode +``` + +Or run the full stack via Docker Compose (see Quick Start). + +## Deployment + +**V1 Target**: Fly.io (~$5/mo total) +- Each product has a `fly.toml` with scale-to-zero +- Shared Neon Postgres (free tier) + Upstash Redis (free tier) +- Cloudflare Pages for React dashboards +- Caddy for self-hosted TLS (optional) + +**Scale Target**: AWS (ECS Fargate + RDS + ElastiCache) +- Same Docker images, only env vars change +- Migration path documented in each product's `INFRASTRUCTURE.md` + +## CI/CD + +All products use Gitea Actions with self-hosted runners: +- `.gitea/workflows/ci.yml` — test, typecheck, lint +- `.gitea/workflows/deploy.yml` — build + push to Fly.io (where applicable) + +## License + +Proprietary. © dd0c 2026.