4 Commits

Author	SHA1	Message	Date
Max Mayfield	81d03c1735	Fix tenant slug collision: append random hex suffix to prevent 23505 on duplicate tenant names	2026-03-01 22:36:21 +00:00
Max Mayfield	4146f1c4d0	Fix TypeScript compilation errors across P3-P6 ... - jwt.sign: explicit SignOptions cast for expiresIn (all 4 products) - ioredis: use named import { Redis } instead of default (P4, P6) - P4 catalog/service: fix import paths for aws-scanner and github-scanner - P4 discovery: pass pool to ScheduledDiscovery constructor - P6 agent-bridge: add explicit types for Redis message callback params - All 4 Node products now compile cleanly with tsc --noEmit	2026-03-01 06:06:31 +00:00
Max Mayfield	5ee869b9d8	Implement auth: login/signup (scrypt), API key generation, shared migration ... - Login: email + password lookup, scrypt verify, JWT token - Signup: create tenant + owner user in transaction, slug generation - API key: dd0c_ prefix, SHA-256 hash (not bcrypt — faster for API key lookups), prefix index - Scrypt over bcrypt: zero native deps, Node.js built-in crypto - Auth routes skip JWT middleware (login/signup are public) - 002_auth.sql: users + api_keys tables with RLS, copied to all products - Synced auth middleware to P3/P4/P5/P6	2026-03-01 03:19:18 +00:00
Max Mayfield	f2e0a32cc7	Wire auth middleware into all products, add docker-compose and init-db script ... - Auth middleware (JWT + API key + RBAC) copied into P3/P4/P5/P6 - All server entry points now register auth hooks + auth routes - Webhook and Slack endpoints skip JWT auth (use HMAC/signature) - docker-compose.yml: shared Postgres + Redis + Meilisearch, all 4 Node products as services - init-db.sh: creates per-product databases and runs migrations - P1 (Rust) and P2 (Go agent) run standalone, not in compose	2026-03-01 03:10:35 +00:00