jarvis/dd0c
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
145 Commits 1 Branch 0 Tags
f133ca8ff68609428c89fbf8db1b31b172ece78c
Commit Graph

5 Commits

Author SHA1 Message Date
Max Mayfield
0bf91e07eb Fix console nginx: use variable upstreams for resilient DNS resolution 
nginx crashes at startup if upstream hosts aren't resolvable yet.
Using 'set $upstream' + Docker's internal resolver (127.0.0.11)
defers DNS resolution to request time, so console starts even if
backends are still booting.
 2026-03-03 00:52:00 +00:00
Max Mayfield
322a8d6a91 Console nginx reverse proxy: route API calls to backend services 
Console on :3010 now proxies all /api/v1/* requests to the correct
backend service via Docker Compose service names (drift, alert, portal,
cost, run). No CORS issues, no client-side port config needed.
 2026-03-03 00:37:40 +00:00
Max Mayfield
5a1e287ab6 Add console + marketing site to Docker Compose and build-push 
- Console: nginx SPA on port 3010, image reg.dd0c.net/dd0c-console
- Marketing: nginx static on port 3011, image reg.dd0c.net/dd0c-marketing
- Dockerfiles + .dockerignore for both
- build-push.sh updated to include console + marketing targets
 2026-03-03 00:36:48 +00:00
Max Mayfield
eb953cdea5 Security hardening: auth encapsulation, pool restriction, rate limiting, invites, async webhooks
Some checks failed
CI — P2 Drift (Go + Node) / agent (push) Successful in 43s
Details
CI — P2 Drift (Go + Node) / saas (push) Failing after 5s
Details
CI — P3 Alert / test (push) Failing after 4s
Details
CI — P4 Portal / test (push) Failing after 4s
Details
CI — P5 Cost / test (push) Failing after 4s
Details
CI — P6 Run / saas (push) Failing after 5s
Details
CI — P2 Drift (Go + Node) / build-push (push) Failing after 7s
Details
CI — P3 Alert / build-push (push) Has been skipped
Details
CI — P4 Portal / build-push (push) Has been skipped
Details
CI — P5 Cost / build-push (push) Has been skipped
Details
CI — P6 Run / build-push (push) Failing after 5s
Details 
Phase 1 (Security Critical):
- Auth plugin encapsulation: replaced global addHook with Fastify plugin scope
- Removed startsWith URL matching; public routes registered outside auth scope
- JWT verify now enforces algorithms: ['HS256'] (prevents algorithm confusion)
- Raw pool no longer exported from db.ts; systemQuery() + getPoolForAuth() instead
- withTenant() remains primary tenant-scoped query path

Phase 2 (Infrastructure):
- docker-compose.yml: all secrets via env var substitution (${VAR:-default})
- Per-service Postgres users (dd0c_drift, dd0c_alert, etc.) in docker-init-db.sh
- .env.example with all configurable secrets
- build-push.sh uses $REGISTRY_PASSWORD instead of hardcoded
- .gitignore excludes .env files
- @fastify/rate-limit: 100 req/min global, 5/min login, 3/min signup
- CORS_ORIGIN default changed from '*' to 'http://localhost:5173'

Phase 3 (Product):
- Team invite flow: tenant_invites table, POST /invite, GET /invites, DELETE /invites/:id
- Signup accepts optional invite_token to join existing tenant
- Async webhook ingestion (P3): LPUSH to Redis, BRPOP worker, dead-letter queue

Console:
- All 5 product modules wired: drift, alert, portal, cost, run
- PageHeader accepts children prop
- 71 modules, 70KB gzipped production build

All 6 projects compile clean (tsc --noEmit).
 2026-03-02 23:53:55 +00:00
Max Mayfield
dac6376fb2 Add dd0c Console — modular React dashboard with drift module 
- Vite + React + TypeScript + Tailwind CSS
- Shell: auth provider, entitlement gate, dynamic sidebar
- Shared components: Button, Card, Table, Badge, Modal, EmptyState, PageHeader
- Drift module: dashboard, detail view, report viewer
- Module manifest pattern for pluggable product UIs
- Dockerfile: multi-stage node:22-slim → nginx:alpine
- 189KB JS + 17KB CSS (65KB gzipped)
 2026-03-02 20:30:33 +00:00