Add GHCR image build/push and SSH-based server deployment workflow, production compose/env templates, and deployment script. Also fix frontend container healthcheck target and extend Docker CI with frontend health verification.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Replace curl with node http.get in Docker CI workflow
- curl not available in node:20-slim based containers
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Add placeholder service role key to frontend CI workflow build step
- Add build ARGs to Dockerfile for Supabase env vars
- Fixes: Next.js page data collection crash during build
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Add src/types/billing.ts with Payment, Coupon, CreditTransaction, Invoice types
- Cast all Supabase query results through 'unknown' for untyped billing tables
- All routes now build cleanly with strict TypeScript checking
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Security:
- Add CRON_SECRET auth to /api/cron/* endpoints
- Add admin role verification to /api/admin/* routes
- Add org membership check to /api/billing/usage
- Add security headers (HSTS, X-Frame-Options, CSP, etc.)
- Add env variable validation at startup
- Add rate limiting to backend API (30 req/min per IP)
Infrastructure:
- Multi-stage Dockerfiles with non-root user + healthchecks
- Updated cron workflow to pass CRON_SECRET header
- Updated .env.example with all optional vars
Smart subpage scanning:
- Crawler now computes template_hash (DOM structure without content)
- Scanner scans ALL unique-layout pages, not just main page
- Pages with same layout (e.g. product pages) scanned only once
- Deduplication by template_hash, fallback to content_hash
- Main page always scanned with high priority
- Re-checks subscription limits before each page scan
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Dennis