@idealyst/cli 1.0.89 → 1.0.90

package/templates/workspace/docker/nginx/prod.conf

@@ -1,238 +0,0 @@
-events {
-    worker_connections 2048;
-    use epoll;
-    multi_accept on;
-}
-
-http {
-    include       /etc/nginx/mime.types;
-    default_type  application/octet-stream;
-
-    # Logging
-    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
-                    '$status $body_bytes_sent "$http_referer" '
-                    '"$http_user_agent" "$http_x_forwarded_for" '
-                    '$request_time $upstream_response_time';
-
-    access_log /var/log/nginx/access.log main;
-    error_log /var/log/nginx/error.log warn;
-
-    # Performance settings
-    sendfile on;
-    tcp_nopush on;
-    tcp_nodelay on;
-    keepalive_timeout 65;
-    keepalive_requests 100;
-    types_hash_max_size 2048;
-    server_tokens off;
-    client_max_body_size 50M;
-    client_body_buffer_size 128k;
-    client_header_buffer_size 3m;
-    large_client_header_buffers 4 256k;
-
-    # SSL Configuration
-    ssl_protocols TLSv1.2 TLSv1.3;
-    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384;
-    ssl_prefer_server_ciphers off;
-    ssl_session_cache shared:SSL:10m;
-    ssl_session_timeout 10m;
-
-    # Gzip compression
-    gzip on;
-    gzip_vary on;
-    gzip_min_length 1024;
-    gzip_comp_level 6;
-    gzip_proxied any;
-    gzip_types
-        application/atom+xml
-        application/geo+json
-        application/javascript
-        application/x-javascript
-        application/json
-        application/ld+json
-        application/manifest+json
-        application/rdf+xml
-        application/rss+xml
-        application/xhtml+xml
-        application/xml
-        font/eot
-        font/otf
-        font/ttf
-        image/svg+xml
-        text/css
-        text/javascript
-        text/plain
-        text/xml;
-
-    # Rate limiting zones
-    limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;
-    limit_req_zone $binary_remote_addr zone=web:10m rate=50r/s;
-    limit_req_zone $binary_remote_addr zone=login:10m rate=5r/m;
-
-    # Connection limiting
-    limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m;
-    limit_conn conn_limit_per_ip 20;
-
-    # Upstream servers with load balancing
-    upstream api_backend {
-        least_conn;
-        server {{PROJECT_NAME}}-api-1:3000 max_fails=3 fail_timeout=30s weight=1;
-        server {{PROJECT_NAME}}-api-2:3000 max_fails=3 fail_timeout=30s weight=1;
-        keepalive 32;
-    }
-
-    upstream web_backend {
-        least_conn;
-        server {{PROJECT_NAME}}-web-1:80 max_fails=3 fail_timeout=30s weight=1;
-        server {{PROJECT_NAME}}-web-2:80 max_fails=3 fail_timeout=30s weight=1;
-        keepalive 32;
-    }
-
-    # Cache zones
-    proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=api_cache:10m max_size=1g inactive=60m use_temp_path=off;
-    proxy_cache_path /var/cache/nginx/static levels=1:2 keys_zone=static_cache:10m max_size=1g inactive=24h use_temp_path=off;
-
-    # Redirect HTTP to HTTPS
-    server {
-        listen 80;
-        server_name {{DOMAIN_NAME}};
-        return 301 https://$server_name$request_uri;
-    }
-
-    # Main HTTPS server
-    server {
-        listen 443 ssl http2;
-        server_name {{DOMAIN_NAME}};
-
-        # SSL certificates
-        ssl_certificate /etc/nginx/ssl/cert.pem;
-        ssl_certificate_key /etc/nginx/ssl/key.pem;
-
-        # Security headers
-        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
-        add_header X-Frame-Options "SAMEORIGIN" always;
-        add_header X-Content-Type-Options "nosniff" always;
-        add_header X-XSS-Protection "1; mode=block" always;
-        add_header Referrer-Policy "strict-origin-when-cross-origin" always;
-        add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' wss:; frame-ancestors 'self';" always;
-
-        # API routes
-        location /api/ {
-            limit_req zone=api burst=20 nodelay;
-            
-            # Caching for GET requests
-            proxy_cache api_cache;
-            proxy_cache_valid 200 302 10m;
-            proxy_cache_valid 404 1m;
-            proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
-            proxy_cache_lock on;
-            proxy_cache_bypass $http_cache_control;
-            
-            proxy_pass http://api_backend/;
-            proxy_http_version 1.1;
-            proxy_set_header Upgrade $http_upgrade;
-            proxy_set_header Connection 'upgrade';
-            proxy_set_header Host $host;
-            proxy_set_header X-Real-IP $remote_addr;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-            proxy_set_header X-Forwarded-Proto $scheme;
-            proxy_cache_bypass $http_upgrade;
-            proxy_connect_timeout 30s;
-            proxy_send_timeout 30s;
-            proxy_read_timeout 30s;
-            proxy_buffering on;
-            proxy_buffer_size 4k;
-            proxy_buffers 8 4k;
-        }
-
-        # Health checks
-        location /api/health {
-            proxy_pass http://api_backend/health;
-            access_log off;
-            proxy_cache off;
-        }
-
-        # Authentication endpoints (stricter rate limiting)
-        location ~ ^/api/(auth|login|register|password) {
-            limit_req zone=login burst=5 nodelay;
-            
-            proxy_pass http://api_backend;
-            proxy_set_header Host $host;
-            proxy_set_header X-Real-IP $remote_addr;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-            proxy_set_header X-Forwarded-Proto $scheme;
-            proxy_cache off;
-        }
-
-        # Static assets with aggressive caching
-        location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|webp|woff|woff2|ttf|eot|pdf)$ {
-            limit_req zone=web burst=100 nodelay;
-            
-            proxy_cache static_cache;
-            proxy_cache_valid 200 1y;
-            proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
-            
-            proxy_pass http://web_backend;
-            expires 1y;
-            add_header Cache-Control "public, immutable";
-            add_header X-Content-Type-Options "nosniff";
-            
-            # CORS headers for fonts and assets
-            add_header Access-Control-Allow-Origin "*";
-            add_header Access-Control-Allow-Methods "GET, OPTIONS";
-            add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range";
-        }
-
-        # Web application with caching
-        location / {
-            limit_req zone=web burst=50 nodelay;
-            
-            # Short cache for HTML files
-            proxy_cache static_cache;
-            proxy_cache_valid 200 10m;
-            proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
-            proxy_cache_bypass $http_cache_control;
-            
-            proxy_pass http://web_backend;
-            proxy_http_version 1.1;
-            proxy_set_header Upgrade $http_upgrade;
-            proxy_set_header Connection 'upgrade';
-            proxy_set_header Host $host;
-            proxy_set_header X-Real-IP $remote_addr;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-            proxy_set_header X-Forwarded-Proto $scheme;
-            proxy_cache_bypass $http_upgrade;
-            
-            # Handle client-side routing
-            try_files $uri $uri/ @fallback;
-        }
-
-        # Fallback for client-side routing
-        location @fallback {
-            proxy_pass http://web_backend;
-            proxy_set_header Host $host;
-            proxy_set_header X-Real-IP $remote_addr;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-            proxy_set_header X-Forwarded-Proto $scheme;
-            proxy_cache off;
-        }
-
-        # Monitoring endpoint
-        location /nginx_status {
-            stub_status on;
-            access_log off;
-            allow 127.0.0.1;
-            allow 10.0.0.0/8;
-            allow 172.16.0.0/12;
-            allow 192.168.0.0/16;
-            deny all;
-        }
-
-        # Health check endpoint
-        location /health {
-            access_log off;
-            return 200 "healthy\n";
-            add_header Content-Type text/plain;
-        }
-    }
-}

package/templates/workspace/docker/nginx.conf

@@ -1,131 +0,0 @@
-events {
-    worker_connections 1024;
-}
-
-http {
-    include       /etc/nginx/mime.types;
-    default_type  application/octet-stream;
-
-    # Logging
-    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
-                    '$status $body_bytes_sent "$http_referer" '
-                    '"$http_user_agent" "$http_x_forwarded_for"';
-
-    access_log /var/log/nginx/access.log main;
-    error_log /var/log/nginx/error.log warn;
-
-    # Basic settings
-    sendfile on;
-    tcp_nopush on;
-    tcp_nodelay on;
-    keepalive_timeout 65;
-    types_hash_max_size 2048;
-    client_max_body_size 50M;
-
-    # Gzip compression
-    gzip on;
-    gzip_vary on;
-    gzip_min_length 10240;
-    gzip_proxied expired no-cache no-store private must-revalidate auth;
-    gzip_types
-        text/plain
-        text/css
-        text/xml
-        text/javascript
-        application/javascript
-        application/xml+rss
-        application/json;
-
-    # Rate limiting
-    limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;
-    limit_req_zone $binary_remote_addr zone=web:10m rate=30r/s;
-
-    # Upstream servers
-    upstream api_backend {
-        server api:3000 max_fails=3 fail_timeout=30s;
-    }
-
-    upstream web_backend {
-        server web:80 max_fails=3 fail_timeout=30s;
-    }
-
-    # Default server (development)
-    server {
-        listen 80 default_server;
-        server_name _;
-
-        # Security headers
-        add_header X-Frame-Options "SAMEORIGIN" always;
-        add_header X-Content-Type-Options "nosniff" always;
-        add_header X-XSS-Protection "1; mode=block" always;
-        add_header Referrer-Policy "strict-origin-when-cross-origin" always;
-
-        # API routes
-        location /api/ {
-            limit_req zone=api burst=20 nodelay;
-            
-            proxy_pass http://api_backend/;
-            proxy_http_version 1.1;
-            proxy_set_header Upgrade $http_upgrade;
-            proxy_set_header Connection 'upgrade';
-            proxy_set_header Host $host;
-            proxy_set_header X-Real-IP $remote_addr;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-            proxy_set_header X-Forwarded-Proto $scheme;
-            proxy_cache_bypass $http_upgrade;
-            proxy_connect_timeout 30s;
-            proxy_send_timeout 30s;
-            proxy_read_timeout 30s;
-        }
-
-        # Health check for API
-        location /api/health {
-            proxy_pass http://api_backend/health;
-            access_log off;
-        }
-
-        # Static assets with long cache
-        location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
-            limit_req zone=web burst=50 nodelay;
-            
-            proxy_pass http://web_backend;
-            expires 1y;
-            add_header Cache-Control "public, immutable";
-            add_header X-Content-Type-Options "nosniff";
-        }
-
-        # Web application
-        location / {
-            limit_req zone=web burst=30 nodelay;
-            
-            proxy_pass http://web_backend;
-            proxy_http_version 1.1;
-            proxy_set_header Upgrade $http_upgrade;
-            proxy_set_header Connection 'upgrade';
-            proxy_set_header Host $host;
-            proxy_set_header X-Real-IP $remote_addr;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-            proxy_set_header X-Forwarded-Proto $scheme;
-            proxy_cache_bypass $http_upgrade;
-            
-            # Handle client-side routing
-            try_files $uri $uri/ @fallback;
-        }
-
-        # Fallback for client-side routing
-        location @fallback {
-            proxy_pass http://web_backend;
-            proxy_set_header Host $host;
-            proxy_set_header X-Real-IP $remote_addr;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-            proxy_set_header X-Forwarded-Proto $scheme;
-        }
-
-        # Health check endpoint
-        location /health {
-            access_log off;
-            return 200 "healthy\n";
-            add_header Content-Type text/plain;
-        }
-    }
-}

package/templates/workspace/docker/postgres/init.sql

@@ -1,41 +0,0 @@
--- PostgreSQL initialization script for Idealyst
--- This script sets up the database with proper extensions and initial configurations
-
-\echo 'Creating database extensions...'
-
--- Enable UUID extension for generating UUIDs
-CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
-
--- Enable pgcrypto for password hashing
-CREATE EXTENSION IF NOT EXISTS "pgcrypto";
-
--- Enable ltree for hierarchical data
-CREATE EXTENSION IF NOT EXISTS "ltree";
-
--- Enable pg_trgm for text search
-CREATE EXTENSION IF NOT EXISTS "pg_trgm";
-
--- Enable unaccent for text normalization
-CREATE EXTENSION IF NOT EXISTS "unaccent";
-
-\echo 'Database extensions created successfully!'
-
--- Create development and test databases if they don't exist
-SELECT 'CREATE DATABASE idealyst_dev'
-WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'idealyst_dev')\gexec
-
-SELECT 'CREATE DATABASE idealyst_test'
-WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'idealyst_test')\gexec
-
-\echo 'Development and test databases created!'
-
--- Set up basic configuration
-ALTER SYSTEM SET shared_preload_libraries = 'pg_stat_statements';
-ALTER SYSTEM SET log_statement = 'all';
-ALTER SYSTEM SET log_min_duration_statement = 1000;
-ALTER SYSTEM SET max_connections = 200;
-
--- Reload configuration
-SELECT pg_reload_conf();
-
-\echo 'PostgreSQL initialization complete!'

package/templates/workspace/docker/prometheus/prometheus.yml

@@ -1,52 +0,0 @@
-global:
-  scrape_interval: 15s
-  evaluation_interval: 15s
-
-rule_files:
-  # - "first_rules.yml"
-  # - "second_rules.yml"
-
-scrape_configs:
-  # Prometheus itself
-  - job_name: 'prometheus'
-    static_configs:
-      - targets: ['localhost:9090']
-
-  # API service
-  - job_name: 'api'
-    static_configs:
-      - targets: ['api:3000']
-    metrics_path: '/metrics'
-    scrape_interval: 30s
-
-  # Web service (if it has metrics endpoint)
-  - job_name: 'web'
-    static_configs:
-      - targets: ['web:80']
-    metrics_path: '/metrics'
-    scrape_interval: 30s
-
-  # PostgreSQL exporter (optional)
-  - job_name: 'postgres'
-    static_configs:
-      - targets: ['postgres_exporter:9187']
-    scrape_interval: 30s
-
-  # Redis exporter (optional)
-  - job_name: 'redis'
-    static_configs:
-      - targets: ['redis_exporter:9121']
-    scrape_interval: 30s
-
-  # Node exporter for system metrics (optional)
-  - job_name: 'node'
-    static_configs:
-      - targets: ['node_exporter:9100']
-    scrape_interval: 30s
-
-  # Nginx metrics
-  - job_name: 'nginx'
-    static_configs:
-      - targets: ['nginx:80']
-    metrics_path: '/nginx_status'
-    scrape_interval: 30s

package/templates/workspace/docker-compose.prod.yml

@@ -1,146 +0,0 @@
-version: '3.8'
-
-# Production overrides for docker-compose.yml
-# Usage: docker-compose -f docker-compose.yml -f docker-compose.prod.yml up
-
-services:
-  postgres:
-    environment:
-      POSTGRES_DB: ${POSTGRES_DB}
-      POSTGRES_USER: ${POSTGRES_USER}
-      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
-    volumes:
-      - postgres_prod_data:/var/lib/postgresql/data
-    deploy:
-      resources:
-        limits:
-          memory: 1G
-          cpus: '0.5'
-        reservations:
-          memory: 512M
-          cpus: '0.25'
-
-  redis:
-    volumes:
-      - redis_prod_data:/data
-    deploy:
-      resources:
-        limits:
-          memory: 256M
-          cpus: '0.25'
-        reservations:
-          memory: 128M
-          cpus: '0.1'
-
-  api:
-    environment:
-      NODE_ENV: production
-      LOG_LEVEL: info
-      RATE_LIMIT_WINDOW_MS: 900000
-      RATE_LIMIT_MAX_REQUESTS: 100
-    deploy:
-      replicas: 2
-      resources:
-        limits:
-          memory: 512M
-          cpus: '0.5'
-        reservations:
-          memory: 256M
-          cpus: '0.25'
-      restart_policy:
-        condition: on-failure
-        delay: 5s
-        max_attempts: 3
-        window: 120s
-
-  web:
-    deploy:
-      replicas: 2
-      resources:
-        limits:
-          memory: 128M
-          cpus: '0.25'
-        reservations:
-          memory: 64M
-          cpus: '0.1'
-      restart_policy:
-        condition: on-failure
-        delay: 5s
-        max_attempts: 3
-        window: 120s
-
-  # Load balancer for production
-  nginx:
-    image: nginx:alpine
-    container_name: ${PROJECT_NAME:-idealyst}-nginx
-    ports:
-      - "80:80"
-      - "443:443"
-    volumes:
-      - ./docker/nginx/prod.conf:/etc/nginx/nginx.conf:ro
-      - ./docker/nginx/ssl:/etc/nginx/ssl:ro
-      - ./logs/nginx:/var/log/nginx
-    depends_on:
-      - api
-      - web
-    restart: unless-stopped
-    deploy:
-      resources:
-        limits:
-          memory: 128M
-          cpus: '0.25'
-        reservations:
-          memory: 64M
-          cpus: '0.1'
-    networks:
-      - idealyst-network
-
-  # Monitoring with Prometheus (optional)
-  prometheus:
-    image: prom/prometheus:latest
-    container_name: ${PROJECT_NAME:-idealyst}-prometheus
-    ports:
-      - "9090:9090"
-    volumes:
-      - ./docker/prometheus/prometheus.yml:/etc/prometheus/prometheus.yml:ro
-      - prometheus_data:/prometheus
-    command:
-      - '--config.file=/etc/prometheus/prometheus.yml'
-      - '--storage.tsdb.path=/prometheus'
-      - '--web.console.libraries=/etc/prometheus/console_libraries'
-      - '--web.console.templates=/etc/prometheus/consoles'
-      - '--storage.tsdb.retention.time=200h'
-      - '--web.enable-lifecycle'
-    restart: unless-stopped
-    networks:
-      - idealyst-network
-    profiles:
-      - monitoring
-
-  # Log aggregation with Grafana (optional)
-  grafana:
-    image: grafana/grafana:latest
-    container_name: ${PROJECT_NAME:-idealyst}-grafana
-    ports:
-      - "3002:3000"
-    volumes:
-      - grafana_data:/var/lib/grafana
-      - ./docker/grafana/provisioning:/etc/grafana/provisioning
-    environment:
-      GF_SECURITY_ADMIN_PASSWORD: ${GRAFANA_PASSWORD:-admin}
-      GF_USERS_ALLOW_SIGN_UP: false
-    restart: unless-stopped
-    networks:
-      - idealyst-network
-    profiles:
-      - monitoring
-
-volumes:
-  postgres_prod_data:
-  redis_prod_data:
-  prometheus_data:
-  grafana_data:
-
-networks:
-  idealyst-network:
-    driver: bridge