ante-erp-cli 1.8.5 → 1.9.1

package/CHANGELOG.md

@@ -7,6 +7,26 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [1.10.0] - 2025-11-04
+
+### Added
+- **Facial-web frontend app detection and installation** in `ante update` command
+  - Automatic detection of missing facial-web service during updates
+  - Interactive prompt to install facial-web when detected as missing
+  - Facial-web Docker image support: `ghcr.io/gtplusnet/ante-self-hosted-frontend-facial-web`
+  - Port 8083 default configuration for facial-web service
+  - Health checks for facial-web service after installation
+  - Automatic docker-compose.yml update to include facial-web service
+  - Environment variable configuration (FACIAL_WEB_PORT, FACIAL_WEB_URL)
+
+### Fixed
+- **CLI version auto-bumping in GitHub Actions workflow**
+  - Added automatic version bumping when CLI changes are pushed to main
+  - Support for commit message flags: `[cli:minor]`, `[cli:major]`
+  - Defaults to patch version bump when no flag is specified
+  - Auto-commits version bump with `[skip ci]` to prevent infinite loops
+  - Enhanced Telegram notifications to show bump type when version is auto-bumped
+
 ## [1.8.1] - 2025-11-01
 
 ### Fixed

package/bin/ante-cli.js

@@ -34,6 +34,7 @@ import { migrate, seed, shell, optimize, reset as dbReset, info } from '../src/c
 import { cloneDb } from '../src/commands/clone-db.js';
 import { setDomain } from '../src/commands/set-domain.js';
 import { sslEnable, sslStatus } from '../src/commands/ssl-enable.js';
+import { regenerateCompose } from '../src/commands/regenerate-compose.js';
 
 // Installation & Setup
 program
@@ -218,6 +219,11 @@ program
   .option('--no-interactive', 'Non-interactive mode')
   .action(setDomain);
 
+program
+  .command('regenerate-compose')
+  .description('Regenerate docker-compose.yml with correct configuration')
+  .action(regenerateCompose);
+
 // SSL/HTTPS Management
 const sslCmd = program
   .command('ssl')

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ante-erp-cli",
-  "version": "1.8.5",
+  "version": "1.9.1",
   "description": "Comprehensive CLI tool for managing ANTE ERP self-hosted installations",
   "type": "module",
   "bin": {

package/src/commands/install.js

@@ -115,6 +115,7 @@ function showSuccess(installDir, credentials, config) {
   const apiUrl = config.apiDomain || 'http://localhost:3001';
   const gateAppUrl = config.gateAppDomain || 'http://localhost:8081';
   const guardianAppUrl = config.guardianAppDomain || 'http://localhost:8082';
+  const facialWebUrl = config.facialAppDomain || 'http://localhost:8083';
 
   let accessInfo = chalk.white('Access Information:') + '\n' +
     chalk.gray('━'.repeat(40)) + '\n' +
@@ -128,6 +129,10 @@ function showSuccess(installDir, credentials, config) {
     accessInfo += chalk.cyan('Guardian App:  ') + chalk.white(guardianAppUrl) + '\n';
   }
 
+  if (config.installFacial) {
+    accessInfo += chalk.cyan('Facial Web:    ') + chalk.white(facialWebUrl) + '\n';
+  }
+
   accessInfo += chalk.cyan('Backend:       ') + chalk.white(apiUrl) + '\n' +
     chalk.cyan('WebSocket:     ') + chalk.white(apiUrl) + '\n\n';
 
@@ -255,7 +260,8 @@ export async function install(options) {
           choices: [
             { name: 'Main Frontend (Required)', value: 'main', checked: true, disabled: true },
             { name: 'Gate App (School/Gate attendance)', value: 'gate', checked: false },
-            { name: 'Guardian App (Parent portal)', value: 'guardian', checked: false }
+            { name: 'Guardian App (Parent portal)', value: 'guardian', checked: false },
+            { name: 'Facial Web (Employee face recognition)', value: 'facial', checked: false }
           ],
           validate: (answer) => {
             if (answer.length < 1) {
@@ -269,7 +275,7 @@ export async function install(options) {
           name: 'companyId',
           message: 'Company ID (for multi-tenant apps):',
           default: 1,
-          when: (answers) => answers.frontends.includes('gate') || answers.frontends.includes('guardian'),
+          when: (answers) => answers.frontends.includes('gate') || answers.frontends.includes('guardian') || answers.frontends.includes('facial'),
           validate: (input) => {
             if (input < 1) return 'Company ID must be at least 1';
             return true;
@@ -356,26 +362,40 @@ export async function install(options) {
             if (input < 1 || input > 65535) return 'Port must be between 1 and 65535';
             return true;
           }
+        },
+        {
+          type: 'number',
+          name: 'facialWebPort',
+          message: 'Facial Web port:',
+          default: 8083,
+          when: (answers) => answers.networkType !== 'domain' && frontendConfig.frontends.includes('facial'),
+          validate: (input) => {
+            if (input < 1 || input > 65535) return 'Port must be between 1 and 65535';
+            return true;
+          }
         }
       ]);
 
       // Build URLs based on configuration
-      let frontendUrl, apiUrl, gateAppUrl, guardianAppUrl;
+      let frontendUrl, apiUrl, gateAppUrl, guardianAppUrl, facialWebUrl;
       const frontendPort = networkConfig.frontendPort || 8080;
       const apiPort = networkConfig.apiPort || 3001;
       const gateAppPort = networkConfig.gateAppPort || 8081;
       const guardianAppPort = networkConfig.guardianAppPort || 8082;
+      const facialWebPort = networkConfig.facialWebPort || 8083;
 
       if (networkConfig.networkType === 'localhost') {
         frontendUrl = buildURL('localhost', frontendPort);
         apiUrl = buildURL('localhost', apiPort);
         gateAppUrl = buildURL('localhost', gateAppPort);
         guardianAppUrl = buildURL('localhost', guardianAppPort);
+        facialWebUrl = buildURL('localhost', facialWebPort);
       } else if (networkConfig.networkType === 'ip') {
         frontendUrl = buildURL(networkConfig.publicIP, frontendPort);
         apiUrl = buildURL(networkConfig.publicIP, apiPort);
         gateAppUrl = buildURL(networkConfig.publicIP, gateAppPort);
         guardianAppUrl = buildURL(networkConfig.publicIP, guardianAppPort);
+        facialWebUrl = buildURL(networkConfig.publicIP, facialWebPort);
       } else {
         // Domain - use standard HTTP/HTTPS ports (NGINX will handle reverse proxy)
         const isHttps = await inquirer.prompt([{
@@ -403,6 +423,7 @@ export async function install(options) {
         apiUrl = `${protocol}://${apiSubdomain.subdomain}.${networkConfig.domainName}`;
         gateAppUrl = `${protocol}://gate.${networkConfig.domainName}`;
         guardianAppUrl = `${protocol}://guardian.${networkConfig.domainName}`;
+        facialWebUrl = `${protocol}://facial.${networkConfig.domainName}`;
       }
 
       config = {
@@ -412,12 +433,15 @@ export async function install(options) {
         apiDomain: apiUrl,
         gateAppDomain: gateAppUrl,
         guardianAppDomain: guardianAppUrl,
+        facialAppDomain: facialWebUrl,
         frontendPort,
         apiPort,
         gateAppPort,
         guardianAppPort,
+        facialWebPort,
         installGate: frontendConfig.frontends.includes('gate'),
-        installGuardian: frontendConfig.frontends.includes('guardian')
+        installGuardian: frontendConfig.frontends.includes('guardian'),
+        installFacial: frontendConfig.frontends.includes('facial')
       };
     } else {
       // Non-interactive mode - use options or defaults with IP detection
@@ -488,6 +512,9 @@ export async function install(options) {
     if (config.installGuardian) {
       console.log(chalk.cyan('  Guardian App:'), chalk.white(config.guardianAppDomain));
     }
+    if (config.installFacial) {
+      console.log(chalk.cyan('  Facial Web:'), chalk.white(config.facialAppDomain));
+    }
     console.log(chalk.cyan('  API:'), chalk.white(config.apiDomain));
     if (config.companyId) {
       console.log(chalk.cyan('  Company ID:'), chalk.white(config.companyId));
@@ -557,11 +584,14 @@ export async function install(options) {
             backendPort: config.apiPort || 3001,
             gateAppPort: config.gateAppPort || 8081,
             guardianAppPort: config.guardianAppPort || 8082,
+            facialWebPort: config.facialWebPort || 8083,
             gateAppUrl: config.gateAppDomain || 'http://localhost:8081',
             guardianAppUrl: config.guardianAppDomain || 'http://localhost:8082',
+            facialWebUrl: config.facialWebUrl || 'http://localhost:8083',
             companyId: config.companyId || 1,
             installGate: config.installGate || false,
-            installGuardian: config.installGuardian || false
+            installGuardian: config.installGuardian || false,
+            installFacial: config.installFacial || false
           });
           
           writeFileSync(join(config.installDir, 'docker-compose.yml'), dockerCompose);

package/src/commands/regenerate-compose.js

@@ -0,0 +1,141 @@
+import chalk from 'chalk';
+import { readFileSync, writeFileSync, renameSync, existsSync } from 'fs';
+import { join } from 'path';
+import { getInstallDir } from '../utils/config.js';
+import { generateDockerCompose } from '../templates/docker-compose.yml.js';
+
+/**
+ * Parse .env file to extract configuration
+ * @param {string} envPath - Path to .env file
+ * @returns {Object} Configuration object
+ */
+function parseEnvFile(envPath) {
+  const envContent = readFileSync(envPath, 'utf8');
+  const config = {};
+
+  envContent.split('\n').forEach(line => {
+    const match = line.match(/^([A-Z_]+)=(.*)$/);
+    if (match) {
+      config[match[1]] = match[2];
+    }
+  });
+
+  return config;
+}
+
+/**
+ * Detect which apps are installed from existing docker-compose.yml
+ * @param {string} composeFile - Path to docker-compose.yml
+ * @returns {Object} Installed apps
+ */
+function detectInstalledApps(composeFile) {
+  try {
+    const composeContent = readFileSync(composeFile, 'utf8');
+    return {
+      hasMain: composeContent.includes('frontend:') || composeContent.includes('container_name: ante-frontend'),
+      hasGateApp: composeContent.includes('gate-app:') || composeContent.includes('container_name: ante-gate-app'),
+      hasGuardianApp: composeContent.includes('guardian-app:') || composeContent.includes('container_name: ante-guardian-app')
+    };
+  } catch {
+    return { hasMain: true, hasGateApp: false, hasGuardianApp: false };
+  }
+}
+
+/**
+ * Regenerate docker-compose.yml with correct configuration
+ */
+export async function regenerateCompose() {
+  try {
+    console.log(chalk.bold('\n🔧 Regenerate docker-compose.yml\n'));
+
+    const installDir = getInstallDir();
+    const composeFile = join(installDir, 'docker-compose.yml');
+    const envFile = join(installDir, '.env');
+
+    console.log(chalk.gray(`Installation: ${installDir}\n`));
+
+    // Check if files exist
+    if (!existsSync(composeFile)) {
+      console.log(chalk.red('✗ docker-compose.yml not found'));
+      console.log(chalk.gray('  Run "ante install" first\n'));
+      process.exit(1);
+    }
+
+    if (!existsSync(envFile)) {
+      console.log(chalk.red('✗ .env file not found'));
+      console.log(chalk.gray('  Run "ante install" first\n'));
+      process.exit(1);
+    }
+
+    // Detect installed apps
+    const installed = detectInstalledApps(composeFile);
+    console.log(chalk.cyan('Detected Configuration:'));
+    console.log(chalk.gray(`  Frontend Main:  ${installed.hasMain ? '✓ Installed' : '✗ Not installed'}`));
+    console.log(chalk.gray(`  Gate App:       ${installed.hasGateApp ? '✓ Installed' : '✗ Not installed'}`));
+    console.log(chalk.gray(`  Guardian App:   ${installed.hasGuardianApp ? '✓ Installed' : '✗ Not installed'}\n`));
+
+    // Parse .env file
+    const envConfig = parseEnvFile(envFile);
+
+    // Extract port configuration
+    const frontendPort = parseInt(envConfig.FRONTEND_PORT) || 8080;
+    const backendPort = parseInt(envConfig.BACKEND_PORT) || 3001;
+    const gateAppPort = parseInt(envConfig.GATE_APP_PORT) || 8081;
+    const guardianAppPort = parseInt(envConfig.GUARDIAN_APP_PORT) || 8082;
+    const companyId = parseInt(envConfig.COMPANY_ID) || 1;
+
+    console.log(chalk.cyan('Port Configuration:'));
+    console.log(chalk.gray(`  Frontend:    ${frontendPort}`));
+    console.log(chalk.gray(`  Backend:     ${backendPort}`));
+    if (installed.hasGateApp) {
+      console.log(chalk.gray(`  Gate App:    ${gateAppPort}`));
+    }
+    if (installed.hasGuardianApp) {
+      console.log(chalk.gray(`  Guardian:    ${guardianAppPort}`));
+    }
+    console.log(chalk.gray(`  Company ID:  ${companyId}\n`));
+
+    // Backup existing docker-compose.yml
+    const timestamp = new Date().toISOString().split('.')[0].replace(/:/g, '-').replace('T', '_');
+    const backupFile = `${composeFile}.${timestamp}.bak`;
+
+    console.log(chalk.gray('📦 Creating backup...'));
+    renameSync(composeFile, backupFile);
+    console.log(chalk.green(`✓ Backup created: ${backupFile}\n`));
+
+    // Generate new docker-compose.yml
+    console.log(chalk.gray('⚙️  Generating new docker-compose.yml...'));
+    const newCompose = generateDockerCompose({
+      frontendPort,
+      backendPort,
+      gateAppPort,
+      guardianAppPort,
+      installMain: installed.hasMain,
+      installGate: installed.hasGateApp,
+      installGuardian: installed.hasGuardianApp,
+      companyId
+    });
+
+    // Write new docker-compose.yml
+    writeFileSync(composeFile, newCompose);
+    console.log(chalk.green('✓ New docker-compose.yml generated\n'));
+
+    // Show what changed
+    console.log(chalk.bold.green('✓ Configuration regenerated successfully!\n'));
+    console.log(chalk.cyan('Next Steps:'));
+    console.log(chalk.gray('  1. Review the changes: diff docker-compose.yml ' + backupFile.replace(installDir + '/', '')));
+    console.log(chalk.gray('  2. Restart services: ante restart'));
+    console.log(chalk.gray('  3. Check status: ante status\n'));
+
+    // Show important fixes
+    if (installed.hasGuardianApp) {
+      console.log(chalk.yellow('⚠  Important: Guardian App port mapping updated'));
+      console.log(chalk.gray(`   Old: ${guardianAppPort}:3000 (incorrect)`));
+      console.log(chalk.gray(`   New: ${guardianAppPort}:9003 (correct)\n`));
+    }
+
+  } catch (error) {
+    console.error(chalk.red('\n✗ Failed to regenerate docker-compose.yml:'), error.message);
+    process.exit(1);
+  }
+}

package/src/commands/update.js

@@ -9,32 +9,34 @@ import { backup } from './backup.js';
 import { generateDockerCompose } from '../templates/docker-compose.yml.js';
 
 /**
- * Check if gate-app or guardian-app is installed by checking docker-compose.yml
+ * Check if gate-app, guardian-app, or facial-web is installed by checking docker-compose.yml
  * @param {string} composeFile - Path to docker-compose.yml
- * @returns {{hasGateApp: boolean, hasGuardianApp: boolean}}
+ * @returns {{hasGateApp: boolean, hasGuardianApp: boolean, hasFacialWeb: boolean}}
  */
 function detectInstalledApps(composeFile) {
   try {
     const composeContent = readFileSync(composeFile, 'utf8');
     return {
       hasGateApp: composeContent.includes('gate-app:') || composeContent.includes('container_name: ante-gate-app'),
-      hasGuardianApp: composeContent.includes('guardian-app:') || composeContent.includes('container_name: ante-guardian-app')
+      hasGuardianApp: composeContent.includes('guardian-app:') || composeContent.includes('container_name: ante-guardian-app'),
+      hasFacialWeb: composeContent.includes('facial-web:') || composeContent.includes('container_name: ante-facial-web')
     };
   } catch {
-    return { hasGateApp: false, hasGuardianApp: false };
+    return { hasGateApp: false, hasGuardianApp: false, hasFacialWeb: false };
   }
 }
 
 /**
  * Detect missing services that could be installed
  * @param {string} composeFile - Path to docker-compose.yml
- * @returns {{gateApp: boolean, guardianApp: boolean}}
+ * @returns {{gateApp: boolean, guardianApp: boolean, facialWeb: boolean}}
  */
 function detectMissingServices(composeFile) {
   const installed = detectInstalledApps(composeFile);
   return {
     gateApp: !installed.hasGateApp,
-    guardianApp: !installed.hasGuardianApp
+    guardianApp: !installed.hasGuardianApp,
+    facialWeb: !installed.hasFacialWeb
   };
 }
 
@@ -61,7 +63,7 @@ function parseEnvFile(envFile) {
  * Update docker-compose.yml with new services
  * @param {string} composeFile - Path to docker-compose.yml
  * @param {string} envFile - Path to .env file
- * @param {{gateApp: boolean, guardianApp: boolean}} newServices - Services to add
+ * @param {{gateApp: boolean, guardianApp: boolean, facialWeb: boolean}} newServices - Services to add
  */
 function updateDockerCompose(composeFile, envFile, newServices) {
   const envConfig = parseEnvFile(envFile);
@@ -73,9 +75,11 @@ function updateDockerCompose(composeFile, envFile, newServices) {
     backendPort: parseInt(envConfig.BACKEND_PORT) || 3001,
     gateAppPort: parseInt(envConfig.GATE_APP_PORT) || 8081,
     guardianAppPort: parseInt(envConfig.GUARDIAN_APP_PORT) || 8082,
+    facialWebPort: parseInt(envConfig.FACIAL_WEB_PORT) || 8083,
     installMain: true,
     installGate: currentInstalled.hasGateApp || newServices.gateApp,
     installGuardian: currentInstalled.hasGuardianApp || newServices.guardianApp,
+    installFacial: currentInstalled.hasFacialWeb || newServices.facialWeb,
     companyId: parseInt(envConfig.COMPANY_ID) || 1
   });
 
@@ -90,7 +94,7 @@ function updateDockerCompose(composeFile, envFile, newServices) {
 /**
  * Update .env file with new app configuration
  * @param {string} envFile - Path to .env file
- * @param {{gateApp: boolean, guardianApp: boolean}} newServices - Services to add
+ * @param {{gateApp: boolean, guardianApp: boolean, facialWeb: boolean}} newServices - Services to add
  */
 function updateEnvFile(envFile, newServices) {
   let envContent = readFileSync(envFile, 'utf8');
@@ -143,8 +147,32 @@ COMPANY_ID=1
     }
   }
 
+  // Add facial-web configuration if needed
+  if (newServices.facialWeb && !envContent.includes('FACIAL_WEB_PORT')) {
+    if (!envContent.includes('# FRONTEND APP CONFIGURATION')) {
+      envContent += `\n# ------------------------------------------------------------------------------
+# FRONTEND APP CONFIGURATION
+# ------------------------------------------------------------------------------
+COMPANY_ID=1
+`;
+    }
+
+    // Replace commented line or add new
+    if (envContent.includes('# FACIAL_WEB_PORT=')) {
+      envContent = envContent.replace(/# FACIAL_WEB_PORT=\d+/, 'FACIAL_WEB_PORT=8083');
+    } else {
+      envContent += `FACIAL_WEB_PORT=8083\n`;
+    }
+
+    if (envContent.includes('# FACIAL_WEB_URL=')) {
+      envContent = envContent.replace(/# FACIAL_WEB_URL=.*/, 'FACIAL_WEB_URL=http://localhost:8083');
+    } else {
+      envContent += `FACIAL_WEB_URL=http://localhost:8083\n`;
+    }
+  }
+
   // Add COMPANY_ID if missing and any new service is being added
-  if ((newServices.gateApp || newServices.guardianApp) && !envContent.includes('COMPANY_ID=')) {
+  if ((newServices.gateApp || newServices.guardianApp || newServices.facialWeb) && !envContent.includes('COMPANY_ID=')) {
     envContent += `COMPANY_ID=1\n`;
   }
 
@@ -161,7 +189,7 @@ export async function update(options) {
     const envFile = join(installDir, '.env');
 
     // Detect which apps are installed
-    const { hasGateApp, hasGuardianApp } = detectInstalledApps(composeFile);
+    const { hasGateApp, hasGuardianApp, hasFacialWeb } = detectInstalledApps(composeFile);
 
     console.log(chalk.bold('\n🔄 ANTE ERP Update\n'));
 
@@ -191,7 +219,7 @@ export async function update(options) {
     }
 
     // Track which services to install
-    let servicesToInstall = { gateApp: false, guardianApp: false };
+    let servicesToInstall = { gateApp: false, guardianApp: false, facialWeb: false };
 
     const tasks = new Listr([
       {
@@ -207,7 +235,7 @@ export async function update(options) {
         task: async (ctx, task) => {
           const missingServices = detectMissingServices(composeFile);
 
-          if (!missingServices.gateApp && !missingServices.guardianApp) {
+          if (!missingServices.gateApp && !missingServices.guardianApp && !missingServices.facialWeb) {
             task.skip('All available services are already installed');
             return;
           }
@@ -215,6 +243,7 @@ export async function update(options) {
           const availableServices = [];
           if (missingServices.gateApp) availableServices.push('Gate App (School attendance)');
           if (missingServices.guardianApp) availableServices.push('Guardian App (Parent portal)');
+          if (missingServices.facialWeb) availableServices.push('Facial Web (Face recognition)');
 
           task.output = `Found ${availableServices.length} new service(s): ${availableServices.join(', ')}`;
           ctx.missingServices = missingServices;
@@ -222,7 +251,7 @@ export async function update(options) {
       },
       {
         title: 'Confirming installation of new services',
-        skip: (ctx) => !ctx.missingServices || (!ctx.missingServices.gateApp && !ctx.missingServices.guardianApp),
+        skip: (ctx) => !ctx.missingServices || (!ctx.missingServices.gateApp && !ctx.missingServices.guardianApp && !ctx.missingServices.facialWeb),
         task: async (ctx, task) => {
           if (options.force) {
             servicesToInstall = ctx.missingServices;
@@ -238,12 +267,13 @@ export async function update(options) {
           const availableServices = [];
           if (ctx.missingServices.gateApp) availableServices.push('Gate App');
           if (ctx.missingServices.guardianApp) availableServices.push('Guardian App');
+          if (ctx.missingServices.facialWeb) availableServices.push('Facial Web');
 
           const { installNew } = await inquirer.prompt([
             {
               type: 'confirm',
               name: 'installNew',
-              message: `Install ${availableServices.join(' and ')}?`,
+              message: `Install ${availableServices.join(', ')}?`,
               default: true
             }
           ]);
@@ -258,11 +288,12 @@ export async function update(options) {
       },
       {
         title: 'Installing new services',
-        skip: () => !servicesToInstall.gateApp && !servicesToInstall.guardianApp,
+        skip: () => !servicesToInstall.gateApp && !servicesToInstall.guardianApp && !servicesToInstall.facialWeb,
         task: async (ctx, task) => {
           const servicesAdded = [];
           if (servicesToInstall.gateApp) servicesAdded.push('Gate App');
           if (servicesToInstall.guardianApp) servicesAdded.push('Guardian App');
+          if (servicesToInstall.facialWeb) servicesAdded.push('Facial Web');
 
           task.output = `Adding ${servicesAdded.join(', ')} to configuration...`;
 
@@ -322,6 +353,16 @@ export async function update(options) {
           }
         }
       },
+      {
+        title: 'Waiting for Facial Web to be healthy',
+        skip: () => !hasFacialWeb && !servicesToInstall.facialWeb,
+        task: async () => {
+          const healthy = await waitForServiceHealthy(composeFile, 'facial-web', 60);
+          if (!healthy) {
+            throw new Error('Facial Web did not become healthy within 60 seconds');
+          }
+        }
+      },
       {
         title: 'Running database migrations',
         task: async (ctx, task) => {

package/src/templates/docker-compose.yml.js

@@ -9,8 +9,10 @@ export function generateDockerCompose(options = {}) {
     backendPort = 3001,
     gateAppPort = 8081,
     guardianAppPort = 8082,
+    facialWebPort = 8083,
     installGate = false,
     installGuardian = false,
+    installFacial = false,
     companyId = 1
   } = options;
 
@@ -240,6 +242,33 @@ ${installGate ? `
       options:
         max-size: "10m"
         max-file: "3"
+` : ''}${installFacial ? `
+  # ANTE Facial Web
+  facial-web:
+    image: ghcr.io/gtplusnet/ante-self-hosted-frontend-facial-web:latest
+    container_name: ante-facial-web
+    restart: unless-stopped
+    depends_on:
+      backend:
+        condition: service_healthy
+    environment:
+      - API_URL=\${API_URL:-http://localhost:${backendPort}}
+      - SOCKET_URL=\${SOCKET_URL:-ws://localhost:${backendPort}}
+      - COMPANY_ID=${companyId}
+    ports:
+      - "${facialWebPort}:5173"
+    networks:
+      - ante-network
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:5173"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+    logging:
+      driver: "json-file"
+      options:
+        max-size: "10m"
+        max-file: "3"
 ` : ''}
 volumes:
   postgres_data:

package/src/templates/env.js

@@ -13,11 +13,14 @@ export function generateEnv(credentials, options = {}) {
     backendPort = 3001,
     gateAppPort = 8081,
     guardianAppPort = 8082,
+    facialWebPort = 8083,
     gateAppUrl = 'http://localhost:8081',
     guardianAppUrl = 'http://localhost:8082',
+    facialWebUrl = 'http://localhost:8083',
     companyId = 1,
     installGate = false,
     installGuardian = false,
+    installFacial = false,
     smtpHost = '',
     smtpPort = 587,
     smtpUsername = '',
@@ -60,14 +63,16 @@ FRONTEND_PORT=${frontendPort}
 BACKEND_PORT=${backendPort}
 ${installGate ? `GATE_APP_PORT=${gateAppPort}` : '# GATE_APP_PORT=8081'}
 ${installGuardian ? `GUARDIAN_APP_PORT=${guardianAppPort}` : '# GUARDIAN_APP_PORT=8082'}
+${installFacial ? `FACIAL_WEB_PORT=${facialWebPort}` : '# FACIAL_WEB_PORT=8083'}
 # Note: WebSocket runs on the same port as backend (BACKEND_PORT)
 
-${(installGate || installGuardian) ? `# ------------------------------------------------------------------------------
+${(installGate || installGuardian || installFacial) ? `# ------------------------------------------------------------------------------
 # FRONTEND APP CONFIGURATION
 # ------------------------------------------------------------------------------
 COMPANY_ID=${companyId}
 ${installGate ? `GATE_APP_URL=${gateAppUrl}` : '# GATE_APP_URL=http://localhost:8081'}
 ${installGuardian ? `GUARDIAN_APP_URL=${guardianAppUrl}` : '# GUARDIAN_APP_URL=http://localhost:8082'}
+${installFacial ? `FACIAL_WEB_URL=${facialWebUrl}` : '# FACIAL_WEB_URL=http://localhost:8083'}
 
 ` : ''}# ------------------------------------------------------------------------------
 # EMAIL CONFIGURATION

package/src/utils/nginx.js

@@ -50,10 +50,12 @@ export async function installNginx(spinner) {
  * @param {string} config.apiDomain - API domain (e.g., api.ante.example.com)
  * @param {string} [config.gateAppDomain] - Gate app domain (optional)
  * @param {string} [config.guardianAppDomain] - Guardian app domain (optional)
+ * @param {string} [config.facialAppDomain] - Facial web app domain (optional)
  * @param {number} config.frontendPort - Frontend Docker port (default: 8080)
  * @param {number} config.apiPort - API Docker port (default: 3001)
  * @param {number} [config.gateAppPort] - Gate app Docker port (default: 8081)
  * @param {number} [config.guardianAppPort] - Guardian app Docker port (default: 8082)
+ * @param {number} [config.facialWebPort] - Facial web app Docker port (default: 8083)
  * @param {boolean} config.ssl - Enable SSL configuration (default: false)
  * @returns {string} NGINX configuration content
  */
@@ -63,10 +65,12 @@ export function generateNginxConfig(config) {
     apiDomain,
     gateAppDomain,
     guardianAppDomain,
+    facialAppDomain,
     frontendPort = 8080,
     apiPort = 3001,
     gateAppPort = 8081,
     guardianAppPort = 8082,
+    facialWebPort = 8083,
     ssl = false
   } = config;
 
@@ -75,6 +79,7 @@ export function generateNginxConfig(config) {
   const apiHost = apiDomain.replace(/^https?:\/\//, '').replace(/:\d+$/, '');
   const gateAppHost = gateAppDomain ? gateAppDomain.replace(/^https?:\/\//, '').replace(/:\d+$/, '') : null;
   const guardianAppHost = guardianAppDomain ? guardianAppDomain.replace(/^https?:\/\//, '').replace(/:\d+$/, '') : null;
+  const facialAppHost = facialAppDomain ? facialAppDomain.replace(/^https?:\/\//, '').replace(/:\d+$/, '') : null;
 
   if (ssl) {
     return generateSslNginxConfig({
@@ -82,10 +87,12 @@ export function generateNginxConfig(config) {
       apiHost,
       gateAppHost,
       guardianAppHost,
+      facialAppHost,
       frontendPort,
       apiPort,
       gateAppPort,
-      guardianAppPort
+      guardianAppPort,
+      facialWebPort
     });
   }
 
@@ -216,6 +223,37 @@ server {
         proxy_read_timeout 60s;
     }
 }
+` : ''}${facialAppHost ? `
+# ANTE Facial Web App Configuration
+server {
+    listen 80;
+    listen [::]:80;
+    server_name ${facialAppHost};
+
+    # Increase buffer sizes for large headers
+    client_header_buffer_size 16k;
+    large_client_header_buffers 4 16k;
+
+    # Increase body size for image uploads
+    client_max_body_size 50M;
+
+    location / {
+        proxy_pass http://localhost:${facialWebPort};
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection 'upgrade';
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_cache_bypass $http_upgrade;
+
+        # Timeout settings
+        proxy_connect_timeout 60s;
+        proxy_send_timeout 60s;
+        proxy_read_timeout 60s;
+    }
+}
 ` : ''}`;
 }
 
@@ -226,10 +264,12 @@ server {
  * @param {string} config.apiHost - API hostname
  * @param {string} [config.gateAppHost] - Gate app hostname (optional)
  * @param {string} [config.guardianAppHost] - Guardian app hostname (optional)
+ * @param {string} [config.facialAppHost] - Facial web app hostname (optional)
  * @param {number} config.frontendPort - Frontend port
  * @param {number} config.apiPort - API port
  * @param {number} [config.gateAppPort] - Gate app port (default: 8081)
  * @param {number} [config.guardianAppPort] - Guardian app port (default: 8082)
+ * @param {number} [config.facialWebPort] - Facial web app port (default: 8083)
  * @returns {string} NGINX configuration with SSL
  */
 function generateSslNginxConfig(config) {
@@ -238,10 +278,12 @@ function generateSslNginxConfig(config) {
     apiHost,
     gateAppHost,
     guardianAppHost,
+    facialAppHost,
     frontendPort,
     apiPort,
     gateAppPort = 8081,
-    guardianAppPort = 8082
+    guardianAppPort = 8082,
+    facialWebPort = 8083
   } = config;
 
   return `# ANTE Frontend Configuration (HTTPS)
@@ -475,6 +517,63 @@ server {
     server_name ${guardianAppHost};
     return 301 https://$server_name$request_uri;
 }
+` : ''}${facialAppHost ? `
+# ANTE Facial Web App Configuration (HTTPS)
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    http2 on;
+    server_name ${facialAppHost};
+
+    # SSL Certificate paths
+    ssl_certificate /etc/letsencrypt/live/${facialAppHost}/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/${facialAppHost}/privkey.pem;
+
+    # SSL Configuration
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers HIGH:!aNULL:!MD5;
+    ssl_prefer_server_ciphers on;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_timeout 10m;
+
+    # Security headers
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+    add_header X-Frame-Options SAMEORIGIN always;
+    add_header X-Content-Type-Options nosniff always;
+    add_header X-XSS-Protection "1; mode=block" always;
+
+    # Increase buffer sizes for large headers
+    client_header_buffer_size 16k;
+    large_client_header_buffers 4 16k;
+
+    # Increase body size for image uploads
+    client_max_body_size 50M;
+
+    location / {
+        proxy_pass http://localhost:${facialWebPort};
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection 'upgrade';
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_cache_bypass $http_upgrade;
+
+        # Timeout settings
+        proxy_connect_timeout 60s;
+        proxy_send_timeout 60s;
+        proxy_read_timeout 60s;
+    }
+}
+
+# HTTP to HTTPS redirect for ${facialAppHost}
+server {
+    listen 80;
+    listen [::]:80;
+    server_name ${facialAppHost};
+    return 301 https://$server_name$request_uri;
+}
 ` : ''}`;
 }
 
@@ -551,6 +650,9 @@ export async function configureNginx(config) {
     if (config.guardianAppDomain) {
       console.log(chalk.gray(`   Guardian App: ${config.guardianAppDomain} → localhost:${config.guardianAppPort || 8082}`));
     }
+    if (config.facialAppDomain) {
+      console.log(chalk.gray(`   Facial Web: ${config.facialAppDomain} → localhost:${config.facialWebPort || 8083}`));
+    }
     console.log(chalk.gray(`   API: ${config.apiDomain} → localhost:${config.apiPort || 3001}`));
 
   } catch (error) {