blockmine 1.21.0 → 1.22.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (433) hide show
  1. package/.claude/agents/README.md +469 -0
  2. package/.claude/agents/auth-route-debugger.md +118 -0
  3. package/.claude/agents/auth-route-tester.md +93 -0
  4. package/.claude/agents/auto-error-resolver.md +97 -0
  5. package/.claude/agents/build-optimizer.md +236 -0
  6. package/.claude/agents/code-architecture-reviewer.md +83 -0
  7. package/.claude/agents/code-refactor-master.md +94 -0
  8. package/.claude/agents/cost-optimizer.md +134 -0
  9. package/.claude/agents/deployment-orchestrator.md +113 -0
  10. package/.claude/agents/documentation-architect.md +82 -0
  11. package/.claude/agents/frontend-error-fixer.md +77 -0
  12. package/.claude/agents/iac-code-generator.md +71 -0
  13. package/.claude/agents/incident-responder.md +346 -0
  14. package/.claude/agents/infrastructure-architect.md +31 -0
  15. package/.claude/agents/kubernetes-specialist.md +56 -0
  16. package/.claude/agents/migration-planner.md +181 -0
  17. package/.claude/agents/network-architect.md +196 -0
  18. package/.claude/agents/plan-reviewer.md +52 -0
  19. package/.claude/agents/refactor-planner.md +63 -0
  20. package/.claude/agents/security-scanner.md +102 -0
  21. package/.claude/agents/web-research-specialist.md +78 -0
  22. package/.claude/commands/cost-analysis.md +315 -0
  23. package/.claude/commands/dev-docs-update.md +55 -0
  24. package/.claude/commands/dev-docs.md +51 -0
  25. package/.claude/commands/incident-debug.md +247 -0
  26. package/.claude/commands/infra-plan.md +81 -0
  27. package/.claude/commands/migration-plan.md +478 -0
  28. package/.claude/commands/route-research-for-testing.md +37 -0
  29. package/.claude/commands/security-review.md +66 -0
  30. package/.claude/hooks/CONFIG.md +448 -0
  31. package/.claude/hooks/README.md +163 -0
  32. package/.claude/hooks/SKILL_ACTIVATION_COMPLETE.md +226 -0
  33. package/.claude/hooks/WINDOWS_HOOKS_README.md +151 -0
  34. package/.claude/hooks/add-skill-activation-banners.ts +132 -0
  35. package/.claude/hooks/comprehensive-skill-test.ts +1315 -0
  36. package/.claude/hooks/error-handling-reminder.sh +12 -0
  37. package/.claude/hooks/error-handling-reminder.ts +222 -0
  38. package/.claude/hooks/k8s-manifest-validator.sh +56 -0
  39. package/.claude/hooks/package-lock.json +556 -0
  40. package/.claude/hooks/package.json +16 -0
  41. package/.claude/hooks/post-tool-use-tracker.ps1 +174 -0
  42. package/.claude/hooks/post-tool-use-tracker.sh +183 -0
  43. package/.claude/hooks/security-policy-check.sh +247 -0
  44. package/.claude/hooks/skill-activation-prompt.ps1 +10 -0
  45. package/.claude/hooks/skill-activation-prompt.sh +10 -0
  46. package/.claude/hooks/skill-activation-prompt.ts +141 -0
  47. package/.claude/hooks/stop-build-check-enhanced.sh +130 -0
  48. package/.claude/hooks/terraform-validator.sh +53 -0
  49. package/.claude/hooks/test-input.json +7 -0
  50. package/.claude/hooks/test-skill-activation.ts +427 -0
  51. package/.claude/hooks/trigger-build-resolver.sh +79 -0
  52. package/.claude/hooks/tsc-check.sh +173 -0
  53. package/.claude/hooks/tsconfig.json +19 -0
  54. package/.claude/settings.json +55 -0
  55. package/.claude/settings.local.json +27 -14
  56. package/.claude/skills/README.md +507 -0
  57. package/.claude/skills/api-engineering/SKILL.md +63 -0
  58. package/.claude/skills/api-engineering/resources/api-versioning.md +88 -0
  59. package/.claude/skills/api-engineering/resources/graphql-patterns.md +106 -0
  60. package/.claude/skills/api-engineering/resources/rate-limiting.md +118 -0
  61. package/.claude/skills/api-engineering/resources/rest-api-design.md +105 -0
  62. package/.claude/skills/backend-dev-guidelines/SKILL.md +306 -0
  63. package/.claude/skills/backend-dev-guidelines/resources/architecture-overview.md +451 -0
  64. package/.claude/skills/backend-dev-guidelines/resources/async-and-errors.md +307 -0
  65. package/.claude/skills/backend-dev-guidelines/resources/complete-examples.md +638 -0
  66. package/.claude/skills/backend-dev-guidelines/resources/configuration.md +275 -0
  67. package/.claude/skills/backend-dev-guidelines/resources/database-patterns.md +224 -0
  68. package/.claude/skills/backend-dev-guidelines/resources/middleware-guide.md +213 -0
  69. package/.claude/skills/backend-dev-guidelines/resources/routing-and-controllers.md +756 -0
  70. package/.claude/skills/backend-dev-guidelines/resources/sentry-and-monitoring.md +336 -0
  71. package/.claude/skills/backend-dev-guidelines/resources/services-and-repositories.md +789 -0
  72. package/.claude/skills/backend-dev-guidelines/resources/testing-guide.md +235 -0
  73. package/.claude/skills/backend-dev-guidelines/resources/validation-patterns.md +754 -0
  74. package/.claude/skills/budget-and-cost-management/SKILL.md +850 -0
  75. package/.claude/skills/build-engineering/SKILL.md +431 -0
  76. package/.claude/skills/build-engineering/resources/artifact-repositories.md +72 -0
  77. package/.claude/skills/build-engineering/resources/build-caching.md +96 -0
  78. package/.claude/skills/build-engineering/resources/build-pipelines.md +105 -0
  79. package/.claude/skills/build-engineering/resources/build-security.md +95 -0
  80. package/.claude/skills/build-engineering/resources/build-systems.md +389 -0
  81. package/.claude/skills/build-engineering/resources/compilation-optimization.md +201 -0
  82. package/.claude/skills/build-engineering/resources/dependency-management.md +73 -0
  83. package/.claude/skills/build-engineering/resources/monorepo-builds.md +110 -0
  84. package/.claude/skills/build-engineering/resources/performance-optimization.md +113 -0
  85. package/.claude/skills/build-engineering/resources/reproducible-builds.md +82 -0
  86. package/.claude/skills/cloud-engineering/SKILL.md +675 -0
  87. package/.claude/skills/cloud-engineering/resources/aws-patterns.md +742 -0
  88. package/.claude/skills/cloud-engineering/resources/azure-patterns.md +714 -0
  89. package/.claude/skills/cloud-engineering/resources/cleared-cloud-environments.md +987 -0
  90. package/.claude/skills/cloud-engineering/resources/cloud-cost-optimization.md +757 -0
  91. package/.claude/skills/cloud-engineering/resources/cloud-networking.md +1058 -0
  92. package/.claude/skills/cloud-engineering/resources/cloud-security-tools.md +1530 -0
  93. package/.claude/skills/cloud-engineering/resources/cloud-security.md +990 -0
  94. package/.claude/skills/cloud-engineering/resources/gcp-patterns.md +758 -0
  95. package/.claude/skills/cloud-engineering/resources/migration-strategies.md +820 -0
  96. package/.claude/skills/cloud-engineering/resources/multi-cloud-strategies.md +670 -0
  97. package/.claude/skills/cloud-engineering/resources/oci-patterns.md +1198 -0
  98. package/.claude/skills/cloud-engineering/resources/serverless-patterns.md +795 -0
  99. package/.claude/skills/cloud-engineering/resources/well-architected-frameworks.md +966 -0
  100. package/.claude/skills/cybersecurity/SKILL.md +409 -0
  101. package/.claude/skills/cybersecurity/resources/security-architecture.md +266 -0
  102. package/.claude/skills/database-engineering/SKILL.md +61 -0
  103. package/.claude/skills/database-engineering/resources/backup-and-recovery.md +72 -0
  104. package/.claude/skills/database-engineering/resources/database-replication.md +63 -0
  105. package/.claude/skills/database-engineering/resources/postgresql-fundamentals.md +70 -0
  106. package/.claude/skills/database-engineering/resources/query-optimization.md +68 -0
  107. package/.claude/skills/devsecops/SKILL.md +374 -0
  108. package/.claude/skills/devsecops/resources/ci-cd-security.md +204 -0
  109. package/.claude/skills/devsecops/resources/compliance-automation.md +530 -0
  110. package/.claude/skills/devsecops/resources/compliance-frameworks.md +2322 -0
  111. package/.claude/skills/devsecops/resources/container-security.md +915 -0
  112. package/.claude/skills/devsecops/resources/cspm-integration.md +1440 -0
  113. package/.claude/skills/devsecops/resources/policy-enforcement.md +619 -0
  114. package/.claude/skills/devsecops/resources/secrets-management.md +755 -0
  115. package/.claude/skills/devsecops/resources/security-monitoring.md +146 -0
  116. package/.claude/skills/devsecops/resources/security-scanning.md +887 -0
  117. package/.claude/skills/devsecops/resources/security-testing.md +203 -0
  118. package/.claude/skills/devsecops/resources/supply-chain-security.md +518 -0
  119. package/.claude/skills/devsecops/resources/vulnerability-management.md +481 -0
  120. package/.claude/skills/devsecops/resources/zero-trust-architecture.md +177 -0
  121. package/.claude/skills/documentation-as-code/SKILL.md +323 -0
  122. package/.claude/skills/documentation-as-code/resources/api-documentation.md +90 -0
  123. package/.claude/skills/documentation-as-code/resources/changelog-management.md +79 -0
  124. package/.claude/skills/documentation-as-code/resources/diagram-generation.md +44 -0
  125. package/.claude/skills/documentation-as-code/resources/docs-as-code-workflow.md +99 -0
  126. package/.claude/skills/documentation-as-code/resources/documentation-automation.md +68 -0
  127. package/.claude/skills/documentation-as-code/resources/documentation-sites.md +79 -0
  128. package/.claude/skills/documentation-as-code/resources/markdown-best-practices.md +162 -0
  129. package/.claude/skills/documentation-as-code/resources/openapi-specification.md +77 -0
  130. package/.claude/skills/documentation-as-code/resources/readme-engineering.md +60 -0
  131. package/.claude/skills/documentation-as-code/resources/technical-writing-guide.md +202 -0
  132. package/.claude/skills/engineering-management/SKILL.md +356 -0
  133. package/.claude/skills/engineering-management/resources/career-ladders.md +609 -0
  134. package/.claude/skills/engineering-management/resources/hiring-and-assessment.md +555 -0
  135. package/.claude/skills/engineering-management/resources/one-on-one-guides.md +609 -0
  136. package/.claude/skills/engineering-management/resources/resource-planning.md +557 -0
  137. package/.claude/skills/engineering-management/resources/team-organization-patterns.md +491 -0
  138. package/.claude/skills/engineering-management/resources/technical-interviews.md +474 -0
  139. package/.claude/skills/engineering-operations-management/SKILL.md +817 -0
  140. package/.claude/skills/error-tracking/SKILL.md +379 -0
  141. package/.claude/skills/frontend-dev-guidelines/SKILL.md +403 -0
  142. package/.claude/skills/frontend-dev-guidelines/resources/common-patterns.md +331 -0
  143. package/.claude/skills/frontend-dev-guidelines/resources/complete-examples.md +872 -0
  144. package/.claude/skills/frontend-dev-guidelines/resources/component-patterns.md +502 -0
  145. package/.claude/skills/frontend-dev-guidelines/resources/data-fetching.md +767 -0
  146. package/.claude/skills/frontend-dev-guidelines/resources/file-organization.md +502 -0
  147. package/.claude/skills/frontend-dev-guidelines/resources/loading-and-error-states.md +501 -0
  148. package/.claude/skills/frontend-dev-guidelines/resources/performance.md +406 -0
  149. package/.claude/skills/frontend-dev-guidelines/resources/routing-guide.md +364 -0
  150. package/.claude/skills/frontend-dev-guidelines/resources/styling-guide.md +428 -0
  151. package/.claude/skills/frontend-dev-guidelines/resources/typescript-standards.md +418 -0
  152. package/.claude/skills/general-it-engineering/SKILL.md +393 -0
  153. package/.claude/skills/general-it-engineering/resources/asset-management.md +712 -0
  154. package/.claude/skills/general-it-engineering/resources/automation-orchestration.md +817 -0
  155. package/.claude/skills/general-it-engineering/resources/business-continuity.md +786 -0
  156. package/.claude/skills/general-it-engineering/resources/change-management.md +715 -0
  157. package/.claude/skills/general-it-engineering/resources/enterprise-monitoring.md +729 -0
  158. package/.claude/skills/general-it-engineering/resources/help-desk-operations.md +738 -0
  159. package/.claude/skills/general-it-engineering/resources/incident-service-management.md +834 -0
  160. package/.claude/skills/general-it-engineering/resources/it-governance.md +753 -0
  161. package/.claude/skills/general-it-engineering/resources/itil-framework.md +503 -0
  162. package/.claude/skills/general-it-engineering/resources/service-management.md +669 -0
  163. package/.claude/skills/infrastructure-architecture/SKILL.md +328 -0
  164. package/.claude/skills/infrastructure-architecture/resources/architecture-decision-records.md +505 -0
  165. package/.claude/skills/infrastructure-architecture/resources/architecture-patterns.md +528 -0
  166. package/.claude/skills/infrastructure-architecture/resources/capacity-planning.md +453 -0
  167. package/.claude/skills/infrastructure-architecture/resources/cleared-environment-architecture.md +773 -0
  168. package/.claude/skills/infrastructure-architecture/resources/cost-architecture.md +499 -0
  169. package/.claude/skills/infrastructure-architecture/resources/data-architecture.md +501 -0
  170. package/.claude/skills/infrastructure-architecture/resources/disaster-recovery.md +535 -0
  171. package/.claude/skills/infrastructure-architecture/resources/migration-architecture.md +512 -0
  172. package/.claude/skills/infrastructure-architecture/resources/multi-region-design.md +608 -0
  173. package/.claude/skills/infrastructure-architecture/resources/reference-architectures.md +562 -0
  174. package/.claude/skills/infrastructure-architecture/resources/security-architecture.md +538 -0
  175. package/.claude/skills/infrastructure-architecture/resources/system-design-principles.md +489 -0
  176. package/.claude/skills/infrastructure-architecture/resources/workload-classification.md +1000 -0
  177. package/.claude/skills/infrastructure-strategy/SKILL.md +924 -0
  178. package/.claude/skills/network-engineering/SKILL.md +385 -0
  179. package/.claude/skills/network-engineering/resources/dns-management.md +738 -0
  180. package/.claude/skills/network-engineering/resources/load-balancing.md +820 -0
  181. package/.claude/skills/network-engineering/resources/network-architecture.md +546 -0
  182. package/.claude/skills/network-engineering/resources/network-security.md +921 -0
  183. package/.claude/skills/network-engineering/resources/network-troubleshooting.md +749 -0
  184. package/.claude/skills/network-engineering/resources/routing-switching.md +373 -0
  185. package/.claude/skills/network-engineering/resources/sdn-networking.md +695 -0
  186. package/.claude/skills/network-engineering/resources/service-mesh-networking.md +777 -0
  187. package/.claude/skills/network-engineering/resources/tcp-ip-protocols.md +444 -0
  188. package/.claude/skills/network-engineering/resources/vpn-connectivity.md +672 -0
  189. package/.claude/skills/observability-engineering/SKILL.md +101 -0
  190. package/.claude/skills/observability-engineering/resources/apm-tools.md +97 -0
  191. package/.claude/skills/observability-engineering/resources/correlation-strategies.md +87 -0
  192. package/.claude/skills/observability-engineering/resources/distributed-tracing.md +98 -0
  193. package/.claude/skills/observability-engineering/resources/logs-aggregation.md +118 -0
  194. package/.claude/skills/observability-engineering/resources/observability-cost-optimization.md +141 -0
  195. package/.claude/skills/observability-engineering/resources/opentelemetry.md +110 -0
  196. package/.claude/skills/platform-engineering/SKILL.md +555 -0
  197. package/.claude/skills/platform-engineering/resources/architecture-overview.md +600 -0
  198. package/.claude/skills/platform-engineering/resources/container-orchestration.md +916 -0
  199. package/.claude/skills/platform-engineering/resources/cost-optimization.md +634 -0
  200. package/.claude/skills/platform-engineering/resources/developer-platforms.md +670 -0
  201. package/.claude/skills/platform-engineering/resources/gitops-automation.md +650 -0
  202. package/.claude/skills/platform-engineering/resources/infrastructure-as-code.md +778 -0
  203. package/.claude/skills/platform-engineering/resources/infrastructure-standards.md +708 -0
  204. package/.claude/skills/platform-engineering/resources/multi-tenancy.md +602 -0
  205. package/.claude/skills/platform-engineering/resources/platform-security.md +711 -0
  206. package/.claude/skills/platform-engineering/resources/resource-management.md +592 -0
  207. package/.claude/skills/platform-engineering/resources/service-mesh.md +628 -0
  208. package/.claude/skills/release-engineering/SKILL.md +393 -0
  209. package/.claude/skills/release-engineering/resources/artifact-management.md +108 -0
  210. package/.claude/skills/release-engineering/resources/build-optimization.md +84 -0
  211. package/.claude/skills/release-engineering/resources/ci-cd-pipelines.md +411 -0
  212. package/.claude/skills/release-engineering/resources/deployment-strategies.md +197 -0
  213. package/.claude/skills/release-engineering/resources/pipeline-security.md +62 -0
  214. package/.claude/skills/release-engineering/resources/progressive-delivery.md +83 -0
  215. package/.claude/skills/release-engineering/resources/release-automation.md +68 -0
  216. package/.claude/skills/release-engineering/resources/release-orchestration.md +77 -0
  217. package/.claude/skills/release-engineering/resources/rollback-strategies.md +66 -0
  218. package/.claude/skills/release-engineering/resources/versioning-strategies.md +59 -0
  219. package/.claude/skills/route-tester/SKILL.md +392 -0
  220. package/.claude/skills/skill-developer/ADVANCED.md +197 -0
  221. package/.claude/skills/skill-developer/HOOK_MECHANISMS.md +306 -0
  222. package/.claude/skills/skill-developer/PATTERNS_LIBRARY.md +152 -0
  223. package/.claude/skills/skill-developer/SKILL.md +430 -0
  224. package/.claude/skills/skill-developer/SKILL_RULES_REFERENCE.md +315 -0
  225. package/.claude/skills/skill-developer/TRIGGER_TYPES.md +305 -0
  226. package/.claude/skills/skill-developer/TROUBLESHOOTING.md +514 -0
  227. package/.claude/skills/skill-rules.json +2940 -0
  228. package/.claude/skills/sre/SKILL.md +464 -0
  229. package/.claude/skills/sre/resources/alerting-best-practices.md +282 -0
  230. package/.claude/skills/sre/resources/capacity-planning.md +226 -0
  231. package/.claude/skills/sre/resources/chaos-engineering.md +193 -0
  232. package/.claude/skills/sre/resources/disaster-recovery.md +232 -0
  233. package/.claude/skills/sre/resources/incident-management.md +436 -0
  234. package/.claude/skills/sre/resources/observability-stack.md +240 -0
  235. package/.claude/skills/sre/resources/on-call-runbooks.md +167 -0
  236. package/.claude/skills/sre/resources/performance-optimization.md +108 -0
  237. package/.claude/skills/sre/resources/reliability-patterns.md +183 -0
  238. package/.claude/skills/sre/resources/slo-sli-sla.md +464 -0
  239. package/.claude/skills/sre/resources/toil-reduction.md +145 -0
  240. package/.claude/skills/systems-engineering/SKILL.md +648 -0
  241. package/.claude/skills/systems-engineering/resources/automation-patterns.md +771 -0
  242. package/.claude/skills/systems-engineering/resources/configuration-management.md +998 -0
  243. package/.claude/skills/systems-engineering/resources/linux-administration.md +672 -0
  244. package/.claude/skills/systems-engineering/resources/networking-fundamentals.md +982 -0
  245. package/.claude/skills/systems-engineering/resources/performance-tuning.md +871 -0
  246. package/.claude/skills/systems-engineering/resources/powershell-scripting.md +482 -0
  247. package/.claude/skills/systems-engineering/resources/security-hardening.md +739 -0
  248. package/.claude/skills/systems-engineering/resources/shell-scripting.md +915 -0
  249. package/.claude/skills/systems-engineering/resources/storage-management.md +628 -0
  250. package/.claude/skills/systems-engineering/resources/system-monitoring.md +787 -0
  251. package/.claude/skills/systems-engineering/resources/troubleshooting-guide.md +753 -0
  252. package/.claude/skills/systems-engineering/resources/windows-administration.md +738 -0
  253. package/.claude/skills/technical-leadership/SKILL.md +728 -0
  254. package/CHANGELOG.md +90 -54
  255. package/README.md +94 -0
  256. package/backend/docs/SECRETS_DOCUMENTATION.md +327 -0
  257. package/backend/jest.config.js +59 -0
  258. package/backend/package-lock.json +6129 -0
  259. package/backend/package.json +16 -4
  260. package/backend/prisma/migrations/20251026104609_add_websocket_api/migration.sql +33 -0
  261. package/backend/prisma/schema.prisma +33 -0
  262. package/backend/src/__tests__/core/DependencyService.test.js +336 -0
  263. package/backend/src/__tests__/core/UserService.test.js +875 -0
  264. package/backend/src/__tests__/repositories/BaseRepository.test.js +146 -0
  265. package/backend/src/__tests__/repositories/BotRepository.test.js +118 -0
  266. package/backend/src/__tests__/repositories/CommandRepository.test.js +132 -0
  267. package/backend/src/__tests__/repositories/EventGraphRepository.test.js +93 -0
  268. package/backend/src/__tests__/repositories/GroupRepository.test.js +155 -0
  269. package/backend/src/__tests__/repositories/PermissionRepository.test.js +130 -0
  270. package/backend/src/__tests__/repositories/PluginRepository.test.js +107 -0
  271. package/backend/src/__tests__/repositories/ServerRepository.test.js +80 -0
  272. package/backend/src/__tests__/repositories/UserRepository.test.js +128 -0
  273. package/backend/src/__tests__/secretsFilter.test.js +425 -0
  274. package/backend/src/__tests__/services/BotLifecycleService.test.js +411 -0
  275. package/backend/src/__tests__/services/BotProcessManager.test.js +285 -0
  276. package/backend/src/__tests__/services/CacheManager.test.js +125 -0
  277. package/backend/src/__tests__/services/CommandExecutionService.test.js +460 -0
  278. package/backend/src/__tests__/services/ResourceMonitorService.test.js +207 -0
  279. package/backend/src/__tests__/services/TelemetryService.test.js +291 -0
  280. package/backend/src/__tests__/setup.js +25 -0
  281. package/backend/src/api/routes/apiKeys.js +181 -0
  282. package/backend/src/api/routes/bots.js +49 -7
  283. package/backend/src/api/routes/plugins.js +2 -1
  284. package/backend/src/api/routes/system.js +174 -0
  285. package/backend/src/container.js +82 -0
  286. package/backend/src/core/BotManager.js +142 -871
  287. package/backend/src/core/BotManager.old.js +1093 -0
  288. package/backend/src/core/BotProcess.js +1092 -858
  289. package/backend/src/core/EventGraphManager.js +280 -198
  290. package/backend/src/core/GraphExecutionEngine.js +321 -325
  291. package/backend/src/core/MessageQueue.js +27 -6
  292. package/backend/src/core/NodeRegistry.js +37 -1134
  293. package/backend/src/core/PluginManager.js +62 -12
  294. package/backend/src/core/PrismaService.js +32 -0
  295. package/backend/src/core/UserService.js +3 -3
  296. package/backend/src/core/__tests__/PrismaService.test.js +24 -0
  297. package/backend/src/core/commands/README.md +305 -0
  298. package/backend/src/core/commands/dev.js +13 -7
  299. package/backend/src/core/commands/ping.js +10 -4
  300. package/backend/src/core/commands/whois.js +63 -0
  301. package/backend/src/core/config/validation.js +27 -0
  302. package/backend/src/core/constants/graphTypes.js +21 -0
  303. package/backend/src/core/node-registries/actions.js +132 -0
  304. package/backend/src/core/node-registries/arrays.js +137 -0
  305. package/backend/src/core/node-registries/bot.js +23 -0
  306. package/backend/src/core/node-registries/data.js +290 -0
  307. package/backend/src/core/node-registries/debug.js +26 -0
  308. package/backend/src/core/node-registries/events.js +187 -0
  309. package/backend/src/core/node-registries/flow.js +139 -0
  310. package/backend/src/core/node-registries/logic.js +45 -0
  311. package/backend/src/core/node-registries/math.js +42 -0
  312. package/backend/src/core/node-registries/objects.js +98 -0
  313. package/backend/src/core/node-registries/strings.js +153 -0
  314. package/backend/src/core/node-registries/time.js +113 -0
  315. package/backend/src/core/node-registries/users.js +79 -0
  316. package/backend/src/core/nodes/{action_bot_look_at.js → actions/bot_look_at.js} +36 -36
  317. package/backend/src/core/nodes/{action_bot_set_variable.js → actions/bot_set_variable.js} +32 -32
  318. package/backend/src/core/nodes/{action_send_log.js → actions/send_log.js} +28 -23
  319. package/backend/src/core/nodes/{action_send_message.js → actions/send_message.js} +32 -32
  320. package/backend/src/core/nodes/actions/send_websocket_response.js +33 -0
  321. package/backend/src/core/nodes/arrays/get_next.js +35 -0
  322. package/backend/src/core/nodes/{data_cast.js → data/cast.js} +8 -0
  323. package/backend/src/core/nodes/data/datetime_literal.js +27 -0
  324. package/backend/src/core/nodes/data/entity_info.js +69 -0
  325. package/backend/src/core/nodes/data/get_nearby_entities.js +32 -0
  326. package/backend/src/core/nodes/data/get_nearby_players.js +64 -0
  327. package/backend/src/core/nodes/{data_get_user_field.js → data/get_user_field.js} +1 -1
  328. package/backend/src/core/nodes/data/type_check.js +53 -0
  329. package/backend/src/core/nodes/{debug_log.js → debug/log.js} +16 -16
  330. package/backend/src/core/nodes/{flow_branch.js → flow/branch.js} +15 -15
  331. package/backend/src/core/nodes/{flow_break.js → flow/break.js} +14 -14
  332. package/backend/src/core/nodes/flow/delay.js +43 -0
  333. package/backend/src/core/nodes/{flow_for_each.js → flow/for_each.js} +39 -39
  334. package/backend/src/core/nodes/{flow_sequence.js → flow/sequence.js} +16 -16
  335. package/backend/src/core/nodes/{flow_switch.js → flow/switch.js} +47 -47
  336. package/backend/src/core/nodes/{flow_while.js → flow/while.js} +1 -1
  337. package/backend/src/core/nodes/logic/__tests__/compare.test.js +83 -0
  338. package/backend/src/core/nodes/math/__tests__/operation.test.js +65 -0
  339. package/backend/src/core/nodes/strings/__tests__/concat.test.js +89 -0
  340. package/backend/src/core/nodes/time/__tests__/now.test.js +24 -0
  341. package/backend/src/core/nodes/time/add.js +33 -0
  342. package/backend/src/core/nodes/time/compare.js +35 -0
  343. package/backend/src/core/nodes/time/diff.js +29 -0
  344. package/backend/src/core/nodes/time/format.js +32 -0
  345. package/backend/src/core/nodes/time/now.js +18 -0
  346. package/backend/src/core/nodes/{user_check_blacklist.js → users/check_blacklist.js} +37 -37
  347. package/backend/src/core/nodes/{user_get_groups.js → users/get_groups.js} +36 -36
  348. package/backend/src/core/nodes/{user_get_permissions.js → users/get_permissions.js} +36 -36
  349. package/backend/src/core/nodes/{user_set_blacklist.js → users/set_blacklist.js} +37 -37
  350. package/backend/src/core/services/BotLifecycleService.js +596 -0
  351. package/backend/src/core/services/BotProcessManager.js +163 -0
  352. package/backend/src/core/services/CacheManager.js +111 -0
  353. package/backend/src/core/services/CommandExecutionService.js +351 -0
  354. package/backend/src/core/services/ResourceMonitorService.js +90 -0
  355. package/backend/src/core/services/TelemetryService.js +124 -0
  356. package/backend/src/core/services/ValidationService.js +132 -0
  357. package/backend/src/core/services/__tests__/ValidationService.test.js +148 -0
  358. package/backend/src/core/services.js +20 -5
  359. package/backend/src/core/system/CommandContext.js +84 -0
  360. package/backend/src/core/system/Transport.js +78 -0
  361. package/backend/src/core/utils/__tests__/jsonParser.test.js +44 -0
  362. package/backend/src/core/utils/jsonParser.js +18 -0
  363. package/backend/src/core/utils/secretsFilter.js +262 -0
  364. package/backend/src/core/utils/variableParser.js +89 -0
  365. package/backend/src/core/validation/__tests__/nodeSchemas.test.js +175 -0
  366. package/backend/src/core/validation/nodeSchemas.js +112 -0
  367. package/backend/src/lib/prisma.js +2 -4
  368. package/backend/src/real-time/botApi/handlers/commandHandlers.js +28 -0
  369. package/backend/src/real-time/botApi/handlers/graphHandlers.js +99 -0
  370. package/backend/src/real-time/botApi/handlers/graphWebSocketHandlers.js +147 -0
  371. package/backend/src/real-time/botApi/handlers/index.js +43 -0
  372. package/backend/src/real-time/botApi/handlers/messageHandlers.js +66 -0
  373. package/backend/src/real-time/botApi/handlers/statusHandlers.js +17 -0
  374. package/backend/src/real-time/botApi/handlers/userHandlers.js +141 -0
  375. package/backend/src/real-time/botApi/index.js +40 -0
  376. package/backend/src/real-time/botApi/middleware.js +79 -0
  377. package/backend/src/real-time/botApi/utils.js +54 -0
  378. package/backend/src/real-time/socketHandler.js +6 -2
  379. package/backend/src/repositories/BaseRepository.js +43 -0
  380. package/backend/src/repositories/BotRepository.js +42 -0
  381. package/backend/src/repositories/CommandRepository.js +53 -0
  382. package/backend/src/repositories/EventGraphRepository.js +40 -0
  383. package/backend/src/repositories/GroupRepository.js +69 -0
  384. package/backend/src/repositories/PermissionRepository.js +48 -0
  385. package/backend/src/repositories/PluginRepository.js +42 -0
  386. package/backend/src/repositories/ServerRepository.js +27 -0
  387. package/backend/src/repositories/UserRepository.js +48 -0
  388. package/backend/src/server.js +3 -0
  389. package/backend/src/test-refactor.js +85 -0
  390. package/frontend/dist/assets/index-CfTo92bP.css +1 -0
  391. package/frontend/dist/assets/index-CiFD5X9Z.js +8344 -0
  392. package/frontend/dist/index.html +2 -2
  393. package/frontend/package.json +0 -5
  394. package/package.json +2 -1
  395. package/frontend/dist/assets/index-B9GedHEa.js +0 -8352
  396. package/frontend/dist/assets/index-zLiy9MDx.css +0 -1
  397. package/nul +0 -0
  398. /package/backend/src/core/nodes/{action_http_request.js → actions/http_request.js} +0 -0
  399. /package/backend/src/core/nodes/{array_add_element.js → arrays/add_element.js} +0 -0
  400. /package/backend/src/core/nodes/{array_contains.js → arrays/contains.js} +0 -0
  401. /package/backend/src/core/nodes/{array_find_index.js → arrays/find_index.js} +0 -0
  402. /package/backend/src/core/nodes/{array_get_by_index.js → arrays/get_by_index.js} +0 -0
  403. /package/backend/src/core/nodes/{array_get_random_element.js → arrays/get_random_element.js} +0 -0
  404. /package/backend/src/core/nodes/{array_remove_by_index.js → arrays/remove_by_index.js} +0 -0
  405. /package/backend/src/core/nodes/{bot_get_position.js → bot/get_position.js} +0 -0
  406. /package/backend/src/core/nodes/{data_array_literal.js → data/array_literal.js} +0 -0
  407. /package/backend/src/core/nodes/{data_boolean_literal.js → data/boolean_literal.js} +0 -0
  408. /package/backend/src/core/nodes/{data_get_argument.js → data/get_argument.js} +0 -0
  409. /package/backend/src/core/nodes/{data_get_bot_look.js → data/get_bot_look.js} +0 -0
  410. /package/backend/src/core/nodes/{data_get_entity_field.js → data/get_entity_field.js} +0 -0
  411. /package/backend/src/core/nodes/{data_get_server_players.js → data/get_server_players.js} +0 -0
  412. /package/backend/src/core/nodes/{data_get_variable.js → data/get_variable.js} +0 -0
  413. /package/backend/src/core/nodes/{data_length.js → data/length.js} +0 -0
  414. /package/backend/src/core/nodes/{data_make_object.js → data/make_object.js} +0 -0
  415. /package/backend/src/core/nodes/{data_number_literal.js → data/number_literal.js} +0 -0
  416. /package/backend/src/core/nodes/{data_string_literal.js → data/string_literal.js} +0 -0
  417. /package/backend/src/core/nodes/{logic_compare.js → logic/compare.js} +0 -0
  418. /package/backend/src/core/nodes/{logic_operation.js → logic/operation.js} +0 -0
  419. /package/backend/src/core/nodes/{math_operation.js → math/operation.js} +0 -0
  420. /package/backend/src/core/nodes/{math_random_number.js → math/random_number.js} +0 -0
  421. /package/backend/src/core/nodes/{object_create.js → objects/create.js} +0 -0
  422. /package/backend/src/core/nodes/{object_delete.js → objects/delete.js} +0 -0
  423. /package/backend/src/core/nodes/{object_get.js → objects/get.js} +0 -0
  424. /package/backend/src/core/nodes/{object_has_key.js → objects/has_key.js} +0 -0
  425. /package/backend/src/core/nodes/{object_set.js → objects/set.js} +0 -0
  426. /package/backend/src/core/nodes/{string_concat.js → strings/concat.js} +0 -0
  427. /package/backend/src/core/nodes/{string_contains.js → strings/contains.js} +0 -0
  428. /package/backend/src/core/nodes/{string_ends_with.js → strings/ends_with.js} +0 -0
  429. /package/backend/src/core/nodes/{string_equals.js → strings/equals.js} +0 -0
  430. /package/backend/src/core/nodes/{string_length.js → strings/length.js} +0 -0
  431. /package/backend/src/core/nodes/{string_matches.js → strings/matches.js} +0 -0
  432. /package/backend/src/core/nodes/{string_split.js → strings/split.js} +0 -0
  433. /package/backend/src/core/nodes/{string_starts_with.js → strings/starts_with.js} +0 -0
package/.claude/skills/platform-engineering/resources/container-orchestration.md ADDED
@@ -0,0 +1,916 @@
1
+ # Container Orchestration with Kubernetes
2
+
3
+ Deep dive into Kubernetes architecture, workload patterns, networking, storage, and security best practices for production container orchestration.
4
+
5
+ ## Table of Contents
6
+
7
+ - [Architecture](#architecture)
8
+ - [Workload Resources](#workload-resources)
9
+ - [Networking](#networking)
10
+ - [Storage](#storage)
11
+ - [Configuration Management](#configuration-management)
12
+ - [Security](#security)
13
+ - [Scaling](#scaling)
14
+ - [Best Practices](#best-practices)
15
+ - [Anti-Patterns](#anti-patterns)
16
+
17
+ ## Architecture
18
+
19
+ ### Control Plane Components
20
+
21
+ **API Server:**
22
+ ```yaml
23
+ # All cluster interactions go through API server
24
+ kubectl get pods # → API Server
25
+ kubectl create -f app.yaml # → API Server
26
+ kubectl delete deployment # → API Server
27
+ ```
28
+
29
+ **etcd:**
30
+ ```
31
+ # Distributed key-value store for cluster state
32
+ /registry/pods/default/nginx-pod
33
+ /registry/deployments/production/api-service
34
+ /registry/services/default/frontend
35
+ ```
36
+
37
+ **Scheduler:**
38
+ ```
39
+ 1. Watch for new pods with no assigned node
40
+ 2. Evaluate constraints (resources, affinity, taints)
41
+ 3. Score nodes for best fit
42
+ 4. Bind pod to selected node
43
+ ```
44
+
45
+ **Controller Manager:**
46
+ ```
47
+ Node Controller: Monitor node health
48
+ Replication Controller: Maintain desired replica count
49
+ Endpoint Controller: Populate endpoint objects
50
+ Service Account Controller: Create default service accounts
51
+ ```
52
+
53
+ ### Node Components
54
+
55
+ **Kubelet:**
56
+ ```
57
+ - Runs on each node
58
+ - Manages pod lifecycle
59
+ - Reports node and pod status
60
+ - Executes health checks
61
+ ```
62
+
63
+ **Kube-proxy:**
64
+ ```
65
+ - Maintains network rules
66
+ - Handles service networking
67
+ - Implements service load balancing
68
+ ```
69
+
70
+ **Container Runtime:**
71
+ ```
72
+ - containerd (most common)
73
+ - CRI-O
74
+ - Docker (deprecated, use containerd)
75
+ ```
76
+
77
+ ## Workload Resources
78
+
79
+ ### Pods
80
+
81
+ **Simple Pod:**
82
+ ```yaml
83
+ apiVersion: v1
84
+ kind: Pod
85
+ metadata:
86
+ name: nginx
87
+ labels:
88
+ app: nginx
89
+ environment: production
90
+ spec:
91
+ containers:
92
+ - name: nginx
93
+ image: nginx:1.25
94
+ ports:
95
+ - containerPort: 80
96
+ name: http
97
+ protocol: TCP
98
+ resources:
99
+ requests:
100
+ memory: "64Mi"
101
+ cpu: "100m"
102
+ limits:
103
+ memory: "128Mi"
104
+ cpu: "500m"
105
+ livenessProbe:
106
+ httpGet:
107
+ path: /healthz
108
+ port: 80
109
+ initialDelaySeconds: 30
110
+ periodSeconds: 10
111
+ readinessProbe:
112
+ httpGet:
113
+ path: /ready
114
+ port: 80
115
+ initialDelaySeconds: 5
116
+ periodSeconds: 5
117
+ ```
118
+
119
+ **Multi-container Pod (Sidecar Pattern):**
120
+ ```yaml
121
+ apiVersion: v1
122
+ kind: Pod
123
+ metadata:
124
+ name: app-with-logging
125
+ spec:
126
+ containers:
127
+ # Main application
128
+ - name: app
129
+ image: myapp:1.0
130
+ volumeMounts:
131
+ - name: logs
132
+ mountPath: /var/log/app
133
+
134
+ # Logging sidecar
135
+ - name: log-shipper
136
+ image: fluent/fluent-bit:2.0
137
+ volumeMounts:
138
+ - name: logs
139
+ mountPath: /var/log/app
140
+ readOnly: true
141
+
142
+ volumes:
143
+ - name: logs
144
+ emptyDir: {}
145
+ ```
146
+
147
+ ### Deployments
148
+
149
+ **Production Deployment:**
150
+ ```yaml
151
+ apiVersion: apps/v1
152
+ kind: Deployment
153
+ metadata:
154
+ name: api-service
155
+ namespace: production
156
+ labels:
157
+ app: api-service
158
+ team: platform
159
+ spec:
160
+ replicas: 3
161
+ revisionHistoryLimit: 10
162
+
163
+ # Pod selection
164
+ selector:
165
+ matchLabels:
166
+ app: api-service
167
+
168
+ # Update strategy
169
+ strategy:
170
+ type: RollingUpdate
171
+ rollingUpdate:
172
+ maxSurge: 1 # Allow 1 extra pod during update
173
+ maxUnavailable: 0 # No downtime
174
+
175
+ # Pod template
176
+ template:
177
+ metadata:
178
+ labels:
179
+ app: api-service
180
+ version: v1.2.3
181
+ annotations:
182
+ prometheus.io/scrape: "true"
183
+ prometheus.io/port: "8080"
184
+ prometheus.io/path: "/metrics"
185
+ spec:
186
+ # Security context
187
+ securityContext:
188
+ runAsNonRoot: true
189
+ runAsUser: 1000
190
+ fsGroup: 1000
191
+
192
+ # Service account
193
+ serviceAccountName: api-service
194
+
195
+ # Init containers
196
+ initContainers:
197
+ - name: migration
198
+ image: api-service:v1.2.3
199
+ command: ['npm', 'run', 'migrate']
200
+ envFrom:
201
+ - secretRef:
202
+ name: database-credentials
203
+
204
+ # Main containers
205
+ containers:
206
+ - name: api
207
+ image: api-service:v1.2.3
208
+ imagePullPolicy: IfNotPresent
209
+
210
+ ports:
211
+ - name: http
212
+ containerPort: 8080
213
+ protocol: TCP
214
+
215
+ # Environment variables
216
+ env:
217
+ - name: NODE_ENV
218
+ value: "production"
219
+ - name: PORT
220
+ value: "8080"
221
+ - name: DATABASE_URL
222
+ valueFrom:
223
+ secretKeyRef:
224
+ name: database-credentials
225
+ key: url
226
+
227
+ # Resource management
228
+ resources:
229
+ requests:
230
+ memory: "256Mi"
231
+ cpu: "100m"
232
+ limits:
233
+ memory: "512Mi"
234
+ cpu: "1000m"
235
+
236
+ # Health checks
237
+ livenessProbe:
238
+ httpGet:
239
+ path: /health
240
+ port: 8080
241
+ initialDelaySeconds: 30
242
+ periodSeconds: 10
243
+ timeoutSeconds: 5
244
+ failureThreshold: 3
245
+
246
+ readinessProbe:
247
+ httpGet:
248
+ path: /ready
249
+ port: 8080
250
+ initialDelaySeconds: 10
251
+ periodSeconds: 5
252
+ timeoutSeconds: 3
253
+ failureThreshold: 2
254
+
255
+ # Startup probe (for slow-starting apps)
256
+ startupProbe:
257
+ httpGet:
258
+ path: /health
259
+ port: 8080
260
+ failureThreshold: 30
261
+ periodSeconds: 10
262
+
263
+ # Volume mounts
264
+ volumeMounts:
265
+ - name: config
266
+ mountPath: /app/config
267
+ readOnly: true
268
+ - name: cache
269
+ mountPath: /app/cache
270
+
271
+ # Volumes
272
+ volumes:
273
+ - name: config
274
+ configMap:
275
+ name: api-config
276
+ - name: cache
277
+ emptyDir:
278
+ sizeLimit: 1Gi
279
+
280
+ # Affinity rules
281
+ affinity:
282
+ podAntiAffinity:
283
+ preferredDuringSchedulingIgnoredDuringExecution:
284
+ - weight: 100
285
+ podAffinityTerm:
286
+ labelSelector:
287
+ matchExpressions:
288
+ - key: app
289
+ operator: In
290
+ values:
291
+ - api-service
292
+ topologyKey: kubernetes.io/hostname
293
+ ```
294
+
295
+ ### StatefulSets
296
+
297
+ **Database StatefulSet:**
298
+ ```yaml
299
+ apiVersion: apps/v1
300
+ kind: StatefulSet
301
+ metadata:
302
+ name: postgres
303
+ namespace: databases
304
+ spec:
305
+ serviceName: postgres
306
+ replicas: 3
307
+ selector:
308
+ matchLabels:
309
+ app: postgres
310
+
311
+ template:
312
+ metadata:
313
+ labels:
314
+ app: postgres
315
+ spec:
316
+ containers:
317
+ - name: postgres
318
+ image: postgres:15
319
+ ports:
320
+ - containerPort: 5432
321
+ name: postgres
322
+
323
+ env:
324
+ - name: POSTGRES_PASSWORD
325
+ valueFrom:
326
+ secretKeyRef:
327
+ name: postgres-secret
328
+ key: password
329
+ - name: PGDATA
330
+ value: /var/lib/postgresql/data/pgdata
331
+
332
+ volumeMounts:
333
+ - name: data
334
+ mountPath: /var/lib/postgresql/data
335
+
336
+ resources:
337
+ requests:
338
+ memory: "1Gi"
339
+ cpu: "500m"
340
+ limits:
341
+ memory: "2Gi"
342
+ cpu: "2000m"
343
+
344
+ # Volume claim templates (creates PVC per pod)
345
+ volumeClaimTemplates:
346
+ - metadata:
347
+ name: data
348
+ spec:
349
+ accessModes: [ "ReadWriteOnce" ]
350
+ storageClassName: fast-ssd
351
+ resources:
352
+ requests:
353
+ storage: 100Gi
354
+ ```
355
+
356
+ ### DaemonSets
357
+
358
+ **Monitoring Agent:**
359
+ ```yaml
360
+ apiVersion: apps/v1
361
+ kind: DaemonSet
362
+ metadata:
363
+ name: node-exporter
364
+ namespace: monitoring
365
+ spec:
366
+ selector:
367
+ matchLabels:
368
+ app: node-exporter
369
+
370
+ template:
371
+ metadata:
372
+ labels:
373
+ app: node-exporter
374
+ spec:
375
+ hostNetwork: true
376
+ hostPID: true
377
+
378
+ containers:
379
+ - name: node-exporter
380
+ image: prom/node-exporter:v1.6.0
381
+ args:
382
+ - --path.procfs=/host/proc
383
+ - --path.sysfs=/host/sys
384
+
385
+ ports:
386
+ - containerPort: 9100
387
+ hostPort: 9100
388
+ name: metrics
389
+
390
+ volumeMounts:
391
+ - name: proc
392
+ mountPath: /host/proc
393
+ readOnly: true
394
+ - name: sys
395
+ mountPath: /host/sys
396
+ readOnly: true
397
+
398
+ resources:
399
+ requests:
400
+ memory: "50Mi"
401
+ cpu: "50m"
402
+ limits:
403
+ memory: "100Mi"
404
+ cpu: "200m"
405
+
406
+ volumes:
407
+ - name: proc
408
+ hostPath:
409
+ path: /proc
410
+ - name: sys
411
+ hostPath:
412
+ path: /sys
413
+
414
+ tolerations:
415
+ - effect: NoSchedule
416
+ operator: Exists
417
+ ```
418
+
419
+ ## Networking
420
+
421
+ ### Services
422
+
423
+ **ClusterIP (Internal):**
424
+ ```yaml
425
+ apiVersion: v1
426
+ kind: Service
427
+ metadata:
428
+ name: api-service
429
+ namespace: production
430
+ spec:
431
+ type: ClusterIP
432
+ selector:
433
+ app: api-service
434
+ ports:
435
+ - port: 80
436
+ targetPort: 8080
437
+ protocol: TCP
438
+ name: http
439
+ ```
440
+
441
+ **LoadBalancer (External):**
442
+ ```yaml
443
+ apiVersion: v1
444
+ kind: Service
445
+ metadata:
446
+ name: frontend
447
+ namespace: production
448
+ annotations:
449
+ service.beta.kubernetes.io/aws-load-balancer-type: nlb
450
+ spec:
451
+ type: LoadBalancer
452
+ selector:
453
+ app: frontend
454
+ ports:
455
+ - port: 80
456
+ targetPort: 8080
457
+ protocol: TCP
458
+ ```
459
+
460
+ **Headless Service (StatefulSet):**
461
+ ```yaml
462
+ apiVersion: v1
463
+ kind: Service
464
+ metadata:
465
+ name: postgres
466
+ namespace: databases
467
+ spec:
468
+ clusterIP: None # Headless
469
+ selector:
470
+ app: postgres
471
+ ports:
472
+ - port: 5432
473
+ targetPort: 5432
474
+ ```
475
+
476
+ ### Ingress
477
+
478
+ **NGINX Ingress with TLS:**
479
+ ```yaml
480
+ apiVersion: networking.k8s.io/v1
481
+ kind: Ingress
482
+ metadata:
483
+ name: app-ingress
484
+ namespace: production
485
+ annotations:
486
+ cert-manager.io/cluster-issuer: letsencrypt-prod
487
+ nginx.ingress.kubernetes.io/ssl-redirect: "true"
488
+ nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
489
+ nginx.ingress.kubernetes.io/rate-limit: "100"
490
+ spec:
491
+ ingressClassName: nginx
492
+
493
+ tls:
494
+ - hosts:
495
+ - api.example.com
496
+ - app.example.com
497
+ secretName: app-tls-cert
498
+
499
+ rules:
500
+ - host: api.example.com
501
+ http:
502
+ paths:
503
+ - path: /
504
+ pathType: Prefix
505
+ backend:
506
+ service:
507
+ name: api-service
508
+ port:
509
+ number: 80
510
+
511
+ - host: app.example.com
512
+ http:
513
+ paths:
514
+ - path: /
515
+ pathType: Prefix
516
+ backend:
517
+ service:
518
+ name: frontend
519
+ port:
520
+ number: 80
521
+ ```
522
+
523
+ ### Network Policies
524
+
525
+ **Restrict Pod Communication:**
526
+ ```yaml
527
+ apiVersion: networking.k8s.io/v1
528
+ kind: NetworkPolicy
529
+ metadata:
530
+ name: api-network-policy
531
+ namespace: production
532
+ spec:
533
+ podSelector:
534
+ matchLabels:
535
+ app: api-service
536
+
537
+ policyTypes:
538
+ - Ingress
539
+ - Egress
540
+
541
+ # Ingress rules
542
+ ingress:
543
+ - from:
544
+ # Allow from frontend pods
545
+ - podSelector:
546
+ matchLabels:
547
+ app: frontend
548
+ # Allow from ingress controller
549
+ - namespaceSelector:
550
+ matchLabels:
551
+ name: ingress-nginx
552
+ ports:
553
+ - protocol: TCP
554
+ port: 8080
555
+
556
+ # Egress rules
557
+ egress:
558
+ # Allow DNS
559
+ - to:
560
+ - namespaceSelector:
561
+ matchLabels:
562
+ name: kube-system
563
+ ports:
564
+ - protocol: UDP
565
+ port: 53
566
+
567
+ # Allow database access
568
+ - to:
569
+ - podSelector:
570
+ matchLabels:
571
+ app: postgres
572
+ ports:
573
+ - protocol: TCP
574
+ port: 5432
575
+ ```
576
+
577
+ ## Storage
578
+
579
+ ### PersistentVolume and PersistentVolumeClaim
580
+
581
+ **PersistentVolume:**
582
+ ```yaml
583
+ apiVersion: v1
584
+ kind: PersistentVolume
585
+ metadata:
586
+ name: data-pv-001
587
+ spec:
588
+ capacity:
589
+ storage: 100Gi
590
+ volumeMode: Filesystem
591
+ accessModes:
592
+ - ReadWriteOnce
593
+ persistentVolumeReclaimPolicy: Retain
594
+ storageClassName: fast-ssd
595
+
596
+ # AWS EBS
597
+ awsElasticBlockStore:
598
+ volumeID: vol-0123456789abcdef
599
+ fsType: ext4
600
+ ```
601
+
602
+ **PersistentVolumeClaim:**
603
+ ```yaml
604
+ apiVersion: v1
605
+ kind: PersistentVolumeClaim
606
+ metadata:
607
+ name: app-data
608
+ namespace: production
609
+ spec:
610
+ accessModes:
611
+ - ReadWriteOnce
612
+ storageClassName: fast-ssd
613
+ resources:
614
+ requests:
615
+ storage: 50Gi
616
+ ```
617
+
618
+ **Usage in Pod:**
619
+ ```yaml
620
+ apiVersion: v1
621
+ kind: Pod
622
+ metadata:
623
+ name: app
624
+ spec:
625
+ containers:
626
+ - name: app
627
+ image: myapp:1.0
628
+ volumeMounts:
629
+ - mountPath: /data
630
+ name: app-data
631
+
632
+ volumes:
633
+ - name: app-data
634
+ persistentVolumeClaim:
635
+ claimName: app-data
636
+ ```
637
+
638
+ ### StorageClass
639
+
640
+ **Dynamic Provisioning:**
641
+ ```yaml
642
+ apiVersion: storage.k8s.io/v1
643
+ kind: StorageClass
644
+ metadata:
645
+ name: fast-ssd
646
+ provisioner: kubernetes.io/aws-ebs
647
+ parameters:
648
+ type: gp3
649
+ iops: "3000"
650
+ throughput: "125"
651
+ encrypted: "true"
652
+ volumeBindingMode: WaitForFirstConsumer
653
+ allowVolumeExpansion: true
654
+ reclaimPolicy: Delete
655
+ ```
656
+
657
+ ## Configuration Management
658
+
659
+ ### ConfigMaps
660
+
661
+ ```yaml
662
+ apiVersion: v1
663
+ kind: ConfigMap
664
+ metadata:
665
+ name: app-config
666
+ namespace: production
667
+ data:
668
+ # Simple key-value
669
+ LOG_LEVEL: "info"
670
+ ENABLE_FEATURE_X: "true"
671
+
672
+ # Configuration file
673
+ nginx.conf: |
674
+ server {
675
+ listen 80;
676
+ server_name _;
677
+
678
+ location / {
679
+ proxy_pass http://backend:8080;
680
+ }
681
+ }
682
+
683
+ # JSON configuration
684
+ config.json: |
685
+ {
686
+ "database": {
687
+ "pool": {
688
+ "min": 5,
689
+ "max": 20
690
+ }
691
+ }
692
+ }
693
+ ```
694
+
695
+ ### Secrets
696
+
697
+ ```yaml
698
+ apiVersion: v1
699
+ kind: Secret
700
+ metadata:
701
+ name: database-credentials
702
+ namespace: production
703
+ type: Opaque
704
+ stringData:
705
+ username: admin
706
+ password: super-secret-password
707
+ url: postgresql://admin:super-secret-password@db:5432/myapp
708
+ ```
709
+
710
+ **External Secrets Operator:**
711
+ ```yaml
712
+ apiVersion: external-secrets.io/v1beta1
713
+ kind: ExternalSecret
714
+ metadata:
715
+ name: database-credentials
716
+ namespace: production
717
+ spec:
718
+ refreshInterval: 1h
719
+ secretStoreRef:
720
+ name: aws-secrets-manager
721
+ kind: SecretStore
722
+
723
+ target:
724
+ name: database-credentials
725
+ creationPolicy: Owner
726
+
727
+ data:
728
+ - secretKey: password
729
+ remoteRef:
730
+ key: prod/database/password
731
+ - secretKey: username
732
+ remoteRef:
733
+ key: prod/database/username
734
+ ```
735
+
736
+ ## Security
737
+
738
+ ### Pod Security Standards
739
+
740
+ ```yaml
741
+ apiVersion: v1
742
+ kind: Namespace
743
+ metadata:
744
+ name: production
745
+ labels:
746
+ pod-security.kubernetes.io/enforce: restricted
747
+ pod-security.kubernetes.io/audit: restricted
748
+ pod-security.kubernetes.io/warn: restricted
749
+ ```
750
+
751
+ **Secure Pod:**
752
+ ```yaml
753
+ apiVersion: v1
754
+ kind: Pod
755
+ metadata:
756
+ name: secure-app
757
+ spec:
758
+ securityContext:
759
+ runAsNonRoot: true
760
+ runAsUser: 1000
761
+ fsGroup: 1000
762
+ seccompProfile:
763
+ type: RuntimeDefault
764
+
765
+ containers:
766
+ - name: app
767
+ image: myapp:1.0
768
+ securityContext:
769
+ allowPrivilegeEscalation: false
770
+ readOnlyRootFilesystem: true
771
+ capabilities:
772
+ drop:
773
+ - ALL
774
+
775
+ volumeMounts:
776
+ - name: tmp
777
+ mountPath: /tmp
778
+
779
+ volumes:
780
+ - name: tmp
781
+ emptyDir: {}
782
+ ```
783
+
784
+ ### RBAC
785
+
786
+ **Service Account:**
787
+ ```yaml
788
+ apiVersion: v1
789
+ kind: ServiceAccount
790
+ metadata:
791
+ name: api-service
792
+ namespace: production
793
+ ```
794
+
795
+ **Role:**
796
+ ```yaml
797
+ apiVersion: rbac.authorization.k8s.io/v1
798
+ kind: Role
799
+ metadata:
800
+ name: configmap-reader
801
+ namespace: production
802
+ rules:
803
+ - apiGroups: [""]
804
+ resources: ["configmaps"]
805
+ verbs: ["get", "list", "watch"]
806
+ ```
807
+
808
+ **RoleBinding:**
809
+ ```yaml
810
+ apiVersion: rbac.authorization.k8s.io/v1
811
+ kind: RoleBinding
812
+ metadata:
813
+ name: api-service-configmap-reader
814
+ namespace: production
815
+ subjects:
816
+ - kind: ServiceAccount
817
+ name: api-service
818
+ namespace: production
819
+ roleRef:
820
+ kind: Role
821
+ name: configmap-reader
822
+ apiGroup: rbac.authorization.k8s.io
823
+ ```
824
+
825
+ ## Scaling
826
+
827
+ ### Horizontal Pod Autoscaler
828
+
829
+ ```yaml
830
+ apiVersion: autoscaling/v2
831
+ kind: HorizontalPodAutoscaler
832
+ metadata:
833
+ name: api-service
834
+ namespace: production
835
+ spec:
836
+ scaleTargetRef:
837
+ apiVersion: apps/v1
838
+ kind: Deployment
839
+ name: api-service
840
+
841
+ minReplicas: 3
842
+ maxReplicas: 100
843
+
844
+ metrics:
845
+ # CPU-based scaling
846
+ - type: Resource
847
+ resource:
848
+ name: cpu
849
+ target:
850
+ type: Utilization
851
+ averageUtilization: 70
852
+
853
+ # Memory-based scaling
854
+ - type: Resource
855
+ resource:
856
+ name: memory
857
+ target:
858
+ type: Utilization
859
+ averageUtilization: 80
860
+
861
+ # Custom metrics (requires metrics server)
862
+ - type: Pods
863
+ pods:
864
+ metric:
865
+ name: http_requests_per_second
866
+ target:
867
+ type: AverageValue
868
+ averageValue: "1000"
869
+
870
+ behavior:
871
+ scaleDown:
872
+ stabilizationWindowSeconds: 300
873
+ policies:
874
+ - type: Percent
875
+ value: 10
876
+ periodSeconds: 60
877
+ scaleUp:
878
+ stabilizationWindowSeconds: 0
879
+ policies:
880
+ - type: Percent
881
+ value: 50
882
+ periodSeconds: 30
883
+ ```
884
+
885
+ ## Best Practices
886
+
887
+ 1. **Always set resource requests and limits**
888
+ 2. **Implement health checks (liveness, readiness, startup)**
889
+ 3. **Use namespaces for isolation**
890
+ 4. **Run containers as non-root**
891
+ 5. **Use read-only root filesystems**
892
+ 6. **Implement network policies**
893
+ 7. **Use secrets for sensitive data**
894
+ 8. **Enable pod disruption budgets**
895
+ 9. **Use multiple replicas for HA**
896
+ 10. **Tag everything with labels**
897
+
898
+ ## Anti-Patterns
899
+
900
+ ❌ No resource limits (causes node resource exhaustion)
901
+ ❌ Running as root user (security vulnerability)
902
+ ❌ No health checks (pods stay in service when unhealthy)
903
+ ❌ Latest image tag (not reproducible)
904
+ ❌ Storing secrets in ConfigMaps
905
+ ❌ No pod disruption budgets (maintenance causes downtime)
906
+ ❌ Single replica for critical services
907
+ ❌ No network policies (unrestricted pod communication)
908
+ ❌ Privileged containers (security risk)
909
+ ❌ Host network mode (unless required)
910
+
911
+ ---
912
+
913
+ **Related Resources:**
914
+ - [infrastructure-as-code.md](infrastructure-as-code.md) - IaC patterns
915
+ - [service-mesh.md](service-mesh.md) - Advanced networking with Istio
916
+ - [platform-security.md](platform-security.md) - Security best practices