insforge 0.3.1

package/backend/tests/test-config.sh

@@ -0,0 +1,303 @@
+#!/bin/bash
+
+# Test configuration file
+# Source this file in test scripts to get consistent configuration
+
+# API Configuration
+export TEST_API_BASE="${TEST_API_BASE:-http://localhost:7130/api}"
+
+# Admin credentials - can be overridden by environment variables
+export TEST_ADMIN_EMAIL="${TEST_ADMIN_EMAIL:-${ADMIN_EMAIL:-admin@example.com}}"
+export TEST_ADMIN_PASSWORD="${TEST_ADMIN_PASSWORD:-${ADMIN_PASSWORD:-change-this-password}}"
+
+# User test credentials
+export TEST_USER_EMAIL_PREFIX="${TEST_USER_EMAIL_PREFIX:-testuser_}"
+
+# Colors for output
+export RED='\033[0;31m'
+export GREEN='\033[0;32m'
+export YELLOW='\033[1;33m'
+export BLUE='\033[0;34m'
+export NC='\033[0m' # No Color
+
+# Utility functions
+print_success() {
+    echo -e "${GREEN}✅ $1${NC}"
+}
+
+print_fail() {
+    echo -e "${RED}❌ $1${NC}"
+    track_test_failure
+}
+
+print_info() {
+    echo -e "${YELLOW}$1${NC}"
+}
+
+print_blue() {
+    echo -e "${BLUE}$1${NC}"
+}
+
+# Function to login as admin and get token
+get_admin_token() {
+    # Use JWT admin endpoint
+    local response=$(curl -s -X POST "$TEST_API_BASE/auth/admin/sessions" \
+        -H "Content-Type: application/json" \
+        -d "{\"email\":\"$TEST_ADMIN_EMAIL\",\"password\":\"$TEST_ADMIN_PASSWORD\"}")
+    
+    if echo "$response" | grep -q '"accessToken"'; then
+            echo "$response" | grep -o '"accessToken":"[^"]*"' | cut -d'"' -f4
+        else
+            echo ""
+        fi
+}
+
+# Function to get admin API key
+get_admin_api_key() {
+    # Only use ACCESS_API_KEY environment variable
+    if [ -n "$ACCESS_API_KEY" ]; then
+        echo "$ACCESS_API_KEY"
+    else
+        echo ""
+    fi
+}
+
+# Check if required tools are installed
+check_requirements() {
+    if ! command -v curl &> /dev/null; then
+        print_fail "curl is required but not installed"
+        exit 1
+    fi
+    
+    if ! command -v jq &> /dev/null; then
+        print_info "jq is recommended for JSON parsing"
+    fi
+}
+
+# Array to track test tables created
+declare -a TEST_TABLES_CREATED=()
+
+# Array to track test users created
+declare -a TEST_USERS_CREATED=()
+
+# Array to track test buckets created
+declare -a TEST_BUCKETS_CREATED=()
+
+# Function to register a table for cleanup
+register_test_table() {
+    local table_name=$1
+    TEST_TABLES_CREATED+=("$table_name")
+}
+
+# Function to register a user for cleanup
+register_test_user() {
+    local user_email=$1
+    TEST_USERS_CREATED+=("$user_email")
+}
+
+# Function to register a bucket for cleanup
+register_test_bucket() {
+    local bucket_name=$1
+    TEST_BUCKETS_CREATED+=("$bucket_name")
+}
+
+# Function to register a user with Better Auth
+register_user() {
+    local email=$1
+    local password=$2
+    local name=${3:-"Test User"}
+    
+    # Use JWT registration
+    curl -s -X POST "$TEST_API_BASE/auth/users" \
+        -H "Content-Type: application/json" \
+        -d "{\"email\":\"$email\",\"password\":\"$password\",\"name\":\"$name\"}"
+}
+
+# Function to login a user with Better Auth
+login_user() {
+    local email=$1
+    local password=$2
+    
+    # Use JWT login
+    curl -s -X POST "$TEST_API_BASE/auth/sessions" \
+        -H "Content-Type: application/json" \
+        -d "{\"email\":\"$email\",\"password\":\"$password\"}"
+}
+
+# Function to get user profile with auth token
+get_user_profile() {
+    local token=$1
+    
+    # Use JWT profile endpoint
+    curl -s -X GET "$TEST_API_BASE/auth/sessions/current" \
+        -H "Authorization: Bearer $token"
+}
+
+# Function to delete a table
+delete_table() {
+    local table_name=$1
+    local token=$2
+    
+    curl -s -X DELETE "$TEST_API_BASE/database/tables/$table_name" \
+        -H "Authorization: Bearer $token" \
+        -H "Content-Type: application/json" > /dev/null 2>&1
+}
+
+# Function to cleanup all test data
+cleanup_test_data() {
+    # Always attempt cleanup, even if some parts fail
+    print_info "🧹 Cleaning up test data..."
+    
+    local cleanup_failed=0
+    
+    # Try to get credentials - but continue cleanup even if they fail
+    local admin_token=$(get_admin_token 2>/dev/null || echo "")
+    local api_key=$(get_admin_api_key 2>/dev/null || echo "")
+    
+    if [ -z "$admin_token" ]; then
+        print_info "No admin token available - some cleanup may be limited"
+    fi
+    
+    if [ -z "$api_key" ]; then
+        print_info "No API key available - bucket cleanup may be limited"
+    fi
+    
+    # 1. Delete all registered test tables
+    if [ ${#TEST_TABLES_CREATED[@]} -gt 0 ]; then
+        if [ -n "$admin_token" ]; then
+            print_info "Deleting test tables..."
+            for table in "${TEST_TABLES_CREATED[@]}"; do
+                print_info "  - Deleting table: $table"
+                if ! delete_table "$table" "$admin_token"; then
+                    echo "    ✗ Failed to delete"
+                    cleanup_failed=1
+                else
+                    echo "    ✓ Deleted"
+                fi
+            done
+        else
+            print_fail "Cannot delete tables without admin token"
+            print_info "Tables to delete manually:"
+            for table in "${TEST_TABLES_CREATED[@]}"; do
+                echo "  - $table"
+            done
+            cleanup_failed=1
+        fi
+    fi
+    
+    # 2. Delete all test users
+    if [ ${#TEST_USERS_CREATED[@]} -gt 0 ] && [ -n "$admin_token" ]; then
+        print_info "Deleting test users..."
+        
+        # Get all users to find IDs of test users
+        local users_response=$(curl -s -X GET "$TEST_API_BASE/auth/users?limit=100" \
+            -H "Authorization: Bearer $admin_token" \
+            -H "Content-Type: application/json" 2>/dev/null || echo "")
+        
+        if [ -n "$users_response" ] && echo "$users_response" | grep -q '"data"'; then
+            local user_ids=()
+            
+            # Extract data array from response (new format uses "data" instead of "users")
+            local users_json=$(echo "$users_response" | grep -o '"data":\[[^]]*\]' | sed 's/"data"://')
+            
+            # Find IDs of test users by email
+            for test_email in "${TEST_USERS_CREATED[@]}"; do
+                local user_id=$(echo "$users_json" | grep -B2 -A2 "\"email\":\"$test_email\"" | grep -o '"id":"[^"]*"' | head -1 | cut -d'"' -f4)
+                if [ -n "$user_id" ]; then
+                    user_ids+=("$user_id")
+                    print_info "  - Found test user: $test_email (ID: $user_id)"
+                fi
+            done
+            
+            # Bulk delete test users
+            if [ ${#user_ids[@]} -gt 0 ]; then
+                local delete_response=$(curl -s -X DELETE "$TEST_API_BASE/auth/users" \
+                    -H "Authorization: Bearer $admin_token" \
+                    -H "Content-Type: application/json" \
+                    -d "{\"userIds\": [$(printf '"%s",' "${user_ids[@]}" | sed 's/,$//' )]}")
+                
+                if ! echo "$delete_response" | grep -q '"error"'; then
+                    print_success "  Deleted ${#user_ids[@]} test users"
+                else
+                    print_fail "  Failed to delete test users"
+                    echo "    Response: $delete_response"
+                fi
+            fi
+        else
+            print_fail "  Could not list users for cleanup"
+        fi
+    fi
+    
+    # 3. Delete all test buckets
+    if [ ${#TEST_BUCKETS_CREATED[@]} -gt 0 ]; then
+        if [ -n "$api_key" ]; then
+            print_info "Deleting test buckets..."
+            for bucket in "${TEST_BUCKETS_CREATED[@]}"; do
+                print_info "  - Deleting bucket: $bucket"
+                delete_response=$(curl -s -w "\n%{http_code}" -X DELETE "$TEST_API_BASE/storage/buckets/$bucket" \
+                    -H "Authorization: Bearer $api_key" 2>/dev/null || echo "500")
+                status=$(echo "$delete_response" | tail -n 1)
+                if [ "$status" -ge 200 ] && [ "$status" -lt 300 ]; then
+                    echo "    ✓ Deleted"
+                else
+                    echo "    ✗ Failed (status: $status)"
+                    cleanup_failed=1
+                fi
+            done
+        else
+            print_fail "Cannot delete buckets without API key"
+            print_info "Buckets to delete manually:"
+            for bucket in "${TEST_BUCKETS_CREATED[@]}"; do
+                echo "  - $bucket"
+            done
+            cleanup_failed=1
+        fi
+    fi
+    
+    if [ $cleanup_failed -eq 1 ]; then
+        print_fail "Cleanup completed with errors - some resources may need manual cleanup"
+    else
+        print_success "Cleanup completed successfully"
+    fi
+}
+
+# Test failure tracking
+TEST_FAILED=0
+
+# Function to track test failures
+track_test_failure() {
+    TEST_FAILED=1
+}
+
+# Function to exit with proper code
+exit_with_status() {
+    if [ $TEST_FAILED -eq 1 ]; then
+        exit 1
+    else
+        exit 0
+    fi
+}
+
+# Set error handling
+set -E  # Inherit ERR trap in functions
+
+# Function to handle script termination
+handle_exit() {
+    local exit_code=$?
+    
+    # Run cleanup
+    cleanup_test_data
+    
+    # Exit with the original exit code or our tracked failure status
+    if [ $TEST_FAILED -eq 1 ] || [ $exit_code -ne 0 ]; then
+        exit 1
+    else
+        exit 0
+    fi
+}
+
+# Trap to ensure cleanup runs on any exit condition
+trap handle_exit EXIT
+trap handle_exit ERR
+trap handle_exit INT
+trap handle_exit TERM

package/backend/tsconfig.json

@@ -0,0 +1,23 @@
+{
+  "compilerOptions": {
+    "target": "ES2022",
+    "module": "ES2022",
+    "lib": ["ES2022"],
+    "outDir": "../dist",
+    "baseUrl": ".",
+    "paths": {
+      "@/*": ["./src/*"],
+      "@insforge/shared-schemas": ["../shared-schemas/src/index.ts"]
+    },
+    "strict": true,
+    "esModuleInterop": true,
+    "skipLibCheck": true,
+    "forceConsistentCasingInFileNames": true,
+    "moduleResolution": "node",
+    "resolveJsonModule": true,
+    "allowSyntheticDefaultImports": true,
+    "types": ["node"]
+  },
+  "include": ["src/**/*", "../shared-schemas/src/**/*"],
+  "exclude": ["node_modules", "dist"]
+}

package/backend/tsup.config.ts

@@ -0,0 +1,18 @@
+import { defineConfig } from 'tsup';
+
+export default defineConfig({
+  entry: ['src/server.ts'],
+  format: ['esm'],
+  target: 'node20',
+  platform: 'node',
+  outDir: '../dist',
+  clean: false, // Don't clean the whole dist folder (frontend is there)
+  sourcemap: true,
+  // Don't bundle node_modules, only our code and shared-schemas
+  noExternal: [/@insforge\/shared-schemas/],
+  esbuildOptions(options) {
+    options.alias = {
+      '@': './src',
+    };
+  },
+});

package/backend/vitest.config.ts

@@ -0,0 +1,22 @@
+import { defineConfig } from 'vitest/config';
+
+export default defineConfig({
+  test: {
+    environment: 'node',
+    globals: true,
+    setupFiles: ['./tests/setup.ts'],
+    coverage: {
+      provider: 'v8',
+      reporter: ['text', 'json', 'html'],
+      exclude: ['node_modules/', 'dist/', 'frontend/', 'tests/', '**/*.d.ts', '**/*.config.*'],
+    },
+    testTimeout: 10000,
+    // Run tests sequentially to avoid database conflicts
+    pool: 'forks',
+    poolOptions: {
+      forks: {
+        singleFork: true,
+      },
+    },
+  },
+});

package/docker-compose.prod.yml

@@ -0,0 +1,145 @@
+services:
+  postgres:
+    image: postgres:15.13
+    container_name: insforge-postgres
+    command: postgres -c config_file=/etc/postgresql/postgresql.conf
+    environment:
+      - POSTGRES_USER=${POSTGRES_USER:-postgres}
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-postgres}
+      - POSTGRES_DB=${POSTGRES_DB:-insforge}
+    volumes:
+      - postgres-data:/var/lib/postgresql/data
+      - ./docker-init/db/db-init.sql:/docker-entrypoint-initdb.d/01-init.sql
+      - ./docker-init/db/jwt.sql:/docker-entrypoint-initdb.d/02-jwt.sql
+      - ./docker-init/db/logs.sql:/docker-entrypoint-initdb.d/03-logs.sql
+      - ./docker-init/db/postgresql.conf:/etc/postgresql/postgresql.conf
+    ports:
+      - "5432:5432"
+    networks:
+      - insforge-network
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U postgres"]
+      interval: 5s
+      timeout: 5s
+      retries: 5
+
+  postgrest:
+    image: postgrest/postgrest:v12.2.12
+    container_name: insforge-postgrest
+    restart: unless-stopped
+    environment:
+      #POSTGRES_USER: ${POSTGRES_USER:-postgres}
+      #POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-postgres}
+      #POSTGRES_DB: ${POSTGRES_DB:-insforge}
+      PGRST_DB_URI: postgres://${POSTGRES_USER:-postgres}:${POSTGRES_PASSWORD:-postgres}@postgres:5432/${POSTGRES_DB:-insforge}
+      PGRST_OPENAPI_SERVER_PROXY_URI: http://localhost:3000
+      PGRST_DB_SCHEMA: public
+      PGRST_DB_ANON_ROLE: anon
+      PGRST_JWT_SECRET: ${JWT_SECRET}
+    ports:
+      - "5430:3000"
+    depends_on:
+      postgres:
+        condition: service_healthy
+    networks:
+      - insforge-network
+
+  insforge:
+    build:
+      context: .
+      dockerfile: Dockerfile
+      args:
+        VITE_API_BASE_URL: ${VITE_API_BASE_URL:-http://localhost:7130}
+    container_name: insforge
+    depends_on:
+      postgres:
+        condition: service_healthy
+    ports:
+      - "7130:7130"
+      - "7131:7131"
+    environment:
+      - PORT=7130
+      - PROJECT_ROOT=/app
+      - API_BASE_URL=${API_BASE_URL:-}
+      - JWT_SECRET=${JWT_SECRET:-dev-secret-change-in-production}
+      - ENCRYPTION_KEY=${ENCRYPTION_KEY:-}
+      - ADMIN_EMAIL=${ADMIN_EMAIL:-admin@example.com}
+      - ADMIN_PASSWORD=${ADMIN_PASSWORD:-change-this-password}
+      # PostgreSQL connection
+      - POSTGRES_HOST=postgres
+      - POSTGRES_PORT=5432
+      - POSTGRES_DB=${POSTGRES_DB:-insforge}
+      - POSTGRES_USER=${POSTGRES_USER:-postgres}
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-postgres}
+      - DATABASE_URL=postgresql://${POSTGRES_USER:-postgres}:${POSTGRES_PASSWORD:-postgres}@postgres:5432/${POSTGRES_DB:-insforge}
+      - POSTGREST_BASE_URL=http://postgrest:3000
+      # Deno Runtime URL for serverless functions
+      - DENO_RUNTIME_URL=http://deno:7133
+      # Storage Configuration
+      - AWS_S3_BUCKET=${AWS_S3_BUCKET:-}
+      - AWS_REGION=${AWS_REGION:-}
+      # Multi-tenant Cloud Configuration
+      - DEPLOYMENT_ID=${DEPLOYMENT_ID:-}
+      - PROJECT_ID=${PROJECT_ID:-}
+      - APP_KEY=${APP_KEY:-}
+      - ACCESS_API_KEY=${ACCESS_API_KEY:-}
+      # LLM Model API keys
+      - OPENROUTER_API_KEY=${OPENROUTER_API_KEY:-}
+      # OAuth Configuration
+      - GOOGLE_CLIENT_ID=${GOOGLE_CLIENT_ID:-}
+      - GOOGLE_CLIENT_SECRET=${GOOGLE_CLIENT_SECRET:-}
+      - GITHUB_CLIENT_ID=${GITHUB_CLIENT_ID:-}
+      - GITHUB_CLIENT_SECRET=${GITHUB_CLIENT_SECRET:-}
+    restart: unless-stopped
+    networks:
+      - insforge-network
+
+  # Deno serverless runtime for edge functions
+  deno:
+    image: denoland/deno:alpine-2.0.6
+    container_name: insforge-deno
+    working_dir: /app
+    depends_on:
+      - postgres
+      - postgrest
+    ports:
+      - "7133:7133"
+    environment:
+      - PORT=7133
+      - DENO_ENV=${DENO_ENV:-production}
+      - DENO_DIR=/deno-dir
+      # PostgreSQL connection
+      - POSTGRES_HOST=postgres
+      - POSTGRES_PORT=5432
+      - POSTGRES_DB=${POSTGRES_DB:-insforge}
+      - POSTGRES_USER=${POSTGRES_USER:-postgres}
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-postgres}
+      - POSTGREST_BASE_URL=http://postgrest:3000
+      # Worker timeout (30 seconds default)
+      - WORKER_TIMEOUT_MS=${WORKER_TIMEOUT_MS:-30000}
+      # Encryption keys for decrypting function secrets
+      - ENCRYPTION_KEY=${ENCRYPTION_KEY}
+      - JWT_SECRET=${JWT_SECRET}
+    volumes:
+      - ./functions:/app/functions
+      - deno_cache:/deno-dir
+    command: >
+      sh -c "
+        echo 'Downloading Deno dependencies...' &&
+        deno cache functions/server.ts &&
+        echo 'Starting Deno server on port 7133...' &&
+        deno run --allow-net --allow-env --allow-read=./functions/worker-template.js functions/server.ts
+      "
+    restart: unless-stopped
+    networks:
+      - insforge-network
+
+volumes:
+  postgres-data:
+    driver: local
+  deno_cache:
+    driver: local
+
+networks:
+  insforge-network:
+    driver: bridge

package/docker-compose.yml

@@ -0,0 +1,167 @@
+version: '3.8'
+
+services:
+  postgres:
+    image: postgres:15.13
+    container_name: insforge-postgres
+    command: postgres -c config_file=/etc/postgresql/postgresql.conf
+    environment:
+      - POSTGRES_USER=${POSTGRES_USER:-postgres}
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-postgres}
+      - POSTGRES_DB=${POSTGRES_DB:-insforge}
+    volumes:
+      - postgres-data:/var/lib/postgresql/data
+      - ./docker-init/db/db-init.sql:/docker-entrypoint-initdb.d/01-init.sql
+      - ./docker-init/db/jwt.sql:/docker-entrypoint-initdb.d/02-jwt.sql
+      - ./docker-init/db/logs.sql:/docker-entrypoint-initdb.d/03-logs.sql
+      - ./docker-init/db/postgresql.conf:/etc/postgresql/postgresql.conf
+    ports:
+      - "5432:5432"
+    networks:
+      - insforge-network
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U postgres"]
+      interval: 5s
+      timeout: 5s
+      retries: 5
+
+  postgrest:
+    image: postgrest/postgrest:v12.2.12
+    container_name: insforge-postgrest
+    restart: unless-stopped
+    environment:
+      # POSTGRES_USER: ${POSTGRES_USER:-postgres}
+      # POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-postgres}
+      # POSTGRES_DB: ${POSTGRES_DB:-insforge}
+      PGRST_DB_URI: postgres://${POSTGRES_USER:-postgres}:${POSTGRES_PASSWORD:-postgres}@postgres:5432/${POSTGRES_DB:-insforge}
+      PGRST_OPENAPI_SERVER_PROXY_URI: http://localhost:3000
+      PGRST_DB_SCHEMA: public
+      PGRST_DB_ANON_ROLE: anon
+      PGRST_JWT_SECRET: ${JWT_SECRET}
+      # Enable schema reloading via NOTIFY
+      PGRST_DB_CHANNEL_ENABLED: true
+      PGRST_DB_CHANNEL: pgrst
+    ports:
+      - "5430:3000"
+    depends_on:
+      postgres:
+        condition: service_healthy
+    networks:
+      - insforge-network
+
+  insforge:
+    image: node:20-alpine
+    container_name: insforge
+    working_dir: /app
+    depends_on:
+      postgres:
+        condition: service_healthy
+    ports:
+      - "7130:7130"
+      - "7131:7131"
+    environment:
+      - PORT=7130
+      - PROJECT_ROOT=/app
+      - API_BASE_URL=${API_BASE_URL:-}
+      - VITE_API_BASE_URL=${VITE_API_BASE_URL:-}
+      - JWT_SECRET=${JWT_SECRET:-dev-secret-change-in-production}
+      - ENCRYPTION_KEY=${ENCRYPTION_KEY:-}
+      - ADMIN_EMAIL=${ADMIN_EMAIL:-admin@example.com}
+      - ADMIN_PASSWORD=${ADMIN_PASSWORD:-change-this-password}
+      # PostgreSQL connection
+      - POSTGRES_HOST=postgres
+      - POSTGRES_PORT=5432
+      - POSTGRES_DB=${POSTGRES_DB:-insforge}
+      - POSTGRES_USER=${POSTGRES_USER:-postgres}
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-postgres}
+      - DATABASE_URL=postgresql://${POSTGRES_USER:-postgres}:${POSTGRES_PASSWORD:-postgres}@postgres:5432/${POSTGRES_DB:-insforge}
+      - POSTGREST_BASE_URL=http://postgrest:3000
+      # Deno Runtime URL for serverless functions
+      - DENO_RUNTIME_URL=http://deno:7133
+      # Storage Configuration
+      - AWS_S3_BUCKET=${AWS_S3_BUCKET:-}
+      - AWS_REGION=${AWS_REGION:-}
+      # Multi-tenant Cloud Configuration
+      - DEPLOYMENT_ID=${DEPLOYMENT_ID:-}
+      - PROJECT_ID=${PROJECT_ID:-}
+      - APP_KEY=${APP_KEY:-}
+      - ACCESS_API_KEY=${ACCESS_API_KEY:-}
+      # LLM Model API keys
+      - OPENROUTER_API_KEY=${OPENROUTER_API_KEY:-}
+      # OAuth Configuration
+      - GOOGLE_CLIENT_ID=${GOOGLE_CLIENT_ID:-}
+      - GOOGLE_CLIENT_SECRET=${GOOGLE_CLIENT_SECRET:-}
+      - GITHUB_CLIENT_ID=${GITHUB_CLIENT_ID:-}
+      - GITHUB_CLIENT_SECRET=${GITHUB_CLIENT_SECRET:-}
+    volumes:
+      - ./package.json:/app/package.json
+      - ./backend:/app/backend
+      - ./frontend:/app/frontend
+      - ./shared-schemas:/app/shared-schemas
+      - ./docs:/app/docs
+      - node_modules:/app/node_modules
+      - backend_node_modules:/app/backend/node_modules
+      - frontend_node_modules:/app/frontend/node_modules
+      - shared_schemas_node_modules:/app/shared-schemas/node_modules
+    command: sh -c "npm install && cd backend && npm run migrate:up && cd .. && npm run dev"
+    restart: unless-stopped
+    networks:
+      - insforge-network
+
+  # Deno serverless runtime for edge functions
+  deno:
+    image: denoland/deno:alpine-2.0.6
+    container_name: insforge-deno
+    working_dir: /app
+    depends_on:
+      - postgres
+      - postgrest
+    ports:
+      - "7133:7133"
+    environment:
+      - PORT=7133
+      - DENO_ENV=${DENO_ENV:-development}
+      - DENO_DIR=/deno-dir
+      # PostgreSQL connection
+      - POSTGRES_HOST=postgres
+      - POSTGRES_PORT=5432
+      - POSTGRES_DB=${POSTGRES_DB:-insforge}
+      - POSTGRES_USER=${POSTGRES_USER:-postgres}
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-postgres}
+      - POSTGREST_BASE_URL=http://postgrest:3000
+      # Worker timeout (30 seconds default)
+      - WORKER_TIMEOUT_MS=${WORKER_TIMEOUT_MS:-30000}
+      # Encryption keys for decrypting function secrets
+      - ENCRYPTION_KEY=${ENCRYPTION_KEY}
+      - JWT_SECRET=${JWT_SECRET}
+    volumes:
+      - ./functions:/app/functions
+      - deno_cache:/deno-dir
+    command: >
+      sh -c "
+        echo 'Downloading Deno dependencies...' &&
+        deno cache functions/server.ts &&
+        echo 'Starting Deno server on port 7133...' &&
+        deno run --allow-net --allow-env --allow-read=./functions/worker-template.js --watch functions/server.ts
+      "
+    restart: unless-stopped
+    networks:
+      - insforge-network
+
+volumes:
+  postgres-data:
+    driver: local
+  node_modules:
+    driver: local
+  backend_node_modules:
+    driver: local
+  frontend_node_modules:
+    driver: local
+  shared_schemas_node_modules:
+    driver: local
+  deno_cache:
+    driver: local
+
+networks:
+  insforge-network:
+    driver: bridge