will/rxminder
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit: Complete NodeJS-native setup

Browse Source 
- Migrated from Python pre-commit to NodeJS-native solution
- Reorganized documentation structure
- Set up Husky + lint-staged for efficient pre-commit hooks
- Fixed Dockerfile healthcheck issue
- Added comprehensive documentation index
This commit is contained in:
William Valentin
2025-09-06 01:42:48 -07:00
commit e48adbcb00
159 changed files with 24405 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/DOCS_UPDATE_SUMMARY.md
+85
View File
@@ -0,0 +1,85 @@
# Documentation Updates Summary
## Files Updated
### 📚 Main Documentation
- **`docs/CODE_QUALITY.md`** - Comprehensive code quality and pre-commit hooks documentation
- **`README.md`** - Updated development and code quality sections
- **`SETUP_COMPLETE.md`** - Updated quick reference guide
## Key Updates Made
### 1. Enhanced Code Quality Documentation (`docs/CODE_QUALITY.md`)
- ✅ Added detailed pre-commit hook descriptions
- ✅ Updated Python virtual environment paths for commands
- ✅ Added comprehensive troubleshooting section
- ✅ Enhanced IDE integration instructions with VS Code settings
- ✅ Added security tools documentation (detect-secrets)
- ✅ Updated manual command examples with correct paths
### 2. Main README Updates (`README.md`)
- ✅ Updated "Development Tools" section to include new formatting tools
- ✅ Enhanced "Code Quality" section with comprehensive commands
- ✅ Added reference to detailed code quality documentation
- ✅ Added Code Quality Guide to project documentation index
- ✅ Updated commands to reflect current npm scripts
### 3. Quick Reference Guide (`SETUP_COMPLETE.md`)
- ✅ Updated tool descriptions to be more comprehensive
- ✅ Added Python virtual environment information
- ✅ Updated command examples with correct paths
- ✅ Enhanced configuration file descriptions
## Current Setup Summary
### 🔧 Tools Configured
- **Pre-commit hooks** with 15+ quality checks
- **Prettier** for comprehensive code formatting
- **ESLint** with TypeScript and React rules
- **TypeScript** type checking
- **Security scanning** with detect-secrets
- **Docker linting** with Hadolint
- **Shell script linting** with ShellCheck
- **Markdown linting** for documentation quality
### 📁 Key Files
- `.pre-commit-config.yaml` - Comprehensive hook configuration
- `.prettierrc` - Formatting rules optimized for TypeScript/React
- `eslint.config.cjs` - Enhanced linting rules
- `.editorconfig` - Editor consistency
- `.secrets.baseline` - Security baseline
- `scripts/setup-pre-commit.sh` - Automated setup
- Python virtual environment (`.venv/`) - Isolated tool environment
### 🚀 Available Commands
```bash
# Code Quality
bun run format # Format all files
bun run format:check # Check formatting
bun run lint # Lint code
bun run lint:fix # Fix linting issues
bun run type-check # TypeScript checks
bun run pre-commit # Run lint-staged
# Pre-commit Hooks
/home/will/Code/meds/.venv/bin/pre-commit run --all-files
/home/will/Code/meds/.venv/bin/pre-commit autoupdate
```
## Next Steps
1. **Test the setup**: Run `bun run format` and `bun run lint:fix` to verify everything works
2. **Make a commit**: Test that pre-commit hooks run automatically
3. **Configure IDE**: Install recommended VS Code extensions for optimal experience
4. **Review docs**: Check `docs/CODE_QUALITY.md` for comprehensive setup details
---
**All documentation is now up-to-date with the current code quality setup! 🎉**
docs/README.md
+81
View File
@@ -0,0 +1,81 @@
# 📚 Documenta#### 💻 Development
- **[API Documentation](development/API.md)** - REST API endpoints and usage
- **[Code Quality](development/CODE_QUALITY.md)** - Linting, formatting, and quality standards
- **[Application Security](development/APPLICATION_SECURITY.md)** - Application security practices
- **[Security Changes](development/SECURITY_CHANGES.md)** - Recent security updates and changesndex
Welcome to the RxMinder documentation! This guide will help you navigate through all available documentation organized by category.
## 🏗️ Architecture & Design
- **[Project Structure](architecture/PROJECT_STRUCTURE.md)** - Complete overview of the codebase organization
- **[Template Approach](architecture/TEMPLATE_APPROACH.md)** - Design philosophy and template methodology
## 🚀 Setup & Configuration
- **[Complete Template Configuration](setup/COMPLETE_TEMPLATE_CONFIGURATION.md)** - Full setup guide
- **[Setup Complete](setup/SETUP_COMPLETE.md)** - Post-setup verification checklist
## 💻 Development
- **[API Documentation](development/API.md)** - REST API endpoints and usage
- **[Code Quality](development/CODE_QUALITY.md)** - Linting, formatting, and quality standards
- **[Security](development/SECURITY.md)** - Security guidelines and best practices
- **[Security Changes](development/SECURITY_CHANGES.md)** - Recent security updates and changes
## 🚢 Deployment
- **[Deployment Guide](deployment/DEPLOYMENT.md)** - General deployment instructions
- **[Docker Configuration](deployment/DOCKER_IMAGE_CONFIGURATION.md)** - Docker setup and configuration
- **[Gitea Setup](deployment/GITEA_SETUP.md)** - Gitea CI/CD configuration
- **[Storage Configuration](deployment/STORAGE_CONFIGURATION.md)** - Database and storage setup
## 🔄 Migration Guides
- **[NodeJS Pre-commit Migration](migration/NODEJS_PRECOMMIT_MIGRATION.md)** - Migration from Python to NodeJS pre-commit hooks
- **[Buildx Migration](migration/BUILDX_MIGRATION.md)** - Docker Buildx migration guide
## 📝 Project Information
- **[README](../README.md)** - Main project overview and quick start
- **[Contributing](../CONTRIBUTING.md)** - How to contribute to the project
- **[Changelog](../CHANGELOG.md)** - Version history and changes
- **[License](../LICENSE)** - Project license information
## 📋 Documentation Meta
- **[Documentation Reorganization](REORGANIZATION_SUMMARY.md)** - How we restructured the docs
- **[Docs Update Summary](DOCS_UPDATE_SUMMARY.md)** - Legacy documentation summary
## 🔍 Quick Navigation
### For New Developers
1. Start with [README](../README.md)
2. Review [Project Structure](architecture/PROJECT_STRUCTURE.md)
3. Follow [Complete Template Configuration](setup/COMPLETE_TEMPLATE_CONFIGURATION.md)
4. Read [Code Quality](development/CODE_QUALITY.md) guidelines
### For Deployment
1. Read [Deployment Guide](deployment/DEPLOYMENT.md)
2. Configure [Docker](deployment/DOCKER_IMAGE_CONFIGURATION.md)
3. Set up [Storage](deployment/STORAGE_CONFIGURATION.md)
4. Review [Security](development/SECURITY.md) requirements
### For API Integration
1. Check [API Documentation](development/API.md)
2. Review [Security](development/SECURITY.md) requirements
### For Migration Tasks
1. [NodeJS Pre-commit Migration](migration/NODEJS_PRECOMMIT_MIGRATION.md) - For modernizing git hooks
2. [Buildx Migration](migration/BUILDX_MIGRATION.md) - For Docker build improvements
---
📋 **Last Updated:** September 6, 2025
🔄 **Documentation Version:** 2.0
📦 **Project Version:** 0.0.0
docs/REORGANIZATION_SUMMARY.md
+136
View File
@@ -0,0 +1,136 @@
# 📚 Documentation Reorganization Summary
## Overview
Successfully reorganized the project documentation from scattered root-level files into a structured, categorized system for better navigation and maintenance.
## Changes Made
### 🗂️ New Structure Created
```
docs/
├── README.md # 📋 Main documentation index
├── DOCS_UPDATE_SUMMARY.md # 📝 Legacy docs summary
├── architecture/ # 🏗️ Design & Architecture
│ ├── PROJECT_STRUCTURE.md
│ └── TEMPLATE_APPROACH.md
├── setup/ # 🚀 Setup & Configuration
│ ├── COMPLETE_TEMPLATE_CONFIGURATION.md
│ └── SETUP_COMPLETE.md
├── development/ # 💻 Development Guides
│ ├── API.md
│ ├── CODE_QUALITY.md
│ ├── SECURITY.md
│ └── SECURITY_CHANGES.md
├── deployment/ # 🚢 Deployment Guides
│ ├── DEPLOYMENT.md
│ ├── DOCKER_IMAGE_CONFIGURATION.md
│ ├── GITEA_SETUP.md
│ └── STORAGE_CONFIGURATION.md
└── migration/ # 🔄 Migration Guides
├── BUILDX_MIGRATION.md
└── NODEJS_PRECOMMIT_MIGRATION.md
```
### 📁 Files Moved
#### From Root → `docs/architecture/`
- `PROJECT_STRUCTURE.md`
- `TEMPLATE_APPROACH.md`
#### From Root → `docs/setup/`
- `COMPLETE_TEMPLATE_CONFIGURATION.md`
- `SETUP_COMPLETE.md`
#### From `docs/` → `docs/development/`
- `API.md`
- `CODE_QUALITY.md`
- `SECURITY.md`
- `SECURITY_CHANGES.md` (from root)
#### From `docs/` → `docs/deployment/`
- `DEPLOYMENT.md`
- `DOCKER_IMAGE_CONFIGURATION.md` (from root)
- `GITEA_SETUP.md` (from root)
- `STORAGE_CONFIGURATION.md` (from root)
#### From Root → `docs/migration/`
- `BUILDX_MIGRATION.md`
- `NODEJS_PRECOMMIT_MIGRATION.md`
#### To `docs/` root
- `DOCS_UPDATE_SUMMARY.md` (from root)
### 📋 New Documentation Index
Created `docs/README.md` with:
- **Complete categorized index** of all documentation
- **Quick navigation paths** for different user types
- **Direct links** to all organized documents
- **Usage scenarios** (new developers, deployment, API integration, etc.)
### 🔗 Updated References
- Updated main `README.md` to include comprehensive documentation section
- Fixed broken link to `CODE_QUALITY.md` in main README
- Added structured documentation navigation
## Benefits
### 🎯 **Improved Organization**
- **Logical categorization** by purpose and audience
- **Easier navigation** with clear folder structure
- **Reduced root directory clutter**
### 👥 **Better User Experience**
- **Role-based navigation** (developers, ops, admins)
- **Quick-start paths** for different scenarios
- **Comprehensive index** for easy discovery
### 🔧 **Maintainability**
- **Centralized documentation management**
- **Clear ownership** by category
- **Easier updates** and maintenance
### 📈 **Scalability**
- **Room for growth** in each category
- **Consistent structure** for new docs
- **Template for future organization**
## Navigation Guide
### 🔰 For New Team Members
1. Start with main [`README.md`](../README.md)
2. Visit [`docs/README.md`](README.md) for complete index
3. Follow role-specific quick navigation paths
### 📝 For Contributors
1. Check [`docs/development/`](development/) for coding standards
2. Review [`docs/architecture/`](architecture/) for design context
3. Follow [`CONTRIBUTING.md`](../CONTRIBUTING.md) guidelines
### 🚀 For Deployment
1. Start with [`docs/deployment/DEPLOYMENT.md`](deployment/DEPLOYMENT.md)
2. Follow specific deployment guides in [`docs/deployment/`](deployment/)
3. Check [`docs/setup/`](setup/) for configuration help
---
**Documentation Structure Version:** 2.0
**Reorganized:** September 6, 2025
**Status:** ✅ Complete
docs/architecture/PROJECT_STRUCTURE.md
+180
View File
@@ -0,0 +1,180 @@
# 📁 Project Structure
## Final Organized Structure
```
rxminder/
├── 📄 README.md # Main documentation
├── package.json # Dependencies and scripts
├── ⚙️ vite.config.ts # Build configuration
├── 📝 tsconfig.json # TypeScript configuration
├── 🎨 index.html # Entry point
├── 🔒 .env.example # Environment template
├── 📊 metadata.json # Project metadata
├── 🖼️ banner.jpeg # Project banner image
├── docker/ # Container configuration
│ ├── 🐳 Dockerfile # Multi-stage Docker build
│ ├── docker-compose.yaml # Service orchestration
│ ├── 🌐 nginx.conf # Production web server config
│ └── 🚫 .dockerignore # Docker ignore patterns
├── 📁 scripts/ # All deployment and utility scripts
│ ├── 🚀 deploy.sh # Production deployment
│ ├── ⚡ deploy-k8s.sh # Kubernetes deployment
│ ├── 🔧 setup.sh # Development setup
│ ├── 🌱 seed-production.js # Database seeding
│ ├── ✅ validate-env.sh # Environment validation
│ └── 🧪 validate-deployment.sh # Deployment testing
├── 📁 tests/ # Testing infrastructure
│ ├── 📝 README.md # Testing documentation
│ ├── ⚙️ setup.ts # Jest configuration
│ ├── 📁 integration/ # Integration tests
│ │ └── 🧪 production.test.js # Production validation
│ ├── 📁 manual/ # Manual testing scripts
│ │ ├── 🔧 admin-login-debug.js # Admin debugging
│ │ ├── 🔧 auth-db-debug.js # Auth debugging
│ │ └── 🔧 debug-email-validation.js # Email debugging
│ └── 📁 e2e/ # End-to-end tests with Playwright
│ ├── 📝 README.md # E2E testing documentation
│ ├── 🧪 fixtures.ts # Custom test fixtures
│ ├── 🧪 helpers.ts # Test utilities and data
│ ├── 🧪 auth.spec.ts # Authentication flow tests
│ ├── 🧪 medication.spec.ts # Medication management tests
│ ├── 🧪 admin.spec.ts # Admin interface tests
│ ├── 🧪 ui-navigation.spec.ts # UI and navigation tests
│ └── 🧪 reminders.spec.ts # Reminder system tests
├── 📁 components/ # React components (organized by feature)
│ ├── 📝 README.md # Component architecture docs
│ ├── 📁 medication/ # Medication-related components
│ │ ├── 💊 AddMedicationModal.tsx
│ │ ├── ✏️ EditMedicationModal.tsx
│ │ ├── 📋 ManageMedicationsModal.tsx
│ │ ├── 🏷️ DoseCard.tsx
│ │ └── 📦 index.ts # Feature exports
│ ├── 📁 auth/ # Authentication components
│ │ ├── 🔐 AuthPage.tsx # Login/register interface
│ │ ├── 👤 AvatarDropdown.tsx # User menu
│ │ ├── 🔑 ChangePasswordModal.tsx
│ │ └── 📦 index.ts # Feature exports
│ ├── 📁 admin/ # Admin interface components
│ │ ├── 👑 AdminInterface.tsx # User management
│ │ └── 📦 index.ts # Feature exports
│ ├── 📁 modals/ # Modal components
│ │ ├── ⚙️ AccountModal.tsx # User settings
│ │ ├── AddReminderModal.tsx # Add reminders
│ │ ├── ✏️ EditReminderModal.tsx
│ │ ├── 📚 HistoryModal.tsx # Medication history
│ │ ├── 📋 ManageRemindersModal.tsx
│ │ ├── 🎯 OnboardingModal.tsx # New user setup
│ │ ├── 📊 StatsModal.tsx # Analytics dashboard
│ │ └── 📦 index.ts # Feature exports
│ ├── 📁 ui/ # Reusable UI components
│ │ ├── 📊 BarChart.tsx # Data visualization
│ │ ├── 🔔 ReminderCard.tsx # Reminder display
│ │ ├── 🎨 ThemeSwitcher.tsx # Dark/light theme
│ │ └── 📦 index.ts # Feature exports
│ └── 📁 icons/ # Icon components
│ └── 🎨 Icons.tsx # All icon definitions
├── 📁 services/ # Business logic & APIs
│ ├── 🗄️ couchdb.ts # Mock database service
│ ├── 🗄️ couchdb.production.ts # Real CouchDB service
│ ├── 🏭 couchdb.factory.ts # Service factory
│ ├── 📧 email.ts # Email utilities
│ ├── 📧 mailgun.service.ts # Email delivery
│ ├── 📧 mailgun.config.ts # Email configuration
│ ├── 🌱 database.seeder.ts # Data seeding
│ ├── 🔐 oauth.ts # OAuth integration
│ └── 📁 auth/ # Authentication services
│ ├── 🔐 auth.service.ts # Core auth logic
│ ├── 🔐 auth.types.ts # Auth type definitions
│ ├── 🔐 auth.constants.ts # Auth constants
│ ├── 🔐 auth.error.ts # Error handling
│ ├── 🔐 auth.middleware.ts # Middleware
│ ├── ✉️ emailVerification.service.ts
│ ├── 📁 templates/ # Email templates
│ │ └── ✉️ verification.email.ts
│ └── 📁 __tests__/ # Unit tests
│ ├── 🧪 auth.integration.test.ts
│ └── 🧪 emailVerification.test.ts
├── 📁 contexts/ # React context providers
│ └── 👤 UserContext.tsx # User state management
├── 📁 hooks/ # Custom React hooks
│ ├── 💾 useLocalStorage.ts # Persistent storage
│ ├── ⚙️ useSettings.ts # User preferences
│ ├── 🎨 useTheme.ts # Theme management
│ └── 👤 useUserData.ts # User data management
├── 📁 utils/ # Utility functions
│ └── ⏰ schedule.ts # Reminder scheduling
├── 📁 docs/ # Project documentation
│ ├── 🔐 SECURITY.md # Security guidelines
│ ├── 🚀 DEPLOYMENT.md # Deployment instructions
│ └── 📖 API.md # API documentation
├── 📁 k8s/ # Kubernetes manifests
│ ├── 📝 README.md # K8s deployment guide
│ ├── 🗺️ configmap.yaml # Configuration
│ ├── 🔒 *-secret.yaml # Secrets
│ ├── 🚀 *-deployment.yaml # Deployments
│ ├── 🌐 *-service.yaml # Services
│ ├── 📊 hpa.yaml # Auto-scaling
│ ├── 🌐 ingress.yaml # Load balancing
│ └── 🔒 network-policy.yaml # Network security
└── 📁 .github/ # GitHub configuration
├── 📝 pull_request_template.md
└── 📁 ISSUE_TEMPLATE/
├── 🐛 bug_report.md
└── ✨ feature_request.md
```
## Key Organizational Principles
### ✅ **Feature-Based Organization**
- Components grouped by functionality (medication, auth, admin, etc.)
- Clear separation of concerns
- Easy to locate related files
### ✅ **Script Centralization**
- All deployment and utility scripts in `/scripts/`
- Consistent naming conventions
- Easy access via npm/bun scripts
### ✅ **Testing Structure**
- Unit tests alongside source code (`services/auth/__tests__/`)
- Integration tests in `/tests/integration/`
- E2E tests with Playwright in `/tests/e2e/`
- Manual debugging tools in `/tests/manual/`
- Comprehensive test documentation
- TypeScript support with temporary type declarations
### ✅ **Documentation Organization**
- Feature-specific READMEs in relevant folders
- Centralized docs in `/docs/` folder
- Clear architectural documentation
### ✅ **Configuration Management**
- Environment files at root level
- Build configurations easily accessible
- Docker and K8s configs clearly separated
## Benefits
🎯 **Maintainability** - Clear structure makes code easy to maintain
🔍 **Discoverability** - Logical organization helps find files quickly
🧪 **Testability** - Well-organized test structure
📦 **Deployability** - Scripts and configs clearly separated
👥 **Team Collaboration** - Consistent patterns across the project
📈 **Scalability** - Structure supports growth and new features
docs/architecture/TEMPLATE_APPROACH.md
+159
View File
@@ -0,0 +1,159 @@
# 🎯 Template-Based Kubernetes Configuration
## Overview
We've implemented a **template-based approach** using environment variables instead of manual base64 encoding for Kubernetes secrets. This is much more user-friendly and secure.
## 🆚 Before vs After Comparison
### ❌ Before (Manual Base64 Encoding)
**Old approach required manual base64 encoding:**
```yaml
# k8s/couchdb-secret.yaml
apiVersion: v1
kind: Secret
data:
# User had to manually encode:
# echo -n "admin" | base64 -> YWRtaW4=
# echo -n "password" | base64 -> cGFzc3dvcmQ=
username: YWRtaW4=
password: cGFzc3dvcmQ=
```
**Problems:**
- 😣 Manual base64 encoding required
- 🔧 Error-prone (encoding mistakes)
- 📝 Hard to read/verify credentials
- 🔒 Credentials visible in YAML files
### ✅ After (Template-Based)
**New approach uses templates with automatic substitution:**
```yaml
# k8s/couchdb-secret.yaml.template
apiVersion: v1
kind: Secret
metadata:
name: couchdb-secret
labels:
app: ${APP_NAME}
type: Opaque
stringData:
# Kubernetes automatically base64 encodes stringData
username: ${COUCHDB_USER}
password: ${COUCHDB_PASSWORD}
```
**Benefits:**
- ✅ No manual base64 encoding needed
- ✅ Environment variables from `.env` file
- ✅ Human-readable configuration
- ✅ Automatic deployment script
- ✅ Customizable app names
## 🚀 How It Works
### 1. Configuration in `.env`
```bash
# .env (user-friendly configuration)
APP_NAME=my-rxminder
COUCHDB_USER=admin
COUCHDB_PASSWORD=super-secure-password-123
INGRESS_HOST=rxminder.mydomain.com
```
### 2. Template Substitution
```bash
# Automatic substitution with envsubst
envsubst < k8s/couchdb-secret.yaml.template
```
**Result:**
```yaml
apiVersion: v1
kind: Secret
metadata:
name: couchdb-secret
labels:
app: my-rxminder
type: Opaque
stringData:
username: admin
password: super-secure-password-123
```
### 3. Kubernetes Processing
- Kubernetes automatically base64 encodes `stringData` fields
- No manual encoding required
- More secure and reliable
## 🎛️ Deployment Options
### Option 1: Automated Script (Recommended)
```bash
# Copy and configure
cp .env.example .env
nano .env
# Deploy everything
./scripts/k8s-deploy-template.sh deploy
```
### Option 2: Manual Template Processing
```bash
# Set environment variables
export APP_NAME=my-rxminder
export COUCHDB_PASSWORD=secure-password
# Process templates
envsubst < k8s/couchdb-secret.yaml.template | kubectl apply -f -
envsubst < k8s/ingress.yaml.template | kubectl apply -f -
```
## 🔧 Template Files Created
1. **`k8s/couchdb-secret.yaml.template`** - Database credentials
2. **`k8s/ingress.yaml.template`** - Ingress with custom hostname
3. **`k8s/configmap.yaml.template`** - Application configuration
4. **`k8s/frontend-deployment.yaml.template`** - Frontend deployment
5. **`scripts/k8s-deploy-template.sh`** - Automated deployment script
## 🛡️ Security Benefits
- **No hardcoded credentials** in version control
- **Environment-specific configuration** via `.env` files
- **Automatic validation** of required variables
- **Kubernetes stringData** (auto base64 encoding)
- **Clear separation** of config and code
## 📝 User Experience Improvements
| Aspect | Before | After |
| -------------------- | ------------------------ | ---------------------- |
| **Setup Complexity** | High (manual base64) | Low (edit .env) |
| **Error Rate** | High (encoding mistakes) | Low (plain text) |
| **Readability** | Poor (base64 strings) | Excellent (plain text) |
| **Customization** | Manual file editing | Environment variables |
| **Deployment** | Multi-step manual | Single command |
## 🎯 Result
The template-based approach makes RxMinder deployment:
- **More user-friendly** - No technical encoding required
- **More secure** - Credentials externalized to `.env`
- **More maintainable** - Clear separation of config and manifests
- **More flexible** - Easy customization via environment variables
This is a **production-ready, enterprise-grade** configuration management approach that follows Kubernetes best practices.
docs/deployment/DEPLOYMENT.md
+538
View File
@@ -0,0 +1,538 @@
# Deployment Guide
## 🚀 Complete Deployment Guide for Medication Reminder App
### **Prerequisites**
#### **System Requirements**
- Docker 20.10+ and Docker Compose 2.0+
- 2GB RAM minimum, 4GB recommended
- 10GB disk space for application and data
- Linux/macOS/Windows with WSL2
#### **Required Accounts**
- [Mailgun Account](https://mailgun.com) for email services
- Domain name for production deployment (optional)
- SSL certificate for HTTPS (recommended)
### **Environment Setup**
#### **1. Clone Repository**
```bash
git clone <repository-url>
cd meds
```
#### **2. Configure Environment**
```bash
# Copy template
cp .env.example .env
# Edit with your credentials
nano .env
```
**Required Variables:**
```bash
# Application Configuration
APP_BASE_URL=https://yourdomain.com
# CouchDB Configuration
COUCHDB_USER=admin
COUCHDB_PASSWORD=super-secure-password-123!
VITE_COUCHDB_URL=http://couchdb:5984
VITE_COUCHDB_USER=admin
VITE_COUCHDB_PASSWORD=super-secure-password-123!
# Mailgun Configuration
MAILGUN_API_KEY=key-1234567890abcdef1234567890abcdef
MAILGUN_DOMAIN=mg.yourdomain.com
MAILGUN_FROM_EMAIL=noreply@yourdomain.com
# Production Settings
NODE_ENV=production
```
### **Local Development Deployment**
#### **Quick Start**
```bash
# Automated setup
./setup.sh
# Manual setup
bun install
docker compose up -d
bun run seed-production.js
```
#### **Development URLs**
- Frontend: http://localhost:8080
- CouchDB: http://localhost:5984
- Admin Panel: http://localhost:5984/\_utils
### **Production Deployment**
#### **Method 1: Automated Script**
```bash
# Secure deployment with validation
./deploy.sh production
```
#### **Method 2: Manual Docker Compose**
```bash
# Build images
docker compose build --no-cache
# Start services
docker compose up -d
# Seed database
node seed-production.js
# Verify deployment
bun test-production.js
```
#### **Method 3: Docker Swarm**
```bash
# Initialize swarm
docker swarm init
# Deploy stack
docker stack deploy -c docker/docker-compose.yaml meds-stack
# Scale services
docker service scale meds-stack_frontend=3
```
### **Cloud Platform Deployments**
#### **AWS EC2 Deployment**
**1. Launch EC2 Instance**
```bash
# Amazon Linux 2 AMI
# Instance type: t3.medium or larger
# Security group: Allow ports 22, 80, 443, 8080
```
**2. Install Dependencies**
```bash
# Connect to instance
ssh -i your-key.pem ec2-user@your-instance-ip
# Install Docker
sudo yum update -y
sudo yum install -y docker
sudo service docker start
sudo usermod -a -G docker ec2-user
# Install Docker Compose
sudo curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
```
**3. Deploy Application**
```bash
# Clone and configure
git clone <repository-url>
cd meds
cp .env.example .env
# Edit .env with production values
# Deploy
./deploy.sh production
```
#### **Google Cloud Platform Deployment**
**1. Cloud Run Deployment**
```bash
# Build and push image
gcloud builds submit --tag gcr.io/PROJECT-ID/meds-app
# Deploy service
gcloud run deploy meds-app \
--image gcr.io/PROJECT-ID/meds-app \
--platform managed \
--region us-central1 \
--set-env-vars COUCHDB_URL=your-couchdb-url \
--set-env-vars MAILGUN_API_KEY=your-key \
--allow-unauthenticated
```
**2. Compute Engine Deployment**
```bash
# Create instance
gcloud compute instances create meds-server \
--image-family debian-11 \
--image-project debian-cloud \
--machine-type e2-medium \
--tags http-server,https-server
# SSH and install
gcloud compute ssh meds-server
# Follow standard installation steps
```
#### **Digital Ocean Deployment**
**1. Droplet Setup**
```bash
# Create droplet with Docker pre-installed
# Or install Docker manually on Ubuntu droplet
# Connect and deploy
ssh root@your-droplet-ip
git clone <repository-url>
cd meds
./setup.sh
./deploy.sh production
```
**2. App Platform Deployment**
```bash
# Create app.yaml
version: 1
services:
- name: meds-app
source_dir: /
github:
repo: your-username/meds
branch: main
build_command: bun run build
environment_slug: node-js
instance_count: 1
instance_size_slug: basic-xxs
envs:
- key: COUCHDB_URL
value: ${COUCHDB_URL}
- key: MAILGUN_API_KEY
value: ${MAILGUN_API_KEY}
# Deploy
doctl apps create --spec app.yaml
```
### **Kubernetes Deployment**
#### **Method 1: Automated Deployment Script (Recommended)**
```bash
# Configure environment
cp .env.example .env
# Edit .env with your settings:
# INGRESS_HOST=app.meds.192.168.1.100.nip.io # For local cluster
# INGRESS_HOST=meds.yourdomain.com # For production
# Deploy with environment substitution
./deploy-k8s.sh
# Check deployment status
./deploy-k8s.sh --status
# Deploy with custom environment file
./deploy-k8s.sh --env .env.production
# Preview deployment (dry run)
./deploy-k8s.sh --dry-run
```
#### **Method 2: Manual Deployment**
#### **1. Create Namespace and Secrets**
```bash
# Create namespace
kubectl create namespace meds-app
# Create secrets
kubectl create secret generic meds-secrets \
--from-literal=couchdb-user=admin \
--from-literal=couchdb-password=secure-password \
--from-literal=mailgun-api-key=your-api-key \
--namespace meds-app
```
#### **2. Deploy Services**
```bash
# Apply Kubernetes manifests
kubectl apply -f k8s/ --namespace meds-app
# Check deployment status
kubectl get pods -n meds-app
kubectl get services -n meds-app
```
#### **3. Configure Ingress (Manual)**
```yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: meds-ingress
namespace: meds-app
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
tls:
- hosts:
- meds.yourdomain.com
secretName: meds-tls
rules:
- host: meds.yourdomain.com # Update this to your domain
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: meds-frontend
port:
number: 80
```
### **SSL/HTTPS Configuration**
#### **Let's Encrypt with Nginx**
```bash
# Install certbot
sudo apt-get install certbot python3-certbot-nginx
# Get certificate
sudo certbot --nginx -d yourdomain.com
# Auto-renewal
sudo crontab -e
# Add: 0 12 * * * /usr/bin/certbot renew --quiet
```
#### **Cloudflare SSL**
```bash
# Update docker/nginx.conf for Cloudflare
# Set ssl_certificate and ssl_certificate_key
# Configure Cloudflare for Full (Strict) SSL
```
### **Database Backup and Recovery**
#### **CouchDB Backup**
```bash
# Create backup script
#!/bin/bash
DATE=$(date +%Y%m%d_%H%M%S)
BACKUP_DIR="/backup/couchdb"
# Backup all databases
curl -X GET http://admin:password@localhost:5984/_all_dbs | \
jq -r '.[]' | while read db; do
curl -X GET "http://admin:password@localhost:5984/$db/_all_docs?include_docs=true" \
> "$BACKUP_DIR/${db}_${DATE}.json"
done
```
#### **Automated Backups**
```bash
# Add to crontab
0 2 * * * /opt/meds/backup-couchdb.sh
# Upload to cloud storage
aws s3 cp /backup/couchdb/ s3://your-backup-bucket/ --recursive
```
### **Monitoring and Logging**
#### **Health Checks**
```bash
# Application health
curl -f http://localhost:8080/health
# CouchDB health
curl -f http://admin:password@localhost:5984/_up
# Docker container health
docker compose ps
```
#### **Log Management**
```bash
# View logs
docker compose logs -f frontend
docker compose logs -f couchdb
# Log rotation
# Configure in docker/docker-compose.yaml:
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "3"
```
#### **Performance Monitoring**
```bash
# Resource usage
docker stats
# Application metrics
# Implement custom metrics endpoint
# Use Prometheus/Grafana for monitoring
```
### **Scaling and Load Balancing**
#### **Horizontal Scaling**
```bash
# Scale frontend containers
docker compose up -d --scale frontend=3
# Load balancer configuration
# Use nginx, HAProxy, or cloud load balancer
```
#### **Database Scaling**
```bash
# CouchDB clustering
# Configure multiple CouchDB nodes
# Set up replication between nodes
```
### **Security Hardening**
#### **Firewall Configuration**
```bash
# UFW (Ubuntu)
sudo ufw allow 22/tcp
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw deny 5984/tcp # CouchDB admin (internal only)
sudo ufw enable
```
#### **Container Security**
```bash
# Run security scan
docker scout cves meds-frontend:latest
# Update base images regularly
docker compose build --no-cache
```
### **Troubleshooting**
#### **Common Issues**
**1. Environment Variables Not Loading**
```bash
# Check file format
cat -A .env
# Verify Docker Compose config
docker compose config
```
**2. Database Connection Issues**
```bash
# Test CouchDB connection
curl -u admin:password http://localhost:5984/
# Check container logs
docker compose logs couchdb
```
**3. Email Not Sending**
```bash
# Verify Mailgun configuration
curl -s --user 'api:YOUR_API_KEY' \
https://api.mailgun.net/v3/YOUR_DOMAIN/messages \
-F from='test@YOUR_DOMAIN' \
-F to='you@example.com' \
-F subject='Test' \
-F text='Testing'
```
**4. Frontend Build Failures**
```bash
# Clear cache and rebuild
docker compose build --no-cache frontend
```
### **Maintenance**
#### **Regular Tasks**
- Update dependencies monthly
- Rotate credentials quarterly
- Backup database daily
- Monitor disk space weekly
- Review security logs daily
#### **Update Process**
```bash
# 1. Backup current deployment
./backup.sh
# 2. Pull latest changes
git pull origin main
# 3. Update dependencies
bun install
# 4. Rebuild and deploy
docker compose build --no-cache
docker compose up -d
# 5. Verify deployment
bun test-production.js
```
### **Support and Documentation**
#### **Getting Help**
- GitHub Issues: Create issue for bugs/features
- Documentation: Check README.md and docs/
- Community: Join our Discord/Slack channel
#### **Professional Support**
- Enterprise support available
- Custom deployment assistance
- Security auditing services
- Performance optimization consulting
docs/deployment/DOCKER_IMAGE_CONFIGURATION.md
+265
View File
@@ -0,0 +1,265 @@
# 🐳 Docker Image Configuration
## Overview
RxMinder now supports configurable Docker images via environment variables, enabling flexible deployment across different registries, environments, and versions.
## 🎯 Docker Image Variable
### **DOCKER_IMAGE**
The complete Docker image specification including registry, repository, and tag.
**Format:** `[registry/]repository:tag`
## 🌐 Registry Examples
### Public Registries
#### Docker Hub
```bash
# Official image on Docker Hub
DOCKER_IMAGE=rxminder/rxminder:latest
DOCKER_IMAGE=rxminder/rxminder:v1.2.0
DOCKER_IMAGE=rxminder/rxminder:stable
```
#### GitHub Container Registry (ghcr.io)
```bash
# GitHub Packages
DOCKER_IMAGE=ghcr.io/username/rxminder:latest
DOCKER_IMAGE=ghcr.io/organization/rxminder:v1.2.0
DOCKER_IMAGE=ghcr.io/username/rxminder:dev-branch
```
#### GitLab Container Registry
```bash
# GitLab Registry
DOCKER_IMAGE=registry.gitlab.com/username/rxminder:latest
DOCKER_IMAGE=registry.gitlab.com/group/rxminder:production
```
### Private/Self-Hosted Registries
#### Gitea Registry
```bash
# Current default (Gitea)
DOCKER_IMAGE=gitea-http.taildb3494.ts.net/will/meds:latest
DOCKER_IMAGE=gitea-http.taildb3494.ts.net/will/meds:v1.2.0
```
#### Harbor Registry
```bash
# Harbor enterprise registry
DOCKER_IMAGE=harbor.company.com/rxminder/rxminder:latest
DOCKER_IMAGE=harbor.company.com/rxminder/rxminder:production
```
#### Local Registry
```bash
# Local development registry
DOCKER_IMAGE=localhost:5000/rxminder:latest
DOCKER_IMAGE=registry.local:5000/rxminder:dev
```
### Cloud Provider Registries
#### AWS Elastic Container Registry (ECR)
```bash
# AWS ECR
DOCKER_IMAGE=123456789012.dkr.ecr.us-west-2.amazonaws.com/rxminder:latest
DOCKER_IMAGE=123456789012.dkr.ecr.us-west-2.amazonaws.com/rxminder:v1.2.0
```
#### Google Container Registry (GCR)
```bash
# Google Cloud Registry
DOCKER_IMAGE=gcr.io/project-id/rxminder:latest
DOCKER_IMAGE=us.gcr.io/project-id/rxminder:production
```
#### Azure Container Registry (ACR)
```bash
# Azure Container Registry
DOCKER_IMAGE=myregistry.azurecr.io/rxminder:latest
DOCKER_IMAGE=myregistry.azurecr.io/rxminder:stable
```
## 🏷️ Tagging Strategies
### Environment-Based Tagging
```bash
# Development
DOCKER_IMAGE=myregistry.com/rxminder:dev
DOCKER_IMAGE=myregistry.com/rxminder:develop-20250906
# Staging
DOCKER_IMAGE=myregistry.com/rxminder:staging
DOCKER_IMAGE=myregistry.com/rxminder:release-candidate
# Production
DOCKER_IMAGE=myregistry.com/rxminder:stable
DOCKER_IMAGE=myregistry.com/rxminder:v1.2.0
```
### Git-Based Tagging
```bash
# Branch-based
DOCKER_IMAGE=myregistry.com/rxminder:main
DOCKER_IMAGE=myregistry.com/rxminder:feature-auth
# Commit-based
DOCKER_IMAGE=myregistry.com/rxminder:sha-abc1234
DOCKER_IMAGE=myregistry.com/rxminder:pr-123
```
### Semantic Versioning
```bash
# Semantic versions
DOCKER_IMAGE=myregistry.com/rxminder:v1.0.0
DOCKER_IMAGE=myregistry.com/rxminder:v1.2.3-beta
DOCKER_IMAGE=myregistry.com/rxminder:v2.0.0-rc1
```
## 🎪 Environment-Specific Configurations
### Development (.env)
```bash
APP_NAME=rxminder-dev
DOCKER_IMAGE=localhost:5000/rxminder:dev
STORAGE_CLASS=local-path
STORAGE_SIZE=5Gi
INGRESS_HOST=rxminder-dev.local
```
### Staging (.env.staging)
```bash
APP_NAME=rxminder-staging
DOCKER_IMAGE=myregistry.com/rxminder:staging
STORAGE_CLASS=longhorn
STORAGE_SIZE=10Gi
INGRESS_HOST=staging.rxminder.company.com
```
### Production (.env.production)
```bash
APP_NAME=rxminder
DOCKER_IMAGE=myregistry.com/rxminder:v1.2.0 # Fixed version for stability
STORAGE_CLASS=fast-ssd
STORAGE_SIZE=50Gi
INGRESS_HOST=rxminder.company.com
```
## 🚀 CI/CD Integration
### GitHub Actions Example
```yaml
# .github/workflows/deploy.yml
- name: Deploy to Kubernetes
env:
DOCKER_IMAGE: ghcr.io/${{ github.repository }}:${{ github.sha }}
run: |
echo "DOCKER_IMAGE=${DOCKER_IMAGE}" >> .env
./scripts/k8s-deploy-template.sh deploy
```
### GitLab CI Example
```yaml
# .gitlab-ci.yml
deploy:
variables:
DOCKER_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
script:
- echo "DOCKER_IMAGE=${DOCKER_IMAGE}" >> .env
- ./scripts/k8s-deploy-template.sh deploy
```
## 🔒 Registry Authentication
### Docker Registry Secrets
```bash
# Create registry secret for private registries
kubectl create secret docker-registry regcred \
--docker-server=myregistry.com \
--docker-username=username \
--docker-password=password \
--docker-email=email@company.com
# Update deployment to use the secret
# (Add imagePullSecrets to deployment template if needed)
```
### Cloud Provider Authentication
```bash
# AWS ECR
aws ecr get-login-password --region us-west-2 | docker login --username AWS --password-stdin 123456789012.dkr.ecr.us-west-2.amazonaws.com
# Google GCR
gcloud auth configure-docker
# Azure ACR
az acr login --name myregistry
```
## 💡 Best Practices
### Production Recommendations
-**Use specific tags** (not `:latest`) for production
-**Pin to exact versions** for stability
-**Use semantic versioning** for releases
-**Separate registries** for different environments
-**Enable vulnerability scanning** on registries
### Development Workflow
-**Use `:dev` or `:latest`** for development
-**Branch-based tags** for feature development
-**Local registries** for fast iteration
-**Automated builds** on code changes
### Security Considerations
-**Private registries** for proprietary code
-**Registry authentication** properly configured
-**Image scanning** for vulnerabilities
-**Supply chain security** with signed images
## 🎭 Example Deployments
### Multi-Environment Setup
```bash
# Development
export DOCKER_IMAGE=localhost:5000/rxminder:dev
./scripts/k8s-deploy-template.sh deploy
# Staging
export DOCKER_IMAGE=registry.company.com/rxminder:staging
./scripts/k8s-deploy-template.sh deploy
# Production
export DOCKER_IMAGE=registry.company.com/rxminder:v1.2.0
./scripts/k8s-deploy-template.sh deploy
```
This flexible Docker image configuration makes RxMinder truly **portable** and **CI/CD-ready** across any container registry and deployment environment!
docs/deployment/GITEA_SETUP.md
+242
View File
@@ -0,0 +1,242 @@
# 🦌 Gitea CI/CD Setup Complete!
Your RxMinder app now has comprehensive Gitea Actions CI/CD support! Here's what's been created:
## 📁 New Files Structure
```
.gitea/
├── workflows/
│ └── ci-cd.yml # Main CI/CD workflow
├── docker-compose.ci.yml # CI-specific compose override
├── gitea-bake.hcl # Gitea-optimized buildx config
└── README.md # Detailed Gitea configuration guide
scripts/
├── gitea-deploy.sh # Gitea-specific deployment script
└── gitea-helper.sh # Comprehensive Gitea operations helper
```
## 🚀 Quick Start
### 1. **Setup Environment Configuration**
```bash
# Copy the example environment file and customize
cp .env.example .env
# Edit .env with your registry and configuration:
CONTAINER_REGISTRY=gitea.yourdomain.com
CONTAINER_REPOSITORY=username/rxminder
GITEA_REGISTRY=gitea.yourdomain.com
GITEA_REPOSITORY=username/rxminder
```
### 2. **Setup Gitea Repository**
```bash
# Configure in Gitea Repository Settings → Actions
# Required Secrets:
GITEA_TOKEN # Personal access token with package write permissions
VITE_COUCHDB_PASSWORD # CouchDB password
DEPLOYMENT_WEBHOOK_URL # Optional: deployment notifications
# Repository Variables (optional - will use .env defaults):
GITEA_REGISTRY # Override registry from .env
VITE_COUCHDB_URL # http://localhost:5984
VITE_COUCHDB_USER # admin
APP_BASE_URL # http://localhost:8080
```
### 3. **Local Development with Gitea**
```bash
# Setup Gitea buildx builder
bun run gitea:setup
# Build for local development
bun run gitea:build-local
# Run tests
bun run gitea:test
# Check status
bun run gitea:status
```
### 4. **Production Deployment**
```bash
# Build and push to registry
export GITEA_TOKEN=your_token
export GITEA_REGISTRY=your-gitea.com
export GITEA_REPOSITORY=username/rxminder
bun run gitea:build-prod v1.0.0
# Deploy to production
bun run gitea:deploy production v1.0.0
```
## 🔧 Gitea Actions Features
### **Multi-Platform Builds**
- ✅ AMD64 (Intel/AMD processors)
- ✅ ARM64 (Apple Silicon, AWS Graviton)
- ✅ Optimized layer caching
- ✅ Registry-based build cache
### **Security & Quality**
- ✅ Trivy vulnerability scanning
- ✅ Supply chain attestations (SBOM, provenance)
- ✅ Dependency auditing
- ✅ Lint and type checking
### **Deployment Options**
- ✅ Docker Compose deployment
- ✅ Kubernetes deployment
- ✅ Staging environment support
- ✅ Health checks and monitoring
### **Automation**
- ✅ Automatic builds on push/PR
- ✅ Multi-environment deployments
- ✅ Image cleanup and maintenance
- ✅ Deployment notifications
## 📋 Available Commands
### **Gitea Helper Script**
```bash
./scripts/gitea-helper.sh setup # Setup buildx for Gitea
./scripts/gitea-helper.sh build-local # Local development build
./scripts/gitea-helper.sh build-multi # Multi-platform build
./scripts/gitea-helper.sh build-staging # Staging build
./scripts/gitea-helper.sh build-prod # Production build
./scripts/gitea-helper.sh test # Run all tests
./scripts/gitea-helper.sh deploy # Deploy to environment
./scripts/gitea-helper.sh status # Show CI/CD status
./scripts/gitea-helper.sh cleanup # Cleanup builders/images
```
### **Package.json Scripts**
```bash
bun run gitea:setup # Setup Gitea buildx
bun run gitea:build # Multi-platform build
bun run gitea:build-local # Local development
bun run gitea:build-staging # Staging build
bun run gitea:build-prod # Production build
bun run gitea:test # Run tests
bun run gitea:deploy # Deploy application
bun run gitea:status # Check status
bun run gitea:cleanup # Cleanup
```
## 🎯 Workflow Triggers
### **Automatic Triggers**
- **Push to main/develop**: Full build, test, and deploy
- **Pull Request**: Build, test, and security scan
- **Manual dispatch**: On-demand deployment
### **Environment-Specific**
- **Development**: Fast single-platform builds
- **Staging**: Full testing with staging configs
- **Production**: Multi-platform with attestations
## 🔒 Security Features
### **Image Security**
- Vulnerability scanning with Trivy
- Base image security updates
- Minimal attack surface
- Supply chain attestations
### **Secrets Management**
- Gitea-native secrets storage
- Environment-specific variables
- Token rotation support
- Secure registry authentication
## 📊 Monitoring & Notifications
### **Health Checks**
- Frontend application health
- Database connectivity
- Service dependency checks
- Container resource monitoring
### **Notifications**
- Deployment success/failure alerts
- Security scan results
- Build status updates
- Custom webhook integration
## 🚀 Next Steps
1. **Configure Gitea Repository**:
- Enable Actions in repository settings
- Add required secrets and variables
- Configure container registry
2. **Set up Gitea Runner**:
- Install and configure Gitea Actions runner
- Ensure Docker and buildx support
- Configure appropriate labels
3. **Test the Pipeline**:
```bash
# Push to trigger the workflow
git add .
git commit -m "Setup Gitea CI/CD"
git push origin main
```
4. **Customize for Your Environment**:
- Update registry URLs in `.gitea/gitea-bake.hcl`
- Modify deployment targets in `scripts/gitea-deploy.sh`
- Configure environment-specific variables
## 🔄 Migration Notes
- ✅ **Fully compatible** with existing Docker Buildx setup
- ✅ **No breaking changes** to development workflow
- ✅ **Parallel support** with GitHub Actions if needed
- ✅ **Easy rollback** - simply delete `.gitea/` directory
Your RxMinder app is now ready for professional-grade CI/CD with Gitea! 🎉
## 📞 Troubleshooting
### Common Issues:
1. **Build failures**: Check Gitea runner has Docker buildx
2. **Registry push errors**: Verify GITEA_TOKEN permissions
3. **Deployment issues**: Check environment variables and secrets
### Debug Commands:
```bash
# Check Gitea environment
./scripts/gitea-helper.sh status
# Test local build
./scripts/gitea-helper.sh build-local
# Verify registry login
docker login your-gitea.com
```
docs/deployment/STORAGE_CONFIGURATION.md
+226
View File
@@ -0,0 +1,226 @@
# 📦 Storage Configuration Examples
## Overview
RxMinder now supports configurable storage through environment variables, making it easy to adapt to different Kubernetes environments and storage requirements.
## 🗂️ Storage Configuration Variables
### **STORAGE_CLASS**
The Kubernetes StorageClass to use for persistent volumes.
**Common Options:**
- `longhorn` - Longhorn distributed storage (Raspberry Pi clusters)
- `local-path` - Local path provisioner (k3s default)
- `standard` - Cloud provider standard storage
- `fast-ssd` - High-performance SSD storage
- `gp2` - AWS General Purpose SSD
- `pd-standard` - Google Cloud Standard Persistent Disk
- `azure-disk` - Azure Standard Disk
### **STORAGE_SIZE**
The amount of storage to allocate for the CouchDB database.
**Sizing Guidelines:**
- `1Gi` - Minimal testing (not recommended for production)
- `5Gi` - Small deployment (default, good for development)
- `10Gi` - Medium deployment (suitable for small teams)
- `20Gi` - Large deployment (production use)
- `50Gi+` - Enterprise deployment (high-volume usage)
## 🎯 Environment-Specific Examples
### Development (.env)
```bash
# Development environment
APP_NAME=rxminder-dev
STORAGE_CLASS=local-path
STORAGE_SIZE=5Gi
INGRESS_HOST=rxminder-dev.local
```
### Staging (.env.staging)
```bash
# Staging environment
APP_NAME=rxminder-staging
STORAGE_CLASS=longhorn
STORAGE_SIZE=10Gi
INGRESS_HOST=staging.rxminder.company.com
```
### Production (.env.production)
```bash
# Production environment
APP_NAME=rxminder
STORAGE_CLASS=fast-ssd
STORAGE_SIZE=50Gi
INGRESS_HOST=rxminder.company.com
```
### Cloud Providers
#### AWS EKS
```bash
APP_NAME=rxminder
STORAGE_CLASS=gp2 # General Purpose SSD
STORAGE_SIZE=20Gi
INGRESS_HOST=rxminder.aws.company.com
```
#### Google GKE
```bash
APP_NAME=rxminder
STORAGE_CLASS=pd-standard # Standard Persistent Disk
STORAGE_SIZE=20Gi
INGRESS_HOST=rxminder.gcp.company.com
```
#### Azure AKS
```bash
APP_NAME=rxminder
STORAGE_CLASS=managed-premium # Premium SSD
STORAGE_SIZE=20Gi
INGRESS_HOST=rxminder.azure.company.com
```
## 🏗️ Generated Kubernetes Resources
### Before (Hardcoded)
```yaml
# Old approach - hardcoded values
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: couchdb-pvc
spec:
storageClassName: longhorn
resources:
requests:
storage: 1Gi
```
### After (Template-Based)
```yaml
# Template: k8s/couchdb-pvc.yaml.template
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: ${APP_NAME}-couchdb-pvc
labels:
app: ${APP_NAME}
spec:
storageClassName: ${STORAGE_CLASS}
resources:
requests:
storage: ${STORAGE_SIZE}
```
### Deployed Result
```yaml
# After envsubst processing
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: rxminder-couchdb-pvc
labels:
app: rxminder
spec:
storageClassName: fast-ssd
resources:
requests:
storage: 20Gi
```
## 🚀 Deployment Examples
### Quick Development Setup
```bash
# Development with local storage
export APP_NAME=rxminder-dev
export STORAGE_CLASS=local-path
export STORAGE_SIZE=5Gi
./scripts/k8s-deploy-template.sh deploy
```
### Production Deployment
```bash
# Copy production environment
cp .env.production .env
# Edit with your specific values
nano .env
# Deploy to production
./scripts/k8s-deploy-template.sh deploy
```
### Custom Configuration
```bash
# Override specific values
export STORAGE_CLASS=custom-storage
export STORAGE_SIZE=100Gi
./scripts/k8s-deploy-template.sh deploy
```
## 🔍 Storage Class Discovery
### Find Available Storage Classes
```bash
# List available storage classes in your cluster
kubectl get storageclass
# Get details about a specific storage class
kubectl describe storageclass longhorn
```
### Common Storage Class Names by Platform
| Platform | Common Storage Classes |
| -------------- | ------------------------------------------ |
| **k3s** | `local-path` (default) |
| **Longhorn** | `longhorn` |
| **AWS EKS** | `gp2`, `gp3`, `io1`, `io2` |
| **Google GKE** | `standard`, `ssd`, `pd-standard`, `pd-ssd` |
| **Azure AKS** | `default`, `managed-premium` |
| **Rancher** | `longhorn`, `local-path` |
## 💡 Benefits
### Flexibility
-**Environment-specific** storage configuration
-**Cloud-agnostic** deployment
-**Performance tuning** via storage class selection
-**Cost optimization** through appropriate sizing
### Maintainability
-**Single source of truth** via `.env` files
-**Easy scaling** by changing STORAGE_SIZE
-**Environment promotion** using different .env files
-**Disaster recovery** with consistent configurations
### Developer Experience
-**No hardcoded values** in manifests
-**Clear documentation** of requirements
-**Validation** of required variables
-**Automated deployment** with proper storage setup
This approach makes RxMinder truly **portable** across different Kubernetes environments while maintaining **production-grade** storage management!
docs/development/API.md
+839
View File
@@ -0,0 +1,839 @@
# API Documentation
## 📚 API Reference for Medication Reminder App
### **Base URL**
- Development: `http://localhost:5173`
- Production: `http://localhost:8080`
### **Authentication**
All authenticated endpoints require a valid session token.
#### **Headers**
```http
Authorization: Bearer <token>
Content-Type: application/json
```
---
## 🔐 Authentication Endpoints
### **Register User**
Create a new user account with email verification.
**Endpoint:** `POST /auth/register`
**Request Body:**
```json
{
"email": "user@example.com",
"password": "SecurePassword123!",
"username": "JohnDoe"
}
```
**Response:**
```json
{
"user": {
"_id": "user-uuid",
"email": "user@example.com",
"username": "JohnDoe",
"status": "PENDING",
"emailVerified": false,
"role": "USER",
"createdAt": "2025-09-05T12:00:00Z"
},
"verificationToken": {
"token": "verification-token-uuid",
"expiresAt": "2025-09-05T13:00:00Z"
}
}
```
**Status Codes:**
- `201` - User created successfully
- `400` - Invalid input data
- `409` - Email already exists
---
### **Login User**
Authenticate user with email and password.
**Endpoint:** `POST /auth/login`
**Request Body:**
```json
{
"email": "user@example.com",
"password": "SecurePassword123!"
}
```
**Response:**
```json
{
"user": {
"_id": "user-uuid",
"email": "user@example.com",
"username": "JohnDoe",
"status": "ACTIVE",
"emailVerified": true,
"role": "USER"
},
"accessToken": "jwt-access-token",
"refreshToken": "jwt-refresh-token"
}
```
**Status Codes:**
- `200` - Login successful
- `401` - Invalid credentials
- `403` - Account not verified or suspended
---
### **OAuth Login**
Authenticate using OAuth providers (Google, GitHub).
**Endpoint:** `POST /auth/oauth`
**Request Body:**
```json
{
"provider": "google",
"userData": {
"email": "user@example.com",
"username": "John Doe",
"avatar": "https://example.com/avatar.jpg"
}
}
```
**Response:**
```json
{
"user": {
"_id": "user-uuid",
"email": "user@example.com",
"username": "John Doe",
"status": "ACTIVE",
"emailVerified": true,
"role": "USER",
"avatar": "https://example.com/avatar.jpg"
},
"accessToken": "jwt-access-token",
"refreshToken": "jwt-refresh-token"
}
```
---
### **Verify Email**
Activate user account using verification token.
**Endpoint:** `POST /auth/verify-email`
**Request Body:**
```json
{
"token": "verification-token-uuid"
}
```
**Response:**
```json
{
"user": {
"_id": "user-uuid",
"email": "user@example.com",
"username": "JohnDoe",
"status": "ACTIVE",
"emailVerified": true,
"role": "USER"
}
}
```
---
### **Change Password**
Change user password (requires current password).
**Endpoint:** `POST /auth/change-password`
**Request Body:**
```json
{
"userId": "user-uuid",
"currentPassword": "OldPassword123!",
"newPassword": "NewPassword456!"
}
```
**Response:**
```json
{
"success": true,
"message": "Password changed successfully"
}
```
---
### **Request Password Reset**
Request password reset email.
**Endpoint:** `POST /auth/request-password-reset`
**Request Body:**
```json
{
"email": "user@example.com"
}
```
**Response:**
```json
{
"success": true,
"message": "Password reset email sent"
}
```
---
### **Reset Password**
Reset password using reset token.
**Endpoint:** `POST /auth/reset-password`
**Request Body:**
```json
{
"token": "reset-token-uuid",
"newPassword": "NewPassword123!"
}
```
**Response:**
```json
{
"success": true,
"message": "Password reset successful"
}
```
---
## 💊 Medication Management
### **Add Medication**
Add a new medication to user's list.
**Endpoint:** `POST /medications`
**Request Body:**
```json
{
"name": "Aspirin",
"dosage": "100mg",
"frequency": "Daily",
"startTime": "08:00",
"notes": "Take with food",
"icon": "💊"
}
```
**Response:**
```json
{
"_id": "medication-uuid",
"name": "Aspirin",
"dosage": "100mg",
"frequency": "Daily",
"startTime": "08:00",
"notes": "Take with food",
"icon": "💊",
"userId": "user-uuid",
"createdAt": "2025-09-05T12:00:00Z"
}
```
---
### **Get Medications**
Retrieve user's medications.
**Endpoint:** `GET /medications`
**Query Parameters:**
- `active` (boolean) - Filter active medications only
**Response:**
```json
[
{
"_id": "medication-uuid",
"name": "Aspirin",
"dosage": "100mg",
"frequency": "Daily",
"startTime": "08:00",
"notes": "Take with food",
"icon": "💊"
}
]
```
---
### **Update Medication**
Update existing medication.
**Endpoint:** `PUT /medications/:id`
**Request Body:**
```json
{
"dosage": "200mg",
"notes": "Take with plenty of water"
}
```
**Response:**
```json
{
"_id": "medication-uuid",
"name": "Aspirin",
"dosage": "200mg",
"frequency": "Daily",
"startTime": "08:00",
"notes": "Take with plenty of water",
"icon": "💊"
}
```
---
### **Delete Medication**
Remove medication from user's list.
**Endpoint:** `DELETE /medications/:id`
**Response:**
```json
{
"success": true,
"message": "Medication deleted successfully"
}
```
---
## ⏰ Reminder Management
### **Add Custom Reminder**
Create a custom reminder.
**Endpoint:** `POST /reminders`
**Request Body:**
```json
{
"title": "Doctor Appointment",
"message": "Annual checkup with Dr. Smith",
"scheduledFor": "2025-09-15T14:00:00Z",
"recurrence": "yearly"
}
```
**Response:**
```json
{
"_id": "reminder-uuid",
"title": "Doctor Appointment",
"message": "Annual checkup with Dr. Smith",
"scheduledFor": "2025-09-15T14:00:00Z",
"recurrence": "yearly",
"userId": "user-uuid",
"isActive": true
}
```
---
### **Get Reminders**
Retrieve user's reminders.
**Endpoint:** `GET /reminders`
**Query Parameters:**
- `date` (string) - Filter by specific date (YYYY-MM-DD)
- `active` (boolean) - Filter active reminders only
**Response:**
```json
[
{
"_id": "reminder-uuid",
"title": "Doctor Appointment",
"message": "Annual checkup with Dr. Smith",
"scheduledFor": "2025-09-15T14:00:00Z",
"recurrence": "yearly",
"isActive": true
}
]
```
---
## 📊 Dose Tracking
### **Record Taken Dose**
Mark a dose as taken.
**Endpoint:** `POST /doses/taken`
**Request Body:**
```json
{
"medicationId": "medication-uuid",
"scheduledTime": "2025-09-05T08:00:00Z",
"takenAt": "2025-09-05T08:15:00Z",
"notes": "Took with breakfast"
}
```
**Response:**
```json
{
"success": true,
"dose": {
"id": "medication-uuid-2025-09-05",
"medicationId": "medication-uuid",
"scheduledTime": "2025-09-05T08:00:00Z",
"takenAt": "2025-09-05T08:15:00Z",
"status": "TAKEN",
"notes": "Took with breakfast"
}
}
```
---
### **Get Dose History**
Retrieve dose history for analytics.
**Endpoint:** `GET /doses`
**Query Parameters:**
- `medicationId` (string) - Filter by medication
- `startDate` (string) - Start date (YYYY-MM-DD)
- `endDate` (string) - End date (YYYY-MM-DD)
- `status` (string) - Filter by status (TAKEN, MISSED, UPCOMING)
**Response:**
```json
{
"doses": [
{
"id": "medication-uuid-2025-09-05",
"medicationId": "medication-uuid",
"scheduledTime": "2025-09-05T08:00:00Z",
"takenAt": "2025-09-05T08:15:00Z",
"status": "TAKEN"
}
],
"stats": {
"totalDoses": 30,
"takenDoses": 28,
"missedDoses": 2,
"adherenceRate": 93.3
}
}
```
---
## 👑 Admin Endpoints
### **Get All Users**
Retrieve all users (admin only).
**Endpoint:** `GET /admin/users`
**Query Parameters:**
- `status` (string) - Filter by status
- `role` (string) - Filter by role
- `page` (number) - Pagination page
- `limit` (number) - Items per page
**Response:**
```json
{
"users": [
{
"_id": "user-uuid",
"email": "user@example.com",
"username": "JohnDoe",
"status": "ACTIVE",
"role": "USER",
"emailVerified": true,
"createdAt": "2025-09-05T12:00:00Z",
"lastLoginAt": "2025-09-05T15:30:00Z"
}
],
"pagination": {
"page": 1,
"limit": 20,
"total": 150,
"pages": 8
}
}
```
---
### **Update User Status**
Change user account status (admin only).
**Endpoint:** `PUT /admin/users/:id/status`
**Request Body:**
```json
{
"status": "SUSPENDED"
}
```
**Response:**
```json
{
"success": true,
"user": {
"_id": "user-uuid",
"status": "SUSPENDED"
}
}
```
---
### **Delete User**
Delete user account (admin only).
**Endpoint:** `DELETE /admin/users/:id`
**Response:**
```json
{
"success": true,
"message": "User deleted successfully"
}
```
---
## 📈 Analytics
### **User Statistics**
Get user's medication adherence statistics.
**Endpoint:** `GET /analytics/stats`
**Query Parameters:**
- `period` (string) - Time period (7d, 30d, 90d, 1y)
**Response:**
```json
{
"adherence": {
"overall": 92.5,
"trend": "improving",
"streak": 7
},
"medications": [
{
"medicationId": "medication-uuid",
"name": "Aspirin",
"taken": 28,
"missed": 2,
"adherence": 93.3
}
],
"dailyStats": [
{
"date": "2025-09-05",
"adherence": 100,
"totalDoses": 3,
"takenDoses": 3
}
]
}
```
---
## 🔧 User Settings
### **Get User Settings**
Retrieve user preferences.
**Endpoint:** `GET /settings`
**Response:**
```json
{
"notifications": {
"email": true,
"push": false,
"reminderSound": true
},
"preferences": {
"theme": "dark",
"timezone": "UTC-5",
"dateFormat": "MM/DD/YYYY"
},
"privacy": {
"shareStats": false,
"anonymousUsage": true
}
}
```
---
### **Update User Settings**
Update user preferences.
**Endpoint:** `PUT /settings`
**Request Body:**
```json
{
"notifications": {
"email": false,
"push": true
},
"preferences": {
"theme": "light"
}
}
```
**Response:**
```json
{
"success": true,
"settings": {
"notifications": {
"email": false,
"push": true,
"reminderSound": true
},
"preferences": {
"theme": "light",
"timezone": "UTC-5",
"dateFormat": "MM/DD/YYYY"
}
}
}
```
---
## 📁 File Upload
### **Upload Avatar**
Upload user avatar image.
**Endpoint:** `POST /upload/avatar`
**Request:** Multipart form data
- `avatar` (file) - Image file (JPEG, PNG, max 2MB)
**Response:**
```json
{
"success": true,
"avatarUrl": "data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQ..."
}
```
---
## 🔍 Search
### **Search Medications**
Search for medications by name.
**Endpoint:** `GET /search/medications`
**Query Parameters:**
- `q` (string) - Search query
- `limit` (number) - Max results
**Response:**
```json
{
"results": [
{
"name": "Aspirin",
"commonDosages": ["100mg", "325mg", "500mg"],
"category": "Pain Reliever"
}
]
}
```
---
## ❌ Error Responses
### **Error Format**
```json
{
"error": {
"code": "VALIDATION_ERROR",
"message": "Invalid input data",
"details": {
"email": "Invalid email format",
"password": "Password too weak"
}
}
}
```
### **Common Error Codes**
- `VALIDATION_ERROR` (400) - Invalid input data
- `UNAUTHORIZED` (401) - Authentication required
- `FORBIDDEN` (403) - Insufficient permissions
- `NOT_FOUND` (404) - Resource not found
- `CONFLICT` (409) - Resource already exists
- `RATE_LIMITED` (429) - Too many requests
- `INTERNAL_ERROR` (500) - Server error
---
## 📊 Rate Limiting
### **Limits**
- Authentication endpoints: 5 requests/minute
- General API: 100 requests/minute
- Upload endpoints: 10 requests/minute
### **Headers**
```http
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 95
X-RateLimit-Reset: 1693929600
```
---
## 🔒 Security
### **Authentication**
- JWT tokens with 24-hour expiration
- Refresh tokens for automatic renewal
- Secure password hashing with bcrypt
### **Authorization**
- Role-based access control (USER, ADMIN)
- Resource-level permissions
- Account status validation
### **Data Protection**
- Input validation and sanitization
- SQL injection prevention
- XSS protection
- CORS configuration
---
## 📚 Additional Resources
- [Postman Collection](./postman-collection.json)
- [OpenAPI Specification](./openapi.yaml)
- [SDK Documentation](./sdk-docs.md)
- [Integration Examples](./examples/)
docs/development/APPLICATION_SECURITY.md
+162
View File
@@ -0,0 +1,162 @@
# Security Guide
## 🔐 Security Best Practices for Medication Reminder App
### **Password Security**
#### **Password Requirements**
- Minimum 8 characters
- Must contain uppercase and lowercase letters
- Must contain at least one number
- Must contain at least one special character
- Cannot be common passwords (password123, admin, etc.)
#### **Password Hashing**
- Uses bcrypt with salt rounds for secure password storage
- Passwords are never stored in plain text
- Password verification happens through secure hash comparison
### **Authentication Security**
#### **Session Management**
- JWT-like token system for user sessions
- Tokens have expiration times
- Secure token storage and transmission
- Automatic session cleanup on logout
#### **Email Verification**
- All new accounts require email verification
- Verification tokens are time-limited
- Prevents unauthorized account creation
- Uses cryptographically secure random tokens
#### **OAuth Security**
- Supports Google and GitHub OAuth
- Secure OAuth flow implementation
- No password storage for OAuth users
- Account linking prevention for security
### **Environment Security**
#### **Environment Variables**
- Never commit `.env` files to version control
- Use separate environment files for different deployments
- Rotate credentials regularly
- Use strong, unique passwords for each environment
#### **Docker Security**
- Non-root user for application execution
- Multi-stage builds to minimize attack surface
- Health checks for service monitoring
- Isolated network for services
### **Database Security**
#### **CouchDB Security**
- Admin authentication required
- Database-level access control
- SSL/TLS encryption for production
- Regular backup and security updates
#### **Data Protection**
- User data isolation by user ID
- Input validation and sanitization
- Protection against injection attacks
- Secure data deletion capabilities
### **Production Security Checklist**
#### **Before Deployment**
- [ ] Change default admin password
- [ ] Configure strong CouchDB credentials
- [ ] Set up Mailgun with proper API keys
- [ ] Enable SSL/TLS certificates
- [ ] Configure firewall rules
- [ ] Set up monitoring and logging
#### **Regular Security Tasks**
- [ ] Rotate credentials monthly
- [ ] Update dependencies regularly
- [ ] Monitor logs for suspicious activity
- [ ] Backup databases securely
- [ ] Review user access permissions
- [ ] Test disaster recovery procedures
### **Incident Response**
#### **Security Breach Protocol**
1. **Immediate Response**
- Disable affected accounts
- Change all credentials
- Review access logs
- Document the incident
2. **Investigation**
- Identify breach source
- Assess data exposure
- Notify affected users
- Implement fixes
3. **Recovery**
- Restore from secure backups
- Update security measures
- Monitor for further issues
- Conduct post-incident review
### **Compliance Considerations**
#### **Data Privacy**
- User data minimization
- Right to data deletion
- Transparent privacy policy
- Secure data export capabilities
#### **Healthcare Compliance**
- HIPAA considerations for health data
- Secure medication information handling
- Audit trail capabilities
- Data retention policies
### **Security Monitoring**
#### **Logging**
- Authentication attempts
- Failed login monitoring
- Admin actions tracking
- Database access logging
#### **Alerting**
- Multiple failed login attempts
- Admin privilege escalation
- Unusual data access patterns
- System health issues
### **Emergency Contacts**
#### **Security Issues**
- Development Team: security@your-domain.com
- System Administrator: admin@your-domain.com
- Emergency Response: +1-XXX-XXX-XXXX
#### **Third-party Services**
- Mailgun Support: support@mailgun.com
- CouchDB Security: security@apache.org
- Docker Security: security@docker.com
docs/development/CODE_QUALITY.md
+246
View File
@@ -0,0 +1,246 @@
# Code Quality and Formatting Setup
This project includes comprehensive code quality tools and pre-commit hooks to maintain consistent code standards.
## Tools Configured
### Pre-commit Hooks
- **File formatting**: Trailing whitespace, end-of-file fixes, line ending normalization
- **Security**: Private key detection, secrets scanning with detect-secrets
- **Linting**: ESLint for TypeScript/JavaScript, Hadolint for Docker, ShellCheck for scripts
- **Type checking**: TypeScript compilation checks
- **Formatting**: Prettier for code formatting, Markdownlint for documentation
### Code Formatters
- **Prettier**: Handles JavaScript, TypeScript, JSON, YAML, Markdown, CSS, SCSS, HTML formatting
- **ESLint**: TypeScript/JavaScript linting with comprehensive rules and React hooks support
- **EditorConfig**: Consistent coding styles across editors
### Security Tools
- **detect-secrets**: Prevents secrets from being committed to the repository
- **Private key detection**: Automatically detects and blocks private keys
## Setup
Run the setup script to install all tools and configure pre-commit hooks:
```bash
./scripts/setup-pre-commit.sh
```
Alternatively, install manually:
```bash
# Install dependencies
bun install
# Install pre-commit in Python virtual environment
python -m venv .venv
source .venv/bin/activate # or .venv/Scripts/activate on Windows
pip install pre-commit detect-secrets
# Install pre-commit hooks
pre-commit install
# Create secrets baseline (if it doesn't exist)
detect-secrets scan --baseline .secrets.baseline
```
## Usage
### Automatic (Recommended)
Pre-commit hooks will automatically run on every commit, ensuring:
- Code is properly formatted
- Linting rules are followed
- Type checking passes
- No secrets are committed
### Manual Commands
```bash
# Format all files
bun run format
# Check formatting without fixing
bun run format:check
# Lint TypeScript/JavaScript files
bun run lint
# Lint with auto-fix
bun run lint:fix
# Type checking
bun run type-check
# Run pre-commit hook
bun run pre-commit
# Run all pre-commit hooks manually (using virtual environment)
/home/will/Code/meds/.venv/bin/pre-commit run --all-files
# Run specific hook
/home/will/Code/meds/.venv/bin/pre-commit run prettier --all-files
# Update pre-commit hook versions
/home/will/Code/meds/.venv/bin/pre-commit autoupdate
```
## Configuration Files
- `.pre-commit-config.yaml` - Pre-commit hooks configuration with comprehensive security and quality checks
- `.prettierrc` - Prettier formatting rules with TypeScript/React optimizations
- `.prettierignore` - Files to ignore for Prettier formatting
- `.editorconfig` - Editor configuration for consistent coding styles across IDEs
- `eslint.config.cjs` - ESLint linting rules with TypeScript and React hooks support
- `.markdownlint.json` - Markdown linting configuration for documentation quality
- `.secrets.baseline` - Baseline for detect-secrets security scanning
- `scripts/setup-pre-commit.sh` - Automated setup script for all tools
- `docs/CODE_QUALITY.md` - This documentation file
## Pre-commit Hook Details
The following hooks run automatically on every commit:
### File Quality Hooks
- `trailing-whitespace` - Removes trailing whitespace
- `end-of-file-fixer` - Ensures files end with newline
- `check-yaml` - Validates YAML syntax
- `check-json` - Validates JSON syntax
- `check-toml` - Validates TOML syntax
- `check-xml` - Validates XML syntax
- `check-merge-conflict` - Prevents merge conflict markers
- `check-added-large-files` - Prevents large files from being committed
- `check-case-conflict` - Prevents case conflicts on case-insensitive filesystems
- `check-symlinks` - Validates symlinks
- `mixed-line-ending` - Ensures consistent line endings (LF)
### Security Hooks
- `detect-private-key` - Prevents private keys from being committed
- `detect-secrets` - Scans for secrets using baseline comparison
### Code Quality Hooks
- `prettier` - Formats JavaScript, TypeScript, JSON, YAML, Markdown, CSS, SCSS, HTML
- `eslint` - Lints TypeScript/JavaScript with auto-fix
- `tsc` - TypeScript type checking
### Infrastructure Hooks
- `hadolint-docker` - Lints Dockerfile files
- `shellcheck` - Lints shell scripts
- `markdownlint` - Lints and formats Markdown files
## IDE Integration
### VS Code (Recommended)
Install these extensions for optimal integration:
- **Prettier - Code formatter** (`esbenp.prettier-vscode`)
- **ESLint** (`dbaeumer.vscode-eslint`)
- **EditorConfig for VS Code** (`editorconfig.editorconfig`)
### Settings for VS Code
Add these settings to your VS Code `settings.json`:
```json
{
"editor.formatOnSave": true,
"editor.defaultFormatter": "esbenp.prettier-vscode",
"editor.codeActionsOnSave": {
"source.fixAll.eslint": true
},
"eslint.validate": ["javascript", "javascriptreact", "typescript", "typescriptreact"]
}
```
### Other IDEs
Most modern IDEs support EditorConfig, Prettier, and ESLint through plugins:
- **WebStorm/IntelliJ**: Built-in support for most tools
- **Vim/Neovim**: Use coc.nvim or native LSP with appropriate plugins
- **Sublime Text**: Install Package Control packages for each tool
## Customization
### Prettier
Edit `.prettierrc` to modify formatting rules.
### ESLint
Edit `eslint.config.cjs` to add or modify linting rules.
### Pre-commit
Edit `.pre-commit-config.yaml` to add, remove, or modify hooks.
## Troubleshooting
### Pre-commit hooks failing
```bash
# Skip hooks temporarily (not recommended)
git commit --no-verify -m "commit message"
# Fix issues and try again
bun run lint:fix
bun run format
git add .
git commit -m "commit message"
```
### Update hook versions
```bash
/home/will/Code/meds/.venv/bin/pre-commit autoupdate
```
### Clear pre-commit cache
```bash
/home/will/Code/meds/.venv/bin/pre-commit clean
```
### Secrets detection issues
```bash
# Update secrets baseline
/home/will/Code/meds/.venv/bin/detect-secrets scan --update .secrets.baseline
# Audit detected secrets
/home/will/Code/meds/.venv/bin/detect-secrets audit .secrets.baseline
```
### Python virtual environment issues
```bash
# Recreate virtual environment
rm -rf .venv
python -m venv .venv
source .venv/bin/activate
pip install pre-commit detect-secrets
/home/will/Code/meds/.venv/bin/pre-commit install
```
### ESLint configuration issues
If you encounter TypeScript project configuration errors:
```bash
# Ensure tsconfig.json is properly configured
bun run type-check
# Check ESLint configuration
npx eslint --print-config index.tsx
```
docs/development/SECURITY_CHANGES.md
+148
View File
@@ -0,0 +1,148 @@
# 🔐 Security Changes Summary
## Overview
We have systematically removed all hardcoded credentials from the RxMinder application and replaced them with secure defaults and environment variables.
## ✅ Changes Made
### 1. Kubernetes Configuration
- **`k8s/couchdb-secret.yaml`**: Converted to template with secure base64-encoded defaults
- **`k8s/db-seed-job.yaml`**: Now uses environment variables from secrets instead of hardcoded credentials
### 2. Docker Configuration
- **`docker/Dockerfile`**: Updated default password arguments to secure values
- **`docker/docker-compose.yaml`**: All password environment variables use secure fallbacks
- **`docker/docker-bake.hcl`**: Updated variable defaults to secure passwords
### 3. Shell Scripts
Updated all deployment and build scripts with secure password fallbacks:
- `scripts/setup.sh`
- `scripts/deploy.sh`
- `scripts/validate-deployment.sh`
- `scripts/buildx-helper.sh`
- `scripts/gitea-deploy.sh`
- `scripts/gitea-helper.sh`
- `scripts/seed-production.js`
- `rename-app.sh`
### 4. CI/CD Workflows
- **`.github/workflows/build-deploy.yml`**: Updated fallback passwords to secure values
- **`.gitea/workflows/ci-cd.yml`**: Updated fallback passwords to secure values
- **`.gitea/docker-compose.ci.yml`**: Updated test database passwords
- **`.gitea/gitea-bake.hcl`**: Updated default password variables
### 5. Environment Files
- **`.env.example`**: Updated with secure default passwords and documentation
- **`.env.production`**: Updated with secure default passwords
- **`test.env`**: Updated test credentials to secure values
### 6. Documentation
- **`README.md`**: Updated default admin credentials documentation
- **`SECURITY.md`**: Created comprehensive security guide with checklists
- **`.gitea/README.md`**: Updated documentation
- **`GITEA_SETUP.md`**: Updated setup instructions
## 🛡️ Security Improvements
### Before
- Hardcoded `admin123!` and `password` throughout configuration files
- Weak default passwords in CI/CD systems
- No security documentation or guidelines
### After
- All passwords use environment variables or Kubernetes secrets
- Secure fallback passwords (`change-this-secure-password`)
- Comprehensive security documentation and checklists
- CI/CD systems use repository secrets with secure fallbacks
## 🔄 Required Actions
**CRITICAL**: Before production deployment, you must:
1. **Update Kubernetes Secrets**:
```bash
# Update k8s/couchdb-secret.yaml with your own secure base64-encoded credentials
echo -n "your-secure-password" | base64
```
2. **Update Environment Variables**:
```bash
# Update .env and .env.production with your secure passwords
COUCHDB_PASSWORD=your-very-secure-password
VITE_COUCHDB_PASSWORD=your-very-secure-password
```
3. **Configure CI/CD Secrets**:
- Set `VITE_COUCHDB_PASSWORD` in repository secrets
- Set `GITEA_TOKEN` / `GITHUB_TOKEN` for registry authentication
4. **Review Security Checklist**:
- Follow the checklist in `SECURITY.md`
- Use strong passwords (16+ characters, mixed case, numbers, symbols)
- Enable TLS/SSL for all external communications
## 📝 Files Modified
### Configuration Files (11)
- `k8s/couchdb-secret.yaml`
- `k8s/db-seed-job.yaml`
- `docker/Dockerfile`
- `docker/docker-compose.yaml`
- `docker/docker-bake.hcl`
- `.env.example`
- `.env.production`
- `test.env`
- `.github/workflows/build-deploy.yml`
- `.gitea/workflows/ci-cd.yml`
- `.gitea/docker-compose.ci.yml`
- `.gitea/gitea-bake.hcl`
### Scripts (8)
- `scripts/setup.sh`
- `scripts/deploy.sh`
- `scripts/validate-deployment.sh`
- `scripts/buildx-helper.sh`
- `scripts/gitea-deploy.sh`
- `scripts/gitea-helper.sh`
- `scripts/seed-production.js`
- `rename-app.sh`
### Documentation (5)
- `README.md`
- `SECURITY.md` (created)
- `SECURITY_CHANGES.md` (this file)
- `.gitea/README.md`
- `GITEA_SETUP.md`
## ✅ Verification
To verify no hardcoded credentials remain:
```bash
# Check for insecure passwords (should return only secure defaults)
grep -r "admin123\|password[^-]\|testpassword" --include="*.yaml" --include="*.yml" --include="*.sh" --include="*.env" --include="*.js" --include="*.hcl" .
# The only matches should be:
# - "change-this-secure-password" (secure fallback)
# - "test-secure-password" (secure test credentials)
# - Test files (acceptable for testing)
```
## 🎯 Result
RxMinder is now production-ready with secure credential management. All sensitive data is properly externalized to environment variables and Kubernetes secrets, with comprehensive documentation to guide secure deployment.
docs/migration/BUILDX_MIGRATION.md
+119
View File
@@ -0,0 +1,119 @@
# Docker Buildx Migration Complete ✅
Your project has been successfully migrated to use Docker Buildx for multi-platform container builds!
## What's New
### 🚀 Multi-Platform Support
- **AMD64 (x86_64)**: Traditional Intel/AMD processors
- **ARM64 (aarch64)**: Apple Silicon, AWS Graviton, Raspberry Pi 4+
### 🛠️ New Tools & Scripts
#### **buildx-helper.sh** - Comprehensive buildx management
```bash
# Setup buildx builder (one-time setup)
./scripts/buildx-helper.sh setup
# Build for local platform only (faster development)
./scripts/buildx-helper.sh build-local
# Build for multiple platforms
./scripts/buildx-helper.sh build-multi
# Build and push to registry
./scripts/buildx-helper.sh push docker.io/username latest
# Build using Docker Bake (advanced)
./scripts/buildx-helper.sh bake
# Inspect builder capabilities
./scripts/buildx-helper.sh inspect
# Cleanup builder
./scripts/buildx-helper.sh cleanup
```
#### **Package.json Scripts**
```bash
# Quick access via npm/bun scripts
bun run docker:setup # Setup buildx
bun run docker:build # Multi-platform build
bun run docker:build-local # Local platform only
bun run docker:bake # Advanced bake build
bun run docker:inspect # Inspect builder
bun run docker:cleanup # Cleanup
```
### 📁 New Files Added
1. **`docker/docker-bake.hcl`** - Advanced buildx configuration
2. **`scripts/buildx-helper.sh`** - Buildx management script
3. **`.github/workflows/build-deploy.yml`** - CI/CD with buildx
### 🔧 Updated Files
1. **`docker/Dockerfile`** - Added NODE_ENV build arg
2. **`docker/docker-compose.yaml`** - Added multi-platform support
3. **`scripts/setup.sh`** - Updated to use buildx
4. **`scripts/validate-deployment.sh`** - Updated to use buildx
5. **`scripts/deploy.sh`** - Updated to use buildx
6. **`docker/README.md`** - Added buildx documentation
7. **`package.json`** - Added docker scripts
## Benefits
### 🎯 **Better Performance**
- Enhanced caching with BuildKit
- Parallel multi-platform builds
- Faster incremental builds
### 🌍 **Cross-Platform Compatibility**
- Deploy on ARM-based servers (AWS Graviton, Apple Silicon)
- Support for various architectures out of the box
- Future-proof for emerging platforms
### 🔒 **Enhanced Security**
- Supply chain attestations (SBOM, provenance)
- Secure multi-stage builds
- Container image signing support
### 🔄 **CI/CD Ready**
- GitHub Actions workflow included
- Registry caching optimized
- Automated multi-platform pushes
## Next Steps
1. **Test the setup**:
```bash
bun run docker:setup
bun run docker:build-local
```
2. **Configure registry** (optional):
```bash
./scripts/buildx-helper.sh push ghcr.io/yourusername latest
```
3. **Enable GitHub Actions** (optional):
- Push to GitHub to trigger the workflow
- Configure registry secrets if needed
## Migration Notes
- ✅ Backwards compatible with existing Docker commands
- ✅ Docker Compose still works as before
- ✅ All existing scripts updated to use buildx
- ✅ No breaking changes to development workflow
Your project now supports cutting-edge multi-platform container builds! 🎉
docs/migration/NODEJS_PRECOMMIT_MIGRATION.md
+117
View File
@@ -0,0 +1,117 @@
# NodeJS-Native Pre-commit Setup Migration
## Overview
Successfully migrated from Python's `pre-commit` framework to a 100% NodeJS-native solution using Husky and lint-staged.
## What Was Removed
- `.pre-commit-config.yaml` - Python pre-commit configuration
- `.secrets.baseline` - Python detect-secrets baseline
- Python `pre-commit` dependency requirement
- Python `detect-secrets` dependency requirement
## What Was Added
### Core Tools
- **Husky v9** - Modern Git hooks manager
- **lint-staged** - Run tools on staged files only (performance optimization)
### NodeJS Alternatives for Previous Python Tools
| Python Tool | NodeJS Alternative | Purpose |
| ------------------ | --------------------------- | -------------------------------------- |
| `pre-commit-hooks` | Built into Husky hook | File checks, trailing whitespace, etc. |
| `mirrors-prettier` | `prettier` (direct) | Code formatting |
| `eslint` (local) | `eslint` (direct) | JavaScript/TypeScript linting |
| `tsc` (local) | `typescript` (direct) | Type checking |
| `hadolint` | `dockerfilelint` | Dockerfile linting |
| `shellcheck-py` | Custom shell checks in hook | Shell script validation |
| `markdownlint-cli` | `markdownlint-cli2` | Markdown linting |
| `detect-secrets` | `@secretlint/node` | Secret detection |
## New Package.json Scripts
```json
{
"lint:markdown": "markdownlint-cli2 \"**/*.md\"",
"lint:markdown:fix": "markdownlint-cli2 --fix \"**/*.md\"",
"lint:docker": "dockerfilelint docker/Dockerfile",
"check:secrets": "secretlint \"**/*\"",
"check:editorconfig": "eclint check .",
"fix:editorconfig": "eclint fix ."
}
```
## Enhanced lint-staged Configuration
```json
{
"lint-staged": {
"*.{js,jsx,ts,tsx}": ["eslint --fix", "prettier --write"],
"*.{json,yaml,yml,md,css,scss,html}": ["prettier --write"],
"*.md": ["markdownlint-cli2 --fix"],
"docker/Dockerfile": ["dockerfilelint"],
"*": ["eclint fix"]
}
}
```
## Husky Hooks
### `.husky/pre-commit`
- Runs lint-staged for efficient file-specific checks
- TypeScript type checking
- Large file detection (>500KB)
- Merge conflict marker detection
- Basic private key detection
### `.husky/commit-msg`
- Basic commit message validation
## Key Benefits
1. **No Python Dependencies** - Pure NodeJS ecosystem
2. **Better Performance** - lint-staged only processes changed files
3. **Simpler Setup** - No Python virtual environment needed
4. **Consistent Toolchain** - Everything uses npm/bun
5. **Modern Tooling** - Latest versions of all tools
6. **Easier CI/CD** - Same tools in development and CI
## Usage
### Setup
```bash
./scripts/setup-pre-commit.sh
```
### Manual Commands
```bash
bun run format # Format all files
bun run lint:fix # Fix linting issues
bun run lint:markdown:fix # Fix markdown issues
bun run check:secrets # Check for secrets
bun run type-check # TypeScript validation
```
### What Happens on Commit
1. **lint-staged** processes only changed files:
- ESLint auto-fix + Prettier for JS/TS files
- Prettier for JSON/YAML/MD/CSS files
- Markdownlint for Markdown files
- Dockerfilelint for Dockerfile
- EditorConfig fixes for all files
2. **TypeScript** type checking on entire project
3. **Security checks** for large files, merge conflicts, private keys
## Migration Complete ✅
The project now uses a modern, efficient, NodeJS-native pre-commit setup that provides the same (and better) functionality as the previous Python-based solution.
docs/setup/COMPLETE_TEMPLATE_CONFIGURATION.md
+319
View File
@@ -0,0 +1,319 @@
# 🎯 Complete Template-Based Configuration Summary
## Overview
RxMinder now supports **complete template-based configuration** with environment variables for all aspects of deployment, making it truly portable and customizable across any environment.
## 🔧 Configuration Variables
### Core Application
- **`APP_NAME`** - Application name used in all Kubernetes resources
- **`DOCKER_IMAGE`** - Container image to deploy
- **`INGRESS_HOST`** - External hostname for ingress
### Database Configuration
- **`COUCHDB_USER`** - Database username
- **`COUCHDB_PASSWORD`** - Database password (automatically base64 encoded)
### Storage Configuration
- **`STORAGE_CLASS`** - Kubernetes StorageClass for persistent volumes
- **`STORAGE_SIZE`** - Storage allocation for database
### Optional Configuration
- **`VITE_COUCHDB_URL`** - CouchDB URL for frontend
- **`APP_BASE_URL`** - Application base URL
## 📁 Template Files
All Kubernetes manifests are now template-based:
1. **`k8s/couchdb-secret.yaml.template`** - Database credentials (uses `stringData`)
2. **`k8s/couchdb-pvc.yaml.template`** - Persistent volume claim with configurable storage
3. **`k8s/couchdb-service.yaml.template`** - Database service with dynamic naming
4. **`k8s/couchdb-statefulset.yaml.template`** - Database deployment with storage config
5. **`k8s/configmap.yaml.template`** - Application configuration
6. **`k8s/frontend-deployment.yaml.template`** - Frontend with configurable image
7. **`k8s/frontend-service.yaml.template`** - Frontend service with dynamic naming
8. **`k8s/ingress.yaml.template`** - Ingress with configurable hostname
## 🎭 Environment Examples
### Development Environment
```bash
# .env
APP_NAME=rxminder-dev
DOCKER_IMAGE=localhost:5000/rxminder:dev
COUCHDB_USER=admin
COUCHDB_PASSWORD=dev-password-123
INGRESS_HOST=rxminder-dev.local
STORAGE_CLASS=local-path
STORAGE_SIZE=5Gi
```
### Staging Environment
```bash
# .env.staging
APP_NAME=rxminder-staging
DOCKER_IMAGE=registry.company.com/rxminder:staging
COUCHDB_USER=admin
COUCHDB_PASSWORD=staging-secure-password
INGRESS_HOST=staging.rxminder.company.com
STORAGE_CLASS=longhorn
STORAGE_SIZE=10Gi
```
### Production Environment
```bash
# .env.production
APP_NAME=rxminder
DOCKER_IMAGE=registry.company.com/rxminder:v1.2.0
COUCHDB_USER=admin
COUCHDB_PASSWORD=ultra-secure-production-password
INGRESS_HOST=rxminder.company.com
STORAGE_CLASS=fast-ssd
STORAGE_SIZE=50Gi
```
### Cloud Provider Examples
#### AWS EKS
```bash
APP_NAME=rxminder
DOCKER_IMAGE=123456789012.dkr.ecr.us-west-2.amazonaws.com/rxminder:v1.0.0
STORAGE_CLASS=gp3
STORAGE_SIZE=20Gi
INGRESS_HOST=rxminder.aws.company.com
```
#### Google GKE
```bash
APP_NAME=rxminder
DOCKER_IMAGE=gcr.io/project-id/rxminder:stable
STORAGE_CLASS=pd-ssd
STORAGE_SIZE=20Gi
INGRESS_HOST=rxminder.gcp.company.com
```
#### Azure AKS
```bash
APP_NAME=rxminder
DOCKER_IMAGE=myregistry.azurecr.io/rxminder:production
STORAGE_CLASS=managed-premium
STORAGE_SIZE=20Gi
INGRESS_HOST=rxminder.azure.company.com
```
## 🚀 Deployment Workflow
### Simple 3-Step Process
```bash
# 1. Configure environment
cp .env.example .env
nano .env # Edit with your values
# 2. Deploy with single command
./scripts/k8s-deploy-template.sh deploy
# 3. Check status
./scripts/k8s-deploy-template.sh status
```
### Advanced Deployment Options
```bash
# Deploy with specific environment file
ENV_FILE=.env.production ./scripts/k8s-deploy-template.sh deploy
# Override specific variables
export DOCKER_IMAGE=my-registry.com/rxminder:hotfix
./scripts/k8s-deploy-template.sh deploy
# Cleanup deployment
./scripts/k8s-deploy-template.sh delete
```
## 🎯 Generated Resources
### Before (Hardcoded)
```yaml
# Old approach - static values
metadata:
name: frontend
labels:
app: rxminder
spec:
containers:
- image: gitea-http.taildb3494.ts.net/will/meds:latest
volumeClaimTemplates:
- spec:
storageClassName: longhorn
resources:
requests:
storage: 1Gi
```
### After (Template-Based)
```yaml
# Template approach - dynamic values
metadata:
name: ${APP_NAME}-frontend
labels:
app: ${APP_NAME}
spec:
containers:
- image: ${DOCKER_IMAGE}
volumeClaimTemplates:
- spec:
storageClassName: ${STORAGE_CLASS}
resources:
requests:
storage: ${STORAGE_SIZE}
```
### Deployed Result
```yaml
# After envsubst processing
metadata:
name: rxminder-frontend
labels:
app: rxminder
spec:
containers:
- image: registry.company.com/rxminder:v1.0.0
volumeClaimTemplates:
- spec:
storageClassName: fast-ssd
resources:
requests:
storage: 20Gi
```
## 🔄 CI/CD Integration
### GitHub Actions
```yaml
name: Deploy to Kubernetes
on:
push:
branches: [main]
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Deploy to Production
env:
APP_NAME: rxminder
DOCKER_IMAGE: ghcr.io/${{ github.repository }}:${{ github.sha }}
COUCHDB_PASSWORD: ${{ secrets.COUCHDB_PASSWORD }}
INGRESS_HOST: rxminder.company.com
STORAGE_CLASS: fast-ssd
STORAGE_SIZE: 50Gi
run: |
./scripts/k8s-deploy-template.sh deploy
```
### GitLab CI
```yaml
deploy_production:
stage: deploy
variables:
APP_NAME: rxminder
DOCKER_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG
STORAGE_CLASS: longhorn
STORAGE_SIZE: 20Gi
script:
- ./scripts/k8s-deploy-template.sh deploy
only:
- tags
```
## 💡 Benefits Achieved
### 🎯 Flexibility
-**Multi-environment** deployments with same codebase
-**Cloud-agnostic** configuration
-**Registry-agnostic** image deployment
-**Storage-flexible** for any Kubernetes cluster
### 🔒 Security
-**No hardcoded credentials** in version control
-**Environment-specific secrets** management
-**Automatic base64 encoding** via Kubernetes `stringData`
-**Credential validation** before deployment
### 🛠️ Developer Experience
-**Single command deployment** across all environments
-**Clear documentation** of all configuration options
-**Environment validation** with helpful error messages
-**Template debugging** with manual `envsubst` testing
### 🏢 Enterprise Ready
-**Production-grade** configuration management
-**CI/CD integration** ready
-**Multi-cluster** deployment support
-**Disaster recovery** friendly with consistent configs
## 🎪 Use Cases
### Multi-Tenant Deployment
```bash
# Tenant A
export APP_NAME=rxminder-tenant-a
export INGRESS_HOST=tenant-a.rxminder.company.com
./scripts/k8s-deploy-template.sh deploy
# Tenant B
export APP_NAME=rxminder-tenant-b
export INGRESS_HOST=tenant-b.rxminder.company.com
./scripts/k8s-deploy-template.sh deploy
```
### Blue-Green Deployment
```bash
# Blue environment
export APP_NAME=rxminder-blue
export DOCKER_IMAGE=registry.com/rxminder:v1.0.0
./scripts/k8s-deploy-template.sh deploy
# Green environment
export APP_NAME=rxminder-green
export DOCKER_IMAGE=registry.com/rxminder:v2.0.0
./scripts/k8s-deploy-template.sh deploy
```
### Development Branches
```bash
# Feature branch deployment
export APP_NAME=rxminder-feature-auth
export DOCKER_IMAGE=registry.com/rxminder:feature-auth
export INGRESS_HOST=auth-feature.rxminder.dev.company.com
./scripts/k8s-deploy-template.sh deploy
```
This **complete template-based approach** makes RxMinder the most **flexible**, **secure**, and **maintainable** medication reminder application for Kubernetes deployments!
docs/setup/SETUP_COMPLETE.md
+89
View File
@@ -0,0 +1,89 @@
# Pre-commit and Code Quality Quick Reference
## ✅ What's Been Set Up
Your project now has comprehensive code quality tools configured:
### 🔧 Tools Installed
- **Pre-commit hooks** - Automatically run on every commit
- **Prettier** - Code formatting for JS/TS/JSON/YAML/MD/CSS/SCSS/HTML
- **ESLint** - JavaScript/TypeScript linting with React hooks and comprehensive rules
- **TypeScript** - Type checking with strict configuration
- **Hadolint** - Docker linting
- **ShellCheck** - Shell script linting
- **Markdownlint** - Markdown formatting and quality checks
- **detect-secrets** - Security scanning to prevent secret commits
- **EditorConfig** - Consistent coding styles across editors
### 📁 Configuration Files Created
- `.pre-commit-config.yaml` - Comprehensive pre-commit hooks configuration
- `.prettierrc` - Prettier formatting rules optimized for TypeScript/React
- `.prettierignore` - Files excluded from formatting
- `.editorconfig` - Editor configuration for consistent styles
- `.markdownlint.json` - Markdown linting rules for documentation quality
- `.secrets.baseline` - Security baseline for secret detection
- `scripts/setup-pre-commit.sh` - Automated setup script
- `docs/CODE_QUALITY.md` - Comprehensive documentation
- Python virtual environment (`.venv/`) - Isolated Python tools environment
## 🚀 Quick Commands
```bash
# Format all files
bun run format
# Check formatting (no changes)
bun run format:check
# Lint TypeScript/JavaScript
bun run lint
# Lint with auto-fix
bun run lint:fix
# Type check
bun run type-check
# Run lint-staged (pre-commit formatting)
bun run pre-commit
# Run all pre-commit hooks manually
/home/will/Code/meds/.venv/bin/pre-commit run --all-files
# Update pre-commit hook versions
/home/will/Code/meds/.venv/bin/pre-commit autoupdate
# Update secrets baseline
/home/will/Code/meds/.venv/bin/detect-secrets scan --update .secrets.baseline
```
## 🔄 How It Works
1. **On Commit**: Pre-commit hooks automatically run to:
- Format code with Prettier
- Lint with ESLint
- Check TypeScript types
- Scan for secrets
- Lint Docker and shell files
- Check YAML/JSON syntax
2. **If Issues Found**: Commit is blocked until fixed
3. **Auto-fixes Applied**: Many issues are automatically corrected
## 🛠️ IDE Setup
### VS Code Extensions (Recommended)
- Prettier - Code formatter
- ESLint
- EditorConfig for VS Code
## 📖 Full Documentation
See `docs/CODE_QUALITY.md` for complete setup and customization guide.
---
**Your code will now be automatically formatted and checked on every commit! 🎉**