bytelyst-devops-tools

bytelyst/bytelyst-devops-tools

Fork 0

Commit Graph

Author	SHA1	Message	Date
Hermes VM	1e64d75fd4	feat(dashboard): Phase 5 P2 — structured pino logging with redaction First half of Phase 5 P2 (the "structured backend logging" piece; E2E-in-CI lands separately so the diff stays reviewable). Adds `lib/logger.ts` exporting a singleton pino instance shared between Fastify (via `loggerInstance`) and any non-request code path. One configured logger across the backend means uniform formatting, redaction, and log-level control: - LOG_LEVEL env knob (defaults: debug in non-prod, info in prod when NODE_ENV=production). Documented in `.env.example`. - Built-in redaction for Authorization / Cookie headers and the common secret-shaped field names (password, token, refreshToken, accessToken, csrfToken, JWT_SECRET, CSRF_SECRET, ENCRYPTION_KEY, COSMOS_KEY, AZURE_CLIENT_SECRET) so an accidental `req.log.info(req.body)` or `logger.error({ err, config }, …)` won't dump credentials. This is a backstop, not the primary defense — call sites should still avoid logging raw config/req. - JSON to stdout in every environment. Pipe through `pino-pretty` locally if you want pretty output; we deliberately don't bundle pino-pretty as a runtime dep. - `childLogger(module)` helper tags log lines with their origin so repositories/background workers don't have to repeat the module name on every line. Sweeps the runtime `console.error` sites that lose request context (deployment orchestrator background fire-and-forget, system docker stats/cleanup, backup CRUD, vm getAllContainers) onto the structured logger. CLI-only modules (`scripts/run-migrations.ts`, `migrations/index.ts`, `cosmos-init.ts` startup, `azure-keyvault.ts`, `config.ts` env warnings, `lib/migrations.ts` no-op message) keep `console.*` for now — they run before Fastify is up and are queued for a separate cleanup pass. Tests, typecheck, lint (0 errors), build green. Coverage gate still passing (≥95% lines on every gated file). Generated with [Devin](https://cli.devin.ai/docs) Co-Authored-By: Devin <158243242+devin-ai-integration[bot]@users.noreply.github.com>	2026-05-30 07:18:44 +00:00
root	fbaaa71a66	feat(devops): adopt trading web deployment model with docker-compose - Add docker-compose.yml following trading web pattern - Update web Dockerfile to use multi-stage build with metadata - Add build metadata (commit SHA, branch, timestamp, author, message) - Rewrite deploy.sh to use docker compose with build metadata - Add hotcopy deployment script for quick updates - Add comprehensive backend API with deployment orchestration - Add health checks, service management, and monitoring endpoints - Add CI/CD workflow configuration - Add deployment documentation and guides Generated with [Devin](https://cli.devin.ai/docs) Co-Authored-By: Devin <158243242+devin-ai-integration[bot]@users.noreply.github.com>	2026-05-11 03:24:11 +00:00

Author

SHA1

Message

Date

Hermes VM

1e64d75fd4

feat(dashboard): Phase 5 P2 — structured pino logging with redaction

First half of Phase 5 P2 (the "structured backend logging" piece;
E2E-in-CI lands separately so the diff stays reviewable).

Adds `lib/logger.ts` exporting a singleton pino instance shared between
Fastify (via `loggerInstance`) and any non-request code path. One
configured logger across the backend means uniform formatting,
redaction, and log-level control:

  - LOG_LEVEL env knob (defaults: debug in non-prod, info in prod when
    NODE_ENV=production). Documented in `.env.example`.
  - Built-in redaction for Authorization / Cookie headers and the
    common secret-shaped field names (password, token, refreshToken,
    accessToken, csrfToken, JWT_SECRET, CSRF_SECRET, ENCRYPTION_KEY,
    COSMOS_KEY, AZURE_CLIENT_SECRET) so an accidental
    `req.log.info(req.body)` or `logger.error({ err, config }, …)`
    won't dump credentials. This is a backstop, not the primary
    defense — call sites should still avoid logging raw config/req.
  - JSON to stdout in every environment. Pipe through `pino-pretty`
    locally if you want pretty output; we deliberately don't bundle
    pino-pretty as a runtime dep.
  - `childLogger(module)` helper tags log lines with their origin so
    repositories/background workers don't have to repeat the module
    name on every line.

Sweeps the runtime `console.error` sites that lose request context
(deployment orchestrator background fire-and-forget, system docker
stats/cleanup, backup CRUD, vm getAllContainers) onto the structured
logger. CLI-only modules (`scripts/run-migrations.ts`,
`migrations/index.ts`, `cosmos-init.ts` startup, `azure-keyvault.ts`,
`config.ts` env warnings, `lib/migrations.ts` no-op message) keep
`console.*` for now — they run before Fastify is up and are queued for
a separate cleanup pass.

Tests, typecheck, lint (0 errors), build green. Coverage gate still
passing (≥95% lines on every gated file).

Generated with [Devin](https://cli.devin.ai/docs)

Co-Authored-By: Devin <158243242+devin-ai-integration[bot]@users.noreply.github.com>

2026-05-30 07:18:44 +00:00

root

fbaaa71a66

feat(devops): adopt trading web deployment model with docker-compose

- Add docker-compose.yml following trading web pattern
- Update web Dockerfile to use multi-stage build with metadata
- Add build metadata (commit SHA, branch, timestamp, author, message)
- Rewrite deploy.sh to use docker compose with build metadata
- Add hotcopy deployment script for quick updates
- Add comprehensive backend API with deployment orchestration
- Add health checks, service management, and monitoring endpoints
- Add CI/CD workflow configuration
- Add deployment documentation and guides

Generated with [Devin](https://cli.devin.ai/docs)

Co-Authored-By: Devin <158243242+devin-ai-integration[bot]@users.noreply.github.com>

2026-05-11 03:24:11 +00:00

2 Commits