till/managarten
1
0
Fork 0
mirror of https://github.com/Memo-2023/mana-monorepo.git synced 2026-05-14 21:41:09 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

fix(ci): build shared packages before tests and fix formatting

Browse source 
- Add build:packages step to all test.yml jobs (fixes @manacore/shared-nestjs-auth not found)
- Handle missing coverage artifacts gracefully in test-coverage.yml
- Update .prettierignore to exclude apps-archived/ and problematic files
- Format all source files to pass CI checks

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Wuesteon 2025-12-01 23:15:00 +01:00
parent 5282f5545b
commit 0ebfde0851
163 changed files with 15247 additions and 14677 deletions
Download patch file Download diff file Expand all files Collapse all files

18
docs/ENV_AUDIT_SUMMARY.md
View file

@ -5,17 +5,20 @@
### BLOCKING (Fix immediately - prevent simultaneous backend execution)
**Port Conflicts:**
```
Port 3002: Chat (3002) ← → Nutriphi (3002) [CONFLICT]
Port 3003: Picture (3003) ← → Maerchenzauber (3003) [CONFLICT]
```
**Hardcoded Values:**
- Chat backend hardcodes DEV_USER_ID instead of reading from env
### MAJOR (Inconsistencies across codebase)
**Auth URL Variable Names (Choose One):**
- Chat: MANA_CORE_AUTH_URL ✓
- Picture: MANA_CORE_AUTH_URL ✓
- Zitare: MANA_CORE_AUTH_URL ✓
@ -24,16 +27,19 @@ Port 3003: Picture (3003) ← → Maerchenzauber (3003) [CONFLICT]
- **Nutriphi: MANACORE_AUTH_URL** ← Should standardize
**CORS Origins:**
- Hardcoded in 4 backends (Chat, Picture, Zitare, Presi)
- Should use CORS_ORIGINS from environment
**Missing Documentation:**
- No .env.example for Zitare backend
- No .env.example for Presi backend
### MEDIUM (Code quality)
**Validation Schemas:**
- Chat: Missing
- Picture: Missing
- Zitare: Missing
@ -46,18 +52,21 @@ Port 3003: Picture (3003) ← → Maerchenzauber (3003) [CONFLICT]
## Quick Fix Checklist
### Phase 1: Critical (1-2 hours)
- [ ] Reassign Picture from port 3003 → 3005
- [ ] Reassign Nutriphi from port 3002 → 3006
- [ ] Add DEV_USER_ID to .env.development
- [ ] Update Chat to load DEV_USER_ID from ConfigService
### Phase 2: Major (2-3 hours)
- [ ] Rename MANA_SERVICE_URL to MANA_CORE_AUTH_URL in Manadeck
- [ ] Rename MANACORE_AUTH_URL to MANA_CORE_AUTH_URL in Nutriphi
- [ ] Create .env.example for Zitare
- [ ] Create .env.example for Presi
### Phase 3: Quality (3-4 hours)
- [ ] Add validation schemas to Chat, Picture, Zitare, Presi
- [ ] Extract CORS origins to environment variables
- [ ] Update all backends to read CORS_ORIGINS from env
@ -85,12 +94,14 @@ Current: Recommended:
## Environment Variables Status
### Well-Configured
- MANA_CORE_AUTH_URL (central + mapped)
- JWT keys (central)
- API keys (central)
- Database URLs (individual + mapped)
### Needs Work
- DEV_USER_ID (hardcoded, not in env)
- DEV_BYPASS_AUTH (partial, only Chat)
- CORS_ORIGINS (hardcoded, not used by all)
@ -101,31 +112,37 @@ Current: Recommended:
## Files to Modify
### .env.development
- [ ] Add DEV_USER_ID line
- [ ] Fix PICTURE_BACKEND_PORT (3003 → 3005)
- [ ] Fix NUTRIPHI_BACKEND_PORT (3002 → 3006)
### scripts/generate-env.mjs
- [ ] Line 205: MANA_SERVICE_URL → MANA_CORE_AUTH_URL (Manadeck)
- [ ] Line 272: MANACORE_AUTH_URL → MANA_CORE_AUTH_URL (Nutriphi)
### Backend Apps (4 files each)
- [ ] apps/chat/apps/backend/src/config/validation.schema.ts (create)
- [ ] apps/picture/apps/backend/src/config/validation.schema.ts (create)
- [ ] apps/zitare/apps/backend/src/config/validation.schema.ts (create)
- [ ] apps/presi/apps/backend/src/config/validation.schema.ts (create)
### Backend Main Files (4 files)
- [ ] apps/chat/apps/backend/src/main.ts (extract CORS)
- [ ] apps/picture/apps/backend/src/main.ts (extract CORS)
- [ ] apps/zitare/apps/backend/src/main.ts (extract CORS)
- [ ] apps/presi/apps/backend/src/main.ts (extract CORS)
### Backend Examples (2 files)
- [ ] apps/zitare/apps/backend/.env.example (create)
- [ ] apps/presi/apps/backend/.env.example (create)
### Chat Guard
- [ ] apps/chat/apps/backend/src/common/guards/jwt-auth.guard.ts
- Remove hardcoded DEV_USER_ID
- Read from configService instead
@ -160,6 +177,7 @@ curl http://localhost:3008/api/health # Presi
See full audit report: `/docs/ENV_CONFIGURATION_AUDIT.md`
Key sections:
- Environment Variable Mapping (section 3)
- Hardcoded Values & Security (section 4)
- Configuration Best Practices (section 5)

26
docs/ENV_BACKEND_MATRIX.md
View file

@ -20,6 +20,7 @@
```
Legend:
- ✓ = Implemented/Present
- ✗ = Missing/Not implemented
- ? = Not analyzed in this audit
@ -63,19 +64,20 @@ Legend:
```
Current hardcoded CORS allowed origins (should be environment variable):
```javascript
// In 4 backends
const allowedOrigins = [
'http://localhost:3000',
'http://localhost:5173', // Primary web dev port
'http://localhost:5174', // Secondary web port
'http://localhost:5175', // Tertiary web port
'http://localhost:5177', // Zitare web
'http://localhost:5178', // Chat web / Presi web
'http://localhost:8081', // Expo dev server
'exp://localhost:8081', // Expo protocol
'http://localhost:3001', // Mana Core Auth
]
'http://localhost:3000',
'http://localhost:5173', // Primary web dev port
'http://localhost:5174', // Secondary web port
'http://localhost:5175', // Tertiary web port
'http://localhost:5177', // Zitare web
'http://localhost:5178', // Chat web / Presi web
'http://localhost:8081', // Expo dev server
'exp://localhost:8081', // Expo protocol
'http://localhost:3001', // Mana Core Auth
];
```
---
@ -113,11 +115,11 @@ Port 3011 ━━━━━━━━ Mana Games (ACTIVE)
MANA_CORE_AUTH_PORT (3001)
↓ (generate-env.mjs line 61)
├→ services/mana-core-auth/.env {PORT}
CHAT_BACKEND_PORT (3002)
↓ (generate-env.mjs line 89)
├→ apps/chat/apps/backend/.env {PORT}
MANA_CORE_AUTH_URL (http://localhost:3001)
↓ (generate-env.mjs multiple lines)
├→ apps/chat/apps/backend/.env {MANA_CORE_AUTH_URL}

225
docs/ENV_CONFIGURATION_AUDIT.md
View file

@ -1,4 +1,5 @@
# Environment Configuration Audit Report
## Mana Universe Monorepo - Backend Authentication & Configuration
**Date:** December 1, 2025
@ -12,6 +13,7 @@
The monorepo has **CRITICAL PORT CONFLICTS** that will prevent multiple backends from running simultaneously. Additionally, there are inconsistencies in environment variable naming conventions across backends and missing configuration examples for some projects.
**Status:** NEEDS IMMEDIATE ACTION
- 2 port conflicts identified
- 3 naming convention inconsistencies
- 5 backends missing .env.example files
@ -23,18 +25,18 @@ The monorepo has **CRITICAL PORT CONFLICTS** that will prevent multiple backends
### Current Assignments (from .env.development)
| Backend | Port | Env Variable | Status | Conflict |
|---------|------|--------------|--------|----------|
| Mana Core Auth | 3001 | MANA_CORE_AUTH_PORT | ✓ Unique | No |
| Chat | 3002 | CHAT_BACKEND_PORT | ✓ Unique | No |
| **Maerchenzauber** | **3003** | MAERCHENZAUBER_BACKEND_PORT | ⚠ CONFLICT | **Yes** |
| Manadeck | 3004 | MANADECK_BACKEND_PORT | ✓ Unique | No |
| **Picture** | **3003** | PICTURE_BACKEND_PORT | ⚠ CONFLICT | **Yes** |
| **Nutriphi** | **3002** | NUTRIPHI_BACKEND_PORT | ⚠ CONFLICT | **Yes** |
| Zitare | 3007 | ZITARE_BACKEND_PORT | ✓ Unique | No |
| Presi | 3008 | PRESI_BACKEND_PORT | ✓ Unique | No |
| Mana Games | 3011 | MANA_GAMES_BACKEND_PORT | ✓ Unique | No |
| Voxel Lava | 3010 | VOXEL_LAVA_BACKEND_PORT | ✓ Unique | No |
| Backend | Port | Env Variable | Status | Conflict |
| ------------------ | -------- | --------------------------- | ----------- | -------- |
| Mana Core Auth | 3001 | MANA_CORE_AUTH_PORT | ✓ Unique | No |
| Chat | 3002 | CHAT_BACKEND_PORT | ✓ Unique | No |
| **Maerchenzauber** | **3003** | MAERCHENZAUBER_BACKEND_PORT | ⚠ CONFLICT | **Yes** |
| Manadeck | 3004 | MANADECK_BACKEND_PORT | ✓ Unique | No |
| **Picture** | **3003** | PICTURE_BACKEND_PORT | ⚠ CONFLICT | **Yes** |
| **Nutriphi** | **3002** | NUTRIPHI_BACKEND_PORT | ⚠ CONFLICT | **Yes** |
| Zitare | 3007 | ZITARE_BACKEND_PORT | ✓ Unique | No |
| Presi | 3008 | PRESI_BACKEND_PORT | ✓ Unique | No |
| Mana Games | 3011 | MANA_GAMES_BACKEND_PORT | ✓ Unique | No |
| Voxel Lava | 3010 | VOXEL_LAVA_BACKEND_PORT | ✓ Unique | No |
### PORT CONFLICTS FOUND
@ -47,7 +49,9 @@ The monorepo has **CRITICAL PORT CONFLICTS** that will prevent multiple backends
- Nutriphi Backend: `NUTRIPHI_BACKEND_PORT=3002`
### RECOMMENDATION
Reassign conflicting ports:
- Maerchenzauber: Keep 3003, reassign Picture to **3005** or **3006**
- OR reassign Maerchenzauber to **3005** and keep Picture at 3003
- Nutriphi: Reassign to **3006** or another available port
@ -61,12 +65,14 @@ Reassign conflicting ports:
### Central Configuration (.env.development)
**PRESENT & CONFIGURED:**
- ✓ `MANA_CORE_AUTH_URL=http://localhost:3001` (Line 16)
- ✓ `DEV_BYPASS_AUTH=true` (Line 59 - Chat only)
- ✓ JWT_PRIVATE_KEY & JWT_PUBLIC_KEY (Lines 19-20)
- ✓ CORS_ORIGINS=... (Line 41)
**MISSING CENTRALIZED:**
- ✗ `DEV_USER_ID` - NOT in .env.development
- Used hardcoded in Chat: `17cb0be7-058a-4964-9e18-1fe7055fd014`
- Should be centralized in .env.development
@ -77,13 +83,13 @@ Reassign conflicting ports:
### Backend-Specific Auth Configuration
| Backend | Auth URL Var | Dev Bypass | Dev User ID | Status |
|---------|--------------|-----------|-------------|--------|
| **Chat** | MANA_CORE_AUTH_URL | ✓ Configured | ✗ Hardcoded | ⚠ Partially |
| **Picture** | MANA_CORE_AUTH_URL | ✗ Missing | ✗ Not checked | ✗ Incomplete |
| **Zitare** | MANA_CORE_AUTH_URL | ✗ Missing | ✗ Not checked | ✗ Incomplete |
| **Presi** | MANA_CORE_AUTH_URL | ✗ Missing | ✗ Not checked | ✗ Incomplete |
| **Manadeck** | MANA_SERVICE_URL | ✗ Not in generation | ✗ Not mapped | ✗ Not generated |
| Backend | Auth URL Var | Dev Bypass | Dev User ID | Status |
| ------------ | ------------------ | ------------------- | ------------- | --------------- |
| **Chat** | MANA_CORE_AUTH_URL | ✓ Configured | ✗ Hardcoded | ⚠ Partially |
| **Picture** | MANA_CORE_AUTH_URL | ✗ Missing | ✗ Not checked | ✗ Incomplete |
| **Zitare** | MANA_CORE_AUTH_URL | ✗ Missing | ✗ Not checked | ✗ Incomplete |
| **Presi** | MANA_CORE_AUTH_URL | ✗ Missing | ✗ Not checked | ✗ Incomplete |
| **Manadeck** | MANA_SERVICE_URL | ✗ Not in generation | ✗ Not mapped | ✗ Not generated |
### ISSUE: Naming Convention Inconsistency
@ -104,6 +110,7 @@ INCONSISTENT:
**STANDARDIZATION NEEDED:**
All backends should use consistent naming:
- Recommend: `MANA_CORE_AUTH_URL` (most common)
---
@ -112,16 +119,17 @@ All backends should use consistent naming:
### Generate-env.mjs Coverage Analysis
| Backend | .env.example | generate-env.mjs | .env Generated | Coverage |
|---------|--------------|------------------|----------------|----------|
| Chat | ✓ Exists | ✓ Lines 85-98 | ✓ Will generate | ✓ Complete |
| Picture | ✓ Exists | ✓ Lines 223-243 | ✓ Will generate | ✓ Complete |
| Manadeck | ✓ Exists | ✓ Lines 199-209 | ✓ Will generate | ✓ Complete |
| **Zitare** | ✗ Missing | ✓ Lines 294-303 | ✓ Will generate | ⚠ Missing example |
| **Presi** | ✗ Missing | ✓ Lines 323-334 | ✓ Will generate | ⚠ Missing example |
| Mana-Core-Auth | ✓ Exists | ✓ Lines 57-82 | ✓ Will generate | ✓ Complete |
| Backend | .env.example | generate-env.mjs | .env Generated | Coverage |
| -------------- | ------------ | ---------------- | --------------- | ------------------ |
| Chat | ✓ Exists | ✓ Lines 85-98 | ✓ Will generate | ✓ Complete |
| Picture | ✓ Exists | ✓ Lines 223-243 | ✓ Will generate | ✓ Complete |
| Manadeck | ✓ Exists | ✓ Lines 199-209 | ✓ Will generate | ✓ Complete |
| **Zitare** | ✗ Missing | ✓ Lines 294-303 | ✓ Will generate | ⚠ Missing example |
| **Presi** | ✗ Missing | ✓ Lines 323-334 | ✓ Will generate | ⚠ Missing example |
| Mana-Core-Auth | ✓ Exists | ✓ Lines 57-82 | ✓ Will generate | ✓ Complete |
**Missing .env.example files:**
- `/apps/zitare/apps/backend/.env.example` - Should document PORT, DATABASE_URL, MANA_CORE_AUTH_URL, CORS_ORIGINS
- `/apps/presi/apps/backend/.env.example` - Should document PORT, DATABASE_URL, MANA_CORE_AUTH_URL, JWT_PUBLIC_KEY, CORS_ORIGINS
@ -132,63 +140,69 @@ All backends should use consistent naming:
### Hardcoded in Source Code
**Chat Backend** (`apps/chat/apps/backend/src/common/guards/jwt-auth.guard.ts`):
```typescript
const DEV_USER_ID = '17cb0be7-058a-4964-9e18-1fe7055fd014'; // Line 1
const DEV_USER_ID = '17cb0be7-058a-4964-9e18-1fe7055fd014'; // Line 1
```
- Should be: `configService.get('DEV_USER_ID')`
- Should be in .env.development: `DEV_USER_ID=17cb0be7-058a-4964-9e18-1fe7055fd014`
### Hardcoded CORS Origins in main.ts
**Chat** (`src/main.ts` lines 10-18):
```typescript
origin: [
'http://localhost:3000',
'http://localhost:5173',
'http://localhost:5174',
'http://localhost:5178',
'http://localhost:8081',
'exp://localhost:8081',
'http://localhost:3001', // Mana Core Auth
]
'http://localhost:3000',
'http://localhost:5173',
'http://localhost:5174',
'http://localhost:5178',
'http://localhost:8081',
'exp://localhost:8081',
'http://localhost:3001', // Mana Core Auth
];
```
**Picture** (`src/main.ts` lines 11-19):
```typescript
const allowedOrigins = [
'http://localhost:3000',
'http://localhost:5173',
'http://localhost:5174',
'http://localhost:5175',
'http://localhost:8081',
'exp://localhost:8081',
'http://localhost:3001',
]
'http://localhost:3000',
'http://localhost:5173',
'http://localhost:5174',
'http://localhost:5175',
'http://localhost:8081',
'exp://localhost:8081',
'http://localhost:3001',
];
```
**Presi** (`src/main.ts` lines 10-17):
```typescript
origin: [
'http://localhost:3000',
'http://localhost:5173',
'http://localhost:5177',
'http://localhost:5178',
'http://localhost:8081',
'exp://localhost:8081',
'http://localhost:3001',
]
'http://localhost:3000',
'http://localhost:5173',
'http://localhost:5177',
'http://localhost:5178',
'http://localhost:8081',
'exp://localhost:8081',
'http://localhost:3001',
];
```
**Zitare** (`src/main.ts` lines 10-16):
```typescript
origin: [
'http://localhost:3000',
'http://localhost:5173',
'http://localhost:5177',
'http://localhost:8081',
'exp://localhost:8081',
'http://localhost:3001',
]
'http://localhost:3000',
'http://localhost:5173',
'http://localhost:5177',
'http://localhost:8081',
'exp://localhost:8081',
'http://localhost:3001',
];
```
**RECOMMENDATION:** Move CORS_ORIGINS to .env.development (already exists as CORS_ORIGINS global variable, but not used by all backends)
@ -199,25 +213,26 @@ origin: [
### Configuration Module Setup
| Backend | ConfigModule | Validation | Env File Path | Status |
|---------|--------------|-----------|----------------|--------|
| Chat | ✓ ConfigModule.forRoot() | ✗ No validation schema | `.env` | ⚠ Minimal |
| Picture | ✓ ConfigModule.forRoot() | ✗ No validation schema | `.env` | ⚠ Minimal |
| Zitare | ✓ ConfigModule.forRoot() | ✗ No validation schema | `.env` | ⚠ Minimal |
| Presi | ✓ ConfigModule.forRoot() | ✗ No validation schema | `.env` | ⚠ Minimal |
| Manadeck | ✓ ConfigModule.forRoot() | ✓ Joi schema | `.env` | ✓ Complete |
| Mana-Core-Auth | ✓ ConfigModule.forRoot() | ✓ Config service | `.env` | ✓ Complete |
| Backend | ConfigModule | Validation | Env File Path | Status |
| -------------- | ------------------------ | ---------------------- | ------------- | ---------- |
| Chat | ✓ ConfigModule.forRoot() | ✗ No validation schema | `.env` | ⚠ Minimal |
| Picture | ✓ ConfigModule.forRoot() | ✗ No validation schema | `.env` | ⚠ Minimal |
| Zitare | ✓ ConfigModule.forRoot() | ✗ No validation schema | `.env` | ⚠ Minimal |
| Presi | ✓ ConfigModule.forRoot() | ✗ No validation schema | `.env` | ⚠ Minimal |
| Manadeck | ✓ ConfigModule.forRoot() | ✓ Joi schema | `.env` | ✓ Complete |
| Mana-Core-Auth | ✓ ConfigModule.forRoot() | ✓ Config service | `.env` | ✓ Complete |
**ISSUE:** Chat, Picture, Zitare, Presi lack validation schemas.
**EXAMPLE (Manadeck validation.schema.ts):**
```typescript
export const validationSchema = Joi.object({
NODE_ENV: Joi.string().valid('development', 'production'),
PORT: Joi.number().required(),
DATABASE_URL: Joi.string().required(),
MANA_CORE_AUTH_URL: Joi.string().required(),
// ... etc
NODE_ENV: Joi.string().valid('development', 'production'),
PORT: Joi.number().required(),
DATABASE_URL: Joi.string().required(),
MANA_CORE_AUTH_URL: Joi.string().required(),
// ... etc
});
```
@ -321,18 +336,18 @@ export const validationSchema = Joi.object({
## 8. UPDATED PORT ASSIGNMENTS (RECOMMENDED)
| Backend | Recommended Port | Current | Status |
|---------|-----------------|---------|--------|
| Mana Core Auth | 3001 | 3001 | ✓ Keep |
| Chat | 3002 | 3002 | ✓ Keep |
| Maerchenzauber | 3003 | 3003 | ✓ Keep |
| Manadeck | 3004 | 3004 | ✓ Keep |
| Picture | **3005** | 3003 | **CHANGE** |
| Nutriphi | **3006** | 3002 | **CHANGE** |
| Zitare | 3007 | 3007 | ✓ Keep |
| Presi | 3008 | 3008 | ✓ Keep |
| Voxel Lava | 3010 | 3010 | ✓ Keep |
| Mana Games | 3011 | 3011 | ✓ Keep |
| Backend | Recommended Port | Current | Status |
| -------------- | ---------------- | ------- | ---------- |
| Mana Core Auth | 3001 | 3001 | ✓ Keep |
| Chat | 3002 | 3002 | ✓ Keep |
| Maerchenzauber | 3003 | 3003 | ✓ Keep |
| Manadeck | 3004 | 3004 | ✓ Keep |
| Picture | **3005** | 3003 | **CHANGE** |
| Nutriphi | **3006** | 3002 | **CHANGE** |
| Zitare | 3007 | 3007 | ✓ Keep |
| Presi | 3008 | 3008 | ✓ Keep |
| Voxel Lava | 3010 | 3010 | ✓ Keep |
| Mana Games | 3011 | 3011 | ✓ Keep |
---
@ -340,32 +355,32 @@ export const validationSchema = Joi.object({
### Required for All Backends
| Variable | Purpose | Centralized | Backend Usage |
|----------|---------|------------|---|
| NODE_ENV | Environment type | ✓ .env.development | All |
| PORT | Server port | ✓ Individual vars | All |
| DATABASE_URL | PostgreSQL connection | ✓ Individual vars | Chat, Manadeck, Picture, Zitare, Presi |
| MANA_CORE_AUTH_URL | Auth service URL | ✓ .env.development | Chat, Picture, Zitare, Presi, Manadeck |
| CORS_ORIGINS | Allowed origins | ✓ .env.development | All (hardcoded, should use env) |
| Variable | Purpose | Centralized | Backend Usage |
| ------------------ | --------------------- | ------------------ | -------------------------------------- |
| NODE_ENV | Environment type | ✓ .env.development | All |
| PORT | Server port | ✓ Individual vars | All |
| DATABASE_URL | PostgreSQL connection | ✓ Individual vars | Chat, Manadeck, Picture, Zitare, Presi |
| MANA_CORE_AUTH_URL | Auth service URL | ✓ .env.development | Chat, Picture, Zitare, Presi, Manadeck |
| CORS_ORIGINS | Allowed origins | ✓ .env.development | All (hardcoded, should use env) |
### Optional but Recommended
| Variable | Purpose | Centralized | Backend Usage |
|----------|---------|------------|---|
| DEV_BYPASS_AUTH | Skip auth in dev | ⚠ Partial | Chat only |
| DEV_USER_ID | Dev test user | ✗ Hardcoded | Chat |
| JWT_PUBLIC_KEY | Token validation | ✓ .env.development | Presi |
| Variable | Purpose | Centralized | Backend Usage |
| --------------- | ---------------- | ------------------ | ------------- |
| DEV_BYPASS_AUTH | Skip auth in dev | ⚠ Partial | Chat only |
| DEV_USER_ID | Dev test user | ✗ Hardcoded | Chat |
| JWT_PUBLIC_KEY | Token validation | ✓ .env.development | Presi |
### Backend-Specific
| Backend | Key Variables | Centralized |
|---------|---|---|
| Chat | GOOGLE_GENAI_API_KEY, AZURE_OPENAI_* | ✓ .env.development |
| Picture | REPLICATE_API_TOKEN, S3_* vars | ✓ .env.development |
| Zitare | (None beyond base) | ✓ .env.development |
| Presi | (None beyond base) | ✓ .env.development |
| Manadeck | GOOGLE_GENAI_API_KEY | ✓ .env.development |
| Mana-Core-Auth | JWT_*, STRIPE_*, CREDITS_* | ✓ .env.development |
| Backend | Key Variables | Centralized |
| -------------- | ------------------------------------- | ------------------ |
| Chat | GOOGLE*GENAI_API_KEY, AZURE_OPENAI*\* | ✓ .env.development |
| Picture | REPLICATE*API_TOKEN, S3*\* vars | ✓ .env.development |
| Zitare | (None beyond base) | ✓ .env.development |
| Presi | (None beyond base) | ✓ .env.development |
| Manadeck | GOOGLE_GENAI_API_KEY | ✓ .env.development |
| Mana-Core-Auth | JWT*\*, STRIPE*_, CREDITS\__ | ✓ .env.development |
---
@ -393,6 +408,7 @@ export const validationSchema = Joi.object({
## AUDIT DETAILS
**Files Reviewed:**
- .env.development (202 lines)
- scripts/generate-env.mjs (433 lines)
- 6 backends app.module.ts files
@ -405,4 +421,3 @@ export const validationSchema = Joi.object({
**Lines of Code Reviewed:** 2,000+
**Issues Identified:** 8 critical/major issues
**Port Conflicts Found:** 2 (affecting 3 backends)

23
docs/HETZNER_DEPLOYMENT_SUMMARY.md
View file

@ -13,12 +13,14 @@ Your monorepo has **solid Docker foundations** but needs **4 critical fixes** (2
### Current State: ⚠️ Not Production Ready
**What's Working**:
- Multi-environment Docker Compose setups ✅
- 4 containerized backends (auth, chat, picture, manadeck) ✅
- Health checks and dependency management ✅
- Security best practices (non-root, Alpine, network isolation) ✅
**What Needs Fixing**:
1. ❌ Missing Prometheus configuration (`docker/prometheus/prometheus.yml`)
2. ❌ Missing Grafana provisioning (`docker/grafana/provisioning/`)
3. ❌ ManaDeck uses Node 18 (should be Node 20)
@ -113,6 +115,7 @@ echo "0 2 * * * /usr/local/bin/docker-backup.sh" | crontab -
### For Your Monorepo Size (10 backends, 10 web apps)
**Option 1: Single Server (Development/Staging)** - €28/month
```
Server: Hetzner CX33 (4 vCPU, 8GB RAM)
- All services on one server
@ -121,6 +124,7 @@ Server: Hetzner CX33 (4 vCPU, 8GB RAM)
```
**Option 2: Production HA Setup** - €37/month
```
2x Hetzner CPX21 (3 vCPU, 4GB RAM) - €14/month
+ Load Balancer - €5.39/month
@ -129,6 +133,7 @@ Server: Hetzner CX33 (4 vCPU, 8GB RAM)
```
**Option 3: Full Monorepo (All Services)** - €166/month
```
3x App Servers (CX33) - €84/month
1x DB Server (CX31) - €28/month
@ -146,6 +151,7 @@ Savings: 60-75%
## Cost Breakdown: What You'll Pay Monthly
### Minimal Production (5 services)
```
Server (CPX21): €7.00/month
Volume (50GB): €2.50/month
@ -155,6 +161,7 @@ Total: €13.81/month
```
### Your Current Setup (Full Monorepo)
```
3x Servers (CX33): €84.00/month
1x Database Server: €28.00/month
@ -217,27 +224,32 @@ Traefik (SSL + Reverse Proxy)
## Key Files & Locations
### Documentation (Created Today)
- `docs/DOCKER_SETUP_ANALYSIS.md` - Complete current state analysis
- `docs/HETZNER_PRODUCTION_GUIDE.md` - Comprehensive deployment guide
- `docs/HETZNER_DEPLOYMENT_SUMMARY.md` - This quick reference
### Existing Documentation
- `docs/DEPLOYMENT_HETZNER.md` - Deployment options comparison (German)
- `docs/DOCKER_GUIDE.md` - Docker usage guide
- `docs/DEPLOYMENT_ARCHITECTURE.md` - Architecture details
### Docker Configuration Files
- `docker-compose.yml` - Full stack with monitoring
- `docker-compose.dev.yml` - Development environment
- `docker-compose.staging.yml` - Staging deployment
- `docker-compose.production.yml` - Production deployment
### Docker Templates
- `docker/templates/Dockerfile.nestjs` - NestJS backend template
- `docker/templates/Dockerfile.sveltekit` - SvelteKit web template
- `docker/templates/Dockerfile.astro` - Astro landing page template
### Active Service Dockerfiles
- `services/mana-core-auth/Dockerfile`
- `apps/chat/apps/backend/Dockerfile`
- `apps/picture/apps/backend/Dockerfile`
@ -277,19 +289,23 @@ Traefik (SSL + Reverse Proxy)
### What You Get
**Metrics Collection**:
- Prometheus - Time-series metrics database
- cAdvisor - Container resource usage
- Node Exporter - Host system metrics
**Visualization**:
- Grafana - Dashboards and alerts
- Pre-built dashboards for Docker, PostgreSQL, Redis
**Logging**:
- Loki - Log aggregation
- Promtail - Log collection from containers
**Access**:
- Grafana UI: `http://your-server:3000`
- Prometheus UI: `http://your-server:9090`
@ -524,30 +540,35 @@ curl http://localhost:3000/health
### How to Know You're Production Ready
✅ **Infrastructure**
- [ ] Server accessible via SSH with key authentication
- [ ] Docker and docker-compose installed and working
- [ ] Firewall configured (Hetzner + UFW)
- [ ] Private network configured (if multi-server)
✅ **Application**
- [ ] All services start and pass health checks
- [ ] Environment variables properly configured
- [ ] SSL/TLS working (Let's Encrypt)
- [ ] Database migrations run successfully
✅ **Monitoring**
- [ ] Prometheus collecting metrics
- [ ] Grafana dashboards accessible
- [ ] Alerts configured and tested
- [ ] Logs centralized in Loki
✅ **Backups**
- [ ] Automated daily backups running
- [ ] Storage Box configured
- [ ] Restore procedure tested
- [ ] Retention policy configured
✅ **CI/CD**
- [ ] GitHub Actions workflow working
- [ ] Automated deployments successful
- [ ] Rollback procedure tested
@ -581,12 +602,14 @@ curl http://localhost:3000/health
## Summary
You have:
- ✅ **Solid foundation** with multi-environment Docker setup
- ✅ **4 containerized services** ready to deploy
- ✅ **Complete documentation** for production deployment
- ⚠️ **4 critical fixes** needed (2-4 hours of work)
After fixes:
- 🚀 **2-4 hours** to deploy to Hetzner
- 💰 **€14-166/month** depending on scale (60-75% cheaper than AWS)
- 📊 **Complete monitoring** with Prometheus + Grafana

138
docs/HETZNER_PRODUCTION_GUIDE.md
View file

@ -28,6 +28,7 @@
#### Entry-Level Production (Small Applications)
**Hetzner CX23**: 2 vCPUs, 4 GB RAM, 40 GB storage, 20 TB traffic
- **Price**: €3.49/month
- **Use Case**: Single container apps, development/staging environments
- **Suitable For**: Individual microservices, low-traffic applications
@ -35,11 +36,13 @@
#### Mid-Tier Production (Standard Applications)
**Hetzner CPX21**: 3 shared vCPUs, 4 GB RAM, 80 GB storage
- **Price**: ~€7/month
- **Use Case**: Multi-container applications, small microservices
- **Best For**: 2-3 backend services + web apps
**Hetzner CX33**: 2 vCPUs, 8 GB RAM, 80 GB storage, 20 TB traffic
- **Price**: €5.49/month
- **Use Case**: Standard production workloads
- **Best For**: Full stack with 5-6 services
@ -47,11 +50,13 @@
#### High-Performance Production
**CCX Series**: Dedicated vCPUs for CPU-intensive workloads
- **CCX42**: 16 vCPU, 64 GB RAM - €101/month
- **Use Case**: High-traffic applications, full monorepo deployment
- **Best For**: 10+ services with monitoring stack
**CAX ARM Series**: 40% better cost efficiency
- **CAX21**: 4 ARM vCPUs, 8 GB RAM - ~€8/month
- **Use Case**: ARM-compatible Docker images
- **Benefit**: Better performance-per-euro
@ -59,11 +64,13 @@
### ARM vs x86 Considerations
**ARM64 (CAX) Advantages**:
- 40% cost savings
- Better performance-per-euro
- Modern Docker images support ARM64
**Compatibility Check**:
- Node.js: ✅ Full ARM64 support
- Python: ✅ Full ARM64 support
- Go: ✅ Native ARM64
@ -71,6 +78,7 @@
- Redis: ✅ Official ARM images
**Check Your Dependencies**:
```bash
# Test ARM compatibility locally (M1/M2 Mac)
docker buildx build --platform linux/arm64 .
@ -85,11 +93,13 @@ docker buildx build --platform linux/arm64 .
**Recommended**: Use **Docker CE App** from Hetzner Cloud Apps during server creation.
**Benefits**:
- Docker and docker-compose pre-installed
- Optimized for Hetzner infrastructure
- Eliminates manual installation errors
**Alternative** (Manual Installation):
```bash
curl -fsSL https://get.docker.com -o get-docker.sh
sh get-docker.sh
@ -144,18 +154,17 @@ hcloud server attach-to-network <server-id> --network production-network --ip 10
```json
// /etc/docker/daemon.json
{
"mtu": 1450,
"default-address-pools": [
{"base": "172.17.0.0/12", "size": 24}
],
"live-restore": true,
"userland-proxy": false,
"no-new-privileges": true,
"icc": false
"mtu": 1450,
"default-address-pools": [{ "base": "172.17.0.0/12", "size": 24 }],
"live-restore": true,
"userland-proxy": false,
"no-new-privileges": true,
"icc": false
}
```
**Apply Configuration**:
```bash
systemctl restart docker
```
@ -170,6 +179,7 @@ systemctl restart docker
### Floating IPs (High Availability)
**Use Cases**:
- High availability setups
- Zero-downtime deployments
- Failover scenarios
@ -213,22 +223,24 @@ Internet → Hetzner LB → Private Network → Docker Containers
**Configuration Options**:
1. **Direct Binding**: App containers bind to private IPs
```yaml
services:
web:
networks:
- private
ports:
- "10.0.1.2:3000:3000"
- '10.0.1.2:3000:3000'
```
2. **Traefik Reverse Proxy**: LB routes to Traefik on Docker Swarm
```yaml
services:
traefik:
ports:
- "80:80"
- "443:443"
- '80:80'
- '443:443'
networks:
- public
- private
@ -252,6 +264,7 @@ Internet → Hetzner LB → Private Network → Docker Containers
### Block Storage Volumes
**Characteristics**:
- Attach to **single server only** (not shared)
- ext4 or xfs filesystems (ext4 recommended)
- Up to 10 TB per volume
@ -297,6 +310,7 @@ volumes:
#### Option 1: Borg Backup with Storage Box (Recommended)
**Why Borg?**
- Deduplication (saves space)
- Compression (lz4, zstd)
- Encryption (AES-256)
@ -434,6 +448,7 @@ cp /var/lib/docker/volumes/redis-data/_data/dump.rdb \
**Critical Warning**:
❌ **DO NOT store Docker images on Storage Box**
- Causes instability (storage can disconnect)
- Docker requires 100% available storage
- Use only for application data, NOT `/var/lib/docker`
@ -447,8 +462,8 @@ volumes:
driver: local
driver_opts:
type: cifs
o: "username=u123456,password=${STORAGE_BOX_PASSWORD},addr=u123456.your-storagebox.de"
device: "//u123456.your-storagebox.de/uploads"
o: 'username=u123456,password=${STORAGE_BOX_PASSWORD},addr=u123456.your-storagebox.de'
device: '//u123456.your-storagebox.de/uploads'
```
---
@ -549,17 +564,17 @@ ufw status verbose
```json
// /etc/docker/daemon.json
{
"live-restore": true,
"userland-proxy": false,
"no-new-privileges": true,
"icc": false,
"log-driver": "json-file",
"log-opts": {
"max-size": "10m",
"max-file": "3"
},
"metrics-addr": "127.0.0.1:9323",
"experimental": true
"live-restore": true,
"userland-proxy": false,
"no-new-privileges": true,
"icc": false,
"log-driver": "json-file",
"log-opts": {
"max-size": "10m",
"max-file": "3"
},
"metrics-addr": "127.0.0.1:9323",
"experimental": true
}
```
@ -578,7 +593,7 @@ services:
- NET_BIND_SERVICE
tmpfs:
- /tmp:noexec,nosuid,size=100m
user: "1000:1000"
user: '1000:1000'
```
#### 4. Fail2ban Configuration
@ -683,6 +698,7 @@ cd /opt/prometheus-grafana
```
**Included Components**:
- Prometheus (metrics collection)
- Grafana (visualization)
- cAdvisor (container metrics)
@ -708,7 +724,7 @@ services:
- '--storage.tsdb.retention.time=30d'
- '--web.enable-lifecycle'
ports:
- "127.0.0.1:9090:9090"
- '127.0.0.1:9090:9090'
restart: unless-stopped
networks:
- monitoring
@ -724,7 +740,7 @@ services:
- GF_INSTALL_PLUGINS=redis-datasource,grafana-piechart-panel
- GF_SERVER_ROOT_URL=https://grafana.yourdomain.com
ports:
- "127.0.0.1:3000:3000"
- '127.0.0.1:3000:3000'
restart: unless-stopped
networks:
- monitoring
@ -741,7 +757,7 @@ services:
- /var/lib/docker/:/var/lib/docker:ro
- /dev/disk/:/dev/disk:ro
ports:
- "127.0.0.1:8080:8080"
- '127.0.0.1:8080:8080'
restart: unless-stopped
networks:
- monitoring
@ -757,7 +773,7 @@ services:
volumes:
- '/:/host:ro,rslave'
ports:
- "127.0.0.1:9100:9100"
- '127.0.0.1:9100:9100'
restart: unless-stopped
networks:
- monitoring
@ -769,7 +785,7 @@ services:
- loki-data:/loki
- ./docker/loki/loki-config.yml:/etc/loki/local-config.yaml:ro
ports:
- "127.0.0.1:3100:3100"
- '127.0.0.1:3100:3100'
restart: unless-stopped
networks:
- monitoring
@ -861,8 +877,8 @@ groups:
labels:
severity: critical
annotations:
summary: "Container {{ $labels.job }} is down"
description: "Container {{ $labels.job }} has been down for more than 1 minute."
summary: 'Container {{ $labels.job }} is down'
description: 'Container {{ $labels.job }} has been down for more than 1 minute.'
- alert: HighMemoryUsage
expr: (container_memory_usage_bytes / container_spec_memory_limit_bytes) > 0.9
@ -870,8 +886,8 @@ groups:
labels:
severity: warning
annotations:
summary: "High memory usage on {{ $labels.name }}"
description: "Container {{ $labels.name }} memory usage is above 90%."
summary: 'High memory usage on {{ $labels.name }}'
description: 'Container {{ $labels.name }} memory usage is above 90%.'
- alert: HighCPUUsage
expr: rate(container_cpu_usage_seconds_total[5m]) > 0.8
@ -879,8 +895,8 @@ groups:
labels:
severity: warning
annotations:
summary: "High CPU usage on {{ $labels.name }}"
description: "Container {{ $labels.name }} CPU usage is above 80%."
summary: 'High CPU usage on {{ $labels.name }}'
description: 'Container {{ $labels.name }} CPU usage is above 80%.'
- name: host
interval: 30s
@ -891,8 +907,8 @@ groups:
labels:
severity: critical
annotations:
summary: "Host out of disk space"
description: "Disk space is below 10%."
summary: 'Host out of disk space'
description: 'Disk space is below 10%.'
- alert: HostHighCPULoad
expr: 100 - (avg by(instance) (irate(node_cpu_seconds_total{mode="idle"}[5m])) * 100) > 80
@ -900,8 +916,8 @@ groups:
labels:
severity: warning
annotations:
summary: "Host high CPU load"
description: "CPU load is > 80%."
summary: 'Host high CPU load'
description: 'CPU load is > 80%.'
```
### Hetzner-Specific Monitoring
@ -926,6 +942,7 @@ scrape_configs:
```
**Available Grafana Dashboards**:
- **Hetzner Cloud Servers**: Dashboard ID 16169
- **Hetzner Cloud Servers & Load Balancers**: Dashboard ID 20257
@ -1131,6 +1148,7 @@ jobs:
#### Option 2: Self-Hosted GitHub Runner on Hetzner
**Benefits**:
- 3-10x cheaper than GitHub-hosted runners
- Faster builds with persistent caching
- Full control over environment
@ -1275,11 +1293,13 @@ Production (Large): CCX42 (€101/month)
**Cost Savings**: 40% lower operational costs vs x86
**Example**:
- **CX21** (x86): 2 vCPU, 4GB RAM - €6/month
- **CAX21** (ARM): 4 vCPU, 8GB RAM - ~€8/month
- **Better**: More CPUs, more RAM, same price range
**Requirements**:
- ARM64-compatible Docker images
- Test thoroughly before production migration
@ -1322,6 +1342,7 @@ hcloud snapshot list -o json | \
```
**Cost Impact**:
- Volumes: €0.05/GB/month (even when detached)
- Snapshots: €0.01/GB/month
- Storage Box: €0.04/GB/month (cheaper for cold storage)
@ -1332,6 +1353,7 @@ hcloud snapshot list -o json | \
**Additional Traffic**: €1.19/TB
**Optimization**:
- Use private networks for inter-server communication (free)
- Enable compression in Nginx/Traefik
- Serve static assets from CDN (Cloudflare free)
@ -1347,21 +1369,25 @@ gzip_types text/plain text/css text/xml application/json application/javascript;
#### 5. Load Balancer Optimization
**Pricing**:
- Small LB (5K connections): €5.39/month
- Large LB (40K connections): €15.49/month
**When to Use**:
- Multi-server setups only
- For single server, use Nginx/Traefik directly (no LB cost)
#### 6. Monitoring Costs
**Self-Hosted** (Prometheus + Grafana):
- Cost: ~€0/month (runs on same server)
- Overhead: ~200MB RAM
- No external service fees
**External Monitoring** (Datadog, New Relic):
- Cost: $20-50+/month per host
- Only if specific features required
@ -1430,6 +1456,7 @@ hcloud billing get-month $YEAR_MONTH | jq
```
**Set Billing Alerts** (via Hetzner Console):
- Alert at €50
- Alert at €100
- Alert at €150
@ -1454,6 +1481,7 @@ hcloud billing get-month $YEAR_MONTH | jq
### When to Use Docker Swarm
**Best For**:
- Small to medium deployments (<50 nodes)
- Teams familiar with Docker Compose
- Quick setup requirements (<30 minutes to production)
@ -1461,6 +1489,7 @@ hcloud billing get-month $YEAR_MONTH | jq
- Projects prioritizing simplicity over features
**Advantages**:
- Native Docker integration (same CLI)
- Easy migration from docker-compose
- Lower learning curve
@ -1491,6 +1520,7 @@ docker service update \
### When to Use Kubernetes (k3s)
**Best For**:
- Medium to large deployments (>20 nodes)
- Complex microservices architectures
- Need for advanced networking (service mesh)
@ -1498,6 +1528,7 @@ docker service update \
- Enterprise compliance requirements
**Advantages on Hetzner**:
- k3s optimized for Hetzner's cost structure
- 40% lower costs vs MicroK8s
- Production-grade availability
@ -1505,29 +1536,31 @@ docker service update \
- Better for multi-tenant applications
**k3s Recommended** over full Kubernetes:
- 50% less memory usage
- Single binary installation
- Hetzner-specific tooling available
### Quick Comparison
| Factor | Docker Swarm | k3s on Hetzner |
|--------|--------------|----------------|
| **Setup Time** | 15 minutes | 30-60 minutes |
| **Learning Curve** | Low | Medium |
| **Resource Overhead** | Minimal (~100MB) | Low (~500MB) |
| **Ecosystem** | Limited | Extensive |
| **Cost (3 nodes)** | ~€21/month | ~€21/month |
| **Operational Complexity** | Lower | Higher |
| **Max Scale** | ~50 nodes | 1000+ nodes |
| **Auto-Scaling** | Manual | HPA (Horizontal Pod Autoscaler) |
| **Service Mesh** | No | Yes (Linkerd, Istio) |
| Factor | Docker Swarm | k3s on Hetzner |
| -------------------------- | ---------------- | ------------------------------- |
| **Setup Time** | 15 minutes | 30-60 minutes |
| **Learning Curve** | Low | Medium |
| **Resource Overhead** | Minimal (~100MB) | Low (~500MB) |
| **Ecosystem** | Limited | Extensive |
| **Cost (3 nodes)** | ~€21/month | ~€21/month |
| **Operational Complexity** | Lower | Higher |
| **Max Scale** | ~50 nodes | 1000+ nodes |
| **Auto-Scaling** | Manual | HPA (Horizontal Pod Autoscaler) |
| **Service Mesh** | No | Yes (Linkerd, Istio) |
### Recommendation for Manacore Monorepo
**Start with Docker Swarm**, then migrate to k3s if needed:
**Rationale**:
1. **Faster Time to Market**: 15-minute setup vs 1+ week for K8s
2. **Lower Complexity**: Existing Docker Compose knowledge sufficient
3. **Cost Effective**: Same infrastructure cost, lower ops overhead
@ -1952,12 +1985,14 @@ This guide provides a comprehensive production deployment strategy for the Manac
- **Maintainable**: Automated deployments and backups
**Estimated Time to Production**:
- Initial setup: 4-6 hours
- Application deployment: 2-3 hours
- Testing and hardening: 4-6 hours
- **Total**: ~10-15 hours for complete production deployment
**Monthly Operational Cost**:
- Single server: €14-28/month
- HA setup: €37-50/month
- Full monorepo: €166/month
@ -1965,6 +2000,7 @@ This guide provides a comprehensive production deployment strategy for the Manac
---
**Related Documentation**:
- `DOCKER_SETUP_ANALYSIS.md` - Current Docker setup analysis
- `DOCKER_COMPOSE_PRODUCTION_ARCHITECTURE.md` - Architecture design
- `DEPLOYMENT_HETZNER.md` - Deployment options comparison

23
docs/README_ENV_AUDIT.md
View file

@ -5,6 +5,7 @@ This folder contains a comprehensive audit of all backend environment variable c
## Documents
### 1. [ENV_CONFIGURATION_AUDIT.md](ENV_CONFIGURATION_AUDIT.md) - MAIN REPORT
**The complete audit with all findings and detailed analysis**
- **Section 1:** Port Assignment Matrix (identifies 2 port conflicts)
@ -25,6 +26,7 @@ This folder contains a comprehensive audit of all backend environment variable c
---
### 2. [ENV_AUDIT_SUMMARY.md](ENV_AUDIT_SUMMARY.md) - QUICK START GUIDE
**Executive summary with actionable checklists and next steps**
- **Quick Issue Overview:** Blocking, Major, and Medium issues at a glance
@ -42,6 +44,7 @@ This folder contains a comprehensive audit of all backend environment variable c
---
### 3. [ENV_BACKEND_MATRIX.md](ENV_BACKEND_MATRIX.md) - DETAILED MATRIX VISUALIZATION
**Backend configuration status visualized in detailed tables and matrices**
- **Backend Status Matrix:** Port, Auth URL, Dev Bypass, Validation status
@ -90,11 +93,11 @@ This folder contains a comprehensive audit of all backend environment variable c
## Quick Fix Timeline
| Phase | Tasks | Time | Impact |
|-------|-------|------|--------|
| Phase 1 | Fix ports + add DEV_USER_ID | 15-30 min | CRITICAL - Enables simultaneous backend execution |
| Phase 2 | Standardize naming + add .env examples | 30 min | MAJOR - Improves consistency |
| Phase 3 | Add validation schemas + extract CORS | 2-3 hours | QUALITY - Code quality improvement |
| Phase | Tasks | Time | Impact |
| ------- | -------------------------------------- | --------- | ------------------------------------------------- |
| Phase 1 | Fix ports + add DEV_USER_ID | 15-30 min | CRITICAL - Enables simultaneous backend execution |
| Phase 2 | Standardize naming + add .env examples | 30 min | MAJOR - Improves consistency |
| Phase 3 | Add validation schemas + extract CORS | 2-3 hours | QUALITY - Code quality improvement |
**Total estimated time to fix all issues: 6-8 hours**
@ -124,16 +127,19 @@ This folder contains a comprehensive audit of all backend environment variable c
## Implementation Roadmap
### If you have 30 minutes
1. Read ENV_AUDIT_SUMMARY.md
2. Fix port conflicts in .env.development
3. Add DEV_USER_ID variable
### If you have 1-2 hours
1. Complete Phase 1 fixes
2. Update generate-env.mjs variable names
3. Create .env.example files for Zitare and Presi
### If you have 4+ hours
1. Complete all Phase 1 & 2 fixes
2. Add validation schemas to all backends
3. Extract CORS origins to environment variables
@ -144,6 +150,7 @@ This folder contains a comprehensive audit of all backend environment variable c
## Files Analyzed in This Audit
**Configuration Files:**
- .env.development (202 lines)
- scripts/generate-env.mjs (433 lines)
- services/mana-core-auth/.env.example
@ -152,6 +159,7 @@ This folder contains a comprehensive audit of all backend environment variable c
- apps/manadeck/apps/backend/.env.example
**Backend Configuration:**
- 6 app.module.ts files (NestJS configuration)
- 5 main.ts files (server bootstrap & CORS)
- 1 validation.schema.ts file (Manadeck)
@ -166,24 +174,28 @@ This folder contains a comprehensive audit of all backend environment variable c
## Recommendations by Priority
### Priority 1: BLOCKING (Do Today)
- [ ] Fix PICTURE_BACKEND_PORT: 3003 → 3005
- [ ] Fix NUTRIPHI_BACKEND_PORT: 3002 → 3006
- [ ] Add DEV_USER_ID to .env.development
- [ ] Update Chat backend to read DEV_USER_ID from ConfigService
### Priority 2: MAJOR (Do This Week)
- [ ] Rename MANA_SERVICE_URL to MANA_CORE_AUTH_URL in Manadeck
- [ ] Rename MANACORE_AUTH_URL to MANA_CORE_AUTH_URL in Nutriphi
- [ ] Create .env.example for Zitare backend
- [ ] Create .env.example for Presi backend
### Priority 3: MEDIUM (Plan This Week)
- [ ] Add validation schemas to 4 backends (Chat, Picture, Zitare, Presi)
- [ ] Extract CORS origins to CORS_ORIGINS environment variable
- [ ] Update all backends to use env variable for CORS
- [ ] Document final port assignments in project CLAUDE.md files
### Priority 4: LONG-TERM (Future Improvement)
- [ ] Implement consistent dev bypass auth pattern across all backends
- [ ] Add comprehensive integration tests for all backends
- [ ] Document environment configuration in deployment guide
@ -196,6 +208,7 @@ This folder contains a comprehensive audit of all backend environment variable c
After implementing all recommendations, you should be able to:
1. **Run all 8 active backends simultaneously without port conflicts**
```bash
pnpm dev:auth &
pnpm dev:chat:backend &