From 80f80053f336eb78c603f5cb18e5a5dc14025497 Mon Sep 17 00:00:00 2001
From: Wuesteon <nils.weiser@outlook.com>
Date: Fri, 5 Dec 2025 01:33:01 +0100
Subject: [PATCH] refactor(staging): simplify CI/CD to mana-core-auth +
 chat-backend only
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Archived full staging config for future restoration:
- docker-compose.staging.full.yml (includes manadeck, nginx)
- .github/workflows/cd-staging.full.yml (includes all health checks)

Simplified staging deployment:
- Only deploys postgres, redis, mana-core-auth, chat-backend
- Added database creation step for manacore_auth and chat DBs
- Faster iteration for testing central auth integration

To restore full config:
  cp docker-compose.staging.full.yml docker-compose.staging.yml
  cp .github/workflows/cd-staging.full.yml .github/workflows/cd-staging.yml

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 .github/workflows/cd-staging.full.yml | 264 +++++++++++++++++++++++
 .github/workflows/cd-staging.yml      |  41 ++--
 docker-compose.staging.full.yml       | 290 ++++++++++++++++++++++++++
 docker-compose.staging.yml            | 163 ++-------------
 4 files changed, 600 insertions(+), 158 deletions(-)
 create mode 100644 .github/workflows/cd-staging.full.yml
 create mode 100644 docker-compose.staging.full.yml

diff --git a/.github/workflows/cd-staging.full.yml b/.github/workflows/cd-staging.full.yml
new file mode 100644
index 000000000..219b626bd
--- /dev/null
+++ b/.github/workflows/cd-staging.full.yml
@@ -0,0 +1,264 @@
+# ARCHIVED: Full staging workflow with all services
+# Active simplified workflow: .github/workflows/cd-staging.yml
+#
+# Services included: mana-core-auth, chat-backend, manadeck-backend
+#
+# To restore: cp .github/workflows/cd-staging.full.yml .github/workflows/cd-staging.yml
+
+name: CD - Staging Deployment
+
+on:
+  workflow_dispatch:
+    inputs:
+      service:
+        description: 'Service to deploy (leave empty for all)'
+        required: false
+        type: choice
+        options:
+          - all
+          - mana-core-auth
+          - chat-backend
+          - manadeck-backend
+  workflow_call:
+
+permissions:
+  contents: read
+  packages: read
+
+env:
+  NODE_VERSION: '20'
+  PNPM_VERSION: '9.15.0'
+
+jobs:
+  deploy-staging:
+    name: Deploy to Staging
+    runs-on: ubuntu-latest
+    environment:
+      name: staging
+      url: https://staging.manacore.app
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup SSH for deployment
+        uses: webfactory/ssh-agent@v0.9.0
+        with:
+          ssh-private-key: ${{ secrets.STAGING_SSH_KEY }}
+
+      - name: Add staging server to known hosts
+        env:
+          STAGING_HOST: 46.224.108.214
+        run: |
+          mkdir -p ~/.ssh
+          ssh-keyscan -H $STAGING_HOST >> ~/.ssh/known_hosts
+
+      - name: Prepare deployment directory
+        env:
+          STAGING_USER: deploy
+          STAGING_HOST: 46.224.108.214
+        run: |
+          ssh $STAGING_USER@$STAGING_HOST << 'EOF'
+            mkdir -p ~/manacore-staging
+            cd ~/manacore-staging
+
+            # Create required directories
+            mkdir -p logs
+            mkdir -p data/postgres
+            mkdir -p data/redis
+          EOF
+
+      - name: Copy docker-compose file
+        env:
+          STAGING_USER: deploy
+          STAGING_HOST: 46.224.108.214
+        run: |
+          scp docker-compose.staging.yml $STAGING_USER@$STAGING_HOST:~/manacore-staging/docker-compose.yml
+
+      - name: Copy environment file
+        env:
+          STAGING_USER: deploy
+          STAGING_HOST: 46.224.108.214
+        run: |
+          # Create staging env file (mix of hardcoded config and secrets)
+          cat > .env.staging << EOF
+          # Database - Configuration
+          POSTGRES_HOST=postgres
+          POSTGRES_PORT=5432
+          POSTGRES_DB=manacore
+          POSTGRES_USER=postgres
+          POSTGRES_PASSWORD=${{ secrets.STAGING_POSTGRES_PASSWORD }}
+
+          # Redis - Configuration
+          REDIS_HOST=redis
+          REDIS_PORT=6379
+          REDIS_PASSWORD=${{ secrets.STAGING_REDIS_PASSWORD }}
+
+          # Mana Core Auth - Configuration
+          MANA_SERVICE_URL=http://mana-core-auth:3001
+          JWT_SECRET=${{ secrets.STAGING_JWT_SECRET }}
+          JWT_PUBLIC_KEY=${{ secrets.STAGING_JWT_PUBLIC_KEY }}
+          JWT_PRIVATE_KEY=${{ secrets.STAGING_JWT_PRIVATE_KEY }}
+
+          # Supabase
+          SUPABASE_URL=${{ secrets.STAGING_SUPABASE_URL }}
+          SUPABASE_ANON_KEY=${{ secrets.STAGING_SUPABASE_ANON_KEY }}
+          SUPABASE_SERVICE_ROLE_KEY=${{ secrets.STAGING_SUPABASE_SERVICE_ROLE_KEY }}
+
+          # Azure OpenAI
+          AZURE_OPENAI_ENDPOINT=${{ secrets.STAGING_AZURE_OPENAI_ENDPOINT }}
+          AZURE_OPENAI_API_KEY=${{ secrets.STAGING_AZURE_OPENAI_API_KEY }}
+          AZURE_OPENAI_API_VERSION=2024-12-01-preview
+
+          # Environment
+          NODE_ENV=staging
+          EOF
+
+          scp .env.staging $STAGING_USER@$STAGING_HOST:~/manacore-staging/.env
+          rm .env.staging
+
+      - name: Login to GitHub Container Registry on staging server
+        env:
+          STAGING_USER: deploy
+          STAGING_HOST: 46.224.108.214
+        run: |
+          ssh $STAGING_USER@$STAGING_HOST << EOF
+            # Login to ghcr.io with GitHub token
+            echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+          EOF
+
+      - name: Pull latest Docker images
+        env:
+          STAGING_USER: deploy
+          STAGING_HOST: 46.224.108.214
+        run: |
+          ssh $STAGING_USER@$STAGING_HOST << 'EOF'
+            cd ~/manacore-staging
+            docker compose pull
+          EOF
+
+      - name: Deploy services
+        env:
+          STAGING_USER: deploy
+          STAGING_HOST: 46.224.108.214
+        run: |
+          SERVICE="${{ github.event.inputs.service || 'all' }}"
+
+          ssh $STAGING_USER@$STAGING_HOST << EOF
+            cd ~/manacore-staging
+
+            # Determine which services to deploy
+            if [ "$SERVICE" == "all" ]; then
+              echo "Deploying all services..."
+              docker compose up -d
+            else
+              echo "Deploying service: $SERVICE"
+              docker compose up -d $SERVICE
+            fi
+
+            # Wait for initial startup
+            echo "Waiting for services to start..."
+            sleep 15
+
+            echo "=== Container Status ==="
+            docker compose ps
+          EOF
+
+      - name: Run health checks
+        env:
+          STAGING_USER: deploy
+          STAGING_HOST: 46.224.108.214
+        run: |
+          ssh $STAGING_USER@$STAGING_HOST << 'EOF'
+            cd ~/manacore-staging
+
+            # Wait for services to fully start
+            echo "Waiting 60s for services to fully initialize..."
+            sleep 60
+
+            echo "=== Container Status ==="
+            docker compose ps
+
+            echo ""
+            echo "=== Health Checks ==="
+
+            # Check mana-core-auth
+            echo "Checking mana-core-auth..."
+            if docker compose exec -T mana-core-auth wget -q -O - http://localhost:3001/api/v1/health > /dev/null 2>&1; then
+              echo "✅ mana-core-auth is healthy"
+            else
+              echo "❌ mana-core-auth health check failed"
+              echo "=== Logs ==="
+              docker compose logs --tail=50 mana-core-auth
+              exit 1
+            fi
+
+            # Check chat-backend
+            echo "Checking chat-backend..."
+            if docker compose exec -T chat-backend wget -q -O - http://localhost:3002/api/health > /dev/null 2>&1; then
+              echo "✅ chat-backend is healthy"
+            else
+              echo "❌ chat-backend health check failed"
+              echo "=== Logs ==="
+              docker compose logs --tail=50 chat-backend
+              exit 1
+            fi
+
+            # Check manadeck-backend
+            echo "Checking manadeck-backend..."
+            if docker compose exec -T manadeck-backend wget -q -O - http://localhost:3003/api/health > /dev/null 2>&1; then
+              echo "✅ manadeck-backend is healthy"
+            else
+              echo "❌ manadeck-backend health check failed"
+              echo "=== Logs ==="
+              docker compose logs --tail=50 manadeck-backend
+              exit 1
+            fi
+
+            echo ""
+            echo "✅ All health checks passed!"
+          EOF
+
+      - name: Run database migrations
+        env:
+          STAGING_USER: deploy
+          STAGING_HOST: 46.224.108.214
+        run: |
+          # Run migrations for services that need them
+          ssh $STAGING_USER@$STAGING_HOST << 'EOF'
+            cd ~/manacore-staging
+
+            # Mana Core Auth migrations
+            docker compose exec -T mana-core-auth pnpm run db:migrate || echo "Auth migrations skipped"
+          EOF
+
+      - name: Deployment summary
+        run: |
+          echo "## Staging Deployment Summary" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "- **Environment**: Staging" >> $GITHUB_STEP_SUMMARY
+          echo "- **Deployed by**: ${{ github.actor }}" >> $GITHUB_STEP_SUMMARY
+          echo "- **Commit**: ${{ github.sha }}" >> $GITHUB_STEP_SUMMARY
+          echo "- **Timestamp**: $(date -u +'%Y-%m-%d %H:%M:%S UTC')" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "### Services Deployed" >> $GITHUB_STEP_SUMMARY
+          echo "Service: ${{ github.event.inputs.service || 'all' }}" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "### Health Checks" >> $GITHUB_STEP_SUMMARY
+          echo "All health checks passed ✅" >> $GITHUB_STEP_SUMMARY
+
+  notify-deployment:
+    name: Notify Deployment
+    runs-on: ubuntu-latest
+    needs: deploy-staging
+    if: always()
+    steps:
+      - name: Deployment notification
+        run: |
+          STATUS="${{ needs.deploy-staging.result }}"
+
+          if [ "$STATUS" == "success" ]; then
+            echo "✅ Staging deployment completed successfully"
+          else
+            echo "❌ Staging deployment failed"
+            exit 1
+          fi
diff --git a/.github/workflows/cd-staging.yml b/.github/workflows/cd-staging.yml
index ada01d7a8..6d66d1d43 100644
--- a/.github/workflows/cd-staging.yml
+++ b/.github/workflows/cd-staging.yml
@@ -1,3 +1,13 @@
+# Simplified staging config: mana-core-auth + chat-backend only
+# Full config archived at: .github/workflows/cd-staging.full.yml
+#
+# To restore full config:
+#   cp .github/workflows/cd-staging.full.yml .github/workflows/cd-staging.yml
+#
+# To add a service back:
+#   1. Add service to workflow_dispatch options (line ~10)
+#   2. Add health check in "Run health checks" step
+#   3. Add service to docker-compose.staging.yml
 name: CD - Staging Deployment
 
 on:
@@ -11,7 +21,6 @@ on:
           - all
           - mana-core-auth
           - chat-backend
-          - manadeck-backend
   workflow_call:
 
 permissions:
@@ -156,6 +165,25 @@ jobs:
             docker compose ps
           EOF
 
+      - name: Create databases
+        env:
+          STAGING_USER: deploy
+          STAGING_HOST: 46.224.108.214
+        run: |
+          ssh $STAGING_USER@$STAGING_HOST << 'EOF'
+            cd ~/manacore-staging
+
+            echo "Creating required databases..."
+
+            # Create manacore_auth database (for mana-core-auth service)
+            docker compose exec -T postgres psql -U postgres -c "CREATE DATABASE manacore_auth;" 2>/dev/null || echo "manacore_auth database already exists"
+
+            # Create chat database (for chat-backend service)
+            docker compose exec -T postgres psql -U postgres -c "CREATE DATABASE chat;" 2>/dev/null || echo "chat database already exists"
+
+            echo "✅ Databases ready"
+          EOF
+
       - name: Run health checks
         env:
           STAGING_USER: deploy
@@ -196,17 +224,6 @@ jobs:
               exit 1
             fi
 
-            # Check manadeck-backend
-            echo "Checking manadeck-backend..."
-            if docker compose exec -T manadeck-backend wget -q -O - http://localhost:3003/api/health > /dev/null 2>&1; then
-              echo "✅ manadeck-backend is healthy"
-            else
-              echo "❌ manadeck-backend health check failed"
-              echo "=== Logs ==="
-              docker compose logs --tail=50 manadeck-backend
-              exit 1
-            fi
-
             echo ""
             echo "✅ All health checks passed!"
           EOF
diff --git a/docker-compose.staging.full.yml b/docker-compose.staging.full.yml
new file mode 100644
index 000000000..f0937e38b
--- /dev/null
+++ b/docker-compose.staging.full.yml
@@ -0,0 +1,290 @@
+# ARCHIVED: Full staging config with all services
+# Active simplified config: docker-compose.staging.yml
+#
+# Services included:
+#   - postgres, redis (infrastructure)
+#   - mana-core-auth, chat-backend, manadeck-backend (backends)
+#   - nginx (reverse proxy)
+#
+# To restore: cp docker-compose.staging.full.yml docker-compose.staging.yml
+
+services:
+  # ============================================
+  # Infrastructure Services
+  # ============================================
+
+  postgres:
+    image: postgres:16-alpine
+    container_name: manacore-postgres-staging
+    restart: unless-stopped
+    environment:
+      POSTGRES_DB: ${POSTGRES_DB:-manacore}
+      POSTGRES_USER: ${POSTGRES_USER:-postgres}
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
+    volumes:
+      - postgres_data:/var/lib/postgresql/data
+      # init.sql removed - not needed for staging
+    ports:
+      - "5432:5432"
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-postgres}"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+    networks:
+      - manacore-network
+
+  redis:
+    image: redis:7-alpine
+    container_name: manacore-redis-staging
+    restart: unless-stopped
+    command: redis-server --requirepass ${REDIS_PASSWORD:-redis123}
+    volumes:
+      - redis_data:/data
+    ports:
+      - "6379:6379"
+    healthcheck:
+      test: ["CMD", "redis-cli", "--raw", "incr", "ping"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+    networks:
+      - manacore-network
+
+  # ============================================
+  # Backend Services
+  # ============================================
+
+  mana-core-auth:
+    image: ${DOCKER_REGISTRY:-ghcr.io/memo-2023}/mana-core-auth:${AUTH_VERSION:-latest}
+    container_name: mana-core-auth-staging
+    restart: unless-stopped
+    depends_on:
+      postgres:
+        condition: service_healthy
+      redis:
+        condition: service_healthy
+    environment:
+      NODE_ENV: staging
+      PORT: 3001
+      DATABASE_URL: postgresql://${POSTGRES_USER:-postgres}:${POSTGRES_PASSWORD}@postgres:5432/manacore_auth
+      REDIS_HOST: redis
+      REDIS_PORT: 6379
+      REDIS_PASSWORD: ${REDIS_PASSWORD:-redis123}
+      JWT_SECRET: ${JWT_SECRET}
+      JWT_PUBLIC_KEY: ${JWT_PUBLIC_KEY}
+      JWT_PRIVATE_KEY: ${JWT_PRIVATE_KEY}
+    ports:
+      - "3001:3001"
+    healthcheck:
+      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:3001/api/v1/health"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 40s
+    networks:
+      - manacore-network
+    logging:
+      driver: "json-file"
+      options:
+        max-size: "10m"
+        max-file: "3"
+
+  # maerchenzauber-backend:
+  #   image: ${DOCKER_REGISTRY:-ghcr.io/memo-2023}/maerchenzauber-backend:${MAERCHENZAUBER_VERSION:-latest}
+  #   container_name: maerchenzauber-backend-staging
+  #   restart: unless-stopped
+  #   depends_on:
+  #     mana-core-auth:
+  #       condition: service_healthy
+  #   environment:
+  #     NODE_ENV: staging
+  #     PORT: 3002
+  #     MANA_SERVICE_URL: http://mana-core-auth:3001
+  #     SUPABASE_URL: ${SUPABASE_URL}
+  #     SUPABASE_ANON_KEY: ${SUPABASE_ANON_KEY}
+  #     SUPABASE_SERVICE_ROLE_KEY: ${SUPABASE_SERVICE_ROLE_KEY}
+  #     AZURE_OPENAI_ENDPOINT: ${AZURE_OPENAI_ENDPOINT}
+  #     AZURE_OPENAI_API_KEY: ${AZURE_OPENAI_API_KEY}
+  #     AZURE_OPENAI_API_VERSION: ${AZURE_OPENAI_API_VERSION:-2024-12-01-preview}
+  #   ports:
+  #     - "3002:3002"
+  #   healthcheck:
+  #     test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:3002/health"]
+  #     interval: 30s
+  #     timeout: 10s
+  #     retries: 3
+  #   networks:
+  #     - manacore-network
+  #   logging:
+  #     driver: "json-file"
+  #     options:
+  #       max-size: "10m"
+  #       max-file: "3"
+  #   # DISABLED: No Dockerfile exists yet
+
+  chat-backend:
+    image: ${DOCKER_REGISTRY:-ghcr.io/memo-2023}/chat-backend:${CHAT_VERSION:-latest}
+    container_name: chat-backend-staging
+    restart: unless-stopped
+    depends_on:
+      mana-core-auth:
+        condition: service_healthy
+      postgres:
+        condition: service_healthy
+    environment:
+      NODE_ENV: staging
+      PORT: 3002
+      DATABASE_URL: postgresql://${POSTGRES_USER:-postgres}:${POSTGRES_PASSWORD}@postgres:5432/chat
+      MANA_SERVICE_URL: http://mana-core-auth:3001
+      SUPABASE_URL: ${SUPABASE_URL}
+      SUPABASE_SERVICE_KEY: ${SUPABASE_SERVICE_ROLE_KEY}
+      AZURE_OPENAI_ENDPOINT: ${AZURE_OPENAI_ENDPOINT}
+      AZURE_OPENAI_API_KEY: ${AZURE_OPENAI_API_KEY}
+      AZURE_OPENAI_API_VERSION: ${AZURE_OPENAI_API_VERSION:-2024-12-01-preview}
+    ports:
+      - "3003:3002"
+    healthcheck:
+      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:3002/api/health"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+    networks:
+      - manacore-network
+    logging:
+      driver: "json-file"
+      options:
+        max-size: "10m"
+        max-file: "3"
+
+  manadeck-backend:
+    image: ${DOCKER_REGISTRY:-ghcr.io/memo-2023}/manadeck-backend:${MANADECK_VERSION:-latest}
+    container_name: manadeck-backend-staging
+    restart: unless-stopped
+    depends_on:
+      mana-core-auth:
+        condition: service_healthy
+      postgres:
+        condition: service_healthy
+    environment:
+      NODE_ENV: staging
+      PORT: 3003
+      DATABASE_URL: postgresql://${POSTGRES_USER:-postgres}:${POSTGRES_PASSWORD}@postgres:5432/manadeck
+      MANA_SERVICE_URL: http://mana-core-auth:3001
+      SUPABASE_URL: ${SUPABASE_URL}
+      SUPABASE_SERVICE_KEY: ${SUPABASE_SERVICE_ROLE_KEY}
+    ports:
+      - "3004:3003"
+    healthcheck:
+      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:3003/health"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+    networks:
+      - manacore-network
+    logging:
+      driver: "json-file"
+      options:
+        max-size: "10m"
+        max-file: "3"
+
+  # nutriphi-backend:
+  #   image: ${DOCKER_REGISTRY:-ghcr.io/memo-2023}/nutriphi-backend:${NUTRIPHI_VERSION:-latest}
+  #   container_name: nutriphi-backend-staging
+  #   restart: unless-stopped
+  #   depends_on:
+  #     mana-core-auth:
+  #       condition: service_healthy
+  #   environment:
+  #     NODE_ENV: staging
+  #     PORT: 3004
+  #     MANA_SERVICE_URL: http://mana-core-auth:3001
+  #     SUPABASE_URL: ${SUPABASE_URL}
+  #     SUPABASE_SERVICE_KEY: ${SUPABASE_SERVICE_ROLE_KEY}
+  #   ports:
+  #     - "3005:3004"
+  #   healthcheck:
+  #     test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:3004/health"]
+  #     interval: 30s
+  #     timeout: 10s
+  #     retries: 3
+  #   networks:
+  #     - manacore-network
+  #   logging:
+  #     driver: "json-file"
+  #     options:
+  #       max-size: "10m"
+  #       max-file: "3"
+  #   # DISABLED: No Dockerfile exists yet
+
+  # news-api:
+  #   image: ${DOCKER_REGISTRY:-ghcr.io/memo-2023}/news-api:${NEWS_VERSION:-latest}
+  #   container_name: news-api-staging
+  #   restart: unless-stopped
+  #   depends_on:
+  #     mana-core-auth:
+  #       condition: service_healthy
+  #   environment:
+  #     NODE_ENV: staging
+  #     PORT: 3005
+  #     MANA_SERVICE_URL: http://mana-core-auth:3001
+  #   ports:
+  #     - "3006:3005"
+  #   healthcheck:
+  #     test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:3005/health"]
+  #     interval: 30s
+  #     timeout: 10s
+  #     retries: 3
+  #   networks:
+  #     - manacore-network
+  #   logging:
+  #     driver: "json-file"
+  #     options:
+  #       max-size: "10m"
+  #       max-file: "3"
+  #   # DISABLED: No Dockerfile exists yet
+
+  # ============================================
+  # Reverse Proxy (Optional)
+  # ============================================
+
+  nginx:
+    image: nginx:alpine
+    container_name: manacore-nginx-staging
+    restart: unless-stopped
+    depends_on:
+      - mana-core-auth
+      - chat-backend
+      - manadeck-backend
+    volumes:
+      - ./docker/nginx/staging.conf:/etc/nginx/conf.d/default.conf
+      - ./docker/nginx/ssl:/etc/nginx/ssl
+    ports:
+      - "80:80"
+      - "443:443"
+    networks:
+      - manacore-network
+    logging:
+      driver: "json-file"
+      options:
+        max-size: "10m"
+        max-file: "3"
+
+# ============================================
+# Networks
+# ============================================
+
+networks:
+  manacore-network:
+    driver: bridge
+    name: manacore-staging
+
+# ============================================
+# Volumes
+# ============================================
+
+volumes:
+  postgres_data:
+    name: manacore-postgres-staging
+  redis_data:
+    name: manacore-redis-staging
diff --git a/docker-compose.staging.yml b/docker-compose.staging.yml
index 5818e2e0a..72915d651 100644
--- a/docker-compose.staging.yml
+++ b/docker-compose.staging.yml
@@ -1,3 +1,14 @@
+# Simplified staging config: mana-core-auth + chat-backend only
+# Full config archived at: docker-compose.staging.full.yml
+#
+# To restore full config:
+#   cp docker-compose.staging.full.yml docker-compose.staging.yml
+#
+# To add more services back:
+#   1. Copy the service block from docker-compose.staging.full.yml
+#   2. Add corresponding health check in .github/workflows/cd-staging.yml
+#   3. Add service to workflow_dispatch options in cd-staging.yml
+
 services:
   # ============================================
   # Infrastructure Services
@@ -13,7 +24,6 @@ services:
       POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
     volumes:
       - postgres_data:/var/lib/postgresql/data
-      # init.sql removed - not needed for staging
     ports:
       - "5432:5432"
     healthcheck:
@@ -80,39 +90,6 @@ services:
         max-size: "10m"
         max-file: "3"
 
-  # maerchenzauber-backend:
-  #   image: ${DOCKER_REGISTRY:-ghcr.io/memo-2023}/maerchenzauber-backend:${MAERCHENZAUBER_VERSION:-latest}
-  #   container_name: maerchenzauber-backend-staging
-  #   restart: unless-stopped
-  #   depends_on:
-  #     mana-core-auth:
-  #       condition: service_healthy
-  #   environment:
-  #     NODE_ENV: staging
-  #     PORT: 3002
-  #     MANA_SERVICE_URL: http://mana-core-auth:3001
-  #     SUPABASE_URL: ${SUPABASE_URL}
-  #     SUPABASE_ANON_KEY: ${SUPABASE_ANON_KEY}
-  #     SUPABASE_SERVICE_ROLE_KEY: ${SUPABASE_SERVICE_ROLE_KEY}
-  #     AZURE_OPENAI_ENDPOINT: ${AZURE_OPENAI_ENDPOINT}
-  #     AZURE_OPENAI_API_KEY: ${AZURE_OPENAI_API_KEY}
-  #     AZURE_OPENAI_API_VERSION: ${AZURE_OPENAI_API_VERSION:-2024-12-01-preview}
-  #   ports:
-  #     - "3002:3002"
-  #   healthcheck:
-  #     test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:3002/health"]
-  #     interval: 30s
-  #     timeout: 10s
-  #     retries: 3
-  #   networks:
-  #     - manacore-network
-  #   logging:
-  #     driver: "json-file"
-  #     options:
-  #       max-size: "10m"
-  #       max-file: "3"
-  #   # DISABLED: No Dockerfile exists yet
-
   chat-backend:
     image: ${DOCKER_REGISTRY:-ghcr.io/memo-2023}/chat-backend:${CHAT_VERSION:-latest}
     container_name: chat-backend-staging
@@ -120,132 +97,26 @@ services:
     depends_on:
       mana-core-auth:
         condition: service_healthy
+      postgres:
+        condition: service_healthy
     environment:
       NODE_ENV: staging
       PORT: 3002
-      MANA_SERVICE_URL: http://mana-core-auth:3001
+      DATABASE_URL: postgresql://${POSTGRES_USER:-postgres}:${POSTGRES_PASSWORD}@postgres:5432/chat
+      MANA_CORE_AUTH_URL: http://mana-core-auth:3001
       SUPABASE_URL: ${SUPABASE_URL}
       SUPABASE_SERVICE_KEY: ${SUPABASE_SERVICE_ROLE_KEY}
       AZURE_OPENAI_ENDPOINT: ${AZURE_OPENAI_ENDPOINT}
       AZURE_OPENAI_API_KEY: ${AZURE_OPENAI_API_KEY}
       AZURE_OPENAI_API_VERSION: ${AZURE_OPENAI_API_VERSION:-2024-12-01-preview}
     ports:
-      - "3003:3002"
+      - "3002:3002"
     healthcheck:
       test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:3002/api/health"]
       interval: 30s
       timeout: 10s
       retries: 3
-    networks:
-      - manacore-network
-    logging:
-      driver: "json-file"
-      options:
-        max-size: "10m"
-        max-file: "3"
-
-  manadeck-backend:
-    image: ${DOCKER_REGISTRY:-ghcr.io/memo-2023}/manadeck-backend:${MANADECK_VERSION:-latest}
-    container_name: manadeck-backend-staging
-    restart: unless-stopped
-    depends_on:
-      mana-core-auth:
-        condition: service_healthy
-    environment:
-      NODE_ENV: staging
-      PORT: 3003
-      MANA_SERVICE_URL: http://mana-core-auth:3001
-      SUPABASE_URL: ${SUPABASE_URL}
-      SUPABASE_SERVICE_KEY: ${SUPABASE_SERVICE_ROLE_KEY}
-    ports:
-      - "3004:3003"
-    healthcheck:
-      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:3003/health"]
-      interval: 30s
-      timeout: 10s
-      retries: 3
-    networks:
-      - manacore-network
-    logging:
-      driver: "json-file"
-      options:
-        max-size: "10m"
-        max-file: "3"
-
-  # nutriphi-backend:
-  #   image: ${DOCKER_REGISTRY:-ghcr.io/memo-2023}/nutriphi-backend:${NUTRIPHI_VERSION:-latest}
-  #   container_name: nutriphi-backend-staging
-  #   restart: unless-stopped
-  #   depends_on:
-  #     mana-core-auth:
-  #       condition: service_healthy
-  #   environment:
-  #     NODE_ENV: staging
-  #     PORT: 3004
-  #     MANA_SERVICE_URL: http://mana-core-auth:3001
-  #     SUPABASE_URL: ${SUPABASE_URL}
-  #     SUPABASE_SERVICE_KEY: ${SUPABASE_SERVICE_ROLE_KEY}
-  #   ports:
-  #     - "3005:3004"
-  #   healthcheck:
-  #     test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:3004/health"]
-  #     interval: 30s
-  #     timeout: 10s
-  #     retries: 3
-  #   networks:
-  #     - manacore-network
-  #   logging:
-  #     driver: "json-file"
-  #     options:
-  #       max-size: "10m"
-  #       max-file: "3"
-  #   # DISABLED: No Dockerfile exists yet
-
-  # news-api:
-  #   image: ${DOCKER_REGISTRY:-ghcr.io/memo-2023}/news-api:${NEWS_VERSION:-latest}
-  #   container_name: news-api-staging
-  #   restart: unless-stopped
-  #   depends_on:
-  #     mana-core-auth:
-  #       condition: service_healthy
-  #   environment:
-  #     NODE_ENV: staging
-  #     PORT: 3005
-  #     MANA_SERVICE_URL: http://mana-core-auth:3001
-  #   ports:
-  #     - "3006:3005"
-  #   healthcheck:
-  #     test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:3005/health"]
-  #     interval: 30s
-  #     timeout: 10s
-  #     retries: 3
-  #   networks:
-  #     - manacore-network
-  #   logging:
-  #     driver: "json-file"
-  #     options:
-  #       max-size: "10m"
-  #       max-file: "3"
-  #   # DISABLED: No Dockerfile exists yet
-
-  # ============================================
-  # Reverse Proxy (Optional)
-  # ============================================
-
-  nginx:
-    image: nginx:alpine
-    container_name: manacore-nginx-staging
-    restart: unless-stopped
-    depends_on:
-      - mana-core-auth
-      - chat-backend
-      - manadeck-backend
-    volumes:
-      - ./docker/nginx/staging.conf:/etc/nginx/conf.d/default.conf
-      - ./docker/nginx/ssl:/etc/nginx/ssl
-    ports:
-      - "80:80"
-      - "443:443"
+      start_period: 40s
     networks:
       - manacore-network
     logging: