chore: clean repo for enterprise production readiness

.env.example

@@ -1,67 +1,32 @@
-# API Gateway Configuration
-API_GATEWAY_PORT=3000
+# Krai / Guap Finance — local development template.
+# Copy to .env and adjust as needed. Keep .env out of source control.
+
+# Application
 NODE_ENV=development
-AUTH_SERVICE_URL=http://auth-service:3001
-COURSE_SERVICE_URL=http://course-service:3002
-PROGRESS_SERVICE_URL=http://progress-service:3003
+PORT=3000
+DEMO_MODE=true
+LOG_LEVEL=debug
+LOG_FORMAT=pretty
 
-# Auth Service Configuration
-AUTH_SERVICE_PORT=3001
-JWT_SECRET=your-super-secret-jwt-key-change-in-production
-JWT_REFRESH_SECRET=your-super-secret-refresh-key-change-in-production
+# JWT — generate with: openssl rand -hex 48
+JWT_SECRET=replace-with-32-or-more-chars-from-openssl-rand-hex-48
+JWT_REFRESH_SECRET=replace-with-32-or-more-chars-from-openssl-rand-hex-48
 JWT_EXPIRATION=1h
 JWT_REFRESH_EXPIRATION=7d
+BCRYPT_ROUNDS=4
 
-# Course Service Configuration
-COURSE_SERVICE_PORT=3002
-STORAGE_TYPE=local
-STORAGE_PATH=/app/uploads
-MAX_FILE_SIZE=52428800
-
-# Progress Service Configuration
-PROGRESS_SERVICE_PORT=3003
-
-# Database Configuration
-DB_HOST=postgres
-DB_PORT=5432
-DB_USER=postgres
-DB_PASSWORD=postgres123
-DB_NAME=guap_finance_auth
-
-# Linode Managed PostgreSQL (Production)
-LINODE_DB_HOST=your-linode-db-host.akamaidb.net
-LINODE_DB_PORT=21542
-LINODE_DB_USER=akmadmin
-LINODE_DB_PASSWORD=your-linode-db-password
-LINODE_DB_NAME=guap_finance_courses
-
-# Redis Configuration
-REDIS_HOST=redis
-REDIS_PORT=6379
-REDIS_PASSWORD=
-REDIS_URL=redis://redis:6379
-
-# Email Configuration (SMTP)
-SMTP_HOST=smtp.gmail.com
-SMTP_PORT=587
-SMTP_USER=your-email@gmail.com
-SMTP_PASSWORD=your-app-password
-SMTP_FROM=noreply@guapfinance.com
-
-# Frontend Configuration
-NEXT_PUBLIC_API_URL=http://localhost:3000
-FRONTEND_URL=http://localhost:8000
-
-# AWS Configuration (if using S3)
-AWS_REGION=us-east-1
-AWS_ACCESS_KEY_ID=your-access-key
-AWS_SECRET_ACCESS_KEY=your-secret-key
-AWS_S3_BUCKET=guap-finance-uploads
-
-# Logging
-LOG_LEVEL=debug
+# CORS — comma-separated list of allowed origins
+CORS_ORIGINS=http://localhost:3000,http://localhost:8000
 
-# Security
-CORS_ORIGIN=http://localhost:8000
+# Rate limiting
 RATE_LIMIT_WINDOW_MS=900000
-RATE_LIMIT_MAX_REQUESTS=100
+RATE_LIMIT_MAX=300
+AUTH_RATE_LIMIT_MAX=20
+
+# PostgreSQL — leave blank to run in in-memory demo mode
+LINODE_DB_HOST=
+LINODE_DB_PORT=5432
+LINODE_DB_USER=
+LINODE_DB_PASSWORD=
+LINODE_DB_NAME=guap_finance
+LINODE_DB_SSL=true

.github/workflows/ci.yml

@@ -52,35 +52,6 @@ jobs:
       - name: Build
         run: npm run build
 
-  services:
-    name: ${{ matrix.svc }} — build
-    runs-on: ubuntu-latest
-    strategy:
-      fail-fast: false
-      matrix:
-        svc: [auth-service, course-service, progress-service]
-    defaults:
-      run:
-        working-directory: services/${{ matrix.svc }}
-    steps:
-      - uses: actions/checkout@v4
-
-      - uses: actions/setup-node@v4
-        with:
-          node-version: '20'
-          cache: npm
-          cache-dependency-path: services/${{ matrix.svc }}/package-lock.json
-
-      - name: Install
-        run: npm ci --no-audit --no-fund
-
-      - name: Lint
-        run: npm run lint
-        continue-on-error: true
-
-      - name: Build
-        run: npm run build
-
   security:
     name: Security audit
     runs-on: ubuntu-latest
@@ -111,9 +82,9 @@ jobs:
           format: table
 
   docker:
-    name: Docker — build images
+    name: Docker — build image
     runs-on: ubuntu-latest
-    needs: [api-gateway, services]
+    needs: api-gateway
     steps:
       - uses: actions/checkout@v4
 
@@ -137,32 +108,7 @@ jobs:
             -e JWT_REFRESH_SECRET="$(openssl rand -hex 48)" \
             -e NODE_ENV=production \
             krai/api-gateway:ci
-          sleep 5
-          curl --fail --silent --show-error --retry 10 --retry-delay 2 \
-               http://localhost:3000/health
+          curl --fail --silent --show-error --retry 15 --retry-delay 2 \
+               --retry-connrefused http://localhost:3000/health
           docker logs krai-gw | tail -30
           docker rm -f krai-gw
-
-      - name: Build auth-service image
-        uses: docker/build-push-action@v5
-        with:
-          context: .
-          file: ./services/auth-service/Dockerfile
-          push: false
-          tags: krai/auth-service:ci
-
-      - name: Build course-service image
-        uses: docker/build-push-action@v5
-        with:
-          context: .
-          file: ./services/course-service/Dockerfile
-          push: false
-          tags: krai/course-service:ci
-
-      - name: Build progress-service image
-        uses: docker/build-push-action@v5
-        with:
-          context: .
-          file: ./services/progress-service/Dockerfile
-          push: false
-          tags: krai/progress-service:ci