feat: ChittyRegister CI/CD registration pipeline

.github/workflows/register.yml

@@ -126,19 +126,27 @@ jobs:
 
           if [ "$http_code" -ge 200 ] && [ "$http_code" -lt 300 ]; then
             echo "Registration submitted successfully"
+          elif [ "$http_code" = "400" ] && echo "$body" | jq -e '.errors[]? | select(. == "Service name already registered")' > /dev/null 2>&1; then
+            echo "Service already registered — verifying compliance instead"
           else
             echo "::error::Registration failed with HTTP $http_code"
             exit 1
           fi
 
-      - name: Verify registration
+      - name: Verify compliance
         env:
           CHITTY_REGISTER_TOKEN: ${{ secrets.CHITTY_REGISTER_TOKEN }}
         run: |
-          # Give the registry a moment to process
           sleep 2
           resp=$(curl -sS \
             -H "Authorization: Bearer $CHITTY_REGISTER_TOKEN" \
-            https://register.chitty.cc/api/v1/services/chittyfinance 2>/dev/null || echo '{}')
-          echo "Registry entry:"
-          echo "$resp" | jq . 2>/dev/null || echo "$resp"
+            https://register.chitty.cc/api/v1/compliance/chittyfinance 2>/dev/null || echo '{}')
+          echo "Compliance status:"
+          echo "$resp" | jq '{name, chitty_id, status, compliant, registeredAt, certificate: .certificate.certificate_id}' 2>/dev/null || echo "$resp"
+
+          compliant=$(echo "$resp" | jq -r '.compliant // false')
+          if [ "$compliant" = "true" ]; then
+            echo "Service is compliant"
+          else
+            echo "::warning::Service compliance check returned: $compliant"
+          fi

deploy/system-wrangler.toml

@@ -21,18 +21,19 @@ routes = [
 MODE = "system"
 NODE_ENV = "production"
 APP_VERSION = "2.0.0"
+CHITTYCONNECT_API_BASE = "https://connect.chitty.cc"
 
 # Secrets (set with: wrangler secret put SECRET_NAME)
-# Run these commands to set secrets:
-# wrangler secret put DATABASE_URL
-# wrangler secret put OPENAI_API_KEY
-# wrangler secret put MERCURY_API_KEY
-# wrangler secret put WAVE_API_TOKEN
-# wrangler secret put STRIPE_SECRET_KEY
-# wrangler secret put CHITTY_ID_SERVICE_TOKEN
-# wrangler secret put CHITTY_AUTH_SERVICE_TOKEN
-# wrangler secret put JWT_SECRET
-# wrangler secret put AI_GATEWAY_ENDPOINT  # CF AI Gateway URL (optional)
+# Required:
+#   wrangler secret put DATABASE_URL            # Neon PostgreSQL connection string
+#   wrangler secret put CHITTY_AUTH_SERVICE_TOKEN # ChittyAuth service token (also used for ChittyConnect)
+#   wrangler secret put JWT_SECRET              # JWT signing secret
+# Integrations (optional):
+#   wrangler secret put OPENAI_API_KEY
+#   wrangler secret put STRIPE_SECRET_KEY
+#   wrangler secret put STRIPE_WEBHOOK_SECRET
+#   wrangler secret put WAVE_CLIENT_SECRET
+#   wrangler secret put CHITTYCONNECT_API_TOKEN  # If separate from CHITTY_AUTH_SERVICE_TOKEN
 
 [observability]
 enabled = true

scripts/set-register-token.sh

@@ -0,0 +1,32 @@
+#!/usr/bin/env bash
+set -euo pipefail
+# Sets CHITTY_REGISTER_TOKEN on the chittyregister Cloudflare Worker.
+# Run from a machine with CLOUDFLARE_API_TOKEN set, or with wrangler auth.
+#
+# Usage:
+#   CLOUDFLARE_API_TOKEN=<token> bash scripts/set-register-token.sh <token-value>
+#   # OR from the chittyregister project dir:
+#   echo "<token-value>" | wrangler secret put CHITTY_REGISTER_TOKEN --name chittyregister
+
+ACCOUNT_ID="0bc21e3a5a9de1a4cc843be9c3e98121"
+WORKER_NAME="chittyregister"
+TOKEN_VALUE="${1:?Usage: $0 <token-value>}"
+
+if [ -z "${CLOUDFLARE_API_TOKEN:-}" ]; then
+  echo "ERROR: CLOUDFLARE_API_TOKEN not set." >&2
+  echo "Get one at: https://dash.cloudflare.com/profile/api-tokens" >&2
+  exit 1
+fi
+
+echo "Setting CHITTY_REGISTER_TOKEN on $WORKER_NAME..."
+curl -sS -X PUT \
+  "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/workers/scripts/$WORKER_NAME/secrets" \
+  -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
+  -H "Content-Type: application/json" \
+  -d "{\"name\":\"CHITTY_REGISTER_TOKEN\",\"text\":\"$TOKEN_VALUE\",\"type\":\"secret_text\"}" | jq .
+
+echo "Done. Test with:"
+echo "  curl -sS -X POST https://register.chitty.cc/api/v1/register \\"
+echo "    -H 'Authorization: Bearer $TOKEN_VALUE' \\"
+echo "    -H 'Content-Type: application/json' \\"
+echo "    --data @deploy/registration/chittyfinance.registration.json | jq ."

server/routes/health.ts

@@ -12,7 +12,7 @@ healthRoutes.get('/api/v1/status', (c) => {
   const mode = c.env.MODE || 'system';
   const nodeEnv = c.env.NODE_ENV || 'production';
   const dbConfigured = Boolean(c.env.DATABASE_URL);
-  const chittyConfigured = Boolean(c.env.CHITTYCONNECT_API_BASE && c.env.CHITTY_AUTH_SERVICE_TOKEN);
+  const chittyConfigured = Boolean(c.env.CHITTYCONNECT_API_BASE && (c.env.CHITTY_AUTH_SERVICE_TOKEN || c.env.CHITTYCONNECT_API_TOKEN));
 
   return c.json({
     name: 'ChittyFinance',
@@ -26,7 +26,7 @@ healthRoutes.get('/api/v1/status', (c) => {
 
 healthRoutes.get('/api/v1/metrics', (c) => {
   const dbConfigured = c.env.DATABASE_URL ? 1 : 0;
-  const chittyConfigured = (c.env.CHITTYCONNECT_API_BASE && c.env.CHITTY_AUTH_SERVICE_TOKEN) ? 1 : 0;
+  const chittyConfigured = (c.env.CHITTYCONNECT_API_BASE && (c.env.CHITTY_AUTH_SERVICE_TOKEN || c.env.CHITTYCONNECT_API_TOKEN)) ? 1 : 0;
   const lines = [
     '# HELP service_database_configured Database configured (1) or not (0)',
     '# TYPE service_database_configured gauge',

wrangler.toml

@@ -0,0 +1,64 @@
+# Cloudflare Workers configuration for ChittyFinance (System Mode)
+# Root-level config for CF Workers Builds integration
+# Canonical config: deploy/system-wrangler.toml (keep in sync)
+
+name = "chittyfinance"
+main = "server/worker.ts"
+compatibility_date = "2026-03-01"
+
+account_id = "0bc21e3a5a9de1a4cc843be9c3e98121"
+
+workers_dev = false
+
+routes = [
+  { pattern = "finance.chitty.cc/*", zone_name = "chitty.cc" }
+]
+
+[vars]
+MODE = "system"
+NODE_ENV = "production"
+APP_VERSION = "2.0.0"
+CHITTYCONNECT_API_BASE = "https://connect.chitty.cc"
+
+[observability]
+enabled = true
+
+[[tail_consumers]]
+service = "chittytrack"
+
+[build]
+command = "npx vite build --outDir dist/public"
+
+[assets]
+directory = "dist/public"
+
+[limits]
+cpu_ms = 50
+
+[[kv_namespaces]]
+binding = "FINANCE_KV"
+id = "517b63be4d7144c197b5bdf851f12041"
+preview_id = "89d0b3bc875e49c4a3a9091de6a080aa"
+
+[[r2_buckets]]
+binding = "FINANCE_R2"
+bucket_name = "chittyfinance-storage"
+preview_bucket_name = "chittyfinance-storage-preview"
+
+[[durable_objects.bindings]]
+name = "CF_AGENT"
+class_name = "ChittyAgent"
+
+[[migrations]]
+tag = "v1"
+new_sqlite_classes = ["ChittyAgent"]
+
+[env.staging]
+name = "chittyfinance-staging"
+vars = { MODE = "system", NODE_ENV = "staging" }
+
+[env.production]
+name = "chittyfinance"
+vars = { MODE = "system", NODE_ENV = "production" }
+
+compatibility_flags = ["nodejs_compat"]