feat: rebuild fiscal clone architecture and harden coolify deployment

2026-02-23 21:10:39 -05:00
parent cae7cbb98f
commit 04e5caf4e1
61 changed files with 3826 additions and 2923 deletions
--- a/COOLIFY.md
+++ b/COOLIFY.md
@@ -1,113 +1,78 @@
-# Coolify Deployment Guide
+# Coolify Deployment (Fiscal Clone 2.0)

-This project is ready for deployment on Coolify.
+This repository is deployable on Coolify using the root `docker-compose.yml`.

-## Prerequisites
+## What gets deployed

-1. Coolify instance running
-2. GitHub repository with this code
-3. PostgreSQL database
+- `frontend` (Next.js)
+- `backend` (Elysia API + Better Auth)
+- `worker` (durable async job processor)
+- `postgres` (database)

-## Deployment Steps
+`backend` and `worker` auto-run migrations on startup:
+- `bun run src/db/migrate.ts`
+- then start API/worker process

-### Option 1: Single Docker Compose App
+## Coolify setup

-1. Create a new Docker Compose application in Coolify
-2. Connect your GitHub repository
-3. Select the `docker-compose.yml` file in the root
-4. Configure environment variables:
+1. Create a **Docker Compose** app in Coolify.
+2. Connect this repository.
+3. Use compose file: `/docker-compose.yml`.
+4. Add public domains:
+- `frontend` service on port `3000` (example: `https://fiscal.example.com`)
+- `backend` service on port `3001` (example: `https://api.fiscal.example.com`)

-```
-DATABASE_URL=postgres://postgres:your_password@postgres:5432/fiscal
+## Required environment variables
+
+Set these in Coolify before deploy:
+
+```env
 POSTGRES_USER=postgres
-POSTGRES_PASSWORD=your_password
+POSTGRES_PASSWORD=<strong-password>
 POSTGRES_DB=fiscal
-PORT=3001
-BETTER_AUTH_SECRET=your-random-long-secret
-BETTER_AUTH_BASE_URL=https://api.your-fiscal-domain.com
-JWT_SECRET=your-jwt-secret-key-min-32-characters
-GITHUB_ID=your-github-oauth-client-id
-GITHUB_SECRET=your-github-oauth-client-secret
-GOOGLE_ID=your-google-oauth-client-id
-GOOGLE_SECRET=your-google-oauth-client-secret
-NEXT_PUBLIC_API_URL=https://api.your-fiscal-domain.com
+
+DATABASE_URL=postgres://postgres:<strong-password>@postgres:5432/fiscal
+
+# Public URLs
+FRONTEND_URL=https://fiscal.example.com
+BETTER_AUTH_BASE_URL=https://api.fiscal.example.com
+NEXT_PUBLIC_API_URL=https://api.fiscal.example.com
+
+# Security
+BETTER_AUTH_SECRET=<openssl rand -base64 32>
+SEC_USER_AGENT=Fiscal Clone <ops@your-domain.com>
+
+# Optional OpenClaw/ZeroClaw integration
+OPENCLAW_BASE_URL=https://your-openclaw-endpoint
+OPENCLAW_API_KEY=<token>
+OPENCLAW_MODEL=zeroclaw
+
+# Optional queue tuning
+TASK_HEARTBEAT_SECONDS=15
+TASK_STALE_SECONDS=120
+TASK_MAX_ATTEMPTS=3
 ```

-5. Deploy
+## Important build note

-### Option 2: Separate Applications
+`NEXT_PUBLIC_API_URL` is compiled into the frontend bundle at build time. If you change it, trigger a new deploy/rebuild.

-#### Backend
+The frontend includes a safety fallback: if `NEXT_PUBLIC_API_URL` is accidentally set to an internal host like `http://backend:3001`, browser calls will fall back to `https://api.<frontend-host>`.
+This is a fallback only; keep `NEXT_PUBLIC_API_URL` correct in Coolify.

-1. Create a new application in Coolify
-2. Source: GitHub
-3. Branch: `main`
-4. Build Context: `/backend`
-5. Build Pack: `Dockerfile`
-6. Environment Variables:
-   ```
-   DATABASE_URL=postgres://...
-   PORT=3001
-   ```
-7. Deploy
-
-#### Frontend
-
-1. Create a new application in Coolify
-2. Source: GitHub
-3. Branch: `main`
-4. Build Context: `/frontend`
-5. Build Pack: `Dockerfile`
-6. Environment Variables:
-   ```
-   NEXT_PUBLIC_API_URL=https://your-backend-domain.com
-   ```
-7. Deploy
-
-## Environment Variables
-
-### Backend
- `DATABASE_URL` - PostgreSQL connection string
- `PORT` - Server port (default: 3001)
- `NODE_ENV` - Environment (development/production)
- `BETTER_AUTH_SECRET` - Required in production; use a long random secret
- `BETTER_AUTH_BASE_URL` - Public backend URL used for auth callbacks
-
-### Frontend
- `NEXT_PUBLIC_API_URL` - Backend API URL
-
-`NEXT_PUBLIC_API_URL` is used at image build time in the frontend Docker build.
-Set it in Coolify before deploying so the generated client bundle points to the correct backend URL.
-
-## Database Setup
-
-The application will automatically create the database schema on startup. To manually run migrations:
+## Post-deploy checks

+1. API health:
 ```bash
-docker exec -it <backend_container> bun run db:migrate
+curl -f https://api.fiscal.example.com/api/health
 ```
+2. Frontend loads and auth screens render.
+3. Create user, add watchlist symbol, queue filing sync.
+4. Confirm background tasks move `queued -> running -> completed` in dashboard.

-## Monitoring
+## Common pitfalls

-Once deployed, add the application to OpenClaw's monitoring:
-
-1. Add to `/data/workspace/memory/coolify-integration.md`
-2. Set up Discord alerts for critical issues
-3. Configure cron jobs for health checks
-
-## Troubleshooting
-
-### Database Connection Failed
- Check DATABASE_URL is correct
- Ensure PostgreSQL container is running
- Verify network connectivity
-
-### Frontend Can't Connect to Backend
- Verify NEXT_PUBLIC_API_URL points to backend
- Check CORS settings in backend
- Ensure both containers are on same network
-
-### Cron Jobs Not Running
- Check Elysia cron configuration
- Verify timezone settings
- Check logs for errors
+- `NEXT_PUBLIC_API_URL` left as internal hostname (`http://backend:3001`) causes auth/API failures until fallback or proper config is applied.
+- `FRONTEND_URL` missing/incorrect causes CORS/session issues.
+- `BETTER_AUTH_BASE_URL` must be the public backend URL, not the internal container hostname.
+- Deploying frontend and backend on unrelated domains can cause cookie/session headaches. Prefer same root domain (e.g. `fiscal.example.com` + `api.fiscal.example.com`).