feat: rebuild fiscal clone architecture and harden coolify deployment

docker-compose.yml

@@ -9,9 +9,9 @@ services:
     volumes:
       - postgres_data:/var/lib/postgresql/data
     expose:
-      - "5432"
+      - '5432'
     healthcheck:
-      test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-postgres} -d ${POSTGRES_DB:-fiscal}"]
+      test: ['CMD-SHELL', 'pg_isready -U ${POSTGRES_USER:-postgres} -d ${POSTGRES_DB:-fiscal}']
       interval: 5s
       timeout: 5s
       retries: 10
@@ -21,6 +21,7 @@ services:
       context: ./backend
       dockerfile: Dockerfile
     restart: unless-stopped
+    command: ['sh', '-c', 'bun run src/db/migrate.ts && bun run src/index.ts']
     env_file:
       - path: ./.env
         required: false
@@ -30,33 +31,69 @@ services:
       DATABASE_URL: ${DATABASE_URL:-postgres://postgres:postgres@postgres:5432/fiscal}
       PORT: ${PORT:-3001}
       POSTGRES_HOST: postgres
+      FRONTEND_URL: ${FRONTEND_URL:-http://localhost:3000}
       BETTER_AUTH_SECRET: ${BETTER_AUTH_SECRET:-local-dev-better-auth-secret-change-me}
       BETTER_AUTH_BASE_URL: ${BETTER_AUTH_BASE_URL:-http://localhost:3001}
-      FRONTEND_URL: ${FRONTEND_URL:-http://localhost:3000}
+      SEC_USER_AGENT: ${SEC_USER_AGENT:-Fiscal Clone <support@example.com>}
+      OPENCLAW_BASE_URL: ${OPENCLAW_BASE_URL:-}
+      OPENCLAW_API_KEY: ${OPENCLAW_API_KEY:-}
+      OPENCLAW_MODEL: ${OPENCLAW_MODEL:-zeroclaw}
+      TASK_HEARTBEAT_SECONDS: ${TASK_HEARTBEAT_SECONDS:-15}
+      TASK_STALE_SECONDS: ${TASK_STALE_SECONDS:-120}
+      TASK_MAX_ATTEMPTS: ${TASK_MAX_ATTEMPTS:-3}
     expose:
-      - "3001"
+      - '3001'
     depends_on:
       postgres:
         condition: service_healthy
     healthcheck:
-      test: ["CMD-SHELL", "wget -q --spider http://localhost:3001/api/health || exit 1"]
+      test: ['CMD-SHELL', 'wget -q --spider http://localhost:3001/api/health || exit 1']
       interval: 30s
       timeout: 10s
       retries: 3
 
+  worker:
+    build:
+      context: ./backend
+      dockerfile: Dockerfile
+    restart: unless-stopped
+    command: ['sh', '-c', 'bun run src/db/migrate.ts && bun run src/worker.ts']
+    env_file:
+      - path: ./.env
+        required: false
+      - path: ../.env
+        required: false
+    environment:
+      DATABASE_URL: ${DATABASE_URL:-postgres://postgres:postgres@postgres:5432/fiscal}
+      PORT: ${PORT:-3001}
+      POSTGRES_HOST: postgres
+      FRONTEND_URL: ${FRONTEND_URL:-http://localhost:3000}
+      BETTER_AUTH_SECRET: ${BETTER_AUTH_SECRET:-local-dev-better-auth-secret-change-me}
+      BETTER_AUTH_BASE_URL: ${BETTER_AUTH_BASE_URL:-http://localhost:3001}
+      SEC_USER_AGENT: ${SEC_USER_AGENT:-Fiscal Clone <support@example.com>}
+      OPENCLAW_BASE_URL: ${OPENCLAW_BASE_URL:-}
+      OPENCLAW_API_KEY: ${OPENCLAW_API_KEY:-}
+      OPENCLAW_MODEL: ${OPENCLAW_MODEL:-zeroclaw}
+      TASK_HEARTBEAT_SECONDS: ${TASK_HEARTBEAT_SECONDS:-15}
+      TASK_STALE_SECONDS: ${TASK_STALE_SECONDS:-120}
+      TASK_MAX_ATTEMPTS: ${TASK_MAX_ATTEMPTS:-3}
+    depends_on:
+      postgres:
+        condition: service_healthy
+
   frontend:
     build:
       context: ./frontend
       dockerfile: Dockerfile
       args:
-        NEXT_PUBLIC_API_URL: ${NEXT_PUBLIC_API_URL:-http://backend:3001}
+        NEXT_PUBLIC_API_URL: ${NEXT_PUBLIC_API_URL:-http://localhost:3001}
     restart: unless-stopped
     environment:
       PORT: 3000
       HOSTNAME: 0.0.0.0
-      NEXT_PUBLIC_API_URL: ${NEXT_PUBLIC_API_URL:-http://backend:3001}
+      NEXT_PUBLIC_API_URL: ${NEXT_PUBLIC_API_URL:-http://localhost:3001}
     expose:
-      - "3000"
+      - '3000'
     depends_on:
       - backend