Skip to content

douglasswm/fullrestore-codex

BranchesTags

Repository files navigation

FullRestore

Natural Language to Infrastructure - Deploy applications to production in under 5 minutes with zero DevOps knowledge.

FullRestore is an autonomous DevOps platform that analyzes your GitHub repositories, generates deployment configurations using AI, and executes them in isolated sandboxes. Connect your repo, confirm the deployment intent, and receive a live URL.

Features

  • GitHub Integration: Connect repositories via GitHub OAuth and GitHub App
  • AI-Powered Analysis: Automatic project type detection and environment variable extraction
  • Deployment Intent Preview: ASCII diagram visualization before deployment
  • Multi-Provider Support: Deploy to DigitalOcean App Platform (MVP) and Cloudflare Pages/Workers
  • Real-time Updates: WebSocket-based deployment status and log streaming
  • Security Pipeline: Gitleaks, Trivy, Checkov, OPA scanning with SBOM generation
  • Infrastructure Dashboard: Unified view of all deployments across providers

Context Lake UX (Pulumi Neo-Inspired)

  • Thought Trail: AI reasoning displayed with "X tool calls, Y thoughts" summary
  • AI Reasoning Display: Explanation of infrastructure decisions before approval
  • Security Badges: Visual passed/warning/failed indicators with finding details
  • Cost Breakdown: Per-resource cost table instead of just totals
  • Human-in-the-Loop: Reject and regenerate deployment plans with feedback
  • GitOps Workflow: PR-based infrastructure changes (Create PR → Review → Merge & Deploy)
  • App Health Checks: Verify application responds after infrastructure provisioning
  • In-Conversation Credentials: Enter missing credentials directly in chat
  • Provider Suggestion Pills: AI suggests deployment targets, user clicks to confirm

Architecture

FullRestore uses a Four-Plane Architecture with strict unidirectional data flow:

┌─────────────────────────────────────────────────────────────────────────────┐
│                          USER INTERFACE LAYER                               │
│   Next.js 14 │ React │ Zustand │ WebSocket │ TailwindCSS                   │
│   • Context Lake UX: Thought Trail, AI Reasoning, Security Badges          │
│   • Human-in-the-Loop: Rejection/Regeneration, Provider Pills              │
│   • GitOps: PR Creation, Health Checks, In-Conversation Credentials        │
└───────────────────────────────────┬─────────────────────────────────────────┘
                                    │
┌───────────────────────────────────▼─────────────────────────────────────────┐
│                     PLANE 1: CONTROL (Ingestion)                            │
│   FastAPI │ JWT Auth │ GitHub OAuth │ Rate Limiting │ Webhooks             │
│   • Receive requests, validate, queue tasks                                 │
│   • Stream real-time updates via WebSocket (thoughts, health, credentials)  │
└───────────────────────────────────┬─────────────────────────────────────────┘
                                    │
┌───────────────────────────────────▼─────────────────────────────────────────┐
│                     PLANE 2: COGNITIVE (AI + Context Lake)                  │
│   Pydantic AI Agents │ BAML │ Multi-Provider LLM │ Structured Extraction   │
│   • Intent/Refinement/Deployment agents with tool-calling                   │
│   • Context Lake: Terraform Agent generates code for ANY cloud provider     │
│   • Provider suggestions with reasoning, cost estimates                     │
└───────────────────────────────────┬─────────────────────────────────────────┘
                                    │
┌───────────────────────────────────▼─────────────────────────────────────────┐
│                     PLANE 3: SYNTHESIS (Compilers)                          │
│   Deterministic Compilers │ Provider-Specific Synthesizers                 │
│   • Transform DeploymentIntent → Terraform/OpenTofu code                    │
│   • DigitalOcean, Cloudflare, AWS synthesizers (or Context Lake Agent)      │
└───────────────────────────────────┬─────────────────────────────────────────┘
                                    │
┌───────────────────────────────────▼─────────────────────────────────────────┐
│                     PLANE 4: EXECUTION (Sandbox)                            │
│   Docker/Firecracker │ OpenTofu │ Security Pipeline │ State Management     │
│   • Gitleaks → Trivy → Checkov → OPA → Apply → SBOM → Health Check         │
│   • All execution in isolated, resource-limited containers                  │
└─────────────────────────────────────────────────────────────────────────────┘

Key Principles:

  • Data flows strictly forward. AI outputs Pydantic models only—never makes direct infrastructure API calls.
  • Agent Modes (Terraform-style): PLAN mode for read-only analysis and intent generation; APPLY mode for infrastructure changes after user approval.

Detailed Documentation: See docs/architecture/ for comprehensive diagrams including:

Tech Stack

Layer Technologies
Frontend Next.js 14, React 18, TypeScript 5, TailwindCSS, Zustand, React Query
Backend Python 3.12, FastAPI, Pydantic v2, SQLAlchemy 2.0, Celery 5.x
Database PostgreSQL 16 (Row Level Security), Redis 7.x
Storage AWS S3 / MinIO (Terraform state, SBOMs, exports)
AI Pydantic AI Agents, BAML, Multi-Provider LLM (Anthropic/Bedrock/VertexAI/Ollama)
IaC OpenTofu 1.6 (Terraform-compatible)
Security Gitleaks, Trivy, Checkov, OPA, Syft (SBOM)
GitOps Atlantis for PR-based Terraform workflow
Testing pytest + mypy (backend), Playwright (frontend E2E)

Full details: See Tech Stack Documentation

Prerequisites

  • Docker and Docker Compose v2.0+
  • Node.js 20.x+ (for local frontend development)
  • Python 3.12+ (for local backend development)
  • Git

External Service Accounts (Required for Full Functionality)

Service Purpose Setup Link
GitHub OAuth App User authentication Create OAuth App
GitHub App Repository access, webhooks Create GitHub App
Anthropic API AI-powered analysis Get API Key
DigitalOcean Deployment target Create API Token
Cloudflare Deployment target (optional) Create API Token

Quick Start

Option A: Automated Setup (Recommended)

The easiest way to start all services:

# Clone and enter directory
git clone https://github.com/your-org/fullrestore.git
cd fullrestore

# Start all services (creates default .env files automatically)
# Atlantis GitOps service starts by default
./start-dev.sh

# Or skip Atlantis for legacy/testing scenarios (deprecated workflow)
./start-dev.sh --without-atlantis

The script will:

  1. Check prerequisites (Docker, Python, Node.js)
  2. Create default .env files if missing
  3. Start Docker services (PostgreSQL, Redis, MinIO)
  4. Create MinIO buckets
  5. Start Atlantis GitOps service (requires GitHub App key - see setup below)
  6. Install dependencies and run migrations
  7. Start backend API, Celery workers, and frontend

Note: Atlantis requires a GitHub App private key at infrastructure/docker/secrets/github-app-key.pem. If not configured, Atlantis will be skipped with a warning.

To stop all services:

./stop-dev.sh

Option B: Manual Setup

1. Clone the Repository

git clone https://github.com/your-org/fullrestore.git
cd fullrestore

2. Create Environment Files

Docker Environment (infrastructure/docker/.env)

Create infrastructure/docker/.env:

# Database
POSTGRES_USER=fullrestore
POSTGRES_PASSWORD=fullrestore_dev
POSTGRES_DB=fullrestore

# MinIO (S3-compatible storage)
MINIO_ROOT_USER=minioadmin
MINIO_ROOT_PASSWORD=minioadmin

# Security (MUST be exactly 32 characters)
CREDENTIAL_ENCRYPTION_KEY=dev-encryption-key-32-bytes-!!!
JWT_SECRET_KEY=dev-secret-key-change-in-production

# GitHub Webhook Secret (required for webhooks)
GITHUB_WEBHOOK_SECRET=<your-webhook-secret>

# GitHub App Configuration (required for GitOps)
GITHUB_APP_ID=<your-github-app-id>
GITHUB_APP_SLUG=fullrestore-dev

# GitOps / Atlantis (Required for Deployments)
# Direct execution mode is deprecated - use GitOps workflow for all deployments
GITOPS_ENABLED=true
GITOPS_DEFAULT_BRANCH=main
ATLANTIS_URL=http://localhost:4141
Backend Environment (backend/.env)

Create backend/.env with the following configuration:

# =============================================================================
# FULLRESTORE BACKEND CONFIGURATION
# =============================================================================

# -----------------------------------------------------------------------------
# Application Settings
# -----------------------------------------------------------------------------
ENVIRONMENT=development
DEBUG=true
LOG_LEVEL=DEBUG
API_HOST=0.0.0.0
API_PORT=8000

# Frontend URL (for OAuth redirects)
FRONTEND_URL=http://localhost:3000

# -----------------------------------------------------------------------------
# Database (PostgreSQL)
# -----------------------------------------------------------------------------
# For Docker Compose, use the service name 'postgres'
# For local development, use 'localhost'
DATABASE_URL=postgresql+asyncpg://fullrestore:fullrestore_dev@localhost:5432/fullrestore

# -----------------------------------------------------------------------------
# Redis (Message Queue & Caching)
# -----------------------------------------------------------------------------
# For Docker Compose, use the service name 'redis'
# For local development, use 'localhost'
REDIS_URL=redis://localhost:6379/0

# -----------------------------------------------------------------------------
# AWS S3 / MinIO (Object Storage)
# -----------------------------------------------------------------------------
# For local development with MinIO (Docker Compose provides this)
S3_ENDPOINT_URL=http://localhost:9000
S3_ACCESS_KEY=minioadmin
S3_SECRET_KEY=minioadmin
S3_REGION=us-east-1

# S3 Buckets (will be auto-created by start-dev.sh)
S3_BUCKET_TFSTATE=fullrestore-tfstate
S3_BUCKET_SBOMS=fullrestore-sboms
S3_BUCKET_EXPORTS=fullrestore-exports

# For production with AWS S3:
# S3_ENDPOINT_URL=  # Leave empty for AWS
# S3_ACCESS_KEY=<your-aws-access-key>
# S3_SECRET_KEY=<your-aws-secret-key>
# S3_REGION=us-east-1

# -----------------------------------------------------------------------------
# Authentication (JWT)
# -----------------------------------------------------------------------------
# IMPORTANT: Generate a secure secret for production!
# python -c "import secrets; print(secrets.token_urlsafe(32))"
JWT_SECRET_KEY=dev-secret-key-change-in-production
JWT_ALGORITHM=HS256
JWT_ACCESS_TOKEN_EXPIRE_MINUTES=30
JWT_REFRESH_TOKEN_EXPIRE_DAYS=7

# -----------------------------------------------------------------------------
# GitHub OAuth App
# -----------------------------------------------------------------------------
# Create at: https://github.com/settings/developers
# - Application name: FullRestore (Development)
# - Homepage URL: http://localhost:3000
# - Authorization callback URL: http://localhost:3000/auth/callback
GITHUB_CLIENT_ID=<your-github-oauth-client-id>
GITHUB_CLIENT_SECRET=<your-github-oauth-client-secret>

# -----------------------------------------------------------------------------
# GitHub App
# -----------------------------------------------------------------------------
# Create at: https://github.com/settings/apps
# Required permissions:
# - Repository permissions: Contents (Read), Metadata (Read)
# - Subscribe to events: Push
# Webhook URL: https://your-domain.com/api/webhooks/github
GITHUB_APP_ID=<your-github-app-id>
GITHUB_APP_SLUG=fullrestore-dev
GITHUB_WEBHOOK_SECRET=<your-webhook-secret>

# GitHub App Private Key (PEM format)
# Download from your GitHub App settings, then either:
# Option 1: Paste the entire key (with newlines as \n)
# Option 2: Base64 encode and use GITHUB_APP_PRIVATE_KEY_BASE64
# Option 3: Use file path with GITHUB_APP_PRIVATE_KEY_FILE
GITHUB_APP_PRIVATE_KEY=-----BEGIN RSA PRIVATE KEY-----\n...\n-----END RSA PRIVATE KEY-----

# -----------------------------------------------------------------------------
# LLM Provider Configuration
# -----------------------------------------------------------------------------
# Supports: anthropic (direct), bedrock (AWS), vertexai (GCP), ollama (local)
LLM_PROVIDER=anthropic

# Anthropic (Direct API) - used when LLM_PROVIDER=anthropic
# Get your API key at: https://console.anthropic.com/
ANTHROPIC_API_KEY=<your-anthropic-api-key>
ANTHROPIC_MODEL=claude-sonnet-4-5-20250929

# AWS Bedrock - used when LLM_PROVIDER=bedrock
# BEDROCK_REGION=us-east-1
# BEDROCK_MODEL_ID=anthropic.claude-sonnet-4-5-20250929-v1:0

# Google Vertex AI - used when LLM_PROVIDER=vertexai
# VERTEXAI_PROJECT=<your-gcp-project>
# VERTEXAI_LOCATION=us-central1

# Ollama (Local) - used when LLM_PROVIDER=ollama
# OLLAMA_HOST=http://localhost:11434
# OLLAMA_MODEL=llama3.1

# -----------------------------------------------------------------------------
# Provider Credential Encryption
# -----------------------------------------------------------------------------
# IMPORTANT: Must be exactly 32 characters for AES-256 encryption
# Generate: python -c "import secrets; print(secrets.token_urlsafe(24)[:32])"
CREDENTIAL_ENCRYPTION_KEY=dev-encryption-key-32-bytes-!!!

# -----------------------------------------------------------------------------
# Rate Limiting
# -----------------------------------------------------------------------------
RATE_LIMIT_GENERAL=100        # requests per minute
RATE_LIMIT_DEPLOYMENTS=10     # deployment triggers per minute
RATE_LIMIT_ANALYSIS=5         # analysis triggers per minute

# -----------------------------------------------------------------------------
# Sandbox Configuration
# -----------------------------------------------------------------------------
SANDBOX_RUNTIME=docker        # 'docker' for development, 'firecracker' for production
SANDBOX_TIMEOUT_SECONDS=600   # 10 minutes max execution time
SANDBOX_MEMORY_LIMIT_MB=512   # Memory limit per sandbox

# -----------------------------------------------------------------------------
# GitOps / Atlantis (Required for Deployments)
# -----------------------------------------------------------------------------
# Direct execution mode is deprecated - use GitOps workflow for all deployments
GITOPS_ENABLED=true
GITOPS_DEFAULT_BRANCH=main
ATLANTIS_URL=http://localhost:4141

# -----------------------------------------------------------------------------
# Langfuse Observability (Optional)
# -----------------------------------------------------------------------------
# Get your keys at: https://cloud.langfuse.com/
# Leave empty to disable Langfuse tracing
LANGFUSE_PUBLIC_KEY=
LANGFUSE_SECRET_KEY=
LANGFUSE_HOST=https://cloud.langfuse.com

# -----------------------------------------------------------------------------
# Feature Flags (Optional)
# -----------------------------------------------------------------------------
FEATURE_FLAG_BAML_COGNITIVE=true
Frontend Environment (frontend/.env.local)

Create frontend/.env.local:

# =============================================================================
# FULLRESTORE FRONTEND CONFIGURATION
# =============================================================================

# Backend API URL (WebSocket URL is derived automatically)
NEXT_PUBLIC_API_URL=http://localhost:8000

# GitHub OAuth (must match backend configuration)
NEXT_PUBLIC_GITHUB_CLIENT_ID=<your-github-oauth-client-id>
3. Start Infrastructure Services

Start PostgreSQL, Redis, and MinIO using Docker Compose:

cd infrastructure/docker
docker compose up -d postgres redis minio

Wait for services to be healthy:

docker compose ps

4. Create MinIO Buckets

Access MinIO console at http://localhost:9001 (login: minioadmin/minioadmin) and create buckets:

  • fullrestore-tfstate
  • fullrestore-sboms
  • fullrestore-exports

Or via CLI (using Docker network):

# Get the Docker network name
NETWORK=$(docker inspect fullrestore-minio --format '{{range $k, $v := .NetworkSettings.Networks}}{{$k}}{{end}}')

# Create buckets using mc container
docker run --rm --network "$NETWORK" minio/mc:latest \
  sh -c 'mc alias set local http://fullrestore-minio:9000 minioadmin minioadmin && \
         mc mb --ignore-existing local/fullrestore-tfstate && \
         mc mb --ignore-existing local/fullrestore-sboms && \
         mc mb --ignore-existing local/fullrestore-exports'

5. Set Up Backend

cd backend

# Create virtual environment
python -m venv .venv
source .venv/bin/activate  # On Windows: .venv\Scripts\activate

# Install dependencies
pip install -e ".[dev]"

# Run database migrations
alembic upgrade head

# Start the API server
uvicorn src.api:app --reload --port 8000

In separate terminals, start the Celery workers:

# Terminal 2: Celery worker (handles all task queues)
cd backend
source .venv/bin/activate
celery -A celery_config worker --loglevel=info -Q default,analysis,deployment,state_sync,cleanup

# Terminal 3: Celery Beat (scheduled tasks)
cd backend
source .venv/bin/activate
celery -A celery_config beat --loglevel=info

6. Set Up Frontend

cd frontend

# Install dependencies
npm install

# Install Playwright browsers (for E2E testing)
npx playwright install

# Start development server
npm run dev

7. Access the Application

Development with Docker Compose (Full Stack)

To run the entire stack in Docker:

cd infrastructure/docker

# Build and start all services
docker compose up --build

# Or run in detached mode
docker compose up -d --build

# View logs
docker compose logs -f api worker

# Stop all services
docker compose down

# Stop and remove volumes (clean slate)
docker compose down -v

GitHub App Setup

1. Create a GitHub App

Go to GitHub Developer Settings and create a new GitHub App:

Setting Value
GitHub App name FullRestore (or your preferred name)
Homepage URL http://localhost:3000
Callback URL http://localhost:3000/auth/callback
Webhook URL http://localhost:8000/api/webhooks/github
Webhook secret Generate a secure random string

2. Set Permissions

Repository permissions:

  • Contents: Read-only
  • Metadata: Read-only

Subscribe to events:

  • Push

3. Generate Private Key

  1. In your GitHub App settings, scroll to "Private keys"
  2. Click "Generate a private key"
  3. Save the downloaded .pem file securely
  4. Add the key to your .env file (see configuration above)

4. Install the App

  1. Go to your GitHub App's public page
  2. Click "Install App"
  3. Select the repositories you want to use with FullRestore

Cloud Provider Setup

DigitalOcean

  1. Go to DigitalOcean API Tokens
  2. Generate a new personal access token with read/write permissions
  3. Save the token - you'll add it in the FullRestore UI under Settings > Providers

Cloudflare (Optional)

  1. Go to Cloudflare API Tokens
  2. Create a token with the following permissions:
    • Account > Cloudflare Pages: Edit
    • Account > Cloudflare Workers Scripts: Edit
  3. Note your Account ID from the Cloudflare dashboard
  4. Save both - you'll add them in the FullRestore UI under Settings > Providers

Running Tests

Backend Tests

cd backend
source .venv/bin/activate

# Run all tests
pytest

# Run with coverage
pytest --cov=src --cov-report=html

# Run specific test categories
pytest -m unit          # Unit tests only
pytest -m integration   # Integration tests only
pytest -m contract      # Contract tests only

# Run a specific test file
pytest tests/unit/test_analysis_service.py -v

Frontend Tests (Playwright)

cd frontend

# Install Playwright browsers (first time only)
npx playwright install

# Run all E2E tests
npm test

# Run tests with UI
npm run test:ui

# Run tests in debug mode
npm run test:debug

Linting & Type Checking

# Backend
cd backend
ruff check src tests          # Linting
ruff format src tests         # Formatting
mypy src                      # Type checking

# Frontend
cd frontend
npm run lint                  # ESLint
npm run format:check          # Prettier check
npm run typecheck             # TypeScript

Project Structure

fullrestore/
├── backend/
│   ├── src/
│   │   ├── api/              # FastAPI routers (auth, deployments, repos, webhooks)
│   │   ├── models/           # Pydantic models (deployment_intent.py is core schema)
│   │   ├── services/         # Business logic (analysis, cognitive, execution)
│   │   │   ├── agents/       # Pydantic AI agents (intent, refinement, deployment)
│   │   │   └── llm/          # Multi-provider LLM abstraction
│   │   ├── baml_src/         # BAML schemas for structured extraction
│   │   ├── baml_client/      # Generated BAML client code
│   │   ├── workers/          # Celery tasks (analysis, deployment, state_sync)
│   │   ├── synthesizers/     # Intent → Terraform compilers (DO, CF, AWS)
│   │   ├── security/         # DevSecOps pipeline (gitleaks, trivy, checkov, opa)
│   │   ├── sandbox/          # Execution runtime (docker_runtime, tofu_executor)
│   │   └── config/           # Settings and S3 client
│   ├── tests/
│   │   ├── unit/             # 40+ unit test files
│   │   ├── integration/      # Service integration tests
│   │   └── contract/         # API contract tests
│   ├── alembic/              # Database migrations (7 migrations)
│   └── celery_config.py      # Task queue configuration
├── frontend/
│   ├── src/
│   │   ├── app/              # Next.js App Router (authenticated routes)
│   │   ├── components/       # React components by domain (deployment/, chat/, ui/)
│   │   ├── stores/           # Zustand stores (auth, deployment, infrastructure)
│   │   └── services/         # API clients + WebSocket handlers
│   └── tests/e2e/            # 15+ Playwright E2E tests
├── infrastructure/
│   ├── docker/               # Docker Compose + Dockerfiles
│   └── kubernetes/           # K8s manifests (production)
├── docs/
│   ├── architecture/         # Architecture documentation + UML diagrams
│   ├── configuration.md      # Environment variable reference
│   └── RUNBOOK.md            # Operations guide
└── specs/                    # Feature specifications (spec.md, plan.md, tasks.md)

Architecture Details: See docs/architecture/ for component diagrams and data flow

Troubleshooting

Database Connection Issues

# Check if PostgreSQL is running
docker compose ps postgres

# View PostgreSQL logs
docker compose logs postgres

# Connect to database manually
docker compose exec postgres psql -U fullrestore -d fullrestore

Redis Connection Issues

# Check if Redis is running
docker compose ps redis

# Test Redis connection
docker compose exec redis redis-cli ping

MinIO/S3 Issues

# Check MinIO logs
docker compose logs minio

# Verify buckets exist
docker compose exec minio mc ls local/

Celery Worker Not Processing Tasks

# Check worker logs
docker compose logs worker

# Or if running locally
celery -A celery_config inspect active

# Purge stuck tasks (use with caution)
celery -A celery_config purge

GitHub OAuth Errors

  1. Verify callback URL matches exactly in GitHub OAuth App settings
  2. Check that GITHUB_CLIENT_ID and GITHUB_CLIENT_SECRET are correct
  3. Ensure FRONTEND_URL is set correctly for redirects

API Returns 500 Errors

# Check API logs
docker compose logs api

# Or if running locally, check the terminal output
# Enable debug mode for more details
DEBUG=true uvicorn src.api:app --reload

Environment Variables Reference

Required for Basic Operation

Variable Description Example
DATABASE_URL PostgreSQL connection string postgresql+asyncpg://user:pass@host:5432/db
REDIS_URL Redis connection string redis://localhost:6379/0
JWT_SECRET_KEY JWT signing secret (32+ chars) Use secrets.token_urlsafe(32)
CREDENTIAL_ENCRYPTION_KEY Exactly 32 characters for AES-256 Use secrets.token_urlsafe(24)[:32]

Required for GitHub Integration

Variable Description Example
GITHUB_CLIENT_ID GitHub OAuth App client ID Iv1.abc123...
GITHUB_CLIENT_SECRET GitHub OAuth App secret abc123...
GITHUB_APP_ID GitHub App ID 123456
GITHUB_APP_SLUG GitHub App URL slug fullrestore-dev
GITHUB_APP_PRIVATE_KEY GitHub App PEM key (with \n for newlines) -----BEGIN RSA...
GITHUB_WEBHOOK_SECRET Webhook signature verification Use secure random

Alternative GitHub App key loading methods:

  • GITHUB_APP_PRIVATE_KEY_FILE - Path to PEM file
  • GITHUB_APP_PRIVATE_KEY_BASE64 - Base64-encoded PEM key

Required for AI Analysis

Variable Description Example
LLM_PROVIDER LLM provider (anthropic, bedrock, vertexai, ollama) anthropic
ANTHROPIC_API_KEY Claude API key (when provider=anthropic) sk-ant-...
ANTHROPIC_MODEL Model name (optional) claude-sonnet-4-5-20250929

Alternative LLM Providers:

Variable Description Example
BEDROCK_REGION AWS region (when provider=bedrock) us-east-1
BEDROCK_MODEL_ID Bedrock model ID anthropic.claude-sonnet-4-5-20250929-v1:0
VERTEXAI_PROJECT GCP project ID (when provider=vertexai) my-project
VERTEXAI_LOCATION GCP region us-central1
OLLAMA_HOST Ollama server URL (when provider=ollama) http://localhost:11434
OLLAMA_MODEL Local model name llama3.1

GitOps / Atlantis (Required for Deployments)

Variable Default Description
GITOPS_ENABLED true Enable PR-based Terraform workflow
GITOPS_DEFAULT_BRANCH main Default branch for GitOps PRs
ATLANTIS_URL http://localhost:4141 Atlantis server URL

Place the GitHub App private key at infrastructure/docker/secrets/github-app-key.pem.

Observability (Optional)

Variable Default Description
LANGFUSE_PUBLIC_KEY "" Langfuse public key
LANGFUSE_SECRET_KEY "" Langfuse secret key
LANGFUSE_HOST https://cloud.langfuse.com Langfuse host URL

Other Optional Settings

Variable Default Description
ENVIRONMENT development development, staging, production
DEBUG false Enable debug mode
LOG_LEVEL INFO DEBUG, INFO, WARNING, ERROR
SANDBOX_RUNTIME docker docker or firecracker
SANDBOX_TIMEOUT_SECONDS 600 Max sandbox execution time
SANDBOX_MEMORY_LIMIT_MB 512 Sandbox memory limit
RATE_LIMIT_GENERAL 100 API rate limit per minute
RATE_LIMIT_DEPLOYMENTS 10 Deploy trigger rate limit
RATE_LIMIT_ANALYSIS 5 Analysis trigger rate limit
FRONTEND_URL http://localhost:3000 Frontend URL for OAuth redirects
FEATURE_FLAG_BAML_COGNITIVE true Use BAML-based cognitive service

Docker-Only Variables (infrastructure/docker/.env)

Variable Description
POSTGRES_USER PostgreSQL container user
POSTGRES_PASSWORD PostgreSQL container password
POSTGRES_DB PostgreSQL container database
MINIO_ROOT_USER MinIO admin user
MINIO_ROOT_PASSWORD MinIO admin password

Documentation

Document Description
Architecture Overview Four-Plane Model and system design
Class Diagrams UML class diagrams for models and services
Sequence Diagrams Deployment and auth workflow diagrams
Use Case Diagrams User interaction diagrams
ERD Database schema and relationships
Physical Architecture Dev and production deployment topology
Logical Architecture Component organization and data flow
API Reference REST API endpoint documentation
Tech Stack Complete technology stack details
Configuration Environment variable reference
Operations Runbook Production operations guide

License

MIT License - see LICENSE for details.

Contributing

See CONTRIBUTING.md for development guidelines.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages