feat(opsserver): add health, audit, cluster health, and durable credential management hardening
This commit is contained in:
@@ -1,17 +1,26 @@
|
||||
# Project Hints
|
||||
|
||||
## Architecture
|
||||
|
||||
- Deno-based backend with `deno.json` for imports and tasks
|
||||
- Frontend bundled with `@git.zone/tsbundle` (esbuild, base64ts output mode)
|
||||
- Config in `.smartconfig.json` (renamed from npmextra.json as of 2026-03-24)
|
||||
- Runtime-managed credentials persist in `${storageDirectory}/.objectstorage/admin-config.json`
|
||||
- Admin audit entries append to `${storageDirectory}/.objectstorage/audit.log`
|
||||
- Management health endpoints: `/livez`, `/readyz`, `/healthz`, `/metrics`
|
||||
- Persistent `/data` deployments reject default `admin/admin` credentials unless `OBJST_ALLOW_INSECURE_DEFAULTS=true`
|
||||
- Tests run with `deno task test` (not tstest)
|
||||
- Docker image built with `@git.zone/tsdocker`
|
||||
|
||||
## Build Tools Config
|
||||
|
||||
- `.smartconfig.json` contains config for `@git.zone/tsbundle`, `@git.zone/tswatch`, and `@git.zone/tsdocker`
|
||||
- tsbundle uses base64ts output mode for Deno compile embedding
|
||||
- tswatch runs backend watcher with `deno run --allow-all mod.ts server --ephemeral`
|
||||
- Docker smoke coverage is opt-in via `pnpm run test:docker`
|
||||
- Docker runtime has a `/readyz` healthcheck and runs as the `objectstorage` user
|
||||
|
||||
## Dependencies (as of 2026-03-24)
|
||||
|
||||
- devDependencies: tsbundle@2.10.0, tsdocker@2.2.4, tswatch@3.3.2
|
||||
- No tsconfig.json — uses compilerOptions in deno.json
|
||||
|
||||
Reference in New Issue
Block a user