Apply Composer changes: comprehensive API updates, migrations, middleware, and infrastructure improvements

- Add comprehensive database migrations (001-024) for schema evolution
- Enhance API schema with expanded type definitions and resolvers
- Add new middleware: audit logging, rate limiting, MFA enforcement, security, tenant auth
- Implement new services: AI optimization, billing, blockchain, compliance, marketplace
- Add adapter layer for cloud integrations (Cloudflare, Kubernetes, Proxmox, storage)
- Update Crossplane provider with enhanced VM management capabilities
- Add comprehensive test suite for API endpoints and services
- Update frontend components with improved GraphQL subscriptions and real-time updates
- Enhance security configurations and headers (CSP, CORS, etc.)
- Update documentation and configuration files
- Add new CI/CD workflows and validation scripts
- Implement design system improvements and UI enhancements

docs/configs/cloudflare/README.md

@@ -0,0 +1,190 @@
+# Cloudflare Tunnel Configuration Guide
+
+## Overview
+This guide covers configuring the Cloudflare Tunnel VM for SMOM-DBIS-138 deployment to provide secure public access.
+
+## Prerequisites
+- Cloudflare Tunnel VM deployed and running
+- SSH access to the VM
+- Cloudflare account with Zero Trust enabled
+- Domain configured in Cloudflare
+
+## Quick Start
+
+### 1. Get VM IP Address
+```bash
+kubectl get proxmoxvm cloudflare-tunnel-vm -n default -o jsonpath='{.status.ipAddress}'
+```
+
+### 2. Create Tunnel in Cloudflare
+
+#### Option A: Via Cloudflare Dashboard
+1. Go to Zero Trust → Networks → Tunnels
+2. Click "Create a tunnel"
+3. Select "Cloudflared"
+4. Name it: `smom-dbis-138-tunnel`
+5. Copy the tunnel token
+
+#### Option B: Via API
+```bash
+./scripts/configure-cloudflare.sh
+```
+
+### 3. SSH into the VM
+```bash
+ssh admin@<vm-ip-address>
+```
+
+### 4. Configure Tunnel Credentials
+```bash
+# Create credentials file
+sudo mkdir -p /etc/cloudflared
+sudo nano /etc/cloudflared/tunnel-credentials.json
+```
+
+Paste the tunnel credentials JSON:
+```json
+{
+  "AccountTag": "your-account-tag",
+  "TunnelSecret": "your-tunnel-secret",
+  "TunnelID": "your-tunnel-id",
+  "TunnelName": "smom-dbis-138-tunnel"
+}
+```
+
+### 5. Configure Tunnel
+```bash
+# Copy configuration template
+sudo cp /path/to/tunnel-config.yaml /etc/cloudflared/config.yaml
+
+# Edit configuration
+sudo nano /etc/cloudflared/config.yaml
+```
+
+### 6. Start Tunnel Service
+```bash
+# Start service
+sudo systemctl start cloudflared
+
+# Enable auto-start
+sudo systemctl enable cloudflared
+
+# Check status
+sudo systemctl status cloudflared
+```
+
+## Configuration Details
+
+### Tunnel Credentials
+Location: `/etc/cloudflared/tunnel-credentials.json`
+
+Contains:
+- AccountTag: Your Cloudflare account ID
+- TunnelSecret: Secret key for the tunnel
+- TunnelID: Unique tunnel identifier
+- TunnelName: Human-readable tunnel name
+
+### Tunnel Configuration
+Location: `/etc/cloudflared/config.yaml`
+
+Key sections:
+- `tunnel`: Tunnel name (must match credentials)
+- `credentials-file`: Path to credentials JSON
+- `ingress`: Routing rules for services
+- `metrics`: Prometheus metrics endpoint
+- `health-probe`: Health check configuration
+
+## Ingress Rules
+
+### Pattern
+```yaml
+ingress:
+  - hostname: service.example.com
+    service: http://backend-service:port
+    originRequest:
+      connectTimeout: 30s
+      tcpKeepAlive: 30s
+```
+
+### Important Notes
+- Rules are evaluated in order (first match wins)
+- Catch-all rule (`http_status:404`) must be last
+- Use internal hostnames or IPs for backend services
+
+## DNS Configuration
+
+For each hostname in ingress rules, create a CNAME record:
+```
+Type: CNAME
+Name: smom-api
+Content: <tunnel-id>.cfargotunnel.com
+Proxy: Enabled (orange cloud)
+```
+
+Or use Cloudflare API:
+```bash
+curl -X POST "https://api.cloudflare.com/client/v4/zones/{zone_id}/dns_records" \
+  -H "Authorization: Bearer {api_token}" \
+  -H "Content-Type: application/json" \
+  --data '{
+    "type": "CNAME",
+    "name": "smom-api",
+    "content": "<tunnel-id>.cfargotunnel.com",
+    "proxied": true
+  }'
+```
+
+## Monitoring
+
+### Check Tunnel Status
+```bash
+sudo systemctl status cloudflared
+```
+
+### View Logs
+```bash
+sudo tail -f /var/log/cloudflared/tunnel.log
+```
+
+### Metrics Endpoint
+```bash
+curl http://localhost:9090/metrics
+```
+
+## Troubleshooting
+
+### Tunnel Not Connecting
+1. Verify credentials file is correct
+2. Check tunnel is created in Cloudflare dashboard
+3. Verify DNS records point to tunnel
+4. Check firewall allows outbound HTTPS (443)
+
+### Service Not Accessible
+1. Verify ingress rule matches hostname
+2. Check backend service is running
+3. Verify internal network connectivity
+4. Check tunnel logs for errors
+
+### Test Connection
+```bash
+# Test from Cloudflare Tunnel VM
+curl http://backend-service:port
+
+# Test from external
+curl https://your-domain.com
+```
+
+## Security Best Practices
+
+1. **Rotate Tunnel Secrets**: Regularly rotate tunnel credentials
+2. **Use Access Policies**: Configure Cloudflare Access for authentication
+3. **Monitor Logs**: Review tunnel logs for suspicious activity
+4. **Limit Ingress Rules**: Only expose necessary services
+5. **Use Private Networks**: Keep backend services on private networks
+
+## Next Steps
+1. Configure Cloudflare Access policies
+2. Set up monitoring and alerting
+3. Configure rate limiting
+4. Set up backup tunnel for redundancy
+

docs/configs/cloudflare/tunnel-config.yaml

@@ -0,0 +1,83 @@
+# Cloudflare Tunnel Configuration for SMOM-DBIS-138
+# Place this file at: /etc/cloudflared/config.yaml
+
+tunnel: smom-dbis-138-tunnel
+credentials-file: /etc/cloudflared/tunnel-credentials.json
+
+ingress:
+  # Nginx Proxy (main entry point)
+  - hostname: nginx-proxy.sankofa.nexus
+    service: http://nginx-proxy-vm:80
+    originRequest:
+      noHappyEyeballs: true
+      connectTimeout: 30s
+      tcpKeepAlive: 30s
+      keepAliveConnections: 100
+      keepAliveTimeout: 90s
+
+  # SMOM-DBIS-138 API Services
+  - hostname: smom-api.sankofa.nexus
+    service: http://smom-services:8080
+    originRequest:
+      noHappyEyeballs: true
+      connectTimeout: 30s
+      tcpKeepAlive: 30s
+
+  # Blockscout Explorer
+  - hostname: smom-blockscout.sankofa.nexus
+    service: http://smom-blockscout:4000
+    originRequest:
+      noHappyEyeballs: true
+      connectTimeout: 30s
+
+  # Monitoring Dashboard
+  - hostname: smom-monitoring.sankofa.nexus
+    service: http://smom-monitoring:3000
+    originRequest:
+      noHappyEyeballs: true
+      connectTimeout: 30s
+
+  # RPC Node 1
+  - hostname: smom-rpc-01.sankofa.nexus
+    service: http://smom-rpc-node-01:8545
+    originRequest:
+      noHappyEyeballs: true
+      connectTimeout: 30s
+
+  # RPC Node 2
+  - hostname: smom-rpc-02.sankofa.nexus
+    service: http://smom-rpc-node-02:8545
+    originRequest:
+      noHappyEyeballs: true
+      connectTimeout: 30s
+
+  # RPC Node 3
+  - hostname: smom-rpc-03.sankofa.nexus
+    service: http://smom-rpc-node-03:8545
+    originRequest:
+      noHappyEyeballs: true
+      connectTimeout: 30s
+
+  # RPC Node 4
+  - hostname: smom-rpc-04.sankofa.nexus
+    service: http://smom-rpc-node-04:8545
+    originRequest:
+      noHappyEyeballs: true
+      connectTimeout: 30s
+
+  # Catch-all rule (must be last)
+  - service: http_status:404
+
+# Logging
+loglevel: info
+logfile: /var/log/cloudflared/tunnel.log
+
+# Metrics
+metrics: 0.0.0.0:9090
+
+# Health check
+health-probe:
+  enabled: true
+  path: /health
+  port: 8080
+

docs/configs/nginx/README.md

@@ -0,0 +1,184 @@
+# Nginx Proxy Configuration Guide
+
+## Overview
+This guide covers configuring the Nginx Proxy VM for SMOM-DBIS-138 deployment to handle SSL/TLS termination and routing.
+
+## Prerequisites
+- Nginx Proxy VM deployed and running
+- SSH access to the VM
+- Domain names configured in DNS
+- Cloudflare account (for DNS management)
+
+## Quick Start
+
+### 1. Get VM IP Address
+```bash
+kubectl get proxmoxvm nginx-proxy-vm -n default -o jsonpath='{.status.ipAddress}'
+```
+
+### 2. SSH into the VM
+```bash
+ssh admin@<vm-ip-address>
+```
+
+### 3. Install SSL Certificates
+```bash
+# Install certbot if not already installed
+sudo apt-get update
+sudo apt-get install -y certbot python3-certbot-nginx
+
+# Obtain SSL certificate
+sudo certbot --nginx -d your-domain.com -d www.your-domain.com
+```
+
+### 4. Configure Backend Services
+
+Create configuration files in `/etc/nginx/sites-available/`:
+
+#### Example: SMOM Services
+```nginx
+server {
+    listen 80;
+    listen [::]:80;
+    server_name smom-api.sankofa.nexus;
+    
+    return 301 https://$server_name$request_uri;
+}
+
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+    server_name smom-api.sankofa.nexus;
+    
+    ssl_certificate /etc/letsencrypt/live/smom-api.sankofa.nexus/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/smom-api.sankofa.nexus/privkey.pem;
+    
+    location / {
+        proxy_pass http://smom-services:8080;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}
+```
+
+### 5. Enable Configuration
+```bash
+# Create symlink
+sudo ln -s /etc/nginx/sites-available/smom-api /etc/nginx/sites-enabled/
+
+# Test configuration
+sudo nginx -t
+
+# Reload nginx
+sudo systemctl reload nginx
+```
+
+## Configuration Files
+
+### Main Nginx Configuration
+Location: `/etc/nginx/nginx.conf`
+
+Key settings:
+- Worker processes: `auto` (matches CPU cores)
+- Worker connections: `1024`
+- Gzip compression: Enabled
+- SSL protocols: TLSv1.2, TLSv1.3
+
+### Site Configurations
+Location: `/etc/nginx/sites-available/`
+
+Each service should have its own configuration file:
+- `smom-api.conf` - API services
+- `smom-blockscout.conf` - Blockscout explorer
+- `smom-monitoring.conf` - Monitoring dashboards
+- `smom-rpc.conf` - RPC endpoints
+
+## SSL/TLS Configuration
+
+### Automatic Certificate Renewal
+Certbot automatically sets up renewal. Verify with:
+```bash
+sudo certbot renew --dry-run
+```
+
+### Manual Certificate Renewal
+```bash
+sudo certbot renew
+sudo systemctl reload nginx
+```
+
+## Security Headers
+
+All configurations should include:
+```nginx
+add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+add_header X-Frame-Options "SAMEORIGIN" always;
+add_header X-Content-Type-Options "nosniff" always;
+add_header X-XSS-Protection "1; mode=block" always;
+```
+
+## Load Balancing
+
+For multiple backend instances:
+```nginx
+upstream smom_services {
+    least_conn;
+    server smom-services-01:8080;
+    server smom-services-02:8080;
+    server smom-services-03:8080;
+}
+
+server {
+    location / {
+        proxy_pass http://smom_services;
+    }
+}
+```
+
+## Monitoring
+
+### Access Logs
+```bash
+tail -f /var/log/nginx/access.log
+```
+
+### Error Logs
+```bash
+tail -f /var/log/nginx/error.log
+```
+
+### Status Check
+```bash
+curl http://localhost/nginx_status
+```
+
+## Troubleshooting
+
+### Test Configuration
+```bash
+sudo nginx -t
+```
+
+### Check Nginx Status
+```bash
+sudo systemctl status nginx
+```
+
+### View Active Connections
+```bash
+sudo netstat -tulpn | grep nginx
+```
+
+### Check SSL Certificate
+```bash
+sudo certbot certificates
+```
+
+## Next Steps
+1. Configure all backend services
+2. Set up monitoring and alerting
+3. Configure rate limiting
+4. Set up failover/backup proxy
+