Initial commit: add .gitignore and README

2026-02-09 21:51:45 -08:00
commit 929fe6f6b6
240 changed files with 40977 additions and 0 deletions
--- a/docs/deployment/deployment.md
+++ b/docs/deployment/deployment.md
@@ -0,0 +1,239 @@
+# Deployment Guide
+
+## Prerequisites
+
+- Node.js 18+ installed
+- PostgreSQL 14+ installed and running
+- Redis 6+ (optional, for session management)
+- SSL certificates (for mTLS, if required by receiver)
+
+## Step 1: Install Dependencies
+
+```bash
+npm install
+```
+
+## Step 2: Database Setup
+
+### Create Database
+
+```bash
+createdb dbis_core
+```
+
+### Run Schema
+
+```bash
+psql -d dbis_core -f src/database/schema.sql
+```
+
+Or using the connection string:
+
+```bash
+psql $DATABASE_URL -f src/database/schema.sql
+```
+
+### Seed Initial Operators
+
+```sql
+-- Example: Create a Maker operator
+INSERT INTO operators (operator_id, name, password_hash, role)
+VALUES (
+  'MAKER001',
+  'John Maker',
+  '$2a$10$YourHashedPasswordHere', -- Use bcrypt hash
+  'MAKER'
+);
+
+-- Example: Create a Checker operator
+INSERT INTO operators (operator_id, name, password_hash, role)
+VALUES (
+  'CHECKER001',
+  'Jane Checker',
+  '$2a$10$YourHashedPasswordHere', -- Use bcrypt hash
+  'CHECKER'
+);
+```
+
+To generate password hashes:
+
+```bash
+node -e "const bcrypt = require('bcryptjs'); bcrypt.hash('yourpassword', 10).then(console.log);"
+```
+
+## Step 3: Configuration
+
+Create a `.env` file in the project root:
+
+```env
+NODE_ENV=production
+PORT=3000
+
+# Database
+DATABASE_URL=postgresql://user:password@localhost:5432/dbis_core
+
+# Redis (optional)
+REDIS_URL=redis://localhost:6379
+
+# JWT
+JWT_SECRET=your-secure-random-secret-key-change-this
+JWT_EXPIRES_IN=8h
+
+# Receiver Configuration
+RECEIVER_IP=172.67.157.88
+RECEIVER_PORT=443
+RECEIVER_SNI=devmindgroup.com
+RECEIVER_TLS_VERSION=TLSv1.3
+
+# Client Certificates (for mTLS, if required)
+CLIENT_CERT_PATH=/path/to/client.crt
+CLIENT_KEY_PATH=/path/to/client.key
+CA_CERT_PATH=/path/to/ca.crt
+
+# Compliance
+COMPLIANCE_TIMEOUT=5000
+
+# Audit
+AUDIT_RETENTION_YEARS=7
+LOG_LEVEL=info
+```
+
+## Step 4: Build
+
+```bash
+npm run build
+```
+
+This creates the `dist/` directory with compiled JavaScript.
+
+## Step 5: Start Server
+
+### Production
+
+```bash
+npm start
+```
+
+### Development
+
+```bash
+npm run dev
+```
+
+## Step 6: Verify Deployment
+
+1. Check health endpoint:
+   ```bash
+   curl http://localhost:3000/health
+   ```
+
+2. Access terminal UI:
+   ```
+   http://localhost:3000
+   ```
+
+3. Test login:
+   ```bash
+   curl -X POST http://localhost:3000/api/auth/login \
+     -H "Content-Type: application/json" \
+     -d '{"operatorId":"MAKER001","password":"yourpassword","terminalId":"TERM-001"}'
+   ```
+
+## Docker Deployment (Optional)
+
+Create a `Dockerfile`:
+
+```dockerfile
+FROM node:18-alpine
+
+WORKDIR /app
+
+COPY package*.json ./
+RUN npm ci --only=production
+
+COPY . .
+RUN npm run build
+
+EXPOSE 3000
+
+CMD ["npm", "start"]
+```
+
+Build and run:
+
+```bash
+docker build -t dbis-core-lite .
+docker run -p 3000:3000 --env-file .env dbis-core-lite
+```
+
+## Production Considerations
+
+1. **Security**:
+   - Use strong JWT_SECRET
+   - Enable HTTPS/TLS
+   - Configure firewall rules
+   - Regular security updates
+
+2. **Monitoring**:
+   - Set up application monitoring (e.g., Prometheus, DataDog)
+   - Monitor database connections
+   - Monitor TLS connection health
+   - Set up alerting for failed payments
+
+3. **Backup**:
+   - Regular database backups
+   - Backup audit logs
+   - Test restore procedures
+
+4. **High Availability**:
+   - Run multiple instances behind load balancer
+   - Use connection pooling
+   - Configure database replication
+
+5. **Logging**:
+   - Centralized logging (e.g., ELK stack)
+   - Log rotation configured
+   - Retention policy enforced
+
+## Troubleshooting
+
+### Database Connection Issues
+
+- Verify DATABASE_URL is correct
+- Check PostgreSQL is running
+- Verify network connectivity
+- Check firewall rules
+
+### TLS Connection Issues
+
+- Verify receiver IP and port
+- Check certificate paths (if mTLS)
+- Verify SNI configuration
+- Check TLS version compatibility
+
+### Payment Processing Issues
+
+- Check compliance screening status
+- Verify ledger adapter connection
+- Review audit logs
+- Check reconciliation reports
+
+## Maintenance
+
+### Daily Tasks
+
+- Review reconciliation reports
+- Check for aging items
+- Monitor exception queue
+
+### Weekly Tasks
+
+- Review audit log integrity
+- Check system health metrics
+- Review security logs
+
+### Monthly Tasks
+
+- Archive old audit logs
+- Review operator access
+- Update compliance lists