Initial commit: Visigine (Vite client + Express/SQLite backend)

Container-ready via docker/ compose (frontend nginx + backend Node). Compose adjusted for Coolify on the prod server: frontend uses expose:80 (no host binding — host 8080 is taken by the Coolify proxy; Traefik routes visigine.de), backend ALLOWED_ORIGINS=https://visigine.de. Secrets stay in server/.env (git-ignored); see server/.env.example. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-12 10:06:48 +02:00
commit e344f1b7e7
88 changed files with 11764 additions and 0 deletions
--- a/server/.env.example
+++ b/server/.env.example
@@ -0,0 +1,30 @@
+# Mistral API key — server-only, never exposed to the browser.
+MISTRAL_KEY=
+
+# Port the Express server binds to.
+PORT=3001
+
+# Comma-separated CORS whitelist. Empty/missing = deny all browser origins.
+ALLOWED_ORIGINS=http://localhost:5173
+
+# 'development' enables ?debug=1; 'production' strips _debug unconditionally.
+NODE_ENV=development
+
+# SSRF guard. Set to 1 ONLY in local dev if you want to scan localhost services.
+ALLOW_PRIVATE_HOSTS=0
+
+# Required for /admin to function. Leave empty to disable admin endpoints entirely.
+# Generate with: node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"
+ADMIN_TOKEN=
+
+# Monitoring providers — optional. When a key is missing, that provider
+# transparently falls back to the deterministic `mock` provider, labelled
+# e.g. "openai (mock)" in the UI. Zero-key dev works end-to-end.
+OPENAI_KEY=
+PERPLEXITY_KEY=
+ANTHROPIC_KEY=
+
+# SQLite path. Defaults to server/data/visigine.db. Override for tests:
+#   DB_PATH=/tmp/visigine-test.db
+DB_PATH=
+