Stripe Price IDs were hardcoded and duplicated across 4 compose files.
Log levels were hardcoded per-overlay instead of using generate-log-config.sh.
This refactors all environment-specific variables into a single .env file
that CI/CD generates from Gitea repo variables + generate-log-config.sh.
- Add .env.example template with documented variables
- Replace hardcoded values with ${VAR:-default} substitution in base compose
- Simplify prod overlay from 90 to 32 lines (remove redundant env blocks)
- Add YAML anchors to blue-green overlay (eliminate blue/green duplication)
- Remove redundant OCR env block from staging overlay
- Change generate-log-config.sh to output to stdout (pipe into .env)
- Update staging/production CI/CD to generate .env with Stripe + log vars
- Remove dangerous pk_live_ default from VITE_STRIPE_PUBLISHABLE_KEY
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add standalone GeminiEngine class for maintenance schedule extraction
from PDF owners manuals using Vertex AI Gemini 2.5 Flash with structured
JSON output enforcement, 20MB size limit, and lazy initialization.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Switch OCR engine config to google_vision primary / paddleocr fallback
- Mount Auth0 OCR secrets and WIF config into all OCR containers
- Add WIF config to repo (not a secret, contains no credentials)
- Remove obsolete google-vision-key.json.example
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Redis only supports debug|verbose|notice|warning -- not info or error.
The command was using ${LOG_LEVEL:-info} which resolved to INFO in
production (from workflow env), causing Redis to crash loop. Hardcode
the correct Redis-native levels (debug for dev, warning for prod) and
add available log level comments above every container's log setting.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Replace libtesseract-dev with libgomp1 (OpenMP for PaddlePaddle)
- Pre-download PP-OCRv4 models during Docker build
- Add OCR engine env vars to all compose files (base, staging, prod)
- Add optional Google Vision secret mount (commented, enable on demand)
- Create google-vision-key.json.example placeholder
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Save original, adaptive, and Otsu preprocessed images to
/tmp/vin-debug/{timestamp}/ when LOG_LEVEL is set to debug.
No images saved at info level. Volume mount added for access.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace filesystem-based debug system (VIN_DEBUG_DIR) with standard
logger.debug() calls that flow through Loki when LOG_LEVEL=DEBUG.
Use .env.logging variable for OCR LOG_LEVEL. Increase image capture
quality to 0.95 for better OCR accuracy.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add file-based dashboard provisioning config and mount dashboards
directory into Grafana container for auto-loading dashboard JSON files.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Update Loki image from 2.9.0 to 3.6.1 in docker-compose.yml
- Migrate schema from v11 to v13, store from boltdb-shipper to tsdb
- Update storage_config to use tsdb_shipper with new index paths
- Remove deprecated shared_store config (removed in Loki 3.0)
- Disable structured metadata (not needed for current setup)
- Preserve 30-day retention policy (720h)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Promtail 2.9.0 embeds Docker client API v1.42 which is incompatible with
Docker Engine v29 (minimum API v1.44). Grafana Alloy v1.12.2 resolves this
by using a compatible Docker client.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Update Loki, Promtail, Grafana to use REGISTRY_MIRRORS
- Add grafana/loki, grafana/promtail, grafana/grafana to mirror script
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The 60s start_period was too short - migrations can take 70+ seconds.
Docker was marking the container unhealthy before migrations completed.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Replace Winston with Pino using API-compatible wrapper
- Add LOG_LEVEL env var support with validation and fallback
- Add correlation ID middleware (X-Request-Id from Traefik or UUID)
- Configure PostgreSQL logging env vars (POSTGRES_LOG_STATEMENT, POSTGRES_LOG_MIN_DURATION)
- Configure Redis loglevel via command args
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
OCR Service (Python/FastAPI):
- POST /extract for synchronous OCR extraction
- POST /jobs and GET /jobs/{job_id} for async processing
- Image preprocessing (deskew, denoise) for accuracy
- HEIC conversion via pillow-heif
- Redis job queue for async processing
Backend (Fastify):
- POST /api/ocr/extract - authenticated proxy to OCR
- POST /api/ocr/jobs - async job submission
- GET /api/ocr/jobs/:jobId - job polling
- Multipart file upload handling
- JWT authentication required
File size limits: 10MB sync, 200MB async
Processing time target: <3 seconds for typical photos
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The CI was failing because Docker marked the backend unhealthy before the CI
wait loop completed. The backend needs time to run migrations and seed vehicle
data on startup.
Changes:
- start_period: 40s -> 180s (3 minutes)
- retries: 3 -> 5 (more tolerance)
Total time before unhealthy: 180s + (5 × 30s) = 5.5 minutes
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add Python-based OCR service container (mvp-ocr) as the 6th service:
- Python 3.11-slim with FastAPI/uvicorn
- Tesseract OCR with English language pack
- pillow-heif for HEIC image support
- opencv-python-headless for image preprocessing
- Health endpoint at /health
- Unit tests for health, HEIC support, and Tesseract availability
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add VITE_STRIPE_PUBLISHABLE_KEY to frontend Dockerfile build args
- Add VITE_STRIPE_PUBLISHABLE_KEY to docker-compose.yml build args
- Add :ro flag to backend Stripe secret volume mounts for consistency
- Update inject-secrets.sh with STRIPE_SECRET_KEY and STRIPE_WEBHOOK_SECRET
- Add Stripe secrets to staging.yaml workflow (build arg + inject step)
- Add Stripe secrets to production.yaml workflow (inject step)
Requires STRIPE_SECRET_KEY, STRIPE_WEBHOOK_SECRET secrets and
VITE_STRIPE_PUBLISHABLE_KEY variable to be configured in Gitea.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Change CF_DNS_API_TOKEN_FILE to CLOUDFLARE_DNS_API_TOKEN_FILE (correct env var for Traefik/lego)
- Fix inject-secrets.sh to clean up Docker-created directories before injecting secrets
- Add detection for GitLab variables set as Variable type instead of File type
- Improve error messages to help diagnose configuration issues
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
