Commit Graph

3 Commits

Author SHA1 Message Date
null 7162a26f97 fix(security): clean up docker-entrypoint per Hudson review
- Remove chmod 777 (replaced with chown nodejs:nodejs)
- Remove hardcoded su-exec call; detect root vs non-root
- Fallback to direct exec if already running as nodejs
- Entry point is currently unused (Dockerfile uses CMD directly)
  but cleaned up for correctness in case re-enabled

Ref: Issue #4 Hudson remediation
2026-05-17 14:45:27 -05:00
null 7d476f36e8 fix(security): audit fixes #4 #6 #10 + hero rewrite (batch 0.5.2)
- #4: Replace su-exec with USER nodejs in Dockerfile (P0)
- #6: Add UNIQUE constraint on leads.email with migration (P1)
- #10: Consistent NULL handling for optional fields (P1)
- Hero section rewrite: B2B value proposition, prominent 8x8 badge
- Clean up .bak file left by agent
2026-05-17 14:44:34 -05:00
null 1f3e3864f9 feat: Docker batch 0.2.1 — production-ready containerization
- Multi-stage Dockerfile with non-root nodejs user
- Healthcheck using Node 20 built-in fetch (no wget)
- docker-entrypoint.sh: root permission fix, then exec to nodejs
- server/db.js: deferred SQLite init for Docker volume permissions
- docker-compose.yml with named volumes for persistence
- .dockerignore and .env.example added
- README updated with Docker usage section

Security reviewed by Private Hudson. All blockers resolved.
2026-05-12 01:57:55 -05:00