feat: multi-tenant credential isolation + architecture docs
- Add src/multitenancy/ with AES-256-GCM credential store, WhatsApp webhook router (phone_number_id -> customerId), and per-customer audit log (90-day Redis TTL) - Add src/billing/ with plan definitions and meterMiddleware that resolves API key -> Customer object with getCredential() closure - Refactor all src/clients/* to accept optional customer param, falling back to env vars for backward compat with single-user mode - Thread customer through handleToolCall(name, args, customer?) - Add customers table to MySQL schema initDatabase() - Add /webhook/whatsapp (immediate 200 + async routing) and /api/connect/* onboarding endpoints to index.ts - Add Redis 7 to docker-compose.yml; add REDIS_URL and CREDENTIAL_ENCRYPTION_KEY to hermes-k8s.yaml - Add product/incubation/ with architecture write-up and PlantUML diagrams (system architecture + 5 user flows) - Extend OpenAPI spec in manifest.ts with all platform endpoints Verification: 3 isolation tests (credential, webhook routing, audit log) passed against live Redis. Deployed to hermes.squaremcp.com. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Garfield
@@ -1,4 +1,14 @@
|
||||
services:
|
||||
redis:
|
||||
image: redis:7-alpine
|
||||
container_name: hermes-redis
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- hermes-net
|
||||
ports:
|
||||
- "6379:6379"
|
||||
command: redis-server --save ""
|
||||
|
||||
hermes:
|
||||
build: .
|
||||
container_name: hermes-mcp
|
||||
@@ -6,6 +16,9 @@ services:
|
||||
env_file: .env
|
||||
environment:
|
||||
- MYSQL_HOST=mysql
|
||||
- REDIS_URL=redis://redis:6379
|
||||
depends_on:
|
||||
- redis
|
||||
volumes:
|
||||
- /home/garfield/obsidian/vaults:/vaults
|
||||
extra_hosts:
|
||||
|
||||
Reference in New Issue
Block a user