gix build and publish CLI to npm

Nostr-Signature: 7515d5ecd835df785a5e896062818b469bcad83a22efa84499d1736e73ae4844 573634b648634cbad10f2451776089ea21090d9407f715e83c577b4611ae6edc b4bb7849515c545a609df14939a0a2ddfcd08ee2160cdc01c932a4b0b55668a54fa3fe1d15ad55fe74cfdb23e6c357cf581ab0aaef44da8c64dc098202a7383f
3 weeks ago · 167a5b75db
4 changed files with 116 additions and 22 deletions
--- a/4
+++ b/4
@ -71,8 +71,8 @@ ENV GIT_DOMAIN=localhost:6543
				@@ -71,8 +71,8 @@ ENV GIT_DOMAIN=localhost:6543
 ENV PORT=6543

 # Health check
-HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
-  CMD node -e "require('http').get('http://localhost:6543', (r) => {process.exit(r.statusCode === 200 ? 0 : 1)})"
+HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
+  CMD node -e "require('http').get('http://localhost:6543', (r) => {process.exit(r.statusCode === 200 ? 0 : 1)}).on('error', () => {process.exit(1)})"

 # Start the application
 CMD ["node", "build"]
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -1,24 +1,29 @@
				@@ -1,24 +1,29 @@
 services:
  gitrepublic:
-    build:
-      context: .
-      dockerfile: Dockerfile
+    # For using a pre-built image (e.g., from local build or registry):
+    image: ${DOCKER_IMAGE:-silberengel/gitrepublic-web:latest}
+    # For building from source, comment out image above and uncomment build below:
+    # build:
+    #   context: .
+    #   dockerfile: Dockerfile
    container_name: gitrepublic-web
-    # For localhost: expose port directly
+    # Publish port to host (required when reverse proxy is on host, not in Docker)
+    # Apache on host machine proxies to 127.0.0.1:6543, so we need ports: not expose:
    ports:
      - "${PORT:-6543}:6543"
-    # For production behind reverse proxy: comment out ports above and use expose instead
+    # Alternative: If reverse proxy is in Docker (same network), use expose instead:
    # expose:
-    #   - "6543"  # Internal only, accessed via reverse proxy
+    #   - "6543"  # Internal only, accessed via reverse proxy container
    environment:
      - NODE_ENV=production
      - GIT_REPO_ROOT=/repos
-      - GIT_DOMAIN=${GIT_DOMAIN:-localhost:6543}  # Set to your domain for production
-      - NOSTR_RELAYS=${NOSTR_RELAYS:-wss://relay.damus.io,wss://nostr.wine,wss://nos.lol}
+      - GIT_DOMAIN=${GIT_DOMAIN:-gitrepublic.imwald.eu}  # Set to your domain for production (without https://)
+      - NOSTR_RELAYS=${NOSTR_RELAYS:-wss://theforest.nostr1.com}
      - NOSTRGIT_SECRET_KEY=${NOSTRGIT_SECRET_KEY:-}
      - PORT=6543
    volumes:
      # Persist git repositories
+      # Note: Ensure ./repos directory exists on the remote machine, or Docker will create it
      - ./repos:/repos
      # Optional: persist audit logs
      # - ./logs:/app/logs
@ -26,17 +31,22 @@ services:
				@@ -26,17 +31,22 @@ services:
      # - ./config:/app/config:ro
    restart: unless-stopped
    healthcheck:
-      test: ["CMD", "node", "-e", "require('http').get('http://localhost:6543', (r) => {process.exit(r.statusCode === 200 ? 0 : 1)})"]
+      test: ["CMD", "node", "-e", "require('http').get('http://localhost:6543', (r) => {process.exit(r.statusCode === 200 ? 0 : 1)}).on('error', () => {process.exit(1)})"]
      interval: 30s
-      timeout: 3s
+      timeout: 5s
      retries: 3
      start_period: 10s
    # Resource limits (adjust as needed)
-    deploy:
-      resources:
-        limits:
-          cpus: '2'
-          memory: 2G
-        reservations:
-          cpus: '1'
-          memory: 1G
+    # Note: deploy section is for Docker Swarm only
+    # For local development with docker-compose v1, use:
+    # mem_limit: 2g
+    # cpus: '2'
+    # For docker-compose v2 or Docker Swarm, uncomment below:
+    # deploy:
+    #   resources:
+    #     limits:
+    #       cpus: '2'
+    #       memory: 2G
+    #     reservations:
+    #       cpus: '1'
+    #       memory: 1G
--- a/docs/PUBLISH.md
+++ b/docs/PUBLISH.md
@ -6,11 +6,51 @@
				@@ -6,11 +6,51 @@
   - Visit https://www.npmjs.com/signup
   - Or run: `npm adduser`

-2. **Login to npm**:
+2. **Enable Two-Factor Authentication (2FA) or Create Access Token**:
+   
+   npm requires either TOTP/SMS 2FA or a granular access token to publish packages. Biometric authentication (fingerprint) alone is not sufficient for CLI publishing.
+   
+   **Option A: Enable TOTP/SMS 2FA** (Recommended for regular use):
+   - Go to https://www.npmjs.com/settings/[your-username]/security
+   - Look for "Two-factor authentication" section
+   - If you only see biometric options, you may need to:
+     1. Check if there's an "Advanced" or "More options" link
+     2. Look for "Authenticator app" or "SMS" options
+     3. Some accounts may need to disable biometric first to see other options
+   - **If using TOTP app** (recommended):
+     - You'll see a QR code on your computer screen
+     - Scan it with your phone's authenticator app (Google Authenticator, Authy, 1Password, etc.)
+     - The app will generate 6-digit codes that you'll use when logging in
+   - **If using SMS**:
+     - Enter your phone number
+     - You'll receive codes via text message
+   - Follow the setup instructions to complete the setup
+   
+   **Option B: Create Granular Access Token** (Alternative if 2FA setup is difficult):
+   - Go to https://www.npmjs.com/settings/[your-username]/tokens
+   - Click "Generate New Token"
+   - Choose "Granular Access Token"
+   - Set permissions: Select "Publish" for the package(s) you want to publish
+   - Enable "Bypass 2FA" option (this is required for publishing)
+   - Copy the token (you'll only see it once!)
+   - Use it for authentication:
     ```bash
+     npm config set //registry.npmjs.org/:_authToken YOUR_TOKEN_HERE
+     ```
+   - Or set it as an environment variable:
+     ```bash
+     export NPM_TOKEN=YOUR_TOKEN_HERE
+     ```
+
+3. **Login to npm from your computer** (if using Option A):
+   ```bash
+   npm logout  # Log out first if already logged in
   npm login
   ```
-   Enter your username, password, and email.
+   - Enter your username, password, and email
+   - If 2FA is enabled, you'll be prompted for the authentication code
+   - **Get the code from your phone's authenticator app** (if using TOTP) or check your SMS (if using SMS)
+   - Enter the 6-digit code when prompted

 3. **Check if package name is available**:
   ```bash
@ -105,6 +145,45 @@ npm install -g gitrepublic-cli
				@@ -105,6 +145,45 @@ npm install -g gitrepublic-cli

 ## Troubleshooting

+### "Access token expired or revoked"
+- Your npm login session has expired
+- Solution: Run `npm login` again to authenticate
+- Verify you're logged in: `npm whoami`
+
+### "403 Forbidden - Two-factor authentication or granular access token with bypass 2fa enabled is required"
+- npm requires 2FA (TOTP/SMS) or a granular access token to publish packages
+- Biometric authentication (fingerprint) alone is not sufficient for CLI publishing
+- **Solution Option 1: Enable TOTP/SMS 2FA**
+  1. Visit: https://www.npmjs.com/settings/[your-username]/security
+  2. Look for "Two-factor authentication" section
+  3. If you only see biometric options:
+     - Check for "Advanced" or "More options" links
+     - Look for "Authenticator app" or "SMS" options
+     - You may need to disable biometric first to see other options
+  4. Enable TOTP app (recommended) or SMS
+  5. Follow setup instructions
+  6. After enabling, log out and log back in: `npm logout` then `npm login`
+- **Solution Option 2: Use Granular Access Token** (if 2FA setup is difficult)
+  1. Visit: https://www.npmjs.com/settings/[your-username]/tokens
+  2. Click "Generate New Token" → "Granular Access Token"
+  3. Set permissions: Select "Publish" for your package(s)
+  4. **Important**: Enable "Bypass 2FA" option
+  5. Copy the token (save it securely - you'll only see it once!)
+  6. Use it for authentication:
+     ```bash
+     npm config set //registry.npmjs.org/:_authToken YOUR_TOKEN_HERE
+     ```
+  7. Or set as environment variable:
+     ```bash
+     export NPM_TOKEN=YOUR_TOKEN_HERE
+     ```
+  8. Now you can publish: `npm publish`
+
+### "404 Not Found - PUT https://registry.npmjs.org/gitrepublic-cli"
+- This is normal for a first publish (package doesn't exist yet)
+- Make sure you're logged in: `npm login`
+- Check if package name is available: `npm view gitrepublic-cli` (should return 404)
+
 ### "Package name already exists"
 - The name `gitrepublic-cli` is taken
 - Options:
@ -121,3 +200,7 @@ npm install -g gitrepublic-cli
				@@ -121,3 +200,7 @@ npm install -g gitrepublic-cli
 - Can contain hyphens and underscores
 - Cannot start with dot or underscore
 - Max 214 characters
+
+### npm warnings about package.json
+- If you see warnings about `bin` script names being "cleaned", this is usually fine - npm normalizes them
+- If you see warnings about `repositories` field, remove it and use only the `repository` field (single object, not array)
--- a/nostr/commit-signatures.jsonl
+++ b/nostr/commit-signatures.jsonl
@ -13,3 +13,4 @@
				@@ -13,3 +13,4 @@
 {"kind":1640,"pubkey":"573634b648634cbad10f2451776089ea21090d9407f715e83c577b4611ae6edc","created_at":1771531630,"tags":[["author","Silberengel","silberengel7@protonmail.com"],["message","bug-fixes"]],"content":"Signed commit: bug-fixes","id":"a219cd3c4055c7e77a20f464b2192dfc236059eb6b0f4717c8e9cb26b80a959f","sig":"fb9eef37d37242483dde59b9d3d96fc2a3ff9f9fb1893000327d45e3a1c73bd028b358bfbb43df19633661cc9b9c6798a76a3fc9323d2f89a3dea50fdd035f16"}
 {"kind":1640,"pubkey":"573634b648634cbad10f2451776089ea21090d9407f715e83c577b4611ae6edc","created_at":1771532033,"tags":[["author","Silberengel","silberengel7@protonmail.com"],["message","fixing themes"]],"content":"Signed commit: fixing themes","id":"b415f46b54a30f022ece43f9acc4e13ffddaa56abfd6febe447a852c54ace23c","sig":"acec0d1ea91d8c77b7ac98f0837eae225eca1272d7f871c3c5ccefc744706cb933d2f20732d9a1e42dee4f978c2ca7d17d0bc4033088a8db0a39e66cf982cb62"}
 {"kind":1640,"pubkey":"573634b648634cbad10f2451776089ea21090d9407f715e83c577b4611ae6edc","created_at":1771532649,"tags":[["author","Silberengel","silberengel7@protonmail.com"],["message","adjust responsiveness"]],"content":"Signed commit: adjust responsiveness","id":"b585b4ee5862b2593c0e469974f94b16a1a60e9f57df988cf9ed157acba1c921","sig":"7daeaea11600c77d015448d293f8d7c7500c65d87cd4b496c13ba0fa9922fe5330353a3082eb4f5b540208630e668f163981cdb5e35f027191fb6abd6d0d380f"}
+{"kind":1640,"pubkey":"573634b648634cbad10f2451776089ea21090d9407f715e83c577b4611ae6edc","created_at":1771533104,"tags":[["author","Silberengel","silberengel7@protonmail.com"],["message","add more api help"]],"content":"Signed commit: add more api help","id":"165d9bb66132123e1ac956f442e13f2ffb784e204ecdd1d3643152a5274cdd5a","sig":"deb8866643413806ec43e30faa8a47a78f0ede64616d6304e3b0a87ee3e267122e2308ed67131b73290a3ec10124c19198b05d2b5f142a3ff3e44858d1dff4fe"}