Initial commit: Clean DSS implementation

Migrated from design-system-swarm with fresh git history. Old project history preserved in /home/overbits/apps/design-system-swarm Core components: - MCP Server (Python FastAPI with mcp 1.23.1) - Claude Plugin (agents, commands, skills, strategies, hooks, core) - DSS Backend (dss-mvp1 - token translation, Figma sync) - Admin UI (Node.js/React) - Server (Node.js/Express) - Storybook integration (dss-mvp1/.storybook) Self-contained configuration: - All paths relative or use DSS_BASE_PATH=/home/overbits/dss - PYTHONPATH configured for dss-mvp1 and dss-claude-plugin - .env file with all configuration - Claude plugin uses ${CLAUDE_PLUGIN_ROOT} for portability Migration completed: $(date) 🤖 Clean migration with full functionality preserved
2025-12-09 18:45:48 -03:00
commit 276ed71f31
884 changed files with 373737 additions and 0 deletions
--- a/infra/nginx/dss.conf
+++ b/infra/nginx/dss.conf
@@ -0,0 +1,131 @@
+# Design System Server (DSS) - Nginx Configuration
+# Version: 0.8.0
+#
+# Installation:
+#   sudo cp infra/nginx/dss.conf /etc/nginx/sites-available/
+#   sudo ln -s /etc/nginx/sites-available/dss.conf /etc/nginx/sites-enabled/
+#   sudo nginx -t
+#   sudo systemctl reload nginx
+
+# Upstream backend
+upstream dss_backend {
+    server 127.0.0.1:3456;
+    keepalive 32;
+}
+
+# HTTP server (redirects to HTTPS after SSL setup)
+server {
+    listen 80;
+    listen [::]:80;
+    server_name your-domain.com;  # CHANGE THIS
+
+    # ACME challenge for Let's Encrypt
+    location /.well-known/acme-challenge/ {
+        root /var/www/html;
+    }
+
+    # Redirect to HTTPS (uncomment after SSL setup)
+    # location / {
+    #     return 301 https://$server_name$request_uri;
+    # }
+
+    # Proxy to DSS (comment out after SSL setup)
+    location / {
+        proxy_pass http://dss_backend;
+        proxy_http_version 1.1;
+
+        # Headers
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+
+        # WebSocket/SSE support
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+
+        # Timeouts
+        proxy_connect_timeout 60s;
+        proxy_send_timeout 60s;
+        proxy_read_timeout 60s;
+
+        # Buffering
+        proxy_buffering off;
+        proxy_request_buffering off;
+    }
+
+    # Health check endpoint (no auth, no logging)
+    location /health {
+        proxy_pass http://dss_backend/health;
+        access_log off;
+    }
+}
+
+# HTTPS server (uncomment after running certbot)
+# server {
+#     listen 443 ssl http2;
+#     listen [::]:443 ssl http2;
+#     server_name your-domain.com;  # CHANGE THIS
+#
+#     # SSL certificates (managed by certbot)
+#     ssl_certificate /etc/letsencrypt/live/your-domain.com/fullchain.pem;
+#     ssl_certificate_key /etc/letsencrypt/live/your-domain.com/privkey.pem;
+#
+#     # SSL configuration
+#     ssl_protocols TLSv1.2 TLSv1.3;
+#     ssl_ciphers HIGH:!aNULL:!MD5;
+#     ssl_prefer_server_ciphers on;
+#     ssl_session_cache shared:SSL:10m;
+#     ssl_session_timeout 10m;
+#
+#     # Security headers
+#     add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+#     add_header X-Frame-Options "SAMEORIGIN" always;
+#     add_header X-Content-Type-Options "nosniff" always;
+#     add_header X-XSS-Protection "1; mode=block" always;
+#
+#     # Logging
+#     access_log /var/log/nginx/dss-access.log;
+#     error_log /var/log/nginx/dss-error.log;
+#
+#     # Max upload size
+#     client_max_body_size 10M;
+#
+#     # Proxy to DSS backend
+#     location / {
+#         proxy_pass http://dss_backend;
+#         proxy_http_version 1.1;
+#
+#         # Headers
+#         proxy_set_header Host $host;
+#         proxy_set_header X-Real-IP $remote_addr;
+#         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+#         proxy_set_header X-Forwarded-Proto $scheme;
+#
+#         # WebSocket/SSE support
+#         proxy_set_header Upgrade $http_upgrade;
+#         proxy_set_header Connection "upgrade";
+#
+#         # Timeouts
+#         proxy_connect_timeout 60s;
+#         proxy_send_timeout 60s;
+#         proxy_read_timeout 60s;
+#
+#         # Buffering
+#         proxy_buffering off;
+#         proxy_request_buffering off;
+#     }
+#
+#     # Health check endpoint
+#     location /health {
+#         proxy_pass http://dss_backend/health;
+#         access_log off;
+#     }
+#
+#     # Static files caching
+#     location /admin-ui {
+#         proxy_pass http://dss_backend/admin-ui;
+#         expires 7d;
+#         add_header Cache-Control "public, immutable";
+#     }
+# }