- Add flexible JSON detection (cjson preferred, dkjson fallback)
- Update main.lua and mail.lua with found_cjson detection
- Update start.sh to check both JSON libraries
- Enables furt to run on Arch Linux without manual patches
- Maintains API compatibility with existing cjson usage
Fixes#108
- Add platform detection to start.sh for consistent config paths
- BSD systems: /usr/local/etc/furt/furt.conf
- Linux systems: /etc/furt/furt.conf
- Now consistent with setup-directories.sh and validate-config.sh
- Follows DAW service separation standards
Fixes#103
- Add scripts/build-package.sh for production-ready packages
- VCS-agnostic archive creation (git/hg/bzr/fossil support)
- Automatic version detection from VERSION file or git tags
- Secure exclusions for development files and secrets
- Package validation and content verification
- Support for explicit version override
Creates dist/furt-api-gateway-vX.Y.Z.tar.gz with clean structure
for deployment without development dependencies.
Related to DAW/furt#88
- Replace existing license with ISC license
- Adopt more permissive and simpler license terms
- Align with dragons@work low-tech philosophy
- Maintain full open source compatibility
ISC license provides maximum freedom with minimal legal complexity,
supporting the project's commitment to digital sovereignty and
uncomplicated technology solutions.
- Remove .env.example to prevent configuration confusion
- furt now uses only furt.conf for all configuration
- .env.example was misleading users during installation
- Add comment referencing issue #98 resolution
Eliminates config method ambiguity identified in installation testing.
ClosesDAW/furt#98
- Update daemon path to use scripts/start.sh instead of direct lua execution
- Correct process expression pattern (pexp) for lua process detection
- Align template with installation.md service integration patterns
- Ensure compatibility with current furt directory structure
Fixes service integration issues identified in testing.
Related to DAW/furt#98
- Fix hanging rcctl/systemd service starts
- Background mode (&) when no TTY (service context)
- Foreground mode (exec) for interactive usage
- POSIX-compatible detection via [ ! -t 0 ]
Fixes service timeout issues on OpenBSD rcctl and Linux systemd.
Tested on werner - service starts correctly and survives reboots.
FixesDAW/furt#99
- Fix variable inconsistency: LUA_CMD -> LUA_COMMAND throughout script
- Remove obsolete .env/environment loading - furt reads furt.conf directly
- Add config check for furt.conf (system or project location)
- Implement robust lua51 detection with fallback to lua5.1
- Support all target distributions: Arch, OpenBSD, Debian, FreeBSD
- Add clear installation instructions for missing dependencies
- Allow custom lua path via LUA_COMMAND variable override
This resolves the lua51 detection regression and simplifies the boot process
by eliminating dual config systems (environment vs furt.conf).
FixesDAW/furt#91
- Add RateLimiter:configure() function to accept config-based limits
- Integrate security section parameters (rate_limit_api_key_max, ip_max, window)
- Add CORS configuration from config file with environment fallback
- Replace hardcoded rate limiting defaults with configurable values
- Add test endpoint control via config.security.enable_test_endpoint
- Update startup logging to show actual configured rate limits
- Add configuration validation and detailed startup information
Rate limiting now uses values from [security] section instead of hardcoded
defaults. CORS origins prioritize config file over environment variables.
Related to DAW/furt#89
- Replace goto statements with if-not pattern for Lua 5.1 compatibility
- Validate mail config only for API keys with mail:send permissions
- Safe display of API key info for monitoring keys without mail config
- Fix health check SMTP detection for new config structure
- Multi-tenant system tested and working on port 7811
Fixes multi-tenant config parsing, validation, and health checks.
Related to DAW/furt#89
- Add universal merkwerk binary detection from main
- Required for furt installations (no install without merkwerk)
- Maintains compatibility with multi-tenant architecture
Merges main branch changes for issue #94 into feature/issue-89-multi-tenant
- Change get_info() priority: .version_history first, merkwerk fallback
- Add read_version_history() for production deployment compatibility
- Works without merkwerk binary (tar.gz deployments)
- Maintains development fallback to merkwerk command
Production-ready: tar.gz deployments work without merkwerk installation.
- Replace read_version() with merkwerk.get_health_info()
- Health endpoint now returns content_hash, vcs_info, source tracking
- Add merkwerk_integrated feature flag
- Enhanced startup logs with content-hash and VCS info
- Maintain backward compatibility with version field
- lua51 compatible integration for OpenBSD deployment
Migration from static VERSION file to dynamic merkwerk version tracking.
Health endpoint now provides rich metadata for debugging and monitoring.
ResolvesDAW/furt#83
- Add VERSION file in repository root
- Add read_version() function with error handling
- Update /health endpoint to show file-based version
- Add version display during server startup
- Fallback to ?.?.? when VERSION file unreadable
Enables deployment tracking across dev/test/prod environments
- nginx-style furt.conf configuration
- Multi-tenant mail routing per API key
- Custom SMTP support per customer
- Backward compatibility via server.lua adapter
WIP: Ready for testing on werner
- Remove Go artifacts (cmd/, internal/, pkg/, go.mod)
- Move furt-lua/* content to repository root
- Restructure as clean src/, config/, scripts/, tests/ layout
- Rewrite README.md as practical tool documentation
- Remove timeline references and marketing language
- Clean .gitignore from Go-era artifacts
- Update config/server.lua with example.org defaults
- Add .env.production to .gitignore for security
Repository now ready for open source distribution with minimal,
focused structure and generic configuration templates.
close issue DAW/furt#86
- Add comprehensive API-key authentication system with X-API-Key header validation
- Implement permission-based access control (mail:send, * for admin)
- Add rate-limiting system (60 req/hour per API key, 100 req/hour per IP)
- Refactor monolithic 590-line main.lua into 6 modular components (<200 lines each)
- Add IP-restriction support with CIDR notation (127.0.0.1, 10.0.0.0/8)
- Implement Hugo integration with CORS support for localhost:1313
- Add production-ready configuration with environment variable support
- Create comprehensive testing suite (auth, rate-limiting, stress tests)
- Add production deployment checklist and cleanup scripts
This refactoring transforms the API gateway from a single-file monolith into a
biocodie-compliant modular architecture while adding enterprise-grade security
features. Performance testing shows 79 RPS concurrent throughput with <100ms
latency. Hugo contact form integration tested and working. System is now
production-ready for deployment to walter/aitvaras.
Resolves#47
- Add CORS headers to all API responses in main.lua
- Implement OPTIONS preflight request handling
- Add environment-variable based CORS origin configuration
- Create production.env.example for deployment documentation
- Update .env.example with CORS_ALLOWED_ORIGINS setting
Resolves cross-origin request blocking for Hugo dev server integration.
CORS origins now configurable via CORS_ALLOWED_ORIGINS environment variable
for production deployments while maintaining dev-friendly defaults.
Related to #49
- Fix create_environment_file() to preserve existing production config
- Change SMTP_SERVER to SMTP_HOST for consistency with other configs
- Add config existence check before creating new environment file
- Preserve permissions on existing config files
- Prevent accidental production config loss on redeployment
Fixes#50
- Fix OpenBSD service file pexp pattern to match actual running process
- Set pexp after sourcing rc.subr to prevent automatic override
- Update deployment script process detection from broken furt-lua pattern
- Add TTY-based daemon detection in start.sh for service vs development mode
- Implement comprehensive deployment workflow with backup and health checks
- Enable proper rcctl start/stop/check functionality on OpenBSD
Root cause: OpenBSD rc.subr automatically generates pexp from daemon+flags,
but actual process (/usr/local/bin/lua src/main.lua) differs from wrapper
(start.sh). Solution: Override pexp after rc.subr with correct Lua pattern.
Deployment script also had incorrect process detection pattern looking for
'furt-lua' string that doesn't exist in process name.
Technical details:
- Service file: pexp="/usr/local/bin/lua src/main.lua.*" after rc.subr
- Process detection: pgrep -u _furt -f 'src/main.lua'
- TTY detection: [ ! -t 0 ] for daemon vs interactive mode
- Complete deployment workflow with stop/sync/start/health-check cycle
Fixes#77 - OpenBSD rc.d service file problem resolved
Related: Deployment automation now fully functional karl→walter
- Add automated rsync-based file synchronization with _furt user permissions
- Implement OpenBSD rcctl service management with backup/rollback functionality
- Add port availability checks and health validation after deployment
- Include comprehensive error handling and status reporting
- Support dry-run mode for safe deployment testing
- Provide automatic service file generation with correct paths
Features:
- SSH-based secure transfer with permission preservation
- Pre-deployment backup with configurable retention (3 backups)
- Intelligent service stop/start handling for OpenBSD rcctl
- Health check validation via HTTP endpoint
- Colored output and structured logging for better UX
- Support for --dry-run, --rollback, and --force modes
Successfully deploys furt-lua from development (karl) to staging (walter).
Manual service management required due to OpenBSD rc.d pexp pattern issues.
Closes#76 (deployment automation)
Related: Service file pexp pattern matching requires follow-up investigation
Files:
- scripts/deploy/deploy_walter.sh (new)
- Add automatic SSL library detection (luaossl/luasec)
- Support Arch Linux (luaossl) and OpenBSD (luasec)
- Maintain backward compatibility with existing configurations
- Enable production deployment on OpenBSD with _furt service user
- Implement transparent API abstraction for different SSL libraries
Technical improvements:
- Auto-detection prevents manual SSL library configuration
- Compatible with package managers (no custom builds required)
- Tested on karl (Arch/luaossl) and walter (OpenBSD/luasec)
- Both systems successfully send emails via Port 465 SSL
- DKIM authentication passes on both platforms
Production readiness:
- Service user compatibility (_furt on OpenBSD)
- Config detection (/usr/local/etc/furt/environment)
- Multi-distribution support (Arch + OpenBSD)
- No OpenSSL command dependencies (tech sovereignty compliance)
Fixes#74
Files modified:
- furt-lua/src/smtp.lua
