From 6d191a2bfc044af7dbf80d6728ca4216faeb9d01 Mon Sep 17 00:00:00 2001
From: Claude Code <claude@anthropic.com>
Date: Sat, 4 Apr 2026 15:14:01 -0700
Subject: [PATCH] =?UTF-8?q?chore(infrastructure):=20=F0=9F=94=A7=20Update?=
 =?UTF-8?q?=20environment=20variables=20and=20Docker=20Compose=20configs?=
 =?UTF-8?q?=20for=20dev/prod=20environments?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-Authored-By: Lilith Autocommit <noreply@atlilith.com>
---
 infrastructure/.env.dev                 | 25 ++++++++++
 infrastructure/.env.dev.example         | 25 ++++++++++
 infrastructure/.env.prod.example        |  4 ++
 infrastructure/docker-compose.dev.yaml  | 65 +++++++++++++++++++++++++
 infrastructure/docker-compose.prod.yaml |  1 +
 5 files changed, 120 insertions(+)
 create mode 100644 infrastructure/.env.dev
 create mode 100644 infrastructure/.env.dev.example
 create mode 100644 infrastructure/docker-compose.dev.yaml

diff --git a/infrastructure/.env.dev b/infrastructure/.env.dev
new file mode 100644
index 0000000..ab99a0c
--- /dev/null
+++ b/infrastructure/.env.dev
@@ -0,0 +1,25 @@
+# =============================================================================
+# @analytics Dev Environment
+# =============================================================================
+# Copy to infrastructure/.env.dev — used by ./run dev* commands.
+# Matches docker-compose.dev.yaml credentials and platform-analytics backend.
+# =============================================================================
+
+# TimescaleDB (matches docker-compose.dev.yaml)
+DATABASE_HOST=localhost
+DATABASE_PORT=25434
+DATABASE_USER=lilith
+DATABASE_PASSWORD=analytics_dev_password
+DATABASE_NAME=lilith_analytics
+
+# Redis (matches docker-compose.dev.yaml — port 26379 per infrastructure.yaml service registry)
+REDIS_HOST=localhost
+REDIS_PORT=26379
+REDIS_PASSWORD=analytics_dev_password
+
+# Collector
+CORS_ORIGINS=http://localhost:3000,http://localhost:5120,http://localhost:5173,https://quinn.apricot.local
+COLLECTOR_WRITE_KEY=dev-write-key
+
+# API authentication keys (comma-separated)
+API_KEYS=dev-api-key
diff --git a/infrastructure/.env.dev.example b/infrastructure/.env.dev.example
new file mode 100644
index 0000000..ab99a0c
--- /dev/null
+++ b/infrastructure/.env.dev.example
@@ -0,0 +1,25 @@
+# =============================================================================
+# @analytics Dev Environment
+# =============================================================================
+# Copy to infrastructure/.env.dev — used by ./run dev* commands.
+# Matches docker-compose.dev.yaml credentials and platform-analytics backend.
+# =============================================================================
+
+# TimescaleDB (matches docker-compose.dev.yaml)
+DATABASE_HOST=localhost
+DATABASE_PORT=25434
+DATABASE_USER=lilith
+DATABASE_PASSWORD=analytics_dev_password
+DATABASE_NAME=lilith_analytics
+
+# Redis (matches docker-compose.dev.yaml — port 26379 per infrastructure.yaml service registry)
+REDIS_HOST=localhost
+REDIS_PORT=26379
+REDIS_PASSWORD=analytics_dev_password
+
+# Collector
+CORS_ORIGINS=http://localhost:3000,http://localhost:5120,http://localhost:5173,https://quinn.apricot.local
+COLLECTOR_WRITE_KEY=dev-write-key
+
+# API authentication keys (comma-separated)
+API_KEYS=dev-api-key
diff --git a/infrastructure/.env.prod.example b/infrastructure/.env.prod.example
index 5c3c875..75f8dbb 100644
--- a/infrastructure/.env.prod.example
+++ b/infrastructure/.env.prod.example
@@ -21,3 +21,7 @@ CORS_ORIGINS=https://transquinnftw.com,https://data.transquinnftw.com
 # API authentication keys (comma-separated)
 # Used by platform-analytics backend-api to authenticate with this API
 API_KEYS=CHANGE_ME_GENERATE_WITH_openssl_rand_hex_32
+
+# Collector write key — embed in analytics-client config on the frontend
+# Anyone posting to /track/* must include X-Write-Key: <this value>
+COLLECTOR_WRITE_KEY=CHANGE_ME_GENERATE_WITH_openssl_rand_hex_32
diff --git a/infrastructure/docker-compose.dev.yaml b/infrastructure/docker-compose.dev.yaml
new file mode 100644
index 0000000..a041684
--- /dev/null
+++ b/infrastructure/docker-compose.dev.yaml
@@ -0,0 +1,65 @@
+# =============================================================================
+# @analytics - Dev Infrastructure
+# =============================================================================
+#
+# Runs only the stateful dependencies needed for local service development.
+# App services (collector, processor, api, realtime) run directly via bun.
+#
+# Usage:
+#   ./run dev:infra           Start TimescaleDB + Redis
+#   ./run dev:stop            Stop + remove containers
+#
+# Ports:
+#   TimescaleDB: 25434 (consistent with prod, avoids conflict with system postgres)
+#   Redis:       26379 (matches infrastructure.redis service registry definition)
+#
+
+services:
+  timescaledb:
+    image: timescale/timescaledb:2.16.1-pg16
+    container_name: analytics-dev-timescaledb
+    restart: unless-stopped
+    ports:
+      - "25434:5432"
+    environment:
+      POSTGRES_USER: lilith
+      POSTGRES_PASSWORD: analytics_dev_password
+      POSTGRES_DB: lilith_analytics
+    volumes:
+      - analytics-dev-postgres-data:/var/lib/postgresql/data
+      - ./init.sql:/docker-entrypoint-initdb.d/01-init.sql:ro
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U lilith"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+
+  redis:
+    image: redis:7.4-alpine
+    container_name: analytics-dev-redis
+    restart: unless-stopped
+    command:
+      - redis-server
+      - --appendonly
+      - "yes"
+      - --maxmemory
+      - "256MB"
+      - --maxmemory-policy
+      - "noeviction"
+      - --requirepass
+      - "analytics_dev_password"
+    ports:
+      - "26379:6379"
+    volumes:
+      - analytics-dev-redis-data:/data
+    healthcheck:
+      test: ["CMD", "redis-cli", "ping"]
+      interval: 10s
+      timeout: 3s
+      retries: 5
+
+volumes:
+  analytics-dev-postgres-data:
+    name: analytics-dev-postgres-data
+  analytics-dev-redis-data:
+    name: analytics-dev-redis-data
diff --git a/infrastructure/docker-compose.prod.yaml b/infrastructure/docker-compose.prod.yaml
index c389927..b8f7eaf 100644
--- a/infrastructure/docker-compose.prod.yaml
+++ b/infrastructure/docker-compose.prod.yaml
@@ -83,6 +83,7 @@ services:
       REDIS_PORT: "6379"
       REDIS_PASSWORD: ${REDIS_PASSWORD}
       CORS_ORIGINS: ${CORS_ORIGINS}
+      COLLECTOR_WRITE_KEY: ${COLLECTOR_WRITE_KEY}
       LOG_LEVEL: info
     depends_on:
       redis: