localhost:27017 resolves to the container itself inside Docker.
The mongo service is reachable via its compose service name 'mongo'.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Align Woodpecker CI pipeline with team standard (cast-backend pattern):
- Replace plugins/docker with woodpeckerci/plugin-docker-buildx
- Use git.sds.dev registry; tag with CI_COMMIT_SHA short + latest
- Use team secret names: registry_user/password, deploy_ssh_key
- Add golangci-lint, semgrep, gosec, trivy-fs, trivy-secrets security gates
- Deploy on push to main (not on tag): build-and-push then deploy step
calls bash /opt/cast-ghl-provider/deploy/deploy.sh on server
- Add Telegram notification on success/failure
docker-compose.yaml: add image: git.sds.dev/cast/cast-ghl-provider:latest
(server pulls from registry; build: kept for local dev only)
deploy/deploy.sh: simplified to docker compose pull + up
(build now happens in CI, not on the server)
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Update all active config and documentation files to use the correct
production domain hl.cast.ph (not ghl.cast.ph).
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- docker-compose.yaml: remove port binding; add VIRTUAL_HOST/LETSENCRYPT_HOST
env vars for nginx-proxy auto-routing; add internal + external proxy networks
- .woodpecker.yml: consolidate build steps into single ci step; add deploy-main
step that builds + deploys on every push to main; keep deploy-tag for
registry-pull deploys on version tags
- deploy/deploy.sh: simplify for manual/emergency use on existing server;
add --from-registry flag for registry pull vs local build
- Remove deploy/setup-server.sh and deploy/nginx/ (not needed on existing server)
Co-Authored-By: Paperclip <noreply@paperclip.ing>
GHL uses RSA + SHA-256 for x-wh-signature, not ECDSA P-256 as documented
in the original task files. Also adds forward-compatible Ed25519 support
for X-GHL-Signature (GHL migration scheduled July 2026): handler checks
X-GHL-Signature first, falls back to x-wh-signature.
- webhook.go: replace ecdsa.VerifyASN1 with rsa.VerifyPKCS1v15; add
verifyEd25519 + verifyIncomingSignature dispatch; update struct fields
- webhook_test.go: regenerate test keys as RSA-2048, sign with PKCS1v15
- CLAUDE.md: correct crypto stack and key implementation notes
- .env.example: clarify GHL_WEBHOOK_PUBLIC_KEY is a static RSA key from docs
Co-Authored-By: SideKx <sidekx.ai@sds.dev>
Complete MVP implementation of the Cast GHL Conversation Provider bridge:
- Go module setup with chi router and mongo-driver dependencies
- Config loading with env var validation and defaults
- MongoDB token store with upsert, get, update, delete operations
- Cast.ph SMS client with 429 retry logic and typed errors
- Phone number normalization (E.164 ↔ Philippine local format)
- GHL OAuth 2.0 install/callback/refresh flow
- GHL webhook handler with ECDSA signature verification (async dispatch)
- GHL API client for message status updates and inbound message stubs
- Multi-stage Dockerfile, docker-compose with MongoDB, Woodpecker CI pipeline
- Unit tests for phone normalization, Cast client, GHL webhook, and OAuth handlers
Co-Authored-By: SideKx <sidekx.ai@sds.dev>
