Добавляет sidecar glitchtip-auth-forwarder который tails Caddy access log,
фильтрует 401 события и шлёт их в GlitchTip через Sentry SDK.
- ops/glitchtip-auth-forwarder/forwarder.py: tail + throttle + atomic offset
- Caddy JSON schema верифицирован по реальному логу: status верхнеуровневое,
request.headers["User-Agent"] — list, client_ip vs remote_ip
- Monitor UAs (GlitchTip uptime, SentryUptimeBot) фильтруются как individual events
- Storm throttle: >10/60s → один digest event типа basic_auth_storm
- docker-compose.prod.yml: caddy_logs volume в caddy + новый service + auth_forwarder_state
- docs/runbooks/basic_auth_management.md: runbook с GlitchTip секцией
- backend/alembic/* — alembic infra (env.py, script.py.mako). versions/ empty
for now; first migration goes in Stage 2a when models are finalized.
- backend/Dockerfile: bake alembic.ini + alembic/ into the image so
`docker compose exec backend alembic upgrade head` works in prod.
- backend/db/init/99_drop_unused_extensions.sql + bind-mount in both compose
files: drops postgis-image's TIGER/topology/fuzzystrmatch on fresh volumes.
- .pre-commit-config.yaml + pre-commit in dev deps: ruff/prettier on commit
to stop CI failures like UP035 from leaking out.
- ops/backup.sh, ops/restore.sh: pg_dump cron script with optional Selectel S3
upload. 7-day local retention. Restore guard: requires RESTORE_CONFIRM=yes.
- Makefile: new targets `make migration NAME=...`, `make pre-commit-install`.
- backend/.env.example: SENTRY_DSN comment with sentry.io reference.