Auto-commit: Sync changes [2026-03-05]

Author: hyperpolymath

examples/web-project-deno.json

@@ -8,7 +8,7 @@
     "test": "deno test --allow-all"
   },
   "imports": {
-    "rescript": "npm:rescript@^12.1.0",
+    "rescript": "^12.0.0",
     "@rescript/core": "npm:@rescript/core@^1.6.0",
     "safe-dom/": "https://raw.githubusercontent.com/hyperpolymath/rescript-dom-mounter/main/src/",
     "proven/": "../proven/bindings/rescript/src/"

justfile

@@ -136,3 +136,8 @@ test-all: test test-rust
 # Generate API client from protobuf
 proto-gen:
     cd src/rust-routing && cargo build
+
+# [AUTO-GENERATED] Multi-arch / RISC-V target
+build-riscv:
+	@echo "Building for RISC-V..."
+	cross build --target riscv64gc-unknown-linux-gnu

src/deno-api/Dockerfile src/deno-api/Containerfilesrc/deno-api/Dockerfile renamed to src/deno-api/Containerfile

@@ -1,57 +1,57 @@
-# VEDS Route Optimizer - Dockerfile
+# SPDX-License-Identifier: MIT OR AGPL-3.0
+# VEDS Route Optimizer - Distroless Container
 # Multi-stage build for minimal production image
 
+# =============================================================================
 # Build stage
-FROM rust:1.75-bookworm as builder
+# =============================================================================
+FROM rust:1.75-bookworm AS builder
 
 WORKDIR /app
 
 # Install protobuf compiler
-RUN apt-get update && apk add --no-cache -y protobuf-compiler && rm -rf /var/lib/apt/lists/*
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends protobuf-compiler && \
+    rm -rf /var/lib/apt/lists/*
 
-# Copy manifests
+# Copy manifests first for dependency caching
 COPY Cargo.toml Cargo.lock ./
 
 # Create dummy src to cache dependencies
 RUN mkdir -p src proto && \
     echo "fn main() {}" > src/main.rs && \
     echo 'syntax = "proto3"; package dummy;' > proto/optimizer.proto
 
-# Build dependencies (cached)
+# Build dependencies (cached layer)
 RUN cargo build --release && rm -rf src proto
 
 # Copy actual source
 COPY . .
 
-# Touch main.rs to force rebuild
+# Touch main.rs to force rebuild with actual source
 RUN touch src/main.rs
 
 # Build release binary
 RUN cargo build --release
 
-# Runtime stage
-FROM cgr.dev/chainguard/wolfi-base:bookworm-slim
+# =============================================================================
+# Runtime stage - Distroless
+# =============================================================================
+FROM gcr.io/distroless/cc-debian12:nonroot
 
 WORKDIR /app
 
-# Install runtime dependencies
-RUN apt-get update && \
-    apk add --no-cache -y ca-certificates && \
-    rm -rf /var/lib/apt/lists/*
-
 # Copy binary from builder
 COPY --from=builder /app/target/release/veds-optimizer /app/veds-optimizer
 
-# Create non-root user
-RUN useradd -r -s /bin/false veds
-USER veds
-
 # Expose ports
 EXPOSE 50051 8090
 
-# Health check
-HEALTHCHECK --interval=30s --timeout=3s --start-period=5s \
-    CMD curl -f http://localhost:8090/health || exit 1
+# Run as nonroot user (uid 65532)
+USER nonroot
+
+# Distroless has no shell, so no HEALTHCHECK possible here
+# Health checks are defined in docker-compose.yml
 
 # Run
-CMD ["/app/veds-optimizer"]
+ENTRYPOINT ["/app/veds-optimizer"]