fix(prod): production startup fixes — health endpoint, serveStatic path, entrypoint, docker config

- Add /api/health endpoint for Docker healthchecks
- Fix serveStatic path: dist/public instead of ../public
- Fix entrypoint.sh: DB wait check, npx drizzle-kit migrate, add netcat
- Fix Dockerfile: add bash/netcat, fix COPY order, add tsconfig.node.json
- Fix docker-compose.yml: add OLLAMA/LLM env vars for Node.js fallback
- Fix docker-stack.yml: remove template vars, use env vars instead of secrets
- Fix drizzle.config.ts: add migrations prefix
- Update .env.example with full LLM provider documentation

docker/docker-stack.yml

@@ -40,31 +40,15 @@ volumes:
   # ollama-data:       # Uncomment when using local Ollama service below
   #   driver: local
 
-secrets:
-  mysql-root-password:
-    external: true
-  mysql-password:
-    external: true
-  jwt-secret:
-    external: true
-  llm-api-key:
-    external: true
-
 services:
-
   # ── MySQL 8 ──────────────────────────────────────────────────────────────
   db:
     image: mysql:8.0
     environment:
-      MYSQL_ROOT_PASSWORD_FILE: /run/secrets/mysql-root-password
+      MYSQL_ROOT_PASSWORD: "${MYSQL_ROOT_PASSWORD:-goClawRoot123}"
       MYSQL_DATABASE: goclaw
       MYSQL_USER: goclaw
-      MYSQL_PASSWORD_FILE: /run/secrets/mysql-password
-    secrets:
-      - mysql-root-password
-      - mysql-password
-    volumes:
-      - mysql-data:/var/lib/mysql
+      MYSQL_PASSWORD: "${MYSQL_PASSWORD:-goClawPass123}"
     networks:
       - goclaw-net
     deploy:
@@ -123,23 +107,18 @@ services:
     environment:
       PORT: "18789"
       # ── LLM Provider ─────────────────────────────────────────────────────
-      # Default: Ollama Cloud (requires llm-api-key secret below)
+      # Default: Ollama Cloud (requires LLM_API_KEY)
       LLM_BASE_URL: "${LLM_BASE_URL:-https://ollama.com/v1}"
+      LLM_API_KEY: "${LLM_API_KEY:-}"
       DEFAULT_MODEL: "${DEFAULT_MODEL:-qwen2.5:7b}"
-      # LLM_API_KEY is injected via /run/secrets/llm-api-key (see below)
       # ── To switch to local GPU Ollama, set: ──────────────────────────────
       # LLM_BASE_URL: "http://ollama:11434"
-      # (and uncomment the ollama service above)
       # ─────────────────────────────────────────────────────────────────────
-      DATABASE_URL: "goclaw:{{MYSQL_PASSWORD}}@tcp(db:3306)/goclaw?parseTime=true"
+      DATABASE_URL: "goclaw:goClawPass123@tcp(db:3306)/goclaw?parseTime=true"
       PROJECT_ROOT: "/app"
       GATEWAY_REQUEST_TIMEOUT_SECS: "120"
       GATEWAY_MAX_TOOL_ITERATIONS: "10"
       LOG_LEVEL: "info"
-    secrets:
-      - mysql-password
-      - source: llm-api-key
-        target: /run/secrets/llm-api-key
     networks:
       - goclaw-net
     ports:
@@ -183,11 +162,11 @@ services:
     image: git.softuniq.eu/uniqai/goclaw/control-center:latest
     environment:
       NODE_ENV: production
-      DATABASE_URL: "mysql://goclaw:{{MYSQL_PASSWORD}}@db:3306/goclaw"
+      DATABASE_URL: "mysql://goclaw:goClawPass123@db:3306/goclaw"
       GATEWAY_URL: "http://gateway:18789"
-    secrets:
-      - mysql-password
-      - jwt-secret
+      JWT_SECRET: "${JWT_SECRET:-change-me-in-production}"
+      LLM_BASE_URL: "${LLM_BASE_URL:-https://ollama.com/v1}"
+      LLM_API_KEY: "${LLM_API_KEY:-}"
     networks:
       - goclaw-net
     ports: