feat: add Ragamuffin monorepo scaffold with production deployment

[Copilot]

Complete monorepo scaffold for "Ragamuffin" AI development platform with LangFlow, FastAPI backend, React frontend, and LangGraph. Includes production-ready deployment configuration with JWT authentication and comprehensive security features.

Services

Service	Port	Stack
langflow	7860	LangFlow visual builder
backend	8000	FastAPI flow management API
frontend	8080	Vite + React + TypeScript
langgraph	7878	Graph-based agent orchestration

Structure

Development

• Root: docker-compose.yml, start-dev.sh/stop-dev.sh (executable), docs
• /langflow: Dockerfile running langflow server
• /langflow-backend: FastAPI with /save_flow/, /list_flows/, /get_flow/{name}, /run_flow/ endpoints
• /web-client: Multi-stage Docker build, cyberpunk theme (Orbitron), pages for Dashboard/Playground/Datasets/AgentBuilder
• /langgraph: LangGraph server container

Production

• docker-compose.prod.yml: Production compose with healthchecks, environment variables, and persistent volumes
• Dockerfile.prod: Hardened production Dockerfile with non-root user
• start-prod.sh/stop-prod.sh: Production deployment scripts with security validation
• app/auth.py: JWT authentication system with bcrypt password hashing
• app/main_prod.py: Production backend with auth-protected endpoints
• nginx/ragamuffin.conf: Nginx reverse proxy with SSL/TLS and security headers
• .env.production.example: Environment variable template
• PRODUCTION_DEPLOYMENT.md: Complete deployment guide (SSL, database, monitoring, scaling)
• PRODUCTION_CHECKLIST.md: Pre-deployment security checklist

Backend Fallback

If langflow package unavailable, /run_flow/ returns simulated response:

try:
    from langflow.load import load_flow_from_json
    LANGFLOW_AVAILABLE = True
except ImportError:
    LANGFLOW_AVAILABLE = False
    logger.warning("LangFlow not installed. /run_flow/ will return simulated responses.")

Quick Start

Development

./start-dev.sh  # docker compose up --build

Production

# Configure environment
cp .env.production.example .env.production
# Edit .env.production with your settings

# Generate secure keys
openssl rand -hex 32  # Use for SECRET_KEY
openssl rand -hex 32  # Use for JWT_SECRET

# Deploy
./start-prod.sh

Production Security Features

✅ JWT authentication (configurable enable/disable)
✅ Bcrypt password hashing
✅ Environment-based configuration
✅ CORS restricted to configured domains
✅ Secret key validation (minimum 32 characters)
✅ Non-root Docker containers
✅ Healthcheck endpoints
✅ Rate limiting configuration
✅ SSL/TLS nginx setup
✅ Security headers (HSTS, X-Frame-Options)
✅ Input validation and sanitization

Default login (CHANGE IN PRODUCTION): admin/changeme

See PRODUCTION_DEPLOYMENT.md for complete deployment guide and PRODUCTION_CHECKLIST.md for security validation before going live.

Original prompt

Create a new branch named ragamuffin-scaffold and add a complete monorepo scaffold named "Ragamuffin" to the repository Stacey77/Rag7. The branch should include the following files and folders (create exact paths). Do not modify any existing repository files. If any conflicts exist, create the PR and note the conflicts in the PR description.

Root files:

• docker-compose.yml (compose that runs langflow:7860, backend:8000, frontend:8080, langgraph:7878; mount ./langflow-backend/flows into backend container)
• README_MONOREPO.md (overview, Quick Start, include UI inspiration image reference: , mention project name Ragamuffin)
• RUN_COMMANDS.md (step-by-step run & dev commands)
• start-dev.sh (executable; runs 'docker compose up --build')
• stop-dev.sh (executable; runs 'docker compose down')
• README.md (top-level summary referencing UI image and Ragamuffin name)

/langflow:

• Dockerfile (runs 'langflow run --host 0.0.0.0 --port 7860')
• README.md (notes about LangFlow usage and securing UI)

/langflow-backend:

• Dockerfile (build backend image)
• requirements.txt (fastapi, uvicorn[standard], langflow, python-multipart)
• flows/ (empty dir for persisted flows)
• app/init.py
• app/main.py (FastAPI app implementing endpoints: POST /save_flow/ (multipart .json), GET /list_flows/, GET /get_flow/{flow_name}, POST /run_flow/ (multipart flow_file + form field user_input). Behavior: attempt to import langflow.load_flow_from_json; if langflow not importable, /run_flow/ must return a simulated response and log a warning. Enable CORS for localhost development. Include inline comments about security, validation, sandboxing, and recommended production steps.)
• README.md (backend usage & environment)

/web-client:

• Dockerfile (multi-stage build using nginx)
• nginx.conf (optional)
• package.json (Vite + React + TypeScript deps and scripts)
• tsconfig.json
• vite.config.ts
• index.html
• .env (VITE_API_URL=http://localhost:8000)
• src/main.tsx
• src/App.tsx
• src/styles.css (Orbitron font & cyberpunk theme)
• src/components/Sidebar.tsx
• src/components/AIBrain.tsx
• src/components/SectionAgent.tsx
• src/components/Conversation.tsx (STT/TTS)
• src/pages/Dashboard.tsx
• src/pages/Playground.tsx
• src/pages/Datasets.tsx
• src/pages/AgentBuilder.tsx (integrates with backend endpoints: /list_flows/, /get_flow/{name}, /save_flow/, /run_flow/)

/langgraph:

• Dockerfile (install langgraph and run its server on 7878)
• README.md (notes and how to open LangGraph UI)

Behavioral & operational notes to implement:

• start-dev.sh and stop-dev.sh must be marked executable in the commit.
• Use relative paths in Dockerfiles and docker-compose.
• Persist flows directory ./langflow-backend/flows and mount it in the backend container in docker-compose.
• Ensure backend runs even if 'langflow' package is not available; /run_flow/ should return a simulated response and log a warning in that case.
• Document security caveats in README files: validate flows, sandbox executions, whitelist tools, add auth (JWT/OAuth) before production, and consider DB/S3 for persistence.

Docker compose requirements:

• Services: langflow (7860), backend (8000), frontend (8080), langgraph (7878)
• Map ports as above and mount flows volume for backend

PR metadata:

• Branch name: ragamuffin-scaffold
• Target branch: main
• PR title: feat: add Ragamuffin monorepo scaffold (langflow, fastapi, web-client, docker-compose)
• PR description: concise summary of the additions, how to run locally (docker compose up --build), and recommended next steps (secure CORS, validate flows, add auth, persistent storage). Note the backend simulated fallback if langflow is not installed and warn about security risks of running untrusted flows.

Please create the branch, add all files and contents, commit, push to origin, and open the PR. After opening the PR, return the PR URL in your response.

This pull request was created as a result of the following prompt from Copilot chat.

Create a new branch named ragamuffin-scaffold and add a complete monorepo scaffold named "Ragamuffin" to the repository Stacey77/Rag7. The branch should include the following files and folders (create exact paths). Do not modify any existing repository files. If any conflicts exist, create the PR and note the conflicts in the PR description.

Root files:

• docker-compose.yml (compose that runs langflow:7860, backend:8000, frontend:8080, langgraph:7878; mount ./langflow-backend/flows into backend container)
• README_MONOREPO.md (overview, Quick Start, include UI inspiration image reference: , mention project name Ragamuffin)
• RUN_COMMANDS.md (step-by-step run & dev commands)
• start-dev.sh (executable; runs 'docker compose up --build')
• stop-dev.sh (executable; runs 'docker compose down')
• README.md (top-level summary referencing UI image and Ragamuffin name)

/langflow:

• Dockerfile (runs 'langflow run --host 0.0.0.0 --port 7860')
• README.md (notes about LangFlow usage and securing UI)

/langflow-backend:

• Dockerfile (build backend image)
• requirements.txt (fastapi, uvicorn[standard], langflow, python-multipart)
• flows/ (empty dir for persisted flows)
• app/init.py
• app/main.py (FastAPI app implementing endpoints: POST /save_flow/ (multipart .json), GET /list_flows/, GET /get_flow/{flow_name}, POST /run_flow/ (multipart flow_file + form field user_input). Behavior: attempt to import langflow.load_flow_from_json; if langflow not importable, /run_flow/ must return a simulated response and log a warning. Enable CORS for localhost development. Include inline comments about security, validation, sandboxing, and recommended production steps.)
• README.md (backend usage & environment)

/web-client:

• Dockerfile (multi-stage build using nginx)
• nginx.conf (optional)
• package.json (Vite + React + TypeScript deps and scripts)
• tsconfig.json
• vite.config.ts
• index.html
• .env (VITE_API_URL=http://localhost:8000)
• src/main.tsx
• src/App.tsx
• src/styles.css (Orbitron font & cyberpunk theme)
• src/components/Sidebar.tsx
• src/components/AIBrain.tsx
• src/components/SectionAgent.tsx
• src/components/Conversation.tsx (STT/TTS)
• src/pages/Dashboard.tsx
• src/pages/Playground.tsx
• src/pages/Datasets.tsx
• src/pages/AgentBuilder.tsx (integrates with backend endpoints: /list_flows/, /get_flow/{name}, /save_flow/, /run_flow/)

/langgraph:

• Dockerfile (install langgraph and run its server on 7878)
• README.md (notes and how to open LangGraph UI)

Behavioral & operational notes to implement:

• start-dev.sh and stop-dev.sh must be marked executable in the commit.
• Use relative paths in Dockerfiles and docker-compose.
• Persist flows directory ./langflow-backend/flows and mount it in the backend container in docker-compose.
• Ensure backend runs even if 'langflow' package is not available; /run_flow/ should return a simulated response and log a warning in that case.
• Document security caveats in README files: validate flows, sandbox executions, whitelist tools, add auth (JWT/OAuth) before production, and consider DB/S3 for persistence.

Docker compose requirements:

• Services: langflow (7860), backend (8000), frontend (8080), langgraph (7878)
• Map ports as above and mount flows volume for backend

PR metadata:

• Branch name: ragamuffin-scaffold
• Target branch: main
• PR title: feat: add Ragamuffin monorepo scaffold (langflow, fastapi, web-client, docker-compose)
• PR description: concise summary of the additions, how to run locally (docker compose up --build), and recommended next steps (secure CORS, validate flows, add auth, persistent storage). Note the backend simulated fallback if langflow is not installed and warn about security risks of running untrusted flows.

Please create the branch, add all files and contents, commit, push to origin, and open the PR. After opening the PR, return the PR URL in your response.

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[Stacey77]

@copilot next phase

[Stacey77]

@copilot continue

[Stacey77]

@copilot continue

[Stacey77]

@copilot https://github.com/copilot/tasks/pull/PR_kwDOO8v_is62NuBl?session_id=ba76850d-82e1-42bd-844e-ce00e9d9a31b

[Stacey77]

@copilot continue and go to production

[Copilot]

@copilot continue and go to production

Production deployment configuration added! 🚀

Added in commits 9725db8 and b26bba8:

✅ Production Docker Setup

• docker-compose.prod.yml with healthchecks and environment variables
• Production-optimized Dockerfile with non-root user
• start-prod.sh / stop-prod.sh scripts with security validation

✅ Security Features

• JWT authentication system (app/auth.py)
• Production backend (app/main_prod.py) with auth endpoints
• Environment-based configuration (.env.production.example)
• Secret key validation (minimum 32 characters)
• Enhanced security warnings for flow execution

✅ Infrastructure

• Nginx reverse proxy config with SSL/TLS support
• Rate limiting configuration
• Security headers (HSTS, X-Frame-Options, etc.)
• Healthcheck endpoints

✅ Documentation

• PRODUCTION_DEPLOYMENT.md - Complete deployment guide
• PRODUCTION_CHECKLIST.md - Pre-deployment security checklist
• Updated README.md with production instructions
• .gitignore for sensitive files

Quick Start:

# Configure environment
cp .env.production.example .env.production

# Generate secure keys
openssl rand -hex 32  # Use for SECRET_KEY
openssl rand -hex 32  # Use for JWT_SECRET

# Deploy
./start-prod.sh

Default login (CHANGE IN PRODUCTION): admin/changeme

See PRODUCTION_DEPLOYMENT.md for full deployment guide and security best practices.