Initial commit: Telegram Management System

Full-stack web application for Telegram management
- Frontend: Vue 3 + Vben Admin
- Backend: NestJS
- Features: User management, group broadcast, statistics

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

marketing-agent/infrastructure/k8s/configmap.yaml

@@ -0,0 +1,66 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: marketing-agent-config
+  namespace: marketing-agent
+data:
+  NODE_ENV: "production"
+  LOG_LEVEL: "info"
+  
+  # Service URLs
+  ORCHESTRATOR_URL: "http://orchestrator-service:3001"
+  CLAUDE_AGENT_URL: "http://claude-agent-service:3002"
+  GRAMJS_ADAPTER_URL: "http://gramjs-adapter-service:3003"
+  SAFETY_GUARD_URL: "http://safety-guard-service:3004"
+  ANALYTICS_URL: "http://analytics-service:3005"
+  AB_TESTING_URL: "http://ab-testing-service:3006"
+  
+  # Database connections
+  POSTGRES_HOST: "postgres-service"
+  POSTGRES_PORT: "5432"
+  POSTGRES_DATABASE: "marketing_agent"
+  
+  MONGODB_URL: "mongodb://mongodb-service:27017/marketing_events"
+  
+  REDIS_HOST: "redis-service"
+  REDIS_PORT: "6379"
+  REDIS_DB: "0"
+  
+  RABBITMQ_HOST: "rabbitmq-service"
+  RABBITMQ_PORT: "5672"
+  RABBITMQ_VHOST: "/"
+  
+  ELASTICSEARCH_NODE: "http://elasticsearch-service:9200"
+  
+  # Rate limiting
+  RATE_LIMIT_WINDOW_MS: "60000"
+  RATE_LIMIT_MAX_REQUESTS: "100"
+  
+  # Safety settings
+  CONTENT_MODERATION_LEVEL: "medium"
+  MAX_ACCOUNTS_PER_CAMPAIGN: "10"
+  FLOOD_WAIT_THRESHOLD: "300"
+  
+  # Analytics
+  ANALYTICS_BATCH_SIZE: "100"
+  ANALYTICS_FLUSH_INTERVAL: "5000"
+  
+  # A/B Testing
+  AB_TEST_MIN_SAMPLE_SIZE: "100"
+  AB_TEST_CONFIDENCE_LEVEL: "0.95"
+  
+  # Performance
+  MAX_CONCURRENT_TASKS: "50"
+  TASK_TIMEOUT_MS: "300000"
+  DB_POOL_SIZE: "10"
+  
+  # Feature flags
+  ENABLE_HUMAN_IN_LOOP: "true"
+  ENABLE_AUTO_SCALING: "true"
+  ENABLE_VECTOR_SEARCH: "false"
+  ENABLE_MULTI_PLATFORM: "false"
+  
+  # Compliance
+  GDPR_ENABLED: "true"
+  CCPA_ENABLED: "true"
+  DATA_RETENTION_DAYS: "365"

marketing-agent/infrastructure/k8s/namespace.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: marketing-agent
+  labels:
+    name: marketing-agent
+    environment: production

marketing-agent/infrastructure/k8s/secrets.yaml

@@ -0,0 +1,38 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: marketing-agent-secrets
+  namespace: marketing-agent
+type: Opaque
+stringData:
+  # Database credentials
+  POSTGRES_USER: "marketing_user"
+  POSTGRES_PASSWORD: "CHANGE_THIS_PASSWORD"
+  
+  MONGODB_USER: "marketing_user"
+  MONGODB_PASSWORD: "CHANGE_THIS_PASSWORD"
+  
+  REDIS_PASSWORD: "CHANGE_THIS_PASSWORD"
+  
+  RABBITMQ_USER: "admin"
+  RABBITMQ_PASSWORD: "CHANGE_THIS_PASSWORD"
+  
+  ELASTICSEARCH_USER: "elastic"
+  ELASTICSEARCH_PASSWORD: "CHANGE_THIS_PASSWORD"
+  
+  # API keys
+  CLAUDE_API_KEY: "CHANGE_THIS_API_KEY"
+  
+  # Telegram credentials
+  TELEGRAM_API_ID: "CHANGE_THIS_API_ID"
+  TELEGRAM_API_HASH: "CHANGE_THIS_API_HASH"
+  
+  # JWT secret
+  JWT_SECRET: "CHANGE_THIS_SECRET_KEY"
+  
+  # Encryption key
+  ENCRYPTION_KEY: "CHANGE_THIS_32_CHARACTER_KEY_HERE"
+  
+  # Vector database (optional)
+  PINECONE_API_KEY: ""
+  PINECONE_ENVIRONMENT: ""

marketing-agent/infrastructure/nginx/conf.d/api-gateway.conf

@@ -0,0 +1,102 @@
+server {
+    listen 80;
+    server_name localhost;
+
+    # API versioning
+    set $api_version "v1";
+
+    # CORS configuration
+    add_header 'Access-Control-Allow-Origin' '$http_origin' always;
+    add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
+    add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, X-Requested-With' always;
+    add_header 'Access-Control-Allow-Credentials' 'true' always;
+
+    # Handle OPTIONS requests
+    if ($request_method = 'OPTIONS') {
+        add_header 'Access-Control-Max-Age' 1728000;
+        add_header 'Content-Type' 'text/plain; charset=utf-8';
+        add_header 'Content-Length' 0;
+        return 204;
+    }
+
+    # Health check endpoint
+    location /health {
+        access_log off;
+        return 200 "healthy\n";
+        add_header Content-Type text/plain;
+    }
+
+    # Auth endpoints
+    location ~ ^/api/($api_version/)?auth {
+        limit_req zone=auth_limit burst=5 nodelay;
+        proxy_pass http://orchestrator;
+        include /etc/nginx/proxy.conf;
+    }
+
+    # Orchestrator service
+    location ~ ^/api/($api_version/)?orchestrator {
+        limit_req zone=api_limit burst=20 nodelay;
+        proxy_pass http://orchestrator;
+        include /etc/nginx/proxy.conf;
+    }
+
+    # Claude Agent service
+    location ~ ^/api/($api_version/)?claude {
+        limit_req zone=api_limit burst=10 nodelay;
+        proxy_pass http://claude_agent;
+        include /etc/nginx/proxy.conf;
+    }
+
+    # GramJS Adapter service
+    location ~ ^/api/($api_version/)?telegram {
+        limit_req zone=api_limit burst=20 nodelay;
+        proxy_pass http://gramjs_adapter;
+        include /etc/nginx/proxy.conf;
+    }
+
+    # Safety Guard service
+    location ~ ^/api/($api_version/)?safety {
+        limit_req zone=api_limit burst=30 nodelay;
+        proxy_pass http://safety_guard;
+        include /etc/nginx/proxy.conf;
+    }
+
+    # Analytics service
+    location ~ ^/api/($api_version/)?analytics {
+        limit_req zone=api_limit burst=50 nodelay;
+        proxy_pass http://analytics;
+        include /etc/nginx/proxy.conf;
+    }
+
+    # A/B Testing service
+    location ~ ^/api/($api_version/)?experiments {
+        limit_req zone=api_limit burst=20 nodelay;
+        proxy_pass http://ab_testing;
+        include /etc/nginx/proxy.conf;
+    }
+
+    # WebSocket endpoints
+    location ~ ^/ws/($api_version/)? {
+        proxy_pass http://orchestrator;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_read_timeout 86400;
+    }
+
+    # Static files (if any)
+    location /static {
+        alias /usr/share/nginx/html/static;
+        expires 30d;
+        add_header Cache-Control "public, immutable";
+    }
+
+    # Default location
+    location / {
+        return 404;
+    }
+}

marketing-agent/infrastructure/nginx/nginx.conf

@@ -0,0 +1,75 @@
+user nginx;
+worker_processes auto;
+error_log /var/log/nginx/error.log warn;
+pid /var/run/nginx.pid;
+
+events {
+    worker_connections 1024;
+    use epoll;
+    multi_accept on;
+}
+
+http {
+    include /etc/nginx/mime.types;
+    default_type application/octet-stream;
+
+    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+                    '$status $body_bytes_sent "$http_referer" '
+                    '"$http_user_agent" "$http_x_forwarded_for" '
+                    'rt=$request_time uct="$upstream_connect_time" '
+                    'uht="$upstream_header_time" urt="$upstream_response_time"';
+
+    access_log /var/log/nginx/access.log main;
+
+    sendfile on;
+    tcp_nopush on;
+    tcp_nodelay on;
+    keepalive_timeout 65;
+    types_hash_max_size 2048;
+
+    # Gzip compression
+    gzip on;
+    gzip_vary on;
+    gzip_proxied any;
+    gzip_comp_level 6;
+    gzip_types text/plain text/css text/xml text/javascript application/json application/javascript application/xml+rss application/rss+xml application/atom+xml image/svg+xml;
+
+    # Security headers
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header X-XSS-Protection "1; mode=block" always;
+    add_header Referrer-Policy "no-referrer-when-downgrade" always;
+    add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
+
+    # Rate limiting
+    limit_req_zone $binary_remote_addr zone=api_limit:10m rate=10r/s;
+    limit_req_zone $binary_remote_addr zone=auth_limit:10m rate=5r/m;
+
+    # Upstream services
+    upstream orchestrator {
+        server orchestrator:3001 max_fails=3 fail_timeout=30s;
+    }
+
+    upstream claude_agent {
+        server claude-agent:3002 max_fails=3 fail_timeout=30s;
+    }
+
+    upstream gramjs_adapter {
+        server gramjs-adapter:3003 max_fails=3 fail_timeout=30s;
+    }
+
+    upstream safety_guard {
+        server safety-guard:3004 max_fails=3 fail_timeout=30s;
+    }
+
+    upstream analytics {
+        server analytics:3005 max_fails=3 fail_timeout=30s;
+    }
+
+    upstream ab_testing {
+        server ab-testing:3006 max_fails=3 fail_timeout=30s;
+    }
+
+    # Include additional configuration files
+    include /etc/nginx/conf.d/*.conf;
+}

marketing-agent/infrastructure/nginx/proxy.conf

@@ -0,0 +1,19 @@
+# Proxy headers
+proxy_set_header Host $http_host;
+proxy_set_header X-Real-IP $remote_addr;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_set_header X-Forwarded-Proto $scheme;
+proxy_set_header X-Request-ID $request_id;
+
+# Proxy settings
+proxy_connect_timeout 60s;
+proxy_send_timeout 60s;
+proxy_read_timeout 60s;
+proxy_buffering off;
+proxy_request_buffering off;
+proxy_http_version 1.1;
+proxy_set_header Connection "";
+
+# Error handling
+proxy_intercept_errors on;
+proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;

marketing-agent/infrastructure/prometheus/prometheus.yml

@@ -0,0 +1,85 @@
+global:
+  scrape_interval: 15s
+  evaluation_interval: 15s
+  external_labels:
+    monitor: 'marketing-agent'
+
+alerting:
+  alertmanagers:
+    - static_configs:
+        - targets: []
+
+rule_files:
+  - "rules/*.yml"
+
+scrape_configs:
+  # Prometheus self-monitoring
+  - job_name: 'prometheus'
+    static_configs:
+      - targets: ['localhost:9090']
+
+  # Node exporter
+  - job_name: 'node'
+    static_configs:
+      - targets: ['node-exporter:9100']
+
+  # Orchestrator service
+  - job_name: 'orchestrator'
+    static_configs:
+      - targets: ['orchestrator:3001']
+    metrics_path: '/metrics'
+
+  # Claude Agent service
+  - job_name: 'claude-agent'
+    static_configs:
+      - targets: ['claude-agent:3002']
+    metrics_path: '/metrics'
+
+  # GramJS Adapter service
+  - job_name: 'gramjs-adapter'
+    static_configs:
+      - targets: ['gramjs-adapter:3003']
+    metrics_path: '/metrics'
+
+  # Safety Guard service
+  - job_name: 'safety-guard'
+    static_configs:
+      - targets: ['safety-guard:3004']
+    metrics_path: '/metrics'
+
+  # Analytics service
+  - job_name: 'analytics'
+    static_configs:
+      - targets: ['analytics:3005']
+    metrics_path: '/metrics'
+
+  # A/B Testing service
+  - job_name: 'ab-testing'
+    static_configs:
+      - targets: ['ab-testing:3006']
+    metrics_path: '/metrics'
+
+  # PostgreSQL exporter
+  - job_name: 'postgresql'
+    static_configs:
+      - targets: ['postgres-exporter:9187']
+
+  # MongoDB exporter
+  - job_name: 'mongodb'
+    static_configs:
+      - targets: ['mongodb-exporter:9216']
+
+  # Redis exporter
+  - job_name: 'redis'
+    static_configs:
+      - targets: ['redis-exporter:9121']
+
+  # RabbitMQ exporter
+  - job_name: 'rabbitmq'
+    static_configs:
+      - targets: ['rabbitmq:15692']
+
+  # Nginx exporter
+  - job_name: 'nginx'
+    static_configs:
+      - targets: ['nginx-exporter:9113']