DogStark · llinsss · Mar 26, 2026 · Mar 26, 2026 · Mar 26, 2026 · Mar 26, 2026
diff --git a/.env.file-management.example b/.env.file-management.example
@@ -0,0 +1,112 @@
+# File Management System - Environment Configuration Template
+
+# ==================== Storage Provider ====================
+# Options: 's3' or 'gcs'
+STORAGE_PROVIDER=s3
+
+# ==================== AWS S3 Configuration ====================
+AWS_S3_BUCKET=petchain-uploads
+AWS_S3_REGION=us-east-1
+AWS_ACCESS_KEY_ID=your_access_key_here
+AWS_SECRET_ACCESS_KEY=your_secret_key_here
+
+# Optional: For S3-compatible services like MinIO
+# AWS_S3_ENDPOINT=http://minio:9000
+
+# ==================== Google Cloud Storage Configuration ====================
+GCS_BUCKET=petchain-uploads
+GCS_PROJECT_ID=your-gcp-project-id
+# GCS_KEY_FILE=/path/to/gcp-key.json
+
+# ==================== File Encryption ====================
+FILE_ENCRYPTION_ENABLED=false
+FILE_ENCRYPTION_KEY=your-256-bit-encryption-key-base64-encoded
+
+# ==================== File Upload Restrictions ====================
+MAX_FILE_SIZE_MB=50
+TEMP_UPLOAD_DIR=/tmp/petchain-uploads
+
+# Allowed MIME types (comma-separated)
+ALLOWED_MIME_TYPES=image/jpeg,image/png,image/webp,application/pdf,application/msword,application/vnd.openxmlformats-officedocument.wordprocessingml.document,video/mp4,video/quicktime,application/vnd.ms-excel,application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
+
+# ==================== Virus Scanning ====================
+# Options: 'clamav' or 'yara'
+VIRUS_SCANNER_ENABLED=false
+VIRUS_SCANNER_TYPE=clamav
+
+# ClamAV Configuration
+CLAMAV_HOST=localhost
+CLAMAV_PORT=3310
+
+# ==================== Image Processing ====================
+# Image processing quality (0-100)
+IMAGE_QUALITY=85
+# Generate thumbnails
+IMAGE_GENERATE_THUMBNAILS=true
+# Thumbnail size
+IMAGE_THUMBNAIL_WIDTH=200
+IMAGE_THUMBNAIL_HEIGHT=200
+# Generate multiple variants
+IMAGE_GENERATE_VARIANTS=true
+
+# ==================== Backup Configuration ====================
+# Backup retention period in days
+BACKUP_RETENTION_DAYS=90
+
+# Backup scheduling (CRON format)
+# Default: Every day at 2 AM UTC
+BACKUP_SCHEDULE=0 2 * * *
+
+# Backup cleanup schedule (CRON format)
+# Default: Every week on Sunday at 2 AM UTC
+BACKUP_CLEANUP_SCHEDULE=0 2 * * 0
+
+# ==================== File Permissions ====================
+# Permission expiration default in days
+PERMISSION_DEFAULT_EXPIRATION_DAYS=30
+
+# ==================== API Configuration ====================
+API_URL=http://localhost:3001
+API_VERSION=v1
+
+# ==================== Redis Configuration ====================
+# For BullMQ job queue
+REDIS_HOST=localhost
+REDIS_PORT=6379
+REDIS_PASSWORD=
+REDIS_DB=0
+
+# ==================== Logging ====================
+LOG_LEVEL=debug
+LOG_FORMAT=json
+
+# ==================== Monitoring ====================
+# Enable detailed access logging
+ENABLE_FILE_ACCESS_LOGGING=true
+
+# ==================== Cleanup Jobs ====================
+# Clean up expired permissions daily at 3 AM UTC
+EXPIRED_PERMISSION_CLEANUP_SCHEDULE=0 3 * * *
+
+# ==================== CDN Configuration ====================
+# CDN endpoint for serving files
+CDN_ENDPOINT=https://cdn.example.com
+CDN_SIGNED_URL_EXPIRATION_HOURS=24
+
+# ==================== Email Notifications ====================
+# Send notifications on share, backup completion, etc.
+EMAIL_FILE_NOTIFICATIONS_ENABLED=false
+EMAIL_FROM=noreply@petchain.com
+
+# ==================== Compliance ====================
+# GDPR: Audit all file access
+AUDIT_ALL_FILE_ACCESS=true
+
+# PCI DSS: Encrypt sensitive files
+ENCRYPT_SENSITIVE_FILES=true
+
+# ==================== Feature Flags ====================
+ENABLE_FILE_SHARING=true
+ENABLE_FILE_BACKUP=true
+ENABLE_FILE_RECOVERY=true
+ENABLE_AUTO_BACKUPS=true
diff --git a/.github/workflows/performance.yml b/.github/workflows/performance.yml
@@ -4,6 +4,11 @@ on:
   pull_request:
     branches: [main]
 
+permissions:
+  contents: read
+  pull-requests: write
+  issues: write
+
 concurrency:
   group: perf-${{ github.ref }}
   cancel-in-progress: true
@@ -64,13 +69,21 @@ jobs:
 
             📊 [Full Report](${result.url})`;
 
-            if (context.issue.number) {
-              await github.rest.issues.createComment({
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                issue_number: context.issue.number,
-                body: body,
-              });
+            if (context.issue?.number || context.payload?.pull_request?.number) {
+              const issueNumber = context.issue?.number || context.payload?.pull_request?.number;
+              try {
+                await github.rest.issues.createComment({
+                  owner: context.repo.owner,
+                  repo: context.repo.repo,
+                  issue_number: issueNumber,
+                  body: body,
+                });
+              } catch (error) {
+                core.error(`Failed to post comment: ${error.message}`);
+                if (error.status !== 404) throw error;
+              }
+            } else {
+              core.warning('No PR context found for posting comment');
             }
 
   bundle-analysis: