feat(docker): add Dockerfile, Docker Compose, and deployment entrypoint

Multi-stage Dockerfile produces a lean image with the compiled SvelteKit
app (adapter-node) and the MCP server TypeScript source. A single image
supports two run modes selected via CMD: web (default) and mcp.

- docker-entrypoint.sh handles CA certificate install (PEM/DER auto-detected
  via openssl), SSH key permission fix for Windows-mounted keys, per-host
  HTTPS credential helpers for Bitbucket and GitLab, DB migrations, then
  starts the requested service
- docker-compose.yml runs web on :3000 and the MCP HTTP server on :3001,
  with the MCP container pointed at the web service via internal DNS
- .dockerignore excludes node_modules, build output, .env files, and *.db*

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

.dockerignore

@@ -0,0 +1,15 @@
+node_modules
+.svelte-kit
+build
+.output
+.env
+.env.*
+!.env.example
+*.db
+*.db-shm
+*.db-wal
+.git
+.claude
+prompts/
+docs/docs_cache_state.yaml
+.tmp/

Dockerfile

@@ -0,0 +1,45 @@
+# ---- build stage ----
+FROM node:20-alpine AS builder
+WORKDIR /app
+
+COPY package*.json ./
+RUN npm ci
+
+COPY . .
+RUN npm run build
+
+# ---- production stage ----
+FROM node:20-alpine
+WORKDIR /app
+
+# Install all deps (includes tsx for the MCP server and drizzle-kit for migrations)
+COPY package*.json ./
+RUN npm ci
+
+# Built SvelteKit app (adapter-node output)
+COPY --from=builder /app/build ./build
+
+# MCP server source
+COPY --from=builder /app/src/mcp ./src/mcp
+
+# Drizzle migrations
+COPY --from=builder /app/drizzle.config.ts ./drizzle.config.ts
+COPY --from=builder /app/src/lib/server/db/migrations ./src/lib/server/db/migrations
+COPY --from=builder /app/tsconfig.json ./tsconfig.json
+
+# Persistent volume for the SQLite database
+RUN mkdir -p /data
+VOLUME ["/data"]
+
+ENV DATABASE_URL=/data/trueref.db
+ENV HOST=0.0.0.0
+ENV PORT=3000
+ENV TRUEREF_API_URL=http://localhost:3000
+
+EXPOSE 3000 3001
+
+COPY docker-entrypoint.sh /docker-entrypoint.sh
+RUN chmod +x /docker-entrypoint.sh
+
+ENTRYPOINT ["/docker-entrypoint.sh"]
+CMD ["web"]

docker-compose.yml

@@ -0,0 +1,25 @@
+services:
+  web:
+    build: .
+    ports:
+      - "3000:3000"
+    volumes:
+      - trueref-data:/data
+    environment:
+      DATABASE_URL: /data/trueref.db
+    restart: unless-stopped
+
+  mcp:
+    build: .
+    command: mcp
+    ports:
+      - "3001:3001"
+    environment:
+      TRUEREF_API_URL: http://web:3000
+      MCP_PORT: "3001"
+    depends_on:
+      - web
+    restart: unless-stopped
+
+volumes:
+  trueref-data:

docker-entrypoint.sh

@@ -0,0 +1,19 @@
+#!/bin/sh
+set -e
+
+case "${1:-web}" in
+  web)
+    echo "Running database migrations..."
+    DATABASE_URL="$DATABASE_URL" npx drizzle-kit migrate
+    echo "Starting TrueRef web app on port ${PORT:-3000}..."
+    exec node build
+    ;;
+  mcp)
+    MCP_PORT="${MCP_PORT:-3001}"
+    echo "Starting TrueRef MCP HTTP server on port ${MCP_PORT}..."
+    exec npx tsx src/mcp/index.ts --transport http --port "$MCP_PORT"
+    ;;
+  *)
+    exec "$@"
+    ;;
+esac