SQLite was too slow for analytical aggregations on traffic_events and
waf_events (millions of rows, GROUP BY, COUNT DISTINCT). ClickHouse is
a columnar OLAP database purpose-built for this workload.
- Add ClickHouse container to Docker Compose with health check
- Create src/lib/clickhouse/client.ts with singleton client, table DDL,
insert helpers, and all analytics query functions
- Update log-parser.ts and waf-log-parser.ts to write to ClickHouse
- Remove purgeOldEntries — ClickHouse TTL handles 90-day retention
- Rewrite analytics-db.ts and waf-events.ts to query ClickHouse
- Remove trafficEvents/wafEvents from SQLite schema, add migration
- CLICKHOUSE_PASSWORD is required (no hardcoded default)
- Update .env.example, README, and test infrastructure
API response shapes are unchanged — no frontend modifications needed.
Parse state (file offsets) remains in SQLite.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add five new features to the features list: Forward Auth Portal, mTLS
RBAC, User Roles, User Management, and Groups. Add a Forward Auth
Portal section explaining the built-in IdP, groups, and per-host
access control.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Caddy's certmagic creates storage dirs with hardcoded 0700 permissions,
making the web container's supplementary group membership ineffective.
Rather than working around this with ACLs or chmod hacks, remove the
feature entirely — it was cosmetic (issuer/expiry display) for certs
that Caddy auto-manages anyway.
Also bump access list dropdown timeout from 5s to 10s to fix flaky E2E test.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace all Material UI references with shadcn/ui + Tailwind CSS across README,
site, and wiki. Add L4 TCP/UDP proxy documentation to website feature grid,
README features list, and new wiki guide. Add Wiki nav link to site header.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add Geo Blocking section to README with rule types and GeoIP setup
- Add Geo Blocking card to landing page (site/index.html)
- Refresh all 4 screenshots from current UI
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
