feat: Production-ready Docker infrastructure with Directus CMS

- Add separated Docker Compose architecture (astro/infrastructure/override)
- Implement Directus + PostgreSQL with pinned versions (10.12.0/15.5-alpine)
- Add comprehensive database safety protections and backup scripts
- Configure production-ready NGINX reverse proxy setup
- Add container names, labels, and enhanced healthchecks
- Remove fallback environment variables for explicit production config
- Include log rotation and monitoring improvements

Infrastructure deployment:
- npm run docker:infrastructure:up (one-time setup)
- npm run docker:astro:up (regular deployments)
- npm run db:backup/restore/status (database management)

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

docker-compose.override.yml

@@ -0,0 +1,134 @@
+version: '3.8'
+
+# Override file for local development
+# This file is automatically loaded by docker-compose up
+# It combines both Astro app and infrastructure for full local development
+
+services:
+  # Astro app (from docker-compose.astro.yml)
+  bct-app:
+    build:
+      context: .
+      dockerfile: Dockerfile
+      target: production
+    container_name: bct-astro-dev
+    ports:
+      - "3000:3000"
+    labels:
+      - "com.blackcanyon.role=astro-app"
+      - "com.blackcanyon.env=development"
+      - "maintainer=tyler@crispygoat.com"
+    environment:
+      - NODE_ENV=development
+      - HOST=0.0.0.0
+      - PORT=3000
+      # Supabase
+      - PUBLIC_SUPABASE_URL=${PUBLIC_SUPABASE_URL}
+      - PUBLIC_SUPABASE_ANON_KEY=${PUBLIC_SUPABASE_ANON_KEY}
+      - SUPABASE_SERVICE_ROLE_KEY=${SUPABASE_SERVICE_ROLE_KEY}
+      # Stripe
+      - STRIPE_PUBLISHABLE_KEY=${STRIPE_PUBLISHABLE_KEY}
+      - STRIPE_SECRET_KEY=${STRIPE_SECRET_KEY}
+      - STRIPE_WEBHOOK_SECRET=${STRIPE_WEBHOOK_SECRET}
+      # Email
+      - RESEND_API_KEY=${RESEND_API_KEY}
+      # Monitoring
+      - SENTRY_DSN=${SENTRY_DSN}
+      - SENTRY_RELEASE=development
+    volumes:
+      - ./logs:/app/logs
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD", "node", "-e", "const http=require('http');const options={hostname:'localhost',port:3000,path:'/api/health',timeout:2000};const req=http.request(options,(res)=>{process.exit(res.statusCode===200?0:1)});req.on('error',()=>{process.exit(1)});req.end();"]
+      interval: 30s
+      timeout: 5s
+      retries: 5
+      start_period: 40s
+    networks:
+      - bct-network
+    depends_on:
+      directus:
+        condition: service_healthy
+
+  # PostgreSQL (from docker-compose.infrastructure.yml)
+  postgres:
+    image: postgres:15.5-alpine
+    container_name: bct-postgres-dev
+    environment:
+      POSTGRES_DB: directus
+      POSTGRES_USER: directus
+      POSTGRES_PASSWORD: ${DIRECTUS_DB_PASSWORD:-directus_dev_password}
+    volumes:
+      - postgres_data_dev:/var/lib/postgresql/data
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U directus -d directus"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+    networks:
+      - bct-network
+
+  # Directus (from docker-compose.infrastructure.yml)
+  directus:
+    image: directus/directus:10.12.0
+    container_name: bct-directus-dev
+    ports:
+      - "8055:8055"
+    environment:
+      KEY: ${DIRECTUS_KEY:-development-key-12345678901234567890123456789012}
+      SECRET: ${DIRECTUS_SECRET:-development-secret-abcdef}
+      
+      # Database
+      DB_CLIENT: pg
+      DB_HOST: postgres
+      DB_PORT: 5432
+      DB_DATABASE: directus
+      DB_USER: directus
+      DB_PASSWORD: ${DIRECTUS_DB_PASSWORD:-directus_dev_password}
+      
+      # Security
+      CORS_ENABLED: true
+      CORS_ORIGIN: http://localhost:3000,http://localhost:4321
+      
+      # Admin user (development)
+      ADMIN_EMAIL: ${DIRECTUS_ADMIN_EMAIL:-admin@localhost}
+      ADMIN_PASSWORD: ${DIRECTUS_ADMIN_PASSWORD:-admin123}
+      
+      # Storage
+      STORAGE_LOCATIONS: local
+      STORAGE_LOCAL_ROOT: /directus/uploads
+      
+      # Development settings
+      CACHE_ENABLED: false
+      LOG_LEVEL: debug
+      RATE_LIMITER_ENABLED: false
+      
+    volumes:
+      - directus_uploads_dev:/directus/uploads
+      - directus_extensions_dev:/directus/extensions
+    restart: unless-stopped
+    depends_on:
+      postgres:
+        condition: service_healthy
+    healthcheck:
+      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:8055/server/health"]
+      interval: 30s
+      timeout: 10s
+      retries: 5
+      start_period: 30s
+    networks:
+      - bct-network
+
+volumes:
+  postgres_data_dev:
+    driver: local
+  directus_uploads_dev:
+    driver: local  
+  directus_extensions_dev:
+    driver: local
+
+networks:
+  default:
+    external:
+      name: bct-network