Merge branch 'main' of github-debros:DeBrosOfficial/network

- Renamed the `make down` command to `make stop` in the README for clarity.
- Enhanced the node configuration to include additional parameters for RQLite, specifically `RQLiteRaftInternalPort`, `HTTPAdvAddress`, and `RaftAdvAddress`.
- Updated the HTTPS gateway to use Let's Encrypt in production mode by default, removing references to the staging environment and improving logging for certificate management.

.github/workflows/release-apt.yml

@@ -58,8 +58,7 @@ jobs:
           mkdir -p build/usr/local/bin
           go build -ldflags "$LDFLAGS" -o build/usr/local/bin/orama cmd/cli/main.go
           go build -ldflags "$LDFLAGS" -o build/usr/local/bin/debros-node cmd/node/main.go
-          # Build the entire gateway package so helper files (e.g., config parsing) are included
-          go build -ldflags "$LDFLAGS" -o build/usr/local/bin/debros-gateway ./cmd/gateway
+          go build -ldflags "$LDFLAGS" -o build/usr/local/bin/debros-gateway cmd/gateway/main.go
 
       - name: Create Debian package structure
         run: |

CHANGELOG.md

@@ -18,9 +18,9 @@ The format is based on [Keep a Changelog][keepachangelog] and adheres to [Semant
 ### Added
 \n
 ### Changed
-- Cleaned up the README by removing outdated feature lists and complex examples, focusing on the Quick Start guide.
-- Updated development configuration to correctly set advertised addresses for RQLite, improving internal cluster communication.
-- Simplified the build process for the `debros-gateway` binary in the Debian release workflow.
+- Switched Let's Encrypt automatic certificate management to use the production environment instead of staging.
+- Updated development environment configuration to explicitly set HTTP and Raft advertise addresses for RQLite.
+- Updated README to reflect the change from `make down` to `make stop` for stopping the development environment.
 
 ### Deprecated
 

README.md

@@ -2,6 +2,14 @@
 
 A decentralized peer-to-peer data platform built in Go. Combines distributed SQL (RQLite), pub/sub messaging, and resilient peer discovery so applications can share state without central infrastructure.
 
+## Features
+
+- **Distributed SQL** - RQLite with Raft consensus
+- **Pub/Sub Messaging** - Topic-based with automatic cleanup
+- **Namespace Isolation** - Multi-tenant support
+- **Secure Transport** - LibP2P + Noise/TLS encryption
+- **Unified Gateway** - Single port access to all node services
+
 ## Quick Start
 
 ### Local Development
@@ -14,7 +22,13 @@ make build
 make dev
 ```
 
-The cluster automatically performs health checks before declaring success.
+The cluster automatically performs health checks before declaring success. Check the output for:
+
+- Node unified gateway ports (6001-6005)
+- IPFS API endpoints
+- Olric cache server
+- Peer connection status
+- Example curl commands
 
 ### Stop Development Environment
 
@@ -35,9 +49,13 @@ Each node is accessible via a single unified gateway port:
 ```bash
 # Node-1 (port 6001)
 curl http://node-1.local:6001/health
+curl http://node-1.local:6001/rqlite/http/db/execute -H "Content-Type: application/json" -d '{"sql":"SELECT 1"}'
+curl http://node-1.local:6001/cluster/health
+curl http://node-1.local:6001/ipfs/api/v0/version
 
 # Node-2 (port 6002)
 curl http://node-2.local:6002/health
+curl http://node-2.local:6002/rqlite/http/db/execute -H "Content-Type: application/json" -d '{"sql":"SELECT 1"}'
 
 # Node-3 (port 6003)
 curl http://node-3.local:6003/health
@@ -49,6 +67,46 @@ curl http://node-4.local:6004/health
 curl http://node-5.local:6005/health
 ```
 
+### Main Gateway
+
+The main gateway provides `/v1/*` routes for RQLite, pub/sub, and storage:
+
+```bash
+# Gateway health
+curl http://node-1.local:6001/health
+
+# Gateway status
+curl http://node-1.local:6001/v1/status
+
+# Network peers
+curl http://node-1.local:6001/v1/network/status
+
+# Database query
+curl http://node-1.local:6001/v1/rqlite/query \
+  -H "Content-Type: application/json" \
+  -d '{"sql":"SELECT 1"}'
+
+# Pub/Sub topics
+curl http://node-1.local:6001/v1/pubsub/topics
+```
+
+### Direct Service Access (Debugging)
+
+Direct access to individual service ports without unified gateway:
+
+```bash
+# RQLite HTTP (each node on its own port)
+curl http://localhost:5001/db/execute -H "Content-Type: application/json" -d '{"sql":"SELECT 1"}'  # Bootstrap
+curl http://localhost:5002/db/execute -H "Content-Type: application/json" -d '{"sql":"SELECT 1"}'  # Node2
+
+# IPFS API
+curl http://localhost:4501/api/v0/version  # Bootstrap IPFS
+curl http://localhost:4502/api/v0/version  # Node2 IPFS
+
+# Olric Cache
+curl http://localhost:3320/stats
+```
+
 ## Network Architecture
 
 ### Unified Gateway Ports
@@ -89,7 +147,7 @@ orama dev logs node-1 --follow  # Follow logs in real-time
 orama dev logs gateway --follow # Gateway logs
 
 # Stop all services
-orama stop
+orama dev down
 
 # Build binaries
 make build
@@ -164,7 +222,16 @@ echo "deb https://debrosficial.github.io/network/apt stable main" | sudo tee /et
 
 sudo apt update && sudo apt install orama
 
-sudo orama install --interactive
+# Interactive installation (recommended)
+sudo orama install
+
+# Or with flags - First node (creates new cluster)
+sudo orama install --vps-ip <public_ip> --domain node-1.example.com
+
+# Joining existing cluster
+sudo orama install --vps-ip <public_ip> --domain node-2.example.com \
+  --peers /ip4/<first_node_ip>/tcp/4001/p2p/<peer_id> \
+  --cluster-secret <64-hex-secret>
 ```
 
 ### Service Management
@@ -188,7 +255,7 @@ orama logs ipfs --follow
 
 ```bash
 # Upgrade to latest version
-sudo orama upgrade --interactive
+sudo orama upgrade --restart [--branch nightly]
 ```
 
 ## Configuration

pkg/environments/development/config.go

@@ -143,19 +143,19 @@ func (ce *ConfigEnsurer) ensureNodeConfig(nodeSpec NodeSpec, peerAddrs []string)
 
 	// Generate node config (all nodes are unified)
 	data := templates.NodeConfigData{
-		NodeID:             nodeSpec.Name,
-		P2PPort:            nodeSpec.P2PPort,
-		DataDir:            nodeDir,
-		RQLiteHTTPPort:     nodeSpec.RQLiteHTTPPort,
-		RQLiteRaftPort:     nodeSpec.RQLiteRaftPort,
+		NodeID:                 nodeSpec.Name,
+		P2PPort:                nodeSpec.P2PPort,
+		DataDir:                nodeDir,
+		RQLiteHTTPPort:         nodeSpec.RQLiteHTTPPort,
+		RQLiteRaftPort:         nodeSpec.RQLiteRaftPort,
 		RQLiteRaftInternalPort: nodeSpec.RQLiteRaftPort,
-		RQLiteJoinAddress:  nodeSpec.RQLiteJoinTarget,
-		BootstrapPeers:     peerAddrs,
-		ClusterAPIPort:     nodeSpec.ClusterAPIPort,
-		IPFSAPIPort:        nodeSpec.IPFSAPIPort,
-		HTTPAdvAddress:     fmt.Sprintf("localhost:%d", nodeSpec.RQLiteHTTPPort),
-		RaftAdvAddress:     fmt.Sprintf("localhost:%d", nodeSpec.RQLiteRaftPort),
-		UnifiedGatewayPort: nodeSpec.UnifiedGatewayPort,
+		RQLiteJoinAddress:      nodeSpec.RQLiteJoinTarget,
+		BootstrapPeers:         peerAddrs,
+		ClusterAPIPort:         nodeSpec.ClusterAPIPort,
+		IPFSAPIPort:            nodeSpec.IPFSAPIPort,
+		UnifiedGatewayPort:     nodeSpec.UnifiedGatewayPort,
+		HTTPAdvAddress:         fmt.Sprintf("localhost:%d", nodeSpec.RQLiteHTTPPort),
+		RaftAdvAddress:         fmt.Sprintf("localhost:%d", nodeSpec.RQLiteRaftPort),
 	}
 
 	config, err := templates.RenderNodeConfig(data)

pkg/gateway/https.go

@@ -9,7 +9,6 @@ import (
 	"time"
 
 	"go.uber.org/zap"
-	"golang.org/x/crypto/acme"
 	"golang.org/x/crypto/acme/autocert"
 
 	"github.com/DeBrosOfficial/network/pkg/config"
@@ -56,33 +55,22 @@ func NewHTTPSGateway(logger *logging.ColoredLogger, cfg *config.HTTPGatewayConfi
 		)
 		// Don't set certManager - will use CertFile/KeyFile from config
 	} else if cfg.HTTPS.AutoCert {
-		// Use Let's Encrypt STAGING (consistent with SNI gateway)
+		// Use Let's Encrypt PRODUCTION (default when Client is nil)
 		cacheDir := cfg.HTTPS.CacheDir
 		if cacheDir == "" {
 			cacheDir = "/home/debros/.orama/tls-cache"
 		}
 
-		// Use Let's Encrypt STAGING - provides higher rate limits for testing/development
-		directoryURL := "https://acme-staging-v02.api.letsencrypt.org/directory"
-		logger.ComponentWarn(logging.ComponentGeneral,
-			"Using Let's Encrypt STAGING - certificates will not be trusted by production clients",
-			zap.String("domain", cfg.HTTPS.Domain),
-		)
-
 		gateway.certManager = &autocert.Manager{
 			Prompt:     autocert.AcceptTOS,
 			HostPolicy: autocert.HostWhitelist(cfg.HTTPS.Domain),
 			Cache:      autocert.DirCache(cacheDir),
 			Email:      cfg.HTTPS.Email,
-			Client: &acme.Client{
-				DirectoryURL: directoryURL,
-			},
 		}
 
-		logger.ComponentInfo(logging.ComponentGeneral, "Let's Encrypt autocert configured",
+		logger.ComponentInfo(logging.ComponentGeneral, "Let's Encrypt autocert configured (production)",
 			zap.String("domain", cfg.HTTPS.Domain),
 			zap.String("cache_dir", cacheDir),
-			zap.String("acme_environment", "staging"),
 		)
 	}
 

pkg/node/node.go

@@ -23,7 +23,6 @@ import (
 	noise "github.com/libp2p/go-libp2p/p2p/security/noise"
 	"github.com/multiformats/go-multiaddr"
 	"go.uber.org/zap"
-	"golang.org/x/crypto/acme"
 	"golang.org/x/crypto/acme/autocert"
 
 	"github.com/DeBrosOfficial/network/pkg/config"
@@ -809,16 +808,12 @@ func (n *Node) startHTTPGateway(ctx context.Context) error {
 		}
 
 		// Create TLS configuration with Let's Encrypt autocert
-		// Using STAGING environment to avoid rate limits during development/testing
-		// TODO: Switch to production when ready (remove Client field)
+		// Using PRODUCTION Let's Encrypt (default when Client is nil)
 		certManager = &autocert.Manager{
 			Prompt:     autocert.AcceptTOS,
 			HostPolicy: autocert.HostWhitelist(gwCfg.DomainName),
 			Cache:      autocert.DirCache(tlsCacheDir),
 			Email:      fmt.Sprintf("admin@%s", gwCfg.DomainName),
-			Client: &acme.Client{
-				DirectoryURL: "https://acme-staging-v02.api.letsencrypt.org/directory",
-			},
 		}
 
 		// Store certificate manager for use by SNI gateway