Initial setup — telemetry Worker, D1 schema, and docs

- Cloudflare Worker at telemetry.shackdesk.com/report
- D1 schema for the shackdesk-telemetry database
- GitHub Actions deployment workflow via Wrangler
- README, SECURITY, PRIVACY, and MAINTENANCE documentation

Author: Computer-Tsu

.editorconfig

@@ -0,0 +1,15 @@
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+indent_style = space
+indent_size = 2
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+[*.md]
+trim_trailing_whitespace = false
+
+[*.toml]
+indent_size = 2

.github/workflows/deploy.yml

@@ -0,0 +1,23 @@
+name: Deploy Workers
+
+on:
+  push:
+    branches: [main]
+  workflow_dispatch:
+
+jobs:
+  deploy-telemetry:
+    name: Deploy Telemetry Worker
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Deploy Worker
+        uses: cloudflare/wrangler-action@v3
+        with:
+          apiToken: ${{ secrets.CF_API_TOKEN }}
+          accountId: ${{ secrets.CF_ACCOUNT_ID }}

.gitignore

@@ -0,0 +1,19 @@
+# Wrangler local state and dev database
+.wrangler/
+
+# Local secrets — never commit this file
+# See README.md for the required format
+.dev.vars
+
+# Node
+node_modules/
+npm-debug.log*
+
+# OS
+.DS_Store
+Thumbs.db
+
+# AI assistant working files
+CLAUDE.md
+.claude/
+*.claude

MAINTENANCE.md

@@ -0,0 +1,79 @@
+# Maintenance Guide — ShackDesk Backend
+
+## Cloudflare API Token
+
+The `CF_API_TOKEN` GitHub Actions secret authorises Wrangler to deploy Workers.
+
+**To rotate:**
+1. Cloudflare Dashboard → **My Profile → API Tokens → Create Token**
+2. Use the **Edit Cloudflare Workers** template
+3. Add D1 write permission if not included
+4. Copy the token
+5. GitHub → `Computer-Consultant/ShackDesk-Backend` → **Settings → Secrets → Actions**
+6. Update `CF_API_TOKEN`
+7. Delete the old token from the Cloudflare dashboard
+
+**CF_ACCOUNT_ID** is not a secret but is stored as a GitHub secret for convenience. Find it on the Cloudflare dashboard right sidebar of any zone page.
+
+## D1 Database
+
+**Database name:** `shackdesk-telemetry`
+**Database ID:** `e77c8a3d-cba7-4326-846c-faeb2c585da0`
+
+### Query the database
+```bash
+wrangler d1 execute shackdesk-telemetry --remote --command="SELECT * FROM reports ORDER BY received_at DESC LIMIT 20;"
+```
+
+### Data retention — manual purge (90-day policy)
+```bash
+wrangler d1 execute shackdesk-telemetry --remote \
+  --command="DELETE FROM reports WHERE received_at < datetime('now', '-90 days');"
+```
+
+This should be run periodically. Automating it via a Cloudflare Cron Trigger is a future improvement.
+
+### Schema migrations
+
+Schema changes require a migration file. Never alter the live schema directly without testing locally first.
+
+1. Write the migration SQL
+2. Test locally: `wrangler d1 execute shackdesk-telemetry --local --file=migration.sql`
+3. Apply to production: `wrangler d1 execute shackdesk-telemetry --remote --file=migration.sql`
+4. Commit the migration file to the repo under `db/migrations/`
+
+## Adding a New Worker
+
+1. Create `workers/<name>/src/index.js`
+2. Add a new `[[routes]]` block and any bindings to `wrangler.toml`
+3. If the new Worker needs its own D1 database, create it: `wrangler d1 create <db-name>`
+4. Add a deploy step to `.github/workflows/deploy.yml` if it needs a separate pipeline
+
+## Local Development
+
+```bash
+wrangler dev
+```
+
+Wrangler creates a local SQLite database at `.wrangler/state/`. This is gitignored.
+
+To seed the local database with the schema:
+```bash
+wrangler d1 execute shackdesk-telemetry --local --file=db/schema.sql
+```
+
+## DNS
+
+`telemetry.shackdesk.com` — CNAME record in the Cloudflare zone, proxied (orange cloud).
+Wrangler registers the route automatically on deploy via `wrangler.toml`. If the route ever disappears, redeploy: `wrangler deploy`.
+
+## Cloudflare Rate Limiting
+
+Rate limiting is not in code — it is configured in the Cloudflare dashboard.
+
+**Location:** Cloudflare Dashboard → shackdesk.com zone → **Security → WAF → Rate Limiting Rules**
+
+Recommended rule for `/report`:
+- Expression: `http.request.uri.path eq "/report"`
+- Threshold: 30 requests per 60 seconds
+- Action: Block (duration: 60 seconds)

PRIVACY.md

@@ -0,0 +1,45 @@
+# Privacy Policy — ShackDesk Backend
+
+**Last updated:** 2026-04-06
+
+This document describes what data the ShackDesk backend services collect, store, and retain. It is intended to be read alongside the privacy policy of each ShackDesk application.
+
+## Telemetry Endpoint (`POST /report`)
+
+### What is collected
+
+When a ShackDesk application sends a telemetry report, the following fields are stored:
+
+| Field              | Example                          | Purpose                        |
+|--------------------|----------------------------------|--------------------------------|
+| `report_id`        | UUID                             | Deduplication                  |
+| `app`              | `PortPane`                       | Identify the source application|
+| `version`          | `0.5.2-alpha`                    | Track version distribution     |
+| `event`            | `crash`                          | Event classification           |
+| `os`               | `Windows 10.0.19045`             | OS version analytics           |
+| `props`            | `{"exception":"...", ...}`       | Event-specific detail          |
+| `client_timestamp` | `2026-04-06T12:00:00Z`           | When the event occurred        |
+| `received_at`      | `2026-04-06T12:00:05Z`           | When the server received it    |
+
+### What is never collected
+
+- IP addresses — not stored, not hashed, not logged
+- User identity — no callsign, name, or account
+- File paths or directory names
+- Device serial numbers or MAC addresses
+- Any other personally identifiable information
+
+### Opt-in only
+
+Telemetry is disabled by default in all ShackDesk applications. Users must explicitly enable it in Settings. It can be disabled at any time.
+
+## Data Storage and Retention
+
+- Data is stored in a Cloudflare D1 database (SQLite) hosted in Cloudflare's infrastructure
+- All records are retained for a maximum of **90 days**
+- No data is sold, shared, or transferred to third parties
+
+## Contact
+
+For privacy questions, open an issue at:
+`https://github.com/Computer-Consultant/ShackDesk-Backend/issues`

README.md

@@ -0,0 +1,110 @@
+# ShackDesk-Backend
+
+Backend services for ShackDesk desktop applications — hosted on Cloudflare Workers with D1 storage.
+
+## Services
+
+### Telemetry Worker (`workers/telemetry/`)
+
+Accepts anonymous telemetry reports from ShackDesk apps via `POST https://telemetry.shackdesk.com/report`.
+
+- No IP addresses stored
+- No personally identifiable information collected
+- Opt-in only — users must explicitly enable telemetry in the app
+- All data retained for 90 days maximum
+
+See [PRIVACY.md](PRIVACY.md) for the full data policy.
+
+## Architecture
+
+```
+ShackDesk App (Windows)
+        │
+        │  POST /report (HTTPS)
+        ▼
+telemetry.shackdesk.com  ←── Cloudflare Worker (this repo)
+        │
+        │  INSERT
+        ▼
+  D1: shackdesk-telemetry
+      └── reports table
+```
+
+## Local Development
+
+**Prerequisites:** Node.js 18+, Wrangler CLI (`npm install -g wrangler`)
+
+**Authenticate:**
+```
+wrangler login
+```
+
+**Create a `.dev.vars` file** (never committed — see `.gitignore`):
+```
+# No secrets required for the telemetry Worker currently.
+# Future Workers may require API tokens here.
+```
+
+**Run locally:**
+```
+wrangler dev
+```
+
+This starts the Worker on `http://localhost:8787`. Wrangler creates a local SQLite database that mirrors the D1 schema for development.
+
+**Test with curl:**
+```bash
+curl -X POST http://localhost:8787/report \
+  -H "Content-Type: application/json" \
+  -d '{
+    "report_id": "test-guid-1234",
+    "app": "PortPane",
+    "version": "0.5.2-alpha",
+    "event": "crash",
+    "os": "Windows 10.0.19045",
+    "timestamp": "2026-04-06T00:00:00Z",
+    "props": { "exception": "NullReferenceException", "message": "Test" }
+  }'
+```
+
+## Deployment
+
+Deployment is automatic on push to `main` via GitHub Actions (see `.github/workflows/deploy.yml`).
+
+Manual deployment:
+```
+wrangler deploy
+```
+
+**Required GitHub Secrets:**
+
+| Secret | Description |
+|--------|-------------|
+| `CF_API_TOKEN` | Cloudflare API token with Workers and D1 write permissions |
+| `CF_ACCOUNT_ID` | Cloudflare account ID |
+
+See [MAINTENANCE.md](MAINTENANCE.md) for how to create and rotate these.
+
+## DNS
+
+`telemetry.shackdesk.com` must have a DNS CNAME record in the Cloudflare zone pointing at the Worker route. This is managed via `wrangler.toml` — Wrangler registers the route automatically on deploy. The DNS record must be proxied (orange cloud) in the Cloudflare dashboard.
+
+## Repo Structure
+
+```
+ShackDesk-Backend/
+  workers/
+    telemetry/
+      src/
+        index.js          # Worker entry point
+  wrangler.toml           # Cloudflare Worker config
+  .github/
+    workflows/
+      deploy.yml          # CI deployment pipeline
+  README.md
+  SECURITY.md
+  MAINTENANCE.md
+  PRIVACY.md
+  .gitignore
+  .editorconfig
+```

SECURITY.md

@@ -0,0 +1,63 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability in ShackDesk-Backend, please report it privately.
+
+**Do not open a public GitHub issue for security vulnerabilities.**
+
+Open a private security advisory at:
+`https://github.com/Computer-Consultant/ShackDesk-Backend/security/advisories/new`
+
+Please include:
+- Description of the vulnerability
+- Steps to reproduce
+- Potential impact
+
+You can expect an acknowledgement within 72 hours and a resolution or mitigation plan within 14 days.
+
+## Security Design
+
+### No PII Stored
+
+The telemetry Worker explicitly does not store:
+- IP addresses (not even hashed)
+- User identifiers or callsigns
+- File paths or system usernames
+- Device serial numbers or MAC addresses
+
+### Rate Limiting
+
+Rate limiting is enforced at the Cloudflare zone level, not in Worker code. This avoids any need to track or store client IPs. Configure rate limiting rules in the Cloudflare dashboard under **Security → WAF → Rate Limiting Rules**.
+
+Recommended rule:
+- Path: `/report`
+- Threshold: 30 requests per minute per IP
+- Action: Block for 1 minute
+
+### Input Validation
+
+All incoming payloads are validated for:
+- Required fields presence and type
+- Field length limits (prevents oversized payloads)
+- Valid JSON structure
+
+### Payload Size
+
+The `props` field is capped at 4 KB. The Worker returns 400 if the limit is exceeded.
+
+### Duplicate Reports
+
+The `report_id` field is the D1 primary key. Duplicate submissions (e.g. from the app's offline queue retrying) are silently ignored via `ON CONFLICT DO NOTHING`.
+
+### Transport Security
+
+All traffic is HTTPS only. The `telemetry.shackdesk.com` subdomain is served through Cloudflare's proxy (orange cloud), which enforces TLS 1.2+ and provides DDoS protection.
+
+### Secrets Management
+
+No secrets are stored in code or `wrangler.toml`. Cloudflare API tokens for deployment are stored as GitHub Actions secrets only. Rotate them via the Cloudflare dashboard — see [MAINTENANCE.md](MAINTENANCE.md).
+
+## Supported Versions
+
+Only the current `main` branch deployment is supported. There are no versioned releases of the backend.

db/schema.sql

@@ -0,0 +1,23 @@
+-- ShackDesk Backend — D1 Schema
+-- Database: shackdesk-telemetry
+--
+-- Apply to production: wrangler d1 execute shackdesk-telemetry --remote --file=db/schema.sql
+-- Apply locally:       wrangler d1 execute shackdesk-telemetry --local  --file=db/schema.sql
+--
+-- This file reflects the current live schema.
+-- For changes, add a migration file under db/migrations/ and update this file to match.
+
+CREATE TABLE IF NOT EXISTS reports (
+    id               TEXT PRIMARY KEY,   -- report_id GUID from the app payload
+    app              TEXT NOT NULL,      -- e.g. "PortPane", "RigCheck"
+    version          TEXT NOT NULL,      -- app version string
+    event            TEXT NOT NULL,      -- e.g. "crash", "device_detection", "startup"
+    os               TEXT,               -- Windows version string
+    props            TEXT,               -- JSON blob — event-specific fields
+    client_timestamp TEXT,               -- ISO 8601 UTC — when the event occurred
+    received_at      TEXT NOT NULL       -- ISO 8601 UTC — when the Worker received it
+);
+
+CREATE INDEX IF NOT EXISTS idx_app      ON reports (app);
+CREATE INDEX IF NOT EXISTS idx_event    ON reports (event);
+CREATE INDEX IF NOT EXISTS idx_received ON reports (received_at);