fix: install script cd to project root and improve error handling

- Auto-detect project root from script location so it works from any dir
- Fail properly if docker-compose build fails (was hidden by pipe)
- Use docker exec for backend health checks (port 8000 not exposed in prod)
- Add fallback API access via docker exec if nginx not reachable yet
- Show backend logs during wait for better debugging
- Increase timeouts for MITRE sync and data source sync

scripts/install.sh

@@ -15,6 +15,11 @@
 
 set -e
 
+# Always run from the project root (parent of scripts/)
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
+cd "$PROJECT_ROOT"
+
 # Colors
 GREEN='\033[0;32m'
 YELLOW='\033[1;33m'
@@ -117,9 +122,12 @@ fi
 print_header "Building and starting containers"
 
 print_info "This may take a few minutes on first run..."
-$COMPOSE_CMD -f docker-compose.prod.yml up -d --build 2>&1 | while IFS= read -r line; do
-    echo "  $line"
-done
+print_info "Project root: $PROJECT_ROOT"
+
+if ! $COMPOSE_CMD -f docker-compose.prod.yml up -d --build; then
+    print_error "Failed to build/start containers. Check the output above."
+    exit 1
+fi
 
 print_ok "Containers started"
 
@@ -145,14 +153,18 @@ print_ok "PostgreSQL is ready"
 # Wait for backend (which runs migrations + seed on startup)
 print_info "Waiting for backend (running migrations and seeds)..."
 RETRY=0
-until curl -sf http://localhost:8000/health > /dev/null 2>&1 || \
-      docker exec aegis-backend curl -sf http://localhost:8000/health > /dev/null 2>&1; do
+until docker exec aegis-backend curl -sf http://localhost:8000/health > /dev/null 2>&1; do
     RETRY=$((RETRY + 1))
-    if [ $RETRY -ge 60 ]; then
-        print_error "Backend failed to start after 120 seconds"
+    if [ $RETRY -ge 90 ]; then
+        print_error "Backend failed to start after 180 seconds"
         echo "  Check logs: docker logs aegis-backend"
         exit 1
     fi
+    # Show progress every 10 attempts
+    if [ $((RETRY % 5)) -eq 0 ]; then
+        print_info "  Still waiting... ($RETRY attempts, checking logs)"
+        docker logs aegis-backend --tail 3 2>/dev/null | while IFS= read -r line; do echo "    $line"; done
+    fi
     sleep 2
 done
 print_ok "Backend is ready (migrations and seeds completed)"
@@ -183,15 +195,33 @@ echo ""
 if [[ ! $REPLY =~ ^[Nn]$ ]]; then
     print_info "Authenticating..."
 
-    # Get admin token
-    TOKEN=$(curl -sf -X POST "http://localhost:${FRONTEND_PORT}/api/v1/auth/login" \
+    # Get admin token (try via nginx first, then directly to backend container)
+    API_URL="http://localhost:${FRONTEND_PORT}/api/v1"
+    TOKEN=$(curl -sf --max-time 10 -X POST "${API_URL}/auth/login" \
         -H "Content-Type: application/x-www-form-urlencoded" \
-        -d "username=admin&password=admin123" | python3 -c "import sys,json; print(json.load(sys.stdin).get('access_token',''))" 2>/dev/null || echo "")
+        -d "username=admin&password=admin123" 2>/dev/null | \
+        python3 -c "import sys,json; print(json.load(sys.stdin).get('access_token',''))" 2>/dev/null || echo "")
+
+    # Fallback: try directly via backend container
+    if [ -z "$TOKEN" ] || [ "$TOKEN" = "" ]; then
+        TOKEN=$(docker exec aegis-backend curl -sf -X POST "http://localhost:8000/api/v1/auth/login" \
+            -H "Content-Type: application/x-www-form-urlencoded" \
+            -d "username=admin&password=admin123" 2>/dev/null | \
+            python3 -c "import sys,json; print(json.load(sys.stdin).get('access_token',''))" 2>/dev/null || echo "")
+        API_URL="http://localhost:8000/api/v1"
+        API_VIA_DOCKER=true
+    fi
 
     if [ -n "$TOKEN" ] && [ "$TOKEN" != "" ]; then
         print_info "Syncing MITRE ATT&CK data (this takes 1-2 minutes)..."
-        SYNC_RESULT=$(curl -sf -X POST "http://localhost:${FRONTEND_PORT}/api/v1/system/sync-mitre" \
+
+        if [ "$API_VIA_DOCKER" = true ]; then
+            SYNC_RESULT=$(docker exec aegis-backend curl -sf --max-time 300 -X POST "${API_URL}/system/sync-mitre" \
                 -H "Authorization: Bearer $TOKEN" 2>/dev/null || echo "error")
+        else
+            SYNC_RESULT=$(curl -sf --max-time 300 -X POST "${API_URL}/system/sync-mitre" \
+                -H "Authorization: Bearer $TOKEN" 2>/dev/null || echo "error")
+        fi
 
         if [ "$SYNC_RESULT" != "error" ]; then
             print_ok "MITRE ATT&CK sync completed"
@@ -201,11 +231,17 @@ if [[ ! $REPLY =~ ^[Nn]$ ]]; then
 
         # Sync data sources
         print_info "Syncing data sources (Atomic Red Team, SigmaHQ, etc.)..."
-        for source_id in $(curl -sf "http://localhost:${FRONTEND_PORT}/api/v1/data-sources" \
+        if [ "$API_VIA_DOCKER" = true ]; then
+            CURL_PREFIX="docker exec aegis-backend curl"
+        else
+            CURL_PREFIX="curl"
+        fi
+
+        for source_id in $($CURL_PREFIX -sf "${API_URL}/data-sources" \
             -H "Authorization: Bearer $TOKEN" 2>/dev/null | \
             python3 -c "import sys,json; [print(s['id']) for s in json.load(sys.stdin)]" 2>/dev/null); do
 
-            curl -sf -X POST "http://localhost:${FRONTEND_PORT}/api/v1/data-sources/${source_id}/sync" \
+            $CURL_PREFIX -sf --max-time 120 -X POST "${API_URL}/data-sources/${source_id}/sync" \
                 -H "Authorization: Bearer $TOKEN" > /dev/null 2>&1 || true
         done
         print_ok "Data source sync triggered"