From 9fd5cf58952a7df6eac66908a2a286bd15bfb71a Mon Sep 17 00:00:00 2001
From: Tiago Yamamoto <japa@rede5.com.br>
Date: Wed, 18 Feb 2026 06:22:56 -0600
Subject: [PATCH] docs: update infra diagrams, add test users, fix Coolify URL

- Add full infrastructure Mermaid diagrams (Redbull + Apolo + CI/CD flow)
- Create TEST_USERS.md with all seeder credentials organized by role
- Fix Coolify URL from IP to https://redbull.rede5.com.br
- Update Coolify resources with current domains and status
- Add TEST_USERS.md reference to AGENTS.md, README.md, and doc index
- Update deployment section with both DEV environments

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 README.md          |   1 +
 docs/AGENTS.md     |  17 +++-
 docs/DEVOPS.md     | 207 ++++++++++++++++++++++++++++++++++++++-------
 docs/TEST_USERS.md | 141 ++++++++++++++++++++++++++++++
 4 files changed, 331 insertions(+), 35 deletions(-)
 create mode 100644 docs/TEST_USERS.md

diff --git a/README.md b/README.md
index 5475f91..830f888 100644
--- a/README.md
+++ b/README.md
@@ -21,6 +21,7 @@ Plataforma de recrutamento com arquitetura separada por serviços:
 | [docs/WORKFLOWS.md](docs/WORKFLOWS.md) | Fluxos de deploy e operações |
 | [docs/ROADMAP.md](docs/ROADMAP.md) | Direção de produto e engenharia |
 | [docs/TASKS.md](docs/TASKS.md) | Tarefas e acompanhamento |
+| [docs/TEST_USERS.md](docs/TEST_USERS.md) | Credenciais de teste (login por role) |
 
 ### Por componente
 
diff --git a/docs/AGENTS.md b/docs/AGENTS.md
index b6f6874..440f2f6 100644
--- a/docs/AGENTS.md
+++ b/docs/AGENTS.md
@@ -1,6 +1,6 @@
 # AGENTS.md - GoHorse Jobs
 
-> **Last Updated:** 2026-02-16
+> **Last Updated:** 2026-02-18
 > **Purpose:** Context for AI coding assistants (Claude, Cursor, etc.)
 
 ---
@@ -206,6 +206,7 @@ backoffice/src/
 - **4 roles**: `superadmin` > `admin` > `recruiter` > `candidate`
 - **Middleware stack**: Auth (JWT+RBAC) -> CORS -> Rate Limiting (100 req/min) -> Security Headers -> XSS Sanitizer
 - **JWT secret must match** between Backend and Backoffice
+- **Test credentials**: See [TEST_USERS.md](TEST_USERS.md) for all test accounts
 
 ---
 
@@ -249,8 +250,16 @@ All backend routes under `/api/v1`:
 
 - **Environments**: `dev` (branch: dev), `hml` (branch: hml), `prd` (branch: main)
 - **CI/CD**: Forgejo workflows (`.forgejo/workflows/`) + Drone (`.drone.yml`)
-- **Container runtime**: Podman (dev), Kubernetes (production)
+- **Container runtime**: Podman (Apolo), Coolify/Docker (Redbull), Kubernetes (production)
 - **Registry**: Forgejo (`forgejo-gru.rede5.com.br/rede5/`)
+- **Coolify UI**: https://redbull.rede5.com.br (Redbull VPS DEV environment)
+
+### DEV Environments
+
+| Server | Type | URLs |
+|--------|------|------|
+| **Redbull** (Coolify) | Auto-deploy via Git | `local.gohorsejobs.com`, `api-local.gohorsejobs.com` |
+| **Apolo** (Podman/Quadlet) | Manual deploy | `dev.gohorsejobs.com`, `api-tmp.gohorsejobs.com` |
 
 ---
 
@@ -302,10 +311,12 @@ git push pipe dev
 | API Reference | [API.md](API.md) | Endpoints, contracts, examples |
 | API Security | [API_SECURITY.md](API_SECURITY.md) | Auth, RBAC, permissions |
 | Database Schema | [DATABASE.md](DATABASE.md) | Tables, ERD, migrations |
-| DevOps | [DEVOPS.md](DEVOPS.md) | Infrastructure, deployment |
+| DevOps | [DEVOPS.md](DEVOPS.md) | Infrastructure, deployment, diagrams |
+| Test Users | [TEST_USERS.md](TEST_USERS.md) | Credenciais de teste por role |
 | Roadmap | [ROADMAP.md](ROADMAP.md) | Product direction |
 | Tasks | [TASKS.md](TASKS.md) | Task tracking |
 | Workflows | [WORKFLOWS.md](WORKFLOWS.md) | Deployment workflows |
 | Backend | [../backend/BACKEND.md](../backend/BACKEND.md) | Go API details |
 | Frontend | [../frontend/FRONTEND.md](../frontend/FRONTEND.md) | Next.js details |
 | Backoffice | [../backoffice/BACKOFFICE.md](../backoffice/BACKOFFICE.md) | NestJS details |
+| Seeder | [../seeder-api/SEEDER-API.md](../seeder-api/SEEDER-API.md) | Database seeding & test data |
diff --git a/docs/DEVOPS.md b/docs/DEVOPS.md
index 0bf2218..1b4e8ac 100644
--- a/docs/DEVOPS.md
+++ b/docs/DEVOPS.md
@@ -2,7 +2,7 @@
 
 Infraestrutura, CI/CD e deploy do projeto GoHorseJobs no servidor `apolo`.
 
-> **Last Updated:** 2026-02-17
+> **Last Updated:** 2026-02-18
 > **Servers:** Apolo VPS (Podman), Redbull VPS (Coolify)
 > **Tech Stack:** Podman, Systemd (Quadlet), Traefik, PostgreSQL, Coolify
 
@@ -83,7 +83,7 @@ Ambiente de desenvolvimento no Coolify para deploy automatizado via Git.
 | Property | Value |
 |----------|-------|
 | **Host** | redbull (185.194.141.70) |
-| **Coolify URL** | http://185.194.141.70:8000 |
+| **Coolify URL** | https://redbull.rede5.com.br |
 | **API Token** | `~/.ssh/coolify-redbull-token` |
 | **SSH Key** | `~/.ssh/civo` |
 | **Project UUID** | `gkgksco0ow4kgwo8ow4cgs8c` |
@@ -91,51 +91,55 @@ Ambiente de desenvolvimento no Coolify para deploy automatizado via Git.
 
 ### Resources Created
 
-| Resource | UUID | Port | Domain |
-|----------|------|------|--------|
-| Backend: gohorsejobs-backend-dev | `iw4sow8s0kkg4cccsk08gsoo` | 8521 | coolify-dev.gohorsejobs.com |
-| Frontend: gohorsejobs-frontend-dev | `ao8g40scws0w4cgo8coc8o40` | 3000 | local.gohorsejobs.com |
-| Backoffice: gohorsejobs-backoffice-dev | `hg48wkw4wggwsswcwc8sooo4` | 3001 | backoffice-dev.gohorsejobs.com |
-| Seeder: gohorsejobs-seeder-dev | `q4w48gos8cgssso00o8w8gck` | 8080 | seeder-dev.gohorsejobs.com |
-| Database: gohorsejobs-dev | `bgws48os8wgwk08o48wg8k80` | 5432 | Internal only |
+| Resource | UUID | Port | Domain | Status |
+|----------|------|------|--------|--------|
+| Backend | `iw4sow8s0kkg4cccsk08gsoo` | 8521 | https://api-local.gohorsejobs.com | running |
+| Frontend | `ao8g40scws0w4cgo8coc8o40` | 3000 | https://local.gohorsejobs.com | running |
+| Backoffice | `hg48wkw4wggwsswcwc8sooo4` | 3001 | https://b-local.gohorsejobs.com | running |
+| Seeder | `q4w48gos8cgssso00o8w8gck` | 8080 | https://s-local.gohorsejobs.com | running:healthy |
+| Database (PostgreSQL) | `bgws48os8wgwk08o48wg8k80` | 5432 | Internal only | running:healthy |
 
 ### API Reference
 
-**Base URL:** `http://185.194.141.70:8000/api/v1`
+**Base URL:** `https://redbull.rede5.com.br/api/v1`
 
 **Server UUID:** `m844o4gkwkwcc0k48swgs8c8`
 
 ```bash
 # Listar aplicações
 curl -s -H "Authorization: Bearer $(cat ~/.ssh/coolify-redbull-token)" \
-  "http://185.194.141.70:8000/api/v1/applications"
+  "https://redbull.rede5.com.br/api/v1/applications"
 
 # Atualizar domínios (requer http:// ou https://)
 curl -s -X PATCH -H "Authorization: Bearer $(cat ~/.ssh/coolify-redbull-token)" \
   -H "Content-Type: application/json" \
-  "http://185.194.141.70:8000/api/v1/applications/<UUID>" \
+  "https://redbull.rede5.com.br/api/v1/applications/<UUID>" \
   -d '{"domains":"http://local.gohorsejobs.com","instant_deploy":true}'
 
 # Deploy aplicação
 curl -s -H "Authorization: Bearer $(cat ~/.ssh/coolify-redbull-token)" \
-  "http://185.194.141.70:8000/api/v1/deploy?uuid=<UUID>"
+  "https://redbull.rede5.com.br/api/v1/deploy?uuid=<UUID>"
 
 # Ver domínios do servidor
 curl -s -H "Authorization: Bearer $(cat ~/.ssh/coolify-redbull-token)" \
-  "http://185.194.141.70:8000/api/v1/servers/m844o4gkwkwcc0k48swgs8c8/domains"
+  "https://redbull.rede5.com.br/api/v1/servers/m844o4gkwkwcc0k48swgs8c8/domains"
 ```
 
 ### Architecture
 
 ```
-GitHub (rede5/gohorsejobs.git)
-        │
-        ▼
-    Coolify (Build & Deploy)
-        │
-        ├── Backend (Go) → coolify-dev.gohorsejobs.com:8521
-        │
-        └── PostgreSQL → Internal network only
+GitHub (rede5/gohorsejobs.git)  ←→  Forgejo (pipe.gohorsejobs.com)
+              │                              │
+              ▼                              ▼
+      Coolify (redbull.rede5.com.br)
+      ├── Traefik (reverse proxy + TLS via Let's Encrypt)
+      │
+      ├── gohorsejobs-backend-dev    → https://api-local.gohorsejobs.com
+      ├── gohorsejobs-frontend-dev   → https://local.gohorsejobs.com
+      ├── gohorsejobs-backoffice-dev → https://b-local.gohorsejobs.com
+      ├── gohorsejobs-seeder-dev     → https://s-local.gohorsejobs.com
+      │
+      └── PostgreSQL 16 (gohorsejobs-dev) → Internal network only
 ```
 
 ### Environment Variables
@@ -159,19 +163,19 @@ CORS_ORIGINS=http://coolify-dev.gohorsejobs.com,https://coolify-dev.gohorsejobs.
 ```bash
 # Deploy application
 curl -H "Authorization: Bearer $(cat ~/.ssh/coolify-redbull-token)" \
-  "http://185.194.141.70:8000/api/v1/deploy?uuid=iw4sow8s0kkg4cccsk08gsoo"
+  "https://redbull.rede5.com.br/api/v1/deploy?uuid=iw4sow8s0kkg4cccsk08gsoo"
 
 # Check deployment status
 curl -H "Authorization: Bearer $(cat ~/.ssh/coolify-redbull-token)" \
-  "http://185.194.141.70:8000/api/v1/deployments/<deployment_uuid>"
+  "https://redbull.rede5.com.br/api/v1/deployments/<deployment_uuid>"
 
 # List applications
 curl -H "Authorization: Bearer $(cat ~/.ssh/coolify-redbull-token)" \
-  "http://185.194.141.70:8000/api/v1/applications"
+  "https://redbull.rede5.com.br/api/v1/applications"
 
 # List databases
 curl -H "Authorization: Bearer $(cat ~/.ssh/coolify-redbull-token)" \
-  "http://185.194.141.70:8000/api/v1/databases"
+  "https://redbull.rede5.com.br/api/v1/databases"
 ```
 
 ### Coolify Reference
@@ -182,14 +186,106 @@ curl -H "Authorization: Bearer $(cat ~/.ssh/coolify-redbull-token)" \
 
 ---
 
-## 🏗️ Architecture Diagram
+## 🏗️ Architecture Diagrams
 
-Simplified view of the container hierarchy, networking, and storage.
+### Full Infrastructure Overview
+
+```mermaid
+graph TB
+    subgraph Clients ["Clients"]
+        Browser["Browser / Mobile"]
+    end
+
+    subgraph CF ["Cloudflare (DNS + CDN)"]
+        DNS["DNS Zone: gohorsejobs.com"]
+    end
+
+    subgraph Redbull ["Redbull VPS (185.194.141.70) — Coolify DEV"]
+        TraefikR("Traefik + Let's Encrypt")
+
+        subgraph CoolifyApps ["Coolify Applications"]
+            FE_C["Frontend (:3000)"]
+            BE_C["Backend API (:8521)"]
+            BO_C["Backoffice (:3001)"]
+            SE_C["Seeder API (:8080)"]
+        end
+
+        PG_C[("PostgreSQL 16\ngohorsejobs-dev")]
+    end
+
+    subgraph Apolo ["Apolo VPS (38.19.201.52) — Podman/Quadlet"]
+        TraefikA("Traefik")
+
+        subgraph PodmanApps ["Podman Containers (Systemd/Quadlet)"]
+            FE_A["Frontend (:3000)"]
+            BE_A["Backend API (:8521)"]
+            BO_A["Backoffice (:3001)"]
+            SE_A["Seeder API (:8080)"]
+        end
+
+        PG_A[("PostgreSQL\npostgres-main")]
+        Storage["/mnt/data\n(configs + DB data)"]
+    end
+
+    subgraph Git ["Git Repositories"]
+        GH["GitHub\nrede5/gohorsejobs"]
+        FJ["Forgejo (pipe)\npipe.gohorsejobs.com"]
+    end
+
+    subgraph External ["External Services"]
+        Stripe["Stripe (Payments)"]
+        Firebase["Firebase (FCM)"]
+        R2["Cloudflare R2 (Storage)"]
+        LavinMQ["LavinMQ (AMQP)"]
+        Resend["Resend (Email)"]
+    end
+
+    %% Client Flow
+    Browser --> DNS
+    DNS -- "local.gohorsejobs.com" --> TraefikR
+    DNS -- "dev.gohorsejobs.com" --> TraefikA
+
+    %% Redbull Routing
+    TraefikR -- "local.gohorsejobs.com" --> FE_C
+    TraefikR -- "api-local.gohorsejobs.com" --> BE_C
+    TraefikR -- "b-local.gohorsejobs.com" --> BO_C
+    TraefikR -- "s-local.gohorsejobs.com" --> SE_C
+    BE_C --> PG_C
+    BO_C --> PG_C
+    SE_C --> PG_C
+
+    %% Apolo Routing
+    TraefikA -- "dev.gohorsejobs.com" --> FE_A
+    TraefikA -- "api-tmp.gohorsejobs.com" --> BE_A
+    TraefikA -- "b-tmp.gohorsejobs.com" --> BO_A
+    BE_A --> PG_A
+    BO_A --> PG_A
+    SE_A --> PG_A
+    PG_A -.-> Storage
+
+    %% Git Flow
+    GH <--> FJ
+
+    %% External
+    BE_C -.-> Stripe
+    BE_C -.-> Firebase
+    BE_C -.-> R2
+    BO_C -.-> LavinMQ
+    BO_C -.-> Resend
+
+    style PG_C fill:#336791,stroke:#fff,color:#fff
+    style PG_A fill:#336791,stroke:#fff,color:#fff
+    style TraefikR fill:#f5a623,stroke:#fff,color:#fff
+    style TraefikA fill:#f5a623,stroke:#fff,color:#fff
+    style CF fill:#f48120,stroke:#fff,color:#fff
+```
+
+### Apolo VPS (Podman/Quadlet) Detail
 
 ```mermaid
 graph TD
     subgraph Host ["Apolo VPS (Host)"]
-        
+
         subgraph FS ["File System (/mnt/data)"]
             EnvBE["/gohorsejobs/backend/.env"]
             EnvBO["/gohorsejobs/backoffice/.env"]
@@ -199,21 +295,21 @@ graph TD
 
         subgraph Net ["Network: web_proxy"]
             Traefik("Traefik")
-            
+
             subgraph App ["Application Containers"]
                 BE["Backend API (:8521)"]
                 BO["Backoffice (:3001)"]
                 SE["Seeder API (:8080)"]
                 FE["Frontend (:3000)"]
             end
-            
+
             PG[("postgres-main (:5432)")]
         end
     end
 
     %% Ingress
     Internet((Internet)) --> Traefik
-    
+
     %% Routing
     Traefik -- "dev.gohorsejobs.com" --> FE
     Traefik -- "api-tmp.gohorsejobs.com" --> BE
@@ -237,6 +333,53 @@ graph TD
     style Traefik fill:#f5a623,stroke:#fff,color:#fff
 ```
 
+### Coolify DEV (Redbull) Detail
+
+```mermaid
+graph TD
+    subgraph Redbull ["Redbull VPS — Coolify (redbull.rede5.com.br)"]
+        Traefik("Traefik + Let's Encrypt")
+
+        subgraph Apps ["Applications (auto-deploy via Git)"]
+            BE["Backend Go\n:8521"]
+            FE["Frontend Next.js\n:3000"]
+            BO["Backoffice NestJS\n:3001"]
+            SE["Seeder API\n:8080"]
+        end
+
+        PG[("PostgreSQL 16\ngohorsejobs\n:5432")]
+    end
+
+    GH["GitHub (rede5/gohorsejobs)"] --> |"push dev"| Traefik
+
+    Internet((Internet)) --> Traefik
+    Traefik -- "api-local.gohorsejobs.com" --> BE
+    Traefik -- "local.gohorsejobs.com" --> FE
+    Traefik -- "b-local.gohorsejobs.com" --> BO
+    Traefik -- "s-local.gohorsejobs.com" --> SE
+
+    BE --> PG
+    BO --> PG
+    SE --> PG
+
+    style PG fill:#336791,stroke:#fff,color:#fff
+    style Traefik fill:#f5a623,stroke:#fff,color:#fff
+```
+
+### CI/CD Flow
+
+```mermaid
+graph LR
+    Dev["Developer"] --> |"git push"| GH["GitHub\n(origin)"]
+    GH --> |"sync"| FJ["Forgejo\n(pipe)"]
+
+    GH --> |"webhook"| Coolify["Coolify\n(redbull)"]
+    Coolify --> |"build & deploy"| Redbull["Redbull VPS"]
+
+    Dev --> |"podman build"| Registry["Forgejo Registry\nforgejo-gru.rede5.com.br"]
+    Registry --> |"podman pull"| Apolo["Apolo VPS"]
+```
+
 ---
 
 ## 💾 Storage & Persistence (`/mnt/data`)
diff --git a/docs/TEST_USERS.md b/docs/TEST_USERS.md
new file mode 100644
index 0000000..9c4daa1
--- /dev/null
+++ b/docs/TEST_USERS.md
@@ -0,0 +1,141 @@
+# Test Users - GoHorseJobs
+
+Credenciais de teste geradas pelo Seeder API para o ambiente de desenvolvimento.
+
+> **Last Updated:** 2026-02-18
+> **Importante:** O `PASSWORD_PEPPER` do seeder **deve ser idêntico** ao do backend, caso contrário o login falhará.
+
+---
+
+## Matriz de Usuários de Teste
+
+### SuperAdmin
+
+| Campo | Valor |
+|-------|-------|
+| **Login** | `superadmin` |
+| **Senha** | `Admin@2025!` |
+| **Role** | `superadmin` |
+| **Permissões** | Acesso total ao sistema |
+
+---
+
+### Admins de Empresa
+
+| Login | Senha | Empresa | Role |
+|-------|-------|---------|------|
+| `takeshi_yamamoto` | `Takeshi@2025` | TechCorp | `admin` |
+| `kenji@appmakers.mobile` | `Takeshi@2025` | AppMakers | `admin` |
+
+---
+
+### Recrutadores
+
+| Login | Senha | Empresa | Role |
+|-------|-------|---------|------|
+| `maria_santos` | `User@2025` | DesignHub | `recruiter` |
+
+---
+
+### Candidatos
+
+| Login | Senha | Role |
+|-------|-------|------|
+| `paulo_santos` | `User@2025` | `candidate` |
+| `maria@email.com` | `User@2025` | `candidate` |
+| `ana_silva` | `User@2025` | `candidate` |
+| `carlos_santos` | `User@2025` | `candidate` |
+| `maria_oliveira` | `User@2025` | `candidate` |
+| `pedro_costa` | `User@2025` | `candidate` |
+| `juliana_ferreira` | `User@2025` | `candidate` |
+
+---
+
+### Empresas Fictícias
+
+| Login | Senha | Empresa | Cargo |
+|-------|-------|---------|-------|
+| `wile_e_coyote` | `MeepMeep@123` | ACME Corporation | HR Manager & Chief Failure Officer |
+
+---
+
+## URLs de Login por Ambiente
+
+| Ambiente | URL Frontend | URL API |
+|----------|-------------|---------|
+| **Dev (Coolify)** | https://local.gohorsejobs.com | https://api-local.gohorsejobs.com |
+| **Dev (Apolo)** | https://dev.gohorsejobs.com | https://api-tmp.gohorsejobs.com |
+| **Local** | http://localhost:8963 | http://localhost:8521 |
+
+---
+
+## Como Testar Login
+
+### Via Frontend
+1. Acesse a URL do ambiente
+2. Clique em "Login" / "Entrar"
+3. Use email ou username + senha da tabela acima
+
+### Via API (cURL)
+
+```bash
+# Login como superadmin
+curl -X POST https://api-local.gohorsejobs.com/api/v1/auth/login \
+  -H "Content-Type: application/json" \
+  -d '{"login": "superadmin", "password": "Admin@2025!"}'
+
+# Login como candidato
+curl -X POST https://api-local.gohorsejobs.com/api/v1/auth/login \
+  -H "Content-Type: application/json" \
+  -d '{"login": "paulo_santos", "password": "User@2025"}'
+
+# Login como admin de empresa
+curl -X POST https://api-local.gohorsejobs.com/api/v1/auth/login \
+  -H "Content-Type: application/json" \
+  -d '{"login": "takeshi_yamamoto", "password": "Takeshi@2025"}'
+```
+
+---
+
+## Permissões por Role
+
+```
+superadmin > admin > recruiter > candidate
+```
+
+| Funcionalidade | superadmin | admin | recruiter | candidate |
+|----------------|:---:|:---:|:---:|:---:|
+| Gerenciar usuários | x | x | - | - |
+| Gerenciar empresas | x | x | - | - |
+| Moderar vagas | x | x | - | - |
+| Criar vagas | x | x | x | - |
+| Editar vagas | x | x | x | - |
+| Candidatar-se | - | - | - | x |
+| Ver perfil | x | x | x | x |
+| Notificações | x | x | x | x |
+| Email templates | x | - | - | - |
+| SMTP settings | x | - | - | - |
+| System credentials | x | - | - | - |
+
+---
+
+## Troubleshooting
+
+### Erro AUTH 401 / AUTH_INVALID_CREDENTIALS
+
+1. Verifique se o `PASSWORD_PEPPER` do backend e do seeder são idênticos
+2. Verifique se o seeder foi executado com sucesso (`npm run seed`)
+3. Verifique se o banco de dados está acessível
+4. Verifique se o JWT_SECRET está configurado no backend
+
+### Seeder não rodou
+
+```bash
+# Verificar status do seeder no Coolify
+curl -s -H "Authorization: Bearer $(cat ~/.ssh/coolify-redbull-token)" \
+  "https://redbull.rede5.com.br/api/v1/applications/q4w48gos8cgssso00o8w8gck"
+
+# Re-executar seed manualmente
+cd seeder-api
+npm run seed:reset
+```