Remove deploy/demo and rewire benchmarks to the real compose stack

README.testing.md

@@ -62,10 +62,12 @@ Full WAF evaluation with real target apps plus the CRS Albedo backend:
 
 ```sh
 # Prerequisites
-cp deploy/demo/.env.example deploy/demo/.env
+cp deploy/docker/.env.example deploy/docker/.env
 cp benchmarks/lab/.env.example benchmarks/lab/.env
 git submodule update --init --recursive
 
+# Ensure deploy/docker/.env has ADMIN_EMAIL and ADMIN_PASSWORD set.
+
 # Bring up the lab
 make eval-up
 

benchmarks/Makefile

@@ -1,9 +1,10 @@
 REPO_ROOT    := $(shell git rev-parse --show-toplevel 2>/dev/null || pwd)
-DEMO_COMPOSE := $(REPO_ROOT)/deploy/demo/docker-compose.yml
+CORE_COMPOSE := $(REPO_ROOT)/deploy/docker/docker-compose.yml
 LAB_COMPOSE  := $(REPO_ROOT)/benchmarks/lab/docker-compose.targets.yml
-DEMO_ENV     := $(REPO_ROOT)/deploy/demo/.env
+CORE_ENV     := $(REPO_ROOT)/deploy/docker/.env
 LAB_ENV      := $(REPO_ROOT)/benchmarks/lab/.env
 RUNNERS      := $(REPO_ROOT)/benchmarks/lab/runners
+COMPOSE      := docker compose -f $(CORE_COMPOSE) -f $(LAB_COMPOSE) --env-file $(CORE_ENV) --env-file $(LAB_ENV)
 
 RUN_ID       ?= $(shell date +%Y%m%d-%H%M%S)
 TARGET_VHOST ?=
@@ -16,17 +17,13 @@ DIRECT_PORT  ?= 3000
 
 # ── Lab lifecycle ──────────────────────────────────────────────────────────
 
-## Bring up the demo + all lab targets and register vhosts.
+## Bring up the real stack + all lab targets and register vhosts.
 lab-up:
-	@echo "==> Starting guard-proxy demo + lab targets..."
-	docker compose \
-	  -f $(DEMO_COMPOSE) \
-	  -f $(LAB_COMPOSE) \
-	  --env-file $(DEMO_ENV) \
-	  --env-file $(LAB_ENV) \
-	  up -d --build
+	@echo "==> Starting guard-proxy stack + lab targets..."
+	$(COMPOSE) up -d --build
+	@echo "==> Seeding admin user..."
+	$(COMPOSE) exec -T backend /app/.venv/bin/python scripts/seed_admin.py
 	@echo "==> Seeding vhosts..."
-	bash $(REPO_ROOT)/deploy/demo/setup-demo.sh
 	bash $(REPO_ROOT)/benchmarks/lab/setup-lab.sh --skip-compose
 
 ## Stop the lab (preserve volumes).
@@ -97,7 +94,7 @@ help:
 	@echo "Guard Proxy Evaluation Lab"
 	@echo ""
 	@echo "Setup:"
-	@echo "  cp deploy/demo/.env.example deploy/demo/.env"
+	@echo "  cp deploy/docker/.env.example deploy/docker/.env"
 	@echo "  cp benchmarks/lab/.env.example benchmarks/lab/.env"
 	@echo "  git submodule update --init --recursive"
 	@echo ""

benchmarks/lab/docker-compose.targets.yml

@@ -1,10 +1,10 @@
 # Evaluation lab target applications.
 #
-# This is an OVERLAY on top of the demo stack. Run as:
+# This is an OVERLAY on top of the real Guard Proxy stack. Run as:
 #   docker compose \
-#     -f deploy/demo/docker-compose.yml \
+#     -f deploy/docker/docker-compose.yml \
 #     -f benchmarks/lab/docker-compose.targets.yml \
-#     --env-file deploy/demo/.env \
+#     --env-file deploy/docker/.env \
 #     --env-file benchmarks/lab/.env \
 #     up -d --build
 #
@@ -14,9 +14,12 @@
 # Pinned image digests ensure reproducible test results across runs.
 # Update pins by running: docker pull <image> && docker inspect --format '{{index .RepoDigests 0}}' <image>
 
-name: guard-proxy-demo
+name: guard-proxy
 
 services:
+  backend:
+    ports:
+      - "${BACKEND_HTTP_PORT:-8000}:8000"
 
   # ── OWASP Juice Shop ──────────────────────────────────────────────────────
   # Intentionally vulnerable Node.js app designed for security testing.
@@ -163,7 +166,7 @@ services:
 networks:
   gp_internal:
     external: true
-    name: guard-proxy-demo_gp_internal
+    name: guard-proxy_gp_internal
 
 volumes:
   dvwa_db_data:

benchmarks/lab/runners/lib.sh

@@ -13,17 +13,17 @@ REPO_ROOT="$(cd -- "${SCRIPT_DIR}/../../.." && pwd)"
 LAB_DIR="${REPO_ROOT}/benchmarks/lab"
 RESULTS_BASE="${REPO_ROOT}/benchmarks/results"
 RUN_DIR="${RESULTS_BASE}/run-${RUN_ID}"
-DEMO_ENV="${REPO_ROOT}/deploy/demo/.env"
+CORE_ENV="${REPO_ROOT}/deploy/docker/.env"
 LAB_ENV="${LAB_DIR}/.env"
 
-# Docker network shared by the demo stack and targets.
-DOCKER_NETWORK="guard-proxy-demo_gp_internal"
+# Docker network shared by the real stack and lab targets.
+DOCKER_NETWORK="guard-proxy_gp_internal"
 
 # ── Environment helpers ────────────────────────────────────────────────────
 
 env_value() {
   local name="$1"; local fallback="${2:-}"; local value
-  value="$(grep -E "^${name}=" "${LAB_ENV}" "${DEMO_ENV}" 2>/dev/null | tail -n 1 | cut -d= -f2- || true)"
+  value="$(grep -E "^${name}=" "${CORE_ENV}" "${LAB_ENV}" 2>/dev/null | tail -n 1 | cut -d= -f2- || true)"
   if [[ -z "${value}" ]]; then printf '%s' "${fallback}"; else printf '%s' "${value}"; fi
 }
 
@@ -90,9 +90,9 @@ PY
 compose_container_id() {
   local service="$1"
   docker compose \
-    -f "${REPO_ROOT}/deploy/demo/docker-compose.yml" \
+    -f "${REPO_ROOT}/deploy/docker/docker-compose.yml" \
     -f "${LAB_DIR}/docker-compose.targets.yml" \
-    --env-file "${DEMO_ENV}" \
+    --env-file "${CORE_ENV}" \
     --env-file "${LAB_ENV}" \
     ps -q "${service}" 2>/dev/null || true
 }

benchmarks/lab/scenarios/crs-ftw/config.yaml

@@ -6,7 +6,7 @@
 #
 # Usage (from repo root):
 #   docker run --rm \
-#     --network guard-proxy-demo_gp_internal \
+#     --network guard-proxy_gp_internal \
 #     -v "$(pwd)/configs/coraza/crs/tests/regression/tests:/tests:ro" \
 #     -v "$(pwd)/benchmarks/lab/scenarios/crs-ftw/config.yaml:/config.yaml:ro" \
 #     ghcr.io/coreruleset/go-ftw:latest \

benchmarks/lab/setup-lab.sh

@@ -1,12 +1,12 @@
 #!/usr/bin/env bash
 # setup-lab.sh — Bring up the evaluation lab and register all target vhosts.
 #
-# Extends the demo stack with WordPress/Juice Shop/DVWA targets, seeds two
+# Extends the real Guard Proxy stack with WordPress/Juice Shop/DVWA targets, seeds two
 # WAF policies (baseline PL1 and high-paranoia PL2), and wires each target
 # domain through HAProxy via the guard-proxy backend API.
 #
 # Prerequisites:
-#   - deploy/demo/.env   (copy from deploy/demo/.env.example)
+#   - deploy/docker/.env (copy from deploy/docker/.env.example)
 #   - benchmarks/lab/.env (copy from benchmarks/lab/.env.example)
 #   - CRS submodule initialised: git submodule update --init --recursive
 #   - Docker with Docker Compose v2
@@ -17,9 +17,9 @@ set -Eeuo pipefail
 
 SCRIPT_DIR="$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" && pwd)"
 REPO_ROOT="$(cd -- "${SCRIPT_DIR}/../.." && pwd)"
-DEMO_COMPOSE="${REPO_ROOT}/deploy/demo/docker-compose.yml"
+CORE_COMPOSE="${REPO_ROOT}/deploy/docker/docker-compose.yml"
 TARGETS_COMPOSE="${SCRIPT_DIR}/docker-compose.targets.yml"
-DEMO_ENV="${REPO_ROOT}/deploy/demo/.env"
+CORE_ENV="${REPO_ROOT}/deploy/docker/.env"
 LAB_ENV="${SCRIPT_DIR}/.env"
 TIMEOUT_SECONDS="${TIMEOUT_SECONDS:-240}"
 SKIP_COMPOSE=false
@@ -30,29 +30,29 @@ for arg in "$@"; do
   esac
 done
 
-for f in "${DEMO_ENV}" "${LAB_ENV}"; do
+for f in "${CORE_ENV}" "${LAB_ENV}"; do
   if [[ ! -f "${f}" ]]; then
     echo "Missing ${f}. Copy the matching .env.example first." >&2
     exit 1
   fi
 done
 
 if docker compose version >/dev/null 2>&1; then
-  COMPOSE=(docker compose -f "${DEMO_COMPOSE}" -f "${TARGETS_COMPOSE}" --env-file "${DEMO_ENV}" --env-file "${LAB_ENV}")
+  COMPOSE=(docker compose -f "${CORE_COMPOSE}" -f "${TARGETS_COMPOSE}" --env-file "${CORE_ENV}" --env-file "${LAB_ENV}")
 elif command -v docker-compose >/dev/null 2>&1; then
-  COMPOSE=(docker-compose -f "${DEMO_COMPOSE}" -f "${TARGETS_COMPOSE}" --env-file "${DEMO_ENV}" --env-file "${LAB_ENV}")
+  COMPOSE=(docker-compose -f "${CORE_COMPOSE}" -f "${TARGETS_COMPOSE}" --env-file "${CORE_ENV}" --env-file "${LAB_ENV}")
 else
   echo "Docker Compose is required." >&2
   exit 1
 fi
 
-# ── Helpers (mirrored from deploy/demo/setup-demo.sh) ──────────────────────
+# ── Helpers ────────────────────────────────────────────────────────────────
 
 env_value() {
   local name="$1"
   local fallback="${2:-}"
   local value
-  value="$(grep -E "^${name}=" "${LAB_ENV}" "${DEMO_ENV}" 2>/dev/null | tail -n 1 | cut -d= -f2- || true)"
+  value="$(grep -E "^${name}=" "${CORE_ENV}" "${LAB_ENV}" 2>/dev/null | tail -n 1 | cut -d= -f2- || true)"
   if [[ -z "${value}" ]]; then printf '%s' "${fallback}"; else printf '%s' "${value}"; fi
 }
 
@@ -154,14 +154,12 @@ PY
 ensure_crs_bundle
 
 if [[ "${SKIP_COMPOSE}" == false ]]; then
-  echo "Starting demo + lab target stack..."
+  echo "Starting Guard Proxy + lab target stack..."
   "${COMPOSE[@]}" up -d --build
 
   wait_for_healthy backend
   wait_for_healthy coraza
   wait_for_healthy haproxy
-  wait_for_healthy demo-app
-  wait_for_healthy demo-api
   wait_for_healthy juiceshop
   wait_for_healthy dvwa
   wait_for_healthy wordpress

benchmarks/lab/teardown-lab.sh

@@ -9,9 +9,9 @@ set -Eeuo pipefail
 
 SCRIPT_DIR="$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" && pwd)"
 REPO_ROOT="$(cd -- "${SCRIPT_DIR}/../.." && pwd)"
-DEMO_COMPOSE="${REPO_ROOT}/deploy/demo/docker-compose.yml"
+CORE_COMPOSE="${REPO_ROOT}/deploy/docker/docker-compose.yml"
 TARGETS_COMPOSE="${SCRIPT_DIR}/docker-compose.targets.yml"
-DEMO_ENV="${REPO_ROOT}/deploy/demo/.env"
+CORE_ENV="${REPO_ROOT}/deploy/docker/.env"
 LAB_ENV="${SCRIPT_DIR}/.env"
 
 CLEAN=false
@@ -20,11 +20,11 @@ for arg in "$@"; do
 done
 
 if docker compose version >/dev/null 2>&1; then
-  COMPOSE=(docker compose -f "${DEMO_COMPOSE}" -f "${TARGETS_COMPOSE}")
-  [[ -f "${DEMO_ENV}" ]] && COMPOSE+=(--env-file "${DEMO_ENV}")
+  COMPOSE=(docker compose -f "${CORE_COMPOSE}" -f "${TARGETS_COMPOSE}")
+  [[ -f "${CORE_ENV}" ]] && COMPOSE+=(--env-file "${CORE_ENV}")
   [[ -f "${LAB_ENV}" ]] && COMPOSE+=(--env-file "${LAB_ENV}")
 else
-  COMPOSE=(docker-compose -f "${DEMO_COMPOSE}" -f "${TARGETS_COMPOSE}")
+  COMPOSE=(docker-compose -f "${CORE_COMPOSE}" -f "${TARGETS_COMPOSE}")
 fi
 
 if [[ "${CLEAN}" == true ]]; then