refactor: production-essentials hardening pass

Backend: structured logger, env-validated config, graceful SIGTERM/SIGINT
shutdown, per-IP rate limiter, per-tier scheduler concurrency latch, error
context on previously-silent catches, compiled-JS Dockerfile stage.

Frontend: lib/api.ts consolidates BACKEND_URL with lazy production-required
check, root + per-segment error.tsx / not-found.tsx / loading.tsx,
generateMetadata on park and ride pages, graceful fallback when backend is
unreachable, Plausible script gated on env vars.

Infra: CI runs lint + typecheck + tests on both packages before docker build,
compose adds healthchecks, log rotation, and memory limits; .env.example
documents every variable.

Cleanup: removed empty app/api/parks/ dir and 0-byte root parks.db, moved
wait-times-urls.txt into docs/, dropped an `as any` cast.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

Dockerfile

@@ -6,13 +6,25 @@ RUN npm ci
 COPY . .
 RUN npm run build
 
-# ── backend-deps: backend node_modules (better-sqlite3 needs build tools) ────
-FROM node:22-bookworm-slim AS backend-deps
+# ── backend-build: compile backend TypeScript to JS (better-sqlite3 build) ───
+FROM node:22-bookworm-slim AS backend-build
 RUN apt-get update && apt-get install -y --no-install-recommends python3 make g++ && \
     rm -rf /var/lib/apt/lists/*
 WORKDIR /app
+COPY backend/package.json backend/package-lock.json* ./backend/
+COPY backend/tsconfig.json ./backend/
+RUN cd backend && npm ci
+COPY backend/src ./backend/src
+COPY lib ./lib
+RUN cd backend && npm run build
+
+# ── backend-prod-deps: production-only node_modules (omits tsc/tsx) ──────────
+FROM node:22-bookworm-slim AS backend-prod-deps
+RUN apt-get update && apt-get install -y --no-install-recommends python3 make g++ && \
+    rm -rf /var/lib/apt/lists/*
+WORKDIR /app/backend
 COPY backend/package.json backend/package-lock.json* ./
-RUN npm ci
+RUN npm ci --omit=dev
 
 # ── web ──────────────────────────────────────────────────────────────────────
 # Minimal Next.js standalone runner. No database, no native modules.
@@ -37,6 +49,7 @@ CMD ["node", "server.js"]
 
 # ── backend ──────────────────────────────────────────────────────────────────
 # Hono API server + node-cron scheduler. Owns the SQLite database exclusively.
+# Runs compiled JS (no tsx/tsc at runtime).
 FROM node:22-bookworm-slim AS backend
 WORKDIR /app
 
@@ -45,11 +58,9 @@ ENV NODE_ENV=production
 RUN addgroup --system --gid 1001 nodejs && \
     adduser --system --uid 1001 nextjs
 
-COPY --from=backend-deps --chown=nextjs:nodejs /app/node_modules ./backend/node_modules
-COPY --chown=nextjs:nodejs backend/src ./backend/src
+COPY --from=backend-prod-deps --chown=nextjs:nodejs /app/backend/node_modules ./backend/node_modules
+COPY --from=backend-build --chown=nextjs:nodejs /app/backend/dist ./backend/dist
 COPY --chown=nextjs:nodejs backend/package.json ./backend/package.json
-COPY --chown=nextjs:nodejs backend/tsconfig.json ./backend/tsconfig.json
-COPY --chown=nextjs:nodejs lib ./lib
 
 RUN mkdir -p /app/backend/data && chown nextjs:nodejs /app/backend/data
 VOLUME ["/app/backend/data"]
@@ -59,4 +70,4 @@ EXPOSE 3001
 ENV PORT=3001
 
 WORKDIR /app/backend
-CMD ["npx", "tsx", "src/index.ts"]
+CMD ["node", "dist/backend/src/index.js"]