From 9cea238b7cf7e4ff628eee02db6b341debdb4bad Mon Sep 17 00:00:00 2001 From: Myron Blair Date: Sun, 31 May 2026 04:26:27 +0000 Subject: [PATCH] =?UTF-8?q?Initial=20AI=20context=20index=20=E2=80=94=20le?= =?UTF-8?q?an=20project=20reference=20for=20fast=20session=20resume?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- gotchas.md | 63 +++++++++++++++++++++++++++++ index.md | 35 ++++++++++++++++ jarvis.md | 116 +++++++++++++++++++++++++++++++++++++++++++++++++++++ servers.md | 69 +++++++++++++++++++++++++++++++ sites.md | 80 ++++++++++++++++++++++++++++++++++++ 5 files changed, 363 insertions(+) create mode 100644 gotchas.md create mode 100644 index.md create mode 100644 jarvis.md create mode 100644 servers.md create mode 100644 sites.md diff --git a/gotchas.md b/gotchas.md new file mode 100644 index 0000000..e5f727d --- /dev/null +++ b/gotchas.md @@ -0,0 +1,63 @@ +# Critical Gotchas — Read Before Running Commands + +## PHP / OLS +- **NEVER** use `lsphp -l` for syntax check — it segfaults. Use `php8.3 -l file.php` +- Run CLI scripts with: `/usr/local/lsws/lsphp85/bin/lsphp /path/script.php` +- If endpoint uses `ob_start()` + header.php pattern → add `ob_end_clean()` before CSV/JSON output +- MySQL charset: always `utf8mb4_unicode_ci` — mixing with `general_ci` breaks JOINs (error 1267) + +## SSH / Networking +- DO server (165.22.1.228) **cannot reach local network** (10.48.200.x) directly +- To reach local VMs from DO: use agent commands (shell type) or FortiGate DDNS +- PVE1 SSH via DDNS works: `root@orbisne.fortiddns.com` (Joker1974!!!) +- PVE2 has no external port forward — only reachable locally or via cluster API through PVE1 +- Proxmox API port 8006 IS forwarded: `orbisne.fortiddns.com:8006` works from DO + +## JARVIS Agents +- Agent config: `/etc/jarvis-agent/config.json` | Runtime state: `/var/lib/jarvis-agent/state.json` +- **401 "Invalid agent key"** → state.json has stale key. Fix: overwrite state.json with correct agent_id + api_key from `registered_agents` table, then `systemctl restart jarvis-agent` +- Agent heartbeat uses `X-Agent-Key` header (NOT body field) +- `shell` command type requires `{"command":"...","allowed":true}` in command_data +- Metrics stored as JSON in `metric_data` column — use `JSON_EXTRACT(metric_data,'$.cpu_percent')` NOT direct columns + +## Groq AI +- Model name: `compound-beta-mini` — NOT `groq/compound-beta-mini` (that's OpenAI router syntax, 404s) + +## Proxmox +- stats_cache.php uses `orbisne.fortiddns.com:8006` NOT `PROXMOX_HOST` (local IP unreachable from DO) +- `--nameserver` in Proxmox must be space-separated: `"8.8.8.8 1.1.1.1"` (comma causes netplan bug) +- Run commands in VMs: `qm guest exec -- bash -c 'cmd'` (requires guest agent installed) + +## Deploy +- Always `git add + commit + push` after editing files on server — webhook auto-deploys within 1 min +- PHP syntax validated before deploy — bad commits auto-reverted +- LSAPI session deadlock: `session_write_close()` must be called in api.php after auth check + +## API Endpoint Auth +- Netscan endpoint (`/api/netscan`) bypasses main auth — uses `X-Registration-Key` header +- Admin portal uses separate PHP session name (`jarvis_admin`) — different from main JARVIS session +- Cloudflare real IP: use `$_SERVER['HTTP_CF_CONNECTING_IP']` not `REMOTE_ADDR` + +## Network Scan +- The JARVIS "RUN NETWORK SCAN" button does NOT scan from DO (can't reach local network) +- It queues a shell command to PVE1 agent → PVE1 runs nmap → pushes results to /api/netscan +- Results appear ~40 seconds after clicking (10s for agent pickup + 30s nmap) +- Chat "scan network" intent returns real DB data — never hallucinated + +## FusionPBX +- SIP config changes need cache delete before they take effect: + `rm /var/cache/fusionpbx/FusionPBX.configuration.sofia.conf` +- mod_presence is NOT installed on this server + +## Backup Agent State Fix (Common Issue) +```bash +# If an agent shows "Invalid agent key" after reinstall: +# 1. Get correct values from DB +mysql -u jarvis_user -pJ4rv1s_Pr0t0c0l_2026! jarvis_db -e \ + "SELECT agent_id, api_key FROM registered_agents WHERE hostname='';" +# 2. Overwrite state on the agent machine +cat > /var/lib/jarvis-agent/state.json << EOF +{"api_key": "", "agent_id": ""} +EOF +systemctl restart jarvis-agent +``` diff --git a/index.md b/index.md new file mode 100644 index 0000000..d7e77ee --- /dev/null +++ b/index.md @@ -0,0 +1,35 @@ +# AI Context Index — Myron Blair Home Lab + +**Load order for a new session:** Read this file first, then load the specific topic file for the task at hand. + +## Topic Files + +| File | Use When | +|------|----------| +| [servers.md](servers.md) | Connecting to any machine, SSH patterns, credentials | +| [jarvis.md](jarvis.md) | Working on JARVIS AI dashboard, API, chat, agents | +| [sites.md](sites.md) | Working on any website, deploys, DBs, email | +| [gotchas.md](gotchas.md) | Before running any command — critical quirks | + +## 30-Second Overview + +**This is a home-lab + managed-hosting environment.** +No local codebase. Work happens via SSH to remote servers and git push to GitHub (auto-deploy active). + +### Infrastructure +- **DO (165.22.1.228)** — DigitalOcean VPS. CyberPanel/OpenLiteSpeed. Hosts all websites + JARVIS AI. +- **PVE1 (orbisne.fortiddns.com / 10.48.200.90)** — Proxmox primary hypervisor. 9 VMs. +- **PVE2 (10.48.200.91)** — Proxmox secondary hypervisor. 2 VMs. +- **FusionPBX (134.209.72.226)** — FreeSWITCH PBX server. +- **Local VMs** — HA (10.48.200.97), Ollama (10.48.200.95), Homebridge (10.48.200.18), Jellyfin (10.48.200.33), alien-pc (10.48.200.66, Windows). + +### Key Systems +- **JARVIS** — Iron Man AI dashboard at `https://jarvis.orbishosting.com` — agent monitoring, chat, network scan, admin portal +- **Admin portal** — `https://jarvis.orbishosting.com/admin` — full CRUD for all JARVIS data +- **Auto-deploy** — push to GitHub `main` → webhook → server pulls within 1 minute + +### Current Status (as of 2026-05-31) +- JARVIS agents online: DO, PVE1, PVE2, NetworkBackup, HA, Homebridge, alien-pc (Windows) +- Agents still needed: jellyfin (10.48.200.33), ollama-ai (10.48.200.95) +- Daily backups running at 2AM to `/var/backups/jarvis/`, downloadable from admin panel +- Network auto-scan: PVE1 cron every 3 min → pushes to `/api/netscan` diff --git a/jarvis.md b/jarvis.md new file mode 100644 index 0000000..e0144de --- /dev/null +++ b/jarvis.md @@ -0,0 +1,116 @@ +# JARVIS System Reference Card + +## Access +- **Dashboard:** https://jarvis.orbishosting.com (login: myron / Joker1974!!!) +- **Admin portal:** https://jarvis.orbishosting.com/admin (same login) +- **DB:** `jarvis_db` on DO localhost — user: `jarvis_user` / `J4rv1s_Pr0t0c0l_2026!` +- **phpMyAdmin:** https://jarvis.orbishosting.com/phpmyadmin (myron / Joker1974!!!) +- **GitHub repo:** myronblair/jarvis (auto-deploy on push to main) + +## File Structure (on DO at /home/jarvis.orbishosting.com/) +``` +public_html/ + index.html — main Iron Man HUD (all UI) + api.php — API router + admin/index.php — admin portal (single PHP+JS file) + agent/ — agent installers +api/ + config.php — all credentials/constants (gitignored) + lib/db.php — JarvisDB class (query/execute/single/insert) + lib/kb_engine.php — KBEngine intent matching + endpoints/ + agent.php — agent registration/heartbeat/metrics/commands + chat.php — 4-tier chat: KB→action intents→Ollama→Groq→Claude + network.php — network device list + scan endpoint + netscan.php — push endpoint for PVE1 nmap results (no auth needed) + do_server.php — reads /proc directly (no SSH loopback) + stats_cache.php — every 5min cron: Proxmox cluster API, HA, weather, news + facts_collector.php — every 3min cron: system stats, site health + system.php — local system metrics (services: lshttpd,mysql,redis,memcached,postfix,dovecot,jarvis-agent) + alerts.php — alert CRUD + auto-generate + news.php — serves api_cache['news'] + custom kb_facts(category='custom_news') +``` + +## Agent System +- **Registration key:** `f846a9aaf7ce9a61742c63c87c4186052a71d2a580c65518` +- **Install one-liner (Linux):** `curl -sk https://jarvis.orbishosting.com/install-agent.sh | bash -s ` +- **For VMs (need sudo):** `curl -sk https://jarvis.orbishosting.com/install-agent.sh > /tmp/i.sh && echo "Joker1974!" | sudo -S bash /tmp/i.sh linux` +- **Agent config:** `/etc/jarvis-agent/config.json` — runtime state at `/var/lib/jarvis-agent/state.json` +- **If agent gets 401 "Invalid agent key":** state.json has stale key — overwrite with correct agent_id + api_key from DB +- **Heartbeat:** every 10s | **Metrics:** every 30s | **Commands:** polled on heartbeat +- **Shell commands:** send via agent_commands table with `{"command":"/path/to/script","allowed":true}` + +## Currently Online Agents +| agent_id | hostname | IP | type | +|----------|----------|----|------| +| jarvis-do_orbis.or | jarvis-do | 165.22.1.228 | linux | +| claude_pve | claude | 10.48.200.90 | proxmox | +| pve2_e147a8bc | pve2 | 10.48.200.91 | proxmox | +| networkbackup_NetworkB | networkbackup | 10.48.200.99 | linux | +| homeassistant_ha | homeassistant | 10.48.200.97 | homeassistant | +| homebridge_b57cbaea | homebridge | 10.48.200.18 | linux | +| alien-pc_windows | alien-pc | 10.48.200.66 | linux | + +**Pending:** jellyfin (10.48.200.33), ollama-ai (10.48.200.95) + +## Network Scanning +- PVE1 cron: `*/3 * * * * /usr/local/bin/jarvis-netscan.sh` +- Script runs nmap, parses output, POSTs JSON to `https://165.22.1.228/api/netscan` with `X-Registration-Key` header +- Scan Now button in admin queues shell command to PVE1 agent (picks up within 10s) + +## Chat Architecture +``` +Tier 0: HA entity control (fuzzy match → call HA API) +Tier 0.5: Network device management +Tier 1: KB intent engine (response type → instant reply) +Tier 1b: Action intents (network_scan → DB data + queue PVE1 scan) +Tier 2: Ollama llama3.2 at http://10.48.200.95:11434 (5s timeout) +Tier 3: Groq compound-beta-mini (cloud, fast) +Tier 4: Claude API fallback +``` +- Groq model name: `compound-beta-mini` (NOT `groq/compound-beta-mini`) +- network_scan intent: action type — must be handled in Tier 1b or Groq will fabricate + +## DB Key Tables +```sql +registered_agents — agent_id, hostname, agent_type, ip_address, api_key, status, last_seen +agent_metrics — agent_id, metric_type, metric_data(JSON), recorded_at + -- Extract: JSON_EXTRACT(metric_data,'$.cpu_percent'), JSON_EXTRACT(metric_data,'$.memory.percent') + -- NO cpu_pct/mem_pct columns — always use JSON_EXTRACT +agent_commands — agent_id, command_type, command_data(JSON), status(pending/delivered) +network_devices — ip, mac, hostname, alias, device_type, status, last_seen +alerts — alert_type, title, message, severity, resolved +kb_facts — category, fact_key, fact_value (custom_news category for pinned news) +kb_intents — intent_name, pattern(regex), response_template, action_type, priority, active +api_cache — cache_key(proxmox/news/weather/ha_entities), data(JSON), updated_at +``` + +## Proxmox Cache +- `stats_cache.php` uses cluster API at `orbisne.fortiddns.com:8006` (NOT PROXMOX_HOST local IP) +- Returns all VMs from both PVE1 and PVE2 via `/cluster/resources?type=vm` +- Cache key: `proxmox` in api_cache table + +## Cron Jobs (on DO) +``` +*/3 * * * * /usr/local/lsws/lsphp85/bin/lsphp .../facts_collector.php +*/5 * * * * /usr/local/lsws/lsphp85/bin/lsphp .../stats_cache.php +0 2 * * * /usr/local/bin/jarvis-backup.sh +``` +**Cron on PVE1:** +``` +*/3 * * * * /usr/local/bin/jarvis-netscan.sh +``` + +## Backups +- Script: `/usr/local/bin/jarvis-backup.sh` +- Output: `/var/backups/jarvis/jarvis_backup_YYYY-MM-DD_HH-MM-SS.tar.gz` +- Contains: all public_html dirs + SQL dumps of 6 DBs +- Downloadable from: admin portal → BACKUPS tab +- Retention: 7 days + +## API Auth +- Main JARVIS API: session token via `X-Session-Token` header (or PHP session) +- Agent endpoints: `X-Agent-Key` header (per-agent key from registered_agents.api_key) +- Netscan endpoint: `X-Registration-Key` header (shared registration key) +- Admin portal: separate PHP session (`session_name('jarvis_admin')`) +- Cloudflare passes real client IP in `CF-Connecting-IP` header diff --git a/servers.md b/servers.md new file mode 100644 index 0000000..0edf99e --- /dev/null +++ b/servers.md @@ -0,0 +1,69 @@ +# Server Reference Card + +## SSH Patterns + +```bash +# DigitalOcean (all websites + JARVIS) +sshpass -p 'Gonewalk1974!@#' ssh -o StrictHostKeyChecking=no root@165.22.1.228 'cmd' + +# PVE1 via FortiGate DDNS (survives IP changes) +sshpass -p 'Joker1974!!!' ssh -o StrictHostKeyChecking=no root@orbisne.fortiddns.com 'cmd' + +# PVE1 direct (local network only) +sshpass -p 'Joker1974!!!' ssh -o StrictHostKeyChecking=no root@10.48.200.90 'cmd' + +# PVE2 (local only) +sshpass -p 'Joker1974!!!' ssh -o StrictHostKeyChecking=no root@10.48.200.91 'cmd' + +# FusionPBX +sshpass -p 'Joker1974!@#' ssh -o StrictHostKeyChecking=no root@134.209.72.226 'cmd' + +# Local VMs (myron user + sudo, password Joker1974!) +sshpass -p 'Joker1974!' ssh -o StrictHostKeyChecking=no myron@10.48.200.18 'sudo cmd' + +# Run command inside a Proxmox VM +sshpass -p 'Joker1974!!!' ssh -o StrictHostKeyChecking=no root@10.48.200.90 \ + 'qm guest exec -- bash -c "cmd"' +``` + +**Password order to try if first fails:** `Joker1974!@#` → `Joker1974!!!` → `Joker1974!` + +## Server Map + +| Host | IP | User | Password | Purpose | +|------|----|------|----------|---------| +| DO | 165.22.1.228 | root | Gonewalk1974!@# | Websites + JARVIS | +| PVE1 | orbisne.fortiddns.com (10.48.200.90) | root | Joker1974!!! | Primary hypervisor | +| PVE2 | 10.48.200.91 | root | Joker1974!!! | Secondary hypervisor | +| FusionPBX | 134.209.72.226 | root | Joker1974!@# | FreeSWITCH PBX | +| HomeAssistant | 10.48.200.97 | myron | Joker1974!!! | HA VM (PVE1 VM 101) | +| Homebridge | 10.48.200.18 | myron | Joker1974! | Homebridge VM (PVE1 VM 118) | +| Jellyfin | 10.48.200.33 | myron | Joker1974! | Jellyfin VM (PVE1 VM 112) | +| Ollama | 10.48.200.95 | myron | Joker1974! | LLM VM (PVE1 VM 210) | +| alien-pc | 10.48.200.66 | — | — | Windows PC (JARVIS agent only) | +| NetworkBackup | 10.48.200.99 | myron | Joker1974! | Backup VM (PVE2 VM 302) | + +## Proxmox API +```bash +# Accessible from DO via FortiGate DDNS (port 8006 forwarded) +curl -sk "https://orbisne.fortiddns.com:8006/api2/json/..." \ + -H "Authorization: PVEAPIToken=root@pam!jarvis=c45b5feb-f9a9-445d-a626-14fbb959f78b" + +# Cluster API — gets VMs from BOTH PVE1 and PVE2 +GET /api2/json/cluster/resources?type=vm +``` + +## Key DO Server Paths +``` +/home/jarvis.orbishosting.com/ — JARVIS app root +/home/jarvis.orbishosting.com/public_html/ — web root (index.html, api.php, admin/) +/home/jarvis.orbishosting.com/api/ — backend (config.php, endpoints/, lib/) +/var/backups/jarvis/ — daily backups (tar.gz, up to 7 days) +/usr/local/bin/jarvis-backup.sh — backup script +/usr/local/lsws/lsphp85/bin/lsphp — PHP runtime for CLI scripts +``` + +## PHP / OLS Notes +- Run scripts: `/usr/local/lsws/lsphp85/bin/lsphp /path/to/script.php` +- Syntax check: `php8.3 -l file.php` (lsphp segfaults on -l) +- Web server: OpenLiteSpeed (`lshttpd`), NOT apache/nginx diff --git a/sites.md b/sites.md new file mode 100644 index 0000000..11b935b --- /dev/null +++ b/sites.md @@ -0,0 +1,80 @@ +# Websites & Sites Reference Card + +## All Sites on DO (165.22.1.228) + +| Site | Path | GitHub Repo | DB | +|------|------|-------------|-----| +| jarvis.orbishosting.com | /home/jarvis.orbishosting.com/ | myronblair/jarvis | jarvis_db | +| tomsjavajive.com | /home/tomsjavajive.com/public_html/ | myronblair/tomsjavajive | toms_tjj_db | +| epictravelexpeditions.com | /home/epictravelexpeditions.com/public_html/ | myronblair/epictravelexpeditions | epic_epic_db | +| parkerslingshot (subdomain) | /home/epictravelexpeditions.com/parkerslingshot/ | myronblair/parkerslingshot | epic_parkersling | +| parkerslingshotrentals.com | /home/parkerslingshotrentals.com/public_html/ | myronblair/parkerslingshotrentals | parker_db | +| orbishosting.com | /home/orbishosting.com/public_html/ | myronblair/orbishosting | — | +| orbis.orbishosting.com | /home/orbis.orbishosting.com/public_html/ | myronblair/orbis-hosting-portal | — | +| tomtomgames.com | /home/tomtomgames.com/public_html/ | myronblair/tomtomgames | tomt_ttg_db | + +## Deploy Workflow +```bash +# 1. Edit files on server via SSH (for quick hotfixes) +sshpass -p 'Gonewalk1974!@#' ssh -o StrictHostKeyChecking=no root@165.22.1.228 \ + 'nano /home/site.com/public_html/file.php' + +# 2. ALWAYS commit + push to GitHub +cd /home/site.com && git add -A && git commit -m "message" && git push + +# Auto-deploy triggers within 1 minute via webhook +# Webhook: https://jarvis.orbishosting.com/webhook.php +# Deploy log: /home/jarvis.orbishosting.com/logs/deploy.log + +# For immediate deploy (skip 1-min wait): +sshpass -p 'Gonewalk1974!@#' scp -o StrictHostKeyChecking=no \ + /tmp/changed.php root@165.22.1.228:/home/site.com/public_html/changed.php +``` + +## GitHub PAT +`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` — expires ~2026-08-20 + +## Database Credentials + +| DB | User | Password | +|----|------|----------| +| jarvis_db | jarvis_user | J4rv1s_Pr0t0c0l_2026! | +| toms_tjj_db | toms_tjj_user | +60wlPc+55e@gFq4 | +| epic_epic_db | epic_epic | (check config.php) | +| epic_parkersling | epic_parkersling | Joker1974!!! | +| parker_db | parker_db | (check config.php) | +| MySQL root | root | b71e5c1a8c7457541b9c1db822de37adfa271926a38b6c20 | + +```bash +# Quick DB access +sshpass -p 'Gonewalk1974!@#' ssh -o StrictHostKeyChecking=no root@165.22.1.228 \ + 'mysql -u jarvis_user -pJ4rv1s_Pr0t0c0l_2026! jarvis_db -e "SELECT ..."' +``` + +## Gitignored Credentials (never in GitHub) +- `api/config.php` — JARVIS, epictravelexpeditions +- `config/database.php` — tomsjavajive +- `db.php`, `config.php` — parkerslingshot + +## Tom's Java Jive Quirks +- No `slug` column on products — URLs use `?id=product_id` +- All tables must be `utf8mb4_unicode_ci` — mixed collation breaks JOINs (error 1267) +- `wallet_transactions.type` and `loyalty_transactions.type` have strict enums + +## Parker Slingshot Admin +- URL: `/admin/index.php` +- Auth: HMAC-signed cookie (NOT PHP sessions — sessions unreliable under LiteSpeed caching) +- Login: `admin / Parker2026!` + +## Email / SMTP +- TJJ + TomTomGames: CyberMail (CyberPersons) — API key in config.php as `CYBERMAIL_API_KEY` +- Manage at: platform.cyberpersons.com +- Other sites: not yet configured (see myronblair/smtp-for-websites) + +## FusionPBX +- URL: https://fusion.orbishosting.com (admin / fY7XP5swgtpbzrYLhkeVYkA4744) +- Server: 134.209.72.226 (SSH: root / Joker1974!@#) +- Timezone: America/Chicago +- SIP profiles via Lua XML handler — config changes need cache delete: + `rm /var/cache/fusionpbx/FusionPBX.configuration.sofia.conf` +- Ext 1000 (Yealink T48S at 10.48.200.43), Ext 1001 (Tommy at 10.48.200.2)