ai-context/jarvis.md

# JARVIS System Reference Card

## Access
- **Dashboard:** https://jarvis.orbishosting.com (login: myron / Joker1974!!!)
- **Admin portal:** https://jarvis.orbishosting.com/admin/ (same login)
- **DB:** `jarvis_db` on VM 211 localhost — user: `jarvis_user` / `J4rv1s_Pr0t0c0l_2026!`
- **phpMyAdmin:** https://jarvis.orbishosting.com/phpmyadmin (myron / Joker1974!!!)
- **GitHub repo:** myronblair/jarvis (auto-deploy on push to main)

## Server Location
JARVIS runs on **PVE1 VM 211** at `10.48.200.211` (migrated from DO 2026-06-18).
- **SSH:** `sshpass -p 'Joker1974!!!' ssh -o StrictHostKeyChecking=no root@10.48.200.211`
- **Stack:** nginx / PHP 8.3 / MariaDB / Redis / Arc Reactor
- **Web root:** `/var/www/jarvis/`
- Traffic routed via NPM (10.48.200.200) → VM 211

## File Structure (on VM 211 at /var/www/jarvis/)
```
public_html/
  index.html          — main Iron Man HUD (all UI)
  api.php             — API router
  admin/index.php     — admin portal (single PHP+JS file)
  agent/              — agent installers
api/
  config.php          — all credentials/constants (gitignored)
  lib/db.php          — JarvisDB class (query/execute/single/insert)
  lib/kb_engine.php   — KBEngine intent matching
  endpoints/
    agent.php         — agent registration/heartbeat/metrics/commands
    chat.php          — 4-tier chat: KB→action intents→Ollama→Groq→Claude
    network.php       — network device list + scan endpoint
    netscan.php       — push endpoint for PVE1 nmap results (no auth needed)
    do_server.php     — reads /proc directly (no SSH loopback)
    stats_cache.php   — every 5min cron: Proxmox cluster API, HA, weather, news
    facts_collector.php — every 3min cron: system stats, site health
    system.php        — local system metrics
    alerts.php        — alert CRUD + auto-generate
    news.php          — serves api_cache['news'] + custom kb_facts(category='custom_news')
deploy/
  reactor.py          — Arc Reactor source (copy to /opt/jarvis-arc/reactor.py + restart)
```

## Arc Reactor (AI Routing Daemon)
- **Daemon:** `/opt/jarvis-arc/reactor.py` (Python, port 7474), service: `jarvis-arc`
- **Deploy:** copy `deploy/reactor.py` → `/opt/jarvis-arc/reactor.py` + `systemctl restart jarvis-arc`
- Vision with actual screenshot → Claude `claude-opus-4-8-20251101`
- Guardian/SITREP/Vision text-only → Groq `llama-3.3-70b-versatile`
- Email drafting / research → Claude

## Agent System
- **Registration key:** `f846a9aaf7ce9a61742c63c87c4186052a71d2a580c65518`
- **Install one-liner (Linux):** `curl -sk https://jarvis.orbishosting.com/install-agent.sh | bash -s <hostname> <linux|proxmox>`
- **Agent config:** `/etc/jarvis-agent/config.json` (key: `jarvis_url`) — runtime state at `/var/lib/jarvis-agent/state.json`
- **If agent gets 401 "Invalid agent key":** state.json has stale key — overwrite with correct agent_id + api_key from DB
- **Heartbeat:** every 10s | **Metrics:** every 30s

## Currently Online Agents
| agent_id | hostname | IP | type |
|----------|----------|----|------|
| jarvis-do_orbis.or | jarvis-do | 165.22.1.228 | linux |
| claude_pve | pve1 | 10.48.200.90 | proxmox |
| pve2_pve2 | pve2 | 10.48.200.91 | proxmox |
| networkbackup_NetworkB | networkbackup | 10.48.200.99 | linux |
| homeassistant_ha | homeassistant | 10.48.200.97 | homeassistant |
| homebridge_b57cbaea | homebridge | 10.48.200.18 | linux |
| novacpx_e3b07264 | novacpx | 10.48.200.110 | linux |
| jellyfin_7e386833 | jellyfin | 10.48.200.33 | linux |
| MediaStack_2c00b1b8 | mediastack | 10.48.200.35 | linux |
| fortigate_gw | fortigate | 10.48.200.1 | linux |
| yealink_t48s | yealink | 10.48.200.43 | linux |

## Network Scanning
- PVE1 cron: `*/3 * * * * /usr/local/bin/jarvis-netscan.sh`
- Script runs nmap, parses output, POSTs JSON to `https://jarvis.orbishosting.com/api/netscan` with `X-Registration-Key` header
- Scan Now button queues shell command to PVE1 agent (picks up within 10s)

## Chat Architecture
```
Tier 0:   HA entity control (fuzzy match → call HA API)
Tier 0.5: Network device management
Tier 0.7: Planner intents (add task, my tasks, schedule, daily briefing)
Tier 1:   KB intent engine (response type → instant reply)
Tier 1b:  Action intents (network_scan → DB data + queue PVE1 scan)
Tier 2:   Ollama llama3.2 at http://10.48.200.210:11434 (5s timeout)
Tier 3:   Groq compound-beta-mini (cloud, fast)
Tier 4:   Claude API fallback
```
- Groq model name: `compound-beta-mini` (NOT `groq/compound-beta-mini`)
- HA_URL = `http://orbisne.fortiddns.com:8123`

## DB Key Tables
```sql
registered_agents    — agent_id, hostname, agent_type, ip_address, api_key, status, last_seen, version
agent_metrics        — agent_id, metric_type, metric_data(JSON), recorded_at
  -- Extract: JSON_EXTRACT(metric_data,'$.cpu_percent'), JSON_EXTRACT(metric_data,'$.memory.percent')
  -- NO cpu_pct/mem_pct columns — always use JSON_EXTRACT
agent_commands       — agent_id, command_type, command_data(JSON), status(pending/delivered)
network_devices      — ip, mac, hostname, alias, device_type, status, last_seen
alerts               — alert_type, title, message, severity, resolved
kb_facts             — category, fact_key, fact_value
kb_intents           — intent_name, pattern(regex), response_template, action_type, priority, active
api_cache            — cache_key(proxmox/news/weather/ha_entities), data(JSON), updated_at
tasks                — title, notes, category, priority, status, due_date, due_time, completed_at
appointments         — title, description, category, start_at, end_at, location, all_day, reminder_min
ha_entities          — real-time HA entity states (updated by HA custom component)
```

## Proxmox API
- `stats_cache.php` uses cluster API at `orbisne.fortiddns.com:8006`
- Returns all VMs from both PVE1 and PVE2 via `/cluster/resources?type=vm`
- Token: `root@pam!jarvis=c45b5feb-f9a9-445d-a626-14fbb959f78b`

## Cron Jobs (on VM 211)
```
*/3 * * * *  php /var/www/jarvis/api/endpoints/facts_collector.php
*/5 * * * *  php /var/www/jarvis/api/endpoints/stats_cache.php
0 7 * * *    /usr/local/bin/jarvis-backup.sh
```
**Cron on PVE1:**
```
*/3 * * * *  /usr/local/bin/jarvis-netscan.sh
```

## Backups
- Script: `/usr/local/bin/jarvis-backup.sh`
- Output: `/var/backups/jarvis/jarvis_backup_YYYY-MM-DD_HH-MM-SS.tar.gz`
- Daily at 7am UTC (2am CDT), 7-day retention
- Downloadable from admin portal → BACKUPS tab

## API Auth
- Main JARVIS API: session token via `X-Session-Token` header (or PHP session)
- Agent endpoints: `X-Agent-Key` header (per-agent key from registered_agents.api_key)
- Netscan endpoint: `X-Registration-Key` header (shared registration key)
- Admin portal: separate PHP session (`session_name('jarvis_admin')`)
- Cloudflare passes real client IP in `CF-Connecting-IP` header