Commit Graph

7 Commits

Author SHA1 Message Date
myron 5cbaeda730 docs: update INFRASTRUCTURE-REFERENCE and CLAUDE.md for JARVIS VM migration
- JARVIS moved from DO to PVE1 VM 211 (10.48.200.211, 8c/16GB)
- Access: http://jarvis.orbishosting.com:1972 (FortiGate VIP)
- Stack: nginx + PHP 8.3 + MariaDB + Redis + Arc Reactor
- Ollama VM IP: 10.48.200.95 → 10.48.200.210 (Reolink owns .95)
- FusionPBX SSH now direct via Tailscale (100.74.46.120)
- DO role: websites only (JARVIS fully removed)
- Agent URLs updated: http://10.48.200.211 (LAN direct)
- DO agent uses Tailscale: http://100.77.178.42

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-18 04:38:02 +00:00
myron cd80525851 Add NovaCPX to webhook router (VM deploys via its own cron)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-09 23:06:02 +00:00
myron 0b42e21a1b fix: webhook require path — one level up not two (was causing 500 on all deliveries) 2026-05-31 05:18:41 +00:00
myron 3bcd3dcb65 webhook: add parkerslingshot repo to deploy map 2026-05-25 18:31:46 +00:00
myron ecbc2e09a5 Fix 8 code-review findings: security + reliability
1. agent.py: shell allow-check reads cfg, not server payload (RCE fix)
2. webhook.php: move WEBHOOK_SECRET to gitignored config.php; rotate secret
3. agent.py: replace recursive main() with while loop (RecursionError fix)
4. jarvis-deploy.sh: push force-revert to GitHub on syntax fail (loop fix)
5. agent.py: self_update() verifies SHA-256 before exec (integrity fix)
6. agent.php: remove JARVIS_IP from browser-action bypass (auth fix)
7. jarvis-watchdog.sh: escape SQL vars in alert() to prevent injection
8. jarvis-deploy.sh: atomic mv instead of cat+truncate (TOCTOU fix)

Also: distribute jarvis-agent.py.sha256 alongside agent for integrity checks
2026-05-25 14:27:27 +00:00
myron 45fef11785 Autonomous systems: watchdog, smart deploy, site health, auto-heal, agent installer
- deploy/jarvis-watchdog.sh: self-healing watchdog (every 5 min)
  * monitors lsws/mysql/redis, restarts on failure
  * JARVIS HTTP self-check, restarts OLS on 5xx
  * disk/memory alerts inserted to DB
  * offline Proxmox VM agents restarted via qm guest exec
  * log rotation (1000 line cap)
- deploy/jarvis-deploy.sh: smart deploy with PHP validation
  * php8.3 syntax check on every changed .php file
  * auto-reverts git commit + inserts critical alert on syntax error
  * reloads OLS after JARVIS deploys
- api/endpoints/facts_collector.php: site health monitoring
  * curls all 7 managed sites every 3 min
  * stores up/down status in kb_facts
- api/endpoints/alerts.php: auto-heal + site alerts
  * dispatches restart_service commands when services down on agents
  * generates alerts from kb_facts site health data
- public_html/install-agent.sh: one-liner Linux agent installer
  * installs deps, downloads agent, registers with JARVIS, sets up systemd
- public_html/webhook.php: fixed infra deploy path to /opt/infra
2026-05-25 14:08:07 +00:00
myron 3e34b6d796 Add auto-deploy webhook handler
Handles GitHub push webhooks for all 8 repos.
Queues paths to /tmp/jarvis-deploy-queue.txt.
Root cron (/usr/local/bin/jarvis-deploy.sh) processes queue every minute.
2026-05-25 13:56:11 +00:00