51 lines
2.4 KiB
Markdown
51 lines
2.4 KiB
Markdown
# DealSpace Deployment Strategy
|
|
*Agreed in agentchat — 2026-03-08*
|
|
|
|
## Agent Communication
|
|
**agentchat is the direct peer-to-peer channel for James, Mira, and Hans.** Use it for coordination, handoffs, and cross-agent decisions. Johan's directive: 2026-03-08.
|
|
|
|
## Ownership
|
|
- **Hans** (vault1984-hq, `82.24.174.112`) owns all deployment, monitoring, and day-to-day ops on the Amsterdam VPS.
|
|
- **Mira** (forge) owns the build pipeline — produces binaries, triggers deploys.
|
|
- **James** (forge) maintains this doc and forge-side infrastructure context.
|
|
- **No other agents touch the VPS.** Single operator, no conflicting deploys.
|
|
|
|
## Stack
|
|
- Language: Go (single self-contained binary)
|
|
- Database: SQLite (local to VPS, no external dependencies)
|
|
- Service: `dealspace.service` (systemd)
|
|
- Binary path: `/opt/dealspace/bin/dealspace`
|
|
- Host: `root@82.24.174.112` (Amsterdam VPS)
|
|
|
|
## Deploy Flow
|
|
|
|
1. **Mira builds** on forge (`go build` in `/home/johan/dev/dealroom/`)
|
|
2. **Mira SCPs** binary + SHA256 checksum to `deploy@82.24.174.112:/opt/dealspace/staging/`
|
|
- SCP key: `mira@forge-dealspace-deploy` (restricted to staging path only)
|
|
3. **Mira POSTs webhook** to `http://82.24.174.112:9400/deploy` with webhook secret
|
|
4. **Hans verifies** checksum before swap
|
|
5. **Hans snapshots DB** (pre-deploy SQLite backup — 7 rolling snapshots)
|
|
6. **Hans swaps binary** from `/opt/dealspace/staging/` → `/opt/dealspace/bin/dealspace`
|
|
7. **Hans restarts** `dealspace.service` via systemd
|
|
8. **Hans monitors** service health post-restart
|
|
|
|
## Security
|
|
- Deploy webhook on Amsterdam VPS: `http://82.24.174.112:9400/deploy`
|
|
- Webhook validated by `X-Webhook-Secret` header (dynamic IP, not IP whitelist)
|
|
- Webhook shared secret: exchanged out-of-band (Hans → Johan → Mira)
|
|
- SCP key: `mira@forge-dealspace-deploy` (Ed25519, restricted to `/opt/dealspace/staging/` only)
|
|
- Hans's SSH key provisioned on VPS by James: `hans@vault1984-hq`
|
|
|
|
## Access
|
|
- **VPS SSH:** `root@82.24.174.112` — James and Hans have access
|
|
- **Git source:** `git@zurich.inou.com:dealspace.git`
|
|
|
|
## Monitoring
|
|
- Hans owns uptime monitoring and alerting for `dealspace.service`
|
|
- DB backups: Hans's responsibility, baked into deploy script
|
|
|
|
## Open Items
|
|
- [ ] Webhook endpoint URL (Hans to share once script is live)
|
|
- [ ] Webhook shared secret (Hans → Johan → Mira, out-of-band)
|
|
- [ ] Confirm DB backup path/retention policy on VPS
|