17b923ffdf
- update-all-dns-to-public-ip.sh: --dry-run (no CF API), --zone-only=ZONE, help before .env, env CLOUDFLARE_DNS_DRY_RUN/DNS_ZONE_ONLY - update-sankofa-npmplus-proxy-hosts.sh: the-order + www.the-order by ID (env SANKOFA_NPM_ID_THE_ORDER, SANKOFA_NPM_ID_WWW_THE_ORDER, THE_ORDER_UPSTREAM_*) - update-npmplus-proxy-hosts-api.sh: the-order.sankofa.nexus uses block_exploits false like sankofa portal - verify-end-to-end-routing.sh: E2E_WWW_CANONICAL_BASE + Location validation (fail on wrong apex); keep local redirect vars - docs: ALL_VMIDS www 301 lines, E2E_ENDPOINTS_LIST verifier/DNS notes; AGENTS.md Cloudflare script pointer Made-with: Cursor
2.9 KiB
2.9 KiB
Proxmox workspace — agent instructions
Single canonical copy for Cursor/Codex. (If your editor also loads .cursor/rules, treat those as overlays.)
Scope
Orchestration for Proxmox VE, Chain 138 (smom-dbis-138/), explorers, NPMplus, and deployment runbooks.
Quick pointers
| Need | Location |
|---|---|
| Doc index | docs/MASTER_INDEX.md |
| cXAUC/cXAUT unit | 1 full token = 1 troy oz Au — docs/11-references/EXPLORER_TOKEN_LIST_CROSSCHECK.md (section 5.1) |
| PMM mesh 6s tick | smom-dbis-138/scripts/reserve/pmm-mesh-6s-automation.sh — docs/integration/ORACLE_AND_KEEPER_CHAIN138.md (PMM mesh automation) |
| VMID / IP / FQDN | docs/04-configuration/ALL_VMIDS_ENDPOINTS.md |
| Ops template + JSON | docs/03-deployment/PROXMOX_VE_OPERATIONAL_DEPLOYMENT_TEMPLATE.md, config/proxmox-operational-template.json |
| Live vs template (read-only SSH) | bash scripts/verify/audit-proxmox-operational-template.sh |
| Config validation | bash scripts/validation/validate-config-files.sh |
| Sankofa portal → CT 7801 (build + restart) | ./scripts/deployment/sync-sankofa-portal-7801.sh (--dry-run first); sets NEXTAUTH_URL on CT via sankofa-portal-ensure-nextauth-on-ct.sh |
| CCIP relay (r630-01 host) | Unit: config/systemd/ccip-relay.service → /etc/systemd/system/ccip-relay.service; systemctl enable --now ccip-relay |
| TsunamiSwap VM 5010 check | ./scripts/deployment/tsunamiswap-vm-5010-provision.sh (inventory only until VM exists) |
The Order portal (https://the-order.sankofa.nexus) |
OSJ management UI (secure auth); source repo the_order at ~/projects/the_order. NPM upstream defaults to portal 7801 until order-haproxy (10210) is set via THE_ORDER_UPSTREAM_* in update-npmplus-proxy-hosts-api.sh. www.the-order.sankofa.nexus is updated to 301 to the apex hostname (same as www.sankofa / www.phoenix). |
Portal login + Keycloak systemd + .env (prints password once) |
./scripts/deployment/enable-sankofa-portal-login-7801.sh (--dry-run first) |
| Completable (no LAN) | ./scripts/run-completable-tasks-from-anywhere.sh |
| Operator (LAN + secrets) | ./scripts/run-all-operator-tasks-from-lan.sh (use --skip-backup if NPM_PASSWORD unset) |
Cloudflare bulk DNS → PUBLIC_IP |
./scripts/update-all-dns-to-public-ip.sh — use --dry-run and --zone-only=sankofa.nexus (or d-bis.org / mim4u.org / defi-oracle.io) to limit scope; see script header |
Rules of engagement
- Review scripts before running; prefer
--dry-runwhere supported. - Do not run the full operator flow when everything is healthy unless the user explicitly wants broad fixes (NPM/nginx/RPC churn).
- Chain 138 deploy RPC:
http://192.168.11.211:8545(Core). Read-only / non-deploy checks may use public RPC per project rules.
Full detail: see embedded workspace rules and docs/00-meta/OPERATOR_READY_CHECKLIST.md.