d-bis/proxmox
4
0
Fork 0
Code Issues 1 Pull Requests 9 Actions Packages Projects Releases Wiki Activity
Files
f0f0a4bb844eefe6c19e9568c3af9b2d387e5a2e
proxmox/mission-control/README.md
TorNation01 1892827711
All checks were successful
Deploy to Phoenix / deploy (push) Successful in 6s
Details
chore: merge upstream sync — Mission Control launchpad, runbooks, ProxmoxVE React 19 build fix 
- Merge origin/main into master (already applied).
- Regenerate doc-manifest.json for new RUNBOOK markdown (60 entries).
- Launchpad: E2E endpoints doc, docs.d-bis.org, Gitea, Chain 138 dapp + env overrides.
- ProxmoxVE submodule: fix react-syntax-highlighter JSX types for Next 15 / React 19.

Made-with: Cursor
2026-04-07 16:28:44 +08:00

80 lines
4.1 KiB
Markdown
Raw Blame History

# Mission Control (unified operator console)
Next.js application in this monorepo: **launchpad** links to existing UIs, **guided runbooks** collect inputs and execute **allowlisted** repo scripts with **live SSE trace**, **graded touchpoints**, **compliance assertions**, and a **downloadable ZIP audit pack** (manifest, events, logs, checksums).
## Run locally
From the **monorepo root**:
```bash
pnpm install
pnpm mission-control:dev
```
Open **http://localhost:3010** (Proxmox helper site can stay on 3000).
### Runbook catalog
- **Hand-written specs:** `mission-control/runbooks/specs/*.json` (short ids like `health-self-check`).
- **All documentation runbooks:** `mission-control/runbooks/doc-manifest.json` is generated from every `docs/**/**RUNBOOK**.md` (excluding master index files). Each entry runs **real** `scripts/...` or `explorer-monorepo/scripts/...` paths extracted from that markdown (up to 14 steps), with **Proxmox host**, **RPC override**, and **Practice mode** inputs.
Regenerate the doc manifest after editing runbook markdown:
```bash
pnpm --filter mission-control run generate:runbooks
```
`pnpm mission-control:build` runs **prebuild**`generate:runbooks` automatically.
### Environment
| Variable | Purpose |
|----------|---------|
| `MISSION_CONTROL_PROJECT_ROOT` | Optional absolute monorepo root. If set but the path does not exist, Mission Control logs a warning and auto-detects from cwd instead (avoids a hard 500). |
| `GIT_BASH_PATH` | Windows: full path to `bash.exe` if not under default Git paths. |
| `NEXT_PUBLIC_HELPER_SCRIPTS_URL` | Launchpad link for helper site (default `http://localhost:3000`). |
| `NEXT_PUBLIC_EXPLORER_URL` | Launchpad link for explorer (default `https://explorer.d-bis.org`). |
| `NEXT_PUBLIC_PHOENIX_DEPLOY_API_URL` | Launchpad link for Phoenix Deploy API health (default `http://localhost:4001/health`). |
| `NEXT_PUBLIC_TESTNET_2138_RUNBOOK_URL` | Meta testnet 2138 runbook (Gitea markdown). |
| `NEXT_PUBLIC_ROUTE_MATRIX_URL` | Aggregator route matrix JSON in repo. |
| `NEXT_PUBLIC_DOCS_MASTER_URL` / `NEXT_PUBLIC_OPERATIONAL_RUNBOOKS_URL` | Override doc deep links on the launchpad. |
| `NEXT_PUBLIC_E2E_ENDPOINTS_DOC_URL` | Gitea markdown for `docs/04-configuration/E2E_ENDPOINTS_LIST.md` (routing verifier inventory). |
| `NEXT_PUBLIC_DOCS_SITE_URL` | Launchpad link for public docs site (default `https://docs.d-bis.org`). |
| `NEXT_PUBLIC_GITEA_URL` | Launchpad link for Gitea (default `https://gitea.d-bis.org`). |
| `NEXT_PUBLIC_CHAIN138_DAPP_URL` | Launchpad link for Chain 138 dapp (default `https://dapp.d-bis.org`). |
## Test
```bash
pnpm mission-control:test
```
Runs a real **health-self-check** (Node child process) against the allowlisted executor.
## Build / production
```bash
pnpm mission-control:build
pnpm mission-control:start
```
Use a **production process manager** (systemd, PM2, container) with `NODE_ENV=production`. The runner executes **only** scripts mapped in `src/lib/allowlist.ts`—no arbitrary shell from the UI.
## Security notes
- Treat this console as **privileged**: anyone who can POST `/api/runs` can trigger allowlisted automation on the host.
- Place **authentication / network restrictions** in front (reverse proxy, VPN, mTLS) for non-local use.
- Secrets in runbook forms: mark `sensitive: true` in JSON specs; values are redacted in `inputs.redacted.json` inside the audit bundle.
## Adding a runbook
**Option A — markdown in `docs/`:** Name the file with `RUNBOOK` in the filename. Reference scripts as `scripts/...` or `explorer-monorepo/scripts/...`. Run `pnpm --filter mission-control run generate:runbooks` and commit the updated `doc-manifest.json`.
**Option B — curated JSON:** Add `runbooks/specs/<id>.json` (see `src/lib/runbook-schema.ts`). Every spec must include an **`execution`** block with allowlisted script paths. Hand-written specs override doc-manifest entries if they share the same `id`.
Execution is allowlisted by path prefix only: **`scripts/`** and **`explorer-monorepo/scripts/`** (see `src/lib/execution-path-validator.ts`).
## Timeline
See [TIMELINE.md](./TIMELINE.md) for phased delivery and estimates.
Reference in New Issue View Git Blame Copy Permalink