The inner .gitignore at docs/scripts/extraction/.gitignore blanket-ignored
*.md/*.json/*.jsonl so research-agent transcripts wouldn't drift in. The
curated augmentation file needs an explicit exception so the Docker build
step on production can read it during `node scripts/build-corpus.mjs`.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The Ollama URL was leaking via:
- prose in /en/, /de/, /ja/, /es/, /fr/ docs (oracle, deployment,
local-testing, ai/module/{overview,embed,training})
- code blocks teaching users to curl the host directly
- .env.example, Dockerfile, docker-compose.yml defaults
- providers.mjs, translate-docs.mjs, build-oracle-index.mjs defaults
- LandingScripts.astro comment
- lora-runbook.md prose + SSH host
- the GET handler at /api/oracle which echoed `ollamaUrl` back to public callers
- the "Oracle is silent" fallback message at /api/oracle POST
Replacements:
- prose: "neuronetz.ai" → "your Ollama instance"
- example URLs in code blocks: https://api.neuronetz.ai → https://your-ollama-host.example
- code-level defaults: → http://localhost:11434 (Ollama's standard local port)
- GET /api/oracle: dropped the `ollamaUrl` field; provider + model still exposed
- runbook SSH host: neuronetz@cloud.neuronetz.ai → <gpu-user>@<gpu-host>
Production chat is unaffected: docs/.env (gitignored) on the production
host still pins OLLAMA_BASE_URL=https://api.neuronetz.ai. The only
change in the running container is that the GET handler no longer
echoes the URL.
analytics.neuronetz.ai (Umami tracking) is intentionally left intact —
it's a public, brand-owned subdomain meant to be visible.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The first version of vhost.d/<host>_location nested four `location { … }`
blocks (for /_astro/, images, /sw.js, /llms.txt) inside the proxy's
generated `location / { … }` to set Cache-Control. nginx accepts the
syntax, but a nested location with no `proxy_pass` directive falls through
to filesystem root and 404s the asset — which is why CSS / JS / images
were missing on the live site even though the HTML loaded fine.
Astro already emits sensible Cache-Control on hashed _astro bundles, so
we don't need the proxy to set them. Removed all four nested blocks; the
vhost.d files now only carry proxy headers, gzip, and security headers,
all of which are valid inside a location {} block without proxy_pass.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The acme-companion on the production host doesn't accept comma-separated
VIRTUAL_HOST / LETSENCRYPT_HOST values, so cert issuance was failing for
the combined `nibiru-framework.com,www.nibiru-framework.com` entry.
docker-compose.yml — now defines two services sharing the same image:
- docs → VIRTUAL_HOST=nibiru-framework.com (apex)
- docs-www → VIRTUAL_HOST=www.nibiru-framework.com (built once, reused)
A YAML anchor (x-docs-shared-env) keeps the Oracle/LLM/Anthropic config in
lockstep so the two containers can never drift.
docs/nginx/vhost.d/ — per-host nginx-proxy overrides applied at the
location-block level by jwilder/nginx-proxy. Both files set:
- X-Forwarded-* trust + buffering off (Oracle SSE streaming)
- HSTS / X-Content-Type / X-Frame / Referrer-Policy / Permissions-Policy
- gzip with the right MIME set for Astro/Starlight assets
- Aggressive cache on /_astro/ (immutable hashed bundles)
- 30-day cache on images/fonts
- no-store on /sw.js (so PWA updates land)
- 24-hour cache on /llms.txt for AI crawlers
docs/nginx/README.md explains how to mount these into an existing
nginx-proxy (bind-mount + reload, or bake into the proxy image).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The Dockerfile's `COPY package.json package-lock.json .npmrc ./` requires
the file to exist; the build was failing on a fresh clone with
`failed to compute cache key … "/.npmrc": not found`.
Contents are intentionally minimal: silence npm's audit/funding chatter
during CI/Docker builds and enable legacy-peer-deps so Astro 6 + Starlight
0.38 + @vite-pwa/astro can install together without npm's strict peer
resolver rejecting the lockfile.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This is the snapshot the production landing site (nibiru-framework.com) is
deployed from. Brings together the recent splash + docs migration to the v4
"Cosmos" design system, the new in-framework AI module, and the framework
groundwork that backs the framework-reference extraction.
What lands:
- docs/: Astro + Starlight site with the v4 dark cosmic palette, GalaxyHero
canvas constellation, Mission Control chat (wired to /api/oracle →
api.neuronetz.ai via providers.mjs Ollama), 5-panel MMVC stage
(Model · AI · Module · Controller · View), translated EN/DE/JA/ES/FR
content, PWA + sitemap + llms.txt + Umami analytics.
- docs/design-system/: canonical mockup bundle (source/index-v2.html for
splash, source/docs-system.html + preview/ for docs, SPEC.md, tokens).
- docs/scripts/extraction/framework-reference-v2.md: deep framework
reference (~1.6k lines, file:line citations, every public factory and
idiom — basis for the LoRA training corpus.
- application/module/ai/: AI module with chat / embed / RAG / agent
plugins, plus pdoQuery / httpGet / fileRead tools and Modelfile +
smoke-test in training/.
- application/module/users/: user / ACL / form-factory traits used as the
reference plugin pattern for the framework docs.
- application/settings/config/database/: schema + seed migrations
including the AI module tables (200–203).
- Form factory + autogenerator changes the framework-reference-v2 covers.
Production secrets stay out: docs/.env, settings.production.ini and
ai.production.ini are all gitignored (.example files are in tree).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
