m17hr1l/psyc - psyc - Gitea: Git with a cup of tea

m17hr1l/psyc

Fork 0

Commit Graph

Author	SHA1	Message	Date
m17hr1l	9e4c217a3d	stage-17: operational hardening — .env keys, model status, backup Three load-bearing operational pieces before any new features: * .env.example committed, .env gitignored — per-developer API keys (THREATFOX_AUTH_KEY, OTX_API_KEY, NVD_API_KEY) ready for the registrations ahead; python-dotenv loads it in the venv CLI; compose picks it up via env_file: .env on the cockpit service. * Cockpit /api/inference-status endpoint + a topbar status chip that polls it on page load — "model · live" green when up, "model · offline" amber when the inference server is unreachable. No more manual checking. Compose also gains a healthcheck on the inference service (applies on next recreate). * New `psyc backup` command — tars the audit trail (db + sealed packages + recipient keys + ledger + datasets) to data/backups/psyc-data-<ts>.tar.gz. Excludes the HF model cache, mock-cert receipts, and the re-trainable adapters — the goal is the irrecoverable evidence, not bulk artifacts. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-20 19:44:58 +02:00
m17hr1l	372ee72353	stage-9: consolidate into one compose stack behind nginx-proxy psyc now runs as a single docker compose stack — cockpit + mock-cert + (gpu-profile) inference — on the shared external `backend` network, fronted by nginx-proxy as psyc.neuronetz.ai. Replaces the venv processes + one-off docker run. MOCK_CERT_BASE and INFERENCE_URL are now env-configurable (PSYC_MOCK_CERT_URL / PSYC_INFERENCE_URL) so the cockpit reaches the other services by compose service name. Restart policies + healthchecks. deploy.md rewritten to match. Verified: cockpit serves directly and via the proxy; the full scout→…→courier→ledger chain runs over the compose network. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-18 22:57:33 +02:00
m17hr1l	e54242178f	stage-8: deployable platform — Dockerfile + compose for company-network deploy Lean python:3.12-slim platform image (cockpit + CLI + workers, 214 MB — no GPU, no model). docker-compose.yml runs cockpit + mock-cert on a persistent psyc-data volume. DATA_DIR is now overridable via PSYC_DATA_DIR so the container's data path is explicit. docs/deploy.md covers Proxmox hosting, first-run ingestion, and the honest caveats — no built-in auth (deploy behind the perimeter), the GPU model server is separate, egress-proxy config. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-18 21:53:03 +02:00

Author

SHA1

Message

Date

m17hr1l

9e4c217a3d

stage-17: operational hardening — .env keys, model status, backup

Three load-bearing operational pieces before any new features:

* .env.example committed, .env gitignored — per-developer API keys
  (THREATFOX_AUTH_KEY, OTX_API_KEY, NVD_API_KEY) ready for the registrations
  ahead; python-dotenv loads it in the venv CLI; compose picks it up via
  env_file: .env on the cockpit service.

* Cockpit /api/inference-status endpoint + a topbar status chip that polls it
  on page load — "model · live" green when up, "model · offline" amber when
  the inference server is unreachable. No more manual checking. Compose also
  gains a healthcheck on the inference service (applies on next recreate).

* New `psyc backup` command — tars the audit trail (db + sealed packages +
  recipient keys + ledger + datasets) to data/backups/psyc-data-<ts>.tar.gz.
  Excludes the HF model cache, mock-cert receipts, and the re-trainable
  adapters — the goal is the irrecoverable evidence, not bulk artifacts.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-05-20 19:44:58 +02:00

m17hr1l

372ee72353

stage-9: consolidate into one compose stack behind nginx-proxy

psyc now runs as a single docker compose stack — cockpit + mock-cert +
(gpu-profile) inference — on the shared external `backend` network, fronted
by nginx-proxy as psyc.neuronetz.ai. Replaces the venv processes + one-off
docker run. MOCK_CERT_BASE and INFERENCE_URL are now env-configurable
(PSYC_MOCK_CERT_URL / PSYC_INFERENCE_URL) so the cockpit reaches the other
services by compose service name. Restart policies + healthchecks. deploy.md
rewritten to match.

Verified: cockpit serves directly and via the proxy; the full
scout→…→courier→ledger chain runs over the compose network.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-05-18 22:57:33 +02:00

m17hr1l

e54242178f

stage-8: deployable platform — Dockerfile + compose for company-network deploy

Lean python:3.12-slim platform image (cockpit + CLI + workers, 214 MB — no GPU,
no model). docker-compose.yml runs cockpit + mock-cert on a persistent
psyc-data volume. DATA_DIR is now overridable via PSYC_DATA_DIR so the
container's data path is explicit. docs/deploy.md covers Proxmox hosting,
first-run ingestion, and the honest caveats — no built-in auth (deploy behind
the perimeter), the GPU model server is separate, egress-proxy config.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-05-18 21:53:03 +02:00

3 Commits