Slice 2: port 3452, nginx sandbox mount, AGENTS.md, docs, deploy script cleanup
- control-plane default listen addr is now :3452 (was :8080). An unusual port to avoid collisions on the VM. - agent-micro and agent-gateway default SDP_CP_URL points at ws://localhost:3452/ws/agent. docker-compose.yml updates the control plane command, host port mapping, and agent -cp URLs. - nginx/nginx.conf (the legacy root-mount reference) uses 127.0.0.1:3452 for the upstream. nginx/sandbox.conf is the new deployment config: four location blocks for the /sandbox/credit-card mount — _next/static serves cached chunks, /api/ and /ws/ proxy to 127.0.0.1:3452, /sandbox/credit-card serves the static dashboard with try_files for SPA routing. - scripts/patch-nginx.sh: deleted. The user configures nginx on 186 by hand. scripts/deploy.sh no longer calls it. - AGENTS.md: new file. Documents the build/lint/test commands (with the golang:1.24-alpine container — local Go can't fetch the toolchain), the wire protocol, the Slice-2 conventions (sdp-<repo> container naming, snapshot persistence, PreGitReset/AfterStart hooks), the repo-path gotcha, and the build-artifacts-in-git rationale. - dashboard/out: now tracked in git, alongside bin/. The dashboard static export is scp'd to 186 on deploy; the VMs have no internet so they can't regenerate it. .gitignore comment explains this and warns against re-ignoring. - README.md / REQUIREMENTS.md: status updated to 'Slice 2 done', per-feature checklist marked. Erangel repo path corrected to /var/www/html/erangel-ocean (was wrongly ~/SDP in earlier docs).
This commit is contained in:
Achmad
+52
-33
@@ -1,17 +1,25 @@
|
||||
# Sandbox Deployment Platform (SDP)
|
||||
|
||||
## Status (Slice 1 — build green, MVP core flow)
|
||||
## Status (Slice 2 — sandboxes, routes, real auth, all MVP features)
|
||||
|
||||
The build is green: `./scripts/build.sh` produces three Linux/amd64
|
||||
binaries and a static dashboard. The core MVP loop works end to end —
|
||||
login, deploy a microservice or the PHP gateway, watch progress and
|
||||
logs in real time.
|
||||
binaries and a static dashboard. The full MVP flow works end to end:
|
||||
|
||||
Sandbox / Template / Route / Environment management is **deferred to
|
||||
Slice 2** and is not yet built. Real auth via agent-mediated
|
||||
`git ls-remote` and real branch/repo listing from agents are also
|
||||
deferred (the current code has hardcoded fixtures and an "accept any
|
||||
creds if an agent is connected" stub for these).
|
||||
- Real Bitbucket auth via `git ls-remote` against the api-gateway.
|
||||
- Real repo and branch listing via agent WS frames.
|
||||
- Sandbox / template / environment CRUD with persisted metadata in
|
||||
SQLite.
|
||||
- Route overrides per sandbox, with live read-back of the
|
||||
`<service>_url` map from the gateway's `config.php` after every
|
||||
branch switch. The agent patches the file and gracefully reloads
|
||||
apache.
|
||||
- Per-deploy port binding: the user picks the host port per service
|
||||
(e.g. eredar at `172.18.136.92:9001`), the container's exposed port
|
||||
is published to that port.
|
||||
- Erangel deploy: `git reset --hard → fetch → checkout → pull →
|
||||
composer install → start container → re-apply route overrides`.
|
||||
Per-branch OCP-default snapshot persisted to
|
||||
`<repo>/.sdp/ocp-defaults.json`.
|
||||
|
||||
See [Status checklist](#status-checklist) at the bottom of this
|
||||
document for a per-feature status.
|
||||
@@ -114,16 +122,19 @@ IP Address:
|
||||
172.18.139.186
|
||||
|
||||
Repository Root:
|
||||
~/SDP
|
||||
/var/www/html/erangel-ocean
|
||||
```
|
||||
|
||||
Contains:
|
||||
|
||||
```text
|
||||
~/SDP
|
||||
/var/www/html/erangel-ocean
|
||||
```
|
||||
|
||||
The API Gateway repository.
|
||||
The API Gateway repository (erangel). The container
|
||||
`php:8.3-apache` bind-mounts this path at the same path inside the
|
||||
container and serves the gateway at `/erangel/`, mirroring the
|
||||
production URL space.
|
||||
|
||||
---
|
||||
|
||||
@@ -1460,37 +1471,45 @@ scheduled for Slice 2. `later` = out of scope for MVP.
|
||||
the per-operation Bitbucket creds.
|
||||
- `done` Micro agent runs `git fetch → checkout → pull → go build →
|
||||
docker run` and streams progress and logs back.
|
||||
- `done` Gateway agent runs `git fetch → checkout → pull → composer
|
||||
install (best-effort) → docker run` and streams progress and logs
|
||||
- `done` Gateway agent runs `git reset --hard → fetch → checkout →
|
||||
pull → composer install (best-effort) → docker run → re-apply route
|
||||
overrides → apache graceful reload` and streams progress and logs
|
||||
back.
|
||||
- `done` Dashboard subscribes to a deployment by id over WebSocket
|
||||
and renders stages + live log tail.
|
||||
- `done` SQLite persistence for deployment rows, stage transitions,
|
||||
and append-only log files.
|
||||
- `next` Replace `validateViaAgent` stub with a real
|
||||
`git ls-remote` frame.
|
||||
- `next` Replace hardcoded `handleListRepos` /
|
||||
`handleListBranches` with agent frames (the `gitutil.ListBranches`
|
||||
helper and the `agentlib` frame protocol are partially set up but
|
||||
not wired through).
|
||||
- `done` Real `validateViaAgent` via the agent's `git ls-remote`
|
||||
frame.
|
||||
- `done` Real `list_repos` / `list_branches` via agent frames; the
|
||||
hardcoded fixtures are gone.
|
||||
- `done` `list_routes` RPC exposes the live `<key>_url` map from
|
||||
the gateway's `config.php` after every branch switch.
|
||||
- `done` `GET /api/deployments` reads deployment history from
|
||||
SQLite (filterable by sandbox).
|
||||
|
||||
## Sandbox & routing (Slice 2)
|
||||
## Sandbox & routing
|
||||
|
||||
- `next` Sandbox CRUD (data model + REST endpoints + dashboard page).
|
||||
- `next` Sandbox template CRUD and "clone template into sandbox".
|
||||
- `next` Route management (sandbox vs OCP per service).
|
||||
- `next` Environment CRUD (persisted named envs, not just inline).
|
||||
- `next` Actual route push to the API Gateway (the gateway agent
|
||||
has to update the gateway's routing config, currently this is
|
||||
the manual `scripts/patch-nginx.sh` step).
|
||||
- `next` Port allocation table and helpers.
|
||||
- `done` Sandbox CRUD (data model + REST endpoints + dashboard
|
||||
pages).
|
||||
- `done` Sandbox template CRUD and "clone template into sandbox".
|
||||
- `done` Route management (sandbox vs OCP per service) with live
|
||||
read-back from the gateway's `config.php`.
|
||||
- `done` Environment CRUD (persisted named envs, not just inline).
|
||||
- `done` Actual route push to the API Gateway: the gateway agent
|
||||
rewrites `application/config/production/config.php` and gracefully
|
||||
reloads apache. A per-branch OCP-default snapshot is captured
|
||||
automatically and persisted to `<repo>/.sdp/ocp-defaults.json`.
|
||||
- `done` Per-deploy port binding: the user specifies the host port;
|
||||
the agent publishes the container's exposed port to it. Concurrency
|
||||
is "one live container per repo" (the stable name is `sdp-<repo>`).
|
||||
|
||||
## Auth
|
||||
|
||||
- `done` Login endpoint accepts any creds if an agent is connected
|
||||
(MVP stub).
|
||||
- `done` Session cookie + in-memory session store.
|
||||
- `next` Real auth via agent-mediated `git ls-remote`.
|
||||
- `done` Real auth via agent-mediated `git ls-remote` against the
|
||||
api-gateway. Login fails fast if no gateway agent is connected.
|
||||
- `done` Session cookie + in-memory session store, 12-hour TTL,
|
||||
logout invalidates the token.
|
||||
- `later` RBAC roles (admin / backend / qa / viewer).
|
||||
|
||||
## Out of scope for MVP (per the "Future Enhancements" section)
|
||||
|
||||
Reference in New Issue
Block a user