breakglass: in-cluster emergency-recovery UI for the devvm
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Viktor wanted a web UI on the claude service to act as his breakglass when the devvm is down: open it, have Claude SSH in to diagnose/repair, and power-cycle the VM via the Proxmox host if needed. This is the app half (the infra stack + host bootstrap live in the infra repo). New, ISOLATED ASGI app under app/breakglass/ (never imports app.main, so the untrusted-input agents — recruiter-triage, nextcloud-todos — can't share a process with the root-on-devvm / PVE-reset SSH key): - pve.py: the LLM-independent power-verb path (status|forensics|reset|stop| start|cycle on VM 102), whitelist-validated client-side, executed over the forced-command SSH key (list argv, no shell). - agent_session.py: multi-turn streamed chat — claude -p --session-id / --resume with --output-format stream-json, translated to a small SSE vocabulary (session/text/tool/result/error/done). - auth.py: edge Authentik header OR bearer; fail-closed. - server.py: FastAPI (session/chat-SSE/pve-verb routes) + serves the Svelte UI. - Svelte SPA (frontend/, built into app/breakglass/static/ and committed — no in-cluster build, per ADR-0002): streamed chat + danger-styled manual VM controls with confirm-on-mutate. - agents/breakglass.md: narrow tools (Bash/Read/Grep/Glob, no web), taught the ssh devvm / ssh pve aliases and cycle-vs-reset. - docker-entrypoint-breakglass.sh: ssh-agent bootstrap from the mounted key + ssh aliases, then uvicorn app.breakglass.server. The breakglass Deployment overrides the image CMD with this; the existing service is untouched. 26 new tests (verb whitelist incl. injection attempts, stream-json→SSE translation, auth gating, route behaviour); full suite 58 green. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
Viktor Barzin
parent
694530135d
commit
4f361d91eb
28 changed files with 3889 additions and 0 deletions
11
Dockerfile
11
Dockerfile
|
|
@ -85,6 +85,17 @@ COPY agents/beads-task-runner.md /usr/share/agent-seed/beads-task-runner.md
|
|||
COPY agents/recruiter-triage.md /usr/share/agent-seed/recruiter-triage.md
|
||||
COPY agents/nextcloud-todos-planner.md /usr/share/agent-seed/nextcloud-todos-planner.md
|
||||
COPY agents/nextcloud-todos-exec.md /usr/share/agent-seed/nextcloud-todos-exec.md
|
||||
# The breakglass deployment (separate stack) seeds this one instead of the
|
||||
# untrusted-input agents; its init container copies whichever it needs.
|
||||
COPY agents/breakglass.md /usr/share/agent-seed/breakglass.md
|
||||
|
||||
# Breakglass entrypoint. The breakglass Deployment overrides the default CMD
|
||||
# with this (ssh-agent bootstrap + ssh aliases, then uvicorn for the breakglass
|
||||
# app). It ships in every image but only that deployment runs it. The built
|
||||
# frontend lives under app/breakglass/static/ (committed — no in-cluster build,
|
||||
# per ADR-0002), so the `COPY app/` above carries it in.
|
||||
COPY docker-entrypoint-breakglass.sh /srv/docker-entrypoint-breakglass.sh
|
||||
RUN chmod 0755 /srv/docker-entrypoint-breakglass.sh
|
||||
|
||||
USER agent
|
||||
WORKDIR /workspace/infra
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue