Cerbero-mcp

Author	SHA1	Message	Date
AdrianoDev	287c4b5372	chore: rimuovi deploy.sh e cache registry buildx - scripts/deploy.sh eliminato (sostituito da deploy-noclone.sh) - build-push.sh: rimossa cache-from/cache-to registry (cache buildx locale del laptop sufficiente, niente più image buildcache:* sul registry Gitea) - doc cleanup riferimenti orfani Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-29 21:25:38 +02:00
AdrianoDev	ba29572e93	chore(deploy): build locale + deploy no-clone, rimuovi CI Gitea - scripts/build-push.sh: replica job CI in locale (8 image, cache buildx, tag :latest + :sha-X) - scripts/deploy-noclone.sh: deploy VPS senza clone (curl raw config + image pull) - rimossa .gitea/workflows/ci.yml - README + DEPLOYMENT aggiornati: laptop -> registry -> VPS, paths /docker/cerbero_mcp - ruff fix su 3 test (I001, SIM117, UP037, F821) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-29 20:37:06 +02:00
AdrianoDev	4f3e959805	feat(deploy): docker-compose.traefik.yml overlay per behind-Traefik ci / ruff lint (push) Failing after 13s Details ci / mypy mcp_common (push) Successful in 22s Details ci / pytest (push) Successful in 32s Details ci / validate compose + Caddyfile (push) Failing after 2m23s Details ci / build & push to registry (push) Has been skipped Details Per VPS condiviso (es. con Gitea) dove Traefik gestisce già 80/443. - gateway/Caddyfile: env-aware listen + auto_https + trusted_proxies (defaults invariati per modalità standalone). - docker-compose.traefik.yml: overlay che rimuove ports binding host, attacca gateway alla network esterna di Traefik, set labels per routing Host(cerbero-mcp.tielogic.xyz) + TLS via certresolver Traefik. Caddy ascolta plain HTTP :80 interno. - scripts/deploy.sh: rileva BEHIND_TRAEFIK=true → aggiunge -f docker-compose.traefik.yml a tutti i docker compose call. - DEPLOYMENT.md: nuova sezione 2a (topologia standalone vs behind-traefik) + sotto-sezione modalità behind-Traefik con env vars richieste. Uso: docker compose -f docker-compose.prod.yml -f docker-compose.traefik.yml \ --env-file .env up -d Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-29 09:56:07 +02:00
AdrianoDev	a1110c8ecb	feat(safety+audit+deploy): consistency_check + audit log file sink + deploy script ci / ruff lint (push) Failing after 12s Details ci / mypy mcp_common (push) Successful in 25s Details ci / pytest (push) Successful in 35s Details ci / validate compose + Caddyfile (push) Successful in 2m3s Details ci / build & push to registry (push) Has been skipped Details #2 Env switch safety: - mcp_common/environment.py: nuova consistency_check() che previene switch accidentali a mainnet. Solleva EnvironmentMismatchError se resolved=mainnet senza creds["environment"]="mainnet" esplicito, o se declared/resolved mismatch. Override via STRICT_MAINNET=false. - Wirato in app_factory.run_exchange_main al boot. - 6 nuovi test consistency. #3 Audit log persistence: - mcp_common/audit.py: TimedRotatingFileHandler aggiuntivo se env AUDIT_LOG_FILE settato. Rotation midnight UTC, retention 30gg default (AUDIT_LOG_BACKUP_DAYS). Format JSONL con SecretsFilter. - docker-compose.prod.yml: bind mount /var/log/cerbero-mcp + env AUDIT_LOG_FILE per i 4 servizi exchange (write endpoints). - 2 nuovi test file sink. #1 Deploy script: - scripts/deploy.sh: idempotente, fa docker login + clone/pull repo + copia secrets chmod 600 + crea .env + setup audit dir + pull image + up + smoke test pubblico HTTPS. - DEPLOYMENT.md aggiornato: sezioni 2 (script), 3 (safety mainnet), 4 (audit log query), renumber sezioni successive. Test: 488/488 verdi. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-29 09:29:04 +02:00
AdrianoDev	019b7e3298	docs: README + DEPLOYMENT con stato CI/CD funzionante ci / ruff lint (push) Successful in 14s Details ci / mypy mcp_common (push) Successful in 23s Details ci / pytest (push) Successful in 30s Details ci / validate compose + Caddyfile (push) Successful in 2m2s Details ci / build & push to registry (push) Successful in 1m32s Details README aggiunge sezione 'CI/CD pipeline' che descrive i 5 job e i tag image. DEPLOYMENT espande sez. 1 con dettagli runner Gitea (network gitea_gitea-internal, image runner-images, label ubuntu-latest) e configurazione secret user-level REGISTRY_TOKEN con scope write:package.	2026-04-29 09:18:30 +02:00
AdrianoDev	c251fda886	feat(ci/cd): Gitea Actions + registry + Watchtower auto-update ci / ruff lint (push) Failing after 1m37s Details ci / mypy mcp_common (push) Has been cancelled Details ci / pytest (push) Has been cancelled Details ci / build & push to registry (push) Has been cancelled Details CI pipeline (.gitea/workflows/ci.yml): - Job lint (ruff), typecheck (mypy mcp_common gating + servizi warn-only), test (pytest 455). - Job build-and-push solo su main: builda gateway + 6 image MCP via docker/build-push-action@v6, login al registry Gitea con docker/login-action@v3 + secrets.GITEA_TOKEN auto-iniettato. - Cache distribuita type=gha per layer Docker → run successivi 5-10x più veloci. Tag :latest + :sha-XXXXXXX per ogni image. Deploy VPS (docker-compose.prod.yml): - Niente build locale: solo `image:` da git.tielogic.xyz/adriano/ cerbero-mcp/<service>:latest. Variabile IMAGE_TAG per pin a sha specifico. - Servizio Watchtower containerizzato che polla ogni 5min (configurabile via WATCHTOWER_POLL_INTERVAL) e auto-aggiorna i container con label com.centurylinklabs.watchtower.enable=true. Auth registry riusa ~/.docker/config.json bind-mounted readonly. DEPLOYMENT.md: runbook completo per setup VPS, login registry, secrets, .env, smoke test post-deploy, rollback (pin a sha), disable auto-update, nota Traefik upload limit. README aggiornato con link. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-28 22:52:40 +02:00

6 Commits