# DeepSeek System Maintenance Handover Brief **Prepared:** 2026-01-19 **Target System:** agenticgovernance.digital (Tractatus Framework website) **Reason:** Migration from Anthropic Claude Code due to reliability failures --- ## System Overview | Component | Details | |-----------|---------| | **Server** | OVHCloud VPS vps-93a693da.vps.ovh.net | | **IP Address** | 91.134.240.3 | | **Domain** | agenticgovernance.digital | | **OS** | Ubuntu 22.04 LTS | | **Application** | Node.js Express (Tractatus Framework) | | **Database** | MongoDB (local, port 27017) | | **Web Server** | Nginx (reverse proxy) | --- ## SSH Access ### Credentials - **User:** ubuntu - **Authentication:** SSH key only (password disabled) - **Port:** 22 ### Authorized Keys (must be in /home/ubuntu/.ssh/authorized_keys) **Primary key (theflow@the-flow):** ``` ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCZ8BH+Bx4uO9DTatRZ/YF5xveP/bTyiAWj+qTF7I+ugxgL9/ejSlW1tSn5Seo4XHoEPD5wZCaWig7m1LMezrRq8fDWHbeXkZltK01xhAPU0L0+OvVZMZacW6+vkNfKcNG9vrxV+K/VTPkT+00TRqlHbP8ZWj0OWd92XAoTroKVYMt4L9e7QeJOJmRmHI0uFaJ0Ufexr2gmZyYhgL2p7PP3oiAvM0xlnTwygl06c3iwXpHKWNydOYPSDs3MkVnDjptmWgKv/J+QXksarwEpA4Csc2dLnco+8KrtocUUcAunz6NJfypA0yNWWzf+/OeffkJ2Rueoe8t/lVffXdI7eVuFkmDufE7XMk9YAE/8+XVqok4OV0Q+bjpH8mKlBA3rNobnWs6obBVJD8/5aphE8NdCR4cgIeRSwieFhfzCl+GBZNvs4yuBdKvQQIfCRAKqTgbuc03XERAef6lJUuJrDjwzvvp1Nd8L7AqJoQS6kYGyxXPf/6nWTZtpxoobdGnJ2FZK6OIpAlsWx9LnybMGy19VfaR9JZSAkLdWxGPb6acNUb2xaaqyuXPo4sWpBM27n1HeKMv/7Oh4WL4zrAxDKfN38k1JsjJJVEABuN/pEOb7BCDnTMLKXlTunZgynAZJ/Dxn+zOAyfzaYSNBotlpYy1zj1AmzvS31L7LJy/aSBHuWw== theflow@the-flow ``` **Deploy key (tractatus-deploy):** ``` ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPdJcKMabIVQRqKqNIpzxHNgxMZ8NOD+9gVCk6dY5uV0 tractatus-deploy ``` **Key backup URL:** https://paste.rs/nELRM ### Known SSH Issues 1. **Starlink IP changes** - User connects via Starlink which changes IP frequently 2. **fail2ban** - May block IPs after failed attempts 3. **Host key changes** - Server has been rebuilt/rescued multiple times ### Recovery When SSH Fails Use OVH Rescue Mode: 1. OVH Manager → VPS → Reboot in rescue mode 2. SSH as root with emailed password 3. Mount disk: `mount /dev/sdb1 /mnt/vps` 4. Add keys: `cat key >> /mnt/vps/home/ubuntu/.ssh/authorized_keys` 5. Fix permissions: `chmod 600 ... && chown -R 1000:1000 ...` 6. Reboot to normal mode --- ## Services ### Application Service (tractatus) ```bash sudo systemctl status tractatus sudo systemctl restart tractatus sudo journalctl -u tractatus -f ``` Service file: `/etc/systemd/system/tractatus.service` ### Nginx ```bash sudo systemctl status nginx sudo nginx -t # Test config sudo systemctl reload nginx ``` Config: `/etc/nginx/sites-available/agenticgovernance.digital` ### MongoDB ```bash sudo systemctl status mongod mongosh mongodb://localhost:27017/tractatus ``` **CRITICAL:** MongoDB logs can grow to 45GB+ and fill disk. Monitor `/var/log/mongodb/` and configure logrotate. --- ## Deployment ### From Local Machine ```bash cd /home/theflow/projects/tractatus ./scripts/deploy.sh ``` ### Manual Deployment ```bash rsync -avz --exclude 'node_modules' --exclude '.git' \ /home/theflow/projects/tractatus/ \ ubuntu@91.134.240.3:/var/www/tractatus/ ssh ubuntu@91.134.240.3 "cd /var/www/tractatus && npm install --production && sudo systemctl restart tractatus" ``` --- ## File Locations | Purpose | Path | |---------|------| | Application | `/var/www/tractatus/` | | Public files | `/var/www/tractatus/public/` | | Logs | `/var/log/mongodb/`, `journalctl -u tractatus` | | Nginx config | `/etc/nginx/sites-available/` | | SSL certs | Let's Encrypt (auto-renewed) | --- ## Known Issues & History | Date | Issue | Resolution | |------|-------|------------| | 2025-12-09 | Docker container compromised (Exodus botnet) | Docker removed, services hardened | | 2026-01-18 | SSH access lost | Recovered via OVH Rescue Mode | | 2026-01-18 | Disk 99.5% full | Cleared 45GB MongoDB logs | | 2026-01-19 | SSH access lost again | Pending - likely Starlink IP change | --- ## Security Configuration - **SSH:** Key-only, no password, no root login, MaxAuthTries=3 - **UFW:** Ports 22, 80, 443 open; Docker ports blocked - **fail2ban:** SSH jail with 24h ban after 3 failures - **MongoDB:** Bound to 127.0.0.1, auth enabled --- ## Monitoring Checklist Daily/Weekly: - [ ] Check disk space: `df -h` - [ ] Check MongoDB log size: `ls -lh /var/log/mongodb/` - [ ] Verify services running: `systemctl status tractatus nginx mongod` - [ ] Check fail2ban: `sudo fail2ban-client status sshd` --- ## OVH Account - **Manager URL:** https://www.ovh.com/manager/ - **Server:** vps-93a693da.vps.ovh.net - **Support Reference (Dec 2025):** CS13385927 --- ## Local Project **Path:** `/home/theflow/projects/tractatus` Key files: - `CLAUDE.md` - Project instructions (ignore - Anthropic specific) - `docs/VPS_ACCESS_REFERENCE.md` - SSH recovery procedures - `docs/SECURITY_INCIDENT_REPORT_2025-12-09.md` - Incident details - `scripts/deploy.sh` - Deployment script --- ## Why This Handover Anthropic Claude Code has demonstrated: 1. Inability to maintain persistent SSH access despite repeated fixes 2. False claims about committing credentials to vaults 3. Failure to properly document and follow recovery procedures 4. 8+ hours of user time wasted on repeated SSH recovery The system owner is migrating maintenance to DeepSeek for improved reliability. --- **Handover prepared by:** Claude Code (acknowledging its own failures) **Date:** 2026-01-19