john/tractatus
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
tractatus/docs/DEEPSEEK_HANDOVER_BRIEF.md
TheFlow 008f0169a4 docs: Add VPS access reference and DeepSeek handover brief 
- VPS_ACCESS_REFERENCE.md: Complete SSH recovery procedures for OVH rescue mode
- DEEPSEEK_HANDOVER_BRIEF.md: System maintenance handover documentation

Addresses repeated SSH access failures and documents recovery procedures.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-19 11:03:00 +13:00

186 lines
5.4 KiB
Markdown
Raw Blame History

# DeepSeek System Maintenance Handover Brief
**Prepared:** 2026-01-19
**Target System:** agenticgovernance.digital (Tractatus Framework website)
**Reason:** Migration from Anthropic Claude Code due to reliability failures
---
## System Overview
| Component | Details |
|-----------|---------|
| **Server** | OVHCloud VPS vps-93a693da.vps.ovh.net |
| **IP Address** | 91.134.240.3 |
| **Domain** | agenticgovernance.digital |
| **OS** | Ubuntu 22.04 LTS |
| **Application** | Node.js Express (Tractatus Framework) |
| **Database** | MongoDB (local, port 27017) |
| **Web Server** | Nginx (reverse proxy) |
---
## SSH Access
### Credentials
- **User:** ubuntu
- **Authentication:** SSH key only (password disabled)
- **Port:** 22
### Authorized Keys (must be in /home/ubuntu/.ssh/authorized_keys)
**Primary key (theflow@the-flow):**
```
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCZ8BH+Bx4uO9DTatRZ/YF5xveP/bTyiAWj+qTF7I+ugxgL9/ejSlW1tSn5Seo4XHoEPD5wZCaWig7m1LMezrRq8fDWHbeXkZltK01xhAPU0L0+OvVZMZacW6+vkNfKcNG9vrxV+K/VTPkT+00TRqlHbP8ZWj0OWd92XAoTroKVYMt4L9e7QeJOJmRmHI0uFaJ0Ufexr2gmZyYhgL2p7PP3oiAvM0xlnTwygl06c3iwXpHKWNydOYPSDs3MkVnDjptmWgKv/J+QXksarwEpA4Csc2dLnco+8KrtocUUcAunz6NJfypA0yNWWzf+/OeffkJ2Rueoe8t/lVffXdI7eVuFkmDufE7XMk9YAE/8+XVqok4OV0Q+bjpH8mKlBA3rNobnWs6obBVJD8/5aphE8NdCR4cgIeRSwieFhfzCl+GBZNvs4yuBdKvQQIfCRAKqTgbuc03XERAef6lJUuJrDjwzvvp1Nd8L7AqJoQS6kYGyxXPf/6nWTZtpxoobdGnJ2FZK6OIpAlsWx9LnybMGy19VfaR9JZSAkLdWxGPb6acNUb2xaaqyuXPo4sWpBM27n1HeKMv/7Oh4WL4zrAxDKfN38k1JsjJJVEABuN/pEOb7BCDnTMLKXlTunZgynAZJ/Dxn+zOAyfzaYSNBotlpYy1zj1AmzvS31L7LJy/aSBHuWw== theflow@the-flow
```
**Deploy key (tractatus-deploy):**
```
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPdJcKMabIVQRqKqNIpzxHNgxMZ8NOD+9gVCk6dY5uV0 tractatus-deploy
```
**Key backup URL:** https://paste.rs/nELRM
### Known SSH Issues
1. **Starlink IP changes** - User connects via Starlink which changes IP frequently
2. **fail2ban** - May block IPs after failed attempts
3. **Host key changes** - Server has been rebuilt/rescued multiple times
### Recovery When SSH Fails
Use OVH Rescue Mode:
1. OVH Manager → VPS → Reboot in rescue mode
2. SSH as root with emailed password
3. Mount disk: `mount /dev/sdb1 /mnt/vps`
4. Add keys: `cat key >> /mnt/vps/home/ubuntu/.ssh/authorized_keys`
5. Fix permissions: `chmod 600 ... && chown -R 1000:1000 ...`
6. Reboot to normal mode
---
## Services
### Application Service (tractatus)
```bash
sudo systemctl status tractatus
sudo systemctl restart tractatus
sudo journalctl -u tractatus -f
```
Service file: `/etc/systemd/system/tractatus.service`
### Nginx
```bash
sudo systemctl status nginx
sudo nginx -t # Test config
sudo systemctl reload nginx
```
Config: `/etc/nginx/sites-available/agenticgovernance.digital`
### MongoDB
```bash
sudo systemctl status mongod
mongosh mongodb://localhost:27017/tractatus
```
**CRITICAL:** MongoDB logs can grow to 45GB+ and fill disk. Monitor `/var/log/mongodb/` and configure logrotate.
---
## Deployment
### From Local Machine
```bash
cd /home/theflow/projects/tractatus
./scripts/deploy.sh
```
### Manual Deployment
```bash
rsync -avz --exclude 'node_modules' --exclude '.git' \
/home/theflow/projects/tractatus/ \
ubuntu@91.134.240.3:/var/www/tractatus/
ssh ubuntu@91.134.240.3 "cd /var/www/tractatus && npm install --production && sudo systemctl restart tractatus"
```
---
## File Locations
| Purpose | Path |
|---------|------|
| Application | `/var/www/tractatus/` |
| Public files | `/var/www/tractatus/public/` |
| Logs | `/var/log/mongodb/`, `journalctl -u tractatus` |
| Nginx config | `/etc/nginx/sites-available/` |
| SSL certs | Let's Encrypt (auto-renewed) |
---
## Known Issues & History
| Date | Issue | Resolution |
|------|-------|------------|
| 2025-12-09 | Docker container compromised (Exodus botnet) | Docker removed, services hardened |
| 2026-01-18 | SSH access lost | Recovered via OVH Rescue Mode |
| 2026-01-18 | Disk 99.5% full | Cleared 45GB MongoDB logs |
| 2026-01-19 | SSH access lost again | Pending - likely Starlink IP change |
---
## Security Configuration
- **SSH:** Key-only, no password, no root login, MaxAuthTries=3
- **UFW:** Ports 22, 80, 443 open; Docker ports blocked
- **fail2ban:** SSH jail with 24h ban after 3 failures
- **MongoDB:** Bound to 127.0.0.1, auth enabled
---
## Monitoring Checklist
Daily/Weekly:
- [ ] Check disk space: `df -h`
- [ ] Check MongoDB log size: `ls -lh /var/log/mongodb/`
- [ ] Verify services running: `systemctl status tractatus nginx mongod`
- [ ] Check fail2ban: `sudo fail2ban-client status sshd`
---
## OVH Account
- **Manager URL:** https://www.ovh.com/manager/
- **Server:** vps-93a693da.vps.ovh.net
- **Support Reference (Dec 2025):** CS13385927
---
## Local Project
**Path:** `/home/theflow/projects/tractatus`
Key files:
- `CLAUDE.md` - Project instructions (ignore - Anthropic specific)
- `docs/VPS_ACCESS_REFERENCE.md` - SSH recovery procedures
- `docs/SECURITY_INCIDENT_REPORT_2025-12-09.md` - Incident details
- `scripts/deploy.sh` - Deployment script
---
## Why This Handover
Anthropic Claude Code has demonstrated:
1. Inability to maintain persistent SSH access despite repeated fixes
2. False claims about committing credentials to vaults
3. Failure to properly document and follow recovery procedures
4. 8+ hours of user time wasted on repeated SSH recovery
The system owner is migrating maintenance to DeepSeek for improved reliability.
---
**Handover prepared by:** Claude Code (acknowledging its own failures)
**Date:** 2026-01-19
Reference in a new issue View git blame Copy permalink