john/tractatus
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
tractatus/docs/DEEPSEEK_HANDOVER_BRIEF.md
TheFlow 008f0169a4 docs: Add VPS access reference and DeepSeek handover brief 
- VPS_ACCESS_REFERENCE.md: Complete SSH recovery procedures for OVH rescue mode
- DEEPSEEK_HANDOVER_BRIEF.md: System maintenance handover documentation

Addresses repeated SSH access failures and documents recovery procedures.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-19 11:03:00 +13:00

5.4 KiB
Raw Blame History

DeepSeek System Maintenance Handover Brief

Prepared: 2026-01-19 Target System: agenticgovernance.digital (Tractatus Framework website) Reason: Migration from Anthropic Claude Code due to reliability failures

System Overview

Component Details
Server OVHCloud VPS vps-93a693da.vps.ovh.net
IP Address 91.134.240.3
Domain agenticgovernance.digital
OS Ubuntu 22.04 LTS
Application Node.js Express (Tractatus Framework)
Database MongoDB (local, port 27017)
Web Server Nginx (reverse proxy)

SSH Access

Credentials

  • User: ubuntu
  • Authentication: SSH key only (password disabled)
  • Port: 22

Authorized Keys (must be in /home/ubuntu/.ssh/authorized_keys)

Primary key (theflow@the-flow):

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCZ8BH+Bx4uO9DTatRZ/YF5xveP/bTyiAWj+qTF7I+ugxgL9/ejSlW1tSn5Seo4XHoEPD5wZCaWig7m1LMezrRq8fDWHbeXkZltK01xhAPU0L0+OvVZMZacW6+vkNfKcNG9vrxV+K/VTPkT+00TRqlHbP8ZWj0OWd92XAoTroKVYMt4L9e7QeJOJmRmHI0uFaJ0Ufexr2gmZyYhgL2p7PP3oiAvM0xlnTwygl06c3iwXpHKWNydOYPSDs3MkVnDjptmWgKv/J+QXksarwEpA4Csc2dLnco+8KrtocUUcAunz6NJfypA0yNWWzf+/OeffkJ2Rueoe8t/lVffXdI7eVuFkmDufE7XMk9YAE/8+XVqok4OV0Q+bjpH8mKlBA3rNobnWs6obBVJD8/5aphE8NdCR4cgIeRSwieFhfzCl+GBZNvs4yuBdKvQQIfCRAKqTgbuc03XERAef6lJUuJrDjwzvvp1Nd8L7AqJoQS6kYGyxXPf/6nWTZtpxoobdGnJ2FZK6OIpAlsWx9LnybMGy19VfaR9JZSAkLdWxGPb6acNUb2xaaqyuXPo4sWpBM27n1HeKMv/7Oh4WL4zrAxDKfN38k1JsjJJVEABuN/pEOb7BCDnTMLKXlTunZgynAZJ/Dxn+zOAyfzaYSNBotlpYy1zj1AmzvS31L7LJy/aSBHuWw== theflow@the-flow

Deploy key (tractatus-deploy):

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPdJcKMabIVQRqKqNIpzxHNgxMZ8NOD+9gVCk6dY5uV0 tractatus-deploy

Key backup URL: https://paste.rs/nELRM

Known SSH Issues

  1. Starlink IP changes - User connects via Starlink which changes IP frequently
  2. fail2ban - May block IPs after failed attempts
  3. Host key changes - Server has been rebuilt/rescued multiple times

Recovery When SSH Fails

Use OVH Rescue Mode:

  1. OVH Manager → VPS → Reboot in rescue mode
  2. SSH as root with emailed password
  3. Mount disk: mount /dev/sdb1 /mnt/vps
  4. Add keys: cat key >> /mnt/vps/home/ubuntu/.ssh/authorized_keys
  5. Fix permissions: chmod 600 ... && chown -R 1000:1000 ...
  6. Reboot to normal mode

Services

Application Service (tractatus)

sudo systemctl status tractatus
sudo systemctl restart tractatus
sudo journalctl -u tractatus -f

Service file: /etc/systemd/system/tractatus.service

Nginx

sudo systemctl status nginx
sudo nginx -t  # Test config
sudo systemctl reload nginx

Config: /etc/nginx/sites-available/agenticgovernance.digital

MongoDB

sudo systemctl status mongod
mongosh mongodb://localhost:27017/tractatus

CRITICAL: MongoDB logs can grow to 45GB+ and fill disk. Monitor /var/log/mongodb/ and configure logrotate.

Deployment

From Local Machine

cd /home/theflow/projects/tractatus
./scripts/deploy.sh

Manual Deployment

rsync -avz --exclude 'node_modules' --exclude '.git' \
  /home/theflow/projects/tractatus/ \
  ubuntu@91.134.240.3:/var/www/tractatus/

ssh ubuntu@91.134.240.3 "cd /var/www/tractatus && npm install --production && sudo systemctl restart tractatus"

File Locations

Purpose Path
Application /var/www/tractatus/
Public files /var/www/tractatus/public/
Logs /var/log/mongodb/, journalctl -u tractatus
Nginx config /etc/nginx/sites-available/
SSL certs Let's Encrypt (auto-renewed)

Known Issues & History

Date Issue Resolution
2025-12-09 Docker container compromised (Exodus botnet) Docker removed, services hardened
2026-01-18 SSH access lost Recovered via OVH Rescue Mode
2026-01-18 Disk 99.5% full Cleared 45GB MongoDB logs
2026-01-19 SSH access lost again Pending - likely Starlink IP change

Security Configuration

  • SSH: Key-only, no password, no root login, MaxAuthTries=3
  • UFW: Ports 22, 80, 443 open; Docker ports blocked
  • fail2ban: SSH jail with 24h ban after 3 failures
  • MongoDB: Bound to 127.0.0.1, auth enabled

Monitoring Checklist

Daily/Weekly:

  • Check disk space: df -h
  • Check MongoDB log size: ls -lh /var/log/mongodb/
  • Verify services running: systemctl status tractatus nginx mongod
  • Check fail2ban: sudo fail2ban-client status sshd

OVH Account

Local Project

Path: /home/theflow/projects/tractatus

Key files:

  • CLAUDE.md - Project instructions (ignore - Anthropic specific)
  • docs/VPS_ACCESS_REFERENCE.md - SSH recovery procedures
  • docs/SECURITY_INCIDENT_REPORT_2025-12-09.md - Incident details
  • scripts/deploy.sh - Deployment script

Why This Handover

Anthropic Claude Code has demonstrated:

  1. Inability to maintain persistent SSH access despite repeated fixes
  2. False claims about committing credentials to vaults
  3. Failure to properly document and follow recovery procedures
  4. 8+ hours of user time wasted on repeated SSH recovery

The system owner is migrating maintenance to DeepSeek for improved reliability.

Handover prepared by: Claude Code (acknowledging its own failures) Date: 2026-01-19