hailin
/
it0
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
30 Commits 1 Branch 0 Tags 7.8 MiB
Commit Graph

9 Commits

Author SHA1 Message Date
hailin c75ad27771 feat: add Claude Agent SDK engine with multi-tenant support 
Add @anthropic-ai/claude-agent-sdk as a third engine (pure additive, no changes
to existing CLI/API engines). Includes full frontend admin page.

Backend (agent-service):
- ClaudeAgentSdkEngine: implements AgentEnginePort using SDK's query() API
- ApprovalGate: L2 tool approval with configurable auto-approve timeout (default 120s)
- TenantAgentConfig entity: per-tenant billing mode, encrypted API key, timeout, tool lists
- AllowedToolsResolverService: RBAC-based tool whitelist (admin/operator/viewer)
- TenantAgentConfigController: REST endpoints for admin config management
- Default subscription billing (operator's Claude login, no API key needed)
- Optional per-tenant API key with AES-256-GCM encryption

Frontend (web-admin):
- SDK Config page at /agent-config/sdk with billing, timeout, tool permissions
- Sidebar navigation entry under Agent Config
- React Query key for tenant SDK config

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-20 18:38:30 -08:00
hailin b620898bc8 fix: revert to node:18 (cached), enable crypto via NODE_OPTIONS 
Docker Hub is unreachable from server, so node:20 can't be pulled.
Reverting to node:18-alpine (already cached) and using
--experimental-global-webcrypto to enable globalThis.crypto.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-19 19:17:23 -08:00
hailin bbb288025a fix: upgrade to Node.js 20 for globalThis.crypto support 
crypto.randomUUID() is used throughout services but crypto is not
a global in Node.js 18. Node.js 20 provides globalThis.crypto.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-19 19:15:36 -08:00
hailin c0b4f77de5 fix: remove China mirrors, add build-essential for voice-service 
Server is on HK network, no need for China mirrors. Added
build-essential for compiling native Python packages (kokoro, etc).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-19 05:11:39 -08:00
hailin da01571c1b fix: remove COPY public from web-admin Dockerfile 
The public directory doesn't exist in the project, causing
Docker build to fail with "not found" error.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-19 05:03:53 -08:00
hailin b382e6e469 fix: add China registry mirrors for npm and pip in Dockerfiles 
web-admin npm ci was timing out on the server. Added npmmirror.com
for npm and tsinghua mirror for pip to resolve network issues.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-19 04:59:09 -08:00
hailin 9120f4927e fix: add Dockerfiles and fix docker-compose build configuration 
- Add shared Dockerfile.service for all 7 NestJS microservices using
  multi-stage build with pnpm workspace support
- Add Dockerfile for web-admin (Next.js standalone output)
- Add .dockerignore files for root and web-admin
- Fix docker-compose.yml: use monorepo root as build context with
  SERVICE_NAME build arg instead of per-service Dockerfiles
- Fix postgres/redis missing network config (services couldn't reach them)
- Use .env variables for DB credentials instead of hardcoded values
- Add JWT_REFRESH_SECRET and REDIS_URL to services that were missing them
- Add DB init script volume mount for postgres
- Remove deprecated version: '3.8' from all compose files
- Add output: 'standalone' to next.config.js for optimized Docker builds

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-19 04:31:23 -08:00
hailin e761b65b6e feat: add deployment scripts with SSL support for production 
Backend deploy script (deploy/docker/deploy.sh):
- install: auto-generate .env with secure secrets (JWT, DB passwords, vault keys)
- up/down/restart: manage all services (infra + app + gateway)
- build/build-no-cache: Docker image management
- status/health: health checks for all 9 services + infrastructure
- migrate: TypeORM migration commands (run/generate/revert/schema-sync)
- infra-*: standalone infrastructure management (PostgreSQL + Redis)
- voice-*: voice service with GPU support (docker-compose.voice.yml overlay)
- start-svc/stop-svc/rebuild-svc: individual service operations
- ssl-init: obtain Let's Encrypt certificates for both domains independently
- ssl-up/ssl-down: start/stop with Nginx SSL reverse proxy
- ssl-renew/ssl-status: certificate renewal and status checks

Web Admin deploy script (it0-web-admin/deploy.sh):
- build/start/stop/restart/logs/status/clean commands
- auto-generates Dockerfile (Next.js multi-stage standalone build)
- auto-generates docker-compose.yml
- configurable API domain (default: it0api.szaiai.com)

SSL / Nginx configuration:
- nginx.conf: reverse proxy for both domains with HTTP->HTTPS redirect
  - it0api.szaiai.com -> api-gateway:8000 (with WebSocket support)
  - it0.szaiai.com -> web-admin:3000 (with Next.js HMR support)
- nginx-init.conf: HTTP-only config for initial ACME challenge verification
- ssl-params.conf: TLS 1.2/1.3, HSTS, security headers (Mozilla Intermediate)
- docker-compose.ssl.yml: Nginx + Certbot overlay with auto-renewal (12h cycle)

Domain plan:
- https://it0api.szaiai.com — API endpoint (backend services)
- https://it0.szaiai.com — Web Admin dashboard (frontend)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-09 17:44:27 -08:00
hailin 00f8801d51 Initial commit: IT0 AI-powered server cluster operations platform 
Full-stack monorepo with DDD + Clean Architecture:
- Backend: 7 NestJS microservices + 5 shared libraries (TypeScript)
- Mobile: Flutter app with Riverpod (Dart)
- Web Admin: Next.js dashboard with Zustand + React Query
- Voice: Python voice service (STT/TTS/VAD)
- Infra: Docker Compose, K8s manifests, Turborepo build

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-08 22:54:37 -08:00