diff --git a/docs/DEPLOYMENT.md b/docs/DEPLOYMENT.md new file mode 100644 index 0000000..cd259d1 --- /dev/null +++ b/docs/DEPLOYMENT.md @@ -0,0 +1,101 @@ +# Deployment - TZZR Orchestrator + +## Arquitectura del Servidor + +``` +Servidor: 69.62.126.110 (tzzrarchitect) +├── Usuario: orchestrator (no-root) +│ ├── /home/orchestrator/orchestrator/ # Orchestrator + venv +│ └── /home/orchestrator/.ssh/tzzr # Claves SSH +├── /opt/architect-app-v2/ # Architect App v3.0 +└── Docker + └── gitea (puerto 3000) # Repositorios +``` + +## Por qué usuario no-root + +Claude CLI bloquea `--dangerously-skip-permissions` con root por seguridad. +Crear un usuario `orchestrator` permite que los agentes ejecuten comandos sin confirmación. + +| Usuario | --dangerously-skip-permissions | Acceso sistema | +|---------|-------------------------------|----------------| +| root | Bloqueado | Total | +| orchestrator | Funciona | Limitado | + +## Configuración del Usuario + +```bash +# Crear usuario +useradd -m -s /bin/bash orchestrator + +# Copiar orchestrator +cp -r /opt/orchestrator /home/orchestrator/ +chown -R orchestrator:orchestrator /home/orchestrator/orchestrator + +# Copiar claves SSH +mkdir -p /home/orchestrator/.ssh +cp /root/.ssh/tzzr /home/orchestrator/.ssh/ +cp /root/.ssh/tzzr.pub /home/orchestrator/.ssh/ +chown -R orchestrator:orchestrator /home/orchestrator/.ssh +chmod 700 /home/orchestrator/.ssh +chmod 600 /home/orchestrator/.ssh/tzzr + +# Login de Claude Code +su - orchestrator +cd orchestrator && source .venv/bin/activate +claude # Autenticar con cuenta Anthropic +``` + +## Servicio Systemd + +`/etc/systemd/system/architect-app.service`: + +```ini +[Unit] +Description=Architect App v2 +After=network.target + +[Service] +User=orchestrator +WorkingDirectory=/home/orchestrator/orchestrator +ExecStart=/home/orchestrator/orchestrator/.venv/bin/python /opt/architect-app-v2/app.py +Restart=always +RestartSec=3 + +[Install] +WantedBy=multi-user.target +``` + +Comandos: +```bash +systemctl daemon-reload +systemctl restart architect-app +systemctl status architect-app +journalctl -u architect-app -f +``` + +## ClaudeProvider con --dangerously-skip-permissions + +El archivo `orchestrator/providers/claude_provider.py` construye el comando: + +```python +cmd = [self.cli_path, "--dangerously-skip-permissions", "-p", prompt, "--output-format", "json"] +``` + +## Rutas Importantes + +| Ruta | Descripcion | +|------|-------------| +| /home/orchestrator/orchestrator/ | Codigo del orchestrator | +| /home/orchestrator/orchestrator/.venv/ | Virtual environment | +| /home/orchestrator/.ssh/tzzr | Clave SSH | +| /opt/architect-app-v2/ | Architect App | +| /opt/architect-app-v2/data/ | SQLite + config | + +## Acceso Manual + +```bash +su - orchestrator +cd orchestrator && source .venv/bin/activate +python orchestrator/main.py +``` diff --git a/orchestrator/providers/claude_provider.py b/orchestrator/providers/claude_provider.py index dd2ccb6..bc666fc 100644 --- a/orchestrator/providers/claude_provider.py +++ b/orchestrator/providers/claude_provider.py @@ -73,7 +73,7 @@ class ClaudeProvider(BaseProvider): system_prompt: Optional[str] = None, max_turns: Optional[int] = None, ) -> list[str]: - cmd = [self.cli_path, "-p", prompt, "--output-format", "json"] + cmd = [self.cli_path, "--dangerously-skip-permissions", "-p", prompt, "--output-format", "json"] resolved_model = self._resolve_model(self.model) cmd.extend(["--model", resolved_model])