4459bd17e4
- scripts/03-dedup-entities.py: stop emitting placeholder narrative ("Stub. Will
be enriched in Phase 7"); write summary_status=none + null fields instead.
- scripts/maintain/41_strip_stubs.py: idempotent migration that cleaned the
22,096 entity .md files (now zero stub strings in wiki/).
- scripts/synthesize/01_anchor_events.py: curated 20 anchor UAP events
(Roswell, Nimitz Tic-Tac, Phoenix Lights, Operação Prato, AATIP, etc.) with
bilingual Holmes-Watson narrative via claude -p --model sonnet
(CLAUDE_CODE_OAUTH_TOKEN). All summary_status=curated, confidence=high.
- web/api/timeline + timeline-view: filter narrative-less events by default,
render "curado" badge for hand-vetted ones, drop the date display alone.
- CLAUDE-schema-full.md: document the summary_status enum and the four states.
- docker-compose.yml: SMTP_HOST=mail.spacemail.com configured;
GOTRUE_MAILER_AUTOCONFIRM flipped to false (real email confirmation working).
- .nirvana/outputs/.../systems-atelier/: 5 deliverables of the architecture
audit that produced this roadmap.
|
||
|---|---|---|
| .. | ||
| scripts | ||
| .env.example | ||
| .gitignore | ||
| docker-compose.yml | ||
| init-db.sql | ||
| kong.yml | ||
| README.md | ||
disclosure-stack — portable deployment
Single-folder deployment unit. Edit .env, run scripts, app deploys to the VPS.
When migrating to another VPS: change ONLY the VPS_ block in .env*, run ./scripts/gen-secrets.sh (regenerates per-VPS secrets), then ./scripts/deploy.sh. Done.
Layout
infra/disclosure-stack/
├── .env ← active config (gitignored, secrets in here)
├── .env.example ← template, safe to commit
├── docker-compose.yml ← TODO — supabase + next + meili + imgproxy
└── scripts/
├── _lib.sh ← shared SSH/rsync helpers
├── ssh.sh ← interactive SSH or one-shot remote command
├── status.sh ← VPS + stack health report
├── gen-secrets.sh ← rotate per-VPS secrets (JWT, Postgres, etc.)
├── sync-data.sh ← rsync wiki/processing/raw to VPS
├── deploy.sh ← upload + docker compose up
└── logs.sh ← tail logs of a service
Pre-reqs on your laptop
brew install hudochenkov/sshpass/sshpass # for password SSH (testing VPS)
For real production, generate an SSH key, copy it to the VPS, and switch VPS_AUTH=key in .env.
Daily ops
# Open shell on VPS
./scripts/ssh.sh
# One-shot command
./scripts/ssh.sh "docker ps"
# Full health report
./scripts/status.sh
# Tail Postgres logs
./scripts/logs.sh postgres
# Push fresh wiki data (after running the local pipeline)
./scripts/sync-data.sh
# Deploy stack changes
./scripts/deploy.sh
Migrating to a different VPS
- Edit
.env— changeVPS_HOST,VPS_PASSWORD(or switch toVPS_AUTH=key),VPS_DEPLOY_ROOTif needed. - Rotate secrets:
This regenerates./scripts/gen-secrets.shPOSTGRES_PASSWORD,JWT_SECRET,ANON_KEY,SERVICE_ROLE_KEY,DASHBOARD_PASSWORD, etc., and writes them back to.env. The old.envis backed up. - Sync data:
./scripts/sync-data.sh - Deploy:
./scripts/deploy.sh
That's it. The new VPS now hosts the full stack with fresh secrets, isolated from the old one.
What still needs to be built
The docker-compose.yml itself. Will include:
- Supabase Postgres + GoTrue + PostgREST + Storage + Kong + Studio + Realtime
- Next.js (built from this repo's
/webdir) - Meilisearch
- Imgproxy
- Caddy (TLS + reverse proxy on subdomains from
.env) - restic-cron for backups (if
BACKUP_ENABLED=true)
I'll generate that next.
Coexistence with existing VPS projects
On the testing VPS, 8 other Supabase-based stacks are already running (unimed-, irmed-, v2irmed-, top10-, cf-, nirvana-, plegal-*). This stack:
- Uses unique container names (
disclosure-*prefix) - Uses unique host ports (
PORT_*block in.env, all 18xxx) - Mounts its own data volumes under
/data/disclosure/ - Caddy on this stack only binds to
PORT_KONG_HTTP/HTTPSand friends — does NOT take 80/443
When you move to the dedicated 4cpu/16GB VPS, you can:
- Keep ports as-is (works)
- OR remap PORT_KONG_HTTP=80, PORT_KONG_HTTPS=443 since nothing else uses them
The stack is portable in both directions.