feat: initial commit for backup

nexus-vector/probe.sh

@@ -0,0 +1,31 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+echo "== MTAD Nexus-Vector Probe =="
+
+if [ -d /opt/onboarding ]; then
+  echo "-- /opt/onboarding file list --"
+  ls -la /opt/onboarding || true
+  echo
+  for f in /opt/onboarding/*; do
+    [ -f "$f" ] || continue
+    echo "-- CONTENT: $f --"
+    # Show first and last 100 lines to avoid dumping secrets verbatim; adjust if safe
+    echo "(head)"; head -n 100 "$f" || true
+    echo "(tail)"; tail -n 100 "$f" || true
+    echo
+  done
+else
+  echo "No /opt/onboarding directory found." >&2
+fi
+
+echo "-- System summary --"
+command -v kubectl >/dev/null 2>&1 && kubectl version --short || echo "kubectl not found"
+command -v helm >/dev/null 2>&1 && helm version --short || echo "helm not found"
+command -v docker >/dev/null 2>&1 && docker --version || echo "docker not found"
+
+echo "-- Env hints (redacted) --"
+env | grep -E "(POSTGRES|PG_|REDIS|S3|MINIO|AWS_|OIDC|OKTA|AUTH|KAFKA|NATS|VAULT|OTEL)" || true
+
+echo "== End Probe =="
+

push-deploy.sh

@@ -0,0 +1,46 @@
+#!/usr/bin/env bash
+# Push local changes to the remote and deploy on the nexus-vector host.
+# Usage:
+#   ./scripts/push-deploy.sh          # push current branch and deploy
+#   DRY_RUN=1 ./scripts/push-deploy.sh  # show commands without executing
+#
+# Environment overrides:
+#   REMOTE=origin
+#   BRANCH=<current git branch>
+#   DEPLOY_HOST=nexus-vector
+#   DEPLOY_USER=root
+#   DEPLOY_PATH=/root/ANTIGRAVITY/honkingversion
+
+set -euo pipefail
+
+REMOTE="${REMOTE:-origin}"
+BRANCH="${BRANCH:-$(git rev-parse --abbrev-ref HEAD)}"
+DEPLOY_HOST="${DEPLOY_HOST:-nexus-vector}"
+DEPLOY_USER="${DEPLOY_USER:-root}"
+DEPLOY_PATH="${DEPLOY_PATH:-/root/ANTIGRAVITY/honkingversion}"
+SSH_TARGET="${DEPLOY_USER}@${DEPLOY_HOST}"
+DRY_RUN="${DRY_RUN:-0}"
+
+info() { echo "[$(date +%H:%M:%S)] $*"; }
+run() {
+  if [ "$DRY_RUN" != "0" ]; then
+    echo "DRY RUN: $*"
+  else
+    eval "$@"
+  fi
+}
+
+# Require clean working tree when actually deploying to avoid pushing unintended files.
+if [ "$DRY_RUN" = "0" ] && [ -n "$(git status --porcelain)" ]; then
+  git status --short
+  echo "❌ Working tree is dirty. Commit or stash changes before deploying."
+  exit 1
+fi
+
+info "Pushing branch '$BRANCH' to '$REMOTE'..."
+run "git push ${REMOTE} ${BRANCH}"
+
+info "Deploying on ${SSH_TARGET}:${DEPLOY_PATH}..."
+run "ssh ${SSH_TARGET} 'set -euo pipefail; cd ${DEPLOY_PATH} && git fetch ${REMOTE} ${BRANCH} && git checkout ${BRANCH} && git pull --ff-only ${REMOTE} ${BRANCH} && docker compose down && docker compose pull && docker compose up -d --build && docker compose ps'"
+
+info "✅ Deploy complete."

seed-changelog.py

@@ -0,0 +1,70 @@
+#!/usr/bin/env python3
+"""
+Seed the changelog with a few recent updates for local/dev databases.
+Skips seeding if rows already exist.
+"""
+import sqlite3
+from pathlib import Path
+
+
+ROOT = Path(__file__).resolve().parent.parent
+DB_PATH = ROOT / "database.db"
+
+ENTRIES = [
+    {
+        "title": "Settings Phase 3 shipped",
+        "description": "Added security, OAuth connections, and data export/delete flows to settings.",
+        "type": "feature",
+        "date": "2025-01-10T12:00:00Z",
+    },
+    {
+        "title": "2FA input fixes",
+        "description": "Relaxed type validation on two-factor code entry to prevent blocked sign-ins.",
+        "type": "fix",
+        "date": "2025-01-08T18:00:00Z",
+    },
+    {
+        "title": "Settings utilities refactor",
+        "description": "Extracted shared settings helpers to reduce duplication across panels.",
+        "type": "improvement",
+        "date": "2025-01-05T15:30:00Z",
+    },
+]
+
+
+def main() -> None:
+    if not DB_PATH.exists():
+        raise SystemExit(f"database not found at {DB_PATH}")
+
+    conn = sqlite3.connect(DB_PATH)
+    conn.row_factory = sqlite3.Row
+
+    with conn:
+        count = conn.execute("SELECT COUNT(*) FROM changelogentry").fetchone()[0]
+        if count:
+            print(f"changelogentry already has {count} row(s); skipping seed.")
+            return
+
+        rows = [
+            (
+                entry["title"],
+                entry["description"],
+                entry["date"],
+                entry["type"],
+                None,  # credited_user_id
+            )
+            for entry in ENTRIES
+        ]
+
+        conn.executemany(
+            """
+            INSERT INTO changelogentry (title, description, date, type, credited_user_id)
+            VALUES (?, ?, ?, ?, ?)
+            """,
+            rows,
+        )
+        print(f"Seeded {len(rows)} changelog entries into {DB_PATH}")
+
+
+if __name__ == "__main__":
+    main()

update-ssh-keys.sh

@@ -0,0 +1,30 @@
+#!/bin/bash
+
+# This script updates the authorized_keys file with the keys from the ssh-keys repository.
+# It assumes that the ssh-keys repository is available on the local machine at the path defined in SSH_KEYS_DIR.
+
+# The directory where the ssh-keys repository is located.
+# TODO: Update this path to the actual location of the ssh-keys repository on the server.
+SSH_KEYS_DIR="/Users/ten/ssh-keys"
+
+# The authorized_keys file to update.
+AUTHORIZED_KEYS_FILE="$HOME/.ssh/authorized_keys"
+
+# The directory containing the public keys.
+KEYS_DIR="$SSH_KEYS_DIR/keys"
+
+# Ensure the .ssh directory exists.
+mkdir -p "$(dirname "$AUTHORIZED_KEYS_FILE")"
+
+# Start with a clean authorized_keys file.
+> "$AUTHORIZED_KEYS_FILE"
+
+# Concatenate all public keys into the authorized_keys file.
+for key_file in "$KEYS_DIR"/*.pub; do
+  if [ -f "$key_file" ]; then
+    cat "$key_file" >> "$AUTHORIZED_KEYS_FILE"
+    echo "" >> "$AUTHORIZED_KEYS_FILE" # Add a newline after each key
+  fi
+done
+
+echo "SSH keys updated successfully."