`npm ci --omit=dev` voor `npx tsc` faalde omdat TypeScript in
devDependencies zit. npx probeerde de typo-squatter `tsc@2.0.4` te
installeren. Nu: volledige install → tsc → prune --omit=dev voor
slanke runtime.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Adds pg_dump_ops_db, list_ops_backups, and cleanup_ops_backups to the
agent command whitelist. Includes a backup_ops_db flow YAML (dump +
30-day retention), and a systemd service/timer for daily automated
backups at 02:00.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
/etc/sudoers.d/ops-agent grants NOPASSWD to ops-agent for the exact
systemctl restart invocations whitelisted in commands.yml.
setup.sh installs and validates it via visudo -c.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- ops-agent/src/auth.ts: constant-time compare via timingSafeEqual to prevent timing attacks; store secret as Buffer
- ops-agent/src/index.ts + ops-agent.service: bind on 127.0.0.1:3099 (was 4242, per plan)
- app/api/agent/[...path]/route.ts: Next.js proxy route that verifies ops_session cookie then forwards requests to agent with Authorization: Bearer <secret>
- .env.example + deploy/ops-dashboard.env.example: add OPS_AGENT_SECRET and OPS_AGENT_URL
- README.md: rotation procedure for the shared secret
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Multi-stage Dockerfile (deps → builder → runner) met next standalone output
- .dockerignore zodat node_modules en .next niet mee worden gebundeld
- next.config.ts: output standalone ingeschakeld voor minimale image
- deploy/docker-compose.ops-dashboard.yml: service-fragment voor /srv/scrum4me/compose
- deploy/caddy/Caddyfile.ops-dashboard: reverse_proxy block voor Caddy
- deploy/ops-dashboard.env.example: env-template voor /srv/ops/ops-dashboard.env
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
