diff --git a/README.md b/README.md index cb77f20..b97dfd5 100644 --- a/README.md +++ b/README.md @@ -15,10 +15,9 @@ adapter-backed agent runtime, not a dependency of the frontend or domain model. - ASP.NET Core 10 REST API (Minimal API pattern) - Entity Framework Core and PostgreSQL - JWT owner authentication with rotating refresh sessions -- `IAgentRuntime` abstraction with an OpenClaw adapter -- `IModelProvider` abstractions for Ollama and NVIDIA +- `IAgentRuntime` abstraction with an OpenClaw adapter (Ollama and NVIDIA removed — OpenClaw-only) - Responsive dark-mode operations dashboard -- Container-only entry point on `127.0.0.1:18880` +- Traefik reverse-proxy with Let's Encrypt TLS on `nexus.noveria.net` ## Local/container start @@ -31,12 +30,11 @@ curl http://127.0.0.1:18880/health ``` On an empty database the API creates exactly one owner from `OWNER_EMAIL`, -`OWNER_PASSWORD` and `OWNER_DISPLAY_NAME`. The password must contain at least 14 +`OWNER_PASSWORD` and `OWNER_DISPLAY_NAME`. The password must contain at least 10 characters. Existing databases are never overwritten by the bootstrap process. -The web service is loopback-only. Public reverse-proxy activation for -`nexus.noveria.net` remains a separate infrastructure change and must terminate -TLS before forwarding to port `18880`. +The API is exposed via Traefik reverse-proxy with automatic Let's Encrypt TLS. +Health checks, rate limiting, and security headers are active. ## Workspace mounts @@ -45,12 +43,12 @@ and the config editor. These are mounted under `/mnt/workspace-{agentId}`: | Host path | Container mount | |---|---| -| `/opt/openclaw/data/openclaw/workspace-iris` | `/mnt/workspace-iris` | -| `/opt/openclaw/data/openclaw/workspace-programmer` | `/mnt/workspace-programmer` | -| `/opt/openclaw/data/openclaw/workspace-reviewer` | `/mnt/workspace-reviewer` | -| `/opt/openclaw/data/openclaw/workspace-architekt` | `/mnt/workspace-architekt` | -| `/opt/openclaw/data/openclaw/workspace-researcher` | `/mnt/workspace-researcher` | -| `/opt/openclaw/data/openclaw/workspace-executor` | `/mnt/workspace-executor` | +| `/home/projekte_bao/openclaw/data/openclaw/workspace-iris` | `/mnt/workspace-iris` | +| `/home/projekte_bao/openclaw/data/openclaw/workspace-programmer` | `/mnt/workspace-programmer` | +| `/home/projekte_bao/openclaw/data/openclaw/workspace-reviewer` | `/mnt/workspace-reviewer` | +| `/home/projekte_bao/openclaw/data/openclaw/workspace-architekt` | `/mnt/workspace-architekt` | +| `/home/projekte_bao/openclaw/data/openclaw/workspace-researcher` | `/mnt/workspace-researcher` | +| `/home/projekte_bao/openclaw/data/openclaw/workspace-executor` | `/mnt/workspace-executor` | ## Frontend architecture @@ -283,11 +281,16 @@ Backlog → Blocked → In progress / Done provider key. Conversation IDs are stable per browser and Iris is the default agent target. -The configured model-routing policy is: +The configured model-routing policy routes through the OpenClaw Gateway only. +Ollama and NVIDIA providers have been removed. Currently active models: -1. `qwen3:4b` through Ollama for routine and monitoring work -2. `moonshotai/kimi-k2.6` through NVIDIA for primary work -3. `gpt-5.5` through OpenClaw for strategic and critical review +| Agent | Model | +|-------|-------| +| Iris | `openai/gpt-5.4` | +| Programmer, Executor | `deepseek/deepseek-v4-flash` | +| Reviewer, Architekt, Researcher | `deepseek/deepseek-v4-pro` | + +Claude models (Sonnet 4.6, Opus 4.6/4.7/4.8) are available via `claude-cli` backend. The Settings module reports runtime and provider state without exposing credentials. @@ -316,7 +319,7 @@ Deployment can happen automatically or manually: #### Manual Deploy (`workflow_dispatch`) -1. DevOps triggers `Deploy to Production` in Gitea Actions +1. DevOps triggers `Deploy to Production` in Gitea Actions (or Iris auto-approves) 2. Chooses version bump type: patch (default) / minor / major 3. Optionally scopes to a single service or specific git ref 4. Workflow bumps VERSION, creates git tag, builds and deploys @@ -332,7 +335,7 @@ Deployment can happen automatically or manually: #### Database Backup (`workflow_dispatch`) 1. DevOps triggers `Database Backup` in Gitea Actions -2. Optionally also copies backup to a host path (`/opt/openclaw/backups`) +2. Optionally also copies backup to a host path (`/home/projekte_bao/backups`) 3. Workflow dumps PostgreSQL via `pg_dumpall`, gzips, and uploads as a Gitea artifact 4. Artifacts are retained for 90 days (configurable) 5. Optional nightly schedule (uncomment the cron trigger in `backup.yaml`)