diff --git a/Agent.md b/Agent.md new file mode 100644 index 0000000..08d7d29 --- /dev/null +++ b/Agent.md @@ -0,0 +1,102 @@ +# agent.md — EdgeGuard Native: Agent-Factory Pipeline + +> Dieses Dokument beschreibt wie das Projekt über den Architect Center Orchestrator mit spezialisierten Agenten aufgebaut wird. Jeder Agent hat einen klar abgegrenzten Scope und kann parallel zu anderen arbeiten. + +--- + +## Idee + +Der Architect Center Orchestrator dispatcht mehrere Claude Code Agenten, jeder spezialisiert auf eine Schicht des Projekts. Alle Agenten haben Zugriff auf: +- **RAG (Qdrant):** Code-Index von mail-gateway (project_id=6) und netcell-webpanel (project_id=5) als Referenz +- **MCP-Server `architect`:** ac_search_code, ac_send_instruction, ac_read_file +- **Session:** eigene tmux-Session pro Agent (EdgeGuardNative-1 … N) + +--- + +## Agent-Rollen + +| Agent | Scope | Referenz-Projekt | +|-------|-------|-----------------| +| **DB-Architect** | Datenbankschema, goose-Migrations, GORM-Models | mail-gateway models/ | +| **API-Engineer** | Gin-Router, alle Handler, Middleware (Auth/JWT/RBAC) | mail-gateway handlers/ | +| **Config-Generator** | HAProxy, Angie, Squid, WireGuard, nftables Templates + Renderer | mail-gateway config/ | +| **Cluster-Engineer** | KeyDB AA, PG Streaming Replication, Join/Promote, Write-Proxy | mail-gateway cluster/ | +| **Scheduler-Engineer** | ACME-Renewal, Backup, Health-Aggregation, License-Heartbeat | mail-gateway scheduler | +| **CLI-Engineer** | edgeguard-ctl: initdb, migrate, cluster-join, promote, dump-config | mail-gateway cmd/nmg-ctl/ | +| **Frontend-Engineer** | React 19 + AntD 6 UI (1:1 enconf-Pattern), alle Seiten v1 | netcell-webpanel management-ui/ | +| **Packaging-Engineer** | .deb-Pakete (dpkg-deb), postinst, systemd-Units, APT-Repo | mail-gateway packaging/ | +| **Bootstrap-Engineer** | install.sh Onliner, Cluster-Join-Script | netcell-webpanel install.sh | + +--- + +## Abhängigkeiten (Build-Order) + +``` +Phase 1 (parallel): + DB-Architect → migrations/ + internal/models/ + Packaging-Engineer → packaging/debian/ + deploy/systemd/ + +Phase 2 (parallel, braucht Phase 1): + API-Engineer → internal/handlers/ + cmd/edgeguard-api/ + Config-Generator → internal/{haproxy,angie,squid,wireguard,firewall}/ + CLI-Engineer → internal/services/ + cmd/edgeguard-ctl/ + +Phase 3 (parallel, braucht Phase 2): + Cluster-Engineer → internal/{cluster,proxy,aggregator,license}/ + Scheduler-Engineer → cmd/edgeguard-scheduler/ + Frontend-Engineer → management-ui/ + +Phase 4 (braucht Phase 3): + Bootstrap-Engineer → scripts/install.sh, scripts/apt-repo/ + Integration-Tests → make test + make deb +``` + +--- + +## Orchestrator-Prompt-Template + +``` +Du bist der -Agent für EdgeGuard Native (project_id=8, session=EdgeGuardNative-). + +Deine Aufgabe: + +Pflicht vor jeder Implementierung: +1. ac_search_code(query="", project_id=, limit=6) — Pattern aus Referenz lesen +2. Erst dann implementieren, NIEMALS raten + +Referenz-Projekte: mail-gateway (id=6) für Backend-Patterns, netcell-webpanel (id=5) für UI/Bootstrap. + +Arbeite in /var/www/edgeguard-native/. +Nach jedem Abschnitt: make test (Backend) oder npx tsc --noEmit (Frontend). +``` + +--- + +## RAG-Collections (Qdrant auf Architect Center Server) + +| Collection | Inhalt | Wird genutzt von | +|-----------|--------|-----------------| +| `project_mail_gateway` | mail-gateway Code-Index | DB-, API-, Config-, Cluster-, Scheduler-, CLI-Agent | +| `project_netcell_webpanel` | netcell-webpanel Code-Index | Frontend-, Bootstrap-Agent | +| `project_edgeguard_native` | edgeguard-native eigener Index (live, wird gefüllt) | alle Agenten ab Phase 2 | + +**Code-Indexer starten:** +```bash +# Auf Architect Center Server +python3 /var/www/architect-center/scripts/code_indexer.py --project-id 8 +``` + +--- + +## Start-Befehl (via Architect Center Orchestrator) + +1. Architect Center UI → Orchestrator → Neue Pipeline +2. Template: `edgeguard-native-v1` +3. Phase 1 starten → bei Completion Phase 2, etc. + +Oder manuell per Session: +```bash +tmux new-session -d -s EdgeGuardNative-2 -c /var/www/edgeguard-native +# Claude Code in Session starten: +tmux send-keys -t EdgeGuardNative-2 'ARCHITECT_SESSION=EdgeGuardNative-2 ARCHITECT_PROJECT_ID=8 claude' Enter +``` diff --git a/VERSION b/VERSION index bde91a2..56d0dad 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.0.47 +1.0.48 diff --git a/cmd/edgeguard-api/main.go b/cmd/edgeguard-api/main.go index 03b66f4..3fbba8c 100644 --- a/cmd/edgeguard-api/main.go +++ b/cmd/edgeguard-api/main.go @@ -47,7 +47,7 @@ import ( wgsvc "git.netcell-it.de/projekte/edgeguard-native/internal/services/wireguard" ) -var version = "1.0.47" +var version = "1.0.48" func main() { addr := os.Getenv("EDGEGUARD_API_ADDR") diff --git a/cmd/edgeguard-ctl/main.go b/cmd/edgeguard-ctl/main.go index 52f5f11..4fdee7b 100644 --- a/cmd/edgeguard-ctl/main.go +++ b/cmd/edgeguard-ctl/main.go @@ -9,7 +9,7 @@ import ( "os" ) -var version = "1.0.47" +var version = "1.0.48" const usage = `edgeguard-ctl — EdgeGuard CLI diff --git a/cmd/edgeguard-scheduler/main.go b/cmd/edgeguard-scheduler/main.go index 7a75813..a934527 100644 --- a/cmd/edgeguard-scheduler/main.go +++ b/cmd/edgeguard-scheduler/main.go @@ -24,7 +24,7 @@ import ( "git.netcell-it.de/projekte/edgeguard-native/internal/services/tlscerts" ) -var version = "1.0.47" +var version = "1.0.48" const ( // renewTickInterval — how often we re-evaluate expiring certs. diff --git a/internal/handlers/system.go b/internal/handlers/system.go index e60fe42..4c6f0f8 100644 --- a/internal/handlers/system.go +++ b/internal/handlers/system.go @@ -213,7 +213,10 @@ func (h *SystemHandler) Health(c *gin.Context) { // fails — we'd still return the cached candidate). Then `apt-cache // policy` is parsed for each package. func (h *SystemHandler) PackageVersions(c *gin.Context) { - _ = exec.Command("apt-get", "update", "-qq").Run() + // API läuft als edgeguard-User; ohne sudo schreibt apt-get update + // nicht in /var/lib/apt/lists und der candidate bleibt veraltet. + // Sudoers-Eintrag in postinst whitelisted exakt diese Zeile. + _ = exec.Command("sudo", "-n", "/usr/bin/apt-get", "update", "-qq").Run() out := map[string]string{} for _, pkg := range []string{"edgeguard-api", "edgeguard-ui", "edgeguard"} { diff --git a/management-ui/src/components/Layout/Sidebar.tsx b/management-ui/src/components/Layout/Sidebar.tsx index 7bbe526..353195c 100644 --- a/management-ui/src/components/Layout/Sidebar.tsx +++ b/management-ui/src/components/Layout/Sidebar.tsx @@ -77,7 +77,7 @@ const NAV: NavSection[] = [ }, ] -const VERSION = '1.0.47' +const VERSION = '1.0.48' export default function Sidebar({ isOpen, onClose }: SidebarProps) { const { t } = useTranslation() diff --git a/packaging/debian/edgeguard-api/DEBIAN/postinst b/packaging/debian/edgeguard-api/DEBIAN/postinst index fe7a1d7..64d6a62 100755 --- a/packaging/debian/edgeguard-api/DEBIAN/postinst +++ b/packaging/debian/edgeguard-api/DEBIAN/postinst @@ -73,6 +73,8 @@ edgeguard ALL=(root) NOPASSWD: /usr/bin/systemctl reload chrony.service edgeguard ALL=(root) NOPASSWD: /bin/systemctl reload chrony.service edgeguard ALL=(root) NOPASSWD: /usr/bin/systemctl restart chrony.service edgeguard ALL=(root) NOPASSWD: /bin/systemctl restart chrony.service +edgeguard ALL=(root) NOPASSWD: /usr/bin/apt-get update -qq +edgeguard ALL=(root) NOPASSWD: /usr/bin/apt-get update SUDOERS # ── Distro-Conf-Includes für die per-Service Renderer ─────────