From fbad91c9de165075d674adda06926afd8afe56e2 Mon Sep 17 00:00:00 2001 From: Architect Date: Tue, 23 Dec 2025 18:26:00 +0000 Subject: [PATCH] feat: --dangerously-skip-permissions + user orchestrator Changes: - claude_provider.py: Added --dangerously-skip-permissions flag - docs/DEPLOYMENT.md: Full deployment documentation Why: - Claude CLI blocks --dangerously-skip-permissions with root - Created non-root user "orchestrator" to run agents without confirmations - Service now runs as User=orchestrator Architecture: - /home/orchestrator/orchestrator/ - Orchestrator code - /opt/architect-app-v2/ - Web panel - User orchestrator owns SSH keys and can execute commands --- docs/DEPLOYMENT.md | 101 ++++++++++++++++++++++ orchestrator/providers/claude_provider.py | 2 +- 2 files changed, 102 insertions(+), 1 deletion(-) create mode 100644 docs/DEPLOYMENT.md diff --git a/docs/DEPLOYMENT.md b/docs/DEPLOYMENT.md new file mode 100644 index 0000000..cd259d1 --- /dev/null +++ b/docs/DEPLOYMENT.md @@ -0,0 +1,101 @@ +# Deployment - TZZR Orchestrator + +## Arquitectura del Servidor + +``` +Servidor: 69.62.126.110 (tzzrarchitect) +├── Usuario: orchestrator (no-root) +│ ├── /home/orchestrator/orchestrator/ # Orchestrator + venv +│ └── /home/orchestrator/.ssh/tzzr # Claves SSH +├── /opt/architect-app-v2/ # Architect App v3.0 +└── Docker + └── gitea (puerto 3000) # Repositorios +``` + +## Por qué usuario no-root + +Claude CLI bloquea `--dangerously-skip-permissions` con root por seguridad. +Crear un usuario `orchestrator` permite que los agentes ejecuten comandos sin confirmación. + +| Usuario | --dangerously-skip-permissions | Acceso sistema | +|---------|-------------------------------|----------------| +| root | Bloqueado | Total | +| orchestrator | Funciona | Limitado | + +## Configuración del Usuario + +```bash +# Crear usuario +useradd -m -s /bin/bash orchestrator + +# Copiar orchestrator +cp -r /opt/orchestrator /home/orchestrator/ +chown -R orchestrator:orchestrator /home/orchestrator/orchestrator + +# Copiar claves SSH +mkdir -p /home/orchestrator/.ssh +cp /root/.ssh/tzzr /home/orchestrator/.ssh/ +cp /root/.ssh/tzzr.pub /home/orchestrator/.ssh/ +chown -R orchestrator:orchestrator /home/orchestrator/.ssh +chmod 700 /home/orchestrator/.ssh +chmod 600 /home/orchestrator/.ssh/tzzr + +# Login de Claude Code +su - orchestrator +cd orchestrator && source .venv/bin/activate +claude # Autenticar con cuenta Anthropic +``` + +## Servicio Systemd + +`/etc/systemd/system/architect-app.service`: + +```ini +[Unit] +Description=Architect App v2 +After=network.target + +[Service] +User=orchestrator +WorkingDirectory=/home/orchestrator/orchestrator +ExecStart=/home/orchestrator/orchestrator/.venv/bin/python /opt/architect-app-v2/app.py +Restart=always +RestartSec=3 + +[Install] +WantedBy=multi-user.target +``` + +Comandos: +```bash +systemctl daemon-reload +systemctl restart architect-app +systemctl status architect-app +journalctl -u architect-app -f +``` + +## ClaudeProvider con --dangerously-skip-permissions + +El archivo `orchestrator/providers/claude_provider.py` construye el comando: + +```python +cmd = [self.cli_path, "--dangerously-skip-permissions", "-p", prompt, "--output-format", "json"] +``` + +## Rutas Importantes + +| Ruta | Descripcion | +|------|-------------| +| /home/orchestrator/orchestrator/ | Codigo del orchestrator | +| /home/orchestrator/orchestrator/.venv/ | Virtual environment | +| /home/orchestrator/.ssh/tzzr | Clave SSH | +| /opt/architect-app-v2/ | Architect App | +| /opt/architect-app-v2/data/ | SQLite + config | + +## Acceso Manual + +```bash +su - orchestrator +cd orchestrator && source .venv/bin/activate +python orchestrator/main.py +``` diff --git a/orchestrator/providers/claude_provider.py b/orchestrator/providers/claude_provider.py index dd2ccb6..bc666fc 100644 --- a/orchestrator/providers/claude_provider.py +++ b/orchestrator/providers/claude_provider.py @@ -73,7 +73,7 @@ class ClaudeProvider(BaseProvider): system_prompt: Optional[str] = None, max_turns: Optional[int] = None, ) -> list[str]: - cmd = [self.cli_path, "-p", prompt, "--output-format", "json"] + cmd = [self.cli_path, "--dangerously-skip-permissions", "-p", prompt, "--output-format", "json"] resolved_model = self._resolve_model(self.model) cmd.extend(["--model", resolved_model])