# Deployment - TZZR Orchestrator

## Arquitectura del Servidor

```
Servidor: 69.62.126.110 (tzzrarchitect)
├── Usuario: orchestrator (no-root)
│   ├── /home/orchestrator/orchestrator/  # Orchestrator + venv
│   └── /home/orchestrator/.ssh/tzzr      # Claves SSH
├── /opt/architect-app-v2/                # Architect App v3.0
└── Docker
    └── gitea (puerto 3000)               # Repositorios
```

## Por qué usuario no-root

Claude CLI bloquea `--dangerously-skip-permissions` con root por seguridad.
Crear un usuario `orchestrator` permite que los agentes ejecuten comandos sin confirmación.

| Usuario | --dangerously-skip-permissions | Acceso sistema |
|---------|-------------------------------|----------------|
| root | Bloqueado | Total |
| orchestrator | Funciona | Limitado |

## Configuración del Usuario

```bash
# Crear usuario
useradd -m -s /bin/bash orchestrator

# Copiar orchestrator
cp -r /opt/orchestrator /home/orchestrator/
chown -R orchestrator:orchestrator /home/orchestrator/orchestrator

# Copiar claves SSH
mkdir -p /home/orchestrator/.ssh
cp /root/.ssh/tzzr /home/orchestrator/.ssh/
cp /root/.ssh/tzzr.pub /home/orchestrator/.ssh/
chown -R orchestrator:orchestrator /home/orchestrator/.ssh
chmod 700 /home/orchestrator/.ssh
chmod 600 /home/orchestrator/.ssh/tzzr

# Login de Claude Code
su - orchestrator
cd orchestrator && source .venv/bin/activate
claude  # Autenticar con cuenta Anthropic
```

## Servicio Systemd

`/etc/systemd/system/architect-app.service`:

```ini
[Unit]
Description=Architect App v2
After=network.target

[Service]
User=orchestrator
WorkingDirectory=/home/orchestrator/orchestrator
ExecStart=/home/orchestrator/orchestrator/.venv/bin/python /opt/architect-app-v2/app.py
Restart=always
RestartSec=3

[Install]
WantedBy=multi-user.target
```

Comandos:
```bash
systemctl daemon-reload
systemctl restart architect-app
systemctl status architect-app
journalctl -u architect-app -f
```

## ClaudeProvider con --dangerously-skip-permissions

El archivo `orchestrator/providers/claude_provider.py` construye el comando:

```python
cmd = [self.cli_path, "--dangerously-skip-permissions", "-p", prompt, "--output-format", "json"]
```

## Rutas Importantes

| Ruta | Descripcion |
|------|-------------|
| /home/orchestrator/orchestrator/ | Codigo del orchestrator |
| /home/orchestrator/orchestrator/.venv/ | Virtual environment |
| /home/orchestrator/.ssh/tzzr | Clave SSH |
| /opt/architect-app-v2/ | Architect App |
| /opt/architect-app-v2/data/ | SQLite + config |

## Acceso Manual

```bash
su - orchestrator
cd orchestrator && source .venv/bin/activate
python orchestrator/main.py
```