Deployment and DevOps tooling for ByteLyst
ad16b1308e
First slice of Phase 3 ("real per-instance telemetry"). Defines the
read-only artifact contract from Decision #1 (sessions, cron, memory,
skills, watchdog alerts, backup history) and ships an admin-gated
backend endpoint that probes the live Hermes instance, gracefully
degrading to status:'unknown' wherever the source isn't readable.
What's new
- `backend/src/modules/hermes-telemetry/types.ts` — Zod schemas for
every section of the snapshot, plus a `HermesProbeStatus` reused
from hermes-ops so the UI can distinguish "definitely empty" from
"couldn't read the source" for each section independently.
- `backend/src/modules/hermes-telemetry/repository.ts` — implementation
that:
* shells out via `runuser -u <user> --` for cross-user instances
(Bheem/uma) the same way `hermes-ops/repository.ts` does;
* parses `hermes sessions stats / cron list / memory list /
skills list --json` when the CLI is present, otherwise
reports status:'unknown';
* tails the watchdog log and buckets each line by severity
(critical / warn / info);
* pulls `git -C <repo> log` against the instance's backup repo
for backup history;
* caches per-instance with a 30s TTL + in-flight coalescing,
same pattern as hermes-ops.
- `backend/src/modules/hermes-telemetry/routes.ts` — admin-only GET
`/api/hermes/telemetry/:instance` (the `instance` path param is
Zod-validated; the response is validated against
`HermesTelemetrySnapshotSchema` before send so a shape regression
surfaces here, not in the UI).
- `backend/src/modules/hermes-telemetry/hermes-telemetry.test.ts` —
6 unit tests: ENOENT-on-everything case validates against the
schema, JSON-parse path for sessions/cron/memory/skills, watchdog
log severity bucketing, backup-history `git log` parsing, cache
hit, per-instance cache isolation. Coverage: 95.17% lines on the
new repository module.
- `backend/vitest.config.ts` — telemetry repository added to the
coverage gate's `include` list (ratchet).
- `web/src/lib/api.ts` — typed surface for the new endpoint:
`HermesTelemetrySnapshot` + sub-types + `api.getHermesTelemetry`.
What's NOT in this slice
- UI consumption. The Task Ledger / Agents / History panes still
render mock data; converting them is queued for the next slices.
This slice ships the contract + the backend so those slices can
build on a stable shape.
- Backward-compat replacement of `/api/hermes/ops` (which is
unauthenticated today). That comes with the Phase 7 auth pass.
Verified: backend typecheck ✅, 57/57 unit tests ✅, web typecheck ✅,
lint 0 errors, coverage gate ≥95% lines on every gated file.
Generated with [Devin](https://cli.devin.ai/docs)
Co-Authored-By: Devin <158243242+devin-ai-integration[bot]@users.noreply.github.com>
|
||
|---|---|---|
| _AZURE | ||
| .gitea/workflows | ||
| .github/workflows | ||
| agent-queue | ||
| aliases | ||
| dashboard | ||
| docs | ||
| git-work-safety-tools | ||
| github_access_scripts | ||
| github_repo_scanners | ||
| scripts | ||
| Slack Message | ||
| supabase monitor | ||
| systemd | ||
| youtube | ||
| .gitattributes | ||
| .gitignore | ||
| .pre-commit-config.yaml | ||
| accounts.example.json | ||
| AGENTS.md | ||
| bytelyst-cli.sh | ||
| check_i_ayushh18_collaborator.sh | ||
| CLAUDE.md | ||
| clean_chrome.sh | ||
| cleanup.sh | ||
| cli-install-report.md | ||
| delete_team_interactive.sh | ||
| deploy-all.sh | ||
| deploy-clock.sh | ||
| deploy-invttrdg.sh | ||
| deploy-notes.sh | ||
| DEPLOYMENT_GUIDE.md | ||
| deployment-status.sh | ||
| github_acc_input.json | ||
| github_repos.json | ||
| install_clis_wsl.sh | ||
| interactive_user_removal.sh | ||
| list_all_public_repos.sh | ||
| list_all_repos_tree.sh | ||
| list_orgs_teams_members.sh | ||
| list_prs_by_user.sh | ||
| list_repos_contributors_by_user.sh | ||
| list_repos_contributors.sh | ||
| make_repos_private.sh | ||
| make_symlinks_wsl.sh | ||
| README_INSTALL.md | ||
| README_interactive_script.md | ||
| README_remove_user_script.md | ||
| README.md | ||
| remove_user_from_repos.sh | ||
| remove_user_guided.sh | ||
| remove_user_i-ayushh18.sh | ||
| remove_user_interactive.sh | ||
| REPO_CONTEXT.md | ||
| repos.json | ||
| repos.txt | ||
| run_installers.ps1 | ||
| run_installers.sh | ||
| setup.sh | ||
| sync_repos.sh | ||
| test_interactive.sh | ||
| test.sh | ||
| update-dns.sh | ||
| users_black_list.json | ||
| users_white_list.json | ||
| wsl_path_and_check.sh | ||
| wsl_test.sh | ||
ByteLyst DevOps Tools
Internal repository for GitHub administration scripts, multi-repo safety helpers, and a few adjacent utility projects used by ByteLyst.
This repo is not a single application. It is a workspace of operational tools with three main characteristics:
- The primary surface area is Bash scripts for GitHub and repository operations.
- Some subdirectories are self-contained Python utilities with their own setup and runtime expectations.
- A number of JSON files and outputs are generated artifacts or operational inputs, not source code to edit casually.
Start Here
If you are new to the repo, read these in order:
- docs/getting-started.md
- docs/repo-map.md
- docs/tooling-status.md
- scripts/README.md for supported standalone operational scripts
- AGENTS.md if you are working through an AI coding agent
- CLAUDE.md if you are using Claude Code specifically
Primary Entry Points
GitHub Operations
./bytelyst-cli.sh- Main unified CLI for common GitHub admin operations.
- Requires
curl,jq, andGITHUB_TOKEN.
./remove_user_interactive.sh- Interactive collaborator-removal workflow with repository pattern matching.
./remove_user_guided.sh- Guided wrapper around the same removal flow with a more opinionated interactive UX.
./remove_user_from_repos.sh- Scripted removal flow suitable for repeatable or semi-automated use.
Multi-Repo Git Safety
git-work-safety-tools/git_repos_status.shgit-work-safety-tools/git_repos_rebase_commit_push.shgit-work-safety-tools/multi_repo_safe_push.shgit-work-safety-tools/multi_repo_status.sh
These are for scanning many repositories, checking dirty state, and performing safer batch git workflows.
Deployment Operations
./deployment-status.sh- Comprehensive deployment status report for ByteLyst Investment Trading
- Shows container status, deployed commit info, git status, health endpoints, and suggested actions
- Usage:
./deployment-status.sh
./deploy-invttrdg.sh- Production deployment script for ByteLyst Investment Trading
- Builds and deploys Docker containers to production
- Usage:
./deploy-invttrdg.sh [options]
Repository Layout
Core Operational Scripts
- Root
*.shfiles- Main Bash-based GitHub and maintenance utilities.
scripts/- Named operational scripts that are more self-contained than the older root-level helpers.
git-work-safety-tools/- Safer multi-repo git helpers.
github_access_scripts/- Focused access checks and repo listing utilities.
github_repo_scanners/- Scripts plus generated repo/contributor JSON outputs.
Side Projects
Slack Message/- Python CLI for Slack posting and AI-assisted chat.
youtube/- YouTube transcript and summarization helpers.
supabase monitor/- Separate Python workflow project for YouTube processing despite the directory name.
Documentation
docs/- Canonical onboarding and repo-orientation docs.
scripts/README.md- Support and usage conventions for standalone operational scripts.
- Legacy root docs:
README_interactive_script.mdREADME_remove_user_script.md
These older docs are still useful but are no longer the best starting point.
Setup
Root Tooling
./setup.sh
This installs the local development hooks and prepares the shell-based workflow.
If pip3 is unavailable or blocked by an externally managed Python environment, install the distro package first:
sudo apt-get install -y pre-commit
./setup.sh
Required Dependencies
bashcurljq
Authentication
Most GitHub-facing scripts require:
export GITHUB_TOKEN=your_token_here
Use a token with the minimum permissions required for the task. Many admin flows assume repo and admin:org.
For scripts that require multi-account scanning, start from:
cp accounts.example.json accounts.json
Then fill in real values locally. accounts.json is intentionally ignored from future commits.
Common Commands
./bytelyst-cli.sh help
./bytelyst-cli.sh list-public-repos --user <username>
./bytelyst-cli.sh list-private-repos --org <orgname>
./remove_user_interactive.sh
./git-work-safety-tools/git_repos_status.sh
pre-commit run --all-files
Operational Safety
- Treat
accounts.json,*.jsonaccount snapshots,.envfiles, and generated collaborator data as potentially sensitive. - Prefer dry runs or interactive confirmation flows before bulk removal or visibility changes.
- Do not assume every tracked JSON file is a stable source file; many are data snapshots or inputs.
- Review scripts before reuse in automation. Some are one-off operational helpers and may encode assumptions about ByteLyst org structure.
Notes On Secrets And Outputs
This repo uses example/template files for local credentials and generated outputs should generally stay out of git. If you need local credentials, create untracked local copies such as accounts.json or .env from the provided examples.
Contributing
- Keep new docs in
docs/unless they are tightly scoped to a subproject. - Prefer adding a short README to a subdirectory instead of expanding the root README with niche workflow details.
- Validate shell scripts with:
pre-commit run --all-files
- When adding new operational scripts, document:
- required environment variables
- destructive behavior
- expected input files
- example usage