Deployment and DevOps tooling for ByteLyst
eaaa545e6c
Closes the remaining tractable items from the carry-forward queue.
1. Drop-root scaffold for the backend container (P2 mitigation)
`backend/Dockerfile` adds non-root `app` user (uid 1001) + `docker`
group (gid via `DOCKER_GID` build arg, default 999). `BACKEND_USER`
build arg defaults to `root` so existing deployments keep working;
set it to `app` plus `DOCKER_GID=$(getent group docker | cut -d: -f3)`
to flip the runtime non-root. `dashboard/DEPLOYMENT.md` gets a new
"Running non-root" section with the exact `chgrp`/`chmod` recipe
for the bind-mounted log files (the host-side prep that pairs with
the build flip). DEPLOYMENT.md mitigation roadmap updated.
2. Phase 6 trend cards
`lib/hermes-ops-history.ts` keeps the last 24 ops snapshots in
localStorage (de-duped on `generatedAt`, schema-guarded on read,
degrades silently on quota exceeded). Three trend cards in the
ops panel:
- Warning-volume sparkline + current count
- Healthy-instance count sparkline (X/2)
- Per-instance "minutes since last backup commit" with a 30m
stale threshold
SVG polyline sparklines, no chart library — `<svg viewBox="0 0
100 100" preserveAspectRatio="none">` with `vector-effect:
non-scaling-stroke` so the line stays 2px regardless of the
parent's width.
3. Phase 6 theme toggle
`components/theme-toggle.tsx` Sun/Moon button mounted in the
Hermes layout next to the instance switcher. Persists in
localStorage `bytelyst.theme.v1`. The design system already
defined `[data-theme="light"]` overrides in `styles/tokens.css`;
the toggle just sets the attribute. FOUC-prevention inline script
in the root layout reads the same key BEFORE React hydrates so
the first paint matches the user's last choice.
4. Phase 3 partial close: Agents pane → telemetry inventory
`/hermes/agents` now renders a "Memory & Skills inventory (live)"
SectionCard backed by the Phase 3 telemetry endpoint per instance
— `hermes memory list` and `hermes skills list` rendered with
per-section probe-status badges (`up`/`unknown`), item counts,
and the first N entries each. Agent **health** statuses (latency,
failure rate, last-success/failure) stay seed-data — observability
for those needs a separate ingestion contract that the telemetry
endpoint doesn't provide today.
5. Phase 0 reconfirmation
Roadmap Phase 0 ticked with explicit verification notes for each
guardrail (no public listener, manual approvals, secret hygiene,
Caddy review). Remains "must hold throughout" — the ticks reflect
today's verified state, not single-checkbox completion.
Verified: backend typecheck ✅, 74/74 backend unit tests ✅, web
typecheck ✅, 7/7 E2E ✅, lint 0 errors, build green, coverage gate
≥95% lines on every gated file.
Generated with [Devin](https://cli.devin.ai/docs)
Co-Authored-By: Devin <158243242+devin-ai-integration[bot]@users.noreply.github.com>
|
||
|---|---|---|
| _AZURE | ||
| .gitea/workflows | ||
| .github/workflows | ||
| agent-queue | ||
| aliases | ||
| dashboard | ||
| docs | ||
| git-work-safety-tools | ||
| github_access_scripts | ||
| github_repo_scanners | ||
| scripts | ||
| Slack Message | ||
| supabase monitor | ||
| systemd | ||
| youtube | ||
| .gitattributes | ||
| .gitignore | ||
| .pre-commit-config.yaml | ||
| accounts.example.json | ||
| AGENTS.md | ||
| bytelyst-cli.sh | ||
| check_i_ayushh18_collaborator.sh | ||
| CLAUDE.md | ||
| clean_chrome.sh | ||
| cleanup.sh | ||
| cli-install-report.md | ||
| delete_team_interactive.sh | ||
| deploy-all.sh | ||
| deploy-clock.sh | ||
| deploy-invttrdg.sh | ||
| deploy-notes.sh | ||
| DEPLOYMENT_GUIDE.md | ||
| deployment-status.sh | ||
| github_acc_input.json | ||
| github_repos.json | ||
| install_clis_wsl.sh | ||
| interactive_user_removal.sh | ||
| list_all_public_repos.sh | ||
| list_all_repos_tree.sh | ||
| list_orgs_teams_members.sh | ||
| list_prs_by_user.sh | ||
| list_repos_contributors_by_user.sh | ||
| list_repos_contributors.sh | ||
| make_repos_private.sh | ||
| make_symlinks_wsl.sh | ||
| README_INSTALL.md | ||
| README_interactive_script.md | ||
| README_remove_user_script.md | ||
| README.md | ||
| remove_user_from_repos.sh | ||
| remove_user_guided.sh | ||
| remove_user_i-ayushh18.sh | ||
| remove_user_interactive.sh | ||
| REPO_CONTEXT.md | ||
| repos.json | ||
| repos.txt | ||
| run_installers.ps1 | ||
| run_installers.sh | ||
| setup.sh | ||
| sync_repos.sh | ||
| test_interactive.sh | ||
| test.sh | ||
| update-dns.sh | ||
| users_black_list.json | ||
| users_white_list.json | ||
| wsl_path_and_check.sh | ||
| wsl_test.sh | ||
ByteLyst DevOps Tools
Internal repository for GitHub administration scripts, multi-repo safety helpers, and a few adjacent utility projects used by ByteLyst.
This repo is not a single application. It is a workspace of operational tools with three main characteristics:
- The primary surface area is Bash scripts for GitHub and repository operations.
- Some subdirectories are self-contained Python utilities with their own setup and runtime expectations.
- A number of JSON files and outputs are generated artifacts or operational inputs, not source code to edit casually.
Start Here
If you are new to the repo, read these in order:
- docs/getting-started.md
- docs/repo-map.md
- docs/tooling-status.md
- scripts/README.md for supported standalone operational scripts
- AGENTS.md if you are working through an AI coding agent
- CLAUDE.md if you are using Claude Code specifically
Primary Entry Points
GitHub Operations
./bytelyst-cli.sh- Main unified CLI for common GitHub admin operations.
- Requires
curl,jq, andGITHUB_TOKEN.
./remove_user_interactive.sh- Interactive collaborator-removal workflow with repository pattern matching.
./remove_user_guided.sh- Guided wrapper around the same removal flow with a more opinionated interactive UX.
./remove_user_from_repos.sh- Scripted removal flow suitable for repeatable or semi-automated use.
Multi-Repo Git Safety
git-work-safety-tools/git_repos_status.shgit-work-safety-tools/git_repos_rebase_commit_push.shgit-work-safety-tools/multi_repo_safe_push.shgit-work-safety-tools/multi_repo_status.sh
These are for scanning many repositories, checking dirty state, and performing safer batch git workflows.
Deployment Operations
./deployment-status.sh- Comprehensive deployment status report for ByteLyst Investment Trading
- Shows container status, deployed commit info, git status, health endpoints, and suggested actions
- Usage:
./deployment-status.sh
./deploy-invttrdg.sh- Production deployment script for ByteLyst Investment Trading
- Builds and deploys Docker containers to production
- Usage:
./deploy-invttrdg.sh [options]
Repository Layout
Core Operational Scripts
- Root
*.shfiles- Main Bash-based GitHub and maintenance utilities.
scripts/- Named operational scripts that are more self-contained than the older root-level helpers.
git-work-safety-tools/- Safer multi-repo git helpers.
github_access_scripts/- Focused access checks and repo listing utilities.
github_repo_scanners/- Scripts plus generated repo/contributor JSON outputs.
Side Projects
Slack Message/- Python CLI for Slack posting and AI-assisted chat.
youtube/- YouTube transcript and summarization helpers.
supabase monitor/- Separate Python workflow project for YouTube processing despite the directory name.
Documentation
docs/- Canonical onboarding and repo-orientation docs.
scripts/README.md- Support and usage conventions for standalone operational scripts.
- Legacy root docs:
README_interactive_script.mdREADME_remove_user_script.md
These older docs are still useful but are no longer the best starting point.
Setup
Root Tooling
./setup.sh
This installs the local development hooks and prepares the shell-based workflow.
If pip3 is unavailable or blocked by an externally managed Python environment, install the distro package first:
sudo apt-get install -y pre-commit
./setup.sh
Required Dependencies
bashcurljq
Authentication
Most GitHub-facing scripts require:
export GITHUB_TOKEN=your_token_here
Use a token with the minimum permissions required for the task. Many admin flows assume repo and admin:org.
For scripts that require multi-account scanning, start from:
cp accounts.example.json accounts.json
Then fill in real values locally. accounts.json is intentionally ignored from future commits.
Common Commands
./bytelyst-cli.sh help
./bytelyst-cli.sh list-public-repos --user <username>
./bytelyst-cli.sh list-private-repos --org <orgname>
./remove_user_interactive.sh
./git-work-safety-tools/git_repos_status.sh
pre-commit run --all-files
Operational Safety
- Treat
accounts.json,*.jsonaccount snapshots,.envfiles, and generated collaborator data as potentially sensitive. - Prefer dry runs or interactive confirmation flows before bulk removal or visibility changes.
- Do not assume every tracked JSON file is a stable source file; many are data snapshots or inputs.
- Review scripts before reuse in automation. Some are one-off operational helpers and may encode assumptions about ByteLyst org structure.
Notes On Secrets And Outputs
This repo uses example/template files for local credentials and generated outputs should generally stay out of git. If you need local credentials, create untracked local copies such as accounts.json or .env from the provided examples.
Contributing
- Keep new docs in
docs/unless they are tightly scoped to a subproject. - Prefer adding a short README to a subdirectory instead of expanding the root README with niche workflow details.
- Validate shell scripts with:
pre-commit run --all-files
- When adding new operational scripts, document:
- required environment variables
- destructive behavior
- expected input files
- example usage