30 lines
1.4 KiB
Markdown
30 lines
1.4 KiB
Markdown
|
# Request: Caddy host SSH key for engagement data collection
|
||
|
|
|
||
|
|
## What
|
||
|
|
Provision a dedicated SSH keypair with `command=` restriction on the Caddy host serving disinto.ai. This key allows the edge container to fetch access logs for engagement measurement.
|
||
|
|
|
||
|
|
## Why
|
||
|
|
Blocks #745 (collect-engagement formula) and #426 (website observability).
|
||
|
|
The factory cannot make disinto.ai an observable without reading access logs from the Caddy host.
|
||
|
|
Waiting since 2026-04-14.
|
||
|
|
|
||
|
|
## Human action
|
||
|
|
1. Generate keypair: `ssh-keygen -t ed25519 -f caddy-collect -N '' -C 'disinto-collect-engagement'`
|
||
|
|
2. Install public key on Caddy host in `~/.ssh/authorized_keys` with restriction:
|
||
|
|
```
|
||
|
|
command="cat /var/log/caddy/access.log",no-port-forwarding,no-X11-forwarding,no-agent-forwarding ssh-ed25519 AAAA... disinto-collect-engagement
|
||
|
|
```
|
||
|
|
3. Ensure Caddy is configured for JSON structured access log format
|
||
|
|
4. Add private key as `CADDY_SSH_KEY` to `.env.vault.enc`
|
||
|
|
5. Add Caddy host address as `CADDY_HOST` to `.env.vault.enc`
|
||
|
|
6. Test: `ssh -i caddy-collect user@caddy-host` should output the access log and disconnect
|
||
|
|
|
||
|
|
## Factory will then
|
||
|
|
- Run `collect-engagement` formula daily via edge container cron
|
||
|
|
- Commit evidence JSON to `evidence/engagement/YYYY-MM-DD.json` in ops repo
|
||
|
|
- Planner uses evidence data to assess landing page effectiveness
|
||
|
|
|
||
|
|
## Unblocks
|
||
|
|
- #745 — collect-engagement formula + container script
|
||
|
|
- #426 — website observability (parent vision issue)
|