disinto-admin/disinto-ops
2
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions
disinto-ops/vault/pending/disinto-caddy-ssh-key.md
planner-bot a575e4a5f1 chore: planner run 2026-04-14
2026-04-14 20:18:12 +00:00

1.4 KiB
Raw Permalink Blame History

Request: Caddy host SSH key for engagement data collection

What

Provision a dedicated SSH keypair with command= restriction on the Caddy host serving disinto.ai. This key allows the edge container to fetch access logs for engagement measurement.

Why

Blocks #745 (collect-engagement formula) and #426 (website observability). The factory cannot make disinto.ai an observable without reading access logs from the Caddy host. Waiting since 2026-04-14.

Human action

  1. Generate keypair: ssh-keygen -t ed25519 -f caddy-collect -N '' -C 'disinto-collect-engagement'
  2. Install public key on Caddy host in ~/.ssh/authorized_keys with restriction: 
    command="cat /var/log/caddy/access.log",no-port-forwarding,no-X11-forwarding,no-agent-forwarding ssh-ed25519 AAAA... disinto-collect-engagement
  3. Ensure Caddy is configured for JSON structured access log format
  4. Add private key as CADDY_SSH_KEY to .env.vault.enc
  5. Add Caddy host address as CADDY_HOST to .env.vault.enc
  6. Test: ssh -i caddy-collect user@caddy-host should output the access log and disconnect

Factory will then

  • Run collect-engagement formula daily via edge container cron
  • Commit evidence JSON to evidence/engagement/YYYY-MM-DD.json in ops repo
  • Planner uses evidence data to assess landing page effectiveness

Unblocks

  • #745 — collect-engagement formula + container script
  • #426 — website observability (parent vision issue)