faster-whisper (small.en, GPU+CPU fallback) on CT 102 → POST
/api/voice/transcribe (multer→whisper client) → mic in the bubble
records (MediaRecorder), uploads, drops the transcript into the input
to review-and-send. Infra scripts in deploy/whisper/. Retention (P2b)
next. NOTE: mic needs a secure context (the https domain), not the LAN IP.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Removes the rsync --delete / manual-migration / no-rollback footguns from the
deploy path. Validated: clean deploy passes the health gate; a forced health
failure correctly rolls back from the .prev snapshot and recovers.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- Q3: prod void DB role NOSUPERUSER (vector marked trusted; deploy/README documents it)
- Q4: buildChildEnv allow-list for the claude subprocess (no OWNER_TOKEN/DATABASE_URL/secrets leak)
- Q5: pending-change approve claims-before-applying + reopens on failure (no re-approvable dup)
- Q6: /capture/upload validates space_id (UUID+existence); pg pool statement_timeout 30s
- Q9: disabled failing syncoid-donatello timer on Z
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Post-outage recovery: a rogue OpenWrt device seized 192.168.1.13 after the
power-cut reboot, ARP-poisoning the LAN so CT 311 was unreachable despite being
healthy. Renumbered CT 311 .13 -> .216 (out of the conflict-prone low range,
next to the DB at .215). Update push.sh + push-workers.sh defaults to
root@192.168.1.216; push.sh no longer defaults to the void2-app hostname (that
resolves to the Cloudflare tunnel and can't carry SSH).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
The prod venv at /opt/void-workers/venv was being deleted on every
push because rsync --delete saw no matching dir in the source (which
has .venv/, not venv/). Now both names are excluded.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Rsync ran as root over SSH so files landed root-owned, but workers run
as voidworkers — the service couldn't even reach the venv binary.
Now: chown -R voidworkers after rsync, run venv create + pip install
under `su voidworkers -c`. Also excludes .env, .gitignore, .pytest_cache
so they survive across deploys.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Deploy README extended with workers bootstrap + note on the void2-db
SQL_ASCII cluster requiring client_encoding=UTF8 on Python clients.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
