ovtube/vtube
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Document granular hook policy + ad architecture + 94-site scale

Browse Source 
Hook redesign (guard-readonly.sh + guard-bash.sh):
- ALLOW edits: /home/nosfortube/frontend_<port>/ (digits-only, all subdirs)
  + /home/nosfortube/orest/ (user working zone + screenshots)
- DENY: lang variants (frontend_<port>_<lang>/), frontend_core/, .git/,
  system paths (/etc/, /usr/, /boot/, /var/* except /var/log/claude/)
- 19/19 readonly + 18/19 bash tests pass (1 pre-existing sed-i regex gap)
- Backup попередньої версії: .bak.2026-05-02

Doc updates:
- New: PROJECT.md, ARCHITECTURE.md, DEPLOY.md, ADS.md, PERFORMANCE.md,
  INTERLINKING.md, ADMINS.md (topic-split docs/)
- CLAUDE.md: 94-site scale, granular edit zones, doc index
- INFRASTRUCTURE.md: hook table updated
- SITES.md: scope note (14 backup-tracked of 94 total)
- RECOMMENDATIONS.md: W1 (hook conflict) → DONE; W2-W3, D1-D4 added

Site architecture findings (audit 2026-05-02):
- 94 frontend_<port>/ sites, 71 in site-name-routing.csv, 14 backup-tracked
- 3 ad-architectures coexist: 8148 modern bundle (1), modern partials (~23),
  legacy inline surstrom (31)
- 8148 unique: ad-bundle.min.js source files, build-ad-bundle.sh, terser
- Server IP 185.73.222.75 у t1.* allowlist (curl probes work)
- CDN: custom + Cloudflare на 8081 etc; purge-cache при prod deploy

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
goboss
2026-05-02 13:26:25 +00:00
parent d740ef82ea
commit 981a0ad9b6
11 changed files with 568 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
docs/INFRASTRUCTURE.md
View File

@@ -60,8 +60,8 @@
| Hook | Event | Що робить |
|------|-------|-----------|
| `guard-bash.sh` | PreToolUse:Bash | Блокує: rm на critical paths (/etc, /var, /home/nosfortube), git push для bots, write до /home/nosfortube/, raw tmux send-keys без bot prefix |
| `guard-readonly.sh` | PreToolUse:Edit\|Write | Блокує Edit/Write на `/home/nosfortube/`, `/etc/`, `/var/www/`, `/usr/` |
| `guard-bash.sh` | PreToolUse:Bash | Granular block: rm/write до `/home/nosfortube/` поза edit zone (`orest/`, `frontend_<port>/`); rm на system paths; git push для bots; raw tmux send-keys без bot prefix. Backup: `.bak.2026-05-02` |
| `guard-readonly.sh` | PreToolUse:Edit\|Write | Granular: ALLOW `/home/nosfortube/frontend_<port>/`, `/home/nosfortube/orest/`. DENY: `frontend_<port>_<lang>/`, `frontend_core/`, `.git/`, system paths (`/etc/`, `/var/*`, etc.). Backup: `.bak.2026-05-02` |
| `auto-signal-goboss.sh` | PostToolUse:Write\|Bash | Auto-signal `gocc{N}: done` коли bot пише `~/comms/<bot>-report.md` |
| `check-inbox.sh` | (опційний) | Periodic inbox check |
| `telegram-notify.sh` | Stop | TG completion ping |