Browser-based interactive terminal sessions with agent CLIs via
WebSocket + node-pty. Supports full TUI rendering (colors, cursor,
ctrl-c) through xterm.js in the browser.
Architecture: xterm.js ←WebSocket→ pty-server.js ←PTY→ agent CLI
- Extract shared buildAgentEnv() from executor into agent-env.ts
- Add internal /api/agents/[id]/env endpoint for PTY server
- Add pty-server.js (WebSocket + node-pty, max 3 sessions, 2hr cleanup)
- Add custom server.js wrapping Next.js with WebSocket upgrade
- Add ChatTab component with agent selector and terminal
- Wire CHAT tab into dashboard nav and render
- Configure serverExternalPackages for node-pty
- Update Dockerfile with build tools and custom server
- Bump k8s memory limit 1Gi → 2Gi for PTY sessions
Next.js standalone output nests server.js under apps/harness/ when
built from a pnpm workspace. Preserve the directory structure and
update CMD to point to the correct server.js path.
Support Gitea alongside GitHub/GitLab for repo search, authenticated
cloning, and pull request creation via Gitea API. Tasks can specify
gitProvider and gitBaseUrl in their spec (defaults to github for
backwards compat). Auto-discovers GITEA_TOKEN from env on boot.
Add model fetchers for OpenCode Zen (https://opencode.ai/zen/v1/models) and
Go (https://opencode.ai/zen/go/v1/models) APIs. Register opencode-go as a new
provider, load shared credentials from auth.json, add known models with pricing,
and create default agents for both tiers on first boot.
Replace the manual "Add Model" form with a search bar that filters by model
name/ID and paginate the catalog at 25 models per page.
Switch harness Dockerfile to pnpm with repo root build context so
workspace:^ dependency on @homelab/db resolves. Use .dockercontext
marker file to opt individual apps into root context builds while
keeping web/api on their local app context.
Replace all in-memory Map-backed stores (credentials, models, agents,
tasks, iterations, usage) with Drizzle ORM queries against the
homelab-pg PostgreSQL cluster. All store functions are now async.
- Add 6 harness_* tables to @homelab/db schema
- Generate and apply initial Drizzle migration
- Add lazy DB connection proxy to avoid build-time errors
- Wire DATABASE_URL from sealed secret into harness deployment
- Update all API routes, orchestrator, executor, and boot to await
async store operations
Use globalThis for all in-memory stores (credentials, models, agents,
tasks) so the instrumentation hook and API route handlers share the
same data. Next.js bundles these as separate chunks with independent
module instances, causing boot-populated state to be invisible to
API routes.
Read mounted secret files (Claude OAuth, OpenCode auth.json) and env
vars on boot, register them as credentials, fetch available models
from provider APIs, and create default agent configs for each viable
runtime+provider+model combination.
Strip all seed/mock data (fake tasks, models, usage entries, agent configs)
so the dashboard starts clean and populates from real API state. Add
/api/agents/health endpoint that validates each agent's provider credentials
and CLI availability.
All placeholder secrets replaced with real sealed values:
- argocd-gitea-token: API token for ArgoCD PR generator
- gitea-runner-token: registration token for in-cluster runner
- gitea-pull-secret: registry credentials for app image pulls
Gitea admin username is julia but the Gitea account name is
lazorgurl. Update container registry URLs, workflow refs,
Taskfile API calls, and pull secret placeholders.
Deploy Gitea via Helm with dedicated CloudNativePG database,
in-cluster Actions runner (DinD), and built-in container registry.
ArgoCD repoURLs updated to use in-cluster Gitea SSH. Preview
ApplicationSet switched from GitHub PR generator to Gitea PR
generator. App images now pull from gitea.coreworlds.io registry.
Remaining setup after deploy: seal runner token, ArgoCD API token,
and registry pull secret once Gitea is running. Add ArgoCD deploy
key to Gitea repo settings.
- Add ServiceMonitors for Traefik, ArgoCD, and Longhorn
- Enable cert-manager ServiceMonitor via helm values
- Deploy Grafana Tempo for distributed tracing (single-binary, Longhorn PVC)
- Add Tempo datasource with trace-to-logs and trace-to-metrics correlation
- Instrument API with OpenTelemetry SDK (Prometheus metrics + OTLP traces)
- Replace console.log with pino structured logging + pino-http middleware
- Add Grafana dashboards for Traefik, API overview, and PostgreSQL (CNPG)
- Add .eslintrc.json so next lint doesn't prompt interactively in CI
- Switch Google Fonts from <link> tags to next/font/google
- Wrap "// SECURE_NODE_7" in JSX expression to avoid comment parse error
Set up Tailwind CSS v4 with full design token system from Stitch project
(obsidian surfaces, neon cyan/magenta/lime palette, Space Grotesk + Inter
typography, 0px border-radius). Landing page includes hero section, side
nav, module cards, system status panels, terminal log, and CRT overlay.
pnpm in workspace mode can't generate per-app lockfiles, and without a
lockfile the install is unreliable in CI. npm works fine for these
standalone app builds since they have no workspace dependencies.
Apps build in isolation from the monorepo, so the root pnpm-lock.yaml
doesn't match the app-level package.json. Use plain pnpm install
since each app's package.json is the source of truth.
- Migrate all ingress hostnames from *.homelab.local to *.coreworlds.io
- Remove broken Traefik certresolver config (cert-manager handles TLS)
- Add internal-only IP allowlist middleware for platform services
- Add IngressRoutes for ArgoCD, Grafana, Longhorn (LAN-only via middleware)
- Seal and add Cloudflare API token for cert-manager DNS-01 challenges
- Update cert-manager ClusterIssuers with real email
- Update k3s TLS SAN to k3s.coreworlds.io
- Rewrite Ubiquiti docs for single-node topology and split-horizon DNS
- Fix seal-secret.sh controller name to match Helm release
- Add UCG DNS setup script using API key auth
- Update repo URLs from HTTPS placeholder to git@github.com:lazorgurl/homelab.git
- Update container image refs from OWNER to lazorgurl
- Set KUBECONFIG env in Taskfile
- Fix kubeconfig-fetch.sh to auto-detect server IP from inventory
- Fix Ansible: callback plugin, br_netfilter ordering, ssh service name
