--- category: reference tags: [dev, vps, progress] last_updated: 2026-03-15 confidence: high --- # VPS Deployment Progress Tracking the implementation of robot.wtf on the Debian 12 / Proxmox VM. See [[Tasks/VPS_Phases]] for the full plan. ## Completed ### V0: VM Infrastructure (2026-03-15) - Ansible playbook provisioning: base packages, `/srv` directory structure, Python venv, crypto keys, SQLite schema - RS256 signing keypair + EC P-256 ATProto client JWK generated - Playbook idempotent, tested via full re-run - VPS at 192.168.77.107 (WireGuard backplane), Caddy on separate host ### V1: Otterwiki on Caddy (2026-03-15) - **V1-1/V1-2:** Data access layer ported from DynamoDB to SQLite (21 files, 2399 lines, 55 tests) - **V1-3:** Gunicorn entry points, systemd units, Ansible deploy role (4 services on ports 8000-8003) - **V1-4:** Caddy wildcard config with on-demand TLS, `/api/internal/check-slug` for cert validation - **V1-5:** Full stack smoke tested — otterwiki serving pages, MCP connected via Claude Code Key findings during V1: - `RETAIN_PAGE_NAME_CASE = True` required (otterwiki lowercases filenames without it) - `TREAT_UNDERSCORE_AS_SPACE_FOR_TITLES = True` for clean URLs - ManagementMiddleware needed `/api/v1/*` and `/api/internal/*` passthroughs - numpy/chromadb X86_V2 issue on the Proxmox VM (semantic search deferred) ### VS-1: ATProto OAuth Spike (2026-03-15) - Bluesky cookbook demo adapted for robot.wtf - Real Bluesky login completed end-to-end - ATProto client JWK must be EC P-256 / ES256 (not RSA) — V0 playbook corrected - DPoP nonce handling works, identity-only scope validated - Findings at [[Dev/VS-1_ATProto_Spike]] ### V2: Migrate Dev Wiki (2026-03-15) - Dev wiki cloned from dev.wikibot.io via git smart HTTP (`/.git/info/refs`) - Running at https://dev.robot.wtf/ with MCP connected - 3gw wiki NOT migrated (DNS CNAME exception keeps it on home server) - MCP bearer token auth working for Claude Code ## In Progress ### VS-2: MCP OAuth for Claude.ai - Making FastMCP's OAuth provider persistent (SQLite-backed) so Claude.ai doesn't lose auth on restart - Caddy routes updated to proxy OAuth paths to MCP sidecar - Manager agent running in otterwiki-mcp repo ### V3: ATProto OAuth Production Auth Service - Evolving VS-1 spike into production auth service on port 8003 - Platform JWT cookie on `.robot.wtf` domain - Signup flow (choose username from Bluesky handle) - Manager agent running in robot.wtf repo ## Not Started - V4: Management API + Wiki Lifecycle - V5: MCP OAuth AS (Claude.ai — production, replacing VS-2 stub) - V6: Frontend + Landing Page - V7: Semantic Search + Operational Hardening ## Architecture Notes | Service | Port | Process | Status | |---------|------|---------|--------| | Otterwiki WSGI | 8000 | Gunicorn | Running | | MCP sidecar | 8001 | uvicorn (FastMCP) | Running | | Platform API | 8002 | Gunicorn | Running (stubs) | | Auth service | 8003 | Gunicorn | Running (stubs) | All deployed via Ansible (`ansible/deploy.yml`). Config in `/srv/data/robot.env` and `/srv/data/settings.cfg`, both generated from Jinja2 templates with `force: false` (won't overwrite existing secrets). Repos: - `robot.wtf` — platform code (Ansible, middleware, auth, management) - `otterwiki-mcp` — standalone MCP server (FastMCP, 12 tools, dual auth) - `otterwiki` — upstream fork (`wikibot-io` branch: lifecycle hooks, proxy auth, platform mode) - `otterwiki-api` — REST API plugin - `otterwiki-semantic-search` — semantic search plugin (ChromaDB/FAISS)