JARVIS OPERATIONAL RUNBOOK v1 STATUS: DRAFT OWNER: single-owner system DEFAULT RULE: inspect first, change second PURPOSE This runbook defines safe operational commands for Jarvis Core. It is intended for: - health checks - container status checks - log inspection - safe restart - backup verification - reverse proxy verification - incident triage It does not contain: - secrets - credentials - tokens - database dumps - private logs - .env contents CORE PATHS Project: - /volume1/docker/jarvis Public files: - /volume1/docker/jarvis/public Private environment: - /volume1/docker/jarvis/.env Database backups: - /volume1/docker/jarvis/db/backups Backup script: - /volume1/docker/jarvis/scripts/backup_postgres.sh Containers: - jarvis-db - jarvis-n8n - jarvis-public Preserved existing n8n: - n8n HEALTH CHECK COMMANDS Check Jarvis containers: cd /volume1/docker/jarvis sudo docker ps --filter "name=jarvis" Check compose state: cd /volume1/docker/jarvis sudo docker compose ps Check PostgreSQL health: sudo docker ps --filter "name=jarvis-db" Check n8n route locally: curl -I http://127.0.0.1:8091/n8n/ Check public HTTPS route from browser: https://jarvis.lkpatisserie.com/n8n/ LOG CHECK COMMANDS Check n8n logs: sudo docker logs jarvis-n8n --tail=120 Check PostgreSQL logs: sudo docker logs jarvis-db --tail=120 Check public nginx logs: sudo docker logs jarvis-public --tail=120 SAFE RESTART COMMANDS Restart Jarvis Core stack: cd /volume1/docker/jarvis sudo docker compose down sudo docker compose up -d Restart only n8n: cd /volume1/docker/jarvis sudo docker compose restart n8n Restart only PostgreSQL: cd /volume1/docker/jarvis sudo docker compose restart db Reload public nginx config: sudo docker exec jarvis-public nginx -t sudo docker exec jarvis-public nginx -s reload BACKUP COMMANDS Run manual PostgreSQL backup: /volume1/docker/jarvis/scripts/backup_postgres.sh List backups: ls -lah /volume1/docker/jarvis/db/backups Check backup log: tail -50 /volume1/docker/jarvis/logs/backup_postgres.log RESTORE TEST Restore tests must use a temporary PostgreSQL container. Never restore over production jarvis-db without explicit owner approval. Use POSTGRES_RESTORE_TEST_PROCEDURE_v1.txt as the source procedure. PUBLIC FILE CHECKS List public files: ls -lah /volume1/docker/jarvis/public Check public index: cat /volume1/docker/jarvis/public/PUBLIC_FILE_INDEX_v1.txt Check start file: cat /volume1/docker/jarvis/public/START_JARVIS_CORE_SESSION.txt SECURITY CHECKS Confirm .env permissions: ls -la /volume1/docker/jarvis/.env Expected: - rw------- or chmod 600 Confirm n8n has no direct LAN port: sudo docker ps --filter "name=jarvis-n8n" Expected: - 5678/tcp only - no 0.0.0.0:15678 mapping Confirm PostgreSQL has no public host port: sudo docker ps --filter "name=jarvis-db" Expected: - 5432/tcp only - no host port mapping INCIDENT RULES If something breaks: 1. Do not delete data. 2. Do not delete volumes. 3. Capture status first. 4. Check logs. 5. Restart only the affected service if possible. 6. Avoid docker compose down -v unless explicitly approved. 7. Do not expose .env or secrets in chat. 8. Do not paste database dumps into chat. COMMON INCIDENTS n8n shows white screen: - check N8N_PATH - check reverse proxy /n8n/ route - check browser cache/incognito - check nginx proxy_pass slash behavior n8n cannot write config: - check ownership of /volume1/docker/jarvis/n8n/data - expected container user can write PostgreSQL restart loop: - check db/init permissions - check db/data permissions - check logs Backup fails: - check jarvis-db is running - check backup directory permissions - check Docker access from scheduler user END LOCAL HEALTH CHECK SCRIPT Run: sudo /volume1/docker/jarvis/scripts/health_check.sh Expected healthy result: - Overall state: GREEN The script is read-only and checks: - container status - compose status - n8n route - public index - latest backup presence - direct host exposure for n8n and database END LOCAL HEALTH CHECK SCRIPT LOCAL STATUS COMMAND Run: sudo /volume1/docker/jarvis/scripts/status.sh Purpose: - show safe Jarvis Core status summary - verify services, access route, backup presence, public index, and exposure status Output rules: - no secrets - no .env - no database contents - no backup contents - no private logs END LOCAL STATUS COMMAND LOCAL PUBLIC INDEX COMMAND Run: sudo /volume1/docker/jarvis/scripts/public_index.sh Purpose: - show registered public continuity files - verify public file index is readable Output rules: - public file names only - no secrets - no .env - no database contents - no backup contents - no private logs END LOCAL PUBLIC INDEX COMMAND LOCAL NEXT TASK COMMAND Run: sudo /volume1/docker/jarvis/scripts/next_task.sh Purpose: - show current public next-task guidance - help continue Jarvis work from safe public context Output rules: - public task guidance only - no secrets - no .env - no database contents - no backup contents - no private logs END LOCAL NEXT TASK COMMAND LOCAL BACKUP STATUS COMMAND Run: sudo /volume1/docker/jarvis/scripts/backup_status.sh Purpose: - show PostgreSQL backup metadata - verify backup directory, backup count, latest backup timestamp, and log presence Output rules: - metadata only - no backup contents - no database dumps - no secrets - no .env END LOCAL BACKUP STATUS COMMAND UNIFIED LOCAL JARVIS COMMAND Run: sudo /volume1/docker/jarvis/scripts/jarvis.sh help Allowed examples: sudo /volume1/docker/jarvis/scripts/jarvis.sh status sudo /volume1/docker/jarvis/scripts/jarvis.sh health sudo /volume1/docker/jarvis/scripts/jarvis.sh public-index sudo /volume1/docker/jarvis/scripts/jarvis.sh next sudo /volume1/docker/jarvis/scripts/jarvis.sh backup-status Controlled publish: sudo /volume1/docker/jarvis/scripts/jarvis.sh publish-public Denied through jarvis.sh: - secrets - env - shell - delete - backup-now - restore Purpose: - provide one safe local command entrypoint - reduce operator error - keep remote command execution disabled Security rule: - jarvis.sh is local-only - no public webhook - no browser execution - no free-text shell command END UNIFIED LOCAL JARVIS COMMAND RUSSIAN LOCAL COMMAND ALIASES Russian owner commands: sudo /volume1/docker/jarvis/scripts/jarvis.sh статус sudo /volume1/docker/jarvis/scripts/jarvis.sh проверка sudo /volume1/docker/jarvis/scripts/jarvis.sh индекс sudo /volume1/docker/jarvis/scripts/jarvis.sh дальше sudo /volume1/docker/jarvis/scripts/jarvis.sh бэкап Optional aliases: sudo /volume1/docker/jarvis/scripts/jarvis.sh состояние sudo /volume1/docker/jarvis/scripts/jarvis.sh здоровье sudo /volume1/docker/jarvis/scripts/jarvis.sh следующее sudo /volume1/docker/jarvis/scripts/jarvis.sh статус-бэкапа sudo /volume1/docker/jarvis/scripts/jarvis.sh публикация Denied examples: sudo /volume1/docker/jarvis/scripts/jarvis.sh секреты sudo /volume1/docker/jarvis/scripts/jarvis.sh окружение sudo /volume1/docker/jarvis/scripts/jarvis.sh консоль sudo /volume1/docker/jarvis/scripts/jarvis.sh удалить sudo /volume1/docker/jarvis/scripts/jarvis.sh восстановить Purpose: - make local operation easier for Russian owner interface - keep all commands local-only - preserve deny-by-default behavior for dangerous actions Security rule: - Russian aliases do not change command trust level - secret/write/critical commands remain denied - no public webhook - no browser execution END RUSSIAN LOCAL COMMAND ALIASES