Single point of entry. This box holds the sales queue, runs every ClawBot playbook, and is the only thing standing between n8n crons and Airtable writes. We don’t fully own it yet — this page is the plan to change that.
Python FastAPI service on a VPS. Receives 16 cron payloads from n8n, drafts via LLM, writes back to Airtable + HubSpot. HTTP Basic auth, URL-embedded credentials.
Every sales draft, every cold touch, every rebooking nudge crosses this server. If it’s down, the queue stalls. If it’s compromised, the entire pipeline is.
IP + port + that ClawBot runs there. No deploy pipeline, no OS access docs, no log access, no backup story. Tribal knowledge lives with Farid.
Four read-only probes against 187.77.29.73:8788. Zero state changes. Goal: establish a baseline so we can detect drift later.
Confirm the service is reachable and responds. Capture response shape + headers. Expected: 200 with JSON status payload. Anything else is a red flag.
Identify FastAPI version, Python runtime, build hash if exposed. Feeds the patch-cadence question (last deploy date, dependency drift).
Hit a known protected route without credentials. Verify it returns 401 (not 200, not 500). Confirms Basic auth is actually enforced server-side, not just in n8n.
p50 / p95 over 10 sequential pings from local. Baseline for an SLO. Anomalies here later = queue backlog before users notice.
Capture: SSH access path, how deploys happen today, where logs live, what restarts the process, last incident + resolution. Recorded.
New file. Sections: connect · tail logs · restart · rollback · rotate credentials · verify healthy. Tested top-to-bottom by someone who isn’t Farid.
OS, Python version, systemd units, cron jobs, exposed ports, firewall rules, disk layout. One .md page. Snapshot, not narrative.
Today: unknown. Target: code in git, env in secrets manager, infra reproducible from a script. Defines what “rebuild from scratch” looks like.
| # | Improvement | Why | Risk if skipped |
|---|---|---|---|
| 1 | Move HTTP Basic out of n8n URLs | URL-embedded credentials leak through every log line + execution history. | Credential exposure on n8n logs · rotation forces 16 workflow edits. |
| 2 | Structured logging to a central sink | Today logs live on the box. No box access = no debugging. | Outages diagnosed by guesswork. |
| 3 | External uptime check & alert | Health Sentinel is internal cron. If the box dies, the cron dies. | Silent outages discovered by reviewers when queue stops moving. |
| 4 | HTTPS termination | Plain HTTP on a public IP. Basic auth over HTTP = credentials in clear. | Credential interception · MITM on every payload. |
| 5 | Reproducible deploy | Docker + a script, or Container Apps. Anything beats “ssh + edit + restart.” | Box is unrebuildable. One disk failure = pipeline gone. |
| 6 | Move off the IP | Bare IP + port is fragile. Domain + reverse proxy lets us swap infra without touching n8n. | Any infra change = 16 workflow edits + downtime. |
Moving the worker to ECS/Container Apps is the eventual end-state, not phase 1. Discover first, harden second, migrate third.
Worker source remains untouched in phases 1–2. We map and document the running system, not rewrite it.
Sales_Assistant base prompt + the 16 playbooks stay frozen during discovery. One variable at a time.