CRITICAL: RECON backends (8420, 8440) accept direct LAN/Tailscale
connections and trust X-Authentik-Username header unconditionally.
Verified exploitation: contacts read, API keys added via spoofed header.
Root cause: No firewall on RECON VM, services bind 0.0.0.0.
Caddy forward_auth is NOT bypassed - direct backend access is the vector.
P0 remediation: Firewall RECON to accept only from CT 101.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
SSH access fixed via cortex jump host to CT 101.
Key finding: navi.echo6.co uses port 8440, not 8420.
/tiles/* already public - same pattern for API routes.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Comprehensive endpoint inventory and auth classification for opening
navi.echo6.co frontend to public while protecting:
- Paid API calls (Google Places, TomTom)
- Per-user data (contacts)
- Admin functions (key management, service control)
Implementation deferred to Phase 3 session.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Hillshade DEM tiles (93 GB, Mapzen terrarium z0-12) now live at
/mnt/nav/tiles/hillshade-na.pmtiles. Place detail proxy (C2b) and
enrichment frontend (C2c) also reflected as complete. Added gotchas
for pi-nas /tmp tmpfs limit and hillshade recovery artifact location.
New Section 11 documents the long-term wilderness-nav endpoint:
off-network pathfinding over cost-surface raster, LLM-generated
cardinal-bearing directions delivered via Meshtastic. Captures
current PoC status, building blocks, missing pieces, and sequencing.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
First commit of the cleanup log to the repo — previously maintained
as an uncommitted working document across sessions.
31 original items triaged. 11 moved to Resolved section with phase
references (6a through 6k, PROJECT-BIBLE rewrite, pi-nas decommission).
5 new backlog items added (duplicate consolidation, legacy data/text
dirs, backup architecture, signal-archive, Phase 5a edge cases).
4,771 duplicate PDFs marked PARTIALLY RESOLVED (hash-match dupes
handled; same-content-different-bytes clusters split to new item).
- Section 2 topology diagram: 'Library (LXC bind) / data /mnt/data/library
→ /mnt/library/ (read/write, local SSD)'
- Section 10 Config table: library_root described as bind-mount root
- Section 13 Filesystem layout: /mnt/library annotated as LXC bind-mount
- Section 14 Refactor history: storage migration note added (NFS history
preserved as historical context)
- Section 15 Operational runbook: replaced recon-backup.timer reference
with planned/TBD note
- Section 16 Known Gotchas: new bullet on bind-mount file ownership and
the absence of NFS / root_squash in the path
- Section 17 Credentials & Hosts: added data host row; rewrote pi-nas
role to backup target (planned, not yet configured) reflecting the
2026-04-15 wipe of /export/library
- Section 18 Open Follow-ups: added backup architecture entry capturing
the missing rsync job and the now-available ~300G pi-nas headroom
Consolidated orientation document for future sessions. Covers pipeline
lifecycle (acquire → dispatch → process → enrich/embed → file),
acquisition modules, dispatcher, per-type processors, filing,
StatusDB schema, config, service threads, dashboard/API, filesystem
layout, refactor history, runbook, known gotchas, and follow-ups.
Sourced from live code on CT 130 (/opt/recon/) including recon.py,
dispatcher.py, filing.py, status.py, the three processors,
acquisition/peertube.py, config.yaml, and api.py.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Document the api.py revert (6e-2) and the shadowlib download
destination fix (6e-3) that redirects all three sources from
/mnt/library/Acquired/[SUBDIR]/ to the new dispatcher hopper
at /opt/recon/data/acquired/pdf/.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Documents the initial 5c-2 failure (ignore_errors=True + root-owned
legacy files), the recovery procedure (hopper reconstitution, orphan
cleanup, processor fix), and the successful retry with pipeline drain
in progress.
Documents dispatcher, transcript processor, text_dir resolution,
and full pipeline test results (172f39ae → skip_unclassified).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
