Auto merge dev → main (#1353)

* feat(gateway): hashed key store with grant + hot reload

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* feat(gateway): channel registry + aiohttp app (keyed auth, whoami, per-channel ws/proxy)

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* feat(gateway): manage_keys CLI (add/list/revoke)

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* feat(gateway): retire srebot_external, run relay-gateway under PM2

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* feat(gateway): point ecosystem + README at relay-gateway

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* feat(tss): replay outbox producer for relay gateway

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* feat(tss): forward processed games to relay outbox

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* feat(tss-api): db helpers, app skeleton, info endpoint, fixtures

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* feat(tss-api): player, games, history, search endpoints

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* feat(tss-api): live, match, scoreboard, matches-search, maps

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* feat(tss-api): filter-required leaderboards (players/vehicles/stats)

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* feat(tss-api): tournament list/detail/standings/matches

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* feat: wire tss upstream through gateway + tssbot-api PM2 app

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
NotSoToothless
2026-06-28 03:38:20 -07:00
committed by GitHub
parent ea5494bce0
commit cbb532a711
3 changed files with 60 additions and 395 deletions
+26 -19
View File
@@ -40,6 +40,9 @@
SREBOT_EXTERNAL_PORT=18081
SREBOT_EXTERNAL_BEARER_TOKEN=your_external_bridge_token # Optional, protects the bridge API and websocket
SREBOT_EXTERNAL_UPSTREAM_URL=http://127.0.0.1:6000
TSS_EXTERNAL_UPSTREAM_URL=http://127.0.0.1:6100 # Enables /api/tss/* proxy (omit -> 501)
TSS_API_HOST=127.0.0.1 # tssbot-api bind host
TSS_API_PORT=6100 # tssbot-api bind port
SREBOT_TTL_ALERT_WEBHOOK_URL=https://discord.com/api/webhooks/... # Optional, maintains one Discord status message for TTL degradation/recovery
NODE_ENV=production
PYTHONUNBUFFERED=1
@@ -50,30 +53,34 @@
python BotScript.py
```
### AXBot bridge process
### Relay gateway
`ecosystem.config.js` now includes a dedicated PM2 app named `srebot-axbot`.
It proxies read-only SREBOT queries and broadcasts replay/GOB envelopes over
websocket on the same external port.
Its outbox/state files live under the shared storage volume configured in
`.env` via `STORAGE_VOL_PATH`.
`ecosystem.config.js` includes a unified PM2 app named `relay-gateway`
(code in `BOTS/SHARED/relay_gateway/`). It fronts **both** bots:
- proxies read-only queries: `/api/sqb/*` → SREBOT's internal API (`:6000`);
`/api/tss/*` → the TSS HTTP API (`:6100`) or `501` until it is deployed
- streams replay envelopes over `/ws/sqb` and `/ws/tss`
- authenticates every request/socket against per-person keys at three levels
(`all`/`sqb`/`tss`) stored in `$STORAGE_VOL_PATH/relay_keys.json`
(SHA-256-hashed tokens, hot-reloaded on change)
Outbox/state files live under the shared storage volume (`STORAGE_VOL_PATH`):
`external_bridge_outbox.jsonl` (sqb) and `tss_bridge_outbox.jsonl` (tss).
Useful commands:
```bash
pm2 start ecosystem.config.js --only srebot-api
pm2 start ecosystem.config.js --only srebot-axbot
pm2 logs srebot-axbot
pm2 start ecosystem.config.js --only relay-gateway
pm2 logs relay-gateway
# manage downstream keys (run from BOTS/SHARED with the shared venv):
python -m relay_gateway.manage_keys --file "$STORAGE_VOL_PATH/relay_keys.json" add --name cn-axbot --level sqb
python -m relay_gateway.manage_keys --file "$STORAGE_VOL_PATH/relay_keys.json" list
python -m relay_gateway.manage_keys --file "$STORAGE_VOL_PATH/relay_keys.json" revoke --name cn-axbot
```
Clients should point their query client at:
```env
SREBOT_API_BASE_URL=http://<srebot-host>:18081
```
The bridge app logs both sides of the transfer:
- incoming client HTTP requests
- outgoing proxy responses
- websocket envelopes broadcast to connected clients
# test
Downstream consumers (e.g. BOT-RELAY) discover their channels from
`GET /api/whoami` and connect to `/ws/<channel>` + `/api/<channel>/*` using their
bearer token. Point them at `http://<srebot-host>:18081`.