- Wrap backend uvicorn with proper working directory subshell
- Wrap frontend Next.js server with proper working directory subshell
- Use subshell syntax (cd && run) to ensure processes inherit correct context
- Fixes processes starting but immediately crashing
- Replace wait with infinite monitoring loop
- Detect and warn if processes die instead of killing them
- Allows independent process failures without terminating script
- Trap still catches Ctrl-C to graceful shutdown
- Virtual environment should be .venv in project root, not parent folder
- Fix venv creation and activation path logic
- Ensures venv is created and found in correct location
- Create .venv automatically if missing
- Activate virtual environment before pip install
- Fixes PEP 668 externally-managed-environment error on Python 3.12
- Virtual environment isolated from system Python packages
- Created OPERATIONAL_RUNBOOK.md: comprehensive step-by-step procedures for both Docker and Standalone deployment modes covering deployment, daily ops, troubleshooting, backup/restore, disaster recovery, scaling, and updates
- Created HEALTH_MONITORING_CHECKLIST.md: daily/weekly/monthly health check procedures with alert thresholds and quick troubleshooting reference
- Created DISASTER_RECOVERY_PLAN.md: detailed procedures for 6 failure scenarios (database corruption, hardware failure, data center failure, app crash, disk full, network isolation) with RTO/RPO targets
- Created CONFIGURATION_REFERENCE.md: complete documentation of all inventory.env parameters for both deployment modes with common scenarios and troubleshooting
- Created EMERGENCY_PROCEDURES.md: quick-reference incident response playbook with 7 critical scenarios, decision tree, escalation path, and printable cheat sheet
- Created scripts/backup.sh: automated backup script supporting both Docker and Standalone with integrity verification and retention management
- Created scripts/restore.sh: restore script with triple confirmation, safety backups, and validation tests for both deployment modes
- Created config/backup-cron.sh: installer for daily/weekly automated backup cron jobs (2 AM daily, 3 AM Sunday)
All documentation covers dual-deployment modes with shared configuration files.
Documentation is operator-ready with copy-paste commands and clear expected outputs.
- Add -9 (force kill) flag to all pkill commands
- Kill Python backend processes explicitly
- Kill npm and node processes
- Use fuser to kill processes bound to ports 8000, 3001, 3002, 3003
- Add 1 second wait after cleanup
- Ensures absolutely clean state before restart
- Add signal traps for SIGINT (Ctrl-C) and SIGTERM
- Cleanup function kills all child processes gracefully
- Script now exits cleanly without hanging
- Users can press Ctrl-C to stop all services at once
local-ssl-proxy was binding to 0.0.0.0 which doesn't work reliably for
cross-network access (VPN, remote clients). Now binds to SERVER_IP from
inventory.env, ensuring the proxy is reachable from all networks that can
reach the server's main IP address.
- Next.js allowedDevOrigins now loaded from ALLOWED_DEV_ORIGINS env var
- start_server.sh generates ALLOWED_DEV_ORIGINS from EXTRA_ALLOWED_ORIGINS
- Subnet notation (10.0.0.0/24) auto-converts to wildcard patterns (10.0.0.*)
- Individual IPs convert to subnet patterns (192.168.1.100 -> 192.168.1.*)
- Zero hardcoded IPs in source code - all from inventory.env
- Add ipaddress module for subnet parsing (10.0.0.0/24 format)
- Implement subnet validation in CORS middleware
- Separate individual IPs from subnet definitions in EXTRA_ALLOWED_ORIGINS
- Custom SubnetAwareCORSMiddleware for dynamic origin validation
- Support both exact IP matches and subnet ranges
- Backward compatible with existing ALLOWED_ORIGINS list
- Resolves sqlite3.OperationalError when database path is relative
- Uses script directory as base for all relative paths
- Ensures consistent behavior regardless of working directory
- DATA_DIR=./data points backend to correct config location
- Ensures ldap_config.json and database are found consistently
- Matches docker-compose setup
- Update start_server.sh to auto-detect local IP and export ALLOWED_ORIGINS
- Includes both localhost and detected IP on HTTP/HTTPS proxy ports
- Export JWT_SECRET_KEY with ephemeral key if not set
- Fix Romanian comments in docker-compose.yml to English
- Document two deployment methods in SESSION_STATE.md