# Local Skill Mirror: sol37-site-audit This file mirrors the local skill installed at: - `/home/david/.codex/skills/sol37-site-audit/SKILL.md` It exists so the skill itself is auditable in the `random` repo even though `~/.codex` is not currently a git repository. ## Frontmatter ```yaml name: sol37-site-audit description: Use when working on, reviewing, auditing, documenting, or verifying the Sol-37 site in `random/www`, including its retro shell, program pages, content tree, git history, local daemons, Caddy/Cloudflare publishing, logbook backend, metrics pipeline, and media-player/video ingestion path. ``` ## Body ```md # Sol37 Site Audit Use this skill for requests about the site in `/home/david/random/www` and its supporting services. ## Scope This skill covers: - site reviews and architectural summaries - git-history inspection for `random/www` and related backend scripts - runtime verification of Caddy, Cloudflare tunnel, IRC/logbook, and metrics services - content/tree mapping for the public web root - media-player and `/video` pipeline review ## Canonical Audit Summary The committed audit summary and site-server manual live at: - `/home/david/random/docs/sol37-site-audit.md` - `/home/david/random/www/README.md` - `/home/david/random/www/site-server.html` Read those first for current architecture, service layout, boot behavior, and verification commands. ## Files To Inspect First - `/home/david/random/www/index.html` - `/home/david/random/www/README.md` - `/home/david/random/www/site-server.html` - `/home/david/random/www/sitemap.html` - `/home/david/random/www/site-metrics.html` - `/home/david/random/www/programs/logbook.html` - `/home/david/random/www/programs/star-map.html` - `/home/david/random/www/programs/media-player.html` - `/home/david/random/bin/Caddyfile.pkd_share` - `/home/david/random/bin/public_logbook_api.py` - `/home/david/random/bin/public_logbook_irc_logger.py` - `/home/david/random/bin/site_metrics_snapshot.py` - `/home/david/random/bin/video_playlist_watch.py` ## Standard Audit Workflow 1. Inspect repo state: `git -C /home/david/random status --short` 2. Inspect recent site/backend history: `git -C /home/david/random log --oneline --decorate -- www bin` 3. Map the current public tree: `find /home/david/random/www -maxdepth 2 -type f | sort` 4. Verify the local web origin: `curl -I -s http://127.0.0.1:8888/` 5. Verify managed services when relevant: `systemctl --user --type=service --state=running | rg -i 'caddy|cloudflared|logbook|site|video'` 6. Verify timers when relevant: `systemctl --user list-timers --all | rg 'site-metrics|synthetic'` 7. Verify runtime daemons and ports when relevant: `ps -ef | rg -i 'caddy|cloudflared|ngircd|public_logbook|site_index|video_playlist|irc'` `ss -ltnp | rg '(:8888|:6667|:8890)'` 8. Verify user-manager boot persistence when relevant: `loginctl show-user david -p Linger` 9. Verify logbook API when relevant: `curl -s 'http://127.0.0.1:8890/messages?channel=public-logbook&limit=3'` ## Repo And Mirror Workflow Treat the local repo and the public GitHub mirror as different things on purpose. ### Local repo workflow - The authoritative working repo is `/home/david/random`. - Use normal git inspection there first: `git -C /home/david/random status --short` `git -C /home/david/random log --oneline --decorate --graph --max-count=20` `git -C /home/david/random diff --stat` - Make and verify changes in the local repo first. Do not assume the GitHub repo is the source of truth. - Preserve unrelated local changes. The repo may be dirty. - When site behavior depends on machine-local services or files outside git, call that out explicitly. ### Public GitHub mirror workflow - The public mirror remote is currently `davidlones https://github.com/davidlones/random.git`. - `origin https://github.com/08server/random.git` is not reliable; verify before using it. - The public mirror is a curated sanitized snapshot, not a faithful push of local history. - Keep the mirror aligned with the public README and exclude large media, caches, runtime logs, machine-local artifacts, secrets, and other sensitive clutter. - Prefer rebuilding a fresh public snapshot repo and force-pushing that clean snapshot to `davidlones/main` instead of pushing the full local repo history. ### Snapshot mirror procedure 1. Verify the local repo state and inspect what should be public: `git -C /home/david/random status --short` `git -C /home/david/random ls-files` 2. Build a fresh snapshot from tracked files in `/home/david/random`, excluding large or sensitive paths and replacing the top-level README with the curated public README when needed. 3. Scan the snapshot for obvious secrets with `rg` before pushing. 4. Initialize git in the snapshot, create one clean root commit, and force-push it to `davidlones main`. 5. Verify the remote head with: `git ls-remote https://github.com/davidlones/random.git refs/heads/main` ### Mirror rules - Exclude oversized media and binary payloads by default. - Exclude runtime/generated data such as caches, `__pycache__`, temporary artifacts, local logs, and machine-specific state. - Exclude untracked local secret helpers such as `bin/secret_client.py` and `bin/secret_daemon.py`. - Keep placeholders like `OPENAI_API_KEY` if they are just variable names, but do not publish live credential material. - When describing git state, distinguish clearly between: - local repo history - local working tree state - public GitHub snapshot state ## Review Priorities Prioritize: - what is committed vs only live locally - what the shell claims exists vs what the machine actually runs - backend dependencies that are outside git - archive/content discoverability - program-window integration in `index.html` - media-player and `/video` pipeline behavior ## Notes - Treat Sol-37 as a static-site shell with runtime-backed subsystems, not as a framework app. - Prefer the in-tree site-server manual in `www/README.md` and `www/site-server.html` when the user asks for whole-system documentation. - Preserve the distinction between committed repo history and current machine state. - When producing summaries, call out uncommitted operational features explicitly. ```