Initial commit of integrated agent system

deploy/README.md

@@ -0,0 +1,135 @@
+# Deployment Notes
+
+This directory contains the current production-oriented deployment artifacts for
+the 大时代 frontend site and the live gateway process.
+
+## Contents
+
+- [deploy/systemd/evotraders.service](./systemd/evotraders.service)
+  - systemd unit for the long-running 大时代 gateway process
+- [scripts/run_prod.sh](../scripts/run_prod.sh)
+  - production launch script used by the systemd unit
+- [deploy/nginx/bigtime.cillinn.com.conf](./nginx/bigtime.cillinn.com.conf)
+  - HTTPS nginx config with WebSocket proxying
+- [deploy/nginx/bigtime.cillinn.com.http.conf](./nginx/bigtime.cillinn.com.http.conf)
+  - plain HTTP/static-site variant
+
+## Current Production Shape
+
+The checked-in production path is intentionally minimal:
+
+- nginx serves the built frontend from `/var/www/bigtime/current`
+- public domain examples use `bigtime.cillinn.com`
+- nginx proxies `/ws` to `127.0.0.1:8765`
+- systemd runs `scripts/run_prod.sh`
+- `scripts/run_prod.sh` starts `python3 -m backend.main` in live mode on `127.0.0.1:8765`
+
+This means the checked-in production example is centered on the gateway and
+frontend, not on exposing the split FastAPI services directly.
+
+## Important Paths And Ports
+
+- frontend root: `/var/www/bigtime/current`
+- gateway bind: `127.0.0.1:8765`
+- public WebSocket path: `/ws`
+- working directory expected by systemd: `/root/code/evotraders`
+
+## systemd
+
+The current systemd unit:
+
+- uses `WorkingDirectory=/root/code/evotraders`
+- executes [scripts/run_prod.sh](../scripts/run_prod.sh)
+- restarts automatically on failure
+
+Enable and start:
+
+```bash
+sudo cp deploy/systemd/evotraders.service /etc/systemd/system/evotraders.service
+sudo systemctl daemon-reload
+sudo systemctl enable evotraders
+sudo systemctl start evotraders
+```
+
+Check status and logs:
+
+```bash
+sudo systemctl status evotraders
+journalctl -u evotraders -f
+```
+
+## nginx
+
+The HTTPS nginx config does two things:
+
+- redirects `http://bigtime.cillinn.com` to HTTPS
+- proxies `/ws` to the local gateway process with WebSocket upgrade headers
+
+Typical install flow:
+
+```bash
+sudo cp deploy/nginx/bigtime.cillinn.com.conf /etc/nginx/sites-available/bigtime.cillinn.com.conf
+sudo ln -s /etc/nginx/sites-available/bigtime.cillinn.com.conf /etc/nginx/sites-enabled/
+sudo nginx -t
+sudo systemctl reload nginx
+```
+
+The checked-in TLS config expects Let's Encrypt assets at:
+
+- `/etc/letsencrypt/live/bigtime.cillinn.com/fullchain.pem`
+- `/etc/letsencrypt/live/bigtime.cillinn.com/privkey.pem`
+
+## Environment Expectations
+
+Before using the production scripts, ensure the runtime environment has:
+
+- a usable Python environment
+- backend dependencies installed from `requirements.txt`
+- the package installed with `pip install -e .` or `uv pip install -e .`
+- frontend dependencies installed with `npm ci`
+- repo dependencies installed
+- required market/model API keys
+- any desired `TICKERS` override
+
+Recommended production install sequence:
+
+```bash
+python3 -m venv .venv
+source .venv/bin/activate
+pip install -r requirements.txt
+pip install -e .
+cd frontend && npm ci && npm run build && cd ..
+```
+
+The production script currently sets:
+
+```bash
+PYTHONPATH=/root/code/evotraders/.pydeps:.
+TICKERS=${TICKERS:-AAPL,MSFT,GOOGL,AMZN,NVDA,META,TSLA,AMD,NFLX,AVGO,PLTR,COIN}
+```
+
+It then launches:
+
+```bash
+python3 -m backend.main \
+  --mode live \
+  --config-name production \
+  --host 127.0.0.1 \
+  --port 8765 \
+  --trigger-time now \
+  --poll-interval 15
+```
+
+## What This Deployment Does Not Yet Cover
+
+The checked-in deployment artifacts do not currently document or automate:
+
+- split FastAPI service deployment on `8000` to `8004`
+- OpenClaw gateway deployment on `18789`
+- database backup/retention workflows
+- frontend build/publish steps
+- secret management
+
+If you move production fully to split-service mode, update this directory so it
+documents the new service topology explicitly instead of relying on the gateway-
+only path.

deploy/nginx/bigtime.cillinn.com.conf

@@ -0,0 +1,42 @@
+server {
+    listen 80;
+    server_name bigtime.cillinn.com;
+
+    location /.well-known/acme-challenge/ {
+        root /var/www/bigtime/current;
+        allow all;
+    }
+
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}
+
+server {
+    listen 443 ssl http2;
+    server_name bigtime.cillinn.com;
+
+    root /var/www/bigtime/current;
+    index index.html;
+
+    ssl_certificate /etc/letsencrypt/live/bigtime.cillinn.com/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/bigtime.cillinn.com/privkey.pem;
+    include /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+
+    location /ws {
+        proxy_pass http://127.0.0.1:8765;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_read_timeout 300s;
+    }
+
+    location / {
+        try_files $uri $uri/ /index.html;
+    }
+}

deploy/nginx/bigtime.cillinn.com.http.conf

@@ -0,0 +1,15 @@
+server {
+    listen 80;
+    server_name bigtime.cillinn.com;
+
+    root /var/www/bigtime/current;
+    index index.html;
+
+    location /.well-known/acme-challenge/ {
+        allow all;
+    }
+
+    location / {
+        try_files $uri $uri/ /index.html;
+    }
+}

deploy/systemd/evotraders.service

@@ -0,0 +1,14 @@
+[Unit]
+Description=大时代 Production Service
+After=network.target
+
+[Service]
+Type=simple
+WorkingDirectory=/root/code/evotraders
+ExecStart=/root/code/evotraders/scripts/run_prod.sh
+Restart=always
+RestartSec=5
+Environment=PYTHONUNBUFFERED=1
+
+[Install]
+WantedBy=multi-user.target