chore: sync current workspace changes

deploy/README.md

@@ -0,0 +1,121 @@
+# Deployment Notes
+
+This directory contains the current production-oriented deployment artifacts for
+the EvoTraders frontend site and the live gateway process.
+
+## Contents
+
+- [deploy/systemd/evotraders.service](./systemd/evotraders.service)
+  - systemd unit for the long-running EvoTraders gateway process
+- [scripts/run_prod.sh](../scripts/run_prod.sh)
+  - production launch script used by the systemd unit
+- [deploy/nginx/evotraders.cillinn.com.conf](./nginx/evotraders.cillinn.com.conf)
+  - HTTPS nginx config with WebSocket proxying
+- [deploy/nginx/evotraders.cillinn.com.http.conf](./nginx/evotraders.cillinn.com.http.conf)
+  - plain HTTP/static-site variant
+
+## Current Production Shape
+
+The checked-in production path is intentionally minimal:
+
+- nginx serves the built frontend from `/var/www/evotraders/current`
+- nginx proxies `/ws` to `127.0.0.1:8765`
+- systemd runs `scripts/run_prod.sh`
+- `scripts/run_prod.sh` starts `python3 -m backend.main` in live mode on `127.0.0.1:8765`
+
+This means the checked-in production example is centered on the gateway and
+frontend, not on exposing the split FastAPI services directly.
+
+## Important Paths And Ports
+
+- frontend root: `/var/www/evotraders/current`
+- gateway bind: `127.0.0.1:8765`
+- public WebSocket path: `/ws`
+- working directory expected by systemd: `/root/code/evotraders`
+
+## systemd
+
+The current systemd unit:
+
+- uses `WorkingDirectory=/root/code/evotraders`
+- executes [scripts/run_prod.sh](../scripts/run_prod.sh)
+- restarts automatically on failure
+
+Enable and start:
+
+```bash
+sudo cp deploy/systemd/evotraders.service /etc/systemd/system/evotraders.service
+sudo systemctl daemon-reload
+sudo systemctl enable evotraders
+sudo systemctl start evotraders
+```
+
+Check status and logs:
+
+```bash
+sudo systemctl status evotraders
+journalctl -u evotraders -f
+```
+
+## nginx
+
+The HTTPS nginx config does two things:
+
+- redirects `http://evotraders.cillinn.com` to HTTPS
+- proxies `/ws` to the local gateway process with WebSocket upgrade headers
+
+Typical install flow:
+
+```bash
+sudo cp deploy/nginx/evotraders.cillinn.com.conf /etc/nginx/sites-available/evotraders.cillinn.com.conf
+sudo ln -s /etc/nginx/sites-available/evotraders.cillinn.com.conf /etc/nginx/sites-enabled/
+sudo nginx -t
+sudo systemctl reload nginx
+```
+
+The checked-in TLS config expects Let's Encrypt assets at:
+
+- `/etc/letsencrypt/live/evotraders.cillinn.com/fullchain.pem`
+- `/etc/letsencrypt/live/evotraders.cillinn.com/privkey.pem`
+
+## Environment Expectations
+
+Before using the production scripts, ensure the runtime environment has:
+
+- a usable Python environment
+- repo dependencies installed
+- required market/model API keys
+- any desired `TICKERS` override
+
+The production script currently sets:
+
+```bash
+PYTHONPATH=/root/code/evotraders/.pydeps:.
+TICKERS=${TICKERS:-AAPL,MSFT,GOOGL,AMZN,NVDA,META,TSLA,AMD,NFLX,AVGO,PLTR,COIN}
+```
+
+It then launches:
+
+```bash
+python3 -m backend.main \
+  --mode live \
+  --config-name production \
+  --host 127.0.0.1 \
+  --port 8765 \
+  --trigger-time now \
+  --poll-interval 15
+```
+
+## What This Deployment Does Not Yet Cover
+
+The checked-in deployment artifacts do not currently document or automate:
+
+- split FastAPI service deployment on `8000` to `8004`
+- OpenClaw gateway deployment on `18789`
+- database backup/retention workflows
+- frontend build/publish steps
+- secret management
+
+If you move production fully to split-service mode, update this directory so it
+documents the new service topology explicitly instead of relying on the gateway-
+only path.