Box
- Provider/spec: Hetzner Cloud CCX13 (dedicated AMD x86, 2 vCPU / 8 GB / 75 GB), Ubuntu 24.04, Ashburn VA (US-east — keeps HS/Gmail geo-security from tripping).
- IP:
178.156.250.227—ssh -i ~/.ssh/skyrun_cloud root@178.156.250.227(dedicated keypair, no passphrase; generated 2026-05-15). - Provisioned by
~/Library/Application Support/SkyRun/cloud_provision.sh(idempotent, reproducible — fixed this session for the fluxbox/&systemd bug, password-VNC, and path symlinks).
Layout / how the macOS code runs unchanged
- Runtime at
/home/skyrun/SkyRun; Desktop data at/home/skyrun/DesktopSkyRun. - Path-compat symlinks make the 44 scripts run with ZERO edits: home-relative (
~/Library/Application Support/SkyRun,~/Desktop/SkyRun) AND absolute (/Users/josephbowens/...) both symlink to the above. cloud_bridge.py= Playwright/CDP drop-in forchrome_bridge.ChromeBridge, activated by envSKYRUN_BRIDGE=cloud+SKYRUN_CDP_URL=http://127.0.0.1:9222. The switch lives at the bottom ofchrome_bridge.py(default/macOS path unchanged). It is a process-wide singleton — Playwright sync allows only one per process; bv_driver + current_owner_check bothChromeBridge()in one process.- systemd:
skyrun-xvfb,skyrun-fluxbox,skyrun-chrome(headful Chrome, CDP :9222, persistent profile/home/skyrun/.config/skyrun-chrome),skyrun-vnc(x11vnc, localhost-only, passwordSkyrun25, reach viassh -L <localport>:localhost:5900thenopen vnc://localhost:<localport>— use a local port ≠5900; macOS occupies 5900). - Vendor sessions logged in on the box profile (one-time, by Joseph via VNC 2026-05-15): Gmail joseph.bowens@skyrun.com, HubSpot portal 23273108, BeenVerified, Track, KeyData. (SmartLead handled by CF workers, not the box browser.)
VERIFIED 2026-05-15
bv_driver enrich --lead-id R085030 --no-write on the box returned identical output to the Mac (status ok; R085030/Harman; emails dharman@amdarchitects.com +2; phones (303) 388-6973 +2). The R-03 current-owner gate ran a live HubSpot CSRF query in the cloud and correctly returned the lead clean. The hardest, browser-dependent core of the migration is proven.
PARTIAL FLIP EXECUTED 2026-05-15 PM (BV-enrichment only)
- BV enrichment is now LIVE on the box, autonomous.
skyrun-bv-enrichment.timerenabled (4×/day 07,11,15,19 MDT,drain-queue --limit 20). Macdaily-beenverified-enrichmentPAUSED (no double-spend). Macbv-pipeline-watchdogPAUSED (it read Mac heartbeats → false "BV down" alarms post-flip). - Budget depletion of the ~386 unused BV reports (renews ~Jun 6): queue rebuilt to individuals-only (308; entities always no_match=0 depletion; individuals ~90% match). Verified evidence 5/15: jump-starts ran 0 errors, ~10+ reports consumed, 80-lead drain running. Trajectory ≈ ~300/386 depleted by ~May 20. NOT 386 — BV has no record for the rest; closing the gap needs NEW leads (scout, currently broken).
- No split-brain: box pushes contacts to HubSpot (shared SoR); Mac SoT stays authoritative;
cloud_sync_pull.shstays GUARDED OFF (flag absent); SoT↔HS reconciles via existing DQ/cloud reconcilers. - Stays on Mac (cannot go headless — Claude-agent tasks): property-scout, nightly-consolidation, live-ea, commitment-tracker, transcript-scan, DQ. The box has no Claude agent runtime. "Mac fully off" therefore NOT achieved — only BV enrichment is Mac-independent.
- Scout broken since 5/4 (silent crashes 5/11+): dead
sale.jspDiscovery Source 1 + WRONG HS field names in skill (rental_property_street_address→should berental_property_address/_state_region/_zip_code) + agent/browser constraint. NOT faked/auto-appended (crown-jewel protection). Needs a dedicated scripted-discovery rebuild — tracked gap. - Open monitoring gap: post-flip there is no correct BV watchdog (Mac one paused/false-alarming; box heartbeat task-id mismatch). Heartbeat-aggregation rework is the next infra task.
STATE — phased cutover (Joseph chose "Phased & safe" 2026-05-15)
- Box timers installed DISABLED:
skyrun-bv-enrichment,skyrun-property-scout,skyrun-freshness-detector,skyrun-freshness-processor,skyrun-bv-pipeline-watchdog(only the 5 core browser tasks are on the box; the other ~15 Mac fleet tasks + PWA build/deploy are NOT). - Mac fleet remains authoritative and running. No double-run / no split-brain currently.
- Do NOT enable the box timers until the phased plan is complete (see runbook below). Enabling early double-spends BV budget and risks corrupting the master SoT workbook.
Sync foundation — BUILT + dry-run VERIFIED 2026-05-15 (inactive by design)
~/Library/Application Support/SkyRun/cloud_sync_pull.sh— Mac-side, one-way box→Mac pull of the box's authoritative outputs (Prospecting & Leads incl. SoT workbook, DNC json,state/,pwa/data/,health/). Box is always-on authority; Mac pulls when on (for PWA build + Joseph visibility); box never pushes (Mac may be off).- HARD GUARD: refuses any real run unless
~/Library/Application Support/SkyRun/state/CLOUD_AUTHORITATIVEexists. Pre-flip the Mac is authoritative; pulling box data over it = reverse split-brain. The flip runbook creates that flag as its deliberate last step, so the script is inert + safe to exist/schedule now.--dry-runalways safe. - Verified 2026-05-15 dry-run: ok=4 warn=0 skip=1 (health/ absent until box fleet runs — expected). Handles macOS's ancient rsync (no -s/--info) by escaping spaces/& in remote paths.
⚙️ ATOMIC FLIP RUNBOOK (do NOT run until full-fleet migration done)
Prereqs before flipping: (a) the box-runnable deterministic tasks staged as systemd timers (disabled); (b) honest per-SKILL review of which Mac scheduled-tasks are deterministic-python (box-runnable) vs genuinely LLM-agent (consolidation, live-EA drafting, commitment extraction — these CANNOT be pure-python timers; the box has no Claude agent runtime — this boundary is real and unsolved, NOT yet classified reliably).
Flip steps (single coordinated switch):
1. Pause the Mac fleet: disable the migrated scheduled-tasks (mcp scheduled-tasks → enabled:false) + launchctl unload the migrated launchd jobs.
2. ssh root@178.156.250.227 'systemctl enable --now skyrun-*.timer' (enable the staged box timers).
3. touch "~/Library/Application Support/SkyRun/state/CLOUD_AUTHORITATIVE" (arms cloud_sync_pull.sh).
4. Schedule cloud_sync_pull.sh on the Mac (launchd, e.g. every 15 min) so PWA/visibility stays current when the Mac is on.
5. Verify: box heartbeats appear in box:/home/skyrun/SkyRun/health; one cloud_sync_pull.sh real run pulls them to the Mac; no Mac-side double-run.
Rollback: reverse (rm the flag, disable box timers, re-enable Mac fleet) — box→Mac sync is non-destructive (backups in state/cloud_sync_backups/).
How to apply: This is real infrastructure — when work touches the cloud migration, BV/scout/freshness automation location, or "get it off the Mac," start from this file. Box is a verified, idle, ready staging env with a verified safe sync foundation. Remaining: stage the rest of the deterministic timers + the honest deterministic-vs-LLM fleet classification, THEN the atomic flip above. The browser keystone + sync are proven; the flip is gated on the fleet classification, not on technical risk.