v1.0 - Version stable: multi-PC, détection UI-DETR-1, 3 modes exécution

- Frontend v4 accessible sur réseau local (192.168.1.40) - Ports ouverts: 3002 (frontend), 5001 (backend), 5004 (dashboard) - Ollama GPU fonctionnel - Self-healing interactif - Dashboard confiance Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-29 11:23:51 +01:00
parent 21bfa3b337
commit a27b74cf22
1595 changed files with 412691 additions and 400 deletions
--- a/deploy/logrotate/rpa-vision-v3
+++ b/deploy/logrotate/rpa-vision-v3
@@ -0,0 +1,8 @@
+/opt/rpa_vision_v3/logs/*.log {
+  daily
+  rotate 14
+  compress
+  missingok
+  notifempty
+  copytruncate
+}
--- a/deploy/prometheus/prometheus.yml
+++ b/deploy/prometheus/prometheus.yml
@@ -0,0 +1,14 @@
+global:
+  scrape_interval: 15s
+  evaluation_interval: 15s
+
+scrape_configs:
+  - job_name: 'rpa-vision-v3-api'
+    metrics_path: /metrics
+    static_configs:
+      - targets: ['127.0.0.1:8000']
+
+  - job_name: 'rpa-vision-v3-dashboard'
+    metrics_path: /metrics
+    static_configs:
+      - targets: ['127.0.0.1:5001']
--- a/deploy/systemd/rpa-vision-v3-api.service
+++ b/deploy/systemd/rpa-vision-v3-api.service
@@ -0,0 +1,38 @@
+[Unit]
+Description=RPA Vision V3 - Upload API (FastAPI)
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Type=simple
+
+# ---- Runtime ----
+User=rpa
+Group=rpa
+WorkingDirectory=/opt/rpa_vision_v3/server
+EnvironmentFile=/etc/rpa_vision_v3/rpa_vision_v3.env
+Environment="PYTHONUNBUFFERED=1"
+Environment="ENVIRONMENT=production"
+Environment="RPA_SERVICE_NAME=rpa-vision-v3-api"
+
+# Sécurité : valide les secrets (exit !=0 => systemd restart)
+ExecStart=/opt/rpa_vision_v3/venv_v3/bin/python api_upload.py
+
+# ---- Resilience ----
+Restart=on-failure
+RestartSec=3
+TimeoutStopSec=30
+
+# ---- Hardening (raisonnable pour un MVP) ----
+NoNewPrivileges=true
+PrivateTmp=true
+ProtectSystem=strict
+ProtectHome=true
+ReadWritePaths=/opt/rpa_vision_v3/data /opt/rpa_vision_v3/logs
+
+# Logs -> journald
+StandardOutput=journal
+StandardError=journal
+
+[Install]
+WantedBy=multi-user.target
--- a/deploy/systemd/rpa-vision-v3-artifact-retention.service
+++ b/deploy/systemd/rpa-vision-v3-artifact-retention.service
@@ -0,0 +1,10 @@
+[Unit]
+Description=RPA Vision V3 - Artifact retention / rotation
+
+[Service]
+Type=oneshot
+User=rpa
+Group=rpa
+WorkingDirectory=/opt/rpa_vision_v3
+EnvironmentFile=/etc/rpa_vision_v3/rpa_vision_v3.env
+ExecStart=/opt/rpa_vision_v3/venv_v3/bin/python -m core.system.artifact_retention
--- a/deploy/systemd/rpa-vision-v3-artifact-retention.timer
+++ b/deploy/systemd/rpa-vision-v3-artifact-retention.timer
@@ -0,0 +1,10 @@
+[Unit]
+Description=RPA Vision V3 - Artifact retention timer
+
+[Timer]
+OnCalendar=*-*-* 03:15:00
+Persistent=true
+Unit=rpa-vision-v3-artifact-retention.service
+
+[Install]
+WantedBy=timers.target
--- a/deploy/systemd/rpa-vision-v3-dashboard.service
+++ b/deploy/systemd/rpa-vision-v3-dashboard.service
@@ -0,0 +1,31 @@
+[Unit]
+Description=RPA Vision V3 - Web Dashboard (Flask)
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Type=simple
+User=rpa
+Group=rpa
+WorkingDirectory=/opt/rpa_vision_v3
+EnvironmentFile=/etc/rpa_vision_v3/rpa_vision_v3.env
+Environment="PYTHONUNBUFFERED=1"
+Environment="ENVIRONMENT=production"
+Environment="RPA_SERVICE_NAME=rpa-vision-v3-dashboard"
+ExecStart=/opt/rpa_vision_v3/venv_v3/bin/python web_dashboard/app.py
+
+Restart=on-failure
+RestartSec=3
+TimeoutStopSec=30
+
+NoNewPrivileges=true
+PrivateTmp=true
+ProtectSystem=strict
+ProtectHome=true
+ReadWritePaths=/opt/rpa_vision_v3/data /opt/rpa_vision_v3/logs
+
+StandardOutput=journal
+StandardError=journal
+
+[Install]
+WantedBy=multi-user.target
--- a/deploy/systemd/rpa-vision-v3-healthcheck.service
+++ b/deploy/systemd/rpa-vision-v3-healthcheck.service
@@ -0,0 +1,16 @@
+[Unit]
+Description=RPA Vision V3 - Healthcheck
+After=network-online.target
+Wants=network-online.target
+
+# Si le healthcheck échoue, on redémarre le stack.
+OnFailure=rpa-vision-v3-recover.service
+
+[Service]
+Type=oneshot
+WorkingDirectory=/opt/rpa_vision_v3
+EnvironmentFile=/etc/rpa_vision_v3/rpa_vision_v3.env
+ExecStart=/opt/rpa_vision_v3/server/healthcheck.sh
+
+[Install]
+WantedBy=multi-user.target
--- a/deploy/systemd/rpa-vision-v3-healthcheck.timer
+++ b/deploy/systemd/rpa-vision-v3-healthcheck.timer
@@ -0,0 +1,11 @@
+[Unit]
+Description=RPA Vision V3 - Healthcheck timer
+
+[Timer]
+OnBootSec=30s
+OnUnitActiveSec=60s
+AccuracySec=5s
+Unit=rpa-vision-v3-healthcheck.service
+
+[Install]
+WantedBy=timers.target
--- a/deploy/systemd/rpa-vision-v3-recover.service
+++ b/deploy/systemd/rpa-vision-v3-recover.service
@@ -0,0 +1,8 @@
+[Unit]
+Description=RPA Vision V3 - Recover stack (restart services)
+
+[Service]
+Type=oneshot
+# Important: nécessite root pour systemctl
+User=root
+ExecStart=/bin/bash -lc 'systemctl restart rpa-vision-v3-api.service rpa-vision-v3-dashboard.service rpa-vision-v3-worker.service || true'
--- a/deploy/systemd/rpa-vision-v3-worker.service
+++ b/deploy/systemd/rpa-vision-v3-worker.service
@@ -0,0 +1,29 @@
+[Unit]
+Description=RPA Vision V3 - Processing Worker (external)
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Type=simple
+User=rpa
+Group=rpa
+WorkingDirectory=/opt/rpa_vision_v3/server
+EnvironmentFile=/etc/rpa_vision_v3/rpa_vision_v3.env
+Environment="PYTHONUNBUFFERED=1"
+ExecStart=/opt/rpa_vision_v3/venv_v3/bin/python worker_daemon.py
+
+Restart=on-failure
+RestartSec=3
+TimeoutStopSec=60
+
+NoNewPrivileges=true
+PrivateTmp=true
+ProtectSystem=strict
+ProtectHome=true
+ReadWritePaths=/opt/rpa_vision_v3/data /opt/rpa_vision_v3/logs
+
+StandardOutput=journal
+StandardError=journal
+
+[Install]
+WantedBy=multi-user.target
--- a/deploy/systemd/rpa_vision_v3.env.example
+++ b/deploy/systemd/rpa_vision_v3.env.example
@@ -0,0 +1,39 @@
+# /etc/rpa_vision_v3/rpa_vision_v3.env
+
+# --- Secrets (OBLIGATOIRES en prod) ---
+ENCRYPTION_PASSWORD=CHANGE_ME
+SECRET_KEY=CHANGE_ME
+
+# --- Runtime ---
+ENVIRONMENT=production
+
+# --- Fiche #24 - Observabilité ---
+# Label Prometheus (surcouche). En prod, les unités systemd posent déjà une valeur par service.
+# RPA_SERVICE_NAME=rpa-vision-v3
+
+# Worker mode:
+#   thread   -> worker intégré à l'API
+#   external -> worker dans rpa-vision-v3-worker.service (recommandé prod)
+#   disabled -> API upload only
+RPA_PROCESSING_WORKER=external
+
+# Ports (healthcheck.sh les utilise)
+RPA_API_HOST=127.0.0.1
+RPA_API_PORT=8000
+RPA_DASHBOARD_HOST=127.0.0.1
+RPA_DASHBOARD_PORT=5001
+RPA_CHECK_DASHBOARD=1
+
+# Worker heartbeat (si worker external)
+RPA_WORKER_HEARTBEAT_PATH=data/runtime/health/worker_heartbeat.json
+RPA_WORKER_HEARTBEAT_MAX_AGE_S=60
+
+# Retention / rotation
+RPA_DATA_DIR=data
+RPA_RETENTION_FAILURE_CASES_DAYS=14
+RPA_RETENTION_ARCHIVE_FAILURE_CASES=true
+RPA_RETENTION_WATCHDOG_DAYS=7
+RPA_RETENTION_GUARD_REPORTS_DAYS=30
+
+# Healthcheck - disque
+RPA_MIN_FREE_MB=1024