Dom/rpa_vision_v3
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

v1.0 - Version stable: multi-PC, détection UI-DETR-1, 3 modes exécution

Browse Source 
- Frontend v4 accessible sur réseau local (192.168.1.40)
- Ports ouverts: 3002 (frontend), 5001 (backend), 5004 (dashboard)
- Ollama GPU fonctionnel
- Self-healing interactif
- Dashboard confiance

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Dom
2026-01-29 11:23:51 +01:00
parent 21bfa3b337
commit a27b74cf22
1595 changed files with 412691 additions and 400 deletions
Download Patch File Download Diff File Expand all files Collapse all files

73
docs/guides/SECURITY_QUICKSTART.md Normal file
View File

@@ -0,0 +1,73 @@
# 🔐 Sécurité / Tokens — Quickstart (Fiche #23)
## TL;DR
- **DEV/local**: `./run.sh` crée (si absent) `.env.local` avec des tokens et te donne un lien Dashboard.
- **PROD/systemd**: `sudo ./server/install_prod_stack.sh` crée `/etc/rpa_vision_v3/rpa_vision_v3.env`
**et génère automatiquement** les secrets/tokens si tu as laissé `CHANGE_ME`.
---
## 1) DEV / Local (run.sh)
Au premier lancement:
```bash
./run.sh
```
Le script va:
- créer `.env.local` (permissions 600 implicites via umask)
- charger les variables
- t'afficher un lien:
`http://localhost:5001/?token=<READ_ONLY>`
### Appels API (exemples)
```bash
# Read-only
curl -H "Authorization: Bearer $RPA_TOKEN_READONLY" \
http://localhost:8000/api/traces/status
# Admin
curl -H "Authorization: Bearer $RPA_TOKEN_ADMIN" \
http://localhost:8000/admin/security/status
```
---
## 2) PROD / systemd (installation)
```bash
sudo ./server/install_prod_stack.sh
```
Le script:
- copie `/etc/rpa_vision_v3/rpa_vision_v3.env`
- génère automatiquement:
- `ENCRYPTION_PASSWORD`, `SECRET_KEY`
- `RPA_TOKEN_ADMIN`, `RPA_TOKEN_READONLY`
- `AUTOHEAL_ADMIN_TOKEN`
### Où retrouver les tokens
```bash
sudo grep -E '^RPA_TOKEN_(ADMIN|READONLY)=' /etc/rpa_vision_v3/rpa_vision_v3.env
sudo grep -E '^AUTOHEAL_ADMIN_TOKEN=' /etc/rpa_vision_v3/rpa_vision_v3.env
```
---
## 3) Rotation (si tu veux changer les tokens)
```bash
sudo ./server/bootstrap_secrets_env.sh /etc/rpa_vision_v3/rpa_vision_v3.env
sudo systemctl restart rpa-vision-v3-api rpa-vision-v3-dashboard rpa-vision-v3-worker
```
---
## 4) Modes "safe"
- `DEMO_SAFE=1` : bloque les endpoints "dangereux" (écritures / admin), utile en démo.
- `RPA_KILL_SWITCH=1` : stop global (hard stop) tant que la variable est à 1.