61841b8291
- Add scripts/it-ops (Proxmox collector, IPAM drift, export orchestrator) - Add sankofa-it-read-api stub with optional CORS and refresh - Add systemd examples for read API, weekly inventory export, timer - Add live-inventory-drift GitHub workflow (dispatch + weekly) - Add IT controller spec, runbooks, Keycloak ensure-it-admin-role script - Note IT_READ_API env on portal sync completion output Made-with: Cursor
Sankofa IT read API (Phase 0)
Minimal read-only JSON service for reports/status/live_inventory.json and drift.json. Intended to run on a LAN host (or CT) with access to the repo checkout and optional SSH to Proxmox for refresh.
Run
cd /path/to/proxmox
python3 services/sankofa-it-read-api/server.py
With API key protection for /v1/*:
export IT_READ_API_KEY='your-long-random-secret'
python3 services/sankofa-it-read-api/server.py
Clients send X-API-Key: your-long-random-secret on /v1/inventory/*. /health stays unauthenticated.
Endpoints
| Method | Path | Description |
|---|---|---|
| GET | /health |
Liveness + paths |
| GET | /v1/inventory/live |
Latest live guest inventory |
| GET | /v1/inventory/drift |
Latest drift report |
| POST | /v1/inventory/refresh |
Runs scripts/it-ops/export-live-inventory-and-drift.sh (requires IT_READ_API_KEY) |
Optional IT_READ_API_CORS_ORIGINS: comma-separated browser origins; enables OPTIONS and Access-Control-Allow-* for direct SPA calls (prefer Next.js /api/it/* proxy so keys stay server-side).
systemd
See config/systemd/sankofa-it-read-api.service.example.
Next (full BFF)
Replace with OIDC-validated service, Postgres, and Proxmox/UniFi adapters per SANKOFA_IT_OPERATIONS_CONTROLLER_SPEC.md.