HQ01 host deployment

As of PASS 0003A, HQ01 is served directly on the host (not in a Docker container) so that:

• the app can write to /srv/aaf (uploads, session runtime), and
• the Session Manager spawns Claude CLI processes that genuinely run on HQ01, using the host's /usr/bin/claude.

Traefik (still in Docker) routes hq.agentsaf.com to the host on port 4000 via a file provider (infrastructure/compose/traefik/dynamic/hq01.yml) using host.docker.internal. The old hq01 container has been retired (its image is kept as hq01-hq01:latest for rollback).

Make the host app durable (requires sudo — run once)

The app currently runs as a temporary background process. Install the systemd unit so it auto-starts on boot and restarts on crash:

# stop the temporary process started during deployment
kill "$(cat /srv/aaf/runtime/hq01-host.pid)" 2>/dev/null || true

# install + enable the service
sudo cp /srv/aaf/infrastructure/systemd/hq01.service /etc/systemd/system/hq01.service
sudo systemctl daemon-reload
sudo systemctl enable --now hq01.service

# verify
systemctl status hq01.service --no-pager
curl -s -o /dev/null -w "%{http_code}\n" http://127.0.0.1:4000/

Rebuild / deploy a new version

cd /srv/aaf/repositories/aaf-holdings/hq01
npm ci          # only if dependencies changed
npm run build
sudo systemctl restart hq01.service   # if installed as a service

Rollback to the container (if ever needed)

# point traefik back at the container and remove the host file-route
docker compose -f /srv/aaf/infrastructure/compose/hq01/docker-compose.yml up -d
# (and remove infrastructure/compose/traefik/dynamic/hq01.yml, then recreate traefik)