docker-deploy-smoke

.env.example

@@ -20,7 +20,5 @@ SECRET_KEY=change-this-long-random-secret
 REDIS_URL=redis://redis:6379/0
 OCR_PROVIDER=tesseract
 OCR_LANGUAGES=eng+rus+kor
-LLM_BASE_URL=
-LLM_MODEL=
 ADMIN_TELEGRAM_IDS=
 ADMIN_BOOTSTRAP_TOKEN=

DEPLOY.md

@@ -19,7 +19,7 @@ Edit `.env` and set real secrets:
 - `INTERNAL_API_TOKEN`
 - `SECRET_KEY`
 - `REDIS_URL` if Redis is external
-- `VAPID_PUBLIC_KEY` / `VAPID_PRIVATE_KEY` when browser push is enabled
+- `VAPID_PUBLIC_KEY` / `VAPID_PRIVATE_KEY` only when browser push beta is enabled
 - `ADMIN_TELEGRAM_IDS`
 
 Production must use public HTTPS URLs and `ALLOW_DEV_AUTH=false`.
@@ -34,6 +34,7 @@ curl -fsS http://127.0.0.1:8000/ready
 ```
 
 The default compose stack includes Postgres, Redis, API and bot services with health checks, restart policies and log rotation.
+Telegram notifications are the primary pilot notification channel. Browser push currently stores subscriptions and is treated as beta until server-side Web Push delivery is enabled.
 
 ## Git-Based Update
 
@@ -51,7 +52,7 @@ The script runs:
 - Docker build/up
 - `alembic upgrade head`
 - Python smoke compile
-- `/ready` health check
+- `/health`, `/ready` and `/metrics` smoke checks
 
 Do not use rsync as the primary deploy mechanism.
 
@@ -75,12 +76,24 @@ Create a compressed custom-format dump before risky deploys:
 BACKUP_DIR=/opt/carpass/backups ./scripts/backup_db.sh
 ```
 
+Compatibility wrapper:
+
+```bash
+BACKUP_DIR=/opt/carpass/backups ./scripts/backup.sh
+```
+
 Restore only during a maintenance window:
 
 ```bash
 ./scripts/restore_db.sh /opt/carpass/backups/carpass-drivers-YYYYMMDDTHHMMSSZ.dump
 ```
 
+Compatibility wrapper:
+
+```bash
+./scripts/restore.sh /opt/carpass/backups/carpass-drivers-YYYYMMDDTHHMMSSZ.dump
+```
+
 For volume-level recovery, back up the Docker named volumes `pgdata` and `redisdata` according to the host backup policy.
 
 ## Logs

README.md

@@ -63,6 +63,8 @@ CarPass создает рекомендации обслуживания из д
 
 Уведомления имеют статусы `pending`, `processing`, `sent`, `failed`, `retrying`, `abandoned`, `read`, счетчик повторов и idempotency key, чтобы не плодить дубли.
 
+Telegram-уведомления являются основным каналом закрытого пилота. Browser push уже умеет сохранять подписки в Mini App и принимать push-события в service worker, но серверная Web Push-доставка помечена как beta и не считается критическим каналом пилота.
+
 ## Безопасность данных
 
 CarPass не раскрывает историю автомобиля по одному VIN или госномеру. СТО видит только разрешенный владельцем объем данных: базовую карточку, историю обслуживания или полный доступ. Любые чувствительные изменения, включая VIN, номер, пробег и технические параметры, проходят подтверждение владельца.

app/core/config.py

@@ -22,8 +22,6 @@ class Settings(BaseSettings):
     allow_dev_auth: bool = False
     ocr_provider: str = "tesseract"
     ocr_languages: str = "eng+rus+kor"
-    llm_base_url: str = ""
-    llm_model: str = ""
     admin_telegram_ids: str = ""
     admin_bootstrap_token: str = ""
 

docker-compose.yml

@@ -54,8 +54,6 @@ services:
       ALLOW_DEV_AUTH: ${ALLOW_DEV_AUTH:-false}
       OCR_PROVIDER: ${OCR_PROVIDER:-tesseract}
       OCR_LANGUAGES: ${OCR_LANGUAGES:-eng+rus+kor}
-      LLM_BASE_URL: ${LLM_BASE_URL:-}
-      LLM_MODEL: ${LLM_MODEL:-}
       REDIS_URL: ${REDIS_URL:-redis://redis:6379/0}
       SECRET_KEY: ${SECRET_KEY:-}
       VAPID_PUBLIC_KEY: ${VAPID_PUBLIC_KEY:-}
@@ -91,8 +89,6 @@ services:
       APP_ENV: ${APP_ENV:-development}
       OCR_PROVIDER: ${OCR_PROVIDER:-tesseract}
       OCR_LANGUAGES: ${OCR_LANGUAGES:-eng+rus+kor}
-      LLM_BASE_URL: ${LLM_BASE_URL:-}
-      LLM_MODEL: ${LLM_MODEL:-}
       REDIS_URL: ${REDIS_URL:-redis://redis:6379/0}
       SECRET_KEY: ${SECRET_KEY:-}
     depends_on:

scripts/backup.sh

@@ -0,0 +1,4 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+exec "$(dirname "$0")/backup_db.sh" "$@"

scripts/deploy.sh

@@ -44,6 +44,7 @@ for attempt in {1..30}; do
   if curl -fsS "$HEALTH_URL" >/tmp/carpass-ready.json; then
     cat /tmp/carpass-ready.json
     echo
+    BASE_URL="${BASE_URL:-${HEALTH_URL%/ready}}" ./scripts/smoke_test.sh
     $COMPOSE ps
     exit 0
   fi

scripts/restore.sh

@@ -0,0 +1,4 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+exec "$(dirname "$0")/restore_db.sh" "$@"

scripts/smoke_test.sh

@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+BASE_URL="${BASE_URL:-http://127.0.0.1:8000}"
+
+echo "Checking health..."
+curl -fsS "$BASE_URL/health"
+echo
+
+echo "Checking readiness..."
+curl -fsS "$BASE_URL/ready"
+echo
+
+echo "Checking metrics..."
+curl -fsS "$BASE_URL/metrics" | grep -q "carpass_requests_total"
+echo "Smoke test passed."