Initial import — snapshot from admin host /srv/gosec/gsc-ops-api
This repo had no version control prior to this commit. The import is a
straight snapshot of the working tree at 2026-05-03; the deployed
binary on fihelvop01 was being rebuilt from this source via `make
build` + scp into place, with no upstream review path.
The snapshot already includes one in-flight fix made on 2026-05-03 to
internal/service/persona.go:GetSelfModel — the handler queried
`source` and `strength` columns plus an `is_active = true` filter on
persona.persona_commitments, none of which exist on that table (its
shape is session-bound commitments with `status`, `commitment_meta`,
etc.). The query returned a 500 every time SynapseHub bootstrapped a
persona's self-model, dropping the IdentityConstraints / Commitments /
ConscienceStandards layer from the assembled prompt. The patched
query reads existing columns only (commitment_text, commitment_type),
filters on `status='active'`, and synthesises Source="learned" /
Strength=1.0 to keep the SelfModel response shape stable for callers.
Verified live: `GET /api/v1/personas/70f7cfd9-.../self-model` now
returns 200 with `{identityConstraints:[],commitments:[],
conscienceStandards:[]}` instead of 500.
Future changes go through PRs against this repo — no more bin-only
deploys.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Claude (gsc-ops-api init)
75
configs/asterisk/pjsip.conf
Normal file
75
configs/asterisk/pjsip.conf
Normal file
@@ -0,0 +1,75 @@
|
||||
; PJSIP Configuration — Transport, Global, and ACL only
|
||||
; All endpoints/auths/AORs are loaded from PostgreSQL via ODBC Realtime
|
||||
|
||||
[global]
|
||||
type=global
|
||||
user_agent=GoSec-PBX
|
||||
|
||||
[transport-udp]
|
||||
type=transport
|
||||
protocol=udp
|
||||
bind=0.0.0.0:5060
|
||||
|
||||
; ACL to allow only Kamailio servers
|
||||
[kamailio-acl]
|
||||
type=acl
|
||||
permit=172.17.6.42/32
|
||||
permit=172.17.6.43/32
|
||||
permit=172.17.6.1/32
|
||||
|
||||
; === Kamailio Dispatcher Health Checks ===
|
||||
; These remain static — Kamailio needs them for OPTIONS pings
|
||||
[dispatcher]
|
||||
type=endpoint
|
||||
context=from-kamailio
|
||||
disallow=all
|
||||
allow=ulaw
|
||||
allow=alaw
|
||||
allow=g729
|
||||
direct_media=no
|
||||
rtp_symmetric=yes
|
||||
force_rport=yes
|
||||
rewrite_contact=yes
|
||||
aors=dispatcher-aor
|
||||
|
||||
[dispatcher-aor]
|
||||
type=aor
|
||||
qualify_frequency=0
|
||||
|
||||
[identify-kamailio1]
|
||||
type=identify
|
||||
endpoint=dispatcher
|
||||
match=172.17.6.42/32
|
||||
|
||||
[identify-kamailio2]
|
||||
type=identify
|
||||
endpoint=dispatcher
|
||||
match=172.17.6.43/32
|
||||
|
||||
[identify-kamailio-vip]
|
||||
type=identify
|
||||
endpoint=dispatcher
|
||||
match=172.17.6.1/32
|
||||
|
||||
; === Kamailio Outbound Endpoint ===
|
||||
; Static — used by dialplan for outbound calls via Kamailio VIP
|
||||
[kamailio-out]
|
||||
type=endpoint
|
||||
context=from-kamailio
|
||||
disallow=all
|
||||
allow=ulaw
|
||||
allow=alaw
|
||||
allow=g729
|
||||
direct_media=no
|
||||
rtp_symmetric=yes
|
||||
force_rport=yes
|
||||
rewrite_contact=yes
|
||||
trust_id_inbound=yes
|
||||
send_rpid=yes
|
||||
acl=kamailio-acl
|
||||
aors=kamailio-out-aor
|
||||
|
||||
[kamailio-out-aor]
|
||||
type=aor
|
||||
contact=sip:172.17.6.1:5060
|
||||
qualify_frequency=30
|
||||
Reference in New Issue
Block a user