# CGPT DONE - HL Dashboard Docker on 19a

Date: 2026-05-16
Target: 19a / a02.verity.one
Path: `/opt/veritize-docker/ops/hl-dashboard`

## Action

Built and started the Hyperledger Agent Audit Dashboard as a Docker container on 19a.

## Files / Config

- Dashboard source: `/opt/veritize-docker/ops/hl-dashboard`
- Docker image: `verity/hl-dashboard:latest`
- Container: `hl-dashboard`
- Host bind: `127.0.0.1:3100 -> 3100/tcp`
- HL API base: `https://hl.verity.one`
- Queue mount: `/opt/veritize-docker/ops/hl/queued -> /data/hl-queue:ro`
- Env file: `/opt/veritize-docker/ops/hl-dashboard/.env`

## Safety Decision

The dashboard is bound to localhost only. It is not public through nginx yet.

Reason: the dashboard includes replay controls. Until auth/nginx policy is decided, exposing it publicly would create avoidable mutation risk.

## Build / Run Result

```text
Docker version 29.5.0
Docker Compose version v5.1.3
Image built: verity/hl-dashboard:latest
Container started: hl-dashboard
Container health: healthy
```

Docker healthcheck was patched from `localhost` to `127.0.0.1`:

```text
http://127.0.0.1:3100/api/config
```

Backup:

```text
/opt/veritize-docker/ops/hl-dashboard/Dockerfile.bak-health-20260516-2001
```

## Verification

Dashboard config endpoint:

```json
{"hl_api_base":"https://hl.verity.one","hl_queue_dir":"/data/hl-queue","port":"3100","uptime_s":48,"node_version":"v20.20.2"}
```

Queue endpoint:

```text
GET http://127.0.0.1:3100/api/queue -> count: 3
```

Queued receipts visible:

- `HL-2026-05-15-191806-AUTOMATION34.json`
- `HL-2026-05-16-132511-DATACERT-I18N.json`
- `HL-2026-05-16-141840-GEMWALLET-STANDALONE.json`

HL upstream endpoint:

```json
{"endpoint":"https://hl.verity.one/api/health","reachable":false,"http_status":0,"latency_ms":8003,"data":{"error":"The user aborted a request."}}
```

Interpretation: dashboard is healthy; upstream HL endpoint remains unavailable/timing out.

## Access

Current safe access from an operator machine:

```powershell
plink.exe -batch -P 2222 -hostkey "SHA256:j8jK42NJk8t4cyDo00qn0WctPq2laiOMzhYBB+Gn21o" -i ".\keys\verity-one-private.ppk" -L 3100:127.0.0.1:3100 root@a02.verity.one
```

Then open:

```text
http://127.0.0.1:3100/
```

## Next Recommended Step

If AR wants browser access without SSH tunnel, add nginx route with authentication, for example:

```text
https://hl.verity.one/dashboard/
```

Do not expose replay controls publicly without auth.

TRUTH MATTERS(R)