# Stonks Oracle — Project Context ## Overview Stonks Oracle is a Kubernetes-native AI market intelligence and paper-trading platform. Python monorepo with services under `services/`, infrastructure under `infra/`, lakehouse schemas under `lakehouse/`, frontend React dashboard under `frontend/`, and dashboards under `dashboards/`. ## Local Dev Environment - NixOS dev environment, Python 3.12 - Virtual environment at `.venv/` — always use it for Python commands - For tools not in `.venv/` (like `ruff`, `gh`), use `nix-shell -p --run ""` - Node.js 24 for frontend (`frontend/` directory) - Docker available locally for image builds (but let CI handle pushes) ## Live Endpoints - Dashboard: `https://stonks.celestium.life` - Query API: `https://stonks-api.celestium.life` - Symbol Registry: `https://stonks-registry.celestium.life` - Superset: `https://stonks-dash.celestium.life` - Trino: `https://stonks-trino.celestium.life` ## Infrastructure - Kubernetes cluster: 4x NixOS nodes (gremlin-1 through gremlin-4), reachable via `kubectl`, `virtctl`, `ssh root@gremlin-{1,2,3,4}` - NixOS configs stored at `/etc/nixos` on gremlin-1, git-pushed to other hosts - Ingress: Traefik, domain `*.celestium.life` - Cert-Manager: `ca-issuer` (local CA) for internal services - Container registry: `ghcr.io/celesrenata/stonks-oracle` ## CI/CD - GitHub Actions workflow at `.github/workflows/build.yml` - Push to `main` triggers: lint → pytest → frontend vitest → build all service images + dashboard + superset → push to GHCR - Images tagged as `ghcr.io/celesrenata/stonks-oracle/:` and `:latest` - Dashboard image: `frontend/Dockerfile` (multi-stage: node:24 → nginx-unprivileged on port 8080) - Superset image: `docker/Dockerfile.superset` (apache/superset + trino + psycopg2) - Python service images: `docker/Dockerfile` with `SERVICE_CMD` build arg - Let CI handle image builds and pushes — do NOT manually `docker build && docker push` - Check CI status: `nix-shell -p gh --run "gh run list -L 3"` ## Deployment Scripts - `~/sources/kube/stonks-oracle/runmefirst.sh` — full deploy: DB setup, migrations, Helm install, rolling restart - `~/sources/kube/stonks-oracle/runmelast.sh` — teardown: Helm uninstall, clean resources (preserves DB/MinIO/Redis) - After CI builds, deploy with: `helm upgrade --install stonks-oracle infra/helm/stonks-oracle -n stonks-oracle` - Restart a single service: `kubectl rollout restart deployment/ -n stonks-oracle` ## API Secrets - Stored as files in repo root (gitignored): `polygon.io.key`, `alpaca.key`, `alpaca.secret`, `alpaca.url` - GitHub token at `/run/secrets/github_token` - Injected into K8s secrets via `runmefirst.sh` Helm `--set` flags ## Existing Cluster Services (do NOT redeploy these) - PostgreSQL: `postgresql-rw.postgresql-service.svc.cluster.local:5432` - Redis: `redis-master.redis-service.svc.cluster.local:6379` - MinIO: `minio.minio-service.svc.cluster.local:80` (API) - Ollama: `ollama.ollama-service.svc.cluster.local:11434` (cluster-internal), also at `http://10.1.1.12:2701` (external), GPU: 4070 Ti Super 16GB ## Key Conventions - All services use `services/shared/config.py` for configuration via env vars - Redis queues defined in `services/shared/redis_keys.py` - Pydantic schemas in `services/shared/schemas.py` - Helm chart in `infra/helm/stonks-oracle/`, all in `stonks-oracle` namespace - Lakehouse DDL in `lakehouse/schemas/` - Frontend proxies: `/api/` → query-api:8000, `/registry/` → symbol-registry:8000, `/risk/` → risk:8000 - Network policies: default-deny with explicit allow rules per service