feat: rename tak to int, add worldmonitor stack

Reviewed-on: #50

.gitignore

@@ -0,0 +1,13 @@
+# Temp/scratch files — never commit these
+*.bak
+*.swp
+*.tmp
+*~
+scratch/
+.env
+.env.local
+tmp/
+temp/
+replace_compose.py
+entrypoint-*.sh
+copy_*.txt

ai/compose.yml

@@ -32,9 +32,11 @@ services:
         - default
     container_name: hermes
     entrypoint: ["/bin/bash", "-c",
-      "bash /opt/data/hermes-tools/install.sh && bash /opt/data/hermes-tools/run-multi-gateways.sh && exec /usr/bin/tini -g -- /opt/hermes/docker/entrypoint.sh \"$@\"",
+      "bash /opt/data/hermes-tools/install.sh && bash /usr/local/bin/run-multi-gateways.sh && exec /usr/bin/tini -g -- /opt/hermes/docker/entrypoint.sh \"$@\"",
       "hermes-entrypoint"]
     restart: always
+    # Gateway run enables the internal API server on port 8642
+    command: gateway run
     environment:
       - OLLAMA_HOST=http://ollama:11434
       - HERMES_DASHBOARD=1

ai/hermes/Dockerfile

@@ -76,6 +76,10 @@ os.remove(tgz)
 print('himalaya v1.2.0 installed')
 PYEOF
 
+# ---------- Install multi-gateway launcher ----------
+# Launches one gateway process per profile (HERMES_PROFILES env var)
+COPY --chmod=0755 run-multi-gateways.sh /usr/local/bin/run-multi-gateways.sh
+
 # ---------- Runtime ----------
 USER hermes
 ENV HERMES_HOME=/opt/data

ai/hermes/run-multi-gateways.sh

@@ -0,0 +1,32 @@
+#!/bin/bash
+# Multi-gateway launcher for HERMES_PROFILES env var.
+# Reads comma-separated profile names, spawns one gateway per profile.
+# Designed to run before the main entrypoint — gateways run in background.
+set -e
+
+if [ -z "${HERMES_PROFILES}" ]; then
+  echo "HERMES_PROFILES not set — skipping multi-gateway launch"
+  exit 0
+fi
+
+# Source venv to make 'hermes' available (entrypoint.sh sources it later,
+# but we need it NOW for the background gateways)
+HERMES_BIN="/opt/hermes/.venv/bin/hermes"
+if [ ! -x "$HERMES_BIN" ]; then
+  echo "ERROR: hermes binary not found at $HERMES_BIN"
+  exit 1
+fi
+
+mkdir -p /opt/data/logs
+
+IFS=',' read -ra PROFILES <<< "${HERMES_PROFILES}"
+for profile in "${PROFILES[@]}"; do
+  profile="$(echo "${profile}" | xargs)"  # trim whitespace
+  [ -z "${profile}" ] && continue
+
+  echo "Starting gateway for profile: ${profile}"
+  nohup env API_SERVER_ENABLED=false API_SERVER_KEY= gosu hermes "$HERMES_BIN" --profile "${profile}" gateway run \
+      >> "/opt/data/logs/gateway-${profile}.log" 2>&1 &
+done
+
+echo "All gateways launched: ${HERMES_PROFILES}"

int/.env.example

@@ -0,0 +1,53 @@
+# =============================================================================
+# WorldMonitor — Environment Variables
+# =============================================================================
+# Copy this file to .env (gitignored) and fill in your keys.
+# All keys are optional — the dashboard works without them,
+# but the corresponding features will be disabled.
+#
+# Usage:
+#   cp .env.example .env.local   (docker-compose auto-loads .env from CWD)
+#
+# For production secrets, add these to the shared containers.env
+# agenix secret at: secrets/containers.env.age
+# =============================================================================
+
+# ── REQUIRED: These containers refuse to start without them ──
+# Generate with: openssl rand -hex 32
+REDIS_PASSWORD=
+REDIS_TOKEN=
+RELAY_SHARED_SECRET=
+
+# ── LLM / AI (for intelligence assessments) ──
+# Pick one or both
+GROQ_API_KEY=               # https://console.groq.com (free: 14,400 req/day)
+OPENROUTER_API_KEY=         # https://openrouter.ai (free: 50 req/day)
+
+# ── Markets & Economics (optional) ──
+FINNHUB_API_KEY=            # https://finnhub.io (free tier)
+FRED_API_KEY=               # https://fred.stlouisfed.org (free)
+EIA_API_KEY=                # https://www.eia.gov/opendata/ (free)
+
+# ── Aviation (optional) ──
+AVIATIONSTACK_API=          # https://aviationstack.com (free tier)
+WINGBITS_API_KEY=           # https://wingbits.com (contact them)
+
+# ── Maritime (optional) ──
+AISSTREAM_API_KEY=          # https://aisstream.io (free tier)
+
+# ── Conflict & Unrest (optional) ──
+ACLED_ACCESS_TOKEN=         # https://acleddata.com (free for researchers)
+
+# ── Earth Observation (optional) ──
+NASA_FIRMS_API_KEY=         # https://firms.modaps.eosdis.nasa.gov (free)
+
+# ── Infrastructure / Internet (optional) ──
+CLOUDFLARE_API_TOKEN=       # https://developers.cloudflare.com/fundamentals/api/
+
+# ── Port (optional, defaults to 3000) ──
+WM_PORT=3000
+
+# ── Convex (for cloud sync / auth — optional for self-host) ──
+CONVEX_URL=
+CLERK_SECRET_KEY=
+VITE_CLERK_PUBLISHABLE_KEY=

int/compose.yml

@@ -0,0 +1,177 @@
+# =============================================================================
+# Integrations stack
+# =============================================================================
+# Currently running: WorldMonitor
+# Planned: TAK server (commented out — needs fixing)
+# =============================================================================
+
+# ── TAK Server (FreeTAKServer) ──
+# Disabled: needs debugging. Was having connectivity/auth issues.
+# See: https://github.com/FreeTAKTeam/FreeTAKServer
+#
+# services:
+#   freetakserver:
+#     image: ghcr.io/freetakteam/freetakserver:master
+#     container_name: freetakserver
+#     hostname: freetakserver
+#     restart: always
+#     networks:
+#       - int_backend
+#     volumes:
+#       - /mnt/HoardingCow_docker_data/TAK/fts_data:/opt/fts:z,rw
+#     ports:
+#       - 8087:8087
+#       - 8089:8089
+#       - 8443:8443
+#       - 9000:9000
+#       - 19023:19023
+#     environment:
+#       FTS_FED_PASSWORD: "${FTS_FED_PASSWORD}"
+#       FTS_CLIENT_CERT_PASSWORD: "${FTS_CLIENT_CERT_PASSWORD}"
+#       FTS_WEBSOCKET_KEY: "${FTS_WEBSOCKET_KEY}"
+#       FTS_SECRET_KEY: "${FTS_SECRET_KEY}"
+#       FTS_CONNECTION_MESSAGE: "Welcome to FreeTAKServer. The Parrot is not dead. It's just resting"
+#       FTS_COT_PORT: 8087
+#       FTS_SSLCOT_PORT: 8089
+#       FTS_API_PORT: 19023
+#       FTS_FED_PORT: 9000
+#       FTS_DP_ADDRESS: 'freetakserver'
+#       FTS_USER_ADDRESS: 'freetakserver'
+#       FTS_API_ADDRESS: 'freetakserver'
+#       FTS_ROUTING_PROXY_SUBSCRIBE_PORT: 19030
+#       FTS_ROUTING_PROXY_SUBSCRIBE_IP: 'freetakserver'
+#       FTS_ROUTING_PROXY_PUBLISHER_PORT: 19032
+#       FTS_ROUTING_PROXY_PUBLISHER_IP: 'freetakserver'
+#       FTS_ROUTING_PROXY_SERVER_PORT: 19031
+#       FTS_ROUTING_PROXY_SERVER_IP: 'freetakserver'
+#       FTS_INTEGRATION_MANAGER_PULLER_PORT: 19033
+#       FTS_INTEGRATION_MANAGER_PULLER_ADDRESS: 'freetakserver'
+#       FTS_INTEGRATION_MANAGER_PUBLISHER_PORT: 19034
+#       FTS_INTEGRATION_MANAGER_PUBLISHER_ADDRESS: 'freetakserver'
+#       FTS_OPTIMIZE_API: "True"
+#       FTS_DATA_RECEPTION_BUFFER: 1024
+#       FTS_MAX_RECEPTION_TIME: 4
+#       FTS_NUM_ROUTING_WORKERS: 3
+#       FTS_COT_TO_DB: "True"
+#       FTS_MAINLOOP_DELAY: 100
+#       FTS_EMERGENCY_RADIUS: 0
+#       FTS_LOG_LEVEL: "info"
+#
+#   freetakserver-ui:
+#     image: ghcr.io/freetakteam/ui:latest
+#     container_name: freetakserver-ui
+#     hostname: freetakserver-ui
+#     restart: always
+#     networks:
+#       - int_net
+#     ports:
+#       - 5000:5000
+#     volumes:
+#       - /mnt/HoardingCow_docker_data/TAK/fts_ui_data:/home/freetak/data:z,rw
+#     environment:
+#       FTS_IP: "freetakserver" 
+#       FTS_API_PORT: 19023
+#       FTS_API_PROTO: 'http'
+#       FTS_UI_EXPOSED_IP: 'freetakserver-ui'
+#       FTS_MAP_EXPOSED_IP: '127.0.0.1'
+#       FTS_MAP_PORT: 8000
+#       FTS_MAP_PROTO: 'http'
+#       FTS_UI_PORT: 5000
+#       FTS_UI_WSKEY: "${FTS_WEBSOCKET_KEY}"
+#       FTS_API_KEY: 'Bearer token'
+#       FTS_UI_SQLALCHEMY_DATABASE_URI: 'sqlite:////home/freetak/data/FTSServer-UI.db'
+#     labels:
+#       - "traefik.enable=true"
+#       - "traefik.docker.network=traefik-net"
+#       - "traefik.http.routers.fts-ui-http.rule=Host(`tak.lazyworkhorse.net`)"
+#       - "traefik.http.routers.fts-ui-http.entrypoints=web"
+#       - "traefik.http.routers.fts-ui-http.middlewares=redirect-to-https"
+#       - "traefik.http.routers.fts-ui-https.rule=Host(`tak.lazyworkhorse.net`)"
+#       - "traefik.http.routers.fts-ui-https.entrypoints=websecure"
+#       - "traefik.http.routers.fts-ui-https.tls=true"
+#       - "traefik.http.routers.fts-ui-https.tls.certresolver=njalla"
+#       - "traefik.http.services.fts-ui.loadbalancer.server.port=5000"
+#       - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
+
+# ── WorldMonitor ──
+# Real-time global intelligence dashboard
+# Repo: https://github.com/koala73/worldmonitor
+# Self-hosted, map-first OSINT with MCP support (39 tools)
+services:
+
+  worldmonitor:
+    build:
+      context: https://github.com/koala73/worldmonitor.git
+      dockerfile: Dockerfile
+    image: worldmonitor:latest
+    container_name: worldmonitor
+    ports:
+      - "${WM_PORT:-3000}:8080"
+    environment:
+      UPSTASH_REDIS_REST_URL: "http://redis-rest:80"
+      UPSTASH_REDIS_REST_TOKEN: "${REDIS_TOKEN:?REDIS_TOKEN required}"
+      LOCAL_API_PORT: "46123"
+      LOCAL_API_MODE: "docker"
+      LOCAL_API_CLOUD_FALLBACK: "false"
+      WS_RELAY_URL: "http://ais-relay:3004"
+      # LLM providers (optional — features degrade gracefully)
+      LLM_API_URL: "${LLM_API_URL:-}"
+      LLM_API_KEY: "${LLM_API_KEY:-}"
+      LLM_MODEL: "${LLM_MODEL:-}"
+      GROQ_API_KEY: "${GROQ_API_KEY:-}"
+      # Data source API keys (optional — features degrade gracefully)
+      AISSTREAM_API_KEY: "${AISSTREAM_API_KEY:-}"
+      FINNHUB_API_KEY: "${FINNHUB_API_KEY:-}"
+      EIA_API_KEY: "${EIA_API_KEY:-}"
+      FRED_API_KEY: "${FRED_API_KEY:-}"
+      ACLED_ACCESS_TOKEN: "${ACLED_ACCESS_TOKEN:-}"
+      NASA_FIRMS_API_KEY: "${NASA_FIRMS_API_KEY:-}"
+      CLOUDFLARE_API_TOKEN: "${CLOUDFLARE_API_TOKEN:-}"
+      AVIATIONSTACK_API: "${AVIATIONSTACK_API:-}"
+    depends_on:
+      redis-rest:
+        condition: service_started
+      ais-relay:
+        condition: service_started
+    restart: unless-stopped
+
+  ais-relay:
+    build:
+      context: https://github.com/koala73/worldmonitor.git
+      dockerfile: Dockerfile.relay
+    image: worldmonitor-ais-relay:latest
+    container_name: worldmonitor-ais-relay
+    environment:
+      AISSTREAM_API_KEY: "${AISSTREAM_API_KEY:-}"
+      PORT: "3004"
+    restart: unless-stopped
+
+  redis:
+    image: docker.io/redis:7-alpine
+    container_name: worldmonitor-redis
+    command: >
+      redis-server
+      --requirepass "${REDIS_PASSWORD:?REDIS_PASSWORD required}"
+      --maxmemory 256mb
+      --maxmemory-policy allkeys-lru
+    volumes:
+      - wm-redis-data:/data
+    restart: unless-stopped
+
+  redis-rest:
+    build:
+      context: https://github.com/koala73/worldmonitor.git
+      dockerfile: docker/Dockerfile.redis-rest
+    image: worldmonitor-redis-rest:latest
+    container_name: worldmonitor-redis-rest
+    ports:
+      - "127.0.0.1:8079:80"
+    environment:
+      SRH_TOKEN: "${REDIS_TOKEN:?REDIS_TOKEN required}"
+      SRH_CONNECTION_STRING: "redis://:${REDIS_PASSWORD:?REDIS_PASSWORD required}@redis:6379"
+    depends_on:
+      - redis
+    restart: unless-stopped
+
+volumes:
+  wm-redis-data:

tak/compose.yml

@@ -1,98 +0,0 @@
-services:
-  freetakserver:
-    image: ghcr.io/freetakteam/freetakserver:master
-    container_name: freetakserver
-    hostname: freetakserver
-    restart: always
-    networks:
-      - tak_backend
-    volumes:
-      - /mnt/HoardingCow_docker_data/TAK/fts_data:/opt/fts:z,rw
-    ports:
-      - 8087:8087
-      - 8089:8089
-      - 8443:8443
-      - 9000:9000
-      - 19023:19023
-    environment:
-      FTS_FED_PASSWORD: "${FTS_FED_PASSWORD}"
-      FTS_CLIENT_CERT_PASSWORD: "${FTS_CLIENT_CERT_PASSWORD}"
-      FTS_WEBSOCKET_KEY: "${FTS_WEBSOCKET_KEY}"
-      FTS_SECRET_KEY: "${FTS_SECRET_KEY}"
-      FTS_CONNECTION_MESSAGE: "Welcome to FreeTAKServer. The Parrot is not dead. It's just resting"
-      FTS_COT_PORT: 8087
-      FTS_SSLCOT_PORT: 8089
-      FTS_API_PORT: 19023
-      FTS_FED_PORT: 9000
-      FTS_DP_ADDRESS: 'freetakserver'
-      FTS_USER_ADDRESS: 'freetakserver'
-      FTS_API_ADDRESS: 'freetakserver'
-      FTS_ROUTING_PROXY_SUBSCRIBE_PORT: 19030
-      FTS_ROUTING_PROXY_SUBSCRIBE_IP: 'freetakserver'
-      FTS_ROUTING_PROXY_PUBLISHER_PORT: 19032
-      FTS_ROUTING_PROXY_PUBLISHER_IP: 'freetakserver'
-      FTS_ROUTING_PROXY_SERVER_PORT: 19031
-      FTS_ROUTING_PROXY_SERVER_IP: 'freetakserver'
-      FTS_INTEGRATION_MANAGER_PULLER_PORT: 19033
-      FTS_INTEGRATION_MANAGER_PULLER_ADDRESS: 'freetakserver'
-      FTS_INTEGRATION_MANAGER_PUBLISHER_PORT: 19034
-      FTS_INTEGRATION_MANAGER_PUBLISHER_ADDRESS: 'freetakserver'
-      FTS_OPTIMIZE_API: "True"
-      FTS_DATA_RECEPTION_BUFFER: 1024
-      FTS_MAX_RECEPTION_TIME: 4
-      FTS_NUM_ROUTING_WORKERS: 3
-      FTS_COT_TO_DB: "True"
-      FTS_MAINLOOP_DELAY: 100
-      FTS_EMERGENCY_RADIUS: 0
-      FTS_LOG_LEVEL: "info"
-
-  freetakserver-ui:
-    image: ghcr.io/freetakteam/ui:latest
-    container_name: freetakserver-ui
-    hostname: freetakserver-ui
-    restart: always
-    networks:
-      - tak_net
-    ports:
-      - 5000:5000
-    volumes:
-      - /mnt/HoardingCow_docker_data/TAK/fts_ui_data:/home/freetak/data:z,rw
-    environment:
-      FTS_IP: "freetakserver" 
-      FTS_API_PORT: 19023
-      FTS_API_PROTO: 'http'
-      FTS_UI_EXPOSED_IP: 'freetakserver-ui'
-      FTS_MAP_EXPOSED_IP: '127.0.0.1'
-      FTS_MAP_PORT: 8000
-      FTS_MAP_PROTO: 'http'
-      FTS_UI_PORT: 5000
-      FTS_UI_WSKEY: "${FTS_WEBSOCKET_KEY}"
-      FTS_API_KEY: 'Bearer token'
-      FTS_UI_SQLALCHEMY_DATABASE_URI: 'sqlite:////home/freetak/data/FTSServer-UI.db'
-    labels:
-      - "traefik.enable=true"
-      - "traefik.docker.network=traefik-net"
-
-      # HTTP -> HTTPS Redirect
-      - "traefik.http.routers.fts-ui-http.rule=Host(`tak.lazyworkhorse.net`)"
-      - "traefik.http.routers.fts-ui-http.entrypoints=web"
-      - "traefik.http.routers.fts-ui-http.middlewares=redirect-to-https"
-
-      # HTTPS Router
-      - "traefik.http.routers.fts-ui-https.rule=Host(`tak.lazyworkhorse.net`)"
-      - "traefik.http.routers.fts-ui-https.entrypoints=websecure"
-      - "traefik.http.routers.fts-ui-https.tls=true"
-      - "traefik.http.routers.fts-ui-https.tls.certresolver=njalla"
-      
-      # Service & Port
-      - "traefik.http.services.fts-ui.loadbalancer.server.port=5000"
-
-      # Reuse your existing redirect middleware
-      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
-
-networks:
-  tak_net:
-    external: true
-  tak_backend:
-    driver: bridge
-    name: tak_backend