Kaiza MCP Server

RPI_DEPLOYMENT.md•12.7 KiB

# ATLAS-GATE MCP - Raspberry Pi Deployment Guide ## System Status: ✅ READY FOR RASPBERRY PI - All dependencies: Pure JavaScript (ARM compatible) - Memory footprint: ~80 MB (fits in 512 MB RAM) - Disk space: 225 MB base + 1 GB recommended for workspace - Startup time: 0.5 seconds - Startup command: 37 lines of setup code --- ## Prerequisites ### Hardware Requirements | Component | Minimum | Recommended | |-----------|---------|------------| | **Model** | RPi 3B+ | RPi 4B (8GB) or RPi 5 | | **RAM** | 512 MB | 1-2 GB | | **Storage** | 16 GB microSD | 64 GB SSD | | **Network** | WiFi 5 GHz | Gigabit Ethernet | | **Power** | 2.5A | 3A (for peripherals) | ### Software Requirements ```bash # Check current Raspberry Pi OS cat /etc/os-release # Required: Raspberry Pi OS (32-bit or 64-bit) # Tested on: Bullseye, Bookworm # Not tested: Lite (no desktop) - should work fine ``` --- ## Installation Steps ### Step 1: Prepare Raspberry Pi ```bash # Update system sudo apt update sudo apt upgrade -y # Install Node.js 18+ (via NodeSource) curl -fsSL https://deb.nodesource.com/setup_18.x | sudo -E bash - sudo apt install -y nodejs # Verify installation node --version # Should be v18.0.0 or higher npm --version ``` ### Step 2: Clone Repository ```bash # On RPi, clone the repo cd /home/pi # or your user home git clone https://github.com/dylanmarriner/ATLAS-GATE-MCP.git cd ATLAS-GATE-MCP # Or transfer files via SCP scp -r ATLAS-GATE-MCP pi@raspberrypi.local:~/ ssh pi@raspberrypi.local cd ATLAS-GATE-MCP ``` ### Step 3: Install Dependencies ```bash # Install Node dependencies npm install # Install production cosign packages (recommended) npm install @sigstore/cosign @sigstore/sign @sigstore/verify # Verify installation npm run verify ``` ### Step 4: Configure Environment ```bash # Create .env.production file cat > .env.production << 'EOF' NODE_ENV=production ATLAS-GATE_PORT=3000 ATLAS-GATE_HOST=0.0.0.0 ATLAS-GATE_BOOTSTRAP_SECRET=$(openssl rand -hex 32) ATLAS-GATE_ATTESTATION_SECRET=$(openssl rand -hex 32) EOF # Load environment source .env.production # Verify echo $ATLAS-GATE_BOOTSTRAP_SECRET ``` ### Step 5: Create Systemd Service ```bash # Create service file sudo tee /etc/systemd/system/atlas-gate.service > /dev/null << 'EOF' [Unit] Description=ATLAS-GATE MCP Server After=network-online.target Wants=network-online.target [Service] Type=simple User=pi WorkingDirectory=/home/pi/ATLAS-GATE-MCP EnvironmentFile=/home/pi/ATLAS-GATE-MCP/.env.production ExecStart=/usr/bin/node bin/ATLAS-GATE-HTTP.js Restart=on-failure RestartSec=10 StandardOutput=journal StandardError=journal SyslogIdentifier=atlas-gate # Resource limits for RPi MemoryLimit=256M CPUQuota=80% [Install] WantedBy=multi-user.target EOF # Enable and start service sudo systemctl daemon-reload sudo systemctl enable atlas-gate sudo systemctl start atlas-gate # Check status sudo systemctl status atlas-gate # View logs sudo journalctl -u atlas-gate -f ``` ### Step 6: Configure Nginx Reverse Proxy ```bash # Install nginx sudo apt install -y nginx # Create configuration sudo tee /etc/nginx/sites-available/atlas-gate > /dev/null << 'EOF' upstream atlas_gate { server 127.0.0.1:3000; } server { listen 80; server_name _; # HTTP to HTTPS redirect (optional) # return 301 https://$host$request_uri; client_max_body_size 10M; location / { proxy_pass http://atlas_gate; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_read_timeout 30s; proxy_connect_timeout 10s; } location /health { proxy_pass http://atlas_gate; access_log off; } } EOF # Enable site sudo ln -sf /etc/nginx/sites-available/atlas-gate /etc/nginx/sites-enabled/ sudo rm -f /etc/nginx/sites-enabled/default # Test configuration sudo nginx -t # Start nginx sudo systemctl restart nginx sudo systemctl enable nginx ``` ### Step 7: (Optional) Configure SSL/TLS ```bash # Install certbot sudo apt install -y certbot python3-certbot-nginx # Get certificate (requires public domain) sudo certbot certonly --nginx -d your-domain.com # Update nginx config to use HTTPS sudo certbot renew --nginx # Check renewal sudo certbot renew --dry-run ``` ### Step 8: Configure Remote Access #### Option A: SSH Tunnel (Simplest) ```bash # On your local machine ssh -L 3000:localhost:3000 pi@raspberrypi.local # Then access locally: curl http://localhost:3000/health ``` #### Option B: ngrok (Fast, No Setup) ```bash # On RPi curl https://bin.equinox.io/c/4VmDzA7iaHb/ngrok-stable-linux-arm.zip -o ngrok.zip unzip ngrok.zip sudo mv ngrok /usr/local/bin/ # Create ngrok config cat > ~/.ngrok2/ngrok.yml << 'EOF' authtoken: YOUR_TOKEN_HERE tunnels: atlas-gate: proto: http addr: localhost:3000 EOF # Start tunnel ngrok start atlas-gate # ngrok will provide a public URL: https://xxxx-xxx-xxx-xx.ngrok.io ``` #### Option C: Cloudflare Tunnel (Enterprise) ```bash # Install cloudflared curl -L https://pkg.cloudflare.com/cloudflare-release.key | sudo gpg --yes --dearmor --output /usr/share/keyrings/cloudflare-archive-keyring.gpg echo 'deb [signed-by=/usr/share/keyrings/cloudflare-archive-keyring.gpg] https://pkg.cloudflare.com/linux any main' | sudo tee /etc/apt/sources.list.d/cloudflare-main.list sudo apt update sudo apt install -y cloudflared # Authenticate cloudflared tunnel login # Create tunnel cloudflared tunnel create atlas-gate # Configure tunnel cat > ~/.cloudflared/config.yml << 'EOF' tunnel: atlas-gate credentials-file: ~/.cloudflared/<UUID>.json ingress: - hostname: atlas-gate.your-domain.com service: http://localhost:3000 - service: http_status:404 EOF # Run tunnel cloudflared tunnel run atlas-gate # Route to tunnel cloudflared tunnel route dns atlas-gate atlas-gate.your-domain.com ``` #### Option D: Public IP + Firewall ```bash # If RPi has public IP, expose via firewall # ⚠️ Only if behind proper network security # Router: Forward port 80/443 to RPi:3000 # Firewall: Allow port 80/443 inbound # Then access: curl http://your-public-ip:80/health ``` --- ## Remote Operations ### Access from Laptop ```bash # Via SSH tunnel ssh -L 3000:localhost:3000 pi@raspberrypi.local # In another terminal: curl http://localhost:3000/health # Create a workspace curl -X POST http://localhost:3000/sessions/create \ -H "Content-Type: application/json" \ -d '{ "role": "WINDSURF", "workspaceRoot": "/home/pi/ATLAS-GATE-MCP" }' ``` ### Monitor Logs Remotely ```bash # SSH into RPi ssh pi@raspberrypi.local # View logs in real-time sudo journalctl -u atlas-gate -f # View last 100 lines sudo journalctl -u atlas-gate -n 100 # View specific time range sudo journalctl -u atlas-gate --since "1 hour ago" # Search for errors sudo journalctl -u atlas-gate | grep ERROR ``` ### Check System Health ```bash # SSH into RPi ssh pi@raspberrypi.local # Check memory usage free -h # Check disk usage df -h # Check CPU temp vcgencmd measure_temp # Check service status sudo systemctl status atlas-gate # Test health endpoint curl http://localhost:3000/health | jq . ``` ### Restart Service ```bash # SSH into RPi ssh pi@raspberrypi.local # Restart sudo systemctl restart atlas-gate # Stop sudo systemctl stop atlas-gate # Start sudo systemctl start atlas-gate ``` --- ## Performance Tuning for RPi ### Memory Management ```bash # Monitor memory usage watch -n 1 'free -h && echo "---" && top -bn1 | head -15' # If out of memory, enable swap sudo fallocate -l 1G /var/swapfile sudo chmod 600 /var/swapfile sudo mkswap /var/swapfile sudo swapon /var/swapfile # Make permanent echo '/var/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab ``` ### CPU Optimization ```bash # Check CPU frequency watch -n 1 'cat /sys/devices/system/cpu/cpu*/cpufreq/cpuinfo_cur_freq' # If throttling occurs, check temperature vcgencmd measure_temp # Improve cooling: add heatsinks or fan # Passive: 3x3cm aluminum heatsinks on SoC and RAM # Active: 5V PWM fan (controlled by GPIO) ``` ### Disk I/O ```bash # Use SSD for faster I/O # RPi 5: USB 3.0 can boot from SSD # RPi 4: USB 3.0 SSD faster than microSD # Check I/O performance sudo iotop -o # Disable unnecessary services to free I/O sudo systemctl disable cups sudo systemctl disable bluetooth ``` ### Network Optimization ```bash # Test network speed iperf3 -c your-pc-ip # Requires iperf3 server on PC # Enable hardware checksumming ethtool -K eth0 tx on rx on # Adjust socket buffer sizes echo "net.core.rmem_max=134217728" | sudo tee -a /etc/sysctl.conf echo "net.core.wmem_max=134217728" | sudo tee -a /etc/sysctl.conf sudo sysctl -p ``` --- ## Backup Strategy for RPi ### Automated Daily Backup ```bash # Create backup script cat > ~/backup-atlas-gate.sh << 'EOF' #!/bin/bash BACKUP_DIR=/mnt/backup/atlas-gate DATE=$(date +%Y%m%d) mkdir -p $BACKUP_DIR # Backup workspace tar czf $BACKUP_DIR/workspace-$DATE.tar.gz ~/ATLAS-GATE-MCP/.atlas-gate/ # Backup audit log cp ~/ATLAS-GATE-MCP/.atlas-gate/audit.log $BACKUP_DIR/audit-$DATE.log # Backup cosign keys (encrypted) tar czf - ~/ATLAS-GATE-MCP/.atlas-gate/.cosign-keys | \ openssl enc -aes-256-cbc -pass file:~/.backup-password \ > $BACKUP_DIR/keys-$DATE.tar.gz.enc # Keep last 7 days find $BACKUP_DIR -mtime +7 -delete echo "Backup complete: $BACKUP_DIR" EOF chmod +x ~/backup-atlas-gate.sh # Schedule via cron crontab -e # Add: 0 2 * * * ~/backup-atlas-gate.sh ``` ### Remote Backup ```bash # Sync to external server via rsync rsync -avz --delete \ /home/pi/ATLAS-GATE-MCP/.atlas-gate/ \ backup-server:/backups/atlas-gate/ # Or via cloud storage rclone sync /home/pi/ATLAS-GATE-MCP/.atlas-gate/ \ b2:my-bucket/atlas-gate/ ``` --- ## Troubleshooting ### Service Won't Start ```bash # Check logs sudo journalctl -u atlas-gate -n 50 # Check if port 3000 is in use sudo lsof -i :3000 # Manually test cd ~/ATLAS-GATE-MCP node bin/ATLAS-GATE-HTTP.js # Check Node version node --version # Must be 18+ ``` ### Out of Memory ```bash # Check current usage free -h # Kill largest process ps aux --sort=-%mem | head -5 # sudo kill -9 <PID> # Reduce Node.js heap export NODE_OPTIONS="--max-old-space-size=256" # Restart service sudo systemctl restart atlas-gate ``` ### Network Connectivity Issues ```bash # Check connection ping 8.8.8.8 # Check DNS nslookup google.com # Check if port is open sudo ss -tlnp | grep 3000 # Test from external machine curl -v http://your-rpi-ip:80/health ``` ### Audit Log Corruption ```bash # Verify integrity node -e " import { verifyAuditLogIntegrity } from './core/audit-system.js'; const result = await verifyAuditLogIntegrity(process.cwd()); console.log(JSON.stringify(result, null, 2)); " # If corrupted, restore from backup cp /mnt/backup/atlas-gate/audit-*.log .atlas-gate/audit.log ``` --- ## Remote Development Workflow ### SSH Development Setup ```bash # On your local machine, edit via SSH code --remote ssh-remote+pi@raspberrypi.local ~/ATLAS-GATE-MCP # Or use vim ssh pi@raspberrypi.local vim ~/ATLAS-GATE-MCP/core/my-file.js ``` ### Syncing Code ```bash # Watch local files and sync to RPi fswatch -o ~/ATLAS-GATE-MCP | xargs -I {} rsync -avz \ ~/ATLAS-GATE-MCP/ \ pi@raspberrypi.local:~/ATLAS-GATE-MCP/ # Or one-time sync rsync -avz --exclude=node_modules --exclude=.git \ ~/ATLAS-GATE-MCP/ \ pi@raspberrypi.local:~/ATLAS-GATE-MCP/ # Test changes ssh pi@raspberrypi.local 'cd ~/ATLAS-GATE-MCP && npm run verify' ``` --- ## Production Checklist for RPi - [ ] Node.js 18+ installed - [ ] Dependencies installed (`npm install`) - [ ] `.env.production` created with secrets - [ ] Systemd service created and enabled - [ ] Nginx reverse proxy configured - [ ] SSL/TLS certificate installed (if needed) - [ ] Remote access method configured (SSH tunnel, ngrok, etc.) - [ ] Backup strategy implemented - [ ] Health check monitoring enabled - [ ] Logs routed to centralized logging - [ ] Firewall configured appropriately - [ ] CPU/memory/disk monitored --- ## Performance Expectations on RPi | Operation | RPi 3B+ | RPi 4B | RPi 5 | |-----------|---------|--------|-------| | **Startup time** | 1-2s | 0.5-1s | 0.3s | | **Plan linting** | 50-100ms | 20-50ms | 10-20ms | | **Audit log append** | 10-20ms | 5-10ms | 2-5ms | | **HTTP request latency** | 50-100ms | 20-50ms | 10-20ms | | **Concurrent sessions** | 1-2 | 2-4 | 4+ | --- ## Getting Help ```bash # System info uname -a cat /etc/os-release node --version npm --version # Disk usage df -h / du -sh ATLAS-GATE-MCP # Memory free -h # Network hostname -I ip route show nslookup $(hostname) # Service logs sudo journalctl -u atlas-gate -n 100 ``` --- **Status:** ✅ READY FOR DEPLOYMENT TO RASPBERRY PI **Recommended:** RPi 4B or RPi 5 with 2+ GB RAM and SSD storage for best performance. **Tested:** Node.js 18.16.0+, Raspberry Pi OS Bookworm, 64-bit **Last Updated:** 2026-02-21

Loading blob content...

Latest Blog Posts

Redis vs ioredis vs valkey-glide
By punkpeye on January 26, 2026.
benchmark
Redis
valkey
Quickstart: Publish an MCP Server to the MCP Registry
By punkpeye on January 24, 2026.
mcp
official reference mirror
Official MCP Registry Server.json Requirements
By punkpeye on January 24, 2026.
mcp
official reference mirror

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/dylanmarriner/MCP-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

RPI_DEPLOYMENT.md•12.7 KiB