📄️ SOP: Install aurbotstem.com Dashboard (NPM + Authentik + Homepage)
Step-by-step procedure to deploy the public dashboard stack on a Proxmox VM using Docker, Cloudflare DNS, Nginx Proxy Manager, Authentik, and Homepage.
📄️ SOP: Nginx Proxy Manager as Public Edge (10.10.8.131)
Make 10.10.8.131 the public edge (80/443) and bind NPM admin to LAN-only.
📄️ SOP: Install Authentik (Docker) on 10.10.8.131
Deploy Authentik with dedicated Postgres+Redis, then publish via Nginx Proxy Manager.
📄️ SOP: Make Docusaurus fully private (Authentik + NPM)
Protect all of docs.aurbotstem.com behind Authentik SSO using Nginx Proxy Manager forward-auth.
📄️ SOP: Tutorial Coach Agent — Memory, Session, and KB Policy
Rules for what the coach agent should remember, where it should write, and how to prevent cross-project context bleed.
📄️ SOP: iCloud Sync (Non-Destructive) — OpenClaw Workspace + Docusaurus KB
One-way rsync from local folders to iCloud Drive for outside visibility; non-destructive (no delete).
📄️ API Contract Validation (Master Plan)
This SOP defines how we validate API contracts across the home/office stack (Portal/Dash/Auth/Agents/MCP/Device services) so we can move services between environments (home → office) with minimal surprises.
📄️ OpenClaw: Useful + Secure (Arif Baseline)
This SOP is the baseline set of guardrails that keep OpenClaw useful (actually gets work done) and safe (doesn’t leak secrets or expose services).