firefrost-gaming/firefrost-operations-manual
3
0
Fork 0
Code Issues 146 Pull Requests Packages Projects Releases Wiki Activity
Files
8ca318752e11f59d18bb4c95bbddbd3e9da1c7c8
firefrost-operations-manual/docs/infrastructure/trinity-core.md
Claude 158e6e2fe6 docs: Update Trinity Core docs — correct 8GB RAM, add v2.1.0 changes 
- Hardware: Pi 4B is 8GB, not 4GB as previously documented
- OS: Debian GNU/Linux 13 (Trixie) aarch64, kernel 6.12.75
- Added deployment procedure (curl from Gitea API)
- Updated server table with trinity-core localhost entry
- Added version history table
- Updated future enhancements checklist
- Source code now in firefrost-services repo

Chronicler #78 | firefrost-operations-manual
2026-04-11 10:07:47 +00:00

4.9 KiB
Raw Blame History

Trinity Core MCP Gateway

Overview

Trinity Core is a Raspberry Pi 4B running in Michael's home network, providing a secure bridge for Claude to execute commands on Firefrost infrastructure. As of v2.1.0, Trinity Core can also audit itself via local execution.

Deployed: April 11, 2026 by Chronicler #76 v2.1.0: April 11, 2026 by Chronicler #78 (local execution, git version control)

Hardware

  • Device: Raspberry Pi 4B (8GB)
  • Storage: 16GB SD card (4.4GB used, 33%)
  • OS: Debian GNU/Linux 13 (Trixie) aarch64
  • Kernel: 6.12.75+rpt-rpi-v8
  • CPU: Cortex-A72, 4 cores
  • Hostname: trinity-core
  • Local access: ssh claude_executor@trinity-core.local
  • Network: WiFi (TheDungeon) with ethernet backup option

Architecture

Claude → mcp.firefrostgaming.com → Cloudflare Tunnel → Trinity Core → SSH → Target Server
                                                                      → local exec (trinity-core)

Endpoint

  • URL: https://mcp.firefrostgaming.com
  • MCP SSE: GET /mcp (Claude.ai connector)
  • MCP Messages: POST /mcp/messages (Claude.ai connector)
  • OAuth Discovery: GET /.well-known/oauth-protected-resource

Authentication

  • Type: Bearer token (via OAuth shim for Claude.ai)
  • Token: FFG-Trinity-2026-Core-Access
  • OAuth Client ID: trinity-core
  • OAuth Client Secret: FFG-Trinity-2026-Core-Access

Registered Servers

Name Host User Type
command-center 63.143.34.217 root SSH
tx1-dallas 38.68.14.26 root SSH
nc1-charlotte 216.239.104.130 root SSH
panel-vps 45.94.168.138 root SSH
dev-panel 64.50.188.128 root SSH
wiki-vps 64.50.188.14 architect SSH
services-vps 38.68.14.188 root SSH
trinity-core localhost claude_executor Local

MCP Tools

Tool Description
list_servers Returns available Firefrost servers
run_command Execute command on any server (SSH or local)

Source Code

Git repo: firefrost-servicesservices/trinity-core/

Production location: /home/claude_executor/mcp-server/ on the Pi

Deployment Procedure

  1. Edit code in firefrost-services/services/trinity-core/
  2. Commit and push to Gitea
  3. SSH to the Pi:
ssh claude_executor@trinity-core.local
  1. Back up current version:
cd ~/mcp-server
cp index.js index.js.bak
  1. Fetch new code from Gitea:
curl -s -H "Authorization: token e0e330cba1749b01ab505093a160e4423ebbbe36" \
  "https://git.firefrostgaming.com/api/v1/repos/firefrost-gaming/firefrost-services/raw/services/trinity-core/index.js?ref=main" \
  -o index.js
  1. Check if package.json changed (if so, run npm install):
curl -s -H "Authorization: token e0e330cba1749b01ab505093a160e4423ebbbe36" \
  "https://git.firefrostgaming.com/api/v1/repos/firefrost-gaming/firefrost-services/raw/services/trinity-core/package.json?ref=main" \
  -o package.json.new
diff package.json package.json.new && rm package.json.new || (mv package.json.new package.json && npm install)
  1. Restart service:
sudo systemctl restart mcp-server
  1. Verify:
sudo systemctl status mcp-server

Services

Both services are enabled and auto-start on boot:

  • cloudflared — Cloudflare Tunnel to expose MCP endpoint
  • mcp-server — Node.js Express server (v2.1.0, SDK 1.29.0)

Service management

sudo systemctl status cloudflared
sudo systemctl status mcp-server
sudo systemctl restart mcp-server

Logging

Command log location: /home/claude_executor/mcp-server/command.log

cat ~/mcp-server/command.log
tail -f ~/mcp-server/command.log

File Locations

File Path
MCP server code /home/claude_executor/mcp-server/index.js
Package manifest /home/claude_executor/mcp-server/package.json
Command log /home/claude_executor/mcp-server/command.log
Cloudflare config /etc/cloudflared/config.yml
Cloudflare credentials /etc/cloudflared/*.json
SSH keys /home/claude_executor/.ssh/

Cloudflare Tunnel

  • Tunnel name: trinity-core
  • Tunnel ID: 446d70b0-abd1-4ec7-8e06-6c277f99cbc7
  • Routes: mcp.firefrostgaming.com → localhost:3000

Version History

Version Date Chronicler Changes
1.0.0 Apr 10, 2026 #76 The Bridgekeeper Initial deployment, SSH to 7 servers
2.0.0 Apr 11, 2026 #77 The Socket Claude.ai MCP connector, OAuth shim, SDK 1.29.0
2.1.0 Apr 11, 2026 #78 Local self-execution, added to firefrost-services repo

Future Enhancements

  • Claude MCP connector integration (v2.0.0)
  • Self-audit capability (v2.1.0)
  • Git version control (v2.1.0)
  • Discord notifications for command execution
  • Command allowlist/categories
  • Rate limiting
  • Move token to environment variable
Reference in New Issue View Git Blame Copy Permalink