CLASSIFIED
![[SEAL]](assets/wee.gif)
Project: DEEPDISH TOP (Terminal Operations Panel)
Type: Full-stack real-time infrastructure monitoring dashboard
Aesthetic: Cypherpunk / Covert operations command center
Stack: Python 3.12 · Flask · Gunicorn + gevent · Docker · Vanilla JS
Host: Privileged Docker container with host PID/network namespace
Port: 5000 (host network mode)
01 Architecture Overview
DEEPDISH TOP is deployed as a privileged Docker container with full host namespace access — PID, network, and hardware. The container runs a Gunicorn WSGI server with gevent async workers, enabling Server-Sent Events and parallel metric collection across all subsystems.
Container Deployment
| Component | Detail |
|---|---|
| Base Image | python:3.12-slim |
| WSGI Server | Gunicorn 21.2.0 — gevent async workers, 3 workers, 120s timeout |
| Network Mode | host — shares host network stack directly |
| PID Namespace | pid: host — sees all host processes via nsenter -t 1 |
| Privilege | privileged: true — full hardware access (GPU, sensors, Docker socket) |
| Restart Policy | unless-stopped |
Volume Mounts
| Host Path | Container Path | Purpose |
|---|---|---|
| /var/run/docker.sock | /var/run/docker.sock:ro | Docker API access |
| /proc | /host/proc:ro | Host process info (CPU, mem, disk) |
| /sys | /host/sys:ro | Hardware sensor data |
| /etc/os-release | /etc/os-release:ro | Host OS identification |
| /run/dbus | /run/dbus:ro | D-Bus socket for systemd |
| /var/run/avahi-daemon | /var/run/avahi-daemon:ro | mDNS resolution for .local hosts |
| /mnt/deepdish | /mnt/deepdish:ro | NAS mount (DeepDish storage array) |
Python Dependencies
| Package | Version | Purpose |
|---|---|---|
| flask | 3.0.0 | Web framework |
| psutil | 5.9.8 | System metrics collection |
| docker | 7.0.0 | Docker Engine API client |
| gunicorn | 21.2.0 | Production WSGI server |
| gevent | 24.2.1 | Async worker for SSE/streaming |
| requests | 2.31.0 | HTTP client for integrations |
02 Backend — app.py (2,017 lines)
mDNS IPv4 Resolution Cache
A custom DNS resolution layer for .local hostnames on the LAN. Required because mDNS can return IPv6 or resolve to the wrong interface on dual-homed machines. Gathers candidate IPs from avahi-resolve, socket.getaddrinfo, and configurable fallbacks. Results are cached with a 120-second TTL and auto-invalidated on connectivity failure.
System Metric Collectors
All collectors read from the host via nsenter -t 1 (PID namespace) or /proc/1/root (mount namespace). Every metric is gathered in parallel using ThreadPoolExecutor.
| Collector | Strategy |
|---|---|
| get_system_info() | Kernel, arch, distro, CPU model, core counts, total RAM — cached indefinitely |
| get_cpu_info() | Per-core %, total %, frequency, load averages via psutil |
| get_memory_info() | Total/used/available RAM + swap via psutil |
| get_disk_info() | 3-strategy fallback: /proc/1/mounts → nsenter df → psutil. Filters real FSes only |
| get_network_info() | Per-NIC I/O, interface details, top 80 active connections |
| get_processes() | Top 50 processes by CPU% — PID, name, user, RSS/VMS, threads, FDs |
| get_gpu_info() | NVIDIA nvidia-smi — temps, utilization, VRAM, power, fan speed |
| get_temperatures() | psutil.sensors_temperatures() — current/high/critical thresholds |
| get_docker_containers() | All containers with live stats fetched in parallel per running container |
| get_systemd_services() | Top 50 services via systemctl with D-Bus fallback |
Cluster Node Monitoring
Polls Prometheus node_exporter (port 9100) on 6 LAN nodes in parallel via ThreadPoolExecutor(max_workers=6). Metrics parsed from Prometheus text format include CPU, memory, disk, network I/O, load averages, and uptime.
External Integrations
Host: nativeplanet.local:9100
Prometheus metrics — root disk, data disk, WiFi, kernel info
Host: 142.93.██.██ (urbit.tylerirl.com)
Online check via ICMP ping — extracts RTT from output
WiFi: 192.168.0.███ / ETH: 192.168.1.███
Dual-interface ICMP probe — reports responding interface
Host: homeassistant.local:8123
HA version, entity states, lights, phone tracking for 2 users — battery, steps, activity, connection type
Host: localhost:27124 (Local REST API plugin, HTTPS)
Vault stats, full-text search, note viewer, 30s cache TTL
Host: chef.local:5001
MJPEG stream proxy, eye expressions, vision status, face tracking
DEEPDISH Intake Portal
Accepts text, URL, or image submissions. URLs auto-fetch <title> and meta description. Images are stored as base64 data URIs. All notes are saved to DEEPDISH/intake/ in the Obsidian vault with YAML frontmatter.
03 API Endpoints
Metric Routes
| Route | Description | Concurrency |
|---|---|---|
| GET /api/metrics | Fast local-only metrics (CPU, mem, disk, net, procs, docker, systemd, GPU, temps) | 12 workers |
| GET /api/metrics/integrations | Slow external integrations (cluster, NP, urbit, gamer, OCS, HA, obsidian) | 8 workers |
| GET /api/metrics/all | Combined local + integrations (chat context builder) | 16 workers |
Management Routes
| Route | Description |
|---|---|
| POST /api/docker/<name>/action | Docker control: start, stop, restart, remove |
| GET /api/docker/<name>/logs | Container log tail (default 80 lines) |
| POST /api/docker/prune | Remove all stopped containers |
| POST /api/systemd/<name>/action | Systemd control: start, stop, restart, enable, disable |
| GET /api/systemd/<name>/logs | journald log tail (default 60 lines) |
Obsidian & OCS Routes
| Route | Description |
|---|---|
| GET /api/obsidian/note | Fetch note content (JSON + tags + frontmatter) |
| GET /api/obsidian/search | Full-text vault search (top 20 results) |
| POST /api/portal/intake | Submit text/URL/image to vault intake |
| GET /api/ocs/eye/stream | MJPEG stream proxy |
| POST /api/ocs/eye/expression | Set eye expression + duration |
04 Frontend — Main Dashboard (11,553 lines)
Layout Architecture
Three-column responsive grid with independent scrolling. Left column houses CPU/MEM, network I/O, disk, GPU, temps, storage, interfaces, Native Planet, and system info. Center column contains the cluster view, Obsidian vault, processes, Docker, Radgotchi virtual pet, systemd services, net flow matrix, and connections. Right column holds the OCS eye stream, DEEPDISH chat, topology visualization, Home Assistant, and event log.
CPU/MEM · NET I/O · DISK I/O · GPU · TEMPS · STORAGE · INTERFACES · NATIVE PLANET · SYSTEM INFO
CLUSTER · OBSIDIAN VAULT · PROCESSES · DOCKER · RADTECH · SYSTEMD · NET FLOW MATRIX · CONNECTIONS
OCS OCULAR · DEEPDISH CHAT · TOPOLOGY · HOME ASSISTANT · EVENT LOG
Dual-Theme System (Threat Red / Intel Blue)
Two complete color themes toggled by clicking the "DEEPDISH" header text. A radial ripple animation expands from the click origin while all section panels flash with staggered 50ms delays. The class switch is delayed 300ms for dramatic reveal. Theme persists via localStorage.
--primary: #ff0a1e--secondary: #cc2233--accent: #ff3344--terminal-green: #39ff14
--primary: #0af0ff--secondary: #2288cc--accent: #44aaff--terminal-green: #00ffcc
Visual Effects & Background Layers
- Grid background — Animated CSS grid (40px cells) with slow diagonal drift (20s cycle)
- Wireframe globe — Canvas-rendered rotating sphere (9 lat, 12 lon lines, equator highlight, 2 outer rings). Perspective projection, continuous
requestAnimationFrame - CRT scanlines — Repeating linear gradient overlay (2px lines)
- Kanji watermarks — 神 (kami) and 経 (kei) as fixed-position decorative text
Section Panel System
Every section uses a standardized .section component with corner accent lines, hex pattern overlays, alert pulsing, skeleton loading shimmer, collapse/expand toggles, and GPU-accelerated compositing (translateZ(0), contain: style paint).
Data Visualization
- Sparklines — Inline SVG charts for CPU, memory, network, GPU (60-sample rolling history)
- Progress bars — Color-coded utilization bars (green → orange → red) with animated sweep overlay
- Cluster aggregates — 3 large metric cards (CPU/MEM/DISK) with sweep backgrounds, min/max per metric
- Net flow matrix — Canvas-rendered heatmap of services vs remote hosts. Animated cells, pulse waves, scanline overlay, crosshair on hover
- Obsidian topology — 50-node hex-grid canvas with data packets flowing along connections, comet trails, ambient glow orbs
05 Network Topology Visualization
Force-directed graph rendered on a dedicated canvas element. DEEPDISH sits as the center-pinned hub node with cluster nodes on an equidistant inner ring and external integrations on an outer ring. Full physics simulation with spring forces, repulsion, velocity damping, and boundary clamping.
Data packets flow along links as diamond and circle shapes with comet trails. Colors shift green → orange → red with actual node load. Spawn rate is proportional to real utilization metrics. Threat level indicator changes based on node online/offline status: NOMINAL → ELEVATED → CRITICAL
| Node Type | Name | Layout |
|---|---|---|
| host | DEEPDISH | Center-pinned hub (diamond SVG) |
| cluster | mini, cheese, pepper, onion, garlic, supreme | Equidistant inner ring (Apple logo) |
| tellurian | Native Planet | Outer ring |
| urbit | Cloud Urbit | Outer ring |
| pc | Epic Gamer | Outer ring (Windows logo) |
| homeassistant | Home Assistant | Outer ring (HA gear icon) |
06 Radgotchi Virtual Pet System
A complete virtual pet IIFE module (RG) displayed in the RADTECH section. 25 sprite states, 12 CSS animations, military/SIGINT-themed status messages (e.g., "SIGINT NOMINAL", "OVERWATCH ACTIVE", "EXCESSIVE INPUT — CEASE").
- ▸ Mouse near section → eye tracking
- ▸ Single click → random positive reaction
- ▸ 3+ rapid clicks → excited
- ▸ 5+ rapid clicks → angry
- ▸ Double click → spin trick
- ▸ Hover on dashboard sections → themed reaction (2.5s cooldown)
- ▸ CPU >90% → angry (critical mood)
- ▸ Memory >92% → warn state
- ▸ Temps >85°C → critical reaction
- ▸ Node offline → sad
- ▸ Node online → excited
- ▸ 120s idle → sleep / lonely
- ▸ Late night (23:00–06:00) → nap bias
07 OCS Eye & DEEPDISH Chat
MJPEG Eye Stream
OCS camera feed from chef.local:5001 proxied through Flask to avoid CORS. Health check every 10 seconds, auto-reconnect on error with 5-second delay. 7 expression controls (happy, sad, angry, bored, confused, surprised, suspicious). System events automatically trigger expressions with cooldown.
AI Chat Integration
| Setting | Value |
|---|---|
| LLM Endpoint | supreme.local:1234 (LM Studio) |
| Model | gemma-2-27b |
| Temperature | 0.7 |
| Max Tokens | 300 |
| Persona | DEEPDISH — black-box intelligence, SIGINT style, lowercase/clinical |
The system prompt dynamically injects full live telemetry context — system info, CPU/memory/GPU/disk/network, Docker containers, systemd services, cluster nodes, Home Assistant, OCS, and Obsidian vault stats. Personal names are redacted (OPERATOR / ASSET-2) in chat history.
08 Event Detection & Logging
The event system compares current vs previous data snapshots to detect state changes. Events are classified into 4 levels and trigger both Radgotchi reactions and OCS eye expression changes:
| Condition | Level |
|---|---|
| CPU >90% | ● CRITICAL |
| CPU >70% | ● WARNING |
| Memory >90% | ● CRITICAL |
| Disk >90% | ● WARNING |
| Temperature > critical threshold | ● CRITICAL |
| Docker container state change | ● INFO |
| Cluster node offline | ● WARNING |
| Systemd service failure | ● WARNING |
| Service recovery | ● OK |
09 Polling & Refresh Architecture
Split polling strategy separates fast local metrics from slow external integrations:
| Interval | Target | Purpose |
|---|---|---|
| 2,000ms | /api/metrics + /api/metrics/integrations | Core telemetry polling (parallel) |
| 1,000ms | — | Column height sync |
| 3,000ms | Management logs | Docker/Systemd auto-refresh |
| 6,000ms | — | Radgotchi idle behavior check |
| 10,000ms | /api/ocs/eye/ping | OCS stream health check |
| rAF | Canvas elements | Globe, topology, net flow, Obsidian topo |
10 Dashboard Preview
11 Performance Optimizations
| Optimization | Detail |
|---|---|
| Split API polling | Local metrics (fast) and integrations (slow) fetched in separate parallel requests |
| ThreadPoolExecutor | Container stats, cluster nodes, OCS status — all fetched in parallel |
| DOM cache | Map-based ID lookup cache avoids repeated getElementById calls |
| CSS containment | .section { contain: style paint } — limits layout recalculation |
| GPU compositing | translateZ(0) + backface-visibility: hidden on animated elements |
| Static info cache | System info (kernel, CPU model) cached indefinitely after first fetch |
| Obsidian TTL cache | 30-second cache prevents API hammering on every poll cycle |
| mDNS cache | 120-second TTL with connectivity validation |
| Connection pooling | Shared requests.Session with keep-alive for all external HTTP |
| Conditional render | Row flash animations only fire on actual value changes |
12 Security Posture
- Container runs privileged with host PID/network — required for full system visibility
- HA token & Obsidian API key in
.env— not committed to version control - Obsidian API uses self-signed HTTPS — SSL verification disabled
- Frontend redacts non-local IPs (e.g.,
142.███.███.███) - Chat history redacts personal names →
OPERATOR/ASSET-2 - Docker/Systemd management exposed without auth — trusted LAN only
13 External Service Dependencies
| Service | Host | Protocol | Purpose |
|---|---|---|---|
| Prometheus (×6) | {node}.local:9100 | HTTP/Prometheus | Cluster node metrics |
| Native Planet | nativeplanet.local:9100 | HTTP/Prometheus | Urbit machine metrics |
| Home Assistant | homeassistant.local:8123 | HTTP REST | Smart home / phone tracking |
| Obsidian REST API | localhost:27124 | HTTPS REST | Vault access |
| OCS | chef.local:5001 | HTTP + MJPEG | Eye rendering / vision |
| LM Studio | supreme.local:1234 | OpenAI API | AI chat (gemma-2-27b) |
| Docker Engine | /var/run/docker.sock | Unix socket | Container management |
| systemd | D-Bus | D-Bus / nsenter | Service management |
¹ All network addresses shown are partially redacted per standard operating procedure.
² Metric collection intervals are tunable — values shown reflect production configuration.
³ This document is auto-generated from system introspection. ████████████