feat(tunnel): route mana-ai.mana.how → mana-ai:3067

Public ingress for the Mission Key-Grant audit endpoint (/api/v1/me/ai-audit) so the Workbench "Datenzugriff" tab can reach mana-ai from the browser. Background tick + /metrics stay internal; only the JWT-gated user endpoint is exposed. Requires a Cloudflare DNS record pointing mana-ai.mana.how at the tunnel CNAME (one-off: \`cloudflared tunnel route dns 1435166a-0e3f-4222-8de6-744f32cea5c9 mana-ai.mana.how\`), then sync via scripts/mac-mini/sync-tunnel-config.sh. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-05-14 20:21:09 +02:00 · 2026-04-15 15:51:59 +02:00 · 2026-04-15 15:51:59 +02:00 · 82cf190650
commit 82cf190650
parent 298bf7e857
1 changed files with 10 additions and 0 deletions
--- a/cloudflared-config.yml
+++ b/cloudflared-config.yml
@ -104,6 +104,16 @@ ingress:
  - hostname: mana-api.mana.how
    service: http://localhost:3060

+  # ============================================
+  # mana-ai — background AI Mission Runner
+  # ============================================
+  # Serves the user-facing decrypt-audit endpoint
+  # /api/v1/me/ai-audit that powers the Workbench "Datenzugriff" tab.
+  # The background tick loop + /metrics stay internal; only the
+  # JWT-gated user endpoint is public.
+  - hostname: mana-ai.mana.how
+    service: http://localhost:3067
+
  # ============================================
  # API Gateway (Go)
  # ============================================