infra(phase 2g): mana-research → GPU-Box

Web-Research-Orchestrator (16+ search-/LLM-providers) auf die GPU-Box
verlagert. Cross-LAN für mana-auth/mana-credits/mana-llm/mana-search/
postgres/redis (192.168.178.131). research.mana.how routet jetzt zum
mana-gpu-server-Tunnel (CF config v29). Mini-Container-Count 42 → 41.

PUBLIC_MANA_RESEARCH_URL in mana-app-web auf https-URL umgestellt —
Mini-Container können 192.168.178.11 nicht direkt erreichen (Colima-NAT),
daher Cross-LAN-Bridge via Cloudflare-Tunnel wie bei mana-ai.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

docker-compose.macmini.yml

@@ -343,66 +343,10 @@ services:
       retries: 3
       start_period: 15s
 
-  mana-research:
-    build:
-      context: .
-      dockerfile: services/mana-research/Dockerfile
-    image: mana-research:local
-    container_name: mana-research
-    restart: always
-    # Tier-3 right-size 2026-04-28: live RSS ~57 MiB, 4× headroom is enough.
-    mem_limit: 128m
-    depends_on:
-      postgres:
-        condition: service_healthy
-      redis:
-        condition: service_started
-      mana-credits:
-        condition: service_healthy
-      mana-search:
-        condition: service_started
-    environment:
-      TZ: Europe/Berlin
-      NODE_ENV: production
-      PORT: 3068
-      DATABASE_URL: postgresql://postgres:${POSTGRES_PASSWORD:-mana123}@postgres:5432/mana_platform
-      # Redis requires auth (see redis service `--requirepass`). Without the
-      # password here the cache layer degrades to every-request-missing with
-      # NOAUTH log spam. Cache misses are not fatal (the executor just
-      # proxies straight to the upstream provider), but the log noise
-      # drowns out real errors in grafana/glitchtip.
-      REDIS_URL: redis://:${REDIS_PASSWORD:-redis123}@redis:6379
-      MANA_AUTH_URL: http://mana-auth:3001
-      MANA_LLM_URL: http://mana-llm:3025
-      MANA_CREDITS_URL: http://mana-credits:3002
-      MANA_SEARCH_URL: http://mana-search:3021
-      MANA_SERVICE_KEY: ${MANA_SERVICE_KEY}
-      CACHE_TTL_SECONDS: 3600
-      BRAVE_API_KEY: ${BRAVE_API_KEY:-}
-      TAVILY_API_KEY: ${TAVILY_API_KEY:-}
-      EXA_API_KEY: ${EXA_API_KEY:-}
-      SERPER_API_KEY: ${SERPER_API_KEY:-}
-      JINA_API_KEY: ${JINA_API_KEY:-}
-      FIRECRAWL_API_KEY: ${FIRECRAWL_API_KEY:-}
-      SCRAPINGBEE_API_KEY: ${SCRAPINGBEE_API_KEY:-}
-      PERPLEXITY_API_KEY: ${PERPLEXITY_API_KEY:-}
-      ANTHROPIC_API_KEY: ${ANTHROPIC_API_KEY:-}
-      OPENAI_API_KEY: ${OPENAI_API_KEY:-}
-      GOOGLE_GENAI_API_KEY: ${GOOGLE_GENAI_API_KEY:-}
-      CORS_ORIGINS: https://mana.how,https://chat.mana.how,https://research.mana.how
-    ports:
-      - "3068:3068"
-    healthcheck:
-      test: ["CMD", "bun", "-e", "fetch('http://127.0.0.1:3068/health').then(r=>process.exit(r.ok?0:1)).catch(()=>process.exit(1))"]
-      interval: 120s
-      timeout: 10s
-      retries: 3
-      start_period: 15s
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.mana-research.rule=Host(`research.mana.how`)"
-      - "traefik.http.routers.mana-research.tls=true"
-      - "traefik.http.services.mana-research.loadbalancer.server.port=3068"
+  # mana-research moved to GPU-Box on 2026-05-07 (Phase 2g). Source-of-truth
+  # is now mana-monorepo/infrastructure/docker-compose.gpu-box.yml. DNS for
+  # research.mana.how points at the mana-gpu-server tunnel; cross-LAN to
+  # mana-credits + mana-search + postgres + redis on 192.168.178.131.
 
   mana-events:
     build:
@@ -930,7 +874,7 @@ services:
       # internal docker-network URL. Without this pair, the SSR-
       # injected window.__PUBLIC_MANA_RESEARCH_URL__ is empty string
       # and research fetches fall back to the current origin (404).
-      PUBLIC_MANA_RESEARCH_URL: http://mana-research:3068
+      PUBLIC_MANA_RESEARCH_URL: https://research.mana.how
       PUBLIC_MANA_RESEARCH_URL_CLIENT: https://research.mana.how
       # mana-analytics — public-feedback hub. Browser hits the
       # /api/v1/(public/)feedback/* endpoints directly; SSR uses the