From 92dcf9f46b058df0024c13a80f2ea23f8c7bae48 Mon Sep 17 00:00:00 2001
From: Alexander Whitestone <alexander@alexanderwhitestone.com>
Date: Wed, 15 Apr 2026 16:29:29 +0000
Subject: [PATCH] Add ansible/scripts/deploy-bezalel.sh

---
 ansible/scripts/deploy-bezalel.sh | 72 +++++++++++++++++++++++++++++++
 1 file changed, 72 insertions(+)
 create mode 100644 ansible/scripts/deploy-bezalel.sh

diff --git a/ansible/scripts/deploy-bezalel.sh b/ansible/scripts/deploy-bezalel.sh
new file mode 100644
index 00000000..32bcc21d
--- /dev/null
+++ b/ansible/scripts/deploy-bezalel.sh
@@ -0,0 +1,72 @@
+#!/usr/bin/env bash
+# deploy-bezalel.sh — One-command Bezalel deployment
+#
+# Usage:
+#   ./deploy-bezalel.sh          # Full deploy
+#   ./deploy-bezalel.sh --check  # Dry run
+#   ./deploy-bezalel.sh --config # Config only
+#
+# Requires: ansible-playbook, SSH access to 159.203.146.185
+
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+INVENTORY="$SCRIPT_DIR/../inventory/hosts.yml"
+PLAYBOOK="$SCRIPT_DIR/../playbooks/site.yml"
+WIZARD="bezalel"
+VPS="159.203.146.185"
+
+log() { echo "[deploy-bezalel] $*"; }
+
+# Pre-flight checks
+if ! command -v ansible-playbook &>/dev/null; then
+    echo "ERROR: ansible-playbook not found" >&2
+    exit 1
+fi
+
+if [ ! -f "$INVENTORY" ]; then
+    echo "ERROR: Inventory not found at $INVENTORY" >&2
+    exit 1
+fi
+
+# Test SSH connectivity
+log "Testing SSH connectivity to $VPS..."
+if ! ssh -o ConnectTimeout=10 -o StrictHostKeyChecking=accept-new "root@$VPS" "echo 'SSH OK'" 2>/dev/null; then
+    echo "ERROR: Cannot reach $VPS via SSH" >&2
+    exit 1
+fi
+
+# Parse args
+EXTRA_ARGS="--limit $WIZARD"
+if [ "${1:-}" = "--check" ]; then
+    EXTRA_ARGS="$EXTRA_ARGS --check --diff"
+    log "DRY RUN mode"
+elif [ "${1:-}" = "--config" ]; then
+    EXTRA_ARGS="$EXTRA_ARGS --tags golden,config"
+    log "CONFIG ONLY mode"
+fi
+
+log "Deploying $WIZARD to $VPS..."
+ansible-playbook -i "$INVENTORY" "$PLAYBOOK" $EXTRA_ARGS
+
+# Post-deploy validation
+log "Validating deployment..."
+ssh "root@$VPS" bash <<'REMOTE'
+echo "=== Systemd status ==="
+systemctl is-active hermes-bezalel 2>/dev/null || echo "hermes-bezalel service not active (may need manual start)"
+
+echo "=== Directory structure ==="
+ls -la /root/wizards/bezalel/ 2>/dev/null || echo "wizard dir missing"
+
+echo "=== Config check ==="
+if [ -f /root/wizards/bezalel/config.yaml ]; then
+    echo "config.yaml exists ($(wc -c < /root/wizards/bezalel/config.yaml) bytes)"
+else
+    echo "config.yaml MISSING"
+fi
+
+echo "=== Banned provider scan ==="
+grep -ri 'anthropic\|claude-sonnet\|claude-opus\|claude-haiku' /root/wizards/bezalel/config.yaml 2>/dev/null && echo "BANNED PROVIDER FOUND" || echo "Clean"
+REMOTE
+
+log "Deployment complete."