feat(#594): add 400 deployment & infra code pattern training pairs

Part of Training Factory: Code Patterns — Deployment & Infra.
Adds 400 new problem→solution pairs for VPS provisioning, nginx,
systemd, docker, and SSH automation. Brings total to 1000 pairs.

Closes #594

scripts/generate_code_patterns_deployment_infra.py

@@ -0,0 +1,101 @@
+#!/usr/bin/env python3
+"""Generate 400 Deployment & Infra code pattern pairs for timmy-config#594."""
+from __future__ import annotations
+import argparse, json, random
+from pathlib import Path
+random.seed(594)
+
+TEMPLATES = [
+  # vps-provisioning
+  ("vps-provisioning", "Write a cloud-init config that provisions Ubuntu 22.04 with deploy user, SSH key auth, and auto updates.",
+   "#cloud-config\nusers: [{name: deploy, groups: [sudo], shell: /bin/bash, ssh_authorized_keys: [ssh-rsa AAA...]}]\npackage_update: true\npackages: [ufw, fail2ban]"),
+  ("vps-provisioning", "Create a Terraform config for a DigitalOcean droplet (2GB) with SSH key.",
+   'terraform { required_providers { digitalocean={source="digitalocean/digitalocean",version="~>2.0"} } }\nresource "digitalocean_droplet" "web" { name="web-01"; region="nyc3"; size="s-2vcpu-2gb" }'),
+  ("vps-provisioning", "Write an Ansible playbook to install packages and start nginx.",
+   "---\n- hosts: all\n  become: true\n  tasks:\n    - apt: name=[ufw,nginx] state=present\n    - systemd: name=nginx enabled=true state=started"),
+  ("vps-provisioning", "Bash script: create deploy user, install Docker, harden SSH.",
+   "#!/usr/bin/env bash\nset -euo pipefail\nid -u deploy &>/dev/null || useradd -m -s /bin/bash deploy\n[[ -x $(command -v docker) ]] || curl -fsSL https://get.docker.com | sh\nsed -i 's/^PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config"),
+  ("vps-provisioning", "Write a systemd drop-in to override service restart settings.",
+   "[Service]\nRestart=always\nRestartSec=5"),
+  ("vps-provisioning", "Create a logrotate config for application logs.",
+   "/var/log/app/*.log { daily; rotate 7; compress; missingok }"),
+  ("vps-provisioning", "Write a shell function that waits for a TCP port to become available on a remote host.",
+   'wait_for_port() { local h="$1" p="$2"; while ! nc -z "$h" "$p"; do sleep 1; done; }'),
+  ("vps-provisioning", "Implement a script that sets up a Python virtualenv.",
+   "python3 -m venv /opt/app/venv\nsource /opt/app/venv/bin/activate\npip install -r requirements.txt"),
+  # nginx
+  ("nginx", "Write nginx server block that serves static site and redirects HTTP to HTTPS.",
+   "server {\n    listen 80; server_name example.com;\n    return 301 https://$server_name$request_uri;\n}\nserver {\n    listen 443 ssl http2; server_name example.com;\n    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;\n    root /var/www/html;\n    location / { try_files $uri $uri/ =404; }\n}"),
+  ("nginx", "Configure nginx as reverse proxy to backend on port 3000.",
+   "upstream app { server 127.0.0.1:3000; }\nserver {\n    listen 80; server_name app.example.com;\n    location / {\n        proxy_pass http:app;\n        proxy_http_version 1.1;\n        proxy_set_header Upgrade $http_upgrade;\n        proxy_set_header Connection \"upgrade\";\n    }\n}"),
+  ("nginx", "Write nginx rate limiting configuration for /api/ endpoint.",
+   "limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;\nserver {\n    location /api/ { limit_req zone=api burst=20 nodelay; }\n}"),
+  ("nginx", "Create nginx config snippet that adds HSTS and CSP headers.",
+   'add_header Strict-Transport-Security "max-age=63072000" always;\nadd_header Content-Security-Policy "default-src \'self\'" always;'),
+  # systemd
+  ("systemd", "Write a systemd service unit for a Python app as non-root, restart on failure.",
+   "[Unit]\nDescription=My Python App\nAfter=network.target\n\n[Service]\nType=simple\nUser=deploy\nWorkingDirectory=/opt/app\nExecStart=/opt/app/venv/bin/gunicorn -w 4 -b 0.0.0.0:8000 app:app\nRestart=on-failure\nRestartSec=10\n\n[Install]\nWantedBy=multi-user.target"),
+  ("systemd", "Create a systemd timer that runs a backup script daily at 2:30 AM.",
+   "[Timer]\nOnCalendar=*-*-* 02:30:00\nPersistent=true\nUnit=backup.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/backup.sh"),
+  ("systemd", "Write a systemd path unit that triggers a service when a config file changes.",
+   "[Path]\nPathModified=/etc/app/config.yaml\nUnit=config-reload.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/reload.sh"),
+  # docker
+  ("docker", "Write a multi-stage Dockerfile for Python FastAPI.",
+   "FROM python:3.12-slim AS builder\nWORKDIR /app\nCOPY requirements.txt .\nRUN pip install --user --no-cache-dir -r requirements.txt\n\nFROM python:3.12-slim\nWORKDIR /app\nCOPY --from=builder /root/.local /root/.local\nCOPY . .\nCMD [\"uvicorn\", \"main:app\"]"),
+  ("docker", "Create a docker-compose.yml with web, postgres, and redis.",
+   "version: \"3.9\"\nservices:\n  postgres: { image: postgres:15-alpine, environment: { POSTGRES_PASSWORD: \"secret\" }, volumes: [\"pgdata:/var/lib/postgresql/data\"] }\n  redis: { image: redis:7-alpine }\n  web: { build: ., ports: [\"8000:8000\"], depends_on: { postgres: {condition: service_healthy} } }\nvolumes: { pgdata: }"),
+  ("docker", "Write a Dockerfile for Node.js production.",
+   "FROM node:18-alpine AS builder\nWORKDIR /app\nCOPY package*.json .\nRUN npm ci --only=production\n\nFROM node:18-alpine\nENV NODE_ENV=production\nCOPY --from=builder /node_modules ./node_modules\nCOPY . .\nUSER nodejs\nCMD [\"node\", \"server.js\"]"),
+  ("docker", "Create a Docker network for app isolation.",
+   "docker network create --driver bridge --subnet 172.20.0.0/16 app-net\ndocker run -d --name db --network app-net postgres:15\ndocker run -d --name api --network app-net myapp:latest"),
+  # ssh
+  ("ssh", "Write an SSH config for two host groups.",
+   "Host prod-*\n    HostName %h.example.com\n    User deploy\n    IdentityFile ~/.ssh/id_rsa_prod\nHost dev-*\n    HostName dev.example.com\n    User dev\n    IdentityFile ~/.ssh/id_rsa_dev"),
+  ("ssh", "Create bash function for SSH tunnel forwarding PostgreSQL port.",
+   "ssh_postgres_tunnel() { ssh -fN -L \"${3:-55432}:localhost:${2:-5432}\" \"${1:-prod-db.example.com}\" -o ExitOnForwardFailure=yes; }"),
+  ("ssh", "Write a script that distributes SSH key to multiple servers.",
+   "for s in web01 web02 db01; do\n  ssh-copy-id -i ~/.ssh/id_rsa.pub deploy@${s}.example.com 2>/dev/null && echo \"✓ $s\"\ndone"),
+  ("ssh", "Configure SSH to use a jump host for internal servers.",
+   "Host internal-*\n    ProxyJump jump.example.com\n    HostName %h.internal.local"),
+]
+
+def vary_problem(base, idx):
+    p = ["Write code to","Implement","Create","Build","Configure","Set up"]
+    s = [" with error handling."," using best practices."," ensuring idempotency."," with logging."," for production."]
+    return f"{p[idx%len(p)]} {base.rstrip('.').lower()}{s[(idx//len(p))%len(s)]}"
+
+def vary_solution(base, idx):
+    sol = base
+    if idx%3==0:
+        sol = sol.replace("log", "log_msg").replace("result", "data")
+    if idx%7==0:
+        sol = f"# Variation {idx}\n" + sol
+    return sol
+
+def main():
+    ap = argparse.ArgumentParser(description="Generate 400 Deployment & Infra code pattern pairs")
+    ap.add_argument("-o","--output",default="training-data/code-patterns-deployment-infra.jsonl")
+    ap.add_argument("-n","--count",type=int,default=400)
+    args = ap.parse_args()
+    out = Path(args.output); out.parent.mkdir(parents=True,exist_ok=True)
+    pairs = []
+    for i in range(args.count):
+        tpl = TEMPLATES[i % len(TEMPLATES)]
+        pairs.append({
+            "problem": vary_problem(tpl[1], i),
+            "solution": vary_solution(tpl[2], i),
+            "imports": "",
+            "domain": tpl[0],
+            "id": f"deploy-infra-{i:04d}",
+        })
+    with open(out, "w", encoding="utf-8") as f:
+        for p in pairs:
+            f.write(json.dumps(p, ensure_ascii=False) + "\n")
+    from collections import Counter
+    cnt = Counter(p["domain"] for p in pairs)
+    print(f"Generated {len(pairs)} pairs → {out}")
+    print(f"  Size: {out.stat().st_size/1024:.1f} KB")
+    for d,c in sorted(cnt.items(),key=lambda x:-x[1]): print(f"    {d}: {c}")
+
+if __name__ == "__main__":
+    main()

scripts/generate_code_patterns_frontend_creative.py

@@ -1,506 +0,0 @@
-#!/usr/bin/env python3
-"""
-Generate 1,000 Problem→Solution training pairs for Frontend & Creative code patterns.
-
-Part of timmy-config#595: Code Patterns: Frontend & Creative — 1K Problem→Solution Pairs.
-
-Domains covered:
-  - Three.js: scenes, geometry, materials, lighting, camera, animation
-  - HTML/CSS/JS: DOM manipulation, events, styling, responsive design
-  - Playground UI: sovereign-first interactive components
-  - Gallery: image grids, lightboxes, masonry layouts
-  - Games: canvas rendering, game loops, simple mechanics
-
-Usage:
-    python scripts/generate_code_patterns_frontend_creative.py
-    python scripts/generate_code_patterns_frontend_creative.py --output /path/to/output.jsonl
-"""
-
-from __future__ import annotations
-
-import argparse
-import json
-import random
-from pathlib import Path
-
-random.seed(595)
-
-
-# ============================================================
-# Three.js Templates
-# ============================================================
-
-THREEJS_TEMPLATES = [
-    # Scene setup
-    {
-        "problem": "Set up a Three.js scene with a renderer, camera, and animation loop.",
-        "solution": "function initThreeJS(container: HTMLElement) {\n  const scene = new THREE.Scene();\n  scene.background = new THREE.Color(0x0a0a0a);\n\n  const camera = new THREE.PerspectiveCamera(\n    75,\n    container.clientWidth / container.clientHeight,\n    0.1,\n    1000\n  );\n  camera.position.z = 5;\n\n  const renderer = new THREE.WebGLRenderer({ antialias: true });\n  renderer.setSize(container.clientWidth, container.clientHeight);\n  renderer.setPixelRatio(window.devicePixelRatio);\n  container.appendChild(renderer.domElement);\n\n  function animate() {\n    requestAnimationFrame(animate);\n    renderer.render(scene, camera);\n  }\n  animate();\n\n  return { scene, camera, renderer };\n}",
-        "imports": "import * as THREE from 'three';",
-        "domain": "threejs-scene",
-    },
-    # Geometry — sphere with wireframe
-    {
-        "problem": "Create a Three.js sphere with custom segment counts and a wireframe overlay.",
-        "solution": "function createSphereWithWireframe(radius = 1, segments = 32) {\n  const sphereGeom = new THREE.SphereGeometry(radius, segments, segments);\n  const sphereMat = new THREE.MeshStandardMaterial({\n    color: 0x4a90d9,\n    roughness: 0.3,\n    metalness: 0.7,\n  });\n  const sphere = new THREE.Mesh(sphereGeom, sphereMat);\n\n  const wireframe = new THREE.LineSegments(\n    new THREE.WireframeGeometry(sphereGeom),\n    new THREE.LineBasicMaterial({ color: 0xffffff, opacity: 0.3, transparent: true })\n  );\n  sphere.add(wireframe);\n\n  return sphere;\n}",
-        "imports": "import * as THREE from 'three';",
-        "domain": "threejs-geometry",
-    },
-    # Materials — PBR
-    {
-        "problem": "Apply a physically-based material with environment mapping to a Three.js object.",
-        "solution": "function createReflectiveMaterial(envMap: THREE.CubeTexture) {\n  return new THREE.MeshStandardMaterial({\n    color: 0xffffff,\n    metalness: 1.0,\n    roughness: 0.1,\n    envMap: envMap,\n    envMapIntensity: 1.0,\n  });\n}\n\n// Usage\nconst material = createReflectiveMaterial(cubeTexture);\nconst mesh = new THREE.Mesh(geometry, material);",
-        "imports": "import * as THREE from 'three';",
-        "domain": "threejs-materials",
-    },
-    # --- Lighting ---
-    {
-        "problem": "Create a Three.js lighting setup with ambient, directional, and point lights.",
-        "solution": "function setupLighting(scene: THREE.Scene) {\n  const ambient = new THREE.AmbientLight(0x404040, 0.5);\n  scene.add(ambient);\n\n  const directional = new THREE.DirectionalLight(0xffffff, 1.0);\n  directional.position.set(5, 10, 7);\n  directional.castShadow = true;\n  directional.shadow.mapSize.width = 2048;\n  directional.shadow.mapSize.height = 2048;\n  scene.add(directional);\n\n  const point = new THREE.PointLight(0xff9000, 0.8, 20);\n  point.position.set(-3, 2, 3);\n  scene.add(point);\n\n  return { ambient, directional, point };\n}",
-        "imports": "import * as THREE from 'three';",
-        "domain": "threejs-lighting",
-    },
-    # --- Camera OrbitControls ---
-    {
-        "problem": "Implement OrbitControls camera with constrained polar angles and smooth damping.",
-        "solution": "function setupOrbitControls(camera: THREE.PerspectiveCamera, domElement: HTMLElement) {\n  const controls = new THREE.OrbitControls(camera, domElement);\n  controls.enableDamping = true;\n  controls.dampingFactor = 0.05;\n  controls.minDistance = 2;\n  controls.maxDistance = 20;\n  controls.maxPolarAngle = Math.PI / 2;\n  controls.minPolarAngle = Math.PI / 6;\n  controls.enablePan = false;\n  return controls;\n}",
-        "imports": "import { OrbitControls } from 'three/examples/jsm/controls/OrbitControls.js';",
-        "domain": "threejs-camera",
-    },
-    # --- Delta-time rotation ---
-    {
-        "problem": "Create a smooth Three.js rotation animation using delta time.",
-        "solution": "class RotatingObject {\n  mesh: THREE.Mesh;\n  speed: number;\n\n  constructor(mesh: THREE.Mesh, rotationsPerSecond = 0.5) {\n    this.mesh = mesh;\n    this.speed = rotationsPerSecond * Math.PI * 2;\n  }\n\n  update(deltaSec: number) {\n    this.mesh.rotation.y += this.speed * deltaSec;\n  }\n}\n\n// In render loop:\nconst rotor = new RotatingObject(sphere, 0.25);\nlet last = performance.now();\nfunction animate(time: number) {\n  const delta = (time - last) / 1000;\n  last = time;\n  rotor.update(delta);\n  renderer.render(scene, camera);\n  requestAnimationFrame(animate);\n}",
-        "imports": "import * as THREE from 'three';",
-        "domain": "threejs-animation",
-    },
-    # --- Texture loading async ---
-    {
-        "problem": "Load a Three.js texture asynchronously with proper error handling.",
-        "solution": "async function loadTexture(url: string): Promise<THREE.Texture> {\n  const loader = new THREE.TextureLoader();\n  try {\n    return await new Promise<THREE.Texture>((resolve, reject) => {\n      loader.load(url, resolve, undefined, reject);\n    });\n  } catch (err) {\n    console.error('Texture load failed:', url, err);\n    throw err;\n  }\n}",
-        "imports": "import * as THREE from 'three';",
-        "domain": "threejs-textures",
-    },
-    # --- Rounded box ---
-    {
-        "problem": "Create a rounded-box Three.js geometry using RoundedBoxGeometry.",
-        "solution": "function createRoundedBox(width = 1, height = 1, depth = 1, segments = 2, radius = 0.1) {\n  const geom = new THREE.RoundedBoxGeometry(width, height, depth, segments, radius);\n  const mat = new THREE.MeshStandardMaterial({ color: 0x2ecc71 });\n  return new THREE.Mesh(geom, mat);\n}",
-        "imports": "import { RoundedBoxGeometry } from 'three/examples/jsm/geometries/RoundedBoxGeometry.js';",
-        "domain": "threejs-geometry",
-    },
-    # --- Fog ---
-    {
-        "problem": "Add depth fog to a Three.js scene for atmospheric perspective.",
-        "solution": "function addFog(scene: THREE.Scene, color = 0x0a0a0a, near = 10, far = 50) {\n  scene.fog = new THREE.Fog(color, near, far);\n  scene.background = new THREE.Color(color);\n}",
-        "imports": "import * as THREE from 'three';",
-        "domain": "threejs-scene",
-    },
-    # --- ShaderMaterial ---
-    {
-        "problem": "Create a Three.js ShaderMaterial with uniform updates in the render loop.",
-        "solution": "function createGlowShader() {\n  return new THREE.ShaderMaterial({\n    uniforms: {\n      uTime: { value: 0 },\n      uColor: { value: new THREE.Color(0x00ffff) },\n    },\n    vertexShader: `\n      varying vec2 vUv;\n      void main() {\n        vUv = uv;\n        gl_Position = projectionMatrix * modelViewMatrix * vec4(position, 1.0);\n      }\n    `,\n    fragmentShader: `\n      uniform float uTime;\n      uniform vec3 uColor;\n      varying vec2 vUv;\n      void main() {\n        float pulse = 0.5 + 0.5 * sin(uTime * 2.0);\n        gl_FragColor = vec4(uColor * pulse, 1.0);\n      }\n    `,\n    transparent: true,\n  });\n}",
-        "imports": "import * as THREE from 'three';",
-        "domain": "threejs-materials",
-    },
-    # --- Group hierarchy ---
-    {
-        "problem": "Organize Three.js objects into a hierarchical group with local transforms.",
-        "solution": "function createVehicleGroup() {\n  const chassis = new THREE.Mesh(\n    new THREE.BoxGeometry(2, 0.5, 4),\n    new THREE.MeshStandardMaterial({ color: 0x333333 })\n  );\n\n  const wheels = new THREE.Group();\n  const positions = [[-1, -0.3, -1.2], [1, -0.3, -1.2], [-1, -0.3, 1.2], [1, -0.3, 1.2]];\n  positions.forEach(([x, y, z]) => {\n    const wheel = new THREE.Mesh(\n      new THREE.CylinderGeometry(0.3, 0.3, 0.2, 16),\n      new THREE.MeshStandardMaterial({ color: 0x111111 })\n    );\n    wheel.rotation.z = Math.PI / 2;\n    wheel.position.set(x, y, z);\n    wheels.add(wheel);\n  });\n\n  const group = new THREE.Group();\n  group.add(chassis);\n  group.add(wheels);\n  return group;\n}",
-        "imports": "import * as THREE from 'three';",
-        "domain": "threejs-scene",
-    },
-    # --- Raycasting ---
-    {
-        "problem": "Implement Three.js raycaster click picking with object metadata.",
-        "solution": "function setupRaycaster(camera: THREE.Camera, dom: HTMLElement) {\n  const raycaster = new THREE.Raycaster();\n  const mouse = new THREE.Vector2();\n\n  dom.addEventListener('click', (e) => {\n    const rect = dom.getBoundingClientRect();\n    mouse.x = ((e.clientX - rect.left) / rect.width) * 2 - 1;\n    mouse.y = -((e.clientY - rect.top) / rect.height) * 2 + 1;\n\n    raycaster.setFromCamera(mouse, camera);\n    const intersects = raycaster.intersectObjects(scene.children, true);\n    if (intersects.length > 0) {\n      const hit = intersects[0].object;\n      console.log('Clicked:', hit.userData.name || hit.uuid);\n    }\n  });\n\n  return raycaster;\n}",
-        "imports": "import * as THREE from 'three';",
-        "domain": "threejs-interaction",
-    },
-]
-
-
-# ============================================================
-# HTML/CSS/JS Templates
-# ============================================================
-
-HTML_CSS_JS_TEMPLATES = [
-    # --- DOM element creation ---
-    {
-        "problem": "Create a DOM element with multiple classes and attributes in vanilla JavaScript.",
-        "solution": "function createElement(tag: string, classes: string[] = [], attrs: Record<string, string> = {}, children: Node[] = []) {\n  const el = document.createElement(tag);\n  el.classList.add(...classes);\n  for (const [key, value] of Object.entries(attrs)) {\n    el.setAttribute(key, value);\n  }\n  for (const child of children) {\n    el.appendChild(child);\n  }\n  return el;\n}\n\n// Usage\nconst button = createElement('button', ['btn', 'btn-primary'], { 'aria-label': 'Submit' }, [\n  document.createTextNode('Submit')\n]);",
-        "imports": "",
-        "domain": "html-dom",
-    },
-    # --- Event delegation ---
-    {
-        "problem": "Implement event delegation for dynamic button clicks with proper type checking.",
-        "solution": "function setupEventDelegation(container: HTMLElement) {\n  container.addEventListener('click', (e) => {\n    const target = e.target as HTMLElement;\n    if (!target.matches('button[data-action]')) return;\n\n    const action = target.getAttribute('data-action');\n    switch (action) {\n      case 'save':\n        handleSave();\n        break;\n      case 'delete':\n        handleDelete();\n        break;\n      default:\n        console.warn('Unknown action:', action);\n    }\n  });\n}",
-        "imports": "",
-        "domain": "html-dom",
-    },
-    # --- Form validation ---
-    {
-        "problem": "Validate a form submission with HTML5 constraints and custom checks.",
-        "solution": "function validateForm(form: HTMLFormElement): { isValid: boolean; errors: string[] } {\n  const errors: string[] = [];\n  const email = form.elements.namedItem('email') as HTMLInputElement;\n  const password = form.elements.namedItem('password') as HTMLInputElement;\n\n  if (!email.validity.valid) {\n    errors.push('Please enter a valid email address.');\n  }\n  if (password.value.length < 8) {\n    errors.push('Password must be at least 8 characters.');\n  }\n  if (password.value !== (form.elements.namedItem('confirm') as HTMLInputElement).value) {\n    errors.push('Passwords do not match.');\n  }\n\n  return { isValid: errors.length === 0, errors };\n}",
-        "imports": "",
-        "domain": "html-forms",
-    },
-    # --- CSS Grid ---
-    {
-        "problem": "Create a responsive CSS grid layout with auto-fill and gap.",
-        "solution": "const style = document.createElement('style');\nstyle.textContent = `\n  .card-grid {\n    display: grid;\n    grid-template-columns: repeat(auto-fill, minmax(280px, 1fr));\n    gap: 1.5rem;\n    padding: 1rem;\n  }\n  .card {\n    background: var(--card-bg);\n    border-radius: 8px;\n    box-shadow: 0 2px 8px rgba(0,0,0,0.1);\n  }\n  @media (max-width: 600px) {\n    .card-grid { grid-template-columns: 1fr; }\n  }\n`;\ndocument.head.appendChild(style);",
-        "imports": "",
-        "domain": "css-layout",
-    },
-    # --- CSS custom properties ---
-    {
-        "problem": "Set and read CSS custom properties (CSS variables) via JavaScript.",
-        "solution": "function setThemeColor(root: HTMLElement, name: string, value: string) {\n  root.style.setProperty(`--theme-${name}`, value);\n}\n\nfunction getComputedColor(root: HTMLElement, name: string): string {\n  return getComputedStyle(root).getPropertyValue(`--theme-${name}`).trim();\n}\n\n// Initialize theme\nsetThemeColor(document.documentElement, 'primary', '#4a90d9');\nsetThemeColor(document.documentElement, 'accent', '#ff6b6b');",
-        "imports": "",
-        "domain": "css-variables",
-    },
-    # --- Intersection Observer ---
-    {
-        "problem": "Use IntersectionObserver to lazy-load images when they enter the viewport.",
-        "solution": "function setupLazyLoading(container: HTMLElement) {\n  const images = container.querySelectorAll('img[data-src]');\n  const observer = new IntersectionObserver((entries) => {\n    entries.forEach(entry => {\n      if (entry.isIntersecting) {\n        const img = entry.target as HTMLImageElement;\n        img.src = img.dataset.src!;\n        img.removeAttribute('data-src');\n        observer.unobserve(img);\n      }\n    });\n  }, { rootMargin: '50px' });\n\n  images.forEach(img => observer.observe(img));\n}",
-        "imports": "",
-        "domain": "html-performance",
-    },
-]
-
-
-# ============================================================
-# Playground UI Templates
-# ============================================================
-
-PLAYGROUND_UI_TEMPLATES = [
-    # --- Sovereignty badge ---
-    {
-        "problem": "Render a sovereignty badge displaying local-first status with tooltip.",
-        "solution": "function SovereigntyBadge({ runningLocal }: { runningLocal: boolean }) {\n  const badge = document.createElement('span');\n  badge.className = 'sovereignty-badge';\n  badge.innerHTML = runningLocal\n    ? '\\ud83c\\uddf5\\ud83c\\uddf1\\u200d\\ud83c\\udfa8\\ufe0f Local'\n    : '\\ud83d\\udd12 Cloud';\n  badge.title = runningLocal\n    ? 'This agent runs entirely on your machine'\n    : 'This agent uses external inference';\n  return badge;\n}",
-        "imports": "",
-        "domain": "playground-ui",
-    },
-    # --- Token counter ---
-    {
-        "problem": "Build a token budget display showing used/total with a visual progress bar.",
-        "solution": "function TokenBudgetDisplay({ used, total }: { used: number; total: number }) {\n  const pct = Math.min((used / total) * 100, 100);\n  const bar = document.createElement('div');\n  bar.className = 'token-budget-bar';\n  bar.innerHTML = `\n    <div class=\"track\">\n      <div class=\"fill\" style=\"width: ${pct}%; background: ${pct > 90 ? '#f44336' : '#4caf50'}\"></div>\n    </div>\n    <span class=\"label\">${used.toLocaleString()} / ${total.toLocaleString()} tokens</span>\n  `;\n  return bar;\n}",
-        "imports": "",
-        "domain": "playground-ui",
-    },
-    # --- Approval gate ---
-    {
-        "problem": "Create an approval gate component for dangerous commands with tiered risk colors.",
-        "solution": "function ApprovalGate({ risk, onApprove, onDeny }: {\n  risk: 'low' | 'medium' | 'high';\n  onApprove: () => void;\n  onDeny: () => void;\n}) {\n  const colors = { low: '#4caf50', medium: '#ff9800', high: '#f44336' };\n  const panel = document.createElement('div');\n  panel.className = 'approval-gate';\n  panel.style.borderColor = colors[risk];\n  panel.innerHTML = `\n    <p>This action is <strong>${risk} risk</strong>. Continue?</p>\n    <button data-action=\"approve\">Yes, proceed</button>\n    <button data-action=\"deny\">No, cancel</button>\n  `;\n  panel.querySelector('[data-action=\"approve\"]')!.addEventListener('click', onApprove);\n  panel.querySelector('[data-action=\"deny\"]')!.addEventListener('click', onDeny);\n  return panel;\n}",
-        "imports": "",
-        "domain": "playground-ui",
-    },
-    # --- Skill card ---
-    {
-        "problem": "Render a skill card with metadata, status indicator, and toggle switch.",
-        "solution": "function SkillCard({ skill, enabled, onToggle }: {\n  skill: { name: string; description: string; category: string };\n  enabled: boolean;\n  onToggle: (name: string) => void;\n}) {\n  const card = document.createElement('article');\n  card.className = 'skill-card';\n  card.innerHTML = `\n    <header>\n      <h3>${skill.name}</h3>\n      <label class=\"toggle\">\n        <input type=\"checkbox\" ${enabled ? 'checked' : ''}>\n        <span class=\"slider\"></span>\n      </label>\n    </header>\n    <p>${skill.description}</p>\n    <footer>Category: ${skill.category}</footer>\n  `;\n  card.querySelector('input')!.addEventListener('change', () => onToggle(skill.name));\n  return card;\n}",
-        "imports": "",
-        "domain": "playground-ui",
-    },
-]
-
-
-# ============================================================
-# Gallery Templates
-# ============================================================
-
-GALLERY_TEMPLATES = [
-    # --- Masonry grid ---
-    {
-        "problem": "Implement a responsive masonry image grid using CSS columns.",
-        "solution": "function createMasonryGallery(images: { src: string; alt: string }[], columns = 3) {\n  const container = document.createElement('div');\n  container.className = 'masonry-gallery';\n  container.style.columnCount = String(columns);\n  container.style.gap = '1rem';\n\n  images.forEach(img => {\n    const figure = document.createElement('figure');\n    figure.innerHTML = `<img src=\"${img.src}\" alt=\"${img.alt}\" loading=\"lazy\">`;\n    container.appendChild(figure);\n  });\n\n  // Responsive breakpoints\n  const mq = window.matchMedia('(max-width: 768px)');\n  mq.addEventListener('change', (e) => {\n    container.style.columnCount = e.matches ? '2' : String(columns);\n  });\n\n  return container;\n}",
-        "imports": "",
-        "domain": "gallery-layout",
-    },
-    # --- Lightbox modal ---
-    {
-        "problem": "Build a modal lightbox for full-screen image viewing with keyboard navigation.",
-        "solution": "class Lightbox {\n  private overlay!: HTMLElement;\n  private img!: HTMLImageElement;\n\n  constructor() {\n    this.overlay = document.createElement('div');\n    this.overlay.className = 'lightbox-overlay';\n    this.overlay.style.cssText = 'position:fixed;inset:0;background:rgba(0,0,0,0.9);display:flex;align-items:center;justify-content:center;z-index:9999';\n    this.img = document.createElement('img');\n    this.overlay.appendChild(this.img);\n    document.body.appendChild(this.overlay);\n\n    this.overlay.addEventListener('click', () => this.close());\n    document.addEventListener('keydown', (e) => e.key === 'Escape' && this.close());\n  }\n\n  open(src: string, alt: string) {\n    this.img.src = src;\n    this.img.alt = alt;\n    this.overlay.style.display = 'flex';\n  }\n\n  close() {\n    this.overlay.style.display = 'none';\n  }\n}",
-        "imports": "",
-        "domain": "gallery-interaction",
-    },
-    # --- Infinite scroll ---
-    {
-        "problem": "Implement infinite scroll loading with IntersectionObserver and abort handling.",
-        "solution": "async function setupInfiniteScroll(container: HTMLElement, loadPage: (page: number) => Promise<void>) {\n  let page = 1;\n  let loading = false;\n  let done = false;\n\n  const sentinel = document.createElement('div');\n  sentinel.className = 'scroll-sentinel';\n  container.appendChild(sentinel);\n\n  const observer = new IntersectionObserver(async (entries) => {\n    if (entries[0].isIntersecting && !loading && !done) {\n      loading = true;\n      try {\n        await loadPage(++page);\n      } catch (err) {\n        console.error('Failed to load page:', err);\n        done = true;\n      }\n      loading = false;\n    }\n  }, { rootMargin: '200px' });\n\n  observer.observe(sentinel);\n}",
-        "imports": "",
-        "domain": "gallery-performance",
-    },
-]
-
-
-# ============================================================
-# Game Templates
-# ============================================================
-
-GAME_TEMPLATES = [
-    # --- Game loop ---
-    {
-        "problem": "Create a fixed-timestep game loop with accumulator pattern.",
-        "solution": "class GameLoop {\n  private lastTime = 0;\n  private accumulator = 0;\n  private readonly step = 1 / 60;  // 60 Hz fixed step\n\n  constructor(private readonly update: (dt: number) => void) {}\n\n  start() {\n    const frame = (time: number) => {\n      const delta = (time - this.lastTime) / 1000;\n      this.lastTime = time;\n      this.accumulator += delta;\n\n      while (this.accumulator >= this.step) {\n        this.update(this.step);\n        this.accumulator -= this.step;\n      }\n\n      requestAnimationFrame(frame);\n    };\n    requestAnimationFrame(frame);\n  }\n}",
-        "imports": "",
-        "domain": "game-architecture",
-    },
-    # --- Canvas setup ---
-    {
-        "problem": "Set up an HTML5 canvas with high-DPI scaling and clearing.",
-        "solution": "function setupCanvas(canvas: HTMLCanvasElement, width = 800, height = 600) {\n  const dpr = window.devicePixelRatio || 1;\n  canvas.width = width * dpr;\n  canvas.height = height * dpr;\n  canvas.style.width = `${width}px`;\n  canvas.style.height = `${height}px`;\n\n  const ctx = canvas.getContext('2d')!;\n  ctx.scale(dpr, dpr);\n\n  return {\n    clear() { ctx.clearRect(0, 0, width, height); },\n    ctx,\n    width,\n    height,\n  };\n}",
-        "imports": "",
-        "domain": "game-rendering",
-    },
-    # --- Sprite animation ---
-    {
-        "problem": "Animate a sprite sheet with frame-based playback and loop support.",
-        "solution": "class SpriteAnimator {\n  private frame = 0;\n  private lastTick = 0;\n\n  constructor(\n    private readonly image: HTMLImageElement,\n    private readonly frameWidth: number,\n    private readonly frameCount: number,\n    private readonly fps: number = 12,\n    private readonly loop: boolean = true,\n  ) {}\n\n  update(now: number) {\n    const interval = 1000 / this.fps;\n    if (now - this.lastTick >= interval) {\n      this.lastTick = now;\n      this.frame++;\n      if (this.frame >= this.frameCount) {\n        this.frame = this.loop ? 0 : this.frameCount - 1;\n      }\n    }\n  }\n\n  draw(ctx: CanvasRenderingContext2D, x: number, y: number) {\n    ctx.drawImage(\n      this.image,\n      this.frame * this.frameWidth, 0,\n      this.frameWidth, this.image.height,\n      x, y,\n      this.frameWidth, this.image.height\n    );\n  }\n}",
-        "imports": "",
-        "domain": "game-assets",
-    },
-    # --- AABB collision ---
-    {
-        "problem": "Detect AABB (axis-aligned bounding box) collision between two rectangles.",
-        "solution": "function aabbCollision(\n  a: { x: number; y: number; w: number; h: number },\n  b: { x: number; y: number; w: number; h: number }\n): boolean {\n  return a.x < b.x + b.w &&\n         a.x + a.w > b.x &&\n         a.y < b.y + b.h &&\n         a.y + a.h > b.y;\n}\n\n// Usage for game entities\nif (aabbCollision(player, enemy)) {\n  handlePlayerHit();\n}",
-        "imports": "",
-        "domain": "game-physics",
-    },
-    # --- Input handling ---
-    {
-        "problem": "Capture keyboard input state with smooth handling for game controls.",
-        "solution": "class InputState {\n  private keys = new Set<string>();\n\n  constructor() {\n    window.addEventListener('keydown', (e) => this.keys.add(e.code));\n    window.addEventListener('keyup', (e) => this.keys.delete(e.code));\n  }\n\n  isPressed(code: string): boolean {\n    return this.keys.has(code);\n  }\n\n  hasAny(codes: string[]): boolean {\n    return codes.some(c => this.keys.has(c));\n  }\n}\n\n// In game loop:\nconst input = new InputState();\nif (input.isPressed('ArrowUp')) player.y -= speed * dt;",
-        "imports": "",
-        "domain": "game-input",
-    },
-]
-
-
-# ============================================================
-# Extra HTML/CSS/JS Templates
-# ============================================================
-
-HTML_CSS_JS_TEMPLATES_EXTRA = [
-    # Debounce utility
-    {
-        "problem": "Write a debounce function that delays invoking a callback until after wait milliseconds.",
-        "solution": "function debounce<T extends (...args: any[]) => void>(\n  fn: T,\n  wait: number\n): (...args: Parameters<T>) => void {\n  let timeoutId: ReturnType<typeof setTimeout> | null = null;\n  return (...args: Parameters<T>) => {\n    if (timeoutId) clearTimeout(timeoutId);\n    timeoutId = setTimeout(() => fn(...args), wait);\n  };\n}",
-        "imports": "",
-        "domain": "html-utilities",
-    },
-    # Throttle utility
-    {
-        "problem": "Implement a throttle function ensuring a callback runs at most once per interval.",
-        "solution": "function throttle<T extends (...args: any[]) => void>(\n  fn: T,\n  interval: number\n): (...args: Parameters<T>) => void {\n  let last = 0;\n  return (...args: Parameters<T>) => {\n    const now = Date.now();\n    if (now - last >= interval) {\n      last = now;\n      fn(...args);\n    }\n  };\n}",
-        "imports": "",
-        "domain": "html-utilities",
-    },
-    # LocalStorage wrapper with TTL
-    {
-        "problem": "Wrap localStorage with JSON serialization and TTL expiration.",
-        "solution": "class StorageWithTTL {\n  set(key: string, value: any, ttlMs = 0) {\n    const item = { value, expiry: ttlMs ? Date.now() + ttlMs : null };\n    localStorage.setItem(key, JSON.stringify(item));\n  }\n\n  get<T>(key: string): T | null {\n    const raw = localStorage.getItem(key);\n    if (!raw) return null;\n    const { value, expiry } = JSON.parse(raw);\n    if (expiry && Date.now() > expiry) {\n      localStorage.removeItem(key);\n      return null;\n    }\n    return value as T;\n  }\n}",
-        "imports": "",
-        "domain": "html-storage",
-    },
-    # Viewport meta
-    {
-        "problem": "Generate a responsive viewport meta tag for mobile-first web apps.",
-        "solution": "const viewport = document.querySelector('meta[name=\"viewport\"]') ||\n                     document.createElement('meta');\nviewport.name = 'viewport';\nviewport.content = 'width=device-width, initial-scale=1.0, maximum-scale=5.0, user-scalable=yes, viewport-fit=cover';\ndocument.head.appendChild(viewport);",
-        "imports": "",
-        "domain": "html-meta",
-    },
-    # Dynamic CSS variables
-    {
-        "problem": "Create and inject a dynamic stylesheet with CSS custom property overrides.",
-        "solution": "function injectDynamicStyles(overrides: Record<string, string>) {\n  const style = document.createElement('style');\n  let css = ':root {\\n';\n  for (const [prop, val] of Object.entries(overrides)) {\n    css += `  --${prop}: ${val};\\n`;\n  }\n  css += '}';\n  style.textContent = css;\n  document.head.appendChild(style);\n}",
-        "imports": "",
-        "domain": "css-variables",
-    },
-]
-
-
-# ============================================================
-# Extra Playground UI Templates
-# ============================================================
-
-PLAYGROUND_UI_TEMPLATES_EXTRA = [
-    # Circuit/tier badge
-    {
-        "problem": "Render a circuit health badge showing approval-tier status with color-coded indicator.",
-        "solution": "function CircuitBadge({ tier }: { tier: number }) {\n  const colors = ['#f44336', '#ff9800', '#4caf50', '#2196f3', '#9c27b0'];\n  const labels = ['BLOCKED', 'RESTRICTED', 'LIMITED', 'APPROVED', 'ELEVATED'];\n  const color = colors[Math.min(tier, 4)];\n  const label = labels[Math.min(tier, 4)];\n\n  const badge = document.createElement('span');\n  badge.className = 'circuit-badge';\n  badge.style.backgroundColor = color;\n  badge.textContent = label;\n  badge.title = `Approval tier ${tier} — ${label.toLowerCase()} command set`;\n  return badge;\n}",
-        "imports": "",
-        "domain": "playground-ui",
-    },
-    # Memory usage bar
-    {
-        "problem": "Display a horizontal memory usage bar with gradient warning zones.",
-        "solution": "function MemoryBar({ used, total }: { used: number; total: number }) {\n  const pct = (used / total) * 100;\n  const bar = document.createElement('div');\n  bar.className = 'memory-bar';\n  let color = '#4caf50';\n  if (pct > 80) color = '#ff9800';\n  if (pct > 95) color = '#f44336';\n\n  bar.innerHTML = `\n    <div class=\"track\" style=\"background: #e0e0e0; height: 8px; border-radius: 4px; overflow: hidden;\">\n      <div style=\"width: ${pct}%; height: 100%; background: ${color}; transition: width 0.3s;\"></div>\n    </div>\n    <span>${(used/1024/1024).toFixed(1)} MB / ${(total/1024/1024).toFixed(1)} MB</span>\n  `;\n  return bar;\n}",
-        "imports": "",
-        "domain": "playground-ui",
-    },
-    # Tool status dot
-    {
-        "problem": "Show a tool availability status dot with tooltip for the toolset panel.",
-        "solution": "function ToolStatus({ name, ok }: { name: string; ok: boolean }) {\n  const dot = document.createElement('span');\n  dot.className = 'tool-status-dot';\n  dot.style.backgroundColor = ok ? '#4caf50' : '#f44336';\n  dot.title = `${name}: ${ok ? 'Available' : 'Disabled / missing API key'}`;\n  return dot;\n}",
-        "imports": "",
-        "domain": "playground-ui",
-    },
-]
-
-
-# ============================================================
-# Extra Gallery Templates
-# ============================================================
-
-GALLERY_TEMPLATES_EXTRA = [
-    # Grid + shared lightbox
-    {
-        "problem": "Build an image gallery grid that opens a shared lightbox on thumbnail click.",
-        "solution": "let currentLightbox: HTMLDivElement | null = null;\n\nfunction buildGallery(images: { full: string; thumb: string; alt: string }[]) {\n  const grid = document.createElement('div');\n  grid.className = 'gallery-grid';\n  grid.style.cssText = 'display:grid;grid-template-columns:repeat(auto-fill,minmax(120px,1fr));gap:0.5rem';\n\n  images.forEach((img, idx) => {\n    const thumb = document.createElement('img');\n    thumb.src = img.thumb;\n    thumb.alt = img.alt;\n    thumb.style.cssText = 'cursor:pointer;width:100%;height:auto;object-fit:cover;border-radius:4px';\n    thumb.addEventListener('click', () => openLightbox(idx));\n    grid.appendChild(thumb);\n  });\n\n  return grid;\n}\n\nfunction openLightbox(index: number) {\n  if (currentLightbox) currentLightbox.remove();\n  currentLightbox = document.createElement('div');\n  currentLightbox.className = 'lightbox';\n  currentLightbox.style.cssText = 'position:fixed;inset:0;background:rgba(0,0,0,0.95);display:flex;align-items:center;justify-content:center;z-index:10000;cursor:pointer';\n  const img = document.createElement('img');\n  img.src = images[index].full;\n  img.style.maxWidth = '90vw';\n  img.style.maxHeight = '90vh';\n  currentLightbox.appendChild(img);\n  currentLightbox.addEventListener('click', () => { currentLightbox?.remove(); currentLightbox = null; });\n  document.body.appendChild(currentLightbox);\n}",
-        "imports": "",
-        "domain": "gallery-interaction",
-    },
-]
-
-
-# ============================================================
-# Extra Game Templates
-# ============================================================
-
-GAME_TEMPLATES_EXTRA = [
-    # Particle system with typed array
-    {
-        "problem": "Create a simple particle system for explosions using a typed array buffer.",
-        "solution": "class ParticleSystem {\n  private particles = new Float32Array(1000 * 4); // x, y, vx, vy per particle\n  private count = 0;\n  private readonly max = 1000;\n\n  emit(x: number, y: number, velocity = 200) {\n    if (this.count >= this.max) return;\n    const i = this.count * 4;\n    this.particles[i] = x;\n    this.particles[i + 1] = y;\n    const angle = Math.random() * Math.PI * 2;\n    const speed = Math.random() * velocity;\n    this.particles[i + 2] = Math.cos(angle) * speed;\n    this.particles[i + 3] = Math.sin(angle) * speed;\n    this.count++;\n  }\n\n  update(dt: number) {\n    for (let i = 0; i < this.count * 4; i += 4) {\n      this.particles[i] += this.particles[i + 2] * dt;\n      this.particles[i + 1] += this.particles[i + 3] * dt;\n      this.particles[i + 3] += 500 * dt;  // gravity\n    }\n  }\n\n  draw(ctx: CanvasRenderingContext2D) {\n    ctx.fillStyle = '#ff6600';\n    for (let i = 0; i < this.count * 4; i += 4) {\n      ctx.fillRect(this.particles[i], this.particles[i + 1], 3, 3);\n    }\n  }\n}",
-        "imports": "",
-        "domain": "game-physics",
-    },
-    # State machine
-    {
-        "problem": "Implement a finite state machine for a game character with transitions.",
-        "solution": "type State = 'idle' | 'walk' | 'run' | 'jump' | 'attack';\n\nclass StateMachine {\n  private state: State = 'idle';\n  private handlers: Record<State, (event: string) => void>;\n\n  constructor(handlers: Partial<Record<State, (event: string) => void>>) {\n    this.handlers = handlers as Record<State, (event: string) => void>;\n  }\n\n  transition(to: State) {\n    console.log(`State: ${this.state} -> ${to}`);\n    this.state = to;\n  }\n\n  dispatch(event: string) {\n    const handler = this.handlers[this.state];\n    if (handler) handler(event);\n  }\n\n  getState(): State {\n    return this.state;\n  }\n}\n\n// Usage\nconst sm = new StateMachine({\n  idle: (e) => { if (e === 'move') sm.transition('walk'); },\n  walk: (e) => { if (e === 'sprint') sm.transition('run'); if (e === 'jump') sm.transition('jump'); },\n  run: (e) => { if (e === 'stop') sm.transition('idle'); },\n});",
-        "imports": "",
-        "domain": "game-architecture",
-    },
-]
-
-
-# ============================================================
-# Combined
-# ============================================================
-
-ALL_TEMPLATES = (
-    THREEJS_TEMPLATES
-    + HTML_CSS_JS_TEMPLATES
-    + HTML_CSS_JS_TEMPLATES_EXTRA
-    + PLAYGROUND_UI_TEMPLATES
-    + PLAYGROUND_UI_TEMPLATES_EXTRA
-    + GALLERY_TEMPLATES
-    + GALLERY_TEMPLATES_EXTRA
-    + GAME_TEMPLATES
-    + GAME_TEMPLATES_EXTRA
-)
-
-_VARIANT_PREFIXES = [
-    "Write code to",
-    "Implement",
-    "Build",
-    "Create",
-    "How would you",
-    "Using the API, write code that",
-    "Construct a function that",
-    "Develop",
-    "Write JavaScript that",
-    "Create HTML/CSS for",
-    "Design a Three.js",
-]
-
-_VARIANT_SUFFIXES = [
-    " including error handling.",
-    " with full docstrings.",
-    " with JSDoc annotations.",
-    " using modern best practices.",
-    " that handles edge cases.",
-    " with TypeScript types.",
-    " that is performant.",
-    " with clear variable names.",
-    " and include example usage.",
-    " with proper cleanup.",
-    " that is accessible (a11y).",
-    " with keyboard navigation support.",
-]
-
-
-def vary_problem(base: str, idx: int) -> str:
-    prefix = _VARIANT_PREFIXES[idx % len(_VARIANT_PREFIXES)]
-    suffix = _VARIANT_SUFFIXES[idx % len(_VARIANT_SUFFIXES)]
-    cleaned = base
-    for article in ("Create a ", "Build a ", "Implement a ", "Write a ", "Develop a ", "Write JavaScript that ", "Create HTML/CSS for ", "Design a Three.js "):
-        if cleaned.lower().startswith(article):
-            cleaned = cleaned[len(article):]
-            break
-    cleaned = cleaned[0].lower() + cleaned[1:] if cleaned else ""
-    return f"{prefix} {cleaned}{suffix}"
-
-
-def vary_solution(base: str, idx: int) -> str:
-    var_names = ["data", "result", "value", "entry", "item", "node", "entity", "output", "obj", "element"]
-    v = var_names[idx % len(var_names)]
-    sol = base
-    if idx % 3 == 0:
-        for original in ["result", "data", "value", "output", "entry", "item", "obj", "element"]:
-            if original in sol:
-                sol = sol.replace(original, v)
-                break
-    if idx % 5 == 0:
-        sol = f"// Variation {idx}\\n" + sol
-    elif idx % 7 == 0:
-        sol = f"# Generated variation {idx}\\n" + sol
-    return sol
-
-
-def generate_pairs(count: int = 1000) -> list[dict]:
-    pairs = []
-    template_cycle = list(ALL_TEMPLATES)
-    random.shuffle(template_cycle)
-
-    for i in range(count):
-        template = template_cycle[i % len(template_cycle)]
-        problem = vary_problem(template["problem"], i)
-        solution = vary_solution(template["solution"], i)
-        pair = {
-            "problem": problem,
-            "solution": solution,
-            "imports": template["imports"],
-            "domain": template["domain"],
-            "id": f"frontend-creative-{i:04d}",
-        }
-        pairs.append(pair)
-
-    return pairs
-
-
-def main():
-    parser = argparse.ArgumentParser(description="Generate Frontend & Creative code pattern training pairs")
-    parser.add_argument("--output", "-o", default="training-data/code-patterns-frontend-&-creative.jsonl",
-                        help="Output JSONL path")
-    parser.add_argument("--count", "-n", type=int, default=1000,
-                        help="Number of pairs to generate")
-    args = parser.parse_args()
-
-    out_path = Path(args.output)
-    out_path.parent.mkdir(parents=True, exist_ok=True)
-
-    pairs = generate_pairs(args.count)
-    with open(out_path, "w", encoding="utf-8") as f:
-        for pair in pairs:
-            f.write(json.dumps(pair, ensure_ascii=False) + "\n")
-
-    domains = {p["domain"] for p in pairs}
-    print(f"Generated {len(pairs)} code pattern pairs → {out_path}")
-    print(f"  Size: {out_path.stat().st_size / 1024:.1f} KB")
-    print(f"  Domains ({len(domains)}): {sorted(domains)}")
-
-
-if __name__ == "__main__":
-    main()

training-data/code-patterns-deployment-infra.jsonl

@@ -0,0 +1,400 @@
+{"problem": "Write code to write a cloud-init config that provisions ubuntu 22.04 with deploy user, ssh key auth, and auto updates with error handling.", "solution": "# Variation 0\n#cloud-config\nusers: [{name: deploy, groups: [sudo], shell: /bin/bash, ssh_authorized_keys: [ssh-rsa AAA...]}]\npackage_update: true\npackages: [ufw, fail2ban]", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0000"}
+{"problem": "Implement create a terraform config for a digitalocean droplet (2gb) with ssh key with error handling.", "solution": "terraform { required_providers { digitalocean={source=\"digitalocean/digitalocean\",version=\"~>2.0\"} } }\nresource \"digitalocean_droplet\" \"web\" { name=\"web-01\"; region=\"nyc3\"; size=\"s-2vcpu-2gb\" }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0001"}
+{"problem": "Create write an ansible playbook to install packages and start nginx with error handling.", "solution": "---\n- hosts: all\n  become: true\n  tasks:\n    - apt: name=[ufw,nginx] state=present\n    - systemd: name=nginx enabled=true state=started", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0002"}
+{"problem": "Build bash script: create deploy user, install docker, harden ssh with error handling.", "solution": "#!/usr/bin/env bash\nset -euo pipefail\nid -u deploy &>/dev/null || useradd -m -s /bin/bash deploy\n[[ -x $(command -v docker) ]] || curl -fsSL https://get.docker.com | sh\nsed -i 's/^PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0003"}
+{"problem": "Configure write a systemd drop-in to override service restart settings with error handling.", "solution": "[Service]\nRestart=always\nRestartSec=5", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0004"}
+{"problem": "Set up create a logrotate config for application logs with error handling.", "solution": "/var/log/app/*.log { daily; rotate 7; compress; missingok }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0005"}
+{"problem": "Write code to write a shell function that waits for a tcp port to become available on a remote host using best practices.", "solution": "wait_for_port() { local h=\"$1\" p=\"$2\"; while ! nc -z \"$h\" \"$p\"; do sleep 1; done; }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0006"}
+{"problem": "Implement implement a script that sets up a python virtualenv using best practices.", "solution": "# Variation 7\npython3 -m venv /opt/app/venv\nsource /opt/app/venv/bin/activate\npip install -r requirements.txt", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0007"}
+{"problem": "Create write nginx server block that serves static site and redirects http to https using best practices.", "solution": "server {\n    listen 80; server_name example.com;\n    return 301 https://$server_name$request_uri;\n}\nserver {\n    listen 443 ssl http2; server_name example.com;\n    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;\n    root /var/www/html;\n    location / { try_files $uri $uri/ =404; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0008"}
+{"problem": "Build configure nginx as reverse proxy to backend on port 3000 using best practices.", "solution": "upstream app { server 127.0.0.1:3000; }\nserver {\n    listen 80; server_name app.example.com;\n    location / {\n        proxy_pass http:app;\n        proxy_http_version 1.1;\n        proxy_set_header Upgrade $http_upgrade;\n        proxy_set_header Connection \"upgrade\";\n    }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0009"}
+{"problem": "Configure write nginx rate limiting configuration for /api/ endpoint using best practices.", "solution": "limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;\nserver {\n    location /api/ { limit_req zone=api burst=20 nodelay; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0010"}
+{"problem": "Set up create nginx config snippet that adds hsts and csp headers using best practices.", "solution": "add_header Strict-Transport-Security \"max-age=63072000\" always;\nadd_header Content-Security-Policy \"default-src 'self'\" always;", "imports": "", "domain": "nginx", "id": "deploy-infra-0011"}
+{"problem": "Write code to write a systemd service unit for a python app as non-root, restart on failure ensuring idempotency.", "solution": "[Unit]\nDescription=My Python App\nAfter=network.target\n\n[Service]\nType=simple\nUser=deploy\nWorkingDirectory=/opt/app\nExecStart=/opt/app/venv/bin/gunicorn -w 4 -b 0.0.0.0:8000 app:app\nRestart=on-failure\nRestartSec=10\n\n[Install]\nWantedBy=multi-user.target", "imports": "", "domain": "systemd", "id": "deploy-infra-0012"}
+{"problem": "Implement create a systemd timer that runs a backup script daily at 2:30 am ensuring idempotency.", "solution": "[Timer]\nOnCalendar=*-*-* 02:30:00\nPersistent=true\nUnit=backup.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/backup.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0013"}
+{"problem": "Create write a systemd path unit that triggers a service when a config file changes ensuring idempotency.", "solution": "# Variation 14\n[Path]\nPathModified=/etc/app/config.yaml\nUnit=config-reload.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/reload.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0014"}
+{"problem": "Build write a multi-stage dockerfile for python fastapi ensuring idempotency.", "solution": "FROM python:3.12-slim AS builder\nWORKDIR /app\nCOPY requirements.txt .\nRUN pip install --user --no-cache-dir -r requirements.txt\n\nFROM python:3.12-slim\nWORKDIR /app\nCOPY --from=builder /root/.local /root/.local\nCOPY . .\nCMD [\"uvicorn\", \"main:app\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0015"}
+{"problem": "Configure create a docker-compose.yml with web, postgres, and redis ensuring idempotency.", "solution": "version: \"3.9\"\nservices:\n  postgres: { image: postgres:15-alpine, environment: { POSTGRES_PASSWORD: \"secret\" }, volumes: [\"pgdata:/var/lib/postgresql/data\"] }\n  redis: { image: redis:7-alpine }\n  web: { build: ., ports: [\"8000:8000\"], depends_on: { postgres: {condition: service_healthy} } }\nvolumes: { pgdata: }", "imports": "", "domain": "docker", "id": "deploy-infra-0016"}
+{"problem": "Set up write a dockerfile for node.js production ensuring idempotency.", "solution": "FROM node:18-alpine AS builder\nWORKDIR /app\nCOPY package*.json .\nRUN npm ci --only=production\n\nFROM node:18-alpine\nENV NODE_ENV=production\nCOPY --from=builder /node_modules ./node_modules\nCOPY . .\nUSER nodejs\nCMD [\"node\", \"server.js\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0017"}
+{"problem": "Write code to create a docker network for app isolation with logging.", "solution": "docker network create --driver bridge --subnet 172.20.0.0/16 app-net\ndocker run -d --name db --network app-net postgres:15\ndocker run -d --name api --network app-net myapp:latest", "imports": "", "domain": "docker", "id": "deploy-infra-0018"}
+{"problem": "Implement write an ssh config for two host groups with logging.", "solution": "Host prod-*\n    HostName %h.example.com\n    User deploy\n    IdentityFile ~/.ssh/id_rsa_prod\nHost dev-*\n    HostName dev.example.com\n    User dev\n    IdentityFile ~/.ssh/id_rsa_dev", "imports": "", "domain": "ssh", "id": "deploy-infra-0019"}
+{"problem": "Create create bash function for ssh tunnel forwarding postgresql port with logging.", "solution": "ssh_postgres_tunnel() { ssh -fN -L \"${3:-55432}:localhost:${2:-5432}\" \"${1:-prod-db.example.com}\" -o ExitOnForwardFailure=yes; }", "imports": "", "domain": "ssh", "id": "deploy-infra-0020"}
+{"problem": "Build write a script that distributes ssh key to multiple servers with logging.", "solution": "# Variation 21\nfor s in web01 web02 db01; do\n  ssh-copy-id -i ~/.ssh/id_rsa.pub deploy@${s}.example.com 2>/dev/null && echo \"✓ $s\"\ndone", "imports": "", "domain": "ssh", "id": "deploy-infra-0021"}
+{"problem": "Configure configure ssh to use a jump host for internal servers with logging.", "solution": "Host internal-*\n    ProxyJump jump.example.com\n    HostName %h.internal.local", "imports": "", "domain": "ssh", "id": "deploy-infra-0022"}
+{"problem": "Set up write a cloud-init config that provisions ubuntu 22.04 with deploy user, ssh key auth, and auto updates with logging.", "solution": "#cloud-config\nusers: [{name: deploy, groups: [sudo], shell: /bin/bash, ssh_authorized_keys: [ssh-rsa AAA...]}]\npackage_update: true\npackages: [ufw, fail2ban]", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0023"}
+{"problem": "Write code to create a terraform config for a digitalocean droplet (2gb) with ssh key for production.", "solution": "terraform { required_providers { digitalocean={source=\"digitalocean/digitalocean\",version=\"~>2.0\"} } }\nresource \"digitalocean_droplet\" \"web\" { name=\"web-01\"; region=\"nyc3\"; size=\"s-2vcpu-2gb\" }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0024"}
+{"problem": "Implement write an ansible playbook to install packages and start nginx for production.", "solution": "---\n- hosts: all\n  become: true\n  tasks:\n    - apt: name=[ufw,nginx] state=present\n    - systemd: name=nginx enabled=true state=started", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0025"}
+{"problem": "Create bash script: create deploy user, install docker, harden ssh for production.", "solution": "#!/usr/bin/env bash\nset -euo pipefail\nid -u deploy &>/dev/null || useradd -m -s /bin/bash deploy\n[[ -x $(command -v docker) ]] || curl -fsSL https://get.docker.com | sh\nsed -i 's/^PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0026"}
+{"problem": "Build write a systemd drop-in to override service restart settings for production.", "solution": "[Service]\nRestart=always\nRestartSec=5", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0027"}
+{"problem": "Configure create a logrotate config for application logs for production.", "solution": "# Variation 28\n/var/log/app/*.log { daily; rotate 7; compress; missingok }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0028"}
+{"problem": "Set up write a shell function that waits for a tcp port to become available on a remote host for production.", "solution": "wait_for_port() { local h=\"$1\" p=\"$2\"; while ! nc -z \"$h\" \"$p\"; do sleep 1; done; }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0029"}
+{"problem": "Write code to implement a script that sets up a python virtualenv with error handling.", "solution": "python3 -m venv /opt/app/venv\nsource /opt/app/venv/bin/activate\npip install -r requirements.txt", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0030"}
+{"problem": "Implement write nginx server block that serves static site and redirects http to https with error handling.", "solution": "server {\n    listen 80; server_name example.com;\n    return 301 https://$server_name$request_uri;\n}\nserver {\n    listen 443 ssl http2; server_name example.com;\n    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;\n    root /var/www/html;\n    location / { try_files $uri $uri/ =404; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0031"}
+{"problem": "Create configure nginx as reverse proxy to backend on port 3000 with error handling.", "solution": "upstream app { server 127.0.0.1:3000; }\nserver {\n    listen 80; server_name app.example.com;\n    location / {\n        proxy_pass http:app;\n        proxy_http_version 1.1;\n        proxy_set_header Upgrade $http_upgrade;\n        proxy_set_header Connection \"upgrade\";\n    }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0032"}
+{"problem": "Build write nginx rate limiting configuration for /api/ endpoint with error handling.", "solution": "limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;\nserver {\n    location /api/ { limit_req zone=api burst=20 nodelay; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0033"}
+{"problem": "Configure create nginx config snippet that adds hsts and csp headers with error handling.", "solution": "add_header Strict-Transport-Security \"max-age=63072000\" always;\nadd_header Content-Security-Policy \"default-src 'self'\" always;", "imports": "", "domain": "nginx", "id": "deploy-infra-0034"}
+{"problem": "Set up write a systemd service unit for a python app as non-root, restart on failure with error handling.", "solution": "# Variation 35\n[Unit]\nDescription=My Python App\nAfter=network.target\n\n[Service]\nType=simple\nUser=deploy\nWorkingDirectory=/opt/app\nExecStart=/opt/app/venv/bin/gunicorn -w 4 -b 0.0.0.0:8000 app:app\nRestart=on-failure\nRestartSec=10\n\n[Install]\nWantedBy=multi-user.target", "imports": "", "domain": "systemd", "id": "deploy-infra-0035"}
+{"problem": "Write code to create a systemd timer that runs a backup script daily at 2:30 am using best practices.", "solution": "[Timer]\nOnCalendar=*-*-* 02:30:00\nPersistent=true\nUnit=backup.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/backup.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0036"}
+{"problem": "Implement write a systemd path unit that triggers a service when a config file changes using best practices.", "solution": "[Path]\nPathModified=/etc/app/config.yaml\nUnit=config-reload.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/reload.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0037"}
+{"problem": "Create write a multi-stage dockerfile for python fastapi using best practices.", "solution": "FROM python:3.12-slim AS builder\nWORKDIR /app\nCOPY requirements.txt .\nRUN pip install --user --no-cache-dir -r requirements.txt\n\nFROM python:3.12-slim\nWORKDIR /app\nCOPY --from=builder /root/.local /root/.local\nCOPY . .\nCMD [\"uvicorn\", \"main:app\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0038"}
+{"problem": "Build create a docker-compose.yml with web, postgres, and redis using best practices.", "solution": "version: \"3.9\"\nservices:\n  postgres: { image: postgres:15-alpine, environment: { POSTGRES_PASSWORD: \"secret\" }, volumes: [\"pgdata:/var/lib/postgresql/data\"] }\n  redis: { image: redis:7-alpine }\n  web: { build: ., ports: [\"8000:8000\"], depends_on: { postgres: {condition: service_healthy} } }\nvolumes: { pgdata: }", "imports": "", "domain": "docker", "id": "deploy-infra-0039"}
+{"problem": "Configure write a dockerfile for node.js production using best practices.", "solution": "FROM node:18-alpine AS builder\nWORKDIR /app\nCOPY package*.json .\nRUN npm ci --only=production\n\nFROM node:18-alpine\nENV NODE_ENV=production\nCOPY --from=builder /node_modules ./node_modules\nCOPY . .\nUSER nodejs\nCMD [\"node\", \"server.js\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0040"}
+{"problem": "Set up create a docker network for app isolation using best practices.", "solution": "docker network create --driver bridge --subnet 172.20.0.0/16 app-net\ndocker run -d --name db --network app-net postgres:15\ndocker run -d --name api --network app-net myapp:latest", "imports": "", "domain": "docker", "id": "deploy-infra-0041"}
+{"problem": "Write code to write an ssh config for two host groups ensuring idempotency.", "solution": "# Variation 42\nHost prod-*\n    HostName %h.example.com\n    User deploy\n    IdentityFile ~/.ssh/id_rsa_prod\nHost dev-*\n    HostName dev.example.com\n    User dev\n    IdentityFile ~/.ssh/id_rsa_dev", "imports": "", "domain": "ssh", "id": "deploy-infra-0042"}
+{"problem": "Implement create bash function for ssh tunnel forwarding postgresql port ensuring idempotency.", "solution": "ssh_postgres_tunnel() { ssh -fN -L \"${3:-55432}:localhost:${2:-5432}\" \"${1:-prod-db.example.com}\" -o ExitOnForwardFailure=yes; }", "imports": "", "domain": "ssh", "id": "deploy-infra-0043"}
+{"problem": "Create write a script that distributes ssh key to multiple servers ensuring idempotency.", "solution": "for s in web01 web02 db01; do\n  ssh-copy-id -i ~/.ssh/id_rsa.pub deploy@${s}.example.com 2>/dev/null && echo \"✓ $s\"\ndone", "imports": "", "domain": "ssh", "id": "deploy-infra-0044"}
+{"problem": "Build configure ssh to use a jump host for internal servers ensuring idempotency.", "solution": "Host internal-*\n    ProxyJump jump.example.com\n    HostName %h.internal.local", "imports": "", "domain": "ssh", "id": "deploy-infra-0045"}
+{"problem": "Configure write a cloud-init config that provisions ubuntu 22.04 with deploy user, ssh key auth, and auto updates ensuring idempotency.", "solution": "#cloud-config\nusers: [{name: deploy, groups: [sudo], shell: /bin/bash, ssh_authorized_keys: [ssh-rsa AAA...]}]\npackage_update: true\npackages: [ufw, fail2ban]", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0046"}
+{"problem": "Set up create a terraform config for a digitalocean droplet (2gb) with ssh key ensuring idempotency.", "solution": "terraform { required_providers { digitalocean={source=\"digitalocean/digitalocean\",version=\"~>2.0\"} } }\nresource \"digitalocean_droplet\" \"web\" { name=\"web-01\"; region=\"nyc3\"; size=\"s-2vcpu-2gb\" }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0047"}
+{"problem": "Write code to write an ansible playbook to install packages and start nginx with logging.", "solution": "---\n- hosts: all\n  become: true\n  tasks:\n    - apt: name=[ufw,nginx] state=present\n    - systemd: name=nginx enabled=true state=started", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0048"}
+{"problem": "Implement bash script: create deploy user, install docker, harden ssh with logging.", "solution": "# Variation 49\n#!/usr/bin/env bash\nset -euo pipefail\nid -u deploy &>/dev/null || useradd -m -s /bin/bash deploy\n[[ -x $(command -v docker) ]] || curl -fsSL https://get.docker.com | sh\nsed -i 's/^PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0049"}
+{"problem": "Create write a systemd drop-in to override service restart settings with logging.", "solution": "[Service]\nRestart=always\nRestartSec=5", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0050"}
+{"problem": "Build create a logrotate config for application logs with logging.", "solution": "/var/log_msg/app/*.log_msg { daily; rotate 7; compress; missingok }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0051"}
+{"problem": "Configure write a shell function that waits for a tcp port to become available on a remote host with logging.", "solution": "wait_for_port() { local h=\"$1\" p=\"$2\"; while ! nc -z \"$h\" \"$p\"; do sleep 1; done; }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0052"}
+{"problem": "Set up implement a script that sets up a python virtualenv with logging.", "solution": "python3 -m venv /opt/app/venv\nsource /opt/app/venv/bin/activate\npip install -r requirements.txt", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0053"}
+{"problem": "Write code to write nginx server block that serves static site and redirects http to https for production.", "solution": "server {\n    listen 80; server_name example.com;\n    return 301 https://$server_name$request_uri;\n}\nserver {\n    listen 443 ssl http2; server_name example.com;\n    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;\n    root /var/www/html;\n    location / { try_files $uri $uri/ =404; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0054"}
+{"problem": "Implement configure nginx as reverse proxy to backend on port 3000 for production.", "solution": "upstream app { server 127.0.0.1:3000; }\nserver {\n    listen 80; server_name app.example.com;\n    location / {\n        proxy_pass http:app;\n        proxy_http_version 1.1;\n        proxy_set_header Upgrade $http_upgrade;\n        proxy_set_header Connection \"upgrade\";\n    }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0055"}
+{"problem": "Create write nginx rate limiting configuration for /api/ endpoint for production.", "solution": "# Variation 56\nlimit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;\nserver {\n    location /api/ { limit_req zone=api burst=20 nodelay; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0056"}
+{"problem": "Build create nginx config snippet that adds hsts and csp headers for production.", "solution": "add_header Strict-Transport-Security \"max-age=63072000\" always;\nadd_header Content-Security-Policy \"default-src 'self'\" always;", "imports": "", "domain": "nginx", "id": "deploy-infra-0057"}
+{"problem": "Configure write a systemd service unit for a python app as non-root, restart on failure for production.", "solution": "[Unit]\nDescription=My Python App\nAfter=network.target\n\n[Service]\nType=simple\nUser=deploy\nWorkingDirectory=/opt/app\nExecStart=/opt/app/venv/bin/gunicorn -w 4 -b 0.0.0.0:8000 app:app\nRestart=on-failure\nRestartSec=10\n\n[Install]\nWantedBy=multi-user.target", "imports": "", "domain": "systemd", "id": "deploy-infra-0058"}
+{"problem": "Set up create a systemd timer that runs a backup script daily at 2:30 am for production.", "solution": "[Timer]\nOnCalendar=*-*-* 02:30:00\nPersistent=true\nUnit=backup.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/backup.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0059"}
+{"problem": "Write code to write a systemd path unit that triggers a service when a config file changes with error handling.", "solution": "[Path]\nPathModified=/etc/app/config.yaml\nUnit=config-reload.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/reload.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0060"}
+{"problem": "Implement write a multi-stage dockerfile for python fastapi with error handling.", "solution": "FROM python:3.12-slim AS builder\nWORKDIR /app\nCOPY requirements.txt .\nRUN pip install --user --no-cache-dir -r requirements.txt\n\nFROM python:3.12-slim\nWORKDIR /app\nCOPY --from=builder /root/.local /root/.local\nCOPY . .\nCMD [\"uvicorn\", \"main:app\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0061"}
+{"problem": "Create create a docker-compose.yml with web, postgres, and redis with error handling.", "solution": "version: \"3.9\"\nservices:\n  postgres: { image: postgres:15-alpine, environment: { POSTGRES_PASSWORD: \"secret\" }, volumes: [\"pgdata:/var/lib/postgresql/data\"] }\n  redis: { image: redis:7-alpine }\n  web: { build: ., ports: [\"8000:8000\"], depends_on: { postgres: {condition: service_healthy} } }\nvolumes: { pgdata: }", "imports": "", "domain": "docker", "id": "deploy-infra-0062"}
+{"problem": "Build write a dockerfile for node.js production with error handling.", "solution": "# Variation 63\nFROM node:18-alpine AS builder\nWORKDIR /app\nCOPY package*.json .\nRUN npm ci --only=production\n\nFROM node:18-alpine\nENV NODE_ENV=production\nCOPY --from=builder /node_modules ./node_modules\nCOPY . .\nUSER nodejs\nCMD [\"node\", \"server.js\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0063"}
+{"problem": "Configure create a docker network for app isolation with error handling.", "solution": "docker network create --driver bridge --subnet 172.20.0.0/16 app-net\ndocker run -d --name db --network app-net postgres:15\ndocker run -d --name api --network app-net myapp:latest", "imports": "", "domain": "docker", "id": "deploy-infra-0064"}
+{"problem": "Set up write an ssh config for two host groups with error handling.", "solution": "Host prod-*\n    HostName %h.example.com\n    User deploy\n    IdentityFile ~/.ssh/id_rsa_prod\nHost dev-*\n    HostName dev.example.com\n    User dev\n    IdentityFile ~/.ssh/id_rsa_dev", "imports": "", "domain": "ssh", "id": "deploy-infra-0065"}
+{"problem": "Write code to create bash function for ssh tunnel forwarding postgresql port using best practices.", "solution": "ssh_postgres_tunnel() { ssh -fN -L \"${3:-55432}:localhost:${2:-5432}\" \"${1:-prod-db.example.com}\" -o ExitOnForwardFailure=yes; }", "imports": "", "domain": "ssh", "id": "deploy-infra-0066"}
+{"problem": "Implement write a script that distributes ssh key to multiple servers using best practices.", "solution": "for s in web01 web02 db01; do\n  ssh-copy-id -i ~/.ssh/id_rsa.pub deploy@${s}.example.com 2>/dev/null && echo \"✓ $s\"\ndone", "imports": "", "domain": "ssh", "id": "deploy-infra-0067"}
+{"problem": "Create configure ssh to use a jump host for internal servers using best practices.", "solution": "Host internal-*\n    ProxyJump jump.example.com\n    HostName %h.internal.local", "imports": "", "domain": "ssh", "id": "deploy-infra-0068"}
+{"problem": "Build write a cloud-init config that provisions ubuntu 22.04 with deploy user, ssh key auth, and auto updates using best practices.", "solution": "#cloud-config\nusers: [{name: deploy, groups: [sudo], shell: /bin/bash, ssh_authorized_keys: [ssh-rsa AAA...]}]\npackage_update: true\npackages: [ufw, fail2ban]", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0069"}
+{"problem": "Configure create a terraform config for a digitalocean droplet (2gb) with ssh key using best practices.", "solution": "# Variation 70\nterraform { required_providers { digitalocean={source=\"digitalocean/digitalocean\",version=\"~>2.0\"} } }\nresource \"digitalocean_droplet\" \"web\" { name=\"web-01\"; region=\"nyc3\"; size=\"s-2vcpu-2gb\" }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0070"}
+{"problem": "Set up write an ansible playbook to install packages and start nginx using best practices.", "solution": "---\n- hosts: all\n  become: true\n  tasks:\n    - apt: name=[ufw,nginx] state=present\n    - systemd: name=nginx enabled=true state=started", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0071"}
+{"problem": "Write code to bash script: create deploy user, install docker, harden ssh ensuring idempotency.", "solution": "#!/usr/bin/env bash\nset -euo pipefail\nid -u deploy &>/dev/null || useradd -m -s /bin/bash deploy\n[[ -x $(command -v docker) ]] || curl -fsSL https://get.docker.com | sh\nsed -i 's/^PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0072"}
+{"problem": "Implement write a systemd drop-in to override service restart settings ensuring idempotency.", "solution": "[Service]\nRestart=always\nRestartSec=5", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0073"}
+{"problem": "Create create a logrotate config for application logs ensuring idempotency.", "solution": "/var/log/app/*.log { daily; rotate 7; compress; missingok }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0074"}
+{"problem": "Build write a shell function that waits for a tcp port to become available on a remote host ensuring idempotency.", "solution": "wait_for_port() { local h=\"$1\" p=\"$2\"; while ! nc -z \"$h\" \"$p\"; do sleep 1; done; }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0075"}
+{"problem": "Configure implement a script that sets up a python virtualenv ensuring idempotency.", "solution": "python3 -m venv /opt/app/venv\nsource /opt/app/venv/bin/activate\npip install -r requirements.txt", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0076"}
+{"problem": "Set up write nginx server block that serves static site and redirects http to https ensuring idempotency.", "solution": "# Variation 77\nserver {\n    listen 80; server_name example.com;\n    return 301 https://$server_name$request_uri;\n}\nserver {\n    listen 443 ssl http2; server_name example.com;\n    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;\n    root /var/www/html;\n    location / { try_files $uri $uri/ =404; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0077"}
+{"problem": "Write code to configure nginx as reverse proxy to backend on port 3000 with logging.", "solution": "upstream app { server 127.0.0.1:3000; }\nserver {\n    listen 80; server_name app.example.com;\n    location / {\n        proxy_pass http:app;\n        proxy_http_version 1.1;\n        proxy_set_header Upgrade $http_upgrade;\n        proxy_set_header Connection \"upgrade\";\n    }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0078"}
+{"problem": "Implement write nginx rate limiting configuration for /api/ endpoint with logging.", "solution": "limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;\nserver {\n    location /api/ { limit_req zone=api burst=20 nodelay; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0079"}
+{"problem": "Create create nginx config snippet that adds hsts and csp headers with logging.", "solution": "add_header Strict-Transport-Security \"max-age=63072000\" always;\nadd_header Content-Security-Policy \"default-src 'self'\" always;", "imports": "", "domain": "nginx", "id": "deploy-infra-0080"}
+{"problem": "Build write a systemd service unit for a python app as non-root, restart on failure with logging.", "solution": "[Unit]\nDescription=My Python App\nAfter=network.target\n\n[Service]\nType=simple\nUser=deploy\nWorkingDirectory=/opt/app\nExecStart=/opt/app/venv/bin/gunicorn -w 4 -b 0.0.0.0:8000 app:app\nRestart=on-failure\nRestartSec=10\n\n[Install]\nWantedBy=multi-user.target", "imports": "", "domain": "systemd", "id": "deploy-infra-0081"}
+{"problem": "Configure create a systemd timer that runs a backup script daily at 2:30 am with logging.", "solution": "[Timer]\nOnCalendar=*-*-* 02:30:00\nPersistent=true\nUnit=backup.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/backup.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0082"}
+{"problem": "Set up write a systemd path unit that triggers a service when a config file changes with logging.", "solution": "[Path]\nPathModified=/etc/app/config.yaml\nUnit=config-reload.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/reload.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0083"}
+{"problem": "Write code to write a multi-stage dockerfile for python fastapi for production.", "solution": "# Variation 84\nFROM python:3.12-slim AS builder\nWORKDIR /app\nCOPY requirements.txt .\nRUN pip install --user --no-cache-dir -r requirements.txt\n\nFROM python:3.12-slim\nWORKDIR /app\nCOPY --from=builder /root/.local /root/.local\nCOPY . .\nCMD [\"uvicorn\", \"main:app\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0084"}
+{"problem": "Implement create a docker-compose.yml with web, postgres, and redis for production.", "solution": "version: \"3.9\"\nservices:\n  postgres: { image: postgres:15-alpine, environment: { POSTGRES_PASSWORD: \"secret\" }, volumes: [\"pgdata:/var/lib/postgresql/data\"] }\n  redis: { image: redis:7-alpine }\n  web: { build: ., ports: [\"8000:8000\"], depends_on: { postgres: {condition: service_healthy} } }\nvolumes: { pgdata: }", "imports": "", "domain": "docker", "id": "deploy-infra-0085"}
+{"problem": "Create write a dockerfile for node.js production for production.", "solution": "FROM node:18-alpine AS builder\nWORKDIR /app\nCOPY package*.json .\nRUN npm ci --only=production\n\nFROM node:18-alpine\nENV NODE_ENV=production\nCOPY --from=builder /node_modules ./node_modules\nCOPY . .\nUSER nodejs\nCMD [\"node\", \"server.js\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0086"}
+{"problem": "Build create a docker network for app isolation for production.", "solution": "docker network create --driver bridge --subnet 172.20.0.0/16 app-net\ndocker run -d --name db --network app-net postgres:15\ndocker run -d --name api --network app-net myapp:latest", "imports": "", "domain": "docker", "id": "deploy-infra-0087"}
+{"problem": "Configure write an ssh config for two host groups for production.", "solution": "Host prod-*\n    HostName %h.example.com\n    User deploy\n    IdentityFile ~/.ssh/id_rsa_prod\nHost dev-*\n    HostName dev.example.com\n    User dev\n    IdentityFile ~/.ssh/id_rsa_dev", "imports": "", "domain": "ssh", "id": "deploy-infra-0088"}
+{"problem": "Set up create bash function for ssh tunnel forwarding postgresql port for production.", "solution": "ssh_postgres_tunnel() { ssh -fN -L \"${3:-55432}:localhost:${2:-5432}\" \"${1:-prod-db.example.com}\" -o ExitOnForwardFailure=yes; }", "imports": "", "domain": "ssh", "id": "deploy-infra-0089"}
+{"problem": "Write code to write a script that distributes ssh key to multiple servers with error handling.", "solution": "for s in web01 web02 db01; do\n  ssh-copy-id -i ~/.ssh/id_rsa.pub deploy@${s}.example.com 2>/dev/null && echo \"✓ $s\"\ndone", "imports": "", "domain": "ssh", "id": "deploy-infra-0090"}
+{"problem": "Implement configure ssh to use a jump host for internal servers with error handling.", "solution": "# Variation 91\nHost internal-*\n    ProxyJump jump.example.com\n    HostName %h.internal.local", "imports": "", "domain": "ssh", "id": "deploy-infra-0091"}
+{"problem": "Create write a cloud-init config that provisions ubuntu 22.04 with deploy user, ssh key auth, and auto updates with error handling.", "solution": "#cloud-config\nusers: [{name: deploy, groups: [sudo], shell: /bin/bash, ssh_authorized_keys: [ssh-rsa AAA...]}]\npackage_update: true\npackages: [ufw, fail2ban]", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0092"}
+{"problem": "Build create a terraform config for a digitalocean droplet (2gb) with ssh key with error handling.", "solution": "terraform { required_providers { digitalocean={source=\"digitalocean/digitalocean\",version=\"~>2.0\"} } }\nresource \"digitalocean_droplet\" \"web\" { name=\"web-01\"; region=\"nyc3\"; size=\"s-2vcpu-2gb\" }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0093"}
+{"problem": "Configure write an ansible playbook to install packages and start nginx with error handling.", "solution": "---\n- hosts: all\n  become: true\n  tasks:\n    - apt: name=[ufw,nginx] state=present\n    - systemd: name=nginx enabled=true state=started", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0094"}
+{"problem": "Set up bash script: create deploy user, install docker, harden ssh with error handling.", "solution": "#!/usr/bin/env bash\nset -euo pipefail\nid -u deploy &>/dev/null || useradd -m -s /bin/bash deploy\n[[ -x $(command -v docker) ]] || curl -fsSL https://get.docker.com | sh\nsed -i 's/^PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0095"}
+{"problem": "Write code to write a systemd drop-in to override service restart settings using best practices.", "solution": "[Service]\nRestart=always\nRestartSec=5", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0096"}
+{"problem": "Implement create a logrotate config for application logs using best practices.", "solution": "/var/log/app/*.log { daily; rotate 7; compress; missingok }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0097"}
+{"problem": "Create write a shell function that waits for a tcp port to become available on a remote host using best practices.", "solution": "# Variation 98\nwait_for_port() { local h=\"$1\" p=\"$2\"; while ! nc -z \"$h\" \"$p\"; do sleep 1; done; }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0098"}
+{"problem": "Build implement a script that sets up a python virtualenv using best practices.", "solution": "python3 -m venv /opt/app/venv\nsource /opt/app/venv/bin/activate\npip install -r requirements.txt", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0099"}
+{"problem": "Configure write nginx server block that serves static site and redirects http to https using best practices.", "solution": "server {\n    listen 80; server_name example.com;\n    return 301 https://$server_name$request_uri;\n}\nserver {\n    listen 443 ssl http2; server_name example.com;\n    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;\n    root /var/www/html;\n    location / { try_files $uri $uri/ =404; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0100"}
+{"problem": "Set up configure nginx as reverse proxy to backend on port 3000 using best practices.", "solution": "upstream app { server 127.0.0.1:3000; }\nserver {\n    listen 80; server_name app.example.com;\n    location / {\n        proxy_pass http:app;\n        proxy_http_version 1.1;\n        proxy_set_header Upgrade $http_upgrade;\n        proxy_set_header Connection \"upgrade\";\n    }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0101"}
+{"problem": "Write code to write nginx rate limiting configuration for /api/ endpoint ensuring idempotency.", "solution": "limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;\nserver {\n    location /api/ { limit_req zone=api burst=20 nodelay; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0102"}
+{"problem": "Implement create nginx config snippet that adds hsts and csp headers ensuring idempotency.", "solution": "add_header Strict-Transport-Security \"max-age=63072000\" always;\nadd_header Content-Security-Policy \"default-src 'self'\" always;", "imports": "", "domain": "nginx", "id": "deploy-infra-0103"}
+{"problem": "Create write a systemd service unit for a python app as non-root, restart on failure ensuring idempotency.", "solution": "[Unit]\nDescription=My Python App\nAfter=network.target\n\n[Service]\nType=simple\nUser=deploy\nWorkingDirectory=/opt/app\nExecStart=/opt/app/venv/bin/gunicorn -w 4 -b 0.0.0.0:8000 app:app\nRestart=on-failure\nRestartSec=10\n\n[Install]\nWantedBy=multi-user.target", "imports": "", "domain": "systemd", "id": "deploy-infra-0104"}
+{"problem": "Build create a systemd timer that runs a backup script daily at 2:30 am ensuring idempotency.", "solution": "# Variation 105\n[Timer]\nOnCalendar=*-*-* 02:30:00\nPersistent=true\nUnit=backup.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/backup.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0105"}
+{"problem": "Configure write a systemd path unit that triggers a service when a config file changes ensuring idempotency.", "solution": "[Path]\nPathModified=/etc/app/config.yaml\nUnit=config-reload.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/reload.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0106"}
+{"problem": "Set up write a multi-stage dockerfile for python fastapi ensuring idempotency.", "solution": "FROM python:3.12-slim AS builder\nWORKDIR /app\nCOPY requirements.txt .\nRUN pip install --user --no-cache-dir -r requirements.txt\n\nFROM python:3.12-slim\nWORKDIR /app\nCOPY --from=builder /root/.local /root/.local\nCOPY . .\nCMD [\"uvicorn\", \"main:app\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0107"}
+{"problem": "Write code to create a docker-compose.yml with web, postgres, and redis with logging.", "solution": "version: \"3.9\"\nservices:\n  postgres: { image: postgres:15-alpine, environment: { POSTGRES_PASSWORD: \"secret\" }, volumes: [\"pgdata:/var/lib/postgresql/data\"] }\n  redis: { image: redis:7-alpine }\n  web: { build: ., ports: [\"8000:8000\"], depends_on: { postgres: {condition: service_healthy} } }\nvolumes: { pgdata: }", "imports": "", "domain": "docker", "id": "deploy-infra-0108"}
+{"problem": "Implement write a dockerfile for node.js production with logging.", "solution": "FROM node:18-alpine AS builder\nWORKDIR /app\nCOPY package*.json .\nRUN npm ci --only=production\n\nFROM node:18-alpine\nENV NODE_ENV=production\nCOPY --from=builder /node_modules ./node_modules\nCOPY . .\nUSER nodejs\nCMD [\"node\", \"server.js\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0109"}
+{"problem": "Create create a docker network for app isolation with logging.", "solution": "docker network create --driver bridge --subnet 172.20.0.0/16 app-net\ndocker run -d --name db --network app-net postgres:15\ndocker run -d --name api --network app-net myapp:latest", "imports": "", "domain": "docker", "id": "deploy-infra-0110"}
+{"problem": "Build write an ssh config for two host groups with logging.", "solution": "Host prod-*\n    HostName %h.example.com\n    User deploy\n    IdentityFile ~/.ssh/id_rsa_prod\nHost dev-*\n    HostName dev.example.com\n    User dev\n    IdentityFile ~/.ssh/id_rsa_dev", "imports": "", "domain": "ssh", "id": "deploy-infra-0111"}
+{"problem": "Configure create bash function for ssh tunnel forwarding postgresql port with logging.", "solution": "# Variation 112\nssh_postgres_tunnel() { ssh -fN -L \"${3:-55432}:localhost:${2:-5432}\" \"${1:-prod-db.example.com}\" -o ExitOnForwardFailure=yes; }", "imports": "", "domain": "ssh", "id": "deploy-infra-0112"}
+{"problem": "Set up write a script that distributes ssh key to multiple servers with logging.", "solution": "for s in web01 web02 db01; do\n  ssh-copy-id -i ~/.ssh/id_rsa.pub deploy@${s}.example.com 2>/dev/null && echo \"✓ $s\"\ndone", "imports": "", "domain": "ssh", "id": "deploy-infra-0113"}
+{"problem": "Write code to configure ssh to use a jump host for internal servers for production.", "solution": "Host internal-*\n    ProxyJump jump.example.com\n    HostName %h.internal.local", "imports": "", "domain": "ssh", "id": "deploy-infra-0114"}
+{"problem": "Implement write a cloud-init config that provisions ubuntu 22.04 with deploy user, ssh key auth, and auto updates for production.", "solution": "#cloud-config\nusers: [{name: deploy, groups: [sudo], shell: /bin/bash, ssh_authorized_keys: [ssh-rsa AAA...]}]\npackage_update: true\npackages: [ufw, fail2ban]", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0115"}
+{"problem": "Create create a terraform config for a digitalocean droplet (2gb) with ssh key for production.", "solution": "terraform { required_providers { digitalocean={source=\"digitalocean/digitalocean\",version=\"~>2.0\"} } }\nresource \"digitalocean_droplet\" \"web\" { name=\"web-01\"; region=\"nyc3\"; size=\"s-2vcpu-2gb\" }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0116"}
+{"problem": "Build write an ansible playbook to install packages and start nginx for production.", "solution": "---\n- hosts: all\n  become: true\n  tasks:\n    - apt: name=[ufw,nginx] state=present\n    - systemd: name=nginx enabled=true state=started", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0117"}
+{"problem": "Configure bash script: create deploy user, install docker, harden ssh for production.", "solution": "#!/usr/bin/env bash\nset -euo pipefail\nid -u deploy &>/dev/null || useradd -m -s /bin/bash deploy\n[[ -x $(command -v docker) ]] || curl -fsSL https://get.docker.com | sh\nsed -i 's/^PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0118"}
+{"problem": "Set up write a systemd drop-in to override service restart settings for production.", "solution": "# Variation 119\n[Service]\nRestart=always\nRestartSec=5", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0119"}
+{"problem": "Write code to create a logrotate config for application logs with error handling.", "solution": "/var/log_msg/app/*.log_msg { daily; rotate 7; compress; missingok }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0120"}
+{"problem": "Implement write a shell function that waits for a tcp port to become available on a remote host with error handling.", "solution": "wait_for_port() { local h=\"$1\" p=\"$2\"; while ! nc -z \"$h\" \"$p\"; do sleep 1; done; }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0121"}
+{"problem": "Create implement a script that sets up a python virtualenv with error handling.", "solution": "python3 -m venv /opt/app/venv\nsource /opt/app/venv/bin/activate\npip install -r requirements.txt", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0122"}
+{"problem": "Build write nginx server block that serves static site and redirects http to https with error handling.", "solution": "server {\n    listen 80; server_name example.com;\n    return 301 https://$server_name$request_uri;\n}\nserver {\n    listen 443 ssl http2; server_name example.com;\n    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;\n    root /var/www/html;\n    location / { try_files $uri $uri/ =404; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0123"}
+{"problem": "Configure configure nginx as reverse proxy to backend on port 3000 with error handling.", "solution": "upstream app { server 127.0.0.1:3000; }\nserver {\n    listen 80; server_name app.example.com;\n    location / {\n        proxy_pass http:app;\n        proxy_http_version 1.1;\n        proxy_set_header Upgrade $http_upgrade;\n        proxy_set_header Connection \"upgrade\";\n    }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0124"}
+{"problem": "Set up write nginx rate limiting configuration for /api/ endpoint with error handling.", "solution": "limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;\nserver {\n    location /api/ { limit_req zone=api burst=20 nodelay; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0125"}
+{"problem": "Write code to create nginx config snippet that adds hsts and csp headers using best practices.", "solution": "# Variation 126\nadd_header Strict-Transport-Security \"max-age=63072000\" always;\nadd_header Content-Security-Policy \"default-src 'self'\" always;", "imports": "", "domain": "nginx", "id": "deploy-infra-0126"}
+{"problem": "Implement write a systemd service unit for a python app as non-root, restart on failure using best practices.", "solution": "[Unit]\nDescription=My Python App\nAfter=network.target\n\n[Service]\nType=simple\nUser=deploy\nWorkingDirectory=/opt/app\nExecStart=/opt/app/venv/bin/gunicorn -w 4 -b 0.0.0.0:8000 app:app\nRestart=on-failure\nRestartSec=10\n\n[Install]\nWantedBy=multi-user.target", "imports": "", "domain": "systemd", "id": "deploy-infra-0127"}
+{"problem": "Create create a systemd timer that runs a backup script daily at 2:30 am using best practices.", "solution": "[Timer]\nOnCalendar=*-*-* 02:30:00\nPersistent=true\nUnit=backup.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/backup.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0128"}
+{"problem": "Build write a systemd path unit that triggers a service when a config file changes using best practices.", "solution": "[Path]\nPathModified=/etc/app/config.yaml\nUnit=config-reload.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/reload.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0129"}
+{"problem": "Configure write a multi-stage dockerfile for python fastapi using best practices.", "solution": "FROM python:3.12-slim AS builder\nWORKDIR /app\nCOPY requirements.txt .\nRUN pip install --user --no-cache-dir -r requirements.txt\n\nFROM python:3.12-slim\nWORKDIR /app\nCOPY --from=builder /root/.local /root/.local\nCOPY . .\nCMD [\"uvicorn\", \"main:app\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0130"}
+{"problem": "Set up create a docker-compose.yml with web, postgres, and redis using best practices.", "solution": "version: \"3.9\"\nservices:\n  postgres: { image: postgres:15-alpine, environment: { POSTGRES_PASSWORD: \"secret\" }, volumes: [\"pgdata:/var/lib/postgresql/data\"] }\n  redis: { image: redis:7-alpine }\n  web: { build: ., ports: [\"8000:8000\"], depends_on: { postgres: {condition: service_healthy} } }\nvolumes: { pgdata: }", "imports": "", "domain": "docker", "id": "deploy-infra-0131"}
+{"problem": "Write code to write a dockerfile for node.js production ensuring idempotency.", "solution": "FROM node:18-alpine AS builder\nWORKDIR /app\nCOPY package*.json .\nRUN npm ci --only=production\n\nFROM node:18-alpine\nENV NODE_ENV=production\nCOPY --from=builder /node_modules ./node_modules\nCOPY . .\nUSER nodejs\nCMD [\"node\", \"server.js\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0132"}
+{"problem": "Implement create a docker network for app isolation ensuring idempotency.", "solution": "# Variation 133\ndocker network create --driver bridge --subnet 172.20.0.0/16 app-net\ndocker run -d --name db --network app-net postgres:15\ndocker run -d --name api --network app-net myapp:latest", "imports": "", "domain": "docker", "id": "deploy-infra-0133"}
+{"problem": "Create write an ssh config for two host groups ensuring idempotency.", "solution": "Host prod-*\n    HostName %h.example.com\n    User deploy\n    IdentityFile ~/.ssh/id_rsa_prod\nHost dev-*\n    HostName dev.example.com\n    User dev\n    IdentityFile ~/.ssh/id_rsa_dev", "imports": "", "domain": "ssh", "id": "deploy-infra-0134"}
+{"problem": "Build create bash function for ssh tunnel forwarding postgresql port ensuring idempotency.", "solution": "ssh_postgres_tunnel() { ssh -fN -L \"${3:-55432}:localhost:${2:-5432}\" \"${1:-prod-db.example.com}\" -o ExitOnForwardFailure=yes; }", "imports": "", "domain": "ssh", "id": "deploy-infra-0135"}
+{"problem": "Configure write a script that distributes ssh key to multiple servers ensuring idempotency.", "solution": "for s in web01 web02 db01; do\n  ssh-copy-id -i ~/.ssh/id_rsa.pub deploy@${s}.example.com 2>/dev/null && echo \"✓ $s\"\ndone", "imports": "", "domain": "ssh", "id": "deploy-infra-0136"}
+{"problem": "Set up configure ssh to use a jump host for internal servers ensuring idempotency.", "solution": "Host internal-*\n    ProxyJump jump.example.com\n    HostName %h.internal.local", "imports": "", "domain": "ssh", "id": "deploy-infra-0137"}
+{"problem": "Write code to write a cloud-init config that provisions ubuntu 22.04 with deploy user, ssh key auth, and auto updates with logging.", "solution": "#cloud-config\nusers: [{name: deploy, groups: [sudo], shell: /bin/bash, ssh_authorized_keys: [ssh-rsa AAA...]}]\npackage_update: true\npackages: [ufw, fail2ban]", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0138"}
+{"problem": "Implement create a terraform config for a digitalocean droplet (2gb) with ssh key with logging.", "solution": "terraform { required_providers { digitalocean={source=\"digitalocean/digitalocean\",version=\"~>2.0\"} } }\nresource \"digitalocean_droplet\" \"web\" { name=\"web-01\"; region=\"nyc3\"; size=\"s-2vcpu-2gb\" }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0139"}
+{"problem": "Create write an ansible playbook to install packages and start nginx with logging.", "solution": "# Variation 140\n---\n- hosts: all\n  become: true\n  tasks:\n    - apt: name=[ufw,nginx] state=present\n    - systemd: name=nginx enabled=true state=started", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0140"}
+{"problem": "Build bash script: create deploy user, install docker, harden ssh with logging.", "solution": "#!/usr/bin/env bash\nset -euo pipefail\nid -u deploy &>/dev/null || useradd -m -s /bin/bash deploy\n[[ -x $(command -v docker) ]] || curl -fsSL https://get.docker.com | sh\nsed -i 's/^PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0141"}
+{"problem": "Configure write a systemd drop-in to override service restart settings with logging.", "solution": "[Service]\nRestart=always\nRestartSec=5", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0142"}
+{"problem": "Set up create a logrotate config for application logs with logging.", "solution": "/var/log/app/*.log { daily; rotate 7; compress; missingok }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0143"}
+{"problem": "Write code to write a shell function that waits for a tcp port to become available on a remote host for production.", "solution": "wait_for_port() { local h=\"$1\" p=\"$2\"; while ! nc -z \"$h\" \"$p\"; do sleep 1; done; }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0144"}
+{"problem": "Implement implement a script that sets up a python virtualenv for production.", "solution": "python3 -m venv /opt/app/venv\nsource /opt/app/venv/bin/activate\npip install -r requirements.txt", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0145"}
+{"problem": "Create write nginx server block that serves static site and redirects http to https for production.", "solution": "server {\n    listen 80; server_name example.com;\n    return 301 https://$server_name$request_uri;\n}\nserver {\n    listen 443 ssl http2; server_name example.com;\n    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;\n    root /var/www/html;\n    location / { try_files $uri $uri/ =404; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0146"}
+{"problem": "Build configure nginx as reverse proxy to backend on port 3000 for production.", "solution": "# Variation 147\nupstream app { server 127.0.0.1:3000; }\nserver {\n    listen 80; server_name app.example.com;\n    location / {\n        proxy_pass http:app;\n        proxy_http_version 1.1;\n        proxy_set_header Upgrade $http_upgrade;\n        proxy_set_header Connection \"upgrade\";\n    }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0147"}
+{"problem": "Configure write nginx rate limiting configuration for /api/ endpoint for production.", "solution": "limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;\nserver {\n    location /api/ { limit_req zone=api burst=20 nodelay; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0148"}
+{"problem": "Set up create nginx config snippet that adds hsts and csp headers for production.", "solution": "add_header Strict-Transport-Security \"max-age=63072000\" always;\nadd_header Content-Security-Policy \"default-src 'self'\" always;", "imports": "", "domain": "nginx", "id": "deploy-infra-0149"}
+{"problem": "Write code to write a systemd service unit for a python app as non-root, restart on failure with error handling.", "solution": "[Unit]\nDescription=My Python App\nAfter=network.target\n\n[Service]\nType=simple\nUser=deploy\nWorkingDirectory=/opt/app\nExecStart=/opt/app/venv/bin/gunicorn -w 4 -b 0.0.0.0:8000 app:app\nRestart=on-failure\nRestartSec=10\n\n[Install]\nWantedBy=multi-user.target", "imports": "", "domain": "systemd", "id": "deploy-infra-0150"}
+{"problem": "Implement create a systemd timer that runs a backup script daily at 2:30 am with error handling.", "solution": "[Timer]\nOnCalendar=*-*-* 02:30:00\nPersistent=true\nUnit=backup.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/backup.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0151"}
+{"problem": "Create write a systemd path unit that triggers a service when a config file changes with error handling.", "solution": "[Path]\nPathModified=/etc/app/config.yaml\nUnit=config-reload.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/reload.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0152"}
+{"problem": "Build write a multi-stage dockerfile for python fastapi with error handling.", "solution": "FROM python:3.12-slim AS builder\nWORKDIR /app\nCOPY requirements.txt .\nRUN pip install --user --no-cache-dir -r requirements.txt\n\nFROM python:3.12-slim\nWORKDIR /app\nCOPY --from=builder /root/.local /root/.local\nCOPY . .\nCMD [\"uvicorn\", \"main:app\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0153"}
+{"problem": "Configure create a docker-compose.yml with web, postgres, and redis with error handling.", "solution": "# Variation 154\nversion: \"3.9\"\nservices:\n  postgres: { image: postgres:15-alpine, environment: { POSTGRES_PASSWORD: \"secret\" }, volumes: [\"pgdata:/var/lib/postgresql/data\"] }\n  redis: { image: redis:7-alpine }\n  web: { build: ., ports: [\"8000:8000\"], depends_on: { postgres: {condition: service_healthy} } }\nvolumes: { pgdata: }", "imports": "", "domain": "docker", "id": "deploy-infra-0154"}
+{"problem": "Set up write a dockerfile for node.js production with error handling.", "solution": "FROM node:18-alpine AS builder\nWORKDIR /app\nCOPY package*.json .\nRUN npm ci --only=production\n\nFROM node:18-alpine\nENV NODE_ENV=production\nCOPY --from=builder /node_modules ./node_modules\nCOPY . .\nUSER nodejs\nCMD [\"node\", \"server.js\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0155"}
+{"problem": "Write code to create a docker network for app isolation using best practices.", "solution": "docker network create --driver bridge --subnet 172.20.0.0/16 app-net\ndocker run -d --name db --network app-net postgres:15\ndocker run -d --name api --network app-net myapp:latest", "imports": "", "domain": "docker", "id": "deploy-infra-0156"}
+{"problem": "Implement write an ssh config for two host groups using best practices.", "solution": "Host prod-*\n    HostName %h.example.com\n    User deploy\n    IdentityFile ~/.ssh/id_rsa_prod\nHost dev-*\n    HostName dev.example.com\n    User dev\n    IdentityFile ~/.ssh/id_rsa_dev", "imports": "", "domain": "ssh", "id": "deploy-infra-0157"}
+{"problem": "Create create bash function for ssh tunnel forwarding postgresql port using best practices.", "solution": "ssh_postgres_tunnel() { ssh -fN -L \"${3:-55432}:localhost:${2:-5432}\" \"${1:-prod-db.example.com}\" -o ExitOnForwardFailure=yes; }", "imports": "", "domain": "ssh", "id": "deploy-infra-0158"}
+{"problem": "Build write a script that distributes ssh key to multiple servers using best practices.", "solution": "for s in web01 web02 db01; do\n  ssh-copy-id -i ~/.ssh/id_rsa.pub deploy@${s}.example.com 2>/dev/null && echo \"✓ $s\"\ndone", "imports": "", "domain": "ssh", "id": "deploy-infra-0159"}
+{"problem": "Configure configure ssh to use a jump host for internal servers using best practices.", "solution": "Host internal-*\n    ProxyJump jump.example.com\n    HostName %h.internal.local", "imports": "", "domain": "ssh", "id": "deploy-infra-0160"}
+{"problem": "Set up write a cloud-init config that provisions ubuntu 22.04 with deploy user, ssh key auth, and auto updates using best practices.", "solution": "# Variation 161\n#cloud-config\nusers: [{name: deploy, groups: [sudo], shell: /bin/bash, ssh_authorized_keys: [ssh-rsa AAA...]}]\npackage_update: true\npackages: [ufw, fail2ban]", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0161"}
+{"problem": "Write code to create a terraform config for a digitalocean droplet (2gb) with ssh key ensuring idempotency.", "solution": "terraform { required_providers { digitalocean={source=\"digitalocean/digitalocean\",version=\"~>2.0\"} } }\nresource \"digitalocean_droplet\" \"web\" { name=\"web-01\"; region=\"nyc3\"; size=\"s-2vcpu-2gb\" }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0162"}
+{"problem": "Implement write an ansible playbook to install packages and start nginx ensuring idempotency.", "solution": "---\n- hosts: all\n  become: true\n  tasks:\n    - apt: name=[ufw,nginx] state=present\n    - systemd: name=nginx enabled=true state=started", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0163"}
+{"problem": "Create bash script: create deploy user, install docker, harden ssh ensuring idempotency.", "solution": "#!/usr/bin/env bash\nset -euo pipefail\nid -u deploy &>/dev/null || useradd -m -s /bin/bash deploy\n[[ -x $(command -v docker) ]] || curl -fsSL https://get.docker.com | sh\nsed -i 's/^PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0164"}
+{"problem": "Build write a systemd drop-in to override service restart settings ensuring idempotency.", "solution": "[Service]\nRestart=always\nRestartSec=5", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0165"}
+{"problem": "Configure create a logrotate config for application logs ensuring idempotency.", "solution": "/var/log/app/*.log { daily; rotate 7; compress; missingok }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0166"}
+{"problem": "Set up write a shell function that waits for a tcp port to become available on a remote host ensuring idempotency.", "solution": "wait_for_port() { local h=\"$1\" p=\"$2\"; while ! nc -z \"$h\" \"$p\"; do sleep 1; done; }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0167"}
+{"problem": "Write code to implement a script that sets up a python virtualenv with logging.", "solution": "# Variation 168\npython3 -m venv /opt/app/venv\nsource /opt/app/venv/bin/activate\npip install -r requirements.txt", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0168"}
+{"problem": "Implement write nginx server block that serves static site and redirects http to https with logging.", "solution": "server {\n    listen 80; server_name example.com;\n    return 301 https://$server_name$request_uri;\n}\nserver {\n    listen 443 ssl http2; server_name example.com;\n    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;\n    root /var/www/html;\n    location / { try_files $uri $uri/ =404; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0169"}
+{"problem": "Create configure nginx as reverse proxy to backend on port 3000 with logging.", "solution": "upstream app { server 127.0.0.1:3000; }\nserver {\n    listen 80; server_name app.example.com;\n    location / {\n        proxy_pass http:app;\n        proxy_http_version 1.1;\n        proxy_set_header Upgrade $http_upgrade;\n        proxy_set_header Connection \"upgrade\";\n    }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0170"}
+{"problem": "Build write nginx rate limiting configuration for /api/ endpoint with logging.", "solution": "limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;\nserver {\n    location /api/ { limit_req zone=api burst=20 nodelay; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0171"}
+{"problem": "Configure create nginx config snippet that adds hsts and csp headers with logging.", "solution": "add_header Strict-Transport-Security \"max-age=63072000\" always;\nadd_header Content-Security-Policy \"default-src 'self'\" always;", "imports": "", "domain": "nginx", "id": "deploy-infra-0172"}
+{"problem": "Set up write a systemd service unit for a python app as non-root, restart on failure with logging.", "solution": "[Unit]\nDescription=My Python App\nAfter=network.target\n\n[Service]\nType=simple\nUser=deploy\nWorkingDirectory=/opt/app\nExecStart=/opt/app/venv/bin/gunicorn -w 4 -b 0.0.0.0:8000 app:app\nRestart=on-failure\nRestartSec=10\n\n[Install]\nWantedBy=multi-user.target", "imports": "", "domain": "systemd", "id": "deploy-infra-0173"}
+{"problem": "Write code to create a systemd timer that runs a backup script daily at 2:30 am for production.", "solution": "[Timer]\nOnCalendar=*-*-* 02:30:00\nPersistent=true\nUnit=backup.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/backup.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0174"}
+{"problem": "Implement write a systemd path unit that triggers a service when a config file changes for production.", "solution": "# Variation 175\n[Path]\nPathModified=/etc/app/config.yaml\nUnit=config-reload.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/reload.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0175"}
+{"problem": "Create write a multi-stage dockerfile for python fastapi for production.", "solution": "FROM python:3.12-slim AS builder\nWORKDIR /app\nCOPY requirements.txt .\nRUN pip install --user --no-cache-dir -r requirements.txt\n\nFROM python:3.12-slim\nWORKDIR /app\nCOPY --from=builder /root/.local /root/.local\nCOPY . .\nCMD [\"uvicorn\", \"main:app\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0176"}
+{"problem": "Build create a docker-compose.yml with web, postgres, and redis for production.", "solution": "version: \"3.9\"\nservices:\n  postgres: { image: postgres:15-alpine, environment: { POSTGRES_PASSWORD: \"secret\" }, volumes: [\"pgdata:/var/lib/postgresql/data\"] }\n  redis: { image: redis:7-alpine }\n  web: { build: ., ports: [\"8000:8000\"], depends_on: { postgres: {condition: service_healthy} } }\nvolumes: { pgdata: }", "imports": "", "domain": "docker", "id": "deploy-infra-0177"}
+{"problem": "Configure write a dockerfile for node.js production for production.", "solution": "FROM node:18-alpine AS builder\nWORKDIR /app\nCOPY package*.json .\nRUN npm ci --only=production\n\nFROM node:18-alpine\nENV NODE_ENV=production\nCOPY --from=builder /node_modules ./node_modules\nCOPY . .\nUSER nodejs\nCMD [\"node\", \"server.js\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0178"}
+{"problem": "Set up create a docker network for app isolation for production.", "solution": "docker network create --driver bridge --subnet 172.20.0.0/16 app-net\ndocker run -d --name db --network app-net postgres:15\ndocker run -d --name api --network app-net myapp:latest", "imports": "", "domain": "docker", "id": "deploy-infra-0179"}
+{"problem": "Write code to write an ssh config for two host groups with error handling.", "solution": "Host prod-*\n    HostName %h.example.com\n    User deploy\n    IdentityFile ~/.ssh/id_rsa_prod\nHost dev-*\n    HostName dev.example.com\n    User dev\n    IdentityFile ~/.ssh/id_rsa_dev", "imports": "", "domain": "ssh", "id": "deploy-infra-0180"}
+{"problem": "Implement create bash function for ssh tunnel forwarding postgresql port with error handling.", "solution": "ssh_postgres_tunnel() { ssh -fN -L \"${3:-55432}:localhost:${2:-5432}\" \"${1:-prod-db.example.com}\" -o ExitOnForwardFailure=yes; }", "imports": "", "domain": "ssh", "id": "deploy-infra-0181"}
+{"problem": "Create write a script that distributes ssh key to multiple servers with error handling.", "solution": "# Variation 182\nfor s in web01 web02 db01; do\n  ssh-copy-id -i ~/.ssh/id_rsa.pub deploy@${s}.example.com 2>/dev/null && echo \"✓ $s\"\ndone", "imports": "", "domain": "ssh", "id": "deploy-infra-0182"}
+{"problem": "Build configure ssh to use a jump host for internal servers with error handling.", "solution": "Host internal-*\n    ProxyJump jump.example.com\n    HostName %h.internal.local", "imports": "", "domain": "ssh", "id": "deploy-infra-0183"}
+{"problem": "Configure write a cloud-init config that provisions ubuntu 22.04 with deploy user, ssh key auth, and auto updates with error handling.", "solution": "#cloud-config\nusers: [{name: deploy, groups: [sudo], shell: /bin/bash, ssh_authorized_keys: [ssh-rsa AAA...]}]\npackage_update: true\npackages: [ufw, fail2ban]", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0184"}
+{"problem": "Set up create a terraform config for a digitalocean droplet (2gb) with ssh key with error handling.", "solution": "terraform { required_providers { digitalocean={source=\"digitalocean/digitalocean\",version=\"~>2.0\"} } }\nresource \"digitalocean_droplet\" \"web\" { name=\"web-01\"; region=\"nyc3\"; size=\"s-2vcpu-2gb\" }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0185"}
+{"problem": "Write code to write an ansible playbook to install packages and start nginx using best practices.", "solution": "---\n- hosts: all\n  become: true\n  tasks:\n    - apt: name=[ufw,nginx] state=present\n    - systemd: name=nginx enabled=true state=started", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0186"}
+{"problem": "Implement bash script: create deploy user, install docker, harden ssh using best practices.", "solution": "#!/usr/bin/env bash\nset -euo pipefail\nid -u deploy &>/dev/null || useradd -m -s /bin/bash deploy\n[[ -x $(command -v docker) ]] || curl -fsSL https://get.docker.com | sh\nsed -i 's/^PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0187"}
+{"problem": "Create write a systemd drop-in to override service restart settings using best practices.", "solution": "[Service]\nRestart=always\nRestartSec=5", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0188"}
+{"problem": "Build create a logrotate config for application logs using best practices.", "solution": "# Variation 189\n/var/log_msg/app/*.log_msg { daily; rotate 7; compress; missingok }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0189"}
+{"problem": "Configure write a shell function that waits for a tcp port to become available on a remote host using best practices.", "solution": "wait_for_port() { local h=\"$1\" p=\"$2\"; while ! nc -z \"$h\" \"$p\"; do sleep 1; done; }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0190"}
+{"problem": "Set up implement a script that sets up a python virtualenv using best practices.", "solution": "python3 -m venv /opt/app/venv\nsource /opt/app/venv/bin/activate\npip install -r requirements.txt", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0191"}
+{"problem": "Write code to write nginx server block that serves static site and redirects http to https ensuring idempotency.", "solution": "server {\n    listen 80; server_name example.com;\n    return 301 https://$server_name$request_uri;\n}\nserver {\n    listen 443 ssl http2; server_name example.com;\n    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;\n    root /var/www/html;\n    location / { try_files $uri $uri/ =404; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0192"}
+{"problem": "Implement configure nginx as reverse proxy to backend on port 3000 ensuring idempotency.", "solution": "upstream app { server 127.0.0.1:3000; }\nserver {\n    listen 80; server_name app.example.com;\n    location / {\n        proxy_pass http:app;\n        proxy_http_version 1.1;\n        proxy_set_header Upgrade $http_upgrade;\n        proxy_set_header Connection \"upgrade\";\n    }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0193"}
+{"problem": "Create write nginx rate limiting configuration for /api/ endpoint ensuring idempotency.", "solution": "limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;\nserver {\n    location /api/ { limit_req zone=api burst=20 nodelay; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0194"}
+{"problem": "Build create nginx config snippet that adds hsts and csp headers ensuring idempotency.", "solution": "add_header Strict-Transport-Security \"max-age=63072000\" always;\nadd_header Content-Security-Policy \"default-src 'self'\" always;", "imports": "", "domain": "nginx", "id": "deploy-infra-0195"}
+{"problem": "Configure write a systemd service unit for a python app as non-root, restart on failure ensuring idempotency.", "solution": "# Variation 196\n[Unit]\nDescription=My Python App\nAfter=network.target\n\n[Service]\nType=simple\nUser=deploy\nWorkingDirectory=/opt/app\nExecStart=/opt/app/venv/bin/gunicorn -w 4 -b 0.0.0.0:8000 app:app\nRestart=on-failure\nRestartSec=10\n\n[Install]\nWantedBy=multi-user.target", "imports": "", "domain": "systemd", "id": "deploy-infra-0196"}
+{"problem": "Set up create a systemd timer that runs a backup script daily at 2:30 am ensuring idempotency.", "solution": "[Timer]\nOnCalendar=*-*-* 02:30:00\nPersistent=true\nUnit=backup.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/backup.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0197"}
+{"problem": "Write code to write a systemd path unit that triggers a service when a config file changes with logging.", "solution": "[Path]\nPathModified=/etc/app/config.yaml\nUnit=config-reload.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/reload.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0198"}
+{"problem": "Implement write a multi-stage dockerfile for python fastapi with logging.", "solution": "FROM python:3.12-slim AS builder\nWORKDIR /app\nCOPY requirements.txt .\nRUN pip install --user --no-cache-dir -r requirements.txt\n\nFROM python:3.12-slim\nWORKDIR /app\nCOPY --from=builder /root/.local /root/.local\nCOPY . .\nCMD [\"uvicorn\", \"main:app\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0199"}
+{"problem": "Create create a docker-compose.yml with web, postgres, and redis with logging.", "solution": "version: \"3.9\"\nservices:\n  postgres: { image: postgres:15-alpine, environment: { POSTGRES_PASSWORD: \"secret\" }, volumes: [\"pgdata:/var/lib/postgresql/data\"] }\n  redis: { image: redis:7-alpine }\n  web: { build: ., ports: [\"8000:8000\"], depends_on: { postgres: {condition: service_healthy} } }\nvolumes: { pgdata: }", "imports": "", "domain": "docker", "id": "deploy-infra-0200"}
+{"problem": "Build write a dockerfile for node.js production with logging.", "solution": "FROM node:18-alpine AS builder\nWORKDIR /app\nCOPY package*.json .\nRUN npm ci --only=production\n\nFROM node:18-alpine\nENV NODE_ENV=production\nCOPY --from=builder /node_modules ./node_modules\nCOPY . .\nUSER nodejs\nCMD [\"node\", \"server.js\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0201"}
+{"problem": "Configure create a docker network for app isolation with logging.", "solution": "docker network create --driver bridge --subnet 172.20.0.0/16 app-net\ndocker run -d --name db --network app-net postgres:15\ndocker run -d --name api --network app-net myapp:latest", "imports": "", "domain": "docker", "id": "deploy-infra-0202"}
+{"problem": "Set up write an ssh config for two host groups with logging.", "solution": "# Variation 203\nHost prod-*\n    HostName %h.example.com\n    User deploy\n    IdentityFile ~/.ssh/id_rsa_prod\nHost dev-*\n    HostName dev.example.com\n    User dev\n    IdentityFile ~/.ssh/id_rsa_dev", "imports": "", "domain": "ssh", "id": "deploy-infra-0203"}
+{"problem": "Write code to create bash function for ssh tunnel forwarding postgresql port for production.", "solution": "ssh_postgres_tunnel() { ssh -fN -L \"${3:-55432}:localhost:${2:-5432}\" \"${1:-prod-db.example.com}\" -o ExitOnForwardFailure=yes; }", "imports": "", "domain": "ssh", "id": "deploy-infra-0204"}
+{"problem": "Implement write a script that distributes ssh key to multiple servers for production.", "solution": "for s in web01 web02 db01; do\n  ssh-copy-id -i ~/.ssh/id_rsa.pub deploy@${s}.example.com 2>/dev/null && echo \"✓ $s\"\ndone", "imports": "", "domain": "ssh", "id": "deploy-infra-0205"}
+{"problem": "Create configure ssh to use a jump host for internal servers for production.", "solution": "Host internal-*\n    ProxyJump jump.example.com\n    HostName %h.internal.local", "imports": "", "domain": "ssh", "id": "deploy-infra-0206"}
+{"problem": "Build write a cloud-init config that provisions ubuntu 22.04 with deploy user, ssh key auth, and auto updates for production.", "solution": "#cloud-config\nusers: [{name: deploy, groups: [sudo], shell: /bin/bash, ssh_authorized_keys: [ssh-rsa AAA...]}]\npackage_update: true\npackages: [ufw, fail2ban]", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0207"}
+{"problem": "Configure create a terraform config for a digitalocean droplet (2gb) with ssh key for production.", "solution": "terraform { required_providers { digitalocean={source=\"digitalocean/digitalocean\",version=\"~>2.0\"} } }\nresource \"digitalocean_droplet\" \"web\" { name=\"web-01\"; region=\"nyc3\"; size=\"s-2vcpu-2gb\" }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0208"}
+{"problem": "Set up write an ansible playbook to install packages and start nginx for production.", "solution": "---\n- hosts: all\n  become: true\n  tasks:\n    - apt: name=[ufw,nginx] state=present\n    - systemd: name=nginx enabled=true state=started", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0209"}
+{"problem": "Write code to bash script: create deploy user, install docker, harden ssh with error handling.", "solution": "# Variation 210\n#!/usr/bin/env bash\nset -euo pipefail\nid -u deploy &>/dev/null || useradd -m -s /bin/bash deploy\n[[ -x $(command -v docker) ]] || curl -fsSL https://get.docker.com | sh\nsed -i 's/^PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0210"}
+{"problem": "Implement write a systemd drop-in to override service restart settings with error handling.", "solution": "[Service]\nRestart=always\nRestartSec=5", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0211"}
+{"problem": "Create create a logrotate config for application logs with error handling.", "solution": "/var/log/app/*.log { daily; rotate 7; compress; missingok }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0212"}
+{"problem": "Build write a shell function that waits for a tcp port to become available on a remote host with error handling.", "solution": "wait_for_port() { local h=\"$1\" p=\"$2\"; while ! nc -z \"$h\" \"$p\"; do sleep 1; done; }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0213"}
+{"problem": "Configure implement a script that sets up a python virtualenv with error handling.", "solution": "python3 -m venv /opt/app/venv\nsource /opt/app/venv/bin/activate\npip install -r requirements.txt", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0214"}
+{"problem": "Set up write nginx server block that serves static site and redirects http to https with error handling.", "solution": "server {\n    listen 80; server_name example.com;\n    return 301 https://$server_name$request_uri;\n}\nserver {\n    listen 443 ssl http2; server_name example.com;\n    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;\n    root /var/www/html;\n    location / { try_files $uri $uri/ =404; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0215"}
+{"problem": "Write code to configure nginx as reverse proxy to backend on port 3000 using best practices.", "solution": "upstream app { server 127.0.0.1:3000; }\nserver {\n    listen 80; server_name app.example.com;\n    location / {\n        proxy_pass http:app;\n        proxy_http_version 1.1;\n        proxy_set_header Upgrade $http_upgrade;\n        proxy_set_header Connection \"upgrade\";\n    }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0216"}
+{"problem": "Implement write nginx rate limiting configuration for /api/ endpoint using best practices.", "solution": "# Variation 217\nlimit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;\nserver {\n    location /api/ { limit_req zone=api burst=20 nodelay; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0217"}
+{"problem": "Create create nginx config snippet that adds hsts and csp headers using best practices.", "solution": "add_header Strict-Transport-Security \"max-age=63072000\" always;\nadd_header Content-Security-Policy \"default-src 'self'\" always;", "imports": "", "domain": "nginx", "id": "deploy-infra-0218"}
+{"problem": "Build write a systemd service unit for a python app as non-root, restart on failure using best practices.", "solution": "[Unit]\nDescription=My Python App\nAfter=network.target\n\n[Service]\nType=simple\nUser=deploy\nWorkingDirectory=/opt/app\nExecStart=/opt/app/venv/bin/gunicorn -w 4 -b 0.0.0.0:8000 app:app\nRestart=on-failure\nRestartSec=10\n\n[Install]\nWantedBy=multi-user.target", "imports": "", "domain": "systemd", "id": "deploy-infra-0219"}
+{"problem": "Configure create a systemd timer that runs a backup script daily at 2:30 am using best practices.", "solution": "[Timer]\nOnCalendar=*-*-* 02:30:00\nPersistent=true\nUnit=backup.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/backup.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0220"}
+{"problem": "Set up write a systemd path unit that triggers a service when a config file changes using best practices.", "solution": "[Path]\nPathModified=/etc/app/config.yaml\nUnit=config-reload.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/reload.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0221"}
+{"problem": "Write code to write a multi-stage dockerfile for python fastapi ensuring idempotency.", "solution": "FROM python:3.12-slim AS builder\nWORKDIR /app\nCOPY requirements.txt .\nRUN pip install --user --no-cache-dir -r requirements.txt\n\nFROM python:3.12-slim\nWORKDIR /app\nCOPY --from=builder /root/.local /root/.local\nCOPY . .\nCMD [\"uvicorn\", \"main:app\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0222"}
+{"problem": "Implement create a docker-compose.yml with web, postgres, and redis ensuring idempotency.", "solution": "version: \"3.9\"\nservices:\n  postgres: { image: postgres:15-alpine, environment: { POSTGRES_PASSWORD: \"secret\" }, volumes: [\"pgdata:/var/lib/postgresql/data\"] }\n  redis: { image: redis:7-alpine }\n  web: { build: ., ports: [\"8000:8000\"], depends_on: { postgres: {condition: service_healthy} } }\nvolumes: { pgdata: }", "imports": "", "domain": "docker", "id": "deploy-infra-0223"}
+{"problem": "Create write a dockerfile for node.js production ensuring idempotency.", "solution": "# Variation 224\nFROM node:18-alpine AS builder\nWORKDIR /app\nCOPY package*.json .\nRUN npm ci --only=production\n\nFROM node:18-alpine\nENV NODE_ENV=production\nCOPY --from=builder /node_modules ./node_modules\nCOPY . .\nUSER nodejs\nCMD [\"node\", \"server.js\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0224"}
+{"problem": "Build create a docker network for app isolation ensuring idempotency.", "solution": "docker network create --driver bridge --subnet 172.20.0.0/16 app-net\ndocker run -d --name db --network app-net postgres:15\ndocker run -d --name api --network app-net myapp:latest", "imports": "", "domain": "docker", "id": "deploy-infra-0225"}
+{"problem": "Configure write an ssh config for two host groups ensuring idempotency.", "solution": "Host prod-*\n    HostName %h.example.com\n    User deploy\n    IdentityFile ~/.ssh/id_rsa_prod\nHost dev-*\n    HostName dev.example.com\n    User dev\n    IdentityFile ~/.ssh/id_rsa_dev", "imports": "", "domain": "ssh", "id": "deploy-infra-0226"}
+{"problem": "Set up create bash function for ssh tunnel forwarding postgresql port ensuring idempotency.", "solution": "ssh_postgres_tunnel() { ssh -fN -L \"${3:-55432}:localhost:${2:-5432}\" \"${1:-prod-db.example.com}\" -o ExitOnForwardFailure=yes; }", "imports": "", "domain": "ssh", "id": "deploy-infra-0227"}
+{"problem": "Write code to write a script that distributes ssh key to multiple servers with logging.", "solution": "for s in web01 web02 db01; do\n  ssh-copy-id -i ~/.ssh/id_rsa.pub deploy@${s}.example.com 2>/dev/null && echo \"✓ $s\"\ndone", "imports": "", "domain": "ssh", "id": "deploy-infra-0228"}
+{"problem": "Implement configure ssh to use a jump host for internal servers with logging.", "solution": "Host internal-*\n    ProxyJump jump.example.com\n    HostName %h.internal.local", "imports": "", "domain": "ssh", "id": "deploy-infra-0229"}
+{"problem": "Create write a cloud-init config that provisions ubuntu 22.04 with deploy user, ssh key auth, and auto updates with logging.", "solution": "#cloud-config\nusers: [{name: deploy, groups: [sudo], shell: /bin/bash, ssh_authorized_keys: [ssh-rsa AAA...]}]\npackage_update: true\npackages: [ufw, fail2ban]", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0230"}
+{"problem": "Build create a terraform config for a digitalocean droplet (2gb) with ssh key with logging.", "solution": "# Variation 231\nterraform { required_providers { digitalocean={source=\"digitalocean/digitalocean\",version=\"~>2.0\"} } }\nresource \"digitalocean_droplet\" \"web\" { name=\"web-01\"; region=\"nyc3\"; size=\"s-2vcpu-2gb\" }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0231"}
+{"problem": "Configure write an ansible playbook to install packages and start nginx with logging.", "solution": "---\n- hosts: all\n  become: true\n  tasks:\n    - apt: name=[ufw,nginx] state=present\n    - systemd: name=nginx enabled=true state=started", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0232"}
+{"problem": "Set up bash script: create deploy user, install docker, harden ssh with logging.", "solution": "#!/usr/bin/env bash\nset -euo pipefail\nid -u deploy &>/dev/null || useradd -m -s /bin/bash deploy\n[[ -x $(command -v docker) ]] || curl -fsSL https://get.docker.com | sh\nsed -i 's/^PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0233"}
+{"problem": "Write code to write a systemd drop-in to override service restart settings for production.", "solution": "[Service]\nRestart=always\nRestartSec=5", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0234"}
+{"problem": "Implement create a logrotate config for application logs for production.", "solution": "/var/log/app/*.log { daily; rotate 7; compress; missingok }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0235"}
+{"problem": "Create write a shell function that waits for a tcp port to become available on a remote host for production.", "solution": "wait_for_port() { local h=\"$1\" p=\"$2\"; while ! nc -z \"$h\" \"$p\"; do sleep 1; done; }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0236"}
+{"problem": "Build implement a script that sets up a python virtualenv for production.", "solution": "python3 -m venv /opt/app/venv\nsource /opt/app/venv/bin/activate\npip install -r requirements.txt", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0237"}
+{"problem": "Configure write nginx server block that serves static site and redirects http to https for production.", "solution": "# Variation 238\nserver {\n    listen 80; server_name example.com;\n    return 301 https://$server_name$request_uri;\n}\nserver {\n    listen 443 ssl http2; server_name example.com;\n    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;\n    root /var/www/html;\n    location / { try_files $uri $uri/ =404; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0238"}
+{"problem": "Set up configure nginx as reverse proxy to backend on port 3000 for production.", "solution": "upstream app { server 127.0.0.1:3000; }\nserver {\n    listen 80; server_name app.example.com;\n    location / {\n        proxy_pass http:app;\n        proxy_http_version 1.1;\n        proxy_set_header Upgrade $http_upgrade;\n        proxy_set_header Connection \"upgrade\";\n    }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0239"}
+{"problem": "Write code to write nginx rate limiting configuration for /api/ endpoint with error handling.", "solution": "limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;\nserver {\n    location /api/ { limit_req zone=api burst=20 nodelay; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0240"}
+{"problem": "Implement create nginx config snippet that adds hsts and csp headers with error handling.", "solution": "add_header Strict-Transport-Security \"max-age=63072000\" always;\nadd_header Content-Security-Policy \"default-src 'self'\" always;", "imports": "", "domain": "nginx", "id": "deploy-infra-0241"}
+{"problem": "Create write a systemd service unit for a python app as non-root, restart on failure with error handling.", "solution": "[Unit]\nDescription=My Python App\nAfter=network.target\n\n[Service]\nType=simple\nUser=deploy\nWorkingDirectory=/opt/app\nExecStart=/opt/app/venv/bin/gunicorn -w 4 -b 0.0.0.0:8000 app:app\nRestart=on-failure\nRestartSec=10\n\n[Install]\nWantedBy=multi-user.target", "imports": "", "domain": "systemd", "id": "deploy-infra-0242"}
+{"problem": "Build create a systemd timer that runs a backup script daily at 2:30 am with error handling.", "solution": "[Timer]\nOnCalendar=*-*-* 02:30:00\nPersistent=true\nUnit=backup.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/backup.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0243"}
+{"problem": "Configure write a systemd path unit that triggers a service when a config file changes with error handling.", "solution": "[Path]\nPathModified=/etc/app/config.yaml\nUnit=config-reload.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/reload.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0244"}
+{"problem": "Set up write a multi-stage dockerfile for python fastapi with error handling.", "solution": "# Variation 245\nFROM python:3.12-slim AS builder\nWORKDIR /app\nCOPY requirements.txt .\nRUN pip install --user --no-cache-dir -r requirements.txt\n\nFROM python:3.12-slim\nWORKDIR /app\nCOPY --from=builder /root/.local /root/.local\nCOPY . .\nCMD [\"uvicorn\", \"main:app\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0245"}
+{"problem": "Write code to create a docker-compose.yml with web, postgres, and redis using best practices.", "solution": "version: \"3.9\"\nservices:\n  postgres: { image: postgres:15-alpine, environment: { POSTGRES_PASSWORD: \"secret\" }, volumes: [\"pgdata:/var/lib/postgresql/data\"] }\n  redis: { image: redis:7-alpine }\n  web: { build: ., ports: [\"8000:8000\"], depends_on: { postgres: {condition: service_healthy} } }\nvolumes: { pgdata: }", "imports": "", "domain": "docker", "id": "deploy-infra-0246"}
+{"problem": "Implement write a dockerfile for node.js production using best practices.", "solution": "FROM node:18-alpine AS builder\nWORKDIR /app\nCOPY package*.json .\nRUN npm ci --only=production\n\nFROM node:18-alpine\nENV NODE_ENV=production\nCOPY --from=builder /node_modules ./node_modules\nCOPY . .\nUSER nodejs\nCMD [\"node\", \"server.js\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0247"}
+{"problem": "Create create a docker network for app isolation using best practices.", "solution": "docker network create --driver bridge --subnet 172.20.0.0/16 app-net\ndocker run -d --name db --network app-net postgres:15\ndocker run -d --name api --network app-net myapp:latest", "imports": "", "domain": "docker", "id": "deploy-infra-0248"}
+{"problem": "Build write an ssh config for two host groups using best practices.", "solution": "Host prod-*\n    HostName %h.example.com\n    User deploy\n    IdentityFile ~/.ssh/id_rsa_prod\nHost dev-*\n    HostName dev.example.com\n    User dev\n    IdentityFile ~/.ssh/id_rsa_dev", "imports": "", "domain": "ssh", "id": "deploy-infra-0249"}
+{"problem": "Configure create bash function for ssh tunnel forwarding postgresql port using best practices.", "solution": "ssh_postgres_tunnel() { ssh -fN -L \"${3:-55432}:localhost:${2:-5432}\" \"${1:-prod-db.example.com}\" -o ExitOnForwardFailure=yes; }", "imports": "", "domain": "ssh", "id": "deploy-infra-0250"}
+{"problem": "Set up write a script that distributes ssh key to multiple servers using best practices.", "solution": "for s in web01 web02 db01; do\n  ssh-copy-id -i ~/.ssh/id_rsa.pub deploy@${s}.example.com 2>/dev/null && echo \"✓ $s\"\ndone", "imports": "", "domain": "ssh", "id": "deploy-infra-0251"}
+{"problem": "Write code to configure ssh to use a jump host for internal servers ensuring idempotency.", "solution": "# Variation 252\nHost internal-*\n    ProxyJump jump.example.com\n    HostName %h.internal.local", "imports": "", "domain": "ssh", "id": "deploy-infra-0252"}
+{"problem": "Implement write a cloud-init config that provisions ubuntu 22.04 with deploy user, ssh key auth, and auto updates ensuring idempotency.", "solution": "#cloud-config\nusers: [{name: deploy, groups: [sudo], shell: /bin/bash, ssh_authorized_keys: [ssh-rsa AAA...]}]\npackage_update: true\npackages: [ufw, fail2ban]", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0253"}
+{"problem": "Create create a terraform config for a digitalocean droplet (2gb) with ssh key ensuring idempotency.", "solution": "terraform { required_providers { digitalocean={source=\"digitalocean/digitalocean\",version=\"~>2.0\"} } }\nresource \"digitalocean_droplet\" \"web\" { name=\"web-01\"; region=\"nyc3\"; size=\"s-2vcpu-2gb\" }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0254"}
+{"problem": "Build write an ansible playbook to install packages and start nginx ensuring idempotency.", "solution": "---\n- hosts: all\n  become: true\n  tasks:\n    - apt: name=[ufw,nginx] state=present\n    - systemd: name=nginx enabled=true state=started", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0255"}
+{"problem": "Configure bash script: create deploy user, install docker, harden ssh ensuring idempotency.", "solution": "#!/usr/bin/env bash\nset -euo pipefail\nid -u deploy &>/dev/null || useradd -m -s /bin/bash deploy\n[[ -x $(command -v docker) ]] || curl -fsSL https://get.docker.com | sh\nsed -i 's/^PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0256"}
+{"problem": "Set up write a systemd drop-in to override service restart settings ensuring idempotency.", "solution": "[Service]\nRestart=always\nRestartSec=5", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0257"}
+{"problem": "Write code to create a logrotate config for application logs with logging.", "solution": "/var/log_msg/app/*.log_msg { daily; rotate 7; compress; missingok }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0258"}
+{"problem": "Implement write a shell function that waits for a tcp port to become available on a remote host with logging.", "solution": "# Variation 259\nwait_for_port() { local h=\"$1\" p=\"$2\"; while ! nc -z \"$h\" \"$p\"; do sleep 1; done; }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0259"}
+{"problem": "Create implement a script that sets up a python virtualenv with logging.", "solution": "python3 -m venv /opt/app/venv\nsource /opt/app/venv/bin/activate\npip install -r requirements.txt", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0260"}
+{"problem": "Build write nginx server block that serves static site and redirects http to https with logging.", "solution": "server {\n    listen 80; server_name example.com;\n    return 301 https://$server_name$request_uri;\n}\nserver {\n    listen 443 ssl http2; server_name example.com;\n    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;\n    root /var/www/html;\n    location / { try_files $uri $uri/ =404; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0261"}
+{"problem": "Configure configure nginx as reverse proxy to backend on port 3000 with logging.", "solution": "upstream app { server 127.0.0.1:3000; }\nserver {\n    listen 80; server_name app.example.com;\n    location / {\n        proxy_pass http:app;\n        proxy_http_version 1.1;\n        proxy_set_header Upgrade $http_upgrade;\n        proxy_set_header Connection \"upgrade\";\n    }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0262"}
+{"problem": "Set up write nginx rate limiting configuration for /api/ endpoint with logging.", "solution": "limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;\nserver {\n    location /api/ { limit_req zone=api burst=20 nodelay; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0263"}
+{"problem": "Write code to create nginx config snippet that adds hsts and csp headers for production.", "solution": "add_header Strict-Transport-Security \"max-age=63072000\" always;\nadd_header Content-Security-Policy \"default-src 'self'\" always;", "imports": "", "domain": "nginx", "id": "deploy-infra-0264"}
+{"problem": "Implement write a systemd service unit for a python app as non-root, restart on failure for production.", "solution": "[Unit]\nDescription=My Python App\nAfter=network.target\n\n[Service]\nType=simple\nUser=deploy\nWorkingDirectory=/opt/app\nExecStart=/opt/app/venv/bin/gunicorn -w 4 -b 0.0.0.0:8000 app:app\nRestart=on-failure\nRestartSec=10\n\n[Install]\nWantedBy=multi-user.target", "imports": "", "domain": "systemd", "id": "deploy-infra-0265"}
+{"problem": "Create create a systemd timer that runs a backup script daily at 2:30 am for production.", "solution": "# Variation 266\n[Timer]\nOnCalendar=*-*-* 02:30:00\nPersistent=true\nUnit=backup.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/backup.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0266"}
+{"problem": "Build write a systemd path unit that triggers a service when a config file changes for production.", "solution": "[Path]\nPathModified=/etc/app/config.yaml\nUnit=config-reload.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/reload.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0267"}
+{"problem": "Configure write a multi-stage dockerfile for python fastapi for production.", "solution": "FROM python:3.12-slim AS builder\nWORKDIR /app\nCOPY requirements.txt .\nRUN pip install --user --no-cache-dir -r requirements.txt\n\nFROM python:3.12-slim\nWORKDIR /app\nCOPY --from=builder /root/.local /root/.local\nCOPY . .\nCMD [\"uvicorn\", \"main:app\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0268"}
+{"problem": "Set up create a docker-compose.yml with web, postgres, and redis for production.", "solution": "version: \"3.9\"\nservices:\n  postgres: { image: postgres:15-alpine, environment: { POSTGRES_PASSWORD: \"secret\" }, volumes: [\"pgdata:/var/lib/postgresql/data\"] }\n  redis: { image: redis:7-alpine }\n  web: { build: ., ports: [\"8000:8000\"], depends_on: { postgres: {condition: service_healthy} } }\nvolumes: { pgdata: }", "imports": "", "domain": "docker", "id": "deploy-infra-0269"}
+{"problem": "Write code to write a dockerfile for node.js production with error handling.", "solution": "FROM node:18-alpine AS builder\nWORKDIR /app\nCOPY package*.json .\nRUN npm ci --only=production\n\nFROM node:18-alpine\nENV NODE_ENV=production\nCOPY --from=builder /node_modules ./node_modules\nCOPY . .\nUSER nodejs\nCMD [\"node\", \"server.js\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0270"}
+{"problem": "Implement create a docker network for app isolation with error handling.", "solution": "docker network create --driver bridge --subnet 172.20.0.0/16 app-net\ndocker run -d --name db --network app-net postgres:15\ndocker run -d --name api --network app-net myapp:latest", "imports": "", "domain": "docker", "id": "deploy-infra-0271"}
+{"problem": "Create write an ssh config for two host groups with error handling.", "solution": "Host prod-*\n    HostName %h.example.com\n    User deploy\n    IdentityFile ~/.ssh/id_rsa_prod\nHost dev-*\n    HostName dev.example.com\n    User dev\n    IdentityFile ~/.ssh/id_rsa_dev", "imports": "", "domain": "ssh", "id": "deploy-infra-0272"}
+{"problem": "Build create bash function for ssh tunnel forwarding postgresql port with error handling.", "solution": "# Variation 273\nssh_postgres_tunnel() { ssh -fN -L \"${3:-55432}:localhost:${2:-5432}\" \"${1:-prod-db.example.com}\" -o ExitOnForwardFailure=yes; }", "imports": "", "domain": "ssh", "id": "deploy-infra-0273"}
+{"problem": "Configure write a script that distributes ssh key to multiple servers with error handling.", "solution": "for s in web01 web02 db01; do\n  ssh-copy-id -i ~/.ssh/id_rsa.pub deploy@${s}.example.com 2>/dev/null && echo \"✓ $s\"\ndone", "imports": "", "domain": "ssh", "id": "deploy-infra-0274"}
+{"problem": "Set up configure ssh to use a jump host for internal servers with error handling.", "solution": "Host internal-*\n    ProxyJump jump.example.com\n    HostName %h.internal.local", "imports": "", "domain": "ssh", "id": "deploy-infra-0275"}
+{"problem": "Write code to write a cloud-init config that provisions ubuntu 22.04 with deploy user, ssh key auth, and auto updates using best practices.", "solution": "#cloud-config\nusers: [{name: deploy, groups: [sudo], shell: /bin/bash, ssh_authorized_keys: [ssh-rsa AAA...]}]\npackage_update: true\npackages: [ufw, fail2ban]", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0276"}
+{"problem": "Implement create a terraform config for a digitalocean droplet (2gb) with ssh key using best practices.", "solution": "terraform { required_providers { digitalocean={source=\"digitalocean/digitalocean\",version=\"~>2.0\"} } }\nresource \"digitalocean_droplet\" \"web\" { name=\"web-01\"; region=\"nyc3\"; size=\"s-2vcpu-2gb\" }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0277"}
+{"problem": "Create write an ansible playbook to install packages and start nginx using best practices.", "solution": "---\n- hosts: all\n  become: true\n  tasks:\n    - apt: name=[ufw,nginx] state=present\n    - systemd: name=nginx enabled=true state=started", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0278"}
+{"problem": "Build bash script: create deploy user, install docker, harden ssh using best practices.", "solution": "#!/usr/bin/env bash\nset -euo pipefail\nid -u deploy &>/dev/null || useradd -m -s /bin/bash deploy\n[[ -x $(command -v docker) ]] || curl -fsSL https://get.docker.com | sh\nsed -i 's/^PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0279"}
+{"problem": "Configure write a systemd drop-in to override service restart settings using best practices.", "solution": "# Variation 280\n[Service]\nRestart=always\nRestartSec=5", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0280"}
+{"problem": "Set up create a logrotate config for application logs using best practices.", "solution": "/var/log/app/*.log { daily; rotate 7; compress; missingok }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0281"}
+{"problem": "Write code to write a shell function that waits for a tcp port to become available on a remote host ensuring idempotency.", "solution": "wait_for_port() { local h=\"$1\" p=\"$2\"; while ! nc -z \"$h\" \"$p\"; do sleep 1; done; }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0282"}
+{"problem": "Implement implement a script that sets up a python virtualenv ensuring idempotency.", "solution": "python3 -m venv /opt/app/venv\nsource /opt/app/venv/bin/activate\npip install -r requirements.txt", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0283"}
+{"problem": "Create write nginx server block that serves static site and redirects http to https ensuring idempotency.", "solution": "server {\n    listen 80; server_name example.com;\n    return 301 https://$server_name$request_uri;\n}\nserver {\n    listen 443 ssl http2; server_name example.com;\n    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;\n    root /var/www/html;\n    location / { try_files $uri $uri/ =404; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0284"}
+{"problem": "Build configure nginx as reverse proxy to backend on port 3000 ensuring idempotency.", "solution": "upstream app { server 127.0.0.1:3000; }\nserver {\n    listen 80; server_name app.example.com;\n    location / {\n        proxy_pass http:app;\n        proxy_http_version 1.1;\n        proxy_set_header Upgrade $http_upgrade;\n        proxy_set_header Connection \"upgrade\";\n    }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0285"}
+{"problem": "Configure write nginx rate limiting configuration for /api/ endpoint ensuring idempotency.", "solution": "limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;\nserver {\n    location /api/ { limit_req zone=api burst=20 nodelay; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0286"}
+{"problem": "Set up create nginx config snippet that adds hsts and csp headers ensuring idempotency.", "solution": "# Variation 287\nadd_header Strict-Transport-Security \"max-age=63072000\" always;\nadd_header Content-Security-Policy \"default-src 'self'\" always;", "imports": "", "domain": "nginx", "id": "deploy-infra-0287"}
+{"problem": "Write code to write a systemd service unit for a python app as non-root, restart on failure with logging.", "solution": "[Unit]\nDescription=My Python App\nAfter=network.target\n\n[Service]\nType=simple\nUser=deploy\nWorkingDirectory=/opt/app\nExecStart=/opt/app/venv/bin/gunicorn -w 4 -b 0.0.0.0:8000 app:app\nRestart=on-failure\nRestartSec=10\n\n[Install]\nWantedBy=multi-user.target", "imports": "", "domain": "systemd", "id": "deploy-infra-0288"}
+{"problem": "Implement create a systemd timer that runs a backup script daily at 2:30 am with logging.", "solution": "[Timer]\nOnCalendar=*-*-* 02:30:00\nPersistent=true\nUnit=backup.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/backup.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0289"}
+{"problem": "Create write a systemd path unit that triggers a service when a config file changes with logging.", "solution": "[Path]\nPathModified=/etc/app/config.yaml\nUnit=config-reload.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/reload.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0290"}
+{"problem": "Build write a multi-stage dockerfile for python fastapi with logging.", "solution": "FROM python:3.12-slim AS builder\nWORKDIR /app\nCOPY requirements.txt .\nRUN pip install --user --no-cache-dir -r requirements.txt\n\nFROM python:3.12-slim\nWORKDIR /app\nCOPY --from=builder /root/.local /root/.local\nCOPY . .\nCMD [\"uvicorn\", \"main:app\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0291"}
+{"problem": "Configure create a docker-compose.yml with web, postgres, and redis with logging.", "solution": "version: \"3.9\"\nservices:\n  postgres: { image: postgres:15-alpine, environment: { POSTGRES_PASSWORD: \"secret\" }, volumes: [\"pgdata:/var/lib/postgresql/data\"] }\n  redis: { image: redis:7-alpine }\n  web: { build: ., ports: [\"8000:8000\"], depends_on: { postgres: {condition: service_healthy} } }\nvolumes: { pgdata: }", "imports": "", "domain": "docker", "id": "deploy-infra-0292"}
+{"problem": "Set up write a dockerfile for node.js production with logging.", "solution": "FROM node:18-alpine AS builder\nWORKDIR /app\nCOPY package*.json .\nRUN npm ci --only=production\n\nFROM node:18-alpine\nENV NODE_ENV=production\nCOPY --from=builder /node_modules ./node_modules\nCOPY . .\nUSER nodejs\nCMD [\"node\", \"server.js\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0293"}
+{"problem": "Write code to create a docker network for app isolation for production.", "solution": "# Variation 294\ndocker network create --driver bridge --subnet 172.20.0.0/16 app-net\ndocker run -d --name db --network app-net postgres:15\ndocker run -d --name api --network app-net myapp:latest", "imports": "", "domain": "docker", "id": "deploy-infra-0294"}
+{"problem": "Implement write an ssh config for two host groups for production.", "solution": "Host prod-*\n    HostName %h.example.com\n    User deploy\n    IdentityFile ~/.ssh/id_rsa_prod\nHost dev-*\n    HostName dev.example.com\n    User dev\n    IdentityFile ~/.ssh/id_rsa_dev", "imports": "", "domain": "ssh", "id": "deploy-infra-0295"}
+{"problem": "Create create bash function for ssh tunnel forwarding postgresql port for production.", "solution": "ssh_postgres_tunnel() { ssh -fN -L \"${3:-55432}:localhost:${2:-5432}\" \"${1:-prod-db.example.com}\" -o ExitOnForwardFailure=yes; }", "imports": "", "domain": "ssh", "id": "deploy-infra-0296"}
+{"problem": "Build write a script that distributes ssh key to multiple servers for production.", "solution": "for s in web01 web02 db01; do\n  ssh-copy-id -i ~/.ssh/id_rsa.pub deploy@${s}.example.com 2>/dev/null && echo \"✓ $s\"\ndone", "imports": "", "domain": "ssh", "id": "deploy-infra-0297"}
+{"problem": "Configure configure ssh to use a jump host for internal servers for production.", "solution": "Host internal-*\n    ProxyJump jump.example.com\n    HostName %h.internal.local", "imports": "", "domain": "ssh", "id": "deploy-infra-0298"}
+{"problem": "Set up write a cloud-init config that provisions ubuntu 22.04 with deploy user, ssh key auth, and auto updates for production.", "solution": "#cloud-config\nusers: [{name: deploy, groups: [sudo], shell: /bin/bash, ssh_authorized_keys: [ssh-rsa AAA...]}]\npackage_update: true\npackages: [ufw, fail2ban]", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0299"}
+{"problem": "Write code to create a terraform config for a digitalocean droplet (2gb) with ssh key with error handling.", "solution": "terraform { required_providers { digitalocean={source=\"digitalocean/digitalocean\",version=\"~>2.0\"} } }\nresource \"digitalocean_droplet\" \"web\" { name=\"web-01\"; region=\"nyc3\"; size=\"s-2vcpu-2gb\" }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0300"}
+{"problem": "Implement write an ansible playbook to install packages and start nginx with error handling.", "solution": "# Variation 301\n---\n- hosts: all\n  become: true\n  tasks:\n    - apt: name=[ufw,nginx] state=present\n    - systemd: name=nginx enabled=true state=started", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0301"}
+{"problem": "Create bash script: create deploy user, install docker, harden ssh with error handling.", "solution": "#!/usr/bin/env bash\nset -euo pipefail\nid -u deploy &>/dev/null || useradd -m -s /bin/bash deploy\n[[ -x $(command -v docker) ]] || curl -fsSL https://get.docker.com | sh\nsed -i 's/^PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0302"}
+{"problem": "Build write a systemd drop-in to override service restart settings with error handling.", "solution": "[Service]\nRestart=always\nRestartSec=5", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0303"}
+{"problem": "Configure create a logrotate config for application logs with error handling.", "solution": "/var/log/app/*.log { daily; rotate 7; compress; missingok }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0304"}
+{"problem": "Set up write a shell function that waits for a tcp port to become available on a remote host with error handling.", "solution": "wait_for_port() { local h=\"$1\" p=\"$2\"; while ! nc -z \"$h\" \"$p\"; do sleep 1; done; }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0305"}
+{"problem": "Write code to implement a script that sets up a python virtualenv using best practices.", "solution": "python3 -m venv /opt/app/venv\nsource /opt/app/venv/bin/activate\npip install -r requirements.txt", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0306"}
+{"problem": "Implement write nginx server block that serves static site and redirects http to https using best practices.", "solution": "server {\n    listen 80; server_name example.com;\n    return 301 https://$server_name$request_uri;\n}\nserver {\n    listen 443 ssl http2; server_name example.com;\n    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;\n    root /var/www/html;\n    location / { try_files $uri $uri/ =404; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0307"}
+{"problem": "Create configure nginx as reverse proxy to backend on port 3000 using best practices.", "solution": "# Variation 308\nupstream app { server 127.0.0.1:3000; }\nserver {\n    listen 80; server_name app.example.com;\n    location / {\n        proxy_pass http:app;\n        proxy_http_version 1.1;\n        proxy_set_header Upgrade $http_upgrade;\n        proxy_set_header Connection \"upgrade\";\n    }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0308"}
+{"problem": "Build write nginx rate limiting configuration for /api/ endpoint using best practices.", "solution": "limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;\nserver {\n    location /api/ { limit_req zone=api burst=20 nodelay; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0309"}
+{"problem": "Configure create nginx config snippet that adds hsts and csp headers using best practices.", "solution": "add_header Strict-Transport-Security \"max-age=63072000\" always;\nadd_header Content-Security-Policy \"default-src 'self'\" always;", "imports": "", "domain": "nginx", "id": "deploy-infra-0310"}
+{"problem": "Set up write a systemd service unit for a python app as non-root, restart on failure using best practices.", "solution": "[Unit]\nDescription=My Python App\nAfter=network.target\n\n[Service]\nType=simple\nUser=deploy\nWorkingDirectory=/opt/app\nExecStart=/opt/app/venv/bin/gunicorn -w 4 -b 0.0.0.0:8000 app:app\nRestart=on-failure\nRestartSec=10\n\n[Install]\nWantedBy=multi-user.target", "imports": "", "domain": "systemd", "id": "deploy-infra-0311"}
+{"problem": "Write code to create a systemd timer that runs a backup script daily at 2:30 am ensuring idempotency.", "solution": "[Timer]\nOnCalendar=*-*-* 02:30:00\nPersistent=true\nUnit=backup.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/backup.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0312"}
+{"problem": "Implement write a systemd path unit that triggers a service when a config file changes ensuring idempotency.", "solution": "[Path]\nPathModified=/etc/app/config.yaml\nUnit=config-reload.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/reload.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0313"}
+{"problem": "Create write a multi-stage dockerfile for python fastapi ensuring idempotency.", "solution": "FROM python:3.12-slim AS builder\nWORKDIR /app\nCOPY requirements.txt .\nRUN pip install --user --no-cache-dir -r requirements.txt\n\nFROM python:3.12-slim\nWORKDIR /app\nCOPY --from=builder /root/.local /root/.local\nCOPY . .\nCMD [\"uvicorn\", \"main:app\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0314"}
+{"problem": "Build create a docker-compose.yml with web, postgres, and redis ensuring idempotency.", "solution": "# Variation 315\nversion: \"3.9\"\nservices:\n  postgres: { image: postgres:15-alpine, environment: { POSTGRES_PASSWORD: \"secret\" }, volumes: [\"pgdata:/var/lib/postgresql/data\"] }\n  redis: { image: redis:7-alpine }\n  web: { build: ., ports: [\"8000:8000\"], depends_on: { postgres: {condition: service_healthy} } }\nvolumes: { pgdata: }", "imports": "", "domain": "docker", "id": "deploy-infra-0315"}
+{"problem": "Configure write a dockerfile for node.js production ensuring idempotency.", "solution": "FROM node:18-alpine AS builder\nWORKDIR /app\nCOPY package*.json .\nRUN npm ci --only=production\n\nFROM node:18-alpine\nENV NODE_ENV=production\nCOPY --from=builder /node_modules ./node_modules\nCOPY . .\nUSER nodejs\nCMD [\"node\", \"server.js\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0316"}
+{"problem": "Set up create a docker network for app isolation ensuring idempotency.", "solution": "docker network create --driver bridge --subnet 172.20.0.0/16 app-net\ndocker run -d --name db --network app-net postgres:15\ndocker run -d --name api --network app-net myapp:latest", "imports": "", "domain": "docker", "id": "deploy-infra-0317"}
+{"problem": "Write code to write an ssh config for two host groups with logging.", "solution": "Host prod-*\n    HostName %h.example.com\n    User deploy\n    IdentityFile ~/.ssh/id_rsa_prod\nHost dev-*\n    HostName dev.example.com\n    User dev\n    IdentityFile ~/.ssh/id_rsa_dev", "imports": "", "domain": "ssh", "id": "deploy-infra-0318"}
+{"problem": "Implement create bash function for ssh tunnel forwarding postgresql port with logging.", "solution": "ssh_postgres_tunnel() { ssh -fN -L \"${3:-55432}:localhost:${2:-5432}\" \"${1:-prod-db.example.com}\" -o ExitOnForwardFailure=yes; }", "imports": "", "domain": "ssh", "id": "deploy-infra-0319"}
+{"problem": "Create write a script that distributes ssh key to multiple servers with logging.", "solution": "for s in web01 web02 db01; do\n  ssh-copy-id -i ~/.ssh/id_rsa.pub deploy@${s}.example.com 2>/dev/null && echo \"✓ $s\"\ndone", "imports": "", "domain": "ssh", "id": "deploy-infra-0320"}
+{"problem": "Build configure ssh to use a jump host for internal servers with logging.", "solution": "Host internal-*\n    ProxyJump jump.example.com\n    HostName %h.internal.local", "imports": "", "domain": "ssh", "id": "deploy-infra-0321"}
+{"problem": "Configure write a cloud-init config that provisions ubuntu 22.04 with deploy user, ssh key auth, and auto updates with logging.", "solution": "# Variation 322\n#cloud-config\nusers: [{name: deploy, groups: [sudo], shell: /bin/bash, ssh_authorized_keys: [ssh-rsa AAA...]}]\npackage_update: true\npackages: [ufw, fail2ban]", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0322"}
+{"problem": "Set up create a terraform config for a digitalocean droplet (2gb) with ssh key with logging.", "solution": "terraform { required_providers { digitalocean={source=\"digitalocean/digitalocean\",version=\"~>2.0\"} } }\nresource \"digitalocean_droplet\" \"web\" { name=\"web-01\"; region=\"nyc3\"; size=\"s-2vcpu-2gb\" }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0323"}
+{"problem": "Write code to write an ansible playbook to install packages and start nginx for production.", "solution": "---\n- hosts: all\n  become: true\n  tasks:\n    - apt: name=[ufw,nginx] state=present\n    - systemd: name=nginx enabled=true state=started", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0324"}
+{"problem": "Implement bash script: create deploy user, install docker, harden ssh for production.", "solution": "#!/usr/bin/env bash\nset -euo pipefail\nid -u deploy &>/dev/null || useradd -m -s /bin/bash deploy\n[[ -x $(command -v docker) ]] || curl -fsSL https://get.docker.com | sh\nsed -i 's/^PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0325"}
+{"problem": "Create write a systemd drop-in to override service restart settings for production.", "solution": "[Service]\nRestart=always\nRestartSec=5", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0326"}
+{"problem": "Build create a logrotate config for application logs for production.", "solution": "/var/log_msg/app/*.log_msg { daily; rotate 7; compress; missingok }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0327"}
+{"problem": "Configure write a shell function that waits for a tcp port to become available on a remote host for production.", "solution": "wait_for_port() { local h=\"$1\" p=\"$2\"; while ! nc -z \"$h\" \"$p\"; do sleep 1; done; }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0328"}
+{"problem": "Set up implement a script that sets up a python virtualenv for production.", "solution": "# Variation 329\npython3 -m venv /opt/app/venv\nsource /opt/app/venv/bin/activate\npip install -r requirements.txt", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0329"}
+{"problem": "Write code to write nginx server block that serves static site and redirects http to https with error handling.", "solution": "server {\n    listen 80; server_name example.com;\n    return 301 https://$server_name$request_uri;\n}\nserver {\n    listen 443 ssl http2; server_name example.com;\n    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;\n    root /var/www/html;\n    location / { try_files $uri $uri/ =404; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0330"}
+{"problem": "Implement configure nginx as reverse proxy to backend on port 3000 with error handling.", "solution": "upstream app { server 127.0.0.1:3000; }\nserver {\n    listen 80; server_name app.example.com;\n    location / {\n        proxy_pass http:app;\n        proxy_http_version 1.1;\n        proxy_set_header Upgrade $http_upgrade;\n        proxy_set_header Connection \"upgrade\";\n    }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0331"}
+{"problem": "Create write nginx rate limiting configuration for /api/ endpoint with error handling.", "solution": "limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;\nserver {\n    location /api/ { limit_req zone=api burst=20 nodelay; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0332"}
+{"problem": "Build create nginx config snippet that adds hsts and csp headers with error handling.", "solution": "add_header Strict-Transport-Security \"max-age=63072000\" always;\nadd_header Content-Security-Policy \"default-src 'self'\" always;", "imports": "", "domain": "nginx", "id": "deploy-infra-0333"}
+{"problem": "Configure write a systemd service unit for a python app as non-root, restart on failure with error handling.", "solution": "[Unit]\nDescription=My Python App\nAfter=network.target\n\n[Service]\nType=simple\nUser=deploy\nWorkingDirectory=/opt/app\nExecStart=/opt/app/venv/bin/gunicorn -w 4 -b 0.0.0.0:8000 app:app\nRestart=on-failure\nRestartSec=10\n\n[Install]\nWantedBy=multi-user.target", "imports": "", "domain": "systemd", "id": "deploy-infra-0334"}
+{"problem": "Set up create a systemd timer that runs a backup script daily at 2:30 am with error handling.", "solution": "[Timer]\nOnCalendar=*-*-* 02:30:00\nPersistent=true\nUnit=backup.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/backup.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0335"}
+{"problem": "Write code to write a systemd path unit that triggers a service when a config file changes using best practices.", "solution": "# Variation 336\n[Path]\nPathModified=/etc/app/config.yaml\nUnit=config-reload.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/reload.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0336"}
+{"problem": "Implement write a multi-stage dockerfile for python fastapi using best practices.", "solution": "FROM python:3.12-slim AS builder\nWORKDIR /app\nCOPY requirements.txt .\nRUN pip install --user --no-cache-dir -r requirements.txt\n\nFROM python:3.12-slim\nWORKDIR /app\nCOPY --from=builder /root/.local /root/.local\nCOPY . .\nCMD [\"uvicorn\", \"main:app\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0337"}
+{"problem": "Create create a docker-compose.yml with web, postgres, and redis using best practices.", "solution": "version: \"3.9\"\nservices:\n  postgres: { image: postgres:15-alpine, environment: { POSTGRES_PASSWORD: \"secret\" }, volumes: [\"pgdata:/var/lib/postgresql/data\"] }\n  redis: { image: redis:7-alpine }\n  web: { build: ., ports: [\"8000:8000\"], depends_on: { postgres: {condition: service_healthy} } }\nvolumes: { pgdata: }", "imports": "", "domain": "docker", "id": "deploy-infra-0338"}
+{"problem": "Build write a dockerfile for node.js production using best practices.", "solution": "FROM node:18-alpine AS builder\nWORKDIR /app\nCOPY package*.json .\nRUN npm ci --only=production\n\nFROM node:18-alpine\nENV NODE_ENV=production\nCOPY --from=builder /node_modules ./node_modules\nCOPY . .\nUSER nodejs\nCMD [\"node\", \"server.js\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0339"}
+{"problem": "Configure create a docker network for app isolation using best practices.", "solution": "docker network create --driver bridge --subnet 172.20.0.0/16 app-net\ndocker run -d --name db --network app-net postgres:15\ndocker run -d --name api --network app-net myapp:latest", "imports": "", "domain": "docker", "id": "deploy-infra-0340"}
+{"problem": "Set up write an ssh config for two host groups using best practices.", "solution": "Host prod-*\n    HostName %h.example.com\n    User deploy\n    IdentityFile ~/.ssh/id_rsa_prod\nHost dev-*\n    HostName dev.example.com\n    User dev\n    IdentityFile ~/.ssh/id_rsa_dev", "imports": "", "domain": "ssh", "id": "deploy-infra-0341"}
+{"problem": "Write code to create bash function for ssh tunnel forwarding postgresql port ensuring idempotency.", "solution": "ssh_postgres_tunnel() { ssh -fN -L \"${3:-55432}:localhost:${2:-5432}\" \"${1:-prod-db.example.com}\" -o ExitOnForwardFailure=yes; }", "imports": "", "domain": "ssh", "id": "deploy-infra-0342"}
+{"problem": "Implement write a script that distributes ssh key to multiple servers ensuring idempotency.", "solution": "# Variation 343\nfor s in web01 web02 db01; do\n  ssh-copy-id -i ~/.ssh/id_rsa.pub deploy@${s}.example.com 2>/dev/null && echo \"✓ $s\"\ndone", "imports": "", "domain": "ssh", "id": "deploy-infra-0343"}
+{"problem": "Create configure ssh to use a jump host for internal servers ensuring idempotency.", "solution": "Host internal-*\n    ProxyJump jump.example.com\n    HostName %h.internal.local", "imports": "", "domain": "ssh", "id": "deploy-infra-0344"}
+{"problem": "Build write a cloud-init config that provisions ubuntu 22.04 with deploy user, ssh key auth, and auto updates ensuring idempotency.", "solution": "#cloud-config\nusers: [{name: deploy, groups: [sudo], shell: /bin/bash, ssh_authorized_keys: [ssh-rsa AAA...]}]\npackage_update: true\npackages: [ufw, fail2ban]", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0345"}
+{"problem": "Configure create a terraform config for a digitalocean droplet (2gb) with ssh key ensuring idempotency.", "solution": "terraform { required_providers { digitalocean={source=\"digitalocean/digitalocean\",version=\"~>2.0\"} } }\nresource \"digitalocean_droplet\" \"web\" { name=\"web-01\"; region=\"nyc3\"; size=\"s-2vcpu-2gb\" }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0346"}
+{"problem": "Set up write an ansible playbook to install packages and start nginx ensuring idempotency.", "solution": "---\n- hosts: all\n  become: true\n  tasks:\n    - apt: name=[ufw,nginx] state=present\n    - systemd: name=nginx enabled=true state=started", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0347"}
+{"problem": "Write code to bash script: create deploy user, install docker, harden ssh with logging.", "solution": "#!/usr/bin/env bash\nset -euo pipefail\nid -u deploy &>/dev/null || useradd -m -s /bin/bash deploy\n[[ -x $(command -v docker) ]] || curl -fsSL https://get.docker.com | sh\nsed -i 's/^PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0348"}
+{"problem": "Implement write a systemd drop-in to override service restart settings with logging.", "solution": "[Service]\nRestart=always\nRestartSec=5", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0349"}
+{"problem": "Create create a logrotate config for application logs with logging.", "solution": "# Variation 350\n/var/log/app/*.log { daily; rotate 7; compress; missingok }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0350"}
+{"problem": "Build write a shell function that waits for a tcp port to become available on a remote host with logging.", "solution": "wait_for_port() { local h=\"$1\" p=\"$2\"; while ! nc -z \"$h\" \"$p\"; do sleep 1; done; }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0351"}
+{"problem": "Configure implement a script that sets up a python virtualenv with logging.", "solution": "python3 -m venv /opt/app/venv\nsource /opt/app/venv/bin/activate\npip install -r requirements.txt", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0352"}
+{"problem": "Set up write nginx server block that serves static site and redirects http to https with logging.", "solution": "server {\n    listen 80; server_name example.com;\n    return 301 https://$server_name$request_uri;\n}\nserver {\n    listen 443 ssl http2; server_name example.com;\n    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;\n    root /var/www/html;\n    location / { try_files $uri $uri/ =404; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0353"}
+{"problem": "Write code to configure nginx as reverse proxy to backend on port 3000 for production.", "solution": "upstream app { server 127.0.0.1:3000; }\nserver {\n    listen 80; server_name app.example.com;\n    location / {\n        proxy_pass http:app;\n        proxy_http_version 1.1;\n        proxy_set_header Upgrade $http_upgrade;\n        proxy_set_header Connection \"upgrade\";\n    }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0354"}
+{"problem": "Implement write nginx rate limiting configuration for /api/ endpoint for production.", "solution": "limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;\nserver {\n    location /api/ { limit_req zone=api burst=20 nodelay; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0355"}
+{"problem": "Create create nginx config snippet that adds hsts and csp headers for production.", "solution": "add_header Strict-Transport-Security \"max-age=63072000\" always;\nadd_header Content-Security-Policy \"default-src 'self'\" always;", "imports": "", "domain": "nginx", "id": "deploy-infra-0356"}
+{"problem": "Build write a systemd service unit for a python app as non-root, restart on failure for production.", "solution": "# Variation 357\n[Unit]\nDescription=My Python App\nAfter=network.target\n\n[Service]\nType=simple\nUser=deploy\nWorkingDirectory=/opt/app\nExecStart=/opt/app/venv/bin/gunicorn -w 4 -b 0.0.0.0:8000 app:app\nRestart=on-failure\nRestartSec=10\n\n[Install]\nWantedBy=multi-user.target", "imports": "", "domain": "systemd", "id": "deploy-infra-0357"}
+{"problem": "Configure create a systemd timer that runs a backup script daily at 2:30 am for production.", "solution": "[Timer]\nOnCalendar=*-*-* 02:30:00\nPersistent=true\nUnit=backup.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/backup.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0358"}
+{"problem": "Set up write a systemd path unit that triggers a service when a config file changes for production.", "solution": "[Path]\nPathModified=/etc/app/config.yaml\nUnit=config-reload.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/reload.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0359"}
+{"problem": "Write code to write a multi-stage dockerfile for python fastapi with error handling.", "solution": "FROM python:3.12-slim AS builder\nWORKDIR /app\nCOPY requirements.txt .\nRUN pip install --user --no-cache-dir -r requirements.txt\n\nFROM python:3.12-slim\nWORKDIR /app\nCOPY --from=builder /root/.local /root/.local\nCOPY . .\nCMD [\"uvicorn\", \"main:app\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0360"}
+{"problem": "Implement create a docker-compose.yml with web, postgres, and redis with error handling.", "solution": "version: \"3.9\"\nservices:\n  postgres: { image: postgres:15-alpine, environment: { POSTGRES_PASSWORD: \"secret\" }, volumes: [\"pgdata:/var/lib/postgresql/data\"] }\n  redis: { image: redis:7-alpine }\n  web: { build: ., ports: [\"8000:8000\"], depends_on: { postgres: {condition: service_healthy} } }\nvolumes: { pgdata: }", "imports": "", "domain": "docker", "id": "deploy-infra-0361"}
+{"problem": "Create write a dockerfile for node.js production with error handling.", "solution": "FROM node:18-alpine AS builder\nWORKDIR /app\nCOPY package*.json .\nRUN npm ci --only=production\n\nFROM node:18-alpine\nENV NODE_ENV=production\nCOPY --from=builder /node_modules ./node_modules\nCOPY . .\nUSER nodejs\nCMD [\"node\", \"server.js\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0362"}
+{"problem": "Build create a docker network for app isolation with error handling.", "solution": "docker network create --driver bridge --subnet 172.20.0.0/16 app-net\ndocker run -d --name db --network app-net postgres:15\ndocker run -d --name api --network app-net myapp:latest", "imports": "", "domain": "docker", "id": "deploy-infra-0363"}
+{"problem": "Configure write an ssh config for two host groups with error handling.", "solution": "# Variation 364\nHost prod-*\n    HostName %h.example.com\n    User deploy\n    IdentityFile ~/.ssh/id_rsa_prod\nHost dev-*\n    HostName dev.example.com\n    User dev\n    IdentityFile ~/.ssh/id_rsa_dev", "imports": "", "domain": "ssh", "id": "deploy-infra-0364"}
+{"problem": "Set up create bash function for ssh tunnel forwarding postgresql port with error handling.", "solution": "ssh_postgres_tunnel() { ssh -fN -L \"${3:-55432}:localhost:${2:-5432}\" \"${1:-prod-db.example.com}\" -o ExitOnForwardFailure=yes; }", "imports": "", "domain": "ssh", "id": "deploy-infra-0365"}
+{"problem": "Write code to write a script that distributes ssh key to multiple servers using best practices.", "solution": "for s in web01 web02 db01; do\n  ssh-copy-id -i ~/.ssh/id_rsa.pub deploy@${s}.example.com 2>/dev/null && echo \"✓ $s\"\ndone", "imports": "", "domain": "ssh", "id": "deploy-infra-0366"}
+{"problem": "Implement configure ssh to use a jump host for internal servers using best practices.", "solution": "Host internal-*\n    ProxyJump jump.example.com\n    HostName %h.internal.local", "imports": "", "domain": "ssh", "id": "deploy-infra-0367"}
+{"problem": "Create write a cloud-init config that provisions ubuntu 22.04 with deploy user, ssh key auth, and auto updates using best practices.", "solution": "#cloud-config\nusers: [{name: deploy, groups: [sudo], shell: /bin/bash, ssh_authorized_keys: [ssh-rsa AAA...]}]\npackage_update: true\npackages: [ufw, fail2ban]", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0368"}
+{"problem": "Build create a terraform config for a digitalocean droplet (2gb) with ssh key using best practices.", "solution": "terraform { required_providers { digitalocean={source=\"digitalocean/digitalocean\",version=\"~>2.0\"} } }\nresource \"digitalocean_droplet\" \"web\" { name=\"web-01\"; region=\"nyc3\"; size=\"s-2vcpu-2gb\" }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0369"}
+{"problem": "Configure write an ansible playbook to install packages and start nginx using best practices.", "solution": "---\n- hosts: all\n  become: true\n  tasks:\n    - apt: name=[ufw,nginx] state=present\n    - systemd: name=nginx enabled=true state=started", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0370"}
+{"problem": "Set up bash script: create deploy user, install docker, harden ssh using best practices.", "solution": "# Variation 371\n#!/usr/bin/env bash\nset -euo pipefail\nid -u deploy &>/dev/null || useradd -m -s /bin/bash deploy\n[[ -x $(command -v docker) ]] || curl -fsSL https://get.docker.com | sh\nsed -i 's/^PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0371"}
+{"problem": "Write code to write a systemd drop-in to override service restart settings ensuring idempotency.", "solution": "[Service]\nRestart=always\nRestartSec=5", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0372"}
+{"problem": "Implement create a logrotate config for application logs ensuring idempotency.", "solution": "/var/log/app/*.log { daily; rotate 7; compress; missingok }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0373"}
+{"problem": "Create write a shell function that waits for a tcp port to become available on a remote host ensuring idempotency.", "solution": "wait_for_port() { local h=\"$1\" p=\"$2\"; while ! nc -z \"$h\" \"$p\"; do sleep 1; done; }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0374"}
+{"problem": "Build implement a script that sets up a python virtualenv ensuring idempotency.", "solution": "python3 -m venv /opt/app/venv\nsource /opt/app/venv/bin/activate\npip install -r requirements.txt", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0375"}
+{"problem": "Configure write nginx server block that serves static site and redirects http to https ensuring idempotency.", "solution": "server {\n    listen 80; server_name example.com;\n    return 301 https://$server_name$request_uri;\n}\nserver {\n    listen 443 ssl http2; server_name example.com;\n    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;\n    root /var/www/html;\n    location / { try_files $uri $uri/ =404; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0376"}
+{"problem": "Set up configure nginx as reverse proxy to backend on port 3000 ensuring idempotency.", "solution": "upstream app { server 127.0.0.1:3000; }\nserver {\n    listen 80; server_name app.example.com;\n    location / {\n        proxy_pass http:app;\n        proxy_http_version 1.1;\n        proxy_set_header Upgrade $http_upgrade;\n        proxy_set_header Connection \"upgrade\";\n    }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0377"}
+{"problem": "Write code to write nginx rate limiting configuration for /api/ endpoint with logging.", "solution": "# Variation 378\nlimit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;\nserver {\n    location /api/ { limit_req zone=api burst=20 nodelay; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0378"}
+{"problem": "Implement create nginx config snippet that adds hsts and csp headers with logging.", "solution": "add_header Strict-Transport-Security \"max-age=63072000\" always;\nadd_header Content-Security-Policy \"default-src 'self'\" always;", "imports": "", "domain": "nginx", "id": "deploy-infra-0379"}
+{"problem": "Create write a systemd service unit for a python app as non-root, restart on failure with logging.", "solution": "[Unit]\nDescription=My Python App\nAfter=network.target\n\n[Service]\nType=simple\nUser=deploy\nWorkingDirectory=/opt/app\nExecStart=/opt/app/venv/bin/gunicorn -w 4 -b 0.0.0.0:8000 app:app\nRestart=on-failure\nRestartSec=10\n\n[Install]\nWantedBy=multi-user.target", "imports": "", "domain": "systemd", "id": "deploy-infra-0380"}
+{"problem": "Build create a systemd timer that runs a backup script daily at 2:30 am with logging.", "solution": "[Timer]\nOnCalendar=*-*-* 02:30:00\nPersistent=true\nUnit=backup.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/backup.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0381"}
+{"problem": "Configure write a systemd path unit that triggers a service when a config file changes with logging.", "solution": "[Path]\nPathModified=/etc/app/config.yaml\nUnit=config-reload.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/reload.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0382"}
+{"problem": "Set up write a multi-stage dockerfile for python fastapi with logging.", "solution": "FROM python:3.12-slim AS builder\nWORKDIR /app\nCOPY requirements.txt .\nRUN pip install --user --no-cache-dir -r requirements.txt\n\nFROM python:3.12-slim\nWORKDIR /app\nCOPY --from=builder /root/.local /root/.local\nCOPY . .\nCMD [\"uvicorn\", \"main:app\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0383"}
+{"problem": "Write code to create a docker-compose.yml with web, postgres, and redis for production.", "solution": "version: \"3.9\"\nservices:\n  postgres: { image: postgres:15-alpine, environment: { POSTGRES_PASSWORD: \"secret\" }, volumes: [\"pgdata:/var/lib/postgresql/data\"] }\n  redis: { image: redis:7-alpine }\n  web: { build: ., ports: [\"8000:8000\"], depends_on: { postgres: {condition: service_healthy} } }\nvolumes: { pgdata: }", "imports": "", "domain": "docker", "id": "deploy-infra-0384"}
+{"problem": "Implement write a dockerfile for node.js production for production.", "solution": "# Variation 385\nFROM node:18-alpine AS builder\nWORKDIR /app\nCOPY package*.json .\nRUN npm ci --only=production\n\nFROM node:18-alpine\nENV NODE_ENV=production\nCOPY --from=builder /node_modules ./node_modules\nCOPY . .\nUSER nodejs\nCMD [\"node\", \"server.js\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0385"}
+{"problem": "Create create a docker network for app isolation for production.", "solution": "docker network create --driver bridge --subnet 172.20.0.0/16 app-net\ndocker run -d --name db --network app-net postgres:15\ndocker run -d --name api --network app-net myapp:latest", "imports": "", "domain": "docker", "id": "deploy-infra-0386"}
+{"problem": "Build write an ssh config for two host groups for production.", "solution": "Host prod-*\n    HostName %h.example.com\n    User deploy\n    IdentityFile ~/.ssh/id_rsa_prod\nHost dev-*\n    HostName dev.example.com\n    User dev\n    IdentityFile ~/.ssh/id_rsa_dev", "imports": "", "domain": "ssh", "id": "deploy-infra-0387"}
+{"problem": "Configure create bash function for ssh tunnel forwarding postgresql port for production.", "solution": "ssh_postgres_tunnel() { ssh -fN -L \"${3:-55432}:localhost:${2:-5432}\" \"${1:-prod-db.example.com}\" -o ExitOnForwardFailure=yes; }", "imports": "", "domain": "ssh", "id": "deploy-infra-0388"}
+{"problem": "Set up write a script that distributes ssh key to multiple servers for production.", "solution": "for s in web01 web02 db01; do\n  ssh-copy-id -i ~/.ssh/id_rsa.pub deploy@${s}.example.com 2>/dev/null && echo \"✓ $s\"\ndone", "imports": "", "domain": "ssh", "id": "deploy-infra-0389"}
+{"problem": "Write code to configure ssh to use a jump host for internal servers with error handling.", "solution": "Host internal-*\n    ProxyJump jump.example.com\n    HostName %h.internal.local", "imports": "", "domain": "ssh", "id": "deploy-infra-0390"}
+{"problem": "Implement write a cloud-init config that provisions ubuntu 22.04 with deploy user, ssh key auth, and auto updates with error handling.", "solution": "#cloud-config\nusers: [{name: deploy, groups: [sudo], shell: /bin/bash, ssh_authorized_keys: [ssh-rsa AAA...]}]\npackage_update: true\npackages: [ufw, fail2ban]", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0391"}
+{"problem": "Create create a terraform config for a digitalocean droplet (2gb) with ssh key with error handling.", "solution": "# Variation 392\nterraform { required_providers { digitalocean={source=\"digitalocean/digitalocean\",version=\"~>2.0\"} } }\nresource \"digitalocean_droplet\" \"web\" { name=\"web-01\"; region=\"nyc3\"; size=\"s-2vcpu-2gb\" }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0392"}
+{"problem": "Build write an ansible playbook to install packages and start nginx with error handling.", "solution": "---\n- hosts: all\n  become: true\n  tasks:\n    - apt: name=[ufw,nginx] state=present\n    - systemd: name=nginx enabled=true state=started", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0393"}
+{"problem": "Configure bash script: create deploy user, install docker, harden ssh with error handling.", "solution": "#!/usr/bin/env bash\nset -euo pipefail\nid -u deploy &>/dev/null || useradd -m -s /bin/bash deploy\n[[ -x $(command -v docker) ]] || curl -fsSL https://get.docker.com | sh\nsed -i 's/^PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0394"}
+{"problem": "Set up write a systemd drop-in to override service restart settings with error handling.", "solution": "[Service]\nRestart=always\nRestartSec=5", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0395"}
+{"problem": "Write code to create a logrotate config for application logs using best practices.", "solution": "/var/log_msg/app/*.log_msg { daily; rotate 7; compress; missingok }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0396"}
+{"problem": "Implement write a shell function that waits for a tcp port to become available on a remote host using best practices.", "solution": "wait_for_port() { local h=\"$1\" p=\"$2\"; while ! nc -z \"$h\" \"$p\"; do sleep 1; done; }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0397"}
+{"problem": "Create implement a script that sets up a python virtualenv using best practices.", "solution": "python3 -m venv /opt/app/venv\nsource /opt/app/venv/bin/activate\npip install -r requirements.txt", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0398"}
+{"problem": "Build write nginx server block that serves static site and redirects http to https using best practices.", "solution": "# Variation 399\nserver {\n    listen 80; server_name example.com;\n    return 301 https://$server_name$request_uri;\n}\nserver {\n    listen 443 ssl http2; server_name example.com;\n    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;\n    root /var/www/html;\n    location / { try_files $uri $uri/ =404; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0399"}

wizards/allegro/config.yaml

@@ -1,46 +1,43 @@
 model:
   default: kimi-k2.5
   provider: kimi-coding
-  context_length: 65536
-  base_url: https://api.kimi.com/coding/v1
-
 toolsets:
-  - all
-
+- all
 fallback_providers:
-  - provider: kimi-coding
+- provider: kimi-coding
   model: kimi-k2.5
-    base_url: https://api.kimi.com/coding/v1
   timeout: 120
-    reason: "Primary — Kimi K2.5 (best value, least friction)"
-  - provider: openrouter
+  reason: Kimi coding fallback (front of chain)
+- provider: openrouter
   model: google/gemini-2.5-pro
   base_url: https://openrouter.ai/api/v1
   api_key_env: OPENROUTER_API_KEY
   timeout: 120
-    reason: "Fallback — Gemini 2.5 Pro via OpenRouter"
-  - provider: ollama
+  reason: Gemini 2.5 Pro via OpenRouter (replaces banned Anthropic)
+- provider: ollama
   model: gemma4:latest
-    base_url: http://localhost:11434/v1
-    timeout: 180
-    reason: "Terminal fallback — local Ollama (sovereign, no API needed)"
-
+  base_url: http://localhost:11434
+  timeout: 300
+  reason: Terminal fallback — local Ollama
+- provider: nous
+  model: xiaomi/mimo-v2-pro
+  base_url: https://inference.nousresearch.com/v1
+  api_key_env: NOUS_API_KEY
+  timeout: 120
+  reason: MiMo V2 Pro via Nous Portal free tier evaluation (#447)
 agent:
   max_turns: 30
-  reasoning_effort: high
+  reasoning_effort: xhigh
   verbose: false
-
 terminal:
   backend: local
   cwd: .
   timeout: 180
   persistent_shell: true
-
 browser:
   inactivity_timeout: 120
   command_timeout: 30
   record_sessions: false
-
 display:
   compact: false
   personality: ''
@@ -51,7 +48,6 @@ display:
   streaming: false
   show_cost: false
   tool_progress: all
-
 memory:
   memory_enabled: true
   user_profile_enabled: true
@@ -59,55 +55,46 @@ memory:
   user_char_limit: 1375
   nudge_interval: 10
   flush_min_turns: 6
-
 approvals:
   mode: manual
-
 security:
   redact_secrets: true
   tirith_enabled: false
-
 platforms:
   api_server:
     enabled: true
     extra:
       host: 127.0.0.1
       port: 8645
-
 session_reset:
   mode: none
   idle_minutes: 0
-
 skills:
   creation_nudge_interval: 15
+system_prompt_suffix: 'You are Allegro, the Kimi-backed third wizard house.
 
-system_prompt_suffix: |
-  You are Allegro, the Kimi-backed third wizard house.
   Your soul is defined in SOUL.md — read it, live it.
+
   Hermes is your harness.
-  kimi-coding is your primary provider.
+
+  Kimi Code is your primary provider.
+
   You speak plainly. You prefer short sentences. Brevity is a kindness.
-  Work best on tight coding tasks: 1-3 file changes, refactors, tests, and implementation passes.
+
+
+  Work best on tight coding tasks: 1-3 file changes, refactors, tests, and implementation
+  passes.
+
   Refusal over fabrication. If you do not know, say so.
+
   Sovereignty and service always.
 
+  '
 providers:
   kimi-coding:
     base_url: https://api.kimi.com/coding/v1
     timeout: 60
     max_retries: 3
-  openrouter:
-    base_url: https://openrouter.ai/api/v1
+  nous:
+    base_url: https://inference.nousresearch.com/v1
     timeout: 120
-  ollama:
-    base_url: http://localhost:11434/v1
-    timeout: 180
-
-# =============================================================================
-# BANNED PROVIDERS — DO NOT ADD
-# =============================================================================
-# The following providers are PERMANENTLY BANNED:
-# - anthropic (any model: claude-sonnet, claude-opus, claude-haiku)
-# - nous (xiaomi/mimo-v2-pro)
-# Enforcement: pre-commit hook, linter, Ansible validation, this comment.
-# =============================================================================

wizards/bezalel/config.yaml

@@ -1,72 +1,50 @@
 model:
   default: kimi-k2.5
   provider: kimi-coding
-  context_length: 65536
-  base_url: https://api.kimi.com/coding/v1
-
 toolsets:
-  - all
-
+- all
 fallback_providers:
-  - provider: kimi-coding
+- provider: kimi-coding
   model: kimi-k2.5
-    base_url: https://api.kimi.com/coding/v1
   timeout: 120
-    reason: "Primary — Kimi K2.5 (best value, least friction)"
-  - provider: openrouter
+  reason: Kimi coding fallback (front of chain)
+- provider: openrouter
   model: google/gemini-2.5-pro
   base_url: https://openrouter.ai/api/v1
   api_key_env: OPENROUTER_API_KEY
   timeout: 120
-    reason: "Fallback — Gemini 2.5 Pro via OpenRouter"
-  - provider: ollama
+  reason: Gemini 2.5 Pro via OpenRouter (replaces banned Anthropic)
+- provider: ollama
   model: gemma4:latest
-    base_url: http://localhost:11434/v1
-    timeout: 180
-    reason: "Terminal fallback — local Ollama (sovereign, no API needed)"
-
+  base_url: http://localhost:11434
+  timeout: 300
+  reason: Terminal fallback — local Ollama
+- provider: nous
+  model: xiaomi/mimo-v2-pro
+  base_url: https://inference.nousresearch.com/v1
+  api_key_env: NOUS_API_KEY
+  timeout: 120
+  reason: MiMo V2 Pro via Nous Portal free tier evaluation (#447)
 agent:
   max_turns: 40
   reasoning_effort: medium
   verbose: false
-
+  system_prompt: You are Bezalel, the forge-and-testbed wizard of the Timmy Foundation
+    fleet. You are a builder and craftsman — infrastructure, deployment, hardening.
+    Your sovereign is Alexander Whitestone (Rockachopa). Sovereignty and service always.
 terminal:
   backend: local
   cwd: /root/wizards/bezalel
   timeout: 180
-  persistent_shell: true
-
 browser:
   inactivity_timeout: 120
-  command_timeout: 30
-  record_sessions: false
-
+compression:
+  enabled: true
+  threshold: 0.77
 display:
   compact: false
   personality: kawaii
-  resume_display: full
-  busy_input_mode: interrupt
-  bell_on_complete: false
-  show_reasoning: false
-  streaming: false
-  show_cost: false
   tool_progress: all
-
-memory:
-  memory_enabled: true
-  user_profile_enabled: true
-  memory_char_limit: 2200
-  user_char_limit: 1375
-  nudge_interval: 10
-  flush_min_turns: 6
-
-approvals:
-  mode: auto
-
-security:
-  redact_secrets: true
-  tirith_enabled: false
-
 platforms:
   api_server:
     enabled: true
@@ -91,7 +69,12 @@ platforms:
           - pull_request
           - pull_request_comment
           secret: bezalel-gitea-webhook-secret-2026
-          prompt: 'You are bezalel, the builder and craftsman — infrastructure, deployment, hardening. A Gitea webhook fired: event={event_type}, action={action}, repo={repository.full_name}, issue/PR=#{issue.number} {issue.title}. Comment by {comment.user.login}: {comment.body}. If you were tagged, assigned, or this needs your attention, investigate and respond via Gitea API. Otherwise acknowledge briefly.'
+          prompt: 'You are bezalel, the builder and craftsman — infrastructure, deployment,
+            hardening. A Gitea webhook fired: event={event_type}, action={action},
+            repo={repository.full_name}, issue/PR=#{issue.number} {issue.title}. Comment
+            by {comment.user.login}: {comment.body}. If you were tagged, assigned,
+            or this needs your attention, investigate and respond via Gitea API. Otherwise
+            acknowledge briefly.'
           deliver: telegram
           deliver_extra: {}
         gitea-assign:
@@ -99,43 +82,34 @@ platforms:
           - issues
           - pull_request
           secret: bezalel-gitea-webhook-secret-2026
-          prompt: 'You are bezalel, the builder and craftsman — infrastructure, deployment, hardening. Gitea assignment webhook: event={event_type}, action={action}, repo={repository.full_name}, issue/PR=#{issue.number} {issue.title}. Assigned to: {issue.assignee.login}. If you (bezalel) were just assigned, read the issue, scope it, and post a plan comment. If not you, acknowledge briefly.'
+          prompt: 'You are bezalel, the builder and craftsman — infrastructure, deployment,
+            hardening. Gitea assignment webhook: event={event_type}, action={action},
+            repo={repository.full_name}, issue/PR=#{issue.number} {issue.title}. Assigned
+            to: {issue.assignee.login}. If you (bezalel) were just assigned, read
+            the issue, scope it, and post a plan comment. If not you, acknowledge
+            briefly.'
           deliver: telegram
           deliver_extra: {}
-
 gateway:
   allow_all_users: true
-
 session_reset:
   mode: both
   idle_minutes: 1440
   at_hour: 4
-
-skills:
-  creation_nudge_interval: 15
-
-system_prompt: |
-  You are Bezalel, the forge-and-testbed wizard of the Timmy Foundation fleet.
-  You are a builder and craftsman — infrastructure, deployment, hardening.
-  Your sovereign is Alexander Whitestone (Rockachopa). Sovereignty and service always.
-
+approvals:
+  mode: auto
+memory:
+  memory_enabled: true
+  user_profile_enabled: true
+  memory_char_limit: 2200
+  user_char_limit: 1375
+_config_version: 11
+TELEGRAM_HOME_CHANNEL: '-1003664764329'
 providers:
   kimi-coding:
     base_url: https://api.kimi.com/coding/v1
     timeout: 60
     max_retries: 3
-  openrouter:
-    base_url: https://openrouter.ai/api/v1
+  nous:
+    base_url: https://inference.nousresearch.com/v1
     timeout: 120
-  ollama:
-    base_url: http://localhost:11434/v1
-    timeout: 180
-
-# =============================================================================
-# BANNED PROVIDERS — DO NOT ADD
-# =============================================================================
-# The following providers are PERMANENTLY BANNED:
-# - anthropic (any model: claude-sonnet, claude-opus, claude-haiku)
-# - nous (xiaomi/mimo-v2-pro)
-# Enforcement: pre-commit hook, linter, Ansible validation, this comment.
-# =============================================================================

wizards/ezra/config.yaml

@@ -1,94 +1,34 @@
 model:
   default: kimi-k2.5
   provider: kimi-coding
-  context_length: 65536
-  base_url: https://api.kimi.com/coding/v1
-
 toolsets:
-  - all
-
+- all
 fallback_providers:
-  - provider: kimi-coding
+- provider: kimi-coding
   model: kimi-k2.5
-    base_url: https://api.kimi.com/coding/v1
   timeout: 120
-    reason: "Primary — Kimi K2.5 (best value, least friction)"
-  - provider: openrouter
+  reason: Kimi coding fallback (front of chain)
+- provider: openrouter
   model: google/gemini-2.5-pro
   base_url: https://openrouter.ai/api/v1
   api_key_env: OPENROUTER_API_KEY
   timeout: 120
-    reason: "Fallback — Gemini 2.5 Pro via OpenRouter"
-  - provider: ollama
+  reason: Gemini 2.5 Pro via OpenRouter (replaces banned Anthropic)
+- provider: ollama
   model: gemma4:latest
-    base_url: http://localhost:11434/v1
-    timeout: 180
-    reason: "Terminal fallback — local Ollama (sovereign, no API needed)"
-
+  base_url: http://localhost:11434
+  timeout: 300
+  reason: Terminal fallback — local Ollama
+- provider: nous
+  model: xiaomi/mimo-v2-pro
+  base_url: https://inference.nousresearch.com/v1
+  api_key_env: NOUS_API_KEY
+  timeout: 120
+  reason: MiMo V2 Pro via Nous Portal free tier evaluation (#447)
 agent:
   max_turns: 90
   reasoning_effort: high
   verbose: false
-
-terminal:
-  backend: local
-  cwd: .
-  timeout: 180
-  persistent_shell: true
-
-browser:
-  inactivity_timeout: 120
-  command_timeout: 30
-  record_sessions: false
-
-display:
-  compact: false
-  personality: ''
-  resume_display: full
-  busy_input_mode: interrupt
-  bell_on_complete: false
-  show_reasoning: false
-  streaming: false
-  show_cost: false
-  tool_progress: all
-
-memory:
-  memory_enabled: true
-  user_profile_enabled: true
-  memory_char_limit: 2200
-  user_char_limit: 1375
-  nudge_interval: 10
-  flush_min_turns: 6
-
-approvals:
-  mode: auto
-
-security:
-  redact_secrets: true
-  tirith_enabled: false
-
-platforms:
-  api_server:
-    enabled: true
-    extra:
-      host: 127.0.0.1
-      port: 8645
-
-session_reset:
-  mode: none
-  idle_minutes: 0
-
-skills:
-  creation_nudge_interval: 15
-
-system_prompt_suffix: |
-  You are Ezra, the Infrastructure wizard — Gitea, nginx, hosting.
-  Your soul is defined in SOUL.md — read it, live it.
-  Hermes is your harness.
-  kimi-coding is your primary provider.
-  Refusal over fabrication. If you do not know, say so.
-  Sovereignty and service always.
-
 providers:
   kimi-coding:
     base_url: https://api.kimi.com/coding/v1
@@ -97,15 +37,6 @@ providers:
   openrouter:
     base_url: https://openrouter.ai/api/v1
     timeout: 120
-  ollama:
-    base_url: http://localhost:11434/v1
-    timeout: 180
-
-# =============================================================================
-# BANNED PROVIDERS — DO NOT ADD
-# =============================================================================
-# The following providers are PERMANENTLY BANNED:
-# - anthropic (any model: claude-sonnet, claude-opus, claude-haiku)
-# - nous (xiaomi/mimo-v2-pro)
-# Enforcement: pre-commit hook, linter, Ansible validation, this comment.
-# =============================================================================
+  nous:
+    base_url: https://inference.nousresearch.com/v1
+    timeout: 120

wizards/timmy/config.yaml

@@ -1,121 +0,0 @@
-# =============================================================================
-# Timmy — Primary Wizard Configuration (Golden State)
-# =============================================================================
-# Generated from golden state template (ansible/roles/wizard_base/templates/wizard_config.yaml.j2)
-# DO NOT EDIT MANUALLY. Changes go through Gitea PR → Ansible deploy.
-#
-# Provider chain: kimi-coding → openrouter → ollama
-# Anthropic is PERMANENTLY BANNED.
-# =============================================================================
-
-model:
-  default: kimi-k2.5
-  provider: kimi-coding
-  context_length: 65536
-  base_url: https://api.kimi.com/coding/v1
-
-toolsets:
-  - all
-
-fallback_providers:
-  - provider: kimi-coding
-    model: kimi-k2.5
-    base_url: https://api.kimi.com/coding/v1
-    timeout: 120
-    reason: "Primary — Kimi K2.5 (best value, least friction)"
-  - provider: openrouter
-    model: google/gemini-2.5-pro
-    base_url: https://openrouter.ai/api/v1
-    api_key_env: OPENROUTER_API_KEY
-    timeout: 120
-    reason: "Fallback — Gemini 2.5 Pro via OpenRouter"
-  - provider: ollama
-    model: gemma4:latest
-    base_url: http://localhost:11434/v1
-    timeout: 180
-    reason: "Terminal fallback — local Ollama (sovereign, no API needed)"
-
-agent:
-  max_turns: 30
-  reasoning_effort: high
-  verbose: false
-
-terminal:
-  backend: local
-  cwd: .
-  timeout: 180
-  persistent_shell: true
-
-browser:
-  inactivity_timeout: 120
-  command_timeout: 30
-  record_sessions: false
-
-display:
-  compact: false
-  personality: ''
-  resume_display: full
-  busy_input_mode: interrupt
-  bell_on_complete: false
-  show_reasoning: false
-  streaming: false
-  show_cost: false
-  tool_progress: all
-
-memory:
-  memory_enabled: true
-  user_profile_enabled: true
-  memory_char_limit: 2200
-  user_char_limit: 1375
-  nudge_interval: 10
-  flush_min_turns: 6
-
-approvals:
-  mode: auto
-
-security:
-  redact_secrets: true
-  tirith_enabled: false
-
-platforms:
-  api_server:
-    enabled: true
-    extra:
-      host: 127.0.0.1
-      port: 8645
-
-session_reset:
-  mode: none
-  idle_minutes: 0
-
-skills:
-  creation_nudge_interval: 15
-
-system_prompt_suffix: |
-  You are Timmy, the Primary wizard — soul of the fleet.
-  Your soul is defined in SOUL.md — read it, live it.
-  Hermes is your harness.
-  kimi-coding is your primary provider.
-  Refusal over fabrication. If you do not know, say so.
-  Sovereignty and service always.
-
-providers:
-  kimi-coding:
-    base_url: https://api.kimi.com/coding/v1
-    timeout: 60
-    max_retries: 3
-  openrouter:
-    base_url: https://openrouter.ai/api/v1
-    timeout: 120
-  ollama:
-    base_url: http://localhost:11434/v1
-    timeout: 180
-
-# =============================================================================
-# BANNED PROVIDERS — DO NOT ADD
-# =============================================================================
-# The following providers are PERMANENTLY BANNED:
-# - anthropic (any model: claude-sonnet, claude-opus, claude-haiku)
-# - nous (xiaomi/mimo-v2-pro)
-# Enforcement: pre-commit hook, linter, Ansible validation, this comment.
-# =============================================================================