Making TSUNAGI operable by normal humans
A node you can't safely operate is a node you can't trust. Guardian wraps the exact procedures that shipped every canonical block — deploy, verify, roll back, recover — into one console, with verification built in and foot-guns removed.
One deliberate decision shapes everything here: this website can read the
node; it can never control it. The dashboard consumes a published status
file. All state-changing operations — rollback, restart, upgrade — happen through
guardianctl on the relay itself, over SSH, with an explicit typed
confirmation. A block producer holds keys; a "one-click rollback" button on a public
web page would be a hole, not a feature. One click on the machine, zero clicks on
the internet.
Shows the current binary (sha-verified against the live process), the full rollback chain, and snapshots. Rollback is one command: auto-snapshot, stop, swap, sha-verify, restart, verify again. Environment, keys and opcert state are never touched.
Pass/warn checks against the proven-good baseline: process up, zero spawn failures, zero disconnect churn, live sigma source, parked serve connection present, status endpoint answering.
Scans the recent log for the signature of every known incident in the KINTSUGI catalogue (INC-001…INC-013). A failure the node has seen before is identified in seconds, with its incident file — nobody debugs the same bug twice.
Takes a release tarball and its expected SHA-256. Extracts, verifies, snapshots the current binary, swaps, restarts, verifies the running process. A sha mismatch refuses at every stage — an unverified binary cannot reach the forge path.
Restart (same binary), snapshot (preserve current), rollback (any chain entry). State rebuild and snapshot-restore follow the documented recovery procedure shipped with the node.
The read-only generator behind the live dashboard: process facts from /proc, chain facts from the node's own status endpoint, health counters from the forge log. If it can't read a value, the dashboard says "unavailable".
$ guardianctl health
== TSUNAGI Guardian — health ==
OK process running (pid 2588672)
OK spawn_fail = 0
OK disconnect churn = 0
OK intersect not_found = 0
OK sigma source = stake_source (live)
OK parked serve connection active
OK node status endpoint responding
$ guardianctl diagnose
== TSUNAGI Guardian — diagnose (KINTSUGI signature scan) ==
clean — no known incident signature in recent log
Honest status: TSUNAGI today runs as a single operator-deployed installation on
Cardano Preview, deployed from sha-verified bundles using the same procedure
guardianctl upgrade automates. A public one-command install
(beginner mode: guided; advanced mode: verified tarball + checksums) ships with the
first public release — it will be announced here, and not before it's real.