Managed Site Module

The Managed Site module turns a Doh instance into a remotely manageable agent with secure cloud anchoring, persistent connections, and a rich remote command system.

Quick start

1. Set cloud endpoint

doh cloud endpoint https://deploydoh.com

2. Anchor your instance

# To your own account
doh cloud anchor

# Or anchor on behalf of another user (requires manage:cloud_anchoring)
doh cloud anchor-as user@example.com

3. Verify status

curl http://localhost:3000/api/managed_site/status

4. Optional: enable MCP tooling control (for remote targets)

# boot.pod.yaml or pod.yaml
cloud:
  mcp_controllable: true

Then start your local MCP server: doh mcp. See MCP Integration.

Table of contents

• Overview and core features
• Installation and configuration
• Concepts: how it fits together
• Cloud Anchoring
• MCP Integration
• Reverse Proxy Integration
• Remote Command System
  • Core, Transfer, SSH
  • Database commands
  • Backup commands
  • Command execution flow
• Smart Sync (with dohball processing)
• Git Commands
• Database Commands
• Backup System
• SSL/Let's Encrypt Integration
• Redbird Proxy Management
• SSH Terminal Access
• Connection management and health
• Error handling
• CLI commands
• API reference
• Global functions
• Development guide
• File structure
• Security considerations
• Troubleshooting
• Related documentation

Overview and core features

• Cloud Anchoring: One-time credential exchange for persistent cloud connectivity
• Token-Based Security: Secure authentication tokens with restricted file storage
• Persistent Connections: WebSocket-based real-time communication with cloud managers
• Remote Command Execution: 70+ commands for file, git, database, backup, and system operations
• Smart Sync & Transfers: Chunked transfers, MD5-based comparison, dohball cleanup
• Git Integration: Secure remote Git repository management
• Database Management: Remote Dataforge database browsing, queries, and sync
• Backup System: Automated database backups with retention, restore, and cross-instance mirroring
• SSL/Let's Encrypt: Certificate status monitoring and renewal (when greenlockcli active)
• Redbird Proxy: Multi-site proxy management (when redbird active)
• Health Monitoring: Status endpoint, heartbeat, health checks
• Admin Interface: Web UI for anchoring and management
• CLI Integration: Commands for endpoint setup and anchoring
• MCP Integration: Optional developer tooling control (opt-in)
• Reverse Proxy Support: Optional proxy mode for instances behind cloud manager

Installation and configuration

Auto-loading

host_load:
  - managed_site

Configuration options

cloud:
  endpoint: 'https://deploydoh.com'          # Cloud manager endpoint
  token_storage_path: '/.doh/cloud_auth_token'  # Auth token location
  cloud_anchor_path: '/.doh/cloud-anchor.json'  # Persistent fingerprint storage
  connection_timeout: 30000                  # Connection timeout (30s)
  reconnect_interval: 5000                   # Reconnection interval (5s)
  heartbeat_interval: 60000                  # Heartbeat frequency (1m)
  mcp_controllable: false                    # Enable MCP remote control (SECURITY: defaults to false)

  reverse_proxy:                             # Reverse proxy configuration (optional)
    enabled: true                            # Enable reverse proxy through cloud manager
    external_port: 4443                      # External port on cloud manager for this instance
  
  file_sync:                                 # Advanced file transfer settings
    max_chunk_size: 1048576                  # 1MB chunks
    min_chunk_size: 65536                    # 64KB minimum
    max_concurrent_transfers: 3              # Concurrent transfers
    transfer_timeout: 3600000                # 1 hour timeout
    integrity_check: true                    # Enable SHA256 checksums for verification
    md5_cache_enabled: true                  # Enable MD5 sync status cache for bandwidth conservation
    resume_support: true                     # Resumable transfers
    rate_limit: 10485760                     # 10MB/s rate limit
    retry_attempts: 3                        # Retry attempts
    retry_delay: 5000                        # Initial retry delay
    temp_dir: '/.doh/temp/transfers'         # Staging directory
    progress_interval: 1000                  # Progress updates (1s)
    cleanup_interval: 3600000                # Cleanup interval (1h)
    max_session_age: 86400000                # Max session age (24h)

Concepts: how it fits together

• Cloud Anchoring provisions a long-lived token and fingerprint so the instance can authenticate to the cloud manager.
• Connection management uses a persistent socket with heartbeats, retries, and circuit breakers.
• Remote command system executes file, git, tty, and sync operations through the socket with validation and auditing.
• Smart Sync compares content via MD5 (with line-ending normalization) and cleans directories via dohball specifications.
• MCP Integration (opt-in) routes MCP actions over the same secure connection for developer tools.

Cross-links: Cloud Anchoring → MCP Integration; Remote Command System → Smart Sync and Git; Connection Management → Error Handling.

Cloud Anchoring

Security model

• One-time credentials, then token-based auth with 0600 file permissions
• Immediate credential memory clearing
• JWT validation with expiration checks

Anchoring methods

Web UI

1. Visit http://your-instance/admin/cloud-connect
2. Enter credentials and click Anchor Instance

CLI

doh cloud anchor
doh cloud anchor-as user@example.com

Programmatic

const isAnchored = await Doh.CloudAnchoring.isInstanceAnchored();
const res1 = await Doh.CloudAnchoring.performCloudAnchoring(username, password);
const res2 = await Doh.CloudAnchoring.performCloudAnchoringAs(requestingUsername, requestingPassword, targetUserEmail);
await Doh.CloudAnchoring.clearSiteAuthToken();

Cloud anchoring endpoints

POST /admin/cloud-connect

{ "username": "user@example.com", "password": "your-password" }

Response

{ "success": true, "message": "Instance successfully anchored to Doh Cloud account", "anchored": true }

POST /admin/cloud-connect/clear

{}

Response

{ "success": true, "message": "Cloud anchoring and persistent fingerprint cleared successfully" }

GET /admin/cloud-connect returns the HTML management UI.

See also: CLI commands and API reference.

MCP Integration

MCP adds developer tooling on top of Managed Site. There are two distinct roles:

• MCP Client (tools) side: your local MCP server started with doh mcp. If this machine is cloud‑anchored, it also connects to the cloud manager and gains access to your controllable remote instances.
• MCP‑Controllable Instance (target) side: a remote instance that opts into being controlled by setting cloud.mcp_controllable: true. These instances appear in cloud tools and accept MCP commands relayed via the cloud.

Key behaviors

• Localhost does not need to set mcp_controllable to use cloud tools; it is native to your MCP client.
• Starting doh mcp on a cloud‑anchored machine will connect that MCP client to the cloud automatically (using the managed_site token), enabling access to your controllable instances.
• Multiple MCP clients can connect to the cloud simultaneously; any of them can control instances that are marked controllable and visible to that user.

Enable remote control explicitly on a target instance

cloud:
  mcp_controllable: true

How it works

• Run doh mcp on your development machine. If anchored, it also connects to the cloud as an MCP client.
• Remote instances must be anchored and have cloud.mcp_controllable: true to be listed and controllable.
• Instances receive MCP commands as mcp_command events over their existing cloud socket; handlers execute and return results.
• All actions are authenticated, filtered by ownership/visibility, and logged.

Supported MCP commands

Registered capabilities

• logs - Log streaming
• restart - Instance restart
• filesync - File synchronization
• commands - Shell command execution
• status - Status information
• git - Git operations

Security

• Explicit opt-in (mcp_controllable: true required)
• Runtime validation of MCP enablement
• Filtered listings (only controllable instances visible)
• Authenticated commands via siteAuthToken
• Command logging with user attribution

See: MCP_CLOUD_INTEGRATION.md.

Reverse Proxy Integration

When a managed instance is configured with cloud.reverse_proxy.enabled: true, the cloud manager acts as a reverse proxy, allowing external clients to access the instance without direct network exposure.

How it works

The cloud manager creates an HTTPS server with Socket.IO support on the configured external_port for each proxied instance. All HTTP requests and Socket.IO events are forwarded to the managed instance via the existing secure WebSocket connection.

HTTP Request Flow:

1. Client makes HTTP request to https://cloud-manager:external_port/path
2. Cloud manager sends proxy_http_request event to managed instance via socket
3. Managed instance creates Express-compatible mock request/response objects
4. Request is processed through the instance's express_router
5. Response is sent back via socket callback
6. Cloud manager forwards response to client

Socket.IO Event Flow:

1. Client connects to Socket.IO at https://cloud-manager:external_port
2. Cloud manager sends proxy_socket_connect event to managed instance
3. Client emits Socket.IO event (e.g., 'my_event')
4. Cloud manager forwards via proxy_socket_event with accumulated cookies
5. Managed instance validates authentication and routes through express_router
6. Response is sent back via callback
7. Cloud manager updates cookie jar and forwards response to client

Configuration

Enable reverse proxy on the managed instance:

cloud:
  reverse_proxy:
    enabled: true                            # Enable reverse proxy mode
    external_port: 4443                      # Port on cloud manager (must be unique per instance)

Requirements:

• Cloud manager must have SSL certificates configured in express_config.ssl_info
• Each instance must use a unique external_port
• Managed instance must be successfully anchored and connected

URL Generation

When reverse proxy is enabled, Doh.hostUrlString() automatically returns the cloud manager URL:

// Without reverse proxy
Doh.hostUrlString() // → 'https://localhost:3000'

// With reverse proxy enabled
Doh.hostUrlString() // → 'https://cloud-manager.com:4443'

This ensures Socket.IO clients and API calls automatically connect through the proxy.

Mock Request/Response Objects

For HTTP requests, the managed instance creates full Express-compatible mock objects:

Mock Request Features:

• EventEmitter-based with complete socket properties
• Parsed URL with path, query, and params
• Full header support including cookies
• Stream methods (read, pause, resume, pipe)
• 30-second timeout protection

Mock Response Features:

• Standard Express methods: status(), setHeader(), send(), json()
• Binary and text response support
• Base64 encoding for binary data
• Header forwarding with hop-by-hop filtering

Authentication for Proxied Requests

Socket.IO events proxied through the cloud manager include cookie forwarding for authentication:

1. Cloud manager maintains a cookie jar per client
2. Initial cookies captured from Socket.IO handshake
3. Cookies forwarded with each proxy_socket_event
4. Managed instance parses cookies and validates accessToken
5. If valid, req.user is attached for authorization checks
6. Response can include setCookies to update client cookies

This ensures authentication state is preserved across proxied Socket.IO events, enabling secure, stateful connections through the proxy layer.

Proxy State Management

The cloud manager can pause and resume reverse proxies without disconnecting the instance. This allows temporary deactivation of external access while maintaining the instance connection.

From the Cloud Manager Dashboard:

• Navigate to the Proxies tab to see all active reverse proxies
• Each proxy card shows its current state (active/paused)
• Click the Pause button to temporarily disable external access
• Click the Activate button to resume the proxy

How It Works:

1. When paused, the cloud manager marks the proxy as inactive and shuts down the external HTTPS server
2. The instance remains connected and can still be managed through the dashboard
3. When activated, the cloud manager recreates the HTTPS server and resumes forwarding traffic
4. Proxy states are persisted in /.doh/static/cloud_proxies.yaml on the cloud manager (git-ignored)

Benefits:

• Temporarily disable external access without disconnecting instances
• Useful for maintenance, testing, or security purposes
• Instant activation/deactivation from the dashboard
• State persists across cloud manager restarts

Security Considerations

• SSL/TLS Required: Cloud manager must use HTTPS for proxy servers
• Same Authentication Model: Proxied requests use the same authentication/authorization as direct access
• Timeout Protection: HTTP requests timeout after 30s on instance, 35s on cloud manager
• Path Validation: All file operations still subject to path validation and permission checks
• Cookie Isolation: Each client's cookies are isolated in separate jars
• Proxy State Control: Only users with appropriate permissions can pause/resume proxies

Remote Command System

Core commands

Filesystem and info

SSH commands

Transfer commands

Comparison and cross‑instance sync

Database commands

Backup commands

SSL commands (conditional: requires greenlockcli)

Redbird commands (conditional: requires redbird)

Command execution flow

1. Reception (authenticated socket)
2. Validation (type/payload)
3. Security (path and permission checks)
4. Execution (with error handling)
5. Response (success/failure)
6. Audit logging

Deep dives: Smart Sync, Git Commands, SSH Terminal.

Smart Sync (with dohball processing)

How it works

1. On-demand MD5 for accurate comparisons
2. Line-ending normalization for text files (cross-platform)
3. Batch operations for efficiency
4. Only transfer when content differs
5. Automatic dohball cleanup after writes

Key features and benefits

• Real-time verification; cross-platform compatible
• Preserves binary integrity
• Up to 70% fewer unnecessary transfers
• Designed for list/recursive comparisons

Dohball cleanup

1. Looks for dohball.json in target directories
2. Processes removals entries (caret paths resolved via DohPath)
3. Removes orphaned files and logs results

Optimized comparison command: get_file_comparison_data

{ "path": "/path/to/dir", "excludePatterns": [".git/", ".doh/", "node_modules/"] }

Smart sync commands

• check_file_sync_status
• calculate_file_md5 (single/batch)

Git Commands

Security features: path validation, command allowlist, audit logs, repo validation, timeouts, error classification.

Repository discovery and management

• discover_git_repos
• get_git_status (detailed branch/status/remotes/commits)
• git_status_raw (raw git output)

File operations

• git_stage_files, git_unstage_files, git_commit

Remote operations

• git_pull, git_push

Branch and info

• git_branch_list, git_diff, git_init

Utilities

• get_git_audit_log (operation history)
• clear_git_caches (force refresh)

Caching and performance

• 30s caches for discovery/status, async with timeouts, staggered requests

Database Commands

Remote database management for Dataforge databases via the cloud connection.

Browsing and queries

// List all databases
{ type: 'list_databases' }
// Response: { databases: ['app', 'users', ...] }

// Get tables in a database
{ type: 'get_database_tables', database: 'app' }
// Response: { tables: ['app.users', 'app.sessions', ...] }

// Browse table with pagination
{ type: 'browse_table', database: 'app', table: 'app.users', page: 1, pageSize: 50 }
// Response: { rows: [...], total: 150, page: 1, pageSize: 50 }

// Query with SQL
{ type: 'dataforge_select', database: 'app', query: 'SELECT * FROM app.users WHERE active = ?', params: [true] }

Schema and export

// Get table schema
{ type: 'get_table_schema', database: 'app', table: 'app.users' }
// Response: { columns: [{ name: 'id', type: 'TEXT', ... }] }

// Export table as JSON
{ type: 'dataforge_export_table', database: 'app', table: 'app.users' }
// Response: { data: [...], rowCount: 150 }

Sync and modifications

// Get sync changes since timestamp
{ type: 'get_sync_changes', database: 'app', since: '2024-01-01T00:00:00Z' }

// Apply sync changes from another instance
{ type: 'apply_sync_changes', database: 'app', changes: [...] }

// Delete row (requires ID)
{ type: 'delete_table_row', database: 'app', table: 'app.users', id: 'user123' }

// Truncate table (DANGER: removes all rows)
{ type: 'truncate_table', database: 'app', table: 'app.sessions' }

// Create WAL checkpoint
{ type: 'checkpoint_database', database: 'app' }

Backup System

Automated database backup management with retention policies, cross-instance mirroring, and warehouse storage.

Creating backups

// Create backup (tar.gz of database files)
{ type: 'create_backup', database: 'app', description: 'Pre-deployment backup' }
// Response: { success: true, backup: { id: 'backup_20240115_120000', size: 1234567, ... } }

Listing and managing

// List all backups
{ type: 'list_backups' }
// Response: { backups: [{ id, database, size, createdAt, description, warehoused, ... }] }

// Check if specific backup exists
{ type: 'check_backup_exists', backupId: 'backup_20240115_120000' }

// Delete backup
{ type: 'delete_backup', backupId: 'backup_20240115_120000' }

Restoration

// Restore from backup (DANGER: replaces current database)
{ type: 'restore_backup', backupId: 'backup_20240115_120000' }

Cross-instance mirroring

// Receive backup from peer instance
{ type: 'receive_backup', backupData: '...base64...', metadata: {...} }

// Mark backup as warehoused (stored externally)
{ type: 'mark_backup_warehoused', backupId: 'backup_20240115_120000' }

// Delete mirrored copy
{ type: 'delete_mirrored_backup', backupId: 'backup_20240115_120000' }

Configuration

// Get backup configuration
{ type: 'get_backup_config' }
// Response: { retention_days: 30, auto_backup: true, schedule: '0 2 * * *', ... }

// Update backup settings
{ type: 'save_backup_config', config: { retention_days: 60, auto_backup: true } }

SSL/Let's Encrypt Integration

Conditional: Only available when greenlockcli module is loaded.

Provides remote SSL certificate management through the cloud connection.

Status monitoring

{ type: 'get_ssl_status' }
// Response:
{
  greenlock_available: true,
  email: 'admin@example.com',
  staging: false,
  try_secure: true,
  domains: ['example.com'],
  certificates: [{
    domain: 'example.com',
    cert_exists: true,
    expires_at: '2024-04-15T00:00:00Z',
    days_until_expiry: 45,
    needs_renewal: false,
    fingerprint: 'AA:BB:CC:...'
  }]
}

Management commands

// Force certificate renewal
{ type: 'ssl_force_renewal' }
// Response: { success: true, message: 'Certificate renewal initiated' }

// Toggle staging/production mode (triggers server restart)
{ type: 'ssl_toggle_staging' }
// Response: { success: true, newMode: 'staging', restart_pending: true }

// Toggle Auto-HTTPS (triggers server restart)
{ type: 'ssl_toggle_auto_https' }
// Response: { success: true, newMode: 'enabled', restart_pending: true }

Note: Toggle commands modify pod.yaml and trigger a server restart.

Redbird Proxy Management

Conditional: Only available when redbird module is loaded.

Provides remote management of Redbird reverse proxy sites through the cloud connection.

Status and discovery

{ type: 'get_redbird_status' }
// Response:
{
  redbird_available: true,
  port: 80,
  ssl: { port: 443 },
  sites: [{
    path: '/path/to/site',
    domain: 'site.example.com',
    aliases: ['www.site.example.com'],
    status: 'configured',  // 'configured' | 'pending' | 'missing_pod' | 'error'
    http_port: 3000,
    ssl_port: 3443,
    try_secure: true
  }]
}

Site management

// Add site to proxy
{ type: 'redbird_add_site', path: '/path/to/site', domain: 'site.example.com', aliases: ['www.site.example.com'] }

// Update site configuration
{ type: 'redbird_update_site', path: '/path/to/site', domain: 'newdomain.example.com' }

// Remove site from proxy
{ type: 'redbird_remove_site', path: '/path/to/site' }

// Force reload configuration
{ type: 'redbird_reload' }

Behavior:

• Changes are persisted to pod.yaml immediately
• Redbird is updated live without requiring server restart
• Sites are validated against their compiled.pod.yaml for port and domain info

SSH Terminal Access

Zero-config, browser-based terminals via the Cloud Dashboard with multi-session, ANSI/UTF-8 support, resizing, copy/paste, scrollback, dark theme. Requires command:cloud_instance.

Connection management and health

States: disconnected, connecting, connected, authenticating, authenticated, reconnecting, error.

Automatic reconnection (exponential backoff)

const delay = Math.min(baseInterval * Math.pow(2, attemptNumber), maxDelay);

Health monitoring: heartbeat (1m), health checks (2m), auto-recovery, error tracking.

Error handling

Classification: NETWORK, AUTH, FILESYSTEM, CORRUPTION, TIMEOUT, PERMISSION, RESOURCE.

Circuit breakers: network (5/1m), file (3/30s), auth (3/2m).

Friendly messages (examples): ENOTFOUND, Authentication failed, Token expired.

CLI commands

doh cloud endpoint <url>
doh cloud anchor
doh cloud anchor-as <user@example.com>
doh cloud

Features: interactive prompts, spinners, re-anchoring, anchor-as validation, robust errors, token validation.

API reference

Status endpoint GET /api/managed_site/status

{ "success": true, "status": "online", "fingerprint": "abc123", "cloud": { "connected": true } }

Cloud anchoring endpoints: see Cloud Anchoring section.

Global functions

Cloud Anchoring (Doh.CloudAnchoring)

• isInstanceAnchored() - Check if instance is anchored
• performCloudAnchoring(username, password) - Anchor to own account
• performCloudAnchoringAs(requesterUsername, requesterPassword, targetEmail) - Anchor on behalf of user
• clearSiteAuthToken() - Remove anchoring
• validateAndRefreshToken() - Validate and refresh JWT

Connection Management (global.managedSite)

• establishCloudConnection() - Connect to cloud manager
• disconnectFromCloud() - Disconnect from cloud
• getCloudConnectionStatus() - Get connection state

Token Storage

• storeSiteAuthToken(token) - Store authentication token
• loadSiteAuthToken() - Load stored token
• clearSiteAuthToken() - Clear stored token

Transfer Sessions

• getTransferSessions() - List active transfer sessions
• createTransferSession() - Create new transfer session
• cleanupTransferSession(sessionId) - Clean up session

Health & Recovery

• performAdvancedHealthCheck() - Comprehensive health check
• checkCloudConnectionHealth() - Cloud connection health
• checkFileSystemHealth() - File system health
• executeWithRecovery(fn) - Execute with auto-recovery
• attemptAutoRecovery() - Trigger recovery

Smart Sync

• checkFileSyncStatus(filePath, targetMd5) - Check if file needs sync
• calculateMd5Checksum(filePath) - Calculate MD5
• calculateBatchMd5Checksums(filePaths) - Batch MD5 calculation
• performSmartSync(sourceDir, targetDir) - Full smart sync

MCP Connection (mcp_connection)

• initializeMcpConnection() - Initialize MCP connection
• disconnectFromMcp() - Disconnect MCP
• getMcpConnectionStatus() - Get MCP status
• isMcpConnected() - Check if MCP connected

Development guide

Module dependencies

The main module loads core and conditional handlers:

Doh.Module('managed_site', [
  'express_router_as_library',
  'express_server_as_library',
  'nodejs?? import fsE from "fs-extra"',
  'nodejs?? CryptoAPI',
  'nodejs?? os',
  'nodejs?? import http from "http"',
  'nodejs?? import { EventEmitter } from "events"',
  'nodejs?? import cookie from "cookie"',
  'socketio_client',
  'managed_site_command_handlers',
  'managed_site_command_handlers_git',
  'mcp_connection',
  'mcp_command_handlers',
  'user_host?? user_host'
], function (DohPath, Router, app, fsE, CryptoAPI, os, http, EventEmitter, cookie, ioClient, ...) {
  // Conditional handlers loaded dynamically
  if (Doh.Packages['greenlockcli']) {
    const { sslHandlers } = await Doh.load('managed_site_command_handlers_ssl');
  }
  if (Doh.Packages['redbird']) {
    const { redbirdHandlers } = await Doh.load('managed_site_command_handlers_redbird');
  }
});

Conditional handler modules

SSL and Redbird handlers load only when their parent modules are present:

// command_handlers_ssl.js - loads only when greenlockcli is available
Doh.Module('managed_site_command_handlers_ssl', [
  'nodejs?? import fsE from "fs-extra"',
  'nodejs?? import { execSync } from "child_process"',
  'nodejs?? import acme from "acme-client"',
  'nodejs?? import crypto from "crypto"',
], async function(DohPath, fsE, execSync, acme, crypto) {
  const { greenlockcli } = await Doh.load('greenlockcli');
  // Handler implementations...
  return { sslHandlers: { ... } };
});

Handler module pattern

All handler modules export via return value and optionally via Doh.Globals:

Doh.Module('managed_site_command_handlers_example', [...], function(...) {
  async function handleMyCommand(payload) {
    // Validate payload
    if (!payload.requiredField) {
      throw new Error('requiredField is required');
    }
    // Execute operation
    const result = await doSomething(payload);
    // Return standardized response
    return { success: true, data: result };
  }

  // Export via Doh.Globals for access from main module
  Doh.Globals.my_handlers = { handleMyCommand };

  // Also return for module consumers
  return { myHandlers: { handleMyCommand } };
});

Extend with custom commands

Add new commands in command_handlers.js:

// Add case in the command switch
case 'my_custom_command':
  result = await handleMyCustomCommand(payload);
  break;

// Implement handler function
async function handleMyCustomCommand(payload) {
  const { param1, param2 } = payload;
  // Validate inputs
  if (!param1) {
    return { success: false, error: 'param1 is required' };
  }
  // Execute with error handling
  try {
    const result = await myOperation(param1, param2);
    return { success: true, data: result };
  } catch (error) {
    console.error('[CommandHandlers] my_custom_command error:', error);
    return { success: false, error: error.message };
  }
}

Health monitoring from other modules

const health = await global.managedSite.performAdvancedHealthCheck();
const cloudHealth = await global.managedSite.checkCloudConnectionHealth();
const fsHealth = await global.managedSite.checkFileSystemHealth();

// MCP connection status
const mcpStatus = mcp_connection.getMcpConnectionStatus();
const mcpConnected = mcp_connection.isMcpConnected();

File structure

doh_modules/managed_site/
├── managed_site.js              # Main module: connection, auth, proxy handling
├── command_handlers.js          # Core + database + backup commands (~6700 lines)
├── command_handlers_git.js      # Git operations (~870 lines)
├── command_handlers_ssl.js      # SSL/Let's Encrypt (conditional: greenlockcli)
├── command_handlers_redbird.js  # Redbird proxy management (conditional: redbird)
├── mcp_connection.js            # MCP cloud connection management
├── mcp_command_handlers.js      # MCP command execution
├── cloud_anchor_cli.js          # CLI implementation
├── cloud_connect_styles.css     # Admin UI styling
├── dohball.json                 # Module cleanup configuration
└── README.md

Security considerations

Credentials: cleared from memory; tokens stored 0600.

Network: HTTPS/WSS; token auth; no sensitive error leakage.

Files: path validation; backups; audit logs.

Errors: no internals; circuit breakers; rate limiting.

Troubleshooting

Instance not connecting

1. Check /admin/cloud-connect 2) Verify endpoint 3) Network reachability 4) Token validity

Auth failures

1. Verify credentials 2) Check email verification 3) Wait if locked 4) Re-anchor

Commands not executing

1. Verify socket connected 2) Check payload format 3) File permissions 4) Check logs

Debug commands

curl http://localhost:3000/api/managed_site/status
tail -f .doh/logs/doh.log | grep ManagedSite

Related documentation

• Cloud Manager Module (../cloud_manager/README.md)
• MCP Integration Details (../mcp/MCP_CLOUD_INTEGRATION.md)
• Greenlock CLI Module (../greenlockcli/README.md) - SSL certificate management
• Redbird Module (../redbird/README.md) - Reverse proxy configuration

Status: Production Ready | Commands: 70+ | Conditional modules: SSL (greenlockcli), Redbird (redbird)