-
Notifications
You must be signed in to change notification settings - Fork 0
VPS Services
PolicyWatcher can use two companion services outside Hostinger:
- Renderer VPS
- VPS Operations Agent
They are optional, but recommended for production-grade retrieval and recovery operations.
The renderer is a Playwright-based service used when direct HTTP and HTTP/2 retrieval are insufficient for script-rendered policy pages.
Features:
- bearer-token authentication;
-
/healthzpublic health endpoint; -
/renderprotected render endpoint; - SSRF validation for initial URLs, redirects and subresource requests;
- sanitized error responses;
- bounded concurrency.
The renderer should not be used to bypass provider access controls. If a provider blocks automation, PolicyWatcher should record the source anomaly and suspend the source when evidence cannot be obtained.
The operations agent is a separate control plane for:
- fixed smoke checks;
- backups;
- checksum-verified local package updates;
- rollback;
- capped operation logs;
- renderer current symlink inspection.
The agent uses HMAC-signed requests with timestamp and nonce replay protection. It must not accept arbitrary URLs, shell commands or package download URLs.
The admin /admin/vps-services page reports:
- renderer health;
- renderer latency;
- active renders;
- smoke-test status;
- agent health;
- current renderer version;
- operation lock state;
- backup/update/rollback controls where configured.
RENDERER_URL=https://render.policywatcher.online
RENDERER_SECRET=<high-entropy-renderer-secret>
VPS_AGENT_URL=https://ops.policywatcher.online
VPS_AGENT_SECRET=<high-entropy-agent-secret>PolicyWatcher provides evidence mapping and policy-change monitoring. It is not legal advice, compliance certification, or a definitive assessment of corporate conduct.