docks and stacks

.github/instructions/regalamiunsorriso-83-149-164-4.instructions.md

@@ -40,7 +40,39 @@ ssh -tt -i C:\Users\Maddo\.ssh\id_rsa -p 410 marco@83.149.164.4 "sudo tcsh -c 'c
 - The remote login shell behaves as `tcsh`.
 - POSIX shell constructs like `for ...; do ...; done` fail unless you explicitly run them through `sh -c`.
 - The server `sh` does not support `-l`, so use `sh -c`, not `sh -lc`.
+- `tcsh` treats redirection and pipelines differently from POSIX shells; commands like `find ... 2>/dev/null | head` can fail with `Ambiguous output redirect` unless the whole payload runs under `sh -c`.
+- Prefer one remote command per SSH invocation when doing reconnaissance. Complex commands with pipes, grouped expressions, or escaped parentheses are much more likely to break under PowerShell-to-SSH-to-`tcsh` quoting.
+- If PowerShell shows the continuation prompt `? >`, the command was malformed locally before SSH executed it. Cancel it and rerun a simpler command instead of trying to answer the prompt.
 - If `sudo` reports that a terminal is required, reconnect with `-tt`.
+- When running remote commands from PowerShell, quoting can break if the command contains both nested quotes and file paths with spaces.
+- For read-only verification commands from PowerShell, prefer `ssh ... --% <remote command>` so the remote command is passed verbatim.
+- For `promote-file.sh` calls that target paths with spaces, prefer a local PowerShell loop that passes the full remote command as a single SSH argument instead of building one long nested quoted command.
+- If repeated SSH commands start cancelling or interleaving poorly in the same terminal, rerun them sequentially instead of in parallel.
+
+## Mail Template Runtime Notes
+
+- The server contains multiple `mailMessage` trees:
+	- Live web root: `/home/sites/regalamiunsorriso/www/mailMessage`
+	- Staging copy: `/home/marco/regalamiunsorriso/incoming/www/mailMessage`
+	- Older duplicate trees: `/home/sites/regalamiunsorriso/wwwLang/mailMessage` and `/home/sites/regalamiunsorriso/wwwOld/www/mailMessage`
+- During the 2026-04-16 reconnaissance, representative checksums differed between `www/mailMessage` and `wwwLang/mailMessage`, so they are not interchangeable copies.
+- The Java application configuration lives under `/home/sites/regalamiunsorriso/rus/WEB-INF`.
+- `web.xml` defines the main application DB connection as `dbDriver=3`, `database=//localhost/pg`, `user=root`, `password=root`.
+- `truckservice.properties` defines a second DB connection as `dbDriver=3`, `dbName=//localhost/truckservice`, `user=root`, `password=root`.
+- In this codebase, `dbDriver=3` maps to MySQL Connector/J, not to a legacy non-MySQL driver.
+- `dbcomuni.properties`, `rus.properties`, and `truckservice.properties` all set `USE_PARM_HT=true`, which means runtime values are expected to come from the application `Parm` store.
+- In code, `DBAdapter.getDocBase()` resolves to `getParm("DOCBASE").getTesto()`, and mail-template lookups use `Parm` values such as `MAIL_REG`, `MAIL_NO_MORE`, `MAIL_NO_MORE_SCAD`, and `MAIL_MSG_PATH_MAILER`.
+- In code, `Parm.findByCodice()` reads from `PARM` with `select A.* from PARM AS A where A.codice='...'`, so the live `PARM` table is the authoritative lookup point for these values.
+- `pg_src/com/ablia/pg/Users.java` seeds defaults for `MAIL_MSG_RINNOVO` as `mailMessage/rinnovoMsg.html` and `MAIL_MSG_COUPON_OMAGGIO` as `mailMessage/couponOmaggioMsg.html` when the parameters are missing.
+- Because of that indirection, changing files under a `mailMessage` directory is not sufficient proof that outbound mail content will change. The effective `DOCBASE` and mail-template parameter values must also be checked in the live `Parm` data.
+- For mail-template reconnaissance, avoid recursing into `/mnt/da1/foto` via the `RUS` symlink unless the task explicitly concerns photo storage. It adds permission noise and did not help identify the email-template source.
+- Read-only DB access notes from 2026-04-16:
+	- The host has PHP CLI at `/usr/local/bin/php` with both `mysqli` and `pdo_mysql` enabled.
+	- A piped PHP script over SSH is a reliable way to run read-only DB probes without creating files on the server.
+	- `mysqli('localhost', ...)` fails with `No such file or directory`, which indicates PHP tries a Unix socket path that is not present or not configured.
+	- `mysqli('127.0.0.1', ...)` fails with `Connection refused`, and `sockstat` showed no listener on port `3306` and no visible MySQL Unix socket under `/var/run`, `/tmp`, or `/usr/local/var`.
+	- No `mysql` or `mariadb` client binary was found in the shell path.
+	- Result: the app configuration clearly points at MySQL, but direct DB access from the current shell remains unresolved and must be revalidated before relying on live SQL queries.
 
 ## MCP Limitation
 
@@ -93,6 +125,13 @@ Run:
 ssh -tt -i C:\Users\Maddo\.ssh\id_rsa -p 410 marco@83.149.164.4 "sudo tcsh -c '/home/marco/promote-file.sh <staged-path> <live-path> [metadata-source]'"
 ```
 
+If the source or destination path contains spaces, prefer this PowerShell pattern so SSH receives the remote command as one argument:
+
+```powershell
+$remote = "sudo tcsh -c \"/home/marco/promote-file.sh '<staged-path>' '<live-path>' [metadata-source]\""
+& ssh -tt -i 'C:\Users\Maddo\.ssh\id_rsa' -p 410 'marco@83.149.164.4' $remote
+```
+
 Behavior of `promote-file.sh`:
 
 - If the destination already exists, it copies the file and restores that destination file's original owner, group, and mode.
@@ -116,6 +155,7 @@ After staging or promotion, verify with:
 - `ls -l` for owner, group, and visible mode
 - `stat -f` for exact metadata
 - `cksum` to compare staged and live file contents
+- From PowerShell, prefer `ssh ... --% ls -l ...`, `ssh ... --% stat -f ...`, and `ssh ... --% cksum ...` for verification commands that include quoted paths.
 
 Run verification commands separately if a parallel terminal run becomes unreliable.