# Operator Surface Map - Leo / Teleo - 2026-07-09 ## Repo Workspace - Teleo infra checkout: this repository. - Repo-local evidence pack: `docs/reports/leo-working-state-20260709/` - Telegram export supplied by user during July 9 analysis: `/Users/user/PycharmProjects/ChatExport_2026-07-08/messages.html` ## VPS - Host: `77.42.65.182` - SSH user: `root` - SSH key path exists locally; never print key contents. - Live service: `leoclean-gateway.service` - Service user/cwd from latest readback: `teleo`, `/home/teleo` - Main DB container: `teleo-pg` - Main DB name: `teleo` - Live profile report dir: `/home/teleo/.hermes/profiles/leoclean/kb_stage/reports/` - Live deploy/source area used in current work: `/opt/teleo-eval/workspaces/deploy-infra` ## Current VPS Stability Readback Latest retained readback showed: - `leoclean-gateway.service` active/running - `MainPID=3252143` - `NRestarts=0` - service start timestamp `Thu 2026-07-09 06:59:44 UTC` Always refresh before claiming current state. ## GCP - Project: `teleo-501523` - Expected active account for project access: `billy@livingip.xyz` - Current retained blocker: `billy@livingip.xyz` selected but token refresh fails non-interactively; other locally available accounts refresh but lack project access. - Artifact: `outputs/gcp-db-parity-current-blocker-20260709.json` ## Telegram - Live group label: `Leo` - Group chat id used in retained proof: `-5146042086` - Authenticated Chrome/Telegram Web is the expected UI route for live Telegram canaries. - Use Computer Use / node_repl sky tooling. Do not use AppleScript, OSA, System Events, focus hijacking, or foreground hacks. ## Production Mutation Boundary - Live Telegram bot test messages to Leo are authorized when the goal is testing Leo. - Production DB canonical apply is not authorized by this pack. - Clone/staging DB creation, rollback rehearsals, preflight SQL, and postflight SQL are allowed when safe and cleaned up.