Skip to content

CLAUDE.md

Latest commit

 

History

History
135 lines (101 loc) · 4.92 KB

CLAUDE.md

File metadata and controls

135 lines (101 loc) · 4.92 KB

cs2-admin-tool

Windows utility for CS2 server admins. Natural language → Claude (LLM) → SSH or Azure API. Produces a single self-contained .exe — the recipient installs nothing and configures nothing.

What it does

  • Chat UI: admin types "switch to dust2", "enable practice mode", "turn off the server for today"
  • Claude interprets intent and calls the appropriate tool
  • CS2 commands sent via SSH using screen -S cs2 -X stuff '<cmd>\n'
  • VM power via Azure Compute SDK (start / deallocate only)
  • All credentials (SSH key, Azure SP, Anthropic key) baked into the exe at build time

How credentials are embedded

config.json (all secrets) ──► build.bat ──► CS2AdminTool.exe (single file, no deps)
  • SSH private key: stored as string content in config.json; Paramiko reads it via StringIO (no file on disk)
  • Azure: uses ClientSecretCredential (Service Principal) — no az login needed on end-user's machine
  • Anthropic: API key in config.json
  • PyInstaller --add-data "config.json;." bundles it into the exe; at runtime it's extracted to sys._MEIPASS

Security model

The tool connects as a dedicated cs2bot Linux user (not as cs2admin).

cs2bot can ONLY:

  • Run screen commands as cs2admin — sends CS2 game console commands
  • Run start_cs2.sh as cs2admin — starts/restarts the CS2 server

cs2bot CANNOT:

  • Read any cs2admin files or secrets
  • Run arbitrary commands as cs2admin
  • Touch anything in the OS outside these two allowed commands
  • Access Azure (that goes through the SP, not SSH)

The private key for cs2bot is a fresh key generated specifically for this tool. The cs2admin RSA key (the original deploy key) never leaves the build machine.

Build steps (one-time, on your machine)

Prerequisites

  • Python 3.11+ with pip
  • Azure CLI installed and az login done (only needed during build setup, not by end users)

Step 0 — Create cs2bot user on the server (one-time)

ssh -i ~/.ssh/cs2_azure_rsa cs2admin@20.217.204.123
bash <(cat scripts/setup_cs2bot.sh)

Or copy the script to the server and run it. It:

  1. Creates the cs2bot Linux user
  2. Generates a fresh RSA key pair for cs2bot
  3. Configures sudoers (screen + start_cs2.sh as cs2admin only)
  4. Prints the private key — save it to a file (e.g. cs2bot_rsa.txt)

Step 1 — Prepare config (one-time)

prepare_config.bat

This script:

  1. Reads the cs2bot private key from the file you saved in Step 0
  2. Creates an Azure Service Principal with "Virtual Machine Contributor" role on cs2-server-rg
  3. Prompts for your Anthropic API key
  4. Writes config.json with everything filled in

Step 2 — Build the exe

build.bat

Produces dist\CS2AdminTool.exe — fully self-contained, distributable as-is.

Distributing

Send CS2AdminTool.exe to the admin. They double-click it. Done.

Running in dev (Mac/Linux)

pip install -r requirements.txt
cp config.example.json config.json
# Fill in config.json manually (SSH key content, SP creds, Anthropic key)
cd src && python main.py

Architecture

src/
  main.py             — Tkinter dark-themed chat UI
  llm_brain.py        — Claude API + tool-use loop, maintains conversation history
  cs2_controller.py   — Paramiko SSH (key from string, not file)
  azure_controller.py — Azure ClientSecretCredential + start/deallocate only
  config.py           — Reads from sys._MEIPASS (exe) or project root (dev)

Tool list (Claude tools)

Tool What it does
change_map changelevel <map> via screen — instant, no restart
change_mode Restarts CS2 with start_cs2.sh <mode> <map>
set_cvar Any server cvar via screen
restart_round mp_restartgame 1
apply_practice_settings sv_cheats, inf ammo, inf money, grenade cam, no freeze time
start_server bash ~/start_cs2.sh <mode> <map>
stop_server screen -S cs2 -X quit
restart_server stop + start
power_on_vm Azure begin_start()
power_off_vm Azure begin_deallocate()
get_status VM power state + CS2 screen session check

CS2 server details

  • IP: 20.217.204.123 (update config.json if redeployed)
  • SSH user: cs2bot (limited service account), RSA key generated by setup_cs2bot.sh
  • Screen session: cs2 (owned by cs2admin; cs2bot accesses it via sudo -u cs2admin screen ...)
  • Start script: ~/start_cs2.sh <mode> <map> — handles LD_LIBRARY_PATH + steamclient.so
  • Azure: subscription a34ed8a9-5b4b-4cb7-86b9-4df40f982fcf, RG cs2-server-rg, VM cs2-server-vm
  • GSLT: F5C3D0A189D0DCC0DF6CC3E53FE495EC (regenerate at steamcommunity.com/dev/managegameservers if broken)

Service Principal notes

  • Name: cs2-admin-tool
  • Role: Virtual Machine Contributor scoped to /subscriptions/.../resourceGroups/cs2-server-rg
  • Cannot read/write anything else in Azure
  • Client secret expires — if VM power stops working, re-run prepare_config.bat and rebuild