Fix rego-tunnel docker-compose.json format and add build folder

- Convert environment from array to object format (runtipi requirement)
- Remove hardcoded KEY from docker-compose.json
- Add build folder with custom Dockerfile and rego scripts

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

apps/rego-tunnel/build/rego/README.md

@@ -0,0 +1,188 @@
+# Rego VPN Automation - Technical Setup Guide
+
+## Overview
+
+Cisco Secure Client VPN running in Windows VM (dockurr/windows) inside Docker container, with SOCKS5 proxy for transparent routing to IBM i systems.
+
+## Architecture
+
+```
+Clients → Host (iptables/redsocks) → Container (socat) → Windows VM (SOCKS5) → VPN → 10.35.33.x
+```
+
+## Components
+
+### 1. Windows VM (inside container)
+- **Container**: `rego-tunnel_runtipi-rego-tunnel-1`
+- **Windows VM IP**: `172.30.0.16` or `172.30.0.17` (internal to container)
+- **VPN**: Cisco Secure Client with SAML auth (email + password + TOTP)
+- **Files on Windows** (`C:\Users\alexz\vpn_scripts`):
+  - `vpn.bat` - Startup batch file
+  - `vpn-login.js` - Node.js script that automates SAML login via Chrome DevTools Protocol
+  - `socks5.js` - Simple SOCKS5 proxy server
+  - `node_modules/` - ws, otplib packages
+
+### 2. Container
+- **External IPs**: `10.128.16.2` or similar
+- **Internal bridge**: `172.30.0.1/24` (Windows VM at .16 or .17)
+- **socat**: Forwards port 1080 from container to Windows VM SOCKS5
+- **start.sh**: Mounted at `/run/start.sh` - sets up iptables DNAT rules
+
+### 3. Host
+- **redsocks**: Transparent SOCKS5 redirector (optional)
+- **iptables**: Redirects traffic to VPN network through container
+
+## VPN Credentials
+
+Located in `vpn-login.js`:
+```javascript
+const CONFIG = {
+  email: "c-azaw@regoproducts.com",
+  password: "Fuckyou4suhail",
+  totpSecret: "RZQTQSKDWKHZ6ZYR",
+  devtoolsPort: 9222,
+  vpnTestIp: "10.35.33.230"
+};
+```
+
+## Windows Setup Steps
+
+### 1. Install Node.js
+Run PowerShell as Administrator:
+```powershell
+# Option A: Run the install script
+.\install-nodejs.ps1
+
+# Option B: Manual download from https://nodejs.org/
+```
+
+### 2. Install Cisco Secure Client
+- Download from company VPN portal or Cisco
+- Install with default options
+- Path: `C:\Program Files (x86)\Cisco\Cisco Secure Client\`
+
+### 3. Setup VPN Scripts
+```cmd
+mkdir C:\Users\alexz\vpn_scripts
+copy \\TSCLIENT\shared\vpn-scripts\*.js C:\Users\alexz\vpn_scripts\
+copy \\TSCLIENT\shared\vpn-scripts\vpn.bat C:\Users\alexz\vpn_scripts\
+
+cd C:\Users\alexz\vpn_scripts
+npm install ws otplib
+```
+
+### 4. Add to Windows Startup
+```cmd
+# Create shortcut to vpn.bat in:
+shell:startup
+# Or: C:\Users\alexz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
+```
+
+### 5. Enable Remote Debugging for Cisco UI
+The vpn-login.js script sets this environment variable before launching Cisco:
+```
+WEBVIEW2_ADDITIONAL_BROWSER_ARGUMENTS=--remote-debugging-port=9222 --remote-debugging-address=0.0.0.0 --remote-allow-origins=*
+```
+
+## Container Configuration
+
+### docker-compose.yml (user-config)
+```yaml
+services:
+  rego-tunnel:
+    environment:
+      USER: alexz
+      PASS: Az@83278327$$@@
+      VERSION: win10
+    entrypoint: ["/bin/bash", "-c", "source /run/start.sh; exec /usr/bin/tini -s /run/entry.sh"]
+```
+
+### start.sh (Container Startup Script)
+Located at: `/etc/runtipi/user-config/runtipi/rego-tunnel/scripts/start.sh`
+
+Sets up:
+- iptables MASQUERADE for docker bridge
+- Route to IBM i network via Windows VM
+- DNAT rules for port forwarding (SSH, IBM i ports)
+
+## Key Ports
+
+| Port | Service |
+|------|---------|
+| 22 | SSH |
+| 23 | Telnet (IBM i) |
+| 446, 448, 449 | IBM i services |
+| 1080 | SOCKS5 proxy |
+| 8006 | noVNC web console |
+| 8470-8476 | IBM i data ports |
+| 9222 | Chrome DevTools (for automation) |
+
+## Manual Commands
+
+### Start VPN from host:
+```bash
+docker exec rego-tunnel_runtipi-rego-tunnel-1 ssh docker@172.30.0.16 'C:\Users\alexz\vpn_scripts\vpn.bat'
+```
+
+### Start socat in container:
+```bash
+docker exec -d rego-tunnel_runtipi-rego-tunnel-1 socat TCP-LISTEN:1080,fork,reuseaddr TCP:172.30.0.16:1080
+```
+
+### Test SOCKS5 connectivity:
+```bash
+nc -zv 10.128.16.2 1080
+```
+
+### Check VPN status in Windows:
+```cmd
+ipconfig | findstr 10\.
+```
+
+## Troubleshooting
+
+### VPN not connecting
+1. Check time sync: `w32tm /resync /force`
+2. Verify Cisco agent: `net start "Cisco Secure Client Agent"`
+3. Check DevTools: `http://172.30.0.16:9222/json`
+
+### SOCKS5 not working
+1. Verify VPN connected first (ping 10.35.33.230)
+2. Check socks5.js running: `tasklist | findstr node`
+3. Test locally: `nc -zv 127.0.0.1 1080`
+
+### Container issues
+1. Check logs: `docker logs rego-tunnel_runtipi-rego-tunnel-1`
+2. Verify start.sh: `docker exec rego-tunnel_runtipi-rego-tunnel-1 cat /run/start.sh`
+3. Check Windows VM IP: `docker exec rego-tunnel_runtipi-rego-tunnel-1 cat /run/qemu.pid`
+
+## File Locations
+
+### Host
+- `/etc/runtipi/user-config/runtipi/rego-tunnel/docker-compose.yml` - User overrides
+- `/etc/runtipi/user-config/runtipi/rego-tunnel/scripts/start.sh` - Container startup
+- `/etc/runtipi/repos/runtipi/apps/rego-tunnel/docker-compose.yml` - Base config
+- `/etc/runtipi/app-data/runtipi/rego-tunnel/data/storage/` - Windows disk image
+- `/etc/runtipi/app-data/runtipi/rego-tunnel/data/shared/` - Shared folder with Windows
+
+### Windows VM
+- `C:\Users\alexz\vpn_scripts\vpn-login.js` - Main automation script
+- `C:\Users\alexz\vpn_scripts\socks5.js` - SOCKS5 proxy
+- `C:\Users\alexz\vpn_scripts\vpn.bat` - Startup batch file
+- `C:\Program Files (x86)\Cisco\Cisco Secure Client\` - Cisco installation
+
+## Watchdog Mode
+
+The vpn-login.js script includes a watchdog that:
+- Monitors VPN connectivity every 2 minutes
+- Auto-reconnects after 2 consecutive failures
+- Restarts SOCKS5 proxy after reconnection
+- Logs memory usage every hour
+
+## Notes
+
+- Windows VM takes ~2-3 minutes to boot
+- VPN login takes ~30 seconds
+- TOTP requires accurate system time (script syncs automatically)
+- The container uses VERSION=win10 for dockurr/windows compatibility
+- noVNC password: `Az@83278327$@@`