diff --git a/workplans/ADHOC-2026-06-15.md b/workplans/ADHOC-2026-06-15.md index d4ac8f8..1861e45 100644 --- a/workplans/ADHOC-2026-06-15.md +++ b/workplans/ADHOC-2026-06-15.md @@ -4,10 +4,10 @@ type: workplan title: "Ad hoc Inter-Hub production fixes" domain: custodian repo: inter-hub -status: active +status: blocked owner: codex created: "2026-06-15" -updated: "2026-06-15" +updated: "2026-06-16" state_hub_workstream_id: "9e7a50b4-da7f-4df9-9154-7b89a071f520" --- @@ -17,7 +17,7 @@ state_hub_workstream_id: "9e7a50b4-da7f-4df9-9154-7b89a071f520" ```task id: ADHOC-2026-06-15-T01 -status: wait +status: blocked priority: high state_hub_task_id: "cceee9f1-56af-44bc-898d-21c4508df07c" ``` @@ -70,3 +70,40 @@ requires authenticated Gitea Actions workflow dispatch or inspection of the self-hosted `haskelseed` runner path. The normal workflow needs haskelseed as build runner; an equivalent operator-controlled build host with Nix, registry push credentials, and Railiance deploy credentials could substitute. + +Recheck on 2026-06-16: + +- The local source fix is still present: + `Application/Helper/TypeRegistry.hs` casts registry validation counts with + `COUNT(*)::int`, and `Application/Helper/ApiRateLimit.hs` casts API request + log counts with `COUNT(*)::int`. +- A source-wide `COUNT` search found the targeted v2 bootstrap helpers fixed. + Other raw aggregate counts remain in non-bootstrap dashboard/marketplace/API + surfaces and are outside this ad hoc task's acceptance path unless they are + separately reproduced as decode failures. +- Live public `GET https://hub.coulomb.social/api/v2/hubs` returns `200` and + lists `ops-hub`, confirming the public API and ops-hub route surface are + present. +- Live unauthenticated `GET /api/v2/widgets` and `GET /api/v2/hub-registry` + return `401`, confirming the protected routes exist and authentication is + enforced before the code path that previously failed. +- Unauthenticated registry manifest checks for tags `68c66b9` and `5101eb5` + now return `401`, not the earlier unauthenticated `manifest unknown`; this + session cannot prove image publication from the public registry endpoint. +- The previously documented local temp key + `/tmp/ops-hub-runtime-key-gb5nxg92` is absent. No approved runtime key or + operator key is available in this session, so the protected widget-create and + hub-registry smoke checks could not be run without a secret handoff. + +Current blocked reason: source-side work appears complete, but production +closure still requires one of: + +1. an attended operator/runtime key handoff so Codex can run the protected + smoke without printing the key; +2. operator-provided non-secret evidence that production is running an image + containing commit `5101eb5` or an equivalent COUNT decode fix; or +3. operator-run smoke evidence showing authenticated `POST /api/v2/widgets` + and authenticated `GET /api/v2/hub-registry` succeed against production. + +Until one of those exists, this ad hoc workplan should remain `blocked`, not +`done`.